Differences

This shows you the differences between two versions of the page.

--- unix:networking:openwrt_routing [2014/04/30 05:22]
ben [Transmission Update Script]
+++ unix:networking:openwrt_routing [2014/08/14 06:40]
ben [VPN Scripts]
@@ Line 1: / Line 1: @@
 ====== "Split" VPN routing with OpenWRT/Tomato ======
-[[unix:networking:openwrt_routing:notes|Original on-the-fly Notes]]
+This is an explanation of how I route traffic for specific LAN IP addresses (my NAS) through an OpenVPN connection on a router running OpenWRT/Tomato firmware.  I'm also running "tinyproxy" on the NAS so other clients can use the VPN connection on the router as necessary.
-The point of this is to route traffic for specific LAN IP addresses (my NAS) through an openVPN connection on a router running OpenWRT/Tomato firmware.  I'm also running "tinyproxy" on the NAS so I can have an individual browser configured on my own station to route through the VPN as well.
 I've never used awk before and didn't devote a lot of time to these scripts, so save your judgement please.
@@ Line 20: / Line 18: @@
 </code>
-Contents of Administration->Scripts->Init:
+Contents of Administration->Scripts->Init: //(I don't use this anymore but figured I'd leave it documented)//
 <code>
 #Mount optware
@@ Line 53: / Line 51: @@
 down /opt/etc/scripts/vpnroutedown.sh
 </code>
+Two files are necessary:
 Contents of pia.txt is VPN username on first line, password on second line.
+Contents of pia_client_id is a random string: ''head -n 100 /dev/urandom | md5 > pia_client_id''
 ===== VPN Scripts =====
@@ Line 82: / Line 83: @@
 for host in $vpndhosts;do for server in $dnsservers;do ip rule add from $host to $server lookup main;ip rule add from $server to $host lookup main;done;done
-/opt/etc/scripts/port_forward_update.sh
+/opt/etc/scripts/port_forward_update.sh &
 </code>
@@ Line 94: / Line 95: @@
 ===== Port-forward Script =====
-This is specific to Private Internet Access's method for getting a port forwarding port via an HTTPS request.  It uses iptables PREROUTING to forward the port to the internal LAN address.  Once the port is retrieved, if there's no forwarding enabled currently, it gets enabled.  If it's different from what is currently forwarded, it replaces what's currently in place.  Once the ports are setup it calls the script to update the transmission config.
+This is specific to Private Internet Access's method for getting a port forwarding port via an HTTPS request.  It uses iptables PREROUTING with the NAT table to forward the port to the internal LAN address.  Once the port is retrieved, if there's no forwarding enabled currently, it gets enabled.  If it's different from what is currently forwarded, it replaces what's currently in place.  Once the ports are setup it calls the script to update the transmission config.
 Contents of port_forward_update.sh:
@@ Line 159: / Line 160: @@
 </code>
+<note important>Fix needed: There's actually a logical flaw here- if the router goes down then the new port won't match and the sed match there will fail, not updating the port.</note>
 ===== Scheduled port forward update =====
 My VPN provider requires that you routinely refresh the request for a forwarded port.  That is scheduled in OpenWRT via Administration->Scheduler.  Execute ''/opt/etc/scripts/port_forward_update.sh'' every 30 minutes to keep the port enabled.
+===== Appendix =====
+[[unix:networking:openwrt_routing:notes|Original on-the-fly Notes]]

..., etc.

User Tools

Site Tools

Differences

Page Tools