Bypass Plex traffic on router running vpn client, Working good so far, Testing for few days

[Ajay1685]

Everything seems working as I intended, still testing for anything I may have missed.


I found this script reddit by a user name: Scare_norm
The script placed in /jffs/scripts/ as Plex_StaticRoute.sh (note: with extension .sh)

#!/bin/sh

logger "Starting Plex static route script..."

#Fetch Current Server Address for plex.tv

DNS1=$(nslookup plex.tv | tail -1 | awk -F " " '{print $3}')
DNS2=$(nslookup plex.tv 8.8.8.8 | tail -2 | awk -F " " '{print $3}' | tail -1)
DNS3=$(nslookup plex.tv 8.8.4.4 | tail -2 | awk -F " " '{print $3}' | tail -1)
DNS4=$(nslookup plex.tv 68.105.28.11 | tail -2 | awk -F " " '{print $3}' | tail -1)
DNS5=$(nslookup plex.tv 68.105.29.11 | tail -2 | awk -F " " '{print $3}' | tail -1)

logger "Grabbing current ipaddresses from plex.tv"
DNS="$DNS1 $DNS2 $DNS3 $DNS4 $DNS5"
UNIQ_IP=$(echo "$DNS" | tr ' ' '\n' | sort -u | tr '\n' ' ')
logger "Current registered ip addresses: $DNS"

for IP in $UNIQ_IP
do
        #Create localroute variable to see if route exists
        localroute=`route | grep $IP`
        #Check if route exists
        if [[ -z "$localroute" ]]; then
                #route doesn't exist, add route
                logger "Route doesn't exist, creating..."
                route add -net "$IP" netmask 255.255.255.255 gw `nvram get wan_gateway`
                logger "New routes using $IP created"
                echo $IP
        else
                #route exists, hurray
                logger "Plex static routes exist.  Cool!"
                echo "yay"
        fi
done
logger "Plex static route script complete."
exit 0

Here is my services-start script , also placed in /jffs/scripts/ , (note: without any extension)
to launch Plex_StaticRoutes.sh at boot and on the top setup cron job to execute every hour
Thanks to john9527

#!/bin/sh
sleep 4
#Run the script at boot time
/jffs/scripts/Plex_StaticRoute.sh
#Set the script to run again each hour
cru a PlexStaticRoute "0 */1 * * * /jffs/scripts/Plex_StaticRoute.sh"
exit 0

my openvpn-event script , also placed in /jffs/scripts/ , (note: without any extension)
I found on snb forum by user CODYQX4

#!/bin/sh

# Setup FWMarks
WAN0=200
WAN1=201
VPN1=211
VPN2=212
VPN3=213
VPN4=214
VPN5=215

# Disable Reverse Path Filtering
sleep 10
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
    echo 0 > $i
done

# Reset Primary WAN Routing Table
ip route flush table wan0
ip route del default table wan0
ip rule del fwmark $WAN0 table wan0
ip rule del fwmark $VPN1 table ovpnc1
ip rule del fwmark $VPN2 table ovpnc2
ip rule del fwmark $VPN3 table ovpnc3
ip rule del fwmark $VPN4 table ovpnc4
ip rule del fwmark $VPN5 table ovpnc5
ip route flush cache
iptables -t mangle -F PREROUTING

# Reset Primary WAN Routing Table Rules
#VPN_LIST="1 2 3 4 5"
VPN_LIST="1"
for VPNID in $VPN_LIST
do
    # Copy IP Routing Rules
    ip route show table main | grep -Ev ^default | grep -Ev tun1$VPNID | while read ROUTE;
    do
        ip route add table wan0 $ROUTE
    done
 
    # Set Active VPN State
    VPN_STATE=$(nvram get "vpn_client"$VPNID"_state")
    if [ $VPN_STATE -eq -1 ]
    then
        nvram set "vpn_client"$VPNID"_state"=2
    fi
done

ip route add default table wan0 via $(nvram get wan0_gateway)
ip rule add fwmark $WAN0 table wan0
ip rule add fwmark $VPN1 table ovpnc1
ip rule add fwmark $VPN2 table ovpnc2
ip rule add fwmark $VPN3 table ovpnc3
ip rule add fwmark $VPN4 table ovpnc4
ip rule add fwmark $VPN5 table ovpnc5
ip route flush cache

