Message ID | 1466976194-2546-4-git-send-email-rlanghammer@web.de |
---|---|
State | Accepted, archived |
Headers | show |
diff --git a/src/packages/fff/fff-vpn-select/Makefile b/src/packages/fff/fff-vpn-select/Makefile new file mode 100644 index 0000000..30d9cc1 --- /dev/null +++ b/src/packages/fff/fff-vpn-select/Makefile @@ -0,0 +1,41 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=fff-vpn-select +PKG_VERSION:=1 +PKG_RELEASE:=1 + +PKG_BUILD_DIR:=$(BUILD_DIR)/fff-vpn-select + +include $(INCLUDE_DIR)/package.mk + +define Package/fff-vpn-select + SECTION:=base + CATEGORY:=Freifunk + TITLE:= Freifunk-Franken vpn-select + URL:=http://www.freifunk-franken.de + DEPENDS:=+fff-tunneldigger \ + +fff-fastd +endef + +define Package/fff-vpn-select/description + Thie package selects and starts the VPN + In this version fastd and l2tp via tunneldigger +endef + +define Build/Prepare + echo "all: " > $(PKG_BUILD_DIR)/Makefile +endef + +define Build/Configure + # nothing +endef + +define Build/Compile + # nothing +endef + +define Package/fff-vpn-select/install + $(CP) ./files/* $(1)/ +endef + +$(eval $(call BuildPackage,fff-vpn-select)) diff --git a/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select new file mode 100755 index 0000000..16d9853 --- /dev/null +++ b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select @@ -0,0 +1,6 @@ +#!/bin/sh +[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && { + sleep 3 + /usr/sbin/vpn-select +} + diff --git a/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select new file mode 100644 index 0000000..dc20486 --- /dev/null +++ b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select @@ -0,0 +1 @@ +*/5 * * * * sleep $(/usr/bin/random 0 29); sh /usr/sbin/vpn-select diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select new file mode 100755 index 0000000..165c584 --- /dev/null +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select @@ -0,0 +1,80 @@ +#!/bin/sh + +test -f /tmp/started || exit + +make_config() { +# remove old config +>etc/config/tunneldigger +rm /tmp/fastd_${project}_peers/* +count=0 +# get fastd peers +pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable) +wget -T15 "http://keyserver.freifunk-franken.de/${project}/geo.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/fastd_${project}_output +filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_${project}_output) +for file in $filecounts; do + awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_${project}_output | sed 's/ float;/;/g' > /etc/fastd/$project/peers/$file + echo 'float yes;' >> /etc/fastd/$project/peers/$file + + # ask for Broker and select the tunnel + IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/${project}/peers/$file) + if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then + # Gateway offers l2tp + FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/${project}/peers/$file) + L2PORT=$((FDPORT + 10000)) + UUID=_$hostname + + uci set tunneldigger.$count=broker + uci set tunneldigger.$count.address="$IP:$L2PORT" + uci set tunneldigger.$count.uuid="$UUID" + uci set tunneldigger.$count.interface="l2tp$count" + uci set tunneldigger.$count.enabled="1" + uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook' + uci commit tunneldigger + count=$((count + 1)) + # remove this fastd-peer + rm /etc/fastd/${project}/peers/$file + fi +done +} + +# main +test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken keyserver +test_ipv4_host2="8.8.8.8" # Google DNS +test_ipv6_host1="heise.de" # heise Zeitschriftenverlag + +# Only do something when the router has internet connection +if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null || + ping -w5 -c3 "$test_ipv4_host2" &>/dev/null || + ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then + + #set some vars + . /etc/community.cfg + project="$VPN_PROJECT" + mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null) + lat=$(uci get system.@system[0].latitude) + long=$(uci get system.@system[0].longitude) + hostname=$(cat /proc/sys/kernel/hostname) + [ "$hostname" = "OpenWrt" ] && hostname="" + [ "$hostname" = "" ] && hostname="$mac" + + if [ ! -d /tmp/fastd_${project}_peers ]; then + # first run after reboot + mkdir /tmp/fastd_${project}_peers + # do we have a fastd secret + if [ "$(uci get fastd.${project}.secret)" = "generate" -o -z "$(uci get fastd.${project}.secret)" ]; then + secret=$(fastd --generate-key 2>&1 | awk '/[Ss]ecret/ { print $2 }') + uci set fastd.${project}.secret="$secret" + uci commit fastd + fi + make_config + /etc/init.d/fastd start + /etc/init.d/tunneldigger start + else + # check if new tunneldigger conf is different + md5old=$(md5sum /etc/config/tunneldigger | cut -f1 -d" ") + make_config + md5new=$(md5sum /etc/config/tunneldigger | cut -f1 -d" ") + [ "$md5new" != "$md5old" ] && /etc/init.d/tunneldigger restart + /etc/init.d/fastd reload + fi +fi
Am Sonntag, den 26.06.2016, 23:23 +0200 schrieb Robert Langhammer: > Signed-off-by: Robert Langhammer <rlanghammer@web.de> > --- > src/packages/fff/fff-vpn-select/Makefile | 41 +++++++++++ > .../files/etc/hotplug.d/iface/50-vpn-select | 6 ++ > .../files/usr/lib/micron.d/vpn-select | 1 + > .../fff/fff-vpn-select/files/usr/sbin/vpn-select | 80 ++++++++++++++++++++++ > 4 files changed, 128 insertions(+) > create mode 100644 src/packages/fff/fff-vpn-select/Makefile > create mode 100755 src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select > create mode 100644 src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select > create mode 100755 src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select > > diff --git a/src/packages/fff/fff-vpn-select/Makefile b/src/packages/fff/fff-vpn-select/Makefile > new file mode 100644 > index 0000000..30d9cc1 > --- /dev/null > +++ b/src/packages/fff/fff-vpn-select/Makefile > @@ -0,0 +1,41 @@ > +include $(TOPDIR)/rules.mk > + > +PKG_NAME:=fff-vpn-select > +PKG_VERSION:=1 > +PKG_RELEASE:=1 > + > +PKG_BUILD_DIR:=$(BUILD_DIR)/fff-vpn-select > + > +include $(INCLUDE_DIR)/package.mk > + > +define Package/fff-vpn-select > + SECTION:=base > + CATEGORY:=Freifunk > + TITLE:= Freifunk-Franken vpn-select > + URL:=http://www.freifunk-franken.de > + DEPENDS:=+fff-tunneldigger \ > + +fff-fastd > +endef > + > +define Package/fff-vpn-select/description > + Thie package selects and starts the VPN > + In this version fastd and l2tp via tunneldigger > +endef > + > +define Build/Prepare > + echo "all: " > $(PKG_BUILD_DIR)/Makefile > +endef > + > +define Build/Configure > + # nothing > +endef > + > +define Build/Compile > + # nothing > +endef > + > +define Package/fff-vpn-select/install > + $(CP) ./files/* $(1)/ > +endef > + > +$(eval $(call BuildPackage,fff-vpn-select)) > diff --git a/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select > new file mode 100755 > index 0000000..16d9853 > --- /dev/null > +++ b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select > @@ -0,0 +1,6 @@ > +#!/bin/sh > +[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && { > + sleep 3 > + /usr/sbin/vpn-select > +} > + > diff --git a/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select > new file mode 100644 > index 0000000..dc20486 > --- /dev/null > +++ b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select > @@ -0,0 +1 @@ > +*/5 * * * * sleep $(/usr/bin/random 0 29); sh /usr/sbin/vpn-select > diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select > new file mode 100755 > index 0000000..165c584 > --- /dev/null > +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select > @@ -0,0 +1,80 @@ > +#!/bin/sh > + > +test -f /tmp/started || exit > + > +make_config() { > +# remove old config > +>etc/config/tunneldigger Hier nochmal das selbe. Wenn wir es unten per uci konfigurieren, sollten wir es hier auch per uci löschen. > +rm /tmp/fastd_${project}_peers/* > +count=0 > +# get fastd peers > +pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable) > +wget -T15 "http://keyserver.freifunk-franken.de/${project}/geo.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/fastd_${project}_output > +filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_${project}_output) > +for file in $filecounts; do > + awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_${project}_output | sed 's/ float;/;/g' > /etc/fastd/$project/peers/$file > + echo 'float yes;' >> /etc/fastd/$project/peers/$file > + > + # ask for Broker and select the tunnel > + IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/${project}/peers/$file) > + if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then > + # Gateway offers l2tp > + FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/${project}/peers/$file) > + L2PORT=$((FDPORT + 10000)) > + UUID=_$hostname > + > + uci set tunneldigger.$count=broker > + uci set tunneldigger.$count.address="$IP:$L2PORT" > + uci set tunneldigger.