You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by al...@apache.org on 2012/06/16 00:38:02 UTC
[7/51] [abbrv] git commit: VPC : add vpc_vpn_l2tp.sh
VPC : add vpc_vpn_l2tp.sh
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/2deba9bd
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/2deba9bd
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/2deba9bd
Branch: refs/heads/vpc
Commit: 2deba9bd86ed53afe3e54adcf124a71e2cd7a06e
Parents: e69561b
Author: anthony <an...@cloud.com>
Authored: Tue Jun 12 17:09:50 2012 -0700
Committer: Alena Prokharchyk <al...@citrix.com>
Committed: Fri Jun 15 14:32:56 2012 -0700
----------------------------------------------------------------------
.../debian/vpn/opt/cloud/bin/vpc_vpn_l2tp.sh | 174 +++++++++++++++
wscript | 2 +-
2 files changed, 175 insertions(+), 1 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/2deba9bd/patches/systemvm/debian/vpn/opt/cloud/bin/vpc_vpn_l2tp.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/vpn/opt/cloud/bin/vpc_vpn_l2tp.sh b/patches/systemvm/debian/vpn/opt/cloud/bin/vpc_vpn_l2tp.sh
new file mode 100755
index 0000000..574fd69
--- /dev/null
+++ b/patches/systemvm/debian/vpn/opt/cloud/bin/vpc_vpn_l2tp.sh
@@ -0,0 +1,174 @@
+#!/bin/bash
+# Copyright 2012 Citrix Systems, Inc. Licensed under the
+# Apache License, Version 2.0 (the "License"); you may not use this
+# file except in compliance with the License. Citrix Systems, Inc.
+# reserves all rights not expressly granted by the License.
+# You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Automatically generated by addcopyright.py at 04/03/2012
+
+
+
+
+
+
+#set -x
+usage() {
+ printf "Usage:\n"
+ printf "Create VPN : %s -c -r <ip range for clients> -l <local ip> -p <ipsec psk> -s <public ip> -D <eth for public ip> -z < zone cidr> \n" $(basename $0)
+ printf "Delete VPN : %s -d -l <local ip> -s <public ip> -D <eth for public ip> -z < zone cidr> \n" $(basename $0)
+ printf "Add VPN User : %s -u <username,password> \n" $(basename $0)
+ printf "Remote VPN User: %s -U <username \n" $(basename $0)
+}
+
+iptables_() {
+ local op=$1
+ local public_ip=$2
+
+ sudo iptables $op INPUT -i $dev -d $public_ip -p udp --dport 500 -j ACCEPT
+ sudo iptables $op INPUT -i $dev -d $public_ip -p udp --dport 4500 -j ACCEPT
+ sudo iptables $op INPUT -i $dev -d $public_ip -p udp --dport 1701 -j ACCEPT
+ sudo iptables $op INPUT -i $dev -p ah -j ACCEPT
+ sudo iptables $op INPUT -i $dev -p esp -j ACCEPT
+ sudo iptables $op FORWARD -i ppp+ -d $zcidr -j ACCEPT
+ sudo iptables $op FORWARD -i ppp+ -o ppp+ -j ACCEPT
+ sudo iptables $op INPUT -i ppp+ -p udp --dport 53 -j ACCEPT
+ sudo iptables -t nat $op PREROUTING -i ppp+ -p udp --dport 53 -j DNAT --to-destination $local_ip
+}
+
+ipsec_server() {
+ local op=$1
+ if [ "$op" == "restart" ]
+ then
+ service ipsec stop
+ service xl2tpd stop
+ service ipsec start
+ service xl2tpd start
+ return $?
+ fi
+ service ipsec $op
+ service xl2tpd $op
+}
+
+create_l2tp_ipsec_vpn_server() {
+ local ipsec_psk=$1
+ local public_ip=$2
+ local client_range=$3
+ local local_ip=$4
+
+ sed -i -e "s/left=.*$/left=$public_ip/" /etc/ipsec.d/l2tp.conf
+ echo ": PSK \"$ipsec_psk\"" > /etc/ipsec.d/ipsec.any.secrets
+ sed -i -e "s/^ip range = .*$/ip range = $client_range/" /etc/xl2tpd/xl2tpd.conf
+ sed -i -e "s/^local ip = .*$/local ip = $local_ip/" /etc/xl2tpd/xl2tpd.conf
+
+ sed -i -e "s/^ms-dns.*$/ms-dns $local_ip/" /etc/ppp/options.xl2tpd
+
+ iptables_ "-D" $public_ip
+ iptables_ "-I" $public_ip
+
+ ipsec_server "restart"
+
+ ipsec auto --rereadsecrets
+ ipsec auto --replace L2TP-PSK
+}
+
+destroy_l2tp_ipsec_vpn_server() {
+ local public_ip=$1
+
+ ipsec auto --down L2TP-PSK
+
+ iptables_ "-D" $public_ip
+
+ ipsec_server "stop"
+}
+
+remove_l2tp_ipsec_user() {
+ local u=$1
+ sed -i -e "/^$u .*$/d" /etc/ppp/chap-secrets
+ if [ -x /usr/bin/tdbdump ]; then
+ pid=$(tdbdump /var/run/pppd2.tdb | grep -w $u | awk -F';' '{print $4}' | awk -F= '{print $2}')
+ [ "$pid" != "" ] && kill -9 $pid
+ fi
+ return 0
+}
+
+add_l2tp_ipsec_user() {
+ local u=$1
+ local passwd=$2
+
+ remove_l2tp_ipsec_user $u
+ echo "$u * $passwd *" >> /etc/ppp/chap-secrets
+}
+
+rflag=
+pflag=
+lflag=
+sflag=
+create=
+destroy=
+useradd=
+userdel=
+
+while getopts 'cdl:p:r:s:u:U:D:z' OPTION
+do
+ case $OPTION in
+ c) create=1
+ ;;
+ d) destroy=1
+ ;;
+ u) useradd=1
+ user_pwd="$OPTARG"
+ ;;
+ U) userdel=1
+ user="$OPTARG"
+ ;;
+ r) rflag=1
+ client_range="$OPTARG"
+ ;;
+ p) pflag=1
+ ipsec_psk="$OPTARG"
+ ;;
+ l) lflag=1
+ local_ip="$OPTARG"
+ ;;
+ s) sflag=1
+ server_ip="$OPTARG"
+ ;;
+ D) dev="$OPTARG"
+ ;;
+ z) zcidr="$OPTARG"
+ ;;
+ ?) usage
+ exit 2
+ ;;
+ esac
+done
+
+[ "$create$destroy" == "11" ] || [ "$create$destroy$useradd$userdel" == "" ] && usage && exit 2
+[ "$create" == "1" ] && [ "$lflag$pflag$rflag$sflag" != "1111" ] && usage && exit 2
+
+if [ "$create" == "1" ]; then
+ create_l2tp_ipsec_vpn_server $ipsec_psk $server_ip $client_range $local_ip
+ exit $?
+fi
+
+if [ "$destroy" == "1" ]; then
+ destroy_l2tp_ipsec_vpn_server $server_ip
+ exit $?
+fi
+
+if [ "$useradd" == "1" ]; then
+ u=$(echo $user_pwd | awk -F',' '{print $1}')
+ pwd=$(echo $user_pwd | awk -F',' '{print $2}')
+ add_l2tp_ipsec_user $u $pwd
+ exit $?
+fi
+if [ "$userdel" == "1" ]; then
+ remove_l2tp_ipsec_user $user
+ exit $?
+fi
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/2deba9bd/wscript
----------------------------------------------------------------------
diff --git a/wscript b/wscript
index 9507336..48c01a8 100644
--- a/wscript
+++ b/wscript
@@ -5,7 +5,7 @@
# if you change 'em here, you need to change it also in cloud.spec, add a %changelog entry there, and add an entry in debian/changelog
-VERSION = '3.0.3.2012-06-12T21:55:09Z'
+VERSION = '3.0.3'
APPNAME = 'cloud'
import shutil,os