Did you add a she-bang and make the script executable?
Yes i do
Did you try executing the script from the command line??
Code:
sh /jffs/scripts/myscript.sh
no i dont... *shameOnMe*
i simply connect via ES FILE EXPLORER and SFTP from my phone and created a file named "firewall-start".
Then opend it as a "text" and paste the stuff in it.
And yes - there is a #!/bin/sh at the beginning.
Do i have to add .sh as File Extension!?!
Try the connection, and if it fails, list the appropriate RPDB rules and iptables.
Connection is okay.
Yes, if you have specified the correct tun21 subnet.
I try to find out my tun Number via the route Command - but i dont know how to interprete the output. i can see tun11 and tun21 but dont know which one is the relevant...
If you have now decided to use this
'scripting' solution to your OP
Simultaneous VPN Server and VPN Client, have you
also defined which OpenVPN Server inbound clients should be Selectively routed as '
pass-thru' ?
hehe... okay - i see u have read my other post
Thanks for that !!
Yes - because there is no other way - i try to get it fixed with scripting.
I already installed amtm and the entware package. And finally i can use sftp
And no - i do not defined which OpenVPN Server inbound clients should be routed.
I want ALL devices connected to my OpenVPN Server to be routet over my VPN Provider (outbound)
But i would be glad to know HOW to selectively define them...
Or do u mean in the GUI of the Client to define which one over WAN and which one over VPN?
YES, i have set some rules there (see output later)
Post the output of the following commands
Code:
nvram dump | grep -E "vpn_client[1-5]"_clientlist | sort
nvram dump | grep -E "vpn_server[1-2]_sn" | sort
iptables -nvL OVPN
ip rule
iptables --line -t nat -nvL POSTROUTING
Here is the output of
nvram dump | grep -E "vpn_client[1-5]"_clientlist | sort
Code:
vpn_client1_clientlist=<ALL devices>192.168.1.0/24>0.0.0.0>VPN<Kami-SHIELD_1>192.168.1.3>0.0.0.0>WAN<Kami-SHIELD_2>192.168.1.4>0.0.0.0>WAN<Kami-NAS>192.168.1.6>0.0.0.0>WAN<Router itself>192.168.1.1>0.0.0.0>WAN
vpn_client2_clientlist=<All devices>192.168.1.0/24>0.0.0.0>VPN<Kami-SHIELD_1>192.168.1.3>0.0.0.0>WAN<Kami-SHIELD_2>192.168.1.4>0.0.0.0>WAN<Kami-NAS>192.168.1.6>0.0.0.0>WAN<Router itself>192.168.1.1>0.0.0.0>WAN
vpn_client3_clientlist=<All devices>192.168.1.0/24>0.0.0.0>VPN<Kami-SHIELD_1>192.168.1.3>0.0.0.0>WAN<Kami-SHIELD_2>192.168.1.4>0.0.0.0>WAN<Kami-NAS>192.168.1.6>0.0.0.0>WAN<Router itself>192.168.1.1>0.0.0.0>WAN
vpn_client4_clientlist=<All devices>192.168.1.0/24>0.0.0.0>VPN<Kami-SHIELD_1>192.168.1.3>0.0.0.0>WAN<Kami-SHIELD_2>192.168.1.4>0.0.0.0>WAN<Kami-NAS>192.168.1.6>0.0.0.0>WAN<Router itself>192.168.1.1>0.0.0.0>WAN
vpn_client5_clientlist=<All devices>192.168.1.0/24>0.0.0.0>VPN<Kami-SHIELD_1>192.168.1.3>0.0.0.0>WAN<Kami-SHIELD_2>192.168.1.4>0.0.0.0>WAN<Kami-NAS>192.168.1.6>0.0.0.0>WAN<Router itself>192.168.1.1>0.0.0.0>WAN
Router itself over WAN because of my DDNS update...
Shield is Android TV - because of Netflix over WAN (Geo problem...)
And my NAS over WAN because i managed it in another way.
ALL other devices connected is over VPN
And here is the output of
nvram dump | grep -E "vpn_server[1-2]_sn" | sort
Code:
vpn_server1_sn=10.8.0.0
vpn_server2_sn=10.16.0.0
And here is the output of
iptables -nvL OVPN
Code:
Chain OVPN (2 references)
pkts bytes target prot opt in out source destination
30 2651 DROP all -- tun11 * 0.0.0.0/0 0.0.0.0/0
99 6328 ACCEPT all -- tun21 * 0.0.0.0/0 0.0.0.0/0
And here is the output of
ip rule
Code:
0: from all lookup local
10001: from 192.168.1.3 lookup main
10002: from 192.168.1.4 lookup main
10003: from 192.168.1.6 lookup main
10004: from 192.168.1.1 lookup main
10101: from 192.168.1.0/24 lookup ovpnc1
32766: from all lookup main
32767: from all lookup default
And here ist the Output of
iptables --line -t nat -nvL POSTROUTING
Code:
Chain POSTROUTING (policy ACCEPT 5422 packets, 327K bytes)
num pkts bytes target prot opt in out source destination
1 2852 370K MASQUERADE all -- * tun11 192.168.1.0/24 0.0.0.0/0
2 5599 1341K PUPNP all -- * eth0 0.0.0.0/0 0.0.0.0/0
3 1352 1060K MASQUERADE all -- * eth0 !WAN-IP 0.0.0.0/0
4 146 64620 MASQUERADE all -- * br0 192.168.1.0/24 192.168.1.0/24
Thank u so much for your help !!!!!
Without you and this form i would never get this to work !!