Policy-Based-Routing (pbr) package discussion

hi sometimes i Lost m'y connection network when i disable vpn on openvpn

i dont know why

i use openvpn and vpn policy routing tour packages

someone has a same problème ?

i can see that what is kill switch ?

Thu Nov 24 18:16:18 2022 user.notice pbr: Reloading pbr due to includes of firewall
Thu Nov 24 18:16:19 2022 user.notice pbr: Activating traffic killswitch [✓]
Thu Nov 24 18:16:19 2022 user.notice pbr: Setting up routing for 'wan/192.168.1.1' [✓]
Thu Nov 24 18:16:19 2022 user.notice pbr: Routing 'ps5' via vpn [✗]
Thu Nov 24 18:16:19 2022 user.notice pbr: Deactivating traffic killswitch [✓]
Thu Nov 24 18:16:20 2022 user.notice pbr: service monitoring interfaces: wan

The pbr 0.9.9-41 and luci-app-pbr 0.9.9-41 need to be installed together (and cache refreshed/cleared for the luci app) as they contain localizable error/warning messages.

Unless there are issues discovered with this version, my plan is to push it to the pull requests as 1.0.0 some time early next week and then merge into official repo.

3 Likes
1 Like

I lost the connection again with this update

I have to redo startup and restart network to get the internet connection again

I put my ps5 on vpn
and my pc on wan

the only manipulation I do to lose the network is in opevpn start and stop the vpn

EDIT : i think my https dns proxy cause the problem if i disable i do'nt has the disconnect :slight_smile:

@odhiambo here's the correct user file for your case:

#!/bin/sh

TARGET_SET='pbr_wan_4_dst_ip_user'
TARGET_IPSET='pbr_wan_4_dst_net_user'
TARGET_TABLE='inet fw4'
TARGET_URL="http://www.ipdeny.com/ipblocks/data/countries/ke.zone"
TARGET_DL_FILE="/var/pbr_tmp_ke_ip_ranges"
TARGET_NFT_FILE="/var/pbr_tmp_ke_ip_ranges.nft"
[ -z "$nft" ] && nft="$(command -v nft)"
_ret=1

if [ ! -s "$TARGET_DL_FILE" ]; then
	uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null > "$TARGET_DL_FILE"
fi

if [ -s "$TARGET_DL_FILE" ]; then
	if ipset -q list "$TARGET_IPSET" >/dev/null 2>&1; then
		if awk -v ipset="$TARGET_IPSET" '{print "add " ipset " " $1}' "$TARGET_DL_FILE" | ipset restore -!; then
			_ret=0
		fi
	elif [ -n "$nft" ] && [ -x "$nft" ] && "$nft" list set "$TARGET_TABLE" "$TARGET_SET" >/dev/null 2>&1; then
		printf "add element %s %s { " "$TARGET_TABLE" "$TARGET_SET" > "$TARGET_NFT_FILE"
		awk '{printf $1 ", "}' "$TARGET_DL_FILE" >> "$TARGET_NFT_FILE"
		printf " } " >> "$TARGET_NFT_FILE"
		if "$nft" -f "$TARGET_NFT_FILE"; then
			rm -f "$TARGET_NFT_FILE"
			_ret=0
		fi
	fi
fi

return $_ret
1 Like