[SOLVED] Script to add route after OpenVPN tunnel is up

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
zer0pwn
DD-WRT Novice


Joined: 18 Nov 2021
Posts: 3

PostPosted: Thu Nov 18, 2021 8:48    Post subject: [SOLVED] Script to add route after OpenVPN tunnel is up Reply with quote
I have a script file that will find the correct tunnel and add a static route on startup but I was wondering if I need to make the script execute in a certain order: eg. do I need to make the script execute after OpenVPN is up and running? I am assuming the tun1 interface isn't available until after OpenVPN comes up therefore the route add will fail when referencing the tun1 adapter. This is an example of the script I have:

interface=$(ip addr | awk -F': ' '{print $2}' | grep tun)
route add -host 123.123.123.123 dev $interface

I appreciate any help with this!
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12839
Location: Netherlands

PostPosted: Thu Nov 18, 2021 9:24    Post subject: Reply with quote
You can simply add a static route via OpenVPN, no need to use a script.

See DDWRT Policy Based Routing guide. page 2:
"Routing using built-in VPN commands"

OpenVPN guides are a sticky in the Advanced networking forum:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327398

When you post always state router model and build number, routers and builds can have different functionality.

The general forum is not for router help (see the announcements in that forum).

Questions like these are better dealt with in the Advanced Networking forum to which I will transfer this thread.

But how can you know all this?

It is all in our helpful forum guidelines Smile

To get the best out of DDWRT and the forum read the forum guidelines with helpful pointers about how to research your router, where and what to download, where and how to post and many other helpful tips:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
zer0pwn
DD-WRT Novice


Joined: 18 Nov 2021
Posts: 3

PostPosted: Thu Nov 18, 2021 10:05    Post subject: Reply with quote
Thank you for information, it is really helpful and I am reading through it. I currently have a Netgear R7000P running DD-WRT v3.0-r45219 std (12/31/20). I think I can upgrade but this has been pretty stable. I notice that I don't see the PBR extra routing tables in this build and I think that it says it started in build 45385. Since I don't see a recommended build, should I just try out builds and see if they are stable for me? I don't mind running a script either to keep this build. I ended up with something like this with .wanup extension in /jffs/etc/config

#!/bin/bash
until interface=$(ip addr | awk -F': ' '{print $2}' | grep tun)
do
sleep 10
done

if ! ip route | grep "123.123.123.123 dev $interface scope link" &>/dev/null; then
route add -host 123.123.123.123 dev $interface
fi

I will need some time to upgrade the build when my family isn't all using the internet
Razz

_________________
Router: Netgear R7000P
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12839
Location: Netherlands

PostPosted: Thu Nov 18, 2021 10:17    Post subject: Reply with quote
You should really upgrade, your build already has some (minor) security issues.
Latest build as of today is 47656 see the build threads as outlined in the forum guidelines.

However your build should have the basic functionality.
Add in the OpenVPN Additional Config:
Code:
route 123.123.123.123 255.255.255.255 vpn_gateway


Now when the VPN is up there will be a static route made to route traffic for 123.123.123.123 via the VPN

You can check it from CLI (telnet/Putty) after the VPN is up with:
Code:
ip route show

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
zer0pwn
DD-WRT Novice


Joined: 18 Nov 2021
Posts: 3

PostPosted: Thu Nov 18, 2021 11:06    Post subject: Reply with quote
You rock!! I upgraded to the latest build because I had a free moment and set up OpenVPN again and my settings. I added the route like you said and it worked perfectly. I will say it is a lot easier and more elegant than the script approach haha. I am using this strange workaround to access my servers in the next room... I live in an apartment where each ethernet port in each room gets a different external IP address from a /23 block. That is fine but the problem is that they don't allow any traffic between the block (acls or something? not sure). So when I try to access the next room via the external IP it goes up to the ISP router and then gets bounced back with destination unreachable... Now if I use a VPN and come back then everything works. and I need the static route so that it is the longest match for accessing that IP (otherwise it tries to go the same path). Any ideas for a more elegant solution for this? Had a similar issue when doing some consulting work and the ISP had to put the other location on a different subnet to get everything to work. If not, no worries, this seems to work for now. Edit: I will add that we are avoiding drilling holes that is why I can’t just run a cable
_________________
Router: Netgear R7000P
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum