First of all, I wish you a happy and better new year than 2020!
Ok, I have some trouble with configuration and running of VPN Bypass.
If I type in some domains to bypass it works. If I type in a remote IP, it doesn't...
For example, if I bypass /wieistmeineip.de/vpnbypass, it works.
If I do a nslookup wieistmeineip.de it shows me up the address 52.29.79.39.
If I try to bypass with this remote IP, it doesn't work.
For this example it doesn't matter if I bypass by domain or IP address, but sometimes I have to use IP addresses or IP ranges...
So how can I get this to work?
For configuration I use LUCI.
Second problem : If I start VPN Bypass it shows me some errors...
Fri Jan 1 16:30:52 2021 user.notice vpnbypass [21774]: ERROR: iptables -t mangle -D PREROUTING -m mark --mark 0x00/0xff0000 -g VPNBYPASS
Fri Jan 1 16:30:52 2021 daemon.err modprobe: xt_set is already loaded
Fri Jan 1 16:30:52 2021 daemon.err modprobe: ip_set is already loaded
Fri Jan 1 16:30:52 2021 daemon.err modprobe: ip_set_hash_ip is already loaded
Fri Jan 1 16:30:52 2021 user.notice vpnbypass [21774]: service started with TID: 200; FW_MARK: 0x010000
Fri Jan 1 16:30:52 2021 user.notice vpnbypass [21774]: service monitoring interfaces: lan VyprVPN
than it doesn't work. I wait one or two hours and like magic... it bypasses the domains...
Could someone of you help me configurating and starting up this thing through without errors?
I restarted the router.
On startup there are these two errors showing up:
Fri Jan 1 16:54:29 2021 user.notice vpnbypass [1091]: ERROR: iptables -t mangle -D PREROUTING -m mark --mark 0x00/0xff0000 -g VPNBYPASS
Fri Jan 1 16:54:29 2021 user.notice vpnbypass [1091]: ERROR: iptables -t mangle -A VPNBYPASS -m set --match-set vpnbypass dst -j MARK --set-mark 0x010000/0xff0000
If I ssh the router and copy and paste it, there is no more error.
root@OpenWrt:~# iptables -t mangle -D PREROUTING -m mark --mark 0x00/0xff0000 -g VPNBYPASS
root@OpenWrt:~# iptables -t mangle -A VPNBYPASS -m set --match-set vpnbypass dst -j MARK --set-mark 0x010000/0xff0000
root@OpenWrt:~#
If I change the flag -g to -j it shows me the following:
root@OpenWrt:~# iptables -t mangle -D PREROUTING -m mark --mark 0x00/0xff0000 -j VPNBYPASS
iptables: No chain/target/match by that name.
root@OpenWrt:~#
My /etc/config/vpnbypass looks like this:
config vpnbypass 'config'
option enabled '1'
list remotesubnet '52.29.79.39'
list remotesubnet '52.29.79.0/24'
Ok nevermind the -g, I had never seen it before and a quick search didn't show it.
The remotesubnet needs a subnet mask.
What is the output of iptables-save -c -t mangle ?
Something is messed up here, you are missing the line -A PREROUTING -m mark --mark 0x0/0xff0000 -g VPNBYPASS
Try to restart the service. The errors show up in my log too, but they are not an issue.
This leads to my second problem.
For testing I took the domain /wieistmeineip.de/vpnbypass to my config and the bypass worked.
If I try to bypass via IP address, it doesn’t...
I took the IP address showed via nslookup wieistmeineip.de
I need to connect to some streaming services like zattoo.com without VPN.
Therefore I would like to bypass remote IPs instead of domains, because the domain didn’t work and zattoo still recognized the VPN.
Not every site allows to access it by IP, as the IP might be used by multiple sites.
As long as the counters in the iptables rules are not zero:zero you are good.
Definitely uses many different hostnames to provide its content. I don't know about Zattoo, but why not.
Maybe you will have better chance with vpn-policy-routing package.
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks for your reply, I will have a look at the policy routing package tomorrow.
I tried to check my traffic with a http proxy and entered the domains in vpnbypass but didn’t work.