[SOLVED] Wireguard setting advice PBR

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
View previous topic :: View next topic  
Author Message
Wizo
DD-WRT User


Joined: 08 Jun 2023
Posts: 139
Location: Essex. England.
PostPosted: Tue Jul 29, 2025 12:40    Post subject: [SOLVED] Wireguard setting advice PBR Reply with quote
Hello,

I am connected to SurfShark VPN with Wireguard, All working great!

Router: Netgear Nighthawk XR700

I am using DD-WRT v3.0-r61981 (29/7/25)

I would like to have one computer (192.168.1.10 set static) bypass the VPN completely.

I am guessing that is done by the Source Routing PBR = Route Selected Sources via WAN

Source for PBR = 192.168.1.10/32

But it does not work.

I have had a read of EGC’s very helpful guides but did not see anything like it.

Thanking EGC in advance.

A little help please ?
Back to top View user's profile Send private message
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 13878
Location: Netherlands
PostPosted: Tue Jul 29, 2025 13:43    Post subject: Reply with quote
That should work, see picture for the settings.

If it does not work then specify what does not work, no internet, still routed via the VPN etc.?

Check if the static IP address is correct and check if you do not have your own kill switch implemented.

Otherwise show output of
picture of Basic Setup page (whole page) and WireGuard settings page (whole page)

From command line:
ip route show
ip route show table all
iptables -vnL
arp -a

Naamloos.jpg
 Description:
 Filesize:  58.62 KB
 Viewed:  124435 Time(s)

Naamloos.jpg

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
Wizo
DD-WRT User


Joined: 08 Jun 2023
Posts: 139
Location: Essex. England.
PostPosted: Tue Jul 29, 2025 20:56    Post subject: Reply with quote
I am so Sorry egc... Embarassed Embarassed Embarassed Rolling Eyes

I almost fear to tell you !




I forgot to restart my PC afterwards

All is working as expected now!

I am sorry for wasting your time, and deserve no doubt to have the "P" taken by the bigger boys Shocked
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 13878
Location: Netherlands
PostPosted: Wed Jul 30, 2025 5:05    Post subject: Reply with quote
Great to hear it is working Smile
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
saphirely
DD-WRT User


Joined: 13 Dec 2020
Posts: 416
PostPosted: Fri Aug 01, 2025 15:49    Post subject: Reply with quote
@egc
I wonder whether I can post my question for you here about openwrt instead of ddwrt.

Previously, I have setuped WireGuard Server 10.0.0.1/24 on single wrt1900acs(v1) 192.168.1.1 on DDWRT (before March 2025) successfully, Yes, all WG client can use only 192.168.1.1 (Not add 8.8.8.8 or others) as dns server via WG VPN. Indeed all works.

But after my bricked action, I cannot come back to DDWRT, only openwrt works, I have also read your latest version three pdfs marked 27 July 2025 (OpenWRT Policy Based Routing (PBR).pdf, OpenWRT WireGuard Client Setup guide using LuCi.pdf OpenWRT WireGuard Server Setup guide using LuCi.pdf)

Code:

[Interface]
PrivateKey = YxxxxxxxxxxxxxxxxxxxxxxxxxWc=
Address = 10.0.0.6/32
ListenPort = 54321
DNS = 192.168.1.1

[Peer]
PublicKey = sxxxxxxxxxxxxxxxxxxxxxxxxxxxmc=
# PresharedKey not used
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = xxxxx.yyyy.org:54321
PersistentKeepAlive = 25


I wonder how I can fix.
My WG client must manual changed to 192.168.1.1, 8.8.8.8 so that WG be normal completely.
Otherwise, only tun0 connected in WG status.

I am sure that I have either DDNS trouble or WG connection.
Previously on ddwrt, there are
Code:

iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr)
iptables -t raw -D PREROUTING -j CT --notrack >/dev/null 2>&1


Anyway, the same formula for openwrt did not work.

Thanks a lot.
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 13878
Location: Netherlands
PostPosted: Fri Aug 01, 2025 18:34    Post subject: Reply with quote
For setting up a WireGuard server on OpenWRT ask at the OpenWRT forum

But for starters see: OpenWRT WireGuard Server Setup Guide
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum