OMR-Bypass protocole feature is unstable

Syam commented 6 years ago

Expected Behavior

Adding/Editing HTTP protocoles in OMR-Bypass should always work.

Actual Behavior

Behavior is not consistent. Browsing a website like http://www.myipaddress.com will sometimes display VPS address instead of my WAN1 address, or will not work at all.

Steps to Reproduce the Problem

On a fresh install, bypass/add HTTP protocole to WAN1 interface and save/apply
Browse a website that show your address, you should see WAN1 address
repeat CTRL+F5 will sometimes show VPS address
Add another protocole like SSL to WAN1 interface and save/apply
repeat CTRL+F5 will always show VPS address, nothing work at all.
reset OMR-Bypass configs, and add HTTP protocole to WAN1 agin
repeat CTRL+F5 will show random addresses

Specifications

OpenMPTCProuter version: v0.37 & v0.38
OpenMPTCProuter VPS version: v0.37 & v0.38
OpenMPTCProuter platform: x86_64
Wan interfaces: Wan1(eth1) to ADSL + Wan2(wan2) to 4G router

Ysurac commented 6 years ago

HTTP is by default used by OMR-Tracker to test if Shadowsocks is up and working. If you bypass HTTP this make Shadowsocks cycling up/down and cycling reset/apply firewall rules. I think that you can see this behaviour in system log.

You can disable ShadowSocks HTTP test in OMR-Tracker interface.

For HTTPS protocol I will make some test, it's possible that OMR-Bypass firewall rules fails to apply sometimes.

Maudissure commented 6 years ago

I hijack this issue to say that after it works, i lost Netflix bypass in a couple hour.

Is anyone else have this unstability ?

Ysurac commented 6 years ago

I would need system log. I think I forget to apply again bypass rules after a shadowsocks restart... This will be fixed in next release.

ludwig-v commented 6 years ago

I found the issue, located in omr-tracker-ss, omr-bypass is reloaded every 10 seconds (even when shadowsocks is UP), clearing Netflix or other IPs added during that period. I just commented the line reloading omr-bypass and my problem was gone :)

Maudissure commented 6 years ago

@TheCrach How did you do that please ?

@Ysurac The fix is in the 0.38.1 ?

ludwig-v commented 6 years ago

Edit "/bin/omr-tracker-ss" using vi or nano, I'm using 0.38.1, the issue is still there

Maudissure commented 6 years ago

Mmmmh, still have Netflix proxy error. Is there a time to wait ?

ludwig-v commented 6 years ago

Did you reboot or killed the process ?

Maudissure commented 6 years ago

After client's reboot, it's ok now, thanks.

Ysurac commented 6 years ago

Fix will be in OpenMPTCProuter v0.38.2 that CircleCI is compiling. Should be available in a few hours.

Syam commented 6 years ago

Edit "/bin/omr-tracker-ss" using vi or nano, I'm using 0.38.1, the issue is still there

@TheCrach Wow thank you so much, that was the original issue i got about netflix, testing omr-bypass around with simple HTTP protocole that lead me to write this ticket.

@Ysurac you're so reactive

Ysurac commented 6 years ago

Should be fixed (if I didn't make mistake) in 0.38.2 that is now available.

Maudissure commented 6 years ago

Works for me.

Syam commented 6 years ago

upgraded routeur to v0.38.2, no change for me :

Netflix protocole -> dont work got netflix proxy error message (added protocole + bunch of domains)
HTTP protocole -> still use VPS address
reset button have no effect at all

Ysurac commented 6 years ago

I've made some changes on v0.38.3 that is compiling. I tested it with telnet and seems to work well. Will be available in a few hours.
There is no html protocol, if you mean HTTP this will never work properly if Shadowsocks tracker is enabled in omr-tracker interface.
reset button is working: it reset to default settings if you don't save.

ludwig-v commented 6 years ago

Great, I was currently trying to fix that in omr-bypass.lua, but in init.d is another solution, thank you ;)

ludwig-v commented 6 years ago

Shouldn't there be a "uci commit dhcp.dnsmasq" and "/etc/init.d/dnsmasq reload" in omr-bypass ? I'm obliged to do that to get omr-bypass working with Netflix after modifications

ludwig-v commented 6 years ago

Would also be great to add -q flag on these ipset rules to avoid errors when IPs are already added and omr-bypass is reloaded:

if [ "$valid_ip4" = "ok" ]; then ipset add ss_rules_dstbypass$type $ip elif [ "$valid_ip6" = "ok" ]; then ipset add ss_rules6_dstbypass$type $ip fi

Thank you

Ysurac commented 6 years ago

OpenMPTCProuter v0.38.3 is compiling again with these changes applied. Should be out in a few hours. Thanks.

KoRnEr007 commented 6 years ago

Netflixis is not working after this update. I reboot all my devices and my vps too....

ludwig-v commented 6 years ago

If you updated from previous versions (0.37.X) and restored the config you must delete the dnsmasq ipset line in /etc/config/dhcp We need more details btw, what are your omr-bypass settings ? From which version did you upgrade ?

nflxvideo.net and netflix.com in domains list is enough to get Netflix working, no need to enable DPI protocol

KoRnEr007 commented 6 years ago

Hello TheCrach, Yes my previous version was 0.37 previous version without multi interface on OMR-Bypass. Then my config for OMR-bypass is clean. When i edit /etc/config/dhcp i have just:

config dnsmasq option domainneeded '1' option localise_queries '1' option rebind_protection '1' option rebind_localhost '1' option local '/lan/' option domain 'lan' option expandhosts '1' option authoritative '1' option readethers '1' option leasefile '/tmp/dhcp.leases' option resolvfile '/tmp/resolv.conf.auto' option nonwildcard '1' option localservice '1' list server '127.0.0.1#5353' list ipset '/nflxvideo.net/ss_rules_dst_bypass_wan1,ss_rules6_dst_bypass_wan1' list ipset '/netflix.com/ss_rules_dst_bypass_wan1,ss_rules6_dst_bypass_wan1'

But netflix does not work, and it work before :(

ludwig-v commented 6 years ago

Remove the two ipset lines, "/etc/init.d/omr-bypass reload" and your problem will be solved Don't use wan1 (virtual interface name) but eth0 or your interface device name btw.

KoRnEr007 commented 6 years ago

After the remove, now i can add my lines to add nflxvideo.net and netflix.com here http://192.168.100.1/cgi-bin/luci/admin/services/omr-bypass?

ludwig-v commented 6 years ago

Yes

KoRnEr007 commented 6 years ago

not working :( maybe i have a config missing ? SHADOWSOCKS is not activate but OMR-bypass worked withtout before.

Ysurac commented 6 years ago

What DNS are you using from your computer ? What is the result of ipset --list, iptables-save | grep MARK and ip rule ?

KoRnEr007 commented 6 years ago

My dns on my computer is : 192.168.100.1 (dhcp)

ipset --list (of my router)

root@OpenMPTCProuter:~# ipset --list Name: ss_rules6_src_bypass Type: hash:net Revision: 6 Header: family inet6 hashsize 64 maxelem 65536 Size in memory: 1128 References: 2 Number of entries: 0 Members:

Name: ss_rules6_src_forward Type: hash:net Revision: 6 Header: family inet6 hashsize 64 maxelem 65536 Size in memory: 1128 References: 2 Number of entries: 0 Members:

Name: ss_rules6_src_checkdst Type: hash:net Revision: 6 Header: family inet6 hashsize 64 maxelem 65536 Size in memory: 1128 References: 2 Number of entries: 0 Members:

Name: ss_rules6_dst_bypass Type: hash:net Revision: 6 Header: family inet6 hashsize 64 maxelem 65536 Size in memory: 1128 References: 5 Number of entries: 0 Members:

Name: ss_rules6_dst_bypass_all Type: hash:net Revision: 6 Header: family inet6 hashsize 64 maxelem 65536 Size in memory: 1128 References: 8 Number of entries: 0 Members:

