What's new

Domain-based VPN Routing Script

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Ranger802004

Very Senior Member
Domain VPN Routing is a tool used to route specific website domains to specific VPN tunnels or override all traffic being routed to a VPN tunnel to directly route through a WAN interface.

***v2.1.0 Release****
This is the release information regarding v2.1.0, please read the notes carefully prior to installing.

Considerations ***READ CAREFULLY***:
- Due to the configuration differences between v1.x and v2.x.x there are configuration changes made during the upgrade that will not allow the script to automatically be reverted back to v1.x, a back up of the original configuration is created under /jffs/configs/domain_vpn_routing/domain_vpn_routing.conf-<Datestamp>.bak and would have to be restored to be used if Domain VPN Routing is reverted back to v1.x.
- Domain VPN Routing will now use interface friendly names instead of actual interface names. Example: tun11 will be replaced by ovpnc1, eth0 will be replaced by wan0
- There is an option to select "wan" when using Dual WAN mode, this will essentially keep the domain routing tied to the primary WAN at any given time as opposed to wan0 / wan1 keeping the traffic bound to the specific interface.
- A new global configuration will be created during the upgrade, by default Dev Mode is Disabled during the creation. To enable you can use the new SSH UI Menu to enable in the Global Configuration Menu.
- Domain VPN Routing will now be called by wan-event script in addition to openvpn-event.

Readme - https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vpn_routing/readme.txt

Script - https://raw.githubusercontent.com/R...main/domain_vpn_routing/domain_vpn_routing.sh

Install Command:
Code:
/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vpn_routing/domain_vpn_routing.sh" -o "/jffs/scripts/domain_vpn_routing.sh" && chmod 755 /jffs/scripts/domain_vpn_routing.sh && sh /jffs/scripts/domain_vpn_routing.sh install

Upgrade from v1.x Command:
Code:
/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vpn_routing/domain_vpn_routing.sh" -o "/jffs/scripts/domain_vpn_routing.sh" && chmod 755 /jffs/scripts/domain_vpn_routing.sh && sh /jffs/scripts/domain_vpn_routing.sh

Release Notes:
v2.1.0 - 10/06/2023
Enhancements:
- DNSMasq log is now utilized if enabled to query for domain records to route. The log path will be captured from the DNSMasq Configuration.
- IPSets, IPTables Rules, and IP Rules using FWMarks have been implemented to reduce the amount of routes / rules that are created for policies.
- Added Check Interval configuration options to Configuration Menu to modify the cron job schedule between 1 - 59 minutes. Default: 15 minutes
- The current interface for a Policy will be displayed when in the Edit Policy configuration menu.
- Added default FWMark and Mask values for OpenVPN and WireGuard clients that can be changed in the configuration menu. Reboot required for changes.
- Log priority values added (Critical, Error, Warning, Notice, Informational, Debug)
- Additional logging messages have been added.
- Added Boot Delay Timer configuration setting to delay execution to wait and allow VPN tunnels to initalize during start up before querying for policies. Default: 0 Seconds
- Added Reset Default Configuration to Configuration Menu, additionally the command argument resetconfig can be used.

Fixes:
- Fixed an issue where adding a domain with the same partial name as an existing in a policy prevented it from being added.
- Fixed an issue that causes the update function to hang when complete as well as when terminating Domain VPN Routing.
- Fixed an issue preventing installation where Domain VPN Routing was trying to access the global configuration before it was created.
- Fixed an issue where the alias "domain_vpn_routing" was not being deleted during uninstallation.
- Fixed an issue where changing the Check Interval causes the Domain VPN Routing to hang on Query Policy screen instead of returning to Configuration Menu.
- Fixed an issue when editing a policy and changing the interface would cause a parameter not set error.
- Fixed an issue that wouldn't allow FWMark and Mask settings in the configuration to be null.
- Fixed an issue that caused uninstallation to prompt multiple times for confirmation during uninstall process.
- Fixed an issue that prevented the menu from loading when Domain VPN Routing was not installed.
 

Attachments

  • 1682448403525.png
    1682448403525.png
    198.8 KB · Views: 1,181
Last edited:
The idea is very good. Added ethermine to turn 15 (as I understand it, this is VPN client 5, everything is OK according to the logs, but the traffic does not go through VPN client 5 :(

After restart router
Code:
Jun 10 14:55:43 domain_vpn_routing.sh: Cron - Creating cron job
Jun 10 14:55:43 domain_vpn_routing.sh: Cron - Completed creating cron job
Jun 10 15:00:00 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying ethermine.org
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying eu1.ethermine.org
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Adding route for 2606:4700:90:0:5a66:8b85:453f:4bc6 dev tun15
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Route added for 2606:4700:90:0:5a66:8b85:453f:4bc6 dev tun15
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Adding route for 2606:4700::6812:d8e8 dev tun15
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Route added for 2606:4700::6812:d8e8 dev tun15
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Adding route for 2606:4700::6812:d9e8 dev tun15
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Route added for 2606:4700::6812:d9e8 dev tun15
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Adding route for 104.18.216.232 dev tun15 table ovpnc5
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Route added for 104.18.216.232 dev tun15 table ovpnc5
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Adding route for 104.18.217.232 dev tun15 table ovpnc5
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Route added for 104.18.217.232 dev tun15 table ovpnc5
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Adding route for 172.65.218.130 dev tun15 table ovpnc5
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Route added for 172.65.218.130 dev tun15 table ovpnc5
Jun 10 15:05:01 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying ethermine.org
Jun 10 15:05:01 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying eu1.ethermine.org
Jun 10 15:10:00 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying ethermine.org
Jun 10 15:10:01 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying eu1.ethermine.org
but don't work :(


p.s.
I added it to the VPN Director and everything worked right away
Code:
Jun 10 15:12:32 openvpn-routing: Routing ethermine server from any to 172.65.218.130 through ovpnc5
Jun 10 15:12:32 openvpn-routing: Routing ethermine 1 from any to 104.18.216.232 through ovpnc5
Jun 10 15:12:32 openvpn-routing: Routing ethermine 2 from any to 104.18.217.232 through ovpnc5
 
Last edited:
The idea is very good. Added ethermine to turn 15 (as I understand it, this is VPN client 5, everything is OK according to the logs, but the traffic does not go through VPN client 5 :(

After restart router
Code:
Jun 10 14:55:43 domain_vpn_routing.sh: Cron - Creating cron job
Jun 10 14:55:43 domain_vpn_routing.sh: Cron - Completed creating cron job
Jun 10 15:00:00 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying ethermine.org
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying eu1.ethermine.org
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Adding route for 2606:4700:90:0:5a66:8b85:453f:4bc6 dev tun15
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Route added for 2606:4700:90:0:5a66:8b85:453f:4bc6 dev tun15
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Adding route for 2606:4700::6812:d8e8 dev tun15
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Route added for 2606:4700::6812:d8e8 dev tun15
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Adding route for 2606:4700::6812:d9e8 dev tun15
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Route added for 2606:4700::6812:d9e8 dev tun15
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Adding route for 104.18.216.232 dev tun15 table ovpnc5
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Route added for 104.18.216.232 dev tun15 table ovpnc5
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Adding route for 104.18.217.232 dev tun15 table ovpnc5
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Route added for 104.18.217.232 dev tun15 table ovpnc5
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Adding route for 172.65.218.130 dev tun15 table ovpnc5
Jun 10 15:00:01 domain_vpn_routing.sh: Query Policy - Route added for 172.65.218.130 dev tun15 table ovpnc5
Jun 10 15:05:01 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying ethermine.org
Jun 10 15:05:01 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying eu1.ethermine.org
Jun 10 15:10:00 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying ethermine.org
Jun 10 15:10:01 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying eu1.ethermine.org
but don't work :(


p.s.
I added it to the VPN Director and everything worked right away
Code:
Jun 10 15:12:32 openvpn-routing: Routing ethermine server from any to 172.65.218.130 through ovpnc5
Jun 10 15:12:32 openvpn-routing: Routing ethermine 1 from any to 104.18.216.232 through ovpnc5
Jun 10 15:12:32 openvpn-routing: Routing ethermine 2 from any to 104.18.217.232 through ovpnc5

Try a trace route of the IP from console once the script runs and created the routes, it could be a route cache issue.
 
Try a trace route of the IP from console once the script runs and created the routes, it could be a route cache issue.
I performed routing from the router and from a computer connected to the router, the route goes without a VPN if I turn off this site in VPN director. I'll wait for someone else to unsubscribe, maybe it's my problem.
Is there any command to check all the current routes?

In fact, it is very easy for me to check whether the script is working or not, if the script does not work, then I cannot connect to ethermine due to their restriction on my main (non-VPN) ip.

