Wireguard with PBR and IPv6

Installing and Using OpenWrt Network and Wireless Configuration
21

Well, it worked, configured my whole network in about 10 minutes because I tend to be too much of a control freak to run a batch file and ended up copy pasting the commands.

It's basically nothing but the dhcp and the VPN setup. Still want to install PBR (why do they keep changing the name of that one?!) so I can make easy exclusions for gaming, work and those annoying sites which either completely deny connections from VPN's or make one go through 17 captchas.

Then begins the arduous process of hooking up my clients and making them all aware of going from .local to .home.arpa and getting a new reserved IP address.

Finally I'll be able to play around with WPA3 and the likes.

When everything's verified working I'll click the post with your Github as the solution (as it contained the MSS checkbox and I was too stubborn to check it).

In the meantime, would you be able to explain a bit more about what the::0/1 and 8000::/1 actually does? When I studied for my Cisco we still had available IPv4 addresses. :slight_smile:

22

The "problem " is that OpenWRT uses IPv6 Source routing so you have multiple default routes for each source (e.g. you local lan).
If you make a general default Ipv6 route with ::/0 then the existing source routes via the WAN are still preferred.
What you can do is disable source routing but then you also have to factor in the metrics so your metric from Wireguard interface has to be lower then the existing metric (lower than 256 e.g. 1) but setting a metric will also add a that metric to the IPv4 WG interface (e.g. 1) but the existing IPv4 default route has Metric 0 so in this case you have to set the IPv4 default route to a higher metric then the WG metric.

Could you follow that :roll_eyes: well I got a bit lost researching that.

So instead of all that simply use ::/1 and 8000::/1 which will override existing default routes also those with source routing

Anyway very glad you are a step further resolving this problem.

Sure you can use PBR I also do it:

I can also help you with that :slight_smile:
You can ping me