From b5cd8bd1a332b3afb22b660e6810ae46bd8c44ce Mon Sep 17 00:00:00 2001
From: HgO <hgo@batato.be>
Date: Sat, 18 Nov 2023 19:18:15 +0100
Subject: [PATCH] openvpn client reload only nat rules instead of whole hotspot

---
 conf/openvpn_90-hotspot | 28 +++++++++++++++++++++++++++-
 conf/ynh-hotspot        |  6 +++---
 2 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/conf/openvpn_90-hotspot b/conf/openvpn_90-hotspot
index ce09c25..33fe318 100644
--- a/conf/openvpn_90-hotspot
+++ b/conf/openvpn_90-hotspot
@@ -1,3 +1,29 @@
 #!/bin/bash
 
-systemctl restart __SERVICE_NAME__
\ No newline at end of file
+source /usr/share/yunohost/helpers
+
+is_nat_set() {
+  local gateway_interface=${1}
+  iptables -w -nvt nat -L POSTROUTING | grep MASQUERADE | grep -q "${gateway_interface}"
+}
+
+unset_nat() {
+  local gateway_interface=${1}
+  iptables -w -t nat -D POSTROUTING -o "${gateway_interface}" -j MASQUERADE
+}
+
+set_nat() {
+  local gateway_interface=${1}
+  iptables -w -t nat -A POSTROUTING -o "${gateway_interface}" -j MASQUERADE
+}
+
+old_gateway_interface=$(ynh_app_setting_get --app=$app --key=gateway_interface)
+new_gateway_interface=$(ip route get 1.2.3.4 | awk '{ print $5; }')
+
+if [[ -n "$old_gateway_interface" ]] && [[ "$old_gateway_interface" != "$new_gateway_interface" ]] && is_nat_set "$old_gateway_interface"; then
+  unset_nat "${old_gateway_interface}"
+fi
+
+set_nat "${new_gateway_interface}"
+
+ynh_app_setting_set --app=$app --key=gateway_interface --value="${new_gateway_interface}"
diff --git a/conf/ynh-hotspot b/conf/ynh-hotspot
index f190a78..e9460df 100644
--- a/conf/ynh-hotspot
+++ b/conf/ynh-hotspot
@@ -258,7 +258,7 @@ start)
         exit 1
     fi
 
-    echo "[hotspot] Starting..."
+    echo "[$app] Starting..."
     touch /tmp/.${service_name}-started
 
     # Check old state of the ipv4 NAT settings
@@ -295,13 +295,13 @@ start)
     start_dhcpd
 
     # Update dynamic settings
-    ynh_app_setting_set hotspot gateway_interface "${new_gateway_interface}"
+    ynh_app_setting_set --app=$app --key=gateway_interface --value="${new_gateway_interface}"
 
     # Regen-conf dnsmasq to enable dns resolution on dnsmasq for the new interface
     yunohost tools regen-conf dnsmasq
     ;;
 stop)
-    echo "[hotspot] Stopping..."
+    echo "[$app] Stopping..."
     rm -f /tmp/.${service_name}-started
 
     if ! is_other_hostapd_running; then