Menu
What's new
By:
Filters Better Search

Need to Block DHCP from traveling across site-to-site TAP VPN Tunnel.

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Pej5 said:
Thanks, but I was hoping that I simply had to add a line to the "Custom Configuration" section of the VPN Client. I am using Merlin software for its richer VPN functionality, but I have only configured through the GUI. I don't even know where to begin to find the script area let alone add/edit. I cannot seem to find it on my ASUS router. I am running 384.14_2 code
Click to expand...
Well, you have to make some study. With the gui you won't go anywhere...
 
Adding this here so I don't have to 'make study' every time I forget what I did...

0. On the client router, enable SSH access in the Administration->System->Service menu if not enabled yet, Apply changes.
1. Connect to the client router's console via ssh and check your script file directory:
Code: 
admin@RT-AX56U:/# ls -la /jffs/scripts
drwxr-xr-x    2 admin    root             0 Dec  4 11:41 .
drwxr-xr-x   14 admin    root             0 Dec  4 11:15 ..
2. Create (or edit via 'vi' if it already exists!) your firewall-start script file:
Code: 
admin@RT-AX56U:/# cat > /jffs/scripts/firewall-start <<EOF
#!/bin/sh
ebtables -A INPUT --in-interface tap+ --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap+ --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap+ --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap+ --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
EOF
admin@RT-AX56U:/# ls -la /jffs/scripts
drwxr-xr-x    2 admin    root             0 Dec  4 11:36 .
drwxr-xr-x   14 admin    root             0 Dec  4 11:15 ..
-rw-rw-rw-    1 admin    root           438 Dec  4 11:38 firewall-start
3. Make the new file executable:
Code: 
admin@RT-AX56U:/# chmod a+x /jffs/scripts/firewall-start
admin@RT-AX56U:/# ls -la /jffs/scripts
drwxr-xr-x    2 admin    root             0 Dec  4 11:36 .
drwxr-xr-x   14 admin    root             0 Dec  4 11:15 ..
-rwxrwxrwx    1 admin    root           438 Dec  4 11:38 firewall-start
4. Execute it manually the first time, or reboot router to have it loaded upon firewall start:
Code: 
admin@RT-AX56U:/# sh /jffs/scripts/firewall-start
 
You must log in or register to reply here.

Similar threads

R
VPN Director with TAP tunnel in site-to-site seems not working but allowed
Replies
0
Views
785
ronzino
R
B
VPN Director: Prioritize Site-to-Site VPN over WAN
Replies
4
Views
808
benih
B
S
How to block DHCP protocol over a TAP site-to-site VPN (useful if you host separate DHCP subnet ranges at each site as part of a superset subnet)
Replies
0
Views
868
seabass
S
P
Switching from WireGuard to OpenVPN site-to-site due to perf issues
Replies
9
Views
2K
elorimer
E
F
Site To Site VPN between Debian VM and AsusWRT-Merlin router, no routes exists
Replies
2
Views
661
Freewill0592
F
Similar threads
Thread starter Title Forum Replies Date
C Solved Need help with nat-start scripts Asuswrt-Merlin 3
G Need help with VPN Asuswrt-Merlin 2
C Need some help with a DHCP problem Asuswrt-Merlin 9
C Need help with GT-AXE11000 and DNS Director Asuswrt-Merlin 0
Spydawg need help with network loop. Asuswrt-Merlin 9
H Need instructions on compiling Merlin rom Asuswrt-Merlin 5
K Solved Need help to compile Realtek r8152 driver for RT-AX88U Asuswrt-Merlin 4
C Need urgent help with home internet w/ RT-AC68U! Willing to do anything to get this fixed! Asuswrt-Merlin 5
J Need to disable ipv6 dhcp server ip auto assignments in my lan. but leave ipv6 turned on for wan side. Asuswrt-Merlin 8
A Solved Need help setting up DDNS for cloudflare Asuswrt-Merlin 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 710 (members: 22, guests: 688)
Top