#!/bin/sh# Login InfoPPTP_USER=<vpn_user_name>PPTP_PASSWORD=<vpn_passwor

1. #!/bin/sh
2.  
3. # Login Info
4. PPTP_USER=<vpn_user_name>
5. PPTP_PASSWORD=<vpn_password>
6.  
7. # PPTP Server Info
8. PPTP_DOMAIN=<vpn_domain>
9. PPTP_SERVER=<vpn_server_name_or_ip>
10. PPPD_OPTIONS=
11. DEF_GATEWAY=No
12.  
13. ADD_SUBNETS=<vpn_extra_subnets_space_delimited_and_quoted>
14.         # for example, "192.168.100.0 192.168.101.0"
15.         # this is needed if you're not using default
16.         # gateway from VPN network,
17.         # and your VPN network has multiple subnets.
18.  
19. UNIT=5 # anything but 0
20.  
21. # Do not change anything below unless you know what you're doing...
22.  
23. SCRIPTS_PATH=/tmp/ppp/ppp$UNIT
24. FIRE_PATH=/tmp/config
25. DNSMASQ_CUSTOM=/etc/dnsmasq.custom
26. TMPF=/tmp/$(date '+%y%d%m%H%M%S')
27.  
28. _up()
29. {
30.     if [ x$IFNAME == x ]; then
31.         return 0
32.     fi
33.  
34.     logger -p 6 -t 'pptp-vpn['$$']' 'PPP link '$IFNAME' is up: server IP '$IPREMOTE', local IP '$IPLOCAL
35.  
36.     echo "IP-UP: " $IFNAME $IPREMOTE $IPLOCAL
37.  
38.     echo $IFNAME > $SCRIPTS_PATH/link
39.  
40.     ifconfig $IFNAME arp multicast up
41.  
42.     nvram set ppp${UNIT}_get_ip=$IPLOCAL
43.     nvram set ppp${UNIT}_gateway=$IPREMOTE
44.  
45.     if [ x$PPTP_DOMAIN != x ]; then
46.         echo "rebind-domain-ok=$PPTP_DOMAIN" > $TMPF
47.         [ -n $DNS1 ] && echo "server=/$PPTP_DOMAIN/$DNS1" >> $TMPF
48.     else
49.         echo "rebind-domain-ok=$PPTP_SERVER" > $TMPF
50.     fi
51.     echo "server=/$PPTP_SERVER/#" >> $TMPF
52.  
53.     # configure routes via remote gateway
54.     if [ x$IPREMOTE != x ]; then
55.  
56.         # reset IP address of the interface for MASQ to flush the conntrack entries
57.         ifconfig $IFNAME add 0.0.0.0
58.         ifconfig ppp5 add $IPLOCAL dstaddr $IPREMOTE netmask 255.255.255.255
59.  
60.         # delete existing routes
61.         route del default   dev $IFNAME
62.         route del $IPREMOTE dev $IFNAME
63.  
64.         # add routes to the gateway and to itself
65.         route add $IPREMOTE metric 0 dev $IFNAME
66.         route add $IPLOCAL  metric 0 dev $IFNAME
67.  
68.         # add routes to DNS servers
69.         [ -n $DNS1 ] && route add $DNS1 gw $IPREMOTE metric 0 dev $IFNAME
70.         [ -n $DNS2 ] && route add $DNS2 gw $IPREMOTE metric 0 dev $IFNAME
71.  
72.         # add route to the gateway subnet
73.         route add -net ${IPREMOTE%'.'*}.0 gw $IPREMOTE netmask 255.255.255.0 metric 0 dev $IFNAME
74.        
75.         # setup default gateway
76.         metric_ppp=1
77.         metric_wan=0
78.         if [ "$DEF_GATEWAY" == "Yes" ]; then
79.             metric_ppp=0
80.             metric_wan=1
81.         fi
82.         # reset the default gateway route via physical interface
83.         route del default gw $(nvram get wan_gateway) dev $(nvram get wan_ifname)
84.         route del $(nvram get wan_gateway) dev $(nvram get wan_ifname)
85.         route add $(nvram get wan_gateway) metric 0 dev $(nvram get wan_ifname)
86.         route add default gw $(nvram get wan_gateway) metric $metric_wan dev $(nvram get wan_ifname)
87.         # add PPTP default gateway
88.         route add default gw $IPREMOTE metric $metric_ppp dev $IFNAME
89.  
90.         # add routes to additional subnets if any
91.         for subnet in $ADD_SUBNETS
92.         do
93.             route add -net $subnet gw $IPREMOTE netmask 255.255.255.0 metric 0 dev $IFNAME
94.         done
95.  
96.         # remove route to the gateway - no longer needed
97.         route del $IPREMOTE dev $IFNAME
98.     fi
99.  
100.     # firewall script
101.     mkdir -p $FIRE_PATH
102.     echo '#!/bin/sh
103.     if [ -f /var/run/ppp'$UNIT'.pid ] && [ -n $(cat /var/run/ppp'$UNIT'.pid) ]; then
104.     iptables -t nat -A PREROUTING -d '$IPLOCAL' -j WANPREROUTING
105.     iptables -t nat -A PREROUTING -i '$IFNAME' -d '$(nvram get lan_ipaddr)'/'$(nvram get lan_netmask)' -j DROP
106.     iptables -t nat -A POSTROUTING -o '$IFNAME' -j MASQUERADE
107.     iptables -I INPUT -i br0 -d '$IPLOCAL' -j DROP
108.     iptables -A FORWARD -i '$IFNAME' -j wanin
109.     iptables -A FORWARD -o '$IFNAME' -j wanout
110.     iptables -A FORWARD -i '$IFNAME' -j upnp
111.  
