diff options
author | Andrew Cady <d@jerkface.net> | 2021-10-10 04:17:25 -0400 |
---|---|---|
committer | Andrew Cady <d@jerkface.net> | 2021-10-10 04:17:25 -0400 |
commit | 4eefb9b31fdc485ab4b144ad41aa53ce96cc7432 (patch) | |
tree | 7bd290c1bebe2f3259314cc3a479b108448bd31a | |
parent | 7bb61d2fe0cf56dd1230ea60cf8141e0ae363ee3 (diff) |
renames for clarity
-rwxr-xr-x | cryptonomic-vpn | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/cryptonomic-vpn b/cryptonomic-vpn index 78c2110..855793b 100755 --- a/cryptonomic-vpn +++ b/cryptonomic-vpn | |||
@@ -130,7 +130,7 @@ validate_local_key() | |||
130 | esac | 130 | esac |
131 | [ -f "$LOCAL_KEY" -a -r "$LOCAL_KEY" ] || die "could not read local key (filename=$LOCAL_KEY)" | 131 | [ -f "$LOCAL_KEY" -a -r "$LOCAL_KEY" ] || die "could not read local key (filename=$LOCAL_KEY)" |
132 | 132 | ||
133 | LOCAL_KEY_DEST_BASENAME=$(sshfp_filename_string "$LOCAL_KEY") || die "parsing local key (filename=$LOCAL_KEY)" | 133 | LOCAL_KEY_DEST_BASENAME=$(sshfp_rsa_filename_string "$LOCAL_KEY") || die "parsing local key (filename=$LOCAL_KEY)" |
134 | LOCAL_PRIVATE_KEY_DEST=/etc/swanctl/private/$LOCAL_KEY_DEST_BASENAME | 134 | LOCAL_PRIVATE_KEY_DEST=/etc/swanctl/private/$LOCAL_KEY_DEST_BASENAME |
135 | LOCAL_PUBLIC_KEY_DEST=/etc/swanctl/pubkey/$LOCAL_KEY_DEST_BASENAME.pub | 135 | LOCAL_PUBLIC_KEY_DEST=/etc/swanctl/pubkey/$LOCAL_KEY_DEST_BASENAME.pub |
136 | } | 136 | } |
@@ -247,7 +247,7 @@ write_remote_key() | |||
247 | esac | 247 | esac |
248 | } | 248 | } |
249 | 249 | ||
250 | sshfp_filename_string() | 250 | sshfp_rsa_filename_string() |
251 | { | 251 | { |
252 | local keytype=1 hashtype=2 | 252 | local keytype=1 hashtype=2 |
253 | ssh-keygen -r. -f "$1" | sed -ne "/^. IN SSHFP $keytype $hashtype / { s/. IN //; y/ /_/; p; q; }" | 253 | ssh-keygen -r. -f "$1" | sed -ne "/^. IN SSHFP $keytype $hashtype / { s/. IN //; y/ /_/; p; q; }" |
@@ -332,8 +332,8 @@ install_remote_public_key() | |||
332 | keyscan "$REMOTE_IP" | match_and_drop_first_word "$REMOTE_IP" > "$t" | 332 | keyscan "$REMOTE_IP" | match_and_drop_first_word "$REMOTE_IP" > "$t" |
333 | validate_public_key_name "$t" "$REMOTE_NAME" || die 'cannot authenticate remote public key' | 333 | validate_public_key_name "$t" "$REMOTE_NAME" || die 'cannot authenticate remote public key' |
334 | 334 | ||
335 | REMOTE_PUBLIC_KEY_DEST=/etc/swanctl/pubkey/$(sshfp_filename_string "$t").pub | ||
336 | 335 | ||
336 | REMOTE_PUBLIC_KEY_DEST=/etc/swanctl/pubkey/$(sshfp_rsa_filename_string "$t").pub | ||
337 | write_successfully "$REMOTE_PUBLIC_KEY_DEST" -- write_remote_key "$t" | 337 | write_successfully "$REMOTE_PUBLIC_KEY_DEST" -- write_remote_key "$t" |
338 | trap - EXIT | 338 | trap - EXIT |
339 | rm -f "$t" | 339 | rm -f "$t" |
@@ -347,9 +347,9 @@ nocomments() | |||
347 | strongswan_config() | 347 | strongswan_config() |
348 | { | 348 | { |
349 | local conn="$1" remote_addrs="$2" local_key="$3" | 349 | local conn="$1" remote_addrs="$2" local_key="$3" |
350 | local public_key_file="$4" private_key_file="$5" | 350 | local public_key_file="$4" private_key_file="$5" remote_public_key_file="$6" |
351 | local remote_ts=0::0/0 vips=:: | 351 | local remote_ts=0::0/0 vips=:: |
352 | id=$(key_to_ip_suffix "$local_key") || return | 352 | id=$(rsa_key_to_ip_suffix "$local_key") || return |
353 | sed -e 's/^ //' <<END | 353 | sed -e 's/^ //' <<END |
354 | connections { | 354 | connections { |
355 | ${conn} { | 355 | ${conn} { |
@@ -361,7 +361,7 @@ strongswan_config() | |||
361 | } | 361 | } |
362 | remote { | 362 | remote { |
363 | id = "${remote_addrs}" | 363 | id = "${remote_addrs}" |
364 | pubkeys = ${REMOTE_PUBLIC_KEY_DEST} | 364 | pubkeys = ${remote_public_key_file} |
365 | } | 365 | } |
366 | children { | 366 | children { |
367 | child { | 367 | child { |
@@ -379,7 +379,7 @@ strongswan_config() | |||
379 | END | 379 | END |
380 | } | 380 | } |
381 | 381 | ||
382 | key_to_ip_suffix() | 382 | rsa_key_to_ip_suffix() |
383 | { | 383 | { |
384 | local keytype=1 hashtype=2 | 384 | local keytype=1 hashtype=2 |
385 | ssh-keygen -r . -f "$1" | sed -E -ne 's/^. IN SSHFP '"$keytype $hashtype"' .{48}(.{4})(.{4})(.{4})(.{4})$/\1:\2:\3:\4/p' | 385 | ssh-keygen -r . -f "$1" | sed -E -ne 's/^. IN SSHFP '"$keytype $hashtype"' .{48}(.{4})(.{4})(.{4})(.{4})$/\1:\2:\3:\4/p' |
@@ -398,7 +398,8 @@ install_stronswan_config() | |||
398 | "$REMOTE_IP" \ | 398 | "$REMOTE_IP" \ |
399 | "$LOCAL_KEY" \ | 399 | "$LOCAL_KEY" \ |
400 | "$LOCAL_PUBLIC_KEY_DEST" \ | 400 | "$LOCAL_PUBLIC_KEY_DEST" \ |
401 | "$LOCAL_PRIVATE_KEY_DEST" | 401 | "$LOCAL_PRIVATE_KEY_DEST" \ |
402 | "$REMOTE_PUBLIC_KEY_DEST" | ||
402 | } | 403 | } |
403 | 404 | ||
404 | test_new_config() | 405 | test_new_config() |