jonlundy/generate.sh

## generate.sh
#!/bin/bash

[ $# -ge 6 ] || {
	echo "Usage: $0 <NICK> <MAIL> <GPG> <AS> <ENDPOINT> <IPV4> [PORT]" >&2
	exit 1
}

# You may want to change variables below and check if "/etc/bird/bird-dn42.conf"
# is included in your bird-config (same for bird6 with bird6-dn42.conf)

# NO WARRANTY, REALLY READ THIS FILE BEFORE EXECUTING IT!

GPG="gpg"

LOCAL_ROUTER='bird' # or 'quagga'
LOCAL_NICK="prauscher"
LOCAL_AS="64720"
LOCAL_TUNNEL="rajesh.prauscher.de"
LOCAL_IPV4="172.22.120.2"
LOCAL_IPV6="fe80::$(printf "%x" $(( $RANDOM + 1 )) )"
LOCAL_PORT=52301
while grep -h -R "^lport $LOCAL_PORT" $(dirname "$0") > /dev/null; do
	LOCAL_PORT=$(( $LOCAL_PORT + 1 ))
done

REMOTE_NICK="$1"
REMOTE_AS="$4"
REMOTE_TUNNEL="$5"
REMOTE_IPV4="$6"
REMOTE_IPV6="fe80::$(printf "%x" $(( $RANDOM + 32768 )) )"
REMOTE_PORT="${7:-$LOCAL_PORT}"

MAIL="$2"
KEYID="$3"

# sanity checks

echo "$REMOTE_NICK" | grep -E "^[a-zA-Z0-9]{3,8}$" > /dev/null || {
	echo "REMOTE_NICK $REMOTE_NICK does not match ^[a-zA-Z0-9]{3,8}$"
	exit 101
}

echo "$REMOTE_AS" | grep -E "^[0-9]{1,10}$" > /dev/null || {
	echo "REMOTE_AS $REMOTE_AS does not match ^[0-9]{1,10}$"
	exit 102
}

[ $UID -eq 0 ] || {
	echo "need to run as root"
	exit 103
}

# generate openvpn-key
openvpn --genkey --secret /tmp/$$.key

# write our config
CONFIG="$(dirname $0)/${LOCAL_PORT:${#LOCAL_PORT}-2}-as$REMOTE_AS-$REMOTE_NICK.conf"
cat > "$CONFIG" <<EOT
mode p2p
remote $REMOTE_TUNNEL
lport $LOCAL_PORT
rport $REMOTE_PORT
proto udp
dev-type tun
dev dn42$NICK
tun-ipv6

comp-lzo
<secret>
$(cat /tmp/$$.key)
</secret>
user nobody
group nogroup
persist-key
persist-tun
status /tmp/dn42-openvpn-$REMOTE_NICK.status
log-append /tmp/dn42-openvpn-$REMOTE_NICK.log
ifconfig $LOCAL_IPV4 $REMOTE_IPV4
ifconfig-ipv6 $LOCAL_IPV6/64 $REMOTE_IPV6
EOT
openvpn --config "$CONFIG" &

if [ "$LOCAL_ROUTER" == "bird" ]; then
	cat >> /etc/bird/bird-dn42.conf <<EOT
protocol bgp dn42_$REMOTE_NICK from dn42_peer {
	neighbor $REMOTE_IPV4 as $REMOTE_AS;
}
EOT
	birdc configure
	cat >> /etc/bird/bird6-dn42.conf <<EOT
protocol bgp dn42_$REMOTE_NICK from dn42_peer {
	neighbor $REMOTE_IPV6 % "dn42$REMOTE_NICK" as $REMOTE_AS;
}
EOT
	birdc6 configure
else if [ "$LOCAL_ROUTER" == "quagga" ]; then
	cat >> /usr/bin/vtysh <<EOT
conf t
 router bgp $LOCAL_AS
  neighbor $REMOTE_IPV4 remote-as $REMOTE_AS
  neighbor $REMOTE_IPV6 remote-as $REMOTE_AS
  no neighbor $REMOTE_IPV6 activate
  address-family ipv6
   neighbor $REMOTE_IPV6 activate
 end
wr
EOT
fi

# write peer config
$GPG --keyserver pgp.mit.edu --recv-keys "$KEYID"

sendmail "$MAIL" <<EOT
To: $MAIL
Subject: DN42 peering with $LOCAL_NICK
Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="BOUNDARY"
Mime-Version: 1.0

multipart mail
--BOUNDARY
Content-Type: application/pgp-encrypted
Content-Transfer-Encoding: 7bit

