It is currently Tue Jan 19, 2021 5:01 am
All times are UTC + 8 hours

VPN client

This is where you can find the latest ADM official release. Feel free to discuss any questions regarding it here.

VPN client

Postby jotenakis » Fri May 05, 2017 2:34 pm

Hello everyone,
I am looking at vpn client feature.
Is there a way to run a script upon connection ON and another one when OFF ?
Is there a way to route the vpn flow to a dedicated local interface ONLY, for example 192.168.1.0 so that we can have an app binded to that interface (transmission) ?
Is there a way to check vpn connection continuously and send email whe OFF ?
I do the same with a RPI today.

Thanks
jotenakis
 
Posts: 10
Joined: Tue May 14, 2013 1:44 am

Re: VPN client

Postby mafredri » Fri May 05, 2017 8:12 pm

Unfortunately, I don't know of any pre-packaged solution that takes care of all your requirements, but if you're interested in pursuing it by yourself...

Is there a way to run a script upon connection ON and another one when OFF ?


It's possible if you're willing to run it manually in the terminal (or service).

For example, here's a script that you could run in a tmux:

Code: Select all
#!/bin/sh

# Run script provided by VPN-Server in App Central to enable kernel modules.
/etc/script/vpn.sh insmod

quit() {
    echo "* Killing openvpn"
    kill %1
    sleep 2
    echo "* Executing vpn.sh rmmod"
    /etc/script/vpn.sh rmmod
    echo "* Executing vpn.sh rmmod"
    /etc/script/vpn.sh rmmod
    exit 0
}

trap quit INT TERM

while true; do
    openvpn --config /root/openvpn/myconfig.ovpn \
        --mute-replay-warnings \
        --script-security 2 \
        --route-up /root/openvpn/route-up.sh &
    wait

    # VPN IS DOWN, SEND EMAIL?
    #sendmail ...

    # Delay before retrying.
    sleep 5
done


This could also be turned into a service that runs on startup of the NAS.

Is there a way to route the vpn flow to a dedicated local interface ONLY, for example 192.168.1.0 so that we can have an app binded to that interface (transmission) ?


You could do this in the `route-up.sh` script referenced above, but this required knowledge of IP routing and perhaps better tools than the ones included in busybox. I use something like this, for example:

Code: Select all
IP=/root/openvpn/ip
ETH=eth0
TUN=tun0

# Cleanup
$IP route flush table 42

$IP route add $trusted_ip via $route_net_gateway dev $ETH
$IP route add xxx.xxx.0.0/1 via $ifconfig_remote dev $TUN
$IP route add 0.0.0.0/1 via $ifconfig_remote dev $TUN table 42

$IP rule del from all to $ifconfig_local lookup 42
$IP rule del from $ifconfig_local lookup 42
$IP rule add from all to $ifconfig_local lookup 42
$IP rule add from $ifconfig_local lookup 42


Here I create a new lookup table (42) which routes all traffic via the VPN tunnel, then I force all traffic on the $TUN interface to use the new lookup table.

(NOTE: I use the ip command from iproute2, if you're interested I can provide you with a binary for your platform, it's much more powerful than the busybox one).

Is there a way to check vpn connection continuously and send email whe OFF ?


The script above notices when the connection goes down (because openvpn exists), and sends an email (when uncommented and used correctly).


NOTE: This is not a ready tailor-made solution for you, but it provides you the building blocks if you're interested in pursuing.


Regards,
Mathias
Hi, I'm new here. Looking to be active in the community and help with development :).
Storage: AS-604T with 3GB RAM (Kingston KVR1333D3S8S9/2G)
User avatar
mafredri
 
Posts: 371
Joined: Sat Mar 22, 2014 8:41 am

Re: VPN client

Postby mafredri » Fri May 05, 2017 8:19 pm

PS. For transmission, you must modify `settings.json` and set/add

Code: Select all
    "bind-address-ipv4": "192.168.0.1",


In this case, 192.168.0.1 is the address of the interface you want to bind to, could be any IP. If you have an IPv6 address, you should (also) set bind-address-ipv6.

Transmission must be stopped BEFORE making the change, and started AFTER the setting has been applied.
Hi, I'm new here. Looking to be active in the community and help with development :).
Storage: AS-604T with 3GB RAM (Kingston KVR1333D3S8S9/2G)
User avatar
mafredri
 
Posts: 371
Joined: Sat Mar 22, 2014 8:41 am

Re: VPN client

Postby jotenakis » Sat May 06, 2017 2:20 am

thanks, it looks I can do the same as I am doing now on a Rpi !
I will have a look this week-end
jotenakis
 
Posts: 10
Joined: Tue May 14, 2013 1:44 am

Re: VPN client

Postby jotenakis » Sat May 06, 2017 3:11 am

1st question : are we sure manual conf won't be deleted following an ADM update ?
jotenakis
 
Posts: 10
Joined: Tue May 14, 2013 1:44 am

Return to [Official] For AS-60X Series

  • You cannot post new topics in this forum
    You cannot reply to topics in this forum
    You cannot edit your posts in this forum
    You cannot delete your posts in this forum
    You cannot post attachments in this forum
  • Who is online

    Users browsing this forum: No registered users and 3 guests