[SOLVED] Does PBR (Policy Based Routing) work with CTF?

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
kioske
DD-WRT Novice


Joined: 07 Mar 2011
Posts: 42

PostPosted: Thu Aug 11, 2022 4:18    Post subject: [SOLVED] Does PBR (Policy Based Routing) work with CTF? Reply with quote
Does PBR work with CTF engine on Build r49677 std (08/10/22)?

I'm trying something but it doesn't seem to work at all so I wondered maybe CTF doesn't support policy based routing yet. By the way, does SFE support PBR on this build or should I completely disable forwarding engines for PBR?
Sponsor
eibgrad
DD-WRT Guru


Joined: 18 Sep 2010
Posts: 9157

PostPosted: Thu Aug 11, 2022 6:21    Post subject: Reply with quote
In all honesty, I can't really be sure. Given CTF/SFE/FA are just hacks of the firewall, and are known to break things, nothing would surprise me. OTOH, the router's PBR implementation is NOT dependent on the firewall in any way. It uses the routing system and RPDB to manage that process. So at least on the face of it, I don't see the relevance. But these hacks are so goofy and unconventional in what they do, I suppose nothing's off the table.

Best thing to do whenever you have a doubt is to simply disable it and find out if you see a change. As soon as I see something weird and unexpected, that's what I do.

_________________
ddwrt-ovpn-split-basic.sh (UPDATED!) * ddwrt-ovpn-split-advanced.sh (UPDATED!) * ddwrt-ovpn-client-killswitch.sh * ddwrt-ovpn-client-watchdog.sh * ddwrt-ovpn-remote-access.sh * ddwrt-ovpn-client-backup.sh * ddwrt-mount-usb-drives.sh * ddwrt-blacklist-domains.sh * ddwrt-wol-port-forward.sh * ddwrt-dns-monitor.sh (NEW!)
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Aug 11, 2022 8:01    Post subject: Reply with quote
Welcome to the forum Smile

As @eibgrad said they are all hacks, so simply disable it and see if you problems are gone.

However SFE should be compatible when using a simple client, there are some caveats mainly with latency sensitive traffic and complicated routing scenarios (See the VPN troubleshooting guide)

I use CTF+FA with PBR for WireGuard and have no problems but CTF+FA is a blackbox so you cannot rule out problems.

You forgot to mention what router you are using, to give optimal support it helps if you state router model and build number.

General information, see the forum guidelines with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

Regarding PBR both for WireGuard and OpenVPN the documentation is a sticky in this Advanced Networking forum.

If you have any other questions you are welcome to ask.

To diagnose problems it helps if you post screenshots of settings and logs.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum