|
|
@ -1,5 +1,6 @@ |
|
|
|
#!/bin/sh |
|
|
|
. /lib/functions.sh |
|
|
|
. /lib/functions/network.sh |
|
|
|
. ../netifd-proto.sh |
|
|
|
init_proto "$@" |
|
|
|
|
|
|
@ -18,38 +19,36 @@ proto_openfortivpn_init_config() { |
|
|
|
proto_config_add_string "username" |
|
|
|
proto_config_add_string "password" |
|
|
|
proto_config_add_string "trusted_cert" |
|
|
|
proto_config_add_string "remote_status_check" |
|
|
|
proto_config_add_int "peerdns" |
|
|
|
proto_config_add_int "metric" |
|
|
|
proto_config_add_string "remote_status_check" |
|
|
|
no_device=1 |
|
|
|
available=1 |
|
|
|
} |
|
|
|
|
|
|
|
proto_openfortivpn_setup() { |
|
|
|
local config="$1" |
|
|
|
local msg |
|
|
|
local config="$1" |
|
|
|
|
|
|
|
local msg ifname ip server_ip pwfile callfile |
|
|
|
|
|
|
|
local host server port iface_name local_ip username password trusted_cert \ |
|
|
|
remote_status_check |
|
|
|
json_get_vars host server port iface_name local_ip username password trusted_cert \ |
|
|
|
remote_status_check peerdns metric |
|
|
|
remote_status_check |
|
|
|
|
|
|
|
ifname="vpn-$config" |
|
|
|
|
|
|
|
|
|
|
|
[ -n "$iface_name" ] && { |
|
|
|
json_load "$(ifstatus $iface_name)" |
|
|
|
json_get_var iface_device_name l3_device |
|
|
|
json_get_var iface_device_up up |
|
|
|
} |
|
|
|
|
|
|
|
[ "$iface_device_up" -eq 1 ] || { |
|
|
|
msg="$iface_name is not up $iface_device_up" |
|
|
|
logger -t "openfortivpn" "$config: $msg" |
|
|
|
proto_notify_error "$config" "$msg" |
|
|
|
proto_block_restart "$config" |
|
|
|
exit 1 |
|
|
|
} |
|
|
|
network_get_device iface_device_name "$iface_name" |
|
|
|
network_is_up "$iface_name" || { |
|
|
|
msg="$iface_name is not up $iface_device_up" |
|
|
|
logger -t "openfortivpn" "$config: $msg" |
|
|
|
proto_notify_error "$config" "$msg" |
|
|
|
proto_block_restart "$config" |
|
|
|
exit 1 |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
server_ip=$(resolveip -t 10 "$server") |
|
|
|
server_ip=$(resolveip -4 -t 10 "$server") |
|
|
|
|
|
|
|
[ $? -eq 0 ] || { |
|
|
|
msg="$config: failed to resolve server ip for $server" |
|
|
@ -81,7 +80,7 @@ proto_openfortivpn_setup() { |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
for ip in $(resolveip -t 10 "$server"); do |
|
|
|
for ip in $(resolveip -4 -t 10 "$server"); do |
|
|
|
logger -p 6 -t "openfortivpn" "$config: adding host dependency for $ip on $iface_name at $config" |
|
|
|
proto_add_host_dependency "$config" "$ip" "$iface_name" |
|
|
|
done |
|
|
@ -89,12 +88,10 @@ proto_openfortivpn_setup() { |
|
|
|
|
|
|
|
|
|
|
|
[ -n "$port" ] && port=":$port" |
|
|
|
[ -z "$peerdns" ] && peerdns=1 |
|
|
|
|
|
|
|
append_args "$server$port" --pppd-ifname="$ifname" --use-syslog -c /dev/null |
|
|
|
append_args "--set-dns=0" |
|
|
|
append_args "--no-routes" |
|
|
|
append_args "--pppd-use-peerdns=$peerdns" |
|
|
|
append_args "--pppd-use-peerdns=1" |
|
|
|
|
|
|
|
[ -n "$iface_name" ] && { |
|
|
|
append_args "--ifname=$iface_device_name" |
|
|
@ -104,15 +101,15 @@ proto_openfortivpn_setup() { |
|
|
|
[ -n "$username" ] && append_args -u "$username" |
|
|
|
[ -n "$password" ] && { |
|
|
|
umask 077 |
|
|
|
mkdir -p /var/etc |
|
|
|
mkdir -p '/var/etc/openfortivpn' |
|
|
|
pwfile="/var/etc/openfortivpn/$config.passwd" |
|
|
|
echo "$password" > "$pwfile" |
|
|
|
} |
|
|
|
|
|
|
|
[ -n "$local_ip" ] || local_ip=192.0.2.1 |
|
|
|
[ -n "$local_ip" ] || local_ip=$server_ip |
|
|
|
[ -e '/etc/ppp/peers' ] || mkdir -p '/etc/ppp/peers' |
|
|
|
[ -e '/etc/ppp/peers/openfortivpn' ] || { |
|
|
|
ln -s -T '/var/etc/openfortivpn/peers' '/etc/ppp/peers/openfortivpn' |
|
|
|
ln -s -T '/var/etc/openfortivpn/peers' '/etc/ppp/peers/openfortivpn' 2> /dev/null |
|
|
|
mkdir -p '/var/etc/openfortivpn/peers' |
|
|
|
} |
|
|
|
|
|
|
@ -125,7 +122,6 @@ noauth |
|
|
|
default-asyncmap |
|
|
|
nopcomp |
|
|
|
receive-all |
|
|
|
defaultroute |
|
|
|
nodetach |
|
|
|
ipparam $config |
|
|
|
lcp-max-configure 40 |
|
|
@ -134,10 +130,8 @@ ip-down-script /lib/netifd/ppp-down |
|
|
|
mru 1354" > $callfile |
|
|
|
append_args "--pppd-call=openfortivpn/$config" |
|
|
|
|
|
|
|
proto_export INTERFACE="$ifname" |
|
|
|
logger -p 6 -t openfortivpn "$config: executing 'openfortivpn $cmdline'" |
|
|
|
|
|
|
|
eval "proto_run_command '$config' /usr/sbin/openfortivpn-wrapper '$pwfile' $cmdline" |
|
|
|
eval "proto_run_command '$config' /usr/sbin/openfortivpn-wrapper '$pwfile' '$config' $cmdline" |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|