ВяткинАртём
e5dc08987d
- Introduced "Docker Build & Test Engineer" agent for building and testing Docker images. - Added "TestLink Autotest Engineer" agent for generating and verifying autotests from TestLink cases. - Created "Branch Review Engineer" agent for reviewing branch diffs and proposing improvements. - Developed "OpenWrt VPN & Network Engineer" agent for designing and implementing OpenWrt networking with VPN. - Established a structured directory for agents, skills, prompts, instructions, and hooks under `.github/`. - Implemented detailed skills for branch review processes, including reading code, analyzing improvements, and applying changes. - Added skills for OpenWrt network discovery, VPN routing, and hardening. - Created README files for better documentation and navigation of the repository structure.
89 lines
2.1 KiB
Markdown
89 lines
2.1 KiB
Markdown
---
|
|
name: openwrt-vpn-routing
|
|
description: "Design and implement OpenWrt VPN routing with xray/sing-box/WireGuard/OpenVPN, DNS, split tunneling, GeoIP, ASN, and selective tunnel by destination IP. Use when: openwrt vpn routing, policy based routing, split tunneling openwrt, xray routing rules, sing-box route rules, geoip asn tunnel policy."
|
|
argument-hint: "Confirmed topology and tunnel policy from discovery stage"
|
|
---
|
|
|
|
# OpenWrt VPN Routing
|
|
|
|
Design and produce concrete configuration for advanced OpenWrt VPN routing.
|
|
|
|
## Inputs Required
|
|
|
|
- Discovery summary from `openwrt-network-discovery`
|
|
- Chosen VPN stack and endpoint details
|
|
- Explicit tunnel policy (IP/domain/GeoIP/ASN)
|
|
|
|
## Procedure
|
|
|
|
### Step 1 - Select Control Plane
|
|
|
|
Choose one primary routing controller:
|
|
- `pbr` package for policy-based routing
|
|
- native `ip rule` + custom routing tables
|
|
- service-level route control in xray/sing-box
|
|
|
|
Document why the selected approach fits the request.
|
|
|
|
### Step 2 - Build Tunnel and Interface Mapping
|
|
|
|
Define:
|
|
- tunnel interface lifecycle and startup order
|
|
- firewall zones and forwarding path
|
|
- metric priorities and failover behavior
|
|
|
|
### Step 3 - Implement Selective Routing
|
|
|
|
Implement selective tunnel behavior for:
|
|
- static destination IP sets
|
|
- domain groups resolved into nft/ipset targets
|
|
- GeoIP categories
|
|
- ASN-based destination grouping
|
|
|
|
Ensure LAN bypass and management-plane safety are explicit.
|
|
|
|
### Step 4 - Configure DNS Path
|
|
|
|
Set DNS so route policy and resolver path are consistent:
|
|
- resolver selection for tunneled and non-tunneled traffic
|
|
- anti-leak controls
|
|
- optional encrypted DNS
|
|
|
|
### Step 5 - Produce Config and Commands
|
|
|
|
Provide practical snippets for:
|
|
- `/etc/config/network`
|
|
- `/etc/config/firewall`
|
|
- `/etc/config/pbr` (if used)
|
|
- xray or sing-box route blocks
|
|
- validation commands
|
|
|
|
## Validation Checklist
|
|
|
|
- `ip rule show`
|
|
- `ip route show table <id>`
|
|
- `nft list ruleset`
|
|
- test destination inside and outside tunnel policy
|
|
- DNS resolver path checks
|
|
|
|
## Output Format
|
|
|
|
```md
|
|
## VPN Routing Plan
|
|
|
|
### Architecture
|
|
- ...
|
|
|
|
### Config Snippets
|
|
- file: ...
|
|
- snippet: ...
|
|
|
|
### Apply Order
|
|
1. ...
|
|
2. ...
|
|
3. ...
|
|
|
|
### Validation
|
|
- ...
|
|
```
|