- Add vpn.bash libraries,

- Add rx3_vpn_adm tools.
2025-07-11 18:39:59 +02:00
parent 84d00cfd8b
commit 15678efa10
8 changed files with 429 additions and 7 deletions
--- a/etc/systemd/system/rx3-vpn.service
+++ b/etc/systemd/system/rx3-vpn.service
@@ -0,0 +1,21 @@
+# /etc/systemd/system/rx3-network.service
+[Unit]
+Description=Rx3 Network Service
+Documentation=man:systemd.service(5)
+After=network-online.target
+Wants=network-online.target
+Before=docker.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/sbin/rx3_net_adm start
+ExecStartPost=/usr/local/sbin/rx3_net_adm status
+ExecStop=/usr/local/sbin/rx3_net_adm stop
+ExecStopPost=/usr/local/sbin/rx3_net_adm status
+ExecReload=/usr/local/sbin/rx3_net_adm restart
+RemainAfterExit=yes
+TimeoutStartSec=30s
+TimeoutStopSec=15s
+
+[Install]
+WantedBy=multi-user.target
--- a/usr/local/lib/default.bash
+++ b/usr/local/lib/default.bash
@@ -182,6 +182,46 @@ var_assign()



+#--------------------------------------------------------------------------------------------------------------------------
+# file_lock
+#--------------------------------------------------------------------------------------------------------------------------
+
+file_dir_init()
+{
+    locale  File="$1"
+    locale Owner="$2"
+    locale Group="$3"
+
+
+    if [[ "'$id -u" != "0" ]]
+    then
+        ${LOG} "Can't perform file: [${File}] init as non root user!"
+    else
+        if [ ! -f ${File} ]
+        then
+            dir="$( dirname ${file})"
+
+            if [ ! -d ${dir} ]
+            then
+                ${LOG} "Initializing directory: [${dir}]"
+                
+                mkdir                    ${dir}
+                chmod ug+rwx             ${dir}
+                chown ${Owner}:${Group}  ${dir}
+            fi
+
+            ${LOG} "Initializing file: [${File}]"
+            
+                                        >${File}
+            chmod ug+rw                  ${File}
+            chown ${Owner}:${Group}      ${File}
+    fi
+}
+
+
+
+
+
 #--------------------------------------------------------------------------------------------------------------------------
 # file_lock
 #--------------------------------------------------------------------------------------------------------------------------
--- a/usr/local/lib/dns.bash
+++ b/usr/local/lib/dns.bash
@@ -31,7 +31,7 @@ declare -g  DNS_A_ID_LIST
 declare -Ag DNS_PTR_TAB
 declare -g  DNS_PTR_ID_LIST

-declare -g  DNS_CACHE_FILE="/var/cache/dns.cache"
+declare -g  DNS_CACHE_FILE="/var/cache/network/dns.cache"
 declare -g  DNS_CACHE_LOCK="/var/lock/network/dns.lock"
 #declare -g  DNS_CACHE_LOCK="${DNS_CACHE_FILE}"

@@ -271,3 +271,31 @@ dns_tab_dump()

    echo
 }
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# dns_init
+#--------------------------------------------------------------------------------------------------------------------------
+
+dns_init()
+{
+    file_dir_init ${DNS_CACHE_FILE} root apache
+    file_dir_init ${DNS_CACHE_LOCK} root apache
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# dns_deinit
+#--------------------------------------------------------------------------------------------------------------------------
+
+dns_deinit()
+{
+    :;
+}
+
--- a/usr/local/lib/network.bash
+++ b/usr/local/lib/network.bash
@@ -3,6 +3,8 @@
 if [[ "${NETWORK_BASH}" != "" ]]
 then
    return
+else
+    declare -g NETWORK_BASH=1
 fi


@@ -10,7 +12,6 @@ fi
 # Includes
 #-----------------------------------------------------------------------------------------------------------------------------------

-. /usr/global/lib/default.bash
 . /usr/global/lib/dns.bash


@@ -20,8 +21,6 @@ fi
 # Global Variable
 #-----------------------------------------------------------------------------------------------------------------------------------

-declare -g NETWORK_BASH=1
-
 declare -g  NETWORK_OPENVPN_STATUS

 declare -Ag NETWORK_IP_ROUTE_TAB
@@ -770,7 +769,7 @@ network_dst_address_refresh()
    local    dst_ip_old="$3"
    
    local dst_ip_new
-    local proxy_host="proxy${dst_id}.not.rx3"
+    local proxy_host="proxy${dst_id}.${NETWORK_DST_PROXY_NAME}"
    local proxy_port=8080

    
@@ -1063,6 +1062,36 @@ network_forward_stop()



+#--------------------------------------------------------------------------------------------------------------------------
+# network_init
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_init()
+{
+    dns_init
+
+    file_dir_init ${NETWORK_CONFIG_LOCK} root apache
+    
+    network_table_load
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# network_deinit
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_deinit()
+{
+    dns_deinit
+}
+
+
+
+
+
 #--------------------------------------------------------------------------------------------------------------------------
 # network_start
 #--------------------------------------------------------------------------------------------------------------------------
--- a/usr/local/lib/vpn.bash
+++ b/usr/local/lib/vpn.bash
@@ -0,0 +1,180 @@
+<#!/bin/bash
+
+if [[ "${VPN_BASH}" != "" ]]
+then
+    return
+else
+    declare -g VPN_BASH=1
+fi
+
+
+
+# Includes
+#-----------------------------------------------------------------------------------------------------------------------------------
+
+. /usr/global/lib/network.bash
+
+
+
+
+
+# Global Variable
+#-----------------------------------------------------------------------------------------------------------------------------------
+
+declare -Ag VPN_JOB_TAB
+declare -g  VPN_STATUS_FILE="/var/lib/rx3-vpn.status"
+
+
+
+
+
+if [ ! -v LOG ] || [[ "${LOG}" == "" ]]
+then
+    export LOG=":"
+fi
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# vpn_init
+#--------------------------------------------------------------------------------------------------------------------------
+
+vpn_init()
+{
+    network_init
+
+    file_dir_init ${VPN_STATUS_FILE} root apache
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# vpn_deinit
+#--------------------------------------------------------------------------------------------------------------------------
+
+vpn_deinit()
+{
+    network_deinit
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# vpn_start
+#--------------------------------------------------------------------------------------------------------------------------
+
+vpn_start()
+{
+    local job_id=0
+    local job_nb
+    local dst_id
+    local config_file
+    local mng_port
+
+    
+    for dst_id in ${NETWORK_DST_ID_LIST}
+    do
+        network_dst_tab_get ${dst_id}
+        
+        if [[ "${dst_type}" == "1" ]]
+        then
+            config_file="${VPN_CONFIG_FILE/DEVICE/${dst_device}}"
+            mng_port=$((2330+$(echo ${dev} | sed -e "s/tun//")))
+            
+            tab_assign VPN_JOB_TAB "${dst_id},PId" "0"
+            tab_assign VPN_JOB_TAB "${dst_id},Cmd" "/usr/sbin/openvpn --config ${config_file} --dev ${dst_device} --daemon"
+
+            ${DEBUG} \rm  -f ${config_file} 2>/dev/null
+	    ${DEBUG} sed  -e "s/TARGET-CFG/${dst_config}-client.conf/" -e "s/VPN-DEVICE/${dst_device}/" -e "s/MNG-PORT/${mng_port}/" <${template_file} >${config_file}
+
+            echo >>${LOG_FILE} $(date) "Loading config: VPN[${dst_id}]   Name: [${dst_name}]  Cmd: [${VPN_JOB_TAB["${job_id},Cmd"]}]"
+	    job_id=$(( ${job_id} + 1))
+        fi
+    done
+    
+    job_nb=${job_id}
+
+    
+    # Main Loop
+    
+    while true
+    do
+        while [[ "${job_id}" -lt "${job_nb}" ]]
+        do
+            ${DEBUG} kill -0 ${VPN_JOB_TAB["${job_id},PId"]} 2>/dev/null
+            rc=$?
+
+            if [[ ${VPN_JOB_TAB["${job_id},PId]"]} == 0 ]] || [[ $rc != 0 ]]
+            then
+	        echo >> ${LOG_FILE} $(date) "Restarting Cmd: [${VPN_JOB_TAB["${job_id}",Cmd]}]..."
+
+	        eval ${DEBUG} ${VPN_JOB_TAB["${job_id},Cmd"]}
+            
+	         VPN_JOB_TAB["${job_id},PId"]="$( ps aux | grep "${VPN_JOB_TAB["Cmd,${job_id}"]}" | grep -v grep | head -1 | awk '{print $2}')"
+	        VPN_JOB_TAB["${job_id},Date"]="$(date)"
+  
+	        echo >> ${LOG_FILE} $(date) "PId: [${VPN_JOB_TAB["${job_id},PId"]}]!"
+            fi
+
+            job_id=$(( ${job_id} + 1))
+        done
+        
+	job_id=0
+	>${VPN_STATUS_FILE}
+
+	while [[ ${job_id} -lt ${job_nb} ]]
+        do
+	    echo >>${VPN_STATUS_FILE} "PId: [${VPN_JOB_TAB["${job_id},PId"]}]   Date: [${VPN_JOB_TAB["${job_id},Date"]}]   Cmd: [${VPN_JOB_TAB["${job_id},Date"]}]"
+	    job_id=$(( ${job_id} + 1))
+	done
+
+	job_id=0
+        
+	sleep 30
+
+        network_dst_address_refresh_all
+    done
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# vpn_stop
+#--------------------------------------------------------------------------------------------------------------------------
+
+vpn_stop()
+{
+    echo >> ${LOG_FILE} $(date) "Killing daemon: [$(cat ${PID_FILE})]..."
+    
+    kill -15 $(cat ${PID_FILE})
+
+    while read stat
+    do
+	echo >> ${LOG_FILE} $(date) "Killing VPN: [$stat] [$(echo "$stat" | sed -e 's/PId: \[//' -e 's/\].*//')]..."
+	${DEBUG} kill -15 $(echo "$stat" | sed -e 's/PId: \[//' -e 's/\].*//')
+    done <${VPN_STATUS_FILE}
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# vpn_status
+#--------------------------------------------------------------------------------------------------------------------------
+
+vpn_status()
+{
+    if [ -f ${VPN_STATUS_FILE} ]
+    then
+	cat ${VPN_STATUS_FILE}
+    fi
+}
--- a/usr/local/sbin/rx3_net_adm
+++ b/usr/local/sbin/rx3_net_adm
@@ -141,7 +141,7 @@ address_refresh()
 # Main
 #--------------------------------------------------------------------------------------------------------------------------

-network_tab_load
+network_init

 case "$1" in
    start)
@@ -180,4 +180,6 @@ case "$1" in
 	;;
 esac

+network_deinit
+
 exit $RETVAL
--- a/usr/local/sbin/rx3_vpn_adm
+++ b/usr/local/sbin/rx3_vpn_adm
@@ -0,0 +1,120 @@
+#!/bin/bash
+
+RETVAL=0
+
+#DEBUG=""
+#DEBUG="echo"
+#DEBUG=":"
+
+#LOG=":"
+#LOG="echo"
+
+
+
+# Includes
+#-----------------------------------------------------------------------------------------------------------------------------------
+
+. /usr/local/lib/vpn.bash
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# Start
+#--------------------------------------------------------------------------------------------------------------------------
+
+start()
+{
+    echo "Starting..."
+    
+    if [ -r /var/lock/subsys/rx3-vpn ]
+    then
+        echo "already started"
+        RETVAL=0
+    else
+        vpn_start
+
+	RETVAL=$?
+	[ "$RETVAL" = 0 ] && touch /var/lock/subsys/rx3-vpn
+    fi
+    
+    echo
+}
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# Stop
+#--------------------------------------------------------------------------------------------------------------------------
+
+stop()
+{
+    echo "Stopping..."
+
+    if [ -r /var/lock/subsys/rx3-vpn ]
+    then
+        vpn_stop
+
+        RETVAL=$?
+    else
+        echo "already stopped"
+        RETVAL=0
+    fi
+
+    [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/rx3-vpn
+    
+    echo
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# Status
+#--------------------------------------------------------------------------------------------------------------------------
+
+status()
+{
+    vpn_status
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# Main
+#--------------------------------------------------------------------------------------------------------------------------
+
+vpn_init
+
+case "$1" in
+    start)
+        start
+        ;;
+
+    stop)
+        stop
+        ;;
+
+    restart)
+        stop
+        sleep 1
+        start
+        ;;
+
+    status)
+        status
+        ;;
+
+    *)
+        echo "Usage: $0 {start|stop|restart|status}"
+        RETVAL=1
+	;;
+esac
+
+vpn_deinit
+
+exit $RETVAL
--- a/var/www/cgi-bin/vpn-admin_board.cgi
+++ b/var/www/cgi-bin/vpn-admin_board.cgi
@@ -654,7 +654,7 @@ fi
 # Command Handler
 #--------------------------------------------------------------------------------------------------------------------------

-network_tab_load
+network_init

 #network_tab_dump

@@ -793,3 +793,5 @@ else
        ;;
    esac
 fi
+
+network_deinit