Binding Wireguard to a specific WAN Interface

[anomaly0617]

Hi folks,

Hopefully a straightforward question here....

I have a location where there are dual WAN connections, one Fiber (WAN_FIBER), and one Coaxial (WAN_COAX).

The location has a few site-to-site Wireguard tunnels to other locations.

I want to:

• Route the Wireguard traffic primarily over the Fiber line
• Route everything else (internet for users, for instance) over the Coaxial line

I can do the second one primarily with Gateway Groups I have established. But the first one... I haven't found a way to bind Wireguard to a specific network interface like I could with OpenVPN and IPSec.

Am I missing something obvious?

Oh, just to cover the base... I have a firewall rule in the WAN_FIBER interface for incoming Wireguard traffic. The problem is the outgoing traffic. I'm trying to figure out how to define the interface the Wireguard traffic leaves out of, should this location be the initiating peer.

Thanks, in advance!

[OmnomBánhmì]

The logic of Wireguard is: it presents as an interface. The peer needs no knowledge of how many or where an interface is.

So the same logic applies as you already have for incoming traffic: you need a firewall rule for the scenario to direct your outgoing (outgoing from where? From the wg0 or whatever its called) towards the preferred other interface.

This presupposes that your Wireguard instance has an interface; there's ways to go without and with an explicit interface. You'll need the explicit version for what you want.