1 #!/bin/sh /etc/rc.common
6 .
$IPKG_INSTROOT/lib
/functions
/network.sh
9 config_get port
$1 port
"4443"
10 config_get max_clients
$1 max_clients
"8"
11 config_get max_same
$1 max_same
"2"
12 config_get dpd
$1 dpd
"120"
13 config_get predictable_ips
$1 predictable_ips
"1"
14 config_get compression
$1 compression
"0"
15 config_get udp
$1 udp
"1"
16 config_get udp_port
$1 udp_port
""
17 config_get auth
$1 auth
"plain"
18 config_get cisco_compat
$1 cisco_compat
"1"
19 config_get ipaddr
$1 ipaddr
""
20 config_get netmask
$1 netmask
""
21 config_get ip6addr
$1 ip6addr
""
22 config_get proxy_arp
$1 proxy_arp
"0"
23 config_get ping_leases
$1 ping_leases
"0"
24 config_get split_dns
$1 split_dns
"0"
25 config_get default_domain
$1 default_domain
""
27 # Enable proxy arp, and make sure that ping leases is set to true in that case,
28 # to prevent conflicts.
29 if test "$proxy_arp" = 1;then
31 # IP address is empty. Auto-configure LAN + VPN.
32 if test -z "$ipaddr";then
34 mask
=$
(uci get network.lan.netmask
)
35 if test "$mask" = "255.255.255.0";then
36 uci
set dhcp.lan.start
=100
37 uci
set dhcp.lan.limit
=91
39 network_get_ipaddr ip lan
40 ipaddr
="$(echo $ip|cut -d . -f1,2,3).192"
41 netmask
="255.255.255.192"
44 if test -z "$ip6addr";then
45 network_get_ipaddr6 ip6addr lan
47 test -n "$ip6addr" && ip6addr
="$ip6addr/96"
52 if network_get_device ifname lan
; then
53 test -n "$ipaddr" && sysctl
-w "net.ipv4.conf.$ifname.proxy_arp"=1 >/dev
/null
54 test -n "$ip6addr" && sysctl
-w "net.ipv6.conf.$ifname.proxy_ndp"=1 >/dev
/null
57 test -z "$ipaddr" && ipaddr
="192.168.100.0"
58 test -z "$netmask" && netmask
="255.255.255.0"
61 enable_default_domain
="#"
63 enable_compression
="#"
65 test $predictable_ips = "0" && predictable_ips
="false"
66 test $predictable_ips = "1" && predictable_ips
="true"
67 test $cisco_compat = "0" && cisco_compat
="false"
68 test $cisco_compat = "1" && cisco_compat
="true"
69 test $ping_leases = "0" && ping_leases
="false"
70 test $ping_leases = "1" && ping_leases
="true"
71 test $udp = "1" && enable_udp
=""
72 test $split_dns = "1" && enable_split_dns
=""
73 test $compression = "1" && enable_compression
=""
75 test -z $udp_port && udp_port
="$port"
76 test -z $default_domain && default_domain
=$
(uci get dhcp.@dnsmasq
[0].domain
)
77 test -n $default_domain && enable_default_domain
=""
78 test -z $ip6addr && enable_ipv6
="#"
80 test $auth = "plain" && authsuffix
="\[passwd=/var/etc/ocpasswd\]"
83 hostname
=`uci show ddns 2>/dev/null|grep domain|head -1|cut -d '=' -f 2`
84 [ -n "$hostname" ] && dyndns
="true"
87 sed -e "s#|PORT|#$port#g" \
88 -e "s#|UDP_PORT|#$udp_port#g" \
89 -e "s#|MAX_CLIENTS|#$max_clients#g" \
90 -e "s#|MAX_SAME|#$max_same#g" \
92 -e "s#|AUTH|#$auth$authsuffix#g" \
93 -e "s#|DYNDNS|#$dyndns#g" \
94 -e "s#|PREDICTABLE_IPS|#$predictable_ips#g" \
95 -e "s#|DEFAULT_DOMAIN|#$default_domain#g" \
96 -e "s#|ENABLE_DEFAULT_DOMAIN|#$enable_default_domain#g" \
97 -e "s#|ENABLE_SPLIT_DNS|#$enable_split_dns#g" \
98 -e "s#|CISCO_COMPAT|#$cisco_compat#g" \
99 -e "s#|PING_LEASES|#$ping_leases#g" \
100 -e "s#|UDP|#$enable_udp#g" \
101 -e "s#|COMPRESSION|#$enable_compression#g" \
102 -e "s#|IPV4ADDR|#$ipaddr#g" \
103 -e "s#|NETMASK|#$netmask#g" \
104 -e "s#|IPV6ADDR|#$ip6addr#g" \
105 -e "s#|ENABLE_IPV6|#$enable_ipv6#g" \
106 /etc
/ocserv
/ocserv.conf.template
> /var
/etc
/ocserv.conf
108 test -f /etc
/ocserv
/ocserv.conf.
local && cat /etc
/ocserv
/ocserv.conf.
local >> /var
/etc
/ocserv.conf
116 config_get name
$1 name
117 config_get group
$1 group
'*'
118 config_get password
$1 password
120 [ -z "$name" -o -z "$password" ] && return
122 echo "$name:$group:$password" >> /var
/etc
/ocpasswd
129 config_get netmask
$1 netmask
131 [ -z "$ip" -o -z "$netmask" ] && return
133 echo "route = $ip/$netmask" >> /var
/etc
/ocserv.conf
141 [ -z "$ip" ] && return
143 echo "dns = $ip" >> /var
/etc
/ocserv.conf
149 hostname
=`uci show ddns 2>/dev/null|grep domain|head -1|cut -d '=' -f 2`
150 [ -z "$hostname" ] && hostname
=`uci get system.@system[0].hostname 2>/dev/null`
152 [ -f /etc
/config
/ocserv-dir
/ca-key.pem
] && mv /etc
/config
/ocserv-dir
/ca-key.pem
/etc
/ocserv
/ca-key.pem
153 [ -f /etc
/config
/ocserv-dir
/ca.pem
] && mv /etc
/config
/ocserv-dir
/ca.pem
/etc
/ocserv
/ca.pem
154 [ -f /etc
/config
/ocserv-dir
/server-key.pem
] && mv /etc
/config
/ocserv-dir
/server-key.pem
/etc
/ocserv
/server-key.pem
155 [ -f /etc
/config
/ocserv-dir
/server-cert.pem
] && mv /etc
/config
/ocserv-dir
/server-cert.pem
/etc
/ocserv
/server-cert.pem
156 [ -d /etc
/config
/ocserv-dir
] && rmdir /etc
/config
/ocserv-dir
158 [ ! -f /etc
/ocserv
/ca-key.pem
] && [ -x /usr
/bin
/certtool
] && {
159 logger
-t ocserv
"Generating CA certificate..."
160 mkdir
-p /etc
/ocserv
/pki
/
161 certtool
--bits 2048 --generate-privkey --outfile /etc
/ocserv
/ca-key.pem
>/dev
/null
2>&1
162 echo "cn=$hostname CA" >/etc
/ocserv
/pki
/ca.tmpl
163 echo "expiration_days=-1" >>/etc
/ocserv
/pki
/ca.tmpl
164 echo "serial=1" >>/etc
/ocserv
/pki
/ca.tmpl
165 echo "ca" >>/etc
/ocserv
/pki
/ca.tmpl
166 echo "cert_signing_key" >>/etc
/ocserv
/pki
/ca.tmpl
168 certtool
--template /etc
/ocserv
/pki
/ca.tmpl \
169 --generate-self-signed --load-privkey /etc
/ocserv
/ca-key.pem \
170 --outfile /etc
/ocserv
/ca.pem
>/dev
/null
2>&1
173 #generate server certificate/key
174 [ ! -f /etc
/ocserv
/server-key.pem
] && [ -x /usr
/bin
/certtool
] && {
175 logger
-t ocserv
"Generating server certificate..."
176 mkdir
-p /etc
/ocserv
/pki
/
177 certtool
--bits 2048 --generate-privkey --outfile /etc
/ocserv
/server-key.pem
>/dev
/null
2>&1
178 echo "cn=$hostname" >/etc
/ocserv
/pki
/server.tmpl
179 echo "serial=2" >>/etc
/ocserv
/pki
/server.tmpl
180 echo "expiration_days=-1" >>/etc
/ocserv
/pki
/server.tmpl
181 echo "signing_key" >>/etc
/ocserv
/pki
/server.tmpl
182 echo "encryption_key" >>/etc
/ocserv
/pki
/server.tmpl
183 certtool
--template /etc
/ocserv
/pki
/server.tmpl \
184 --generate-certificate --load-privkey /etc
/ocserv
/server-key.pem \
185 --load-ca-certificate /etc
/ocserv
/ca.pem
--load-ca-privkey \
186 /etc
/ocserv
/ca-key.pem
--outfile /etc
/ocserv
/server-cert.pem
>/dev
/null
2>&1
189 [ -f /var
/run
/ocserv.pid
] ||
{
190 touch /var
/run
/ocserv.pid
191 chown ocserv
:ocserv
/var
/run
/ocserv.pid
193 [ -d /var
/lib
/ocserv
] ||
{
194 mkdir
-m 0755 -p /var
/lib
/ocserv
195 chmod 0700 /var
/lib
/ocserv
196 chown ocserv
:ocserv
/var
/lib
/ocserv
201 rm -f /var
/etc
/ocserv.conf
202 touch /var
/etc
/ocserv.conf
204 config_foreach setup_routes routes
205 config_foreach setup_dns dns
207 rm -f /var
/etc
/ocpasswd
208 touch /var
/etc
/ocpasswd
209 chmod 600 /var
/etc
/ocpasswd
210 config_foreach setup_users ocservusers
213 procd_set_param
command /usr
/sbin
/ocserv
-f -c /var
/etc
/ocserv.conf
214 procd_set_param respawn