| Message ID | 1506960349-3212-5-git-send-email-freifunk@adrianschmutzler.de |
|---|---|
| State | Superseded |
| Headers | show |
diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood index 5346a90..ac800f4 100755 --- a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood +++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood @@ -176,32 +176,7 @@ if [ -s /tmp/keyxchangev2data ]; then exit 0 fi - # and now we read the VPN Data and give this data to fff-vpn - json_select vpn - Index=1 - rm /tmp/fastd_fff_output - touch /tmp/fastd_fff_output - while json_select "$Index" > /dev/null - do - json_get_var protocol protocol - if [ "$protocol" == "fastd" ]; then - json_get_var servername name - echo "####${servername}.conf" >> /tmp/fastd_fff_output - echo "#name \"${servername}\";" >> /tmp/fastd_fff_output - json_get_var key key - echo "key \"${key}\";" >> /tmp/fastd_fff_output - json_get_var address address - json_get_var port port - echo "remote ipv4 \"${address}\" port $port float;" >> /tmp/fastd_fff_output - fi - echo "" >> /tmp/fastd_fff_output - json_select ".." # back to vpn - Index=$(( Index + 1 )) - done - echo "###" >> /tmp/fastd_fff_output - json_select ".." # back to root - #this we do every 5 minutes, because it can change the VPN Protocol - #and now we get to vpn-select Script and load VPNs + # and now we get to vpn-select script and load VPNs directly from /tmp/keyxchangev2data sh /usr/sbin/vpn-select else diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select index bb4c933..32e2ab4 100755 --- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select @@ -2,72 +2,87 @@ test -f /tmp/started || exit +. /usr/share/libubox/jshn.sh + make_config() { # remove old config >/etc/config/tunneldigger rm /tmp/fastd_fff_peers/* count=0 +Index=1 +json_load "$(cat /tmp/keyxchangev2data)" +json_select vpn # get fastd peers -filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_fff_output) -for file in $filecounts; do - awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_fff_output | sed 's/ float;/;/g' > /etc/fastd/fff/peers/$file - echo 'float yes;' >> /etc/fastd/fff/peers/$file - - # ask for Broker and select the tunnel - IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/fff/peers/$file) - if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then - # Gateway offers l2tp - FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/fff/peers/$file) - L2PORT=$((FDPORT + 10000)) - UUID=$hostname +while json_select "$Index" > /dev/null +do + json_get_var protocol protocol + if [ "$protocol" == "fastd" ]; then + json_get_var servername name + filename="/etc/fastd/fff/peers/$servername" + echo "#name \"${servername}\";" > "$filename" + json_get_var key key + echo "key \"${key}\";" >> "$filename" + json_get_var address address + json_get_var port port + echo "remote ipv4 \"${address}\" port ${port};" >> "$filename" + echo "" >> "$filename" + echo "float yes;" >> "$filename" + + # ask for Broker and select the tunnel + if [ "l2tp" = "$(wget -T10 "${address}/vpn.txt" -O - 2>/dev/null)" ]; then + # Gateway offers l2tp + L2PORT=$((port + 10000)) + UUID=$hostname - uci set tunneldigger.$count=broker - uci set tunneldigger.$count.address="$IP:$L2PORT" - uci set tunneldigger.$count.uuid="$UUID" - uci set tunneldigger.$count.interface="l2tp$count" - uci set tunneldigger.$count.enabled="1" - uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook' - uci -c /tmp commit tunneldigger - count=$((count + 1)) - # remove this fastd-peer - rm /etc/fastd/fff/peers/$file - fi + uci set tunneldigger.$count=broker + uci set tunneldigger.$count.address="${address}:$L2PORT" + uci set tunneldigger.$count.uuid="$UUID" + uci set tunneldigger.$count.interface="l2tp$count" + uci set tunneldigger.$count.enabled="1" + uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook' + uci -c /tmp commit tunneldigger + count=$((count + 1)) + # remove this fastd-peer + rm "$filename" + fi + fi + json_select ".." # back to vpn + Index=$(( Index + 1 )) done +json_select ".." # back to root } # main # Only do something when file is here and greater 0 byte -if [ -s /tmp/fastd_fff_output ]; then - - # set some vars - hostname=$(cat /proc/sys/kernel/hostname) - mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null) - [ "$hostname" = "OpenWrt" ] && hostname="" - [ "$hostname" = "" ] && hostname="$mac" - - if [ ! -d /tmp/fastd_fff_peers ]; then - # first run after reboot - mkdir /tmp/fastd_fff_peers - make_config - # start fastd only if there are some peers left - [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start - /etc/init.d/tunneldigger start - else - # check if new tunneldigger conf is different - sumold=$(sha256sum /etc/config/tunneldigger) - make_config - sumnew=$(sha256sum /etc/config/tunneldigger) - [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger restart - /etc/init.d/fastd reload +if [ -s /tmp/keyxchangev2data ]; then + # set some vars + hostname=$(cat /proc/sys/kernel/hostname) + mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null) + [ "$hostname" = "LEDE" ] && hostname="" + [ "$hostname" = "" ] && hostname="$mac" - # fastd start/stop for various situations - pidfile="/tmp/run/fastd.fff.pid" - if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then - ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start - else - ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop - fi + if [ ! -d /tmp/fastd_fff_peers ]; then + # first run after reboot + mkdir /tmp/fastd_fff_peers + make_config + # start fastd only if there are some peers left + [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start + /etc/init.d/tunneldigger start + else + # check if new tunneldigger conf is different + sumold=$(sha256sum /etc/config/tunneldigger) + make_config + sumnew=$(sha256sum /etc/config/tunneldigger) + [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger restart + /etc/init.d/fastd reload - fi + # fastd start/stop for various situations + pidfile="/tmp/run/fastd.fff.pid" + if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then + ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start + else + ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop + fi + fi fi
Hi Am Montag, den 02.10.2017, 18:05 +0200 schrieb Adrian Schmutzler: > This is a first consolidation step which gets rid of > /tmp/fastd_fff_output, but still requires /etc/fastd/fff/peers/* > > Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> > --- > .../fff/fff-hoods/files/usr/sbin/configurehood | 27 +---- > .../fff/fff-vpn-select/files/usr/sbin/vpn-select | 121 ++++++++++++--------- > 2 files changed, 69 insertions(+), 79 deletions(-) > > diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > index 5346a90..ac800f4 100755 > --- a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > +++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > @@ -176,32 +176,7 @@ if [ -s /tmp/keyxchangev2data ]; then > exit 0 > fi > > - # and now we read the VPN Data and give this data to fff-vpn > - json_select vpn > - Index=1 > - rm /tmp/fastd_fff_output > - touch /tmp/fastd_fff_output > - while json_select "$Index" > /dev/null > - do > - json_get_var protocol protocol > - if [ "$protocol" == "fastd" ]; then > - json_get_var servername name > - echo "####${servername}.conf" >> /tmp/fastd_fff_output > - echo "#name \"${servername}\";" >> /tmp/fastd_fff_output > - json_get_var key key > - echo "key \"${key}\";" >> /tmp/fastd_fff_output > - json_get_var address address > - json_get_var port port > - echo "remote ipv4 \"${address}\" port $port float;" >> /tmp/fastd_fff_output > - fi > - echo "" >> /tmp/fastd_fff_output > - json_select ".." # back to vpn > - Index=$(( Index + 1 )) > - done > - echo "###" >> /tmp/fastd_fff_output > - json_select ".." # back to root > - #this we do every 5 minutes, because it can change the VPN Protocol > - #and now we get to vpn-select Script and load VPNs > + # and now we get to vpn-select script and load VPNs directly from /tmp/keyxchangev2data > sh /usr/sbin/vpn-select > > else > diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select > index bb4c933..32e2ab4 100755 > --- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select > +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select > @@ -2,72 +2,87 @@ > > test -f /tmp/started || exit > > +. /usr/share/libubox/jshn.sh > + > make_config() { > # remove old config > >/etc/config/tunneldigger Gut, das ist ein symlink auf ein tmpfs.. Passt. > rm /tmp/fastd_fff_peers/* > count=0 > +Index=1 > +json_load "$(cat /tmp/keyxchangev2data)" > +json_select vpn > # get fastd peers > -filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_fff_output) > -for file in $filecounts; do > - awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_fff_output | sed 's/ float;/;/g' > /etc/fastd/fff/peers/$file > - echo 'float yes;' >> /etc/fastd/fff/peers/$file > - > - # ask for Broker and select the tunnel > - IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/fff/peers/$file) > - if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then > - # Gateway offers l2tp > - FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/fff/peers/$file) > - L2PORT=$((FDPORT + 10000)) > - UUID=$hostname > +while json_select "$Index" > /dev/null > +do > + json_get_var protocol protocol > + if [ "$protocol" == "fastd" ]; then > + json_get_var servername name > + filename="/etc/fastd/fff/peers/$servername" > + echo "#name \"${servername}\";" > "$filename" > + json_get_var key key > + echo "key \"${key}\";" >> "$filename" > + json_get_var address address > + json_get_var port port > + echo "remote ipv4 \"${address}\" port ${port};" >> "$filename" > + echo "" >> "$filename" > + echo "float yes;" >> "$filename" Hier fänd ich ein else if [ "$protocol" == "l2tpv3" ]; then besser als das hier: > + # ask for Broker and select the tunnel > + if [ "l2tp" = "$(wget -T10 "${address}/vpn.txt" -O - 2>/dev/null)" ]; then Aber bisher bin ich wohl der einzige der lieber so will. :( > + # Gateway offers l2tp > + L2PORT=$((port + 10000)) > + UUID=$hostname Nur ne Kleinigkeit, aber es wäre mMn übersichtlicher wenn man hier einfach _immer_ die MAC nimmt anstatt den hostname. Ist aber im Grunde auch nicht so wichtig.. > > - uci set tunneldigger.$count=broker > - uci set tunneldigger.$count.address="$IP:$L2PORT" > - uci set tunneldigger.$count.uuid="$UUID" > - uci set tunneldigger.$count.interface="l2tp$count" > - uci set tunneldigger.$count.enabled="1" > - uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook' > - uci -c /tmp commit tunneldigger > - count=$((count + 1)) > - # remove this fastd-peer > - rm /etc/fastd/fff/peers/$file > - fi > + uci set tunneldigger.$count=broker > + uci set tunneldigger.$count.address="${address}:$L2PORT" > + uci set tunneldigger.$count.uuid="$UUID" > + uci set tunneldigger.$count.interface="l2tp$count" > + uci set tunneldigger.$count.enabled="1" > + uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook' > + uci -c /tmp commit tunneldigger > + count=$((count + 1)) > + # remove this fastd-peer > + rm "$filename" > + fi > + fi > + json_select ".." # back to vpn > + Index=$(( Index + 1 )) > done > +json_select ".." # back to root > } > > # main > > # Only do something when file is here and greater 0 byte > -if [ -s /tmp/fastd_fff_output ]; then > - > - # set some vars > - hostname=$(cat /proc/sys/kernel/hostname) > - mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null) > - [ "$hostname" = "OpenWrt" ] && hostname="" > - [ "$hostname" = "" ] && hostname="$mac" > - > - if [ ! -d /tmp/fastd_fff_peers ]; then > - # first run after reboot > - mkdir /tmp/fastd_fff_peers > - make_config > - # start fastd only if there are some peers left > - [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start > - /etc/init.d/tunneldigger start > - else > - # check if new tunneldigger conf is different > - sumold=$(sha256sum /etc/config/tunneldigger) > - make_config > - sumnew=$(sha256sum /etc/config/tunneldigger) > - [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger restart > - /etc/init.d/fastd reload > +if [ -s /tmp/keyxchangev2data ]; then > + # set some vars > + hostname=$(cat /proc/sys/kernel/hostname) > + mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null) > + [ "$hostname" = "LEDE" ] && hostname="" > + [ "$hostname" = "" ] && hostname="$mac" Das ganze hin und her ge'if'fe könnte man sich durch den obigen Kommentar sparen. Wie gesagt, meine Anmerkungen sind entweder nicht so wichtig oder nicht konsensreif, von daher: Reviewed-by: Tim Niemeyer <tim@tn-x.org> Tim > > - # fastd start/stop for various situations > - pidfile="/tmp/run/fastd.fff.pid" > - if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then > - ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start > - else > - ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop > - fi > + if [ ! -d /tmp/fastd_fff_peers ]; then > + # first run after reboot > + mkdir /tmp/fastd_fff_peers > + make_config > + # start fastd only if there are some peers left > + [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start > + /etc/init.d/tunneldigger start > + else > + # check if new tunneldigger conf is different > + sumold=$(sha256sum /etc/config/tunneldigger) > + make_config > + sumnew=$(sha256sum /etc/config/tunneldigger) > + [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger restart > + /etc/init.d/fastd reload > > - fi > + # fastd start/stop for various situations > + pidfile="/tmp/run/fastd.fff.pid" > + if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then > + ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start > + else > + ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop > + fi > + fi > fi > -- > 2.7.4 >
Hi, Am 2. Oktober 2017 18:57:42 MESZ schrieb Tim Niemeyer <tim@tn-x.org>: >Hi > >Am Montag, den 02.10.2017, 18:05 +0200 schrieb Adrian Schmutzler: >> This is a first consolidation step which gets rid of >> /tmp/fastd_fff_output, but still requires /etc/fastd/fff/peers/* >> >> Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> >> --- >> .../fff/fff-hoods/files/usr/sbin/configurehood | 27 +---- >> .../fff/fff-vpn-select/files/usr/sbin/vpn-select | 121 >++++++++++++--------- >> 2 files changed, 69 insertions(+), 79 deletions(-) >> >> diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood >b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood >> index 5346a90..ac800f4 100755 >> --- a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood >> +++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood >> @@ -176,32 +176,7 @@ if [ -s /tmp/keyxchangev2data ]; then >> exit 0 >> fi >> >> - # and now we read the VPN Data and give this data to fff-vpn >> - json_select vpn >> - Index=1 >> - rm /tmp/fastd_fff_output >> - touch /tmp/fastd_fff_output >> - while json_select "$Index" > /dev/null >> - do >> - json_get_var protocol protocol >> - if [ "$protocol" == "fastd" ]; then >> - json_get_var servername name >> - echo "####${servername}.conf" >> /tmp/fastd_fff_output >> - echo "#name \"${servername}\";" >> /tmp/fastd_fff_output >> - json_get_var key key >> - echo "key \"${key}\";" >> /tmp/fastd_fff_output >> - json_get_var address address >> - json_get_var port port >> - echo "remote ipv4 \"${address}\" port $port float;" >> >/tmp/fastd_fff_output >> - fi >> - echo "" >> /tmp/fastd_fff_output >> - json_select ".." # back to vpn >> - Index=$(( Index + 1 )) >> - done >> - echo "###" >> /tmp/fastd_fff_output >> - json_select ".." # back to root >> - #this we do every 5 minutes, because it can change the VPN Protocol >> - #and now we get to vpn-select Script and load VPNs >> + # and now we get to vpn-select script and load VPNs directly from >/tmp/keyxchangev2data >> sh /usr/sbin/vpn-select >> >> else >> diff --git >a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select >b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select >> index bb4c933..32e2ab4 100755 >> --- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select >> +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select >> @@ -2,72 +2,87 @@ >> >> test -f /tmp/started || exit >> >> +. /usr/share/libubox/jshn.sh >> + >> make_config() { >> # remove old config >> >/etc/config/tunneldigger >Gut, das ist ein symlink auf ein tmpfs.. Passt. > >> rm /tmp/fastd_fff_peers/* >> count=0 >> +Index=1 >> +json_load "$(cat /tmp/keyxchangev2data)" >> +json_select vpn >> # get fastd peers >> -filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", >$0); print $0; }' /tmp/fastd_fff_output) >> -for file in $filecounts; do >> - awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" >/tmp/fastd_fff_output | sed 's/ float;/;/g' > >/etc/fastd/fff/peers/$file >> - echo 'float yes;' >> /etc/fastd/fff/peers/$file >> - >> - # ask for Broker and select the tunnel >> - IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/fff/peers/$file) >> - if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; >then >> - # Gateway offers l2tp >> - FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' >/etc/fastd/fff/peers/$file) >> - L2PORT=$((FDPORT + 10000)) >> - UUID=$hostname >> +while json_select "$Index" > /dev/null >> +do >> + json_get_var protocol protocol >> + if [ "$protocol" == "fastd" ]; then >> + json_get_var servername name >> + filename="/etc/fastd/fff/peers/$servername" >> + echo "#name \"${servername}\";" > "$filename" >> + json_get_var key key >> + echo "key \"${key}\";" >> "$filename" >> + json_get_var address address >> + json_get_var port port >> + echo "remote ipv4 \"${address}\" port ${port};" >> "$filename" >> + echo "" >> "$filename" >> + echo "float yes;" >> "$filename" > >Hier fänd ich ein > else if [ "$protocol" == "l2tpv3" ]; then >besser als das hier: >> + # ask for Broker and select the tunnel >> + if [ "l2tp" = "$(wget -T10 "${address}/vpn.txt" -O - 2>/dev/null)" >]; then >Aber bisher bin ich wohl der einzige der lieber so will. :( Nein, da bist du nicht alleine. Ich hab diese Krücken damals blos eingebaut, weil man nichts am KeyXchange ändern wollte. Robert > >> + # Gateway offers l2tp >> + L2PORT=$((port + 10000)) >> + UUID=$hostname >Nur ne Kleinigkeit, aber es wäre mMn übersichtlicher wenn man hier >einfach _immer_ die MAC nimmt anstatt den hostname. Ist aber im Grunde >auch nicht so wichtig.. > >> >> - uci set tunneldigger.$count=broker >> - uci set tunneldigger.$count.address="$IP:$L2PORT" >> - uci set tunneldigger.$count.uuid="$UUID" >> - uci set tunneldigger.$count.interface="l2tp$count" >> - uci set tunneldigger.$count.enabled="1" >> - uci set >tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook' >> - uci -c /tmp commit tunneldigger >> - count=$((count + 1)) >> - # remove this fastd-peer >> - rm /etc/fastd/fff/peers/$file >> - fi >> + uci set tunneldigger.$count=broker >> + uci set tunneldigger.$count.address="${address}:$L2PORT" >> + uci set tunneldigger.$count.uuid="$UUID" >> + uci set tunneldigger.$count.interface="l2tp$count" >> + uci set tunneldigger.