From 15bad1bd561ec8da6459dd653a55dfbc84e49272 Mon Sep 17 00:00:00 2001 From: coolsnowwolf Date: Mon, 1 Jul 2024 12:46:16 +0800 Subject: [PATCH] travelmate: bump version --- net/travelmate/Makefile | 8 +- net/travelmate/files/README.md | 71 +- net/travelmate/files/chs-hotel.login | 44 +- net/travelmate/files/db-bahn.login | 65 - net/travelmate/files/generic-user-pass.login | 30 +- net/travelmate/files/h-hotels.login | 50 +- net/travelmate/files/hreward.login | 77 + net/travelmate/files/julianahoeve.login | 35 + net/travelmate/files/telekom.login | 55 + net/travelmate/files/tplink-omada.login | 126 ++ net/travelmate/files/travelmate.conf | 1 - net/travelmate/files/travelmate.init | 145 +- net/travelmate/files/travelmate.mail | 51 +- net/travelmate/files/travelmate.sh | 1370 +++++++++--------- net/travelmate/files/travelmate.vpn | 179 +-- net/travelmate/files/travelmate_ntp.hotplug | 29 +- net/travelmate/files/vodafone.login | 51 + net/travelmate/files/wifibahn.login | 36 + net/travelmate/files/wifionice.login | 41 - 19 files changed, 1320 insertions(+), 1144 deletions(-) delete mode 100755 net/travelmate/files/db-bahn.login create mode 100755 net/travelmate/files/hreward.login create mode 100755 net/travelmate/files/julianahoeve.login create mode 100755 net/travelmate/files/telekom.login create mode 100755 net/travelmate/files/tplink-omada.login create mode 100755 net/travelmate/files/vodafone.login create mode 100755 net/travelmate/files/wifibahn.login delete mode 100755 net/travelmate/files/wifionice.login diff --git a/net/travelmate/Makefile b/net/travelmate/Makefile index e98999fb..8747c030 100644 --- a/net/travelmate/Makefile +++ b/net/travelmate/Makefile @@ -1,13 +1,13 @@ # -# Copyright (c) 2016-2021 Dirk Brenken (dev@brenken.org) +# Copyright (c) 2016-2024 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. # include $(TOPDIR)/rules.mk PKG_NAME:=travelmate -PKG_VERSION:=2.0.3 -PKG_RELEASE:=1 +PKG_VERSION:=2.1.2 +PKG_RELEASE:=6 PKG_LICENSE:=GPL-3.0-or-later PKG_MAINTAINER:=Dirk Brenken @@ -17,7 +17,7 @@ define Package/travelmate SECTION:=net CATEGORY:=Network TITLE:=A wlan connection manager for travel router - DEPENDS:=+iwinfo +jshn +jsonfilter +curl +ca-bundle + DEPENDS:=+iwinfo +jshn +jsonfilter +curl +ca-bundle +rpcd +rpcd-mod-rpcsys PKGARCH:=all endef diff --git a/net/travelmate/files/README.md b/net/travelmate/files/README.md index b8079e39..1b1f065a 100644 --- a/net/travelmate/files/README.md +++ b/net/travelmate/files/README.md @@ -32,7 +32,7 @@ To avoid these kind of deadlocks, travelmate will set all station interfaces to * status & debug logging to syslog ## Prerequisites -* [OpenWrt](https://openwrt.org), only compatible with the forthcoming stable 20.x or the latest OpenWrt snapshot +* [OpenWrt](https://openwrt.org), tested/compatible with current stable 23.x and latest OpenWrt snapshot * 'dnsmasq' as dns backend * 'iwinfo' for wlan scanning * 'curl' for connection checking and all kinds of captive portal magic, e.g. cp detection and auto-logins @@ -43,9 +43,8 @@ To avoid these kind of deadlocks, travelmate will set all station interfaces to ## Installation & Usage * **Please note:** before you start with travelmate ... - * you should setup at least one Access Point, ideally on a separate radio, - * if you're updating from a former 1.x release, please use the '--force-reinstall --force-maintainer' options in opkg, - * and remove any existing travelmate related uplink stations in your wireless config manually + * setup at least one AP, ideally on a separate radio + * if you're using a single radio unit set the AP channel to 'auto' * download [travelmate](https://downloads.openwrt.org/snapshots/packages/x86_64/packages) * download [luci-app-travelmate](https://downloads.openwrt.org/snapshots/packages/x86_64/luci) * install both packages (_opkg install travelmate_, _opkg install luci-app-travelmate_) @@ -55,7 +54,7 @@ To avoid these kind of deadlocks, travelmate will set all station interfaces to * happy traveling ... ## Travelmate config options -* usually the pre-configured travelmate setup works quite well and no manual config overrides are needed, all listed options apply to the 'global' section: +* usually the pre-configured travelmate setup works quite well and no manual config overrides are needed, all listed options apply to the 'global' section: | Option | Default | Description/Valid Values | | :----------------- | :--------------------------------- | :---------------------------------------------------------------------------------------------------- | @@ -73,21 +72,20 @@ To avoid these kind of deadlocks, travelmate will set all station interfaces to | trm_minquality | 35 | minimum signal quality threshold as percent for conditional uplink (dis-) connections | | trm_maxwait | 30 | how long should travelmate wait for a successful wlan uplink connection | | trm_timeout | 60 | overall retry timeout in seconds | -| trm_scanbuffer | 1024 | buffer size in bytes to prepare nearby scan results | -| trm_captiveurl | http://captive.apple.com | four pre-configured provider URLs that will be used for connectivity- and captive portal checks | -| trm_useragent | Mozilla/5.0 (X11; Linux x86_64... | five pre-configured user agents that will be used for connectivity- and captive portal checks | +| trm_maxautoadd | 5 | limit the max. number of automatically added open uplinks. To disable this limitation set it to '0' | +| trm_captiveurl | http://detectportal.firefox.com | pre-configured provider URLs that will be used for connectivity- and captive portal checks | +| trm_useragent | Mozilla/5.0 ... | pre-configured user agents that will be used for connectivity- and captive portal checks | | trm_nice | 0, normal priority | change the priority of the travelmate background processing | -| trm_vpn | 0, disabled | automatically handle VPN (re-) connections | -| trm_vpnservice | -, not set | reference the already configured 'wireguard' or 'openvpn' client instance as vpn provider | -| trm_vpniface | -, not set | the logical vpn interface, e.g. 'wg0' or 'tun0' | -| trm_laniface | -, not set | the logical lan network interface, e.g. 'br-lan' | | trm_mail | 0, disabled | sends notification e-mails after every succesful uplink connect | | trm_mailreceiver | -, not set | e-mail receiver address for travelmate notifications | | trm_mailsender | no-reply@travelmate | e-mail sender address for travelmate notifications | | trm_mailtopic | travelmate connection to '' | topic for travelmate notification E-Mails | | trm_mailprofile | trm_notify | profile used by 'msmtp' for travelmate notification E-Mails | +| trm_stdvpnservice | -, not set | standard vpn service which will be automatically added to new STA profiles | +| trm_stdvpniface | -, not set | standard vpn interface which will be automatically added to new STA profiles | -* per uplink exist an additional 'uplink' section in the travelmate config, with the following options: + +* per uplink exist an additional 'uplink' section in the travelmate config, with the following options: | Option | Default | Description/Valid Values | | :----------------- | :--------------------------------- | :---------------------------------------------------------------------------------------------------- | @@ -101,15 +99,25 @@ To avoid these kind of deadlocks, travelmate will set all station interfaces to | con_end_expiry | 0, disabled | automatically (re-)enable the uplink after n minutes, e.g. after failed login attempts | | script | -, not set | reference to an external auto login script for captive portals | | script_args | -, not set | optional runtime args for the auto login script | - +| macaddr | -, not set | use a specified MAC address for the uplink +| vpn | 0, disabled | automatically handle VPN (re-) connections | +| vpnservice | -, not set | reference the already configured 'wireguard' or 'openvpn' client instance as vpn provider | +| vpniface | -, not set | the logical vpn interface, e.g. 'wg0' or 'tun0' | + ## VPN client setup -Please follow one of the following guides to get a working vpn client setup on your travel router: +Please read one of the following guides to get a working vpn client setup on your travel router: * [Wireguard client setup guide](https://openwrt.org/docs/guide-user/services/vpn/wireguard/client) -* [OpenVPN client setup guide](https://openwrt.org/docs/guide-user/services/vpn/openvpn/client) +* [OpenVPN client setup guide](https://openwrt.org/docs/guide-user/services/vpn/openvpn/client-luci) -Once your vpn client connection is running, you can reference to that setup in travelmate to handle VPN (re-) connections automatically. +**Please note:** Make sure to uncheck the "Bring up on boot" option during vpn interface setup, so that netifd doesn't interfere with travelmate. +Also please prevent potential vpn protocol autostarts, e.g. add in newer openvpn uci configs an additional 'globals' section: +

+config globals 'globals'
+        option autostart '0'
+
+Once your vpn client connection setup is correct, you can reference to that config in travelmate to handle VPN (re-) connections automatically. ## E-Mail setup To use E-Mail notifications you have to setup the package 'msmtp'. @@ -135,11 +143,14 @@ password zzz Finally enable E-Mail support in travelmate and add a valid E-Mail receiver address. ## Captive Portal auto-logins -For automated captive portal logins you can reference an external shell script per uplink. All login scripts should be executable and located in '/etc/travelmate' with the extension '.login'. Currently the package ships five ready to run auto-login scripts: - * 'wifionice.login' for german ICE hotspots +For automated captive portal logins you can reference an external shell script per uplink. All login scripts should be executable and located in '/etc/travelmate' with the extension '.login'. The package ships multiple ready to run auto-login scripts: + * 'wifionice.login' for ICE hotspots (DE) * 'db-bahn.login' for german DB railway hotspots via portal login API (still WIP, only tested at Hannover central station) * 'chs-hotel.login' for german chs hotels - * 'h-hotels.login' for Telekom hotspots in german h+hotels + * 'h-hotels.login' for Telekom hotspots in h+hotels (DE) + * 'julianahoeve.login' for Julianahoeve beach resort (NL) + * 'telekom.login' for telekom hotspots (DE) + * 'vodafone.login' for vodafone hotspots (DE) * 'generic-user-pass.login' a template to demonstrate the optional parameter handling in login scripts A typical and successful captive portal login looks like this: @@ -157,18 +168,18 @@ Hopefully more scripts for different captive portals will be provided by the com **receive travelmate runtime information:** 

