Menu
What's new
By:
Filters Better Search

Policy based routing (manual method)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

mancio2

mancio2

Occasional Visitor
Hi All,
i have read the following guide:

https://github.com/RMerl/asuswrt-merlin/wiki/Policy-based-routing-(manual-method)

because i would like to create a script that manually add and remove rules to redirect specific clients routing all the traffic through the vpn.

I don't understand if in the router configuration i have to disable Redirect Internet traffic setting it to No, if i would like to do it manually. Which options for Redirect Internet traffic setting i have to set in the GUI?

After that, if i would like to add another rule for another client in the future, have i to run another time the script inside the guide? Or i could run the last command for a specific client?

Code: 
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.xx.xxx -j MARK --set-mark 0

Thank you in advance.
Alessandro
 
mancio2 said:
Hi All,
i have read the following guide:

https://github.com/RMerl/asuswrt-merlin/wiki/Policy-based-routing-(manual-method)

because i would like to create a script that manually add and remove rules to redirect specific clients routing all the traffic through the vpn.

I don't understand if in the router configuration i have to disable Redirect Internet traffic setting it to No, if i would like to do it manually. Which options for Redirect Internet traffic setting i have to set in the GUI?

After that, if i would like to add another rule for another client in the future, have i to run another time the script inside the guide? Or i could run the last command for a specific client?

Code: 
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.xx.xxx -j MARK --set-mark 0

Thank you in advance.
Alessandro
Click to expand...

The "guide" you have posted is flawed, and since the functionality is now included in the firmware, I recommend that it should not be used.

The firmware will correctly create the appropriate VPN Client routing table(s) when

"Redirect Internet traffic=Policy Rules" or "Redirect Internet traffic=Policy Rules(strict)"

So, unless you need to Selectively route Ports, MACs or IPSETs etc., then there is no need to use fwmark tagging.

However if you do need to use fwmarks, then it is easier to follow the fwmark settings proposed by myself and @Xentrk
 
Martineau said:
The "guide" you have posted is flawed, and since the functionality is now included in the firmware, I recommend that it should not be used.

The firmware will correctly create the appropriate VPN Client routing table(s) when

"Redirect Internet traffic=Policy Rules" or "Redirect Internet traffic=Policy Rules(strict)"

So, unless you need to Selectively route Ports, MACs or IPSETs etc., then there is no need to use fwmark tagging.

However if you do need to use fwmarks, then it is easier to follow the fwmark settings proposed by myself and @Xentrk
Click to expand...

Hi Martineau,
Thank you for your reply.
I would like to create a script which allow me to add or remove policy rules by command line instead of by GUI. This beacause in the future i would like to integrate it in an API Rest server.
Is there any guide or forum post that i could read about fwmark settings?

Thank you so much.
Alessandro.
 
I friend suggested I could use curl pointing to the web ui. This works of course only if the feature is available in the web interface. I just want to make it easy to enable/disable any of the 3 guest networks so curl approach will hopefully work for me.
 
mancio2 said:
@Martineau could you link me the fwmark settings proposed by you and @Xentrk please?
Click to expand...
These are the fwmarks and bitmasks that have been working for me when running five OpenVPN Clients on AC88U:

Code: 
set_fwmark_parms () {
    FWMARK_WAN="0x8000/0x8000"
    FWMARK_OVPNC1="0x1000/0x1000"
    FWMARK_OVPNC2="0x2000/0x2000"
    FWMARK_OVPNC3="0x4000/0x4000"
    FWMARK_OVPNC4="0x7000/0x7000"
    FWMARK_OVPNC5="0x3000/0x3000"
}
Repository: https://github.com/Xentrk/netflix-vpn-bypass
 
You must log in or register to reply here.

Similar threads

A
Policy-based port routing to bypass NordVPN client
Replies
10
Views
1K
Don->
D
deefour
Forcing device-specific port-range through VPN
Replies
9
Views
705
ZebMcKayhan
Z
S
Another DNS Director clarification
Replies
1
Views
468
L&LD
L&LD
M
Internal or External Captive Portal Solution
Replies
8
Views
380
mekabe remain
M
D
Question regarding OpenVPN Server configuration
Replies
5
Views
680
Deetlemore
D
Similar threads
Thread starter Title Forum Replies Date
A Policy-based port routing to bypass NordVPN client Asuswrt-Merlin 10
C VPN Policy rules director Asuswrt-Merlin 1
G Will Merlin firmware based on the new 3.0.0.6 version be available?when? Asuswrt-Merlin 3
M OpenVPN / site to site with special security/routing constraints Asuswrt-Merlin 7
Acru Bug Report: nvram chilli_enable=1 when guest network is removed causes no routing to occur Asuswrt-Merlin 2
G [Help] Routing VPN server through VPN client (external VPN Provider) Asuswrt-Merlin 14
P IPv6 routing table flags Asuswrt-Merlin 2
F Help with routing 2 VLAN's to the same Ethernet Port Asuswrt-Merlin 36
nothingness RT-AC86U VPN Director Not Routing Through WAN Asuswrt-Merlin 1
JCompagner Offloading ssl/tls for https (the router handling the https, routing http through) Asuswrt-Merlin 7

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 715 (members: 24, guests: 691)
Top