Coś mi nie działa twoja konfiguracja.
Ale udało mi się dojść do alternatywnego rozwiązania:
rule_name=$(uci add network interface)
uci rename network.$rule_name='vpn'
uci set network.@interface[-1].device='br-vpn'
uci set network.@interface[-1].proto='static'
uci set network.@interface[-1].ipaddr='192.168.33.4'
uci set network.@interface[-1].netmask='255.255.255.0'
uci set network.@interface[-1].gateway='192.168.33.1'
uci add network device
uci set network.@device[-1].name='br-vpn'
uci set network.@device[-1].type='bridge'
uci add_list network.@device[-1].ports='eth0'
uci set network.wg0=interface
uci set network.wg0.proto='wireguard'
uci set network.wg0.private_key='xxx='
uci set network.wg0.dns='xxx'
uci add_list network.wg0.addresses='10.14.0.2/16'
uci add network wireguard_wg0
uci set network.@wireguard_wg0[-1].public_key='xxx='
uci set network.@wireguard_wg0[-1].route_allowed_ips='0'
uci add_list network.@wireguard_wg0[-1].allowed_ips='0.0.0.0/0'
uci set network.@wireguard_wg0[-1].endpoint_host='x.x.x.x'
uci set network.@wireguard_wg0[-1].endpoint_port='51820'
uci set network.@wireguard_wg0[-1].persistent_keepalive='25'
uci set network.@wireguard_wg0[-1].description='xxx'
uci add network rule
uci set network.@rule[-1].src='192.168.33.0/24'
uci set network.@rule[-1].lookup='allwg'
uci add network route
uci set network.@route[-1].target='0.0.0.0'
uci set network.@route[-1].netmask='0.0.0.0'
uci set network.@route[-1].table='allwg'
uci set network.@route[-1].interface='wg0'
uci add network route
uci set network.@route[-1].target='x.x.x.x' # taki jak endpoint_host, bez tego działa dokładnie co drugi ping
uci set network.@route[-1].netmask='255.255.255.255'
uci set network.@route[-1].gateway='192.168.33.1'
uci set network.@route[-1].table='allwg'
uci set network.@route[-1].interface='vpn'
uci add firewall zone
uci set firewall.@zone[-1].name='wg0'
uci set firewall.@zone[-1].network='wg0'
uci set firewall.@zone[-1].input='REJECT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='ACCEPT'
uci set firewall.@zone[-1].masq='1'
uci set firewall.@zone[-1].mtu_fix='1'
uci add firewall zone
uci set firewall.@zone[-1].name='vpn'
uci set firewall.@zone[-1].network='vpn'
uci set firewall.@zone[-1].input='ACCEPT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].forward='ACCEPT'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].dest='wg0'
uci add firewall forwarding
uci set firewall.@forwarding[-1].src='vpn'
uci set firewall.@forwarding[-1].dest='wg0'
uci set dhcp.lan.ignore=1
uci add dhcp dhcp
uci set dhcp.@dhcp[-1].interface='vpn'
uci set dhcp.@dhcp[-1].ignore='1'
echo '100 allwg' >> /etc/iproute2/rt_tables
echo 'ip route add 192.168.33.0/24 dev br-vpn scope link src 192.168.33.4 table allwg' > /etc/rc.local
echo 'exit 0' >> /etc/rc.localNiestety reguły z rc.local nie potrafię zapisać w configu - trudno, będę z tym żyć.