Browse Source

Merge pull request #11038 from stangri/master-vpn-policy-routing

vpn-policy-routing: bugfix: remove conflict with vpnbypass
lilik-openwrt-22.03
Hannu Nyman 5 years ago
committed by GitHub
parent
commit
90507d2862
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 62 additions and 3 deletions
  1. +1
    -2
      net/vpn-policy-routing/Makefile
  2. +61
    -1
      net/vpn-policy-routing/files/README.md

+ 1
- 2
net/vpn-policy-routing/Makefile View File

@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=vpn-policy-routing
PKG_VERSION:=0.2.1
PKG_RELEASE:=2
PKG_RELEASE:=3
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Stan Grishin <stangri@melmac.net>
@ -16,7 +16,6 @@ define Package/vpn-policy-routing
CATEGORY:=Network
TITLE:=VPN Policy-Based Routing Service
DEPENDS:=+ipset +iptables +resolveip +kmod-ipt-ipset +iptables-mod-ipopt +!BUSYBOX_CONFIG_IP:ip-full
CONFLICTS:=vpnbypass
PKGARCH:=all
endef


+ 61
- 1
net/vpn-policy-routing/files/README.md View File

@ -656,7 +656,7 @@ config policy
option dest_addr 'amazonaws.com netflix.com nflxext.com nflximg.net nflxso.net nflxvideo.net dvd.netflix.com'
```
#### Example Includes
#### Example Custom User Files Includes
```text
config include
@ -666,6 +666,66 @@ config include
option path '/etc/vpn-policy-routing.aws.user'
```
#### Basic OpenVPN Client Config
There are multiple guides online on how to configure the OpenVPN client on OpenWrt "the easy way", and they usually result either in a kill-switch configuration or configuration where the OpenVPN tunnel cannot be properly (and separately from WAN) routed, either way, incompatible with the VPN Policy-Based Routing.
Below is the sample OpenVPN client configuration for OpenWrt which is guaranteed to work. If you have already deviated from the instructions below (ie: made any changes to any of the ```wan``` or ```lan``` configurations in either ```/etc/config/network``` or ```/etc/config/firewall```), you will need to start from scratch with a fresh OpenWrt install.
Relevant part of ```/etc/config/vpn-policy-routing```:
```text
config vpn-policy-routing 'config'
list supported_interface 'vpnc'
...
```
The recommended network/firewall settings are below.
Relevant part of ```/etc/config/network``` (**DO NOT** modify default OpenWrt network settings for neither ```wan``` nor ```lan```):
```text
config interface 'vpnc'
option proto 'none'
option ifname 'ovpnc0'
```
Relevant part of ```/etc/config/firewall``` (**DO NOT** modify default OpenWrt firewall settings for neither ```wan``` nor ```lan```):
```text
config zone
option name 'vpnc'
option network 'vpnc'
option input 'REJECT'
option forward 'REJECT'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'vpnc'
```
If you have a Guest Network, add the following to the ```/etc/config/firewall```:
```text
config forwarding
option src 'guest'
option dest 'vpnc'
```
Relevant part of ```/etc/config/openvpn``` (configure the rest of the client connection for your specifics by either referring to an existing ```.ovpn``` file or thru the OpenWrt uci settings):
```text
config openvpn 'vpnc'
option enabled '1'
option client '1'
option dev_type 'tun'
option dev 'ovpnc0'
...
```
## Footnotes/Known Issues
1. <a name="footnote1"> </a> See [note about multiple OpenVPN clients](#multiple-openvpn-clients).


Loading…
Cancel
Save