Recent content by Charles Wilkinson
-
Domain-based VPN Routing Script
Ah, that makes sense. Apologies, I couldn't follow the whole flow of your approach from reading the code for only an hour or so, so wasn't sure how you were handling the IPs once collected. I considered doing something similar, but since my approach creates VPN Director rules, I have a hard...- Charles Wilkinson
- Post #127
- Forum: Asuswrt-Merlin AddOns
-
Domain-based VPN Routing Script
Hey @Ranger802004 I've built something very similar myself and found a limitation that I think your excellent script also suffers from and so I thought I would share. Basically, it stems from the limitation of using nslookup to get a list of IPs from a domain name. Some big sites (like...- Charles Wilkinson
- Post #125
- Forum: Asuswrt-Merlin AddOns
-
VPN selective Routing for specific Websites and Apps
For anyone else who is using my script, I have recently published some major updates to it and have moved it to github to make it easier for people to see if it has changed. It's been significantly improved and several bugs have been squashed. I also recommend reading the Limitation section in...- Charles Wilkinson
- Post #24
- Forum: Asuswrt-Merlin
-
VPN selective Routing for specific Websites and Apps
Hey there @machinist, sorry for not replying sooner - I didn't spot this question until now. Possibly, but I'm not sure how Merlin's code would handle two conflicting/overlapping rules. The UI says: But I'm not sure how to interpret them in your specific example. However, it may be moot...- Charles Wilkinson
- Post #23
- Forum: Asuswrt-Merlin
-
Will Merlin FW get ability in VPN director to add rules based on domain?
Hmm. The script only restarts the VPN routing if it detects a change. Perhaps on reboot we need to force it to. Try adding service restart_vpnrouting0 to the firewall-start script after /jffs/scripts/vpn_director_host_rules.sh and see if that works.- Charles Wilkinson
- Post #9
- Forum: Asuswrt-Merlin
-
VPN selective Routing for specific Websites and Apps
I may do that :-) I was actually thinking of turning this into a proper addon with a GUI if I can find the time to learn how. Merlin's docs look pretty good, so I may give it a go.- Charles Wilkinson
- Post #18
- Forum: Asuswrt-Merlin
-
VPN selective Routing for specific Websites and Apps
Sorry - I made a silly copy/paste error when updating my blog. Go fetch the script again and it should work. I've replaced the list of hosts at the top with a list of 'rules'. A 'rule' is a hostname and an interface separated by '|' e.g. netflix.com|OVPN1 At the moment, you can't restrict to a...- Charles Wilkinson
- Post #17
- Forum: Asuswrt-Merlin
-
Will Merlin FW get ability in VPN director to add rules based on domain?
I actually created a script to do exactly what you are asking for. You can find it here: https://charleswilkinson.co.uk/2021/11/21/asus-merlin-route-via-vpn-for-specific-destination-hosts/ Let me know if it works for you :-)- Charles Wilkinson
- Post #6
- Forum: Asuswrt-Merlin
-
VPN selective Routing for specific Websites and Apps
Ok, so NOW it’s working. Was fighting a weird bug where the manually created rules were being deleted only when the job ran in cron, not when run manually. Turned out to be a different PATH invoking different versions of grep. I thought I was going mad.- Charles Wilkinson
- Post #14
- Forum: Asuswrt-Merlin
-
VPN selective Routing for specific Websites and Apps
Ok, so I think I have fixed it. I have done limited testing, so let me know if it works ok for you :-) All generated rules get the prefix 'AUTO-DNS-' so the script can separate them from manually created rules.- Charles Wilkinson
- Post #13
- Forum: Asuswrt-Merlin
-
VPN selective Routing for specific Websites and Apps
Yes, sorry - I should have been clear that it would replace any manually created rules. Maybe this weekend I will try to make it preserve them.- Charles Wilkinson
- Post #12
- Forum: Asuswrt-Merlin
-
VPN selective Routing for specific Websites and Apps
Hey Bambino, I found this thread when doing my own research and so thought I would come back and share the solution I have whipped up. It's not perfect, but I think it does just what you want. It lets you route traffic to certain domains over the VPN exclusively. I run the same hardware as you...- Charles Wilkinson
- Post #10
- Forum: Asuswrt-Merlin
-
More Easily Enable/Disable VPN Director Rule
Hey guys, I spent a load of time playing with this building on the ideas above and have created a script for managing VPN Director rules that has the following benefits: It lets you specify destination hosts that you want to route over the VPN (for all local devices). Want to send all traffic...- Charles Wilkinson
- Post #13
- Forum: Asuswrt-Merlin
-
VPN Director Wiki
Hey guys, I spent a load of time playing with this building on the ideas above and have created a script for managing VPN Director rules that has the following benefits: It lets you specify destination hosts that you want to route over the VPN (for all local devices). Want to send all traffic...- Charles Wilkinson
- Post #19
- Forum: Asuswrt-Merlin
-
Isolate devices without a separate subnet?
That is actually pretty cunning. I might just get the managed switch though - I think it will be a neater solution. Just annoyed that I bought an unmanaged one only a few days ago. Threw the packaging away :( It's a shame it doesn't seem to be possible to do MAC address-based VLAN tagging on...- Charles Wilkinson
- Post #3
- Forum: Asuswrt-Merlin
