PBR app

This article relies on the following:

Introduction

PBR app provides an advanced policy-based routing solution.

Command-line instructions

Install and enable PBR app. 

# Install packages
opkg update
opkg install pbr
 
# Enable PBR
uci set pbr.config.enabled="1"
uci commit pbr
service pbr restart

Extras

Web interface

If you want to manage PBR settings using web interface. Install the necessary packages. 

# Install packages
opkg update
opkg install luci-app-pbr
service rpcd restart

Support OpenVPN

Support unmanaged protocols like OpenVPN. 

# Support OpenVPN
uci add_list pbr.config.supported_interface="tun*"
uci commit pbr
service pbr restart

Support Netbird

Create rules with a lower numeric priority value when using Netbird. Note that Netbird (with exit node configured) sets itself up as the default and this may not be reflected in PBR Luci (which might, e.g., still show WAN as default route). 

# Support Netbird
uci set pbr.config.uplink_ip_rules_priority ="99"
uci commit pbr
service pbr restart

Support Tailscale

Create rules with a lower numeric priority value when using Tailscale. Note that Tailscale (with exit node configured) sets itself up as the default and this may not be reflected in PBR Luci (which might, e.g., still show WAN as default route). 

# Support Tailscale
uci set pbr.config.wan_ip_rules_priority="1000"
uci commit pbr
service pbr restart

Route LAN to VPN

Disable gateway redirection in the VPN client configuration. Route LAN 192.168.1.0/24 to VPN. 

# Route LAN to VPN
uci add pbr policy
uci set pbr.@policy[-1].src_addr="192.168.1.0/24"
uci set pbr.@policy[-1].interface="vpn"
uci commit pbr
service pbr restart

Forward WAN port

Forward WAN port to a webserver running on 192.168.1.2. Arrange this policy above more generic ones. 

# Forward WAN port
uci add pbr policy
uci set pbr.@policy[-1].src_addr="192.168.1.2"
uci set pbr.@policy[-1].src_port="443"
uci set pbr.@policy[-1].proto="tcp"
uci set pbr.@policy[-1].interface="wan"
uci reorder pbr.@policy[-1]="1"
uci commit pbr
service pbr restart

Prioritize local subnets

Prioritize routing between local subnets 192.168.1.0/24 and 192.168.3.0/24. Arrange this policy above all others. 

# Prioritize local subnets
uci set pbr.config.webui_show_ignore_target="1"
uci add pbr policy
uci set pbr.@policy[-1].dest_addr="192.168.1.0/24 192.168.3.0/24"
uci set pbr.@policy[-1].interface="ignore"
uci reorder pbr.@policy[-1]="1"
uci commit pbr
service pbr restart
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2025/12/08 12:37
  • by egc112