x3mRouting x3mRouting ~ Selective Routing for Asuswrt-Merlin Firmware

[Xentrk]

x3mRouting Update (No Version Change for x3mRouting Menu) 24 October, 2020

Update Process
Both amtm and the x3mMenu will show an update is available. Access x3mMenu via amtm or type x3mMenu to access. Run option 7 to update the x3mMenu. There is no version or code changes to the x3mMenu. After the x3mMenu update, run option 5 to update x3mRouting.sh. x3mvnrouting.sh will also get updated if you have Option 1 or 2 installed.

Change Log
x3mRouting.sh

• Prevent concurrent processing of x3mRouting.sh. Only one instance of x3mRouting.sh can run at a time. The first entry in nat-start will run before the second entry can begin and so on.
• Update how ip rules for fwmarks gets created
• Display msg to user that 'dir=' parm is ignored when using the ASN Method. (ASN method now loads IPv4 addresses directly to memory and no longer first downloads the IPv4 addresses to disk). Drop the 'dir=' reference before adding script entry to nat-start.

x3mvpnroutings.sh (used by option 1 and 2)

• Update how ip rules for fwmarks gets created to fix issue where fmwark is accidentally removed
• log messages to system log
• Update logger to use correct program name

 

[tejesh83]

Nice, thx for the updates!

Question, when running x3mMenu, I'm not seeing an option 7 listed to update the menu. Instead, the menu stops at Option 6. Typing Option 7 still works however. Was this intentionally hidden from the menu list?

 

[Xentrk]

Nice, thx for the updates!

Question, when running x3mMenu, I'm not seeing an option 7 listed to update the menu. Instead, the menu stops at Option 6. Typing Option 7 still works however. Was this intentionally hidden from the menu list?

The option only displays if there is either a version or md5sum difference. There was no version change. I added a few spaces to the end of a comment line so amtm flags that an update is available. There were no code changes to the menu. But I appear to be getting a md5sum even after I updated the menu. I will have to investigate. Many of the 3rd party developers use this code.

Local MD5SUM

md5sum "/jffs/addons/x3mRouting/x3mRouting_Menu.sh" | awk '{print $1}'
9a3f6472944145bc1877b0437bf7e59a

GitHub MDSUM

curl -fsL --retry 3 "https://raw.githubusercontent.com/Xentrk/x3mRouting/master/x3mRouting_Menu.sh/x3mRouting_Menu.sh" | md5sum | awk '{print $1}'

d41d8cd98f00b204e9800998ecf8427e

When I run a code trace the md5sum of the local and server do match though.

+ md5sum /jffs/addons/x3mRouting/x3mRouting_Menu.sh
+ awk {print $1}
+ localmd5=9a3f6472944145bc1877b0437bf7e59a
+ curl -fsL --retry 3 https://raw.githubusercontent.com/Xentrk/x3mRouting/master/x3mRouting_Menu.sh
+ awk {print $1}
+ md5sum
+ remotemd5=9a3f6472944145bc1877b0437bf7e59a
+ [ 9a3f6472944145bc1877b0437bf7e59a != 9a3f6472944145bc1877b0437bf7e59a ]

 

[ewokuk]

Do you just have option 3 installed - x3mRouting.sh script and openvpn-event?

If it stops working in the future, make sure the iptables rule exists.

iptables -nvL PREROUTING -t mangle --line

Also, check the system log for clues. x3mRouting is very verbose which will help debug.

It has just done it again after I needed to reboot the router a couple of times. I couldn't see anything mentioning bbc or xem in the system log (but it is set to log level of warning so that may be why?). iptables shows this:

Chain PREROUTING (policy ACCEPT 2541K packets, 2873M bytes)
num pkts bytes target prot opt in out source destina tion
1 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0 /0 match-set NETFLIX dst MARK or 0x8000
2 531 32211 MARK all -- br0 * 0.0.0.0/0 0.0.0.0 /0 match-set AMAZON_EU dst MARK or 0x8000
3 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0 /0 match-set BBC dst MARK or 0x8000
4 960 49792 MARK all -- br0 * 0.0.0.0/0 0.0.0.0 /0 match-set AMAZON_GLOBAL dst MARK or 0x8000
5 265 15566 MARK all -- br0 * 0.0.0.0/0 0.0.0.0 /0 match-set AMAZON_US dst MARK or 0x8000
6 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0 /0 match-set LOTTERY dst MARK or 0x8000

Same as last time, bbc doesn't work, but everything else still does. I am guessing there is an ip somewhere that is not being caught in the bbc asn which randomly comes around and when it does it causes this as it doesn't bypass the vpn? It has been fine, since it suddenly started working by itself last friday. Not sure if the router reboots are the cause or a coincidence (I did not reboot it last time it did this so probably not related). I am using the latest version from saturday and option 3 only.

