hi,
is it possible to start 2 different peers with 2 interfaces? I mean, I use a commercial vpn provider, I have one interface with Canada peer and another one with USA peer, I would like to enable both, my pc and smartphone via 1 peer and in the same time my TV on the other peer..... but it seems that I can only start one wg interface at a time?
thanks
Disable route allowed IPs in the WG peer settings.
Then install VPN-PBR and set up routing policies.
even if I disable route allowed IPs in wg peer in my 2 wg interfaces, just one wg interface starts. SO in vpn PBR, I can only choose ''wan or wg (which is only one peer)''
What is the output of
uci export network; uci export vpn-policy-routing
?
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
config interface 'lan'
option type 'bridge'
option ifname 'eth1.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option peerdns '0'
list dns '1.1.1.1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5 0t'
config interface 'myvpnc'
option proto 'none'
option ifname 'tun0'
config interface 'wg_CA'
option proto 'wireguard'
option private_key '+A3WSu7k+OO0NwgRwN1hY??????????nYk9qo3mjlY='
option listen_port '51820'
option mtu '1420'
option fwmark '0xfe'
option delegate '0'
list addresses '10.13.xx.xx/24'
config wireguard_wg_CA
option description 'CA'
option persistent_keepalive '25'
option public_key 'RRXA6mRAlklv54VePiooIfa?????????D2uF0aww+TF0='
option endpoint_host '192.252.XXX.XXX'
option endpoint_port '1443'
list allowed_ips '0.0.0.0/0'
config interface 'wg_USA'
option proto 'wireguard'
option private_key 'yLvxdY/B+lWVpQ0fpr0eVwvSySY???????????wvXd2E='
option listen_port '51820'
list addresses '10.13.XX.XX/24'
config wireguard_wg_USA
option description 'USA'
option public_key '0hWaOeSOsU6u2Z6BDDRnC9lWjTwfMxhgy??????????='
option endpoint_host '185.8.XX.XXX'
option endpoint_port '1443'
option persistent_keepalive '25'
list allowed_ips '0.0.0.0/0'
package vpn-policy-routing
config vpn-policy-routing 'config'
option verbosity '2'
option src_ipset '0'
option dest_ipset 'dnsmasq.ipset'
option ipv6_enabled '0'
list supported_interface ''
list ignored_interface 'vpnserver wgserver'
option boot_timeout '30'
option iptables_rule_option 'append'
option iprule_enabled '0'
option webui_protocol_column '0'
option webui_chain_column '0'
list webui_supported_protocol 'tcp'
list webui_supported_protocol 'udp'
list webui_supported_protocol 'tcp udp'
list webui_supported_protocol 'icmp'
list webui_supported_protocol 'all'
option strict_enforcement '0'
option webui_enable_column '1'
option webui_sorting '0'
option enabled '1'
config include
option path '/etc/vpn-policy-routing.netflix.user'
option enabled '0'
config include
option path '/etc/vpn-policy-routing.aws.user'
option enabled '0'
config policy
option src_addr '192.168.1.XXX/32'
option name 'PC'
option interface 'wg_USA'
config policy
option name 'GALAXY'
option src_addr '192.168.1.XXX/32'
option interface 'wg_CA'
config policy
option name 'TV'
option src_addr '192.168.1.XXX/32'
option interface 'wg_USA'
Are they the same in both wg interfaces or in the same network?
no,
10.13.43.....
and
10.13.128.......
not sure what you mean, but I only have one ''Lan'' interface and one ''wan'' interface
uci -q delete network.wg_CA.mtu
uci -q delete network.wg_CA.fwmark
uci -q delete network.wg_CA.delegate
uci -q delete network.wg_CA.listen_port
uci -q delete network.wg_USA.listen_port
uci commit network
/etc/init.d/network restart
sleep 10; wg show
And post the output.
thanks, now both wg interfaces are started, both works, but in vpn-pbr, even if I chose one device on wg_CA and the other via wg_USA, only one works, me second device is still via ''wan''
interface: wg_CA
public key: SV8zhLrNJPer5cLV+04eXXXXWqBEaQzM5LUGIZBE=
private key: (hidden)
listening port: 33162
peer: RRXA6mRAlklv54VePiooIfXXXXFC2QKD2uF0aww+TF0=
endpoint: 192.252.213.XX:1443
allowed ips: 0.0.0.0/0
latest handshake: 1 minute, 30 seconds ago
transfer: 2.11 KiB received, 308 B sent
persistent keepalive: every 25 seconds
interface: wg_USA
public key: zlAgJMlkbMClK/enRCKwkiynDXXXXXEz8SBIF6ry0=
private key: (hidden)
listening port: 39808
peer: 0hWaOeSOsU6u2Z6BDDXXXXjTwfMxhgyLKMcx3bFVQ=
endpoint: 185.8.50.XXX:1443
allowed ips: 0.0.0.0/0
latest handshake: 1 minute, 30 seconds ago
transfer: 92 B received, 276 B sent
persistent keepalive: every 25 seconds
after I rebooted my pc to be sure, I lost wifi
Wi-Fi is likely a separate unrelated problem.
You can try to power cycle the router and its clients.
I tested it, power cycle router and clients...
and wifi stops, when I stop one wg interface, the wifi comes back
i've read that I could use /32 instead of /24 for the IPs?
You should use whatever the provider has instructed you to use. Both are valid.
Post the troubleshooting commands.
working now
thanks
hi again,
one more thing, when I change my interface in ''vpn-pbr'' , ie: my pc ''wg_CA to ''wan'', when I check my dnsleak, instead to have cloudflare dns from Canada (IM in canada) I get dns location from USA, my second wg interface and peer are USA location......
it is not a big deal, but I thought when I am on ''wan'' no vpn, that I would be with dns from my actual location...?
what I see in Policy routing, in service gateways at the top, I have :
wan/eth0
vpn/tun0
wg_CA
wg_USA
and the one always check is ''wg_USA'' as default
thanks
or Ive read that in ''vpn pbr / readme''
option route_allowed_ips '0'
is it what I am looking?
No.
This is by defult.
To avoid DNS leak, you need to route DNS over VPN as mentioned above.
Moreover in your case with 2 different VPN providers.
2 differents like that:
# Configure dnsmasq
uci -q delete dhcp.lan.dhcp_option
uci add_list dhcp.lan.dhcp_option="6,1.1.1.1,9.9.9.9"