1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Custom firmware build for R9000

Discussion in 'NETGEAR AC Wireless' started by Voxel, Jul 13, 2017.

Tags:
  1. saki2fifty

    saki2fifty New Around Here

    Joined:
    Aug 19, 2018
    Messages:
    7
    I have camera's that I do not want to go over the VPN and in the documentation regarding "Bypassing OpenVPN client tunnel", I had to do the following to get it to work.

    The script in the docs add the route:
    Code:
    /usr/sbin/ip route add table 200 default via $WAN_GWAY dev brwan
    However, when I look at all gateway variables:
    Code:
    [email protected]:~$ config show | grep "gateway"
    bridge_dhcp_gateway=0.0.0.0
    bridge_gateway=0.0.0.0
    extender_gateway=0.0.0.0
    wan_dhcp_gateway=22.22.22.1
    ap_dhcp_gateway=0.0.0.0
    lan_gateway=0.0.0.0
    wan_gateway=10.0.0.1
    ap_gateway=0.0.0.0
    
    ... 10.0.0.1 doesn't exist for "wan_gateway", and when ./ovpnclient-up.sh runs, it would not update the table and just errors out with a "netmask 000000ff" error.

    The fix was to make 2 changes. Change the WAN_GWAY var, and well as adding "metric 100" to the route:

    /etc/openvpn/ovpnclient-up.sh:
    Code:
    #!/bin/sh
    
    /sbin/ledcontrol -n power -c green -s on
    
    # Don't forget to reserve the list of IPs for exclusion devices on the DHCP server
    # Edit the following IP list to bypass the VPN. Seperate individual IP's using a single space between them.
    
    NO_VPN_LST="192.168.1.xx 192.168.1.xx 192.168.1.xx"
    WAN_GWAY=`nvram get wan_dhcp_gateway`
    for excludeip in $NO_VPN_LST; do
       /usr/sbin/ip rule add from $excludeip table 200
    done
    /usr/sbin/ip route add table 200 default via $WAN_GWAY dev brwan metric 100
    /usr/sbin/ip route flush cache
    exit 0
    
    
    Anyways, it may or may not help others... helped me!
     
    Last edited: Jan 18, 2019
  2. kamoj

    kamoj Senior Member

    Joined:
    May 12, 2017
    Messages:
    489
    I dont know what "documentation" you are refering to,
    but have you read and tried this?:
    https://www.snbforums.com/threads/voxel-vpn-connection-problem.50078/page-2#post-446788

    (The internal gateway variables are not correct in eg AP mode)
     
    Voxel likes this.
  3. saki2fifty

    saki2fifty New Around Here

    Joined:
    Aug 19, 2018
    Messages:
    7
    Voxel has replied numerous times with "Have you read my documentation?", "There's some really good docs here..", etc. So, his docs. Maybe I should had said "readme".

    No, but I will. Thx!

    I'm glad I didn't see that post, i've learned a lot about my router. :) (been reading everything I can on his various posts on the various forums)
     
    kamoj likes this.
  4. saki2fifty

    saki2fifty New Around Here

    Joined:
    Aug 19, 2018
    Messages:
    7
    Ah, this is how you are getting the true WAN_GWAY. Gonna read through it a bit more and make the change...

    Code:
    WAN_GWAY=`ip route | awk '/^default/{print $3}'`
     
  5. kamoj

    kamoj Senior Member

    Joined:
    May 12, 2017
    Messages:
    489