What's new

DomainVPNRouting Domain VPN Routing v3.0.4 ***Release***

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Ranger802004

Very Senior Member
Domain VPN Routing is a tool used to route specific website domains to specific VPN tunnels or override all traffic being routed to a VPN tunnel to directly route through a WAN interface.

***v3.0.4 Release****
This is the release information regarding v3.0.4, please read the notes carefully prior to installing.

Readme - https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vpn_routing/readme.txt

Script - https://raw.githubusercontent.com/R...main/domain_vpn_routing/domain_vpn_routing.sh

Install Command:
Code:
/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vpn_routing/domain_vpn_routing.sh" -o "/jffs/scripts/domain_vpn_routing.sh" && chmod 755 /jffs/scripts/domain_vpn_routing.sh && sh /jffs/scripts/domain_vpn_routing.sh install

Support:
- Submit a ticket via GitHub here.

Release Notes:
v3.0.4 - 11/27/2024
Fixes:
- Fixed an issue that would add erroneous CNAME values into a policy domain list when dig was being used to lookup CNAMES.
- Fixed an issue when using the deleteip function to delete an IP address.

v3.0.3 - 11/08/2024
Fixes:
- Fixed an issue with new installations of Domain VPN Routing.

v3.0.2 - 11/05/2024
Enhancements:
- Added functionality to query the AdGuardHome log. This can be enabled or disabled via the QUERYADGUARDHOMELOG configuration option.
- Created option to enable/disable Domain VPN Routing under configuration menu.
- During uninstallation, a prompt has been added to ask to back up the configuration. When reinstalling Domain VPN Routing a backup file will be checked for existence and prompted to restore configuration.
- Removed log message regarding No ASNs being detected if queryasn function is being executed by querypolicy for all policies.
- Enhanced prompts in querypolicy mode.
- Added log message stating length of processing time for querypolicy function.
- Minor optimizations.

Fixes:
- Fixed script locking mechanism when executing querypolicy or queryasn from the UI menu.
- Fixed issue where ASNs were not queried by cron job if no domain policies were created.

v3.0.1 - 10/26/2024
Enhancements
- Added functionality to add ASNs to be routed over an interface.
- Added ADDCNAMES to Show Policy menu when viewing a policy.
- Optimized functionality to generate interface list when creating or editing a policy or ASN.
- Optimized functionality for boot delay timer and setting process priority.
- System Information under Configuration menu now shows status of dig and jq being installed.
- Domain VPN Routing will now check for WAN being connected and will error out when executing querypolicy, queryasn, or update if WAN is not connected.
- Minor optimizations

Fixes:
- Fixed an issue where IP FWMark rules were erroneously being deleted when editing or deleting a policy.
- Fixed an issue with executing the kill function to kill Domain VPN Routing processes, this was also happeneing in update mode.
- Fixed grammatical error on Main Menu for queryasn.
- Fixed error when editing a policy and getting an error for no NEWASININTERFACE variable.
- Fixed an erroroneous file being created under /jffs/configs/domain_vpn_routing/policy_all_domainlist ***It is safe to delete this file***
- Various minor fixes
v3.0.0 - 10/14/2024
Enhancements:
- Added functionality to support wildcards for subdomains. Example: *.example.com ***Requires DNS Logging to be enabled***
- Added DNS Overrides for VPN Client interfaces, when a policy is configured with a specific interface it will use the system default DNS Server unless a DNS override is configured for that specific interface in the configuration menu.
- Domain queries will now utilize dig if it is installed and will bypass use of nslookup.
- If dig is installed, a policy can be configured to allow CNAMES of domains to be added to the policy domain list automatically during query execution. This is disabled by default for existing policies and can be enabled using the editpolicy function.
- IP Version will now be displayed under System Information located in the Configuration menu.

Fixes:
- Reduced names of IPSets to allow policy names to have a max length of 24 characters.
- Fixed issue that caused RT-AC68U and DSL-AC68U to lock up on execution due to limitation of 2 OpenVPN Client slots.
- Domain VPN Routing will now check the IP version and operate in a compability mode for older versions. If an optional binary is installed Domain VPN Routing will test and use the newer version of the ip binary between the system and optional binary.
- Fixed an issue with beta update channel.
- Fixed an issue where ip rules were not being deleted when an unreachable rule was being created to block traffic for a VPN interface being down.
- Fixed minor issues with IPv6 routing rules.
 
Last edited:
Minor fixes were applied to v3.0.0-beta1, check for updates and verify your checksum matches the repo version and if not perform an update to get the revision.
 
Domain VPN Routing is a tool used to route specific website domains to specific VPN tunnels or override all traffic being routed to a VPN tunnel to directly route through a WAN interface.

***v3.0.0-beta1 Release****
This is the release information regarding v3.0.0-beta1, please read the notes carefully prior to installing.

Readme - https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vpn_routing/readme.txt

Script - https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vpn_routing/domain_vpn_routing.sh

Install Command:
Code:
/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vpn_routing/domain_vpn_routing-beta.sh" -o "/jffs/scripts/domain_vpn_routing.sh" && chmod 755 /jffs/scripts/domain_vpn_routing.sh && sh /jffs/scripts/domain_vpn_routing.sh install

Updating:
If v2.x.x is currently installed, enable Dev Mode in the configuration menu and perform an update to receive this beta release.


Release Notes:
v3.0.0-beta1 - 09/29/2024
Enhancements:
- Added functionality to support wildcards for subdomains. Example: *.example.com ***Requires DNS Logging to be enabled***
- Added DNS Overrides for VPN Client interfaces, when a policy is configured with a specific interface it will use the system default DNS Server unless a DNS override is configured for that specific interface in the configuration menu.
- Domain queries will now utilize dig if it is installed and will bypass use of nslookup.
- If dig is installed, a policy can be configured to allow CNAMES of domains to be added to the policy domain list automatically during query execution. This is disabled by default for existing policies and can be enabled using the editpolicy function.

Fixes:
- Reduced names of IPSets to allow policy names to have a max length of 24 characters.
- Fixed issue that caused RT-AC68U and DSL-AC68U to lock up on execution due to limitation of 2 OpenVPN Client slots.
- Domain VPN Routing will now check the IP version and test it for compability.
Can I use this with AdGuard home ?? If so.. how do I enable logging for DNSMasq ? Or do I not need DNSMasq since I’m using AdGuard home ? Or do I run both ? Can you run both ?
 
Can I use this with AdGuard home ?? If so.. how do I enable logging for DNSMasq ? Or do I not need DNSMasq since I’m using AdGuard home ? Or do I run both ? Can you run both ?
I responded to you in GitHub.
 
v3.0.0-beta2 has been released to address an update issue with the beta channel.
 
@Ranger802004 how to enable dns logging?

Google didn't help me...
Ranger has explained this to me !
To enable DNS logging you would create the file /jffs/configs/dnsmasq.conf.add (If it does not exist already) and then add the following lines to the file.

log-queries
log-facility=/var/log/dnsmasq.log

Restart DNSMasq

service restart_dnsmasq
 
Ranger has explained this to me !
To enable DNS logging you would create the file /jffs/configs/dnsmasq.conf.add (If it does not exist already) and then add the following lines to the file.

log-queries
log-facility=/var/log/dnsmasq.log

Restart DNSMasq

service restart_dnsmasq
Unfortunatelly, for some reason, some error occurs. When I enter app settings, it shows the following:

System Information:
DNS Logging Status Status: Disabled
DNS Log Path Log Path: /var/log/dnsmasq.logno-resolv
WAN FWMark WAN FWMark: 0x8000
WAN Mask WAN Mask: 0xf000
WAN Reverse Path Filter WAN RP Filter: Loose Filtering
 
Unfortunatelly, for some reason, some error occurs. When I enter app settings, it shows the following:

System Information:
DNS Logging Status Status: Disabled
DNS Log Path Log Path: /var/log/dnsmasq.logno-resolv
WAN FWMark WAN FWMark: 0x8000
WAN Mask WAN Mask: 0xf000
WAN Reverse Path Filter WAN RP Filter: Loose Filtering
I managed to fix it.

Now, when I query a policy, this happens (when I have wildcards domains, for example *.meo.pt)


Select the Policy You Want to Query: 2
Query Policy: MeoTV
: No such file or directory
: No such file or directory
: No such file or directory
 
Unfortunatelly, for some reason, some error occurs. When I enter app settings, it shows the following:

System Information:
DNS Logging Status Status: Disabled
DNS Log Path Log Path: /var/log/dnsmasq.logno-resolv
WAN FWMark WAN FWMark: 0x8000
WAN Mask WAN Mask: 0xf000
WAN Reverse Path Filter WAN RP Filter: Loose Filtering
Because you have /var/log/dnsmasq.log and no-resolv on the same line in your add on dnsmasq file in /jffs/configs/dnsmasq.conf.add.
 
***v3.0.0-beta3 has been released***

Release Notes:
v3.0.0-beta3 - 10/09/2024
Enhancements:
- Added functionality to support wildcards for subdomains. Example: *.example.com ***Requires DNS Logging to be enabled***
- Added DNS Overrides for VPN Client interfaces, when a policy is configured with a specific interface it will use the system default DNS Server unless a DNS override is configured for that specific interface in the configuration menu.
- Domain queries will now utilize dig if it is installed and will bypass use of nslookup.
- If dig is installed, a policy can be configured to allow CNAMES of domains to be added to the policy domain list automatically during query execution. This is disabled by default for existing policies and can be enabled using the editpolicy function.
- IP Version will now be displayed under System Information located in the Configuration menu.

Fixes:
- Reduced names of IPSets to allow policy names to have a max length of 24 characters.
- Fixed issue that caused RT-AC68U and DSL-AC68U to lock up on execution due to limitation of 2 OpenVPN Client slots.
- Domain VPN Routing will now check the IP version and operate in a compability mode for older versions. If an optional binary is installed Domain VPN Routing will test and use the newer version of the ip binary between the system and optional binary.
- Fixed an issue with beta update channel.
- Fixed an issue where ip rules were not being deleted when an unreachable rule was being created to block traffic for a VPN interface being down.
- Fixed minor issues with IPv6 routing rules.
 
Congratulations on reaching this milestone on your new major release! I'm very optimistic that you'll have a great stable release soon enough with such great effort and continuous support.

It's my pleasure that I've helped with reporting issues and providing results during the testing phase of these beta versions. Hopefully, more users with old router models, just like me, will join the user base of Domain VPN Routing script!
 
***v3.0.0 has been released to the main production channel***

Release Notes:
v3.0.0 - 10/14/2024
Enhancements:
- Added functionality to support wildcards for subdomains. Example: *.example.com ***Requires DNS Logging to be enabled***
- Added DNS Overrides for VPN Client interfaces, when a policy is configured with a specific interface it will use the system default DNS Server unless a DNS override is configured for that specific interface in the configuration menu.
- Domain queries will now utilize dig if it is installed and will bypass use of nslookup.
- If dig is installed, a policy can be configured to allow CNAMES of domains to be added to the policy domain list automatically during query execution. This is disabled by default for existing policies and can be enabled using the editpolicy function.
- IP Version will now be displayed under System Information located in the Configuration menu.

Fixes:
- Reduced names of IPSets to allow policy names to have a max length of 24 characters.
- Fixed issue that caused RT-AC68U and DSL-AC68U to lock up on execution due to limitation of 2 OpenVPN Client slots.
- Domain VPN Routing will now check the IP version and operate in a compability mode for older versions. If an optional binary is installed Domain VPN Routing will test and use the newer version of the ip binary between the system and optional binary.
- Fixed an issue with beta update channel.
- Fixed an issue where ip rules were not being deleted when an unreachable rule was being created to block traffic for a VPN interface being down.
- Fixed minor issues with IPv6 routing rules.
 
***v3.0.0 has been released to the main production channel***

Release Notes:
v3.0.0 - 10/14/2024
Enhancements:
- Added functionality to support wildcards for subdomains. Example: *.example.com ***Requires DNS Logging to be enabled***
- Added DNS Overrides for VPN Client interfaces, when a policy is configured with a specific interface it will use the system default DNS Server unless a DNS override is configured for that specific interface in the configuration menu.
- Domain queries will now utilize dig if it is installed and will bypass use of nslookup.
- If dig is installed, a policy can be configured to allow CNAMES of domains to be added to the policy domain list automatically during query execution. This is disabled by default for existing policies and can be enabled using the editpolicy function.
- IP Version will now be displayed under System Information located in the Configuration menu.