# Plex Traffic: Bypass VPN
iptables -t mangle -A PREROUTING -i br0 -p tcp --sport 32400 -j MARK --set-mark $WAN0
iptables -t mangle -A PREROUTING -i br0 -p udp --sport 32400 -j MARK --set-mark $WAN0
iptables -t mangle -A PREROUTING -i br0 -p tcp --dport 32400 -j MARK --set-mark $WAN0
iptables -t mangle -A PREROUTING -i br0 -p udp --dport 32400 -j MARK --set-mark $WAN0

# SSH Traffic: Bypass VPN
iptables -t mangle -A PREROUTING -i br0 -p tcp --sport 22 -j MARK --set-mark $WAN0
iptables -t mangle -A PREROUTING -i br0 -p udp --sport 22 -j MARK --set-mark $WAN0
iptables -t mangle -A PREROUTING -i br0 -p tcp --dport 22 -j MARK --set-mark $WAN0
iptables -t mangle -A PREROUTING -i br0 -p udp --dport 22 -j MARK --set-mark $WAN0

# Portforwarding through VPN
iptables -I FORWARD -i tun11 -p udp -d 192.168.2.111 --dport 52525 -j ACCEPT
iptables -I FORWARD -i tun11 -p tcp -d 192.168.2.111 --dport 52525 -j ACCEPT
iptables -t nat -I PREROUTING -i tun11 -p tcp --dport 52525 -j DNAT --to-destination 192.168.2.111:52525
iptables -t nat -I PREROUTING -i tun11 -p udp --dport 52525 -j DNAT --to-destination 192.168.2.111:52525

Will keep the post upto date as I make progress, Thank you RMerlin and this great community. All the credit goes back to the community there is nothing here I can take credit for its all the bits and pieces I found here on the forums.

Port 32400 forwarded to client running plex server in GUI
OpenVPN client setup page
Redirect Internet traffic : Policy Rules,
Block routed clients if tunnel goes down: Yes

 

[CooCooCaChoo]

Yeah, the cron job is fubar. You have to add 'cru a' in front of the lines that add the cron job.

For once an hour use this:

cru a NAMEOFJOB "0 * * * * <COMMAND>"

 

[Ajay1685]

Yeah, the cron job is fubar. You have to add 'cru a' in front of the lines that add the cron job.

For once an hour use this:

cru a NAMEOFJOB "0 * * * * <COMMAND>"

Still can not for the life of me figure out what am I doing wrong, please help. I updated my original post to reflect changes I made

 

[john9527]

The script I use as wan-start, I can see it executes in the syslog, so I am hoping this is indeed creating Plex_StaticRoute.sh , but I looked into /tmp folder and its not there !!

This isn't a script to be run as wan-start.....it's a series of commands/text to be done once by pasting them to the command line to create the Plex_StaticRoute.sh script. I've made a slight change at the end. Select all the text in the Code box (minus the Code: header at the top, but including the last blank line), copy it to the clipboard, then open a command prompt on the router and do a paste. I changed it to save the script to /jffs/scripts, so it will be permanent and then you can just run it from there in the future.

#Create Plex Static Route Script on Startup as wan-start in merlin
cat <<'EOL' > /jffs/scripts/Plex_StaticRoute.sh
#!/bin/sh

logger "Starting Plex static route script..."

#Fetch Current Server Address for plex.tv

DNS1=$(nslookup plex.tv | tail -1 | awk -F " " '{print $3}')
DNS2=$(nslookup plex.tv 8.8.8.8 | tail -2 | awk -F " " '{print $3}' | tail -1)
DNS3=$(nslookup plex.tv 8.8.4.4 | tail -2 | awk -F " " '{print $3}' | tail -1)
DNS4=$(nslookup plex.tv 68.105.28.11 | tail -2 | awk -F " " '{print $3}' | tail -1)
DNS5=$(nslookup plex.tv 68.105.29.11 | tail -2 | awk -F " " '{print $3}' | tail -1)

logger "Grabbing current ipaddresses from plex.tv"
DNS="$DNS1 $DNS2 $DNS3 $DNS4 $DNS5"
UNIQ_IP=$(echo "$DNS" | tr ' ' '\n' | sort -u | tr '\n' ' ')
logger "Current registered ip addresses: $DNS"

for IP in $UNIQ_IP
do
        #Create localroute variable to see if route exists
        localroute=`route | grep $IP`
        #Check if route exists
        if [[ -z "$localroute" ]]; then
                #route doesn't exist, add route
                logger "Route doesn't exist, creating..."
                route add -net "$IP" netmask 255.255.255.255 gw `nvram get wan_gateway`
                logger "New routes using $IP created"
                echo $IP
        else
                #route exists, hurray
                logger "Plex static routes exist.  Cool!"
                echo "yay"
        fi
done
logger "Plex static route script complete."
exit 0
EOL
chmod +x /jffs/scripts/Plex_StaticRoute.sh

 

[john9527]

For running the script, I recommend using services-start instead of init-start.
Save the following as /jffs/scripts/services-start

#!/bin/sh

#Runs a script every hour to check the ip address of plex.tv and then creates a static route so that it bypasses the VPN
cru a PlexStaticRoute "0 */1 * * * /jffs/scripts/Plex_StaticRoute.sh"
exit 0

 

[Ajay1685]

For running the script, I recommend using services-start instead of init-start.
Save the following as /jffs/scripts/services-start

#!/bin/sh

#Runs a script every hour to check the ip address of plex.tv and then creates a static route so that it bypasses the VPN
cru a PlexStaticRoute "0 */1 * * * /jffs/scripts/Plex_StaticRoute.sh"
exit 0

So if I run this commands using putty , it will create Plex_StaticRoute.sh in tmp folder.
So if understand this correct Plex_StaticRoute.sh wouldn't survive a reboot. Is that right ?

 

[john9527]

So if I run this commands using putty , it will create Plex_StaticRoute.sh in tmp folder.
So if understand this correct Plex_StaticRoute.sh wouldn't survive a reboot. Is that right ?

That's why I changed the first 'create' commands to make the script in /jffs/scripts instead of /tmp

 

[Ajay1685]

That's why I changed the first 'create' commands to make the script in /jffs/scripts instead of /tmp

that makes sense, I replied too quick from phone without trying or looking at the details.
Thank you for trying to help.
Giving it a try now

 

[john9527]

that makes sense, I replied too quick from phone without trying or looking at the details.
Thank you for trying to help.
Giving it a try now

Sorry, I also forgot to change the first line comment just to add a little confusion
You also get rid of the need for a wan-start script doing it this way.

 

[Ajay1685]

Sorry, I also forgot to change the first line comment just to add a little confusion
You also get rid of the need for a wan-start script doing it this way.

Running the commands created Plex_StaticRoute.sh in the jffs/scripts/ folder. And I also created services-start .
here is a snippet of syslog after reboot, script seems to be executing fine thanks. But my plex server still sees my VPN IP , will have to work on that.

Feb  8 22:49:49 openvpn[669]: Initialization Sequence Completed
Feb  8 22:50:09 crond[445]: time disparity of 803749 minutes detected
Feb  8 23:00:01 crond[445]: crond: USER admin pid 868 cmd /jffs/scripts/Plex_StaticRoute.sh
Feb  8 23:00:01 admin: Starting Plex static route script...
Feb  8 23:00:42 disk_monitor: Got SIGALRM...
Feb  8 23:01:36 admin: Grabbing current ipaddresses from plex.tv
Feb  8 23:01:36 admin: Current registered ip addresses: 52.210.223.97 52.210.223.97 52.210.244.61
Feb  8 23:01:36 admin: Route doesn't exist, creating...
Feb  8 23:01:36 admin: New routes using 52.210.223.97 created
Feb  8 23:01:36 admin: Route doesn't exist, creating...
Feb  8 23:01:36 admin: New routes using 52.210.244.61 created
Feb  8 23:01:36 admin: Plex static route script complete.

 

[john9527]

looks good....was thinking you should also probably add a separate call to the script at the start of services-start. Then the script will run immediately on boot, and then at the top of every hour going forward.

#!/bin/sh

#Runs a script every hour to check the ip address of plex.tv and then creates a static route so that it bypasses the VPN
#Run the script at boot time
/jffs/scripts/Plex_StaticRoute.sh
#Set the script to run again at the top of each hour
cru a PlexStaticRoute "0 */1 * * * /jffs/scripts/Plex_StaticRoute.sh"
exit 0

 

[Ajay1685]

looks good....was thinking you should also probably add a separate call to the script at the start of services-start. Then the script will run immediately on boot, and then at the top of every hour going forward.

#!/bin/sh

#Runs a script every hour to check the ip address of plex.tv and then creates a static route so that it bypasses the VPN
#Run the script at boot time
/jffs/scripts/Plex_StaticRoute.sh
#Set the script to run again at the top of each hour
cru a PlexStaticRoute "0 */1 * * * /jffs/scripts/Plex_StaticRoute.sh"
exit 0

I did the changes to services-start , thanks for that suggestion

I have this script, I am not sure if it should be run as openvpn-event or firewall-start.

#!/bin/sh

# Script to route traffic from home network through VPN selectively.
# Based off the discussion at http://www.smallnetbuilder.com/forums/showthread.php?t=9311

logger -t "($(basename $0))" $$ ExpressVPN Selective Customization Starting... " $0${*:+ $*}."

PlexServer="192.168.2.111"
ByPassPortList="32400,5938,22"
BitTorrentPortList="52525"


#
# Disable Reverse Path Filtering on all current and future network interfaces:
#
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
echo 0 > $i
done

#
# Delete table 100 and flush any existing rules if they exist.
#
ip route flush table 100
ip route del default table 100
ip rule del fwmark 1 table 100
ip route flush cache
iptables -t mangle -F PREROUTING

#
# Copy all non-default and non-VPN related routes from the main table into table 100.
# Then configure table 100 to route all traffic out the WAN gateway and assign it mark "1"
#
tun_if="tun11"

ip route show table main | grep -Ev ^default | grep -Ev $tun_if \
| while read ROUTE ; do
ip route add table 100 $ROUTE
logger -t "($(basename $0))" $$ ExpressVPN Table 100 added entry: $ROUTE
done

ip route add default table 100 via $(nvram get wan_gateway)
ip rule add fwmark 1 table 100
ip route flush cache

# By default all traffic bypasses the VPN
#iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1

logger -t "($(basename $0))" $$ Selective customisation for: "$"PlexServer PlexServer
# By default Synology uses the VPN, and FORCES the use of the VPN tunnel except ports needing access from outside LAN
# MediaVault Server
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range $PlexServer -j MARK --set-mark 0
#Just drop packets to Bit Torrents should the VPN go down
iptables -I FORWARD -i br0 -s $PlexServer -o eth0 -m multiport --port $BitTorrentPortList -j DROP
#iptables -I FORWARD -i br0 -s $PlexServer -o eth0 -p tcp -m multiport --port $ByPassPortList -j ACCEPT

logger -t "($(basename $0))" $$ Routing ports to bypass VPN on all Devices:
#ports to bypass the VPN for all available devices
iptables -t mangle -A PREROUTING -i br0 -p tcp -m multiport --port $ByPassPortList -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i br0 -p udp -m multiport --port $ByPassPortList -j MARK --set-mark 1
#All WOL signal to bypass VPN
iptables -t mangle -A PREROUTING -i br0 -p udp -m multiport --port 9 -j MARK --set-mark 1

#Note: Plex.tv static routing is done in startup and cronjob.  Updates every 60 minutes

logger -t "($(basename $0))" $$ ExpressVPN Selective Customization completed.



#Fixes Firewall blocking DHCP Renew Responses
iptables -I INPUT -p udp --dport 68 -j ACCEPT

 

[john9527]

I have this script, I am not sure if it should be run as openvpn-event or firewall-start.

Actually, none of the above.....see this post for one way to manage vpn related scripts
https://www.snbforums.com/threads/f...eleases-v22e4-23b8.18914/page-240#post-294825

A couple of potential pitfalls to avoid....
- Remember if you add things (routing tables, iptables rules) to a VPN when it comes up, you are also responsible to remove them when the VPN comes down
- You should not use fwmarks in the range 1-767 (0x1 - 0x2ff) and 0x8000 as these are used by various versions of the firmware. I'd recommend using 0x1000 for custom bypass marking.
- If you are using Merlin's Policy based routing, you need to watch out for routing table conflicts. You should look for posts describing how Merlin manipulates the routing tables and work within that framework.

