jon sumisu
New Around Here
Hi
Could someone please help me with this. I want to route either certain remote domains through the VPN, or only one local client through the VPN. I've had a look at some tutorials for ipset, iptables and dnsmasq and, although I can take in the syntax, none of them show how it all goes together to accomplish what I want.
I found the example below and followed the instructions by Alexander Ryzhov near the bottom of the page:
https://bitbucket.org/padavan/rt-n56u/issues/580/routing-some-local-ip-through-vpn-and-let
I double checked every step but I just can't get it to work. Whatismyip is showing my own IP and tunein is showing the content for my location. That example was for the RT-N56U where as I have the RT-N65U, but the padavan settings and options seem the be the same for both machines.
Here is a syslog:
May 12 14:20:34 RT-N65U: starting OpenVPN client...
May 12 14:20:34 openvpn-cli[615]: OpenVPN 2.3.12 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 5 2017
May 12 14:20:34 openvpn-cli[615]: library versions: OpenSSL 1.0.1u 22 Sep 2016, LZO 2.09
May 12 14:20:34 openvpn-cli[616]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 12 14:20:34 openvpn-cli[616]: Control Channel MTU parms [ L:1601 D:1212 EF:38 EB:0 ET:0 EL:3 ]
May 12 14:20:34 openvpn-cli[616]: Socket Buffers: R=[163840->163840] S=[163840->163840]
May 12 14:20:34 openvpn-cli[616]: Data Channel MTU parms [ L:1601 D:1450 EF:69 EB:12 ET:32 EL:3 ]
May 12 14:20:34 openvpn-cli[616]: UDPv4 link local: [undef]
May 12 14:20:34 openvpn-cli[616]: UDPv4 link remote: [AF_INET]67.205.143.111:1194
May 12 14:20:34 openvpn-cli[616]: TLS: Initial packet from [AF_INET]67.205.143.111:1194, sid=2fd0ed9b 76b5e4d1
May 12 14:20:34 openvpn-cli[616]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 12 14:20:34 openvpn-cli[616]: VERIFY OK: depth=1, C=CH, ST=CH, L=Zurich, O=Offshore Security LTD, OU= , CN=VPNArea, name= , emailAddress=keys@vpnarea.com
May 12 14:20:34 openvpn-cli[616]: Validating certificate key usage
May 12 14:20:34 openvpn-cli[616]: ++ Certificate has key usage 00a0, expects 00a0
May 12 14:20:34 openvpn-cli[616]: VERIFY KU OK
May 12 14:20:34 openvpn-cli[616]: Validating certificate extended key usage
May 12 14:20:34 openvpn-cli[616]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
May 12 14:20:34 openvpn-cli[616]: VERIFY EKU OK
May 12 14:20:34 openvpn-cli[616]: VERIFY OK: depth=0, C=CH, ST=CH, L=Zurich, O=Offshore Security LTD, OU= , CN=VPNArea, name= , emailAddress=keys@vpnarea.com
May 12 14:20:36 openvpn-cli[616]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
May 12 14:20:36 openvpn-cli[616]: Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
May 12 14:20:36 openvpn-cli[616]: NOTE: --mute triggered...
May 12 14:20:36 openvpn-cli[616]: 3 variation(s) on previous 10 message(s) suppressed by --mute
May 12 14:20:36 openvpn-cli[616]: [VPNArea] Peer Connection Initiated with [AF_INET]67.205.143.111:1194
May 12 14:20:38 openvpn-cli[616]: SENT CONTROL [VPNArea]: 'PUSH_REQUEST' (status=1)
May 12 14:20:38 openvpn-cli[616]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 167.71.248.31,dhcp-option DNS 188.166.37.89,explicit-exit-notify 5,sndbuf 786432,rcvbuf 786432,route 10.186.35.1,topology net30,ping 10,ping-restart 120,ifconfig 10.186.35.18 10.186.35.17,peer-id 3'
May 12 14:20:38 openvpn-cli[616]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: explicit-exit-notify (2.3.12)
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: timers and/or timeouts modified
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
May 12 14:20:38 openvpn-cli[616]: Socket Buffers: R=[163840->1572864] S=[163840->1572864]
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: --ifconfig/up options modified
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: route options modified
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: peer-id set
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: adjusting link_mtu to 1604
May 12 14:20:38 openvpn-cli[616]: TUN/TAP device tun0 opened
May 12 14:20:38 openvpn-cli[616]: TUN/TAP TX queue length set to 100
May 12 14:20:38 openvpn-cli[616]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
May 12 14:20:38 openvpn-cli[616]: /sbin/ifconfig tun0 10.186.35.18 pointopoint 10.186.35.17 mtu 1500
May 12 14:20:38 openvpn-cli[616]: ovpnc.script tun0 1500 1604 10.186.35.18 10.186.35.17 init
May 12 14:20:38 dnsmasq[469]: read /etc /hosts - 8 addresses
May 12 14:20:38 dnsmasq[469]: read /etc /storage /dnsmasq /hosts - 0 addresses
May 12 14:20:38 dnsmasq-dhcp[469]: read /etc /dnsmasq /dhcp /dhcp-hosts.rc
May 12 14:20:38 dnsmasq[469]: using nameserver 8.8.8.8#53 for domain tunein.com
May 12 14:20:38 dnsmasq[469]: using nameserver 8.8.8.8#53 for domain whatismyip.com
May 12 14:20:38 dnsmasq[469]: using nameserver 167.71.248.31#53
May 12 14:20:38 dnsmasq[469]: using nameserver 188.166.37.89#53
May 12 14:20:38 vpnc-script: tun0 up
May 12 14:20:38 openvpn-cli[616]: Initialization Sequence Completed
I'm just learning so I can't tell if anything is wrong with this. I can see one error in the middle, is that causing problems?
jon
Could someone please help me with this. I want to route either certain remote domains through the VPN, or only one local client through the VPN. I've had a look at some tutorials for ipset, iptables and dnsmasq and, although I can take in the syntax, none of them show how it all goes together to accomplish what I want.
I found the example below and followed the instructions by Alexander Ryzhov near the bottom of the page:
https://bitbucket.org/padavan/rt-n56u/issues/580/routing-some-local-ip-through-vpn-and-let
I double checked every step but I just can't get it to work. Whatismyip is showing my own IP and tunein is showing the content for my location. That example was for the RT-N56U where as I have the RT-N65U, but the padavan settings and options seem the be the same for both machines.
Here is a syslog:
May 12 14:20:34 RT-N65U: starting OpenVPN client...
May 12 14:20:34 openvpn-cli[615]: OpenVPN 2.3.12 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 5 2017
May 12 14:20:34 openvpn-cli[615]: library versions: OpenSSL 1.0.1u 22 Sep 2016, LZO 2.09
May 12 14:20:34 openvpn-cli[616]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
May 12 14:20:34 openvpn-cli[616]: Control Channel MTU parms [ L:1601 D:1212 EF:38 EB:0 ET:0 EL:3 ]
May 12 14:20:34 openvpn-cli[616]: Socket Buffers: R=[163840->163840] S=[163840->163840]
May 12 14:20:34 openvpn-cli[616]: Data Channel MTU parms [ L:1601 D:1450 EF:69 EB:12 ET:32 EL:3 ]
May 12 14:20:34 openvpn-cli[616]: UDPv4 link local: [undef]
May 12 14:20:34 openvpn-cli[616]: UDPv4 link remote: [AF_INET]67.205.143.111:1194
May 12 14:20:34 openvpn-cli[616]: TLS: Initial packet from [AF_INET]67.205.143.111:1194, sid=2fd0ed9b 76b5e4d1
May 12 14:20:34 openvpn-cli[616]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
May 12 14:20:34 openvpn-cli[616]: VERIFY OK: depth=1, C=CH, ST=CH, L=Zurich, O=Offshore Security LTD, OU= , CN=VPNArea, name= , emailAddress=keys@vpnarea.com
May 12 14:20:34 openvpn-cli[616]: Validating certificate key usage
May 12 14:20:34 openvpn-cli[616]: ++ Certificate has key usage 00a0, expects 00a0
May 12 14:20:34 openvpn-cli[616]: VERIFY KU OK
May 12 14:20:34 openvpn-cli[616]: Validating certificate extended key usage
May 12 14:20:34 openvpn-cli[616]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
May 12 14:20:34 openvpn-cli[616]: VERIFY EKU OK
May 12 14:20:34 openvpn-cli[616]: VERIFY OK: depth=0, C=CH, ST=CH, L=Zurich, O=Offshore Security LTD, OU= , CN=VPNArea, name= , emailAddress=keys@vpnarea.com
May 12 14:20:36 openvpn-cli[616]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
May 12 14:20:36 openvpn-cli[616]: Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
May 12 14:20:36 openvpn-cli[616]: NOTE: --mute triggered...
