Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- export DEBUG= # uncomment/comment to enable/disable debug mode
- # name: ddwrt-pptp-redirect-vpn-to-wan.sh
- # version: 3.2.0, 12-mar-2017, by eibgrad
- # purpose: redirect specific VPN traffic back to WAN
- # script type: startup
- # installation:
- # 1. add/modify rules for rerouting purposes
- # 2. copy modified script to /jffs (or external storage, e.g., usb)
- # 3. make script executable:
- # chmod +x /jffs/ddwrt-pptp-redirect-vpn-to-wan.sh
- # 4. call script from startup script:
- # /jffs/ddwrt-pptp-redirect-vpn-to-wan.sh
- # 5. for pptp over the wan, enable dual access mode (important!)
- # 6. enable syslogd service (required for debug mode)
- # 7. (re)start pptp client
- # limitations:
- # - rules only support source ip/network/interface and destination
- # ip/network; split tunneling within any given source or destination
- # (protocol, port, etc.) is NOT supported
- # - rules do NOT support domain names (e.g., google.com)
- # Special Note:
- # This script assumes the PPTP client has changed the default gateway
- # from the WAN/ISP to the VPN. That is only true if you use PPTP (client)
- # over the WAN, or use the PPTP Client on the Services tab *and* leave the
- # Remote Subnet and Remote Subnet Mask fields unspecified (0.0.0.0/0.0.0.0).
- (
- [ "${DEBUG+x}" ] && set -x
- add_rules() {
- # ---------------------------------------------------------------------------- #
- # * the order of rules doesn't matter (there is no order of precedence)
- # * if any rule matches, those packets are rerouted to the WAN
- # ---------------------------------------------------------------------------- #
- # ------------------------------- BEGIN RULES -------------------------------- #
- # specify source IP(s)/network(s)/interface(s)
- $ADD_RULE iif br1 # guest network
- $ADD_RULE from 192.168.1.7 # mary's pc
- $ADD_RULE from 192.168.1.113
- $ADD_RULE from 192.168.2.0/24 # iot network
- # specify destination IP(s)/network(s)
- $ADD_RULE to 4.79.142.0/24 # grc.com
- $ADD_RULE to 172.217.6.142 # maps.google.com
- # specify source + destination
- $ADD_RULE iif br2 to 121.121.121.121
- $ADD_RULE from 192.168.1.112 to 104.25.112.26 # ipchicken.com
- $ADD_RULE from 192.168.1.112 to 104.25.113.26 # ipchicken.com
- #$ADD_RULE from 192.168.1.112 to 45.79.3.202 # infobyip.com
- $ADD_RULE from 192.168.2.0/24 to 133.133.133.0/24
- # -------------------------------- END RULES --------------------------------- #
- }
- MAX_PASS=0 # max number of passes through routing tables (0=infinite)
- SLEEP=60 # time (in secs) between each pass
- # working directory
- WORK_DIR="/tmp/ddwrt_pptp_redirect_vpn_to_wan"
- mkdir -p $WORK_DIR
- # ---------------------- DO NOT CHANGE BELOW THIS LINE ----------------------- #
- TID="200"
- WANUP_IP="8.8.8.8" # Google DNS
- WAN_IF="$(route -n | awk '/^0.0.0.0/{wif=$NF} END {print wif}')"
- ADD_RULE="ip rule add table $TID "
- # wait for WAN to come up
- while ! ping -qc1 -w3 $WANUP_IP >/dev/null 2>&1; do sleep 10; done; sleep 3
- # cleanup from possible prior execution
- (
- ip route flush table $TID
- ip route flush cache
- while ip rule del from 0/0 to 0/0 table $TID; do :; done
- ) 2>/dev/null
- # start split tunnel
- add_rules
- # initialize this run thru sync
- pass_count=0
- wan_gw=""
- ROUTES="$WORK_DIR/routes"
- while :; do
- # initialize this pass thru sync
- pass_count=$((pass_count + 1))
- table_changed=false
- # keep default gateway in pbr synchronized w/ WAN
- if [ "$wan_gw" != "$(nvram get wan_gateway_buf)" ]; then
- if ip route rep default via $(nvram get wan_gateway_buf) table $TID; then
- table_changed=true
- wan_gw="$(nvram get wan_gateway_buf)"
- fi
- fi
- echo "$(ip route show | grep -Ev '^default')" > $ROUTES
- # add routes to pbr found in main routing table
- while read route; do
- if ! ip route show table $TID | grep -q "$route"; then
- ip route add $route table $TID && table_changed=true
- fi
- done < $ROUTES
- echo "$(ip route show table $TID | grep -Ev '^default')" > $ROUTES
- # remove routes from pbr not found in main routing table
- while read route; do
- if ! ip route show | grep -q "$route"; then
- ip route del $route table $TID && table_changed=true
- fi
- done < $ROUTES
- # force routing system to recognize changes
- [[ $table_changed == true ]] && ip route flush cache
- # quit if we've reached any execution limits
- [ $MAX_PASS -gt 0 ] && [ $pass_count -ge $MAX_PASS ] && break
- # put it bed for a while
- [ $SLEEP -gt 0 ] && sleep $SLEEP
- done
- # cleanup
- rm -f $ROUTES
- echo "done"
- exit 0
- ) 2>&1 | logger -t $(basename $0)[$$] &
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement