hi guys how are you? i hope well, i come again with some questions,may be you could help me..i have on incoming wireguard vpn conection,which i use to connect to my home network from the ouside,and i'm wondering if i could add another one outgoing with an external provider like proton,nordvpn etc.if so i have to create another firewall zone wright? thanks a lot.
You can just create another instance same way as first one but with new name and configure as you want.
1 Like
How should I configure the firewall and zone to avoid overlapping with the incoming VPN? Can the priority between the outgoing VPN and the wan be modified if the outgoing VPN is deactivated?
On the other hand, when I connect from outside to my local local network through the incoming VPN, at the time of going out to the Internet, would I come out with the IP of the outgoing VPN connection? sory for my engish. but thanks a lot!
So you have to create new zone new interface and add new peers. For example /etc/config/network:
#fist interface is wg0 so:
config interface 'wg1'
option proto 'wireguard'
option private_key 'bfidfiofhhoisoishoshoisfohofoissvoijodsoivsosijsoijsoisvj=='
option listen_port '54321'
list addresses '10.10.0.1/24'
#peers for first interface is wireguard_wg0 so for next shoould be wg1
config wireguard_wg1
option public_key 'publickeylalalalalalalalalalalalalalalaal='
option route_allowed_ips '1'
list allowed_ips '10.10.0.10/32'
option persistent_keepalive '25'
And some firewall:
config zone
option name 'wgtwo'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option masq '1'
option network 'wg1'
config forwarding
option src 'wgtwo'
option dest 'wan'
# and other forwarding eq wgtwo<>lan, wg<>wgtwo etc.
config rule
option src 'wan'
option target 'ACCEPT'
option proto 'udp'
option dest_port '54321' #you have to enable this udp port in firewall
option name 'wireguardtwo'
Its only basic settings. Other settings according to your needs.
thanks a lot...at 23.05.5 we can upload de config file wright? masquerading and mss enabled wright? thanks again
config forwarding
option src 'wgtwo'
option dest 'wan'
this part is a traffic rule wright?
Its just an example. You can name your zone as you want.
And forwarding as you want.
Review yours first instance settings in /etc/config/network/ and /etc/config/firewall
I don't like luci and uci so I prefer edit config files using vi or nano. Or using Winscp
i understand,but it's something like you posted....gives me an idea on how to congifure.thanks.
I typing direct from my head so you need review it. I did something like that a few years ago. You can ask ChatGPT for details.
The basic redirecting all Internet usage to a VPN service will break the vpn in that you're also running. You will need to set up conditional routing to have both work. But do get the vpn out working by itself first.