Merge pull request #19214 from dibdot/travelmate

travelmate: update 2.1.0

net/travelmate/Makefile

@@ -6,8 +6,8 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=travelmate
-PKG_VERSION:=2.0.9
-PKG_RELEASE:=2
+PKG_VERSION:=2.1.0
+PKG_RELEASE:=1
 PKG_LICENSE:=GPL-3.0-or-later
 PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
 

net/travelmate/files/chs-hotel.login

@@ -1,6 +1,6 @@
 #!/bin/sh
 # captive portal auto-login script for chs hotels (DE)
-# Copyright (c) 2020-2021 Dirk Brenken (dev@brenken.org)
+# Copyright (c) 2020-2022 Dirk Brenken (dev@brenken.org)
 # This is free software, licensed under the GNU General Public License v3.
 
 # set (s)hellcheck exceptions
@@ -10,7 +10,6 @@
 
 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-set -o pipefail
 
 trm_domain="hotspot.internet-for-guests.com"
 trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0")"

net/travelmate/files/generic-user-pass.login

@@ -1,6 +1,6 @@
 #!/bin/sh
 # captive portal auto-login script template with credentials as parameters
-# Copyright (c) 2020-2021 Dirk Brenken (dev@brenken.org)
+# Copyright (c) 2020-2022 Dirk Brenken (dev@brenken.org)
 # This is free software, licensed under the GNU General Public License v3.
 
 # set (s)hellcheck exceptions
@@ -10,7 +10,6 @@
 
 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-set -o pipefail
 
 user="${1}"
 password="${2}"

net/travelmate/files/h-hotels.login

@@ -1,6 +1,6 @@
 #!/bin/sh
 # captive portal auto-login script for Telekom hotspots in h+hotels (DE)
-# Copyright (c) 2020-2021 Dirk Brenken (dev@brenken.org)
+# Copyright (c) 2020-2022 Dirk Brenken (dev@brenken.org)
 # This is free software, licensed under the GNU General Public License v3.
 
 # set (s)hellcheck exceptions
@@ -10,7 +10,6 @@
 
 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-set -o pipefail
 
 trm_domain="hotspot.t-mobile.net"
 trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0")"

net/travelmate/files/julianahoeve.login

@@ -1,6 +1,6 @@
 #!/bin/sh
 # captive portal auto-login script for Julianahoeve beach resort (NL)
-# Copyright (c) 2021 Dirk Brenken (dev@brenken.org)
+# Copyright (c) 2021-2022 Dirk Brenken (dev@brenken.org)
 # This is free software, licensed under the GNU General Public License v3.
 
 # set (s)hellcheck exceptions
@@ -10,7 +10,6 @@
 
 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-set -o pipefail
 
 trm_domain="n23.network-auth.com"
 trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0")"

net/travelmate/files/telekom.login

@@ -1,6 +1,6 @@
 #!/bin/sh
 # captive portal auto-login script for telekom hotspots (DE)
-# Copyright (c) 2021 Dirk Brenken (dev@brenken.org)
+# Copyright (c) 2021-2022 Dirk Brenken (dev@brenken.org)
 # This is free software, licensed under the GNU General Public License v3.
 
 # set (s)hellcheck exceptions
@@ -33,7 +33,6 @@ urlencode()
 
 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-set -o pipefail
 
 username="$(urlencode "${1}")"
 password="$(urlencode "${2}")"

net/travelmate/files/tplink-omada.login

@@ -0,0 +1,126 @@
+#!/bin/sh
+# captive portal auto-login script for TP-Link Omada (authType=0 only)
+# Copyright (c) 2022 Sebastian Muszynski <basti@linkt.de>
+# This is free software, licensed under the GNU General Public License v3
+
+# set (s)hellcheck exceptions
+# shellcheck disable=1091,2181,3037,3043,3057
+
+. "/lib/functions.sh"
+. "/usr/share/libubox/jshn.sh"
+
+urlencode()
+{
+	local chr str="${1}" len="${#1}" pos=0
+
+	while [ "${pos}" -lt "${len}" ]; do
+		chr="${str:pos:1}"
+		case "${chr}" in
+			[a-zA-Z0-9.~_-])
+				printf "%s" "${chr}"
+				;;
+			" ")
+				printf "%%20"
+				;;
+			*)
+				printf "%%%02X" "'${chr}"
+				;;
+		esac
+		pos=$((pos + 1))
+	done
+}
+
+urldecode()
+{
+	echo -e "$(sed 's/+/ /g;s/%\(..\)/\\x\1/g;')"
+}
+
+request_parameter()
+{
+	grep -oE "$1=[^&]+" | cut -d= -f2
+}
+
+export LC_ALL=C
+export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
+
+trm_captiveurl="$(uci_get travelmate global trm_captiveurl "http://detectportal.firefox.com")"
+trm_maxwait="$(uci_get travelmate global trm_maxwait "30")"
+trm_fetch="$(command -v curl) --connect-timeout $((trm_maxwait / 6)) --silent"
+
+raw_html="$(${trm_fetch} --show-error "${trm_captiveurl}")"
+
+if [ $? -ne 0 ];
+then
+	echo "The captive portal didn't respond"
+	exit 1
+fi
+
+if [ "$raw_html" = "success" ];
+then
+	echo "Internet access already available"
+	exit 0
+fi
+
+redirect_url=$(echo "$raw_html" | grep -oE 'location.href="[^\"]+"' | cut -d\" -f2)
+
+portal_baseurl=$(echo "$redirect_url" | cut -d/ -f1-4)
+client_mac=$(echo "$redirect_url" | request_parameter cid)
+ap_mac=$(echo "$redirect_url" | request_parameter ap)
+ssid=$(echo "$redirect_url" | request_parameter ssid | urldecode)
+radio_id=$(echo "$redirect_url" | request_parameter rid)
+url=$(echo "$redirect_url" | request_parameter u | urldecode)
+
+${trm_fetch} "${portal_baseurl}/pubKey" | jsonfilter -e '@.result.key' > /tmp/trm-omada-pub.key
+if [ $? -ne 0 ];
+then
+	exit 2
+fi
+
+json_init
+json_add_string "clientMac" "$client_mac"
+json_add_string "apMac" "$ap_mac"
+json_add_string "ssidName" "$ssid"
+json_add_int "radioId" "$radio_id"
+json_add_string "originUrl" "$url"
+json_close_object
+incomplete_auth_request="$(json_dump)"
+
+auth_type=$(${trm_fetch} "${portal_baseurl}/getPortalPageSetting" \
+	-H 'Accept: application/json' \
+	-H 'Content-Type: application/json' \
+	-H 'X-Requested-With: XMLHttpRequest' \
+	--data-raw "$incomplete_auth_request" | jsonfilter -e '@.result.authType')
+
+if [ "$auth_type" -ne 0 ];
+then
+	echo "Unsupported auth type: $auth_type"
+	exit 3
+fi
+
+aes_key=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 16)
+aes_key_hex=$(printf "%s" "$aes_key" | hexdump -e '16/1 "%02x"')
+aes_vi=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 16)
+aes_vi_hex=$(printf "%s" "$aes_vi" | hexdump -e '16/1 "%02x"')
+
+rsa_encrypted_aes_secrets=$(printf "%s" "${aes_key}${aes_vi}" | openssl rsautl -encrypt -pubin -inkey /tmp/trm-omada-pub.key | base64 -w 0)
+rsa_encrypted_aes_secrets_urlencoded=$(urlencode "$rsa_encrypted_aes_secrets")
+
+json_load "$incomplete_auth_request"
+json_add_int "authType" "$auth_type"
+json_close_object
+auth_request="$(json_dump)"
+
+aes_encrypted_auth_request="$(echo "$auth_request" | openssl enc -aes-128-cbc -K "$aes_key_hex" -iv "$aes_vi_hex" -a -A)"
+
+auth_response=$(${trm_fetch} "${portal_baseurl}/auth?key=$rsa_encrypted_aes_secrets_urlencoded" \
+	-H 'Content-Type: text/plain' \
+	-H 'X-Requested-With: XMLHttpRequest' \
+	--data-raw "$aes_encrypted_auth_request" \
+	--insecure)
+
+if echo "$auth_response" | grep -q '{"errorCode":0}';
+then
+	exit 0
+fi
+
+exit 255

net/travelmate/files/travelmate.init

@@ -1,5 +1,5 @@
 #!/bin/sh /etc/rc.common
-# Copyright (c) 2016-2021 Dirk Brenken (dev@brenken.org)
+# Copyright (c) 2016-2022 Dirk Brenken (dev@brenken.org)
 # This is free software, licensed under the GNU General Public License v3.
 
 # set (s)hellcheck exceptions

net/travelmate/files/travelmate.mail

@@ -1,6 +1,6 @@
 #!/bin/sh
 # send mail script for travelmate notifications
-# Copyright (c) 2020-2021 Dirk Brenken (dev@brenken.org)
+# Copyright (c) 2020-2022 Dirk Brenken (dev@brenken.org)
 # This is free software, licensed under the GNU General Public License v3.
 
 # set (s)hellcheck exceptions
@@ -12,7 +12,6 @@
 
 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-set -o pipefail
 
 trm_debug="$(uci_get travelmate global trm_debug "0")"
 trm_mailreceiver="$(uci_get travelmate global trm_mailreceiver)"

net/travelmate/files/travelmate.sh

@@ -8,14 +8,14 @@
 
 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-set -o pipefail
 
-trm_ver="2.0.9"
+trm_ver="2.1.0"
 trm_enabled="0"
 trm_debug="0"
 trm_iface=""
 trm_captive="1"
 trm_proactive="1"
+trm_vpn="1"
 trm_netcheck="0"
 trm_autoadd="0"
 trm_randomize="0"
@@ -28,11 +28,12 @@ trm_maxwait="30"
 trm_maxautoadd="5"
 trm_maxscan="10"
 trm_timeout="60"
-trm_opensta="0"
 trm_radio=""
 trm_connection=""
 trm_wpaflags=""
-trm_uplinkcfg=""
+trm_ovpninfolist=""
+trm_vpnifacelist=""
+trm_vpninfolist=""
 trm_rtfile="/tmp/trm_runtime.json"
 trm_wifi="$(command -v wifi)"
 trm_fetch="$(command -v curl)"
@@ -57,7 +58,7 @@ f_env() {
 		return
 	fi
 
-	unset trm_stalist trm_radiolist trm_uplinklist trm_vpnifacelist trm_uplinkcfg trm_wpaflags trm_activesta trm_opensta
+	unset trm_stalist trm_radiolist trm_uplinklist trm_uplinkcfg trm_activesta trm_opensta
 
 	trm_sysver="$(ubus -S call system board 2>/dev/null | jsonfilter -q -e '@.model' -e '@.release.description' |
 		awk 'BEGIN{RS="";FS="\n"}{printf "%s, %s",$1,$2}')"
@@ -70,6 +71,12 @@ f_env() {
 				local option="${1}" value="${2}"
 				eval "${option}=\"${value}\""
 			}
+			list_cb() {
+				local option="${1}" value="${2}"
+				if [ "${option}" = "trm_vpnifacelist" ]; then
+					eval "trm_vpnifacelist=\"$(printf "%s" "${trm_vpnifacelist}") ${value}\""
+				fi
+			}
 		elif [ "${name}" = "uplink" ]; then
 			if [ "$(uci_get "travelmate.${type}.opensta")" = "1" ]; then
 				eval "trm_opensta=\"$((${trm_opensta:-0} + 1))\""
@@ -93,6 +100,7 @@ f_env() {
 		/etc/init.d/travelmate stop
 	fi
 
+	if [ -z "${trm_wpaflags}" ]; then
 		wpa_checks="sae owe eap suiteb192"
 		for check in ${wpa_checks}; do
 			if [ -x "${trm_wpa}" ]; then
@@ -104,6 +112,7 @@ f_env() {
 			fi
 		done
 		trm_wpaflags="$(printf "%s" "${result}" | awk '{printf "%s %s, %s %s, %s %s, %s %s",$1,$2,$3,$4,$5,$6,$7,$8}')"
+	fi
 
 	config_load wireless
 	config_foreach f_setdev "wifi-device"
@@ -119,8 +128,10 @@ f_env() {
 		json_add_object "data"
 	fi
 	
+	if [ "${trm_vpn}" = "1" ] && [ -z "${trm_vpninfolist}" ]; then
 		config_load network
 		config_foreach f_getvpn "interface"
+	fi
 	f_log "debug" "f_env     ::: auto_sta: ${trm_opensta:-"-"}, wpa_flags: ${trm_wpaflags}, sys_ver: ${trm_sysver}"
 }
 
@@ -182,32 +193,41 @@ f_wifi() {
 # vpn helper function
 #
 f_vpn() {
-	local rc result iface vpn vpn_service vpn_iface vpn_status vpn_action="${1}"
+	local rc result info iface vpn vpn_service vpn_iface vpn_instance vpn_status vpn_action="${1}"
 
+	if  [ "${trm_vpn}" = "1" ] && [ -n "${trm_vpninfolist}" ]; then
 		vpn="$(f_getval "vpn")"
 		vpn_service="$(f_getval "vpnservice")"
 		vpn_iface="$(f_getval "vpniface")"
 
 		if [ ! -f "${trm_vpnfile}" ] || { [ -f "${trm_vpnfile}" ] && [ "${vpn_action}" = "enable" ]; }; then
-		for iface in ${trm_vpnifacelist}; do
+			for info in ${trm_vpninfolist}; do
+				iface="${info%%&&*}"
+				[ "${iface}" = "${info}" ] && vpn_instance="" || vpn_instance="${info##*&&}"
 				vpn_status="$(ifstatus "${iface}" | jsonfilter -q -l1 -e '@.up')"
 				if [ "${vpn_status}" = "true" ]; then
 					ifdown "${iface}"
-				f_log "info" "take down vpn interface '${iface}' (initial)"
+					if [ -x "/etc/init.d/openvpn" ] && [ -n "${vpn_instance}" ] && /etc/init.d/openvpn running "${vpn_instance}"; then
+						/etc/init.d/openvpn stop "${vpn_instance}"
+					fi
+					f_log "info" "take down vpn interface '${iface}/${vpn_instance:-"-"}' (initial)"
 				fi
 			done
-		[ -x "/etc/init.d/openvpn" ] && /etc/init.d/openvpn stop
 			if [ -f "/etc/init.d/sysntpd" ]; then
 				/etc/init.d/sysntpd restart >/dev/null 2>&1
 			fi
 			rm -f "${trm_vpnfile}"
 		elif [ "${vpn}" = "1" ] && [ -n "${vpn_iface}" ] && [ "${vpn_action}" = "enable_keep" ]; then
-		for iface in ${trm_vpnifacelist}; do
+			for info in ${trm_vpninfolist}; do
+				iface="${info%%&&*}"
+				[ "${iface}" = "${info}" ] && vpn_instance="" || vpn_instance="${info##*&&}" 
 				vpn_status="$(ifstatus "${iface}" | jsonfilter -q -l1 -e '@.up')"
 				if [ "${vpn_status}" = "true" ] && [ "${iface}" != "${vpn_iface}" ]; then
 					ifdown "${iface}"
-				[ -x "/etc/init.d/openvpn" ] && /etc/init.d/openvpn stop
-				f_log "info" "take down vpn interface '${iface}' (switch)"
+					if [ -x "/etc/init.d/openvpn" ] && [ -n "${vpn_instance}" ] && /etc/init.d/openvpn running "${vpn_instance}"; then
+						/etc/init.d/openvpn stop "${vpn_instance}"
+					fi
+					f_log "info" "take down vpn interface '${iface}/${vpn_instance:-"-"}' (switch)"
 					rm -f "${trm_vpnfile}"
 					break
 				fi
@@ -219,14 +239,22 @@ f_vpn() {
 				{ [ "${vpn}" != "1" ] && [ "${vpn_action%_*}" = "enable" ] && [ -f "${trm_vpnfile}" ]; }; }; then
 					result="$(f_net)"
 					if [ "${result}" = "net ok" ] || [ "${vpn_action}" = "disable" ]; then
-					f_log "info" "vpn call '${vpn:-"0"}/${vpn_action}/${vpn_service}/${vpn_iface}'"
-					"${trm_vpnpgm}" "${vpn:-"0"}" "${vpn_action%_*}" "${vpn_service}" "${vpn_iface}" >/dev/null 2>&1
+						for info in ${trm_vpninfolist}; do
+							iface="${info%%&&*}"
+							if [ "${iface}" = "${vpn_iface}" ]; then 
+								[ "${iface}" = "${info}" ] && vpn_instance="" || vpn_instance="${info##*&&}" 
+								break
+							fi
+						done
+						f_log "debug" "f_vpn     ::: vpn: ${vpn:-"0"}, action: ${vpn_action}, service: ${vpn_service}, iface: ${vpn_iface}, instance: ${vpn_instance}"
+						"${trm_vpnpgm}" "${vpn:-"0"}" "${vpn_action}" "${vpn_service}" "${vpn_iface}" "${vpn_instance}" >/dev/null 2>&1
 						rc="${?}"
 					fi
 			fi
 			[ -n "${rc}" ] && f_jsnup
 		fi
-	f_log "debug" "f_vpn    ::: enabled: ${vpn:-"-"}, action: ${vpn_action}, service: ${vpn_service:-"-"}, iface: ${vpn_iface:-"-"}, rc: ${rc:-"-"}"
+	fi
+	f_log "debug" "f_vpn     ::: vpn: ${trm_vpn:-"-"}, enabled: ${vpn:-"-"}, action: ${vpn_action}, service: ${vpn_service:-"-"}, iface: ${vpn_iface:-"-"}, instance: ${vpn_instance:-"-"}, infolist: ${trm_vpninfolist:-"-"}, result: ${result}, rc: ${rc:-"-"}"
 }
 
 # mac helper function
@@ -318,16 +346,71 @@ f_ctrack() {
 	f_log "debug" "f_ctrack  ::: action: ${action:-"-"}, uplink_config: ${trm_uplinkcfg:-"-"}"
 }
 
+# get openvpn information
+#
+f_getovpn() {
+	local file instance device
+
+	for file in /etc/openvpn/*.conf /etc/openvpn/*.ovpn; do
+		if [ -f "${file}" ]; then
+			instance="${file##*/}"
+			instance="${instance%.conf}"
+			instance="${instance%.ovpn}"
+			device="$(awk '/^[[:space:]]*dev /{print $2}' "${file}")"
+			[ "${device}" = "tun" ] && device="tun0"
+			[ "${device}" = "tap" ] && device="tap0"
+			if [ -n "${device}" ] && [ -n "${instance}" ] && ! printf "%s" "${trm_ovpninfolist}" | grep -q "${device}"; then
+				trm_ovpninfolist="${trm_ovpninfolist} ${device}&&${instance}"
+			fi
+		fi
+	done
+
+	uci_config() {
+		local device section="${1}"
+
+		device="$(uci_get "openvpn" "${section}" "dev")"
+		[ "${device}" = "tun" ] && device="tun0"
+		[ "${device}" = "tap" ] && device="tap0"
+		if [ -n "${device}" ] && ! printf "%s" "${trm_ovpninfolist}" | grep -q "${device}"; then
+			trm_ovpninfolist="${trm_ovpninfolist} ${device}&&${section}"
+		fi
+	}
+	if [ -f "/etc/config/openvpn" ]; then
+		config_load openvpn
+		config_foreach uci_config "openvpn"
+	fi
+	f_log "debug" "f_getovpn ::: ovpninfolist: ${trm_ovpninfolist:-"-"}"
+}
+
 # get logical vpn network interfaces
 #
 f_getvpn() {
-	local proto iface="${1}"
+	local info proto device iface="${1}"
 
 	proto="$(uci_get "network" "${iface}" "proto")"
-	if [ "${proto}" = "none" ] || [ "${proto}" = "wireguard" ]; then
-		trm_vpnifacelist="$(f_trim "${trm_vpnifacelist} ${iface}")"
+	device="$(uci_get "network" "${iface}" "device")"
+	if [ "${proto}" = "wireguard" ]; then
+		if { [ -z "${trm_vpnifacelist}" ] || printf "%s" "${trm_vpnifacelist}" | grep -q "${iface}"; }; then
+			if ! printf "%s" "${trm_vpninfolist}" | grep -q "${iface}"; then
+				trm_vpninfolist="$(f_trim "${trm_vpninfolist} ${iface}")"
 			fi
-	f_log "debug" "f_getvpn ::: interface: ${iface:-"-"}, protocol: ${proto:-"-"}, vpn_interfacelist: ${trm_vpnifacelist:-"-"}"
+		fi
+	elif [ "${proto}" = "none" ] && [ -n "${device}" ]; then
+		if [ -z "${trm_ovpninfolist}" ]; then
+			f_getovpn
+		fi
+		if { [ -z "${trm_vpnifacelist}" ] || printf "%s" "${trm_vpnifacelist}" | grep -q "${iface}"; }; then
+			for info in ${trm_ovpninfolist}; do
+				if [ "${info%%&&*}" = "${device}" ]; then
+					if ! printf "%s" "${trm_vpninfolist}" | grep -q "${iface}"; then
+						trm_vpninfolist="$(f_trim "${trm_vpninfolist} ${iface}&&${info##*&&}")"
+						break
+					fi
+				fi
+			done
+		fi
+	fi
+	f_log "debug" "f_getvpn  ::: iface: ${iface:-"-"}, proto: ${proto:-"-"}, device: ${device:-"-"}, ifacelist: ${trm_vpnifacelist:-"-"}, infolist: ${trm_vpninfolist:-"-"}"
 }
 
 # get wan gateway addresses
@@ -694,7 +777,7 @@ f_check() {
 # update runtime information
 #
 f_jsnup() {
-	local vpn section last_date last_station sta_iface sta_radio sta_essid sta_bssid sta_mac dev_status last_status status="${trm_ifstatus}" ntp_done="0" vpn_done="0" mail_done="0"
+	local vpn vpn_iface section last_date last_station sta_iface sta_radio sta_essid sta_bssid sta_mac dev_status last_status status="${trm_ifstatus}" ntp_done="0" vpn_done="0" mail_done="0"
 
 	if [ "${status}" = "true" ]; then
 		status="connected (${trm_connection:-"-"})"
@@ -707,7 +790,6 @@ f_jsnup() {
 			sta_bssid="$(uci_get "wireless" "${section}" "bssid")"
 			sta_mac="$(f_mac "get" "${section}")"
 			f_getcfg "${sta_radio}" "${sta_essid}" "${sta_bssid}"
-			vpn="$(f_getval "vpn")"
 		fi
 		json_get_var last_date "last_run"
 		json_get_var last_station "station_id"
@@ -720,6 +802,11 @@ f_jsnup() {
 				printf "%s" "${last_date}" >"${trm_ntpfile}"
 			fi
 		fi
+		vpn="$(f_getval "vpn")"
+		if  [ "${trm_vpn}" = "1" ] && [ -n "${trm_vpninfolist}" ] && [ "${vpn}" = "1" ] && [ -f "${trm_vpnfile}" ]; then
+			vpn_iface="$(f_getval "vpniface")"			
+			vpn_done="1"
+		fi
 	elif [ "${status}" = "error" ]; then
 		unset trm_connection
 		status="program error"
@@ -733,9 +820,6 @@ f_jsnup() {
 	if [ -s "${trm_ntpfile}" ]; then
 		ntp_done="1"
 	fi
-	if [ "${vpn}" = "1" ] && [ -f "${trm_vpnfile}" ]; then
-		vpn_done="1"
-	fi
 	if [ "${trm_mail}" = "1" ] && [ -f "${trm_mailfile}" ]; then
 		mail_done="1"
 	fi
@@ -743,7 +827,7 @@ f_jsnup() {
 	json_add_string "travelmate_version" "${trm_ver}"
 	json_add_string "station_id" "${sta_radio:-"-"}/${sta_essid:-"-"}/${sta_bssid:-"-"}"
 	json_add_string "station_mac" "${sta_mac:-"-"}"
-	json_add_string "station_interface" "${sta_iface:-"-"}"
+	json_add_string "station_interfaces" "${sta_iface:-"-"}, ${vpn_iface:-"-"}"
 	json_add_string "wpa_flags" "${trm_wpaflags:-"-"}"
 	json_add_string "run_flags" "captive: $(f_char ${trm_captive}), proactive: $(f_char ${trm_proactive}), netcheck: $(f_char ${trm_netcheck}), autoadd: $(f_char ${trm_autoadd}), randomize: $(f_char ${trm_randomize})"
 	json_add_string "ext_hooks" "ntp: $(f_char ${ntp_done}), vpn: $(f_char ${vpn_done}), mail: $(f_char ${mail_done})"
@@ -752,7 +836,7 @@ f_jsnup() {
 	json_dump >"${trm_rtfile}"
 
 	if [ "${status%% (net ok/*}" = "connected" ] && [ "${trm_mail}" = "1" ] && [ -x "${trm_mailpgm}" ] && [ "${ntp_done}" = "1" ] && [ "${mail_done}" = "0" ]; then
-		if [ "${vpn}" != "1" ] || [ "${vpn_done}" = "1" ]; then
+		if [ "${trm_vpn}" != "1" ] || [ "${vpn}" != "1" ] || [ -z "${trm_vpninfolist}" ] || [ "${vpn_done}" = "1" ]; then
 			: >"${trm_mailfile}"
 			"${trm_mailpgm}" >/dev/null 2>&1
 		fi

net/travelmate/files/travelmate.vpn

@@ -12,12 +12,12 @@
 
 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-set -o pipefail
 
 vpn="${1}"
 vpn_action="${2}"
 vpn_service="${3}"
 vpn_iface="${4}"
+vpn_instance="${5}"
 trm_maxwait="$(uci_get travelmate global trm_maxwait "30")"
 trm_captiveurl="$(uci_get travelmate global trm_captiveurl "http://detectportal.firefox.com")"
 trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0")"
@@ -35,10 +35,13 @@ f_net() {
 	printf "%s" "${result}"
 }
 
-vpn_status="$(ubus -S call network.interface."${vpn_iface}" status 2>/dev/null | jsonfilter -q -l1 -e '@.up')"
-if [ "${vpn}" = "1" ] && [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" != "true" ]; then
-	if [ "${vpn_service}" = "openvpn" ] && [ -x "/etc/init.d/openvpn" ]; then
-		/etc/init.d/openvpn start
+if [ "${vpn}" = "1" ] && [ "${vpn_action%_*}" = "enable" ]; then
+	if [ "${vpn_action}" = "enable_keep" ]; then
+		vpn_status="$(ubus -S call network.interface."${vpn_iface}" status 2>/dev/null | jsonfilter -q -l1 -e '@.up')"
+	fi
+	if [ "${vpn_action}" = "enable" ] || [ "${vpn_status}" != "true" ]; then
+		if [ "${vpn_service}" = "openvpn" ] && [ -n "${vpn_instance}" ] && [ -x "/etc/init.d/openvpn" ] && ! /etc/init.d/openvpn running "${vpn_instance}"; then
+			/etc/init.d/openvpn start "${vpn_instance}"
 		fi
 		ifup "${vpn_iface}"
 		cnt=0
@@ -48,27 +51,28 @@ if [ "${vpn}" = "1" ] && [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" !=
 				net_status="$(f_net)"
 				if [ "${net_status}" = "net ok" ]; then
 					: >"${trm_vpnfile}"
-				"${trm_logger}" -p "info" -t "trm-vpn  [${$}]" "${vpn_service} client connection enabled" 2>/dev/null
+					"${trm_logger}" -p "info" -t "trm-vpn  [${$}]" "${vpn_service} client connection enabled '${vpn_iface}/${vpn_instance:-"-"}'" 2>/dev/null
 					break
 				fi
 			fi
 			if [ "${cnt}" -ge "$((trm_maxwait / 3))" ]; then
 				ifdown "${vpn_iface}"
-			if [ "${vpn_service}" = "openvpn" ] && [ -x "/etc/init.d/openvpn" ]; then
-				/etc/init.d/openvpn stop
+				if [ "${vpn_service}" = "openvpn" ] && [ -n "${vpn_instance}" ] && [ -x "/etc/init.d/openvpn" ] && /etc/init.d/openvpn running "${vpn_instance}"; then
+					/etc/init.d/openvpn stop "${vpn_instance}"
 				fi
 				rm -f "${trm_vpnfile}"
-			"${trm_logger}" -p "info" -t "trm-vpn  [${$}]" "${vpn_service} client connection can't be established" 2>/dev/null
-			exit 1
+				"${trm_logger}" -p "info" -t "trm-vpn  [${$}]" "${vpn_service} client connection can't be established '${vpn_iface}/${vpn_instance:-"-"}'" 2>/dev/null
+				return 1
 			fi
 			sleep 1
 			cnt="$((cnt + 1))"
 		done
-elif { [ "${vpn}" != "1" ] && [ "${vpn_action}" = "enable" ]; } || [ "${vpn_action}" = "disable" ]; then
+	fi
+elif { [ "${vpn}" != "1" ] && [ "${vpn_action%_*}" = "enable" ]; } || [ "${vpn_action}" = "disable" ]; then
 	ifdown "${vpn_iface}"
-	if [ "${vpn_service}" = "openvpn" ] && [ -x "/etc/init.d/openvpn" ]; then
-		/etc/init.d/openvpn stop
+	if [ "${vpn_service}" = "openvpn" ] && [ -n "${vpn_instance}" ] && [ -x "/etc/init.d/openvpn" ] && /etc/init.d/openvpn running "${vpn_instance}"; then
+		/etc/init.d/openvpn stop "${vpn_instance}"
 	fi
 	rm -f "${trm_vpnfile}"
-	"${trm_logger}" -p "info" -t "trm-vpn  [${$}]" "${vpn_service} client connection disabled" 2>/dev/null
+	"${trm_logger}" -p "info" -t "trm-vpn  [${$}]" "${vpn_service} client connection disabled '${vpn_iface}/${vpn_instance:-"-"}'" 2>/dev/null
 fi

net/travelmate/files/travelmate_ntp.hotplug

@@ -1,6 +1,6 @@
 #!/bin/sh
 # ntp hotplug script for travelmate
-# Copyright (c) 2020-2021 Dirk Brenken (dev@brenken.org)
+# Copyright (c) 2020-2022 Dirk Brenken (dev@brenken.org)
 # This is free software, licensed under the GNU General Public License v3.
 
 # set (s)hellcheck exceptions

net/travelmate/files/vodafone.login

@@ -1,6 +1,6 @@
 #!/bin/sh
 # captive portal auto-login script for vodafone hotspots (DE)
-# Copyright (c) 2021 Dirk Brenken (dev@brenken.org)
+# Copyright (c) 2021-2022 Dirk Brenken (dev@brenken.org)
 # This is free software, licensed under the GNU General Public License v3.
 
 # set (s)hellcheck exceptions
@@ -10,7 +10,6 @@
 
 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-set -o pipefail
 
 username="${1}"
 password="${2}"

net/travelmate/files/wifibahn.login

@@ -1,6 +1,6 @@
 #!/bin/sh
 # captive portal auto-login script for bahn hotspots (DE)
-# Copyright (c) 2020-2021 Dirk Brenken (dev@brenken.org)
+# Copyright (c) 2020-2022 Dirk Brenken (dev@brenken.org)
 # This is free software, licensed under the GNU General Public License v3.
 
 # set (s)hellcheck exceptions
@@ -10,7 +10,6 @@
 
 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-set -o pipefail
 
 trm_domain="wifi.bahn.de"
 trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0")"