Awesome work. I can confirm that enabling DNSMASQ through the Web UI is working again.
@stangri
Thanks sir. I know you put a lot of time into making these packages work and improving on them. They are only getting better over time. I'll continue to help in any way I can.
Just was redirected to this new thread, thx @stangri for continue working on this, I gotta update the package.
However I have a question which settings I have to set for my current setup to work.
I'll try to recall it now as good as possible, can give details later if needed:
I have set up both a vpn client and a vpn server on my router.
For both I have specific interfaces and firewalls set up.
I only want one ip (homeserver) in my lan to "use" the vpn client and go through vpn tunnel to my vpn provider.
This works with your app.
From away I also can connect to my vpn server, there's just one problem: Connecting to my vpn server I can reach all ip's except of the homeserver
I'm a noob and happy whit how far I got but that last step is missing.
I'm unsure if it's just some setting in your app or if I have to change something in the firewall zones, but maybe someone here can help me.
Uhm, I don't even know where to start. If the homeserver is accessible from LAN it should be accessible via OpenVPN Server connection as well, especially if all other local devices are accessible.
You may want to post your openvpn, firewall and vpn-policy-routing configs, as well as the service/port you're trying to access on your homeserver.
Yes, homeserver is accessible via lan.
But not via ovpn server connection, this concerns every port I tried so far.
Where are all the config files i should post..also I don't really know which info better not post publicly.
Can you help me here?
I'll attach pics of interfaces and fw zones.
I noticed that in the config file " option ipset_enable '1' " is no longer available and manually inputting it into the config does nothing. Maybe this has something to do with it?
Make sure to read this. I'm very curious what might have happened tho, so make sure to post required information.
And once again I refer you to README. With dnsmasq enabled, the ipset is assumed enabled. The actual setting only plays if you disable dnsmasq support.
May have figured it out. It seems that vpn-policy-routing was set to "DISABLED" in the system startup tasks. I noticed this because I tried running /etc/init.d/vpn-policy-routing restart and everything started working. After restarting the router I noticed I had to run a restart again on vpn-policy-routing. So I checked the startup page and what do you know it was DISABLED. Idk if maybe it is set to disabled by default from when I updated. maybe something you can check out? Otherwise I must have hit disable by accident
Ah, I see. My bad -- you quoted the config file and I assumed you're talking about the actual configuration, not the luci page. Thanks for bringing it up, fixed in luci-app-vpn-policy-routing 13.
Consequence of using old luci app probably. It had a bug that it disabled the service every time you tried to stop it from Web UI. Once you enable it once tho (or on the new installs), it should be good to go. Thank you for sticking with it.
Hi,
Does anyone know the most effective way to bypass the BBC iplayer service (android app)? What are the IPs/domain names that have to be bypassed? I have multiple devices that access iplayer and bypassing the entire device is not ideal.
Thanks. Unfortunately, having added the domains you mentioned, iplayer still does not work.
I did yesterday, have a look at packet capturing on the router. Only managed to get Cloudshark sort off working. But the problem seem to be that uploading a capture time of any more than 10 seconds would just seem to hang that process.
Despite a couple of 'vague' tutorials online, I couldn't figure out how a desktop based program such as wireshark works with LEDE.
Also, newb question here. If the router IP is within a subnet range that is excluded by policy-routing from the VPN does that mean the router is also excluded? Just because I am trying to figure out why I am unable to access the router from WAN yet I can access things like my NAS that aren't within that subnet even though I have setup policies and firewall rules for it on ports like 22, 80 and 443. If it is already bypassing the VPN then I am wondering if that a specific route for that IP is not needed and confusing it.
Another thing I haven't figured out is when a remote port would need to be used for bypassing/routing as the only way I have been able to get it work is to leave that blank and bypass on local ports only.
@DVS: there's a wiki article on how to run an OpenVPN server and client on router at the same time: https://lede-project.org/docs/user-guide/openvpnserverandclient -- just adjust the instructions for whatever service/port you want to make accessible on your router instead of an OpenVPN Server.
From my experience some dns requests might be cached and hence it does not work immediately after you apply it if you have just tried it. I would reboot the router, then make sure vpn-policy-routing is running (sometimes it fails to start for me) and only then test the iplayer.