configure IPv6 only when VPN is up

conf/openvpn_90-hotspot

@@ -1,32 +0,0 @@
-#!/bin/bash
-
-is_nat_set() {
-  local gateway_interface=${1}
-  iptables -w -nvt nat -L POSTROUTING | grep MASQUERADE | grep -q "${gateway_interface}"
-}
-
-unset_nat() {
-  local gateway_interface=${1}
-  iptables -w -t nat -D POSTROUTING -o "${gateway_interface}" -j MASQUERADE
-}
-
-set_nat() {
-  local gateway_interface=${1}
-  iptables -w -t nat -A POSTROUTING -o "${gateway_interface}" -j MASQUERADE
-}
-
-ynh_hotspot_state=$(systemctl is-active __SERVICE_NAME__)
-if [[ "${ynh_hotspot_state}" == "active" || "${ynh_hotspot_state}" == "activating" ]]; then
-  old_gateway_interface=$(yunohost app setting __APP__ gateway_interface)
-  new_gateway_interface=$(ip route get 1.2.3.4 | awk '{ print $5; }')
-
-  if [[ -n "$old_gateway_interface" ]] && [[ "$old_gateway_interface" != "$new_gateway_interface" ]] && is_nat_set "$old_gateway_interface"; then
-    unset_nat "${old_gateway_interface}"
-  fi
-
-  if [[ -n "$new_gateway_interface" ]] && ! is_nat_set $new_gateway_interface; then
-    set_nat "${new_gateway_interface}"
-  fi
-
-  yunohost app setting __APP__ gateway_interface --value "${new_gateway_interface}"
-fi

conf/openvpn_route-down_90-hotspot

@@ -0,0 +1,56 @@
+#!/bin/bash
+
+is_nat_set() {
+  local gateway_interface=${1}
+  iptables -w -nvt nat -L POSTROUTING | grep MASQUERADE | grep -q "${gateway_interface}"
+}
+
+unset_nat() {
+  local gateway_interface=${1}
+  echo "[INFO] hotspot ${wifi_device}: Unset NAT on ${gateway_interface}"
+  iptables -w -t nat -D POSTROUTING -o "${gateway_interface}" -j MASQUERADE
+}
+
+set_nat() {
+  local gateway_interface=${1}
+  echo "[INFO] hotspot ${wifi_device}: Set NAT on ${gateway_interface}"
+  iptables -w -t nat -A POSTROUTING -o "${gateway_interface}" -j MASQUERADE
+}
+
+has_ip6delegatedprefix() {
+  [[ -n "${ip6_net}" ]] && [[ "${ip6_net}" != "none" ]]
+}
+
+is_ip6addr_set() {
+  ip address show dev "${wifi_device}" 2>/dev/null | grep -q "${ip6_addr}/64"
+}
+
+unset_ip6addr() {
+  echo "[INFO] hotspot ${wifi_device}: Unset IPv6 address ${ip6_addr}"
+  ip address delete "${ip6_addr}/64" dev "${wifi_device}"
+}
+
+ynh_hotspot_state=$(systemctl is-active __SERVICE_NAME__)
+if [[ "${ynh_hotspot_state}" == "active" || "${ynh_hotspot_state}" == "activating" ]]; then
+  old_gateway_interface=${dev}
+  new_gateway_interface=$(ip route | awk '/default via/ { print $5; }')
+  
+  ip6_net=$(yunohost app setting __APP__ ip6_net)
+  ip6_addr="${ip6_net}1"
+
+  wifi_device=$(yunohost app setting __APP__ wifi_device)
+
+  if is_nat_set "${old_gateway_interface}"; then
+    unset_nat "${old_gateway_interface}"
+  fi
+
+  if [[ -n "$new_gateway_interface" ]] && ! is_nat_set $new_gateway_interface; then
+    set_nat "${new_gateway_interface}"
+  fi
+
+  if has_ip6delegatedprefix && is_ip6addr_set; then
+    unset_ip6addr
+  fi
+
+  yunohost app setting __APP__ gateway_interface --value "${new_gateway_interface}"
+fi

conf/openvpn_route-up_90-hotspot

@@ -0,0 +1,57 @@
+#!/bin/bash
+
+is_nat_set() {
+  local gateway_interface=${1}
+  iptables -w -nvt nat -L POSTROUTING | grep MASQUERADE | grep -q "${gateway_interface}"
+}
+
+unset_nat() {
+  local gateway_interface=${1}
+  echo "[INFO] hotspot ${wifi_device}: Unset NAT on ${gateway_interface}"
+  iptables -w -t nat -D POSTROUTING -o "${gateway_interface}" -j MASQUERADE
+}
+
+set_nat() {
+  local gateway_interface=${1}
+  echo "[INFO] hotspot ${wifi_device}: Set NAT on ${gateway_interface}"
+  iptables -w -t nat -A POSTROUTING -o "${gateway_interface}" -j MASQUERADE
+}
+
+has_ip6delegatedprefix() {
+  [[ -n "${ip6_net}" ]] && [[ "${ip6_net}" != "none" ]]
+}
+
+is_ip6addr_set() {
+  ip address show dev "${wifi_device}" 2>/dev/null | grep -q "${ip6_addr}/64"
+}
+
+set_ip6addr() {
+  echo "[INFO] hotspot ${wifi_device}: Set IPv6 address ${ip6_addr}"
+  ip address delete "${ip6_addr}/64" dev "${new_gateway_interface}" &>/dev/null
+  ip address add "${ip6_addr}/64" dev "${wifi_device}"
+}
+
+ynh_hotspot_state=$(systemctl is-active __SERVICE_NAME__)
+if [[ "${ynh_hotspot_state}" == "active" || "${ynh_hotspot_state}" == "activating" ]]; then
+  old_gateway_interface=$(ip route | awk '/default via/ { print $5; }')
+  new_gateway_interface=${dev}
+  
+  ip6_net=$(yunohost app setting __APP__ ip6_net)
+  ip6_addr="${ip6_net}1"
+
+  wifi_device=$(yunohost app setting __APP__ wifi_device)
+
+  if [[ -n "$old_gateway_interface" ]] && is_nat_set "$old_gateway_interface"; then
+    unset_nat "${old_gateway_interface}"
+  fi
+
+  if ! is_nat_set $new_gateway_interface; then
+    set_nat "${new_gateway_interface}"
+  fi
+
+  if has_ip6delegatedprefix && ! is_ip6addr_set; then
+    set_ip6addr
+  fi
+
+  yunohost app setting __APP__ gateway_interface --value "${new_gateway_interface}"
+fi

conf/ynh-hotspot

@@ -26,10 +26,6 @@ has_ip6delegatedprefix() {
     [[ -n "${ip6_net}" ]] && [[ "${ip6_net}" != "none" ]]
 }
 
-ip6addrfromdelegatedprefix() {
-    echo "${ip6_net}1"
-}
-
 is_nat_set() {
     local gateway_interface=${1}
     iptables -w -nvt nat -L POSTROUTING | grep MASQUERADE | grep -q "${gateway_interface}"
@@ -40,7 +36,7 @@ is_ip4nataddr_set() {
 }
 
 is_ip6addr_set() {
-    ip address show dev "${wifi_device}" 2>/dev/null | grep -q "$(ip6addrfromdelegatedprefix)/64"
+    ip address show dev "${wifi_device}" 2>/dev/null | grep -q "${ip6_addr}/64"
 }
 
 is_ip6firewall_set() {
@@ -122,10 +118,10 @@ set_ipaddr() {
         ip address add "${ip4_nat_prefix}.1/24" dev "${wifi_device}"
     fi
 
-    if has_ip6delegatedprefix && ! is_ip6addr_set; then
-        echo "hotspot ${wifi_device}: Set IPv6 address"
-        ip address delete "$(ip6addrfromdelegatedprefix)/64" dev tun0 &>/dev/null
-        ip address add "$(ip6addrfromdelegatedprefix)/64" dev "${wifi_device}"
+    if has_ip6delegatedprefix && ! is_ip6addr_set && ip route get 1.2.3.4 | grep -q tun0; then
+        echo "hotspot ${wifi_device}: Set IPv6 address ${ip6_addr}"
+        ip address delete "${ip6_addr}/64" dev tun0 &>/dev/null
+        ip address add "${ip6_addr}/64" dev "${wifi_device}"
     fi
 }
 
@@ -178,8 +174,8 @@ unset_ipaddr() {
     fi
 
     if has_ip6delegatedprefix && is_ip6addr_set; then
-        echo "hotspot ${wifi_device}: Unset IPv6 address"
-        ip address delete "$(ip6addrfromdelegatedprefix)/64" dev "${wifi_device}"
+        echo "hotspot ${wifi_device}: Unset IPv6 address ${ip6_addr}"
+        ip address delete "${ip6_addr}/64" dev "${wifi_device}"
     fi
 }
 
@@ -232,6 +228,7 @@ if [ "$1" != restart ]; then
     ip6_firewall=$(ynh_app_setting_get --app=$app --key=ip6_firewall)
     ip6_dns=$(ynh_app_setting_get --app=$app --key=ip6_dns)
     ip6_net=$(ynh_app_setting_get --app=$app --key=ip6_net)
+    ip6_addr="${ip6_net}1"
     ip4_dns=$(ynh_app_setting_get --app=$app --key=ip4_dns)
     ip4_nat_prefix=$(ynh_app_setting_get --app=$app --key=ip4_nat_prefix)
 
@@ -376,7 +373,7 @@ status)
 
     if has_ip6delegatedprefix; then
         echo "[INFO] hotspot ${wifi_device}: IPv6 delegated prefix found"
-        echo "[INFO] hotspot ${wifi_device}: IPv6 address computed from the delegated prefix: $(ip6addrfromdelegatedprefix)"
+        echo "[INFO] hotspot ${wifi_device}: IPv6 address computed from the delegated prefix: ${ip6_addr}"
 
         if is_ip6addr_set; then
             echo "[ OK ] hotspot ${wifi_device}: IPv6 address set"

scripts/install

@@ -113,8 +113,8 @@ chmod 0755 "/usr/local/bin/$service_name"
 mkdir -pm 0755 /etc/openvpn/scripts
 mkdir -pm 0755 /etc/openvpn/scripts/route-up.d
 mkdir -pm 0755 /etc/openvpn/scripts/route-down.d
-ynh_add_config --template="../conf/openvpn_90-hotspot" --destination="/etc/openvpn/scripts/route-up.d/90-$service_name"
-ynh_add_config --template="../conf/openvpn_90-hotspot" --destination="/etc/openvpn/scripts/route-down.d/90-$service_name"
+ynh_add_config --template="../conf/openvpn_route-up_90-hotspot" --destination="/etc/openvpn/scripts/route-up.d/90-$service_name"
+ynh_add_config --template="../conf/openvpn_route-down_90-hotspot" --destination="/etc/openvpn/scripts/route-down.d/90-$service_name"
 chmod 0755 "/etc/openvpn/scripts/route-up.d/90-${service_name}"
 chmod 0755 "/etc/openvpn/scripts/route-down.d/90-${service_name}"
 

scripts/upgrade

@@ -174,8 +174,8 @@ chmod 0755 "/usr/local/bin/$service_name"
 mkdir -pm 0755 /etc/openvpn/scripts
 mkdir -pm 0755 /etc/openvpn/scripts/route-up.d
 mkdir -pm 0755 /etc/openvpn/scripts/route-down.d
-ynh_add_config --template="../conf/openvpn_90-hotspot" --destination="/etc/openvpn/scripts/route-up.d/90-$service_name"
-ynh_add_config --template="../conf/openvpn_90-hotspot" --destination="/etc/openvpn/scripts/route-down.d/90-$service_name"
+ynh_add_config --template="../conf/openvpn_route-up_90-hotspot" --destination="/etc/openvpn/scripts/route-up.d/90-$service_name"
+ynh_add_config --template="../conf/openvpn_route-down_90-hotspot" --destination="/etc/openvpn/scripts/route-down.d/90-$service_name"
 chmod 0755 "/etc/openvpn/scripts/route-up.d/90-${service_name}"
 chmod 0755 "/etc/openvpn/scripts/route-down.d/90-${service_name}"