VPN route policy not working

No i didn't, how do i do that on luci?


 -----------------------------------------------------
 OpenWrt 21.02.2, r16495-bf0c965af0
 -----------------------------------------------------
root@OpenWrt:~# ubus call system board; \
> uci export network; uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; uci export pbr; uci export vpn-policy-routing
{
        "kernel": "5.4.179",
        "hostname": "OpenWrt",
        "system": "MediaTek MT7621 ver:1 eco:3",
        "model": "Xiaomi Mi Router 3G",
        "board_name": "xiaomi,mi-router-3g",
        "release": {
                "distribution": "OpenWrt",
                "version": "21.02.2",
                "revision": "r16495-bf0c965af0",
                "target": "ramips/mt7621",
                "description": "OpenWrt 21.02.2 r16495-bf0c965af0"
        }
}
package network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fd51:cb68:358c::/48'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'
        option broadcast '1'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'auto'
        option peerdns '0'

config device
        option type '8021q'
        option ifname 'lan1'
        option vid '10'
        option name 'vlan10'

config device
        option type '8021q'
        option ifname 'lan2'
        option vid '20'
        option name 'vlan20'

config device
        option type 'bridge'
        option name 'br-all'
        list ports 'eth0'
        list ports 'lan1'
        list ports 'lan2'
        option bridge_empty '1'

config bridge-vlan
        option device 'br-all'
        option vlan '10'
        list ports 'eth0:t'
        list ports 'lan1:u*'

config bridge-vlan
        option device 'br-all'
        option vlan '20'
        list ports 'eth0:t'
        list ports 'lan2'

config interface 'Vlan10'
        option device 'br-all.10'
        option proto 'static'
        option ipaddr '192.168.10.1'
        option netmask '255.255.255.0'

config interface 'Vlan20'
        option proto 'static'
        option device 'br-all.20'
        option ipaddr '192.168.20.1'
        option netmask '255.255.255.0'

config interface 'wifi30tv'
        option proto 'static'
        option device 'br-wifi.30'
        option ipaddr '192.168.30.1'
        option netmask '255.255.255.0'

config device
        option type '8021q'
        option ifname 'wlan0'
        option vid '30'
        option name 'wifi30tv'

config device
        option type 'bridge'
        option name 'br-wifi'
        list ports 'eth0'
        list ports 'lan1'
        list ports 'lan2'
        option bridge_empty '1'

config bridge-vlan
        option device 'br-wifi'
        option vlan '30'
        list ports 'eth0:t'
        list ports 'lan2:u*'

config bridge-vlan
        option device 'br-wifi'
        option vlan '40'
        list ports 'eth0:t'
        list ports 'lan1:u*'

config bridge-vlan
        option device 'br-wifi'
        option vlan '50'
        list ports 'eth0:t'
        list ports 'lan2'

config device
        option type '8021q'
        option ifname 'wlan1'
        option vid '40'
        option name 'wifi40'

config interface 'WIFI405G'
        option proto 'static'
        option ipaddr '192.168.40.1'
        option netmask '255.255.255.0'
        option device 'br-wifi.40'

config device
        option type '8021q'
        option ifname 'wlan0'
        option vid '50'
        option name 'wifi50'

config interface 'wifiguest50'
        option proto 'static'
        option netmask '255.255.255.0'
        option device 'br-wifi.50'
        option ipaddr '192.168.50.1'

config interface 'WG'
        option proto 'wireguard'
        list addresses '10.2.0.2/32'
        option private_key 'aPXMKx41qJtmlsqAiyLkEdlvkUzBm9HBxgCilJC+SlE='
        option peerdns '0'
        list dns '10.2.0.1'

config wireguard_WG
        option endpoint_port '51820'
        option description 'WGPEER'
        option public_key 'ZjW69VvINi63totFYP1sV/vWgcXlIhDqL+hAK3JrNVY='
        list allowed_ips '192.168.10.0/32'
        option endpoint_host '190.2.146.228'
        option persistent_keepalive '25'

package dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list ra_flags 'none'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'Vlan10'
        option interface 'Vlan10'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        list ra_flags 'none'

config dhcp 'Vlan20'
        option interface 'Vlan20'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'hybrid'
        list ra_flags 'none'

config dhcp 'wifi30tv'
        option interface 'wifi30tv'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'relay'
        list ra_flags 'none'

config dhcp 'WIFI405G'
        option interface 'WIFI405G'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'hybrid'
        list ra_flags 'none'

config dhcp 'wifiguest50'
        option interface 'wifiguest50'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'hybrid'
        list ra_flags 'none'

package firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'
        option flow_offloading '1'
        option flow_offloading_hw '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'Vlan10'
        list network 'Vlan20'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'
        list network 'WG'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '33434:33689'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled '0'

config include
        option path '/etc/firewall.user'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

config redirect
        option target 'DNAT'
        option name 'Intercept-DNS'
        option src 'lan'
        option src_dport '53'
        option enabled '0'

config zone
        option name 'Guest'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        list network 'wifiguest50'

config forwarding
        option src 'Guest'
        option dest 'wan'

config rule
        option src 'Guest'
        option target 'ACCEPT'
        option name 'Guest DNS and DHCP'
        option dest_port '53 67 68'

config zone
        option name 'WIFI'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option mtu_fix '1'
        list network 'WIFI405G'
        list network 'wifi30tv'

config forwarding
        option src 'WIFI'
        option dest 'wan'

config rule
        option name 'VPN'
        option src 'wan'
        option dest_port '51820'
        option target 'ACCEPT'

