So on version (pre) release 2 I managed to get vpn cascading working with wireguard and vpn policies by pointing the firewall zone to wgserver and wgserver to wgclient and wgclient to wan.
In where the vpn client worked, but since pre-release 3 its ignoring the vpn client and all traffic gets passed to wan and not wgclient.
Im aware vpn cascading will be a feature soon has something been changed?
Im trying to create a roadwarrior setup over wifi and then cascade it to mullvads vpn.
We have not yet designed for such a scenario. With the current VPN cascade feature, if you enable it, all traffic is forwarded to the VPN client. This has nothing to do with the VPN policies.
The settings for this are too complex, so we don’t have the perfect solution to make them work together for now.
Maybe you can explain your scene and your specific configuration for our reference, thank you.
release3 does not change the logic code in this case, all that is associated with the VPN cascade is a bug fix.
So I don’t know why the previous configuration failed.
my configuration is advanced, but it did worked on release 2 here are my firewall rules:
the idea of wlan0 and wlan1 is to talk to the wgserver zone only, so therefor I need to connect to the wg server instance from flint over wifi, and from there it can only talk to wgclient.
in practice this works even though the script is not really compatible when stopping or starting the vpn server or client but I can still reload the firewall, but what happens is that it ignores wgclient and instead prioritizes normal wan as exit so it leaks my normal ip address outside of wan rather than using wgclients mullvads vpn.
so I tried the following:
- having the wg server run first
- restarting the vpn client
but for some reason it keeps following the wan route on wgserver, all other routes work fine for wgclient except the wgservers one, I think somehow this might be a bug as I had not observed this behaviour prior.
if I need to add more please let me know.
ah! I figured it out, under vpn dashboard theres now also a option for cascading vpns this was not checked, this topic can be closed in case for confusion either I have did this before in release 2 and forgotten it or it was default set to on, its working fine