RBMTX-Viper VPN Policy Routing
The VPN Policy Routing page of RBMTX-Viper router is used to configure the VPN and WAN Policy-Based routing.
Service status
At the top of the page you check the status of the routing. To start, restart, stop, enable or disable the service, use an appropriate button.
| Name | Description |
|---|---|
| Service Status | Status of the service: Stopped (disabled or enabled) or Started (disabled or enabled) |
| Service Control | Start, Restart, Stop, Enable or Disable buttons |
Configuration
Basic Configuration
| Name | Value | Description |
|---|---|---|
| Output verbosity | Suppress/No output, Condensed output or Verbose output, default: Verbose output | Controls both system log and console output verbosity. |
| Strict enforcement | See [Link] for details. | |
| Use resolver's ipset for domains | Disabled or DNSMASQ ipset, default: DNSMASQ ipset | Please check the [Link] before changing this option. |
| IPv6 Support | Disabled or Enabled, default: Disabled |
Advanced Configuration
WARNING: Please make sure to check the README before changing anything in this section! Change any of the settings below with extreme caution!
| Name | Value | Description |
|---|---|---|
| Supported Interfaces | Allows to specify the list of interface names (in lower case) to be explicitly supported by the service. Can be useful if your OpenVPN tunnels have dev option other than tun* or tap*. | |
| Ignored Interfaces | Allows to specify the list of interface names (in lower case) to be ignored by the service. Can be useful if running both VPN server and VPN client on the router. | |
| Boot Time-out | default: 30 | Time (in seconds) for service to wait for WAN gateway discovery on boot. |
| The ipset option for remote policies | Disabled or Use ipset command, default: Disabled | Please check the README before changing this option. |
| The ipset option for local policies | Disabled or Use ipset command, default: Disabled | Please check the README before changing this option. |
| IPTables rule option | Append or Insert | Select Append for -A and Insert for -I. |
| Default ICMP Interface | No Change, WAN or WWAN, default: No Change | Force the ICMP protocol interface. |
| WAN Table ID | integer higher than 200 | Starting (WAN) Table ID number for tables created by the service. |
| WAN Table FW Mark | Starting (WAN) FW Mark for marks used by the service. High starting mark is used to avoid conflict with SQM/QoS. Change with caution together with Service FW Mask. | |
| Service FW Mask | FW Mask used by the service. High mask is used to avoid conflict with SQM/QoS. Change with caution together with WAN Table FW Mark. |
Web UI Configuration
| Name | Value | Description |
|---|---|---|
| Show Enable Column | Disabled or Enabled, default: Disabled | Shows the enable checkbox column for policies, allowing you to quickly enable/disable specific policy without deleting it. |
| Show Protocol Column | Disabled or Enabled, default: Disabled | Shows the protocol column for policies, allowing you to assign a specific protocol to a policy. |
| Supported Protocols | default: tcp, udp, tcp udp, icmp and all | Display these protocols in protocol column in Web UI. |
| Show Chain Column | Disabled or Enabled, default: Disabled | Shows the chain column for policies, allowing you to assign a PREROUTING, FORWARD, INPUT or OUTPUT chain to a policy. |
| Add IGNORE Target | Disabled or Enabled, default: Disabled | Adds `IGNORE` to the list of interfaces for policies, allowing you to skip further processing by VPN Policy Routing. |
| Show Up/Down Buttons | Disabled or Enabled, default: Disabled | Shows the Up/Down buttons for policies, allowing you to move a policy up or down in the list. |
Policies
Comment, interface and at least one other field are required. Multiple local and remote addresses/devices/domains and ports can be space separated. Placeholders below represent just the format/syntax and will not be used if fields are left blank.
| Name | Description |
|---|---|
| Name | |
| Local addresses / devices | |
| Local ports | |
| Remote addresses / domains | |
| Remote ports | |
| Interface |
To add new policy routing use Add button and fill all fields. You can change the order of the policies using Up and Down buttons or delete each one.
DSCP Tagging
Set DSCP tags (in range between 1 and 63) for specific interfaces. See the README for details.
Custom User File Includes
Run the following user files after setting up but before restarting DNSMASQ. Each user file can be deleted and moved up or down in the list. See the README for details.
| Name | Description |
|---|---|
| Enabled | On or Off, default: Off |
| Path |
