Hello mates!
I am a newcomer to OpenWrt. I have a problem and I am looking for an efficient solution. I have a BTHH5A running OW 19.07.04.
I installed protonvpn ( free pack ) on tun0 and it is working fine. I wanted to ssh into my router from an external connection such as my mobile. So I forwarded wan port 31749 ( fake port ) to port 22 on the router.
This arrangement works very well when the vpn is off. When I connect to vpn the reply packets from the router are sent over tun0. I saw them in tcpdump's capture. But I want these packets to be sent back to wan instead of tun0.
I thought pbr is the answer. Maybe not...? Could you please suggest a solution?
Here is my pbr policy :
Local addresses / devices : 192.168.0.1 # my OW router
Local ports : 22
Remote addresses / domains : <blank> # the mobile company keeps on changing ip addresses every now and then
Remote ports : <blank> # maybe I should choose 22 ...? No idea really.
Protocol : Auto
Chain : output # also tried prerouting and forward out of sheer ignorence
Interface : wan # should it be something else :roll_eyes:
No matter howsoever I play with these settings, the reply coming out of port 31749 is always routed to tun0.
The tcp dump commands and outputs on tun0 and wan are :
- tun0 :
tcpdump -i tun0 host 92.41.221.75
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
11:51:19.776008 IP cpc74084-crdf54-0-4-cust48.7-1.cable.virginm.net.31749 > 92.41.221.75.threembb.co.uk.24734: Flags [S.], seq 3836558
508, ack 566629716, win 28960, options [mss 1460,sackOK,TS val 3357627170 ecr 828784634,nop,wscale 4], length 0
11:51:20.775896 IP cpc74084-crdf54-0-4-cust48.7-1.cable.virginm.net.31749 > 92.41.221.75.threembb.co.uk.24734: Flags [S.], seq 3836558
508, ack 566629716, win 28960, options [mss 1460,sackOK,TS val 3357628170 ecr 828784634,nop,wscale 4], length 0
11:51:21.804805 IP cpc74084-crdf54-0-4-cust48.7-1.cable.virginm.net.31749 > 92.41.221.75.threembb.co.uk.24734: Flags [S.], seq 3836558
508, ack 566629716, win 28960, options [mss 1460,sackOK,TS val 3357629199 ecr 828784634,nop,wscale 4], length 0
11:51:22.772278 IP cpc74084-crdf54-0-4-cust48.7-1.cable.virginm.net.31749 > 92.41.221.75.threembb.co.uk.24734: Flags [S.], seq 3836558
508, ack 566629716, win 28960, options [mss 1460,sackOK,TS val 3357630167 ecr 828784634,nop,wscale 4], length 0
11:51:23.776552 IP cpc74084-crdf54-0-4-cust48.7-1.cable.virginm.net.31749 > 92.41.221.75.threembb.co.uk.24734: Flags [S.], seq 3836558
508, ack 566629716, win 28960, options [mss 1460,sackOK,TS val 3357631171 ecr 828784634,nop,wscale 4], length 0
11:51:24.772732 IP cpc74084-crdf54-0-4-cust48.7-1.cable.virginm.net.31749 > 92.41.221.75.threembb.co.uk.24734: Flags [S.], seq 3836558
508, ack 566629716, win 28960, options [mss 1460,sackOK,TS val 3357632167 ecr 828784634,nop,wscale 4], length 0
11:51:26.772016 IP cpc74084-crdf54-0-4-cust48.7-1.cable.virginm.net.31749 > 92.41.221.75.threembb.co.uk.24734: Flags [S.], seq 3836558
508, ack 566629716, win 28960, options [mss 1460,sackOK,TS val 3357634166 ecr 828784634,nop,wscale 4], length 0
11:51:28.780806 IP cpc74084-crdf54-0-4-cust48.7-1.cable.virginm.net.31749 > 92.41.221.75.threembb.co.uk.24734: Flags [S.], seq 3836558
508, ack 566629716, win 28960, options [mss 1460,sackOK,TS val 3357636175 ecr 828784634,nop,wscale 4], length 0
11:51:30.772854 IP cpc74084-crdf54-0-4-cust48.7-1.cable.virginm.net.31749 > 92.41.221.75.threembb.co.uk.24734: Flags [S.], seq 3836558
508, ack 566629716, win 28960, options [mss 1460,sackOK,TS val 3357638167 ecr 828784634,nop,wscale 4], length 0
- wan :
tcpdump -i eth0.2 host 92.41.221.75
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.2, link-type EN10MB (Ethernet), capture size 262144 bytes
12:03:51.332925 IP 92.41.221.75.threembb.co.uk.24704 > cpc74084-crdf54-0-4-cust48.7-1.cable.virginm.net.31749: Flags [S], seq 35249022
99, win 65535, options [mss 1220,nop,wscale 5,nop,nop,TS val 829535634 ecr 0,sackOK,eol], length 0
12:03:52.367877 IP 92.41.221.75.threembb.co.uk.24704 > cpc74084-crdf54-0-4-cust48.7-1.cable.virginm.net.31749: Flags [S], seq 35249022
99, win 65535, options [mss 1220,nop,wscale 5,nop,nop,TS val 829536635 ecr 0,sackOK,eol], length 0
12:03:53.368229 IP 92.41.221.75.threembb.co.uk.24704 > cpc74084-crdf54-0-4-cust48.7-1.cable.virginm.net.31749: Flags [S], seq 35249022
99, win 65535, options [mss 1220,nop,wscale 5,nop,nop,TS val 829537636 ecr 0,sackOK,eol], length 0
12:03:54.368262 IP 92.41.221.75.threembb.co.uk.24704 > cpc74084-crdf54-0-4-cust48.7-1.cable.virginm.net.31749: Flags [S], seq 35249022
99, win 65535, options [mss 1220,nop,wscale 5,nop,nop,TS val 829538637 ecr 0,sackOK,eol], length 0
12:03:56.367629 IP 92.41.221.75.threembb.co.uk.24704 > cpc74084-crdf54-0-4-cust48.7-1.cable.virginm.net.31749: Flags [S], seq 35249022
99, win 65535, options [mss 1220,nop,wscale 5,nop,nop,TS val 829540638 ecr 0,sackOK,eol], length 0
12:03:58.378004 IP 92.41.221.75.threembb.co.uk.24704 > cpc74084-crdf54-0-4-cust48.7-1.cable.virginm.net.31749: Flags [S], seq 35249022
99, win 65535, options [mss 1220,nop,wscale 5,nop,nop,TS val 829542639 ecr 0,sackOK,eol], length 0
12:04:02.367775 IP 92.41.221.75.threembb.co.uk.24704 > cpc74084-crdf54-0-4-cust48.7-1.cable.virginm.net.31749: Flags [S], seq 35249022
99, win 65535, options [mss 1220,nop,wscale 5,nop,nop,TS val 829546640 ecr 0,sackOK,eol], length 0
12:04:10.378232 IP 92.41.221.75.threembb.co.uk.24704 > cpc74084-crdf54-0-4-cust48.7-1.cable.virginm.net.31749: Flags [S], seq 35249022
99, win 65535, options [mss 1220,nop,wscale 5,nop,nop,TS val 829554640 ecr 0,sackOK,eol], length 0
Where do I go from here? Any suggestions, please?
Thank you!
-Gamma
Edit : typo