Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

vpn-policy-routing: bugfix: remove conflict with vpnbypass

Browse source 
Signed-off-by: Stan Grishin <stangri@melmac.net>
(cherry picked from commit 05603822d3)
This commit is contained in:
Stan Grishin 2020-01-16 10:51:55 -07:00 committed by Hannu Nyman
parent d0bdd32524
commit 3030d0fc1a
2 changed files with 62 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
net/vpn-policy-routing/Makefile
View file

@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=vpn-policy-routing PKG_NAME:=vpn-policy-routing
PKG_VERSION:=0.2.1 PKG_VERSION:=0.2.1
PKG_RELEASE:=2 PKG_RELEASE:=3
PKG_LICENSE:=GPL-3.0-or-later PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Stan Grishin <stangri@melmac.net> PKG_MAINTAINER:=Stan Grishin <stangri@melmac.net>
@ -16,7 +16,6 @@ define Package/vpn-policy-routing
CATEGORY:=Network CATEGORY:=Network
TITLE:=VPN Policy-Based Routing Service TITLE:=VPN Policy-Based Routing Service
DEPENDS:=+ipset +iptables +resolveip +kmod-ipt-ipset +iptables-mod-ipopt +!BUSYBOX_CONFIG_IP:ip-full DEPENDS:=+ipset +iptables +resolveip +kmod-ipt-ipset +iptables-mod-ipopt +!BUSYBOX_CONFIG_IP:ip-full
CONFLICTS:=vpnbypass
PKGARCH:=all PKGARCH:=all
endef endef

62
net/vpn-policy-routing/files/README.md
View file

@ -656,7 +656,7 @@ config policy
option dest_addr 'amazonaws.com netflix.com nflxext.com nflximg.net nflxso.net nflxvideo.net dvd.netflix.com' option dest_addr 'amazonaws.com netflix.com nflxext.com nflximg.net nflxso.net nflxvideo.net dvd.netflix.com'
``` ```
#### Example Includes #### Example Custom User Files Includes
```text ```text
config include config include
@ -666,6 +666,66 @@ config include
option path '/etc/vpn-policy-routing.aws.user' option path '/etc/vpn-policy-routing.aws.user'
``` ```
#### Basic OpenVPN Client Config
There are multiple guides online on how to configure the OpenVPN client on OpenWrt "the easy way", and they usually result either in a kill-switch configuration or configuration where the OpenVPN tunnel cannot be properly (and separately from WAN) routed, either way, incompatible with the VPN Policy-Based Routing.
Below is the sample OpenVPN client configuration for OpenWrt which is guaranteed to work. If you have already deviated from the instructions below (ie: made any changes to any of the ```wan``` or ```lan``` configurations in either ```/etc/config/network``` or ```/etc/config/firewall```), you will need to start from scratch with a fresh OpenWrt install.
Relevant part of ```/etc/config/vpn-policy-routing```:
```text
config vpn-policy-routing 'config'
list supported_interface 'vpnc'
...
```
The recommended network/firewall settings are below.
Relevant part of ```/etc/config/network``` (**DO NOT** modify default OpenWrt network settings for neither ```wan``` nor ```lan```):
```text
config interface 'vpnc'
option proto 'none'
option ifname 'ovpnc0'
```
Relevant part of ```/etc/config/firewall``` (**DO NOT** modify default OpenWrt firewall settings for neither ```wan``` nor ```lan```):
```text
config zone
option name 'vpnc'
option network 'vpnc'
option input 'REJECT'
option forward 'REJECT'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'vpnc'
```
If you have a Guest Network, add the following to the ```/etc/config/firewall```:
```text
config forwarding
option src 'guest'
option dest 'vpnc'
```
Relevant part of ```/etc/config/openvpn``` (configure the rest of the client connection for your specifics by either referring to an existing ```.ovpn``` file or thru the OpenWrt uci settings):
```text
config openvpn 'vpnc'
option enabled '1'
option client '1'
option dev_type 'tun'
option dev 'ovpnc0'
...
```
## Footnotes/Known Issues ## Footnotes/Known Issues
1. <a name="footnote1"> </a> See [note about multiple OpenVPN clients](#multiple-openvpn-clients). 1. <a name="footnote1"> </a> See [note about multiple OpenVPN clients](#multiple-openvpn-clients).