| #!/bin/bash |
| # |
| # strongswan files/ipsec-vti.sh - Ansible managed: Do NOT edit this file manually! |
| # |
| # SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org> |
| # SPDX-License-Identifier: Apache-2.0 |
| |
| set -o nounset |
| set -o errexit |
| |
| echo "${PLUTO_VERB}" >> /tmp/yoyo |
| while [[ $# -gt 1 ]]; do |
| case ${1} in |
| -ln|--link-name) |
| TUNNEL_NAME="${2}" |
| TUNNEL_PHY_INTERFACE="${PLUTO_INTERFACE}" |
| shift |
| ;; |
| -ll|--link-local) |
| TUNNEL_LOCAL_ADDRESS="${2}" |
| TUNNEL_LOCAL_ENDPOINT="${PLUTO_ME}" |
| shift |
| ;; |
| -lr|--link-remote) |
| TUNNEL_REMOTE_ADDRESS="${2}" |
| TUNNEL_REMOTE_ENDPOINT="${PLUTO_PEER}" |
| shift |
| ;; |
| -m|--mark) |
| TUNNEL_MARK="${2}" |
| shift |
| ;; |
| -r|--static-route) |
| TUNNEL_STATIC_ROUTE="${2}" |
| shift |
| ;; |
| *) |
| echo "${0}: Unknown argument \"${1}\"" >&2 |
| ;; |
| esac |
| shift |
| done |
| |
| command_exists() { |
| type "$1" >&2 2>&2 |
| } |
| |
| create_interface() { |
| { |
| echo "ip link add ${TUNNEL_NAME} type vti local ${TUNNEL_LOCAL_ENDPOINT} remote ${TUNNEL_REMOTE_ENDPOINT} key ${TUNNEL_MARK}" |
| echo "ip addr add ${TUNNEL_LOCAL_ADDRESS} remote ${TUNNEL_REMOTE_ADDRESS} dev ${TUNNEL_NAME}" |
| echo "ip link set ${TUNNEL_NAME} up mtu 1387" |
| } >> /tmp/yoyo |
| ip link add "${TUNNEL_NAME}" type vti local "${TUNNEL_LOCAL_ENDPOINT}" remote "${TUNNEL_REMOTE_ENDPOINT}" key "${TUNNEL_MARK}" |
| ip addr add "${TUNNEL_LOCAL_ADDRESS}" remote "${TUNNEL_REMOTE_ADDRESS}" dev "${TUNNEL_NAME}" |
| ip link set "${TUNNEL_NAME}" up mtu 1387 |
| } |
| |
| configure_sysctl() { |
| sysctl -w net.ipv4.ip_forward=1 |
| sysctl -w net.ipv4.conf."${TUNNEL_NAME}".rp_filter=2 |
| sysctl -w net.ipv4.conf."${TUNNEL_NAME}".disable_policy=1 |
| sysctl -w net.ipv4.conf."${TUNNEL_PHY_INTERFACE}".disable_xfrm=1 |
| sysctl -w net.ipv4.conf."${TUNNEL_PHY_INTERFACE}".disable_policy=1 |
| } |
| |
| add_route() { |
| IFS=',' read -ra route <<< "${TUNNEL_STATIC_ROUTE}" |
| for i in "${route[@]}"; do |
| ip route add "${i}" dev "${TUNNEL_NAME}" metric "${TUNNEL_MARK}" |
| done |
| } |
| |
| cleanup() { |
| IFS=',' read -ra route <<< "${TUNNEL_STATIC_ROUTE}" |
| for i in "${route[@]}"; do |
| ip route del "${i}" dev "${TUNNEL_NAME}" metric "${TUNNEL_MARK}" |
| done |
| } |
| |
| delete_interface() { |
| ip link set "${TUNNEL_NAME}" down |
| ip link del "${TUNNEL_NAME}" |
| } |
| |
| # main execution starts here |
| |
| command_exists ip || echo "ERROR: ip command is required to execute the script, check if you are running as root, mostly to do with path, /sbin/" >&2 2>&2 |
| command_exists iptables || echo "ERROR: iptables command is required to execute the script, check if you are running as root, mostly to do with path, /sbin/" >&2 2>&2 |
| command_exists sysctl || echo "ERROR: sysctl command is required to execute the script, check if you are running as root, mostly to do with path, /sbin/" >&2 2>&2 |
| |
| case "${PLUTO_VERB}" in |
| up-client) |
| create_interface |
| configure_sysctl |
| add_route |
| echo "A" |
| ;; |
| down-client) |
| cleanup |
| delete_interface |
| ;; |
| esac |