#!/bin/bash # session_up.sh username=$(echo "$username" | tr -dc 'a-zA-Z0-9-' ) case "${#username}" in 128|127|126) hash=$username ;; # is a hash already (some routers cut off the last one or two bytes, so accounting for that) 23) hash=$(echo -n "$username" | openssl sha512 | awk '{print $NF}') ;; # they didn't hash the token, so do it for them *) exit 1 ;; # not the length of a token or a token hash, so reject esac # check if the token is valid and not expired and only allow a new session if max sessions isn't reached result=`timeout 8 wget -4 -T8 -qO- https://[redacted]?token=$hash` if [ $? != 0 ] || [ "$result" == "good" ]; then # increase session counter for token result=`timeout 8 wget -4 -T8 -qO- "https://[redacted]?token=${hash}&action=up"` if [ "$result" == "max" ]; then exit 1; fi # use /tmp/pool/ to hold the files that respresent the IPs in the pool that are in use instance_pool_dir=/tmp/pool if [ ! -d $instance_pool_dir ]; then mkdir -p $instance_pool_dir fi # Generate a random IPv6 address for the client if [[ -n $ifconfig_pool_remote_ip6 ]]; then found_one=0 while [ "$found_one" -eq "0" ]; do rand=$(od -An -N8 -tu8 < /dev/urandom | awk '{print $1}') hex=$(printf "%016x\n" $rand) RANDIP="${ifconfig_pool_remote_ip6%%::*}:${hex:0:4}:${hex:4:4}:${hex:8:4}:${hex:12:4}" if [ ! -r $instance_pool_dir/$RANDIP ]; then touch $instance_pool_dir/$RANDIP echo "ifconfig-ipv6-push ${RANDIP} fe80::1" >> $1 # And tell the client to use the IPv6 DNS server hosted on the VPN server they're connected to echo 'push "dhcp-option DNS 2001:db8::8"' >> $1 found_one=1 fi done fi # Generate a random IPv4 address for the client # (even for the IPv6 instances since they're dual-stack) if [[ -n $ifconfig_pool_remote_ip ]]; then POOL=`echo $ifconfig_pool_remote_ip|awk -F. '{print $1"."$2"."$3}'` found_one=0 while [ "$found_one" -eq "0" ]; do RANDIP=$POOL.`echo $[ 3 + $[ RANDOM % 251 ]]` if [ ! -r $instance_pool_dir/$RANDIP ]; then touch $instance_pool_dir/$RANDIP echo "ifconfig-push $RANDIP 255.255.255.0" >> $1 # And tell the client to use the IPv4 DNS server hosted on the VPN server they're connected to echo 'push "dhcp-option DNS 10.31.33.8"' >> $1 found_one=1 fi done fi # Minor tweaks for Windows users if [[ $IV_PLAT == "win" ]]; then echo 'push "redirect-gateway bypass-dhcp"' >> $1 echo 'push "register-dns"' >> $1 if [[ $IV_VER =~ ^2\.3.* ]]; then # Prevent DNS leaks on Windows, if their OpenVPN is > 2.3.8 # since that's when --block-outside-dns support was added test_ver=`echo $IV_VER|awk -F. '{print $NF}'` if [ $test_ver -gt 8 ]; then echo 'push "block-outside-dns"' >> $1 fi else echo 'push "block-outside-dns"' >> $1 fi fi # Found a random IP and pushed it to the client, so exit with success # (or something went horribly wrong, so still exit 0 so the client can get in anyways) exit 0 else exit 1 fi