Domain-based VPN Routing Script

Ranger802004

Very Senior Member
What exactly to test Domain-based VPN Routing or Dual WAN Failover?
Domain-based VPN Routing, your testing on WAN Failover has been great and I think the script is now ready for a production update.
 

lbtboy

Regular Contributor
Domain-based VPN Routing, your testing on WAN Failover has been great and I think the script is now ready for a production update.
Tested, does not work according to the principle of VPN Director (higher-level rule). Traffic for the desired site also goes through a VPN where a local device is added via tun12. Well then I will use VPN Director by recognizing IP by domain name and adding one by one or ranges
 

Ranger802004

Very Senior Member
Tested, does not work according to the principle of VPN Director (higher-level rule). Traffic for the desired site also goes through a VPN where a local device is added via tun12. Well then I will use VPN Director by recognizing IP by domain name and adding one by one or ranges
Alright, thank you for testing this! Once I’m finished with v1.5.5 for WAN Failover I will begin improving this tool.
 

JAX1337

Regular Contributor
What was the issue?
It had to do with the way I was using pihole's DNS
basically, it was supposed to work like Router > Pihole > VPN Director > Nord VPN
but since I had configured the DNS in DHCP server, it was going like Router >Pihole > Router in a loop
and my router was literally hitting pihole with, 10000+ queries per sec with no DNS resolution when I tried to do policy routing in VPN DIrector

so what I did was

Code:
Added Pihole DNS  to DHCP server on both fields

Added Pihole DNS to Wan (for DOT purposes only)

Set DNS Filter to router

Modified Unbound DNS config to use stubby for DNSSEC

Added a DNS Filter entry for Pihole and set it to no filtering

Added VPN director entry

And everything seem to work flawlessly now, checked DNSSEC as well everything looks secure.
 

Ranger802004

Very Senior Member
I will begin revising this script later this week for a beta.
 

Ranger802004

Very Senior Member
v1.3-beta Release: To use the beta use the following command to replace your production version of the script.
Code:
/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vpn_routing/domain_vpn_routing_v1.3-beta.sh" -o "/jffs/scripts/domain_vpn_routing.sh" && chmod 755 /jffs/scripts/domain_vpn_routing.sh

To revert back to production release:
Code:
/jffs/scripts/domain_vpn_routing.sh update

To use new functions:
Use parameter "deleteip" for new Delete IP Function. Example: /jffs/scripts/domain_vpn_routing.sh deleteip 192.168.1.1
To configure new Private IP Address exclusion/inclusion setting for a policy, use the Edit Policy parameter "editpolicy". ***NOTE: Default behavior will include Private IPs***

Release Notes:
v1.3-beta
- Added Delete IP Function, this is to delete IPs not desired to be routed by the script. ***This will not prevent the IP from being queried again***
- Created routingdirector function to handle all functions determination of creating routes / IP rules for queried IPs.
- Added configuration option for including or excluding Private IP Addresses per Policy.
- If VPN Director is enabled for an OpenVPN Interface, IP Rules will be created for queried IPv4 Addresses.
- Corrected spelling error for "adddomain" in script menu.
- Decreased Cron Job frequency to every 15 minutes.
 

lbtboy

Regular Contributor
v1.3-beta Release: To use the beta use the following command to replace your production version of the script.
Code:
/usr/sbin/curl -s "https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vpn_routing/domain_vpn_routing_v1.3-beta.sh" -o "/jffs/scripts/domain_vpn_routing.sh" && chmod 755 /jffs/scripts/domain_vpn_routing.sh

To revert back to production release:
Code:
/jffs/scripts/domain_vpn_routing.sh update

To use new functions:
Use parameter "deleteip" for new Delete IP Function. Example: /jffs/scripts/domain_vpn_routing.sh deleteip 192.168.1.1
To configure new Private IP Address exclusion/inclusion setting for a policy, use the Edit Policy parameter "editpolicy". ***NOTE: Default behavior will include Private IPs***

Release Notes:
v1.3-beta
- Added Delete IP Function, this is to delete IPs not desired to be routed by the script. ***This will not prevent the IP from being queried again***
- Created routingdirector function to handle all functions determination of creating routes / IP rules for queried IPs.
- Added configuration option for including or excluding Private IP Addresses per Policy.
- If VPN Director is enabled for an OpenVPN Interface, IP Rules will be created for queried IPv4 Addresses.
- Corrected spelling error for "adddomain" in script menu.
- Decreased Cron Job frequency to every 15 minutes.
It now works perfectly according to the VPN Director principle (a higher-level rule) if two VPN tunnels are used. Even if the device is completely instructed to go through one tunnel, but at the same time it is necessary for a certain site to go through another in beta 1.3 this works. Great job, keep it up.
 

ugandy

Very Senior Member
thanks for the script! working well on my router.
are the rules supposed to show on the router gui vpn director page?
 

Ranger802004

Very Senior Member
thanks for the script! working well on my router.
are the rules supposed to show on the router gui vpn director page?
Negative, it doesn’t utilize the vpn director but it shares concept. You can view policies you created using the showpolicy command, review the readme for full instructions.
 

ugandy

Very Senior Member
Negative, it doesn’t utilize the vpn director but it shares concept. You can view policies you created using the showpolicy command, review the readme for full instructions.


thanks.
what is the "Private IP" option? i didn't see it covered on the readme notes
 

Ranger802004

Very Senior Member
thanks.
what is the "Private IP" option? i didn't see it covered on the readme notes
That is because it only exists in the beta release at this time but it keeps a policy from querying Private IP addresses
 

Ranger802004

Very Senior Member
v1.3 has been published, refer to original post for updating and release notes!

@ugandy readme has been updated as well.
 

Ranger802004

Very Senior Member
Is it possible to make it so that you can configure how often Cron Job frequency?
I have considered doing this but had more important issues to resolve first so possibly down the road.
 

Ranger802004

Very Senior Member

lbtboy

Regular Contributor
Are you saying the options to route to specific WAN interfaces?
I speak simply and directly by analogy with VPN Director as in the screenshot. And how it works, I honestly don't know, separately WAN0 and WAN1 or only WAN0. I think VPN Director works on the principle of an active WAN.
 

Attachments

  • ASUS Wireless Router RT-AX88U - VPN Director - 192.168.1.1 - 27.07.2022_09_19_41.jpg
    ASUS Wireless Router RT-AX88U - VPN Director - 192.168.1.1 - 27.07.2022_09_19_41.jpg
    214.2 KB · Views: 48
Last edited:

Ranger802004

Very Senior Member
I speak simply and directly by analogy with VPN Director as in the screenshot. And how it works, I honestly don't know, separately WAN0 and WAN1 or only WAN0. I think VPN Director works on the principle of an active WAN.
Yea I get the purpose, if you are redirecting all traffic over VPN but want to make exceptions, I'll look into it on a later iteration. I'm sure I can make it happen.
 

lbtboy

Regular Contributor
Yea I get the purpose, if you are redirecting all traffic over VPN but want to make exceptions, I'll look into it on a later iteration. I'm sure I can make it happen.
Yes. As you did last time with a VPN about what I asked. For example, all traffic for the device 192.168.1.33 goes through ovpn2, but traffic for the google,com site needs to be sent through ovpn1 (you've done this, it works fine), and traffic for the site www.amazon.com we need to let it through the wan. That's how you need it and it will be a complete analogy of VPN Director, but according to domain names, I think there will be an ideal script.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top