SFE isn't work with Policy-based routing

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
wuruxu
DD-WRT Novice


Joined: 17 Jun 2019
Posts: 15

PostPosted: Fri Jul 05, 2019 14:20    Post subject: SFE isn't work with Policy-based routing Reply with quote
hi
In my router, I have setup VAP to route all VAP traffic wl1.1 (192.168.18.1) to wireguard oet1(192.168.2.1)
following is my rules to control traffic from VAP, and routing to oet1(wireguard interface)

Code:
ip rule add from 192.168.18.0/24 lookup 100
ip route add table 100 default via 192.168.2.1
iptables -t nat -A POSTROUTING -s 192.168.18.0/24 -o oet1 -j MASQUERADE


when I disable SFE(Shortcut Forwarding Engine), all works correct.
BUT after I enable SFE, the traffic from wl1.1 cann't work as expected.
what's wrong with my usage, how to fix this issue ?
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 1554
Location: Texas, USA

PostPosted: Fri Jul 05, 2019 15:00    Post subject: Reply with quote
Looks like ip rule add has been broken for quite a while:

https://svn.dd-wrt.com/ticket/6161

Not sure if this also has something to do with it, because the patch was already implemented, but SFE has been updated since:

https://svn.dd-wrt.com/ticket/5986
wuruxu
DD-WRT Novice


Joined: 17 Jun 2019
Posts: 15

PostPosted: Fri Jul 05, 2019 15:11    Post subject: Reply with quote
Maybe bugs in SFE patch.

I have test with traceroute www.google.com.sg, look like traffic is OK.
but curl -v https://www.google.com.sg/ , ssl handshake is failed always.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 1554
Location: Texas, USA

PostPosted: Fri Jul 05, 2019 15:21    Post subject: Reply with quote
Read the first ticket. The ip rule add command doesn't exist or work anymore in BS builds. It would take a while to backtrack any commits to the source code to see what broke it. Unfortunately, <Kong> doesn't directly support that router (EA6300).
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 3676
Location: Netherlands

PostPosted: Sat Jul 06, 2019 7:38    Post subject: Reply with quote
For Policy based routing, builds before 39556 have to disable Shortcut Forwarding Engine on Setup page, ( https://svn.dd-wrt.com/changeset/39556), builds after 40172 appear to be broken again ( https://svn.dd-wrt.com/ticket/6706)
_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
Simple PBR (Policy Based Routing) script: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318662
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN server setup guide:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum