openwrt-packages/net/travelmate/files/travelmate.vpn

#!/bin/sh
# vpn handler called by travelmate
# Copyright (c) 2020-2023 Dirk Brenken (dev@brenken.org)
# This is free software, licensed under the GNU General Public License v3.

# set (s)hellcheck exceptions
# shellcheck disable=all

# Please note: you have to setup the package 'wireguard' or 'openvpn' before using this script

. "/lib/functions.sh"

export LC_ALL=C
export PATH="/usr/sbin:/usr/bin:/sbin:/bin"

vpn="${1}"
vpn_action="${2}"
vpn_service="${3}"
vpn_iface="${4}"
vpn_instance="${5}"
trm_maxwait="$(uci_get travelmate global trm_maxwait "30")"
trm_captiveurl="$(uci_get travelmate global trm_captiveurl "http://detectportal.firefox.com")"
trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/118.0")"
trm_ubuscmd="$(command -v ubus)"
trm_jsoncmd="$(command -v jsonfilter)"
trm_logger="$(command -v logger)"
trm_fetch="$(command -v curl)"
trm_vpnfile="/var/state/travelmate.vpn"

f_net() {
	local json_rc

	json_rc="$(${trm_fetch} --user-agent "${trm_useragent}" --referer "http://www.example.com" --header "Cache-Control: no-cache, no-store, must-revalidate, max-age=0" --write-out "%{response_code}" --silent --output /dev/null --max-time $((trm_maxwait / 6)) "${trm_captiveurl}")"
	if [ "${json_rc}" = "200" ] || [ "${json_rc}" = "204" ]; then
		json_rc="net ok"
	fi
	printf "%s" "${json_rc}"
}

if [ "${vpn}" = "1" ] && [ "${vpn_action%_*}" = "enable" ]; then
	if [ "${vpn_action}" = "enable_keep" ]; then
		vpn_status="$("${trm_ubuscmd}" -S call network.interface."${vpn_iface}" status 2>/dev/null | "${trm_jsoncmd}" -ql1 -e '@.up')"
	fi
	if [ "${vpn_action}" = "enable" ] || [ "${vpn_status}" != "true" ]; then
		if [ "${vpn_status}" != "true" ]; then
			/sbin/ifdown "${vpn_iface}"
			"${trm_ubuscmd}" -S call network.interface."${vpn_iface}" remove >/dev/null 2>&1
		fi
		if [ "${vpn_service}" = "openvpn" ] && [ -n "${vpn_instance}" ] && [ -x "/etc/init.d/openvpn" ] && /etc/init.d/openvpn running "${vpn_instance}"; then
			/etc/init.d/openvpn stop "${vpn_instance}"
			sleep 1
		fi
		if [ "${vpn_service}" = "openvpn" ] && [ -n "${vpn_instance}" ] && [ -x "/etc/init.d/openvpn" ] && ! /etc/init.d/openvpn running "${vpn_instance}"; then
			/etc/init.d/openvpn start "${vpn_instance}"
		fi
		/sbin/ifup "${vpn_iface}"
		cnt=0
		while true; do
			vpn_status="$("${trm_ubuscmd}" -S call network.interface."${vpn_iface}" status 2>/dev/null | "${trm_jsoncmd}" -ql1 -e '@.up')"
			if [ "${vpn_status}" = "true" ]; then
				net_status="$(f_net)"
				if [ "${net_status}" = "net ok" ]; then
					: >"${trm_vpnfile}"
					"${trm_logger}" -p "info" -t "trm-vpn  [${$}]" "${vpn_service} client connection enabled '${vpn_iface}/${vpn_instance:-"-"}'" 2>/dev/null
					break
				fi
			fi
			if [ "${cnt}" -ge "$((trm_maxwait / 3))" ]; then
				/sbin/ifdown "${vpn_iface}"
				"${trm_ubuscmd}" -S call network.interface."${vpn_iface}" remove >/dev/null 2>&1
				if [ "${vpn_service}" = "openvpn" ] && [ -n "${vpn_instance}" ] && [ -x "/etc/init.d/openvpn" ] && /etc/init.d/openvpn running "${vpn_instance}"; then
					/etc/init.d/openvpn stop "${vpn_instance}"
				fi
				rm -f "${trm_vpnfile}"
				"${trm_logger}" -p "info" -t "trm-vpn  [${$}]" "${vpn_service} client connection can't be established '${vpn_iface}/${vpn_instance:-"-", rc: ${net_status:-"-"}}'" 2>/dev/null
				return 1
			fi
			sleep 1
			cnt="$((cnt + 1))"
		done
	fi
elif { [ "${vpn}" != "1" ] && [ "${vpn_action%_*}" = "enable" ]; } || [ "${vpn_action}" = "disable" ]; then
	/sbin/ifdown "${vpn_iface}"
	"${trm_ubuscmd}" -S call network.interface."${vpn_iface}" remove >/dev/null 2>&1
	if [ "${vpn_service}" = "openvpn" ] && [ -n "${vpn_instance}" ] && [ -x "/etc/init.d/openvpn" ] && /etc/init.d/openvpn running "${vpn_instance}"; then
		/etc/init.d/openvpn stop "${vpn_instance}"
	fi
	rm -f "${trm_vpnfile}"
	"${trm_logger}" -p "info" -t "trm-vpn  [${$}]" "${vpn_service} client connection disabled '${vpn_iface}/${vpn_instance:-"-"}'" 2>/dev/null
fi