+2016.07.08 -- Version 0.3.6
+
+* fixed build for GCC-6 and C++0x
+* fixed some libgcrypt warnings @ anytun-showtables and anytun-config
+* added systemd unit files and gernator
+
2014.08.26 -- Version 0.3.5
* added an exception to the license which allows linking with OpenSSL
Installation
============
-Getting the source via subversion:
-----------------------------------
+Getting the source via GIT:
+---------------------------
-svn co http://svn.anytun.org/anytun/trunk anytun
+git clone https://git.spreadspace.org/anytun/anytun.git
cd anytun
Building from source
line. One line for each name. Empty lines and lines starting with # are ignored.
+systemd usage
+-------------
+
+Using the provided service units, anytun can now be started and managed via Systemd.
+As with the init.d script, each VPN or anytun instance, identified by it's $vpnname,
+ needs it's own configuration subdirectory. E.g.: ${PREFIX}/etc/anytun/${vpnname}/.
+For each such CLIENT instance, use the following command to enable it:
+
+# systemctl enable anytun@${vpnname}.service
+
+Manually start and stop instances by replacing enable with start or stop.
+
Errors:
=======
#!/bin/sh
set -e
-BOOST=1.55.0
+BOOST=1.58.0
BOOST_DASH=`echo $BOOST | perl -ne 's/\./_/g; print'`
echo $BOOST_DASH
#!/bin/sh
set -e
-OPENSSL=openssl-1.0.1h
+OPENSSL=openssl-1.0.2h
BASE=`pwd`
wget http://openssl.org/source/$OPENSSL.tar.gz -O - | tar xz
for target in w32 w64; do
if [ "$target" = "w32" ]; then
- LIBGCC_DLL=/usr/lib/gcc/i686-w64-mingw32/`i686-w64-mingw32-g++ -dumpversion`/libgcc_s_sjlj-1.dll
- LIBSTDCPP_DLL=/usr/lib/gcc/i686-w64-mingw32/`i686-w64-mingw32-g++ -dumpversion`/libstdc++-6.dll
+ LIBGCC_DLL=/usr/lib/gcc/i686-w64-mingw32/`i686-w64-mingw32-g++ -dumpversion | sed 's/^\([0-9]*\.[0-9]*\).*/\1-win32/'`/libgcc_s_sjlj-1.dll
+ LIBSTDCPP_DLL=/usr/lib/gcc/i686-w64-mingw32/`i686-w64-mingw32-g++ -dumpversion | sed 's/^\([0-9]*\.[0-9]*\).*/\1-win32/'`/libstdc++-6.dll
else
- LIBGCC_DLL=/usr/lib/gcc/i686-w64-mingw32/`i686-w64-mingw32-g++ -dumpversion`/libgcc_s_sjlj-1.dll
- LIBSTDCPP_DLL=/usr/lib/gcc/i686-w64-mingw32/`i686-w64-mingw32-g++ -dumpversion`/libstdc++-6.dll
+ LIBGCC_DLL=/usr/lib/gcc/x86_64-w64-mingw32/`x86_64-w64-mingw32-g++ -dumpversion | sed 's/^\([0-9]*\.[0-9]*\).*/\1-win32/'`/libgcc_s_seh-1.dll
+ LIBSTDCPP_DLL=/usr/lib/gcc/x86_64-w64-mingw32/`x86_64-w64-mingw32-g++ -dumpversion | sed 's/^\([0-9]*\.[0-9]*\).*/\1-win32/'`/libstdc++-6.dll
fi
mkdir anytun-$VER-$target
cp anytun-$target/*.exe anytun-$VER-$target
--- /dev/null
+diff -Nur openssl-1.0.2h.orig/config openssl-1.0.2h/config
+--- openssl-1.0.2h.orig/config 2016-05-03 15:44:42.000000000 +0200
++++ openssl-1.0.2h/config 2016-07-03 12:17:28.705241215 +0200
+@@ -877,11 +877,11 @@
+ # options="$options -DATALLA"
+ #fi
+
+-if expr "$options" : '.*no\-asm' > /dev/null; then :; else
+- sh -c "$CROSS_COMPILE${CC:-gcc} -Wa,--help -c -o /tmp/null.$$.o -x assembler /dev/null && rm /tmp/null.$$.o" 2>&1 | \
+- grep \\--noexecstack >/dev/null && \
+- options="$options -Wa,--noexecstack"
+-fi
++#if expr "$options" : '.*no\-asm' > /dev/null; then :; else
++# sh -c "$CROSS_COMPILE${CC:-gcc} -Wa,--help -c -o /tmp/null.$$.o -x assembler /dev/null && rm /tmp/null.$$.o" 2>&1 | \
++# grep \\--noexecstack >/dev/null && \
++# options="$options -Wa,--noexecstack"
++#fi
+
+ # gcc < 2.8 does not support -march=ultrasparc
+ if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]
+diff -Nur openssl-1.0.2h.orig/Configure openssl-1.0.2h/Configure
+--- openssl-1.0.2h.orig/Configure 2016-05-03 15:44:42.000000000 +0200
++++ openssl-1.0.2h/Configure 2016-07-03 12:17:28.705241215 +0200
+@@ -599,7 +599,7 @@
+ "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
+
+ # MinGW
+-"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall::-D_MT:MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin:.dll.a",
++"mingw", "gcc:-mno-cygwin -DL_ENDIAN -DWIN32_LEAN_AND_MEAN -fomit-frame-pointer -O3 -march=i486 -Wall::-D_MT:MINGW32:-lws2_32 -lgdi32 -lcrypt32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_asm}:coff:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin -Wl,--export-all -shared:.dll.a",
+ # As for OPENSSL_USE_APPLINK. Applink makes it possible to use .dll
+ # compiled with one compiler with application compiled with another
+ # compiler. It's possible to engage Applink support in mingw64 build,
+@@ -607,7 +607,7 @@
+ # handling, one can't seriously consider its binaries for using with
+ # non-mingw64 run-time environment. And as mingw64 is always consistent
+ # with itself, Applink is never engaged and can as well be omitted.
+-"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin:.dll.a",
++"mingw64", "gcc:-mno-cygwin -DL_ENDIAN -O3 -Wall -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE::-D_MT:MINGW64:-lws2_32 -lgdi32 -lcrypt32:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${x86_64_asm}:mingw64:win32:cygwin-shared:-D_WINDLL:-mno-cygwin -Wl,--export-all -shared:.dll.a",
+
+ # UWIN
+ "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
+@@ -1005,7 +1005,7 @@
+ }
+ else
+ {
+- die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
++ #die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
+ $target=$_;
+ }
+
'\" t
.\" Title: anytun-config
.\" Author: [see the "AUTHORS" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 08/26/2014
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 07/08/2016
.\" Manual: \ \&
.\" Source: \ \&
.\" Language: English
.\"
-.TH "ANYTUN\-CONFIG" "8" "08/26/2014" "\ \&" "\ \&"
+.TH "ANYTUN\-CONFIG" "8" "07/08/2016" "\ \&" "\ \&"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
'\" t
.\" Title: anytun-controld
.\" Author: [see the "AUTHORS" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 08/26/2014
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 07/08/2016
.\" Manual: \ \&
.\" Source: \ \&
.\" Language: English
.\"
-.TH "ANYTUN\-CONTROLD" "8" "08/26/2014" "\ \&" "\ \&"
+.TH "ANYTUN\-CONTROLD" "8" "07/08/2016" "\ \&" "\ \&"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
'\" t
.\" Title: anytun-showtables
.\" Author: [see the "AUTHORS" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 08/26/2014
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 07/08/2016
.\" Manual: \ \&
.\" Source: \ \&
.\" Language: English
.\"
-.TH "ANYTUN\-SHOWTABLES" "8" "08/26/2014" "\ \&" "\ \&"
+.TH "ANYTUN\-SHOWTABLES" "8" "07/08/2016" "\ \&" "\ \&"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
'\" t
.\" Title: anytun
.\" Author: [see the "AUTHORS" section]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\" Date: 08/26/2014
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 07/08/2016
.\" Manual: \ \&
.\" Source: \ \&
.\" Language: English
.\"
-.TH "ANYTUN" "8" "08/26/2014" "\ \&" "\ \&"
+.TH "ANYTUN" "8" "07/08/2016" "\ \&" "\ \&"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
# Description: Enables networking over vpn tunnel interfaces
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-DAEMON=/usr/sbin/anytun
-ANYTUNCONFIG=/usr/bin/anytun-config
-CONTROLDAEMON=/usr/bin/anytun-controld
-NAME=anytun
-DESC=anytun
-CONFIG_DIR=/etc/anytun
-VARCONFIG_DIR=/var/run/anytun-controld
-VARRUN_DIR=/var/run/$NAME/
-
-test -x $DAEMON || exit 0
+DAEMON=anytun
+LAUNCHER=/usr/local/lib/$DAEMON-launcher
+DESC="secure anycast tunneling daemon"
+CONFIG_DIR=/usr/local/etc/$DAEMON
+VARCONTROL_DIR=/var/run/$DAEMON-controld
+VARRUN_DIR=/var/run/$DAEMON/
# Include anytun defaults if available
if [ -f /etc/default/anytun ] ; then
. /etc/default/anytun
fi
+. /lib/lsb/init-functions
+
start_vpn () {
STATUS="OK"
- if [ -f $CONFIG_DIR/$NAME/config ] ; then
- POSTUP=''
- test -f $CONFIG_DIR/$NAME/post-up.sh && POSTUP="-x $CONFIG_DIR/$NAME/post-up.sh"
- CHROOTDIR=`grep '^chroot' < $CONFIG_DIR/$NAME/config | sed 's/chroot\s*//'`
- if [ -n "$CHROOTDIR" ] ; then
- test -d $CHROOTDIR || mkdir -p $CHROOTDIR
- fi
- test -d $VARRUN_DIR || mkdir -p $VARRUN_DIR
- DAEMONARG=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e '\w' | sed 's/^/--/' | tr '\n' ' '`
- $DAEMON --write-pid $VARRUN_DIR/$NAME.pid $POSTUP \
- $DAEMONOPTS $DAEMONARG || STATUS="FAILED"
+ if [ -f $CONFIG_DIR/$1/config ] ; then
+ $LAUNCHER vpn $1 || STATUS="FAILED"
else
- STATUS="no config found"
+ STATUS=" no config found"
fi
- start_configd
+ start_configd $1
echo -n "($STATUS)"
}
stop_vpn () {
kill `cat $PIDFILE` || true
rm $PIDFILE
- stop_configd
+ stop_configd $1
}
start_configd () {
- if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then
- test -d $VARCONFIG_DIR || mkdir -p $VARCONFIG_DIR
- chmod 700 $VARCONFIG_DIR
- rm -f $VARCONFIG_DIR/$NAME 2>/dev/null
- KDPRF=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e 'kd-prf' | sed 's/^/ --/' | xargs echo`
- for CLIENTNAME in `ls $CONFIG_DIR/$NAME/conf.d`; do
- echo -n " ($CLIENTNAME)"
- DAEMONARG=`sed 's/#.*//' < $CONFIG_DIR/$NAME/conf.d/$CLIENTNAME | grep -e '\w' | sed 's/^/ --/' | xargs echo`
- $ANYTUNCONFIG $DAEMONARG $CIPHER $AUTHALGO $KDPRF >> $VARCONFIG_DIR/$NAME
- done
- CONTROLHOST=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e 'control-host' | sed 's/^/ --/' | xargs echo`
- $CONTROLDAEMON -f $VARCONFIG_DIR/$NAME $DAEMONOPTS $CONTROLHOST \
- --write-pid $VARCONFIG_DIR/$NAME.pid
- # rm -f $VARCONFIG_DIR/$NAME
- fi
+ $LAUNCHER configd $1
}
stop_configd () {
- if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then
- echo -n " ($NAME-controlld)"
- kill `cat $VARCONFIG_DIR/$NAME.pid` || true
- rm $VARCONFIG_DIR/$NAME.pid
- fi
+ if [ -d $CONFIG_DIR/$1/conf.d ] ; then
+ echo -n " ($1-controlld)"
+ kill `cat $VARCONTROL_DIR/$1.pid` || true
+ rm $VARCONTROL_DIR/$1.pid
+ fi
}
set -e
case "$1" in
start)
- echo -n "Starting $DESC:"
- if test -z "$2" ; then
- if [ -f $CONFIG_DIR/autostart ] ; then
- for NAME in `sed 's/#.*//' < $CONFIG_DIR/autostart | grep -e '\w'`; do
- echo -n " $NAME"
- start_vpn
- done
+ echo -n "Starting $DESC:"
+ if test -z "$2" ; then
+ if [ -f $CONFIG_DIR/autostart ] ; then
+ for NAME in `sed 's/#.*//' < $CONFIG_DIR/autostart | grep -e '\w'`; do
+ echo -n " $NAME"
+ start_vpn $NAME
+ done
+ else
+ echo "no config found"
+ exit 1;
+ fi
else
- echo "no config found"
- exit 1;
+ while shift ; do
+ [ -z "$1" ] && break
+ echo -n " $1"
+ start_vpn $1
+ done
fi
- else
- while shift ; do
- [ -z "$1" ] && break
- NAME=$1
- echo -n " $NAME"
- start_vpn
- done
- fi
- echo "."
- ;;
+ echo "."
+ ;;
stop)
- echo -n "Stoping $DESC:"
- if test -z "$2" ; then
- for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do
- NAME=`basename $PIDFILE`
- NAME=${NAME%%.pid}
- echo -n " $NAME"
- stop_vpn
- done
- else
- while shift ; do
- [ -z "$1" ] && break
- if test -e $VARRUN_DIR/$1.pid ; then
- PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null`
+ echo -n "Stoping $DESC:"
+ if test -z "$2" ; then
+ for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do
NAME=`basename $PIDFILE`
NAME=${NAME%%.pid}
echo -n " $NAME"
- stop_vpn
- else
- echo -n " (failure: No such tunnel is running: $1)"
- fi
- done
- fi
- echo "."
- ;;
+ stop_vpn $NAME
+ done
+ else
+ while shift ; do
+ [ -z "$1" ] && break
+ if test -e $VARRUN_DIR/$1.pid ; then
+ PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null`
+ NAME=`basename $PIDFILE`
+ NAME=${NAME%%.pid}
+ echo -n " $NAME"
+ stop_vpn $NAME
+ else
+ echo -n " (failure: No such tunnel is running: $1)"
+ fi
+ done
+ fi
+ echo "."
+ ;;
reload)
- echo -n "Reloading $DESC:"
- if test -z "$2" ; then
- for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do
- NAME=`basename $PIDFILE`
- NAME=${NAME%%.pid}
- echo -n " $NAME"
- if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then
- stop_vpn
- start_vpn
- else
- stop_configd
- start_configd
- fi
- done
- else
- while shift ; do
- [ -z "$1" ] && break
- if test -e $VARRUN_DIR/$1.pid ; then
- PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null`
+ echo -n "Reloading $DESC:"
+ if test -z "$2" ; then
+ for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do
NAME=`basename $PIDFILE`
NAME=${NAME%%.pid}
echo -n " $NAME"
if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then
- stop_vpn
- start_vpn
+ stop_vpn $NAME
+ start_vpn $NAME
else
- stop_configd
- start_configd
+ stop_configd $NAME
+ start_configd $NAME
fi
- else
- echo -n " (failure: No such tunnel is running: $1)"
- fi
- done
- fi
- echo "."
- ;;
+ done
+ else
+ while shift ; do
+ [ -z "$1" ] && break
+ if test -e $VARRUN_DIR/$1.pid ; then
+ PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null`
+ NAME=`basename $PIDFILE`
+ NAME=${NAME%%.pid}
+ echo -n " $NAME"
+ if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then
+ stop_vpn $NAME
+ start_vpn $NAME
+ else
+ stop_configd $NAME
+ start_configd $NAME
+ fi
+ else
+ echo -n " (failure: No such tunnel is running: $1)"
+ fi
+ done
+ fi
+ echo "."
+ ;;
force-reload)
- echo -n "Restarting $DESC:"
- if test -z "$2" ; then
- for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do
- NAME=`basename $PIDFILE`
- NAME=${NAME%%.pid}
- echo -n " $NAME"
- stop_vpn
- sleep 1
- start_vpn
- done
- else
- while shift ; do
- [ -z "$1" ] && break
- if test -e $VARRUN_DIR/$1.pid ; then
- PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null`
+ echo -n "Restarting $DESC:"
+ if test -z "$2" ; then
+ for PIDFILE in `ls $VARRUN_DIR/*.pid 2> /dev/null`; do
NAME=`basename $PIDFILE`
NAME=${NAME%%.pid}
echo -n " $NAME"
- stop_vpn
+ stop_vpn $NAME
sleep 1
- start_vpn
- else
- echo -n " (failure: No such tunnel is running: $1)"
- fi
- done
- fi
- echo "."
- ;;
+ start_vpn $NAME
+ done
+ else
+ while shift ; do
+ [ -z "$1" ] && break
+ if test -e $VARRUN_DIR/$1.pid ; then
+ PIDFILE=`ls $VARRUN_DIR/$1.pid 2> /dev/null`
+ NAME=`basename $PIDFILE`
+ NAME=${NAME%%.pid}
+ echo -n " $NAME"
+ stop_vpn $NAME
+ sleep 1
+ start_vpn $NAME
+ else
+ echo -n " (failure: No such tunnel is running: $1)"
+ fi
+ done
+ fi
+ echo "."
