diff --git a/omr-6in4-service b/omr-6in4-service index be30d17..539556a 100755 --- a/omr-6in4-service +++ b/omr-6in4-service @@ -30,28 +30,32 @@ _ping() { } while true; do + source /etc/shorewall/params.vpn currentaddr=$(ip addr show omr-6in4 | grep link/sit | awk '{print $2}' | tr -d "\n") currentpeer=$(ip addr show omr-6in4 | grep link/sit | awk '{print $4}' | tr -d "\n") if [ -n "$currentpeer" ]; then _ping $currentpeer status=$? - if ! $(exit $status); then + if ! $(exit $status) || [ "$currentpeer" != "$OMR_ADDR" ]; then allip_tcp=$(ip -4 addr show gt-tun0 | grep inet) allip_udp=$(ip -4 addr show gt-udp-tun0 | grep inet) allip_mlvpn=$(ip -4 addr show mlvpn0 | grep inet) + allip_openvpn=$(ip -4 addr show tun0 | grep inet) allip="$allip_tcp $allip_udp +$allip_openvpn $allip_mlvpn" while IFS= read -r inet; do ip=$(echo $inet | awk '{print $2}' | cut -d/ -f1 | tr -d "\n") ipd=$(echo $ip | sed 's/.1/.2/' | tr -d "\n") _ping $ipd - status=$? - if $(exit $status); then + statusp=$? + if $(exit $statusp); then ip tunnel change omr-6in4 mode sit remote $ipd local $ip - echo "OMR_ADDR=$ipd" > /etc/shorewall/params.vpn + echo "VPS_ADDR=$ip" > /etc/shorewall/params.vpn + echo "OMR_ADDR=$ipd" >> /etc/shorewall/params.vpn iface=$(ip -4 addr | grep $ip | awk '{print $7}' | tr -d "\n") - echo "OMR_IFACE=$iface" >> /etc/shorewall/params.vpn + echo "VPS_IFACE=$iface" >> /etc/shorewall/params.vpn systemctl reload shorewall break fi diff --git a/shorewall4/params.vpn b/shorewall4/params.vpn index b8a0578..e4082cb 100644 --- a/shorewall4/params.vpn +++ b/shorewall4/params.vpn @@ -1,2 +1,3 @@ -OMR_ADDR=10.255.255.1 -OMR_IFACE=gt-tun0 +VPS_ADDR=10.255.255.1 +OMR_ADDR=10.255.255.2 +VPS_IFACE=gt-tun0 diff --git a/shorewall4/snat b/shorewall4/snat index a27d927..024c9d8 100644 --- a/shorewall4/snat +++ b/shorewall4/snat @@ -20,4 +20,4 @@ MASQUERADE 10.0.0.0/8,\ 172.16.0.0/12,\ 192.168.0.0/16 eth0 # SNAT from VPN server for all VPN clients -SNAT($OMR_ADDR) 0.0.0.0/0 $OMR_IFACE +#SNAT($VPS_ADDR) 0.0.0.0/0 $VPS_IFACE