WireGuard Multi-WAN Policy Routing

Mimiko · April 2, 2025, 6:09am

Hello.
I’ve tried this. But this does not work correctly. While the packet is sent to correct gateway, the IP address is the one that is listed as first in ip addresses.
Setting pref-source on route does not change the src ip address.

Why not using something like that?

/ip address
add address=172.30.241.2/24 interface=ether1-GW241 network=172.30.241.0
add address=172.30.242.2/24 interface=ether2-GW242 network=172.30.242.0
add address=10.99.99.1/24 interface=wireguard-Server network=10.99.99.0

/routing table
add disabled=no fib name=GW242
add disabled=no fib name=GW241

/ip firewall filter
add action=add-src-to-address-list address-list=WG-VIA-241 address-list-timeout=2s chain=input connection-state=new dst-address=172.30.241.2 dst-port=13231 protocol=udp
add action=add-src-to-address-list address-list=WG-VIA-242 address-list-timeout=2s chain=input connection-state=new dst-address=172.30.242.2 dst-port=13231 protocol=udp
/ip firewall mangle
add action=mark-routing chain=output dst-address-list=WG-VIA-242 new-routing-mark=GW242 passthrough=no protocol=udp src-port=13231
add action=mark-routing chain=output dst-address-list=WG-VIA-241 new-routing-mark=GW241 passthrough=no protocol=udp src-port=13231

/ip route
add disabled=no dst-address=0.0.0.0/0 gateway=172.30.241.1 routing-table=main suppress-hw-offload=no
add disabled=no dst-address=0.0.0.0/0 gateway=172.30.242.1 routing-table=GW242 suppress-hw-offload=no
add disabled=no dst-address=0.0.0.0/0 gateway=172.30.241.1 routing-table=GW241 suppress-hw-offload=no