Doesn't work with TUN. It's not connected to ibVPN
Not connected to ibVPN as well if I add the ip-range into PBR setting.
Fyi, I use firmware BS version v3.0-r39827 std (05/20/19)
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Sat Jun 08, 2019 7:32 Post subject:
punktde wrote:
@egc
Doesn't work with TUN. It's not connected to ibVPN
Not connected to ibVPN as well if I add the ip-range into PBR setting.
Fyi, I use firmware BS version v3.0-r39827 std (05/20/19)
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Sat Jun 08, 2019 8:31 Post subject:
bushant wrote:
I have been using simple-pbr-script-by-egc-V5.05
successfully calling for it in startup with
Code:
/jffs/simple-pbr-by-egc-V5.05.sh
The same method does not work for simple-pbr-by-egc-V5.06. I have made the script executable.
No clients are using the vpn.
If I save the script (V5.06) as startup it seems to work fine.
I have jffs mounted to external storage and am calling other
services from there in the same manner and all working.
Any thoughts as to why this is?
Also what is the best method to stop and restart the script
for the purpose of making changes when stored in /jffs without rebooting?
Hmm interesting, the differenc between 5.05 and 5.0 is minimal, I removed unecessary quotes around:
Code:
VPN_GW_OLD="$VPN_GW"
So I can not imagine that this has anything to do with it.
One thing I can think off, you probably have changed the file to incorporate your own IP addresses and if you use a windows editor you might have introduced windows style line endings <cr>
A linux script will not run with that
If you place it in Administration/Commands than that will not matter.
In the Thread are troubleshooting instructions please have a look at that.
Furthermore if you want to run the script from permanent storage you only need the inner script, I will send you this later this weekend when I have time.
You can kill a process by name or PID, to kill buy name looup the name by telnetting into your router and do : ps
kill the process with: killall name_of_process
If it does not work then kill by PID
I will look into it, curious to find out what is going on.
EGC,
First of all thank you for your scripts & threads on OpenVPN configs, much appreciated!!
I've been going btwn you & Eibgrad threads researching on best way to configure remote
access. I have recently swapped out my AP w/ a WRT32X so I could implement a VPN(Keep Solid VPN).
It is working, no issues. But I am needing remote access for my CCTV & Directv DVRs. I
attempted to add your simple pbr script(v5) but could not access either. All I did to
the script was add the following:
# --------------- BEGIN RULES ---------#
add_rule from 192.168.1.4 #CCC DVR
add_rule from 192.168.1.24 #Directv
# --------------- END RULES -----------#
Now, am I incorrect in thinking I need to use my ISP(WAN) IP to access these devices or do
I need to use my VPN public IP?
Secondly, Do I need to add a route in the script for the VPN public IP or my ISP(WAN)
public IP? Or any other settings for that matter?
Lastly, this may only be partially related to running VPN on DD-WRT. I'm getting intermittent drops as
I'm working from home. I am directly connected to my router but have to connect to
my work VPN for various company applications etc. So if I can get the pbr script working
I would add my PC IP so that Im not running a tunnel w/in a tunnel so to speak.
Any direction would be appreciated & apologies if this noted already. _________________ Routers/Switches:
-----------------
WRT32X AP -v3.0-r40065 std (06/20/19)
Wired Bridges:
-----------------
WRT310Nv2 - v24-sp2 std-nokaid-small
E2500 - v24-sp2 (03/25/13) big
Switch:
-------
Netgear Prosafe 24-Port Switch
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Wed Jul 03, 2019 19:07 Post subject:
If you want to access clients on your own LAN from the internet you normally do that via your WAN.
(it is possible to do it via the VPN but not all VPN providers can do port forwarding or it is difficult to do so)
If you have a VPN client running then that will not work.
Have a look at the first post of this thread and the reference to the post from @eibgrad, he describes the problem (connection coming in from the WAN and going out via the VPN which does not work) and possible solutions.
One of the solutions is using PBR.
If you decide to do so and use my script, be sure to add: pull-filter ignore "redirect-gateway" to the additional config of the VPN client.
All addresses you add to script will use the VPN and these addresses can not be reached through the WAN.
So you can add all addresses to the VPN but not the ones you want to reach via the WAN.
It is possible to route by port but for that you need the sophisticated scripts from @eibgrad
If you want to access clients on your own LAN from the internet you normally do that via your WAN.
(it is possible to do it via the VPN but not all VPN providers can do port forwarding or it is difficult to do so)
If you have a VPN client running then that will not work.
