ddwrt-pptp-policy-based-routing.sh

1. #!/bin/sh
2. #DEBUG=; set -x # comment/uncomment to disable/enable debug mode
3.  
4. #         name: ddwrt-pptp-policy-based-routing.sh
5. #      version: 1.1.1, 28-jun-2019, by eibgrad
6. #      purpose: add policy based routing to pptp client
7. #  script type: startup (autostart)
8. #    1. enable jffs2 (administration->jffs2)
9. #    2. enable syslogd (services->services->system log)
10. #    3. use shell (telnet/ssh) to execute one of the following commands:
11. #         curl -kLs bit.ly/ddwrt-installer|tr -d '\r'|sh -s 9DUMFJgN ipup
12. #       or
13. #         wget -qO - bit.ly/ddwrt-installer|tr -d '\r'|sh -s 9DUMFJgN ipup
14. #    4. modify options and rules using vi editor:
15. #         vi /jffs/etc/config/ddwrt-pptp-policy-based-routing.ipup
16. #    5. reboot
17. (
18. # ------------------------------ BEGIN OPTIONS ------------------------------- #
19.  
20. # alternate table-id (valid values: 1-252)
21. TID=200
22.  
23. # ------------------------------- END OPTIONS -------------------------------- #
24. add_rules() {
25. # ------------------------------- BEGIN RULES -------------------------------- #
26.  
27. # - the order of rules does NOT matter (there is no order of precedence);
28. # since the pptp client changes the default gateway to the VPN, if *any*
29. # rule herein matches, those packets are routed back over the WAN/ISP
30.  
31. # - when dealing w/ an ip range, consider using an "ip range to cidr"
32. # converter to significantly reduce the number of required rules and
33. # increase performance:
34. #   https://www.ipaddressguide.com/cidr
35. #   https://ip2cidr.com
36.  
37. # - domain names (e.g., netflix.com) are NOT allowed
38.  
39. # source ip/network/interface
40. ip rule add from 192.168.1.100 table $TID
41. ip rule add from 192.168.1.200/29 table $TID # 192.168.1.200 ...
42. ip rule add from 192.168.1.208/31 table $TID # ... thru 192.168.1.209
43. ip rule add iif br1 table $TID
44.  
45. # destination ip/network
46. ip rule add to 61.201.238.191 table $TID
47. ip rule add to 118.195.77.0/24 table $TID
48.  
49. # source ip/network/interface + destination ip/network
50. ip rule add from 192.168.1.110 to 157.144.245.188 table $TID
51. ip rule add iif br2 to 92.48.0.0/16 table $TID
52.  
53. # -------------------------------- END RULES --------------------------------- #
54. :;}
55. # ---------------------- DO NOT CHANGE BELOW THIS LINE ----------------------- #
56.  
57. # reset policy based routing
58. while ip rule del from 0/0 table $TID 2>/dev/null; do :; done
59. ip route flush table $TID
60. ip route flush cache
61.  
62. # disconnect script (same as this script)
63. IPDOWN_SCRIPT="${0%.*}.ipdown"
64.  
65. # add symbolic link (for disconnect script)
66. [ -L "$IPDOWN_SCRIPT" ] || ln -sf $0 "$IPDOWN_SCRIPT"
67.  
68. # upon disconnect, remove symbolic link
69. [ "$0" == "$IPDOWN_SCRIPT" ] && { rm -f $IPDOWN_SCRIPT; exit 0; }
70.  
71. WAN_GW="$(nvram get wan_gateway_buf)"
72.  
73. [ "$WAN_GW" ] || { echo "error: WAN/ISP gateway not found"; exit 1; }
74.  
75. # copy non-default routes from main routing table to alternate
76. ip route | grep -v '^default ' \
77.   | while read route; do
78.         ip route add $route table $TID
79.     done
80.  
81. # add WAN/ISP default gateway to alternate routing table
82. ip route add default via $WAN_GW table $TID
83.  
84. # add rules
85. add_rules
86.  
87. # force routing system to recognize changes
88. ip route flush cache
89.  
90. exit 0
91.  
92. ) 2>&1 | logger $([ ${DEBUG+x} ] && echo "-p user.debug") \
93.     -t $(echo $(basename $0) | grep -Eo '^.{0,23}')[$$]