OpenVPN and PBR issue

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
jbrines
DD-WRT Novice


Joined: 21 Mar 2019
Posts: 39

PostPosted: Wed May 01, 2019 0:12    Post subject: OpenVPN and PBR issue Reply with quote
Hi Guys,

I am trying to get OpenVPN PBR to work with a streaming device but it won't work.

If I add the device IP address to PBR it doesn't work

If I remove the IP address from PBR it works fine on VPN.

If I add a linux computer IP address to PBR the linux computer works and goes over the VPN.

I am on build v3.0-r39538 std (04/16/19)

Any ideas as to why the device won't work on PBR?
Sponsor
jbrines
DD-WRT Novice


Joined: 21 Mar 2019
Posts: 39

PostPosted: Wed May 01, 2019 0:51    Post subject: Reply with quote
I also tried EGC's script and it didn't help it just has the same outcome.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Wed May 01, 2019 8:51    Post subject: Reply with quote
What kind of streaming? Is it using Multicast?
jbrines
DD-WRT Novice


Joined: 21 Mar 2019
Posts: 39

PostPosted: Wed May 01, 2019 10:36    Post subject: Reply with quote
Per Yngve Berg wrote:
What kind of streaming? Is it using Multicast?


I believe it is, it is IPTV but from my ISP.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Wed May 01, 2019 10:59    Post subject: Reply with quote
If the source is your ISP, it should not use the VPN.

Multicast is not routed like normal unicast.

Have you un-ticked the Filter Multicast on the Security Page?

igmpproxy must also be configured to configured to forward Multicast. See /tmp/igmpproxy.conf
jbrines
DD-WRT Novice


Joined: 21 Mar 2019
Posts: 39

PostPosted: Wed May 01, 2019 11:23    Post subject: Reply with quote
Per Yngve Berg wrote:
If the source is your ISP, it should not use the VPN.


Sorry I did a typo the IPTV is not from my ISP.

The IPTV works fine over the VPN but the minute I try to use PBR it won't work.

I only want a couple of devices on my network to use the VPN.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Wed May 01, 2019 11:47    Post subject: Reply with quote
Use tcpdump to see what traffic passes through the router. Multicast uses addresses in the 239.x.x.x range.

igmpproxy can only have one upstream interface.

Where are the VPN tunnel terminating?
jbrines
DD-WRT Novice


Joined: 21 Mar 2019
Posts: 39

PostPosted: Wed May 01, 2019 12:20    Post subject: Reply with quote
Per Yngve Berg wrote:
Use tcpdump to see what traffic passes through the router. Multicast uses addresses in the 239.x.x.x range.


Do I just put tcpdump in to the command box?


Per Yngve Berg wrote:
igmpproxy can only have one upstream interface.


I am not sure what you mean by this, sorry.


Per Yngve Berg wrote:
Where are the VPN tunnel terminating?


Do you mean the VPN IP address, if so then it is in the UK - 109.123.122.214
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Wed May 01, 2019 12:32    Post subject: Reply with quote
jbrines wrote:
Do I just put tcpdump in to the command box?


It will not work. SSH/Telnet into the router.



jbrines wrote:
Do you mean the VPN IP address, if so then it is in the UK - 109.123.122.214


Is it a VPN server in your home or a commercial VPN service?
jbrines
DD-WRT Novice


Joined: 21 Mar 2019
Posts: 39

PostPosted: Wed May 01, 2019 12:53    Post subject: Reply with quote
Per Yngve Berg wrote:
jbrines wrote:
Do I just put tcpdump in to the command box?


It will not work. SSH/Telnet into the router.



jbrines wrote:
Do you mean the VPN IP address, if so then it is in the UK - 109.123.122.214


Is it a VPN server in your home or a commercial VPN service?


Tried tcpdump via telnet and get, do I need to install it? -sh: tcpdump: not found

The VPN is commercial - SlickVPN.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Wed May 01, 2019 13:47    Post subject: Reply with quote
My script always works Smile

Have you disabled Shortcut forwarding Engine on the Setup page?

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
jbrines
DD-WRT Novice


Joined: 21 Mar 2019
Posts: 39

PostPosted: Wed May 01, 2019 14:33    Post subject: Reply with quote
egc wrote:
My script always works Smile

Have you disabled Shortcut forwarding Engine on the Setup page?


Yeah SFE is disabled bud.

I like your script it will do everything I want but just doesn't work with my IPTV device.
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Wed May 01, 2019 17:00    Post subject: Reply with quote
jbrines wrote:
Tried tcpdump via telnet and get, do I need to install it? -sh: tcpdump: not found


You probably have one of those cheap routers with small flash size that have no room for tcpdump.
jbrines
DD-WRT Novice


Joined: 21 Mar 2019
Posts: 39

PostPosted: Wed May 01, 2019 17:57    Post subject: Reply with quote
Per Yngve Berg wrote:
jbrines wrote:
Tried tcpdump via telnet and get, do I need to install it? -sh: tcpdump: not found


You probably have one of those cheap routers with small flash size that have no room for tcpdump.


I have a Buffalo WZR-1750DHP with 128mb flash
Per Yngve Berg
DD-WRT Guru


Joined: 13 Aug 2013
Posts: 6858
Location: Romerike, Norway

PostPosted: Wed May 01, 2019 18:05    Post subject: Reply with quote
ftp://ftp.dd-wrt.com/betas/2019/04-25-2019-r39654/buffalo_wzr-1750dhp/buffalo-wzr-1750dhp-webflash.bin

Strange that tcpdump is not included. The FW is 26M in size.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum