Route add via SSH - persistent-how?

[Sysxp]

Hello!
I have an ASUS RT-AC68U running Asuswrt-Merlin 386.13.
I'm using the following command via SSH to get accees to subnet behind my pptp connection:

ip route add 192.168.100.0/24 via 192.168.77.1 dev pptp0

After this command everything works as intended. "LAN - Route" tab in Web interface does not work at all, or I don't understand HOW to make it do the same thing as my above command.

The problem is: my static route does not survive reboot.
Could you please tell me how can I make this command persistent, so it would work after the reboot?

I'm just SO frustrated that the MOST simple task as a STATIC ROUTE that can be achieved in 20 seconds on any zyxel or mikrotik router requires full 30 minutes of reading this forum just to find this SSH command that really works.
Please, tell me I'm stupid and this can be done in 20 seconds and how.

 

[Jeffrey Young]

The joys of working with an embedded distro.

I would add your route command to the services-start script.

User scripts

Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng

github.com

Is a good spot to start to learn about working with Asus-Merlin.

I say services-start script is a good spot, but you may in fact need to use the wan-event script as you might need to wait until the interface is up.

 

[Sysxp]

Jeffrey Young
Thank you for pointing me to the scrips direction.
I will enable JFFS and try to make a simple one for my needs.
I indeed have to wait for another router to connect to my ASUS for pptp0 to be ready, it usually happens very quickly.
Regarding your words about "the joys of working with an embedded distro" makes me laugh so hard, MAN, this is LITERAL TORTURE, OMG, I have to make a bloody SCRIPT to make a STATIC ROUTE, this is just madness.
Multiple times I had an URGE to throw it away and put a mikrotik ac2 and get everything done in 2 seconds, but NOOO, I have a feelings for my old ASUS, which works as my home router for about 10 years now, maybe more. I even remember when the TX power was unlocked for this router using merlin, and I was sitting on this fw for quite some time. Then was the drama with the TX power restrictions.. Oh, the good old days...

I will post how my script are doing when I make it.

Thank you again! =^_^=

P.S. If anyone having the same problem reading this - get a mikrotik, seriously.

 

[RMerlin]

Multiple times I had an URGE to throw it away and put a mikrotik ac2 and get everything done in 2 seconds

I can configure an OpenVPN server in 30 seconds on an Asus router. On a Mikrotik? It`s torture...

Different devices simply have different features.

 

[Jeffrey Young]

In all honesty, it is quite remarkable what @RMerlin has done with these little boxes given the physical limitations of the hardware. I am happy with my AX88U. I got Merlin specifically as I can adjust dnsmasq so that I can run a Samba4 AD in my home lab and still have the router handle DHCP and DNS for me.

Still, I think for the cost now of a decent x64 mini computer, I would opt for a full Linux system for my next router when my AX88U gives up.

 

[brt80fr]

Hello,

I’m almost certain that the LAN – Route page worked perfectly fine for me for years. But ever since I set up the WireGuard client (though I don’t think the two are related), this page has become useless: no matter what I enter, it no longer updates the routing table on my RT-AX58U.

I have no issue using user scripts if needed, but I’m wondering what happened—is it common for this page to stop affecting the router’s routing table?

Regards.

 

[Ripshod]

There is no routing possible on a VPN Tunnel.

 

[ColinTaylor]

Hello,

I’m almost certain that the LAN – Route page worked perfectly fine for me for years. But ever since I set up the WireGuard client (though I don’t think the two are related), this page has become useless: no matter what I enter, it no longer updates the routing table on my RT-AX58U.

Provide screenshots of what you're doing and what it is that you're seeing that doesn't work.

Disable the WireGuard client and see if it starts working as you expect.

 

[brt80fr]

There is no routing possible on a VPN Tunnel.

Thank you for your reply.

I’m not entirely sure I follow: I’ve been using the OpenVPN client on Asuswrt-Merlin for years to connect my LAN to my VPS. Other LANs (my parents’ network and my wife’s medical office) are also connected to this VPS via OpenVPN. My RT-AX58U routes all requests from my LAN to the VPS, which then forwards them to the other LANs. I have static routes set up for these two other LANs, with the VPS as the gateway. This setup has always worked flawlessly.

It’s true that I’ve never had to verify whether the routes listed in the LAN > Route page were actually reflected in the router’s routing table.

Similarly, today, through a WireGuard connection between my router and my VPS, I can communicate perfectly with my wife’s LAN (which is connected to the VPS via OpenVPN). The only difference is that I now need to add the route manually to the RT-AX58U using a user script—the LAN > Route page no longer updates the routing table.

 

[brt80fr]

Provide screenshots of what you're doing and what it is that you're seeing that doesn't work.

Disable the WireGuard client and see if it starts working as you expect.

Thanks for your reply.

Above is the LAN - Route page with the static route I need to reach a 192.168.1.0's LAN that is connected to my VPS through OpenVPN. Please assume that my own LAN (192.168.10.0) is well connected to the same VPS but through the RT-AX58U's Wireguard client. I need these two LANs to be able to communicate with each other through the VPS. But at this point, they can't.
Below is the RT-AX58U routing table, despite the settings configured in the LAN - Route page:

So you can see I just added the static route with SSH, and all is fine: the two LANs are able to communicate.

Of course the route to 192.168.1.0 isn't persistent, it's not a big deal, I can manage this with a user script.

But I wonder why the LAN - Route page can't do anymore what I have to do in the command line.

 

[ColinTaylor]

@brt80fr I've only done a quick test of this but it looks like the LAN - Route page doesn't support WireGuard client interfaces. The interface options are LAN, MAN, WAN and VPN. I don't think LAN is correct for WireGuard and I think VPN is for OpenVPN.

If you switch from WireGuard to OpenVPN I suspect it will work.

Perhaps you could use VPN Director instead of static routing.

I can't test this any further as I don't have the kind of setup that you do.

 

[brt80fr]

@ColinTaylor Oh, thank you! Contrary to what I initially wrote, it seems my issue is indeed related to switching to WireGuard. Previously, I used OpenVPN between the RT-AX58U and the VPS, which would explain why I didn’t encounter this problem before.

Since I want to stick with WireGuard for speed reasons, I’ll look into what VPN Director does and how it works. Thanks again!

 

[brt80fr]

For the record: I tried importing a WireGuard config file with PostUp directives to add routes—it didn’t work, as the directives were ignored. In the end, I added these routes directly in the wgclient-start script (and removed them in wgclient-stop).