Linux

通過腳本傳遞的 OpenVPN 變數

  • May 31, 2016

有人可以解釋和/或指導我在客戶端連接時可以傳遞給 OpenVPN 的變數摘要嗎?

比如下面的怎麼做 $ 1, $ 2, $ 3, $ 為變數產生 4 個值:

ip=$1
user=$2
?=$3
?=$4
?=$5

ETC

澄清一下:當使用者連接到 OpenVPN 時,會呼叫以下學習地址腳本(請參見下文)

我想知道一旦使用者連接,哪些變數可以傳遞給這個 bash 腳本

這是學習地址腳本和前 (2) 個變數(在腳本頂部) $ 1 and $ 2 - 我們可以擷取其他變數(eth0 與 dev1 等)嗎?

#!/bin/bash

statedir=/tmp/

function bwlimit-enable() {
   ip=$1
   user=$2

   # Disable if already enabled.
   bwlimit-disable $ip

   # Find unique classid.
   if [ -f $statedir/$ip.classid ]; then
       # Reuse this IP's classid
       classid=`cat $statedir/$ip.classid`
   else
       if [ -f $statedir/last_classid ]; then
           classid=`cat $statedir/last_classid`
           classid=$((classid+1))
       else
           classid=1
       fi
       echo $classid > $statedir/last_classid
   fi

   # Find this user's bandwidth limit
   # downrate: from VPN server to the client
   # uprate: from client to the VPN server
   if [ "$user" == "myuser" ]; then
       downrate=10mbit
       uprate=10mbit
   elif [ "$user" == "anotheruser"]; then
       downrate=2mbit
       uprate=2mbit
   else
       downrate=5mbit
       uprate=5mbit
   fi

   # Limit traffic from VPN server to client
   tc class add dev $dev parent 1: classid 1:$classid htb rate $downrate
   tc filter add dev $dev protocol all parent 1:0 prio 1 u32 match ip dst $ip/32 flowid 1:$classid

   # Limit traffic from client to VPN server
   tc filter add dev $dev parent ffff: protocol all prio 1 u32 match ip src $ip/32 police rate $uprate burst 80k drop flowid :$classid

   # Store classid and dev for further use.
   echo $classid > $statedir/$ip.classid
   echo $dev > $statedir/$ip.dev
}

function bwlimit-disable() {
   ip=$1

   if [ ! -f $statedir/$ip.classid ]; then
       return
   fi
   if [ ! -f $statedir/$ip.dev ]; then
       return
   fi

   classid=`cat $statedir/$ip.classid`
   dev=`cat $statedir/$ip.dev`

   tc filter del dev $dev protocol all parent 1:0 prio 1 u32 match ip dst $ip/32
   tc class del dev $dev classid 1:$classid

   tc filter del dev $dev parent ffff: protocol all prio 1 u32 match ip src $ip/32

   # Remove .dev but keep .classid so it can be reused.
   rm $statedir/$ip.dev
}

# Make sure queueing discipline is enabled.
tc qdisc add dev $dev root handle 1: htb 2>/dev/null || /bin/true
tc qdisc add dev $dev handle ffff: ingress 2>/dev/null || /bin/true

case "$1" in
   add|update)
       bwlimit-enable $2 $3
       ;;
   delete)
       bwlimit-disable $2
       ;;
   *)
       echo "$0: unknown operation [$1]" >&2
       exit 1
       ;;
esac

exit 0

當使用者連接到 OpenVPN 時,會呼叫以下學習地址腳本

這 $ 1, $ 2 和 $3 是傳遞給腳本的參數,它們記錄在手冊頁中。

--learn-address cmd

...

Three arguments will be appended to any arguments in cmd as follows:

[1] operation -- "add", "update", or "delete" based on whether or not 
   the address is being added to, modified, or deleted from OpenVPN's
   internal routing table. 
[2] address -- The address being learned or unlearned. This can be an IPv4 
   address such as "198.162.10.14", an IPv4 subnet such as "198.162.10.0/24", 
   or an ethernet MAC address (when --dev tap is being used) such 
   as "00:FF:01:02:03:04". 
[3] common name -- The common name on the certificate associated with the 
   client linked to this address. Only present for "add" or "update" 
   operations, not "delete".

引用自:https://serverfault.com/questions/780134