Simple script for Policy Based OpenVPN Routing [WORKING]

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Forum Index -> Advanced Networking
Goto page Previous  1, 2, 3, 4, 5, 6
Author Message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 5924
Location: Netherlands

PostPosted: Thu Jan 30, 2020 15:45    Post subject: Reply with quote
I think that is a DNS problem try with the ip address so external-ip:123

If it is a DNS problem I think the trick was to set the address in DNSMasq additional options something like:
address=/xyz.duckdns.org/ip-address of duckdns

I am not a DNSMasq expert so I might be wrong or there might be a better solution.

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Sponsor
c0l0c0d0s
DD-WRT Novice


Joined: 10 Mar 2019
Posts: 28

PostPosted: Thu Jan 30, 2020 18:19    Post subject: Reply with quote
egc wrote:
I think that is a DNS problem try with the ip address so external-ip:123

If it is a DNS problem I think the trick was to set the address in DNSMasq additional options something like:
address=/xyz.duckdns.org/ip-address of duckdns

I am not a DNSMasq expert so I might be wrong or there might be a better solution.


Thanks for the reply, been looking in to that, hard to find a specific mention but will get there or post in another section.

I am not convinced it is a DNS problem, although I felt it was as I stated I can from any machine hit the routers open ports helloworld.duckdns.org:5060 just fine, any port I add in the firewall directed to the "router" resolves as open when testing from any PC in the LAN, but it doesn't for any other PC/IoT device directed to in the firewall.

Which made me think it must be firewall related.

If it was DNS, then surely using helloworld.duckdns.org:5060 would resolve either as how would the machine get the information of what the helloworld.duckdns.org bit equals?

Thanks for you help though, I will post elsewhere now. Laughing Very Happy Very Happy Very Happy
Cassos
DD-WRT Novice


Joined: 09 Feb 2020
Posts: 2

PostPosted: Thu Feb 13, 2020 17:21    Post subject: Reply with quote
Hello,
thanks for this script Smile. I am a total novice here and it is a steep learning curve so far.
So I would like to filter the VPN access using URL. VPN is my alternate route, I want Famous_Player to use the VPN (because Famous_Player can not be accessed outside its island..Laughing)

As I am using DD-WRT r40559, I understand that I need to add in the openVPN config section this 2 lines:

Code:
pull-filter ignore redirect-gateway
route Famous_Player 255.255.255.255 vpn_gateway


now the website might have multiple IP behind the Famous_Player URL. I have seen this info in previous pages:


egc wrote:


It is not certain it will work as intended, as only the first ip address of netflix is used and large corporations often use a range/block of ip addresses.
You can google for this block of IP addresses and then use something like:
Code:
route 52.30.0.0 255.255.0.0 net_gateway
to route a whole block of IP addresses over the WAN



But I do not understand how it can route a whole block of IP here. Could you explain ? I just see one IP being routed which is 52.30.0.0

Also why using 255.255.0.0 while for the URL we use 255.255.255.255 ? (I feel that it is linked to my first question Wink)

Thanks for your help !

NB: I am using FireTV to watch Famous_Player. I have routed the FireTV to the VPN. but somehow Famous_Player seems to work once then see that I am using a VPN (expressVPN) and then stop to work Sad hence I want to see if it could work by routing the URL/IP of the Famous_Player directly.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 5924
Location: Netherlands

PostPosted: Fri Feb 14, 2020 11:04    Post subject: Reply with quote
I am on holiday so no advancrd lecture about the inner workings of openvpn and dnsmasq, but that is how it works.

If you really need large arrays of ip addresses by url/domain you should research ipset

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Goto page Previous  1, 2, 3, 4, 5, 6 Display posts from previous:    Page 6 of 6
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum