Ysurac
commented
6 months ago You have a problem in your configuration. Can you put the result of uci show network via SSH from the router ?
Closed rdmitry0911 closed 3 months ago
Ysurac
commented
6 months ago You have a problem in your configuration. Can you put the result of uci show network via SSH from the router ?
Ysurac
commented
6 months ago ok I found the bug. For now you can manually change the metric for each interface in Network->Interfaces and edit interfaces.
rdmitry0911
commented
6 months ago ok I found the bug. For now you can manually change the metric for each interface in Network->Interfaces and edit interfaces.
Unfortunately not. Changing only metric for the interface doesn't work as restarting omr-bypass restores some how long metrics in /etc/config/network and long values for marks in /etc/config/firewall
Ysurac
commented
6 months ago You need also to lower metric in LAN. A new snapshot is compiling with the fix.
rdmitry0911
commented
6 months ago Also I've found that /etc/firewall.omr-bypass file that script generates also looks strange.
#!/bin/sh
#nft insert rule inet fw4 ss_rules_dst_tcp ip daddr @omr_dst_bypass_all accept
#nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_all accept
[ -z "$(nft list ruleset | grep ss_rules)" ] && exit 0
#nft insert rule inet fw4 ss_rules_dst_tcp ip daddr @omr_dst_bypass_all_4 meta mark set 0x00004539 accept
#nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_all_4 meta mark set 0x00004539 accept
#nft add chain inet fw4 bypass_prerouting '{ type nat hook prerouting priority filter - 5; policy accept; }'
#nft add chain inet fw4 bypass_local '{ type nat hook output priority filter - 5; policy accept; }'
nft insert rule inet fw4 ss_rules_pre_tcp ip daddr @omr_dst_bypass_eth0_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_eth0_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_pre_tcp ip daddr @omr_dst_bypass_eth1_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_eth1_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_pre_tcp ip daddr @omr_dst_bypass_eth3_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_eth3_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_pre_tcp ip daddr @omr_dst_bypass_eth2_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_eth2_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_pre_tcp ip daddr @omr_dst_bypass_tun0_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_tun0_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_pre_tcp ip daddr @omr_dst_bypass_all_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_all_4 meta mark set 0x00004539 acceptit puts the same 0x00004539 mark to traffic for all interfaces and does it twice. I think it is a mistake. Probably it should put different marks for ipv4 and ipv6 traffic specific for every interface
Ysurac
commented
6 months ago Mark use the MTU value that is set automatically and should be different for each interface. Here it's like if MTU is empty. I think it's same problem as previous bug.
rdmitry0911
commented
6 months ago Mark use the MTU value that is set automatically and should be different for each interface. Here it's like if MTU is empty. I think it's same problem as previous bug.
You, probably, mean metric, not mtu?
Ysurac
commented
6 months ago yes sorry, metric
rdmitry0911
commented
6 months ago When are you plannig to make a commit with a fix of this bug? May be you can share the fix here in advance?
Ysurac
commented
6 months ago It's already commited.
rdmitry0911
commented
6 months ago Where can I find it?
Ysurac
commented
6 months ago You need to put https://github.com/Ysurac/openmptcprouter-feeds/raw/develop/mptcp/files/etc/init.d/mptcp as /etc/init.d/mptcp and do a chmod u+x /etc/init.d/mptcp and "/etc/init.d/mptcp restart"
rdmitry0911
commented
6 months ago It's getting better now, but still there is a problem with /etc/firewall.omr-bypass. After deleting it and rebooting the system it still looks like this: root@OpenMPTCProuter:~# cat /etc/firewall.omr-bypass
#!/bin/sh
#nft insert rule inet fw4 ss_rules_dst_tcp ip daddr @omr_dst_bypass_all accept
#nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_all accept
[ -z "$(nft list ruleset | grep ss_rules)" ] && exit 0
#nft insert rule inet fw4 ss_rules_dst_tcp ip daddr @omr_dst_bypass_all_4 meta mark set 0x00004539 accept
#nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_all_4 meta mark set 0x00004539 accept
#nft add chain inet fw4 bypass_prerouting '{ type nat hook prerouting priority filter - 5; policy accept; }'
#nft add chain inet fw4 bypass_local '{ type nat hook output priority filter - 5; policy accept; }'
nft insert rule inet fw4 ss_rules_pre_tcp ip daddr @omr_dst_bypass_eth0_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_eth0_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_pre_tcp ip daddr @omr_dst_bypass_eth1_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_eth1_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_pre_tcp ip daddr @omr_dst_bypass_eth3_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_eth3_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_pre_tcp ip daddr @omr_dst_bypass_eth2_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_eth2_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_pre_tcp ip daddr @omr_dst_bypass_tun0_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_tun0_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_pre_tcp ip daddr @omr_dst_bypass_all_4 meta mark set 0x00004539 accept
nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_all_4 meta mark set 0x00004539 acceptmark values are the same for all cases
rdmitry0911
commented
6 months ago And not only this. After /etc/init.d/omr-bypass restart restart all rules with mark target in /etc/config/firewall are diasabled like this:
config rule 'omr_dst_bypass_tun0_dstport_udp_4'
option name 'omr_dst_bypass_tun0_dstport'
option src 'lan'
option dest '*'
option target 'MARK'
option enabled '0'
option set_xmark '0x45391500'
I have to enable them manually. And netxt time omr-bypass is restared they are disabled again
Ysurac
commented
6 months ago Rules are disabled when not used. Did you rebooted or restarted omr-bypass ?
rdmitry0911
commented
6 months ago Rebooted
rdmitry0911
commented
6 months ago bypass rules are not working without manual intervention
Ysurac
commented
6 months ago What do you have in uci show omr-bypass ?
rdmitry0911
commented
6 months ago Here it is:
omr-bypass.all=interface
omr-bypass.m6replay=proto
omr-bypass.m6replay.url='m6web.fr' '6play.fr' '6cloud.fr'
omr-bypass.mycanal=proto
omr-bypass.mycanal.url='mycanal.fr' 'canal-plus.com' 'canalplus.com' 'canalplus-cdn.net' 'canalplus.pro' 'canal-plus.net'
omr-bypass.minecraft=proto
omr-bypass.minecraft.url='authserver.mojang.com'
omr-bypass.lesnumeriques=proto
omr-bypass.lesnumeriques.url='lesnumeriques.com' 'botscorner.com' 'app.botscorner.com'
omr-bypass.disneyplus=proto
omr-bypass.disneyplus.url='bamgrid.com' 'disney-plus.net'
omr-bypass.amazonvideo=proto
omr-bypass.amazonvideo.url='cloudfront.net' 'llnw.net'
omr-bypass.free=proto
omr-bypass.free.url='free.fr' 'freebox.fr' 'oqee.tv' 'oqee.net'
omr-bypass.orange=proto
omr-bypass.orange.url='orange.fr' 'sosh.fr' 'liveperson.net' 'liveperson.com' 'lpsn.net' 'lpsnmedia.net' 'francetelecom.fr'
omr-bypass.eth0=interface
omr-bypass.eth0.id='9999'
omr-bypass.eth1=interface
omr-bypass.eth1.id='1002'
omr-bypass.eth2=interface
omr-bypass.eth2.id='1003'
omr-bypass.tun0=interface
omr-bypass.tun0.id='1500'
omr-bypass.global=global
omr-bypass.global.vpn_ipv4_md5='68b329da9893e34099c7d8ad5cb9c940'
omr-bypass.global.vpn_ipv6_md5='68b329da9893e34099c7d8ad5cb9c940'
omr-bypass.eth3=interface
omr-bypass.eth3.id='1004'
omr-bypass.@ips[0]=ips
omr-bypass.@ips[0].ip='1.1.1.2'
omr-bypass.@ips[0].interface='eth3'
You should have rules omr_dst_bypass_eth3_4 and omr_dst_bypass_eth3_dstip_4 as enabled in /etc/config/firewall and everything disabled.
