x3mRouting x3mRouting ~ Selective Routing for Asuswrt-Merlin Firmware

[Xentrk]

x3mRouting ~ 384.19 Alpha 4/Beta 1 Test Branch compatible code available. 6 August 2020

Code changes impact those who use LAN Client Routing (Option 1) and the modified OpenVPN Client Screen (Option 2) for the routing of IPSET lists. See [Beta] Asuswrt-Merlin 384.19 beta is now available for more information.

Update Instructions

x3mRouting 384.19 test branch is currently installed
If you already have the 384.19 test branch installed, you can update by accessing the x3mMenu. Select option [7] Update x3mRouting Menu to update the menu. After the new menu has been downloaded, select option [5] Check for updates to existing x3mRouting installation. This will update files and perform clean-up.

Upgrading to x3mRouting 384.19 test branch from 384.18 or below
Due to the nature of the 384.19 test build changes, update x3mRouting first, followed by a firmware update of the 384.19 test build.

If you decide to install, you will have to reinstall the x3mMenu using a similar copy/paste as shown in step 2 below to point your local repo back to the master branch on GitHub when 384.19 goes into production.

1. Take a backup of configs and jffs. Download the 384.19 Beta builds: https://sourceforge.net/projects/asuswrt-merlin/files/ and extract to a local folder.

2. Download the updated menu from the x3mRouting-384.19 branch:

sh -c "$(curl -sL https://raw.githubusercontent.com/Xentrk/x3mRouting/x3mRouting-384.19/Install_x3mRouting.sh)"

3. Run [5] Check for updates to existing x3mRouting installation option to perform cleanup and finalize the update.

4. Unmount the USB and perform an update to the 384.19 beta firmware version immediately after the update of x3mRouting.

 

[Olivier L]

Please download the menu using the command below and let me know if it still reports an update available in amtm.

sh -c "$(curl -sL https://raw.githubusercontent.com/Xentrk/x3mRouting/master/Install_x3mRouting.sh)"

Thanks, it works.

 

[Xentrk]

Yes, that file contained some html code. I deleted the file, then ran the Netflix lines you suggested.

For the Disney ipset fix, I used:
x3mRouting ipset_name=DISNEY del
That worked.

I also deleted the Amazon and Schwab files, and fixed some syntax problems in nat-start. Then I ran nat-start, and everything seems to be working. The iptables table is clean and includes all that it should from nat-start.

There is still a problem.

(x3mRouting.sh): 22085 Starting Script Execution 1 0 SCHWAB asnum=AS6949,AS21342
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
(x3mRouting.sh): 22085 Selective Routing Rule via WAN deleted for SCHWAB fwmark 0x8000/0x8000
(x3mRouting.sh): 22085 Selective Routing Rule via WAN created for SCHWAB fwmark 0x8000/0x8000
(x3mRouting.sh): 22085 Completed Script Execution

But it seems to be working.

Thanks for your help.

I added additional edits and error handling for ASN downloads in the x3mRouting-384.19 Test Branch. The code has been updated to first backup then purge the existing save/restore file rather than appending to the existing save/restore file. Doing this will also overwrite a file that may have bad values. The format of the save/restore file will now be checked after download. Any empty lines will get removed. Each line will be checked for a valid IP or CIDR. If an invalid line encountered, exit the check process and restore IPSET list save/restore file from the previous save/restore file using a backup.

 

[obs0lete]

I had the same issue this morning. It worked yesterday. I added AS2906 and it is working now. For me, I am routing to my private VPN. Just change the "ALL 1" to "1 0" for your use case.

sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 1 NETFLIX-DNS dnsmasq=netflix.com,nflxext.com,nflximg.com,nflximg.net,nflxso.net,nflxvideo.net,amazonaws.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 1 NETFLIX_AS2906 asnum=AS2906

I'll do some more analysis when I return on Monday to better understand what is going on. If you still have issues, create a routing rule for Amazon GLOBAL region.

So, I don't know if I'm just dense but this is no longer working for me.

When I was originally troubleshooting this issue I realize now that I had actually used a different server form my VPN provider - this is what actually allowed Netflix to work on my VPN connected devices as the IP address provided by this server appears to not have been blocked by Netflix.

