Continuing the discussion from OpenWrt L2TP PSK VPN to Ubiquiti USG:
Ok, almost everything is correct on my solution, but if for some way the internet connection gets down and then comes back again, the router may be unable to re-establish the VPN access, so as I like always to make better may solutions (sometimes requiring to re-done all the config), I though on posting this.
Proceed with the entire solution with the exception of editing the "br-lan" interfaces (if you done this revert the change on "DNS Server" line).
Ok, so this are the next steps, go to: Network > DHCP and DNS
DNS forwardings: /localdomainof.vpn/<LOCAL DNS SERVER IP OF THE VPN SITE, LIKE 10.0.0.10>
Domain whitelist: localdomainof.vpn
If you may need local service not requiring the extension like "service.localdomainof.vpn", add the "service" with its local IP on the VPN side part at: Network > Hostnames
Final touches, add the following lines on: System > Startup > Local Startup
echo "c <NAME OF VPN>" > /var/run/xl2tpd/l2tp-control
sleep 5
ppp0_ip=$(ifconfig ppp0 | grep inet | awk '{print $2}' | sed 's/addr://' | grep .)
ip route add <LOCAL NET OF THE VPN SITE, SOMETHING LIKE 10.0.0.0/16> dev ppp0 scope link src $ppp0_ip
iptables -t nat -A POSTROUTING -o br-lan -j MASQUERADE
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A FORWARD -j ACCEPT
echo '#!/bin/sh' >> /tmp/check.sh
echo 'ping -q -c 1 <SOME IP OF THE VPN SITE LIKE 10.0.0.10> > /dev/null' >> /tmp/check.sh
echo 'if [ $? -eq 0 ]' >> /tmp/check.sh
echo 'then' >> /tmp/check.sh
echo 'echo "VPN is Up!"' >> /tmp/check.sh
echo 'else' >> /tmp/check.sh
echo '/tmp/vpn.sh' >> /tmp/check.sh
echo 'fi' >> /tmp/check.sh
chmod +x /tmp/check.sh
echo '#!/bin/sh' >> /tmp/vpn.sh
echo 'ifconfig ppp0 > /dev/null' >> /tmp/vpn.sh
echo 'if [ $? -eq 0 ]' >> /tmp/vpn.sh
echo 'then' >> /tmp/vpn.sh
echo '/tmp/vpn1.sh' >> /tmp/vpn.sh
echo 'else' >> /tmp/vpn.sh
echo '/tmp/vpn2.sh' >> /tmp/vpn.sh
echo 'fi' >> /tmp/vpn.sh
chmod +x /tmp/vpn.sh
echo '#!/bin/sh' >> /tmp/vpn1.sh
echo 'ppp0_ip=$(ifconfig ppp0 | grep "inet addr" | cut -d ":" -f 2 | cut -d " " -f 1)' >> /tmp/vpn1.sh
echo 'ip route add <LOCAL NET OF THE VPN SITE, SOMETHING LIKE 10.0.0.0/16> dev ppp0 scope link src $ppp0_ip' >> /tmp/vpn1.sh
echo 'echo "VPN new IP is: $ppp0_ip"' >> /tmp/vpn1.sh
chmod +x /tmp/vpn1.sh
echo '#!/bin/sh' >> /tmp/vpn2.sh
echo 'echo "d <NAME OF VPN>" > /var/run/xl2tpd/l2tp-control' >> /tmp/vpn2.sh
echo 'sleep 5' >> /tmp/vpn2.sh
echo 'echo "c <NAME OF VPN>" > /var/run/xl2tpd/l2tp-control' >> /tmp/vpn2.sh
echo 'sleep 5' >> /tmp/vpn2.sh
echo 'ppp0_ip=$(ifconfig ppp0 | grep "inet addr" | cut -d ":" -f 2 | cut -d " " -f 1)' >> /tmp/vpn2.sh
echo 'ip route add <LOCAL NET OF THE VPN SITE, SOMETHING LIKE 10.0.0.0/16> dev ppp0 scope link src $ppp0_ip' >> /tmp/vpn2.sh
echo 'echo "VPN new IP is: $ppp0_ip"' >> /tmp/vpn2.sh
chmod +x /tmp/vpn2.sh
Create a cron job to run like every 5 minutes on: System > Scheduled Tasks
5 * * * * /tmp/check.sh
And... thats all folks!