Add package fff-vpn-select

Signed-off-by: Robert Langhammer <rlanghammer@web.de>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Christian Dresel <fff@chrisi01.de>
Tested-by: Jan Kraus <mayosemmel@gmail.com>

src/packages/fff/fff-vpn-select/Makefile

@@ -0,0 +1,41 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fff-vpn-select
+PKG_VERSION:=1
+PKG_RELEASE:=1
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/fff-vpn-select
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/fff-vpn-select
+    SECTION:=base
+    CATEGORY:=Freifunk
+    TITLE:= Freifunk-Franken vpn-select
+    URL:=http://www.freifunk-franken.de
+    DEPENDS:=+fff-tunneldigger \
+             +fff-fastd
+endef
+
+define Package/fff-vpn-select/description
+    Thie package selects and starts the VPN 
+    In this version fastd and l2tp via tunneldigger
+endef
+
+define Build/Prepare
+       echo "all: " > $(PKG_BUILD_DIR)/Makefile
+endef
+
+define Build/Configure
+       # nothing
+endef
+
+define Build/Compile
+       # nothing
+endef
+
+define Package/fff-vpn-select/install
+       $(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,fff-vpn-select))

src/packages/fff/fff-vpn-select/files/etc/hotplug.d/iface/50-vpn-select

@@ -0,0 +1,6 @@
+#!/bin/sh 
+[ "$ACTION" = "ifup" -a "$INTERFACE" = "wan" ] && {
+       sleep 3
+       /usr/sbin/vpn-select
+}
+

src/packages/fff/fff-vpn-select/files/usr/lib/micron.d/vpn-select

@@ -0,0 +1 @@
+*/5 * * * * sleep $(/usr/bin/random 0 29); sh /usr/sbin/vpn-select

src/packages/fff/fff-vpn-select/files/usr/sbin/vpn-select

@@ -0,0 +1,80 @@
+#!/bin/sh
+
+test -f /tmp/started || exit
+
+make_config() {
+# remove old config
+>/etc/config/tunneldigger
+rm /tmp/fastd_${project}_peers/*
+count=0
+# get fastd peers
+pubkey=$(echo "secret \"$(uci get fastd.fff.secret)\";" | fastd -c - --show-key --machine-readable)
+wget -T15 "http://keyserver.freifunk-franken.de/${project}/geo.php?mac=$mac&name=$hostname&port=$port&key=$pubkey&lat=$lat&long=$long" -O /tmp/fastd_${project}_output
+filecounts=$(awk '/^####/ { gsub(/^####/, "", $0); gsub(/.conf/, "", $0); print $0; }' /tmp/fastd_${project}_output)
+for file in $filecounts; do
+    awk "{ if(a) print }; /^####$file.conf$/{a=1}; /^$/{a=0};" /tmp/fastd_${project}_output | sed 's/ float;/;/g' > /etc/fastd/$project/peers/$file
+    echo 'float yes;' >> /etc/fastd/$project/peers/$file
+
+    # ask for Broker and select the tunnel
+    IP=$(awk -F\" '/remote/ {print $2}' /etc/fastd/${project}/peers/$file)
+    if [ "l2tp" = "$(wget -T10 $IP/vpn.txt -O - 2>/dev/null)" ]; then
+        # Gateway offers l2tp
+        FDPORT=$(awk '/remote/{gsub(";", ""); print $5}' /etc/fastd/${project}/peers/$file)
+        L2PORT=$((FDPORT + 10000))
+        UUID=_$hostname
+
+        uci set tunneldigger.$count=broker
+        uci set tunneldigger.$count.address="$IP:$L2PORT"
+        uci set tunneldigger.$count.uuid="$UUID"
+        uci set tunneldigger.$count.interface="l2tp$count"
+        uci set tunneldigger.$count.enabled="1"
+        uci set tunneldigger.$count.hook_script='/etc/tunneldigger/tunneldigger.hook'
+        uci commit tunneldigger
+        count=$((count + 1))
+        # remove this fastd-peer
+        rm /etc/fastd/${project}/peers/$file
+    fi
+done
+}
+
+# main
+test_ipv4_host1="keyserver.freifunk-franken.de" # Freifunk-Franken keyserver
+test_ipv4_host2="8.8.8.8"        # Google DNS
+test_ipv6_host1="heise.de"       # heise Zeitschriftenverlag
+
+# Only do something when the router has internet connection
+if ping -w5 -c3 "$test_ipv4_host1" &>/dev/null ||
+   ping -w5 -c3 "$test_ipv4_host2" &>/dev/null ||
+   ping6 -w5 -c3 "$test_ipv6_host1" &>/dev/null; then
+
+    # set some vars
+    . /etc/community.cfg
+    project="$VPN_PROJECT"
+    mac=$(awk '{ mac=toupper($1); gsub(":", "", mac); print mac }' /sys/class/net/br-mesh/address 2>/dev/null)
+    lat=$(uci get system.@system[0].latitude)
+    long=$(uci get system.@system[0].longitude)
+    hostname=$(cat /proc/sys/kernel/hostname)
+    [ "$hostname" = "OpenWrt" ] && hostname=""
+    [ "$hostname" = "" ] &&  hostname="$mac"
+
+    if [ ! -d /tmp/fastd_${project}_peers ]; then
+        # first run after reboot
+        mkdir /tmp/fastd_${project}_peers
+        # do we have a fastd secret
+        if ! egrep "option secret '[0-9a-f]{64}'" /etc/config/fastd &>dev/null; then
+            secret=$(fastd --generate-key 2>&1 |  awk '/[Ss]ecret/ { print $2 }')
+            uci set fastd.${project}.secret="$secret"
+            uci commit fastd
+        fi
+        make_config
+        /etc/init.d/fastd start
+        /etc/init.d/tunneldigger start
+    else
+        # check if new tunneldigger conf is different
+        sumold=$(sha256sum /etc/config/tunneldigger)
+        make_config
+        sumnew=$(sha256sum /etc/config/tunneldigger)
+        [ "$sumnew" != "$sumold" ] && /etc/init.d/tunneldigger restart
+        /etc/init.d/fastd reload
+    fi
+fi