Created
February 21, 2019 11:07
-
-
Save bjoern-r/cac3cb3fc2d3576477ab1487d14c9faf to your computer and use it in GitHub Desktop.
openvpn script to configure routes via different routing table
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# add to config | |
# --route-noexec | |
# --route-up script.sh | |
# --route-pre-down script.sh | |
echo "++++++++++++ $script_type ++++++++++++" | logger -t ovpn_route | |
#env | tee -a /tmp/vpn | |
#echo "--------------------------------------" | tee -a /tmp/vpn | |
case ${X509_0_CN} in | |
vpn-us.xx.me) | |
;; | |
vpn-nl.xx.me) | |
;; | |
*) | |
;; | |
esac | |
[ -z $RTABLE ] && RTABLE=vpntable | |
[ -z $redirect_gateway ] && redirect_gateway=1 | |
case ${script_type} in | |
route-up) | |
echo "Installing route..." | logger -t ovpn_route | |
# route_vpn_gateway=10.8.0.1 | |
# dev=tun0 | |
# ifconfig_broadcast=10.8.255.255 | |
# ifconfig_netmask=255.255.0.0 | |
# ifconfig_local=10.8.0.9 | |
# redirect_gateway=1 | |
#trusted_ip=185.107.94.249 | |
#route_net_gateway=192.168.178.1 | |
if [ $redirect_gateway -eq 1 ];then | |
echo ip route add 0.0.0.0/1 via $route_vpn_gateway table $RTABLE | logger -t ovpn_route | |
echo ip route add 128.0.0.0/1 via $route_vpn_gateway table $RTABLE | logger -t ovpn_route | |
ip route add 0.0.0.0/1 via $route_vpn_gateway table $RTABLE | |
ip route add 128.0.0.0/1 via $route_vpn_gateway table $RTABLE | |
fi | |
;; | |
route-pre-down) | |
echo "Removing routes..." | logger -t ovpn_route | |
if [ $redirect_gateway -eq 1 ];then | |
echo ip route del 0.0.0.0/1 via $route_vpn_gateway table $RTABLE | logger -t ovpn_route | |
echo ip route del 128.0.0.0/1 via $route_vpn_gateway table $RTABLE | logger -t ovpn_route | |
ip route del 0.0.0.0/1 via $route_vpn_gateway table $RTABLE | |
ip route del 128.0.0.0/1 via $route_vpn_gateway table $RTABLE | |
fi | |
;; | |
*) | |
echo "Unsupported script_type: '$script_type'" | |
esac |
forgot to mention to create the custom routing table:
cat /etc/iproute2/rt_tables
#
# reserved values
#
128 prelocal
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep
10 vpntable
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To redirect all traffic that comes from a specific interface (e.g. Wifi SSID) to the new routing table run this command:
ip rule add from all dev wlan0-1 lookup vpntable