Spilt Tunnelling and Policy Routing

[TiTex]

... modifications in color , hopefully i didn't break anything

#!/bin/sh

USERNAME="username"
PASSWORD="password"
PROTOCOL="udp"
# Add - delete - edit servers between ##BB## and ##EE##
REMOTE_SERVERS="
##BB##
# US - EAST
remote VPN Server 1194
##EE##
"

#### DO NOT CHANGE below this line unless you know exactly what you're doing ####

CA_CRT='-----BEGIN CERTIFICATE-----
MIID2jCCA0OgAwIBAgIJAOtqMkR2JSXrMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCT0gxETAPBgNVBAcTCENvbHVtYnVzMSAwHgYDVQQK
ExdQcml2YXRlIEludGVybmV0IEFjY2VzczEjMCEGA1UEAxMaUHJpdmF0ZSBJbnRl
cm5ldCBBY2Nlc3MgQ0ExLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50
ZXJuZXRhY2Nlc3MuY29tMB4XDTEwMDgyMTE4MjU1NFoXDTIwMDgxODE4MjU1NFow
gaUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMx
IDAeBgNVBAoTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2
YXRlIEludGVybmV0IEFjY2VzcyBDQTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHBy
aXZhdGVpbnRlcm5ldGFjY2Vzcy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBAOlVlkHcxfN5HAswpryG7AN9CvcvVzcXvSEo91qAl/IE8H0knKZkIAhe/z3m
hz0t91dBHh5yfqwrXlGiyilplVB9tfZohvcikGF3G6FFC9j40GKP0/d22JfR2vJt
4/5JKRBlQc9wllswHZGmPVidQbU0YgoZl00bAySvkX/u1005AgMBAAGjggEOMIIB
CjAdBgNVHQ4EFgQUl8qwY2t+GN0pa/wfq+YODsxgVQkwgdoGA1UdIwSB0jCBz4AU
l8qwY2t+GN0pa/wfq+YODsxgVQmhgaukgagwgaUxCzAJBgNVBAYTAlVTMQswCQYD
VQQIEwJPSDERMA8GA1UEBxMIQ29sdW1idXMxIDAeBgNVBAoTF1ByaXZhdGUgSW50
ZXJuZXQgQWNjZXNzMSMwIQYDVQQDExpQcml2YXRlIEludGVybmV0IEFjY2VzcyBD
QTEvMC0GCSqGSIb3DQEJARYgc2VjdXJlQHByaXZhdGVpbnRlcm5ldGFjY2Vzcy5j
b22CCQDrajJEdiUl6zAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBAByH
atXgZzjFO6qctQWwV31P4qLelZzYndoZ7olY8ANPxl7jlP3YmbE1RzSnWtID9Gge
fsKHi1jAS9tNP2E+DCZiWcM/5Y7/XKS/6KvrPQT90nM5klK9LfNvS+kFabMmMBe2
llQlzAzFiIfabACTQn84QLeLOActKhK8hFJy2Gy6
-----END CERTIFICATE-----'

OPVPNENABLE=`nvram get openvpncl_enable | awk '$1 == "0" {print $1}'`

if [ "$OPVPNENABLE" != 0 ]; then
nvram set openvpncl_enable=0
nvram commit
fi

sleep 10
mkdir /tmp/pia; cd /tmp/pia
echo -e "$USERNAME\n$PASSWORD" > userpass.conf
echo "$CA_CRT" > ca.crt
sleep 10

echo "#!/bin/sh" > /tmp/pia/route-up.sh
#echo "sleep 30" >> /tmp/pia/route-up.sh#- i'm not sure if you need this line, maybe change it to 5-10 seconds
echo "iptables -t nat -I POSTROUTING -o tun1 -j MASQUERADE" >> /tmp/pia/route-up.sh
echo "ip route show table main | grep -Ev ^default | while read ROUTE ; do ip route add table 25 $ROUTE; done" >> /tmp/pia/route-up.sh
echo "gvip=$(ifconfig | grep -A 1 tun1 | grep inet | cut -d: -f3 | cut -d' ' -f1)" >> /tmp/pia/route-up.sh
echo "ip route add table 25 default via $gvip dev tun1" >> /tmp/pia/route-up.sh
echo "ip rule add from 192.168.0.109 table 25" >> /tmp/pia/route-up.sh
echo "ip rule add to 66.171.248.172 table main" >> /tmp/pia/route-up.sh
echo "ip route flush cache" >> /tmp/pia/route-up.sh

echo "#!/bin/sh" > /tmp/pia/route-down.sh
echo "iptables -t nat -D POSTROUTING -o tun1 -j MASQUERADE" >> /tmp/pia/route-down.sh
echo "ip route flush table 25" >> /tmp/pia/route-down.sh
echo "ip rule flush" >> /tmp/pia/route-down.sh
echo "ip rule add from all lookup main pref 32766" >> /tmp/pia/route-down.sh
echo "ip rule add from all lookup default pref 32767" >> /tmp/pia/route-down.sh
echo "ip route flush cache" >> /tmp/pia/route-down.sh

chmod 644 ca.crt; chmod 600 userpass.conf; chmod 700 route-up.sh route-down.sh

echo "client
auth-user-pass /tmp/pia/userpass.conf
management 127.0.0.1 5001
management-log-cache 50
dev tun0
proto $PROTOCOL
comp-lzo adaptive
fast-io
script-security 2
mtu-disc yes
verb 4
mute 5
cipher bf-cbc
auth sha1
tun-mtu 1500
resolv-retry infinite
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
log-append piavpn.log
ca ca.crt
status-version 3
status status
daemon
$REMOTE_SERVERS" > pia.conf
ln -s /tmp/pia/piavpn.log /tmp/piavpn.log
ln -s /tmp/pia/status /tmp/status
(killall openvpn; openvpn --config /tmp/pia/pia.conf --up /tmp/pia/route-up.sh --down /tmp/pia/route-down.sh) &
exit 0

[crows]

Thanks I'll give this a go...but one way or another it works as is, with those few entries in the start-up script tab.

I cant find an area to donate to forum, I'm happy to contribute a little to Titex and Eddie, to thank you guys for taking the time to help me and being ever so patient.

Regards

[TiTex]

i found on google this image https://www.ivpn.net/images/screens/ins ... 4x1240.jpg , is this how your Openvpn interface looks like on the GUI ?
If you have the additional config option you can just add in that box

Code: Select all

up /tmp/pia/route-up.sh 
down /tmp/pia/route-down.sh

and in your router startup script

Code: Select all

echo "#!/bin/sh" > /tmp/pia/route-up.sh
echo "iptables -t nat -I POSTROUTING -o tun1 -j MASQUERADE" >> /tmp/pia/route-up.sh
echo "ip route show table main | grep -Ev ^default | while read ROUTE ; do ip route add table 25 $ROUTE; done" >> /tmp/pia/route-up.sh
echo "gvip=$(ifconfig | grep -A 1 tun1 | grep inet | cut -d: -f3 | cut -d' ' -f1)" >> /tmp/pia/route-up.sh
echo "ip route add table 25 default via $gvip dev tun1" >> /tmp/pia/route-up.sh
echo "ip rule add from 192.168.0.109 table 25" >> /tmp/pia/route-up.sh
echo "ip rule add to 66.171.248.172 table main" >> /tmp/pia/route-up.sh
echo "ip route flush cache" >> /tmp/pia/route-up.sh

echo "#!/bin/sh" > /tmp/pia/route-down.sh
echo "iptables -t nat -D POSTROUTING -o tun1 -j MASQUERADE" >> /tmp/pia/route-down.sh
echo "ip route flush table 25" >> /tmp/pia/route-down.sh
echo "ip rule flush" >> /tmp/pia/route-down.sh
echo "ip rule add from all lookup main pref 32766" >> /tmp/pia/route-down.sh
echo "ip rule add from all lookup default pref 32767" >> /tmp/pia/route-down.sh
echo "ip route flush cache" >> /tmp/pia/route-down.sh

chmod 700 route-up.sh route-down.sh

and use the GUI for controlling openvpn

[EddieA]

This has turned into "What a Long Strange Trip It's Been" with apologies to the Grateful Dead.

Lets get back to where we were a while ago. Start the VPN withe the "route-nopull" option and *NO* additional scripts. List all the routing tables created looking for the one that contains: default via <ppp0 gateway IP> dev ppp0. Make a note of it's name. If it's called "default", and it's the only entry in that table, then provided the previous table is "main" and doesn't contain a default route, you can use "main". All the routing for ppp0 is set up correctly already.

Add "route-nopull" to the configuration and build the following --up and --down scripts. Not, --route-up/down (comments added for clarity):

Code: Select all

echo "#!/bin/sh" > /tmp/pia/up.sh
echo "iptables -t nat -A POSTROUTING -o $1 -j MASQUERADE" >> /tmp/pia/up.sh  # Masquerade the tunnel device
echo "ip route add default via $5 dev $1 table 25" >> /tmp/pia/up.sh  # Create a default route for the tunnel
echo "ip rule add from 192.168.0.109 table 25" >> /tmp/pia/up.sh  #  Force everything from here through tunnel
echo "ip rule add to 66.171.248.172 table <table noted above>" >> /tmp/pia/up.sh  # For this website use ppp0.  Rule will appear in list ahead  of previous rule as they are added in reverse sequence
echo "ip route flush cache" >> /tmp/pia/up.sh
echo 2 > /proc/sys/net/ipv4/conf/$1/rp_filter" >> /tmp/pia/up.sh  # Might be needed depending on distro

Code: Select all

echo "#!/bin/sh" > /tmp/pia/down.sh
echo "iptables -t nat -D POSTROUTING -o $1 -j MASQUERADE" >> /tmp/pia/down.sh  # Drop the masquerade
echo "ip route del table 25" >> /tmp/pia/down.sh  # Drop the table
echo "ip rule del from 192.168.0.109" >> /tmp/pia/down.sh  # Drop the rule
echo "ip rule del to 66.171.248.172" >> /tmp/pia/down.sh  # Drop this as well
echo "ip route flush cache" >> /tmp/pia/down.sh

Cheers.

[EddieA]

@TiTex.

Unfortunately you can't always guarantee table "main" will always drop through to the default route. Which is why I suggested listing the tables to find the correct one.

Although, copying "main" and then adding it's own default should work in 99.9% of the cases.

Cheers.

[TiTex]

This has turned into "What a Long Strange Trip It's Been" with apologies to the Grateful Dead.

so true , probably because if have a lot of free time when i'm at work )

[crows]

Yes that's what the GUI looks like, and my preference is to control this way because it provides you with the ability of checking staus etc...I will do it this way.

BTW got back from work today and everything had stopped, ISP still working though. Will make these changes now.

i found on google this image https://www.ivpn.net/images/screens/ins ... 4x1240.jpg , is this how your Openvpn interface looks like on the GUI ?
If you have the additional config option you can just add in that box

Code: Select all

up /tmp/pia/route-up.sh 
down /tmp/pia/route-down.sh

and in your router startup script

Code: Select all

echo "#!/bin/sh" > /tmp/pia/route-up.sh
echo "iptables -t nat -I POSTROUTING -o tun1 -j MASQUERADE" >> /tmp/pia/route-up.sh
echo "ip route show table main | grep -Ev ^default | while read ROUTE ; do ip route add table 25 $ROUTE; done" >> /tmp/pia/route-up.sh
echo "gvip=$(ifconfig | grep -A 1 tun1 | grep inet | cut -d: -f3 | cut -d' ' -f1)" >> /tmp/pia/route-up.sh
echo "ip route add table 25 default via $gvip dev tun1" >> /tmp/pia/route-up.sh
echo "ip rule add from 192.168.0.109 table 25" >> /tmp/pia/route-up.sh
echo "ip rule add to 66.171.248.172 table main" >> /tmp/pia/route-up.sh
echo "ip route flush cache" >> /tmp/pia/route-up.sh

