You're reading it right, my bad, sorry. The VPR reload should still be triggered on supported interfaces up/down thru the PROCD.
YouTube should be routable with just domains. Look up all the domains YouTube is using or monitor the dnsmasq logs in real time while.
1 Like
So I tried but no luck it still allowing the traffic through.
I am out of ideas and anything else will make my mind blow. lol
Like I said 3 days ago:
You can use ipset save/ipset add in your own custom user script if you believe your list of Amazon IPs is better than one the bundled custom user script creates.
2 Likes
Its ok mate, I have found a work around. Sorry its just that my skills are not that high in this kinda stuff and so I have made it pretty simple.
Thanks for your help though, I am sure I may have more questions again in the future.
Thanks to @vgaetera for alerting me to an issue that when default ICMP interface has been changed but no policy targeting OUTPUT chain exists, then the OUTPUT chain is not created on start and interface setup fails.
This was fixed in vpn-policy-routing 0.3.2-18 (available in my repo) which also includes a prep work for js-based WebUI and better error/warning output.
I'll submit PR for the changes to OpenWrt repos within a few days.
2 Likes
Having lived with the VPN policies running for a few days I suspect that my (WAN interface) SQM configuration is no longer optimal (getting some choppy video calls when the network is in demand and DSLreports show a lot of bufferbloat) and was wondering if anyone had any advice. Most of my traffic routes over WAN, and only one specific interface uses the VPN. Do I need to set up a separate SQM instance for the VPN interface as well as the WAN interface and if so anything I need to look out for?
Thanks in advance
It is strange because i took a look and it does not appear to be restarting the interface. The interface is a WireGuard interface called VPN, i tried also adding that to the supporting interface but that did not make a difference either.
In my case I have the WAN as the main connection, then I have a few devices which are using the WireGuard connection for all the traffic, when the router starts it gives the below:
If i restart the service, the right IP comes up, but until then the mobile devices which are set to use the vpn connection have no connectivity. How could I go about resolving this so it comes back up on boot?
Many thanks!
On start/restart it's supposed to display the interfaces it's monitoring. Is the WG interface included?
hi guys
I'm using mwan3 to load balance my wan connections
I have 3 wan connection ( one wan port and 2 virtual wan ports )
I actually using-policy-routing for assigning an IP address to specific gateway
the problem is my luci only shows 2 of my gateways for assigning as interface ! and one of my wan connection is not listed in luci panel !! ... is there any solutions ? how can I add a service gateway with CLI ?
thanks
yes , all of my wan connections are set as default gateway
Hmmmm. Did you follow the mwan3 wiki guide, specifically the section where it has you go through and ping out of each gateway before enabling mwan?
Sorry, what does it have to do with vpn-policy-routing?
Hi Stan,
on my older router running vpn-policy-routing 0.2.1-13 I can easily set The ipset option for remote policies
to DNSmasking.
but same hardware but the updated VPR [vpn-policy-routing 0.3.2-18] everytime i change it to DNSmasking after save and apply it goes back to disabled...
any ideas on this? if not if i type opkg install vpn-policy-routing 0.2.1-13 would that install the older version or do i have to do it a different way?
I have dnsmask-full on both routers
Thanks man
Wed Mar 3 08:45:02 2021 daemon.notice openvpn(ohvpnAB11)[1801]: /sbin/ifconfig tun0 172.16.1.8 netmask 255.255.255.0 mtu 1500 broadcast 172.16.1.255
Wed Mar 3 08:45:02 2021 daemon.warn openvpn(ohvpnAB11)[1801]: ERROR: Linux route add command failed: external program exited with error status: 1
Wed Mar 3 08:45:02 2021 daemon.warn openvpn(ohvpnAB11)[1801]: ERROR: Linux route add command failed: external program exited with error status: 1
Wed Mar 3 08:45:02 2021 daemon.warn openvpn(ohvpnAB11)[1801]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Mar 3 08:45:02 2021 daemon.notice openvpn(ohvpnAB11)[1801]: Initialization Sequence Completed
Wed Mar 3 08:45:04 2021 user.notice firewall: Reloading firewall due to ifup of ohvpn (tun0)
Wed Mar 3 08:45:04 2021 user.notice vpn-policy-routing [1841]: Creating table 'ohvpn/tun0/0.0.0.0/fe80::4c96:43e:3a26:81f1/64' [✗]
Wed Mar 3 08:45:05 2021 daemon.info dnsmasq-dhcp[1620]: DHCPDISCOVER(br-lan) 10.50.0.78 00:0e:c6:65:99:45 no address available
Need to update to the latest luci app from my repo.
Hey Stan,
I did that and updated everything, but still stays on disabled.
Any chance I can go to the older version?
Cheers
This is how "Basic Configuration" looks with the up-to-date luci app:
Let me know if yours looks the same.
You can, my repo is also a github repo you can go back in time: https://github.com/stangri/repo.openwrt.melmac.net
1 Like
I just noticed this post-i'm having a similar issue with the same set up-just one DSCP tag policy. I believe mine is also failing to set up on boot, but I don't remember the error. I just know that it wasn't that one. Will update when I figure it out. Also, thanks for the idea re: dscp, i'm leaking way too many torrents out on my wan for comfort right now.