Import xl2tpd

Use sources on github and add myself as maintainer.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

net/xl2tpd/files/l2tp.sh

@@ -0,0 +1,107 @@
+#!/bin/sh
+
+[ -x /usr/sbin/xl2tpd ] || exit 0
+
+[ -n "$INCLUDE_ONLY" ] || {
+	. /lib/functions.sh
+	. ../netifd-proto.sh
+	init_proto "$@"
+}
+
+proto_l2tp_init_config() {
+	proto_config_add_string "username"
+	proto_config_add_string "password"
+	proto_config_add_string "keepalive"
+	proto_config_add_string "pppd_options"
+	proto_config_add_boolean "ipv6"
+	proto_config_add_int "mtu"
+	proto_config_add_string "server"
+	available=1
+	no_device=1
+}
+
+proto_l2tp_setup() {
+	local config="$1"
+	local iface="$2"
+	local optfile="/tmp/l2tp/options.${config}"
+
+	local ip serv_addr server
+	json_get_var server server && {
+		for ip in $(resolveip -t 5 "$server"); do
+			( proto_add_host_dependency "$config" "$ip" )
+			serv_addr=1
+		done
+	}
+	[ -n "$serv_addr" ] || {
+		echo "Could not resolve server address"
+		sleep 5
+		proto_setup_failed "$config"
+		exit 1
+	}
+
+	if [ ! -p /var/run/xl2tpd/l2tp-control ]; then
+		/etc/init.d/xl2tpd start
+	fi
+
+	json_get_vars ipv6 demand keepalive username password pppd_options
+	[ "$ipv6" = 1 ] || ipv6=""
+	if [ "${demand:-0}" -gt 0 ]; then
+		demand="precompiled-active-filter /etc/ppp/filter demand idle $demand"
+	else
+		demand="persist"
+	fi
+
+	[ -n "$mtu" ] || json_get_var mtu mtu
+
+	local interval="${keepalive##*[, ]}"
+	[ "$interval" != "$keepalive" ] || interval=5
+
+	mkdir -p /tmp/l2tp
+
+	echo "${keepalive:+lcp-echo-interval $interval lcp-echo-failure ${keepalive%%[, ]*}}" > "${optfile}"
+	echo "usepeerdns" >> "${optfile}"
+	echo "nodefaultroute" >> "${optfile}"
+	echo "${username:+user \"$username\" password \"$password\"}" >> "${optfile}"
+	echo "ipparam \"$config\"" >> "${optfile}"
+	echo "ifname \"l2tp-$config\"" >> "${optfile}"
+	echo "ip-up-script /lib/netifd/ppp-up" >> "${optfile}"
+	echo "ipv6-up-script /lib/netifd/ppp-up" >> "${optfile}"
+	echo "ip-down-script /lib/netifd/ppp-down" >> "${optfile}"
+	echo "ipv6-down-script /lib/netifd/ppp-down" >> "${optfile}"
+	# Don't wait for LCP term responses; exit immediately when killed.
+	echo "lcp-max-terminate 0" >> "${optfile}"
+	echo "${ipv6:++ipv6} ${pppd_options}" >> "${optfile}"
+	echo "${mtu:+mtu $mtu mru $mtu}" >> "${optfile}"
+
+	xl2tpd-control add l2tp-${config} pppoptfile=${optfile} lns=${server} redial=yes redial timeout=20
+	xl2tpd-control connect l2tp-${config}
+}
+
+proto_l2tp_teardown() {
+	local interface="$1"
+	local optfile="/tmp/l2tp/options.${interface}"
+
+	case "$ERROR" in
+		11|19)
+			proto_notify_error "$interface" AUTH_FAILED
+			proto_block_restart "$interface"
+		;;
+		2)
+			proto_notify_error "$interface" INVALID_OPTIONS
+			proto_block_restart "$interface"
+		;;
+	esac
+
+	xl2tpd-control disconnect l2tp-${interface}
+	# Wait for interface to go down
+        while [ -d /sys/class/net/l2tp-${interface} ]; do
+		sleep 1
+	done
+
+	xl2tpd-control remove l2tp-${interface}
+	rm -f ${optfile}
+}
+
+[ -n "$INCLUDE_ONLY" ] || {
+	add_protocol l2tp
+}

net/xl2tpd/files/options.xl2tpd

@@ -0,0 +1,13 @@
+#
+
+lock
+noauth
+debug
+dump
+logfd 2
+logfile /var/log/xl2tpd.log
+noccp
+novj
+novjccomp
+nopcomp
+noaccomp

net/xl2tpd/files/xl2tp-secrets

@@ -0,0 +1,5 @@
+# Secrets for authenticating l2tp tunnels
+# us		them		secret
+# *		marko		blah2
+# zeus		marko		blah
+# *		*		interop

