DomainVPNRouting Domain VPN Routing v3.2.3 ***Release***

[Ranger802004]

I'll look into the ASN issue guys.

 

[Ranger802004]

See this comment.

Query ASN - ***Error*** Attempt 1 failed to query ASN · Issue #114 · Ranger802004/asusmerlin

I started getting errors in the log: Oct 31 01:16:13 domain_vpn_routing: Query ASN - Querying ASN: AS62041 Oct 31 01:16:14 domain_vpn_routing: Query ASN - ***Error*** Attempt 1 failed to query ASN:...

github.com

 

[Ranger802004]

***v3.2.3 released to production channel****

Release Notes:
v3.2.3 - 11/04/2025
Enhancements:
- Added a prompt to ask if running instances of Domain VPN Routing should be killed before an update takes place.
- Added alternative detection of Entware being installed.

Fixes:
- Fixed issue where some update processes would not clean up the lock file.
- Fixed issue with properly setting reverse path filter for WAN interface in Single WAN mode.

 

[ComputerSteve]

See this comment.

Query ASN - ***Error*** Attempt 1 failed to query ASN · Issue #114 · Ranger802004/asusmerlin

I started getting errors in the log: Oct 31 01:16:13 domain_vpn_routing: Query ASN - Querying ASN: AS62041 Oct 31 01:16:14 domain_vpn_routing: Query ASN - ***Error*** Attempt 1 failed to query ASN:...

github.com

It's doing it not only for me though !

 

[Ranger802004]

It's doing it not only for me though !

Did you test my recommendation?

 

[ComputerSteve]

It's working now ! I think you need a backup or a way to change the url that you're pulling the ASN from because it wasn't working for a couple of us for a few days !

 

[Ranger802004]

It's working now ! I think you need a backup or a way to change the url that you're pulling the ASN from because it wasn't working for a couple of us for a few days !

Again, refer to my comment on GitHub.

 

[penguin22]

VPN Routing is such a helpful add-on and addresses sites/services that just refuse to work going over VPN, with or without dedicated IP, etc.

One enhancement that would be useful is to adjust the logging to support scribe, so that it is separate from the System Messages logging. I checked that all policies that I have configured do not have verbose logging enabled, yet see debug logging in system messaging each time the cron job runs. While I'm happy for the validation in the logs, would prefer them to have their own section with support for scribe if possible.

 

[Kingp1n]

VPN Routing is such a helpful add-on and addresses sites/services that just refuse to work going over VPN, with or without dedicated IP, etc.

One enhancement that would be useful is to adjust the logging to support scribe, so that it is separate from the System Messages logging. I checked that all policies that I have configured do not have verbose logging enabled, yet see debug logging in system messaging each time the cron job runs. While I'm happy for the validation in the logs, would prefer them to have their own section with support for scribe if possible.

You can possibly submit a request thru GitHub:

Post in thread 'Domain VPN Routing v3.2.3 ***Release***' https://www.snbforums.com/threads/domain-vpn-routing-v3-2-3-release.92029/post-930670

 

[Tarek Yag]

One enhancement that would be useful is to adjust the logging to support scribe, so that it is separate from the System Messages logging.

In general, every process/service/script in Merlin firmware, interface with the same logging service/facility the same way for producing log messages. It's the logging service/facility responsibility to process the log entries it receives. This means that the scribe script utilizing the syslog-ng service is the one responsible for processing all messages produced by DomainVPNRouting, hence, filtering and categorizing all its messages.

I checked that all policies that I have configured do not have verbose logging enabled, yet see debug logging in system messaging each time the cron job runs.

Yep, the script's developer has done amazing and an outstanding work on the logging system for their script and it's super precise and helpful even without having verbose logging enabled for any policy.

While I'm happy for the validation in the logs, would prefer them to have their own section with support for scribe if possible.

I think what you're actually interested in, is a log filtering definition file to add to scribe's filters folder so that it can filter DomainVPNRouting. It's as simple as creating a new file in a specific folder of scribe's script then restarting syslog-ng service.
I'll provide an example file and all needed instructions, for the benefit of everyone, in my next post.

 

[Tarek Yag]

This is an example syslog-ng filter file to filter all DomainVPNRouting script log messages into a separate log file for use with Scribe script.
It's a very simple contribution from me, and you can customize it as much as you want to meet all of your needs.

Follow the steps below to add it into your current syslog-ng setup:
1. SSH into your router as usual

2. Make a new file named domainvpnrouting using your preferred text editor (I prefer nano) at /opt/etc/syslog-ng.d/

nano /opt/etc/syslog-ng.d/domainvpnrouting

3. Fill your new file with the following example filter code: (also attached with this post as a text file for ease of copying)

# FILTER DomainVPNRouting script log messages
# DISCARD lower level log messages
#
# Created by: Tarek Yag @ SNBForums


destination d_domainvpn {
    file("/opt/var/log/DomainVPNRouting.log");
};

# Filter desired level messages (notice to emergecy, inclusive)
filter f_domainvpn {
    program("domain_vpn_routing") and level(notice..emerg);
};

# Filter lower level messages (debug and info)
filter x_domainvpn {
    program("domain_vpn_routing") and level(debug..info);
};

# Remove lower level log messages
log {
    source(src);
    filter(x_domainvpn);
    flags(final);
};

# Log filtered log messages
log {
    source(src);
    filter(f_domainvpn);
    destination(d_domainvpn);
    flags(final);
};

#eof

4. Give the new file the same permissions as all other files in the folder using command:

chmod 600 /opt/etc/syslog-ng.d/domainvpnrouting

5. Run the following command to restart syslog-ng service:

/opt/etc/init.d/S01syslog-ng restart

6. If you have uiScribe installed in your setup, you need to enable the display of the newly created log file using uiScribe's WebUI.
Alternatively, you can simply reset all displayed log files using the following NON-standard two commands I personally use:

echo "uiscribe_logs_enabled" >> /jffs/addons/custom_settings.txt
service start_uiScribeconfig

7. You're all set up and ready to go!

Since this is a public contribution that can be used by any DomainVPNRouting user, I'm open for any suggestions to alter/improve this example filter.

 

[penguin22]

This worked perfectly and was the exact outcome/process I was looking to achieve. With other add-ons, the option to enable scribe/uiscribe is typically menu driven, so even having these reproducible steps is just as good and makes reviewing the System Messages that much easier.

Knowing this would also lead me to believe that it could be applied to other desired log separations as well, such as dnsmasq-dhcp[11146] or hostapd entries if needed, but for now, I greatly appreciate the time and knowledge!

 

[Tarek Yag]

This worked perfectly and was the exact process I was looking to achieve.

I'm super glad that this has worked for you!

With other add-ons, the option is typically menu driven, so even having these reproducible steps is just as good and makes reviewing the System Messages that much easier.

Yep! These filters are super powers for logging. I always use them for all of my logging needs. My logs are always categorized, filtered, and sorted exactly as I want them to be.

Knowing this would also lead me to believe that it could be applied to other desired log separations as well, such as dnsmasq-dhcp[11146] or hostapd entries if needed

It seems like you didn't read enough through scribe tips. There are a lot of example filter files for syslog-ng that works for many other services and scripts. They already come with Scribe script installation. Take a look at the following folder in your router's setup

/opt/share/syslog-ng/examples/

I greatly appreciate the time and knowledge!

You're welcome, and good luck!
Just always try not to include debug level log entries if not really needed, because they pile up much faster than you would expect.

 

[penguin22]

You're welcome, and good luck!
Just always try not to include debug level log entries if not really needed, because they pile up much faster than you would expect.

Interestingly, I didn't actively enable debug logging for domainvpnrouting, they are collected following a clean installation and I don't see a configuration setting to disable. In fact, the only logging that is prompted is when creating a new policy.

 

[Tarek Yag]

Interestingly, I didn't actively enable debug logging for domainvpnrouting, they are collected following a clean installation and I don't see a configuration setting to disable.

There's no separate debug-level logging option built-in within DomainVPNRouting. It all depends on the logging facility as I explained previously.

My bad, it shouldn't have logged debug log messages, but I made a tiny mistake by having the word "and" in the second line of the filter conditions instead of the first line. So, I just corrected it in the original log filter file. Moreover, the filter file I made does not discard lower level log messages, but these should have gone to the main system log instead of going to the same log file.

