1 files changed, 153 insertions, 0 deletions
diff --git a/connect-vpn.sh b/connect-vpn.sh
new file mode 100755
index 0000000..f4f302c
--- /dev/null
+++ b/connect-vpn.sh
@@ -0,0 +1,153 @@
+#!/bin/sh
+ROUTER_IP=68.48.18.140
+ROUTER_NAME=andy
+CLIENT_KEY_BASENAME=ssh_host_rsa_key
+CLIENT_KEY_DIRNAME=/etc/ssh
+CLIENT_KEY=${CLIENT_KEY_DIRNAME}/${CLIENT_KEY_BASENAME}
+ssh2der()
+{
+        ssh-keygen -e -f "$1" -m PEM | openssl rsa -RSAPublicKey_in -outform DER
+}
+match_and_drop_first_word()
+{
+        expect=$1
+        while read word rest
+        do
+                if [ "$word" = "$expect" ]
+                then
+                        printf '%s\n' "$rest"
+                        return
+                fi
+        done
+        false
+}
+keyscan()
+{
+        if [ -e keyscan.cache ]
+        then
+                cat keyscan.cache
+        else
+                ssh-keyscan -t rsa "$1"
+        fi
+}
+write_successfully()
+{
+    local f=$(mktemp) || return
+    local out="$1"
+    [ "$2" = -- ] || return
+    shift 2
+    if "$@" > "$f"
+    then
+        if [ "$NO_ACT" ]
+        then
+            echo "mv $f $out" >&2
+        else
+            mv "$f" "$out"
+        fi
+    else
+        rm -f "$f"
+        return 1
+    fi
+}
+keycopy()
+{
+    private_key_tmp="$(mktemp)" || return
+    cp "$CLIENT_KEY" "$private_key_tmp"
+    ssh-keygen -N '' -P '' -p -m PEM -f "$private_key_tmp"
+    trap 'rm -f "$private_key_tmp"' EXIT
+    write_successfully /etc/swanctl/private/"$CLIENT_KEY_BASENAME"    -- openssl rsa -in "$private_key_tmp" -outform DER
+    write_successfully /etc/swanctl/pubkey/"$CLIENT_KEY_BASENAME".pub -- openssl rsa -in "$private_key_tmp" -outform DER -pubout
+    trap - EXIT
+    rm -f "$private_key_tmp"
+          t=$(mktemp)
+          keyscan "$ROUTER_IP" | match_and_drop_first_word "$ROUTER_IP" > "$t"
+    write_successfully /etc/swanctl/pubkey/"$ROUTER_NAME".pub -- ssh2der "$t"
+          rm -f "$t"
+}
+nocomments()
+{
+          sed 's/#.*//; /^ *$/d'
+}
+config()
+{
+    local conn="$1" remote_addrs="$2" id="$3"
+    local remote_ts=0::0/0 vips=::
+    local public_key_file="${CLIENT_KEY_BASENAME}.pub" private_key_file="${CLIENT_KEY_BASENAME}"
+    sed -e 's/^        //' <<END
+        connections {
+            ${conn} {
+                remote_addrs = ${remote_addrs}
+                vips = ${vips}
+                local {
+                    pubkeys = ${public_key_file}
+                    id = ${id}
+                }
+                remote {
+                    id = "${remote_addrs}"
+                    pubkeys = ${conn}.pub
+                }
+                children {
+                    child {
+                        remote_ts = ${remote_ts}
+                        dpd_action = restart
+                    }
+                }
+            }
+        }
+        secrets {
+            private {
+                file = ${private_key_file}
+            }
+        }
+END
+}
+get_my_mac()
+{
+          iface=$(ip -oneline route get "$1"  | sed -ne 's/.* dev \([^ ]*\) .*/\1/p')
+          [ "$iface" ] || return
+          my_mac=$(ip -oneline -6 addr  show dev "$iface" | sed -ne 's/.* inet6 fe80::\([^/]*\)\/.*/\1/p')
+          [ "$my_mac" ]
+}
+NO_ACT()
+{
+    [ "$NO_ACT" ] || "$@"
+}
+write_config()
+{
+    get_my_mac "$ROUTER_IP" || return
+    write_successfully /etc/swanctl/conf.d/"$ROUTER_NAME".conf -- config "$ROUTER_NAME" "$ROUTER_IP" "$my_mac"
+}
+test_new_config()
+{
+    NO_ACT ipsec stop
+          write_config
