What's new

x3mRouting x3mRouting ~ Selective Routing for Asuswrt-Merlin Firmware (1-Nov-2020)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I tried, don't see anything which isn't already getting routed I think. I have Amazon EU and Amazon GLOBAL added. As well now as the asnum you mentioned for Netflix and the dnsmasq I had previously. Still some random movies that won't play and trigger the unblocked/proxy error :(
I'm still mining BBC domains and do see that some of the reply records resolve to Amazon AWS servers in UK or Ireland. Most streaming apps are being hosted on Amazon AWS servers. I suspect there may be a conflict with the Amazon AWS and Netflix routing. Are you routing both to the same end point? Try to place the Netflix rules before the Amazon rules in nat-start. Reboot or bounce the WAN after you made the change to kill existing rules and establish the new ones.

Try Diversion follow the log file option "f" using option 2. It will show if something is being blocked or the domain that is being referenced when the VDO does not play.
 
@Sean Rhodes @thebatfink

RE: BBC iPlayer
Did some more testing. Here are my most recent updated recommendations.

Code:
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 3 BBC asnum=AS2818,AS31459
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 3 BBC_WEB6 dnsmasq=2cnt.net,akamaized.net,at-o.net,bbc.com,co.uk,dotmetrics.net,llnwd.net,llnwi.net,net.uk
 
@Sean Rhodes @thebatfink

RE: BBC iPlayer
Did some more testing. Here are my most recent updated recommendations.

Code:
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 3 BBC asnum=AS2818,AS31459
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 3 BBC_WEB6 dnsmasq=2cnt.net,akamaized.net,at-o.net,bbc.com,co.uk,dotmetrics.net,llnwd.net,llnwi.net,net.uk
Thanks Xentrk, I'll try that and check the results

I got a couple of errors using the ASN script, I'm not sure if it's due to being on the older version of x3mRouting or not. Below is my output:
Code:
rhodess@RT-AC3200-4200:/tmp/home/root# x3mRouting ipset_name=BBC_WEB4 del
(x3mRouting): 14254 Starting Script Execution ipset_name=BBC_WEB4 del
(x3mRouting): 14254 IPSET BBC_WEB4 deleted from /jffs/configs/dnsmasq.conf.add

Done.
(x3mRouting): 14254 Script entry for BBC_WEB4 deleted from /jffs/scripts/nat-start
(x3mRouting): 14254 ipset BBC_WEB4 entry deleted from /jffs/scripts/x3mRouting/vpnclient3-route-up


/jffs/scripts/x3mRouting/vpnclient3-route-up has 1 shebang entry and 0 empty lines.
Would you like to remove ?
[1]  --> Yes
[2]  --> No

[1-2]: 2
(x3mRouting): 14254 ipset BBC_WEB4 entry deleted from /jffs/scripts/x3mRouting/vpnclient3-route-pre-down


/jffs/scripts/x3mRouting/vpnclient3-route-pre-down has 1 shebang entry and 0 empty lines.
Would you like to remove ?
[1]  --> Yes
[2]  --> No

[1-2]: 2
(x3mRouting): 14254 IPSET BBC_WEB4 deleted!
(x3mRouting): 14254 Completed Script Execution
rhodess@RT-AC3200-4200:/tmp/home/root# sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 3 BBC asnum=AS2818,AS31459
(x3mRouting.sh): 20162 Starting Script Execution ALL 3 BBC asnum=AS2818,AS31459
(x3mRouting.sh): 20162 IPSET created: BBC hash:net family inet hashsize 1024 maxelem 65536
ipset v6.32: Error in line 5: Syntax error: '33' is out of range 0-32
ipset v6.32: Error in line 5: Syntax error: '33' is out of range 0-32
ipset v6.32: Error in line 6: Syntax error: '33' is out of range 0-32
(x3mRouting.sh): 20162 Selective Routing Rule via VPN Client 3 created for BBC fwmark 0x4000/0x4000
(x3mRouting.sh): 20162 iptables -t mangle -D PREROUTING -i br0 -m set --match-set BBC dst -j MARK --set-mark 0x4000/0x4000 2>/dev/null added to /jffs/scripts/x3mRouting/vpnclient3-route-up
(x3mRouting.sh): 20162 iptables -t mangle -A PREROUTING -i br0 -m set --match-set BBC dst -j MARK --set-mark 0x4000/0x4000 added to /jffs/scripts/x3mRouting/vpnclient3-route-up
(x3mRouting.sh): 20162 iptables -t mangle -D PREROUTING -i br0 -m set --match-set BBC dst -j MARK --set-mark 0x4000/0x4000 2>/dev/null added to /jffs/scripts/x3mRouting/vpnclient3-route-pre-down
(x3mRouting.sh): 20162 sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 3 BBC asnum=AS2818,AS31459 added to /jffs/scripts/nat-start
(x3mRouting.sh): 20162 Completed Script Execution
rhodess@RT-AC3200-4200:/tmp/home/root#
 
