I'm using Teltonika RUTX12 dual LTE cat 6 router with two 4G sim cards. Each sim card give me around 16mbps of down-link which is to me very slow. While purchasing this unit I thought it comes with proper link aggregation but it only have simple fail-over and load balancing feature. like some of the peplink boxes do
So I'm trying to do this myself using two wireguard links and combine traffic with support of VPS. I found similar question in reddit this but I'm stuck with the PBR part.
Below are the steps I did so far
WWAN1 - LTE SIM1
WWAN2 - LTE SIM2
create two wireguard interfaces on same VPS with below config
wg0
[Interface]
Address = 10.22.22.1/24
ListenPort = 54837
Table = off
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
PostUp = iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i eth0 -o wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
Client remote_gw_wg_1
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
AllowedIPs = 0.0.0.0/0
wg1
[Interface]
Address = 10.33.33.1/24
ListenPort = 54838
Table = off
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
PostUp = iptables -A FORWARD -i eth0 -o wg1 -j ACCEPT; iptables -A FORWARD -i wg1 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i eth0 -o wg1 -j ACCEPT; iptables -D FORWARD -i wg1 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
Client remote_gw_wg_2
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
AllowedIPs = 0.0.0.0/0
Connect router to the VPS using two wireguard interfaces
wg0
[Interface]
FwMark = 100
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Address = 10.22.22.2/32
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Endpoint = xxxxxxxxxxxxxxxxxx:54837
PersistentKeepalive = 20
AllowedIPs = 10.22.22.0/24
wg1
[Interface]
FwMark = 101
PrivateKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Address = 10.33.33.2/32
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxx
Endpoint = xxxxxxxxxxxxxxxxxx:54838
PersistentKeepalive = 20
AllowedIPs = 10.33.33.0/24
After this I can ping to both wireguard interfaces from rutx12 to vps and vps to rutx12
Then I create route table called wireguard on /etc/iproute2/rt_tables
#
# reserved values
#
255 local
254 main
253 default
0 unspec
144 wireguard
#
# local
#
#1 inr.ruhep
Then I added two default route with equal metric to the new wireguard routing table
ip route add default dev wg0 table wireguard && ip route append default dev wg1 table wireguard
root@rutx12:~# ip route show table wireguard
default dev wg0 scope link
default dev wg1 scope link
Then I add ip rule all traffic not marked with fwmark 100 and 101 use routing table wireguard
ip rule add not fwmark 100 lookup wireguard priority 10
ip rule add not fwmark 101 lookup wireguard priority 10
Based on the reddit post I should add SNAT for get this working. But I'm not sure why SNAT needed. first I need to test aggrigated bandwidth within my rutx12.
Since the main routing table have default route to my WWAN01 link (sim1) how the wireguard utilize both the wwan links for traffic ? (both sim1 and sim2). Do I need to add static route for each? or do I need VPS with two public IP address ?
What are the things I'm missing here? and is there any other way to aggregate these two connections ?