And another question, how will it be possible to remove the message from the log every 5 minutes?
Code:
Jun 10 15:50:00 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying ethermine.org
Jun 10 15:50:00 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying eu1.ethermine.org
Jun 10 15:55:00 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying ethermine.org
Jun 10 15:55:00 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying eu1.ethermine.org
Jun 10 16:00:00 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying ethermine.org
Jun 10 16:00:00 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying eu1.ethermine.org

p.s. By the way, the dual WAN script works perfectly, I forgot to report after the beta version test ;)
 
Last edited:
I performed routing from the router and from a computer connected to the router, the route goes without a VPN if I turn off this site in VPN director. I'll wait for someone else to unsubscribe, maybe it's my problem.
Is there any command to check all the current routes?

In fact, it is very easy for me to check whether the script is working or not, if the script does not work, then I cannot connect to ethermine due to their restriction on my main (non-VPN) ip.

And another question, how will it be possible to remove the message from the log every 5 minutes?
Code:
Jun 10 15:50:00 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying ethermine.org
Jun 10 15:50:00 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying eu1.ethermine.org
Jun 10 15:55:00 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying ethermine.org
Jun 10 15:55:00 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying eu1.ethermine.org
Jun 10 16:00:00 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying ethermine.org
Jun 10 16:00:00 domain_vpn_routing.sh: Query Policy - Policy: ethermine Querying eu1.ethermine.org

p.s. By the way, the dual WAN script works perfectly, I forgot to report after the beta version test ;)

I need you to do some testing and log gathering for me so we can see what is going wrong :)

Also I published v1.4.6 as non beta version so you can run an update for Dual WAN Failover script to get the official release.
 
Last edited:
I need you to do some testing and log gathering for me so we can see what is going wrong :)

Also I published v1.4.6 as non beta version so you can run an update for Dual WAN Failover script to get the official release.
I have already upgraded to 1.4.6 ;)

If you write me what to do and what logs to send, I will do it without any problems.
 
I have already upgraded to 1.4.6 ;)

If you write me what to do and what logs to send, I will do it without any problems.

Let’s start with logs, traceroute tests, and also send me the routing table for ovpnc5
 
I will be grateful if you write to me in more detail what to do. :)

As a last resort, I am ready to give access to the router from wan

Send the output of the following commands after you have set up the domain vpn routing script.

EDIT: Also, if you tested right after a reboot, allow the router a few minutes, the cache can sometimes make it seem like it's not working.

Code:
nvram show | grep "wan"

Code:
ip route list table ovpnc5

Code:
traceroute ethermine.org
 
Last edited:
Send the output of the following commands after you have set up the domain vpn routing script.

EDIT: Also, if you tested right after a reboot, allow the router a few minutes, the cache can sometimes make it seem like it's not working.

Code:
nvram show | grep "wan"

Code:
ip route list table ovpnc5

Code:
traceroute ethermine.org
send pm
 
Thanks to @VIper_Rus we were able to patch the script to resolve this issue.

v0.91-beta has been published.

Release Notes:
v0.91-beta - 06/11/2022
- If VPN Director is enabled, routes will now be added to the main routing table.
- Added option for Query Policy All to execute during OpenVPN Events. (If Option is missing run install command again)
 
@Ranger802004 Could you also include not only the openvpn interfaces but also the wireguard (e.g. wg11) ones? Would this work?
 
@Ranger802004 Could you also include not only the openvpn interfaces but also the wireguard (e.g. wg11) ones? Would this work?
I will try expanding after I get the bugs worked out of the initial build.
 
another thing i noticed is if the domain being added is already blocked by your isp , policy update doesn't get the ips (obliviously lol) how to get the domain running in this case

For ex: in my case a torrent site is blocked by my isp
i have a nord vpn server running on my router where its unblocked
but i cant update the policy since console runs through my isp
 
another thing i noticed is if the domain being added is already blocked by your isp , policy update doesn't get the ips (obliviously lol) how to get the domain running in this case

For ex: in my case a torrent site is blocked by my isp
i have a nord vpn server running on my router where its unblocked
but i cant update the policy since console runs through my isp
You could create a dnsmasq entry for the domain to use a specific DNS Server that is not your ISP DNS Server.
 
You could create a dnsmasq entry for the domain to use a specific DNS Server that is not your ISP DNS Server.
I'm running a pihole as dns resolver , and this site blocked except through vpn
 
I'm running a pihole as dns resolver , and this site blocked except through vpn
You still should be able to make an entry in the dnsmasq.conf add on file that will override DNS queries to the specified DNS Server you want per domain.

EDIT: If you have to, you can designate the IP of a DNS Server to go over your VPN using VPN Director or OVPN config and then specify that DNS Server in dnsmasq.conf for that particular domain.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top