Context Navigation

Changes between Version 2 and Version 3 of vpn_ppp

Timestamp:: 07/22/08 17:52:49 (13 years ago)
Author:: FrankSpierings
Comment:: --

Legend:

: Unmodified
: Added
: Removed
: Modified

vpn_ppp

-              v2
+              v3
 Vuurmuur requires you to specify the interfaces for a certain zone. This can be a problem when interfaces are created on-the-fly. For instance a PPTP server or client will create a pppX interface (where X is a number starting at 0). These interfaces should be dynamically added to vuurmuur.
 When a pppX interface comes online scripts from the ''/etc/ppp/ip-up.d/'' directory will be executed. Parameters will be parsed which define the interface name and the interface IP-address. We can use this to dynamically create and destroy interfaces within vuurmuur.
 The following script will create the pppX interface and it will add it to the '''vpn.local''' network. '''PLEASE SPECIFY YOUR VPN NETWORK! '''
+The following script will create the pppX interface and it will add it to the '''vpn.local''' network. '''PLEASE SPECIFY YOUR VPN NETWORK! networkname="vpn.local" --> '''
+''/etc/ppp/ip-up.d/vuurmuur_ppp.up''
 {{{
+---Script will be added tonight 22-07-2008---
+#!/bin/bash
+networkname="vpn.local"
+vuurmuur="vuurmuur_script"
+interface=$1
+ipaddress=$4
+#Create the interface
+$vuurmuur -C -i $interface
+#Setup interface rules
+$vuurmuur -M -i $interface -V RULE -S "protect against source-routed-packets"
+$vuurmuur -A -M -i $interface -V RULE -S "protect against icmp-redirect"
+$vuurmuur -A -M -i $interface -V RULE -S "protect against send-redirect"
+$vuurmuur -A -M -i $interface -V RULE -S "protect against rp-filter"
+$vuurmuur -A -M -i $interface -V RULE -S "protect against log-martians"
+#Setup the interface options.
+$vuurmuur -M -i $interface -V DEVICE -S $interface
+$vuurmuur -M -i $interface -V IPADDRESS -S $ipaddress
+$vuurmuur -M -i $interface -V VIRTUAL -S No
+$vuurmuur -M -i $interface -V COMMENT -S "Dynamic vpn tunnel interface"
+$vuurmuur -M -i $interface -V ACTIVE -S Yes
+#Add the interface to specified network.
+#--First check which interfaces are already there, don't add the current interface if it is in the list.
+interfaces=`vuurmuur_script -P -n vpn.local | grep INTERFACE | sed s/INTERFACE=\"// | sed s/\"//` #list variables | grep for INTERFACE | del INTERFACE=" | del "
+#loop through current interfaces, add these to current_interfaces array. Do not add our new interface if its already there.
+for current_interface in ${interfaces[@]}
+do
+        if [ "$current_interface" != "$interface" ]
+        then
+                current_interfaces=("${current_interfaces[@]}" $current_interface)
+        fi
+done
+#now add our interface to the current interfaces.
+current_interfaces=("${current_interfaces[@]}" $interface)
+#Loop through the current interfaces. The first entry should overwrite, the rest should be appended.
+for (( i = 0 ; i < ${#current_interfaces[@]} ; i++ ))
+do
+        if [ $i -eq 0 ]
+        then
+                #create
+                $vuurmuur -M -n $networkname -V INTERFACE -S ${current_interfaces[$i]}
+                #echo "Create: ${current_interfaces[$i]}"
+        else
+                #append
+                $vuurmuur -A -M -n $networkname -V INTERFACE -S ${current_interfaces[$i]}
+                #echo "Append: ${current_interfaces[$i]}"
+        fi
+done
+#apply the changes by restarting the /etc/init.d/vuurmuur process.
+/etc/init.d/vuurmuur restart
 }}}
 The following script will remove the pppX interface and it will remove it from the '''vpn.local''' network. '''PLEASE SPECIFY YOUR VPN NETWORK! '''
+The following script will remove the pppX interface and it will remove it from the '''vpn.local''' network. '''PLEASE SPECIFY YOUR VPN NETWORK! networkname="vpn.local" --> '''
+''/etc/ppp/ip-down.d/vuurmuur_ppp.down''
 {{{
+#!/bin/bash
+networkname="vpn.local"
+vuurmuur="vuurmuur_script"
+interface=$1
+ipaddress=$4
+---Script will be added tonight 22-07-2008---
+#Remove the current interface
+$vuurmuur -D -i $interface
+#Add the interface to specified network.
+#--First check which interfaces are already there.
+interfaces=`vuurmuur_script -P -n vpn.local | grep INTERFACE | sed s/INTERFACE=\"// | sed s/\"//` #list variables | grep for INTERFACE | del INTERFACE=" | del "
+#loop through current interfaces, add these to current_interfaces array. Do not add our current interface.
+for current_interface in ${interfaces[@]}
+do
+        if [ "$current_interface" != "$interface" ]
+        then
+                current_interfaces=("${current_interfaces[@]}" $current_interface)
+        fi
+done
+if [ ${#current_interfaces} -eq 0 ]
+then
+        #Remove all interfaces
+        $vuurmuur -M -n $networkname -V INTERFACE -S ""
+else
+        for (( i = 0 ; i < ${#current_interfaces[@]} ; i++ ))
+        do
+                if [ $i -eq 0 ]
+                then
+                        #create
+                        $vuurmuur -M -n $networkname -V INTERFACE -S ${current_interfaces[$i]}
+                        #echo "Create: ${current_interfaces[$i]}"
+                else
+                        #append
+                        $vuurmuur -A -M -n $networkname -V INTERFACE -S ${current_interfaces[$i]}
+                        #echo "Append: ${current_interfaces[$i]}"
+                fi
+        done
+fi
+#apply the changes by restarting the /etc/init.d/vuurmuur process.
+/etc/init.d/vuurmuur restart
 }}}