$count.uuid="$UUID" > + uci set tunneldigger.$count.interface="l2tp$count" > + uci set tunneldigger.$count.enabled="1" > + uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook' > + uci commit tunneldigger > + count=$((count + 1)) > + # remove this fastd-peer > + rm /etc/fastd/${project}/peers/$file > + fi > +done > +} > + > +# main > +test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken keyserver > +test_ipv4_host2="8.8.8.8" # Google DNS > +test_ipv6_host1="heise.de" # heise Zeitschriftenverlag > + > +# Only do something when the router has internet connection > +if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null || > + ping -w5 -c3 "$test_ipv4_host2" &>/dev/null || > + ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then > + > + #set some vars > + . /etc/community.cfg > + project="$VPN_PROJECT" > + mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null) > + lat=$(uci get system.@system[0].latitude) > + long=$(uci get system.@system[0].longitude) > + hostname=$(cat /proc/sys/kernel/hostname) > + [ "$hostname" = "OpenWrt" ] && hostname="" > + [ "$hostname" = "" ] && hostname="$mac" > + > + if [ ! -d /tmp/fastd_${project}_peers ]; then > + # first run after reboot > + mkdir /tmp/fastd_${project}_peers > + # do we have a fastd secret > + if [ "$(uci get fastd.${project}.secret)" = "generate" -o -z "$(uci get fastd.${project}.secret)" ]; then > + secret=$(fastd --generate-key 2>&1 | awk '/[Ss]ecret/ { print $2 }') > + uci set fastd.${project}.secret="$secret" > + uci commit fastd > + fi > + make_config > + /etc/init.d/fastd start > + /etc/init.d/tunneldigger start > + else > + # check if new tunneldigger conf is different > + md5old=$(md5sum /etc/config/tunneldigger | cut -f1 -d" ") > + make_config > + md5new=$(md5sum /etc/config/tunneldigger | cut -f1 -d" ") Da wir ja mittlerweile auch SHA256 haben, sollten wir das hier eventuell benutzen. Dann können wir md5 irgendwann rausschmeißen. > + [ "$md5new" != "$md5old" ] && /etc/init.d/tunneldigger restart Gibt es an der Stelle einen Verbindungsabbruch? Grüße Jan > + /etc/init.d/fastd reload > + fi > +fi > -- > 2.8.0.rc3 >
Hi Ich hab mir das jetzt noch nicht im Detail angeschaut. Muss das auch erst noch auf mich wirken lassen. Scheint aber insgesamt schon mal sehr gut in die Richtung zu gehen, welche mir sehr zu sagt. Am Sonntag, den 26.06.2016, 23:23 +0200 schrieb Robert Langhammer: > Signed-off-by: Robert Langhammer <rlanghammer@web.de> > --- > src/packages/fff/fff-vpn-select/Makefile | 41 +++++++++++ > .../files/etc/hotplug.d/iface/50-vpn-select | 6 ++ > .../files/usr/lib/micron.d/vpn-select | 1 + > .../fff/fff-vpn-select/files/usr/sbin/vpn-select | 80 ++++++++++++++++++++++ > 4 files changed, 128 insertions(+) > create mode 100644 src/packages/fff/fff-vpn-select/Makefile > create mode 100755 src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select > create mode 100644 src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select > create mode 100755 src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select > > diff --git a/src/packages/fff/fff-vpn-select/Makefile b/src/packages/fff/fff-vpn-select/Makefile > new file mode 100644 > index 0000000..30d9cc1 > --- /dev/null > +++ b/src/packages/fff/fff-vpn-select/Makefile > @@ -0,0 +1,41 @@ > +include $(TOPDIR)/rules.mk > + > +PKG_NAME:=fff-vpn-select > +PKG_VERSION:=1 > +PKG_RELEASE:=1 > + > +PKG_BUILD_DIR:=$(BUILD_DIR)/fff-vpn-select > + > +include $(INCLUDE_DIR)/package.mk > + > +define Package/fff-vpn-select > + SECTION:=base > + CATEGORY:=Freifunk > + TITLE:= Freifunk-Franken vpn-select > + URL:=http://www.freifunk-franken.de > + DEPENDS:=+fff-tunneldigger \ > + +fff-fastd > +endef > + > +define Package/fff-vpn-select/description > + Thie package selects and starts the VPN > + In this version fastd and l2tp via tunneldigger > +endef > + > +define Build/Prepare > + echo "all: " > $(PKG_BUILD_DIR)/Makefile > +endef > + > +define Build/Configure > + # nothing > +endef > + > +define Build/Compile > + # nothing > +endef > + > +define Package/fff-vpn-select/install > + $(CP) ./files/* $(1)/ > +endef > + > +$(eval $(call BuildPackage,fff-vpn-select)) > diff --git a/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select > new file mode 100755 > index 0000000..16d9853 > --- /dev/null > +++ b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select > @@ -0,0 +1,6 @@ > +#!