Hello @stangri , thanks so much for the support and development.
Running OpenWRT, installed OpenVPN, using ExpressVPN, it works flawlessly, installed your build and configured as per your guide.
The issue: port based policies do not work on some ports it would seem, the read me says 15 ports could be entered, after about 4-5 ports in one "remote ports" field, they no longer work after that. Some ports (27960 simply does not work to get out to WAN). IP based policies work perfectly. The ports that seem to work without an issue are 4 digits long.
27960 is a game port, confirmed that is the only one needed to go out via multiple sources (and devs), when I apply an IP policy to the game server, it works fine, when I apply the port based policy, it will not connect
If anyone else has any ideas please chime in, at this point am out of ideas and the same google pages continue to show up lol
Router = 192.168.2.1
Modem = 192.168.1.1
PC = 192.168.2.175
-->>>>>>>>>>>>>>>>> EXAMPLE OF WHAT WORKS FIRST
content of /etc/config/vpn-policy-routing
config vpn-policy-routing 'config'
option verbosity '2'
option ipv6_enabled '0'
option ipset_enabled '1'
option dnsmasq_enabled '0'
option strict_enforcement '1'
option enabled '1'
config policy
option interface 'wan'
option name 'test'
option local_addresses '192.168.2.175'
------output of /etc/init.d/vpn-policy-routing status-------
root@OpenWrt:~# /etc/init.d/vpn-policy-routing status
vpn-policy-routing 0.0.2-32 running on OpenWrt 18.06.1. WAN (IPv4): wan/dev/192.168.1.1.
============================================================
Dnsmasq version 2.80test3 Copyright (c) 2000-2018 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
============================================================
Routes/IP Rules
default 10.116.0.65 128.0.0.0 UG 0 0 0 tun0
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth1.2
IPv4 Table 201: default via 192.168.1.1 dev eth1.2
IPv4 Table 201 Rules:
32677: from all fwmark 0x10000 lookup 201
IPv4 Table 202: default via 10.116.0.65 dev tun0
IPv4 Table 202 Rules:
32676: from all fwmark 0x20000 lookup 202
============================================================
IP Tables PREROUTING
-N VPR_PREROUTING
-A VPR_PREROUTING -s 192.168.2.175/32 -m comment --comment test -c 387 304741 -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -m set --match-set vpnclient dst -c 0 0 -j MARK --set-xmark 0x20000/0xff0000
-A VPR_PREROUTING -m set --match-set wan dst -c 0 0 -j MARK --set-xmark 0x10000/0xff0000
============================================================
Current ipsets
create wan hash:net family inet hashsize 1024 maxelem 65536 comment
create vpnclient hash:net family inet hashsize 1024 maxelem 65536 comment
============================================================
Your support details have been logged to '/var/vpn-policy-routing-support'. [✓]
---------output of /etc/init.d/vpn-policy-routing reload with verbosity setting set to 2---------
root@OpenWrt:~# /etc/init.d/vpn-policy-routing reload
Creating table 'wan/192.168.1.1' [✓]
Creating table 'vpnclient/10.116.0.65' [✓]
Routing 'test' via wan [✓]
vpn-policy-routing 0.0.2-32 started on wan/192.168.1.1 vpnclient/10.116.0.65 [✓]
vpn-policy-routing 0.0.2-32 monitoring interfaces: wan vpnclient [✓]
================= HERE IS A COPY OF THE PORT BASED POLICY THAT DOES NOT WORK =============================
config policy
option interface 'wan'
option name 'qqa'
option remote_ports '27960'
config policy
option interface 'wan'
option name 'qqa'
option remote_ports '27960'
config vpn-policy-routing 'config'
option verbosity '2'
option ipv6_enabled '0'
option strict_enforcement '1'
option udp_proto_enabled '1'
option dnsmasq_enabled '0'
option enabled '1'
root@OpenWrt:~# /etc/init.d/vpn-policy-routing status
vpn-policy-routing 0.0.2-32 running on OpenWrt 18.06.1. WAN (IPv4): wan/dev/192.168.1.1.
Dnsmasq version 2.80 Copyright (c) 2000-2018 Simon Kelley
Compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC no-ID loop-detect inotify dumpfile
Routes/IP Rules
default 10.192.0.161 128.0.0.0 UG 0 0 0 tun0
default ControlPanel.Ho 0.0.0.0 UG 0 0 0 eth1.2
IPv4 Table 201: default via 192.168.1.1 dev eth1.2
IPv4 Table 201 Rules:
32697: from all fwmark 0x10000 lookup 201
IPv4 Table 202: default via 10.192.0.161 dev tun0
IPv4 Table 202 Rules:
32696: from all fwmark 0x20000 lookup 202
IP Tables PREROUTING
-N VPR_PREROUTING
-A VPR_PREROUTING -p udp -m multiport --dports 27960 -m comment --comment qqa -c 0 0 -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -p tcp -m multiport --dports 27960 -m comment --comment qqa -c 0 0 -j MARK --set-xmark 0x10000/0xff0000
-A VPR_PREROUTING -m set --match-set vpnclient dst -c 0 0 -j MARK --set-xmark 0x20000/0xff0000
-A VPR_PREROUTING -m set --match-set wan dst -c 0 0 -j MARK --set-xmark 0x10000/0xff0000
Current ipsets
create wan hash:net family inet hashsize 1024 maxelem 65536 comment
create vpnclient hash:net family inet hashsize 1024 maxelem 65536 comment
Your support details have been logged to '/var/vpn-policy-routing-support'. [✓]
root@OpenWrt:~# /etc/init.d/vpn-policy-routing reload
Creating table 'wan/192.168.1.1' [✓]
Creating table 'vpnclient/10.192.0.161' [✓]
Routing 'qqa' via wan [✓]
vpn-policy-routing 0.0.2-32 started on wan/192.168.1.1 vpnclient/10.192.0.161 [✓]
vpn-policy-routing 0.0.2-32 monitoring interfaces: wan vpnclient [✓]