configure IPv6 only when VPN is up

2024-09-03 19:25:53 +02:00 · 2024-04-28 10:21:40 +02:00 · 2024-04-28 10:21:40 +02:00 · dbb06da824
commit dbb06da824
parent 44e5717f8f
6 changed files with 126 additions and 48 deletions
--- a/conf/openvpn_90-hotspot
+++ b/conf/openvpn_90-hotspot
@ -1,32 +0,0 @@
-#!/bin/bash
-
-is_nat_set() {
-  local gateway_interface=${1}
-  iptables -w -nvt nat -L POSTROUTING | grep MASQUERADE | grep -q "${gateway_interface}"
-}
-
-unset_nat() {
-  local gateway_interface=${1}
-  iptables -w -t nat -D POSTROUTING -o "${gateway_interface}" -j MASQUERADE
-}
-
-set_nat() {
-  local gateway_interface=${1}
-  iptables -w -t nat -A POSTROUTING -o "${gateway_interface}" -j MASQUERADE
-}
-
-ynh_hotspot_state=$(systemctl is-active __SERVICE_NAME__)
-if [[ "${ynh_hotspot_state}" == "active" || "${ynh_hotspot_state}" == "activating" ]]; then
-  old_gateway_interface=$(yunohost app setting __APP__ gateway_interface)
-  new_gateway_interface=$(ip route get 1.2.3.4 | awk '{ print $5; }')
-
-  if [[ -n "$old_gateway_interface" ]] && [[ "$old_gateway_interface" != "$new_gateway_interface" ]] && is_nat_set "$old_gateway_interface"; then
-    unset_nat "${old_gateway_interface}"
-  fi
-
-  if [[ -n "$new_gateway_interface" ]] && ! is_nat_set $new_gateway_interface; then
-    set_nat "${new_gateway_interface}"
-  fi
-
-  yunohost app setting __APP__ gateway_interface --value "${new_gateway_interface}"
-fi
--- a/conf/openvpn_route-down_90-hotspot
+++ b/conf/openvpn_route-down_90-hotspot
@ -0,0 +1,56 @@
+#!/bin/bash
+
+is_nat_set() {
+  local gateway_interface=${1}
+  iptables -w -nvt nat -L POSTROUTING | grep MASQUERADE | grep -q "${gateway_interface}"
+}
+
+unset_nat() {
+  local gateway_interface=${1}
+  echo "[INFO] hotspot ${wifi_device}: Unset NAT on ${gateway_interface}"
+  iptables -w -t nat -D POSTROUTING -o "${gateway_interface}" -j MASQUERADE
+}
+
+set_nat() {
+  local gateway_interface=${1}
+  echo "[INFO] hotspot ${wifi_device}: Set NAT on ${gateway_interface}"
+  iptables -w -t nat -A POSTROUTING -o "${gateway_interface}" -j MASQUERADE
+}
+
+has_ip6delegatedprefix() {
+  [[ -n "${ip6_net}" ]] && [[ "${ip6_net}" != "none" ]]
+}
+
+is_ip6addr_set() {
+  ip address show dev "${wifi_device}" 2>/dev/null | grep -q "${ip6_addr}/64"
+}
+
+unset_ip6addr() {
+  echo "[INFO] hotspot ${wifi_device}: Unset IPv6 address ${ip6_addr}"
+  ip address delete "${ip6_addr}/64" dev "${wifi_device}"
+}
+
+ynh_hotspot_state=$(systemctl is-active __SERVICE_NAME__)
+if [[ "${ynh_hotspot_state}" == "active" || "${ynh_hotspot_state}" == "activating" ]]; then
+  old_gateway_interface=${dev}
+  new_gateway_interface=$(ip route | awk '/default via/ { print $5; }')
+  
+  ip6_net=$(yunohost app setting __APP__ ip6_net)
+  ip6_addr="${ip6_net}1"
+
+  wifi_device=$(yunohost app setting __APP__ wifi_device)
+
+  if is_nat_set "${old_gateway_interface}"; then
+    unset_nat "${old_gateway_interface}"
+  fi
+
+  if [[ -n "$new_gateway_interface" ]] && ! is_nat_set $new_gateway_interface; then
+    set_nat "${new_gateway_interface}"
+  fi
+
+  if has_ip6delegatedprefix && is_ip6addr_set; then
+    unset_ip6addr
+  fi
+
+  yunohost app setting __APP__ gateway_interface --value "${new_gateway_interface}"
+fi
--- a/conf/openvpn_route-up_90-hotspot
+++ b/conf/openvpn_route-up_90-hotspot
@ -0,0 +1,57 @@
+#!/bin/bash
+
+is_nat_set() {
+  local gateway_interface=${1}
+  iptables -w -nvt nat -L POSTROUTING | grep MASQUERADE | grep -q "${gateway_interface}"
+}
+
+unset_nat() {
+  local gateway_interface=${1}
+  echo "[INFO] hotspot ${wifi_device}: Unset NAT on ${gateway_interface}"
+  iptables -w -t nat -D POSTROUTING -o "${gateway_interface}" -j MASQUERADE
+}
+
+set_nat() {
+  local gateway_interface=${1}
+  echo "[INFO] hotspot ${wifi_device}: Set NAT on ${gateway_interface}"
+  iptables -w -t nat -A POSTROUTING -o "${gateway_interface}" -j MASQUERADE
+}
+
+has_ip6delegatedprefix() {
+  [[ -n "${ip6_net}" ]] && [[ "${ip6_net}" != "none" ]]
+}
+
+is_ip6addr_set() {
+  ip address show dev "${wifi_device}" 2>/dev/null | grep -q "${ip6_addr}/64"
+}
+
+set_ip6addr() {
+  echo "[INFO] hotspot ${wifi_device}: Set IPv6 address ${ip6_addr}"
+  ip address delete "${ip6_addr}/64" dev "${new_gateway_interface}" &>/dev/null
+  ip address add "${ip6_addr}/64" dev "${wifi_device}"
+}
+
+ynh_hotspot_state=$(systemctl is-active __SERVICE_NAME__)
+if [[ "${ynh_hotspot_state}" == "active" || "${ynh_hotspot_state}" == "activating" ]]; then
+  old_gateway_interface=$(ip route | awk '/default via/ { print $5; }')
+  new_gateway_interface=${dev}
+  
+  ip6_net=$(yunohost app setting __APP__ ip6_net)
+  ip6_addr="${ip6_net}1"
+
+  wifi_device=$(yunohost app setting __APP__ wifi_device)
+
+  if [[ -n "$old_gateway_interface" ]] && is_nat_set "$old_gateway_interface"; then
+    unset_nat "${old_gateway_interface}"
+  fi
+
+  if ! is_nat_set $new_gateway_interface; then
+    set_nat "${new_gateway_interface}"
+  fi
+
+  if has_ip6delegatedprefix && ! is_ip6addr_set; then
+    set_ip6addr
+  fi
+
+  yunohost app setting __APP__ gateway_interface --value "${new_gateway_interface}"
+fi
--- a/conf/ynh-hotspot
+++ b/conf/ynh-hotspot
@ -26,10 +26,6 @@ has_ip6delegatedprefix() {
    [[ -n "${ip6_net}" ]] && [[ "${ip6_net}" != "none" ]]
 }

