1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is Shibby Tomato 140 Routing Policy not working?

Discussion in 'Tomato Firmware' started by jimford, Sep 4, 2017.

  1. jimford

    jimford Reformed Router Member

    I want to use VPN policy routing on my Shibby Tomato router, but it doesn't appear to work.

    Whatever I put in the 'Source IP' box, the 'Enable' box gets ticked, but is greyed out - so I guess it hasn't actually been enable.

    Has anyone got this feature working?

    Jim
     
  2. Combat619

    Combat619 New Member Member

    Try to fresh reset see if that works. It work for me

    Sent from my LG-K540 using Tapatalk
     
  3. jimford

    jimford Reformed Router Member

    What, stop and then start the VPN (this doesn't work for me)?

    Thanks for the reply, Jim
     
  4. Combat619

    Combat619 New Member Member

    Hard reset your router I was having same issues your having hard reset help out

    Sent from my LG-K540 using Tapatalk
     
  5. jimford

    jimford Reformed Router Member

    Mmm, you mean a 30-30-30 reset and start again configuring the router. I was hoping there was an easier way than that.

    Thanks again for the reply, 'Combat619'.

    Jim
     
  6. Jose C

    Jose C Serious Server Member

    I had that problem the first time, just power cycle the router and then it worked.


    Sent from my iPhone using Tapatalk
     
  7. jimford

    jimford Reformed Router Member

    Thanks 'Jose C'. I've just tried it - it didn't make any difference.

    I guess it's now down to clearing the NVRAM and re-configuring the router - which is a major pain!

    Jim
     
  8. pena1348

    pena1348 Networkin' Nut Member

    I just did an install of Shibby 140 on my RT-AC56U and found my routing policy was not working either.
    (OpenVPN running - Source IP 192.168.1.0 - Destination IP 0.0.0.0)
    Don't know if my routing policy is correct.
    P
     
  9. jimford

    jimford Reformed Router Member

    I've not found any information on how the Routing Policy section should be filled in. Whatever I put in the boxes, the tick in the enabled box remains greyed out.

    Jim
     
  10. pena1348

    pena1348 Networkin' Nut Member

    My "enable" boxes are not grayed out. The status indicates that the tunnel is up, but www.whatsmyxx.org indicates the ip given by my isp ???

    P
     
  11. jimford

    jimford Reformed Router Member

    The VPN on my router is working fine, except that Routing Policy doesn't.

    Jim
     
  12. Jose C

    Jose C Serious Server Member

    This is what I have and only the ips listed go through vpn, everything else is not.

    [​IMG]

    [​IMG]


    Sent from my iPhone using Tapatalk
     
  13. jimford

    jimford Reformed Router Member

    Thanks 'Jose C' - the screen shots you show are very interesting and deviate from the configuration pages on my set-up.

    I'm using the latest Shibby (140) Mips build, whereas you are apparently using an Arm build. The main difference I see is that you have both the 'route-nopull' and 'route-noexec' boxes ticked. I can't on my set-up. If I tick one box, the other disappears. I can't have both boxes ticked together.

    I wonder if the Mips build is broken, whereas the Arm isn't?

    Thanks again for the post.

    Jim
     
  14. Phil67ago

    Phil67ago New Member Member

    I'm also stuck on almost same problem, I can't route a segment or an address through the PPTP Client.

    Netgear R7000
    Tomato Firmware 1.28.0000 -140 K26ARM USB AIO-64K

    == PPTP Client Configuration ==
    Start with WAN: checked
    Server Address: (....)
    Username: (....)
    Password: (....)
    Encryption: None
    Stateless MPPE connection: checked
    Accept DNS configuration: Disabled
    Redirect Internet traffic: Disabled (doesn't matter if on or off)
    Remote subnet / netmask 10.0.0.0/255.0.0.0
    Create NAT on tunnel: Checked
    MTU: Default 1450
    MRU: Default 1450
    Custom Configuration: (empty)

    == In ssh terminal ==
    ip rule add from 192.168.0.15 table 200 prio 4
    ip route flush table 200
    VPN_GW=`ifconfig ppp4 | awk '/inet addr/ {split ($3,A,":"); print A[2]}'`; ip route add table 200 default via $VPN_GW dev ppp4
    ip route flush cache

    iptables -I FORWARD -i br0 -o ppp4 -j ACCEPT
    iptables -I FORWARD -i ppp4 -o br0 -j ACCEPT
    iptables -I INPUT -i ppp4 -j REJECT
    iptables -t nat -A POSTROUTING -o ppp4 -j MASQUERADE

    ==
    I can verify that the PPTP Client is work by routing all traffic through the client.
    Done by changing the default routing:
    ip route del default
    VPN_GW=`ifconfig ppp4 | awk '/inet addr/ {split ($3,A,":"); print A[2]}'`; ip route add default via $VPN_GW dev ppp4
    iptables -t nat -A POSTROUTING -o ppp4 -j MASQUERADE
    ip route flush cache

    Using Wireshark on the WAN side shows that only 2 requests are encapsulated by PPP

    10.1.0.5 215.x.x.x TCP 55001->80 [SYN] (Encapsulated in PPP)
    215.x.x.x 10.1.0.5 TCP 80->55001 [SYN, ACK] (Encapsulated in PPP)
    10.1.0.5 215.x.x.x TCP 55001->80 [ACK] (NOT!!! Encapsulated in PPP)
    The rest of the traffic is not Encapsulated. If all traffic are routed through PPTP Client then all packages are correctly encapsulated in PPP!

    When looking at the SYN / SYN,ACK above it is like iptable is doing something with 'Established connection' but I can't find any statement indicating this.

    I may have missed something simple....

    /Phil
     
  15. jimford

    jimford Reformed Router Member

    The problems reported prior to your post 'Phil67ago', relate to the OpenVPN client. Not sure if your problem is connected. (I thought PPTP was deprecated, as it has serious vulnerabilities.)

    Jim
     
  16. Phil67ago

    Phil67ago New Member Member

    I am forced to use PPTP even if it may not be the best, I have no control of the other end...

    Yes, maybe it isn't the same problem...
     

Share This Page