files/ipsec-vti.sh - ansible/role/strongswan - Gitiles

 #!/bin/bash
 #
 # strongswan files/ipsec-vti.sh - Ansible managed: Do NOT edit this file manually!
 #
 # SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
 # SPDX-License-Identifier: Apache-2.0

 set -o nounset
 set -o errexit

 echo "${PLUTO_VERB}" >> /tmp/yoyo
 while [[ $# -gt 1 ]]; do
 	case ${1} in
 		-ln|--link-name)
 			TUNNEL_NAME="${2}"
 			TUNNEL_PHY_INTERFACE="${PLUTO_INTERFACE}"
 			shift
 			;;
 		-ll|--link-local)
 			TUNNEL_LOCAL_ADDRESS="${2}"
 			TUNNEL_LOCAL_ENDPOINT="${PLUTO_ME}"
 			shift
 			;;
 		-lr|--link-remote)
 			TUNNEL_REMOTE_ADDRESS="${2}"
 			TUNNEL_REMOTE_ENDPOINT="${PLUTO_PEER}"
 			shift
 			;;
 		-m|--mark)
 			TUNNEL_MARK="${2}"
 			shift
 			;;
 		-r|--static-route)
 			TUNNEL_STATIC_ROUTE="${2}"
 			shift
 			;;
 		*)
 			echo "${0}: Unknown argument \"${1}\"" >&2
 			;;
 	esac
 	shift
 done

 command_exists() {
 	type "$1" >&2 2>&2
 }

 create_interface() {
 	{
 		echo "ip link add ${TUNNEL_NAME} type vti local ${TUNNEL_LOCAL_ENDPOINT} remote ${TUNNEL_REMOTE_ENDPOINT} key ${TUNNEL_MARK}"
 		echo "ip addr add ${TUNNEL_LOCAL_ADDRESS} remote ${TUNNEL_REMOTE_ADDRESS} dev ${TUNNEL_NAME}"
 		echo "ip link set ${TUNNEL_NAME} up mtu 1387"
 	} >> /tmp/yoyo
 	ip link add "${TUNNEL_NAME}" type vti local "${TUNNEL_LOCAL_ENDPOINT}" remote "${TUNNEL_REMOTE_ENDPOINT}" key "${TUNNEL_MARK}"
 	ip addr add "${TUNNEL_LOCAL_ADDRESS}" remote "${TUNNEL_REMOTE_ADDRESS}" dev "${TUNNEL_NAME}"
 	ip link set "${TUNNEL_NAME}" up mtu 1387
 }

 configure_sysctl() {
 	sysctl -w net.ipv4.ip_forward=1
 	sysctl -w net.ipv4.conf."${TUNNEL_NAME}".rp_filter=2
 	sysctl -w net.ipv4.conf."${TUNNEL_NAME}".disable_policy=1
 	sysctl -w net.ipv4.conf."${TUNNEL_PHY_INTERFACE}".disable_xfrm=1
 	sysctl -w net.ipv4.conf."${TUNNEL_PHY_INTERFACE}".disable_policy=1
 }

 add_route() {
 	IFS=',' read -ra route <<< "${TUNNEL_STATIC_ROUTE}"
     	for i in "${route[@]}"; do
 	    ip route add "${i}" dev "${TUNNEL_NAME}" metric "${TUNNEL_MARK}"
 	done
 }

 cleanup() {
         IFS=',' read -ra route <<< "${TUNNEL_STATIC_ROUTE}"
         for i in "${route[@]}"; do
             ip route del "${i}" dev "${TUNNEL_NAME}" metric "${TUNNEL_MARK}"
         done
 }

 delete_interface() {
 	ip link set "${TUNNEL_NAME}" down
 	ip link del "${TUNNEL_NAME}"
 }

 # main execution starts here

 command_exists ip || echo "ERROR: ip command is required to execute the script, check if you are running as root, mostly to do with path, /sbin/" >&2 2>&2
 command_exists iptables || echo "ERROR: iptables command is required to execute the script, check if you are running as root, mostly to do with path, /sbin/" >&2 2>&2
 command_exists sysctl || echo "ERROR: sysctl command is required to execute the script, check if you are running as root, mostly to do with path, /sbin/" >&2 2>&2

 case "${PLUTO_VERB}" in
 	up-client)
 		create_interface
 		configure_sysctl
 		add_route
         echo "A"
 		;;
 	down-client)
 		cleanup
 		delete_interface
 		;;
 esac
	#!/bin/bash
	#
	# strongswan files/ipsec-vti.sh - Ansible managed: Do NOT edit this file manually!
	#
	# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
	# SPDX-License-Identifier: Apache-2.0

	set -o nounset
	set -o errexit

	echo "${PLUTO_VERB}" >> /tmp/yoyo
	while [[ $# -gt 1 ]]; do
	case ${1} in
	-ln\|--link-name)
	TUNNEL_NAME="${2}"
	TUNNEL_PHY_INTERFACE="${PLUTO_INTERFACE}"
	shift
	;;
	-ll\|--link-local)
	TUNNEL_LOCAL_ADDRESS="${2}"
	TUNNEL_LOCAL_ENDPOINT="${PLUTO_ME}"
	shift
	;;
	-lr\|--link-remote)
	TUNNEL_REMOTE_ADDRESS="${2}"
	TUNNEL_REMOTE_ENDPOINT="${PLUTO_PEER}"
	shift
	;;
	-m\|--mark)
	TUNNEL_MARK="${2}"
	shift
	;;
	-r\|--static-route)
	TUNNEL_STATIC_ROUTE="${2}"
	shift
	;;
	*)
	echo "${0}: Unknown argument \"${1}\"" >&2
	;;
	esac
	shift
	done

	command_exists() {
	type "$1" >&2 2>&2
	}

	create_interface() {
	{
	echo "ip link add ${TUNNEL_NAME} type vti local ${TUNNEL_LOCAL_ENDPOINT} remote ${TUNNEL_REMOTE_ENDPOINT} key ${TUNNEL_MARK}"
	echo "ip addr add ${TUNNEL_LOCAL_ADDRESS} remote ${TUNNEL_REMOTE_ADDRESS} dev ${TUNNEL_NAME}"
	echo "ip link set ${TUNNEL_NAME} up mtu 1387"
	} >> /tmp/yoyo
	ip link add "${TUNNEL_NAME}" type vti local "${TUNNEL_LOCAL_ENDPOINT}" remote "${TUNNEL_REMOTE_ENDPOINT}" key "${TUNNEL_MARK}"
	ip addr add "${TUNNEL_LOCAL_ADDRESS}" remote "${TUNNEL_REMOTE_ADDRESS}" dev "${TUNNEL_NAME}"
	ip link set "${TUNNEL_NAME}" up mtu 1387
	}

	configure_sysctl() {
	sysctl -w net.ipv4.ip_forward=1
	sysctl -w net.ipv4.conf."${TUNNEL_NAME}".rp_filter=2
	sysctl -w net.ipv4.conf."${TUNNEL_NAME}".disable_policy=1
	sysctl -w net.ipv4.conf."${TUNNEL_PHY_INTERFACE}".disable_xfrm=1
	sysctl -w net.ipv4.conf."${TUNNEL_PHY_INTERFACE}".disable_policy=1
	}

	add_route() {
	IFS=',' read -ra route <<< "${TUNNEL_STATIC_ROUTE}"
	for i in "${route[@]}"; do
	ip route add "${i}" dev "${TUNNEL_NAME}" metric "${TUNNEL_MARK}"
	done
	}

	cleanup() {
	IFS=',' read -ra route <<< "${TUNNEL_STATIC_ROUTE}"
	for i in "${route[@]}"; do
	ip route del "${i}" dev "${TUNNEL_NAME}" metric "${TUNNEL_MARK}"
	done
	}

	delete_interface() {
	ip link set "${TUNNEL_NAME}" down
	ip link del "${TUNNEL_NAME}"
	}

	# main execution starts here

	command_exists ip \|\| echo "ERROR: ip command is required to execute the script, check if you are running as root, mostly to do with path, /sbin/" >&2 2>&2
	command_exists iptables \|\| echo "ERROR: iptables command is required to execute the script, check if you are running as root, mostly to do with path, /sbin/" >&2 2>&2
	command_exists sysctl \|\| echo "ERROR: sysctl command is required to execute the script, check if you are running as root, mostly to do with path, /sbin/" >&2 2>&2

	case "${PLUTO_VERB}" in
	up-client)
	create_interface
	configure_sysctl
	add_route
	echo "A"
	;;
	down-client)
	cleanup
	delete_interface
	;;
	esac