blob: 68c97fd8ba42836851917d181b4e0c81311bcb5f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
#!/bin/sh
yourip=68.48.18.140
h=$yourip
n=andy
key_basename=ssh_host_rsa_key
input_key=/etc/ssh/$key_basename
ssh2der()
{
ssh-keygen -e -f "$1" -m PEM | openssl rsa -RSAPublicKey_in -outform DER
}
match_and_drop_first_word()
{
expect=$1
while read word rest
do
if [ "$word" = "$expect" ]
then
printf '%s\n' "$rest"
return
fi
done
false
}
keyscan()
{
if [ -e keyscan.cache ]
then
cat keyscan.cache
else
ssh-keyscan -t rsa "$1"
fi
}
keycopy()
{
openssl rsa -in "$input_key" -outform DER > /etc/swanctl/private/"$key_basename"
openssl rsa -in "$input_key" -pubout -outform DER > /etc/swanctl/pubkey/"$key_basename".pub
t=$(mktemp)
keyscan "$yourip" | match_and_drop_first_word "$yourip" > "$t"
ssh2der "$t" > /etc/swanctl/pubkey/"$n".pub
rm -f "$t"
}
nocomments()
{
sed 's/#.*//; /^ *$/d'
}
write_config()
{
conn=$1
remote_addrs=$2
id=$3
cat > /etc/swanctl/conf.d/"$conn".conf <<END
connections {
${conn} {
remote_addrs = ${remote_addrs}
vips = ::
local {
pubkeys = ssh_host_rsa_key.pub
id = ${id}
}
remote {
id = "${remote_addrs}"
pubkeys = ${conn}.pub
}
children {
child {
remote_ts = 0::0/0
dpd_action = restart
}
}
}
}
secrets {
private1 {
file = ssh_host_rsa_key
}
}
END
}
generate_config()
{
iface=$(ip -oneline route get "$yourip" | sed -ne 's/.* dev \([^ ]*\) .*/\1/p')
[ "$iface" ] || return
mymac=$(ip -oneline -6 addr show dev "$iface" | sed -ne 's/.* inet6 fe80::\([^/]*\)\/.*/\1/p')
[ "$mymac" ] || return
write_config andy "$yourip" "$mymac"
}
test_new_config()
{
ipsec stop
generate_config
ipsec start
sleep 2
swanctl -c
ipsec listpubkeys
ipsec up andy
}
set -e
keycopy
test_new_config
|
