Fwd: Re: [PATCH 3/4] Add package fff-vpn-select
mayosemmel
mayosemmel at googlemail.com
Mi Jun 29 19:09:53 CEST 2016
Da wir da vermutlich eh nochmal Änderungen vornehmen müssen, wenn der
dexKeyEx kommt und das mit dem md5 kein Weltuntergang ist:
Reviewed-by: Jan Kraus <mayosemmel at gmail.com>
(bitte nur im ganzen Set applien)
Am Montag, den 27.06.2016, 22:04 +0200 schrieb Robert Langhammer:
>
>
>
> -------- Weitergeleitete Nachricht --------
> Betreff:
> Re: [PATCH 3/4] Add package
> fff-vpn-select
> Datum:
> Mon, 27 Jun 2016 20:36:05 +0200
> Von:
> Robert Langhammer
> <rlanghammer at web.de>
> An:
> mayosemmel
> <mayosemmel at googlemail.com>
>
>
> Hi,
>
> s. u.
>
> Am 27.06.2016 um 18:44 schrieb mayosemmel:
> > Am Sonntag, den 26.06.2016, 23:23 +0200 schrieb Robert Langhammer:
> >> Signed-off-by: Robert Langhammer <rlanghammer at web.de>
> >> ---
> >> src/packages/fff/fff-vpn-select/Makefile | 41 +++++++++++
> >> .../files/etc/hotplug.d/iface/50-vpn-select | 6 ++
> >> .../files/usr/lib/micron.d/vpn-select | 1 +
> >> .../fff/fff-vpn-select/files/usr/sbin/vpn-select | 80 ++++++++++++++++++++++
> >> 4 files changed, 128 insertions(+)
> >> create mode 100644 src/packages/fff/fff-vpn-select/Makefile
> >> create mode 100755 src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
> >> create mode 100644 src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
> >> create mode 100755 src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> >>
> >> diff --git a/src/packages/fff/fff-vpn-select/Makefile b/src/packages/fff/fff-vpn-select/Makefile
> >> new file mode 100644
> >> index 0000000..30d9cc1
> >> --- /dev/null
> >> +++ b/src/packages/fff/fff-vpn-select/Makefile
> >> @@ -0,0 +1,41 @@
> >> +include $(TOPDIR)/rules.mk
> >> +
> >> +PKG_NAME:=fff-vpn-select
> >> +PKG_VERSION:=1
> >> +PKG_RELEASE:=1
> >> +
> >> +PKG_BUILD_DIR:=$(BUILD_DIR)/fff-vpn-select
> >> +
> >> +include $(INCLUDE_DIR)/package.mk
> >> +
> >> +define Package/fff-vpn-select
> >> + SECTION:=base
> >> + CATEGORY:=Freifunk
> >> + TITLE:= Freifunk-Franken vpn-select
> >> + URL:=http://www.freifunk-franken.de
> >> + DEPENDS:=+fff-tunneldigger \
> >> + +fff-fastd
> >> +endef
> >> +
> >> +define Package/fff-vpn-select/description
> >> + Thie package selects and starts the VPN
> >> + In this version fastd and l2tp via tunneldigger
> >> +endef
> >> +
> >> +define Build/Prepare
> >> + echo "all: " > $(PKG_BUILD_DIR)/Makefile
> >> +endef
> >> +
> >> +define Build/Configure
> >> + # nothing
> >> +endef
> >> +
> >> +define Build/Compile
> >> + # nothing
> >> +endef
> >> +
> >> +define Package/fff-vpn-select/install
> >> + $(CP) ./files/* $(1)/
> >> +endef
> >> +
> >> +$(eval $(call BuildPackage,fff-vpn-select))
> >> diff --git a/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
> >> new file mode 100755
> >> index 0000000..16d9853
> >> --- /dev/null
> >> +++ b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
> >> @@ -0,0 +1,6 @@
> >> +#!/bin/sh
> >> +[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && {
> >> + sleep 3
> >> + /usr/sbin/vpn-select
> >> +}
> >> +
> >> diff --git a/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
> >> new file mode 100644
> >> index 0000000..dc20486
> >> --- /dev/null
> >> +++ b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
> >> @@ -0,0 +1 @@
> >> +*/5 * * * * sleep $(/usr/bin/random 0 29); sh /usr/sbin/vpn-select
> >> diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> >> new file mode 100755
> >> index 0000000..165c584
> >> --- /dev/null
> >> +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> >> @@ -0,0 +1,80 @@
> >> +#!/bin/sh
> >> +
> >> +test -f /tmp/started || exit
> >> +
> >> +make_config() {
> >> +# remove old config
> >> +>etc/config/tunneldigger
> > Hier nochmal das selbe. Wenn wir es unten per uci konfigurieren, sollten
> > wir es hier auch per uci löschen.
