FreeBSDAdmin/VPN/recon.sh

#!/usr/local/bin/bash
# Recon
#
# Douglas Thrift
#
# $Id$

declare -a interfaces locals remotes

while read interface local remote; do
        interfaces[${#interfaces[@]}]=$interface
        locals[${#locals[@]}]=$local
        remotes[${#remotes[@]}]=$remote
done < ~/recon.dat

function address()
{
        host $1 | sed -Ee 's/^.* has address ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})$/\1/p;d'
}

for ((index = 0; index != ${#interfaces[@]}; ++index)); do
        interface=${interfaces[$index]}

        eval `grep "^gifconfig_$interface=" /etc/rc.conf | sed -Ee "s/^gifconfig_$interface=\"([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\"$/declare old_local=\1 old_remote=\2/p;d"`

        new_local=`address ${locals[$index]}`
        new_remote=`address ${remotes[$index]}`

        if [[ $old_local != $new_local ]] || [[ $old_remote != $new_remote ]]; then
                sed -e "s/^gifconfig_$interface=\"$old_local $old_remote\"$/gifconfig_$interface=\"$new_local $new_remote\"/" -i '' /etc/rc.conf
                sed -e "s|^spdadd $old_local/32 $old_remote/32 ipencap -P out ipsec esp/tunnel/$old_local-$old_remote/require;$|spadd $new_local/32 $new_remote/32 ipencap -P out ipsec esp/tunnel/$new_local-$new_remote/require;|;s|^spdadd $old_remote/32 $old_local/32 ipencap -P in ipsec esp/tunnel/$old_remote-$old_local/require;$|spdadd $new_remote/32 $new_local/32 ipencap -P in ipsec esp/tunnel/$new_remote-$new_local/require;|" -i '' /etc/ipsec.conf

                if [[ $old_remote != $new_remote ]]; then
                        sed -e "s/^$old_remote  /$new_remote    /" -i '' /usr/local/etc/racoon/psk.txt

                        # XXX: I don't know whether or not this is really necessary
                        /usr/local/etc/rc.d/racoon.sh restart
                fi

                /etc/rc.d/ipsec reload
                ifconfig $interface tunnel $new_local $new_remote
        fi
done
Revision:	871
Committed:	2006-11-01T00:12:24-08:00 (18 years, 7 months ago) by douglas
Content type:	text/x-sh
File size:	1752 byte(s)
Log Message:	This might just work...
#	Content
1	#!/usr/local/bin/bash
2	# Recon
3	#
4	# Douglas Thrift
5	#
6	# $Id$
7
8	declare -a interfaces locals remotes
9
10	while read interface local remote; do
11	interfaces[${#interfaces[@]}]=$interface
12	locals[${#locals[@]}]=$local
13	remotes[${#remotes[@]}]=$remote
14	done < ~/recon.dat
15
16	function address()
17	{
18	host $1 \| sed -Ee 's/^.* has address ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})$/\1/p;d'
19	}
20
21	for ((index = 0; index != ${#interfaces[@]}; ++index)); do
22	interface=${interfaces[$index]}
23
24	eval `grep "^gifconfig_$interface=" /etc/rc.conf \| sed -Ee "s/^gifconfig_$interface=\"([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\"$/declare old_local=\1 old_remote=\2/p;d"`
25
26	new_local=`address ${locals[$index]}`
27	new_remote=`address ${remotes[$index]}`
28
29	if [[ $old_local != $new_local ]] \|\| [[ $old_remote != $new_remote ]]; then
30	sed -e "s/^gifconfig_$interface=\"$old_local $old_remote\"$/gifconfig_$interface=\"$new_local $new_remote\"/" -i '' /etc/rc.conf
31	sed -e "s\|^spdadd $old_local/32 $old_remote/32 ipencap -P out ipsec esp/tunnel/$old_local-$old_remote/require;$\|spadd $new_local/32 $new_remote/32 ipencap -P out ipsec esp/tunnel/$new_local-$new_remote/require;\|;s\|^spdadd $old_remote/32 $old_local/32 ipencap -P in ipsec esp/tunnel/$old_remote-$old_local/require;$\|spdadd $new_remote/32 $new_local/32 ipencap -P in ipsec esp/tunnel/$new_remote-$new_local/require;\|" -i '' /etc/ipsec.conf
32
33	if [[ $old_remote != $new_remote ]]; then
34	sed -e "s/^$old_remote /$new_remote /" -i '' /usr/local/etc/racoon/psk.txt
35
36	# XXX: I don't know whether or not this is really necessary
37	/usr/local/etc/rc.d/racoon.sh restart
38	fi
39
40	/etc/rc.d/ipsec reload
41	ifconfig $interface tunnel $new_local $new_remote
42	fi
43	done