Name: ss_rules6_dstbypass Type: hash:net Revision: 6 Header: family inet6 hashsize 64 maxelem 65536 Size in memory: 1352 References: 3 Number of entries: 2 Members: fe80::/10 fd00::/8

Name: ss_rules6_dst_forward Type: hash:net Revision: 6 Header: family inet6 hashsize 64 maxelem 65536 Size in memory: 1128 References: 2 Number of entries: 0 Members:

Name: ss_rules6_dst_forwardrecrst Type: hash:ip Revision: 4 Header: family inet6 hashsize 64 maxelem 65536 timeout 3600 Size in memory: 104 References: 0 Number of entries: 0 Members:

Name: ss_rules_src_bypass Type: hash:net Revision: 6 Header: family inet hashsize 64 maxelem 65536 Size in memory: 344 References: 2 Number of entries: 0 Members:

Name: ss_rules_src_forward Type: hash:net Revision: 6 Header: family inet hashsize 64 maxelem 65536 Size in memory: 344 References: 2 Number of entries: 0 Members:

Name: ss_rules_src_checkdst Type: hash:net Revision: 6 Header: family inet hashsize 64 maxelem 65536 Size in memory: 344 References: 2 Number of entries: 0 Members:

Name: ss_rules_dst_bypass_all Type: hash:net Revision: 6 Header: family inet hashsize 64 maxelem 65536 Size in memory: 344 References: 8 Number of entries: 0 Members:

Name: ss_rules_dst_bypass Type: hash:net Revision: 6 Header: family inet hashsize 64 maxelem 65536 Size in memory: 344 References: 5 Number of entries: 0 Members:

Name: ss_rules_dstbypass Type: hash:net Revision: 6 Header: family inet hashsize 64 maxelem 65536 Size in memory: 1560 References: 3 Number of entries: 20 Members: 192.0.2.0/24 127.0.0.0/8 203.0.113.0/24 169.254.0.0/16 100.64.0.0/10 255.255.255.255 192.88.99.0/24 192.52.193.0/24 224.0.0.0/4 0.0.0.0/8 192.168.0.0/16 192.175.48.0/24 192.31.196.0/24 198.18.0.0/15 198.51.100.0/24 51.75.126.252 172.16.0.0/12 10.0.0.0/8 192.0.0.0/24 240.0.0.0/4

Name: ss_rules_dst_forward Type: hash:net Revision: 6 Header: family inet hashsize 64 maxelem 65536 Size in memory: 408 References: 2 Number of entries: 1 Members: 8.8.8.8

Name: ss_rules_dst_forwardrecentrst Type: hash:ip Revision: 4 Header: family inet hashsize 64 maxelem 65536 timeout 3600 Size in memory: 88 References: 0 Number of entries: 0 Members:

Name: ss_rules_dst_bypass_eth0 Type: hash:net Revision: 6 Header: family inet hashsize 64 maxelem 65536 Size in memory: 344 References: 1 Number of entries: 0 Members:

Name: ss_rules6_dst_bypass_eth0 Type: hash:net Revision: 6 Header: family inet6 hashsize 64 maxelem 65536 Size in memory: 1128 References: 1 Number of entries: 0 Members:

iptables-save | grep MARK root@OpenMPTCProuter:~# iptables-save | grep MARK -A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-xmark 0x539/0xffffffff -A PREROUTING -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-xmark 0x539/0xffffffff -A PREROUTING -m set --match-set ss_rules_dst_bypass_eth0 dst -j MARK --set-xmark 0x5393/0xffffffff -A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-xmark 0x539/0xffffffff

ip rule!: root@OpenMPTCProuter:~# ip rule 0: from all lookup local 0: from all fwmark 0x1 lookup 100 0: from 192.168.11.2 lookup 3 0: from 192.168.10.2 lookup 4 0: from 10.255.255.2 lookup 5 1: from all fwmark 0x539 lookup 991337 1: from all fwmark 0x5393 lookup 3 1: from all fwmark 0x5394 lookup 4 96: from 192.168.10.2 lookup 4 97: from 192.168.11.2 lookup 3 100: from all lookup lan 10000: from 192.168.100.1 lookup lan 20000: from all to 192.168.100.1/24 lookup lan 32766: from all lookup main 32767: from all lookup default 90002: from all iif lo lookup lan

Ysurac commented 6 years ago

OK, I find the problem. This will be solved (really (I hope)) in next release :)

KoRnEr007 commented 6 years ago

Ok :) it's not me the prb ;)

Ysurac commented 6 years ago

With macvlan wrong rules are created, so this is not working when an interface is selected (stupid mistake I made). This will be fixed in 0.38.4 that is compiling and should be out in a few hours.