Last edited:
Thanks Xentrk, I'll try that and check the results

I got a couple of errors using the ASN script, I'm not sure if it's due to being on the older version of x3mRouting or not. Below is my output:
Code:
rhodess@RT-AC3200-4200:/tmp/home/root# x3mRouting ipset_name=BBC_WEB4 del
(x3mRouting): 14254 Starting Script Execution ipset_name=BBC_WEB4 del
(x3mRouting): 14254 IPSET BBC_WEB4 deleted from /jffs/configs/dnsmasq.conf.add

Done.
(x3mRouting): 14254 Script entry for BBC_WEB4 deleted from /jffs/scripts/nat-start
(x3mRouting): 14254 ipset BBC_WEB4 entry deleted from /jffs/scripts/x3mRouting/vpnclient3-route-up


/jffs/scripts/x3mRouting/vpnclient3-route-up has 1 shebang entry and 0 empty lines.
Would you like to remove ?
[1]  --> Yes
[2]  --> No

[1-2]: 2
(x3mRouting): 14254 ipset BBC_WEB4 entry deleted from /jffs/scripts/x3mRouting/vpnclient3-route-pre-down


/jffs/scripts/x3mRouting/vpnclient3-route-pre-down has 1 shebang entry and 0 empty lines.
Would you like to remove ?
[1]  --> Yes
[2]  --> No

[1-2]: 2
(x3mRouting): 14254 IPSET BBC_WEB4 deleted!
(x3mRouting): 14254 Completed Script Execution
rhodess@RT-AC3200-4200:/tmp/home/root# sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 3 BBC asnum=AS2818,AS31459
(x3mRouting.sh): 20162 Starting Script Execution ALL 3 BBC asnum=AS2818,AS31459
(x3mRouting.sh): 20162 IPSET created: BBC hash:net family inet hashsize 1024 maxelem 65536
ipset v6.32: Error in line 5: Syntax error: '33' is out of range 0-32
ipset v6.32: Error in line 5: Syntax error: '33' is out of range 0-32
ipset v6.32: Error in line 6: Syntax error: '33' is out of range 0-32
(x3mRouting.sh): 20162 Selective Routing Rule via VPN Client 3 created for BBC fwmark 0x4000/0x4000
(x3mRouting.sh): 20162 iptables -t mangle -D PREROUTING -i br0 -m set --match-set BBC dst -j MARK --set-mark 0x4000/0x4000 2>/dev/null added to /jffs/scripts/x3mRouting/vpnclient3-route-up
(x3mRouting.sh): 20162 iptables -t mangle -A PREROUTING -i br0 -m set --match-set BBC dst -j MARK --set-mark 0x4000/0x4000 added to /jffs/scripts/x3mRouting/vpnclient3-route-up
(x3mRouting.sh): 20162 iptables -t mangle -D PREROUTING -i br0 -m set --match-set BBC dst -j MARK --set-mark 0x4000/0x4000 2>/dev/null added to /jffs/scripts/x3mRouting/vpnclient3-route-pre-down
(x3mRouting.sh): 20162 sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 3 BBC asnum=AS2818,AS31459 added to /jffs/scripts/nat-start
(x3mRouting.sh): 20162 Completed Script Execution
rhodess@RT-AC3200-4200:/tmp/home/root#
Hard to debug the ipset error if you are several revisions behind. There were some recent changes to the handling of lists sourced from ASN. Please verify the ipset list is populated using the "ipset -L BBC" or "liststats" command. You can run in debug mode by changing to the /jffs/scripts/x3mRouting directory and executing with the -x flag e.g. "sh -x x3mRouting.sh ALL 3 BBC asnum=AS2818,AS31459"

If still an issue, you can use the manual method since the number of CIDR ranges are small:

Code:
193.130.40.0/23
132.185.112.0/20
192.190.44.0/24
193.41.0.0/23
212.58.224.0/19
132.185.128.0/20
132.185.0.0/16
132.185.224.0/20

With manual method, you create a file in /opt/tmp/BBC and insert the addresses above. No method is specified so x3mRouting defaults to manual:

x3mRouting ALL 3 BBC

NOTE: Minor revision to the dnsmasq method for BBC. I added cloudfunctions.net back to the list.

Code:
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 3 BBC_WEB6 dnsmasq=2cnt.net,akamaized.net,at-o.net,bbc.com,cloudfunctions.net,co.uk,dotmetrics.net,llnwd.net,llnwi.net,net.uk
 
Hard to debug the ipset error if you are several revisions behind. There were some recent changes to the handling of lists sourced from ASN. Please verify the ipset list is populated using the "ipset -L BBC" or "liststats" command. You can run in debug mode by changing to the /jffs/scripts/x3mRouting directory and executing with the -x flag e.g. "sh -x x3mRouting.sh ALL 3 BBC asnum=AS2818,AS31459"

If still an issue, you can use the manual method since the number of CIDR ranges are small:

Code:
193.130.40.0/23
132.185.112.0/20
192.190.44.0/24
193.41.0.0/23
212.58.224.0/19
132.185.128.0/20
132.185.0.0/16
132.185.224.0/20

With manual method, you create a file in /opt/tmp/BBC and insert the addresses above. No method is specified so x3mRouting defaults to manual:

x3mRouting ALL 3 BBC

NOTE: Minor revision to the dnsmasq method for BBC. I added cloudfunctions.net back to the list.

Code:
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 3 BBC_WEB6 dnsmasq=2cnt.net,akamaized.net,at-o.net,bbc.com,cloudfunctions.net,co.uk,dotmetrics.net,llnwd.net,llnwi.net,net.uk
Heres what I currently have:
Code:
ASUSWRT-Merlin RT-AC3200 384.13_10 Sun Jun 28 17:57:49 UTC 2020
rhodess@RT-AC3200-4200:/tmp/home/root# liststats
BBC - 0
BBC_WEB6 - 81
NETFLIX - 2906
Skynet-Blacklist - 44418
Skynet-BlockedRanges - 1652
Skynet-IOT - 0
Skynet-Master - 2
Skynet-Whitelist - 9114
rhodess@RT-AC3200-4200:/tmp/home/root# ipset -L BBC
Name: BBC
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 316
References: 1
Number of entries: 0
Members:
I ran in debug mode and checked the BBC file in /opt/tmp to see its contents:
Code:
rhodess@RT-AC3200-4200:/tmp/mnt/asus_usb/entware/tmp# cat BBC
"error":
132.185.0.0/16
132.185.112.0/20
132.185.128.0/20
132.185.224.0/20
212.58.224.0/19
2001:41c0:8000::/33

It looks like I just need to append the 192.x.x.x and the 193.x.x.x

What's the relationship between BBC - 0 in the liststats output and /opt/tmp/BBC? I assumed they were the same file, but that doesn't look to be the case

Looks like I have my VPN rule twice also"
Code:
rhodess@RT-AC3200-4200:/tmp/home/root# ip rule
0:      from all lookup local
9990:   from all fwmark 0x8000/0x8000 lookup main
9993:   from all fwmark 0x4000/0x4000 lookup ovpnc3
9993:   from all fwmark 0x4000/0x4000 lookup ovpnc3
10501:  from 10.0.1.60 lookup ovpnc3
10502:  from 10.0.1.90 lookup ovpnc3
10503:  from 10.0.1.45 lookup ovpnc3
32766:  from all lookup main
32767:  from all lookup default
rhodess@RT-AC3200-4200:/tmp/home/root#
Here is my new list after manual editing:
Code:
rhodess@RT-AC3200-4200:/tmp/home/root# cat /opt/tmp/BBC
"error":
132.185.0.0/16
132.185.112.0/20
132.185.128.0/20
132.185.224.0/20
192.190.44.0/24
193.41.0.0/23
193.130.40.0/23
212.58.224.0/19
2001:41c0:8000::/33
rhodess@RT-AC3200-4200:/tmp/home/root#
I posted the log file below. Based on the two lists I assume the 3 generated errors are due to the 3 IP's that are not being pushed to the BBC list for some reason

Thanks Xentrk
 
Last edited:
Addendum,

It was too long for the other post,

Here's the debug output incase you wanted to look at it:
Code:
rhodess@RT-AC3200-4200:/tmp/home/root# cd /jffs/scripts/x3mRouting
rhodess@RT-AC3200-4200:/jffs/scripts/x3mRouting# sh -x x3mRouting.sh ALL 3 BBC asnum=AS2818,AS31459
+ [ ALL = help ]
+ [ ALL = -h ]
+ basename x3mRouting.sh
+ sed s/.sh//
+ SCR_NAME=x3mRouting
+ exec
+ flock 9
+ trap rm -f /tmp/${SCR_NAME}.lock EXIT
+ basename x3mRouting.sh
+ logger -st (x3mRouting.sh) 32240 Starting Script Execution ALL 3 BBC asnum=AS2818,AS31459
(x3mRouting.sh): 32240 Starting Script Execution ALL 3 BBC asnum=AS2818,AS31459
+ NAT_START=/jffs/scripts/nat-start
+ echo ALL 3 BBC asnum=AS2818,AS31459
+ grep -c dir=
+ [ 0 -gt 0 ]
+ DIR=/opt/tmp
+ echo ALL 3 BBC asnum=AS2818,AS31459
+ grep -c server=
+ [ 0 -gt 0 ]
+ echo ALL 3 BBC asnum=AS2818,AS31459
+ grep -c ipset_name=
+ [ 0 -gt 0 ]
+ SRC_IFACE=ALL
+ [ -n 3 ]
+ DST_IFACE=3
+ [ ALL = ALL ]
+ [ ALL = 1 ]
+ [ ALL = 2 ]
+ [ ALL = 3 ]
+ [ ALL = 4 ]
+ [ ALL = 5 ]
+ Set_Fwmark_Parms
+ FWMARK_WAN=0x8000/0x8000
+ FWMARK_OVPNC1=0x1000/0x1000
+ FWMARK_OVPNC2=0x2000/0x2000
+ FWMARK_OVPNC3=0x4000/0x4000
+ FWMARK_OVPNC4=0x7000/0x7000
+ FWMARK_OVPNC5=0x3000/0x3000
+ [ -n BBC ]
+ IPSET_NAME=BBC
+ TAG_MARK=0x4000/0x4000
+ TARGET_DESC=VPN Client 3
+ Set_IP_Rule 3
+ VPN_ID=3
+ ip rule del fwmark 0x4000/0x4000
+ ip rule add from 0/0 fwmark 0x4000/0x4000 table 113 prio 9993
+ ip route flush cache
+ echo ALL 3 BBC asnum=AS2818,AS31459
+ grep -cw del
+ [ 0 -gt 0 ]
+ echo ALL 3 BBC asnum=AS2818,AS31459
+ grep -c src=
+ [ 0 -gt 0 ]
+ echo ALL 3 BBC asnum=AS2818,AS31459
+ grep -c src_range=
+ [ 0 -gt 0 ]
+ echo ALL 3 BBC asnum=AS2818,AS31459
+ grep -c dnsmasq=
+ [ 0 -gt 0 ]
+ echo ALL 3 BBC asnum=AS2818,AS31459
+ grep -c autoscan
+ [ 0 -gt 0 ]
+ echo ALL 3 BBC asnum=AS2818,AS31459
+ grep -c asnum=
+ [ 1 -gt 0 ]
+ ASNUM_Parm ALL 3 BBC asnum=AS2818,AS31459
+ echo ALL 3 BBC asnum=AS2818,AS31459
+ sed -n s/^.*asnum=//p
+ awk {print $1}
+ tr , \n
+ ASN=AS2818
AS31459
+ true
+ awk -v A=AS2818 BEGIN {print A}
+ read -r ASN
+ printf %-.2s AS2818
+ PREFIX=AS
+ echo AS2818
+ sed s/^AS//
+ NUMBER=2818
+ [ AS = AS ]
+ echo 2818
+ grep -oE ^\-?[0-9]+$
+ A=2818
+ [ -z 2818 ]
+ Create_Ipset_List BBC ASN
+ IPSET_NAME=BBC
+ METHOD=ASN
+ Chk_Entware 120
+ READY=1
+ ENTWARE_UTILITY=
+ MAX_TRIES=30
+ [ -n  ]
+ [ -z  ]
+ [ 120 -eq 120 ]
+ MAX_TRIES=120
+ [ -n 120 ]
+ [ 120 -eq 120 ]
+ TRIES=0
+ [ 0 -lt 120 ]
+ [ -f /opt/bin/opkg ]
+ [ -n  ]
+ READY=0
+ break
+ return 0
+ [ 0 -eq 1 ]
+ ipset list -n BBC
+ [ BBC != BBC ]
+ Download_ASN_Ipset_List BBC AS2818 2818 /opt/tmp
+ IPSET_NAME=BBC
+ ASN=AS2818
+ NUMBER=2818
+ DIR=/opt/tmp
+ [ ! -s /opt/tmp/BBC ]
+ curl --retry 3 -sL -o /opt/tmp/BBC_tmp -w %{http_code} https://ipinfo.io/AS2818
+ STATUS=400
+ [ 400 -eq 200 ]
+ curl --retry 3 -sL -o /opt/tmp/BBC_tmp -w %{http_code} https://api.hackertarget.com/aslookup/?q=AS2818
