Configure IPv6 only when VPN is up and fix default route for IPv6

ALL_README.md

@@ -1,6 +1,7 @@
 # All available README files by language
 
 - [Read the README in English](README.md)
+- [Irakurri README euskaraz](README_eu.md)
 - [Lire le README en français](README_fr.md)
 - [Le o README en galego](README_gl.md)
-- [Leggi il “README” in italiano](README_it.md)
+- [阅读中文（简体）的 README](README_zh_Hans.md)

README.md

@@ -9,7 +9,7 @@ It shall NOT be edited by hand.
 
 [![Install Wifi Hotspot with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=hotspot)
 
-*[Read this README is other languages.](./ALL_README.md)*
+*[Read this README in other languages.](./ALL_README.md)*
 
 > *This package allows you to install Wifi Hotspot quickly and simply on a YunoHost server.*  
 > *If you don't have YunoHost, please consult [the guide](https://yunohost.org/install) to learn how to install it.*

README_eu.md

@@ -0,0 +1,47 @@
+<!--
+Ohart ongi: README hau automatikoki sortu da <https://github.com/YunoHost/apps/tree/master/tools/readme_generator>ri esker
+EZ editatu eskuz.
+-->
+
+# Wifi Hotspot YunoHost-erako
+
+[![Integrazio maila](https://dash.yunohost.org/integration/hotspot.svg)](https://dash.yunohost.org/appci/app/hotspot) ![Funtzionamendu egoera](https://ci-apps.yunohost.org/ci/badges/hotspot.status.svg) ![Mantentze egoera](https://ci-apps.yunohost.org/ci/badges/hotspot.maintain.svg)
+
+[![Instalatu Wifi Hotspot YunoHost-ekin](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=hotspot)
+
+*[Irakurri README hau beste hizkuntzatan.](./ALL_README.md)*
+
+> *Pakete honek Wifi Hotspot YunoHost zerbitzari batean azkar eta zailtasunik gabe instalatzea ahalbidetzen dizu.*  
+> *YunoHost ez baduzu, kontsultatu [gida](https://yunohost.org/install) nola instalatu ikasteko.*
+
+## Aurreikuspena
+
+* Broadcast a Wi-Fi access point from your self-hosted server
+* Combine with the [VPN Client app](https://github.com/labriqueinternet/vpnclient_ynh) to obtain a VPN-protected WiFi
+
+
+**Paketatutako bertsioa:** 2.3.1~ynh1
+
+## Pantaila-argazkiak
+
+![Wifi Hotspot(r)en pantaila-argazkia](./doc/screenshots/hotspot.png)
+
+## Dokumentazioa eta baliabideak
+
+- Aplikazioaren webgune ofiziala: <https://internetcu.be/>
+- YunoHost Denda: <https://apps.yunohost.org/app/hotspot>
+- Eman errore baten berri: <https://github.com/YunoHost-Apps/hotspot_ynh/issues>
+
+## Garatzaileentzako informazioa
+
+Bidali `pull request`a [`testing` abarrera](https://github.com/YunoHost-Apps/hotspot_ynh/tree/testing).
+
+`testing` abarra probatzeko, ondorengoa egin:
+
+```bash
+sudo yunohost app install https://github.com/YunoHost-Apps/hotspot_ynh/tree/testing --debug
+edo
+sudo yunohost app upgrade hotspot -u https://github.com/YunoHost-Apps/hotspot_ynh/tree/testing --debug
+```
+
+**Informazio gehiago aplikazioaren paketatzeari buruz:** <https://yunohost.org/packaging_apps>

