SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > Wireless Networking > ASUS Wireless > Asuswrt-Merlin

Reply
 
Thread Tools Search this Thread Display Modes
  #21  
Old 11-05-2014, 08:55 AM
saffron saffron is offline
New Member
 
Join Date: Oct 2014
Posts: 17
Thanks: 0
Thanked 3 Times in 2 Posts
saffron is just starting out
Default

Quote:
Originally Posted by PorscheT View Post
Interesting... looking forward to hearing your findings. Would love to get this working.
Basic steps here for RT-AC68U
http://www.smallnetbuilder.com/forum...510#post148510

There is some scripting involved but SSH/telnet and jffs is optional.

Last edited by saffron; 11-05-2014 at 08:58 AM.
Reply With Quote
  #22  
Old 11-13-2014, 11:15 PM
saffron saffron is offline
New Member
 
Join Date: Oct 2014
Posts: 17
Thanks: 0
Thanked 3 Times in 2 Posts
saffron is just starting out
Default Openvpn Client 1 on primary wireless and Client 2 on guest wireless 1

Tested on RT-AC68U and Merlin 376.47

I've had this connection up for over 24 hours. A third SSID for ISP was really unstable and not recommended - vlans and Asus don't really mix.

1. Setup the guest wireless
2. Setup the 2 openvpn clients and have them start with wan
3. Add to wan-start
Code:
#!/bin/sh

# guest wireless wl0.1 DHCP
killall dnsmasq
sleep 2

echo "interface=wl0.1" >> /etc/dnsmasq.conf
echo "dhcp-range=wl0.1,192.168.2.2,192.168.2.254,255.255.255.0,86400s" >> /etc/dnsmasq.conf
echo "dhcp-option=wl0.1,3,192.168.2.1" >> /etc/dnsmasq.conf
dnsmasq --log-async
sleep 2

# guest wireless assignment
ifconfig wl0.1 192.168.2.1 netmask 255.255.255.0

# guest wireless bridge
# gets around asus vlan shortcomings
ebtables -t broute -I BROUTING -p ipv4 -i wl0.1 -j DROP
ebtables -t broute -I BROUTING -p arp -i wl0.1 -j DROP

# guest wireless firewall
iptables -I INPUT -i wl0.1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i wl0.1 -o tun12 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.2.0/24 -o tun12 -j MASQUERADE

# primary wireless firewall
iptables -I INPUT -i wl0.0 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i wl0.0 -o tun11 -j ACCEPT
4. Add to /jffs/scripts/vpn-route-up.sh
Code:
#!/bin/sh

# This script goes in /jffs/scripts/vpn-route-up.sh

# Add the following to the OpenVPN configs
# route-nopull (Don't accept routes from server)
# route-up /jffs/scripts/vpn-route-up.sh


# clear tun11 (client 1) table, if exists
ip route flush table 11
ip route del default table 11

# clear tun12 (client 2) table, if exists
ip route flush table 12
ip route del default table 12

# not strictly necessary but speeds up routing changes
ip route flush cache

# get tunnel ips
tun11_ip=$(ifconfig tun11 | grep 'inet addr:'| cut -d: -f2 | awk '{ print $1}')
tun12_ip=$(ifconfig tun12 | grep 'inet addr:'| cut -d: -f2 | awk '{ print $1}')

# routing table for tun11 with divert rule
ip route add default via $tun11_ip dev tun11 table 11
ip rule add dev br0 table 11

# routing table for tun12 with divert rule
ip route add default via $tun12_ip dev tun12 table 12
ip rule add dev wl0.1 table 12

# not strictly necessary but speeds up routing changes
ip route flush cache

exit 0
5. Reboot

Scripts based on previous by Jobongo and Martineau

Last edited by saffron; 11-13-2014 at 11:17 PM.
Reply With Quote
  #23  
Old 11-18-2014, 10:10 PM
saffron saffron is offline
New Member
 