I've gone ahead with editing the example log filter file above to discard lower level log messages while adding more than enough comment lines for description. I changed the previous behavior to discard "info" level messages too, you can always decide on which levels you want and which you don't by editing the relevant levels in the file.

Now, you can simply update your filter file, then restart syslog-ng service, to get all changes into effect.

[EDIT] Side note: At first, I didn't include the mechanism to discard lower level log messages (in the first version of my example filter) because I have them discarded in another filter file in my own setup, which is much more complex.
Now, the current example log filter file above should be a perfect fit for anyone filtering DomainVPNRouting log messages.

 

[penguin22]

There's no separate debug-level logging option built-in within DomainVPNRouting. It all depends on the logging facility as I explained previously.

My bad, it shouldn't have logged debug log messages, but I made a tiny mistake by having the word "and" in the second line of the filter conditions instead of the first line. So, I just corrected it in the original log filter file. Moreover, the filter file I made does not discard lower level log messages, but these should have gone to the main system log instead of going to the same log file.

I've gone ahead with editing the example log filter file above to discard lower level log messages while adding more than enough comment lines for description. I changed the previous behavior to discard "info" level messages too, you can always decide on which levels you want and which you don't by editing the relevant levels in the file.

Now, you can simply update your filter file, then restart syslog-ng service, to get all changes into effect.

[EDIT] Side note: At first, I didn't include the mechanism to discard lower level log messages (in the first version of my example filter) because I have them discarded in another filter file in my own setup, which is much more complex.
Now, the current example log filter file above should be a perfect fit for anyone filtering DomainVPNRouting log messages.

The update appears to have worked in clearing the debug logs. Following running a full query of all policies, I now see the following:

Nov 19 10:48:52 RT-BE88U domain_vpn_routing: Test IP Version - Testing IP Version: 5.11.0
Nov 19 10:48:52 RT-BE88U domain_vpn_routing: Test IP Version - IP Version: 5.11.0 passed
Nov 19 10:49:19 RT-BE88U domain_vpn_routing: Set Process Priority - Set Process Priority to 0
Nov 19 10:49:19 RT-BE88U domain_vpn_routing: Set Process Priority - Set Process Priority to 0
Nov 19 10:49:43 RT-BE88U domain_vpn_routing: Query Policy - Processing Time: 24 seconds
Nov 19 10:49:43 RT-BE88U domain_vpn_routing: Cleanup - Deleting /var/lock/domain_vpn_routing.lock
Nov 19 10:49:43 RT-BE88U domain_vpn_routing: Cleanup - Deleted /var/lock/domain_vpn_routing.lock

Interestingly, I don't know that I would have even bothered separating the logs from the System Messages log had debug logging not been enabled, since that was just a lot of noise compared to the signal I was trying to find. I still prefer the separation as it makes it far easier to see that this is running (even without debug logging showing), while also being able to more easily see if an error occurs without having to scour the main log.

 

[Tarek Yag]

Interestingly, I don't know that I would have even bothered separating the logs from the System Messages log had debug logging not been enabled

Always keep in mind that the basic system log (for both Stock and Merlin firmware) each have their own log level option, which appear in the WebUI before having Scribe script started up after Entware gets mounted.

These two options control the lowest level messages that get logged. That's probably why you didn't get "debug" messages earlier.

These two log level options can still be changed either by starting your router without Scribe for one reboot (commenting out Scribe's startup command in post-mount script), or by changing these two values through nvram from the router's CLI.

 

[penguin22]

Always keep in mind that the basic system log (for both Stock and Merlin firmware) each have their own log level option, which appear in the WebUI before having Scribe script started up after Entware gets mounted.

These two options control the lowest level messages that get logged. That's probably why you didn't get "debug" messages earlier.

These two log level options can still be changed either by starting your router without Scribe for one reboot (commenting out Scribe's startup command in post-mount script), or by changing these two values through nvram from the router's CLI.

In my setup process, Scribe is one of the first items I add through amtm, so I wouldn't have had logging (at least of Domain VPN Routing) without Scribe having been installed. Presumably, debug must be a default since it wasn't something I had adjusted to on my BE88U. I loaded Merlin on this immediately upon receipt.