#!/bin/bash ############################################################################### # # # IPFire.org - A linux based firewall # # Copyright (C) 2010 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation, either version 3 of the License, or # # (at your option) any later version. # # # # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # # GNU General Public License for more details. # # # # You should have received a copy of the GNU General Public License # # along with this program. If not, see . # # # ############################################################################### PPP_SUPPORTED_AUTH_METHODS="chap pap" function pppd_start() { local interface=${1} assert isset interface # This will block until the connection has been established or # pppd exited. service_start "pppd@${interface}.service" # Get the exit code of the ppp daemon and figure out # how to handle this. local ret=$(service_get_exitcode "pppd@${interface}.service") case "${ret}" in 0) return ${EXIT_OK} ;; 1) error "pppd crashed for an unknown reason" ;; 2) error "pppd: Configuration error" ;; 5) error "pppd terminated" ;; 16) error "pppd: Link terminated by modem" ;; 19) error "pppd: Authentication failed" ;; *) error "pppd: Unhandled exit code: ${ret}" ;; esac return ${ret} } function pppd_stop() { local interface=${1} assert isset interface service_stop "pppd@${interface}.service" } function pppd_status() { local interface=${1} assert isset interface service_status "pppd@${interface}.service" } function ppp_common_ip_pre_up() { local zone=${1} shift if ! zone_exists ${zone}; then error "Zone '${zone}' does not exist." return ${EXIT_ERROR} fi routing_db_from_ppp ${zone} ipv4 return ${EXIT_OK} } function ppp_common_ipv4_up() { local zone=${1} shift if ! zone_exists ${zone}; then error "Zone '${zone}' does not exist." return ${EXIT_ERROR} fi routing_db_set ${zone} ipv4 active 1 routing_update ${zone} ipv4 routing_default_update return ${EXIT_OK} } function ppp_common_ipv4_down() { local zone=${1} shift if ! zone_exists ${zone}; then error "Zone '${zone}' does not exist." return ${EXIT_ERROR} fi # Remove the information about this zone from the routing database # and update the routing table. routing_db_remove ${zone} ipv4 routing_update ${zone} ipv4 routing_default_update # Save accounting information ppp_accounting ${zone} return ${EXIT_OK} } function ppp_common_ipv6_up() { local zone=${1} shift if ! zone_exists ${zone}; then error "Zone '${zone}' does not exist." return ${EXIT_ERROR} fi # Add information about this zone to the routing database. routing_db_from_ppp ${zone} ipv6 routing_db_set ${zone} ipv6 active 1 routing_update ${zone} ipv6 routing_default_update return ${EXIT_OK} } function ppp_common_ipv6_down() { local zone=${1} shift if ! zone_exists ${zone}; then error "Zone '${zone}' does not exist." return ${EXIT_ERROR} fi # Remove the information about this zone from the routing database # and update the routing table. routing_db_remove ${zone} ipv6 routing_update ${zone} ipv6 routing_default_update # Save accounting information ppp_accounting ${zone} return ${EXIT_OK} } function ppp_secret() { local USER=${1} local SECRET=${2} local a local secret local user # Updateing secret file > ${PPP_SECRETS}.tmp while read user a secret; do if [ "'${USER}'" != "${user}" ]; then echo "${user} ${a} ${secret}" >> ${PPP_SECRETS}.tmp fi done < ${PPP_SECRETS} echo "'${USER}' * '${SECRET}'" >> ${PPP_SECRETS}.tmp cat ${PPP_SECRETS}.tmp > ${PPP_SECRETS} rm -f ${PPP_SECRETS}.tmp } function ppp_accounting() { local zone=${1} shift db_ppp_update ${zone} --duration="${CONNECT_TIME}" \ --rcvd="${BYTES_RCVD}" --sent="${BYTES_SENT}" } function pppd_exec() { log DEBUG "Running pppd with parameters '$@'." pppd $@ > /dev/null } function pppd_write_config() { local file=${1}; shift assert isset file local auth local baudrate local connect_cmd local default_asyncmap="true" local interface local ipv6="true" local lcp_echo_failure=3 local lcp_echo_interval=20 local linkname local mtu mru local password local plugin plugin_options local serial="false" local username local value while [ $# -gt 0 ]; do case "${1}" in --auth=*) auth=$(cli_get_val ${1}) ;; --baudrate=*) baudrate=$(cli_get_val ${1}) assert isoneof baudrate ${SERIAL_BAUDRATES} ;; --connect-command=*) connect_cmd=$(cli_get_val ${1}) ;; # Enable or disable the use of the default asyncmap. --default-asyncmap=*) value=$(cli_get_val ${1}) if enabled value; then default_asyncmap="true" else default_asyncmap="false" fi ;; # The name of the created ppp interface. --interface=*) interface=$(cli_get_val ${1}) ;; # IPv6 --ipv6=*) ipv6="$(cli_get_val ${1})" ;; # LCP echo failure. --lcr-echo-failure=*) lcr_echo_failure=$(cli_get_val ${1}) if ! isinteger ${lcr_echo_failure}; then error "--lcr-echo-failure= requires a number" return ${EXIT_ERROR} fi ;; # LCP echo interval. --lcr-echo-interval=*) lcr_echo_interval=$(cli_get_val ${1}) if ! isinteger ${lcr_echo_failure}; then error "--lcr-echo-interval= requires a number" return ${EXIT_ERROR} fi ;; # Maximum Transmission Unit --mtu=*) mtu=$(cli_get_val ${1}) ;; # Maximum Receive Unit --mru=*) mru=$(cli_get_val ${1}) ;; --password=*) password=$(cli_get_val ${1}) ;; --plugin=*) plugin=$(cli_get_val ${1}) ;; --plugin-options=*) plugin_options=$(cli_get_val ${1}) ;; # Sets if the modem is a serial device. --serial=*) serial=$(cli_get_val ${1}) ;; --serial-device=*) serial_device=$(cli_get_val ${1}) ;; --username=*) username=$(cli_get_val ${1}) ;; *) log WARNING "Unhandled argument: ${1}" ;; esac shift done if [ -z "${interface}" ]; then log ERROR "You need to set the interface name: ${interface}" return ${EXIT_ERROR} fi linkname="${interface}" if isset auth; then if ! isoneof ${auth} ${PPP_SUPPORTED_AUTH_METHODS}; then log ERROR "Unsupported auth method: ${auth}" return ${EXIT_ERROR} fi fi if enabled serial; then assert isset serial_device assert [ -c "${serial_device}" ] fi # Set the user credentials. ppp_secret "${username}" "${password}" # Write the configuration header. mkdir -p $(dirname ${file}) 2>/dev/null config_header "PPP daemon configuration file" > ${file} # At first, set the name of the link. print "linkname ${linkname}\n" >> ${file} # Configure the interface/zone name. ( print "# Interface name" print "ifname ${interface}" print ) >> ${file} # Plugin settings if isset plugin; then ( print "# Plugin settings" print "plugin ${plugin} ${plugin_options}" print ) >> ${file} fi # User authentication if isset username; then ( print "# User authentication" print "user ${username}" print "noauth" if isset auth; then print "require-${auth}" fi print ) >> ${file} fi # IPv6 if enabled ipv6; then ( print "# IPv6 support" print "+ipv6" print ) >> ${file} fi # MTU/MRU settings if isset mtu; then isset mru || mru=${mtu} ( print "# MTU/MRU settings" print "mtu ${mtu}" print "mru ${mru}" print ) >> ${file} fi if enabled serial; then ( print "# Serial modem settings" print "${serial_device} ${baudrate}" print "crtscts" print "lock" print "modem" print ) >> ${file} # Connect command if isset connect_cmd; then ( print "# Connect command" print "connect \"${connect_cmd}\"" print ) >> ${file} fi fi # Default asyncmap. if enabled default_asyncmap; then ( print "# Use the default asyncmap." print "default-asyncmap" print ) >> ${file} fi # LCP settings. ( print "# LCP settings" print "lcp-echo-failure ${lcp_echo_failure}" print "lcp-echo-interval ${lcp_echo_interval}" print ) >> ${file} # Add the default settings. ( print "# Disable the compression" print "noccp noaccomp nodeflate nopcomp novj novjccomp nobsdcomp nomppe" print "noipdefault updetach debug" ) >> ${file} return ${EXIT_OK} }