KoRnEr007 commented 6 years ago

i have just to update with 0.38.4 and it will be good ?

Ysurac commented 6 years ago

When it will be out yes.

Syam commented 6 years ago

There is no html protocol, if you mean HTTP this will never work properly if Shadowsocks tracker is enabled in omr-tracker interface.

Yes i mean HTTP (i updated my message)

reset button is working: it reset to default settings if you don't save.

Oh ok, i expected it to erase all defined rules.

With macvlan wrong rules are created, so this is not working when an interface is selected (stupid mistake I made).

Hehe, stupid mistakes lead to great developpers !

This will be fixed in 0.38.4 that is compiling and should be out in a few hours.

Yeah, can't wait ! I installed my 4G antenna this afternoon with greats bandwith results, going up from 12/1mbps on single ADSL to 60/16mbps through openmpctprouter ! Netflix is the last point to fix for me :)

KoRnEr007 commented 6 years ago

Syam :) your pleasure will be better

Syam commented 6 years ago

Upgraded to v0.38.4 and Netflix still not working :(

bypass netflix.com and nflxvideo.net domains -> eth1
bypass Netflix protocol -> eth1

Lan interface: eth0 Wan interfaces: Wan1(eth1) to ADSL + Wan2(wan2->eth1) to 4G router

Maybe i need to reset all my config ?

root@OpenMPTCProuter:~# ipset --list
Name: ss_rules_src_bypass
Type: hash:net
Revision: 6
Header: family inet hashsize 64 maxelem 65536
Size in memory: 344
References: 1
Number of entries: 0
Members:

Name: ss_rules_src_forward
Type: hash:net
Revision: 6
Header: family inet hashsize 64 maxelem 65536
Size in memory: 344
References: 1
Number of entries: 0
Members:

Name: ss_rules_src_checkdst
Type: hash:net
Revision: 6
Header: family inet hashsize 64 maxelem 65536
Size in memory: 344
References: 1
Number of entries: 0
Members:

Name: ss_rules_dst_bypass_all
Type: hash:net
Revision: 6
Header: family inet hashsize 64 maxelem 65536
Size in memory: 344
References: 5
Number of entries: 0
Members:

Name: ss_rules_dst_bypass
Type: hash:net
Revision: 6
Header: family inet hashsize 64 maxelem 65536
Size in memory: 344
References: 3
Number of entries: 0
Members:

Name: ss_rules_dst_bypass_
Type: hash:net
Revision: 6
Header: family inet hashsize 64 maxelem 65536
Size in memory: 1432
References: 2
Number of entries: 20
Members:
10.0.0.0/8
192.0.0.0/24
224.0.0.0/4
169.254.0.0/16
240.0.0.0/4
198.18.0.0/15
192.52.193.0/24
0.0.0.0/8
192.88.99.0/24
172.16.0.0/12
192.0.2.0/24
51.158.77.246
127.0.0.0/8
255.255.255.255
192.31.196.0/24
192.168.0.0/16
192.175.48.0/24
100.64.0.0/10
203.0.113.0/24
198.51.100.0/24

Name: ss_rules_dst_forward
Type: hash:net
Revision: 6
Header: family inet hashsize 64 maxelem 65536
Size in memory: 408
References: 1
Number of entries: 1
Members:
8.8.8.8

Name: ss_rules_dst_forward_recentrst_
Type: hash:ip
Revision: 4
Header: family inet hashsize 64 maxelem 65536 timeout 3600
Size in memory: 88
References: 0
Number of entries: 0
Members:

Name: ss_rules6_src_bypass
Type: hash:net
Revision: 6
Header: family inet6 hashsize 64 maxelem 65536
Size in memory: 1128
References: 1
Number of entries: 0
Members:

Name: ss_rules6_src_forward
Type: hash:net
Revision: 6
Header: family inet6 hashsize 64 maxelem 65536
Size in memory: 1128
References: 1
Number of entries: 0
Members:

Name: ss_rules6_src_checkdst
Type: hash:net
Revision: 6
Header: family inet6 hashsize 64 maxelem 65536
Size in memory: 1128
References: 1
Number of entries: 0
Members:

Name: ss_rules6_dst_bypass
Type: hash:net
Revision: 6
Header: family inet6 hashsize 64 maxelem 65536
Size in memory: 1128
References: 3
Number of entries: 0
Members:

Name: ss_rules6_dst_bypass_all
Type: hash:net
Revision: 6
Header: family inet6 hashsize 64 maxelem 65536
Size in memory: 1128
References: 5
Number of entries: 0
Members:

Name: ss_rules6_dst_bypass_
Type: hash:net
Revision: 6
Header: family inet6 hashsize 64 maxelem 65536
Size in memory: 1352
References: 2
Number of entries: 2
Members:
fe80::/10
fd00::/8

Name: ss_rules6_dst_forward
Type: hash:net
Revision: 6
Header: family inet6 hashsize 64 maxelem 65536
Size in memory: 1128
References: 1
Number of entries: 0
Members:

Name: ss_rules6_dst_forward_recrst_
Type: hash:ip
Revision: 4
Header: family inet6 hashsize 64 maxelem 65536 timeout 3600
Size in memory: 104
References: 0
Number of entries: 0
Members:

Name: ss_rules_dst_bypass_eth1
Type: hash:net
Revision: 6
Header: family inet hashsize 64 maxelem 65536
Size in memory: 1304
References: 1
Number of entries: 17
Members:
54.171.187.60
52.16.244.17
52.32.78.165
54.77.108.2
52.32.140.41
54.89.245.208
52.17.14.207
52.17.227.174
52.48.104.170
52.19.40.147
50.17.247.31
34.249.125.167
34.253.104.7
184.73.192.76
52.32.240.186
54.171.21.76
52.18.140.121

Name: ss_rules6_dst_bypass_eth1
Type: hash:net
Revision: 6
Header: family inet6 hashsize 64 maxelem 65536
Size in memory: 2024
References: 1
Number of entries: 8
Members:
2a01:578:3::36e5:f961
2a01:578:3::34d1:4fba
2a01:578:3::34d1:e0a1
2a01:578:3::34d0:8736
2a01:578:3::36ab:1b0e
2a01:578:3::364c:a192
2a01:578:3::3413:3885
2a01:578:3::341f:91b7

Name: ss_rules_dst_bypass_wan2
Type: hash:net
Revision: 6
Header: family inet hashsize 64 maxelem 65536
Size in memory: 1304
References: 1
Number of entries: 17
Members:
52.32.78.165
184.73.192.76
54.171.21.76
54.89.245.208
54.171.187.60
52.18.140.121
52.17.14.207
34.253.104.7
52.48.104.170
54.77.108.2
52.32.140.41
50.17.247.31
34.249.125.167
52.16.244.17
52.19.40.147
52.32.240.186
52.17.227.174

Name: ss_rules6_dst_bypass_wan2
Type: hash:net
Revision: 6
Header: family inet6 hashsize 64 maxelem 65536
Size in memory: 1912
References: 1
Number of entries: 8
Members:
2a01:578:3::36e5:f961
2a01:578:3::34d1:4fba
2a01:578:3::341f:91b7
2a01:578:3::364c:a192
2a01:578:3::34d0:8736
2a01:578:3::36ab:1b0e
2a01:578:3::3413:3885
2a01:578:3::34d1:e0a1

root@OpenMPTCProuter:~# iptables-save | grep MARK
-A ss_rules_pre_src -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-xmark 0x539/0xffffffff
:QOS_MARK_eth1 - [0:0]
-A PREROUTING -i vtun+ -p tcp -j MARK --set-xmark 0x2/0xff
-A PREROUTING -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-xmark 0x539/0xffffffff
-A PREROUTING -m set --match-set ss_rules_dst_bypass_eth1 dst -j MARK --set-xmark 0x5395/0xffffffff
-A PREROUTING -m set --match-set ss_rules_dst_bypass_wan2 dst -j MARK --set-xmark 0x5396/0xffffffff
-A POSTROUTING -o eth1 -m mark --mark 0x0/0xff -g QOS_MARK_eth1
-A QOS_MARK_eth1 -j MARK --set-xmark 0x2/0xff
-A QOS_MARK_eth1 -m dscp --dscp 0x08 -j MARK --set-xmark 0x3/0xff
-A QOS_MARK_eth1 -m dscp --dscp 0x30 -j MARK --set-xmark 0x1/0xff
-A QOS_MARK_eth1 -m dscp --dscp 0x2e -j MARK --set-xmark 0x1/0xff
-A QOS_MARK_eth1 -m dscp --dscp 0x24 -j MARK --set-xmark 0x1/0xff
-A QOS_MARK_eth1 -m tos --tos 0x10/0x3f -j MARK --set-xmark 0x1/0xff
-A omr-bypass-dpi -m ndpi  --NetFlix  -j MARK --set-xmark 0x5395/0xffffffff

root@OpenMPTCProuter:~# ip rule
0:      from all lookup local
0:      from 10.255.255.2 lookup 3
0:      from 192.168.0.250 lookup 5
0:      from 192.168.2.250 lookup 6
1:      from all fwmark 0x539 lookup 991337
1:      from all fwmark 0x5396 lookup 6
1:      from all fwmark 0x5395 lookup 5
96:     from 192.168.2.250 lookup 6
97:     from 192.168.0.250 lookup 5
100:    from all lookup lan
10000:  from 192.168.100.1 lookup lan
20000:  from all to 192.168.100.1/24 lookup lan
32766:  from all lookup main
32767:  from all lookup default
90005:  from all iif lo lookup lan

Syam commented 6 years ago

Ok problem solved, i missed @TheCrach tips :

Remove the two ipset lines, "/etc/init.d/omr-bypass reload" and your problem will be solved

I guess we can close this ticket.

Syam commented 6 years ago

It worked only one time, now it's not working anymore, even if repeat @TheCrach tips :(

Syam commented 6 years ago

I reseted all my conf, no more chance.

KoRnEr007 commented 6 years ago

Ok for me, all is working. Iptv + netflix OK

Thanks for your job

Ysurac commented 6 years ago

@Syam you bypass netflix using eth1 and wan2. I think there is something strange in your configuration. Can you give me the result of uci show network ?

Ysurac commented 6 years ago

And the result of uci show omr-bypass ?

KoRnEr007 commented 6 years ago

To compare mine is: root@OpenMPTCProuter:~# uci show network network.loopback=interface network.loopback.ifname='lo' network.loopback.proto='static' network.loopback.ipaddr='127.0.0.1' network.loopback.netmask='255.0.0.0' network.loopback.multipath='off' network.loopback.macaddr='00:00:00:00:00:00' network.globals=globals network.globals.ula_prefix='fd45:7192:ca26::/48' network.globals.multipath='enable' network.globals.mptcp_path_manager='fullmesh' network.globals.mptcp_scheduler='default' network.globals.congestion='bbr' network.globals.mptcp_checksum='0' network.globals.mptcp_syn_retries='5' network.globals.mptcp_fullmesh_num_subflows='1' network.globals.mptcp_fullmesh_create_on_err='1' network.globals.mptcp_ndiffports_num_subflows='1' network.lan=interface network.lan.ifname='eth0' network.lan.proto='static' network.lan.ipaddr='192.168.100.1' network.lan.netmask='255.255.255.0' network.lan.ip6assign='60' network.lan.metric='2048' network.lan.multipath='off' network.lan.ip4table='lan' network.lan.macaddr='b8:27:eb:cd:45:43' network.lan_rule=rule network.lan_rule.lookup='lan' network.lan_rule.priority='100' network.wan1=interface network.wan1.proto='static' network.wan1.ip4table='wan' network.wan1.defaultroute='0' network.wan1.type='macvlan' network.wan1.ifname='wan1' network.wan1.masterintf='eth0' network.wan1.ipaddr='192.168.11.2' network.wan1.netmask='255.255.255.0' network.wan1.gateway='192.168.11.1' network.wan1.macaddr='32:1b:81:a2:1d:c9' network.wan1.metric='2' network.wan1.label='4g' network.wan1.delegate='0' network.wan1.multipath='master' network.wan2=interface network.wan2.proto='static' network.wan2.ip4table='wan' network.wan2.defaultroute='0' network.wan2.type='macvlan' network.wan2.ifname='wan2' network.wan2.masterintf='eth0' network.wan2.ipaddr='192.168.10.2' network.wan2.netmask='255.255.255.0' network.wan2.gateway='192.168.10.1' network.wan2.macaddr='ea:08:71:73:2e:d9' network.wan2.label='freebox' network.wan2.metric='1' network.wan2.delegate='0' network.wan2.multipath='on' network.wan1_dev=device network.wan1_dev.name='wan1' network.wan1_dev.type='macvlan' network.wan1_dev.ifname='eth0' network.wan1_dev.macaddr='32:1b:81:a2:1d:c9' network.wan2_dev=device network.wan2_dev.name='wan2' network.wan2_dev.type='macvlan' network.wan2_dev.ifname='eth0' network.wan2_dev.macaddr='ea:08:71:73:2e:d9' network.@route6[0]=route6 network.@route6[0].interface='lan' network.@route6[0].target='::/0' network.omrvpn=interface network.omrvpn.ifname='tun0' network.omrvpn.proto='dhcp' network.omrvpn.ip4table='vpn' network.omrvpn.multipath='off' network.omrvpn.leasetime='12h' network.omr6in4=interface network.omr6in4.proto='6in4' network.omr6in4.ip4table='vpn' network.omr6in4.multipath='off' network.omr6in4.ipaddr='10.255.255.2' network.omr6in4.peeraddr='10.255.255.1' network.omr6in4.gateway='fe80::a00:1' network.omr6in4.ip6addr='fe80::a00:2'

root@OpenMPTCProuter:~# uci show omr-bypass omr-bypass.defaults=defaults omr-bypass.defaults.ifname='wan1' omr-bypass.ips=bypass omr-bypass.ips.ip='216.58.207.78' omr-bypass.dpi=bypass omr-bypass.dpi.proto='NetFlix' 'YouTube' 'BattleField' omr-bypass.@domains[0]=domains omr-bypass.@domains[0].name='netflix.com' omr-bypass.@domains[0].interface='wan1' omr-bypass.@domains[1]=domains omr-bypass.@domains[1].name='premium-ott.com' omr-bypass.@domains[1].interface='wan1' omr-bypass.@domains[2]=domains omr-bypass.@domains[2].name='nflxvideo.net' omr-bypass.@domains[2].interface='wan1' omr-bypass.@domains[3]=domains omr-bypass.@domains[3].interface='wan2' omr-bypass.@domains[3].name='amazonaws.com' omr-bypass.@domains[4]=domains omr-bypass.@domains[4].name='discord.gg' omr-bypass.@domains[4].interface='wan2' omr-bypass.@domains[5]=domains omr-bypass.@domains[5].name='akamaitechnologies.com' omr-bypass.@domains[5].interface='wan2' omr-bypass.wan1=interface omr-bypass.wan1.id='3' omr-bypass.wan2=interface omr-bypass.wan2.id='4'

