Joined: 15 Aug 2016 Posts: 223 Location: Melbourne, Australia
Posted: Sun Aug 21, 2022 21:59 Post subject: [RESOLVED, kinda] VPN Routing Policies - Destination Routing
Hi Gurus,
I have been searching for information relating to this section of DD-WRT but could not find any in my search so far, except info on Policy Based Routing (which is under Services/VPN Tab).
Just wondering if someone could shed any light on it. It appears to me to be Split Tunneling which i am interested in learning more about it.
Thank you in advance. Cheers. _________________ Life is a journey; travel alone makes it less enjoyable and lonely.
Last edited by DWCruiser on Sun Aug 28, 2022 22:23; edited 1 time in total
I setup & had both OpenVPN Server & Client working on my home network for several years before being made aware of your very extensive guide. So i kinda stopped reading about VPN unless when needed.
And when i read your guide, i realised that it has more options than i am aware of and using in my settings. My excuse is that IT is too HUGE to be on top of everything. Besides, one needs time out to smell the roses, so to speak.
Back to my issue. I want to be able to exclude certain destination IPs from VPN such as Australia's local TV podcast programs so i can still access them without hopping off my PC's VPN connection. Your guide has a section called 'Destination Based'. I used your template for mine below but it does not seem to resolve the issue at this stage.
route abc.net.au 255.255.255.255 net_gateway
I must miss something like adding a net-gateway somewhere.
Thank you. _________________ Life is a journey; travel alone makes it less enjoyable and lonely.
Joined: 18 Mar 2014 Posts: 12815 Location: Netherlands
Posted: Tue Aug 23, 2022 7:15 Post subject:
that is the way to do it, I just added it to my openvpn and you can check if it is working with
ip route show
That showed (among others)
203.2.218.214 via 192.168.0.1 dev vlan2
203.2.218.214 is that specific web address so that is working.
But if you are using it to watch TV you probably need a lot more domains and ip addresses
If all the addresses are in the same subnets you can try with
route 203.2.0.0 255.255.0.0 net_gateway
then you have a whole lot more IP addresses, again check with ip route show
But you probably have to hunt down all the IP addresses, in the guide is that described for netflix etc so I think the same applies to your situation.
WireGuard will get an update later this year, you can then use ipset to automatically add the used IP addresses, if it works it will get ported to OpenVPN but that will not be anytime soon.
Joined: 15 Aug 2016 Posts: 223 Location: Melbourne, Australia
Posted: Wed Aug 24, 2022 21:48 Post subject:
egc wrote:
that is the way to do it, I just added it to my openvpn and you can check if it is working with
ip route show
That showed (among others)
203.2.218.214 via 192.168.0.1 dev vlan2
203.2.218.214 is that specific web address so that is working.
ip route show results from my router's setting of 'route abc.net.au 255.255.255.0 net_gateway' resolves to '102.129.145.110'. Not 203.2.218.214 which is the correct one of abc.net.au.
102.129.145.110 via 124.188.191.254 dev vlan2
A search using 'whois.com' reveals the info below the line. Should I be concerned, or worry? It does not seem normal to me.
I'd like to reply to the remaining points of your last email later.
Thanks egc.
____________________________________________
Whois IP 102.129.145.110 <<<<<<<<<<<<<<<<<<<
% This is the AfriNIC Whois server.
