Browse Source

Re-wrote with merlin guidelines in mind

Joachim M. Giæver 7 years ago
parent
commit
cc3b18579a
2 changed files with 75 additions and 86 deletions
  1. 75 73
      assign-ip-ssid
  2. 0 13
      dnsmasq.conf

+ 75 - 73
assign-ip-ssid

@@ -2,11 +2,13 @@
 CONFIG=1
 source /usr/sbin/helper.sh
 
+OPENVPN_CONF=/tmp/etc/openvpn
 DNSMASQ_CONF=/tmp/etc/dnsmasq.conf
 
-
 cmd_log () {
-    logger "${2}[${1}] - ${3}"
+    if [ ${1} -ne 0 ]; then
+        logger "${2}[${1}] - ${3}"
+    fi
 }
 
 cmd_run () {
@@ -17,101 +19,101 @@ cmd_run () {
 }
 
 iptable () {
-
-    ARG="${1}"
-    if [ $# -gt 3 ]; then
-        ARG="${ARG} -d ${4}"
+    IFACE=`echo "${1}"`
+    local OPT=`echo "${2}"`
+    shift 2
+    if [ "${OPT}" = "I" ]; then
+        iptable "${IFACE}" "D" ${@}
     fi
-
-    cmd_run "iptable" "iptables -C ${2} -i ${ARG} -j ${3}"
-    if [ $? -eq 1 ]; then
-        cmd_run "iptable" "iptables -I ${2} -i ${ARG} -j ${3}"
+    if [ $# -eq 1 ]; then
+        cmd_run "iptable" "iptables -t nat -${OPT} POSTROUTING -s ${1} -o ${IFACE} -j MASQUERADE"
+    elif [ $# -eq 2 ]; then
+        cmd_run "iptable" "iptables -${OPT} ${1} -i ${IFACE} -m state --state NEW -j ${2}"
+    elif [ $# -eq 3 ]; then
+        cmd_run "iptable" "iptables -${OPT} ${1} -i ${IFACE} -o ${3} -j ${2}"
     else
-        cmd_run "iptable" "iptables -D ${2} -i ${ARG} -j ${3}"
-        #iptable ${1} ${2} ${3} ${4}
+        cmd_log 0 "iptable" "Unknown argument length ${#} (${@})."
     fi
 }
 
 ebtable () {
-
-
-    CMD="-p ${2} -${4} ${1} -j ${3}"
-
-    if [ `ebtables -t broute -L | grep -ice "${CMD}"` -eq 0 ]; then
-        if [ $# -eq 1 ]; then
-           cmd_run "ebtable" "ebtables ${1}"
-           return $?
-        else
-            cmd_run "ebtable" "ebtables -t broute -I BROUTING ${CMD}"
-        fi
-    else
-        cmd_run "ebtable" "ebtables -t broute -D BROUTING ${CMD}"
-        if [ $# -eq 4 ]; then
-            ebtable ${1} ${2} ${3} ${4}
-        fi
+    if [ "${2}" = "I" ]; then
+        ebtable "${1}" "D" "${3}"
     fi
-    return $?
+    cmd_run "ebtable" "ebtables -t broute -${2} BROUTING -p ${3} -i ${1} -j DROP"
 }
 
 assign_ip () {
-    IFACE="${1}"
-    IFACE_INET_ADDR="${2}"
-
-    IFACE_NWRK_ADDR="${IFACE_INET_ADDR%.*}.0"
-    IFACE_MASK_ADDR="255.255.255.0"
-    
-    DHCP_START="${IFACE_INET_ADDR%.*}.${3}"
-    DHCP_END="${IFACE_INET_ADDR%.*}.${4}"
-
-    LAN=$(ifconfig "br0" | sed -ne's/.*inet addr:\([^ ]*\).*$/\1/p')
 
-    echo "
-    IFACE: ${IFACE}
-    INET: ${IFACE_INET_ADDR}
-    NWRK: ${IFACE_NWRK_ADDR}
-    MASK: ${IFACE_MASK_ADDR}
-    DCHP
-        START:  ${DHCP_START}
-        END:    ${DHCP_END}
-    LAN: ${LAN}"
+    if [ ! -d "${OPENVPN_CONF}/client${1}/" ]; then
+        logger "Missing client${1} in ${OPENVPN_CONF}"
+        return 1
+    fi
 
     ifconfig "${IFACE}" > /dev/null 2>&1 || continue
 
-    cmd_run "ifconfig" "ifconfig ${IFACE} ${IFACE_INET_ADDR} netmask ${IFACE_MASK_ADDR}"
+    IFACE_TUN=`cat "${OPENVPN_CONF}/client${1}/config.ovpn" | awk '/dev/ {print $2}'`
 
-    ebtable "${IFACE}" "ipv4" "DROP" "i"
-    ebtable "${IFACE}" "ipv6" "DROP" "i"
-    ebtable "${IFACE}" "arp" "DROP" "i"
+    IFACE="${2}"
+    IFACE_INET_ADDR="${3}"
+
+    IFACE_NWRK_ADDR="${IFACE_INET_ADDR%.*}.0"
+    IFACE_MASK_ADDR="255.255.255.0"
     
-    iptable "${IFACE}" "FORWARD" "ACCEPT"
-    iptable "${IFACE}" "INPUT" "ACCEPT"
-    iptable "${IFACE}" "FORWARD" "DROP" "${LAN}/24"
-    iptable "${IFACE}" "INPUT" "DROP" "${LAN}/24"
+    DHCP_START="${IFACE_INET_ADDR%.*}.${4}"
+    DHCP_END="${IFACE_INET_ADDR%.*}.${5}"
+
+    RTABLE=$((${1} + 10))
 
-    ebtable "-D FORWARD -i ${IFACE} -j DROP"
-    ebtable "-D FORWARD -o ${IFACE} -j DROP"
+    CIDR=24
+    if [ $# -gt 5 ]; then
+        CIDR="${5}"
+    fi
+
+    LAN=$(ifconfig "br0" | sed -ne's/.*inet addr:\([^ ]*\).*$/\1/p')
 
     if [ `cat ${DNSMASQ_CONF} | grep -c ${IFACE}` -eq 0 ]; then
-        logger "dnsmasq-dhcp: Configure ${IFACE} to have special DHCP"
-        pc_append "interface=${IFACE}" ${DNSMASQ_CONF}
-        pc_append "dhcp-range=${IFACE},${DHCP_START},${DHCP_END},${IFACE_MASK_ADDR},24h" ${DNSMASQ_CONF}
-        pc_append "dhcp-option=${IFACE},3,${IFACE_INET_ADDR}" ${DNSMASQ_CONF}
-        #pc_append "dhcp-option=${IFACE},6,8.8.8.8,8.8.4.4" ${DNSMASQ_CONF}
-        pc_append "dhcp-option=${IFACE},252,\"\n\"" ${DNSMASQ_CONF}
+        killall dnsmasq
+
+        if [ `cat ${DNSMASQ_CONF} | grep -c "log-dhcp"` -eq 0 ]; then
+            pc_append "log-dhcp" ${DNSMASQ_CONF}
+        fi
+        logger "dnsmasq-dhcp: Configure ${IFACE} to have special DHCP on ${IFACE_INET_ADDR}"
+        cmd_run "pc_append" "pc_append interface=${IFACE} ${DNSMASQ_CONF}"
+        cmd_run "pc_append" "pc_append dhcp-range=${IFACE},${DHCP_START},${DHCP_END},${IFACE_MASK_ADDR},24h ${DNSMASQ_CONF}"
+        cmd_run "pc_append" "pc_append dhcp-option=${IFACE},3,${IFACE_INET_ADDR} ${DNSMASQ_CONF}"
+        dnsmasq --log-async
     fi
 
-}
+    while [ ! -n "`ifconfig | grep ${IFACE_TUN}`" ]; do
+        sleep 1
+    done
 
 
-killall dnsmasq
+    ip route show table main | grep -Ev ^default | while read ROUTE; do
+        if [ `ip route show table "${RTABLE}" | grep -ice "${ROUTE}"` -eq 0 ]; then
+            cmd_run "ip-route" "ip route add table ${RTABLE} ${ROUTE}"
+        fi
+    done
+
+    cmd_run "ip-route" "ip route add default dev ${IFACE_TUN} table ${RTABLE}"
+    cmd_run "ip-rule" "ip rule add dev ${IFACE} table ${RTABLE}"
+    cmd_run "ip-route" "ip route flush cache"
 
-if [ `cat ${DNSMASQ_CONF} | grep -c "log-dhcp"` -eq 0 ]; then
-    pc_append "log-dhcp" ${DNSMASQ_CONF}
-fi
+    ebtable "${IFACE}" "I" "ipv4"
+    ebtable "${IFACE}" "I" "ipv6"
+    ebtable "${IFACE}" "I" "arp"
 
-assign_ip "wl0.1" "192.168.2.1" "128" "191" #/26
-assign_ip "wl0.2" "192.168.3.1" "128" "191" #/26
+    iptable "${IFACE}" "I" "INPUT" "ACCEPT"
+    iptable "${IFACE}" "I" "FORWARD" "ACCEPT" "${IFACE_TUN}"
+    iptable "${IFACE_TUN}" "I" "${IFACE_NWRK_ADDR}/${CIDR}"
 
-cat ${DNSMASQ_CONF}
+}
 
-dnsmasq --log-async
+# assign_ip <client #no> <iface> <iface inet> <range start> <range end> [<cidr>]
+assign_ip 1 "wl0.1" "192.168.2.1" "2" "254" #24
+assign_ip 2 "wl0.2" "192.168.3.1" "2" "254" #24
+assign_ip 1 "wl0.3" "192.168.4.1" "2" "254" #24
+assign_ip 3 "wl1.1" "192.168.5.1" "2" "254"
+assign_ip 4 "wl1.2" "192.168.6.1" "2" "254" #24
+assign_ip 5 "wl1.3" "192.168.7.1" "2" "254" #24

+ 0 - 13
dnsmasq.conf

@@ -1,13 +0,0 @@
-log-dhcp
-interface=wl0.1
-dhcp-range=wl0.1,192.168.2.100,192.168.2.199,255.255.255.0,86400s
-dhcp-option=wl0.1,3,192.168.2.1
-dhcp-option=wl0.1,6,8.8.8.8,8.8.4.4
-interface=wl1.1
-dhcp-range=wl1.1,192.168.2.100,192.168.2.149,255.255.255.0,86400s
-dhcp-option=wl1.1,3,192.168.2.1
-dhcp-option=wl1.1,6,8.8.8.8,8.8.4.4
-interface=wl2.1
-dhcp-range=wl2.1,192.168.2.100,192.168.2.149,255.255.255.0,86400s
-dhcp-option=wl2.1,3,192.168.2.1
-dhcp-option=wl2.1,6,8.8.8.8,8.8.4.4