export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
set -o pipefail
-trm_ver="2.0.8"
+trm_ver="2.0.9"
trm_enabled="0"
trm_debug="0"
trm_iface=""
return
fi
- unset trm_stalist trm_radiolist trm_uplinklist trm_uplinkcfg trm_wpaflags trm_activesta trm_opensta
+ unset trm_stalist trm_radiolist trm_uplinklist trm_vpnifacelist trm_uplinkcfg trm_wpaflags trm_activesta trm_opensta
trm_sysver="$(ubus -S call system board 2>/dev/null | jsonfilter -q -e '@.model' -e '@.release.description' |
awk 'BEGIN{RS="";FS="\n"}{printf "%s, %s",$1,$2}')"
fi
json_load_file "${trm_rtfile}" >/dev/null 2>&1
-
if ! json_select data >/dev/null 2>&1; then
: >"${trm_rtfile}"
json_init
json_add_object "data"
fi
+
+ config_load network
+ config_foreach f_getvpn "interface"
f_log "debug" "f_env ::: auto_sta: ${trm_opensta:-"-"}, wpa_flags: ${trm_wpaflags}, sys_ver: ${trm_sysver}"
}
# vpn helper function
#
f_vpn() {
- local rc vpn vpn_service vpn_iface vpn_action="${1}"
+ local rc result iface vpn vpn_service vpn_iface vpn_status vpn_action="${1}"
vpn="$(f_getval "vpn")"
vpn_service="$(f_getval "vpnservice")"
vpn_iface="$(f_getval "vpniface")"
- if [ -x "${trm_vpnpgm}" ] && [ -n "${vpn}" ] && [ -n "${vpn_service}" ] && [ -n "${vpn_iface}" ] && [ -f "${trm_ntpfile}" ]; then
+ if [ ! -f "${trm_vpnfile}" ] || { [ -f "${trm_vpnfile}" ] && [ "${vpn_action}" = "enable" ]; }; then
+ for iface in ${trm_vpnifacelist}; do
+ vpn_status="$(ifstatus "${iface}" | jsonfilter -q -l1 -e '@.up')"
+ if [ "${vpn_status}" = "true" ]; then
+ ifdown "${iface}"
+ f_log "info" "take down vpn interface '${iface}' (initial)"
+ fi
+ done
+ [ -x "/etc/init.d/openvpn" ] && /etc/init.d/openvpn stop
+ if [ -f "/etc/init.d/sysntpd" ]; then
+ /etc/init.d/sysntpd restart >/dev/null 2>&1
+ fi
+ rm -f "${trm_vpnfile}"
+ elif [ "${vpn}" = "1" ] && [ -n "${vpn_iface}" ] && [ "${vpn_action}" = "enable_keep" ]; then
+ for iface in ${trm_vpnifacelist}; do
+ vpn_status="$(ifstatus "${iface}" | jsonfilter -q -l1 -e '@.up')"
+ if [ "${vpn_status}" = "true" ] && [ "${iface}" != "${vpn_iface}" ]; then
+ ifdown "${iface}"
+ [ -x "/etc/init.d/openvpn" ] && /etc/init.d/openvpn stop
+ f_log "info" "take down vpn interface '${iface}' (switch)"
+ rm -f "${trm_vpnfile}"
+ break
+ fi
+ done
+ fi
+ if [ -x "${trm_vpnpgm}" ] && [ -n "${vpn_service}" ] && [ -n "${vpn_iface}" ] && [ -f "${trm_ntpfile}" ]; then
if { [ "${vpn_action}" = "disable" ] && [ -f "${trm_vpnfile}" ]; } ||
- { [ "${vpn}" = "1" ] && [ "${vpn_action}" = "enable" ] && [ ! -f "${trm_vpnfile}" ]; } ||
- { [ "${vpn}" != "1" ] && [ "${vpn_action}" = "enable" ] && [ -f "${trm_vpnfile}" ]; }; then
- "${trm_vpnpgm}" "${vpn}" "${vpn_action}" "${vpn_service}" "${vpn_iface}" >/dev/null 2>&1
- rc="${?}"
+ { [ "${vpn}" = "1" ] && [ "${vpn_action%_*}" = "enable" ] && [ ! -f "${trm_vpnfile}" ]; } ||
+ { [ "${vpn}" != "1" ] && [ "${vpn_action%_*}" = "enable" ] && [ -f "${trm_vpnfile}" ]; }; then
+ result="$(f_net)"
+ if [ "${result}" = "net ok" ] || [ "${vpn_action}" = "disable" ]; then
+ f_log "info" "vpn call '${vpn:-"0"}/${vpn_action}/${vpn_service}/${vpn_iface}'"
+ "${trm_vpnpgm}" "${vpn:-"0"}" "${vpn_action%_*}" "${vpn_service}" "${vpn_iface}" >/dev/null 2>&1
+ rc="${?}"
+ fi
fi
- if [ "${vpn}" = "1" ] && [ "${vpn_action}" = "enable" ] && [ "${rc}" = "0" ]; then
+ if [ "${vpn}" = "1" ] && [ "${vpn_action%_*}" = "enable" ] && [ "${rc}" = "0" ]; then
: >"${trm_vpnfile}"
- elif { [ "${vpn}" != "1" ] || [ "${vpn_action}" = "disable" ]; } && [ -f "${trm_vpnfile}" ]; then
+ elif [ "${vpn}" != "1" ] || [ "${vpn_action}" = "disable" ]; then
rm -f "${trm_vpnfile}"
fi
[ -n "${rc}" ] && f_jsnup
fi
- f_log "debug" "f_vpn ::: enabled: ${vpn:-"-"}, action: ${vpn_action}, service: ${vpn_service:-"-"}, iface: ${vpn_iface:-"-"}, rc: ${rc:-"-"}, program: ${trm_vpnpgm}"
+ f_log "debug" "f_vpn ::: enabled: ${vpn:-"-"}, action: ${vpn_action}, service: ${vpn_service:-"-"}, iface: ${vpn_iface:-"-"}, rc: ${rc:-"-"}"
}
# mac helper function
f_log "debug" "f_ctrack ::: action: ${action:-"-"}, uplink_config: ${trm_uplinkcfg:-"-"}"
}
+# get logical vpn network interfaces
+#
+f_getvpn() {
+ local proto iface="${1}"
+
+ proto="$(uci_get "network" "${iface}" "proto")"
+ if [ "${proto}" = "none" ] || [ "${proto}" = "wireguard" ]; then
+ trm_vpnifacelist="$(f_trim "${trm_vpnifacelist} ${iface}")"
+ fi
+ f_log "debug" "f_getvpn ::: interface: ${iface:-"-"}, protocol: ${proto:-"-"}, vpn_interfacelist: ${trm_vpnifacelist:-"-"}"
+}
+
# get wan gateway addresses
#
f_getgw() {
if [ -n "${trm_connection}" ] && [ "${radio}" = "${config_radio}" ] && [ "${sta_radio}" = "${config_radio}" ] &&
[ "${sta_essid}" = "${config_essid}" ] && [ "${sta_bssid}" = "${config_bssid}" ]; then
f_ctrack "refresh"
- f_log "info" "uplink still in range '${config_radio}/${config_essid}/${config_bssid:-"-"}' with mac '${sta_mac:-"-"}'"
- f_vpn "enable"
+ f_vpn "enable_keep"
+ f_log "debug" "f_main-4 ::: config_radio: ${config_radio}, config_essid: ${config_essid}, config_bssid: ${config_bssid:-"-"}"
return 0
fi
- f_log "debug" "f_main-4 ::: sta_radio: ${sta_radio}, sta_essid: \"${sta_essid}\", sta_bssid: ${sta_bssid:-"-"}"
+ f_log "debug" "f_main-5 ::: sta_radio: ${sta_radio}, sta_essid: \"${sta_essid}\", sta_bssid: ${sta_bssid:-"-"}"
fi
if [ -z "${scan_list}" ]; then
scan_dev="$(ubus -S call network.wireless status 2>/dev/null | jsonfilter -q -l1 -e "@.${radio}.interfaces[0].ifname")"
awk 'BEGIN{FS="[[:space:]]"}/Address:/{var1=$NF}/ESSID:/{var2="";for(i=12;i<=NF;i++)if(var2==""){var2=$i}else{var2=var2" "$i}}
/Quality:/{split($NF,var0,"/")}/Encryption:/{if($NF=="none"){var3="+"}else{var3="-"};
printf "%i %s %s %s\n",(var0[1]*100/var0[2]),var3,var1,var2}' | sort -rn | head -qn "${trm_maxscan}")"
- f_log "debug" "f_main-5 ::: radio: ${radio}, scan_device: ${scan_dev}, scan_max: ${trm_maxscan}"
+ f_log "debug" "f_main-6 ::: radio: ${radio}, scan_device: ${scan_dev}, scan_max: ${trm_maxscan}"
if [ -z "${scan_list}" ]; then
f_log "info" "no scan results on '${radio}'"
continue 2
#
while read -r scan_quality scan_open scan_bssid scan_essid; do
if [ -n "${scan_quality}" ] && [ -n "${scan_open}" ] && [ -n "${scan_bssid}" ] && [ -n "${scan_essid}" ]; then
- f_log "debug" "f_main-6 ::: radio(sta/scan): ${sta_radio}/${radio}, essid(sta/scan): \"${sta_essid}\"/${scan_essid}, bssid(sta/scan): ${sta_bssid}/${scan_bssid}, quality(min/scan): ${trm_minquality}/${scan_quality}, open: ${scan_open}"
+ f_log "debug" "f_main-7 ::: radio(sta/scan): ${sta_radio}/${radio}, essid(sta/scan): \"${sta_essid}\"/${scan_essid}, bssid(sta/scan): ${sta_bssid}/${scan_bssid}, quality(min/scan): ${trm_minquality}/${scan_quality}, open: ${scan_open}"
if [ "${scan_quality}" -ge "${trm_minquality}" ]; then
if { { [ "${scan_essid}" = "\"${sta_essid}\"" ] && { [ -z "${sta_bssid}" ] || [ "${scan_bssid}" = "${sta_bssid}" ]; }; } ||
{ [ "${scan_bssid}" = "${sta_bssid}" ] && [ "${scan_essid}" = "unknown" ]; }; } && [ "${radio}" = "${sta_radio}" ]; then
}
vpn_status="$(ubus -S call network.interface."${vpn_iface}" status 2>/dev/null | jsonfilter -q -l1 -e '@.up')"
-case "${vpn_service}" in
- "wireguard")
- if [ "${vpn}" = "1" ] && [ "${vpn_action}" = "enable" ] && [ "${vpn_status:-"false"}" != "true" ]; then
- ubus call network.interface."${vpn_iface}" up
- elif { [ "${vpn}" = "0" ] && [ "${vpn_action}" = "enable" ]; } || [ "${vpn_action}" = "disable" ]; then
- ubus call network.interface."${vpn_iface}" down
- "${trm_logger}" -p "info" -t "trm-vpn [${$}]" "${vpn_service} client connection disabled" 2>/dev/null
- fi
- ;;
- "openvpn")
- if [ "${vpn}" = "1" ] && [ "${vpn_action}" = "enable" ] && [ "${vpn_status:-"false"}" != "true" ]; then
- ubus call network.interface."${vpn_iface}" up
- /etc/init.d/openvpn restart >/dev/null 2>&1
- elif { [ "${vpn}" = "0" ] && [ "${vpn_action}" = "enable" ]; } || [ "${vpn_action}" = "disable" ]; then
- ubus call network.interface."${vpn_iface}" down
- /etc/init.d/openvpn stop >/dev/null 2>&1
- "${trm_logger}" -p "info" -t "trm-vpn [${$}]" "${vpn_service} client connection disabled" 2>/dev/null
- fi
- ;;
-esac
-
-if [ "${vpn}" = "1" ] && [ "${vpn_action}" = "enable" ] && [ "${vpn_status:-"false"}" != "true" ]; then
+if [ "${vpn}" = "1" ] && [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" != "true" ]; then
+ if [ "${vpn_service}" = "openvpn" ] && [ -x "/etc/init.d/openvpn" ]; then
+ /etc/init.d/openvpn start
+ fi
+ ifup "${vpn_iface}"
cnt=0
while true; do
vpn_status="$(ubus -S call network.interface."${vpn_iface}" status 2>/dev/null | jsonfilter -q -l1 -e '@.up')"
fi
fi
if [ "${cnt}" -ge "$((trm_maxwait / 3))" ]; then
+ ifdown "${vpn_iface}"
+ if [ "${vpn_service}" = "openvpn" ] && [ -x "/etc/init.d/openvpn" ]; then
+ /etc/init.d/openvpn stop
+ fi
"${trm_logger}" -p "info" -t "trm-vpn [${$}]" "${vpn_service} client connection can't be established" 2>/dev/null
- ubus call network.interface."${vpn_iface}" down
exit 1
fi
sleep 1
cnt="$((cnt + 1))"
done
-fi
-if [ "${vpn}" = "1" ] && [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" = "true" ]; then
- if [ -f "/etc/init.d/sysntpd" ]; then
- /etc/init.d/sysntpd restart >/dev/null 2>&1
+elif { [ "${vpn}" != "1" ] && [ "${vpn_action}" = "enable" ]; } || [ "${vpn_action}" = "disable" ]; then
+ ifdown "${vpn_iface}"
+ if [ "${vpn_service}" = "openvpn" ] && [ -x "/etc/init.d/openvpn" ]; then
+ /etc/init.d/openvpn stop
fi
+ "${trm_logger}" -p "info" -t "trm-vpn [${$}]" "${vpn_service} client connection disabled" 2>/dev/null
fi
projects / feed / packages.git / commitdiff