What's new

x3mRouting Using VPN Client Bypass Routing does not work

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

worf

Occasional Visitor
Hi. guys

I tried to use VPN Client Bypass Routing to configure Amazon AWS with Region CN to wan, but it did not work. Can you help me?

step

1. Accept DNS Configuration: Relaxed;

2. Force Internet traffic through tunnel: Policy Rules(strict)

3. run command x3mRouting 1 0 AMAZON_CN aws_region=CN


Through the above method, it does not work for me. I mean, I want matching ipset list to wan from CN area . Other regions still via VPN
 
Hi. guys

I tried to use VPN Client Bypass Routing to configure Amazon AWS with Region CN to wan, but it did not work. Can you help me?

step

1. Accept DNS Configuration: Relaxed;

2. Force Internet traffic through tunnel: Policy Rules(strict)

3. run command x3mRouting 1 0 AMAZON_CN aws_region=CN


Through the above method, it does not work for me. I mean, I want matching ipset list to wan from CN area . Other regions still via VPN
Use this command to check that the ipset list is populated:
Code:
ipset -L AMAZON_CN

Verify the iptables routing rule got created. The packets number will increase as traffic traverses the chain.
Code:
iptables -nvL PREROUTING -t mangle --line

Display the RPDB routing priority database rules for the fwmarks, VPN Server, VPN Server and LAN Clients:
Code:
ip rule

You should see a fwmark for WAN which is Priroity 9990 and it should be listed before the rules for lan clients. Example:
Code:
0:      from all lookup local
9990:   from all fwmark 0x8000/0x8000 lookup main
9991:   from all fwmark 0x3000/0x3000 lookup ovpnc5
9992:   from all fwmark 0x7000/0x7000 lookup ovpnc4
9993:   from all fwmark 0x4000/0x4000 lookup ovpnc3
9994:   from all fwmark 0x2000/0x2000 lookup ovpnc2
9995:   from all fwmark 0x1000/0x1000 lookup ovpnc1
10104:  from 192.168.1.150 lookup ovpnc1
10105:  from 192.168.1.151 lookup ovpnc1
10106:  from 192.168.1.153 lookup ovpnc1
10107:  from 192.168.1.154 lookup ovpnc1
10301:  from 192.168.1.165 lookup ovpnc2
10302:  from 192.168.1.149 lookup ovpnc2
10303:  from 192.168.1.152 lookup ovpnc2
32766:  from all lookup main
32767:  from all lookup default

Lastly, try the GLOBAL region to route ALL Amazon traffic to the WAN.
Code:
x3mRouting  1  0 AMAZON aws_region=GLOBAL
 
Last edited:
I am really confused, my method via dnsmasq still does not work.

I just added a command

Code:
x3mRouting 1 0 dns_domains dnsmasq_file=/jffs/scripts/dns_domains

wolf@RT-AC86U-E308:/tmp/home/root# cat /jffs/scripts/dns_domains
qq.com
baidu.com
wolf@RT-AC86U-E308:/tmp/home/root#


Code:
wolf@RT-AC86U-E308:/tmp/home/root# iptables -nvL PREROUTING -t mangle --line
Chain PREROUTING (policy ACCEPT 4096 packets, 446K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       24  1080 MARK       all  --  br0    *       0.0.0.0/0            0.0.0.0/0            match-set dns_domains dst MARK or 0x8000


Code:
wolf@RT-AC86U-E308:/tmp/home/root# ip rule
0:    from all lookup local
9990:    from all fwmark 0x8000/0x8000 lookup main
9995:    from all fwmark 0x1000/0x1000 lookup ovpnc1
32766:    from all lookup main
32767:    from all lookup default
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top