[PATCH v6 3/4] Reconfigure vpn-select for keyxchangev2
Tim Niemeyer
tim at tn-x.org
Sa Sep 16 19:27:57 CEST 2017
Hi
Am Samstag, den 16.09.2017, 16:47 +0200 schrieb Christian Dresel:
> we need some little changes and copy some things to fff-hood later
>
> > Signed-off-by: Christian Dresel <fff at chrisi01.de>
>
> Update in v6:
> - remove /etc/community.cfg variables
> - remove load lat/lon from uci system
> ---
> .../files/etc/hotplug.d/iface/50-vpn-select | 6 ---
> .../files/usr/lib/micron.d/vpn-select | 1 -
> .../fff/fff-vpn-select/files/usr/sbin/vpn-select | 47 +++++++++-------------
> 3 files changed, 20 insertions(+), 34 deletions(-)
> delete mode 100755 src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
> delete mode 100644 src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
>
> diff --git a/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
> deleted file mode 100755
> index 16d9853..0000000
> --- a/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
> +++ /dev/null
> @@ -1,6 +0,0 @@
> -#!/bin/sh
> -[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && {
> - sleep 3
> - /usr/sbin/vpn-select
> -}
> -
> diff --git a/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
> deleted file mode 100644
> index dc20486..0000000
> --- a/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
> +++ /dev/null
> @@ -1 +0,0 @@
> -*/5 * * * * sleep $(/usr/bin/random 0 29); sh /usr/sbin/vpn-select
> diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> index c3d003f..8f411cb 100755
> --- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> @@ -5,21 +5,20 @@ test -f /tmp/started || exit
> make_config() {
> # remove old config
> >/etc/config/tunneldigger
> -rm /tmp/fastd_${project}_peers/*
> +rm /tmp/fastd_fff_peers/*
> count=0
> # get fastd peers
> pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable)
> -wget -T15 "http://keyserver.freifunk-franken.de/${project}/geo.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/fastd_${project}_output
> -filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_${project}_output)
> +filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_fff_output)
> for file in $filecounts; do
> - awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_${project}_output | sed 's/ float;/;/g' > /etc/fastd/$project/peers/$file
> - echo 'float yes;' >> /etc/fastd/$project/peers/$file
> + awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_fff_output | sed 's/ float;/;/g' > /etc/fastd/fff/peers/$file
> + echo 'float yes;' >> /etc/fastd/fff/peers/$file
>
> # ask for Broker and select the tunnel
> - IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/${project}/peers/$file)
> + IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/fff/peers/$file)
> if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then
> # Gateway offers l2tp
> - FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/${project}/peers/$file)
> + FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/fff/peers/$file)
> L2PORT=$((FDPORT + 10000))
> UUID=$hostname
>
> @@ -32,7 +31,7 @@ for file in $filecounts; do
> uci -c /tmp commit tunneldigger
> count=$((count + 1))
> # remove this fastd-peer
> - rm /etc/fastd/${project}/peers/$file
> + rm /etc/fastd/fff/peers/$file
> fi
> done
> }
> @@ -42,33 +41,27 @@ test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken keyserver
> test_ipv4_host2="8.8.8.8" # Google DNS
> test_ipv6_host1="heise.de" # heise Zeitschriftenverlag
>
> +# need this here because the next if need this variable
Hö?
> +
> +
> +
> # Only do something when the router has internet connection
> -if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
> +if (ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
> ping -w5 -c3 "$test_ipv4_host2" &>/dev/null ||
> - ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then
> + ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null) &&
> + [ -n /tmp/fastd_fff_output ]; then
Hier nur prüfen, ob die Eingabe-Datei da und nicht leer ist. Der Ping
wird im fff-hoods bereits gemacht, und nur wenn der Erfolgreich war
wird dieses Script aufgerufen.
Wenn der Ping im fff-hoods nicht erfolgreich war, könnte sich auch ein
fastd/tunneldigger nicht ändern.
Tim
>
> # set some vars
> - . /etc/community.cfg
> - project="$VPN_PROJECT"
> - mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
> > - lat=$(uci get system. at system[0].latitude)
> > - long=$(uci get system. at system[0].longitude)
> hostname=$(cat /proc/sys/kernel/hostname)
> [ "$hostname" = "OpenWrt" ] && hostname=""
> [ "$hostname" = "" ] && hostname="$mac"
>
> - if [ ! -d /tmp/fastd_${project}_peers ]; then
> + if [ ! -d /tmp/fastd_fff_peers ]; then
> # first run after reboot
> - mkdir /tmp/fastd_${project}_peers
> - # do we have a fastd secret
> - if ! egrep "option secret '[0-9a-f]{64}'" /etc/config/fastd &>/dev/null; then
> - secret=$(fastd --generate-key 2>&1 | awk '/[Ss]ecret/ { print $2 }')
> - uci set fastd.${project}.secret="$secret"
> - uci commit fastd
> - fi
> + mkdir /tmp/fastd_fff_peers
> make_config
> # start fastd only if there are some peers left
> - [ "$(ls /etc/fastd/${project}/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start
> + [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start
> /etc/init.d/tunneldigger start
> else
> # check if new tunneldigger conf is different
> @@ -79,10 +72,10 @@ if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
> /etc/init.d/fastd reload
>
> # fastd start/stop for various situations
> - if [ "$(ls /etc/fastd/${project}/peers/* 2>/dev/null)" ]; then
> - [ -d /proc/$(cat /tmp/run/fastd.${project}.pid) ] || /etc/init.d/fastd start
> + if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
> + [ -d /proc/$(cat /tmp/run/fastd.fff.pid) ] || /etc/init.d/fastd start
> else
> - [ -d /proc/$(cat /tmp/run/fastd.${project}.pid) ] && /etc/init.d/fastd stop
> + [ -d /proc/$(cat /tmp/run/fastd.fff.pid) ] && /etc/init.d/fastd stop
> fi
>
> fi
> --
> 2.1.4
>
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : signature.asc
Dateityp : application/pgp-signature
Dateigröße : 488 bytes
Beschreibung: This is a digitally signed message part
URL : <http://lists.freifunk.net/pipermail/franken-dev-freifunk.net/attachments/20170916/9083ccf5/attachment.sig>
Mehr Informationen über die Mailingliste franken-dev