Update ocserv.d

AnyConnect/ocserv/ocserv.d

@@ -1,24 +1,55 @@
 #!/bin/bash
+# Autorun whit crontab by MoeClub
 
+
+MyARG=`echo "$1" |sed 's/^\s$//' |sed 's/[a-z]/\u&/g'`
 EthName=`cat /proc/net/dev |grep ':' |cut -d':' -f1 |sed 's/\s//g' |grep -iv '^lo\|^sit\|^stf\|^gif\|^dummy\|^vmnet\|^vir\|^gre\|^ipip\|^ppp\|^bond\|^tun\|^tap\|^ip6gre\|^ip6tnl\|^teql\|^ocserv\|^vpn' |sed -n '1p'`
 [ -n "$EthName" ] || exit 1
 
 MyPath="$(dirname `readlink -f "$0"`)"
 MyConfig="${MyPath}/ocserv.conf"
 [ -f "${MyConfig}" ] || exit 1
+
 MyPort=`cat "${MyConfig}" |grep '#\?tcp-port' |cut -d"=" -f2 |sed 's/\s//g' |grep -o '[0-9]*'`
 MyUDP=`cat "${MyConfig}" |grep '#\?udp-port' |cut -d"=" -f2 |sed 's/\s//g' |grep -o '[0-9]*'`
+MyPublicIP=`wget --no-check-certificate --timeout=3 --no-cache -4 -qO- "http://checkip.amazonaws.com" |grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'`
 
 
-iptables -t nat -A POSTROUTING -o ${EthName} -j MASQUERADE
-[ -n "$MyPort" ] && iptables -I INPUT -p tcp --dport ${MyPort} -j ACCEPT
-[ -n "$MyUDP" ] && iptables -I INPUT -p udp --dport ${MyUDP} -j ACCEPT
-iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+IPTABLES(){
+  RULE_RAW=`echo "$1" |sed 's/^\s*//' |sed 's/\s*$//'`
+  echo "$RULE_RAW" |grep -q "^iptables"
+  [ $? -eq 0 ] || return 1
+  RULE_CHECK=`echo "$RULE_RAW" |sed 's/-I\|-A/-C/'`
+  ${RULE_CHECK} >>/dev/null 2>&1
+  [ $? -eq 1 ] && ${RULE_RAW} 
+  return 0
+}
+
+INIT(){
+  MyCMD=`echo "$1" |sed 's/^\s$//'`
+  [ -n "${MyCMD}" ] || MyCMD=`readlink -f "$0"`
+  [ -n "${MyCMD}" ] && MyDEL=$(echo "${MyCMD}" |tr '/' '\\\\' |sed 's/\\/\\\//g')
+  [ -n "${MyDEL}" ] || return
+  if [ -f /etc/crontab ]; then
+    sed -i "/${MyDEL}/d" /etc/crontab
+    while [ -z "$(sed -n '$p' /etc/crontab |sed 's/^\s$//')" ]; do sed -i '$d' /etc/crontab; done
+    sed -i "\$a\\@reboot root ${MyCMD} >>/dev/null 2>&1 &" /etc/crontab
+    sed -i '$a\\n\n\n' /etc/crontab
+  fi
+}
 
+STOP(){
+  DEAMONS=("ocserv" "ocserv-main")
+  for deamon in "${DEAMONS[@]}"; do [ -n "$deamon" ] && kill -9 `ps -C "$deamon" -o pid=` >>/dev/null 2>&1; done
+}
 
 START(){
-  kill -9 $(ps -C ocserv -o pid=) >>/dev/null 2>&1;
-  kill -9 $(ps -C ocserv-main -o pid=) >>/dev/null 2>&1;
+  STOP;
+  IPTABLES "iptables -t nat -A POSTROUTING -o ${EthName} -j MASQUERADE"
+  IPTABLES "iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu"
+  [ -n "$MyPort" ] && IPTABLES "iptables -I INPUT -p tcp --dport ${MyPort} -j ACCEPT"
+  [ -n "$MyUDP" ] && IPTABLES "iptables -I INPUT -p udp --dport ${MyUDP} -j ACCEPT"
+  [ -n "$MyPublicIP" ] && [ -f "${MyPath}/group/NoRoute" ] && sed -i "s/^no-route\s*=\s*.*\/255.255.255.255/no-route = ${MyPublicIP}\/255.255.255.255/" /etc/ocserv/group/NoRoute
   ocserv --config "${MyConfig}" >>/dev/null 2>&1;
 }
 
@@ -36,6 +67,21 @@ SCAN(){
   fi
 }
 
+
+if [ "$MyARG" == "INIT" ]; then
+  INIT;
+  exit 0;
+elif [ "$MyARG" == "START" ]; then
+  START;
+  exit 0;
+elif [ "$MyARG" == "RESTART" ]; then
+  START;
+  exit 0;
+elif [ "$MyARG" == "STOP" ]; then
+  STOP;
+  exit 0;
+fi
+
 command -v nc >>/dev/null 2>&1
 if [ $? -ne 0 ]; then
   START;