IP: advanced router / IP: policy routing (kernel)

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Author Message
andreyua
DD-WRT User


Joined: 16 Jun 2010
Posts: 64

PostPosted: Tue May 25, 2021 11:03    Post subject: IP: advanced router / IP: policy routing (kernel) Reply with quote
Hello
My router is:

Router Model - Dlink DIR-825
Firmware Version - DD-WRT v3.0-r37305 std (10/10/18)
Kernel Version - Linux 3.10.108-d6 #65369 Wed Oct 10 04:39:34 CEST 2018 mips

How to know, if my kernel support ?:
- IP: advanced router (CONFIG_IP_ADVANCED_ROUTER)
- IP: policy routing (CONFIG_IP_MULTIPLE_TABLES)
Sponsor
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Tue May 25, 2021 16:18    Post subject: Reply with quote
https://svn.dd-wrt.com/browser/src/linux/universal/linux-3.10/.config_dir825

Again, please upgrade to 46750, and report:

https://download1.dd-wrt.com/dd-wrtv2/downloads/betas/2021/05-25-2021-r46750/dlink-dir825-revb/

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=329216

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
andreyua
DD-WRT User


Joined: 16 Jun 2010
Posts: 64

PostPosted: Tue May 25, 2021 16:28    Post subject: Reply with quote
Thank you.
Hmm, it seems to support. I'm generally puzzled.
=========
Ok, I'll ask the question differently:

How to organize split tunneling on dd-wrt if using an openvpn client?

This script https://gist.github.com/goodandrewsoft/95f1c8081e396430a610a7fdc43b6c19 works on regular Linux, but doesn't want to work on dd-wrt. I tried a lot, but without success. Sad
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14126
Location: Texas, USA

PostPosted: Tue May 25, 2021 16:37    Post subject: Reply with quote
https://www.google.com/search?q=split+tunneling+dd-wrt

https://www.comparitech.com/blog/vpn-privacy/vpn-split-tunneling/

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=319102

Not going to post all the search results. Again, upgrade because most of what you need to work may be broken or not present in that 2-year-old firmware version.

_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12839
Location: Netherlands

PostPosted: Tue May 25, 2021 16:57    Post subject: Reply with quote
Recent DDWRT firmwares have Policy Based Routing (aka split tunnel) incorporated see the VPN documentation, link in my signaturee at the bottom.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
andreyua
DD-WRT User


Joined: 16 Jun 2010
Posts: 64

PostPosted: Wed May 26, 2021 13:36    Post subject: Reply with quote
Finally.
After update router to:

Firmware Version - DD-WRT v3.0-r46750 (05/25/21)
Kernel Version - Linux 3.10.108-d11 #81661 Tue May 25 02:17:28 +07 2021 mips

i resolved my problem.

Just putted to: OpenVPN Client -> Policy based Routing - 192.168.1.148/32 and all ok.

Also i tried configure policy routing via console, something like this:
Code:
ip route delete 0.0.0.0/1 via 10.122.18.1 dev tun1 #from main
ip rule add from 192.168.1.148 table 120
ip route add 0.0.0.0/1 via 10.122.18.1 dev tun1 table 120


Everything worked instantly, unlike the tedious fiddling with the previous firmware. Apparently on the old firmware there are big problems with PBR. (But i didn't try gui)

kernel-panic69, egc - thanks! 🍻

p.s. strange error in open vpn log sometimes:
--mtu-disc is not supported on this OS.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12839
Location: Netherlands

PostPosted: Wed May 26, 2021 14:27    Post subject: Reply with quote
You are welcome Smile

The error is not strange it can be caused by non optimal settings, mtu-disc is not supported on IPv6.

I am sure it is somewhere in the documentation, you have to use udp4 instead of udp for tunnel protocol (or tcp4)

Those were settings which where not available in your old build and although the default is now udp4 we cannot override older settings (one of the reseasons why resetting to defaults and starting from scratch when coming from a old build is sometimes advised Smile )

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
andreyua
DD-WRT User


Joined: 16 Jun 2010
Posts: 64

PostPosted: Fri May 28, 2021 5:33    Post subject: Reply with quote
Is it possible to make via open-vpn -> pbr something like that?:
Code:

# iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 80 -j MARK --set-mark 0x2

# ip route add default via 11.22.33.1 dev eth0 table 102

# ip rule add fwmark 0x2/0x2 lookup 102

or

Code:

ip rule add from all dev wlan0-1 lookup 102
.

Thanks.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12839
Location: Netherlands

PostPosted: Fri May 28, 2021 10:15    Post subject: Reply with quote
Some examples what is possible are described in the documentation there is also a link to the corresponding MAN page.

All documents:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398

Policy based routing:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327810

The very sophisticated script of @eibgrad can also be set up for reverse PBR (Default via VPN and only alternate routing table via the WAN).


It is often helpful if you describe the problem you want to solve so that we can help to find a solution.
Of course reading the documentation is always helpful Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum