I added route as you suggested and it shows when i type the route commandroute
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.1 * 255.255.255.255 UH 0 0 0 vlan2
94.12.345.678 192.168.1.1 255.255.255.255 UGH 0 0 0 vlan2
192.168.2.0 * 255.255.255.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 vlan2
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.0.1 0.0.0.0 UG 0 0 0 ppp5
default 192.168.1.1 0.0.0.0 UG 1 0 0 vlan2
What about a route that bypasses the VPN?
Edit: Ok, a route seems to work.
ip route add 104.28.7.4/32 via 192.168.1.1 dev vlan2
Before: (with VPN)
curl -s http://ipv4.myip.dk/api/info/IPv4Address
"94.2x.xxx.xx"
After: (with VPN and route)
curl -s http://ipv4.myip.dk/api/info/IPv4Address
"95.16x.xx.xxx"
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
104.237.90.131 192.168.1.1 255.255.255.255 UGH 0 0 0 vlan2
192.168.1.1 * 255.255.255.255 UH 0 0 0 vlan2
104.28.7.4 192.168.1.1 255.255.255.255 UGH 0 0 0 vlan2
192.168.2.0 * 255.255.255.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 vlan2
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 10.0.0.1 0.0.0.0 UG 0 0 0 ppp5
default 192.168.1.1 0.0.0.0 UG 1 0 0 vlan2
# This code goes in the WAN UP section of the Tomato GUI.
# This code based on the contributions from this thread:
# http://www.linksysinfo.org/index.php?threads/route-only-specific-ports-through-vpn-openvpn.37240/
#
# And from material in these articles:
# http://linux-ip.net/html/adv-multi-internet.html
# http://fedorasolved.org/Members/kanarip/iptables-howto
#
# This script configures "selective" VPN routing. Normally Tomato will route ALL traffic out
# the OpenVPN tunnel. These changes to iptables allow some outbound traffic to use the VPN, and some
# traffic to bypass the VPN and use the regular Internet instead.
#
# To list the current rules on the router, issue the command:
# iptables -t mangle -L PREROUTING
#
# Flush/reset all the rules to default by issuing the command:
# iptables -t mangle -F PREROUTING
#
#
# First it is necessary to disable Reverse Path Filtering on all
# current and future network interfaces:
#
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
echo 0 > $i
done
#
# Delete and table 100 and flush any existing rules if they exist.
#
ip route flush table 100
ip route del default table 100
ip rule del fwmark 1 table 100
ip route flush cache
iptables -t mangle -F PREROUTING
#
# Copy all non-default and non-VPN related routes from the main table into table 100.
# Then configure table 100 to route all traffic out the WAN gateway and assign it mark "1"
#
# NOTE: Here I assume the OpenVPN tunnel is named "tun11".
#
#
ip route show table main | grep -Ev ^default | grep -Ev tun11 \
| while read ROUTE ; do
ip route add table 100 $ROUTE
done
ip route add default table 100 via $(nvram get wan_gateway)
ip rule add fwmark 1 table 100
ip route flush cache
#
# Define the routing policies for the traffic. The rules will be applied in the order that they
# are listed. In the end, packets with MARK set to "0" will pass through the VPN. If MARK is set
# to "1" it will bypass the VPN.
#
# EXAMPLES:
#
# All LAN traffic will bypass the VPN (Useful to put this rule first, so all traffic bypasses the VPN and you can configure exceptions afterwards)
# iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1
# Ports 80 and 443 will bypass the VPN
# iptables -t mangle -A PREROUTING -i br0 -p tcp -m multiport --dport 80,443 -j MARK --set-mark 1
# All traffic from a particular computer on the LAN will use the VPN
# iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.1.2 -j MARK --set-mark 0
# All traffic to a specific Internet IP address will use the VPN
# iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range 216.146.38.70 -j MARK --set-mark 0
# All UDP and ICMP traffic will bypass the VPN
# iptables -t mangle -A PREROUTING -i br0 -p udp -j MARK --set-mark 1
# iptables -t mangle -A PREROUTING -i br0 -p icmp -j MARK --set-mark 1
# By default all traffic bypasses the VPN
iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1
# Spotify explicitly uses the VPN
iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range 78.31.8.1-78.31.15.254 -j MARK --set-mark 0
iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range 193.182.8.1-193.182.15.254 -j MARK --set-mark 0
cat /proc/sys/net/ipv4/conf/default/rp_filter
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
echo 0 > $i
I added route as you suggested and it shows when i type the route command
Code:Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 104.237.90.131 192.168.1.1 255.255.255.255 UGH 0 0 0 vlan2 192.168.1.1 * 255.255.255.255 UH 0 0 0 vlan2 104.28.7.4 192.168.1.1 255.255.255.255 UGH 0 0 0 vlan2 192.168.2.0 * 255.255.255.0 U 0 0 0 br0 192.168.1.0 * 255.255.255.0 U 0 0 0 vlan2 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 10.0.0.1 0.0.0.0 UG 0 0 0 ppp5 default 192.168.1.1 0.0.0.0 UG 1 0 0 vlan2
but when i run the curl command it still returns the VPN IP address. Something to do with the default gateway?
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.1 * 255.255.255.255 UH 0 0 0 vlan2
192.168.2.0 * 255.255.255.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 vlan2
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.1.1 0.0.0.0 UG 0 0 0 vlan2
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.1 * 255.255.255.255 UH 0 0 0 vlan2
94.232.XXX.XXX 192.168.1.1 255.255.255.255 UGH 0 0 0 vlan2
192.168.2.0 * 255.255.255.0 U 0 0 0 br0
192.168.1.0 * 255.255.255.0 U 0 0 0 vlan2
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 192.168.0.1 0.0.0.0 UG 0 0 0 ppp5
default 192.168.1.1 0.0.0.0 UG 1 0 0 vlan2
+ VERSION=2.4
+ USERNAME=myusername@gmail.com
+ PASSWORD=mypw
+ HOSTNAME=myhost.ddns.net
+ USERAGENT=asuswrt-merlin No-IP Updater/
+ nvram get wan0_ipaddr
+ ASUSIP=192.168.1.253
+ LOGFILE=
+ CUSTOM_UPDATE=30
+ LogMe CustomUpdateDDNS: Starting custom DDNS updater v2.4
+ [[ -n ]]
+ logger CustomUpdateDDNS: Starting custom DDNS updater v2.4
+ [[ -z 192.168.1.253 ]]
+ CronUpdate
+ [[ -n 30 ]]
+ cru l
+ grep CustomUpdateDDNS
+ [[ -z */30 * * * * /jffs/scripts/ddns-start #CustomUpdateDDNS# ]]
+ LogMe CustomUpdateDDNS: Reported asus router ip: 192.168.1.253
+ [[ -n ]]
+ logger CustomUpdateDDNS: Reported asus router ip: 192.168.1.253
+ echo 192.168.1.253
+ grep -E ^(10\.|100\.(6[4-9]|7[0-9]|8[0-9]|9[0-9]|1[0-2][0-9])\.|172\.(1[6789]|2[0-9]|3[01])\.|192\.0\.0\.|192\.168|198\.1[89])
+ [[ -n 192.168.1.253 ]]
+ LogMe CustomUpdateDDNS: Local ip detected
+ [[ -n ]]
+ logger CustomUpdateDDNS: Local ip detected
+ curl -s http://icanhazip.com/
+ NEWIP=151.x.x.x
+ [[ -z 151.x.x.x ]]
+ LogMe CustomUpdateDDNS: Found external ip: 151.x.x.x
+ [[ -n ]]
+ logger CustomUpdateDDNS: Found external ip: 151.x.x.x
+ nvram get EXTERNALIP
+ [[ 151.x.x.x == 151.x.x.x ]]
+ UpdateIp
+ nvram set EXTERNALIP=151.x.x.x
+ URL=https://myusername@gmail.com:mypw@dynupdate.no-ip.com/nic/update?hostname=myhost.ddns.net&myip=151.x.x.x
+ curl -s -k --user-agent asuswrt-merlin No-IP Updater/ https://myusername@gmail.com:mypw@dynupdate.no-ip.com/nic/update?hostname=myhost.ddns.net&myip=151.x.x.x
+ RESPONSE=
+ echo
+ awk { print $1 }
+ RESPONSE_A=
+ LogMe CustomUpdateDDNS: DDNS update complete
+ [[ -n ]]
+ logger CustomUpdateDDNS: DDNS update complete
+ exit 0
Jun 11 21:11:36 WAN Connection: Ethernet link down.
Jun 11 21:11:36 DualWAN: skip single wan wan_led_control - WANRED off
Jun 11 21:12:01 WAN Connection: Ethernet link up.
Jun 11 21:12:01 rc_service: wanduck 454:notify_rc restart_wan_if 0
Jun 11 21:12:04 custom script: Running /jffs/scripts/ddns-start (args: 192.168.1.253)
Jun 11 21:12:04 admin: CustomUpdateDDNS: Starting custom DDNS updater v2.4
Jun 11 21:12:04 admin: CustomUpdateDDNS: Reported asus router ip: 192.168.1.253
Jun 11 21:12:04 admin: CustomUpdateDDNS: Local ip detected
Jun 11 21:12:07 watchdog: start ddns.
Jun 11 21:12:07 rc_service: watchdog 493:notify_rc start_ddns
Jun 11 21:12:07 rc_service: waitting "restart_wan_if 0" via wanduck ...
Jun 11 21:12:16 WAN Connection: WAN was restored.
Jun 11 21:12:22 rc_service: skip the event: start_ddns.
Jun 11 21:12:41 WAN Connection: Ethernet link up.
Jun 11 21:12:41 rc_service: wanduck 454:notify_rc restart_wan_if 0
Jun 11 21:12:41 rc_service: waitting "restart_wan_if 0" via wanduck ...
Jun 11 21:12:51 rc_service: skip the event: restart_wan_if 0.
Jun 11 21:12:51 watchdog: start ddns.
Jun 11 21:12:51 rc_service: watchdog 493:notify_rc start_ddns
Jun 11 21:12:51 rc_service: waitting "restart_wan_if 0" via wanduck ...
Jun 11 21:13:04 admin: CustomUpdateDDNS: Found external ip:
Jun 11 21:13:06 rc_service: skip the event: start_ddns.
Jun 11 21:13:35 watchdog: start ddns.
Jun 11 21:13:35 rc_service: watchdog 493:notify_rc start_ddns
Jun 11 21:13:35 rc_service: waitting "restart_wan_if 0" via wanduck ...
Jun 11 21:13:50 rc_service: skip the event: start_ddns.
Jun 11 21:14:05 admin: CustomUpdateDDNS: DDNS update complete
Jun 11 21:14:19 watchdog: start ddns.
Jun 11 21:14:19 rc_service: watchdog 493:notify_rc start_ddns
Jun 11 21:14:19 custom script: Running /jffs/scripts/ddns-start (args: 192.168.1.253)
Jun 11 21:14:19 admin: CustomUpdateDDNS: Starting custom DDNS updater v2.4
Jun 11 21:14:20 admin: CustomUpdateDDNS: Reported asus router ip: 192.168.1.253
Jun 11 21:14:20 admin: CustomUpdateDDNS: Local ip detected
Jun 11 21:14:20 admin: CustomUpdateDDNS: Found external ip: 151.x.x.x
Jun 11 21:14:49 watchdog: start ddns.
Jun 11 21:14:49 rc_service: watchdog 493:notify_rc start_ddns
Jun 11 21:14:49 rc_service: waitting "start_ddns" via watchdog ...
Jun 11 21:15:04 rc_service: skip the event: start_ddns.
