WireGuard as a server on backup connectivity

OK2SLC · March 13, 2025, 8:06am

Hello,

I’m looking for a solution to run WireGuard VPN on backup connectivity.

My scenario:
RUTX50 v7.13.1
Failover mode.
Basic connectivity (online): WAN with public address behind NAT.
Backup connectivity (standby): mob1s1a1 with a fixed public address.
WireGuard is in server mode which listens on the port.
WireGuard clients connect to the mob1s1a1 interface with a fixed public address.

When WAN down, WireGuard tunnel working fine. But once the WAN is up, all traffic is redirected to the WAN interface based on the default gateway and the WireGuard tunnel breaks down.

Interestingly, for example, HTTPS and SSH does not behave this way and still communicates over the mob1s1a1 interface regardless of the WAN state.

Martynas · March 26, 2025, 12:52pm

Hello,

Apologies for a delayed response. Could you try selecting Tunnel source to mob1s1a1 (prefer/persist) in WG peer’s advanced settings?

This way, the WireGuard tunnel with the client should remain active during a wired WAN loss and continue running through the mobile WAN interface.

Let me know if this helps or if you need further assistance.

Best regards,

OK2SLC · March 26, 2025, 1:52pm

Thank you for your response.

But this Advanced setting cannot be used on the “server” side, because this option requires the “General settings” to specify the “Endpoint host” address, which I don’t know and may be different each time.