how to use openvpn-event ?

[RiccardoS]

I have some trouble on how to code a openvpn-event script.

What I want to do is create a series of routing rules that are used only when the VPN is active.
So only when the VPN is active all the IPs are routed on the VPN.
And when the VPN is disabled all the routing rules come back to their original configuration

How can I do?

 

[janosek]

that should be the current default behavior of openvpn

 

[dodava]

openvpn-event gets called when events happen for both the server and the client, so you need to check that the event is for the tunnel you are worried about. The code below performs actions when the 1st client connection, tun11, either goes up or down. If you are worried about the 2nd client connection than change tun11 to tun12. Place the commands you want to run between the "then" and "fi" of each if statement.

#!/bin/sh
if [ $script_type == "up" -a $vpn_interface == "tun11" ];
then

fi

if [ $script_type == "down" -a $vpn_interface == "tun11" ];
then

fi

 

[RiccardoS]

thanks dodava

But i have another trouble.

I use the Janosek's script for routing same IP on VPN and other on the normal internet

#!/bin/sh

touch /tmp/000wanstarted

for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
echo 0 > $i
done



#US VPN

#
# Delete and table 100 and flush any existing rules if they exist.
#
ip route flush table 100
ip route del default table 100
ip rule del fwmark 1 table 100
ip route flush cache
iptables -t mangle -F PREROUTING



#
# Copy all non-default and non-VPN related routes from the main table into table 100.
# Then configure table 100 to route all traffic out the WAN gateway and assign it mark "1"
#
# NOTE: Here I assume the OpenVPN tunnel is named "tun11".
#
#
#ip route show table main | grep -Ev ^default | grep -Ev tun11 \
# | while read ROUTE ; do
# ip route add table 100 $ROUTE
# done



ip route add default table 100 via $(nvram get wan_gateway)
ip rule add fwmark 1 table 100
ip route flush cache



#
# Define the routing policies for the traffic. The rules will be applied in the order that they
# are listed. In the end, packets with MARK set to "0" will pass through the VPN. If MARK is set
# to "1" it will bypass the VPN.
#



# All LAN traffic will bypass the VPN (Useful to put this rule first, so all traffic bypasses the VPN and you can # configure exceptions afterwards)

iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1


# All traffic from NAS will use US VPN
iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.1.2 -j MARK --set-mark 0


exit 0

but I have some difficulties about it.
I configured the script so that only my NAS uses the VPN, and this works

But how can I be sure that the NAS does not start to use "Normal internet" if the VPN goes down ?
Maybe put the script in openvpn-event is not the right solution?
Maybe i better to put it in wan-start ?

What I do is that my NAS always use the VPN when it is ON, and do not use the "normal internet connection" if I turn off the VPN or VPN goes down alone for some reason.

Can you help me please.