What's new

Need som help with vpn-ip number order

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

octopus

Part of the Furniture
Need som help/suggestions to get this working.
I use this script to monitor endpoint vpn-ipnumber.
I have two vpn-clients running, 1 and 3 and depending how it starts up I get display 1/ 2 in defferent order.
Also is doesn't matter if I use ovpnc1 or 3 I get same result in both way.
I wan't to use vpnclient-1 always been used/displayed.
Have someone any brilliant sulution?

Code:
cantshow1="Can't show vpnroute-ip 1"
cantshow2="Can't show vpnroute-ip 2"
display=$(ip route show table ovpnc1 | grep "via $(nvram get wan0_gateway)" | awk -F' ' '{print $1}')
display1=$(echo $display | cut -d' ' -f2)
if [ -z "$display1" ]; then
display1=$cantshow1
fi
echo $display1

display2=$(echo $display | cut -c 1-14)
if [ -z "$display2" ]; then
display2=$cantshow2
fi
echo $display2

Code:
octopus@RT-AC68U:/tmp/home/root# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
193.187.91.199  gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
158.xxx.xxx.1  *               255.255.255.255 UH    0      0        0 eth0
217.64.148.49   gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
10.8.30.0       *               255.255.255.0   U     0      0        0 tun22
192.168.12.0    *               255.255.255.0   U     0      0        0 br0
158.xxx.xxx.0   *               255.255.252.0   U     0      0        0 eth0
10.128.0.0      *               255.255.0.0     U     0      0        0 tun11
10.129.0.0      *               255.255.0.0     U     0      0        0 tun13
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         gw11.A444.priv. 0.0.0.0         UG    0      0        0 eth0
 
Last edited:
Need som help/suggestions to get this working.
I use this script to monitor endpoint vpn-ipnumber.
I have two vpn-clients running, 1 and 3 and depending how it starts up I get display 1/ 2 in defferent order.
Also is doesn't matter if I use ovpnc1 or 2 I get same result in both way.
I wan't to use vpnclient-1 always been used/displayed.
Have someone any brilliant sulution?

Code:
cantshow1="Can't show vpnroute-ip 1"
cantshow2="Can't show vpnroute-ip 2"
display=$(ip route show table ovpnc1 | grep "via $(nvram get wan0_gateway)" | awk -F' ' '{print $1}')
display1=$(echo $display | cut -d' ' -f2)
if [ -z "$display1" ]; then
display1=$cantshow1
fi
echo $display1

display2=$(echo $display | cut -c 1-14)
if [ -z "$display2" ]; then
display2=$cantshow2
fi
echo $display2

Code:
octopus@RT-AC68U:/tmp/home/root# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
193.187.91.199  gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
158.xxx.xxx.1  *               255.255.255.255 UH    0      0        0 eth0
217.64.148.49   gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
10.8.30.0       *               255.255.255.0   U     0      0        0 tun22
192.168.12.0    *               255.255.255.0   U     0      0        0 br0
158.xxx.xxx.0   *               255.255.252.0   U     0      0        0 eth0
10.128.0.0      *               255.255.0.0     U     0      0        0 tun11
10.129.0.0      *               255.255.0.0     U     0      0        0 tun13
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         gw11.A444.priv. 0.0.0.0         UG    0      0        0 eth0

Definitely not a "brilliant" solution as you requested, but perhaps my ugly hack meets your main criteria?
e.g. The status of both VPN Client 1 and VPN Client 3 is always displayed in ascending order.
Code:
PRIMARY=1;SECONDARY=3;INDEX=$PRIMARY
ACTIVE=$(ip route | sort -k3 | grep -E tun1[${PRIMARY}"|"${SECONDARY}"]" | cut -d" " -f1,3)
if [ -n "$ACTIVE" ];then
   echo "" >/tmp/$$
   echo "$ACTIVE" | while read LINE
      do
         [ -n "$(echo "$LINE" | grep "tun1"$INDEX)" ] && { echo -e "\n\t"$LINE"\n"; echo $INDEX >/tmp/$$; } || { echo -e "\a\n\tCan't show vpnroute-ip" $INDEX"\n"; echo  -e "\t"$LINE"\n"; }
         INDEX=$SECONDARY
      done
      [ "$(cat /tmp/$$)" == "$PRIMARY" ] && echo -e "\n\tCan't show vpnroute-ip $SECONDARY\n"
      rm /tmp/$$ 2>/dev/null
else
   echo -e "\a\n\tCan't show vpnroute-ip $PRIMARY\n\tCan't show vpnroute-ip $SECONDARY\n"
fi
 
Last edited:
Thank you
I have tested and get this answere:
Code:
10.128.0.0/16 tun11
10.129.0.0/16 tun13
But it's not what I'm out after.

It's respond from this:
Code:
ip route show table ovpnc1 | grep "via $(nvram get wan0_gateway)" | awk -F' ' '{print $1}'
193.187.91.199
217.64.148.69
Which can come in different order in chain.
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
193.187.91.199  gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
158.xxx.xxx.1  *               255.255.255.255 UH    0      0        0 eth0
217.64.148.49   gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
 
Thank you
I have tested and get this answere:
Code:
10.128.0.0/16 tun11
10.129.0.0/16 tun13
But it's not what I'm out after.

It's respond from this:
Code:
ip route show table ovpnc1 | grep "via $(nvram get wan0_gateway)" | awk -F' ' '{print $1}'
193.187.91.199
217.64.148.69
Which can come in different order in chain.
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
193.187.91.199  gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
158.xxx.xxx.1  *               255.255.255.255 UH    0      0        0 eth0
217.64.148.49   gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
OK, just to clarify.

For all of my VPN Clients, I use 'Redirect Internet traffic=Policy Rules (strict)' so the following command you supplied
Code:
ip route show table ovpnc? | grep "via $(nvram get wan0_gateway)" | awk -F' ' '{print $1}'
always returns NULL :confused: and there are no 'VPN Client eth0' entries created in the 'route' table.

However, if I set 'Redirect Internet traffic=Policy Rules', then
Code:
ip route show table ovpnc? | grep "via $(nvram get wan0_gateway)" | awk -F' ' '{print $1}'
now produces output. :)

So it appears that when a VPN Client initialises, a new entry for 'eth0' appears in the 'route' table
e.g. your two VPN Clients are ACTIVE
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
193.187.91.199  gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
217.64.148.49   gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
but there is no way to determine which VPN actually owns the destination Gateway IP address entry above.

i.e. you want to know which VPN Client instance created say entry 193.187.91.199 ?

Is this correct?
 
Last edited:
OK, just to clarify.
i.e. you want to know which VPN Client instance created say entry 193.187.91.199 ?
Is this correct?

Yes, to both. I want to make sure they come in right order every time so I can use one for eg vpn client1.
Strange is when use "ip route show table ovpnc1" it shows both ip-number.
I think if they come in order below it's only display vpnclients1 ip-number by ovpnc1.

Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
158.xxx.xxx.1  *                255.255.255.255 UH    0      0        0 eth0
217.64.148.49   gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
193.187.91.199  gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
 
OK, just to clarify.

For all of my VPN Clients, I use 'Redirect Internet traffic=Policy Rules (strict)' so the following command you supplied
Code:
ip route show table ovpnc? | grep "via $(nvram get wan0_gateway)" | awk -F' ' '{print $1}'
always returns NULL :confused: and there are no 'VPN Client eth0' entries created in the 'route' table.

However, if I set 'Redirect Internet traffic=Policy Rules', then
Code:
ip route show table ovpnc? | grep "via $(nvram get wan0_gateway)" | awk -F' ' '{print $1}'
now produces output. :)

So it appears that when a VPN Client initialises, a new entry for 'eth0' appears in the 'route' table
e.g. your two VPN Clients are ACTIVE
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
193.187.91.199  gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
217.64.148.49   gw11.A444.priv. 255.255.255.255 UGH   0      0        0 eth0
but there is no way to determine which VPN actually owns the destination Gateway IP address entry above.

i.e. you want to know which VPN Client instance created say entry 193.187.91.199 ?

Is this correct?

Hi
I have done some more testing and have some questions.
I detect CN= in vpnclient-1.log and get answer and that is right ip-number. Howe to use nslookup with this "cat" string?
Code:
cat /tmp/vpnclient-1.log | grep -E -m 1 "CN=v" | awk -F' ' '{print $9}' | cut -d '=' -f2
Code:
vpn20.prd.kista.ovpn.com

Ok got it:
Code:
CN="$(cat /tmp/vpnclient-1.log | grep -E -m 1 "CN=v" | awk -F' ' '{print $9}' | cut -d '=' -f2)"; echo $CN

This working:
Code:
CN="$(cat /tmp/vpnclient-1.log | grep -E -m 1 "CN=v" | awk -F' ' '{print $9}' | cut -d '=' -f2)"
nslookup "$CN" | grep -woE '([0-9]{1,3}\.){3}[0-9]{1,3}' | awk 'NR>2'
217.xx.xxx.58

Edit: Is't any other way to monitor "CN=" other then vpn-client-log?
 
Last edited:

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top