From 448cab6d8f073558a3f4c3a85652d3fcbf03c100 Mon Sep 17 00:00:00 2001
From: Andrew Cady <d@cryptonomic.net>
Date: Mon, 4 Oct 2021 18:57:00 -0400
Subject: clean up keycopy.sh somewhat (and rename it)

---
 connect-vpn.sh | 153 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 keycopy.sh     | 115 -------------------------------------------
 2 files changed, 153 insertions(+), 115 deletions(-)
 create mode 100755 connect-vpn.sh
 delete mode 100644 keycopy.sh

diff --git a/connect-vpn.sh b/connect-vpn.sh
new file mode 100755
index 0000000..f4f302c
--- /dev/null
+++ b/connect-vpn.sh
@@ -0,0 +1,153 @@
+#!/bin/sh
+ROUTER_IP=68.48.18.140
+ROUTER_NAME=andy
+
+CLIENT_KEY_BASENAME=ssh_host_rsa_key
+CLIENT_KEY_DIRNAME=/etc/ssh
+CLIENT_KEY=${CLIENT_KEY_DIRNAME}/${CLIENT_KEY_BASENAME}
+
+ssh2der()
+{
+	ssh-keygen -e -f "$1" -m PEM | openssl rsa -RSAPublicKey_in -outform DER
+}
+
+match_and_drop_first_word()
+{
+	expect=$1
+       	while read word rest
+       	do
+		if [ "$word" = "$expect" ]
+		then
+			printf '%s\n' "$rest"
+			return
+		fi
+       	done
+	false
+}
+
+keyscan()
+{
+	if [ -e keyscan.cache ]
+	then
+		cat keyscan.cache
+	else
+		ssh-keyscan -t rsa "$1"
+	fi
+}
+
+write_successfully()
+{
+    local f=$(mktemp) || return
+    local out="$1"
+    [ "$2" = -- ] || return
+    shift 2
+    if "$@" > "$f"
+    then
+        if [ "$NO_ACT" ]
+        then
+            echo "mv $f $out" >&2
+        else
+            mv "$f" "$out"
+        fi
+    else
+        rm -f "$f"
+        return 1
+    fi
+}
+
+keycopy()
+{
+    private_key_tmp="$(mktemp)" || return
+    cp "$CLIENT_KEY" "$private_key_tmp"
+    ssh-keygen -N '' -P '' -p -m PEM -f "$private_key_tmp"
+    trap 'rm -f "$private_key_tmp"' EXIT
+
+    write_successfully /etc/swanctl/private/"$CLIENT_KEY_BASENAME"    -- openssl rsa -in "$private_key_tmp" -outform DER
+    write_successfully /etc/swanctl/pubkey/"$CLIENT_KEY_BASENAME".pub -- openssl rsa -in "$private_key_tmp" -outform DER -pubout
+
+    trap - EXIT
+    rm -f "$private_key_tmp"
+
+	  t=$(mktemp)
+	  keyscan "$ROUTER_IP" | match_and_drop_first_word "$ROUTER_IP" > "$t"
+    write_successfully /etc/swanctl/pubkey/"$ROUTER_NAME".pub -- ssh2der "$t"
+	  rm -f "$t"
+}
+
+nocomments()
+{
+	  sed 's/#.*//; /^ *$/d'
+}
+
+
+config()
+{
+    local conn="$1" remote_addrs="$2" id="$3"
+    local remote_ts=0::0/0 vips=::
+    local public_key_file="${CLIENT_KEY_BASENAME}.pub" private_key_file="${CLIENT_KEY_BASENAME}"
+    sed -e 's/^        //' <<END
+        connections {
+            ${conn} {
+                remote_addrs = ${remote_addrs}
+                vips = ${vips}
+                local {
+                    pubkeys = ${public_key_file}
+                    id = ${id}
+                }
+                remote {
+                    id = "${remote_addrs}"
+                    pubkeys = ${conn}.pub
+                }
+                children {
+                    child {
+                        remote_ts = ${remote_ts}
+                        dpd_action = restart
