x3mRouting x3mRouting ~ Selective Routing for Asuswrt-Merlin Firmware (1-Nov-2020)

[mister]

Wow, you have a long list of ip rule.

I am confused with some of the x3mRouting rules applied. For example, you have the same ipset mark 0x1000 (vpn1) and 0x2000 (vpn2). I have no idea how will it behave.

2 31545 37M MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set AMAZON-EU dst MARK or 0x1000

17 31380 37M MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set AMAZON-EU dst MARK or 0x2000

The same for source ip 192.167.1.131

4 9673 13M MARK all -- br0 * 192.168.1.131 0.0.0.0/0 match-set AMAZON-EU dst MARK or 0x1000

6 9673 13M MARK all -- br0 * 192.168.1.131 0.0.0.0/0 match-set AMAZON-EU dst MARK or 0x8000

There is also overlapping ip range

8 26327 35M MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 source IP range 192.168.1.131-192.168.1.133 match-set AMAZON-EU dst MARK or 0x8000

11 29021 36M MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 source IP range 192.168.1.131-192.168.1.136 match-set AMAZON-EU dst MARK or 0x8000

I’m running out of idea. Perhaps better clean up all the rules by using x3mRouting del option and start fresh by adding one rule at a time. Using del option is the easiest way as it will delete the iptable rule and clean up dnsmasq.conf.add, vpnclient-route scripts along with the ipset. You can use the previous command to verify the iptable rules. A reboot afterwards might help too.

You can also try the amazon video rules posted above.

Thanks a lot for your Support and happy new year
I already deinstalled x3mrouting and reinstalled it by using the 3rd and 4th option.
But there seem rules left.

So two questions:

1. How would be the command to delete a specific rule which is not listed in my nat-start. Would you be so kind and give an example to me by using your mentioned rules?

2. To get a complete fresh setup- would it be an option to manually edit the dnsmasq.conf.add snd kick of all the rules i can't identify?

Thanks a lot for your in advance.

 

[chongnt]

Thanks a lot for your Support and happy new year
I already deinstalled x3mrouting and reinstalled it by using the 3rd and 4th option.
But there seem rules left.

So two questions:

1. How would be the command to delete a specific rule which is not listed in my nat-start. Would you be so kind and give an example to me by using your mentioned rules?

2. To get a complete fresh setup- would it be an option to manually edit the dnsmasq.conf.add snd kick of all the rules i can't identify?

Thanks a lot for your in advance.

Happy new year!
Did you happen to delete the rules in nat-start manually? Proper way to clean up the rules is use del option like this. It will clean up everything including nat-start. Please try the del option first.

sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 1 ARLO dnsmasq=arlo.com,arloxcld.com del
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 2 AMAZON-EU aws_region=EU del

 

[mister]

Happy new year!
Did you happen to delete the rules in nat-start manually? Proper way to clean up the rules is use del option like this. It will clean up everything including nat-start. Please try the del option first.

sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 1 ARLO dnsmasq=arlo.com,arloxcld.com del
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 2 AMAZON-EU aws_region=EU del

Ok, i will try that. For testing reasons I just commented out the rules with an # in the nat-start file and controled via liststats which lists are populating.


It will take some time for testing, i will reply back as soon as I made my tests. Thanks a lot.

 

[chongnt]

Ok, i will try that. For testing reasons I just commented out the rules with an # in the nat-start file and controled via liststats which lists are populating.


It will take some time for testing, i will reply back as soon as I made my tests. Thanks a lot.

I am not sure if this will work for your case. Since you have multiple rules for the same ipset name, uncomment anyone of the rules will restore the ipset upon reboot.
Can you check in /jffs/scripts/x3mRouting/, is there any iptables entries created by x3mRouting rules in the following files ?

vpnclient1-route-pre-down
vpnclient1-route-up
vpnclient2-route-pre-down
vpnclient2-route-up
...

