Using 2 wireguard peers in same time?

uci -q delete network.wg_CA.mtu
uci -q delete network.wg_CA.fwmark
uci -q delete network.wg_CA.delegate
uci -q delete network.wg_CA.listen_port
uci -q delete network.wg_USA.listen_port
uci commit network
/etc/init.d/network restart
sleep 10; wg show

And post the output.

thanks, now both wg interfaces are started, both works, but in vpn-pbr, even if I chose one device on wg_CA and the other via wg_USA, only one works, me second device is still via ''wan''

interface: wg_CA
  public key: SV8zhLrNJPer5cLV+04eXXXXWqBEaQzM5LUGIZBE=
  private key: (hidden)
  listening port: 33162

peer: RRXA6mRAlklv54VePiooIfXXXXFC2QKD2uF0aww+TF0=
  endpoint: 192.252.213.XX:1443
  allowed ips: 0.0.0.0/0
  latest handshake: 1 minute, 30 seconds ago
  transfer: 2.11 KiB received, 308 B sent
  persistent keepalive: every 25 seconds

interface: wg_USA
  public key: zlAgJMlkbMClK/enRCKwkiynDXXXXXEz8SBIF6ry0=
  private key: (hidden)
  listening port: 39808

peer: 0hWaOeSOsU6u2Z6BDDXXXXjTwfMxhgyLKMcx3bFVQ=
  endpoint: 185.8.50.XXX:1443
  allowed ips: 0.0.0.0/0
  latest handshake: 1 minute, 30 seconds ago
  transfer: 92 B received, 276 B sent
  persistent keepalive: every 25 seconds

1 Like

after I rebooted my pc to be sure, I lost wifi

Wi-Fi is likely a separate unrelated problem.
You can try to power cycle the router and its clients.

1 Like

I tested it, power cycle router and clients...
and wifi stops, when I stop one wg interface, the wifi comes back

1 Like

i've read that I could use /32 instead of /24 for the IPs?

You should use whatever the provider has instructed you to use. Both are valid.

Post the troubleshooting commands.

1 Like

working now
thanks

hi again,

one more thing, when I change my interface in ''vpn-pbr'' , ie: my pc ''wg_CA to ''wan'', when I check my dnsleak, instead to have cloudflare dns from Canada (IM in canada) I get dns location from USA, my second wg interface and peer are USA location......

it is not a big deal, but I thought when I am on ''wan'' no vpn, that I would be with dns from my actual location...?
what I see in Policy routing, in service gateways at the top, I have :

wan/eth0
vpn/tun0
wg_CA
wg_USA

and the one always check is ''wg_USA'' as default

thanks

Configure DNS with DHCP using a major DNS provider.

1 Like

or Ive read that in ''vpn pbr / readme''

option route_allowed_ips '0'

is it what I am looking?

No.

This is by defult.

To avoid DNS leak, you need to route DNS over VPN as mentioned above.
Moreover in your case with 2 different VPN providers.

1 Like

2 differents like that:

# Configure dnsmasq
uci -q delete dhcp.lan.dhcp_option
uci add_list dhcp.lan.dhcp_option="6,1.1.1.1,9.9.9.9"
 

Yep, but you should configure both dnsmasq and odhcpd.
And I recommend to start with a single DNS provider like Google or Cloudflare.

1 Like

but anyway I dont have dns leak even if I put ''0'' or ''1'' as option route_allowed_ips
cause in ''wan'' dns by peers, I added cloudflare

here what I have, should be good...?

Note that some sites require your traffic endpoint region to match DNS endpoint region.

1 Like

ok, so I guess that setup could block my vpn provider dns pushed?

Try this test: https://ipleak.net/

If you are satisfied with the result, then it should be fine.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.