Differences

This shows you the differences between two versions of the page.

--- unix:networking:openwrt_routing [2014/04/30 04:48]
ben
+++ unix:networking:openwrt_routing [2015/11/17 07:10] (current)
ben [Transmission Update Script]
@@ Line 1: / Line 1: @@
 ====== "Split" VPN routing with OpenWRT/Tomato ======
-[[unix:networking:openwrt_routing:notes|Original on-the-fly Notes]]
+This is an explanation of how I route traffic for specific LAN IP addresses (my NAS) through an OpenVPN connection on a router running OpenWRT/Tomato firmware.  I'm also running "tinyproxy" on the NAS so other clients can use the VPN connection on the router as necessary.
-The point of this is to route traffic for specific LAN IP addresses (my NAS) through an openVPN connection on a router running OpenWRT/Tomato firmware.  I'm also running "tinyproxy" on the NAS so I can have an individual browser configured on my own station to route through the VPN as well.
 I've never used awk before and didn't devote a lot of time to these scripts, so save your judgement please.
@@ Line 20: / Line 18: @@
 </code>
-Contents of Administration->Scripts->Init:
+Contents of Administration->Scripts->Init: //(I don't use this anymore but figured I'd leave it documented)//
 <code>
 #Mount optware
@@ Line 53: / Line 51: @@
 down /opt/etc/scripts/vpnroutedown.sh
 </code>
+Two files are necessary:
 Contents of pia.txt is VPN username on first line, password on second line.
+Contents of pia_client_id is a random string: ''head -n 100 /dev/urandom | md5 > pia_client_id''
 ===== VPN Scripts =====
-The vpnrouteup.sh script sets a second routing table with ip route to direct traffic for ip's listed in "vpndhosts" (space delimited) through the VPN connection.  It then calls a script to get a forwarding port from my VPN provider, and then a script to update the transmission client config that's running on the NAS.
+The vpnrouteup.sh script sets a second routing table with ip route to direct traffic for ip's listed in "vpndhosts" (space delimited) through the VPN connection.  It then calls a script to get a forwarding port from my VPN provider, which then calls a script to update the transmission client config that's running on the NAS.
 I don't remember why I needed to use my ISP's DNS servers over the VPN's DNS servers, but there must be a good reason.  Maybe it was because I couldn't figure out how to dynamically update the /etc/resolv.conf file on my NAS.  If you don't need to use your ISPs DNS, comment out the third for loop.
@@ Line 82: / Line 83: @@
 for host in $vpndhosts;do for server in $dnsservers;do ip rule add from $host to $server lookup main;ip rule add from $server to $host lookup main;done;done
-/opt/etc/scripts/port_forward_update.sh
+/opt/etc/scripts/port_forward_update.sh &
-/opt/etc/scripts/transmission_port_update.sh
 </code>
@@ Line 95: / Line 95: @@
 ===== Port-forward Script =====
-This is specific to Private Internet Access's method for getting a port forwarding port via an HTTPS request.  It uses iptables PREROUTING to forward the port to the internal LAN address.  Once the port is retrieved, if there's no forwarding enabled currently, it gets enabled.  If it's different from what is currently forwarded, it replaces what's currently in place.
+This is specific to Private Internet Access's method for getting a port forwarding port via an HTTPS request.  It uses iptables PREROUTING with the NAT table to forward the port to the internal LAN address.  Once the port is retrieved, if there's no forwarding enabled currently, it gets enabled.  If it's different from what is currently forwarded, it replaces what's currently in place.  Once the ports are setup it calls the script to update the transmission config.
+Contents of port_forward_update.sh:
 <code>
 #!/bin/sh
@@ Line 119: / Line 120: @@
 echo $forwarded_port
-#echo $tun_iface
-#tmpIFS=$IFS
-#IFS=$'\n'
-#rules=$(iptables -t nat -L PREROUTING -vn | grep $tun_iface | grep $forwarded_port| awk)
-#echo $rules
-#IFS=$tmpIFS
 current_port=$(iptables -t nat -L PREROUTING -vn |grep tun11 |awk -F ':' '{ print $2 }'|awk -F ' ' '{ print $1 }'|tail -1)
@@ Line 151: / Line 145: @@
 </code>
+===== Transmission Update Script =====
+Transmission supports updating client configuration settings on the fly via a ''kill -HUP''.  Open file handles remain open, so if you're like me and you have a download directory that is used only temporarily while something other than transmission moves your files around, no problem.
+In order to ssh to your NAS from OpenWRT, you need a set of ssh keys.  On OpenWRT that command is ''dropbearkey -t rsa -f ~/.ssh/id_rsa''.  Copy the .pub key file to your nas and append that key to your authorized_keys file.  As always, make sure your .ssh dir is set to 700 and authorized_keys set to 600.
+Contents of transmission_port_update.sh:
+<code>
+#!/bin/sh
+echo $1 to $2
+transmissionhost=192.168.33.200
+settingspath=/usr/local/transmission/var
+settingsfile=$settingspath/settings.json
+ssh -i /opt/etc/pia/id_rsa root@$transmissionhost cp $settingsfile $settingsfile.bak
+#ssh -i /opt/etc/pia/id_rsa root@$transmissionhost ls -l $settingsfile $settingsfile.bak
+ssh -i /opt/etc/pia/id_rsa root@$transmissionhost 'cat '"'$settingsfile.bak'"' | sed -e s#\ \ \ \"peer-port\"\:\ [0-9][0-9][0-9][0-9][0-9],#\ \ \ \"peer-port\"\:\ '"'$2'"',#g > '"'$settingsfile'"''
+ssh -i /opt/etc/pia/id_rsa root@$transmissionhost grep peer-port $settingsfile $settingsfile.bak
+ssh -i /opt/etc/pia/id_rsa root@$transmissionhost killall -HUP transmission-daemon
+</code>
+===== Scheduled port forward update =====
+My VPN provider requires that you routinely refresh the request for a forwarded port.  That is scheduled in OpenWRT via Administration->Scheduler.  Execute ''/opt/etc/scripts/port_forward_update.sh'' every 30 minutes to keep the port enabled.
+===== Appendix =====
+[[unix:networking:openwrt_routing:notes|Original on-the-fly Notes]]

..., etc.

User Tools

Site Tools

Differences

Page Tools