टेक्स्ट की तुलना करें

दो टेक्स्ट फ़ाइलों के बीच अंतर ढूंढें

Real-time diff
Unified diff
Collapse lines
Highlight change
Syntax highlighting
टूल्स
Diffchecker Desktop icon
Diffchecker Desktop The most secure way to run Diffchecker. Get the Diffchecker Desktop app: your diffs never leave your computer!Get Desktop

Untitled diff

Created Diff never expires
2 removals
Lines
Total
Removed
Words
Total
Removed
To continue using this feature, upgrade to
Diffchecker logo
Diffchecker Pro
254 lines
4 additions
Lines
Total
Added
Words
Total
Added
To continue using this feature, upgrade to
Diffchecker logo
Diffchecker Pro
255 lines
#!/bin/sh
#!/bin/sh


PARAM=$*
PARAM=$*
if [ "$PARAM" == "" ]
if [ "$PARAM" == "" ]
then
then
# Add paramaters equivalent to those passed for up command
# Add paramaters equivalent to those passed for up command
PARAM="$dev $tun_mtu $link_mtu $ifconfig_local $ifconfig_remote"
PARAM="$dev $tun_mtu $link_mtu $ifconfig_local $ifconfig_remote"
fi
fi


my_logger(){
my_logger(){
if [ "$VPN_LOGGING" -gt "3" ]
if [ "$VPN_LOGGING" -gt "3" ]
then
then
logger -t "openvpn-routing" "$1"
logger -t "openvpn-routing" "$1"
fi
fi
}
}




create_client_list(){
create_client_list(){
OLDIFS=$IFS
OLDIFS=$IFS
IFS="<"
IFS="<"


for ENTRY in $VPN_IP_LIST
for ENTRY in $VPN_IP_LIST
do
do
if [ "$ENTRY" = "" ]
if [ "$ENTRY" = "" ]
then
then
continue
continue
fi
fi
TARGET_ROUTE=$(echo $ENTRY | cut -d ">" -f 4)
TARGET_ROUTE=$(echo $ENTRY | cut -d ">" -f 4)
if [ "$TARGET_ROUTE" = "WAN" ]
if [ "$TARGET_ROUTE" = "WAN" ]
then
then
TARGET_LOOKUP="main"
TARGET_LOOKUP="main"
WAN_PRIO=$((WAN_PRIO+1))
WAN_PRIO=$((WAN_PRIO+1))
RULE_PRIO=$WAN_PRIO
RULE_PRIO=$WAN_PRIO
TARGET_NAME="WAN"
TARGET_NAME="WAN"
else
else
TARGET_LOOKUP=$VPN_TBL
TARGET_LOOKUP=$VPN_TBL
VPN_PRIO=$((VPN_PRIO+1))
VPN_PRIO=$((VPN_PRIO+1))
RULE_PRIO=$VPN_PRIO
RULE_PRIO=$VPN_PRIO
TARGET_NAME="VPN client "$VPN_UNIT
TARGET_NAME="VPN client "$VPN_UNIT
fi
fi
VPN_IP=$(echo $ENTRY | cut -d ">" -f 2)
VPN_IP=$(echo $ENTRY | cut -d ">" -f 2)
if [ "$VPN_IP" != "0.0.0.0" ]
if [ "$VPN_IP" != "0.0.0.0" ]
then
then
SRCC="from"
SRCC="from"
SRCA="$VPN_IP"
SRCA="$VPN_IP"
else
else
SRCC=""
SRCC=""
SRCA=""
SRCA=""
fi
fi
DST_IP=$(echo $ENTRY | cut -d ">" -f 3)
DST_IP=$(echo $ENTRY | cut -d ">" -f 3)
if [ "$DST_IP" != "0.0.0.0" ]
if [ "$DST_IP" != "0.0.0.0" ]
then
then
DSTC="to"
DSTC="to"
DSTA="$DST_IP"
DSTA="$DST_IP"
else
else
DSTC=""
DSTC=""
DSTA=""
DSTA=""
fi
fi
if [ "$SRCC" != "" -o "$DSTC" != "" ]
if [ "$SRCC" != "" -o "$DSTC" != "" ]
then
then
ip rule add $SRCC $SRCA $DSTC $DSTA table $TARGET_LOOKUP priority $RULE_PRIO
ip rule add $SRCC $SRCA $DSTC $DSTA table $TARGET_LOOKUP priority $RULE_PRIO
my_logger "Adding route for $VPN_IP to $DST_IP through $TARGET_NAME"
my_logger "Adding route for $VPN_IP to $DST_IP through $TARGET_NAME"
fi
fi
done
done
IFS=$OLDIFS
IFS=$OLDIFS
}
}


