Setting up a Manjaro-router with Wireguard VPN

Greetings Programs!

This first part is the backstory. It isn’t really required, but it gives a little info on the setting.
I live in a small town. While I have a fibre channel internet connection, my ISP does not offer public IPv4 addresses to private customers. To get around this limitation (to be able to access my network from the outside), I got myself a VPN tunnel from Mullvad. This works fine so far on an old TP-Link router running OpenWRT. The speed is, however, rather “limiting”. To be able to use my line properly, I bought a Rasperry Pi 4.

I tried using OpenWRT, mainly because I know how to set that up already, but there is no stable release for the Raspberry Pi 4 yet and the snapshots are somewhat buggy. Apart from that, updating OpenWRT is a little annoying. Since I use Manjara on my desktop, I decided to give that a shot. The catch: While setting up Manjaro as a desktop/workstation or even a file- or webserver is no big deal for me (anymore), I have never tried to manually set up a router before. I know what I want to do, but telling the Linux kernel what it should do is where the problem begins. :stuck_out_tongue_closed_eyes:

I do not expect to get step by step instructions here, but maybe you guys can give me a few links to stuff I should read.

I have a router (AVM FritzBox 7590) which is connected to the outside world via a dual stack light connection (IPv4 CGN only). The TP-Link router currently works as the DHCP-server, DNS-server and VPN-gateway. The local network is While the network seems pretty big, there are actually only about a dozen clients in the network (including smartphones, tablets and laptops).
I would like the Pi to be the VPN-gateway - for two VPNs. One for Mullvad, one to the office.

A few devices don’t need to go via a VPN. When they get the IP-address assigned via DHCP, they’ll get the FritzBox a default route. The clients which should access one of the VPNs will get the Pi as the default route. But how would you decide which VPN the packets go to? This could be done using the IP-address or the subnet. Is there a better option?

I hope I was pretty clear on where I want to go. :innocent: And I hope to get a few suggestions on what to read - as long as it’s not exactly a comprehensive guide to networking theory. :stuck_out_tongue_closed_eyes:

Take care and stay negative!

1 Like

It’s a pretty nifty project, but the forum here is not a good place to get an answer to such a complex question.

Questions here are best if they’re very specific so you can get a specific answer. What you need is consultancy: a geek on-site for a couple of days to tackle this issue. (No I’m not volunteering!)