VPN failsafe working
This commit is contained in:
parent
11600ef4d7
commit
e8ebcfc2be
@ -2,6 +2,16 @@
|
|||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.pia;
|
cfg = config.pia;
|
||||||
|
vpnfailsafe = pkgs.stdenv.mkDerivation {
|
||||||
|
pname = "vpnfailsafe";
|
||||||
|
version = "0.0.1";
|
||||||
|
src = ./.;
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out
|
||||||
|
cp vpnfailsafe.sh $out/vpnfailsafe.sh
|
||||||
|
sed -i 's|getent|${pkgs.getent}/bin/getent|' $out/vpnfailsafe.sh
|
||||||
|
'';
|
||||||
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.pia = {
|
options.pia = {
|
||||||
@ -11,7 +21,7 @@ in
|
|||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
services.openvpn = {
|
services.openvpn = {
|
||||||
servers = {
|
servers = {
|
||||||
us-east = {
|
pia = {
|
||||||
config = ''
|
config = ''
|
||||||
client
|
client
|
||||||
dev tun
|
dev tun
|
||||||
@ -88,8 +98,8 @@ disable-occ
|
|||||||
auth-user-pass /run/agenix/pia-login.conf
|
auth-user-pass /run/agenix/pia-login.conf
|
||||||
'';
|
'';
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
# up = "${./vpnfailsafe.sh}";
|
up = "${vpnfailsafe}/vpnfailsafe.sh";
|
||||||
# down = "${./vpnfailsafe.sh}";
|
down = "${vpnfailsafe}/vpnfailsafe.sh";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
@ -81,26 +81,6 @@ update_routes() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
# $@ := "up" | "down"
|
|
||||||
update_resolv() {
|
|
||||||
case "$@" in
|
|
||||||
up) local domains="" ns=""
|
|
||||||
for opt in ${!foreign_option_*}; do
|
|
||||||
case "${!opt}" in
|
|
||||||
dhcp-option\ DOMAIN*) domains+=" ${!opt##* }";;
|
|
||||||
dhcp-option\ DNS\ *) ns+=" ${!opt##* }";;
|
|
||||||
*) ;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
if [[ -n "$ns" ]]; then
|
|
||||||
echo -e "${domains/ /search }\\n${ns// /$'\n'nameserver }"|resolvconf -xa "$dev"
|
|
||||||
else
|
|
||||||
echo "$0: WARNING: no DNS was pushed by the VPN server, this could cause a DNS leak" >&2
|
|
||||||
fi;;
|
|
||||||
down) resolvconf -fd "$dev" 2>/dev/null || true;;
|
|
||||||
esac
|
|
||||||
}
|
|
||||||
|
|
||||||
# $@ := ""
|
# $@ := ""
|
||||||
update_firewall() {
|
update_firewall() {
|
||||||
# $@ := "INPUT" | "OUTPUT" | "FORWARD"
|
# $@ := "INPUT" | "OUTPUT" | "FORWARD"
|
||||||
@ -198,7 +178,7 @@ trap 'err_msg "$LINENO" "$?"' ERR
|
|||||||
# $@ := ""
|
# $@ := ""
|
||||||
main() {
|
main() {
|
||||||
case "${script_type:-down}" in
|
case "${script_type:-down}" in
|
||||||
up) for f in hosts routes resolv firewall; do "update_$f" up; done;;
|
up) for f in hosts routes firewall; do "update_$f" up; done;;
|
||||||
down) update_routes down
|
down) update_routes down
|
||||||
update_resolv down;;
|
update_resolv down;;
|
||||||
esac
|
esac
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user