+ ;;
restart)
SCRIPT=$0
shift
$SCRIPT stop $*
sleep 1
$SCRIPT start $*
- ;;
+ ;;
*)
- N=/etc/init.d/$NAME
- echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
- exit 1
- ;;
+ N=/etc/init.d/$DAEMON
+ echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
+ exit 1
+ ;;
esac
exit 0
ANYCONFSRCS := $(ANYCONFOBJS:%.o=%.cpp)
EXESRCS := $(EXEOBJS:%.o=%.cpp)
-.PHONY: distclean cleanall clean manpage install install-bin install-etc install-man uninstall remove purge
+.PHONY: distclean cleanall clean manpage install install-bin install-etc install-man uninstall remove purge remove-systemd install-systemd remove-bin remove-man remove-examples
all: $(EXECUTABLES) #libAnysync.a
endif
strip: $(EXECUTABLES)
- $(STRIP) -s $(EXECUTABLES)
+ $(STRIP) -s $(EXECUTABLES)
anytun$(EXE): $(ANYTUNOBJS) $(SYNCOBJS) anytun.o
$(LD) $(ANYTUNOBJS) $(SYNCOBJS) anytun.o -o $@ $(LDFLAGS)
$(LD) $(ANYCTROBJS) anytun-controld.o -o $@ $(LDFLAGS)
-options.o: options.cpp
+options.o: options.cpp
$(CXX) $(CXXFLAGS) -DANYTUN_OPTIONS $< -c -o $@
-anyCtrOptions.o: options.cpp
+anyCtrOptions.o: options.cpp
$(CXX) $(CXXFLAGS) -DANYCTR_OPTIONS $< -c -o $@
-anyConfOptions.o: options.cpp
+anyConfOptions.o: options.cpp
$(CXX) $(CXXFLAGS) -DANYCONF_OPTIONS $< -c -o $@
nullOptions.o: options.cpp
anyrtpproxy: anytun
$(MAKE) --directory=$(CURDIR)/anyrtpproxy
-
distclean: cleanall
find . -name *.o -exec rm -f {} \;
rm -f config.sub config.guess
REMOVE_TARGETS += remove-examples
endif
+ifdef SYSTEMDDIR
+INSTALL_TARGETS += install-systemd
+REMOVE_TARGETS := remove-systemd
+endif
+
install: all $(INSTALL_TARGETS)
install-bin: $(EXECUTABLES)
$(INSTALL) -m 755 anytun-config $(DESTDIR)$(BINDIR)
$(INSTALL) -m 755 anytun-controld $(DESTDIR)$(BINDIR)
$(INSTALL) -m 755 anytun-showtables $(DESTDIR)$(BINDIR)
+ $(INSTALL) -d $(DESTDIR)$(LIBDIR)
+ @ sed -e 's#/usr/local/sbin#$(SBINDIR)#' -e 's#/usr/local/bin#$(BINDIR)#' \
+ -e 's#/usr/local/etc#$(ETCDIR)#' ../usr/lib/anytun-launcher > ../usr/lib/anytun-launcher.bak
+ $(INSTALL) -m 755 ../usr/lib/anytun-launcher.bak $(DESTDIR)$(LIBDIR)/anytun-launcher
+ rm -f ../usr/lib/anytun-launcher.bak
install-etc:
$(INSTALL) -d $(DESTDIR)$(ETCDIR)/anytun
@ echo "example configurations can be found at $(EXAMPLESDIR)/anytun" > $(DESTDIR)$(ETCDIR)/anytun/README
$(INSTALL) -d $(DESTDIR)$(ETCDIR)/init.d
- @ sed -e 's#DAEMON=/usr/sbin/anytun#DAEMON=$(SBINDIR)/anytun#' \
- -e 's#ANYTUNCONFIG=/usr/bin/anytun-config#ANYTUNCONFIG=$(BINDIR)/anytun-config#' \
- -e 's#CONTROLDAEMON=/usr/bin/anytun-controld#CONTROLDAEMON=$(BINDIR)/anytun-controld#' \
- -e 's#CONFIG_DIR=/etc/anytun#CONFIG_DIR=$(ETCDIR)/anytun#' ../etc/init.d/anytun > ../etc/init.d/anytun.bak
+ @ sed -e 's#/usr/local/bin#$(BINDIR)#' -e 's#/usr/local/lib#$(LIBDIR)#' -e 's#/usr/local/etc#$(ETCDIR)#' ../etc/init.d/anytun > ../etc/init.d/anytun.bak
$(INSTALL) -m 755 ../etc/init.d/anytun.bak $(DESTDIR)$(ETCDIR)/init.d/anytun
rm -f ../etc/init.d/anytun.bak
+install-systemd:
+ $(INSTALL) -d $(DESTDIR)$(SYSTEMDDIR)
+ $(INSTALL) -m 644 ../usr/lib/systemd/system/anytun.service $(DESTDIR)$(SYSTEMDDIR)/anytun.service
+ @ sed -e 's#/usr/local/lib#$(LIBDIR)#' ../usr/lib/systemd/system/anytun@.service > ../usr/lib/systemd/system/anytun@.service.bak
+ @ sed -e 's#/usr/local/lib#$(LIBDIR)#' ../usr/lib/systemd/system/anytun-controld@.service > ../usr/lib/systemd/system/anytun-controld@.service.bak
+ $(INSTALL) -m 644 ../usr/lib/systemd/system/anytun@.service.bak $(DESTDIR)$(SYSTEMDDIR)/anytun@.service
+ $(INSTALL) -m 644 ../usr/lib/systemd/system/anytun-controld@.service.bak $(DESTDIR)$(SYSTEMDDIR)/anytun-controld@.service
+ rm -f ../usr/lib/systemd/system/anytun@.service.bak
+ rm -f ../usr/lib/systemd/system/anytun-controld@.service.bak
+ $(INSTALL) -d $(DESTDIR)$(SYSTEMDGENERATORDIR)
+ @ sed -e 's#/usr/local/etc#$(ETCDIR)#' ../usr/lib/systemd/system-generator/anytun-generator > ../usr/lib/systemd/system-generator/anytun-generator.bak
+ $(INSTALL) -m 755 ../usr/lib/systemd/system-generator/anytun-generator.bak $(DESTDIR)$(SYSTEMDGENERATORDIR)/anytun-generator
+ rm -f ../usr/lib/systemd/system-generator/anytun-generator.bak
+ $(INSTALL) -d $(DESTDIR)$(TMPFILESDDIR)
+ $(INSTALL) -m 644 ../usr/lib/tmpfiles.d/anytun.conf $(DESTDIR)$(TMPFILESDDIR)/anytun.conf
+
install-examples:
$(INSTALL) -d $(DESTDIR)$(EXAMPLESDIR)/anytun
$(INSTALL) -m 644 ../etc/anytun/autostart $(DESTDIR)$(EXAMPLESDIR)/anytun/autostart
remove-etc:
rm -f $(DESTDIR)$(ETCDIR)/init.d/anytun
+remove-systemd:
+ rm -f $(DESTDIR)$(SYSTEMDDIR)/anytun.service
+ rm -f $(DESTDIR)$(SYSTEMDDIR)/anytun@.service
+ rm -f $(DESTDIR)$(SYSTEMDDIR)/anytun-controld@.service
+ rm -f $(DESTDIR)$(SYSTEMDGENERATORDIR)/anytun-generator
+ rm -f $(DESTDIR)$(TMPFILESDDIR)/anytun.conf
+
remove-examples:
rm -rf $(DESTDIR)$(EXAMPLESDIR)/anytun/
#include "networkAddress.h"
#include "packetSource.h"
