Untangle: Bypass Wireguard VPN Traffic
Scenario
- Two Untangle firewalls connected using site-to-site VPN (Wireguard)
- Can also be used to bypass any VPN traffic
- Adding QoS rule
Steps (Site-to-Site):
- Create the following bypass rules on both Untangle devices
- In this example, 192.168.1.11 is the SQL server
Reference:
How to set up QoS for Bandwidth Control
How To Create A QoS Rule For An IP Or Specific Port
Regarding the QoS configurations, since the traffic is bypassed you'll need to use QoS Rules under Config>Network>Advanced>QoS>QoS Rules instead of the Bandwidth Control App.
As far as the rules are concerned, you'll want two rules on each machine with the priority set to Very High:
-One using 'Source Address=<remote_network>' - This can be specific IP or range (i.e. 192.168.1.0/24)
-The second using 'Destination Address=<remote_network>' - This can be specific IP or range (i.e. 192.168.1.0/24)
With both of those rules in place on both appliances, traffic coming from and going to either end of the tunnel will be prioritized Very Highly.
1) You can add a "Source Address=" and "Destination Address=" condition for each rule if you'd like, but it complicates things. I'd recommend building your rules like I described above unless there's a specific reason to use both conditions in each rule.
2) You will not need to reboot any of your machines once these changes are made.
3) Any time you save under Config>Network it restarts the network stack which can cause brief disruptions to the network.