-root@2go_ar750s:~# /etc/init.d/travelmate status
+root@2go:~# /etc/init.d/travelmate status
 ::: travelmate runtime information
-  + travelmate_status  : connected (net ok/100)
-  + travelmate_version : 2.0.0
-  + station_id         : radio1/WIFIonICE/-
-  + station_mac        : B2:9D:F5:96:86:A4
-  + station_interface  : trm_wwan
+  + travelmate_status  : connected (net ok/51)
+  + travelmate_version : 2.1.1
+  + station_id         : radio0/403 Forbidden/00:0C:46:24:50:00
+  + station_mac        : 94:83:C4:24:0E:4F
+  + station_interfaces : trm_wwan, wg0
   + wpa_flags          : sae: ✔, owe: ✔, eap: ✔, suiteb192: ✔
   + run_flags          : captive: ✔, proactive: ✔, netcheck: ✘, autoadd: ✘, randomize: ✔
-  + ext_hooks          : ntp: ✔, vpn: ✘, mail: ✘
-  + last_run           : 2020.09.10-15:21:19
-  + system             : GL.iNet GL-AR750S (NOR/NAND), OpenWrt SNAPSHOT r14430-2dda301d40
+  + ext_hooks          : ntp: ✔, vpn: ✔, mail: ✘
+  + last_run           : 2023.10.21-14:29:14
+  + system             : GL.iNet GL-A1300, OpenWrt SNAPSHOT r24187-bb8fd41f9a
To debug travelmate runtime problems, please always enable the 'trm\_debug' flag, restart travelmate and check the system log afterwards (_logread -e "trm-"_) @@ -178,7 +189,7 @@ Please join the travelmate discussion in this [forum thread](https://forum.lede- ## Removal * stop the travelmate daemon with _/etc/init.d/travelmate stop_ -* optional: remove the travelmate package (_opkg remove luci-app-travelmate_, _opkg remove travelmate_) +* remove the travelmate package (_opkg remove luci-app-travelmate_, _opkg remove travelmate_) Have fun! Dirk diff --git a/net/travelmate/files/chs-hotel.login b/net/travelmate/files/chs-hotel.login index 3b23f467..842c2a31 100755 --- a/net/travelmate/files/chs-hotel.login +++ b/net/travelmate/files/chs-hotel.login @@ -1,43 +1,31 @@ #!/bin/sh -# captive portal auto-login script for german chs hotels -# Copyright (c) 2020 Dirk Brenken (dev@brenken.org) +# captive portal auto-login script for chs hotels (DE) +# Copyright (c) 2020-2022 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. # set (s)hellcheck exceptions -# shellcheck disable=1091,2016,2039,2059,2086,2143,2181,2188 +# shellcheck disable=1091,2181,3040 + +. "/lib/functions.sh" export LC_ALL=C export PATH="/usr/sbin:/usr/bin:/sbin:/bin" -set -o pipefail - -if [ "$(uci_get 2>/dev/null; printf "%u" "${?}")" = "127" ] -then - . "/lib/functions.sh" -fi trm_domain="hotspot.internet-for-guests.com" -trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0")" +trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0")" trm_maxwait="$(uci_get travelmate global trm_maxwait "30")" trm_fetch="$(command -v curl)" -# initial get request to receive & extract valid security tokens +# get security tokens # -"${trm_fetch}" --user-agent "${trm_useragent}" --referer "http://www.example.com" --silent --connect-timeout $((trm_maxwait/6)) --cookie-jar "/tmp/${trm_domain}.cookie" --output /dev/null "https://${trm_domain}/logon/cgi/index.cgi" -if [ -r "/tmp/${trm_domain}.cookie" ] -then - lg_id="$(awk '/LGNSID/{print $7}' "/tmp/${trm_domain}.cookie")" - ta_id="$(awk '/ta_id/{print $7}' "/tmp/${trm_domain}.cookie")" - cl_id="$(awk '/cl_id/{print $7}' "/tmp/${trm_domain}.cookie")" - rm -f "/tmp/${trm_domain}.cookie" -else - exit 2 -fi +"${trm_fetch}" --user-agent "${trm_useragent}" --referer "http://www.example.com" --silent --connect-timeout $((trm_maxwait / 6)) --cookie-jar "/tmp/${trm_domain}.cookie" --output /dev/null "https://${trm_domain}/logon/cgi/index.cgi" +lg_id="$(awk '/LGNSID/{print $7}' "/tmp/${trm_domain}.cookie" 2>/dev/null)" +ta_id="$(awk '/ta_id/{print $7}' "/tmp/${trm_domain}.cookie" 2>/dev/null)" +cl_id="$(awk '/cl_id/{print $7}' "/tmp/${trm_domain}.cookie" 2>/dev/null)" +rm -f "/tmp/${trm_domain}.cookie" +{ [ -z "${lg_id}" ] || [ -z "${ta_id}" ] || [ -z "${cl_id}" ]; } && exit 1 -# final post request/login with valid session cookie/security token +# final login request # -if [ -n "${lg_id}" ] && [ -n "${ta_id}" ] && [ -n "${cl_id}" ] -then - "${trm_fetch}" --user-agent "${trm_useragent}" --referer "https://${trm_domain}/logon/cgi/index.cgi" --silent --connect-timeout $((trm_maxwait/6)) --header "Cookie: LGNSID=${lg_id}; lang=en_US; use_mobile_interface=0; ta_id=${ta_id}; cl_id=${cl_id}" --data "accept_termsofuse=&freeperperiod=1&device_infos=1125:2048:1152:2048" --output /dev/null "https://${trm_domain}/logon/cgi/index.cgi" -else - exit 3 -fi +"${trm_fetch}" --user-agent "${trm_useragent}" --referer "https://${trm_domain}/logon/cgi/index.cgi" --silent --connect-timeout $((trm_maxwait / 6)) --header "Cookie: LGNSID=${lg_id}; lang=en_US; use_mobile_interface=0; ta_id=${ta_id}; cl_id=${cl_id}" --data "accept_termsofuse=&freeperperiod=1&device_infos=1125:2048:1152:2048" --output /dev/null "https://${trm_domain}/logon/cgi/index.cgi" +[ "${?}" = "0" ] && exit 0 || exit 255 diff --git a/net/travelmate/files/db-bahn.login b/net/travelmate/files/db-bahn.login deleted file mode 100755 index a0ab505b..00000000 --- a/net/travelmate/files/db-bahn.login +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/sh -# captive portal auto-login script for german DB hotspots via portal login API -# Copyright (c) 2020 Dirk Brenken (dev@brenken.org) -# This is free software, licensed under the GNU General Public License v3. - -# set (s)hellcheck exceptions -# shellcheck disable=1091,2016,2039,2059,2086,2143,2181,2188 - -export LC_ALL=C -export PATH="/usr/sbin:/usr/bin:/sbin:/bin" -set -o pipefail - -if [ "$(uci_get 2>/dev/null; printf "%u" "${?}")" = "127" ] -then - . "/lib/functions.sh" -fi - -trm_domain="wifi.bahn.de" -trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0")" -trm_maxwait="$(uci_get travelmate global trm_maxwait "30")" -trm_fetch="$(command -v curl)" - -# initial get request to receive all header information -# -"${trm_fetch}" --user-agent "${trm_useragent}" --referer "http://www.example.com" --silent --connect-timeout $((trm_maxwait/6)) --include --cookie-jar "/tmp/${trm_domain}.cookie" --output /dev/null "http://${trm_domain}" - -# extract the session cookie and the hotspot location -# -if [ -s "/tmp/${trm_domain}.cookie" ] -then - sec_token="$(awk 'BEGIN{FS="[ ;]"}/^Set-Cookie:/{print $2}' "/tmp/${trm_domain}.cookie")" - location="$(awk '/^Location:/{print $2}' "/tmp/${trm_domain}.cookie")" - rm -f "/tmp/${trm_domain}.cookie" -else - exit 2 -fi - -# post request to subscribe to the portal API -# -if [ -n "${sec_token}" ] && [ -n "${location}" ] -then - "${trm_fetch}" --user-agent "${trm_useragent}" --referer "${location}" --silent --connect-timeout $((trm_maxwait/6)) --include --cookie-jar "/tmp/${trm_domain}.cookie" --header "Cookie: ${sec_token}" --data "action=subscribe&type=one&connect_policy_accept=false&user_login=&user_password=&user_password_confirm=&email_address=&prefix=&phone=&policy_accept=false&gender=&interests=" --output /dev/null "https://${trm_domain}/portal_api.php" -else - exit 3 -fi - -# extract additional login and password information from the portal API -# -if [ -s "/tmp/${trm_domain}.cookie" ] -then - login="$(awk 'BEGIN{FS="[\"]"}/^\{\"info/{print $12}' "/tmp/${trm_domain}.cookie")" - password="$(awk 'BEGIN{FS="[\"]"}/^\{\"info/{print $16}' "/tmp/${trm_domain}.cookie")" - rm -f "/tmp/${trm_domain}.cookie" -else - exit 4 -fi - -# final post request to authenticate to the portal API -# -if [ -n "${login}" ] && [ -n "${password}" ] -then - "${trm_fetch}" --user-agent "${trm_useragent}" --referer "${location}" --silent --connect-timeout $((trm_maxwait/6)) --header "Cookie: ${sec_token}" --data "action=authenticate&login=${login}&password=${password}&policy_accept=false&from_ajax=true&wispr_mode=false" "https://${trm_domain}/portal_api.php" -else - exit 5 -fi diff --git a/net/travelmate/files/generic-user-pass.login b/net/travelmate/files/generic-user-pass.login index 60c3b5a9..f9559906 100755 --- a/net/travelmate/files/generic-user-pass.login +++ b/net/travelmate/files/generic-user-pass.login @@ -1,35 +1,25 @@ #!/bin/sh # captive portal auto-login script template with credentials as parameters -# Copyright (c) 2020 Dirk Brenken (dev@brenken.org) +# Copyright (c) 2020-2022 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. # set (s)hellcheck exceptions -# shellcheck disable=1091,2016,2039,2059,2086,2143,2181,2188 +# shellcheck disable=1091,2039,3040 + +. "/lib/functions.sh" export LC_ALL=C export PATH="/usr/sbin:/usr/bin:/sbin:/bin" -set -o pipefail - -if [ "$(uci_get 2>/dev/null; printf "%u" "${?}")" = "127" ] -then - . "/lib/functions.sh" -fi - -trm_domain="example.com" -trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0")" -trm_maxwait="$(uci_get travelmate global trm_maxwait "30")" -trm_fetch="$(command -v curl)" user="${1}" password="${2}" success="Thank you!" +trm_domain="example.com" +trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0")" +trm_maxwait="$(uci_get travelmate global trm_maxwait "30")" +trm_fetch="$(command -v curl)" # login with credentials # -response="$("${trm_fetch}" --user-agent "${trm_useragent}" --referer "http://www.example.com" --silent --connect-timeout $((trm_maxwait/6)) --data "username=${user}&password=${password}" --header "Content-Type:application/x-www-form-urlencoded" "http://${trm_domain}")" -if [ -n "$(printf "%s" "${response}" | grep "${success}")" ] -then - exit 0 -else - exit 2 -fi +raw_html="$("${trm_fetch}" --user-agent "${trm_useragent}" --referer "http://www.example.com" --connect-timeout $((trm_maxwait / 6)) --silent --show-error --header "Content-Type:application/x-www-form-urlencoded" --data "username=${user}&password=${password}" "http://${trm_domain}")" +[ -z "${raw_html##*${success}*}" ] && exit 0 || exit 255 diff --git a/net/travelmate/files/h-hotels.login b/net/travelmate/files/h-hotels.login index a72e217f..6cbc1734 100755 --- a/net/travelmate/files/h-hotels.login +++ b/net/travelmate/files/h-hotels.login @@ -1,43 +1,39 @@ #!/bin/sh -# captive portal auto-login script for Telekom hotspots in german h+hotels -# Copyright (c) 2020 Dirk Brenken (dev@brenken.org) +# captive portal auto-login script for hotspots in h+hotels (DE) +# Copyright (c) 2020-2024 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. # set (s)hellcheck exceptions -# shellcheck disable=1091,2016,2039,2059,2086,2143,2181,2188 +# shellcheck disable=all + +. "/lib/functions.sh" export LC_ALL=C export PATH="/usr/sbin:/usr/bin:/sbin:/bin" -set -o pipefail -if [ "$(uci_get 2>/dev/null; printf "%u" "${?}")" = "127" ] -then - . "/lib/functions.sh" +trm_domain="hotspot.netcontrol365.com" +if ! nslookup "${trm_domain}" >/dev/null 2>&1; then + trm_domain="hotspot.t-mobile.net" + if ! nslookup "${trm_domain}" >/dev/null 2>&1; then + exit 1 + fi fi -trm_domain="hotspot.t-mobile.net" -trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0")" +trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0")" trm_maxwait="$(uci_get travelmate global trm_maxwait "30")" trm_fetch="$(command -v curl)" -# initial get request to receive & extract valid security tokens -# -"${trm_fetch}" --user-agent "${trm_useragent}" --referer "http://www.example.com" --silent --connect-timeout $((trm_maxwait/6)) --cookie-jar "/tmp/${trm_domain}.cookie" --output /dev/null "https://${trm_domain}/wlan/rest/freeLogin" -if [ -r "/tmp/${trm_domain}.cookie" ] -then - ses_id="$(awk '/JSESSIONID/{print $7}' "/tmp/${trm_domain}.cookie")" - sec_id="$(awk '/DT_H/{print $7}' "/tmp/${trm_domain}.cookie")" - dev_id="$(sha256sum /etc/config/wireless | awk '{printf "%s",substr($1,1,13)}')" +if [ "${trm_domain}" = "hotspot.netcontrol365.com" ]; then + raw_html="$("${trm_fetch}" --user-agent "${trm_useragent}" --referer "http://www.example.com" --connect-timeout $((trm_maxwait / 6)) --silent --show-error --header "Content-Type:application/x-www-form-urlencoded" --data "dst=&popup=false&username=hhotel&accept=on&login=" --output /dev/null "http://${trm_domain}/login")" + [ -z "${raw_html}" ] && exit 0 || exit 255 +else + "${trm_fetch}" --user-agent "${trm_useragent}" --referer "http://www.example.com" --silent --connect-timeout $((trm_maxwait / 6)) --cookie-jar "/tmp/${trm_domain}.cookie" --output /dev/null "https://${trm_domain}/wlan/rest/freeLogin" + ses_id="$(awk '/JSESSIONID/{print $7}' "/tmp/${trm_domain}.cookie" 2>/dev/null)" + sec_id="$(awk '/DT_H/{print $7}' "/tmp/${trm_domain}.cookie" 2>/dev/null)" + dev_id="$(sha256sum /etc/config/wireless 2>/dev/null | awk '{printf "%s",substr($1,1,13)}' 2>/dev/null)" rm -f "/tmp/${trm_domain}.cookie" -else - exit 2 -fi + { [ -z "${ses_id}" ] || [ -z "${sec_id}" ] || [ -z "${dev_id}" ]; } && exit 2 -# final post request/login with valid session cookie/security token -# -if [ -n "${ses_id}" ] && [ -n "${sec_id}" ] && [ -n "${dev_id}" ] -then - "${trm_fetch}" --user-agent "${trm_useragent}" --referer "https://${trm_domain}/TD/hotspot/H_Hotels/en_GB/index.html" --silent --connect-timeout $((trm_maxwait/6)) --header "Cookie: JSESSIONID=${ses_id}; DT_DEV_ID=${dev_id}; DT_H=${sec_id}" --data "rememberMe=true" --output /dev/null "https://${trm_domain}/wlan/rest/freeLogin" -else - exit 3 + "${trm_fetch}" --user-agent "${trm_useragent}" --referer "https://${trm_domain}/TD/hotspot/H_Hotels/en_GB/index.html" --silent --connect-timeout $((trm_maxwait / 6)) --header "Cookie: JSESSIONID=${ses_id}; DT_DEV_ID=${dev_id}; DT_H=${sec_id}" --data "rememberMe=true" --output /dev/null "https://${trm_domain}/wlan/rest/freeLogin" + [ "${?}" = "0" ] && exit 0 || exit 255 fi diff --git a/net/travelmate/files/hreward.login b/net/travelmate/files/hreward.login new file mode 100755 index 00000000..01342a15 --- /dev/null +++ b/net/travelmate/files/hreward.login @@ -0,0 +1,77 @@ +#!/bin/sh +# captive portal auto-login script for H-Reward Hotelss +# This is free software, licensed under the GNU General Public License v3. + +# set (s)hellcheck exceptions +# shellcheck disable=1091,2039,3040 +# +# +# Username and password can be passed to the script, to get fast wifi +# If not provided, the option with the slower wifi will be selected + + +. "/lib/functions.sh" + + +export LC_ALL=C +export PATH="/usr/sbin:/usr/bin:/sbin:/bin" + + +# From https://stackoverflow.com/a/17336953/819367 converted to sh +rawurlencode() { + string="$1" + strlen=${#string} + encoded="" + pos=0 + c="" + o="" + + while [ $pos -lt $strlen ]; do + c=$(expr substr "$string" $((pos + 1)) 1) + case "$c" in + [-_.~a-zA-Z0-9] ) o="${c}" ;; + * ) o=$(printf '%%%02x' "'$c") + esac + encoded="${encoded}${o}" + pos=$((pos + 1)) + done + + echo "${encoded}" +} + +user=$(rawurlencode "${1}") +password=$(rawurlencode "${2}") + +successUrl="https://hrewards.com/en" +trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0")" +trm_maxwait="$(uci_get travelmate global trm_maxwait "30")" + +set -e + + +session_key="$(curl -sL --user-agent "${trm_useragent}" \ + --connect-timeout $((trm_maxwait / 6)) \ + "http://nossl.com/?cmd=redirect&arubalp=12345" \ + | awk -F 'name="session_key" value="' 'NF>1{split($2,a,"\""); print a[1]; exit}')" + +if [ -n "$user" ] && [ -n "$password" ]; then + response="$(curl -sL --user-agent "${trm_useragent}" \ + --connect-timeout $((trm_maxwait / 6)) \ + -w %{url_effective} \ + -o /dev/null \ + --header "Content-Type:application/x-www-form-urlencoded" \ + --data "session_key=${session_key}&accept_terms=1&email=${user}&password=${password}&password_reset_form_email=&password_update_form_password=&password_update_form_password_repeat=&room_number=&last_name=&voucher=" \ + "https://cp.deutschehospitality.com/aruba/login?lang=en")" +else + response="$(curl -sL --user-agent "${trm_useragent}" \ + --connect-timeout $((trm_maxwait / 6)) \ + -w %{url_effective} \ + -o /dev/null \ + --header "Content-Type:application/x-www-form-urlencoded" \ + --data "session_key=${session_key}&email=&password=&accept_terms=1&password_reset_form_email=&password_update_form_password=&password_update_form_password_repeat=&room_number=&last_name=&voucher=" \ + "https://cp.deutschehospitality.com/aruba/skip-registration?lang=en")" +fi + +if [ "$response" != "$successUrl" ]; then + exit 255 +fi diff --git a/net/travelmate/files/julianahoeve.login b/net/travelmate/files/julianahoeve.login new file mode 100755 index 00000000..b03d02fb --- /dev/null +++ b/net/travelmate/files/julianahoeve.login @@ -0,0 +1,35 @@ +#!/bin/sh +# captive portal auto-login script for Julianahoeve beach resort (NL) +# Copyright (c) 2021-2022 Dirk Brenken (dev@brenken.org) +# This is free software, licensed under the GNU General Public License v3. + +# set (s)hellcheck exceptions +# shellcheck disable=1091,2039,2181,3040 + +. "/lib/functions.sh" + +export LC_ALL=C +export PATH="/usr/sbin:/usr/bin:/sbin:/bin" + +trm_domain="n23.network-auth.com" +trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0")" +trm_captiveurl="$(uci_get travelmate global trm_captiveurl "http://detectportal.firefox.com")" +trm_maxwait="$(uci_get travelmate global trm_maxwait "30")" +trm_fetch="$(command -v curl)" + +# get redirect url +# +redirect_url="$(${trm_fetch} --user-agent "${trm_useragent}" --referer "http://www.example.com" --connect-timeout $((trm_maxwait / 6)) --write-out "%{redirect_url}" --silent --show-error --output /dev/null "${trm_captiveurl}")" +[ -z "${redirect_url}" ] && exit 1 + +# get session cookie +# +"${trm_fetch}" --user-agent "${trm_useragent}" --referer "http://${trm_domain}" --silent --connect-timeout $((trm_maxwait / 6)) --cookie-jar "/tmp/${trm_domain}.cookie" --output /dev/null "${redirect_url}" +session_id="$(awk '/p_splash_session/{print $7}' "/tmp/${trm_domain}.cookie" 2>/dev/null)" +rm -f "/tmp/${trm_domain}.cookie" +[ -z "${session_id}" ] && exit 2 + +# final login request +# +"${trm_fetch}" --user-agent "${trm_useragent}" --referer "${redirect_url}" --silent --connect-timeout $((trm_maxwait / 6)) --header "Cookie: p_splash_session=${session_id};" --output /dev/null "https://${trm_domain}/Camping-Julianah/hi/IHYW9cx/grant" +[ "${?}" = "0" ] && exit 0 || exit 255 diff --git a/net/travelmate/files/telekom.login b/net/travelmate/files/telekom.login new file mode 100755 index 00000000..2cef0e82 --- /dev/null +++ b/net/travelmate/files/telekom.login @@ -0,0 +1,55 @@ +#!/bin/sh +# captive portal auto-login script for telekom hotspots (DE) +# Copyright (c) 2021-2022 Dirk Brenken (dev@brenken.org) +# This is free software, licensed under the GNU General Public License v3. + +# set (s)hellcheck exceptions +# shellcheck disable=1091,3040,3043,3057 + +. "/lib/functions.sh" + +# url encoding function +# +urlencode() +{ + local chr str="${1}" len="${#1}" pos=0 + + while [ "${pos}" -lt "${len}" ]; do + chr="${str:pos:1}" + case "${chr}" in + [a-zA-Z0-9.~_-]) + printf "%s" "${chr}" + ;; + " ") + printf "%%20" + ;; + *) + printf "%%%02X" "'${chr}" + ;; + esac + pos=$((pos + 1)) + done +} + +export LC_ALL=C +export PATH="/usr/sbin:/usr/bin:/sbin:/bin" + +username="$(urlencode "${1}")" +password="$(urlencode "${2}")" +trm_domain="telekom.portal.fon.com" +trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0")" +trm_captiveurl="$(uci_get travelmate global trm_captiveurl "http://detectportal.firefox.com")" +trm_maxwait="$(uci_get travelmate global trm_maxwait "30")" +trm_fetch="$(command -v curl)" + +# get redirect url +# +raw_html="$(${trm_fetch} --user-agent "${trm_useragent}" --referer "http://www.example.com" --connect-timeout $((trm_maxwait / 6)) --location --silent --show-error "${trm_captiveurl}")" +redirect_url="$(printf "%s" "${raw_html}" | awk 'match(tolower($0),/.*<\/loginurl>/){printf "%s",substr($0,RSTART+10,RLENGTH-21)}' 2>/dev/null | awk '{gsub("&","\\&");printf "%s",$0}' 2>/dev/null)" +[ -z "${redirect_url}" ] && exit 1 + +# final login request +# +raw_html="$("${trm_fetch}" --user-agent "${trm_useragent}" --referer "https://${trm_domain}" --connect-timeout $((trm_maxwait / 6)) --header "content-type: application/x-www-form-urlencoded" --location --silent --show-error --data "UserName=${username}&Password=${password}&FNAME=0&button=Login&OriginatingServer=http%3A%2F%2F${trm_captiveurl}" "${redirect_url}")" +login_url="$(printf "%s" "${raw_html}" | awk 'match(tolower($0),/.*<\/logoffurl>/){printf "%s",substr($0,RSTART+11,RLENGTH-23)}' 2>/dev/null)" +[ -n "${login_url}" ] && exit 0 || exit 255 diff --git a/net/travelmate/files/tplink-omada.login b/net/travelmate/files/tplink-omada.login new file mode 100755 index 00000000..fdc87c2d --- /dev/null +++ b/net/travelmate/files/tplink-omada.login @@ -0,0 +1,126 @@ +#!/bin/sh +# captive portal auto-login script for TP-Link Omada (authType=0 only) +# Copyright (c) 2022 Sebastian Muszynski +# This is free software, licensed under the GNU General Public License v3 + +# set (s)hellcheck exceptions +# shellcheck disable=1091,2181,3037,3043,3057 + +. "/lib/functions.sh" +. "/usr/share/libubox/jshn.sh" + +urlencode() +{ + local chr str="${1}" len="${#1}" pos=0 + + while [ "${pos}" -lt "${len}" ]; do + chr="${str:pos:1}" + case "${chr}" in + [a-zA-Z0-9.~_-]) + printf "%s" "${chr}" + ;; + " ") + printf "%%20" + ;; + *) + printf "%%%02X" "'${chr}" + ;; + esac + pos=$((pos + 1)) + done +} + +urldecode() +{ + echo -e "$(sed 's/+/ /g;s/%\(..\)/\\x\1/g;')" +} + +request_parameter() +{ + grep -oE "$1=[^&]+" | cut -d= -f2 +} + +export LC_ALL=C +export PATH="/usr/sbin:/usr/bin:/sbin:/bin" + +trm_captiveurl="$(uci_get travelmate global trm_captiveurl "http://detectportal.firefox.com")" +trm_maxwait="$(uci_get travelmate global trm_maxwait "30")" +trm_fetch="$(command -v curl) --connect-timeout $((trm_maxwait / 6)) --silent" + +raw_html="$(${trm_fetch} --show-error "${trm_captiveurl}")" + +if [ $? -ne 0 ]; +then + echo "The captive portal didn't respond" + exit 1 +fi + +if [ "$raw_html" = "success" ]; +then + echo "Internet access already available" + exit 0 +fi + +redirect_url=$(echo "$raw_html" | grep -oE 'location.href="[^\"]+"' | cut -d\" -f2) + +portal_baseurl=$(echo "$redirect_url" | cut -d/ -f1-4) +client_mac=$(echo "$redirect_url" | request_parameter cid) +ap_mac=$(echo "$redirect_url" | request_parameter ap) +ssid=$(echo "$redirect_url" | request_parameter ssid | urldecode) +radio_id=$(echo "$redirect_url" | request_parameter rid) +url=$(echo "$redirect_url" | request_parameter u | urldecode) + +${trm_fetch} "${portal_baseurl}/pubKey" | jsonfilter -e '@.result.key' > /tmp/trm-omada-pub.key +if [ $? -ne 0 ]; +then + exit 2 +fi + +json_init +json_add_string "clientMac" "$client_mac" +json_add_string "apMac" "$ap_mac" +json_add_string "ssidName" "$ssid" +json_add_int "radioId" "$radio_id" +json_add_string "originUrl" "$url" +json_close_object +incomplete_auth_request="$(json_dump)" + +auth_type=$(${trm_fetch} "${portal_baseurl}/getPortalPageSetting" \ + -H 'Accept: application/json' \ + -H 'Content-Type: application/json' \ + -H 'X-Requested-With: XMLHttpRequest' \ + --data-raw "$incomplete_auth_request" | jsonfilter -e '@.result.authType') + +if [ "$auth_type" -ne 0 ]; +then + echo "Unsupported auth type: $auth_type" + exit 3 +fi + +aes_key=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 16) +aes_key_hex=$(printf "%s" "$aes_key" | hexdump -e '16/1 "%02x"') +aes_vi=$(tr -dc 'a-zA-Z0-9' < /dev/urandom | head -c 16) +aes_vi_hex=$(printf "%s" "$aes_vi" | hexdump -e '16/1 "%02x"') + +rsa_encrypted_aes_secrets=$(printf "%s" "${aes_key}${aes_vi}" | openssl rsautl -encrypt -pubin -inkey /tmp/trm-omada-pub.key | base64 -w 0) +rsa_encrypted_aes_secrets_urlencoded=$(urlencode "$rsa_encrypted_aes_secrets") + +json_load "$incomplete_auth_request" +json_add_int "authType" "$auth_type" +json_close_object +auth_request="$(json_dump)" + +aes_encrypted_auth_request="$(echo "$auth_request" | openssl enc -aes-128-cbc -K "$aes_key_hex" -iv "$aes_vi_hex" -a -A)" + +auth_response=$(${trm_fetch} "${portal_baseurl}/auth?key=$rsa_encrypted_aes_secrets_urlencoded" \ + -H 'Content-Type: text/plain' \ + -H 'X-Requested-With: XMLHttpRequest' \ + --data-raw "$aes_encrypted_auth_request" \ + --insecure) + +if echo "$auth_response" | grep -q '{"errorCode":0}'; +then + exit 0 +fi + +exit 255 diff --git a/net/travelmate/files/travelmate.conf b/net/travelmate/files/travelmate.conf index a27265b7..6e72ca38 100644 --- a/net/travelmate/files/travelmate.conf +++ b/net/travelmate/files/travelmate.conf @@ -6,5 +6,4 @@ config travelmate 'global' option trm_netcheck '0' option trm_autoadd '0' option trm_mail '0' - option trm_vpn '0' option trm_debug '0' diff --git a/net/travelmate/files/travelmate.init b/net/travelmate/files/travelmate.init index 987a52b8..4a7dbf26 100755 --- a/net/travelmate/files/travelmate.init +++ b/net/travelmate/files/travelmate.init @@ -1,32 +1,34 @@ #!/bin/sh /etc/rc.common +# Copyright (c) 2016-2024 Dirk Brenken (dev@brenken.org) +# This is free software, licensed under the GNU General Public License v3. # set (s)hellcheck exceptions -# shellcheck disable=1091,2016,2034,2039,2059,2086,2143,2181,2188 +# shellcheck disable=all START=25 USE_PROCD=1 -EXTRA_COMMANDS="scan setup" -EXTRA_HELP=" scan Scan for available nearby uplinks -setup [] [] [] Setup the travelmate uplink interface, by default 'trm_wwan' with firewall zone 'wan' and metric '100'" +extra_command "scan" "[|] Scan for available nearby uplinks" +extra_command "assoc" "[|] Get MAC adresses of associated wlan stations" +extra_command "setup" "[] [] [] Setup the travelmate uplink interface, by default 'trm_wwan' with firewall zone 'wan' and metric '100'" trm_init="/etc/init.d/travelmate" trm_script="/usr/bin/travelmate.sh" trm_pidfile="/var/run/travelmate.pid" +trm_scanfile="/var/run/travelmate.scan" -boot() -{ - if [ -s "${trm_pidfile}" ] - then - > "${trm_pidfile}" +boot() { + if [ -s "${trm_pidfile}" ]; then + : >"${trm_pidfile}" fi rc_procd start_service } -start_service() -{ - if [ "$("${trm_init}" enabled; printf "%u" ${?})" = "0" ] - then +start_service() { + if "${trm_init}" enabled; then + if [ "${action}" = "boot" ]; then + return 0 + fi procd_open_instance "travelmate" procd_set_param command "${trm_script}" "${@}" procd_set_param pidfile "${trm_pidfile}" @@ -37,44 +39,35 @@ start_service() fi } -reload_service() -{ +reload_service() { local ppid pid timeout - + timeout="$(uci_get travelmate global trm_timeout)" - if [ -s "${trm_pidfile}" ] - then + if [ -s "${trm_pidfile}" ]; then ppid="$(cat "${trm_pidfile}" 2>/dev/null)" - if [ -n "${ppid}" ] - then + if [ -n "${ppid}" ]; then pid="$(pgrep -xnf "sleep ${timeout:-60} 0" -P ${ppid} 2>/dev/null)" - if [ -n "${pid}" ] - then + if [ -n "${pid}" ]; then kill -INT ${pid} 2>/dev/null fi fi fi } -stop_service() -{ +stop_service() { rc_procd "${trm_script}" stop } -status_service() -{ +status_service() { local key keylist value rtfile rtfile="$(uci_get travelmate global trm_rtfile "/tmp/trm_runtime.json")" json_load_file "${rtfile}" >/dev/null 2>&1 - json_select data >/dev/null 2>&1 - if [ "${?}" = "0" ] - then + if json_select data >/dev/null 2>&1; then printf "%s\n" "::: travelmate runtime information" json_get_keys keylist - for key in ${keylist} - do + for key in ${keylist}; do json_get_var value "${key}" printf " + %-18s : %s\n" "${key}" "${value}" done @@ -83,30 +76,30 @@ status_service() fi } -scan() -{ - local result scan_dev radio="${1:-"radio0"}" +scan() { + local result radio="${1}" - scan_dev="$(ubus -S call network.wireless status 2>/dev/null | jsonfilter -l1 -e "@.${radio}.interfaces[0].ifname")" - result="$(iwinfo "${scan_dev:-${radio}}" scan 2>/dev/null | \ + : > "${trm_scanfile}" + if [ -z "${radio}" ]; then + radio="$(ubus -S call network.wireless status 2>/dev/null | jsonfilter -q -l1 -e '@[@.up=true].interfaces[0].ifname')" + fi + result="$(iwinfo "${radio}" scan 2>/dev/null | awk 'BEGIN{FS="[[:space:]]"}/Address:/{var1=$NF}/ESSID:/{var2=""; for(i=12;i<=NF;i++)if(var2==""){var2=$i}else{var2=var2" "$i}}/Channel:/{var3=$NF}/Quality:/{split($NF,var0,"/")}/Encryption:/{var4=""; - for(j=12;j<=NF;j++)if(var4==""){var4=$j}else{var4=var4" "$j};printf " %-11i%-10s%-35s%-20s%s\n",(var0[1]*100/var0[2]),var3,var2,var1,var4}' | \ + for(j=12;j<=NF;j++)if(var4==""){var4=$j}else{var4=var4" "$j};printf " %-11i%-10s%-35s%-20s%s\n",(var0[1]*100/var0[2]),var3,var2,var1,var4}' | sort -rn)" - printf "%s\\n" "::: Available nearby uplinks on '${scan_dev:-${radio}}'" - printf "%s\\n" ":::" - if [ -n "${result}" ] - then - printf "%-15s%-10s%-35s%-20s%s\\n" " Strength" "Channel" "ESSID" "BSSID" "Encryption" - printf "%s\\n" " --------------------------------------------------------------------------------------" - printf "%s\\n" "${result}" + printf "::: %s\n:::\n" "Available nearby uplinks on '${radio}'" + if [ -n "${result}" ]; then + printf "%s\n" "${result}" > "${trm_scanfile}" + printf "%-15s%-10s%-35s%-20s%s\n" " Strength" "Channel" "ESSID" "BSSID" "Encryption" + printf "%s\n" " --------------------------------------------------------------------------------------" + printf "%s\n" "${result}" else - printf "%s\\n" "::: No scan results" + printf "%s\n" "::: Empty resultset" fi } -setup() -{ +setup() { local iface cnt=0 input="${1:-"trm_wwan"}" zone="${2:-"wan"}" metric="${3:-"100"}" iface="$(uci_get travelmate global trm_iface)" @@ -114,13 +107,10 @@ setup() zone="${zone//[+*~%&\$@\"\' ]/}" metric="${metric//[^0-9]/}" - if [ -n "${iface}" ] && [ "${iface}" = "${input}" ] - then + if [ -n "${iface}" ] && [ "${iface}" = "${input}" ]; then printf "%s\n" "The uplink interface '${input}' has been already configured" - elif [ -n "${input}" ] - then - if [ -n "${iface}" ] - then + elif [ -n "${input}" ]; then + if [ -n "${iface}" ]; then uci -q batch <<-EOC del network."${iface}" del network."${iface}6" @@ -133,18 +123,15 @@ setup() set network."${input}".proto="dhcp" set network."${input}".metric="${metric}" set network."${input}6"=interface - set network."${input}6".ifname="@${input}" + set network."${input}6".device="@${input}" set network."${input}6".proto="dhcpv6" commit travelmate commit network EOC - while [ -n "$(uci -q get firewall.@zone["${cnt}"].name)" ] - do - if [ "$(uci -q get firewall.@zone["${cnt}"].name)" = "${zone}" ] - then - if [ -n "${iface}" ] - then + while [ -n "$(uci -q get firewall.@zone["${cnt}"].name)" ]; do + if [ "$(uci -q get firewall.@zone["${cnt}"].name)" = "${zone}" ]; then + if [ -n "${iface}" ]; then uci -q batch <<-EOC del_list firewall.@zone["${cnt}"].network="${iface}" del_list firewall.@zone["${cnt}"].network="${iface}6" @@ -157,19 +144,16 @@ setup() EOC break fi - cnt=$((cnt+1)) + cnt=$((cnt + 1)) done - if [ -n "${iface}" ] - then + if [ -n "${iface}" ]; then cnt=0 - while [ -n "$(uci -q get wireless.@wifi-iface["${cnt}"].network)" ] - do - if [ "$(uci -q get wireless.@wifi-iface["${cnt}"].network)" = "${iface}" ] - then + while [ -n "$(uci -q get wireless.@wifi-iface["${cnt}"].network)" ]; do + if [ "$(uci -q get wireless.@wifi-iface["${cnt}"].network)" = "${iface}" ]; then uci -q set wireless.@wifi-iface["${cnt}"].network="${input}" fi - cnt=$((cnt+1)) + cnt=$((cnt + 1)) done uci -q commit wireless fi @@ -179,17 +163,34 @@ setup() fi } -service_triggers() -{ +assoc() { + local result radio="${1}" + + if [ -z "${radio}" ]; then + radio="$(ubus -S call network.wireless status 2>/dev/null | jsonfilter -q -l1 -e '@[@.*.*.config.mode="ap"].interfaces[0].ifname')" + fi + result="$(iwinfo "${radio}" assoc 2>/dev/null | awk '/^[A-Z0-9:]+/{printf " %s\n",$1}')" + printf "%s\n" "::: Associated wlan stations on '${radio}'" + printf "%s\n" ":::" + if [ -n "${result}" ]; then + printf "%s\n" " MAC addresses" + printf "%s\n" " -----------------" + printf "%s\n" "${result}" + else + printf "%s\n" "::: Empty resultset" + fi +} + +service_triggers() { local iface delay iface="$(uci_get travelmate global trm_iface)" delay="$(uci_get travelmate global trm_triggerdelay "2")" PROCD_RELOAD_DELAY=$((delay * 1000)) - if [ -n "${iface}" ] - then + if [ -n "${iface}" ]; then procd_add_interface_trigger "interface.*.down" "${iface}" "${trm_init}" reload fi + procd_add_raw_trigger "interface.*.up" "${PROCD_RELOAD_DELAY}" "${trm_init}" start procd_add_config_trigger "config.change" "travelmate" "${trm_init}" restart } diff --git a/net/travelmate/files/travelmate.mail b/net/travelmate/files/travelmate.mail index 42da3ccf..0b12866b 100755 --- a/net/travelmate/files/travelmate.mail +++ b/net/travelmate/files/travelmate.mail @@ -1,21 +1,17 @@ #!/bin/sh # send mail script for travelmate notifications -# Copyright (c) 2020 Dirk Brenken (dev@brenken.org) +# Copyright (c) 2020-2024 Dirk Brenken (dev@brenken.org) # This is free software, licensed under the GNU General Public License v3. # set (s)hellcheck exceptions -# shellcheck disable=1091,2016,2039,2059,2086,2143,2181,2188 +# shellcheck disable=all # Please note: you have to setup the package 'msmtp' before using this script +. "/lib/functions.sh" + export LC_ALL=C export PATH="/usr/sbin:/usr/bin:/sbin:/bin" -set -o pipefail - -if [ "$(uci_get 2>/dev/null; printf "%u" "${?}")" = "127" ] -then - . "/lib/functions.sh" -fi trm_debug="$(uci_get travelmate global trm_debug "0")" trm_mailreceiver="$(uci_get travelmate global trm_mailreceiver)" @@ -25,47 +21,34 @@ trm_rtfile="$(uci_get travelmate global trm_rtfile "/tmp/trm_runtime.json")" trm_mailpgm="$(command -v msmtp)" trm_logger="$(command -v logger)" -f_log() -{ - local class="${1}" log_msg="${2}" - - if [ -x "${trm_logger}" ] - then - "${trm_logger}" -p "${class}" -t "trm-mail [${$}]" "${log_msg}" - else - printf "%s %s %s\\n" "${class}" "trm-mail [${$}]" "${log_msg}" - fi -} - -if [ -z "${trm_mailreceiver}" ] -then - f_log "err" "please set the mail receiver with the 'trm_mailreceiver' option" +if [ -z "${trm_mailreceiver}" ]; then + "${trm_logger}" -p "err" -t "trm-mail [${$}]" "please set the mail receiver with the 'trm_mailreceiver' option" 2>/dev/null exit 1 fi -if [ "${trm_debug}" = "1" ] -then +if [ "${trm_debug}" = "1" ]; then debug="--debug" fi # info preparation # -sys_info="$(strings /etc/banner 2>/dev/null; ubus call system board | sed -e 's/\"release\": {//' | sed -e 's/^[ \t]*//' | sed -e 's/[{}\",]//g' | sed -e 's/[ ]/ \t/' | sed '/^$/d' 2>/dev/null)" +sys_info="$( + strings /etc/banner 2>/dev/null + ubus call system board | awk 'BEGIN{FS="[{}\"]"}{if($2=="kernel"||$2=="hostname"||$2=="system"||$2=="model"||$2=="description")printf " + %-12s: %s\n",$2,$4}' +)" trm_info="$(/etc/init.d/travelmate status 2>/dev/null)" -sta_info="$(jsonfilter -i "${trm_rtfile}" -l1 -e '@.data.station_id')" +sta_info="$(jsonfilter -i "${trm_rtfile}" -q -l1 -e '@.data.station_id')" trm_mailtopic="$(uci_get travelmate global trm_mailtopic "travelmate connection to '${sta_info}'")" -trm_mailhead="From: ${trm_mailsender}\\nTo: ${trm_mailreceiver}\\nSubject: ${trm_mailtopic}\\nReply-to: ${trm_mailsender}\\nMime-Version: 1.0\\nContent-Type: text/html; charset=UTF-8\\nContent-Disposition: inline\\n\\n" +trm_mailhead="From: ${trm_mailsender}\nTo: ${trm_mailreceiver}\nSubject: ${trm_mailtopic}\nReply-to: ${trm_mailsender}\nMime-Version: 1.0\nContent-Type: text/html;charset=utf-8\nContent-Disposition: inline\n\n" # mail body # -trm_mailtext="
"
-trm_mailtext="${trm_mailtext}\\n++\\n++ System Information ++\\n++\\n${sys_info}"
-trm_mailtext="${trm_mailtext}\\n\\n++\\n++ Travelmate Information ++\\n++\\n${trm_info}"
+trm_mailtext="
"
+trm_mailtext="${trm_mailtext}\n++\n++ System Information ++\n++\n${sys_info}"
+trm_mailtext="${trm_mailtext}\n\n++\n++ Travelmate Information ++\n++\n${trm_info}"
 trm_mailtext="${trm_mailtext}
"
 
