Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple Wireguard Tunnels - How to set Tier 1 and 2 for priorities to achieve Failover Behavior

    Scheduled Pinned Locked Moved WireGuard
    wireguardvpngatewaygroup
    3 Posts 2 Posters 1.2k Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      privatenetworks
      last edited by

      Re: [Guide] Setup a wireguard tunnel to VPN provider (multiple VPN tunnel setup)

      This was a great post to get me started with a dual VPN solution - thanks so much for the write up @LaUs3r . For my use case I desire a wireguard primary interface and a failover wireguard connection if primary goes down or has high latency. I finally got both set up, handshaking and passing traffic.

      I'm probably a bit over my head here and did a lot of trial and error to get things going so sorry if stupid question but once thing still isn't working for me correctly. wg0 and wg1 are both passing traffic like a round robin load balance situation - each successive connection alternates which one is being used - but that isn't the behavior I want.

      I want to only send traffic to wg1 if wg0 fails (or gets high letency and packet loss). I created a gateway for each and a gateway group. In the gw group I have wg0 as Tier 1 and wg1 as Tier 2 but they seem to be treated equal. I also created an interface group for my NAT rules that contains VPN1(wg0) and VPN2(wg1)
      I think I am missing what rules/process steers the traffic to the gateway group and how the NAT works and maybe somehow I'm sending traffic to both gateways ignoring the group tier and priority.

      Any ideas where I should look in more detail to figure this out?

      TIA

      Bob.DigB 1 Reply Last reply Reply Quote 0
      • Bob.DigB Offline
        Bob.Dig LAYER 8 @privatenetworks
        last edited by

        @privatenetworks said in Multiple Wireguard Tunnels - How to set Tier 1 and 2 for priorities to achieve Failover Behavior:

        Any ideas where I should look in more detail to figure this out?

        Maybe show some pictures of your rules? And why do you use an interface group for your NAT rules.

        P 1 Reply Last reply Reply Quote 0
        • P Offline
          privatenetworks @Bob.Dig
          last edited by

          @Bob.Dig I will work on some pics but it's been in a state of evolution as a test network running another scenario at the moment - but when I can switch it back to this I was looking for some things to focus on and try.

          I used an interface group for NAT rules because one of the tutorials I read showed to do that and said create a group or do rules for every one. Seemed like a group would be best practice then for larger numbers - but you you recommend to just do a NAT entry for each instead?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.