Jump to content
TorGuard
  • 0

OpenVPN send only certain interfaces through VPN

Rate this question


dlc

Question

Forgive me if this has already been answered, or if the answer is obvious - I've quite dumb.

 

I'm using the script provided here OpenVPN Config Generator to create a startup script which connects me to my dedicated IP.

 

I'd like to forward only two interfaces through the VPN - let's set eth0 and wl0. I'd be OK with IP ranges as well.

 

I assume that I need to adjust the iptables portion of the script, but I'm not great with iptables at all.

 

Additionally, I don't have a Policy Based Routing field in my VPN Client UI (My UI) - I'd read setups which suggest all I have to do is include IP addresses there.

 

Below is the script I'm connecting with. Can anyone help?

 

Thanks for the help!

 

#!/bin/sh
 
USERNAME="MY_USERNAME"
PASSWORD="MY_PASSWORD"
 
PROTOCOL="udp"
# Add - delete - edit servers between ##BB## and ##EE##
REMOTE_SERVERS="
##BB##
remote MY_REMOTE_IP 80
##EE##
"
 
#### DO NOT CHANGE below this line unless you know exactly what youre doing ####
 
CA_CRT='-----BEGIN CERTIFICATE-----
MIIEwTCCA6mgAwIBAgIJAKROjebUHo0gMA0GCSqGSIb3DQEBBQUAMIGbMQswCQYD
VQQGEwJVUzELMAkGA1UECBMCRkwxEDAOBgNVBAcTB09ybGFuZG8xETAPBgNVBAoT
CFRvckd1YXJkMQwwCgYDVQQLEwNWUE4xEzARBgNVBAMTClRHLU9WUE4tQ0ExETAP
BgNVBCkTCFRvckd1YXJkMSQwIgYJKoZIhvcNAQkBFhVzeXNhZG1pbkB0b3JndWFy
ZC5uZXQwHhcNMTQwNDE3MTAwOTIzWhcNMjQwNDE0MTAwOTIzWjCBmzELMAkGA1UE
BhMCVVMxCzAJBgNVBAgTAkZMMRAwDgYDVQQHEwdPcmxhbmRvMREwDwYDVQQKEwhU
b3JHdWFyZDEMMAoGA1UECxMDVlBOMRMwEQYDVQQDEwpURy1PVlBOLUNBMREwDwYD
VQQpEwhUb3JHdWFyZDEkMCIGCSqGSIb3DQEJARYVc3lzYWRtaW5AdG9yZ3VhcmQu
bmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAws1hJzlbWKlm3DEO
XyQpmvtxwrsR4CIYMi8C6np5w74lTRYmGBcuuPqAT3ig2DnH9HNNFx1WWZbYO8pU
a1tdn7uYErJi4EP9/t2l3uXCNgoWYVdVP1j5EXIY1oacOv9srbNZHeWpxHIb1wZr
1i4sLsdaifOibgVZI91FATXGrVdFDaQb2OjyJrFW8b4xbC8pBJxQDzqPeu9mkVpu
OhBuU+dM+9h+8Bj0tpdAernEAt8CbHIywe9Rjm0JLrYmCPKuB5ldVgG3rYQWFa3X
YWjrWtr//nGM4f4WKOFc2PHWA2gI3JwdynTNLsB9NQi0N7hhR6lmtCMeqHlm0oAz
4Ad4gQIDAQABo4IBBDCCAQAwHQYDVR0OBBYEFJvAPA1gnlD/majxi+43jL0XDfqQ
MIHQBgNVHSMEgcgwgcWAFJvAPA1gnlD/majxi+43jL0XDfqQoYGhpIGeMIGbMQsw
CQYDVQQGEwJVUzELMAkGA1UECBMCRkwxEDAOBgNVBAcTB09ybGFuZG8xETAPBgNV
BAoTCFRvckd1YXJkMQwwCgYDVQQLEwNWUE4xEzARBgNVBAMTClRHLU9WUE4tQ0Ex
ETAPBgNVBCkTCFRvckd1YXJkMSQwIgYJKoZIhvcNAQkBFhVzeXNhZG1pbkB0b3Jn
dWFyZC5uZXSCCQCkTo3m1B6NIDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUA
A4IBAQBRG46DnL/8EAPbi/eOQli5WO7lRHYyZJdlLUMlsnwkp6Ul6BMJq8q3UX3z
+pqDf3wzj94y/IpGQgE4l0fgAdwf/C7F533TSwU/vi+5PDWfwD2WmGqVmcmXn6Rp
9Fwr+oryRw8GfsVBLZHTkWF1RZrRAr8hWZhNySGFwSXlEIicvNy+9mlFhk2Nb46w
ioZKc1Lc7/okeXNWHPv6Dlm39TcNBpGX/xNoWBzqs1EtA1ZGvMcQHsKLfi3Nbaab
BYe08KWsfeZA+ih4BZ6y2E+x84NYHRebqijXTtHp35coyXllBL/+LBoZ86hKszEx
F3pjGU0+8NzvdPUbKndhzyPPnHF1
-----END CERTIFICATE-----'
 
OPVPNENABLE=`nvram get openvpncl_enable | awk '$1 == "0" {print $1}'`
 
if [ "$OPVPNENABLE" != 0 ]; then
   nvram set openvpncl_enable=0
   nvram commit
fi
 
sleep 10
mkdir /tmp/torguard; cd /tmp/torguard
echo -e "$USERNAME
$PASSWORD" > userpass.conf
echo "$CA_CRT" > ca.crt
echo "#!/bin/sh
iptables -t nat -I POSTROUTING -o tun+ -j MASQUERADE" > route-up.sh
echo "#!/bin/sh
iptables -t nat -D POSTROUTING -o tun+ -j MASQUERADE" > route-down.sh
chmod 644 ca.crt; chmod 600 userpass.conf; chmod 700 route-up.sh route-down.sh
sleep 10
echo "client
auth-user-pass /tmp/torguard/userpass.conf
management 127.0.0.1 5001
management-log-cache 50
dev tun0
proto $PROTOCOL
comp-lzo adaptive
fast-io
script-security 2
mtu-disc yes
verb 4
mute 5
cipher AES-128-CBC
auth sha1
tun-mtu 1500
resolv-retry infinite
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
log-append torguard.log
ca ca.crt
status-version 3
status status
daemon
$REMOTE_SERVERS" > torguard.conf
ln -s /tmp/torguard/torguard.log /tmp/torguard.log
ln -s /tmp/torguard/status /tmp/status
(killall openvpn; openvpn --config /tmp/torguard/torguard.conf --route-up /tmp/torguard/route-up.sh --down /tmp/torguard/route-down.sh) &
exit
Link to post
Share on other sites

1 answer to this question

Recommended Posts

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...