upstream/opnsense-plugins
1
0
Fork 0
mirror of https://github.com/opnsense/plugins.git synced 2026-05-28 04:34:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security/tinc: add routes to remote subnets with "subnet-up" script. for https://github.com/opnsense/plugins/pull/3539

Browse source
This commit is contained in:
Ad Schellevis 2023-09-06 15:16:04 +02:00
parent 1baaa11fe9
commit c6ad8a442b
2 changed files with 16 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
security/tinc/Makefile
View file

@ -1,6 +1,6 @@
PLUGIN_NAME= tinc
PLUGIN_VERSION= 1.6
PLUGIN_REVISION= 5
PLUGIN_REVISION= 6
PLUGIN_COMMENT= Tinc VPN
PLUGIN_DEPENDS= tinc
PLUGIN_MAINTAINER= ad@opnsense.org

16
security/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py
View file

@ -30,10 +30,10 @@
"""
import os
import sys
import tempfile
import glob
import pipes
import xml.etree.ElementTree
import shutil
import subprocess
import ipaddress
from lib import objects
@ -96,6 +96,20 @@ def deploy(config_filename):
if_up.append("configctl interface %s %s" % (interface_configd, interface_name))
write_file("%s/tinc-up" % network.get_basepath(), '\n'.join(if_up) + "\n", 0o700)
# write subnet-up file and ship required binaries into the chroot
chroot_needs = set(['/bin/sh', '/sbin/route', '/libexec/ld-elf.so.1'])
for item in list(chroot_needs):
for line in subprocess.run(['/usr/bin/ldd', item], capture_output=True, text=True).stdout.split('\n'):
if line.find('=>') > 0:
chroot_needs.add(line.split('=>')[1].strip().split()[0])
for filename in chroot_needs:
os.makedirs('%s%s' % (network.get_basepath(), os.path.dirname(filename)), exist_ok=True)
shutil.copy(filename, '%s/%s' % (network.get_basepath(), filename))
write_file("%s/subnet-up" % network.get_basepath(), '\n'.join([
"#!/bin/sh",
"route add $SUBNET -iface %s\n" % interface_name
]), 0o700)
# configure and rename new tun device, place all in group "tinc" symlink associated tun device
if interface_name not in interfaces:
tundev = subprocess.run(['/sbin/ifconfig', interface_type, 'create'],