#!/bin/bash # Used only on the bonders. Takes the interface and checks it against all team config files. # If the interface exists it creates the openvpn tunnel ##### Functions #### start_ovpn(){ ### load config file for the link ### . /usr/ev/bond.d/$NAME/$LINK/config IPADDRESS=/usr/ev/interfaces.d/$IFACE/ip echo $IPADDRESS ### check to see if an ip address exists ### if [ -f $IPADDRESS ]; then IP=`cat $IPADDRESS` echo creating openvpn echo $LINK $IP $PORT $CORE $TUNNEL if [[ -z ${AFFINITY+x} ]]; then LINKID=$(echo $LINK | tr -dc '0-9') AFFINITY=$(( $LINKID % $CPUCOUNT )) fi ### start openvpn tunnel ### if [[ $ENCRYPTION == "false" ]]; then taskset -c $AFFINITY openvpn --daemon ov-$LINK --local $IP --port $PORT --remote $CORE $PORT udp --proto udp --dev $TUNNEL --dev-type tap --fragment 1420 --mssfix --txqueuelen 1000 --keepalive 10 60 --persist-key --persist-tun --log-append $LOG --nice -20 --fast-io --verb 4 --auth none --cipher none --writepid /var/run/openvpn/$TUNNEL.pid --script-security 2 --up "/usr/ev/scripts.d/uptap.sh $LINK $NAME" elif [[ $ENCRYPTION == "new" ]]; then taskset -c $AFFINITY /usr/ev/local/sbin/openvpn --daemon ov-$LINK --config /usr/ev/openvpn/client/tap.conf --local $IP --port $PORT --remote $CORE --dev $TUNNEL --log-append $LOG --writepid /var/run/openvpn/$TUNNEL.pid --up "/usr/ev/scripts.d/uptap.sh $LINK $NAME" elif [[ $ENCRYPTION == "testing" ]]; then taskset -c $AFFINITY /usr/ev/local/sbin/openvpn --daemon ov-$LINK --config /usr/ev/openvpn/client/tap-optimised.conf --local $IP --port $PORT --remote $CORE --dev $TUNNEL --log-append $LOG --writepid /var/run/openvpn/$TUNNEL.pid --up "/usr/ev/scripts.d/uptap.sh $LINK $NAME" elif [[ $ENCRYPTION == "v23_2-base" ]]; then taskset -c $AFFINITY /usr/ev/local/sbin/openvpn --daemon ov-$LINK --config /usr/ev/openvpn/client/v23_2-base.conf --local $IP --remote $CORE --dev $ODEV --port $PORT --log-append /home/ev/logs/openvpn/$ODEV.log --writepid /var/run/openvpn/$ODEV.pid --up "/usr/ev/scripts.d/uptap.sh $LINK $NAME" elif [[ "${ENCRYPTION}" == "gretap" ]]; then echo "GRETAP, configure tunnel with networkd" ip fou add port "${PORT}" ipproto 47 /usr/ev/scripts.d/uptap.sh "$LINK" "$NAME" else taskset -c $AFFINITY openvpn --daemon ov-$LINK --local $IP --port $PORT --remote $CORE $PORT udp --proto udp --dev $TUNNEL --dev-type tap --fragment 1420 --mssfix --txqueuelen 1000 --keepalive 10 60 --persist-key --persist-tun --log-append $LOG --nice -20 --fast-io --verb 4 --secret /etc/openvpn/static.key --writepid /var/run/openvpn/$TUNNEL.pid --script-security 2 --up "/usr/ev/scripts.d/uptap.sh $LINK $NAME" fi tc qdisc add dev $TUNNEL root handle 1: htb default 10 tc class add dev $TUNNEL parent 1:1 classid 1:10 htb rate $BANDWIDTH"Mbit" ceil $BANDWIDTH"Mbit" prio 0 else echo NO IPADDRESS fi } ##### Main ##### ### Set config directory and test ### CONFIG_DIR=/usr/ev/bond.d/ test -d $CONFIG_DIR || exit 0 CPUCOUNT=$(nproc) ### loop through each directory in the config dir ### for CONFIG in `cd $CONFIG_DIR; ls -d * 2> /dev/null`; do echo $CONFIG NAME=$CONFIG ### load the config file ### . $CONFIG_DIR$NAME/$NAME.cfg ### check to see if connected interface is in the team ### TEST=${!2} if [ -n "$TEST" ];then ### get tap name ### TUNNEL=${!1} PIDFILE=/var/run/openvpn/$TUNNEL.pid IFACE=$2 LINK=$1 . $CONFIG_DIR$NAME/$LINK/config ### check to see if the tunnel is already running ### if [ -f "$PIDFILE" ] && ps -p `cat /var/run/openvpn/$TUNNEL.pid` > /dev/null ; then ### check to see if the tunnel is established ### if tail -n 1 $LOG |grep -i 'Initialization Sequence Completed' > /dev/null; then ### add tunnel to team ### /usr/ev/scripts.d/uptap.sh $LINK $NAME echo VPN UP else echo VPN Down fi else ### load openvpn config ### start_ovpn fi else echo $1 is not in $NAME fi done