merlin-ovpn-sync-routes.sh

1. #!/bin/sh
2. #DEBUG= # uncomment/comment to enable/disable debug mode
3.  
4. #          name: merlin-ovpn-sync-routes.sh
5. #       version: 2.0.0, 22-jul-2022, by eibgrad
6. #       purpose: synchronize openvpn client and server routing tables
7. #       type(s): openvpn-event
8. #          href: https://tinyurl.com/2jenwbe5
9. #  installation:
10. #    1. enable jffs custom scripts and configs (administration->system)
11. #    2. ssh to router and copy/paste the following command:
12. #         curl -kLs bit.ly/merlin-installer|tr -d '\r'|sh -s kTThBV46
13. #    3. reboot
14.  
15. SCRIPTS_DIR='/jffs/scripts'
16. SCRIPT1="$SCRIPTS_DIR/merlin-ovpn-sync-routes.sh"
17. SCRIPT2="$SCRIPTS_DIR/openvpn-event"
18.  
19. mkdir -p $SCRIPTS_DIR
20.  
21. # ---------------------- begin merlin-ovpn-sync-routes ----------------------- #
22. cat << 'EOF' > $SCRIPT1
23. #!/bin/sh
24. #set -x # comment/uncomment to disable/enable debug mode
25. {
26. # required for serialization when reentry is possible
27. LOCK="/tmp/var/lock/$(basename $0).lock"
28. acquire_lock() { while ! mkdir $LOCK &>/dev/null; do sleep 2; done; }
29. release_lock() { rmdir $LOCK &>/dev/null; }
30.  
31. # exit (any concurrent instance(s) may now run)
32. exit_0() { release_lock; exit 0; }
33.  
34. # one instance at a time
35. acquire_lock
36.  
37. # only relevant for routed (tun) openvpn server up event
38. [[ "${dev:0:4}" == 'tun2' && "$script_type" == 'up' ]] || exit_0
39.  
40. # ensure every openvpn client's routing policy table ...
41. for i in 1 2 3 4 5; do
42.     [ "$(ip route show table ovpnc${i})" ] || continue
43.  
44.     # ... contains the server's ip network on the tunnel
45.     while read route; do
46.         ip route add $route table ovpnc${i} 2>/dev/null && routing_changed=
47.     done << EOR
48.     $(ip route | grep $dev)
49. EOR
50. done
51.  
52. # force routing system to recognize any changes
53. [ ${routing_changed+x} ] && ip route flush cache
54.  
55. exit_0
56. } 2>&1 | logger -t $(basename $0 .sh)[$$]
57. EOF
58. [ ${DEBUG+x} ] && sed -ri '2 s/^#(set -x)/\1/' $SCRIPT1
59. chmod +x $SCRIPT1
60. echo "installed: $SCRIPT1"
61. # ----------------------- end merlin-ovpn-sync-routes ------------------------ #
62.  
63. # --------------------------- begin openvpn-event ---------------------------- #
64. create_script() {
65. cat << 'EOF' > $SCRIPT2
66. #!/bin/sh
67. #set -x # comment/uncomment to disable/enable debug mode
68. {
69. $SCRIPT1
70. } 2>&1 | logger -t $(basename $0)[$$]
71. EOF
72. [ ${DEBUG+x} ] && sed -ri '2 s/^#(set -x)/\1/' $SCRIPT2
73. sed "s:\$SCRIPT1:$SCRIPT1:g" -i $SCRIPT2
74. chmod +x $SCRIPT2
75. }
76.  
77. if [ -f $SCRIPT2 ]; then
78.     echo "error: $SCRIPT2 already exists; requires manual installation"
79. else
80.     create_script
81.     echo "installed: $SCRIPT2"
82. fi
83. # ---------------------------- end openvpn-event ----------------------------- #