1. Yes, either example should go in the additional config section.
2. vpn_gateway is a variable for the VPN network within OpenVPN. Its not meant to be a placeholder it will be parsed by OpenVPN as a variable.
3. Yes, there would already be a route setup for the tun1 interface, you are just doing the routing rules within OpenVPN itself.
Because you are running route-nopull, you essentially have the VPN tunnel active but no traffic will use it, unless explicitly told to. _________________ James
Main router:
Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac
IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset
Route working perfectly. But I need to test the system more than one days if still working that means you fixed. Thank you _________________ Kaan's World | @mkaand | PLEX Archive | Trakt.tv
No worries! Hopefully that should be more stable for you.
Even if OpenVPN disconnects, the changes should keep your specific routing rules in place and automatically re-establish the connection to the tunnel if it drops.
If you do still get disconnects you might want to investigate that further, maybe add a higher logging level like verb 5, to see whats going on in the logs. _________________ James
Main router:
Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac
IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset
Thank you very much James. I don't think I'll see any problem in the future. Looks fixed as you said. Even if it drops your code adds routes again. I use my WRT1900AC v1 as a VPN Server. Kong's Build is very nice. I don't want to try other builds. My build is very stable.
I can connect to my home via my iPhone thru SoftEtherVPN
My garden IP Camera connects thru OpenVPN Server
I have access for some websites thats normally my ISP blocks (pandora.com, wikipedia.org etc) via OpenVPNClient
I use Recursive DNS (My internet connection secure)
I use ADBlock Plus filters on my Privoxy (same router)
As you see lots of thing working on this great router. Maybe you like my solution for Recursive DNS Resolution with DNSMasq. Check it:
James, I think my problem is still continue. IP route and VPN connection is OK but sometimes it drops and I do not have access to pandora.com and wikipedia.org even I can see the correct IP Routes. Here is the client log:
Clientlog:
19700101 03:00:37 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
19700101 03:00:37 I OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan 8 2017
19700101 03:00:37 I library versions: OpenSSL 1.0.2h 3 May 2016 LZO 2.09
19700101 03:00:37 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
19700101 03:00:37 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
19700101 03:00:37 W WARNING: Your certificate is not yet valid!
20170717 23:00:01 N RESOLVE: Cannot resolve host address: us1.vpnbook.com:25000 (Try again)
20170717 23:00:03 Socket Buffers: R=[180224->180224] S=[180224->180224]
20170717 23:00:03 I UDPv4 link local: (not bound)
20170717 23:00:03 I UDPv4 link remote: [AF_INET]198.7.62.204:25000
20170717 23:00:04 TLS: Initial packet from [AF_INET]198.7.62.204:25000 sid=67783fb5 12094186
20170717 23:00:04 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20170717 23:00:05 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170717 23:00:05 VERIFY OK: nsCertType=SERVER
20170717 23:00:05 VERIFY OK: depth=0 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170717 23:00:09 NOTE: --mute triggered...
20170717 23:00:09 1 variation(s) on previous 3 message(s) suppressed by --mute
20170717 23:00:09 I [vpnbook.com] Peer Connection Initiated with [AF_INET]198.7.62.204:25000
20170717 23:00:10 SENT CONTROL [vpnbook.com]: 'PUSH_REQUEST' (status=1)
20170717 23:00:11 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 8.8.8.8 dhcp-option DNS 91.239.100.100 route 10.10.0.1 topology net30 ping 5 ping-restart 30 ifconfig 10.10.0.6 10.10.0.5'
20170717 23:00:11 N Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
20170717 23:00:11 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170717 23:00:11 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170717 23:00:11 NOTE: --mute triggered...
20170717 23:00:11 1 variation(s) on previous 3 message(s) suppressed by --mute
20170717 23:00:11 OPTIONS IMPORT: timers and/or timeouts modified
20170717 23:00:11 OPTIONS IMPORT: --ifconfig/up options modified
20170717 23:00:11 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170717 23:00:11 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20170717 23:00:11 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170717 23:00:11 NOTE: --mute triggered...
20170717 23:00:11 1 variation(s) on previous 3 message(s) suppressed by --mute
20170717 23:00:11 I TUN/TAP device tun1 opened
20170717 23:00:11 TUN/TAP TX queue length set to 100
20170717 23:00:11 D do_ifconfig tt->did_ifconfig_ipv6_setup=0
20170717 23:00:11 I /sbin/ifconfig tun1 10.10.0.6 pointopoint 10.10.0.5 mtu 1500
20170717 23:00:11 /sbin/route add -net 208.85.40.0 netmask 255.255.255.0 gw 10.10.0.5
20170717 23:00:11 /sbin/route add -net 198.35.26.0 netmask 255.255.254.0 gw 10.10.0.5
20170717 23:00:11 I Initialization Sequence Completed
20170717 23:05:09 TLS: soft reset sec=0 bytes=9843/-1 pkts=128/0
20170717 23:06:05 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170717 23:06:05 VERIFY OK: nsCertType=SERVER
20170717 23:06:05 NOTE: --mute triggered...
20170717 23:06:10 1 variation(s) on previous 3 message(s) suppressed by --mute
20170717 23:06:10 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
20170717 23:06:10 N TLS Error: TLS handshake failed
20170717 23:06:10 TLS: move_session: dest=TM_LAME_DUCK src=TM_ACTIVE reinit_src=1
20170717 23:06:24 TLS: Initial packet from [AF_INET]198.7.62.204:25000 sid=9e91e8b0 f4ce39ab
20170717 23:06:31 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170717 23:06:31 NOTE: --mute triggered...
20170717 23:07:02 8 variation(s) on previous 3 message(s) suppressed by --mute
20170717 23:07:02 I [vpnbook.com] Inactivity timeout (--ping-restart) restarting
20170717 23:07:02 I SIGUSR1[soft ping-restart] received process restarting
20170717 23:07:02 Restart pause 5 second(s)
20170717 23:07:07 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20170717 23:07:07 I TCP/UDP: Preserving recently used remote address: [AF_INET]198.7.62.204:25000
20170717 23:07:07 Socket Buffers: R=[180224->180224] S=[180224->180224]
20170717 23:07:07 I UDPv4 link local: (not bound)
20170717 23:07:07 I UDPv4 link remote: [AF_INET]198.7.62.204:25000
20170717 23:07:07 TLS: Initial packet from [AF_INET]198.7.62.204:25000 sid=d6391194 b276c04f
20170717 23:07:14 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170717 23:07:14 VERIFY OK: nsCertType=SERVER
20170717 23:07:14 NOTE: --mute triggered...
20170717 23:07:14 2 variation(s) on previous 3 message(s) suppressed by --mute
20170717 23:07:14 I [vpnbook.com] Peer Connection Initiated with [AF_INET]198.7.62.204:25000
20170717 23:07:15 SENT CONTROL [vpnbook.com]: 'PUSH_REQUEST' (status=1)
20170717 23:07:15 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 8.8.8.8 dhcp-option DNS 91.239.100.100 route 10.10.0.1 topology net30 ping 5 ping-restart 30 ifconfig 10.10.0.114 10.10.0.113'
20170717 23:07:15 N Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
20170717 23:07:15 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170717 23:07:15 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170717 23:07:15 NOTE: --mute triggered...
20170717 23:07:15 1 variation(s) on previous 3 message(s) suppressed by --mute
20170717 23:07:15 OPTIONS IMPORT: timers and/or timeouts modified
20170717 23:07:15 OPTIONS IMPORT: --ifconfig/up options modified
20170717 23:07:15 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170717 23:07:15 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20170717 23:07:15 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170717 23:07:15 NOTE: --mute triggered...
20170717 23:07:15 1 variation(s) on previous 3 message(s) suppressed by --mute
20170717 23:07:15 I Preserving previous TUN/TAP instance: tun1
20170717 23:07:15 I Initialization Sequence Completed
20170717 23:12:14 TLS: soft reset sec=0 bytes=8165/-1 pkts=99/0
20170717 23:12:19 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170717 23:12:19 VERIFY OK: nsCertType=SERVER
20170717 23:12:19 NOTE: --mute triggered...
