[RFC v6 08/11] Added VPN Connectivity to previous added Hood-Management

Jan Kraus mayosemmel at googlemail.com
Mo Dez 5 21:40:46 CET 2016

Signed-off-by: Jan Kraus <mayosemmel at gmail.com>
 src/packages/fff/fff-fastd/Makefile                |   3 +-
 .../fff-fastd/files/etc/uci-defaults/55_fff-fastd  |  37 ++++---
 .../fff/fff-fastd/files/usr/lib/micron.d/fff-fastd |   1 -
 .../fff/fff-vpn-select/files/usr/sbin/vpn-select   | 115 +++++++++++++--------
 4 files changed, 94 insertions(+), 62 deletions(-)
 delete mode 100644 src/packages/fff/fff-fastd/files/usr/lib/micron.d/fff-fastd

diff --git a/src/packages/fff/fff-fastd/Makefile b/src/packages/fff/fff-fastd/Makefile
index 5f093cb..8170009 100644
--- a/src/packages/fff/fff-fastd/Makefile
+++ b/src/packages/fff/fff-fastd/Makefile
@@ -18,7 +18,8 @@ define Package/fff-fastd
              + at FASTD_ENABLE_CIPHER_NULL \
              + at FASTD_WITH_STATUS_SOCKET \
              +fastd \
-             +fff-random
+             +fff-random \
+             +fff-hoods
 define Package/fff-fastd/description
diff --git a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
index 8ce8425..e1871cc 100644
--- a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
+++ b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
@@ -1,28 +1,27 @@
 /etc/init.d/fastd disable
-. /etc/community.cfg
 uci batch <<EOF
-  set fastd.${project}='fastd'
-  set fastd.${project}.enabled='1'
-  set fastd.${project}.config_peer_dir="/etc/fastd/${project}/peers"
-  set fastd.${project}.syslog_level='warn'
-  set fastd.${project}.method='null'
-  set fastd.${project}.mode='tap'
-  set fastd.${project}.interface="${project}VPN"
-  set fastd.${project}.mtu='1426'
-  set fastd.${project}.on_up="/etc/fastd/${project}/up.sh"
-  set fastd.${project}.secure_handshakes='0'
-  set fastd.${project}.secret="generate"
+  set fastd.FFF='fastd'
+  set fastd.FFF.enabled='1'
+  set fastd.FFF.config_peer_dir="/etc/fastd/FFF/peers"
+  set fastd.FFF.syslog_level='warn'
+  set fastd.FFF.method='null'
+  set fastd.FFF.mode='tap'
+  set fastd.FFF.interface="FFFVPN"
+  set fastd.FFF.mtu='1426'
+  set fastd.FFF.on_up="/etc/fastd/FFF/up.sh"
+  set fastd.FFF.secure_handshakes='0'
+  set fastd.FFF.secret="generate"
-[ ! -d /etc/fastd/${project} ] &&  mkdir -p /etc/fastd/${project}
-ln -s /tmp/fastd_${project}_peers /etc/fastd/${project}/peers
-echo "#!/bin/sh" > /etc/fastd/${project}/up.sh
-echo "ip link set up dev ${project}VPN" >> /etc/fastd/${project}/up.sh
-echo "echo enable > /sys/devices/virtual/net/${project}VPN/batman_adv/no_rebroadcast" >> /etc/fastd/${project}/up.sh
-echo "batctl if add ${project}VPN" >> /etc/fastd/${project}/up.sh
-chmod +x /etc/fastd/${project}/up.sh
+[ ! -d /etc/fastd/FFF ] &&  mkdir -p /etc/fastd/FFF
+ln -s /tmp/fastd_FFF_peers /etc/fastd/FFF/peers
+echo "#!/bin/sh" > /etc/fastd/FFF/up.sh
+echo "ip link set up dev FFFVPN" >> /etc/fastd/FFF/up.sh
+echo "echo enable > /sys/devices/virtual/net/FFFVPN/batman_adv/no_rebroadcast" >> /etc/fastd/FFF/up.sh
+echo "batctl if add FFFVPN" >> /etc/fastd/FFF/up.sh
+chmod +x /etc/fastd/FFF/up.sh
diff --git a/src/packages/fff/fff-fastd/files/usr/lib/micron.d/fff-fastd b/src/packages/fff/fff-fastd/files/usr/lib/micron.d/fff-fastd
deleted file mode 100644
index 9399c4f..0000000
--- a/src/packages/fff/fff-fastd/files/usr/lib/micron.d/fff-fastd
+++ /dev/null
@@ -1 +0,0 @@
-*/10 * * * * sleep $(/usr/bin/random 0 29); sh /usr/sbin/fastdstart
diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
index a0878c5..491e979 100755
--- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
+++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
@@ -1,40 +1,74 @@
+. /usr/share/libubox/jshn.sh
+. /usr/lib/validate_ip
 test -f /tmp/started || exit
+hood="$(uci get system. at system[0].hood)"
 make_config() {
-# remove old config
-rm /tmp/fastd_${project}_peers/*
-# get fastd peers
-pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable)
-wget -T15 "http://keyserver.freifunk-franken.de/${project}/geo.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/fastd_${project}_output
-filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_${project}_output)
-for file in $filecounts; do
-    awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_${project}_output | sed 's/ float;/;/g' > /etc/fastd/$project/peers/$file
-    echo 'float yes;' >> /etc/fastd/$project/peers/$file
+    # remove old config
+    >/etc/config/tunneldigger
+    rm -f /tmp/fastd_FFF_peers/*
+    rm -f /etc/fastd/FFF/peers/*
-    # ask for Broker and select the tunnel
-    IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/${project}/peers/$file)
-    if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then
