From 2fd8dfad4ca83f9754a75c0941d6ce35e5f2f536 Mon Sep 17 00:00:00 2001 From: Yousong Zhou Date: Tue, 27 Oct 2015 20:53:18 +0800 Subject: [PATCH] pppossh: new package for network proto "pppossh" Signed-off-by: Yousong Zhou --- net/pppossh/Makefile | 38 +++++++++++++++++++ net/pppossh/README.md | 68 ++++++++++++++++++++++++++++++++++ net/pppossh/files/pppossh.sh | 72 ++++++++++++++++++++++++++++++++++++ 3 files changed, 178 insertions(+) create mode 100644 net/pppossh/Makefile create mode 100644 net/pppossh/README.md create mode 100644 net/pppossh/files/pppossh.sh diff --git a/net/pppossh/Makefile b/net/pppossh/Makefile new file mode 100644 index 000000000..5dc74e230 --- /dev/null +++ b/net/pppossh/Makefile @@ -0,0 +1,38 @@ +# +# Copyright (C) 2015 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=pppossh +PKG_RELEASE:=1 +PKG_MAINTAINER:=Yousong Zhou +PKG_LICENSE:=GPLv2 + +include $(INCLUDE_DIR)/package.mk + +define Package/pppossh + SECTION:=net + CATEGORY:=Network + TITLE:=PPPoSSH (Point-to-Point Protocol over SSH) + URL:=https://github.com/yousong/waller + DEPENDS:=+ppp +resolveip @(PACKAGE_dropbear||PACKAGE_openssh-client) +endef + +define Package/pppossh/description +This package adds protocol support for PPP over SSH. The protocol name is +'pppossh' as in netifd interface config option 'proto'. +endef + +define Build/Compile +endef + +define Package/pppossh/install + $(INSTALL_DIR) $(1)/lib/netifd/proto + $(INSTALL_BIN) ./files/pppossh.sh $(1)/lib/netifd/proto +endef + +$(eval $(call BuildPackage,pppossh)) diff --git a/net/pppossh/README.md b/net/pppossh/README.md new file mode 100644 index 000000000..2f44f77ea --- /dev/null +++ b/net/pppossh/README.md @@ -0,0 +1,68 @@ +This package will add the so-called `pppossh` protocol support to OpenWrt. The idea is mainly from [`pvpn` project](https://github.com/halhen/pvpn) (poor man's VPN over SSH). + +PPPoSSH is generally not considered a network setup for production use mainly due to the TCP-over-TCP styles of traffic transport, but it can be quite handy for personal use. And with what's already in OpenWrt, it is really easy and takes little extra space to configure it up running. + +## Prerequisites and dependency. + +`pppossh` depends on either `dropbear` or `openssh-client`; `dropbear` is normally enabled in OpenWrt by default. + +The following requirements need to be fulfilled for it to work. + +- A SSH account on the remote machine with `CAP_NET_ADMIN` capability is required. +- Public key authentication must be enabled and setup properly. + + Public key of the one generated automatially by dropbear can be induced by the following command. But you can always use your own (dropbear can work with OpenSSH public key). + + dropbearkey -y -f /etc/dropbear/dropbear_rsa_host_key + +- SSH server's fingerprint has to be present in `~/.ssh/known_hosts` for the authentication to proceed in an unattended way. + + Manually logging in at least once to the remote server from OpenWrt should do this for you. + +## How to use it. + +The protocol name to use in `/etc/config/network` is `pppossh`. Options are as described below. + +- `server`, SSH server name +- `port`, SSH server port (defaults to `22`). +- `sshuser`, SSH login username +- `identity`, list of client private key files. `~/.ssh/id_{rsa,dsa}` will + be used if no identity file was specified and at least one of them must be + valid for the public key authentication to proceed. +- `ipaddr`, local ip address to be assigned. +- `peeraddr`, peer ip address to be assigned. +- `ssh_options`, extra options for the ssh client. +- `use_hostdep`, set it to `0` to disable the use of `proto_add_host_dependency`. This is mainly for the case that the appropriate route to `server` is not registered to `netifd` and thus causing a incorrect route being setup. + +## Tips + +An `uci batch` command template for your reference. Modify it to suite your situation. + + uci batch <&2 + exit 1 +} + +. /lib/functions.sh +. ../netifd-proto.sh +init_proto "$@" + +INCLUDE_ONLY=1 + +. ./ppp.sh + +proto_pppossh_init_config() { + ppp_generic_init_config + config_add_string server sshuser ipaddr peeraddr ssh_options + config_add_array 'identity:list(string)' + config_add_int port use_hostdep + available=1 + no_device=1 +} + +proto_pppossh_setup() { + local config="$1" + local iface="$2" + local user="$(id -nu)" + local home=$(sh -c "echo ~$user") + local server port sshuser ipaddr peeraddr ssh_options identity use_hostdep + local ip fn errmsg opts pty + + json_get_vars port sshuser ipaddr peeraddr ssh_options use_hostdep + json_get_var server server && { + [ -z "$use_hostdep" ] && use_hostdep=1 + for ip in $(resolveip -t 5 "$server"); do + if [ "$use_hostdep" -gt 0 ]; then + ( proto_add_host_dependency "$config" "$ip" ) + else + break + fi + done + } + [ -n "$ip" ] || errmsg="${errmsg}Could not resolve $server\n" + [ -n "$sshuser" ] || errmsg="${errmsg}Missing sshuser option\n" + + json_get_values identity identity + [ -z "$identity" ] && identity="'$home/.ssh/id_rsa' '$home/.ssh/id_dsa'" + for fn in $identity; do + [ -f "$fn" ] && opts="$opts -i $fn" + done + [ -n "$opts" ] || errmsg="${errmsg}Cannot find valid identity file\n" + + [ -n "$errmsg" ] && { + echo -ne "$errmsg" >&2 + proto_setup_failed "$config" + exit 1 + } + opts="$opts ${port:+-p $port}" + opts="$opts ${ssh_options}" + opts="$opts $sshuser@$server" + pty="env 'HOME=$home' "$SSH" $opts pppd nodetach notty noauth" + + ppp_generic_setup "$config" noauth pty "$pty" "$ipaddr:$peeraddr" +} + +proto_pppossh_teardown() { + ppp_generic_teardown "$@" +} + +add_protocol pppossh