You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

98 lines
3.6 KiB

  1. #!/bin/sh
  2. . /lib/functions.sh
  3. . ../netifd-proto.sh
  4. init_proto "$@"
  5. proto_vpnc_init_config() {
  6. proto_config_add_string "server"
  7. proto_config_add_string "username"
  8. proto_config_add_string "hexpasswd"
  9. proto_config_add_string "authgroup"
  10. proto_config_add_string "password"
  11. proto_config_add_string "token_mode"
  12. proto_config_add_string "token_secret"
  13. proto_config_add_string "interface"
  14. proto_config_add_string "passgroup"
  15. proto_config_add_string "hexpassgroup"
  16. proto_config_add_string "domain"
  17. proto_config_add_string "vendor"
  18. proto_config_add_string "natt_mode"
  19. proto_config_add_string "dh_group"
  20. proto_config_add_string "pfs"
  21. proto_config_add_boolean "enable_single_des"
  22. proto_config_add_boolean "enable_no_enc"
  23. proto_config_add_int "mtu"
  24. proto_config_add_string "local_addr"
  25. proto_config_add_int "local_port"
  26. proto_config_add_int "udp_port"
  27. proto_config_add_int "dpd_idle"
  28. proto_config_add_string "auth_mode"
  29. proto_config_add_string "target_network"
  30. no_device=1
  31. available=1
  32. }
  33. proto_vpnc_setup() {
  34. local config="$1"
  35. json_get_vars server username hexpasswd authgroup password token_mode token_secret interface passgroup hexpassgroup domain vendor natt_mode dh_group pfs enable_single_des enable_no_enc mtu local_addr local_port udp_port dpd_idle auth_mode target_network
  36. grep -q tun /proc/modules || insmod tun
  37. logger -t vpnc "initializing..."
  38. serv_addr=
  39. for ip in $(resolveip -t 10 "$server"); do
  40. ( proto_add_host_dependency "$config" "$ip" $interface )
  41. serv_addr=1
  42. done
  43. [ -n "$serv_addr" ] || {
  44. logger -t vpnc "Could not resolve server address: '$server'"
  45. sleep 60
  46. proto_setup_failed "$config"
  47. exit 1
  48. }
  49. mkdir -p /var/etc
  50. umask 077
  51. pwfile="/var/etc/vpnc-$config.conf"
  52. echo "IPSec gateway $server" > "$pwfile"
  53. cmdline="--no-detach --pid-file /var/run/vpnc-$config.pid --ifname vpn-$config --non-inter --script /lib/netifd/vpnc-script $pwfile"
  54. [ -f /etc/vpnc/ca-vpn-$config.pem ] && echo "CA-File /etc/vpnc/ca-vpn-$config.pem" >> "$pwfile"
  55. [ -n "$hexpasswd" ] && echo "Xauth obfuscated password $hexpasswd" >> "$pwfile"
  56. [ -n "$authgroup" ] && echo "IPSec ID $authgroup" >> "$pwfile"
  57. [ -n "$username" ] && echo "Xauth username $username" >> "$pwfile"
  58. [ -n "$password" ] && echo "Xauth password $password" >> "$pwfile"
  59. [ -n "$passgroup" ] && echo "IPSec secret $passgroup" >> "$pwfile"
  60. [ -n "$hexpassgroup" ] && echo "IPSec obfuscated secret $hexpassgroup" >> "$pwfile"
  61. [ -n "$domain" ] && echo "Domain $domain" >> "$pwfile"
  62. [ -n "$vendor" ] && echo "Vendor $vendor" >> "$pwfile"
  63. [ -n "$natt_mode" ] && echo "NAT Traversal Mode $natt_mode" >> "$pwfile"
  64. [ -n "$dh_group" ] && echo "IKE DH Group $dh_group" >> "$pwfile"
  65. [ -n "$pfs" ] && echo "Perfect Forward Secrecy $pfs" >> "$pwfile"
  66. [ "${enable_single_des:-0}" -gt 0 ] && echo "Enable Single DES" >> "$pwfile"
  67. [ "${enable_no_enc:-0}" -gt 0 ] && echo "Enable no encryption" >> "$pwfile"
  68. [ -n "$mtu" ] && echo "Interface MTU $mtu" >> "$pwfile"
  69. [ -n "$local_addr" ] && echo "Local Addr $local_addr" >> "$pwfile"
  70. [ -n "$local_port" ] && echo "Local Port $local_port" >> "$pwfile"
  71. [ -n "$udp_port" ] && echo "Cisco UDP Encapsulation Port $udp_port" >> "$pwfile"
  72. [ -n "$dpd_idle" ] && echo "DPD idle timeout (our side) $dpd_idle" >> "$pwfile"
  73. [ -n "$auth_mode" ] && echo "IKE Authmode $auth_mode" >> "$pwfile"
  74. [ -n "$target_network" ] && echo "IPSEC target network $target_network" >> "$pwfile"
  75. proto_export INTERFACE="$config"
  76. logger -t vpnc "executing 'vpnc $cmdline'"
  77. proto_run_command "$config" /usr/sbin/vpnc $cmdline
  78. }
  79. proto_vpnc_teardown() {
  80. local config="$1"
  81. pwfile="/var/etc/vpnc-$config.conf"
  82. rm -f $pwfile
  83. logger -t vpnc "bringing down vpnc"
  84. proto_kill_command "$config" 2
  85. }
  86. add_protocol vpnc