Have a look at the first post of this thread and the reference to the post from @eibgrad, he describes the problem (connection coming in from the WAN and going out via the VPN which does not work) and possible solutions.
One of the solutions is using PBR.
If you decide to do so and use my script, be sure to add: pull-filter ignore "redirect-gateway" to the additional config of the VPN client.
All addresses you add to script will use the VPN and these addresses can not be reached through the WAN.
So you can add all addresses to the VPN but not the ones you want to reach via the WAN.
It is possible to route by port but for that you need the sophisticated scripts from @eibgrad
Hope this will clear things up a bit.
Otherwise you can always ask for assistances
Thank you for responding. I have read/re-read the original post & continue to keep it referenced as not to overlook anything, so like I said, sincere apologies if I'm not understanding it completely.
So I am thinking that I am getting confused on using PBR & your script.
With that being said, I would like to keep this as simple as possible. Sooo, if I am just wanting to be able to remotely access 2 devices(directv & CCTV dvrs) & my AP from the internet can I just use your script & no PBR?
If so, are these the steps to do so?
1) add - > pull-filter ignore "redirect-gateway" in the additional config of the OVPN client.
2) I need to add the following to your script:
# --------------- BEGIN RULES ---------#
add_rule from 192.168.1.4 #CCTV DVR
add_rule from 192.168.1.24 #Directv DVR
# --------------- END RULES -----------#
3) Additional command/config for GUI access to my AP?
Thanks in advance for helping a noob! _________________ Routers/Switches:
-----------------
WRT32X AP -v3.0-r40065 std (06/20/19)
Wired Bridges:
-----------------
WRT310Nv2 - v24-sp2 std-nokaid-small
E2500 - v24-sp2 (03/25/13) big
Switch:
-------
Netgear Prosafe 24-Port Switch
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Thu Jul 04, 2019 7:18 Post subject:
First get WAN access for your CCTV and DVR without the VPN, you can simply disable the VPN, the settings are retained.
You need to set a port forwrd to your CCTV and DVR.
(Alternatively you can setup a VPN server on the router, which is the safer/preferred method)
Now enable the VPN client and reboot your router.
Check that the VPN is working.
You will not have WAN access now, because the router itself is also on the VPN.
One way to deal with it is PBR.
You can use the built in PBR or my implementation.
When using the built in PBR enter the IP addresses you want to use the VPN in the Policy based Routing field of the VPN client.
Use CIDR notation, i.e. for one client use 192.168.1.88/32
You can not enter the addresses of the CCTV and/or the DVR in the PBR field.
Wen using mine you do the following:
Quote:
1) add - > pull-filter ignore "redirect-gateway" in the additional config of the OVPN client.
That is correct
Quote:
2) I need to add the following to your script:
# --------------- BEGIN RULES ---------#
add_rule from 192.168.1.4 #CCTV DVR
add_rule from 192.168.1.24 #Directv DVR
# --------------- END RULES -----------#
Not correct, you can add any client you want to route via the VPN but NOT the clients you want to reach via the WAN, so anything BUT the CCTV and DVR
Make sure there is not anything in the VPN clients PBR field.
When done save/apply and reboot your router
There is a troubleshooting section to use if it is not working
Thanks again EGC, thats exactly what I was needing clarified. I was adding my devices needing remote access, not omitting them. I do have remote access w/out the VPN enabled. I will get my VPN client enabled, update the script & retest. I would like to set up VPN server on the router but have some more research/reading before I attempt that change. Really appreciate you patience & assistance! _________________ Routers/Switches:
-----------------
WRT32X AP -v3.0-r40065 std (06/20/19)
Wired Bridges:
-----------------
WRT310Nv2 - v24-sp2 std-nokaid-small
E2500 - v24-sp2 (03/25/13) big
Switch:
-------
Netgear Prosafe 24-Port Switch
Hey!
I am new to this and only use guides when I have to do something. There are many different terms to learn. I don't want netflix.com to use VPN, how do I make it work.
I have DD wrt latest, on my R7000 router. Using PBR for my PC and a simple killswitch, iptables -I FORWARD -s xxx.xxx.x.xxx -o $ (nvram get wan_iface) -j REJECT.
Hey!
I am new to this and only use guides when I have to do something. There are many different terms to learn. I don't want netflix.com to use VPN, how do I make it work.
I have DD wrt latest, on my R7000 router. Using PBR for my PC and a simple killswitch, iptables -I FORWARD -s xxx.xxx.x.xxx -o $ (nvram get wan_iface) -j REJECT.