-ip6addrfromdelegatedprefix() {
-    echo "${ip6_net}1"
-}
-
 is_nat_set() {
    local gateway_interface=${1}
    iptables -w -nvt nat -L POSTROUTING | grep MASQUERADE | grep -q "${gateway_interface}"
@ -40,7 +36,7 @@ is_ip4nataddr_set() {
 }

 is_ip6addr_set() {
-    ip address show dev "${wifi_device}" 2>/dev/null | grep -q "$(ip6addrfromdelegatedprefix)/64"
+    ip address show dev "${wifi_device}" 2>/dev/null | grep -q "${ip6_addr}/64"
 }

 is_ip6firewall_set() {
@ -122,10 +118,10 @@ set_ipaddr() {
        ip address add "${ip4_nat_prefix}.1/24" dev "${wifi_device}"
    fi

-    if has_ip6delegatedprefix && ! is_ip6addr_set; then
-        echo "hotspot ${wifi_device}: Set IPv6 address"
-        ip address delete "$(ip6addrfromdelegatedprefix)/64" dev tun0 &>/dev/null
-        ip address add "$(ip6addrfromdelegatedprefix)/64" dev "${wifi_device}"
+    if has_ip6delegatedprefix && ! is_ip6addr_set && ip route get 1.2.3.4 | grep -q tun0; then
+        echo "hotspot ${wifi_device}: Set IPv6 address ${ip6_addr}"
+        ip address delete "${ip6_addr}/64" dev tun0 &>/dev/null
+        ip address add "${ip6_addr}/64" dev "${wifi_device}"
    fi
 }

