Hello everyone,
I am looking at vpn client feature.
Is there a way to run a script upon connection ON and another one when OFF ?
Is there a way to route the vpn flow to a dedicated local interface ONLY, for example 192.168.1.0 so that we can have an app binded to that interface (transmission) ?
Is there a way to check vpn connection continuously and send email whe OFF ?
I do the same with a RPI today.
Thanks
VPN client
-
- Posts: 10
- youtube meble na wymiar Warszawa
- Joined: Tue May 14, 2013 1:44 am
- mafredri
- Posts: 371
- Joined: Sat Mar 22, 2014 8:41 am
Re: VPN client
Unfortunately, I don't know of any pre-packaged solution that takes care of all your requirements, but if you're interested in pursuing it by yourself...
For example, here's a script that you could run in a tmux:
This could also be turned into a service that runs on startup of the NAS.
Here I create a new lookup table (42) which routes all traffic via the VPN tunnel, then I force all traffic on the $TUN interface to use the new lookup table.
(NOTE: I use the ip command from iproute2, if you're interested I can provide you with a binary for your platform, it's much more powerful than the busybox one).
NOTE: This is not a ready tailor-made solution for you, but it provides you the building blocks if you're interested in pursuing.
Regards,
Mathias
It's possible if you're willing to run it manually in the terminal (or service).Is there a way to run a script upon connection ON and another one when OFF ?
For example, here's a script that you could run in a tmux:
Code: Select all
#!/bin/sh
# Run script provided by VPN-Server in App Central to enable kernel modules.
/etc/script/vpn.sh insmod
quit() {
echo "* Killing openvpn"
kill %1
sleep 2
echo "* Executing vpn.sh rmmod"
/etc/script/vpn.sh rmmod
echo "* Executing vpn.sh rmmod"
/etc/script/vpn.sh rmmod
exit 0
}
trap quit INT TERM
while true; do
openvpn --config /root/openvpn/myconfig.ovpn \
--mute-replay-warnings \
--script-security 2 \
--route-up /root/openvpn/route-up.sh &
wait
# VPN IS DOWN, SEND EMAIL?
#sendmail ...
# Delay before retrying.
sleep 5
done
You could do this in the `route-up.sh` script referenced above, but this required knowledge of IP routing and perhaps better tools than the ones included in busybox. I use something like this, for example:Is there a way to route the vpn flow to a dedicated local interface ONLY, for example 192.168.1.0 so that we can have an app binded to that interface (transmission) ?
Code: Select all
IP=/root/openvpn/ip
ETH=eth0
TUN=tun0
# Cleanup
$IP route flush table 42
$IP route add $trusted_ip via $route_net_gateway dev $ETH
$IP route add xxx.xxx.0.0/1 via $ifconfig_remote dev $TUN
$IP route add 0.0.0.0/1 via $ifconfig_remote dev $TUN table 42
$IP rule del from all to $ifconfig_local lookup 42
$IP rule del from $ifconfig_local lookup 42
$IP rule add from all to $ifconfig_local lookup 42
$IP rule add from $ifconfig_local lookup 42
(NOTE: I use the ip command from iproute2, if you're interested I can provide you with a binary for your platform, it's much more powerful than the busybox one).
The script above notices when the connection goes down (because openvpn exists), and sends an email (when uncommented and used correctly).Is there a way to check vpn connection continuously and send email whe OFF ?
NOTE: This is not a ready tailor-made solution for you, but it provides you the building blocks if you're interested in pursuing.
Regards,
Mathias
Hi, I'm new here. Looking to be active in the community and help with development .
Storage: AS-604T with 3GB RAM (Kingston KVR1333D3S8S9/2G)
Storage: AS-604T with 3GB RAM (Kingston KVR1333D3S8S9/2G)
- mafredri
- Posts: 371
- Joined: Sat Mar 22, 2014 8:41 am
Re: VPN client
PS. For transmission, you must modify `settings.json` and set/add
In this case, 192.168.0.1 is the address of the interface you want to bind to, could be any IP. If you have an IPv6 address, you should (also) set bind-address-ipv6.
Transmission must be stopped BEFORE making the change, and started AFTER the setting has been applied.
Code: Select all
"bind-address-ipv4": "192.168.0.1",
Transmission must be stopped BEFORE making the change, and started AFTER the setting has been applied.
Hi, I'm new here. Looking to be active in the community and help with development .
Storage: AS-604T with 3GB RAM (Kingston KVR1333D3S8S9/2G)
Storage: AS-604T with 3GB RAM (Kingston KVR1333D3S8S9/2G)
-
- Posts: 10
- Joined: Tue May 14, 2013 1:44 am
Re: VPN client
thanks, it looks I can do the same as I am doing now on a Rpi !
I will have a look this week-end
I will have a look this week-end
-
- Posts: 10
- Joined: Tue May 14, 2013 1:44 am
Re: VPN client
1st question : are we sure manual conf won't be deleted following an ADM update ?