SHARE
TWEET

ddwrt-ovpn-remote-access.sh

eibgrad Mar 11th, 2018 (edited) 410 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/sh
  2. #DEBUG=; set -x # comment/uncomment to disable/enable debug mode
  3.  
  4. #         name: ddwrt-ovpn-remote-access.sh
  5. #      version: 1.1.2, 29-jun-2019, by eibgrad
  6. #      purpose: enable remote access over wan w/ active openvpn client
  7. #  script type: startup (autostart)
  8. #  installation:
  9. #    1. enable jffs2 (administration->jffs2)
  10. #    2. enable syslogd (services->services->system log)
  11. #    3. use shell (telnet/ssh) to execute one of the following commands:
  12. #         curl -kLs bit.ly/ddwrt-installer|tr -d '\r'|sh -s gnxtZuqg startup
  13. #       or
  14. #         wget -qO - bit.ly/ddwrt-installer|tr -d '\r'|sh -s gnxtZuqg startup
  15. #    5. modify options (minimally DDNS_DOMAIN_NAMES) using vi editor:
  16. #         vi /jffs/etc/config/ddwrt-ovpn-remote-access.startup
  17. #    6. reboot
  18. #
  19. #  WARNING: this script will NOT work as intended if you use the pbr (policy
  20. #    based routing) field of the openvpn client gui, and the target of
  21. #    remote access is specified in that field, unless you also install the
  22. #    "table 10 fix" as described in the following dd-wrt bug report:
  23. #
  24. #    http://svn.dd-wrt.com/ticket/5690
  25. {
  26. # ------------------------------ BEGIN OPTIONS ------------------------------- #
  27.  
  28. # "roaming" ddns domain name(s)
  29. DDNS_DOMAIN_NAMES="
  30. myhostname.duckdns.org
  31. #myhostname2.duckdns.org
  32. #myhostname3.duckdns.org
  33. "
  34.  
  35. # time (in secs) between checks for ddns updates
  36. UPDATE_INTERVAL=300
  37.  
  38. # optional: well-known static routes
  39. STATIC_ROUTES="
  40. #171.190.59.0/24 # workplace
  41. #230.139.191.67 # vacation home
  42. #215.126.219.216 # local wifi cafe
  43. "
  44.  
  45. # optional: some servers may update faster and/or more reliably than others
  46. #DNS_SERVER=1.1.1.1 # cloudflare
  47. #DNS_SERVER=8.8.8.8 # google
  48. #DNS_SERVER=9.9.9.9 # quad9
  49.  
  50. # ------------------------------- END OPTIONS -------------------------------- #
  51.  
  52. # ---------------------- DO NOT CHANGE BELOW THIS LINE ----------------------- #
  53.  
  54. # function get_ip( domain-name [server] )
  55. get_ip() {
  56.     nslookup $1 $2 2> /dev/null | \
  57.         awk '/^Name:/,0 {if (/^Addr[^:]*: [0-9]{1,3}\./) print $3}'
  58. }
  59.  
  60. # wait for wan availability
  61. while ! ping -qc1 -w3 8.8.8.8 > /dev/null 2>&1; do sleep 10; done
  62.  
  63. # periodically update routing table
  64. while :; do
  65.     gateway_ip="$(nvram get wan_gateway)"
  66.     static_ip_list=""
  67.     curr_ddns_ip_list=""
  68.     routing_change=false
  69.  
  70.     # set internal field separator to newline
  71.     OIFS="$IFS"; IFS=$'\n'
  72.  
  73.     # add well-known static route(s)
  74.     for ip in $STATIC_ROUTES; do
  75.         # skip comments and blank lines
  76.         echo $ip | grep -Eq '^[[:space:]]*(#|$)' && continue
  77.  
  78.         # isolate ip address (treat the rest as comments)
  79.         ip="$(echo $ip | awk '{print $1}')"
  80.  
  81.         # track static ips
  82.         static_ip_list="$ip $static_ip_list"
  83.  
  84.         if ! ip route | grep -q "^$ip "; then
  85.             if ip route add $ip via $gateway_ip; then
  86.                 routing_change=true
  87.                 echo "info: route added: $ip"
  88.             fi
  89.         fi
  90.     done
  91.  
  92.     # add current ddns static route(s)
  93.     for dom in $DDNS_DOMAIN_NAMES; do
  94.         # skip comments and blank lines
  95.         echo $dom | grep -Eq '^[[:space:]]*(#|$)' && continue
  96.  
  97.         # determine public ip (if any) bound to domain name
  98.         ip="$(get_ip $dom $(echo $DNS_SERVER | awk '{print $1}'))"
  99.  
  100.         [ $ip ] || { echo "error: cannot resolve $dom"; continue; }
  101.  
  102.         # skip duplicates
  103.         echo "$curr_ddns_ip_list" | grep -q "$ip " && continue
  104.  
  105.         # track ddns ips
  106.         curr_ddns_ip_list="$ip $curr_ddns_ip_list"
  107.  
  108.         if ! ip route | grep -q "^$ip "; then
  109.             if ip route add $ip via $gateway_ip; then
  110.                 routing_change=true
  111.                 echo "info: route added: $ip"
  112.             fi
  113.         fi
  114.     done
  115.  
  116.     # reset internal field separator
  117.     IFS="$OIFS"
  118.  
  119.     # delete previous ddns static route(s)
  120.     for ip in $prev_ddns_ip_list; do
  121.         if ! echo "$static_ip_list" | grep -q "$ip "; then
  122.             if ! echo "$curr_ddns_ip_list" | grep -q "$ip "; then
  123.                 if ip route | grep -q "^$ip "; then
  124.                     if ip route del $ip via $gateway_ip; then
  125.                         routing_change=true
  126.                         echo "info: route deleted: $ip"
  127.                     fi
  128.                 fi
  129.             fi
  130.         fi
  131.     done
  132.  
  133.     # force routing system to recognize changes
  134.     [[ $routing_change == true ]] && ip route flush cache
  135.  
  136.     # save current ddns ips
  137.     prev_ddns_ip_list="$curr_ddns_ip_list"
  138.  
  139.     # wait awhile and repeat
  140.     sleep $UPDATE_INTERVAL
  141. done
  142.  
  143. } 2>&1 | logger $([ ${DEBUG+x} ] && echo "-p user.debug") \
  144.     -t $(echo $(basename $0) | grep -Eo '^.{0,23}')[$$] &
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top