Mwan3 rule with ipset

Community Builds, Projects & Packages
1

I am trying to use mwan3 and ipsets to split outgoing traffic across two interfaces. Here is the ipset (in nft list rulesets)

	set eduset {
		type ipv4_addr
		flags interval
		auto-merge
		elements = { 95.85.16.212 }
	}

As you can see, it contains only 1 ip for test purposes. It is the address of ipleak.net.

I have the following rule in man3:

config rule 'eduset_rule_v4'
	option family 'ipv4'
	option proto 'all'
	option use_policy 'eduwan_only'
	option sticky '0'
	option ipset 'eduset'

as the very first rule.
But when I visit ipleak.net it reports the wrong source ip. When I change the rule to:

config rule 'eduset_rule_v4'
	option family 'ipv4'
	option proto 'all'
	option use_policy 'eduwan_only'
	option dest_ip '95.85.16.212'
	option sticky '0'

it works as expected.

The only change between the two is the use of 'dest_ip' instead of 'ipset'. It seems to me that ipset is not working for some reason. What's wrong?

OpenWrt 22.03.2, mwan3 2.11.4-1, iptables-nft and ip6tables-nft installed.

2

Ipsets are not the same thing as nft sets.
You need to install the ipset package then create and populate the "ip set".
Mwan3 knows how to read the ipset.
It knows nothing about nft sets.

1 Like
3

@bluewavenet That works, thanks for your help!

1 Like