Routing traffic through Wireguard AND L2tp/IkeV2 problem
Posted: Sun Dec 29, 2024 9:27 am
Between a client MT and a remote server MT I have an L2TP/Ikev2 VPN and some mangle rules on the client side to only allow certain devices go through the vpn.
What I 'm looking to do (and have not accomplished so far) is to have road warriors connect via Wireguard to the server (directly) when on cell tower signal, BUT route traffic through the L2TP/Ikev2 vpn when that/those device(s) connect(s) to the client’s wifi.
I want to leave the Wireguard app always up and running on the phone but like mentioned, for Wireguard to be effective only when on cell tower signal. I have experimented with different firewall rules e.g. on the server , IP routes etc but haven’t managed it...this filter rule for some reason blocks internet access completely on the phone when on cient’s LAN. Can someone please offer ideas/suggestions?
If there is a better way than blocking e.g. routing please share your thoughts .
P.S. 192.168.1.0/24 is the LAN on the client side. Server is a CHR directly on the internet and phone gets 192.168.50.2 address while on Wireguard.
Thank you in advance
What I 'm looking to do (and have not accomplished so far) is to have road warriors connect via Wireguard to the server (directly) when on cell tower signal, BUT route traffic through the L2TP/Ikev2 vpn when that/those device(s) connect(s) to the client’s wifi.
I want to leave the Wireguard app always up and running on the phone but like mentioned, for Wireguard to be effective only when on cell tower signal. I have experimented with different firewall rules e.g. on the server
Code: Select all
action=drop chain=input comment="Drop Wireguard traffic from local Wi-Fi" dst-port=51820 protocol=udp src-address=192.168.1.0/24If there is a better way than blocking e.g. routing please share your thoughts .
P.S. 192.168.1.0/24 is the LAN on the client side. Server is a CHR directly on the internet and phone gets 192.168.50.2 address while on Wireguard.
Thank you in advance