MT2500 Wireguard connection using wrong route

scumball · July 18, 2023, 6:23pm

I have two connections on my MT2500, a fast WAN connection and a slower TETHERING connection

192.168.0.254 is the fast WAN
192.168.1.254 is the slow TETHERING (set as FAILOVER)

I noticed on the VPN it would only ever connect at a slow speed

When I run ip route show - it shows the VPN connection tied to the slow eth2 route

How do I fix this, and get the VPN connecting through eth0?

0.0.0.0/1 dev wgclient scope link
default via 192.168.0.254 dev eth0 proto static src 192.168.0.1 metric 10
default via 192.168.1.254 dev eth2 proto static metric 30
xx.xx.xx.xx/10 dev tailscale0 scope link
128.0.0.0/1 dev wgclient scope link
192.168.0.0/24 dev eth0 proto static scope link metric 10
192.168.1.0/24 dev eth2 proto static scope link metric 30
192.168.2.0/24 dev br-lan proto kernel scope link src 192.168.2.1
xx.xx.xx.xx via 192.168.1.254 dev eth2 proto static metric 30

bring.fringe18 · July 18, 2023, 6:41pm

Don’t forget to disconnect & reconnect your WG connection when you change ‘priorities’ under GL GUI → Network → Multi-WAN → Interface Priority. That seems to be ‘the trick’ to it for force the changes.

Related but your case seems to be the exact opposite of the following issue:

scumball · July 18, 2023, 6:44pm

That was my original issue.
I have now swapped my interfaces so the faster is WAN and the slower is tethering as I get a faster throughput on the built in port to the USB-Ethernet adaptor.
I’ve restarted the VPN a few times to try different servers as I thought it was just slow VPN access that you get sometimes.

scumball · July 23, 2023, 3:46pm

This seems to work - is it a bad thing to do?

In advanced settings I have put the VPN Client Virtual IP address as the Source Address.

bring.fringe18 · July 23, 2023, 9:51pm

I don’t have any static IPv4 routes by default in LuCI on my single WAN Flint so I can’t really comment.

(I mentioned that bug report thread as GL responded that mwan3 & iptables should be updating automatically. I wasn’t aware if you’ve read the new info.)

What’s the device assigned to 192.168.0.254? I’m not sure I have much advice to give on the ‘best practice’ here given the precieved reports & documented details of the aforementioned trouble.

scumball · July 23, 2023, 9:57pm

192.168.0.254 is my WAN - faster connection

bring.fringe18 · July 23, 2023, 10:19pm

So if the WAN via Ethernet is now your preferred connection instead of the thethered device, I’d just back up your VPN profile, reset the MT2500 back to factory defaults, then add your VPN profile again. We know the default metric is going to prefer WAN/Ethernet ‘out of the box.’

scumball · July 23, 2023, 10:31pm

Ok thanks. That’s a job for another day!

scumball · August 5, 2023, 5:29pm

I reset today and this is now all working as expected. Thanks.

EDIT: After a reboot VPN is back to using failover connection - odd one