PBR to route traffic from specific VLANs over VPN such as proton or Surfshark

Routers
1

I know wireguard server functionality was rolled out recently. Has anyone managed to get wireguard client working on route10 to establish a tunnel to VPN provider for the purposes of routing specific subnet through the VPN?

2

TBC.

VPN CLINET AND PBR functionality not available at present

3

Be sure to add your vote here for policy based routing.

3 Likes
4

This config works for me via cli

=== WireGuard Interface ===

uci set network.wg='interface'
uci set network.wg.proto='wireguard'
uci set network.wg.private_key='#'
uci set network.wg.addresses='#'
uci set network.wg.peerdns='0'
uci add_list network.wg.dns='#'

=== WireGuard Peer ===

uci add network wireguard_wg
uci set network.@wireguard_wg[-1].public_key='#'
uci set network.@wireguard_wg[-1].allowed_ips='0.0.0.0/0'
uci set network.@wireguard_wg[-1].endpoint_host='#'
uci set network.@wireguard_wg[-1].endpoint_port='51820'
uci set network.@wireguard_wg[-1].persistent_keepalive='25'

Apply network changes

uci commit network
/etc/init.d/network reload
ifup wg

=== Firewall Zone for WireGuard ===

uci set firewall.wg_zone="zone"
uci set firewall.wg_zone.name="wg"
uci set firewall.wg_zone.network="wg"
uci set firewall.wg_zone.input="ACCEPT"
uci set firewall.wg_zone.output="ACCEPT"
uci set firewall.wg_zone.forward="REJECT"
uci set firewall.wg_zone.masq="1"
uci set firewall.wg_zone.mtu_fix="1"

Add to WAN zone if needed

uci add_list firewall.wan.network='wg'

Kill Switch Rule

uci add firewall rule
uci set firewall.@rule[-1].name='Block_10.14.26.0_to_WAN'
uci set firewall.@rule[-1].src='lan'
uci set firewall.@rule[-1].src_ip='10.14.26.0/24'
uci set firewall.@rule[-1].dest='wan'
uci set firewall.@rule[-1].proto='all'
uci set firewall.@rule[-1].target='REJECT'
uci set firewall.@rule[-1].enabled='1'

Apply firewall changes

uci commit firewall
/etc/init.d/firewall restart

Create custom routing table

echo "200 wgroute" >> /etc/iproute2/rt_tables

Add route for that table to use wg

ip route add default dev wg table wgroute

Route 10.14.26.0/24 via wg interface

ip rule add from 10.14.26.0/24 table wgroute priority 300
5 Likes