20170718 02:33:22 357 variation(s) on previous 3 message(s) suppressed by --mute
20170718 02:33:22 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170718 02:33:22 D MANAGEMENT: CMD 'state'
20170718 02:33:22 MANAGEMENT: Client disconnected
20170718 02:33:22 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170718 02:33:22 D MANAGEMENT: CMD 'state'
20170718 02:33:22 MANAGEMENT: Client disconnected
20170718 02:33:22 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170718 02:33:22 D MANAGEMENT: CMD 'state'
20170718 02:33:22 MANAGEMENT: Client disconnected
20170718 02:33:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170718 02:33:23 D MANAGEMENT: CMD 'status 2'
20170718 02:33:23 MANAGEMENT: Client disconnected
20170718 02:33:23 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170718 02:33:23 D MANAGEMENT: CMD 'log 500' _________________ Kaan's World | @mkaand | PLEX Archive | Trakt.tv
19700101 03:00:37 W WARNING: Your certificate is not yet valid!
20170717 23:00:01 N RESOLVE: Cannot resolve host address: us1.vpnbook.com:25000 (Try again)
20170717 23:00:03 Socket Buffers: R=[180224->180224] S=[180224->180224]
20170717 23:00:03 I UDPv4 link local: (not bound)
That part of the log is interesting. It would suggest there is a potential issue with the time settings on your router.
Are you using NTP to ensure your router's time and date is up to date?
Certificate errors in OpenVPN are often related to the system clock being incorrect. _________________ James
Main router:
Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac
IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset
Hello James, my NTP settings and my router time correct. I am make sure. But I discovered when I copy paste your code from forum, the forum php script adds space char (whitespace) to end of each line. I delete these lines and reboot my router again. I am testing now. IF it is fail again. I delete your code but I will keep your ROUTE settings. Maybe it can fix my problem. I'll let you know. _________________ Kaan's World | @mkaand | PLEX Archive | Trakt.tv
During the last 14 hours, your code works perfectly. I believe I made a mistake when I copy paste your code. AS I said forum adds whitespace each line. Still I am testing. IT supposed to be fail during 14 hours. I will wait more. Currently I have access pandora and wikipedia thru VPN. _________________ Kaan's World | @mkaand | PLEX Archive | Trakt.tv
I am still struggling with Open VPN. I will share my Client log with you. Can you help me? First everything is OK but after sometimes I do not have access to pandora.com and wikipedia.org (I should able to access ONLY these websites via OpenVPN) After your modification my ip route always correct but still I have a problem. If I stopservice openvpn it tells me error about NAT, I re-run stopservice than I can stop the OpenVPN. Looks like this is related with DNS I guess or gateway. Only way to use OpenVPN reboot my router.
Here is the log:
Code:
Clientlog:
20170720 18:37:49 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20170720 18:37:49 W WARNING: file '/tmp/openvpncl/credentials' is group or others accessible
20170720 18:37:49 I OpenVPN 2.4.0 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan 8 2017
20170720 18:37:49 I library versions: OpenSSL 1.0.2h 3 May 2016 LZO 2.09
20170720 18:37:49 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20170720 18:37:49 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20170720 18:37:49 I TCP/UDP: Preserving recently used remote address: [AF_INET]198.7.62.204:25000
20170720 18:37:49 Socket Buffers: R=[180224->180224] S=[180224->180224]
20170720 18:37:49 I UDPv4 link local: (not bound)
20170720 18:37:49 I UDPv4 link remote: [AF_INET]198.7.62.204:25000
20170720 18:37:49 TLS: Initial packet from [AF_INET]198.7.62.204:25000 sid=52eabf3f 6006b3cd
20170720 18:37:49 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20170720 18:38:06 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170720 18:38:06 VERIFY OK: nsCertType=SERVER
20170720 18:38:06 VERIFY OK: depth=0 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170720 18:38:06 NOTE: --mute triggered...
