You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

85 lines
3.3 KiB

  1. #!/bin/sh
  2. # vpn handler called by travelmate
  3. # Copyright (c) 2020-2021 Dirk Brenken (dev@brenken.org)
  4. # This is free software, licensed under the GNU General Public License v3.
  5. # set (s)hellcheck exceptions
  6. # shellcheck disable=1091,3040,3043
  7. # Please note: you have to setup the package 'wireguard' or 'openvpn' before using this script
  8. . "/lib/functions.sh"
  9. export LC_ALL=C
  10. export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
  11. set -o pipefail
  12. vpn="${1}"
  13. vpn_action="${2}"
  14. vpn_service="${3}"
  15. vpn_iface="${4}"
  16. trm_maxwait="$(uci_get travelmate global trm_maxwait "30")"
  17. trm_captiveurl="$(uci_get travelmate global trm_captiveurl "http://detectportal.firefox.com")"
  18. trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0")"
  19. trm_logger="$(command -v logger)"
  20. trm_fetch="$(command -v curl)"
  21. f_net() {
  22. local json_rc result="net nok"
  23. json_rc="$(${trm_fetch} --user-agent "${trm_useragent}" --referer "http://www.example.com" --header "Cache-Control: no-cache, no-store, must-revalidate, max-age=0" --write-out "%{response_code}" --silent --output /dev/null --max-time $((trm_maxwait / 6)) "${trm_captiveurl}")"
  24. if [ "${json_rc}" = "200" ] || [ "${json_rc}" = "204" ]; then
  25. result="net ok"
  26. fi
  27. printf "%s" "${result}"
  28. }
  29. vpn_status="$(ubus -S call network.interface."${vpn_iface}" status 2>/dev/null | jsonfilter -q -l1 -e '@.up')"
  30. case "${vpn_service}" in
  31. "wireguard")
  32. if [ "${vpn_action}" = "enable" ] && [ "${vpn_status:-"false"}" != "true" ]; then
  33. ubus call network.interface."${vpn_iface}" up
  34. fi
  35. if { [ "${vpn}" = "0" ] && [ "${vpn_action}" = "enable" ]; } || { [ "${vpn_action}" = "disable" ] && [ "${vpn_status}" = "true" ]; }; then
  36. ubus call network.interface."${vpn_iface}" down
  37. "${trm_logger}" -p "info" -t "trm-vpn [${$}]" "${vpn_service} client connection disabled" 2>/dev/null
  38. fi
  39. ;;
  40. "openvpn")
  41. if [ "${vpn_action}" = "enable" ] && [ "${vpn_status:-"false"}" != "true" ]; then
  42. ubus call network.interface."${vpn_iface}" up
  43. /etc/init.d/openvpn restart >/dev/null 2>&1
  44. fi
  45. if { [ "${vpn}" = "0" ] && [ "${vpn_action}" = "enable" ]; } || { [ "${vpn_action}" = "disable" ] && [ "${vpn_status}" = "true" ]; }; then
  46. ubus call network.interface."${vpn_iface}" down
  47. /etc/init.d/openvpn stop >/dev/null 2>&1
  48. "${trm_logger}" -p "info" -t "trm-vpn [${$}]" "${vpn_service} client connection disabled" 2>/dev/null
  49. fi
  50. ;;
  51. esac
  52. if [ "${vpn}" = "1" ] && [ "${vpn_action}" = "enable" ] && [ "${vpn_status:-"false"}" != "true" ]; then
  53. cnt=0
  54. while true; do
  55. vpn_status="$(ubus -S call network.interface."${vpn_iface}" status 2>/dev/null | jsonfilter -q -l1 -e '@.up')"
  56. if [ "${vpn_status}" = "true" ]; then
  57. net_status="$(f_net)"
  58. if [ "${net_status}" = "net ok" ]; then
  59. "${trm_logger}" -p "info" -t "trm-vpn [${$}]" "${vpn_service} client connection enabled" 2>/dev/null
  60. break
  61. fi
  62. fi
  63. if [ "${cnt}" -ge "$((trm_maxwait / 6))" ]; then
  64. "${trm_logger}" -p "info" -t "trm-vpn [${$}]" "${vpn_service} client connection can't be established" 2>/dev/null
  65. ubus call network.interface."${vpn_iface}" down
  66. exit 1
  67. fi
  68. sleep 1
  69. cnt="$((cnt + 1))"
  70. done
  71. fi
  72. if [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" = "true" ]; then
  73. if [ -f "/etc/init.d/sysntpd" ]; then
  74. /etc/init.d/sysntpd restart >/dev/null 2>&1
  75. fi
  76. fi