blob: 9f2f4351e549cf2bf3b1092b5713d740259585a8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
#!/bin/sh
h=marble.tj5tzswz7isfavggdjsiwxdjswrg6tadlzuf3j3q.ed25519.cryptonomic.net
n=andy
key_basename=ssh_host_rsa_key
input_key=/etc/ssh/$key_basename
keycopy()
{
openssl rsa -in "$input_key" -outform DER > /etc/swanctl/private/"$key_basename"
openssl rsa -in "$input_key" -pubout -outform DER > /etc/swanctl/pubkey/"$key_basename".pub
t=$(mktemp)
ssh-keyscan -trsa "$h" | while read hh rest; do [ "$h" = "$hh" ] && printf '%s\n' "$rest"; done
ssh-keygen -e -f rsa.scan.edit -m PEM | openssl rsa -RSAPublicKey_in -outform DER > /etc/swanctl/pubkey/"$n".pub
ls -l /etc/swanctl/private/"$key_basename" /etc/swanctl/pubkey/"$key_basename".pub /etc/swanctl/pubkey/"$n".pub
}
nocomments()
{
sed 's/#.*//; /^ *$/d'
}
write_config()
{
conn=$1
remote_addrs=$2
id=$3
cat > /etc/swanctl/conf.d/"$conn".conf <<END
connections {
${conn} {
remote_addrs = ${remote_addrs}
vips = ::
local {
pubkeys = ssh_host_rsa_key.pub
auth = pubkey
id = ${id}
}
remote {
id = "${remote_addrs}"
pubkeys = ${conn}.pub
auth = pubkey
}
children {
child {
remote_ts = 0::0/0
mode = tunnel
dpd_action = restart
}
}
}
}
secrets {
private1 {
file = ssh_host_rsa_key
}
}
END
}
test_new_config()
{
ipsec stop
yourip=68.48.18.140
iface=$(ip -oneline route get "$yourip" | sed -ne 's/.* dev \([^ ]*\) .*/\1/p')
[ "$iface" ] || return
mymac=$(ip -oneline -6 addr show dev "$iface" | sed -ne 's/.* inet6 fe80::\([^/]*\)\/.*/\1/p')
[ "$mymac" ] || return
write_config andy "$yourip" "$mymac"
ipsec start
sleep 2
swanctl -c
ipsec listpubkeys
ipsec up andy
}
test_new_config
|