Update pfatt.sh
This commit is contained in:
		
							parent
							
								
									91e50a2403
								
							
						
					
					
						commit
						1e8fd51835
					
				
					 1 changed files with 90 additions and 0 deletions
				
			
		
							
								
								
									
										90
									
								
								bin/pfatt.sh
									
									
									
									
									
								
							
							
						
						
									
										90
									
								
								bin/pfatt.sh
									
									
									
									
									
								
							|  | @ -3,6 +3,10 @@ set -e | ||||||
| 
 | 
 | ||||||
| ONT_IF='xx0' | ONT_IF='xx0' | ||||||
| RG_ETHER_ADDR='xx:xx:xx:xx:xx:xx' | RG_ETHER_ADDR='xx:xx:xx:xx:xx:xx' | ||||||
|  | CA_PEM='insert filename.pem' | ||||||
|  | CLIENT_PEM='insert filename.pem' | ||||||
|  | PRIVATE_PEM='insert filename.pem' | ||||||
|  | 
 | ||||||
| LOG=/var/log/pfatt.log | LOG=/var/log/pfatt.log | ||||||
| 
 | 
 | ||||||
| getTimestamp(){ | getTimestamp(){ | ||||||
|  | @ -38,6 +42,92 @@ getTimestamp(){ | ||||||
|     /sbin/ifconfig $ONT_IF promisc |     /sbin/ifconfig $ONT_IF promisc | ||||||
|     echo "OK!" |     echo "OK!" | ||||||
|      |      | ||||||
|  |     # Enable this if Need to map physical port to RG MAC address: | ||||||
|  |     # echo -n "$(getTimestamp) mapping physical port to RG MAC address... " | ||||||
|  |     # /sbin/ifconfig $ONT_IF ether $RG_ETHER_ADDR | ||||||
|  |     # echo "OK!" | ||||||
|  | 
 | ||||||
|     echo "$(getTimestamp) ngeth0 should now be available to configure as your pfSense WAN" |     echo "$(getTimestamp) ngeth0 should now be available to configure as your pfSense WAN" | ||||||
|     echo "$(getTimestamp) done!" |     echo "$(getTimestamp) done!" | ||||||
| } >> $LOG | } >> $LOG | ||||||
|  | 
 | ||||||
|  | 
 | ||||||
|  | ## Added code | ||||||
|  | 
 | ||||||
|  |     echo "$(getTimestamp) starting wpa_supplicant..." | ||||||
|  | 
 | ||||||
|  |     WPA_PARAMS="\ | ||||||
|  |         set eapol_version 1,\ | ||||||
|  |         set fast_reauth 1,\ | ||||||
|  |         ap_scan 0,\ | ||||||
|  |         add_network,\ | ||||||
|  |         set_network 0 ca_cert \\\"/conf/pfatt/wpa/$CA_PEM\\\",\ | ||||||
|  |         set_network 0 client_cert \\\"/conf/pfatt/wpa/$CLIENT_PEM\\\",\ | ||||||
|  |         set_network 0 eap TLS,\ | ||||||
|  |         set_network 0 eapol_flags 0,\ | ||||||
|  |         set_network 0 identity \\\"$RG_ETHER_ADDR\\\",\ | ||||||
|  |         set_network 0 key_mgmt IEEE8021X,\ | ||||||
|  |         set_network 0 phase1 \\\"allow_canned_success=1\\\",\ | ||||||
|  |         set_network 0 private_key \\\"/conf/pfatt/wpa/$PRIVATE_PEM\\\",\ | ||||||
|  |         enable_network 0\ | ||||||
|  |     " | ||||||
|  | 
 | ||||||
|  |     WPA_DAEMON_CMD="/usr/sbin/wpa_supplicant -Dwired -ingeth0 -B -C /var/run/wpa_supplicant" | ||||||
