Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- #DEBUG=; set -x # comment/uncomment to disable/enable debug mode
- # name: tomato-ovpn-remote-access.sh
- # version: 1.0.0, 18-may-2020, by eibgrad
- # purpose: enable remote access over wan w/ active openvpn client
- # script type: init (autostart)
- # installation:
- # 1. enable jffs (administration->jffs)
- # 2. enable syslog (administration->logging->syslog)
- # 3. use shell (telnet/ssh) to execute one of the following commands:
- # curl -kLs bit.ly/tomato-installer|tr -d '\r'|sh -s UUUT8GiW init
- # or
- # wget -qO - bit.ly/tomato-installer|tr -d '\r'|sh -s UUUT8GiW init
- # 4. modify options (minimally DDNS_DOMAIN_NAMES) using vi editor:
- # vi /jffs/etc/config/tomato-ovpn-remote-access.init
- # 5. reboot
- #
- {
- # ------------------------------ BEGIN OPTIONS ------------------------------- #
- # "roaming" ddns domain name(s)
- DDNS_DOMAIN_NAMES="
- myhostname.duckdns.org
- #myhostname2.duckdns.org
- #myhostname3.duckdns.org
- "
- # time (in secs) between checks for ddns updates
- UPDATE_INTERVAL=300
- # optional: well-known static routes
- STATIC_ROUTES="
- #171.190.59.0/24 # workplace
- #230.139.191.67 # vacation home
- #215.126.219.216 # local wifi cafe
- "
- # optional: some servers may update faster and/or more reliably than others
- #DNS_SERVER=1.1.1.1 # cloudflare
- #DNS_SERVER=8.8.8.8 # google
- #DNS_SERVER=9.9.9.9 # quad9
- # ------------------------------- END OPTIONS -------------------------------- #
- # ---------------------- DO NOT CHANGE BELOW THIS LINE ----------------------- #
- # function get_ip( domain-name [server] )
- get_ip() {
- nslookup $1 $2 2>/dev/null | \
- awk '/^Name:/,0 {if (/^Addr[^:]*: [0-9]{1,3}\./) print $3}'
- }
- # wait for wan availability
- while ! ping -qc1 -w3 8.8.8.8 >/dev/null 2>&1; do sleep 10; done
- # periodically update routing table
- while :; do
- gateway_ip="$(nvram get wan_gateway)"
- static_ip_list=""
- curr_ddns_ip_list=""
- routing_change=false
- # set internal field separator to newline
- OIFS="$IFS"; IFS=$'\n'
- # add well-known static route(s)
- for ip in $STATIC_ROUTES; do
- # skip comments and blank lines
- echo $ip | grep -Eq '^[[:space:]]*(#|$)' && continue
- # isolate ip address (treat the rest as comments)
- ip="$(echo $ip | awk '{print $1}')"
- # track static ips
- static_ip_list="$ip $static_ip_list"
- if ! ip route | grep -q "^$ip "; then
- if ip route add $ip via $gateway_ip; then
- routing_change=true
- echo "info: route added: $ip"
- fi
- fi
- done
- # add current ddns static route(s)
- for dom in $DDNS_DOMAIN_NAMES; do
- # skip comments and blank lines
- echo $dom | grep -Eq '^[[:space:]]*(#|$)' && continue
- # determine public ip (if any) bound to domain name
- ip="$(get_ip $dom $(echo $DNS_SERVER | awk '{print $1}'))"
- [ $ip ] || { echo "error: cannot resolve $dom"; continue; }
- # skip duplicates
- echo "$curr_ddns_ip_list" | grep -q "$ip " && continue
- # track ddns ips
- curr_ddns_ip_list="$ip $curr_ddns_ip_list"
- if ! ip route | grep -q "^$ip "; then
- if ip route add $ip via $gateway_ip; then
- routing_change=true
- echo "info: route added: $ip"
- fi
- fi
- done
- # reset internal field separator
- IFS="$OIFS"
- # delete previous ddns static route(s)
- for ip in $prev_ddns_ip_list; do
- if ! echo "$static_ip_list" | grep -q "$ip "; then
- if ! echo "$curr_ddns_ip_list" | grep -q "$ip "; then
- if ip route | grep -q "^$ip "; then
- if ip route del $ip via $gateway_ip; then
- routing_change=true
- echo "info: route deleted: $ip"
- fi
- fi
- fi
- fi
- done
- # force routing system to recognize changes
- [[ $routing_change == true ]] && ip route flush cache
- # save current ddns ips
- prev_ddns_ip_list="$curr_ddns_ip_list"
- # wait awhile and repeat
- sleep $UPDATE_INTERVAL
- done
- } 2>&1 | logger $([ ${DEBUG+x} ] && echo "-p user.debug") \
- -t $(echo $(basename $0) | grep -Eo '^.{0,23}')[$$] &
Add Comment
Please, Sign In to add comment
