DomainVPNRouting Domain VPN Routing v3.0.0 ***Release***

[Ranger802004]

Domain VPN Routing is a tool used to route specific website domains to specific VPN tunnels or override all traffic being routed to a VPN tunnel to directly route through a WAN interface.

***v3.0.0 Release****
This is the release information regarding v3.0.0, please read the notes carefully prior to installing.

Readme - https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vpn_routing/readme.txt

Script - https://raw.githubusercontent.com/R...main/domain_vpn_routing/domain_vpn_routing.sh

Install Command:

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vpn_routing/domain_vpn_routing-beta.sh" -o "/jffs/scripts/domain_vpn_routing.sh" && chmod 755 /jffs/scripts/domain_vpn_routing.sh && sh /jffs/scripts/domain_vpn_routing.sh install

Updating:
If v2.x.x is currently installed, enable Dev Mode in the configuration menu and perform an update to receive this beta release.

Support:
- Submit a ticket via GitHub here.

Release Notes:
v3.0.0 - 10/14/2024
Enhancements:
- Added functionality to support wildcards for subdomains. Example: *.example.com ***Requires DNS Logging to be enabled***
- Added DNS Overrides for VPN Client interfaces, when a policy is configured with a specific interface it will use the system default DNS Server unless a DNS override is configured for that specific interface in the configuration menu.
- Domain queries will now utilize dig if it is installed and will bypass use of nslookup.
- If dig is installed, a policy can be configured to allow CNAMES of domains to be added to the policy domain list automatically during query execution. This is disabled by default for existing policies and can be enabled using the editpolicy function.
- IP Version will now be displayed under System Information located in the Configuration menu.

Fixes:
- Reduced names of IPSets to allow policy names to have a max length of 24 characters.
- Fixed issue that caused RT-AC68U and DSL-AC68U to lock up on execution due to limitation of 2 OpenVPN Client slots.
- Domain VPN Routing will now check the IP version and operate in a compability mode for older versions. If an optional binary is installed Domain VPN Routing will test and use the newer version of the ip binary between the system and optional binary.
- Fixed an issue with beta update channel.
- Fixed an issue where ip rules were not being deleted when an unreachable rule was being created to block traffic for a VPN interface being down.
- Fixed minor issues with IPv6 routing rules.

 

[Ranger802004]

Minor fixes were applied to v3.0.0-beta1, check for updates and verify your checksum matches the repo version and if not perform an update to get the revision.

 

[ComputerSteve]

Domain VPN Routing is a tool used to route specific website domains to specific VPN tunnels or override all traffic being routed to a VPN tunnel to directly route through a WAN interface.

***v3.0.0-beta1 Release****
This is the release information regarding v3.0.0-beta1, please read the notes carefully prior to installing.

Readme - https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vpn_routing/readme.txt

Script - https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vpn_routing/domain_vpn_routing.sh

Install Command:

/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vpn_routing/domain_vpn_routing-beta.sh" -o "/jffs/scripts/domain_vpn_routing.sh" && chmod 755 /jffs/scripts/domain_vpn_routing.sh && sh /jffs/scripts/domain_vpn_routing.sh install

Updating:
If v2.x.x is currently installed, enable Dev Mode in the configuration menu and perform an update to receive this beta release.

Release Notes:
v3.0.0-beta1 - 09/29/2024
Enhancements:
- Added functionality to support wildcards for subdomains. Example: *.example.com ***Requires DNS Logging to be enabled***
- Added DNS Overrides for VPN Client interfaces, when a policy is configured with a specific interface it will use the system default DNS Server unless a DNS override is configured for that specific interface in the configuration menu.
- Domain queries will now utilize dig if it is installed and will bypass use of nslookup.
- If dig is installed, a policy can be configured to allow CNAMES of domains to be added to the policy domain list automatically during query execution. This is disabled by default for existing policies and can be enabled using the editpolicy function.

Fixes:
- Reduced names of IPSets to allow policy names to have a max length of 24 characters.
- Fixed issue that caused RT-AC68U and DSL-AC68U to lock up on execution due to limitation of 2 OpenVPN Client slots.
- Domain VPN Routing will now check the IP version and test it for compability.

Can I use this with AdGuard home ?? If so.. how do I enable logging for DNSMasq ? Or do I not need DNSMasq since I’m using AdGuard home ? Or do I run both ? Can you run both ?

 

[Ranger802004]

Can I use this with AdGuard home ?? If so.. how do I enable logging for DNSMasq ? Or do I not need DNSMasq since I’m using AdGuard home ? Or do I run both ? Can you run both ?

I responded to you in GitHub.

 

[Ranger802004]

v3.0.0-beta2 has been released to address an update issue with the beta channel.

 

[maghuro]

@Ranger802004 how to enable dns logging?

Google didn't help me...

 

[ComputerSteve]

@Ranger802004 how to enable dns logging?

Google didn't help me...

Ranger has explained this to me !
To enable DNS logging you would create the file /jffs/configs/dnsmasq.conf.add (If it does not exist already) and then add the following lines to the file.

log-queries
log-facility=/var/log/dnsmasq.log

Restart DNSMasq

service restart_dnsmasq

 

[maghuro]

Ranger has explained this to me !
To enable DNS logging you would create the file /jffs/configs/dnsmasq.conf.add (If it does not exist already) and then add the following lines to the file.

log-queries
log-facility=/var/log/dnsmasq.log

Restart DNSMasq

service restart_dnsmasq

Unfortunatelly, for some reason, some error occurs. When I enter app settings, it shows the following:

System Information:
DNS Logging Status Status: Disabled
DNS Log Path Log Path: /var/log/dnsmasq.logno-resolv
WAN FWMark WAN FWMark: 0x8000
WAN Mask WAN Mask: 0xf000
WAN Reverse Path Filter WAN RP Filter: Loose Filtering

 

[maghuro]

Unfortunatelly, for some reason, some error occurs. When I enter app settings, it shows the following:

System Information:
DNS Logging Status Status: Disabled
DNS Log Path Log Path: /var/log/dnsmasq.logno-resolv
WAN FWMark WAN FWMark: 0x8000
WAN Mask WAN Mask: 0xf000
WAN Reverse Path Filter WAN RP Filter: Loose Filtering

I managed to fix it.

Now, when I query a policy, this happens (when I have wildcards domains, for example *.meo.pt)


Select the Policy You Want to Query: 2
Query Policy: MeoTV
: No such file or directory
: No such file or directory
: No such file or directory

 

[Ranger802004]

Unfortunatelly, for some reason, some error occurs. When I enter app settings, it shows the following:

System Information:
DNS Logging Status Status: Disabled
DNS Log Path Log Path: /var/log/dnsmasq.logno-resolv
WAN FWMark WAN FWMark: 0x8000
WAN Mask WAN Mask: 0xf000
WAN Reverse Path Filter WAN RP Filter: Loose Filtering

Because you have /var/log/dnsmasq.log and no-resolv on the same line in your add on dnsmasq file in /jffs/configs/dnsmasq.conf.add.

 

[Ranger802004]

***v3.0.0-beta3 has been released***

Release Notes:
v3.0.0-beta3 - 10/09/2024
Enhancements:
- Added functionality to support wildcards for subdomains. Example: *.example.com ***Requires DNS Logging to be enabled***
- Added DNS Overrides for VPN Client interfaces, when a policy is configured with a specific interface it will use the system default DNS Server unless a DNS override is configured for that specific interface in the configuration menu.
- Domain queries will now utilize dig if it is installed and will bypass use of nslookup.
- If dig is installed, a policy can be configured to allow CNAMES of domains to be added to the policy domain list automatically during query execution. This is disabled by default for existing policies and can be enabled using the editpolicy function.
- IP Version will now be displayed under System Information located in the Configuration menu.

Fixes:
- Reduced names of IPSets to allow policy names to have a max length of 24 characters.
- Fixed issue that caused RT-AC68U and DSL-AC68U to lock up on execution due to limitation of 2 OpenVPN Client slots.
- Domain VPN Routing will now check the IP version and operate in a compability mode for older versions. If an optional binary is installed Domain VPN Routing will test and use the newer version of the ip binary between the system and optional binary.
- Fixed an issue with beta update channel.
- Fixed an issue where ip rules were not being deleted when an unreachable rule was being created to block traffic for a VPN interface being down.
- Fixed minor issues with IPv6 routing rules.

 

[Tarek Yag]

Congratulations on reaching this milestone on your new major release! I'm very optimistic that you'll have a great stable release soon enough with such great effort and continuous support.

It's my pleasure that I've helped with reporting issues and providing results during the testing phase of these beta versions. Hopefully, more users with old router models, just like me, will join the user base of Domain VPN Routing script!

 

[Ranger802004]

***v3.0.0 has been released to the main production channel***

Release Notes:
v3.0.0 - 10/14/2024
Enhancements:
- Added functionality to support wildcards for subdomains. Example: *.example.com ***Requires DNS Logging to be enabled***
- Added DNS Overrides for VPN Client interfaces, when a policy is configured with a specific interface it will use the system default DNS Server unless a DNS override is configured for that specific interface in the configuration menu.
- Domain queries will now utilize dig if it is installed and will bypass use of nslookup.
- If dig is installed, a policy can be configured to allow CNAMES of domains to be added to the policy domain list automatically during query execution. This is disabled by default for existing policies and can be enabled using the editpolicy function.
- IP Version will now be displayed under System Information located in the Configuration menu.