README_zh_Hans.md

@@ -0,0 +1,47 @@
+<!--
+注意：此 README 由 <https://github.com/YunoHost/apps/tree/master/tools/readme_generator> 自动生成
+请勿手动编辑。
+-->
+
+# YunoHost 的 Wifi Hotspot
+
+[![集成程度](https://dash.yunohost.org/integration/hotspot.svg)](https://dash.yunohost.org/appci/app/hotspot) ![工作状态](https://ci-apps.yunohost.org/ci/badges/hotspot.status.svg) ![维护状态](https://ci-apps.yunohost.org/ci/badges/hotspot.maintain.svg)
+
+[![使用 YunoHost 安装 Wifi Hotspot](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=hotspot)
+
+*[阅读此 README 的其它语言版本。](./ALL_README.md)*
+
+> *通过此软件包，您可以在 YunoHost 服务器上快速、简单地安装 Wifi Hotspot。*  
+> *如果您还没有 YunoHost，请参阅[指南](https://yunohost.org/install)了解如何安装它。*
+
+## 概况
+
+* Broadcast a Wi-Fi access point from your self-hosted server
+* Combine with the [VPN Client app](https://github.com/labriqueinternet/vpnclient_ynh) to obtain a VPN-protected WiFi
+
+
+**分发版本：** 2.3.1~ynh1
+
+## 截图
+
+![Wifi Hotspot 的截图](./doc/screenshots/hotspot.png)
+
+## 文档与资源
+
+- 官方应用网站： <https://internetcu.be/>
+- YunoHost 商店： <https://apps.yunohost.org/app/hotspot>
+- 报告 bug： <https://github.com/YunoHost-Apps/hotspot_ynh/issues>
+
+## 开发者信息
+
+请向 [`testing` 分支](https://github.com/YunoHost-Apps/hotspot_ynh/tree/testing) 发送拉取请求。
+
+如要尝试 `testing` 分支，请这样操作：
+
+```bash
+sudo yunohost app install https://github.com/YunoHost-Apps/hotspot_ynh/tree/testing --debug
+或
+sudo yunohost app upgrade hotspot -u https://github.com/YunoHost-Apps/hotspot_ynh/tree/testing --debug
+```
+
+**有关应用打包的更多信息：** <https://yunohost.org/packaging_apps>

conf/openvpn_route-down_90-hotspot

@@ -0,0 +1,56 @@
+#!/bin/bash
+
+is_nat_set() {
+  local gateway_interface=${1}
+  iptables -w -nvt nat -L POSTROUTING | grep MASQUERADE | grep -q "${gateway_interface}"
+}
+
+unset_nat() {
+  local gateway_interface=${1}
+  echo "[INFO] hotspot ${wifi_device}: Unset NAT on ${gateway_interface}"
+  iptables -w -t nat -D POSTROUTING -o "${gateway_interface}" -j MASQUERADE
+}
+
+set_nat() {
+  local gateway_interface=${1}
+  echo "[INFO] hotspot ${wifi_device}: Set NAT on ${gateway_interface}"
+  iptables -w -t nat -A POSTROUTING -o "${gateway_interface}" -j MASQUERADE
+}
+
+has_ip6delegatedprefix() {
+  [[ -n "${ip6_net}" ]] && [[ "${ip6_net}" != "none" ]]
+}
+
+is_ip6addr_set() {
+  ip address show dev "${wifi_device}" 2>/dev/null | grep -q "${ip6_addr}/64"
+}
+
+unset_ip6addr() {
+  echo "[INFO] hotspot ${wifi_device}: Unset IPv6 address ${ip6_addr}"
+  ip address delete "${ip6_addr}/64" dev "${wifi_device}"
+}
+
+ynh_hotspot_state=$(systemctl is-active __SERVICE_NAME__)
+if [[ "${ynh_hotspot_state}" == "active" || "${ynh_hotspot_state}" == "activating" ]]; then
+  old_gateway_interface=${dev}
+  new_gateway_interface=$(ip route | awk '/default via/ { print $5; }')
+
+  ip6_net=$(yunohost app setting __APP__ ip6_net)
+  ip6_addr="${ip6_net}1"
+
+  wifi_device=$(yunohost app setting __APP__ wifi_device)
+
+  if is_nat_set "${old_gateway_interface}"; then
+    unset_nat "${old_gateway_interface}"
+  fi
+
+  if [[ -n "$new_gateway_interface" ]] && ! is_nat_set $new_gateway_interface; then
+    set_nat "${new_gateway_interface}"
+  fi
+
+  if has_ip6delegatedprefix && is_ip6addr_set; then
+    unset_ip6addr
+  fi
+
+  yunohost app setting __APP__ gateway_interface --value "${new_gateway_interface}"
+fi

