1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Pb config with VPN: script issue? LAN issue? ... I am lost now!!

Discussion in 'Tomato Firmware' started by jbesclapez, Jan 20, 2014.

  1. jbesclapez

    jbesclapez Serious Server Member

    Hi there,

    I have a modem Dlink DSL-320T and a routeur RT-N66U with tomato shibby AIO 116.
    I changed my LAN settings yesterday as I had problems with the modem. Modem was not bridged and now it is bridged! So now the routeur uses PPPOE for the internet.
    My VPN is running OK but not in the way i would like. I want all IPs from 192.168.1.50 to 192.168.1.99 to use the VPN. Not the other IPs!

    My modem is using a different subnet:
    192.168.0.1 / 255.255.0.0
    DHCP OFF

    My Routeur is using :
    192.168.1.2 / 255.255.255.0
    DHCP from 192.168.1.100 to 199
    (See below)

    [​IMG]


    Her is below the routing table with the VPN OFF:

    [​IMG]

    The VPN Settings are like that:
    [​IMG]
    [​IMG]

    [​IMG]

    The script in WAN UP is like below :
    Code:
    ip_range1="192.168.1.50-192.168.1.99"
    
    for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
    echo 0 > $i
    done
    
    ip route flush table 100
    ip route del default table 100
    ip rule del fwmark 1 table 100
    ip route flush cache
    iptables -t mangle -F PREROUTING
    
    
    iface_lst=`route | awk ' {print $8}'`
    for tun_if in $iface_lst; do
    if [ "$tun_if" = "tun11" ]; then
    exit 0
    elif [ "$tun_if" = "tun12" ]; then
    exit 0
    fi
    done
    
    ip route show table main | grep -Ev ^default | grep -Ev $tun_if \
    | while read ROUTE ; do
    ip route add table 100 $ROUTE
    done
    ip route add default table 100 via $(nvram get wan_gateway)
    ip rule add fwmark 1 table 100
    ip route flush cache
    
    
    # By default all traffic bypasses the VPN
    iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1
    
    # IP_RANGES - Uncomment as necessary
    iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range $ip_range1 -j MARK --set-mark 0
    When I start the VPN, all IPs use the VPN... and my routing table looks like that :
    [​IMG]

    So, what should i do to have only the iPs in the range using the VPN?

    Thanks for your help
     
  2. jbesclapez

    jbesclapez Serious Server Member

  3. jbesclapez

    jbesclapez Serious Server Member

  4. jbesclapez

    jbesclapez Serious Server Member

  5. jbesclapez

    jbesclapez Serious Server Member

  6. jbesclapez

    jbesclapez Serious Server Member

    Please someone help... i have no idea why my VPN is putting my static IPs in the VPN...
     
  7. PetervdM

    PetervdM Network Guru Member

    your router is using a /24 subnet which is part of the of the modem's /16 subnet. this might trigger unwanted side effects. or is this just a typo?
     
  8. Jorge Nerín

    Jorge Nerín Reformed Router Member

    You are using the TUN mode in the interface type, this mode is routed, you need a different subnet. You seem to want a bridge, the bridge mode is TAP, if you choose TAP then you'll have the option to let the DHCP server manage the assignations or to have a different range managed by openvpn.
     

Share This Page