Server/Routes
S.A.NE Server Routes
With version 20230311 and newer, client and server routes are now accessible in the server's tunnel settings.
Client routes are routes that are applied on the client (most commonly a default route to route all traffic), while server routes are applied on the server, pointing towards a specific tunnel. By default, server routes are not required as all traffic is masqueraded by the client. All routes must be in proper CIDR notation.
On the client, we use 0.0.0.0/1 and 128.0.0.0/1 instead of a normal default route, as this reduces potential issues with pre-existing WAN default routes.
bxutil Usage
Server routes can also be dynamically set up using the command line util "bxutil"
Add a server route:
# ./bxutil route <TUNNEL> add <NETWORK>
Remove a server route:
# ./bxutil route <TUNNEL> del <NETWORK>
Remove all routes:
# ./bxutil route <TUNNEL> clear
<TUNNEL> must be a valid tunnel name, <NETWORK> a valid network in CIDR notation (e.g. 192.168.0.0/24).
Dynamic Routing Example
In the following example, we'll use some recent additions to dynamically set up a client-given server route when a tunnel connects. Note that this example is not suitable for real-world applications as it trusts arbitrary input data from a remote client to create routes, which can have potentially harmful consequences. Version 20230311 or newer required.
Client Prerequisites
We'll extend our saneclient.json to include a meta tag containing our desired network route. This is done using the command set-meta.
{"target": "tunnel", "action": "set-meta", "info": {"network": "192.168.172.0/30"}}
If you are using pre-generated saneclient.json (e.g. on Teltonika devices), we'll have to get back to you on how to achieve this. You'll have to find out yourself at this point, sorry!
Server Prerequisites
We create the directories & script files "/opt/bondix/server/scripts/tunnel-connect.d/10-addroute.sh" and "/opt/bondix/server/scripts/tunnel-disconnect.d/10-removeroute.sh" and make them executable via chmod a+x <file>.
Contents of 10-addroute.sh:
#!/bin/sh TUNNEL="$1" NET=`/home/bondix/server/bxutil get-meta "$TUNNEL" network` if [ "$NET"E!= "null" ]; then /home/bondix/server/bxutil route "$TUNNEL" add "$NET" fi
When a tunnel connects, bxutil returns the "network" meta information for the target tunnel. If it exists, the server route is created.
Contents of 10-removeroute.sh:
#!/bin/sh TUNNEL="$1" NET=`/home/bondix/server/bxutil get-meta "$TUNNEL" network` if [ "$NET"E!= "null" ]; then /home/bondix/server/bxutil route "$TUNNEL" del "$NET" fi
When a tunnel disconnects, we remove the server route.
When done correctly, we should now see the server route being added when the tunnel connects.That's it!