VPN zentral-Server-skript
Version vom 6. März 2007, 17:02 Uhr von Fries43 (Diskussion | Beiträge) (→Datei: /etc/init.d/vpn: update)
Datei: /etc/init.d/vpn
#!/bin/sh fkt_infotext() { logger -p daemon.info -t $0 $1 echo $1 } fkt_write_olsrd_conf() { fkt_infotext "generating olsrd.conf ..." cp /etc/olsrd.conf_head /etc/olsrd.conf awk '/ifup/ {print $3,$12}' /etc/vtund.conf| while read IFACE NODE do cat>>/etc/olsrd.conf<<EOF Interface "$IFACE" { HelloInterval 50.0 HelloValidityTime 900.0 TcInterval 30.0 TcValidityTime 2700.0 MidInterval 150.0 MidValidityTime 2700.0 HnaInterval 150.0 HnaValidityTime 900.0 Ip4Broadcast 10.63.$NODE.253 LinkQualityMult default 0.1 } EOF done } fkt_netcount_start() { fkt_infotext "installing netfilter counters ..." iptables -N vpn_user_outgoing iptables -N vpn_olsr_outgoing iptables -N vpn_user_incoming iptables -N vpn_olsr_incoming iptables -I OUTPUT -o tap+ -j vpn_user_outgoing iptables -I OUTPUT -o tap+ -p udp --sport 698 -j vpn_olsr_outgoing iptables -I INPUT -i tap+ -j vpn_user_incoming iptables -I INPUT -i tap+ -p udp --dport 698 -j vpn_olsr_incoming awk '/ifup/ {print $3}' /etc/vtund.conf| while read IFACE do iptables -I vpn_user_outgoing -i $IFACE -j ACCEPT iptables -I vpn_olsr_outgoing -i $IFACE -j ACCEPT iptables -I vpn_user_incoming -i $IFACE -j ACCEPT iptables -I vpn_olsr_incoming -i $IFACE -j ACCEPT done } fkt_netcount_stop() { fkt_infotext "deleting netfilter counters ..." iptables -D OUTPUT -o tap+ -j vpn_user_outgoing iptables -D OUTPUT -o tap+ -p udp --sport 698 -j vpn_olsr_outgoing iptables -D INPUT -i tap+ -j vpn_user_incoming iptables -D INPUT -i tap+ -p udp --dport 698 -j vpn_olsr_incoming iptables -F vpn_olsr_outgoing iptables -F vpn_user_outgoing iptables -F vpn_olsr_incoming iptables -F vpn_user_incoming iptables -X vpn_olsr_outgoing iptables -X vpn_user_outgoing iptables -X vpn_olsr_incoming iptables -X vpn_user_incoming } fkt_start_vtund() { fkt_infotext "starting vtun-daemon ..." vtund -f /etc/vtund.conf -s } fkt_start_olsrd() { fkt_infotext "starting olsr-daemon ..." olsrd -f /etc/olsrd.conf -d 0 } fkt_kill_olsrd() { fkt_infotext "ending olsrd-process ..." PID=$(pidof olsrd) test ! -z "$PID" && kill $PID } fkt_kill_vtund() { fkt_infotext "ending vtund-process ..." PID=$(pidof vtund) test ! -z "$PID" && kill $PID } fkt_interface_up() { fkt_infotext "starting interface $1 for node $2 ..." ip addr add dev $1 10.63.$2.254/30 brd 10.63.$2.255 ip link set $1 mtu 1450 up fkt_infotext "setting host-routes for node $2 ..." ip route add 10.63.$2.253 dev $1 } case $1 in start) fkt_write_olsrd_conf fkt_netcount_start fkt_start_vtund fkt_start_olsrd ;; stop) fkt_kill_olsrd fkt_kill_vtund fkt_netcount_stop ;; restart) $0 stop $0 start ;; ifup) fkt_interface_up $2 $3 ;; *) echo "Usage: $0 (start|stop|restart|ifup INTERFACE NODE)" ;; esac
Datei: /etc/olsrd.conf_head
DebugLevel 0 IpVersion 4 AllowNoInt yes Pollrate 0.05 TcRedundancy 2 MprCoverage 7 UseHysteresis no LinkQualityFishEye 0 LinkQualityWinSize 100 LinkQualityDijkstraLimit 0 5.0 LinkQualityLevel 2 # # Achtung! Aenderungen nur in /etc/olsrd.conf_head machen! Siehe /etc/init.d/vpn! # #LoadPlugin "olsrd_quagga.so.0.2.2" #{ # PlParam "redistribute" "bgp" #} Hna4 { 10.63.30.252 255.255.255.252 10.63.30.0 255.255.255.240 104.63.30.0 255.255.255.240 104.61.0.0 255.255.0.0 } IpcConnect { MaxConnections 1 Host 127.0.0.1 Net 10.63.0.0 255.0.0.0 } Interface "venet0" { HelloInterval 5.0 HelloValidityTime 90.0 TcInterval 3.0 TcValidityTime 270.0 MidInterval 15.0 MidValidityTime 270.0 HnaInterval 15.0 HnaValidityTime 90.0 Ip4Broadcast 10.63.30.254 LinkQualityMult default 0.1 }
Datei: /etc/vtund.conf
default {type ether; compress no; encrypt no; keepalive no; multi no; stat no; } j2a {device tap0 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 82 ";};} rembrandt {device tap1 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 41 ";};} l18a_roof {device tap2 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 1 ";};} rex {device tap3 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 54 ";};} ranger {device tap4 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 20 ";};} Bode {device tap5 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 37 ";};} hababusch {device tap6 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 33 ";};} t65uplink {device tap7 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 62 ";};} weimarwest {device tap8 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 87 ";};} trierer7 {device tap9 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 120 ";};} m18-ping02 {device tap10 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 2 ";};} stonebridge {device tap11 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 39 ";};} heller_und_pfennig {device tap12 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 224 ";};}
Datei: /etc/vtund.conf
default {type ether; compress no; encrypt no; keepalive no; multi no; stat no; } j2a {device tap0 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 82 ";};} rembrandt {device tap1 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 41 ";};} l18a_roof {device tap2 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 1 ";};} rex {device tap3 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 54 ";};} ranger {device tap4 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 20 ";};} Bode {device tap5 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 37 ";};} hababusch {device tap6 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 33 ";};} t65uplink {device tap7 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 62 ";};} weimarwest {device tap8 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 87 ";};} trierer7 {device tap9 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 120 ";};} m18-ping02 {device tap10 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 2 ";};} stonebridge {device tap11 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 39 ";};} heller_und_pfennig {device tap12 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 224 ";};}