Ranger802004
Very Senior Member
Domain-based VPN Routing, your testing on WAN Failover has been great and I think the script is now ready for a production update.What exactly to test Domain-based VPN Routing or Dual WAN Failover?
Domain-based VPN Routing, your testing on WAN Failover has been great and I think the script is now ready for a production update.What exactly to test Domain-based VPN Routing or Dual WAN Failover?
Tested, does not work according to the principle of VPN Director (higher-level rule). Traffic for the desired site also goes through a VPN where a local device is added via tun12. Well then I will use VPN Director by recognizing IP by domain name and adding one by one or rangesDomain-based VPN Routing, your testing on WAN Failover has been great and I think the script is now ready for a production update.
Alright, thank you for testing this! Once I’m finished with v1.5.5 for WAN Failover I will begin improving this tool.Tested, does not work according to the principle of VPN Director (higher-level rule). Traffic for the desired site also goes through a VPN where a local device is added via tun12. Well then I will use VPN Director by recognizing IP by domain name and adding one by one or ranges
It had to do with the way I was using pihole's DNSWhat was the issue?
Added Pihole DNS to DHCP server on both fields
Added Pihole DNS to Wan (for DOT purposes only)
Set DNS Filter to router
Modified Unbound DNS config to use stubby for DNSSEC
Added a DNS Filter entry for Pihole and set it to no filtering
Added VPN director entry
/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vpn_routing/domain_vpn_routing_v1.3-beta.sh" -o "/jffs/scripts/domain_vpn_routing.sh" && chmod 755 /jffs/scripts/domain_vpn_routing.sh
/jffs/scripts/domain_vpn_routing.sh update
It now works perfectly according to the VPN Director principle (a higher-level rule) if two VPN tunnels are used. Even if the device is completely instructed to go through one tunnel, but at the same time it is necessary for a certain site to go through another in beta 1.3 this works. Great job, keep it up.v1.3-beta Release: To use the beta use the following command to replace your production version of the script.
Code:/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vpn_routing/domain_vpn_routing_v1.3-beta.sh" -o "/jffs/scripts/domain_vpn_routing.sh" && chmod 755 /jffs/scripts/domain_vpn_routing.sh
To revert back to production release:
Code:/jffs/scripts/domain_vpn_routing.sh update
To use new functions:
Use parameter "deleteip" for new Delete IP Function. Example: /jffs/scripts/domain_vpn_routing.sh deleteip 192.168.1.1
To configure new Private IP Address exclusion/inclusion setting for a policy, use the Edit Policy parameter "editpolicy". ***NOTE: Default behavior will include Private IPs***
Release Notes:
v1.3-beta
- Added Delete IP Function, this is to delete IPs not desired to be routed by the script. ***This will not prevent the IP from being queried again***
- Created routingdirector function to handle all functions determination of creating routes / IP rules for queried IPs.
- Added configuration option for including or excluding Private IP Addresses per Policy.
- If VPN Director is enabled for an OpenVPN Interface, IP Rules will be created for queried IPv4 Addresses.
- Corrected spelling error for "adddomain" in script menu.
- Decreased Cron Job frequency to every 15 minutes.
Negative, it doesn’t utilize the vpn director but it shares concept. You can view policies you created using the showpolicy command, review the readme for full instructions.thanks for the script! working well on my router.
are the rules supposed to show on the router gui vpn director page?
Negative, it doesn’t utilize the vpn director but it shares concept. You can view policies you created using the showpolicy command, review the readme for full instructions.
That is because it only exists in the beta release at this time but it keeps a policy from querying Private IP addressesthanks.
what is the "Private IP" option? i didn't see it covered on the readme notes
I have considered doing this but had more important issues to resolve first so possibly down the road.Is it possible to make it so that you can configure how often Cron Job frequency?
Are you saying the options to route to specific WAN interfaces?@Ranger802004 It would be nice to add WAN by analogy with VPN Director. Then it would be absolutely fine.
I speak simply and directly by analogy with VPN Director as in the screenshot. And how it works, I honestly don't know, separately WAN0 and WAN1 or only WAN0. I think VPN Director works on the principle of an active WAN.Are you saying the options to route to specific WAN interfaces?
Yea I get the purpose, if you are redirecting all traffic over VPN but want to make exceptions, I'll look into it on a later iteration. I'm sure I can make it happen.I speak simply and directly by analogy with VPN Director as in the screenshot. And how it works, I honestly don't know, separately WAN0 and WAN1 or only WAN0. I think VPN Director works on the principle of an active WAN.
Yes. As you did last time with a VPN about what I asked. For example, all traffic for the device 192.168.1.33 goes through ovpn2, but traffic for the google,com site needs to be sent through ovpn1 (you've done this, it works fine), and traffic for the site www.amazon.com we need to let it through the wan. That's how you need it and it will be a complete analogy of VPN Director, but according to domain names, I think there will be an ideal script.Yea I get the purpose, if you are redirecting all traffic over VPN but want to make exceptions, I'll look into it on a later iteration. I'm sure I can make it happen.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!