[PATCH 3/4] Add package fff-vpn-select
Robert Langhammer
rlanghammer at web.de
So Jun 26 23:23:13 CEST 2016
Signed-off-by: Robert Langhammer <rlanghammer at web.de>
---
src/packages/fff/fff-vpn-select/Makefile | 41 +++++++++++
.../files/etc/hotplug.d/iface/50-vpn-select | 6 ++
.../files/usr/lib/micron.d/vpn-select | 1 +
.../fff/fff-vpn-select/files/usr/sbin/vpn-select | 80 ++++++++++++++++++++++
4 files changed, 128 insertions(+)
create mode 100644 src/packages/fff/fff-vpn-select/Makefile
create mode 100755 src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
create mode 100644 src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
create mode 100755 src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
diff --git a/src/packages/fff/fff-vpn-select/Makefile b/src/packages/fff/fff-vpn-select/Makefile
new file mode 100644
index 0000000..30d9cc1
--- /dev/null
+++ b/src/packages/fff/fff-vpn-select/Makefile
@@ -0,0 +1,41 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fff-vpn-select
+PKG_VERSION:=1
+PKG_RELEASE:=1
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/fff-vpn-select
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/fff-vpn-select
+ SECTION:=base
+ CATEGORY:=Freifunk
+ TITLE:= Freifunk-Franken vpn-select
+ URL:=http://www.freifunk-franken.de
+ DEPENDS:=+fff-tunneldigger \
+ +fff-fastd
+endef
+
+define Package/fff-vpn-select/description
+ Thie package selects and starts the VPN
+ In this version fastd and l2tp via tunneldigger
+endef
+
+define Build/Prepare
+ echo "all: " > $(PKG_BUILD_DIR)/Makefile
+endef
+
+define Build/Configure
+ # nothing
+endef
+
+define Build/Compile
+ # nothing
+endef
+
+define Package/fff-vpn-select/install
+ $(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,fff-vpn-select))
diff --git a/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
new file mode 100755
index 0000000..16d9853
--- /dev/null
+++ b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
@@ -0,0 +1,6 @@
+#!/bin/sh
+[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && {
+ sleep 3
+ /usr/sbin/vpn-select
+}
+
diff --git a/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
new file mode 100644
index 0000000..dc20486
--- /dev/null
+++ b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
@@ -0,0 +1 @@
+*/5 * * * * sleep $(/usr/bin/random 0 29); sh /usr/sbin/vpn-select
diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
new file mode 100755
index 0000000..165c584
--- /dev/null
+++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
@@ -0,0 +1,80 @@
+#!/bin/sh
+
+test -f /tmp/started || exit
+
+make_config() {
+# remove old config
+>etc/config/tunneldigger
+rm /tmp/fastd_${project}_peers/*
+count=0
+# get fastd peers
+pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable)
+wget -T15 "http://keyserver.freifunk-franken.de/${project}/geo.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/fastd_${project}_output
+filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_${project}_output)
+for file in $filecounts; do
+ awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_${project}_output | sed 's/ float;/;/g' > /etc/fastd/$project/peers/$file
+ echo 'float yes;' >> /etc/fastd/$project/peers/$file
+
+ # ask for Broker and select the tunnel
+ IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/${project}/peers/$file)
+ if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then
+ # Gateway offers l2tp
+ FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/${project}/peers/$file)
+ L2PORT=$((FDPORT + 10000))
+ UUID=_$hostname
+
+ uci set tunneldigger.$count=broker
+ uci set tunneldigger.$count.address="$IP:$L2PORT"
+ uci set tunneldigger.$count.uuid="$UUID"
+ uci set tunneldigger.$count.interface="l2tp$count"
+ uci set tunneldigger.$count.enabled="1"
+ uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook'
+ uci commit tunneldigger
+ count=$((count + 1))
+ # remove this fastd-peer
+ rm /etc/fastd/${project}/peers/$file
+ fi
+done
+}
+
+# main
+test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken keyserver
+test_ipv4_host2="8.8.8.8" # Google DNS
+test_ipv6_host1="heise.de" # heise Zeitschriftenverlag
+
+# Only do something when the router has internet connection
+if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
+ ping -w5 -c3 "$test_ipv4_host2" &>/dev/null ||
+ ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then
+
+ #set some vars
+ . /etc/community.cfg
+ project="$VPN_PROJECT"
+ mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
+ lat=$(uci get system. at system[0].latitude)
+ long=$(uci get system. at system[0].longitude)
+ hostname=$(cat /proc/sys/kernel/hostname)
+ [ "$hostname" = "OpenWrt" ] && hostname=""
+ [ "$hostname" = "" ] && hostname="$mac"
+
+ if [ ! -d /tmp/fastd_${project}_peers ]; then
+ # first run after reboot
+ mkdir /tmp/fastd_${project}_peers
+ # do we have a fastd secret
+ if [ "$(uci get fastd.${project}.secret)" = "generate" -o -z "$(uci get fastd.${project}.secret)" ]; then
+ secret=$(fastd --generate-key 2>&1 | awk '/[Ss]ecret/ { print $2 }')
+ uci set fastd.${project}.secret="$secret"
+ uci commit fastd
+ fi
+ make_config
+ /etc/init.d/fastd start
+ /etc/init.d/tunneldigger start
+ else
+ # check if new tunneldigger conf is different
+ md5old=$(md5sum /etc/config/tunneldigger | cut -f1 -d" ")
+ make_config
+ md5new=$(md5sum /etc/config/tunneldigger | cut -f1 -d" ")
+ [ "$md5new" != "$md5old" ] && /etc/init.d/tunneldigger restart
+ /etc/init.d/fastd reload
+ fi
+fi
--
2.8.0.rc3
Mehr Informationen über die Mailingliste franken-dev