x3mRouting x3mRouting ~ Selective Routing for Asuswrt-Merlin Firmware

[Xentrk]

Here is a snip of code from the new version that you can use to find domain names to use for the dnsmasq method:

#!/bin/sh
SCAN_SPACE_LIST=$(echo "$@" | sed -n "s/^.*autoscan=//p" | awk '{print $1}' | tr ',' ' ')

true >/opt/tmp/DOMAIN_LIST

for TOP_LEVEL_DOMAIN in $SCAN_SPACE_LIST; do
  SCAN_LIST=$(grep "$TOP_LEVEL_DOMAIN" "/opt/var/log/dnsmasq.log" | grep query | awk '{print $(NF-2)}' | awk -F\. '{print $(NF-1) FS $NF}' | sort | uniq)
  [ -n "$SCAN_LIST" ] && echo "$SCAN_LIST" >>/opt/tmp/DOMAIN_LIST
done

cat /opt/tmp/DOMAIN_LIST

First thing to do is route all traffic to the tunnel you want to go to. Then, go to the website and select all the options and watch a video or two to generate traffic and create dnsmasq.log entries.

Search for one domain. You can use "disney" or a shorter version such as "dis" to catch deviations
sh test.sh autoscan=dis

demdex.net
disney-plus.net
disneyplus.com
go.com

Another example using more than one parameter

sh test.sh autoscan=dis,moz

demdex.net
disney-plus.net
disneyplus.com
go.com
mozaws.net
mozilla.com
mozilla.net
mozilla.org
mozit.cloud

This is a better example of a deviation from "mozilla" vs "mozit"

 

[Kingp1n]

Here is a snip of code from the new version that you can use to find domain names to use for the dnsmasq method:

#!/bin/sh
SCAN_SPACE_LIST=$(echo "$@" | sed -n "s/^.*autoscan=//p" | awk '{print $1}' | tr ',' ' ')

true >/opt/tmp/DOMAIN_LIST

for TOP_LEVEL_DOMAIN in $SCAN_SPACE_LIST; do
  SCAN_LIST=$(grep "$TOP_LEVEL_DOMAIN" "/opt/var/log/dnsmasq.log" | grep query | awk '{print $(NF-2)}' | awk -F\. '{print $(NF-1) FS $NF}' | sort | uniq)
  [ -n "$SCAN_LIST" ] && echo "$SCAN_LIST" >>/opt/tmp/DOMAIN_LIST
done

cat /opt/tmp/DOMAIN_LIST

First thing to do is route all traffic to the tunnel you want to go to. Then, go to the website and select all the options and watch a video or two to generate traffic and create dnsmasq.log entries.

Search for one domain. You can use "disney" or a shorter version such as "dis" to catch deviations
sh test.sh autoscan=dis

demdex.net
disney-plus.net
disneyplus.com
go.com

Another example using more than one parameter

sh test.sh autoscan=dis,moz

demdex.net
disney-plus.net
disneyplus.com
go.com
mozaws.net
mozilla.com
mozilla.net
mozilla.org
mozit.cloud

This is a better example of a deviation from "mozilla" vs "mozit"

@Xentrk, I use PIA VPN and route Hulu, Netflix to WAN (0), would I follow the same concept?

Example below:

sh /jffs/scripts/x3mRouting/load_DNSMASQ_ipset_iface.sh 0 DISNEYPLUS disneyplus.com,thewaltdisneycompany.com,disney-plus.net
sh /jffs/scripts/x3mRouting/load_ASN_ipset_iface.sh 0 DISNEYPLUS AS16509

 

[Xentrk]

@Xentrk, I use PIA VPN and route Hulu, Netflix to WAN (0), would I follow the same concept?

Example below:

sh /jffs/scripts/x3mRouting/load_DNSMASQ_ipset_iface.sh 0 DISNEYPLUS disneyplus.com,thewaltdisneycompany.com,disney-plus.net
sh /jffs/scripts/x3mRouting/load_ASN_ipset_iface.sh 0 DISNEYPLUS AS16509

Correct.

 

[AmrA]

pic en español

is broken, nothing can be selected, I have an ax88 router (394.17)
even break the tree on the left of the menus

 

[TechTinkerer]

pic en español

is broken, nothing can be selected, I have an ax88 router (394.17)
even break the tree on the left of the menus

not the script, recommend fresh install of 384.17 make note of setting first before you do that

 

[AmrA]

not the script, recommend fresh install of 384.17 make note of setting first before you do that

if I disable x3mRouting OpenVPN Client GUI & IPSET Shell Scripts everything works again

 

[TechTinkerer]

if I disable x3mRouting OpenVPN Client GUI & IPSET Shell Scripts everything works again

Looks like firmware is corrupt, noone else has reported that issue

 

[AmrA]

Looks like firmware is corrupt, noone else has reported that issue

What a rage, everything works well except that, I'll try another time, thanks

 

[Xentrk]

pic en español

is broken, nothing can be selected, I have an ax88 router (394.17)
even break the tree on the left of the menus

I know why it's not working and I fixed in the new version. I thought I would have it ready by now but there is more updates I want to make. I'll port the updates over soon.

