LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7434 Commits
1 Branch
46 MiB
 
 
 
 
 
 
Tree: 05a1aa9e2e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '05a1aa9e2e'
${ noResults }
openwrt-packages-dist/net/vpnbypass/files
Stan Grishin aa3ff6eea7 vpnbypass: updated service enable/start logic. 8 years ago
..
README.md vpnbypass: updated service enable/start logic. 8 years ago
vpnbypass.conf vpnbypass: updated service enable/start logic. 8 years ago
vpnbypass.hotplug vpnbypass: initial commit 8 years ago
vpnbypass.init vpnbypass: updated service enable/start logic. 8 years ago

README.md

VPN Bypass

A simple PROCD-based vpnbypass service for OpenWrt/LEDE Project. Useful if your router accesses internet thru VPN client/tunnel, but you want specific traffic (ports, IP ranges, domains or local IP ranges) to be routed outside of this tunnel.

Features

  • Allows to define local ports so that traffic to them is routed outside of the VPN tunnel (by default routes Plex Media Server traffic (port 32400) outside of the VPN tunnel).
  • Allows to define IPs/subnets in local network so that their traffic is routed outside of the VPN tunnel (by default routes traffic from 192.168.1.81-192.168.1.87 outside of the VPN tunnel).
  • Allows to define remote IPs/ranges that they are accessed outside of the VPN tunnel (by default routes LogmeIn Hamachi traffic (25.0.0.0/8) outside of the VPN tunnel).
  • Allows to define list of domain names which are accessed outside of the VPN tunnel (useful for Netflix, Hulu, etc).
  • Doesn't stay in memory -- creates the iptables rules which are automatically updated on WAN up/down.
  • Has a companion package (luci-app-vpnbypass) so everything can be configured with Web UI.
  • Proudly made in Canada, using locally-sourced electrons.

Screenshot (luci-app-vpnbypass)

screenshot

Requirements

This service requires following packages to be installed on your router: ip-full ipset iptables dnsmasq-full (ip-full requires you uninstall ip first; dnsmasq-full requires you uninstall dnsmasq first). Run the following commands to satisfy the requirements:

opkg update
opkg remove dnsmasq ip
opkg install ip-full ipset iptables dnsmasq-full

How to install

opkg update
opkg install vpnbypass luci-app-vpnbypass

Until the packages are in the official feed/repo for your version, you can install them with:

  • OpenWrt
opkg update; opkg install wget libopenssl
wget --no-check-certificate https://github.com/stangri/Files/raw/master/vpnbypass.ipk -O /tmp/vpnbypass.ipk
wget --no-check-certificate https://github.com/stangri/Files/raw/master/luci-app-vpnbypass.ipk -O /tmp/luci-app-vpnbypass.ipk
opkg install /tmp/vpnbypass.ipk /tmp/luci-app-vpnbypass.ipk
  • LEDE Project
opkg update; opkg install uclient-fetch libustream-mbedtls
wget --no-check-certificate https://github.com/stangri/Files/raw/master/vpnbypass.ipk -O /tmp/vpnbypass.ipk
wget --no-check-certificate https://github.com/stangri/Files/raw/master/luci-app-vpnbypass.ipk -O /tmp/luci-app-vpnbypass.ipk
opkg install /tmp/vpnbypass.ipk /tmp/luci-app-vpnbypass.ipk

Default Settings

Default configuration has service disabled (use Web UI to enable/start service or run uci set vpnbypass.config.enabled=1) and routes Plex Media Server traffic (port 32400) outside of the VPN tunnel, routes LogmeIn Hamachi traffic (25.0.0.0/8) outside of the VPN tunnel and also routes internet traffic from local IPs 192.168.1.81-192.168.1.87 outside of the VPN tunnel. You can safely delete these example rules if they do not apply to you.

Documentation / Discussion

Please head to LEDE Project Forum for discussions of this service.

Bypass Domains Format/Syntax

Domain lists should be in following format/syntax: /domain1.com/domain2.com/vpnbypass. Please don't forget the leading / and trailing /vpnbypass. There's no validation if you enter something incorrectly -- it just won't work. Please see Notes/Known Issues if you want to edit this setting manually, without Web UI.

What's New

1.3.0

  • No longer depends on hardcoded WAN interface name (wan) works with other interface names (like wwan).
  • Table ID, IPSET name and FW_MARK as well as FW_MASK can be defined in config file.
  • Uses iptables, not ip rules for handling local IPs/ranges.
  • More reliable creation/destruction of VPNBYPASS iptables chain.
  • Updated Web UI enables/start and stops service.
  • Beautified output.

1.2.0

1.1.1

  • More reliable way of obtaining WAN gateway on boot (thanks @dibdot for the hint!).

1.1.0:

  • Detects individual IP addresses in the config and converts them to subnet automatically.
  • Proper implementation of reload on vpnbypass config change.

1.0.0:

  • Hotplug script created during install.

0.1.0:

  • Package built.
  • Support for user-defined ports implemented.
  • Support for user-defined routes implemented.
  • Support for user-defined local ranges implemented.

0.0.1:

  • Initial release.

Notes/Known Issues

Domains to be accessed outside of VPN tunnel are handled by dnsmasq and thus are not defined in /etc/config/vpnpass, but rather in /etc/config/dhcp. To add/delete/edit domains you can use VPN Bypass Web UI or you can edit /etc/config/dhcp manually or run following commands:

uci add_list dhcp.@dnsmasq[-1].ipset='/github.com/plex.tv/google.com/vpnbypass'
uci add_list dhcp.@dnsmasq[-1].ipset='/hulu.com/netflix.com/nhl.com/vpnbypass'
uci commit dhcp
/etc/init.d/dnsmasq restart