Posted: Sun Jan 19, 2020 3:11 Post subject: wrt1900acsv2 problem/bug with PBR
Hey guys,
I've got a problem with VPN and PBR
I wanted to route all my devices through VPN except for 1 of them.
I did some research and I've set it up as instructed.
Here is what i did:
-set up a static ip for the device that i don't want to route through VPN (192.168.1.60)
-Also I added the rest of the DHCP scope in the PBR section (192.168.1.100-150) like this:
every thing on LAN and 5 GHz WiFi works fine but on 2.4 GHz WiFi it doesn't work properly.
here is how i found out
in my country Telegram messenger and twitter is blocked
with this setup i can access Telegram on 2.4 GHz but twitter is not working.
I've tried same apps on LAN and 5 GHz WiFi with same device and both of them are working fine!
Am I missing something or it's a bug?
So far I've tried it on these Builds and got the same result:
40559
41813
41986
42015 [current build]
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Tue Jan 21, 2020 20:46 Post subject:
For those not understanding @ttowling's reply, see the duplicate post at https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=322818. It's likely to be a case of a newbie not understanding how the forum's submit form works. I kinda remember doing it once in the beginning also.
Newbie: If you want to change something in your post, don't submit a new post. Find your original post and look for an edit button on the upper right. If you have more to add and prefer a separate post, use the reply button below your first post.
Re PBR, you likely have a config bug. I have a WRT1900ACSv2 with PBR grabbing only the DHCP range and leaving static-lease IPs to bypass the VPN. Works fine. No deep thought required in setup.
But start with, as I suggested after your first post, changing your DHCP range to simplify the CIDR. The default 100-149 (not 150, but that tiny error shouldn't hurt anything) range requires a CIDR calculator. The simplified range you can get right in one CIDR line on your own.
Do you have both wifi interfaces marked as bridged in the Wireless settings and shown in bridge br0 in Networking, as is the default in both cases? Or is 2.4 GHz wifi an unbridged interface on its own subnet with its own DHCP server? Really the latter is the only obvious way to end up with it not being covered by your PBR entries. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
For those not understanding @ttowling's reply, see the duplicate post at https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=322818. It's likely to be a case of a newbie not understanding how the forum's submit form works. I kinda remember doing it once in the beginning also.
Newbie: If you want to change something in your post, don't submit a new post. Find your original post and look for an edit button on the upper right. If you have more to add and prefer a separate post, use the reply button below your first post.
Re PBR, you likely have a config bug. I have a WRT1900ACSv2 with PBR grabbing only the DHCP range and leaving static-lease IPs to bypass the VPN. Works fine. No deep thought required in setup.
But start with, as I suggested after your first post, changing your DHCP range to simplify the CIDR. The default 100-149 (not 150, but that tiny error shouldn't hurt anything) range requires a CIDR calculator. The simplified range you can get right in one CIDR line on your own.
Do you have both wifi interfaces marked as bridged in the Wireless settings and shown in bridge br0 in Networking, as is the default in both cases? Or is 2.4 GHz wifi an unbridged interface on its own subnet with its own DHCP server? Really the latter is the only obvious way to end up with it not being covered by your PBR entries.
I'm sorry for duplicated posts
when i was posting it the server was under maintenance and it was super slow so i thought it didn't go through at all.
I did changed my DHCP range to what you mentioned (192.168.1.128-191) so my CIDR became one line(192.168.1.128/26) and still I got the same result.
My both WiFi mode is AP and Network Configuration marked as bridged. Both of them also shown in br0 as well by default.
the thing is when i connect my device to 2.4 GHz while i use PBR it does shows that my ip changed which looks like it's working fine but some apps won't receive data with this setup
and when i'm not using PBR everything works perfectly fine on 2.4 GHz
can this be DNSleak? because those apps are censored in my country
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Thu Jan 23, 2020 20:12 Post subject:
Understand re duplicates. I've done the same. There is also an x button beside the edit button. With it you can remove a bad post completely. Took me two years to discover that button!
If you are seeing the IP change, things are working. But some websites and some apps (netflix, Us banks when you attempt a deposit, some shopping sites, etc.) will refuse to play nice with any IP they recognize as belonging to a VPN server. Try changing servers. Might help. Might not.
Older builds (until a few months ago) had DNS issues when using PBR for br0. I believe newer builds have it solved. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Thu Jan 23, 2020 21:21 Post subject:
Also, have a look at the semi-official PBR guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686. Should help you sort out the DNS question. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.