enhancement: Cleanup on shutdown respects if bridge already existed

Salvoxia · Salvoxia · commit 06081a64d860 · 2025-01-25T20:30:38.000+01:00
diff --git a/bin/ovpn_run b/bin/ovpn_run
@@ -73,11 +73,17 @@ if [ $OVPN_DEVICE == "tap" ]; then
     # check if bridge already exists; create if not
     if [ $(ip link show | grep -c $OVPN_BR_BR:) -eq 0 ]; then
         brctl addbr $OVPN_BR_BR
+    else
+        # Remember the bridge alread existed at startup
+        touch /tmp/bridge_existed
     fi
     
     # check if $OVPN_BR_ETH_IF is already added to bridge; add if not
     if [ $(brctl show $OVPN_BR_BR | grep -c $OVPN_BR_ETH_IF) -eq 0 ]; then
         brctl addif $OVPN_BR_BR $OVPN_BR_ETH_IF
+    else
+        # Remember the interface was already part of the bridge at startup
+        touch /tmp/if_belonged_to_bridge
     fi
     
     # check if openvpn device is already added to bridge; add if not
@@ -169,31 +175,47 @@ cleanup()
         echo 'Removing iptables rules'
         $IPTABLES_CMD -D INPUT -i $OVPN_BR_BR -j ACCEPT
         $IPTABLES_CMD -D FORWARD -i $OVPN_BR_BR -j ACCEPT
-
-        echo 'Shuttdown down bridge'
-        ifconfig $OVPN_BR_BR down
-
-        echo 'Deleting bridge'
-        # check if bridge already exists; create if not
-        if [ $(ip link show | grep -c $OVPN_BR_BR:) -eq 1 ]; then
-            brctl delbr $OVPN_BR_BR
-        fi
         
+        # This means that the bridge already existed and our interface to bridge
+        if test -f "/tmp/if_belonged_to_bridge"; then
+            rm /tmp/if_belonged_to_bridge
+            # Nothing to do in terms of bridge management
+        else
+            # Remove eth device from bridge
+            brctl delif $OVPN_BR_BR $OVPN_BR_ETH_IF
+
+            # Remove OpenVPN device from bridge
+            brctl delif $OVPN_BR_BR $OVPN_DEVICE$OVPN_DEVICEN
+
+            if test -f "/tmp/bridge_existed"; then
+                rm /tmp/bridge_existed
+
+                echo 'Shuttdown down bridge'
+                ifconfig $OVPN_BR_BR down
+
+                echo 'Deleting bridge'
+                # check if bridge already exists; create if not
+                if [ $(ip link show | grep -c $OVPN_BR_BR:) -eq 1 ]; then
+                    brctl delbr $OVPN_BR_BR
+                fi
+            fi
+
+            echo 'setting IP, subnet and broadcast address for physical device'
+            ifconfig $OVPN_BR_ETH_IF $OVPN_BR_ETH_IP netmask $OVPN_BR_ETH_SUBNET broadcast $OVPN_BR_ETH_BROADCAST
+
+            echo 'checking if default gateway needs to be added for pyhsical device'
+            if [ $(route | grep -c -Eo "^default\s+$OVPN_BR_ETH_GATEWAY.+$OVPN_BR_ETH_IF$") -eq 0 ]; then
+                route add default gw $OVPN_BR_ETH_GATEWAY $OVPN_BR_ETH_IF
+            fi
+        fi
+
         echo 'Removing tap device'
         if [ $(ip link show | grep -c $OVPN_DEVICE$OVPN_DEVICEN:) -eq 1 ]; then
             ifconfig $OVPN_DEVICE$OVPN_DEVICEN down
             openvpn --rmtun --dev $OVPN_DEVICE$OVPN_DEVICEN
         fi
         
         $IPTABLES_CMD -D INPUT -i $OVPN_DEVICE$OVPN_DEVICEN -j ACCEPT
-
-        echo 'setting IP, subnet and broadcast address for physical device'
-        ifconfig $OVPN_BR_ETH_IF $OVPN_BR_ETH_IP netmask $OVPN_BR_ETH_SUBNET broadcast $OVPN_BR_ETH_BROADCAST
-
-        echo 'checking if default gateway needs to be added for pyhsical device'
-        if [ $(route | grep -c -Eo "^default\s+$OVPN_BR_ETH_GATEWAY.+$OVPN_BR_ETH_IF$") -eq 0 ]; then
-            route add default gw $OVPN_BR_ETH_GATEWAY $OVPN_BR_ETH_IF
-        fi
     fi
 }
 
