Hello,
I am trying to create a network-wide VPN so that all my devices in my network can make use of it. I know that a VPN client can be installed on the router itself (GL-MT6000 / Flint 2) but this limits my speed to 600 Mbps. I have a 1 Gbps fiber connection from my ISP so I would like to run the VPN on more powerful hardware.
I have a separate Lenovo computer which I'm using as a home server. It runs Proxmox and my plan is to create a Linux container with WireGuard installed on it. This container would function as my VPN and forward all my home traffic so that it's masqueraded by the VPN.
So what I have tried is:
- Create an LXC and install WireGuard on it.
- Import a configuration file from my VPN provider and connect.
- Set up a static route so that all traffic flows through the VPN container.
- Set up policy-based routing so that all traffic (minus local requests) flows through the VPN container.
As you can see, the last two steps are where I'm hitting a wall. I have continuously attempted many things with ChatGPT to assist me as I'm not very experienced with networking stuff. These are the things that went wrong:
- Option 1: The moment I set the WireGuard LXC as the default gateway in my interface
homelabby using6,192.168.55.55, all other LXCs seem to have their traffic flow through the VPN. However, my Adguard Home (DNS server) LXC and the WireGuard LXC itself fail to connect to the internet. This is solved by restoring WireGuard's default gateway to the router so that it doesn't loop back to itself. This still results in a broken DNS server and I am forced to use a public one such as1.1.1.1. - Option 2: When I try policy-based routing instead, I can only select an external interface. I have even tried creating a separate interface and VLAN solely for my WireGuard LXC, but even that one couldn't be selected in the list of interfaces. I tried to do this because I want local requests to not flow through the WireGuard LXC since its sole purpose is to handle outgoing internet traffic.
If I try option 1, I have to manually set the default gateway for devices that are configured with a static IP. The moment I change their gateway to the WireGuard LXC and restart them, they become unreachable. Also my phone fails to connect to WiFi after using 6,192.168.55.55.
What I am trying to achieve is:
- All outgoing internet traffic flows through the WireGuard LXC.
- All local requests (within 192.168.x.x) don't pass through the WireGuard LXC.
I am pretty much at my wits end, as I have tried endlessly to find a solution. My ideal situation is to have a 24/7 network-wide VPN on different machine than my router for performance reasons, with routing rules being configured on the router level so I don't have to reconfigure every single device.
I hope someone can help...
