Wireguard Multiple connections

Wireguard Multiple connections.

Hello. I want to connect multiple computers at the receiving end through wire guards.
The subnet was configured as 255.255.0.0.

Sending network configuration. The receiving network setting is normal, but only one computer is connected. I want to use the IP of the wireguard sending 3 computers.

config rule
	option in 'lan'
	option src '192.168.2.1/32'
	option src '192.168.3.1/32'
	option lookup '101'

config route
	option interface 'wg1'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '101'

What you're requesting is not clear.

  • Why don't you add the third IP then?
  • Your rule statement is improper.

You need three rules (one for each IP); and to declare the priority of the rule:

config rule
	option in 'lan'
	option src '192.168.2.1/32'
	option lookup '101'
	option priority '5'

config rule
	option in 'lan'
	option src '192.168.3.1/32'
	option lookup '101'
	option priority '6'

config rule
	option in 'lan'
	option src '192.168.xxx.xxx/32'
	option lookup '101'
	option priority '7'

I hope this /16 is on the Wireguard tunnels only, and you're not declaring this - assuming you'll reach the 192.168.xxx.xxx subnets on other devices/VLANs/Interfaces. Otherwise, the tunnel would need to be renumbered; as the routers would think the subnet is the tunnel itself.

1 Like

The third IP will be added.
Can I use IP from 1 to 254 when 192.168.2.0 is additionally specified?
I said I use three IPs. I want to configure it to be used as 192.168.2.4 / 192.168.2.111.
192.168.3.1 IP does not need to be used.

I'm pretty sure you can establish multiple WG connections using the default routing table.
Therefore, you do not need to manually add rules and routes.
Can you explain why you are using a custom routing table?

1 Like

Yes. The main routing table has several wireguard interfaces. wg0, wg1,wg2,wg3,wg4... are all recipients.

I am trying to do this configuration.
wg0 -> 192.168.1.1~254
wg1 -> 192.168.2.1~254
wg2 -> 192.168.3.1~254
wg3 -> 192.168.4.1~254
wg4 -> 192.168.5.1~254

Creating rules one by one takes too long. So I am looking for a way. Any help would be greatly appreciated.

Perhaps we should discuss this in terms of the client-server model, as the word "recipient" is confusing in the current context.
In any case, those networks do not overlap, so nothing stops you from using the main routing table for all of them.

2 Likes

This is the receiving server.
I'm looking for a way to compress that can be used with the addition of multiple rules, but is comfortable.

Well, you do not need any rules if you stay within the main routing table.
That should be the most compact and simple way, isn't it?

1 Like
config rule
	option in 'lan'
	option src '192.168.50.1/32'
	option lookup '101'

config route
	option interface 'wg1'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '101'

config rule
	option in 'lan'
	option src '192.168.50.2/32'
	option lookup '102'

config route
	option interface 'wg1'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '102'

config rule
	option in 'lan'
	option src '192.168.50.3/32'
	option lookup '103'

config route
	option interface 'wg1'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '103'

config rule
	option in 'lan'
	option src '192.168.50.4/32'
	option lookup '104'

config route
	option interface 'wg1'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '104'

config rule
	option in 'lan'
	option src '192.168.50.5/32'
	option lookup '105'

config route
	option interface 'wg1'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '105'

config rule
	option in 'lan'
	option src '192.168.51.1/32'
	option lookup '111'

config route
	option interface 'wg2'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '111'

config rule
	option in 'lan'
	option src '192.168.51.2/32'
	option lookup '112'

config route
	option interface 'wg2'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '112'

config rule
	option in 'lan'
	option src '192.168.51.3/32'
	option lookup '113'

config route
	option interface 'wg2'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '113'

config rule
	option in 'lan'
	option src '192.168.51.4/32'
	option lookup '114'

config route
	option interface 'wg2'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '114'

config rule
	option in 'lan'
	option src '192.168.51.5/32'
	option lookup '115'

config route
	option interface 'wg2'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '115'

config rule
	option in 'lan'
	option src '192.168.52.1/32'
	option lookup '121'

config route
	option interface 'wg3'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '121'

config rule
	option in 'lan'
	option src '192.168.52.2/32'
	option lookup '122'

config route
	option interface 'wg3'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '122'

config rule
	option in 'lan'
	option src '192.168.52.3/32'
	option lookup '123'

config route
	option interface 'wg3'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '123'

config rule
	option in 'lan'
	option src '192.168.52.4/32'
	option lookup '124'

config route
	option interface 'wg3'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '124'

config rule
	option in 'lan'
	option src '192.168.52.5/32'
	option lookup '125'

config route
	option interface 'wg3'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '125'

config rule
	option in 'lan'
	option src '192.168.53.1/32'
	option lookup '131'

config route
	option interface 'wg4'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '131'

config rule
	option in 'lan'
	option src '192.168.53.2/32'
	option lookup '132'

config route
	option interface 'wg4'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '132'

config rule
	option in 'lan'
	option src '192.168.53.3/32'
	option lookup '133'

config route
	option interface 'wg4'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '133'

config rule
	option in 'lan'
	option src '192.168.53.4/32'
	option lookup '134'

config route
	option interface 'wg4'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '134'

config rule
	option in 'lan'
	option src '192.168.53.5/32'
	option lookup '135'

config route
	option interface 'wg4'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '135'

config rule
	option in 'lan'
	option src '192.168.54.1/32'
	option lookup '141'

config route
	option interface 'wg5'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '141'

config rule
	option in 'lan'
	option src '192.168.54.2/32'
	option lookup '142'

config route
	option interface 'wg5'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '142'

config rule
	option in 'lan'
	option src '192.168.54.3/32'
	option lookup '143'

config route
	option interface 'wg5'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '143'

config rule
	option in 'lan'
	option src '192.168.54.4/32'
	option lookup '144'

config route
	option interface 'wg4'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '144'

config rule
	option in 'lan'
	option src '192.168.54.5/32'
	option lookup '145'

config route
	option interface 'wg5'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option table '145'

These are my wire guard rules and routes.
It works fine when tested.
However, if you work as above, it will take a lot of time.
192.168.50.1~5
192.168.51.1~5
192.168.52.1~5
192.168.53.1~5
192.168.54.1~5
I am looking for a way to make it more comfortable.

Please help me Still troubled.

I suggest using "zone" setting for firewall. Each for each interface:

config zone
	option name 'lan'
	option network 'lan wg0'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
2 Likes

I think it's not a firewall issue.
Multiple routers and rules.
Find a simple compression method.

Why don't you use pbr package? It is easier for inexperienced users.
One mistake you have here is that multiple routing tables are using the same wg1 as exit interface.

2 Likes