DomainVPNRouting Domain VPN Routing Question

[Armandooooo]

Hello,

@Ranger802004, I believe I understand the purpose of the script, but just to be sure, I put my use case. I am in Australia and I am French, and I would like to watch so French catch-up tv. I have a VPN in France that works, however when I setup the VPN through VPN director it re-routes all traffic from a device to an IP but not to a URL. Hence I would like to use this scripts so all my devices can be routed through my VPN only to access the url tf1.fr (I tried to look at all IP for tf1.fr, but they are changing frequently). All other traffic should not go through the VPN.

I have enable SSH in the administration and Enable JFFS custom scripts and configs. I logged into the router in SSH and run amtm, use the i option to display the available scripts and use amtm to install the script. Then I had to reboot.

I then created a domain -> create policy -> tf1 -> ovpnc1 -> enable verbose: No (no idean what I would use this for, if you can advise) -> Enable Private IP for this Policy : No (I have no idea if I should say yes or no there, if you can advise)

I added the domain -> tf1.fr -> policy tf1 and that is it.

I have no idea what cron is for and if this is required (what is the use of it?).

And may VPN is set enabling rules for VPN director without any rules. I am not sure if these are what is expected.

After that I have tested the site tf1.fr and it does not display anything (site not available outside france) which is the sign it does not work at all.

Thank you for the help.

 

[Armandooooo]

@Ranger802004 , the official thread for the script is locked (because of inactivity for the past 6 month, so I cannot add my question there, hence I have created that new one.

 

[Armandooooo]

Hi

@JAX1337 ,@amigohd ,@speekkong ,@lbtboy , would any of you help me make this work?

Thank you,
Armand

 

[ugandy]

use ping or traceroute to make sure you are going through the vpn first

 

[kuki68ster]

Hello,

@Ranger802004, I believe I understand the purpose of the script, but just to be sure, I put my use case. I am in Australia and I am French, and I would like to watch so French catch-up tv. I have a VPN in France that works, however when I setup the VPN through VPN director it re-routes all traffic from a device to an IP but not to a URL. Hence I would like to use this scripts so all my devices can be routed through my VPN only to access the url tf1.fr (I tried to look at all IP for tf1.fr, but they are changing frequently). All other traffic should not go through the VPN.

I have enable SSH in the administration and Enable JFFS custom scripts and configs. I logged into the router in SSH and run amtm, use the i option to display the available scripts and use amtm to install the script. Then I had to reboot.

I then created a domain -> create policy -> tf1 -> ovpnc1 -> enable verbose: No (no idean what I would use this for, if you can advise) -> Enable Private IP for this Policy : No (I have no idea if I should say yes or no there, if you can advise)

I added the domain -> tf1.fr -> policy tf1 and that is it.

I have no idea what cron is for and if this is required (what is the use of it?).

And may VPN is set enabling rules for VPN director without any rules. I am not sure if these are what is expected.

After that I have tested the site tf1.fr and it does not display anything (site not available outside france) which is the sign it does not work at all.

Thank you for the help.

Hi there,

For these cases I end up using controld, it works usually well enough for me… Check the pics… I am in Angola, i setup controld, and I was able to access the site (before I tried, and it was blocked)…

In the case you want to use the script, first check that your VPN is not blacklisted, second install the script and create the policy, add the domains (tf1.fr) and run querypolicy to find the IP's and to create the routes necessary…. Give a few runs to catch and build all the routes necessary to access the site… Be patient…

Cron is used to “Create the Cron Jobs to automate Query Policy functionality.”

Please read this: https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vpn_routing/readme.txt

It will help you understand…

 

[kuki68ster]

Hello,

@Ranger802004, I believe I understand the purpose of the script, but just to be sure, I put my use case. I am in Australia and I am French, and I would like to watch so French catch-up tv. I have a VPN in France that works, however when I setup the VPN through VPN director it re-routes all traffic from a device to an IP but not to a URL. Hence I would like to use this scripts so all my devices can be routed through my VPN only to access the url tf1.fr (I tried to look at all IP for tf1.fr, but they are changing frequently). All other traffic should not go through the VPN.

I have enable SSH in the administration and Enable JFFS custom scripts and configs. I logged into the router in SSH and run amtm, use the i option to display the available scripts and use amtm to install the script. Then I had to reboot.

I then created a domain -> create policy -> tf1 -> ovpnc1 -> enable verbose: No (no idean what I would use this for, if you can advise) -> Enable Private IP for this Policy : No (I have no idea if I should say yes or no there, if you can advise)

I added the domain -> tf1.fr -> policy tf1 and that is it.

I have no idea what cron is for and if this is required (what is the use of it?).

And may VPN is set enabling rules for VPN director without any rules. I am not sure if these are what is expected.

After that I have tested the site tf1.fr and it does not display anything (site not available outside france) which is the sign it does not work at all.

Thank you for the help.

Please follow the steps below:

Creating a Policy:
Step 1: Create a policy by running the following command: /jffs/scripts/domain_vpn_routing.sh createpolicy

Step 2: Select a name for the Policy (Case Sensitive).
Example: tf1

Step 3: Select an existing OpenVPN Interface. Type the name of the interface as displayed.

Step 4: Select to enable or disable Verbose Logging for the Policy (Disable if not needed : Verbose Logging records as much information as possible about events that happen on a system while software is running)

Step 5: Select to enable or disable Private IP Addresses (This allows or disallow Private IP Addresses from being added to the policy rules when queried). Disable

Step 6: Policy is created, proceed to Section: Adding a Domain.

Adding a Domain:
Step 1: Add a domain to an existing policy by running the following command: /jffs/scripts/domain_vpn_routing.sh adddomain <Insert Domain>
Example: /jffs/scripts/domain_vpn_routing.sh adddomain tf1.fr

Step 2: Select a policy from the list provided by typing the name of the Policy (Case Sensitive).

Step 3: Domain is added to Policy, proceed to Section: Querying a Policy.

Querying a Policy:
- Query a Policy or All Policies by using the following command: /jffs/scripts/domain_vpn_routing.sh querypolicy <Insert Policy/all>
Example: /jffs/scripts/domain_vpn_routing.sh querypolicy all
Note: Cron Job is created to query all policies every 5 minutes.

 

[Ranger802004]

Hi there,

For these cases I end up using controld, it works usually well enough for me… Check the pics… I am in Angola, i setup controld, and I was able to access the site (before I tried, and it was blocked)…

In the case you want to use the script, first check that your VPN is not blacklisted, second install the script and create the policy, add the domains (tf1.fr) and run querypolicy to find the IP's and to create the routes necessary…. Give a few runs to catch and build all the routes necessary to access the site… Be patient…

Cron is used to “Create the Cron Jobs to automate Query Policy functionality.”

Please read this: https://raw.githubusercontent.com/Ranger802004/asusmerlin/main/domain_vpn_routing/readme.txt

It will help you understand…

I 2nd this

 

[Armandooooo]

Fantastic!! I will give it a try today
I am very happy right now. Hopefully I can make it work now.

 

[Armandooooo]

At the moment it is unsuccessful, and I don't really understand why. In order to avoid anything related to ban, and better control the test, I have selected 2 websites that will show where I am connected (location):

• whatismyipaddress.com
• speedtest.net

My intent is to achieve a different result as the current location from those 2 websites once the policy is running. I am also using Brave/Chrome as browser and I know every time I change any parameter related to the VPN, I have to navigate to "chrome://net-internals" and do the following :

• clear bad proxies
• clear host cache
• close idle sockets
• flush sockets pools
• clear all shared dictionary

Positive Control:
All policies removed.
When I disable the OpenVPN I can see clearly both sites identifying myself in Australia
When I enable the OpenVPN I can see clearly both sites identifying myself in France
Great! My OpenVPN connection is working properly.

Creation of the policy:

1. I created a policy called: Test - ovpnc1 - Verbose: N - Private IP: N
2. I added a domain to the policy: speetest.net - 2: Test
3. I queried the policy
4. Confirmed cron is working

Result copied from the view policy function:
Policy Name: Test
Interface: ovpnc1
Verbose Logging: Disabled
Private IP Addresses: Disabled
Domains:
speedtest.net

Tests:

I tried different things without success:

1. ovpnc1 configured without VPN director (redirect all)
2. ovpnc1 configured with VPN director but no rules entered in the VPN director section
3. ovpnc1 configured with VPN director with 1 rule directing all clients to be connected to WAN
4. ovpnc1 configured with VPN director with 1 rule directing all clients to be connected to OVPN1

The 2 websites are always showing identical locations, however it switches both from France to Australia depending on the case.

I am not sure what configuration need to be set in VPN director, or if it is ever required. It does not seem to work for me.

Side Notes:

#1: I have use amtm to install the domain_vpn_routing script and I have configured the policy and domains through the menu by launching straight domain_vpn_routing from the command line in ssh.

#2: After having deleted an existing policy, created a new policy instead and assigned the same domain to the new policy twice, I had an error message saying that the new domain was already added to the old policy. The query function did not work after that. Deleting all policies did not fixed this, like it cached the old policy. I had to deleted all policies again AND to reboot the router to make the configuration work. If you want more detailed steps I can spend more time on this.

 

[kuki68ster]

At the moment it is unsuccessful, and I don't really understand why. In order to avoid anything related to ban, and better control the test, I have selected 2 websites that will show where I am connected (location):

• whatismyipaddress.com
• speedtest.net

My intent is to achieve a different result as the current location from those 2 websites once the policy is running. I am also using Brave/Chrome as browser and I know every time I change any parameter related to the VPN, I have to navigate to "chrome://net-internals" and do the following :

• clear bad proxies
• clear host cache
• close idle sockets
• flush sockets pools
• clear all shared dictionary

Positive Control:
All policies removed.
When I disable the OpenVPN I can see clearly both sites identifying myself in Australia
When I enable the OpenVPN I can see clearly both sites identifying myself in France
Great! My OpenVPN connection is working properly.

Creation of the policy:

1. I created a policy called: Test - ovpnc1 - Verbose: N - Private IP: N
2. I added a domain to the policy: speetest.net - 2: Test
3. I queried the policy
4. Confirmed cron is working

Result copied from the view policy function:
Policy Name: Test
Interface: ovpnc1
Verbose Logging: Disabled
Private IP Addresses: Disabled
Domains:
speedtest.net

Tests:

I tried different things without success:

1. ovpnc1 configured without VPN director (redirect all)
2. ovpnc1 configured with VPN director but no rules entered in the VPN director section
3. ovpnc1 configured with VPN director with 1 rule directing all clients to be connected to WAN
4. ovpnc1 configured with VPN director with 1 rule directing all clients to be connected to OVPN1

The 2 websites are always showing identical locations, however it switches both from France to Australia depending on the case.

I am not sure what configuration need to be set in VPN director, or if it is ever required. It does not seem to work for me.

Side Notes:

#1: I have use amtm to install the domain_vpn_routing script and I have configured the policy and domains through the menu by launching straight domain_vpn_routing from the command line in ssh.

#2: After having deleted an existing policy, created a new policy instead and assigned the same domain to the new policy twice, I had an error message saying that the new domain was already added to the old policy. The query function did not work after that. Deleting all policies did not fixed this, like it cached the old policy. I had to deleted all policies again AND to reboot the router to make the configuration work. If you want more detailed steps I can spend more time on this.

View attachment 58352
View attachment 58353
View attachment 58354
View attachment 58355

Setup your dns vpn like i did below, and try again...

 

[Armandooooo]

I tried the following with VPN Director & DNS Exclusive:

1. No VPN Director Rules
   1. Speedtest.net = Australia
   2. whatismyipaddress.com = Australia
2. Only 1 rule with no local IP, no remote IP, interface WAN
   1. Speedtest.net = Australia
   2. whatismyipaddress.com = Australia
3. Only 1 rule with no local IP, no remote IP, interface ovpn1
   1. Speedtest.net = France
   2. whatismyipaddress.com = France

I don't understand how the script and VPN director work together. It feels like the script does not run on my side.

 

[kuki68ster]

I tried the following with VPN Director & DNS Exclusive:

1. No VPN Director Rules
   1. Speedtest.net = Australia
   2. whatismyipaddress.com = Australia
2. Only 1 rule with no local IP, no remote IP, interface WAN
   1. Speedtest.net = Australia
   2. whatismyipaddress.com = Australia
3. Only 1 rule with no local IP, no remote IP, interface ovpn1
   1. Speedtest.net = France
   2. whatismyipaddress.com = France

I don't understand how the script and VPN director work together. It feels like the script does not run on my side.

Have you tried the controld option?

 

[Armandooooo]

I have looked at it, however it kinds of defeat the original purpose. I can install an OpenVPN client to each computer I want to use the VPN and manually connect and disconnect them. With the script it should be seamless as only the url that would be identify would use the VPN.

 

[Ranger802004]

I tried the following with VPN Director & DNS Exclusive:

1. No VPN Director Rules
   1. Speedtest.net = Australia
   2. whatismyipaddress.com = Australia
2. Only 1 rule with no local IP, no remote IP, interface WAN
   1. Speedtest.net = Australia
   2. whatismyipaddress.com = Australia
3. Only 1 rule with no local IP, no remote IP, interface ovpn1
   1. Speedtest.net = France
   2. whatismyipaddress.com = France

I don't understand how the script and VPN director work together. It feels like the script does not run on my side.

Try testing with https://ip.me, it's a lot easier for testing what your IP is because only the single domain needs to be added to the policy. As far as speedtest, when you select a server it connects to a different address/IP to perform the speedtest different than the root website you access.

 

[Armandooooo]

Hi, I have changed now from speedtest.net to ip.me:
Policy Name: Test
Interface: ovpnc1
Verbose Logging: Disabled
Private IP Addresses: Disabled
Domains:
ip.me

And the result is what is expected:

1. No VPN Director Rules
   1. ip.me = France
   2. whatismyipaddress.com = Australia

Does that mean it cannot work on websites like google, netflix... I mean the big ones which changes ip address everytime you query it? I thought that was the purpose of the cron scheduler, isn't it?

 

[Armandooooo]

Alright, I have finally found the issue. If, in the script, I enter the domain "tf1.fr" it does not work, however, if I enter "www.tf1.fr" then it works. I would not image that this would be different, but I got that confirmed when I pinged the 2 url (with or without www) and it returns a different IP address.

I learnt a lot, thank you very much!

 

[Ranger802004]

Alright, I have finally found the issue. If, in the script, I enter the domain "tf1.fr" it does not work, however, if I enter "www.tf1.fr" then it works. I would not image that this would be different, but I got that confirmed when I pinged the 2 url (with or without www) and it returns a different IP address.

I learnt a lot, thank you very much!

Ah yes, I’ve ran into that problem a few times.

 

[Armandooooo]

Interestingly, if anyone like me wants to use tf1.fr replay using OpenVPN, then the following domain should be added:
Policy Name: TF1
Interface: ovpnc1
Verbose Logging: Disabled
Private IP Addresses: Disabled
Domains:
mediainfo.tf1.fr
www.tf1.fr

There is no need to add any rules in VPN Director, and my DNS is set to exclusive.

 

[Armandooooo]

Just as an information, to watch the video, the domain mediainfo.tf1.fr is actually the one being used to identify the location. I had to use the developer tab of Chrome/Brave and monitor the network to find that domain. That may be useful for some folks who are trying to do the same.

 

[Ranger802004]

Just as an information, to watch the video, the domain mediainfo.tf1.fr is actually the one being used to identify the location. I had to use the developer tab of Chrome/Brave and monitor the network to find that domain. That may be useful for some folks who are trying to do the same.

I use IPFoo browser add on to find domains to add via the browser.