From dc0b1a766f23c0880d502ae66ab885606203281e Mon Sep 17 00:00:00 2001 From: "Ycarus (Yannick Chabanois)" Date: Thu, 25 Mar 2021 16:37:19 +0100 Subject: [PATCH] Fix GRE tunnel --- .../files/etc/init.d/openmptcprouter-vps | 23 ++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/openmptcprouter/files/etc/init.d/openmptcprouter-vps b/openmptcprouter/files/etc/init.d/openmptcprouter-vps index 57ada41aa..8e057ab96 100755 --- a/openmptcprouter/files/etc/init.d/openmptcprouter-vps +++ b/openmptcprouter/files/etc/init.d/openmptcprouter-vps @@ -6,7 +6,7 @@ START=99 USE_PROCD=1 -EXTRA_COMMANDS="set_pihole backup_send backup_get backup_list set_vps_firewall get_openvpn_key" +EXTRA_COMMANDS="set_pihole backup_send backup_get backup_list set_vps_firewall get_openvpn_key set_gre_tunnel" . /usr/lib/unbound/iptools.sh @@ -503,6 +503,7 @@ _get_vps_config() { } _get_gre_tunnel() { + [ -z "$servername" ] && servername=$1 [ -z "$vps_config" ] && vps_config=$(_get_json "config") [ -z "$vps_config" ] && return gre_tunnel_state="$(echo "$vps_config" | jsonfilter -q -e '@.gre_tunnel.enabled')" @@ -515,7 +516,7 @@ _get_gre_tunnel() { peeraddr="$(echo $tunnel | jsonfilter -q -e '@.remote_ip')" ipaddr="$(echo $tunnel | jsonfilter -q -e '@.local_ip')" publicaddr="$(echo $tunnel | jsonfilter -q -e '@.public_ip')" - if [ "$peeraddr" != "" ] && [ "$ipaddr" != "" ] && [ "$publicaddr" != "" ] && ([ "$(uci -q get network.oip${i}.ipaddr)" != "$peeraddr" ] || [ "$(uci -q get network.oip${i}.ipaddr)" != "$ipaddr" ] || [ "$(uci -q get network.oip${i}gre.ipaddr)" != "$vpnip_local" ]); then + if [ "$peeraddr" != "" ] && [ "$ipaddr" != "" ] && [ "$publicaddr" != "" ] && [ "$vpnip_local" != "" ] && ([ "$(uci -q get network.oip${i}.ipaddr)" != "$peeraddr" ] || [ "$(uci -q get network.oip${i}.ipaddr)" != "$ipaddr" ] || [ "$(uci -q get network.oip${i}gre.ipaddr)" != "$vpnip_local" ]); then uci -q batch <<-EOF >/dev/null set network.oip${i}gre=interface set network.oip${i}gre.label="GRE tunnel for $publicaddr" @@ -529,6 +530,7 @@ _get_gre_tunnel() { set network.oip${i}gre.ip4table='vpn' set network.oip${i}gre.peeraddr="$publicaddr" set network.oip${i}gre.ipaddr="$vpnip_local" + set network.oip${i}gre.tunlink='omrvpn' set network.oip${i}=interface set network.oip${i}.label="Tunnel for $publicaddr" set network.oip${i}.proto=static @@ -594,6 +596,12 @@ _get_gre_tunnel() { fi } +set_gre_tunnel() { + config_load openmptcprouter + config_foreach _get_gre_tunnel server +} + + _get_pihole() { [ -z "$vps_config" ] && vps_config=$(_get_json "config") [ -z "$vps_config" ] && return @@ -1044,7 +1052,16 @@ _set_vps_firewall() { fw3 -q print | grep 'vpn.* -d' | while IFS=$"\n" read -r c; do eval $(echo $c | sed 's/iptables/iptables -w/' | sed 's/-A/-D/') 2>&1 >/dev/null - newrule=$(echo $c | sed 's/iptables/iptables -w/' | sed -E -e 's/ -d ([^ ])*//' -e 's/ -s ([^ ])*//') + publicip=$(echo $c | awk -F'-d' '{print $2}' | cut -d '/' -f1 | sed 's/ //g') + [ -n "$publicip" ] && { + greintf=$(uci show network | grep "Tunnel for $publicip" | cut -d '.' -f2 | tr -d "\n") + [ -n "$greintf" ] && greip=$(uci -q get network.${greintf}.ipaddr) + } + if [ -z "$greip" ]; then + newrule=$(echo $c | sed 's/iptables/iptables -w/' | sed -E -e 's/ -d ([^ ])*//' -e 's/ -s ([^ ])*//') + else + newrule=$(echo $c | sed 's/iptables/iptables -w/' | sed -E -e "s/ -d ([^ ])*/ -d ${greip}\/255.255.255.252/" -e 's/ -s ([^ ])*//') + fi eval $(echo $newrule | sed 's/-A/-D/') || true eval $newrule done