Print Page - use WireGuard only for traffic on one WAN interface

Title: use WireGuard only for traffic on one WAN interface
Post by: thunderbird on November 15, 2025, 01:31:41 PM

Hi,

I have the following setup:
WAN, fixed IP, no VLAN, bound to igc0
WAN2, VLAN interface, VLAN 200, bound to igc0

WAN2 is using a link where privacy is not ensured, so I'd like to use a WireGuard VPN. But the VPN should only be used if a packet is going out on WAN2, not on WAN.

I would like to have a gateway group with both interfaces in it. If OPNsense decides to use WAN2, the packets should go through WireGuard. If WAN is used, the packets should go out directly.

I know how I can create route policies depending on source IP, but not on "WAN link used". Using a destination address is also not what I need.

Is this possible to achieve?

Thank you and best regards.

Title: Re: use WireGuard only for traffic on one WAN interface
Post by: Maurice on November 15, 2025, 03:30:16 PM

You can create a gateway group which includes the WAN gateway and the WireGuard gateway, but NOT the WAN2 gateway.

Cheers
Maurice

OPNsense Forum

English Forums => Virtual private networks => Topic started by: thunderbird on November 15, 2025, 01:31:41 PM