Novice user and linux noob here who wants to do the configuration in LUCI as much as possible.
First I thought, I need luci-app-pbr but then I saw that in Routing, I can create static routes and rules via custom tables. But to me, it looks like that those tables can't be created there. Am I wrong or where can I create a custom table?
I have one host that should go to the internet via a different gateway but also should reach some private IPs through another gateway, for which a route already exist.
Because it is only one host, installing luci-app-pbr seems overkill to me.
You don't have to create a custom table explicitly; it is created automatically once its numeric ID is mentioned anywhere.
For example, I have a separate WiFi interface that I would like to go through a WireGuard VPN.
Under Network > Interfaces, for that WiFi interface, I would click Edit, then go to Advanced Settings, then override the IPv4 routing table and set it to 4. This places the subnet route through this interface to routing table 4.
Then, I could add a default route through my WireGuard VPN also to table 4 by also setting it under Advanced Settings of the interface, but unfortunately, this doesn't work directly.
Fortunately, the situation is fixable by adding a route to 0.0.0.0 to table 4 explicitly under Network > Routing:
The real restriction here is that IP rules are managed by OpenWrt automatically behind the scenes (as described with the "Only interfaces using this table (via override) will use this route" help phrase), and you cannot edit them directly. EDIT: this is wrong, see the screenshot below.
Take special care when assigning the priority, as you have to consider the implicit rules added by netfd automatically and ensure that your rule is ordered correctly against them.
Thanks. So it looks like those routing tables exist only in RAM. What made me wonder is that "ip route show all" is not showing it, still it does work for me.
I made a rule to use my routing table for that one incoming interface. I guess it is almost the same as defining the routing table in that interface, like you did. I didn't and it is working.
Let's hope it will work "in production" and not only in my testing so far. Thanks again @patrakov .
The correct command to show routes in a particular table is:
root@gl-inet-main:~# ip route show table 4
default dev s2s proto static scope link src 192.168.13.1 metric 60
192.168.13.0/24 dev phy0-ap1 proto static scope link
The pbr app should show all enabled interfaces, but for WireGuard it does some special things.
If you use it as a wireguard client do not specify a listen port otherwise it will classify the wireguard interface as a server and will by default not show the interface.
You can customize this behaviour see the pbr read.me
Damn it, I (almost) knew it was a bad idea to only create one WG Interface for two peers, one of which is a internet-gateway. Thx.
I probably will start a new thread about PBR in the future, the Ignore gateway still makes no sense to me after reading the doc.
Yes, there is a bug in OpenWrt.It does not add a default route via WireGuard interfaces even if you tell it to. So, you have to add it manually (and you can see on my screenshot that I did it).
The question is how to add the default route through the WireGuard VPN to a non-main table or with a non-default metric See the Advanced Settings tab of the interface configuration, where one would normally find these settings, but from where they don't apply.
See the Advanced Settings tab of the interface configuration, where one would normally find these settings, but from where they don't apply.
