Search the Community
Showing results for tags 'tomatousb'.
Found 1 result
-
My setup is this; Asus RT-N66U "Black knigth" running the shibby AIO version of TomatoUSB I've set up the 1st OpenVPN client (tun11) and am forcing all traffic from a specific (internal) IP though this connection. The above works really well so I wanted to setup up a wireless network were all clients that connects are added to a different subnet and all IPs in that subnet be forced through the 2nd OpenVPN client ( tun12 ). To this end I setup; - a new VLAN (br1) - a new Wireless SSID ( wl0.1 ) that is using that VLAN This works and clients can connect, get the correct IP and can access the net. I copied every setting from tun11 to tun12 I can connect the 2nd OpenVPN. When I start the scripts to force the subnet though the tunnel I get various DNS related errors in the client ( Android 5.1.1 with chrome browser ) unless I stick to refreshing an already loaded page, the page will show the correct vpn IP however ( simple php page with <?=$_SERVER['HTTP_X_FORWARDED_FOR'];?> ) It seems that somehow DNS isn't working for the 2nd connection, and I can't for the life of me figure out why. Trouble shooting I've done so far; Shutdown both VPNs and only start Client2 - no difference Routing br1 through Client1 works perfectly ( "ip rule add from 192.168.2.0/24 lookup 200" ) So I'm starting to think that there is something wrong with my settings for Client2; The relevant settings ( minus the VPN ip's as they are irrelevant ) - what am I missing / where did I screw up? Client 1 Client 2 Script -> firewall ( custom addition to the firewall rules ) iptables -I FORWARD -i br0 -o tun11 -j ACCEPT iptables -I FORWARD -i tun11 -o br0 -j ACCEPT iptables -I INPUT -i tun11 -j REJECT iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE iptables -I FORWARD -i br1 -o tun12 -j ACCEPT iptables -I FORWARD -i tun12 -o br1 -j ACCEPT iptables -I INPUT -i tun12 -j REJECT iptables -t nat -A POSTROUTING -o tun12 -j MASQUERADE the up/down scripts that takes care of the routing root@unknown:/tmp/home/root# cat /jffs/vpn1_up.sh #!/bin/sh #iptables -D OUTPUT -s 192.168.1.203 -j DROP ip route flush table 200 ip route flush cache ip rule add from 192.168.1.203 lookup 200 VPN_GW=`ifconfig tun11 | awk '/inet addr/ {split ($2,A,":"); print A[2]}'` ip route add table 200 default via $VPN_GW dev tun11 root@unknown:/tmp/home/root# cat /jffs/vpn1_down.sh #!/bin/sh #below line doesn't work #iptables -A OUTPUT -s 192.168.1.203 -j DROP ip rule del from 192.168.1.203 lookup 200 ip route flush cache root@unknown:/tmp/home/root# cat /jffs/vpn2_up.sh #!/bin/sh ip route flush table 210 ip route flush cache ip rule add from 192.168.2.0/24 lookup 210 VPN_GW2=`ifconfig tun12 | awk '/inet addr/ {split ($2,A,":"); print A[2]}'` ip route add table 210 default via $VPN_GW2 dev tun12 root@unknown:/tmp/home/root# cat /jffs/vpn2_down.sh #!/bin/sh ip rule del from 192.168.2.0/24 lookup 210 ip route flush cache