Jun 11 21:15:05 admin: CustomUpdateDDNS: DDNS update complete
+ VERSION=2.4
+ USERNAME=myusername
+ PASSWORD=mypw
+ HOSTNAME=myhost.ddns.net
+ USERAGENT=asuswrt-merlin No-IP Updater/
+ nvram get wan0_ipaddr
+ ASUSIP=192.168.1.253
+ LOGFILE=
+ CUSTOM_UPDATE=30
+ LogMe CustomUpdateDDNS: Starting custom DDNS updater v2.4
+ [[ -n ]]
+ logger CustomUpdateDDNS: Starting custom DDNS updater v2.4
+ [[ -z 192.168.1.253 ]]
+ CronUpdate
+ [[ -n 30 ]]
+ cru l
+ grep CustomUpdateDDNS
+ [[ -z */30 * * * * /jffs/scripts/ddns-start #CustomUpdateDDNS# ]]
+ LogMe CustomUpdateDDNS: Reported asus router ip: 192.168.1.253
+ [[ -n ]]
+ logger CustomUpdateDDNS: Reported asus router ip: 192.168.1.253
+ echo 192.168.1.253
+ grep -E ^(10\.|100\.(6[4-9]|7[0-9]|8[0-9]|9[0-9]|1[0-2][0-9])\.|172\.(1[6789]|2[0-9]|3[01])\.|192\.0\.0\.|192\.168|198\.1[89])
+ [[ -n 192.168.1.253 ]]
+ LogMe CustomUpdateDDNS: Local ip detected
+ [[ -n ]]
+ logger CustomUpdateDDNS: Local ip detected
+ curl -s http://icanhazip.com/
+ NEWIP=151.x.x.x
+ [[ -z 151.x.x.x ]]
+ LogMe CustomUpdateDDNS: Found external ip: 151.x.x.x
+ [[ -n ]]
+ logger CustomUpdateDDNS: Found external ip: 151.x.x.x
+ nvram get EXTERNALIP
+ [[ 151.x.x.x == 151.x.x.x ]]
+ UpdateIp
+ nvram set EXTERNALIP=151.x.x.x
+ URL=https://myusername:mypw@dynupdate.no-ip.com/nic/update?myhost=myhost.ddns.net&myip=151.x.x.x
+ curl -s -k --user-agent asuswrt-merlin No-IP Updater/ https://myusername:mypw@dynupdate.no-ip.com/nic/update?hostname=myhost.ddns.net&myip=151.x.x.x
+ RESPONSE=good 151.x.x.x
+ echo good 151.x.x.x
+ awk { print $1 }
+ RESPONSE_A=good
+ UpdateMerlin 1
+ /sbin/ddns_custom_updated 1
+ LogMe CustomUpdateDDNS: (good) DNS hostname(s) successfully updated to 151.x.x.x.
+ [[ -n ]]
+ logger CustomUpdateDDNS: (good) DNS hostname(s) successfully updated to 151.x.x.x.
+ LogMe CustomUpdateDDNS: DDNS update complete
+ [[ -n ]]
+ logger CustomUpdateDDNS: DDNS update complete
+ exit 0
if [[ "$NEWIP" == "$(nvram get EXTERNALIP)" ]]; then
# ip has not changed there's no need to hammer the ddns provider, so compare it to the previosuly found ip and save in ram
# LogMe "CustomUpdateDDNS: (nochange) External IP address is current: $NEWIP"
# LogMe "CustomUpdateDDNS: Update not needed"
# /sbin/ddns_custom_updated 1
UpdateIp
else
UpdateIp
fi
Dec 8 13:58:48 admin: CustomUpdateDDNS: Starting custom DDNS updater v2.4
Dec 8 13:58:48 admin: CustomUpdateDDNS: Reported asus router ip: 10.225.239.62
Dec 8 13:58:48 admin: CustomUpdateDDNS: Local ip detected
Dec 8 13:58:49 admin: CustomUpdateDDNS: Found external ip: EX.TER.NAL.IP
Dec 8 13:58:49 admin: CustomUpdateDDNS: (nochange) External IP address is current: EX.TER.NAL.IP
Dec 8 13:58:49 admin: CustomUpdateDDNS: Update not needed
Dec 8 13:58:49 ddns: Completed custom ddns update
Dec 8 13:58:49 admin: CustomUpdateDDNS: DDNS update complete
Steffe, thank you for the prompt answer.Hi ngnoPQ,
Well. Basically you ignore the saved ip, meaning that you will send an update request each time the script executes to noip.com. Your ISP provides a carrier grade nat, which is why it looks up your external ip.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!