4 # Copyright (C) 2015 shibby
12 if [ "$SERVICE" == "client1" ]; then
15 elif [ "$SERVICE" == "client2" ]; then
19 echo "vpnrouting: Interface not found"
23 FIREWALL
="/etc/openvpn/fw/vpnrouting$ID.sh"
27 ip route flush table
$ID
29 RULE
=`ip rule | grep "lookup $ID" | wc -l`
30 if [ "$RULE" -gt 0 ]; then
31 ip rule del fwmark
$ID table
$ID
35 service firewall restart
37 ipset destroy vpnrouting
$ID
38 sed -i /etc
/dnsmasq.ipset
-e "/vpnrouting$ID/d"
40 logger vpnrouting
: clean-up
52 while [ $CONNECTED == "0" ]; do
53 VPN_GW
=`ifconfig $IFACE | awk '/inet addr/ {split ($2,A,":"); print A[2]}'`
54 if [ -n "$VPN_GW" ]; then
55 logger vpnrouting
: got gateway
for $IFACE - IP
$VPN_GW - ID
$ID
58 logger vpnrouting
: searching gateway
for $IFACE
63 #logger vpnrouting: Applying routing on VPN $SERVICE - Interface $IFACE - Table $ID - GW $VPN_GW
65 ip route add table
$ID default via
$VPN_GW dev
$IFACE
66 ip rule add fwmark
$ID table
$ID priority
1000
70 modprobe ip_set_hash_ip
71 ipset create vpnrouting
$ID hash:ip
73 echo "#!/bin/sh" > $FIREWALL
74 echo "echo 0 > /proc/sys/net/ipv4/conf/$IFACE/rp_filter" >> $FIREWALL
75 echo "echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter" >> $FIREWALL
76 echo "iptables -t mangle -A PREROUTING -m set --match-set vpnrouting$ID dst,src -j MARK --set-mark $ID" >> $FIREWALL
78 #example of routing_val: 1<2<8.8.8.8>1<1<1.2.3.4>1<3<domain.com>
79 VALUE
=`nvram get vpn_"$SERVICE"_routing_val`
83 for i
in $
(echo $VALUE |
tr ">" "\n")
85 VAL1
=`echo $i | cut -d "<" -f1`
86 VAL2
=`echo $i | cut -d "<" -f2`
87 VAL3
=`echo $i | cut -d "<" -f3`
89 #only if rule is enabled
90 if [ "$VAL1" == "1" ]; then
94 logger vpnrouting
: Type
: $VAL2 - add
$VAL3
95 echo "iptables -t mangle -A PREROUTING -s $VAL3 -j MARK --set-mark $ID" >> $FIREWALL
98 logger vpnrouting
: Type
: $VAL2 - add
$VAL3
99 echo "iptables -t mangle -A PREROUTING -d $VAL3 -j MARK --set-mark $ID" >> $FIREWALL
102 logger vpnrouting
: Type
: $VAL2 - add
$VAL3
103 echo "ipset=/$VAL3/vpnrouting$ID" >> /etc
/dnsmasq.ipset
105 #try to add ipset rule using forced query to DNS server
106 nslookup $VAL3 127.0.0.1 > /dev
/null
116 service firewall restart
118 if [ "$DNSMASQ" == "1" ]; then
119 service dnsmasq restart
127 echo "vpnrouting: unsupported command"