Menu
What's new
By:
Filters Better Search

Search results

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

  1. S

    Unbound Unbound DNS VPN Client w/policy rules

    If I remember correctly I had you set up whatsmyip.com as the bypass check (i.e. check to make sure x3mRouting is bypassing the vpn for packets marked with 0x8000 so those packets should be getting connected directly through WAN) and dnsleak test is to make sure x3mRouting is forcing packets...
  2. S

    Unbound Unbound DNS VPN Client w/policy rules

    No problem. I’m also quite happy with it. Nothing hard or complicated about it but it gets the job done so unbound can work like I want it to. Just a quick update. I didn’t get a chance to look at it yesterday but I’m hoping to pull up the iptables man page during lunch today to see if there...
  3. S

    Unbound Unbound DNS VPN Client w/policy rules

    Whoops. That’s happening because the iptables delete rules are referencing the nvram values so when you change them the rules do not get removed as they should. I will write a small patch today to address that issue. In the mean time as you stated rebooting will remove the old rules and only use...
  4. S

    Entware Entware architecture?

    Okay this might be exactly what I needed. Thanks!
  5. S

    Entware Entware architecture?

    Whoops that might be good info to provide. I am using the ax88u on Merlin 384.19 and I’m pulling apart the arm64 Debian package. Just trying to figure out how to get the systemctl stuff to run because I don’t think Merlin handles that the same way.
  6. S

    Entware Entware architecture?

    Does anyone have some resources they can share on the architecture of entware and how it integrates with the rest of the system? I’m having trouble finding a good write up so I’ll take whatever anyone’s got for me. I’ve been working on porting nordvpn’s application over so i can run nordlynx...
  7. S

    Unbound Unbound DNS VPN Client w/policy rules

    If everything is working for you all the rules have been set up and you don’t need any extra commands. Running additional x3mRouting commands won’t cause problems but I believe duplicating domains is a no no so if you have run something with a rule for Netflix.com you can’t use Netflix.com again...
  8. S

    Unbound Unbound DNS VPN Client w/policy rules

    Yep same deal. wan_ip and vpn_ip are strictly names. And the domain names can be whatever but if you list a domain name(web address) in the wan_ip rule it’s going to connect through your wan and not your vpn and the same goes for the vpn_ip. You can list multiple domains separated by commas if...
  9. S

    Unbound Unbound DNS VPN Client w/policy rules

    No sorry for the confusion that’s just the name of the ip set you can call it whatever. The important parts are the “x3mRouting 1 0” and “x3mRouting ALL 1” bits of the commands. That’s what creates the proper rules. The name can be whatever and you do need to list something for the dnsmasq...
  10. S

    Unbound Unbound DNS VPN Client w/policy rules

    To get unbound to resolve via vpn client 1 you need to create the script in /jffs/scripts/ and add the calls in /jffs/scripts/x3mRouting/vpnclient1-route-up and /jffs/scripts/x3mRouting/vpnclient1-route-pre-down. All that stuff is listed a couple posts back. I piggybacked the script off of ip...
  11. S

    Unbound Unbound DNS VPN Client w/policy rules

    I changed the way a couple of values are used. Like the wan0_dns nvram variable is called and stored rather than wrapping the call in each of the iptables commands. I also made it so if only one of the two wan0_dns fields is populated it will copy the valid field into the empty one and if they...
  12. S

    Unbound Unbound DNS VPN Client w/policy rules

    I put everything in functions and made a few little tweaks. I still need to add comments and incorporate a couple of checks to make sure the user has everything configured/installed as expected. User configuration: Unbound - running as system resolver X3mRouting - installed (must have rules to...
  13. S

    Unbound Unbound DNS VPN Client w/policy rules

    Try running this and then run ip rule again x3mRouting ALL 1 dummy dnsmasq=dummy.me
  14. S

    Unbound Unbound DNS VPN Client w/policy rules

    You are missing “from all fwmark 0x1000/0x1000 lookup ovpnc1”
  15. S

    Unbound Unbound DNS VPN Client w/policy rules

    You don’t need to enable the vpn 1 option in unbound as this is done in the script but that shouldn’t cause any problems. Make sure dns is set to router mode. To force traffic to dnsmasq. In your guest networks and vpn configurations you can list your routers ip as the dns server to make...
  16. S

    Unbound Unbound DNS VPN Client w/policy rules

    Hmm that all looks right. Can you also check that x3mRouting has rules created? run this to display your ip rules: ip rule
  17. S

    Unbound Unbound DNS VPN Client w/policy rules

    I do that all the time haha
  18. S

    Unbound Unbound DNS VPN Client w/policy rules

    No that does not look right. Dns leak test should show your vpn on the main screen and during the test. Also make sure you used the same domain your browser shows you using what IS my ip. I have whats my ip in the rule I posted can you run and post the output iptables -nvL OUTPUT -t mangle
  19. S

    Unbound Unbound DNS VPN Client w/policy rules

    Remove the screen shots with your Wan IP. Don’t want to invite unnecessary “security audits”
  20. S

    Unbound Unbound DNS VPN Client w/policy rules

    You can run this to create a new ipset with a bypass rule for vpn client 1 so any packets that match will get marked and not go through your vpn tunnel. x3mRouting 1 0 whatsMyIP dnsmasq=whatsmyip.com If you already have an ipset using the dnsmasq method you can just add the domain to that set...
Top