diff options
Diffstat (limited to 'src/wg-quick/openbsd.bash')
| -rwxr-xr-x | src/wg-quick/openbsd.bash | 39 |
1 files changed, 26 insertions, 13 deletions
diff --git a/src/wg-quick/openbsd.bash b/src/wg-quick/openbsd.bash index 15550c8..19b9909 100755 --- a/src/wg-quick/openbsd.bash +++ b/src/wg-quick/openbsd.bash @@ -52,6 +52,7 @@ parse_options() { stripped="${line%%\#*}" key="${stripped%%=*}"; key="${key##*([[:space:]])}"; key="${key%%*([[:space:]])}" value="${stripped#*=}"; value="${value##*([[:space:]])}"; value="${value%%*([[:space:]])}" + unstripped_value="${line#*=}"; unstripped_value="${unstripped_value##*([[:space:]])}"; unstripped_value="${unstripped_value%%*([[:space:]])}" [[ $key == "["* ]] && interface_section=0 [[ $key == "[Interface]" ]] && interface_section=1 if [[ $interface_section -eq 1 ]]; then @@ -62,10 +63,10 @@ parse_options() { [[ $v =~ (^[0-9.]+$)|(^.*:.*$) ]] && DNS+=( $v ) || DNS_SEARCH+=( $v ) done; continue ;; Table) TABLE="$value"; continue ;; - PreUp) PRE_UP+=( "$value" ); continue ;; - PreDown) PRE_DOWN+=( "$value" ); continue ;; - PostUp) POST_UP+=( "$value" ); continue ;; - PostDown) POST_DOWN+=( "$value" ); continue ;; + PreUp) PRE_UP+=( "$unstripped_value" ); continue ;; + PreDown) PRE_DOWN+=( "$unstripped_value" ); continue ;; + PostUp) POST_UP+=( "$unstripped_value" ); continue ;; + PostDown) POST_DOWN+=( "$unstripped_value" ); continue ;; SaveConfig) read_bool SAVE_CONFIG "$value"; continue ;; esac fi @@ -266,30 +267,42 @@ monitor_daemon() { echo "[+] Backgrounding route monitor" >&2 (trap 'del_routes; exit 0' INT TERM EXIT exec >/dev/null 2>&1 - local event + exec 19< <(exec route -n monitor) + local event pid=$! # TODO: this should also check to see if the endpoint actually changes # in response to incoming packets, and then call set_endpoint_direct_route # then too. That function should be able to gracefully cleanup if the # endpoints change. - while read -r event; do + while read -u 19 -r event; do [[ $event == RTM_* ]] || continue ifconfig "$REAL_INTERFACE" >/dev/null 2>&1 || break [[ $AUTO_ROUTE4 -eq 1 || $AUTO_ROUTE6 -eq 1 ]] && set_endpoint_direct_route # TODO: set the mtu as well, but only if up - done < <(route -n monitor)) & disown + done + kill $pid) & disown } set_dns() { [[ ${#DNS[@]} -gt 0 ]] || return 0 - # TODO: this is a horrible way of doing it. Has OpenBSD no resolvconf? + + # TODO: add exclusive support for nameservers + if pgrep -qx unwind; then + echo "[!] WARNING: unwind will leak DNS queries" >&2 + elif pgrep -qx resolvd; then + echo "[!] WARNING: resolvd may leak DNS queries" >&2 + else + echo "[+] resolvd is not running, DNS will not be configured" >&2 + return 0 + fi + cmd cp /etc/resolv.conf "/etc/resolv.conf.wg-quick-backup.$INTERFACE" - { cmd printf 'nameserver %s\n' "${DNS[@]}" - [[ ${#DNS_SEARCH[@]} -eq 0 ]] || cmd printf 'search %s\n' "${DNS_SEARCH[*]}" - } > /etc/resolv.conf + [[ ${#DNS_SEARCH[@]} -eq 0 ]] || cmd printf 'search %s\n' "${DNS_SEARCH[*]}" > /etc/resolv.conf + route nameserver ${REAL_INTERFACE} ${DNS[@]} } unset_dns() { [[ -f "/etc/resolv.conf.wg-quick-backup.$INTERFACE" ]] || return 0 + route nameserver ${REAL_INTERFACE} cmd mv "/etc/resolv.conf.wg-quick-backup.$INTERFACE" /etc/resolv.conf } @@ -325,7 +338,7 @@ add_route() { } set_config() { - cmd wg setconf "$REAL_INTERFACE" <(echo "$WG_CONFIG") + cmd wg addconf "$REAL_INTERFACE" <(echo "$WG_CONFIG") } save_config() { @@ -405,8 +418,8 @@ cmd_up() { local i get_real_interface && die "\`$INTERFACE' already exists as \`$REAL_INTERFACE'" trap 'del_if; del_routes; exit' INT TERM EXIT - execute_hooks "${PRE_UP[@]}" add_if + execute_hooks "${PRE_UP[@]}" set_config for i in "${ADDRESSES[@]}"; do add_addr "$i" |