Where can I download that version?
Found it... Sorry... After I try
Where can I download that version?
Found it... Sorry... After I try
I'm not able to edit previous post, so, with version 12, the status is correct and better button.
Do you know when will be available version12 on official repo?
sir how to fix this error im using gl-ar150
Mon Nov 4 09:28:11 2019 daemon.err modprobe: xt_set is already loaded
Mon Nov 4 09:28:12 2019 daemon.err modprobe: ip_set is already loaded
Mon Nov 4 09:28:12 2019 daemon.err modprobe: ip_set_hash_ip is already loaded
It's not an error per se, you can ignore these entries in the system log.
Thanks for your work on your vpnbypass package. I've recently switched from DD-WRT where I was using a similar setup with dnsmasq, ipset, fwmark and iptables to mark traffic to bypass the VPN/create DNS based bypass rules. I like that on OpenWRT that you can just use opkg to extend the features required and even better you created a GUI in LuCI for this to make a bit more manageable.
Because I'm currently in the tinkering phase and getting comfortable with OpenWRT, I've noticed that depending on the changes made to router e.g. interfaces or high routing stuff, the VPN bypass setup seems to stop working. The ipset ruleset "vpnbypass" still seems to be present, but I believe either the fwmark/iptables rules may get nuked say if the network service is restarted or the firewall is restarted, even when doing a /etc/init.d/vpnbypass restart to apply them again, I noticed all my traffic was going through the VPN, even if an IP of a domain e.g. ifconfig.me was in the ruleset. Rebooting the router entirely brings things back to normal. This might suggest the traffic marking rules were lost.
I'm looking at ensuring that the vpnbypass fwmark and iptables rules are persistent and more resistant to such changes, would there be ways of accomplishing this? I've been reading some docs and Hotplug might be the answer to hook into various events with scripts.
Thanks in advance for your thoughts on this!
Edit: Looking at your VPN Policy routing package, it may be better to use that instead for "enforcement" purposes and more control.
I haven't encountered anything like that, if you ever go back to vpnbypass from VPR, let me know so I'll send you some diagnostics to run if that ever happens again.
Thanks for your reply. At a guess, I'm going to assume it was the fwmark or routing table changes that got wiped out somehow, given the ipset ruleset vpnbypass was still present and populated, the mangle table had the bypass rules present also. I will probably use your VPR implementation going forward, because of the more extensive control, but maybe someone else might have experienced the same problem.
I installed the vpnbypass package and seems to be installed correctly.
My problem I have I get a TLS handshake error when attempting to open a website.
I've added a vlan (192.168.10.1/24) to bypass the vpn tunnel. I'm able to ping but pages won't open, stuck on TLS handshake.
Also running dnscrypt-proxy. Could that be causing problems?
config vpnbypass 'config' option enabled '1' list localsubnet '192.168.10.1/24'
config dnsmasq option domainneeded '1' option localise_queries '1' option rebind_protection '1' option rebind_localhost '1' option local '/lan/' option domain 'lan' option expandhosts '1' option authoritative '1' option readethers '1' option leasefile '/tmp/dhcp.leases' option nonwildcard '1' option localservice '1' option noresolv '1' list address '/router.linksys/192.168.5.1' option resolvfile '/etc/resolv-crypt.conf' option allservers '0' list server '127.0.0.1#5353' list server '/pool.ntp.org/188.8.131.52' config dhcp 'lan' option interface 'lan' option start '100' option limit '150' option leasetime '12h' option dhcpv6 'server' option ra 'server' option ra_management '1' config dhcp 'wan' option interface 'wan' option ignore '1' config odhcpd 'odhcpd' option maindhcp '0' option leasefile '/tmp/hosts/odhcpd' option leasetrigger '/usr/sbin/odhcpd-update' option loglevel '4' config dhcp 'guest' option interface 'guest' option start '100' option leasetime '12h' option limit '150' option ra 'server' option dhcpv6 'server' option ra_management '1'
