What's new

x3mRouting x3mRouting ~ Selective Routing for Asuswrt-Merlin Firmware

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

No. I looked for that procedure but could not find it in either the 1st post of this thread or on the github text, so I thought I'd figure it out myself. After a few stumbles, including not getting the Policy Rules to work, I rebooted, and now all is OK. One issue I still have is that the nat-start file contains the new rules, but after the reboot, x3mRouting did not pick up all the rules. When I manually executed them from the ssh session, I ended up with duplicate lines of the same rules in nat-start. But I'm not sure x3m will pick up on them the next time I do a reboot. BTW, I initially did an uninstall then an install from amtm. That sequence did not produce a conversion file.
I went back to the posts and placed the hyper link to the Version 2.0.0 Update Process instructions in the introduction text at the top of the post. Hopefully it will help those who arrive in the future.

The old version of x3mRouting has to be installed for the conversion to work. Do you have a backup of /jffs partition to restore from? Then, you an redo the update and conversion.

I had a similar issue you describe with some rules not getting created. This started happening after I updated to 384.19 test build. It ended up being a USB 2.0 issue. I moved my USB to the 3.0 port and the problem went away. Too many things were trying to i/o the USB at boot and wasn't able to keep up. For awhile, disabling the disk check utility in amtm made the issue go away. But not consistently. I also saw one duplicate rule get created for an IPSET list when I was debugging the issue. I haven't had an issue since moving the USB to the 3.0 port.

Not sure why you have a duplicate entry in nat-start. Here is how x3mRouting works. When you execute x3mRouting from the command line, it will do all of the configuration. It will place the appropriate line in nat-start and the openvpn-route-up and openvpn-route-pre-down files. The entry in nat-start will include the full path name. Example:

nat-start example 1
Code:
#!/bin/sh
sh /jffs/scripts/x3mRouting/x3mRouting.sh server=1 client=1
sh /jffs/scripts/x3mRouting/x3mRouting.sh ipset_name=NF asnum=AS2906
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 1 NETFLIX-DNS dnsmasq=netflix.com,nflxext.com,nflximg.com,nflximg.net,nflxso.net,nflxvideo.net,amazonaws.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 1 NETFLIX_AS2906 asnum=AS2906

openvpn-route-up example (the -D prevents duplicate rules)
Code:
#!/bin/sh
iptables -t nat -D POSTROUTING -s "$(nvram get vpn_server1_sn)"/24 -o tun11 -j MASQUERADE 2>/dev/null
iptables -t nat -A POSTROUTING -s "$(nvram get vpn_server1_sn)"/24 -o tun11 -j MASQUERADE
iptables -t mangle -D PREROUTING -i br0 -m set --match-set NETFLIX-DNS dst -j MARK --set-mark 0x1000/0x1000 2>/dev/null
iptables -t mangle -A PREROUTING -i br0 -m set --match-set NETFLIX-DNS dst -j MARK --set-mark 0x1000/0x1000
iptables -t mangle -D PREROUTING -i br0 -m set --match-set NETFLIX_AS2906 dst -j MARK --set-mark 0x1000/0x1000 2>/dev/null
iptables -t mangle -A PREROUTING -i br0 -m set --match-set NETFLIX_AS2906 dst -j MARK --set-mark 0x1000/0x1000

openvpn-route-pre-down example
Code:
#!/bin/sh
iptables -t nat -D POSTROUTING -s "$(nvram get vpn_server1_sn)"/24 -o tun11 -j MASQUERADE 2>/dev/null
iptables -t mangle -D PREROUTING -i br0 -m set --match-set NETFLIX-DNS dst -j MARK --set-mark 0x1000/0x1000 2>/dev/null
iptables -t mangle -D PREROUTING -i br0 -m set --match-set NETFLIX_AS2906 dst -j MARK --set-mark 0x1000/0x1000 2>/dev/null

Every time x3mRouting runs, it checks if the required entries are in the nat-start and openvpn event files. If it doesn't find the entries, it adds the line. If the line is manually added like in the nat-start example 2 below, x3mRouting code will add the nat-start entry as shown in example 3 since there is no match in nat-start with the path.

nat-start example 2
Code:
#!/bin/sh/
cd /jffs/scripts/x3mRouting
sh x3mRouting.sh ALL 1 MYLIST dnsmasq=domain1,domain2

nat-start example 3
Code:
#!/bin/sh/
cd /jffs/scripts/x3mRouting
sh x3mRouting.sh ALL 1 MYLIST dnsmasq=domain1,domain2
sh /jffs/scripts/x3mRouting/x3mRouting.sh ALL 1 MYLIST dnsmasq=domain1,domain2

Edit: If you still have a copy of old nat-start file, See http://www.snbforums.com/threads/x3...for-asuswrt-merlin-firmware.57793/post-603809
 
Last edited:
I just rebooted my router by doing a reboot cmd from ssh, but after it settled down, it does not appear that nat-start got executed. None of the x3m rules are in iptables. Is there a problem with booting like that? Also, can I just execute nat-start to get x3m configured properly?
 
Also, can I just execute nat-start to get x3m configured properly?
I tried this, but only some of the lines executed. Others gave these error messages. Here is my nat-start followed by the output of the ssh session and the output of the iptables command showing the missing entries.

#!/bin/sh

#sh /jffs/scripts/x3mRouting/load_AMAZON_ipset_iface.sh 0 AMAZON-US US
sh /jffs/scripts/x3mRouting x3mRouting 1 0 AMAZON_US aws_region=US

#sh /jffs/scripts/x3mRouting/load_DNSMASQ_ipset_iface.sh 0 HBOGO hbogo.com,play.hbogo.com
sh /jffs/scripts/x3mRouting x3mRouting 1 0 HBOGO dnsmasq=HBOGO hbogo.com,play.hbogo.com

#sh /jffs/scripts/x3mRouting/load_MANUAL_ipset_iface.sh 0 ROKU
sh /jffs/scripts/x3mRouting x3mRouting 1 0 ROKU

#sh /jffs/scripts/x3mRouting x3mRouting 1 0 CAREMARK asnum=AS16625
#sh /jffs/scripts/x3mRouting x3mRouting 1 0 SSA asnum=AS11985

sh /jffs/scripts/x3mRouting x3mRouting 1 0 PapaMurphys asnum=AS13335
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 NETFLIX asnum=AS2906,AS16509,AS14618,AS10599,AS20940
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 SCHWAB asnum=AS6949,AS21342
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 GMAIL
sh /jffs/scripts/x3mRouting/x3mRouting.sh ipset_name=DISNEY dnsmasq=demdex.net,disney-plus.net,disney.com,disney.io,disneyplus.com,footprint.net,go.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 DISNEY






(x3mRouting.sh): 23175 Starting Script Execution 1 0 NETFLIX asnum=AS2906,AS16509,AS14618,AS10599,AS20940
ipset v6.32: Missing second mandatory argument to command add
Try `ipset help' for more information.
ipset v6.32: Missing second mandatory argument to command add
Try `ipset help' for more information.
ipset v6.32: Missing second mandatory argument to command add
Try `ipset help' for more information.
ipset v6.32: Missing second mandatory argument to command add
Try `ipset help' for more information.
ipset v6.32: Missing second mandatory argument to command add
Try `ipset help' for more information.
ipset v6.32: Missing second mandatory argument to command add
Try `ipset help' for more information.
ipset v6.32: Missing second mandatory argument to command add
Try `ipset help' for more information.
ipset v6.32: Missing second mandatory argument to command add
Try `ipset help' for more information.
ipset v6.32: Missing second mandatory argument to command add
Try `ipset help' for more information.
ipset v6.32: Missing second mandatory argument to command add
Try `ipset help' for more information.
ipset v6.32: Missing second mandatory argument to command add
Try `ipset help' for more information.
ipset v6.32: Missing second mandatory argument to command add
Try `ipset help' for more information.
ipset v6.32: Missing second mandatory argument to command add
Try `ipset help' for more information.
ipset v6.32: Missing second mandatory argument to command add
Try `ipset help' for more information.
ipset v6.32: Missing second mandatory argument to command add
Try `ipset help' for more information.
(x3mRouting.sh): 23175 Selective Routing Rule via WAN created for NETFLIX fwmark 0x8000/0x8000
(x3mRouting.sh): 23175 Completed Script Execution
(x3mRouting.sh): 3262 Starting Script Execution 1 0 SCHWAB asnum=AS6949,AS21342
(x3mRouting.sh): 3262 Selective Routing Rule via WAN created for SCHWAB fwmark 0x8000/0x8000
(x3mRouting.sh): 3262 Completed Script Execution
(x3mRouting.sh): 6054 Starting Script Execution 1 0 GMAIL
(x3mRouting.sh): 6054 Selective Routing Rule via WAN created for GMAIL fwmark 0x8000/0x8000
(x3mRouting.sh): 6054 Completed Script Execution
(x3mRouting.sh): 6182 Starting Script Execution ipset_name=DISNEY dnsmasq=demdex.net,disney-plus.net,disney.com,disney.io,disneyplus.com,footprint.net,go.com
0 2 * * * ipset save DISNEY > /opt/tmp/DISNEY #DISNEY#
(x3mRouting.sh): 6182 CRON schedule created: #DISNEY# '0 2 * * * ipset save DISNEY'
(x3mRouting.sh): 6182 Completed Script Execution
(x3mRouting.sh): 6284 Starting Script Execution 1 0 DISNEY
ipset v6.32: Error in line 1: Syntax error: cannot parse create: resolving to IPv4 address failed
(x3mRouting.sh): 6284 Selective Routing Rule via WAN created for DISNEY fwmark 0x8000/0x8000
(x3mRouting.sh): 6284 Completed Script Execution



dmin@RT-AC86U-1BD0:/jffs/scripts# iptables -nvL PREROUTING -t mangle --line
Chain PREROUTING (policy ACCEPT 9692 packets, 2037K bytes)
num pkts bytes target prot opt in out source destination
1 876K 898M BWDPI_FILTER udp -- eth0 * 0.0.0.0/0 0.0.0.0/0
2 55 10904 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set NETFLIX dst MARK or 0x8000
3 146 20812 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set SCHWAB dst MARK or 0x8000
4 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set GMAIL dst MARK or 0x8000
5 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set DISNEY dst MARK or 0x8000
 
Just a heads-up: the updown-client.sh event handler is being removed. Next 384.19 alpha build will now use new event handlers provided by libovpn. If the script relied on replacing updown-client.sh, then it will need to change to using a postconf script instead, to modify the config.ovpn to locate and replace both handlers (look for lines starting with "up " and "down " (with the trailing space).

I've made sure that the new event handler will still pass the same arguments as before to openvpn-event, so if you also tied into that, arguments should still be the same (tho I would recommend considering using env variables instead of passed arguments, as it will be more reliable in case OpenVPN ever decided to change some of these arguments in a future version of OpenVPN).

Currently doing some final tests to ensure DNS handling is working as expected, I'm hoping to have new test builds either later tonight or tomorrow.
 
I tried this, but only some of the lines executed. Others gave these error messages. Here is my nat-start followed by the output of the ssh session and the output of the iptables command showing the missing entries.
Code:
#!/bin/sh

#sh /jffs/scripts/x3mRouting/load_AMAZON_ipset_iface.sh 0 AMAZON-US US
sh /jffs/scripts/x3mRouting x3mRouting 1 0 AMAZON_US aws_region=US

#sh /jffs/scripts/x3mRouting/load_DNSMASQ_ipset_iface.sh 0 HBOGO hbogo.com,play.hbogo.com
sh /jffs/scripts/x3mRouting x3mRouting 1 0 HBOGO dnsmasq=HBOGO hbogo.com,play.hbogo.com

#sh /jffs/scripts/x3mRouting/load_MANUAL_ipset_iface.sh 0 ROKU
sh /jffs/scripts/x3mRouting x3mRouting 1 0 ROKU

#sh /jffs/scripts/x3mRouting x3mRouting 1 0 CAREMARK asnum=AS16625
#sh /jffs/scripts/x3mRouting x3mRouting 1 0 SSA asnum=AS11985

sh /jffs/scripts/x3mRouting x3mRouting 1 0 PapaMurphys asnum=AS13335

sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 NETFLIX asnum=AS2906,AS16509,AS14618,AS10599,AS20940

sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 SCHWAB asnum=AS6949,AS21342

sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 GMAIL

sh /jffs/scripts/x3mRouting/x3mRouting.sh ipset_name=DISNEY dnsmasq=demdex.net,disney-plus.net,disney.com,disney.io,disneyplus.com,footprint.net,go.com

sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 DISNEY

Code:
(x3mRouting.sh): 23175 Starting Script Execution 1 0 NETFLIX asnum=AS2906,AS16509,AS14618,AS10599,AS20940

ipset v6.32: Missing second mandatory argument to command add

Try `ipset help' for more information.

ipset v6.32: Missing second mandatory argument to command add

Try `ipset help' for more information.

ipset v6.32: Missing second mandatory argument to command add

Try `ipset help' for more information.

ipset v6.32: Missing second mandatory argument to command add

Try `ipset help' for more information.

ipset v6.32: Missing second mandatory argument to command add

Try `ipset help' for more information.

ipset v6.32: Missing second mandatory argument to command add

Try `ipset help' for more information.

ipset v6.32: Missing second mandatory argument to command add

Try `ipset help' for more information.

ipset v6.32: Missing second mandatory argument to command add

Try `ipset help' for more information.

ipset v6.32: Missing second mandatory argument to command add

Try `ipset help' for more information.

ipset v6.32: Missing second mandatory argument to command add

Try `ipset help' for more information.

ipset v6.32: Missing second mandatory argument to command add

Try `ipset help' for more information.

ipset v6.32: Missing second mandatory argument to command add

Try `ipset help' for more information.

ipset v6.32: Missing second mandatory argument to command add

Try `ipset help' for more information.

ipset v6.32: Missing second mandatory argument to command add

Try `ipset help' for more information.

ipset v6.32: Missing second mandatory argument to command add

Try `ipset help' for more information.

(x3mRouting.sh): 23175 Selective Routing Rule via WAN created for NETFLIX fwmark 0x8000/0x8000

(x3mRouting.sh): 23175 Completed Script Execution

(x3mRouting.sh): 3262 Starting Script Execution 1 0 SCHWAB asnum=AS6949,AS21342

(x3mRouting.sh): 3262 Selective Routing Rule via WAN created for SCHWAB fwmark 0x8000/0x8000

(x3mRouting.sh): 3262 Completed Script Execution

(x3mRouting.sh): 6054 Starting Script Execution 1 0 GMAIL

(x3mRouting.sh): 6054 Selective Routing Rule via WAN created for GMAIL fwmark 0x8000/0x8000

(x3mRouting.sh): 6054 Completed Script Execution

(x3mRouting.sh): 6182 Starting Script Execution ipset_name=DISNEY dnsmasq=demdex.net,disney-plus.net,disney.com,disney.io,disneyplus.com,footprint.net,go.com

0 2 * * * ipset save DISNEY > /opt/tmp/DISNEY #DISNEY#

(x3mRouting.sh): 6182 CRON schedule created: #DISNEY# '0 2 * * * ipset save DISNEY'

(x3mRouting.sh): 6182 Completed Script Execution

(x3mRouting.sh): 6284 Starting Script Execution 1 0 DISNEY

ipset v6.32: Error in line 1: Syntax error: cannot parse create: resolving to IPv4 address failed

(x3mRouting.sh): 6284 Selective Routing Rule via WAN created for DISNEY fwmark 0x8000/0x8000

(x3mRouting.sh): 6284 Completed Script Execution

Code:
admin@RT-AC86U-1BD0:/jffs/scripts# iptables -nvL PREROUTING -t mangle --line
Chain PREROUTING (policy ACCEPT 9692 packets, 2037K bytes)
num pkts bytes target prot opt in out source destination
1 876K 898M BWDPI_FILTER udp -- eth0 * 0.0.0.0/0 0.0.0.0/0
2 55 10904 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set NETFLIX dst MARK or 0x8000
3 146 20812 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set SCHWAB dst MARK or 0x8000
4 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set GMAIL dst MARK or 0x8000
5 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set DISNEY dst MARK or 0x8000
For the NETFLIX ipset list, look at the contents of /opt/tmp/NETFLIX. It may not contain valid IPv4 addresses. Earlier this week, I experienced a similar issue recently. The contents of the file looked like the html code from the ipinfo.io website rather than a list of IPv4 address. If this is case, you can either empty the contents of the file, rm the file (rm /opt/tmp/NETFLIX) and rerun. Once I reran the code, it worked fine. I'll add a check for the condition in the 394.19 dev version I am working on to trap and fix the error it it occurs.

For the DISNEY list, there is a mismatch in the method used to create the list using the dnsmasq method that conflicts with second line that creates the list using the manual method. The first line below is creating the IPSET list DISNEY without the routing rules using the dnsmasq method. Specifying the 'ipset_name=' parm is for those who intend to route the IPSET list on the x3mRouting OpenVPN client screen. The second line is creating the IPSET list DISNEY using the manual method.

