projects / feed / packages.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ocserv: use ocserv.upgrade to save configured files
[feed/packages.git] / net / ocserv / files / ocserv.init
1 #!/bin/sh /etc/rc.common
2
3 SERVICE_USE_PID=1
4
5 START=50
6
7 setup_config() {
8 config_get port $1 port "4443"
9 config_get max_clients $1 max_clients "8"
10 config_get max_same $1 max_same "2"
11 config_get dpd $1 dpd "120"
12 config_get predictable_ips $1 predictable_ips "1"
13 config_get udp $1 udp "1"
14 config_get auth $1 auth "plain"
15 config_get cisco_compat $1 cisco_compat "1"
16 config_get ipaddr $1 ipaddr "192.168.100.0"
17 config_get netmask $1 netmask "255.255.255.0"
18 config_get ip6addr $1 ip6addr ""
19 config_get default_domain $1 default_domain ""
20
21 enable_default_domain="#"
22 enable_udp="#"
23 test $predictable_ips = "0" && predictable_ips="false"
24 test $predictable_ips = "1" && predictable_ips="true"
25 test $cisco_compat = "0" && cisco_compat="false"
26 test $cisco_compat = "1" && cisco_compat="true"
27 test $udp = "1" && enable_udp=""
28 test -z $default_domain && enable_default_domain=""
29 test -z $ip6addr && enable_ipv6="#"
30
31 ipv6_addr=`echo $ip6addr|cut -d '/' -f 1`
32 ipv6_prefix=`echo $ip6addr|cut -d '/' -f 2`
33
34 test $auth = "plain" && authsuffix="\[/var/etc/ocpasswd\]"
35
36 dyndns="false"
37 hostname=`uci show ddns|grep domain|head -1|cut -d '=' -f 2 2>/dev/null`
38 [ -n "$hostname" ] && dyndns="true"
39
40 mkdir -p /var/etc
41 sed -e "s/|PORT|/$port/g" \
42 -e "s/|MAX_CLIENTS|/$max_clients/g" \
43 -e "s/|MAX_SAME|/$max_same/g" \
44 -e "s/|DPD|/$dpd/g" \
45 -e "s#|AUTH|#$auth$authsuffix#g" \
46 -e "s#|DYNDNS|#$dyndns#g" \
47 -e "s/|PREDICTABLE_IPS|/$predictable_ips/g" \
48 -e "s/|DEFAULT_DOMAIN|/$default_domain/g" \
49 -e "s/|ENABLE_DEFAULT_DOMAIN|/$enable_default_domain/g" \
50 -e "s/|CISCO_COMPAT|/$cisco_compat/g" \
51 -e "s/|UDP|/$enable_udp/g" \
52 -e "s/|IPV4ADDR|/$ipaddr/g" \
53 -e "s/|NETMASK|/$netmask/g" \
54 -e "s/|IPV6ADDR|/$ipv6_addr/g" \
55 -e "s/|IPV6PREFIX|/$ipv6_prefix/g" \
56 -e "s/|ENABLE_IPV6|/$enable_ipv6/g" \
57 /etc/ocserv/ocserv.conf.template > /var/etc/ocserv.conf
58 }
59
60 setup_users() {
61 local name
62 local group
63 local password
64
65 config_get name $1 name
66 config_get group $1 group
67 config_get password $1 password
68
69 [ -z "$group" ] && group='*'
70 [ -z "$name" -o -z "$password" ] && return
71
72 echo "$name:$group:$password" >> /var/etc/ocpasswd
73 }
74
75 setup_routes() {
76 local routes
77
78 config_get ip $1 ip
79 config_get netmask $1 netmask
80
81 [ -z "$ip" -o -z "$netmask" ] && return
82
83 echo "route = $ip/$netmask" >> /var/etc/ocserv.conf
84 }
85
86 setup_dns() {
87 local routes
88
89 config_get ip $1 ip
90
91 [ -z "$ip" ] && return
92
93 echo "dns = $ip" >> /var/etc/ocserv.conf
94 }
95
96 start() {
97 local hostname iface
98
99 hostname=`uci show ddns|grep domain|head -1|cut -d '=' -f 2 2>/dev/null`
100 [ -z "$hostname" ] && hostname=`uci get system.@system[0].hostname 2>/dev/null`
101
102 [ -f /etc/config/ocserv-dir/ca-key.pem ] && mv /etc/config/ocserv-dir/ca-key.pem /etc/ocserv/ca-key.pem
103 [ -f /etc/config/ocserv-dir/ca.pem ] && mv /etc/config/ocserv-dir/ca.pem /etc/ocserv/ca.pem
104 [ -f /etc/config/ocserv-dir/server-key.pem ] && mv /etc/config/ocserv-dir/server-key.pem /etc/ocserv/server-key.pem
105 [ -f /etc/config/ocserv-dir/server-cert.pem ] && mv /etc/config/ocserv-dir/server-cert.pem /etc/ocserv/server-cert.pem
106 [ -d /etc/config/ocserv-dir ] && rmdir /etc/config/ocserv-dir
107
108 [ ! -f /etc/ocserv/ca-key.pem ] && [ -x /usr/bin/certtool ] && {
109 logger -t ocserv "Generating CA certificate..."
