24 lines
1.1 KiB
Bash
Executable file
24 lines
1.1 KiB
Bash
Executable file
#!/usr/bin/bash
|
|
# shellcheck shell=bash
|
|
|
|
set -e
|
|
|
|
[[ $CONNECTION_ID =~ wg[0-9]?-mullvad ]] || exit 0
|
|
printf "Running NetworkManager dispatch script: mullvad, event: %s\n" "$2" | systemd-cat -p info -t dispatch_script
|
|
|
|
if [[ $2 == up ]]; then
|
|
#LOCAL_IP=$(ip a show dev $CONNECTION_ID | grep -o 'fc00[0-9a-f\:]*')
|
|
LOCAL_IP=$(ip -json address show dev "$CONNECTION_ID" | jq -r '.[].addr_info[] | select(.family == "inet6" and (.local | test("^fc00[0-9a-f:]*"))).local')
|
|
REMOTE_IP=$(curl --retry-all-errors --retry-max-time 19 --retry 10 -s https://ipv6.am.i.mullvad.net/) || echo "Error getting remote IP" | systemd-cat -p err -t dispatch_script
|
|
|
|
[[ $REMOTE_IP != "" ]] || exit 1
|
|
|
|
printf 'Adding masquerade rules from %s to %s\n' "$LOCAL_IP" "$REMOTE_IP" | systemd-cat -p info -t dispatch_script
|
|
|
|
nft add rule inet mullvad nat ip6 saddr "$REMOTE_IP" snat to "$LOCAL_IP"
|
|
nft add chain inet mullvad nat-in "{ type nat hook prerouting priority 0; }"
|
|
nft add rule inet mullvad nat-in ip6 daddr "$LOCAL_IP" ct state new dnat to "$REMOTE_IP"
|
|
ip addr add "$REMOTE_IP" dev "$CONNECTION_ID"
|
|
fi
|
|
|
|
# vi:set ft=sh ts=4 sw=4 noet noai:
|