This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
unix:networking:openwrt_routing [2014/04/30 05:02] ben |
unix:networking:openwrt_routing [2015/11/17 07:10] ben [Transmission Update Script] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== "Split" VPN routing with OpenWRT/Tomato ====== | ====== "Split" VPN routing with OpenWRT/Tomato ====== | ||
- | [[unix:networking:openwrt_routing:notes|Original on-the-fly Notes]] | + | This is an explanation of how I route traffic for specific LAN IP addresses (my NAS) through an OpenVPN connection on a router running OpenWRT/Tomato firmware. I'm also running "tinyproxy" on the NAS so other clients can use the VPN connection on the router as necessary. |
- | + | ||
- | The point of this is to route traffic for specific LAN IP addresses (my NAS) through an openVPN connection on a router running OpenWRT/Tomato firmware. I'm also running "tinyproxy" on the NAS so I can have an individual browser configured on my own station to route through the VPN as well. | + | |
I've never used awk before and didn't devote a lot of time to these scripts, so save your judgement please. | I've never used awk before and didn't devote a lot of time to these scripts, so save your judgement please. | ||
Line 20: | Line 18: | ||
</code> | </code> | ||
- | Contents of Administration->Scripts->Init: | + | Contents of Administration->Scripts->Init: //(I don't use this anymore but figured I'd leave it documented)// |
<code> | <code> | ||
#Mount optware | #Mount optware | ||
Line 53: | Line 51: | ||
down /opt/etc/scripts/vpnroutedown.sh | down /opt/etc/scripts/vpnroutedown.sh | ||
</code> | </code> | ||
+ | |||
+ | Two files are necessary: | ||
Contents of pia.txt is VPN username on first line, password on second line. | Contents of pia.txt is VPN username on first line, password on second line. | ||
+ | Contents of pia_client_id is a random string: ''head -n 100 /dev/urandom | md5 > pia_client_id'' | ||
===== VPN Scripts ===== | ===== VPN Scripts ===== | ||
Line 82: | Line 83: | ||
for host in $vpndhosts;do for server in $dnsservers;do ip rule add from $host to $server lookup main;ip rule add from $server to $host lookup main;done;done | for host in $vpndhosts;do for server in $dnsservers;do ip rule add from $host to $server lookup main;ip rule add from $server to $host lookup main;done;done | ||
- | /opt/etc/scripts/port_forward_update.sh | + | /opt/etc/scripts/port_forward_update.sh & |
</code> | </code> | ||
Line 94: | Line 95: | ||
===== Port-forward Script ===== | ===== Port-forward Script ===== | ||
- | This is specific to Private Internet Access's method for getting a port forwarding port via an HTTPS request. It uses iptables PREROUTING to forward the port to the internal LAN address. Once the port is retrieved, if there's no forwarding enabled currently, it gets enabled. If it's different from what is currently forwarded, it replaces what's currently in place. Once the ports are setup it calls the script to update the transmission config. | + | This is specific to Private Internet Access's method for getting a port forwarding port via an HTTPS request. It uses iptables PREROUTING with the NAT table to forward the port to the internal LAN address. Once the port is retrieved, if there's no forwarding enabled currently, it gets enabled. If it's different from what is currently forwarded, it replaces what's currently in place. Once the ports are setup it calls the script to update the transmission config. |
Contents of port_forward_update.sh: | Contents of port_forward_update.sh: | ||
Line 154: | Line 155: | ||
#!/bin/sh | #!/bin/sh | ||
echo $1 to $2 | echo $1 to $2 | ||
- | ssh -i /opt/etc/pia/id_rsa root@nas cp /etc/transmission-daemon/settings.json /etc/transmission-daemon/settings.json.bak | + | transmissionhost=192.168.33.200 |
- | ssh -i /opt/etc/pia/id_rsa root@nas "cat /etc/transmission-daemon/settings.json.bak | sed -e s#\:\ $1,#\:\ $2,#g > /etc/transmission-daemon/settings.json" | + | settingspath=/usr/local/transmission/var |
- | ssh -i /opt/etc/pia/id_rsa root@nas killall -HUP transmission-daemon | + | settingsfile=$settingspath/settings.json |
+ | |||
+ | ssh -i /opt/etc/pia/id_rsa root@$transmissionhost cp $settingsfile $settingsfile.bak | ||
+ | #ssh -i /opt/etc/pia/id_rsa root@$transmissionhost ls -l $settingsfile $settingsfile.bak | ||
+ | ssh -i /opt/etc/pia/id_rsa root@$transmissionhost 'cat '"'$settingsfile.bak'"' | sed -e s#\ \ \ \"peer-port\"\:\ [0-9][0-9][0-9][0-9][0-9],#\ \ \ \"peer-port\"\:\ '"'$2'"',#g > '"'$settingsfile'"'' | ||
+ | ssh -i /opt/etc/pia/id_rsa root@$transmissionhost grep peer-port $settingsfile $settingsfile.bak | ||
+ | ssh -i /opt/etc/pia/id_rsa root@$transmissionhost killall -HUP transmission-daemon | ||
</code> | </code> | ||
+ | |||
+ | ===== Scheduled port forward update ===== | ||
+ | |||
+ | My VPN provider requires that you routinely refresh the request for a forwarded port. That is scheduled in OpenWRT via Administration->Scheduler. Execute ''/opt/etc/scripts/port_forward_update.sh'' every 30 minutes to keep the port enabled. | ||
+ | |||
+ | ===== Appendix ===== | ||
+ | |||
+ | [[unix:networking:openwrt_routing:notes|Original on-the-fly Notes]] | ||
+ |