/bin/sh > +[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && { > + sleep 3 > + /usr/sbin/vpn-select > +} > + > diff --git a/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select > new file mode 100644 > index 0000000..dc20486 > --- /dev/null > +++ b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select > @@ -0,0 +1 @@ > +*/5 * * * * sleep $(/usr/bin/random 0 29); sh /usr/sbin/vpn-select > diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select > new file mode 100755 > index 0000000..165c584 > --- /dev/null > +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select > @@ -0,0 +1,80 @@ > +#!/bin/sh > + > +test -f /tmp/started || exit > + > +make_config() { > +# remove old config > +>etc/config/tunneldigger Ein / fehlt am Anfang des Pfades. Tim > +rm /tmp/fastd_${project}_peers/* > +count=0 > +# get fastd peers > +pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable) > +wget -T15 "http://keyserver.freifunk-franken.de/${project}/geo.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/fastd_${project}_output > +filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_${project}_output) > +for file in $filecounts; do > + awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_${project}_output | sed 's/ float;/;/g' > /etc/fastd/$project/peers/$file > + echo 'float yes;' >> /etc/fastd/$project/peers/$file > + > + # ask for Broker and select the tunnel > + IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/${project}/peers/$file) > + if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then > + # Gateway offers l2tp > + FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/${project}/peers/$file) > + L2PORT=$((FDPORT + 10000)) > + UUID=_$hostname > + > + uci set tunneldigger.$count=broker > + uci set tunneldigger.$count.address="$IP:$L2PORT" > + uci set tunneldigger.$count.uuid="$UUID" > + uci set tunneldigger.$count.interface="l2tp$count" > + uci set tunneldigger.$count.enabled="1" > + uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook' > + uci commit tunneldigger > + count=$((count + 1)) > + # remove this fastd-peer > + rm /etc/fastd/${project}/peers/$file > + fi > +done > +} > + > +# main > +test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken keyserver > +test_ipv4_host2="8.8.8.8" # Google DNS > +test_ipv6_host1="heise.de" # heise Zeitschriftenverlag > + > +# Only do something when the router has internet connection > +if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null || > + ping -w5 -c3 "$test_ipv4_host2" &>/dev/null || > + ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then > + > + #set some vars > + . /etc/community.cfg > + project="$VPN_PROJECT" > + mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null) > + lat=$(uci get system.@system[0].latitude) > + long=$(uci get system.@system[0].longitude) > + hostname=$(cat /proc/sys/kernel/hostname) > + [ "$hostname" = "OpenWrt" ] && hostname="" > + [ "$hostname" = "" ] && hostname="$mac" > + > + if [ ! -d /tmp/fastd_${project}_peers ]; then > + # first run after reboot > + mkdir /tmp/fastd_${project}_peers > + # do we have a fastd secret > + if [ "$(uci get fastd.${project}.secret)" = "generate" -o -z "$(uci get fastd.${project}.secret)" ]; then > + secret=$(fastd --generate-key 2>&1 | awk '/[Ss]ecret/ { print $2 }') > + uci set fastd.${project}.secret="$secret" > + uci commit fastd > + fi > + make_config > + /etc/init.d/fastd start > + /etc/init.d/tunneldigger start > + else > + # check if new tunneldigger conf is different > + md5old=$(md5sum /etc/config/tunneldigger | cut -f1 -d" ") > + make_config > + md5new=$(md5sum /etc/config/tunneldigger | cut -f1 -d" ") > + [ "$md5new" != "$md5old" ] && /etc/init.d/tunneldigger restart > + /etc/init.d/fastd reload > + fi > +fi > -- > 2.8.0.rc3 >
Signed-off-by: Robert Langhammer <rlanghammer@web.de> --- src/packages/fff/fff-vpn-select/Makefile | 41 +++++++++++ .../files/etc/hotplug.d/iface/50-vpn-select | 6 ++ .../files/usr/lib/micron.d/vpn-select | 1 + .../fff/fff-vpn-select/files/usr/sbin/vpn-select | 80 ++++++++++++++++++++++ 4 files changed, 128 insertions(+) create mode 100644 src/packages/fff/fff-vpn-select/Makefile create mode 100755 src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select create mode 100644 src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select create mode 100755 src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select