DHCP https://pastebin.com/DhD6rxNh
Firewall https://pastebin.com/L0tmzBSL
Network https://pastebin.com/Lq54bTjA
PBR https://pastebin.com/SPvG4Wsm
Pbr status https://pastebin.com/4XZ8P5bb
pbr reload https://pastebin.com/gx4vGh7Z
It happens only on startup, thanks!!!
edit...
Just now I have installed back previous bin with package 0.9.9-46 compiled by you and the error disappear...
Seems that the error come out with pbr compiled not by you...
Now I understand. I should have read more carefully. Thank you!
Every time I upgrade pbr I get:
"Command failed: ubus call service delete { "name": "pbr" } (Not found)"
Most likely something leftover from something. Any idea how I can get rid of this?
From the files you posted everything looks healthy. Does the pbr auto-recover from the error on startup or did you have to restart/reload the service?
If it only happens on startup it may indicate that the firewall is reloaded/restarted when pbr is starting up, so even tho pbr creates the nft set successfully, it may get flushed before it can create the nft rule to target said nft set, hence the error.
I'd appreciate if you could continue to monitor this and capture more logs before and after this happens.
At some point in the future I'd like to look into supporting atomic nft command, if the error is happening because of what I think, it may eliminate the issue.
Can't reproduce, very little information to venture a guess, so no, no idea.
It is restored automatically. I don't touch anything, I don't understand why I see this from 1.0.0.
Let me know if I can test something....
Thanks
Edit... Cleaned build folder rebuild... Disappears, really I don't know and sorry. I let you know in any case I see it again.
Edit2...
No, happen again on openvpn restart this morning, please have a look at the log...
Same config as yesterday...
edit 3...
@stangri now I'm sure, happen sometimes on openvpn restart command
Hi. I am sorry to bother you again. I am experiencing a problem. Whenever I reboot the router, PBR fails to load properly, and I suspect it is something to do with this user file you created for me, but I am not sure. Below is the system log:
Fri Dec 9 08:43:50 2022 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Fri Dec 9 08:43:50 2022 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Fri Dec 9 08:43:50 2022 daemon.info dnsmasq[1]: using only locally-known addresses for local
Fri Dec 9 08:43:50 2022 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Fri Dec 9 08:43:50 2022 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Fri Dec 9 08:43:50 2022 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Fri Dec 9 08:43:50 2022 daemon.notice netifd: Network device 'wg0' link is up
Fri Dec 9 08:43:51 2022 user.notice firewall: Reloading firewall due to ifup of lan (br-lan)
Fri Dec 9 08:43:53 2022 daemon.notice hostapd: Configuration file: /var/run/hostapd-phy1.conf (phy wlan1) --> new PHY
Fri Dec 9 08:43:54 2022 user.notice pbr: Activating traffic killswitch โ
Fri Dec 9 08:43:54 2022 kern.info kernel: [ 71.994476] br-lan: port 2(wlan1) entered blocking state
Fri Dec 9 08:43:54 2022 kern.info kernel: [ 71.999979] br-lan: port 2(wlan1) entered disabled state
Fri Dec 9 08:43:54 2022 kern.info kernel: [ 72.005841] device wlan1 entered promiscuous mode
Fri Dec 9 08:43:54 2022 daemon.notice hostapd: ACS: Automatic channel selection started, this may take a bit
Fri Dec 9 08:43:54 2022 daemon.notice hostapd: wlan1: interface state UNINITIALIZED->ACS
Fri Dec 9 08:43:54 2022 daemon.notice hostapd: wlan1: ACS-STARTED
Fri Dec 9 08:43:54 2022 daemon.notice hostapd: Configuration file: /var/run/hostapd-phy0.conf (phy wlan0) --> new PHY
