Whilst I do not wish to offend @Swinson, in light of his current ongoing forum absence since June 2021, I have created a generic version of his original script that should allow you to designate any VPN client without the need to edit/hack the script.
You can download/test it from
Unbound-Asuswrt-Merlin/unbound_DNS_via_OVPN.sh at dev · MartineauUK/Unbound-Asuswrt-Merlin
Install and manage unbound (Recursive DNS) on Asus routers - MartineauUK/Unbound-Asuswrt-Merlingithub.com
Clearly your previous statement [the script] 'did not provide a reliable solution' needs to be made clearer... i.e. are you absolutely sure that the DNS Leak test is always 100% accurate?
IMHO,x3mrouting
shouldn't be necessary just for your DNS routing requirement? - see below
If not usingx3mrouting
then you need to implement the RPDB fwmark rules manually...
see '/jffs/scripts/nat-start'
Policy based Port routing (manual method) · RMerl/asuswrt-merlin.ng Wiki · GitHub
to ensure that the RPDB fwmark rules are always available should the firewall be rebuilt whilst the VPN Client is UP.
(x3mrouting
dynamically adds/deletes the RPDB fwmark rules only when the VPN Client is actually started/stopped!)
EDIT:
If you decide to test my generic '/jffs/addons/unbound/unbound_DNS_via_OVPN.sh' script then you should ensure ALL of the 'vpnclientX-route-*' event scripts contain the appropriate call
e.g. VPN Client 5
'/jffs/scripts/vpnclient5-route-up'
andCode:VPN_ID=${dev:4:1} [ -z "$VPN_ID" ] && { SCR=$(basename $0); VPN_ID=${SCR:9:1}; } # Allow manual debugging from commandline if [ -n "$(which unbound-control)" ] && [ -n "$(unbound-control status | grep -E "unbound.*running")" ];then Say "Unbound DNS requests via VPN Client $VPN_ID requested....." /jffs/addons/unbound/unbound_DNS_via_OVPN.sh "$VPN_ID" start & fi
'/jffs/scripts/vpnclient5-route-pre-down'
Code:VPN_ID=${dev:4:1} [ -z "$VPN_ID" ] && { SCR=$(basename $0); VPN_ID=${SCR:9:1}; } # Allow manual debugging from commandline if [ -n "$(which unbound-control)" ] && [ -n "$(unbound-control status | grep -E "unbound.*running")" ];then Say "Unbound DNS requests via VPN Client $VPN_ID terminating....." /jffs/addons/unbound/unbound_DNS_via_OVPN.sh "$VPN_ID" stop fi
Can you help with some very basic questions on this.
I have updated vpnclient5-route-up and vpnclient5-route-pre-down as noted above and created /jffs/addons/unbound/unbound_DNS_via_OVPN.sh and
x3mrouting
was already installed (previously used with setting VPN 5 from unbound_manager advanced).How do I get this to run?
If I run
Code:
/jffs/addons/unbound/unbound_DNS_via_OVPN.sh 5 start
Code:
(unbound_DNS_via_OVPN.sh): 11079 Starting Script Execution 5 start
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
PING 9.9.9.9 (9.9.9.9): 56 data bytes
64 bytes from 9.9.9.9: seq=0 ttl=60 time=17.950 ms
--- 9.9.9.9 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 17.950/17.950/17.950 ms
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
PING 9.9.9.9 (9.9.9.9): 56 data bytes
64 bytes from 9.9.9.9: seq=0 ttl=60 time=653.335 ms
--- 9.9.9.9 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 653.335/653.335/653.335 ms
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.
PING 9.9.9.9 (9.9.9.9): 56 data bytes
Code:
/jffs/addons/unbound/unbound_DNS_via_OVPN.sh 5 stop
1. Does it matter if vpnclient5-route-up and vpnclient5-route-pre-down are in /jffs/scripts or in /jfffs/scripts/x3mrouting?
2. If I want the script to run automatically (at start-up) do I leave it in /jffs/addons/unbound/ or move it to /jffs/scripts or do something else?
3. How can I check to see if the requests are being sent to the VPN provider?