You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

64 lines
3.6 KiB

  1. # VPN Bypass
  2. A simple PROCD-based vpnbypass service for OpenWrt/LEDE Project. Useful if your router accesses internet thru VPN client/tunnel, but you want specific traffic (ports, IP ranges, domains or local IP ranges) to be routed outside of this tunnel.
  3. ## Features
  4. - Allows to define local ports so that traffic to them is routed outside of the VPN tunnel (by default routes Plex Media Server traffic (port 32400) outside of the VPN tunnel).
  5. - Allows to define IPs/subnets in local network so that their traffic is routed outside of the VPN tunnel (by default routes traffic from 192.168.1.81-192.168.1.87 outside of the VPN tunnel).
  6. - Allows to define remote IPs/ranges that they are accessed outside of the VPN tunnel (by default routes LogmeIn Hamachi traffic (25.0.0.0/8) outside of the VPN tunnel).
  7. - Allows to define list of domain names which are accessed outside of the VPN tunnel (useful for Netflix, Hulu, etc).
  8. - Doesn't stay in memory -- creates the iptables rules which are automatically updated on WAN up/down.
  9. - Has a companion package (luci-app-vpnbypass) so everything can be configured with Web UI.
  10. - Proudly made in Canada, using locally-sourced electrons.
  11. ## Screenshot (luci-app-vpnbypass)
  12. ![screenshot](https://raw.githubusercontent.com/stangri/screenshots/master/vpnbypass/screenshot01.png "screenshot")
  13. ## Requirements
  14. This service requires following packages to be installed on your router: ```ip-full ipset iptables dnsmasq-full``` (```ip-full``` requires you uninstall ```ip``` first; ```dnsmasq-full``` requires you uninstall ```dnsmasq``` first). Run the following commands to satisfy the requirements:
  15. ```sh
  16. opkg update
  17. opkg remove dnsmasq ip
  18. opkg install ip-full ipset iptables dnsmasq-full
  19. ```
  20. ## How to install
  21. ```sh
  22. opkg update
  23. opkg install vpnbypass luci-app-vpnbypass
  24. ```
  25. Default install routes Plex Media Server traffic (port 32400) outside of the VPN tunnel, routes LogmeIn Hamachi traffic (25.0.0.0/8) outside of the VPN tunnel and also routes internet traffic from local IPs 192.168.1.81-192.168.1.87 outside of the VPN tunnel. You can safely delete these example rules if they do not apply to you.
  26. ## Documentation / Discussion
  27. Please head to [LEDE Project Forum](https://forum.lede-project.org/t/vpn-bypass-split-tunneling-service-luci-ui/1106) for discussions of this service.
  28. ### Bypass Domains Format/Syntax
  29. Domain lists should be in following format/syntax: ```/domain1.com/domain2.com/vpnbypass```. Please don't forget the leading ```/``` and trailing ```/vpnbypass```. There's no validation if you enter something incorrectly -- it just won't work. Please see [Notes/Known Issues](#notesknown-issues) if you want to edit this setting manually, without Web UI.
  30. ## What's New
  31. 1.1.1
  32. - More reliable way of obtaining WAN gateway on boot (thanks @dibdot for the hint!).
  33. 1.1.0:
  34. - Detects individual IP addresses in the config and converts them to subnet automatically.
  35. - Proper implementation of reload on vpnbypass config change.
  36. 1.0.0:
  37. - Hotplug script created during install.
  38. 0.1.0:
  39. - Package built.
  40. - Support for user-defined ports implemented.
  41. - Support for user-defined routes implemented.
  42. - Support for user-defined local ranges implemented.
  43. 0.0.1:
  44. - Initial release.
  45. ## Notes/Known Issues
  46. Domains to be accessed outside of VPN tunnel are not defined in ```/etc/config/vpnpass```, but rather in ```/etc/config/dhcp```. To add/delete/edit domains you can use VPN Bypass Web UI or you can edit ```/etc/config/dhcp``` manually or run following commands:
  47. ```sh
  48. uci add_list dhcp.@dnsmasq[-1].ipset='/github.com/plex.tv/google.com/vpnbypass'
  49. uci add_list dhcp.@dnsmasq[-1].ipset='/hulu.com/netflix.com/nhl.com/vpnbypass'
  50. uci commit dhcp
  51. /etc/init.d/dnsmasq restart
  52. ```