+ STATUS=200
+ [ 200 -eq 200 ]
+ awk { print $1 } /opt/tmp/BBC_tmp
+ grep -v 2818
+ sort -gt / -k 1 /opt/tmp/BBC
+ sort -ut . -k 1,1n -k 2,2n -k 3,3n -k 4,4n
+ mv /opt/tmp/BBC_tmp /opt/tmp/BBC
+ ipset restore -!
+ awk {print "add BBC " $1} /opt/tmp/BBC
ipset v6.32: Error in line 1: Syntax error: cannot parse error:: resolving to IPv4 address failed
+ read -r ASN
+ awk -v A=AS31459 BEGIN {print A}
+ read -r ASN
+ printf %-.2s AS2818
+ PREFIX=AS
+ sed s/^AS//
+ echo AS2818
+ NUMBER=2818
+ [ AS = AS ]
+ echo 2818
+ grep -oE ^\-?[0-9]+$
+ A=2818
+ [ -z 2818 ]
+ Create_Ipset_List BBC ASN
+ IPSET_NAME=BBC
+ METHOD=ASN
+ Chk_Entware 120
+ READY=1
+ ENTWARE_UTILITY=
+ MAX_TRIES=30
+ [ -n  ]
+ [ -z  ]
+ [ 120 -eq 120 ]
+ MAX_TRIES=120
+ [ -n 120 ]
+ [ 120 -eq 120 ]
+ TRIES=0
+ [ 0 -lt 120 ]
+ [ -f /opt/bin/opkg ]
+ [ -n  ]
+ READY=0
+ break
+ return 0
+ [ 0 -eq 1 ]
+ ipset list -n BBC
+ [ BBC != BBC ]
+ Download_ASN_Ipset_List BBC AS2818 2818 /opt/tmp
+ IPSET_NAME=BBC
+ ASN=AS2818
+ NUMBER=2818
+ DIR=/opt/tmp
+ [ ! -s /opt/tmp/BBC ]
+ curl --retry 3 -sL -o /opt/tmp/BBC_tmp -w %{http_code} https://ipinfo.io/AS2818
+ STATUS=400
+ [ 400 -eq 200 ]
+ curl --retry 3 -sL -o /opt/tmp/BBC_tmp -w %{http_code} https://api.hackertarget.com/aslookup/?q=AS2818
+ STATUS=200
+ [ 200 -eq 200 ]
+ awk { print $1 } /opt/tmp/BBC_tmp
+ grep -v 2818
+ sort -gt / -k 1 /opt/tmp/BBC
+ sort -ut . -k 1,1n -k 2,2n -k 3,3n -k 4,4n
+ mv /opt/tmp/BBC_tmp /opt/tmp/BBC
+ awk {print "add BBC " $1} /opt/tmp/BBC
+ ipset restore -!
ipset v6.32: Error in line 1: Syntax error: cannot parse error:: resolving to IPv4 address failed
+ read -r ASN
+ printf %-.2s AS31459
+ PREFIX=AS
+ echo AS31459
+ sed s/^AS//
+ NUMBER=31459
+ [ AS = AS ]
+ grep -oE ^\-?[0-9]+$
+ echo 31459
+ A=31459
+ [ -z 31459 ]
+ Create_Ipset_List BBC ASN
+ IPSET_NAME=BBC
+ METHOD=ASN
+ Chk_Entware 120
+ READY=1
+ ENTWARE_UTILITY=
+ MAX_TRIES=30
+ [ -n  ]
+ [ -z  ]
+ [ 120 -eq 120 ]
+ MAX_TRIES=120
+ [ -n 120 ]
+ [ 120 -eq 120 ]
+ TRIES=0
+ [ 0 -lt 120 ]
+ [ -f /opt/bin/opkg ]
+ [ -n  ]
+ READY=0
+ break
+ return 0
+ [ 0 -eq 1 ]
+ ipset list -n BBC
+ [ BBC != BBC ]
+ Download_ASN_Ipset_List BBC AS31459 31459 /opt/tmp
+ IPSET_NAME=BBC
+ ASN=AS31459
+ NUMBER=31459
+ DIR=/opt/tmp
+ [ ! -s /opt/tmp/BBC ]
+ curl --retry 3 -sL -o /opt/tmp/BBC_tmp -w %{http_code} https://ipinfo.io/AS31459
+ STATUS=400
+ [ 400 -eq 200 ]
+ curl --retry 3 -sL -o /opt/tmp/BBC_tmp -w %{http_code} https://api.hackertarget.com/aslookup/?q=AS31459
+ STATUS=200
+ [ 200 -eq 200 ]
+ awk { print $1 } /opt/tmp/BBC_tmp
+ grep -v 31459
+ sort -ut . -k 1,1n -k 2,2n -k 3,3n -k 4,4n
+ sort -gt / -k 1 /opt/tmp/BBC
+ mv /opt/tmp/BBC_tmp /opt/tmp/BBC
+ awk {print "add BBC " $1} /opt/tmp/BBC
+ ipset restore -!
ipset v6.32: Error in line 1: Syntax error: cannot parse error:: resolving to IPv4 address failed
+ read -r ASN
+ rm /opt/tmp/x3mRouting
+ Create_Routing_Rules BBC
+ IPSET_NAME=BBC
