webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 11:43:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

ipsec-interfaces: Don't add any interfaces when IPsec is disabled

Browse Source 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2018-12-10 16:57:12 +00:00
parent a56357b8be
commit 1a45f9a70a
1 changed files with 45 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
src/scripts/ipsec-interfaces
View File

@@ -37,67 +37,67 @@ log() {
} }
main() { main() {
# We are done when IPsec is not enabled
[ "${ENABLED}" = "on" ] || exit 0
# Register local variables # Register local variables
local "${VARS[@]}" local "${VARS[@]}"
local action local action
local interfaces=() local interfaces=()
while IFS="," read -r "${VARS[@]}"; do # We are done when IPsec is not enabled
# Check if the connection is enabled if [ "${ENABLED}" = "on" ]; then
[ "${status}" = "on" ] || continue while IFS="," read -r "${VARS[@]}"; do
# Check if the connection is enabled
[ "${status}" = "on" ] || continue
# Check if this a net-to-net connection # Check if this a net-to-net connection
[ "${type}" = "net" ] || continue [ "${type}" = "net" ] || continue
# Determine the interface name # Determine the interface name
case "${interface_mode}" in case "${interface_mode}" in
gre|vti) gre|vti)
local intf="${interface_mode}${id}" local intf="${interface_mode}${id}"
;; ;;
*) *)
continue continue
;; ;;
esac esac
# Add the interface to the list of all interfaces # Add the interface to the list of all interfaces
interfaces+=( "${intf}" ) interfaces+=( "${intf}" )
local args=( local args=(
"local" "${VPN_IP}" "local" "${VPN_IP}"
"remote" "${righthost}" "remote" "${righthost}"
"ttl" "255" "ttl" "255"
) )
# Add key for VTI # Add key for VTI
if [ "${interface_mode}" = "vti" ]; then if [ "${interface_mode}" = "vti" ]; then
args+=( key "${id}" ) args+=( key "${id}" )
fi fi
# Update the settings when the interface already exists # Update the settings when the interface already exists
if [ -d "/sys/class/net/${intf}" ]; then if [ -d "/sys/class/net/${intf}" ]; then
ip link change dev "${intf}" \ ip link change dev "${intf}" \
type "${interface_mode}" "${args[@]}" &>/dev/null type "${interface_mode}" "${args[@]}" &>/dev/null
# Create a new interface and bring it up # Create a new interface and bring it up
else else
log "Creating interface ${intf}" log "Creating interface ${intf}"
ip link add name "${intf}" type "${interface_mode}" "${args[@]}" ip link add name "${intf}" type "${interface_mode}" "${args[@]}"
fi fi
# Add an IP address # Add an IP address
ip addr flush dev "${intf}" ip addr flush dev "${intf}"
ip addr add "${interface_address}" dev "${intf}" ip addr add "${interface_address}" dev "${intf}"
# Set MTU # Set MTU
ip link set dev "${intf}" mtu "${interface_mtu}" ip link set dev "${intf}" mtu "${interface_mtu}"
# Bring up the interface # Bring up the interface
ip link set dev "${intf}" up ip link set dev "${intf}" up
done < "${VPN_CONFIG}" done < "${VPN_CONFIG}"
fi
# Delete all other interfaces # Delete all other interfaces
local intf local intf