On 04-12-20, Philip Prindeville wrote: > But I’m trying: > > config rule > option src '192.168.3.6' > option lookup 200 > > Per the cheatsheet and it’s resulting in: > > root@OpenWrt2:~# ip rule ls > 0: from all lookup local > 1: from all lookup 200 > 32766: from all lookup main > 32767: from all lookup default > > i.e. the ’src’ is being ignored.
Several years ago (probably with LEDE 17.01) I was using this
configuration and it worked:
config rule
option in 'lan'
option src '172.23.184.111/32'
option lookup '666'
Try with the /32. If it still doesn't work, then it's a regression.
> Also trying:
>
> config route
> option target '151.101.0.0/16'
> option interface ‘xfrm0'
> option gateway '192.168.1.252'
> option table 200
> option proto ‘static'
>
> But that works great.
>
>
> > On Dec 4, 2020, at 1:00 PM, Jo-Philipp Wich <j...@mein.io> wrote:
> >
> > Hi Philip,
> >
> > ip rules are possible in uci, but not sure if all the bits you require are
> > covered:
> >
> > https://openwrt.org/docs/guide-user/network/ucicheatsheet#ip_rules_for_both_rule_and_rule6
> >
> > `config route` sections allow specifying `option table` as well to stage the
> > routes in the non-main rttable.
> >
> > Since the device options for uci rules and routes require logical networks
> > and
> > not Linux network device names, you might need to declare a dummy interface
> > for xfrm0, like this:
> >
> > config interface vpn
> > option proto static
> > option ifname xfrm0
> >
> > It might be that netifd will clear out any IP addresses on the xfrm0
> > interface, so you would need to encode those in uci as well:
> >
> > config interface vpn
> > option proto static
> > option ifname xfrm0
> > option ipaddr 192.168.1.0/24
> > option table 200 # will instruct netifd to put any related routes into
> > table 200
> >
> >
> > Netifd understands aliases set up in /etc/iproute2/rt_tables but there is no
> > uci way to declare new symbolic aliases. So either you need to manage that
> > file externally or you stick to numeric table IDs.
> >
> > ~ Jo
> >
> > _______________________________________________
> > openwrt-devel mailing list
> > openwrt-devel@lists.openwrt.org
> > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>
>
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel@lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
signature.asc
Description: PGP signature
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