conf/openvpn_route-up_90-hotspot

@@ -0,0 +1,57 @@
+#!/bin/bash
+
+is_nat_set() {
+  local gateway_interface=${1}
+  iptables -w -nvt nat -L POSTROUTING | grep MASQUERADE | grep -q "${gateway_interface}"
+}
+
+unset_nat() {
+  local gateway_interface=${1}
+  echo "[INFO] hotspot ${wifi_device}: Unset NAT on ${gateway_interface}"
+  iptables -w -t nat -D POSTROUTING -o "${gateway_interface}" -j MASQUERADE
+}
+
+set_nat() {
+  local gateway_interface=${1}
+  echo "[INFO] hotspot ${wifi_device}: Set NAT on ${gateway_interface}"
+  iptables -w -t nat -A POSTROUTING -o "${gateway_interface}" -j MASQUERADE
+}
+
+has_ip6delegatedprefix() {
+  [[ -n "${ip6_net}" ]] && [[ "${ip6_net}" != "none" ]]
+}
+
+is_ip6addr_set() {
+  ip address show dev "${wifi_device}" 2>/dev/null | grep -q "${ip6_addr}/64"
+}
+
+set_ip6addr() {
+  echo "[INFO] hotspot ${wifi_device}: Set IPv6 address ${ip6_addr}"
+  ip address delete "${ip6_addr}/64" dev "${new_gateway_interface}" &>/dev/null
+  ip address add "${ip6_addr}/64" dev "${wifi_device}"
+}
+
+ynh_hotspot_state=$(systemctl is-active __SERVICE_NAME__)
+if [[ "${ynh_hotspot_state}" == "active" || "${ynh_hotspot_state}" == "activating" ]]; then
+  old_gateway_interface=$(ip route | awk '/default via/ { print $5; }')
+  new_gateway_interface=${dev}
+
+  ip6_net=$(yunohost app setting __APP__ ip6_net)
+  ip6_addr="${ip6_net}1"
+
+  wifi_device=$(yunohost app setting __APP__ wifi_device)
+
+  if [[ -n "$old_gateway_interface" ]] && is_nat_set "$old_gateway_interface"; then
+    unset_nat "${old_gateway_interface}"
+  fi
+
+  if ! is_nat_set $new_gateway_interface; then
+    set_nat "${new_gateway_interface}"
+  fi
+
+  if has_ip6delegatedprefix && ! is_ip6addr_set; then
+    set_ip6addr
+  fi
+
+  yunohost app setting __APP__ gateway_interface --value "${new_gateway_interface}"
+fi

conf/ynh-hotspot

@@ -26,10 +26,6 @@ has_ip6delegatedprefix() {
     [[ -n "${ip6_net}" ]] && [[ "${ip6_net}" != "none" ]]
 }
 
-ip6addrfromdelegatedprefix() {
-    echo "${ip6_net}1"
-}
-
 is_nat_set() {
     local gateway_interface=${1}
     iptables -w -nvt nat -L POSTROUTING | grep MASQUERADE | grep -q "${gateway_interface}"
@@ -40,7 +36,7 @@ is_ip4nataddr_set() {
 }
 
 is_ip6addr_set() {
-    ip address show dev "${wifi_device}" 2>/dev/null | grep -q "$(ip6addrfromdelegatedprefix)/64"
+    ip address show dev "${wifi_device}" 2>/dev/null | grep -q "${ip6_addr}/64"
 }
 
 is_ip6firewall_set() {
@@ -122,10 +118,10 @@ set_ipaddr() {
         ip address add "${ip4_nat_prefix}.1/24" dev "${wifi_device}"
     fi
 
-    if has_ip6delegatedprefix && ! is_ip6addr_set; then
-        echo "hotspot ${wifi_device}: Set IPv6 address"
-        ip address delete "$(ip6addrfromdelegatedprefix)/64" dev tun0 &>/dev/null
-        ip address add "$(ip6addrfromdelegatedprefix)/64" dev "${wifi_device}"
+    if has_ip6delegatedprefix && ! is_ip6addr_set && ip route get 1.2.3.4 | grep -q tun0; then
+        echo "hotspot ${wifi_device}: Set IPv6 address ${ip6_addr}"
+        ip address delete "${ip6_addr}/64" dev tun0 &>/dev/null
+        ip address add "${ip6_addr}/64" dev "${wifi_device}"
     fi
 }
 
