From patchwork Sun Jun 26 21:23:13 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [3/4] Add package fff-vpn-select From: Robert Langhammer X-Patchwork-Id: 174 Message-Id: <1466976194-2546-4-git-send-email-rlanghammer@web.de> To: franken-dev@freifunk.net Date: Sun, 26 Jun 2016 23:23:13 +0200 Signed-off-by: Robert Langhammer --- src/packages/fff/fff-vpn-select/Makefile | 41 +++++++++++ .../files/etc/hotplug.d/iface/50-vpn-select | 6 ++ .../files/usr/lib/micron.d/vpn-select | 1 + .../fff/fff-vpn-select/files/usr/sbin/vpn-select | 80 ++++++++++++++++++++++ 4 files changed, 128 insertions(+) create mode 100644 src/packages/fff/fff-vpn-select/Makefile create mode 100755 src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select create mode 100644 src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select create mode 100755 src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select diff --git a/src/packages/fff/fff-vpn-select/Makefile b/src/packages/fff/fff-vpn-select/Makefile new file mode 100644 index 0000000..30d9cc1 --- /dev/null +++ b/src/packages/fff/fff-vpn-select/Makefile @@ -0,0 +1,41 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=fff-vpn-select +PKG_VERSION:=1 +PKG_RELEASE:=1 + +PKG_BUILD_DIR:=$(BUILD_DIR)/fff-vpn-select + +include $(INCLUDE_DIR)/package.mk + +define Package/fff-vpn-select + SECTION:=base + CATEGORY:=Freifunk + TITLE:= Freifunk-Franken vpn-select + URL:=http://www.freifunk-franken.de + DEPENDS:=+fff-tunneldigger \ + +fff-fastd +endef + +define Package/fff-vpn-select/description + Thie package selects and starts the VPN + In this version fastd and l2tp via tunneldigger +endef + +define Build/Prepare + echo "all: " > $(PKG_BUILD_DIR)/Makefile +endef + +define Build/Configure + # nothing +endef + +define Build/Compile + # nothing +endef + +define Package/fff-vpn-select/install + $(CP) ./files/* $(1)/ +endef + +$(eval $(call BuildPackage,fff-vpn-select)) diff --git a/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select new file mode 100755 index 0000000..16d9853 --- /dev/null +++ b/src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select @@ -0,0 +1,6 @@ +#!/bin/sh +[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && { + sleep 3 + /usr/sbin/vpn-select +} + diff --git a/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select new file mode 100644 index 0000000..dc20486 --- /dev/null +++ b/src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select @@ -0,0 +1 @@ +*/5 * * * * sleep $(/usr/bin/random 0 29); sh /usr/sbin/vpn-select diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select new file mode 100755 index 0000000..165c584 --- /dev/null +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select @@ -0,0 +1,80 @@ +#!/bin/sh + +test -f /tmp/started || exit + +make_config() { +# remove old config +>etc/config/tunneldigger +rm /tmp/fastd_${project}_peers/* +count=0 +# get fastd peers +pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable) +wget -T15 "http://keyserver.freifunk-franken.de/${project}/geo.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/fastd_${project}_output +filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_${project}_output) +for file in $filecounts; do + awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_${project}_output | sed 's/ float;/;/g' > /etc/fastd/$project/peers/$file + echo 'float yes;' >> /etc/fastd/$project/peers/$file + + # ask for Broker and select the tunnel + IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/${project}/peers/$file) + if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then + # Gateway offers l2tp + FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/${project}/peers/$file) + L2PORT=$((FDPORT + 10000)) + UUID=_$hostname + + uci set tunneldigger.$count=broker + uci set tunneldigger.$count.address="$IP:$L2PORT" + uci set tunneldigger.$count.uuid="$UUID" + uci set tunneldigger.$count.interface="l2tp$count" + uci set tunneldigger.$count.enabled="1" + uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook' + uci commit tunneldigger + count=$((count + 1)) + # remove this fastd-peer + rm /etc/fastd/${project}/peers/$file + fi +done +} + +# main +test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken keyserver +test_ipv4_host2="8.8.8.8" # Google DNS +test_ipv6_host1="heise.de" # heise Zeitschriftenverlag + +# Only do something when the router has internet connection +if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null || + ping -w5 -c3 "$test_ipv4_host2" &>/dev/null || + ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then + + #set some vars + . /etc/community.cfg + project="$VPN_PROJECT" + mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null) + lat=$(uci get system.@system[0].latitude) + long=$(uci get system.@system[0].longitude) + hostname=$(cat /proc/sys/kernel/hostname) + [ "$hostname" = "OpenWrt" ] && hostname="" + [ "$hostname" = "" ] && hostname="$mac" + + if [ ! -d /tmp/fastd_${project}_peers ]; then + # first run after reboot + mkdir /tmp/fastd_${project}_peers + # do we have a fastd secret + if [ "$(uci get fastd.${project}.secret)" = "generate" -o -z "$(uci get fastd.${project}.secret)" ]; then + secret=$(fastd --generate-key 2>&1 | awk '/[Ss]ecret/ { print $2 }') + uci set fastd.${project}.secret="$secret" + uci commit fastd + fi + make_config + /etc/init.d/fastd start + /etc/init.d/tunneldigger start + else + # check if new tunneldigger conf is different + md5old=$(md5sum /etc/config/tunneldigger | cut -f1 -d" ") + make_config + md5new=$(md5sum /etc/config/tunneldigger | cut -f1 -d" ") + [ "$md5new" != "$md5old" ] && /etc/init.d/tunneldigger restart + /etc/init.d/fastd reload + fi +fi