Develop your Cybersecurity Framework
Supply chain attacks, ransomware attacks, phishing, data breaches; all these types of attacks are on the rise, thanks to the expansion of the connected world. With greater expansion comes greater security risk.Recent comments
- After the initial Kong Mod 4 weeks 1 day ago
- Working the EXACT same 1 month 1 hour ago
- While the "5 Easy Steps" 1 month 1 week ago
- R8000P would be grate to see. 1 month 1 week ago
- Have a R8000 but ordered a 1 month 1 week ago
opps, sorry for the double post.
This is an up-to-date instruction for Voxel FW:
Suppose you have the configuration-file from your provider.
1 Rename the file to: nordvpn.ovpn
2 Edit nordvpn.ovpn by changing the "auth-user-pass" line to: auth-user-pass nordvpn.auth
3 Create nordvpn.auth. It shall contain exactly 2 lines. The 1st line with your (at NORD VPN) USERNAME, the 2nd line with PASSWORD.
4 Copy both files (nordvpn.ovpn and nordvpn.auth) to /etc/openvpn/config/client. (Remove all other files from there!)
5 Reboot or start manually: /etc/init.d/openvpn-client start
Good Luck!
Great thank you, but the nordvpn .ovpn file doesn't contain a username or password. That is entered direclty into dd-wrt.
They also have a section called aditional config that contains several lines of text. Where would I but that in this firmware?
Sorry for my bad English, I'm not native and must have expressed myself unclearly. I try again:
The nordvpn.ovpn file does not, and shall not, contain username and password.
Instead it contains a reference to another file with login credentilas (username+ password).
This line should be like this: auth-user-pass nordvpn.auth
As I wrote:
"3 Create nordvpn.auth. It shall contain exactly 2 lines. The 1st line with your (at NORD VPN) USERNAME, the 2nd line with PASSWORD."
Additional configurations simply goes directly into the nordvpn.ovpn file.
You can add them at the beginning of the file if you want.
ah, thank you very much!
Alright so I got the files on my stick and they copied over to the router. But vpn doesn't seem to be working. I can see the log file is being created, but how do I get it copied over to my computer so I can veiw it?
Log in with telnet and "print" the log-file to the "telnet console window":
cat /var/log/openvpn-client.log
Then copy and paste with the mouse.
New to this custom firmware on a router and working on a Windows machine if it matters. I setup using the read me. Got everything working for the most part except for the one script and automation. I opened note pad, pasted the script code from the appendix read me and saved a text file to create the vpncmon script and then Renamed the extension to .sh from txt . I then moved this file to the correct directory per the read me. How do I tell if the script is running on start up per the Rc file I edited?
Further to this question I opened an ssh putty session and ran crontab -e. Hit the insert button and then put in the automation command to run the vpncmon script every 5 min. I hit esc then :w :q . When I run crontab -l root it shows the line correctly. Once I restart the router though this is not saved and the crontab does not display the line. I also moved the actual file from the router and edited it in notepad and then saved it back to the router. Same thing, it reset itself on startup. Note I do not have the usb stock connected to the router with the swap file and vpn credentials if that matters. Can you help me to get it to save? Also it seems I can’t find the crontab log so how do I also tell it is running every 5 min?
Thanks for any help you can provide.
U have to make the .sh file executable, in this case your vpncmon.sh
navigate to the vpncmon.sh directory and then run “chmod 0700 vpncmon.sh”
running “ls” command should give color to the vpncmon.sh which means it is executable
to further test if vpncmon.sh work or not, u can execute it manually using “./vpncmon.sh”
this should not give u error
I dont know about crontab since mine is working as expected. Have u installed cron using entware provided by voxel?
Hey kamoj,
Ur script work thanks but, the ddns feature in the voxel firmware is always update with the vpn IP instead of the ISP IP. Is there a way to set the ddns to resolve and update with the ISP IP? Thx
I think I know what’s my problem, apparently as my router has its own ip which is 192.168.1.1, I did not include it in the bypass openvpn script, so I think the connection of my router as 192.168.1.1 uses openvpn tunnel hence it uses my VPN IP to update the ddns. Adding 192.168.1.1 to the bypass openvpn script however causes loss of internet connection and access to my router (I cant access webgui, telnet and ssh of my router). Is there any other solution of this problem?
So being completly new at this I did not realize that once I installed Entware on the USB drive I needed to then run the command in terminal to install crontab and dnscrypt-proxy. Did that and it all worked. Ended up that the issue with the script was fixed by getting notepad ++ and then saving it as an .sh file rather than converting it as I did. Thanks for the assist.
I have come up with solution to my problem. Here to solve my problem i have to make all my traffic by default going to the ISP, and only IP address of my choosing will go to the VPN tunnel.
in order for this to work u have to input “pull-filter ignore redirect-gateway” in ur .ovpn file to make the script below to work.
using kamoj’s script as a base, I modified it to become only the selected IP address going through vpn tunnel. There’s still some bug but it’s working
PATH=/bin:/sbin:/usr/bin:/usr/sbin:$PATH
ip route add $remote_1 via `ip route | awk '/^default /{print $3,$4,$5}'`
ip route add default via $route_vpn_gateway dev $dev metric 1
VPN_LST="10.0.0.25"
while [ $(ip route list table 200 default | grep "default" | wc -l) != "0" ]; do ip route del table 200 default 2>/dev/null; done
while [ $(ip route list table 200 | grep "default" | wc -l) != "0" ]; do ip route del table 200 2>/dev/null; done
while [ $(ip rule list | grep "lookup 200" | wc -l) != "0" ]; do ip rule del table 200 2>/dev/null; done
ip route flush cache
sleep 1
for includeip in $VPN_LST; do
[ $(ip rule list | grep "${includeip} lookup 200" | wc -l) = "0" ] && ip rule add from ${includeip} table 200
done
ip route add table 200 default via $route_vpn_gateway dev $dev metric 1
I have come up with solution to my problem. Here to solve my problem i have to make all my traffic by default going to the ISP, and only IP address of my choosing will go to the VPN tunnel.
in order for this to work u have to input “pull-filter ignore redirect-gateway” in ur .ovpn file to make the script below to work.
using kamoj’s script as a base, I modified it to become only the selected IP address going through vpn tunnel. There’s still some bug but it’s working
PATH=/bin:/sbin:/usr/bin:/usr/sbin:$PATH
ip route add $remote_1 via `ip route | awk '/^default /{print $3,$4,$5}'`
ip route add default via $route_vpn_gateway dev $dev metric 1
VPN_LST="10.0.0.25"
while [ $(ip route list table 200 default | grep "default" | wc -l) != "0" ]; do ip route del table 200 default 2>/dev/null; done
while [ $(ip route list table 200 | grep "default" | wc -l) != "0" ]; do ip route del table 200 2>/dev/null; done
while [ $(ip rule list | grep "lookup 200" | wc -l) != "0" ]; do ip rule del table 200 2>/dev/null; done
ip route flush cache
sleep 1
for includeip in $VPN_LST; do
[ $(ip rule list | grep "${includeip} lookup 200" | wc -l) = "0" ] && ip rule add from ${includeip} table 200
done
ip route add table 200 default via $route_vpn_gateway dev $dev metric 1
Why I can’t post my script here?
Hi and thanks for your complete guide.
Everything works fine on my R9000.
I've only one more question that probably you have just addressed .....
When you set up a VPN tunnel is made of "everithing through tunnel except the IP list". There is the way to made the same but in reverse mode ? something like "only the IP list go through tunnel"
Thanks in advace for your time
Roby
Pages