hi
i create a mangle rule for one PC use only wan1 (192.168.1.254) .
i have two wan:
box and 4g lte.
route:
add distance=1 gateway=192.168.1.254 routing-mark=opnvpn
add distance=1 gateway=192.168.88.1(lte more fast)
add distance=2 gateway=192.168.1.254 (slow)
add action=mark-routing chain=prerouting comment=vpn connection-state=established,new disabled=n dst-address-type=“”
log-prefix=“openvpn pre routing01” new-routing-mark=opnvpn passthrough=yes protocol=tcp src-address-list=Alow-wan1
src-address-type=“”
when i try to go internet i have this error:
ne erreur est survenue pendant une connexion à > www.convertworld.com> . PR_CONNECT_RESET_ERROR
La page que vous essayez de consulter ne peut pas être affichée car l’authenticité des données reçues ne peut être vérifiée.
Veuillez contacter les propriétaires du site web pour les informer de ce problème.
thank for your helpfull
Your mangle rule is disabled…?
You also say you want to put it on WAN 1 but mangle rule says ALOW-WAN2?
PS: is the error only with VPN or also when VPN is off?
You also need to assing any connection coming in from WAN1 or WAN2 to have retunr data stay on that WAN interface (not only New/established etc.) .
maybe you do that already but not clear.
add action=mark-routing chain=prerouting comment=vpn connection-state=established,new disabled=n dst-address-type=“”
log-prefix=“openvpn pre routing01” new-routing-mark=opnvpn passthrough=yes protocol=tcp src-address-list=Alow-wan1
src-address-type=“”
Hello
sorry i did not pay attention during export that the rule was deactivated but i was obliged otherwise i did not have internet to post.
The purpose of this rule at the base was that the VPN clients of my nas use the wan1 connection.
the vpn connection worked, I would get an ip on the other hand I did not have access to the lan or internet. Without specific error message on the web page.
So to see what was wrong, I assign this rule to my post. When it is active I no longer have access to the net and I have the error indicated.
br
hi,
when i disabled firewall filtering ,no probleme.
But i don t know why ..
hi,
i found a script for create vpn serveur on mikrotil and i use this firewall rue:
add chain=forward action=accept src-address=192.168.2.116 out-interface-list=WAN place-before=0
add chain=forward action=accept in-interface-list=WAN dst-address=192.168.2.116 place-before=1
now working but i want to know what this rules do it.
i newbie
br
add chain=forward action=accept src-address=192.168.2.116 out-interface-list=WAN place-before=0
add chain=forward action=accept in-interface-list=WAN dst-address=192.168.2.116 place-before=1
This pretty much means you don’t do any firewall between IP 192.168.2.116 and all the WAN interfaces!
(close to disable firewall for this device).
Is this the intend?
hi,
no i just want to acces my lan with openvpn 
And i want understood what i do 
br
Hello,
I come back to my problem because I do not understand the bug.
I continued my tests and I went through my wifi connection.
I have a capsmanager with ssid.
domo and house.
add bridge=br_domotique local-forwarding=no name=datapath2
add bridge=br-lan local-forwarding=no name=datapath1 caps-man security
add authentication-types=wpa2-psk name=SEC-Wifi-maison
add authentication-types=wpa2-psk name=Domotique caps-man configuration
add country=france datapath.bridge=br_domotique datapath.client-to-client-forwarding=no datapath.local-forwarding=no distance=indoors mode=ap name=Domotique security=Domotique sid=Domo
add country=france datapath=datapath1 datapath.bridge=br-lan datapath.client-to-client-forwarding=no datapath.local-forwarding=no distance=indoors mode=ap name=Maison security=SEC-Wifi-maison ssid= Wifi-Maison
I have a mangle rule which forces home automation to use the wan1 connection by the br-home automation bridge.
add action=mark-routing chain=prerouting comment=“routing mark domotique” disabled=yes in-interface=br_domotique new-routing-mark=to-domotique passthrough=yes src-address=192.168.3.0/24
when i connect my pc to this ssid, my pc goes well through wan1 and no page.web display error.
By cons if I connect my pc via the eternet socket on bridge I have the error message and no connection on the web page.
my question is why in wifica goes and not by cable.
What is the difference
hi,
i try to disabled fasttrack in filter rules and now i can access to web with wired.
Someone can explain?
i try to read wiki but i not sure to undertand
br
hi,
thank you for your reponse.
i enabled mark-connexion in fastrack filter rule and now is fine.