[PNewbz]

Hi,

I recently bought a new TP-Link Archer C7 V4 router and I wanted to use it to be my main router with two other routers attached both setup as access points. I am a dabbler only and have very limited knowledge of routers and setup etc. Having done a lot of research I managed to install DD-WRT and the V4 firmware for the Archer C7. I made sure I did the 30/30/30 at each stage. My aim was to to install DD-WRT, enable OpenVPN to use with PIA VPN and then apply what I now know as policy based routing to have two devices that are not capable of running a VPN Client themselves routing through the VPN on the router.

I have setup OpenVPN and can connect to PIA with every device on the network going through the connection. It does seriously slow down the 150mbs connection I have down to around 10-15mbs but does work. However as soon as I add an ip address to the PBR section I loose connection and that device which has a static route set has no access to the internet. I have read about disabling SFE and have done this but still no success. I have also added the ip address as 192.168.0.181/32.

Could someone help me understand where I'm going wrong.

My router;

Router Name Archer-C7
Router Model TP-Link ARCHER-C7 v4
Firmware Version DD-WRT v3.0-r35767 std (04/19/1
Kernel VersionLinux 3.18.105 #12745 Thu Apr 19 03:30:17 CEST 2018 mips


I have just read that r35767 has been taken down off the downloads and there is a new version r35770. Before I go any further, is it a good idea to load the r35770 or should I stick/downgrade to another version? Also if I downgrade can this be done with the web gui like I did to upgrade the base level to the Archer C7 v4 version?


Thanks

Paul.

[PNewbz]

Thank you, I will give it a try tomorrow and report back. Can I flash an older build straight from the gui?

I'm not used to ssh etc. but I can work it out. I think I should learn how to run the commands for any future upgrades.

Thanks again.

Paul

[PNewbz]

Well I ssh'd into the router and did not get any errors with the code:

ip rule add from 192.168.1.100 table 10

So I didn't flash an older version of firmware yet. Instead I went back to the GUI and added my tablet on the 5G network .181 and my wired TV and tablet on the 2G network. Interestingly I found the wired and 2G routing to work as I expected and my tablet and TV now route through the VPN but the 5G just gives "no internet connection"

I then tried to go back to the gui, delete the entries I made and save and restarted the router. Unfortunately I didn't realise that this does not seem to delete the routes and I still have no internet on the 5G tablet and VPN access on 2G tablet and wired TV

I found the ip rule show command and this is what I see;

root@Archer-C7:~# ip rule show
0: from all lookup local
32758: from 192.168.0.181 lookup 10
32759: from 192.168.0.129 lookup 10
32760: from 192.168.0.181 lookup 10
32761: from 192.168.0.129 lookup 10
32762: from 192.168.0.144 lookup 10
32763: from 192.168.0.181 lookup 10
32764: from 192.168.0.144 lookup 10
32765: from 192.168.0.144 lookup 10
32766: from all lookup main
32767: from all lookup default
root@Archer-C7:~#


I'd like to know how to delete the rules I have created and then wonder what I should do upgrade to latest firmware or downgrade to known good firmware?


I am really reliant on the this group to advise and I am very appreciative of any help given.

Regards

Paul.

[egc]

Go back to 35531, lots of wifi problems with later builds

[PNewbz]

Thanks, I think I'll try a slightly earlier build as I was told there are PBR with some builds.

[PNewbz]

I'm out of my depth now.

Did a factory reset
loaded r34411 firmware
Did a factory reset
Restored settings
Tested VPN with no PBR and it works
Tested with PBR and the TV is not connecting at all
Took out the ip address from the PBR field
Did IP check and the VPN is working

Retested by adding back to PBR field and it stops working again.

ssh'd into the router
did ip rule show and nothing


So now I'm out of my depth and lost as to how I can add and remove routes I try with PBR, where do they go and what commands do I need to display and delete them?

The rest of the routing seems to be working well!

[egc]

Have you disabled SFE (Shortcut Forwarding Engine) on the setup page?
There is a bug where SFE prevents HTTP traffic, FTP is working, e.g. you can reach ftp://ftp.dd-wrt.com/betas/2018/

[PNewbz]

I've checked and SFE is enabled and STP disabled.

[egc]

Well disable it

[PNewbz]

I'm having a chuckle at this end, I haven't a clue what is happening, I have disabled SFE and it appears to make no difference. If I have the IP entered into the Policy Based Routing field, I get no access at all, if I then take it out and apply the settings, then go back to the TV and check the IP through whats my IP I can access the web and its got my VPN suppliers IP.

So it looks like;

Add IP to PBR field = no access
Remove IP from PBR field = access via VPN

IT comes back to my question how do I know what addresses the router is routing via the VPN and how once I've added them can I remove them so they will no-longer be active? Ideally I would like to be able to remove my TV and check its IP then add it back and check again. At the moment the only way I have of taking it off the VPN is to switch the whole VPN off.

I also am unsure on whether SFE should be on or off, it doesn't seem to make any difference.

I wouldn't put it past something I'm doing but I'm just not sure what.

[egc]

Disable SFE
Clear PBR field

Test with a PC.
Add this PC to the static leases e.g. set to 192.168.0.80
Save and Apply, restart PC
Check if PC has IP address 192.168.0.80
Check on the PC with ipleak.net the used internet connection, this should be your VPN
Disable VPN, save and apply
Check with ipleak.net, IP should be your ISP

Next, enable VPN and add the static lease of the PC in the PBR field: 192.168.0.80/32
Save, Apply, Reboot router

Check with ipleak.net this should be you VPN, other clients should be on ISP

N.B. you did not use a kill switch by any chance?

[PNewbz]

Firstly thank you for your time today I really appreciate it. I have done as you asked and here are the results.


Disable SFE DONE
Clear PBR field DONE

Test with a PC.
Add this PC to the static leases e.g. set to 192.168.0.80 Already got one setup at 192.168.0.135
Save and Apply, restart PC
Check if PC has IP address 192.168.0.80 Yes it has 192.168.0.135
Check on the PC with ipleak.net the used internet connection, this should be your VPN Yes its my VPN
Disable VPN, save and apply
Check with ipleak.net, IP should be your ISP Yes its my ISP

Next, enable VPN and add the static lease of the PC in the PBR field: 192.168.0.80/32
Save, Apply, Reboot router DONE

Check with ipleak.net this should be you VPN, other clients should be on ISP Yes I now have VPN access on my laptop

Then I have removed the laptop from PBR (192.168.0.135) and tested again via ipleak.net and its still my VPN
So anything I add to PBR stays there even when cleared, saved, applied and router rebooted.

N.B. you did not use a kill switch by any chance? No

Regards

Paul.

[PNewbz]

I'm so sorry for wasting your time, I have tested by adding my TV back and the laptop reverts to my ISP. Which is great.

I've learnt a lot and also downgraded my firmware which brought back my 5GHz wireless which stopped with the VPN.

Thanks again.