..., etc.

User Tools

Site Tools

Trace: openwrt_routing
unix:networking:openwrt_routing

This is an old revision of the document!

Table of Contents

"Split" VPN routing with OpenWRT/Tomato

Original on-the-fly Notes

The point of this is to route traffic for specific LAN IP addresses (my NAS) through an openVPN connection on a router running OpenWRT/Tomato firmware. I'm also running “tinyproxy” on the NAS so I can have an individual browser configured on my own station to route through the VPN as well.

Pre-requisite: Get optware installed and mounting automatically on boot.

OpenVPN settings

  • Ensure the option “Create NAT on tunnel” is checked
  • Advanced settings:
persist-key
persist-tun
tls-client
auth-user-pass /opt/etc/pia/pia.txt
comp-lzo
verb 1
reneg-sec 0
route-noexec
route-up /opt/etc/scripts/vpnrouteup.sh 
down /opt/etc/scripts/vpnroutedown.sh

Contents of pia.txt is VPN username on first line, password on second line.

VPN Scripts

The vpnrouteup.sh script sets a second routing table with ip route to direct traffic for ip's listed in “vpndhosts” (space delimited) through the VPN connection.

Contents of vpnrouteup.sh: 

#!/bin/sh 
privateinternetaccess=$(nslookup www.privateinternetaccess.com |grep ^A |tail -1 |awk -F ' ' '{ print $3 }')
vpndhosts="192.168.xxx.xxx"
dnsservers="89.xxx.xxx.xxx 89.xxx.xxx.xxx"
tun_iface=$(ifconfig|grep tun|awk '{ print $1 }')
tun_inet=$(ifconfig $tun_iface|grep P-t-P|awk -F ':' '{ print $2 }'|awk -F ' ' '{ print $1 }')
tun_ptp=$(ifconfig $tun_iface|grep P-t-P|awk -F ':' '{ print $3 }'|awk -F ' ' '{ print $1 }')
tun_gw=$(echo $tun_inet |awk -F '.' '{print $1"."$2"."$3".1"}')
tun_net=$(echo $tun_inet |awk -F '.' '{print $1"."$2"."$3".0/24"}')
ip route add 0.0.0.0/1 via $tun_ptp dev $tun_iface table 10
ip route add 128.0.0.0/1 via $tun_ptp dev $tun_iface table 10
ip route add $tun_gw via $tun_ptp dev $tun_iface metric 1 table 10
ip rule add from $tun_net table 10
ip rule add to $tun_net table 10
for host in $privateinternetaccess;do ip rule add from $host table 10;ip rule add to $host table 10;done
for host in $vpndhosts;do ip rule add from $host table 10;done
for host in $vpndhosts;do for server in $dnsservers;do ip rule add from $host to $server lookup main;ip rule add from $server to $host lookup main;done;done

/opt/etc/scripts/port_forward_update.sh 
/opt/etc/scripts/transmission_port_update.sh
unix/networking/openwrt_routing.1398846748.txt.gz · Last modified: 2014/04/30 04:32 by ben

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
CC Attribution-Noncommercial-Share Alike 3.0 Unported Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki