alexz/runtipi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add TARGET_SUBNET to openconnect-vpn script

Browse Source 
Derive TARGET_SUBNET from TARGET_IP (first 3 octets + .0/24)
for iptables FORWARD rules to allow full subnet routing.
This commit is contained in:
Alex Zaw
2026-01-17 17:56:45 +00:00
parent b2e38b3cb4
commit 5f057c50ed
1 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
apps/cistech-tunnel/shared/openconnect-vpn
View File

@@ -17,6 +17,7 @@ VPN_PASSWORD="${VPN_PASSWORD:-}"
VPN_TOTP_SECRET="${VPN_TOTP_SECRET:-}"
VPN_HOST="${VPN_HOST:-}"
TARGET_IP="${TARGET_IP:-10.3.1.0}"
TARGET_SUBNET="$(echo "$TARGET_IP" | cut -d. -f1-3).0/24"
VPN_INTERFACE="${VPN_INTERFACE:-tun0}"
CONTAINER_NETWORK="172.30.0.0/24"
@@ -336,7 +337,7 @@ disconnect_vpn() {
}
setup_forwarding() {
log INFO "Setting up IP forwarding rules for $TARGET_IP..."
log INFO "Setting up IP forwarding rules for $TARGET_SUBNET..."
local vpn_iface=$(get_vpn_interface)
if [ -z "$vpn_iface" ]; then
@@ -362,15 +363,15 @@ setup_forwarding() {
fi
# Forward rules at position 1
iptables -D FORWARD -d "$TARGET_IP" -j ACCEPT 2>/dev/null || true
iptables -D FORWARD -s "$TARGET_IP" -j ACCEPT 2>/dev/null || true
iptables -D FORWARD -d "$TARGET_SUBNET" -j ACCEPT 2>/dev/null || true
iptables -D FORWARD -s "$TARGET_SUBNET" -j ACCEPT 2>/dev/null || true
iptables -D FORWARD -s "$CONTAINER_NETWORK" -j ACCEPT 2>/dev/null || true
iptables -D FORWARD -d "$CONTAINER_NETWORK" -j ACCEPT 2>/dev/null || true
run_cmd "Inserting forward rule (to container network)" iptables -I FORWARD 1 -d "$CONTAINER_NETWORK" -j ACCEPT
run_cmd "Inserting forward rule (from container network)" iptables -I FORWARD 1 -s "$CONTAINER_NETWORK" -j ACCEPT
run_cmd "Inserting forward rule (from target)" iptables -I FORWARD 1 -s "$TARGET_IP" -j ACCEPT
run_cmd "Inserting forward rule (to target)" iptables -I FORWARD 1 -d "$TARGET_IP" -j ACCEPT
run_cmd "Inserting forward rule (from target)" iptables -I FORWARD 1 -s "$TARGET_SUBNET" -j ACCEPT
run_cmd "Inserting forward rule (to target)" iptables -I FORWARD 1 -d "$TARGET_SUBNET" -j ACCEPT
log INFO "Forwarding rules configured"
echo ""
@@ -385,7 +386,7 @@ setup_forwarding() {
log WARN "Host watcher may not be running (trigger file still exists)"
fi
log INFO "Routing configured for $TARGET_IP through VPN tunnel"
log INFO "Routing configured for $TARGET_SUBNET through VPN tunnel"
echo ""
}
@@ -613,6 +614,7 @@ echo ""
log DEBUG "VPN_EMAIL=$VPN_EMAIL"
log DEBUG "VPN_HOST=$VPN_HOST"
log DEBUG "TARGET_IP=$TARGET_IP"
log DEBUG "TARGET_SUBNET=$TARGET_SUBNET"
log DEBUG "VPN_TOTP_SECRET is $([ -n "$VPN_TOTP_SECRET" ] && echo 'set' || echo 'NOT SET')"
print_banner