What rules you need to enable to make bypass work ?
rdmitry0911
commented
6 months ago in /etc/firewall.omr-bypass I need
nft insert rule inet fw4 ss_rules_pre_tcp ip daddr @omr_dst_bypass_eth0_4 meta mark set 0x45391001 accept
nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_eth0_4 meta mark set 0x45391001 accept
nft insert rule inet fw4 ss_rules_pre_tcp ip daddr @omr_dst_bypass_eth1_4 meta mark set 0x45391002 accept
nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_eth1_4 meta mark set 0x45391002 accept
nft insert rule inet fw4 ss_rules_pre_tcp ip daddr @omr_dst_bypass_eth3_4 meta mark set 0x45391004 accept
nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_eth3_4 meta mark set 0x45391004 accept
nft insert rule inet fw4 ss_rules_pre_tcp ip daddr @omr_dst_bypass_eth2_4 meta mark set 0x45391003 accept
nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_eth2_4 meta mark set 0x45391003 accept
nft insert rule inet fw4 ss_rules_pre_tcp ip daddr @omr_dst_bypass_tun0_4 meta mark set 0x45391500 accept
nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_tun0_4 meta mark set 0x45391500 acceptWith this correction traffic from lan to 1.1.1.2 goes via right interface. However traffic from omr itself still doesn't go right way. For this some extra rules are required in /etc/firewall.omr-bypass
Also adding other types of rules in omr-bypass, for example Ports source rules doesn't enable correspondent firewall rule in /etc/config/firewall. I have to put option enabled '1' for this rule manually
rdmitry0911
commented
6 months ago I've just checked /etc/init.d/omr-bypass and found inconsistency in naming with /etc/config/firewall. In /etc/config/firewall there are separate rules for ipv4 and ipv6 For example there is such a rule:
config rule 'omr_dst_bypass_eth2_srcport_tcp_4'
option name 'omr_dst_bypass_eth2_srcport_tcp_4'
option proto 'tcp'
option src 'lan'
option dest '*'
option target 'MARK'
option enabled '1'
option set_xmark '0x45391003'
list src_port '22'while in /etc/init.d/omr-bypass there is no such separation in correspendent code:
_bypass_src_port() {
.
.
.
uci -q batch <<-EOF
add_list firewall.omr_dst_bypass_${intf}_dstport_tcp.src_port="$sport"
set firewall.omr_dst_bypass_${intf}_dstport_tcp.enabled='1'
EOF
this piece of code will try to setup and enable omr_dst_bypass_eth2_dstport_tcp rule which does't exist. To be consistent with firewall rules it should look like this (btw this specific example is messing up dest and src, which is, probably, copy/paste bug) :
_bypass_src_port() {
.
.
.
uci -q batch <<-EOF
add_list firewall.omr_dst_bypass_${intf}_srcport_tcp_4.src_port="$sport"
set firewall.omr_dst_bypass_${intf}_srcport_tcp_4.enabled='1'
EOF
Or, we can go opposit direction and rules in /etc/config/firewall shouldn't be separated by ipv4 and ipv6 to be consistent with /etc/init.d/omr-bypass. This way, probably, is more easy to implement as omr-bypass luci interface doesn't have ipv4/ipv6 selectors in most bypass rules
rdmitry0911
commented
6 months ago Where can I get the fix?
rdmitry0911
commented
6 months ago Ok, I managed to build image from the developer branch with the latest commits and found out that you made substantial changes to omr-bypass logic. Now I see the correct rules in nft tables and bypassed traffic goes via right routes. Will see how it works in more complex configurations
rdmitry0911
commented
6 months ago Still not all the problems are resolved. When I added another interfaces eth4 and eth5 for bypassing it got the same metric for them as for the previous one. And traffic rules messed up. now my rules look like this:
root@OpenMPTCProuter:~# ip ru sh
0: from all lookup local
0: from 192.168.50.100 lookup 2
0: from 192.168.82.151 lookup 1
0: from all oif eth5 lookup 1
0: from all fwmark 0x1 lookup 100
0: from all oif eth2 lookup 3
0: from all oif tun0 lookup 500
0: from all oif eth1 lookup 2
0: from 192.168.80.234 lookup 1
0: from all oif eth3 lookup 1
0: from 192.168.81.177 lookup 1
0: from 192.168.60.100 lookup 3
0: from 10.255.252.2 lookup 500
1: from all fwmark 0x45392 lookup 2
1: from all fwmark 0x45393 lookup 3
1: from all fwmark 0x4539500 lookup 500
1: from all fwmark 0x4539 lookup 991337
1: from all fwmark 0x45391 lookup 1
100: from all lookup lan
10000: from 192.168.99.1 lookup lan
20000: from all to 192.168.99.1/24 lookup lan
32766: from all lookup main
32767: from all lookup default
90002: from all iif lo lookup lanomr-bypass config looks like this:
root@OpenMPTCProuter:~# cat /etc/config/omr-bypass
config interface 'all'
config proto 'm6replay'
list url 'm6web.fr'
list url '6play.fr'
list url '6cloud.fr'
config proto 'mycanal'
list url 'mycanal.fr'
list url 'canal-plus.com'
list url 'canalplus.com'
list url 'canalplus-cdn.net'
list url 'canalplus.pro'
list url 'canal-plus.net'
config proto 'minecraft'
list url 'authserver.mojang.com'
config proto 'lesnumeriques'
list url 'lesnumeriques.com'
list url 'botscorner.com'
list url 'app.botscorner.com'
config proto 'disneyplus'
list url 'bamgrid.com'
list url 'disney-plus.net'
config proto 'amazonvideo'
list url 'cloudfront.net'
list url 'llnw.net'
config proto 'free'
list url 'free.fr'
list url 'freebox.fr'
list url 'oqee.tv'
list url 'oqee.net'
config proto 'orange'
list url 'orange.fr'
list url 'sosh.fr'
list url 'liveperson.net'
list url 'liveperson.com'
list url 'lpsn.net'
list url 'lpsnmedia.net'
list url 'francetelecom.fr'
config interface 'eth0'
option id '9999'
config interface 'eth1'
option id '2'
config interface 'eth2'
option id '3'
config interface 'tun0'
option id '500'
config global 'global'
option vpn_ipv4_md5 '68b329da9893e34099c7d8ad5cb9c940'
option vpn_ipv6_md5 '68b329da9893e34099c7d8ad5cb9c940'
config interface 'eth3'
option id '1'
config ips
option ip '1.1.1.2'
option interface 'eth3'
config ips
option ip '1.1.1.3'
option interface 'eth4'
config src_port
option sport '33'
option proto 'tcp'
option interface 'eth3'
config dest_port
option dport '22'
option proto 'tcp'
option interface 'eth3'
config interface 'eth4'
option id '1'
config interface 'eth5'
option id '1'
config ips
option ip '1.1.1.4'
option interface 'eth5'As you can see there are many interfaces with id=1 in omr-bypass config file. And strange thing there is no reference to eth4 in ip rules
Ysurac
commented
6 months ago What is the result of uci show network ?
