It was a typo, I meant eth1.2 , but the script did the job as well anyway.
Disable the vpn client and PBR. Is it working now that everything goes out of wan and not vpn?
Try something else, define the ingress interface for WG as wan and not everything. It shouldn't matter, but I remember another thread that it was conflicting.
Add wg0 interface in lan firewall zone and remove it from wg_server zone. It also shouldn't matter, but we need to rule out all possibilities.
Disabling vpn client and PBR: connecting from the internet now works fine!
Not sure I understood this one correctly. You mean the firewall rule for allowing incoming wg traffic? If so I did that and set the source zone to wan: no change; still not working
So I did that, restarted the network and it works. With VPN client and PBR enabled...
Which means something is not right with the wireguard zone. Since I would really like to work with separated zones, do you have any further ideas? Again, thank you for taking the time!
EDIT: I am sorry, point 3 is not working after all. After restarting the network the default route was going through wan and not the vpn client. After making sure the default route is set to the vpn client, it makes no difference whether wg0 interface is assigned to the lan zone or wg server zone: it does not work in any case. So the problem is rather related to PBR not working? Which would be strange since it works fine for my web server and I can also create working rules for specific domains...
Ok restore back the protocol to udp, change verbosity setting to 2 and post the following: cat /etc/config/vpn-policy-routing , /etc/init.d/vpn-policy-routing support, as well as the output of /etc/init.d/vpn-policy-routing reload
@stangri is it a typo in the readme that although WG uses UDP, your example uses TCP?
Only as a user, don't have any code.
Do you see anything weird here by any chance? I've been looking at it for a couple of days but all seems correct. And when PBR is disabled it works fine.
Is OpenVPN tunnel utilizing tcp ot udp? I'd recommend trying to switch it to TCP and see if it helps. I can't recall the reason exactly, but for the VPN server/client scenarios README recommends using different protocols for them, could it be the same here?
I think @stangri means the vpn client I use which is indeed OpenVPN and supports TCP. Only the server is wireguard. But as I wrote changing the client to tcp does not help
Thank you in any case for helping. I actually spent several days searching through forums (also this one) without any success before posting here, so I am not too hopeful anymore