hosting/selfhostblocks
1
0
Fork 0
Code Issues Activity

fix having multiple vpns by using unique routing table numbers

Browse source
This commit is contained in:
ibizaman 2023-10-12 13:37:52 -07:00
parent 2a87816161
commit c369defef6
1 changed files with 57 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
modules/vpn.nix
View file

@ -106,50 +106,95 @@ let
routeUp = name: dependentServices: pkgs.writeShellApplication { routeUp = name: dependentServices: pkgs.writeShellApplication {
name = "routeUp.sh"; name = "routeUp.sh";
runtimeInputs = [ pkgs.iproute2 pkgs.systemd ]; runtimeInputs = [ pkgs.iproute2 pkgs.systemd pkgs.nettools ];
text = '' text = ''
echo "Running route-up..."
echo "dev=''${dev:?}" echo "dev=''${dev:?}"
echo "ifconfig_local=''${ifconfig_local:?}" echo "ifconfig_local=''${ifconfig_local:?}"
echo "route_vpn_gateway=''${route_vpn_gateway:?}" echo "route_vpn_gateway=''${route_vpn_gateway:?}"
set -x
ip rule
ip rule add from "''${ifconfig_local:?}/32" table ${name} ip rule add from "''${ifconfig_local:?}/32" table ${name}
ip rule add to "''${route_vpn_gateway:?}/32" table ${name} ip rule add to "''${route_vpn_gateway:?}/32" table ${name}
ip rule
ip route list table ${name} || :
retVal=$?
if [ $retVal -eq 2 ]; then
echo "table is empty"
elif [ $retVal -ne 0 ]; then
exit 1
fi
ip route add default via "''${route_vpn_gateway:?}" dev "''${dev:?}" table ${name} ip route add default via "''${route_vpn_gateway:?}" dev "''${dev:?}" table ${name}
ip route flush cache ip route flush cache
ip route list table ${name} || :
retVal=$?
if [ $retVal -eq 2 ]; then
echo "table is empty"
elif [ $retVal -ne 0 ]; then
exit 1
fi
echo "''${ifconfig_local:?}" > /run/openvpn/${name}/ifconfig_local echo "''${ifconfig_local:?}" > /run/openvpn/${name}/ifconfig_local
dependencies=(${quoteEach dependentServices}) dependencies=(${quoteEach dependentServices})
for i in "''${dependencies[@]}"; do for i in "''${dependencies[@]}"; do
systemctl restart "$i" systemctl restart "$i" || :
done done
echo "Running route-up DONE"
''; '';
}; };
routeDown = name: dependentServices: pkgs.writeShellApplication { routeDown = name: dependentServices: pkgs.writeShellApplication {
name = "routeDown.sh"; name = "routeDown.sh";
runtimeInputs = [ pkgs.iproute2 pkgs.systemd ]; runtimeInputs = [ pkgs.iproute2 pkgs.systemd pkgs.nettools pkgs.coreutils ];
text = '' text = ''
echo "Running route-down..."
echo "dev=''${dev:?}" echo "dev=''${dev:?}"
echo "ifconfig_local=''${ifconfig_local:?}" echo "ifconfig_local=''${ifconfig_local:?}"
echo "route_vpn_gateway=''${route_vpn_gateway:?}" echo "route_vpn_gateway=''${route_vpn_gateway:?}"
set -x
ip rule
ip rule del from "''${ifconfig_local:?}/32" table ${name} ip rule del from "''${ifconfig_local:?}/32" table ${name}
ip rule del to "''${route_vpn_gateway:?}/32" table ${name} ip rule del to "''${route_vpn_gateway:?}/32" table ${name}
ip rule
ip route del default via "''${route_vpn_gateway:?}" dev "''${dev:?}" table ${name} # This will probably fail because the dev is already gone.
ip route list table ${name} || :
retVal=$?
if [ $retVal -eq 2 ]; then
echo "table is empty"
elif [ $retVal -ne 0 ]; then
exit 1
fi
ip route del default via "''${route_vpn_gateway:?}" dev "''${dev:?}" table ${name} || :
ip route flush cache ip route flush cache
ip route list table ${name} || :
retVal=$?
if [ $retVal -eq 2 ]; then
echo "table is empty"
elif [ $retVal -ne 0 ]; then
exit 1
fi
rm /run/openvpn/${name}/ifconfig_local rm /run/openvpn/${name}/ifconfig_local
dependencies=(${quoteEach dependentServices}) dependencies=(${quoteEach dependentServices})
for i in "''${dependencies[@]}"; do for i in "''${dependencies[@]}"; do
systemctl stop "$i" systemctl stop "$i" || :
done done
echo "Running route-down DONE"
''; '';
}; };
@ -176,6 +221,12 @@ in
example = "tun0"; example = "tun0";
}; };
routingNumber = lib.mkOption {
description = lib.mdDoc "Unique number used to route packets.";
type = lib.types.int;
example = 10;
};
remoteServerIP = lib.mkOption { remoteServerIP = lib.mkOption {
description = lib.mdDoc "IP of the VPN server to connect to."; description = lib.mdDoc "IP of the VPN server to connect to.";
type = lib.types.str; type = lib.types.str;
@ -240,7 +291,7 @@ in
networking.iproute2.enable = true; networking.iproute2.enable = true;
networking.iproute2.rttablesExtraConfig = networking.iproute2.rttablesExtraConfig =
lib.concatStringsSep "\n" (lib.mapAttrsToList (name: c: "10 ${name}") cfg); lib.concatStringsSep "\n" (lib.mapAttrsToList (name: c: "${toString c.routingNumber} ${name}") cfg);
services.tinyproxy = services.tinyproxy =
let let