###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2013 IPFire Network Development Team #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# #
###############################################################################
-function aiccu_config_dir() {
- local device=${1}
-
- echo "${RUN_DIR}/aiccu/${device}"
-}
+# Define protocols which are supported by aiccu.
+AICCU_SUPPORTED_PROTOCOLS="tic tsp l2tp"
function aiccu_start() {
local device=${1}
- shift
-
assert isset device
- local config_dir=$(aiccu_config_dir ${device})
- mkdir -p ${config_dir}
-
- local config_file=${config_dir}/config
- aiccu_configure ${device} $@ > ${config_file}
-
- aiccu start ${config_file} &>/dev/null
+ # Tell systemd to start aiccu on this device.
+ service_start "aiccu@${device}.service"
local ret=$?
- case "${ret}" in
- 0)
- log DEBUG "Aiccu was successfully started for '${device}'."
- return ${EXIT_OK}
- ;;
- *)
- error_log "Could not start aiccu properly for '${device}'."
-
- error_log "Configuration file dump:"
- local line
- while read line; do
- error_log " ${line}"
- done < ${config_file}
-
- return ${EXIT_ERROR}
- ;;
- esac
+ if [ ${ret} -eq ${EXIT_OK} ]; then
+ log DEBUG "aiccu was successfully started on '${device}'."
+ else
+ log ERROR "Could not start aiccu properly on '${device}': ${ret}"
+ return ${EXIT_ERROR}
+ fi
+
+ return ${EXIT_OK}
}
function aiccu_stop() {
local device=${1}
-
assert isset device
- aiccu stop $(aiccu_config_dir ${device})/config
-
- rm -rf $(aiccu_config_dir ${device})
+ # Tell sysemd to stop aiccu on this device.
+ service_stop "aiccu@${device}.service"
}
-function aiccu_configure() {
+function aiccu_write_config() {
local device=${1}
+ local file=${2}
+ shift 2
assert isset device
+ assert isset file
- local user
- local secret
+ local username
+ local password
local server
local protocol="tic"
local tunnel_id
+ local require_tls
while [ $# -gt 0 ]; do
case "${1}" in
- --user=*)
- user=$(cli_get_val ${1})
+ --username=*)
+ username="$(cli_get_val ${1})"
;;
- --secret=*)
- secret=$(cli_get_val ${1})
+ --password=*)
+ password="$(cli_get_val ${1})"
;;
--server=*)
- server=$(cli_get_val ${1})
+ server="$(cli_get_val ${1})"
;;
--protocol=*)
- protocol=$(cli_get_val ${1})
+ protocol="$(cli_get_val ${1})"
;;
--tunnel-id=*)
- tunnel_id=$(cli_get_val ${1})
+ tunnel_id="$(cli_get_val ${1})"
+ ;;
+ --require-tls=*)
+ require_tls="$(cli_get_val ${1})"
+
+ if enabled val; then
+ require_tls="true"
+ else
+ require_tls="false"
+ fi
;;
esac
shift
done
- assert isset user
- assert isset secret
+ assert isset username
+ assert isset password
assert isset server
assert isset protocol
- assert isoneof protocol tic tsp l2tp
-
-cat <<EOF
-## AICCU configuration for ${zone}
-
-username ${user}
-password ${secret}
-
-server ${server}
-protocol ${protocol}
-
-$(isset tunnel_id && echo "tunnel_id ${tunnel_id}")
-
-ipv6_interface ${device}
-
-verbose true
-daemonize true
-automatic true
-
-pidfile $(aiccu_config_dir ${zone})/pid
-
-#setupscript /tmp/aiccu.sh
-
-EOF
+ assert isset require_tls
+ assert isoneof ${protocol} ${AICCU_SUPPORTED_PROTOCOLS}
+
+ # Write configuration file header.
+ config_header "aiccu configuration file for ${zone}" > ${file}
+
+ (
+ print "# Server info"
+ print "server ${server}"
+ print "protocol ${protocol}"
+ print
+
+ if isset tunnel_id; then
+ print "# Tunnel ID"
+ print "tunnel_id ${tunnel_id}"
+ print
+ fi
+
+ print "# Credentials"
+ print "username ${username}"
+ print "password ${password}"
+ print
+
+ print "ipv6_interface ${device}"
+ print
+
+ print "# Security"
+ print "requiretls ${require_tls}"
+ print
+
+ # Misc.
+ print "verbose true"
+ print "daemonize false"
+ print "automatic true"
+ ) >> ${file}
return ${EXIT_OK}
}