kevcjones-archived · December 20, 2015 07:49
diff --git a/ssid_vpn b/ssid_vpn
 #!/bin/sh
 ####### Interface Specific Settings #######
 WRLSS_IF=wl0.1                   # Name of the wireless interface that will be used.
 WRLSS_IF_NTWK_ADDR=192.168.2.0   # Network address that the wireless interface will be on.
 WRLSS_IF_INET_ADDR=192.168.2.1   # IP address that will be assigned to the wireless interface.
 WRLSS_IF_NETMASK=255.255.255.0   # Netmask of the wireless network to be added.
 TUN_IF=tun11                     # Name of tunnel interface.
 ########## DHCP Specific Settings ###########
 DHCP_OPT1=3                      # dnsmasq option to specify router.
 LS_TIME=86400s                   # Duration of the dhcp leases.
 LS_START=192.168.2.100           # Start address of leases. This needs to be within the same network as above.
 LS_END=192.168.2.120             # End address of leases. This needs to be within the same network as above.
 ######## Hide SSID of Guest Network ########
 HIDE_SSID=0                      # This option is to hide the SSID of a guest network if a guest network is used. Input 1 to hide and 0 to make it visible.

 ############## Tunnel Module ##############
 if [ `lsmod | grep -c tun` == 0 ]; then    # This works with Openvpn using a tun interface.
 	insmod tun
 	sleep 1
 fi
 ####### Standalone Openvpn Specific #######
 if [ ! -n "`pidof openvpn`" ]; then
 	cd /jffs/configs     # Change to directory of your openvpn configuration.
 	openvpn --config ./hma.conf     # Change to name of openvpn configuration.
 fi
 	sleep 1

 ##########################################################################################################
 ##########################################################################################################                
 ########################################## DHCP Server ###################################################

 if [ `cat /etc/dnsmasq.conf | grep -c $WRLSS_IF` == 0 ]; then
 	killall dnsmasq
 	sleep 2
 	echo "interface=$WRLSS_IF" >> /etc/dnsmasq.conf
 	echo "dhcp-range=$WRLSS_IF,$LS_START,$LS_END,$WRLSS_IF_NETMASK,$LS_TIME" >> /etc/dnsmasq.conf
 	echo "dhcp-option=$WRLSS_IF,$DHCP_OPT1,$WRLSS_IF_INET_ADDR" >> /etc/dnsmasq.conf
 	dnsmasq --log-async
 fi
 sleep 2
 ### Check to see if tun interface is available ###
 while [ ! -n "`ifconfig | grep $TUN_IF`" ]; do
 	sleep 1
 done
 ############################################ IP ROUTING ##################################################

 ifconfig $WRLSS_IF $WRLSS_IF_INET_ADDR netmask $WRLSS_IF_NETMASK
 ip route show table main | grep -Ev ^default | while read ROUTE; do 
 ip route add table 10 $ROUTE; 
 done
 #ip route del 0.0.0.0/1 table main          # Uncomment this line if you are not using the route-nopull option. 
 # Many VPN service providers push this route to redirect internet traffic over the tunnel.                                          
 ip route add default dev $TUN_IF table 10    
 ip rule add dev $WRLSS_IF table 10
 ip route flush cache
 ####################################### ETHERNET BRIDGE TABLES RULES #####################################

 EBT_BRULE1="-p ipv4 -i $WRLSS_IF -j DROP"
 EBT_BRULE2="-p arp -i $WRLSS_IF -j DROP"
 if [ -n "$EBT_BRULE1" ] && [ `ebtables -t broute -L | grep -ice "$EBT_BRULE1"` != 1 ]; then
 	ebtables -t broute -I BROUTING $EBT_BRULE1
 fi
 if [ -n "$EBT_BRULE2" ] && [ `ebtables -t broute -L | grep -ice "$EBT_BRULE2"` != 1 ]; then
 	ebtables -t broute -I BROUTING $EBT_BRULE2
 fi
 ############################################ IP TABLES RULES #############################################

 if [ `iptables -L -v | grep -c $WRLSS_IF` == 0 ]; then
 	iptables -I INPUT -i $WRLSS_IF -m state --state NEW -j ACCEPT
 	iptables -I FORWARD -i $WRLSS_IF -o $TUN_IF -j ACCEPT
 fi
 if [ `iptables -t nat -L -v | grep -c $TUN_IF` == 0 ]; then
 	iptables -t nat -I POSTROUTING -s $WRLSS_IF_NTWK_ADDR/24 -o $TUN_IF -j MASQUERADE  # Change /24 to the subnet that you will be using.
 fi
 ############################################### HIDE SSID ################################################

