Migrating to pbr

I made my first attempt at migrating from vpn-policy-routing to pbr and it did not go as well as I hoped. My main router is my TP-Link C2600. It currently has fw4 and vpn-policy-routing works flawlessly, even with dnsmasq ipset for resolve. I’m definitely no network wizard like some of you on the forum (btw, I greatly appreciate and thank all of you for your guidance and wisdom.)

Upon migrating, the dnsmasq ipset option disappeared completely. My internet connectivity still worked to some degree. I was able to visit search engines like Google, but if I tried to visit a site like waveform to test bufferbloat or dnsleaktest, the connection refused. I lost all access to my smart home devices when using the app on my cellphone when connected to the wifi, but if I turned wifi off, the apps worked just fine. The strangest thing…

I followed the recommendation for clearing the cache, but wanted to reconfigure the policies from scratch. I tried various options for the chains to no avail. I obviously messed something up in my attempt. I do have a custom image built from openwrt’s site that has vpn-policy-routing baked in, so I knew removing the package doesn’t actually delete it, etc.

I’m wondering if having vpn-policy-routing baked in is the culprit. I’m at a loss. Should I build a new image with pbr baked in instead and start from scratch there? Does anyone have any recommendations on my next move?

Sorry, can you write couple rules for vpr, and 'corresponding' rules for pbr?

Follow the PBR readme.

I’ll follow through with all of it instead of just half and trying to reconfigure from scratch since the readme says the vpnpr file will work. Thx

Doing a deep dive on that readme has me up and running. Pbr working like a champ. I have a vpn tunnel (server) into my lan that is broke when the wireguard interface is running, so I have it off and will troubleshoot it with the readme recommendations when I get a chance. I originally had this interface listed in the ignore interface section with vpnpr. But that isn’t doing anything anymore.

I have another vpn tunnel (client) that I use with my guest network that is working without issue.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.