20170720 18:38:06 1 variation(s) on previous 3 message(s) suppressed by --mute
20170720 18:38:06 I [vpnbook.com] Peer Connection Initiated with [AF_INET]198.7.62.204:25000
20170720 18:38:07 SENT CONTROL [vpnbook.com]: 'PUSH_REQUEST' (status=1)
20170720 18:38:09 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 8.8.8.8 dhcp-option DNS 91.239.100.100 route 10.10.0.1 topology net30 ping 5 ping-restart 30 ifconfig 10.10.0.162 10.10.0.161'
20170720 18:38:09 N Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
20170720 18:38:09 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170720 18:38:09 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170720 18:38:09 NOTE: --mute triggered...
20170720 18:38:09 1 variation(s) on previous 3 message(s) suppressed by --mute
20170720 18:38:09 OPTIONS IMPORT: timers and/or timeouts modified
20170720 18:38:09 OPTIONS IMPORT: --ifconfig/up options modified
20170720 18:38:09 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170720 18:38:09 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20170720 18:38:09 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170720 18:38:09 NOTE: --mute triggered...
20170720 18:38:09 1 variation(s) on previous 3 message(s) suppressed by --mute
20170720 18:38:09 I TUN/TAP device tun1 opened
20170720 18:38:09 TUN/TAP TX queue length set to 100
20170720 18:38:09 D do_ifconfig tt->did_ifconfig_ipv6_setup=0
20170720 18:38:09 I /sbin/ifconfig tun1 10.10.0.162 pointopoint 10.10.0.161 mtu 1500
20170720 18:38:09 /sbin/route add -net 208.85.40.0 netmask 255.255.255.0 gw 10.10.0.161
20170720 18:38:09 /sbin/route add -net 198.35.26.0 netmask 255.255.254.0 gw 10.10.0.161
20170720 18:38:10 I Initialization Sequence Completed
20170720 18:43:06 TLS: soft reset sec=0 bytes=331693/-1 pkts=830/0
20170720 18:43:07 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170720 18:43:07 VERIFY OK: nsCertType=SERVER
20170720 18:43:07 NOTE: --mute triggered...
20170721 02:04:05 771 variation(s) on previous 3 message(s) suppressed by --mute
20170721 02:04:05 I [vpnbook.com] Inactivity timeout (--ping-restart) restarting
20170721 02:04:05 I SIGUSR1[soft ping-restart] received process restarting
20170721 02:04:05 Restart pause 5 second(s)
20170721 02:04:10 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20170721 02:04:10 I TCP/UDP: Preserving recently used remote address: [AF_INET]198.7.62.204:25000
20170721 02:04:10 Socket Buffers: R=[180224->180224] S=[180224->180224]
20170721 02:04:10 I UDPv4 link local: (not bound)
20170721 02:04:10 I UDPv4 link remote: [AF_INET]198.7.62.204:25000
20170721 02:04:14 TLS: Initial packet from [AF_INET]198.7.62.204:25000 sid=dde862cf 62f37b95
20170721 02:04:19 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170721 02:04:19 VERIFY OK: nsCertType=SERVER
20170721 02:04:19 NOTE: --mute triggered...
20170721 02:04:28 2 variation(s) on previous 3 message(s) suppressed by --mute
20170721 02:04:28 I [vpnbook.com] Peer Connection Initiated with [AF_INET]198.7.62.204:25000
20170721 02:04:29 SENT CONTROL [vpnbook.com]: 'PUSH_REQUEST' (status=1)
20170721 02:04:30 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 8.8.8.8 dhcp-option DNS 91.239.100.100 route 10.10.0.1 topology net30 ping 5 ping-restart 30 ifconfig 10.10.0.166 10.10.0.165'
20170721 02:04:30 N Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
20170721 02:04:30 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170721 02:04:30 N Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
20170721 02:04:30 NOTE: --mute triggered...
