2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2015 IPFire Team #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
24 VPN_CONFIG
="/var/ipfire/vpn/config"
26 eval $
(/usr
/local
/bin
/readhash
/var
/ipfire
/ethernet
/settings
)
27 eval $
(/usr
/local
/bin
/readhash
/var
/ipfire
/vpn
/settings
)
30 id status name lefthost
type ctype x1 x2 x3 leftsubnets
31 remote righthost rightsubnets x5 x6 x7 x8 x9 x10 x11 x12
32 x13 x14 x15 x16 x17 x18 x19 x20 x21 proto x22 x23 x24
33 route x26 mode interface_mode interface_address interface_mtu rest
41 # Register local variables
48 # Handle %defaultroute
49 if [ "${VPN_IP}" = "%defaultroute" ]; then
50 if [ -r "/var/ipfire/red/local-ipaddress" ]; then
51 vpn_ip
="$(</var/ipfire/red/local-ipaddress)"
53 elif [ "${RED_TYPE}" = "STATIC" -a -n "${RED_ADDRESS}" ]; then
54 vpn_ip
="${RED_ADDRESS}"
61 # We are done when IPsec is not enabled
62 if [ "${ENABLED}" = "on" ]; then
63 while IFS
="," read -r "${VARS[@]}"; do
64 # Check if the connection is enabled
65 [ "${status}" = "on" ] ||
continue
67 # Check if this a net-to-net connection
68 [ "${type}" = "net" ] ||
continue
70 # Determine the interface name
71 case "${interface_mode}" in
73 local intf
="${interface_mode}${id}"
80 # Add the interface to the list of all interfaces
81 interfaces
+=( "${intf}" )
85 "remote" "${righthost}"
88 case "${interface_mode}" in
96 args
+=( "key" "${id}" )
100 # Update the settings when the interface already exists
101 if [ -d "/sys/class/net/${intf}" ]; then
102 ip link change dev
"${intf}" \
103 type "${interface_mode}" "${args[@]}" &>/dev
/null
105 # Create a new interface and bring it up
107 log
"Creating interface ${intf}"
108 if ! ip link add name
"${intf}" type "${interface_mode}" "${args[@]}"; then
109 log
"Could not create interface ${intf}"
115 ip addr flush dev
"${intf}"
116 ip addr add
"${interface_address}" dev
"${intf}"
119 ip link
set dev
"${intf}" mtu
"${interface_mtu}"
121 # Bring up the interface
122 ip link
set dev
"${intf}" up
123 done < "${VPN_CONFIG}"
126 # Delete all other interfaces
128 for intf
in /sys
/class
/net
/gre
[0-9]* /sys
/class
/net
/vti
[0-9]*; do
129 intf
="$(basename "${intf}")"
131 # Ignore a couple of interfaces that cannot be deleted
138 # Check if interface is on the list
139 local i found
="false"
140 for i
in ${interfaces[@]}; do
141 if [ "${intf}" = "${i}" ]; then
147 # Nothing to do if interface was found
150 # Delete the interface
151 log
"Deleting interface ${intf}"
152 ip link del
"${intf}" &>/dev
/null