Thank you for pushing me to the right direction! It was not the modprobe issue, as my error came from deleting old rules, but I started digging to ipset logic and finally realized that iptables rule a) works over forwarded packets only and b) traceroute is not the right way to check tcp packets. I changed the iptables chain to the one below and traceroute from remote client worked like a charm:Other AC68U users have reported the same issue when trying selective routing. I did a search and found one user added modprobe xt_set.ko and that fixed his issues. https://www.snbforums.com/threads/n...s-ipset-in-ac68u-v380-66_4.39600/#post-330072
iptables -t mangle -A PREROUTING -i br0 -p all -m set --match-set vpn-whitelist dst -j MARK --set-mark "$FWMARK_OVPNC2"
Anyway thanks a lot, and if you will have any idea how to have selective routing for requests from router - that also would be great!