Domain-based VPN Routing Script

[privacyguy123]

It seems they want to pass the "install" command by default, which is complaining about this non-existent line as far as I can see because the file is only 4116 lines long.

 

[Ranger802004]

Republished beta2 as beta3 to address amtm update integration issues.

 

[privacyguy123]

Think the amtm thing is being reverted anyhow.

 

[Ranger802004]

Think the amtm thing is being reverted anyhow.

I know but doesn't hurt having the extra few lines of code in there to redirect the install back to the menu if it is already installed. I already added it so it's staying for now, lol.

 

[privacyguy123]

Ugh, this is starting to do my head in now. Now I see this error when attempting to manually update because I CANNOT ACCESS the menu due to this new amtm update.

 

[Ranger802004]

Ugh, this is starting to do my head in now. Now I see this error when attempting to manually update because I CANNOT ACCESS the menu due to this new amtm nonsense.

View attachment 53575

Those are usually benign during an update, as long as it reloads normal you should be good.

 

[thelonelycoder]

due to this new amtm nonsense

I beg your pardon?

 

[Ripshod]

I beg your pardon?

2 minutes. Your hearing's great!

 

[thelonelycoder]

2 minutes. Your hearing's great!

Thanks, I cancel the doctors appointment.

 

[John Fitzgerald]

Thanks, I cancel the doctors appointment.

FYI, I've done the update to v4.0, then the minor updates, then the last reverting, all with no issues on my end. I reboot the router after every update via the ASUS GUI.

So it's been quite good.

Thank you!

 

[thelonelycoder]

FYI, I've done the update to v4.0, then the minor updates, then the last reverting, all with no issues on my end. I reboot the router after every update via the ASUS GUI.

So it's been quite good.

Thank you!

amtm and Diversion can properly reboot the router, it‘s the same command as the GUI issues.
Just enter reboot in any of the two.

 

[i5Js]

Hi @Ranger802004

Thanks again, one last question about the following:

- DNSMasq log is now utilized if enabled to query for domain records to route. The log path will be captured from the DNSMasq Configuration

Does it mean it does automatically? Capture the records and add them to an existing policy?

Thanks,

Hi,

Anyone can explain me this, please? I don’t fully understand how it works

TIA!

 

[Ranger802004]

Hi,

Anyone can explain me this, please? I don’t fully understand how it works

TIA!

If you have dnsmasq logging enabled it will query the log for records to add.

 

[i5Js]

Thanks for your answer, so, you don’t need to do anything else,right? It adds the records to the policy automatically, right?

 

[Ranger802004]

Thanks for your answer, so, you don’t need to do anything else,right? It adds the records to the policy automatically, right?

Yes, once you enable dnsmasq logging Domain VPN Routing will pick up the configuration change and monitor the log.

 

[i5Js]

Thanks @Ranger802004 . Sorry for keep asking. The files that contains the domain name and ips, before this upgrade, are still useful?

 

[Ranger802004]

Thanks @Ranger802004 . Sorry for keep asking. The files that contains the domain name and ips, before this upgrade, are still useful?

Yes, do not remove the policy files.

 

[Ranger802004]

***v2.1.2 Release***
Enhancements:
- The wgclient-start start up script for WireGuard clients will now be created if it doesn't exist and will call Domain VPN Routing.
- The Reverse Path Filter will now be set to Loose Filtering if set to Strict Filtering and FWMarks are being used for a policy.

Fixes:
- Fixed integration with Wireguard clients configured with IPv6.
- Fixed issue where IPv4 ipsets were not being saved under some conditions.
- Fixed issue where IPv6 addresses were not being deleted from ipsets.
- Fixed an issue that caused Domain VPN Routing to be stuck in a loop if a WireGuard Client DNS Option was null.
- Fixed integration issues with amtm.
- Fixed an issue where a failed DNS query returned 0.0.0.0 as a queried IP Address for a policy, this entry will be excluded.

 

[Kyjiep]

***v2.1.2 Release***
Enhancements:
- The wgclient-start start up script for WireGuard clients will now be created if it doesn't exist and will call Domain VPN Routing.
- The Reverse Path Filter will now be set to Loose Filtering if set to Strict Filtering and FWMarks are being used for a policy.

Fixes:
- Fixed integration with Wireguard clients configured with IPv6.
- Fixed issue where IPv4 ipsets were not being saved under some conditions.
- Fixed issue where IPv6 addresses were not being deleted from ipsets.
- Fixed an issue that caused Domain VPN Routing to be stuck in a loop if a WireGuard Client DNS Option was null.
- Fixed integration issues with amtm.
- Fixed an issue where a failed DNS query returned 0.0.0.0 as a queried IP Address for a policy, this entry will be excluded.

Wonderful. After this update and reboot of the router, the script started working through wireguard as it should. Thank you.

 

[Sonyrolfy]

I just come upon your script this weekend.. it's an great script! Its working frictionless. Im ad work right now. but does your script also add ASN numbers? Tnx!