What's new

Routing traffic through a reverse OpenVPN on tun21

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

mr8

Occasional Visitor
Hello,
I need to route a few domains on my Asus-merlin located on network "A" through a network that I cannot open any ports on network "B". Since I can't connect to an OpenVPN server on network "B", I setup an OpenVPN server on my Asus-merlin and setup a client on network "B" to connect back to network "A" in hopes of doing it that way.

I enabled the client <-> client option as well as pushed the local subnet on the OpenVPN server, so I can successfully ping and access local resources on network "B" from network "A" (using both network "B" local IPs 192.168.11.X as well as the ovpn IPs 10.1.0.X). Now, I'm attempting to use IPSET to selectively route a few domains over network "B" but can't seem to figure out how to set that up since /usr/sbin/vpnrouting.sh only sets up routes for tun1X, whereas I need to forward via tun21.

This is what I have so far:
Code:
ip route add default via $(ifconfig tun21 | grep 'inet addr:'| cut -d: -f2 | awk '{ print $1}') dev tun21 table 55
ip route add default via 192.168.11.1 dev tun21 table 55
ip rule add from 0/0 fwmark 0x5500 table 55 prio 9955
I would appreciate any help or suggestions.
Thanks!
 
Hello,
I need to route a few domains on my Asus-merlin located on network "A" through a network that I cannot open any ports on network "B". Since I can't connect to an OpenVPN server on network "B", I setup an OpenVPN server on my Asus-merlin and setup a client on network "B" to connect back to network "A" in hopes of doing it that way.

I enabled the client <-> client option as well as pushed the local subnet on the OpenVPN server, so I can successfully ping and access local resources on network "B" from network "A" (using both network "B" local IPs 192.168.11.X as well as the ovpn IPs 10.1.0.X). Now, I'm attempting to use IPSET to selectively route a few domains over network "B" but can't seem to figure out how to set that up since /usr/sbin/vpnrouting.sh only sets up routes for tun1X, whereas I need to forward via tun21.

This is what I have so far:
Code:
ip route add default via $(ifconfig tun21 | grep 'inet addr:'| cut -d: -f2 | awk '{ print $1}') dev tun21 table 55
ip route add default via 192.168.11.1 dev tun21 table 55
ip rule add from 0/0 fwmark 0x5500 table 55 prio 9955
I would appreciate any help or suggestions.
Thanks!

What doesn't work?

Assuming you have no other Selective routing via the WAN, I would probably start with
Code:
ip rule add from 0/0 fwmark 0x8000/0x8000 table 121 prio 20001

ip route add default $(nvram get vpn_server1_sn | cut -d'.' -f1-3).1 dev 21 table 121
to create the routing, then add some items such as
Code:
# Devices / Ports / Domains IPSET that must be routed
iptables -t mangle -A PREROUTING -i br0 -m set --match-set IPSET dst -j MARK --set-mark 0x8000/0x8000

# Test LAN device to check normal traffic flow
iptables -t mangle -A PREROUTING -i br0 --src xxx.xxx.xxx.xxx -p tcp -m multiport --dport 80,443 -j MARK --set-mark 0x8000/0x8000

# Debug
iptables -t mangle -A PREROUTING        --src xxx.xxx.xxx.xxx -j LOG --log-prefix VPN21
to test with.
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top