bakabtw/packages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
packages/net/tinc/files/tinc.init

242 lines
5.2 KiB
Plaintext
Raw Normal View History

[packages] tinc: contribution from linus.luessing@web.de - configuration via uci similar to OpenVPN package With this commit configuration via uci, similiar to the one used for OpenVPN, will be added to tinc. Most of the parameters are working just as described in the official manpages of tincd and tinc.conf as provided by its developer. The only exceptions are 'disabled' which if set to 1 will make the init script completely ignore this tinc network and/or tinc host and 'generate_keys' which if set to 1 will check whether a key pair is already present for the given tinc network and if not will generate them with the key size of "key_size" (default if not present: 2048) - this reduces the "effort" of setting up a tinc VPN on a router to just providing the right uci config file with no need of creating custom initialization scripts for for instance the key generation. Furthermore, similiar to the OpenVPN configuration, also tinc configs of its native format can be used. They just need to be placed in /etc/tinc/NETNAME. The init scripts will always copy the content of /etc/tinc/ to /tmp first and will append any parameters provided in /etc/config/tinc afterwards (the user needs to take care to not specify non-list parameters in both uci and native config). (Trivial note: not working URLs of old repositories have been removed from Makefile for downloading sources) git-svn-id: svn://svn.openwrt.org/openwrt/packages@29137 3c298f89-4303-0410-b956-a3cf2f4a3e73
2011-11-14 21:41:03 +00:00
#!/bin/sh /etc/rc.common
# Tinc init script
# Copyright (C) 2011 Linus Lüssing
# Based on Jo-Philipp Wich's OpenVPN init script
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
START=42
BIN=/usr/sbin/tincd
SSD=start-stop-daemon
EXTRA_COMMANDS="up down"
LIST_SEP="
"
TMP_TINC="/tmp/tinc"
append_param() {
local v="$1"
case "$v" in
*_*_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;;
*_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;;
*_*) v=${v%%_*}-${v#*_} ;;
esac
ARGS="$ARGS --$v"
return 0
}
append_conf_bools() {
local p; local v; local s="$1"; local f="$2"; shift; shift
for p in $*; do
config_get_bool v "$s" "$p"
[ "$v" == 1 ] && echo "$p = yes" >> "$f"
[ "$v" == 0 ] && echo "$p = no" >> "$f"
done
}
append_params() {
local p; local v; local s="$1"; shift
for p in $*; do
config_get v "$s" "$p"
IFS="$LIST_SEP"
for v in $v; do
[ -n "$v" ] && append_param "$p" && ARGS="$ARGS $v"
done
unset IFS
done
}
append_conf_params() {
local p; local v; local s="$1"; local f="$2"; shift; shift
for p in $*; do
config_get v "$s" "$p"
IFS="$LIST_SEP"
for v in $v; do
# Look up OpenWRT interface names
[ "$p" = "BindToInterface" ] && {
local ifname=$(uci -P /var/state get network.$v.ifname 2>&-)
[ -n "$ifname" ] && v="$ifname"
}
[ -n "$v" ] && echo "$p = $v" >> "$f"
