What's new

Domain-based VPN Routing Script

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I currently have 2998 entries in the policy_freedom_domaintoIP file, of which 2724 are ipv6 entries. It would be useful to have an option to disable recording ipv6 addresses for those who don't have ipv6. It seems to me that this would make life easier for the router.
I will consider this, I can probably just build in an automatic check for IPv6 being enabled. Additionally, I will look into a post-fix function that will delete IPv6 queried IPs if IPv6 is not enabled from the policy files.
 
Thank you very much for the script, I was looking for this for awhile, was struggle with x3mrouting, the script is user friendly so it's help me setup in a blink :D

I think it should be added to amtm since it's a great script :D
 
Works as expected, however... feature request to make complete:

When using VPN Director, to disconnect from OVPN1 and connecting to let say OVPN2, the configuration in domain_vpn_routing.conf still stays as OVPN1, therefore, error adding routes.

Aside from that, grate work Ranger!!!
 
Works as expected, however... feature request to make complete:

When using VPN Director, to disconnect from OVPN1 and connecting to let say OVPN2, the configuration in domain_vpn_routing.conf still stays as OVPN1, therefore, error adding routes.

Aside from that, grate work Ranger!!!
This may be something I could collaborate with @Viktor Jaep on as his tool is geared more towards VPN Monitoring while this tool is specifically geared towards Domain / VPN routing.
 
v2.0.0-beta2 has been published to the beta channel, if you have Dev Mode you can updated directly from beta1.

v2.0.0-beta2:
Enhancements:
- SSH UI
- Interfaces will now list the friendly name of the interface instead of the tunnel / physical interface name.
- Querying policies will take low CPU priority automatically.
- Cron Jobs will now be added to wan-event.
- NVRAM Checks have been integrated to prevent lock ups.
- Domain VPN Routing will now be called from wan-event in addition to openvpn-event.
- Global Configuration Menu.
- Developer Mode available for testing beta releases.
- Enhanced update function.
- If the IPV6 Service is disabled, IPV6 IP Addresses will not be queried or added to policies. In addition, existing IPv6 IP Addresses in policy files will be removed for optimization.

Fixes:
- Visual errors when domain fails to perform DNS lookup.
 
That would be amazing, as it would complete the "Automation" of the entire solution. Right now, when I click a different VPN, I must manually login to router via WinSCP, right click edit domain_vpn_routing.conf and change from OVPNc1 to OVPNc2, save and either wait for cron job to trigger or manually trigger update policy. Not big deal when I am home, but when remote, significant other not so technical. Not often just when must be out of area for baseball.


P.S Updated to v2.0.0-beta2 and all looks good so far.

Thank you!
 
That would be amazing, as it would complete the "Automation" of the entire solution. Right now, when I click a different VPN, I must manually login to router via WinSCP, right click edit domain_vpn_routing.conf and change from OVPNc1 to OVPNc2, save and either wait for cron job to trigger or manually trigger update policy. Not big deal when I am home, but when remote, significant other not so technical. Not often just when must be out of area for baseball.


P.S Updated to v2.0.0-beta2 and all looks good so far.

Thank you!
Happy to look at this to determine its viability? Would you be able to share the contents of one of these .conf files? I need to understand what's going on... And why do you have to manually change to a different VPN? Reasoning?
 
Happy to look at this to determine its viability? Would you be able to share the contents of one of these .conf files? I need to understand what's going on... And why do you have to manually change to a different VPN? Reasoning?
Essentially Viktor, the policy is created with a specific OVPN Client assigned to it and if there is an issue with that client, the created IP Rules / Routes don't have a recreation or failover to another VPN Client, this is the functionality being requested.
 
Essentially Viktor, the policy is created with a specific OVPN Client assigned to it and if there is an issue with that client, the created IP Rules / Routes don't have a recreation or failover to another VPN Client, this is the functionality being requested.
Wouldn't you be able to just create a policy for each VPN client? Then if one turns off, the other turns on, the policy is there ready to go? Forgive my ignorance, but I don't have any familiarity with how this works. LOL
 
Wouldn't you be able to just create a policy for each VPN client? Then if one turns off, the other turns on, the policy is there ready to go? Forgive my ignorance, but I don't have any familiarity with how this works. LOL
There is an edit policy function to change the used interface which will change the routes on the fly but there is no automated method of this, essentially because that would involve performing VPN Monitoring / failover.
 
Happy to look at this to determine its viability? Would you be able to share the contents of one of these .conf files? I need to understand what's going on... And why do you have to manually change to a different VPN? Reasoning?
There is only a single .conf file called domain_vpn_routing.conf:

Baseball|/jffs/configs/domain_vpn_routing/policy_Baseball_domainlist|/jffs/configs/domain_vpn_routing/policy_Baseball_domaintoIP|ovpnc1|VERBOSELOGGING=1|PRIVATEIPS=0

The reason is for mlb.tv to put myself in place where I can watch local baseball (paint dry) with my mlb subscription. I have to do this every once in a while. I can change the VPN server by clicking a button in VPN director (as can spousal unit) but it change does not reflect in domain_vpn_routing.conf to map either ovpnc2, ovpnc3, ovpn4 etc etc etc.... (Also for people who choose to randomize based on whatever criteria they are using automatically).

I hope that make sense.... it's only for stupid basedball and spousal unit simplicity.
 

Attachments

  • VPN.PNG
    VPN.PNG
    135.8 KB · Views: 33
There is only a single .conf file called domain_vpn_routing.conf:

Baseball|/jffs/configs/domain_vpn_routing/policy_Baseball_domainlist|/jffs/configs/domain_vpn_routing/policy_Baseball_domaintoIP|ovpnc1|VERBOSELOGGING=1|PRIVATEIPS=0

The reason is for mlb.tv to put myself in place where I can watch local baseball (paint dry) with my mlb subscription. I have to do this every once in a while. I can change the VPN server by clicking a button in VPN director (as can spousal unit) but it change does not reflect in domain_vpn_routing.conf to map either ovpnc2, ovpnc3, ovpn4 etc etc etc.... (Also for people who choose to randomize based on whatever criteria they are using automatically).

I hope that make sense.... it's only for stupid basedball and spousal unit simplicity.
Have you tried using the edit policy function? It will update the routing instantly.
 
And vice versa BTW... some banking apps do not like VPN, so they must be routed outside of ovpnc1, ovpnc2 etc etc.

This script is perfect for that, but the very last piece is the automation (on either your side or rangers side) when ovpnc2 is clicked in VPN director, somehow to pass that over.
 
Yes, of course, it works manually just fine. Not complaining there, but as I said, just clicking on VPN director really should work hand-in-hand (I hope)
Since VPNMON-R2 isn't really part of the picture here, I would probably suggest coming up with a little script in the openvpn-event file that updates that conf file, and populates the right ovpnc# in there? I think that would do the trick? Then, each time the VPN slot changes, it writes the correct # to the file? Thoughts @Ranger802004?
 
Since VPNMON-R2 isn't really part of the picture here, I would probably suggest coming up with a little script in the openvpn-event file that updates that conf file, and populates the right ovpnc# in there? I think that would do the trick? Then, each time the VPN slot changes, it writes the correct # to the file? Thoughts @Ranger802004?
I agree, actually now that I think about this more, this will only solve MY issue. Others maybe using this script to route different traffic over different interfaces so it may break for them. Maybe a toggle on/off for "Dynamic Interface Detection" YES/NO. Yes will work for me and no will work for others who do multi interface routing? Just a thought. Thank you both to what you are doing here. I love this script so far.
 
v2.0.0-beta2 has been published to the beta channel, if you have Dev Mode you can updated directly from beta1.

v2.0.0-beta2:
Enhancements:
- SSH UI
- Interfaces will now list the friendly name of the interface instead of the tunnel / physical interface name.
- Querying policies will take low CPU priority automatically.
- Cron Jobs will now be added to wan-event.
- NVRAM Checks have been integrated to prevent lock ups.
- Domain VPN Routing will now be called from wan-event in addition to openvpn-event.
- Global Configuration Menu.
- Developer Mode available for testing beta releases.
- Enhanced update function.
- If the IPV6 Service is disabled, IPV6 IP Addresses will not be queried or added to policies. In addition, existing IPv6 IP Addresses in policy files will be removed for optimization.

Fixes:
- Visual errors when domain fails to perform DNS lookup.
Thank you! I don't use the ipv6 and after updating and restarting the script, the ipv6 addresses were removed. Everything works, nothing broke!
Can I delete the openvpn-event, or is it still mandatory? Because for me the content of wan-event is absolutely identical to the content of openvpn-event.
 
Last edited:
I agree, actually now that I think about this more, this will only solve MY issue. Others maybe using this script to route different traffic over different interfaces so it may break for them. Maybe a toggle on/off for "Dynamic Interface Detection" YES/NO. Yes will work for me and no will work for others who do multi interface routing? Just a thought. Thank you both to what you are doing here. I love this script so far.
Here's a little Proof-of-concept... but you get the idea. This needs to be placed in your "/jffs/scripts/openvpn-event" file... You would need to edit the path to your .conf file so that it's correct... but then "theoretically", each time your VPN slot changes and the route comes up, it will modify your "domain_vpn_routing.conf" file to reflect the correct ovpnc#. Not quite sure if the vpn routing script needs a kickstart after this... but hopefully this gets you a little closer.

Code:
#!/bin/sh

confpath="/jffs/scripts/domain_vpn_routing.conf"

[ "${dev:0:4}" = 'tun1' ] && vpn_id=${dev:4:1} && [ "$script_type" = 'route-up' ] && sed -i "s/ovpnc./ovpnc$vpn_id/" "$confpath" &

#PoC
#vpn_id=2
#sed -i "s/ovpnc./ovpnc$vpn_id/" "$confpath"
 
Thank you! I don't use the ipv6 and after updating and restarting the script, the ipv6 addresses were removed. Everything works, nothing broke!
Can I delete the openvpn-event, or is it still mandatory? Because for me the content of wan-event is absolutely identical to the content of openvpn-event.
I would recommend to leave both, all they do is execute query policies and make sure cron job is scheduled if an event occurs. With the lock file only one instance will run if they are both triggered.
 
Here's a little Proof-of-concept... but you get the idea. This needs to be placed in your "/jffs/scripts/openvpn-event" file... You would need to edit the path to your .conf file so that it's correct... but then "theoretically", each time your VPN slot changes and the route comes up, it will modify your "domain_vpn_routing.conf" file to reflect the correct ovpnc#. Not quite sure if the vpn routing script needs a kickstart after this... but hopefully this gets you a little closer.

Code:
#!/bin/sh

confpath="/jffs/scripts/domain_vpn_routing.conf"

[ "${dev:0:4}" = 'tun1' ] && vpn_id=${dev:4:1} && [ "$script_type" = 'route-up' ] && sed -i "s/ovpnc./ovpnc$vpn_id/" "$confpath" &

#PoC
#vpn_id=2
#sed -i "s/ovpnc./ovpnc$vpn_id/" "$confpath"
You know, you were actually onto something, I think a 2nd policy with the other interface will work. It will just have lower priority than the higher interface in the IP Rules but if the main one is down then it will work.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top