Fri Dec 9 08:43:56 2022 daemon.notice netifd: Wireless device 'radio1' is now up
Fri Dec 9 08:43:56 2022 kern.warn kernel: [ 74.091170] ath10k_pci 0000:00:00.0: 10.1 wmi init: vdevs: 16 peers: 127 tid: 256
Fri Dec 9 08:43:56 2022 kern.info kernel: [ 74.108731] ath10k_pci 0000:00:00.0: wmi print 'P 128 V 8 T 410'
Fri Dec 9 08:43:56 2022 kern.info kernel: [ 74.115027] ath10k_pci 0000:00:00.0: wmi print 'msdu-desc: 1424 sw-crypt: 0 ct-sta: 0'
Fri Dec 9 08:43:56 2022 kern.info kernel: [ 74.123961] ath10k_pci 0000:00:00.0: wmi print 'alloc rem: 24984 iram: 38672'
Fri Dec 9 08:43:56 2022 kern.warn kernel: [ 74.201246] ath10k_pci 0000:00:00.0: pdev param 0 not supported by firmware
Fri Dec 9 08:43:56 2022 kern.info kernel: [ 74.216337] ath10k_pci 0000:00:00.0: rts threshold 784
Fri Dec 9 08:43:56 2022 kern.info kernel: [ 74.253105] br-lan: port 3(wlan0) entered blocking state
Fri Dec 9 08:43:56 2022 kern.info kernel: [ 74.258632] br-lan: port 3(wlan0) entered disabled state
Fri Dec 9 08:43:56 2022 kern.info kernel: [ 74.264484] device wlan0 entered promiscuous mode
Fri Dec 9 08:43:56 2022 daemon.notice hostapd: ACS: Automatic channel selection started, this may take a bit
Fri Dec 9 08:43:56 2022 daemon.notice hostapd: wlan0: interface state UNINITIALIZED->ACS
Fri Dec 9 08:43:56 2022 daemon.notice hostapd: wlan0: ACS-STARTED
Fri Dec 9 08:43:58 2022 daemon.notice netifd: Wireless device 'radio0' is now up
Fri Dec 9 08:43:58 2022 daemon.info dnsmasq[1]: exiting on receipt of SIGTERM
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: started, version 2.86 cachesize 150
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: DNS service limited to local subnets
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC no-ID loop-detect inotify dumpfile
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: UBus support enabled: connected to system bus
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq-dhcp[1]: DHCP, IP range 172.16.17.111 -- 172.16.17.254, lease time 1d
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: using only locally-known addresses for test
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: using only locally-known addresses for local
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: reading /tmp/resolv.conf.d/resolv.conf.auto
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: using nameserver 103.86.96.100#53
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: using nameserver 103.86.99.100#53
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: using only locally-known addresses for test
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: using only locally-known addresses for local
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: read /etc/hosts - 4 addresses
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 7 addresses
Fri Dec 9 08:43:59 2022 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
Fri Dec 9 08:44:01 2022 user.notice firewall: Reloading firewall due to ifup of wan (eth0.2)
Fri Dec 9 08:44:02 2022 daemon.notice hostapd: wlan1: ACS-COMPLETED freq=2437 channel=6
Fri Dec 9 08:44:02 2022 kern.info kernel: [ 80.165294] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
Fri Dec 9 08:44:02 2022 kern.info kernel: [ 80.172112] br-lan: port 2(wlan1) entered blocking state
Fri Dec 9 08:44:02 2022 kern.info kernel: [ 80.177634] br-lan: port 2(wlan1) entered forwarding state
Fri Dec 9 08:44:02 2022 daemon.notice netifd: Network device 'wlan1' link is up
Fri Dec 9 08:44:02 2022 daemon.notice netifd: Interface 'wan6' is now up
