Amna | 4e52b16 | 2024-01-14 21:16:57 -0500 | [diff] [blame] | 1 | #!/bin/sh |
| 2 | |
| 3 | # peer-to-peer tun address |
| 4 | ptp_address="$1" |
| 5 | # TUN interface address |
| 6 | tun_address="$2" |
| 7 | # TUN interface name |
| 8 | tun="$3" |
| 9 | # VPN server address (remote peer public address) |
| 10 | server="$4" |
| 11 | # Check if the peer is a vpn client |
| 12 | [ "$5" = "true" ] && is_client=true || is_client=false |
| 13 | # TUN interface address ipv6 |
| 14 | tun_address_ipv6="$6" |
| 15 | # peer-to-peer tun address ipv6 |
| 16 | ptp_address_ipv6="$7" |
| 17 | |
| 18 | # Function to set up routes |
| 19 | setup_route() { |
| 20 | # Get the gateway address of the default route |
| 21 | gw=$(ip route show default | awk '/default/ {print $3; exit}') |
| 22 | |
| 23 | existing_route=$(ip route show "$server" | awk '/via/ { print $3 }') |
| 24 | echo "existing_route "$existing_route"" |
| 25 | |
| 26 | if [ "$existing_route" = "$gw" ]; then |
| 27 | echo "Route to $server via $gw already exists." |
| 28 | else |
| 29 | ip route del "$server" &> /dev/null |
| 30 | ip route add "$server" via "$gw" metric 50 || echo "Failed to add route to $server via $gw." |
| 31 | echo "Route to $server via $gw added." |
| 32 | fi |
| 33 | |
| 34 | ip route add default dev "$tun" metric 50 |
| 35 | ip -6 route add default dev "$tun" metric 50 |
| 36 | } |
| 37 | |
| 38 | |
| 39 | # Function to set up NAT |
| 40 | setup_nat() { |
| 41 | sysctl -w net.ipv4.ip_forward=1 |
| 42 | # enable ipv6 forwarding |
| 43 | sysctl -w net.ipv6.conf.all.forwarding=1 |
| 44 | public_interface=$(ip route | awk '/default/{print $5}') |
| 45 | |
| 46 | # Check if the NAT rule already exists |
| 47 | iptables -C -t nat -A POSTROUTING -o "$public_interface" -j MASQUERADE || iptables -t nat -A POSTROUTING -o "$public_interface" -j MASQUERADE |
| 48 | |
| 49 | # Allow traffic from the private network to the public network |
| 50 | iptables -A FORWARD -i "$tun" -o "$public_interface" -m state --state RELATED,ESTABLISHED -j ACCEPT |
| 51 | iptables -A FORWARD -i "$public_interface" -o "$tun" -j ACCEPT |
| 52 | |
| 53 | public_interface_ipv6=$(ip -6 route | awk '/default/{print $5}') |
| 54 | |
| 55 | # Check if the default interface ipv6 is the same as the default interface ipv4 |
| 56 | if [ -n "$public_interface_ipv6" ] && [ "$public_interface" != "$public_interface_ipv6" ]; then |
| 57 | # Check if the NAT rule already exists |
| 58 | iptables -C -t nat -A POSTROUTING -o "$public_interface_ipv6" -j MASQUERADE || iptables -t nat -A POSTROUTING -o "$public_interface_ipv6" -j MASQUERADE |
| 59 | |
| 60 | # Allow traffic from the private network to the public network |
| 61 | iptables -A FORWARD -i "$tun" -o "$public_interface_ipv6" -m state --state RELATED,ESTABLISHED -j ACCEPT |
| 62 | iptables -A FORWARD -i "$public_interface_ipv6" -o "$tun" -j ACCEPT |
| 63 | fi |
| 64 | } |
| 65 | |
| 66 | # Configure TUN interface IP address, mask, and peer-to-peer address |
| 67 | ip -6 addr add "$tun_address_ipv6" remote "$ptp_address_ipv6" dev "$tun" |
| 68 | ip addr add "$tun_address" remote "$ptp_address" dev "$tun" |
| 69 | |
| 70 | # Bring up the TUN interface |
| 71 | ip link set dev "$tun" up |
| 72 | # Check if TUN interface is up |
| 73 | if ip addr show "$tun"; then |
| 74 | echo "TUN interface $tun is up." |
| 75 | else |
| 76 | echo "TUN interface $tun is not up." |
| 77 | fi |
| 78 | if $is_client; then |
| 79 | # For client: set up routes |
| 80 | setup_route |
| 81 | else |
| 82 | # For server: set up NAT |
| 83 | setup_nat |
| 84 | fi |