What's new

SSH command to control "Block routed clients if tunnel goes down"?

cw-kid

Occasional Visitor
Hello

I am setting up my Home Automation controller to send SSH commands to my Asus Merlin router to control somethings.

I have managed to gain control over the VPN client connection and can turn it on and off via LUA code in my scenes.

For example using a command such as

os.execute("ssh -y -i ~/.ssh/id_dss [email protected] service stop_vpnclient1")

Can the option in the Merlin firmware "Block routed clients if tunnel goes down" also be turned on or off via a SSH command ?

Thanks
 

Martineau

Part of the Furniture
Hello

I am setting up my Home Automation controller to send SSH commands to my Asus Merlin router to control somethings.

I have managed to gain control over the VPN client connection and can turn it on and off via LUA code in my scenes.

For example using a command such as

os.execute("ssh -y -i ~/.ssh/id_dss [email protected] service stop_vpnclient1")

Can the option in the Merlin firmware "Block routed clients if tunnel goes down" also be turned on or off via a SSH command ?

Thanks
Set the appropriate NVRAM variable
Code:
nvram show 2>/dev/null | grep -E "vpn_client[1-5]_enforce" | sort
so if they are all set to "0'' (Block routed clients if tunnel goes down=NO), you can alter the setting

e.g. to set 'Block routed clients if tunnel goes down=YES' for VPN Client 1 enter:
Code:
nvram set vpn_client1_enforce="1"

nvram commit
 
Last edited:

cw-kid

Occasional Visitor
Hi Martineau

Thank you for your help !

I have just tried what you said in PUTTY and it works, it does turn on and off that setting.

I just need to work out how to send those commands from my HA Controller now in LUA code.

Thanks
 

cw-kid

Occasional Visitor
If I send this command from my HA Controller it works and turns on the "Block routed clients if tunnel goes down" option.

os.execute("ssh -y -i ~/.ssh/id_dss [email protected] nvram set vpn_client5_enforce=1")

Do I also need to send the "nvram commit" command ?

This command turns that option off:

os.execute("ssh -y -i ~/.ssh/id_dss [email protected] nvram set vpn_client5_enforce=0")

Thanks
 

Martineau

Part of the Furniture
If I send this command from my HA Controller it works and turns on the "Block routed clients if tunnel goes down" option.
Code:
os.execute("ssh -y -i ~/.ssh/id_dss [email protected] nvram set vpn_client5_enforce=1")
This command turns that option off:
Code:
os.execute("ssh -y -i ~/.ssh/id_dss [email protected] nvram set vpn_client5_enforce=0")
The 'commit' will force the router to remember the setting, so if you set the variable to "1" (and didn't 'commit'), if you then had a power outage and the router rebooted, the variable will be reset to the router default of "0" rather than "1" which may not be what you desire.
 

cw-kid

Occasional Visitor
Martineau

OK thanks that makes sense.

So in my HA Controller scenes I now have the following lines of code:

VPN On:

os.execute("ssh -y -i ~/.ssh/id_dss [email protected] nvram set vpn_client5_enforce=1")
os.execute("ssh -y -i ~/.ssh/id_dss [email protected] nvram commit")
os.execute("ssh -y -i ~/.ssh/id_dss [email protected] service start_vpnclient5")

VPN Off:

os.execute("ssh -y -i ~/.ssh/id_dss [email protected] nvram set vpn_client5_enforce=0")
os.execute("ssh -y -i ~/.ssh/id_dss [email protected] nvram commit")
os.execute("ssh -y -i ~/.ssh/id_dss [email protected] service stop_vpnclient5")

It seems to work and it turns on or off the VPN client connection and now also turns on or off the "Block routed clients if tunnel goes down" setting.
 

Martineau

Part of the Furniture
Martineau

OK thanks that makes sense.

So in my HA Controller scenes I now have the following lines of code:

VPN On:

os.execute("ssh -y -i ~/.ssh/id_dss [email protected] nvram set vpn_client5_enforce=1")
os.execute("ssh -y -i ~/.ssh/id_dss [email protected] nvram commit")
os.execute("ssh -y -i ~/.ssh/id_dss [email protected] service start_vpnclient5")

VPN Off:

os.execute("ssh -y -i ~/.ssh/id_dss [email protected] nvram set vpn_client5_enforce=0")
os.execute("ssh -y -i ~/.ssh/id_dss [email protected] nvram commit")
os.execute("ssh -y -i ~/.ssh/id_dss [email protected] service stop_vpnclient5")

It seems to work and it turns on or off the VPN client connection and now also turns on or off the "Block routed clients if tunnel goes down" setting.
May I ask which HA Controller you are using?
 

cw-kid

Occasional Visitor
A Vera Plus Z-Wave controller.

I wanted to add a virtual switch in to Vera and into the mobile control app we use Imperihome, to be able to turn the VPN client connection on and off. I managed to get that working see here.

But then I wanted to add some extra control over this "Block routed clients if tunnel goes down" setting.
 

cw-kid

Occasional Visitor
Martineau

I've added your instructions for this on to the thread in the Vera forum as well.

Thanks again !
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top