From patchwork Tue Oct 3 16:53:30 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [v15, 5/6] vpn-select: Use keyxchangev2data instead of fastd_fff_output From: Adrian Schmutzler X-Patchwork-Id: 517 Message-Id: <1507049611-22432-2-git-send-email-freifunk@adrianschmutzler.de> To: franken-dev@freifunk.net Date: Tue, 3 Oct 2017 18:53:30 +0200 This is a first consolidation step which gets rid of /tmp/fastd_fff_output, but still requires /etc/fastd/fff/peers/* Signed-off-by: Adrian Schmutzler Tested-by: Adrian Schmutzler --- .../fff/fff-hoods/files/usr/sbin/configurehood | 27 +---- .../fff/fff-vpn-select/files/usr/sbin/vpn-select | 121 ++++++++++++--------- 2 files changed, 69 insertions(+), 79 deletions(-) diff --git a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood index bf5058a..3979293 100755 --- a/src/packages/fff/fff-hoods/files/usr/sbin/configurehood +++ b/src/packages/fff/fff-hoods/files/usr/sbin/configurehood @@ -196,32 +196,7 @@ if [ -s /tmp/keyxchangev2data ]; then exit 0 fi - # and now we read the VPN Data and give this data to fff-vpn - json_select vpn - Index=1 - rm /tmp/fastd_fff_output - touch /tmp/fastd_fff_output - while json_select "$Index" > /dev/null - do - json_get_var protocol protocol - if [ "$protocol" == "fastd" ]; then - json_get_var servername name - echo "####${servername}.conf" >> /tmp/fastd_fff_output - echo "#name \"${servername}\";" >> /tmp/fastd_fff_output - json_get_var key key - echo "key \"${key}\";" >> /tmp/fastd_fff_output - json_get_var address address - json_get_var port port - echo "remote ipv4 \"${address}\" port $port float;" >> /tmp/fastd_fff_output - fi - echo "" >> /tmp/fastd_fff_output - json_select ".." # back to vpn - Index=$(( Index + 1 )) - done - echo "###" >> /tmp/fastd_fff_output - json_select ".." # back to root - #this we do every 5 minutes, because it can change the VPN Protocol - #and now we get to vpn-select Script and load VPNs + # and now we get to vpn-select script and load VPNs directly from /tmp/keyxchangev2data if hasInternet ; then sh /usr/sbin/vpn-select diff --git a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select index bbc87cc..150efe2 100755 --- a/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select +++ b/src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select @@ -1,71 +1,86 @@ #!/bin/sh +. /usr/share/libubox/jshn.sh + make_config() { # remove old config >/etc/config/tunneldigger rm /tmp/fastd_fff_peers/* count=0 +Index=1 +json_load "$(cat /tmp/keyxchangev2data)" +json_select vpn # get fastd peers -filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_fff_output) -for file in $filecounts; do - awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_fff_output | sed 's/ float;/;/g' > /etc/fastd/fff/peers/$file - echo 'float yes;' >> /etc/fastd/fff/peers/$file - - # ask for Broker and select the tunnel - IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/fff/peers/$file) - if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then - # Gateway offers l2tp - FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/fff/peers/$file) - L2PORT=$((FDPORT + 10000)) - UUID=$hostname +while json_select "$Index" > /dev/null +do + json_get_var protocol protocol + if [ "$protocol" == "fastd" ]; then + json_get_var servername name + filename="/etc/fastd/fff/peers/$servername" + echo "#name \"${servername}\";" > "$filename" + json_get_var key key + echo "key \"${key}\";" >> "$filename" + json_get_var address address + json_get_var port port + echo "remote ipv4 \"${address}\" port ${port};" >> "$filename" + echo "" >> "$filename" + echo "float yes;" >> "$filename" + + # ask for Broker and select the tunnel + if [ "l2tp" = "$(wget -T10 "${address}/vpn.txt" -O - 2>/dev/null)" ]; then + # Gateway offers l2tp + L2PORT=$((port + 10000)) + UUID=$hostname - uci set tunneldigger.$count=broker - uci set tunneldigger.$count.address="$IP:$L2PORT" - uci set tunneldigger.$count.uuid="$UUID" - uci set tunneldigger.$count.interface="l2tp$count" - uci set tunneldigger.$count.enabled="1" - uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook' - uci -c /tmp commit tunneldigger - count=$((count + 1)) - # remove this fastd-peer - rm /etc/fastd/fff/peers/$file - fi + uci set tunneldigger.$count=broker + uci set tunneldigger.$count.address="${address}:$L2PORT" + uci set tunneldigger.$count.uuid="$UUID" + uci set tunneldigger.$count.interface="l2tp$count" + uci set tunneldigger.$count.enabled="1" + uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook' + uci -c /tmp commit tunneldigger + count=$((count + 1)) + # remove this fastd-peer + rm "$filename" + fi + fi + json_select ".." # back to vpn + Index=$(( Index + 1 )) done +json_select ".." # back to root } # main # Only do something when file is here and greater 0 byte -if [ -s /tmp/fastd_fff_output ]; then - - # set some vars - hostname=$(cat /proc/sys/kernel/hostname) - mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null) - [ "$hostname" = "OpenWrt" ] && hostname="" - [ "$hostname" = "" ] && hostname="$mac" - - if [ ! -d /tmp/fastd_fff_peers ]; then - # first run after reboot - mkdir /tmp/fastd_fff_peers - make_config - # start fastd only if there are some peers left - [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start - /etc/init.d/tunneldigger start - else - # check if new tunneldigger conf is different - sumold=$(sha256sum /etc/config/tunneldigger) - make_config - sumnew=$(sha256sum /etc/config/tunneldigger) - [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger restart - /etc/init.d/fastd reload +if [ -s /tmp/keyxchangev2data ]; then + # set some vars + hostname=$(cat /proc/sys/kernel/hostname) + mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null) + [ "$hostname" = "LEDE" ] && hostname="" + [ "$hostname" = "" ] && hostname="$mac" - # fastd start/stop for various situations - pidfile="/tmp/run/fastd.fff.pid" - if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then - ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start - else - ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop - fi + if [ ! -d /tmp/fastd_fff_peers ]; then + # first run after reboot + mkdir /tmp/fastd_fff_peers + make_config + # start fastd only if there are some peers left + [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ] && /etc/init.d/fastd start + /etc/init.d/tunneldigger start + else + # check if new tunneldigger conf is different + sumold=$(sha256sum /etc/config/tunneldigger) + make_config + sumnew=$(sha256sum /etc/config/tunneldigger) + [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger restart + /etc/init.d/fastd reload - fi + # fastd start/stop for various situations + pidfile="/tmp/run/fastd.fff.pid" + if [ "$(ls /etc/fastd/fff/peers/* 2>/dev/null)" ]; then + ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) || /etc/init.d/fastd start + else + ([ -s "$pidfile" ] && [ -d "/proc/$(cat "$pidfile")" ]) && /etc/init.d/fastd stop + fi + fi fi