From dbb06da824b15aec561e7f4a8dbe093d8eead9b9 Mon Sep 17 00:00:00 2001 From: HgO Date: Sun, 28 Apr 2024 10:21:40 +0200 Subject: [PATCH] configure IPv6 only when VPN is up --- conf/openvpn_90-hotspot | 32 ----------------- conf/openvpn_route-down_90-hotspot | 56 +++++++++++++++++++++++++++++ conf/openvpn_route-up_90-hotspot | 57 ++++++++++++++++++++++++++++++ conf/ynh-hotspot | 21 +++++------ scripts/install | 4 +-- scripts/upgrade | 4 +-- 6 files changed, 126 insertions(+), 48 deletions(-) delete mode 100644 conf/openvpn_90-hotspot create mode 100644 conf/openvpn_route-down_90-hotspot create mode 100644 conf/openvpn_route-up_90-hotspot diff --git a/conf/openvpn_90-hotspot b/conf/openvpn_90-hotspot deleted file mode 100644 index 1fc4dd0..0000000 --- a/conf/openvpn_90-hotspot +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash - -is_nat_set() { - local gateway_interface=${1} - iptables -w -nvt nat -L POSTROUTING | grep MASQUERADE | grep -q "${gateway_interface}" -} - -unset_nat() { - local gateway_interface=${1} - iptables -w -t nat -D POSTROUTING -o "${gateway_interface}" -j MASQUERADE -} - -set_nat() { - local gateway_interface=${1} - iptables -w -t nat -A POSTROUTING -o "${gateway_interface}" -j MASQUERADE -} - -ynh_hotspot_state=$(systemctl is-active __SERVICE_NAME__) -if [[ "${ynh_hotspot_state}" == "active" || "${ynh_hotspot_state}" == "activating" ]]; then - old_gateway_interface=$(yunohost app setting __APP__ gateway_interface) - new_gateway_interface=$(ip route get 1.2.3.4 | awk '{ print $5; }') - - if [[ -n "$old_gateway_interface" ]] && [[ "$old_gateway_interface" != "$new_gateway_interface" ]] && is_nat_set "$old_gateway_interface"; then - unset_nat "${old_gateway_interface}" - fi - - if [[ -n "$new_gateway_interface" ]] && ! is_nat_set $new_gateway_interface; then - set_nat "${new_gateway_interface}" - fi - - yunohost app setting __APP__ gateway_interface --value "${new_gateway_interface}" -fi diff --git a/conf/openvpn_route-down_90-hotspot b/conf/openvpn_route-down_90-hotspot new file mode 100644 index 0000000..79a3290 --- /dev/null +++ b/conf/openvpn_route-down_90-hotspot @@ -0,0 +1,56 @@ +#!/bin/bash + +is_nat_set() { + local gateway_interface=${1} + iptables -w -nvt nat -L POSTROUTING | grep MASQUERADE | grep -q "${gateway_interface}" +} + +unset_nat() { + local gateway_interface=${1} + echo "[INFO] hotspot ${wifi_device}: Unset NAT on ${gateway_interface}" + iptables -w -t nat -D POSTROUTING -o "${gateway_interface}" -j MASQUERADE +} + +set_nat() { + local gateway_interface=${1} + echo "[INFO] hotspot ${wifi_device}: Set NAT on ${gateway_interface}" + iptables -w -t nat -A POSTROUTING -o "${gateway_interface}" -j MASQUERADE +} + +has_ip6delegatedprefix() { + [[ -n "${ip6_net}" ]] && [[ "${ip6_net}" != "none" ]] +} + +is_ip6addr_set() { + ip address show dev "${wifi_device}" 2>/dev/null | grep -q "${ip6_addr}/64" +} + +unset_ip6addr() { + echo "[INFO] hotspot ${wifi_device}: Unset IPv6 address ${ip6_addr}" + ip address delete "${ip6_addr}/64" dev "${wifi_device}" +} + +ynh_hotspot_state=$(systemctl is-active __SERVICE_NAME__) +if [[ "${ynh_hotspot_state}" == "active" || "${ynh_hotspot_state}" == "activating" ]]; then + old_gateway_interface=${dev} + new_gateway_interface=$(ip route | awk '/default via/ { print $5; }') + + ip6_net=$(yunohost app setting __APP__ ip6_net) + ip6_addr="${ip6_net}1" + + wifi_device=$(yunohost app setting __APP__ wifi_device) + + if is_nat_set "${old_gateway_interface}"; then + unset_nat "${old_gateway_interface}" + fi + + if [[ -n "$new_gateway_interface" ]] && ! is_nat_set $new_gateway_interface; then + set_nat "${new_gateway_interface}" + fi + + if has_ip6delegatedprefix && is_ip6addr_set; then + unset_ip6addr + fi + + yunohost app setting __APP__ gateway_interface --value "${new_gateway_interface}" +fi diff --git a/conf/openvpn_route-up_90-hotspot b/conf/openvpn_route-up_90-hotspot new file mode 100644 index 0000000..b22edc9 --- /dev/null +++ b/conf/openvpn_route-up_90-hotspot @@ -0,0 +1,57 @@ +#!/bin/bash + +is_nat_set() { + local gateway_interface=${1} + iptables -w -nvt nat -L POSTROUTING | grep MASQUERADE | grep -q "${gateway_interface}" +} + +unset_nat() { + local gateway_interface=${1} + echo "[INFO] hotspot ${wifi_device}: Unset NAT on ${gateway_interface}" + iptables -w -t nat -D POSTROUTING -o "${gateway_interface}" -j MASQUERADE +} + +set_nat() { + local gateway_interface=${1} + echo "[INFO] hotspot ${wifi_device}: Set NAT on ${gateway_interface}" + iptables -w -t nat -A POSTROUTING -o "${gateway_interface}" -j MASQUERADE +} + +has_ip6delegatedprefix() { + [[ -n "${ip6_net}" ]] && [[ "${ip6_net}" != "none" ]] +} + +is_ip6addr_set() { + ip address show dev "${wifi_device}" 2>/dev/null | grep -q "${ip6_addr}/64" +} + +set_ip6addr() { + echo "[INFO] hotspot ${wifi_device}: Set IPv6 address ${ip6_addr}" + ip address delete "${ip6_addr}/64" dev "${new_gateway_interface}" &>/dev/null + ip address add "${ip6_addr}/64" dev "${wifi_device}" +} + +ynh_hotspot_state=$(systemctl is-active __SERVICE_NAME__) +if [[ "${ynh_hotspot_state}" == "active" || "${ynh_hotspot_state}" == "activating" ]]; then + old_gateway_interface=$(ip route | awk '/default via/ { print $5; }') + new_gateway_interface=${dev} + + ip6_net=$(yunohost app setting __APP__ ip6_net) + ip6_addr="${ip6_net}1" + + wifi_device=$(yunohost app setting __APP__ wifi_device) + + if [[ -n "$old_gateway_interface" ]] && is_nat_set "$old_gateway_interface"; then + unset_nat "${old_gateway_interface}" + fi + + if ! is_nat_set $new_gateway_interface; then + set_nat "${new_gateway_interface}" + fi + + if has_ip6delegatedprefix && ! is_ip6addr_set; then + set_ip6addr + fi + + yunohost app setting __APP__ gateway_interface --value "${new_gateway_interface}" +fi diff --git a/conf/ynh-hotspot b/conf/ynh-hotspot index d55456f..0b41d38 100644 --- a/conf/ynh-hotspot +++ b/conf/ynh-hotspot @@ -26,10 +26,6 @@ has_ip6delegatedprefix() { [[ -n "${ip6_net}" ]] && [[ "${ip6_net}" != "none" ]] } -ip6addrfromdelegatedprefix() { - echo "${ip6_net}1" -} - is_nat_set() { local gateway_interface=${1} iptables -w -nvt nat -L POSTROUTING | grep MASQUERADE | grep -q "${gateway_interface}" @@ -40,7 +36,7 @@ is_ip4nataddr_set() { } is_ip6addr_set() { - ip address show dev "${wifi_device}" 2>/dev/null | grep -q "$(ip6addrfromdelegatedprefix)/64" + ip address show dev "${wifi_device}" 2>/dev/null | grep -q "${ip6_addr}/64" } is_ip6firewall_set() { @@ -122,10 +118,10 @@ set_ipaddr() { ip address add "${ip4_nat_prefix}.1/24" dev "${wifi_device}" fi - if has_ip6delegatedprefix && ! is_ip6addr_set; then - echo "hotspot ${wifi_device}: Set IPv6 address" - ip address delete "$(ip6addrfromdelegatedprefix)/64" dev tun0 &>/dev/null - ip address add "$(ip6addrfromdelegatedprefix)/64" dev "${wifi_device}" + if has_ip6delegatedprefix && ! is_ip6addr_set && ip route get 1.2.3.4 | grep -q tun0; then + echo "hotspot ${wifi_device}: Set IPv6 address ${ip6_addr}" + ip address delete "${ip6_addr}/64" dev tun0 &>/dev/null + ip address add "${ip6_addr}/64" dev "${wifi_device}" fi } @@ -178,8 +174,8 @@ unset_ipaddr() { fi if has_ip6delegatedprefix && is_ip6addr_set; then - echo "hotspot ${wifi_device}: Unset IPv6 address" - ip address delete "$(ip6addrfromdelegatedprefix)/64" dev "${wifi_device}" + echo "hotspot ${wifi_device}: Unset IPv6 address ${ip6_addr}" + ip address delete "${ip6_addr}/64" dev "${wifi_device}" fi } @@ -232,6 +228,7 @@ if [ "$1" != restart ]; then ip6_firewall=$(ynh_app_setting_get --app=$app --key=ip6_firewall) ip6_dns=$(ynh_app_setting_get --app=$app --key=ip6_dns) ip6_net=$(ynh_app_setting_get --app=$app --key=ip6_net) + ip6_addr="${ip6_net}1" ip4_dns=$(ynh_app_setting_get --app=$app --key=ip4_dns) ip4_nat_prefix=$(ynh_app_setting_get --app=$app --key=ip4_nat_prefix) @@ -376,7 +373,7 @@ status) if has_ip6delegatedprefix; then echo "[INFO] hotspot ${wifi_device}: IPv6 delegated prefix found" - echo "[INFO] hotspot ${wifi_device}: IPv6 address computed from the delegated prefix: $(ip6addrfromdelegatedprefix)" + echo "[INFO] hotspot ${wifi_device}: IPv6 address computed from the delegated prefix: ${ip6_addr}" if is_ip6addr_set; then echo "[ OK ] hotspot ${wifi_device}: IPv6 address set" diff --git a/scripts/install b/scripts/install index 451d9ad..b79f359 100644 --- a/scripts/install +++ b/scripts/install @@ -113,8 +113,8 @@ chmod 0755 "/usr/local/bin/$service_name" mkdir -pm 0755 /etc/openvpn/scripts mkdir -pm 0755 /etc/openvpn/scripts/route-up.d mkdir -pm 0755 /etc/openvpn/scripts/route-down.d -ynh_add_config --template="../conf/openvpn_90-hotspot" --destination="/etc/openvpn/scripts/route-up.d/90-$service_name" -ynh_add_config --template="../conf/openvpn_90-hotspot" --destination="/etc/openvpn/scripts/route-down.d/90-$service_name" +ynh_add_config --template="../conf/openvpn_route-up_90-hotspot" --destination="/etc/openvpn/scripts/route-up.d/90-$service_name" +ynh_add_config --template="../conf/openvpn_route-down_90-hotspot" --destination="/etc/openvpn/scripts/route-down.d/90-$service_name" chmod 0755 "/etc/openvpn/scripts/route-up.d/90-${service_name}" chmod 0755 "/etc/openvpn/scripts/route-down.d/90-${service_name}" diff --git a/scripts/upgrade b/scripts/upgrade index fb92cc1..545b60b 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -174,8 +174,8 @@ chmod 0755 "/usr/local/bin/$service_name" mkdir -pm 0755 /etc/openvpn/scripts mkdir -pm 0755 /etc/openvpn/scripts/route-up.d mkdir -pm 0755 /etc/openvpn/scripts/route-down.d -ynh_add_config --template="../conf/openvpn_90-hotspot" --destination="/etc/openvpn/scripts/route-up.d/90-$service_name" -ynh_add_config --template="../conf/openvpn_90-hotspot" --destination="/etc/openvpn/scripts/route-down.d/90-$service_name" +ynh_add_config --template="../conf/openvpn_route-up_90-hotspot" --destination="/etc/openvpn/scripts/route-up.d/90-$service_name" +ynh_add_config --template="../conf/openvpn_route-down_90-hotspot" --destination="/etc/openvpn/scripts/route-down.d/90-$service_name" chmod 0755 "/etc/openvpn/scripts/route-up.d/90-${service_name}" chmod 0755 "/etc/openvpn/scripts/route-down.d/90-${service_name}"