Posted: Mon Aug 02, 2021 16:09 Post subject: Confused over wireguard and PBR.
I have read all the guides but am still confused on how to set up certain clients to bypass the Wireguard VPN.
Current setup is.
Netgear R7800 Build BS 47117
DHCP 192.168.1.1 Maximum users is 50. starting at 192.168.1.100
Under services I have set static leases to my devices, and the ones that I do not want going through the VPN I set the ip addresses outside of the 192.168.1.150 so that they would not be in range of dhcp created leases. Think this is how I did it when using openvpn and it worked.
Wireguard Tunnel is set with allowed ip's as per instruction
0.0.0.0/1,128.0.0.0/1
So now in Wireguard under Policy based routing according to the client guide v18. I would put the dhcp range of 192.168.1.100 - 192.168.1.150 in cidr format. (Policy Based Routing (PBR) will route IP addresses in the PBR field via the tunnel.
All other traffic will use the WAN)
Joined: 18 Mar 2014 Posts: 12922 Location: Netherlands
Posted: Mon Aug 02, 2021 17:18 Post subject:
As a quick test I placed your list in the PBR field (it has to be a comma delimited list) and that was working.
It is sometimes easy to make a typo e.g. using /24 but the list seems valid.
That looks good.
All clients except 192.168.1.100 will use the WAN and not the VPN.
Client 129.168.1.100 will use the VPN
Test clients with ipleak.net but it can take a minute before the routing is established.
Sometimes you have to refresh your browser cache.
If all clients still show they are using the VPN then disable Wireguard (settings are retained)
If clients still use the VPN then check your upstream router if this is using a VPN.
As always thank you for your help egc, I think it is working now, I took your advice about using .64 for DHCP, it is easier not to make a mistake that way.