I would like to use multiwan to link eth and repeater, already connected to the same main router, to share the gw dmz in drop-in on eth. I know it would be absurd when talking about dmz, but perhaps the multiwan interface can get around the obstacle.
Otherwise, I could give up on the DMZ if I could send WireGuard traffic (on policy) to the repeater, which should be feasible at least via shell.
The main router on dmz is better than any other expensive configuration (QoS does not allow for more). However, there is room for improvement with wifi, and if you have any ideas for further exploring the multiwan settings as described, I would appreciate it.
Yeah, it's not clear to me what you're looking to do as the composition leaves a bit to be desired but...
I'd remove WireGuard from the equation until you know load lalancing is operating correctly. I don't use it but GL GUI -> Network -> Multi-WAN -> Failover/Load Balance should let you set something up. Knowing the model & firmware version(s) would help.
Maybe I'm misreading all this & you're looking to bond an upstream eth & radio to a GL.iNet device. IDK; either way you should have a network topology in mind. Be sure to note the model names, numbers, port IDs, eth v wl ifs, IPs inc VPN's.
Okay, I'm not very good at English and the idea is a bit strange, but it's clearly explained. First of all, when I say repeater, I'm referring to the second WAN of the gl.inet, so for Ethernet, then there's the ISP router and that's it.
I would like to bridge apclix0 and eth0 on be3600 4.7.3, to make them appear to the ISP router as a single card, even if they are served by different channels (different channels that add up bandwidth according to ISP rules). But bridges are usually internal, I don't know how to use it from wan.
Since I don't really believe in it, I was thinking of the alternative of splitting the traffic, perhaps using wireguard policies, not the load balancer, because the repeater in upstream bypasses gl.inet, and I would have to limit it with a policy (the ISP also has a wireguard server, I can create a client instance on gl.inet, but the repeater is not among the sources).
That is, how do I aggregate apclix0 with eth0? Or, how do I route WireGuard through WWAN instead of WAN? The diagram wouldn't add much, it's a network topology that is theoretically simple but complex in practice.
I don't have a Slate 7 so IDK if your references to 'apclix0' is unique to that device but I'd guess so.
I don't see why you couldn't route all WG to a radio but IDK if iptables is still in use or if nft is only on that device. Either way I think you're going to need to jump into LuCI to get it accomplished if at all. I know my routing skills aren't up to the task ATM.
Even if the apclix0 (repeater) and eth0 (WAN of be3600) on the bridge, it should not be able to obtain the accumulated bandwidth (even if "different channels that add up bandwidth according to ISP rules"), the packet header has been converted after routing.
If you confirm "different channels that add up bandwidth according to ISP rules", you can swap to Load Balance mode in Multi-WAN, or install the third-party plugin mwan3 to set up more flexible policy routing.
@9b9e69c2-4b75-4420 apclix0 is the 5Ghz repeater. Of course, for WireGuard, you just need to change the gateway in the tunnel configuration. I suggest implementing it in the GUI, since the 4.8.1 version has much more complicated features.
@bruce So can I bridge devices for the upstream interface as well as the downstream one? It seemed so absurd that I didn't try it. The goal is to share the IP and therefore DMZ and drop-in-gateway.
@bruce As for policies, without bridging, load balancing would be lame. I'll try wan3. I imagine they use policy-based routing, which I had already used on WireGuard in OpenWRT 21, but it had a bug when using it for domain names, which was fixed in 23. Thanks for the suggestion.
Although it can be done for bridging, you need to have how to operate brctl, bridge is actually equivalent to "extender" (upstream WAN interfaces, bridge to downstream interfaces like LAN, so they are in layer 2), I think using a router does not makes sense.
If you install the plugin mwan3, please disable kmwan first:
I've reduced the main-router to an ont+bridge, so now I only have one input, however I'm still interested in it, configuring a multi-wan thoroughly has many applications.
I had never poked around the mwan3 config but from here Making sure you're not a bot! I see that it is really flexible, you can make policies, it is much more than a fixed bridge.
I find little about kmwan on google though, if you have a link I really appreciate it, before I change packages I would like to see both.
Well, it works well. For a few days, I used the repeater to provide Wi-Fi via LAN to a PC without Wi-Fi. I thought it was absurd; if it's called a repeater, it's not a router, but once again it proves to be a Swiss Army knife.
So for now, I'll keep kmwan, see what works in the mwan3 manual, or wait for you to enrich the GUI, as with the rest.