ZebMcKayhan
Very Senior Member
Do you mean everything through vpn except a single ip? If yes, then:
For that to work, the peer must be in policy mode, not default mode...
You also need to add a rule for everything else to go out vpn, so in total:
Wan rules have higher priority than vpn rules so the single ip will be directed to wan before compared with the larger vpn range.
You can add as many single ip rules as you want but there could be a priority problem if you create more than 10 wan or vpn rules (?). If that is the case you might start to lump ips together and use cidr notation (ie /28 to cover 16 adresses within a single rule)
//Zeb
Edit: worth to mention is that if no matching rule is found in policy mode then it will go through wan. So if you only want a single ip through vpn and the rest to wan you only need (and only should) to add the "single ip to vpn" rule. The rest will go naturally through wan.
For that to work, the peer must be in policy mode, not default mode...
You also need to add a rule for everything else to go out vpn, so in total:
Code:
E:Option ==> peer wg11 rule add wan src=192.168.1.x comment SingleUseWAN
E:Option ==> peer wg11 rule add vpn src=192.168.1.1/24 comment RestUseVPN
E:Option ==> peer wg11 auto=p
Wan rules have higher priority than vpn rules so the single ip will be directed to wan before compared with the larger vpn range.
You can add as many single ip rules as you want but there could be a priority problem if you create more than 10 wan or vpn rules (?). If that is the case you might start to lump ips together and use cidr notation (ie /28 to cover 16 adresses within a single rule)
//Zeb
Edit: worth to mention is that if no matching rule is found in policy mode then it will go through wan. So if you only want a single ip through vpn and the rest to wan you only need (and only should) to add the "single ip to vpn" rule. The rest will go naturally through wan.
Last edited: