I put everything in functions and made a few little tweaks. I still need to add comments and incorporate a couple of checks to make sure the user has everything configured/installed as expected.
User configuration:
Unbound - running as system resolver
X3mRouting - installed (must have rules to make fwmark 0x8000 and 0x1000)
DNS lookups - forced to default gateway
Dns in wan tab- public dns server
Dns in lan tab - not set/default gateway
Vpn client 1 - setup and running
Add the following line to “/jffs/scripts/x3mRouting/vpnclient1-route-up”
Code:
/jffs/scripts/unbound_via_vc1.sh start &
Add the following line to “/jffs/scripts/x3mRouting/vpnclient1-route-pre-down”
Code:
/jffs/scripts/unbound_via_vc1.sh stop &
Create “unbound_via_vc1.sh” in “/jffs/scripts”, paste the code below and chmod 755
Code:
#!/bin/sh
Check_Tun11_Con() {
ping -c1 -w1 -I tun11 1.1.1.1
}
Delete_Rules() {
iptables -t mangle -D OUTPUT -d "$wan0_dns0"/32 -p udp --dport 53 -j MARK --set-mark 0x8000/0x8000
iptables -t mangle -D OUTPUT -d "$wan0_dns1"/32 -p udp --dport 53 -j MARK --set-mark 0x8000/0x8000
iptables -t mangle -D OUTPUT -d "$wan0_dns0"/32 -p tcp --dport 53 -j MARK --set-mark 0x8000/0x8000
iptables -t mangle -D OUTPUT -d "$wan0_dns1"/32 -p tcp --dport 53 -j MARK --set-mark 0x8000/0x8000
iptables -t mangle -D OUTPUT -p tcp --dport 53 -j MARK --set-mark 0x1000/0x1000
iptables -t mangle -D OUTPUT -p udp --dport 53 -j MARK --set-mark 0x1000/0x1000
}
Add_Rules() {
iptables -t mangle -A OUTPUT -d "$wan0_dns0"/32 -p udp --dport 53 -j MARK --set-mark 0x8000/0x8000
iptables -t mangle -A OUTPUT -d "$wan0_dns1"/32 -p udp --dport 53 -j MARK --set-mark 0x8000/0x8000
iptables -t mangle -A OUTPUT -d "$wan0_dns0"/32 -p tcp --dport 53 -j MARK --set-mark 0x8000/0x8000
iptables -t mangle -A OUTPUT -d "$wan0_dns1"/32 -p tcp --dport 53 -j MARK --set-mark 0x8000/0x8000
iptables -t mangle -A OUTPUT -p tcp --dport 53 -j MARK --set-mark 0x1000/0x1000
iptables -t mangle -A OUTPUT -p udp --dport 53 -j MARK --set-mark 0x1000/0x1000
}
Unbound_vc1() {
Add_Rules
/jffs/addons/unbound/unbound_manager.sh vpn=1 &
logger -st "($(basename "$0"))" $$ Ending Script Execution
}
Unbound_vpnDisable() {
Delete_Rules
/jffs/addons/unbound/unbound_manager.sh vpn=disable &
logger -st "($(basename "$0"))" $$ Ending Script Execution
}
Poll_Tun11() {
Delete_Rules
sleep 5
timer=5
while [ $timer -lt 300 ]; do
Check_Tun11_Con
if [ "$?" -eq 0 ]; then
Unbound_vc1
logger -st "($(basename "$0"))" $$ Ending Script Execution
exit 0
fi
sleep 1
timer++
done
logger -st "($(basename "$0"))" $$ Script Execution Timeout
exit 3
}
if [ -z "$1" ]; then
logger -st "($(basename "$0"))" $$ Script Arg Missing
exit 1
else
logger -st "($(basename "$0"))" $$ Starting Script Execution
wan0_dns0="$( (nvram get wan0_dns) | awk '{print $1}' )"
wan0_dns1="$( (nvram get wan0_dns) | awk '{print $2}' )"
if [ "$wan0_dns1" = "" ]; then
wan0_dns1 = $wan0_dns0
elif [ "$wan0_dns0" = "" ]; then
wan0_dns0 = $wan0_dns1
if [ "$wan0_dns1" = "" ]; then
logger -st "($(basename "$0"))" $$ wan0_dns is NULL
exit 2
fi
else
case "$1" in
start)
Poll_Tun11
exit 0;;
stop)
Unbound_vpnDisable
exit -1;;
*)
logger -st "($(basename "$0"))" $$ Script Arg Invalid
exit 1;;
esac
fi
fi
@Kingp1n if you want to update yours you can just Update the script you have with the new code in this post. No major changes though so you don’t need to mess with it unless you want to. To update just replace everything in the main file with the updated code and
then in the route-up file add the word “start” in between the script name and the ampersand. So the line would look something like this.
“/xx/xx/scriptName.sh start &”
you can keep route-pre-down the same or you can replace all the lines I had you add with one line. Instead of having the 6 iptables rule lines and the unbound vpn=disable line you can just put
“/xx/xx/scriptName.sh stop &”