Hello ProtonVPN Support,

I am running ProtonVPN on an ASUS RT-AX86U router using Asuswrt-Merlin firmware. I would like to run multiple ProtonVPN WireGuard client profiles simultaneously and route different LAN clients through different ProtonVPN exits using Merlin’s VPN Director policy-routing feature.

The problem is that all of the ProtonVPN WireGuard configuration files generated for my account appear to use the same tunnel-side addresses:

Interface Address:
10.2.0.2/32

DNS:
10.2.0.1

When I enable multiple ProtonVPN WireGuard clients at the same time on the router, all clients show successful handshakes, but traffic does not route correctly. The router’s route tables end up associating the shared tunnel-side address 10.2.0.1 with only one WireGuard interface, so DNS and/or internal tunnel routing for the other WireGuard clients appears to collide.

For example, with multiple WireGuard clients enabled, several routing tables point 10.2.0.1 to wgc1, even when a LAN client is supposed to route through wgc5. When I disable all ProtonVPN WireGuard clients except one, the remaining client works correctly. In that state, 10.2.0.1 is routed through the active WireGuard interface and traffic passes normally.

This strongly suggests that the issue is not the WireGuard tunnel itself, but the fact that multiple ProtonVPN WireGuard profiles use the same internal tunnel address and DNS address when active on the same router.

Could ProtonVPN provide WireGuard configuration files suitable for simultaneous use on a single Linux/Asuswrt-Merlin router, with unique tunnel-side addresses per profile/device? For example, something like:

Profile 1:
Address = 10.2.0.2/32
DNS = 10.2.0.1

Profile 2:
Address = 10.2.1.2/32
DNS = 10.2.1.1

Profile 3:
Address = 10.2.2.2/32
DNS = 10.2.2.1

Or another supported configuration approach that avoids route collisions when multiple ProtonVPN WireGuard clients are active at the same time.

My goal is to use multiple ProtonVPN WireGuard exits simultaneously on one router, assigning different LAN clients or subnets to different ProtonVPN WireGuard clients via VPN Director. OpenVPN clients work in this role because their tunnel interfaces receive distinct addressing, but the WireGuard profiles collide because they reuse 10.2.0.2/32 and 10.2.0.1.

Please let me know whether ProtonVPN supports unique WireGuard tunnel addresses per profile/device, or whether simultaneous multiple WireGuard clients on a single router are unsupported with ProtonVPN-generated configs.

Thank you.