2 # vpn switch for travelmate
3 # Copyright (c) 2020 Dirk Brenken (dev@brenken.org)
4 # This is free software, licensed under the GNU General Public License v3.
6 # set (s)hellcheck exceptions
7 # shellcheck disable=1091,2016,2039,2059,2086,2143,2181,2188
9 # Please note: you have to setup the package 'wireguard' or 'openvpn' before using this script
12 export PATH
="/usr/sbin:/usr/bin:/sbin:/bin"
15 if [ "$(uci_get 2>/dev/null; printf "%u
" "${?}")" = "127" ]
21 trm_vpnservice
="$(uci_get travelmate global trm_vpnservice)"
22 trm_vpniface
="$(uci_get travelmate global trm_vpniface)"
23 trm_landevice
="$(uci_get travelmate global trm_landevice)"
24 trm_maxwait
="$(uci_get travelmate global trm_maxwait "30")"
25 trm_captiveurl
="$(uci_get travelmate global trm_captiveurl "http
://captive.apple.com
")"
26 trm_useragent
="$(uci_get travelmate global trm_useragent "Mozilla
/5.0 (Linux x86_64
; rv
:80.0) Gecko
/20100101 Firefox
/80.0")"
27 trm_iptrule_accept
="FORWARD -i ${trm_landevice} -p tcp --match multiport --dports 80,443 -j ACCEPT"
28 trm_iptrule_drop
="FORWARD -i ${trm_landevice} -j DROP"
29 trm_iptables
="$(command -v iptables)"
30 trm_logger
="$(command -v logger)"
31 trm_fetch
="$(command -v curl)"
35 local class
="${1}" log_msg
="${2}"
37 if [ -x "${trm_logger}" ]
39 "${trm_logger}" -p "${class}" -t "trm-vpn [${$}]" "${log_msg}"
41 printf "%s %s %s\\n" "${class}" "trm-vpn [${$}]" "${log_msg}"
47 local IFS json_raw json_rc result
="net nok"
49 json_raw
="$(${trm_fetch} --user-agent "${trm_useragent}" --referer "http://www.example.com" --write-out "%{json}" --silent --show-error --connect-timeout $
((trm_maxwait
/10)) "${trm_captiveurl}" 2>/dev
/null
)"
50 json_raw="${json_raw#*\{}"
51 if [ -n "${json_raw}" ]
53 json_rc="$
(printf "%s" "{${json_raw}" | jsonfilter
-l1 -e '@.response_code' 2>/dev
/null
)"
54 if [ "${json_rc}" = "200" ] || [ "${json_rc}" = "204" ]
59 printf "%s
" "${result}"
62 if [ -n "${trm_vpnservice}" ] && [ -n "${trm_vpniface}" ] && [ -n "${trm_landevice}" ] && [ -f "/tmp
/trm_runtime.json
" ]
64 status="$
(jsonfilter
-i "/tmp/trm_runtime.json" -l1 -e '@.data.travelmate_status' 2>/dev
/null
)"
65 vpn_status="$
(ubus
-S call network.interface.
"${trm_vpniface}" status
2>/dev
/null | jsonfilter
-l1 -e '@.up')"
66 if [ "${vpn_action}" = "disable
" ] && [ "${vpn_status}" = "true
" ]
68 if [ -n "$
("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_drop} 2>&1)" ] && \
69 [ -n "$
("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_accept} 2>&1)" ]
71 "${trm_iptables}" "-w $
((trm_maxwait
/6))" -I ${trm_iptrule_drop} 2>&1
72 f_log "info
" "lan forward blocked
for device
'${trm_landevice}'"
75 if [ "${vpn_action}" = "disable
" ] && [ "${status%% (net cp *}" = "connected
" ]
77 if [ -n "$
("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_accept} 2>&1)" ] && \
78 [ -z "$
("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_drop} 2>&1)" ]
80 "${trm_iptables}" "-w $
((trm_maxwait
/6))" -I ${trm_iptrule_accept} 2>&1
81 f_log "info
" "lan forward on ports
80/443 freed
for device
'${trm_landevice}'"
85 case "${trm_vpnservice}" in
87 if [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" != "true
" ]
89 ubus call network.interface."${trm_vpniface}" up
90 elif [ "${vpn_action}" = "disable
" ] && [ "${vpn_status}" = "true
" ]
92 ubus call network.interface."${trm_vpniface}" down
93 f_log "info
" "${trm_vpnservice} client connection disabled
"
97 if [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" != "true
" ]
99 ubus call network.interface."${trm_vpniface}" up
100 /etc/init.d/openvpn restart >/dev/null 2>&1
101 elif [ "${vpn_action}" = "disable
" ] && [ "${vpn_status}" = "true
" ]
103 ubus call network.interface."${trm_vpniface}" down
104 /etc/init.d/openvpn stop >/dev/null 2>&1
105 f_log "info
" "${trm_vpnservice} client connection disabled
"
110 if [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" != "true
" ]
115 vpn_status="$
(ubus
-S call network.interface.
"${trm_vpniface}" status
2>/dev
/null | jsonfilter
-l1 -e '@.up')"
116 if [ "${vpn_status}" = "true
" ]
118 net_status="$
(f_net
)"
119 if [ "${net_status}" = "net ok
" ]
121 f_log "info
" "${trm_vpnservice} client connection enabled
"
122 if [ -z "$
("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_drop} 2>&1)" ]
124 "${trm_iptables}" "-w $
((trm_maxwait
/6))" -D ${trm_iptrule_drop} 2>&1
125 if [ -z "$
("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_accept} 2>&1)" ]
127 "${trm_iptables}" "-w $
((trm_maxwait
/6))" -D ${trm_iptrule_accept} 2>&1
129 f_log "info
" "lan forward freed
for device
'${trm_landevice}'"
134 if [ "${cnt}" -ge "$
((trm_maxwait
/6))" ]
136 f_log "info
" "${trm_vpnservice} restart failed
, lan forward
for device
'${trm_landevice}' still blocked
"
137 ubus call network.interface."${trm_vpniface}" down
144 if [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" = "true
" ]
146 if [ -f "/etc
/init.d
/sysntpd
" ]
148 /etc/init.d/sysntpd restart >/dev/null 2>&1