Default Route

I have manually setup a wireguard configuration from openwrt backend.
When i use it as a default route with target the default wan route still is used and the vpn route is ignored even with better metric.
Only if i set the target to the vpn route is used /prioritized. But from my basic network understanding is not really correct.
Any advice?
Here is my routing table (wg0 being the wireguard interface and wlan-sta0 the wan interface)
Destination Gateway Genmask Flags Metric Ref Use Iface
default * U 0 0 0 wg0
default UG 20 0 0 wlan-sta0 * U 0 0 0 br-lan * U 20 0 0 wlan-sta0 UGH 20 0 0 wlan-sta0 * U 0 0 0 br-guest

Hello Toby103,

Slighlty out on a limb here, as I use OpenVPN not Wireguard.

If you goto Luci (advanced under more settings).
Can you see the Wireguard interface under Network Interfaces?
If so, you may need to install the luci-proto-wireguard package (it will say “install protocol extensions” on the interface, which you can use to locate and install the package. Reboot the router after this.

If you press Edit on the interface, and goto the Advanced Settings tab, find the entry called “Use gateway metric”, default is 20 I think. You want to arrange for the value here for the Wireguard Interface to be lower than the value for the connected route out. In your case a value of 19 shoudl do as your alternative is wlan-sta0 or internet Wifi.

This way when the Wireguard is up, it will take over the routing.

As I said, there may be ways to do this through the Wireguard config itself, rather than on the underlying network interface.

Hope this helps, or at least puts you on the route path.
I think your current config will reach some of the internet, but only a small part of it, judging by the route installed in the routing table.


That sadly does not solve the issue as it already had a metric of 0 before and still would take the other route - i changed the default route through wg0 with target and metric 0 and routing table now looks like that:
Destination Gateway Genmask Flags Metric Ref Use Iface
default * U 15 0 0 wg0
default UG 20 0 0 wlan-sta0 * UH 15 0 0 wg0 * U 0 0 0 br-lan * U 20 0 0 wlan-sta0 UGH 20 0 0 wlan-sta0 * U 0 0 0 br-guest

Still, clients and router would still use wlan-sta0 / wan as preferred route and not the wg0 one - any other idea why would work but does not?

I found out that master table is not used as there is a standard policy set in axt1800 router to route through table 52/53 for vpn / non vpn traffic. Sadly i cannot find where those packet marks are set.

1 Like

I can see the policy defined under Networking routing Rules, no idea how the VPN is set to use that table I am afraid.

The reason sort of works is is a longer prefix match than (i.e 1 bit longer prefix). So anything from to will prefer the over the /0. Router will use the longest match first, then decide by metric.


Hi Toby103

you can configuration reference the wireguard config.

for example, wg client config as:

root@GL-AR750S:~# cat /var/etc/wireguard.conf
ListenPort = 37484
PrivateKey = mK+IJ5EKUytc0Kge/4lvyH5RYIXI+EntNSlcrXfx43g=

PublicKey = uHz0TLd7ISx+EHwaeby6sLQMGxQH8EMI7e9QYt+lDBs=
AllowedIPs =,::/0
PersistentKeepalive = 25
Endpoint =

the important attribute is “AllowedIPs”, it allow which ip can through the wireguard route