$count.enabled="1" >> + uci set >tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook' >> + uci -c /tmp commit tunneldigger >> + count=$((count + 1)) >> + # remove this fastd-peer >> + rm "$filename" >> + fi >> + fi >> + json_select ".." # back to vpn >> + Index=$(( Index + 1 )) >> done >> +json_select ".." # back to root >> } >> >> # main >> >> # Only do something when file is here and greater 0 byte >> -if [ -s /tmp/fastd_fff_output ]; then >> - >> - # set some vars >> - hostname=$(cat /proc/sys/kernel/hostname) >> - mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' >/sys/class/net/br-mesh/address 2>/dev/null) >> - [ "$hostname" = "OpenWrt" ] && hostname="" >> - [ "$hostname" = "" ] && hostname="$mac" >> - >> - if [ ! -d /tmp/fastd_fff_peers ]; then >> - # first run after reboot >> - mkdir /tmp/fastd_fff_peers >> - make_config >> - # start fastd only if there are some peers left >> - [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && >/etc/init.d/fastd start >> - /etc/init.d/tunneldigger start >> - else >> - # check if new tunneldigger conf is different >> - sumold=$(sha256sum /etc/config/tunneldigger) >> - make_config >> - sumnew=$(sha256sum /etc/config/tunneldigger) >> - [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger >restart >> - /etc/init.d/fastd reload >> +if [ -s /tmp/keyxchangev2data ]; then >> + # set some vars >> + hostname=$(cat /proc/sys/kernel/hostname) >> + mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' >/sys/class/net/br-mesh/address 2>/dev/null) >> + [ "$hostname" = "LEDE" ] && hostname="" >> + [ "$hostname" = "" ] && hostname="$mac" >Das ganze hin und her ge'if'fe könnte man sich durch den obigen >Kommentar sparen. > >Wie gesagt, meine Anmerkungen sind entweder nicht so wichtig oder nicht >konsensreif, von daher: > >Reviewed-by: Tim Niemeyer <tim@tn-x.org> > >Tim > >> >> - # fastd start/stop for various situations >> - pidfile="/tmp/run/fastd.fff.pid" >> - if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then >> - ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) >|| /etc/init.d/fastd start >> - else >> - ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) >&& /etc/init.d/fastd stop >> - fi >> + if [ ! -d /tmp/fastd_fff_peers ]; then >> + # first run after reboot >> + mkdir /tmp/fastd_fff_peers >> + make_config >> + # start fastd only if there are some peers left >> + [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && >/etc/init.d/fastd start >> + /etc/init.d/tunneldigger start >> + else >> + # check if new tunneldigger conf is different >> + sumold=$(sha256sum /etc/config/tunneldigger) >> + make_config >> + sumnew=$(sha256sum /etc/config/tunneldigger) >> + [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger restart >> + /etc/init.d/fastd reload >> >> - fi >> + # fastd start/stop for various situations >> + pidfile="/tmp/run/fastd.fff.pid" >> + if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then >> + ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || >/etc/init.d/fastd start >> + else >> + ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && >/etc/init.d/fastd stop >> + fi >> + fi >> fi >> -- >> 2.7.4 >>
Hallo, ich glaube Christian (?) hatte ja eingeworfen, dass ein zentrales Setzen des L2TP-Status die Flexibilität einschränkt. Dem würde ich mich zunächst anschließen. Grüße Adrian > -----Original Message----- > From: franken-dev [mailto:franken-dev-bounces@freifunk.net] On Behalf > Of Robert Langhammer > Sent: Montag, 2. Oktober 2017 22:44 > To: franken-dev@freifunk.net > Subject: Re: [PATCH v12 5/6] vpn-select: Use keyxchangev2data instead of > fastd_fff_output > > > > Hi, > Am 2. Oktober 2017 18:57:42 MESZ schrieb Tim Niemeyer <tim@tn-x.org>: > >Hi > > > >Am Montag, den 02.10.2017, 18:05 +0200 schrieb Adrian Schmutzler: > >> This is a first consolidation step which gets rid of > >> /tmp/fastd_fff_output, but still requires /etc/fastd/fff/peers/* > >> > >> Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> > >> --- > >> .../fff/fff-hoods/files/usr/sbin/configurehood | 27 +---- > >> .../fff/fff-vpn-select/files/usr/sbin/vpn-select | 121 > >++++++++++++--------- > >> 2 files changed, 69 insertions(+), 79 deletions(-) > >> > >> diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > >b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > >> index 5346a90..ac800f4 100755 > >> --- a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > >> +++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood > >> @@ -176,32 +176,7 @@ if [ -s /tmp/keyxchangev2data ]; then > >> exit 0 > >> fi > >> > >> - # and now we read the VPN Data and give this data to fff-vpn > >> - json_select vpn > >> - Index=1 > >> - rm /tmp/fastd_fff_output > >> - touch /tmp/fastd_fff_output > >> - while json_select "$Index" > /dev/null > >> - do > >> - json_get_var protocol protocol > >> - if [ "$protocol" == "fastd" ]; then > >> - json_get_var servername name > >> - echo "####${servername}.conf" >> > /tmp/fastd_fff_output > >> - echo "#name \"${servername}\";" >> > /tmp/fastd_fff_output > >> - json_get_var key key > >> - echo "key \"${key}\";" >> /tmp/fastd_fff_output > >> - json_get_var address address > >> - json_get_var port port > >> - echo "remote ipv4 \"${address}\" port $port float;" > >> > >/tmp/fastd_fff_output > >> - fi > >> - echo "" >> /tmp/fastd_fff_output > >> - json_select ".." # back to vpn > >> - Index=$(( Index + 1 )) > >> - done > >> - echo "###" >> /tmp/fastd_fff_output > >> - json_select ".." # back to root > >> - #this we do every 5 minutes, because it can change the VPN Protocol > >> - #and now we get to vpn-select Script and load VPNs > >> + # and now we get to vpn-select script and load VPNs directly from > >/tmp/keyxchangev2data > >> sh /usr/sbin/vpn-select > >> > >> else > >> diff --git > >a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select > >b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select > >> index bb4c933..32e2ab4 100755 > >> --- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select > >> +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select > >> @@ -2,72 +2,87 @@ > >> > >> test -f /tmp/started || exit > >> > >> +. /usr/share/libubox/jshn.sh > >> + > >> make_config() { > >> # remove old config > >> >/etc/config/tunneldigger > >Gut, das ist ein symlink auf ein tmpfs.. Passt. > > > >> rm /tmp/fastd_fff_peers/* > >> count=0 > >> +Index=1 > >> +json_load "$(cat /tmp/keyxchangev2data)" > >> +json_select vpn > >> # get fastd peers > >> -filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", > >$0); print $0; }' /tmp/fastd_fff_output) > >> -for file in $filecounts; do > >> - awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" > >/tmp/fastd_fff_output | sed 's/ float;/;/g' > > >/etc/fastd/fff/peers/$file > >> - echo 'float yes;' >> /etc/fastd/fff/peers/$file > >> - > >> - # ask for Broker and select the tunnel > >> - IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/fff/peers/$file) > >> - if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; > >then > >> - # Gateway offers l2tp > >> - FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' > >/etc/fastd/fff/peers/$file) > >> - L2PORT=$((FDPORT + 10000)) > >> - UUID=$hostname > >> +while json_select "$Index" > /dev/null > >> +do > >> + json_get_var protocol protocol > >> + if [ "$protocol" == "fastd" ]; then > >> + json_get_var servername name > >> + filename="/etc/fastd/fff/peers/$servername" > >> + echo "#name \"${servername}\";" > "$filename" > >> + json_get_var key key > >> + echo "key \"${key}\";" >> "$filename" > >> + json_get_var address address > >> + json_get_var port port > >> + echo "remote ipv4 \"${address}\" port ${port};" >> > "$filename" > >> + echo "" >> "$filename" > >> + echo "float yes;" >> "$filename" > > > >Hier fänd ich ein > > else if [ "$protocol" == "l2tpv3" ]; then > >besser als das hier: > >> + # ask for Broker and select the tunnel > >> + if [ "l2tp" = "$(wget -T10 "${address}/vpn.txt" -O - > 2>/dev/null)" > >]; then > >Aber bisher bin ich wohl der einzige der lieber so will. :( > Nein, da bist du nicht alleine. Ich hab diese Krücken damals blos eingebaut, > weil man nichts am KeyXchange ändern wollte. > > Robert > > > >> + # Gateway offers l2tp > >> + L2PORT=$((port + 10000)) > >> + UUID=$hostname > >Nur ne Kleinigkeit, aber es wäre mMn übersichtlicher wenn man hier > >einfach _immer_ die MAC nimmt anstatt den hostname. Ist aber im Grunde > >auch nicht so wichtig.. > > > >> > >> - uci set tunneldigger.$count=broker > >> - uci set tunneldigger.$count.address="$IP:$L2PORT" > >> - uci set tunneldigger.$count.uuid="$UUID" > >> - uci set tunneldigger.$count.interface="l2tp$count" > >> - uci set tunneldigger.$count.enabled="1" > >> - uci set > >tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook' > >> - uci -c /tmp commit tunneldigger > >> - count=$((count + 1)) > >> - # remove this fastd-peer > >> - rm /etc/fastd/fff/peers/$file > >> - fi > >> + uci set tunneldigger.$count=broker > >> + uci set > tunneldigger.$count.address="${address}:$L2PORT" > >> + uci set tunneldigger.$count.uuid="$UUID" > >> + uci set tunneldigger.$count.interface="l2tp$count" > >> + uci set tunneldigger.$count.enabled="1" > >> + uci set > >tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook' > >> + uci -c /tmp commit tunneldigger > >> + count=$((count + 1)) > >> + # remove this fastd-peer > >> + rm "$filename" > >> + fi > >> + fi > >> + json_select ".." # back to vpn > >> + Index=$(( Index + 1 )) > >> done > >> +json_select ".." # back to root > >> } > >> > >> # main > >> > >> # Only do something when file is here and greater 0 byte > >> -if [ -s /tmp/fastd_fff_output ]; then > >> - > >> - # set some vars > >> - hostname=$(cat /proc/sys/kernel/hostname) > >> - mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' > >/sys/class/net/br-mesh/address 2>/dev/null) > >> - [ "$hostname" = "OpenWrt" ] && hostname="" > >> - [ "$hostname" = "" ] && hostname="$mac" > >> - > >> - if [ ! -d /tmp/fastd_fff_peers ]; then > >> - # first run after reboot > >> - mkdir /tmp/fastd_fff_peers > >> - make_config > >> - # start fastd only if there are some peers left > >> - [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && > >/etc/init.d/fastd start > >> - /etc/init.d/tunneldigger start > >> - else > >> - # check if new tunneldigger conf is different > >> - sumold=$(sha256sum /etc/config/tunneldigger) > >> - make_config > >> - sumnew=$(sha256sum /etc/config/tunneldigger) > >> - [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger > >restart > >> - /etc/init.d/fastd reload > >> +if [ -s /tmp/keyxchangev2data ]; then > >> + # set some vars > >> + hostname=$(cat /proc/sys/kernel/hostname) > >> + mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' > >/sys/class/net/br-mesh/address 2>/dev/null) > >> + [ "$hostname" = "LEDE" ] && hostname="" > >> + [ "$hostname" = "" ] && hostname="$mac" > >Das ganze hin und her ge'if'fe könnte man sich durch den obigen > >Kommentar sparen. > > > >Wie gesagt, meine Anmerkungen sind entweder nicht so wichtig oder nicht > >konsensreif, von daher: > > > >Reviewed-by: Tim Niemeyer <tim@tn-x.org> > > > >Tim > > > >> > >> - # fastd start/stop for various situations > >> - pidfile="/tmp/run/fastd.fff.pid" > >> - if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then > >> - ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) > >|| /etc/init.d/fastd start > >> - else > >> - ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) > >&& /etc/init.d/fastd stop > >> - fi > >> + if [ ! -d /tmp/fastd_fff_peers ]; then > >> + # first run after reboot > >> + mkdir /tmp/fastd_fff_peers > >> + make_config > >> + # start fastd only if there are some peers left > >> + [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && > >/etc/init.d/fastd start > >> + /etc/init.d/tunneldigger start > >> + else > >> + # check if new tunneldigger conf is different > >> + sumold=$(sha256sum /etc/config/tunneldigger) > >> + make_config > >> + sumnew=$(sha256sum /etc/config/tunneldigger) > >> + [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger > restart > >> + /etc/init.d/fastd reload > >> > >> - fi > >> + # fastd start/stop for various situations > >> + pidfile="/tmp/run/fastd.fff.pid" > >> + if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then > >> + ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || > >/etc/init.d/fastd start > >> + else > >> + ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && > >/etc/init.d/fastd stop > >> + fi > >> + fi > >> fi > >> -- > >> 2.7.4 > >> > -- > franken-dev mailing list > franken-dev@freifunk.net > http://lists.freifunk.net/mailman/listinfo/franken-dev-freifunk.net
On 02.10.2017 22:44, Robert Langhammer wrote: > > > Hi, > Am 2. Oktober 2017 18:57:42 MESZ schrieb Tim Niemeyer <tim@tn-x.org>: >> Hi >> >> Am Montag, den 02.10.2017, 18:05 +0200 schrieb Adrian Schmutzler: >> Hier fänd ich ein >> else if [ "$protocol" == "l2tpv3" ]; then >> besser als das hier: >>> + # ask for Broker and select the tunnel >>> + if [ "l2tp" = "$(wget -T10 "${address}/vpn.txt" -O - 2>/dev/null)" >> ]; then >> Aber bisher bin ich wohl der einzige der lieber so will. :( > Nein, da bist du nicht alleine. Ich hab diese Krücken damals blos eingebaut, weil man nichts am KeyXchange ändern wollte. Hi für mich hat sich diese "Krücke" aber als sehr hilfreich erwiesen, man kann fließend l2tp an und abschalten wie man es gerade haben will. Gut ich hab den Luxus dies auch im keyxchange(v2) tun zu können, andere vielleicht nicht. Später beim dez. keyxchange wirds noch schlimmer, will ich oder irgendjemand anders an/abschalten muss man ständig 2(+x?) Personen zum siginieren suchen. Ganz ehrlich? Wenn das so umgesetzt wird dann verzichte ich auf l2tp und nutze das was am stabilsten ist und das ist eher noch fastd als l2tp. Wobei fastd aktuell auch so seine zicken hat, aber das stürzt wenigstens sang und klanglos ab und trennt alle Verbindungen, bei l2tp hatte ich leider schon die dümmsten Sachen :/ Für diejenigen die es in der Hoodfile haben wollen, wo seht ihr den Vorteil gegenüber der aktuellen "Krücke"? mfg Christian > > Robert >> >>> + # Gateway offers l2tp >>> + L2PORT=$((port + 10000)) >>> + UUID=$hostname >> Nur ne Kleinigkeit, aber es wäre mMn übersichtlicher wenn man hier >> einfach _immer_ die MAC nimmt anstatt den hostname. Ist aber im Grunde >> auch nicht so wichtig..
Hi Am Dienstag, den 03.10.2017, 15:14 +0200 schrieb Christian Dresel: > > On 02.10.2017 22:44, Robert Langhammer wrote: > > > > > > Hi, > > Am 2. Oktober 2017 18:57:42 MESZ schrieb Tim Niemeyer <tim@tn-x.org > > >: > > > Hi > > > > > > Am Montag, den 02.10.2017, 18:05 +0200 schrieb Adrian Schmutzler: > > > Hier fänd ich ein > > > else if [ "$protocol" == "l2tpv3" ]; then > > > besser als das hier: > > > > + # ask for Broker and select the tunnel > > > > + if [ "l2tp" = "$(wget -T10 > > > > "${address}/vpn.txt" -O - 2>/dev/null)" > > > > > > ]; then > > > Aber bisher bin ich wohl der einzige der lieber so will. :( > > > > Nein, da bist du nicht alleine. Ich hab diese Krücken damals blos > > eingebaut, weil man nichts am KeyXchange ändern wollte. > > Hi > > für mich hat sich diese "Krücke" aber als sehr hilfreich erwiesen, > man > kann fließend l2tp an und abschalten wie man es gerade haben will. > Gut > ich hab den Luxus dies auch im keyxchange(v2) tun zu können, andere > vielleicht nicht. > Später beim dez. keyxchange wirds noch schlimmer, will ich oder > irgendjemand anders an/abschalten muss man ständig 2(+x?) Personen > zum > siginieren suchen. Ganz ehrlich? Wenn das so umgesetzt wird dann > verzichte ich auf l2tp und nutze das was am stabilsten ist und das > ist > eher noch fastd als l2tp. Wobei fastd aktuell auch so seine zicken > hat, > aber das stürzt wenigstens sang und klanglos ab und trennt alle > Verbindungen, bei l2tp hatte ich leider schon die dümmsten Sachen :/ Also zunächst mal sind die Probleme bei dir natürlich echt doof und ernst zu nehmen. Sie sollten aber eigentlich separat behandelt werden. Wenn da was instabil ist, muss man die Ursache suchen, finden und beheben. Da jetzt, nur weil irgendwo anders Bugs sind, so ein Workaround einzubauen der ansonsten unnötig ist, ist sehr unschön! > Für diejenigen die es in der Hoodfile haben wollen, wo seht ihr den > Vorteil gegenüber der aktuellen "Krücke"? Die Auswahl ist übers json bereits da. Man kann beides parallel machen (muss ja nur den Gateway zwei mal eintragen). Man wird die ständigen http abfragen los. Man kann am Gateway die Ports auf ne andere VM schieben ohne das man noch nen http proxy oder irgendwas machen muss. Insbesondere bei IP sharing sehr problematisch. Ich denke das json Konzept ist immer noch sehr flexibel für dich, wenn du dein Gateway zwei mal einträgst und dann halt mal das eine an und das andere abschaltest. Tim > mfg > > Christian > > > > > Robert > > > > > > > + # Gateway offers l2tp > > > > + L2PORT=$((port + 10000)) > > > > + UUID=$hostname > > > > > > Nur ne Kleinigkeit, aber es wäre mMn übersichtlicher wenn man > > > hier > > > einfach _immer_ die MAC nimmt anstatt den hostname. Ist aber im > > > Grunde > > > auch nicht so wichtig.. > >
This is a first consolidation step which gets rid of /tmp/fastd_fff_output, but still requires /etc/fastd/fff/peers/* Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> --- .../fff/fff-hoods/files/usr/sbin/configurehood | 27 +---- .../fff/fff-vpn-select/files/usr/sbin/vpn-select | 121 ++++++++++++--------- 2 files changed, 69 insertions(+), 79 deletions(-)