I'm using Shiibby 1.28.0000 MIPSR2-115 K26 Max on an Asus RT-N12D1. I use the OpenVPN capabilty for several of my remote virtual servers, which I back up over the VPN link. Due to this I MUST have the same IP address pair for each tunnel each time the vpn server restarts. I use the /tmp/etc/openvpn/server1/ccd directory with files named for each server link, with "ifconfig-push" and the remote and local link ips. I have these entries in the firewall script, such that I was led to believe would be run each time the firewall restarts.. Apparently this isnt the case, as each time I restart the firewall, after the firewall restarts, the ccd directory is empty.. To work around this, I have a copy of the "ccd filler script" in /cifs1, which I run manually, which then populates the ccd directory, then I have to restart all of the client links to get them to grab the correct ip addresses, since they don't take the correct ones, that are listed in each affected system's /etc/hosts.. Way back when I was using Tomato 1.27vpn on an old WRT54GL router and first needed the Openvpn capability I asked about how to force clients to get the same address pairs each time they connected to the server and I was told to put something like this in the firewall custom script..
sleep 2 mkdir -p /tmp/etc/openvpn/server1/ccd echo "ifconfig-push 10.10.10.6 10.10.10.5" > /etc/openvpn/server1/ccd/host1 echo "ifconfig-push 10.10.10.10 10.10.10.9" > /etc/openvpn/server1/ccd/host2 ...
The ip address pairs are taken from the Openvpn documentation for the correct 4th-octet. This script snippet does not seem to work, as I can check the
/tmp/etc/openvpn/server1/ccd directory prior to restarting the server, with all of the named files there and again after restarting the server and the directory is then empty.. I have to then run
the script manually from an ssh session, then restart each client to get the ip addresses needed (and that are listed in everybody's host file)… I've been having to restart the firewall a lot to
add entries to DROP a bunch of skriptkiddies trying to hit my ssh (which is on another port)