Add new interface config option "inital_state".
If interface comeing up the first time(mwan3 start, boot),
there are now two option for interface behaviour:
- online (default as is now)
Set up interface regardless wether tracking ip are reachable or not.
- offline
Set up interface first to ping tracking ip and if they are reachable set up
the interface completely.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Even though error was fixed the interface checks still fails, if last_resort
was set to blackhole or unreachable.
To fix this issue do not remove failure interface from iptables change on
down event.
Reported-by: Colby Whitney <colby.whitney@luxul.com>
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
If two interface have the same prefix "wan" for example "wan" and "wan1"
pgrep returns the PID for wan1 also "pgrep -f mwan3track wan".
Before this fix "wan1" was also killed! This is not what we want.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Rearrange dependencies
General cleanup of Makefile
Fix compilation and linking problems
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Signed-off-by: Ted Hess <thess@kitschensync.net>
* print only 'missing plugins support warning' if user really configured
'blacklist' or 'block_ipv6' parameter.
Signed-off-by: Dirk Brenken <dev@brenken.org>
When the strongswan service is running, `ipsec status` returns 0. Check
the return value instead of checking its output.
While at it, remove the [[ ]] bashism, use rereadall instead of
(reread)secrets, and move it inside the if statement.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
In commit 36e073d820, some checks were
added to see if the UCI config file exists and if there are any peers
configured in it. Due to these checks, if /etc/config/ipsec exists, but
contains no enabled peers, strongswan will not be started. This is not
ideal, as a user might want to experiment with the UCI config while
keeping existing connections in /etc/ipsec.conf operational.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Since the strongswan-utils package now only contains the aging ipsec
utility, rename it to strongswan-ipsec.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
We currently include the SCEP client in strongswan-utils, which is a
dependency of the strongswan-default meta-package. As it's generally not
recommended to generate keys on embedded devices due to lack of entropy,
move the SCEP client to a separate package, and only depend on it in the
strongswan-full meta-package.
While at it, add scepclient.conf to the package.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
We currently include the PKI tool in strongswan-utils, which is a
dependency of the strongswan-default meta-package. As it's generally not
recommended to generate keys on embedded devices due to lack of entropy,
move the PKI tool to a separate package, and only depend on it in the
strongswan-full meta-package.
While at it, add pki.conf to the package.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* Switch back to upstream repo
* Follow the same configuration style as ffmpeg and mpg123 for using float vs
fixed point codepaths.
* Remove unneeded cpp variables (musl provides C99 math library)
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* Update nmap-suite to 7.60
* Use PKG_HASH as PKG_MD5SUM is deprecated
* Switch download URL to HTTPS
* Add zlib as dependency and link libpcre dynamically
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
* Start dnscrypt-proxy from procd interface trigger rather than
immediately in init, to fix a possible race condition during boot and
get rid of rc.local restarts. You can restrict trigger interface(s) by
'procd_trigger' in new global config section.
* tab/whitespace cosmetics
Signed-off-by: Dirk Brenken <dev@brenken.org>
linux-utils (fdisk) provides the functionality I need and I have no interest
in maintaining this package as it more or less overlaps the functionality
of the previously mentioned alternative.
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Update (lib)expat to 2.2.3
Remove poor entropy hack, 2.2.3 uses /dev/urandom in worst case
Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
Florian Eckert
Kevin Darbyshire-Bryant
Hannu Nyman
Alexandru Ardelean
Ted Hess
Philip Prindeville
Noah Meyerhans
Daniel Engberg
Dirk Brenken
Michael Heimpold
Stijn Tintel
Peter Wagner
champtar
Christian Schoenebeck