 # send mail
 #
 printf "%b" "${trm_mailhead}${trm_mailtext}" 2>/dev/null | "${trm_mailpgm}" ${debug} -a "${trm_mailprofile}" "${trm_mailreceiver}" >/dev/null 2>&1
-mail_rc="${?}"
-f_log "info" "mail sent to '${trm_mailreceiver}' with rc '${mail_rc}'"
-exit ${mail_rc}
+"${trm_logger}" -p "info" -t "trm-mail [${$}]" "mail sent to '${trm_mailreceiver}' with rc '${?}'" 2>/dev/null
diff --git a/net/travelmate/files/travelmate.sh b/net/travelmate/files/travelmate.sh
index 37dacfce..39660dd8 100755
--- a/net/travelmate/files/travelmate.sh
+++ b/net/travelmate/files/travelmate.sh
@@ -1,45 +1,49 @@
 #!/bin/sh
 # travelmate, a wlan connection manager for travel router
-# Copyright (c) 2016-2021 Dirk Brenken (dev@brenken.org)
+# Copyright (c) 2016-2024 Dirk Brenken (dev@brenken.org)
 # This is free software, licensed under the GNU General Public License v3.
 
 # set (s)hellcheck exceptions
-# shellcheck disable=1091,2016,2039,2059,2086,2143,2181,2188
+# shellcheck disable=all
 
 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-set -o pipefail
 
-trm_ver="2.0.3"
-trm_enabled=0
-trm_debug=0
+trm_enabled="0"
+trm_debug="0"
 trm_iface=""
-trm_captive=1
-trm_proactive=1
-trm_netcheck=0
-trm_autoadd=0
-trm_randomize=0
-trm_mail=0
-trm_vpn=0
+trm_captive="1"
+trm_proactive="1"
+trm_vpn="0"
+trm_netcheck="0"
+trm_autoadd="0"
+trm_randomize="0"
+trm_mail="0"
 trm_mailpgm="/etc/travelmate/travelmate.mail"
 trm_vpnpgm="/etc/travelmate/travelmate.vpn"
-trm_vpnservice=""
-trm_scanbuffer=1024
-trm_minquality=35
-trm_maxretry=3
-trm_maxwait=30
-trm_timeout=60
+trm_minquality="35"
+trm_maxretry="3"
+trm_maxwait="30"
+trm_maxautoadd="5"
+trm_timeout="60"
 trm_radio=""
 trm_connection=""
 trm_wpaflags=""
+trm_ovpninfolist=""
+trm_vpnifacelist=""
+trm_vpninfolist=""
+trm_stdvpnservice=""
+trm_stdvpniface=""
 trm_rtfile="/tmp/trm_runtime.json"
+trm_ubuscmd="$(command -v ubus)"
+trm_jsoncmd="$(command -v jsonfilter)"
 trm_wifi="$(command -v wifi)"
 trm_fetch="$(command -v curl)"
 trm_iwinfo="$(command -v iwinfo)"
 trm_logger="$(command -v logger)"
 trm_wpa="$(command -v wpa_supplicant)"
-trm_captiveurl="http://captive.apple.com"
-trm_useragent="Mozilla/5.0 (Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0"
+trm_captiveurl="http://detectportal.firefox.com"
+trm_useragent="Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/118.0"
 trm_ntpfile="/var/state/travelmate.ntp"
 trm_vpnfile="/var/state/travelmate.vpn"
 trm_mailfile="/var/state/travelmate.mail"
@@ -49,132 +53,94 @@ trm_action="${1:-"start"}"
 
 # load travelmate environment
 #
-f_env()
-{
-	local IFS check wpa_checks ubus_check result
+f_env() {
+	local check wpa_checks result
 
-	# do nothing on stop
-	#
-	if [ "${trm_action}" = "stop" ]
-	then
+	if [ "${trm_action}" = "stop" ]; then
 		return
 	fi
 
-	# (re-)initialize global list variables
-	#
-	unset trm_stalist trm_radiolist trm_uplinklist trm_wpaflags trm_activesta
+	unset trm_stalist trm_radiolist trm_uplinklist trm_vpnifacelist trm_uplinkcfg trm_activesta trm_opensta
 
-	# get system information
-	#
-	trm_sysver="$(ubus -S call system board 2>/dev/null | jsonfilter -e '@.model' -e '@.release.description' | \
-		awk 'BEGIN{ORS=", "}{print $0}' | awk '{print substr($0,1,length($0)-2)}')"
+	trm_sysver="$("${trm_ubuscmd}" -S call system board 2>/dev/null | "${trm_jsoncmd}" -ql1 -e '@.model' -e '@.release.description' |
+		awk 'BEGIN{RS="";FS="\n"}{printf "%s, %s",$1,$2}')"
 
-	# check travelmate config
-	#
-	if [ ! -r "/etc/config/travelmate" ] || [ -z "$(uci -q show travelmate.global.trm_vpn)" ]
-	then
-		f_log "err" "invalid travelmate config, please re-install the package via opkg with the '--force-reinstall --force-maintainer' options"
-	fi
-
-	# load travelmate config
-	#
-	config_cb()
-	{
+	config_cb() {
 		local name="${1}" type="${2}"
-		if [ "${name}" = "travelmate" ] && [ "${type}" = "global" ]
-		then
-			option_cb()
-			{
+
+		if [ "${name}" = "travelmate" ] && [ "${type}" = "global" ]; then
+			option_cb() {
 				local option="${1}" value="${2}"
 				eval "${option}=\"${value}\""
 			}
+			list_cb() {
+				local option="${1}" value="${2}"
+				if [ "${option}" = "trm_vpnifacelist" ] && ! printf "%s" "${trm_vpnifacelist}" | grep -q "${value}"; then
+					eval "trm_vpnifacelist=\"$(printf "%s" "${trm_vpnifacelist}") ${value}\""
+				fi
+			}
+		elif [ "${name}" = "uplink" ]; then
+			if [ "$(uci_get "travelmate.${type}.opensta")" = "1" ]; then
+				eval "trm_opensta=\"$((${trm_opensta:-0} + 1))\""
+			fi
 		else
-			option_cb()
-			{
+			option_cb() {
 				return 0
 			}
 		fi
 	}
 	config_load travelmate
 
-	# check 'enabled' option
-	#
-	if [ "${trm_enabled}" != "1" ]
-	then
+	if [ "${trm_enabled}" != "1" ]; then
 		f_log "info" "travelmate is currently disabled, please set 'trm_enabled' to '1' to use this service"
 		/etc/init.d/travelmate stop
-	fi
-
-	# check ubus network interface
-	#
-	if [ -n "${trm_iface}" ]
-	then
-		ubus_check="$(ubus -t "${trm_maxwait}" wait_for network.wireless network.interface."${trm_iface}" 2>&1)"
-		if [ -n "${ubus_check}" ]
-		then
-			f_log "info" "travelmate interface '${trm_iface}' does not appear on ubus, please check your network setup"
-			/etc/init.d/travelmate stop
-		fi
-	else
+	elif [ -z "${trm_iface}" ]; then
 		f_log "info" "travelmate is currently not configured, please use the 'Interface Setup' in LuCI or the 'setup' option in CLI"
 		/etc/init.d/travelmate stop
+	elif ! "${trm_ubuscmd}" -t "${trm_maxwait}" wait_for network.wireless network.interface."${trm_iface}" >/dev/null 2>&1; then
+		f_log "info" "travelmate interface '${trm_iface}' does not appear on ubus, please check your network setup"
+		/etc/init.d/travelmate stop
 	fi
 
-	# check wpa capabilities
-	#
-	wpa_checks="sae owe eap suiteb192"
-	for check in ${wpa_checks}
-	do
-		if [ -x "${trm_wpa}" ]
-		then
-			result="$("${trm_wpa}" -v${check} >/dev/null 2>&1; printf "%u" "${?}")"
-			if [ -z "${trm_wpaflags}" ]
-			then
-				if [ "${result}" = "0" ]
-				then
-					trm_wpaflags="${check}: $(f_char 1)"
+	if [ -z "${trm_wpaflags}" ]; then
+		wpa_checks="sae owe eap suiteb192"
+		for check in ${wpa_checks}; do
+			if [ -x "${trm_wpa}" ]; then
+				if "${trm_wpa}" -v"${check}" >/dev/null 2>&1; then
+					result="$(f_trim "${result} ${check}: $(f_char 1)")"
 				else
-					trm_wpaflags="${check}: $(f_char 0)"
-				fi
-			else
-				if [ "${result}" = "0" ]
-				then
-					trm_wpaflags="$(f_trim "${trm_wpaflags}, ${check}: $(f_char 1)")"
-				else
-					trm_wpaflags="$(f_trim "${trm_wpaflags}, ${check}: $(f_char 0)")"
+					result="$(f_trim "${result} ${check}: $(f_char 0)")"
 				fi
 			fi
-		fi
-	done
-
-	# get and enable wifi devices
-	#
-	config_load wireless
-	config_foreach f_prepdev wifi-device
-	if [ -n "$(uci -q changes "wireless")" ]
-	then
-		uci_commit "wireless"
-		f_reconf
+		done
+		trm_wpaflags="$(printf "%s" "${result}" | awk '{printf "%s %s, %s %s, %s %s, %s %s",$1,$2,$3,$4,$5,$6,$7,$8}')"
+	fi
+
+	config_load wireless
+	config_foreach f_setdev "wifi-device"
+	if [ -n "$(uci -q changes "wireless")" ]; then
+		uci_commit "wireless"
+		f_wifi
 	fi
 
-	# load json runtime file
-	#
 	json_load_file "${trm_rtfile}" >/dev/null 2>&1
-	json_select data >/dev/null 2>&1
-	if [ "${?}" != "0" ]
-	then
-		> "${trm_rtfile}"
+	if ! json_select data >/dev/null 2>&1; then
+		: >"${trm_rtfile}"
 		json_init
 		json_add_object "data"
 	fi
-	f_log "debug" "f_env     ::: wpa_flags: ${trm_wpaflags}, sys_ver: ${trm_sysver}"
+	
+	if [ "${trm_vpn}" = "1" ] && [ -z "${trm_vpninfolist}" ]; then
+		config_load network
+		config_foreach f_getvpn "interface"
+	fi
+	f_log "debug" "f_env     ::: auto_sta: ${trm_opensta:-"-"}, wpa_flags: ${trm_wpaflags}, sys_ver: ${trm_sysver}"
 }
 
 # trim helper function
 #
-f_trim()
-{
-	local IFS trim="${1}"
+f_trim() {
+	local trim="${1}"
 
 	trim="${trim#"${trim%%[![:space:]]*}"}"
 	trim="${trim%"${trim##*[![:space:]]}"}"
@@ -183,12 +149,10 @@ f_trim()
 
 # status helper function
 #
-f_char()
-{
+f_char() {
 	local result input="${1}"
 
-	if [ "${input}" = "1" ]
-	then
+	if [ "${input}" = "1" ]; then
 		result="✔"
 	else
 		result="✘"
@@ -196,378 +160,499 @@ f_char()
 	printf "%s" "${result}"
 }
 
-# wifi reconf helper function
+# wifi helper function
 #
-f_reconf()
-{
-	local radio tmp_radio cnt="0"
+f_wifi() {
+	local status radio radio_up timeout="0"
 
-	"${trm_wifi}" reconf
-	for radio in ${trm_radiolist}
-	do
-		while [ "$(ubus -S call network.wireless status | jsonfilter -l1 -e "@.${radio}.up")" != "true" ]
-		do
-			if [ "${cnt}" -ge "${trm_maxwait}" ]
-			then
+	"${trm_wifi}" reload
+	for radio in ${trm_radiolist}; do
+		while true; do
+			if [ "${timeout}" -ge "${trm_maxwait}" ]; then
 				break 2
 			fi
-			if [ "${radio}" != "${tmp_radio}" ]
-			then
-				"${trm_wifi}" up "${radio}"
-				tmp_radio="${radio}"
+			status="$("${trm_wifi}" status 2>/dev/null)"
+			if [ "$(printf "%s" "${status}" | "${trm_jsoncmd}" -ql1 -e "@.${radio}.up")" != "true" ] ||
+				[ "$(printf "%s" "${status}" | "${trm_jsoncmd}" -ql1 -e "@.${radio}.pending")" != "false" ]; then
+				if [ "${radio}" != "${radio_up}" ]; then
+					"${trm_wifi}" up "${radio}"
+					radio_up="${radio}"
+				fi
+				timeout="$((timeout + 1))"
+				sleep 1
+			else
+				continue 2
 			fi
-			cnt="$((cnt+1))"
-			sleep 1
 		done
 	done
-	f_log "debug" "f_reconf  ::: radio_list: ${trm_radiolist}, radio: ${radio}, cnt: ${cnt}"
+	if [ "${timeout}" -lt "${trm_maxwait}" ]; then
+		sleep "$((trm_maxwait / 6))"
+		timeout="$((timeout + (trm_maxwait / 6)))"
+	fi
+	f_log "debug" "f_wifi    ::: radio_list: ${trm_radiolist}, radio: ${radio}, timeout: ${timeout}"
 }
 
 # vpn helper function
 #
-f_vpn()
-{
-	local IFS rc action="${1}"
+f_vpn() {
+	local rc result info iface vpn vpn_service vpn_iface vpn_instance vpn_status vpn_action="${1}"
 
-	if [ "${trm_vpn}" = "1" ] && [ -x "${trm_vpnpgm}" ]
-	then
-		if [ "${action}" = "disable" ] || { [ "${action}" = "enable" ] && [ ! -f "${trm_vpnfile}" ]; }
-		then
-			"${trm_vpnpgm}" "${action}" >/dev/null 2>&1
-			rc="${?}"
-		fi
-		if [ "${action}" = "enable" ] && [ "${rc}" = "0" ]
-		then
-			> "${trm_vpnfile}"
-		elif [ "${action}" = "disable" ] && [ -f "${trm_vpnfile}" ]
-		then
+	if  [ "${trm_vpn}" = "1" ] && [ -n "${trm_vpninfolist}" ]; then
+		vpn="$(f_getval "vpn")"
+		vpn_service="$(f_getval "vpnservice")"
+		vpn_iface="$(f_getval "vpniface")"
+
+		if [ ! -f "${trm_vpnfile}" ] || { [ -f "${trm_vpnfile}" ] && [ "${vpn_action}" = "enable" ]; }; then
+			for info in ${trm_vpninfolist}; do
+				iface="${info%%&&*}"
+				vpn_status="$(ifstatus "${iface}" | "${trm_jsoncmd}" -ql1 -e '@.up')"
+				if [ "${vpn_status}" = "true" ]; then
+					/sbin/ifdown "${iface}"
+					"${trm_ubuscmd}" -S call network.interface."${iface}" remove >/dev/null 2>&1
+					f_log "info" "take down vpn interface '${iface}' (initial)"
+				fi
+				[ "${iface}" = "${info}" ] && vpn_instance="" || vpn_instance="${info##*&&}"
+				if [ -x "/etc/init.d/openvpn" ] && [ -n "${vpn_instance}" ] && /etc/init.d/openvpn running "${vpn_instance}"; then
+					/etc/init.d/openvpn stop "${vpn_instance}"
+					f_log "info" "take down openvpn instance '${vpn_instance}' (initial)"
+				fi
+			done
 			rm -f "${trm_vpnfile}"
+		elif [ "${vpn}" = "1" ] && [ -n "${vpn_iface}" ] && [ "${vpn_action}" = "enable_keep" ]; then
+			for info in ${trm_vpninfolist}; do
+				iface="${info%%&&*}"
+				vpn_status="$(ifstatus "${iface}" | "${trm_jsoncmd}" -ql1 -e '@.up')"
+				if [ "${vpn_status}" = "true" ] && [ "${iface}" != "${vpn_iface}" ]; then
+					/sbin/ifdown "${iface}"
+					f_log "info" "take down vpn interface '${iface}' (switch)"
+					rc="1"
+				fi
+				[ "${iface}" = "${info}" ] && vpn_instance="" || vpn_instance="${info##*&&}"
+				if [ -x "/etc/init.d/openvpn" ] && [ -n "${vpn_instance}" ] && /etc/init.d/openvpn running "${vpn_instance}"; then
+					/etc/init.d/openvpn stop "${vpn_instance}"
+					f_log "info" "take down openvpn instance '${vpn_instance}' (switch)"
+					rc="1"
+				fi
+				if [ "${rc}" = "1" ]; then
+					rm -f "${trm_vpnfile}"
+					break
+				fi
+			done
+		fi
+		if [ -x "${trm_vpnpgm}" ] && [ -n "${vpn_service}" ] && [ -n "${vpn_iface}" ]; then
+			if { [ "${vpn_action}" = "disable" ] && [ -f "${trm_vpnfile}" ]; } ||
+				{ [ -s "${trm_ntpfile}" ] && { [ "${vpn}" = "1" ] && [ "${vpn_action%%_*}" = "enable" ] && [ ! -f "${trm_vpnfile}" ]; } ||
+				{ [ "${vpn}" != "1" ] && [ "${vpn_action%%_*}" = "enable" ] && [ -f "${trm_vpnfile}" ]; }; }; then
+					if [ "${trm_connection%%/*}" = "net ok" ] || [ "${vpn_action}" = "disable" ]; then
+						for info in ${trm_vpninfolist}; do
+							iface="${info%%&&*}"
+							if [ "${iface}" = "${vpn_iface}" ]; then 
+								[ "${iface}" = "${info}" ] && vpn_instance="" || vpn_instance="${info##*&&}"
+								break
+							fi
+						done
+						f_log "debug" "f_vpn     ::: vpn: ${vpn:-"0"}, action: ${vpn_action}, service: ${vpn_service}, iface: ${vpn_iface}, instance: ${vpn_instance}"
+						"${trm_vpnpgm}" "${vpn:-"0"}" "${vpn_action}" "${vpn_service}" "${vpn_iface}" "${vpn_instance}" >/dev/null 2>&1
+						rc="${?}"
+					fi
+			fi
+			[ -n "${rc}" ] && f_jsnup
 		fi
 	fi
-	f_log "debug" "f_vpn     ::: vpn: ${trm_vpn}, vpnservice: ${trm_vpnservice:-"-"}, vpnpgm: ${trm_vpnpgm}, action: ${action}, rc: ${rc:-"-"}"
+	f_log "debug" "f_vpn     ::: vpn: ${trm_vpn:-"-"}, enabled: ${vpn:-"-"}, action: ${vpn_action}, vpn_service: ${vpn_service:-"-"}, vpn_iface: ${vpn_iface:-"-"}, vpn_instance: ${vpn_instance:-"-"}, vpn_infolist: ${trm_vpninfolist:-"-"}, result: ${result}, rc: ${rc:-"-"}"
 }
 
-# mac randomizer helper function
+# mac helper function
 #
-f_mac()
-{
-	local result ifname action="${1}" section="${2}"
+f_mac() {
+	local result ifname macaddr action="${1}" section="${2}"
 
-	if [ "${trm_randomize}" = "1" ] && [ "${action}" = "set" ]
-	then
-		result="$(hexdump -n6 -ve '/1 "%.02X "' /dev/random 2>/dev/null | \
-			awk -v local="2,6,A,E" -v seed="$(date +%s)" 'BEGIN{srand(seed)}NR==1{split(local,b,",");seed=int(rand()*4+1);printf "%s%s:%s:%s:%s:%s:%s",substr($1,0,1),b[seed],$2,$3,$4,$5,$6}')"
-		uci_set "wireless" "${section}" "macaddr" "${result}"
-	else
+	if [ "${action}" = "set" ]; then
+		macaddr="$(f_getval "macaddr")"
+		if [ -n "${macaddr}" ]; then
+			result="${macaddr}"
+			uci_set "wireless" "${section}" "macaddr" "${result}"
+		elif [ "${trm_randomize}" = "1" ]; then
+			result="$(hexdump -n6 -ve '/1 "%.02X "' /dev/random 2>/dev/null |
+				awk -v local="2,6,A,E" -v seed="$(date +%s)" 'BEGIN{srand(seed)}NR==1{split(local,b,",");
+				seed=int(rand()*4+1);printf "%s%s:%s:%s:%s:%s:%s",substr($1,0,1),b[seed],$2,$3,$4,$5,$6}')"
+			uci_set "wireless" "${section}" "macaddr" "${result}"
+		else
+			uci_remove "wireless" "${section}" "macaddr" 2>/dev/null
+			ifname="$("${trm_ubuscmd}" -S call network.wireless status 2>/dev/null | "${trm_jsoncmd}" -ql1 -e '@.*.interfaces[@.config.mode="sta"].ifname')"
+			result="$(${trm_iwinfo} "${ifname}" info 2>/dev/null | awk '/Access Point:/{printf "%s",$3}')"
+		fi
+	elif [ "${action}" = "get" ]; then
 		result="$(uci_get "wireless" "${section}" "macaddr")"
-		if [ -z "${result}" ]
-		then
-			ifname="$(ubus -S call network.wireless status 2>/dev/null | jsonfilter -l1 -e '@.*.interfaces[@.config.mode="sta"].ifname')"
+		if [ -z "${result}" ]; then
+			ifname="$("${trm_ubuscmd}" -S call network.wireless status 2>/dev/null | "${trm_jsoncmd}" -ql1 -e '@.*.interfaces[@.config.mode="sta"].ifname')"
 			result="$(${trm_iwinfo} "${ifname}" info 2>/dev/null | awk '/Access Point:/{printf "%s",$3}')"
 		fi
 	fi
 	printf "%s" "${result}"
-	f_log "debug" "f_mac     ::: action: ${action:-"-"}, section: ${section:-"-"}, mac: ${result:-"-"}"
+	f_log "debug" "f_mac     ::: action: ${action:-"-"}, section: ${section:-"-"}, macaddr: ${macaddr:-"-"}, result: ${result:-"-"}"
 }
 
-# track/set travelmate connection information
+# set connection information
 #
-f_contrack()
-{
-	local uplink_config radio_config essid_config bssid_config expiry action="${1}" radio="${2}" essid="${3}" bssid="${4}" cnt=0
+f_ctrack() {
+	local expiry action="${1}"
 
-	while [ "$(uci_get "travelmate" "@uplink[$cnt]" >/dev/null 2>&1; echo $?)" = "0" ]
-	do
-		radio_config="$(uci_get "travelmate" "@uplink[$cnt]" "device")"
-		essid_config="$(uci_get "travelmate" "@uplink[$cnt]" "ssid")"
-		bssid_config="$(uci_get "travelmate" "@uplink[$cnt]" "bssid")"
-		if [ "${radio_config}" = "${radio}" ] && [ "${essid_config}" = "${essid}" ] && [ "${bssid_config}" = "${bssid}" ]
-		then
-			uplink_config="@uplink[$cnt]"
-		fi
-		cnt="$((cnt+1))"
-	done
-	if [ -n "${uplink_config}" ]
-	then
+	if [ -n "${trm_uplinkcfg}" ]; then
 		case "${action}" in
 			"start")
-				uci_remove "travelmate" "${uplink_config}" "con_start" 2>/dev/null
-				uci_remove "travelmate" "${uplink_config}" "con_end" 2>/dev/null
-				if [ -f "${trm_ntpfile}" ]
-				then
-					uci_set "travelmate" "${uplink_config}" "con_start" "$(date "+%Y.%m.%d-%H:%M:%S")"
+				uci_remove "travelmate" "${trm_uplinkcfg}" "con_start" 2>/dev/null
+				uci_remove "travelmate" "${trm_uplinkcfg}" "con_end" 2>/dev/null
+				if [ -s "${trm_ntpfile}" ]; then
+					uci_set "travelmate" "${trm_uplinkcfg}" "con_start" "$(date "+%Y.%m.%d-%H:%M:%S")"
 				fi
-			;;
+				;;
 			"refresh")
-				if [ -f "${trm_ntpfile}" ] && [ -z "$(uci_get "travelmate" "${uplink_config}" "con_start")" ]
-				then
-					uci_set "travelmate" "${uplink_config}" "con_start" "$(date "+%Y.%m.%d-%H:%M:%S")"
+				if [ -s "${trm_ntpfile}" ] && [ -z "$(uci_get "travelmate" "${trm_uplinkcfg}" "con_start")" ]; then
+					uci_set "travelmate" "${trm_uplinkcfg}" "con_start" "$(date "+%Y.%m.%d-%H:%M:%S")"
 				fi
-			;;
+				;;
 			"end")
-				if [ -f "${trm_ntpfile}" ]
-				then
-					uci_set "travelmate" "${uplink_config}" "con_end" "$(date "+%Y.%m.%d-%H:%M:%S")"
+				if [ -s "${trm_ntpfile}" ]; then
+					uci_set "travelmate" "${trm_uplinkcfg}" "con_end" "$(date "+%Y.%m.%d-%H:%M:%S")"
 				fi
-			;;
+				;;
 			"start_expiry")
-				if [ -f "${trm_ntpfile}" ]
-				then
-					expiry="$(uci_get "travelmate" "${uplink_config}" "con_start_expiry")"
-					uci_set "travelmate" "${uplink_config}" "enabled" "0"
-					uci_set "travelmate" "${uplink_config}" "con_end" "$(date "+%Y.%m.%d-%H:%M:%S")"
+				if [ -s "${trm_ntpfile}" ]; then
+					expiry="$(uci_get "travelmate" "${trm_uplinkcfg}" "con_start_expiry")"
+					uci_set "travelmate" "${trm_uplinkcfg}" "enabled" "0"
+					uci_set "travelmate" "${trm_uplinkcfg}" "con_end" "$(date "+%Y.%m.%d-%H:%M:%S")"
 					f_log "info" "uplink '${radio}/${essid}/${bssid:-"-"}' expired after ${expiry} minutes"
 				fi
-			;;
+				;;
 			"end_expiry")
-				if [ -f "${trm_ntpfile}" ]
-				then
-					expiry="$(uci_get "travelmate" "${uplink_config}" "con_end_expiry")"
-					uci_set "travelmate" "${uplink_config}" "enabled" "1"
-					uci_remove "travelmate" "${uplink_config}" "con_start" 2>/dev/null
-					uci_remove "travelmate" "${uplink_config}" "con_end" 2>/dev/null
+				if [ -s "${trm_ntpfile}" ]; then
+					expiry="$(uci_get "travelmate" "${trm_uplinkcfg}" "con_end_expiry")"
+					uci_set "travelmate" "${trm_uplinkcfg}" "enabled" "1"
+					uci_remove "travelmate" "${trm_uplinkcfg}" "con_start" 2>/dev/null
+					uci_remove "travelmate" "${trm_uplinkcfg}" "con_end" 2>/dev/null
 					f_log "info" "uplink '${radio}/${essid}/${bssid:-"-"}' re-enabled after ${expiry} minutes"
 				fi
-			;;
+				;;
 			"disabled")
-				uci_set "travelmate" "${uplink_config}" "enabled" "0"
-				if [ -f "${trm_ntpfile}" ]
-				then
-					uci_set "travelmate" "${uplink_config}" "con_end" "$(date "+%Y.%m.%d-%H:%M:%S")"
+				uci_set "travelmate" "${trm_uplinkcfg}" "enabled" "0"
+				if [ -s "${trm_ntpfile}" ]; then
+					uci_set "travelmate" "${trm_uplinkcfg}" "con_end" "$(date "+%Y.%m.%d-%H:%M:%S")"
 				fi
-			;;
+				;;
 		esac
-		if [ -n "$(uci -q changes "travelmate")" ]
-		then
+		if [ -n "$(uci -q changes "travelmate")" ]; then
 			uci_commit "travelmate"
-			if [ ! -f "${trm_refreshfile}" ]
-			then
-				printf "%s" "cfg_reload" > "${trm_refreshfile}"
+			if [ ! -f "${trm_refreshfile}" ]; then
+				printf "%s" "cfg_reload" >"${trm_refreshfile}"
 			fi
 		fi
 	fi
+	f_log "debug" "f_ctrack  ::: action: ${action:-"-"}, uplink_config: ${trm_uplinkcfg:-"-"}"
 }
 
-# get/match travelmate uplink option
+# get openvpn information
 #
-f_uplink()
-{
-	local IFS result t_radio t_essid t_bssid t_option="${1}" w_radio="${2}" w_essid="${3}" w_bssid="${4}" cnt=0
+f_getovpn() {
+	local file instance device
 
