Requesting Help with static routes.

[Jumpstarter]

Okay first I have wireguard VPN service setup on a client where all its traffic is being routed to a vpn service provider. I have a separate site tunnel I want to route my traffic from the router through this same wireguard configuration. I already have IP forwading on the device configured. Can someone give me a good example of what setting up a static route on my asus router for this may look like?

 

[eibgrad]

Gonna have to read a bit between the lines here since your description is a bit imprecise.

What I *think* you're saying is that you have a *LAN* client that's running WG, and an OpenVPN server configured on the router, and want to route that traffic through the WG client for the purposes of internet access, correct?

 

[Jumpstarter]

Gonna have to read a bit between the lines here since your description is a bit imprecise.

What I *think* you're saying is that you have a *LAN* client that's running WG, and an OpenVPN server configured on the router, and want to route that traffic through the WG client for the purposes of internet access, correct?

Correct

 

[eibgrad]

If the local VPN client was OpenVPN and running on the router, the answer would be fairly simple. If the default gateway was set to that of the local OpenVPN client, any internet bound traffic from clients of the OpenVPN server would automatically be routed over the local OpenVPN client. It's just automatic. If PBR (policy based routing) was active, you'd need to add the OpenVPN server's IP network (i.e., the tunnel) to PBR.

What makes your situation tricky is now YOU have to implement your own PBR to tell the router it should route the OpenVPN server's IP network over to the LAN ip of the device hosting the local VPN client (WG, OpenVPN, doesn't matter). And once there, it will be routed over that VPN client to the internet.

Certainly doable (I'm doing that right now on my own network, except the local VPN client is OpenVPN). But not an easy task for someone unfamiliar w/ networking. On the router, you'd need to create an alternate routing table, add the LAN ip of the device hosting the WG client as its default gateway, use ip rules to force OpenVPN server's IP packets to use that alternate routing table, etc. Again, doable, but it involves a lot more than just adding a simple static route.

 

[eibgrad]

P.S. Given the complexity, it might be easier to run the OpenVPN server on the same device as the OpenVPN client! And now, just like the router, that traffic will automatically be routed over the OpenVPN client. There are still a few other details, but relatively minor compared to what would be required to make this happen on the router. I assume the device hosting WG is Linux?