Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Thu Feb 22, 2018 10:18 Post subject:
You mean a OpenVPN Client I suppose?
Test with one client give this client a static lease e.g. 192.168.1.89. Then in the PBR field enter: 192.168.1.89/32.
Never include the router itself in the PBR range.
To calculate a PBR range use: https://www.ipaddressguide.com/cidr
I tried and it is not working. My router IP is: 192.168.1.1
My device IP is: 192.168.1.201
My PBR is: 192.168.1.201/32
Let me be clear, by "not working", I mean that the internet works fine on all devices, non of the connected devices route through the VPN. But the device that should route through the VPN has no connection.
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Thu Feb 22, 2018 16:23 Post subject:
Remove everything from the PBR field and check if VPN is working.
If VPN is working reinstate PBR, check if you have any connection, ping 8.8.8.8 or browse to ftp://ftp.dd-wrt.com/
If this is working you probably have SFE enabled, SFE only blocks http traffic.
Let's make sure we have the full details of your network configuration here. So far all we know is that you have a router w/ a OpenVPN client configured. But that's not always sufficient information.
For example, if that router is NOT being used in a routed configuration (i.e., active WAN), but instead bridged (LAN to LAN) w/ some other primary router, than the fact the OpenVPN client is configured w/ PBR will have no effect. Nobody is being routed through that WAP anyway.
So rather than have us guess, please provide a little more information, a little more context, so we can be sure things are as we assume them to be.
Remove everything from the PBR field and check if VPN is working.
If VPN is working reinstate PBR, check if you have any connection, ping 8.8.8.8 or browse to ftp://ftp.dd-wrt.com/
If this is working you probably have SFE enabled, SFE only blocks http traffic.
VPN works perfectly if there is no PBR, but all devices connect through it.
SFE is Disabled, is there any other way to make sure that it is disabled than "Shortcut Forwarding Engine" in Basic Setup page?
default via 192.168.70.254 dev eth0
25.0.8.0/24 dev tun1 proto kernel scope link src 25.0.8.5
127.0.0.0/8 dev lo scope link
169.254.0.0/16 dev br0 proto kernel scope link src 169.254.255.1
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1
192.168.70.0/24 dev eth0 proto kernel scope link src 192.168.70.64
ip route show table 10
Quote:
default via 25.0.8.1 dev tun1
ip rule list
Quote:
0: from all lookup local
32762: from 192.168.1.201 lookup 10
32763: from 192.168.1.201 lookup 10
32764: from 192.168.1.201 lookup 10
32765: from 192.168.1.201 lookup 10
32766: from all lookup main
32767: from all lookup default
Joined: 16 Apr 2016 Posts: 307 Location: California
Posted: Fri Feb 23, 2018 9:16 Post subject: Ummmmmm
Just a quick few questions
1) Are you using a generic firewall killswitch?
PBR doesnt work with it without additial rules
2) After you enabled PBR on those IP's did you restart the Router and the devices?
3) Have you tried network segmentation on specific CIDR'S for a range of lets say 192.168.1.20 through 192.168.1.30 and assigning the devices to that range?
192.168.1.100/30
Would be 192.168.1.100 thru 192.168.1.103
Posted: Sun Feb 25, 2018 6:15 Post subject: Re: Ummmmmm
sploit wrote:
Just a quick few questions
1) Are you using a generic firewall killswitch?
PBR doesnt work with it without additial rules
2) After you enabled PBR on those IP's did you restart the Router and the devices?
3) Have you tried network segmentation on specific CIDR'S for a range of lets say 192.168.1.20 through 192.168.1.30 and assigning the devices to that range?
192.168.1.100/30
Would be 192.168.1.100 thru 192.168.1.103