Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #12899 from aaronjg/openwrtize-openfortivpn

Browse source 
openfortivpn: use a more 'OpenWRT' paradigm throughout the code
This commit is contained in:
Rosen Penev 2020-08-01 16:40:41 -07:00 committed by GitHub
commit 0c3f4fd079
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 79 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
net/openfortivpn/Makefile
View file

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=openfortivpn PKG_NAME:=openfortivpn
PKG_VERSION:=1.14.1 PKG_VERSION:=1.14.1
PKG_RELEASE:=5 PKG_RELEASE:=6
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/adrienverge/openfortivpn/tar.gz/v$(PKG_VERSION)? PKG_SOURCE_URL:=https://codeload.github.com/adrienverge/openfortivpn/tar.gz/v$(PKG_VERSION)?

31
net/openfortivpn/files/14-openforticlient
View file

@ -1,18 +1,27 @@
#!/bin/sh #!/bin/sh
. /lib/functions.sh
. /usr/share/libubox/jshn.sh . /usr/share/libubox/jshn.sh
[ "$ACTION" != ifup ] && exit [ "$ACTION" != ifup ] && exit
networks=$(uci show network | sed "s/network.\([^.]*\).proto='openfortivpn'/\1/;t;d") handle_network()
for i in $networks; do {
iface=$(uci get "network.${i}.iface_name") config_get iface $1 iface_name
iface_success=$? [ $INTERFACE != "$iface" ] && return
[ $? -eq 0 ] && [ $INTERFACE == "$iface" ] && { [ $(config_get $1 proto) != "openfortivpn" ] && return
logger -t "openfortivpnhotplug" "$ACTION on $INTERFACE to bring up $i"
json_load "$(ifstatus $i)" config_get_bool load_on_boot $1 auto
[ -n "$load_on_boot" ] && [ "$load_on_boot" -eq 0 ] && return
status="$(ifstatus $1)" || continue
json_load "$status"
json_get_var autostart autostart json_get_var autostart autostart
logger -t "openfortivpnhotplug" "$ACTION on $INTERFACE to bring up $1. Autostart is $autostart"
[ "$autostart" -eq 0 ] && { [ "$autostart" -eq 0 ] && {
logger -t "openfortivpnhotplug" "auto-start was false. bringing $i up" logger -t "openfortivpnhotplug" "auto-start was false. bringing $1 up"
ubus call network.interface up "{ \"interface\" : \"$i\" }" ubus call network.interface up "{ \"interface\" : \"$1\" }"
} }
} }
done
config_load network
config_foreach handle_network interface
exit 0

38
net/openfortivpn/files/openfortivpn-wrapper
View file

@ -4,10 +4,40 @@
# file from cmd and to daemonize # file from cmd and to daemonize
# $1 password file # $1 password file
# $2... are passed to openconnect # $2 is the config name
# $3... are passed to openconnect
test -z "$1" && exit 1 test -z "$1" && exit 1
pwfile=$1 pwfile=$1; shift
shift config=$1; shift
exec /usr/sbin/openfortivpn "$@" < $pwfile killed=0
trap_with_arg() {
func="$1" ; shift
for sig ; do
trap "$func $sig" "$sig"
done
}
func_trap() {
logger "openfortivpn-wrapper[$$]" "$config: sending signal ${1}"
killed=1
kill -${1} $child 2>/dev/null
}
trap_with_arg func_trap INT TERM KILL
start_time=$(date '+%s')
/usr/sbin/openfortivpn "$@" < $pwfile 2>/dev/null &
child=$!
wait $child || {
[ "$killed" = 1 ] && exit 0
current_time=$(date '+%s')
elapsed=$(($current_time-$start_time))
. /lib/netifd/netifd-proto.sh
proto_notify_error "$config" "Failed to connect after $elapsed seconds."
proto_block_restart "$config"
exit 1
}

