Created
July 29, 2017 19:46
-
-
Save u1-liquid/67cd1ee3526d33d4debc6b9d7a742de1 to your computer and use it in GitHub Desktop.
Asuswrt-Merlin OpenVPN dedicated SSID configuration for both 2.4G/5G Guest Network
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| CONFIG=$1 | |
| source /usr/sbin/helper.sh | |
| logger "dnsmasq-dhcp: Configure wl0.1 and wl1.1 to have isolated DHCP" | |
| ifconfig wl0.1 192.168.33.1 netmask 255.255.255.0 | |
| ifconfig wl1.1 192.168.34.1 netmask 255.255.255.0 | |
| iptables -D INPUT -i wl0.1 -j ACCEPT | |
| iptables -I INPUT -i wl0.1 -j ACCEPT | |
| iptables -D INPUT -i wl1.1 -j ACCEPT | |
| iptables -I INPUT -i wl1.1 -j ACCEPT | |
| iptables -I FORWARD -i wl0.1 -o wl1.1 -j ACCEPT | |
| iptables -I FORWARD -i wl1.1 -o wl0.1 -j ACCEPT | |
| ebtables -t broute -D BROUTING -i wl0.1 -p ipv4 -j DROP | |
| ebtables -t broute -I BROUTING -i wl0.1 -p ipv4 -j DROP | |
| ebtables -t broute -D BROUTING -i wl0.1 -p arp -j DROP | |
| ebtables -t broute -I BROUTING -i wl0.1 -p arp -j DROP | |
| ebtables -t broute -D BROUTING -i wl1.1 -p ipv4 -j DROP | |
| ebtables -t broute -I BROUTING -i wl1.1 -p ipv4 -j DROP | |
| ebtables -t broute -D BROUTING -i wl1.1 -p arp -j DROP | |
| ebtables -t broute -I BROUTING -i wl1.1 -p arp -j DROP | |
| pc_append " | |
| interface=wl0.1 | |
| dhcp-range=wl0.1,192.168.33.100,192.168.33.200,255.255.255.0,86400s | |
| dhcp-option=wl0.1,3,192.168.33.1 | |
| dhcp-option=wl0.1,6,8.8.8.8,8.8.4.4 | |
| interface=wl1.1 | |
| dhcp-range=wl1.1,192.168.34.100,192.168.34.200,255.255.255.0,86400s | |
| dhcp-option=wl1.1,3,192.168.34.1 | |
| dhcp-option=wl1.1,6,8.8.8.8,8.8.4.4 | |
| " /tmp/etc/dnsmasq.conf |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| service restart_dnsmasq | |
| /jffs/scripts/your_dedicated-ssid |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| ######################################## Tunnel Module ################################################### | |
| if [ `lsmod | grep -c tun` == 0 ]; then # This works with Openvpn using a tun interface. | |
| insmod tun | |
| sleep 1 | |
| fi | |
| ############################# Check to see if tun interface is available ################################# | |
| while [ ! -n "`ifconfig | grep tun11`" ]; do | |
| sleep 1 | |
| done | |
| ############################################ IP ROUTING ################################################## | |
| ip route show table main | grep -Ev ^default | while read ROUTE; do | |
| ip route add table 10 $ROUTE; | |
| done | |
| #ip route del 0.0.0.0/1 table main # Uncomment this line if you are not using the route-nopull option. | |
| # Many VPN service providers push this route to redirect internet traffic over the tunnel. | |
| ip route add default dev tun11 table 10 | |
| ip rule add dev wl0.1 table 10 | |
| ip rule add dev wl1.1 table 10 | |
| ip route flush cache | |
| ############################################ IP TABLES RULES ############################################# | |
| iptables -t nat -I POSTROUTING -s 192.168.33.0/24 -o tun11 -j MASQUERADE | |
| iptables -t nat -I POSTROUTING -s 192.168.34.0/24 -o tun11 -j MASQUERADE |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment