init/on-openvpn

gehe zur Dokumentation dieser Datei

#!/bin/sh


. "${IPKG_INSTROOT:-}/usr/lib/opennet/on-helper.sh"


configure_tunnel_network() {
    local uci_prefix=network.on_vpn

    # Abbruch falls das Netzwerk schon vorhanden ist
    [ -n "$(uci_get "$uci_prefix")" ] && return

    # add new network to configuration (to be recognized by olsrd)
    uci set "${uci_prefix}=interface"
    uci set "${uci_prefix}.proto=none"
    uci set "${uci_prefix}.ifname=tun0"

    apply_changes network
}


configure_tunnel_firewall() {
    local uci_prefix
    uci_prefix=$(find_first_uci_section firewall zone "name=$ZONE_TUNNEL")

    # Abbruch falls die Zone bereits vorhanden ist
    [ -n "$(uci_get "$uci_prefix")" ] && return

    # Zone fuer ausgehenden Verkehr definieren
    uci_prefix=firewall.$(uci add firewall zone)
    uci set "${uci_prefix}.name=$ZONE_TUNNEL"
    uci add_list "${uci_prefix}.network=$NETWORK_TUNNEL"
    uci set "${uci_prefix}.forward=REJECT"
    uci set "${uci_prefix}.input=REJECT"
    uci set "${uci_prefix}.output=ACCEPT"
    uci set "${uci_prefix}.masq=1"

    # Weiterleitung aus dem lokalen Netzwerk heraus erlauben
    uci_prefix=firewall.$(uci add firewall forwarding)
    uci set "${uci_prefix}.src=$ZONE_LOCAL"
    uci set "${uci_prefix}.dest=$ZONE_TUNNEL"

    apply_changes firewall
}


configure_tunnel_network
configure_tunnel_firewall