From 05603822d3b5ad3644db65a5d48983ca2b6f52fc Mon Sep 17 00:00:00 2001 From: Stan Grishin Date: Thu, 16 Jan 2020 10:51:55 -0700 Subject: [PATCH] vpn-policy-routing: bugfix: remove conflict with vpnbypass Signed-off-by: Stan Grishin --- net/vpn-policy-routing/Makefile | 3 +- net/vpn-policy-routing/files/README.md | 62 +++++++++++++++++++++++++- 2 files changed, 62 insertions(+), 3 deletions(-) diff --git a/net/vpn-policy-routing/Makefile b/net/vpn-policy-routing/Makefile index 1122085a2..f446529ff 100644 --- a/net/vpn-policy-routing/Makefile +++ b/net/vpn-policy-routing/Makefile @@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=vpn-policy-routing PKG_VERSION:=0.2.1 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Stan Grishin @@ -16,7 +16,6 @@ define Package/vpn-policy-routing CATEGORY:=Network TITLE:=VPN Policy-Based Routing Service DEPENDS:=+ipset +iptables +resolveip +kmod-ipt-ipset +iptables-mod-ipopt +!BUSYBOX_CONFIG_IP:ip-full - CONFLICTS:=vpnbypass PKGARCH:=all endef diff --git a/net/vpn-policy-routing/files/README.md b/net/vpn-policy-routing/files/README.md index cc65b6382..f2b8c8f36 100644 --- a/net/vpn-policy-routing/files/README.md +++ b/net/vpn-policy-routing/files/README.md @@ -656,7 +656,7 @@ config policy option dest_addr 'amazonaws.com netflix.com nflxext.com nflximg.net nflxso.net nflxvideo.net dvd.netflix.com' ``` -#### Example Includes +#### Example Custom User Files Includes ```text config include @@ -666,6 +666,66 @@ config include option path '/etc/vpn-policy-routing.aws.user' ``` +#### Basic OpenVPN Client Config + +There are multiple guides online on how to configure the OpenVPN client on OpenWrt "the easy way", and they usually result either in a kill-switch configuration or configuration where the OpenVPN tunnel cannot be properly (and separately from WAN) routed, either way, incompatible with the VPN Policy-Based Routing. + +Below is the sample OpenVPN client configuration for OpenWrt which is guaranteed to work. If you have already deviated from the instructions below (ie: made any changes to any of the ```wan``` or ```lan``` configurations in either ```/etc/config/network``` or ```/etc/config/firewall```), you will need to start from scratch with a fresh OpenWrt install. + +Relevant part of ```/etc/config/vpn-policy-routing```: + +```text +config vpn-policy-routing 'config' + list supported_interface 'vpnc' + ... +``` + +The recommended network/firewall settings are below. + +Relevant part of ```/etc/config/network``` (**DO NOT** modify default OpenWrt network settings for neither ```wan``` nor ```lan```): + +```text +config interface 'vpnc' + option proto 'none' + option ifname 'ovpnc0' +``` + +Relevant part of ```/etc/config/firewall``` (**DO NOT** modify default OpenWrt firewall settings for neither ```wan``` nor ```lan```): + +```text +config zone + option name 'vpnc' + option network 'vpnc' + option input 'REJECT' + option forward 'REJECT' + option output 'ACCEPT' + option masq '1' + option mtu_fix '1' + +config forwarding + option src 'lan' + option dest 'vpnc' +``` + +If you have a Guest Network, add the following to the ```/etc/config/firewall```: + +```text +config forwarding + option src 'guest' + option dest 'vpnc' +``` + +Relevant part of ```/etc/config/openvpn``` (configure the rest of the client connection for your specifics by either referring to an existing ```.ovpn``` file or thru the OpenWrt uci settings): + +```text +config openvpn 'vpnc' + option enabled '1' + option client '1' + option dev_type 'tun' + option dev 'ovpnc0' + ... +``` + ## Footnotes/Known Issues 1. See [note about multiple OpenVPN clients](#multiple-openvpn-clients).