(tinc) add some scripting, fix some templates

net/tinc/src/opnsense/mvc/app/controllers/OPNsense/Tinc/forms/dialogNetwork.xml

@@ -12,10 +12,10 @@
         <help>Name used for this network</help>
     </field>
     <field>
-        <id>network.network</id>
-        <label>VPN network</label>
+        <id>network.intaddress</id>
+        <label>Network</label>
         <type>text</type>
-        <help>Network for this VPN, where all hosts should fit in.</help>
+        <help>This machines internal address to use and network mask for the whole network</help>
     </field>
     <field>
         <label>This Host</label>
@@ -33,12 +33,6 @@
         <type>text</type>
         <help>This machines external address to use</help>
     </field>
-    <field>
-        <id>network.intaddress</id>
-        <label>Int. Address</label>
-        <type>text</type>
-        <help>This machines internal address to use (within specified subnet)</help>
-    </field>
     <field>
         <id>network.subnet</id>
         <label>Subnet</label>

net/tinc/src/opnsense/mvc/app/models/OPNsense/Tinc/Tinc.xml

@@ -18,7 +18,7 @@
                 </name>
                 <hostname type="TextField">
                     <Required>Y</Required>
-                    <mask>/^([0-9a-zA-Z\.]){1,1024}$/u</mask>
+                    <mask>/^([0-9a-zA-Z\_]){1,1024}$/u</mask>
                     <ValidationMessage>Please specify a valid hostname.</ValidationMessage>
                 </hostname>
                 <extaddress type="NetworkField">
@@ -36,11 +36,6 @@
                     <NetMaskRequired>Y</NetMaskRequired>
                     <FieldSeparator>,</FieldSeparator>
                 </subnet>
-                <network type="NetworkField">
-                    <Required>Y</Required>
-                    <WildcardEnabled>N</WildcardEnabled>
-                    <NetMaskRequired>Y</NetMaskRequired>
-                </network>
                 <privkey type="TextField">
                     <Required>Y</Required>
                 </privkey>
@@ -68,7 +63,7 @@
                 </network>
                 <hostname type="TextField">
                     <Required>Y</Required>
-                    <mask>/^([0-9a-zA-Z\.]){1,1024}$/u</mask>
+                    <mask>/^([0-9a-zA-Z\_]){1,1024}$/u</mask>
                     <ValidationMessage>Please specify a valid hostname.</ValidationMessage>
                 </hostname>
                 <extaddress type="NetworkField">

net/tinc/src/opnsense/scripts/OPNsense/Tinc/lib/objects.py

@@ -30,6 +30,7 @@ class NetwConfObject(object):
         self._payload = dict()
         self._payload['hostname'] = None
         self._payload['network'] = None
+        self._payload['address'] = None
 
     def is_valid(self):
         for key in self._payload:
@@ -47,6 +48,9 @@ class NetwConfObject(object):
     def get_hostname(self):
         return self._payload['hostname']
 
+    def get_network(self):
+        return self._payload['network']
+
     def get_basepath(self):
         return '/usr/local/etc/tinc/%(network)s' % self._payload
 
@@ -55,10 +59,14 @@ class Network(NetwConfObject):
         super(Network, self).__init__()
         self._payload['id'] = None
         self._payload['privkey'] = None
+        self._payload['intaddress'] = None
         self._hosts = list()
 
-    def set_id(self, value):
-        self._payload['id'] = value.text
+    def get_id(self):
+        return self._payload['id']
+
+    def get_local_address(self):
+        return self._payload['intaddress']
 
     def set_hosts(self, hosts):
         for host in hosts:
@@ -92,7 +100,6 @@ class Host(NetwConfObject):
     def __init__(self):
         super(Host, self).__init__()
         self._connectTo = "0"
-        self._payload['address'] = None
         self._payload['subnet'] = None
         self._payload['pubkey'] = None
 

net/tinc/src/opnsense/scripts/OPNsense/Tinc/tincd.py

@@ -29,20 +29,23 @@
     reconfigure tincd, using the supplied configuration
 """
 import os
+import sys
 import tempfile
 import glob
+import pipes
 import xml.etree.ElementTree
+import subprocess
 from lib import objects
 
