ssinyagin · May 5, 2018 19:15
diff --git a/wan_bachup_via_lte.sh b/wan_bachup_via_lte.sh
 ### WAN backup routing via LTE ###

 # A Linux device, such as PC Engines APU, can be equipped with an LTE modem, but 
 # sometimes it's desirable to use the mobile connection only if the wired 
 # connection is unavailable.

 # The following scenario is for Debian 9 on an APU box, but it's also 
 # applicable to any other Linux device.

 # The DHCP client is tweaked to ignore the DNS server addresses that are 
 # coming with  DCHP offer. Otherwise, the LTE provider may provide DNS addresses 
 # that are not usable via the ethernet WAN link.

 # The "ifmetric" package allows setting metrics in interface definitions 
 # in Debian. This way we can have two default routes with a preferred metric 
 # over LAN interface. The default route with lower metric is chosen for 
 # outbound traffic.

 # The watchdog process checks availability of a well-known public IP address 
 # over each of the uplinks, and shuts down and brings up again the corresponding 
 # interface. It only protects from next-hop failures. If you want to protect 
 # from failures in the whole WAN service, you need to increase the Ethernet port
 # metric if it fails, and then start checking the connectivity, and lower the
 # metric when it's stable again.

 # Also the second NIC on the box is configured to provide DHCP address
 # and to NAT all outbound traffic.


 # enable IP routing
 cat >/etc/sysctl.d/local.conf <<'EOT'
 net.ipv4.ip_forward=1
 net.ipv6.conf.all.forwarding=1
 EOT

 apt-get update && apt-get install -y ifmetric iptables-persistent  

 # configure two uplinks with corresponding metrics  
 # The LTE modem setup scripts are taken from  
 # https://github.com/ssinyagin/wwan_udev_rules/blob/master/Huawei_ME909s-120.sh 

 cat >/etc/network/interfaces <<'EOT'
 source /etc/network/interfaces.d/*
 auto lo
 iface lo inet loopback
 EOT

 # Primary Ethernet uplink
 cat >/etc/network/interfaces.d/enp1s0 <<'EOT'
 auto enp1s0
 iface enp1s0 inet dhcp
  metric 10
 EOT

 # Secondary LTE uplink
 cat >/etc/network/interfaces.d/lte0 <<'EOT'
 allow-hotplug lte0
 iface lte0 inet dhcp
  metric 20  
  pre-up /usr/sbin/chat -v -f /etc/chatscripts/sunrise.HUAWEI >/dev/ttyWWAN02 </dev/ttyWWAN02
  post-down /usr/sbin/chat -v -f /etc/chatscripts/gsm_off.HUAWEI >/dev/ttyWWAN02 </dev/ttyWWAN02
 EOT

 # This prevents dhclient from updating /etc/resolver.conf
 cat >/etc/dhcp/dhclient-enter-hooks.d/nodnsupdate <<'EOT'
 make_resolv_conf() {
 : 
 }
 EOT

 # Public DNS resolvers
 cat >/etc/resolv.conf <<'EOT'
 nameserver 8.8.8.8
 nameserver 1.1.1.1
 EOT


 # LAN port providing DHCP, DNS, and default route
 cat >/etc/network/interfaces.d/enp2s0 <<'EOT'
 auto enp2s0
 iface enp2s0 inet static
  address 172.30.30.1
  netmask 255.255.255.0
 EOT

 cat >/etc/dnsmasq.d/enp2s0 <<'EOT'
 dhcp-range=172.30.30.50,172.30.30.150,1h
 EOT

 # NAT rules for outbound traffic
 iptables -t nat -F POSTROUTING
 iptables -t nat -A POSTROUTING -o lte0 -j MASQUERADE
 iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE
 iptables-save >/etc/iptables/rules.v4 


 ### Watchdog script ###

 apt-get install -y fping

 echo 'DEVS="enp1s0 lte0"' >/usr/local/etc/wireless_watchdog

 cat >/usr/local/sbin/wireless_watchdog <<'EOT'
 #!/bin/sh

 LOGFILE=/var/log/wireless_watchdog
 . /usr/local/etc/wireless_watchdog
 if [ x"$DEVS" = x ]; then
    echo missing DEVS variable 1>&2
    exit 1
 fi

 for dev in ${DEVS}; do
  if ! fping -I ${dev} -q 8.8.8.8 ; then
    logger -p user.notice -t wireless_watchdog \
           Internet is unreachable on ${dev}, restarting ${dev}
    date >>$LOGFILE
    echo restarting ${dev} >>$LOGFILE
    /sbin/ifdown ${dev} >>$LOGFILE 2>&1
    sleep 5
    /sbin/ifup ${dev} >>$LOGFILE 2>&1
  fi
 done
 EOT

 chmod u+x /usr/local/sbin/wireless_watchdog

 cat >/etc/cron.d/wireless_watchdog <<'EOT'
 */2 * * * * root /usr/local/sbin/wireless_watchdog
 EOT

 cat >/etc/logrotate.d/wireless_watchdog <<'EOT'
 /var/log/wireless_watchdog {
  rotate 6
  monthly
  compress
  missingok
  notifempty
 }
 EOT
	### WAN backup routing via LTE ###

	# A Linux device, such as PC Engines APU, can be equipped with an LTE modem, but
	# sometimes it's desirable to use the mobile connection only if the wired
	# connection is unavailable.

