I need to re-open this, unfortunately. I’ve continued to have the issue even after changing the cellular mwan3 check to use localhost ping checks (no longer using httping)
I discovered that there is infact a packet routing issue while troubleshooting a connection to a new wireguard connection via my upstream router (on a linksys openwrt, not brume2)
after about 8 to 12 hours from the last reset the following occurs for all IP’s/domains in the exclusion:
Set far end router IP as VPN policy exclusion
packets are sent from my network, thru brume 2 which I captured in tcpdump
packets are seen in the Brume2 leaving towards the internet
The packets are seen on the other end, and reply packets are seen sent back to my local network in tcpdump
The reply packets are seen on the brume2 WAN interface via tcpdump (easytether)
the reply packets are not seen on the brume2 LAN interface
Once I restart the openvpn client on Brume2 AND toggle VPN policy to Global and then to exclude IPs, the connection is restored for ALL excluded IP’s in the VPN Policy No reboot is necessary, but both have to be restarted/toggled, the order doesn’t seem to matter.
Some additional observations: This does not effect IPs that have a persistent connection, it only effects new connections that hadn’t been made until after the 8-12 hours it works.
How do I set vpn policies ? I don’t even see that on the gui , do I need to do it in cli and where to start cli screen? so I need to install any plugins first?
I’m having the same problem, MAC clients excluded via VPN Policy from using the VPN are dropped after few hours and the only solution is to reboot. This is an extremely annoying issue!! I made the switch from PfSense for similar problems I had where the only solution was to reboot it. Seems I’m cursed. Do fix this asap, please!
PS: added this functionality to the Android app too, I was pissed off that I cannot manage my exclusion list from my phone.
Thanks.
I mean that it works for a while, then the connections are dropped. Example, I can watch 2 episodes of Netflix using the “VPN Policy Base On The Client Device” or policy “defined by IP address or domain name”, the when on the 3rd I lose connection to Netflix altogether.
Currently mwan3 and vpnpolicy not working well together. We’re consider to adopt a new way to organize multi-wan and policy routing, with a new kmod and change route tables.