3 Copyright (C) 2014 Lance Fredrickson
4 lancethepants@gmail.com
16 const char *connecto
, *name
, *address
, *port
, *compression
, *subnet
, *rsa
, *ed25519
, *custom
, *tinc_tmp_value
;
17 char buffer
[BUF_SIZE
];
21 // create tinc directories
22 mkdir("/etc/tinc", 0700);
23 mkdir("/etc/tinc/hosts", 0700);
26 // write private rsa key
27 if ( strcmp( tinc_tmp_value
= nvram_safe_get("tinc_private_rsa"), "") != 0 ){
28 if ( !( fp
= fopen( "/etc/tinc/rsa_key.priv", "w" ))){
29 perror( "/etc/tinc/rsa_key.priv" );
32 fprintf(fp
, "%s\n", tinc_tmp_value
);
34 chmod("/etc/tinc/rsa_key.priv", 0600);
38 // write private ed25519 key
39 if ( strcmp( tinc_tmp_value
= nvram_safe_get("tinc_private_ed25519"), "") != 0 ){
40 if ( !( fp
= fopen( "/etc/tinc/ed25519_key.priv", "w" ))){
41 perror( "/etc/tinc/ed25519_key.priv" );
44 fprintf(fp
, "%s\n", tinc_tmp_value
);
46 chmod("/etc/tinc/ed25519_key.priv", 0600);
51 if ( !( fp
= fopen( "/etc/tinc/tinc.conf", "w" ))){
52 perror( "/etc/tinc/tinc.conf" );
57 fprintf(fp
, "Name = %s\n", nvram_safe_get( "tinc_name" ));
59 fprintf(fp
, "Interface = tinc\n" );
61 fprintf(fp
, "DeviceType = %s\n", nvram_safe_get( "tinc_devicetype" ));
64 if (nvram_match("tinc_devicetype", "tun")){
65 fprintf(fp
, "Mode = router\n");
67 else if (nvram_match("tinc_devicetype", "tap")){
68 fprintf(fp
, "Mode = %s\n", nvram_safe_get( "tinc_mode" ));
72 // create tinc host files
73 nvp
= nv
= strdup(nvram_safe_get("tinc_hosts"));
75 while ((b
= strsep(&nvp
, ">")) != NULL
) {
77 if (vstrsep(b
, "<", &connecto
, &name
, &address
, &port
, &compression
, &subnet
, &rsa
, &ed25519
, &custom
) != 9) continue;
79 sprintf(&buffer
[0], "/etc/tinc/hosts/%s", name
);
80 if ( !( hp
= fopen( &buffer
[0], "w" ))){
85 // write Connecto's to tinc.conf, excluding the host system if connecto is enabled
86 if ( (strcmp( connecto
, "1") == 0 ) && (strcmp( nvram_safe_get("tinc_name"), name
) != 0 ) ){
87 fprintf(fp
, "ConnectTo = %s\n", name
);
90 if ( strcmp( rsa
, "" ) != 0 )
91 fprintf(hp
, "%s\n", rsa
);
93 if ( strcmp( ed25519
, "" ) != 0 )
94 fprintf(hp
, "%s\n", ed25519
);
96 if ( strcmp( address
, "" ) != 0 )
97 fprintf(hp
, "Address = %s\n", address
);
99 if ( strcmp( subnet
, "" ) != 0 )
100 fprintf(hp
, "Subnet = %s\n", subnet
);
102 if ( strcmp( compression
, "" ) != 0 )
103 fprintf(hp
, "Compression = %s\n", compression
);
105 if ( strcmp( port
, "") != 0 )
106 fprintf(hp
, "Port = %s\n", port
);
108 if ( strcmp( custom
, "") != 0 )
109 fprintf(hp
, "%s\n", custom
);
113 // generate tinc-up and firewall scripts
114 if ( strcmp( nvram_safe_get("tinc_name"), name
) == 0 ){
116 // create tinc-up script if this is the host system.
118 if ( !( hp
= fopen( "/etc/tinc/tinc-up", "w" ))){
119 perror( "/etc/tinc/tinc-up" );
123 fprintf(hp
, "#!/bin/sh\n" );
125 // Determine whether automatically generate tinc-up, or use manually supplied script.
126 if ( !nvram_match("tinc_manual_tinc_up", "1") ){
128 if (nvram_match("tinc_devicetype", "tun")){
129 fprintf(hp
, "ifconfig $INTERFACE %s netmask %s\n", nvram_safe_get("lan_ipaddr"), nvram_safe_get("tinc_vpn_netmask") );
131 else if (nvram_match("tinc_devicetype", "tap")){
132 fprintf(hp
, "brctl addif %s $INTERFACE\n", nvram_safe_get("lan_ifname") );
133 fprintf(hp
, "ifconfig $INTERFACE 0.0.0.0 promisc up\n" );
137 fprintf(hp
, "%s\n", nvram_safe_get("tinc_tinc_up") );
141 chmod("/etc/tinc/tinc-up", 0744);
143 // Create firewall script.
