[PATCH v7 3/4] Reconfigure vpn-select for keyxchangev2
Christian Dresel
fff at chrisi01.de
So Sep 17 12:58:11 CEST 2017
hi
On 17.09.2017 12:54, mail at adrianschmutzler.de wrote:
> Hallo,
>
> siehe ganz unten.
>
>> -----Original Message-----
>> From: franken-dev [mailto:franken-dev-bounces at freifunk.net] On Behalf
>> Of Christian Dresel
>> Sent: Sonntag, 17. September 2017 07:38
>> To: franken-dev at freifunk.net
>> Subject: [PATCH v7 3/4] Reconfigure vpn-select for keyxchangev2
>>
>> we need some little changes and copy some things to fff-hood later
>>
>> Signed-off-by: Christian Dresel <fff at chrisi01.de>
>>
>> Update in v6:
>> - remove /etc/community.cfg variables
>> - remove load lat/lon from uci system
>>
>> Update in v7:
>> - make main if smaller, only check if file greater 0 byte, no ping
> anymore
>> ---
>> .../files/etc/hotplug.d/iface/50-vpn-select | 6 ---
>> .../files/usr/lib/micron.d/vpn-select | 1 -
>> .../fff/fff-vpn-select/files/usr/sbin/vpn-select | 47
> +++++++---------------
>> 3 files changed, 15 insertions(+), 39 deletions(-) delete mode 100755
>> src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
>> delete mode 100644 src/packages/fff/fff-vpn-
>> select/files/usr/lib/micron.d/vpn-select
>>
>> diff --git
> a/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-
>> select b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-
>> select
>> deleted file mode 100755
>> index 16d9853..0000000
>> ---
> a/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select
>> +++ /dev/null
>> @@ -1,6 +0,0 @@
>> -#!/bin/sh
>> -[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && {
>> - sleep 3
>> - /usr/sbin/vpn-select
>> -}
>> -
>> diff --git
> a/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
>> b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
>> deleted file mode 100644
>> index dc20486..0000000
>> --- a/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select
>> +++ /dev/null
>> @@ -1 +0,0 @@
>> -*/5 * * * * sleep $(/usr/bin/random 0 29); sh /usr/sbin/vpn-select diff
> --git
>> a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
>> b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
>> index c3d003f..1867913 100755
>> --- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
>> +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select
>> @@ -5,21 +5,20 @@ test -f /tmp/started || exit
>> make_config() {
>> # remove old config
>> >/etc/config/tunneldigger
>> -rm /tmp/fastd_${project}_peers/*
>> +rm /tmp/fastd_fff_peers/*
>> count=0
>> # get fastd peers
>> pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c -
> --show-
>> key --machine-readable) -wget -T15 "http://keyserver.freifunk-
>> franken.de/${project}/geo.php?mac=$mac&name=$hostname&port=$port
>> &key=$pubkey&lat=$lat&long=$long" -O /tmp/fastd_${project}_output -
>> filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0);
> print
>> $0; }' /tmp/fastd_${project}_output)
>> +filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "",
>> +$0); print $0; }' /tmp/fastd_fff_output)
>> for file in $filecounts; do
>> - awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};"
>> /tmp/fastd_${project}_output | sed 's/ float;/;/g' >
>> /etc/fastd/$project/peers/$file
>> - echo 'float yes;' >> /etc/fastd/$project/peers/$file
>> + awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};"
>> /tmp/fastd_fff_output | sed 's/ float;/;/g' > /etc/fastd/fff/peers/$file
>> + echo 'float yes;' >> /etc/fastd/fff/peers/$file
>>
>> # ask for Broker and select the tunnel
>> - IP=$(awk -F\" '/remote/ {print $2}'
> /etc/fastd/${project}/peers/$file)
>> + IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/fff/peers/$file)
>> if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then
>> # Gateway offers l2tp
>> - FDPORT=$(awk '/remote/{gsub(";", ""); print $5}'
>> /etc/fastd/${project}/peers/$file)
>> + FDPORT=$(awk '/remote/{gsub(";", ""); print $5}'
