What's new

complete iptables newbie needs help with openvpn policy based routing - port based

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

tooandrew

Occasional Visitor
i have installed entware and iptables because the gui's openvpn policy based routing options are only for ip based routing.

i want to route all traffic through port 15444 from any client through the vpn, while leaving everything else to go straight through the wan. ive spent days googling, and i've tried every example i have found for tomato and asuswrt merlin, and it just plain doesn't work - Even if iptables doesn't return any syntax errors, my normal wan ip is reported when i check.

someone please help the bumbling idiot? (me)

edit: trying to see that the script, when run manually, works before i put it in jffs/scripts
 
adjust this script to your needs


/jffs/scripts/vpn-route-1.sh
Code:
#!/bin/sh
# This script goes in /jffs/scripts/vpn-route-1.sh
# Add the following 2 lines to the VPN - OpenVPN Client n - Custom Configuration box
# route-nopull
# route-up /jffs/scripts/vpn-route-1.sh

# clear tun11 (VPN client 1) table, if exists
ip route flush table 11
ip route del default table 11

# not strictly necessary but speeds up routing changes
ip route flush cache

# get tunnel ip
tun11_ip=$(ifconfig tun11 | grep 'inet addr:'| cut -d: -f2 | awk '{ print $1}')

# routing VPN IP range from other side of the tunnel via tun11_ip
# ip route add 192.168.X.Y/24 via $tun11_ip


# routing table for tun11 with divert rule
ip route add default via $tun11_ip dev tun11 table 11
ip rule add dev wl1.1 table 11
#ip rule add from 192.168.xxx.yyy table 11
#ip rule add from 192.168.xxx.zzz table 11

# not strictly necessary
ip route flush cache

# force VPN to default to Google Public DNS, you can use DNS from VPN provider if you setup routing VPN IP range
DNS_SERVER="8.8.8.8 8.8.4.4"
for ip in $DNS_SERVER
do
iptables -t nat -A PREROUTING -i wl1.1 -p udp --dport 53 -j DNAT --to $ip
iptables -t nat -A PREROUTING -i wl1.1 -p tcp --dport 53 -j DNAT --to $ip
#iptables -t nat -A PREROUTING -s 192.168.xxx.yyy -p udp --dport 53 -j DNAT --to $ip
#iptables -t nat -A PREROUTING -s 192.168.xxx.yyy -p tcp --dport 53 -j DNAT --to $ip
#iptables -t nat -A PREROUTING -s 192.168.xxx.zzz -p udp --dport 53 -j DNAT --to $ip
#iptables -t nat -A PREROUTING -s 192.168.xxx.zzz -p tcp --dport 53 -j DNAT --to $ip
done

# VPN kill switch for desired IPs
#iptables -I FORWARD ! -o tun11 -s 192.168.xxx.yyy -j DROP
#iptables -I FORWARD ! -o tun11 -s 192.168.xxx.zzz -j DROP

exit 0

in this case DNS resolving is forced through VPN tunnel

http://www.snbforums.com/threads/de...-usual-with-asuswrt-merlin.31415/#post-252931
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top