opkg remove dnsmasq
Then install dnsmasq-full
I think it has worked, wow.
I have just checked the steam login history and it shows my country ip!
thank you so much. so the thing was with this "dnsmasq" package??
The udhcpc errors come from dnsmasq. Not a concern, the conffile is just letting you know the dnsmasq-full config file is different than your current config setup. You're good to go.
1 Like
Should I be using PBR instead of VPN Policy Routing?
I didnāt realise it had been replaced. Is there any difference as the readme looks the same. Thanks for your reply
EDIT: I just re-read the readme and it states the difference and how to migrate. Iāll do that
You beat me to it, I'll post links for convenience of others:
2 Likes
Based on the above, Iāve added your repo, and pulled pbr down to get familiar with it over VPN-PBR before switching over.
I have a question about libustream-mbedtls20201210. I use libustream-openssl20201210 in my build. Can I assume I can continue to use libustream-openssl20201210?
Yes, any libustream library should work with this package, however I don't understand what's causing a dependency on libustream.
BUSY;DR but,
opkg update; if ubus -S call system board
| grep -q '15.05';
then opkg install ca-certificates wget libopenssl;
else opkg install uclient-fetch libustream-mbedtls ca-bundle ca-certificates;
Oh, I see, thank you for posting this, I'll need to update that for 21.02 I guess, yes, any libustream will work.
Thanks. I run Master snapshot. Just wanted to know I could mod the snippet to accommodate my flavour. 
Be careful. Master is on fw4, which PBR and VPR are not currently compatible with.
I am well aware, but I am sure others arenāt. Good point!
Hello all,
I am new to OpenWRT.
I have an APU2E4 board and OpenWrt 21.02.1 is running on it. I have installed and configured the Wireguard client and it connects. So far everything runs without problems.
Now I have installed "VPN Poicy Based Routing" with all the necessary packages. But when I want to bypass a certain domain, nothing happens. I have also compared the conf files, but to me!!!! don't notice anything out of the ordinary.
I would be grateful for any tips or clues. And if you need anything, please let me know, as I am still quite new here.
Many thanks in advance and greetings
Michael
bug reporting 101;
- state BUILD_ID
- state package version
- use preformatted text not screenshots
PBR 0.9.4-10 + 21.02.1 | Snapshot (iptables)
Service Errors:
...
iptables -t mangle -A PBR_PREROUTING -g PBR_MARK0x060000 -d ... -m comment ...
...
I tried to install pbr according to the README in order to workaround the vpn-policy-bypass issues, but it looks like the package has been split out into pbr-ipt or pbr-netifd. Which of these is preferred? I'm sticking with firewall3 for the moment, so I'm assuming that ipt will work but is netifd better for the eventual switch to nftables?
If I use pbr-ipt, do I need to install iptables-nft as well if I'm trying out fw4? In general I'm unsure about all of the various working package configurations and what we should be using in both scenarios.
Check README for things required for any remote troubleshooting.
Please elaborate on your setup. Are you running iptables package from snapshots on 21.02 release build?
Sorry, the pbr README is dragging behind because whatever limited time I can put into pbr right now, I'm trying to improve the package. I have started working on the future separation of iptables only and either ipt/nft-compatible or pure nft package, that's why there's pbr-ipt right now.
The pbr-netifd is an attempt to rely on netifd tables, there's not much netifd functionality there at the moment. Consider this a "branch", but I wanted to be able to build both packages at the same time and I needed to adapt the Makefile to support ipt/nft variants in a future anyways. More accurately it should be called pbr-ipt-netifd actually. I'll probably rename the package soon. Once I implement the changes there, I'll test it on my own router for a while before updating README on how to best use it.
I'm also very likely to rename the options like resolver_ipset to resolver_set and dest_ipset/src_ipset to dest_set/src_set soon. While the former then be a selection between ''/'none', 'dnsmasq.ipset' and 'dnsmasq.nftset' (when dnsmasq supports nftsets), the latter ones I'm not sure if it would still be a boolean or an option between ''/'none', 'ipset' and 'nftset' yet.
hi @stangri first of all big thanks for your work
I'm trying to setup domains in https://support.opendns.com/hc/en-us/articles/360037591112-Domains-to-Allow-for-Disney-Plus
config policy
option name 'vpn-disney'
option src_addr '192.168.1.9'
option dest_addr 'disneyplus.com bamgrid.com bam.nr-data.net cdn.registerdisney.go.com cws.conviva.com d9.flashtalking.com disney-portal.my.onetrust.com disneyplus.bn5x.net js-agent.newrelic.com disney-plus.net dssott.com adobedtm.com'
option interface 'tun0'
but I'm getting the following errors:
ERROR: iptables -t mangle -A VPR_PREROUTING -g VPR_MARK0x040000 -s 192.168.1.9 -d bamgrid.com -m comment --comment vpn-disney
ERROR: iptables -t mangle -A VPR_PREROUTING -g VPR_MARK0x040000 -s 192.168.1.9 -d disney-plus.net -m comment --comment vpn-disney
ERROR: iptables -t mangle -A VPR_PREROUTING -g VPR_MARK0x040000 -s 192.168.1.9 -d dssott.com -m comment --comment vpn-disney
ERROR: iptables -t mangle -A VPR_PREROUTING -g VPR_MARK0x040000 -s 192.168.1.9 -d adobedtm.com -m comment --comment vpn-disney
indeed these 4 domain "bamgrid.com, disney-plus.net, dssott.com adobedtm.com" don't get directly resolved although their subdomains like "edge.bamgrid.com" works.
any idea how to fix this ?