What's new

Domain-based VPN Routing Script

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Hello,
Thanks for this script. I'm having trouble getting the routing to work so I wanted to troubleshoot and had some basic questions.

I see that this is using nslookup to figure out the addresses. If I manually ran a nslookup, and then put those numbers into the vpndirector with the proper VPN selected, is that essentially the same thing? I want to troubleshoot the actual routing and IP addresses and make sure they work, before messing with the script.

Also, what is tun11, tun12, etc. Are those vpn1, vpn2, etc?

Thanks for your help.
You would create a policy and then you can add entries for the Domain >> IP in the policy files, read the readme for instructions.
 
Yes, thanks.
I am able to follow the steps in the readme. But the routing isn't doing what I expected, so I must be doing something wrong.

My questions are:
1) What are tun12, etc in the list. I'm not sure which openvpn items they refer to.
2) when the script is finished, would I see what it has done in the vpn director gui? or would I not see anything there?

Sorry for the basic questions, as I'm just trying to learn here.
 
Yes, thanks.
I am able to follow the steps in the readme. But the routing isn't doing what I expected, so I must be doing something wrong.

My questions are:
1) What are tun12, etc in the list. I'm not sure which openvpn items they refer to.
2) when the script is finished, would I see what it has done in the vpn director gui? or would I not see anything there?

Sorry for the basic questions, as I'm just trying to learn here.
1. tun11 = openvpn client 1, tun12 = openvpn client 2, etc etc etc. I'm changing this in v1.5 where it will display the OpenVPN Client # instead and the backend will select the correct interface.
2. No you won't see it from the router GUI, there are many clues though you can use.
Code:
ip rule list
System Log > Routing Table (IPv6)
Policy Files will show you what IPs are being routed
Code:
/jffs/configs/domain_vpn_routing/
 
Just an update guys, I'm very close to releasing my first beta for v2.0.0 of Domain VPN Routing, I may even be able to publish this tonight.
 
***v2.0.0-beta1 Release***
Information regarding this release has been published into the original post of this thread.
 
The upgrade from v1.x command brings up the ssh ui menu. How to upgrade from 1.x?
You're upgraded if you can see the SSH UI menu, it will automatically detect if you have v1.x installed and perform the upgrade process.
 
You're upgraded if you can see the SSH UI menu, it will automatically detect if you have v1.x installed and perform the upgrade process.
Understood. Thank you. Works great. Is it possible to make sure that ipv6 addresses are not written to the policy_freedom_domaintoIP file? There are a lot of them. And I don't have ipv6.
 
Understood. Thank you. Works great. Is it possible to make sure that ipv6 addresses are not written to the policy_freedom_domaintoIP file? There are a lot of them. And I don't have ipv6.
I thought about that but left it as is because of one main scenario. If you have IPv6 enabled on your WAN but your VPN interface is IPv4. The IPV6 capable devices would use the IPV6 routes and not work whereas it will create the IPv6 routes to your VPN interface and just simply not work until you integrate IPv6 into your tunnel. I have IPv6 on my OpenVPN configuration personally. I can consider a global option for this later on.
 
I thought about that but left it as is because of one main scenario. If you have IPv6 enabled on your WAN but your VPN interface is IPv4. The IPV6 capable devices would use the IPV6 routes and not work whereas it will create the IPv6 routes to your VPN interface and just simply not work until you integrate IPv6 into your tunnel. I have IPv6 on my OpenVPN configuration personally. I can consider a global option for this later on.
Thanks for the explanation. Your right.
 
You're upgraded if you can see the SSH UI menu, it will automatically detect if you have v1.x installed and perform the upgrade process.
SSH UI still shows that I have version 1.4.
 

Attachments

  • 123.jpg
    123.jpg
    72.6 KB · Views: 34
SSH UI still shows that I have version 1.4.
Reread the message and read considerations in the Original Post, if you don't enable Dev Mode then your update channel will still point to production update channel.
 
Last edited:
Reread the message and read considerations in the Original Post, if you don't enable Dev Mode then your update channel will still point to production update channel.
OK. I'm sorry, now I understand. The language barrier. I don't speak English well and use google translator. The meaning is not always completely clear to me.
 
OK. I'm sorry, now I understand. The language barrier. I don't speak English well and use google translator. The meaning is not always completely clear to me.
No worries, understood.
 
Checking for feedback
 
So is this a replacement for x3mRouting. It seems like updates to that script aren't coming. Thankfully for right now its still working. Can you use this script to route certain domains to wan instead of making them go through VPN? For instance I now have IPsets that bypass the vpn to wan. Can I replace that using this script?
 
So is this a replacement for x3mRouting. It seems like updates to that script aren't coming. Thankfully for right now its still working. Can you use this script to route certain domains to wan instead of making them go through VPN? For instance I now have IPsets that bypass the vpn to wan. Can I replace that using this script?
Yes you can do that.
 
I thought about that but left it as is because of one main scenario. If you have IPv6 enabled on your WAN but your VPN interface is IPv4. The IPV6 capable devices would use the IPV6 routes and not work whereas it will create the IPv6 routes to your VPN interface and just simply not work until you integrate IPv6 into your tunnel. I have IPv6 on my OpenVPN configuration personally. I can consider a global option for this later on.
I currently have 2998 entries in the policy_freedom_domaintoIP file, of which 2724 are ipv6 entries. It would be useful to have an option to disable recording ipv6 addresses for those who don't have ipv6. It seems to me that this would make life easier for the router.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top