This server was taken offline by my VPN provider recently. Thinking that this was working via the x3mRouting policies in place I simply switched to a different server and am now presented with the same issue again where only certain titles are available in Netflix. For example, I cannot find "Friends" or Brooklyn 99" with the VPN + x3mRouting.

The way I have my VPN Client setup in the router is that only a few devies actually go through the VPN tunnel as shown here:

Everything else goes through the WAN.
On each device that is going through the VPN tunnel, I've specified a static IP for each and the DNS servers of my VPN provider.

On the x3mRouting side, I've used the following commands:

x3mRouting 1 0 AMAZON_GLOBAL aws_region=GLOBAL
x3mRouting 1 0 NETFLIX_DNS dnsmasq=netflix.com,nflxext.com,nflximg.com,nflximg.net,nflxso.net,nflxvideo.net,amazonaws.com
x3mRouting 1 0 NETFLIX_AS2906 asnum=AS2906

Based on this, all traffic as defined in the above commands that originates from VPN Client 1 should be re-routed to the WAN - correct?

Is there something obvious that I am missing, or am I misunderstanding what x3mRouting does?
All I am trying to do is have all Netflix traffic generated from the VPN clients to go over the WAN, bypassing the VPN completely.

 

[Xentrk]

So, I don't know if I'm just dense but this is no longer working for me.

When I was originally troubleshooting this issue I realize now that I had actually used a different server form my VPN provider - this is what actually allowed Netflix to work on my VPN connected devices as the IP address provided by this server appears to not have been blocked by Netflix.

This server was taken offline by my VPN provider recently. Thinking that this was working via the x3mRouting policies in place I simply switched to a different server and am now presented with the same issue again where only certain titles are available in Netflix. For example, I cannot find "Friends" or Brooklyn 99" with the VPN + x3mRouting.

The way I have my VPN Client setup in the router is that only a few devies actually go through the VPN tunnel as shown here:

View attachment 25229

Everything else goes through the WAN.
On each device that is going through the VPN tunnel, I've specified a static IP for each and the DNS servers of my VPN provider.

On the x3mRouting side, I've used the following commands:

x3mRouting 1 0 AMAZON_GLOBAL aws_region=GLOBAL
x3mRouting 1 0 NETFLIX_DNS dnsmasq=netflix.com,nflxext.com,nflximg.com,nflximg.net,nflxso.net,nflxvideo.net,amazonaws.com
x3mRouting 1 0 NETFLIX_AS2906 asnum=AS2906

Based on this, all traffic as defined in the above commands that originates from VPN Client 1 should be re-routed to the WAN - correct?

Is there something obvious that I am missing, or am I misunderstanding what x3mRouting does?
All I am trying to do is have all Netflix traffic generated from the VPN clients to go over the WAN, bypassing the VPN completely.

There is a Netflix show I can watch on my Fire TV. But when I try to find it on my Roku, The show does noat appear as being available. That one has me confused. Also, shows rotate among the different regions. A movie may be available in a region one month, then removed and added to another region the following month.

What you have listed above should work with one caveat.

During the development of the x3mRouting 384.19 Test Branch this past week, I was reminded that the dnsmasq method won't work if you have Accept DNS Configuration set to Exclusive as dnsmasq is bypassed. So the necessary IPv4 addresses won't get loaded into the NETFLIX_DNS IPSET using the code below:

x3mRouting 1 0 NETFLIX_DNS dnsmasq=netflix.com,nflxext.com,nflximg.com,nflximg.net,nflxso.net,nflxvideo.net,amazonaws.com

Check to see if you have entries in the NETFLIX_DNS ipset list. Use the "liststats" command to check the number of entries. I have 2169 entries in my list.

If you have no entries, you can watch Netflix on another device or remove the client defined to use the VPN. Then, go the Netflix and access the options to generate IPv4 addresses. Or, change Accept DNS Configuration to a value other than Exclusive. I can post the contents of my list if that would help.

Once you have collected the addresses, you can set Accept DNS Configuration back to Excluive. The iptables will be able to use the IPv4 address in the list to route traffic. But it won't be able to generate the IPv4 addresses dynamically using the feature of dnsmasq.

You can check to see if packets are traversing the chain using the command:

iptables -nvL PREROUTING -t mangle --line

 

[obs0lete]

There is a Netflix show I can watch on my Fire TV. But when I try to find it on my Roku, The show does noat appear as being available. That one has me confused. Also, shows rotate among the different regions. A movie may be available in a region one month, then removed and added to another region the following month. So that may be why you can't find the show?

