Hi all.
I have a raspberry pi machine in my home that runs linux and is used for the following two things.
1. IRC server through TOR network
2. VPN router
In order to used as a VPN router, it has two wireless adaptors. One is set as AP (hostapd) while the other is connected to an external WIFI that user will choose. To control these both functions (IRC and VPN router) I've built the following bash script where a user can run either
Code:
./script irc start/restart/stop
or
Code:
./script vpn-router start/stop
I've noticed that if the IRC server is first started and then the VPN router is started or stopped, then a problem occurs in IRC server-client connection. Either it has lags or if the user decides to disconnect (due to the lags) he/her cannot connect back unless some time is passed (e.g 10-25 mins).
I'm thinking that something is going on with the traffic between tun0 device and the other devices when tun0 is getting up or down. Here are some of my main thoughts:
1) there is a miss-config of my iptables rules.
2) it takes time to reroute after VPN get up/down.
3) something is happening with TOR.
Anyway. Here is the simple script I wrote to control the mentioned functions. If you think that an alter on iptables rules will help the situation, feel free to suggest it.
Code:
#!/bin/bash
# This script is starting the Inspircd and Tor AND VPNrouting.
checkInternetAccess(){
if nc -zw1 google.com 443; then
echo "[+] Internet connection found"
else
echo "[!] No internet connection found"
nmcli device wifi rescan
nmcli device wifi list
echo ""
echo "[!] Please connect to one of the found WIFi's or to an ethernet port."
echo "[!] Consider using the following command for the WIFi"
echo "[>] nmcli device wifi connect SSID-Name password wireless-password"
echo ""
exit 1
fi
}
# TOR AND INSPIRCD EXECUTION CONTROL
if [ "$1" == "irc" ] && [ "$2" == "start" ]; then
checkInternetAccess
echo "[+] Starting Inspircd..."
sudo systemctl start inspircd
echo "[+] Starting Tor..."
sudo systemctl start tor
sleep 5
echo "[+] IRC is listenning @ $(sudo cat /var/lib/tor/hidden_service/hostname):6667"
echo ""
exit $?
elif [ "$1" == "irc" ] && [ "$2" == "restart" ]; then
checkInternetAccess
echo "[+] Re-starting Inspircd..."
sudo systemctl restart inspircd
echo "[+] Re-starting Tor..."
sudo systemctl restart tor
sleep 5
echo "[+] IRC is listenning @ $(sudo cat /var/lib/tor/hidden_service/hostname):6667"
echo ""
exit $?
elif [ "$1" == "irc" ] && [ "$2" == "stop" ]; then
echo "[+] Stopping Inspircd..."
sudo systemctl stop inspircd
echo "[+] Stopping Tor..."
sudo systemctl stop tor
# VPN ROUTING EXECUTION CONTROL
elif [ "$1" == "vpn-router" ] && [ "$2" == "start" ]; then
checkInternetAccess
# enable ip forwarding
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
# start openvpn
echo "[+] Starting openVPN..."
cd /etc/openvpn/client
sudo nohup openvpn --config myVPN.conf &
# setup iptables rules
echo "[+] Seting iptables rules..."
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -t filter -A FORWARD -i tun0 -o wlan-AP -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -t filter -A FORWARD -i wlan-AP -o tun0 -j ACCEPT
elif [ "$1" == "vpn-router" ] && [ "$2" == "stop" ]; then
# disable ip forwarding
echo 0 | sudo tee /proc/sys/net/ipv4/ip_forward
# remove iptables rules
echo "[+] Removing iptables rules..."
sudo iptables -t nat -D POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -t filter -D FORWARD -i tun0 -o wlan-AP -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -t filter -D FORWARD -i wlan-AP -o tun0 -j ACCEPT
# stop openvpn
echo "[+] Stoping openVPN..."
sudo killall openvpn
else
echo ""
echo "Usage: control [service] [action]"
echo "-----------------------------------"
echo ""
echo "services : irc | vpn-router"
echo "actions : start | restart | stop"
echo ""
fi
Thank you.