-	while [ "$(uci_get "travelmate" "@uplink[$cnt]" >/dev/null 2>&1; echo $?)" = "0" ]
-	do
-		t_radio="$(uci_get "travelmate" "@uplink[$cnt]" "device")"
-		t_essid="$(uci_get "travelmate" "@uplink[$cnt]" "ssid")"
-		t_bssid="$(uci_get "travelmate" "@uplink[$cnt]" "bssid")"
-		if [ -n "${w_radio}" ] && [ -n "${w_essid}" ] && \
-			[ "${t_radio}" = "${w_radio}" ] && [ "${t_essid}" = "${w_essid}" ] && [ "${t_bssid}" = "${w_bssid}" ]
-		then
-			result="$(uci_get "travelmate" "@uplink[$cnt]" "${t_option}")"
+	for file in /etc/openvpn/*.conf /etc/openvpn/*.ovpn; do
+		if [ -f "${file}" ]; then
+			instance="${file##*/}"
+			instance="${instance%.conf}"
+			instance="${instance%.ovpn}"
+			device="$(awk '/^[[:space:]]*dev /{print $2}' "${file}")"
+			[ "${device}" = "tun" ] && device="tun0"
+			[ "${device}" = "tap" ] && device="tap0"
+			if [ -n "${device}" ] && [ -n "${instance}" ] && ! printf "%s" "${trm_ovpninfolist}" | grep -q "${device}"; then
+				trm_ovpninfolist="${trm_ovpninfolist} ${device}&&${instance}"
+			fi
+		fi
+	done
+
+	uci_config() {
+		local device section="${1}"
+
+		device="$(uci_get "openvpn" "${section}" "dev")"
+		[ "${device}" = "tun" ] && device="tun0"
+		[ "${device}" = "tap" ] && device="tap0"
+		if [ -n "${device}" ] && ! printf "%s" "${trm_ovpninfolist}" | grep -q "${device}"; then
+			trm_ovpninfolist="${trm_ovpninfolist} ${device}&&${section}"
+		fi
+	}
+	if [ -f "/etc/config/openvpn" ]; then
+		config_load openvpn
+		config_foreach uci_config "openvpn"
+	fi
+	f_log "debug" "f_getovpn ::: ovpn_infolist: ${trm_ovpninfolist:-"-"}"
+}
+
+# get logical vpn network interfaces
+#
+f_getvpn() {
+	local info proto device iface="${1}"
+
+	proto="$(uci_get "network" "${iface}" "proto")"
+	device="$(uci_get "network" "${iface}" "device")"
+	if [ "${proto}" = "wireguard" ]; then
+		if [ -z "${trm_vpnifacelist}" ] || printf "%s" "${trm_vpnifacelist}" | grep -q "${iface}"; then
+			if ! printf "%s" "${trm_vpninfolist}" | grep -q "${iface}"; then
+				trm_vpninfolist="$(f_trim "${trm_vpninfolist} ${iface}")"
+			fi
+		fi
+	elif [ "${proto}" = "none" ] && [ -n "${device}" ]; then
+		if [ -z "${trm_ovpninfolist}" ]; then
+			f_getovpn
+		fi
+		if [ -z "${trm_vpnifacelist}" ] || printf "%s" "${trm_vpnifacelist}" | grep -q "${iface}"; then
+			for info in ${trm_ovpninfolist}; do
+				if [ "${info%%&&*}" = "${device}" ]; then
+					if ! printf "%s" "${trm_vpninfolist}" | grep -q "${iface}"; then
+						trm_vpninfolist="$(f_trim "${trm_vpninfolist} ${iface}&&${info##*&&}")"
+						break
+					fi
+				fi
+			done
+		fi
+	fi
+	f_log "debug" "f_getvpn  ::: iface: ${iface:-"-"}, proto: ${proto:-"-"}, device: ${device:-"-"}, vpn_ifacelist: ${trm_vpnifacelist:-"-"}, vpn_infolist: ${trm_vpninfolist:-"-"}"
+}
+
+# get wan gateway addresses
+#
+f_getgw() {
+	local result wan4_if wan4_gw wan6_if wan6_gw
+
+	network_flush_cache
+	network_find_wan wan4_if
+	network_find_wan6 wan6_if
+	network_get_gateway wan4_gw "${wan4_if}"
+	network_get_gateway6 wan6_gw "${wan6_if}"
+	if [ -n "${wan4_gw}" ] || [ -n "${wan6_gw}" ]; then
+		result="true"
+	fi
+	printf "%s" "${result}"
+	f_log "debug" "f_getgw   ::: wan4_gw: ${wan4_gw:-"-"}, wan6_gw: ${wan6_gw:-"-"}, result: ${result:-"-"}"
+}
+
+# get uplink config section
+#
+f_getcfg() {
+	local t_radio t_essid t_bssid radio="${1}" essid="${2}" bssid="${3}" cnt="0"
+
+	while uci_get "travelmate" "@uplink[${cnt}]" >/dev/null 2>&1; do
+		t_radio="$(uci_get "travelmate" "@uplink[${cnt}]" "device")"
+		t_essid="$(uci_get "travelmate" "@uplink[${cnt}]" "ssid")"
+		t_bssid="$(uci_get "travelmate" "@uplink[${cnt}]" "bssid")"
+		if [ -n "${radio}" ] && [ -n "${essid}" ] &&
+			[ "${t_radio}" = "${radio}" ] && [ "${t_essid}" = "${essid}" ] && [ "${t_bssid}" = "${bssid}" ]; then
+			trm_uplinkcfg="@uplink[${cnt}]"
 			break
 		fi
-		cnt="$((cnt+1))"
+		cnt="$((cnt + 1))"
 	done
-	printf "%s" "${result}"
-	f_log "debug" "f_uplink  ::: option: ${t_option}, result: ${result}"
+	f_log "debug" "f_getcfg  ::: status: ${status}, section: ${section}, uplink_config: ${trm_uplinkcfg:-"-"}"
 }
 
-# prepare the 'wifi-device' sections
+# get travelmate option value in 'uplink' sections
 #
-f_prepdev()
-{
-	local IFS disabled radio="${1}"
+f_getval() {
+	local result t_option="${1}"
+
+	if [ -n "${trm_uplinkcfg}" ]; then
+		result="$(uci_get "travelmate" "${trm_uplinkcfg}" "${t_option}")"
+		printf "%s" "${result}"
+	fi
+	f_log "debug" "f_getval  ::: option: ${t_option:-"-"}, result: ${result:-"-"}, uplink_config: ${trm_uplinkcfg:-"-"}"
+}
+
+# set 'wifi-device' sections
+#
+f_setdev() {
+	local disabled radio="${1}"
 
 	disabled="$(uci_get "wireless" "${radio}" "disabled")"
-	if [ "${disabled}" = "1" ]
-	then
-		uci_set wireless "${radio}" disabled 0
+	if [ "${disabled}" = "1" ]; then
+		uci_set wireless "${radio}" "disabled" "0"
 	fi
-
-	if [ -z "${trm_radio}" ] && [ -z "$(printf "%s" "${trm_radiolist}" | grep -Fo "${radio}")" ]
-	then
+	if [ -n "${trm_radio}" ] && [ -z "${trm_radiolist}" ]; then
+		trm_radiolist="${trm_radio}"
+	elif [ -z "${trm_radio}" ] && ! printf "%s" "${trm_radiolist}" | grep -q "${radio}"; then
 		trm_radiolist="$(f_trim "${trm_radiolist} ${radio}")"
-	elif [ -n "${trm_radio}" ] && [ -z "${trm_radiolist}" ]
-	then
-		trm_radiolist="$(f_trim "$(printf "%s" "${trm_radio}" | \
-			awk '{while(match(tolower($0),/[a-z0-9_]+/)){ORS=" ";print substr(tolower($0),RSTART,RLENGTH);$0=substr($0,RSTART+RLENGTH)}}')")"
 	fi
-	f_log "debug" "f_prepdev ::: trm_radio: ${trm_radio:-"-"}, radio: ${radio}, radio_list: ${trm_radiolist:-"-"}, disabled: ${disabled:-"-"}"
+	f_log "debug" "f_setdev  ::: radio: ${radio:-"-"}, radio_list(cnf/cur): ${trm_radio:-"-"}/${trm_radiolist:-"-"}, disabled: ${disabled:-"-"}"
 }
 
-# add open uplink to new 'wifi-iface' section
+# set 'wifi-iface' sections
 #
-f_addif()
-{
-	local IFS uci_cfg offset=1 radio="${1}" essid="${2}"
-
-	config_cb()
-	{
-		local type="${1}" name="${2}"
-		if [ "${type}" = "wifi-iface" ]
-		then
-			if [ "$(uci -q get "wireless.${name}.ssid")" = "${essid}" ]
-			then
-				offset=0
-			elif [ "${offset}" != "0" ]
-			then
-				offset="$((offset+1))"
-			fi
-		fi
-		return "${offset}"
-	}
-	config_load wireless
-
-	if [ "${offset}" != "0" ]
-	then
-		uci_cfg="trm_uplink${offset}"
-		while [ -n "$(uci -q get "wireless.${uci_cfg}")" ]
-		do
-			offset="$((offset+1))"
-			uci_cfg="trm_uplink${offset}"
-		done
-		uci -q batch <<-EOC
-			set wireless."${uci_cfg}"="wifi-iface"
-			set wireless."${uci_cfg}".mode="sta"
-			set wireless."${uci_cfg}".network="${trm_iface}"
-			set wireless."${uci_cfg}".device="${radio}"
-			set wireless."${uci_cfg}".ssid="${essid}"
-			set wireless."${uci_cfg}".encryption="none"
-			set wireless."${uci_cfg}".disabled="1"
-		EOC
-		uci_cfg="$(uci -q add travelmate uplink)"
-		uci -q batch <<-EOC
-			set travelmate."${uci_cfg}".device="${radio}"
-			set travelmate."${uci_cfg}".ssid="${essid}"
-			set travelmate."${uci_cfg}".con_start_expiry="0"
-			set travelmate."${uci_cfg}".con_end_expiry="0"
-			set travelmate."${uci_cfg}".enabled="1"
-		EOC
-		if [ -n "$(uci -q changes "travelmate")" ] || [ -n "$(uci -q changes "wireless")" ]
-		then
-			uci_commit "travelmate"
-			uci_commit "wireless"
-			f_reconf
-			if [ ! -f "${trm_refreshfile}" ]
-			then
-				printf "%s" "ui_reload" > "${trm_refreshfile}"
-			fi
-			f_log "info" "open uplink '${radio}/${essid}' added to wireless config"
-		fi
-	fi
-	f_log "debug" "f_addif   ::: radio: ${radio:-"-"}, essid: ${essid}, offset: ${offset:-"-"}"
-}
-
-# prepare the 'wifi-iface' sections
-#
-f_prepif()
-{
-	local IFS mode radio essid bssid disabled status con_start con_end con_start_expiry con_end_expiry section="${1}" proactive="${2}"
+f_setif() {
+	local mode radio essid bssid enabled disabled con_start con_end con_start_expiry con_end_expiry section="${1}" proactive="${2}"
 
 	mode="$(uci_get "wireless" "${section}" "mode")"
 	radio="$(uci_get "wireless" "${section}" "device")"
 	essid="$(uci_get "wireless" "${section}" "ssid")"
 	bssid="$(uci_get "wireless" "${section}" "bssid")"
 	disabled="$(uci_get "wireless" "${section}" "disabled")"
-	status="$(f_uplink "enabled" "${radio}" "${essid}" "${bssid}")"
-	con_start="$(f_uplink "con_start" "${radio}" "${essid}" "${bssid}")"
-	con_end="$(f_uplink "con_end" "${radio}" "${essid}" "${bssid}")"
-	con_start_expiry="$(f_uplink "con_start_expiry" "${radio}" "${essid}" "${bssid}")"
-	con_end_expiry="$(f_uplink "con_end_expiry" "${radio}" "${essid}" "${bssid}")"
 
-	if [ "${status}" = "0" ] && [ -n "${con_end}" ] && [ -n "${con_end_expiry}" ] && [ "${con_end_expiry}" != "0" ]
-	then
+	f_getcfg "${radio}" "${essid}" "${bssid}"
+
+	enabled="$(f_getval "enabled")"
+	con_start="$(f_getval "con_start")"
+	con_end="$(f_getval "con_end")"
+	con_start_expiry="$(f_getval "con_start_expiry")"
+	con_end_expiry="$(f_getval "con_end_expiry")"
+
+	if [ "${enabled}" = "0" ] && [ -n "${con_end}" ] && [ -n "${con_end_expiry}" ] && [ "${con_end_expiry}" != "0" ]; then
 		d1="$(date -d "${con_end}" "+%s")"
 		d2="$(date "+%s")"
-		d3="$(((d2-d1)/60))"
-		if [ "${d3}" -ge "${con_end_expiry}" ]
-		then
-			status="1"
-			f_contrack "end_expiry" "${radio}" "${essid}" "${bssid}"
+		d3="$(((d2 - d1) / 60))"
+		if [ "${d3}" -ge "${con_end_expiry}" ]; then
+			enabled="1"
+			f_ctrack "end_expiry"
 		fi
-	elif [ "${status}" = "1" ] && [ -n "${con_start}" ] && [ -n "${con_start_expiry}" ] && [ "${con_start_expiry}" != "0" ]
-	then
+	elif [ "${enabled}" = "1" ] && [ -n "${con_start}" ] && [ -n "${con_start_expiry}" ] && [ "${con_start_expiry}" != "0" ]; then
 		d1="$(date -d "${con_start}" "+%s")"
 		d2="$(date "+%s")"
-		d3="$((d1+(con_start_expiry*60)))"
-		if [ "${d2}" -gt "${d3}" ]
-		then
-			status="0"
-			f_contrack "start_expiry" "${radio}" "${essid}" "${bssid}"
+		d3="$((d1 + (con_start_expiry * 60)))"
+		if [ "${d2}" -gt "${d3}" ]; then
+			enabled="0"
+			f_ctrack "start_expiry"
 		fi
 	fi
 
-	if [ "${mode}" = "sta" ]
-	then
-		if [ "${status}" = "0" ] || \
-			{ { [ -z "${disabled}" ] || [ "${disabled}" = "0" ]; } && { [ "${proactive}" = "0" ] || [ "${trm_ifstatus}" != "true" ]; } }
-		then
+	if [ "${mode}" = "sta" ]; then
+		if [ "${enabled}" = "0" ] || { { [ -z "${disabled}" ] || [ "${disabled}" = "0" ]; } &&
+			{ [ "${proactive}" = "0" ] || [ "${trm_ifstatus}" != "true" ]; }; }; then
 			uci_set "wireless" "${section}" "disabled" "1"
-		elif [ "${disabled}" = "0" ] && [ "${trm_ifstatus}" = "true" ] && [ "${proactive}" = "1" ]
-		then
-			if [ -z "${trm_activesta}" ]
-			then
+		elif [ "${enabled}" = "1" ] && [ "${disabled}" = "0" ] && [ "${trm_ifstatus}" = "true" ] && [ "${proactive}" = "1" ]; then
+			if [ -z "${trm_activesta}" ]; then
 				trm_activesta="${section}"
 			else
 				uci_set "wireless" "${section}" "disabled" "1"
 			fi
 		fi
-		if [ "${status}" = "1" ]
-		then
+		if [ "${enabled}" = "1" ]; then
 			trm_stalist="$(f_trim "${trm_stalist} ${section}-${radio}")"
 		fi
 	fi
-	f_log "debug" "f_prepif  ::: status: ${status}, section: ${section}, active_sta: ${trm_activesta:-"-"}"
+	f_log "debug" "f_setif   ::: enabled: ${enabled}, section: ${section}, active_sta: ${trm_activesta:-"-"}, uplink_config: ${trm_uplinkcfg:-"-"}"
+}
+
+# add open uplinks
+#
+f_addsta() {
+	local wifi_cfg trm_cfg new_uplink="1" offset="1" radio="${1}" essid="${2}"
+
+	if [ "${trm_maxautoadd}" = "0" ] || [ "${trm_opensta:-0}" -lt "${trm_maxautoadd}" ]; then
+		config_cb() {
+			local type="${1}" name="${2}"
+
+			if [ "${type}" = "wifi-iface" ]; then
+				if [ "$(uci_get "wireless.${name}.ssid")" = "${essid}" ] &&
+					[ "$(uci_get "wireless.${name}.device")" = "${radio}" ]; then
+					new_uplink="0"
+					return 0
+				fi
+				offset="$((offset + 1))"
+			fi
+		}
+		config_load wireless
+	else
+		new_uplink="0"
+	fi
+
+	if [ "${new_uplink}" = "1" ]; then
+		wifi_cfg="trm_uplink$((offset + 1))"
+		while [ -n "$(uci_get "wireless.${wifi_cfg}")" ]; do
+			offset="$((offset + 1))"
+			wifi_cfg="trm_uplink${offset}"
+		done
+		uci -q batch <<-EOC
+			set wireless."${wifi_cfg}"="wifi-iface"
+			set wireless."${wifi_cfg}".mode="sta"
+			set wireless."${wifi_cfg}".network="${trm_iface}"
+			set wireless."${wifi_cfg}".device="${radio}"
+			set wireless."${wifi_cfg}".ssid="${essid}"
+			set wireless."${wifi_cfg}".encryption="none"
+			set wireless."${wifi_cfg}".disabled="1"
+		EOC
+		trm_cfg="$(uci -q add travelmate uplink)"
+		uci -q batch <<-EOC
+			set travelmate."${trm_cfg}".device="${radio}"
+			set travelmate."${trm_cfg}".ssid="${essid}"
+			set travelmate."${trm_cfg}".opensta="1"
+			set travelmate."${trm_cfg}".con_start_expiry="0"
+			set travelmate."${trm_cfg}".con_end_expiry="0"
+			set travelmate."${trm_cfg}".enabled="1"
+		EOC
+		if [ -n "${trm_stdvpnservice}" ] && [ -n "${trm_stdvpniface}" ]; then
+			uci -q batch <<-EOC
+				set travelmate."${trm_cfg}".vpnservice="${trm_stdvpnservice}"
+				set travelmate."${trm_cfg}".vpniface="${trm_stdvpniface}"
+				set travelmate."${trm_cfg}".vpn="1"
+			EOC
+		fi
+		trm_opensta="$((trm_opensta + 1))"
+		uci_commit "travelmate"
+		uci_commit "wireless"
+		f_wifi
+		if [ ! -f "${trm_refreshfile}" ]; then
+			printf "%s" "ui_reload" >"${trm_refreshfile}"
+		fi
+		f_log "info" "open uplink '${radio}/${essid}' added to wireless config"
+		printf "%s" "${wifi_cfg}-${radio}"
+	fi
+	f_log "debug" "f_addsta  ::: radio: ${radio:-"-"}, essid: ${essid}, opensta/maxautoadd: ${trm_opensta:-"-"}/${trm_maxautoadd:-"-"}, new_uplink: ${new_uplink}, offset: ${offset}"
 }
 
 # check net status
 #
-f_net()
-{
-	local IFS err err_rc err_domain json_raw json_cp json_rc cp_domain result="net nok"
+f_net() {
+	local err_msg raw json_raw html_raw html_cp js_cp json_ec json_rc json_cp json_ed result="net nok"
 
-	json_raw="$(${trm_fetch} --user-agent "${trm_useragent}" --referer "http://www.example.com" --write-out "%{json}" --silent --show-error --connect-timeout $((trm_maxwait/10)) "${trm_captiveurl}" 2>/tmp/trm_fetch.err)"
-	json_raw="${json_raw#*\{}"
-	if [ -s "/tmp/trm_fetch.err" ]
-	then
-		err="$(awk 'BEGIN{FS="[()'\'' ]"}{printf "%s %s",$3,$(NF-1)}' "/tmp/trm_fetch.err")"
-		err_rc="${err% *}"
-		err_domain="${err#* }"
-		if [ "${err_rc}" = "6" ]
-		then
-			if [ -n "${err_domain}" ] && [ "${err_domain}" != "timed" ] && [ "${err_domain}" != "${trm_captiveurl#http*://*}" ]
-			then
-				result="net cp '${err_domain}'"
+	raw="$(${trm_fetch} --user-agent "${trm_useragent}" --referer "http://www.example.com" --header "Cache-Control: no-cache, no-store, must-revalidate, max-age=0" --write-out "%{json}" --silent --max-time $((trm_maxwait / 6)) "${trm_captiveurl}")"
+	json_raw="${raw#*\{}"
+	html_raw="${raw%%\{*}"
+	if [ -n "${json_raw}" ]; then
+		json_ec="$(printf "%s" "{${json_raw}" | "${trm_jsoncmd}" -ql1 -e '@.exitcode')"
+		json_rc="$(printf "%s" "{${json_raw}" | "${trm_jsoncmd}" -ql1 -e '@.response_code')"
+		json_cp="$(printf "%s" "{${json_raw}" | "${trm_jsoncmd}" -ql1 -e '@.redirect_url' | awk 'BEGIN{FS="/"}{printf "%s",tolower($3)}')"
+		if [ "${json_ec}" = "0" ]; then
+			if [ -n "${json_cp}" ]; then
+				result="net cp '${json_cp}'"
+			else
+				if [ "${json_rc}" = "200" ] || [ "${json_rc}" = "204" ]; then
+					html_cp="$(printf "%s" "${html_raw}" | awk 'match(tolower($0),/^.*/dev/null)"
-		json_rc="$(printf "%s" "{${json_raw}" | jsonfilter -l1 -e '@.response_code' 2>/dev/null)"
-		if [ -n "${json_cp}" ]
-		then
-			cp_domain="${json_cp#http*://*}"
-			cp_domain="${cp_domain%%/*}"
-			result="net cp '${cp_domain}'"
 		else
-			if [ "${json_rc}" = "200" ] || [ "${json_rc}" = "204" ]
-			then
-				result="net ok"
+			err_msg="$(printf "%s" "{${json_raw}" | "${trm_jsoncmd}" -ql1 -e '@.errormsg')"
+			json_ed="$(printf "%s" "{${err_msg}" | awk '/([[:alnum:]_-]{1,63}\.)+[[:alpha:]]+$/{printf "%s",tolower($NF)}')"
+			if [ "${json_ec}" = "6" ]; then
+				if [ -n "${json_ed}" ] && [ "${json_ed}" != "${trm_captiveurl#http*://*}" ]; then
+					result="net cp '${json_ed}'"
+				fi
 			fi
 		fi
 	fi
-	rm -f "/tmp/trm_fetch.err"
 	printf "%s" "${result}"
-	f_log "debug" "f_net     ::: fetch: ${trm_fetch}, timeout: $((trm_maxwait/6)), url: ${trm_captiveurl}, user_agent: ${trm_useragent}, result: ${result}, error: ${err:-"-"}"
+	f_log "debug" "f_net     ::: fetch: ${trm_fetch}, timeout: $((trm_maxwait / 6)), cp (json/html/js): ${json_cp:-"-"}/${html_cp:-"-"}/${js_cp:-"-"}, result: ${result}, error (rc/msg): ${json_ec}/${err_msg:-"-"}, url: ${trm_captiveurl}"
 }
 
 # check interface status
 #
-f_check()
-{
-	local IFS ifname radio dev_status result login_script login_script_args cp_domain wait_time="1" enabled="1" mode="${1}" status="${2}" sta_radio="${3}" sta_essid="${4}" sta_bssid="${5}"
+f_check() {
+	local ifname radio dev_status result login_script login_script_args cp_domain wait_time="0" enabled="1" mode="${1}" status="${2}" sta_radio="${3}" sta_essid="${4}" sta_bssid="${5}"
 
-	if [ "${mode}" = "initial" ] || [ "${mode}" = "dev" ]
-	then
+	if [ "${mode}" = "initial" ] || [ "${mode}" = "dev" ]; then
 		json_get_var station_id "station_id"
 		sta_radio="${station_id%%/*}"
 		sta_essid="${station_id%/*}"
@@ -575,246 +660,207 @@ f_check()
 		sta_bssid="${station_id##*/}"
 		sta_bssid="${sta_bssid//-/}"
 	fi
-	if [ "${mode}" != "rev" ] && [ -n "${sta_radio}" ] && [ "${sta_radio}" != "-" ] && [ -n "${sta_essid}" ] && [ "${sta_essid}" != "-" ]
-	then
-		enabled="$(f_uplink "enabled" "${sta_radio}" "${sta_essid}" "${sta_bssid}")"
+	f_getcfg "${sta_radio}" "${sta_essid}" "${sta_bssid}"
+
+	if [ "${mode}" != "rev" ] && [ -n "${sta_radio}" ] && [ "${sta_radio}" != "-" ] && [ -n "${sta_essid}" ] && [ "${sta_essid}" != "-" ]; then
+		enabled="$(f_getval "enabled")"
 	fi
-	if { [ "${mode}" != "initial" ] && [ "${mode}" != "dev" ] && [ "${status}" = "false" ]; } || \
-		{ [ "${mode}" = "dev" ] && { [ "${status}" = "false" ] || { [ "${trm_ifstatus}" != "${status}" ] && [ "${enabled}" = "0" ]; }; }; }
-	then
-		f_reconf
+	if { [ "${mode}" != "initial" ] && [ "${mode}" != "dev" ] && [ "${status}" = "false" ]; } ||
+		{ [ "${mode}" = "dev" ] && { [ "${status}" = "false" ] || { [ "${trm_ifstatus}" != "${status}" ] && [ "${enabled}" = "0" ]; }; }; }; then
+		f_wifi
 	fi
-	while [ "${wait_time}" -le "${trm_maxwait}" ]
-	do
-		dev_status="$(ubus -S call network.wireless status 2>/dev/null)"
-		if [ -n "${dev_status}" ]
-		then
-			if [ "${mode}" = "dev" ]
-			then
-				if [ "${trm_ifstatus}" != "${status}" ]
-				then
+	while [ "${wait_time}" -le "${trm_maxwait}" ]; do
+		[ "${wait_time}" -gt "0" ] && sleep 1
+		wait_time="$((wait_time + 1))"
+		dev_status="$("${trm_ubuscmd}" -S call network.wireless status 2>/dev/null)"
+		if [ -n "${dev_status}" ]; then
+			if [ "${mode}" = "dev" ]; then
+				if [ "${trm_ifstatus}" != "${status}" ]; then
 					trm_ifstatus="${status}"
 					f_jsnup
 				fi
-				if [ "${status}" = "false" ]
-				then
-					sleep "$((trm_maxwait/5))"
+				if [ "${status}" = "false" ]; then
+					sleep "$((trm_maxwait / 5))"
 				fi
 				break
-			elif [ "${mode}" = "rev" ]
-			then
+			elif [ "${mode}" = "rev" ]; then
+				unset trm_connection
+				trm_ifstatus="${status}"
 				break
 			else
-				ifname="$(printf "%s" "${dev_status}" | jsonfilter -l1 -e '@.*.interfaces[@.config.mode="sta"].ifname')"
-				if [ -n "${ifname}" ] && [ "${enabled}" = "1" ]
-				then
-					result="$(f_net)"
-					trm_ifquality="$(${trm_iwinfo} "${ifname}" info 2>/dev/null | awk -F '[ ]' '/Link Quality:/{split($NF,var0,"/");printf "%i\n",(var0[1]*100/var0[2])}')"
-					if [ "${trm_ifquality}" -ge "${trm_minquality}" ]
-					then
-						trm_ifstatus="$(ubus -S call network.interface dump 2>/dev/null | jsonfilter -l1 -e "@.interface[@.device=\"${ifname}\"].up")"
-						if [ "${trm_ifstatus}" = "true" ]
-						then
-							if [ "${trm_captive}" = "1" ]
-							then
-								cp_domain="$(printf "%s" "${result}" | awk -F '['\''| ]' '/^net cp/{printf "%s",$4}')"
-								if [ -x "/etc/init.d/dnsmasq" ] && [ -f "/etc/config/dhcp" ] && \
-									[ -n "${cp_domain}" ] && [ -z "$(uci_get "dhcp" "@dnsmasq[0]" "rebind_domain" | grep -Fo "${cp_domain}")" ]
-								then
-									uci_add_list "dhcp" "@dnsmasq[0]" "rebind_domain" "${cp_domain}"
-									uci_commit "dhcp"
-									/etc/init.d/dnsmasq reload
-									f_log "info" "captive portal domain '${cp_domain}' added to to dhcp rebind whitelist"
-								fi
-								if [ -n "${cp_domain}" ] && [ "${trm_captive}" = "1" ]
-								then
+				ifname="$(printf "%s" "${dev_status}" | "${trm_jsoncmd}" -ql1 -e '@.*.interfaces[@.config.mode="sta"].ifname')"
+				if [ -n "${ifname}" ] && [ "${enabled}" = "1" ]; then
+					trm_ifquality="$(${trm_iwinfo} "${ifname}" info 2>/dev/null | awk -F '[ ]' '/Link Quality: [0-9]+\/[0-9]+/{split($NF,var0,"/");printf "%i\n",(var0[1]*100/var0[2])}')"
+					if [ -z "${trm_ifquality}" ]; then
+						trm_ifstatus="$("${trm_ubuscmd}" -S call network.interface dump 2>/dev/null | "${trm_jsoncmd}" -ql1 -e "@.interface[@.device=\"${ifname}\"].up")"
+						if { [ -n "${trm_connection}" ] && [ "${trm_ifstatus}" = "false" ]; } || [ "${wait_time}" -eq "${trm_maxwait}" ]; then
+							f_log "info" "no signal from uplink"
+							f_vpn "disable"
+							unset trm_connection
+							trm_ifstatus="${status}"
+							f_ctrack "end"
+							f_jsnup
+							break
+						fi
+						continue
+					elif [ "${trm_ifquality}" -ge "${trm_minquality}" ]; then
+						trm_ifstatus="$("${trm_ubuscmd}" -S call network.interface dump 2>/dev/null | "${trm_jsoncmd}" -ql1 -e "@.interface[@.device=\"${ifname}\"].up")"
+						if [ "${trm_ifstatus}" = "true" ]; then
+							result="$(f_net)"
+							if [ "${trm_captive}" = "1" ]; then
+								while true; do
+									cp_domain="$(printf "%s" "${result}" | awk -F '['\''| ]' '/^net cp/{printf "%s",$4}')"
+									if [ -x "/etc/init.d/dnsmasq" ] && [ -f "/etc/config/dhcp" ] &&
+										[ -n "${cp_domain}" ] && ! uci_get "dhcp" "@dnsmasq[0]" "rebind_domain" | grep -q "${cp_domain}"; then
+										uci_add_list "dhcp" "@dnsmasq[0]" "rebind_domain" "${cp_domain}"
+										uci_commit "dhcp"
+										/etc/init.d/dnsmasq reload
+										f_log "info" "captive portal domain '${cp_domain}' added to to dhcp rebind whitelist"
+									else 
+										break
+									fi
+									result="$(f_net)"
+								done
+								if [ -n "${cp_domain}" ]; then
 									trm_connection="${result:-"-"}/${trm_ifquality}"
 									f_jsnup
-									login_script="$(f_uplink "script" "${sta_radio}" "${sta_essid}" "${sta_bssid}")"
-									if [ -x "${login_script}" ]
-									then
-										login_script_args="$(f_uplink "script_args" "${sta_radio}" "${sta_essid}" "${sta_bssid}")"
+									login_script="$(f_getval "script")"
+									if [ -x "${login_script}" ]; then
+										login_script_args="$(f_getval "script_args")"
 										"${login_script}" ${login_script_args} >/dev/null 2>&1
 										rc="${?}"
-										f_log "info" "captive portal login '${login_script:0:40} ${login_script_args:0:20}' for '${cp_domain}' has been executed with rc '${rc}'"
-										if [ "${rc}" = "0" ]
-										then
+										f_log "info" "captive portal login script for '${cp_domain}' has been finished  with rc '${rc}'"
+										if [ "${rc}" = "0" ]; then
 											result="$(f_net)"
 										fi
 									fi
 								fi
 							fi
-							if [ "${trm_netcheck}" = "1" ] && [ "${result}" = "net nok" ]
-							then
-								f_log "info" "uplink has no internet (new connection)"
+							if [ "${result}" = "net nok" ]; then
 								f_vpn "disable"
-								trm_ifstatus="${status}"
-								f_jsnup
-								break
+								if [ "${trm_netcheck}" = "1" ]; then
+									f_log "info" "uplink has no internet"
+									trm_ifstatus="${status}"
+									f_jsnup
+									break
+								fi
 							fi
 							trm_connection="${result:-"-"}/${trm_ifquality}"
 							f_jsnup
 							break
 						fi
-					elif [ -n "${trm_connection}" ]
-					then
-						if [ "${trm_ifquality}" -lt "${trm_minquality}" ]
-						then
-							f_log "info" "uplink is out of range (${trm_ifquality}/${trm_minquality})"
-							f_vpn "disable"
-							unset trm_connection
-							trm_ifstatus="${status}"
-							f_contrack "end" "${sta_radio}" "${sta_essid}" "${sta_bssid}"
-						elif [ "${trm_netcheck}" = "1" ] && [ "${result}" = "net nok" ]
-						then
-							f_log "info" "uplink has no internet (existing connection)"
-							f_vpn "disable"
-							unset trm_connection
-							trm_ifstatus="${status}"
-						fi
+					elif [ -n "${trm_connection}" ] && { [ "${trm_netcheck}" = "1" ] || [ "${mode}" = "initial" ]; }; then
+						f_log "info" "uplink is out of range (${trm_ifquality}/${trm_minquality})"
+						f_vpn "disable"
+						unset trm_connection
+						trm_ifstatus="${status}"
+						f_ctrack "end"
 						f_jsnup
 						break
-					elif [ "${mode}" = "initial" ]
-					then
+					elif [ "${mode}" = "initial" ] || [ "${mode}" = "sta" ]; then
+						unset trm_connection
 						trm_ifstatus="${status}"
 						f_jsnup
 						break
 					fi
-				elif [ -n "${trm_connection}" ]
-				then
+				elif [ -n "${trm_connection}" ]; then
 					f_vpn "disable"
 					unset trm_connection
 					trm_ifstatus="${status}"
 					f_jsnup
 					break
-				elif [ "${mode}" = "initial" ]
-				then
+				elif [ "${mode}" = "initial" ]; then
 					trm_ifstatus="${status}"
 					f_jsnup
 					break
 				fi
 			fi
 		fi
-		if [ "${mode}" = "initial" ]
-		then
+		if [ "${mode}" = "initial" ]; then
 			trm_ifstatus="${status}"
 			f_jsnup
 			break
 		fi
-		wait_time="$((wait_time+1))"
-		sleep 1
 	done
 	f_log "debug" "f_check   ::: mode: ${mode}, name: ${ifname:-"-"}, status: ${trm_ifstatus}, enabled: ${enabled}, connection: ${trm_connection:-"-"}, wait: ${wait_time}, max_wait: ${trm_maxwait}, min_quality: ${trm_minquality}, captive: ${trm_captive}, netcheck: ${trm_netcheck}"
 }
 
 # update runtime information
 #
-f_jsnup()
-{
-	local IFS section last_date last_station sta_iface sta_radio sta_essid sta_bssid sta_mac dev_status last_status status="${trm_ifstatus}" ntp_done="0" vpn_done="0" mail_done="0"
+f_jsnup() {
+	local vpn vpn_iface section last_date sta_iface sta_radio sta_essid sta_bssid sta_mac dev_status status="${trm_ifstatus}" ntp_done="0" vpn_done="0" mail_done="0"
 
-	if [ "${status}" = "true" ]
-	then
+	if [ "${status}" = "true" ]; then
 		status="connected (${trm_connection:-"-"})"
-		dev_status="$(ubus -S call network.wireless status 2>/dev/null)"
-		if [ -n "${dev_status}" ]
-		then
-			section="$(printf "%s" "${dev_status}" | jsonfilter -l1 -e '@.*.interfaces[@.config.mode="sta"].section')"
-			if [ -n "${section}" ]
-			then
-				sta_iface="$(uci_get "wireless" "${section}" "network")"
-				sta_radio="$(uci_get "wireless" "${section}" "device")"
-				sta_essid="$(uci_get "wireless" "${section}" "ssid")"
-				sta_bssid="$(uci_get "wireless" "${section}" "bssid")"
-				sta_mac="$(f_mac "get" "${section}")"
-			fi
+		dev_status="$("${trm_ubuscmd}" -S call network.wireless status 2>/dev/null)"
+		section="$(printf "%s" "${dev_status}" | "${trm_jsoncmd}" -ql1 -e '@.*.interfaces[@.config.mode="sta"].section')"
+		if [ -n "${section}" ]; then
+			sta_iface="$(uci_get "wireless" "${section}" "network")"
+			sta_radio="$(uci_get "wireless" "${section}" "device")"
+			sta_essid="$(uci_get "wireless" "${section}" "ssid")"
+			sta_bssid="$(uci_get "wireless" "${section}" "bssid")"
+			sta_mac="$(f_mac "get" "${section}")"
+			f_getcfg "${sta_radio}" "${sta_essid}" "${sta_bssid}"
 		fi
 		json_get_var last_date "last_run"
-		json_get_var last_station "station_id"
-		json_get_var last_status "travelmate_status"
 
-		if { [ -f "${trm_ntpfile}" ] && [ ! -s "${trm_ntpfile}" ]; } || [ "${last_status}" = "running (not connected)" ] || \
-			{ [ -n "${last_station}" ] && [ "${last_station}" != "${sta_radio:-"-"}/${sta_essid:-"-"}/${sta_bssid:-"-"}" ]; }
-		then
-			last_date="$(date "+%Y.%m.%d-%H:%M:%S")"
-			if [ -f "${trm_ntpfile}" ] && [ ! -s "${trm_ntpfile}" ]
-			then
-				printf "%s" "${last_date}" > "${trm_ntpfile}"
-			fi
+		vpn="$(f_getval "vpn")"
+		if  [ "${trm_vpn}" = "1" ] && [ -n "${trm_vpninfolist}" ] && [ "${vpn}" = "1" ] && [ -f "${trm_vpnfile}" ]; then
+			vpn_iface="$(f_getval "vpniface")"			
+			vpn_done="1"
 		fi
-	elif [ "${status}" = "error" ]
-	then
+	elif [ "${status}" = "error" ]; then
 		unset trm_connection
 		status="program error"
 	else
 		unset trm_connection
 		status="running (not connected)"
 	fi
-
-	if [ -z "${last_date}" ]
-	then
+	if [ -z "${last_date}" ]; then
 		last_date="$(date "+%Y.%m.%d-%H:%M:%S")"
 	fi
-	if [ -s "${trm_ntpfile}" ]
-	then
+	if [ -s "${trm_ntpfile}" ]; then
 		ntp_done="1"
 	fi
-	if [ "${trm_vpn}" = "1" ] && [ -f "${trm_vpnfile}" ]
-	then
-		vpn_done="1"
-	fi
-	if [ "${trm_mail}" = "1" ] && [ -f "${trm_mailfile}" ]
-	then
+	if [ "${trm_mail}" = "1" ] && [ -f "${trm_mailfile}" ]; then
 		mail_done="1"
 	fi
 	json_add_string "travelmate_status" "${status}"
 	json_add_string "travelmate_version" "${trm_ver}"
 	json_add_string "station_id" "${sta_radio:-"-"}/${sta_essid:-"-"}/${sta_bssid:-"-"}"
 	json_add_string "station_mac" "${sta_mac:-"-"}"
-	json_add_string "station_interface" "${sta_iface:-"-"}"
+	json_add_string "station_interfaces" "${sta_iface:-"-"}, ${vpn_iface:-"-"}"
 	json_add_string "wpa_flags" "${trm_wpaflags:-"-"}"
 	json_add_string "run_flags" "captive: $(f_char ${trm_captive}), proactive: $(f_char ${trm_proactive}), netcheck: $(f_char ${trm_netcheck}), autoadd: $(f_char ${trm_autoadd}), randomize: $(f_char ${trm_randomize})"
 	json_add_string "ext_hooks" "ntp: $(f_char ${ntp_done}), vpn: $(f_char ${vpn_done}), mail: $(f_char ${mail_done})"
 	json_add_string "last_run" "${last_date}"
 	json_add_string "system" "${trm_sysver}"
-	json_dump > "${trm_rtfile}"
+	json_dump >"${trm_rtfile}"
 
-	if [ "${status%% (net ok/*}" = "connected" ]
-	then
-		f_vpn "enable"
-		if [ "${trm_mail}" = "1" ] && [ -x "${trm_mailpgm}" ] && [ "${ntp_done}" = "1" ] && [ "${mail_done}" = "0" ]
-		then
-			if [ "${trm_vpn}" = "0" ] || [ "${vpn_done}" = "1" ]
-			then
-				> "${trm_mailfile}"
-				"${trm_mailpgm}" >/dev/null 2>&1
-			fi
+	if [ "${status%% (net ok/*}" = "connected" ] && [ "${trm_mail}" = "1" ] && [ -x "${trm_mailpgm}" ] && [ "${ntp_done}" = "1" ] && [ "${mail_done}" = "0" ]; then
+		if [ "${trm_vpn}" != "1" ] || [ "${vpn}" != "1" ] || [ -z "${trm_vpninfolist}" ] || [ "${vpn_done}" = "1" ]; then
+			: >"${trm_mailfile}"
+			"${trm_mailpgm}" >/dev/null 2>&1
 		fi
-	else
-		f_vpn "disable"
 	fi
-	f_log "debug" "f_jsnup   ::: section: ${section:-"-"}, status: ${status:-"-"}, sta_iface: ${sta_iface:-"-"}, sta_radio: ${sta_radio:-"-"}, sta_essid: ${sta_essid:-"-"}, sta_bssid: ${sta_bssid:-"-"}, ntp: ${ntp_done}, vpn: ${trm_vpn}/${vpn_done}, mail: ${trm_mail}/${mail_done}"
+	f_log "debug" "f_jsnup   ::: section: ${section:-"-"}, status: ${status:-"-"}, sta_iface: ${sta_iface:-"-"}, sta_radio: ${sta_radio:-"-"}, sta_essid: ${sta_essid:-"-"}, sta_bssid: ${sta_bssid:-"-"}, ntp: ${ntp_done}, vpn: ${vpn:-"0"}/${vpn_done}, mail: ${trm_mail}/${mail_done}"
 }
 
 # write to syslog
 #
-f_log()
-{
-	local IFS class="${1}" log_msg="${2}"
+f_log() {
+	local class="${1}" log_msg="${2}"
 
-	if [ -n "${log_msg}" ] && { [ "${class}" != "debug" ] || [ "${trm_debug}" = "1" ]; }
-	then
-		if [ -x "${trm_logger}" ]
-		then
+	if [ -n "${log_msg}" ] && { [ "${class}" != "debug" ] || [ "${trm_debug}" = "1" ]; }; then
+		if [ -x "${trm_logger}" ]; then
 			"${trm_logger}" -p "${class}" -t "trm-${trm_ver}[${$}]" "${log_msg}"
 		else
-			printf "%s %s %s\\n" "${class}" "trm-${trm_ver}[${$}]" "${log_msg}"
+			printf "%s %s %s\n" "${class}" "trm-${trm_ver}[${$}]" "${log_msg}"
 		fi
-		if [ "${class}" = "err" ]
-		then
+		if [ "${class}" = "err" ]; then
 			trm_ifstatus="error"
 			f_jsnup
-			> "${trm_pidfile}"
+			: >"${trm_pidfile}"
 			exit 1
 		fi
 	fi
@@ -822,19 +868,16 @@ f_log()
 
 # main function for connection handling
 #
-f_main()
-{
-	local IFS cnt retrycnt spec scan_dev scan_list scan_essid scan_bssid scan_open scan_quality
-	local station_id section sta sta_essid sta_bssid sta_radio sta_iface sta_mac config_essid config_bssid config_radio
+f_main() {
+	local radio cnt retrycnt scan_dev scan_list scan_essid scan_bssid scan_open scan_quality station_id section
+	local sta sta_essid sta_bssid sta_radio sta_mac open_sta open_essid config_radio config_essid config_bssid
 
 	f_check "initial" "false"
-	f_log "debug" "f_main    ::: status: ${trm_ifstatus}, proactive: ${trm_proactive}"
-	if [ "${trm_ifstatus}" != "true" ] || [ "${trm_proactive}" = "1" ]
-	then
+	f_log "debug" "f_main-1  ::: status: ${trm_ifstatus}, proactive: ${trm_proactive}"
+	if [ "${trm_ifstatus}" != "true" ] || [ "${trm_proactive}" = "1" ]; then
 		config_load wireless
-		config_foreach f_prepif wifi-iface ${trm_proactive}
-		if [ "${trm_ifstatus}" = "true" ] && [ -n "${trm_activesta}" ] && [ "${trm_proactive}" = "1" ]
-		then
+		config_foreach f_setif wifi-iface "${trm_proactive}"
+		if [ "${trm_ifstatus}" = "true" ] && [ -n "${trm_activesta}" ] && [ "${trm_proactive}" = "1" ]; then
 			json_get_var station_id "station_id"
 			config_radio="${station_id%%/*}"
 			config_essid="${station_id%/*}"
@@ -842,55 +885,54 @@ f_main()
 			config_bssid="${station_id##*/}"
 			config_bssid="${config_bssid//-/}"
 			f_check "dev" "true"
-			f_log "debug" "f_main    ::: config_radio: ${config_radio}, config_essid: \"${config_essid}\", config_bssid: ${config_bssid:-"-"}"
+			f_log "debug" "f_main-2  ::: config_radio: ${config_radio}, config_essid: \"${config_essid}\", config_bssid: ${config_bssid:-"-"}"
 		else
 			uci_commit "wireless"
 			f_check "dev" "false"
 		fi
-		f_log "debug" "f_main    ::: radio_list: ${trm_radiolist}, sta_list: ${trm_stalist:0:${trm_scanbuffer}}"
+		f_log "debug" "f_main-3  ::: radio_list: ${trm_radiolist:-"-"}, sta_list: ${trm_stalist:-"-"}"
 
 		# radio loop
 		#
-		for radio in ${trm_radiolist}
-		do
-			if [ -z "$(printf "%s" "${trm_stalist}" | grep -o "\\-${radio}")" ]
-			then
-				f_log "info" "no station on radio '${radio}'"
-				continue
+		for radio in ${trm_radiolist}; do
+			if ! printf "%s" "${trm_stalist}" | grep -q "\\-${radio}"; then
+				if [ "${trm_autoadd}" = "0" ]; then
+					f_log "info" "no enabled station on radio '${radio}'"
+					continue
+				fi
 			fi
+			scan_list=""
 
 			# station loop
 			#
-			for sta in ${trm_stalist}
-			do
-				section="${sta%%-*}"
-				sta_radio="$(uci_get "wireless" "${section}" "device")"
-				sta_essid="$(uci_get "wireless" "${section}" "ssid")"
-				sta_bssid="$(uci_get "wireless" "${section}" "bssid")"
-				sta_iface="$(uci_get "wireless" "${section}" "network")"
-				sta_mac="$(f_mac "get" "${section}")"
-				if [ -z "${sta_radio}" ] || [ -z "${sta_essid}" ] || [ -z "${sta_iface}" ]
-				then
-					f_log "info" "invalid wireless section '${section}'"
-					continue
+			for sta in ${trm_stalist:-"${radio}"}; do
+				if [ "${sta}" != "${radio}" ]; then
+					section="${sta%%-*}"
+					sta_radio="$(uci_get "wireless" "${section}" "device")"
+					sta_essid="$(uci_get "wireless" "${section}" "ssid")"
+					sta_bssid="$(uci_get "wireless" "${section}" "bssid")"
+					sta_mac="$(f_mac "get" "${section}")"
+					if [ -z "${sta_radio}" ] || [ -z "${sta_essid}" ]; then
+						f_log "info" "invalid wireless section '${section}'"
+						continue
+					fi
+					if [ -n "${trm_connection}" ] && [ "${radio}" = "${config_radio}" ] && [ "${sta_radio}" = "${config_radio}" ] &&
+						[ "${sta_essid}" = "${config_essid}" ] && [ "${sta_bssid}" = "${config_bssid}" ]; then
+						f_ctrack "refresh"
+						f_vpn "enable_keep"
+						f_log "debug" "f_main-4  ::: config_radio: ${config_radio}, config_essid: ${config_essid}, config_bssid: ${config_bssid:-"-"}"
+						return 0
+					fi
+					f_log "debug" "f_main-5  ::: sta_radio: ${sta_radio}, sta_essid: \"${sta_essid}\", sta_bssid: ${sta_bssid:-"-"}"
 				fi
-				if [ "${sta_radio}" = "${config_radio}" ] && [ "${sta_essid}" = "${config_essid}" ] && [ "${sta_bssid}" = "${config_bssid}" ]
-				then
-					f_contrack "refresh" "${config_radio}" "${config_essid}" "${config_bssid}"
-					f_log "info" "uplink still in range '${config_radio}/${config_essid}/${config_bssid:-"-"}' with mac '${sta_mac:-"-"}'"
-					break 2
-				fi
-				f_log "debug" "f_main    ::: sta_radio: ${sta_radio}, sta_essid: \"${sta_essid}\", sta_bssid: ${sta_bssid:-"-"}"
-				if [ -z "${scan_list}" ]
-				then
-					scan_dev="$(ubus -S call network.wireless status 2>/dev/null | jsonfilter -l1 -e "@.${radio}.interfaces[0].ifname")"
-					scan_list="$("${trm_iwinfo}" "${scan_dev:-${radio}}" scan 2>/dev/null | \
-						awk 'BEGIN{FS="[[:space:]]"}/Address:/{var1=$NF}/ESSID:/{var2="";for(i=12;i<=NF;i++)if(var2==""){var2=$i}else{var2=var2" "$i};
-						gsub(/,/,".",var2)}/Quality:/{split($NF,var0,"/")}/Encryption:/{if($NF=="none"){var3="+"}else{var3="-"};printf "%i,%s,%s,%s\n",(var0[1]*100/var0[2]),var1,var2,var3}' | \
-						sort -rn | awk -v buf="${trm_scanbuffer}" 'BEGIN{ORS=","}{print substr($0,1,buf)}')"
-					f_log "debug" "f_main    ::: radio: ${radio}, scan_device: ${scan_dev}, scan_buffer: ${trm_scanbuffer}, scan_list: ${scan_list:-"-"}"
-					if [ -z "${scan_list}" ]
-					then
+				if [ -z "${scan_list}" ]; then
+					scan_dev="$("${trm_ubuscmd}" -S call network.wireless status 2>/dev/null | "${trm_jsoncmd}" -ql1 -e "@.${radio}.interfaces[0].ifname")"
+					scan_list="$("${trm_iwinfo}" "${scan_dev:-${radio}}" scan 2>/dev/null |
+						awk 'BEGIN{FS="[[:space:]]"}/Address:/{var1=$NF}/ESSID:/{var2="";for(i=12;i<=NF;i++)if(var2==""){var2=$i}else{var2=var2" "$i}}
+						/Quality:/{split($NF,var0,"/")}/Encryption:/{if($NF=="none"){var3="+"}else{var3="-"};
+						printf "%i %s %s %s\n",(var0[1]*100/var0[2]),var3,var1,var2}' | sort -rn)"
+					f_log "debug" "f_main-6  ::: radio: ${radio}, scan_device: ${scan_dev}, scan_cnt: $(printf "%s" "${scan_list}" | grep -c "^")"
+					if [ -z "${scan_list}" ]; then
 						f_log "info" "no scan results on '${radio}'"
 						continue 2
 					fi
@@ -898,153 +940,127 @@ f_main()
 
 				# scan loop
 				#
-				IFS=","
-				for spec in ${scan_list}
-				do
-					if [ -z "${scan_quality}" ]
-					then
-						scan_quality="${spec}"
-					elif [ -z "${scan_bssid}" ]
-					then
-						scan_bssid="${spec}"
-					elif [ -z "${scan_essid}" ]
-					then
-						scan_essid="${spec}"
-					elif [ -z "${scan_open}" ]
-					then
-						scan_open="${spec}"
-					fi
-					if [ -n "${scan_quality}" ] && [ -n "${scan_bssid}" ] && [ -n "${scan_essid}" ] && [ -n "${scan_open}" ]
-					then
-						if [ "${scan_quality}" -ge "${trm_minquality}" ]
-						then
-							if { { [ "${scan_essid}" = "\"${sta_essid//,/.}\"" ] && { [ -z "${sta_bssid}" ] || [ "${scan_bssid}" = "${sta_bssid}" ]; } } || \
-								{ [ "${scan_bssid}" = "${sta_bssid}" ] && [ "${scan_essid}" = "unknown" ]; } } && [ "${radio}" = "${sta_radio}" ]
-							then
-								f_vpn "disable"
-								f_log "debug" "f_main    ::: scan_quality: ${scan_quality}, scan_essid: ${scan_essid}, scan_bssid: ${scan_bssid:-"-"}, scan_open: ${scan_open}"
-								if [ -n "${config_radio}" ]
-								then
+				while read -r scan_quality scan_open scan_bssid scan_essid; do
+					if [ -n "${scan_quality}" ] && [ -n "${scan_open}" ] && [ -n "${scan_bssid}" ] && [ -n "${scan_essid}" ]; then
+						f_log "debug" "f_main-7  ::: radio(sta/scan): ${sta_radio}/${radio}, essid(sta/scan): \"${sta_essid}\"/${scan_essid}, bssid(sta/scan): ${sta_bssid}/${scan_bssid}, quality(min/scan): ${trm_minquality}/${scan_quality}, open: ${scan_open}"
+						if [ "${scan_quality}" -lt "${trm_minquality}" ]; then
+							continue 2
+						elif [ "${scan_quality}" -ge "${trm_minquality}" ]; then
+							if [ "${trm_autoadd}" = "1" ] && [ "${scan_open}" = "+" ] && [ "${scan_essid}" != "unknown" ]; then
+								open_essid="${scan_essid%?}"
+								open_essid="${open_essid:1}"
+								open_sta="$(f_addsta "${radio}" "${open_essid}")"
+								if [ -n "${open_sta}" ]; then
+									section="${open_sta%%-*}"
+									sta_radio="$(uci_get "wireless" "${section}" "device")"
+									sta_essid="$(uci_get "wireless" "${section}" "ssid")"
+									sta_bssid=""
+									sta_mac=""
+								fi
+							fi
+							if { { [ "${scan_essid}" = "\"${sta_essid}\"" ] && { [ -z "${sta_bssid}" ] || [ "${scan_bssid}" = "${sta_bssid}" ]; }; } ||
+								{ [ "${scan_bssid}" = "${sta_bssid}" ] && [ "${scan_essid}" = "unknown" ]; }; } && [ "${radio}" = "${sta_radio}" ]; then
+								if [ -n "${config_radio}" ]; then
+									f_vpn "disable"
 									uci_set "wireless" "${trm_activesta}" "disabled" "1"
 									uci_commit "wireless"
-									f_contrack "end" "${config_radio}" "${config_essid}" "${config_bssid}"
+									f_check "rev" "false"
+									f_ctrack "end"
 									f_log "info" "uplink connection terminated '${config_radio}/${config_essid}/${config_bssid:-"-"}'"
-									unset trm_connection config_radio config_essid config_bssid
+									unset config_radio config_essid config_bssid
 								fi
 
 								# retry loop
 								#
-								retrycnt=1
-								trm_radio="${sta_radio}"
-								while [ "${retrycnt}" -le "${trm_maxretry}" ]
-								do
-									if [ "${trm_randomize}" = "1" ]
-									then
-										sta_mac="$(f_mac "set" "${section}")"
-									fi
+								retrycnt="1"
+								f_getcfg "${sta_radio}" "${sta_essid}" "${sta_bssid}"
+								while [ "${retrycnt}" -le "${trm_maxretry}" ]; do
+									sta_mac="$(f_mac "set" "${section}")"
 									uci_set "wireless" "${section}" "disabled" "0"
 									f_check "sta" "false" "${sta_radio}" "${sta_essid}" "${sta_bssid}"
-									if [ "${trm_ifstatus}" = "true" ]
-									then
-										unset IFS scan_list
+									if [ "${trm_ifstatus}" = "true" ]; then
 										rm -f "${trm_mailfile}"
 										uci_commit "wireless"
-										f_contrack "start" "${sta_radio}" "${sta_essid}" "${sta_bssid}"
-										if [ "${trm_randomize}" = "0" ]
-										then
-											sta_mac="$(f_mac "get" "${section}")"
-										fi
+										f_ctrack "start"
 										f_log "info" "connected to uplink '${sta_radio}/${sta_essid}/${sta_bssid:-"-"}' with mac '${sta_mac:-"-"}' (${retrycnt}/${trm_maxretry})"
+										f_vpn "enable"
 										return 0
 									else
 										uci -q revert "wireless"
 										f_check "rev" "false"
-										if [ "${retrycnt}" = "${trm_maxretry}" ]
-										then
-											f_contrack "disabled" "${sta_radio}" "${sta_essid}" "${sta_bssid}"
+										if [ "${retrycnt}" = "${trm_maxretry}" ]; then
+											f_ctrack "disabled"
 											f_log "info" "uplink has been disabled '${sta_radio}/${sta_essid}/${sta_bssid:-"-"}' (${retrycnt}/${trm_maxretry})"
-											break 2
+											continue 2
 										else
 											f_jsnup
 											f_log "info" "can't connect to uplink '${sta_radio}/${sta_essid}/${sta_bssid:-"-"}' (${retrycnt}/${trm_maxretry})"
 										fi
 									fi
-									retrycnt="$((retrycnt+1))"
-									sleep "$((trm_maxwait/6))"
+									retrycnt="$((retrycnt + 1))"
+									sleep "$((trm_maxwait / 6))"
 								done
-							elif [ "${trm_autoadd}" = "1" ] && [ "${scan_open}" = "+" ] && [ "${scan_essid}" != "unknown" ]
-							then
-								scan_essid="${scan_essid%?}"
-								scan_essid="${scan_essid:1}"
-								f_addif "${sta_radio}" "${scan_essid}"
 							fi
-							unset scan_quality scan_bssid scan_essid scan_open
-							continue
-						else
-							unset scan_quality scan_bssid scan_essid scan_open
-							continue
 						fi
 					fi
-				done
-				unset IFS scan_quality scan_bssid scan_essid scan_open
+				done <<-EOV
+					${scan_list}
+				EOV
 			done
-			unset scan_list
 		done
 	fi
 }
 
+# get travelmate version
+#
+trm_ver="$("${trm_ubuscmd}" -S call rpc-sys packagelist '{ "all": true }' 2>/dev/null | "${trm_jsoncmd}" -ql1 -e '@.packages.travelmate')"
+
 # source required system libraries
 #
-if [ -r "/lib/functions.sh" ] && [ -r "/usr/share/libubox/jshn.sh" ]
-then
+if [ -r "/lib/functions.sh" ] && [ -r "/lib/functions/network.sh" ] && [ -r "/usr/share/libubox/jshn.sh" ]; then
 	. "/lib/functions.sh"
+	. "/lib/functions/network.sh"
 	. "/usr/share/libubox/jshn.sh"
 else
 	f_log "err" "system libraries not found"
 fi
 
+# force ntp restart/sync
+#
+if [ -f "/etc/init.d/sysntpd" ] && [ ! -s "${trm_ntpfile}" ]; then
+	/etc/init.d/sysntpd restart >/dev/null 2>&1
+	f_log "debug" "ntp time sync requested"
+fi
+
 # control travelmate actions
 #
-if [ "${trm_action}" != "stop" ]
-then
-	f_env
-fi
-while true
-do
-	if [ -z "${trm_action}" ]
-	then
-		rc=0
-		while true
-		do
-			if [ "${rc}" = "0" ]
-			then
-				f_check "initial" "false"
-			fi
-			sleep "${trm_timeout}" 0
-			rc=${?}
-			if [ "${rc}" != "0" ]
-			then
-				f_check "initial" "false"
-			fi
-			if [ "${rc}" = "0" ] || { [ "${rc}" != "0" ] && [ "${trm_ifstatus}" = "false" ]; }
-			then
-				break
-			fi
-		done
-	elif [ "${trm_action}" = "stop" ]
-	then
-		if [ -s "${trm_pidfile}" ]
-		then
+while true; do
+	if [ "${trm_action}" = "stop" ]; then
+		if [ -s "${trm_pidfile}" ]; then
 			f_log "info" "travelmate instance stopped ::: action: ${trm_action}, pid: $(cat ${trm_pidfile} 2>/dev/null)"
-			> "${trm_rtfile}"
-			> "${trm_pidfile}"
+			: >"${trm_rtfile}"
+			: >"${trm_pidfile}"
 		fi
 		break
-	else
+	elif [ -n "${trm_action}" ]; then
 		f_log "info" "travelmate instance started ::: action: ${trm_action}, pid: ${$}"
+		f_env
+		f_main
+		unset trm_action
 	fi
+	while true; do
+		sleep "${trm_timeout}" 0
+		rc="${?}"
+		if [ "${rc}" != "0" ]; then
+			if [ -z "$(f_getgw)" ]; then
+				rc="0"
+			fi
+		fi
+		if [ "${rc}" = "0" ]; then
+			break
+		fi
+	done
 	json_cleanup
 	f_env
 	f_main
-	unset trm_action
 done
diff --git a/net/travelmate/files/travelmate.vpn b/net/travelmate/files/travelmate.vpn
index 94da997a..77c94634 100755
--- a/net/travelmate/files/travelmate.vpn
+++ b/net/travelmate/files/travelmate.vpn
@@ -1,153 +1,90 @@
 #!/bin/sh
-# vpn switch for travelmate
-# Copyright (c) 2020 Dirk Brenken (dev@brenken.org)
+# vpn handler called by travelmate
+# Copyright (c) 2020-2023 Dirk Brenken (dev@brenken.org)
 # This is free software, licensed under the GNU General Public License v3.
 
 # set (s)hellcheck exceptions
-# shellcheck disable=1091,2016,2039,2059,2086,2143,2181,2188
+# shellcheck disable=all
 
 # Please note: you have to setup the package 'wireguard' or 'openvpn' before using this script
 
+. "/lib/functions.sh"
+
 export LC_ALL=C
 export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-set -o pipefail
 
-if [ "$(uci_get 2>/dev/null; printf "%u" "${?}")" = "127" ]
-then
-	. "/lib/functions.sh"
-fi
-
-vpn_action="${1}"
-trm_vpnservice="$(uci_get travelmate global trm_vpnservice)"
-trm_vpniface="$(uci_get travelmate global trm_vpniface)"
-trm_landevice="$(uci_get travelmate global trm_landevice)"
+vpn="${1}"
+vpn_action="${2}"
+vpn_service="${3}"
+vpn_iface="${4}"
+vpn_instance="${5}"
 trm_maxwait="$(uci_get travelmate global trm_maxwait "30")"
-trm_captiveurl="$(uci_get travelmate global trm_captiveurl "http://captive.apple.com")"
-trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0")"
-trm_iptrule_accept="FORWARD -i ${trm_landevice} -p tcp  --match multiport --dports 80,443 -j ACCEPT"
-trm_iptrule_drop="FORWARD -i ${trm_landevice} -j DROP"
-trm_iptables="$(command -v iptables)"
+trm_captiveurl="$(uci_get travelmate global trm_captiveurl "http://detectportal.firefox.com")"
+trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/118.0")"
+trm_ubuscmd="$(command -v ubus)"
+trm_jsoncmd="$(command -v jsonfilter)"
 trm_logger="$(command -v logger)"
 trm_fetch="$(command -v curl)"
+trm_vpnfile="/var/state/travelmate.vpn"
 
-f_log()
-{
-	local class="${1}" log_msg="${2}"
+f_net() {
+	local json_rc
 
-	if [ -x "${trm_logger}" ]
-	then
-		"${trm_logger}" -p "${class}" -t "trm-vpn  [${$}]" "${log_msg}"
-	else
-		printf "%s %s %s\\n" "${class}" "trm-vpn  [${$}]" "${log_msg}"
+	json_rc="$(${trm_fetch} --user-agent "${trm_useragent}" --referer "http://www.example.com" --header "Cache-Control: no-cache, no-store, must-revalidate, max-age=0" --write-out "%{response_code}" --silent --output /dev/null --max-time $((trm_maxwait / 6)) "${trm_captiveurl}")"
+	if [ "${json_rc}" = "200" ] || [ "${json_rc}" = "204" ]; then
+		json_rc="net ok"
 	fi
+	printf "%s" "${json_rc}"
 }
 
-f_net()
-{
-	local IFS json_raw json_rc result="net nok"
-
-	json_raw="$(${trm_fetch} --user-agent "${trm_useragent}" --referer "http://www.example.com" --write-out "%{json}" --silent --show-error --connect-timeout $((trm_maxwait/10)) "${trm_captiveurl}" 2>/dev/null)"
-	json_raw="${json_raw#*\{}"
-	if [ -n "${json_raw}" ]
-	then
-		json_rc="$(printf "%s" "{${json_raw}" | jsonfilter -l1 -e '@.response_code' 2>/dev/null)"
-		if [ "${json_rc}" = "200" ] || [ "${json_rc}" = "204" ]
-		then
-			result="net ok"
-		fi
+if [ "${vpn}" = "1" ] && [ "${vpn_action%_*}" = "enable" ]; then
+	if [ "${vpn_action}" = "enable_keep" ]; then
+		vpn_status="$("${trm_ubuscmd}" -S call network.interface."${vpn_iface}" status 2>/dev/null | "${trm_jsoncmd}" -ql1 -e '@.up')"
 	fi
-	printf "%s" "${result}"
-}
-
-if [ -n "${trm_vpnservice}" ] && [ -n "${trm_vpniface}" ] && [ -n "${trm_landevice}" ] && [ -f "/tmp/trm_runtime.json" ]
-then
-	status="$(jsonfilter -i "/tmp/trm_runtime.json" -l1 -e '@.data.travelmate_status' 2>/dev/null)"
-	vpn_status="$(ubus -S call network.interface."${trm_vpniface}" status 2>/dev/null | jsonfilter -l1 -e '@.up')"
-	if [ "${vpn_action}" = "disable" ] && [ "${vpn_status}" = "true" ]
-	then
-		if [ -n "$("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_drop} 2>&1)" ] && \
-			[ -n "$("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_accept} 2>&1)" ]
-		then
-			"${trm_iptables}" "-w $((trm_maxwait/6))" -I ${trm_iptrule_drop} 2>&1
-			f_log "info" "lan forward blocked for device '${trm_landevice}'"
+	if [ "${vpn_action}" = "enable" ] || [ "${vpn_status}" != "true" ]; then
+		if [ "${vpn_status}" != "true" ]; then
+			/sbin/ifdown "${vpn_iface}"
+			"${trm_ubuscmd}" -S call network.interface."${vpn_iface}" remove >/dev/null 2>&1
 		fi
-	fi
-	if [ "${vpn_action}" = "disable" ] && [ "${status%% (net cp *}" = "connected" ]
-	then
-		if [ -n "$("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_accept} 2>&1)" ] && \
-			[ -z "$("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_drop} 2>&1)" ]
-		then
-			"${trm_iptables}" "-w $((trm_maxwait/6))" -I ${trm_iptrule_accept} 2>&1
-			f_log "info" "lan forward on ports 80/443 freed for device '${trm_landevice}'"
+		if [ "${vpn_service}" = "openvpn" ] && [ -n "${vpn_instance}" ] && [ -x "/etc/init.d/openvpn" ] && /etc/init.d/openvpn running "${vpn_instance}"; then
+			/etc/init.d/openvpn stop "${vpn_instance}"
+			sleep 1
 		fi
-	fi
-
-	case "${trm_vpnservice}" in
-		"wireguard")
-			if [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" != "true" ]
-			then
-				ubus call network.interface."${trm_vpniface}" up
-			elif [ "${vpn_action}" = "disable" ] && [ "${vpn_status}" = "true" ]
-			then
-				ubus call network.interface."${trm_vpniface}" down
-				f_log "info" "${trm_vpnservice} client connection disabled"
-			fi
-		;;
-		"openvpn")
-			if [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" != "true" ]
-			then
-				ubus call network.interface."${trm_vpniface}" up
-				/etc/init.d/openvpn restart >/dev/null 2>&1
-			elif [ "${vpn_action}" = "disable" ] && [ "${vpn_status}" = "true" ]
-			then
-				ubus call network.interface."${trm_vpniface}" down
-				/etc/init.d/openvpn stop >/dev/null 2>&1
-				f_log "info" "${trm_vpnservice} client connection disabled"
-			fi
-		;;
-	esac
-
-	if [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" != "true" ]
-	then
+		if [ "${vpn_service}" = "openvpn" ] && [ -n "${vpn_instance}" ] && [ -x "/etc/init.d/openvpn" ] && ! /etc/init.d/openvpn running "${vpn_instance}"; then
+			/etc/init.d/openvpn start "${vpn_instance}"
+		fi
+		/sbin/ifup "${vpn_iface}"
 		cnt=0
-		while true
-		do
-			vpn_status="$(ubus -S call network.interface."${trm_vpniface}" status 2>/dev/null | jsonfilter -l1 -e '@.up')"
-			if [ "${vpn_status}" = "true" ]
-			then
+		while true; do
+			vpn_status="$("${trm_ubuscmd}" -S call network.interface."${vpn_iface}" status 2>/dev/null | "${trm_jsoncmd}" -ql1 -e '@.up')"
+			if [ "${vpn_status}" = "true" ]; then
 				net_status="$(f_net)"
-				if [ "${net_status}" = "net ok" ]
-				then
-					f_log "info" "${trm_vpnservice} client connection enabled"
-					if [ -z "$("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_drop} 2>&1)" ]
-					then
-						"${trm_iptables}" "-w $((trm_maxwait/6))" -D ${trm_iptrule_drop} 2>&1
-						if [ -z "$("${trm_iptables}" "-w $((trm_maxwait/6))" -C ${trm_iptrule_accept} 2>&1)" ]
-						then
-							"${trm_iptables}" "-w $((trm_maxwait/6))" -D ${trm_iptrule_accept} 2>&1
-						fi
-						f_log "info" "lan forward freed for device '${trm_landevice}'"
-					fi
+				if [ "${net_status}" = "net ok" ]; then
+					: >"${trm_vpnfile}"
+					"${trm_logger}" -p "info" -t "trm-vpn  [${$}]" "${vpn_service} client connection enabled '${vpn_iface}/${vpn_instance:-"-"}'" 2>/dev/null
 					break
 				fi
 			fi
-			if [ "${cnt}" -ge "$((trm_maxwait/6))" ]
-			then
-				f_log "info" "${trm_vpnservice} restart failed, lan forward for device '${trm_landevice}' still blocked"
-				ubus call network.interface."${trm_vpniface}" down
-				exit 2
+			if [ "${cnt}" -ge "$((trm_maxwait / 3))" ]; then
+				/sbin/ifdown "${vpn_iface}"
+				"${trm_ubuscmd}" -S call network.interface."${vpn_iface}" remove >/dev/null 2>&1
+				if [ "${vpn_service}" = "openvpn" ] && [ -n "${vpn_instance}" ] && [ -x "/etc/init.d/openvpn" ] && /etc/init.d/openvpn running "${vpn_instance}"; then
+					/etc/init.d/openvpn stop "${vpn_instance}"
+				fi
+				rm -f "${trm_vpnfile}"
+				"${trm_logger}" -p "info" -t "trm-vpn  [${$}]" "${vpn_service} client connection can't be established '${vpn_iface}/${vpn_instance:-"-", rc: ${net_status:-"-"}}'" 2>/dev/null
+				return 1
 			fi
 			sleep 1
-			cnt="$((cnt+1))"
+			cnt="$((cnt + 1))"
 		done
 	fi
-	if [ "${vpn_action}" = "enable" ] && [ "${vpn_status}" = "true" ]
-	then
-		if [ -f "/etc/init.d/sysntpd" ]
-		then
-			/etc/init.d/sysntpd restart >/dev/null 2>&1
-		fi
+elif { [ "${vpn}" != "1" ] && [ "${vpn_action%_*}" = "enable" ]; } || [ "${vpn_action}" = "disable" ]; then
+	/sbin/ifdown "${vpn_iface}"
+	"${trm_ubuscmd}" -S call network.interface."${vpn_iface}" remove >/dev/null 2>&1
+	if [ "${vpn_service}" = "openvpn" ] && [ -n "${vpn_instance}" ] && [ -x "/etc/init.d/openvpn" ] && /etc/init.d/openvpn running "${vpn_instance}"; then
+		/etc/init.d/openvpn stop "${vpn_instance}"
 	fi
-	exit 0
+	rm -f "${trm_vpnfile}"
+	"${trm_logger}" -p "info" -t "trm-vpn  [${$}]" "${vpn_service} client connection disabled '${vpn_iface}/${vpn_instance:-"-"}'" 2>/dev/null
 fi
-exit 1
diff --git a/net/travelmate/files/travelmate_ntp.hotplug b/net/travelmate/files/travelmate_ntp.hotplug
index 2a215e4b..5195c03d 100755
--- a/net/travelmate/files/travelmate_ntp.hotplug
+++ b/net/travelmate/files/travelmate_ntp.hotplug
@@ -1,35 +1,16 @@
 #!/bin/sh
 # ntp hotplug script for travelmate
-# Copyright (c) 2020 Dirk Brenken (dev@brenken.org)
+# Copyright (c) 2020-2023 Dirk Brenken (dev@brenken.org)
 # This is free software, licensed under the GNU General Public License v3.
 
 # set (s)hellcheck exceptions
-# shellcheck disable=1091,2016,2039,2059,2086,2143,2181,2188
+# shellcheck disable=all
 
 trm_init="/etc/init.d/travelmate"
 trm_ntpfile="/var/state/travelmate.ntp"
 trm_logger="$(command -v logger)"
 
-f_log()
-{
-	local class="${1}" log_msg="${2}"
-
-	if [ -x "${trm_logger}" ]
-	then
-		"${trm_logger}" -p "${class}" -t "trm-ntp  [${$}]" "${log_msg}"
-	else
-		printf "%s %s %s\\n" "${class}" "trm-ntp  [${$}]" "${log_msg}"
-	fi
-}
-
-if [ "${ACTION}" = "stratum" ] && [ ! -f "${trm_ntpfile}" ] && [ "$("${trm_init}" enabled; printf "%u" ${?})" = "0" ]
-then
-	{
-		flock -xn 1001
-		if [ "$?" = "0" ]
-		then
-			f_log "info" "get ntp time sync"
-			"${trm_init}" restart
-		fi
-	} 1001>"${trm_ntpfile}"
+if [ "${ACTION}" = "stratum" ] && [ ! -s "${trm_ntpfile}" ] && "${trm_init}" enabled; then
+	printf "%s" "$(date "+%Y.%m.%d-%H:%M:%S")" > "${trm_ntpfile}"
+	"${trm_logger}" -p "info" -t "trm-ntp  [${$}]" "get ntp time sync"
 fi
diff --git a/net/travelmate/files/vodafone.login b/net/travelmate/files/vodafone.login
new file mode 100755
index 00000000..072c71a4
--- /dev/null
+++ b/net/travelmate/files/vodafone.login
@@ -0,0 +1,51 @@
+#!/bin/sh
+# captive portal auto-login script for vodafone hotspots (DE)
+# Copyright (c) 2021-2022 Dirk Brenken (dev@brenken.org)
+# This is free software, licensed under the GNU General Public License v3.
+
+# set (s)hellcheck exceptions
+# shellcheck disable=1091,3040
+
+. "/lib/functions.sh"
+
+export LC_ALL=C
+export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
+
+username="${1}"
+password="${2}"
+trm_domain="hotspot.vodafone.de"
+trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0")"
+trm_captiveurl="$(uci_get travelmate global trm_captiveurl "http://detectportal.firefox.com")"
+trm_maxwait="$(uci_get travelmate global trm_maxwait "30")"
+trm_fetch="$(command -v curl)"
+
+# get sid
+#
+redirect_url="$(${trm_fetch} --user-agent "${trm_useragent}" --referer "http://www.example.com" --connect-timeout $((trm_maxwait / 6)) --write-out "%{redirect_url}" --silent --show-error --output /dev/null "${trm_captiveurl}")"
+sid="$(printf "%s" "${redirect_url}" 2>/dev/null | awk 'BEGIN{FS="[=&]"}{printf "%s",$2}')"
+[ -z "${sid}" ] && exit 1
+
+# get session
+#
+raw_html="$("${trm_fetch}" --user-agent "${trm_useragent}" --referer "http://${trm_domain}/portal/?sid=${sid}" --silent --connect-timeout $((trm_maxwait / 6)) "https://${trm_domain}/api/v4/session?sid=${sid}")"
+session="$(printf "%s" "${raw_html}" 2>/dev/null | jsonfilter -q -l1 -e '@.session')"
+[ -z "${session}" ] && exit 2
+
+ids="$(printf "%s" "${raw_html}" 2>/dev/null | jsonfilter -q -e '@.loginProfiles[*].id' | sort -n | awk '{ORS=" ";print $0}')"
+for id in ${ids}; do
+	if [ "${id}" = "4" ]; then
+		login_id="4"
+		access_type="csc-community"
+		account_type="csc"
+		break
+	fi
+done
+[ -z "${login_id}" ] && exit 3
+
+# final login request
+#
+if [ "${login_id}" = "4" ] && [ -n "${username}" ] && [ -n "${password}" ]; then
+	raw_html="$("${trm_fetch}" --user-agent "${trm_useragent}" --referer "http://${trm_domain}/portal/?sid=${sid}" --silent --connect-timeout $((trm_maxwait / 6)) --data "loginProfile=${login_id}&accessType=${access_type}&accountType=${account_type}&password=${password}&session=${session}&username=${username}" "https://${trm_domain}/api/v4/login?sid=${sid}")"
+fi
+success="$(printf "%s" "${raw_html}" 2>/dev/null | jsonfilter -q -l1 -e '@.success')"
+[ "${success}" = "true" ] && exit 0 || exit 255
diff --git a/net/travelmate/files/wifibahn.login b/net/travelmate/files/wifibahn.login
new file mode 100755
index 00000000..422c7692
--- /dev/null
+++ b/net/travelmate/files/wifibahn.login
@@ -0,0 +1,36 @@
+#!/bin/sh
+# captive portal auto-login script for bahn/ICE hotspots (DE)
+# Copyright (c) 2020-2024 Dirk Brenken (dev@brenken.org)
+# This is free software, licensed under the GNU General Public License v3.
+
+# set (s)hellcheck exceptions
+# shellcheck disable=all
+
+. "/lib/functions.sh"
+
+export LC_ALL=C
+export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
+
+trm_domain="wifi.bahn.de"
+if ! nslookup "${trm_domain}" >/dev/null 2>&1; then
+	trm_domain="login.wifionice.de"
+	if ! nslookup "${trm_domain}" >/dev/null 2>&1; then
+		exit 1
+	fi
+fi
+
+trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:90.0) Gecko/20100101 Firefox/90.0")"
+trm_maxwait="$(uci_get travelmate global trm_maxwait "30")"
+trm_fetch="$(command -v curl)"
+
+# get security token
+#
+"${trm_fetch}" --user-agent "${trm_useragent}" --referer "http://www.example.com" --connect-timeout $((trm_maxwait / 6)) --cookie-jar "/tmp/${trm_domain}.cookie" --silent --show-error --output /dev/null "https://${trm_domain}/en/"
+sec_token="$(awk '/csrf/{print $7}' "/tmp/${trm_domain}.cookie" 2>/dev/null)"
+rm -f "/tmp/${trm_domain}.cookie"
+[ -z "${sec_token}" ] && exit 2
+
+# final post request
+#
+raw_html="$("${trm_fetch}" --user-agent "${trm_useragent}" --connect-timeout $((trm_maxwait / 6)) --header "Cookie: csrf=${sec_token}" --data "login=true&CSRFToken=${sec_token}" --silent --show-error "https://${trm_domain}/en/")"
+[ -z "${raw_html}" ] && exit 0 || exit 255
diff --git a/net/travelmate/files/wifionice.login b/net/travelmate/files/wifionice.login
deleted file mode 100755
index c74a2bf1..00000000
--- a/net/travelmate/files/wifionice.login
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/sh
-# captive portal auto-login script for german ICE hotspots
-# Copyright (c) 2020 Dirk Brenken (dev@brenken.org)
-# This is free software, licensed under the GNU General Public License v3.
-
-# set (s)hellcheck exceptions
-# shellcheck disable=1091,2016,2039,2059,2086,2143,2181,2188
-
-export LC_ALL=C
-export PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-set -o pipefail
-
-if [ "$(uci_get 2>/dev/null; printf "%u" "${?}")" = "127" ]
-then
-	. "/lib/functions.sh"
-fi
-
-trm_domain="www.wifionice.de"
-trm_useragent="$(uci_get travelmate global trm_useragent "Mozilla/5.0 (Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0")"
-trm_maxwait="$(uci_get travelmate global trm_maxwait "30")"
-trm_fetch="$(command -v curl)"
-
-# initial get request to receive & extract a valid security token
-#
-"${trm_fetch}" --user-agent "${trm_useragent}" --referer "http://www.example.com" --silent --connect-timeout $((trm_maxwait/6)) --cookie-jar "/tmp/${trm_domain}.cookie" --output /dev/null "http://${trm_domain}/en/"
-if [ -f "/tmp/${trm_domain}.cookie" ]
-then
-	sec_token="$(awk '/csrf/{print $7}' "/tmp/${trm_domain}.cookie")"
-	rm -f "/tmp/${trm_domain}.cookie"
-else
-	exit 2
-fi
-
-# final post request/login with valid session cookie/security token
-#
-if [ -n "${sec_token}" ]
-then
-	"${trm_fetch}" --user-agent "${trm_useragent}" --silent --connect-timeout $((trm_maxwait/6)) --header "Cookie: csrf=${sec_token}" --data "login=true&CSRFToken=${sec_token}&connect=" --output /dev/null "http://${trm_domain}/en/"
-else
-	exit 3
-fi