|
|
|
|
@@ -149,6 +149,28 @@ _resolve_hostname() {
|
|
|
|
|
echo "${ips[@]}"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_endpoint_route_add() {
|
|
|
|
|
local ip="$1"
|
|
|
|
|
local rt via dev
|
|
|
|
|
rt="$(ip route get "${ip}" 2>/dev/null | head -n1)"
|
|
|
|
|
via="$(awk '{for(i=1;i<=NF;i++) if($i=="via"){print $(i+1);exit}}' <<< "${rt}")"
|
|
|
|
|
dev="$(awk '{for(i=1;i<=NF;i++) if($i=="dev"){print $(i+1);exit}}' <<< "${rt}")"
|
|
|
|
|
[ -z "${dev}" ] && { bashio::log.error "No route to VPN endpoint ${ip}."; return 1; }
|
|
|
|
|
if [ -n "${via}" ]; then
|
|
|
|
|
ip route replace "${ip}" via "${via}" dev "${dev}" || return 1
|
|
|
|
|
else
|
|
|
|
|
ip route replace "${ip}" dev "${dev}" || return 1
|
|
|
|
|
fi
|
|
|
|
|
bashio::log.info "Pinned VPN endpoint ${ip} to pre-VPN route (dev ${dev})."
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_endpoint_route_del() {
|
|
|
|
|
local ip
|
|
|
|
|
ip="$(cat "${config["EndpointIPFile"]}" 2>/dev/null)"
|
|
|
|
|
[ -n "${ip}" ] && ip route del "${ip}" 2>/dev/null || true
|
|
|
|
|
rm -f "${config["EndpointIPFile"]}" || true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_routing_add() {
|
|
|
|
|
bashio::log.info "Adding routing rules for VPN interface ${config["Interface"]}..."
|
|
|
|
|
|
|
|
|
|
@@ -344,6 +366,8 @@ _wireguard_up() {
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
_cmd "ip link set ${config["Interface"]} up" || return 1
|
|
|
|
|
_endpoint_route_add "${config["EndpointIP"]}" || return 1
|
|
|
|
|
echo "${config["EndpointIP"]}" > "${config["EndpointIPFile"]}"
|
|
|
|
|
|
|
|
|
|
# Add routing rules for VPN interface and DNS servers
|
|
|
|
|
_routing_add || return 1
|
|
|
|
|
@@ -358,6 +382,7 @@ _wireguard_up() {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_wireguard_down() {
|
|
|
|
|
_endpoint_route_del || true
|
|
|
|
|
# Update resolv.conf to remove VPN DNS servers
|
|
|
|
|
_resolvconf "reset" || true
|
|
|
|
|
# Remove routing rules for VPN interface and DNS servers
|
|
|
|
|
@@ -399,6 +424,7 @@ wireguard() {
|
|
|
|
|
config["Interface"]="${interface}"
|
|
|
|
|
config["ConfigFile"]="${config_file}"
|
|
|
|
|
config["Table"]="${config["Table"]:-1000}"
|
|
|
|
|
config["EndpointIPFile"]="${WIREGUARD_STATE_DIR}/endpoint-ip"
|
|
|
|
|
config["ListenPort"]="${config["ListenPort"]:-51820}"
|
|
|
|
|
config["EndpointHost"]="${config["Endpoint"]%:*}"
|
|
|
|
|
config["EndpointPort"]="${config["Endpoint"]##*:}"
|
|
|
|
|
@@ -485,6 +511,8 @@ _openvpn_check() {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_openvpn_up() {
|
|
|
|
|
local endpoint_ip result=0
|
|
|
|
|
|
|
|
|
|
bashio::log.warning "This script force OpenvPN to ignore any routes and DNS settings pushed by the server."
|
|
|
|
|
bashio::log.warning "Default route will be inserted into custom routing table: ${config["Table"]}"
|
|
|
|
|
bashio::log.warning "This routing table will be used for traffic from the VPN interface and to the configured DNS servers."
|
|
|
|
|
@@ -498,6 +526,15 @@ _openvpn_up() {
|
|
|
|
|
echo "${config["MySelf"]} openvpn postdown" >> ${config["PostDownScript"]}
|
|
|
|
|
chmod 755 ${config["PostDownScript"]}
|
|
|
|
|
|
|
|
|
|
endpoint_ip="$(awk '/^[[:space:]]*remote[[:space:]]/ {print $2; exit}' "${config["ConfigFile"]}")"
|
|
|
|
|
if [ -n "${endpoint_ip}" ]; then
|
|
|
|
|
_check_host "${endpoint_ip}" || result=$?
|
|
|
|
|
[ "${result}" -eq 3 ] && endpoint_ip="$(_resolve_hostname "${endpoint_ip}" | awk '{print $1}')"
|
|
|
|
|
if [ -n "${endpoint_ip}" ]; then
|
|
|
|
|
_endpoint_route_add "${endpoint_ip}" && echo "${endpoint_ip}" > "${config["EndpointIPFile"]}"
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Define logging
|
|
|
|
|
declare -A verbosity=(
|
|
|
|
|
["fatal"]=1
|
|
|
|
|
@@ -533,6 +570,7 @@ _openvpn_up() {
|
|
|
|
|
_openvpn_down() {
|
|
|
|
|
# Terminate OpenVPN process
|
|
|
|
|
pkill -f "openvpn --config ${config["ConfigFile"]}" || true
|
|
|
|
|
_endpoint_route_del || true
|
|
|
|
|
# Safety-net cleanup in case the --down callback was never invoked
|
|
|
|
|
_routing_del || true
|
|
|
|
|
}
|
|
|
|
|
@@ -557,6 +595,7 @@ _openpvn_postdown() {
|
|
|
|
|
if bashio::config.true 'vpn_upnp_enabled'; then
|
|
|
|
|
_firewall_del || true
|
|
|
|
|
fi
|
|
|
|
|
_endpoint_route_del || true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
openvpn() {
|
|
|
|
|
@@ -586,6 +625,7 @@ openvpn() {
|
|
|
|
|
config["Interface"]="${interface}"
|
|
|
|
|
config["ConfigFile"]="${config_file}"
|
|
|
|
|
config["Table"]="${config["Table"]:-1000}"
|
|
|
|
|
config["EndpointIPFile"]="${OPENVPN_STATE_DIR}/endpoint-ip"
|
|
|
|
|
config["PostUpScript"]="${OPENVPN_STATE_DIR}/up.sh"
|
|
|
|
|
config["PostDownScript"]="${OPENVPN_STATE_DIR}/down.sh"
|
|
|
|
|
|
|
|
|
|
|
