summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorroot <root@samizdat>2021-09-29 12:24:32 -0400
committerroot <root@samizdat>2021-09-29 12:24:32 -0400
commitdfdc54af819c6ce9b4e150c30913967365bc7f32 (patch)
tree3e3fae22eaa3c3ccaabd7d09e2a3ef6360be60ef
parent1943a248f84a1ea05ac79a29d52ab4f2e975e3d5 (diff)
working static config into template
-rwxr-xr-xdisable-outgoing-tcp-connections-through-ipv6-tunnel.sh2
-rw-r--r--keycopy.sh49
2 files changed, 48 insertions, 3 deletions
diff --git a/disable-outgoing-tcp-connections-through-ipv6-tunnel.sh b/disable-outgoing-tcp-connections-through-ipv6-tunnel.sh
index 51123d6..842cc0f 100755
--- a/disable-outgoing-tcp-connections-through-ipv6-tunnel.sh
+++ b/disable-outgoing-tcp-connections-through-ipv6-tunnel.sh
@@ -21,6 +21,6 @@ mark=22
21ip6tables_add OUTPUT -t mangle -p tcp --syn -m state --state NEW -j MARK --set-mark $mark 21ip6tables_add OUTPUT -t mangle -p tcp --syn -m state --state NEW -j MARK --set-mark $mark
22ip6tables_add OUTPUT -t mangle -p tcp --syn -m state --state NEW -j CONNMARK --save-mark 22ip6tables_add OUTPUT -t mangle -p tcp --syn -m state --state NEW -j CONNMARK --save-mark
23ip6tables_add OUTPUT -t mangle -p tcp -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark 23ip6tables_add OUTPUT -t mangle -p tcp -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
24ip6rule_add fwmark $mark unreachable 24ip6rule_add fwmark $mark prohibit
25ip6rule_add fwmark $mark table main 25ip6rule_add fwmark $mark table main
26exit $? 26exit $?
diff --git a/keycopy.sh b/keycopy.sh
index f7779b4..9f2f435 100644
--- a/keycopy.sh
+++ b/keycopy.sh
@@ -23,11 +23,56 @@ nocomments()
23 sed 's/#.*//; /^ *$/d' 23 sed 's/#.*//; /^ *$/d'
24} 24}
25 25
26
27write_config()
28{
29 conn=$1
30 remote_addrs=$2
31 id=$3
32 cat > /etc/swanctl/conf.d/"$conn".conf <<END
33connections {
34 ${conn} {
35 remote_addrs = ${remote_addrs}
36 vips = ::
37 local {
38 pubkeys = ssh_host_rsa_key.pub
39 auth = pubkey
40 id = ${id}
41 }
42 remote {
43 id = "${remote_addrs}"
44 pubkeys = ${conn}.pub
45 auth = pubkey
46 }
47 children {
48 child {
49 remote_ts = 0::0/0
50 mode = tunnel
51 dpd_action = restart
52 }
53 }
54 }
55}
56secrets {
57 private1 {
58 file = ssh_host_rsa_key
59 }
60}
61END
62}
63
26test_new_config() 64test_new_config()
27{ 65{
28 ipsec stop 66 ipsec stop
29 cp andy.conf /etc/swanctl/conf.d/ 67
30 nocomments < andy.conf 68 yourip=68.48.18.140
69 iface=$(ip -oneline route get "$yourip" | sed -ne 's/.* dev \([^ ]*\) .*/\1/p')
70 [ "$iface" ] || return
71 mymac=$(ip -oneline -6 addr show dev "$iface" | sed -ne 's/.* inet6 fe80::\([^/]*\)\/.*/\1/p')
72 [ "$mymac" ] || return
73
74 write_config andy "$yourip" "$mymac"
75
31 ipsec start 76 ipsec start
32 sleep 2 77 sleep 2
33 swanctl -c 78 swanctl -c