1 #!/bin/sh /etc/rc.common
7 config_get port
$1 port
"4443"
8 config_get max_clients
$1 max_clients
"8"
9 config_get max_same
$1 max_same
"2"
10 config_get dpd
$1 dpd
"120"
11 config_get predictable_ips
$1 predictable_ips
"1"
12 config_get compression
$1 compression
"0"
13 config_get udp
$1 udp
"1"
14 config_get auth
$1 auth
"plain"
15 config_get cisco_compat
$1 cisco_compat
"1"
16 config_get ipaddr
$1 ipaddr
"192.168.100.0"
17 config_get netmask
$1 netmask
"255.255.255.0"
18 config_get ip6addr
$1 ip6addr
""
19 config_get default_domain
$1 default_domain
""
21 enable_default_domain
="#"
23 enable_compression
="#"
24 test $predictable_ips = "0" && predictable_ips
="false"
25 test $predictable_ips = "1" && predictable_ips
="true"
26 test $cisco_compat = "0" && cisco_compat
="false"
27 test $cisco_compat = "1" && cisco_compat
="true"
28 test $udp = "1" && enable_udp
=""
29 test $compression = "1" && enable_compression
=""
30 test -z $default_domain && enable_default_domain
=""
31 test -z $ip6addr && enable_ipv6
="#"
33 ipv6_addr
=`echo $ip6addr|cut -d '/' -f 1`
34 ipv6_prefix
=`echo $ip6addr|cut -d '/' -f 2`
36 test $auth = "plain" && authsuffix
="\[passwd=/var/etc/ocpasswd\]"
39 hostname
=`uci show ddns 2>/dev/null|grep domain|head -1|cut -d '=' -f 2`
40 [ -n "$hostname" ] && dyndns
="true"
43 sed -e "s/|PORT|/$port/g" \
44 -e "s/|MAX_CLIENTS|/$max_clients/g" \
45 -e "s/|MAX_SAME|/$max_same/g" \
47 -e "s#|AUTH|#$auth$authsuffix#g" \
48 -e "s#|DYNDNS|#$dyndns#g" \
49 -e "s/|PREDICTABLE_IPS|/$predictable_ips/g" \
50 -e "s/|DEFAULT_DOMAIN|/$default_domain/g" \
51 -e "s/|ENABLE_DEFAULT_DOMAIN|/$enable_default_domain/g" \
52 -e "s/|CISCO_COMPAT|/$cisco_compat/g" \
53 -e "s/|UDP|/$enable_udp/g" \
54 -e "s/|COMPRESSION|/$enable_compression/g" \
55 -e "s/|IPV4ADDR|/$ipaddr/g" \
56 -e "s/|NETMASK|/$netmask/g" \
57 -e "s/|IPV6ADDR|/$ipv6_addr/g" \
58 -e "s/|IPV6PREFIX|/$ipv6_prefix/g" \
59 -e "s/|ENABLE_IPV6|/$enable_ipv6/g" \
60 /etc
/ocserv
/ocserv.conf.template
> /var
/etc
/ocserv.conf
68 config_get name
$1 name
69 config_get group
$1 group
'*'
70 config_get password
$1 password
72 [ -z "$name" -o -z "$password" ] && return
74 echo "$name:$group:$password" >> /var
/etc
/ocpasswd
81 config_get netmask
$1 netmask
83 [ -z "$ip" -o -z "$netmask" ] && return
85 echo "route = $ip/$netmask" >> /var
/etc
/ocserv.conf
93 [ -z "$ip" ] && return
95 echo "dns = $ip" >> /var
/etc
/ocserv.conf
101 hostname
=`uci show ddns 2>/dev/null|grep domain|head -1|cut -d '=' -f 2`
102 [ -z "$hostname" ] && hostname
=`uci get system.@system[0].hostname 2>/dev/null`
104 [ -f /etc
/config
/ocserv-dir
/ca-key.pem
] && mv /etc
/config
/ocserv-dir
/ca-key.pem
/etc
/ocserv
/ca-key.pem
105 [ -f /etc
/config
/ocserv-dir
/ca.pem
] && mv /etc
/config
/ocserv-dir
/ca.pem
/etc
/ocserv
/ca.pem
106 [ -f /etc
/config
/ocserv-dir
/server-key.pem
] && mv /etc
/config
/ocserv-dir
/server-key.pem
/etc
/ocserv
/server-key.pem
107 [ -f /etc
/config
/ocserv-dir
/server-cert.pem
] && mv /etc
/config
/ocserv-dir
/server-cert.pem
/etc
/ocserv
/server-cert.pem
108 [ -d /etc
/config
/ocserv-dir
] && rmdir /etc
/config
/ocserv-dir
110 [ ! -f /etc
/ocserv
/ca-key.pem
] && [ -x /usr
/bin
/certtool
] && {
111 logger
-t ocserv
"Generating CA certificate..."
112 mkdir
-p /etc
/ocserv
/pki
/
113 certtool
--bits 2048 --generate-privkey --outfile /etc
/ocserv
/ca-key.pem
>/dev
/null
2>&1
114 echo "cn=$hostname CA" >/etc
/ocserv
/pki
/ca.tmpl
115 echo "expiration_days=-1" >>/etc
/ocserv
/pki
/ca.tmpl
116 echo "serial=1" >>/etc
/ocserv
/pki
/ca.tmpl
117 echo "ca" >>/etc
/ocserv
/pki
/ca.tmpl
118 echo "cert_signing_key" >>/etc
/ocserv
/pki
/ca.tmpl
120 certtool
--template /etc
/ocserv
/pki
/ca.tmpl \
121 --generate-self-signed --load-privkey /etc
/ocserv
/ca-key.pem \
122 --outfile /etc
/ocserv
/ca.pem
>/dev
/null
2>&1
125 #generate server certificate/key
126 [ ! -f /etc
/ocserv
/server-key.pem
] && [ -x /usr
/bin
/certtool
] && {
127 logger
-t ocserv
"Generating server certificate..."
128 mkdir
-p /etc
/ocserv
/pki
/
129 certtool
--bits 2048 --generate-privkey --outfile /etc
/ocserv
/server-key.pem
>/dev
/null
2>&1
130 echo "cn=$hostname" >/etc
/ocserv
/pki
/server.tmpl
131 echo "serial=2" >>/etc
/ocserv
/pki
/server.tmpl
132 echo "expiration_days=-1" >>/etc
/ocserv
/pki
/server.tmpl
133 echo "signing_key" >>/etc
/ocserv
/pki
/server.tmpl
134 echo "encryption_key" >>/etc
/ocserv
/pki
/server.tmpl
135 certtool
--template /etc
/ocserv
/pki
/server.tmpl \
136 --generate-certificate --load-privkey /etc
/ocserv
/server-key.pem \
137 --load-ca-certificate /etc
/ocserv
/ca.pem
--load-ca-privkey \
138 /etc
/ocserv
/ca-key.pem
--outfile /etc
/ocserv
/server-cert.pem
>/dev
/null
2>&1
141 [ -f /var
/run
/ocserv.pid
] ||
{
142 touch /var
/run
/ocserv.pid
143 chown ocserv
:ocserv
/var
/run
/ocserv.pid
145 [ -d /var
/lib
/ocserv
] ||
{
146 mkdir
-m 0755 -p /var
/lib
/ocserv
147 chmod 0700 /var
/lib
/ocserv
148 chown ocserv
:ocserv
/var
/lib
/ocserv
153 rm -f /var
/etc
/ocserv.conf
154 touch /var
/etc
/ocserv.conf
156 config_foreach setup_routes routes
157 config_foreach setup_dns dns
159 rm -f /var
/etc
/ocpasswd
160 touch /var
/etc
/ocpasswd
161 chmod 600 /var
/etc
/ocpasswd
162 config_foreach setup_users ocservusers
165 procd_set_param
command /usr
/sbin
/ocserv
-f -c /var
/etc
/ocserv.conf
166 procd_set_param respawn