123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119 |
- #!/bin/sh
- CONFIG=1
- source /usr/sbin/helper.sh
- OPENVPN_CONF=/tmp/etc/openvpn
- DNSMASQ_CONF=/tmp/etc/dnsmasq.conf
- cmd_log () {
- if [ ${1} -ne 0 ]; then
- logger "${2}[${1}] - ${3}"
- fi
- }
- cmd_run () {
- CMD=`${2}`
- ERRCODE=$?
- cmd_log ${ERRCODE} "${1}" "${ERR}: ${2}, ${CMD}"
- return ${ERRCODE}
- }
- iptable () {
- IFACE=`echo "${1}"`
- local OPT=`echo "${2}"`
- shift 2
- if [ "${OPT}" = "I" ]; then
- iptable "${IFACE}" "D" ${@}
- fi
- if [ $# -eq 1 ]; then
- cmd_run "iptable" "iptables -t nat -${OPT} POSTROUTING -s ${1} -o ${IFACE} -j MASQUERADE"
- elif [ $# -eq 2 ]; then
- cmd_run "iptable" "iptables -${OPT} ${1} -i ${IFACE} -m state --state NEW -j ${2}"
- elif [ $# -eq 3 ]; then
- cmd_run "iptable" "iptables -${OPT} ${1} -i ${IFACE} -o ${3} -j ${2}"
- else
- cmd_log 0 "iptable" "Unknown argument length ${#} (${@})."
- fi
- }
- ebtable () {
- if [ "${2}" = "I" ]; then
- ebtable "${1}" "D" "${3}"
- fi
- cmd_run "ebtable" "ebtables -t broute -${2} BROUTING -p ${3} -i ${1} -j DROP"
- }
- assign_ip () {
- if [ ! -d "${OPENVPN_CONF}/client${1}/" ]; then
- logger "Missing client${1} in ${OPENVPN_CONF}"
- return 1
- fi
- ifconfig "${IFACE}" > /dev/null 2>&1 || continue
- IFACE_TUN=`cat "${OPENVPN_CONF}/client${1}/config.ovpn" | awk '/dev/ {print $2}'`
- IFACE="${2}"
- IFACE_INET_ADDR="${3}"
- IFACE_NWRK_ADDR="${IFACE_INET_ADDR%.*}.0"
- IFACE_MASK_ADDR="255.255.255.0"
-
- DHCP_START="${IFACE_INET_ADDR%.*}.${4}"
- DHCP_END="${IFACE_INET_ADDR%.*}.${5}"
- RTABLE=$((${1} + 10))
- CIDR=24
- if [ $# -gt 5 ]; then
- CIDR="${5}"
- fi
- LAN=$(ifconfig "br0" | sed -ne's/.*inet addr:\([^ ]*\).*$/\1/p')
- if [ `cat ${DNSMASQ_CONF} | grep -c ${IFACE}` -eq 0 ]; then
- killall dnsmasq
- if [ `cat ${DNSMASQ_CONF} | grep -c "log-dhcp"` -eq 0 ]; then
- pc_append "log-dhcp" ${DNSMASQ_CONF}
- fi
- logger "dnsmasq-dhcp: Configure ${IFACE} to have special DHCP on ${IFACE_INET_ADDR}"
- cmd_run "pc_append" "pc_append interface=${IFACE} ${DNSMASQ_CONF}"
- cmd_run "pc_append" "pc_append dhcp-range=${IFACE},${DHCP_START},${DHCP_END},${IFACE_MASK_ADDR},24h ${DNSMASQ_CONF}"
- cmd_run "pc_append" "pc_append dhcp-option=${IFACE},3,${IFACE_INET_ADDR} ${DNSMASQ_CONF}"
- dnsmasq --log-async
- fi
- while [ ! -n "`ifconfig | grep ${IFACE_TUN}`" ]; do
- sleep 1
- done
- ip route show table main | grep -Ev ^default | while read ROUTE; do
- if [ `ip route show table "${RTABLE}" | grep -ice "${ROUTE}"` -eq 0 ]; then
- cmd_run "ip-route" "ip route add table ${RTABLE} ${ROUTE}"
- fi
- done
- cmd_run "ip-route" "ip route add default dev ${IFACE_TUN} table ${RTABLE}"
- cmd_run "ip-rule" "ip rule add dev ${IFACE} table ${RTABLE}"
- cmd_run "ip-route" "ip route flush cache"
- ebtable "${IFACE}" "I" "ipv4"
- ebtable "${IFACE}" "I" "ipv6"
- ebtable "${IFACE}" "I" "arp"
- iptable "${IFACE}" "I" "INPUT" "ACCEPT"
- iptable "${IFACE}" "I" "FORWARD" "ACCEPT" "${IFACE_TUN}"
- iptable "${IFACE_TUN}" "I" "${IFACE_NWRK_ADDR}/${CIDR}"
- }
- # assign_ip <client #no> <iface> <iface inet> <range start> <range end> [<cidr>]
- assign_ip 1 "wl0.1" "192.168.2.1" "2" "254" #24
- assign_ip 2 "wl0.2" "192.168.3.1" "2" "254" #24
- assign_ip 1 "wl0.3" "192.168.4.1" "2" "254" #24
- assign_ip 3 "wl1.1" "192.168.5.1" "2" "254"
- assign_ip 4 "wl1.2" "192.168.6.1" "2" "254" #24
- assign_ip 5 "wl1.3" "192.168.7.1" "2" "254" #24
|