Wireguard: Putting specific tunnel into vlan / own ssid

Hi .,

Interesting project.
I have a Wireguard site-to-site VPN conneted to several other sites. Normally, only the specific traffic is routed through the tunnel. (traffic to goes through tunnel 1, whereas traffic to goes through tunnel 2, while traffic to and all external IPs stays local). So far, so good.

My goal is now to offer a new wlan SSID, where all connected clients have all traffic been routed through a specific tunnel, lets say tunnel 2.

This is not as trivial, since the existing wireguard config to this endpoint has
Allowed_IPs =
and needs to be, right? But this would affect all other clients on the router as well.

Maybe making a second wireguard interface can help? Can I make two connections to the same tunnel, one with wg0 and Allowed_IPs =, and one with wg1 and ?
Any other ideas?

You can try the VPN Policy Routing package, that should do what you need I think. Alternatively you can manually set up some routing rules. I've done something similar but I don't have access to my configs at the mo to add any further details.

1 Like

The Allowed IPs has to be changed on the remote side (the end needing Internet traffic); not on the OpenWrt.

The suggestions @krazeh will not be considered until you properly set the Allowed IPs.

I am a n00B, so I don't know if it is rude to ask this (if so, please just ignore and I will go away :slight_smile: ), but would you be prepared to share/show your configs as a learning exercise for guys like me?

Thanks either way

1 Like