Martineau
Part of the Furniture
Now, it works as you said. many thanks @Martineau
Unfortunately, if you are using ARM routers with the TrendMicro EULA activated you will need to apply this (2015 post ??!!)
https://www.snbforums.com/threads/port-forward-while-using-vpn-client.28014/#post-215624
as your 'fwmark' rules are always inserted/managed due to a status change in the VPN client connection.
Unsurprisingly, RMerlin's /usr/sbin/vpnrouting.sh script also manages the creation of the RPDB rules dynamically, based on the status of the VPN Client connection (UP/DOWN.)
However, since v380_68 (e.g. v360.68_2) you will now need to manually set 'Log verbosity (0-11, default=3)=4' for each VPN Client to see them logged in Syslog.
In my opinion there is no technical reason why RMerlin can't assist advanced users by patching /usr/sbin/vpnrouting.sh to include and manage the RPDB 'fwmark' rules by assigning them to the (currently) unused priority slots within his reserved RPDB rule range
e.g.
Code:
ip rule
0: from all lookup local
10000: from all fwmark 0x7000 lookup main
10100: from all fwmark 0x1000 lookup ovpnc1
10300: from all fwmark 0x2000 lookup ovpnc2
10500: from all fwmark 0x3000 lookup ovpnc3
10700: from all fwmark 0x4000 lookup ovpnc4
10900: from all fwmark 0x5000 lookup ovpnc5
Code:
@@ -63,6 +65,16 @@
fi
done
IFS=$OLDIFS
+ ########################################################################################## Martineau Hack 1 of 5
+ if [ $(ip rule | grep -c "from all fwmark 0x7000 lookup main") -eq 0 ];then
+ ip rule add from 0/0 fwmark 0x7000 table 254 prio 10000
+ logger -st "($(basename $0))" $$ "Martineau Adding WAN0 RPDB fwmark rule 0x7000 prio 10000"
+ fi
+ if [ $(ip rule | grep -c "from all fwmark 0x"$VPN_UNIT"000") -eq 0 ];then
+ ip rule add from 0/0 fwmark "0x"$VPN_UNIT"000" table 11$VPN_UNIT prio "10"$((VPN_UNIT*2-1))"00"
+ logger -st "($(basename $0))" $$ "Martineau Adding VPN"$VPN_UNIT "RPDB fwmark rule 0x"$VPN_UNIT"000 prio 10"$((VPN_UNIT*2-1))"00"
+ fi
+ ################################################################################################################
}
purge_client_list(){
@@ -71,9 +83,15 @@
do
if [ $PRIO -ge $START_PRIO -a $PRIO -le $END_PRIO ]
then
+ ########################################################################################## Martineau Hack 2 of 5
+ if [ $PRIO -eq 10000 ];then
+ logger -st "($(basename $0))" $$ "Martineau Skipping deletion of rule" $PRIO "unoffically reserved for WAN fwmark 0x7000"
+ else
ip rule del prio $PRIO
my_logger "Removing rule $PRIO from routing policy"
fi
+ ################################################################################################################
+ fi
done
}
This modification does not undermine the stability nor integrity of the firmware, it simply becomes another optional feature that lies benignly dormant until triggered (like most of the more advanced features of the firmware.)
NOTE: Anyone can apply the patch although you will then need to remember to check all future Rmerlin firmware releases to see if RMerlin has (surreptitiously) updated /usr/sbin/vpnrouting.sh.