VPN Policy Based Routing + TOR

Hi,
got multiple vpn tun interfaces. One of them is used as default interface (strict mode) for several clients. How can i route tcp+dns traffic through tor behind this default vpn tun interface?
VPN PBR shows "tor/53->9053/80,443->9040", but can't select the interface to create a rule.
Found this instruction: https://openwrt.org/docs/guide-user/services/tor/client.
Guess, I don't need to create any rule?

Thank you for help. Best regards.

The redirects in the wiki apply to the entire LAN subnet.
You may want to limit the redirect scope to specific IPs or MACs.

1 Like

If you're familiar with CLI, let me know, I have a newer luci app for you to test.

Let's try.

Updated packages vpn pbr and the luci app to latest (https://github.com/stangri/repo.openwrt.melmac.net).
Can select TOR interface. But I get several service warnings:
Please unset 'src_addr', 'src_port' and 'dest_port' for policy 'TOR'
Please unset 'proto' or set 'proto' to 'all' for policy 'TOR'
or
Policy 'TOR' missing all IPs/ports.

It works when I specify remote addresses. DNS request is still over vpn.
The goal is to use tor interface for all domains with several clients.

At the moment, only remote address/IPs are supported for TOR policies.

I can work on implementing additional features if you can test what's currently supported first.

1 Like

Worked fine until update 21.02. rc2 + 0.3.4-6

Now, this is a problem I had several times after updating the device.
I need to unset my default vpn connection as default route. Otherwise, rules based on other vpn connections do not work. TOR based rules worked fine.

Now I set wan and unset all vpn connections as default route.
VPN based rules work again.

I set my default vpn connection by rule (all local and remote ports).
This overwrites TOR based rules.

Look, realistically, what do you want me to do with this?

I worked hard on the README and it has a full list of information required for any sort of informative attempt to fix issues (not very often) or point out misconfigurations (very frequently), there's no action I can possibly take on a statement "Worked fine until update 21.02. rc2 + 0.3.4-6".

Also, this:

Is troubling. How many VPN connections do you have set as a default route?

1 Like

Serious?
Just tried to help and asked for help.
I'm out.

There's nothing u could do right?
0.3.4-8, added support for 21.02.rc2.

Works again.

Thank u for your work, man! :muscle:

Yeah, because @theAeon posted configs: VPN Policy-Based Routing + Web UI -- Discussion - #1339 by theAeon

1 Like

Oh its fixed? Nice. Did they screw something up with the uci config changes or something?

Alright amigo. THANK U SIR!

Two points:
What about policy based routing of DNS traffic.
At the mom, I can route DNS requests based on domain and/or interface in OpenWrt, AFAIK.

Another thing, already opened a ticket on GH, can u implement I2P support (know you can) ?

'd be cool :muscle: :muscle: :muscle: