Fwd: Re: [PATCH 3/4] Add package fff-vpn-select

mayosemmel mayosemmel at googlemail.com
Mi Jun 29 19:09:53 CEST 2016 

Da wir da vermutlich eh nochmal Änderungen vornehmen müssen, wenn der
dexKeyEx kommt und das mit dem md5 kein Weltuntergang ist:
Reviewed-by: Jan Kraus <mayosemmel at gmail.com>
(bitte nur im ganzen Set applien)
Am Montag, den 27.06.2016, 22:04 +0200 schrieb Robert Langhammer:
> 
> 
> 
> -------- Weitergeleitete Nachricht -------- 
>                           Betreff: 
> Re: [PATCH 3/4] Add package
> fff-vpn-select
>                             Datum: 
> Mon, 27 Jun 2016 20:36:05 +0200
>                               Von: 
> Robert Langhammer
> <rlanghammer at web.de>
>                                An: 
> mayosemmel
> <mayosemmel at googlemail.com>
> 
> 
> Hi,
> 
> s. u.
> 
> Am 27.06.2016 um 18:44 schrieb mayosemmel:
> > Am Sonntag, den 26.06.2016, 23:23 +0200 schrieb Robert Langhammer:
> >> Signed-off-by: Robert Langhammer <rlanghammer at web.de>
> >> ---
> >>  src/packages/fff/fff-vpn-select/Makefile           | 41 +++++++++++
> >>  .../files/etc/hotplug.d/iface/50-vpn-select        |  6 ++
> >>  .../files/usr/lib/micron.d/vpn-select              |  1 +
> >>  .../fff/fff-vpn-select/files/usr/sbin/vpn-select   | 80 ++++++++++++++++++++++
> >>  4 files changed, 128 insertions(+)
> >>  create mode 100644 src/packages/fff/fff-vpn-select/Makefile
> >>  create mode 100755 src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
> >>  create mode 100644 src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
> >>  create mode 100755 src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> >>
> >> diff --git a/src/packages/fff/fff-vpn-select/Makefile b/src/packages/fff/fff-vpn-select/Makefile
> >> new file mode 100644
> >> index 0000000..30d9cc1
> >> --- /dev/null
> >> +++ b/src/packages/fff/fff-vpn-select/Makefile
> >> @@ -0,0 +1,41 @@
> >> +include $(TOPDIR)/rules.mk
> >> +
> >> +PKG_NAME:=fff-vpn-select
> >> +PKG_VERSION:=1
> >> +PKG_RELEASE:=1
> >> +
> >> +PKG_BUILD_DIR:=$(BUILD_DIR)/fff-vpn-select
> >> +
> >> +include $(INCLUDE_DIR)/package.mk
> >> +
> >> +define Package/fff-vpn-select
> >> +    SECTION:=base
> >> +    CATEGORY:=Freifunk
> >> +    TITLE:= Freifunk-Franken vpn-select
> >> +    URL:=http://www.freifunk-franken.de
> >> +    DEPENDS:=+fff-tunneldigger \
> >> +             +fff-fastd
> >> +endef
> >> +
> >> +define Package/fff-vpn-select/description
> >> +    Thie package selects and starts the VPN 
> >> +    In this version fastd and l2tp via tunneldigger
> >> +endef
> >> +
> >> +define Build/Prepare
> >> +       echo "all: " > $(PKG_BUILD_DIR)/Makefile
> >> +endef
> >> +
> >> +define Build/Configure
> >> +       # nothing
> >> +endef
> >> +
> >> +define Build/Compile
> >> +       # nothing
> >> +endef
> >> +
> >> +define Package/fff-vpn-select/install
> >> +       $(CP) ./files/* $(1)/
> >> +endef
> >> +
> >> +$(eval $(call BuildPackage,fff-vpn-select))
> >> diff --git a/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
> >> new file mode 100755
> >> index 0000000..16d9853
> >> --- /dev/null
> >> +++ b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
> >> @@ -0,0 +1,6 @@
> >> +#!/bin/sh 
> >> +[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && {
> >> +       sleep 3
> >> +       /usr/sbin/vpn-select
> >> +}
> >> +
> >> diff --git a/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
> >> new file mode 100644
> >> index 0000000..dc20486
> >> --- /dev/null
> >> +++ b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
> >> @@ -0,0 +1 @@
> >> +*/5 * * * * sleep $(/usr/bin/random 0 29); sh /usr/sbin/vpn-select
> >> diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> >> new file mode 100755
> >> index 0000000..165c584
> >> --- /dev/null
> >> +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> >> @@ -0,0 +1,80 @@
> >> +#!/bin/sh
> >> +
> >> +test -f /tmp/started || exit
> >> +
> >> +make_config() {
> >> +# remove old config
> >> +>etc/config/tunneldigger
> > Hier nochmal das selbe. Wenn wir es unten per uci konfigurieren, sollten
> > wir es hier auch per uci löschen.
> >> +rm /tmp/fastd_${project}_peers/*
> >> +count=0
> >> +# get fastd peers
> >> +pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable)
> >> +wget -T15 "http://keyserver.freifunk-franken.de/${project}/geo.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/fastd_${project}_output
> >> +filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_${project}_output)
> >> +for file in $filecounts; do
> >> +    awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_${project}_output | sed 's/ float;/;/g' > /etc/fastd/$project/peers/$file
> >> +    echo 'float yes;' >> /etc/fastd/$project/peers/$file
> >> +
> >> +    # ask for Broker and select the tunnel
> >> +    IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/${project}/peers/$file)
> >> +    if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then
> >> +        # Gateway offers l2tp
> >> +        FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/${project}/peers/$file)
> >> +        L2PORT=$((FDPORT + 10000))
> >> +        UUID=_$hostname
> >> +
> >> +        uci set tunneldigger.$count=broker
> >> +        uci set tunneldigger.$count.address="$IP:$L2PORT"
> >> +        uci set tunneldigger.$count.uuid="$UUID"
> >> +        uci set tunneldigger.$count.interface="l2tp$count"
> >> +        uci set tunneldigger.$count.enabled="1"
> >> +        uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook'
> >> +        uci commit tunneldigger
> >> +        count=$((count + 1))
> >> +        # remove this fastd-peer
> >> +        rm /etc/fastd/${project}/peers/$file
> >> +    fi
> >> +done
> >> +}
> >> +
> >> +# main
> >> +test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken keyserver
> >> +test_ipv4_host2="8.8.8.8"        # Google DNS
> >> +test_ipv6_host1="heise.de"       # heise Zeitschriftenverlag
> >> +
> >> +# Only do something when the router has internet connection
> >> +if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
> >> +   ping -w5 -c3 "$test_ipv4_host2" &>/dev/null ||
> >> +   ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then
> >> +
> >> +    #set some vars
> >> +    . /etc/community.cfg
> >> +    project="$VPN_PROJECT"
> >> +    mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
> >> +    lat=$(uci get system. at system[0].latitude)
> >> +    long=$(uci get system. at system[0].longitude)
> >> +    hostname=$(cat /proc/sys/kernel/hostname)
> >> +    [ "$hostname" = "OpenWrt" ] && hostname=""
> >> +    [ "$hostname" = "" ] &&  hostname="$mac"
> >> +
> >> +    if [ ! -d /tmp/fastd_${project}_peers ]; then
> >> +        # first run after reboot
> >> +        mkdir /tmp/fastd_${project}_peers
> >> +        # do we have a fastd secret
> >> +        if [ "$(uci get fastd.${project}.secret)" = "generate" -o -z "$(uci get fastd.${project}.secret)" ]; then
> >> +            secret=$(fastd --generate-key 2>&1 |  awk '/[Ss]ecret/ { print $2 }')
> >> +            uci set fastd.${project}.secret="$secret"
> >> +            uci commit fastd
> >> +        fi
> >> +        make_config
> >> +        /etc/init.d/fastd start
> >> +        /etc/init.d/tunneldigger start
> >> +    else
> >> +        # check if new tunneldigger conf is different
> >> +        md5old=$(md5sum /etc/config/tunneldigger | cut -f1 -d" ")
> >> +        make_config
> >> +        md5new=$(md5sum /etc/config/tunneldigger | cut -f1 -d" ")
> > Da wir ja mittlerweile auch SHA256 haben, sollten wir das hier eventuell
> > benutzen. Dann können wir md5 irgendwann rausschmeißen.
> >> +        [ "$md5new" != "$md5old" ] && /etc/init.d/tunneldigger restart
> > Gibt es an der Stelle einen Verbindungsabbruch?
> Ja, init.d/tunneldigger kann kein unterbrechungsfreies reload, darum nur
> einen Restart machen, wenn sich was geändert hat. Wenn da jemand eine
> schönere Lösung hat, her damit!! Wenn dann der dezkeyex kommt sollte man
> einen timestamp oder sowas einbauen, damit man merkt, wenn sich was
> geändert hat. Dann braucht man das nicht mehr.
> 
> Danke schon mal fürs drüber schauen
> 
> Robert
> 
> > Grüße Jan
> >> +        /etc/init.d/fastd reload
> >> +    fi
> >> +fi
> >> -- 
> >> 2.8.0.rc3
> >>
> 
> 
> 
> 
> 
> 
> -- 
> franken-dev mailing list
> franken-dev at freifunk.net
> http://lists.freifunk.net/mailman/listinfo/franken-dev-freifunk.net

-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : signature.asc
Dateityp    : application/pgp-signature
Dateigröße  : 473 bytes
Beschreibung: This is a digitally signed message part
URL         : <http://lists.freifunk.net/pipermail/franken-dev-freifunk.net/attachments/20160629/e690d5b9/attachment.sig>

Mehr Informationen über die Mailingliste franken-dev