[RFC PATCH v4 07/10] Added VPN Connectivity to previous added Hood-Management
Jan Kraus
mayosemmel at googlemail.com
Fr Aug 19 20:45:19 CEST 2016
Signed-off-by: Jan Kraus <mayosemmel at gmail.com>
---
src/packages/fff/fff-fastd/Makefile | 3 +-
.../fff-fastd/files/etc/uci-defaults/55_fff-fastd | 37 ++++---
.../fff/fff-fastd/files/usr/lib/micron.d/fff-fastd | 1 -
.../fff/fff-vpn-select/files/usr/sbin/vpn-select | 111 +++++++++++++--------
4 files changed, 92 insertions(+), 60 deletions(-)
delete mode 100644 src/packages/fff/fff-fastd/files/usr/lib/micron.d/fff-fastd
diff --git a/src/packages/fff/fff-fastd/Makefile b/src/packages/fff/fff-fastd/Makefile
index a544e02..f572a39 100644
--- a/src/packages/fff/fff-fastd/Makefile
+++ b/src/packages/fff/fff-fastd/Makefile
@@ -19,7 +19,8 @@ define Package/fff-fastd
+ at FASTD_ENABLE_CIPHER_NULL \
+ at FASTD_WITH_STATUS_SOCKET \
+fastd \
- +fff-random
+ +fff-random \
+ +fff-hoods
endef
define Package/fff-fastd/description
diff --git a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
index 8ce8425..e1871cc 100644
--- a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
+++ b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
@@ -1,28 +1,27 @@
/etc/init.d/fastd disable
-. /etc/community.cfg
project="$VPN_PROJECT"
>/etc/config/fastd
uci batch <<EOF
- set fastd.${project}='fastd'
- set fastd.${project}.enabled='1'
- set fastd.${project}.config_peer_dir="/etc/fastd/${project}/peers"
- set fastd.${project}.syslog_level='warn'
- set fastd.${project}.method='null'
- set fastd.${project}.mode='tap'
- set fastd.${project}.interface="${project}VPN"
- set fastd.${project}.mtu='1426'
- set fastd.${project}.on_up="/etc/fastd/${project}/up.sh"
- set fastd.${project}.secure_handshakes='0'
- set fastd.${project}.secret="generate"
+ set fastd.FFF='fastd'
+ set fastd.FFF.enabled='1'
+ set fastd.FFF.config_peer_dir="/etc/fastd/FFF/peers"
+ set fastd.FFF.syslog_level='warn'
+ set fastd.FFF.method='null'
+ set fastd.FFF.mode='tap'
+ set fastd.FFF.interface="FFFVPN"
+ set fastd.FFF.mtu='1426'
+ set fastd.FFF.on_up="/etc/fastd/FFF/up.sh"
+ set fastd.FFF.secure_handshakes='0'
+ set fastd.FFF.secret="generate"
EOF
-[ ! -d /etc/fastd/${project} ] && mkdir -p /etc/fastd/${project}
-ln -s /tmp/fastd_${project}_peers /etc/fastd/${project}/peers
-echo "#!/bin/sh" > /etc/fastd/${project}/up.sh
-echo "ip link set up dev ${project}VPN" >> /etc/fastd/${project}/up.sh
-echo "echo enable > /sys/devices/virtual/net/${project}VPN/batman_adv/no_rebroadcast" >> /etc/fastd/${project}/up.sh
-echo "batctl if add ${project}VPN" >> /etc/fastd/${project}/up.sh
-chmod +x /etc/fastd/${project}/up.sh
+[ ! -d /etc/fastd/FFF ] && mkdir -p /etc/fastd/FFF
+ln -s /tmp/fastd_FFF_peers /etc/fastd/FFF/peers
+echo "#!/bin/sh" > /etc/fastd/FFF/up.sh
+echo "ip link set up dev FFFVPN" >> /etc/fastd/FFF/up.sh
+echo "echo enable > /sys/devices/virtual/net/FFFVPN/batman_adv/no_rebroadcast" >> /etc/fastd/FFF/up.sh
+echo "batctl if add FFFVPN" >> /etc/fastd/FFF/up.sh
+chmod +x /etc/fastd/FFF/up.sh
diff --git a/src/packages/fff/fff-fastd/files/usr/lib/micron.d/fff-fastd b/src/packages/fff/fff-fastd/files/usr/lib/micron.d/fff-fastd
deleted file mode 100644
index 9399c4f..0000000
--- a/src/packages/fff/fff-fastd/files/usr/lib/micron.d/fff-fastd
+++ /dev/null
@@ -1 +0,0 @@
-*/10 * * * * sleep $(/usr/bin/random 0 29); sh /usr/sbin/fastdstart
diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
index c1e64e2..4c1efcb 100755
--- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
+++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
@@ -1,40 +1,74 @@
#!/bin/sh
+. /usr/share/libubox/jshn.sh
+. /usr/lib/validate_ip
+
test -f /tmp/started || exit
+hood="$(uci get system. at system[0].hood)"
+
make_config() {
-# remove old config
->/etc/config/tunneldigger
-rm /tmp/fastd_${project}_peers/*
-count=0
-# get fastd peers
-pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable)
-wget -T15 "http://keyserver.freifunk-franken.de/${project}/geo.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/fastd_${project}_output
-filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_${project}_output)
-for file in $filecounts; do
- awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_${project}_output | sed 's/ float;/;/g' > /etc/fastd/$project/peers/$file
- echo 'float yes;' >> /etc/fastd/$project/peers/$file
+ # remove old config
+ >/etc/config/tunneldigger
+ rm -f /tmp/fastd_FFF_peers/*
+ rm -f /etc/fastd/FFF/peers/*
- # ask for Broker and select the tunnel
- IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/${project}/peers/$file)
- if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then
- # Gateway offers l2tp
- FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/${project}/peers/$file)
- L2PORT=$((FDPORT + 10000))
- UUID=$hostname
+ json_load "$(cat /etc/hoods/$hood.hood)"
+ json_select vpn
+ local Index="1"
+ while json_select $Index > /dev/null
+ do
+ json_get_var protocol protocol
+ if [ "$protocol" == "fastd" ]
+ then
+ json_get_var servername name
+ echo "#name \"$servername\";" > /etc/fastd/FFF/peers/$servername
+ json_get_var key key
+ echo "key \"$key\";" >> /etc/fastd/FFF/peers/$servername
+ json_get_var address address
+ json_get_var port port
+ if valid_ip4 "$address"
+ then
+ echo "remote ipv4 \"$address\" port $port;" >> /etc/fastd/FFF/peers/$servername
+ elif valid_ip6 "$address"
+ then
+ echo "remote ipv6 \"$address\" port $port;" >> /etc/fastd/FFF/peers/$servername
+ else
+ echo "Invalid IP-Address provided!"
+ rm -f "/etc/fastd/FFF/peers/$servername"
+ json_select ".."
+ Index=$((Index+1))
+ continue
+ fi
+ echo "float yes;" >> /etc/fastd/FFF/peers/$servername
+ elif [ "$protocol" == "$fastd"]
+ then
+ json_get_var address address
+ if ! valid_ip4 "$address" && ! valid_ip6 "$address"
+ then
+ json_select ".."
+ Index=$((Index+1))
+ continue
+ fi
- uci set tunneldigger.$count=broker
- uci set tunneldigger.$count.address="$IP:$L2PORT"
- uci set tunneldigger.$count.uuid="$UUID"
- uci set tunneldigger.$count.interface="l2tp$count"
- uci set tunneldigger.$count.enabled="1"
- uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook'
- uci commit tunneldigger
- count=$((count + 1))
- # remove this fastd-peer
- rm /etc/fastd/${project}/peers/$file
- fi
-done
+ json_get_var port port
+
+ uci set tunneldigger.$Index=broker
+ uci set tunneldigger.$Index.address="$address:$port"
+ uci set tunneldigger.$Index.uuid="$hostname"
+ uci set tunneldigger.$Index.interface="l2tp$Index"
+ uci set tunneldigger.$Index.enabled="1"
+ uci set tunneldigger.$Index.hook_script='/etc/tunneldigger/tunneldigger.hook'
+ uci commit tunneldigger
+ else
+ echo "protocol $protocol is not supported by this script"
+ json_select ".."
+ Index=$((Index+1))
+ continue
+ fi
+ json_select ".."
+ Index=$((Index+1))
+ done
}
# main
@@ -48,22 +82,18 @@ if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then
# set some vars
- . /etc/community.cfg
- project="$VPN_PROJECT"
mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
- lat=$(uci get system. at system[0].latitude)
- long=$(uci get system. at system[0].longitude)
hostname=$(cat /proc/sys/kernel/hostname)
[ "$hostname" = "OpenWrt" ] && hostname=""
[ "$hostname" = "" ] && hostname="$mac"
- if [ ! -d /tmp/fastd_${project}_peers ]; then
+ if [ ! -d /tmp/fastd_FFF_peers ]; then
# first run after reboot
- mkdir /tmp/fastd_${project}_peers
+ mkdir /tmp/fastd_FFF_peers
# do we have a fastd secret
- if ! egrep "option secret '[0-9a-f]{64}'" /etc/config/fastd &>dev/null; then
+ if ! egrep "option secret '[0-9a-f]{64}'" /etc/config/fastd &>/dev/null; then
secret=$(fastd --generate-key 2>&1 | awk '/[Ss]ecret/ { print $2 }')
- uci set fastd.${project}.secret="$secret"
+ uci set fastd.FFF.secret="$secret"
uci commit fastd
fi
make_config
@@ -77,4 +107,7 @@ if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
[ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger restart
/etc/init.d/fastd reload
fi
-fi
+else
+ echo "Der Router kann keine Verbindung zum VPN-Server aufbauen"
+ echo "$0 macht nichts!"
+fi
\ No newline at end of file
--
2.1.4
Mehr Informationen über die Mailingliste franken-dev