2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2015 IPFire Team #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
24 VPN_CONFIG
="/var/ipfire/vpn/config"
26 eval $
(/usr
/local
/bin
/readhash
/var
/ipfire
/ethernet
/settings
)
27 eval $
(/usr
/local
/bin
/readhash
/var
/ipfire
/vpn
/settings
)
30 id status name lefthost
type ctype psk
local x1 leftsubnets
31 x2 remote rightsubnets x3 x4 x5 x6 x7 x8 x9 x10 x11 x12
32 x13 x14 x15 x16 x17 x18 x19 proto x20 x21 x22
33 route x23 mode interface_mode interface_address interface_mtu rest
41 # Register local variables
47 # Compat for older connections
48 if [ "${local}" = "off" ]; then
52 # Handle %defaultroute
53 if [ -z "${local}" ]; then
54 if [ -r "/var/ipfire/red/local-ipaddress" ]; then
55 local="$(</var/ipfire/red/local-ipaddress)"
57 elif [ "${RED_TYPE}" = "STATIC" -a -n "${RED_ADDRESS}" ]; then
58 local="${RED_ADDRESS}"
62 # We are done when IPsec is not enabled
63 if [ "${ENABLED}" = "on" ]; then
64 while IFS
="," read -r "${VARS[@]}"; do
65 # Check if the connection is enabled
66 [ "${status}" = "on" ] ||
continue
68 # Check if this a net-to-net connection
69 [ "${type}" = "net" ] ||
continue
71 # Determine the interface name
72 case "${interface_mode}" in
74 local intf
="${interface_mode}${id}"
81 # Add the interface to the list of all interfaces
82 interfaces
+=( "${intf}" )
89 case "${interface_mode}" in
97 args
+=( "key" "${id}" )
101 # Update the settings when the interface already exists
102 if [ -d "/sys/class/net/${intf}" ]; then
103 ip link change dev
"${intf}" \
104 type "${interface_mode}" "${args[@]}" &>/dev
/null
106 # Create a new interface and bring it up
108 log
"Creating interface ${intf}"
109 if ! ip link add name
"${intf}" type "${interface_mode}" "${args[@]}"; then
110 log
"Could not create interface ${intf}"
116 ip addr flush dev
"${intf}"
117 ip addr add
"${interface_address}" dev
"${intf}"
120 ip link
set dev
"${intf}" mtu
"${interface_mtu}"
122 # Bring up the interface
123 ip link
set dev
"${intf}" up
124 done < "${VPN_CONFIG}"
127 # Delete all other interfaces
129 for intf
in /sys
/class
/net
/gre
[0-9]* /sys
/class
/net
/vti
[0-9]*; do
130 intf
="$(basename "${intf}")"
132 # Ignore a couple of interfaces that cannot be deleted
139 # Check if interface is on the list
140 local i found
="false"
141 for i
in ${interfaces[@]}; do
142 if [ "${intf}" = "${i}" ]; then
148 # Nothing to do if interface was found
151 # Delete the interface
152 log
"Deleting interface ${intf}"
153 ip link del
"${intf}" &>/dev
/null
projects / ipfire-2.x.git / blob