From 15678efa10bfa98d44cb05fe9b735cb2306a1e55 Mon Sep 17 00:00:00 2001 From: "Arnaud G. GIBERT" Date: Fri, 11 Jul 2025 18:39:59 +0200 Subject: [PATCH] - Add vpn.bash libraries, - Add rx3_vpn_adm tools. --- etc/systemd/system/rx3-vpn.service | 21 ++++ usr/local/lib/default.bash | 40 +++++++ usr/local/lib/dns.bash | 30 ++++- usr/local/lib/network.bash | 37 +++++- usr/local/lib/vpn.bash | 180 ++++++++++++++++++++++++++++ usr/local/sbin/rx3_net_adm | 4 +- usr/local/sbin/rx3_vpn_adm | 120 +++++++++++++++++++ var/www/cgi-bin/vpn-admin_board.cgi | 4 +- 8 files changed, 429 insertions(+), 7 deletions(-) create mode 100644 etc/systemd/system/rx3-vpn.service create mode 100644 usr/local/lib/vpn.bash create mode 100755 usr/local/sbin/rx3_vpn_adm diff --git a/etc/systemd/system/rx3-vpn.service b/etc/systemd/system/rx3-vpn.service new file mode 100644 index 0000000..4eb97bf --- /dev/null +++ b/etc/systemd/system/rx3-vpn.service @@ -0,0 +1,21 @@ +# /etc/systemd/system/rx3-network.service +[Unit] +Description=Rx3 Network Service +Documentation=man:systemd.service(5) +After=network-online.target +Wants=network-online.target +Before=docker.service + +[Service] +Type=oneshot +ExecStart=/usr/local/sbin/rx3_net_adm start +ExecStartPost=/usr/local/sbin/rx3_net_adm status +ExecStop=/usr/local/sbin/rx3_net_adm stop +ExecStopPost=/usr/local/sbin/rx3_net_adm status +ExecReload=/usr/local/sbin/rx3_net_adm restart +RemainAfterExit=yes +TimeoutStartSec=30s +TimeoutStopSec=15s + +[Install] +WantedBy=multi-user.target diff --git a/usr/local/lib/default.bash b/usr/local/lib/default.bash index 3eb2ad1..30c0279 100644 --- a/usr/local/lib/default.bash +++ b/usr/local/lib/default.bash @@ -182,6 +182,46 @@ var_assign() +#-------------------------------------------------------------------------------------------------------------------------- +# file_lock +#-------------------------------------------------------------------------------------------------------------------------- + +file_dir_init() +{ + locale File="$1" + locale Owner="$2" + locale Group="$3" + + + if [[ "'$id -u" != "0" ]] + then + ${LOG} "Can't perform file: [${File}] init as non root user!" + else + if [ ! -f ${File} ] + then + dir="$( dirname ${file})" + + if [ ! -d ${dir} ] + then + ${LOG} "Initializing directory: [${dir}]" + + mkdir ${dir} + chmod ug+rwx ${dir} + chown ${Owner}:${Group} ${dir} + fi + + ${LOG} "Initializing file: [${File}]" + + >${File} + chmod ug+rw ${File} + chown ${Owner}:${Group} ${File} + fi +} + + + + + #-------------------------------------------------------------------------------------------------------------------------- # file_lock #-------------------------------------------------------------------------------------------------------------------------- diff --git a/usr/local/lib/dns.bash b/usr/local/lib/dns.bash index 318225c..11fcbf3 100644 --- a/usr/local/lib/dns.bash +++ b/usr/local/lib/dns.bash @@ -31,7 +31,7 @@ declare -g DNS_A_ID_LIST declare -Ag DNS_PTR_TAB declare -g DNS_PTR_ID_LIST -declare -g DNS_CACHE_FILE="/var/cache/dns.cache" +declare -g DNS_CACHE_FILE="/var/cache/network/dns.cache" declare -g DNS_CACHE_LOCK="/var/lock/network/dns.lock" #declare -g DNS_CACHE_LOCK="${DNS_CACHE_FILE}" @@ -271,3 +271,31 @@ dns_tab_dump() echo } + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# dns_init +#-------------------------------------------------------------------------------------------------------------------------- + +dns_init() +{ + file_dir_init ${DNS_CACHE_FILE} root apache + file_dir_init ${DNS_CACHE_LOCK} root apache +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# dns_deinit +#-------------------------------------------------------------------------------------------------------------------------- + +dns_deinit() +{ + :; +} + diff --git a/usr/local/lib/network.bash b/usr/local/lib/network.bash index 8f6da39..9aaf239 100644 --- a/usr/local/lib/network.bash +++ b/usr/local/lib/network.bash @@ -3,6 +3,8 @@ if [[ "${NETWORK_BASH}" != "" ]] then return +else + declare -g NETWORK_BASH=1 fi @@ -10,7 +12,6 @@ fi # Includes #----------------------------------------------------------------------------------------------------------------------------------- -. /usr/global/lib/default.bash . /usr/global/lib/dns.bash @@ -20,8 +21,6 @@ fi # Global Variable #----------------------------------------------------------------------------------------------------------------------------------- -declare -g NETWORK_BASH=1 - declare -g NETWORK_OPENVPN_STATUS declare -Ag NETWORK_IP_ROUTE_TAB @@ -770,7 +769,7 @@ network_dst_address_refresh() local dst_ip_old="$3" local dst_ip_new - local proxy_host="proxy${dst_id}.not.rx3" + local proxy_host="proxy${dst_id}.${NETWORK_DST_PROXY_NAME}" local proxy_port=8080 @@ -1063,6 +1062,36 @@ network_forward_stop() +#-------------------------------------------------------------------------------------------------------------------------- +# network_init +#-------------------------------------------------------------------------------------------------------------------------- + +network_init() +{ + dns_init + + file_dir_init ${NETWORK_CONFIG_LOCK} root apache + + network_table_load +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# network_deinit +#-------------------------------------------------------------------------------------------------------------------------- + +network_deinit() +{ + dns_deinit +} + + + + + #-------------------------------------------------------------------------------------------------------------------------- # network_start #-------------------------------------------------------------------------------------------------------------------------- diff --git a/usr/local/lib/vpn.bash b/usr/local/lib/vpn.bash new file mode 100644 index 0000000..98d8d82 --- /dev/null +++ b/usr/local/lib/vpn.bash @@ -0,0 +1,180 @@ +<#!/bin/bash + +if [[ "${VPN_BASH}" != "" ]] +then + return +else + declare -g VPN_BASH=1 +fi + + + +# Includes +#----------------------------------------------------------------------------------------------------------------------------------- + +. /usr/global/lib/network.bash + + + + + +# Global Variable +#----------------------------------------------------------------------------------------------------------------------------------- + +declare -Ag VPN_JOB_TAB +declare -g VPN_STATUS_FILE="/var/lib/rx3-vpn.status" + + + + + +if [ ! -v LOG ] || [[ "${LOG}" == "" ]] +then + export LOG=":" +fi + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# vpn_init +#-------------------------------------------------------------------------------------------------------------------------- + +vpn_init() +{ + network_init + + file_dir_init ${VPN_STATUS_FILE} root apache +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# vpn_deinit +#-------------------------------------------------------------------------------------------------------------------------- + +vpn_deinit() +{ + network_deinit +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# vpn_start +#-------------------------------------------------------------------------------------------------------------------------- + +vpn_start() +{ + local job_id=0 + local job_nb + local dst_id + local config_file + local mng_port + + + for dst_id in ${NETWORK_DST_ID_LIST} + do + network_dst_tab_get ${dst_id} + + if [[ "${dst_type}" == "1" ]] + then + config_file="${VPN_CONFIG_FILE/DEVICE/${dst_device}}" + mng_port=$((2330+$(echo ${dev} | sed -e "s/tun//"))) + + tab_assign VPN_JOB_TAB "${dst_id},PId" "0" + tab_assign VPN_JOB_TAB "${dst_id},Cmd" "/usr/sbin/openvpn --config ${config_file} --dev ${dst_device} --daemon" + + ${DEBUG} \rm -f ${config_file} 2>/dev/null + ${DEBUG} sed -e "s/TARGET-CFG/${dst_config}-client.conf/" -e "s/VPN-DEVICE/${dst_device}/" -e "s/MNG-PORT/${mng_port}/" <${template_file} >${config_file} + + echo >>${LOG_FILE} $(date) "Loading config: VPN[${dst_id}] Name: [${dst_name}] Cmd: [${VPN_JOB_TAB["${job_id},Cmd"]}]" + job_id=$(( ${job_id} + 1)) + fi + done + + job_nb=${job_id} + + + # Main Loop + + while true + do + while [[ "${job_id}" -lt "${job_nb}" ]] + do + ${DEBUG} kill -0 ${VPN_JOB_TAB["${job_id},PId"]} 2>/dev/null + rc=$? + + if [[ ${VPN_JOB_TAB["${job_id},PId]"]} == 0 ]] || [[ $rc != 0 ]] + then + echo >> ${LOG_FILE} $(date) "Restarting Cmd: [${VPN_JOB_TAB["${job_id}",Cmd]}]..." + + eval ${DEBUG} ${VPN_JOB_TAB["${job_id},Cmd"]} + + VPN_JOB_TAB["${job_id},PId"]="$( ps aux | grep "${VPN_JOB_TAB["Cmd,${job_id}"]}" | grep -v grep | head -1 | awk '{print $2}')" + VPN_JOB_TAB["${job_id},Date"]="$(date)" + + echo >> ${LOG_FILE} $(date) "PId: [${VPN_JOB_TAB["${job_id},PId"]}]!" + fi + + job_id=$(( ${job_id} + 1)) + done + + job_id=0 + >${VPN_STATUS_FILE} + + while [[ ${job_id} -lt ${job_nb} ]] + do + echo >>${VPN_STATUS_FILE} "PId: [${VPN_JOB_TAB["${job_id},PId"]}] Date: [${VPN_JOB_TAB["${job_id},Date"]}] Cmd: [${VPN_JOB_TAB["${job_id},Date"]}]" + job_id=$(( ${job_id} + 1)) + done + + job_id=0 + + sleep 30 + + network_dst_address_refresh_all + done +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# vpn_stop +#-------------------------------------------------------------------------------------------------------------------------- + +vpn_stop() +{ + echo >> ${LOG_FILE} $(date) "Killing daemon: [$(cat ${PID_FILE})]..." + + kill -15 $(cat ${PID_FILE}) + + while read stat + do + echo >> ${LOG_FILE} $(date) "Killing VPN: [$stat] [$(echo "$stat" | sed -e 's/PId: \[//' -e 's/\].*//')]..." + ${DEBUG} kill -15 $(echo "$stat" | sed -e 's/PId: \[//' -e 's/\].*//') + done <${VPN_STATUS_FILE} +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# vpn_status +#-------------------------------------------------------------------------------------------------------------------------- + +vpn_status() +{ + if [ -f ${VPN_STATUS_FILE} ] + then + cat ${VPN_STATUS_FILE} + fi +} diff --git a/usr/local/sbin/rx3_net_adm b/usr/local/sbin/rx3_net_adm index e17dac0..c55e5c9 100755 --- a/usr/local/sbin/rx3_net_adm +++ b/usr/local/sbin/rx3_net_adm @@ -141,7 +141,7 @@ address_refresh() # Main #-------------------------------------------------------------------------------------------------------------------------- -network_tab_load +network_init case "$1" in start) @@ -180,4 +180,6 @@ case "$1" in ;; esac +network_deinit + exit $RETVAL diff --git a/usr/local/sbin/rx3_vpn_adm b/usr/local/sbin/rx3_vpn_adm new file mode 100755 index 0000000..55bc74b --- /dev/null +++ b/usr/local/sbin/rx3_vpn_adm @@ -0,0 +1,120 @@ +#!/bin/bash + +RETVAL=0 + +#DEBUG="" +#DEBUG="echo" +#DEBUG=":" + +#LOG=":" +#LOG="echo" + + + +# Includes +#----------------------------------------------------------------------------------------------------------------------------------- + +. /usr/local/lib/vpn.bash + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# Start +#-------------------------------------------------------------------------------------------------------------------------- + +start() +{ + echo "Starting..." + + if [ -r /var/lock/subsys/rx3-vpn ] + then + echo "already started" + RETVAL=0 + else + vpn_start + + RETVAL=$? + [ "$RETVAL" = 0 ] && touch /var/lock/subsys/rx3-vpn + fi + + echo +} + + + +#-------------------------------------------------------------------------------------------------------------------------- +# Stop +#-------------------------------------------------------------------------------------------------------------------------- + +stop() +{ + echo "Stopping..." + + if [ -r /var/lock/subsys/rx3-vpn ] + then + vpn_stop + + RETVAL=$? + else + echo "already stopped" + RETVAL=0 + fi + + [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/rx3-vpn + + echo +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# Status +#-------------------------------------------------------------------------------------------------------------------------- + +status() +{ + vpn_status +} + + + + + +#-------------------------------------------------------------------------------------------------------------------------- +# Main +#-------------------------------------------------------------------------------------------------------------------------- + +vpn_init + +case "$1" in + start) + start + ;; + + stop) + stop + ;; + + restart) + stop + sleep 1 + start + ;; + + status) + status + ;; + + *) + echo "Usage: $0 {start|stop|restart|status}" + RETVAL=1 + ;; +esac + +vpn_deinit + +exit $RETVAL diff --git a/var/www/cgi-bin/vpn-admin_board.cgi b/var/www/cgi-bin/vpn-admin_board.cgi index 09f6085..1e9bcd1 100755 --- a/var/www/cgi-bin/vpn-admin_board.cgi +++ b/var/www/cgi-bin/vpn-admin_board.cgi @@ -654,7 +654,7 @@ fi # Command Handler #-------------------------------------------------------------------------------------------------------------------------- -network_tab_load +network_init #network_tab_dump @@ -793,3 +793,5 @@ else ;; esac fi + +network_deinit