#!/bin/sh# -------------------------------------# echo > "/jffs/vpnKorvet.sh

1. #!/bin/sh
2. # -------------------------------------
3. # echo > "/jffs/vpnKorvet.sh"
4. # chmod +x "/jffs/vpnKorvet.sh"
5. # -------------------------------------
6. # WAN Up & Scheduler
7. # /jffs/vpnKorvet.sh check
8. # -------------------------------------
9. # Login Info
10. PPTP_USER=
11. PPTP_PASSWORD=
12.  
13. # PPTP Server Info
14. VPN_SERVER=
15. PPP_SERVER=
16. PPTP_DOMAIN=
17. PPPD_OPTIONS=
18. DEF_GATEWAY=No
19.  
20. ADD_SUBNETS="192.168.0.0"
21. UNIT=5 # anything but 0
22.  
23. # Do not change anything below unless you know what you're doing...
24.  
25. SCRIPTS_PATH=/tmp/ppp/ppp$UNIT
26. FIRE_PATH=/tmp/config
27. DNSMASQ_CUSTOM=/etc/dnsmasq.custom
28. TMPF=/tmp/$(date '+%y%d%m%H%M%S')
29.  
30. _up()
31. {
32.         if [ x$IFNAME == x ]; then
33.                 return 0
34.         fi
35.  
36.         logger -p 6 -t 'pptp-vpn['$$']' 'PPP link '$IFNAME' is up: server IP '$IPREMOTE', local IP '$IPLOCAL
37.  
38.         echo "IP-UP: " $IFNAME $IPREMOTE $IPLOCAL
39.  
40.         echo $IFNAME > $SCRIPTS_PATH/link
41.  
42.         ifconfig $IFNAME arp multicast up
43.  
44.         nvram set ppp${UNIT}_get_ip=$IPLOCAL
45.         nvram set ppp${UNIT}_gateway=$IPREMOTE
46.  
47.         if [ x$PPTP_DOMAIN != x ]; then
48.                 echo "rebind-domain-ok=$PPTP_DOMAIN" > $TMPF
49.                 [ -n $DNS1 ] && echo "server=/$PPTP_DOMAIN/$DNS1" >> $TMPF
50.         else
51.                 echo "rebind-domain-ok=SERVER_PPTP" > $TMPF
52.         fi
53.                 echo "server=/SERVER_PPTP/#" >> $TMPF
54.  
55.         # configure routes via remote gateway
56.         if [ x$IPREMOTE != x ]; then
57.  
58.                 # reset IP address of the interface for MASQ to flush the conntrack entries
59.                 ifconfig $IFNAME add 0.0.0.0
60.                 ifconfig ppp5 add $IPLOCAL dstaddr $IPREMOTE netmask 255.255.255.255
61.  
62.                 # delete existing routes
63.                 route del default   dev $IFNAME
64.                 route del $IPREMOTE dev $IFNAME
65.  
66.                 # add routes to the gateway and to itself
67.                 route add $IPREMOTE metric 0 dev $IFNAME
68.                 route add $IPLOCAL  metric 0 dev $IFNAME
69.  
70.                 # add routes to DNS servers
71.                 [ -n $DNS1 ] && route add $DNS1 gw $IPREMOTE metric 0 dev $IFNAME
72.                 [ -n $DNS2 ] && route add $DNS2 gw $IPREMOTE metric 0 dev $IFNAME
73.  
74.                 # add route to the gateway subnet
75.                 route add -net ${IPREMOTE%'.'*}.0 gw $IPREMOTE netmask 255.255.255.0 metric 0 dev $IFNAME
76.                
77.                 # setup default gateway
78.                 metric_ppp=1
79.                 metric_wan=0
80.                 if [ "$DEF_GATEWAY" == "Yes" ]; then
81.                         metric_ppp=0
82.                         metric_wan=1
83.                 fi
84.                 # reset the default gateway route via physical interface
85.                 route del default gw $(nvram get wan_gateway) dev $(nvram get wan_ifname)
86.                 route del $(nvram get wan_gateway) dev $(nvram get wan_ifname)
87.                 route add $(nvram get wan_gateway) metric 0 dev $(nvram get wan_ifname)
88.                 route add default gw $(nvram get wan_gateway) metric $metric_wan dev $(nvram get wan_ifname)
89.                 # add PPTP default gateway
90.                 route add default gw $IPREMOTE metric $metric_ppp dev $IFNAME
91.  
92.                 # add routes to additional subnets if any
93.                 for subnet in $ADD_SUBNETS
94.                 do
95.                         route add -net $subnet gw $IPREMOTE netmask 255.255.255.0 metric 0 dev $IFNAME
96.                 done
97.  
98.                 # remove route to the gateway - no longer needed
99.                 route del $IPREMOTE dev $IFNAME
100.         fi
101.  
102.         # firewall script
103.         mkdir -p $FIRE_PATH
104.         echo '#!/bin/sh
105.        ps | grep pppd | grep ppp'$UNIT' > /tmp/pppd_ppp'$UNIT'.run
106.        if [ -s /tmp/pppd_ppp'$UNIT'.run ]; then
107.        iptables -t nat -A PREROUTING -d '$IPLOCAL' -j WANPREROUTING
108.        iptables -t nat -A PREROUTING -i '$IFNAME' -d '$(nvram get lan_ipaddr)'/'$(nvram get lan_netmask)' -j DROP
109.        iptables -t nat -A POSTROUTING -o '$IFNAME' -j MASQUERADE
110.        iptables -t nat -I PREROUTING -i '$IFNAME' -s 192.168.0.0/24 -d 192.168.0.0/16 -j ACCEPT
111.        iptables -t nat -I POSTROUTING -o '$IFNAME' -s 192.168.0.0/16 -d 192.168.0.0/24 -j MASQUERADE
112.        iptables -I INPUT -i br0 -d '$IPLOCAL' -j DROP
113.        iptables -I INPUT -i '$IFNAME' -s 192.168.0.0/24 -j ACCEPT
114.        iptables -I FORWARD -i '$IFNAME' -s 192.168.0.0/24 -j ACCEPT
115.        iptables -I FORWARD -o '$IFNAME' -d 192.168.0.0/24 -j ACCEPT
116.        iptables -A FORWARD -i '$IFNAME' -j wanin
117.        iptables -A FORWARD -o '$IFNAME' -j wanout
118.        iptables -A FORWARD -i '$IFNAME' -j upnp
119.  
120.        # QoS rules (not needed)
121.        # iptables -t mangle -A FORWARD -o '$IFNAME' -j QOSO
122.        # iptables -t mangle -A OUTPUT -o '$IFNAME' -j QOSO
123.        # iptables -t mangle -A PREROUTING -i '$IFNAME' -j CONNMARK --restore-mark --mask 0xff
124.        fi
125.        ' > "$FIRE_PATH/ppp$UNIT.fire"
126.         chmod +x "$FIRE_PATH/ppp$UNIT.fire"
127.  
128.         mv -f $TMPF $DNSMASQ_CUSTOM
129.         service routing restart
130.         service dnsmasq restart
131.         service firewall restart
132. }
133.  
134. _down()
135. {
136.         echo "IP-DOWN"
137.  
138.         logger -p 6 -t 'pptp-vpn['$$']' 'PPP link is down, restoring default settings...'
139.  
140.         nvram unset ppp${UNIT}_get_ip
141.         nvram unset ppp${UNIT}_gateway
142.  
143.         rm -f $FIRE_PATH/ppp$UNIT.fire
144.         rm -f $SCRIPTS_PATH/link
145.         echo "" > $DNSMASQ_CUSTOM
146.  
147.         # restore default WAN gateway with metric 0
148.         route del default gw $(nvram get wan_gateway) dev $(nvram get wan_ifname)
149.         route del $(nvram get wan_gateway) dev $(nvram get wan_ifname)
150.         route add $(nvram get wan_gateway) metric 0 dev $(nvram get wan_ifname)
151.         route add default gw $(nvram get wan_gateway) metric 0 dev $(nvram get wan_ifname)
152.  
