Jump to content
Not connected, Your IP: 3.14.132.43
AirVPN
Sign in to follow this  
Followers 0
kiikooo

Tomato routing with iptables

By kiikooo, ... in Eddie - AirVPN Client

Recommended Posts

kiikooo    0

kiikooo
Posted ...

Hello everyone,

 

This is my first post and hoping to find help for something that has been driving me crazy.

 

I have a tomato router set up and everything is working fine. My issue is that I need to disconnect ALL access to the internet if the vpn service drops. I am using iptables for that to drop the connection which works fine when I disable my vpn on the router and test it manually. My issue is when I am using a service that will only work through the vpn and the connection drops, It somehow detects that I am not connected through the vpn. Even though I immediately check my ip through the router and it seems the vpn is working fine.

 

So my guess is that while its reconnecting or something there is a moment where it connects through my local internet connection.

 

I am using this in my administration/scripts/firewall section of my tomato router:

 

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j DROP
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

 

Is there something I need to add on say reconnect that will ALWAYS make sure any device connected to the router will only be through the vpn? 

 

Also is br0 and vlan2 correct in this situation. (I do not really know since I copied and pasted)

 

Thanks

Share this post

Link to post

kiikooo    0

kiikooo
Posted ...

I figured out when it happens. So when I stop the vpn my internet drops as it should. Then I open a browser on the whats my ip page, I refresh and start the vpn on the tomato router and the page refreshes with my local ip. Then stops working till vpn connects then changes to vpn ip. 

 

So my question is how do I stop this from happening because I never want any device that is connected to ever be located locally.

 

Thanks

Share this post

Link to post

baldrick    2

baldrick
Posted ...

I am looking at this thread as I wish only to route some traffic through the VPN - as far as I can tell tun11 is client 1 and tun12 is client 2

 

http://www.linksysinfo.org/index.php?threads/route-only-specific-ports-through-vpn-openvpn.37240/

 

post 50 has something that may help you

 

In Firewall Script:
# Traffic through VPN allowed
iptables -I FORWARD 1 -s x.x.x.x -o tun11 -j ACCEPT
# Rule below not needed if no ports use WAN; y and z is any ports on x.x.x.x that still use WAN
iptables -I FORWARD 2 -s x.x.x.x -p tcp -m multiport --sport y,z -j ACCEPT
# By default all traffic not allowed; x.x.x.x is IP of device on VPN
iptables -I FORWARD 3 -s x.x.x.x -j DROP

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...