Vpn policies appearing in wrong config?

Hello there,

So I was just checking some scripts and configurations to see if I can learn something about fw marks and such.

But then I noticed that the vanilla vpn policies from gl-inet save their rules inside the network configuration rather than inside firewall config?

As of now the policies just work fine, but isn’t this just a typo inside the policy script?, the node layout looks identical as from the firewall config when I add a firewall rule via luci.

script in question:

root@GL-AXT1800:/etc/init.d# cat vpnpolicy
#!/bin/sh /etc/rc.common


start() {
        enable=$(uci get "vpnpolicy.global.kill_switch")
        [ "$enable" = 2 ] && {
            mkdir -p /tmp/dnsmasq.d/
            echo conntrack  >/tmp/dnsmasq.d/safe_mode_conntrack
        uci set network.policy_bypass_vpn="rule"
        uci set network.policy_bypass_vpn.mark="0x60000/0x60000"
        uci set network.policy_bypass_vpn.lookup="53"
        uci set network.policy_bypass_vpn.priority="53"
        uci set network.policy_via_vpn="rule"
        uci set network.policy_via_vpn.mark="0x80000/0x80000"
        uci set network.policy_via_vpn.lookup="52"
        uci set network.policy_via_vpn.priority="52"
        uci set network.policy_dns="rule"
        uci set network.policy_dns.mark="0x100000/0x100000"
        uci set network.policy_dns.lookup="51"
        uci set network.policy_dns.priority="51"
        uci commit network

                ipset create via_vpn_domain hash:net
                ipset create bypass_vpn_domain hash:net
                ipset create via_vpn_mac hash:mac
                ipset create bypass_vpn_mac hash:mac

It is by design. I don’t know why but it should be correct.

1 Like