Domain-based VPN Routing Script

[JAX1337]

You still should be able to make an entry in the dnsmasq.conf add on file that will override DNS queries to the specified DNS Server you want per domain.

Got it , i didnt read the rest of the readme

 

[Ranger802004]

Got it , i didnt read the rest of the readme

No worries, just make sure you use the proper syntax without any extra characters however I would research on how to do DNSMasq entries and specify an alternative DNS Server for your domain to resolve this issue. That would be a solid solution whereas manually adding the IPs is a workaround.

 

[JAX1337]

No worries, just make sure you use the proper syntax without any extra characters however I would research on how to do DNSMasq entries and specify an alternative DNS Server for your domain to resolve this issue. That would be a solid solution whereas manually adding the IPs is a workaround.

Yes i'll do that , sounds interesting

for the time being let me try adding the ips manually
one more q : which editor would you recommend for the same as syntax is very important

 

[Ranger802004]

Yes i'll do that , sounds interesting

for the time being let me try adding the ips manually
one more q : which editor would you recommend for the same as syntax is very important

I use the built in one with WinSCP

 

[JAX1337]

I use the built in one with WinSCP

sure thank you , let me try

 

[JAX1337]

You still should be able to make an entry in the dnsmasq.conf add on file that will override DNS queries to the specified DNS Server you want per domain.

EDIT: If you have to, you can designate the IP of a DNS Server to go over your VPN using VPN Director or OVPN config and then specify that DNS Server in dnsmasq.conf for that particular domain.

i tried both ways but it doesnt seem to work with the domain : rarbg.to .
Once i add the ip manually do i have to run qureypolicy , if i do that it adds the blocked ips again

what am i doing wrong ?

 

[Ranger802004]

i tried both ways but it doesnt seem to work with the domain : rarbg.to .
Once i add the ip manually do i have to run qureypolicy , if i do that it adds the blocked ips again

what am i doing wrong ?

Yes the query needs to run to create the routes, it should run with the cron job as well.

 

[speekkong]

awesome still test it out but seem like it work great, only one suggestion is that the domaintoIP list move to ram location to lessen the flash wear out?

Edit: my crontab seem to keep get del on reboot, wonder if anyone got the same.

 

[Ranger802004]

awesome still test it out but seem like it work great, only one suggestion is that the domaintoIP list move to ram location to lessen the flash wear out?

Edit: my crontab seem to keep get del on reboot, wonder if anyone got the same.

So it actually will write query changes to a copy under /tmp/ and delete any duplicates found and if there are any changes it will update the policy file you referenced, this is necessary to keep track of all queried IPs for a domain because a lot of domains use CNAMES, etc now and you can get different IP Addresses. So flash writes only occur when there are changes detected and not every single query. Cron tabs are deleted on reboots, the script should have added a line to your Openvpn-event file to create the cron job when an openvpn event occurs such as a tunnel going up or down.

 

[Ranger802004]

v0.92-beta - 06/13/2022
- Added option for enabling or disabling Verbose Logging for each Policy, this allows messages such as Querying Policy, etc to not be logged in System Log.
- Added option to edit an existing policy's interface or verbose logging.

 

[Ranger802004]

Published script as v1.0.

Release Notes:
v1.0 - 06/17/2022
- Added option for enabling or disabling Verbose Logging for each Policy, this allows messages such as Querying Policy, etc to not be logged in System Log.
- Added option to edit an existing policy's interface or verbose logging.
- If VPN Director is enabled, routes will now be added to the main routing table.
- Added option for Query Policy All to execute during OpenVPN Events. (If Option is missing run install command again)

 

[speekkong]

So it actually will write query changes to a copy under /tmp/ and delete any duplicates found and if there are any changes it will update the policy file you referenced, this is necessary to keep track of all queried IPs for a domain because a lot of domains use CNAMES, etc now and you can get different IP Addresses. So flash writes only occur when there are changes detected and not every single query. Cron tabs are deleted on reboots, the script should have added a line to your Openvpn-event file to create the cron job when an openvpn event occurs such as a tunnel going up or down.

Thank you for detail reply and your work, its great on my AC68U but on my AC86U maybe crontab didn't work? and I just notice that upgrade required one more key stroke before it could upgrade. Wonder if you could remove that or way to bypass it so I could set it auto upgrade when the router boot?

 

[Ranger802004]

Thank you for detail reply and your work, its great on my AC68U but on my AC86U maybe crontab didn't work? and I just notice that upgrade required one more key stroke before it could upgrade. Wonder if you could remove that or way to bypass it so I could set it auto upgrade when the router boot?

Are you referring to have the script query and build routes as soon as it comes up compared to the cron job? If so, I added this logic during the install phase, rerun the install command (It should not overwrite existing files but should add the line to openvpn-event for the querypolicy all command to run. Also I wanted to avoid auto upgrades, maybe can add it as a function later on but controlled upgrades I feel are best for these things.

 

[speekkong]

Yeah I want to auto all on startup because the VPN enable on start up, If I restart and hours later come back to check, it didn't run or something, I use https://browserleaks.com/ip to track when it not work, it return my t-mobile ip and when it didn't, and it show my vpn ip when it did. Anyway I just upgrade to the newest v1, hope that fix the problem.

 

[Ranger802004]

Yeah I want to auto all on startup because the VPN enable on start up, If I restart and hours later come back to check, it didn't run or something, I use https://browserleaks.com/ip to track when it not work, it return my t-mobile ip and when it didn't, and it show my vpn ip when it did. Anyway I just upgrade to the newest v1, hope that fix the problem.

Look in your openvpn-event script, do you seen an entry for the domain_vpn_routing.sh querypolicy all & cron?

 

[speekkong]

yes it does have. and look like there 2 duplicate.

sh /jffs/scripts/domain_vpn_routing.sh cron # domain_vpn_routing

sh /jffs/scripts/domain_vpn_routing.sh querypolicy all # domain_vpn_routing

sh /jffs/scripts/domain_vpn_routing.sh querypolicy all # domain_vpn_routing_queryall

still couldn't figure why it didn't work.

 

[Ranger802004]

yes it does have. and look like there 2 duplicate.

sh /jffs/scripts/domain_vpn_routing.sh cron # domain_vpn_routing

sh /jffs/scripts/domain_vpn_routing.sh querypolicy all # domain_vpn_routing

sh /jffs/scripts/domain_vpn_routing.sh querypolicy all # domain_vpn_routing_queryall

still couldn't figure why it didn't work.

Delete middle one, not sure how that got there, I’ll review but do you have other items in your OpenVPN-event script? What happens if you execute it manually?

 

[speekkong]

Yup del the mid one now, that is all there is. Manually execute work like it intended. I did upgrade to the beta firmware like a days before v1 release but I remember it all the same, need to manually run the script to get it running.

 

[Ranger802004]

Yup del the mid one now, that is all there is. Manually execute work like it intended. I did upgrade to the beta firmware like a days before v1 release but I remember it all the same, need to manually run the script to get it running.

After running openvpn-event manually can you send me the output of this command:

cru l

 

[speekkong]

return on empty, both before and after, so it break somewhere even without reboot the device. I just play with few hours and just notice that it didn't engage. This only happen to the AC86U, so it might be device relate?