Re: Lightweight policy-based routing
On 04-12-20, Philip Prindeville wrote: > But I’m trying: > > config rule > option src '192.168.3.6' > option lookup 200 > > Per the cheatsheet and it’s resulting in: > > root@OpenWrt2:~# ip rule ls > 0:from all lookup local > 1:from all lookup 200 > 32766:from all lookup main > 32767:from all lookup default > > i.e. the ’src’ is being ignored. Several years ago (probably with LEDE 17.01) I was using this configuration and it worked: config rule option in 'lan' option src '172.23.184.111/32' option lookup '666' Try with the /32. If it still doesn't work, then it's a regression. > Also trying: > > config route > option target '151.101.0.0/16' > option interface ‘xfrm0' > option gateway '192.168.1.252' > option table 200 > option proto ‘static' > > But that works great. > > > > On Dec 4, 2020, at 1:00 PM, Jo-Philipp Wich wrote: > > > > Hi Philip, > > > > ip rules are possible in uci, but not sure if all the bits you require are > > covered: > > > > https://openwrt.org/docs/guide-user/network/ucicheatsheet#ip_rules_for_both_rule_and_rule6 > > > > `config route` sections allow specifying `option table` as well to stage the > > routes in the non-main rttable. > > > > Since the device options for uci rules and routes require logical networks > > and > > not Linux network device names, you might need to declare a dummy interface > > for xfrm0, like this: > > > > config interface vpn > > option proto static > > option ifname xfrm0 > > > > It might be that netifd will clear out any IP addresses on the xfrm0 > > interface, so you would need to encode those in uci as well: > > > > config interface vpn > > option proto static > > option ifname xfrm0 > > option ipaddr 192.168.1.0/24 > > option table 200 # will instruct netifd to put any related routes into > > table 200 > > > > > > Netifd understands aliases set up in /etc/iproute2/rt_tables but there is no > > uci way to declare new symbolic aliases. So either you need to manage that > > file externally or you stick to numeric table IDs. > > > > ~ Jo > > > > ___ > > openwrt-devel mailing list > > openwrt-devel@lists.openwrt.org > > https://lists.openwrt.org/mailman/listinfo/openwrt-devel > > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel signature.asc Description: PGP signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: Lightweight policy-based routing
But I’m trying: config rule option src '192.168.3.6' option lookup 200 Per the cheatsheet and it’s resulting in: root@OpenWrt2:~# ip rule ls 0: from all lookup local 1: from all lookup 200 32766: from all lookup main 32767: from all lookup default i.e. the ’src’ is being ignored. Also trying: config route option target '151.101.0.0/16' option interface ‘xfrm0' option gateway '192.168.1.252' option table 200 option proto ‘static' But that works great. > On Dec 4, 2020, at 1:00 PM, Jo-Philipp Wich wrote: > > Hi Philip, > > ip rules are possible in uci, but not sure if all the bits you require are > covered: > > https://openwrt.org/docs/guide-user/network/ucicheatsheet#ip_rules_for_both_rule_and_rule6 > > `config route` sections allow specifying `option table` as well to stage the > routes in the non-main rttable. > > Since the device options for uci rules and routes require logical networks and > not Linux network device names, you might need to declare a dummy interface > for xfrm0, like this: > > config interface vpn > option proto static > option ifname xfrm0 > > It might be that netifd will clear out any IP addresses on the xfrm0 > interface, so you would need to encode those in uci as well: > > config interface vpn > option proto static > option ifname xfrm0 > option ipaddr 192.168.1.0/24 > option table 200 # will instruct netifd to put any related routes into > table 200 > > > Netifd understands aliases set up in /etc/iproute2/rt_tables but there is no > uci way to declare new symbolic aliases. So either you need to manage that > file externally or you stick to numeric table IDs. > > ~ Jo > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: Lightweight policy-based routing
Hi Philip, ip rules are possible in uci, but not sure if all the bits you require are covered: https://openwrt.org/docs/guide-user/network/ucicheatsheet#ip_rules_for_both_rule_and_rule6 `config route` sections allow specifying `option table` as well to stage the routes in the non-main rttable. Since the device options for uci rules and routes require logical networks and not Linux network device names, you might need to declare a dummy interface for xfrm0, like this: config interface vpn option proto static option ifname xfrm0 It might be that netifd will clear out any IP addresses on the xfrm0 interface, so you would need to encode those in uci as well: config interface vpn option proto static option ifname xfrm0 option ipaddr 192.168.1.0/24 option table 200 # will instruct netifd to put any related routes into table 200 Netifd understands aliases set up in /etc/iproute2/rt_tables but there is no uci way to declare new symbolic aliases. So either you need to manage that file externally or you stick to numeric table IDs. ~ Jo signature.asc Description: OpenPGP digital signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Lightweight policy-based routing
Hi. I’m currently manually doing the following in a script but was wondering if there was an easy way to do this in UCI, such as in /etc/config/network: #!/bin/sh INTF=xfrm0 STB=192.168.3.6/24 TABLE=stb GW2=192.168.1.252 NETS="151.101.0.0/16" eval `ipcalc -n -p $STB` if ! grep -q "^200 $TABLE" /etc/iproute2/rt_tables; then echo "200 $TABLE" >> /etc/iproute2/rt_tables fi for NET in $NETS; do ip route add $NET via $GW2 dev $INTF table $TABLE done ip route add $NETWORK/$PREFIX dev br-lan table $TABLE ip route flush cache ip rule add from ${STB%%/*} table $TABLE Basically, I have an STB that I travel with that mostly works on the road, but one of the services is anchored to my home IP so I have to backhaul that with VPN to get it to work, and that service is hosted on fastly. Is there any easy way to integrate this into my OpenWRT config? (Yes, I also have a RPi4 that I use as a portable pocket firewall/hotspot…) Thanks, -Philip ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel