Should I use AntiBlock (https://github.com/karen07/antiblock) for routing websites ?
Most of my lists for routing I get from remote sources using curl feature. However if it so happens that remote isnāt available during router or pbr restart you end up without routing altogether.
So as a feature request do you think itās possible to create local copies of the lists when using curl and if the request fails use it instead.
The flow:
- User specifies https://example.com/domains.lst as a list
- Pbr tries to download contents of that URL
- If request succeeds it stores that file into some āpermanentā location and uses it contents to populate the rules
- If request fails it tries to see if there is a previously downloaded version and uses it as a backup
Maybe you can do this yourself, make a script which downloads the list and check it and run that script periodically with a cron job and after reloading restart pbr.
In pbr just use the downloaded list with e.g. file:///tmp/my-downloaded-list
Yes and this is what I am doing.
However same logic could be applied to supporting curl entirely - one could write the script to populate addresses from URL to config. And since pbr decided to provide convenience here I think itād be great to have builtin resilience for that feature. What do you think?
I personally are more on the lean and mean side and as the PBR script is already huge I would not add those add-ons to the script as it can easily be done the way you are doing it outside the PBR script, but that is just my personal opinion
Iām currently using PBR and Multiple OpenVPN Clients with these Polices:
domain 1, domain 2 - vpn sever a
domain 3, domain 4 - vpn server b
domain 5 - vpn sever c
Its the same vpn, just diffrent servers. Everything else goes to default ISP ip. Now, instead of just ādomain 5ā I want everything else to go with Vpn C, so no more ISP. What exactly should i change in the PBR Polices. I tried leaving the āremote address / domainsā field blank or just adding ā*ā for the 3rd rule above, but of course it didnāt work 
Add to the openvpn client config:
redirect-gateway def1
This should route everything not specifically excluded by pbr rules via that vpn
When i change pull-filter ignore "redirect-gateway" with redirect-gateway def1 on that openvpn config file all connections go down, no internet
Just removing that is sufficient. That should already reinstate default route via the vpn
You have to reboot after that
1 Like
Good day @egc ! Please help me. On my router i have openconnect client that connected to server in Amsterdam, i use this connection to bypass youtube restrictions in Russia, to route traffic for some domains i use pbr and all work fine!!! Recently i have install wireguard server to router for securely connect and access to home lan connected devices from mobile phone. I was wondering if I could route traffic to specific domains through the OpenConnect interface using PBR. I ended up creating a rule in PBR, specifying my peer's address, and setting it up the same way as for my local network, where PBR redirects traffic well. However, with the Wireguard client, redirection via PBR doesn't work. Could you please tell me if there's a trick I'm missing? I've scoured the internet, but haven't found a similar issue. Just checked, if I redirect all the wireguard server client traffic to openconnect, the redirection works, but redirection for specific domains does not.
The redirection for domains uses DNSMasq so the clients of the WireGuard server must use DNSmasq of the router, most WireGuard clients let you set the DNS server so try to set the routers LAN IP address on the WireGuard clients which are connecting to your WireGuard server.
But you have to make sure that DNSMasq listens on the WireGuard server interface and that DNSMasq is set to resolve DNS for non local subnets
The WireGuard Server Setup Guide has a paragraph about this see: DNSMasq resolution for clients connecting (peers)
It worked at first. Then after playing around with different servers and doing a restart, it doesnāt work anymore, meaning without the āpull-filter ignore "redirect-gateway"ā on the openvpn config, I will not get an internet connection (limited connectivity notification) after a reboot (apart from the domains on the other vpns server a,b). So i need to add the pull-filer ignore line on openvpn config file for vpn server c, or disable it for the connection to resume.
OpenVPN is always picky as it has a mind of its own (it sets up its own interface and routing), especially if you have more tunnels active you are better off using WireGuard
I tried to configure Nordlynx(nordvpn) as a Wireguard client based on a tutorial in this forum, but couldnāt make it work, the tutorial cuts short through a lot of steps.
Hello, @egc. PBR routes fine without the settings you specified, as well as with the DNSMasq resolution settings for clients connecting (peers), for example, when specifying the domain name 2ip.io. However, for some reason, PBR doesn't route domain names for YouTube in Russia - youtu.be yt.be googlevideo.com gtv1.com googleapis.com ggpht.com ytimg.com googleusercontent.com l.google.com youtube.com, even though all devices on my home network 192.168.0.0/24 are routed using PBR without problems. I don't understand what the problem could be! Are there any other tricks I can try? Please tell me. Thank you in advance for your help.
YouTube uses many domains and subdomains and to make things worse, which are geographically dependant so it is almost impossible to catch them all
For one thing you have to resolve the domains via a DNS server in the same location you are going to use the domains but even then you might miss a few domains/subdomains
I think NordVPN does not support easily setting up WireGuard on the router better use a VPN provider with default support for WireGuard on the router.
2 Likes
Yea, I've asked them this question few months ago and they answered that they worked to support it but currently it wasn't available.
1 Like
Fortunately, I was able to make NordVpn work by following the ProtonVPN-Wireguard-OpenWrt tutorial at: https://protonvpn.com/support/openwrt-wireguard combined with the first 8 steps of the guide here: May 2024 Update: How to create wireguard tunnel with nordvpn on OpenWRT 22.03
I replaced my 3 active openvpn interfaces with 3 wireguard ones, same locations. In my scenario i keep the Wan interface as default gateway. For dns i use https-dns-proxy as default, but for 2 of the wireguard interfaces i use the VPNs dns servers using 2 extra polices on pbr (output chain) and Forwards section on Dhcp&DNS, to filter out just the domains covered by those interfaces.
2 Likes
