Policy based routing tab is frozen

hi,

just did a fresh and new instralling (19.07.5) everything is ok except the policy based routing tab, I configured the PBR page earlier, mand it works, but now impossible to load the page, I tried many browser, refresh page, erase the cache etc, reboot router... but stillm the same

idea?
thanks

1 Like

ok now, I dont know why, but when I change dns setting in ''wan/advanced setting/ uncheck -Use DNS servers advertised by peer and adding : 192.168.1.1, the policy based routing works, the browser tab was freezes before and with that, it is working........ btw, I use dnscrypt proxy 2, is it ok if I put 192.168.1.1 as ''custom DNS servers'' ??

Better not.
That option is for external upstream resolvers.
You should forward DNS queries from Dnsmasq to dnscrypt-proxy2:
https://openwrt.org/docs/guide-user/services/dns/dnscrypt_dnsmasq_dnscrypt-proxy2#instructions

I will look at it thanks, but instead of 192.168.1.1, can I put some dns servers, cause with that, as I said and dont know why, my browser policy routing tab works ok...... thanks

btw, Ive already have dnscrypt proxy installed and it works, so my question is, the link you provided me, is the same thing ? thanks again

and do I need to keep the Use DNS servers advertised by peer checked? if so, I see my 3 isp dns in the resolv.conf but those are not leaking,

Your config might be incorrect.
Check the output:

uci show vpn-policy-routing; uci show dhcp; \
head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*; \
grep -e ^listen_addresses /etc/dnscrypt-proxy2/dnscrypt-proxy.toml

HI,

thanks again for your help and time,

here my data with your code. at the bottom we can see my isp dns, but in my dnsleak test, those are not there, but we can see them when I scp ... so I guess it is ok? Also I have the same toml config file since a year and for the first with that last build, my DNSSEC test is not validate.....

root@OpenWrt:~# uci show vpn-policy-routing; uci show dhcp; \
> head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*; \
> grep -e ^listen_addresses /etc/dnscrypt-proxy2/dnscrypt-proxy.toml
vpn-policy-routing.config=vpn-policy-routing
vpn-policy-routing.config.verbosity='2'
vpn-policy-routing.config.src_ipset='0'
vpn-policy-routing.config.dest_ipset='dnsmasq.ipset'
vpn-policy-routing.config.ipv6_enabled='0'
vpn-policy-routing.config.supported_interface=''
vpn-policy-routing.config.ignored_interface='vpnserver wgserver'
vpn-policy-routing.config.boot_timeout='30'
vpn-policy-routing.config.iptables_rule_option='append'
vpn-policy-routing.config.iprule_enabled='0'
vpn-policy-routing.config.webui_enable_column='0'
vpn-policy-routing.config.webui_protocol_column='0'
vpn-policy-routing.config.webui_chain_column='0'
vpn-policy-routing.config.webui_sorting='1'
vpn-policy-routing.config.webui_supported_protocol='tcp' 'udp' 'tcp udp' 'icmp'                                                                                                                      'all'
vpn-policy-routing.config.strict_enforcement='0'
vpn-policy-routing.config.enabled='1'
vpn-policy-routing.@include[0]=include
vpn-policy-routing.@include[0].path='/etc/vpn-policy-routing.netflix.user'
vpn-policy-routing.@include[0].enabled='0'
vpn-policy-routing.@include[1]=include
vpn-policy-routing.@include[1].path='/etc/vpn-policy-routing.aws.user'
vpn-policy-routing.@include[1].enabled='0'
vpn-policy-routing.@policy[0]=policy
vpn-policy-routing.@policy[0].interface='wan'
vpn-policy-routing.@policy[0].name='pixel'
vpn-policy-routing.@policy[0].src_addr='192.168.XXXX/32'
vpn-policy-routing.@policy[1]=policy
vpn-policy-routing.@policy[1].interface='wan'
vpn-policy-routing.@policy[1].name='A20'
vpn-policy-routing.@policy[1].src_addr='192.168.1.XX/32'
vpn-policy-routing.@policy[2]=policy
vpn-policy-routing.@policy[2].interface='Wguard'
vpn-policy-routing.@policy[2].name='Ninja_pc'
vpn-policy-routing.@policy[2].src_addr='192.168.XXXX/32'
vpn-policy-routing.@policy[3]=policy
vpn-policy-routing.@policy[3].interface='wan'
vpn-policy-routing.@policy[3].name='Télé_cable'
vpn-policy-routing.@policy[3].src_addr='192.168XXXX/32'
vpn-policy-routing.@policy[4]=policy
vpn-policy-routing.@policy[4].interface='wan'
vpn-policy-routing.@policy[4].name='télé_wifi'
vpn-policy-routing.@policy[4].src_addr='192.16XXX/32'
vpn-policy-routing.@policy[5]=policy
vpn-policy-routing.@policy[5].interface='wan'
vpn-policy-routing.@policy[5].name='chromeCast'
vpn-policy-routing.@policy[5].src_addr='192.168.XXXX/32'
vpn-policy-routing.@policy[6]=policy
vpn-policy-routing.@policy[6].interface='wan'
vpn-policy-routing.@policy[6].name='Luminess'
vpn-policy-routing.@policy[6].src_addr='192.168.1XXXX/32'
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].localservice='1'
dhcp.@dnsmasq[0].server='127.0.0.53#53'
dhcp.@dnsmasq[0].noresolv='1'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
==> /etc/resolv.conf <==
# Interface wan
nameserver 205.151.67.34
nameserver 205.151.67.2
nameserver 205.151.67.6
search cgocable.ca

==> /tmp/resolv.conf <==
# Interface wan
nameserver 205.151.67.34
nameserver 205.151.67.2
nameserver 205.151.67.6
search XXXXXXXXX

==> /tmp/resolv.conf.auto <==
# Interface wan
nameserver 205.151.67.34
nameserver 205.151.67.2
nameserver 205.151.67.6
search xxxxxxx
head: /tmp/resolv.*/*: No such file or directory
listen_addresses = ['127.0.0.53:53']
root@OpenWrt:~#
root@OpenWrt:~#

1 Like

If the issue persists, try to enforce dnsmasq for local system.

In addition, you should probably enable this for DNSSEC:

thanks, in the toml file, it was already enable, as i said, my toml config file is the same since almost a year, very secure and everything was ok before the new build.

1 Like

unfortunately, everything I do, nothing works..

on that test: http://dnssec.vs.uni-due.de/

I failed, first time ever

You can try to isolate the issue by using only a DNS provider that is guaranteed to support DNSSEC.

Try to uncomment this line and leave only google or cloudflare:

Then restart both dnscrypt-proxy and dnsmasq to apply changes.

1 Like

pretty crazy, its work with google and cloudflare but the servers I use, are ok with dnssec, and it was ok 2 days ago, and last month etc.....
finaly I found the problem, one of my server was dnssec but I guess since today, there is a problem with it

1 Like

@PerkelSimon I would have spotted this earlier if this was posted in the main VPR thread with details.

I've looked at the code, I can't figure out why the WebUI is breaking at that point. If you can PM me at least your VPR config, that may be helpful. Ideally, have a look at the README and provide all the information referenced in the getting help section.

1 Like

hi,

thanks, you know what, as I said, the problem goes away immediately when I go to /interface/wan/advanced/ ''uncheck '' Use DNS servers advertised by peer, and add dns server....

dont know why, but if I recheck ''Use DNS servers advertised by peer'' the VPR tab frozes again.

@vgaetera -- any ideas why is that? I'm at loss.

thanks to @stangri, problem about VPR is ok now.
solution was to put english-only letters, I mean using only english characters in the policy names .

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.