VPN Policy - Quickly Change Domain List via SSH

Technical Support for Routers VPN, DNS, Leaks
1

Hello,
I am trying to determine when and how the 'Subscription URL' specifically updates it's local list from the specified URL. Currently, the only documentation I see on this feature is the info (see screenshot) on the admin panel itself which just says 'every day', and via this tutorial URL: How to configure domain and IP filtering rules via an online text file

The help docs nor the tutorial linked above get into specifics about when/how/what mechanism is automating this. Is it a cron job? Can this be adjusted to check for changes more often than once every 24 hours? Any help is greatly appreciated!

D-02-21-T-15-03--1774
D-02-21-T-15-03--1774959×398 27 KB

2

Ok, I see where (and how) the script is executed to update, check for changes, etc. It does look like it's via cron and runs at 3 AM daily:

D-02-21-T-16-05--1776
D-02-21-T-16-05--1776287×247 4.55 KB

D-02-21-T-16-05--1777
D-02-21-T-16-05--17771509×129 14.2 KB

Now my question is, how do I edit this properly? In the linux world, this should be done via terminal with crontab -e or something similar. Unfortunately, using crontab -e in terminal I don't see these entries. 'Scheduled Tasks' under LuCi is also blank. Any help is greatly appreciated!

3

I would say, just update the cron syntax entry inside this file.

4

That worked! I took it a step further and wanted a way to quickly change the list of domains between a couple preset lists instead of having the router do overtime running the 'check URL' cronjob every 1-2 minutes. Here's what I came up with in case anyone is interested in doing the same:

I decided to leave the VPN input mode as 'manual', and then I put in the list of domains I wanted to 'toggle' to on demand. After updating this, the /etc/config/vpnpolicy file is updated to hold these domains. I simply copied this vpnpolicy file with the domains I wanted to exclude (vpnpolicy-all), and another without any domains (vpnpolicy-none)... these are the two 'states' I wanted the VPN policy to work in. And then two things happen that I also had to do via SSH to actually apply the changes in the VPN:

a uci command executed that will 'unify' the current and new vpnpolicy settings:

uci commit vpnpolicy

After that, there is a service that is setup to re-execute and apply the new configuration, essentially restarting the vpn:

service vpnpolicy-apply restart

So I created a couple iOS SSH shortcuts, and here are the commands I input for each shortcut:
VPN Domains: None

cp /etc/config/vpnpolicy-none /etc/config/vpnpolicy
uci commit vpnpolicy
service vpnpolicy-apply restart

VPN Domains: All

cp /etc/config/vpnpolicy-all /etc/config/vpnpolicy
uci commit vpnpolicy
service vpnpolicy-apply restart

There are two responses I receive but otherwise have reviewed that it works as expected like I had made the change via the UI:
uci: Entry not found (seen when removing all domains from vpnpolicy - but necessary)
Command failed: Not found (seen when restarting vpnpolicy, believe it's because of a START=29 command that has something to do with the order that all services start in on boot that is not-applicable here). No issues or errors in router logs.

2 Likes