+ iptables -t mangle -D PREROUTING -i br0 -m set --match-set BBC dst -j MARK --set-mark 0x4000/0x4000
+ basename x3mRouting.sh
+ logger -st (x3mRouting.sh) 32240 Selective Routing Rule via VPN Client 3 deleted for BBC fwmark 0x4000/0x4000
(x3mRouting.sh): 32240 Selective Routing Rule via VPN Client 3 deleted for BBC fwmark 0x4000/0x4000
+ iptables -t mangle -A PREROUTING -i br0 -m set --match-set BBC dst -j MARK --set-mark 0x4000/0x4000
+ basename x3mRouting.sh
+ logger -st (x3mRouting.sh) 32240 Selective Routing Rule via VPN Client 3 created for BBC fwmark 0x4000/0x4000
(x3mRouting.sh): 32240 Selective Routing Rule via VPN Client 3 created for BBC fwmark 0x4000/0x4000
+ awk {print $1}
+ sed -n s/^.*asnum=//p
+ echo ALL 3 BBC asnum=AS2818,AS31459
+ ASN=AS2818,AS31459
+ Check_Files_For_Entries ALL 3 BBC asnum=AS2818,AS31459 /opt/tmp
+ SRC_IFACE=ALL
+ DST_IFACE=3
+ IPSET_NAME=BBC
+ OPT1=asnum=AS2818,AS31459
+ DIR=/opt/tmp
+ grep -c Manual
+ echo asnum=AS2818,AS31459
+ [ 0 -ge 1 ]
+ SCRIPT_ENTRY=sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 3 BBC asnum=AS2818,AS31459
+ [ /opt/tmp != /opt/tmp ]
+ [ ALL = ALL ]
+ VPNID=3
+ IPTABLES_DEL_ENTRY=iptables -t mangle -D PREROUTING -i br0 -m set --match-set BBC dst -j MARK --set-mark 0x4000/0x4000 2>/dev/null
+ IPTABLES_ADD_ENTRY=iptables -t mangle -A PREROUTING -i br0 -m set --match-set BBC dst -j MARK --set-mark 0x4000/0x4000
+ VPNC_UP_FILE=/jffs/scripts/x3mRouting/vpnclient3-route-up
+ VPNC_DOWN_FILE=/jffs/scripts/x3mRouting/vpnclient3-route-pre-down
+ [ -s /jffs/scripts/x3mRouting/vpnclient3-route-up ]
+ grep -c iptables -t mangle -D PREROUTING -i br0 -m set --match-set BBC dst -j MARK --set-mark 0x4000/0x4000 2>/dev/null /jffs/scripts/x3mRouting/vpnclient3-route-up
+ [ 1 -eq 0 ]
+ [ -s /jffs/scripts/x3mRouting/vpnclient3-route-up ]
+ grep -c iptables -t mangle -A PREROUTING -i br0 -m set --match-set BBC dst -j MARK --set-mark 0x4000/0x4000 /jffs/scripts/x3mRouting/vpnclient3-route-up
+ [ 1 -eq 0 ]
+ [ -s /jffs/scripts/x3mRouting/vpnclient3-route-pre-down ]
+ grep -c iptables -t mangle -D PREROUTING -i br0 -m set --match-set BBC dst -j MARK --set-mark 0x4000/0x4000 2>/dev/null /jffs/scripts/x3mRouting/vpnclient3-route-pre-down
+ [ 1 -eq 0 ]
+ [ -s /jffs/scripts/nat-start ]
+ grep -c sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 3 BBC asnum=AS2818,AS31459 /jffs/scripts/nat-start
+ [ 1 -eq 0 ]
+ [ -s /jffs/scripts/x3mRouting/vpnclient3-route-up ]
+ chmod 755 /jffs/scripts/x3mRouting/vpnclient3-route-up
+ [ -s /jffs/scripts/x3mRouting/vpnclient3-route-pre-down ]
+ chmod 755 /jffs/scripts/x3mRouting/vpnclient3-route-pre-down
+ [ -s /jffs/scripts/nat-start ]
+ chmod 755 /jffs/scripts/nat-start
+ Exit_Routine
+ basename x3mRouting.sh
+ logger -st (x3mRouting.sh) 32240 Completed Script Execution
(x3mRouting.sh): 32240 Completed Script Execution
+ exit 0
+ rm -f /tmp/x3mRouting.lock
rhodess@RT-AC3200-4200:/jffs/scripts/x3mRouting# liststats
BBC - 0
BBC_WEB6 - 81

