IPv4_REGEX="((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"
append_args() {
- while [ $# -gt 0 ]; do
- append cmdline "'${1//\'/\'\\\'\'}'"
- shift
- done
+ while [ $# -gt 0 ]; do
+ append cmdline "'${1//\'/\'\\\'\'}'"
+ shift
+ done
}
proto_openfortivpn_init_config() {
- proto_config_add_string "peeraddr"
- proto_config_add_int "port"
- proto_config_add_string "tunlink"
- proto_config_add_string "local_ip"
- proto_config_add_string "username"
- proto_config_add_string "password"
- proto_config_add_string "trusted_cert"
- proto_config_add_string "remote_status_check"
- no_device=1
- available=1
+ proto_config_add_string "peeraddr"
+ proto_config_add_int "port"
+ proto_config_add_string "tunlink"
+ proto_config_add_string "local_ip"
+ proto_config_add_string "username"
+ proto_config_add_string "password"
+ proto_config_add_string "trusted_cert"
+ proto_config_add_string "remote_status_check"
+ no_device=1
+ available=1
}
proto_openfortivpn_setup() {
local msg ifname ip server_ips pwfile callfile
local host peeraddr port tunlink local_ip username password trusted_cert \
- remote_status_check
- json_get_vars host peeraddr port tunlink local_ip username password trusted_cert \
- remote_status_check
-
- ifname="vpn-$config"
-
-
- [ -n "$tunlink" ] && {
- network_get_device iface_device_name "$tunlink"
- network_is_up "$tunlink" || {
- msg="$tunlink is not up $iface_device_up"
- logger -t "openfortivpn" "$config: $msg"
- proto_notify_error "$config" "$msg"
- proto_block_restart "$config"
- exit 1
- }
+ remote_status_check
+ json_get_vars host peeraddr port tunlink local_ip username password trusted_cert \
+ remote_status_check
+
+ ifname="vpn-$config"
+
+
+ [ -n "$tunlink" ] && {
+ network_get_device iface_device_name "$tunlink"
+ network_is_up "$tunlink" || {
+ msg="$tunlink is not up $iface_device_up"
+ logger -t "openfortivpn" "$config: $msg"
+ proto_notify_error "$config" "$msg"
+ proto_block_restart "$config"
+ exit 1
+ }
}
- if echo "$peeraddr" | grep -q -E "$IPv4_REGEX"; then
- server_ips="$peeraddr"
- elif command -v resolveip >/dev/null ; then
- server_ips="$(resolveip -4 -t 10 "$peeraddr")"
- [ $? -eq 0 ] || {
- msg="$config: failed to resolve server ip for $peeraddr"
- logger -t "openfortivpn" "$msg"
- sleep 10
- proto_notify_error "$config" "$msg"
- proto_setup_failed "$config"
- exit 1
- }
- else
- logger -t "openfortivpn" "resolveip not present, could not resolve $peeraddr"
- fi
+ if echo "$peeraddr" | grep -q -E "$IPv4_REGEX"; then
+ server_ips="$peeraddr"
+ elif command -v resolveip >/dev/null ; then
+ server_ips="$(resolveip -4 -t 10 "$peeraddr")"
+ [ $? -eq 0 ] || {
+ msg="$config: failed to resolve server ip for $peeraddr"
+ logger -t "openfortivpn" "$msg"
+ sleep 10
+ proto_notify_error "$config" "$msg"
+ proto_setup_failed "$config"
+ exit 1
+ }
+ else
+ logger -t "openfortivpn" "resolveip not present, could not resolve $peeraddr"
+ fi
[ "$remote_status_check" = "curl" ] && {
- curl -k --head -s --connect-timeout 10 ${tunlink:+--interface} $iface_device_name https://$peeraddr > /dev/null || {
- msg="failed to reach https://$peeraddr${tunlink:+ on $iface_device_name}"
- logger -t "openfortivpn" "$config: $msg"
- sleep 10
- proto_notify_error "$config" "$msg"
- proto_setup_failed "$config"
- exit 1
- }
+ curl -k --head -s --connect-timeout 10 ${tunlink:+--interface} $iface_device_name https://$peeraddr > /dev/null || {
+ msg="failed to reach https://$peeraddr${tunlink:+ on $iface_device_name}"
+ logger -t "openfortivpn" "$config: $msg"
+ sleep 10
+ proto_notify_error "$config" "$msg"
+ proto_setup_failed "$config"
+ exit 1
+ }
}
[ "$remote_status_check" = "ping" ] && {
- ping ${tunlink:+-I} $iface_device_name -c 1 -w 10 $peeraddr > /dev/null 2>&1 || {
- msg="$config: failed to ping $peeraddr on $iface_device_name"
- logger -t "openfortvpn" "$config: $msg"
- sleep 10
- proto_notify_error "$config" "$msg"
- proto_setup_failed "$config"
- exit 1
- }
+ ping ${tunlink:+-I} $iface_device_name -c 1 -w 10 $peeraddr > /dev/null 2>&1 || {
+ msg="$config: failed to ping $peeraddr on $iface_device_name"
+ logger -t "openfortvpn" "$config: $msg"
+ sleep 10
+ proto_notify_error "$config" "$msg"
+ proto_setup_failed "$config"
+ exit 1
+ }
}
- if [ -n "$server_ips" ]; then
- for ip in $server_ips; do
- logger -p 6 -t "openfortivpn" "$config: adding host dependency for $ip on $tunlink at $config"
- proto_add_host_dependency "$config" "$ip" "$tunlink"
- done
- fi
-
- # uclient-fetch cannot bind to interface, so perform check after adding host dependency
- [ "$remote_status_check" = "fetch" ] && {
- uclient-fetch --no-check-certificate -q -s --timeout=10 https://$peeraddr > /dev/null 2>&1 || {
- msg="$config: failed to reach ${server_ip:-$peeraddr} on $iface_device_name"
- logger -t "openfortvpn" "$config: $msg"
- sleep 10
- proto_notify_error "$config" "$msg"
- proto_setup_failed "$config"
- exit 1
- }
+ if [ -n "$server_ips" ]; then
+ for ip in $server_ips; do
+ logger -p 6 -t "openfortivpn" "$config: adding host dependency for $ip on $tunlink at $config"
+ proto_add_host_dependency "$config" "$ip" "$tunlink"
+ done
+ fi
+
+ # uclient-fetch cannot bind to interface, so perform check after adding host dependency
+ [ "$remote_status_check" = "fetch" ] && {
+ uclient-fetch --no-check-certificate -q -s --timeout=10 https://$peeraddr > /dev/null 2>&1 || {
+ msg="$config: failed to reach ${server_ip:-$peeraddr} on $iface_device_name"
+ logger -t "openfortvpn" "$config: $msg"
+ sleep 10
+ proto_notify_error "$config" "$msg"
+ proto_setup_failed "$config"
+ exit 1
+ }
}
- [ -n "$port" ] && port=":$port"
- append_args "$peeraddr$port" --pppd-ifname="$ifname" --use-syslog -c /dev/null
- append_args "--set-dns=0"
- append_args "--no-routes"
- append_args "--pppd-use-peerdns=1"
-
- [ -n "$tunlink" ] && {
- append_args "--ifname=$iface_device_name"
- }
-
- [ -n "$trusted_cert" ] && append_args "--trusted-cert=$trusted_cert"
- [ -n "$username" ] && append_args -u "$username"
- [ -n "$password" ] && {
- umask 077
- mkdir -p '/var/etc/openfortivpn'
- pwfile="/var/etc/openfortivpn/$config.passwd"
- echo "$password" > "$pwfile"
- }
-
- [ -n "$local_ip" ] || local_ip=192.0.2.1
- [ -e '/etc/ppp/peers' ] || mkdir -p '/etc/ppp/peers'
- [ -e '/etc/ppp/peers/openfortivpn' ] || {
- ln -s -T '/var/etc/openfortivpn/peers' '/etc/ppp/peers/openfortivpn' 2> /dev/null
- mkdir -p '/var/etc/openfortivpn/peers'
- }
-
- callfile="/var/etc/openfortivpn/peers/$config"
- echo "115200
+ [ -n "$port" ] && port=":$port"
+ append_args "$peeraddr$port" --pppd-ifname="$ifname" --use-syslog -c /dev/null
+ append_args "--set-dns=0"
+ append_args "--no-routes"
+ append_args "--pppd-use-peerdns=1"
+
+ [ -n "$tunlink" ] && {
+ append_args "--ifname=$iface_device_name"
+ }
+
+ [ -n "$trusted_cert" ] && append_args "--trusted-cert=$trusted_cert"
+ [ -n "$username" ] && append_args -u "$username"
+ [ -n "$password" ] && {
+ umask 077
+ mkdir -p '/var/etc/openfortivpn'
+ pwfile="/var/etc/openfortivpn/$config.passwd"
+ echo "$password" > "$pwfile"
+ }
+
+ [ -n "$local_ip" ] || local_ip=192.0.2.1
+ [ -e '/etc/ppp/peers' ] || mkdir -p '/etc/ppp/peers'
+ [ -e '/etc/ppp/peers/openfortivpn' ] || {
+ ln -s -T '/var/etc/openfortivpn/peers' '/etc/ppp/peers/openfortivpn' 2> /dev/null
+ mkdir -p '/var/etc/openfortivpn/peers'
+ }
+
+ callfile="/var/etc/openfortivpn/peers/$config"
+ echo "115200
:$local_ip
noipdefault
noaccomp
ip-up-script /lib/netifd/openfortivpn-ppp-up
ip-down-script /lib/netifd/ppp-down
mru 1354" > $callfile
- append_args "--pppd-call=openfortivpn/$config"
+ append_args "--pppd-call=openfortivpn/$config"
- logger -p 6 -t openfortivpn "$config: executing 'openfortivpn $cmdline'"
- eval "proto_run_command '$config' /usr/sbin/openfortivpn-wrapper '$pwfile' '$config' $cmdline"
+ logger -p 6 -t openfortivpn "$config: executing 'openfortivpn $cmdline'"
+ eval "proto_run_command '$config' /usr/sbin/openfortivpn-wrapper '$pwfile' '$config' $cmdline"
}
proto_openfortivpn_teardown() {
- local config="$1"
+ local config="$1"
- pwfile="/var/etc/openfortivpn/$config.passwd"
- callfile="/var/etc/openfortivpn/peers/$config"
+ pwfile="/var/etc/openfortivpn/$config.passwd"
+ callfile="/var/etc/openfortivpn/peers/$config"
- rm -f $pwfile
- rm -f $callfile
- proto_kill_command "$config" 2
+ rm -f $pwfile
+ rm -f $callfile
+ proto_kill_command "$config" 2
}
add_protocol openfortivpn
git.99rst.org / openwrt-packages.git / commitdiff