The other "Source based routing" section paragraphs the paras 3&4 client IP changed but otherwise I followed the instructions.
I got it to work manually, I entered the UP/DOWN script commands manually in Putty and the client IP did go through the VPN and other IPs did not, so works for me.
The issue I have is that when I set-up OpenVPN to use the UP/DOWN scripts I get the following error in the System Log: "daemon.err openvpn(PIA_NLD_AES128)[849]: WARNING: Failed running command (--up/--down): could not execute external program"
I set via LUCI GUI the following in the OpenVPN client setup:
route-noexec
script-security 2
up /etc/openvpn/upvpn
down-pre
down /etc/openvpn/downvpn
Saved and stop/restarts multiple time to troubleshoot.
My scripts are: /etc/openvpn/upvpn and /etc/openvpn/downvpn permissions are 0777 and user group 00 (via filezilla).
Example Up script is:
#!/bin/sh
client=192.168.1.199
tun_dev=$1
tun_mtu=$2
link_mtu=$3
ifconfig_local_ip=$4
ifconfig_remote_ip=$5
echo "Routing client $client traffic through VPN"
ip rule add from $client priority 10 table vpn
ip route add $client dev $tun_dev table vpn
ip route add default via $ifconfig_remote_ip dev $tun_dev table vpn
ip route flush cache
**Question is: **
How do I get OpenVPN to execute the UP/DOWN scripts correctly in OpenWRT "LEDE-STABLE Reboot 17.01-SNAPSHOT r3267-f4fc12f / LuCI lede-17.01 branch (git-17.061.45451-2fe510b)"?
ip route add default via $route_vpn_gateway dev $dev table 10
ip rule add from $ifconfig_local/32 table 10
ip rule add to $route_vpn_gateway/32 table 10
for y in ip -4 a|grep 'wlan0\|eth1'|grep inet|grep global|awk {'print $2'}; do
a=echo $y|sed 's/\.[0-9]*\/[0-9]*/.1/'
ip rule add from $a lookup main pref 100
b=echo $y|sed 's/\.[0-9]*\//\.0\//'
ip rule add from $b table 10 pref 101
echo "$a $b"
done
ip route flush cache
down script
#!/bin/sh
for rule in $(ip rule list |grep -v "all lookup"|awk -F ":" '{ print $1 }');do ip rule delete pref $rule;done
I tried your settings exactly and I get the same error:
daemon.err openvpn(PIA_NLD_AES128)[27312]: WARNING: Failed running command (--up/--down): could not execute external program
I think it is not linked to the script commands themselves but permissions that OpenVPN needs to call and run any scripts. Maybe running as root or another user/group is the issue.
Anyone have any ideas?
Edit: PS Output via Putty:
28040 root 2976 S /usr/sbin/openvpn --syslog openvpn(PIA_NLD_AES128) --status /var/run/openvpn.PIA_NLD_AES128.status --cd /var/etc --config openvpn-PIA_NLD_AES128.co
@ stangri - If you get tired of trying to make external scripts work and try out this I'd appreciate feedback.
I did try your routing package and it worked great for me but I had to compile an image and it was based on the latest packages that gave me a lot of disconnects and other problems not related to your package.
I went to the LEDE Stable build and it is rock solid for me but I cannot install your packages due to DNSMASQ-FULL and IPSET dependencies errors and they will not install.
I do not have enough knowledge to figure out how to overcome this problem.
So I looked for something else that was simple as I have a simple need but it seems to be complicated also with a lot of errors.
I need to install the package dnsmasq-full prior to your routing package and when I am using LEDE Stable it will not allow me to install it due to dependencies errors.
Maybe a quick guide in the readme on how to install the required packages avoiding dependencies errors for newbie users like me?