These will run even if you comment out the entry in nat-start. The iptables rules are now added when vpn client come up.
I still think del option is a better way to control the test environment.

 

[Sonyrolfy]

Xm3routing is my to go to script working with a vpn. Trouble is atm xm3routing is not maintained. In short: My rules are all over the place before NTP sync during reboot and rules don’t work after boot is finished. I’ve to restart the firewall then my get applied correctly. As I use option 3 the dnsmasq method.

Situation: I have dns caching on, And as far as my knowledge goes, dnsmasq will hinder the boot sequence with Xm3routing due to a update in dnsmasq to 2.88 maybe? I do see dnsmasq Tainted: P with only this script, but i can’t tell i dont have the knwoledge.

I can turn dns caching OFF and with this its less of a hit and mis, but I like DNS caching on. The question is if someone can take a look at the script that’s not maintained right now.

I did see @Adamm and @Martineau did help Xentrk in the past. I hope you can take a look, would be great.

 

[ComputerSteve]

Xm3routing is my to go to script working with a vpn. Trouble is atm xm3routing is not maintained. In short: My rules are all over the place before NTP sync during reboot and rules don’t work after boot is finished. I’ve to restart the firewall then my get applied correctly. As I use option 3 the dnsmasq method.

Situation: I have dns caching on, And as far as my knowledge goes, dnsmasq will hinder the boot sequence with Xm3routing due to a update in dnsmasq to 2.88 maybe? I do see dnsmasq Tainted: P with only this script, but i can’t tell i dont have the knwoledge.

I can turn dns caching OFF and with this its less of a hit and mis, but I like DNS caching on. The question is if someone can take a look at the script that’s not maintained right now.

I did see @Adamm and @Martineau did help Xentrk in the past. I hope you can take a look, would be great.

True. I hope someone can take this script over. I think @Xentrk abandoned it or something happened to him. This script is one of the main reasons I stay with @RMerlin's firmware and some scripts do break its functionality already. I am dreading the day that an actual merlin firmware update with break it. VPN Director almost did this if the option 3 wasn't available to install x3mrouting.

 

[Kingp1n]

It would be nice however it seems some devs have moved on from Asus (hoping im wrong). I still use option 3 with a VPN and it works smoothly without getting the dreaded "we detect you're using a VPN" message from one of those streaming apps.

 

[machinist]

I think @Xentrk abandoned it or something happened to him.

For the better part of a year, Ive tried getting in touch with Doug thru the various channels I can find from github to his site, with no response.

Concerned about that too. That or he just really don't want to engage, which seems strange.

 

[Sonyrolfy]

Xm3routing is my to go to script working with a vpn. Trouble is atm xm3routing is not maintained. In short: My rules are all over the place before NTP sync during reboot and rules don’t work after boot is finished. I’ve to restart the firewall then my get applied correctly. As I use option 3 the dnsmasq method.

Situation: I have dns caching on, And as far as my knowledge goes, dnsmasq will hinder the boot sequence with Xm3routing due to a update in dnsmasq to 2.88 maybe? I do see dnsmasq Tainted: P with only this script, but i can’t tell i dont have the knwoledge.

I can turn dns caching OFF and with this its less of a hit and mis, but I like DNS caching on. The question is if someone can take a look at the script that’s not maintained right now.

I did see @Adamm and @Martineau did help Xentrk in the past. I hope you can take a look, would be great.

I nailed it down to remove scripts one by one and now the boot works as needed after NTP is synced. The script that caused the scattered rules before NTP synced at boot was in my case YazDHCP so it wasn’t one of the usual suspects. I removed it. I will install YazDHCP later on and see what happens. For now happy.

 

[ComputerSteve]

For the better part of a year, Ive tried getting in touch with Doug thru the various channels I can find from github to his site, with no response.

Concerned about that too. That or he just really don't want to engage, which seems strange.

Its interesting I went to his website https://x3mtek.com/ & the copyright has been updated Copyright © 2023 x3mtek Blog Site. Unless that is done by a script ?

 

[machinist]

Its interesting I went to his website https://x3mtek.com/ & the copyright has been updated Copyright © 2023 x3mtek Blog Site. Unless that is done by a script ?

That's just a WordPress function that reflects current year, unfortunately.

 

[ComputerSteve]

That's just a WordPress function that reflects current year, unfortunately.

If thats the case it's very sad. I do hope someone can take this over ! It's like one of the main reasons I use @RMerlin's firmware. I just fear that eventually its gonna stop working. It partly already doesn't with the release of VPN Director's changes to the GUI.

 

[machinist]

If thats the case it's very sad. I do hope someone can take this over ! It's like one of the main reasons I use @RMerlin's firmware. I just fear that eventually its gonna stop working. It partly already doesn't with the release of VPN Director's changes to the GUI.

I use the getdomains.sh part of the script. I know of no other way to get the host names for a particular streaming service.

So I agree.

 

[Venom29]

Probably, so many streaming services are using AWS these days. So, using Amazon AWS or ASN method may cast too wide of a net.

In /jffs/scripts/nat-start file, try moving Disney to the top of the file before the Netflix VPN Bypass. Use the dnsmasq method for Disney and Netflix to avoid conflicts.

Disney
dnsmasq=demdex.net,disney-plus.net,disneyplus.co,disneyplus.com,dssott.com,go.com


Netflix
dnsmasq=netflix.com,nflxext.com,nflximg.net,nflxso.net,nflxvideo.net

If you still have issues, you may have to get a Private VPN IP address and send all AWS traffic to it. That is what I do for the services that block known VPN serve

Afternoon

I was woundering if you could help me out a bit. I was tagged in this thread as i am having the same issues streaming Disney+ through my VPN Provider - Perfect Privacy. I have a RT-AX58U router that has VPN Fusion setup. All my traffic passes through the VPN Netflix works fine (saying that i did get a popup saying i was using a VPN, so seems like they have picked up that). What options do i have that could allow me to stream disney using my VPN Provider?

 

[Whiteman]

Hi. I have OVPN client enabled on my router and I am using selective routing for some domains using a script like x3mRouting ALL 2 NAME autoscan=name.com. This works fine, but only for LAN clients. The rules created do not apply to the router itself. I have to create separate rules for the router host via VPN director. Is it possible to use x3mRouting so that the rules are applied to the router itself?

I also have Wireguard VPN Server enabled on the router for connecting external clients. The clients connect and work normally, but the rules created by the x3mRouting script are not used. Is it possible to use the rules created by x3mRouting so that clients connected via wireguard also use selective redirection in OVPN, just like in the local network?

 

[Yooshaw]

Hi. I have OVPN client enabled on my router and I am using selective routing for some domains using a script like x3mRouting ALL 2 NAME autoscan=name.com. This works fine, but only for LAN clients. The rules created do not apply to the router itself. I have to create separate rules for the router host via VPN director. Is it possible to use x3mRouting so that the rules are applied to the router itself?

I also have Wireguard VPN Server enabled on the router for connecting external clients. The clients connect and work normally, but the rules created by the x3mRouting script are not used. Is it possible to use the rules created by x3mRouting so that clients connected via wireguard also use selective redirection in OVPN, just like in the local network?

Take a look at Domain VPN Routing (linked below). I can't speak to if the router traffic would be re-directed, but can confirm that when I am outside the house and connect back via Wireguard Server, my specified traffic routes through the VPN I chose in Domain VPN Routing.

Domain-based VPN Routing Script

Domain VPN Routing is a tool used to route specific website domains to specific VPN tunnels or override all traffic being routed to a VPN tunnel to directly route through a WAN interface. ***v2.1.0 Release**** This is the release information regarding v2.1.0, please read the notes carefully...

www.snbforums.com

It's available to install from AMTM