i have openwrt router which i have install openvpn, however it is connecting and working very well, but i do have a problem.
all my devices that are connected to my lan port and wifi are showing one vpn ip address location. i want to be able assign openvpn client connection for each location, per local ip address(Example i have vpn location Tokyo, Hongkong and Germany) But i want device 1 - 192.168.16.2 connect to Tokyo, 2- 192.168.16.3 - connect to Hongkong, 3 -192.168.16.4 - connect Germany, all in one lan port or subnet.
PBR package is not suitable for my situation.
The pragmatic solution for this use case would be running the VPN client on the individual systems, instead of on the router. While pbr does allow this on the router as well, that is not so convenient for very dynamic changes.
I fully agree with the former speaker we can review you config to see what is possible with PBR in your case.
Please connect to your OpenWRT device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact keys, passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
ip route show
ip route show table all
ip rule show
cat /etc/config/pbr
/etc/init.d/pbr status
uci set pbr.config.verbosity='2
uci commit pbr
/etc/init.d/pbr reload
/etc/init.d/pbr status
If you use WireGuard:
wg show
If you use openvpn:
for ovpn in $(ls /etc/openvpn/*.ovpn);do echo $ovpn; cat $ovpn; echo;done
logread | grep openvpn
The exit point is decided by your VPN provider, you cannot force it locally. So, either you have one VPN connection for each exit point, or you ask your provider to distribute the traffic for you.
default via 192.168.0.1 dev wan proto static src 192.168.0.126 metric 10
default via 192.168.100.1 dev usb0 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 proto kernel scope link src 172.16.30.1 linkdown
192.168.0.0/24 dev wan proto static scope link metric 10
192.168.100.0/24 dev usb0 proto static scope link metric 20
ip route show table all
default via 192.168.0.1 dev wan table pbr_wan
default via 192.168.100.1 dev usb0 table pbr_wan proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_wan proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_wan proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_wan proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_wan proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_wan proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_wan proto static scope link metric 20
unreachable default table pbr_vtun0
default via 192.168.100.1 dev usb0 table pbr_vtun0 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun0 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun0 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun0 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun0 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun0 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun0 proto static scope link metric 20
default via 192.168.0.1 dev wan table 1 proto static src 192.168.0.126 metric 10
110.110.120.0/24 dev br-wireless table 1 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table 1 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table 1 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table 1 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table 1 proto kernel scope link src 172.16.30.1 linkdown
192.168.0.0/24 dev wan table 1 proto static scope link metric 10
192.168.100.0/24 dev usb0 table 1 proto static scope link metric 20
unreachable default table pbr_vtun1
default via 192.168.100.1 dev usb0 table pbr_vtun1 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun1 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun1 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun1 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun1 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun1 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun1 proto static scope link metric 20
unreachable default table pbr_vtun2
default via 192.168.100.1 dev usb0 table pbr_vtun2 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun2 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun2 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun2 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun2 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun2 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun2 proto static scope link metric 20
unreachable default table pbr_vtun3
default via 192.168.100.1 dev usb0 table pbr_vtun3 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun3 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun3 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun3 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun3 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun3 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun3 proto static scope link metric 20
unreachable default table pbr_vtun4
default via 192.168.100.1 dev usb0 table pbr_vtun4 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun4 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun4 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun4 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun4 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun4 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun4 proto static scope link metric 20
unreachable default table pbr_vtun5
default via 192.168.100.1 dev usb0 table pbr_vtun5 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun5 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun5 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun5 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun5 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun5 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun5 proto static scope link metric 20
