projects / feed / packages.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge pull request #1429 from jow-/sysstat-musl-compat
[feed/packages.git] / net / ocserv / files / ocserv.init
1 #!/bin/sh /etc/rc.common
2
3 START=50
4 USE_PROCD=1
5
6 setup_config() {
7 config_get port $1 port "4443"
8 config_get max_clients $1 max_clients "8"
9 config_get max_same $1 max_same "2"
10 config_get dpd $1 dpd "120"
11 config_get predictable_ips $1 predictable_ips "1"
12 config_get compression $1 compression "0"
13 config_get udp $1 udp "1"
14 config_get auth $1 auth "plain"
15 config_get cisco_compat $1 cisco_compat "1"
16 config_get ipaddr $1 ipaddr "192.168.100.0"
17 config_get netmask $1 netmask "255.255.255.0"
18 config_get ip6addr $1 ip6addr ""
19 config_get default_domain $1 default_domain ""
20
21 enable_default_domain="#"
22 enable_udp="#"
23 enable_compression="#"
24 test $predictable_ips = "0" && predictable_ips="false"
25 test $predictable_ips = "1" && predictable_ips="true"
26 test $cisco_compat = "0" && cisco_compat="false"
27 test $cisco_compat = "1" && cisco_compat="true"
28 test $udp = "1" && enable_udp=""
29 test $compression = "1" && enable_compression=""
30 test -z $default_domain && enable_default_domain=""
31 test -z $ip6addr && enable_ipv6="#"
32
33 ipv6_addr=`echo $ip6addr|cut -d '/' -f 1`
34 ipv6_prefix=`echo $ip6addr|cut -d '/' -f 2`
35
36 test $auth = "plain" && authsuffix="\[passwd=/var/etc/ocpasswd\]"
37
38 dyndns="false"
39 hostname=`uci show ddns 2>/dev/null|grep domain|head -1|cut -d '=' -f 2`
40 [ -n "$hostname" ] && dyndns="true"
41
42 mkdir -p /var/etc
43 sed -e "s/|PORT|/$port/g" \
44 -e "s/|MAX_CLIENTS|/$max_clients/g" \
45 -e "s/|MAX_SAME|/$max_same/g" \
46 -e "s/|DPD|/$dpd/g" \
47 -e "s#|AUTH|#$auth$authsuffix#g" \
48 -e "s#|DYNDNS|#$dyndns#g" \
49 -e "s/|PREDICTABLE_IPS|/$predictable_ips/g" \
50 -e "s/|DEFAULT_DOMAIN|/$default_domain/g" \
51 -e "s/|ENABLE_DEFAULT_DOMAIN|/$enable_default_domain/g" \
52 -e "s/|CISCO_COMPAT|/$cisco_compat/g" \
53 -e "s/|UDP|/$enable_udp/g" \
54 -e "s/|COMPRESSION|/$enable_compression/g" \
55 -e "s/|IPV4ADDR|/$ipaddr/g" \
56 -e "s/|NETMASK|/$netmask/g" \
57 -e "s/|IPV6ADDR|/$ipv6_addr/g" \
58 -e "s/|IPV6PREFIX|/$ipv6_prefix/g" \
59 -e "s/|ENABLE_IPV6|/$enable_ipv6/g" \
60 /etc/ocserv/ocserv.conf.template > /var/etc/ocserv.conf
61 }
62
63 setup_users() {
64 local name
65 local group
66 local password
67
68 config_get name $1 name
69 config_get group $1 group '*'
70 config_get password $1 password
71
72 [ -z "$name" -o -z "$password" ] && return
73
74 echo "$name:$group:$password" >> /var/etc/ocpasswd
75 }
76
77 setup_routes() {
78 local routes
79
80 config_get ip $1 ip
81 config_get netmask $1 netmask
82
83 [ -z "$ip" -o -z "$netmask" ] && return
84
85 echo "route = $ip/$netmask" >> /var/etc/ocserv.conf
86 }
87
88 setup_dns() {
89 local routes
90
91 config_get ip $1 ip
92
93 [ -z "$ip" ] && return
94
95 echo "dns = $ip" >> /var/etc/ocserv.conf
96 }
97
98 start_service() {
99 local hostname iface
100
101 hostname=`uci show ddns 2>/dev/null|grep domain|head -1|cut -d '=' -f 2`
102 [ -z "$hostname" ] && hostname=`uci get system.@system[0].hostname 2>/dev/null`
103
104 [ -f /etc/config/ocserv-dir/ca-key.pem ] && mv /etc/config/ocserv-dir/ca-key.pem /etc/ocserv/ca-key.pem
105 [ -f /etc/config/ocserv-dir/ca.pem ] && mv /etc/config/ocserv-dir/ca.pem /etc/ocserv/ca.pem
106 [ -f /etc/config/ocserv-dir/server-key.pem ] && mv /etc/config/ocserv-dir/server-key.pem /etc/ocserv/server-key.pem
107 [ -f /etc/config/ocserv-dir/server-cert.pem ] && mv /etc/config/ocserv-dir/server-cert.pem /etc/ocserv/server-cert.pem
108 [ -d /etc/config/ocserv-dir ] && rmdir /etc/config/ocserv-dir
109
110 [ ! -f /etc/ocserv/ca-key.pem ] && [ -x /usr/bin/certtool ] && {
111 logger -t ocserv "Generating CA certificate..."