rdmitry0911
commented
6 months ago It's here:
root@OpenMPTCProuter:~# uci show network
network.loopback=interface
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.loopback.multipath='off'
network.loopback.device='lo'
network.loopback.metric='1000'
network.globals=globals
network.globals.ula_prefix='fdcf:f4c9:d08e::/48'
network.globals.multipath='enable'
network.globals.mptcp_path_manager='fullmesh'
network.globals.mptcp_scheduler='blest'
network.globals.congestion='bbr'
network.globals.mptcp_checksum='0'
network.globals.mptcp_debug='0'
network.globals.mptcp_syn_retries='4'
network.globals.mptcp_subflows='8'
network.globals.mptcp_add_addr_accepted='1'
network.globals.mptcp_add_addr_timeout='120'
network.globals.mptcp_pm_type='0'
network.globals.mptcp_disable_initial_config='0'
network.globals.mptcp_force_multipath='1'
network.globals.mptcpd_enable='0'
network.globals.mptcp_fullmesh_num_subflows='1'
network.globals.mptcp_fullmesh_create_on_err='1'
network.globals.mptcp_ndiffports_num_subflows='1'
network.lan=interface
network.lan.proto='static'
network.lan.ipaddr='192.168.99.1'
network.lan.netmask='255.255.255.0'
network.lan.device='eth0'
network.lan.ifname='eth0'
network.lan.metric='9999'
network.lan.ipv6='0'
network.lan.delegate='0'
network.lan.addlatency='0'
network.lan.txqueuelen='2000'
network.lan.multipath='off'
network.lan.ip4table='lan'
network.lan.label='lan'
network.lan.defaultroute='0'
network.lan.peerdns='0'
network.lan_rule=rule
network.lan_rule.lookup='lan'
network.lan_rule.priority='100'
network.wan1=interface
network.wan1.device='eth1'
network.wan1.proto='static'
network.wan1.ip4table='wan'
network.wan1.multipath='master'
network.wan1.defaultroute='0'
network.wan1.delegate='0'
network.wan1.addlatency='0'
network.wan1.metric='2'
network.wan1.peerdns='0'
network.wan1.label='wan1'
network.wan1.ipv6='0'
network.wan1.ipaddr='192.168.50.100'
network.wan1.netmask='255.255.255.0'
network.wan1.gateway='192.168.50.1'
network.wan3=interface
network.wan3.device='eth3'
network.wan3.proto='dhcp'
network.wan3.ip4table='wan'
network.wan3.multipath='off'
network.wan3.defaultroute='0'
network.wan3.metric='1'
network.wan3.peerdns='0'
network.wan3.ipv6='0'
network.wan3.label='wg0'
network.wan3.delegate='0'
network.wan4=interface
network.wan4.device='eth4'
network.wan4.proto='dhcp'
network.wan4.ip4table='wan'
network.wan4.multipath='off'
network.wan4.defaultroute='0'
network.wan4.ipv6='0'
network.wan4.metric='1'
network.wan4.peerdns='0'
network.wan4.label='wg1'
network.wan4.delegate='0'
network.wan5=interface
network.wan5.device='eth5'
network.wan5.proto='dhcp'
network.wan5.ip4table='wan'
network.wan5.multipath='off'
network.wan5.defaultroute='0'
network.wan5.ipv6='0'
network.wan5.metric='1'
network.wan5.peerdns='0'
network.wan5.label='wg2'
network.wan5.delegate='0'
network.wan1_dev=device
network.wan1_dev.name='eth1'
network.wan1_dev.txqueuelen='500'
network.wan2=interface
network.wan2.device='eth2'
network.wan2.proto='static'
network.wan2.ip4table='wan'
network.wan2.multipath='on'
network.wan2.defaultroute='0'
network.wan2.delegate='0'
network.wan2.addlatency='0'
network.wan2.metric='3'
network.wan2.peerdns='0'
network.wan2.label='wan2'
network.wan2.ipv6='0'
network.wan2.ipaddr='192.168.60.100'
network.wan2.netmask='255.255.255.0'
network.wan2.gateway='192.168.60.1'
network.wan2_dev=device
network.wan2_dev.name='eth2'
network.wan2_dev.txqueuelen='500'
network.omrvpn=interface
network.omrvpn.device='tun0'
network.omrvpn.proto='none'
network.omrvpn.ip4table='vpn'
network.omrvpn.multipath='off'
network.omrvpn.leasetime='12h'
network.omrvpn.type='tunnel'
network.omrvpn.txqueuelen='100'
network.omrvpn.metric='500'
network.tun0=device
network.tun0.name='tun0'
network.tun0.mtu='1500'
network.omr6in4=interface
network.omr6in4.proto='6in4'
network.omr6in4.ip4table='vpn'
network.omr6in4.multipath='off'
network.omr6in4.ipaddr='10.255.255.2'
network.omr6in4.peeraddr='10.255.255.1'
network.omr6in4.gateway='fd00::a00:1/126'
network.omr6in4.ip6addr='fd00::a00:2/126'
network.omr6in4.auto='0'
network.omr6in4.metric='201'
network.eth0_fw_rule=rule
network.eth0_fw_rule.priority='1'
network.eth0_fw_rule.mark='0x45399999'
network.eth0_fw_rule.lookup='9999'
network.eth0_fw_rule6=rule6
network.eth0_fw_rule6.priority='1'
network.eth0_fw_rule6.mark='0x65399999'
network.eth0_fw_rule6.lookup='9999'
network.eth1_fw_rule=rule
network.eth1_fw_rule.priority='1'
network.eth1_fw_rule.mark='0x45392'
network.eth1_fw_rule.lookup='2'
network.eth1_fw_rule6=rule6
network.eth1_fw_rule6.priority='1'
network.eth1_fw_rule6.mark='0x65392'
network.eth1_fw_rule6.lookup='2'
network.eth2_fw_rule=rule
network.eth2_fw_rule.priority='1'
network.eth2_fw_rule.mark='0x45393'
network.eth2_fw_rule.lookup='3'
network.eth2_fw_rule6=rule6
network.eth2_fw_rule6.priority='1'
network.eth2_fw_rule6.mark='0x65393'
network.eth2_fw_rule6.lookup='3'
network.tun0_fw_rule=rule
network.tun0_fw_rule.priority='1'
network.tun0_fw_rule.mark='0x4539500'
network.tun0_fw_rule.lookup='500'
network.tun0_fw_rule6=rule6
network.tun0_fw_rule6.priority='1'
network.tun0_fw_rule6.mark='0x6539500'
network.tun0_fw_rule6.lookup='500'
network.all_fw_rule=rule
network.all_fw_rule.priority='1'
network.all_fw_rule.mark='0x4539'
network.all_fw_rule.lookup='991337'
network.all_fw_rule6=rule6
network.all_fw_rule6.priority='1'
network.all_fw_rule6.mark='0x6539'
network.all_fw_rule6.lookup='6991337'
network.lan_dev=device
network.lan_dev.name='eth0'
network.eth3_fw_rule=rule
network.eth3_fw_rule.priority='1'
network.eth3_fw_rule.mark='0x45391'
network.eth3_fw_rule.lookup='1'
network.eth3_fw_rule6=rule6
network.eth3_fw_rule6.priority='1'
network.eth3_fw_rule6.mark='0x65391'
network.eth3_fw_rule6.lookup='1'
network.us_fw_rule=rule
network.us_fw_rule.priority='1'
network.us_fw_rule.mark='0x45391'
network.us_fw_rule.lookup='1'
network.us_fw_rule6=rule6
network.us_fw_rule6.priority='1'
network.us_fw_rule6.mark='0x65391'
network.us_fw_rule6.lookup='1'
network.ru_fw_rule=rule
network.ru_fw_rule.priority='1'
network.ru_fw_rule.mark='0x45391'
network.ru_fw_rule.lookup='1'
network.ru_fw_rule6=rule6
network.ru_fw_rule6.priority='1'
network.ru_fw_rule6.mark='0x65391'
network.ru_fw_rule6.lookup='1'
network.eth4_fw_rule=rule
network.eth4_fw_rule.priority='1'
network.eth4_fw_rule.mark='0x45391'
network.eth4_fw_rule.lookup='1'
network.eth4_fw_rule6=rule6
network.eth4_fw_rule6.priority='1'
network.eth4_fw_rule6.mark='0x65391'
network.eth4_fw_rule6.lookup='1'
network.wan8_dev=device
network.wan8_dev.name='@us'
network.wan7_dev=device
network.wan7_dev.name='@ru'
network.wan6_dev=device
network.wan6_dev.name='@us'
network.wan5_dev=device
network.wan5_dev.name='eth5'
network.wan4_dev=device
network.wan4_dev.name='eth4'
network.wan3_dev=device