purge_client_list(){
purge_client_list(){
IP_LIST=$(ip rule show | cut -d ":" -f 1)
IP_LIST=$(ip rule show | cut -d ":" -f 1)
for PRIO in $IP_LIST
for PRIO in $IP_LIST
do
do
if [ $PRIO -ge $START_PRIO -a $PRIO -le $END_PRIO ]
if [ $PRIO -ge $START_PRIO -a $PRIO -le $END_PRIO ]
then
then
ip rule del prio $PRIO
ip rule del prio $PRIO
my_logger "Removing rule $PRIO from routing policy"
my_logger "Removing rule $PRIO from routing policy"
fi
fi
done
done
}
}


run_custom_script(){
run_custom_script(){
if [ -f /jffs/scripts/openvpn-event ]
if [ -f /jffs/scripts/openvpn-event ]
then
then
logger -t "custom_script" "Running /jffs/scripts/openvpn-event (args: $PARAM)"
logger -t "custom_script" "Running /jffs/scripts/openvpn-event (args: $PARAM)"
sh /jffs/scripts/openvpn-event $PARAM
sh /jffs/scripts/openvpn-event $PARAM
fi
fi
}
}


init_table(){
init_table(){
my_logger "Creating VPN routing table (mode $VPN_REDIR)"
my_logger "Creating VPN routing table (mode $VPN_REDIR)"
ip route flush table $VPN_TBL
ip route flush table $VPN_TBL


# Fill it with copy of existing main table
# Fill it with copy of existing main table
if [ "$VPN_REDIR" == "3" ]
if [ "$VPN_REDIR" == "3" ]
then
then
LANIFNAME=$(nvram get lan_ifname)
LANIFNAME=$(nvram get lan_ifname)
ip route show table main dev $LANIFNAME | while read ROUTE
ip route show table main dev $LANIFNAME | while read ROUTE
do
do
ip route add table $VPN_TBL $ROUTE dev $LANIFNAME
ip route add table $VPN_TBL $ROUTE dev $LANIFNAME
done
done
ip route show table main dev $dev | while read ROUTE
ip route show table main dev $dev | while read ROUTE
do
do
ip route add table $VPN_TBL $ROUTE dev $dev
ip route add table $VPN_TBL $ROUTE dev $dev
done
done
elif [ "$VPN_REDIR" == "2" ]
elif [ "$VPN_REDIR" == "2" ]
then
then
ip route show table main | while read ROUTE
ip route show table main | while read ROUTE
do
do
ip route add table $VPN_TBL $ROUTE
ip route add table $VPN_TBL $ROUTE
done
done
fi
fi
}
}


