Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:network:routing:pbr [2021/08/15 21:06] – split from essentials vgaeteradocs:guide-user:network:routing:pbr [2023/09/27 02:36] – [PBR (Policy-Based Routing)] vgaetera
Line 1: Line 1:
-===== Policy-based routing solutions =====+====== PBR (Policy-Based Routing) =====
 +See also: 
 +[[docs:guide-user:network:routing:basics#policy-based_routing|Routing basics]] 
 [[wp>Policy-based_routing|PBR]] is a technique used to make routing decisions based on policies set by the network administrator. [[wp>Policy-based_routing|PBR]] is a technique used to make routing decisions based on policies set by the network administrator.
 There are different methods to implement PBR with their own pros and cons, and some methods can be more suitable than others depending on your goal. There are different methods to implement PBR with their own pros and cons, and some methods can be more suitable than others depending on your goal.
  
-===== PBR solutions ===== +===== Solutions ===== 
-==== PBR with netifd ==== +==== PBR app ==== 
-[[docs:guide-user:network:routing:pbr_netifd|PBR with netifd]] helps to utilize different routing tables to route traffic to a specific interface based on traffic parameters like ingress/egress interfaces, source/destination addresses, firewall mark, etc.+See also
-  * Relies on the built-in netifd functionality and requires no extra software installation. +[[docs:guide-user:network:routing:pbr_app|PBR app]]
-  * Suitable for network protocols supported by netifd such as static, DHCP/DHCPv6, WireGuard, OpenConnect, PPTP, etc. +
-  * Can be used for network protocols unsupported by netifd such as OpenVPN using the [[docs:guide-user:network:routing:pbr_netifd#pbr_protocol|PBR protocol]]+
-  * Works well with interfaces, subnets, IP addresses and ports, but not domains.+
  
-==== VPN policy routing ==== +PBR app helps overcome routing issues for the following scenarios:
-[[https://docs.openwrt.melmac.net/vpn-policy-routing/|VPN policy routing]] helps overcome routing issues for the following scenarios:+
   * Utilize split tunneling to route your traffic to VPN/WAN selectively for some of hosts/subnets/domains.   * Utilize split tunneling to route your traffic to VPN/WAN selectively for some of hosts/subnets/domains.
   * Implement port forwarding on the WAN interface when traffic is routed to VPN by default.   * Implement port forwarding on the WAN interface when traffic is routed to VPN by default.
-  * Run VPN server and client simultaneously and route traffic to the VPN client.+  * Run VPN client and server simultaneously and route traffic to the VPN client
 +  * Provide web interface to manage routing policies.
  
-A typical configuration scenario that can be adapted for most use cases+==== PBR with netifd ==== 
-  [[https://docs.openwrt.melmac.net/vpn-policy-routing/#a-word-about-default-routing|Disable gateway redirection]] in the VPN client configuration. +See also
-  * Route LAN ''192.168.1.0/24'' to WAN and DMZ ''192.168.3.0/24'' to VPN.+[[docs:guide-user:network:routing:pbr_netifd|PBR with netifd]]
  
-<code bash> +PBR with netifd helps to utilize different routing tables to route traffic to a specific interface based on traffic parameters like ingress/egress interface, source/destination address, firewall mark, etc.: 
-opkg update +  * Relies on the built-in netifd functionality and requires no extra software installation
-opkg install vpn-policy-routing luci-app-vpn-policy-routing +  * Suitable for managed and unmanaged interfaces declared in the network configuration
-/etc/init.d/rpcd restart +  * Works well with interfaces, subnets, IP addresses and ports, but not domains.
-uci set vpn-policy-routing.config.enabled="1" +
-uci set vpn-policy-routing.config.resolver_ipset="none" +
-uci set vpn-policy-routing.config.webui_show_ignore_target="1" +
-while uci -q delete vpn-policy-routing.@policy[0]; do :; done +
-uci add vpn-policy-routing policy +
-uci set vpn-policy-routing.@policy[-1].dest_addr="192.168.1.0/24 192.168.3.0/24" +
-uci set vpn-policy-routing.@policy[-1].interface="ignore" +
-uci add vpn-policy-routing policy +
-uci set vpn-policy-routing.@policy[-1].src_addr="192.168.3.0/24" +
-uci set vpn-policy-routing.@policy[-1].interface="vpn" +
-uci commit vpn-policy-routing +
-/etc/init.d/vpn-policy-routing restart +
-</code>+
  
 ==== mwan3 ==== ==== mwan3 ====
-[[docs:guide-user:network:wan:multiwan:mwan3|mwan3]] provides load balancing and failover with multiple WAN interfaces.+See also: 
 +[[docs:guide-user:network:wan:multiwan:mwan3|mwan3]]
 +[[docs:guide-user:routing:examples:dual-wan|Routing example: Dual VPN with mwan3]] 
 + 
 +mwan3 provides load balancing and failover with multiple WAN interfaces.
  
  • Last modified: 2023/10/29 00:46
  • by vgaetera