I see this error a couple of times "ipset v6.32: Error in line 1: Syntax error: cannot parse error:: resolving to IPv4 address failed"
 
@Sean Rhodes

This may be the issue..2001:41c0:8000::/33 is an IPv6 address. Please edit the file and remove the entry as x3mRouting only support IPv4 addresses at the moment.

I think there is a conflict with the method. There is the manual method where you create a text file and input the IPv4 addresses into the file manually using an editor or other method. This is probably how the file was first created as that is what I used to do. I now use ASN method. ASN method where you specify the ASN. It looks like there may have been a mix up where the ipset list was first created using the manual method then created again using ASN method without removing the IPSET list first. Please remove the BBC ipset list. Then, recreate it using either the manual method or ASN.

As long as you use the x3mRouting program as standalone and don't use the x3mRouting Advanced OpenVPN Screen, you should be okay with using the newer version of x3mRouting.

Code:
# backup old file first
cp /jffs/scripts/x3mRouting/x3mRouting.sh /jffs/scripts/x3mRouting/x3mRouting-bkup.sh
# download new file
/usr/sbin/curl --retry 3 "https://raw.githubusercontent.com/Xentrk/x3mRouting/master/x3mRouting.sh" -o "/jffs/scripts/x3mRouting/x3mRouting.sh"

x3mRouting.sh should maintain it's file permissions. But if there is an issue:

Code:
chmod 755 /jffs/scripts/x3mRouting/x3mRouting.sh
 
Last edited:
@Sean Rhodes

This may be the issue..2001:41c0:8000::/33 is an IPv6 address. Please edit the file and remove the entry as x3mRouting only support IPv4 addresses at the moment.

I think there is a conflict with the method. There is the manual method where you create a text file and input the IPv4 addresses into the file manually using an editor or other method. This is probably how the file was first created as that is what I used to do. I now use ASN method. ASN method where you specify the ASN. It looks like there may have been a mix up where the ipset list was first created using the manual method then created again using ASN method without removing the IPSET list first. Please remove the BBC ipset list. Then, recreate it using either the manual method or ASN.

As long as you use the x3mRouting program as standalone and don't use the x3mRouting Advanced OpenVPN Screen, you should be okay with using the newer version of x3mRouting.

Code:
# backup old file first
cp /jffs/scripts/x3mRouting/x3mRouting.sh /jffs/scripts/x3mRouting/x3mRouting-bkup.sh
# download new file
/usr/sbin/curl --retry 3 "https://raw.githubusercontent.com/Xentrk/x3mRouting/master/x3mRouting.sh" -o "/jffs/scripts/x3mRouting/x3mRouting.sh"

x3mRouting.sh should maintain it's file permissions. But if there is an issue:

Code:
chmod 755 /jffs/scripts/x3mRouting/x3mRouting.sh
Thanks Xentrk, so do I then need to install option 3 "Install OpenVPN Event & x3mRouting.sh Script"
 
Thanks Xentrk, so do I then need to install option 3 "Install OpenVPN Event & x3mRouting.sh Script"
Yes, that will work as well. Probably the safest option to use the menu. The OpenVPN event script should already be installed but installingi using option 3 will make sure you are using the most recent version and config is all good.
 
Hi Xentrk,

I just bought the RT-AX86U and I just finished setting it all up, but haven't selected a x3mRouting method between yet between the possible options of 1, 2, 3, 1+2, or 1+3.

I'm leaning towards 2 only, since I used NordVPN and added their DNS to the router OVPN client last time, I'm more biased toward method 2, are there any pros and cons for method 2 vs method 3 when using NordVPN?
 
The ip rule command will show the RPDB rules for LAN clients.

Check the TV settings for a region setting. I've seen that mess things up before.

Hi Xentrk,

I'm facing the same issue with Samsung tv. Whenever I played a video on Netflix it will prompt saying I'm using a blocker/proxy. Any advice you can share?

Thanks.
 
For what it is worth, I still can’t get netflix working sucessfully either. Its always intermittent if it detects an unblocker or not on start of playback. Amazon works fine though.

I watched diversion log for new addresses and I can’t see anything thats missed from my rule so can only assume either something isnt bypassing the vpn when it should or they have some other criteria thats letting them see a vpn is active.
 
For what it is worth, I still can’t get netflix working sucessfully either. Its always intermittent if it detects an unblocker or not on start of playback. Amazon works fine though.

I watched diversion log for new addresses and I can’t see anything thats missed from my rule so can only assume either something isnt bypassing the vpn when it should or they have some other criteria thats letting them see a vpn is active.
Yup, I ran the web traffic analyzer and DNS filtering but still the same. Have you tried forcing the tv to use VPN? I did on mine but unable to play the video at all.
 
Yup, I ran the web traffic analyzer and DNS filtering but still the same. Have you tried forcing the tv to use VPN? I did on mine but unable to play the video at all.
My setup is using a shield tv rather than an actual tv but I doubt that matters. I have the device inquestion defaulting all traffic through the vpn, I’m using (trying) this to pass the netflix traffic to wan rather than VPN. It works great for bbc and amazon, without this neither work. But with netflix its always hit and miss if it works (bypasses vpn / flags as unblocker).

I’m far from a networking amateur let alone expert so find it tricky to diagnose what the issue is as it seems to work for others OK. Just not for me.
 
Hi Xentrk,

I just bought the RT-AX86U and I just finished setting it all up, but haven't selected a x3mRouting method between yet between the possible options of 1, 2, 3, 1+2, or 1+3.

I'm leaning towards 2 only, since I used NordVPN and added their DNS to the router OVPN client last time, I'm more biased toward method 2, are there any pros and cons for method 2 vs method 3 when using NordVPN?
It is a preference. Option 2 is more integrated with several programs which may be an issue if you experiment with the Alpha releases. Using the modified OpenVPN It is intended for those who like the "visual" of seeing what IPSET lists are being routed or bypassed by the VPN client.
 
My setup is using a shield tv rather than an actual tv but I doubt that matters. I have the device inquestion defaulting all traffic through the vpn, I’m using (trying) this to pass the netflix traffic to wan rather than VPN. It works great for bbc and amazon, without this neither work. But with netflix its always hit and miss if it works (bypasses vpn / flags as unblocker).

I’m far from a networking amateur let alone expert so find it tricky to diagnose what the issue is as it seems to work for others OK. Just not for me.
Please post the syntax of the x3mRouting command.

dnsmasq method is what I recommend for most people:

Bypass VPN Client 1
Code:
x3mRouting 1 0 NETFLIX dnsmasq=netflix.com,netflix.net,nflxext.com,nflximg.com,nflxso.net,nflxvideo.net
 
BBC iPlayer Update
Here are the latest routing rules I have set up to force BBC traffic to VPN client 4.

Code:
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 4 AWS-EU aws_region=EU
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 4 BBC_ASN asnum=AS2818,AS31459
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 4 BBC_WEB1 dnsmasq=2cnt.net,at-o.net,bbc.com,bbcverticals.com,co.uk,dotmetrics.net,net.uk
 
@Xentrk thank you for the nice tool. I have NordVPN subscription setup on AX86U with latest merlin build. My only issue is that one of the frequent website/app we use hates vpn so I have been using client level vpn for all my devices so far.

Update:

Finally figured out the domains using getdomainnames.sh and added the following command. It seem to work for now, will have to see when I have a live sports streaming going on.

Code:
x3mRouting 1 0  HOTSTAR  dnsmasq=hotstar.com,hssportsprepack.akamaized.net,in-starglobal.videoplaza.tv
 
Last edited:
@Xentrk thank you for the nice tool. I have NordVPN subscription setup on AX86U with latest merlin build. My only issue is that one of the frequent website/app we use hates vpn so I have been using client level vpn for all my devices so far.

Update:

Finally figured out the domains using getdomainnames.sh and added the following command. It seem to work for now, will have to see when I have a live sports streaming going on.

Code:
x3mRouting 1 0  HOTSTAR  dnsmasq=hotstar.com,hssportsprepack.akamaized.net,in-starglobal.videoplaza.tv

Let me know how it works out. With the dnsmasq method, only the hostname (e.g. videoplaza.tv) of the query records are required (e.g. host.com). Although I have included FQDN in prior use without issue. The ipset feature of dnsmasq will add the IPv4 addresses of the reply records. It is the query records that are specified on the "dnsmasq=" parameter.

You can remove the prior entry if you want.
Code:
x3mRouting ipset_name=HOTSTAR  del

Add new entry:
Code:
x3mRouting 1 0  HOTSTAR  dnsmasq=hotstar.com,videoplaza.tv

I left akamaized.net off of the list on purpose. It is a CDN and I've seen it used by other streaming services. As a result, including it may be an issue or a conflict with other services. I encountered this myself recently. Upon a closer examination of /opt/var/log/dnsmasq.log, I was able to determine that the ipset feature of dnsmasq was still adding the record as it was a reply record.

If you have issues after removing hssportsprepack.akamaized.net, you can use autoscan.sh script and search for akamaized.net. If you only have one or a handful of domains, you can manually add the IPv4 addresses to the list. First, do a lookup on the IPv4 addresses:

Code:
nslookup some-domain.com

The, add domain one off using the command:

ipset add IPSET_NAME 123.45.779.12

If there are many, I can post a script you can use.
 
@Xentrk Thank you, I will try that.

Just found out my work laptop doesn't like my VPN for whatever reason. I now have reserved ip 192.168.50.60 to the laptop and want to bypass all traffic from this directly to WAN.

can I still do this with x3mRouting option 3 or do I have to install option 1?

or can I use this option under VPN Client UI.

1619021476352.png
 
Last edited:

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top