fff-ab-01/etc/fastd/fff_beispiel_fastd.sh

106 lines
4.3 KiB
Bash
Raw Permalink Normal View History

2017-11-18 21:47:26 +01:00
#!/bin/sh
SERVERNAME="fff-ab-01"
hood="ab"
project="fff"
port=10004
SERVERNAME="$SERVERNAME.$hood"
hostname=$SERVERNAME
if [ ! -d /etc/fastd ]
then
mkdir /etc/fastd
fi
if [ ! -d /etc/fastd/$project.$hood ]
then
mkdir /etc/fastd/$project.$hood
mkdir /etc/fastd/$project.$hood/peers
#fastd config
(
echo "# Log warnings and errors to stderr"
echo "log level error;"
echo "# Log everything to a log file"
echo "log to syslog as \"${project}${hood}\" level info;"
echo "# Set the interface name"
echo "interface \"${project}${hood}VPN\";"
echo "# Support xsalsa20 and aes128 encryption methods, prefer xsalsa20"
echo "#method \"xsalsa20-poly1305\";"
echo "#method \"aes128-gcm\";"
echo "method \"null\";"
echo "# Bind to a fixed port, IPv4 only"
echo "bind any:${port};"
echo "# Secret key generated by \"fastd --generate-key\""
echo "secret \"$(fastd --generate-key | grep -i Secret | awk '{print $2}')\";"
echo "# Set the interface MTU for TAP mode with xsalsa20/aes128 over IPv4 with a base MTU of 1492 (PPPoE)"
echo "# (see MTU selection documentation)"
echo "mtu 1426;"
echo "on up \"/etc/fastd/${project}.${hood}/up.sh\";"
echo "on post-down \"/etc/fastd/${project}.${hood}/down.sh\";"
echo "# Include peers from the directory 'peers'"
echo "include peers from \"/etc/fastd/${project}.${hood}/peers\";"
echo "secure handshakes no;"
) >> "/etc/fastd/$project.$hood/$project.$hood.conf"
#fastd-up
(
echo "#!/bin/sh"
echo "/sbin/ifdown \$INTERFACE"
) >> /etc/fastd/$project.$hood/down.sh
chmod +x /etc/fastd/$project.$hood/down.sh
(
echo "#!/bin/sh"
echo "/sbin/ifup \$INTERFACE" >> /etc/fastd/$project.$hood/up.sh
) >> /etc/fastd/$project.$hood/up.sh
chmod +x /etc/fastd/$project.$hood/up.sh
fi
pubkey=$(fastd -c /etc/fastd/$project.$hood/$project.$hood.conf --show-key --machine-readable)
port=$(grep ^bind /etc/fastd/$project.$hood/$project.$hood.conf | cut -d: -f2 | cut -d\; -f1)
# fire up
if [ "$(/sbin/ifconfig -a | grep -i ethernet | grep ${project}${hood}VPN)" = "" ]
then
/bin/rm /var/run/fastd.$project.$hood.pid
fastd -c /etc/fastd/$project.$hood/$project.$hood.conf -d --pid-file /var/run/fastd.$project.$hood.pid
fi
# register
wget -T15 -q "http://keyserver.freifunk-franken.de/${project}/?name=$hostname&port=$port&key=$pubkey" -O /tmp/fastd_${project}.${hood}_output
if [ "$?" != "0" ]
then
echo "Update failed"
echo "Exiting, no clean up, no refresh"
exit
fi
touch /tmp/fastd_${project}.${hood}_starting
filenames=$(cat /tmp/fastd_${project}.${hood}_output| grep ^#### | sed -e 's/^####//' | sed -e 's/.conf//g')
for file in $filenames
do
grep -A100 ^####$file.conf$ /tmp/fastd_${project}.${hood}_output | grep -v ^####$file.conf$ | grep -m1 ^### -B100 | grep -v ^### | sed 's/ float;/;/g' > "/etc/fastd/$project.$hood/peers/$file"
echo 'float yes;' >> "/etc/fastd/$project.$hood/peers/$file"
done
#find old peers
OLD=$(find /etc/fastd/$project.$hood/peers/ -exec test -f '{}' -a /tmp/fastd_${project}.${hood}_starting -nt '{}' \; -print)
if [ -n "${OLD}" ] ; then
echo "Lösche alte:"
echo $OLD
find /etc/fastd/$project.$hood/peers/ -exec test -f '{}' -a /tmp/fastd_${project}.${hood}_starting -nt '{}' \; -print | xargs /bin/rm /tmp/fastd_${project}.${hood}_starting
fi
#reload
kill -HUP "$(cat /var/run/fastd.$project.$hood.pid)"
exit 0