Fixes:
- Reduced names of IPSets to allow policy names to have a max length of 24 characters.
- Fixed issue that caused RT-AC68U and DSL-AC68U to lock up on execution due to limitation of 2 OpenVPN Client slots.
- Domain VPN Routing will now check the IP version and operate in a compability mode for older versions. If an optional binary is installed Domain VPN Routing will test and use the newer version of the ip binary between the system and optional binary.
- Fixed an issue with beta update channel.
- Fixed an issue where ip rules were not being deleted when an unreachable rule was being created to block traffic for a VPN interface being down.
- Fixed minor issues with IPv6 routing rules.
I'm trying to update to the production version & i'm getting the ---
domain_vpn_routing: ***domain_vpn_routing failed Checksum Check*** Current Checksum: 9e65c575e01c55e0d18d82b5baa10c0db329a1c74213d5f0c1f7ed370dc145c4 Valid Checksum: 35b9c86a08e39687556fde34a8740cb550634b3cfafbb7c83eb96248dc61fbb7


***Checksum Failed***


Current Checksum: 9e65c575e01c55e0d18d82b5baa10c0db329a1c74213d5f0c1f7ed370dc145c4 Valid Checksum: 35b9c86a08e39687556fde34a8740cb550634b3cfafbb7c83eb96248dc61fbb7
 
I'm trying to update to the production version & i'm getting the ---
domain_vpn_routing: ***domain_vpn_routing failed Checksum Check*** Current Checksum: 9e65c575e01c55e0d18d82b5baa10c0db329a1c74213d5f0c1f7ed370dc145c4 Valid Checksum: 35b9c86a08e39687556fde34a8740cb550634b3cfafbb7c83eb96248dc61fbb7


***Checksum Failed***


Current Checksum: 9e65c575e01c55e0d18d82b5baa10c0db329a1c74213d5f0c1f7ed370dc145c4 Valid Checksum: 35b9c86a08e39687556fde34a8740cb550634b3cfafbb7c83eb96248dc61fbb7
That is normal when coming from a beta version, it sees it as the same version as the production version but they are have a different checksum value, just force update it so it will get the production version.
 
***v3.0.1-beta1 Release***

Considerations:
- To use ASN related functions, install jq package from Entware.


Release Notes:
v3.0.1-beta1 - 10/15/2024
Enhancements
- Added functionality to add ASNs to be routed over an interface.
- Added ADDCNAMES to Show Policy menu when viewing a policy.
- Optimized functionality to generate interface list when creating or editing a policy or ASN.
- Optimized functionality for boot delay timer and setting process priority.
- System Information under Configuration menu now shows status of dig and jq being installed.

Fixes:
- Fixed an issue where IP FWMark rules were erroneously being deleted when editing or deleting a policy.
- Fixed an issue with executing the kill function to kill Domain VPN Routing processes, this was also happeneing in update mode.
- Various minor fixes
 
That is normal when coming from a beta version, it sees it as the same version as the production version but they are have a different checksum value, just force update it so it will get the production version.

I went through the same thing, but immediately knew the reason. However, after a successful update, if I check for updates again, it keeps giving the same message (update), so I had to exit and open the script again to stop getting the same update over and over again. I guess that the MD5 checksum is not getting updated after a version update. That's all!
 
***v3.0.1-beta1 Release***
It would be nice to apply a different IP verification interval to each specific policy
(for example, Youtube should be polled every 10 minutes, and most policies do not need any interval at all, because they have a single IP and no re-verification is required)
Thanks!
 
It would be nice to apply a different IP verification interval to each specific policy
(for example, Youtube should be polled every 10 minutes, and most policies do not need any interval at all, because they have a single IP and no re-verification is required)
Thanks!
That’s a great idea !
 
It would be nice to apply a different IP verification interval to each specific policy
(for example, Youtube should be polled every 10 minutes, and most policies do not need any interval at all, because they have a single IP and no re-verification is required)
Thanks!
Submit it as a request via GitHub.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Top