|
|
@@ -110,15 +110,13 @@ function enable_ipv6 {
|
|
110
|
110
|
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
|
|
111
|
111
|
}
|
|
112
|
112
|
|
|
113
|
|
-function firewall_update_external_ip {
|
|
|
113
|
+function update_external_ip {
|
|
114
|
114
|
ip_update_script=/usr/bin/externalipupdate
|
|
115
|
115
|
echo '#!/bin/bash' >> $ip_update_script
|
|
116
|
116
|
echo "existing_ip=\$(cat $CONFIGURATION_FILE | grep \"EXTERNAL_IPV4_ADDRESS=\" | head -n 1 | awk -F '=' '{print \$2}')'" >> $ip_update_script
|
|
117
|
117
|
echo "curr_ip=\$(nslookup . $EXTERNAL_IP_LOOKUP_URL | grep Address | tail -n 1 | awk -F ' ' '{print \$2}')" >> $ip_update_script
|
|
118
|
118
|
echo 'if [[ "$curr_ip" != "$existing_ip" ]]; then' >> $ip_update_script
|
|
119
|
119
|
echo " sed -i \"s|EXTERNAL_IPV4_ADDRESS=.*|EXTERNAL_IPV4_ADDRESS=\${curr_ip}|g\" $CONFIGURATION_FILE" >> $ip_update_script
|
|
120
|
|
- echo " iptables -t nat -D POSTROUTING -s \${curr_ip}/24 -o ${FIREWALL_EIFACE} -j MASQUERADE" >> $ip_update_script
|
|
121
|
|
- echo " iptables -t nat -A POSTROUTING -s \${curr_ip}/24 -o ${FIREWALL_EIFACE} -j MASQUERADE" >> $ip_update_script
|
|
122
|
120
|
echo ' iptables-save > /etc/firewall.conf' >> $ip_update_script
|
|
123
|
121
|
echo 'fi' >> $ip_update_script
|
|
124
|
122
|
|
|
|
@@ -126,35 +124,28 @@ function firewall_update_external_ip {
|
|
126
|
124
|
}
|
|
127
|
125
|
|
|
128
|
126
|
function firewall_disable_vpn {
|
|
129
|
|
- read_config_param EXTERNAL_IPV4_ADDRESS
|
|
130
|
|
- if [ ! $EXTERNAL_IPV4_ADDRESS ]; then
|
|
131
|
|
- return
|
|
132
|
|
- fi
|
|
133
|
|
- sed -i '/externalipupdate/d' /etc/crontab
|
|
134
|
127
|
iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
|
|
135
|
128
|
iptables -D INPUT -i tun+ -j ACCEPT
|
|
136
|
129
|
iptables -D FORWARD -i tun+ -j ACCEPT
|
|
137
|
130
|
iptables -D FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
138
|
131
|
iptables -D FORWARD -i ${FIREWALL_EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
139
|
|
- iptables -t nat -D POSTROUTING -s ${EXTERNAL_IPV4_ADDRESS}/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
|
|
|
132
|
+ iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
|
|
140
|
133
|
iptables -D OUTPUT -o tun+ -j ACCEPT
|
|
141
|
134
|
save_firewall_settings
|
|
|
135
|
+
|
|
142
|
136
|
sed -i '/VPN=/d' $FIREWALL_CONFIG
|
|
143
|
137
|
}
|
|
144
|
138
|
|
|
145
|
139
|
function firewall_enable_vpn {
|
|
146
|
|
- curr_external_ipv4_address=$(get_external_ipv4_address)
|
|
147
|
140
|
iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
|
|
148
|
141
|
iptables -A INPUT -i tun+ -j ACCEPT
|
|
149
|
142
|
iptables -A FORWARD -i tun+ -j ACCEPT
|
|
150
|
143
|
iptables -A FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
151
|
144
|
iptables -A FORWARD -i ${FIREWALL_EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
152
|
|
- iptables -t nat -A POSTROUTING -s ${curr_external_ipv4_address}/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
|
|
|
145
|
+ iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
|
|
153
|
146
|
iptables -A OUTPUT -o tun+ -j ACCEPT
|
|
154
|
|
- write_config_param EXTERNAL_IPV4_ADDRESS "$curr_external_ipv4_address"
|
|
155
|
147
|
save_firewall_settings
|
|
156
|
148
|
|
|
157
|
|
- firewall_update_external_ip
|
|
158
|
149
|
echo "VPN=1194" >> $FIREWALL_CONFIG
|
|
159
|
150
|
}
|
|
160
|
151
|
|
Bob Mottram
7 лет назад