Sorry for going silent all of a sudden, but there seems to be a limit to how many responses a newly registered user can enter per day and I hit it with no warning.
Is there a way to message you privately through the page or otherwise? We could then sort out the technicalities with all the routes etc without posting every ping result and upload a more effective conclusion to the site if/when solved.
If not and if you are still willing to help we can continue here. I am grateful for your help so far, and any further suggestions you (or anyone else) may have.
The old forum offered the possibility to exchange private messages but this one appears to bo completely public.
Anyway, look at this question it is very similar to yours.
I have not had time to mess around with this as much as I would like, but this does not seem to be getting me anywhere. The example recommended describes a case when the user controls both his client and the central server to which the tunnel should run. I do not. I need to run a tunnel to a commercial provider where I have an endpoint domain but can end up on slightly different IP addresses each time.
Putting any of the IP addresses I end up on in a wan static routing with a lower metric than my wireguard interface does not work. Nor does putting the target address given in my configuration file, which I tried on the assumption I misunderstood what goes in there. I have internet all right, but nothing is routed through the VPN.
(It still does not make sense to me to give the wireguard interface a higher metric and steer my traffic directly to the VPN provider’s endpoint server. Is the wireguard interface not the entry point for the tunnel? Or is the tunnel really a way between my client and the providers server to agree that anything I send to that endpoint server has to be encrypted and the traffic then in the background anyway goes through the wireguard interface?)
I also found some articles that seem to have solved the problem - including to what I assume are commercial providers - by creating subnets and/or assigning specific machines to specific routes by programming vpn policy routing in the CLI. Could this be a way forward?
You can route a subnet instead of a host if you need.
I agree playing with route metrics is a workaround it would be cleaner to use firewall marks (as wg-quick does) or namespaces but it is not implemented this way in OpenWrt nor dd-wrt either.
More on that later maybe.
Rereading those posts I realize their main problem seems to be sorting different machines into different tunnels while mine is ‘simply’ to get the traffic into the tunnel.
Thank you for taking the time to reply. It seems this thread will be closed in a number of hours. If you are willing to continue helping I would of course be immensely grateful - right now all I feel is frustration. If so let me know what you need posted or if there is a way to PM.
VPN policy routing is doable but is far too complicated IMO in order to route all traffic through a tunnel.
I’ll look at a way to implement fwmarks to do the same in a clean way and create a new topic if I succeed (and the solution appears to be clean/robust enough, doesn’t break anything else …). In the meantime you can continue with a new ticket, I’ll try to help.
There is no way to exchange PMs in this forum.