LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14860 Commits
1 Branch
46 MiB
Tree: 35c93de128
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '35c93de128'
${ noResults }
openwrt-packages-dist/net/ipsec-tools/files/functions.sh

172 lines
3.0 KiB
Raw Normal View History

ipsec-tools: racoon uci integration Signed-Off-By: Vitaly Protsko <villy@sft.ru> --- b/net/ipsec-tools/Makefile | 16 - b/net/ipsec-tools/files/functions.sh | 137 +++++++++ b/net/ipsec-tools/files/p1client-down | 41 ++ b/net/ipsec-tools/files/p1client-up | 41 ++ b/net/ipsec-tools/files/racoon | 109 +++++++ b/net/ipsec-tools/files/racoon.init | 478 +++++++++++++++++++++++++++++++++- b/net/ipsec-tools/files/vpnctl | 19 + net/ipsec-tools/files/racoon.conf | 36 -- 8 files changed, 824 insertions(+), 53 deletions(-)
10 years ago
ipsec: add ability to configure "none" SA Also added myself as co-maintainer Signed-Off-By: Vitaly Protsko <villy@sft.ru> --- Makefile | 5 +++-- files/functions.sh | 35 +++++++++++++++++++++++++++++++++++ files/racoon | 4 ++++ files/racoon.init | 12 ++++++++---- 4 files changed, 50 insertions(+), 6 deletions(-)
7 years ago
ipsec-tools: racoon uci integration Signed-Off-By: Vitaly Protsko <villy@sft.ru> --- b/net/ipsec-tools/Makefile | 16 - b/net/ipsec-tools/files/functions.sh | 137 +++++++++ b/net/ipsec-tools/files/p1client-down | 41 ++ b/net/ipsec-tools/files/p1client-up | 41 ++ b/net/ipsec-tools/files/racoon | 109 +++++++ b/net/ipsec-tools/files/racoon.init | 478 +++++++++++++++++++++++++++++++++- b/net/ipsec-tools/files/vpnctl | 19 + net/ipsec-tools/files/racoon.conf | 36 -- 8 files changed, 824 insertions(+), 53 deletions(-)
10 years ago
 
  1. #!/bin/sh

  2. #
  3. # Copyright (C) 2015 Vitaly Protsko <villy@sft.ru>
  4. 

  5. errno=0
  6. 

  7. get_fieldval() {
  8.   local __data="$3"
  9.   local __rest
  10. 

  11.   test -z "$1" && return
  12. 

  13.   while true ; do
  14.     __rest=${__data#* }
  15.     test "$__rest" = "$__data" && break
  16. 

  17.     if [ "${__data/ *}" = "$2" ]; then
  18.       eval "$1=${__rest/ *}"
  19.       break
  20.     fi
  21. 

  22.     __data="$__rest"
  23.   done
  24. }
  25. 

  26. manage_fw() {
  27.   local cmd=/usr/sbin/iptables
  28.   local mode
  29.   local item
  30. 

  31.   if [ -z "$4" ]; then
  32.     $log "Bad usage of manage_fw"
  33.     errno=3; return 3
  34.   fi
  35. 

  36.   case "$1" in
  37.     add|up|1) mode=A ;;
  38.     del|down|0) mode=D ;;
  39.     *) return 3 ;;
  40.   esac
  41. 

  42.   for item in $4 ; do
  43.     $cmd -$mode forwarding_$2_rule -s $item -j ACCEPT
  44.     $cmd -$mode output_$3_rule -d $item -j ACCEPT
  45.     $cmd -$mode forwarding_$3_rule -d $item -j ACCEPT
  46.     $cmd -t nat -$mode postrouting_$3_rule -d $item -j ACCEPT
  47.   done
  48. }
  49. 

  50. manage_sa() {
  51.   local spdcmd
  52.   local rtcmd
  53.   local gate
  54.   local litem
  55.   local ritem
  56. 

  57.   if [ -z "$4" ]; then
  58.     $log "Bad usage of manage_sa"
  59.     errno=3; return 3
  60.   fi
  61. 

  62.   case "$1" in
  63.     add|up|1) spdcmd=add; rtcmd=add ;;
  64.     del|down|0) spdcmd=delete; rtcmd=del ;;
  65.     *) errno=3; return 3 ;;
  66.   esac
  67. 

  68.   get_fieldval gate src "$(/usr/sbin/ip route get $4)"
  69.   if [ -z "$gate" ]; then
  70.     $log "Can not find outbound IP for $4"
  71.     errno=3; return 3
  72.   fi
  73. 

  74. 

  75.   for litem in $2 ; do
  76.     for ritem in $3 ; do
  77.       echo "

  78. spd$spdcmd $litem $ritem any -P out ipsec esp/tunnel/$gate-$4/require;
  79. spd$spdcmd $ritem $litem any -P in ipsec esp/tunnel/$4-$gate/require;
  80. " | /usr/sbin/setkey -c 1>&2

  81.     done
  82.   done
  83. 

  84.   test -n "$5" && gate=$5
  85. 

  86.   for ritem in $3 ; do
  87.     (sleep 3; /usr/sbin/ip route $rtcmd $ritem via $gate) &
  88.   done
  89. }
  90. 

  91. manage_nonesa() {
  92.   local spdcmd
  93.   local item
  94.   local cout cin
  95. 

  96.   if [ -z "$4" ]; then
  97.     $log "Bad usage of manage_nonesa"
  98.     errno=3; return 3
  99.   fi
  100. 

  101.   case "$1" in
  102.     add|up|1) spdcmd=add ;;
  103.     del|down|0) spdcmd=delete ;;
  104.     *) errno=3; return 3 ;;
  105.   esac
  106. 

  107.   case "$2" in
  108.     local|remote) ;;
  109.     *) errno=3; return 3 ;;
  110.   esac
  111. 

  112.   for item in $3 ; do
  113.     if [ "$2" = "local" ]; then
  114.       cout="$4 $item"
  115.       cin="$item $4"
  116.     else
  117.       cout="$item $4"
  118.       cin="$4 $item"
  119.     fi
  120.     echo "

  121. spd$spdcmd $cout any -P out none;
  122. spd$spdcmd $cin any -P in none;
  123. " | /usr/sbin/setkey -c 1>&2

  124.   done
  125. }
  126. 

  127. . /lib/functions/network.sh
  128. 

  129. get_zoneiflist() {
  130.   local item
  131.   local data
  132.   local addr
  133. 

  134.   item=0
  135.   data=$(uci get firewall.@zone[0].name)
  136.   while [ -n "$data" ]; do
  137.     test "$data" = "$1" && break
  138.     let "item=$item+1"
  139.     data=$(uci get firewall.@zone[$item].name)
  140.   done
  141. 

  142.   if [ -z "$data" ]; then
  143.     errno=1
  144.     return $errno
  145.   fi
  146.   data=$(uci get firewall.@zone[$item].network)
  147. 

  148.   echo "$data"
  149. }
  150. 

  151. get_zoneiplist() {
  152.   local item
  153.   local addr
  154.   local data
  155.   local result
  156. 

  157.   data=$(get_zoneiflist $1)
  158.   test $? -gt 0 -o $errno -gt 0 -o -z "$data" && return $errno
  159. 

  160.   for item in $data ; do
  161.     if network_is_up $item ; then
  162.       network_get_ipaddrs addr $item
  163.       test $? -eq 0 && result="$result $addr"
  164.     fi
  165.   done
  166. 

  167.   result=$(echo $result)
  168.   echo "$result"
  169. }
  170. 

  171. 

  172. # EOF /etc/racoon/functions.sh