Custom firmware build for R9000

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

saki2fifty

New Around Here
I have camera's that I do not want to go over the VPN and in the documentation regarding "Bypassing OpenVPN client tunnel", I had to do the following to get it to work.

The script in the docs add the route:
Code:
/usr/sbin/ip route add table 200 default via $WAN_GWAY dev brwan

However, when I look at all gateway variables:
Code:
[email protected]:~$ config show | grep "gateway"
bridge_dhcp_gateway=0.0.0.0
bridge_gateway=0.0.0.0
extender_gateway=0.0.0.0
wan_dhcp_gateway=22.22.22.1
ap_dhcp_gateway=0.0.0.0
lan_gateway=0.0.0.0
wan_gateway=10.0.0.1
ap_gateway=0.0.0.0

... 10.0.0.1 doesn't exist for "wan_gateway", and when ./ovpnclient-up.sh runs, it would not update the table and just errors out with a "netmask 000000ff" error.

The fix was to make 2 changes. Change the WAN_GWAY var, and well as adding "metric 100" to the route:

/etc/openvpn/ovpnclient-up.sh:
Code:
#!/bin/sh

/sbin/ledcontrol -n power -c green -s on

# Don't forget to reserve the list of IPs for exclusion devices on the DHCP server
# Edit the following IP list to bypass the VPN. Seperate individual IP's using a single space between them.

NO_VPN_LST="192.168.1.xx 192.168.1.xx 192.168.1.xx"
WAN_GWAY=`nvram get wan_dhcp_gateway`
for excludeip in $NO_VPN_LST; do
   /usr/sbin/ip rule add from $excludeip table 200
done
/usr/sbin/ip route add table 200 default via $WAN_GWAY dev brwan metric 100
/usr/sbin/ip route flush cache
exit 0

Anyways, it may or may not help others... helped me!
 
Last edited:

kamoj

Very Senior Member
I have camera's that I do not want to go over the VPN and in the documentation regarding "Bypassing OpenVPN client tunnel", I had to do the following to get it to work.

The script in the docs add the route:
Code:
/usr/sbin/ip route add table 200 default via $WAN_GWAY dev brwan

However, when I look at all gateway variables:
Code:
[email protected]:~$ config show | grep "gateway"
bridge_dhcp_gateway=0.0.0.0
bridge_gateway=0.0.0.0
extender_gateway=0.0.0.0
wan_dhcp_gateway=22.22.22.1
ap_dhcp_gateway=0.0.0.0
lan_gateway=0.0.0.0
wan_gateway=10.0.0.1
ap_gateway=0.0.0.0

... 10.0.0.1 doesn't exist for "wan_gateway", and when ./ovpnclient-up.sh runs, it would not update the table and just errors out with a "netmask 000000ff" error.

The fix was to make 2 changes. Change the WAN_GWAY var, and well as adding "metric 100" to the route:

/etc/openvpn/ovpnclient-up.sh:
Code:
#!/bin/sh

/sbin/ledcontrol -n power -c green -s on

# Don't forget to reserve the list of IPs for exclusion devices on the DHCP server
# Edit the following IP list to bypass the VPN. Seperate individual IP's using a single space between them.

NO_VPN_LST="192.168.1.xx 192.168.1.xx 192.168.1.xx"
WAN_GWAY=`nvram get wan_dhcp_gateway`
for excludeip in $NO_VPN_LST; do
   /usr/sbin/ip rule add from $excludeip table 200
done
/usr/sbin/ip route add table 200 default via $WAN_GWAY dev brwan metric 100
/usr/sbin/ip route flush cache
exit 0

Anyways, it may or may not help others... helped me!
I dont know what "documentation" you are refering to,
but have you read and tried this?:
https://www.snbforums.com/threads/voxel-vpn-connection-problem.50078/page-2#post-446788

(The internal gateway variables are not correct in eg AP mode)
 

saki2fifty

New Around Here
I dont know what "documentation" you are refering to,

Voxel has replied numerous times with "Have you read my documentation?", "There's some really good docs here..", etc. So, his docs. Maybe I should had said "readme".


No, but I will. Thx!

I'm glad I didn't see that post, i've learned a lot about my router. :) (been reading everything I can on his various posts on the various forums)
 

saki2fifty

New Around Here
Ah, this is how you are getting the true WAN_GWAY. Gonna read through it a bit more and make the change...

Code:
WAN_GWAY=`ip route | awk '/^default/{print $3}'`
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top