20170721 02:04:30 1 variation(s) on previous 3 message(s) suppressed by --mute
20170721 02:04:30 OPTIONS IMPORT: timers and/or timeouts modified
20170721 02:04:30 OPTIONS IMPORT: --ifconfig/up options modified
20170721 02:04:30 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170721 02:04:30 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
20170721 02:04:30 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
20170721 02:04:30 NOTE: --mute triggered...
20170721 02:04:30 1 variation(s) on previous 3 message(s) suppressed by --mute
20170721 02:04:30 I Preserving previous TUN/TAP instance: tun1
20170721 02:04:30 I Initialization Sequence Completed
20170721 02:09:28 TLS: soft reset sec=0 bytes=7631/-1 pkts=109/0
20170721 02:09:38 VERIFY OK: depth=1 C=CH ST=Zurich L=Zurich O=vpnbook.com OU=IT CN=vpnbook.com name=vpnbook.com emailAddress=admin@vpnbook.com
20170721 02:09:38 VERIFY OK: nsCertType=SERVER
20170721 02:09:38 NOTE: --mute triggered...
20170721 15:54:35 1455 variation(s) on previous 3 message(s) suppressed by --mute
20170721 15:54:35 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170721 15:54:35 D MANAGEMENT: CMD 'state'
20170721 15:54:35 MANAGEMENT: Client disconnected
20170721 15:54:35 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170721 15:54:35 D MANAGEMENT: CMD 'state'
20170721 15:54:35 MANAGEMENT: Client disconnected
20170721 15:54:35 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170721 15:54:35 D MANAGEMENT: CMD 'state'
20170721 15:54:35 MANAGEMENT: Client disconnected
20170721 15:54:35 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170721 15:54:35 D MANAGEMENT: CMD 'status 2'
20170721 15:54:35 MANAGEMENT: Client disconnected
20170721 15:54:35 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170721 15:54:35 D MANAGEMENT: CMD 'log 500'
sed -i '/port=0/d' /tmp/dnsmasq.conf
sed -i '/resolv-file=\/tmp\/resolv.dnsmasq/d' /tmp/dnsmasq.conf
dnsmasq --conf-file=/tmp/dnsmasq.conf
After my OpenVPN client drop and re-connect I cannot able to access pandora.com and wikipedia.org YOur code creates the ip routes but I cannot access. I found out:
If my router successfully connected to OpenVPN Server but I cannot access these websites if I run these commands:
sed -i '/port=0/d' /tmp/dnsmasq.conf
sed -i '/resolv-file=\/tmp\/resolv.dnsmasq/d' /tmp/dnsmasq.conf
dnsmasq --conf-file=/tmp/dnsmasq.conf
I can able to connect these websites.
What I need:
I want to create custom script above. Everytime after OpenVPN connection success or restart (with your modification) this cutome script should be run. But how?
I found these lines in /tmp/openvpncl/route-up.sh folder. This explain why I cannot able to access pandora.com and wikipedia.org after re-connect. Looks like this is related with dnsmasq. And I modified my dnsmasq options. Please check my previous post.
Sorry for not responding. Admittedly, your setup does seem quite bespoke, so its difficult to know where the issue is.
You'll want to potentially investigate why the VPN tunnel is not stable and keeps dropping. Adding higher verb logging on OpenVPN might reveal more clues, if its still not resolved. _________________ James
Main router:
Netgear R7000 overclocked to 1.2GHz - DD-WRT v3.0-r35965M kongac
IPv6 6in4 (HE.net), OpenVPN (with PBR and split tunnelling), Entware, dnsmasq with ipset
Sorry for not responding. Admittedly, your setup does seem quite bespoke, so its difficult to know where the issue is.
You'll want to potentially investigate why the VPN tunnel is not stable and keeps dropping. Adding higher verb logging on OpenVPN might reveal more clues, if its still not resolved.
My connection drops and after restoration access problem for pandora and wiki still continue. Could you help me? How to I can investigate it? How to make higher verb logging? Thanks. _________________ Kaan's World | @mkaand | PLEX Archive | Trakt.tv