% The AFRINIC whois database is subject to the following terms of Use. See https://afrinic.net/whois/terms
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '102.129.128.0 - 102.129.255.255'
% Abuse contact for '102.129.128.0 - 102.129.255.255' is 'email@ipxo.com'
person: Almantas Valiunas
address: Ground Floor, 4 Victoria Square, St Albans, Hertfordshire
address: London
address: United Kingdom
phone: tel:+370-699-08833
nic-hdl: AV23-AFRINIC
source: AFRINIC # Filtered
mnt-by: GENERATED-SYYI8AKZS3KPEE6JBDOA4GYNGLZFGPLX-MNT
person: Deividas Vansevicius
address: Ground Floor, 4 Victoria Square, St Albans, Hertfordshire
address: London
address: United Kingdom
phone: tel:+370-699-08833
nic-hdl: DV12-AFRINIC
source: AFRINIC # Filtered
mnt-by: GENERATED-MVVTKZ2KIMVMDDDEL3KR3LDJ1BICKBKK-MNT
person: Eligijus Norvaisas
address: Ground Floor, 4 Victoria Square, St Albans, Hertfordshire
address: London
address: United Kingdom
phone: tel:+44-37069908833
nic-hdl: EN44-AFRINIC
source: AFRINIC # Filtered
mnt-by: GENERATED-8ZHUODIYWTWZOQCJIT1Q0AYYLKH9RI5R-MNT
person: Edvinas Rackauskas
address: Ground Floor, 4 Victoria Square, St Albans, Hertfordshire
address: London
address: United Kingdom
phone: tel:+44-330-808-0975
nic-hdl: ER12-AFRINIC
abuse-mailbox: email@ipxo.com
mnt-by: IPXO-MNT
source: AFRINIC # Filtered
person: Ieva Balseviciene
address: Ground Floor, 4 Victoria Square, St Albans, Hertfordshire
address: London
address: United Kingdom
phone: tel:+44-37069908833
nic-hdl: IB13-AFRINIC
source: AFRINIC # Filtered
mnt-by: GENERATED-MB2CTZPS0W7MOVF7ODSD0DIHNN6NHWNR-MNT
person: Paulius Peciulis
address: Ground Floor, 4 Victoria Square,
address: St Albans, Hertfordshire
address: London
address: United Kingdom
phone: tel:+370-699-08833
nic-hdl: PP22-AFRINIC
source: AFRINIC # Filtered
mnt-by: GENERATED-0TIDBMX7DNNR78JI7HQTMCEP9DQS1UHY-MNT
person: Paulius Zaura
address: Ground Floor, 4 Victoria Square, St Albans, address: Hertfordshire
address: London
address: United Kingdom
phone: tel:+370-699-08833
nic-hdl: PZ8-AFRINIC
source: AFRINIC # Filtered
mnt-by: GENERATED-PYEUHBXKJ43AUEHY1FEFVRTC0W65OTPE-MNT
person: Rytis Zitkauskas
address: Ground Floor, 4 Victoria Square,
address: St Albans, Hertfordshire
address: London
address: United Kingdom
phone: tel:+370-699-08833
nic-hdl: RZ4-AFRINIC
source: AFRINIC # Filtered
mnt-by: GENERATED-LHAFUB2FYZRMJURQBSYJHHBD1SX5T5M1-MNT
person: Vincentas Grinius
nic-hdl: VG4-AFRINIC
address: 300 Acacia Road
address: Darrenwood
address: Randburg
address: Gauteng 2194
address: South Africa
address: Randburg
address: Other
phone: tel:+27-10-595-1279
mnt-by: GENERATED-0VF6M4D0SVWX4R0UFVSLCXTP2HDJ0Q2A-MNT
source: AFRINIC # Filtered
person: Vladislav Novickas
address: Ground Floor, 4 Victoria Square, St Albans, address: Hertfordshire
address: London
address: United Kingdom
phone: tel:+370-699-08833
nic-hdl: VN16-AFRINIC
source: AFRINIC # Filtered
mnt-by: GENERATED-MPRAZQV8EAGVRWU0EBQQ1R9VUBQNB2ZI-MNT
% Information related to '102.129.145.0/24AS174'
route: 102.129.145.0/24
origin: AS174
descr: AS174
mnt-by: DAL1-MNT
source: AFRINIC # Filtered _________________ Life is a journey; travel alone makes it less enjoyable and lonely.
Joined: 15 Aug 2016 Posts: 223 Location: Melbourne, Australia
Posted: Sun Aug 28, 2022 22:21 Post subject:
A follow-up.
1.
Firstly, the detailed long list in my last post was the inquiry result of 102.129.145.110 on WHOIS.com.
It relates to the following script in my startup:
____________________________________
#!/bin/sh
logger WAN up script executing
if test -s /tmp/hosts0
then
rm /tmp/hosts0
fi
After removing it, the long list of IP addresses earlier disappears. Since i don't feel comfortable with it, i deleted the script. That was that. (I can't remember where i got it from so please don't ask).
2.
Following my online search during the last few days, i found out that PIA's OpenVPN app has a neat 'Split Tunneling' feature. It's based on the application used.
So when using Microsoft Edge, my requests appear to all websites as from where i live, i.e. Australia; whereas FireFox allows my requests to be somewhere else at the end on my VPN tunnel, without hopping on/off like i used to do.
On the other hand, for devices such as Roku and smart TV, i simply have them set up permanently in DDWRT's OpenVPN PBR settings since these dummy devices do not need to be in two places at the same time.
It is a neat solution for me. Split Tunneling based on destination is still a long way off as i can see.
End note: I prefer not to have an unresolved issue that becomes a waste space, and an inconvenient distraction for others, in a public forum. So this is to close the issue that was raised.
Thank you. _________________ Life is a journey; travel alone makes it less enjoyable and lonely.