Merge pull request #116 from YunoHost-Apps/openvpn-reload-nat

Reload only NAT rule when OpenVPN is up / down
2024-09-03 19:25:53 +02:00 · 2023-11-24 18:31:31 +01:00 · 2023-11-24 18:31:31 +01:00 · 37f63b3ef7
commit 37f63b3ef7
parent 29d48e1f0a a4fe4d0406
4 changed files with 36 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -20,7 +20,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
 * Combine with the [VPN Client app](https://github.com/labriqueinternet/vpnclient_ynh) to obtain a VPN-protected WiFi


-**Shipped version:** 2.2.0~ynh1
+**Shipped version:** 2.2.1~ynh1

 ## Screenshots

@ -29,6 +29,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
 ## Documentation and resources

 * Official app website: <https://internetcu.be/>
+* YunoHost Store: <https://apps.yunohost.org/app/hotspot>
 * Report a bug: <https://github.com/YunoHost-Apps/hotspot_ynh/issues>

 ## Developer info
--- a/README_fr.md
+++ b/README_fr.md
@ -20,7 +20,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
 * À combiner avec l'[app VPN Client](https://github.com/labriqueinternet/vpnclient_ynh) pour obtenir un accès internet aumatiquement protégé par votre VPN


-**Version incluse :** 2.2.0~ynh1
+**Version incluse :** 2.2.1~ynh1

 ## Captures d’écran

@ -29,6 +29,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
 ## Documentations et ressources

 * Site officiel de l’app : <https://internetcu.be/>
+* YunoHost Store: <https://apps.yunohost.org/app/hotspot>
 * Signaler un bug : <https://github.com/YunoHost-Apps/hotspot_ynh/issues>

 ## Informations pour les développeurs
--- a/conf/openvpn_90-hotspot
+++ b/conf/openvpn_90-hotspot
@ -1,3 +1,31 @@
 #!/bin/bash

-systemctl restart __SERVICE_NAME__
+is_nat_set() {
+  local gateway_interface=${1}
+  iptables -w -nvt nat -L POSTROUTING | grep MASQUERADE | grep -q "${gateway_interface}"
+}
+
+unset_nat() {
+  local gateway_interface=${1}
+  iptables -w -t nat -D POSTROUTING -o "${gateway_interface}" -j MASQUERADE
+}
+
+set_nat() {
+  local gateway_interface=${1}
+  iptables -w -t nat -A POSTROUTING -o "${gateway_interface}" -j MASQUERADE
+}
+
+if systemctl -q is-active __SERVICE_NAME__; then
+  old_gateway_interface=$(yunohost app setting __APP__ gateway_interface)
+  new_gateway_interface=$(ip route get 1.2.3.4 | awk '{ print $5; }')
+
+  if [[ -n "$old_gateway_interface" ]] && [[ "$old_gateway_interface" != "$new_gateway_interface" ]] && is_nat_set "$old_gateway_interface"; then
+    unset_nat "${old_gateway_interface}"
+  fi
+
+  if [[ -n "$new_gateway_interface" ]] && ! is_nat_set $new_gateway_interface; then
+    set_nat "${new_gateway_interface}"
+  fi
+
+  yunohost app setting __APP__ gateway_interface --value "${new_gateway_interface}"
+fi
--- a/conf/ynh-hotspot
+++ b/conf/ynh-hotspot
@ -258,7 +258,7 @@ start)
        exit 1
    fi

-    echo "[hotspot] Starting..."
+    echo "[$app] Starting..."
    touch /tmp/.${service_name}-started

    # Check old state of the ipv4 NAT settings
@ -295,13 +295,13 @@ start)
    start_dhcpd

    # Update dynamic settings
-    ynh_app_setting_set hotspot gateway_interface "${new_gateway_interface}"
+    ynh_app_setting_set --app=$app --key=gateway_interface --value="${new_gateway_interface}"

    # Regen-conf dnsmasq to enable dns resolution on dnsmasq for the new interface
    yunohost tools regen-conf dnsmasq
    ;;
 stop)
-    echo "[hotspot] Stopping..."
+    echo "[$app] Stopping..."
    rm -f /tmp/.${service_name}-started

    if ! is_other_hostapd_running; then