Unfortunately, doing this is not as easy as one would hope.

 

[Ajay1685]

Actually, none of the above.....see this post for one way to manage vpn related scripts
https://www.snbforums.com/threads/f...eleases-v22e4-23b8.18914/page-240#post-294825

A couple of potential pitfalls to avoid....
- Remember if you add things (routing tables, iptables rules) to a VPN when it comes up, you are also responsible to remove them when the VPN comes down
- You should not use fwmarks in the range 1-767 (0x1 - 0x2ff) and 0x8000 as these are used by various versions of the firmware. I'd recommend using 0x1000 for custom bypass marking.
- If you are using Merlin's Policy based routing, you need to watch out for routing table conflicts. You should look for posts describing how Merlin manipulates the routing tables and work within that framework.

Unfortunately, doing this is not as easy as one would hope.

I thought at first it would not be too hard to implement few scripts I found here and there on forums and reddit, but I guess I was wrong.
Selective routing seems more complex now that I understand a bit more while trying to implement my own. I hope this won't discourage me from learning more about it and prevent me from implementing it. People like you really are a gift to communities like these. Thank you.

Answer to your pifalls,
1. I should not be worried about removing the routes should the VPN go down because I have dedicated AC68U running VPN behind my primary router with a different subnet, and only one client (MediaServer) running headless. I only need one port to function in the event of VPN failure which is my plex 32400 through WAN (not VPN). I need to implement that last script as sort of kill switch to only let port 32400 traffic go through and rest can be cutoff in the event of VPN failure.

2. I will correct my fwmarks , now that I know they can result in conflict with router operations.

3. I am not using Merlin's policy based routing from GUI , I should let the last script (firewall-start or openvpn-event) handle the routing.

I am not so good when it comes to network routing , I am certainly not a noob rather an advanced user.

Looks like my Plex_StaticRoutes.sh doing what is suppose to do , My plex can finally see my public IP and not the VPN IP .

 

[john9527]

1. I should not be worried about removing the routes should the VPN go down because I have dedicated AC68U running VPN behind my primary router with a different subnet, and only one client (MediaServer) running headless. I only need one port to function in the event of VPN failure which is my plex 32400 through WAN (not VPN). I need to implement that last script as sort of kill switch to only let port 32400 traffic go through and rest can be cutoff in the event of VPN failure.

Welcome to the fun!

One thing you are ignoring in the above argument is that a VPN failure can cause a restart of the VPN (taking it down then back up).....so you need still need to worry about cleaning things up as it go down. And what will happen if you decide you need another VPN client or a VPN server in the future? Using a basic openvpn-event or firewall-start won't handle this. I'd still recommend you invest the time to set up the correct framework to differentiate VPN events.

Since you aren't using Policy based routing (everything is going through the VPN), it will simplify things somewhat. But are you sure that is really what you want?

 

[Ajay1685]

Welcome to the fun!

One thing you are ignoring in the above argument is that a VPN failure can cause a restart of the VPN (taking it down then back up).....so you need still need to worry about cleaning things up as it go down. And what will happen if you decide you need another VPN client or a VPN server in the future? Using a basic openvpn-event or firewall-start won't handle this. I'd still recommend you invest the time to set up the correct framework to differentiate VPN events.

Since you aren't using Policy based routing (everything is going through the VPN), it will simplify things somewhat. But are you sure that is really what you want?

https://www.snbforums.com/threads/tutorial-plex-vpn-bypass.31410/
I found this interesting post , which might take care of a few problems (specially with multiple VPN servers incase if I ever implement them). Now that my static routes are working , with this script in his post I let plex traffic bypass the VPN. I checked following things so far,
1. Plex is detecting correct IP , Remote access is green because port 32400 is redirected to WAN and not VPN
2. Torrent client reporting VPN IP
3. Found no DNS leak on https://ipleak.net/


so the issue narrows down to two things.
1. I will still have to some how implement a kill switch in that script to block all P2P when VPN is down (not sure if selecting "All" traffic through vpn on clinet setup page takes care of that)
2. As you emphasis I would also need a script for cleanup when the VPN goes down (or restarts).