Code:
sh /jffs/scripts/x3mRouting/x3mRouting.sh ipset_name=DISNEY dnsmasq=demdex.net,disney-plus.net,disney.com,disney.io,disneyplus.com,footprint.net,go.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 DISNEY

The format of the save/restore file in /opt/tmp/DISNEYIPSET differs from the save/restore file created using the manual method. See the posts below for an explanation.

http://www.snbforums.com/threads/x3...for-asuswrt-merlin-firmware.57793/post-598977
http://www.snbforums.com/threads/x3...for-asuswrt-merlin-firmware.57793/post-598981

First, clean up the DISNEY ipset list.

Code:
x3mRouting ipset_list=DISNEY del

Then, remove the save/backup DISNEY file in /opt/tmp/ just to start fresh.

Lastly, reenter the VPN Bypass for Disney as follows:

Code:
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 DISNEY dnsmasq=demdex.net,disney-plus.net,disney.com,disney.io,disneyplus.com,footprint.net,go.com

I notice you have some Amazon AWS AS numbers in your Netflix list. I am currently using the following for Amazan and NF:
Code:
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 AMAZON_GLOBAL aws_region=GLOBAL
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 NETFLIX_DNS dnsmasq=netflix.com,nflxext.com,nflximg.com,nflximg.net,nflxso.net,nflxvideo.net,amazonaws.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 NETFLIX_AS2906 asnum=AS2906
 
For the NETFLIX ipset list, look at the contents of /opt/tmp/NETFLIX.
Yes, that file contained some html code. I deleted the file, then ran the Netflix lines you suggested.

For the Disney ipset fix, I used:
x3mRouting ipset_name=DISNEY del
That worked.

I also deleted the Amazon and Schwab files, and fixed some syntax problems in nat-start. Then I ran nat-start, and everything seems to be working. The iptables table is clean and includes all that it should from nat-start.

There is still a problem.

(x3mRouting.sh): 22085 Starting Script Execution 1 0 SCHWAB asnum=AS6949,AS21342
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
(x3mRouting.sh): 22085 Selective Routing Rule via WAN deleted for SCHWAB fwmark 0x8000/0x8000
(x3mRouting.sh): 22085 Selective Routing Rule via WAN created for SCHWAB fwmark 0x8000/0x8000
(x3mRouting.sh): 22085 Completed Script Execution

But it seems to be working.

Thanks for your help.
 
Yes, that file contained some html code. I deleted the file, then ran the Netflix lines you suggested.

For the Disney ipset fix, I used:
x3mRouting ipset_name=DISNEY del
That worked.

I also deleted the Amazon and Schwab files, and fixed some syntax problems in nat-start. Then I ran nat-start, and everything seems to be working. The iptables table is clean and includes all that it should from nat-start.

There is still a problem.

(x3mRouting.sh): 22085 Starting Script Execution 1 0 SCHWAB asnum=AS6949,AS21342
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
(x3mRouting.sh): 22085 Selective Routing Rule via WAN deleted for SCHWAB fwmark 0x8000/0x8000
(x3mRouting.sh): 22085 Selective Routing Rule via WAN created for SCHWAB fwmark 0x8000/0x8000
(x3mRouting.sh): 22085 Completed Script Execution

But it seems to be working.

Thanks for your help.
Oops, spoke too soon. I just did a reboot, and in looking at the iptable, not all of the lines from nat-start executed. But I manually reran nat-start, and now all is OK. So I suspect with the changes that Merlin is making, and what you are doing to react, I suspect we are in this limbo state where things might not be right until all settles down. Still, in case it helps, here is my current nat-start file, the output from the ssh screen, and the iptable. BTW, until I did the reboot, the Policy Rules from the GUI did not work. I do not know at what point they stopped working, but it was during the time when I was making the changes that you had me make.

#!/bin/sh

sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 HBOGO dnsmasq=HBOGO hbogo.com,play.hbogo.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 ROKU
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 PapaMurphys asnum=AS13335
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 NETFLIX asnum=AS2906
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 GMAIL
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 DISNEY dnsmasq=demdex.net,disney-plus.net,disney.com,disney.io,disneyplus.com,footprint.net,go.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 AMAZON_GLOBAL aws_region=GLOBAL
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 NETFLIX_DNS dnsmasq=netflix.com,nflxext.com,nflximg.com,nflximg.net,nflxso.net,nflxvideo.net,amazonaws.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 SCHWAB asnum=AS6949,AS21342


admin@RT-AC86U-1BD0:/jffs/scripts# sh nat-start
(x3mRouting.sh): 17022 Starting Script Execution 1 0 HBOGO dnsmasq=HBOGO hbogo.com,play.hbogo.com
0 2 * * * ipset save HBOGO > /opt/tmp/HBOGO #HBOGO#
(x3mRouting.sh): 17022 CRON schedule created: #HBOGO# '0 2 * * * ipset save HBOGO'
(x3mRouting.sh): 17022 Selective Routing Rule via WAN deleted for HBOGO fwmark 0x8000/0x8000
(x3mRouting.sh): 17022 Selective Routing Rule via WAN created for HBOGO fwmark 0x8000/0x8000
(x3mRouting.sh): 17022 Completed Script Execution
(x3mRouting.sh): 17132 Starting Script Execution 1 0 ROKU
(x3mRouting.sh): 17132 Selective Routing Rule via WAN deleted for ROKU fwmark 0x8000/0x8000
(x3mRouting.sh): 17132 Selective Routing Rule via WAN created for ROKU fwmark 0x8000/0x8000
(x3mRouting.sh): 17132 Completed Script Execution
(x3mRouting.sh): 17250 Starting Script Execution 1 0 PapaMurphys asnum=AS13335
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
(x3mRouting.sh): 17250 Selective Routing Rule via WAN deleted for PapaMurphys fwmark 0x8000/0x8000
(x3mRouting.sh): 17250 Selective Routing Rule via WAN created for PapaMurphys fwmark 0x8000/0x8000
(x3mRouting.sh): 17250 Completed Script Execution
(x3mRouting.sh): 17549 Starting Script Execution 1 0 NETFLIX asnum=AS2906
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
(x3mRouting.sh): 17549 Selective Routing Rule via WAN deleted for NETFLIX fwmark 0x8000/0x8000
(x3mRouting.sh): 17549 Selective Routing Rule via WAN created for NETFLIX fwmark 0x8000/0x8000
(x3mRouting.sh): 17549 Completed Script Execution
(x3mRouting.sh): 17720 Starting Script Execution 1 0 GMAIL
(x3mRouting.sh): 17720 Selective Routing Rule via WAN deleted for GMAIL fwmark 0x8000/0x8000
(x3mRouting.sh): 17720 Selective Routing Rule via WAN created for GMAIL fwmark 0x8000/0x8000
(x3mRouting.sh): 17720 Completed Script Execution
(x3mRouting.sh): 17839 Starting Script Execution 1 0 DISNEY dnsmasq=demdex.net,disney-plus.net,disney.com,disney.io,disneyplus.com,footprint.net,go.com
0 2 * * * ipset save DISNEY > /opt/tmp/DISNEY #DISNEY#
(x3mRouting.sh): 17839 CRON schedule created: #DISNEY# '0 2 * * * ipset save DISNEY'
(x3mRouting.sh): 17839 Selective Routing Rule via WAN deleted for DISNEY fwmark 0x8000/0x8000
(x3mRouting.sh): 17839 Selective Routing Rule via WAN created for DISNEY fwmark 0x8000/0x8000
(x3mRouting.sh): 17839 Completed Script Execution
(x3mRouting.sh): 17949 Starting Script Execution 1 0 AMAZON_GLOBAL aws_region=GLOBAL
(x3mRouting.sh): 17949 Selective Routing Rule via WAN deleted for AMAZON_GLOBAL fwmark 0x8000/0x8000
(x3mRouting.sh): 17949 Selective Routing Rule via WAN created for AMAZON_GLOBAL fwmark 0x8000/0x8000
(x3mRouting.sh): 17949 Completed Script Execution
(x3mRouting.sh): 18076 Starting Script Execution 1 0 NETFLIX_DNS dnsmasq=netflix.com,nflxext.com,nflximg.com,nflximg.net,nflxso.net,nflxvideo.net,amazonaws.com
0 2 * * * ipset save NETFLIX_DNS > /opt/tmp/NETFLIX_DNS #NETFLIX_DNS#
(x3mRouting.sh): 18076 CRON schedule created: #NETFLIX_DNS# '0 2 * * * ipset save NETFLIX_DNS'
(x3mRouting.sh): 18076 Selective Routing Rule via WAN deleted for NETFLIX_DNS fwmark 0x8000/0x8000
(x3mRouting.sh): 18076 Selective Routing Rule via WAN created for NETFLIX_DNS fwmark 0x8000/0x8000
(x3mRouting.sh): 18076 Completed Script Execution
(x3mRouting.sh): 18186 Starting Script Execution 1 0 SCHWAB asnum=AS6949,AS21342
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
(x3mRouting.sh): 18186 Selective Routing Rule via WAN deleted for SCHWAB fwmark 0x8000/0x8000
(x3mRouting.sh): 18186 Selective Routing Rule via WAN created for SCHWAB fwmark 0x8000/0x8000
(x3mRouting.sh): 18186 Completed Script Execution


admin@RT-AC86U-1BD0:/jffs/scripts# iptables -nvL PREROUTING -t mangle --line
Chain PREROUTING (policy ACCEPT 652 packets, 340K bytes)
num pkts bytes target prot opt in out source destination
1 6408 4387K MARK all -- tun11 * 0.0.0.0/0 0.0.0.0/0 MARK xset 0x1/0x7
2 7468 5147K BWDPI_FILTER udp -- eth0 * 0.0.0.0/0 0.0.0.0/0
3 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set HBOGO dst MARK or 0x8000
4 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set ROKU dst MARK or 0x8000
5 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set PapaMurphys dst MARK or 0x8000
6 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set NETFLIX dst MARK or 0x8000
7 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set GMAIL dst MARK or 0x8000
8 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set DISNEY dst MARK or 0x8000
9 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set AMAZON_GLOBAL dst MARK or 0x8000
10 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set NETFLIX_DNS dst MARK or 0x8000
11 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set SCHWAB dst MARK or 0x8000
 
Oops, spoke too soon. I just did a reboot, and in looking at the iptable, not all of the lines from nat-start executed. But I manually reran nat-start, and now all is OK. So I suspect with the changes that Merlin is making, and what you are doing to react, I suspect we are in this limbo state where things might not be right until all settles down. Still, in case it helps, here is my current nat-start file, the output from the ssh screen, and the iptable. BTW, until I did the reboot, the Policy Rules from the GUI did not work. I do not know at what point they stopped working, but it was during the time when I was making the changes that you had me make.

#!/bin/sh

sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 HBOGO dnsmasq=HBOGO hbogo.com,play.hbogo.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 ROKU
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 PapaMurphys asnum=AS13335
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 NETFLIX asnum=AS2906
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 GMAIL
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 DISNEY dnsmasq=demdex.net,disney-plus.net,disney.com,disney.io,disneyplus.com,footprint.net,go.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 AMAZON_GLOBAL aws_region=GLOBAL
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 NETFLIX_DNS dnsmasq=netflix.com,nflxext.com,nflximg.com,nflximg.net,nflxso.net,nflxvideo.net,amazonaws.com
sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 SCHWAB asnum=AS6949,AS21342


