Hello. I'm trying to set up PBR. I've set up rules, but as you can see in the picture there is no default tunnel in my system and I don't know how to set it up. Can anyone help me?
That image shows PBR as 'stopped' . Once started it should show the default route .
It doesn't start. It started the first time I set it up, after that I rebooted my router and since then it hasn't started at all.
And I meant to say 'default gateway'.
Start it manually and check the log
How do I start the dafault gateway? Obviously, the PBR doesn't start because the default gateway is off.
What line do I add to /etc/config/network to make wireguard my default intarface?
It does look PBR is not running, PBR itself does not set a default gateway it should run even if there is no default gateway.
The usual default gateway is of course via the WAN if you want the WireGuard tunnel to take over then Enable Route Allowed IPs.
See the WireGuard Client Setup guide
Start with rebooting the router and then check again
It can help if you show us your configs, please connect to your OpenWRT device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button
Remember to redact keys, passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/firewall
ip route show
ip route show table all
ip rule show
wg show
service pbr reload
service pbr status
cat /var/run/pbr.nft
public key: xxxxxxxxxxxxxxxxxxxxxxxx
private key: (hidden)
listening port: 51820
peer: xxxxxxxxxxxxxxxxxxxxxxxxxxx
preshared key: (hidden)
endpoint: xxxxxxxxxxxxxxxxxxxx
allowed ips: 0.0.0.0/0
latest handshake: 2 minutes, 36 seconds ago
transfer: 1.36 MiB received, 16.98 MiB sent
persistent keepalive: every 20 seconds
root@OpenWrt:~# service pbr reload
Using wan interface (on_start): wan [✓]
Setting interface trigger for wan [✓]
Setting interface trigger for wg0 [✓]
ERROR: The pbr 1.1.8-r10 service failed to discover WAN gateway!
WARNING: Please set 'dhcp.lan.force=1' to speed up service start-up.
root@OpenWrt:~# service pbr status
pbr - environment
pbr 1.1.8-r10 running on OpenWrt 24.10.0.
Dnsmasq version 2.90 Copyright (c) 2000-2024 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack no-ipset nftset auth cryptohash DNSSEC no-ID loop-detect inotify dumpfile
pbr chains - policies
chain pbr_forward { # handle 37
}
chain pbr_input { # handle 38
}
chain pbr_output { # handle 39
}
chain pbr_postrouting { # handle 41
}
chain pbr_prerouting { # handle 40
}
chain pbr_dstnat { # handle 36
}
pbr chains - marking
pbr nft sets
pbr tables & routing
Without the requested information it is just wild guessing but my wild guess, this is not a gateway router but an AP?
Look a bit above, there IS requested information.
It's not a gateway router
ERROR: The pbr 1.1.8-r10 service failed to discover WAN gateway!
That's what it writes.
Unless you have taken steps to change it 'wan' should be the default . Go to cli and type 'ip route' and you should see it.
It says that the default device is wg0, and that's exactly what I need. But still it doesn't launch.
I would supply the info that EGC requested since its all guess work otherwise. I have 3 wireguard interfaces one of which is the default route and I have no entries under 'LUCI -> Routing' and PBR is working fine .
public key: xxxxxxxxxxxxxxxxxxxxxxxx
private key: (hidden)
listening port: 51820
peer: xxxxxxxxxxxxxxxxxxxxxxxxxxx
preshared key: (hidden)
endpoint: xxxxxxxxxxxxxxxxxxxx
allowed ips: 0.0.0.0/0
latest handshake: 2 minutes, 36 seconds ago
transfer: 1.36 MiB received, 16.98 MiB sent
persistent keepalive: every 20 seconds
root@OpenWrt:~# service pbr reload
Using wan interface (on_start): wan [✓]
Setting interface trigger for wan [✓]
Setting interface trigger for wg0 [✓]
ERROR: The pbr 1.1.8-r10 service failed to discover WAN gateway!
WARNING: Please set 'dhcp.lan.force=1' to speed up service start-up.
root@OpenWrt:~# service pbr status
pbr - environment
pbr 1.1.8-r10 running on OpenWrt 24.10.0.
Dnsmasq version 2.90 Copyright (c) 2000-2024 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack no-ipset nftset auth cryptohash DNSSEC no-ID loop-detect inotify dumpfile
pbr chains - policies
chain pbr_forward { # handle 37
}
chain pbr_input { # handle 38
}
chain pbr_output { # handle 39
}
chain pbr_postrouting { # handle 41
}
chain pbr_prerouting { # handle 40
}
chain pbr_dstnat { # handle 36
}
pbr chains - marking
pbr nft sets
pbr tables & routing
And I am on 23.05.5 so perhaps thing look a little different on 24.10.n
Hard to tell what is the cause of your problem if you only show the problem and not say how you setup your router. There is no detective here.
1 Like
I have two routers. One is linked to the internet, and this one is connected with that router and uses it as a gateway. The DHCP server is installed on the router with OpenWrt.