2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2015 IPFire Team #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
24 VPN_CONFIG
="/var/ipfire/vpn/config"
26 eval $
(/usr
/local
/bin
/readhash
/var
/ipfire
/ethernet
/settings
)
27 eval $
(/usr
/local
/bin
/readhash
/var
/ipfire
/vpn
/settings
)
30 id status name lefthost
type ctype x1 x2 x3 leftsubnets
31 remote righthost rightsubnets x5 x6 x7 x8 x9 x10 x11 x12
32 x13 x14 x15 x16 x17 x18 x19 x20 x21 proto x22 x23 x24
33 route x26 mode interface_mode interface_address interface_mtu rest
41 # Register local variables
48 # Handle %defaultroute
49 if [ "${VPN_IP}" = "%defaultroute" ]; then
50 if [ -r "/var/ipfire/red/local-ipaddress" ]; then
51 vpn_ip
="$(</var/ipfire/red/local-ipaddress)"
53 elif [ "${RED_TYPE}" = "STATIC" -a -n "${RED_ADDRESS}" ]; then
54 vpn_ip
="${RED_ADDRESS}"
61 # We are done when IPsec is not enabled
62 if [ "${ENABLED}" = "on" ]; then
63 while IFS
="," read -r "${VARS[@]}"; do
64 # Check if the connection is enabled
65 [ "${status}" = "on" ] ||
continue
67 # Check if this a net-to-net connection
68 [ "${type}" = "net" ] ||
continue
70 # Determine the interface name
71 case "${interface_mode}" in
73 local intf
="${interface_mode}${id}"
80 # Add the interface to the list of all interfaces
81 interfaces
+=( "${intf}" )
85 "remote" "${righthost}"
90 if [ "${interface_mode}" = "vti" ]; then
94 # Update the settings when the interface already exists
95 if [ -d "/sys/class/net/${intf}" ]; then
96 ip link change dev
"${intf}" \
97 type "${interface_mode}" "${args[@]}" &>/dev
/null
99 # Create a new interface and bring it up
101 log
"Creating interface ${intf}"
102 if ! ip link add name
"${intf}" type "${interface_mode}" "${args[@]}"; then
103 log
"Could not create interface ${intf}"
109 ip addr flush dev
"${intf}"
110 ip addr add
"${interface_address}" dev
"${intf}"
113 ip link
set dev
"${intf}" mtu
"${interface_mtu}"
115 # Bring up the interface
116 ip link
set dev
"${intf}" up
117 done < "${VPN_CONFIG}"
120 # Delete all other interfaces
122 for intf
in /sys
/class
/net
/gre
* /sys
/class
/net
/vti
*; do
123 intf
="$(basename "${intf}")"
125 # Ignore a couple of interfaces that cannot be deleted
132 # Check if interface is on the list
133 local i found
="false"
134 for i
in ${interfaces[@]}; do
135 if [ "${intf}" = "${i}" ]; then
141 # Nothing to do if interface was found
144 # Delete the interface
145 log
"Deleting interface ${intf}"
146 ip link del
"${intf}" &>/dev
/null
projects / ipfire-2.x.git / blob