>> + /etc/fastd/fff/peers/$file)
>> L2PORT=$((FDPORT + 10000))
>> UUID=$hostname
>>
>> @@ -32,43 +31,27 @@ for file in $filecounts; do
>> uci -c /tmp commit tunneldigger
>> count=$((count + 1))
>> # remove this fastd-peer
>> - rm /etc/fastd/${project}/peers/$file
>> + rm /etc/fastd/fff/peers/$file
>> fi
>> done
>> }
>>
>> # main
>> -test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken
>> keyserver
>> -test_ipv4_host2="8.8.8.8" # Google DNS
>> -test_ipv6_host1="heise.de" # heise Zeitschriftenverlag
>>
>> -# Only do something when the router has internet connection -if ping -w5
> -
>> c3 "$test_ipv4_host1" &>/dev/null ||
>> - ping -w5 -c3 "$test_ipv4_host2" &>/dev/null ||
>> - ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then
>> +# Only do something when file is here and greater 0 byte if [ -s
>> +/tmp/fastd_fff_output ]; then
>>
>> # set some vars
>> - . /etc/community.cfg
>> - project="$VPN_PROJECT"
>> - mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }'
>> /sys/class/net/br-mesh/address 2>/dev/null)
>> - lat=$(uci get system. at system[0].latitude)
>> - long=$(uci get system. at system[0].longitude)
>> hostname=$(cat /proc/sys/kernel/hostname)
>> [ "$hostname" = "OpenWrt" ] && hostname=""
>> [ "$hostname" = "" ] && hostname="$mac"
>>
>> - if [ ! -d /tmp/fastd_${project}_peers ]; then
>> + if [ ! -d /tmp/fastd_fff_peers ]; then
>> # first run after reboot
>> - mkdir /tmp/fastd_${project}_peers
>> - # do we have a fastd secret
>> - if ! egrep "option secret '[0-9a-f]{64}'" /etc/config/fastd
> &>/dev/null;
>> then
>> - secret=$(fastd --generate-key 2>&1 | awk '/[Ss]ecret/ {
> print $2 }')
>> - uci set fastd.${project}.secret="$secret"
>> - uci commit fastd
>> - fi
>> + mkdir /tmp/fastd_fff_peers
>> make_config
>> # start fastd only if there are some peers left
>> - [ "$(ls /etc/fastd/${project}/peers/* 2>/dev/null)" ] &&
> /etc/init.d/fastd
>> start
>> + [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] &&
>> + /etc/init.d/fastd start
>> /etc/init.d/tunneldigger start
>> else
>> # check if new tunneldigger conf is different @@ -79,10 +62,10 @@
> if
>> ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
>> /etc/init.d/fastd reload
>>
>> # fastd start/stop for various situations
>> - if [ "$(ls /etc/fastd/${project}/peers/* 2>/dev/null)" ]; then
>> - [ -d /proc/$(cat /tmp/run/fastd.${project}.pid) ] ||
> /etc/init.d/fastd
>> start
>> + if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then
>> + [ -d /proc/$(cat /tmp/run/fastd.fff.pid) ] ||
>
> Hier und ...
>
>> + /etc/init.d/fastd start
>> else
>> - [ -d /proc/$(cat /tmp/run/fastd.${project}.pid) ] &&
> /etc/init.d/fastd
>> stop
>> + [ -d /proc/$(cat /tmp/run/fastd.fff.pid) ] &&
>
> ... hier besteht nach wie vor ein Problem, wenn fastd.fff.pid leer ist oder
> nicht existiert.
>
> Mein Patch dazu liegt im Patchwork schon rum, aber natürlich für die alte
> Version.
>
> https://pw.freifunk-franken.de/patch/456/
>
> Willst du das gleich mit einbauen oder soll ich einen eigenen Patch 5/5 für
> den Keyexchangev2 bauen?
ah stimmt, daran hab ich gar nicht mehr gedacht. Gut erwischt, danke.
Ich denke das einfachste wäre, wenn du es einfach auf mein Patchset oben
drauf baust oder? Muss dann auch nicht 5/5 sein sondern einfach ein
extra Patch das halt erst nach meinen applied werden kann.
mfg
Christian
>
> Beste Grüße
>
> Adrian
>
>> + /etc/init.d/fastd stop
>> fi
>>
>> fi
>> --
>> 2.1.4
>>
>> --
>> franken-dev mailing list
>> franken-dev at freifunk.net
>> http://lists.freifunk.net/mailman/listinfo/franken-dev-freifunk.net
>
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname : signature.asc
Dateityp : application/pgp-signature
Dateigröße : 819 bytes
Beschreibung: OpenPGP digital signature
URL : <http://lists.freifunk.net/pipermail/franken-dev-freifunk.net/attachments/20170917/73e207c1/attachment.sig>
Mehr Informationen über die Mailingliste franken-dev