config defaults option syn_flood '1' option input 'ACCEPT' option output 'ACCEPT' option forward 'DROP' option flow_offloading '1' option flow_offloading_hw '1' config zone option name 'lan' option input 'ACCEPT' option output 'ACCEPT' option network 'lan' option forward 'DROP' config zone 'gst' option output 'ACCEPT' option network 'guest' option name 'gst' option input 'DROP' option forward 'DROP' config zone option name 'wan' option output 'ACCEPT' option network 'wan wan6' option input 'DROP' option forward 'DROP' option masq '1' option mtu_fix '1' config rule option name 'Allow-DHCP-Renew' option src 'wan' option proto 'udp' option dest_port '68' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-Ping' option src 'wan' option proto 'icmp' option icmp_type 'echo-request' option family 'ipv4' option target 'ACCEPT' config rule option name 'Allow-IGMP' option src 'wan' option proto 'igmp' option family 'ipv4' option target 'ACCEPT' config rule option name 'Allow-DHCPv6' option src 'wan' option proto 'udp' option src_ip 'fc00::/6' option dest_ip 'fc00::/6' option dest_port '546' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-MLD' option src 'wan' option proto 'icmp' option src_ip 'fe80::/10' list icmp_type '130/0' list icmp_type '131/0' list icmp_type '132/0' list icmp_type '143/0' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Input' option src 'wan' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' list icmp_type 'router-solicitation' list icmp_type 'neighbour-solicitation' list icmp_type 'router-advertisement' list icmp_type 'neighbour-advertisement' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Forward' option src 'wan' option dest '*' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-IPSec-ESP' option src 'wan' option dest 'lan' option proto 'esp' option target 'ACCEPT' config rule option name 'Allow-ISAKMP' option src 'wan' option dest 'lan' option dest_port '500' option proto 'udp' option target 'ACCEPT' config include option path '/etc/firewall.user' config zone option name 'vpn' option output 'ACCEPT' option input 'DROP' option forward 'DROP' option network 'ovpn' option masq '1' option mtu_fix '1' config rule 'gst_dhcp' option name 'gst-DHCP' option src 'gst' option target 'ACCEPT' option proto 'udp' option dest_port '67-68' config rule 'gst_dns' option name 'gst-DNS' option src 'gst' option target 'ACCEPT' option proto 'tcpudp' option dest_port '53' config forwarding option dest 'wan' option src 'gst' config forwarding option dest 'vpn' option src 'lan' config forwarding option dest 'wan' option src 'lan'
I'd remove that or try vpn-policy-routing which has better support for VLANs.
So today I discovered
luci-app-vpnbypass was not working, Netflix (and other domains defined in
/etc/config/dhcp) traffic is being sent over the Wireguard VPN.
luci-app-vpnbypass just to be sure, I do have
dnsmsaq-full + ipset installed and the appropriate domain entries in
As expected I get a LAN IP from my Wireguard server and it shows up under Status --> Overview for
DHCP config and vpnbypass restart logs - https://git.io/Je6lX
How do I troubleshoot this?
ipset save shows the
vpnbypass ipset being filled with resolved IPs.
Getting Netflix to work reliably may require you set vpnbypass for your streaming device's IP.
Yes, the vpnbypass ipset is created and filled with resolved IPs and the DNS server IPs too.
I added the phones and notebooks to
Local IP Addresses to Bypass too but the phone's/PCs still can't play Netflix as it detects the VPN IP and thinks it's a proxy.
I'd try disabling dnscrypt then. If routing is fixed, it's probably DNS servers which are throwing Netflix off.
I'm not running DNScrypt, it was banIP that created the Firehol ipsets.
What are these changes then?
Those changes were added when dnscrypt proxy was added.
Tried 'vpn-policy-routing' and the same issue is happening. Stuck on TLS handshake when attempting to open a webpage.
I'd clean up everything DNS-resolution related and restore those settings to defaults, then set the DNS servers thru dhcp.dnsmasq setting and try again.
You have way too many changed settings for me to even try to make sense of your setup.
I have installed VPN bypass and it works fine adding domains. But how can I exclude a subdomain? For example vpn bypass does not bypass www.showmyipaddress.eu by adding /showmyipaddress.eu/vpnbypass. I guess it is because it is a subdomain (www).
This is just an example. I am trying to add all subdomains of amazonaws.com, but it does not work. I tried:
It still displays my VPN ip address. I am sure that dnsmasq-full is installed, because when I add /whatismyipaddress.com/vpnbypass, it works without problem.
Can anyone help me solve my issue?