Domain-based VPN Routing Script

[Ranger802004]

I would say yes if it was only specific to VPNMON. However, I don't think your script is updating the routing tables if you just toggle the client through the regular web interface. Meaning without VPNMON installed.

Routes are updated via cron job every 15 minutes when it performs nslookups for the domains in each policy or on WAN event and OpenVPN events if those scripts are triggered.

 

[Ranger802004]

***RELEASE*** v2.0.0-beta3
Enhancements:
- SSH UI
- Interfaces will now list the friendly name of the interface instead of the tunnel / physical interface name.
- Querying policies will take low CPU priority automatically.
- Cron Jobs will now be added to wan-event.
- NVRAM Checks have been integrated to prevent lock ups.
- Domain VPN Routing will now be called from wan-event in addition to openvpn-event.
- Global Configuration Menu.
- Developer Mode available for testing beta releases.
- Enhanced update function.
- If the IPV6 Service is disabled, IPV6 IP Addresses will not be queried or added to policies. In addition, existing IPv6 IP Addresses in policy files will be removed for optimization.
- Added WireGuard VPN Clients for support
- Changed dark blue text prompts to light cyan for easier reading.

Fixes:
- Visual errors when domain fails to perform DNS lookup.
- Fixed bug introducted in earlier beta for deleting old routes when WAN interface was selected.

Published a minor change for beta3 so if you have already installed, run your update again and it will fail checksum and ask you to reinstall, thanks.

 

[Kyjiep]

Published a minor change for beta3 so if you have already installed, run your update again and it will fail checksum and ask you to reinstall, thanks.

Thanks for your great job! I tried with wireguard, everything works like with openvpn. Now I plan to completely abandon the openvpn client, and use only the wireguard. Is the openvpn-event needed for the properly work of Domine-based VPN Routing Script with the wireguard client?

 

[Ranger802004]

Thanks for your great job! I tried with wireguard, everything works like with openvpn. Now I plan to completely abandon the openvpn client, and use only the wireguard. Is the openvpn-event needed for the properly work of Domine-based VPN Routing Script with the wireguard client?

I would leave it for now as I haven't integrated the wireguard exceution off of a script execution except for wan-event and the standard 15 minute cron job, I'm not sure it would have an effect anyway but it shouldn't hurt anything to leave it.

 

[Olivier L]

Hi is it compatible with wireguard manager script from @Martineau ?

 

[Ranger802004]

I have never reviewed this script so I can’t say it’s implemented exactly the same as wireguard part of the firmware.

 

[Olivier L]

Thank you I have tried it, and it is working. we cannot route through wg11 for exemple ? I can only route through wan interfaces, which is what I want to do for now.

 

[js28194]

Upgraded and all is working as expected:
One Client out side of VPN (certain Domains it accesses route inside VPN via this script)
All other clients route inside VPN (nothing to be done here)
Certain domains route Outside VPN over WAN for ALL clients (this script handles it)

Looking great so far with VPN Director automation, hope it moves out of Beta and into Release mode.

P.S Cannot test WireGuard, no need for it at this time.

 

[ComputerSteve]

How do I use this script to route the domains to wan from wireguard... I've selected wgc1 but I want to route the domains I added to the policy to wan so it bypasses wireguard.. Do I select the interface of Wan or WGC1 ???

 

[js28194]

How do I use this script to route the domains to wan from wireguard... I've selected wgc1 but I want to route the domains I added to the policy to wan so it bypasses wireguard.. Do I select the interface of Wan or WGC1 ???

What does that mean??

Either Domains route THROUGH WAN based on a policy or domains route THROUGH WGC1 based on seperate policy. Both of these are outbound from your network.

You maybe experience same issue as Oliver L. in post https://www.snbforums.com/threads/domain-based-vpn-routing-script.79264/page-14#post-843691 He did not provide any more information such as a traceroute on a specific domain to route through WG11.

Would wait for Ranger to comment.

 

[Olivier L]

Thank you I have tried it, and it is working. we cannot route through wg11 for exemple ? I can only route through wan interfaces, which is what I want to do for now.

I mean, the only interfaces listed by the script (when when add a new policy) are wan, wan0 and wan1.

 

[Ranger802004]

I mean, the only interfaces listed by the script (when when add a new policy) are wan, wan0 and wan1.

Sounds like you are using Dual WAN, I would recommend reading the release notes for the beta and the readme.

 

[Olivier L]

No I am not.

 

[Ranger802004]

***v2.0.0-beta4 has been released***
v2.0.0-beta4 - 06/01/2023
Enhancements:
- SSH UI
- Interfaces will now list the friendly name of the interface instead of the tunnel / physical interface name.
- Querying policies will take low CPU priority automatically.
- Cron Jobs will now be added to wan-event.
- NVRAM Checks have been integrated to prevent lock ups.
- Domain VPN Routing will now be called from wan-event in addition to openvpn-event.
- Global Configuration Menu.
- Developer Mode available for testing beta releases.
- Enhanced update function.
- If the IPV6 Service is disabled, IPV6 IP Addresses will not be queried or added to policies. In addition, existing IPv6 IP Addresses in policy files will be removed for optimization.
- Added WireGuard VPN Clients for support
- Changed dark blue text prompts to light cyan for easier reading.
- General optimization.

Fixes:
- Visual errors when domain fails to perform DNS lookup.
- Visual bugs when Query Policy was executing domain queries.
- Fixed bug introducted in earlier beta for deleting old routes when WAN interface was selected.
- False positive errors stating IP routes failed to create.

 

[Olivier L]

script is still proposing me only interfaces wan/wan0/wan1. I have only wan0 activated. I have wg11 and wg12 running.

 

[Ranger802004]

script is still proposing me only interfaces wan/wan0/wan1. I have only wan0 activated. I have wg11 and wg12 running.

Send the output of this command.

nvram get wans_dualwan

 

[Olivier L]

wan none

 

[Ranger802004]

script is still proposing me only interfaces wan/wan0/wan1. I have only wan0 activated. I have wg11 and wg12 running.

Are you using the built in Wireguard or the add on script?

 

[Olivier L]

I am using Wireguard Manager Script.

 

[Ranger802004]

I am using Wireguard Manager Script.

Ok that may be why you're not seeing the interfaces, I built in logic for using the built in Wireguard.