Trying to get policy routing to work on RUTX09

newbuilder22 · May 22, 2025, 6:39pm

I have followed RUTX50 wireguard VPN, but only to affect specific local IP addresses?

Everything is set as it shows except the ip address of the device to be routed this way is 192.168.0.252.

I am confused by the IPV4-Gateway. in the policy based routing

I have tried: The 45.xx address (See below), the endpoint address after getting ip from Convert Host Name to IP Address or Find IP address of a host - e.g. find IP address of host name of,

Current issue:

The 192.168.0.252 is still routing through the ISP and not the VPN tunnel
When I remove the

The Wireguard configuration file is as follows:

[Interface]
PrivateKey=REDACTED
Address=45.74.0.XX
DNS=45.74.0.YY,45.74.0.ZZ
[Peer]
PublicKey=REDACTED
AllowedIPs=0.0.0.0/0
Endpoint=sx0230113-wg.pointtoserver.com:51820
PersistentKeepalive=21

I have redacted parts of ip addresses but made the redactions coded so you can refer to the correct address.

ifconfig
PURE      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:45.74.0.92  P-t-P:45.74.0.92  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP  MTU:1420  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

root@RUTX09:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 0.0.0.0 0.0.0.0 U 3 0 0 qmimux0
10.162.118.68 0.0.0.0 255.255.255.255 UH 3 0 0 qmimux0
45.74.0.0 0.0.0.0 255.255.255.0 U 0 0 0 PURE
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan

I understand how frustrating it is for you guys to repeat the same thing but I promise I have tried for two nights now and even reset the router to factory defaults too.

ps:
I think the WG is connected
WG show

flebourse · May 22, 2025, 6:49pm

Hello,

Could you show the full wg output ?
Regards,

newbuilder22 · May 22, 2025, 7:04pm

Hi @flebourse
Can you let me know the CLI command to show the output you would like.

Many thanks for your quick reply

flebourse · May 22, 2025, 7:05pm

Just wg. Of course hide the keys.

newbuilder22 · May 22, 2025, 7:08pm

If I disconnect and then do wg I just get the command prompt again.

Thanks for coming back to me

flebourse · May 22, 2025, 7:11pm

As shown, the tunnel doesn’t appear to be connected.
What is the value of the “latest handshake” line ?

newbuilder22 · May 22, 2025, 7:12pm

Strangely there isn’t one. I will go and try it again and will come back to you.

Do you know what the ipv4 gateway address should be?

flebourse · May 22, 2025, 7:12pm

0.0.0.0/0 might interfere withe the default route. Use 0.0.0.0/1 + 128.0.0.0/1 instead.

flebourse · May 22, 2025, 7:13pm

No, not yet.

flebourse · May 22, 2025, 7:14pm

So the tunnel isn’t connected.

newbuilder22 · May 22, 2025, 7:22pm

Hi again @flebourse
Thanks for your patience.

flebourse · May 22, 2025, 7:26pm

This time the tunnel appears to be connected. Change Allowed IPs to 0.0.0.0/1 + 128.0.0.0/1

newbuilder22 · May 22, 2025, 7:28pm

Thank you. I can confirm I have done this

flebourse · May 22, 2025, 7:34pm

Is this still true ?

newbuilder22 · May 22, 2025, 7:37pm

yes
The device is set up as
192.168.0.252
GW: 192.168.0.1
DNS 192.168.0.1

flebourse · May 22, 2025, 7:46pm

What are the outputs of:

ip -4 route show
ip -4 rule show

?

newbuilder22 · May 22, 2025, 7:48pm

the route PURE is no longer showing

flebourse · May 22, 2025, 7:57pm

Have you set “Route Allowed IPs” in the wg config ?

newbuilder22 · May 22, 2025, 8:02pm

I have now and it all seems to be working but my understanding in the above was to set it to off.

I have tested on many devices that should have ISP and they are working and on the VPN device and all okay. Should i reboot to check it sticks?

Thanks and fingers crossed

flebourse · May 22, 2025, 8:04pm

A reboot is always a good thing to perform in order to be sure to have a clean configuration.