Policy-Based-Routing (pbr) package discussion

hi sometimes i Lost m'y connection network when i disable vpn on openvpn

i dont know why

i use openvpn and vpn policy routing tour packages

someone has a same problème ?

i can see that what is kill switch ?

Thu Nov 24 18:16:18 2022 user.notice pbr: Reloading pbr due to includes of firewall
Thu Nov 24 18:16:19 2022 user.notice pbr: Activating traffic killswitch [✓]
Thu Nov 24 18:16:19 2022 user.notice pbr: Setting up routing for 'wan/' [✓]
Thu Nov 24 18:16:19 2022 user.notice pbr: Routing 'ps5' via vpn [✗]
Thu Nov 24 18:16:19 2022 user.notice pbr: Deactivating traffic killswitch [✓]
Thu Nov 24 18:16:20 2022 user.notice pbr: service monitoring interfaces: wan

The pbr 0.9.9-41 and luci-app-pbr 0.9.9-41 need to be installed together (and cache refreshed/cleared for the luci app) as they contain localizable error/warning messages.

Unless there are issues discovered with this version, my plan is to push it to the pull requests as 1.0.0 some time early next week and then merge into official repo.

1 Like

I lost the connection again with this update

I have to redo startup and restart network to get the internet connection again

I put my ps5 on vpn
and my pc on wan

the only manipulation I do to lose the network is in opevpn start and stop the vpn

EDIT : i think my https dns proxy cause the problem if i disable i do'nt has the disconnect :slight_smile:

@odhiambo here's the correct user file for your case:


TARGET_TABLE='inet fw4'
[ -z "$nft" ] && nft="$(command -v nft)"

if [ ! -s "$TARGET_DL_FILE" ]; then
	uclient-fetch --no-check-certificate -qO- "$TARGET_URL" 2>/dev/null > "$TARGET_DL_FILE"

if [ -s "$TARGET_DL_FILE" ]; then
	if ipset -q list "$TARGET_IPSET" >/dev/null 2>&1; then
		if awk -v ipset="$TARGET_IPSET" '{print "add " ipset " " $1}' "$TARGET_DL_FILE" | ipset restore -!; then
	elif [ -n "$nft" ] && [ -x "$nft" ] && "$nft" list set "$TARGET_TABLE" "$TARGET_SET" >/dev/null 2>&1; then
		printf "add element %s %s { " "$TARGET_TABLE" "$TARGET_SET" > "$TARGET_NFT_FILE"
		awk '{printf $1 ", "}' "$TARGET_DL_FILE" >> "$TARGET_NFT_FILE"
		printf " } " >> "$TARGET_NFT_FILE"
		if "$nft" -f "$TARGET_NFT_FILE"; then
			rm -f "$TARGET_NFT_FILE"

return $_ret

I have an OpenVPN client (Ovpn client redirect all traffic trought vpn) and I would like to use Wireguard "server", how to route wireguard server to wan?

So, at the moment all works good if I stop openvpn client... otherwise clients are not able to do handshake..

hi stangri do you have a news about fusion ? thanks

An issue was found, I'll probably push update later this week and merge on the weekend.


Do you have some suggestion for my small issue Ovpn client and wireguard as "server"?


I thought in can be inferred from README, but maybe not. If the VPN client is your default gateway and you run a VPN server which is UDP-based, you can't selectively route the server traffic with pbr.

Ah ok, sorry for bad question, do you know how can I do that without close openvpn client?


Either do not use VPN client as default gateway or use the VPN server which is TCP-based (like OpenVPN in a tcp mode).

1 Like

I'm planning on merging these early next week unless there're reported issues or objections:




thanks for your work stangri

1 Like

Just merged all 4 PRs, the binaries should be available in official repos within a few days.


Great news, thank you!!!

Compiled right now, from source...
daemon.err dnsmasq[1]: nftset inet fw4 pbr_wan_4_dst_ip_cfg0d6ff5 Error: No such file or directory; did you mean set ‘pbr_wan_4_dst_ip_cfg076ff5’ in table inet ‘fw4’?

Do you know why I get these errors?

It seems that it happens only on startup...

How to understand what is it cfg0d6ff5, sorry for stupid question

Thank you for the great work stangri!

I just installed pbr and UI on OpenWrt 22.03.2 (x86_64). Also installed dnsmasq-full. However I cannot change resolver set. It displays:
The adguardhome.ipset is not supported on this system.
The dnsmasq.ipset is not supported on this system.
The dnsmasq.nftset is not supported on this system.

Where could be the problem?

1 Like

is what dnsmasq full is nécessary for 22.03.2 ? thanks

@pesa1234, @AlexK please refer to README.

1 Like