echo "#!/bin/sh" > /tmp/pia/route-down.sh
echo "iptables -t nat -D POSTROUTING -o tun1 -j MASQUERADE" >> /tmp/pia/route-down.sh
echo "ip route flush table 25" >> /tmp/pia/route-down.sh
echo "ip rule flush" >> /tmp/pia/route-down.sh
echo "ip rule add from all lookup main pref 32766" >> /tmp/pia/route-down.sh
echo "ip rule add from all lookup default pref 32767" >> /tmp/pia/route-down.sh
echo "ip route flush cache" >> /tmp/pia/route-down.sh

chmod 700 route-up.sh route-down.sh

and use the GUI for controlling openvpn

[crows]

Bugga openvpn doesn't start-up if I do this...hmm here I go again it must be the file location of the script?

Maybe the first 2 lines should be like this:

#!/bin/sh
/tmp/pia/route-up.sh

Then other commands to follow? I saw something like this somewhere, cant find it now.

Yes that's what the GUI looks like, and my preference is to control this way because it provides you with the ability of checking staus etc...I will do it this way.

BTW got back from work today and everything had stopped, ISP still working though. Will make these changes now.

i found on google this image https://www.ivpn.net/images/screens/ins ... 4x1240.jpg , is this how your Openvpn interface looks like on the GUI ?
If you have the additional config option you can just add in that box

Code: Select all

up /tmp/pia/route-up.sh 
down /tmp/pia/route-down.sh

and in your router startup script

Code: Select all

echo "#!/bin/sh" > /tmp/pia/route-up.sh
echo "iptables -t nat -I POSTROUTING -o tun1 -j MASQUERADE" >> /tmp/pia/route-up.sh
echo "ip route show table main | grep -Ev ^default | while read ROUTE ; do ip route add table 25 $ROUTE; done" >> /tmp/pia/route-up.sh
echo "gvip=$(ifconfig | grep -A 1 tun1 | grep inet | cut -d: -f3 | cut -d' ' -f1)" >> /tmp/pia/route-up.sh
echo "ip route add table 25 default via $gvip dev tun1" >> /tmp/pia/route-up.sh
echo "ip rule add from 192.168.0.109 table 25" >> /tmp/pia/route-up.sh
echo "ip rule add to 66.171.248.172 table main" >> /tmp/pia/route-up.sh
echo "ip route flush cache" >> /tmp/pia/route-up.sh

echo "#!/bin/sh" > /tmp/pia/route-down.sh
echo "iptables -t nat -D POSTROUTING -o tun1 -j MASQUERADE" >> /tmp/pia/route-down.sh
echo "ip route flush table 25" >> /tmp/pia/route-down.sh
echo "ip rule flush" >> /tmp/pia/route-down.sh
echo "ip rule add from all lookup main pref 32766" >> /tmp/pia/route-down.sh
echo "ip rule add from all lookup default pref 32767" >> /tmp/pia/route-down.sh
echo "ip route flush cache" >> /tmp/pia/route-down.sh

chmod 700 route-up.sh route-down.sh

and use the GUI for controlling openvpn

[TiTex]

no , i made a mistake

Code: Select all

chmod 700 route-up.sh route-down.sh

should be

Code: Select all

chmod 700 /tmp/pia/route-up.sh /tmp/pia/route-down.sh

you should also take in consideration EddieA's method , as it's using positional parameters which i think it's better than hardcoded

[crows]

Ok I have bad news for me, I have tried both scripts, Eddies and Titex,with these commands in the advanced settings Open VPN doesnt even start:

up /tmp/pia/route-up.sh (up.sh for Eddie)
down /tmp/pia/route-down.sh(down.sh for Eddie)

So I included this command because I couldnt see how the tmp/pia directories were created

mkdir /tmp/pia; cd /tmp/pia
up /tmp/pia/route-up.sh (up.sh for Eddie)
down /tmp/pia/route-down.sh(down.sh for Eddie)

Even we that change the openVPN would not start....so I inserted the scripts and the above in the start up command like this:

mkdir /tmp/pia; cd /tmp/pia
up /tmp/pia/route-up.sh
down /tmp/pia/route-down.sh



echo "#!/bin/sh" > /tmp/pia/route-up.sh
echo "iptables -t nat -I POSTROUTING -o tun1 -j MASQUERADE" >> /tmp/pia/route-up.sh
echo "ip route show table main | grep -Ev ^default | while read ROUTE ; do ip route add table 25 $ROUTE; done" >> /tmp/pia/route-up.sh
echo "gvip=$(ifconfig | grep -A 1 tun1 | grep inet | cut -d: -f3 | cut -d' ' -f1)" >> /tmp/pia/route-up.sh
echo "ip route add table 25 default via $gvip dev tun1" >> /tmp/pia/route-up.sh
echo "ip rule add from 192.168.0.109 table 25" >> /tmp/pia/route-up.sh
echo "ip rule add to 66.171.248.172 table main" >> /tmp/pia/route-up.sh
echo "ip route flush cache" >> /tmp/pia/route-up.sh

echo "#!/bin/sh" > /tmp/pia/route-down.sh
echo "iptables -t nat -D POSTROUTING -o tun1 -j MASQUERADE" >> /tmp/pia/route-down.sh
echo "ip route flush table 25" >> /tmp/pia/route-down.sh
echo "ip rule flush" >> /tmp/pia/route-down.sh
echo "ip rule add from all lookup main pref 32766" >> /tmp/pia/route-down.sh
echo "ip rule add from all lookup default pref 32767" >> /tmp/pia/route-down.sh
echo "ip route flush cache" >> /tmp/pia/route-down.sh

chmod 700 /tmp/pia/route-up.sh /tmp/pia/route-down.sh

This time openvpn would start but everything trafficking via ISP.

I'm happy for anyone to teamviewer into my system

[crows]

when I execute these commands via telnet

up /tmp/pia/route-up.sh
down /tmp/pia/route-down.sh

It says route-up.sh does not exist

How does this file get written to the directory, or is it automatically created?

[EddieA]

How does this file get written to the directory, or is it automatically created?

The "echo"s in your script create them.

Or you could manually create them and remove all the "echo"s from your script. That way you can just add the up/down command to the GUI and if you need to modify, just edit the scripts and re-start.

Lastly, I don't think you can include the "mkdir" as a VPN command.

Cheers.

[crows]

Can I execute any of the scripts provided recently, like the link provided?, to test...do I have to include any of the file paths?

up /tmp/pia/route-up.sh
down /tmp/pia/route-down.sh

https://www.tuvpn.com/en/tutorials/openvpn-ddwrt

How does this file get written to the directory, or is it automatically created?

The "echo"s in your script create them.

Or you could manually create them and remove all the "echo"s from your script. That way you can just add the up/down command to the GUI and if you need to modify, just edit the scripts and re-start.

Lastly, I don't think you can include the "mkdir" as a VPN command.

Cheers.

[EddieA]

That script creates a "canned" up and down script, which I have no idea of the contents. (Comments are mine):

Code: Select all

mkdir /tmp/ovpn  # Create a temporary directory
cd /tmp/ovpn  # Make it the current directory
nvram get ovpn_up>up  # Use program nvram to copy a file called ovpn_up to a new file in the current directory called up.
nvram get ovpn_dn>dn  # Ditto with down
chmod +x up dn  # Make those 2 new files executable

Which it then refers to in the configuration:

Code: Select all

route-up "/tmp/ovpn/up"  # At this point in the VPN start-up, execute this script
down "/tmp/ovpn/dn"  # At this point in the VPN shutdown, execute this script.

There's nothing stopping you creating any other scripts, as well as, or instead of, "up" and "down".

