FreeBSDAdmin/VPN/recon.sh

#!/usr/local/bin/bash
# Recon
#
# Douglas Thrift
#
# $Id$

declare -a interfaces locals remotes

while read interface local remote; do
        interfaces[${#interfaces[@]}]=$interface
        locals[${#locals[@]}]=$local
        remotes[${#remotes[@]}]=$remote
done < ~/recon.dat

function address()
{
        host $1 | sed -Ee 's/^.* has address ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})$/\1/p;d'
}

for ((index = 0; index != ${#interfaces[@]}; ++index)); do
        interface=${interfaces[$index]}

        eval `grep "^gifconfig_$interface=" /etc/rc.conf | sed -Ee "s/^gifconfig_$interface=\"([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\"$/declare old_local=\1 old_remote=\2/p;d"`

        new_local=`address ${locals[$index]}`
        new_remote=`address ${remotes[$index]}`

        if [[ -z $new_local ]] || [[ -z $new_remote ]]; then
                echo "`basename $0`: new addresses undefined: new_local=$new_local new_remote=$new_remote"

                exit 1
        fi

        if [[ $old_local != $new_local ]] || [[ $old_remote != $new_remote ]]; then
                sed -e "s/^gifconfig_$interface=\"$old_local $old_remote\"$/gifconfig_$interface=\"$new_local $new_remote\"/" -i '' /etc/rc.conf
                sed -e "s|^spdadd $old_local/32 $old_remote/32 ipencap -P out ipsec esp/tunnel/$old_local-$old_remote/require;$|spdadd $new_local/32 $new_remote/32 ipencap -P out ipsec esp/tunnel/$new_local-$new_remote/require;|;s|^spdadd $old_remote/32 $old_local/32 ipencap -P in ipsec esp/tunnel/$old_remote-$old_local/require;$|spdadd $new_remote/32 $new_local/32 ipencap -P in ipsec esp/tunnel/$new_remote-$new_local/require;|" -i '' /etc/ipsec.conf

                if [[ $old_remote != $new_remote ]]; then
                        sed -e "s/^$old_remote  /$new_remote    /" -i '' /usr/local/etc/racoon/psk.txt

                        # XXX: I don't know whether or not this is really necessary
                        /usr/local/etc/rc.d/racoon.sh restart
                fi

                /etc/rc.d/ipsec reload
                /sbin/ifconfig $interface tunnel $new_local $new_remote
        fi
done
Revision:	876
Committed:	2006-11-05T18:37:36-08:00 (18 years, 7 months ago) by douglas
Content type:	text/x-sh
File size:	1921 byte(s)
Log Message:	Oops!
#	User	Rev	Content
1	douglas	869	#!/usr/local/bin/bash
2			# Recon
3			#
4			# Douglas Thrift
5			#
6			# $Id$
7
8			declare -a interfaces locals remotes
9
10			while read interface local remote; do
11			interfaces[${#interfaces[@]}]=$interface
12			locals[${#locals[@]}]=$local
13			remotes[${#remotes[@]}]=$remote
14			done < ~/recon.dat
15
16			function address()
17			{
18			host $1 \| sed -Ee 's/^.* has address ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})$/\1/p;d'
19			}
20
21			for ((index = 0; index != ${#interfaces[@]}; ++index)); do
22			interface=${interfaces[$index]}
23
24			eval `grep "^gifconfig_$interface=" /etc/rc.conf \| sed -Ee "s/^gifconfig_$interface=\"([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\"$/declare old_local=\1 old_remote=\2/p;d"`
25
26			new_local=`address ${locals[$index]}`
27			new_remote=`address ${remotes[$index]}`
28
29	douglas	876	if [[ -z $new_local ]] \|\| [[ -z $new_remote ]]; then
30	douglas	875	echo "`basename $0`: new addresses undefined: new_local=$new_local new_remote=$new_remote"
31
32			exit 1
33			fi
34
35	douglas	869	if [[ $old_local != $new_local ]] \|\| [[ $old_remote != $new_remote ]]; then
36	douglas	871	sed -e "s/^gifconfig_$interface=\"$old_local $old_remote\"$/gifconfig_$interface=\"$new_local $new_remote\"/" -i '' /etc/rc.conf
37	douglas	872	sed -e "s\|^spdadd $old_local/32 $old_remote/32 ipencap -P out ipsec esp/tunnel/$old_local-$old_remote/require;$\|spdadd $new_local/32 $new_remote/32 ipencap -P out ipsec esp/tunnel/$new_local-$new_remote/require;\|;s\|^spdadd $old_remote/32 $old_local/32 ipencap -P in ipsec esp/tunnel/$old_remote-$old_local/require;$\|spdadd $new_remote/32 $new_local/32 ipencap -P in ipsec esp/tunnel/$new_remote-$new_local/require;\|" -i '' /etc/ipsec.conf
38	douglas	869
39			if [[ $old_remote != $new_remote ]]; then
40	douglas	870	sed -e "s/^$old_remote /$new_remote /" -i '' /usr/local/etc/racoon/psk.txt
41	douglas	871
42			# XXX: I don't know whether or not this is really necessary
43			/usr/local/etc/rc.d/racoon.sh restart
44	douglas	869	fi
45	douglas	871
46			/etc/rc.d/ipsec reload
47	douglas	875	/sbin/ifconfig $interface tunnel $new_local $new_remote
48	douglas	869	fi
49			done