Fri Dec 9 08:44:02 2022 daemon.info dnsmasq[1]: reading /tmp/resolv.conf.d/resolv.conf.auto
Fri Dec 9 08:44:02 2022 daemon.info dnsmasq[1]: using nameserver fe80::1%eth0.2#53
Fri Dec 9 08:44:02 2022 daemon.info dnsmasq[1]: using nameserver 103.86.96.100#53
Fri Dec 9 08:44:02 2022 daemon.info dnsmasq[1]: using nameserver 103.86.99.100#53
Fri Dec 9 08:44:02 2022 daemon.info dnsmasq[1]: using only locally-known addresses for test
Fri Dec 9 08:44:02 2022 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Fri Dec 9 08:44:02 2022 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Fri Dec 9 08:44:02 2022 daemon.info dnsmasq[1]: using only locally-known addresses for local
Fri Dec 9 08:44:02 2022 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Fri Dec 9 08:44:02 2022 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Fri Dec 9 08:44:02 2022 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Fri Dec 9 08:44:03 2022 user.notice pbr: Processing interfaces โโโ
Fri Dec 9 08:44:04 2022 daemon.notice netifd: Network device 'wlan1-1' link is up
Fri Dec 9 08:44:04 2022 kern.info kernel: [ 81.820065] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1-1: link becomes ready
Fri Dec 9 08:44:04 2022 daemon.notice hostapd: wlan1: interface state ACS->ENABLED
Fri Dec 9 08:44:04 2022 daemon.notice hostapd: wlan1: AP-ENABLED
Fri Dec 9 08:44:05 2022 user.notice pbr: Processing policies โโ
Fri Dec 9 08:44:06 2022 user.notice pbr: Deactivating traffic killswitch โ
Fri Dec 9 08:44:07 2022 user.notice firewall: Reloading firewall due to ifup of wg0 (wg0)
Fri Dec 9 08:44:07 2022 user.notice pbr: Processing user file(s) โ
Fri Dec 9 08:44:08 2022 user.notice pbr: service monitoring interfaces: wan wg0 vpnclient0
Fri Dec 9 08:44:09 2022 daemon.notice procd: /etc/rc.d/S94pbr: e[0;31mERRORe[0m: Failed to set up 'wan/eth0.2/192.168.1.1'!
Fri Dec 9 08:44:09 2022 daemon.notice procd: /etc/rc.d/S94pbr: e[0;31mERRORe[0m: Failed to set up 'wg0/0.0.0.0'!
Fri Dec 9 08:44:09 2022 daemon.notice procd: /etc/rc.d/S94pbr: e[0;31mERRORe[0m: Failed to set up 'vpnclient0/0.0.0.0'!
Fri Dec 9 08:44:09 2022 daemon.notice procd: /etc/rc.d/S94pbr: e[0;31mERRORe[0m: Error running custom user file '/usr/share/pbr/pbr.user.ke.lst'!
Fri Dec 9 08:44:09 2022 daemon.notice procd: /etc/rc.d/S94pbr: e[0;31mERRORe[0m: Failed to set up any gateway!
Fri Dec 9 08:44:10 2022 daemon.notice procd: /etc/rc.d/S96led: setting up led LAN1
Fri Dec 9 08:44:10 2022 daemon.notice procd: /etc/rc.d/S96led: setting up led LAN2
Fri Dec 9 08:44:10 2022 daemon.notice procd: /etc/rc.d/S96led: setting up led LAN3
Fri Dec 9 08:44:10 2022 daemon.notice procd: /etc/rc.d/S96led: setting up led LAN4
When that happens, the screenshot below is what I get when I go to PBR on luci.
Thank you in advance for any insights.
The errors seem to come from dnsmasq:
Tue Dec 6 06:03:06 2022 daemon.err dnsmasq[1]: nftset inet fw4 pbr_wan_4_dst_ip_cfg0d6ff5 Error: No such file or directory; did you mean set โpbr_wan_4_dst_ip_cfg116ff5โ in table inet โfw4โ?
Tue Dec 6 06:03:06 2022 daemon.err dnsmasq[1]: nftset inet fw4 pbr_wan_4_dst_ip_cfg0d6ff5 Error: No such file or directory; did you mean set โpbr_wan_4_dst_ip_cfg116ff5โ in table inet โfw4โ?
Tue Dec 6 06:03:06 2022 daemon.err dnsmasq[1]: nftset inet fw4 pbr_wan_4_dst_ip_cfg0d6ff5 Error: No such file or directory; did you mean set โpbr_wan_4_dst_ip_cfg116ff5โ in table inet โfw4โ?
To me it looks like dnsmasq may be trying to populate ipsets while pbr is restarting, so it's safe to ignore,
It should auto-recover when all interfaces come up. If it doesn't, please provide all information mentioned in Getting Help section of the README.
