PBR app

This article relies on the following:

Introduction

PBR app provides an advanced policy-based routing solution.

Command-line instructions

Install and enable PBR app. 

# Install packages
opkg update
opkg install pbr
 
# Enable PBR
uci set pbr.config.enabled="1"
uci commit pbr
/etc/init.d/pbr restart

Extras

Web interface

If you want to manage PBR settings using web interface. Install the necessary packages. 

# Install packages
opkg update
opkg install luci-app-pbr
/etc/init.d/rpcd restart

PBR for OpenVPN

Enable PBR for unmanaged protocols like OpenVPN. 

# PBR for OpenVPN
uci add_list pbr.config.supported_interface="tun0"
uci commit pbr
/etc/init.d/pbr restart

PBR for Tailscale

Create rules with a lower numeric priority value when using Tailscale. 

# PBR for Tailscale
uci set pbr.config.wan_ip_rules_priority="1"
uci commit pbr
/etc/init.d/pbr restart

Route LAN to VPN

Disable gateway redirection in the VPN client configuration. Route LAN 192.168.1.0/24 to VPN. 

# Route LAN to VPN
uci add pbr policy
uci set pbr.@policy[-1].src_addr="192.168.1.0/24"
uci set pbr.@policy[-1].interface="vpn"
uci commit pbr
/etc/init.d/pbr restart

Forward WAN port

Forward WAN port to a webserver running on 192.168.1.2. Arrange this policy above more generic ones. 

# Forward WAN port
uci add pbr policy
uci set pbr.@policy[-1].src_addr="192.168.1.2"
uci set pbr.@policy[-1].src_port="443"
uci set pbr.@policy[-1].proto="tcp"
uci set pbr.@policy[-1].interface="wan"
uci reorder pbr.@policy[-1]="0"
uci commit pbr
/etc/init.d/pbr restart
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2023/09/18 00:47
  • by vgaetera