What's new

SSID for VPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

NightmareMan

New Around Here
Hi guys. I've read the manual https://github.com/RMerl/asuswrt-me...or-VPN-and-SSID-for-Regular-ISP-using-OpenVPN.
I did everything exactly like there was written. But still I get default IP (192.168.1.x) on wl1.1 interface and all traffic goes through my ISP, not through OpenVPN client I've set up. Maybe that manual is not actual already or maybe someone has an updated version?
My config:
#!/bin/sh
####### Interface Specific Settings #######
WRLSS_IF=wl1.1 # Name of the wireless interface that will be used.
WRLSS_IF_NTWK_ADDR=192.168.2.0 # Network address that the wireless interface will be on.
WRLSS_IF_INET_ADDR=192.168.2.1 # IP address that will be assigned to the wireless interface.
WRLSS_IF_NETMASK=255.255.255.0 # Netmask of the wireless network to be added.
TUN_IF=tun11 # Name of tunnel interface.
########## DHCP Specific Settings ###########
DHCP_OPT1=3 # dnsmasq option to specify router.
LS_TIME=86400s # Duration of the dhcp leases.
LS_START=192.168.2.100 # Start address of leases. This needs to be within the same network as above.
LS_END=192.168.2.120 # End address of leases. This needs to be within the same network as above.
######## Hide SSID of Guest Network ########
HIDE_SSID=0 # This option is to hide the SSID of a guest network if a guest network is used. Input 1 to hide and 0 to make it visible.
############## Tunnel Module ##############
if [ `lsmod | grep -c tun` == 0 ]; then # This works with Openvpn using a tun interface.
insmod tun
sleep 1
fi
##########################################################################################################
##########################################################################################################
########################################## DHCP Server ###################################################

if [ `cat /etc/dnsmasq.conf | grep -c $WRLSS_IF` == 0 ]; then
killall dnsmasq
sleep 2
echo "interface=$WRLSS_IF" >> /etc/dnsmasq.conf
echo "dhcp-range=$WRLSS_IF,$LS_START,$LS_END,$WRLSS_IF_NETMASK,$LS_TIME" >> /etc/dnsmasq.conf
echo "dhcp-option=$WRLSS_IF,$DHCP_OPT1,$WRLSS_IF_INET_ADDR" >> /etc/dnsmasq.conf
dnsmasq --log-async
fi
sleep 2
### Check to see if tun interface is available ###
while [ ! -n "`ifconfig | grep $TUN_IF`" ]; do
sleep 1
done
############################################ IP ROUTING ##################################################

ifconfig $WRLSS_IF $WRLSS_IF_INET_ADDR netmask $WRLSS_IF_NETMASK
ip route show table main | grep -Ev ^default | while read ROUTE; do
ip route add table 10 $ROUTE;
done
ip route del 0.0.0.0/1 table main # Uncomment this line if you are not using the route-nopull option.
# Many VPN service providers push this route to redirect internet traffic over the tunnel.
ip route add default dev $TUN_IF table 10
ip rule add dev $WRLSS_IF table 10
ip route flush cache
####################################### ETHERNET BRIDGE TABLES RULES #####################################

EBT_BRULE1="-p ipv4 -i $WRLSS_IF -j DROP"
EBT_BRULE2="-p arp -i $WRLSS_IF -j DROP"
if [ -n "$EBT_BRULE1" ] && [ `ebtables -t broute -L | grep -ice "$EBT_BRULE1"` != 1 ]; then
ebtables -t broute -I BROUTING $EBT_BRULE1
fi
if [ -n "$EBT_BRULE2" ] && [ `ebtables -t broute -L | grep -ice "$EBT_BRULE2"` != 1 ]; then
ebtables -t broute -I BROUTING $EBT_BRULE2
fi
############################################ IP TABLES RULES #############################################

if [ `iptables -L -v | grep -c $WRLSS_IF` == 0 ]; then
iptables -I INPUT -i $WRLSS_IF -m state --state NEW -j ACCEPT
iptables -I FORWARD -i $WRLSS_IF -o $TUN_IF -j ACCEPT
fi
if [ `iptables -t nat -L -v | grep -c $TUN_IF` == 0 ]; then
iptables -t nat -I POSTROUTING -s $WRLSS_IF_NTWK_ADDR/24 -o $TUN_IF -j MASQUERADE # Change /24 to the subnet that you will be using.
fi
############################################### HIDE SSID ################################################

if [ `nvram get "$WRLSS_IF"_closed` != 1 ] && [ $HIDE_SSID == 1 ]; then
nvram set "$WRLSS_IF"_closed=1
nvram commit
fi
if [ `nvram get "$WRLSS_IF"_closed` != 0 ] && [ $HIDE_SSID == 0 ]; then
nvram set "$WRLSS_IF"_closed=0
nvram commit
fi
And another thing: when I just try to execute the script manually I get this:
asus.PNG
A screenshot from router to prove which interface I use:
asus2.PNG
A screenshot from my phone:
samsung.png
It is clearly seen that the phone got default IP, not that which was in the IP range from the script.
 
Last edited:
peraburek, Just tried. I have the same problem as above. And the script seems to be with errors. See the output when I try to execute it.
admin@RT-AC1900-A608:/jffs/scripts# sh vpn-route-1.sh
" is wrong: table id value is invalid

" is wrong: "table" value is invalid

".ror: an inet prefix is expected rather than "cache
".ror: an inet address is expected rather than "192.168.5.2
" is wrong: invalid table ID

".ror: an inet prefix is expected rather than "cache
vpn-route-1.sh: line 25: syntax error: unexpected word (expecting "do")
admin@RT-AC1900-A608:/jffs/scripts#
And I can't even understand why I don't get at least right IP over DHCP. I checked dnsmasq.conf file and it has these lines:
interface=wl1.1
dhcp-range=wl1.1,192.168.201.2,192.168.201.254,255.255.255.0,28800s
dhcp-option=wl1.1,3,192.168.201.1
 
Last edited:
@NightmareMan - you have to setup OpenVPN Client 1 first, and make sure it works
after that you have to setup Wireless guest network (I am using 5GHz guest network 1 - for OpenVPN Client1, and 5GHz guest network 2 for OpenVPN Client 2)

which Asus router model do you have? I am using this daily on my AC68U, it works great!
 
peraburek , I made a mistake. Instead of copypasting the script using "vi" (like u said) I pasted ur scripts to Notepad++ and then transfered them to router via WinSCP. And the problem was that after I open what I pasted with Notepad++ via "vi" I saw that in the end of each line there is a "^M" symbols. After I cleared the script from that symbols, everything bagan to work as it should. So, it was my silly mistake.
And by the way I have AC1900 with latest 380.66_6 firmware.
Thank you very much ;)
 
--UPDATE--
I created a new thread here:

https://www.snbforums.com/threads/2-vpn-client-and-2-wifi-ssid-how-to-route-traffic.41222/

Thank you.
-------------

Hello Everyone,
i'm Carlo from Italy: this is my first post on this forum :)
I did search and i did try to find the answer to my need but i didnt find, so i'm very sorry if there is a post that answer me.

I am not an expert on network/shell so i try ask you if you can help me, my question is very similar to the one of this post, but cant understand how to solve it.
I have an asus RT-N66U with the last version of Merlin-Asuswrt (380.68).

Router LAN is 192.168.2.1/255.255.255.0.
Wan is 192.168.1.1/255.255.255.0
I have enabled WIFI 2.4 & WIFI 5G with 2 different SSID
I have configured 2 VPN: Client 1 and Client 2 (they are working)
I did an ifconfig and i found these interfaces: br0, eth0, eth1, eth2, lo, tun11, tun12, vlan1, vlan2.

My wish is to route traffic to VPN Client 1 for the devices connected to the WIFI 2.4, and route to VPN Client 2 for the devices connected to the WIFI 5.0.

I do not have many devices so i guess an easy solution (maybe) can be to assign different dhcp range (eg. from 192.168.2.10 to 192.168.2.29 for WIFI 2.4, and from 192.168.2.30 to 192.168.2.49 for WIFI 5) and configure the Policy Rules on each VPN Client.

Can someone tell me if the solution can work... and how to do it?

Thank you very very much for your support.
Carlo.
 
Last edited:

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top