Merge pull request #116 from YunoHost-Apps/openvpn-reload-nat

Reload only NAT rule when OpenVPN is up / down

README.md

@@ -20,7 +20,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
 * Combine with the [VPN Client app](https://github.com/labriqueinternet/vpnclient_ynh) to obtain a VPN-protected WiFi
 
 
-**Shipped version:** 2.2.0~ynh1
+**Shipped version:** 2.2.1~ynh1
 
 ## Screenshots
 
@@ -29,6 +29,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
 ## Documentation and resources
 
 * Official app website: <https://internetcu.be/>
+* YunoHost Store: <https://apps.yunohost.org/app/hotspot>
 * Report a bug: <https://github.com/YunoHost-Apps/hotspot_ynh/issues>
 
 ## Developer info

README_fr.md

@@ -20,7 +20,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
 * À combiner avec l'[app VPN Client](https://github.com/labriqueinternet/vpnclient_ynh) pour obtenir un accès internet aumatiquement protégé par votre VPN
 
 
-**Version incluse :** 2.2.0~ynh1
+**Version incluse :** 2.2.1~ynh1
 
 ## Captures d’écran
 
@@ -29,6 +29,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
 ## Documentations et ressources
 
 * Site officiel de l’app : <https://internetcu.be/>
+* YunoHost Store: <https://apps.yunohost.org/app/hotspot>
 * Signaler un bug : <https://github.com/YunoHost-Apps/hotspot_ynh/issues>
 
 ## Informations pour les développeurs

conf/openvpn_90-hotspot

@@ -1,3 +1,31 @@
 #!/bin/bash
 
-systemctl restart __SERVICE_NAME__
+is_nat_set() {
+  local gateway_interface=${1}
+  iptables -w -nvt nat -L POSTROUTING | grep MASQUERADE | grep -q "${gateway_interface}"
+}
+
+unset_nat() {
+  local gateway_interface=${1}
+  iptables -w -t nat -D POSTROUTING -o "${gateway_interface}" -j MASQUERADE
+}
+
+set_nat() {
+  local gateway_interface=${1}
+  iptables -w -t nat -A POSTROUTING -o "${gateway_interface}" -j MASQUERADE
+}
+
+if systemctl -q is-active __SERVICE_NAME__; then
+  old_gateway_interface=$(yunohost app setting __APP__ gateway_interface)
+  new_gateway_interface=$(ip route get 1.2.3.4 | awk '{ print $5; }')
+
+  if [[ -n "$old_gateway_interface" ]] && [[ "$old_gateway_interface" != "$new_gateway_interface" ]] && is_nat_set "$old_gateway_interface"; then
+    unset_nat "${old_gateway_interface}"
+  fi
+
+  if [[ -n "$new_gateway_interface" ]] && ! is_nat_set $new_gateway_interface; then
+    set_nat "${new_gateway_interface}"
+  fi
+
+  yunohost app setting __APP__ gateway_interface --value "${new_gateway_interface}"
+fi

conf/ynh-hotspot

@@ -258,7 +258,7 @@ start)
         exit 1
     fi
 
-    echo "[hotspot] Starting..."
+    echo "[$app] Starting..."
     touch /tmp/.${service_name}-started
 
     # Check old state of the ipv4 NAT settings
@@ -295,13 +295,13 @@ start)
     start_dhcpd
 
     # Update dynamic settings
-    ynh_app_setting_set hotspot gateway_interface "${new_gateway_interface}"
+    ynh_app_setting_set --app=$app --key=gateway_interface --value="${new_gateway_interface}"
 
     # Regen-conf dnsmasq to enable dns resolution on dnsmasq for the new interface
     yunohost tools regen-conf dnsmasq
     ;;
 stop)
-    echo "[hotspot] Stopping..."
+    echo "[$app] Stopping..."
     rm -f /tmp/.${service_name}-started
 
     if ! is_other_hostapd_running; then