	# The following scenario is for Debian 9 on an APU box, but it's also
	# applicable to any other Linux device.

	# The DHCP client is tweaked to ignore the DNS server addresses that are
	# coming with DCHP offer. Otherwise, the LTE provider may provide DNS addresses
	# that are not usable via the ethernet WAN link.

	# The "ifmetric" package allows setting metrics in interface definitions
	# in Debian. This way we can have two default routes with a preferred metric
	# over LAN interface. The default route with lower metric is chosen for
	# outbound traffic.

	# The watchdog process checks availability of a well-known public IP address
	# over each of the uplinks, and shuts down and brings up again the corresponding
	# interface. It only protects from next-hop failures. If you want to protect
	# from failures in the whole WAN service, you need to increase the Ethernet port
	# metric if it fails, and then start checking the connectivity, and lower the
	# metric when it's stable again.

	# Also the second NIC on the box is configured to provide DHCP address
	# and to NAT all outbound traffic.


	# enable IP routing
	cat >/etc/sysctl.d/local.conf <<'EOT'
	net.ipv4.ip_forward=1
	net.ipv6.conf.all.forwarding=1
	EOT

	apt-get update && apt-get install -y ifmetric iptables-persistent

	# configure two uplinks with corresponding metrics
	# The LTE modem setup scripts are taken from
	# https://github.com/ssinyagin/wwan_udev_rules/blob/master/Huawei_ME909s-120.sh

	cat >/etc/network/interfaces <<'EOT'
	source /etc/network/interfaces.d/*
	auto lo
	iface lo inet loopback
	EOT

	# Primary Ethernet uplink
	cat >/etc/network/interfaces.d/enp1s0 <<'EOT'
	auto enp1s0
	iface enp1s0 inet dhcp
	metric 10
	EOT

	# Secondary LTE uplink
	cat >/etc/network/interfaces.d/lte0 <<'EOT'
	allow-hotplug lte0
	iface lte0 inet dhcp
	metric 20
	pre-up /usr/sbin/chat -v -f /etc/chatscripts/sunrise.HUAWEI >/dev/ttyWWAN02 </dev/ttyWWAN02
	post-down /usr/sbin/chat -v -f /etc/chatscripts/gsm_off.HUAWEI >/dev/ttyWWAN02 </dev/ttyWWAN02
	EOT

	# This prevents dhclient from updating /etc/resolver.conf
	cat >/etc/dhcp/dhclient-enter-hooks.d/nodnsupdate <<'EOT'
	make_resolv_conf() {
	:
	}
	EOT

	# Public DNS resolvers
	cat >/etc/resolv.conf <<'EOT'
	nameserver 8.8.8.8
	nameserver 1.1.1.1
	EOT


	# LAN port providing DHCP, DNS, and default route
	cat >/etc/network/interfaces.d/enp2s0 <<'EOT'
	auto enp2s0
	iface enp2s0 inet static
	address 172.30.30.1
	netmask 255.255.255.0
	EOT

	cat >/etc/dnsmasq.d/enp2s0 <<'EOT'
	dhcp-range=172.30.30.50,172.30.30.150,1h
	EOT

	# NAT rules for outbound traffic
	iptables -t nat -F POSTROUTING
	iptables -t nat -A POSTROUTING -o lte0 -j MASQUERADE
	iptables -t nat -A POSTROUTING -o enp1s0 -j MASQUERADE
	iptables-save >/etc/iptables/rules.v4


	### Watchdog script ###

	apt-get install -y fping

	echo 'DEVS="enp1s0 lte0"' >/usr/local/etc/wireless_watchdog

	cat >/usr/local/sbin/wireless_watchdog <<'EOT'
	#!/bin/sh

	LOGFILE=/var/log/wireless_watchdog
	. /usr/local/etc/wireless_watchdog
	if [ x"$DEVS" = x ]; then
	echo missing DEVS variable 1>&2
	exit 1
	fi

	for dev in ${DEVS}; do
	if ! fping -I ${dev} -q 8.8.8.8 ; then
	logger -p user.notice -t wireless_watchdog \
	Internet is unreachable on ${dev}, restarting ${dev}
	date >>$LOGFILE
	echo restarting ${dev} >>$LOGFILE
	/sbin/ifdown ${dev} >>$LOGFILE 2>&1
	sleep 5
	/sbin/ifup ${dev} >>$LOGFILE 2>&1
	fi
	done
	EOT

	chmod u+x /usr/local/sbin/wireless_watchdog

	cat >/etc/cron.d/wireless_watchdog <<'EOT'
	/2 * * * root /usr/local/sbin/wireless_watchdog
	EOT

	cat >/etc/logrotate.d/wireless_watchdog <<'EOT'
	/var/log/wireless_watchdog {
	rotate 6
	monthly
	compress
	missingok
	notifempty
	}
	EOT