blob: f9ebbb959ca088b74ad9418081585810dbbb34d2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
#!/bin/sh
h=marble.tj5tzswz7isfavggdjsiwxdjswrg6tadlzuf3j3q.ed25519.cryptonomic.net
n=andy
key_basename=ssh_host_rsa_key
input_key=/etc/ssh/$key_basename
keycopy()
{
openssl rsa -in "$input_key" -outform DER > /etc/swanctl/private/"$key_basename"
openssl rsa -in "$input_key" -pubout -outform DER > /etc/swanctl/pubkey/"$key_basename".pub
t=$(mktemp)
ssh-keyscan -trsa "$h" | while read hh rest; do [ "$h" = "$hh" ] && printf '%s\n' "$rest"; done
ssh-keygen -e -f rsa.scan.edit -m PEM | openssl rsa -RSAPublicKey_in -outform DER > /etc/swanctl/pubkey/"$n".pub
ls -l /etc/swanctl/private/"$key_basename" /etc/swanctl/pubkey/"$key_basename".pub /etc/swanctl/pubkey/"$n".pub
}
nocomments()
{
sed 's/#.*//; /^ *$/d'
}
test_old_config()
{
ipsec stop
rm -f /etc/swanctl/conf.d/andy.conf
cp ipsec.conf /etc/
nocomments < ipsec.conf
ipsec start
sleep 2
ipsec listpubkeys
ipsec up andy
ipsec stop
}
test_new_config()
{
ipsec stop
cp -T ipsec.conf.empty /etc/ipsec.conf
cp andy.conf /etc/swanctl/conf.d/
nocomments < andy.conf
ipsec start
sleep 2
swanctl -c
ipsec listpubkeys
ipsec up andy
ipsec stop
}
test_old_config
test_new_config
|