110 mkdir -p /etc/ocserv/pki/
111 certtool --bits 2048 --generate-privkey --outfile /etc/ocserv/ca-key.pem >/dev/null 2>&1
112 echo "cn=$hostname CA" >/etc/ocserv/pki/ca.tmpl
113 echo "expiration_days=-1" >>/etc/ocserv/pki/ca.tmpl
114 echo "serial=1" >>/etc/ocserv/pki/ca.tmpl
115 echo "ca" >>/etc/ocserv/pki/ca.tmpl
116 echo "cert_signing_key" >>/etc/ocserv/pki/ca.tmpl
117
118 certtool --template /etc/ocserv/pki/ca.tmpl \
119 --generate-self-signed --load-privkey /etc/ocserv/ca-key.pem \
120 --outfile /etc/ocserv/ca.pem >/dev/null 2>&1
121 }
122
123 #generate server certificate/key
124 [ ! -f /etc/ocserv/server-key.pem ] && [ -x /usr/bin/certtool ] && {
125 logger -t ocserv "Generating server certificate..."
126 mkdir -p /etc/ocserv/pki/
127 certtool --bits 2048 --generate-privkey --outfile /etc/ocserv/server-key.pem >/dev/null 2>&1
128 echo "cn=$hostname" >/etc/ocserv/pki/server.tmpl
129 echo "serial=2" >>/etc/ocserv/pki/server.tmpl
130 echo "expiration_days=-1" >>/etc/ocserv/pki/server.tmpl
131 echo "signing_key" >>/etc/ocserv/pki/server.tmpl
132 echo "encryption_key" >>/etc/ocserv/pki/server.tmpl
133 certtool --template /etc/ocserv/pki/server.tmpl \
134 --generate-certificate --load-privkey /etc/ocserv/server-key.pem \
135 --load-ca-certificate /etc/ocserv/ca.pem --load-ca-privkey \
136 /etc/ocserv/ca-key.pem --outfile /etc/ocserv/server-cert.pem >/dev/null 2>&1
137 }
138
139 [ -f /var/run/ocserv.pid ] || {
140 touch /var/run/ocserv.pid
141 chown ocserv:ocserv /var/run/ocserv.pid
142 }
143 [ -d /var/lib/ocserv ] || {
144 mkdir -m 0755 -p /var/lib/ocserv
145 chmod 0700 /var/lib/ocserv
146 chown ocserv:ocserv /var/lib/ocserv
147 }
148
149 config_load "ocserv"
150
151 rm -f /var/etc/ocserv.conf
152 touch /var/etc/ocserv.conf
153 setup_config config
154 config_foreach setup_routes routes
155 config_foreach setup_dns dns
156
157 rm -f /var/etc/ocpasswd
158 touch /var/etc/ocpasswd
159 chmod 600 /var/etc/ocpasswd
160 config_foreach setup_users ocservusers
161
162 service_start /usr/sbin/ocserv -c /var/etc/ocserv.conf
163 }
164
165 stop() {
166 service_stop /usr/sbin/ocserv
167 }
168
169 reload() {
170 rm -f /var/etc/ocpasswd
171 touch /var/etc/ocpasswd
172 chmod 600 /var/etc/ocpasswd
173 config_foreach setup_users ocservusers
174
175 /usr/bin/occtl show status >/dev/null 2>&1
176 if test $? != 0;then
177 start
178 else
179 /usr/bin/occtl reload
180 fi
181 }
Mirror of packages feed