vpnmanager/device-config/2/bin/heartbeat

137 lines
3.8 KiB
Text
Executable file

# Get IP address on VPN bridge interface through some arcane magic
ipaddr(){
if="${1:-br-VPN360}"
result=$(/sbin/ip -o -4 addr show dev "${if}" 2&>/dev/null | /bin/sed 's/^.*inet // ; s/\/...*$//')
/usr/bin/printf %s "${result}"
}
# Disable (broadcast) WiFi device
stopwifi(){
/sbin/uci set wireless.radio0.disabled=1
/sbin/uci commit
}
# Enable (broadcast) WiFi device
startwifi(){
/sbin/uci set wireless.radio0.disabled=0
/sbin/uci commit
/sbin/wifi
}
# Disable and re-enable (broadcast) WiFi device
restartwifi(){
stopwifi
startwifi
}
# Set power LED brightness
powerled(){
echo $1 > /sys/devices/platform/leds-gpio/leds/gl-ar750:white:power/brightness
}
# Set second LED brightness
led2g(){
echo $1 > /sys/devices/platform/leds-gpio/leds/gl-ar750:white:wlan2g/brightness
}
# Set third LED brightness
led5g(){
echo $1 > /sys/devices/platform/leds-gpio/leds/gl-ar750:white:wlan5g/brightness
}
. /etc/vpnsecret # Source the server authentication secret
# Prepare for default VPN-WiFi bridge
/sbin/uci set network.VPN360.ifname="eth1 tap0"
/sbin/uci set network.DHCP.ifname="lo"
/sbin/uci set wireless.@wifi-iface[0].network="VPN360"
/sbin/uci commit
# Disable WiFi for as long as there is no bridge providing IP addresses
stopwifi
# Turn off all LEDs
powerled 0
led2g 0
led5g 0
# Launch VPN client
/usr/sbin/openvpn /etc/openvpn/client.conf >/var/log/openvpn &
# Try for approx. 1 minute to get an IP from the VPN before falling back to DHCP
counter=0
while [ $counter -lt 60 ]
do
# Retrieve hosts file from server
if /usr/bin/wget -O/etc/hosts https://$HOSTNAME/hosts --timeout=2 --post-data "secret=$SECRET" --no-check-certificate >/var/log/wget 2>&1
then
if grep -Fq "No VPN" /etc/hosts;
then
break
fi
if pgrep "openvpn" >/dev/null
then
if [ $(ipaddr) ] # = If connection to the server is working
then
# Turn on LEDs indicating boot completion and connection success
powerled 1
led5g 1
# Enable WiFi as the VPN bridge is now functional
startwifi
# Send a heartbeat to the server every 10 seconds
# This is also used to transfer commands from the server to the device
while [ True ]
do
/bin/sleep 10
# Let's hope there is an IP address on the VPN interface
# If not, this might be a temporary issue (lost network connection or lease expiration)
# We assume that users will reboot the device if it doesn't work for extended periods of time
if [ $(ipaddr) ]
then
/usr/bin/wget -O- https://$HOSTNAME/heartbeat --post-data "secret=$SECRET&ip=$(ipaddr)" --no-check-certificate 2>/var/log/wget | /bin/ash
fi
done
fi
else
# Launch VPN client if not running
/usr/sbin/openvpn /etc/openvpn/client.conf >/var/log/openvpn &
fi
fi
counter=$(( counter + 1 ))
powerled $(( counter % 2 ))
/bin/sleep 1 # Wait for a second before re-trying
done
# We should only ever get to this point if no VPN connection was established within a minute
# Switch WiFi device to the DHCP bridge
/sbin/uci set network.VPN360.ifname="tap0"
/sbin/uci set network.DHCP.ifname="eth1"
/sbin/uci set wireless.@wifi-iface[0].network="DHCP"
/sbin/uci commit
# Turn on LEDs indicating connection failure and DHCP fallback
powerled 1
led2g 1
# Start WiFi device now bridged to the DHCP and assign server IP
startwifi
/sbin/ip a add 192.168.36.1/24 dev br-DHCP
/sbin/ifconfig br-DHCP down
/sbin/ifconfig br-DHCP up
# Send a heartbeat to the server every 10 seconds
# This is also used to transfer commands from the server to the device
while [ True ]
do
sleep 10
/usr/bin/wget -O- https://$HOSTNAME/heartbeat --post-data "secret=$SECRET" --no-check-certificate 2>/var/log/wget | /bin/ash
done