--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2013 IPFire Network Development Team #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+function he_tunnelbroker_endpoint_update() {
+ local username
+ local password
+ local tunnel_id
+
+ while [ $# -gt 0 ]; do
+ case "${1}" in
+ --username=*)
+ username="$(cli_get_val ${1})"
+ ;;
+ --password=*)
+ password="$(cli_get_val ${1})"
+ ;;
+ --tunnel-id=*)
+ tunnel_id="$(cli_get_val ${1})"
+ ;;
+ esac
+ shift
+ done
+
+ assert isset username
+ assert isset password
+ assert isset tunnel_id
+
+ # Send HTTP request.
+ local response=$(http_GET --username="${username}" --password="${password}" \
+ "https://ipv4.tunnelbroker.net/ipv4_end.php" "tid=${tunnel_id}")
+
+ log DEBUG "Server response: ${response}"
+
+ case "${response}" in
+ "-ERROR: This tunnel is already associated with this IP address.*")
+ # This is not really an error, because the right IP address is
+ # already configured.
+ ;;
+ "-ERROR:*")
+ log ERROR "Tunnel endpoint address update not successful for tunnel ${tunnel_id}"
+ return ${EXIT_ERROR}
+ ;;
+ esac
+
+ log INFO "Tunnel endpoint address has been updated for tunnel ${tunnel_id}"
+ return ${EXIT_OK}
+}
--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2013 IPFire Network Development Team #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+function http_format_args() {
+ local args="$@"
+
+ list_join args "&"
+}
+
+function http_GET() {
+ local username
+ local password
+
+ local url
+
+ while [ $# -gt 0 ]; do
+ case "${1}" in
+ --username=*)
+ username="$(cli_get_val ${1})"
+ ;;
+ --password=*)
+ password="$(cli_get_val ${1})"
+ ;;
+ *)
+ break
+ ;;
+ esac
+ shift
+ done
+
+ local url="$(cli_get_val ${1})"
+ shift
+
+ # Add credentials to the URL.
+ if isset username && isset password; then
+ # Stip http:// and so on from the URL.
+ local scheme="${url%://*}"
+ url="${url#*://}"
+
+ # Build new URL string with credentials.
+ url="${scheme}://${username}:${password}@${url}"
+ fi
+
+ # Add all query arguments if necessary.
+ local args=$(http_format_args "$@")
+ if [ -n "${args}" ]; then
+ url="${url}?${args}"
+ fi
+
+ http_call "${url}"
+}
+
+function http_call() {
+ # Argument list for invoking curl.
+ local args
+
+ list_append args "--silent"
+ list_append args "--user-agent IPFire-Network/${NETWORK_VERSION}"
+
+ # Add all other args.
+ list_append args "$@"
+
+ # Run curl.
+ curl ${args}
+}
. /usr/lib/network/header-zone
-HOOK_SETTINGS="HOOK SERVER_ADDRESS LOCAL_ADDRESS LOCAL_ADDRESS6"
+HOOK_SETTINGS="HOOK SERVER_ADDRESS LOCAL_ADDRESS LOCAL_ADDRESS6 TUNNEL_ID"
+HOOK_SETTINGS="${HOOK_SETTINGS} AUTO_UPDATE_ENDPOINT USERNAME PASSWORD"
# The IPv4 address of the tunnel endpoint where to connect to.
SERVER_ADDRESS=
# The address that is assigned to the tunnel device (with prefix).
LOCAL_ADDRESS6=
+# True if the endpoint IP address should be automatically
+# updated each time the tunnel connects.
+AUTO_UPDATE_ENDPOINT="false"
+
+# The ID of the tunnel.
+TUNNEL_ID=
+
+# Credentials for the tunnelbroker.net service.
+USERNAME=
+PASSWORD=
+
function _check() {
assert isset SERVER_ADDRESS
assert isset LOCAL_ADDRESS
assert isset LOCAL_ADDRESS6
+
+ if enabled AUTO_UPDATE_ENDPOINT; then
+ assert isset TUNNEL_ID
+ assert isset USERNAME
+ assert isset PASSWORD
+ fi
}
function _parse_cmdline() {
--local-ipv6-address=*)
LOCAL_ADDRESS6=$(cli_get_val ${1})
;;
+ --auto-update-endpoint=*)
+ local val="$(cli_get_val ${1})"
+
+ if enabled val; then
+ AUTO_UPDATE_ENDPOINT="true"
+ else
+ AUTO_UPADTE_ENDPOINT="false"
+ fi
+ ;;
+ --tunnel-id=*)
+ TUNNEL_ID="$(cli_get_val ${1})"
+ ;;
+ --username=*)
+ USERNAME="$(cli_get_val ${1})"
+ ;;
+ --password=*)
+ PASSWORD="$(cli_get_val ${1})"
+ ;;
*)
echo "Unknown option: ${1}" >&2
exit ${EXIT_ERROR}
# Read configuration options.
zone_config_read ${zone}
+ if enabled AUTO_UPDATE_ENDPOINT; then
+ log DEBUG "Updating tunnel endpoint"
+
+ he_tunnelbroker_endpoint_update \
+ --username="${USERNAME}" \
+ --password="${PASSWORD}" \
+ --tunnel-id="${TUNNEL_ID}"
+ fi
+
ip_tunnel_add ${zone} --ttl=255 \
--remote-address="${SERVER_ADDRESS}" \
--local-address="${LOCAL_ADDRESS}"