Sample Header Ad - 728x90

Very strange routing lags on Keenetic Entware

1 vote
0 answers
261 views
networking scripting iptables wireguard ipset
So, Keenetic Hopper with Entware. I have written several scripts for selective routing. All these scripts work fine, no runtime errors, and the routing works. Ping via Wireguard works fine, but problems occur when I go into the browser, everything is very slow. To be honest I have no idea what the problem could be, the only thing is if I turn off my scripts and set wireguard as the priority connection in the web interface, all the traffic will go through wireguard normally, without any problems or lags, I think the problem is in my routing. There are my scripts: 
# /opt/etc/ndm/fs.d/100_hirkn-ipsets.sh

#!/bin/sh

[ "$1" != "start" ] && exit 0

echo " --- HIRKN ENTRY POINT --- "

RKN_SET_FILE="/opt/root/rkn.lst"
GOOGLE_SET_FILE="/opt/root/google.lst"
CUSTOM_SET_FILE="/opt/root/custom.lst"

function create_ipset()
{
        IPSET_NAME=$1
        ipset create $IPSET_NAME hash:net family inet -!
}

function fill_ipset()
{
        FILE="$1"
        IPSET_NAME="$2"
        data=$(cat $FILE)
        for row_data in $data
        do
                ipset add $IPSET_NAME ${row_data} -!
        done
}

function create_and_fill_ipset() {
        IPSET_NAME="$1"
        FILE="$2"
        create_ipset $IPSET_NAME
        fill_ipset $FILE $IPSET_NAME
}

if [ -z "$(ip route list table 1)" ]; then
    ip rule add fwmark 1 table 1
    ip route add default dev nwg0 table 1
fi

create_ipset "HIRKN"
create_ipset "HIGOOGLE"
create_ipset "HICUSTOM"

#fill_ipset $RKN_SET_FILE "HIRKN"
#fill_ipset $GOOGLE_SET_FILE "HIGOOGLE"
#fill_ipset $CUSTOM_SET_FILE "HICUSTOM"

#create_and_fill_ipset "HIRKN" $RKN_SET_FILE
#create_and_fill_ipset "HIGOOGLE" $GOOGLE_SET_FILE
#create_and_fill_ipset "HICUSTOM" $CUSTOM_SET_FILE

exit 0
# /opt/etc/ndm/netfilter.d/99_hirkn-fwmarks.sh

#!/bin/sh

[ "$type" != "iptables" ] && exit 0
[ "$table" != "mangle" ] && exit 0

echo "HIRKN: Creating $type rule on table $table !"

[ -z "$(iptables-save | grep HIRKN)" ] && \
	iptables -w -A PREROUTING -t mangle -m set --match-set HIRKN dst,src -j MARK --set-mark 1
[ -z "$(iptables-save | grep HIGOOGLE)" ] && \
	iptables -w -A PREROUTING -t mangle -m set --match-set HIGOOGLE dst,src -j MARK --set-mark 1
[ -z "$(iptables-save | grep HICUSTOM)" ] && \
	iptables -w -A PREROUTING -t mangle -m set --match-set HICUSTOM dst,src -j MARK --set-mark 1

exit 0
I mostly use the HIRKN set, it's formed from `rkn.lst`, which is taken from here: https://antifilter.download/list/allyouneed.lst If anyone has any guesses, I'd love to hear about it! P.S.: The number of records in the set has no effect, one record or 10000 is the same
Asked by NukDokPlex (33 rep)
Oct 8, 2022, 11:43 AM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "networking"
More questions tagged "scripting"
More questions tagged "iptables"
Footer Ad - 728x90