this post was submitted on 25 Aug 2025
2 points (75.0% liked)

OpenWrt

514 readers
1 users here now

OpenWrt news, tools, tips and discussion. Related projects, such as DD-WRT, Tomato and OpenSAN, are also on-topic.

Rules

  1. Stay on topic: All posts should be related to OpenWrt and related projects, including DD-WRT, Tomato, OpenSAN, and more!

  2. No offensive or low-effort content: Don't post offensive or unhelpful content. Be nice - keep it civil and friendly!

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English, behind a paywall or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy: Do not share links or direct people to pirated content.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No affiliate links: Posting affiliate links is not allowed.

founded 2 years ago
MODERATORS
ijeff
inspector@gadgetro.id
2
Looking for advice: Different WANs for different VLANs (feddit.uk)
submitted 1 week ago* (last edited 1 week ago) by rmuk@feddit.uk to c/openwrt
2 comments fedilink hide all child comments
 

Hi all. Thanks for checking in. I've been looking at Routing Rules and Routes to try and solve a couple of problems but I keep screwing up and taking down my whole network (and I've never been more grateful for serial ports).

What I'm trying to do is use different WAN connections for different VLANs/subnets. To begin with, I would like to route my general-purpose subnet (VLAN104) WAN traffic over a Proton Wireguard VPN while leaving all my other subnets using my standard ISP connection. Afterwards, I'd like to additionally route a subnet I use to give my neighbour Internet access (VLAN102) over a different Proton Wireguard VPN. Annoyingly, both the Wireguard VPN connections use the same private IP addresses though I suspect that won't actually matter that much in practise.

I starting to suspect I'm barking up the wrong tree trying to use Routing Rules but I'd appreciate any advice.

top 2 comments
sorted by: hot top controversial new old
[โ€“] sneaky@r.nf 1 points 1 week ago

So, not openwrt, but I just did this with Omada software and was similarly confused. The step I missed was creating IP Groups. Policy routing is correct, but I wasn't able to policy route VLANs. I had to create IP Groups that corresponded to the VLANs and then policy route the IP Groups.

[โ€“] sloppy_diffuser@sh.itjust.works 1 points 1 week ago* (last edited 1 week ago)

So, I don't use OpenWRT (for main router), but generally in each vlan you will need:

  • The WG interface in that vlan so all hosts can send their traffic to it.
  • DHCP server that sends the WG (local side IP) as the default route. Can also set statically on all devices. When a device on that vlan wants to send a packet to the internet it will do an ARP request for the local vlan IP then forward the IP packet to the router.
  • You will need to do some NAT as you have many private IPs for your devices in the vlan mapped to one IP given through WG. Packets that hit the WG interface should be forwarded down the tunnel with a translated source address of the local WG IP and whatever ports are in use publicly. Return packets reverse this operation.
  • Repeat for additional vlans.