[PATCH v14 3/6] Reconfigure vpn-select for keyxchangev2

Adrian Schmutzler freifunk at adrianschmutzler.de
Di Okt 3 15:18:33 CEST 2017


From: Christian Dresel <fff at chrisi01.de>

we need some little changes and copy some things to fff-hood later

Signed-off-by: Christian Dresel <fff at chrisi01.de>
Signed-off-by: Adrian Schmutzler <freifunk at adrianschmutzler.de>

Update in v6:
 - remove /etc/community.cfg variables
 - remove load lat/lon from uci system

Update in v7:
 - make main if smaller, only check if file greater 0 byte, no ping anymore

Update in v8:
 - rebased on empty-pid-file patch (Adrian)

Update in v9:
 - rebase onto 20170918-beta

Update in v10:
 - Removed useless pubkey
 - Reintroduced mac variable for hostname rewrite
---
 .../files/etc/hotplug.d/iface/50-vpn-select        |  6 ---
 .../files/usr/lib/micron.d/vpn-select              |  1 -
 .../fff/fff-vpn-select/files/usr/sbin/vpn-select   | 47 +++++++---------------
 3 files changed, 15 insertions(+), 39 deletions(-)
 delete mode 100755 src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
 delete mode 100644 src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select

diff --git a/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
deleted file mode 100755
index 16d9853..0000000
--- a/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/sh 
-[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && {
-       sleep 3
-       /usr/sbin/vpn-select
-}
-
diff --git a/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
deleted file mode 100644
index dc20486..0000000
--- a/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
+++ /dev/null
@@ -1 +0,0 @@
-*/5 * * * * sleep $(/usr/bin/random 0 29); sh /usr/sbin/vpn-select
diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
index 3859817..bb4c933 100755
--- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
+++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
@@ -5,21 +5,19 @@ test -f /tmp/started || exit
 make_config() {
 # remove old config
 >/etc/config/tunneldigger
-rm /tmp/fastd_${project}_peers/*
+rm /tmp/fastd_fff_peers/*
 count=0
 # get fastd peers
-pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable)
-wget -T15 "http://keyserver.freifunk-franken.de/${project}/geo.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/fastd_${project}_output
-filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_${project}_output)
+filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_fff_output)
 for file in $filecounts; do
-    awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_${project}_output | sed 's/ float;/;/g' > /etc/fastd/$project/peers/$file
-    echo 'float yes;' >> /etc/fastd/$project/peers/$file
+    awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_fff_output | sed 's/ float;/;/g' > /etc/fastd/fff/peers/$file
+    echo 'float yes;' >> /etc/fastd/fff/peers/$file
 
     # ask for Broker and select the tunnel
-    IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/${project}/peers/$file)
+    IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/fff/peers/$file)
     if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then
         # Gateway offers l2tp
-        FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/${project}/peers/$file)
+        FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/fff/peers/$file)
         L2PORT=$((FDPORT + 10000))
         UUID=$hostname
 
@@ -32,43 +30,28 @@ for file in $filecounts; do
         uci -c /tmp commit tunneldigger
         count=$((count + 1))
         # remove this fastd-peer
-        rm /etc/fastd/${project}/peers/$file
+        rm /etc/fastd/fff/peers/$file
     fi
 done
 }
 
 # main
-test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken keyserver
-test_ipv4_host2="8.8.8.8"        # Google DNS
-test_ipv6_host1="heise.de"       # heise Zeitschriftenverlag
 
-# Only do something when the router has internet connection
-if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
-   ping -w5 -c3 "$test_ipv4_host2" &>/dev/null ||
-   ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then
+# Only do something when file is here and greater 0 byte
+if [ -s /tmp/fastd_fff_output ]; then
 
     # set some vars
-    . /etc/community.cfg
-    project="$VPN_PROJECT"
-    mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
-    lat=$(uci get system. at system[0].latitude)
-    long=$(uci get system. at system[0].longitude)
     hostname=$(cat /proc/sys/kernel/hostname)
+    mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
     [ "$hostname" = "OpenWrt" ] && hostname=""
     [ "$hostname" = "" ] &&  hostname="$mac"
 
-    if [ ! -d /tmp/fastd_${project}_peers ]; then
+    if [ ! -d /tmp/fastd_fff_peers ]; then
         # first run after reboot
-        mkdir /tmp/fastd_${project}_peers
-        # do we have a fastd secret
-        if ! egrep "option secret '[0-9a-f]{64}'" /etc/config/fastd &>/dev/null; then
-            secret=$(fastd --generate-key 2>&1 |  awk '/[Ss]ecret/ { print $2 }')
-            uci set fastd.${project}.secret="$secret"
-            uci commit fastd
-        fi
+        mkdir /tmp/fastd_fff_peers
         make_config
         # start fastd only if there are some peers left
-        [ "$(ls /etc/fastd/${project}/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start
+        [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start
         /etc/init.d/tunneldigger start
     else
         # check if new tunneldigger conf is different
@@ -79,8 +62,8 @@ if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
         /etc/init.d/fastd reload
 
         # fastd start/stop for various situations
-        pidfile="/tmp/run/fastd.${project}.pid"
-        if [ "$(ls /etc/fastd/${project}/peers/* 2>/dev/null)" ]; then
+        pidfile="/tmp/run/fastd.fff.pid"
+        if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
             ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start
         else
             ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop
-- 
2.7.4



Mehr Informationen über die Mailingliste franken-dev