What's new

Domain-based VPN Routing Script

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

You know, you were actually onto something, I think a 2nd policy with the other interface will work. It will just have lower priority than the higher interface in the IP Rules but if the main one is down then it will work.
It would sound like to me like you would need five different configuration files (based on his screenshot), one for each interface. That's why it might be just simpler to just dynamically edit the configuration file based on which VPN slot is chosen?
 
Last edited:
Here's a little Proof-of-concept... but you get the idea. This needs to be placed in your "/jffs/scripts/openvpn-event" file... You would need to edit the path to your .conf file so that it's correct... but then "theoretically", each time your VPN slot changes and the route comes up, it will modify your "domain_vpn_routing.conf" file to reflect the correct ovpnc#. Not quite sure if the vpn routing script needs a kickstart after this... but hopefully this gets you a little closer.

Code:
#!/bin/sh

confpath="/jffs/scripts/domain_vpn_routing.conf"

[ "${dev:0:4}" = 'tun1' ] && vpn_id=${dev:4:1} && [ "$script_type" = 'route-up' ] && sed -i "s/ovpnc./ovpnc$vpn_id/" "$confpath" &

#PoC
#vpn_id=2
#sed -i "s/ovpnc./ovpnc$vpn_id/" "$confpath"

I can confirm this to work correctly. Fully tested and I for one love it!!!!

Made a backup of my /jffs/scripts/openvpn-event file.

Before modification:
Code:
#!/bin/sh

sh /jffs/scripts/domain_vpn_routing.sh cron # domain_vpn_routing

sh /jffs/scripts/domain_vpn_routing.sh querypolicy all # domain_vpn_routing_queryall

After modification:
Code:
#!/bin/sh
#!/bin/sh

confpath="/jffs/configs/domain_vpn_routing/domain_vpn_routing.conf"

[ "${dev:0:4}" = 'tun1' ] && vpn_id=${dev:4:1} && [ "$script_type" = 'route-up' ] && sed -i "s/ovpnc./ovpnc$vpn_id/" "$confpath" &

#PoC
#vpn_id=2
#sed -i "s/ovpnc./ovpnc$vpn_id/" "$confpath"

sh /jffs/scripts/domain_vpn_routing.sh cron # domain_vpn_routing

sh /jffs/scripts/domain_vpn_routing.sh querypolicy all # domain_vpn_routing_queryall

In VPN director, I clicked on the button to stop OVPN1, then clicked on OVPN4 to start, observed the /jffs/configs/domain_vpn_routing/domain_vpn_routing.conf and it indeed change the interface name to ovpn4. Sweet!!! The logs reflect accordingly and a tracert just for giggles looks great!

Thanks a ton!
 
Last edited:
I can confirm this to work correctly. Fully tested and I for one love it!!!!

After modification:

Here's a cleaned up version to get rid of the other stuff:

Code:
#!/bin/sh

confpath="/jffs/configs/domain_vpn_routing/domain_vpn_routing.conf"

[ "${dev:0:4}" = 'tun1' ] && vpn_id=${dev:4:1} && [ "$script_type" = 'route-up' ] && sed -i "s/ovpnc./ovpnc$vpn_id/" "$confpath" &

sh /jffs/scripts/domain_vpn_routing.sh cron # domain_vpn_routing

sh /jffs/scripts/domain_vpn_routing.sh querypolicy all # domain_vpn_routing_queryall
 
Here's a cleaned up version to get rid of the other stuff:

Code:
#!/bin/sh

confpath="/jffs/configs/domain_vpn_routing/domain_vpn_routing.conf"

[ "${dev:0:4}" = 'tun1' ] && vpn_id=${dev:4:1} && [ "$script_type" = 'route-up' ] && sed -i "s/ovpnc./ovpnc$vpn_id/" "$confpath" &

sh /jffs/scripts/domain_vpn_routing.sh cron # domain_vpn_routing

sh /jffs/scripts/domain_vpn_routing.sh querypolicy all # domain_vpn_routing_queryall
Maybe this can be integrated into the script? @Ranger802004
 
Maybe this can be integrated into the script? @Ranger802004
Just FYI... I believe this would also help make it work with VPNMON-R2 in this case... as VPNMON resets/randomizes to a different VPN client slot, this script will keep all your routing rules intact!
 
Last edited:
I got lost in X3mrouting documentation... too many if then this that and notes to remember. I am sure it has a use case, but this solution is just way simplier and elegant. Solves all my requirements as you can see from my screen shot previously. I only have one server exposed to internet and it truley is not really exposed as it sits behind reverse caddy ssl proxy.
 
I got lost in X3mrouting documentation... too many if then this that and notes to remember. I am sure it has a use case, but this solution is just way simplier and elegant. Solves all my requirements as you can see from my screen shot previously. I only have one server exposed to internet and it truley is not really exposed as it sits behind reverse caddy ssl proxy.
Thank you for the feedback!
 
I got lost in X3mrouting documentation... too many if then this that and notes to remember. I am sure it has a use case, but this solution is just way simplier and elegant. Solves all my requirements as you can see from my screen shot previously. I only have one server exposed to internet and it truley is not really exposed as it sits behind reverse caddy ssl proxy.
x3mrouting is a great script i'm just worried it will eventually stop working and this can hopefully be a replacement for some of the loss functionality.
 
Is there an equivalent of this script for wireguard ?
I don't see why this script would not work. You should try it. When you create a policy, it reads the current interfaces so for your instead of showing ovpncXX it would most likely show wgcXXX. At least that is what I think will happen, do not have WG to test.
 
***RELEASE*** v2.0.0-beta3
Enhancements:
- SSH UI
- Interfaces will now list the friendly name of the interface instead of the tunnel / physical interface name.
- Querying policies will take low CPU priority automatically.
- Cron Jobs will now be added to wan-event.
- NVRAM Checks have been integrated to prevent lock ups.
- Domain VPN Routing will now be called from wan-event in addition to openvpn-event.
- Global Configuration Menu.
- Developer Mode available for testing beta releases.
- Enhanced update function.
- If the IPV6 Service is disabled, IPV6 IP Addresses will not be queried or added to policies. In addition, existing IPv6 IP Addresses in policy files will be removed for optimization.
- Added WireGuard VPN Clients for support
- Changed dark blue text prompts to light cyan for easier reading.

Fixes:
- Visual errors when domain fails to perform DNS lookup.
- Fixed bug introducted in earlier beta for deleting old routes when WAN interface was selected.
 
***RELEASE*** v2.0.0-beta3
Enhancements:
- SSH UI
- Interfaces will now list the friendly name of the interface instead of the tunnel / physical interface name.
- Querying policies will take low CPU priority automatically.
- Cron Jobs will now be added to wan-event.
- NVRAM Checks have been integrated to prevent lock ups.
- Domain VPN Routing will now be called from wan-event in addition to openvpn-event.
- Global Configuration Menu.
- Developer Mode available for testing beta releases.
- Enhanced update function.
- If the IPV6 Service is disabled, IPV6 IP Addresses will not be queried or added to policies. In addition, existing IPv6 IP Addresses in policy files will be removed for optimization.
- Added WireGuard VPN Clients for support
- Changed dark blue text prompts to light cyan for easier reading.

Fixes:
- Visual errors when domain fails to perform DNS lookup.
- Fixed bug introducted in earlier beta for deleting old routes when WAN interface was selected.
Do you think you can incorporate the fix for in the VPN client is changed @Viktor Jaep: gave this this that needs to be placed in your "/jffs/scripts/openvpn-event" file:

#!/bin/sh

confpath="/jffs/configs/domain_vpn_routing/domain_vpn_routing.conf"

[ "${dev:0:4}" = 'tun1' ] && vpn_id=${dev:4:1} && [ "$script_type" = 'route-up' ] && sed -i "s/ovpnc./ovpnc$vpn_id/" "$confpath" &

sh /jffs/scripts/domain_vpn_routing.sh cron # domain_vpn_routing

sh /jffs/scripts/domain_vpn_routing.sh querypolicy all # domain_vpn_routing_queryall
 
Do you think you can incorporate the fix for in the VPN client is changed @Viktor Jaep: gave this this that needs to be placed in your "/jffs/scripts/openvpn-event" file:

#!/bin/sh

confpath="/jffs/configs/domain_vpn_routing/domain_vpn_routing.conf"

[ "${dev:0:4}" = 'tun1' ] && vpn_id=${dev:4:1} && [ "$script_type" = 'route-up' ] && sed -i "s/ovpnc./ovpnc$vpn_id/" "$confpath" &

sh /jffs/scripts/domain_vpn_routing.sh cron # domain_vpn_routing

sh /jffs/scripts/domain_vpn_routing.sh querypolicy all # domain_vpn_routing_queryall
That is more of a function for VPNMON then it would be this script, I am in talks with @Viktor Jaep about this.
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top