Closed GoogleCodeExporter closed 9 years ago
Remote LAN subnet is also set to 0.0.0.0
Original comment by ilia.ost...@gmail.com
on 29 Aug 2013 at 3:30
0.0.0.0 is not a valid IP address
Original comment by Dr.Sydorenko.O
on 30 Aug 2013 at 1:06
So what is the solution to pass all traffic through VPN?
Original comment by ilia.ost...@gmail.com
on 30 Aug 2013 at 1:08
You can use "Run script after (dis)connect to VPN server: "
Original comment by Dr.Sydorenko.O
on 30 Aug 2013 at 4:11
To ilia.ostroumov.
"Remote LAN subnet" fields intended only for static route. To redirect all
traffic through PPP VPN client, you needed add the default gateway via ppp5
interface. Please use "Run script after (dis)connect to VPN server:" for this.
Original comment by andy.pad...@gmail.com
on 31 Aug 2013 at 1:04
Hi,
You write
"To redirect all traffic through PPP VPN client, you needed add the default
gateway via ppp5 interface. Please use "Run script after (dis)connect to VPN
server:" for this."
How is this done? I am a newbie, and would be happy for any help here, as I
also want to pass all traffic through VPN.
Thanks :-)
Christian
Original comment by christia...@gmail.com
on 31 Aug 2013 at 6:54
You can find option "Run script after (dis)connect to VPN server:" at page
http://my.router/vpncli.asp
Original comment by Dr.Sydorenko.O
on 1 Sep 2013 at 1:16
Hi Dr. Sydorenko,
Thanks for the reply :-) :-)
I found the option "Run script after (dis)connect to VPN server:", but what
script do I need to run? is there a script that passes all traffic though the
VPN?
Kind regards,
Christian
Original comment by christia...@gmail.com
on 1 Sep 2013 at 1:25
add to func_ipup body:
func_ipup()
{
route add default gw $IPREMOTE metric 3 dev $IFNAME
}
add to func_ipdown body:
func_ipdown()
{
route del default gw $IPREMOTE metric 3 dev $IFNAME
}
Original comment by andy.pad...@gmail.com
on 1 Sep 2013 at 2:08
I tried everything. I modified the "Run script after (dis)connect to VPN
server:" script like instructed above. The VPN client connects fine, but my
local wireless traffic still doesn't go out using the VPN. Can someone please
give a detailed example of how to use this?
Thank you!
Original comment by ioang...@gmail.com
on 5 Sep 2013 at 4:25
[deleted comment]
What example?? You are guided on how to make it work. If it doesn't, then show
some settings, log errors first... e.g. routing tables on client and server
devices etc. I'm not sure, but it seems there are no magicians here ))
Eeemmmmm, let's assume that you use same networks, but they should be different
(for example 192.168.1.0/24 - server network, and 192.168.5.0/24 - client
network). You won't get it work if server and client ip addresses are equal
(192.168.1.1 by default)
Original comment by d...@soulblader.com
on 5 Sep 2013 at 9:12
And... how do you understand that local traffic is not being forwarded through
VPN?..
Original comment by d...@soulblader.com
on 5 Sep 2013 at 9:15
I'm connecting to tunnelr VPN service which provides PPTP. If I start the VPN
connection from my windows machine and I check my public IP, it would be the
one that tunnelr service provided me.
Now if I connect using the router's client to tunnelr pptp service, I can see
in the router's logs that the connection was established:
Sep 6 03:44:26 pppd[992]: Plugin pptp.so loaded.
Sep 6 03:44:26 pppd[992]: PPTP plugin version 0.8.5 compiled for pppd-2.4.5
Sep 6 03:44:26 pppd[993]: pppd 2.4.5 started by admin, uid 0
Sep 6 03:44:27 pppd[993]: Using interface ppp5
Sep 6 03:44:27 pppd[993]: Connect: ppp5 <--> pptp (31.143.133.168)
Sep 6 03:44:29 pppd[993]: CHAP authentication succeeded
Sep 6 03:44:29 pppd[993]: MPPE 128-bit stateless compression enabled
Sep 6 03:44:33 pppd[993]: local IP address 10.0.23.253
Sep 6 03:44:33 pppd[993]: remote IP address 10.0.16.1
Sep 6 03:44:33 pppd[993]: primary DNS address 10.0.16.1
Sep 6 03:44:33 pppd[993]: secondary DNS address 10.0.16.1
Sep 6 03:44:33 dnsmasq[433]: read /etc/hosts - 3 addresses
Sep 6 03:44:33 dnsmasq[433]: read /etc/storage/dnsmasq/hosts - 0 addresses
Sep 6 03:44:33 dnsmasq[433]: using nameserver 10.0.16.1#53
The "Run script after (dis)connect to VPN server:" is as follows:
#!/bin/sh
peer_lan="192.168.1.0"
peer_msk="255.255.255.0"
func_ipup()
{
route add default gw $IPREMOTE metric 3 dev $IFNAME
}
func_ipdown()
{
route del default gw $IPREMOTE metric 3 dev $IFNAME
}
case "$1" in
up)
func_ipup
;;
down)
func_ipdown
;;
esac
Now if I check my public IP, it's still the one that's not behind the VPN, the
IP that my ISP provided.
I know that there is something I'm doing wrong, but I'm not sure what.
Original comment by ioang...@gmail.com
on 6 Sep 2013 at 3:52
Greetings, in the end you may use:
iptables -t nat -A POSTROUTING -o <INTERFACE_NAME> -j MASQUERADE
Original comment by asdar...@gmail.com
on 8 Sep 2013 at 3:53
There is an issue with this script - it is reset to default after reboot
Original comment by ilia.ost...@gmail.com
on 19 Sep 2013 at 8:07
Hello, not sure if you're still having this problem, but I had to mess with the
routing table on the router. I was doing it manually, but I'll try to script it
sooner rather than later.
Once the VPN is connected, you need to do this:
1) Add a route to your VPN server (31.143.133.168) and force it to use your
ISP's address default gateway (ex: 1.1.1.1)
route add -net 31.143.133.168 netmask 255.255.255.255 gw 1.1.1.1
2) if you aren't using the above script, you need to add the default route
through the VPN
route add default gw 10.0.16.1 metric 3
3) Since the metric for the above route is higher than the one provided by your
ISP, you need to delete the existing route.
route del default gw 1.1.1.1
Your traffic should now be all routed over the VPN.
When you take the VPN down, you will need to do this:
1) delete the route through the VPN (if it's not already gone)
route del default gw 10.0.16.1
2) Add the default ISP route back (the one you deleted in step 3, above
route add default gw 1.1.1.1
I don't have access to my router from here, so I haven't tested the commands,
but that should be the gist of it.
Hope this helps.
Marc
Original comment by mra...@gmail.com
on 25 Sep 2013 at 1:40
Here's the quick script I've been using this evening. If anyone has any
suggestions to improve it, I am all ears:
#!/bin/sh
### Custom user script
### Called after internal VPN client connected/disconnected to remote VPN server
### $1 - action (up/down)
### $IFNAME - tunnel interface name (e.g. ppp5)
### $IPLOCAL - tunnel local IP address
### $IPREMOTE - tunnel remote IP address
### $DNS1 - peer DNS1
### $DNS2 - peer DNS2
# private LAN subnet behind a remote server (example)
peer_lan="192.168.99.0"
peer_msk="255.255.255.0"
### example: add static route to private LAN subnet behind a remote server
func_ipup()
{
ISP_GW=$(route -n | grep "^0\.0\.0\.0" | awk '{print $2}')
VPN_ENDPOINT=$(grep pptp_server /tmp/ppp/options.vpnc | tr -d \' | awk
'{print $2}')
#delete the default route
route del default gw $ISP_GW
# add specific route for VPN host
route add -net $VPN_ENDPOINT netmask 255.255.255.255 gw $ISP_GW
#add the new default route through the VPN
route add default gw $IPREMOTE
}
func_ipdown()
{
VPN_ENDPOINT=$(grep pptp_server /tmp/ppp/options.vpnc | tr -d \' | awk
'{print $2}')
ISP_GW=$(route -n | grep "^$VPN_ENDPOINT" | awk '{print $2}')
route del default gw $IPREMOTE
route del -net $VPN_ENDPOINT netmask 255.255.255.255 gw $ISP_GW
route add default gw $ISP_GW
}
case "$1" in
up)
func_ipup
;;
down)
func_ipdown
;;
esac
Original comment by mra...@gmail.com
on 26 Sep 2013 at 1:27
Hi Marc,
Thank you for the help. #17 works.
I tried the #18 script, but something didn't work. I didn't have time to see
what.
Original comment by ioang...@gmail.com
on 1 Oct 2013 at 8:19
After trying #17, #18 none of those work for me.
I have DNS VPN server that I connect to.
If I try those commands to get the VPN Server and ISP Gateway
func_ipup()
{
ISP_GW = correct one
VPN_ENDPOINT = correct one (if VPN has been connected)
}
func ipup()
{
ISP_GW = will give me a list of first (0) VPN gateway, (2) ISP Gateway
VPN_ENDPOINT = correct
}
Also tried both "orders" since they're different from #17 and #18 (delete ISP
GW first and last on the other for example)
It will "try" to connect to the VPN, but if I then decide to cancel it it I
have to disable VPN Client and reboot the router completely.
Also, the router becomes very unresponsible when trying to connect to the VPN.
So, I don't have I fixed VPN IP Address, since it's a DNS Server.
I might not have a fixed Gateway IP from the DNS Server.
Neither solution worked for me.
Error log:
Jan 1 00:00:16 pppd[577]: Using interface ppp5
Jan 1 00:00:16 pppd[577]: Connect: ppp5 <--> pptp (#)
Jan 1 00:00:16 pppd[577]: CHAP authentication succeeded
Jan 1 00:00:16 pppd[577]: MPPE 128-bit stateless compression enabled
Jan 1 00:00:19 pppd[577]: local IP address $IP_FROM_VPN
Jan 1 00:00:19 pppd[577]: remote IP address $GW_FROM_VPN
Jan 1 00:00:19 pppd[577]: primary DNS address $DNS_PRIMARY
Jan 1 00:00:19 pppd[577]: secondary DNS address $DNS_SECONDARY
Jan 1 00:00:26 NTP Scheduler: Synchronizing time to pool.ntp.org.
Jan 1 00:02:09 NTP Scheduler: Synchronizing time to time.nist.gov.
Jan 1 00:02:37 pppd[577]: No response to 6 echo-requests
Jan 1 00:02:37 pppd[577]: Serial link appears to be disconnected.
Jan 1 00:02:37 pppd[577]: Connect time 2.3 minutes.
Jan 1 00:02:37 pppd[577]: Sent 1020376421 bytes, received 0 bytes.
Jan 1 00:02:37 pppd[577]: MPPE disabled
Jan 1 00:02:40 pppd[577]: Connection terminated.
Jan 1 00:02:40 pppd[577]: Modem hangup
I have also tried changing between (for whatever it's worth)
peer_lan="192.168.1.0"
peer_lan="192.168.9.0"
peer_lan="192.168.99.0"
It says "connected" when I remove the script completely. So it connects, but it
can't be routed so the router send everything through the VPN.
Original comment by wiberg.j...@gmail.com
on 14 Oct 2013 at 4:27
Original issue reported on code.google.com by
ilia.ost...@gmail.com
on 29 Aug 2013 at 3:26