Make VPNs dynamically started/stopped

c117d836 · Stefy Lanza (nextime / spora ) · 54cdafd6 · c117d836 · c117d836 · c117d836
Commit c117d836 authored Jul 15, 2021 by Stefy Lanza (nextime / spora )
15 changed files
--- a/nsproxy
+++ b/nsproxy
@@ -26,7 +26,9 @@ localNSport=53
 proxy_addr = '192.168.42.1'
 proxy_ports = { 
      5301: 'tun10',
-      5302: 'tun11'
+      5302: 'tun11',
+      5303: 'tun12',
+      5304: 'tun14'
      }
 # Customize the address and port of the external DNS server
@@ -156,5 +158,6 @@ for proxy in proxy_ports:
   pservers[proxy] = server.DNSServer(resolver, port=pport, address=proxy_addr)
   pservers[proxy].start_thread()
+import time
 while True:
-    pass
+    time.sleep(10)
--- a/rc.local
+++ b/rc.local
@@ -159,5 +159,9 @@ ip6tables  -I FORWARD -i $LLAN -m set --match-set dpiblock_ip6 src -j DROP
 ip6tables  -I FORWARD -i $LLAN -m set --match-set dpiblock_extip6 dst -j DROP
 ip6tables  -I FORWARD -i $LLAN -m set --match-set dpiblock_triplet6 dst,dst,src -j DROP
+# VPN Controller
+# /etc/nexdpi/vpnctrl > /tmp/vpnctrl.log 2>&1 &
+# disown
 exit 0
--- a/usr_local_bin/route_add
+++ b/usr_local_bin/route_add
 #!/bin/bash -x
 table="no"
+isvpn="no"
 case $2 in
   it)
      table="nordvpn.it"
+      isvpn="yes"
      ;;
   us)
      table="nordvpn.us"
+      isvpn="yes"
+      ;;
+   uk)
+      table="nordvpn.uk"
+      isvpn="yes"
+      ;;
+   au)
+      table="nordvpn.au"
+      isvpn="yes"
      ;;
   tor)
      table="tor"
@@ -32,6 +43,9 @@ if [ x"$table" != "no" ] ; then
   else
      ip rule add priority 700 from $1 lookup $table > /dev/null 2>&1 || true
      ipset add ${table}_ip $1 > /dev/null 2>&1 || true
+      if [ x"$isvpn" == x"yes" ] ; then
+         [ x"${3}" == x"sync" ] && /usr/local/bin/vpn_needed ${table} syncup > /dev/null 2>&1 || true
+      fi
   fi
 fi

--- a/usr_local_bin/route_check
+++ b/usr_local_bin/route_check
 #!/bin/bash
 res="no"
-for table in nordvpn.it nordvpn.us rain ; do
+for table in nordvpn.it nordvpn.us nordvpn.au nordvpn.uk rain ; do
   check=`ip rule show lookup $table | grep $1`
   if [ x"$check" != x"" ] ; then
      if [ x"$res" == x"no" ] ; then
@@ -27,6 +27,10 @@ if [ x"$res" == x"nordvpn.it" ] ; then
   echo it
 elif [ x"$res" == x"nordvpn.us" ] ; then
   echo "us"
+elif [ x"$res" == x"nordvpn.uk" ] ; then
+   echo "uk"
+elif [ x"$res" == x"nordvpn.au" ] ; then
+   echo au
 else
   echo $res
 fi
--- a/usr_local_bin/route_remove
+++ b/usr_local_bin/route_remove
 #!/bin/bash
-for table in nordvpn.it nordvpn.us rain; do
+for table in nordvpn.it nordvpn.us nordvpn.au nordvpn.uk rain; do
   ip rule del priority 700 from $1 lookup $table > /dev/null 2>&1  || true
   ipset del ${table}_ip $1 > /dev/null 2>&1 || true
 done

--- a/usr_local_bin/vpn_check
+++ b/usr_local_bin/vpn_check
+#!/bin/bash
+vpnname=$1
+check=`pgrep -f openvpn.*.${vpnname}.conf.*`
+if [ ! -z $check ] ; then
+   echo "UP"
+else
+   echo "DOWN"
+fi
--- a/usr_local_bin/vpn_needed
+++ b/usr_local_bin/vpn_needed
+#!/bin/bash 
+VPN="none"
+[ ! -z "${1}" ] && VPN=$1
+check=$(ipset list ${VPN}_ip 2>/dev/null | tail -n +9 )
+if [ -z "${check}" ] ; then
+   [ x"list" != x"${2}" ] && echo N
+   if [ x"sync" == x"${2}" ] ; then
+      vcheck=$(/usr/local/bin/vpn_check ${VPN})
+      [ x"UP" == x"${vcheck}" ] && /etc/init.d/openvpn stop ${VPN}
+   elif [ x"syncdown" == x"${2}" ] ; then
+      vcheck=$(/usr/local/bin/vpn_check ${VPN})
+      [ x"UP" == x"${vcheck}" ] && /etc/init.d/openvpn stop ${VPN}
+   fi
+else
+   [ x"list" == x"${2}" ] && echo ${check} || echo Y
+   if [ x"sync" == x"${2}" ] ; then
+      vcheck=$(/usr/local/bin/vpn_check ${VPN})  
+      [ x"DOWN" == x"${vcheck}" ] && /etc/init.d/openvpn start ${VPN}
+   elif [ x"syncup" == x"${2}" ] ; then
+      vcheck=$(/usr/local/bin/vpn_check ${VPN})
+      [ x"DOWN" == x"${vcheck}" ] && /etc/init.d/openvpn start ${VPN}
+   fi
+fi
+exit 0
--- a/vpnctrl
+++ b/vpnctrl
+#!/usr/bin/env python3
+from setproctitle import setproctitle
+from shell_cmd import sh
+import time
+setproctitle("vpnctrl")
+TIMEOUT=20
+VPNs=[
+      "nordvpn.it",
+      "nordvpn.us",
+      "nordvpn.uk",
+      "nordvpn.au"
+     ]
+while True:
+   for vpn in VPNs:
+      sh("/usr/local/bin/vpn_needed "+vpn+" sync")
+   time.sleep(TIMEOUT)
--- a/vpndown.sh
+++ b/vpndown.sh
+iptables -t nat -D POSTROUTING -o ${NDPIDEV} -j MASQUERADE
+ip route del default dev ${NDPIDEV} table ${NDPITABLE} || true
+ip rule del from ${ifconfig_local} table ${NDPITABLE} || true
+for IP in $(/usr/local/bin/vpn_needed ${NDPITABLE} list) ; do
+   conntrack -D --src=$IP
+   conntrack -D --dst=$IP
+done
--- a/vpnup.sh
+++ b/vpnup.sh
+ip route add default dev ${NDPIDEV} table ${NDPITABLE}
+iptables -t nat -I POSTROUTING -o ${NDPIDEV} -j MASQUERADE
+ip rule add from ${ifconfig_local} table ${NDPITABLE} || true
+for IP in $(/usr/local/bin/vpn_needed ${NDPITABLE} list) ; do
+   conntrack -D --src=$IP
+   conntrack -D --dst=$IP
+done
--- a/web/public/config.php
+++ b/web/public/config.php
 <?php
-$localnet="192.168.42.";
+$localnet="192.168.1.";
 $fixed=array(
-   "zeiss" => "192.168.42.3",
+   "myws" => "192.168.1.2",
-   "dedalo" => "192.168.42.2",
+);
-   "nas" => "192.168.42.12"
+$vpns=array(
+   "nordvpn.it" => array("but" => "VPN IT", "var" => "it"),
+   "nordvpn.us" => array("but" => "VPN USA", "var" => "us"),
 );
 ?>
--- a/web/public/index.php
+++ b/web/public/index.php
@@ -2,25 +2,6 @@
 include("config.php");
-function activeButton($route, $act) {
-   if($route == $act) {
-      echo "btn-primary";
-   } else {
-      echo "btn-secondary";
-   }
-}
-function hostButtons($ip, $active="no") {
-   ?>
- <div class="btn-group btn-group-sm" role="group" id="<?php echo $ip;?>">
-   <button type="button" data-ip="<?php echo $ip;?>" data-route="no" class="hostbtn btn <?php activeButton("no", $active);?>">NO VPN</button>
-   <button type="button" data-ip="<?php echo $ip;?>" data-route="it" class="hostbtn btn <?php activeButton("it", $active);?>">ITALY VPN</button>
-   <button type="button" data-ip="<?php echo $ip;?>" data-route="us" class="hostbtn btn <?php activeButton("us", $active);?>">US VPN</button>
-   <button type="button" data-ip="<?php echo $ip;?>" data-route="tor" class="hostbtn btn <?php activeButton("us", $active);?>"> -TOR- </button>
-</div>
-   <?php
-}
 ?><html>
 <head>
 <title>Routes Admin Panel</title>
@@ -31,6 +12,20 @@ function hostButtons($ip, $active="no") {
 <body>
 <div id="BASE" data-hash="NOT_INITIALIZED">
+   <div>
+      <h3><b>VPNs:</b></h1>
+   </div>
+   <div id="VPNcontainer">
+     <div>
+        <div class="btn-group btn-group-sm" role="group" id="VPN" >
+<?php
+   foreach($vpns as $vpnname => $vpnvars) {
+      echo "            <button type='button' data-vpn='".$vpnname."' class='btn vpnbtn'>".$vpnvars['but']."</button>\n";
+   }
+?>
+        </div>
+     </div><hr>
+   </div>
   <div>
      <h3><b>DHCP HOSTS:</b></h1>
   </div>
@@ -54,11 +49,21 @@ function addButton(block, ip, name, route) {
 	           $(block).append(
               '<div>'+
               '  <div data-ip="'+ip+'" data-name="'+name+'"><b>'+ip+' - '+name+' </b><br /></div>'+
-               '  <div class="btn-group btn-group-sm" role="group" id="'+ip+'" >' +
+               '  <div class="btn-group btn-group-sm" role="group" id="'+ip+'" >'+ 
-               '     <button type="button" data-ip="'+ip+'" data-route="no" class="hostbtn btn '+activeButton("no", route)+'">NO VPN</button>' +
+               '     <button type="button" data-ip="'+ip+'" data-route="no" class="hostbtn btn '+activeButton("no", route)+'">DEFAULT</button>' +
-               '     <button type="button" data-ip="'+ip+'" data-route="it" class="hostbtn btn '+activeButton("it", route)+'">IT VPN</button>' +
+<?php
-               '     <button type="button" data-ip="'+ip+'" data-route="us" class="hostbtn btn '+activeButton("us", route)+'">US VPN</button>' +
+foreach($vpns as $vpnname => $vpnvars) {
-               '     <button type="button" data-ip="'+ip+'" data-route="tor" class="hostbtn btn '+activeButton("tor", route)+'"> -TOR- </button>' +
+   ?>      '     <button type="button" data-ip="'+ip+'" data-route="<?php
+   echo $vpnvars['var'];
+   ?>" class="hostbtn btn '+activeButton("<?php 
+   echo $vpnvars['var'];
+   ?>", route)+'"><?php
+   echo $vpnvars['but'];
+?></button>' +
+<?php
+}
+?>               '     <button type="button" data-ip="'+ip+'" data-route="tor" class="hostbtn btn '+activeButton("tor", route)+'"> -TOR- </button>' +
               '     <button type="button" data-ip="'+ip+'" data-route="rain" class="hostbtn btn '+activeButton("rain", route)+'"> RAIN </button>' +
               '     <button type="button" data-ip="'+ip+'" data-route="block" class="hostbtn btn '+activeButton("block", route)+'"> BLOCK </button>' +
               '  </div>'+
@@ -94,6 +99,22 @@ function refreshData(data) {
         }
      });
    }
+    $.each(data.vpn, function(vpnname, vpnvars) {
+       if(vpnvars.vpnstatus == 'UP') {
+          $('button[data-vpn="'+vpnname+'"].btn-danger').removeClass('btn-danger');
+          $('button[data-vpn="'+vpnname+'"].btn-danger').removeClass('btn-warning');
+          $('button[data-vpn="'+vpnname+'"]').addClass('btn-success');
+       } else {
+          $('button[data-vpn="'+vpnname+'"].btn-success').removeClass('btn-success');
+          if(vpnvars.vpnneeded == 'Y') {
+             $('button[data-vpn="'+vpnname+'"].btn-danger').removeClass('btn-danger');
+             $('button[data-vpn="'+vpnname+'"]').addClass('btn-warning');
+          } else {
+             $('button[data-vpn="'+vpnname+'"].btn-warning').removeClass('btn-warning');
+             $('button[data-vpn="'+vpnname+'"]').addClass('btn-danger');
+          }
+       }
+    });
 };
 function getData() {
@@ -110,10 +131,20 @@ function sendButton() {
   });
 }
+function sendVPNstop() {
+   var name = $(this).attr('data-vpn');
+   $.ajax('stopvpn.php', {
+      type: 'POST',
+         data: { 'name': name },
+         success: getData
+   });
+}
 $(document).ready(function() {
 	getData();
   $("#DHCP").on('click', '.hostbtn',  sendButton);
   $("#FIXED").on('click', '.hostbtn', sendButton);
+   $("#VPN").on('click', '.vpnbtn', sendVPNstop);
 	setInterval(getData, 2000);
 });
 </script>

--- a/web/public/route.php
+++ b/web/public/route.php
@@ -5,12 +5,21 @@ $hosts=explode("\n", (string)shell_exec("dhcp-lease-list"));
 $DHCPIP=array();
 $FIXEDIP=array();
+$VPN=array();
 $ROUTESTRING="";
 function getRoute($ip) {
   return(str_replace("\n", "", shell_exec("sudo -u root /usr/local/bin/route_check $ip")));  
 }
+function vpnStatus($name) {
+   return(str_replace("\n", "", shell_exec("sudo -u root /usr/local/bin/vpn_check $name")));
+}
+function vpnNeeded($name) {
+   return(str_replace("\n", "", shell_exec("sudo -u root /usr/local/bin/vpn_needed $name")));
+}
 foreach($hosts as $line) {
   $part = explode(" ", $line);
   if(count($part) > 4 && str_starts_with($part[2], $localnet)) {
@@ -33,11 +42,18 @@ foreach($fixed as $host => $ip) {
   $ROUTESTRING.=$route;
 }
+foreach($vpns as $vpnname => $vpnvars) {
+   $vpnvars['vpnstatus'] = vpnStatus($vpnname);
+   $vpnvars['vpnneeded'] = vpnNeeded($vpnname);
+   $VPN[$vpnname] = $vpnvars;
+}
 print(
 json_encode(
   array(
   'fixed' => $FIXEDIP, 
   'dhcp' => $DHCPIP,
+   'vpn' => $VPN,
   'uphash' => hash("sha256", implode("|", array_keys($DHCPIP))."-".implode("|", array_keys($FIXEDIP)).$ROUTESTRING)
   )
 )

--- a/web/public/setroute.php
+++ b/web/public/setroute.php
@@ -4,7 +4,7 @@ include("config.php");
 function getRoute($ip, $route) {
-   return(str_replace("\n", "", shell_exec("sudo -u root /usr/local/bin/route_add $ip $route")));  
+   return(str_replace("\n", "", shell_exec("sudo -u root /usr/local/bin/route_add $ip $route sync")));  
 }
 $ip = $_POST['ip'];
 $route = $_POST['route'];

--- a/web/public/stopvpn.php
+++ b/web/public/stopvpn.php
+<?php
+$name = $_POST['name'];
+shell_exec("sudo -u root /usr/local/bin/vpn_forcestop $name");
+echo "ok";
+?>