How to configure PBR in China

Hi,

My wireguard server is in my own country.
Recently I configured wireguard client interface on openwrt router in China.
I like to configure PBR on this openwrt router automatically to send data through wireguard interface in case of not China IP and send data through wan interface in case of China IP.
How can I configure PBR for the openwrt router to work like this?

Thanks in advance

  • Do you have the list of IPs by CIDR ranges that you wish to configure?

If not, there are a few sites that provide them. This is step 1.

I don't have the list for now.
It seems that there are a few of types of the list on the internet.
What type of the list is configurable in /etc/config/pbr?

And if I get the list, how do I configure in /etc/config/pbr?
should use "config include" right?

Please let me know how to configure in /etc/config/pbr and what type of the list is configurable in /etc/config/pbr.

Thanks for your reply

The pbr package doesn't have the built-in country targeting beyond the domain names (so you can easily set *.cn to go thru wan and everything else thru the wireguard tunnel), so you'd have to:

  1. Figure out how to source the list of all CIDRs for China, like @lleachii said
  2. Create a user script to download that list and add the CIDRs to an nft set (examples are bundled with the package)

I'm guessing @dibdot is using some sort of CIDR information for their net/banip package, so checking its sources might be useful.

Good luck in your endeavour.

1 Like