#include "resolver.h"
+#include "cryptinit.hpp"
#include "syncQueue.h"
#include "syncCommand.h"
sem.up();
}
-void createConnectionResolver(PacketSourceResolverIt& it, ConnectionList& cl, uint16_t seqSize, SyncQueue& queue, mux_t mux, Semaphore& sem)
+void createConnectionResolver(PacketSourceResolverIt it, ConnectionList& cl, uint16_t seqSize, SyncQueue& queue, mux_t mux, Semaphore& sem)
{
createConnection(*it, cl, seqSize, queue, mux, sem);
}
gResolver.init();
+ initCrypto();
+
ConnectionList cl;
SyncQueue queue;
#include "routingTable.h"
#include "networkAddress.h"
#include "syncCommand.h"
+#include "cryptinit.hpp"
#include <sstream>
#include <iostream>
int main(int argc, char* argv[])
{
- int ret = 0;
+ initCrypto();
+ int ret = 0;
while(std::cin.good()) {
try {
readAndProcessOne();
#include <boost/bind.hpp>
#include <boost/thread.hpp>
#include <boost/assign.hpp>
+#include <boost/scoped_ptr.hpp>
#include <iostream>
#include <fstream>
#endif
}
-void createConnectionResolver(PacketSourceResolverIt& it, window_size_t seqSize, mux_t mux)
+void createConnectionResolver(PacketSourceResolverIt it, window_size_t seqSize, mux_t mux)
{
createConnection(*it, seqSize, mux);
}
}
try {
- std::auto_ptr<Cipher> c(CipherFactory::create(gOpt.getCipher(), KD_OUTBOUND));
-
std::auto_ptr<AuthAlgo> a(AuthAlgoFactory::create(gOpt.getAuthAlgo(), KD_OUTBOUND));
+ boost::scoped_ptr<Cipher> c(CipherFactory::create(gOpt.getCipher(), KD_OUTBOUND));
+
boost::scoped_ptr<AuthAlgo> a(AuthAlgoFactory::create(gOpt.getAuthAlgo(), KD_OUTBOUND));
PlainPacket plain_packet(MAX_PACKET_LENGTH);
EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH, gOpt.getAuthTagLength());
}
try {
- std::auto_ptr<Cipher> c(CipherFactory::create(gOpt.getCipher(), KD_INBOUND));
-
std::auto_ptr<AuthAlgo> a(AuthAlgoFactory::create(gOpt.getAuthAlgo(), KD_INBOUND));
+ boost::scoped_ptr<Cipher> c(CipherFactory::create(gOpt.getCipher(), KD_INBOUND));
+
boost::scoped_ptr<AuthAlgo> a(AuthAlgoFactory::create(gOpt.getAuthAlgo(), KD_INBOUND));
uint32_t auth_tag_length = gOpt.getAuthTagLength();
EncryptedPacket encrypted_packet(MAX_PACKET_LENGTH, auth_tag_length);
public:
ErrorStringBuilder(ErrorStringBuilder const& src) { stream << src.stream.str(); };
ErrorStringBuilder() {};
- ~ErrorStringBuilder() { throw std::runtime_error(stream.str()); };
+ ~ErrorStringBuilder() NOEXCEPT(false) { throw std::runtime_error(stream.str()); };
template<class T>
std::ostream& operator<<(T const& value) { return stream << value; }
PREFIX='/usr/local'
BINDIR=''
SBINDIR=''
+LIBDIR=''
ETCDIR=''
MANDIR=''
INSTALLMANPAGE=1
EXAMPLESDIR=''
INSTALLEXAMPLES=1
+SYSTEMDDIR=''
+SYSTEMDGENERATORDIR=''
+TMPFILESDDIR=''
+INSTALLSYSTEMD=1
BOOST_PREFIX=''
GCRYPT_PREFIX=''
OPENSSL_PREFIX=''
print_usage() {
- echo "configure --help print this"
- echo " --target=<TARGET> build target i.e. Linux (default: autodetect)"
- echo " --prefix=<PREFIX> the installation prefix (default: /usr/local)"
- echo " --bindir=<DIR> the path to the bin directory (default: $PREFIX/bin)"
- echo " --sbindir=<DIR> the path to the sbin directory (default: $PREFIX/sbin)"
- echo " --sysconfdir=<DIR> the path to the system configuration directory (default: $PREFIX/etc"
- echo " --mandir=<DIR> the path to the system man pages (default: $PREFIX/share/man)"
- echo " --no-manpage dont't install manpages"
- echo " --examplesdir=<DIR> the path to the examples files (default: $PREFIX/share/examples)"
- echo " --no-examples dont't install example files"
- echo " --use-gcrypt use libgcrypt (this is the default)"
- echo " --use-nettle use libnettle instead of libgcrypt"
- echo " --use-ssl-crypto use openssl crypto library instead of libgcrypt"
- echo " --no-crypto disable crypto at all (only NULL cipher)"
- echo " --disable-passphrase disable master key and salt passphrase"
- echo " --enable-passphrase enable master key and salt passphrase"
- echo " --disable-routing disable built-in routing capability"
- echo " --enable-routing enable built-in routing capability"
- echo " --cross-prefix=<PREFIX> add PREFIX to compiler calls"
- echo " --with-boost=<PREFIX> don't use systemwide boost"
- echo " --with-gcrypt=<PREFIX> don't use systemwide gcrypt"
- echo " --with-nettle=<PREFIX> don't use systemwide nettle"
- echo " --with-openssl=<PREFIX> don't use systemwide openssl"
- echo " --use-clang use clang/llvm as compiler/linker"
+ echo "configure --help print this"
+ echo " --target=<TARGET> build target i.e. Linux (default: autodetect)"
+ echo " --prefix=<PREFIX> the installation prefix (default: /usr/local)"
+ echo " --bindir=<DIR> the path to the bin directory (default: $PREFIX/bin)"
+ echo " --sbindir=<DIR> the path to the sbin directory (default: $PREFIX/sbin)"
+ echo " --libdir=<DIR> the path to the lib directory (default: $PREFIX/lib)"
