137 lines
3.8 KiB
Text
Executable file
137 lines
3.8 KiB
Text
Executable file
# Get IP address on VPN bridge interface through some arcane magic
|
|
ipaddr(){
|
|
if="${1:-br-VPN360}"
|
|
result=$(/sbin/ip -o -4 addr show dev "${if}" 2&>/dev/null | /bin/sed 's/^.*inet // ; s/\/...*$//')
|
|
/usr/bin/printf %s "${result}"
|
|
}
|
|
|
|
# Disable (broadcast) WiFi device
|
|
stopwifi(){
|
|
/sbin/uci set wireless.radio0.disabled=1
|
|
/sbin/uci commit
|
|
}
|
|
|
|
# Enable (broadcast) WiFi device
|
|
startwifi(){
|
|
/sbin/uci set wireless.radio0.disabled=0
|
|
/sbin/uci commit
|
|
/sbin/wifi
|
|
}
|
|
|
|
# Disable and re-enable (broadcast) WiFi device
|
|
restartwifi(){
|
|
stopwifi
|
|
startwifi
|
|
}
|
|
|
|
# Set power LED brightness
|
|
powerled(){
|
|
echo $1 > /sys/devices/platform/leds-gpio/leds/gl-ar750:white:power/brightness
|
|
}
|
|
|
|
# Set second LED brightness
|
|
led2g(){
|
|
echo $1 > /sys/devices/platform/leds-gpio/leds/gl-ar750:white:wlan2g/brightness
|
|
}
|
|
|
|
# Set third LED brightness
|
|
led5g(){
|
|
echo $1 > /sys/devices/platform/leds-gpio/leds/gl-ar750:white:wlan5g/brightness
|
|
}
|
|
|
|
. /etc/vpnsecret # Source the server authentication secret
|
|
|
|
# Prepare for default VPN-WiFi bridge
|
|
/sbin/uci set network.VPN360.ifname="eth1 tap0"
|
|
/sbin/uci set network.DHCP.ifname="lo"
|
|
/sbin/uci set wireless.@wifi-iface[0].network="VPN360"
|
|
/sbin/uci commit
|
|
|
|
# Disable WiFi for as long as there is no bridge providing IP addresses
|
|
stopwifi
|
|
|
|
# Turn off all LEDs
|
|
powerled 0
|
|
led2g 0
|
|
led5g 0
|
|
|
|
# Launch VPN client
|
|
/usr/sbin/openvpn /etc/openvpn/client.conf >/var/log/openvpn &
|
|
|
|
# Try for approx. 1 minute to get an IP from the VPN before falling back to DHCP
|
|
counter=0
|
|
|
|
while [ $counter -lt 60 ]
|
|
do
|
|
# Retrieve hosts file from server
|
|
if /usr/bin/wget -O/etc/hosts https://$HOSTNAME/hosts --timeout=2 --post-data "secret=$SECRET" --no-check-certificate >/var/log/wget 2>&1
|
|
then
|
|
|
|
if grep -Fq "No VPN" /etc/hosts;
|
|
then
|
|
break
|
|
fi
|
|
|
|
if pgrep "openvpn" >/dev/null
|
|
then
|
|
if [ $(ipaddr) ] # = If connection to the server is working
|
|
then
|
|
# Turn on LEDs indicating boot completion and connection success
|
|
powerled 1
|
|
led5g 1
|
|
|
|
# Enable WiFi as the VPN bridge is now functional
|
|
startwifi
|
|
|
|
# Send a heartbeat to the server every 10 seconds
|
|
# This is also used to transfer commands from the server to the device
|
|
while [ True ]
|
|
do
|
|
/bin/sleep 10
|
|
|
|
# Let's hope there is an IP address on the VPN interface
|
|
# If not, this might be a temporary issue (lost network connection or lease expiration)
|
|
# We assume that users will reboot the device if it doesn't work for extended periods of time
|
|
if [ $(ipaddr) ]
|
|
then
|
|
/usr/bin/wget -O- https://$HOSTNAME/heartbeat --post-data "secret=$SECRET&ip=$(ipaddr)" --no-check-certificate 2>/var/log/wget | /bin/ash
|
|
fi
|
|
done
|
|
|
|
fi
|
|
else
|
|
# Launch VPN client if not running
|
|
/usr/sbin/openvpn /etc/openvpn/client.conf >/var/log/openvpn &
|
|
fi
|
|
fi
|
|
counter=$(( counter + 1 ))
|
|
powerled $(( counter % 2 ))
|
|
/bin/sleep 1 # Wait for a second before re-trying
|
|
done
|
|
|
|
# We should only ever get to this point if no VPN connection was established within a minute
|
|
|
|
# Switch WiFi device to the DHCP bridge
|
|
/sbin/uci set network.VPN360.ifname="tap0"
|
|
/sbin/uci set network.DHCP.ifname="eth1"
|
|
/sbin/uci set wireless.@wifi-iface[0].network="DHCP"
|
|
/sbin/uci commit
|
|
|
|
# Turn on LEDs indicating connection failure and DHCP fallback
|
|
powerled 1
|
|
led2g 1
|
|
|
|
# Start WiFi device now bridged to the DHCP and assign server IP
|
|
startwifi
|
|
/sbin/ip a add 192.168.36.1/24 dev br-DHCP
|
|
/sbin/ifconfig br-DHCP down
|
|
/sbin/ifconfig br-DHCP up
|
|
|
|
# Send a heartbeat to the server every 10 seconds
|
|
# This is also used to transfer commands from the server to the device
|
|
while [ True ]
|
|
do
|
|
sleep 10
|
|
/usr/bin/wget -O- https://$HOSTNAME/heartbeat --post-data "secret=$SECRET" --no-check-certificate 2>/var/log/wget | /bin/ash
|
|
done
|
|
|