free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

vpn ip range

Bob Mottram 7 years ago
parent
1ed9361f77
commit
e9c47c397e
1 changed files with 4 additions and 13 deletions
Unified View Show Diff Stats
  1. 4
    13
      src/freedombone-utils-firewall

+ 4
- 13
src/freedombone-utils-firewall View File

110 
     echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
 110 
     echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
111 
 }
 111 
 }
112
112
113 
-function firewall_update_external_ip {
113 
+function update_external_ip {
114 
     ip_update_script=/usr/bin/externalipupdate
 114 
     ip_update_script=/usr/bin/externalipupdate
115 
     echo '#!/bin/bash' >> $ip_update_script
 115 
     echo '#!/bin/bash' >> $ip_update_script
116 
     echo "existing_ip=\$(cat $CONFIGURATION_FILE | grep \"EXTERNAL_IPV4_ADDRESS=\" | head -n 1 | awk -F '=' '{print \$2}')'" >> $ip_update_script
 116 
     echo "existing_ip=\$(cat $CONFIGURATION_FILE | grep \"EXTERNAL_IPV4_ADDRESS=\" | head -n 1 | awk -F '=' '{print \$2}')'" >> $ip_update_script
117 
     echo "curr_ip=\$(nslookup . $EXTERNAL_IP_LOOKUP_URL | grep Address | tail -n 1 | awk -F ' ' '{print \$2}')" >> $ip_update_script
 117 
     echo "curr_ip=\$(nslookup . $EXTERNAL_IP_LOOKUP_URL | grep Address | tail -n 1 | awk -F ' ' '{print \$2}')" >> $ip_update_script
118 
     echo 'if [[ "$curr_ip" != "$existing_ip" ]]; then' >> $ip_update_script
 118 
     echo 'if [[ "$curr_ip" != "$existing_ip" ]]; then' >> $ip_update_script
119 
     echo "  sed -i \"s|EXTERNAL_IPV4_ADDRESS=.*|EXTERNAL_IPV4_ADDRESS=\${curr_ip}|g\" $CONFIGURATION_FILE" >> $ip_update_script
 119 
     echo "  sed -i \"s|EXTERNAL_IPV4_ADDRESS=.*|EXTERNAL_IPV4_ADDRESS=\${curr_ip}|g\" $CONFIGURATION_FILE" >> $ip_update_script
120 
-    echo "  iptables -t nat -D POSTROUTING -s \${curr_ip}/24 -o ${FIREWALL_EIFACE} -j MASQUERADE" >> $ip_update_script
121 
-    echo "  iptables -t nat -A POSTROUTING -s \${curr_ip}/24 -o ${FIREWALL_EIFACE} -j MASQUERADE" >> $ip_update_script
122 
     echo '  iptables-save > /etc/firewall.conf' >> $ip_update_script
 120 
     echo '  iptables-save > /etc/firewall.conf' >> $ip_update_script
123 
     echo 'fi' >> $ip_update_script
 121 
     echo 'fi' >> $ip_update_script
124
122
126 
 }
 124 
 }
127
125
128 
 function firewall_disable_vpn {
 126 
 function firewall_disable_vpn {
129 
-    read_config_param EXTERNAL_IPV4_ADDRESS
130 
-    if [ ! $EXTERNAL_IPV4_ADDRESS ]; then
131 
-        return
132 
-    fi
133 
-    sed -i '/externalipupdate/d' /etc/crontab
134 
     iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
 127 
     iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
135 
     iptables -D INPUT -i tun+ -j ACCEPT
 128 
     iptables -D INPUT -i tun+ -j ACCEPT
136 
     iptables -D FORWARD -i tun+ -j ACCEPT
 129 
     iptables -D FORWARD -i tun+ -j ACCEPT
137 
     iptables -D FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
 130 
     iptables -D FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
138 
     iptables -D FORWARD -i ${FIREWALL_EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
 131 
     iptables -D FORWARD -i ${FIREWALL_EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
139 
-    iptables -t nat -D POSTROUTING -s ${EXTERNAL_IPV4_ADDRESS}/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
132 
+    iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
140 
     iptables -D OUTPUT -o tun+ -j ACCEPT
 133 
     iptables -D OUTPUT -o tun+ -j ACCEPT
141 
     save_firewall_settings
 134 
     save_firewall_settings
135 
+
142 
     sed -i '/VPN=/d' $FIREWALL_CONFIG
 136 
     sed -i '/VPN=/d' $FIREWALL_CONFIG
143 
 }
 137 
 }
144
138
145 
 function firewall_enable_vpn {
 139 
 function firewall_enable_vpn {
146 
-    curr_external_ipv4_address=$(get_external_ipv4_address)
147 
     iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
 140 
     iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
148 
     iptables -A INPUT -i tun+ -j ACCEPT
 141 
     iptables -A INPUT -i tun+ -j ACCEPT
149 
     iptables -A FORWARD -i tun+ -j ACCEPT
 142 
     iptables -A FORWARD -i tun+ -j ACCEPT
150 
     iptables -A FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
 143 
     iptables -A FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
151 
     iptables -A FORWARD -i ${FIREWALL_EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
 144 
     iptables -A FORWARD -i ${FIREWALL_EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
152 
-    iptables -t nat -A POSTROUTING -s ${curr_external_ipv4_address}/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
145 
+    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
153 
     iptables -A OUTPUT -o tun+ -j ACCEPT
 146 
     iptables -A OUTPUT -o tun+ -j ACCEPT
154 
-    write_config_param EXTERNAL_IPV4_ADDRESS "$curr_external_ipv4_address"
155 
     save_firewall_settings
 147 
     save_firewall_settings
156
148
157 
-    firewall_update_external_ip
158 
     echo "VPN=1194" >> $FIREWALL_CONFIG
 149 
     echo "VPN=1194" >> $FIREWALL_CONFIG
159 
 }
 150 
 }
160
151