Brad, Christopher,
Thank you for your advices.
In a first time I give a try with ifstated which is better (i.e. more
generic) than what I would have coded.
* /etc/ifstated.conf
*********************
is_tunnel_up = "pppoe0.link.up"
is_tunnel_down = "!pppoe0.link.up"
state auto {
if $is_tunnel_down
set-state tunnel_is_down
}
state tunnel_is_up {
init {
run "/usr/sbin/tunnel_up.sh"
}
if $is_tunnel_down
set-state tunnel_is_down
}
state tunnel_is_down {
if $is_tunnel_up
set-state tunnel_is_up
}
*********************
* /usr/sbin/tunnel_up.sh
*********************
#!/bin/sh
# Revoke existing ipsec tunnel.
$ipsecctl -F
local_ipv4=`ifconfig pppoe0 | sed -nE 's/.+inet ([0-9.]+).+/\1/p'`
peer_ipv4=Y.Y.Y.Y
ifconfig gif0 tunnel $local_ipv4 $peer_ipv4
# Create a new ipsec tunnel.
ipsecctl -f /etc/ipsec.conf
*********************
Regards,
David
On Sun, Nov 24, 2013 at 10:12 PM, Christopher Zimmermann
<[email protected]> wrote:
> On Sun, 24 Nov 2013 20:40:21 +0100 David Keller
> <[email protected]> wrote:
>
>> Hello,
>>
>> ***************
>> * My setup
>>
>> Say I have a router using pppoe to connect to internet.
>> It gets a different ip address from the ISP every day.
>>
>> From this router I want to create a gif tunnel to a static-ip host.
>>
>> ***************
>> * My problem
>>
>> How can I ensure the src outer address of the gif interface sticks to
>> the pppoe dynamic-ip ?
>>
>> ***************
>> * My solution
>>
>> I was thinking about updating the gif interface when the pppoe link
>> changes its IP using a userland daemon
>> which monitors the interface and executes user scripts.
>>
>> ***************
>> * Your feeling
>>
>> 1) Is this a good idea ?
>> 2) Does this daemon already exist ?
>> 2.1) If I write it, would you like me to share it ?
>>
>> Regards,
>>
>> David
>>
>
>
> Here's how I do it:
>
> #!/bin/sh
>
> LastIP=0.0.0.0
> Route=no
> Tunnel=no
> Dyndns=no
>
> while true
> do
>
> CurrIP=`ifconfig pppoe0 |awk '/inet / {print $2}'`
> #CurrIP=`ftp -o - 'http://www.meine-aktuelle-ip.de/' 2>/dev/null |sed -n
> "s%^.*Ihre aktuelle IP Adresse: \(.*\)<br />.*$%\1%p"`
>
> # Check validity of $CurrIP
> ping -c1 -w1 -- "$CurrIP" 2>&1 >/dev/null || CurrIP=0.0.0.0
>
> TunnelRemoteV4=`ifconfig gif0 |awk '/physical address inet / {print $6}'`
>
> # Delete old route when dynamic IP has changed
> if [ "$CurrIP" != "$LastIP" ]
> then
> if [ "$Route" = yes ]
> then
> route delete "$LastIP" localhost
> fi
> Route=no
> Tunnel=no
> Dyndns=no
> fi
>
> if [ "$CurrIP" != 0.0.0.0 ]
> then
> # Send mail only when something needs to be done
> if [ "$Route" != yes -o "$Dyndns" != yes -o "$Tunnel" != yes ]
> then
> mail -s "`hostname` dynamic IP update to $CurrIP" root |&
> exec 5>&p
> echo "Current IP is $CurrIP" >&5
> echo "Last IP was $LastIP" >&5
> echo "Last status: $Route, Tunnel: $Tunnel, Dyndns: $Dyndns\n" >&5
> echo >&5
> else
> exec 5>&2
> fi
>
> LastIP="$CurrIP"
>
> if [ "$Route" != yes ]
> then
> echo -n "Adding route: " >&5
> Reply=`route add "$CurrIP" localhost 2>/dev/null`
> case "$Reply" in
> "add host $CurrIP: gateway localhost")
> echo "success - $Reply" >&5
>
> Route=yes
> ;;
> "add host $CurrIP: gateway localhost: File exists")
> echo "success - $Reply" >&5
>
> Route=yes
> ;;
> *)
> echo "failed - $Reply" >&5
>
> Route=failed
> ;;
> esac
> fi
>
> if [ "$Tunnel" != yes ]
> then
> echo -n "Adding tunnel: " >&5
> if ifconfig gif0 tunnel "$CurrIP" "$TunnelRemoteV4"
> then
> echo success: >&5
> ifconfig gif0 >&5
> Tunnel=yes
> else
> echo failed. >&5
> Tunnel=failed
> fi
> fi
>
> if [ "$Dyndns" != yes ]
> then
> for URL in \
>
> 'http://ipv4.cloudns.net/api/dynamicURL/?q=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
> \
>
> 'http://ipv4.cloudns.net/api/dynamicURL/?q=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
> \
>
> 'http://ipv4.cloudns.net/api/dynamicURL/?q=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
> do
> echo >&5
> echo "Updating ClouDNS \"$URL\"" >&5
>
> Reply=`ftp -Vo - "$URL" 2>&1`
>
> Dyndns=yes
> case "$Reply" in
> Updated*)
> echo "success - $Reply" >&5
> ;;
> OK)
> echo "success - $Reply" >&5
> ;;
> "ERROR:\ Address\ $CurrIP\ has\ not\ changed.")
> echo "Not changed: $Reply" >&5
> ;;
> ERROR*)
> echo "$Reply" >&5
>
> Dyndns=failed
> ;;
> *)
> echo "Unknown reply - $Reply" >&5
> Dyndns=failed
> ;;
> esac
> done
> fi
>
> exec 5>&-
>
> # Send heartbeat to IPv6 tunnel peer -needed every 60 seconds.
> if [ -n "$TunnelRemoteV4" ]
> then
> # inspired by heartbeat script written by Oliver Walter <[email protected]>
> Passphrase='XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
> RemoteV6='2001:4dd0:ff00:12a8::1'
> LocalV6='2001:4dd0:ff00:12a8::2'
>
> HB="HEARTBEAT TUNNEL $LocalV6 sender `date +%s`"
> echo -n "$HB `echo -n "$HB" "$Passphrase" |md5`" \
> |nc -w1 -u "$TunnelRemoteV4" 3740
> fi
> fi
>
> sleep 55
> done
>
>
>
> also in /etc/daily.local I do
>
> next_part "Force pppoe0 reconnect:"
> ifconfig pppoe0 down
> ifconfig pppoe0 up
> # wait for reconnect
> sleep 35
> ifconfig pppoe0
>
>
>
> Have fun!
> Christopher
>
> --
> http://gmerlin.de
> OpenPGP: http://gmerlin.de/christopher.pub
> F190 D013 8F01 AA53 E080 3F3C F17F B0A1 D44E 4FEE
