Hello, I've configured a wireguard server on openwrt that forwards all traffic to mullvad vpn. This post helped (routing specifically): https://www.gastonotero.com/blog/creating-a-vpn-only-lan-in-openwrt/. Network config:
config rule
option in 'wireguard'
option lookup '1743'
config route
option interface 'mullvad'
option target '0.0.0.0'
option netmask '0.0.0.0'
option table '1743'
Now I would like to forward all traffic from only one device on LAN through mullvad but not ports 18080 and 18089. I tried using the same config but add source:
config rule
option in 'lan'
option lookup '1743'
option src '192.168.1.192/32'
This just blocks internet on 192.168.1.192.
On second try I used PBR:
config policy
option name 'Workstation'
option src_addr '192.168.1.192'
option src_port '!18080 !18089'
option interface 'mullvad'
option chain 'forward'
This does nothing.
So how do you route all traffic except 2 ports from only one device to a VPN?