Linux
通過腳本傳遞的 OpenVPN 變數
有人可以解釋和/或指導我在客戶端連接時可以傳遞給 OpenVPN 的變數摘要嗎?
比如下面的怎麼做 $ 1, $ 2, $ 3, $ 為變數產生 4 個值:
ip=$1 user=$2 ?=$3 ?=$4 ?=$5
ETC
澄清一下:當使用者連接到 OpenVPN 時,會呼叫以下學習地址腳本(請參見下文)
我想知道一旦使用者連接,哪些變數可以傳遞給這個 bash 腳本
這是學習地址腳本和前 (2) 個變數(在腳本頂部) $ 1 and $ 2 - 我們可以擷取其他變數(eth0 與 dev1 等)嗎?
#!/bin/bash statedir=/tmp/ function bwlimit-enable() { ip=$1 user=$2 # Disable if already enabled. bwlimit-disable $ip # Find unique classid. if [ -f $statedir/$ip.classid ]; then # Reuse this IP's classid classid=`cat $statedir/$ip.classid` else if [ -f $statedir/last_classid ]; then classid=`cat $statedir/last_classid` classid=$((classid+1)) else classid=1 fi echo $classid > $statedir/last_classid fi # Find this user's bandwidth limit # downrate: from VPN server to the client # uprate: from client to the VPN server if [ "$user" == "myuser" ]; then downrate=10mbit uprate=10mbit elif [ "$user" == "anotheruser"]; then downrate=2mbit uprate=2mbit else downrate=5mbit uprate=5mbit fi # Limit traffic from VPN server to client tc class add dev $dev parent 1: classid 1:$classid htb rate $downrate tc filter add dev $dev protocol all parent 1:0 prio 1 u32 match ip dst $ip/32 flowid 1:$classid # Limit traffic from client to VPN server tc filter add dev $dev parent ffff: protocol all prio 1 u32 match ip src $ip/32 police rate $uprate burst 80k drop flowid :$classid # Store classid and dev for further use. echo $classid > $statedir/$ip.classid echo $dev > $statedir/$ip.dev } function bwlimit-disable() { ip=$1 if [ ! -f $statedir/$ip.classid ]; then return fi if [ ! -f $statedir/$ip.dev ]; then return fi classid=`cat $statedir/$ip.classid` dev=`cat $statedir/$ip.dev` tc filter del dev $dev protocol all parent 1:0 prio 1 u32 match ip dst $ip/32 tc class del dev $dev classid 1:$classid tc filter del dev $dev parent ffff: protocol all prio 1 u32 match ip src $ip/32 # Remove .dev but keep .classid so it can be reused. rm $statedir/$ip.dev } # Make sure queueing discipline is enabled. tc qdisc add dev $dev root handle 1: htb 2>/dev/null || /bin/true tc qdisc add dev $dev handle ffff: ingress 2>/dev/null || /bin/true case "$1" in add|update) bwlimit-enable $2 $3 ;; delete) bwlimit-disable $2 ;; *) echo "$0: unknown operation [$1]" >&2 exit 1 ;; esac exit 0
當使用者連接到 OpenVPN 時,會呼叫以下學習地址腳本
這 $ 1, $ 2 和 $3 是傳遞給腳本的參數,它們記錄在手冊頁中。
--learn-address cmd ... Three arguments will be appended to any arguments in cmd as follows: [1] operation -- "add", "update", or "delete" based on whether or not the address is being added to, modified, or deleted from OpenVPN's internal routing table. [2] address -- The address being learned or unlearned. This can be an IPv4 address such as "198.162.10.14", an IPv4 subnet such as "198.162.10.0/24", or an ethernet MAC address (when --dev tap is being used) such as "00:FF:01:02:03:04". [3] common name -- The common name on the certificate associated with the client linked to this address. Only present for "add" or "update" operations, not "delete".