travelmate: update to release 2.0

- new package dependency: curl (plus one of the wpad variants)
- optional package dependencies:
  - 'msmtp' for email notification support
  - 'wireguard' or 'openvpn' for vpn support
- removed WEP support, only WPA/WPA2/WPA3 are supported!
- new, more robust setup wizard (CLI and LuCI)
- more robust captive portal detection
- randomize mac addresses with every uplnk connect
- automatic vpn handling during uplink switch (only classic/simple
  client-setups for wireguard or openvpn are supported)
- email notifications after successful uplink connections
- automatically disable uplinks after n minutes, e.g. for timed
  connections
- automatically (re-)enable uplinks after n minutes, e.g. after failed
  login attempts
- complete LuCI rewrite - migrated to client side JS (separate PR)

Signed-off-by: Dirk Brenken <dev@brenken.org>

net/travelmate/files/travelmate.vpn

@@ -0,0 +1,141 @@
+#!/bin/sh
+# vpn switch for travelmate
+# Copyright (c) 2020 Dirk Brenken (dev@brenken.org)
+# This is free software, licensed under the GNU General Public License v3.
+
+# set (s)hellcheck exceptions
+# shellcheck disable=1091,2016,2039,2059,2086,2143,2181,2188
+
+# Please note: you have to setup the package 'wireguard' or 'openvpn' before using this script
+
+LC_ALL=C
+PATH="/usr/sbin:/usr/bin:/sbin:/bin"
+
+. "/lib/functions.sh"
+trm_action="${1}"
+trm_vpnservice="$(uci_get travelmate global trm_vpnservice)"
+trm_vpniface="$(uci_get travelmate global trm_vpniface)"
+trm_landevice="$(uci_get travelmate global trm_landevice)"
+trm_maxwait="$(uci_get travelmate global trm_maxwait "30")"
+trm_captiveurl="$(uci_get travelmate global trm_captiveurl "http://captive.apple.com")"
+trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0")"
+trm_iptrule_accept="FORWARD -i ${trm_landevice} -p tcp  --match multiport --dports 80,443 -j ACCEPT"
+trm_iptrule_drop="FORWARD -i ${trm_landevice} -j DROP"
+trm_iptables="$(command -v iptables)"
+trm_logger="$(command -v logger)"
+trm_fetch="$(command -v curl)"
+
+f_log()
+{
+	local class="${1}" log_msg="${2}"
+
+	if [ -x "${trm_logger}" ]
+	then
+		"${trm_logger}" -p "${class}" -t "trm-vpn  [${$}]" "${log_msg}"
+	else
+		printf "%s %s %s\\n" "${class}" "trm-vpn  [${$}]" "${log_msg}"
+	fi
+}
+
+f_net()
+{
+	local IFS json_raw json_rc result="net nok"
+
+	json_raw="$(${trm_fetch} --user-agent "${trm_useragent}" --referer "http://www.example.com" --write-out "%{json}" --silent --show-error --connect-timeout $((trm_maxwait/10)) "${trm_captiveurl}" 2>/dev/null)"
+	json_raw="${json_raw#*\{}"
+	if [ -n "${json_raw}" ]
+	then
+		json_rc="$(printf "%s" "{${json_raw}" | jsonfilter -l1 -e '@.response_code' 2>/dev/null)"
+		if [ "${json_rc}" = "200" ] || [ "${json_rc}" = "204" ]
+		then
+			result="net ok"
+		fi
+	fi
+	printf "%s" "${result}"
+}
+
+if [ -n "${trm_vpnservice}" ] && [ -n "${trm_vpniface}" ] && [ -n "${trm_landevice}" ] && [ -f "/tmp/trm_runtime.json" ]
+then
+	status="$(jsonfilter -i "/tmp/trm_runtime.json" -l1 -e '@.data.travelmate_status' 2>/dev/null)"
+	vpn_status="$(ubus -S call network.interface."${trm_vpniface}" status 2>/dev/null | jsonfilter -l1 -e '@.up')"
+	if [ "${trm_action}" = "disable" ] && [ "${vpn_status}" = "true" ]
+	then
+		if [ -n "$("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_drop} 2>&1)" ]
+		then
+			"${trm_iptables}" "-w $((trm_maxwait/6))" -I ${trm_iptrule_drop} 2>&1
+			f_log "info" "lan forward blocked for device '${trm_landevice}'"
+		fi
+		if [ "${status%% (net cp *}" = "connected" ]
+		then
+			if [ -n "$("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_accept} 2>&1)" ]
+			then
+				"${trm_iptables}" "-w $((trm_maxwait/6))" -I ${trm_iptrule_accept} 2>&1
+				f_log "info" "lan forward on ports 80/443 freed for device '${trm_landevice}'"
+			fi
+		fi
+	fi
+
+	case "${trm_vpnservice}" in
+		"wireguard")
+			if [ "${trm_action}" = "enable" ] && [ "${vpn_status}" != "true" ]
+			then
+				ubus call network.interface."${trm_vpniface}" up
+			elif [ "${trm_action}" = "disable" ] && [ "${vpn_status}" = "true" ]
+			then
+				ubus call network.interface."${trm_vpniface}" down
+				f_log "info" "${trm_vpnservice} client connection disabled"
+			fi
+		;;
+		"openvpn")
+			if [ "${trm_action}" = "enable" ] && [ "${vpn_status}" != "true" ]
+			then
+				ubus call network.interface."${trm_vpniface}" up
+				/etc/init.d/openvpn restart >/dev/null 2>&1
+			elif [ "${trm_action}" = "disable" ] && [ "${vpn_status}" = "true" ]
+			then
+				ubus call network.interface."${trm_vpniface}" down
+				/etc/init.d/openvpn stop >/dev/null 2>&1
+				f_log "info" "${trm_vpnservice} client connection disabled"
+			fi
+		;;
+	esac
+
+	if [ "${trm_action}" = "enable" ] && [ "${vpn_status}" != "true" ]
+	then
+		cnt=0
+		while true
+		do
+			vpn_status="$(ubus -S call network.interface."${trm_vpniface}" status 2>/dev/null | jsonfilter -l1 -e '@.up')"
+			if [ "${vpn_status}" = "true" ]
+			then
+				net_status="$(f_net)"
+				if [ "${net_status}" = "net ok" ]
+				then
+					f_log "info" "${trm_vpnservice} client connection enabled"
+					if [ -z "$("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_drop} 2>&1)" ]
+					then
+						"${trm_iptables}" "-w $((trm_maxwait/6))" -D ${trm_iptrule_drop} 2>&1
+						if [ -z "$("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_accept} 2>&1)" ]
+						then
+							"${trm_iptables}" "-w $((trm_maxwait/6))" -D ${trm_iptrule_accept} 2>&1
+						fi
+						f_log "info" "lan forward freed for device '${trm_landevice}'"
+					fi
+					if [ -f "/etc/init.d/sysntpd" ]
+					then
+						/etc/init.d/sysntpd restart >/dev/null 2>&1
+					fi
+					break
+				fi
+			fi
+			if [ "${cnt}" -ge "$((trm_maxwait/6))" ]
+			then
+				f_log "info" "${trm_vpnservice} restart failed, lan forward for device '${trm_landevice}' still blocked"
+				ubus call network.interface."${trm_vpniface}" down
+				break
+			fi
+			sleep 1
+			cnt="$((cnt+1))"
+		done
+	fi
+fi