/etc/init.d/vpn

Funktionen

/etc/init.d/vpn start |stop | restart | restart_olsr | restart_tunnel | pingtest | status | check | ifup INTERFACE NODE

Die Funktion "check" wird alle 5 Minuten per cron ausgefuehrt und startet den Tunnel oder den OLSR-Dienst neu, falls keine CPU-Zeit mehr konsumiert wird.

Skript

#!/bin/sh

fkt_infotext() {
        logger -p daemon.info -t $0 $1
        echo $1
}

fkt_write_olsrd_conf() {
        fkt_infotext "generating olsrd.conf ..."
        cp /etc/olsrd.conf_head /etc/olsrd.conf
        awk '/ifup/ {print $3,$12}' /etc/vtund.conf|
        while read IFACE NODE
                do
cat>>/etc/olsrd.conf<<EOF

Interface "$IFACE" {
        HelloInterval           50.0
        HelloValidityTime       900.0
        TcInterval              30.0
        TcValidityTime          2700.0
        MidInterval             150.0
        MidValidityTime         2700.0
        HnaInterval             150.0
        HnaValidityTime         900.0

        Ip4Broadcast 10.63.$NODE.253
        LinkQualityMult default 0.1
}
EOF
        done
}

fkt_netcount_start() {
        fkt_infotext "installing netfilter counters ..."
        iptables -N vpn_user_outgoing
        iptables -N vpn_olsr_outgoing
        iptables -N vpn_user_incoming
        iptables -N vpn_olsr_incoming
        iptables -I OUTPUT -o tap+                      -j vpn_user_outgoing
        iptables -I OUTPUT -o tap+ -p udp --sport 698   -j vpn_olsr_outgoing
        iptables -I INPUT  -i tap+                      -j vpn_user_incoming
        iptables -I INPUT  -i tap+ -p udp --dport 698   -j vpn_olsr_incoming
        awk '/ifup/ {print $3}' /etc/vtund.conf|
        while read IFACE
                do
                iptables -I vpn_user_outgoing -i $IFACE -j ACCEPT
                iptables -I vpn_olsr_outgoing -i $IFACE -j ACCEPT
                iptables -I vpn_user_incoming -i $IFACE -j ACCEPT
                iptables -I vpn_olsr_incoming -i $IFACE -j ACCEPT
                
        done
}

fkt_netcount_stop() {
        fkt_infotext "deleting netfilter counters ..."
        iptables -D OUTPUT -o tap+                      -j vpn_user_outgoing
        iptables -D OUTPUT -o tap+ -p udp --sport 698   -j vpn_olsr_outgoing
        iptables -D INPUT  -i tap+                      -j vpn_user_incoming
        iptables -D INPUT  -i tap+ -p udp --dport 698   -j vpn_olsr_incoming
        iptables -F vpn_olsr_outgoing
        iptables -F vpn_user_outgoing
        iptables -F vpn_olsr_incoming
        iptables -F vpn_user_incoming
        iptables -X vpn_olsr_outgoing
        iptables -X vpn_user_outgoing
        iptables -X vpn_olsr_incoming
        iptables -X vpn_user_incoming
}

fkt_start_vtund() {
        fkt_infotext "starting vtun-daemon ..."
        vtund -f /etc/vtund.conf -s
}

fkt_start_olsrd() {
        fkt_infotext "starting olsr-daemon ..."
        olsrd -f /etc/olsrd.conf -d 0
}

fkt_kill_olsrd() {
        fkt_infotext "ending olsrd-process ..."
        PID=$(pidof olsrd)
        test ! -z "$PID" && kill
        PID=$(pidof olsrd)
        test ! -z "$PID" && kill -9 $PID
}

fkt_kill_vtund() {
        fkt_infotext "ending vtund-process ..."
        PID=$(pidof vtund)
        test ! -z "$PID" && kill $PID
}