unreachable default table pbr_vtun6
default via 192.168.100.1 dev usb0 table pbr_vtun6 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun6 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun6 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun6 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun6 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun6 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun6 proto static scope link metric 20
unreachable default table pbr_vtun7
default via 192.168.100.1 dev usb0 table pbr_vtun7 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun7 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun7 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun7 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun7 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun7 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun7 proto static scope link metric 20
unreachable default table pbr_vtun8
default via 192.168.100.1 dev usb0 table pbr_vtun8 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun8 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun8 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun8 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun8 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun8 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun8 proto static scope link metric 20
unreachable default table pbr_vtun9
default via 192.168.100.1 dev usb0 table pbr_vtun9 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun9 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun9 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun9 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun9 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun9 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun9 proto static scope link metric 20
unreachable default table pbr_vtun10
default via 192.168.100.1 dev usb0 table pbr_vtun10 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun10 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun10 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun10 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun10 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun10 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun10 proto static scope link metric 20
unreachable default table pbr_vtun11
default via 192.168.100.1 dev usb0 table pbr_vtun11 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun11 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun11 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun11 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun11 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun11 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun11 proto static scope link metric 20
unreachable default table pbr_vtun12
default via 192.168.100.1 dev usb0 table pbr_vtun12 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun12 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun12 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun12 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun12 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun12 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun12 proto static scope link metric 20
unreachable default table pbr_vtun13
default via 192.168.100.1 dev usb0 table pbr_vtun13 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun13 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun13 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun13 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun13 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun13 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun13 proto static scope link metric 20
unreachable default table pbr_vtun14
default via 192.168.100.1 dev usb0 table pbr_vtun14 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun14 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun14 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun14 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun14 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun14 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun14 proto static scope link metric 20
unreachable default table pbr_vtun15
default via 192.168.100.1 dev usb0 table pbr_vtun15 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun15 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun15 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun15 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun15 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun15 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun15 proto static scope link metric 20
unreachable default table pbr_vtun16
default via 192.168.100.1 dev usb0 table pbr_vtun16 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun16 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun16 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun16 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun16 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun16 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun16 proto static scope link metric 20
unreachable default table pbr_vtun17
default via 192.168.100.1 dev usb0 table pbr_vtun17 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun17 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun17 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun17 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun17 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun17 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun17 proto static scope link metric 20
unreachable default table pbr_vtun18
default via 192.168.100.1 dev usb0 table pbr_vtun18 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun18 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun18 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun18 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun18 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun18 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun18 proto static scope link metric 20
unreachable default table pbr_vtun19
default via 192.168.100.1 dev usb0 table pbr_vtun19 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun19 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun19 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun19 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun19 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun19 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun19 proto static scope link metric 20
unreachable default table pbr_vtun20
default via 192.168.100.1 dev usb0 table pbr_vtun20 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun20 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun20 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun20 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun20 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun20 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun20 proto static scope link metric 20
unreachable default table pbr_vtun21
default via 192.168.100.1 dev usb0 table pbr_vtun21 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun21 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun21 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun21 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun21 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun21 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun21 proto static scope link metric 20
unreachable default table pbr_vtun22
default via 192.168.100.1 dev usb0 table pbr_vtun22 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun22 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun22 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun22 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun22 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun22 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun22 proto static scope link metric 20
unreachable default table pbr_vtun23
default via 192.168.100.1 dev usb0 table pbr_vtun23 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun23 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun23 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun23 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun23 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun23 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun23 proto static scope link metric 20
unreachable default table pbr_vtun24
default via 192.168.100.1 dev usb0 table pbr_vtun24 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun24 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun24 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun24 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun24 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun24 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun24 proto static scope link metric 20
unreachable default table pbr_vtun25
default via 192.168.100.1 dev usb0 table pbr_vtun25 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun25 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun25 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun25 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun25 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun25 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun25 proto static scope link metric 20
unreachable default table pbr_vtun26
default via 192.168.100.1 dev usb0 table pbr_vtun26 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun26 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun26 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun26 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun26 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun26 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun26 proto static scope link metric 20
unreachable default table pbr_vtun27
default via 192.168.100.1 dev usb0 table pbr_vtun27 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun27 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun27 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun27 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun27 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun27 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun27 proto static scope link metric 20
unreachable default table pbr_vtun28
default via 192.168.100.1 dev usb0 table pbr_vtun28 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun28 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun28 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun28 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun28 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun28 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun28 proto static scope link metric 20
unreachable default table pbr_vtun29
default via 192.168.100.1 dev usb0 table pbr_vtun29 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun29 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun29 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun29 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun29 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun29 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun29 proto static scope link metric 20
unreachable default table pbr_vtun30