admin@RT-AC86U-1BD0:/jffs/scripts# sh nat-start
(x3mRouting.sh): 17022 Starting Script Execution 1 0 HBOGO dnsmasq=HBOGO hbogo.com,play.hbogo.com
0 2 * * * ipset save HBOGO > /opt/tmp/HBOGO #HBOGO#
(x3mRouting.sh): 17022 CRON schedule created: #HBOGO# '0 2 * * * ipset save HBOGO'
(x3mRouting.sh): 17022 Selective Routing Rule via WAN deleted for HBOGO fwmark 0x8000/0x8000
(x3mRouting.sh): 17022 Selective Routing Rule via WAN created for HBOGO fwmark 0x8000/0x8000
(x3mRouting.sh): 17022 Completed Script Execution
(x3mRouting.sh): 17132 Starting Script Execution 1 0 ROKU
(x3mRouting.sh): 17132 Selective Routing Rule via WAN deleted for ROKU fwmark 0x8000/0x8000
(x3mRouting.sh): 17132 Selective Routing Rule via WAN created for ROKU fwmark 0x8000/0x8000
(x3mRouting.sh): 17132 Completed Script Execution
(x3mRouting.sh): 17250 Starting Script Execution 1 0 PapaMurphys asnum=AS13335
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
(x3mRouting.sh): 17250 Selective Routing Rule via WAN deleted for PapaMurphys fwmark 0x8000/0x8000
(x3mRouting.sh): 17250 Selective Routing Rule via WAN created for PapaMurphys fwmark 0x8000/0x8000
(x3mRouting.sh): 17250 Completed Script Execution
(x3mRouting.sh): 17549 Starting Script Execution 1 0 NETFLIX asnum=AS2906
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
(x3mRouting.sh): 17549 Selective Routing Rule via WAN deleted for NETFLIX fwmark 0x8000/0x8000
(x3mRouting.sh): 17549 Selective Routing Rule via WAN created for NETFLIX fwmark 0x8000/0x8000
(x3mRouting.sh): 17549 Completed Script Execution
(x3mRouting.sh): 17720 Starting Script Execution 1 0 GMAIL
(x3mRouting.sh): 17720 Selective Routing Rule via WAN deleted for GMAIL fwmark 0x8000/0x8000
(x3mRouting.sh): 17720 Selective Routing Rule via WAN created for GMAIL fwmark 0x8000/0x8000
(x3mRouting.sh): 17720 Completed Script Execution
(x3mRouting.sh): 17839 Starting Script Execution 1 0 DISNEY dnsmasq=demdex.net,disney-plus.net,disney.com,disney.io,disneyplus.com,footprint.net,go.com
0 2 * * * ipset save DISNEY > /opt/tmp/DISNEY #DISNEY#
(x3mRouting.sh): 17839 CRON schedule created: #DISNEY# '0 2 * * * ipset save DISNEY'
(x3mRouting.sh): 17839 Selective Routing Rule via WAN deleted for DISNEY fwmark 0x8000/0x8000
(x3mRouting.sh): 17839 Selective Routing Rule via WAN created for DISNEY fwmark 0x8000/0x8000
(x3mRouting.sh): 17839 Completed Script Execution
(x3mRouting.sh): 17949 Starting Script Execution 1 0 AMAZON_GLOBAL aws_region=GLOBAL
(x3mRouting.sh): 17949 Selective Routing Rule via WAN deleted for AMAZON_GLOBAL fwmark 0x8000/0x8000
(x3mRouting.sh): 17949 Selective Routing Rule via WAN created for AMAZON_GLOBAL fwmark 0x8000/0x8000
(x3mRouting.sh): 17949 Completed Script Execution
(x3mRouting.sh): 18076 Starting Script Execution 1 0 NETFLIX_DNS dnsmasq=netflix.com,nflxext.com,nflximg.com,nflximg.net,nflxso.net,nflxvideo.net,amazonaws.com
0 2 * * * ipset save NETFLIX_DNS > /opt/tmp/NETFLIX_DNS #NETFLIX_DNS#
(x3mRouting.sh): 18076 CRON schedule created: #NETFLIX_DNS# '0 2 * * * ipset save NETFLIX_DNS'
(x3mRouting.sh): 18076 Selective Routing Rule via WAN deleted for NETFLIX_DNS fwmark 0x8000/0x8000
(x3mRouting.sh): 18076 Selective Routing Rule via WAN created for NETFLIX_DNS fwmark 0x8000/0x8000
(x3mRouting.sh): 18076 Completed Script Execution
(x3mRouting.sh): 18186 Starting Script Execution 1 0 SCHWAB asnum=AS6949,AS21342
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
(x3mRouting.sh): 18186 Selective Routing Rule via WAN deleted for SCHWAB fwmark 0x8000/0x8000
(x3mRouting.sh): 18186 Selective Routing Rule via WAN created for SCHWAB fwmark 0x8000/0x8000
(x3mRouting.sh): 18186 Completed Script Execution


admin@RT-AC86U-1BD0:/jffs/scripts# iptables -nvL PREROUTING -t mangle --line
Chain PREROUTING (policy ACCEPT 652 packets, 340K bytes)
num pkts bytes target prot opt in out source destination
1 6408 4387K MARK all -- tun11 * 0.0.0.0/0 0.0.0.0/0 MARK xset 0x1/0x7
2 7468 5147K BWDPI_FILTER udp -- eth0 * 0.0.0.0/0 0.0.0.0/0
3 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set HBOGO dst MARK or 0x8000
4 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set ROKU dst MARK or 0x8000
5 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set PapaMurphys dst MARK or 0x8000
6 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set NETFLIX dst MARK or 0x8000
7 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set GMAIL dst MARK or 0x8000
8 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set DISNEY dst MARK or 0x8000
9 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set AMAZON_GLOBAL dst MARK or 0x8000
10 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set NETFLIX_DNS dst MARK or 0x8000
11 0 0 MARK all -- br0 * 0.0.0.0/0 0.0.0.0/0 match-set SCHWAB dst MARK or 0x8000
Appears the ASN method is giving you issues. Let's focus on ipset error below for now:
Code:
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
.
The site were x3mRouting collects the IPv4 addresses is ipinfo.io. Check to make sure you have access to it. I used to have to whitelist the site. During development, I was accessing ipinfo.io too many times in one day and was temporarily blocked. If that happens or the download fails, x3mRout8ing will get the IPv4 addresses from another site.