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
uci: Entry not found
package vpn-policy-routing

config vpn-policy-routing 'config'
        option verbosity '2'
        option strict_enforcement '1'
        option src_ipset '0'
        option dest_ipset '0'
        option resolver_ipset 'dnsmasq.ipset'
        list ignored_interface 'vpnserver wgserver'
        option boot_timeout '30'
        option iptables_rule_option 'append'
        option procd_reload_delay '1'
        option webui_sorting '1'
        list webui_supported_protocol 'tcp'
        list webui_supported_protocol 'udp'
        list webui_supported_protocol 'tcp udp'
        list webui_supported_protocol 'icmp'
        list webui_supported_protocol 'all'
        option webui_enable_column '1'
        option webui_protocol_column '1'
        option webui_chain_column '1'
        option webui_show_ignore_target '1'
        option ipv6_enabled '0'
        option enabled '0'

config include
        option path '/etc/vpn-policy-routing.netflix.user'
        option enabled '0'

config include
        option path '/etc/vpn-policy-routing.aws.user'
        option enabled '0'

What could be wrong?

First of all vpn-policy-routing is disabled. Second there are no policies. Turns out that you had not enabled it earlier but I missed that.

I really dont know then, i disabled it because when i enable it i have no connection...

Would you mind posting some screen shots of what i'm missing and how should my wireguard config look like in luci?

If you enable it without policies it doesn't make any difference.
Add a policy to use the wan interface, all protocols, prerouting chain, and for source address use the whole subnet, e.g 192.168.20.0/24

1 Like

I'm going to post the config again, give me one minute.

It works! Thanks :slight_smile:

Now i need to know how do i force DNS to specific Vlan, for example i want the vpn dns to be on the 2 vlans i assigned it and on the others google or cloudflare, you said DHCP option 6 was the best? Where is it on luci?

BusyBox v1.33.2 (2022-02-16 20:29:10 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 21.02.2, r16495-bf0c965af0
 -----------------------------------------------------
root@OpenWrt:~# ubus call system board; \
> uci export network; uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; uci export pbr; uci export vpn-policy-routing
{
        "kernel": "5.4.179",
        "hostname": "OpenWrt",
        "system": "MediaTek MT7621 ver:1 eco:3",
        "model": "Xiaomi Mi Router 3G",
        "board_name": "xiaomi,mi-router-3g",
        "release": {
                "distribution": "OpenWrt",
                "version": "21.02.2",
                "revision": "r16495-bf0c965af0",
                "target": "ramips/mt7621",
                "description": "OpenWrt 21.02.2 r16495-bf0c965af0"
        }
}
package network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fd51:cb68:358c::/48'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'
        option broadcast '1'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'auto'
        option peerdns '0'

config device
        option type '8021q'
        option ifname 'lan1'
        option vid '10'
        option name 'vlan10'

config device
        option type '8021q'
        option ifname 'lan2'
        option vid '20'
        option name 'vlan20'

config device
        option type 'bridge'
        option name 'br-all'
        list ports 'eth0'
        list ports 'lan1'
        list ports 'lan2'
        option bridge_empty '1'

config bridge-vlan
        option device 'br-all'
        option vlan '10'
        list ports 'eth0:t'
        list ports 'lan1:u*'

config bridge-vlan
        option device 'br-all'
        option vlan '20'
        list ports 'eth0:t'
        list ports 'lan2'

config interface 'Vlan10'
        option device 'br-all.10'
        option proto 'static'
        option ipaddr '192.168.10.1'
        option netmask '255.255.255.0'

config interface 'Vlan20'
        option proto 'static'
        option device 'br-all.20'
        option ipaddr '192.168.20.1'
        option netmask '255.255.255.0'

config interface 'wifi30tv'
        option proto 'static'
        option device 'br-wifi.30'
        option ipaddr '192.168.30.1'
        option netmask '255.255.255.0'

config device
        option type '8021q'
        option ifname 'wlan0'
        option vid '30'
        option name 'wifi30tv'

config device
        option type 'bridge'
        option name 'br-wifi'
        list ports 'eth0'
        list ports 'lan1'
        list ports 'lan2'
        option bridge_empty '1'

config bridge-vlan
        option device 'br-wifi'
        option vlan '30'
        list ports 'eth0:t'
        list ports 'lan2:u*'