+ echo " --sysconfdir=<DIR> the path to the system configuration directory (default: $PREFIX/etc"
+ echo " --mandir=<DIR> the path to the system man pages (default: $PREFIX/share/man)"
+ echo " --no-manpage don't install manpages"
+ echo " --examplesdir=<DIR> the path to the examples files (default: $PREFIX/share/examples)"
+ echo " --no-examples don't install example files"
+ echo " --systemddir=<DIR> the path to the systemd service unit directory (default: from pkg-config)"
+ echo " --systemdgeneratordir=<DIR> the path to the systemd generator directory (default: from pkg-config)"
+ echo " --tmpfilesddir=<DIR> the path to the systemd tmpfiles.d configuration file (default: from pkg-config)"
+ echo " --no-systemd don't install systemd units"
+ echo " --use-gcrypt use libgcrypt (this is the default)"
+ echo " --use-nettle use libnettle instead of libgcrypt"
+ echo " --use-ssl-crypto use openssl crypto library instead of libgcrypt"
+ echo " --no-crypto disable crypto at all (only NULL cipher)"
+ echo " --disable-passphrase disable master key and salt passphrase"
+ echo " --enable-passphrase enable master key and salt passphrase"
+ echo " --disable-routing disable built-in routing capability"
+ echo " --enable-routing enable built-in routing capability"
+ echo " --cross-prefix=<PREFIX> add PREFIX to compiler calls"
+ echo " --with-boost=<PREFIX> don't use systemwide boost"
+ echo " --with-gcrypt=<PREFIX> don't use systemwide gcrypt"
+ echo " --with-nettle=<PREFIX> don't use systemwide nettle"
+ echo " --with-openssl=<PREFIX> don't use systemwide openssl"
+ echo " --use-clang use clang/llvm as compiler/linker"
}
for arg
--sbindir=*)
SBINDIR=${arg#--sbindir=}
;;
+ --libdir=*)
+ LIBDIR=${arg#--libdir=}
+ ;;
--sysconfdir=*)
ETCDIR=${arg#--sysconfdir=}
;;
--no-examples)
INSTALLEXAMPLES=0
;;
+ --systemddir=*)
+ SYSTEMDDIR=${arg#--systemddir=}
+ ;;
+ --systemdgeneratordir=*)
+ SYSTEMDGENERATORDIR=${arg#--systemdgeneratordir=}
+ ;;
+ --tmpfilesddir=*)
+ TMPFILESDDIR=${arg#--tmpfilesddir=}
+ ;;
+ --no-systemd)
+ INSTALLSYSTEMD=0
+ ;;
--use-gcrypt)
CRYPTO_LIB='gcrypt'
;;
fi
if [ $USE_CLANG -eq 0 ]; then
- CXXFLAGS='-g -Wall -O2'
- LDFLAGS='-g -Wall -O2'
+ CXXFLAGS='-g -Wall -Werror -Wno-error=unused-variable -O2'
+ LDFLAGS='-g -Wall -Werror -O2'
COMPILER='g++'
else
CXXFLAGS='-g -O2'
CXXFLAGS=$CXXFLAGS' -I/usr/local/include'
LDFLAGS=$LDFLAGS' -L/usr/local/lib -lboost_thread -lboost_serialization -lboost_system -lboost_date_time -lpthread'
LOG_TARGETS='-DLOG_SYSLOG -DLOG_FILE -DLOG_STDOUT'
+ INSTALLSYSTEMD=0
;;
mingw)
rm -f tunDevice.cpp
CXXFLAGS=$CXXFLAGS' -DMINGW -D_WIN32_WINNT=0x0501 -DWIN32_LEAN_AND_MEAN -DBOOST_WINDOWS -fno-strict-aliasing -DBOOST_THREAD_USE_LIB'
LDFLAGS=$LDFLAGS' -lboost_thread_win32 -lboost_serialization -lboost_system -lboost_date_time -lwsock32 -lws2_32'
LOG_TARGETS='-DWIN_EVENTLOG -DLOG_FILE -DLOG_STDOUT'
+ INSTALLSYSTEMD=0
;;
*)
echo "platform not supported"
SBINDIR=$PREFIX/sbin
fi
+if [ -z "$LIBDIR" ]; then
+ LIBDIR=$PREFIX/lib
+fi
+
if [ -z "$ETCDIR" ]; then
ETCDIR=$PREFIX/etc
fi
EXAMPLESDIR=$PREFIX/share/examples
fi
+if [ $INSTALLSYSTEMD -eq 1 ]; then
+ if [ -z "$SYSTEMDDIR" ]; then
+ SYSTEMDDIR=`pkg-config systemd --variable=systemdsystemunitdir`
+ fi
+ if [ -z "$SYSTEMDGENERATORDIR" ]; then
+ SYSTEMDGENERATORDIR=`pkg-config systemd --variable=systemdsystemgeneratordir`
+ fi
+ if [ -z "$TMPFILESDDIR" ]; then
+ TMPFILESDDIR=`pkg-config systemd --variable=tmpfilesdir`
+ fi
+fi
+
cat > include.mk <<EOF
# this file was created automatically
# do not edit this file directly
STRIP = ${CROSS_PREFIX}strip
INSTALL = install
-PREFIX := $PREFIX
+prefix := $PREFIX
BINDIR := $BINDIR
SBINDIR := $SBINDIR
+LIBDIR := $LIBDIR
ETCDIR := $ETCDIR
EOF
echo "not installing example files"
fi
+if [ $INSTALLSYSTEMD -eq 1 ]; then
+ echo "SYSTEMDDIR := $SYSTEMDDIR" >> include.mk
+ echo "SYSTEMDGENERATORDIR := $SYSTEMDGENERATORDIR" >> include.mk
+ echo "TMPFILESDDIR := $TMPFILESDDIR" >> include.mk
+ echo "installing systemd units"
+else
+ echo "not installing systemd units"
+fi
+
VERSION=`cat ../version`
-if which svn >/dev/null; then
- SVN_REV=`svn info 2> /dev/null | grep "^Revision: " | awk '{print($2)}'`
- if [ -n "$SVN_REV" ]; then
- VERSION="$VERSION (svn$SVN_REV)"
- fi
+if which git >/dev/null; then
+ GIT_HASH=`git rev-parse HEAD 2> /dev/null`
+ if [ -n "$GIT_HASH" ]; then
+ VERSION="$VERSION (git $GIT_HASH)"
+ fi
fi
HOSTNAME=`hostname`
DATE=`date +"%d.%m.%Y %H:%M:%S %Z"`
#define VERSION_STRING_1 "built on $HOSTNAME, $DATE"
#endif
-
EOF
exit 0
#ifndef NO_CRYPT
+#include "anytunError.h"
+
#if defined(USE_GCRYPT)
#include <gcrypt.h>
+#if GCRYPT_VERSION_NUMBER < 0x010600
#if defined(BOOST_HAS_PTHREADS)
// boost thread callbacks for libgcrypt
GCRY_THREAD_OPTION_PTHREAD_IMPL;
#else
#error You can not use gcrypt without pthreads - please configure Boost to use pthreads!