Syam commented 6 years ago

root@OpenMPTCProuter:~# uci show omr-bypass
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.loopback.multipath='off'
network.loopback.macaddr='00:00:00:00:00:00'
network.globals=globals
network.globals.ula_prefix='fd0d:2e86:80d1::/48'
network.globals.multipath='enable'
network.globals.mptcp_path_manager='fullmesh'
network.globals.mptcp_scheduler='default'
network.globals.congestion='bbr'
network.globals.mptcp_checksum='0'
network.globals.mptcp_syn_retries='5'
network.globals.mptcp_fullmesh_num_subflows='1'
network.globals.mptcp_fullmesh_create_on_err='1'
network.globals.mptcp_ndiffports_num_subflows='1'
network.lan=interface
network.lan.ifname='eth0'
network.lan.proto='static'
network.lan.ipaddr='192.168.100.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.metric='2048'
network.lan.multipath='off'
network.lan.ip4table='lan'
network.lan.macaddr='b8:ae:ed:73:0b:97'
network.lan_rule=rule
network.lan_rule.lookup='lan'
network.lan_rule.priority='100'
network.@route6[0]=route6
network.@route6[0].interface='lan'
network.@route6[0].target='::/0'
network.omrvpn=interface
network.omrvpn.ifname='tun0'
network.omrvpn.proto='dhcp'
network.omrvpn.ip4table='vpn'
network.omrvpn.multipath='off'
network.omrvpn.leasetime='12h'
network.omr6in4=interface
network.omr6in4.proto='6in4'
network.omr6in4.ip4table='vpn'
network.omr6in4.multipath='off'
network.omr6in4.ipaddr='10.255.255.2'
network.omr6in4.peeraddr='10.255.255.1'
network.omr6in4.gateway='fe80::a00:1'
network.omr6in4.ip6addr='fe80::a00:2'
network.wan1=interface
network.wan1.ifname='eth1'
network.wan1.proto='static'
network.wan1.ip4table='wan'
network.wan1.multipath='master'
network.wan1.defaultroute='0'
network.wan1.macaddr='00:24:9b:0c:3e:16'
network.wan1.netmask='255.255.255.0'
network.wan1.ipaddr='192.168.0.250'
network.wan1.gateway='192.168.0.254'
network.wan2=interface
network.wan2.proto='static'
network.wan2.type='macvlan'
network.wan2.ip4table='wan'
network.wan2.multipath='on'
network.wan2.defaultroute='0'
network.wan2.ifname='wan2'
network.wan2.masterintf='eth1'
network.wan2.macaddr='9a:c0:a8:58:a6:1e'
network.wan2.ipaddr='192.168.2.250'
network.wan2.netmask='255.255.255.0'
network.wan2.gateway='192.168.2.1'
network.wan2_dev=device
network.wan2_dev.name='wan2'
network.wan2_dev.type='macvlan'
network.wan2_dev.ifname='eth1'
network.wan2_dev.macaddr='9a:c0:a8:58:a6:1e'

root@OpenMPTCProuter:~# uci show omr-bypass
omr-bypass.all=interface
omr-bypass.@domains[0]=domains
omr-bypass.@domains[0].name='netflix.com'
omr-bypass.@domains[0].interface='eth1'
omr-bypass.@domains[1]=domains
omr-bypass.@domains[1].name='nflxvideo.net'
omr-bypass.@domains[1].interface='eth1'
omr-bypass.@dpis[0]=dpis
omr-bypass.@dpis[0].proto='NetFlix'
omr-bypass.@dpis[0].interface='eth1'
omr-bypass.wan1=interface
omr-bypass.wan1.id='3'
omr-bypass.wan2=interface
omr-bypass.wan2.id='6'
omr-bypass.eth1=interface
omr-bypass.eth1.id='5'

KoRnEr007 commented 6 years ago

Syam ? did you use on DNS : 192.168.100.1 (router ip)? Why do you have eth1 and eth0 ? At home, eth0 = lan wan1 and wan2

Syam commented 6 years ago

Syam ? did you use on DNS : 192.168.100.1 (router ip)? Why do you have eth1 and eth0 ? At home, eth0 = lan wan1 and wan2

Omg, my DNS was bind directly to 8.8.8.8, an old test ...

@KoRnEr007 you saved my life, works like a charm, thank you !

Ysurac / openmptcprouter