+          NO_ACT ipsec start
+          NO_ACT sleep 2
+          NO_ACT swanctl -c
+          NO_ACT ipsec listpubkeys
+          NO_ACT ipsec up ${ROUTER_NAME}
+}
+NO_ACT=y
+set -e
+keycopy
+test_new_config

diff --git a/connect-vpn.sh b/connect-vpn.sh new file mode 100755 index 0000000..f4f302c --- /dev/null +++ b/connect-vpn.sh
@@ -0,0 +1,153 @@
	1	#!/bin/sh
	2	ROUTER_IP=68.48.18.140
	3	ROUTER_NAME=andy
	4
	5	CLIENT_KEY_BASENAME=ssh_host_rsa_key
	6	CLIENT_KEY_DIRNAME=/etc/ssh
	7	CLIENT_KEY=${CLIENT_KEY_DIRNAME}/${CLIENT_KEY_BASENAME}
	8
	9	ssh2der()
	10	{
	11	ssh-keygen -e -f "$1" -m PEM \| openssl rsa -RSAPublicKey_in -outform DER
	12	}
	13
	14	match_and_drop_first_word()
	15	{
	16	expect=$1
	17	while read word rest
	18	do
	19	if [ "$word" = "$expect" ]
	20	then
	21	printf '%s\n' "$rest"
	22	return
	23	fi
	24	done
	25	false
	26	}
	27
	28	keyscan()
	29	{
	30	if [ -e keyscan.cache ]
	31	then
	32	cat keyscan.cache
	33	else
	34	ssh-keyscan -t rsa "$1"
	35	fi
	36	}
	37
	38	write_successfully()
	39	{
	40	local f=$(mktemp) \|\| return
	41	local out="$1"
	42	[ "$2" = -- ] \|\| return
	43	shift 2
	44	if "$@" > "$f"
	45	then
	46	if [ "$NO_ACT" ]
	47	then
	48	echo "mv $f $out" >&2
	49	else
	50	mv "$f" "$out"
	51	fi
	52	else
	53	rm -f "$f"
	54	return 1
	55	fi
	56	}
	57
	58	keycopy()
	59	{
	60	private_key_tmp="$(mktemp)" \|\| return
	61	cp "$CLIENT_KEY" "$private_key_tmp"
	62	ssh-keygen -N '' -P '' -p -m PEM -f "$private_key_tmp"
	63	trap 'rm -f "$private_key_tmp"' EXIT
	64
	65	write_successfully /etc/swanctl/private/"$CLIENT_KEY_BASENAME" -- openssl rsa -in "$private_key_tmp" -outform DER
	66	write_successfully /etc/swanctl/pubkey/"$CLIENT_KEY_BASENAME".pub -- openssl rsa -in "$private_key_tmp" -outform DER -pubout
	67
	68	trap - EXIT
	69	rm -f "$private_key_tmp"
	70
	71	t=$(mktemp)
	72	keyscan "$ROUTER_IP" \| match_and_drop_first_word "$ROUTER_IP" > "$t"
	73	write_successfully /etc/swanctl/pubkey/"$ROUTER_NAME".pub -- ssh2der "$t"
	74	rm -f "$t"
	75	}
	76
	77	nocomments()
	78	{
	79	sed 's/#.//; /^ $/d'
	80	}
	81
	82
	83	config()
	84	{
	85	local conn="$1" remote_addrs="$2" id="$3"
	86	local remote_ts=0::0/0 vips=::
	87	local public_key_file="${CLIENT_KEY_BASENAME}.pub" private_key_file="${CLIENT_KEY_BASENAME}"
	88	sed -e 's/^ //' <<END
	89	connections {
	90	${conn} {
	91	remote_addrs = ${remote_addrs}
	92	vips = ${vips}
	93	local {
	94	pubkeys = ${public_key_file}
	95	id = ${id}
	96	}
	97	remote {
	98	id = "${remote_addrs}"
	99	pubkeys = ${conn}.pub
	100	}
	101	children {
	102	child {
	103	remote_ts = ${remote_ts}
	104	dpd_action = restart
	105	}
	106	}
	107	}
	108	}
	109	secrets {
	110	private {
	111	file = ${private_key_file}
	112	}
	113	}
	114	END
	115	}
	116
	117	get_my_mac()
	118	{
	119	iface=$(ip -oneline route get "$1" \| sed -ne 's/.* dev \([^ ]\) ./\1/p')
	120	[ "$iface" ] \|\| return
	121	my_mac=$(ip -oneline -6 addr show dev "$iface" \| sed -ne 's/.* inet6 fe80::\([^/]\)\/./\1/p')
	122	[ "$my_mac" ]
	123	}
	124
	125	NO_ACT()
	126	{
	127	[ "$NO_ACT" ] \|\| "$@"
	128	}
	129
	130	write_config()
	131	{
	132	get_my_mac "$ROUTER_IP" \|\| return
	133	write_successfully /etc/swanctl/conf.d/"$ROUTER_NAME".conf -- config "$ROUTER_NAME" "$ROUTER_IP" "$my_mac"
	134	}
	135
	136	test_new_config()
	137	{
	138	NO_ACT ipsec stop
	139
	140	write_config
	141
	142	NO_ACT ipsec start
	143	NO_ACT sleep 2
	144	NO_ACT swanctl -c
	145	NO_ACT ipsec listpubkeys
	146	NO_ACT ipsec up ${ROUTER_NAME}
	147	}
	148
	149	NO_ACT=y
	150	set -e
	151	keycopy
	152	test_new_config
	153