Update pfatt.sh
This commit is contained in:
		
							parent
							
								
									91e50a2403
								
							
						
					
					
						commit
						1e8fd51835
					
				
					 1 changed files with 90 additions and 0 deletions
				
			
		
							
								
								
									
										90
									
								
								bin/pfatt.sh
									
									
									
									
									
								
							
							
						
						
									
										90
									
								
								bin/pfatt.sh
									
									
									
									
									
								
							|  | @ -3,6 +3,10 @@ set -e | |||
| 
 | ||||
| ONT_IF='xx0' | ||||
| RG_ETHER_ADDR='xx:xx:xx:xx:xx:xx' | ||||
| CA_PEM='insert filename.pem' | ||||
| CLIENT_PEM='insert filename.pem' | ||||
| PRIVATE_PEM='insert filename.pem' | ||||
| 
 | ||||
| LOG=/var/log/pfatt.log | ||||
| 
 | ||||
| getTimestamp(){ | ||||
|  | @ -38,6 +42,92 @@ getTimestamp(){ | |||
|     /sbin/ifconfig $ONT_IF promisc | ||||
|     echo "OK!" | ||||
|      | ||||
|     # Enable this if Need to map physical port to RG MAC address: | ||||
|     # echo -n "$(getTimestamp) mapping physical port to RG MAC address... " | ||||
|     # /sbin/ifconfig $ONT_IF ether $RG_ETHER_ADDR | ||||
|     # echo "OK!" | ||||
| 
 | ||||
|     echo "$(getTimestamp) ngeth0 should now be available to configure as your pfSense WAN" | ||||
|     echo "$(getTimestamp) done!" | ||||
| } >> $LOG | ||||
| 
 | ||||
| 
 | ||||
| ## Added code | ||||
| 
 | ||||
|     echo "$(getTimestamp) starting wpa_supplicant..." | ||||
| 
 | ||||
|     WPA_PARAMS="\ | ||||
|         set eapol_version 1,\ | ||||
|         set fast_reauth 1,\ | ||||
|         ap_scan 0,\ | ||||
|         add_network,\ | ||||
|         set_network 0 ca_cert \\\"/conf/pfatt/wpa/$CA_PEM\\\",\ | ||||
|         set_network 0 client_cert \\\"/conf/pfatt/wpa/$CLIENT_PEM\\\",\ | ||||
|         set_network 0 eap TLS,\ | ||||
|         set_network 0 eapol_flags 0,\ | ||||
|         set_network 0 identity \\\"$RG_ETHER_ADDR\\\",\ | ||||
|         set_network 0 key_mgmt IEEE8021X,\ | ||||
|         set_network 0 phase1 \\\"allow_canned_success=1\\\",\ | ||||
|         set_network 0 private_key \\\"/conf/pfatt/wpa/$PRIVATE_PEM\\\",\ | ||||
|         enable_network 0\ | ||||
|     " | ||||
| 
 | ||||
|     WPA_DAEMON_CMD="/usr/sbin/wpa_supplicant -Dwired -ingeth0 -B -C /var/run/wpa_supplicant" | ||||
|     # if the above doesn't work try: WPA_DAEMON_CMD="/usr/sbin/wpa_supplicant -Dwired -i$ONT_IF -B -C /var/run/wpa_supplicant" | ||||
| 
 | ||||
|     # kill any existing wpa_supplicant process | ||||
|     PID=$(pgrep -f "wpa_supplicant.*ngeth0") | ||||
|     if [ ${PID} > 0 ]; | ||||
|     then | ||||
|         echo "$(getTimestamp) pfatt terminating existing wpa_supplicant on PID ${PID}..." | ||||
|         RES=$(kill ${PID}) | ||||
|     fi | ||||
| 
 | ||||
|     # start wpa_supplicant daemon | ||||
|     RES=$(${WPA_DAEMON_CMD}) | ||||
|     PID=$(pgrep -f "wpa_supplicant.*ngeth0") | ||||
|     echo "$(getTimestamp) pfatt wpa_supplicant running on PID ${PID}..." | ||||
| 
 | ||||
|     # Set WPA configuration parameters. | ||||
|     echo "$(getTimestamp) pfatt setting wpa_supplicant network configuration..." | ||||
|     IFS="," | ||||
|     for STR in ${WPA_PARAMS}; | ||||
|     do | ||||
|         STR="$(echo -e "${STR}" | sed -e 's/^[[:space:]]*//')" | ||||
|         RES=$(eval wpa_cli ${STR}) | ||||
|     done | ||||
| 
 | ||||
|     # wait until wpa_cli has authenticated. | ||||
|     WPA_STATUS_CMD="wpa_cli status | grep 'suppPortStatus' | cut -d= -f2" | ||||
|     IP_STATUS_CMD="ifconfig ngeth0 | grep 'inet\ ' | cut -d' ' -f2" | ||||
| 
 | ||||
|     echo "$(getTimestamp) pfatt waiting EAP for authorization..." | ||||
| 
 | ||||
|     # TODO: blocking for bootup | ||||
|     while true; | ||||
|     do | ||||
|         WPA_STATUS=$(eval ${WPA_STATUS_CMD}) | ||||
|         if [ X${WPA_STATUS} = X"Authorized" ]; | ||||
|         then | ||||
|         echo "$(getTimestamp) pfatt EAP authorization completed..." | ||||
| 
 | ||||
|         IP_STATUS=$(eval ${IP_STATUS_CMD}) | ||||
| 
 | ||||
|         if [ -z ${IP_STATUS} ] || [ ${IP_STATUS} = "0.0.0.0" ]; | ||||
|         then | ||||
|             echo "$(getTimestamp) pfatt no IP address assigned, force restarting DHCP..." | ||||
|             RES=$(eval /etc/rc.d/dhclient forcerestart ngeth0) | ||||
|             IP_STATUS=$(eval ${IP_STATUS_CMD}) | ||||
|         fi | ||||
|         echo "$(getTimestamp) pfatt IP address is ${IP_STATUS}..." | ||||
|         break | ||||
|         else | ||||
|             sleep 1 | ||||
|         fi | ||||
|     done | ||||
|     echo "$(getTimestamp) pfatt ngeth0 should now be available to configure as your WAN..." | ||||
|     echo "$(getTimestamp) pfatt done!" | ||||
|     else | ||||
|     echo "$(getTimestamp) pfatt error: unknown EAP_MODE. '$EAP_MODE' is not valid. exiting..." | ||||
|     exit 1 | ||||
|     fi | ||||
|  |  | |||
		Loading…
	
		Reference in a new issue
	
	 Greg Revelle
						Greg Revelle