config: add xfrm interface support scripts
This package adds scripts for xfrm interfaces support.
Example configuration via /etc/config/network:
config interface 'xfrm0'
option proto 'xfrm'
option mtu '1300'
option zone 'VPN'
option tunlink 'wan'
option ifid 30
config interface 'xfrm0_static'
option proto 'static'
option ifname '@xfrm0'
option ip6addr 'fe80::1/64'
option ipaddr '10.0.0.1/30'
Now set in strongswan IPsec policy:
if_id_in = 30
if_id_out = 30
Signed-off-by: André Valentin <avalentin@marcant.net>
This commit is contained in:
André Valentin
Hans Dedecker
parent
cc092a285a
commit
452d88e8f7
38
package/network/config/xfrm/Makefile
Normal file
38
package/network/config/xfrm/Makefile
Normal file
@ -0,0 +1,38 @@
|
||||
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=xfrm
|
||||
PKG_VERSION:=1
|
||||
PKG_RELEASE:=1
|
||||
PKG_LICENSE:=GPL-2.0
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
define Package/xfrm/Default
|
||||
SECTION:=net
|
||||
CATEGORY:=Network
|
||||
MAINTAINER:=Andre Valentin <avalentin@marcant.net>
|
||||
endef
|
||||
|
||||
define Package/xfrm
|
||||
$(call Package/xfrm/Default)
|
||||
TITLE:=XFRM IPsec Tunnel Interface config support
|
||||
DEPENDS:=+kmod-xfrm-interface
|
||||
endef
|
||||
|
||||
define Package/xfrm/description
|
||||
XFRM IPsec Tunnel Interface config support (IPv4 and IPv6) in /etc/config/network.
|
||||
endef
|
||||
|
||||
define Build/Compile
|
||||
endef
|
||||
|
||||
define Build/Configure
|
||||
endef
|
||||
|
||||
define Package/xfrm/install
|
||||
$(INSTALL_DIR) $(1)/lib/netifd/proto
|
||||
$(INSTALL_BIN) ./files/xfrm.sh $(1)/lib/netifd/proto/xfrm.sh
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,xfrm))
|
||||
65
package/network/config/xfrm/files/xfrm.sh
Executable file
65
package/network/config/xfrm/files/xfrm.sh
Executable file
@ -0,0 +1,65 @@
|
||||
#!/bin/sh
|
||||
|
||||
[ -n "$INCLUDE_ONLY" ] || {
|
||||
. /lib/functions.sh
|
||||
. /lib/functions/network.sh
|
||||
. ../netifd-proto.sh
|
||||
init_proto "$@"
|
||||
}
|
||||
|
||||
proto_xfrm_setup() {
|
||||
local cfg="$1"
|
||||
local mode="xfrm"
|
||||
|
||||
local tunlink ifid mtu zone
|
||||
json_get_vars tunlink ifid mtu zone
|
||||
|
||||
proto_init_update "$cfg" 1
|
||||
|
||||
proto_add_tunnel
|
||||
json_add_string mode "$mode"
|
||||
json_add_int mtu "${mtu:-1280}"
|
||||
|
||||
[ -z "$tunlink" ] && {
|
||||
proto_notify_error "$cfg" NO_TUNLINK
|
||||
proto_block_restart "$cfg"
|
||||
exit
|
||||
}
|
||||
json_add_string link "$tunlink"
|
||||
|
||||
[ -z "$ifid" ] && {
|
||||
proto_notify_error "$cfg" NO_IFID
|
||||
proto_block_restart "$cfg"
|
||||
exit
|
||||
}
|
||||
json_add_object 'data'
|
||||
[ -n "$ifid" ] && json_add_int ifid "$ifid"
|
||||
json_close_object
|
||||
|
||||
proto_close_tunnel
|
||||
|
||||
proto_add_data
|
||||
[ -n "$zone" ] && json_add_string zone "$zone"
|
||||
proto_close_data
|
||||
|
||||
proto_send_update "$cfg"
|
||||
}
|
||||
|
||||
proto_xfrm_teardown() {
|
||||
local cfg="$1"
|
||||
}
|
||||
|
||||
proto_xfrm_init_config() {
|
||||
no_device=1
|
||||
available=1
|
||||
|
||||
proto_config_add_int "mtu"
|
||||
proto_config_add_string "tunlink"
|
||||
proto_config_add_string "zone"
|
||||
proto_config_add_int "ifid"
|
||||
}
|
||||
|
||||
|
||||
[ -n "$INCLUDE_ONLY" ] || {
|
||||
[ -f /lib/modules/$(uname -r)/xfrm_interface.ko -o -d /sys/module/xfrm_interface ] && add_protocol xfrm
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user