Browse Source

Merge pull request #12899 from aaronjg/openwrtize-openfortivpn

openfortivpn: use a more 'OpenWRT' paradigm throughout the code
lilik-openwrt-22.03
Rosen Penev 4 years ago
committed by GitHub
parent
commit
0c3f4fd079
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 79 additions and 46 deletions
  1. +1
    -1
      net/openfortivpn/Makefile
  2. +20
    -11
      net/openfortivpn/files/14-openforticlient
  3. +34
    -4
      net/openfortivpn/files/openfortivpn-wrapper
  4. +24
    -30
      net/openfortivpn/files/openfortivpn.sh

+ 1
- 1
net/openfortivpn/Makefile View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=openfortivpn
PKG_VERSION:=1.14.1
PKG_RELEASE:=5
PKG_RELEASE:=6
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/adrienverge/openfortivpn/tar.gz/v$(PKG_VERSION)?


+ 20
- 11
net/openfortivpn/files/14-openforticlient View File

@ -1,18 +1,27 @@
#!/bin/sh
. /lib/functions.sh
. /usr/share/libubox/jshn.sh
[ "$ACTION" != ifup ] && exit
networks=$(uci show network | sed "s/network.\([^.]*\).proto='openfortivpn'/\1/;t;d")
for i in $networks; do
iface=$(uci get "network.${i}.iface_name")
iface_success=$?
[ $? -eq 0 ] && [ $INTERFACE == "$iface" ] && {
logger -t "openfortivpnhotplug" "$ACTION on $INTERFACE to bring up $i"
json_load "$(ifstatus $i)"
handle_network()
{
config_get iface $1 iface_name
[ $INTERFACE != "$iface" ] && return
[ $(config_get $1 proto) != "openfortivpn" ] && return
config_get_bool load_on_boot $1 auto
[ -n "$load_on_boot" ] && [ "$load_on_boot" -eq 0 ] && return
status="$(ifstatus $1)" || continue
json_load "$status"
json_get_var autostart autostart
logger -t "openfortivpnhotplug" "$ACTION on $INTERFACE to bring up $1. Autostart is $autostart"
[ "$autostart" -eq 0 ] && {
logger -t "openfortivpnhotplug" "auto-start was false. bringing $i up"
ubus call network.interface up "{ \"interface\" : \"$i\" }"
logger -t "openfortivpnhotplug" "auto-start was false. bringing $1 up"
ubus call network.interface up "{ \"interface\" : \"$1\" }"
}
}
done
}
config_load network
config_foreach handle_network interface
exit 0

+ 34
- 4
net/openfortivpn/files/openfortivpn-wrapper View File

@ -4,10 +4,40 @@
# file from cmd and to daemonize
# $1 password file
# $2... are passed to openconnect
# $2 is the config name
# $3... are passed to openconnect
test -z "$1" && exit 1
pwfile=$1
shift
exec /usr/sbin/openfortivpn "$@" < $pwfile
pwfile=$1; shift
config=$1; shift
killed=0
trap_with_arg() {
func="$1" ; shift
for sig ; do
trap "$func $sig" "$sig"
done
}
func_trap() {
logger "openfortivpn-wrapper[$$]" "$config: sending signal ${1}"
killed=1
kill -${1} $child 2>/dev/null
}
trap_with_arg func_trap INT TERM KILL
start_time=$(date '+%s')
/usr/sbin/openfortivpn "$@" < $pwfile 2>/dev/null &
child=$!
wait $child || {
[ "$killed" = 1 ] && exit 0
current_time=$(date '+%s')
elapsed=$(($current_time-$start_time))
. /lib/netifd/netifd-proto.sh
proto_notify_error "$config" "Failed to connect after $elapsed seconds."
proto_block_restart "$config"
exit 1
}

+ 24
- 30
net/openfortivpn/files/openfortivpn.sh View File

@ -1,5 +1,6 @@
#!/bin/sh
. /lib/functions.sh
. /lib/functions/network.sh
. ../netifd-proto.sh
init_proto "$@"
@ -18,38 +19,36 @@ proto_openfortivpn_init_config() {
proto_config_add_string "username"
proto_config_add_string "password"
proto_config_add_string "trusted_cert"
proto_config_add_string "remote_status_check"
proto_config_add_int "peerdns"
proto_config_add_int "metric"
proto_config_add_string "remote_status_check"
no_device=1
available=1
}
proto_openfortivpn_setup() {
local config="$1"
local msg
local config="$1"
local msg ifname ip server_ip pwfile callfile
local host server port iface_name local_ip username password trusted_cert \
remote_status_check
json_get_vars host server port iface_name local_ip username password trusted_cert \
remote_status_check peerdns metric
remote_status_check
ifname="vpn-$config"
[ -n "$iface_name" ] && {
json_load "$(ifstatus $iface_name)"
json_get_var iface_device_name l3_device
json_get_var iface_device_up up
}
[ "$iface_device_up" -eq 1 ] || {
msg="$iface_name is not up $iface_device_up"
logger -t "openfortivpn" "$config: $msg"
proto_notify_error "$config" "$msg"
proto_block_restart "$config"
exit 1
}
network_get_device iface_device_name "$iface_name"
network_is_up "$iface_name" || {
msg="$iface_name is not up $iface_device_up"
logger -t "openfortivpn" "$config: $msg"
proto_notify_error "$config" "$msg"
proto_block_restart "$config"
exit 1
}
}
server_ip=$(resolveip -t 10 "$server")
server_ip=$(resolveip -4 -t 10 "$server")
[ $? -eq 0 ] || {
msg="$config: failed to resolve server ip for $server"
@ -81,7 +80,7 @@ proto_openfortivpn_setup() {
}
}
for ip in $(resolveip -t 10 "$server"); do
for ip in $(resolveip -4 -t 10 "$server"); do
logger -p 6 -t "openfortivpn" "$config: adding host dependency for $ip on $iface_name at $config"
proto_add_host_dependency "$config" "$ip" "$iface_name"
done
@ -89,12 +88,10 @@ proto_openfortivpn_setup() {
[ -n "$port" ] && port=":$port"
[ -z "$peerdns" ] && peerdns=1
append_args "$server$port" --pppd-ifname="$ifname" --use-syslog -c /dev/null
append_args "--set-dns=0"
append_args "--no-routes"
append_args "--pppd-use-peerdns=$peerdns"
append_args "--pppd-use-peerdns=1"
[ -n "$iface_name" ] && {
append_args "--ifname=$iface_device_name"
@ -104,15 +101,15 @@ proto_openfortivpn_setup() {
[ -n "$username" ] && append_args -u "$username"
[ -n "$password" ] && {
umask 077
mkdir -p /var/etc
mkdir -p '/var/etc/openfortivpn'
pwfile="/var/etc/openfortivpn/$config.passwd"
echo "$password" > "$pwfile"
}
[ -n "$local_ip" ] || local_ip=192.0.2.1
[ -n "$local_ip" ] || local_ip=$server_ip
[ -e '/etc/ppp/peers' ] || mkdir -p '/etc/ppp/peers'
[ -e '/etc/ppp/peers/openfortivpn' ] || {
ln -s -T '/var/etc/openfortivpn/peers' '/etc/ppp/peers/openfortivpn'
ln -s -T '/var/etc/openfortivpn/peers' '/etc/ppp/peers/openfortivpn' 2> /dev/null
mkdir -p '/var/etc/openfortivpn/peers'
}
@ -125,7 +122,6 @@ noauth
default-asyncmap
nopcomp
receive-all
defaultroute
nodetach
ipparam $config
lcp-max-configure 40
@ -134,10 +130,8 @@ ip-down-script /lib/netifd/ppp-down
mru 1354" > $callfile
append_args "--pppd-call=openfortivpn/$config"
proto_export INTERFACE="$ifname"
logger -p 6 -t openfortivpn "$config: executing 'openfortivpn $cmdline'"
eval "proto_run_command '$config' /usr/sbin/openfortivpn-wrapper '$pwfile' $cmdline"
eval "proto_run_command '$config' /usr/sbin/openfortivpn-wrapper '$pwfile' '$config' $cmdline"
}


Loading…
Cancel
Save