> >> +rm /tmp/fastd_${project}_peers/*
> >> +count=0
> >> +# get fastd peers
> >> +pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable)
> >> +wget -T15 "http://keyserver.freifunk-franken.de/${project}/geo.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/fastd_${project}_output
> >> +filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_${project}_output)
> >> +for file in $filecounts; do
> >> + awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_${project}_output | sed 's/ float;/;/g' > /etc/fastd/$project/peers/$file
> >> + echo 'float yes;' >> /etc/fastd/$project/peers/$file
> >> +
> >> + # ask for Broker and select the tunnel
> >> + IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/${project}/peers/$file)
> >> + if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then
> >> + # Gateway offers l2tp
> >> + FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/${project}/peers/$file)
> >> + L2PORT=$((FDPORT + 10000))
> >> + UUID=_$hostname
> >> +
> >> + uci set tunneldigger.$count=broker
> >> + uci set tunneldigger.$count.address="$IP:$L2PORT"
> >> + uci set tunneldigger.$count.uuid="$UUID"
> >> + uci set tunneldigger.$count.interface="l2tp$count"
> >> + uci set tunneldigger.$count.enabled="1"
> >> + uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook'
> >> + uci commit tunneldigger
> >> + count=$((count + 1))
> >> + # remove this fastd-peer
> >> + rm /etc/fastd/${project}/peers/$file
> >> + fi
> >> +done
> >> +}
> >> +
> >> +# main
> >> +test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken keyserver
> >> +test_ipv4_host2="8.8.8.8" # Google DNS
> >> +test_ipv6_host1="heise.de" # heise Zeitschriftenverlag
> >> +
> >> +# Only do something when the router has internet connection
> >> +if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
> >> + ping -w5 -c3 "$test_ipv4_host2" &>/dev/null ||
> >> + ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then
> >> +
> >> + #set some vars
> >> + . /etc/community.cfg
> >> + project="$VPN_PROJECT"
> >> + mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
> >> + lat=$(uci get system. at system[0].latitude)
> >> + long=$(uci get system. at system[0].longitude)
> >> + hostname=$(cat /proc/sys/kernel/hostname)
> >> + [ "$hostname" = "OpenWrt" ] && hostname=""
> >> + [ "$hostname" = "" ] && hostname="$mac"
> >> +
> >> + if [ ! -d /tmp/fastd_${project}_peers ]; then
> >> + # first run after reboot
> >> + mkdir /tmp/fastd_${project}_peers
> >> + # do we have a fastd secret
> >> + if [ "$(uci get fastd.${project}.secret)" = "generate" -o -z "$(uci get fastd.${project}.secret)" ]; then
> >> + secret=$(fastd --generate-key 2>&1 | awk '/[Ss]ecret/ { print $2 }')
> >> + uci set fastd.${project}.secret="$secret"
> >> + uci commit fastd
> >> + fi
> >> + make_config
> >> + /etc/init.d/fastd start
> >> + /etc/init.d/tunneldigger start
> >> + else
> >> + # check if new tunneldigger conf is different
> >> + md5old=$(md5sum /etc/config/tunneldigger | cut -f1 -d" ")
> >> + make_config
> >> + md5new=$(md5sum /etc/config/tunneldigger | cut -f1 -d" ")
> > Da wir ja mittlerweile auch SHA256 haben, sollten wir das hier eventuell
> > benutzen. Dann können wir md5 irgendwann rausschmeißen.
> >> + [ "$md5new" != "$md5old" ] && /etc/init.d/tunneldigger restart
> > Gibt es an der Stelle einen Verbindungsabbruch?
> Ja, init.d/tunneldigger kann kein unterbrechungsfreies reload, darum nur
> einen Restart machen, wenn sich was geändert hat. Wenn da jemand eine
> schönere Lösung hat, her damit!! Wenn dann der dezkeyex kommt sollte man
> einen timestamp oder sowas einbauen, damit man merkt, wenn sich was
> geändert hat. Dann braucht man das nicht mehr.
>
> Danke schon mal fürs drüber schauen
>
> Robert
>
> > Grüße Jan
> >> + /etc/init.d/fastd reload
> >> + fi
> >> +fi
> >> --
> >> 2.8.0.rc3
> >>
>
>
>
>
>
>
> --
> franken-dev mailing list
> franken-dev at freifunk.net
> http://lists.freifunk.net/mailman/listinfo/franken-dev-freifunk.net
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : signature.asc
Dateityp : application/pgp-signature
Dateigröße : 473 bytes
Beschreibung: This is a digitally signed message part
URL : <http://lists.freifunk.net/pipermail/franken-dev-freifunk.net/attachments/20160629/e690d5b9/attachment.sig>
Mehr Informationen über die Mailingliste franken-dev