-        # Gateway offers l2tp
-        FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/${project}/peers/$file)
-        L2PORT=$((FDPORT + 10000))
-        UUID=$hostname
+    json_load "$(cat /etc/hoods/$hood.hood)"
+    json_select vpn
+    local Index="1"
+    while json_select $Index > /dev/null
+    do
+        json_get_var protocol protocol
+        if [ "$protocol" == "fastd" ]
+        then
+            json_get_var servername name
+            echo "#name \"$servername\";" > /etc/fastd/FFF/peers/$servername
+            json_get_var key key
+            echo "key \"$key\";" >> /etc/fastd/FFF/peers/$servername
+            json_get_var address address
+            json_get_var port port
+            if valid_ip4 "$address"
+            then
+                echo "remote ipv4 \"$address\" port $port;" >> /etc/fastd/FFF/peers/$servername
+            elif valid_ip6 "$address"
+            then
+                echo "remote ipv6 \"$address\" port $port;" >> /etc/fastd/FFF/peers/$servername
+            else
+                echo "Invalid IP-Address provided!"
+                rm -f "/etc/fastd/FFF/peers/$servername"
+                json_select ".."
+                Index=$((Index+1))
+                continue
+            fi
+            echo "float yes;" >> /etc/fastd/FFF/peers/$servername
+        elif [ "$protocol" == "tunneldigger"]
+        then
+            json_get_var address address
+            if ! valid_ip4 "$address" && ! valid_ip6 "$address"
+            then
+                json_select ".."
+                Index=$((Index+1))
+                continue
+            fi
-        uci set tunneldigger.$count=broker
-        uci set tunneldigger.$count.address="$IP:$L2PORT"
-        uci set tunneldigger.$count.uuid="$UUID"
-        uci set tunneldigger.$count.interface="l2tp$count"
-        uci set tunneldigger.$count.enabled="1"
-        uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook'
-        uci commit tunneldigger
-        count=$((count + 1))
-        # remove this fastd-peer
-        rm /etc/fastd/${project}/peers/$file
-    fi
+            json_get_var port port
+            uci set tunneldigger.$Index=broker
+            uci set tunneldigger.$Index.address="$address:$port"
+            uci set tunneldigger.$Index.uuid="$hostname"
+            uci set tunneldigger.$Index.interface="l2tp$Index"
+            uci set tunneldigger.$Index.enabled="1"
+            uci set tunneldigger.$Index.hook_script='/etc/tunneldigger/tunneldigger.hook'
+            uci commit tunneldigger
+        else
+            echo "protocol $protocol is not supported by this script"
+            json_select ".."
+            Index=$((Index+1))
+            continue
+        fi
+        json_select ".."
+        Index=$((Index+1))
+    done
 # main
@@ -48,22 +82,18 @@ if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
    ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then
     # set some vars
-    . /etc/community.cfg
-    project="$VPN_PROJECT"
     mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
-    lat=$(uci get system. at system[0].latitude)
-    long=$(uci get system. at system[0].longitude)
     hostname=$(cat /proc/sys/kernel/hostname)
     [ "$hostname" = "OpenWrt" ] && hostname=""
     [ "$hostname" = "" ] &&  hostname="$mac"
-    if [ ! -d /tmp/fastd_${project}_peers ]; then
+    if [ ! -d /tmp/fastd_FFF_peers ]; then
         # first run after reboot
-        mkdir /tmp/fastd_${project}_peers
+        mkdir /tmp/fastd_FFF_peers
         # do we have a fastd secret
         if ! egrep "option secret '[0-9a-f]{64}'" /etc/config/fastd &>/dev/null; then
             secret=$(fastd --generate-key 2>&1 |  awk '/[Ss]ecret/ { print $2 }')
-            uci set fastd.${project}.secret="$secret"
+            uci set fastd.FFF.secret="$secret"
             uci commit fastd
@@ -78,11 +108,14 @@ if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
         /etc/init.d/fastd reload
         # fastd start/stop for various situations
-        if [ "$(ls /etc/fastd/${project}/peers/* 2>/dev/null)" ]; then
-            [ -d /proc/$(cat /tmp/run/fastd.${project}.pid) ] || /etc/init.d/fastd start
+        if [ "$(ls /etc/fastd/FFF/peers/* 2>/dev/null)" ]; then
+            [ -d /proc/$(cat /tmp/run/fastd.FFF.pid) ] || /etc/init.d/fastd start
-            [ -d /proc/$(cat /tmp/run/fastd.${project}.pid) ] && /etc/init.d/fastd stop
+            [ -d /proc/$(cat /tmp/run/fastd.FFF.pid) ] && /etc/init.d/fastd stop
+    echo "Der Router kann keine Verbindung zum VPN-Server aufbauen"
+    echo "$0 macht nichts!"
\ No newline at end of file

