Does traffic coming in on em1-em4 route to traffic on the other interfaces, or is traffic going out to a specific wg tunnel, only or is there both internal and external flows?
diana KI5PGJ On July 29, 2025 6:10:02 PM MDT, Andrew Dekker <dekker@tbh.gratis> wrote: >To preface, please bear with me, my terminology may not be accurate but I'll >try to describe what I've been struggling with this all week. >I am using 7.7 as a router/firewall with multiple lan's >I would like to have multiple egress vpn's over wireguard, for individual lans > >I have 5 dedicated ports on my router. em0 is wan, em1-4 are individual lans. >I have some vlans too but thats not important. > >I would like to have 1 wireguard tunnel per lan, so that the lan traffic flows >through its tunnel only, except for em1 which >will need to failover to the default route on em0 when wg1 is down. > >I have tried with manually creating wg interfaces and gateways, using pf and >rtables but am not having any luck getting wg >to handshake unless I route 0/1 and 128/1 to the wg interface. > >wg-quick is out of the question it seems as it automatically adds routes which >prevent the other lans from using their gateways. > >Does anyone know how to setup these gateways, routes and pf rules properly >that individual lans can exit through different wg interfaces? >And how to connect multiple wg interfaces at the same time? > >Thanks! > >Andrew