done
unset IFS
done
}
prepare_host() {
local s="$1"; local n
local disabled=0
# net disabled?
config_get n "$s" net
config_get_bool disabled "$n" disabled 0
[ "$disabled" == 1 ] && return 0
if [ "$#" = "2" ]; then
[ "$2" != "$n" ] && return 0
fi
# host disabled?
config_get_bool disabled "$s" disabled 0
[ "$disabled" == 1 ] && {
[ -f "$TMP_TINC/$n/hosts/$s" ] && rm "$TMP_TINC/$n/hosts/$s"
return 0
}
[ ! -f "/etc/tinc/$n/hosts/$s" ] && {
echo -n "tinc: Warning, public key for $s for network $n "
echo -n "missing in /etc/tinc/$n/hosts/$s, "
echo "skipping configuration of $s"
return 0
}
# append flags
append_conf_bools "$s" "$TMP_TINC/$n/hosts/$s" \
ClampMSS IndirectData PMTUDiscovery
# append params
append_conf_params "$s" "$TMP_TINC/$n/hosts/$s" \
Address Cipher Compression Digest MACLength PMTU Port Subnet
}
check_gen_own_key() {
local s="$1"; local n; local k
config_get n "$s" Name
config_get_bool k "$s" generate_keys 0
[ "$k" == 0 ] && return 0
([ -z "$n" ] || [ -f "$TMP_TINC/$s/hosts/$n" ] || [ -f "$TMP_TINC/$s/rsa_key.priv" ]) && \
return 0
[ ! -d "$TMP_TINC/$s/hosts" ] && mkdir -p "$TMP_TINC/$s/hosts"
config_get k "$s" key_size
if [ -z "$k" ]; then
$BIN -c "$TMP_TINC/$s" --generate-keys </dev/null
else
$BIN -c "$TMP_TINC/$s" "--generate-keys=$k" </dev/null
fi
[ ! -d "/etc/tinc/$s/hosts" ] && mkdir -p "/etc/tinc/$s/hosts"
cp "$TMP_TINC/$s/rsa_key.priv" "/etc/tinc/$s/"
[ -n "$n" ] && cp "$TMP_TINC/$s/hosts/$n" "/etc/tinc/$s/hosts/"
}
prepare_net() {
local s="$1"
local disabled=0
local n
# disabled?
config_get_bool disabled "$s" disabled 0
[ "$disabled" == 1 ] && return 0
[ ! -d "$TMP_TINC/$s" ] && mkdir -p "$TMP_TINC/$s"
[ -d "/etc/tinc/$s" ] && cp -r "/etc/tinc/$s" "$TMP_TINC/"
# append flags
append_conf_bools "$s" "$TMP_TINC/$s/tinc.conf" \
DirectOnly Hostnames IffOneQueue PriorityInheritance \
StrictSubnets TunnelServer \
ClampMSS IndirectData PMTUDiscovery
# append params
append_conf_params "$s" "$TMP_TINC/$s/tinc.conf" \
AddressFamily BindToAddress ConnectTo BindToInterface \
Forwarding GraphDumpFile Interface KeyExpire MACExpire \
MaxTimeout Mode Name PingInterval PingTimeout PrivateKeyFile \
ProcessPriority ReplayWindow UDPRcvBuf UDPSndBuf \
Address Cipher Compression Digest MACLength PMTU Port Subnet
check_gen_own_key "$s" && return 0
}
start_net() {
local s="$1"
local disabled=0
# disabled?
config_get_bool disabled "$s" disabled 0
[ "$disabled" == 1 ] && return 0
PID="/var/run/tinc.$s.pid"
ARGS=""
# append params
append_params "$s" \
log debug
$BIN -c "$TMP_TINC/$s" -n $s $ARGS --pidfile="$PID"
}
kill_net() {
local s="$1"
local S="${2:-TERM}"
local disabled=0
# disabled?
config_get_bool disabled "$s" disabled 0
[ "$disabled" == 0 ] || [ "$S" == "TERM" ] || return 0
PID="/var/run/tinc.$s.pid"
$SSD -q -p $PID -x $BIN -K -s $S
[ "$S" == "TERM" ] && {
rm -f "$PID"
[ -n "$s" ] && rm -rf "$TMP_TINC/$s"
}
}
hup_net() { kill_net "$1" HUP; }
stop_net() { kill_net "$1" TERM; }
start() {
config_load tinc
config_foreach prepare_net tinc-net
config_foreach prepare_host tinc-host
config_foreach start_net tinc-net
}
stop() {
config_load tinc
config_foreach stop_net tinc-net
}
reload() {
config_load tinc
config_foreach hup_net tinc-net
}
restart() {
stop; sleep 5; start
}
up() {
local exists
local INSTANCE
config_load tinc
for INSTANCE in "$@"; do
config_get exists "$INSTANCE" TYPE
if [ "$exists" == "tinc-net" ]; then
prepare_net "$INSTANCE"
config_foreach prepare_host tinc-host "$INSTANCE"
start_net "$INSTANCE"
fi
done
}
down() {
local exists
local INSTANCE
config_load tinc
for INSTANCE in "$@"; do
config_get exists "$INSTANCE" TYPE
if [ "$exists" == "tinc-net" ]; then
stop_net "$INSTANCE"
fi
done
}
Reference in New Issue Copy Permalink