Skip to content

Latest commit

 

History

History
158 lines (110 loc) · 5.38 KB

README.en.md

File metadata and controls

158 lines (110 loc) · 5.38 KB
Raw

Keenetic PBR

workflow status release

keenetic-pbr is not an official product of the Keenetic company and is in no way affiliated with it. This package is created by an independent developer and is provided "as is" without any warranty. Any questions and suggestions regarding the package can be submitted to the GitHub Issues page or the Telegram chat: https://t.me/keenetic_pbr.

> README на русском <

keenetic-pbr is a policy-based routing package for Keenetic routers.

Project Telegram chat (in Russian): https://t.me/keenetic_pbr

With this package, you can set up selective routing for specified IP addresses, subnets, and domains. This is useful if you need to organize secure access to certain resources or selectively distribute traffic across multiple providers (e.g., traffic to site A goes through one provider, while other traffic goes through another).

The package uses ipset to store a large number of addresses in the router's memory without significantly increasing load and dnsmasq to populate this ipset with IP addresses resolved by local network clients.

To configure routing, the package creates scripts in the directories /opt/etc/ndm/netfilter.d and /opt/etc/ndm/ifstatechanged.d.

Features

  • Domain-based routing via dnsmasq
  • IP address-based routing via ipset
  • Configurable routing tables and priorities
  • Automatic configuration for dnsmasq lists

Installation (one-liner)

Connect to your EntWare using SSH and run the following command:

opkg install curl jq && curl -sOfL https://raw.githubusercontent.com/maksimkurb/keenetic-pbr/refs/heads/main/install.sh && sh install.sh

Installation (manual)

  1. Go to releases page and copy URL for the latest .ipk file for your architecture

  2. Download the .ipk file on your router:

    curl -LO <URL-to-latest-ipk-file-for-your-architecture>

  3. Install it using OPKG:

    opkg install keenetic-pbr-*-entware.ipk

This will install Keenetic PBR and configure it on your router.

Configuration

The installer replaces original dnsmasq configuration file. A backup of your original file is saved as /opt/etc/dnsmasq.conf.orig.

Adjust the configuration in the following files according to your needs:

  • Keenetic-PBR configuration: /opt/etc/keenetic-pbr/keenetic-pbr.conf
  • dnsmasq configuration: /opt/etc/dnsmasq.conf

1. Edit keenetic-pbr.conf

Open /opt/etc/keenetic-pbr/keenetic-pbr.conf and edit as needed.

The main thing you probably want to edit is to change interface for routing.

#---------------------#
#   General Settings  #
#---------------------#
[general]
ipset_path = "ipset"                                 # Path to the `ipset` binary file
lists_output_dir = "/opt/etc/keenetic-pbr/lists.d"   # Lists will be downloaded to this folder
dnsmasq_lists_dir = "/opt/etc/dnsmasq.d"             # Downloaded lists will be saved in this directory for dnsmasq
summarize = true                                     # If true, keenetic-pbr will summarize IP addresses and CIDR before applying to ipset

#-------------#
#   IPSET 1   #
#-------------#
[[ipset]]
ipset_name = "vpn"              # Name of the ipset
flush_before_applying = true    # Clear ipset each time before filling it

   [ipset.routing]
   interface = "nwg1"   # Where the traffic for IPs in this ipset will be directed
   fwmark = 1001        # This fwmark will be applied to packets matching the list criteria
   table = 1001         # Routing table number (ip route table); a default gateway to the specified interface above will be added there
   priority = 1001      # Routing rule priority (ip rule priority); the lower the number, the higher the priority

   # List 1 (manual address entry)
   [[ipset.list]]
   name = "local"
   hosts = [
       "ifconfig.co",
       "myip2.ru",
       "1.2.3.4",
       "141.201.11.0/24",
   ]

   # List 2 (download via URL)
   [[ipset.list]]
   name = "remote-list-1"
   url = "https://some-url/list1.lst"  # The file should contain domains, IP addresses, and CIDR, one per line

    # List 3 (download via URL)
   [[ipset.list]]
   name = "remote-list-2"
   url = "https://some-url/list2.lst"

# You can add as many ipsets as you want:
# [[ipset]]
# ipset_name = "direct"
# ...

2. Download lists

After editing the configuration file, download list files

keenetic-pbr download

3. Enable DNS-override

  1. Open the following URL in the browser: 
    http://<router-ip-address>/a
  2. Enter the following commands:
    1. opkg dns-override
    2. system configuration save

4. Restart OPKG and verify if routing works

Restart OPKG and ensure policy-based routing is functioning as expected.

Updating lists

List are updated daily by cron automatically.

You can update lists manually by running the following commands

keenetic-pbr download
/opt/etc/init.d/S80keenetic-pbr restart

Troubleshooting

For any issues, verify your configuration files and logs. Ensure lists are downloaded correctly, and dnsmasq is running with the updated configuration.

Enjoy seamless policy-based routing with Keenetic-PBR!