OpenVPN Client + PBR + Exclude domains

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
poudenes
DD-WRT Novice


Joined: 22 Jan 2019
Posts: 4

PostPosted: Tue Jan 22, 2019 8:04    Post subject: OpenVPN Client + PBR + Exclude domains Reply with quote
Hi All,

First of all. Great firmware!! I love it so much on my Linksys WRT3200acm.
Everything work great. My setup now is:

Linksys WRT3200acm with DD-WRT v3.0-r37305
OpenVPN Client configured with VPNUnlimited
Add IP Numbers in PBR to route through the VPN

My startup script I use for the "missing routings" now:
(grab it from a forum post here Wink )

Code:
#!/bin/sh
export DEBUG= # uncomment/comment to enable/disable debug mode
# ---------------------------------------------------------------------------- #
# ddwrt-ovpn-table-10-fix.sh: v2.0.0, 28 February 2017, by eibgrad
# bug report: http://svn.dd-wrt.com/ticket/5690
# install this script in the dd-wrt startup script
# ---------------------------------------------------------------------------- #

SCRIPT_DIR="/tmp"
SCRIPT="$SCRIPT_DIR/ddwrt-ovpn-table-10-fix.sh"
mkdir -p $SCRIPT_DIR

cat << "EOF" > $SCRIPT
#!/bin/sh
(
[ "${DEBUG+x}" ] && set -x

MAX_PASS=0 # max number of passes through routing tables (0=infinite)
SLEEP=60 # time (in secs) between each pass

# ---------------------- DO NOT CHANGE BELOW THIS LINE ----------------------- #

TID="10"
ROUTES="/tmp/tmp.$$.routes"

# initialize this run
pass_count=0

while :; do
    # initialize this pass
    pass_count=$((pass_count + 1))
    table_changed=false

    # wait for creation of OpenVPN client alternate routing table
    while [ ! "$(ip route show table $TID)" ]; do sleep 10; done; sleep 3

    echo "$(ip route show | \
        grep -Ev '^default|^0.0.0.0/1|^128.0.0.0/1')" > $ROUTES

    # add routes to pbr found in main routing table
    while read route; do
        if ! ip route show table $TID | grep -q "$route"; then
            ip route add $route table $TID && table_changed=true
        fi
    done < $ROUTES

    echo "$(ip route show table $TID | grep -Ev '^default')" > $ROUTES

    # remove routes from pbr not found in main routing table
    while read route; do
        if ! ip route show | grep -q "$route"; then
            ip route del $route table $TID && table_changed=true
        fi
    done < $ROUTES

    # force routing system to recognize our changes
    [[ $table_changed == true ]] && ip route flush cache

    # quit if we've reached any execution limits
    [ $MAX_PASS -gt 0 ] && [ $pass_count -ge $MAX_PASS ] && break

    # put it bed for a while
    [ $SLEEP -gt 0 ] && sleep $SLEEP
done

# cleanup
rm -f $ROUTES

echo "done"
exit 0

) 2>&1 | logger -t $(basename $0)[$$]
EOF

chmod +x $SCRIPT
nohup $SCRIPT > /dev/null 2>&1 &


But..... now the question:

I want route all my devices through the VPN but want exclude some Devices OR domains.

Idea of this all:

Apple TV watch IPTV (must using VPN)
Apple TV Netflix (not using VPN, so exclude domains)
Domoticz Home Automation system (not using VPN, so exclude IP number)

Can someone help me with this?[/code]
Sponsor
poudenes
DD-WRT Novice


Joined: 22 Jan 2019
Posts: 4

PostPosted: Thu Jan 24, 2019 7:47    Post subject: Reply with quote
Sad Nobody .....
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Jan 24, 2019 9:24    Post subject: Reply with quote
you can either use PBR which is routing by source or route by destination via the route command of the VPN (place in additional config of VPN) i.e.:
route 208.64.38.55 255.255.255.255 vpn_gateway #whatsmyip.org
route 95.85.16.212 255.255.255.255 net_gateway # ipleak.net
route 23.239.16.110 255.255.255.255 vpn_gateway #dnsleaktest.com
route 212.58.0.0 255.255.0.0 vpn_gateway #BBC
route amazon.com 255.255.255.255 net_gateway

Buth you can no use both. This is a limitation of DDWRT.

It is possible with a script from @Eibgrad, but if you want to route by URL you also need Entware to load Ipset.

I have it running, can not give more details as I am trying to type with onle a left finger had a bit of a mishap

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Dr_K
DD-WRT User


Joined: 23 Mar 2018
Posts: 445

PostPosted: Thu Jan 24, 2019 13:54    Post subject: Reply with quote
egc wrote:
can not give more details as I am trying to type with onle a left finger had a bit of a mishap

Holy crap!!! I myself...and I'm sure others hope you are OK & your "mishap" is recoverable?

I/we value & learn from your detailed input on most the topics you post...

Best Regards & Good Luck

_________________
Location 1
R7800- DD-WRT v3.0-r53562 (10/03/23) Gateway
WNDR3400v1 DD-WRT v3.0-r35531_mega-nv64k (03/26/18 ) Access Point
WRT160Nv3 DD-WRT ?v3?.0-r35531 mini (03/26/18 ) Access Point
WRT54GSv5 DD-WRT v24-r33555_micro_generic (10/20/17) Repeater
Location 2
R7800- DD-WRT v3.0-r51855 (02/25/23) Gateway
R6300v2- DD-WRT v3.0-r50671 (10-26-22) Access Point
WNDR3700v2 DD-WRT v3.0-r35531 std (03/26/18 ) Access Point
E1200 v2 DD-WRT v3.0-r35531 mega-nv64k (03/26/18 ) Gateway(for trivial reasons)
RBWAPG-5HACT2HND-BE RouterOS-v6.46.4 (2/21/20) Outdoor Access Point
2x RBSXTG-5HPACD RouterOS-v6.46.4 (2/21/20) PTP Bridge 866.6Mbps-1GbpsLAN
Location 3
2x R7000- DD-WRT v3.0-r50671 (10/26/22) Access Points
2x RBWAPG-60AD RouterOS-v6.45.9 (04/30/20) PTP Bridge 2.3Gbps-1GbpsLAN
2x RBSXTsqG-5acD RouterOS-v6.49.7 (10/14/22) PTP Bridge 866.6Mbps-1GbpsLAN

Thank You BrainSlayer for ALL that you do & have done, also to "most" everyone here that shares their knowledge
portsup
DD-WRT User


Joined: 20 Oct 2018
Posts: 210

PostPosted: Fri Jan 25, 2019 3:44    Post subject: Reply with quote
I think if you do a search you will find routing based on destination discussed before. Linux can route by either source or destination.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Fri Jan 25, 2019 8:44    Post subject: Reply with quote
Dr_K wrote:
egc wrote:
can not give more details as I am trying to type with onle a left finger had a bit of a mishap

Holy crap!!! I myself...and I'm sure others hope you are OK & your "mishap" is recoverable?

I/we value & learn from your detailed input on most the topics you post...

Best Regards & Good Luck


thanks for your kind words.
had an accident with the mountainbike Sad
but will recover completely Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
poudenes
DD-WRT Novice


Joined: 22 Jan 2019
Posts: 4

PostPosted: Mon Jan 28, 2019 0:40    Post subject: Reply with quote
Thanks and good luck... When your hand is better maybe you can explain the full way how you did it?
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum