Where is pbr and the luci package?

I want to use the new version of vpn-policy-routing which I think is pbr and luci-app-pbr. I can't find either package using opkg list |grep pbr What am I doing wrong?

frr-pbrd - 8.2.0-1 - pbrd routing engine
tcpbridge - 4.4.1-1 - tcpbridge is a tool for selectively briding network traffic across two interfaces and optionally modifying the packets in between

Q1: Do I need to add them as a 3rd party source? When are they becoming official?

Q2: Do you need https://docs.openwrt.melmac.net/vpn-policy-routing/#requirements for pbr?

Q3: The install guide is wrong, right?

Please make sure that the requirements are satisfied and install vpn-policy-routing and luci-app-vpn-policy-routing from Web UI or connect to your router via ssh and run the following commands:

opkg update
opkg install vpn-policy-routing luci-app-vpn-policy-routing

Should it be?

opkg update
opkg install pbr luci-app-pbr

Yes

The install guide is for vpn-policy-routing.

:face_with_open_eyes_and_hand_over_mouth: the two guides look so similar I didn't see the differences :face_with_open_eyes_and_hand_over_mouth:

I want to send a PR to have pbr included in the official repo after I test how it works with the OpenWrt's dnsmasq package which supports nft sets. There's already a PR for dnsmasq 2.87 which supports nft sets in the repo, however I don't know what the timeline is for the merge. I hope it won't be long after dnsmasq which supports nft sets is merged that I'll be able to merge pbr.

The luci app for pbr might take quite a bit longer to be in the official repo, as the new lua-based luci packages are no longer accepted in the repo and I don't know when I'll be able to transition it to javascript.

If I use pbr and luci-app-pbr, does that mean I can't use Attended Sysupgrade to upgrade OpenWrt releases (since the build server doesn't have the 3rd party repo containing pbr packages)?

@aparcar any plans to allow adding of third party repos to attended sysupgrade options?

I may be sending PR for pbr to master and 22.03 within a week or so and then take my time on the luci app.

1 Like

At this point only "official" packages are supported since other packages could tamper with the server. External packages can run arbitrary commands within the build process which would be a trivial attack vector to take over the server.

I'm thinking about running each build in containers, that would allow remote packages, too, however such feature may take more time than merging your packages to packages.git and luci.git

2 Likes