- /etc/config/dhcp:
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'wash.lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option sequential_ip '1'
config dhcp 'lan'
option interface 'lan'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option start '111'
option limit '250'
option leasetime '24h'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
- /etc/config/firewall:
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option network 'vpnclient0'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'DROP'
option forward 'DROP'
option name 'OVPNZone0'
config forwarding
option src 'lan'
option dest 'OVPNZone0'
config zone
option network 'vpnclient1'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'DROP'
option forward 'DROP'
option name 'OVPNZone1'
config forwarding
option src 'lan'
option dest 'OVPNZone1'
config zone
option network 'vpnclient2'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'DROP'
option forward 'DROP'
option name 'OVPNZone2'
config forwarding
option src 'lan'
option dest 'OVPNZone2'
config forwarding
option src 'OVPNZone2'
option dest 'wan'
config forwarding
option src 'OVPNZone1'
option dest 'wan'
config forwarding
option src 'OVPNZone0'
option dest 'wan'
config zone
option name 'WGZone'
option output 'ACCEPT'
list network 'wg0'
option masq '1'
option mtu_fix '1'
option input 'DROP'
option forward 'DROP'
config forwarding
option src 'WGZone'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'WGZone'
config zone
option name 'GuestZone'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'GUEST'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'GuestZone'
option dest 'wan'
config rule
option name 'Guest DHCP and DNS'
option src 'GuestZone'
option dest_port '53 67 68'
option target 'ACCEPT'
list dest_ip '10.20.30.1'
- /etc/config/network:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd41:d533:b7cc::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '172.16.17.1'
config device
option name 'eth0.2'
option macaddr '28:ee:52:62:ac:94'
config interface 'wan'
option device 'eth0.2'
option proto 'static'
option ipaddr '192.168.1.3'
option netmask '255.255.255.0'
option gateway '192.168.1.1'
option broadcast '192.168.1.255'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'
config interface 'wg0'
option proto 'wireguard'
option private_key 'XXXX'
option listen_port '51820'
list addresses 'x.x.x.x/32'
option peerdns '0'
list dns '103.86.96.100'
list dns '103.86.99.100'
config wireguard_wg0
option description 'wg0.conf'
option public_key 'XXXXXX'
list allowed_ips '0.0.0.0/0'
option persistent_keepalive '25'
option endpoint_port '51820'
option route_allowed_ips '1'
option endpoint_host '84.17.N.N'
config interface 'vpnclient0'
option proto 'none'
option device 'ovpnc0'
config interface 'vpnclient1'
option proto 'none'
option device 'ovpnc1'
option auto '0'
config interface 'vpnclient2'
option proto 'none'
option device 'ovpnc2'
option auto '0'
config interface 'GUEST'
option proto 'static'
option ipaddr '10.20.30.1'
option netmask '255.255.255.0'
- /etc/config/pbr:
config pbr 'config'
option strict_enforcement '1'
option resolver_set 'none'
option ipv6_enabled '0'
list supported_interface 'vpnclient0 vpnclient1 vpnclient2'
list ignored_interface 'vpnserver'
list ignored_interface 'wgserver'
option boot_timeout '30'
option rule_create_option 'add'
option procd_reload_delay '1'
option webui_show_ignore_target '0'
list webui_supported_protocol 'all'
list webui_supported_protocol 'tcp'
list webui_supported_protocol 'udp'
list webui_supported_protocol 'tcp udp'
list webui_supported_protocol 'icmp'
option enabled '1'
option verbosity '1'
config include
option path '/usr/share/pbr/pbr.user.aws'
option enabled '1'
config include
option path '/usr/share/pbr/pbr.user.netflix'
config policy
option name 'Plex/Emby Local Server'
option interface 'wan'
option src_port '8096 8920 32400'
option enabled '0'
config policy
option name 'Plex/Emby Remote Servers'
option interface 'wan'
