I have a VLAN that is set to use a VPN tunnel for internet traffic. I use a routing table to accomplish this.
Is it possible to send DNS queries from that subnet to a local DNS server, despite the fact all traffic from that subnet is being routed out through the VPN according to the table (come to think of it, what IS happening to RFC1918 addresses)?
VLAN subnet is 192.168.24.0/24 via interface AV (br-lan.24), firewall zone AV
DNS server is 192.168.26.53 via interface INFRA (br-lan.26), firewall zone INFRA
VPN interface is Proton123, firewall zone ProtonVPN
There is a firewall traffic rule to allow DNS from AV to 192.168.26.53 (which doesn’t work unless I remove the routing table)
Often you need local routes in your option table, instead of copying all local routes to your option table use the suppres_prefixlength rule
See my notes OpenWRT Policy Based Routing (PBR) page 6
If I understand correctly, in order to use your very helpful example for suppress_prefixlength, I would have to give option priority to all my other rules, that are higher than the option priority for the suppress_prefixlength rule? These priority numbers are arbitrary as I don’t currently have any priorities?
I’m still trying to wrap my head around what suppress_prefixlength actually says, but the coffee will kick in and I’ll try and grok that
I figured as much but was going about it the wrong way by trying to exclude routing for this subnet, rather than add one
@egc answer makes a lot of sense when you’re using a VPN for internet traffic, as RFC1918 addresses should never route that way under that scenario. I had never thought about what was happening to that traffic before, but under many circumstances it would be usefull to send RFC1918 addresses over a VPN of course.
The suppress_prefixlength rule should be the first rule so with the lowest priority
What the rule does is a lookup in the main table, the table wich has all your local rules for connecting to local ip addresses, but it suppresses the lookup of default routes the route with 0.0.0.0/0 (=default), I also suppress the lookup of rules with /1 as OpenVPN often uses "default" rules like 0.0.0.0/1 and 128.0.0.0/1 and you also want to suppress that. Using suppress_prefixlength 1 suppresses lookup of /1 and lower so also suppresses /0
For IPv6 some providers are pushing "default" routes even with /3 or /4 in that case you have to use that
That’s good to know, I shall maybe take another look sometime soon.
Want to get 25 installed and rejig some of my VLANs first.
Can I ask, what is OpenWrt video feed? I see it mentioned in the release notes for 25, but the linked Github page doesn’t explain what it’s useful for. Is it for IP cameras and the like, or is it video out libraries for OpenWrt?
I recently had a problem where I got locked out of OpenWrt and the device I’m using doesn’t appear to have video drivers in OpenWrt (NanoPi R5S (HDMI)). It would have been helpful to repair things if I had a video feed, as I had no network connectivity.
