Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #117 from YunoHost-Apps/testing
Testing | Packaging v2 + generate config during upgrade + Add hook scripts
- Loading branch information
Showing
35 changed files
with
787 additions
and
866 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
# All available README files by language | ||
|
||
- [Read the README in English](README.md) | ||
- [Irakurri README euskaraz](README_eu.md) | ||
- [Lire le README en français](README_fr.md) | ||
- [Le o README en galego](README_gl.md) | ||
- [Leggi il “README” in italiano](README_it.md) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
<!-- | ||
Ohart ongi: README hau automatikoki sortu da <https://github.com/YunoHost/apps/tree/master/tools/readme_generator>ri esker | ||
EZ editatu eskuz. | ||
--> | ||
|
||
# VPN Client YunoHost-erako | ||
|
||
[![Integrazio maila](https://dash.yunohost.org/integration/vpnclient.svg)](https://dash.yunohost.org/appci/app/vpnclient) ![Funtzionamendu egoera](https://ci-apps.yunohost.org/ci/badges/vpnclient.status.svg) ![Mantentze egoera](https://ci-apps.yunohost.org/ci/badges/vpnclient.maintain.svg) | ||
|
||
[![Instalatu VPN Client YunoHost-ekin](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=vpnclient) | ||
|
||
*[Irakurri README hau beste hizkuntzatan.](./ALL_README.md)* | ||
|
||
> *Pakete honek VPN Client YunoHost zerbitzari batean azkar eta zailtasunik gabe instalatzea ahalbidetzen dizu.* | ||
> *YunoHost ez baduzu, kontsultatu [gida](https://yunohost.org/install) nola instalatu ikasteko.* | ||
## Aurreikuspena | ||
|
||
Install a VPN connection on your self-hosted server. | ||
* Useful for hosting your server behind a filtered (and/or non-neutral) internet access. | ||
* Useful to have static IP addresses (IPv6 and IPv4). | ||
* Useful to easily move your server anywhere. | ||
* Strong firewalling (internet access and self-hosted services only available through the VPN, not leaking to your commercial ISP) | ||
* Combine with the [Hotspot app](https://github.com/YunoHost-Apps/hotspot_ynh) to broadcast VPN-protected WiFi to other laptops without any further technical configuration needed. | ||
|
||
|
||
|
||
**Paketatutako bertsioa:** 2.2~ynh1 | ||
|
||
## Pantaila-argazkiak | ||
|
||
![VPN Client(r)en pantaila-argazkia](./doc/screenshots/vpnclient.png) | ||
|
||
## Dokumentazioa eta baliabideak | ||
|
||
- Aplikazioaren webgune ofiziala: <https://labriqueinter.net> | ||
- YunoHost Denda: <https://apps.yunohost.org/app/vpnclient> | ||
- Eman errore baten berri: <https://github.com/YunoHost-Apps/vpnclient_ynh/issues> | ||
|
||
## Garatzaileentzako informazioa | ||
|
||
Bidali `pull request`a [`testing` abarrera](https://github.com/YunoHost-Apps/vpnclient_ynh/tree/testing). | ||
|
||
`testing` abarra probatzeko, ondorengoa egin: | ||
|
||
```bash | ||
sudo yunohost app install https://github.com/YunoHost-Apps/vpnclient_ynh/tree/testing --debug | ||
edo | ||
sudo yunohost app upgrade vpnclient -u https://github.com/YunoHost-Apps/vpnclient_ynh/tree/testing --debug | ||
``` | ||
|
||
**Informazio gehiago aplikazioaren paketatzeari buruz:** <https://yunohost.org/packaging_apps> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
#!/bin/bash | ||
|
||
is_firewall_set() { | ||
ip6tables -w -nvL OUTPUT | grep vpnclient_out | grep -q "${wired_device}" \ | ||
&& iptables -w -nvL OUTPUT | grep vpnclient_out | grep -q "${wired_device}" | ||
} | ||
|
||
wired_device=$(ip route | awk '/default via/ { print $5; }') | ||
|
||
if is_firewall_set; then | ||
rm -f /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient | ||
|
||
# IPv4 | ||
|
||
iptables -w -D INPUT -i "${wired_device}" -j vpnclient_in | ||
iptables -w -D OUTPUT -o "${wired_device}" -j vpnclient_out | ||
iptables -w -D FORWARD -o "${wired_device}" -j vpnclient_fwd | ||
|
||
iptables -w -F vpnclient_in | ||
iptables -w -F vpnclient_out | ||
iptables -w -F vpnclient_fwd | ||
|
||
iptables -w -X vpnclient_in | ||
iptables -w -X vpnclient_out | ||
iptables -w -X vpnclient_fwd | ||
|
||
# IPv6 | ||
|
||
ip6tables -w -D INPUT -i "${wired_device}" -j vpnclient_in | ||
ip6tables -w -D OUTPUT -o "${wired_device}" -j vpnclient_out | ||
ip6tables -w -D FORWARD -o "${wired_device}" -j vpnclient_fwd | ||
|
||
ip6tables -w -F vpnclient_in | ||
ip6tables -w -F vpnclient_out | ||
ip6tables -w -F vpnclient_fwd | ||
|
||
ip6tables -w -X vpnclient_in | ||
ip6tables -w -X vpnclient_out | ||
ip6tables -w -X vpnclient_fwd | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
#!/bin/bash | ||
|
||
is_dns_set() { | ||
if [[ "$ynh_dns_method" != "custom" ]]; then | ||
return 0 | ||
fi | ||
|
||
current_dns=$(grep -o -P '^\s*nameserver\s+\K[abcdefABCDEF\d.:]+$' /etc/resolv.dnsmasq.conf | sort | uniq) | ||
wanted_dns=$(echo "${ynh_dns}" | sed 's/,/\n/g' | sort | uniq) | ||
[[ -e /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient ]] \ | ||
&& [[ "$current_dns" == "$wanted_dns" ]] | ||
} | ||
|
||
if is_dns_set; then | ||
resolvconf=/etc/resolv.dnsmasq.conf | ||
|
||
rm -f /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient | ||
if [[ -e "${resolvconf}.ynh" ]]; then | ||
mv "${resolvconf}.ynh" "${resolvconf}" | ||
fi | ||
|
||
# FIXME : this situation happened to a user ... | ||
# We could try to force regen the dns conf | ||
# (though for now it's tightly coupled to dnsmasq) | ||
if ! grep -q "^nameserver\s" "${resolvconf}"; then | ||
echo "${resolvconf} does not have any nameserver line !?" >&2 | ||
fi | ||
fi |
36 changes: 36 additions & 0 deletions
36
conf/scripts/route-down.d/30-vpnclient-unset-server-ipv6-route
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
#!/bin/bash | ||
|
||
is_serverip6route_set() { | ||
local server_ip6s=${1} | ||
|
||
if [[ -z "${server_ip6s}" ]]; then | ||
return 0 | ||
fi | ||
|
||
for server_ip6 in ${server_ip6s}; do | ||
if ! ip -6 route | grep -q "^${server_ip6}"; then | ||
return 1 | ||
fi | ||
done | ||
} | ||
|
||
unset_serverip6route() { | ||
local server_ip6s=${1} | ||
local ip6_gw=${2} | ||
local wired_device=${3} | ||
|
||
for server_ip6 in ${server_ip6s}; do | ||
ip route delete "${server_ip6}/128" via "${ip6_gw}" dev "${wired_device}" | ||
done | ||
} | ||
|
||
old_ip6_gw=$(yunohost app setting vpnclient ip6_gw) | ||
old_wired_device=$(yunohost app setting vpnclient wired_device) | ||
old_server_ip6=$(yunohost app setting vpnclient server_ip6) | ||
|
||
# Check old state of the server ipv6 route | ||
if [[ -n "${old_server_ip6}" && -n "${old_ip6_gw}" && -n "${old_wired_device}" ]]; then | ||
if is_serverip6route_set "${old_server_ip6}"; then | ||
unset_serverip6route "${old_server_ip6}" "${old_ip6_gw}" "${old_wired_device}" | ||
fi | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
#!/bin/bash | ||
|
||
is_ip6addr_set() { | ||
local ip6_addr=${1} | ||
ip address show dev tun0 2> /dev/null | grep -q "${ip6_addr}/" | ||
} | ||
|
||
ip6_addr=$(yunohost app setting "vpnclient" "ip6_addr") | ||
if [[ -n "${ip6_addr}" ]] && [[ "${ip6_addr}" != none ]] && is_ip6addr_set "${ip6_addr}"; then | ||
ip address delete "${ip6_addr}/64" dev tun0 | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
#!/bin/bash | ||
|
||
is_firewall_set() { | ||
local wired_device=$(ip route | awk '/default via/ { print $5; }') | ||
|
||
ip6tables -w -nvL OUTPUT | grep vpnclient_out | grep -q "${wired_device}" \ | ||
&& iptables -w -nvL OUTPUT | grep vpnclient_out | grep -q "${wired_device}" | ||
} | ||
|
||
if ! is_firewall_set; then | ||
bash /etc/yunohost/apps/vpnclient/conf/hook_post-iptable-rules | ||
cp /etc/yunohost/apps/vpnclient/conf/hook_post-iptable-rules /etc/yunohost/hooks.d/post_iptable_rules/90-vpnclient | ||
fi | ||
|
||
if is_firewall_set; then | ||
echo "[ OK ] IPv6/IPv4 firewall set" | ||
else | ||
echo "[FAIL] No IPv6/IPv4 firewall set" >&2 | ||
exit 1 | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
#!/bin/bash | ||
|
||
is_dns_set() { | ||
if [[ "$ynh_dns_method" != "custom" ]]; then | ||
return 0 | ||
fi | ||
|
||
current_dns=$(grep -o -P '^\s*nameserver\s+\K[a-fA-F\d.:]+$' /etc/resolv.dnsmasq.conf | sort | uniq) | ||
wanted_dns=$(echo "${ynh_dns}" | sed 's/,/\n/g' | sort | uniq) | ||
[[ -e /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient ]] \ | ||
&& [[ "$current_dns" == "$wanted_dns" ]] | ||
} | ||
|
||
ynh_dns_method=$(yunohost app setting vpnclient dns_method) | ||
ynh_dns=$(yunohost app setting vpnclient nameservers) | ||
|
||
# Set host DNS resolvers | ||
if ! is_dns_set; then | ||
resolvconf=/etc/resolv.dnsmasq.conf | ||
|
||
cp -fa "${resolvconf}" "${resolvconf}.ynh" | ||
if [[ "$ynh_dns_method" == "custom" ]]; then | ||
cat << EOF > /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient | ||
echo "${ynh_dns}" | sed 's/,/\n/g' | sort | uniq | sed 's/^/nameserver /g' > ${resolvconf} | ||
EOF | ||
bash /etc/dhcp/dhclient-exit-hooks.d/ynh-vpnclient | ||
fi | ||
fi | ||
|
||
if is_dns_set; then | ||
echo "[ OK ] Host DNS correctly set" | ||
else | ||
echo "[FAIL] No host DNS set" >&2 | ||
exit 1 | ||
fi |
Oops, something went wrong.