Installed OpenWrt Snapshot on Raspberry PI 4. Using it as a VPN router behind my main router (R9000).
There are 2 interfaces:
- Wireguard (WAN)
- LAN
Wireguard client is installed and working. I can point any IP to it I wish. The vpn-policy-router service is installed and enabled, but will not start. I captured the below from logs:
Thu Oct 8 08:54:41 2020 user.notice vpn-policy-routing [7021]: service waiting for wan gateway...
Thu Oct 8 08:54:42 2020 user.notice vpn-policy-routing [7021]: service waiting for wan gateway...
Thu Oct 8 08:54:43 2020 user.notice vpn-policy-routing [7021]: ERROR: service failed to discover WAN gateway!
Thu Oct 8 08:54:43 2020 user.notice vpn-policy-routing [7021]: ERROR: DNSMASQ ipset support is enabled in vpn-policy-routing, but DNSMASQ is either not installed or installed DNSMASQ does not support ipsets!
Thu Oct 8 08:54:43 2020 user.notice vpn-policy-routing [7021]: service monitoring interfaces: StrongWG .
have you read this? ( search for dnsmasq, dependencies and gateway... should resolve most of your issues )
1 Like
I ended up using a new version of the firmware. DNSMASQ-Full is installed now. The logs (shown below) show it still cannot find the gateway (it literally couldn't find the gateway).
My setup:
Raspberry PI 4 model B with OpenWrt SNAPSHOT r14694-e788e9bd87, eth0/WAN connected to LAN port on gateway router.
Do I just need to point V_PBR to the actual gateway?
Wed Oct 14 07:50:58 2020 user.notice vpn-policy-routing [2957]: service waiting for wan gateway...
Wed Oct 14 07:50:59 2020 user.notice vpn-policy-routing [2957]: service waiting for wan gateway...
Wed Oct 14 07:51:00 2020 user.notice vpn-policy-routing [2957]: service waiting for wan gateway...
Wed Oct 14 07:51:01 2020 user.notice vpn-policy-routing [2957]: service waiting for wan gateway...
Wed Oct 14 07:51:02 2020 user.notice vpn-policy-routing [2957]: service waiting for wan gateway...
Wed Oct 14 07:51:03 2020 user.notice vpn-policy-routing [2957]: service waiting for wan gateway...
Wed Oct 14 07:51:04 2020 user.notice vpn-policy-routing [2957]: ERROR: service failed to discover WAN gateway!
edit: /etc/init.d/vpn-policy-routing ( insert around line 222 )
is_wan_up() {
local sleepCount=1
#ADD-THE-LINE-BELOW-HERE
wanGW="192.168.1.1"
while [ -z "$wanGW" ] ; do
hack-o-rific... so we might run into more issues... but see what happens... ( you probably are going to have to define the tunnel as wan... to force vpn-pbr to work... but I think there will be too many other edits maybe...for that or forcing it to accept br-lan as a valid 'wan' interface... see how you get along, maybe ask the developer in the support thread what they would advise )...
in a nutshell... vpn-pbr is likely not coded to handle such 'internal-on-a-stick' topologies... search the forum for route-rule... and go the manual route might be a simpler way forward... depending on the level of failover you are after...
1 Like
I installed openwrt on raspi to setup a wireguard client because PBR doesn't work with a wireguard client in ddwrt, and I don't want all of my traffic going through the tunnel. I can point individual devices at the PI, so it kind of acts like manual PBR.
I want to get PBR working on the PI, so I can point all of the hosts I want to go through the tunnel at it, and be able to still bypass the tunnel for some of those hosts for various reasons.
1 Like
I implemented your suggestion, and it started and is running! Thanks!
I'll play with it a bit, and let you know what happens.
1 Like
