VPN client

This is where you can find the latest ADM official release. Feel free to discuss any questions regarding it here.

Moderator: Lillian.W@AST

Post Reply
jotenakis
Posts: 10
youtube meble na wymiar Warszawa
Joined: Tue May 14, 2013 1:44 am

VPN client

Post by jotenakis »

Hello everyone,
I am looking at vpn client feature.
Is there a way to run a script upon connection ON and another one when OFF ?
Is there a way to route the vpn flow to a dedicated local interface ONLY, for example 192.168.1.0 so that we can have an app binded to that interface (transmission) ?
Is there a way to check vpn connection continuously and send email whe OFF ?
I do the same with a RPI today.

Thanks
User avatar
mafredri
Posts: 371
Joined: Sat Mar 22, 2014 8:41 am

Re: VPN client

Post by mafredri »

Unfortunately, I don't know of any pre-packaged solution that takes care of all your requirements, but if you're interested in pursuing it by yourself...
Is there a way to run a script upon connection ON and another one when OFF ?
It's possible if you're willing to run it manually in the terminal (or service).

For example, here's a script that you could run in a tmux:

Code: Select all

#!/bin/sh

# Run script provided by VPN-Server in App Central to enable kernel modules.
/etc/script/vpn.sh insmod

quit() {
    echo "* Killing openvpn"
    kill %1
    sleep 2
    echo "* Executing vpn.sh rmmod"
    /etc/script/vpn.sh rmmod
    echo "* Executing vpn.sh rmmod"
    /etc/script/vpn.sh rmmod
    exit 0
}

trap quit INT TERM

while true; do
    openvpn --config /root/openvpn/myconfig.ovpn \
        --mute-replay-warnings \
        --script-security 2 \
        --route-up /root/openvpn/route-up.sh &
    wait

    # VPN IS DOWN, SEND EMAIL?
    #sendmail ...

    # Delay before retrying.
    sleep 5
done
This could also be turned into a service that runs on startup of the NAS.
Is there a way to route the vpn flow to a dedicated local interface ONLY, for example 192.168.1.0 so that we can have an app binded to that interface (transmission) ?
You could do this in the `route-up.sh` script referenced above, but this required knowledge of IP routing and perhaps better tools than the ones included in busybox. I use something like this, for example:

Code: Select all

IP=/root/openvpn/ip
ETH=eth0
TUN=tun0

# Cleanup
$IP route flush table 42

$IP route add $trusted_ip via $route_net_gateway dev $ETH
$IP route add xxx.xxx.0.0/1 via $ifconfig_remote dev $TUN
$IP route add 0.0.0.0/1 via $ifconfig_remote dev $TUN table 42

$IP rule del from all to $ifconfig_local lookup 42
$IP rule del from $ifconfig_local lookup 42
$IP rule add from all to $ifconfig_local lookup 42
$IP rule add from $ifconfig_local lookup 42
Here I create a new lookup table (42) which routes all traffic via the VPN tunnel, then I force all traffic on the $TUN interface to use the new lookup table.

(NOTE: I use the ip command from iproute2, if you're interested I can provide you with a binary for your platform, it's much more powerful than the busybox one).
Is there a way to check vpn connection continuously and send email whe OFF ?
The script above notices when the connection goes down (because openvpn exists), and sends an email (when uncommented and used correctly).


NOTE: This is not a ready tailor-made solution for you, but it provides you the building blocks if you're interested in pursuing.


Regards,
Mathias
Hi, I'm new here. Looking to be active in the community and help with development :).
Storage: AS-604T with 3GB RAM (Kingston KVR1333D3S8S9/2G)
User avatar
mafredri
Posts: 371
Joined: Sat Mar 22, 2014 8:41 am

Re: VPN client

Post by mafredri »

PS. For transmission, you must modify `settings.json` and set/add

Code: Select all

    "bind-address-ipv4": "192.168.0.1",
In this case, 192.168.0.1 is the address of the interface you want to bind to, could be any IP. If you have an IPv6 address, you should (also) set bind-address-ipv6.

Transmission must be stopped BEFORE making the change, and started AFTER the setting has been applied.
Hi, I'm new here. Looking to be active in the community and help with development :).
Storage: AS-604T with 3GB RAM (Kingston KVR1333D3S8S9/2G)
jotenakis
Posts: 10
Joined: Tue May 14, 2013 1:44 am

Re: VPN client

Post by jotenakis »

thanks, it looks I can do the same as I am doing now on a Rpi !
I will have a look this week-end
jotenakis
Posts: 10
Joined: Tue May 14, 2013 1:44 am

Re: VPN client

Post by jotenakis »

1st question : are we sure manual conf won't be deleted following an ADM update ?
Post Reply

Return to “[Official] For AS-60X Series”