Author
Message
poudenes DD-WRT Novice Joined: 22 Jan 2019 Posts: 4
Posted: Tue Jan 22, 2019 8:04 Post subject: OpenVPN Client + PBR + Exclude domains
Hi All,
First of all. Great firmware!! I love it so much on my Linksys WRT3200acm.
Everything work great. My setup now is:
Linksys WRT3200acm with DD-WRT v3.0-r37305
OpenVPN Client configured with VPNUnlimited
Add IP Numbers in PBR to route through the VPN
My startup script I use for the "missing routings" now:
(grab it from a forum post here )
Code: #!/bin/sh
export DEBUG= # uncomment/comment to enable/disable debug mode
# ---------------------------------------------------------------------------- #
# ddwrt-ovpn-table-10-fix.sh: v2.0.0, 28 February 2017, by eibgrad
# bug report: http://svn.dd-wrt.com/ticket/5690
# install this script in the dd-wrt startup script
# ---------------------------------------------------------------------------- #
SCRIPT_DIR="/tmp"
SCRIPT="$SCRIPT_DIR/ddwrt-ovpn-table-10-fix.sh"
mkdir -p $SCRIPT_DIR
cat << "EOF" > $SCRIPT
#!/bin/sh
(
[ "${DEBUG+x}" ] && set -x
MAX_PASS=0 # max number of passes through routing tables (0=infinite)
SLEEP=60 # time (in secs) between each pass
# ---------------------- DO NOT CHANGE BELOW THIS LINE ----------------------- #
TID="10"
ROUTES="/tmp/tmp.$$.routes"
# initialize this run
pass_count=0
while :; do
# initialize this pass
pass_count=$((pass_count + 1))
table_changed=false
# wait for creation of OpenVPN client alternate routing table
while [ ! "$(ip route show table $TID)" ]; do sleep 10; done; sleep 3
echo "$(ip route show | \
grep -Ev '^default|^0.0.0.0/1|^128.0.0.0/1')" > $ROUTES
# add routes to pbr found in main routing table
while read route; do
if ! ip route show table $TID | grep -q "$route"; then
ip route add $route table $TID && table_changed=true
fi
done < $ROUTES
echo "$(ip route show table $TID | grep -Ev '^default')" > $ROUTES
# remove routes from pbr not found in main routing table
while read route; do
if ! ip route show | grep -q "$route"; then
ip route del $route table $TID && table_changed=true
fi
done < $ROUTES
# force routing system to recognize our changes
[[ $table_changed == true ]] && ip route flush cache
# quit if we've reached any execution limits
[ $MAX_PASS -gt 0 ] && [ $pass_count -ge $MAX_PASS ] && break
# put it bed for a while
[ $SLEEP -gt 0 ] && sleep $SLEEP
done
# cleanup
rm -f $ROUTES
echo "done"
exit 0
) 2>&1 | logger -t $(basename $0)[$$]
EOF
chmod +x $SCRIPT
nohup $SCRIPT > /dev/null 2>&1 &
But..... now the question:
I want route all my devices through the VPN but want exclude some Devices OR domains.
Idea of this all:
Apple TV watch IPTV (must using VPN)
Apple TV Netflix (not using VPN, so exclude domains)
Domoticz Home Automation system (not using VPN, so exclude IP number)
Can someone help me with this?[/code]
Back to top
Sponsor
poudenes DD-WRT Novice Joined: 22 Jan 2019 Posts: 4
Posted: Thu Jan 24, 2019 7:47 Post subject:
Nobody .....
Back to top
egc DD-WRT Guru Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Thu Jan 24, 2019 9:24 Post subject:
you can either use PBR which is routing by source or route by destination via the route command of the VPN (place in additional config of VPN) i.e.:
route 208.64.38.55 255.255.255.255 vpn_gateway #whatsmyip.org
route 95.85.16.212 255.255.255.255 net_gateway # ipleak.net
route 23.239.16.110 255.255.255.255 vpn_gateway #dnsleaktest.com
route 212.58.0.0 255.255.0.0 vpn_gateway #BBC
route amazon.com 255.255.255.255 net_gateway
Buth you can no use both. This is a limitation of DDWRT.
It is possible with a script from @Eibgrad, but if you want to route by URL you also need Entware to load Ipset.
I have it running, can not give more details as I am trying to type with onle a left finger had a bit of a mishap _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read): https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top
Dr_K DD-WRT User Joined: 23 Mar 2018 Posts: 445
Posted: Thu Jan 24, 2019 13:54 Post subject:
egc wrote: can not give more details as I am trying to type with onle a left finger had a bit of a mishap
Holy crap!!! I myself...and I'm sure others hope you are OK & your "mishap" is recoverable?
I/we value & learn from your detailed input on most the topics you post...
Best Regards & Good Luck _________________Location 1
R7800- DD-WRT v3.0-r53562 (10/03/23) Gateway
WNDR3400v1 DD-WRT v3.0-r35531_mega-nv64k (03/26/18 ) Access Point
WRT160Nv3 DD-WRT ?v3?.0-r35531 mini (03/26/18 ) Access Point
WRT54GSv5 DD-WRT v24-r33555_micro_generic (10/20/17) Repeater
Location 2
R7800- DD-WRT v3.0-r51855 (02/25/23) Gateway
R6300v2- DD-WRT v3.0-r50671 (10-26-22) Access Point
WNDR3700v2 DD-WRT v3.0-r35531 std (03/26/18 ) Access Point
E1200 v2 DD-WRT v3.0-r35531 mega-nv64k (03/26/18 ) Gateway(for trivial reasons)
RBWAPG-5HACT2HND-BE RouterOS-v6.46.4 (2/21/20) Outdoor Access Point
2x RBSXTG-5HPACD RouterOS-v6.46.4 (2/21/20) PTP Bridge 866.6Mbps-1GbpsLAN
Location 3
2x R7000- DD-WRT v3.0-r50671 (10/26/22) Access Points
2x RBWAPG-60AD RouterOS-v6.45.9 (04/30/20) PTP Bridge 2.3Gbps-1GbpsLAN
2x RBSXTsqG-5acD RouterOS-v6.49.7 (10/14/22) PTP Bridge 866.6Mbps-1GbpsLAN
Thank You BrainSlayer for ALL that you do & have done, also to "most" everyone here that shares their knowledge
Back to top
portsup DD-WRT User Joined: 20 Oct 2018 Posts: 210
Posted: Fri Jan 25, 2019 3:44 Post subject:
I think if you do a search you will find routing based on destination discussed before. Linux can route by either source or destination.
Back to top
egc DD-WRT Guru Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Fri Jan 25, 2019 8:44 Post subject:
Dr_K wrote: egc wrote: can not give more details as I am trying to type with onle a left finger had a bit of a mishap
Holy crap!!! I myself...and I'm sure others hope you are OK & your "mishap" is recoverable?
I/we value & learn from your detailed input on most the topics you post...
Best Regards & Good Luck
thanks for your kind words.
had an accident with the mountainbike
but will recover completely _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read): https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top
poudenes DD-WRT Novice Joined: 22 Jan 2019 Posts: 4
Posted: Mon Jan 28, 2019 0:40 Post subject:
Thanks and good luck... When your hand is better maybe you can explain the full way how you did it?
Back to top