I am considering buying a Turris Omnia router. At the moment I am using a Linksys WRT1900ACS with LEDE firmware and OpenVPN client with policy based routing with the package:
Is it possible to use VPN policy based routing with Turris Omnia “out of the box”, or if not, can the VPN policy based routing LEDE package from stangri be installed?
Out of the box is not working since the TO repo is currently different from upstream OpenWRT.
The current stable TO firmware is based on OpenWrt omnia 15.05 r47055 / LuCI 49c3edd5861fd032fa8379ceda525c27a908a114 branch (git-17.212.24321-49c3edd)
The app received an update yesterday through the TO (feed) updater and that went ok too.
Just got around of actually testing it and albeit some error showing in the log (below) it is working (well), that is based on wireguard VPN and utilizing ipset and no iptables. The routes (and related tables) are showing in the LuCI status page.
And it pays to read through the how it works of the Readme as I missed at first
The policy priority is the same as its order as listed in Web UI and /etc/config/vpn-policy-routing. The higher the policy is in the Web UI and configuration file, the higher its priority is.
Had the lan subnet at the top and wondering why particular clients were not routed the other way. Dropping the lan subnet to the bottom of the order set it right and now partiular clients are routed one way and the remainder of the lan subnet another.
Thank you for creating awareness of this app in this forum, it makes routing so much easier…!
notice [32269]: Creating table ‘lan/br-lan/0.0.0.0’ [✗]
notice [32269]: Routing ‘’ via wan [✗]
notice [32269]: service started on wan/pppoe-wan/<ip.redacted> wg0/wg0/<ip.redacted> with errors [✗]
notice [32269]: ERROR: Failed to set up ‘lan/br-lan/0.0.0.0’
ERROR: policy comment is empty!
I received my Turris Omnia 2GB WLAN today and configured VPN with policy based routing (PBR).
Two issues:
to get PBR routing working after a reboot of the router I have to press “save and apply” under the “policy based routing” settings, before that nothing is routed through the VPN tunnel
when installing dnsmasq-full I get the error:
Blockquote
WARNING: You probably just removed a package that was installed as part of a user list or the basic system. This package will return durring the next updater run. We suggest you disable the user list instead.
Installing dnsmasq-full (2.78-2) to root…
The dnsmaqs warning is by design of TO, not sure how such things are handled in OpenWRT.
For it not to return (TO may force some of those basics back) it needs a /etc/updater/conf.d/user.lua file with content Uninstall("dnsmasq")
The first point might due to that PBR is starting at boot prior the ovpn tun is up.
As soon as its started after boot by manually clicking "save and apply* it seems to be running fine. But I have a simple configuration with only one client going through the tunnel and the rest through WAN:
Local IP 192.168.1.110 VPN
IP Range 192.168.1.0/24 WAN
I am curious what would happen to PBR if the tunnel is interrupted for some reason and comes back online, i.e. whether it would require to click save and apply
To anwser that question -
vpn-policy-routing: service monitoring interfaces: