good morning,
and tried to make some changes in Openwrt to get more speed of downloading and uploading data.
I have not made any changes in the interfaces of my vpn clients, but somehow now the routing to my vpn clients does not work, could someone tell me if it happens or has happened?
Did you miss a part of your sentence?
Has what happened/does what happens?
Excuse me for not explaining myself very well, I don't speak or write English very well, so he helped me with a translator. I hope I can explain myself better.
I have 3 VPN Clients on my system.
tun0- NordVpn
tun1- NordVpn
wgclient- Wireguard Client.
I route these interfaces with PBR. Until x time this worked perfectly, but today I had an error in PBR and I do a restart of PBR and when doing a test that whatsismyipadress the routing does not work.
I don't know how to explain it very well
1 Like
I need help to reconfigure my Vpnclient.
Routing through PBR to interfaces, but it doesn't work. I have everything configured that I knew how to do until now, but at this moment I don't know how to solve the problem.
Can someone help me review what may be wrong? I do not want to touch more, so as not to misalign more things
You haven't provided any configs.
- What was the error?
- What was changed?
- Do you have a backup of your config?
3 Likes
-
What was the error?
the error now no longer appears. Put some iptables, but when you restart, it went away, now in PBR I don't get any error. But when doing the Policy and sending an ip to an interface, for example tun0, it does not take it into account. -
What was changed?
What I did was follow this step to see if I could get more speed on the FritzBox 4040:
-Enable "Software flow offloading" in Network -> Firewall -> Routing/NAT Offloading
Add the following line to System -> Startup -> Local Startup before 'exit 0'
echo performance > /sys/devices/system/cpu/cpufreq/policy0/scaling_governor
Disable SQM QoS if you are using it!
Install the irqbalance package. System -> Software -> Filter irqbalance -> Install
Reboot your FritzBox. -
Do you have a backup of your config?
I have, but when uploading the .tar file generated in Openwrt, I get this message:
The uploaded backup archive is not readable
1 Like
They're just text files inside.
1 Like
I'm very new to all this and I don't have much idea, that's why I ask so much help for the forum
I don't know very well how I can upload the backup. I saw the folder inside the .tar file.
which surprises me, that routing from PBR to interfaces has always worked well for me, but now even with the policy it doesn't work
root@Home:~# ubus call system board; \
> uci export network; uci export wireless; \
> uci export dhcp; uci export firewall; \
> uci export vpn-policy-routing; \
> head -n -0 /etc/firewall.user; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
> ls -l /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*
{
"kernel": "4.14.171",
"hostname": "Home",
"system": "ARMv7 Processor rev 5 (v7l)",
"model": "AVM FRITZ!Box 4040",
"board_name": "avm,fritzbox-4040",
"release": {
"distribution": "OpenWrt",
"version": "19.07.2",
"revision": "r10947-65030d81f3",
"target": "ipq40xx/generic",
"description": "OpenWrt 19.07.2 r10947-65030d81f3"
}
}
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd91:31ed:87d2::/48'
config interface 'lan'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.15.1'
option ifname 'eth0'
config interface 'wan'
option ifname 'eth1'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.10.10'
option gateway '192.168.10.1'
option metric '0'
list dns '192.168.10.1'
config interface 'wan6'
option ifname 'eth1'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '0 1 2 3 4'
config interface 'wifi'
option ifname 'radio0.network1 radio1.network1'
option type 'bridge'
option proto 'dhcp'
config interface 'wg0'
option proto 'wireguard'
option private_key
option listen_port '52466'
list addresses '10.0.0.1/24'
config wireguard_wg0
option public_key
option description
option persistent_keepalive '25'
list allowed_ips '10.0.0.2'
option endpoint_host
option endpoint_port '52466'
option route_allowed_ips '1'
config wireguard_wg0
option public_key
option description
option persistent_keepalive '25'
option endpoint_port '52466'
list allowed_ips '10.0.0.3'
option route_allowed_ips '1'
option endpoint_host
config interface 'VpnClient2'
option ifname 'tun1'
option proto 'none'
config interface 'wgclient0'
option proto 'wireguard'
option private_key
option listen_port '51820'
list addresses '10.66.126.50/32'
config wireguard_wgclient0
option public_key
option description