Fixes:
- Reduced names of IPSets to allow policy names to have a max length of 24 characters.
- Fixed issue that caused RT-AC68U and DSL-AC68U to lock up on execution due to limitation of 2 OpenVPN Client slots.
- Domain VPN Routing will now check the IP version and operate in a compability mode for older versions. If an optional binary is installed Domain VPN Routing will test and use the newer version of the ip binary between the system and optional binary.
- Fixed an issue with beta update channel.
- Fixed an issue where ip rules were not being deleted when an unreachable rule was being created to block traffic for a VPN interface being down.
- Fixed minor issues with IPv6 routing rules.

 

[ComputerSteve]

***v3.0.0 has been released to the main production channel***

Release Notes:
v3.0.0 - 10/14/2024
Enhancements:
- Added functionality to support wildcards for subdomains. Example: *.example.com ***Requires DNS Logging to be enabled***
- Added DNS Overrides for VPN Client interfaces, when a policy is configured with a specific interface it will use the system default DNS Server unless a DNS override is configured for that specific interface in the configuration menu.
- Domain queries will now utilize dig if it is installed and will bypass use of nslookup.
- If dig is installed, a policy can be configured to allow CNAMES of domains to be added to the policy domain list automatically during query execution. This is disabled by default for existing policies and can be enabled using the editpolicy function.
- IP Version will now be displayed under System Information located in the Configuration menu.

Fixes:
- Reduced names of IPSets to allow policy names to have a max length of 24 characters.
- Fixed issue that caused RT-AC68U and DSL-AC68U to lock up on execution due to limitation of 2 OpenVPN Client slots.
- Domain VPN Routing will now check the IP version and operate in a compability mode for older versions. If an optional binary is installed Domain VPN Routing will test and use the newer version of the ip binary between the system and optional binary.
- Fixed an issue with beta update channel.
- Fixed an issue where ip rules were not being deleted when an unreachable rule was being created to block traffic for a VPN interface being down.
- Fixed minor issues with IPv6 routing rules.

I'm trying to update to the production version & i'm getting the ---
domain_vpn_routing: ***domain_vpn_routing failed Checksum Check*** Current Checksum: 9e65c575e01c55e0d18d82b5baa10c0db329a1c74213d5f0c1f7ed370dc145c4 Valid Checksum: 35b9c86a08e39687556fde34a8740cb550634b3cfafbb7c83eb96248dc61fbb7


***Checksum Failed***


Current Checksum: 9e65c575e01c55e0d18d82b5baa10c0db329a1c74213d5f0c1f7ed370dc145c4 Valid Checksum: 35b9c86a08e39687556fde34a8740cb550634b3cfafbb7c83eb96248dc61fbb7

 

[Ranger802004]

I'm trying to update to the production version & i'm getting the ---
domain_vpn_routing: ***domain_vpn_routing failed Checksum Check*** Current Checksum: 9e65c575e01c55e0d18d82b5baa10c0db329a1c74213d5f0c1f7ed370dc145c4 Valid Checksum: 35b9c86a08e39687556fde34a8740cb550634b3cfafbb7c83eb96248dc61fbb7


***Checksum Failed***


Current Checksum: 9e65c575e01c55e0d18d82b5baa10c0db329a1c74213d5f0c1f7ed370dc145c4 Valid Checksum: 35b9c86a08e39687556fde34a8740cb550634b3cfafbb7c83eb96248dc61fbb7

That is normal when coming from a beta version, it sees it as the same version as the production version but they are have a different checksum value, just force update it so it will get the production version.

 

[Ranger802004]

***v3.0.1-beta1 Release***

Considerations:
- To use ASN related functions, install jq package from Entware.

Release Notes:
v3.0.1-beta1 - 10/15/2024
Enhancements
- Added functionality to add ASNs to be routed over an interface.
- Added ADDCNAMES to Show Policy menu when viewing a policy.
- Optimized functionality to generate interface list when creating or editing a policy or ASN.
- Optimized functionality for boot delay timer and setting process priority.
- System Information under Configuration menu now shows status of dig and jq being installed.

Fixes:
- Fixed an issue where IP FWMark rules were erroneously being deleted when editing or deleting a policy.
- Fixed an issue with executing the kill function to kill Domain VPN Routing processes, this was also happeneing in update mode.
- Various minor fixes

 

[Tarek Yag]

That is normal when coming from a beta version, it sees it as the same version as the production version but they are have a different checksum value, just force update it so it will get the production version.

I went through the same thing, but immediately knew the reason. However, after a successful update, if I check for updates again, it keeps giving the same message (update), so I had to exit and open the script again to stop getting the same update over and over again. I guess that the MD5 checksum is not getting updated after a version update. That's all!