In order to route everything through the wireguard VPN connections (I have 2-3 used one as backup of the previous one), I did:
partially follow the wireguard road warrior:
- flagged "Gateway switching" in System-Settings-General;
- flagged "Upstream Gateway" in System-Gateway-Configuration-each of the wireguard gateways;
- flagged "Failover States" & "Failback States" in each wireguard gateway;
- given an higher priority (lower number) to the wireguard gateways (ie. First VPNgw =1 , Second VPNgw =3, Third VPNgw =5, WAN =7);
- the gateway monitoring brings online/offline each gateway in case something is not working;
-created a static route + firewall to each IP entrypoint through WAN (in order to avoid VPN connections going one through the other)
This way the wireguards are basically used as a multi-wan setup and I am finally able to route everything (also firewall originated traffic) through the VPNs.
The questions is: this configuration has any security issue or any other flaw?
Everything works properly, aside that after a randomic amount of time the handshakes are not renewed but the IP entrypoints are still reachable: I am trying to understand where is the cause of this behaviour.
Thank you.