Jump to content
Not connected, Your IP: 3.144.216.188
AirVPN
Sign in to follow this  
Followers 0
fawkesguy

DD-WRT iptables question

By fawkesguy, ... in General & Suggestions

Recommended Posts

fawkesguy    0

fawkesguy
Posted ...

Hi everyone,

This is a bit long, so please bear with me. :-)

First off, I'm not very tech savvy - getting my router (Netgear WNDR4000) working with DD-WRT and AirVPN is the result of much searching, copying and pasting......not my ability. :-)

Anyway, here's my issue. Here's the setup:

I have three devices that I want to bypass the VPN. This is how I've done it.

nvram set no_vpn_lst="192.168.1.51 192.168.1.50 192.168.1.110 "

nvram commit

Then this is my startup script:

#!/bin/sh

sleep 30

NO_VPN_LST=`nvram get no_vpn_lst`

[ -z $NO_VPN_LST ] && exit 0

WAN_GWAY="0.0.0.0"

while [ $WAN_GWAY == "0.0.0.0" ]; do

sleep 3

WAN_GWAY=`nvram get wan_gateway`

done

ip route add default via $WAN_GWAY table 10

for ipa in $NO_VPN_LST; do

ip rule add from $ipa table 10

done

ip route flush cache

exit 0

That all works fine. Those three IP's bypass the VPN. Great.

Here is what's in my firewall:

iptables -I FORWARD -i br0 -o tun1 -j ACCEPT

iptables -I FORWARD -i tun1 -o br0 -j ACCEPT

iptables -I FORWARD -i br0 -o vlan2 -j DROP

iptables -I INPUT -i tun1 -j REJECT

iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE

iptables -t nat -I PREROUTING -i tun1 -p tcp --dport 2076 -j DNAT --to-destination 192.168.1.111

iptables -t nat -I PREROUTING -i tun1 -p udp --dport 2076 -j DNAT --to-destination 192.168.1.111

This line: "iptables -I FORWARD -i br0 -o vlan2 -j DROP" is what stops all traffic if the VPN goes down. I've tested it and it works great. However, it also stops the three IP's mentioned above from accessing the Internet as well. If I remove that line, those three IP's are outside of the VPN and work fine. But then the rest of my network (which is going through the VPN) will continue to access the Internet even if the VPN goes down.

My question is, how do I allow those three IP's to bypass the VPN and always have access even if the VPN drops, while stopping everything else (which is going through the VPN) if the VPN drops?

I hope that all makes sense. I'd appreciate any help.

Thanks

Guy

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...