3 .
/lib
/functions
/network.sh
6 IPv4_REGEX
="((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"
10 append cmdline
"'${1//\'/\'\\\'\'}'"
15 proto_openfortivpn_init_config
() {
16 proto_config_add_string
"peeraddr"
17 proto_config_add_int
"port"
18 proto_config_add_string
"tunlink"
19 proto_config_add_string
"local_ip"
20 proto_config_add_string
"username"
21 proto_config_add_string
"password"
22 proto_config_add_string
"trusted_cert"
23 proto_config_add_string
"remote_status_check"
28 proto_openfortivpn_setup
() {
31 local msg ifname ip server_ips pwfile callfile
33 local peeraddr port tunlink local_ip username password trusted_cert \
35 json_get_vars
host peeraddr port tunlink local_ip username password trusted_cert \
41 [ -n "$tunlink" ] && {
42 network_get_device iface_device_name
"$tunlink"
43 network_is_up
"$tunlink" ||
{
44 msg
="$tunlink is not up $iface_device_name"
45 logger
-t "openfortivpn" "$config: $msg"
46 proto_notify_error
"$config" "$msg"
47 proto_block_restart
"$config"
52 if echo "$peeraddr" |
grep -q -E "$IPv4_REGEX"; then
53 server_ips
="$peeraddr"
54 elif command -v resolveip
>/dev
/null
; then
55 server_ips
="$(resolveip -4 -t 10 "$peeraddr")" ||
{
56 msg
="$config: failed to resolve server ip for $peeraddr"
57 logger
-t "openfortivpn" "$msg"
59 proto_notify_error
"$config" "$msg"
60 proto_setup_failed
"$config"
64 logger
-t "openfortivpn" "resolveip not present, could not resolve $peeraddr"
68 [ "$remote_status_check" = "curl" ] && {
69 curl
-k --head -s --connect-timeout 10 ${tunlink:+--interface} "$iface_device_name" "https://$peeraddr" > /dev
/null ||
{
70 msg
="failed to reach https://$peeraddr${tunlink:+ on $iface_device_name}"
71 logger
-t "openfortivpn" "$config: $msg"
73 proto_notify_error
"$config" "$msg"
74 proto_setup_failed
"$config"
78 [ "$remote_status_check" = "ping" ] && {
79 ping ${tunlink:+-I} "$iface_device_name" -c 1 -w 10 "$peeraddr" > /dev
/null
2>&1 ||
{
80 msg
="$config: failed to ping $peeraddr on $iface_device_name"
81 logger
-t "openfortvpn" "$config: $msg"
83 proto_notify_error
"$config" "$msg"
84 proto_setup_failed
"$config"
89 if [ -n "$server_ips" ]; then
90 for ip
in $server_ips; do
91 logger
-p 6 -t "openfortivpn" "$config: adding host dependency for $ip on $tunlink at $config"
92 proto_add_host_dependency
"$config" "$ip" "$tunlink"
96 # uclient-fetch cannot bind to interface, so perform check after adding host dependency
97 [ "$remote_status_check" = "fetch" ] && {
98 uclient-fetch
--no-check-certificate -q -s --timeout=10 "https://$peeraddr" > /dev
/null
2>&1 ||
{
99 msg
="$config: failed to reach ${server_ip:-$peeraddr} on $iface_device_name"
100 logger
-t "openfortvpn" "$config: $msg"
102 proto_notify_error
"$config" "$msg"
103 proto_setup_failed
"$config"
109 [ -n "$port" ] && port
=":$port"
110 append_args
"$peeraddr$port" --pppd-ifname="$ifname" --use-syslog -c /dev
/null
111 append_args
"--set-dns=0"
112 append_args
"--no-routes"
113 append_args
"--pppd-use-peerdns=1"
115 [ -n "$tunlink" ] && {
116 append_args
"--ifname=$iface_device_name"
119 [ -n "$trusted_cert" ] && append_args
"--trusted-cert=$trusted_cert"
120 [ -n "$username" ] && append_args
-u "$username"
121 [ -n "$password" ] && {
123 mkdir
-p '/var/etc/openfortivpn'
124 pwfile
="/var/etc/openfortivpn/$config.passwd"
125 echo "$password" > "$pwfile"
128 [ -n "$local_ip" ] || local_ip
=192.0.2.1
129 [ -e '/etc/ppp/peers' ] || mkdir
-p '/etc/ppp/peers'
130 [ -e '/etc/ppp/peers/openfortivpn' ] ||
{
131 ln -s -T '/var/etc/openfortivpn/peers' '/etc/ppp/peers/openfortivpn' 2> /dev
/null
132 mkdir
-p '/var/etc/openfortivpn/peers'
135 [ -f /etc
/openfortivpn
/user-cert-
$config.pem
] && append_args
"--user-cert=/etc/openfortivpn/user-cert-$config.pem"
136 [ -f /etc
/openfortivpn
/user-key-
$config.pem
] && append_args
"--user-key=/etc/openfortivpn/user-key-$config.pem"
137 [ -f /etc
/openfortivpn
/ca-
$config.pem
] && append_args
"--ca-file=/etc/openfortivpn/ca-$config.pem"
139 callfile
="/var/etc/openfortivpn/peers/$config"
151 ip-up-script /lib/netifd/openfortivpn-ppp-up
152 ip-down-script /lib/netifd/ppp-down
153 mru 1354" > "$callfile"
154 append_args
"--pppd-call=openfortivpn/$config"
156 logger
-p 6 -t openfortivpn
"$config: executing 'openfortivpn $cmdline'"
157 eval "proto_run_command '$config' /usr/sbin/openfortivpn-wrapper '$pwfile' '$config' $cmdline"
161 proto_openfortivpn_teardown
() {
164 pwfile
="/var/etc/openfortivpn/$config.passwd"
165 callfile
="/var/etc/openfortivpn/peers/$config"
169 proto_kill_command
"$config" 2
172 add_protocol openfortivpn