VPN route to Cable Modem

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
scampganter
DD-WRT Novice


Joined: 10 Aug 2015
Posts: 32
Location: Nashville, TN

PostPosted: Wed Jul 04, 2018 3:01    Post subject: VPN route to Cable Modem Reply with quote
I am new VPN user with PIA, and use DD-WRT with OpenVPN to connect as a client. Normally when I have the VPN disconnected, I can check the Web UI of my cable modem via 192.168.100.1. (Arris SB6141)

Since the cable modem is on a different subnet, the UI is not accessible when the VPN is activated. (Right now by accessing the the cable modem UI via iPhone, this is an indicator of mine to let me know if the VPN is on or off)

However I would like to create a route to 192.168.100.x so that I can access the cable modem UI when VPN is also activated.

The local LAN address to my DD-WRT router is 192.168.1.1 and using PBR rules on r36070M kongac (05/31/1Cool.

What is the correct Startup Command or DD-WRT GUI feature to create this route?

TIA!
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Wed Jul 04, 2018 10:06    Post subject: Reply with quote
The problem with PBR is that local routes are not copied to the alternate/(PBR) routing table.

@Eibgrad has made a script to solve this see:
https://svn.dd-wrt.com//ticket/5690

If it is not clear feel free to ask for setup questions.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
scampganter
DD-WRT Novice


Joined: 10 Aug 2015
Posts: 32
Location: Nashville, TN

PostPosted: Wed Jul 04, 2018 16:21    Post subject: Reply with quote
egc wrote:
@Eibgrad has made a script to solve this see:
https://svn.dd-wrt.com//ticket/5690

If it is not clear feel free to ask for setup questions.


I've added the script to my startup, and see that /tmp/ddwrt-ovpn-table-10-fix.sh has been created.. and it's executing in Syslog.

I've read about this script a couple of times, and now see some of nuances of using VPN on DD.

Any reason why I still cannot access the (cable modem) route now that the script is running? My router boots with a VPN-enabled configuration, so do I need to disable VPN first so that it can learn that route?

Pinging 192.168.100.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Wed Jul 04, 2018 16:45    Post subject: Reply with quote
Try the following: create a static route on Setup/Advanced Routing:
Destination 192.168.100.1 mask 255.255.255.255
Gateway 192.168.1.1

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
scampganter
DD-WRT Novice


Joined: 10 Aug 2015
Posts: 32
Location: Nashville, TN

PostPosted: Wed Jul 04, 2018 18:53    Post subject: Reply with quote
I created the static route, and here's my routing table with VPN both deactivated, and activated. Still not able to access the cable modem web interface.. Imaged attached

Syslog shows the correct routes being maintained by @Eibgrad's script.

I'm going to do some more digging...


Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + + grep -Ev '^default|^0.0.0.0/1|^128.0.0.0/1'
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: ip route show
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + echo '10.35.10.5 dev tun1 scope link src 10.35.10.6
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: 71.203.200.0/21 dev vlan2 scope link src 71.203.207.168
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: 127.0.0.0/8 dev lo scope link
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: 169.254.0.0/16 dev br0 scope link src 169.254.255.1
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: 192.168.1.0/24 dev br0 scope link src 192.168.1.1
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: 192.168.100.1 via 192.168.1.1 dev br0 scope link '
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + read route
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + + grep -q '10.35.10.5 dev tun1 scope link src 10.35.10.6'
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: ip route show table 10
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + ip route add 10.35.10.5 dev tun1 scope link src 10.35.10.6 table 10
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + table_changed=true
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + read route
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + ip route show table 10
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + grep -q '71.203.200.0/21 dev vlan2 scope link src 71.203.207.168'
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + ip route add 71.203.200.0/21 dev vlan2 scope link src 71.203.207.168 table 10
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + table_changed=true
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + read route
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + + grep -q '127.0.0.0/8 dev lo scope link'
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: ip route show table 10
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + table_changed=true
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + read route
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + ip route show table 10
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + grep -q '169.254.0.0/16 dev br0 scope link src 169.254.255.1'
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + ip route add 169.254.0.0/16 dev br0 scope link src 169.254.255.1 table 10
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + table_changed=true
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + read route
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + ip route show table 10
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + grep -q '192.168.1.0/24 dev br0 scope link src 192.168.1.1'
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + ip route add 192.168.1.0/24 dev br0 scope link src 192.168.1.1 table 10
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + table_changed=true
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + read route
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + ip route show table 10
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + grep -q '192.168.100.1 via 192.168.1.1 dev br0 scope link'
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + ip route add 192.168.100.1 via 192.168.1.1 dev br0 scope link table 10
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + table_changed=true
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + read route
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + + ip route show table 10
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: grep -Ev ^default
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + echo '10.35.10.5 dev tun1 scope link src 10.35.10.6
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: 71.203.200.0/21 dev vlan2 scope link src 71.203.207.168
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: 127.0.0.0/8 dev lo scope link
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: 169.254.0.0/16 dev br0 scope link src 169.254.255.1
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: 192.168.1.0/24 dev br0 scope link src 192.168.1.1
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: 192.168.100.1 via 192.168.1.1 dev br0 scope link '
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + read route
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + ip route show
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + grep -q '10.35.10.5 dev tun1 scope link src 10.35.10.6'
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + read route
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + ip route show
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + grep -q '71.203.200.0/21 dev vlan2 scope link src 71.203.207.168'
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + read route
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + ip route show
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + grep -q '127.0.0.0/8 dev lo scope link'
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + read route
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + ip route show
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + grep -q '169.254.0.0/16 dev br0 scope link src 169.254.255.1'
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + read route
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + ip route show
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + grep -q '192.168.1.0/24 dev br0 scope link src 192.168.1.1'
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + read route
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + ip route show
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + grep -q '192.168.100.1 via 192.168.1.1 dev br0 scope link'
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + read route
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + '[[' true '==' true ]]
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + ip route flush cache
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + '[' 0 -gt 0 ]
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + '[' 60 -gt 0 ]
Jul 4 13:40:25 ROUTER user.notice ddwrt-ovpn-table-10-fix.sh[1413: + sleep 60
scampganter
DD-WRT Novice


Joined: 10 Aug 2015
Posts: 32
Location: Nashville, TN

PostPosted: Wed Jul 04, 2018 19:53    Post subject: Reply with quote
Excellent, thx for the info and I can guide my way through that. I’ll F/U tomorrow - off to a July 4th party now Smile
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Jul 05, 2018 11:41    Post subject: Reply with quote
@Eibgrad can setting up Advanced Routing, ticking the "Masquerade route (NAT)" and specifying the interface as WAN (instead of LAN&WLAN) work?

Or can the following work?
Code:
ip route add 192.168.100.1/32 dev $(nvram get wan_iface)


(In combination with SNAT to wan interface)

As always your wisdom and patience is much appreciated Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Jul 05, 2018 16:04    Post subject: Reply with quote
Thanks for your explanation, the multihoming is a indeed a great and easy solution
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum