What's new

Just Asus Router Apps like Download Master via VPN?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Feivel

Occasional Visitor
Hi all,
actually I'm playing around with my Router, Merlin and the VPN Settings.
Eventually there is somebody out there who has an idea regarding my question. (Didn't find something via search)

Is there a way to apply JUST the "Router itself as a Device to use a configured VPN?
Usually I would like to use a direct access for the Clients in my network, but for the Download Master Service on the Asus Router I would like to make it use of a configured VPN?
So is there a chance that not every communication goes over this VPN, during the period of time where my Router makes use of it?

I'm not sure what happens, when I configure "make use of WAN" and than I apply every Client to it.
And after that I configure "the rest" to make use of the VPN.
I'm not sure how the logic works, because the Router isn't mentioned as a dedicated Client.
Will the VPN work for the Router even if everything is forced to make use of the VPN?

Eventually I'm at a loss here, but thanks in advance.

Best regards
Feivel
 
The router itself will be routed through the VPN provided the routing policy is set to "Yes (all)", which of course includes all the WLAN/LAN clients as well. However, if you use the VPN Director, the router itself is removed from the VPN, and only those WLAN/LAN clients configured in the rules use the VPN.

What you could do is configure w/ the VPN Director and specify a rule that only includes the router's LAN ip (e.g., 192.168.1.1). But that alone is NOT sufficient. You also need to bind the app to only the LAN network interface. Typically, the config file for such apps bind themselves to *all* network interface by default. And if left in that state, the router will NOT use the LAN network interface, but the WAN or VPN network interfaces (as the case may be) directly, making the rule ineffective. IOW, you have to force that app through the LAN network interface so the VPN Director rule is triggered.
 
The router itself will be routed through the VPN provided the routing policy is set to "Yes (all)", which of course includes all the WLAN/LAN clients as well. However, if you use the VPN Director, the router itself is removed from the VPN, and only those WLAN/LAN clients configured in the rules use the VPN.

What you could do is configure w/ the VPN Director and specify a rule that only includes the router's LAN ip (e.g., 192.168.1.1). But that alone is NOT sufficient. You also need to bind the app to only the LAN network interface. Typically, the config file for such apps bind themselves to *all* network interface by default. And if left in that state, the router will NOT use the LAN network interface, but the WAN or VPN network interfaces (as the case may be) directly, making the rule ineffective. IOW, you have to force that app through the LAN network interface so the VPN Director rule is triggered.
Thanks for your fast reply. So I think I've to live with this circumstance.
Finding the config file and hoping to find this attribute seems to be to much effort for my target. :)
 
I can't speak for the tools NZB and aMule in the Downloader app (I don't use any of them), but it seems to me you could rather easily reconfigure the BitTorrent client by changing the file /tmp/mnt/sda1/Download2/config/settings.json (using the nano editor) from …

Code:
"bind-address-ipv4": "0.0.0.0",

to …

Code:
"bind-address-ipv4": "192.168.1.1",

Note: I'm assuming 192.168.1.1 is the LAN ip of your router. If NOT, adjust accordingly.

In combination w/ the VPN Director having a rule to route only the router's LAN IP over the VPN, that should bind the bittorrent client to the VPN as well.

The other option would be to create your own routing policy rule.

Configure the OpenVPN client w/ a "Yes (all)" routing policy, ssh to the router, and copy/paste the following openvpn-event script into the terminal window.

Code:
#!/bin/sh

SCRIPTS_DIR='/jffs/scripts'
SCRIPT="$SCRIPTS_DIR/openvpn-event"

mkdir -p $SCRIPTS_DIR

create_script() {
cat << 'EOF' > $SCRIPT
#!/bin/sh
#set -x # uncomment/comment to enable/disable debug mode
{
VPN_IF='tun11'
LAN_NET="$(nvram get lan_ipaddr)/$(nvram get lan_netmask)"

if [ "$dev" == "$VPN_IF" ]; then
    if [ "$script_type" == 'route-up' ]; then
        ip rule del from $LAN_NET table main 2>/dev/null
        ip rule add from $LAN_NET table main priority 10
        ip route flush cache
    elif [ "$script_type" == 'route-pre-down' ]; then
        ip rule del from $LAN_NET table main
        ip route flush cache
    fi
fi

exit 0
} 2>&1 | logger -t $(basename $0)[$$]
EOF
chmod +x $SCRIPT
}

if [ -f $SCRIPT ]; then
    echo "error: $SCRIPT already exists; requires manual installation"
else
    create_script
    echo 'Done.'
fi
:

Finally, restart the OpenVPN client or reboot.

By default, all traffic is routed over the VPN, including the router. But your own policy rule (w/ higher priority) makes an exception to route the rest of the local IP network (e.g., 192.168.1.0/24) over the WAN. So the only device still bound to the VPN is the router itself.

Once again, I made an assumption about which OpenVPN client you're using (#1, which is tun11). If NOT, adjust accordingly.
 
Last edited:
Thanks a lot for your input.
Never digged into my personal Router that deep. ;-)

- I opened SSH
- Downloaded the settings.json
- Found the mentioned attribute
- Did a change of it and uploaded it
- Changed the VPN Rule to that specific IP

But at first before going on with changing the bind IP, I clicked on the Download Master and at first it always says Task is already available. (but there weren't any tasks)

So I:
- Deinstall/Install Download Master
- Formatted the HDD
- Closed SSH Connection
- Router reboot

But it always says the Task does already exists, even if I tryed to add another task.
I also get an about:blank#blocked if I go to the Download Manager via Menue instead of using the direct URL.

Is the Merlin FW eventually not compatible to the DL Master? Any ideas?
 
Last edited:
Thanks a lot for your input.
Never digged into my personal Router that deep. ;-)

- I opened SSH
- Downloaded the settings.json
- Found the mentioned attribute
- Did a change of it and uploaded it
- Changed the VPN Rule to that specific IP

But at first before going on with changing the bind IP, I clicked on the Download Master and at first it always says Task is already available. (but there weren't any tasks)

So I:
- Deinstall/Install Download Master
- Formatted the HDD
- Closed SSH Connection
- Router reboot

But it always says the Task does already exists, even if I tryed to add another task.
I also get an about:blank#blocked if I go to the Download Manager via Menue instead of using the direct URL.

Is the Merlin FW eventually not compatible to the DL Master? Any ideas?

Again, I don't use Download Master. I can only assume it's compatible given it's available for installation and use w/ the ASUS/Merlin firmware.

FWIW, I installed it on my RT-AC68U and had it working using either of the methods I described above. I used the following link specifically from the Ultimate Boot CD for testing purposes.


I did notice w/ other links that I sometimes ran into this "task aready exists" error message, but I have no idea why. Seems to me this Download Master app is a bit fragile. It's pretty annoying as well it will NOT accept a pasted password, but forces me to manual type it (which is stupid, since it discourages strong passwords). So I can't say I'm a fan of it. I just wanted to confirm it worked.

P.S. I also noticed the app seems to lock up from time to time and stop updating, requiring a full refresh.
 
Hey, thx a lot for testing!!!
I think regarding the VPN Settings I'm fine now, but for what ever reason the Download Manager isn't working/reachable anymore.
From the USB Page it looks up and running, but..
Is this the link you reach its page: http://router.asus.com:8081/downloadmaster/index.asp ?

What do you mean by full refresh?
I already deinstalled it several times and using different usb devices - Devices where it had been already working with.

It seems like that there is a way to manually downgrade to an older version, but not every devices supports every version of it. Seems to be a bit tricky.

Eventually I will try to go back to asuswrt tomorrow and do a restore of my backup settings.
And see how it behaves there.
 

Be careful in relying on that domain name. That *assumes* you're using DNSMasq (the router's own DNS server/proxy), since only DNSMasq can resolve it. But let's say you've configured the OpenVPN client w/ Exclusive (for Accept DNS configuration). That *bypasses* DNSMasq and accesses the VPN provider's DNS server directly. But that DNS server has no ability to resolve router.asus.com. I find it's better to make a habit of using the actually explicit IP (e.g., 192.168.1.1).

What do you mean by full refresh?

I just meant that at times the page would stop updating the progress bar. It appeared stuck. But if I refreshed the page, it was actually still running. As I said, the app seems a bit fragile to me.
 
Be careful in relying on that domain name. That *assumes* you're using DNSMasq (the router's own DNS server/proxy), since only DNSMasq can resolve it. But let's say you've configured the OpenVPN client w/ Exclusive (for Accept DNS configuration). That *bypasses* DNSMasq and accesses the VPN provider's DNS server directly. But that DNS server has no ability to resolve router.asus.com. I find it's better to make a habit of using the actually explicit IP (e.g., 192.168.1.1).



I just meant that at times the page would stop updating the progress bar. It appeared stuck. But if I refreshed the page, it was actually still running. As I said, the app seems a bit fragile to me.

Yes you are right, I already tried both options. (DNS and IP)
The VPN Configuration is also deactivated atm, so thats not the reason for the behavior.
The rest of the URL is fine?
 
The rest of the URL is fine?

Yes. If you can link to the router itself, then follow the link to the Download Master app under USB Applications, it should just work. All that link does is connect you to the lighttpd web server running in the background. That's what supports that specific webpage. You can always check to see it's running by checking the process table.

Code:
admin@lab-merlin1:/tmp/home/root# ps -w | grep [l]ighttpd
 1225 admin     5472 S    ./asus_lighttpd -Df /opt/etc/asus_lighttpd.conf
 
Ok, it looks like that the service isn't running...

It didn't show me the by you mentioned service and I also can't find something similar.
So deactivated and activated it on the USB App Page and for a short time he found something.
I guess it trys to start, with no success?

Code:
Admin@DSL-AX82U-8960:/tmp/home/root# ps -w | grep [l]ighttpd
Admin@DSL-AX82U-8960:/tmp/home/root# ps -w | grep [l]ighttpd
 7211 Admin     3424 S    sh /tmp/APPS/Lighttpd/Script/S50asuslighttpd start
Admin@DSL-AX82U-8960:/tmp/home/root# ps -w | grep [l]ighttpd
Admin@DSL-AX82U-8960:/tmp/home/root# ps -w | grep [l]ighttpd
 
Switched back to ASUSWRT and load some old settings, but Download Manager behaves the same.
Stick is formatted and from the WebGUI of the Router it seems to be running, but as soon as I switch to DownloadMaster Page its about blank.

I also tried it with enrolling a certificate and using HTTPs. But the same behavior.
 
Switched back to ASUSWRT and load some old settings, but Download Manager behaves the same.
Stick is formatted and from the WebGUI of the Router it seems to be running, but as soon as I switch to DownloadMaster Page its about blank.

I also tried it with enrolling a certificate and using HTTPs. But the same behavior.

There's not much more I can do to help. As I said, using Merlin 386.7_2 w/ my RT-AC68U, I'm able to install and access it just fine. That's not even something under the control of the Merlin firmware, but a basic functionality of the firmware provided by ASUS. You need to take it up w/ them.
 
Hey no problem, you helped me a lot and I'm very thankful for your help.
Eventually there is someone else who has also deal with it, or I will find the solution over time and can share it.

I took a look into the logs during the starting of the service.
I'm not sure if the UDP error message is related to the start of the service?

Code:
Aug 30 07:52:35 rc_service: httpd 1913:notify_rc start_apps_enable downloadmaster no
Aug 30 07:52:50 rc_service: httpd 1913:notify_rc start_apps_enable downloadmaster yes
Aug 30 07:52:55 transmission-daemon[2184]: UDP Failed to set receive buffer: requested 4194304, got 1048576 (tr-udp.c:84)
 
There's not much more I can do to help. As I said, using Merlin 386.7_2 w/ my RT-AC68U, I'm able to install and access it just fine. That's not even something under the control of the Merlin firmware, but a basic functionality of the firmware provided by ASUS. You need to take it up w/ them.

THANKs a lot, now everything is working as wished.

I will later post and explanation of what I did in the end.

You belong to the "Merlin Team" and will recieve a part from the Donations?
 
Soo, how did I make the Download Master work again.
It seems to me, that there are more configurations as in the back up file.
Because just loading the backup from before didn't help and also the Firmware change back to Asuswrt didn't work at all.

So at the end I did a Factoryreset in Asuswrt and load the backup file, I created in Asuswrt, again.
Allready before doing the restore I installed Downloadmaster without an Internetconnection so it was forced to load an old version from its internale storage. This one seems to be working, than I did the restore and with internetconnection I deinstalled ADM and did an installation of the current version.
Which also works fine now.

The bind of the Interface and its VPN assignment wich was the initial reason I was asking for seems to be working as well.

Thanks again for your help and time eibgrad.
 
Last edited:

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top