Then in the configuration, you say which script you want run at which point in the VPN startup or shutdown.

Basic Linux scripting.

Cheers.

[crows]

Thanks Eddie, let me see if I understand...I can actually ftp into my router so creating folders etc should be easy:

create a script file and syntax using the commands bellow, dropping the echos and any other referencing to the script including the "".

call it up.sh(and ensure to chmod 700)


#!/bin/sh
iptables -t nat -I POSTROUTING -o tun1 -j MASQUERADE
ip route show table main | grep -Ev ^default | while read ROUTE ; do ip route add table 25 $ROUTE; done"
gvip=$(ifconfig | grep -A 1 tun1 | grep inet | cut -d: -f3 | cut -d' ' -f1)
ip route add table 25 default via $gvip dev tun1
ip rule add from 192.168.0.109 table 25
ip rule add to 66.171.248.172 table main
ip route flush cache

Then create a directory using your example /tmp/ovpn

Then upload the script created above into this directory /tmp/ovn, i.e. in the up directory there will be a file called up.sh and do the same for the down script.

How will I call this script automatically? up or down...maybe in the advanced setting of OpenVPN, the system has to know when it starts it runs the up and when it resets it calls the down command.

Thanks

That script creates a "canned" up and down script, which I have no idea of the contents. (Comments are mine):

Code: Select all

mkdir /tmp/ovpn  # Create a temporary directory
cd /tmp/ovpn  # Make it the current directory
nvram get ovpn_up>up  # Use program nvram to copy a file called ovpn_up to a new file in the current directory called up.
nvram get ovpn_dn>dn  # Ditto with down
chmod +x up dn  # Make those 2 new files executable

Which it then refers to in the configuration:

Code: Select all

route-up "/tmp/ovpn/up"  # At this point in the VPN start-up, execute this script
down "/tmp/ovpn/dn"  # At this point in the VPN shutdown, execute this script.

There's nothing stopping you creating any other scripts, as well as, or instead of, "up" and "down".

Then in the configuration, you say which script you want run at which point in the VPN startup or shutdown.

Basic Linux scripting.

Cheers.

[crows]

I found something which may be useful, Ive sshed into the router and found route-up.sh and route-down.sh, so in reality these files are already there...all I need to do is overwrite them with the new files? they live in the /tmp/openvpncl

correct?

This is whats there now route-up
#!/bin/sh
iptables -D POSTROUTING -t nat -o tun1 -j MASQUERADE
iptables -I POSTROUTING -t nat -o tun1 -j MASQUERADE
iptables -D INPUT -i tun1 -j ACCEPT
iptables -D FORWARD -i tun1 -j ACCEPT
iptables -D FORWARD -o tun1 -j ACCEPT
iptables -I INPUT -i tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -j ACCEPT
iptables -I FORWARD -o tun1 -j ACCEPT
cat /tmp/resolv.dnsmasq > /tmp/resolv.dnsmasq_isp
env | grep 'dhcp-option DNS' | awk '{ print "nameserver " $3 }' > /tmp/resolv.dnsmasq
cat /tmp/resolv.dnsmasq_isp >> /tmp/resolv.dnsmasq

Route-Down
#!/bin/sh
iptables -D INPUT -i tun1 -j ACCEPT
iptables -D POSTROUTING -t nat -o tun1 -j MASQUERADE

[TiTex]

put this lines in your routers "startup script section" or what is called

Code: Select all

mkdir -p /tmp/pia/

echo "#!/bin/sh" > /tmp/pia/up.sh
echo "iptables -t nat -I POSTROUTING -o tun1 -j MASQUERADE" >> /tmp/pia/up.sh
echo "ip route show table main | grep -Ev ^default | while read ROUTE ; do ip route add table 25 $ROUTE; done" >> /tmp/pia/up.sh
echo "gvip=$(ifconfig | grep -A 1 tun1 | grep inet | cut -d: -f3 | cut -d' ' -f1)" >> /tmp/pia/up.sh
echo "ip route add table 25 default via $gvip dev tun1" >> /tmp/pia/up.sh
echo "ip rule add from 192.168.0.109 table 25" >> /tmp/pia/up.sh
echo "ip rule add to 66.171.248.172 table main" >> /tmp/pia/up.sh
echo "ip route flush cache" >> /tmp/pia/up.sh

