Policy Based Routing guides for DDWRT

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Forum Index -> Advanced Networking
Goto page Previous  1, 2
Author Message
t81
DD-WRT User


Joined: 04 Nov 2015
Posts: 59

PostPosted: Mon Dec 30, 2019 19:03    Post subject: Reply with quote
Having recently started using PBR I stumbled upon a security threat that I believe anyone should be aware of. Check signature.

Many thanks to egc for the kind support.

_________________
Netgear R7800 - Firmware: DD-WRT v3.0-r41811 std (12/28/19)
TP-Link AC1750 as Repeater- Firmware: DD-WRT v3.0 r44187 std (08/13/2020)
OpenVPN PBR + Privoxy = IP EXPOSURE: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=322517&start=0
Sponsor
foz111
DD-WRT User


Joined: 01 Oct 2017
Posts: 322
Location: Earth

PostPosted: Thu Feb 13, 2020 17:18    Post subject: Reply with quote
I upgraded a mates r7800 to build BS build 41813 from feb 2019 kong build and started a fresh, nvram erased so he can PBR.
Basically he lives in the UK and had everything going through his PIA VPN gateway on the r7800, (PIA don't support bbc iplayer) but his kids want to watch BBC iplayer from time to time.
The PBR routing is working a treat with local ip's but he has a stb emu installed on smart tv for some iffy iptv as well as the bbc iplayer app so i am unable route the tv ip through the none vpn gateway, so trying to force it to route any BBC ip via net_gateway as per egc tutorial (big thanks to egc for your guide by the way!)
i added "route 212.58.0.0 255.255.0.0 net_gateway #bbc"
in to the advanced config & rebooted but still seems to see it as vpn ip as it will not allow it to play.
Any ideas what i am doing wrong?
thanks
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6161
Location: Netherlands

PostPosted: Fri Feb 14, 2020 11:11    Post subject: Reply with quote
BBC is active blocking vpn just like Netflix.
It has been a long time ago that I could watch the bbc with PIA

Sometimes when PIA has a new server it works for some time but only if you also send your DNS query through the vpn and use an in private webrowser or clear browser cache and block webrtc

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
foz111
DD-WRT User


Joined: 01 Oct 2017
Posts: 322
Location: Earth

PostPosted: Fri Feb 14, 2020 11:40    Post subject: Reply with quote
egc wrote:
BBC is active blocking vpn just like Netflix.
It has been a long time ago that I could watch the bbc with PIA

Sometimes when PIA has a new server it works for some time but only if you also send your DNS query through the vpn and use an in private webrowser or clear browser cache and block webrtc


Hi egc

yes i am aware BBC does not work with PIA that is why i was trying to force it through the net_gateway not the vpn_gateway.
so his tv IP set in PBR to route via the vpn and i was trying to force bbc to route through none vpn gateway even though the ip is going through the vpn, it was my understanding that the "force" rule overrides the pbr?
Is this not the case or am i missing something? almost like split tunnelling on the tv so everything goes through the vpn apart from bbc
thanks mate
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6161
Location: Netherlands

PostPosted: Fri Feb 14, 2020 15:26    Post subject: Reply with quote
You are right but the bbc uses many ip addresses you probably need ipset to get them all or search the internet for the range of IP addresses
_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
foz111
DD-WRT User


Joined: 01 Oct 2017
Posts: 322
Location: Earth

PostPosted: Fri Feb 14, 2020 18:32    Post subject: Reply with quote
unable to get bbc iplayer ip range online had a search about but does not seem to be available, currently not got a linux machine for ipset, is there any windows program available?
tried tracert from cli but ip's dont seem to unblock it.
forced the dns through net_gateway just in case it was picking it up from that but no joy.
i have confirmed that the route commands are working with whatsmyip so it is simply down to the ip's of bbc iplayer
tried with domain also no joy
shadyjoin
DD-WRT Novice


Joined: 06 Oct 2019
Posts: 11

PostPosted: Thu Apr 02, 2020 18:19    Post subject: Reply with quote
egc wrote:
Watchdog script for VPN client
If you are using PBR the normal watchdog function of DDWRT is not working, you have to do your checking via the VPN tunnel.
This also applies if you have setup the OVPN client on a WAP.


Hey there. I found this script late last year and I thought I was running it for the past few months.

Last night I was troubleshooting the (in)stability of my OpenVPN connection and it turns out I wasn't running the script at all because my build (r41664) doesn't include a nohup command. So I deleted nohup and started the script and confirmed that the script process was running, etc.

Then, maybe 12 hours later, my router stopped assigning IP addresses in response to DHCP requests. Then the DHCP server went completely dead while the GUI, etc. continued to operate. After hard resetting, I was able to get things working again.

Is it possible that something (maybe the 'logger' commands) is filling up NVRAM and breaking the DHCP server or something else?

Apologies if this is a stupid question. I'll concede my ignorance and inexperience.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6161
Location: Netherlands

PostPosted: Thu Apr 02, 2020 20:13    Post subject: Reply with quote
What router? What build?
_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
shadyjoin
DD-WRT Novice


Joined: 06 Oct 2019
Posts: 11

PostPosted: Thu Apr 02, 2020 23:57    Post subject: Reply with quote
egc wrote:
What router? What build?


TP-Link WDR-4300, Build 3.0r41664
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6161
Location: Netherlands

PostPosted: Fri Apr 03, 2020 8:33    Post subject: Reply with quote
It is not a very recent build but should get the job done.

The logger just writes to syslog which is a file on the router (var/log/messages) so I doubt that is the cause.

But what else is causing this I do not know Sad

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum