projects / feed / packages.git / blob
? search:


929a0772ad5ce588b43ebd19ef1a74fa8508e6a8
[feed/packages.git] / net / openfortivpn / files / openfortivpn.sh
1 #!/bin/sh
2 . /lib/functions.sh
3 . /lib/functions/network.sh
4 . ../netifd-proto.sh
5 init_proto "$@"
6 IPv4_REGEX="((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"
7
8 append_args() {
9 while [ $# -gt 0 ]; do
10 append cmdline "'${1//\'/\'\\\'\'}'"
11 shift
12 done
13 }
14
15 proto_openfortivpn_init_config() {
16 proto_config_add_string "peeraddr"
17 proto_config_add_int "port"
18 proto_config_add_string "tunlink"
19 proto_config_add_string "local_ip"
20 proto_config_add_string "username"
21 proto_config_add_string "password"
22 proto_config_add_string "trusted_cert"
23 proto_config_add_string "remote_status_check"
24 no_device=1
25 available=1
26 }
27
28 proto_openfortivpn_setup() {
29 local config="$1"
30
31 local msg ifname ip server_ips pwfile callfile
32
33 local peeraddr port tunlink local_ip username password trusted_cert \
34 remote_status_check
35 json_get_vars host peeraddr port tunlink local_ip username password trusted_cert \
36 remote_status_check
37
38 ifname="vpn-$config"
39
40
41 [ -n "$tunlink" ] && {
42 network_get_device iface_device_name "$tunlink"
43 network_is_up "$tunlink" || {
44 msg="$tunlink is not up $iface_device_name"
45 logger -t "openfortivpn" "$config: $msg"
46 proto_notify_error "$config" "$msg"
47 proto_block_restart "$config"
48 exit 1
49 }
50 }
51
52 if echo "$peeraddr" | grep -q -E "$IPv4_REGEX"; then
53 server_ips="$peeraddr"
54 elif command -v resolveip >/dev/null ; then
55 server_ips="$(resolveip -4 -t 10 "$peeraddr")" || {
56 msg="$config: failed to resolve server ip for $peeraddr"
57 logger -t "openfortivpn" "$msg"
58 sleep 10
59 proto_notify_error "$config" "$msg"
60 proto_setup_failed "$config"
61 exit 1
62 }
63 else
64 logger -t "openfortivpn" "resolveip not present, could not resolve $peeraddr"
65 fi
66
67
68 [ "$remote_status_check" = "curl" ] && {
69 curl -k --head -s --connect-timeout 10 ${tunlink:+--interface} "$iface_device_name" "https://$peeraddr" > /dev/null || {
70 msg="failed to reach https://$peeraddr${tunlink:+ on $iface_device_name}"
71 logger -t "openfortivpn" "$config: $msg"
72 sleep 10
73 proto_notify_error "$config" "$msg"
74 proto_setup_failed "$config"
75 exit 1
76 }
77 }
78 [ "$remote_status_check" = "ping" ] && {
79 ping ${tunlink:+-I} "$iface_device_name" -c 1 -w 10 "$peeraddr" > /dev/null 2>&1 || {
80 msg="$config: failed to ping $peeraddr on $iface_device_name"
81 logger -t "openfortvpn" "$config: $msg"
82 sleep 10
83 proto_notify_error "$config" "$msg"
84 proto_setup_failed "$config"
85 exit 1
86 }
87 }
88
89 if [ -n "$server_ips" ]; then
90 for ip in $server_ips; do
91 logger -p 6 -t "openfortivpn" "$config: adding host dependency for $ip on $tunlink at $config"
92 proto_add_host_dependency "$config" "$ip" "$tunlink"
93 done
94 fi
95
96 # uclient-fetch cannot bind to interface, so perform check after adding host dependency
97 [ "$remote_status_check" = "fetch" ] && {
98 uclient-fetch --no-check-certificate -q -s --timeout=10 "https://$peeraddr" > /dev/null 2>&1 || {
99 msg="$config: failed to reach ${server_ip:-$peeraddr} on $iface_device_name"
100 logger -t "openfortvpn" "$config: $msg"
101 sleep 10
102 proto_notify_error "$config" "$msg"
103 proto_setup_failed "$config"
104 exit 1
105 }
106 }
107
108
109 [ -n "$port" ] && port=":$port"
110 append_args "$peeraddr$port" --pppd-ifname="$ifname" --use-syslog -c /dev/null
111 append_args "--set-dns=0"
112 append_args "--no-routes"
113 append_args "--pppd-use-peerdns=1"
114
115 [ -n "$tunlink" ] && {
116 append_args "--ifname=$iface_device_name"
117 }
118
119 [ -n "$trusted_cert" ] && append_args "--trusted-cert=$trusted_cert"
120 [ -n "$username" ] && append_args -u "$username"
121 [ -n "$password" ] && {
122 umask 077
123 mkdir -p '/var/etc/openfortivpn'
124 pwfile="/var/etc/openfortivpn/$config.passwd"
125 echo "$password" > "$pwfile"
126 }
127
128 [ -n "$local_ip" ] || local_ip=192.0.2.1
129 [ -e '/etc/ppp/peers' ] || mkdir -p '/etc/ppp/peers'
130 [ -e '/etc/ppp/peers/openfortivpn' ] || {
131 ln -s -T '/var/etc/openfortivpn/peers' '/etc/ppp/peers/openfortivpn' 2> /dev/null
132 mkdir -p '/var/etc/openfortivpn/peers'
133 }
134
135 [ -f /etc/openfortivpn/user-cert-$config.pem ] && append_args "--user-cert=/etc/openfortivpn/user-cert-$config.pem"
136 [ -f /etc/openfortivpn/user-key-$config.pem ] && append_args "--user-key=/etc/openfortivpn/user-key-$config.pem"
137 [ -f /etc/openfortivpn/ca-$config.pem ] && append_args "--ca-file=/etc/openfortivpn/ca-$config.pem"
138
139 callfile="/var/etc/openfortivpn/peers/$config"
140 echo "115200
141 :$local_ip
142 noipdefault
143 noaccomp
144 noauth
145 default-asyncmap
146 nopcomp
147 receive-all
148 nodetach
149 ipparam $config
150 lcp-max-configure 40
151 ip-up-script /lib/netifd/openfortivpn-ppp-up
152 ip-down-script /lib/netifd/ppp-down
153 mru 1354" > "$callfile"
154 append_args "--pppd-call=openfortivpn/$config"
155
156 logger -p 6 -t openfortivpn "$config: executing 'openfortivpn $cmdline'"
157 eval "proto_run_command '$config' /usr/sbin/openfortivpn-wrapper '$pwfile' '$config' $cmdline"
158
159 }
160
161 proto_openfortivpn_teardown() {
162 local config="$1"
163
164 pwfile="/var/etc/openfortivpn/$config.passwd"
165 callfile="/var/etc/openfortivpn/peers/$config"
166
167 rm -f "$pwfile"
168 rm -f "$callfile"
169 proto_kill_command "$config" 2
170 }
171
172 add_protocol openfortivpn
Mirror of packages feed