network.wan3_dev.name='eth3'
network.eth5_fw_rule=rule
network.eth5_fw_rule.priority='1'
network.eth5_fw_rule.mark='0x45391'
network.eth5_fw_rule.lookup='1'
network.eth5_fw_rule6=rule6
network.eth5_fw_rule6.priority='1'
network.eth5_fw_rule6.mark='0x65391'
network.eth5_fw_rule6.lookup='1'I would also need uci show openmptcprouter.wan1.metric to uci show openmptcprouter.wan5.metric
rdmitry0911
commented
6 months ago Here they are:
root@OpenMPTCProuter:~# uci show openmptcprouter.wan1.metric
openmptcprouter.wan1.metric='2'
root@OpenMPTCProuter:~# uci show openmptcprouter.wan2.metric
openmptcprouter.wan2.metric='3'
root@OpenMPTCProuter:~# uci show openmptcprouter.wan3.metric
openmptcprouter.wan3.metric='1'
root@OpenMPTCProuter:~# uci show openmptcprouter.wan4.metric
openmptcprouter.wan4.metric='1'
root@OpenMPTCProuter:~# uci show openmptcprouter.wan5.metric
openmptcprouter.wan5.metric='1'I also noticed, that if I delete an interface, for example wan3 and then add a new one using settings wizard, the script will assign a next number to it. In my example it will be wan4. wan3 will never be assigned again. It would be better if the script fills the gaps in numbering
rdmitry0911
commented
6 months ago I made omr configuration from the ground up. A new version of mptcp commited yesterday generates another, but still wrong id for the interfaces listed in omr-bypass:
root@OpenMPTCProuter:~# cat /etc/config/omr-bypass
config interface 'all'
config proto 'm6replay'
list url 'm6web.fr'
list url '6play.fr'
list url '6cloud.fr'
config proto 'mycanal'
list url 'mycanal.fr'
list url 'canal-plus.com'
list url 'canalplus.com'
list url 'canalplus-cdn.net'
list url 'canalplus.pro'
list url 'canal-plus.net'
config proto 'minecraft'
list url 'authserver.mojang.com'
config proto 'lesnumeriques'
list url 'lesnumeriques.com'
list url 'botscorner.com'
list url 'app.botscorner.com'
config proto 'disneyplus'
list url 'bamgrid.com'
list url 'disney-plus.net'
config proto 'amazonvideo'
list url 'cloudfront.net'
list url 'llnw.net'
config proto 'free'
list url 'free.fr'
list url 'freebox.fr'
list url 'oqee.tv'
list url 'oqee.net'
config proto 'orange'
list url 'orange.fr'
list url 'sosh.fr'
list url 'liveperson.net'
list url 'liveperson.com'
list url 'lpsn.net'
list url 'lpsnmedia.net'
list url 'francetelecom.fr'
config interface 'eth0'
option id '9999'
config interface 'eth1'
option id '2'
config interface 'eth2'
option id '3'
config interface 'tun0'
option id '1500'
config global 'global'
option vpn_ipv4_md5 '68b329da9893e34099c7d8ad5cb9c940'
option vpn_ipv6_md5 '68b329da9893e34099c7d8ad5cb9c940'
config interface 'eth3'
option id '1'
config interface 'eth4'
option id '2'
config interface 'eth5'
option id '2'
github-actions[bot]
commented
3 months ago This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 5 days
Expected Behavior
I expect that omr-bypass works When I put anything in omr-bypass settings I expect the script to generate correct rules to bypass
Current Behavior
Script generates rules for the firewall that can not be executed I see these messages in firewal log:
values generated for set_xmark and set_mark are too long
Possible Solution
Make shorter the values generated by scripts for expressions in firewall with set_xmark and set_mark statements
Steps to Reproduce the Problem
Context (Environment)
Different routes for different cases
Specifications