default via 192.168.100.1 dev usb0 table pbr_vtun30 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_vtun30 proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_vtun30 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_vtun30 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_vtun30 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_vtun30 proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_vtun30 proto static scope link metric 20
default via 192.168.100.1 dev usb0 table pbr_usbmodem
default via 192.168.100.1 dev usb0 table pbr_usbmodem proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless table pbr_usbmodem proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 table pbr_usbmodem proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 table pbr_usbmodem proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 table pbr_usbmodem proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 table pbr_usbmodem proto kernel scope link src 172.16.30.1 linkdown
192.168.100.0/24 dev usb0 table pbr_usbmodem proto static scope link metric 20
default via 192.168.0.1 dev wan proto static src 192.168.0.126 metric 10
default via 192.168.100.1 dev usb0 proto static src 192.168.100.236 metric 20
110.110.120.0/24 dev br-wireless proto kernel scope link src 110.110.120.1
162.16.1.0/24 dev lan4 proto kernel scope link src 162.16.1.1
172.16.10.0/24 dev lan1 proto kernel scope link src 172.16.10.1 linkdown
172.16.20.0/24 dev lan2 proto kernel scope link src 172.16.20.1 linkdown
172.16.30.0/24 dev lan3 proto kernel scope link src 172.16.30.1 linkdown
192.168.0.0/24 dev wan proto static scope link metric 10
192.168.100.0/24 dev usb0 proto static scope link metric 20
local 110.110.120.1 dev br-wireless table local proto kernel scope host src 110.110.120.1
broadcast 110.110.120.255 dev br-wireless table local proto kernel scope link src 110.110.120.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
local 162.16.1.1 dev lan4 table local proto kernel scope host src 162.16.1.1
broadcast 162.16.1.255 dev lan4 table local proto kernel scope link src 162.16.1.1
local 172.16.10.1 dev lan1 table local proto kernel scope host src 172.16.10.1
broadcast 172.16.10.255 dev lan1 table local proto kernel scope link src 172.16.10.1 linkdown
local 172.16.20.1 dev lan2 table local proto kernel scope host src 172.16.20.1
broadcast 172.16.20.255 dev lan2 table local proto kernel scope link src 172.16.20.1 linkdown
local 172.16.30.1 dev lan3 table local proto kernel scope host src 172.16.30.1
broadcast 172.16.30.255 dev lan3 table local proto kernel scope link src 172.16.30.1 linkdown
local 192.168.0.126 dev wan table local proto kernel scope host src 192.168.0.126
broadcast 192.168.0.255 dev wan table local proto kernel scope link src 192.168.0.126
local 192.168.100.236 dev usb0 table local proto kernel scope host src 192.168.100.236
broadcast 192.168.100.255 dev usb0 table local proto kernel scope link src 192.168.100.236
unreachable default dev lo table pbr_wan metric 1024 pref medium
unreachable default dev lo table pbr_vtun0 metric 1024 pref medium
unreachable default dev lo table pbr_vtun1 metric 1024 pref medium
unreachable default dev lo table pbr_vtun2 metric 1024 pref medium
unreachable default dev lo table pbr_vtun3 metric 1024 pref medium
unreachable default dev lo table pbr_vtun4 metric 1024 pref medium
unreachable default dev lo table pbr_vtun5 metric 1024 pref medium
unreachable default dev lo table pbr_vtun6 metric 1024 pref medium
unreachable default dev lo table pbr_vtun7 metric 1024 pref medium
unreachable default dev lo table pbr_vtun8 metric 1024 pref medium
unreachable default dev lo table pbr_vtun9 metric 1024 pref medium
unreachable default dev lo table pbr_vtun10 metric 1024 pref medium
unreachable default dev lo table pbr_vtun11 metric 1024 pref medium
unreachable default dev lo table pbr_vtun12 metric 1024 pref medium
unreachable default dev lo table pbr_vtun13 metric 1024 pref medium
unreachable default dev lo table pbr_vtun14 metric 1024 pref medium
unreachable default dev lo table pbr_vtun15 metric 1024 pref medium
unreachable default dev lo table pbr_vtun16 metric 1024 pref medium
unreachable default dev lo table pbr_vtun17 metric 1024 pref medium
unreachable default dev lo table pbr_vtun18 metric 1024 pref medium
unreachable default dev lo table pbr_vtun19 metric 1024 pref medium
unreachable default dev lo table pbr_vtun20 metric 1024 pref medium
unreachable default dev lo table pbr_vtun21 metric 1024 pref medium
unreachable default dev lo table pbr_vtun22 metric 1024 pref medium
unreachable default dev lo table pbr_vtun23 metric 1024 pref medium
unreachable default dev lo table pbr_vtun24 metric 1024 pref medium
unreachable default dev lo table pbr_vtun25 metric 1024 pref medium
unreachable default dev lo table pbr_vtun26 metric 1024 pref medium
unreachable default dev lo table pbr_vtun27 metric 1024 pref medium
unreachable default dev lo table pbr_vtun28 metric 1024 pref medium
unreachable default dev lo table pbr_vtun29 metric 1024 pref medium
unreachable default dev lo table pbr_vtun30 metric 1024 pref medium
unreachable default dev lo table pbr_usbmodem metric 1024 pref medium
fda4:871b:e22f:50::/64 dev br-wireless proto static metric 1024 pref medium
unreachable fda4:871b:e22f::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev wan proto kernel metric 256 pref medium
fe80::/64 dev usb0 proto kernel metric 256 pref medium
fe80::/64 dev phy1-ap0 proto kernel metric 256 pref medium
fe80::/64 dev phy0-ap0 proto kernel metric 256 pref medium
fe80::/64 dev br-wireless proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
anycast fda4:871b:e22f:50:: dev br-wireless table local proto kernel metric 0 pref medium
local fda4:871b:e22f:50::1 dev br-wireless table local proto kernel metric 0 pref medium
anycast fe80:: dev eth0 table local proto kernel metric 0 pref medium
anycast fe80:: dev wan table local proto kernel metric 0 pref medium
anycast fe80:: dev usb0 table local proto kernel metric 0 pref medium
anycast fe80:: dev phy1-ap0 table local proto kernel metric 0 pref medium
anycast fe80:: dev phy0-ap0 table local proto kernel metric 0 pref medium
anycast fe80:: dev br-wireless table local proto kernel metric 0 pref medium
local fe80::53:52ff:fe04:3232 dev usb0 table local proto kernel metric 0 pref medium
local fe80::6038:e0ff:feb7:2e28 dev wan table local proto kernel metric 0 pref medium
local fe80::6238:e0ff:feb7:2e28 dev eth0 table local proto kernel metric 0 pref medium
local fe80::6238:e0ff:feb7:2e29 dev phy1-ap0 table local proto kernel metric 0 pref medium
local fe80::6238:e0ff:feb7:2e2a dev phy0-ap0 table local proto kernel metric 0 pref medium
local fe80::6238:e0ff:feb7:2e2a dev br-wireless table local proto kernel metric 0 pref medium
multicast ff00::/8 dev eth0 table local proto kernel metric 256 pref medium
multicast ff00::/8 dev wan table local proto kernel metric 256 pref medium
multicast ff00::/8 dev usb0 table local proto kernel metric 256 pref medium
multicast ff00::/8 dev phy1-ap0 table local proto kernel metric 256 pref medium
multicast ff00::/8 dev phy0-ap0 table local proto kernel metric 256 pref medium
multicast ff00::/8 dev br-wireless table local proto kernel metric 256 pref medium
0: from all lookup local
1001: from all iif wan lookup 1
2001: from all fwmark 0x100/0x3f00 lookup 1
2061: from all fwmark 0x3d00/0x3f00 blackhole
2062: from all fwmark 0x3e00/0x3f00 unreachable
3001: from all fwmark 0x100/0x3f00 unreachable
30000: from all fwmark 0x10000/0xff0000 lookup pbr_wan
30001: from all fwmark 0x20000/0xff0000 lookup pbr_vtun0
30002: from all fwmark 0x30000/0xff0000 lookup pbr_vtun1
30003: from all fwmark 0x40000/0xff0000 lookup pbr_vtun2
30004: from all fwmark 0x50000/0xff0000 lookup pbr_vtun3
30005: from all fwmark 0x60000/0xff0000 lookup pbr_vtun4
30006: from all fwmark 0x70000/0xff0000 lookup pbr_vtun5
30007: from all fwmark 0x80000/0xff0000 lookup pbr_vtun6
30008: from all fwmark 0x90000/0xff0000 lookup pbr_vtun7
30009: from all fwmark 0xa0000/0xff0000 lookup pbr_vtun8
30010: from all fwmark 0xb0000/0xff0000 lookup pbr_vtun9
30011: from all fwmark 0xc0000/0xff0000 lookup pbr_vtun10
30012: from all fwmark 0xd0000/0xff0000 lookup pbr_vtun11
30013: from all fwmark 0xe0000/0xff0000 lookup pbr_vtun12
30014: from all fwmark 0xf0000/0xff0000 lookup pbr_vtun13
30015: from all fwmark 0x100000/0xff0000 lookup pbr_vtun14
30016: from all fwmark 0x110000/0xff0000 lookup pbr_vtun15
30017: from all fwmark 0x120000/0xff0000 lookup pbr_vtun16
30018: from all fwmark 0x130000/0xff0000 lookup pbr_vtun17
30019: from all fwmark 0x140000/0xff0000 lookup pbr_vtun18
30020: from all fwmark 0x150000/0xff0000 lookup pbr_vtun19
30021: from all fwmark 0x160000/0xff0000 lookup pbr_vtun20
30022: from all fwmark 0x170000/0xff0000 lookup pbr_vtun21
30023: from all fwmark 0x180000/0xff0000 lookup pbr_vtun22
30024: from all fwmark 0x190000/0xff0000 lookup pbr_vtun23
30025: from all fwmark 0x1a0000/0xff0000 lookup pbr_vtun24
30026: from all fwmark 0x1b0000/0xff0000 lookup pbr_vtun25
30027: from all fwmark 0x1c0000/0xff0000 lookup pbr_vtun26
30028: from all fwmark 0x1d0000/0xff0000 lookup pbr_vtun27
30029: from all fwmark 0x1e0000/0xff0000 lookup pbr_vtun28
30030: from all fwmark 0x1f0000/0xff0000 lookup pbr_vtun29
30031: from all fwmark 0x200000/0xff0000 lookup pbr_vtun30
30032: from all fwmark 0x210000/0xff0000 lookup pbr_usbmodem
32766: from all lookup main
32767: from all lookup default
To be honest there seems to be a lot of "unusual" settings in your setup.
You use non private IP address for your subnets.
You have 30 (yes thirty) tun interfaces defined ??
There are a firewall rules which I have serious doubts about.
Although I am not a VLAN expert it looks very different than what I know about DSA setup: https://openwrt.org/docs/guide-user/network/dsa/dsa-mini-tutorial
Frankly it is too much and also above my pay grade but I would consider a fresh start and first read up on the respective subjects.
About PBR, you have only one VPN tunnel/config which is not even connected with a tun interface (you need to use (dev tunX ) where X is the number of the interface you want to associate with)
For PBR you need multiple tunnels to different locations and use PBR to associate a client IP address or interface with a specific tunnel.
Make sure you do not add a default route via the tunnel so delete:
But add pull-filter ignore "redirect-gateway"
If you are going to setup from scratch consider using WireGuard instead of OpenVPN, easier to setup and much faster.
thank you for your response, I really appreciate your help. i have 36 server PC's in my 42u cabinet. i am trying to use 1 server pc to test this process , using openwrt. I have install proxmox on it. Using the default openwrt settings, it is working fine, but what i want to achieve right now, is the ability to assign openvpn to each vm but no luck vm1 - 192.168.16.2 connect to Tokyo, vm2- 192.168.16.3 - connect to Hongkong, vm3 -192.168.16.4, etc. 30 tun* is for setup, it will be upto 100 tun* if the openwrt allows upto that amount. I desolved br-lan and each lan port is standing alone example(lan1, lan2, lan3, lan4).
My Vlan's are untagged to the lan's port for now due to the testing.
I just want to know how to get pbr to work in my situation and i will handle the rest.
