What's new

Domain-based VPN Routing Script

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I updated from version 2.0.1 to 2.1.0-beta2, after which sites whose domains are entered in the policy_freedom_domainlist file do not open.
And during the update there was no return to the menu. I had to press Ctrl+C after a few minutes.
Then I uninstalled Domain-based VPN Routing Script and installed version 2.0.1, applied the previous settings, and the sites opened again.
 
Last edited:
I updated from version 2.0.1 to 2.1.0-beta2, after which sites whose domains are entered in the policy_freedom_domainlist file do not open.
And during the update there was no return to the menu. I had to press Ctrl+C after a few minutes.
Then I uninstalled Domain-based VPN Routing Script and installed version 2.0.1, applied the previous settings, and the sites opened again.
Did you collect logs or try a reboot? Also I have discovered the issue causing the update to hang and have a fix coming for that.
 
Last edited:
I have published v2.1.0-beta3 to address the update issue users are experiencing, I edited the post I made for beta2 to reflect this release instead. You will still experience the hang the first time but after that restart domain vpn routing in your console and it should be good to go.
 
I have published v2.1.0-beta3 to address the update issue users are experiencing, I edited the post I made for beta2 to reflect this release instead. You will still experience the hang the first time but after that restart domain vpn routing in your console and it should be good to go.
I updated from version 2.0.1 to 2.1.0-beta3, this time there was also no return to the menu during the update process. I pressed Ctrl+C and ran domain_vpn_routing again, the version displayed was 2.1.0-beta3, but the sites from the list of domains for routing via VPN did not open. I again performed item 6 in the domain_vpn_routing menu, and this time I returned to the menu, but those sites still do not open. I rebooted the router, but that didn't help either. Could this be due to the fact that I skipped version 2.1.0-beta1, or because I have AdGuard Home installed? Tell me how and what information to extract for you so that you can find the cause of the problem?
I had to go back to version 2.0.1 to get it to work. But I can update again to 2.1.0-beta3 to give you the information you need.
 
Last edited:
I updated from version 2.0.1 to 2.1.0-beta3, this time there was also no return to the menu during the update process. I pressed Ctrl+C and ran domain_vpn_routing again, the version displayed was 2.1.0-beta3, but the sites from the list of domains for routing via VPN did not open. I again performed item 6 in the domain_vpn_routing menu, and this time I returned to the menu, but those sites still do not open. I rebooted the router, but that didn't help either. Could this be due to the fact that I skipped version 2.1.0-beta1, or because I have AdGuard Home installed? Tell me how and what information to extract for you so that you can find the cause of the problem?
I had to go back to version 2.0.1 to get it to work. But I can update again to 2.1.0-beta3 to give you the information you need.
Collect all of the logs with debug logging enabled on your router and collect the output and send to me from the following commands.
Code:
ipset list -n
ip rule list
ip -6 rule list
iptables -t mangle -nvL PREROUTING
iptables -t mangle -nvL POSTROUTING
ip6tables -t mangle -nvL PREROUTING
ip6tables -t mangle -nvL POSTROUTING
 
Collect all of the logs with debug logging enabled on your router and collect the output and send to me from the following commands.
Code:
ipset list -n
ip rule list
ip -6 rule list
iptables -t mangle -nvL PREROUTING
iptables -t mangle -nvL POSTROUTING
ip6tables -t mangle -nvL PREROUTING
ip6tables -t mangle -nvL POSTROUTING
Posted to Conversations.
 
I got into a little trouble, I have a Policy call SSJapan which using my opvnc3 interface
I added 2 websites which need to use vpn to Japan to access to SSJapan, but after query they still can't access, one site still showing my ISP IP.
I added a ip check website "https://2ip.io/" to SSJapan, and it showing the VPN IP
Also that when route whole device to opvnc2 using VPN Director I can access those 2 websites

So I don't know what happened, I have another Policy using opvnc2 interface to route some blocked websites to Hongkong VPN and it's working just fine
 
I cannot install 2.1.0 (true for all betas). It gives me the following error:
Code:
/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vp
n_routing/domain_vpn_routing-beta.sh" -o "/jffs/scripts/domain_vpn_routing.sh" && chmod 755 /jffs/scripts/domain_vpn_routing.sh &&
sh /jffs/scripts/domain_vpn_routing.sh install
/jffs/scripts/domain_vpn_routing.sh: .: line 3597: can't open '/jffs/configs/domain_vpn_routing/global.conf'
I can install it if I first install the stable release though.

And I seem to face the same issue Kyjiep. I just can't access the router now, but if not solved with their logs, I'll get them on the weekend!

 
I got into a little trouble, I have a Policy call SSJapan which using my opvnc3 interface
I added 2 websites which need to use vpn to Japan to access to SSJapan, but after query they still can't access, one site still showing my ISP IP.
I added a ip check website "https://2ip.io/" to SSJapan, and it showing the VPN IP
Also that when route whole device to opvnc2 using VPN Director I can access those 2 websites

So I don't know what happened, I have another Policy using opvnc2 interface to route some blocked websites to Hongkong VPN and it's working just fine
Let the policy sit for awhile and continue performing DNS queries, also you may have additional subdomains that are needed part of the service you are trying to route.
 
I cannot install 2.1.0 (true for all betas). It gives me the following error:
Code:
/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vp
n_routing/domain_vpn_routing-beta.sh" -o "/jffs/scripts/domain_vpn_routing.sh" && chmod 755 /jffs/scripts/domain_vpn_routing.sh &&
sh /jffs/scripts/domain_vpn_routing.sh install
/jffs/scripts/domain_vpn_routing.sh: .: line 3597: can't open '/jffs/configs/domain_vpn_routing/global.conf'
I can install it if I first install the stable release though.

And I seem to face the same issue Kyjiep. I just can't access the router now, but if not solved with their logs, I'll get them on the weekend!

I have identified the install issue you are experiencing and will resolve in the next release.

EDIT: https://www.snbforums.com/threads/domain-based-vpn-routing-script.79264/post-868322
 
Last edited:
***V2.1.0-beta4 Release***
Enhancements:
- DNSMasq log is now utilized if enabled to query for domain records to route. The log path will be captured from the DNSMasq Configuration.
- IPSets, IPTables Rules, and IP Rules using FWMarks have been implemented to reduce the amount of routes / rules that are created for policies.
- Added Check Interval configuration options to Configuration Menu to modify the cron job schedule between 1 - 59 minutes. Default: 15 minutes
- The current interface for a Policy will be displayed when in the Edit Policy configuration menu.
- Added default FWMark and Mask values for OpenVPN and WireGuard clients that can be changed in the configuration menu. Reboot required for changes.
- Log priority values added (Critical, Error, Warning, Notice, Informational, Debug)
- Additional logging messages have been added.
- Added Boot Delay Timer configuration setting to delay execution to wait and allow VPN tunnels to initalize during start up before querying for policies. Default: 0 Seconds

Fixes:
- Fixed issue where adding a domain with the same partial name as an existing in a policy prevented it from being added.
- Fixed an issue that causes the update function to hang when complete as well as when terminating Domain VPN Routing.
- Fixed an issue preventing installation where Domain VPN Routing was trying to access the global configuration before it was created.
- Fixed an issue where the alias "domain_vpn_routing" was not being deleted during uninstallation.
- Fixed an issue where changing the Check Interval causes the Domain VPN Routing to hang on Query Policy screen instead of returning to Configuration Menu.
 
Let the policy sit for awhile and continue performing DNS queries, also you may have additional subdomains that are needed part of the service you are trying to route.
Did as you said but still not working

I don't know if there is any subdomains, can you help me check the site: https://p-bandai.jp/

When no VPN active it will show a page to choose store outside of japan, when VPN active it will direct to japan store
 
***v2.1.0-beta5 Release***
Enhancements:
- DNSMasq log is now utilized if enabled to query for domain records to route. The log path will be captured from the DNSMasq Configuration.
- IPSets, IPTables Rules, and IP Rules using FWMarks have been implemented to reduce the amount of routes / rules that are created for policies.
- Added Check Interval configuration options to Configuration Menu to modify the cron job schedule between 1 - 59 minutes. Default: 15 minutes
- The current interface for a Policy will be displayed when in the Edit Policy configuration menu.
- Added default FWMark and Mask values for OpenVPN and WireGuard clients that can be changed in the configuration menu. Reboot required for changes.
- Log priority values added (Critical, Error, Warning, Notice, Informational, Debug)
- Additional logging messages have been added.
- Added Boot Delay Timer configuration setting to delay execution to wait and allow VPN tunnels to initalize during start up before querying for policies. Default: 0 Seconds
- Added Reset Default Configuration to Configuration Menu, additionally the command argument resetconfig can be used.

Fixes:
- Fixed issue where adding a domain with the same partial name as an existing in a policy prevented it from being added.
- Fixed an issue that causes the update function to hang when complete as well as when terminating Domain VPN Routing.
- Fixed an issue preventing installation where Domain VPN Routing was trying to access the global configuration before it was created.
- Fixed an issue where the alias "domain_vpn_routing" was not being deleted during uninstallation.
- Fixed an issue where changing the Check Interval causes the Domain VPN Routing to hang on Query Policy screen instead of returning to Configuration Menu.

NOTE:
If you have installed v2.1.0-beta1 - v2.1.0-beta4, it is recommended to reset the default configuration of the global configuration options (Requires reboot) or alternatively you can completely uninstall domain_vpn_routing and reinstall fresh. This is due to the FWMark / Mask settings defaults changing due to issues occurring with the default configuration. This will require you to re-enable Dev Mode and other configurations as well.


To perform a configuration reset, load the configuration menu and select option x or run domain_vpn_routing with command argument resetconfig.

1696476965830.png


Alternative Solution:
Code:
domain_vpn_routing resetconfig
 
Did as you said but still not working

I don't know if there is any subdomains, can you help me check the site: https://p-bandai.jp/

When no VPN active it will show a page to choose store outside of japan, when VPN active it will direct to japan store

These are the sites I get when I load that website, probably can ignore all of the google ad stuff, etc but perhaps the other .jp sites you may want to add to your policy, also uninstall and reinstall with beta5 and test please.
1696477884521.png
 
Last edited:
***v2.1.0-beta6 Release***
Enhancements:
- DNSMasq log is now utilized if enabled to query for domain records to route. The log path will be captured from the DNSMasq Configuration.
- IPSets, IPTables Rules, and IP Rules using FWMarks have been implemented to reduce the amount of routes / rules that are created for policies.
- Added Check Interval configuration options to Configuration Menu to modify the cron job schedule between 1 - 59 minutes. Default: 15 minutes
- The current interface for a Policy will be displayed when in the Edit Policy configuration menu.
- Added default FWMark and Mask values for OpenVPN and WireGuard clients that can be changed in the configuration menu. Reboot required for changes.
- Log priority values added (Critical, Error, Warning, Notice, Informational, Debug)
- Additional logging messages have been added.
- Added Boot Delay Timer configuration setting to delay execution to wait and allow VPN tunnels to initalize during start up before querying for policies. Default: 0 Seconds
- Added Reset Default Configuration to Configuration Menu, additionally the command argument resetconfig can be used.

Fixes:
- Fixed issue where adding a domain with the same partial name as an existing in a policy prevented it from being added.
- Fixed an issue that causes the update function to hang when complete as well as when terminating Domain VPN Routing.
- Fixed an issue preventing installation where Domain VPN Routing was trying to access the global configuration before it was created.
- Fixed an issue where the alias "domain_vpn_routing" was not being deleted during uninstallation.
- Fixed an issue where changing the Check Interval causes the Domain VPN Routing to hang on Query Policy screen instead of returning to Configuration Menu.
- Fixed an issue when editing a policy and changing the interface would cause a parameter not set error.
- Fixed an issue that wouldn't allow FWMark and Mask settings in the configuration to be null.


NOTE:
If you have installed v2.1.0-beta1 - v2.1.0-beta4, it is recommended to reset the default configuration of the global configuration options (Requires reboot) or alternatively you can completely uninstall domain_vpn_routing and reinstall fresh. This is due to the FWMark / Mask settings defaults changing due to issues occurring with the default configuration. This will require you to re-enable Dev Mode and other configurations as well.


To perform a configuration reset, load the configuration menu and select option x or run domain_vpn_routing with command argument resetconfig.

View attachment 53480

Alternative Solution:
Code:
domain_vpn_routing resetconfig
 
***v2.1.0 Release***
Enhancements:
- DNSMasq log is now utilized if enabled to query for domain records to route. The log path will be captured from the DNSMasq Configuration.
- IPSets, IPTables Rules, and IP Rules using FWMarks have been implemented to reduce the amount of routes / rules that are created for policies.
- Added Check Interval configuration options to Configuration Menu to modify the cron job schedule between 1 - 59 minutes. Default: 15 minutes
- The current interface for a Policy will be displayed when in the Edit Policy configuration menu.
- Added default FWMark and Mask values for OpenVPN and WireGuard clients that can be changed in the configuration menu. Reboot required for changes.
- Log priority values added (Critical, Error, Warning, Notice, Informational, Debug)
- Additional logging messages have been added.
- Added Boot Delay Timer configuration setting to delay execution to wait and allow VPN tunnels to initalize during start up before querying for policies. Default: 0 Seconds
- Added Reset Default Configuration to Configuration Menu, additionally the command argument resetconfig can be used.

Fixes:
- Fixed an issue where adding a domain with the same partial name as an existing in a policy prevented it from being added.
- Fixed an issue that causes the update function to hang when complete as well as when terminating Domain VPN Routing.
- Fixed an issue preventing installation where Domain VPN Routing was trying to access the global configuration before it was created.
- Fixed an issue where the alias "domain_vpn_routing" was not being deleted during uninstallation.
- Fixed an issue where changing the Check Interval causes the Domain VPN Routing to hang on Query Policy screen instead of returning to Configuration Menu.
- Fixed an issue when editing a policy and changing the interface would cause a parameter not set error.
- Fixed an issue that wouldn't allow FWMark and Mask settings in the configuration to be null.
- Fixed an issue that caused uninstallation to prompt multiple times for confirmation during uninstall process.
- Fixed an issue that prevented the menu from loading when Domain VPN Routing was not installed.

NOTE:
If you have installed v2.1.0-beta1 - v2.1.0-beta4, it is recommended to reset the default configuration of the global configuration options (Requires reboot) or alternatively you can completely uninstall domain_vpn_routing and reinstall fresh. This is due to the FWMark / Mask settings defaults changing due to issues occurring with the default configuration. This will require you to re-enable Dev Mode and other configurations as well.
 
Sorry in advance for the nooby questions:

1. I wonder is it possible to use this script the other way around, to "whitelist" a domain to go through WAN interface rather than WireGuard, as I route all my traffic through WG1 in VPN Director? I notice that my credit card provider login portal is blackisted on the VPN I use as it's a shared IP.

2. Does this script play nice with FlexQoS with regards to "marking" packets in iptables and such, I know that Flex does this to differentiate traffic type.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top