net/xl2tpd/files/xl2tpd.conf

@@ -0,0 +1,23 @@
+[global]
+port = 1701
+auth file = /etc/xl2tpd/xl2tp-secrets
+access control = no
+
+;[lns default]
+;exclusive = yes
+;ip range = 192.168.254.202-192.168.254.210
+;lac = 10.0.1.2
+;hidden bit = no
+;local ip = 192.168.254.200
+;length bit = yes
+;refuse authentication = yes
+;name = VersaLink
+;ppp debug = yes
+;pppoptfile = /etc/ppp/options.xl2tpd
+
+;[lac left]
+;lns = 10.0.1.2
+;refuse authentication = yes
+;name = VersaLink
+;ppp debug = yes
+;pppoptfile = /etc/ppp/options.xl2tpd

net/xl2tpd/files/xl2tpd.conf.sample

@@ -0,0 +1,73 @@
+;
+; Sample l2tpd configuration file
+;
+; This example file should give you some idea of how the options for l2tpd
+; should work.  The best place to look for a list of all options is in
+; the source code itself, until I have the time to write better documetation :)
+; Specifically, the file "file.c" contains a list of commands at the end.
+;
+; You most definitely don't have to spell out everything as it is done here
+;
+; [global]										; Global parameters:
+; port = 1701									; * Bind to port 1701
+; auth file = /etc/xl2tpd/xl2tp-secrets			; * Where our challenge secrets are
+; access control = yes							; * Refuse connections without IP match
+; rand source = dev								; Source for entropy for random
+; 												; numbers, options are:
+; 												; dev - reads of /dev/urandom
+; 												; sys - uses rand()
+; 												; egd - reads from egd socket
+; 												; egd is not yet implemented
+;
+; [lns default]									; Our fallthrough LNS definition
+; exclusive = no								; * Only permit one tunnel per host
+; ip range = 192.168.0.1-192.168.0.20			; * Allocate from this IP range
+; no ip range = 192.168.0.3-192.168.0.9			; * Except these hosts
+; ip range = 192.168.0.5						; * But this one is okay
+; ip range = lac1-lac2							; * And anything from lac1 to lac2's IP
+; lac = 192.168.1.4 - 192.168.1.8				; * These can connect as LAC's
+; no lac = untrusted.marko.net					; * This guy can't connect
+; hidden bit = no								; * Use hidden AVP's?
+; local ip = 192.168.1.2						; * Our local IP to use
+; length bit = yes								; * Use length bit in payload?
+; require chap = yes							; * Require CHAP auth. by peer
+; refuse pap = yes								; * Refuse PAP authentication
+; refuse chap = no								; * Refuse CHAP authentication
+; refuse authentication = no					; * Refuse authentication altogether
+; require authentication = yes					; * Require peer to authenticate
+; unix authentication = no						; * Use /etc/passwd for auth.
+; name = myhostname								; * Report this as our hostname
+; ppp debug = no								; * Turn on PPP debugging
+; pppoptfile = /etc/ppp/options.xl2tpd.lns		; * ppp options file
+; call rws = 10									; * RWS for call (-1 is valid)
+; tunnel rws = 4								; * RWS for tunnel (must be > 0)
+; flow bit = yes								; * Include sequence numbers
+; challenge = yes								; * Challenge authenticate peer ;
+;
+; [lac marko]									; Example VPN LAC definition
+; lns = lns.marko.net							; * Who is our LNS?
+; lns = lns2.marko.net							; * A backup LNS (not yet used)
+; redial = yes									; * Redial if disconnected?
+; redial timeout = 15							; * Wait n seconds between redials
+; max redials = 5								; * Give up after n consecutive failures
+; hidden bit = yes								; * User hidden AVP's?
+; local ip = 192.168.1.1						; * Force peer to use this IP for us
+; remote ip = 192.168.1.2						; * Force peer to use this as their IP
+; length bit = no								; * Use length bit in payload?
+; require pap = no								; * Require PAP auth. by peer
+; require chap = yes							; * Require CHAP auth. by peer
+; refuse pap = yes								; * Refuse PAP authentication
+; refuse chap = no								; * Refuse CHAP authentication
+; refuse authentication = no					; * Refuse authentication altogether
+; require authentication = yes					; * Require peer to authenticate
+; name = marko									; * Report this as our hostname
+; ppp debug = no								; * Turn on PPP debugging
+; pppoptfile = /etc/ppp/options.xl2tpd.marko	; * ppp options file for this lac
+; call rws = 10									; * RWS for call (-1 is valid)
+; tunnel rws = 4								; * RWS for tunnel (must be > 0)
+; flow bit = yes								; * Include sequence numbers
+; challenge = yes								; * Challenge authenticate peer
+;
+; [lac cisco]									; Another quick LAC
+; lns = cisco.marko.net							; * Required, but can take from default
+; require authentication = yes

net/xl2tpd/files/xl2tpd.init

@@ -0,0 +1,18 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2006-2010 OpenWrt.org
+
+START=60
+BIN=xl2tpd
+DEFAULT=/etc/default/$BIN
+RUN_D=/var/run
+PID_F=$RUN_D/$BIN.pid
+
+start() {
+	mkdir -p $RUN_D/$BIN
+	[ -f $DEFAULT ] && . $DEFAULT
+	$BIN $OPTIONS
+}
+
+stop() {
+	[ -f $PID_F ] && kill $(cat $PID_F)
+}