Skip to content

Commit

Permalink
Start Script:
Browse files Browse the repository at this point in the history
Bridge Setup: Removed legacy environment variables for bridge properties, use variables from ovpn_env.sh generated by ovpn_genconfig
  • Loading branch information
Salvoxia committed Feb 3, 2023
1 parent 8e6f3cf commit 8054d2b
Showing 1 changed file with 16 additions and 16 deletions.
32 changes: 16 additions & 16 deletions bin/ovpn_run
Original file line number Diff line number Diff line change
Expand Up @@ -71,34 +71,34 @@ if [ $OVPN_DEVICE == "tap" ]; then
ip link set $OVPN_DEVICE$OVPN_DEVICEN up
echo 'Setting up bridge'
# check if bridge already exists; create if not
if [ $(ip link show | grep -c $BR:) -eq 0 ]; then
brctl addbr $BR
if [ $(ip link show | grep -c $OVPN_BR_BR:) -eq 0 ]; then
brctl addbr $OVPN_BR_BR
fi

# check if $ETH_IF is already added to bridge; add if not
if [ $(brctl show $BR | grep -c $ETH_IF) -eq 0 ]; then
brctl addif $BR $ETH_IF
# check if $OVPN_BR_ETH_IF is already added to bridge; add if not
if [ $(brctl show $OVPN_BR_BR | grep -c $OVPN_BR_ETH_IF) -eq 0 ]; then
brctl addif $OVPN_BR_BR $OVPN_BR_ETH_IF
fi

# check if openvpn device is already added to bridge; add if not
if [ $(brctl show $BR | grep -c $OVPN_DEVICE$OVPN_DEVICEN) -eq 0 ]; then
brctl addif $BR $OVPN_DEVICE$OVPN_DEVICEN
if [ $(brctl show $OVPN_BR_BR | grep -c $OVPN_DEVICE$OVPN_DEVICEN) -eq 0 ]; then
brctl addif $OVPN_BR_BR $OVPN_DEVICE$OVPN_DEVICEN
fi

echo 'setting tap device to promiscous mode'
ifconfig $OVPN_DEVICE$OVPN_DEVICEN 0.0.0.0 promisc up
echo 'setting eth device to promiscous mode'
ifconfig $ETH_IF 0.0.0.0 promisc up
ifconfig $OVPN_BR_ETH_IF 0.0.0.0 promisc up
echo 'setting IP, subnet and broadcast address for bridge'
ifconfig $BR $ETH_IP netmask $ETH_NETMASK broadcast $ETH_BROADCAST
ifconfig $OVPN_BR_BR $OVPN_BR_ETH_IP netmask $OVPN_BR_ETH_SUBNET broadcast $OVPN_BR_ETH_BROADCAST

# Add default route if eth is also gateway port
echo 'setting mac address for bridge'
ip link set $BR address $ETH_MAC
ip link set $OVPN_BR_BR address $OVPN_BR_ETH_MAC

echo 'checking if default gateway needs to be added for bridge'
if [ $(route | grep -c -Eo "^default\s+$ETH_GATEWAY.+$BR$") -eq 0 ]; then
route add default gw $ETH_GATEWAY $BR
if [ $(route | grep -c -Eo "^default\s+$OVPN_BR_ETH_GATEWAY.+$OVPN_BR_BR$") -eq 0 ]; then
route add default gw $OVPN_BR_ETH_GATEWAY $OVPN_BR_BR
fi

echo 'setting up IPTABLES'
Expand All @@ -107,11 +107,11 @@ if [ $OVPN_DEVICE == "tap" ]; then

$IPTABLES_CMD -A INPUT -i $OVPN_DEVICE$OVPN_DEVICEN -j ACCEPT
fi
if [ $($IPTABLES_CMD -S | grep -c -- "-A INPUT -i $BR -j ACCEPT") -eq 0 ]; then
$IPTABLES_CMD -A INPUT -i $BR -j ACCEPT
if [ $($IPTABLES_CMD -S | grep -c -- "-A INPUT -i $OVPN_BR_BR -j ACCEPT") -eq 0 ]; then
$IPTABLES_CMD -A INPUT -i $OVPN_BR_BR -j ACCEPT
fi
if [ $($IPTABLES_CMD -S | grep -c -- "-A FORWARD -i $BR -j ACCEPT") -eq 0 ]; then
$IPTABLES_CMD -A FORWARD -i $BR -j ACCEPT
if [ $($IPTABLES_CMD -S | grep -c -- "-A FORWARD -i $OVPN_BR_BR -j ACCEPT") -eq 0 ]; then
$IPTABLES_CMD -A FORWARD -i $OVPN_BR_BR -j ACCEPT
fi
fi

Expand Down

0 comments on commit 8054d2b

Please sign in to comment.