May 12 14:20:36 openvpn-cli[616]: 3 variation(s) on previous 10 message(s) suppressed by --mute
May 12 14:20:36 openvpn-cli[616]: [VPNArea] Peer Connection Initiated with [AF_INET]67.205.143.111:1194
May 12 14:20:38 openvpn-cli[616]: SENT CONTROL [VPNArea]: 'PUSH_REQUEST' (status=1)
May 12 14:20:38 openvpn-cli[616]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 167.71.248.31,dhcp-option DNS 188.166.37.89,explicit-exit-notify 5,sndbuf 786432,rcvbuf 786432,route 10.186.35.1,topology net30,ping 10,ping-restart 120,ifconfig 10.186.35.18 10.186.35.17,peer-id 3'
May 12 14:20:38 openvpn-cli[616]: Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: explicit-exit-notify (2.3.12)
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: timers and/or timeouts modified
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
May 12 14:20:38 openvpn-cli[616]: Socket Buffers: R=[163840->1572864] S=[163840->1572864]
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: --ifconfig/up options modified
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: route options modified
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: peer-id set
May 12 14:20:38 openvpn-cli[616]: OPTIONS IMPORT: adjusting link_mtu to 1604
May 12 14:20:38 openvpn-cli[616]: TUN/TAP device tun0 opened
May 12 14:20:38 openvpn-cli[616]: TUN/TAP TX queue length set to 100
May 12 14:20:38 openvpn-cli[616]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
May 12 14:20:38 openvpn-cli[616]: /sbin/ifconfig tun0 10.186.35.18 pointopoint 10.186.35.17 mtu 1500
May 12 14:20:38 openvpn-cli[616]: ovpnc.script tun0 1500 1604 10.186.35.18 10.186.35.17 init
May 12 14:20:38 dnsmasq[469]: read /etc /hosts - 8 addresses
May 12 14:20:38 dnsmasq[469]: read /etc /storage /dnsmasq /hosts - 0 addresses
May 12 14:20:38 dnsmasq-dhcp[469]: read /etc /dnsmasq /dhcp /dhcp-hosts.rc
May 12 14:20:38 dnsmasq[469]: using nameserver 8.8.8.8#53 for domain tunein.com
May 12 14:20:38 dnsmasq[469]: using nameserver 8.8.8.8#53 for domain whatismyip.com
May 12 14:20:38 dnsmasq[469]: using nameserver 167.71.248.31#53
May 12 14:20:38 dnsmasq[469]: using nameserver 188.166.37.89#53
May 12 14:20:38 vpnc-script: tun0 up
May 12 14:20:38 openvpn-cli[616]: Initialization Sequence Completed
I'm just learning so I can't tell if anything is wrong with this. I can see one error in the middle, is that causing problems?
jon
Last edited: