[PATCH v7 3/4] Reconfigure vpn-select for keyxchangev2

mail at adrianschmutzler.de mail at adrianschmutzler.de
So Sep 17 12:54:58 CEST 2017 

Hallo,

siehe ganz unten.

> -----Original Message-----
> From: franken-dev [mailto:franken-dev-bounces at freifunk.net] On Behalf
> Of Christian Dresel
> Sent: Sonntag, 17. September 2017 07:38
> To: franken-dev at freifunk.net
> Subject: [PATCH v7 3/4] Reconfigure vpn-select for keyxchangev2
> 
> we need some little changes and copy some things to fff-hood later
> 
> Signed-off-by: Christian Dresel <fff at chrisi01.de>
> 
> Update in v6:
>  - remove /etc/community.cfg variables
>  - remove load lat/lon from uci system
> 
> Update in v7:
>  - make main if smaller, only check if file greater 0 byte, no ping
anymore
> ---
>  .../files/etc/hotplug.d/iface/50-vpn-select        |  6 ---
>  .../files/usr/lib/micron.d/vpn-select              |  1 -
>  .../fff/fff-vpn-select/files/usr/sbin/vpn-select   | 47
+++++++---------------
>  3 files changed, 15 insertions(+), 39 deletions(-)  delete mode 100755
> src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
>  delete mode 100644 src/packages/fff/fff-vpn-
> select/files/usr/lib/micron.d/vpn-select
> 
> diff --git
a/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-
> select b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-
> select
> deleted file mode 100755
> index 16d9853..0000000
> ---
a/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
> +++ /dev/null
> @@ -1,6 +0,0 @@
> -#!/bin/sh
> -[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && {
> -       sleep 3
> -       /usr/sbin/vpn-select
> -}
> -
> diff --git
a/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
> b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
> deleted file mode 100644
> index dc20486..0000000
> --- a/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
> +++ /dev/null
> @@ -1 +0,0 @@
> -*/5 * * * * sleep $(/usr/bin/random 0 29); sh /usr/sbin/vpn-select diff
--git
> a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> index c3d003f..1867913 100755
> --- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
> @@ -5,21 +5,20 @@ test -f /tmp/started || exit
>  make_config() {
>  # remove old config
>  >/etc/config/tunneldigger
> -rm /tmp/fastd_${project}_peers/*
> +rm /tmp/fastd_fff_peers/*
>  count=0
>  # get fastd peers
>  pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c -
--show-
> key --machine-readable) -wget -T15 "http://keyserver.freifunk-
> franken.de/${project}/geo.php?mac=$mac&name=$hostname&port=$port
> &key=$pubkey&lat=$lat&long=$long" -O /tmp/fastd_${project}_output -
> filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0);
print
> $0; }' /tmp/fastd_${project}_output)
> +filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "",
> +$0); print $0; }' /tmp/fastd_fff_output)
>  for file in $filecounts; do
> -    awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};"
> /tmp/fastd_${project}_output | sed 's/ float;/;/g' >
> /etc/fastd/$project/peers/$file
> -    echo 'float yes;' >> /etc/fastd/$project/peers/$file
> +    awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};"
> /tmp/fastd_fff_output | sed 's/ float;/;/g' > /etc/fastd/fff/peers/$file
> +    echo 'float yes;' >> /etc/fastd/fff/peers/$file
> 
>      # ask for Broker and select the tunnel
> -    IP=$(awk -F\" '/remote/ {print $2}'
/etc/fastd/${project}/peers/$file)
> +    IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/fff/peers/$file)
>      if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then
>          # Gateway offers l2tp
> -        FDPORT=$(awk '/remote/{gsub(";", ""); print $5}'
