Can Internet Leak protection be combined with VPN bypass script? Both scripts provided but need help

Discussion in 'Tomato Firmware' started by Rockstead, Jan 18, 2014.

  1. Rockstead

    Rockstead Reformed Router Member

    I'm having a problem getting two scripts to work together on my router. Both work separately.

    The first is an Internet Leak Protection. It won't allow traffic if traffic isn't coming through VPN. I Have it placed in the Firewall section of scripts on my router.

    The second is a VPN bypass script that allows devices to bypass the VPN all together I have it placed in the WAN Up section of scripts on my router.

    The problem is, the devices being bypassed on the bypass script won't work with the first script running since all traffic has to go through the VPN, it's a fail safe to make sure my VPN is always working but I need it to ignore certain IPs.

    How do I get the best of both worlds? I need the IPs bypassing the VPN to ignore that firewall rule all together.

    Thank a lot, I'm sure a lot of VPN users would enjoy using these scripts.
  2. Rockstead

    Rockstead Reformed Router Member

    Had someone helping me out but it's not working exactly as it should. They modified the leak script and now the VPN bypass script works again, at least the IPs being bypassed actually work instead of being blocked by the previous leak script.

    The issue now is when I stop the OpenVPN service, the devices that aren't on the bypass should be blocked because the VPN is down and this was working prior to the below modification but now when the OpenVPN service is down, those devices hit my WAN and my real IP is exposed and they can reach they can hit the internet instead of being blocked.

    So now the problem is reversed.

    iptables -A FORWARD -m mark --mark 1 -j ACCEPT
    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -o vlan2 -m mark --mark 0 -j DROP
    iptables -A FORWARD -i br0 -o tun0 -j ACCEPT
    iptables -A FORWARD -i tun0 -o br0 -j ACCEPT
    iptables -A FORWARD -i br0 -o vlan2 -j DROP
    iptables -A INPUT -i tun0 -j REJECT
    iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
  3. Rockstead

    Rockstead Reformed Router Member

    Can anyone help, I'm sure a lot of people would want to use these scripts.

    Would be great if this was built in to Tomato.
  4. Rockstead

    Rockstead Reformed Router Member

    Is there a better solution? Does not seem to be much interest.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice