You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
172 lines
4.4 KiB
Bash
172 lines
4.4 KiB
Bash
#!/bin/bash /etc/rc.common
|
|
# TorGuard OpenVPN init script
|
|
|
|
START=10
|
|
STOP=15
|
|
|
|
USE_PROCD=1
|
|
|
|
NAME=tgopenvpn
|
|
|
|
stop_service() {
|
|
procd_kill openvpn
|
|
rm /etc/openvpn/torguard/userpass.txt
|
|
rm /etc/openvpn/client.conf
|
|
|
|
# Check if 'lan' to 'wan' forwarding exists
|
|
lan_wan_exists=0
|
|
lan_ovpn_indexes=()
|
|
forwarding_indexes=$(uci show firewall | awk -F'[][]' '/@forwarding/{print $2}')
|
|
|
|
for index in $forwarding_indexes; do
|
|
src=$(uci get firewall.@forwarding[$index].src)
|
|
dest=$(uci get firewall.@forwarding[$index].dest)
|
|
|
|
if [[ "$src" == "lan" && "$dest" == "wan" ]]; then
|
|
lan_wan_exists=1
|
|
elif [[ "$src" == "lan" && "$dest" == "ovpn" ]]; then
|
|
lan_ovpn_indexes+=($index)
|
|
fi
|
|
done
|
|
|
|
# If 'lan' to 'wan' forwarding doesn't exist, add it
|
|
if [[ "$lan_wan_exists" -eq "0" ]]; then
|
|
uci add firewall forwarding
|
|
uci set firewall.@forwarding[-1].src="lan"
|
|
uci set firewall.@forwarding[-1].dest="wan"
|
|
uci commit firewall
|
|
/etc/init.d/firewall reload
|
|
fi
|
|
|
|
# Delete 'lan' to 'ovpn' forwarding
|
|
for index in ${lan_ovpn_indexes[@]}; do
|
|
uci delete firewall.@forwarding[$index]
|
|
done
|
|
uci commit firewall
|
|
/etc/init.d/firewall reload
|
|
}
|
|
|
|
start_service() {
|
|
config_load tgopenvpn_cfg
|
|
|
|
local server
|
|
local dedicated
|
|
local dediserver
|
|
local protocol
|
|
local port
|
|
local cipher
|
|
local username
|
|
local password
|
|
local auth
|
|
|
|
config_get server settings server
|
|
config_get dedicated settings dedicated
|
|
config_get dediserver settings dediserver
|
|
config_get protocol settings protocol
|
|
config_get port settings port
|
|
config_get cipher settings cipher
|
|
config_get username settings username
|
|
config_get password settings password
|
|
|
|
if [ "$dedicated" = "YES" ]; then
|
|
vpnserver=$dediserver
|
|
else
|
|
vpnserver=$server
|
|
fi
|
|
|
|
# Add the OpenVPN interface
|
|
uci -q delete network.ovpn
|
|
uci set network.ovpn="interface"
|
|
uci set network.ovpn.proto="none"
|
|
uci set network.ovpn.device="tun0"
|
|
uci commit network
|
|
/etc/init.d/network reload
|
|
|
|
# Add the 'ovpn' network to the 'wan' firewall zone
|
|
uci rename firewall.@zone[0]="lan"
|
|
uci rename firewall.@zone[1]="wan"
|
|
uci del_list firewall.wan.device="tun+"
|
|
uci add_list firewall.wan.device="tun+"
|
|
uci -q delete firewall.ovpn
|
|
uci set firewall.ovpn="zone"
|
|
uci set firewall.ovpn.output="ACCEPT"
|
|
uci set firewall.ovpn.forward="REJECT"
|
|
uci set firewall.ovpn.input="REJECT"
|
|
uci set firewall.ovpn.masq="1"
|
|
uci set firewall.ovpn.name="ovpn"
|
|
uci add_list firewall.ovpn.network="ovpn"
|
|
uci commit firewall
|
|
|
|
# Check if 'lan' to 'ovpn' forwarding exists
|
|
lan_ovpn_exists=0
|
|
forwarding_indexes=$(uci show firewall | awk -F'[][]' '/@forwarding/{print $2}')
|
|
|
|
for index in $forwarding_indexes; do
|
|
src=$(uci get firewall.@forwarding[$index].src)
|
|
dest=$(uci get firewall.@forwarding[$index].dest)
|
|
|
|
if [[ "$src" == "lan" && "$dest" == "ovpn" ]]; then
|
|
lan_ovpn_exists=1
|
|
fi
|
|
done
|
|
|
|
# If 'lan' to 'ovpn' forwarding doesn't exist, add it
|
|
if [[ "$lan_ovpn_exists" -eq "0" ]]; then
|
|
uci add firewall forwarding
|
|
uci set firewall.@forwarding[-1].src="lan"
|
|
uci set firewall.@forwarding[-1].dest="ovpn"
|
|
uci commit firewall
|
|
/etc/init.d/firewall reload
|
|
fi
|
|
|
|
/etc/init.d/firewall reload
|
|
reload_config
|
|
|
|
IFS='|' read -r portnumber auth <<< "$port"
|
|
|
|
if [ ! -f /etc/openvpn/torguard/userpass.txt ]; then
|
|
umask go=
|
|
cat << EOF > /etc/openvpn/torguard/userpass.txt
|
|
$username
|
|
$password
|
|
EOF
|
|
fi
|
|
|
|
chmod 600 /etc/openvpn/torguard/userpass.txt
|
|
|
|
if [ ! -f /etc/openvpn/client.conf ]; then
|
|
umask go=
|
|
cat << EOF > /etc/openvpn/client.conf
|
|
client
|
|
dev tun
|
|
proto $protocol
|
|
resolv-retry infinite
|
|
nobind
|
|
persist-key
|
|
persist-tun
|
|
ca /etc/openvpn/torguard/ca.crt
|
|
remote-cert-tls server
|
|
tls-auth /etc/openvpn/torguard/ta.key 1
|
|
cipher $cipher
|
|
comp-lzo
|
|
verb 3
|
|
fast-io
|
|
auth-user-pass /etc/openvpn/torguard/userpass.txt
|
|
remote-random
|
|
auth $auth
|
|
reneg-sec 0
|
|
remote $vpnserver $portnumber
|
|
sndbuf 393216
|
|
rcvbuf 393216
|
|
log /tmp/openvpn.log
|
|
EOF
|
|
fi
|
|
|
|
procd_open_instance
|
|
procd_set_param command /usr/sbin/openvpn --config /etc/openvpn/client.conf
|
|
procd_set_param file /etc/openvpn/client.conf
|
|
procd_set_param stdout 1
|
|
procd_set_param stderr 1
|
|
procd_close_instance
|
|
}
|