Browse Source

change hooks priority and remove validate hook

HgO 1 year ago
parent
commit
a4a7126187

conf/scripts/route-down.d/30-unset-firewall → conf/scripts/route-down.d/10-unset-firewall


conf/scripts/route-down.d/30-unset-dns → conf/scripts/route-down.d/20-unset-dns


conf/scripts/route-down.d/20-unset-server-ipv6-route → conf/scripts/route-down.d/30-unset-server-ipv6-route


conf/scripts/route-down.d/20-unset-ipv6 → conf/scripts/route-down.d/40-unset-ipv6


+ 1 - 1
conf/scripts/route-up.d/30-set-firewall

@@ -8,7 +8,7 @@ is_firewall_set() {
 }
 
 if ! is_firewall_set; then
-  bash /etc/yunohost/apps/vpnclient/conf/hook_post-iptables-rules
+  bash /etc/yunohost/apps/vpnclient/conf/hook_post-iptable-rules
   cp /etc/yunohost/apps/vpnclient/conf/hook_post-iptable-rules /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient
 fi
 

conf/scripts/route-up.d/30-set-dns → conf/scripts/route-up.d/20-set-dns


+ 3 - 3
conf/scripts/route-up.d/20-set-server-ipv6-route

@@ -85,6 +85,6 @@ else
   echo "[INFO] No IPv6 server route to set"
 fi
 
-yunohost setting app vpnclient server_ip6 --value "${new_server_ip6}"
-yunohost setting app vpnclient ip6_gw --value "${new_ip6_gw}"
-yunohost setting app vpnclient wired_device --value "${new_wired_device}"
+yunohost app setting vpnclient server_ip6 --value "${new_server_ip6}"
+yunohost app setting vpnclient ip6_gw --value "${new_ip6_gw}"
+yunohost app setting vpnclient wired_device --value "${new_wired_device}"

+ 1 - 1
conf/scripts/route-up.d/20-set-ipv6

@@ -6,7 +6,7 @@ is_ip6addr_set() {
 }
 
 ip6_addr=$(yunohost app setting "vpnclient" "ip6_addr")
-if [[ -n "${ip6_addr}" ]] && [[ "${ip6_addr}" != none ]];
+if [[ -n "${ip6_addr}" ]] && [[ "${ip6_addr}" != none ]]; then
   if ! is_ip6addr_set "${ip6_addr}"; then
     ip address add "${ip6_addr}/64" dev tun0
   fi

+ 0 - 41
conf/scripts/route-up.d/99-validate

@@ -1,41 +0,0 @@
-#!/bin/bash
-
-success() {
-  echo "[ OK ] $1"
-}
-
-info() {
-  echo "[INFO] $1"
-}
-
-warn() {
-  echo "[WARN] $1" >&2
-}
-
-error() {
-  echo "[FAIL] $1" >&2
-}
-
-critical() {
-  echo "[CRIT] $1" >&2
-  exit 1
-}
-
-echo "[INFO] Validating that VPN is up and the server is connected to internet..."
-
-ipv4=$(ping -w3 -c1 ip.yunohost.org  >/dev/null 2>&1 && curl --max-time 5 https://ip.yunohost.org --silent)
-ipv6=$(ping -w3 -c1 ip6.yunohost.org >/dev/null 2>&1 && curl --max-time 5 https://ip6.yunohost.org --silent)
-
-if ip route get 1.2.3.4 | grep -q tun0; then
-  if ping -c1 -w5 debian.org >/dev/null; then
-    echo "[ OK ] YunoHost VPN client started!"
-    echo "[INFO] IPv4 address is $ipv4"
-    echo "[INFO] IPv6 address is $ipv6"
-  else
-    echo "[CRIT] The VPN is up but debian.org cannot be reached, indicating that something is probably misconfigured/blocked." >&2
-    exit 1
-  fi
-else
-  echo "[CRIT] IPv4 routes are misconfigured !?" >&2
-  exit 1
-fi

+ 21 - 3
conf/ynh-vpnclient

@@ -58,7 +58,7 @@ function critical()
 
 cleanup() {
   local last_exit_code="$?"
-  if [[ $last_exit_code -ne 0 ]]; then
+  if [[ "${action}" != "stop" && "${last_exit_code}" -ne 0 ]]; then
     rm -f /tmp/.ynh-vpnclient.started
   fi
 }
@@ -123,7 +123,8 @@ check_config() {
   fi
 }
 
-if [[ "$1" != restart ]]; then
+action=${1}
+if [[ "$action" != restart ]]; then
   # Variables
 
   info "Retrieving Yunohost settings... "
@@ -137,7 +138,7 @@ fi
 # Start / stop / restart / status handling                                        #
 ###################################################################################
 
-case "${1}" in
+case "$action" in
 
   # ########## #
   #  Starting  #
@@ -182,6 +183,23 @@ case "${1}" in
       systemctl stop openvpn@client.service
       critical "Failed to start OpenVPN client : tun0 interface did not show up"
     fi
+
+    info "Validating that VPN is up and the server is connected to internet..."
+
+    ipv4=$(timeout 5 ping -w3 -c1 ip.yunohost.org  >/dev/null 2>&1 && curl --max-time 5 https://ip.yunohost.org --silent)
+    ipv6=$(timeout 5 ping -w3 -c1 ip6.yunohost.org >/dev/null 2>&1 && curl --max-time 5 https://ip6.yunohost.org --silent)
+
+    if ip route get 1.2.3.4 | grep -q tun0; then
+      if timeout 5 ping -c1 -w3 debian.org >/dev/null; then
+        success "YunoHost VPN client started!"
+        info "IPv4 address is $ipv4"
+        info "IPv6 address is $ipv6"
+      else
+        critical "The VPN is up but debian.org cannot be reached, indicating that something is probably misconfigured/blocked."
+      fi
+    else
+      critical "[CRIT] IPv4 routes are misconfigured !?"
+    fi
   ;;
 
   # ########## #

+ 8 - 9
scripts/remove

@@ -69,15 +69,14 @@ ynh_secure_remove /etc/openvpn/client.ovpn
 # Remove openvpn script
 ynh_secure_remove /etc/openvpn/scripts/run-parts.sh
 
-ynh_secure_remove "/etc/openvpn/scripts/route-up.d/20-set-ipv6"
-ynh_secure_remove "/etc/openvpn/scripts/route-up.d/20-set-server-ipv6-route"
-ynh_secure_remove "/etc/openvpn/scripts/route-up.d/30-set-dns"
-ynh_secure_remove "/etc/openvpn/scripts/route-up.d/30-set-firewall"
-ynh_secure_remove "/etc/openvpn/scripts/route-up.d/99-validate"
-ynh_secure_remove "/etc/openvpn/scripts/route-down.d/20-unset-ipv6"
-ynh_secure_remove "/etc/openvpn/scripts/route-down.d/20-unset-server-ipv6-route"
-ynh_secure_remove "/etc/openvpn/scripts/route-down.d/30-unset-dns"
-ynh_secure_remove "/etc/openvpn/scripts/route-down.d/30-unset-firewall"
+ynh_secure_remove "/etc/openvpn/scripts/route-up.d/10-set-firewall"
+ynh_secure_remove "/etc/openvpn/scripts/route-up.d/20-set-dns"
+ynh_secure_remove "/etc/openvpn/scripts/route-up.d/30-set-server-ipv6-route"
+ynh_secure_remove "/etc/openvpn/scripts/route-up.d/40-set-ipv6"
+ynh_secure_remove "/etc/openvpn/scripts/route-down.d/10-unset-firewall"
+ynh_secure_remove "/etc/openvpn/scripts/route-down.d/20-unset-dns"
+ynh_secure_remove "/etc/openvpn/scripts/route-down.d/30-unset-server-ipv6-route"
+ynh_secure_remove "/etc/openvpn/scripts/route-down.d/40-unset-ipv6"
 
 # Remove YunoHost hook
 ynh_secure_remove /etc/yunohost/hooks.d/90-vpnclient.tpl

+ 8 - 9
scripts/restore

@@ -37,15 +37,14 @@ ynh_restore_file --origin_path="/etc/openvpn/client.conf" --not_mandatory
 ynh_restore_file --origin_path="/etc/openvpn/client.cube" --not_mandatory
 ynh_restore_file --origin_path="/etc/openvpn/client.ovpn" --not_mandatory
 
-ynh_restore_file --origin_path="/etc/openvpn/scripts/route-up.d/20-set-ipv6"
-ynh_restore_file --origin_path="/etc/openvpn/scripts/route-up.d/20-set-server-ipv6-route"
-ynh_restore_file --origin_path="/etc/openvpn/scripts/route-up.d/30-set-dns"
-ynh_restore_file --origin_path="/etc/openvpn/scripts/route-up.d/30-set-firewall"
-ynh_restore_file --origin_path="/etc/openvpn/scripts/route-up.d/99-validate"
-ynh_restore_file --origin_path="/etc/openvpn/scripts/route-down.d/20-unset-ipv6"
-ynh_restore_file --origin_path="/etc/openvpn/scripts/route-down.d/20-unset-server-ipv6-route"
-ynh_restore_file --origin_path="/etc/openvpn/scripts/route-down.d/30-unset-dns"
-ynh_restore_file --origin_path="/etc/openvpn/scripts/route-down.d/30-unset-firewall"
+ynh_restore_file --origin_path="/etc/openvpn/scripts/route-up.d/10-set-firewall"
+ynh_restore_file --origin_path="/etc/openvpn/scripts/route-up.d/20-set-dns"
+ynh_restore_file --origin_path="/etc/openvpn/scripts/route-up.d/30-set-server-ipv6-route"
+ynh_restore_file --origin_path="/etc/openvpn/scripts/route-up.d/40-set-ipv6"
+ynh_restore_file --origin_path="/etc/openvpn/scripts/route-down.d/10-unset-firewall"
+ynh_restore_file --origin_path="/etc/openvpn/scripts/route-down.d/20-unset-dns"
+ynh_restore_file --origin_path="/etc/openvpn/scripts/route-down.d/30-unset-server-ipv6-route"
+ynh_restore_file --origin_path="/etc/openvpn/scripts/route-down.d/40-unset-ipv6"
 
 ynh_restore_file --origin_path="/etc/openvpn/keys/"
 ynh_restore_file --origin_path="/etc/openvpn/scripts/run-parts.sh"