I would like to use OpenWrt as a VPN gateway for a client that needs port forwards to be reachable on the real WAN. There are reasons why I can't run the VPN on the device itself. Sounds a little complicated, so here's my idea (IP addresses are examples):
Main network - 10.0.0.0/24
- Inside main Network:
-- OpenWrt as VPN Gateway (WAN 10.0.0.10/24)
---- Inside OpenWrt: Device with 10.1.0.20/24
-- Other devices
What I want to do:
- Set up OpenWrt so it only allows internet traffic to go via the VPN interface (VPN is an own firewall zone)
- If the VPN interface goes down, the 10.1.0.20 device shall not be allowed to communicate to the outside world
- I want ports reachable from 10.0.0.0/24. So I want to set up port forwarding, that I could access 10.0.0.10:8080 which would forward to 10.1.0.20:8080.
I'm pretty well versed in networking I'd say, but I'm really stumbling here. So far I have set up the WireGuard tunnel within OpenWrt and traffic routes over the VPN correctly. Is there a plugin or something that I could use, or am I just missing a route and a firewall rule?