Fwd: Re: [PATCH 3/4] Add package fff-vpn-select

Robert Langhammer rlanghammer at web.de
Mo Jun 27 22:04:12 CEST 2016 



-------- Weitergeleitete Nachricht --------
Betreff: 	Re: [PATCH 3/4] Add package fff-vpn-select
Datum: 	Mon, 27 Jun 2016 20:36:05 +0200
Von: 	Robert Langhammer <rlanghammer at web.de>
An: 	mayosemmel <mayosemmel at googlemail.com>



Hi,

s. u.

Am 27.06.2016 um 18:44 schrieb mayosemmel:
> Am Sonntag, den 26.06.2016, 23:23 +0200 schrieb Robert Langhammer:
>> Signed-off-by: Robert Langhammer <rlanghammer at web.de>
>> ---
>>  src/packages/fff/fff-vpn-select/Makefile           | 41 +++++++++++
>>  .../files/etc/hotplug.d/iface/50-vpn-select        |  6 ++
>>  .../files/usr/lib/micron.d/vpn-select              |  1 +
>>  .../fff/fff-vpn-select/files/usr/sbin/vpn-select   | 80 ++++++++++++++++++++++
>>  4 files changed, 128 insertions(+)
>>  create mode 100644 src/packages/fff/fff-vpn-select/Makefile
>>  create mode 100755 src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
>>  create mode 100644 src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
>>  create mode 100755 src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
>>
>> diff --git a/src/packages/fff/fff-vpn-select/Makefile b/src/packages/fff/fff-vpn-select/Makefile
>> new file mode 100644
>> index 0000000..30d9cc1
>> --- /dev/null
>> +++ b/src/packages/fff/fff-vpn-select/Makefile
>> @@ -0,0 +1,41 @@
>> +include $(TOPDIR)/rules.mk
>> +
>> +PKG_NAME:=fff-vpn-select
>> +PKG_VERSION:=1
>> +PKG_RELEASE:=1
>> +
>> +PKG_BUILD_DIR:=$(BUILD_DIR)/fff-vpn-select
>> +
>> +include $(INCLUDE_DIR)/package.mk
>> +
>> +define Package/fff-vpn-select
>> +    SECTION:=base
>> +    CATEGORY:=Freifunk
>> +    TITLE:= Freifunk-Franken vpn-select
>> +    URL:=http://www.freifunk-franken.de
>> +    DEPENDS:=+fff-tunneldigger \
>> +             +fff-fastd
>> +endef
>> +
>> +define Package/fff-vpn-select/description
>> +    Thie package selects and starts the VPN 
>> +    In this version fastd and l2tp via tunneldigger
>> +endef
>> +
>> +define Build/Prepare
>> +       echo "all: " > $(PKG_BUILD_DIR)/Makefile
>> +endef
>> +
>> +define Build/Configure
>> +       # nothing
>> +endef
>> +
>> +define Build/Compile
>> +       # nothing
>> +endef
>> +
>> +define Package/fff-vpn-select/install
>> +       $(CP) ./files/* $(1)/
>> +endef
>> +
>> +$(eval $(call BuildPackage,fff-vpn-select))
>> diff --git a/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
>> new file mode 100755
>> index 0000000..16d9853
>> --- /dev/null
>> +++ b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
>> @@ -0,0 +1,6 @@
>> +#!/bin/sh 
>> +[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && {
>> +       sleep 3
>> +       /usr/sbin/vpn-select
>> +}
>> +
>> diff --git a/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
>> new file mode 100644
>> index 0000000..dc20486
>> --- /dev/null
>> +++ b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
>> @@ -0,0 +1 @@
>> +*/5 * * * * sleep $(/usr/bin/random 0 29); sh /usr/sbin/vpn-select
>> diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
>> new file mode 100755
>> index 0000000..165c584
>> --- /dev/null
>> +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
>> @@ -0,0 +1,80 @@
>> +#!/bin/sh
>> +
>> +test -f /tmp/started || exit
>> +
>> +make_config() {
>> +# remove old config
>> +>etc/config/tunneldigger
> Hier nochmal das selbe. Wenn wir es unten per uci konfigurieren, sollten
> wir es hier auch per uci löschen.
>> +rm /tmp/fastd_${project}_peers/*
>> +count=0
>> +# get fastd peers
>> +pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable)
>> +wget -T15 "http://keyserver.freifunk-franken.de/${project}/geo.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/fastd_${project}_output
>> +filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_${project}_output)
>> +for file in $filecounts; do
>> +    awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_${project}_output | sed 's/ float;/;/g' > /etc/fastd/$project/peers/$file
>> +    echo 'float yes;' >> /etc/fastd/$project/peers/$file
>> +
>> +    # ask for Broker and select the tunnel
>> +    IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/${project}/peers/$file)
>> +    if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then
>> +        # Gateway offers l2tp
>> +        FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/${project}/peers/$file)
>> +        L2PORT=$((FDPORT + 10000))
>> +        UUID=_$hostname
>> +
>> +        uci set tunneldigger.$count=broker
>> +        uci set tunneldigger.$count.address="$IP:$L2PORT"
>> +        uci set tunneldigger.$count.uuid="$UUID"
>> +        uci set tunneldigger.$count.interface="l2tp$count"
>> +        uci set tunneldigger.$count.enabled="1"
>> +        uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook'
>> +        uci commit tunneldigger
>> +        count=$((count + 1))
>> +        # remove this fastd-peer
>> +        rm /etc/fastd/${project}/peers/$file
>> +    fi
>> +done
>> +}
>> +
>> +# main
>> +test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken keyserver
>> +test_ipv4_host2="8.8.8.8"        # Google DNS
>> +test_ipv6_host1="heise.de"       # heise Zeitschriftenverlag
>> +
>> +# Only do something when the router has internet connection
>> +if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
>> +   ping -w5 -c3 "$test_ipv4_host2" &>/dev/null ||
>> +   ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then
>> +
>> +    #set some vars
>> +    . /etc/community.cfg
>> +    project="$VPN_PROJECT"
>> +    mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
>> +    lat=$(uci get system. at system[0].latitude)
>> +    long=$(uci get system. at system[0].longitude)
>> +    hostname=$(cat /proc/sys/kernel/hostname)
>> +    [ "$hostname" = "OpenWrt" ] && hostname=""
>> +    [ "$hostname" = "" ] &&  hostname="$mac"
>> +
>> +    if [ ! -d /tmp/fastd_${project}_peers ]; then
>> +        # first run after reboot
>> +        mkdir /tmp/fastd_${project}_peers
>> +        # do we have a fastd secret
>> +        if [ "$(uci get fastd.${project}.secret)" = "generate" -o -z "$(uci get fastd.${project}.secret)" ]; then
>> +            secret=$(fastd --generate-key 2>&1 |  awk '/[Ss]ecret/ { print $2 }')
>> +            uci set fastd.${project}.secret="$secret"
>> +            uci commit fastd
>> +        fi
>> +        make_config
>> +        /etc/init.d/fastd start
>> +        /etc/init.d/tunneldigger start
>> +    else
>> +        # check if new tunneldigger conf is different
>> +        md5old=$(md5sum /etc/config/tunneldigger | cut -f1 -d" ")
>> +        make_config
>> +        md5new=$(md5sum /etc/config/tunneldigger | cut -f1 -d" ")
> Da wir ja mittlerweile auch SHA256 haben, sollten wir das hier eventuell
> benutzen. Dann können wir md5 irgendwann rausschmeißen.
>> +        [ "$md5new" != "$md5old" ] && /etc/init.d/tunneldigger restart
> Gibt es an der Stelle einen Verbindungsabbruch?
Ja, init.d/tunneldigger kann kein unterbrechungsfreies reload, darum nur
einen Restart machen, wenn sich was geändert hat. Wenn da jemand eine
schönere Lösung hat, her damit!! Wenn dann der dezkeyex kommt sollte man
einen timestamp oder sowas einbauen, damit man merkt, wenn sich was
geändert hat. Dann braucht man das nicht mehr.

Danke schon mal fürs drüber schauen

Robert

> Grüße Jan
>> +        /etc/init.d/fastd reload
>> +    fi
>> +fi
>> -- 
>> 2.8.0.rc3
>>





-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <http://lists.freifunk.net/pipermail/franken-dev-freifunk.net/attachments/20160627/59d27e0c/attachment.html>

Mehr Informationen über die Mailingliste franken-dev