From dfdc54af819c6ce9b4e150c30913967365bc7f32 Mon Sep 17 00:00:00 2001
From: root <root@samizdat>
Date: Wed, 29 Sep 2021 12:24:32 -0400
Subject: working static config into template

---
 ...outgoing-tcp-connections-through-ipv6-tunnel.sh |  2 +-
 keycopy.sh                                         | 49 +++++++++++++++++++++-
 2 files changed, 48 insertions(+), 3 deletions(-)

diff --git a/disable-outgoing-tcp-connections-through-ipv6-tunnel.sh b/disable-outgoing-tcp-connections-through-ipv6-tunnel.sh
index 51123d6..842cc0f 100755
--- a/disable-outgoing-tcp-connections-through-ipv6-tunnel.sh
+++ b/disable-outgoing-tcp-connections-through-ipv6-tunnel.sh
@@ -21,6 +21,6 @@ mark=22
 ip6tables_add OUTPUT -t mangle -p tcp --syn -m state --state NEW                 -j MARK --set-mark $mark
 ip6tables_add OUTPUT -t mangle -p tcp --syn -m state --state NEW                 -j CONNMARK --save-mark
 ip6tables_add OUTPUT -t mangle -p tcp       -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
-ip6rule_add fwmark $mark unreachable
+ip6rule_add fwmark $mark prohibit
 ip6rule_add fwmark $mark table main
 exit $?
diff --git a/keycopy.sh b/keycopy.sh
index f7779b4..9f2f435 100644
--- a/keycopy.sh
+++ b/keycopy.sh
@@ -23,11 +23,56 @@ nocomments()
 	sed 's/#.*//; /^ *$/d'
 }
 
+
+write_config()
+{
+	conn=$1
+	remote_addrs=$2
+	id=$3
+	cat > /etc/swanctl/conf.d/"$conn".conf <<END
+connections {
+    ${conn} {
+        remote_addrs = ${remote_addrs}
+        vips = ::
+        local {
+            pubkeys = ssh_host_rsa_key.pub
+            auth = pubkey
+            id = ${id}
+        }
+        remote {
+            id = "${remote_addrs}"
+            pubkeys = ${conn}.pub
+            auth = pubkey
+        }
+        children {
+            child {
+                remote_ts = 0::0/0
+                mode = tunnel
+                dpd_action = restart
+            }
+        }
+    }
+}
+secrets {
+    private1 {
+        file = ssh_host_rsa_key
+    }
+}
+END
+}
+
 test_new_config()
 {
 	ipsec stop
-	cp andy.conf /etc/swanctl/conf.d/
-	nocomments < andy.conf
+
+	yourip=68.48.18.140
+	iface=$(ip -oneline route get "$yourip"  | sed -ne 's/.* dev \([^ ]*\) .*/\1/p')
+	[ "$iface" ] || return
+	mymac=$(ip -oneline -6 addr  show dev "$iface" | sed -ne 's/.* inet6 fe80::\([^/]*\)\/.*/\1/p')
+	[ "$mymac" ] || return
+
+	write_config andy "$yourip" "$mymac"
+
 	ipsec start
 	sleep 2
 	swanctl -c
-- 
cgit v1.2.3