|
@@ -2,11 +2,13 @@
|
|
|
CONFIG=1
|
|
|
source /usr/sbin/helper.sh
|
|
|
|
|
|
+OPENVPN_CONF=/tmp/etc/openvpn
|
|
|
DNSMASQ_CONF=/tmp/etc/dnsmasq.conf
|
|
|
|
|
|
-
|
|
|
cmd_log () {
|
|
|
- logger "${2}[${1}] - ${3}"
|
|
|
+ if [ ${1} -ne 0 ]; then
|
|
|
+ logger "${2}[${1}] - ${3}"
|
|
|
+ fi
|
|
|
}
|
|
|
|
|
|
cmd_run () {
|
|
@@ -17,101 +19,101 @@ cmd_run () {
|
|
|
}
|
|
|
|
|
|
iptable () {
|
|
|
-
|
|
|
- ARG="${1}"
|
|
|
- if [ $# -gt 3 ]; then
|
|
|
- ARG="${ARG} -d ${4}"
|
|
|
+ IFACE=`echo "${1}"`
|
|
|
+ local OPT=`echo "${2}"`
|
|
|
+ shift 2
|
|
|
+ if [ "${OPT}" = "I" ]; then
|
|
|
+ iptable "${IFACE}" "D" ${@}
|
|
|
fi
|
|
|
-
|
|
|
- cmd_run "iptable" "iptables -C ${2} -i ${ARG} -j ${3}"
|
|
|
- if [ $? -eq 1 ]; then
|
|
|
- cmd_run "iptable" "iptables -I ${2} -i ${ARG} -j ${3}"
|
|
|
+ if [ $# -eq 1 ]; then
|
|
|
+ cmd_run "iptable" "iptables -t nat -${OPT} POSTROUTING -s ${1} -o ${IFACE} -j MASQUERADE"
|
|
|
+ elif [ $# -eq 2 ]; then
|
|
|
+ cmd_run "iptable" "iptables -${OPT} ${1} -i ${IFACE} -m state --state NEW -j ${2}"
|
|
|
+ elif [ $# -eq 3 ]; then
|
|
|
+ cmd_run "iptable" "iptables -${OPT} ${1} -i ${IFACE} -o ${3} -j ${2}"
|
|
|
else
|
|
|
- cmd_run "iptable" "iptables -D ${2} -i ${ARG} -j ${3}"
|
|
|
- #iptable ${1} ${2} ${3} ${4}
|
|
|
+ cmd_log 0 "iptable" "Unknown argument length ${#} (${@})."
|
|
|
fi
|
|
|
}
|
|
|
|
|
|
ebtable () {
|
|
|
-
|
|
|
-
|
|
|
- CMD="-p ${2} -${4} ${1} -j ${3}"
|
|
|
-
|
|
|
- if [ `ebtables -t broute -L | grep -ice "${CMD}"` -eq 0 ]; then
|
|
|
- if [ $# -eq 1 ]; then
|
|
|
- cmd_run "ebtable" "ebtables ${1}"
|
|
|
- return $?
|
|
|
- else
|
|
|
- cmd_run "ebtable" "ebtables -t broute -I BROUTING ${CMD}"
|
|
|
- fi
|
|
|
- else
|
|
|
- cmd_run "ebtable" "ebtables -t broute -D BROUTING ${CMD}"
|
|
|
- if [ $# -eq 4 ]; then
|
|
|
- ebtable ${1} ${2} ${3} ${4}
|
|
|
- fi
|
|
|
+ if [ "${2}" = "I" ]; then
|
|
|
+ ebtable "${1}" "D" "${3}"
|
|
|
fi
|
|
|
- return $?