 

[Xentrk]

x3mRouting OpenVPN Client Screen UPDATE

The x3mRouting OpenVPN Client Screen has been patched to remove all dictionary references and fix issues with the Yes/No radio buttons. Keep in mind that the custom screen only supports the English language and IPSET lists can't be routed to the WAN. You can route IPSET lists to the WAN by specifying the 0 parameter when running the script.

Run option 5 to update.

 

[AmrA]

I know why it's not working and I fixed in the new version. I thought I would have it ready by now but there is more updates I want to make. I'll port the updates over soon.

thanks, I already thought that everything was fine, but I was willing to reinstall everything in the next version

 

[Xentrk]

thanks, I already thought that everything was fine, but I was willing to reinstall everything in the next version

Looks much better. The routing features have been very stable on the new version. The menu is in a state of change as I add features to remove the individual options. Due to changes, you can't access the x3mMenu from amtm for now. amtm will support the changes once I go-live though.

 

[raven-au]

Looks like firmware is corrupt, noone else has reported that issue

From what I saw it was broken in rev 16 and 17 at least.
I saw this after resetting to factory defaults and setting up too.

I didn't bother with it because it was so hard to work out how the dialog was meant to work based on the information available.

 

[octopus]

Hi @Xentrk

I have tried your script "route_all_servers.sh" and working fine. I have a suggestion, seems that folder "x3mRouting" not being created when run as standalone script. I had to do it manually.
Have it in: /jffs/scripts/route_all_server.sh

  filedir=/jffs/scripts/x3mRouting
  if [ ! -d $filedir ]; then mkdir -p $filedir; fi

This is not needed, file in foder is deleted.

rm -r "$filedir"

VPNSERVER_UP_FILE="/jffs/scripts/x3mRouting/vpnserver$VPN_SERVER_INSTANCE-up"
VPNSERVER_DOWN_FILE="/jffs/scripts/x3mRouting/vpnserver$VPN_SERVER_INSTANCE-down"

 

[distilled]

I seem to keep bungling a simple configuration of x3mRouting, would anyone be willing to nudge me in the right direction?

I have several VPNs set up in Merlin. One provides access to cameras, one is a VPN provider I use for privacy. The cameras are accessible from every machine on my LAN, but only one PC on the LAN is routed through the privacy VPN. When I enable the privacy VPN, the machine routed through it loses connectivity to the camera VPN. I want the privacy VPN to ignore the one 192.168.15.x scope used by the camera VPN.

Is there a simple way to do this?

 

[TonyK132]

When I go to amtm, it shows the x3mRouting wants to revert back to 1.0.4 from my installed 1.0.5. Do I do it?

 

[Xentrk]

When I go to amtm, it shows the x3mRouting wants to revert back to 1.0.4 from my installed 1.0.5. Do I do it?

You can safely ignore it for now. I'll get with @thelonelycoder . We are working together preparing amtm for the launch of the new version of x3mRouting. It may be related to that.

 

[LevesqueOnline]

Good Day, I run expressVPN which works great, netflix has no issues for example, but Amazon prime is too smart. Whether im on US VPN or Canadian it wont work. Ultimately I need to split tunnel PrimeVideo only out of my WAN interface for devices, but still want everything else going through the vpn on the same devices.

Is this too complicated?

 

[Xentrk]

Express requires you

Good Day, I run expressVPN which works great, netflix has no issues for example, but Amazon prime is too smart. Whether im on US VPN or Canadian it wont work. Ultimately I need to split tunnel PrimeVideo only out of my WAN interface for devices, but still want everything else going through the vpn on the same devices.

Is this too complicated?

From the reports on the forum, it appears ExpressVPN is using DNS proxy to circumvent the blocks. So you have to specify their DNS using the Accept DNS Configuration = Exclusive. My provider uses a different approach and I can use any DNS. You may want to notify them though and see what they say.

The usage is as follows:

sh /jffs/scripts/x3mRouting/load_AMAZON_ipset_iface.sh {[0|1|2|3|4|5] ipset_name region} [del] [dir='directory']

Sounds like you want to route Amazon to the WAN. You can try the two methods below. Either one works for me.

sh /jffs/scripts/x3mRouting/load_AMAZON_ipset_iface.sh 0 AMAZON-US US

ASN Method

sh /jffs/scripts/x3mRouting/load_ASN_ipset_iface.sh 0 AMAZON AS16509

If it works, place the entry in /jffs/scripts/nat-start so the rules are applied at boot.

 

[raven-au]

The usage is as follows:

sh /jffs/scripts/x3mRouting/load_AMAZON_ipset_iface.sh {[0|1|2|3|4|5] ipset_name region} [del] [dir='directory']

Sounds like you want to route Amazon to the WAN. You can try the two methods below. Either one works for me.

sh /jffs/scripts/x3mRouting/load_AMAZON_ipset_iface.sh 0 AMAZON-US US

ASN Method

sh /jffs/scripts/x3mRouting/load_ASN_ipset_iface.sh 0 AMAZON AS16509

If it works, place the entry in /jffs/scripts/nat-start so the rules are applied at boot.

When I was using Merlin I had a similar problem.

I found to get Netflix US (since I'm not is the US), Disney+, and Amazon Prime I needed to use the DNSMASQ method to send both Disney+ and Prime via the WAN.

I believe that was because there was some overlap of ASN addresses between the services.
After using the DNSMASQ setup for a while the address lists got populated and everything worked ok.