VPN Policy Based Routing Help

somail · October 12, 2023, 4:32am

Hi,

I am trying my hand at VPN policy based routing. Mainly, sending traffic from one machine on my main LAN through the VPN tunnel (Wireguard). I have followed Tom’s tutorial(s) and I think I am in a good place. Wireguard is working, VPN Gateway added and firewall pointing relevant traffic to the new non-default VPN gateway.

I am now trying to confirm that the traffic I want to go over the VPN is in fact doing so. When I test via a file download I am seeing both my WireGuard VPN interface and WAN interface using the same incoming bandwidth. The two charts mirror each other when I have traffic coming over the VPN. At the same time I see the usage in the WireGuard status dashboard increase in the amount of the download, which tells me the traffic is indeed going over the VPN tunnel; but somehow being reported on the WAN as well.

My question is if I should be seeing traffic on both my Wireguard VPN and my WAN interface when downloading the test file. It seems odd that it would be in both interfaces. Does this mean I have set something up wrong?

Thank you for the help.

paolo · October 12, 2023, 8:16am

That’s perfectly normal. It’s just that it is the Wireguard service on the router which is sending and receiving all the WAN traffic instead of the end device. The downloaded data needs to come from somewhere.

To further verify that policy routing works, you can do a simple IP address lookup (e.g. via https://www.ipchecktool.com/). It should report the public IP address of the remote Wireguard peer instead of your router’s own public IP address.

somail · October 12, 2023, 2:51pm

Thanks paolo. Yes, I also confirmed via ifconfig that the system IP I am routing is the external Wireguard IP. It appears everything is working.