38
net/openfortivpn/files/openfortivpn.sh
View file

@ -1,5 +1,6 @@
#!/bin/sh #!/bin/sh
. /lib/functions.sh . /lib/functions.sh
. /lib/functions/network.sh
. ../netifd-proto.sh . ../netifd-proto.sh
init_proto "$@" init_proto "$@"
@ -19,37 +20,35 @@ proto_openfortivpn_init_config() {
proto_config_add_string "password" proto_config_add_string "password"
proto_config_add_string "trusted_cert" proto_config_add_string "trusted_cert"
proto_config_add_string "remote_status_check" proto_config_add_string "remote_status_check"
proto_config_add_int "peerdns"
proto_config_add_int "metric"
no_device=1 no_device=1
available=1 available=1
} }
proto_openfortivpn_setup() { proto_openfortivpn_setup() {
local config="$1" local config="$1"
local msg
local msg ifname ip server_ip pwfile callfile
local host server port iface_name local_ip username password trusted_cert \
remote_status_check
json_get_vars host server port iface_name local_ip username password trusted_cert \ json_get_vars host server port iface_name local_ip username password trusted_cert \
remote_status_check peerdns metric remote_status_check
ifname="vpn-$config" ifname="vpn-$config"
[ -n "$iface_name" ] && { [ -n "$iface_name" ] && {
json_load "$(ifstatus $iface_name)" network_get_device iface_device_name "$iface_name"
json_get_var iface_device_name l3_device network_is_up "$iface_name" || {
json_get_var iface_device_up up
}
[ "$iface_device_up" -eq 1 ] || {
msg="$iface_name is not up $iface_device_up" msg="$iface_name is not up $iface_device_up"
logger -t "openfortivpn" "$config: $msg" logger -t "openfortivpn" "$config: $msg"
proto_notify_error "$config" "$msg" proto_notify_error "$config" "$msg"
proto_block_restart "$config" proto_block_restart "$config"
exit 1 exit 1
} }
}
server_ip=$(resolveip -t 10 "$server") server_ip=$(resolveip -4 -t 10 "$server")
[ $? -eq 0 ] || { [ $? -eq 0 ] || {
msg="$config: failed to resolve server ip for $server" msg="$config: failed to resolve server ip for $server"
@ -81,7 +80,7 @@ proto_openfortivpn_setup() {
} }
} }
for ip in $(resolveip -t 10 "$server"); do for ip in $(resolveip -4 -t 10 "$server"); do
logger -p 6 -t "openfortivpn" "$config: adding host dependency for $ip on $iface_name at $config" logger -p 6 -t "openfortivpn" "$config: adding host dependency for $ip on $iface_name at $config"
proto_add_host_dependency "$config" "$ip" "$iface_name" proto_add_host_dependency "$config" "$ip" "$iface_name"
done done
@ -89,12 +88,10 @@ proto_openfortivpn_setup() {
[ -n "$port" ] && port=":$port" [ -n "$port" ] && port=":$port"
[ -z "$peerdns" ] && peerdns=1
append_args "$server$port" --pppd-ifname="$ifname" --use-syslog -c /dev/null append_args "$server$port" --pppd-ifname="$ifname" --use-syslog -c /dev/null
append_args "--set-dns=0" append_args "--set-dns=0"
append_args "--no-routes" append_args "--no-routes"
append_args "--pppd-use-peerdns=$peerdns" append_args "--pppd-use-peerdns=1"
[ -n "$iface_name" ] && { [ -n "$iface_name" ] && {
append_args "--ifname=$iface_device_name" append_args "--ifname=$iface_device_name"
@ -104,15 +101,15 @@ proto_openfortivpn_setup() {
[ -n "$username" ] && append_args -u "$username" [ -n "$username" ] && append_args -u "$username"
[ -n "$password" ] && { [ -n "$password" ] && {
umask 077 umask 077
mkdir -p /var/etc mkdir -p '/var/etc/openfortivpn'
pwfile="/var/etc/openfortivpn/$config.passwd" pwfile="/var/etc/openfortivpn/$config.passwd"
echo "$password" > "$pwfile" echo "$password" > "$pwfile"
} }
[ -n "$local_ip" ] || local_ip=192.0.2.1 [ -n "$local_ip" ] || local_ip=$server_ip
[ -e '/etc/ppp/peers' ] || mkdir -p '/etc/ppp/peers' [ -e '/etc/ppp/peers' ] || mkdir -p '/etc/ppp/peers'
[ -e '/etc/ppp/peers/openfortivpn' ] || { [ -e '/etc/ppp/peers/openfortivpn' ] || {
ln -s -T '/var/etc/openfortivpn/peers' '/etc/ppp/peers/openfortivpn' ln -s -T '/var/etc/openfortivpn/peers' '/etc/ppp/peers/openfortivpn' 2> /dev/null
mkdir -p '/var/etc/openfortivpn/peers' mkdir -p '/var/etc/openfortivpn/peers'
} }
@ -125,7 +122,6 @@ noauth
default-asyncmap default-asyncmap
nopcomp nopcomp
receive-all receive-all
defaultroute
nodetach nodetach
ipparam $config ipparam $config
lcp-max-configure 40 lcp-max-configure 40
@ -134,10 +130,8 @@ ip-down-script /lib/netifd/ppp-down
mru 1354" > $callfile mru 1354" > $callfile
append_args "--pppd-call=openfortivpn/$config" append_args "--pppd-call=openfortivpn/$config"
proto_export INTERFACE="$ifname"
logger -p 6 -t openfortivpn "$config: executing 'openfortivpn $cmdline'" logger -p 6 -t openfortivpn "$config: executing 'openfortivpn $cmdline'"
eval "proto_run_command '$config' /usr/sbin/openfortivpn-wrapper '$pwfile' '$config' $cmdline"
eval "proto_run_command '$config' /usr/sbin/openfortivpn-wrapper '$pwfile' $cmdline"
} }