-#endif
+#endif // defined(BOOST_HAS_PTHREADS)
+#endif // GCRYPT_VERSION_NUMBER < 0x010600
#define MIN_GCRYPT_VERSION "1.2.0"
bool initLibGCrypt()
{
+#if GCRYPT_VERSION_NUMBER < 0x010600
#if defined(BOOST_HAS_PTHREADS)
// make libgcrypt thread safe
// this must be called before any other libgcrypt call
gcry_control(GCRYCTL_SET_THREAD_CBS, &gcry_threads_pthread);
#else
#error You can not use gcrypt without pthreads - please configure Boost to use pthreads!
-#endif
+#endif // defined(BOOST_HAS_PTHREADS)
+#endif // GCRYPT_VERSION_NUMBER < 0x010600
// this must be called right after the GCRYCTL_SET_THREAD_CBS command
// no other function must be called till now
#include <boost/cstdint.hpp>
#include <boost/integer_traits.hpp>
+#include <boost/config.hpp>
+
+#ifndef BOOST_NO_NOEXCEPT
+#define NOEXCEPT(x) noexcept(x)
+#else
+#define NOEXCEPT(x)
+#endif
// should not be necessary on GCC, #ifdef + #include <stdint.h> should do the job; still required on MS VC++9, though.
using boost::int8_t;
std::cout << "anytun";
#endif
std::cout << VERSION_STRING_0 << std::endl;
+
+#if defined(__clang__)
+ std::cout << VERSION_STRING_1 << ", using CLANG " << __clang_version__ << std::endl;
+#elif defined(__GNUC__)
+ std::cout << VERSION_STRING_1 << ", using GCC " << __GNUC__ << '.' << __GNUC_MINOR__
+ << '.' << __GNUC_PATCHLEVEL__ << std::endl;
+#else
std::cout << VERSION_STRING_1 << std::endl;
+#endif
+
}
void Options::printUsage()
}
}
-void UDPPacketSource::onResolve(PacketSourceResolverIt& it)
+void UDPPacketSource::onResolve(PacketSourceResolverIt it)
{
while(it != PacketSourceResolverIt()) {
PacketSourceEndpoint e = *it;
uint32_t recv(uint8_t* buf, uint32_t len, PacketSourceEndpoint& remote);
void send(uint8_t* buf, uint32_t len, PacketSourceEndpoint remote);
- void onResolve(PacketSourceResolverIt& it);
+ void onResolve(PacketSourceResolverIt it);
void onError(const std::runtime_error& e);
private:
{
cLog.msg(Log::PRIO_DEBUG) << "trying to resolv UDP: '" << addr << "' '" << port << "'";
- std::auto_ptr<udp::resolver::query> query;
+ boost::shared_ptr<udp::resolver::query> query;
if(addr != "") {
switch(r) {
case IPV4_ONLY:
- query = std::auto_ptr<udp::resolver::query>(new udp::resolver::query(udp::v4(), addr, port));
+ query = boost::shared_ptr<udp::resolver::query>(new udp::resolver::query(udp::v4(), addr, port));
break;
case IPV6_ONLY:
- query = std::auto_ptr<udp::resolver::query>(new udp::resolver::query(udp::v6(), addr, port));
+ query = boost::shared_ptr<udp::resolver::query>(new udp::resolver::query(udp::v6(), addr, port));
break;
default:
- query = std::auto_ptr<udp::resolver::query>(new udp::resolver::query(addr, port));
+ query = boost::shared_ptr<udp::resolver::query>(new udp::resolver::query(addr, port));
break;
}
} else {
switch(r) {
case IPV4_ONLY:
- query = std::auto_ptr<udp::resolver::query>(new udp::resolver::query(udp::v4(), port));
+ query = boost::shared_ptr<udp::resolver::query>(new udp::resolver::query(udp::v4(), port));
break;
case IPV6_ONLY:
- query = std::auto_ptr<udp::resolver::query>(new udp::resolver::query(udp::v6(), port));
+ query = boost::shared_ptr<udp::resolver::query>(new udp::resolver::query(udp::v6(), port));
break;
default:
- query = std::auto_ptr<udp::resolver::query>(new udp::resolver::query(port));
+ query = boost::shared_ptr<udp::resolver::query>(new udp::resolver::query(port));
break;
}
}
{
cLog.msg(Log::PRIO_DEBUG) << "trying to resolv TCP: '" << addr << "' '" << port << "'";
- std::auto_ptr<tcp::resolver::query> query;
+ boost::shared_ptr<tcp::resolver::query> query;
if(addr != "") {
switch(r) {
case IPV4_ONLY:
- query = std::auto_ptr<tcp::resolver::query>(new tcp::resolver::query(tcp::v4(), addr, port));
+ query = boost::shared_ptr<tcp::resolver::query>(new tcp::resolver::query(tcp::v4(), addr, port));
break;
case IPV6_ONLY:
- query = std::auto_ptr<tcp::resolver::query>(new tcp::resolver::query(tcp::v6(), addr, port));
+ query = boost::shared_ptr<tcp::resolver::query>(new tcp::resolver::query(tcp::v6(), addr, port));
break;
default:
- query = std::auto_ptr<tcp::resolver::query>(new tcp::resolver::query(addr, port));
+ query = boost::shared_ptr<tcp::resolver::query>(new tcp::resolver::query(addr, port));
break;
}
} else {
switch(r) {
case IPV4_ONLY:
- query = std::auto_ptr<tcp::resolver::query>(new tcp::resolver::query(tcp::v4(), port));
+ query = boost::shared_ptr<tcp::resolver::query>(new tcp::resolver::query(tcp::v4(), port));
break;
case IPV6_ONLY:
- query = std::auto_ptr<tcp::resolver::query>(new tcp::resolver::query(tcp::v6(), port));
