Asus 86u running merlin not routing

[RMerlin]

@RMerlin
It's actually updown.sh that's missing the concatenation for clientlist

https://github.com/RMerl/asuswrt-merlin.ng/blob/master/release/src/router/others/updown.sh#L13

Good catch. Note that this only affects DNS enforcement tho, not client routing.

 

[john9527]

Good catch. Note that this only affects DNS enforcement tho, not client routing.

Yes, but if you look at the first post, this was actually his concern, DNS routing which I think he confused with VPN routing.

 

[Mikeyg76]

Are you using the firmware's vpnrouting.sh script, or a customized one? The firmware's built-in script should properly append all entries.

https://github.com/RMerl/asuswrt-merlin.ng/blob/master/release/src/router/others/vpnrouting.sh#L114

I just tested it with a bunch of entries split across two variables, all clients are there:

admin@stargate88ax:/tmp/home/root# ip rule
0:    from all lookup local
10501:    from 192.168.10.105 lookup ovpnc3
10502:    from 192.168.10.80 lookup ovpnc3
10503:    from 192.168.10.81 lookup ovpnc3
10504:    from 192.168.10.82 lookup ovpnc3
10505:    from 192.168.10.83 lookup ovpnc3
10506:    from 192.168.10.85 lookup ovpnc3
10507:    from 192.168.10.86 lookup ovpnc3
10508:    from 192.168.10.87 lookup ovpnc3
10509:    from 192.168.10.88 lookup ovpnc3
10510:    from 192.168.10.89 lookup ovpnc3
32766:    from all lookup main
32767:    from all lookup default

I am using the boxes in your firmware, no other scripts. To be honest I would not even know how to input a script

 

[Mikeyg76]

@Mikeyg76
Are you using any of @Martineau 's script packages? I think he may package a customized vpnrouting with some of them.

No just using the VPN routing from inside Merlin’s firmware

 

[Mikeyg76]

Yes, but if you look at the first post, this was actually his concern, DNS routing which I think he confused with VPN routing.

Yes you are right, it’s the DNS routing. Thanks again for everyone’s help with this!

 

[Mikeyg76]

Here is a updated system log, it appears to show that upto .129 the router is routing the DNS, after that it stops even though it shows the next two going through the WAN, they should also be getting DNS routing.

Nov 26 12:44:50 openvpn-updown: Forcing 192.168.50.0/24 to use DNS server 10.26.124.1
Nov 26 12:44:50 openvpn-updown: Excluding 192.168.50.165 from forced DNS routing
Nov 26 12:44:50 openvpn-updown: Excluding 192.168.50.10 from forced DNS routing
Nov 26 12:44:50 openvpn-updown: Excluding 192.168.50.76 from forced DNS routing
Nov 26 12:44:50 openvpn-updown: Excluding 192.168.50.20 from forced DNS routing
Nov 26 12:44:50 openvpn-updown: Excluding 192.168.50.157 from forced DNS routing
Nov 26 12:44:50 openvpn-updown: Excluding 192.168.50.129 from forced DNS routing
Nov 26 12:44:50 rc_service: service 6946:notify_rc updateresolv
Nov 26 12:44:55 ovpn-client1[6789]: /bin/ip route add 94.100.23.162/32 via 47.208.228.1
Nov 26 12:44:55 ovpn-client1[6789]: /bin/ip route add 0.0.0.0/1 via 10.26.124.1
Nov 26 12:44:55 ovpn-client1[6789]: /bin/ip route add 128.0.0.0/1 via 10.26.124.1
Nov 26 12:44:55 openvpn-routing: Configuring policy rules for client 1
Nov 26 12:44:55 openvpn-routing: Creating VPN routing table (mode 3)
Nov 26 12:44:55 openvpn-routing: Removing route for 0.0.0.0/1 to tun11 from main routing table
Nov 26 12:44:55 openvpn-routing: Removing route for 128.0.0.0/1 to tun11 from main routing table
Nov 26 12:44:55 openvpn-routing: Adding route for 192.168.50.0/24 to 0.0.0.0 through VPN client 1
Nov 26 12:44:55 openvpn-routing: Adding route for 192.168.50.165 to 0.0.0.0 through WAN
Nov 26 12:44:55 openvpn-routing: Adding route for 192.168.50.10 to 0.0.0.0 through WAN
Nov 26 12:44:56 openvpn-routing: Adding route for 192.168.50.76 to 0.0.0.0 through WAN
Nov 26 12:44:56 openvpn-routing: Adding route for 192.168.50.20 to 0.0.0.0 through WAN
Nov 26 12:44:56 openvpn-routing: Adding route for 192.168.50.157 to 0.0.0.0 through WAN
Nov 26 12:44:56 openvpn-routing: Adding route for 192.168.50.129 to 0.0.0.0 through WAN
Nov 26 12:44:56 openvpn-routing: Adding route for 192.168.50.184 to 0.0.0.0 through WAN
Nov 26 12:44:56 openvpn-routing: Adding route for 192.168.50.154 to 0.0.0.0 through WAN
Nov 26 12:44:56 openvpn-routing: Completed routing policy configuration for client 1
Nov 26 12:44:56 ovpn-client1[6789]: Initialization Sequence Completed

 

[RMerlin]

Here is a updated system log, it appears to show that upto .129 the router is routing the DNS, after that it stops even though it shows the next two going through the WAN, they should also be getting DNS routing.

As previously discussed, the issue lies in the updown.sh script that's not able to handle your long list of clients when configuring DNS routing. You will have to either wait for the 384.8 release with a fix, or manually use a modified updown.sh version.