144 if ( !( hp
= fopen( "/etc/tinc/tinc-fw.sh", "w" ))){
145 perror( "/etc/tinc/tinc-fw.sh" );
149 fprintf(hp
, "#!/bin/sh\n" );
151 if ( !nvram_match("tinc_manual_firewall", "2") ){
153 if ( strcmp( port
, "") == 0 )
156 fprintf(hp
, "iptables -I INPUT -p udp --dport %s -j ACCEPT\n", port
);
157 fprintf(hp
, "iptables -I INPUT -p tcp --dport %s -j ACCEPT\n", port
);
160 fprintf(hp
, "iptables -I INPUT -i tinc -j ACCEPT\n" );
161 fprintf(hp
, "iptables -I FORWARD -i tinc -j ACCEPT\n" );
167 fprintf(hp
, "ip6tables -I INPUT -p udp --dport %s -j ACCEPT\n", port
);
168 fprintf(hp
, "ip6tables -I INPUT -p tcp --dport %s -j ACCEPT\n", port
);
170 fprintf(hp
, "ip6tables -I INPUT -i tinc -j ACCEPT\n" );
171 fprintf(hp
, "ip6tables -I FORWARD -i tinc -j ACCEPT\n" );
176 if ( !nvram_match("tinc_manual_firewall", "0") ){
179 fprintf(hp
, "%s\n", nvram_safe_get("tinc_firewall") );
184 chmod("/etc/tinc/tinc-fw.sh", 0744);
188 // Write tinc.conf custom configuration
189 if ( strcmp( tinc_tmp_value
= nvram_safe_get("tinc_custom"), "") != 0 )
190 fprintf(fp
, "%s\n", tinc_tmp_value
);
196 if ( strcmp( tinc_tmp_value
= nvram_safe_get("tinc_tinc_down"), "") != 0 ){
197 if ( !( fp
= fopen( "/etc/tinc/tinc-down", "w" ))){
198 perror( "/etc/tinc/tinc-down" );
201 fprintf(fp
, "#!/bin/sh\n" );
202 fprintf(fp
, "%s\n", tinc_tmp_value
);
204 chmod("/etc/tinc/tinc-down", 0744);
208 if ( strcmp( tinc_tmp_value
= nvram_safe_get("tinc_host_up"), "") != 0 ){
209 if ( !( fp
= fopen( "/etc/tinc/host-up", "w" ))){
210 perror( "/etc/tinc/host-up" );
213 fprintf(fp
, "#!/bin/sh\n" );
214 fprintf(fp
, "%s\n", tinc_tmp_value
);
216 chmod("/etc/tinc/host-up", 0744);
220 if ( strcmp( tinc_tmp_value
= nvram_safe_get("tinc_host_down"), "") != 0 ){
221 if ( !( fp
= fopen( "/etc/tinc/host-down", "w" ))){
222 perror( "/etc/tinc/host-down" );
225 fprintf(fp
, "#!/bin/sh\n" );
226 fprintf(fp
, "%s\n", tinc_tmp_value
);
228 chmod("/etc/tinc/host-down", 0744);
232 if ( strcmp( tinc_tmp_value
= nvram_safe_get("tinc_subnet_up"), "") != 0 ){
233 if ( !( fp
= fopen( "/etc/tinc/subnet-up", "w" ))){
234 perror( "/etc/tinc/subnet-up" );
237 fprintf(fp
, "#!/bin/sh\n" );
238 fprintf(fp
, "%s\n", tinc_tmp_value
);
240 chmod("/etc/tinc/subnet-up", 0744);
244 if ( strcmp( tinc_tmp_value
= nvram_safe_get("tinc_subnet_down"), "") != 0 ){
245 if ( !( fp
= fopen( "/etc/tinc/subnet-down", "w" ))){
246 perror( "/etc/tinc/subnet-down" );
249 fprintf(fp
, "#!/bin/sh\n" );
250 fprintf(fp
, "%s\n", tinc_tmp_value
);
252 chmod("/etc/tinc/subnet-down", 0744);
256 // Make sure module is loaded
258 f_wait_exists("/dev/net/tun", 5);
260 run_tinc_firewall_script();
261 xstart( "/usr/sbin/tinc", "start" );
267 killall("tincd", SIGTERM
);
268 system( "/bin/sed -i \'s/-A/-D/g;s/-I/-D/g\' /etc/tinc/tinc-fw.sh\n");
269 run_tinc_firewall_script();
270 system( "/bin/rm -rf /etc/tinc\n" );
274 void run_tinc_firewall_script(void){
278 if ((fp
= fopen( "/etc/tinc/tinc-fw.sh", "r" ))){
281 system( "/etc/tinc/tinc-fw.sh" );
287 void start_tinc_wanup(void){
289 if ( nvram_match("tinc_wanup", "1") )