config bridge-vlan
        option device 'br-wifi'
        option vlan '40'
        list ports 'eth0:t'
        list ports 'lan1:u*'

config bridge-vlan
        option device 'br-wifi'
        option vlan '50'
        list ports 'eth0:t'
        list ports 'lan2'

config device
        option type '8021q'
        option ifname 'wlan1'
        option vid '40'
        option name 'wifi40'

config interface 'WIFI405G'
        option proto 'static'
        option ipaddr '192.168.40.1'
        option netmask '255.255.255.0'
        option device 'br-wifi.40'

config device
        option type '8021q'
        option ifname 'wlan0'
        option vid '50'
        option name 'wifi50'

config interface 'wifiguest50'
        option proto 'static'
        option netmask '255.255.255.0'
        option device 'br-wifi.50'
        option ipaddr '192.168.50.1'

config interface 'WGVPN'
        option proto 'wireguard'
        option peerdns '0'
        list dns '10.2.0.1'
        list addresses '10.2.0.2/32'
        option private_key 'KFdABsTSK+etpVdFYNVehXNuhe68G/W03lnPWTIaG24='

config wireguard_WGVPN
        option public_key 'k/lk39kaYIOhLO3rLKVRFOQXCfPsYXTKMggtyXPNCR8='
        option endpoint_host '192.40.57.237'
        option endpoint_port '51820'
        option persistent_keepalive '25'
        list allowed_ips '0.0.0.0/0'

package dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list ra_flags 'none'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'Vlan10'
        option interface 'Vlan10'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        list ra_flags 'none'

config dhcp 'Vlan20'
        option interface 'Vlan20'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'hybrid'
        list ra_flags 'none'

config dhcp 'wifi30tv'
        option interface 'wifi30tv'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'relay'
        list ra_flags 'none'

config dhcp 'WIFI405G'
        option interface 'WIFI405G'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'hybrid'
        list ra_flags 'none'

config dhcp 'wifiguest50'
        option interface 'wifiguest50'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'hybrid'
        list ra_flags 'none'

package firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'
        option flow_offloading '1'
        option flow_offloading_hw '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'Vlan10'
        list network 'Vlan20'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'
        list network 'WGVPN'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '33434:33689'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled '0'

config include
        option path '/etc/firewall.user'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

config redirect
        option target 'DNAT'
        option name 'Intercept-DNS'
        option src 'lan'
        option src_dport '53'
        option enabled '0'

config zone
        option name 'Guest'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        list network 'wifiguest50'

config forwarding
        option src 'Guest'
        option dest 'wan'

config rule
        option src 'Guest'
        option target 'ACCEPT'
        option name 'Guest DNS and DHCP'
        option dest_port '53 67 68'

config zone
        option name 'WIFI'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option mtu_fix '1'
        list network 'WIFI405G'
        list network 'wifi30tv'

config forwarding
        option src 'WIFI'
        option dest 'wan'

config rule
        option name 'VPN'
        option src 'wan'
        option dest_port '51820'
        option target 'ACCEPT'

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
uci: Entry not found
package vpn-policy-routing

config vpn-policy-routing 'config'
        option verbosity '2'
        option strict_enforcement '1'
        option src_ipset '0'
        option dest_ipset '0'
        option resolver_ipset 'dnsmasq.ipset'
        option ipv6_enabled '0'
        list ignored_interface 'vpnserver wgserver'
        option boot_timeout '30'
        option iptables_rule_option 'append'
        option procd_reload_delay '1'
        option webui_show_ignore_target '0'
        option webui_sorting '1'
        list webui_supported_protocol 'tcp'
        list webui_supported_protocol 'udp'
        list webui_supported_protocol 'tcp udp'
        list webui_supported_protocol 'icmp'
        list webui_supported_protocol 'all'
        option webui_enable_column '1'
        option webui_protocol_column '1'
        option webui_chain_column '1'
        option enabled '1'

config include
        option path '/etc/vpn-policy-routing.netflix.user'
        option enabled '0'

config include
        option path '/etc/vpn-policy-routing.aws.user'
        option enabled '0'

config policy
        option name 'Vlan10'
        option proto 'all'
        option src_addr '192.168.10.0/24'
        option interface 'wan'

config policy
        option name 'Vlan20'
        option proto 'all'
        option src_addr '192.168.20.0/24'
        option interface 'WGVPN'

config policy
        option name 'Vlan30'
        option src_addr '192.168.30.0/24'
        option interface 'WGVPN'

config policy
        option interface 'wan'
        option name 'Vlan40'
        option src_addr '192.168.40.0/24'


edit interface, DHCP server tab, advanced settings subtab.

1 Like

YEah but then i set the dns on DHCP on the main menu and then option 6 and interface to have the option 6 enabled correct?

Whats the difference from what i was doing?

Option 6 is what your dhcp server advertises to its clients.
dns in the interface is upstream nameserver used over this interface.
There is also the server in dnsmasq options for forwarding and selective forwarding.

1 Like

Perfect thank you for your help, very much appreciated.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.