VPN Policy-Based Routing + Web UI -- Discussion


#373

@stangri @dk4dk4 What would be cool is to have maybe a check box to add a "Monitored domain/ip" or even a "Dynamic IP" rule in VPR. So that perhaps every 5-10 minutes (or user specified value), a lookup against the domain is run and if the IP has changed since the rule was implemented it drops the old rule and adds the new rule. Not sure if there would be any firewall rule stacking issues with that though since I assume the rules are stacked top to bottom and any new rule would be appended to the bottom of the firewall list?


#375

I'm trying to get my Plex server to be accessible via WAN. I have the port forwarded on the router, but I'm not sure what vpn policies I need to allow external WAN access to my Plex server. My router is at 192.168.1.1 and my Plex server is at 192.168.1.30. Port 32400 is forwarded at the router to the Plex server. My VPN provider is Mullvad connected via Wireguard.


#376

I had a similar set-up a while ago, but my recollections are vague. Nevertheless, you'll need to ensure responses from your Plex server are sent back over the WAN rather than over the VPN; so you'll need a rule to enforce this. You could potentially restrict this to port 32400 so that all other traffic from that machine goes over the VPN. E.g.:

-s 192.168.1.30 -p tcp --sport 32400

I'd recommend starting by requiring all traffic from your Plex server to be sent over the WAN, and then try restricting by port once you've got it working.


#377

Hey @stangri - just wanted to mention, the SSH option is now working :slight_smile: tried it now with the 0.0.4 release and the output chain option worked finally. Great!
I can currently only split the openSSH client and not dropbear but.. well I'll figure that out. Thanks for your patience!


#378

@stangri I am having some problems with VPR.

  1. It wont auto start with the boot process, even if I set the boot timeout to 30 or more. It just halts the boot for that amount of time and then exits and never starts again unless manually started. Can you create the service as a daemon so it keeps running in the background just like openvpn and mwan3? They do a better job of being a service and keep running in the background and do not halt the boot process while VPR stays in the foreground and halts the boot process.
  2. Now VPR is also not reloading after running for a few hours even when the VPN or WAN connection gets reloaded/reconnected and it doesn't change the IP in VPR and so the policies don't work. I manually needed to stop/start it. I even changed a policy but it didn't reload the vpn address even if I put the vpn interface in supported interfaces section.

Hopefully you can fix these issues. Thanks


#379

A few clues might help you get some assistance. ie read the first post on supplying debug info.
You might also question why others haven't reported similar problems previously to this. ie what's different about your configuration/hardware/software to other users.