Join Date: Oct 2014
Posts: 17
Thanks: 0
Thanked 3 Times in 2 Posts
saffron is just starting out
Default ISP on primary wireless and Vpn Client 1 on guest wireless 1

Tested with RT-AC68U and Merlin 376.47

Scripts put regular ISP on regular SSID (2.4ghz) and vpn client 1 on guest wireless 1 (2.4ghz)

My WAN connection type is IP. I'm not sure if this would work with PPPoE.

wan-start (make sure it's executable- chmod 755 wan-start)
Code:
#!/bin/sh

# guest wireless wl0.1 DHCP
killall dnsmasq
sleep 2

echo "interface=wl0.1" >> /etc/dnsmasq.conf
echo "dhcp-range=wl0.1,192.168.2.2,192.168.2.254,255.255.255.0,21600s" >> /etc/dnsmasq.conf
echo "dhcp-option=wl0.1,3,192.168.2.1" >> /etc/dnsmasq.conf
dnsmasq --log-async
sleep 2

# guest wireless assignment
ifconfig wl0.1 192.168.2.1 netmask 255.255.255.0

# guest wireless bridge
ebtables -t broute -I BROUTING -p ipv4 -i wl0.1 -j DROP
ebtables -t broute -I BROUTING -p arp -i wl0.1 -j DROP

# guest wireless firewall. vpn kill switch is in built.
iptables -I INPUT -i wl0.1 -m state --state NEW -j ACCEPT
iptables -I FORWARD -i wl0.1 -o tun11 -j ACCEPT
iptables -t nat -I POSTROUTING -s 192.168.2.0/24 -o tun11 -j MASQUERADE


#optional. block all ports on vpn except: dns(53),http(80),https(443)
iptables -I FORWARD -i wl0.1 -s 192.168.2.0/24 -o tun11 -p tcp -m multiport ! --port 53,80,443 -j DROP
iptables -I FORWARD -i wl0.1 -s 192.168.2.0/24 -o tun11 -p udp -m multiport ! --port 53,443 -j DROP
vpn-route-up.sh (make sure it's executable- chmod 755 vpn-route-up.sh)
Code:
#!/bin/sh

# This script goes in /jffs/scripts/vpn-route-up.sh

# Add the following to the OpenVPN configs
# route-nopull
# route-up /jffs/scripts/vpn-route-up.sh


# clear tun11 (client 1) table, if exists
ip route flush table 11
ip route del default table 11

# not strictly necessary but speeds up routing changes
ip route flush cache


# get tunnel ip
tun11_ip=$(ifconfig tun11 | grep 'inet addr:'| cut -d: -f2 | awk '{ print $1}')

# routing table for tun11 with divert rule
ip route add default via $tun11_ip dev tun11 table 11
ip rule add dev wl0.1 table 11


# not strictly necessary
ip route flush cache

#optional. force vpn to default to google dns
DNS_SERVER="8.8.8.8 8.8.4.4"
for ip in $DNS_SERVER
do
iptables -t nat -A PREROUTING -i wl0.1 -p udp --dport 53 -j DNAT --to $ip
iptables -t nat -A PREROUTING -i wl0.1 -p tcp --dport 53 -j DNAT --to $ip
done


exit 0
Reply With Quote
The Following User Says Thank You to saffron For This Useful Post:
  #24  
Old 11-19-2014, 03:03 AM
phaelium phaelium is offline
New Member
 
Join Date: Jan 2014
Location: Vancouver
Posts: 5
Thanks: 4
Thanked 0 Times in 0 Posts
phaelium is just starting out
Default

Hey Saffron

Thanks for all your hard work, this looks really close to what I need.

Would you mind helping me with this?


How would I modify your asuswrt script above to do this:

Primary/Default SSID/LAN (physically cabled, 2.4 and 5Ghz Wifi) all go out OpenVPN client connection to PIA.

Guest SSID (2.4 and 5 Ghz, wl0.1 and wl1.1) go out regular WAN (non VPN) and cannot access primary SSID or LAN.


Thank you!
Reply With Quote
  #25  
Old 01-07-2015, 08:17 PM
brownstein brownstein is offline
New Member
 
Join Date: Jan 2015
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
brownstein is just starting out
Default

Can someone post a script example using L2TP vice openvpn? my speeds are too slow using openvpn and I cannot seem to get PPTP to work with privateinternetaccess configs.
Reply With Quote
  #26  
Old 01-10-2015, 01:11 AM
brtravel brtravel is offline
New Member
 
Join Date: Jan 2015
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
brtravel is just starting out
Default

Quote:
Originally Posted by saffron View Post
Basic steps here for RT-AC68U
http://www.smallnetbuilder.com/forum...510#post148510

There is some scripting involved but SSH/telnet and jffs is optional.
Any idea why this thread seems to be gone?

-------------------------------

I'm going to be traveling for a while and want to get a router setup with two VPN locations over two SSIDs so I can quickly geolocate any of my devices to two different places by changing networks. I've played with Tomato a bit, and got a single instance of OpenVPN working on it, but I don't have a Merlin compatible router. From what I'm reading here, this sounds very doable with Merlin, correct?
Reply With Quote
  #27  
Old 01-11-2015, 03:45 AM
jammin jammin is offline
New Member
 
Join Date: Jan 2015
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
jammin is just starting out
Default

Quote:
Originally Posted by brtravel View Post
Any idea why this thread seems to be gone?
Try this:
http://forums.smallnetbuilder.com/sh...510#post148510
Reply With Quote
  #28  
Old 01-26-2015, 10:19 AM
bilboSNB bilboSNB is offline
Senior Member
 
Join Date: Oct 2011
Location: Isle of Man
Posts: 118
Thanks: 28
Thanked 6 Times in 5 Posts
bilboSNB is just starting out
Default

Should this script (per the wiki) work with the gui openvpn client?

I have had a go but at present its not quite working.
__________________
N66U Merlins latest FW

Last edited by bilboSNB; 01-26-2015 at 11:29 AM.
Reply With Quote
  #29  
Old 01-28-2015, 04:19 PM
Phycopat Phycopat is online now
New Member
 
Join Date: Jan 2015
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Phycopat is just starting out
Default Dosent work..

Hello all..
Have tryed to make this working all night. No luck

I'm on 376.49_5..

OpenVPN is working just fine in all, then i start to put in scripts errors come

All i would like is to have a SSID for VPN and rest of LAN(1-4) and other SSID for WAN..

Does 1 of you gurus have a guide ? Also did try that from wiki, no luck.,.

Config:

"wan-start & vpn-route-up.sh"


Right now i have WAN IP on local LAN
But no connection on wl0.1

Last edited by Phycopat; 01-28-2015 at 04:25 PM.
Reply With Quote
Reply

Tags
multiple, ssid, vpn

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -4. The time now is 03:39 PM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  527
john9527  187
System Error...  171
huotg01  160
stevech  150
L&LD  146
jegesq  139
hggomes  88
azazel1024  83
RussellInCinc...  71
RMerlin  6986
john9527  668
stevech  375
ryzhov_al  311
L&LD  275
TeHashX  271
RogerSC  211
hggomes  176
sinshiva  156
sfx2000  145
Most Viewed Threads* Hottest Threads*
Old [CLOSED]...  45323
Old SECURITY:...  18707
Old ASUS...  11002
Old ASUS...  8225
Old Asus...  5300
Old Asuswrt-Merli...  4434
Old choose a new...  3535
Old dd-wrt for...  2423
Old Bulding...  2343
Old Horrible...  2164
Old [CLOSED]...  338
Old Asus...  105
Old SECURITY:...  74
Old choose a new...  73
Old ASUS...  59
Old Asuswrt-Merli...  56
Old dd-wrt for...  46
Old What is dual...  44
Old ASUS...  43
Old Can you help...  40


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.
© 2006-2015 Pudai LLC All Rights Reserved.