 if [ `nvram get "$WRLSS_IF"_closed` != 1 ] && [ $HIDE_SSID == 1 ]; then
 	nvram set "$WRLSS_IF"_closed=1
 	nvram commit
 fi
 if [ `nvram get "$WRLSS_IF"_closed` != 0 ] && [ $HIDE_SSID == 0 ]; then
 	nvram set "$WRLSS_IF"_closed=0
 	nvram commit
 fi
	#!/bin/sh
	####### Interface Specific Settings #######
	WRLSS_IF=wl0.1 # Name of the wireless interface that will be used.
	WRLSS_IF_NTWK_ADDR=192.168.2.0 # Network address that the wireless interface will be on.
	WRLSS_IF_INET_ADDR=192.168.2.1 # IP address that will be assigned to the wireless interface.
	WRLSS_IF_NETMASK=255.255.255.0 # Netmask of the wireless network to be added.
	TUN_IF=tun11 # Name of tunnel interface.
	########## DHCP Specific Settings ###########
	DHCP_OPT1=3 # dnsmasq option to specify router.
	LS_TIME=86400s # Duration of the dhcp leases.
	LS_START=192.168.2.100 # Start address of leases. This needs to be within the same network as above.
	LS_END=192.168.2.120 # End address of leases. This needs to be within the same network as above.
	######## Hide SSID of Guest Network ########
	HIDE_SSID=0 # This option is to hide the SSID of a guest network if a guest network is used. Input 1 to hide and 0 to make it visible.

	############## Tunnel Module ##############
	if [ `lsmod \| grep -c tun` == 0 ]; then # This works with Openvpn using a tun interface.
	insmod tun
	sleep 1
	fi
	####### Standalone Openvpn Specific #######
	if [ ! -n "`pidof openvpn`" ]; then
	cd /jffs/configs # Change to directory of your openvpn configuration.
	openvpn --config ./hma.conf # Change to name of openvpn configuration.
	fi
	sleep 1

	##########################################################################################################
	##########################################################################################################
	########################################## DHCP Server ###################################################

	if [ `cat /etc/dnsmasq.conf \| grep -c $WRLSS_IF` == 0 ]; then
	killall dnsmasq
	sleep 2
	echo "interface=$WRLSS_IF" >> /etc/dnsmasq.conf
	echo "dhcp-range=$WRLSS_IF,$LS_START,$LS_END,$WRLSS_IF_NETMASK,$LS_TIME" >> /etc/dnsmasq.conf
	echo "dhcp-option=$WRLSS_IF,$DHCP_OPT1,$WRLSS_IF_INET_ADDR" >> /etc/dnsmasq.conf
	dnsmasq --log-async
	fi
	sleep 2
	### Check to see if tun interface is available ###
	while [ ! -n "`ifconfig \| grep $TUN_IF`" ]; do
	sleep 1
	done
	############################################ IP ROUTING ##################################################

	ifconfig $WRLSS_IF $WRLSS_IF_INET_ADDR netmask $WRLSS_IF_NETMASK
	ip route show table main \| grep -Ev ^default \| while read ROUTE; do
	ip route add table 10 $ROUTE;
	done
	#ip route del 0.0.0.0/1 table main # Uncomment this line if you are not using the route-nopull option.
	# Many VPN service providers push this route to redirect internet traffic over the tunnel.
	ip route add default dev $TUN_IF table 10
	ip rule add dev $WRLSS_IF table 10
	ip route flush cache
	####################################### ETHERNET BRIDGE TABLES RULES #####################################

	EBT_BRULE1="-p ipv4 -i $WRLSS_IF -j DROP"
	EBT_BRULE2="-p arp -i $WRLSS_IF -j DROP"
	if [ -n "$EBT_BRULE1" ] && [ `ebtables -t broute -L \| grep -ice "$EBT_BRULE1"` != 1 ]; then
	ebtables -t broute -I BROUTING $EBT_BRULE1
	fi
	if [ -n "$EBT_BRULE2" ] && [ `ebtables -t broute -L \| grep -ice "$EBT_BRULE2"` != 1 ]; then
	ebtables -t broute -I BROUTING $EBT_BRULE2
	fi
	############################################ IP TABLES RULES #############################################

	if [ `iptables -L -v \| grep -c $WRLSS_IF` == 0 ]; then
	iptables -I INPUT -i $WRLSS_IF -m state --state NEW -j ACCEPT
	iptables -I FORWARD -i $WRLSS_IF -o $TUN_IF -j ACCEPT
	fi
	if [ `iptables -t nat -L -v \| grep -c $TUN_IF` == 0 ]; then
	iptables -t nat -I POSTROUTING -s $WRLSS_IF_NTWK_ADDR/24 -o $TUN_IF -j MASQUERADE # Change /24 to the subnet that you will be using.
	fi
	############################################### HIDE SSID ################################################

	if [ `nvram get "$WRLSS_IF"_closed` != 1 ] && [ $HIDE_SSID == 1 ]; then
	nvram set "$WRLSS_IF"_closed=1
	nvram commit
	fi
	if [ `nvram get "$WRLSS_IF"_closed` != 0 ] && [ $HIDE_SSID == 0 ]; then
	nvram set "$WRLSS_IF"_closed=0
	nvram commit
	fi