112.     # QoS rules (not needed)
113.     # iptables -t mangle -A FORWARD -o '$IFNAME' -j QOSO
114.     # iptables -t mangle -A OUTPUT -o '$IFNAME' -j QOSO
115.     # iptables -t mangle -A PREROUTING -i '$IFNAME' -j CONNMARK --restore-mark --mask 0xff
116.     fi
117.     ' > "$FIRE_PATH/ppp$UNIT.fire"
118.     chmod +x "$FIRE_PATH/ppp$UNIT.fire"
119.  
120.     mv -f $TMPF $DNSMASQ_CUSTOM
121.     service routing restart
122.     service dnsmasq restart
123.     service firewall restart
124. }
125.  
126. _down()
127. {
128.     echo "IP-DOWN"
129.  
130.     logger -p 6 -t 'pptp-vpn['$$']' 'PPP link is down, restoring default settings...'
131.  
132.     nvram unset ppp${UNIT}_get_ip
133.     nvram unset ppp${UNIT}_gateway
134.  
135.     rm -f $FIRE_PATH/ppp$UNIT.fire
136.     rm -f $SCRIPTS_PATH/link
137.     echo "" > $DNSMASQ_CUSTOM
138.  
139.     # restore default WAN gateway with metric 0
140.     route del default gw $(nvram get wan_gateway) dev $(nvram get wan_ifname)
141.     route del $(nvram get wan_gateway) dev $(nvram get wan_ifname)
142.     route add $(nvram get wan_gateway) metric 0 dev $(nvram get wan_ifname)
143.     route add default gw $(nvram get wan_gateway) metric 0 dev $(nvram get wan_ifname)
144.  
145.     service routing restart
146.     service dnsmasq restart
147.     service firewall restart
148. }
149.  
150. _stop()
151. {
152.     echo "Stopping pppd$UNIT..."
153.  
154.     killall ppp$UNIT-up
155.     killall ppp$UNIT-down
156.     [ -f /var/run/ppp$UNIT.pid ] && kill $(cat /var/run/ppp$UNIT.pid)
157. }
158.  
159. _write_config()
160. {
161.     mkdir -p $SCRIPTS_PATH
162.  
163.     [ -x "$SCRIPTS_PATH/ppp$UNIT-up" ] || echo '#!/bin/sh
164. '$0' up' > "$SCRIPTS_PATH/ppp$UNIT-up"
165.     chmod +x "$SCRIPTS_PATH/ppp$UNIT-up"
166.  
167.     [ -x "$SCRIPTS_PATH/ppp$UNIT-down" ] || echo '#!/bin/sh
168. '$0' down' > "$SCRIPTS_PATH/ppp$UNIT-down"
169.     chmod +x "$SCRIPTS_PATH/ppp$UNIT-down"
170.  
171.     echo "  unit $UNIT
172.     usepeerdns
173.     plugin pptp.so
174.     pptp_server $PPTP_SERVER
175.     user '$PPTP_USER'
176.     password '$PPTP_PASSWORD'
177.     default-asyncmap
178.     nopcomp
179.     noaccomp
180.     novj
181.     nobsdcomp
182.     nodeflate
183.     noauth
184.     refuse-eap
185.     maxfail 0
186.     ip-up-script '$SCRIPTS_PATH/ppp$UNIT-up'
187.     ip-down-script '$SCRIPTS_PATH/ppp$UNIT-down'
188.     lcp-echo-interval 15
189.     lcp-echo-failure 6
190.     lcp-echo-adaptive
191.     persist
192.     holdoff 20
193.     nomppe-stateful
194.     mtu 1400" > "$SCRIPTS_PATH/options"
195. }
196.  
197. _start()
198. {
199.     echo "Starting pppd$UNIT..."
200.  
201.     pppd file "$SCRIPTS_PATH/options"
202. }
203.  
204. _restart()
205. {
206.     _stop
207.     sleep 2
208.     _write_config
209.     _start
210. }
211.  
212. _check_run()
213. {
214.     if [ ! -f /proc/$(cat /var/run/ppp$UNIT.pid)/exe ]; then
215.         echo "pppd not running, restarting..."
216.         _restart
217.     else
218.         ifconfig ppp${UNIT} 2>&1 > /dev/null
219.         if [ $? -eq 1 ]; then
220.             echo "pppd$UNIT down, restarting..."
221.             _restart
222.         fi
223.     fi
224. }
225.  
226. case $1 in
227.     start)
228.         _restart
229.         ;;
230.     stop)
231.         _stop
232.         ;;
233.     up)
234.         _up
235.         ;;
236.     down)
237.         _down
238.         ;;
239.     config)
240.         _write_config
241.         ;;
242.     check)
243.         _check_run
244.         ;;
245.   *)
246.         echo "usage: $0 (start|stop|check|up|down|config)"
247.         exit 1
248. esac
249.  
250. exit $?