VPN Policy-Based Routing + Web UI -- Discussion

I'm trying to build firmware and like to add this app,there is no app by default. Can anyone help me to add this app in SDK?
Note: I'm new in SDK stuff, so easiest guide will be helpful.

Use image builder rather than an SDK and check the README on my repo.

Also, please direct further SDK/image building questions to a separate thread.

Hi,
Yes I have tried this but unfortunately I see the same thing. I just did a factory reset and re-set this up but still see the same issue with these domains: rtve.es and netflix.com.

Thanks

I need stuff mentioned in the README to accompany support requests.

Also, just to confirm -- if you stop VPR, you can access these web-sites via VPN connection?

Hi,

Yes correct, if I stop VPR service I can access both sites via the VPN provider.

I´ve posted the requested output here:

Contents of `/etc/config/vpn-policy-routing:

config vpn-policy-routing 'config'
        option verbosity '2'
        option ipv6_enabled '0'
        option ipset_enabled '1'
        option dnsmasq_enabled '0'
        option strict_enforcement '1'
        option boot_timeout '30'
        option enabled '1'

config policy
        option chain 'PREROUTING'
        option proto 'tcp udp'
        option interface 'wan'
        option name 'LAN'
        option local_address '192.168.1.81/28'

Output of /etc/init.d/vpn-policy-routing reload


Creating table 'wan/87.235.0.10' [✓]
Creating table 'nordvpntun/10.7.0.1' [✓]
Routing 'LAN' via wan [✓]
vpn-policy-routing 0.0.6-1 started on wan/87.235.0.10 nordvpntun/10.7.0.1 [✓]
vpn-policy-routing 0.0.6-1 monitoring interfaces: wan nordvpntun [✓]
root@OpenWrt:~#

I´ve uploaded the /etc/init.d/vpn-policy-routing status -p to paste.ee. Should I message you the URL?

Thanks

Can you help here, Multiple Wifi Interface with L2TP Client

If you stop VPR and the VPN tunnel, can you access these sites over WAN?

Hi,
If I stop VPR and the VPN tunnel I can't access any sites at all including these ones.

Thanks!
Stuart

But when you run VPR you can't access these domains thru VPN either?

There was a bug which precluded VPR from cleaning up some jumps in the iptables which was fixed in the build you have, so you may want to reboot your router if you haven't yet after upgrading to the newest build.

Hi, thanks a lot for a great tool!
just updated to 0.0.6-1.
My rules lost. New rules don't work. Luci button "add" rule don't work.

Here is screenshot

Preferences are lost to.
Is there some way to back on previous build?

Hi, I just installed a vpn client (PIA) following the pia guide, I don't know if is the best but I've some questions

My purpose is to have only one ip of the lan under vpn so:
Router -> 10.0.0.1
Nas -> 10.0.0.100 (this device must be under vpn)

Like I said I configured the client with the pia guide, that don't make a new firewall zone but edit the zone and add the interface for pia_vpn to the wan. Is best to make a new firewall zone? Considering what I want to do.

I tried to take a look to the pbr interface but I think I need some help, I can't understand what I've to put, I only want that the Nas can reach internet only if tun1 is active, is like a kill-switch right? But I can't understand how to do it.

Is possible to have any advice?

Thanks, Jo

Yes, the repo is a github repo, you can browse earlier commits with earlier versions of VPR.

Do you remember which version did you upgrade from?
Did you upgrade the luci app? Which version of the luci-app-vpn-policy-routing do you have?
What's the content of /etc/config/vpn-policy-routing?

You need to configure your VPN client with its own firewall zone. Then make sure to configure it so it doesn't became the default gateway (check the README) and create single policy for your NAS to route via VPN.

I feel like you may need some hand-holding thru the process, sorry, I can't help, but there are other users who may be able to (if you post in a separate thread), @vgaetera is one of the top VPN gurus on the forum.

Many thanks, I'll try and if no success I'll do a new post!

Yes, I've found previous version, not installed yet to check.
I had a troubles with router and had to reset preferences to default, after setup vpn-policy-routing from repo. I see last commit was yesterday. Now I have version 0.0.6-1 Wich don't work.
Luci-vpn-polity is git-19.194.40998-7b1a..-41
(The last)
I don't think the trouble is in luci-vpn.... Because it doesn't work from command line too.

config
enable '1'
config policy
	option chain 'PREROUTING'
	option interface 'wan'
	option name 'st'
	option proto 'tcp udp'
	option remote_address 'pikabu.ru'

config policy
	option chain 'PREROUTING'
	option interface 'wan'
	option name 'prt'
	option proto 'tcp udp'
	option local_port '8621-8626 53599'

Rules are present but have no any effect. And Luci have no buttons to configure.
I tried to restart, enable, start from command line but have one error '...is not enabled try to enable...' but as you can see enable is '1' in config. I'll try to roll out tomorrow. Just curious is it version trouble or my router.

with 0.0.6-0 the same issues

Your config file is corrupted (I suspect from manual editing). If you installed from my repo, run:
opkg update; opkg install --force-reinstall --force-maintainer vpn-policy-routing;

You will lose your policies, but this will install the valid config file instead of your corrupted one.

Now it seems work great! Thank you, kind man!

Hi, Just started using this package and believe i've come across a bug.
On my system (x86 atom based), latest openwrt 18.06.4 with latest vpn-policy-routing 0.0.6-1 I have 1 wan connection with two vpn clients with airvpn.
I've settup the option icmp_interface 'wan' in /etc/config/vpn-policy-routing. this works fine. Until in Luci i changed my interface from vpn client to wan. The effect of this is to remove the icmp_interface option in the config file.

from > services > VPN-Policy-Routing stop/disable seems ok, bu re enabling it wipes that option from the config file.

also, changing the option in /etc/config/vpn-policy-routing from "option enabled '1'" to "option enabled '0'" and back works as expected.

1 Like

Great find, should be fixed in luci app version 42 and I've also fixed the README!