fkt_interface_up() {
        fkt_infotext "starting interface $1 for node $2 ..."
        ip addr  add dev $1 10.63.$2.254/30 brd 10.63.$2.255
        ip link  set $1 mtu 1450 up
        fkt_infotext "setting host-routes for node $2 ..."
        ip route add 10.63.$2.253 dev $1
}

fkt_status_olsrd() {
        fkt_infotext "status olsrd:"
}

fkt_status_vtund() {
        fkt_infotext "status vtund:"
        ps ax|
        awk -F tap '/tap/ {
                if($2<99&&$2>=0){
                        NO=$2*1
                        printf("tap %2i - ",NO)
                        system("grep \"device tap"NO" \" /etc/vtund.conf")
                        }
                }'|
        sort
}

fkt_status_netcount() {
        fkt_infotext "status netcount:"
        iptables -nxvL INPUT
        iptables -nxvL FORWARD
        iptables -nxvL OUTPUT
}

fkt_pingall_clients() {
        awk '/ifup/ {printf $1": ";system("ping -c 3 10.63."$12".253 | grep \"64 bytes\"");print ""}' /etc/vtund.conf
        awk '/ifup/ {printf $1": ";system("ping -c 3 10.63."$12".1   | grep \"64 bytes\"");print ""}' /etc/vtund.conf
}

fkt_check_olsr_and_tunnel () {
        BIN_OLSR="olsrd"
        BIN_VTUN="vtund"

        PID_OLSR="$(pidof -s $BIN_OLSR)"
        PID_VTUN="$(pidof -s $BIN_VTUN)"

        OLSR_TIME_1="$(top -p $PID_OLSR -n 1 -b | grep $BIN_OLSR | awk '{print $11}')"
        VTUN_TIME_1="$(top -p $PID_VTUN -n 1 -b | grep $BIN_VTUN | awk '{print $11}')"

        sleep 60

        OLSR_TIME_2="$(top -p $PID_OLSR -n 1 -b | grep $BIN_OLSR | awk '{print $11}')"
        VTUN_TIME_2="$(top -p $PID_VTUN -n 1 -b | grep $BIN_VTUN | awk '{print $11}')"

        if [ "$OLSR_TIME_1" = "$OLSR_TIME_2" ]; then
                $0 restart_olsr
        fi

        if [ "$VTUN_TIME_1" = "$VTUN_TIME_2" ]; then
                $0 restart_tunnel
        fi
}

case $1 in
        start)
                fkt_infotext "Starting freifunk-VPN ..."
                fkt_write_olsrd_conf
                fkt_netcount_start
        fi

        if [ "$VTUN_TIME_1" = "$VTUN_TIME_2" ]; then
                $0 restart_tunnel
        fi
}

case $1 in
        start)
                fkt_infotext "Starting freifunk-VPN ..."
                fkt_write_olsrd_conf
                fkt_netcount_start
                fkt_start_vtund
                fkt_start_olsrd
        ;;
        stop)
                fkt_infotext "Stopping freifunk-VPN ..."
                fkt_kill_olsrd
                fkt_kill_vtund
                fkt_netcount_stop
        ;;
        restart)
                $0 stop
                $0 start
        ;;
        restart_olsr)
                fkt_infotext "Stopping/Starting freifunk-olsr ..."
                fkt_kill_olsrd
                fkt_start_olsrd
        ;;
        restart_tunnel)
                fkt_infotext "Stopping/Starting freifunk-tunnel ..."
                fkt_kill_vtund
                fkt_start_vtund
        ;;
        status)
                fkt_status_olsrd
                fkt_status_vtund
                fkt_status_netcount
        ;;
        check)
                fkt_check_olsr_and_tunnel
        ;;
        pingtest)
                fkt_pingall_clients
        ;;
        ifup)
                fkt_interface_up $2 $3
        ;;
        *)
                echo "Usage: $0 ( start |stop | restart | restart_olsr | restart_tunnel | pingtest | status | check | ifup INTERFACE NODE)"
        ;;
esac