|
|
|
+ cmd_run "ebtable" "ebtables -t broute -${2} BROUTING -p ${3} -i ${1} -j DROP"
|
|
|
}
|
|
|
|
|
|
assign_ip () {
|
|
|
- IFACE="${1}"
|
|
|
- IFACE_INET_ADDR="${2}"
|
|
|
-
|
|
|
- IFACE_NWRK_ADDR="${IFACE_INET_ADDR%.*}.0"
|
|
|
- IFACE_MASK_ADDR="255.255.255.0"
|
|
|
-
|
|
|
- DHCP_START="${IFACE_INET_ADDR%.*}.${3}"
|
|
|
- DHCP_END="${IFACE_INET_ADDR%.*}.${4}"
|
|
|
-
|
|
|
- LAN=$(ifconfig "br0" | sed -ne's/.*inet addr:\([^ ]*\).*$/\1/p')
|
|
|
|
|
|
- echo "
|
|
|
- IFACE: ${IFACE}
|
|
|
- INET: ${IFACE_INET_ADDR}
|
|
|
- NWRK: ${IFACE_NWRK_ADDR}
|
|
|
- MASK: ${IFACE_MASK_ADDR}
|
|
|
- DCHP
|
|
|
- START: ${DHCP_START}
|
|
|
- END: ${DHCP_END}
|
|
|
- LAN: ${LAN}"
|
|
|
+ if [ ! -d "${OPENVPN_CONF}/client${1}/" ]; then
|
|
|
+ logger "Missing client${1} in ${OPENVPN_CONF}"
|
|
|
+ return 1
|
|
|
+ fi
|
|
|
|
|
|
ifconfig "${IFACE}" > /dev/null 2>&1 || continue
|
|
|
|
|
|
- cmd_run "ifconfig" "ifconfig ${IFACE} ${IFACE_INET_ADDR} netmask ${IFACE_MASK_ADDR}"
|
|
|
+ IFACE_TUN=`cat "${OPENVPN_CONF}/client${1}/config.ovpn" | awk '/dev/ {print $2}'`
|
|
|
|
|
|
- ebtable "${IFACE}" "ipv4" "DROP" "i"
|
|
|
- ebtable "${IFACE}" "ipv6" "DROP" "i"
|
|
|
- ebtable "${IFACE}" "arp" "DROP" "i"
|
|
|
+ IFACE="${2}"
|
|
|
+ IFACE_INET_ADDR="${3}"
|
|
|
+
|
|
|
+ IFACE_NWRK_ADDR="${IFACE_INET_ADDR%.*}.0"
|
|
|
+ IFACE_MASK_ADDR="255.255.255.0"
|
|
|
|
|
|
- iptable "${IFACE}" "FORWARD" "ACCEPT"
|
|
|
- iptable "${IFACE}" "INPUT" "ACCEPT"
|
|
|
- iptable "${IFACE}" "FORWARD" "DROP" "${LAN}/24"
|
|
|
- iptable "${IFACE}" "INPUT" "DROP" "${LAN}/24"
|
|
|
+ DHCP_START="${IFACE_INET_ADDR%.*}.${4}"
|
|
|
+ DHCP_END="${IFACE_INET_ADDR%.*}.${5}"
|
|
|
+
|
|
|
+ RTABLE=$((${1} + 10))
|
|
|
|
|
|
- ebtable "-D FORWARD -i ${IFACE} -j DROP"
|
|
|
- ebtable "-D FORWARD -o ${IFACE} -j DROP"
|
|
|
+ CIDR=24
|
|
|
+ if [ $# -gt 5 ]; then
|
|
|
+ CIDR="${5}"
|
|
|
+ fi
|
|
|
+
|
|
|
+ LAN=$(ifconfig "br0" | sed -ne's/.*inet addr:\([^ ]*\).*$/\1/p')
|
|
|
|
|
|
if [ `cat ${DNSMASQ_CONF} | grep -c ${IFACE}` -eq 0 ]; then
|
|
|
- logger "dnsmasq-dhcp: Configure ${IFACE} to have special DHCP"
|
|
|
- pc_append "interface=${IFACE}" ${DNSMASQ_CONF}
|
|
|
- pc_append "dhcp-range=${IFACE},${DHCP_START},${DHCP_END},${IFACE_MASK_ADDR},24h" ${DNSMASQ_CONF}
|
|
|
- pc_append "dhcp-option=${IFACE},3,${IFACE_INET_ADDR}" ${DNSMASQ_CONF}
|
|
|
