Hello,
I am using 2 ISPs and running 2 wireguard server instances, one for each WAN interface. Also, a VPS running as a wireguard client to the OpenWRT
To enforce this, I have configured PBR policy set to send traffic based on UDP port for each wireguard instance:
The first instance the tunnel is formed correctly, no issue
The second one, however, the OpenWrt is sending traffic to the peer on the wrong port as can be seen here:
root@OpenWRT:~# tcpdump -i any port 48543
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
10:16:35.875535 IP <vps-ip-address>.48543 > 10.0.20.153.65402: UDP, length 148
10:16:35.876959 IP 10.0.20.153.16496 > <vps-ip-address>.48543: UDP, length 92
10:16:41.214771 IP <vps-ip-address>.48543 > 10.0.20.153.65402: UDP, length 148
10:16:46.547935 IP <vps-ip-address>.48543 > 10.0.20.153.65402: UDP, length 148
10:16:46.551744 IP 10.0.20.153.4426 > <vps-ip-address>.48543: UDP, length 92
10:16:51.669442 IP <vps-ip-address>.48543 > 10.0.20.153.65402: UDP, length 148
10:16:51.674027 IP 10.0.20.153.4426 > <vps-ip-address>.48543: UDP, length 92
10:16:56.790183 IP <vps-ip-address>.48543 > 10.0.20.153.65402: UDP, length 148
→ OpenWRT is sending traffic on port 16496 instead of the configured 65402
Below is the wireguard config:
config interface 'wgserver1'
option proto 'wireguard'
option private_key '***'
option listen_port '65401'
list addresses '10.101.100.1/24'
config wireguard_wgserver1
option description 'vps1'
option public_key '***'
list allowed_ips '10.101.100.2/24'
option route_allowed_ips '1'
option persistent_keepalive '25'
config interface 'wgserver2'
option proto 'wireguard'
option private_key '***'
option listen_port '65402'
list addresses '10.102.100.1/24'
config wireguard_wgserver2
option description 'vps2'
option public_key '***'
list allowed_ips '10.102.100.2/24'
option route_allowed_ips '1'
option persistent_keepalive '25'
Question:
What am I missing here?