Static route not working

Hello guys!

A few months ago I switched to a LEDE based router from a freetzed Fritzbox and so far it is an awesome experience, but now I ran into a problem, which I am not able to solve: Currently I am trying to create a setup for the german ZDF app, which blocks me out of certain streams because I am based in Austria at the moment.

I've set up openvpn for my provider, but with the no-routeexec option, so that the traffic still goes over my providers default gateway. My plan was to only redirect the traffic to certain IPs needed for the ZDF app through the vpn gateway. But the problem is that I am not able to introduce a static route over Luci or by editing the config files, that works. If I set up the route using ssh and the ip tool it works perfectly fine. Can someone tell me the thing I am missing?

My network config:

root@LEDE:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option ifname 'eth0'
        option proto 'dhcp'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 6'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '5 0'

config route 'zdf_mediathek'
        option interface 'lan'
        option target '104.83.4.138'
        option netmask '255.255.255.224'
        option gateway '10.2.0.1'

config interface 'vpn'
        option proto 'none'
        option ifname 'tun0'

My openvpn.conf:

root@LEDE:~# cat /mnt/sda1/openvpn/getflix/openvpn_nbg.conf
route-noexec
float
nobind
dev tun
comp-lzo
persist-tun
persist-key
client
remote de-nr.serverlocation.co 1194
proto udp
resolv-retry infinite
reneg-sec 0
ns-cert-type server
ca /mnt/sda1/openvpn/getflix/ca.crt
auth-user-pass /mnt/sda1/openvpn/getflix/passfile

The vpn part from /etc/config/firewall:

config zone
        option input 'ACCEPT'
        option output 'ACCEPT'
        option name 'vpn'
        option forward 'ACCEPT'
        option masq '1'
        option network 'vpn'

config forwarding
        option dest 'lan'
        option src 'vpn'

config forwarding
        option dest 'vpn'
        option src 'lan'

Does no one have an idea?

I think I'm running into the same problem. I need a static route to a particular IPv6 /48 that is accessible from another machine on my local network. When I added the static route on the luci static routing page, things worked. However, whenever I reboot, the static route is gone. If I go into the luci static routing page and click "Save & Apply", then the route re-appears. However, if I run /etc/init.d/network restart, then the route disappears again.

This looks like a bug, but I'm kind of surprised because static route functionality should be pretty widely used. Would love to find a workaround.

Me too. See LEDE 17.01.2 No default route with static IPv6 and https://bugs.lede-project.org/index.php?do=details&task_id=856

The following works for me, setting static route to dead:face::1

Set a default route using the gui under Network > Static Routes > Static IPv6 Routes

Interface    Target           IPv6-Gateway    Route type
wan6         dead:face::1     (empty)         unicast
wan6         ::/0             dead:face::1    unicast

Alternatively add the following to /etc/config/network

config route6
    option interface wan6
    option target dead:face::1

config route6
    option interface wan6
    option gateway dead:face::1
    option target ::/0

I don't understand your suggestion. I have a real default route, which I don't want to break. I also have a /48 that needs to go through a different gateway, and not over the default route interface. Wouldn't adding a route to ::0/0 through dead:face::1 break my default route, or are you suggesting something else?

Sorry. I didn't read your post carefully. You should be able to add a route to your /48 in the same way I added a default route to ::/0, and it should survive a restart (but I am not an expert and may be wrong here).

Should is exactly right. That's what I'm doing. Whether I do it through luci or the config files is the same. My config file looks like:

config route6               
        option interface 'lan'
        option mtu '1420'    
        option target '2001:1234:5678::/48'
        option gateway '2001:8765:4321::2'
        option metric '512'

But that route either never gets created or more likely gets flushed when my system boots, even though it is of course still in the configuration file.

I do have a tunnel interface which has a default route. Maybe that causes all other IPv6 routes to be flushed? Still, that makes the static routing functionality almost useless.

Is there a way to do the equivalent of pressing "save & apply" on the routing page from the command line, so I can add something gross to rc.local like (sleep 30; /etc/init.d/something restart)?

So is this a bug or not? Would be awesome to get a heads up by a person who is able to assess this. For my case I was able to solve it by letting the openvpn client push the routes. But not being able to set routes otherwise is annoying.

Any new infos to get it work? I run into same issue

The way to get an expert to think about this is through the bug tracker https://bugs.lede-project.org/

There's already a report there (see https://bugs.lede-project.org/index.php?do=details&task_id=856), but maybe this is a different problem requiring a new bug report.

I had a similar problem, a static route to vpn0 being ignored. The cause of the problem was most likely that the VPN connection is not up at the moment that the route is being added. Because it also did not work if I added the "route add ..." statement to /etc/rc.local and then rebooted.

If I ran the "root add ..." command manually from the ssh prompt while the VPN was up, it worked fine.

So I ended up adding my route commands to the openvpn configuration on the client side (since I only needed them for one particular client). Now it's working just fine, even after rebooting the router, and also after the vpn goes down momentarily and then comes back up.

I don't see any routes listed in your /etc/config/network.

When I remove the bad MTU and metric, your route works; and is identical to a IPv6 route I've used in my device for over a year.

THIS WORKS:

config route6                                     
        option target '2001:470:dxxx:xxxx::/64'   
        option gateway '2001:470:cxxx:xxxx::2'
        option interface 'lan'

THIS FAILS:

config route6                                     
        option target '2001:470:dxxx:xxxx::/64'   
        option gateway '2001:470:cxxx:xxxx::2'
        option interface 'lan'   
        option metric '512'                                                                                                       
        option mtu '1420'

In what sense are they bad? If I save from the gui, they are fine.

The route with MTU and metric doesn't work (i.e. the route never gets created), just as you state above.

I tested this on command line and GUI. If I use the bad metric and MTU, the route doesn't work. I can't elaborate on your question since the rule is identical wether created in GUI or command line.