@@ -140,8 +136,17 @@ set_ipfirewall() {
 }
 
 set_forwarding() {
+    local ip6_gateway=$(ip -6 route | awk '/default via/ { print $3; }')
+    local wired_interface=$(ip -6 route | awk '/default via/ { print $5; }')
+
     sysctl -w net.ipv6.conf.all.forwarding=1 >/dev/null
     sysctl -w net.ipv4.conf.all.forwarding=1 >/dev/null
+
+    if [[ -n "${ip6_gateway}" ]]; then
+      # Enabling IPv6 forwarding removes the default route, so we need to add it back.
+      # See https://askubuntu.com/questions/463625/ipv6-forwarding-kills-ipv6-connection/463654#463654
+      ip route add default via "${ip6_gateway}" dev ${wired_interface}
+    fi
 }
 
 start_dhcpd() {
@@ -178,8 +183,8 @@ unset_ipaddr() {
     fi
 
     if has_ip6delegatedprefix && is_ip6addr_set; then
-        echo "hotspot ${wifi_device}: Unset IPv6 address"
-        ip address delete "$(ip6addrfromdelegatedprefix)/64" dev "${wifi_device}"
+        echo "hotspot ${wifi_device}: Unset IPv6 address ${ip6_addr}"
+        ip address delete "${ip6_addr}/64" dev "${wifi_device}"
     fi
 }
 
@@ -232,6 +237,7 @@ if [ "$1" != restart ]; then
     ip6_firewall=$(ynh_app_setting_get --app=$app --key=ip6_firewall)
     ip6_dns=$(ynh_app_setting_get --app=$app --key=ip6_dns)
     ip6_net=$(ynh_app_setting_get --app=$app --key=ip6_net)
+    ip6_addr="${ip6_net}1"
     ip4_dns=$(ynh_app_setting_get --app=$app --key=ip4_dns)
     ip4_nat_prefix=$(ynh_app_setting_get --app=$app --key=ip4_nat_prefix)
 
@@ -376,7 +382,7 @@ status)
 
     if has_ip6delegatedprefix; then
         echo "[INFO] hotspot ${wifi_device}: IPv6 delegated prefix found"
-        echo "[INFO] hotspot ${wifi_device}: IPv6 address computed from the delegated prefix: $(ip6addrfromdelegatedprefix)"
+        echo "[INFO] hotspot ${wifi_device}: IPv6 address computed from the delegated prefix: ${ip6_addr}"
 
         if is_ip6addr_set; then
             echo "[ OK ] hotspot ${wifi_device}: IPv6 address set"

scripts/install

@@ -113,8 +113,8 @@ chmod 0755 "/usr/local/bin/$service_name"
 mkdir -pm 0755 /etc/openvpn/scripts
 mkdir -pm 0755 /etc/openvpn/scripts/route-up.d
 mkdir -pm 0755 /etc/openvpn/scripts/route-down.d
-ynh_add_config --template="../conf/openvpn_90-hotspot" --destination="/etc/openvpn/scripts/route-up.d/90-$service_name"
-ynh_add_config --template="../conf/openvpn_90-hotspot" --destination="/etc/openvpn/scripts/route-down.d/90-$service_name"
+ynh_add_config --template="../conf/openvpn_route-up_90-hotspot" --destination="/etc/openvpn/scripts/route-up.d/90-$service_name"
+ynh_add_config --template="../conf/openvpn_route-down_90-hotspot" --destination="/etc/openvpn/scripts/route-down.d/90-$service_name"
 chmod 0755 "/etc/openvpn/scripts/route-up.d/90-${service_name}"
 chmod 0755 "/etc/openvpn/scripts/route-down.d/90-${service_name}"
 

scripts/upgrade

@@ -174,8 +174,8 @@ chmod 0755 "/usr/local/bin/$service_name"
 mkdir -pm 0755 /etc/openvpn/scripts
 mkdir -pm 0755 /etc/openvpn/scripts/route-up.d
 mkdir -pm 0755 /etc/openvpn/scripts/route-down.d
-ynh_add_config --template="../conf/openvpn_90-hotspot" --destination="/etc/openvpn/scripts/route-up.d/90-$service_name"
-ynh_add_config --template="../conf/openvpn_90-hotspot" --destination="/etc/openvpn/scripts/route-down.d/90-$service_name"
+ynh_add_config --template="../conf/openvpn_route-up_90-hotspot" --destination="/etc/openvpn/scripts/route-up.d/90-$service_name"
+ynh_add_config --template="../conf/openvpn_route-down_90-hotspot" --destination="/etc/openvpn/scripts/route-down.d/90-$service_name"
 chmod 0755 "/etc/openvpn/scripts/route-up.d/90-${service_name}"
 chmod 0755 "/etc/openvpn/scripts/route-down.d/90-${service_name}"