Device: RouterBOARD 750G r3 (hEX)
I have set up routing of specific (marked) addresses to OpenVPN client. The weird thing is that normally it's very slow, but if you start Tools-Torch/Packet Sniffer it starts to be pretty fast.
normal router state (vk.com ip is marked to be routed to VPN):
Code: Select all
$ time curl https://vk.com
real 0m3.336s
Code: Select all
$ time curl https://vk.com
real 0m0.919s
One more interesting point, before I upgraded to 6.39.1 (was on 6.37.x, as I remember) in normal state it was not working at all. I saw it was marking my requests, masquerading traffic going to VPN interface and that's all, looked like router ignored the answer from server. Again with Torch it was working perfectly.
I think there is something wrong with my router config. Please, help me to debug the problem.
Here is my config:
Code: Select all
/ip route print detail
0 A S dst-address=0.0.0.0/0 gateway=ovpn-out1 gateway-status=ovpn-out1 reachable check-gateway=ping distance=1 scope=10 target-scope=30 routing-mark=vpn
1 ADS dst-address=0.0.0.0/0 gateway=186.36.0.1 gateway-status=186.36.0.1 reachable via ether1 distance=1 scope=30 target-scope=10 vrf-interface=ether1
2 ADC dst-address=10.0.1.0/24 pref-src=10.0.1.1 gateway=ether2-master gateway-status=ether2-master reachable distance=0 scope=10
3 ADC dst-address=186.36.0.0/14 pref-src=186.36.50.241 gateway=ether1 gateway-status=ether1 reachable distance=0 scope=10
4 ADC dst-address=192.168.0.0/24 pref-src=192.168.0.1 gateway=ether2-master gateway-status=ether2-master reachable distance=0 scope=10
5 ADC dst-address=192.168.255.1/32 pref-src=192.168.255.6 gateway=ovpn-out1 gateway-status=ovpn-out1 reachable distance=0 scope=10
Code: Select all
/ip firewall mangle print
0 D ;;; special dummy rule to show fasttrack counters
chain=prerouting action=passthrough
1 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
2 D ;;; special dummy rule to show fasttrack counters
chain=postrouting action=passthrough
3 chain=prerouting action=mark-routing new-routing-mark=vpn passthrough=yes dst-address-list=vpn log=yes log-prefix="mark"
Code: Select all
/ip firewall nat print
0 chain=srcnat action=masquerade out-interface=ovpn-out1 log=yes log-prefix="masq"
1 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface=ether1
Code: Select all
/certificate print
# NAME COMMON-NAME SUBJECT-ALT-NAME FINGERPRINT
0 T ca.crt_0 My CA
1 K T client.cert_0 example.com
Code: Select all
/ppp profile print
2 name="ovpn-client" use-mpls=no use-compression=no use-encryption=required only-one=yes change-tcp-mss=yes use-upnp=default address-list="" on-up="" on-down=""
Code: Select all
/interface ovpn-client print
0 R ;;; vpn client
name="ovpn-out1" mac-address=aa:33:bb:12:cc:dd max-mtu=1500 connect-to=server.com port=1194 mode=ip user="example.com" password="" profile=ovpn-client certificate=client.cert_0 auth=sha1 cipher=aes256 add-default-route=no