 

[ugandy]

will this work:
x3mRouting ipset_name=PT dnsmasq=pt
to define addresses in *.pt ?

or will this work:
x3mRouting ALL 1 PT aws_region=PT


thanks

 

[Xentrk]

It has just done it again after I needed to reboot the router a couple of times. I couldn't see anything mentioning bbc or xem in the system log (but it is set to log level of warning so that may be why?). iptables shows this:

Chain PREROUTING (policy ACCEPT 2541K packets, 2873M bytes)
num pkts bytes target prot opt in out source destina tion
1 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0 /0 match-set NETFLIX dst MARK or 0x8000
2 531 32211 MARK all -- br0 * 0.0.0.0/0 0.0.0.0 /0 match-set AMAZON_EU dst MARK or 0x8000
3 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0 /0 match-set BBC dst MARK or 0x8000
4 960 49792 MARK all -- br0 * 0.0.0.0/0 0.0.0.0 /0 match-set AMAZON_GLOBAL dst MARK or 0x8000
5 265 15566 MARK all -- br0 * 0.0.0.0/0 0.0.0.0 /0 match-set AMAZON_US dst MARK or 0x8000
6 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0 /0 match-set LOTTERY dst MARK or 0x8000

Same as last time, bbc doesn't work, but everything else still does. I am guessing there is an ip somewhere that is not being caught in the bbc asn which randomly comes around and when it does it causes this as it doesn't bypass the vpn? It has been fine, since it suddenly started working by itself last friday. Not sure if the router reboots are the cause or a coincidence (I did not reboot it last time it did this so probably not related). I am using the latest version from saturday and option 3 only.

I switched to the dnsmasq method for BBC awhile ago and it's been very solid. I'll update the references on GitHub.

sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 3 BBC_WEB dnsmasq=bbc.co.uk,bbc.com,bbc.gscontxt.net,bbci.co.uk,bbctvapps.co.uk,ssl-bbcsmarttv.2cnt.net

The scripts in Option 4 can be used to mine domain names. dnsmasq logging needs to be enabled as well. If you still have issues, let me know.

 

[Xentrk]

will this work:
x3mRouting ipset_name=PT dnsmasq=pt
to define addresses in *.pt ?

or will this work:
x3mRouting ALL 1 PT aws_region=PT


thanks

dnsmasq method requires the top level domain name. BBC example:

sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 3 BBC_WEB dnsmasq=bbc.co.uk,bbc.com,bbc.gscontxt.net,bbci.co.uk,bbctvapps.co.uk,ssl-bbcsmarttv.2cnt.net

You need to specify a valid region for the Amazon Method.

Valid Amazon AWS Regions

    AP - Asia Pacific
    CA - Canada
    CN - China
    EU - European Union
    SA - South America
    US - USA
    GV - USA Government
    GLOBAL - Global

I changed to Global several months back and it works good for me.

 

[ewokuk]

I switched to the dnsmasq method for BBC awhile ago and it's been very solid. I'll update the references on GitHub.

sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 3 BBC_WEB dnsmasq=bbc.co.uk,bbc.com,bbc.gscontxt.net,bbci.co.uk,bbctvapps.co.uk,ssl-bbcsmarttv.2cnt.net

The scripts in Option 4 can be used to mine domain names. dnsmasq logging needs to be enabled as well. If you still have issues, let me know.

thanks, used your example and after a router reboot bbc is working again. I might have to figure out how to use option 4 and dnsmasq logging incase I need to add stuff in future (when bbc changes or adds new domains etc).

 

[Xentrk]

thanks, used your example and after a router reboot bbc is working again. I might have to figure out how to use option 4 and dnsmasq logging incase I need to add stuff in future (when bbc changes or adds new domains etc).

The instructions to add dnsmasq logging are on the link I sent earlier. Or, you can install Diversion and it will configure dnsmasq logging for you.

I generated those domains by forcing all traffic to use VPN connection in UK. Then, I surfed BBC website and selected all of the options on my broswer. I then did the same with the iPlayer app on my iPad and FireTV. Those domains have been stable for awhile now.

Using the scripts in Option 4 are the tools I used to analyze what domains are being referenced. Not sure why the ASN for BBC don't work on their own. I suspect CDN are in play. If you need help with the option 4 scripts, just ping me. I love the new ASN Lookup Tool feature. I wish I had it when I first got into this.

 

[mr8]

Not sure if it's a bug, but just wanted to point out that you need an extra blank line at the end of your dnsmasq_file or it will not read the last domain.

I couldn't figure out why my dnsmasq_file with 1 line wasn't working till I added an extra line to my dnsmasq_file.