option dest_addr 'plex.tv my.plexapp.com emby.media app.emby.media tv.emby.media'
option enabled '0'
config policy
option name 'WireGuard Server'
option interface 'wan'
option src_port '51820'
option chain 'output'
option proto 'udp'
option enabled '0'
config policy
option name 'amzn'
option dest_addr 'amazon.com amazon.co.uk amazonvideo.com primevideo.com'
option interface 'wan'
config policy
option name 'KE'
option interface 'wan'
option dest_addr '197.232.105.66 41.212.32.14 gw.titan.co.ke earnapp.com mail.panafcon.net'
option enabled '0'
config include
option enabled '1'
option path '/usr/share/pbr/pbr.user.ke.lst'
- output of pbr status - [https://pastebin.ubuntu.com/p/SHVSWg8hbc/](https://pastebin.ubuntu.com/p/SHVSWg8hbc/)
- output of pbr reload:
root@archer-c7-v5-eu:/etc/config# /etc/init.d/pbr reload -d 2
Activating traffic killswitch [รขลโ]
Setting up routing for 'wan/eth0.2/192.168.1.1' [รขลโ]
Setting up routing for 'wg0/10.5.0.2' [รขลโ]
Setting up routing for 'vpnclient0/0.0.0.0' [รขลโ]
Setting up routing for 'vpnclient1/0.0.0.0' [รขลโ]
Setting up routing for 'vpnclient2/0.0.0.0' [รขลโ]
Routing 'amzn' via wan [รขลโ]
Routing 'HASS-PiHole' via wan [รขลโ]
Deactivating traffic killswitch [รขลโ]
Running /usr/share/pbr/pbr.user.aws [รขลโ]
Running /usr/share/pbr/pbr.user.ke.lst [รขลโ]
pbr 1.0.0-1 monitoring interfaces: wan wg0 vpnclient0 vpnclient1 vpnclient2
pbr 1.0.0-1 (nft) started with gateways:
wan/eth0.2/192.168.1.1
wg0/10.5.0.2 [รขลโ]
vpnclient0/0.0.0.0
vpnclient1/0.0.0.0
vpnclient2/0.0.0.0
PS: There is a requirement to give " * the output of /etc/init.d/pbr reload with verbosity setting set to 2" which I am not sure I have met. How do I set the verbosity to 2? Is that the same thing as "verbose output" in the luci-app-pbr?
Thank you once again.
Check your configuration.
Thank you. Mine is on '2' already.
It seems to be running just fine.
When the errors show up on the web UI, the pbr fails, as everything is routed via the VPN.
Is this the correct thread to ask for help on this new pbr ? If not happy for admin to relocate please!!
Fresh install of 22.03.2 today. After installing and setting up wireguard I went to install the vpn policy routing and soomn found out that pbr is its replacement. At end of install an error that said "failed gateway" was displayed. I continued to install the luci pbr app then I rebooted. Then I selected the Policy Routing from the services menu to be greeted with
"TypeError
textLabelsTable[element.id] is undefined" any assistance to resolve would be appreciated.
result of ...... /etc/init.d/pbr reload
Activating traffic killswitch [โ]
Setting up routing for 'wan/eth0.2/86.27.75.1' [โ]
Setting up routing for 'wg0/10.100.54.113' [โ]
Routing 'NHPM5v' via wg0 [โ]
Deactivating traffic killswitch [โ]
pbr 1.0.0-1 monitoring interfaces: wan wg0
ERROR: Resolver set support (dnsmasq.ipset) requires ipset, but ipset binary cannot be found!
ERROR: Failed to set up 'wan/eth0.2/86.27.75.1'!
ERROR: Failed to set up 'wg0/10.100.54.113'!
ERROR:
ERROR: iptables -t mangle -A PBR_PREROUTING -g PBR_MARK_0x020000 -s 192.168.5.2 -m comment --comment NHPM5v
ERROR: Failed to set up any gateway!
I would reinstall everything afresh before asking this question. Okay, I am not aware if pbr and luci-app-pbr are already available upstream, because I install using instructions from the main documentation page. Allow me to ask - did you also install dnsmasq-full?
@odhiambo It was a fresh install....I updated the lists and both pbr and luci pbr app was there, but no old VPN policy routing anymore. No did not install dnsmasq-full cheers
I suppose after installing dnsmasq-full you'll be fine.
Uninstalled dnsmasq installed full.... Still not working, same error
If you use pbr-ipset, please check if you have installed ipset and iptables-nft...
Then restart pbr... I get similar issues some times ago...
Let me know.
It is, read the README fully.
I'll address the WebUI issues in the next build.