x3mRouting Using VPN Client Bypass Routing does not work

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

worf

Occasional Visitor
Hi. guys

I tried to use VPN Client Bypass Routing to configure Amazon AWS with Region CN to wan, but it did not work. Can you help me?

step

1. Accept DNS Configuration: Relaxed;

2. Force Internet traffic through tunnel: Policy Rules(strict)

3. run command x3mRouting 1 0 AMAZON_CN aws_region=CN


Through the above method, it does not work for me. I mean, I want matching ipset list to wan from CN area . Other regions still via VPN
 

Xentrk

Part of the Furniture
Hi. guys

I tried to use VPN Client Bypass Routing to configure Amazon AWS with Region CN to wan, but it did not work. Can you help me?

step

1. Accept DNS Configuration: Relaxed;

2. Force Internet traffic through tunnel: Policy Rules(strict)

3. run command x3mRouting 1 0 AMAZON_CN aws_region=CN


Through the above method, it does not work for me. I mean, I want matching ipset list to wan from CN area . Other regions still via VPN
Use this command to check that the ipset list is populated:
Code:
ipset -L AMAZON_CN

Verify the iptables routing rule got created. The packets number will increase as traffic traverses the chain.
Code:
iptables -nvL PREROUTING -t mangle --line

Display the RPDB routing priority database rules for the fwmarks, VPN Server, VPN Server and LAN Clients:
Code:
ip rule

You should see a fwmark for WAN which is Priroity 9990 and it should be listed before the rules for lan clients. Example:
Code:
0:      from all lookup local
9990:   from all fwmark 0x8000/0x8000 lookup main
9991:   from all fwmark 0x3000/0x3000 lookup ovpnc5
9992:   from all fwmark 0x7000/0x7000 lookup ovpnc4
9993:   from all fwmark 0x4000/0x4000 lookup ovpnc3
9994:   from all fwmark 0x2000/0x2000 lookup ovpnc2
9995:   from all fwmark 0x1000/0x1000 lookup ovpnc1
10104:  from 192.168.1.150 lookup ovpnc1
10105:  from 192.168.1.151 lookup ovpnc1
10106:  from 192.168.1.153 lookup ovpnc1
10107:  from 192.168.1.154 lookup ovpnc1
10301:  from 192.168.1.165 lookup ovpnc2
10302:  from 192.168.1.149 lookup ovpnc2
10303:  from 192.168.1.152 lookup ovpnc2
32766:  from all lookup main
32767:  from all lookup default

Lastly, try the GLOBAL region to route ALL Amazon traffic to the WAN.
Code:
x3mRouting  1  0 AMAZON aws_region=GLOBAL
 
Last edited:

worf

Occasional Visitor
I am really confused, my method via dnsmasq still does not work.

I just added a command

Code:
x3mRouting 1 0 dns_domains dnsmasq_file=/jffs/scripts/dns_domains

[email protected]:/tmp/home/root# cat /jffs/scripts/dns_domains
qq.com
baidu.com
[email protected]:/tmp/home/root#


Code:
[email protected]:/tmp/home/root# iptables -nvL PREROUTING -t mangle --line
Chain PREROUTING (policy ACCEPT 4096 packets, 446K bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1       24  1080 MARK       all  --  br0    *       0.0.0.0/0            0.0.0.0/0            match-set dns_domains dst MARK or 0x8000


Code:
[email protected]:/tmp/home/root# ip rule
0:    from all lookup local
9990:    from all fwmark 0x8000/0x8000 lookup main
9995:    from all fwmark 0x1000/0x1000 lookup ovpnc1
32766:    from all lookup main
32767:    from all lookup default
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top