@ -178,8 +174,8 @@ unset_ipaddr() {
    fi

    if has_ip6delegatedprefix && is_ip6addr_set; then
-        echo "hotspot ${wifi_device}: Unset IPv6 address"
-        ip address delete "$(ip6addrfromdelegatedprefix)/64" dev "${wifi_device}"
+        echo "hotspot ${wifi_device}: Unset IPv6 address ${ip6_addr}"
+        ip address delete "${ip6_addr}/64" dev "${wifi_device}"
    fi
 }

@ -232,6 +228,7 @@ if [ "$1" != restart ]; then
    ip6_firewall=$(ynh_app_setting_get --app=$app --key=ip6_firewall)
    ip6_dns=$(ynh_app_setting_get --app=$app --key=ip6_dns)
    ip6_net=$(ynh_app_setting_get --app=$app --key=ip6_net)
+    ip6_addr="${ip6_net}1"
    ip4_dns=$(ynh_app_setting_get --app=$app --key=ip4_dns)
    ip4_nat_prefix=$(ynh_app_setting_get --app=$app --key=ip4_nat_prefix)

@ -376,7 +373,7 @@ status)

    if has_ip6delegatedprefix; then
        echo "[INFO] hotspot ${wifi_device}: IPv6 delegated prefix found"
-        echo "[INFO] hotspot ${wifi_device}: IPv6 address computed from the delegated prefix: $(ip6addrfromdelegatedprefix)"
+        echo "[INFO] hotspot ${wifi_device}: IPv6 address computed from the delegated prefix: ${ip6_addr}"

        if is_ip6addr_set; then
            echo "[ OK ] hotspot ${wifi_device}: IPv6 address set"
--- a/scripts/install
+++ b/scripts/install
@ -113,8 +113,8 @@ chmod 0755 "/usr/local/bin/$service_name"
 mkdir -pm 0755 /etc/openvpn/scripts
 mkdir -pm 0755 /etc/openvpn/scripts/route-up.d
 mkdir -pm 0755 /etc/openvpn/scripts/route-down.d
-ynh_add_config --template="../conf/openvpn_90-hotspot" --destination="/etc/openvpn/scripts/route-up.d/90-$service_name"
-ynh_add_config --template="../conf/openvpn_90-hotspot" --destination="/etc/openvpn/scripts/route-down.d/90-$service_name"
+ynh_add_config --template="../conf/openvpn_route-up_90-hotspot" --destination="/etc/openvpn/scripts/route-up.d/90-$service_name"
+ynh_add_config --template="../conf/openvpn_route-down_90-hotspot" --destination="/etc/openvpn/scripts/route-down.d/90-$service_name"
 chmod 0755 "/etc/openvpn/scripts/route-up.d/90-${service_name}"
 chmod 0755 "/etc/openvpn/scripts/route-down.d/90-${service_name}"

--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -174,8 +174,8 @@ chmod 0755 "/usr/local/bin/$service_name"
 mkdir -pm 0755 /etc/openvpn/scripts
 mkdir -pm 0755 /etc/openvpn/scripts/route-up.d
 mkdir -pm 0755 /etc/openvpn/scripts/route-down.d
-ynh_add_config --template="../conf/openvpn_90-hotspot" --destination="/etc/openvpn/scripts/route-up.d/90-$service_name"
-ynh_add_config --template="../conf/openvpn_90-hotspot" --destination="/etc/openvpn/scripts/route-down.d/90-$service_name"
+ynh_add_config --template="../conf/openvpn_route-up_90-hotspot" --destination="/etc/openvpn/scripts/route-up.d/90-$service_name"
+ynh_add_config --template="../conf/openvpn_route-down_90-hotspot" --destination="/etc/openvpn/scripts/route-down.d/90-$service_name"
 chmod 0755 "/etc/openvpn/scripts/route-up.d/90-${service_name}"
 chmod 0755 "/etc/openvpn/scripts/route-down.d/90-${service_name}"