eibgrad

merlin-ovpn-sync-routes.sh

Sep 25th, 2021 (edited)
1,762
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/sh
  2. #DEBUG= # uncomment/comment to enable/disable debug mode
  3.  
  4. #          name: merlin-ovpn-sync-routes.sh
  5. #       version: 2.0.0, 22-jul-2022, by eibgrad
  6. #       purpose: synchronize openvpn client and server routing tables
  7. #       type(s): openvpn-event
  8. #          href: https://tinyurl.com/2jenwbe5
  9. #  installation:
  10. #    1. enable jffs custom scripts and configs (administration->system)
  11. #    2. ssh to router and copy/paste the following command:
  12. #         curl -kLs bit.ly/merlin-installer|tr -d '\r'|sh -s kTThBV46
  13. #    3. reboot
  14.  
  15. SCRIPTS_DIR='/jffs/scripts'
  16. SCRIPT1="$SCRIPTS_DIR/merlin-ovpn-sync-routes.sh"
  17. SCRIPT2="$SCRIPTS_DIR/openvpn-event"
  18.  
  19. mkdir -p $SCRIPTS_DIR
  20.  
  21. # ---------------------- begin merlin-ovpn-sync-routes ----------------------- #
  22. cat << 'EOF' > $SCRIPT1
  23. #!/bin/sh
  24. #set -x # comment/uncomment to disable/enable debug mode
  25. {
  26. # required for serialization when reentry is possible
  27. LOCK="/tmp/var/lock/$(basename $0).lock"
  28. acquire_lock() { while ! mkdir $LOCK &>/dev/null; do sleep 2; done; }
  29. release_lock() { rmdir $LOCK &>/dev/null; }
  30.  
  31. # exit (any concurrent instance(s) may now run)
  32. exit_0() { release_lock; exit 0; }
  33.  
  34. # one instance at a time
  35. acquire_lock
  36.  
  37. # only relevant for routed (tun) openvpn server up event
  38. [[ "${dev:0:4}" == 'tun2' && "$script_type" == 'up' ]] || exit_0
  39.  
  40. # ensure every openvpn client's routing policy table ...
  41. for i in 1 2 3 4 5; do
  42.     [ "$(ip route show table ovpnc${i})" ] || continue
  43.  
  44.     # ... contains the server's ip network on the tunnel
  45.     while read route; do
  46.         ip route add $route table ovpnc${i} 2>/dev/null && routing_changed=
  47.     done << EOR
  48.     $(ip route | grep $dev)
  49. EOR
  50. done
  51.  
  52. # force routing system to recognize any changes
  53. [ ${routing_changed+x} ] && ip route flush cache
  54.  
  55. exit_0
  56. } 2>&1 | logger -t $(basename $0 .sh)[$$]
  57. EOF
  58. [ ${DEBUG+x} ] && sed -ri '2 s/^#(set -x)/\1/' $SCRIPT1
  59. chmod +x $SCRIPT1
  60. echo "installed: $SCRIPT1"
  61. # ----------------------- end merlin-ovpn-sync-routes ------------------------ #
  62.  
  63. # --------------------------- begin openvpn-event ---------------------------- #
  64. create_script() {
  65. cat << 'EOF' > $SCRIPT2
  66. #!/bin/sh
  67. #set -x # comment/uncomment to disable/enable debug mode
  68. {
  69. $SCRIPT1
  70. } 2>&1 | logger -t $(basename $0)[$$]
  71. EOF
  72. [ ${DEBUG+x} ] && sed -ri '2 s/^#(set -x)/\1/' $SCRIPT2
  73. sed "s:\$SCRIPT1:$SCRIPT1:g" -i $SCRIPT2
  74. chmod +x $SCRIPT2
  75. }
  76.  
  77. if [ -f $SCRIPT2 ]; then
  78.     echo "error: $SCRIPT2 already exists; requires manual installation"
  79. else
  80.     create_script
  81.     echo "installed: $SCRIPT2"
  82. fi
  83. # ---------------------------- end openvpn-event ----------------------------- #
Add Comment
Please, Sign In to add comment