I have a GL-AX1800 Flint. Connected to it I have two WAN connections in load balanced mode:
WISP “repeater” mode (port is forwarded)
Wired via wireless bridge (another WISP connection)
I want Wireguard to work through connection #1, since I have the port forwarded and don’t have to deal with bridging setup on top as well.
However, for some reason the Wireguard server seems to only listen on the second network. When I try to export a configuration file, it always exports with the IP from connection #2. It is only when I unplug network #2 that things start working properly.
How do I force the Wireguard server to listen on IP #1 versus IP #2 in a Multi-WAN situation?
Yeah, it seems your Ethernet is the priority connection (GL GUI → Network → Multi-WAN → Interface Priority).
My first instinct is to use some custom routing to send your WG server traffic out over $RepeaterIP but the immed. problem w/ that is that, well, your $RepeaterIP changes when you change the upstream/its Wi-Fi connection. I’m not convinced it’s the most efficient solution.
Regardless I foresee you’re going to need to get into LuCI & SSH. If you haven’t set that up already, see the attached HOW-TO; it’ll walk you through a practical exercise for just that.
I’ll hold back a bit for others who may have better insights; I have a tendency to look to ‘roll my own’ solution than use stock tools.
I already have LuCI activated and have used it before in OpenWRT settings. Note that I have already ordered my links by priority using the failover menu,. but to no avail. Seems like the ethernet preference is hard-baked in somehow.
Anyway, I htink the solution lies in the WireGuard settings somewhere. I have to tell it to listen to the right interface. I wonder if there’s a place where I can do that? I’ve tried going into interfaces->WGSERVER, but even after installing wireguard-tools and luci-proto-wireguard, it still says “Unsupported protocol type”.
The irony is I’m in another thread w/ a very similar scenario minus the WG aspect.
You may be onto something more than you know.
I wouldn’t worry about that; I see the same for my Slate AX.
I think you’re close but I doubt it’s something directly set as a WG setting. I believe it to be the metric set to the routes.
I presume you can ssh into your GL device. Here’s an example of my routing table w/ a WG Client running. My Slate AX is behind a ‘main router’. I am using one ISP:
root@GL-AXT1800:~# ip route show
0.0.0.0/1 dev wgclient scope link
default via 192.168.1.1 dev eth0 proto static src 192.168.1.116 metric 10
10.14.0.0/16 dev wgclient proto kernel scope link src 10.14.0.2
3[redacted]7 via 192.168.1.1 dev eth0 proto static metric 10
128.0.0.0/1 dev wgclient scope link
192.168.1.0/24 dev eth0 proto static scope link metric 10
192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1
192.168.9.0/24 dev br-guest proto kernel scope link src 192.168.9.1 linkdown
In the case of Multi-WAN I would expect something more like:
# ip route show
default via 10.0.3.2 dev eth1 proto static src 10.0.3.15 metric 10
default via 10.0.4.2 dev eth2 proto static src 10.0.4.15 metric 20
It’s the metric that dictates the priority interface. Can you post your route(s), please?
root@system:~# ip r show
default via 192.168.1.1 dev eth0 proto static src 192.168.1.6 metric 10
default via 192.168.0.1 dev wlan-sta0 proto static src 192.168.0.254 metric 20
I just edited /etc/config/network and swapped the two over and it did the trick! Thanks.
Seems like some feedback for GL-iNet to make suer the priority order under Multi-WAN actually updates the interface metrics.