API tools faq
paste
Advertisement
eibgrad

ddwrt-pptp-redirect-vpn-to-wan.sh

eibgrad
Feb 4th, 2017 (edited)
611
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 4.65 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2. export DEBUG= # uncomment/comment to enable/disable debug mode
  3.  
  4. #         name: ddwrt-pptp-redirect-vpn-to-wan.sh
  5. #      version: 3.2.0, 12-mar-2017, by eibgrad
  6. #      purpose: redirect specific VPN traffic back to WAN
  7. #  script type: startup
  8. # installation:
  9. #   1. add/modify rules for rerouting purposes
  10. #   2. copy modified script to /jffs (or external storage, e.g., usb)
  11. #   3. make script executable:
  12. #        chmod +x /jffs/ddwrt-pptp-redirect-vpn-to-wan.sh
  13. #   4. call script from startup script:
  14. #        /jffs/ddwrt-pptp-redirect-vpn-to-wan.sh
  15. #   5. for pptp over the wan, enable dual access mode (important!)
  16. #   6. enable syslogd service (required for debug mode)
  17. #   7. (re)start pptp client
  18. #  limitations:
  19. #    - rules only support source ip/network/interface and destination
  20. #      ip/network; split tunneling within any given source or destination
  21. #      (protocol, port, etc.) is NOT supported
  22. #    - rules do NOT support domain names (e.g., google.com)
  23.  
  24. # Special Note:
  25. #   This script assumes the PPTP client has changed the default gateway
  26. #   from the WAN/ISP to the VPN. That is only true if you use PPTP (client)
  27. #   over the WAN, or use the PPTP Client on the Services tab *and* leave the
  28. #   Remote Subnet and Remote Subnet Mask fields unspecified (0.0.0.0/0.0.0.0).
  29.  
  30. (
  31. [ "${DEBUG+x}" ] && set -x
  32.  
  33. add_rules() {
  34.  
  35. # ---------------------------------------------------------------------------- #
  36. # * the order of rules doesn't matter (there is no order of precedence)
  37. # * if any rule matches, those packets are rerouted to the WAN
  38. # ---------------------------------------------------------------------------- #
  39.  
  40. # ------------------------------- BEGIN RULES -------------------------------- #
  41.  
  42. # specify source IP(s)/network(s)/interface(s)
  43. $ADD_RULE iif br1 # guest network
  44. $ADD_RULE from 192.168.1.7 # mary's pc
  45. $ADD_RULE from 192.168.1.113
  46. $ADD_RULE from 192.168.2.0/24 # iot network
  47.  
  48. # specify destination IP(s)/network(s)
  49. $ADD_RULE to 4.79.142.0/24 # grc.com
  50. $ADD_RULE to 172.217.6.142 # maps.google.com
  51.  
  52. # specify source + destination
  53. $ADD_RULE iif br2 to 121.121.121.121
  54. $ADD_RULE from 192.168.1.112 to 104.25.112.26 # ipchicken.com
  55. $ADD_RULE from 192.168.1.112 to 104.25.113.26 # ipchicken.com
  56. #$ADD_RULE from 192.168.1.112 to 45.79.3.202 # infobyip.com
  57. $ADD_RULE from 192.168.2.0/24 to 133.133.133.0/24
  58.  
  59. # -------------------------------- END RULES --------------------------------- #
  60. }
  61. MAX_PASS=0 # max number of passes through routing tables (0=infinite)
  62. SLEEP=60 # time (in secs) between each pass
  63.  
  64. # working directory
  65. WORK_DIR="/tmp/ddwrt_pptp_redirect_vpn_to_wan"
  66. mkdir -p $WORK_DIR
  67.  
  68. # ---------------------- DO NOT CHANGE BELOW THIS LINE ----------------------- #
  69.  
  70. TID="200"
  71. WANUP_IP="8.8.8.8" # Google DNS
  72. WAN_IF="$(route -n | awk '/^0.0.0.0/{wif=$NF} END {print wif}')"
  73. ADD_RULE="ip rule add table $TID "
  74.  
  75. # wait for WAN to come up
  76. while ! ping -qc1 -w3 $WANUP_IP >/dev/null 2>&1; do sleep 10; done; sleep 3
  77.  
  78. # cleanup from possible prior execution
  79. (
  80. ip route flush table $TID
  81. ip route flush cache
  82. while ip rule del from 0/0 to 0/0 table $TID; do :; done
  83. ) 2>/dev/null
  84.  
  85. # start split tunnel
  86. add_rules
  87.  
  88. # initialize this run thru sync
  89. pass_count=0
  90. wan_gw=""
  91. ROUTES="$WORK_DIR/routes"
  92.  
  93. while :; do
  94.     # initialize this pass thru sync
  95.     pass_count=$((pass_count + 1))
  96.     table_changed=false
  97.  
  98.     # keep default gateway in pbr synchronized w/ WAN
  99.     if [ "$wan_gw" != "$(nvram get wan_gateway_buf)" ]; then
  100.         if ip route rep default via $(nvram get wan_gateway_buf) table $TID; then
  101.             table_changed=true
  102.             wan_gw="$(nvram get wan_gateway_buf)"
  103.         fi
  104.     fi
  105.  
  106.     echo "$(ip route show | grep -Ev '^default')" > $ROUTES
  107.  
  108.     # add routes to pbr found in main routing table
  109.     while read route; do
  110.         if ! ip route show table $TID | grep -q "$route"; then
  111.             ip route add $route table $TID && table_changed=true
  112.         fi
  113.     done < $ROUTES
  114.  
  115.     echo "$(ip route show table $TID | grep -Ev '^default')" > $ROUTES
  116.  
  117.     # remove routes from pbr not found in main routing table
  118.     while read route; do
  119.         if ! ip route show | grep -q "$route"; then
  120.             ip route del $route table $TID && table_changed=true
  121.         fi
  122.     done < $ROUTES
  123.  
  124.     # force routing system to recognize changes
  125.     [[ $table_changed == true ]] && ip route flush cache
  126.  
  127.     # quit if we've reached any execution limits
  128.     [ $MAX_PASS -gt 0 ] && [ $pass_count -ge $MAX_PASS ] && break
  129.  
  130.     # put it bed for a while
  131.     [ $SLEEP -gt 0 ] && sleep $SLEEP
  132. done
  133.  
  134. # cleanup
  135. rm -f $ROUTES
  136.  
  137. echo "done"
  138. exit 0
  139.  
  140. ) 2>&1 | logger -t $(basename $0)[$$] &
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!