Yeap, it does return 1.
When I connect to the router with WinSCP, it shows in the root folder jffs folder with the following rights: rwxr-xr-x, and under the properties the Octal is 0755
More attempts:
- I re-saved my OpenVPN keys, and then try to format the jffs /reboot
the router hung during reboot (!)
- power cycle - back online
- disable jffs, reboot
- enable jffs, format jffs, reboot
still the same result.. blank jffs folder
In the log file (cleared before doing anyting)
Dec 31 19:00:11 kernel: Creating 2 MTD partitions on "brcmnand":
Dec 31 19:00:11 kernel: 0x000002000000-0x000008000000 : "brcmnand"
Dec 31 19:00:11 kernel: 0x000004000000-0x000006000000 : "jffs2"
(note that there is no jffs2 when I connect to the router via WinSCP - only jffs is visible!)
I see no evidence in the log that the partition JFFS was formatted!
I am attaching the log for your feedback.
Is there any way to manually format JFFS partition? will it create the needed folder for scripts and set permissions to allow putting script there?
Try using another telnet/ssh client it may be WinSCP that is being the culprit
http://forums.smallnetbuilder.com/showthread.php?t=9202&page=4
thanks, what would you recommend?
mtd-erase2 jffs2
Try using another telnet/ssh client it may be WinSCP that is being the culprit
http://forums.smallnetbuilder.com/showthread.php?t=9202&page=4
I created a file called openvpn-event.sh in Notepad++
#!/bin/sh
sleep 2
touch /tmp/000wanstarted
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
echo 0 > $i
done
#US VPN
#
# Delete and table 100 and flush any existing rules if they exist.
#
ip route flush table 100
ip route del default table 100
ip rule del fwmark 1 table 100
ip route flush cache
iptables -t mangle -F PREROUTING
#
# Copy all non-default and non-VPN related routes from the main table into table 100.
# Then configure table 100 to route all traffic out the WAN gateway and assign it mark "1"
#
# NOTE: Here I assume the OpenVPN tunnel is named "tun11".
#
#
ip route show table main | grep -Ev ^default | grep -Ev tun11 \
| while read ROUTE ; do
ip route add table 100 $ROUTE
done
ip route add default table 100 via $(nvram get wan_gateway)
ip rule add fwmark 1 table 100
ip route flush cache
#
# Define the routing policies for the traffic. The rules will be applied in the order that they
# are listed. In the end, packets with MARK set to "0" will pass through the VPN. If MARK is set
# to "1" it will bypass the VPN.
#
# All LAN traffic will bypass the VPN (Useful to put this rule first, so all traffic bypasses the VPN and you can # configure exceptions afterwards)
iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1
# All traffic from Apple TV will use the US VPN
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.1.189 -j MARK --set-mark 0
# All traffic from Sony TV will use the US VPN
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.1.179 -j MARK --set-mark 0
exit 0
@RMerlin, as your advice I double checked my filename and changed it to openvpn-event. I used again chmod 700 /jffs/scripts/openvpn-event to make it executable.
Here is the script I used:
Right now OpenVPN is connected but all of the traffic goes through VPN. No change. Also I got this message a lot in syslog:
Sep 22 20:58:42 miniupnpd[3287]: SSDP packet sender 192.168.0.254:1025 not from a LAN, ignoring
Thanks for any help.
If you go to the folder
/tmp
do you see a 0 byte file called: 000wanstarted
?
#!/bin/sh
logger -t "($(basename $0))" $$ HMA VPN Selective customisation starting.... " $0${*:+ $*}."
## CUSTOMIZE YOUR SCRIPT VARIABLES
#
## Uncomment and assign/change value(s) as needed to customize your rules
#
# ip_range1="192.168.10.200-192.168.10.203"
# ip_range2="192.168.10.8/29"
# ip_range3=""
#
# If your IP addresses don't fall in a contiguous range, you'll need separate rules instead.
U200_115="10.88.8.115"
PS3_Bedroom="10.88.8.142"
# ip_address3=""
#
# Spotify
# website_dst_range1="78.31.8.1-78.31.15.254"
# website_dst_range2="193.182.8.1-193.182.15.254"
# Another website
#
# website_dst_range3=""
##
# SHELL COMMANDS FOR MAINTENANCE.
# DO NOT UNCOMMENT, THESE ARE INTENDED TO BE USED IN A SHELL COMMAND LINE
#
# List Contents by line number
#iptables -L PREROUTING -t mangle -n --line-numbers
#
# Delete rules from mangle by line number
#iptables -D PREROUTING type-line-number-here -t mangle
#
# To list the current rules on the router, issue the command:
# iptables -t mangle -L PREROUTING
#
# Flush/reset all the rules to default by issuing the command:
# iptables -t mangle -F PREROUTING
# */* #
# First it is necessary to disable Reverse Path Filtering on all
# current and future network interfaces:
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
echo 0 > $i
done
#
# Delete table 100 and flush any existing rules if they exist.
#
ip route flush table 100
ip route del default table 100
ip rule del fwmark 1 table 100
ip route flush cache
iptables -t mangle -F PREROUTING
#
# Copy all non-default and non-VPN related routes from the main table into table 100.
# Then configure table 100 to route all traffic out the WAN gateway and assign it mark "1"
#
#iface_lst=`route | awk ' {print $8}'`
#for tun_if in $iface_lst; do
# if [ "$tun_if" = "tun11" ]; then
# exit 0
# elif [ "$tun_if" = "tun12" ]; then
# exit 0
# fi
#done
tun_if="tun21"
ip route show table main | grep -Ev ^default | grep -Ev $tun_if \
| while read ROUTE ; do
ip route add table 100 $ROUTE
logger -t "($(basename $0))" $$ HMA VPN Table 100 added entry: $ROUTE
done
ip route add default table 100 via $(nvram get wan_gateway)
logger -t "($(basename $0))" $$ HMA VPN default added to Table 100 for $(nvram get wan_gateway)
ip rule add fwmark 1 table 100
ip route flush cache
# EXAMPLES:
#
# All LAN traffic will bypass the VPN (Useful to put this rule first,
# so all traffic bypasses the VPN and you can configure exceptions afterwards)
# iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1
#
# Ports 80 and 443 will bypass the VPN
# iptables -t mangle -A PREROUTING -i br0 -p tcp -m multiport --dport 80,443 -j MARK --set-mark 1
#
# All traffic from a particular computer on the LAN will use the VPN
# iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.1.2 -j MARK --set-mark 0
#
# All traffic to a specific Internet IP address will use the VPN
# iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range 216.146.38.70 -j MARK --set-mark 0
#
# All UDP and ICMP traffic will bypass the VPN
# iptables -t mangle -A PREROUTING -i br0 -p udp -j MARK --set-mark 1
# iptables -t mangle -A PREROUTING -i br0 -p icmp -j MARK --set-mark 1
# By default all traffic bypasses the VPN
iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1
# IP_RANGES - Uncomment as necessary
#iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range $ip_range1 -j MARK --set-mark 0
#iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range $ip_range2 -j MARK --set-mark 0
#iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range $ip_range3 -j MARK --set-mark 0
# IP_ADDRESSES - Uncomment as necessary
#iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range $ip_address1 -j MARK --set-mark 0
#iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range $ip_address2 -j MARK --set-mark 0
#iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range $ip_address3 -j MARK --set-mark 0
logger -t "($(basename $0))" $$ HMA VPN Selective customisation for: "$"PS3_Bedroom $PS3_Bedroom
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range $PS3_Bedroom -j MARK --set-mark 0
# Optionally FORCE the use of the VPN tunnel, so if the VPN tunnel drops, the device will not use the unencrypted default WAN
#iptables -I FORWARD -i br0 -s $PS3_Bedroom -o eth0 -j DROP
# Spotify explicitly uses the VPN
#iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range website_dst_range1 -j MARK --set-mark 0
#iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range website_dst_range2 -j MARK --set-mark 0
# There is a timing issue for Merlin build 270.26b and earlier where the Client VPN starts
# before the wan-start execution of this script.
# As a 'temporary'workaround set the 'VPN enabled on WAN'option to NO on the GUI,
# then then uncomment the following line
service start_vpnclient1
# Routing for the above devices can be validated by using web page http://www.ip2location.com/
# Although if Port 80 is excluded from the VPN then it will always show the local GEO ISP location!
logger -t "($(basename $0))" $$ HMA VPN Selective customisation completed.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!