diff options
| author | Aaron Goodman <aaronjg@stanford.edu> | 2020-09-09 14:12:33 -0400 |
|---|---|---|
| committer | Aaron Goodman <aaronjg@stanford.edu> | 2020-09-09 18:16:18 -0400 |
| commit | f01714a25051d30664e97b081ac54d14ea6ccfa8 (patch) | |
| tree | 4e58453f7e3b5726fb1ca81724411487770267a3 /net/openfortivpn/files/openfortivpn.sh | |
| parent | f1561b624a6444e64800151f4e6ef0b1c5fff761 (diff) | |
openfortivpn: version bump to 1.15.0 and further upgrades
- remove patch that has been included upstream
- remove dependence on resolveip
- remove hotplug script that is handled by "proto_add_host_dependency"
- use openfortivpn default tunnel ip if none specified
- add status checking with uclient-fetch
Signed-off-by: Aaron Goodman <aaronjg@stanford.edu>
Diffstat (limited to 'net/openfortivpn/files/openfortivpn.sh')
| -rwxr-xr-x | net/openfortivpn/files/openfortivpn.sh | 100 |
1 files changed, 60 insertions, 40 deletions
diff --git a/net/openfortivpn/files/openfortivpn.sh b/net/openfortivpn/files/openfortivpn.sh index 14f613eab..9414591dd 100755 --- a/net/openfortivpn/files/openfortivpn.sh +++ b/net/openfortivpn/files/openfortivpn.sh @@ -3,6 +3,7 @@ . /lib/functions/network.sh . ../netifd-proto.sh init_proto "$@" +IPv4_REGEX="((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" append_args() { while [ $# -gt 0 ]; do @@ -27,7 +28,7 @@ proto_openfortivpn_init_config() { proto_openfortivpn_setup() { local config="$1" - local msg ifname ip server_ip pwfile callfile + local msg ifname ip server_ips pwfile callfile local host peeraddr port tunlink local_ip username password trusted_cert \ remote_status_check @@ -38,53 +39,72 @@ proto_openfortivpn_setup() { [ -n "$tunlink" ] && { - network_get_device iface_device_name "$tunlink" - network_is_up "$tunlink" || { - msg="$tunlink is not up $iface_device_up" - logger -t "openfortivpn" "$config: $msg" - proto_notify_error "$config" "$msg" - proto_block_restart "$config" - exit 1 - } + network_get_device iface_device_name "$tunlink" + network_is_up "$tunlink" || { + msg="$tunlink is not up $iface_device_up" + logger -t "openfortivpn" "$config: $msg" + proto_notify_error "$config" "$msg" + proto_block_restart "$config" + exit 1 + } } - server_ip=$(resolveip -4 -t 10 "$peeraddr") + if echo "$peeraddr" | grep -q -E "$IPv4_REGEX"; then + server_ips="$peeraddr" + elif command -v resolveip >/dev/null ; then + server_ips="$(resolveip -4 -t 10 "$peeraddr")" + [ $? -eq 0 ] || { + msg="$config: failed to resolve server ip for $peeraddr" + logger -t "openfortivpn" "$msg" + sleep 10 + proto_notify_error "$config" "$msg" + proto_setup_failed "$config" + exit 1 + } + else + logger -t "openfortivpn" "resolveip not present, could not resolve $peeraddr" + fi - [ $? -eq 0 ] || { - msg="$config: failed to resolve server ip for $peeraddr" - logger -t "openfortivpn" "$msg" - sleep 10 - proto_notify_error "$config" "$msg" - proto_setup_failed "$config" - exit 1 - } [ "$remote_status_check" = "curl" ] && { - curl -k --head -s --connect-timeout 10 ${tunlink:+--interface} $iface_device_name https://$server_ip > /dev/null || { - msg="failed to reach https://${server_ip}${tunlink:+ on $iface_device_name}" - logger -t "openfortivpn" "$config: $msg" - sleep 10 - proto_notify_error "$config" "$msg" - proto_setup_failed "$config" - exit 1 - } + curl -k --head -s --connect-timeout 10 ${tunlink:+--interface} $iface_device_name https://$peeraddr > /dev/null || { + msg="failed to reach https://$peeraddr${tunlink:+ on $iface_device_name}" + logger -t "openfortivpn" "$config: $msg" + sleep 10 + proto_notify_error "$config" "$msg" + proto_setup_failed "$config" + exit 1 + } } [ "$remote_status_check" = "ping" ] && { - ping ${tunlink:+-I} $iface_device_name -c 1 -w 10 $server_ip > /dev/null 2>&1 || { - msg="$config: failed to ping $server_ip on $iface_device_name" - logger -t "openfortvpn" "$config: $msg" - sleep 10 - proto_notify_error "$config" "failed to ping $server_ip on $iface_device_name" - proto_setup_failed "$config" - exit 1 - } + ping ${tunlink:+-I} $iface_device_name -c 1 -w 10 $peeraddr > /dev/null 2>&1 || { + msg="$config: failed to ping $peeraddr on $iface_device_name" + logger -t "openfortvpn" "$config: $msg" + sleep 10 + proto_notify_error "$config" "$msg" + proto_setup_failed "$config" + exit 1 + } } - for ip in $(resolveip -4 -t 10 "$peeraddr"); do - logger -p 6 -t "openfortivpn" "$config: adding host dependency for $ip on $tunlink at $config" - proto_add_host_dependency "$config" "$ip" "$tunlink" - done - + if [ -n "$server_ips" ]; then + for ip in $server_ips; do + logger -p 6 -t "openfortivpn" "$config: adding host dependency for $ip on $tunlink at $config" + proto_add_host_dependency "$config" "$ip" "$tunlink" + done + fi + + # uclient-fetch cannot bind to interface, so perform check after adding host dependency + [ "$remote_status_check" = "fetch" ] && { + uclient-fetch --no-check-certificate -q -s --timeout=10 https://$peeraddr > /dev/null 2>&1 || { + msg="$config: failed to reach ${server_ip:-$peeraddr} on $iface_device_name" + logger -t "openfortvpn" "$config: $msg" + sleep 10 + proto_notify_error "$config" "$msg" + proto_setup_failed "$config" + exit 1 + } + } [ -n "$port" ] && port=":$port" @@ -106,7 +126,7 @@ proto_openfortivpn_setup() { echo "$password" > "$pwfile" } - [ -n "$local_ip" ] || local_ip=$server_ip + [ -n "$local_ip" ] || local_ip=192.0.2.1 [ -e '/etc/ppp/peers' ] || mkdir -p '/etc/ppp/peers' [ -e '/etc/ppp/peers/openfortivpn' ] || { ln -s -T '/var/etc/openfortivpn/peers' '/etc/ppp/peers/openfortivpn' 2> /dev/null |