What you have listed above should work with one caveat.

During the development of the x3mRouting 384.19 Test Branch this past week, I was reminded that the dnsmasq method won't work if you have Accept DNS Configuration set to Exclusive as dnsmasq is bypassed. So the necessary IPv4 addresses won't get loaded into the NETFLIX_DNS IPSET using the code below:

x3mRouting 1 0 NETFLIX_DNS dnsmasq=netflix.com,nflxext.com,nflximg.com,nflximg.net,nflxso.net,nflxvideo.net,amazonaws.com

Check to see if you have entries in the NETFLIX_DNS ipset list. Use the "liststats" command to check the number of entries. I have 2169 entries in my list.

If you have no entries, you can watch Netflix on another device or remove the client defined to use the VPN. Then, go the Netflix and access the options to generate IPv4 addresses. Or, change Accept DNS Configuration to a value other than Exclusive. I can post the contents of my list if that would help.

Once you have collected the addresses, you can set Accept DNS Configuration back to Excluive. The iptables will be able to use the IPv4 address in the list to route traffic. But it won't be able to generate the IPv4 addresses dynamically using the feature of dnsmasq.

You can check to see if packets are traversing the chain using the command:

iptables -nvL PREROUTING -t mangle --line

Thanks for your reply.

Just a few things I'd like to add:

There is a Netflix show I can watch on my Fire TV. But when I try to find it on my Roku, The show does noat appear as being available. That one has me confused. Also, shows rotate among the different regions. A movie may be available in a region one month, then removed and added to another region the following month. So that may be why you can't find the show?

This would normally make sense, but in my case I am using a VPN server in the same city as me as a test, and still get the same results. I would exepect that I should still be able to see the same shows.

Check to see if you have entries in the NETFLIX_DNS ipset list. Use the "liststats" command to check the number of entries. I have 2169 entries in my list.

If you have no entries, you can watch Netflix on another device or remove the client defined to use the VPN. Then, go the Netflix and access the options to generate IPv4 addresses. Or, change Accept DNS Configuration to a value other than Exclusive. I can post the contents of my list if that would help.

I have no entries:

AMAZON_GLOBAL - 83
NETFLIX_AS2906 - 97
NETFLIX_DNS - 0

I'm a little confused by this. I tried watching Netflix on another device and also set Accept DNS Configuration to Disabled to test, but nothing happened? How exactly do I generate the IPv4 addresses and when I have them, where do I place them? If you could post the contents of your entries that would be great. but I would also like to knlow how to do this in case I need to prefom this again in the future.

Thank you!

 

[Xentrk]

Thanks for your reply.

Just a few things I'd like to add:



This would normally make sense, but in my case I am using a VPN server in the same city as me as a test, and still get the same results. I would exepect that I should still be able to see the same shows.


I have no entries:

AMAZON_GLOBAL - 83
NETFLIX_AS2906 - 97
NETFLIX_DNS - 0

I'm a little confused by this. I tried watching Netflix on another device and also set Accept DNS Configuration to Disabled to test, but nothing happened? How exactly do I generate the IPv4 addresses and when I have them, where do I place them? If you could post the contents of your entries that would be great. but I would also like to knlow how to do this in case I need to prefom this again in the future.

Thank you!

Do you have dnsmasq logging enabled? I will update the script to check for the condition. See https://github.com/Xentrk/x3mRouting#enable-dnsmasq-logging

 

[obs0lete]

Do you have dnsmasq logging enabled? I will update the script to check for the condition. See https://github.com/Xentrk/x3mRouting#enable-dnsmasq-logging

I did not, so I have enabled it and started the process over again, but no change.

dnsmasq.log: ( does not appear to be logging):

Aug  8 07:55:39 dnsmasq[31209]: started, version 2.81-32-g93cb543 cachesize 1500
Aug  8 07:55:39 dnsmasq[31209]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset no-auth DNSSEC no-ID loop-detect no-inotify no-dumpfile
Aug  8 07:55:39 dnsmasq[31209]: warning: interface pptp* does not currently exist
Aug  8 07:55:39 dnsmasq-dhcp[31209]: DHCP, IP range 192.168.2.2 -- 192.168.2.254, lease time 1d
Aug  8 07:55:39 dnsmasq-dhcp[31209]: DHCP, IP range 192.168.8.2 -- 192.168.8.254, lease time 1d
Aug  8 07:55:39 dnsmasq[31209]: using only locally-known addresses for domain obs0lete.com