> /etc/fastd/${project}/peers/$file)
> +        FDPORT=$(awk '/remote/{gsub(";", ""); print $5}'
> + /etc/fastd/fff/peers/$file)
>          L2PORT=$((FDPORT + 10000))
>          UUID=$hostname
> 
> @@ -32,43 +31,27 @@ for file in $filecounts; do
>          uci -c /tmp commit tunneldigger
>          count=$((count + 1))
>          # remove this fastd-peer
> -        rm /etc/fastd/${project}/peers/$file
> +        rm /etc/fastd/fff/peers/$file
>      fi
>  done
>  }
> 
>  # main
> -test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken
> keyserver
> -test_ipv4_host2="8.8.8.8"        # Google DNS
> -test_ipv6_host1="heise.de"       # heise Zeitschriftenverlag
> 
> -# Only do something when the router has internet connection -if ping -w5
-
> c3 "$test_ipv4_host1" &>/dev/null ||
> -   ping -w5 -c3 "$test_ipv4_host2" &>/dev/null ||
> -   ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then
> +# Only do something when file is here and greater 0 byte if [ -s
> +/tmp/fastd_fff_output ]; then
> 
>      # set some vars
> -    . /etc/community.cfg
> -    project="$VPN_PROJECT"
> -    mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }'
> /sys/class/net/br-mesh/address 2>/dev/null)
> -    lat=$(uci get system. at system[0].latitude)
> -    long=$(uci get system. at system[0].longitude)
>      hostname=$(cat /proc/sys/kernel/hostname)
>      [ "$hostname" = "OpenWrt" ] && hostname=""
>      [ "$hostname" = "" ] &&  hostname="$mac"
> 
> -    if [ ! -d /tmp/fastd_${project}_peers ]; then
> +    if [ ! -d /tmp/fastd_fff_peers ]; then
>          # first run after reboot
> -        mkdir /tmp/fastd_${project}_peers
> -        # do we have a fastd secret
> -        if ! egrep "option secret '[0-9a-f]{64}'" /etc/config/fastd
&>/dev/null;
> then
> -            secret=$(fastd --generate-key 2>&1 |  awk '/[Ss]ecret/ {
print $2 }')
> -            uci set fastd.${project}.secret="$secret"
> -            uci commit fastd
> -        fi
> +        mkdir /tmp/fastd_fff_peers
>          make_config
>          # start fastd only if there are some peers left
> -        [ "$(ls /etc/fastd/${project}/peers/* 2>/dev/null)" ] &&
/etc/init.d/fastd
> start
> +        [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] &&
> + /etc/init.d/fastd start
>          /etc/init.d/tunneldigger start
>      else
>          # check if new tunneldigger conf is different @@ -79,10 +62,10 @@
if
> ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
>          /etc/init.d/fastd reload
> 
>          # fastd start/stop for various situations
> -        if [ "$(ls /etc/fastd/${project}/peers/* 2>/dev/null)" ]; then
> -            [ -d /proc/$(cat /tmp/run/fastd.${project}.pid) ] ||
/etc/init.d/fastd
> start
> +        if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
> +            [ -d /proc/$(cat /tmp/run/fastd.fff.pid) ] ||

Hier und ...

> + /etc/init.d/fastd start
>          else
> -            [ -d /proc/$(cat /tmp/run/fastd.${project}.pid) ] &&
/etc/init.d/fastd
> stop
> +            [ -d /proc/$(cat /tmp/run/fastd.fff.pid) ] &&

... hier besteht nach wie vor ein Problem, wenn fastd.fff.pid leer ist oder
nicht existiert.

Mein Patch dazu liegt im Patchwork schon rum, aber natürlich für die alte
Version.

https://pw.freifunk-franken.de/patch/456/

Willst du das gleich mit einbauen oder soll ich einen eigenen Patch 5/5 für
den Keyexchangev2 bauen?

Beste Grüße

Adrian

> + /etc/init.d/fastd stop
>          fi
> 
>      fi
> --
> 2.1.4
> 
> --
> franken-dev mailing list
> franken-dev at freifunk.net
> http://lists.freifunk.net/mailman/listinfo/franken-dev-freifunk.net

Mehr Informationen über die Mailingliste franken-dev