+                    }
+                }
+            }
+        }
+        secrets {
+            private {
+                file = ${private_key_file}
+            }
+        }
+END
+}
+
+get_my_mac()
+{
+	  iface=$(ip -oneline route get "$1"  | sed -ne 's/.* dev \([^ ]*\) .*/\1/p')
+	  [ "$iface" ] || return
+	  my_mac=$(ip -oneline -6 addr  show dev "$iface" | sed -ne 's/.* inet6 fe80::\([^/]*\)\/.*/\1/p')
+	  [ "$my_mac" ]
+}
+
+NO_ACT()
+{
+    [ "$NO_ACT" ] || "$@"
+}
+
+write_config()
+{
+    get_my_mac "$ROUTER_IP" || return
+    write_successfully /etc/swanctl/conf.d/"$ROUTER_NAME".conf -- config "$ROUTER_NAME" "$ROUTER_IP" "$my_mac"
+}
+
+test_new_config()
+{
+    NO_ACT ipsec stop
+
+	  write_config
+
+	  NO_ACT ipsec start
+	  NO_ACT sleep 2
+	  NO_ACT swanctl -c
+	  NO_ACT ipsec listpubkeys
+	  NO_ACT ipsec up ${ROUTER_NAME}
+}
+
+NO_ACT=y
+set -e
+keycopy
+test_new_config
+
diff --git a/keycopy.sh b/keycopy.sh
deleted file mode 100644
index 68c97fd..0000000
--- a/keycopy.sh
+++ /dev/null
@@ -1,115 +0,0 @@
-#!/bin/sh
-yourip=68.48.18.140
-h=$yourip
-n=andy
-
-key_basename=ssh_host_rsa_key
-input_key=/etc/ssh/$key_basename
-
-ssh2der()
-{
-	ssh-keygen -e -f "$1" -m PEM | openssl rsa -RSAPublicKey_in -outform DER
-}
-
-match_and_drop_first_word()
-{
-	expect=$1
-       	while read word rest
-       	do
-		if [ "$word" = "$expect" ]
-		then
-			printf '%s\n' "$rest"
-			return
-		fi
-       	done
-	false
-}
-
-keyscan()
-{
-	if [ -e keyscan.cache ]
-	then
-		cat keyscan.cache
-	else
-		ssh-keyscan -t rsa "$1"
-	fi
-}
-
-keycopy()
-{
-	openssl rsa -in "$input_key"         -outform DER > /etc/swanctl/private/"$key_basename"
-	openssl rsa -in "$input_key" -pubout -outform DER > /etc/swanctl/pubkey/"$key_basename".pub
-
-	t=$(mktemp)
-
-	keyscan "$yourip" | match_and_drop_first_word "$yourip" > "$t"
-	ssh2der "$t" > /etc/swanctl/pubkey/"$n".pub
-	rm -f "$t"
-}
-
-nocomments()
-{
-	sed 's/#.*//; /^ *$/d'
-}
-
-
-write_config()
-{
-	conn=$1
-	remote_addrs=$2
-	id=$3
-	cat > /etc/swanctl/conf.d/"$conn".conf <<END
-connections {
-    ${conn} {
-        remote_addrs = ${remote_addrs}
-        vips = ::
-        local {
-            pubkeys = ssh_host_rsa_key.pub
-            id = ${id}
-        }
-        remote {
-            id = "${remote_addrs}"
-            pubkeys = ${conn}.pub
-        }
-        children {
-            child {
-                remote_ts = 0::0/0
-                dpd_action = restart
-            }
-        }
-    }
-}
-secrets {
-    private1 {
-        file = ssh_host_rsa_key
-    }
-}
-END
-}
-
-generate_config()
-{
-	iface=$(ip -oneline route get "$yourip"  | sed -ne 's/.* dev \([^ ]*\) .*/\1/p')
-	[ "$iface" ] || return
-	mymac=$(ip -oneline -6 addr  show dev "$iface" | sed -ne 's/.* inet6 fe80::\([^/]*\)\/.*/\1/p')
-	[ "$mymac" ] || return
-	write_config andy "$yourip" "$mymac"
-}
-
-test_new_config()
-{
-	ipsec stop
-
-	generate_config
-
-	ipsec start
-	sleep 2
-	swanctl -c
-	ipsec listpubkeys
-	ipsec up andy
-}
-
-set -e
-keycopy
-test_new_config
-
-- 
cgit v1.2.3