Version 1.0: Get config vars by including conf-file

ufozone · Jan 31, 2023 · c578e73 · c578e73
1 parent 1d0e627
commit c578e73
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 22 deletions.
diff --git a/README.md b/README.md
@@ -5,6 +5,7 @@ UniFi: Reconfigure Auto IPsec VTI VPN with dynamic IP on one or both sites
 
 Development & Pull Request
 -----------
+
 Feel free to enhance the script. Pull requests against the master branch will be reviewed and merged.
 
 Installation
@@ -37,15 +38,24 @@ admin@USG-Pro-4:~$ sudo vi /config/scripts/post-config.d/vpn-site-to-site-reconf
 
 Input the content of the `vpn-site-to-site-reconfigure.sh`.
 
+Create configuration file with following commands:
+
+```
+admin@USG-Pro-4:~$ sudo touch /config/vpn-site-to-site.conf
+admin@USG-Pro-4:~$ sudo vi /config/vpn-site-to-site.conf
+```
+
+Input the content of the `vpn-site-to-site.conf`.
+
 Change the variables:
-| Variable          |Description                                                         | Values                       | Line |
-|-------------------|--------------------------------------------------------------------|------------------------------|------|
-| THIS_SITE         | Letter of current site. Each site must be different from the other | A or B                       |   11 |
-| SITE_A_HOST       | Hostname of site A                                                 | FQDN with final point        |   14 |
-| SITE_B_HOST       | Hostname of site B                                                 | FQDN with final point        |   15 |
-| PRE_SHARED_SECRET | Pre shared key                                                     | Secret with 24 or more bytes |   18 |
+| Variable          |Description                                                         | Values                       |
+|-------------------|--------------------------------------------------------------------|------------------------------|
+| THIS_SITE         | Letter of current site. Each site must be different from the other | A or B                       |
+| SITE_A_HOST       | Hostname of site A                                                 | FQDN with final point        |
+| SITE_B_HOST       | Hostname of site B                                                 | FQDN with final point        |
+| PRE_SHARED_SECRET | Pre shared key                                                     | Secret with 24 or more bytes |
 
-Make sure to convert the file to LF.
+Make sure to convert both files to LF.
 
 Execute the script:
 
@@ -139,7 +149,7 @@ The group has a different identifier? Please report it to me with log or screens
 The output is still empty? Then you don't have a valid IPsec VTI site-to-site VPN configuration. Is your USG provisioned since the VPN configuration?
 
 ### IKE group IKE0 not found in configuration. Abort.
-Same issue as  _ESP group ESP0 not found in configuration. Abort._  See above.
+Same issue as [ESP group ESP0 not found in configuration. Abort.](#esp-group-esp0-not-found-in-configuration-abort) See above.
 
 ### No local address found. Abort.
 The hostnames for site A and site B must be valid and up-to-date dyndns hosts. The specified domains must have an A record.
@@ -154,7 +164,7 @@ one.one.one.one has address 1.1.1.1
 If the domain can't be resolved, your USG has a problem with the DNS it uses.
 
 ### No remote address found. Abort.
-Same issue as  _No local address found. Abort._  See above.
+Same issue as [No local address found. Abort.](#no-local-address-found-abort) See above.
 
 
 Compatibility

diff --git a/...-config.d/vpn-site-to-site-reconfigure.sh → ...-config.d/vpn-site-to-site-reconfigure.sh b/...-config.d/vpn-site-to-site-reconfigure.sh → ...-config.d/vpn-site-to-site-reconfigure.sh
@@ -2,26 +2,31 @@
 # File: vpn-site-to-site-reconfigure.sh
 # Author: ufozone
 # Date: 2023-01-29
-# Version: 0.3
+# Version: 1.0
 # Desc: Site-to-Site VPN in Auto IPsec VTI mode does not detect a change of WAN IP address.
 #       This script checks periodically the current WAN IP addresses of both sites and 
 #       updates the configuration.
-
-# Which site is this? A or B?
-THIS_SITE="A"
-
-# Hostnames of both sites as FQDN with final point
-SITE_A_HOST="site-a.ddns.com."
-SITE_B_HOST="site-b.ddns.com."
-
-# Pre shared secret must be the same on both sites
-PRE_SHARED_SECRET="e72abd600a90eb0e733b7c8c856690c95d02819e"
-
-
+# 
 # DON'T CHANGE ANYTHING BELOW THIS LINE
 #######################################
+
+CONFIG="/config/vpn-site-to-site.conf"
 NAME="vpn-site-to-site-reconfigure"
 WR="/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper"
+
+if [[ ! -e $CONFIG ]]
+then
+	logger -t $NAME -- "File vpn-site-to-site.conf not found. Abort."
+	exit 1
+fi
+source $CONFIG
+
+if [[ ( ( "$THIS_SITE" != "A" ) && ( "$THIS_SITE" != "B" ) ) || ( "$SITE_A_HOST" == "" ) || ( "$SITE_B_HOST" == "" ) || ( "$PRE_SHARED_SECRET" == "" ) ]]
+then
+	logger -t $NAME -- "Configuration in vpn-site-to-site.conf is invalid. Abort."
+	exit 1
+fi
+
 if [[ "$THIS_SITE" == "A" ]]
 then
 	LOCAL_HOST=$SITE_A_HOST

diff --git a/config/vpn-site-to-site.conf b/config/vpn-site-to-site.conf
@@ -0,0 +1,13 @@
+######################################
+# Configuration for Site-to-Site VPN #
+######################################
+
+# Which site is this? A or B?
+THIS_SITE="A"
+
+# Hostnames of both sites as FQDN with final point
+SITE_A_HOST="site-a.ddns.com."
+SITE_B_HOST="site-b.ddns.com."
+
+# Pre shared secret must be the same on both sites
+PRE_SHARED_SECRET="e72abd600a90eb0e733b7c8c856690c95d02819e"