The pfSense Store

Author Topic: Startup script  (Read 3544 times)

0 Members and 2 Guests are viewing this topic.

Offline 0tt0

  • Full Member
  • ***
  • Posts: 257
    • View Profile
Startup script
« on: March 15, 2011, 04:39:12 pm »
I need to have a few commands run after the tunnel is started.

How do I do this most easily, I guess it's easy to do.
I looked in a few of the files in /var/etc/ like the .conf and it mentions rc.filter_configure but I'm somewhat unsure how this is best done.

So basically what I need to do is remove the 0.0.0.0/1 and 128.0.0.0/1 routes from the routing table.

What I do now is issuing commands route del 0.0.0.0/1 and route del 128.0.0.0/1 manually and reset states.

The problem is that if and when the tunnel is restarted, like if the box gets rebooted from a temp power failure those route entries sucks all traffic in the tunnel and hence disables policy routing.

So basically I need to put those two commands in a script and have that script run after the tunnel is up.


Offline geyser

  • Newbie
  • *
  • Posts: 4
    • View Profile
Re: Startup script
« Reply #1 on: April 27, 2011, 07:52:02 am »
Is this so you can then do policy based routing after the OpenVPN link is up?

Online GruensFroeschli

  • Green Frog
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 5058
  • No i will not fix your computer!
    • View Profile
    • FFXI related
Re: Startup script
« Reply #2 on: April 27, 2011, 08:27:17 am »
Why are you telling the openVPN to even add these routes?
I assume you've set the "redirect def1" option.
Just disable this and those routes wont be added.
We do what we must, because we can.
(Except when you PM me to help you directly - DONT: keep your issues in the forum)

Offline geyser

  • Newbie
  • *
  • Posts: 4
    • View Profile
Re: Startup script
« Reply #3 on: April 27, 2011, 09:10:42 am »
I think 0tt0 is connecting to StrongVPN, same as what I am trying to do.  Even if you don't specify redirect-gateway def1; it still puts in those routes.  I think it is being sent down by the remote server.

Online GruensFroeschli

  • Green Frog
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 5058
  • No i will not fix your computer!
    • View Profile
    • FFXI related
Re: Startup script
« Reply #4 on: April 27, 2011, 10:18:35 am »
The redirect def1 is a server option.

But even if you have these routes in place.
They only affect traffic if you're using the "default" gateway on a firewall rule.
Policy routing forces traffic directly to an interface/gateway and bypasses the routing table.

Could you show a screenshot of the rules you think are not working with these routes in place?



Even another alternative would be, that you add on top of these rules another 4 rules (0.0.0.0/2, 64.0.0.0/2, 128.0.0.0/2, 192.0.0.0/2)
We do what we must, because we can.
(Except when you PM me to help you directly - DONT: keep your issues in the forum)

Offline 0tt0

  • Full Member
  • ***
  • Posts: 257
    • View Profile
Re: Startup script
« Reply #5 on: July 07, 2011, 05:41:42 am »
I think 0tt0 is connecting to StrongVPN, same as what I am trying to do.  Even if you don't specify redirect-gateway def1; it still puts in those routes.  I think it is being sent down by the remote server.

This is exactly correct yes.

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6283
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Startup script
« Reply #6 on: July 09, 2011, 12:21:52 am »
If you specify:

Code: [Select]
route-nopull
in your custom options it should prevent that route from being pulled. Someone else is doing that with StrongVPN.

Offline 0tt0

  • Full Member
  • ***
  • Posts: 257
    • View Profile
Re: Startup script
« Reply #7 on: July 11, 2011, 06:35:26 am »
If you specify:

Code: [Select]
route-nopull
in your custom options it should prevent that route from being pulled. Someone else is doing that with StrongVPN.

Thanks for the info, don't think I've seen that one before.


Offline 0tt0

  • Full Member
  • ***
  • Posts: 257
    • View Profile
Re: Startup script
« Reply #8 on: July 11, 2011, 06:48:41 am »
If you specify:

Code: [Select]
route-nopull
in your custom options it should prevent that route from being pulled. Someone else is doing that with StrongVPN.

It seems this only works in OpenVPN 2.1.x or later so it shouldn't work in pfs 1.2.3-R then I guess.


Offline m4rcu5

  • Jr. Member
  • **
  • Posts: 63
    • View Profile
Re: Startup script
« Reply #9 on: July 12, 2011, 04:03:02 am »
I think its replaced by "route-noexec". This worked for me until last week i upgraded to RC3.
Now pfSense wont see my OpenVPN gateway anymore.

Offline 0tt0

  • Full Member
  • ***
  • Posts: 257
    • View Profile
Re: Startup script
« Reply #10 on: July 12, 2011, 05:43:05 am »
I think its replaced by "route-noexec". This worked for me until last week i upgraded to RC3.
Now pfSense wont see my OpenVPN gateway anymore.

Thanks for the info, I'll check it up.


Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14931
    • View Profile
Re: Startup script
« Reply #11 on: July 13, 2011, 12:23:40 pm »
Upgrade to a recent snapshot if you aren't seeing an OpenVPN dynamic gateway (or if you see it but it's always "gathering data"). There were some bug fixes a week or so ago, after the official RC3.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!