VPN Bypass (split tunneling) Service + Luci UI

colmoschin94 · October 1, 2019, 6:06am

Hi guys!
So after setting up my VPN connection on openwrt (Thanks to stangri) I moved onto setup split tunneling (vpnbypass), I installed all the dependencies listed in the readme file (except dnsmasq full, somehow it does not work correctly on my router) and the LuCi interface plugin, now I can setup the ports I want to offload from the VPN however if I try to start the service I get this message:

404 Not Found

Sorry, the object you requested was not found.

Unable to dispatch: /cgi-bin/luci/admin/services/vpnbypass

I tried to start the service via cli and that seems to return no error but the service is not listed as running anyway. Any Idea of what I should do?
Thanks!

stangri · October 1, 2019, 11:45am

What version of OpenWrt are you running?

colmoschin94 · October 1, 2019, 4:25pm

It was the latest snapshot for the Xiaomi R3P, but nevermind, the build was too unstable for daily use, so I had to revert back to stock.

Thanks anyway =)

stangri · October 2, 2019, 2:04am

Thanks, submitted PR with the fix.

colmoschin94 · October 2, 2019, 8:52am

No problems, thanks for the amazing support.

neoc41 · October 17, 2019, 3:51am

Hey Stangri, your package is exactly what I'm looking for. Please forgive me, I've only just started with OpenWRT and this is my first post.

I'm running a Netgear Nighthawk X4S R7800 on OpenWrt 19.07-SNAPSHOT r10575-28d3afc8d6 / LuCI openwrt-19.07 branch (git-19.272.21960-7a7a56a) by hnyman. I've managed to get the OpenVPN connection going and installed VPNbypass and all the dependencies mentioned in your readme.

When in the WebUI I click on Enable/Start nothing happens. If I click Save & Apply I get the following error:

Failed to execute cbi dispatcher target for entry '/admin/services/vpnbypass'.
The called action terminated with an exception:
/usr/lib/lua/luci/model/cbi/vpnbypass.lua:79: attempt to call field 'restart' (a nil value)
stack traceback:
	/usr/lib/lua/luci/model/cbi/vpnbypass.lua:79: in function '?'
	/usr/lib/lua/luci/cbi.lua:226: in function '_run_hooks'
	/usr/lib/lua/luci/cbi.lua:403: in function 'parse'
	/usr/lib/lua/luci/dispatcher.lua:881: in function </usr/lib/lua/luci/dispatcher.lua:860

What am I doing wrong?

stangri · October 17, 2019, 2:39pm

Welcome to the community.

This is not an expected behaviour. I'll have to look into it.

Yeah, this is a bug, I have fix ready, but I need to look into the other issue before I can submit the fix to the official repo.

neoc41 · October 20, 2019, 5:37am

As an update, the service does actually work. The button just doesn't change.

stangri · October 20, 2019, 10:42pm

Implemented better service controls as in my other packages, PRs sent.

If you're on 18.06.x, you may want to install updated luci app from my repo, as I'm not sure that the feature (not a bugfix) will be accepted into 18.06.x now.

pesa1234 · October 23, 2019, 10:25am

Same issue on button with 19.07 snapshot

stangri · October 23, 2019, 5:22pm

what's the version of the luci-app-vpnbypass?

pesa1234 · October 23, 2019, 11:09pm

luci

git-19.294.25164-3fe525d-11

Core

1.3.1-4

stangri · October 24, 2019, 4:05am

There's better buttons control in version -12. Please try that.

pesa1234 · October 24, 2019, 11:41am

Where can I download that version?

Found it... Sorry... After I try

pesa1234 · October 26, 2019, 11:34pm

I'm not able to edit previous post, so, with version 12, the status is correct and better button.

Do you know when will be available version12 on official repo?

Thanks

stangri · October 28, 2019, 11:14am

PRs were merged recently: master, 18.06, 19.07, so it should be available shortly.

antotitot · November 4, 2019, 1:44am

stangri

sir how to fix this error im using gl-ar150

Mon Nov 4 09:28:11 2019 daemon.err modprobe: xt_set is already loaded
Mon Nov 4 09:28:12 2019 daemon.err modprobe: ip_set is already loaded
Mon Nov 4 09:28:12 2019 daemon.err modprobe: ip_set_hash_ip is already loaded

stangri · November 4, 2019, 2:43am

It's not an error per se, you can ignore these entries in the system log.

antotitot · November 4, 2019, 3:36am

thanks sir.

jamesmacwhite · November 5, 2019, 7:51pm

Hi @stangri

Thanks for your work on your vpnbypass package. I've recently switched from DD-WRT where I was using a similar setup with dnsmasq, ipset, fwmark and iptables to mark traffic to bypass the VPN/create DNS based bypass rules. I like that on OpenWRT that you can just use opkg to extend the features required and even better you created a GUI in LuCI for this to make a bit more manageable.

Because I'm currently in the tinkering phase and getting comfortable with OpenWRT, I've noticed that depending on the changes made to router e.g. interfaces or high routing stuff, the VPN bypass setup seems to stop working. The ipset ruleset "vpnbypass" still seems to be present, but I believe either the fwmark/iptables rules may get nuked say if the network service is restarted or the firewall is restarted, even when doing a /etc/init.d/vpnbypass restart to apply them again, I noticed all my traffic was going through the VPN, even if an IP of a domain e.g. ifconfig.me was in the ruleset. Rebooting the router entirely brings things back to normal. This might suggest the traffic marking rules were lost.

I'm looking at ensuring that the vpnbypass fwmark and iptables rules are persistent and more resistant to such changes, would there be ways of accomplishing this? I've been reading some docs and Hotplug might be the answer to hook into various events with scripts.

https://openwrt.org/docs/guide-user/base-system/hotplug

Thanks in advance for your thoughts on this!

Edit: Looking at your VPN Policy routing package, it may be better to use that instead for "enforcement" purposes and more control.