-def write_file(filename, content):
+def write_file(filename, content, mode=0o600):
     dirname = '/'.join(filename.split('/')[0:-1])
     if not os.path.isdir(dirname):
         os.makedirs(dirname)
     open(filename, 'w').write(content)
+    os.chmod(filename, mode)
 
-def deploy(config_filename):
-    # collect file info
-    config_files=dict()
+def read_config(config_filename):
+    result = list()
     if os.path.isfile(config_filename):
         for network in xml.etree.ElementTree.parse(config_filename).getroot():
             Network_obj = objects.Network()
@@ -50,16 +53,49 @@ def deploy(config_filename):
                 Network_obj.set(network_prop.tag, network_prop)
             # check if config is complete before collecting output files
             if Network_obj.is_valid():
-                for conf_obj in Network_obj.all():
-                    if conf_obj.is_valid():
-                        config_files[conf_obj.filename()] = conf_obj.config_text()
-                # private key
-                tmp = Network_obj.privkey()
-                config_files[tmp['filename']] = tmp['content']
+                # add Network to result
+                result.append(Network_obj)
+
+    return result
+
+def deploy(config_filename):
+    interfaces = (subprocess.check_output(['/sbin/ifconfig','-l'])).split()
+    networks = read_config(config_filename)
     # remove previous configuration
     os.system('rm -rf /usr/local/etc/tinc')
-    # write output
-    for filename in config_files:
-        write_file(filename, config_files[filename])
+    for network in networks:
+        # interface name to use
+        interface_name = 'tinc%s' % network.get_id()
 
-deploy('/usr/local/etc/tinc_deploy.xml')
+        # dump Network and host config
+        for conf_obj in network.all():
+            if conf_obj.is_valid():
+                write_file(conf_obj.filename(), conf_obj.config_text())
+
+        # dump private key
+        tmp = network.privkey()
+        write_file(tmp['filename'], tmp['content'])
+
+        # write if-up file
+        if_up = list()
+        if_up.append("#!/bin/sh")
+        if_up.append("ifconfig %s %s " % (interface_name, pipes.quote(network.get_local_address())))
+        write_file("%s/if-up" % network.get_basepath(), '\n'.join(if_up) + "\n", 0o700)
+
+        # configure and rename new tun device, place all in group "tinc" symlink associated tun device
+        if interface_name not in interfaces:
+            tundev = subprocess.check_output(['/sbin/ifconfig','tun','create']).split()[0]
+            subprocess.call(['/sbin/ifconfig',tundev,'name',interface_name])
+            subprocess.call(['/sbin/ifconfig',interface_name,'group','tinc'])
+            if os.path.islink('/dev/%s' % interface_name):
+                os.remove('/dev/%s' % interface_name)
+            os.symlink('/dev/%s' % tundev, '/dev/%s' % interface_name)
+    return networks
+
+if len(sys.argv) > 1:
+    if sys.argv[1] == 'stop':
+        for instance in glob.glob('/usr/local/etc/tinc/*'):
+            subprocess.call(['/usr/local/sbin/tincd','-n',instance.split('/')[-1], '-k'])
+    elif sys.argv[1] == 'start':
+        for netwrk in deploy('/usr/local/etc/tinc_deploy.xml'):
+            subprocess.call(['/usr/local/sbin/tincd','-n',netwrk.get_network(), '-R'])

net/tinc/src/opnsense/service/templates/OPNsense/Tinc/tinc_deploy.xml

@@ -5,7 +5,9 @@
         <id>{{network.id}}</id>
         <hostname>{{network.hostname}}</hostname>
         <network>{{network.name}}</network>
+        <intaddress>{{network.intaddress}}</intaddress>
         <privkey><![CDATA[{{network.privkey}}]]></privkey>
+        <address>{{network.intaddress}}</address>
         <hosts>
             <host>
                 <hostname>{{network.hostname}}</hostname>