Posted: Sun Oct 02, 2022 8:09 Post subject: Wireguard, PBR and IPTV
Hello All,
I am running a Netgear R6400V2 on DD-WRT (Currently : v3.0-r50308 std (10/01/22)) and I am more than happy with the overall performance of the router. I have had it for a few months and yesterday I decided to dip into WireGuard since I was a bit sick of having all my devices having to have an app from my VPN provider.
My VPN provider is Surfshark and I have configured the Wireguard Tunnel via their tutorials. The connection is initiated and the speeds are truly amazing! (I have a 200Mbit fiber connection, and I get the full speed!!)
My Network Setup
I have two ranges important for me, one is for static leases and one for DHCP.
Static Range = 192.168.1.50 till 192.168.1.100
DHCP Range = 192.168.1.101 - 192.168.1.201
Now the issue I am having :
I have a provider for my TV which uses IPTV, this device is called the VipBox and I have set this device to a static IP of 192.168.1.50 that is in range for my static IP's and I have done the same for my "Work Server" that can't be routed through the VPN.
When I am setting the "Source Routing (PBR)" to Route Selected Source via VPN" and set these to the IP's I wish to route through the VPN (192.168.1.101/32,192.168.1.102/31,192.168.1.104/29,192.168.1.112/28,192.168.1.128/26,192.168.1.192/29,192.168.1.200/32) I see that all my devices get a nice VPN IP except my server and my VipBox which are routed through the WAN and get the IP of my ISP. This is exactly what I want!
However when I want to "initialize" my VipBox I get a message stating that the software can't be loaded. Via contact with the helpdesk it is stated that the IP of my Vipbox is one outside of the providers range.
So basically I am a bit struggling with the PBR of the Wireguard protocol. Am I doing something wrong? Basically I just want to have the TVBox (192.168.1.50) to completely bypass the Wireguard tunnel.
To work with ranges it is easier to start at .64 - .128 as that can be written as /26 described in the client setup guide.
If the problem does not appear when you have WG disabled and you are sure the IPTV box uses the WAN if WG is enabled then I suspect a DNS problem.
First you can check which IP and DNS is used by surfing to ipleak.net and/or dnsleaktest.com
Probably you are using the DNS of Surfshark and without further action that means you are using that DNS for all clients so also for your TV box.
Most TV providers (e.g. Netflix etc) not only check your IP but also your DNS.
So basically you also want to split your DNS
Our WireGuard implementation is capable of doing that, it is called Split DNS also described in the guide.