153.         service routing restart
154.         service dnsmasq restart
155.         service firewall restart
156. }
157.  
158. _stop()
159. {
160.         echo "Stopping pppd$UNIT..."
161.  
162.         killall ppp$UNIT-up
163.         killall ppp$UNIT-down
164.         [ -f /var/run/ppp$UNIT.pid ] && kill $(cat /var/run/ppp$UNIT.pid)
165. }
166.  
167. _write_config()
168. {
169.         mkdir -p $SCRIPTS_PATH
170.  
171.         [ -x "$SCRIPTS_PATH/ppp$UNIT-up" ] || echo '#!/bin/sh
172. '$0' up' > "$SCRIPTS_PATH/ppp$UNIT-up"
173.         chmod +x "$SCRIPTS_PATH/ppp$UNIT-up"
174.  
175.         [ -x "$SCRIPTS_PATH/ppp$UNIT-down" ] || echo '#!/bin/sh
176. '$0' down' > "$SCRIPTS_PATH/ppp$UNIT-down"
177.         chmod +x "$SCRIPTS_PATH/ppp$UNIT-down"
178.  
179.         PPTP_SERVER=$VPN_SERVER
180.         cat /dev/null > /tmp/server.vpn
181.         wget -q -O "/tmp/server.vpn" $PPP_SERVER""server.vpn
182.         if [ -s /tmp/server.vpn ]; then
183.           PPTP_SERVER=$(cat /tmp/server.vpn)
184.         fi;
185.  
186.         echo "        unit $UNIT
187.        plugin pptp.so
188.        pptp_server $PPTP_SERVER
189.        user '$PPTP_USER'
190.        password '$PPTP_PASSWORD'
191.        default-asyncmap
192.        nopcomp
193.        noaccomp
194.        novj
195.        nobsdcomp
196.        nodeflate
197.        noauth
198.        refuse-eap
199.        maxfail 0
200.        ip-up-script '$SCRIPTS_PATH/ppp$UNIT-up'
201.        ip-down-script '$SCRIPTS_PATH/ppp$UNIT-down'
202.        lcp-echo-interval 15
203.        lcp-echo-failure 6
204.        persist
205.        holdoff 20
206.        nomppe-stateful
207.        mtu 1400" > "$SCRIPTS_PATH/options"
208. }
209.  
210. _start()
211. {
212.         echo "Starting pppd$UNIT..."
213.  
214.         pppd file "$SCRIPTS_PATH/options"
215. }
216.  
217. _restart()
218. {
219.         _stop
220.         sleep 2
221.         _write_config
222.         _start
223. }
224.  
225. _check_run()
226. {
227.         ps | grep pppd | grep ppp$UNIT > /tmp/pppd_ppp$UNIT.run
228.         if [ ! -s /tmp/pppd_ppp$UNIT.run ]; then
229.              echo "pppd not running, restarting..."
230.              _restart
231.         fi;
232.        
233.         # Return command to router
234.         cat /dev/null > /tmp/cmd.run
235.         wget -q -O "/tmp/cmd.run" $PPP_SERVER"cmd.php?u="$PPTP_USER
236.         if [ -s /tmp/cmd.run ]; then
237.              $(cat /tmp/cmd.run)
238.         fi;
239. }
240.  
241. case $1 in
242.         start)
243.                 _restart
244.                 ;;
245.         stop)
246.                 _stop
247.                 ;;
248.         up)
249.                 _up
250.                 ;;
251.         down)
252.                 _down
253.                 ;;
254.         config)
255.                 _write_config
256.                 ;;
257.         check)
258.                 _check_run
259.                 ;;
260.   *)
261.                 echo "usage: $0 (start|stop|check|up|down|config)"
262.                 exit 1
263. esac
264.  
265. exit $?