106 lines
4.3 KiB
Bash
106 lines
4.3 KiB
Bash
|
#!/bin/sh
|
||
|
|
||
|
SERVERNAME="fff-ab-01"
|
||
|
|
||
|
hood="ab"
|
||
|
project="fff"
|
||
|
port=10004
|
||
|
|
||
|
SERVERNAME="$SERVERNAME.$hood"
|
||
|
|
||
|
hostname=$SERVERNAME
|
||
|
|
||
|
if [ ! -d /etc/fastd ]
|
||
|
then
|
||
|
mkdir /etc/fastd
|
||
|
fi
|
||
|
|
||
|
if [ ! -d /etc/fastd/$project.$hood ]
|
||
|
then
|
||
|
mkdir /etc/fastd/$project.$hood
|
||
|
mkdir /etc/fastd/$project.$hood/peers
|
||
|
|
||
|
#fastd config
|
||
|
(
|
||
|
echo "# Log warnings and errors to stderr"
|
||
|
echo "log level error;"
|
||
|
echo "# Log everything to a log file"
|
||
|
echo "log to syslog as \"${project}${hood}\" level info;"
|
||
|
echo "# Set the interface name"
|
||
|
echo "interface \"${project}${hood}VPN\";"
|
||
|
echo "# Support xsalsa20 and aes128 encryption methods, prefer xsalsa20"
|
||
|
echo "#method \"xsalsa20-poly1305\";"
|
||
|
echo "#method \"aes128-gcm\";"
|
||
|
echo "method \"null\";"
|
||
|
echo "# Bind to a fixed port, IPv4 only"
|
||
|
echo "bind any:${port};"
|
||
|
echo "# Secret key generated by \"fastd --generate-key\""
|
||
|
echo "secret \"$(fastd --generate-key | grep -i Secret | awk '{print $2}')\";"
|
||
|
echo "# Set the interface MTU for TAP mode with xsalsa20/aes128 over IPv4 with a base MTU of 1492 (PPPoE)"
|
||
|
echo "# (see MTU selection documentation)"
|
||
|
echo "mtu 1426;"
|
||
|
echo "on up \"/etc/fastd/${project}.${hood}/up.sh\";"
|
||
|
echo "on post-down \"/etc/fastd/${project}.${hood}/down.sh\";"
|
||
|
echo "# Include peers from the directory 'peers'"
|
||
|
echo "include peers from \"/etc/fastd/${project}.${hood}/peers\";"
|
||
|
echo "secure handshakes no;"
|
||
|
) >> "/etc/fastd/$project.$hood/$project.$hood.conf"
|
||
|
|
||
|
#fastd-up
|
||
|
(
|
||
|
echo "#!/bin/sh"
|
||
|
echo "/sbin/ifdown \$INTERFACE"
|
||
|
) >> /etc/fastd/$project.$hood/down.sh
|
||
|
|
||
|
chmod +x /etc/fastd/$project.$hood/down.sh
|
||
|
|
||
|
(
|
||
|
echo "#!/bin/sh"
|
||
|
echo "/sbin/ifup \$INTERFACE" >> /etc/fastd/$project.$hood/up.sh
|
||
|
) >> /etc/fastd/$project.$hood/up.sh
|
||
|
chmod +x /etc/fastd/$project.$hood/up.sh
|
||
|
fi
|
||
|
|
||
|
pubkey=$(fastd -c /etc/fastd/$project.$hood/$project.$hood.conf --show-key --machine-readable)
|
||
|
port=$(grep ^bind /etc/fastd/$project.$hood/$project.$hood.conf | cut -d: -f2 | cut -d\; -f1)
|
||
|
|
||
|
# fire up
|
||
|
if [ "$(/sbin/ifconfig -a | grep -i ethernet | grep ${project}${hood}VPN)" = "" ]
|
||
|
then
|
||
|
/bin/rm /var/run/fastd.$project.$hood.pid
|
||
|
fastd -c /etc/fastd/$project.$hood/$project.$hood.conf -d --pid-file /var/run/fastd.$project.$hood.pid
|
||
|
fi
|
||
|
|
||
|
# register
|
||
|
wget -T15 -q "http://keyserver.freifunk-franken.de/${project}/?name=$hostname&port=$port&key=$pubkey" -O /tmp/fastd_${project}.${hood}_output
|
||
|
if [ "$?" != "0" ]
|
||
|
then
|
||
|
echo "Update failed"
|
||
|
echo "Exiting, no clean up, no refresh"
|
||
|
exit
|
||
|
fi
|
||
|
|
||
|
touch /tmp/fastd_${project}.${hood}_starting
|
||
|
|
||
|
filenames=$(cat /tmp/fastd_${project}.${hood}_output| grep ^#### | sed -e 's/^####//' | sed -e 's/.conf//g')
|
||
|
for file in $filenames
|
||
|
do
|
||
|
grep -A100 ^####$file.conf$ /tmp/fastd_${project}.${hood}_output | grep -v ^####$file.conf$ | grep -m1 ^### -B100 | grep -v ^### | sed 's/ float;/;/g' > "/etc/fastd/$project.$hood/peers/$file"
|
||
|
echo 'float yes;' >> "/etc/fastd/$project.$hood/peers/$file"
|
||
|
done
|
||
|
|
||
|
#find old peers
|
||
|
OLD=$(find /etc/fastd/$project.$hood/peers/ -exec test -f '{}' -a /tmp/fastd_${project}.${hood}_starting -nt '{}' \; -print)
|
||
|
|
||
|
if [ -n "${OLD}" ] ; then
|
||
|
echo "Lösche alte:"
|
||
|
echo $OLD
|
||
|
|
||
|
find /etc/fastd/$project.$hood/peers/ -exec test -f '{}' -a /tmp/fastd_${project}.${hood}_starting -nt '{}' \; -print | xargs /bin/rm /tmp/fastd_${project}.${hood}_starting
|
||
|
fi
|
||
|
|
||
|
#reload
|
||
|
kill -HUP "$(cat /var/run/fastd.$project.$hood.pid)"
|
||
|
|
||
|
exit 0
|