X-Git-Url: https://git.rrq.au/?a=blobdiff_plain;f=rrqnet-cron.sh.8.adoc;h=d2f208bf7382f81dc7d7e5148fc5a097d5230ed6;hb=a77a1d322d74a02c08bb1be3ddfa062874225865;hp=3c6e39f421d52ac059392b7cd27572db5b9f32ba;hpb=c593cf1bd8dc2bfe6c0e6958757f30944ea3ab50;p=rrq%2Frrqnet.git diff --git a/rrqnet-cron.sh.8.adoc b/rrqnet-cron.sh.8.adoc index 3c6e39f..d2f208b 100644 --- a/rrqnet-cron.sh.8.adoc +++ b/rrqnet-cron.sh.8.adoc @@ -14,9 +14,9 @@ SYNOPSIS DESCRIPTION ----------- -*rrqnet-cron.sh* is a management script for upholding a *rrqnet* plug -for a nominated VPN confguration. The given _vpn_, or several, is the -pathname relative to the configuration root directory and with a +*rrqnet-cron.sh* is a management script for upholding an *rrqnet* plug +for a nominated VPN confguration. The given _vpn_ (or the several) is +the pathname relative to the configuration root directory and with a +.conf+ extension added, as in +/etc/rrqnet/conf.d/+*vpn*+.conf+. The following is a configuration file example: @@ -62,13 +62,12 @@ PORT=2020 VPN=( 0.0.0.0/0=/etc/rrqnet/keys/example.key ) ---- -That "server" declaration is allows UDP packets from any host and -port, requiring the them to use the same transport encryption key. The -*rrqnet* "server" plug then works like a switch, which forwards -packets between connections as well as to and from the tap. Actual -connections are identified by the remote MAC addresses, and it's up to -the remote ends to resolve IP addresses to the MAC addresses on the -virtual net, which in the example would be +192.168.10.0/24+. +That "server" declaration allows UDP packets from any host and port, +requiring the them to use the same transport encryption key. The +*rrqnet* "server" plug then works like a switch that forwards packets +between connections as well as to and from the tap. Connections are +identified by the remote MAC addresses, and it's up to the remote ends +to resolve IP addresses to the MAC addresses on the virtual net. The +VPN+ variable may have multiple remote declarations, and include both up-links and down-links, with or without thransport encryption @@ -77,42 +76,29 @@ keys. E.g., VPN=( 192.168.0.0/16:1400 10.61.4.72:2020=/sec/example.key ) ---- -A VPN assignment like that would both allow remotes in IP range -+192.168.0.0/16+, port 1400, without transport key, and have an -up-link to that example "server" remote above (though, for the sake of -example, having its key residing at a different pathname). +A VPN assignment like the above would downlink remotes in IP range ++192.168.0.0/16+, port 1400, without transport key, and uplink to ++10.61.4.72:2020+. crontab set up ~~~~~~~~~~~~~~ The script *rrqnet-cron.sh* is intended to be set up in *crontab*, by -a line as follows: +a line such as the following: ---- * * * * * /usr/local/sbin/rrqnet-cron.sh tap0-client ---- By that *crontab* line, the script will be invoked every minute for -unsuting that the *rrqnet* plug declared by -+/etc/rrqnet/conf.d/tap0-client.conf+, is still running, and otherwise -start or restart it. - -The script uses a lock file that gets named by the `TAP` assignment, -as in +/var/lock/rrqnet-tap0+, for the example. This allows an -alternative management set up, for a *rrqnet* cable to be maintained -with an almost immediate restart when it goes down, through a simple -loop like the following: ----- -# while flock /var/lock/rrqnet-tap0 ; do rrqnet-cron.sh tap0 done ----- -That control loop would be waiting for the running *rrqnet* to release -the file lock on +/var/lock/rrqnet-tap0+, and then, almost immediately -restart the virtual cable. +ensuring that the *rrqnet* plug declared by ++/etc/rrqnet/conf.d/tap0-client.conf+ is still running or otherwise +restart it. NOTES ----- Note that *rrqnet-cron.sh* sources the configuration file and exits -after optionally spawning a *rrqnet* daemon. On may therefore safely +after optionally spawning an *rrqnet* daemon. On may therefore safely just change the cable set up, and kill *rrqnet* in order apply that changed set up.