VPN zentral-Server-skript
Zur Navigation springen
Zur Suche springen
Datei: /etc/init.d/vpn
#!/bin/sh
fkt_infotext() {
logger -p daemon.info -t $0 $1
echo $1
}
fkt_write_olsrd_conf() {
fkt_infotext "generating olsrd.conf ..."
cp /etc/olsrd.conf_head /etc/olsrd.conf
awk '/ifup/ {print $3,$12}' /etc/vtund.conf|
while read IFACE NODE
do
cat>>/etc/olsrd.conf<<EOF
Interface "$IFACE" {
HelloInterval 50.0
HelloValidityTime 900.0
TcInterval 30.0
TcValidityTime 2700.0
MidInterval 150.0
MidValidityTime 2700.0
HnaInterval 150.0
HnaValidityTime 900.0
Ip4Broadcast 10.63.$NODE.253
LinkQualityMult default 0.1
}
EOF
done
}
fkt_netcount_start() {
fkt_infotext "installing netfilter counters ..."
iptables -N vpn_user_outgoing
iptables -N vpn_olsr_outgoing
iptables -N vpn_user_incoming
iptables -N vpn_olsr_incoming
iptables -I OUTPUT -o tap+ -j vpn_user_outgoing
iptables -I OUTPUT -o tap+ -p udp --sport 698 -j vpn_olsr_outgoing
iptables -I INPUT -i tap+ -j vpn_user_incoming
iptables -I INPUT -i tap+ -p udp --dport 698 -j vpn_olsr_incoming
awk '/ifup/ {print $3}' /etc/vtund.conf|
while read IFACE
do
iptables -I vpn_user_outgoing -i $IFACE -j ACCEPT
iptables -I vpn_olsr_outgoing -i $IFACE -j ACCEPT
iptables -I vpn_user_incoming -i $IFACE -j ACCEPT
iptables -I vpn_olsr_incoming -i $IFACE -j ACCEPT
done
}
fkt_netcount_stop() {
fkt_infotext "deleting netfilter counters ..."
iptables -D OUTPUT -o tap+ -j vpn_user_outgoing
iptables -D OUTPUT -o tap+ -p udp --sport 698 -j vpn_olsr_outgoing
iptables -D INPUT -i tap+ -j vpn_user_incoming
iptables -D INPUT -i tap+ -p udp --dport 698 -j vpn_olsr_incoming
iptables -F vpn_olsr_outgoing
iptables -F vpn_user_outgoing
iptables -F vpn_olsr_incoming
iptables -F vpn_user_incoming
iptables -X vpn_olsr_outgoing
iptables -X vpn_user_outgoing
iptables -X vpn_olsr_incoming
iptables -X vpn_user_incoming
}
fkt_start_vtund() {
fkt_infotext "starting vtun-daemon ..."
vtund -f /etc/vtund.conf -s
}
fkt_start_olsrd() {
fkt_infotext "starting olsr-daemon ..."
olsrd -f /etc/olsrd.conf -d 0
}
fkt_kill_olsrd() {
fkt_infotext "ending olsrd-process ..."
PID=$(pidof olsrd)
test ! -z "$PID" && kill $PID
}
fkt_kill_vtund() {
fkt_infotext "ending vtund-process ..."
PID=$(pidof vtund)
test ! -z "$PID" && kill $PID
}
fkt_interface_up() {
fkt_infotext "starting interface $1 for node $2 ..."
ip addr add dev $1 10.63.$2.254/30 brd 10.63.$2.255
ip link set $1 mtu 1450 up
fkt_infotext "setting host-routes for node $2 ..."
ip route add 10.63.$2.253 dev $1
}
case $1 in
start)
fkt_write_olsrd_conf
fkt_netcount_start
fkt_start_vtund
fkt_start_olsrd
;;
stop)
fkt_kill_olsrd
fkt_kill_vtund
fkt_netcount_stop
;;
restart)
$0 stop
$0 start
;;
ifup)
fkt_interface_up $2 $3
;;
*)
echo "Usage: $0 (start|stop|restart|ifup INTERFACE NODE)"
;;
esac
Datei: /etc/olsrd.conf_head
DebugLevel 0
IpVersion 4
AllowNoInt yes
Pollrate 0.05
TcRedundancy 2
MprCoverage 7
UseHysteresis no
LinkQualityFishEye 0
LinkQualityWinSize 100
LinkQualityDijkstraLimit 0 5.0
LinkQualityLevel 2
#
# Achtung! Aenderungen nur in /etc/olsrd.conf_head machen! Siehe /etc/init.d/vpn!
#
#LoadPlugin "olsrd_quagga.so.0.2.2"
#{
# PlParam "redistribute" "bgp"
#}
Hna4 {
10.63.30.252 255.255.255.252
10.63.30.0 255.255.255.240
104.63.30.0 255.255.255.240
104.61.0.0 255.255.0.0
}
IpcConnect {
MaxConnections 1
Host 127.0.0.1
Net 10.63.0.0 255.0.0.0
}
Interface "venet0" {
HelloInterval 5.0
HelloValidityTime 90.0
TcInterval 3.0
TcValidityTime 270.0
MidInterval 15.0
MidValidityTime 270.0
HnaInterval 15.0
HnaValidityTime 90.0
Ip4Broadcast 10.63.30.254
LinkQualityMult default 0.1
}
Datei: /etc/vtund.conf
default {type ether; compress no; encrypt no; keepalive no; multi no; stat no; }
j2a {device tap0 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 82 ";};}
rembrandt {device tap1 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 41 ";};}
l18a_roof {device tap2 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 1 ";};}
rex {device tap3 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 54 ";};}
ranger {device tap4 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 20 ";};}
Bode {device tap5 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 37 ";};}
hababusch {device tap6 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 33 ";};}
t65uplink {device tap7 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 62 ";};}
weimarwest {device tap8 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 87 ";};}
trierer7 {device tap9 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 120 ";};}
m18-ping02 {device tap10 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 2 ";};}
stonebridge {device tap11 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 39 ";};}
heller_und_pfennig {device tap12 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 224 ";};}