Community discussions

 
Lilarcor
just joined
Topic Author
Posts: 12
Joined: Sun Oct 08, 2017 3:16 am

dns forwarder and routing for ros self

Fri Jul 13, 2018 1:20 pm

I set up a vpn client on my ros. And I made some mangle rules to let my clients behind ros to access websites(example.com) through vpn tunnel, it works like a charm. And I want to make some scripts on ros self to test, unfortunately, I found the ros can't access example.com through the vpn tunnel. The reason I want my ros to use vpn to access the example.com is that website is unreachable directly through local ISP provided internet connection. Can someone help me out ?
 
nescafe2002
Member
Member
Posts: 327
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: dns forwarder and routing for ros self

Fri Jul 13, 2018 1:32 pm

The mangle rules you have created in prerouting chain have to be created in output chain as well to be applied to router initiated connections.
 
Lilarcor
just joined
Topic Author
Posts: 12
Joined: Sun Oct 08, 2017 3:16 am

Re: dns forwarder and routing for ros self

Fri Jul 13, 2018 4:20 pm

Is there anything I am missing? I use following rules for ros self, not working. sstp-linode is the ros vpn client connection. 192.168.6.1 is my ros lan ip.
/ip route
add check-gateway=ping distance=1 gateway=sstp-linode routing-mark=linode_gfw
add check-gateway=ping distance=1 dst-address=8.8.8.8/32 gateway=sstp-linode
/ip firewall mangle
add action=mark-routing chain=output dst-address-list=!novpn dst-address-type=\
    !local log-prefix=linode_gfw new-routing-mark=linode_gfw passthrough=no \
    src-address=192.168.6.1  
/ip firewall nat
   add action=dst-nat chain=dstnat dst-address-list=!novpn dst-port=53 log-prefix=\
    google_dns protocol=udp src-address=192.168.6.1 to-addresses=8.8.8.8 \
    to-ports=53
 
nescafe2002
Member
Member
Posts: 327
Joined: Tue Aug 11, 2015 12:46 pm
Location: Netherlands

Re: dns forwarder and routing for ros self

Fri Jul 13, 2018 4:25 pm

You cannot dstnat in firewall nat output chain (known limitation).

But you can update upstream server in dns settings and mark routing in firewall mange output chain.
/ip firewall mangle
add action=mark-routing chain=output dst-address=8.8.8.8 dst-port=53 new-routing-mark=via-vpn passthrough=yes protocol=udp
 
Lilarcor
just joined
Topic Author
Posts: 12
Joined: Sun Oct 08, 2017 3:16 am

Re: dns forwarder and routing for ros self

Fri Jul 13, 2018 4:44 pm

thanks for your prompt reply,nescafe2002. I tried your rule, there is no package pass the rule, very strange.
 
Lilarcor
just joined
Topic Author
Posts: 12
Joined: Sun Oct 08, 2017 3:16 am

Re: dns forwarder and routing for ros self

Sat Jul 14, 2018 7:13 am

Let ros itself to use vpn tunnel is very different with other clients behind ros. Finally I have to manually get the target web IP and add it into route table to let it pass vpn tunnel, now it’s working. It’s just a work around. I appreciate if someone have better solution.

Who is online

Users browsing this forum: johnp123 and 10 guests