Posted: Thu Nov 18, 2021 8:48 Post subject: [SOLVED] Script to add route after OpenVPN tunnel is up
I have a script file that will find the correct tunnel and add a static route on startup but I was wondering if I need to make the script execute in a certain order: eg. do I need to make the script execute after OpenVPN is up and running? I am assuming the tun1 interface isn't available until after OpenVPN comes up therefore the route add will fail when referencing the tun1 adapter. This is an example of the script I have:
Thank you for information, it is really helpful and I am reading through it. I currently have a Netgear R7000P running DD-WRT v3.0-r45219 std (12/31/20). I think I can upgrade but this has been pretty stable. I notice that I don't see the PBR extra routing tables in this build and I think that it says it started in build 45385. Since I don't see a recommended build, should I just try out builds and see if they are stable for me? I don't mind running a script either to keep this build. I ended up with something like this with .wanup extension in /jffs/etc/config
#!/bin/bash
until interface=$(ip addr | awk -F': ' '{print $2}' | grep tun)
do
sleep 10
done
if ! ip route | grep "123.123.123.123 dev $interface scope link" &>/dev/null; then
route add -host 123.123.123.123 dev $interface
fi
I will need some time to upgrade the build when my family isn't all using the internet
_________________ Router: Netgear R7000P
Joined: 18 Mar 2014 Posts: 12922 Location: Netherlands
Posted: Thu Nov 18, 2021 10:17 Post subject:
You should really upgrade, your build already has some (minor) security issues.
Latest build as of today is 47656 see the build threads as outlined in the forum guidelines.
However your build should have the basic functionality.
Add in the OpenVPN Additional Config:
Code:
route 123.123.123.123 255.255.255.255 vpn_gateway
Now when the VPN is up there will be a static route made to route traffic for 123.123.123.123 via the VPN
You can check it from CLI (telnet/Putty) after the VPN is up with:
You rock!! I upgraded to the latest build because I had a free moment and set up OpenVPN again and my settings. I added the route like you said and it worked perfectly. I will say it is a lot easier and more elegant than the script approach haha. I am using this strange workaround to access my servers in the next room... I live in an apartment where each ethernet port in each room gets a different external IP address from a /23 block. That is fine but the problem is that they don't allow any traffic between the block (acls or something? not sure). So when I try to access the next room via the external IP it goes up to the ISP router and then gets bounced back with destination unreachable... Now if I use a VPN and come back then everything works. and I need the static route so that it is the longest match for accessing that IP (otherwise it tries to go the same path). Any ideas for a more elegant solution for this? Had a similar issue when doing some consulting work and the ISP had to put the other location on a different subnet to get everything to work. If not, no worries, this seems to work for now. Edit: I will add that we are avoiding drilling holes that is why I can’t just run a cable _________________ Router: Netgear R7000P