But are you sure that is really what you want?

Yes I am sure, Its a decicated router for VPN, with one headless client with plex and P2P, what else could I want from that second router (as far as my requirements). I will do some search on various VPN events I could possibly implement.
Do you have a suggestion which could narrow down my search scope.

 

[Ajay1685]

As of today , Looks like it is working as intended. Also updated the first post to reflect the changes.

 

[pacmanpc]

As of today , Looks like it is working as intended. Also updated the first post to reflect the changes.

Hi mate i have the same issue i have just bought an asus rt-ac68u and installed merlin on it.

I am a complete noob when it comes to configuring it but i would like ALL my traffic to go via vpn besides plex server as i ned to access it remotely.

Im trying to muddle through this post but alot of it is over my head.

Any chance you could point me in the right direction and give me step by step instructions to get it working?

 

[Ajay1685]

Hi mate i have the same issue i have just bought an asus rt-ac68u and installed merlin on it.

I am a complete noob when it comes to configuring it but i would like ALL my traffic to go via vpn besides plex server as i ned to access it remotely.

Im trying to muddle through this post but alot of it is over my head.

Any chance you could point me in the right direction and give me step by step instructions to get it working?

First post is in short , step by step instructions , if you have more specific question let me know .

It's been running solid since I made this post, I only had to reboot it 3 - 4 times since then. I am certainly not an expert but got it to work somehow to my requirements, it did took lot of searching through forums and reading through the posts here .

Start with how to use custom scripts with Merlin , where to save scripts and how to copy scripts using winSCP, then come back to this post and grab the scripts and modify for your purpose.

 

[pacmanpc]

First post is in short , step by step instructions , if you have more specific question let me know .

It's been running solid since I made this post, I only had to reboot it 3 - 4 times since then. I am certainly not an expert but got it to work somehow to my requirements, it did took lot of searching through forums and reading through the posts here .

Start with how to use custom scripts with Merlin , where to save scripts and how to copy scripts using winSCP, then come back to this post and grab the scripts and modify for your purpose.

Thanks alot for the reply,

I have figured out how to access router via scp and create and copy scripts etc. Can also use putty to ssh into modem and run commands.

I just need to know which ones to use as theres a few on this thread some have been edited etc so i need to know which exact ones to use.

At the end of the day i'm just trying to get Plex to bypass my VPN but need exact settings lol i'm not even sure i have the VPN settings like policy routing etc done correctly.

is there any chance you would be able to post a screenshot of your modem settings? or if i post mine give me some idea as to what im doing wrong?

Also have a few questions

1. Do i need to do port forwarding on modem under WAN/Virtual Server?
Due to my ISP setup and them using CGNAT i had to get a static ip to allow me to open ports for me to remote connect.
Atm im port forwarding 32400 external and 32400 internal, this allows me to remote connect to Plex without VPN. As soon as i connect to VPN i cant connect to Plex server

2. Do i have redirect internet traffic set to Policy Rules under VPN client settings? if not what does it need to be set to?

3. Do i have to have anything in the custom configuration box?

My current setup is below

Main PC with internal ip 192.168.1.32 this has the Plex server running on it

Bridged TP-Link TD-W9977 modem with ip 192.168.0.1

Asus RT-AC68U running Asuswrt-Merlin 380.69 with LAN ip 192.168.1.1 and WAN ip 192.168.0.2 (had to set it like this to be able to access modem gui).

other random devices like tvs and ipads etc some are wired and others are wifi all gain ip from DHCP from router. The tvs need to be able to access VPN to bypass netflix geoblock

Another weird thing when checking system log on the router under routing tables there's a gateway ip i don't recognize and assume its due to my static ip? its not my actual static ip but another in the same subnet
The one under Destination is my static ip the one listed under Gateway isn't.

Unsure if this is or can cause issues? i'm a total noob when i comes to this kind of thing

IPv4 Routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
103.xxx.xxx.108 * 255.255.255.255 UH 0 0 0 WAN
192.168.1.0 * 255.255.255.0 U 0 0 0 LAN
192.168.0.0 * 255.255.255.0 U 0 0 0 MAN
default 103.xxx.xxx.124 0.0.0.0 UG 0 0 0 WAN