Wireguard routing

Ramon · October 31, 2022, 9:31am

Hi all,

I have a question about wireguard. Little bit background 1st: I have 2x r7800 with 1 as router and AP, the other as managed switch and AP, both running multiple vlans and ssids.

Currently, I have wireguard running fine on my router. However, I was thinking that if I run wireguard on the other r7800 that may give me better performance as the router has more time available to actually do routing.

So I set up wireguard on the AP, made a port forward on the router to the AP. I can establish a link, everything works if I e.g. access luci on the AP, but the problem is I cannot access anything else. E.g. If I try to access luci on the router I just do not get a connection. I put the wireguard interface in the same firewall zone, with accept/accept/accept, so it should just forward the packets.

I think fundamentally it should be possible what I am trying to do but is it possible with how wireguard is implemented? I seem to recall that there was some issue with wireguard and routing, but cannot find back what it was anymore.

Does it even help performance to move the wireguard to the AP? (if not then I can just as well abort my attempts)

Thank you,

Ramon

krazeh · October 31, 2022, 9:55am

Probably not by enough that you would notice in real world usage.

As for your problem though, you probably need to add a new static route to the router so it knows to send any wireguard traffic to the AP.

psherman · October 31, 2022, 4:00pm

There is probably no significant performance benefit from moving the wg config to the other router, but it does make the overall network configuration more complicated. So while it is possible to do, I would recommend keeping things as they were.

Ramon · October 31, 2022, 4:33pm

Alright, thx @psherman and @krazeh for the advice. I guess i will just keep it as is.

psherman · November 4, 2022, 6:52pm

sounds good.

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

Ramon · November 4, 2022, 7:39pm

well it isnt really solved... I just decided to not pursue it any further

psherman · November 4, 2022, 7:44pm

Ok. Well, given that, you might select the “solution” as the answer that you think might best serve a future reader who has a similar question (even if it is basically to suggest that it isn’t worth implementing).