Routing guest 1 clients thru vpn client tunnel while access intranet set to disable

ThelostIcon

Occasional Visitor
Trying to route some devices on guest 1 thru vpn client, seems to work ok if i enable the acess intranet option, but obviously that defeats the purpose of trying to isolate guest 1 from lan. When i disable intranet acess, guest 1 drops the vpn tunnel. I tried adding 192.168.101.0/24 which is my guest 1 range to vpn director, but no dice. Is this a limitation or am i missing something. Tried yazfi already, it did the trick, but for some reason my ui keeps freezing every time i click between yazfi and guest tabs, even on a clean factory restore, so i had to unistall.
 

eibgrad

Part of the Furniture
 

ThelostIcon

Occasional Visitor
Thanks for that, i think i understand the problem now after reading that a few times. Im totally new to code and scripts and this solution may be beyond my current skills, i did manage to install and unistall yazfi though, but they really made that process dummy proof. I suppose this problem has no non-code solution?
 

eibgrad

Part of the Furniture
You either have to use YazFi or those firewall rules I indicated.

For your convenience, all you have to do is copy/paste the following into the terminal window of an ssh session and it will create and install the necessary firewall-start script for you. Then reboot.

Code:
#!/bin/sh

SCRIPTS_DIR='/jffs/scripts'
SCRIPT="$SCRIPTS_DIR/firewall-start"

mkdir -p $SCRIPTS_DIR

create_script() {
cat << 'EOF' > $SCRIPT
#!/bin/sh
iptables -I FORWARD -i br1 -o tun1+ -j ACCEPT
iptables -I FORWARD -i br2 -o tun1+ -j ACCEPT
EOF
chmod +x $SCRIPT
}

if [ -f $SCRIPT ]; then
    echo "error: $SCRIPT already exists; requires manual installation"
else
    create_script
    echo 'Done.'
fi
:

You also have to make sure you set Administration > System > "Enable JFFS custom scripts and configs" to Yes. The script will also NOT install if there's already a firewall-start script present, even its own from a prior installation. This is done to prevent accidentally overwriting the same file from some other utility (e.g., YazFi).

If you ever need to uninstall it, just use the following command.

Code:
rm -f /jffs/scripts/firewall-start
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top