It also appears that no data is passing through "NETFLIX_DNS":

Chain PREROUTING (policy ACCEPT 47625 packets, 60M bytes)
num   pkts bytes target     prot opt in     out     source               destination
1      476  280K MARK       all  --  tun11  *       0.0.0.0/0            0.0.0.0/0            MARK xset 0x1/0x7
2     5947  861K MARK       all  --  tun21  *       0.0.0.0/0            0.0.0.0/0            MARK xset 0x1/0x7
3        1    89 MARK       all  --  br0    *       0.0.0.0/0            0.0.0.0/0            match-set AMAZON_GLOBAL dst MARK or 0x8000
4        0     0 MARK       all  --  br0    *       0.0.0.0/0            0.0.0.0/0            match-set NETFLIX_DNS dst MARK or 0x8000
5     5264  300K MARK       all  --  br0    *       0.0.0.0/0            0.0.0.0/0            match-set NETFLIX_AS2906 dst MARK or 0x8000

 

[Xentrk]

I did not, so I have enabled it and started the process over again, but no change.

dnsmasq.log: ( does not appear to be logging):

Aug  8 07:55:39 dnsmasq[31209]: started, version 2.81-32-g93cb543 cachesize 1500
Aug  8 07:55:39 dnsmasq[31209]: compile time options: IPv6 GNU-getopt no-RTC no-DBus no-UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset no-auth DNSSEC no-ID loop-detect no-inotify no-dumpfile
Aug  8 07:55:39 dnsmasq[31209]: warning: interface pptp* does not currently exist
Aug  8 07:55:39 dnsmasq-dhcp[31209]: DHCP, IP range 192.168.2.2 -- 192.168.2.254, lease time 1d
Aug  8 07:55:39 dnsmasq-dhcp[31209]: DHCP, IP range 192.168.8.2 -- 192.168.8.254, lease time 1d
Aug  8 07:55:39 dnsmasq[31209]: using only locally-known addresses for domain obs0lete.com

It also appears that no data is passing through "NETFLIX_DNS":

Chain PREROUTING (policy ACCEPT 47625 packets, 60M bytes)
num   pkts bytes target     prot opt in     out     source               destination
1      476  280K MARK       all  --  tun11  *       0.0.0.0/0            0.0.0.0/0            MARK xset 0x1/0x7
2     5947  861K MARK       all  --  tun21  *       0.0.0.0/0            0.0.0.0/0            MARK xset 0x1/0x7
3        1    89 MARK       all  --  br0    *       0.0.0.0/0            0.0.0.0/0            match-set AMAZON_GLOBAL dst MARK or 0x8000
4        0     0 MARK       all  --  br0    *       0.0.0.0/0            0.0.0.0/0            match-set NETFLIX_DNS dst MARK or 0x8000
5     5264  300K MARK       all  --  br0    *       0.0.0.0/0            0.0.0.0/0            match-set NETFLIX_AS2906 dst MARK or 0x8000

Did you restart dnsmasq after adding the lines to dnsmasq.conf.add?

service restart_dnsmasq

There should be a System log file entry:

Aug  8 20:22:47 RT-AC88U-8274 rc_service: service 14585:notify_rc restart_dnsmasq

Confirm entries reside in /etc/dnsmasq.conf

cat /etc/dnsmasq.conf | grep log-

log-async
log-queries
log-facility=/opt/var/log/dnsmasq.log

Check if active processes exist for logging

 ps | grep "dnsmasq --log-async"

Confirm if logging is occuring

tail -f /opt/var/log/dnsmasq.log

Confirm Accept DNS Configuration is not set to Exclusive (0=Disabled,1=Relaxed,2=Strict,3=Exclusive)

nvram get vpn_client1_adns

 

[obs0lete]

Did you restart dnsmasq after adding the lines to dnsmasq.conf.add?

service restart_dnsmasq

There should be a System log file entry:

Aug  8 20:22:47 RT-AC88U-8274 rc_service: service 14585:notify_rc restart_dnsmasq

Yes, I did restart it

Aug  8 12:30:51 rc_service: service 9985:notify_rc restart_dnsmasq

Confirm entries reside in /etc/dnsmasq.conf

cat /etc/dnsmasq.conf | grep log-
log-async
log-queries
log-facility=/opt/var/log/dnsmasq.log

Yes, I show the same results as you.

Check if active processes exist for logging

 ps | grep "dnsmasq --log-async"

Yes, the processes exist:

dnsmasq --log-async
dnsmasq --log-async
rep dnsmasq --log-async

Confirm if logging is occuring

tail -f /opt/var/log/dnsmasq.log

Logging is occuring as far as I can see:

You can find my log here: https://github.com/obs0lete/Misc/blob/master/dnsmasq.log

Confirm Accept DNS Configuration is not set to Exclusive (0=Disabled,1=Relaxed,2=Strict,3=Exclusive)

nvram get vpn_client1_adns

This is set to 0:

nvram get vpn_client1_adns
0

 

[Olivier L]

x3mrouting is just so great. Congrats and many thanks for that.

I use it to bypass MyCanal (french streaming app) from VPN 1 thanks to

sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 MYCANAL dnsmasq=canal-plus.com,canal-plus.net,canalplus-bo.net,canalplus-cdn.net,canalplus.com,canalplus.pro dir=/mnt/cleusb/backup

Also use it for Netflix and Prime Video.

I route for some devices all flux through vpn except Mycanal, NetFlix, Prime vidéo.

Also it is excellent we can route vpn server through a vpn client with sh /jffs/scripts/x3mRouting/x3mRouting.sh server=1 client=3.

This is perfect. Thanks again.

 

[humanoid769]

There are some useful entware packages available. There are prior posts about the most useful entware packages on the forum.

x3mRouting uses entware for three purposes.
1. The entware package jq is required to process Amazon AWS json file containing IP addresses.
2. The entware directory /opt/tmp is used as the save/backup location for IPSET files that are used to load IPSET lists from.
3. Utilize the /opt/bin directory to create shortcut commands for x3mRouting.sh and x3mRouting_Menu.sh.

I'll add some better error handling if the entware not installed condition is encountered though.

SO can I assume that if I manage to get them onto my router they just magically work or is there work I need to carry out to it.. I am not a router expert but I do understand PC's etc.. I am just finding everything on here way above my capability as I have reset my router back to the basics (Factory reset) and starting again

 

[Xentrk]

Yes, I did restart it

Aug  8 12:30:51 rc_service: service 9985:notify_rc restart_dnsmasq

Yes, I show the same results as you.



Yes, the processes exist:

dnsmasq --log-async
dnsmasq --log-async
rep dnsmasq --log-async

Logging is occuring as far as I can see:

You can find my log here: https://github.com/obs0lete/Misc/blob/master/dnsmasq.log



This is set to 0:

nvram get vpn_client1_adns
0

Everything checks out in the info you provided. What I don't see are any "query" records in dnsmasq.log. Go to a website and see if it logs the query record.. Also note the "ipset add" entries for IPSET lists in my log file snip below.

Aug  9 07:39:15 dnsmasq[32460]: ipset add MOVETV 67.26.57.252 cbd46b77.cdn.cms.movetv.com.c.footprint.net
Aug  9 07:39:15 dnsmasq[32460]: reply cbd46b77.cdn.cms.movetv.com.c.footprint.net is 67.26.57.252
Aug  9 07:39:16 dnsmasq[32460]: query[A] secure-dcr.imrworldwide.com from 192.168.22.165
Aug  9 07:39:16 dnsmasq[32460]: /opt/share/diversion/list/blockinglist secure-dcr.imrworldwide.com is 192.168.22.2
Aug  9 07:39:17 dnsmasq[32460]: query[A] ichnaea.netflix.com from 192.168.22.165
Aug  9 07:39:17 dnsmasq[32460]: cached ichnaea.netflix.com is <CNAME>
Aug  9 07:39:17 dnsmasq[32460]: cached ichnaea.geo.netflix.com is <CNAME>
Aug  9 07:39:17 dnsmasq[32460]: forwarded ichnaea.netflix.com to 1.1.1.1
Aug  9 07:39:17 dnsmasq[32460]: reply ichnaea.netflix.com is <CNAME>
Aug  9 07:39:17 dnsmasq[32460]: reply ichnaea.geo.netflix.com is <CNAME>
Aug  9 07:39:17 dnsmasq[32460]: ipset add NETFLIX-DNS 52.34.255.169 ichnaea.us-west-2.prodaa.netflix.com
Aug  9 07:39:17 dnsmasq[32460]: reply ichnaea.us-west-2.prodaa.netflix.com is 52.34.255.169
Aug  9 07:39:17 dnsmasq[32460]: ipset add NETFLIX-DNS 54.148.229.18 ichnaea.us-west-2.prodaa.netflix.com

tail -f /opt/var/log/dnsmasq.log | grep query

What router model and firmware release are you on?

Are you able to perform an nslookup on a domain? e.g. nslookup github.com
Do you see a query entry in dnsmasq.log? Try toggling the setting on/off Tools->Other Settings Wan: Use local caching DNS server as system resolver (default: No) to see if it matters. Some of us experienced an issue with this.

On the LAN->DHCP Server tab, make sure DNS Server 1 and 2 are empty.

Are you using unbound?

If the above doesn't work, I can ask @thelonelycoder , the author of Diversion and amtm for his thoughts as to why the query records are not getting logged.

 

[Xentrk]

SO can I assume that if I manage to get them onto my router they just magically work or is there work I need to carry out to it.. I am not a router expert but I do understand PC's etc.. I am just finding everything on here way above my capability as I have reset my router back to the basics (Factory reset) and starting again

First start by accessing amtm and you will get a list of third party features and programs. Many use one or more entware packages. They will take care of the configuration as appropriate. Sonfiguration is required for some packages. Others just require an install. For example, the package openssh-sftp-server allows me to use an sftp session on the router to get a windown explorer type view into the file system. I just type opkg install openssh-sftp-server and no more setup is required. But the unbound package requires additional configuration.

 

[Jack Yaz]

First start by accessing amtm and you will get a list of third party features and programs. Many use one or more entware packages. They will take care of the configuration as appropriate. Sonfiguration is required for some packages. Others just require an install. For example, the package openssh-sftp-server allows me to use an sftp session on the router to get a windown explorer type view into the file system. I just type opkg install openssh-sftp-server and no more setup is required. But the unbound package requires additional configuration.

You don't need to use that sftp package for that. Use winscp and make sure you set the connection type to scp, same result without requiring entware

 

[humanoid769]

First start by accessing amtm and you will get a list of third party features and programs. Many use one or more entware packages. They will take care of the configuration as appropriate. Sonfiguration is required for some packages. Others just require an install. For example, the package openssh-sftp-server allows me to use an sftp session on the router to get a windown explorer type view into the file system. I just type opkg install openssh-sftp-server and no more setup is required. But the unbound package requires additional configuration.

Wow that's is brilliant thanks I will look through the list and put on what I need ... my key one was to route my IPTV via VPN and allow access to Netflix UK Amazon & BBC Iplayer .... is it easy to add others lite ITV hub and pssibily My5 if they don't work?

 

[Xentrk]

Wow that's is brilliant thanks I will look through the list and put on what I need ... my key one was to route my IPTV via VPN and allow access to Netflix UK Amazon & BBC Iplayer .... is it easy to add others lite ITV hub and pssibily My5 if they don't work?

The challenge is knowing the domain names and/or ip addresses to use. The key is to have dnsmasq logging enabled to help with the analysis. An nslookup on a domain name can be used as a starting point. It will return associated IPv4 addresses. The entware package whob can be used to find the ASN for the IP address e.g. whob 172.27.16.22.

The getdomainnames.sh and autoscan.sh scripts can be used to see what domain names are being used.

 

[humanoid769]

The challenge is knowing the domain names and/or ip addresses to use. The key is to have dnsmasq logging enabled to help with the analysis. An nslookup on a domain name can be used as a starting point. It will return associated IPv4 addresses. The entware package whob can be used to find the ASN for the IP address e.g. whob 172.27.16.22.

The getdomainnames.sh and autoscan.sh scripts can be used to see what domain names are being used.

I will get that all set up tomorrow some how .. thank you for your support ... Is it easy to add the new info when/if I find it?

 

[mister]

Hi Xentrk,
I came from the first version of your script and updated it to the actual version a long time ago. It works more or less, because some routing didn´t work for my streaming service (ZDF).
If I am directly connected with the VPN via mobile app, it is working, but not with the router only. So some routing didn´t worked.
I wanted to solve the problem with you getdomainname script, but there came the problem.
I added as you described the logging lines to the file:
log-async
log-queries
log-facility=/opt/var/log/dnsmasq.log

and restarted dnsmasq.
After that time, no internet traffice for all my devices was possible.
I restarted the router no effect. I deleted the lines and the internet everything was fine.
What did I wrong ?

Thanks a lot for your support.

Hugo.


ug 9 11:18:44 watchdog: start ddns.
Aug 9 11:18:44 rc_service: watchdog 1317:notify_rc start_ddns
Aug 9 11:18:44 custom_script: Running /jffs/scripts/service-event (args: start ddns)
Aug 9 11:18:44 start_ddns: update CUSTOM , wan_unit 0
Aug 9 11:18:44 rc_service: watchdog 1317:notify_rc start_dnsmasq
Aug 9 11:18:44 custom_script: Running /jffs/scripts/service-event (args: start dnsmasq)
Aug 9 11:18:44 custom_config: Appending content of /jffs/configs/dnsmasq.conf.add.
Aug 9 11:18:44 custom_script: Running /jffs/scripts/dnsmasq.postconf (args: /etc/dnsmasq.conf)
Aug 9 11:18:44 Diversion: restarted Dnsmasq to apply settings
Aug 9 11:18:44 stubby[7797]: Read config from file /etc/stubby/stubby.yml
Aug 9 11:18:44 dnsmasq[7800]: illegal repeated keyword at line 60 of /etc/dnsmasq.conf
Aug 9 11:18:44 dnsmasq[7800]: FAILED to start up
Aug 9 11:18:44 wlceventd: WLCEVENTD wlceventd_proc_event(481): eth5: Disassoc 56:2D:B4:AC:56:FE, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8)
Aug 9 11:19:09 rc_service: httpd 1309:notify_rc restart_rstats;restart_conntrack;restart_dnsmasq
Aug 9 11:19:09 custom_script: Running /jffs/scripts/service-event (args: restart rstats)
Aug 9 11:19:09 custom_script: Running /jffs/scripts/service-event (args: restart conntrack)
Aug 9 11:19:09 modprobe: module nf_conntrack_proto_gre not found in modules.dep
Aug 9 11:19:09 modprobe: module nf_nat_proto_gre not found in modules.dep
Aug 9 11:19:09 modprobe: module nf_conntrack_pptp not found in modules.dep
Aug 9 11:19:09 modprobe: module nf_nat_pptp not found in modules.dep
Aug 9 11:19:09 custom_script: Running /jffs/scripts/service-event (args: restart dnsmasq)
Aug 9 11:19:09 custom_config: Appending content of /jffs/configs/dnsmasq.conf.add.
Aug 9 11:19:09 custom_script: Running /jffs/scripts/dnsmasq.postconf (args: /etc/dnsmasq.conf)
Aug 9 11:19:10 Diversion: restarted Dnsmasq to apply settings
Aug 9 11:19:10 stubby[8069]: Read config from file /etc/stubby/stubby.yml
Aug 9 11:19:10 dnsmasq[8071]: illegal repeated keyword at line 60 of /etc/dnsmasq.conf
Aug 9 11:19:10 dnsmasq[8071]: FAILED to start up
Aug 9 11:19:14 watchdog: start ddns.
Aug 9 11:19:14 rc_service: watchdog 1317:notify_rc start_ddns
Aug 9 11:19:14 custom_script: Running /jffs/scripts/service-event (args: start ddns)
Aug 9 11:19:14 start_ddns: update CUSTOM , wan_unit 0
Aug 9 11:19:14 rc_service: watchdog 1317:notify_rc start_dnsmasq
Aug 9 11:19:14 custom_script: Running /jffs/scripts/service-event (args: start dnsmasq)
Aug 9 11:19:14 custom_config: Appending content of /jffs/configs/dnsmasq.conf.add.
Aug 9 11:19:14 custom_script: Running /jffs/scripts/dnsmasq.postconf (args: /etc/dnsmasq.conf)
Aug 9 11:19:14 Diversion: restarted Dnsmasq to apply settings

 

[Xentrk]

I will get that all set up tomorrow some how .. thank you for your support ... Is it easy to add the new info when/if I find it?

Yes, becuase all of the set up and config is done automatically. The most difficult part is becoming familiar with the usage syntax.