What's new

SSH command to control "Block routed clients if tunnel goes down"?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

cw-kid

Regular Contributor
Hello

I am setting up my Home Automation controller to send SSH commands to my Asus Merlin router to control somethings.

I have managed to gain control over the VPN client connection and can turn it on and off via LUA code in my scenes.

For example using a command such as

os.execute("ssh -y -i ~/.ssh/id_dss admin@192.168.1.1 service stop_vpnclient1")

Can the option in the Merlin firmware "Block routed clients if tunnel goes down" also be turned on or off via a SSH command ?

Thanks
 
Hello

I am setting up my Home Automation controller to send SSH commands to my Asus Merlin router to control somethings.

I have managed to gain control over the VPN client connection and can turn it on and off via LUA code in my scenes.

For example using a command such as

os.execute("ssh -y -i ~/.ssh/id_dss admin@192.168.1.1 service stop_vpnclient1")

Can the option in the Merlin firmware "Block routed clients if tunnel goes down" also be turned on or off via a SSH command ?

Thanks

Set the appropriate NVRAM variable
Code:
nvram show 2>/dev/null | grep -E "vpn_client[1-5]_enforce" | sort
so if they are all set to "0'' (Block routed clients if tunnel goes down=NO), you can alter the setting

e.g. to set 'Block routed clients if tunnel goes down=YES' for VPN Client 1 enter:
Code:
nvram set vpn_client1_enforce="1"

nvram commit
 
Last edited:
Hi Martineau

Thank you for your help !

I have just tried what you said in PUTTY and it works, it does turn on and off that setting.

I just need to work out how to send those commands from my HA Controller now in LUA code.

Thanks
 
If I send this command from my HA Controller it works and turns on the "Block routed clients if tunnel goes down" option.

os.execute("ssh -y -i ~/.ssh/id_dss admin@192.168.1.1 nvram set vpn_client5_enforce=1")

Do I also need to send the "nvram commit" command ?

This command turns that option off:

os.execute("ssh -y -i ~/.ssh/id_dss admin@192.168.1.1 nvram set vpn_client5_enforce=0")

Thanks
 
If I send this command from my HA Controller it works and turns on the "Block routed clients if tunnel goes down" option.
Code:
os.execute("ssh -y -i ~/.ssh/id_dss admin@192.168.1.1 nvram set vpn_client5_enforce=1")
This command turns that option off:
Code:
os.execute("ssh -y -i ~/.ssh/id_dss admin@192.168.1.1 nvram set vpn_client5_enforce=0")

The 'commit' will force the router to remember the setting, so if you set the variable to "1" (and didn't 'commit'), if you then had a power outage and the router rebooted, the variable will be reset to the router default of "0" rather than "1" which may not be what you desire.
 
Martineau

OK thanks that makes sense.

So in my HA Controller scenes I now have the following lines of code:

VPN On:

os.execute("ssh -y -i ~/.ssh/id_dss admin@192.168.1.1 nvram set vpn_client5_enforce=1")
os.execute("ssh -y -i ~/.ssh/id_dss admin@192.168.1.1 nvram commit")
os.execute("ssh -y -i ~/.ssh/id_dss admin@192.168.1.1 service start_vpnclient5")

VPN Off:

os.execute("ssh -y -i ~/.ssh/id_dss admin@192.168.1.1 nvram set vpn_client5_enforce=0")
os.execute("ssh -y -i ~/.ssh/id_dss admin@192.168.1.1 nvram commit")
os.execute("ssh -y -i ~/.ssh/id_dss admin@192.168.1.1 service stop_vpnclient5")

It seems to work and it turns on or off the VPN client connection and now also turns on or off the "Block routed clients if tunnel goes down" setting.
 
Martineau

OK thanks that makes sense.

So in my HA Controller scenes I now have the following lines of code:

VPN On:

os.execute("ssh -y -i ~/.ssh/id_dss admin@192.168.1.1 nvram set vpn_client5_enforce=1")
os.execute("ssh -y -i ~/.ssh/id_dss admin@192.168.1.1 nvram commit")
os.execute("ssh -y -i ~/.ssh/id_dss admin@192.168.1.1 service start_vpnclient5")

VPN Off:

os.execute("ssh -y -i ~/.ssh/id_dss admin@192.168.1.1 nvram set vpn_client5_enforce=0")
os.execute("ssh -y -i ~/.ssh/id_dss admin@192.168.1.1 nvram commit")
os.execute("ssh -y -i ~/.ssh/id_dss admin@192.168.1.1 service stop_vpnclient5")

It seems to work and it turns on or off the VPN client connection and now also turns on or off the "Block routed clients if tunnel goes down" setting.

May I ask which HA Controller you are using?
 
A Vera Plus Z-Wave controller.

I wanted to add a virtual switch in to Vera and into the mobile control app we use Imperihome, to be able to turn the VPN client connection on and off. I managed to get that working see here.

But then I wanted to add some extra control over this "Block routed clients if tunnel goes down" setting.
 
Martineau

I've added your instructions for this on to the thread in the Vera forum as well.

Thanks again !
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top