+ query = boost::shared_ptr<tcp::resolver::query>(new tcp::resolver::query(tcp::v6(), port));
break;
default:
- query = std::auto_ptr<tcp::resolver::query>(new tcp::resolver::query(port));
+ query = boost::shared_ptr<tcp::resolver::query>(new tcp::resolver::query(port));
break;
}
}
}
}
-void SyncServer::onResolve(SyncTcpConnection::proto::resolver::iterator& it)
+void SyncServer::onResolve(SyncTcpConnection::proto::resolver::iterator it)
{
while(it != SyncTcpConnection::proto::resolver::iterator()) {
SyncTcpConnection::proto::endpoint e = *it;
public:
SyncServer(std::string localaddr, std::string port, ConnectCallback onConnect);
~SyncServer();
- void onResolve(SyncTcpConnection::proto::resolver::iterator& it);
+ void onResolve(SyncTcpConnection::proto::resolver::iterator it);
void onResolvError(const std::runtime_error& e);
void run();
--- /dev/null
+#!/bin/sh
+
+NAME="${NAME:-$2}"
+
+DAEMON=/usr/local/sbin/anytun
+ANYTUNCONFIG=/usr/local/bin/anytun-config
+CONTROLDAEMON=/usr/local/bin/anytun-controld
+CONFIG_DIR=/usr/local/etc/anytun
+VARRUN_DIR=/run/anytun
+VARCONTROL_DIR=/run/anytun-controld
+
+test -x $DAEMON || exit 0
+test -z $NAME && exit 1
+
+start_vpn () {
+ if [ -f $CONFIG_DIR/$NAME/config ] ; then
+ POSTUP=''
+ test -f $CONFIG_DIR/$NAME/post-up.sh && POSTUP="-x $CONFIG_DIR/$NAME/post-up.sh"
+ CHROOTDIR=`grep '^chroot' < $CONFIG_DIR/$NAME/config | sed 's/chroot\s*//'`
+ if [ -n "$CHROOTDIR" ] ; then
+ test -d $CHROOTDIR || mkdir -p $CHROOTDIR
+ fi
+ test -d $VARRUN_DIR || mkdir -p $VARRUN_DIR
+ DAEMONARG=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e '\w' | sed 's/^/--/' | tr '\n' ' '`
+ exec $DAEMON --write-pid $VARRUN_DIR/$NAME.pid $POSTUP $DAEMONOPTS $DAEMONARG
+ else
+ echo "no config found" >&2
+ return 1
+ fi
+}
+
+start_configd () {
+ if [ -d $CONFIG_DIR/$NAME/conf.d ] ; then
+ test -d $VARCONTROL_DIR || mkdir -p $VARCONTROL_DIR
+ chmod 700 $VARCONTROL_DIR
+ rm -f $VARCONTROL_DIR/$NAME 2>/dev/null
+ KDPRF=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e 'kd-prf' | sed 's/^/ --/' | xargs echo`
+ for CLIENTNAME in `ls $CONFIG_DIR/$NAME/conf.d`; do
+ echo -n " ($CLIENTNAME)"
+ DAEMONARG=`sed 's/#.*//' < $CONFIG_DIR/$NAME/conf.d/$CLIENTNAME | grep -e '\w' | sed 's/^/ --/' | xargs echo`
+ $ANYTUNCONFIG $DAEMONARG $CIPHER $AUTHALGO $KDPRF >> $VARCONTROL_DIR/$NAME
+ done
+ CONTROLHOST=`sed 's/#.*//' < $CONFIG_DIR/$NAME/config | grep -e 'control-host' | sed 's/^/ --/' | xargs echo`
+ exec $CONTROLDAEMON -f $VARCONTROL_DIR/$NAME $DAEMONOPTS $CONTROLHOST \
+ --write-pid $VARCONTROL_DIR/$NAME.pid
+ fi
+}
+
+case $1 in
+ vpn)
+ start_vpn
+ ;;
+ configd)
+ start_configd
+ ;;
+ *)
+ exit 2
+ ;;
+esac
--- /dev/null
+#!/bin/sh
+
+# This systemd generator creates dependency symlinks that make all anytun
+# tunnels listed in /etc/anytun/autostart be started/stopped/reloaded
+# when anytun.service is started/stopped/reloaded.
+
+set -eu
+
+GENDIR="$1"
+WANTDIR="$1/anytun.service.wants"
+SERVICEFILE="/lib/systemd/system/anytun@.service"
+AUTOSTART="all"
+CONFIG_DIR=/usr/local/etc/anytun
+
+mkdir -p "$WANTDIR"
+
+if [ -f $CONFIG_DIR/autostart ] ; then
+ for NAME in `sed 's/#.*//' < $CONFIG_DIR/autostart | grep -e '\w'`; do
+ ln -s "$SERVICEFILE" "$WANTDIR/anytun@$NAME.service"
+ done
+fi
+
+exit 0
--- /dev/null
+[Unit]
+Description=secure anycast tunneling config daemon for %i
+PartOf=anytun.service
+After=anytun@%i.service
+Documentation=man:anytun-controld(8)
+
+[Service]
+Type=simple
+PIDFile=/run/anytun-controld/%i.pid
+Environment="NAME=%i" "DAEMONOPTS=-D -L stdout:3 --username anytun"
+ExecStart=/usr/local/lib/anytun-launcher configd
+Restart=on-failure
+PrivateTmp=yes
+PrivateDevices=yes
+ProtectSystem=full
+ProtectHome=yes
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+[Unit]
+Description=Anytun Service
+After=network.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/bin/true
+ExecReload=/bin/true
+WorkingDirectory=/etc/anytun
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+[Unit]
+Description=secure anycast tunneling daemon for %i
+PartOf=anytun.service
+Requires=anytun-controld@%i.service
+Documentation=man:anytun(8)
+
+[Service]
+Type=simple
+PIDFile=/run/anytun/%i.pid
+Environment="NAME=%i" "DAEMONOPTS=-D --username anytun"
+ExecStart=/usr/local/lib/anytun-launcher vpn
+Restart=on-failure
+PrivateTmp=yes
+ProtectSystem=full
+ProtectHome=yes
+DeviceAllow=/dev/net/tun rw
+DevicePolicy=closed
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+d /run/anytun-controld 0700 anytun anytun -
+d /run/anytun 0700 anytun anytun -
projects / anytun.git / commitdiff