I will have upto 500 clients or more, that will be using the VM services. that is why i am retrying to get this done. I know it is possible, i am just having an hard time trying to get it right. you can help me thank you
Here is my PBR Police, I want to connect VM or pc 3(162.16.1.100) to vtun1. I will have another pc 2 which will like to use vtun12 (162.16.1.100), .... and so on. all on the same lan port, which is plugged into 24 ports unmanaged switched
A VPN tunnel has an endpoint that is its destination.
You get a VPN config with end point in Tokyo and another one in Hong-Kong, so you make two VPN tunnels. Lets name it tun1 and tun2
You disabled the default route.
PBR automatically creates a routing table for each tun interface.
With PBR you create a rule to assign e.g. ip address192.168.16.2 to the routing table of tun1.
So the PBR rule has a local IP address of 192.168.16.1 an interface of tun1 and for forwarding you always use the PREROUTING chain.
I have read through it, but i am having the same problem. I have done this before with omada tp-link vpn router, but vpn portforwarding is not supported. I love openwrt. that is why i am here.
Let stay :
ip address192.168.16.1 to the routing table of vtun1_fw - tun1
ip address192.168.16.2 to the routing table of vtun2_fw - tun2
ip address192.168.16.3 to the routing table of vtun3_fw - tun3
ip address192.168.16.4 to the routing table of vtun4_fw - tun4
and so on
Which the subnet belongs to lan4 (lan_fw4).
When using PREROUTING 192.168.16.1 tun1
When using PREROUTING 192.168.16.2 tun2
When using PREROUTING 192.168.16.3 tun3
When using PREROUTING 192.168.16.4 tun4
all seems to connect to tun4, skipping the rest.
if i remove tun4 the lan_fw4 it connects to tun3 and so on... please can you show me from gui or raw code. thank you very much. i really appreciate.
I've taken a look at your config, and (sorry to be so blunt) it is an absolute mess. There is no way this will ever work properly. And, IMO, it is beyond saving here -- there would be so much to do that it is far faster to just start over.
I agree with the others that it would be much more practical to run the VPN client configs on the hosts themselves, rather than on your router due to the complexity of 30-some-odd VPN tunnels each being used by exactly one host.
Beyond that, I have serious concerns about the performance you'll experience. OpenVPN is very processor intensive. I don't know how much RAM and processor utilization is typical for an idle (or nearly idle) tunnel, but the encryption will put a high load on your CPU when you're transferring lots of data. If you have multiple tunnels running simultaneously, especially with active data transfer on each one, you'll quickly peg the CPU and your bandwidth will probably be severely impacted.
If you really need to run all these tunnels on the router, you'll be best by starting over and then configuring exactly 2 tunnels, 2 hosts, and PBR and getting that to work as intended. Then you can repeat the recipe to add more tunnels and policies for the hosts.
But the bottom line is that what you have in your current config needs to be completely refactored and reconsidered.
ok, thank you i understand your point, but i know what i am doing, my config is complex, the tun*s, i was asked to send my configs here while i was still setting up the configurations on the router. my configuration is not a problem. what i want to understand and learn is PBR only. I have done this in 3 different routers firmware and it works. this is my first time using openwrt. I just love the openwrt open source. i want to be able to make it work successfully. if you can help me with PBR only. assigning of openvpn to a particular local ip addesss, instead of the whole lan port. I know it is possible. please if you can give me a screenshot or steps guide. i will appreciate it. thank you in advance.
Please believe me when I say that I don't mean this rudely... I'm not sure you do (at least not with OpenWrt, specifically). The VLAN configurations and bridges and such are entirely invalid. For example, your br-lan2 bridges multiple VLANs together, which defeats the purpose of VLANs. And that is not withstanding the fact that the syntax you've got within is also completely wrong. DSA doesn't work properly when you setup multiple bridges on the same switch chip. You seem to have mixed multiple methods of defining VLANs (i.e. DSA, swconfig, 802.11q) in a way that is totally unrecognizable. To be frank, it's like you asked an AI agent for help, printed the result, put it through a shredder and then fed the scraps into UCI in some random order.
Which is why I'm telling you that your config is messed up beyond recognition.
PBR is only one part of the equation. The rest of the configuration is very wrong.