I successfully setup selective routing with WireGuard over one tunnel as per the tutorial from the docs (https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html) for outbound internet traffic. I setup multiple tunnels and as long as I'm using only one tunnel / gateway, everything works fine. As soon as I use a gateway group to load balance traffic over all the tunnels, things stop working properly.
The docs mention this (https://docs.opnsense.org/manual/how-tos/wireguard-client-mullvad.html#step-2-assignments-and-routing):
QuoteWhen assigning interfaces we can also add gateways to them. This would offer you the chance to balance traffic via different VPN providers or do more complex routing scenarios.
... and this (https://docs.opnsense.org/manual/how-tos/wireguard-client.html#step-5-a-assign-an-interface-to-wireguard-recommended):
Quote
When assigning interfaces, gateways can be added to them. This is useful if balancing traffic across multiple tunnels is required or in more complex routing scenarios. To do this, go to System ‣ Gateways ‣ Single and add a new gateway. Choose the relevant WireGuard interface and set the Gateway to dynamic. These scenarios are otherwise beyond the scope of this how-to
Does anyone have a link on where I can read up on the topic "beyond this how-to"? Can anyone shed some light on what the
Dynamic gateway policy would do here?
In this post (https://forum.opnsense.org/index.php?topic=15939.0) it's mentioned that:
Quote
But true HA / LB is not possible with WG (yet...). So all connection states will be dropped when having a failover-event.
Can anyone confirm this? Does anybody have a working multi-tunnel load balance configuration?
So I installed `wireguard-kmod` an have been testing failover gateway groups with WireGuard. It seems to be working.
However, load balancing doesn't work. I wouldn't know how to find out why.