echo "#!/bin/sh" > /tmp/pia/down.sh
echo "iptables -t nat -D POSTROUTING -o tun1 -j MASQUERADE" >> /tmp/pia/down.sh
echo "ip route flush table 25" >> /tmp/pia/down.sh
echo "ip rule flush" >> /tmp/pia/down.sh
echo "ip rule add from all lookup main pref 32766" >> /tmp/pia/down.sh
echo "ip rule add from all lookup default pref 32767" >> /tmp/pia/down.sh
echo "ip route flush cache" >> /tmp/pia/down.sh

chmod 700 /tmp/pia/up.sh /tmp/pia/down.sh

and this lines in your openvpn additional config box in the web GUI

Code: Select all

up /tmp/pia/up.sh
down /tmp/pia/down.sh

reboot the router , everything should be running

P.S. i don't think you can store any files on the router permanently , but you could ask on their forum if there is any non-volatile memory on dd-wrt

[crows]

Naah same as it was before OpenVPN doesnt start
I dont think the directory gets written, because I cant create a folder even with me logged into router via sshed
Do you want to teamview into my system if you have time

put this lines in your routers "startup script section" or what is called

Code: Select all

mkdir -p /tmp/pia/

echo "#!/bin/sh" > /tmp/pia/up.sh
echo "iptables -t nat -I POSTROUTING -o tun1 -j MASQUERADE" >> /tmp/pia/up.sh
echo "ip route show table main | grep -Ev ^default | while read ROUTE ; do ip route add table 25 $ROUTE; done" >> /tmp/pia/up.sh
echo "gvip=$(ifconfig | grep -A 1 tun1 | grep inet | cut -d: -f3 | cut -d' ' -f1)" >> /tmp/pia/up.sh
echo "ip route add table 25 default via $gvip dev tun1" >> /tmp/pia/up.sh
echo "ip rule add from 192.168.0.109 table 25" >> /tmp/pia/up.sh
echo "ip rule add to 66.171.248.172 table main" >> /tmp/pia/up.sh
echo "ip route flush cache" >> /tmp/pia/up.sh

echo "#!/bin/sh" > /tmp/pia/down.sh
echo "iptables -t nat -D POSTROUTING -o tun1 -j MASQUERADE" >> /tmp/pia/down.sh
echo "ip route flush table 25" >> /tmp/pia/down.sh
echo "ip rule flush" >> /tmp/pia/down.sh
echo "ip rule add from all lookup main pref 32766" >> /tmp/pia/down.sh
echo "ip rule add from all lookup default pref 32767" >> /tmp/pia/down.sh
echo "ip route flush cache" >> /tmp/pia/down.sh

chmod 700 /tmp/pia/up.sh /tmp/pia/down.sh

and this lines in your openvpn additional config box in the web GUI

Code: Select all

up /tmp/pia/up.sh
down /tmp/pia/down.sh

reboot the router , everything should be running

P.S. i don't think you can store any files on the router permanently , but you could ask on their forum if there is any non-volatile memory on dd-wrt

[crows]

Actually the router has a startup script and a shutdown script, It should work if I insert the 2 scripts in the appropriate areas yes? and remove all the directory referencing?

What Ive noticed last 2 days that after the script runs and works as expected, the day after for some unknown reason the machine 192.168.0.109 is no longer using VPN but in fact using the ISP again.
The openvpn status reports it as running with a valid remote connection. What would happen if 1:- The VPN momentarily drops out, and 2:My ISP drops out.

The routes should still be there, but if the gateway IP changes the script will then be broken yes?

I cant seem to win, surely this kind of stuff is done all the time.

[TiTex]

then create the folders somehere else and change the path of the scripts