57 lines
1.4 KiB
Bash
Executable File
57 lines
1.4 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Updates openvpn client.conf with auth credentials,
|
|
# adds iptables rules to forward traffic from tun0
|
|
# to configured wireless interface
|
|
# @author billz
|
|
# license: GNU General Public License v3.0
|
|
|
|
# Exit on error
|
|
set -o errexit
|
|
# Exit on error inside functions
|
|
set -o errtrace
|
|
# Turn on traces, disabled by default
|
|
#set -o xtrace
|
|
|
|
file=$1
|
|
auth=$2
|
|
interface=$3
|
|
readonly rulesv4="/etc/iptables/rules.v4"
|
|
|
|
if [ "$auth" = 1 ]; then
|
|
echo "Enabling auth-user-pass in OpenVPN client.conf"
|
|
line='auth-user-pass'
|
|
if grep -q "$line" $file; then
|
|
echo "Updating $line"
|
|
sudo sed -i "s/$line/$line login.conf/g" $file
|
|
else
|
|
echo "Adding $line"
|
|
sudo sed -i "$ a $line login.conf" $file
|
|
fi
|
|
fi
|
|
|
|
# Configure NAT and forwarding with iptables
|
|
echo "Checking iptables rules"
|
|
rules=(
|
|
"-A POSTROUTING -o tun0 -j MASQUERADE"
|
|
"-A FORWARD -i tun0 -o ${interface} -m state --state RELATED,ESTABLISHED -j ACCEPT"
|
|
"-A FORWARD -i ${interface} -o tun0 -j ACCEPT"
|
|
)
|
|
|
|
for rule in "${rules[@]}"; do
|
|
if grep -- "$rule" $rulesv4 > /dev/null; then
|
|
echo "Rule already exits: ${rule}"
|
|
else
|
|
rule=$(sed -e 's/^\(-A POSTROUTING\)/-t nat \1/' <<< $rule)
|
|
echo "Adding rule: ${rule}"
|
|
sudo iptables $rule
|
|
added=true
|
|
fi
|
|
done
|
|
|
|
if [ "$added" = true ]; then
|
|
echo "Persisting IP tables rules"
|
|
sudo iptables-save | sudo tee $rulesv4 > /dev/null
|
|
fi
|
|
|