|  |     # if the above doesn't work try: WPA_DAEMON_CMD="/usr/sbin/wpa_supplicant -Dwired -i$ONT_IF -B -C /var/run/wpa_supplicant" | ||||||
|  | 
 | ||||||
|  |     # kill any existing wpa_supplicant process | ||||||
|  |     PID=$(pgrep -f "wpa_supplicant.*ngeth0") | ||||||
|  |     if [ ${PID} > 0 ]; | ||||||
|  |     then | ||||||
|  |         echo "$(getTimestamp) pfatt terminating existing wpa_supplicant on PID ${PID}..." | ||||||
|  |         RES=$(kill ${PID}) | ||||||
|  |     fi | ||||||
|  | 
 | ||||||
|  |     # start wpa_supplicant daemon | ||||||
|  |     RES=$(${WPA_DAEMON_CMD}) | ||||||
|  |     PID=$(pgrep -f "wpa_supplicant.*ngeth0") | ||||||
|  |     echo "$(getTimestamp) pfatt wpa_supplicant running on PID ${PID}..." | ||||||
|  | 
 | ||||||
|  |     # Set WPA configuration parameters. | ||||||
|  |     echo "$(getTimestamp) pfatt setting wpa_supplicant network configuration..." | ||||||
|  |     IFS="," | ||||||
|  |     for STR in ${WPA_PARAMS}; | ||||||
|  |     do | ||||||
|  |         STR="$(echo -e "${STR}" | sed -e 's/^[[:space:]]*//')" | ||||||
|  |         RES=$(eval wpa_cli ${STR}) | ||||||
|  |     done | ||||||
|  | 
 | ||||||
|  |     # wait until wpa_cli has authenticated. | ||||||
|  |     WPA_STATUS_CMD="wpa_cli status | grep 'suppPortStatus' | cut -d= -f2" | ||||||
|  |     IP_STATUS_CMD="ifconfig ngeth0 | grep 'inet\ ' | cut -d' ' -f2" | ||||||
|  | 
 | ||||||
|  |     echo "$(getTimestamp) pfatt waiting EAP for authorization..." | ||||||
|  | 
 | ||||||
|  |     # TODO: blocking for bootup | ||||||
|  |     while true; | ||||||
|  |     do | ||||||
|  |         WPA_STATUS=$(eval ${WPA_STATUS_CMD}) | ||||||
|  |         if [ X${WPA_STATUS} = X"Authorized" ]; | ||||||
|  |         then | ||||||
|  |         echo "$(getTimestamp) pfatt EAP authorization completed..." | ||||||
|  | 
 | ||||||
|  |         IP_STATUS=$(eval ${IP_STATUS_CMD}) | ||||||
|  | 
 | ||||||
|  |         if [ -z ${IP_STATUS} ] || [ ${IP_STATUS} = "0.0.0.0" ]; | ||||||
|  |         then | ||||||
|  |             echo "$(getTimestamp) pfatt no IP address assigned, force restarting DHCP..." | ||||||
|  |             RES=$(eval /etc/rc.d/dhclient forcerestart ngeth0) | ||||||
|  |             IP_STATUS=$(eval ${IP_STATUS_CMD}) | ||||||
|  |         fi | ||||||
|  |         echo "$(getTimestamp) pfatt IP address is ${IP_STATUS}..." | ||||||
|  |         break | ||||||
|  |         else | ||||||
|  |             sleep 1 | ||||||
|  |         fi | ||||||
|  |     done | ||||||
|  |     echo "$(getTimestamp) pfatt ngeth0 should now be available to configure as your WAN..." | ||||||
|  |     echo "$(getTimestamp) pfatt done!" | ||||||
|  |     else | ||||||
|  |     echo "$(getTimestamp) pfatt error: unknown EAP_MODE. '$EAP_MODE' is not valid. exiting..." | ||||||
|  |     exit 1 | ||||||
|  |     fi | ||||||
|  |  | ||||||
		Loading…
	
		Reference in a new issue
	
	 Greg Revelle
						Greg Revelle