vpn-policy-routing: bugfix: remove conflict with vpnbypass

Signed-off-by: Stan Grishin <stangri@melmac.net>

diff --git a/net/vpn-policy-routing/Makefile b/net/vpn-policy-routing/Makefile
index 1122085a29857662fb1f210cb2410c49a630ac1f..f446529ffa52c7742e7cc2800186096a7446e9bf 100644 (file)
--- a/net/vpn-policy-routing/Makefile
+++ b/net/vpn-policy-routing/Makefile
@@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=vpn-policy-routing
 PKG_VERSION:=0.2.1
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Stan Grishin <stangri@melmac.net>
 
@@ -16,7 +16,6 @@ define Package/vpn-policy-routing
        CATEGORY:=Network
        TITLE:=VPN Policy-Based Routing Service
        DEPENDS:=+ipset +iptables +resolveip +kmod-ipt-ipset +iptables-mod-ipopt +!BUSYBOX_CONFIG_IP:ip-full
-       CONFLICTS:=vpnbypass
        PKGARCH:=all
 endef
 

diff --git a/net/vpn-policy-routing/files/README.md b/net/vpn-policy-routing/files/README.md
index cc65b6382ba06f26f36655b7af7c23011ae6d24c..f2b8c8f3653e7d748f7abeafe2af720b0749945c 100644 (file)
--- a/net/vpn-policy-routing/files/README.md
+++ b/net/vpn-policy-routing/files/README.md
@@ -656,7 +656,7 @@ config policy
   option dest_addr 'amazonaws.com netflix.com nflxext.com nflximg.net nflxso.net nflxvideo.net dvd.netflix.com'
 ```
 
-#### Example Includes
+#### Example Custom User Files Includes
 
 ```text
 config include
@@ -666,6 +666,66 @@ config include
   option path '/etc/vpn-policy-routing.aws.user'
 ```
 
+#### Basic OpenVPN Client Config
+
+There are multiple guides online on how to configure the OpenVPN client on OpenWrt "the easy way", and they usually result either in a kill-switch configuration or configuration where the OpenVPN tunnel  cannot be properly (and separately from WAN) routed, either way, incompatible with the VPN Policy-Based Routing.
+
+Below is the sample OpenVPN client configuration for OpenWrt which is guaranteed to work. If you have already deviated from the instructions below (ie: made any changes to any of the ```wan``` or ```lan``` configurations in either ```/etc/config/network``` or ```/etc/config/firewall```), you will need to start from scratch with a fresh OpenWrt install.
+
+Relevant part of ```/etc/config/vpn-policy-routing```:
+
+```text
+config vpn-policy-routing 'config'
+  list supported_interface 'vpnc'
+  ...
+```
+
+The recommended network/firewall settings are below.
+
+Relevant part of ```/etc/config/network``` (**DO NOT** modify default OpenWrt network settings for neither ```wan``` nor ```lan```):
+
+```text
+config interface 'vpnc'
+  option proto 'none'
+  option ifname 'ovpnc0'
+```
+
+Relevant part of ```/etc/config/firewall``` (**DO NOT** modify default OpenWrt firewall settings for neither ```wan``` nor ```lan```):
+
+```text
+config zone
+  option name 'vpnc'
+  option network 'vpnc'
+  option input 'REJECT'
+  option forward 'REJECT'
+  option output 'ACCEPT'
+  option masq '1'
+  option mtu_fix '1'
+
+config forwarding
+  option src 'lan'
+  option dest 'vpnc'
+```
+
+If you have a Guest Network, add the following to the ```/etc/config/firewall```:
+
+```text
+config forwarding
+  option src 'guest'
+  option dest 'vpnc'
+```
+
+Relevant part of ```/etc/config/openvpn``` (configure the rest of the client connection for your specifics by either referring to an existing ```.ovpn``` file or thru the OpenWrt uci settings):
+
+```text
+config openvpn 'vpnc'
+  option enabled '1'
+  option client '1'
+  option dev_type 'tun'
+  option dev 'ovpnc0'
+  ...
+```
+
 ## Footnotes/Known Issues
 
 1. <a name="footnote1"> </a> See [note about multiple OpenVPN clients](#multiple-openvpn-clients).