option persistent_keepalive '25'
list allowed_ips '0.0.0.0/1'
list allowed_ips '128.0.0.0/1'
option endpoint_host
option endpoint_port '51820'
config interface 'vpnclient'
option ifname 'tun0'
option proto 'none'
package wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11g'
option path 'platform/soc/a000000.wifi'
option htmode 'HT20'
option channel '11'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid
option encryption 'psk-mixed'
option key
config wifi-device 'radio1'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'platform/soc/a800000.wifi'
option htmode 'VHT80'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid
option encryption 'psk-mixed'
option key
package dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
option confdir '/tmp/dnsmasq.d'
config dhcp 'lan'
option interface 'lan'
option leasetime '12h'
option start '100'
option limit '150'
option ra 'server'
option dhcpv6 'server'
option ra_management '1'
list dhcp_option '6,8.8.8.8,8.8.4.4'
list dns '2001:4860:4860::8888'
list dns '2001:4860:4860::8844'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'wifi'
option leasetime '12h'
option interface 'wifi'
option start '150'
option limit '100'
config host
option mac
option name
option dns '1'
option ip '192.168.15.2'
config host
option mac
option name
option dns '1'
option ip '192.168.15.3'
config host
option mac
option name
option dns '1'
option ip '192.168.15.4'
config host
option mac
option name
option dns '1'
option ip '192.168.15.5'
config host
option mac
option name
option dns '1'
option ip '192.168.15.6'
config host
option name
option dns '1'
option mac
option ip '192.168.15.7'
config host
option mac
option name
option dns '1'
option ip '192.168.15.8'
config host
option mac
option name
option dns '1'
option ip '192.168.15.9'
config host
option mac
option name
option dns '1'
option ip '192.168.15.10'
config host
option mac
option dns '1'
option name
option ip '192.168.15.11'
config host
option name
option dns '1'
option ip '192.168.15.12'
option mac
config host
option dns '1'
option ip '192.168.15.13'
option mac
option name
config host
option name
option dns '1'
option ip '192.168.15.14'
option mac
config host
option mac
option name
option dns '1'
option ip '192.168.15.15'
config host
option mac
option name
option dns '1'
option ip '192.168.15.16'
config host
option mac
option name
option dns '1'
option ip '192.168.15.17'
config host
option mac
option name
option dns '1'
option ip '192.168.15.18'
config host
option mac
option name
option dns '1'
option ip '192.168.15.19'
config host
option mac
option name
option dns '1'
option ip '192.168.15.20'
config host
option mac
option name
option dns '1'
option ip '192.168.15.21'
config host
option mac
option name
option dns '1'
option ip '192.168.15.22'
config host
option mac
option name
option dns '1'
option ip '192.168.15.23'
package firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option synflood_protect '1'
option flow_offloading '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan wg0'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
option input 'ACCEPT'
option forward 'ACCEPT'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'wifi'
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
option network 'wifi'
config forwarding
option dest 'wan'
option src 'wifi'
config zone
option mtu_fix '1'
option masq '1'
option output 'ACCEPT'
option input 'REJECT'
option forward 'REJECT'
option name 'VpnClient'
option network 'vpnclient'
config forwarding
option src 'lan'
option dest 'VpnClient'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config zone
option network 'VpnClient2'
option name 'VpnClient2'
option mtu_fix '1'
option input 'REJECT'
option forward 'REJECT'
option masq '1'
option output 'ACCEPT'
config forwarding
option dest 'VpnClient2'
option src 'lan'
config zone
option name 'wgclient'
option mtu_fix '1'
option input 'REJECT'
option forward 'REJECT'
option masq '1'
option output 'ACCEPT'
option network 'wgclient0'
config forwarding
option dest 'wgclient'
option src 'lan'
package vpn-policy-routing
config include
option path '/etc/vpn-policy-routing.aws.user'
option enabled '0'
config include
option path '/etc/vpn-policy-routing.netflix.user'
option enabled '0'
config vpn-policy-routing 'config'
option verbosity '2'
option strict_enforcement '1'
option dest_ipset 'dnsmasq.ipset'
option boot_timeout '30'
option iptables_rule_option 'append'
option webui_sorting '1'
list webui_supported_protocol 'tcp'
list webui_supported_protocol 'udp'
list webui_supported_protocol 'tcp udp'
list webui_supported_protocol 'icmp'
list webui_supported_protocol 'all'
option src_ipset '0'
option webui_enable_column '1'
option webui_protocol_column '1'
option webui_chain_column '1'
option ipv6_enabled '0'
list ignored_interface 'vpnserver wgserver'
list ignored_interface 'wg0'
list supported_interface 'vpnclient'
option append_src_rules '! -d 10.0.0.0/24'
option iprule_enabled '0'
option enabled '1'
config policy
option name
option src_addr '192.168.15.4'
option interface 'wgclient0'
config policy
option name
option src_addr '192.168.15.8'
option interface 'vpnclient'
config policy
option name
option src_addr '192.168.15.5'
option interface 'vpnclient'
config policy
option name
option src_addr '192.168.15.10'
option interface 'VpnClient2'
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
inet 192.168.10.10/24 brd 192.168.10.255 scope global eth1
valid_lft forever preferred_lft forever
8: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.15.1/24 brd 192.168.15.255 scope global br-lan
valid_lft forever preferred_lft forever
9: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN qlen 1000
inet 10.0.0.1/24 brd 10.0.0.255 scope global wg0
valid_lft forever preferred_lft forever
10: wgclient0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN qlen 1000
inet 10.66.126.50/32 brd 255.255.255.255 scope global wgclient0
valid_lft forever preferred_lft forever
14: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 100
inet 10.8.3.12/24 brd 10.8.3.255 scope global tun1
valid_lft forever preferred_lft forever
15: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 100
inet 10.8.2.10/24 brd 10.8.2.255 scope global tun0
valid_lft forever preferred_lft forever
default via 192.168.10.1 dev eth1 table 201
default via 10.8.3.12 dev tun1 table 202
default via 10.66.126.50 dev wgclient0 table 203
default via 10.8.2.10 dev tun0 table 204
default via 192.168.10.1 dev eth1
10.0.0.0/24 dev wg0 scope link src 10.0.0.1
10.0.0.2 dev wg0 scope link
10.0.0.3 dev wg0 scope link
10.8.2.0/24 dev tun0 scope link src 10.8.2.10
10.8.3.0/24 dev tun1 scope link src 10.8.3.12
31.16.42.117 via 192.168.10.1 dev eth1
192.168.10.0/24 dev eth1 scope link src 192.168.10.10
192.168.15.0/24 dev br-lan scope link src 192.168.15.1
193.27.14.146 via 192.168.10.1 dev eth1
broadcast 10.0.0.0 dev wg0 table local scope link src 10.0.0.1
local 10.0.0.1 dev wg0 table local scope host src 10.0.0.1
broadcast 10.0.0.255 dev wg0 table local scope link src 10.0.0.1
broadcast 10.8.2.0 dev tun0 table local scope link src 10.8.2.10
local 10.8.2.10 dev tun0 table local scope host src 10.8.2.10
broadcast 10.8.2.255 dev tun0 table local scope link src 10.8.2.10
broadcast 10.8.3.0 dev tun1 table local scope link src 10.8.3.12
local 10.8.3.12 dev tun1 table local scope host src 10.8.3.12
broadcast 10.8.3.255 dev tun1 table local scope link src 10.8.3.12
local 10.66.126.50 dev wgclient0 table local scope host src 10.66.126.50
broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
local 127.0.0.1 dev lo table local scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
broadcast 192.168.10.0 dev eth1 table local scope link src 192.168.10.10
local 192.168.10.10 dev eth1 table local scope host src 192.168.10.10
broadcast 192.168.10.255 dev eth1 table local scope link src 192.168.10.10
broadcast 192.168.15.0 dev br-lan table local scope link src 192.168.15.1
local 192.168.15.1 dev br-lan table local scope host src 192.168.15.1
broadcast 192.168.15.255 dev br-lan table local scope link src 192.168.15.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
lrwxrwxrwx 1 root root 16 Feb 27 22:05 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 32 Aug 17 18:27 /tmp/resolv.conf
-rw-r--r-- 1 root root 40 Aug 17 18:23 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf.auto <==
# Interface wan
nameserver 192.168.10.1
If you've recently upgraded BusyBox, check out this thread:
3 Likes
I don't really know how to reinstall the file.
What I did was delete this file and reinstalled it: coreutils-sort, but my problem remains
If I put this in the ssh it reinstalls
opkg update; opkg --force-reinstall install coreutils-sort
1 Like
good morning,
Unfortunately this step has not helped me on my FritzBox 4040.
At least I know now that it wasn't my fault that my routing from PBR to my VpnClient interfaces was my fault, because I was going crazy and desperate
Try this:
opkg update; opkg --force-reinstall install ip-full
3 Likes
Thank you very much for the help!!
They do an incredible job on this forum!
Everything seems to be working perfectly again
2 Likes
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.