Version: 1

--BOUNDARY
Content-Type: application/octet-stream; name="encrypted.asc"
Content-Description: This is a digitally encrypted message part
Content-Transfer-Encoding: 7bit

$($GPG --batch --armor --trust-model always --recipient "$MAIL" --encrypt <<EOC
Content-Type: multipart/mixed; boundary="INNERBOUNDARY"

multipart mail
--INNERBOUNDARY
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

Hello,

your configuration file is ready now. Please use the attached file to
establish the tunnel and then configure your router for BGP with the endpoints:

* $LOCAL_IPV4 for IPv4
* $LOCAL_IPV6 % 'dn42$LOCAL_NICK' for IPv6

Greetings,

$LOCAL_NICK (via a robot)

--INNERBOUNDARY
Content-Disposition: attachment; filename="dn42-$LOCAL_NICK.ovpn"
Content-Transfer-Encoding: 7bit
Content-Type: application/x-openvpn-profile; name="dn42-$LOCAL_NICK.ovpn"; charset="UTF-8"

mode p2p
remote $LOCAL_TUNNEL
lport $REMOTE_PORT
rport $LOCAL_PORT
proto udp
dev-type tun
dev dn42$LOCAL_NICK
tun-ipv6

comp-lzo
<secret>
$(cat /tmp/$$.key)
</secret>
user nobody
group nogroup
persist-key
persist-tun
status /tmp/dn42-openvpn-$LOCAL_NICK.status
log-append /tmp/dn42-openvpn-$LOCAL_NICK.log
ifconfig $REMOTE_IPV4 $LOCAL_IPV4
ifconfig-ipv6 $REMOTE_IPV6/64 $LOCAL_IPV6

--INNERBOUNDARY--
EOC
)
--BOUNDARY--
EOT

rm /tmp/$$.key
	#!/bin/bash

	[ $# -ge 6 ] \|\| {
	echo "Usage: $0 <NICK> <MAIL> <GPG> <AS> <ENDPOINT> <IPV4> [PORT]" >&2
	exit 1
	}

	# You may want to change variables below and check if "/etc/bird/bird-dn42.conf"
	# is included in your bird-config (same for bird6 with bird6-dn42.conf)

	# NO WARRANTY, REALLY READ THIS FILE BEFORE EXECUTING IT!

	GPG="gpg"

	LOCAL_ROUTER='bird' # or 'quagga'
	LOCAL_NICK="prauscher"
	LOCAL_AS="64720"
	LOCAL_TUNNEL="rajesh.prauscher.de"
	LOCAL_IPV4="172.22.120.2"
	LOCAL_IPV6="fe80::$(printf "%x" $(( $RANDOM + 1 )) )"
	LOCAL_PORT=52301
	while grep -h -R "^lport $LOCAL_PORT" $(dirname "$0") > /dev/null; do
	LOCAL_PORT=$(( $LOCAL_PORT + 1 ))
	done

	REMOTE_NICK="$1"
	REMOTE_AS="$4"
	REMOTE_TUNNEL="$5"
	REMOTE_IPV4="$6"
	REMOTE_IPV6="fe80::$(printf "%x" $(( $RANDOM + 32768 )) )"
	REMOTE_PORT="${7:-$LOCAL_PORT}"

	MAIL="$2"
	KEYID="$3"

	# sanity checks

	echo "$REMOTE_NICK" \| grep -E "^[a-zA-Z0-9]{3,8}$" > /dev/null \|\| {
	echo "REMOTE_NICK $REMOTE_NICK does not match ^[a-zA-Z0-9]{3,8}$"
	exit 101
	}

	echo "$REMOTE_AS" \| grep -E "^[0-9]{1,10}$" > /dev/null \|\| {
	echo "REMOTE_AS $REMOTE_AS does not match ^[0-9]{1,10}$"
	exit 102
	}

	[ $UID -eq 0 ] \|\| {
	echo "need to run as root"
	exit 103
	}

	# generate openvpn-key
	openvpn --genkey --secret /tmp/$$.key

	# write our config
	CONFIG="$(dirname $0)/${LOCAL_PORT:${#LOCAL_PORT}-2}-as$REMOTE_AS-$REMOTE_NICK.conf"
	cat > "$CONFIG" <<EOT
	mode p2p
	remote $REMOTE_TUNNEL
	lport $LOCAL_PORT
	rport $REMOTE_PORT
	proto udp
	dev-type tun
	dev dn42$NICK
	tun-ipv6

	comp-lzo
	<secret>
	$(cat /tmp/$$.key)
	</secret>
	user nobody
	group nogroup
	persist-key
	persist-tun
	status /tmp/dn42-openvpn-$REMOTE_NICK.status
	log-append /tmp/dn42-openvpn-$REMOTE_NICK.log
	ifconfig $LOCAL_IPV4 $REMOTE_IPV4
	ifconfig-ipv6 $LOCAL_IPV6/64 $REMOTE_IPV6
	EOT
	openvpn --config "$CONFIG" &

	if [ "$LOCAL_ROUTER" == "bird" ]; then
	cat >> /etc/bird/bird-dn42.conf <<EOT
	protocol bgp dn42_$REMOTE_NICK from dn42_peer {
	neighbor $REMOTE_IPV4 as $REMOTE_AS;
	}
	EOT
	birdc configure
	cat >> /etc/bird/bird6-dn42.conf <<EOT
	protocol bgp dn42_$REMOTE_NICK from dn42_peer {
	neighbor $REMOTE_IPV6 % "dn42$REMOTE_NICK" as $REMOTE_AS;
	}
	EOT
	birdc6 configure
	else if [ "$LOCAL_ROUTER" == "quagga" ]; then
	cat >> /usr/bin/vtysh <<EOT
	conf t
	router bgp $LOCAL_AS
	neighbor $REMOTE_IPV4 remote-as $REMOTE_AS
	neighbor $REMOTE_IPV6 remote-as $REMOTE_AS
	no neighbor $REMOTE_IPV6 activate
	address-family ipv6
	neighbor $REMOTE_IPV6 activate
	end
	wr
	EOT
	fi

	# write peer config
	$GPG --keyserver pgp.mit.edu --recv-keys "$KEYID"

	sendmail "$MAIL" <<EOT
	To: $MAIL
	Subject: DN42 peering with $LOCAL_NICK
	Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; boundary="BOUNDARY"
	Mime-Version: 1.0

	multipart mail
	--BOUNDARY
	Content-Type: application/pgp-encrypted
	Content-Transfer-Encoding: 7bit

	Version: 1

	--BOUNDARY
	Content-Type: application/octet-stream; name="encrypted.asc"
	Content-Description: This is a digitally encrypted message part
	Content-Transfer-Encoding: 7bit

	$($GPG --batch --armor --trust-model always --recipient "$MAIL" --encrypt <<EOC
	Content-Type: multipart/mixed; boundary="INNERBOUNDARY"

	multipart mail
	--INNERBOUNDARY
	Content-Type: text/plain
	Content-Transfer-Encoding: 7bit

	Hello,

	your configuration file is ready now. Please use the attached file to
	establish the tunnel and then configure your router for BGP with the endpoints:

	* $LOCAL_IPV4 for IPv4
	* $LOCAL_IPV6 % 'dn42$LOCAL_NICK' for IPv6

	Greetings,

	$LOCAL_NICK (via a robot)

	--INNERBOUNDARY
	Content-Disposition: attachment; filename="dn42-$LOCAL_NICK.ovpn"
	Content-Transfer-Encoding: 7bit
	Content-Type: application/x-openvpn-profile; name="dn42-$LOCAL_NICK.ovpn"; charset="UTF-8"

	mode p2p
	remote $LOCAL_TUNNEL
	lport $REMOTE_PORT
	rport $LOCAL_PORT
	proto udp
	dev-type tun
	dev dn42$LOCAL_NICK
	tun-ipv6

	comp-lzo
	<secret>
	$(cat /tmp/$$.key)
	</secret>
	user nobody
	group nogroup
	persist-key
	persist-tun
	status /tmp/dn42-openvpn-$LOCAL_NICK.status
	log-append /tmp/dn42-openvpn-$LOCAL_NICK.log
	ifconfig $REMOTE_IPV4 $LOCAL_IPV4
	ifconfig-ipv6 $REMOTE_IPV6/64 $LOCAL_IPV6

	--INNERBOUNDARY--
	EOC
	)
	--BOUNDARY--
	EOT

	rm /tmp/$$.key