Device: HAP ac2
RouterOS: 7.15.2
I need to run all traffic through WG tunnel to a selected (perhaps selectable) Mullvad VPN server.
What I have already:
- WG config file generated by Mullvad website - half of which I do not understand:
PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
- WB interface and peer entry configured accordingly AFAIK
What I do not know how to do:
- How to make this interface a default (with an option to add more in the future to be switched at will).
- How to tweak (currently all default) routing and NAT configuration.
My experience so far was setting up WG tunnels via KDE network manager, both directly and from the config file import. I am not experienced in routing configuration. While I found some walkthroughs, but they are for different use cases (optional VLAN, peer-to-peer LANs connections or remote work connection) and I do not know how to adapt them to my needs. I am also unwilling to experiment, lest I brick the device (did it once already).