# Begin
# Begin
if [ "$dev" == "tun11" ]
if [ "$dev" == "tun11" ]
then
then
VPN_IP_LIST=$(nvram get vpn_client1_clientlist)
VPN_IP_LIST=$(nvram get vpn_client1_clientlist)
VPN_REDIR=$(nvram get vpn_client1_rgw)
VPN_REDIR=$(nvram get vpn_client1_rgw)
VPN_FORCE=$(nvram get vpn_client1_enforce)
VPN_FORCE=$(nvram get vpn_client1_enforce)
VPN_UNIT=1
VPN_UNIT=1
VPN_LOGGING=$(nvram get vpn_client1_verb)
VPN_LOGGING=$(nvram get vpn_client1_verb)
elif [ "$dev" == "tun12" ]
elif [ "$dev" == "tun12" ]
then
then
VPN_IP_LIST=$(nvram get vpn_client2_clientlist)
VPN_IP_LIST=$(nvram get vpn_client2_clientlist)
VPN_REDIR=$(nvram get vpn_client2_rgw)
VPN_REDIR=$(nvram get vpn_client2_rgw)
VPN_FORCE=$(nvram get vpn_client2_enforce)
VPN_FORCE=$(nvram get vpn_client2_enforce)
VPN_UNIT=2
VPN_UNIT=2
VPN_LOGGING=$(nvram get vpn_client2_verb)
VPN_LOGGING=$(nvram get vpn_client2_verb)
elif [ "$dev" == "tun13" ]
elif [ "$dev" == "tun13" ]
then
then
VPN_IP_LIST=$(nvram get vpn_client3_clientlist)
VPN_IP_LIST=$(nvram get vpn_client3_clientlist)
VPN_REDIR=$(nvram get vpn_client3_rgw)
VPN_REDIR=$(nvram get vpn_client3_rgw)
VPN_FORCE=$(nvram get vpn_client3_enforce)
VPN_FORCE=$(nvram get vpn_client3_enforce)
VPN_UNIT=3
VPN_UNIT=3
VPN_LOGGING=$(nvram get vpn_client3_verb)
VPN_LOGGING=$(nvram get vpn_client3_verb)
elif [ "$dev" == "tun14" ]
elif [ "$dev" == "tun14" ]
then
then
VPN_IP_LIST=$(nvram get vpn_client4_clientlist)
VPN_IP_LIST=$(nvram get vpn_client4_clientlist)
VPN_REDIR=$(nvram get vpn_client4_rgw)
VPN_REDIR=$(nvram get vpn_client4_rgw)
VPN_FORCE=$(nvram get vpn_client4_enforce)
VPN_FORCE=$(nvram get vpn_client4_enforce)
VPN_UNIT=4
VPN_UNIT=4
VPN_LOGGING=$(nvram get vpn_client4_verb)
VPN_LOGGING=$(nvram get vpn_client4_verb)
elif [ "$dev" == "tun15" ]
elif [ "$dev" == "tun15" ]
then
then
VPN_IP_LIST=$(nvram get vpn_client5_clientlist)
VPN_IP_LIST=$(nvram get vpn_client5_clientlist)
VPN_REDIR=$(nvram get vpn_client5_rgw)
VPN_REDIR=$(nvram get vpn_client5_rgw)
VPN_FORCE=$(nvram get vpn_client5_enforce)
VPN_FORCE=$(nvram get vpn_client5_enforce)
VPN_UNIT=5
VPN_UNIT=5
VPN_LOGGING=$(nvram get vpn_client5_verb)
VPN_LOGGING=$(nvram get vpn_client5_verb)
else
else
run_custom_script
run_custom_script
exit 0
exit 0
fi
fi


VPN_TBL="ovpnc"$VPN_UNIT
VPN_TBL="ovpnc"$VPN_UNIT
START_PRIO=$((10000+(200*($VPN_UNIT-1))))
START_PRIO=$((10000+(200*($VPN_UNIT-1))))
END_PRIO=$(($START_PRIO+199))
END_PRIO=$(($START_PRIO+199))
WAN_PRIO=$START_PRIO
WAN_PRIO=$START_PRIO
VPN_PRIO=$(($START_PRIO+100))
VPN_PRIO=$(($START_PRIO+100))


export VPN_GW VPN_IP VPN_TBL VPN_FORCE
export VPN_GW VPN_IP VPN_TBL VPN_FORCE




# webui reports that vpn_force changed while vpn client was down
# webui reports that vpn_force changed while vpn client was down
if [ $script_type = "rmupdate" ]
if [ $script_type = "rmupdate" ]
then
then
my_logger "Refreshing policy rules for client $VPN_UNIT"
my_logger "Refreshing policy rules for client $VPN_UNIT"
purge_client_list
purge_client_list


if [ $VPN_FORCE == "1" -a $VPN_REDIR -ge "2" ]
if [ $VPN_FORCE == "1" -a $VPN_REDIR -ge "2" ]
then
then
init_table
init_table
my_logger "Tunnel down - VPN client access blocked"
my_logger "Tunnel down - VPN client access blocked"
ip route del default table $VPN_TBL
ip route del default table $VPN_TBL
ip route add prohibit default table $VPN_TBL
ip route add prohibit default table $VPN_TBL
create_client_list
create_client_list
else
else
my_logger "Allow WAN access to all VPN clients"
my_logger "Allow WAN access to all VPN clients"
ip route flush table $VPN_TBL
ip route flush table $VPN_TBL
fi
fi
ip route flush cache
ip route flush cache
exit 0
exit 0
fi
fi


if [ $script_type == "route-up" -a $VPN_REDIR -lt "2" ]
if [ $script_type == "route-up" -a $VPN_REDIR -lt "2" ]
then
then
my_logger "Skipping, client $VPN_UNIT not in routing policy mode"
my_logger "Skipping, client $VPN_UNIT not in routing policy mode"
run_custom_script
run_custom_script
exit 0
exit 0
fi
fi


logger -t "openvpn-routing" "Configuring policy rules for client $VPN_UNIT"
logger -t "openvpn-routing" "Configuring policy rules for client $VPN_UNIT"


if [ $script_type == "route-pre-down" ]
if [ $script_type == "route-pre-down" ]
then
then
purge_client_list
purge_client_list


if [ $VPN_FORCE == "1" -a $VPN_REDIR -ge "2" ]
if [ $VPN_FORCE == "1" -a $VPN_REDIR -ge "2" ]
then
then
logger -t "openvpn-routing" "Tunnel down - VPN client access blocked"
logger -t "openvpn-routing" "Tunnel down - VPN client access blocked"
ip route change prohibit default table $VPN_TBL
ip route change prohibit default table $VPN_TBL
create_client_list
create_client_list
else
else
ip route flush table $VPN_TBL
ip route flush table $VPN_TBL
my_logger "Flushing client routing table"
my_logger "Flushing client routing table"
fi
fi
fi # End route down
fi # End route down






if [ $script_type == "route-up" ]
if [ $script_type == "route-up" ]
then
then
init_table
init_table


# Delete existing VPN routes that were pushed by server on table main
# Delete existing VPN routes that were pushed by server on table main
NET_LIST=$(ip route show|awk '$2=="via" && $3==ENVIRON["route_vpn_gateway"] && $4=="dev" && $5==ENVIRON["dev"] {print $1}')
NET_LIST=$(ip route show|awk '$2=="via" && $3==ENVIRON["route_vpn_gateway"] {print $1}')
for NET in $NET_LIST
for NET in $NET_LIST
do
do
ip route del $NET dev $dev
ip route del $NET
ip route del $NET table $VPN_TBL
my_logger "Removing route for $NET to $dev from main routing table"
my_logger "Removing route for $NET to $dev from main routing table"
done
done


# Update policy rules
# Update policy rules
purge_client_list
purge_client_list
create_client_list
create_client_list


# Setup table default route
# Setup table default route
if [ "$VPN_IP_LIST" != "" ]
if [ "$VPN_IP_LIST" != "" ]
then
then
if [ "$VPN_FORCE" == "1" ]
if [ "$VPN_FORCE" == "1" ]
then
then
logger -t "openvpn-routing" "Tunnel re-established, restoring WAN access to clients"
logger -t "openvpn-routing" "Tunnel re-established, restoring WAN access to clients"
fi
fi
if [ "$route_net_gateway" != "" ]
if [ "$route_net_gateway" != "" ]
then
then
ip route del default table $VPN_TBL
ip route del default table $VPN_TBL
ip route add default via $route_vpn_gateway table $VPN_TBL
ip route add default via $route_vpn_gateway table $VPN_TBL dev $dev
else
else
logger -t "openvpn-routing" "WARNING: no VPN gateway provided, routing might not work properly!"
logger -t "openvpn-routing" "WARNING: no VPN gateway provided, routing might not work properly!"
fi
fi
fi
fi


if [ "$route_net_gateway" != "" ]
if [ "$route_net_gateway" != "" ]
then
then
ip route del default
ip route del default
ip route add default via $route_net_gateway
ip route add default via $route_net_gateway
fi
fi
fi # End route-up
fi # End route-up


ip route flush cache
ip route flush cache
my_logger "Completed routing policy configuration for client $VPN_UNIT"
my_logger "Completed routing policy configuration for client $VPN_UNIT"
run_custom_script
run_custom_script


exit 0
exit 0


सेव किए गए Diffs