projects / feed / packages.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
treewide: change email
[feed/packages.git] / net / travelmate / files / travelmate.vpn
1 #!/bin/sh
2 # vpn switch for travelmate
3 # Copyright (c) 2020 Dirk Brenken (dev@brenken.org)
4 # This is free software, licensed under the GNU General Public License v3.
5
6 # set (s)hellcheck exceptions
7 # shellcheck disable=1091,2016,2039,2059,2086,2143,2181,2188
8
9 # Please note: you have to setup the package 'wireguard' or 'openvpn' before using this script
10
11 export LC_ALL=C
12 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
13 set -o pipefail
14
15 if [ "$(uci_get 2>/dev/null; printf "%u" "${?}")" = "127" ]
16 then
17 . "/lib/functions.sh"
18 fi
19
20 vpn_action="${1}"
21 trm_vpnservice="$(uci_get travelmate global trm_vpnservice)"
22 trm_vpniface="$(uci_get travelmate global trm_vpniface)"
23 trm_landevice="$(uci_get travelmate global trm_landevice)"
24 trm_maxwait="$(uci_get travelmate global trm_maxwait "30")"
25 trm_captiveurl="$(uci_get travelmate global trm_captiveurl "http://captive.apple.com")"
26 trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0")"
27 trm_iptrule_accept="FORWARD -i ${trm_landevice} -p tcp --match multiport --dports 80,443 -j ACCEPT"
28 trm_iptrule_drop="FORWARD -i ${trm_landevice} -j DROP"
29 trm_iptables="$(command -v iptables)"
30 trm_logger="$(command -v logger)"
31 trm_fetch="$(command -v curl)"
32
33 f_log()
34 {
35 local class="${1}" log_msg="${2}"
36
37 if [ -x "${trm_logger}" ]
38 then
39 "${trm_logger}" -p "${class}" -t "trm-vpn [${$}]" "${log_msg}"
40 else
41 printf "%s %s %s\\n" "${class}" "trm-vpn [${$}]" "${log_msg}"
42 fi
43 }
44
45 f_net()
46 {
47 local IFS json_raw json_rc result="net nok"
48
49 json_raw="$(${trm_fetch} --user-agent "${trm_useragent}" --referer "http://www.example.com" --write-out "%{json}" --silent --show-error --connect-timeout $((trm_maxwait/10)) "${trm_captiveurl}" 2>/dev/null)"
50 json_raw="${json_raw#*\{}"
51 if [ -n "${json_raw}" ]
52 then
53 json_rc="$(printf "%s" "{${json_raw}" | jsonfilter -l1 -e '@.response_code' 2>/dev/null)"
54 if [ "${json_rc}" = "200" ] || [ "${json_rc}" = "204" ]
55 then
56 result="net ok"
57 fi
58 fi
59 printf "%s" "${result}"
60 }
61
62 if [ -n "${trm_vpnservice}" ] && [ -n "${trm_vpniface}" ] && [ -n "${trm_landevice}" ] && [ -f "/tmp/trm_runtime.json" ]
63 then
64 status="$(jsonfilter -i "/tmp/trm_runtime.json" -l1 -e '@.data.travelmate_status' 2>/dev/null)"
65 vpn_status="$(ubus -S call network.interface."${trm_vpniface}" status 2>/dev/null | jsonfilter -l1 -e '@.up')"
66 if [ "${vpn_action}" = "disable" ] && [ "${vpn_status}" = "true" ]
67 then
68 if [ -n "$("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_drop} 2>&1)" ] && \
69 [ -n "$("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_accept} 2>&1)" ]
70 then
71 "${trm_iptables}" "-w $((trm_maxwait/6))" -I ${trm_iptrule_drop} 2>&1
72 f_log "info" "lan forward blocked for device '${trm_landevice}'"
73 fi
74 fi
75 if [ "${vpn_action}" = "disable" ] && [ "${status%% (net cp *}" = "connected" ]
76 then
77 if [ -n "$("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_accept} 2>&1)" ] && \
78 [ -z "$("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_drop} 2>&1)" ]
79 then
80 "${trm_iptables}" "-w $((trm_maxwait/6))" -I ${trm_iptrule_accept} 2>&1
81 f_log "info" "lan forward on ports 80/443 freed for device '${trm_landevice}'"
82 fi
83 fi
84
85 case "${trm_vpnservice}" in
86 "wireguard")
87 if [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" != "true" ]
88 then
89 ubus call network.interface."${trm_vpniface}" up
90 elif [ "${vpn_action}" = "disable" ] && [ "${vpn_status}" = "true" ]
91 then
92 ubus call network.interface."${trm_vpniface}" down
93 f_log "info" "${trm_vpnservice} client connection disabled"
94 fi
95 ;;
96 "openvpn")
97 if [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" != "true" ]
98 then
99 ubus call network.interface."${trm_vpniface}" up
100 /etc/init.d/openvpn restart >/dev/null 2>&1
101 elif [ "${vpn_action}" = "disable" ] && [ "${vpn_status}" = "true" ]
102 then
103 ubus call network.interface."${trm_vpniface}" down
104 /etc/init.d/openvpn stop >/dev/null 2>&1
105 f_log "info" "${trm_vpnservice} client connection disabled"
106 fi
107 ;;
108 esac
109
110 if [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" != "true" ]
111 then
112 cnt=0
113 while true
114 do
115 vpn_status="$(ubus -S call network.interface."${trm_vpniface}" status 2>/dev/null | jsonfilter -l1 -e '@.up')"
116 if [ "${vpn_status}" = "true" ]
117 then
118 net_status="$(f_net)"
119 if [ "${net_status}" = "net ok" ]
120 then
121 f_log "info" "${trm_vpnservice} client connection enabled"
122 if [ -z "$("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_drop} 2>&1)" ]
123 then
124 "${trm_iptables}" "-w $((trm_maxwait/6))" -D ${trm_iptrule_drop} 2>&1
125 if [ -z "$("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_accept} 2>&1)" ]
126 then
127 "${trm_iptables}" "-w $((trm_maxwait/6))" -D ${trm_iptrule_accept} 2>&1
128 fi
129 f_log "info" "lan forward freed for device '${trm_landevice}'"
130 fi
131 break
132 fi
133 fi
134 if [ "${cnt}" -ge "$((trm_maxwait/6))" ]
135 then
136 f_log "info" "${trm_vpnservice} restart failed, lan forward for device '${trm_landevice}' still blocked"
137 ubus call network.interface."${trm_vpniface}" down
138 exit 2
139 fi
140 sleep 1
141 cnt="$((cnt+1))"
142 done
143 fi
144 if [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" = "true" ]
145 then
146 if [ -f "/etc/init.d/sysntpd" ]
147 then
148 /etc/init.d/sysntpd restart >/dev/null 2>&1
149 fi
150 fi
151 exit 0
152 fi
153 exit 1
Mirror of packages feed