TRB140 source routing over openvpn infterface

jaroslav.safranek · May 22, 2024, 9:50am

Hi,

We tried replace mikrotik devices with TRB140, but we have trouble with source routing over openvpn.
So idea is that default gw is over LTE (rmnet0) and all from LAN interface (eth0) is routed over openvpn TUN interface to our central VPN concentrator to internet. On Mikrotik devices we are using source routing, so we have new TABLE and rules say that when traffic is go from LAN it use gw from openvpn.

On TRB140 I tried make same way, and in WEBUI I can add TABLE and RULE without error, but in CLI when I print routes over “ip route list” I can’t see it.
When I tried add it manually over CLI, I had error.
When I tried it with TUN interface in CLI so it works, it seems, that primary trouble is that WEBUI can’t works with TUN interface in routing setting.

So we can use custom script, but I need know how I can add table and rule from CLI.

Can anybody help us?
Best regards Jaroslav

Marijus · May 22, 2024, 11:18am

Hello,

When you look for IP routes using ip route list, it works a bit differently because routing operates based on “rules” and “tables.” This means that rules are checked for certain types of traffic, and only then is the routing table applied.

To check IP rules, you should type:

ip rule list

As you can see below, I have added one rule myself. Otherwise, there would only be three rules by default.

2024-05-22-14-11-49-192.168.1.1

You can view the created tables in /etc/config/network under the config route section.

2024-05-22-14-16-20-192.168.1.1

Best regards,

jaroslav.safranek · May 22, 2024, 1:54pm

Hi,

Now I have in “/etc/config/network”:
config table ‘1’
option id ‘100’
option name ‘test’

config rule ‘2’
option action_group ‘lookup’
option tos ‘0’
option in ‘lan’
option priority ‘1’
option invert ‘0’
option lookup ‘100’
option src ‘172.30.171.0/24’

config route ‘3’
option table ‘100’
option netmask ‘0.0.0.0’
option gateway ‘172.33.1.1’
option target ‘0.0.0.0’
option interface ‘lan’ —> I think here must be openvpn interface, no LAN

ip rule list
0: from all lookup local
1: from 172.30.171.0/24 iif eth0 lookup 100
32766: from all lookup main
32767: from all lookup default

ip route list
default dev rmnet0 proto static scope link src 100.122.213.110 metric 1
100.122.213.110 dev rmnet0 proto static scope link metric 1
172.30.171.0/24 dev eth0 proto kernel scope link src 172.30.171.1
172.33.1.0/24 dev tun_c_XXX proto kernel scope link src 172.33.1.45

Is any way how change “option interface ‘lan’” to option interface ‘tun_c_XXX’?
Or how I can do it?

Marijus · May 23, 2024, 5:29am

Hello,

This file is editable, so you can make changes directly in it. However, I recommend using Policy-Based Routing, as it is easier to configure and offers better traceability.

Best regards,

jaroslav.safranek · May 23, 2024, 6:32am

Hi,

What you mean " I recommend using Policy-Based Routing"?

Jaroslav

jaroslav.safranek · May 23, 2024, 9:24am

So solution is.

Create new interface in LAN called for example VPN, with static IP.

image1503×762 33.2 KB
Map this interface over Physical Setting to “tun_c_XXX” interface

image1503×762 23.6 KB
Create table (for example 100) over Policy routing with new static route to VPN interface and GW

image1503×762 37.1 KB
Make rule for source routing for lookup table 100

image1503×762 35.3 KB

It’s all

Regards Jaroslav

system · May 25, 2024, 1:24am

This topic was automatically closed 40 hours after the last reply. New replies are no longer allowed.