Refreshed supplicant mode #44
1 changed files with 90 additions and 0 deletions
90
bin/pfatt.sh
90
bin/pfatt.sh
|
|
@ -3,6 +3,10 @@ set -e
|
|||
|
||||
ONT_IF='xx0'
|
||||
RG_ETHER_ADDR='xx:xx:xx:xx:xx:xx'
|
||||
CA_PEM='insert filename.pem'
|
||||
CLIENT_PEM='insert filename.pem'
|
||||
PRIVATE_PEM='insert filename.pem'
|
||||
|
||||
LOG=/var/log/pfatt.log
|
||||
|
||||
getTimestamp(){
|
||||
|
|
@ -37,7 +41,93 @@ getTimestamp(){
|
|||
echo -n "$(getTimestamp) enabling promiscuous mode on $ONT_IF... "
|
||||
/sbin/ifconfig $ONT_IF promisc
|
||||
echo "OK!"
|
||||
|
||||
# Enable this if Need to map physical port to RG MAC address:
|
||||
# echo -n "$(getTimestamp) mapping physical port to RG MAC address... "
|
||||
# /sbin/ifconfig $ONT_IF ether $RG_ETHER_ADDR
|
||||
# echo "OK!"
|
||||
|
||||
echo "$(getTimestamp) ngeth0 should now be available to configure as your pfSense WAN"
|
||||
echo "$(getTimestamp) done!"
|
||||
} >> $LOG
|
||||
|
||||
|
||||
## Added code
|
||||
|
||||
echo "$(getTimestamp) starting wpa_supplicant..."
|
||||
|
||||
WPA_PARAMS="\
|
||||
set eapol_version 1,\
|
||||
set fast_reauth 1,\
|
||||
ap_scan 0,\
|
||||
add_network,\
|
||||
set_network 0 ca_cert \\\"/conf/pfatt/wpa/$CA_PEM\\\",\
|
||||
set_network 0 client_cert \\\"/conf/pfatt/wpa/$CLIENT_PEM\\\",\
|
||||
set_network 0 eap TLS,\
|
||||
set_network 0 eapol_flags 0,\
|
||||
set_network 0 identity \\\"$RG_ETHER_ADDR\\\",\
|
||||
set_network 0 key_mgmt IEEE8021X,\
|
||||
set_network 0 phase1 \\\"allow_canned_success=1\\\",\
|
||||
set_network 0 private_key \\\"/conf/pfatt/wpa/$PRIVATE_PEM\\\",\
|
||||
enable_network 0\
|
||||
"
|
||||
|
||||
WPA_DAEMON_CMD="/usr/sbin/wpa_supplicant -Dwired -ingeth0 -B -C /var/run/wpa_supplicant"
|
||||
# if the above doesn't work try: WPA_DAEMON_CMD="/usr/sbin/wpa_supplicant -Dwired -i$ONT_IF -B -C /var/run/wpa_supplicant"
|
||||
|
||||
# kill any existing wpa_supplicant process
|
||||
PID=$(pgrep -f "wpa_supplicant.*ngeth0")
|
||||
if [ ${PID} > 0 ];
|
||||
then
|
||||
echo "$(getTimestamp) pfatt terminating existing wpa_supplicant on PID ${PID}..."
|
||||
RES=$(kill ${PID})
|
||||
fi
|
||||
|
||||
# start wpa_supplicant daemon
|
||||
RES=$(${WPA_DAEMON_CMD})
|
||||
PID=$(pgrep -f "wpa_supplicant.*ngeth0")
|
||||
echo "$(getTimestamp) pfatt wpa_supplicant running on PID ${PID}..."
|
||||
|
||||
# Set WPA configuration parameters.
|
||||
echo "$(getTimestamp) pfatt setting wpa_supplicant network configuration..."
|
||||
IFS=","
|
||||
for STR in ${WPA_PARAMS};
|
||||
do
|
||||
STR="$(echo -e "${STR}" | sed -e 's/^[[:space:]]*//')"
|
||||
RES=$(eval wpa_cli ${STR})
|
||||
done
|
||||
|
||||
# wait until wpa_cli has authenticated.
|
||||
WPA_STATUS_CMD="wpa_cli status | grep 'suppPortStatus' | cut -d= -f2"
|
||||
IP_STATUS_CMD="ifconfig ngeth0 | grep 'inet\ ' | cut -d' ' -f2"
|
||||
|
||||
echo "$(getTimestamp) pfatt waiting EAP for authorization..."
|
||||
|
||||
# TODO: blocking for bootup
|
||||
while true;
|
||||
do
|
||||
WPA_STATUS=$(eval ${WPA_STATUS_CMD})
|
||||
if [ X${WPA_STATUS} = X"Authorized" ];
|
||||
then
|
||||
echo "$(getTimestamp) pfatt EAP authorization completed..."
|
||||
|
||||
IP_STATUS=$(eval ${IP_STATUS_CMD})
|
||||
|
||||
if [ -z ${IP_STATUS} ] || [ ${IP_STATUS} = "0.0.0.0" ];
|
||||
then
|
||||
echo "$(getTimestamp) pfatt no IP address assigned, force restarting DHCP..."
|
||||
RES=$(eval /etc/rc.d/dhclient forcerestart ngeth0)
|
||||
IP_STATUS=$(eval ${IP_STATUS_CMD})
|
||||
fi
|
||||
echo "$(getTimestamp) pfatt IP address is ${IP_STATUS}..."
|
||||
break
|
||||
else
|
||||
sleep 1
|
||||
fi
|
||||
done
|
||||
echo "$(getTimestamp) pfatt ngeth0 should now be available to configure as your WAN..."
|
||||
echo "$(getTimestamp) pfatt done!"
|
||||
else
|
||||
echo "$(getTimestamp) pfatt error: unknown EAP_MODE. '$EAP_MODE' is not valid. exiting..."
|
||||
exit 1
|
||||
fi
|
||||
|
|
|
|||
Loading…
Reference in a new issue