112 mkdir -p /etc/ocserv/pki/
113 certtool --bits 2048 --generate-privkey --outfile /etc/ocserv/ca-key.pem >/dev/null 2>&1
114 echo "cn=$hostname CA" >/etc/ocserv/pki/ca.tmpl
115 echo "expiration_days=-1" >>/etc/ocserv/pki/ca.tmpl
116 echo "serial=1" >>/etc/ocserv/pki/ca.tmpl
117 echo "ca" >>/etc/ocserv/pki/ca.tmpl
118 echo "cert_signing_key" >>/etc/ocserv/pki/ca.tmpl
119
120 certtool --template /etc/ocserv/pki/ca.tmpl \
121 --generate-self-signed --load-privkey /etc/ocserv/ca-key.pem \
122 --outfile /etc/ocserv/ca.pem >/dev/null 2>&1
123 }
124
125 #generate server certificate/key
126 [ ! -f /etc/ocserv/server-key.pem ] && [ -x /usr/bin/certtool ] && {
127 logger -t ocserv "Generating server certificate..."
128 mkdir -p /etc/ocserv/pki/
129 certtool --bits 2048 --generate-privkey --outfile /etc/ocserv/server-key.pem >/dev/null 2>&1
130 echo "cn=$hostname" >/etc/ocserv/pki/server.tmpl
131 echo "serial=2" >>/etc/ocserv/pki/server.tmpl
132 echo "expiration_days=-1" >>/etc/ocserv/pki/server.tmpl
133 echo "signing_key" >>/etc/ocserv/pki/server.tmpl
134 echo "encryption_key" >>/etc/ocserv/pki/server.tmpl
135 certtool --template /etc/ocserv/pki/server.tmpl \
136 --generate-certificate --load-privkey /etc/ocserv/server-key.pem \
137 --load-ca-certificate /etc/ocserv/ca.pem --load-ca-privkey \
138 /etc/ocserv/ca-key.pem --outfile /etc/ocserv/server-cert.pem >/dev/null 2>&1
139 }
140
141 [ -f /var/run/ocserv.pid ] || {
142 touch /var/run/ocserv.pid
143 chown ocserv:ocserv /var/run/ocserv.pid
144 }
145 [ -d /var/lib/ocserv ] || {
146 mkdir -m 0755 -p /var/lib/ocserv
147 chmod 0700 /var/lib/ocserv
148 chown ocserv:ocserv /var/lib/ocserv
149 }
150
151 config_load "ocserv"
152
153 rm -f /var/etc/ocserv.conf
154 touch /var/etc/ocserv.conf
155 setup_config config
156 config_foreach setup_routes routes
157 config_foreach setup_dns dns
158
159 rm -f /var/etc/ocpasswd
160 touch /var/etc/ocpasswd
161 chmod 600 /var/etc/ocpasswd
162 config_foreach setup_users ocservusers
163
164 procd_open_instance
165 procd_set_param command /usr/sbin/ocserv -f -c /var/etc/ocserv.conf
166 procd_set_param respawn
167 procd_close_instance
168 }
Mirror of packages feed