What's new

Routing guest 1 clients thru vpn client tunnel while access intranet set to disable

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

ThelostIcon

Occasional Visitor
Trying to route some devices on guest 1 thru vpn client, seems to work ok if i enable the acess intranet option, but obviously that defeats the purpose of trying to isolate guest 1 from lan. When i disable intranet acess, guest 1 drops the vpn tunnel. I tried adding 192.168.101.0/24 which is my guest 1 range to vpn director, but no dice. Is this a limitation or am i missing something. Tried yazfi already, it did the trick, but for some reason my ui keeps freezing every time i click between yazfi and guest tabs, even on a clean factory restore, so i had to unistall.
 
 
Thanks for that, i think i understand the problem now after reading that a few times. Im totally new to code and scripts and this solution may be beyond my current skills, i did manage to install and unistall yazfi though, but they really made that process dummy proof. I suppose this problem has no non-code solution?
 
You either have to use YazFi or those firewall rules I indicated.

For your convenience, all you have to do is copy/paste the following into the terminal window of an ssh session and it will create and install the necessary firewall-start script for you. Then reboot.

Code:
#!/bin/sh

SCRIPTS_DIR='/jffs/scripts'
SCRIPT="$SCRIPTS_DIR/firewall-start"

mkdir -p $SCRIPTS_DIR

create_script() {
cat << 'EOF' > $SCRIPT
#!/bin/sh
iptables -I FORWARD -i br1 -o tun1+ -j ACCEPT
iptables -I FORWARD -i br2 -o tun1+ -j ACCEPT
EOF
chmod +x $SCRIPT
}

if [ -f $SCRIPT ]; then
    echo "error: $SCRIPT already exists; requires manual installation"
else
    create_script
    echo 'Done.'
fi
:

You also have to make sure you set Administration > System > "Enable JFFS custom scripts and configs" to Yes. The script will also NOT install if there's already a firewall-start script present, even its own from a prior installation. This is done to prevent accidentally overwriting the same file from some other utility (e.g., YazFi).

If you ever need to uninstall it, just use the following command.

Code:
rm -f /jffs/scripts/firewall-start
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top