- #pc_append "dhcp-option=${IFACE},6,8.8.8.8,8.8.4.4" ${DNSMASQ_CONF}
|
|
|
- pc_append "dhcp-option=${IFACE},252,\"\n\"" ${DNSMASQ_CONF}
|
|
|
+ killall dnsmasq
|
|
|
+
|
|
|
+ if [ `cat ${DNSMASQ_CONF} | grep -c "log-dhcp"` -eq 0 ]; then
|
|
|
+ pc_append "log-dhcp" ${DNSMASQ_CONF}
|
|
|
+ fi
|
|
|
+ logger "dnsmasq-dhcp: Configure ${IFACE} to have special DHCP on ${IFACE_INET_ADDR}"
|
|
|
+ cmd_run "pc_append" "pc_append interface=${IFACE} ${DNSMASQ_CONF}"
|
|
|
+ cmd_run "pc_append" "pc_append dhcp-range=${IFACE},${DHCP_START},${DHCP_END},${IFACE_MASK_ADDR},24h ${DNSMASQ_CONF}"
|
|
|
+ cmd_run "pc_append" "pc_append dhcp-option=${IFACE},3,${IFACE_INET_ADDR} ${DNSMASQ_CONF}"
|
|
|
+ dnsmasq --log-async
|
|
|
fi
|
|
|
|
|
|
-}
|
|
|
+ while [ ! -n "`ifconfig | grep ${IFACE_TUN}`" ]; do
|
|
|
+ sleep 1
|
|
|
+ done
|
|
|
|
|
|
|
|
|
-killall dnsmasq
|
|
|
+ ip route show table main | grep -Ev ^default | while read ROUTE; do
|
|
|
+ if [ `ip route show table "${RTABLE}" | grep -ice "${ROUTE}"` -eq 0 ]; then
|
|
|
+ cmd_run "ip-route" "ip route add table ${RTABLE} ${ROUTE}"
|
|
|
+ fi
|
|
|
+ done
|
|
|
+
|
|
|
+ cmd_run "ip-route" "ip route add default dev ${IFACE_TUN} table ${RTABLE}"
|
|
|
+ cmd_run "ip-rule" "ip rule add dev ${IFACE} table ${RTABLE}"
|
|
|
+ cmd_run "ip-route" "ip route flush cache"
|
|
|
|
|
|
-if [ `cat ${DNSMASQ_CONF} | grep -c "log-dhcp"` -eq 0 ]; then
|
|
|
- pc_append "log-dhcp" ${DNSMASQ_CONF}
|
|
|
-fi
|
|
|
+ ebtable "${IFACE}" "I" "ipv4"
|
|
|
+ ebtable "${IFACE}" "I" "ipv6"
|
|
|
+ ebtable "${IFACE}" "I" "arp"
|
|
|
|
|
|
-assign_ip "wl0.1" "192.168.2.1" "128" "191" #/26
|
|
|
-assign_ip "wl0.2" "192.168.3.1" "128" "191" #/26
|
|
|
+ iptable "${IFACE}" "I" "INPUT" "ACCEPT"
|
|
|
+ iptable "${IFACE}" "I" "FORWARD" "ACCEPT" "${IFACE_TUN}"
|
|
|
+ iptable "${IFACE_TUN}" "I" "${IFACE_NWRK_ADDR}/${CIDR}"
|
|
|
|
|
|
-cat ${DNSMASQ_CONF}
|
|
|
+}
|
|
|
|
|
|
-dnsmasq --log-async
|
|
|
+# assign_ip <client #no> <iface> <iface inet> <range start> <range end> [<cidr>]
|
|
|
+assign_ip 1 "wl0.1" "192.168.2.1" "2" "254" #24
|
|
|
+assign_ip 2 "wl0.2" "192.168.3.1" "2" "254" #24
|
|
|
+assign_ip 1 "wl0.3" "192.168.4.1" "2" "254" #24
|
|
|
+assign_ip 3 "wl1.1" "192.168.5.1" "2" "254"
|
|
|
+assign_ip 4 "wl1.2" "192.168.6.1" "2" "254" #24
|
|
|
+assign_ip 5 "wl1.3" "192.168.7.1" "2" "254" #24
|