Check the contents of the ASN save/restore files in /opt/tmp/. Should contain IPv4 addresses in CIDR notation. There should be no empty lines except for the last line in the file. Or, does it contain html code?

You can also run in debug mode using the syntax below and send me a code snip of the lines leading up to the error. Maybe 15 or so lines above to give me a reference point.
Code:
sh -x /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 SCHWAB asnum=AS6949,AS21342
 
Just a heads-up: the updown-client.sh event handler is being removed. Next 384.19 alpha build will now use new event handlers provided by libovpn. If the script relied on replacing updown-client.sh, then it will need to change to using a postconf script instead, to modify the config.ovpn to locate and replace both handlers (look for lines starting with "up " and "down " (with the trailing space).

I've made sure that the new event handler will still pass the same arguments as before to openvpn-event, so if you also tied into that, arguments should still be the same (tho I would recommend considering using env variables instead of passed arguments, as it will be more reliable in case OpenVPN ever decided to change some of these arguments in a future version of OpenVPN).

Currently doing some final tests to ensure DNS handling is working as expected, I'm hoping to have new test builds either later tonight or tomorrow.
Thanks for the heads-up @RMerlin. Sounds like a good solution! Looking forward to testing with it.

The use case for x3mRouting includes concatenating a vpn client list nvram file stored on jffs to the nvram var used in the firmware.
Code:
  # Concatentate /jffs/addons/x3mRouting/ovpncX.nvram file if it exists
  if [ -s "/jffs/addons/x3mRouting/ovpnc${instance}.nvram" ]; then
    VPN_IP_LIST="${VPN_IP_LIST}$(cat "/jffs/addons/x3mRouting/ovpnc${instance}.nvram")"
    logger -st "($(basename "$0"))" $$ "x3mRouting adding /jffs/addons/x3mRouting/ovpnc${instance}.nvram to VPN_IP_LIST"
  fi
  #################### end of custom code

The recent update includes honoring the Accept DNS Configuration = Exclusive rules for IPSET lists.
Code:
IPSET_LIST=$(echo "$ENTRY" | cut -d ">" -f 1)
echo "iptables -t nat -A DNSVPN${instance} -m set --match-set $IPSET_LIST src -i br0 -p tcp --dport 53 -j DNAT --to-destination $server" >>"$dnsscript"
echo "iptables -t nat -A DNSVPN${instance} -m set --match-set $IPSET_LIST src -i br0 -p udp --dport 53 -j DNAT --to-destination $server" >>"$dnsscript"
      /usr/bin/logger -t "openvpn-updown" "Forcing IPSET list $IPSET_LIST to use DNS server $server"
 
WARNING
The LAN Routing and OpenVPN Client Screen options of x3mRouting are not yet compatible with the 384.19 Alpha 4 Test Builds! Please give me a day or two to make the necessary modifications.
 
Check the contents of the ASN save/restore files in /opt/tmp/
ipinfo.io is whitelisted in Skynet. Also I can ping that website from a Win10 cmd box.

Of the 3 of these errors, their files are empty except for API as the 1st line.

I ran the debug line. Here are the lines before the error:

+ ASNUM_Parm 1 0 SCHWAB asnum=AS6949,AS21342
+ echo 1 0 SCHWAB asnum=AS6949,AS21342
+ tr , \n
+ sed -n s/^.*asnum=//p
+ awk {print $1}
+ ASN=AS6949
AS21342
+ true
+ awk -v A=AS6949 BEGIN {print A}
+ read -r ASN
+ printf %-.2s AS6949
+ PREFIX=AS
+ sed s/^AS//
+ echo AS6949
+ NUMBER=6949
+ [ AS = AS ]
+ echo+ grep -oE ^\-?[0-9]+$
6949
+ A=6949
+ [ -z 6949 ]
+ Create_Ipset_List SCHWAB ASN
+ IPSET_NAME=SCHWAB
+ METHOD=ASN
+ Chk_Entware 120
+ READY=1
+ ENTWARE_UTILITY=
+ MAX_TRIES=30
+ [ -n ]
+ [ -z ]
+ [ 120 -eq 120 ]
+ MAX_TRIES=120
+ [ -n 120 ]
+ [ 120 -eq 120 ]
+ TRIES=0
+ [ 0 -lt 120 ]
+ [ -f /opt/bin/opkg ]
+ [ -n ]
+ READY=0
+ break
+ return 0
+ [ 0 -eq 1 ]
+ ipset list -n SCHWAB
+ [ SCHWAB != SCHWAB ]
+ Download_ASN_Ipset_List SCHWAB AS6949 6949 /opt/tmp
+ IPSET_NAME=SCHWAB
+ ASN=AS6949
+ NUMBER=6949
+ DIR=/opt/tmp
+ [ ! -s /opt/tmp/SCHWAB ]
+ curl --retry 3 -sL -o /opt/tmp/SCHWAB_tmp -w %{http_code} https://ipinfo.io/AS6949
+ STATUS=200
+ [ 200 -eq 200 ]
+ grep -E a href.*6949\/ /opt/tmp/SCHWAB_tmp
+ sed s|" >||
+ grep -v :
+ sed s|^.*<a href="/AS6949/||
+ sort -gt / -k 1 /opt/tmp/SCHWAB
+ sort -ut . -k 1,1n -k 2,2n -k 3,3n -k 4,4n
+ mv /opt/tmp/SCHWAB_tmp /opt/tmp/SCHWAB
+ awk {print "add SCHWAB " $1} /opt/tmp/SCHWAB
+ ipset restore -!
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
 
ipinfo.io is whitelisted in Skynet. Also I can ping that website from a Win10 cmd box.

Of the 3 of these errors, their files are empty except for API as the 1st line.

I ran the debug line. Here are the lines before the error:

+ ASNUM_Parm 1 0 SCHWAB asnum=AS6949,AS21342
+ echo 1 0 SCHWAB asnum=AS6949,AS21342
+ tr , \n
+ sed -n s/^.*asnum=//p
+ awk {print $1}
+ ASN=AS6949
AS21342
+ true
+ awk -v A=AS6949 BEGIN {print A}
+ read -r ASN
+ printf %-.2s AS6949
+ PREFIX=AS
+ sed s/^AS//
+ echo AS6949
+ NUMBER=6949
+ [ AS = AS ]
+ echo+ grep -oE ^\-?[0-9]+$
6949
+ A=6949
+ [ -z 6949 ]
+ Create_Ipset_List SCHWAB ASN
+ IPSET_NAME=SCHWAB
+ METHOD=ASN
+ Chk_Entware 120
+ READY=1
+ ENTWARE_UTILITY=
+ MAX_TRIES=30
+ [ -n ]
+ [ -z ]
+ [ 120 -eq 120 ]
+ MAX_TRIES=120
+ [ -n 120 ]
+ [ 120 -eq 120 ]
+ TRIES=0
+ [ 0 -lt 120 ]
+ [ -f /opt/bin/opkg ]
+ [ -n ]
+ READY=0
+ break
+ return 0
+ [ 0 -eq 1 ]
+ ipset list -n SCHWAB
+ [ SCHWAB != SCHWAB ]
+ Download_ASN_Ipset_List SCHWAB AS6949 6949 /opt/tmp
+ IPSET_NAME=SCHWAB
+ ASN=AS6949
+ NUMBER=6949
+ DIR=/opt/tmp
+ [ ! -s /opt/tmp/SCHWAB ]
+ curl --retry 3 -sL -o /opt/tmp/SCHWAB_tmp -w %{http_code} https://ipinfo.io/AS6949
+ STATUS=200
+ [ 200 -eq 200 ]
+ grep -E a href.*6949\/ /opt/tmp/SCHWAB_tmp
+ sed s|" >||
+ grep -v :
+ sed s|^.*<a href="/AS6949/||
+ sort -gt / -k 1 /opt/tmp/SCHWAB
+ sort -ut . -k 1,1n -k 2,2n -k 3,3n -k 4,4n
+ mv /opt/tmp/SCHWAB_tmp /opt/tmp/SCHWAB
+ awk {print "add SCHWAB " $1} /opt/tmp/SCHWAB
+ ipset restore -!
ipset v6.32: Error in line 1: Syntax error: cannot parse API: resolving to IPv4 address failed
For some reason, you are not getting the list of IP addresses in the right format. I can't duplicate on my end. No errors appear to occur during the download or the parsing of the data. Could it be an I/O issue to the USB disk? Perhaps try moving the USB to the USB 3.0 Port?

Please confirm the firmware version you are on. Your signature says 384.16. Maybe consider updating to 384.18? I'll have to add error handling to check the contents of the file after the download from ipinfo.io and download from an alternate source if it's not in the expected format.

Also, in the future, please insert code snips using the Code block as it is of great help to improve readability.

1596150084112.png
 
Please confirm the firmware version you are on
I am on 384.16. Maybe .18 is my next stop.

I'm going to try to reboot again. For some reason, even though Amazon is in the iptables list, when I go to Prime it says I'm on a VPN, so not sure why it is not being routed to the WAN.

I finally figured out that I was chasing an Amazon Global vs US issue. Once I deleted the Global list and replaced it with the US list, Amazon is now OK.

But after rerunning the nat-start file, my Schwab ip list file contained a bunch of html lines. So I deleted that file and the Schwab ipset, and will leave it for now while you do your fixes to prevent the html lines from being in those files.
 
Last edited:
Hello I am trying to update to 2.0.
It fails because my rules are not stored within the nat-start file but is in the /jffs/scripts/IPSETlists script which is called by nat-start.
So the conversion file is not created.
Is there a way to convert my rules from /jffs/scripts/IPSETlists ??

Thanks
 
@Xentrk do you think we are ready to go for 384.19_Beta_1 ? I'm using option 3 of X3mRouting and sending my OpenVPN server traffic through a VPN Client.
 
@Xentrk do you think we are ready to go for 384.19_Beta_1 ? I'm using option 3 of X3mRouting and sending my OpenVPN server traffic through a VPN Client.
I believe it will be ok to do so.....option 3 wasn't affected with the recent OpenVPN changes. Im currently on Alpha 4 but will update soon.
 
I've just updated to 384.19 Beta 1 and got lucky to read Merlin's advice to backup JFFS2 partition on the AC86U because updating the firmware made me lose a lot of configs, including vpn clients certs, DHCP reservation, Diversion(was able to recover previous config option after reinstalling it), etc. Past very little time but x3mRouting seems to be working just fine after updating firmware, restoring JFFS, reinstalling Diversion with previous config option(swap file got wiped after FW update) and a reboot from GUI.

JFFS2 Backup is a must if you use AC86U.
 
I believe it will be ok to do so.....option 3 wasn't affected with the recent OpenVPN changes. Im currently on Alpha 4 but will update soon.

Updating x3mRouting (v2.0.0) will remove for ex. the load_AMAZON_ipset_iface.sh, load_ASN_ipset_iface.sh, etc. on /jffs/scripts/x3mRouting/ folder & store it on a newly created backup file inside that folder. You won’t be able to run a nat start unless you drag & drop copies of those files inside the x3mRouting folder. It’s kinda weird that even if you have v2.0.0 showing on amtm, if you check for update it will remove those files & create a backup folder.
 
Last edited by a moderator:

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top