1 #!/bin/sh /etc/rc.common
8 config_get port
$1 port
"4443"
9 config_get max_clients
$1 max_clients
"8"
10 config_get max_same
$1 max_same
"2"
11 config_get dpd
$1 dpd
"120"
12 config_get predictable_ips
$1 predictable_ips
"1"
13 config_get udp
$1 udp
"1"
14 config_get auth
$1 auth
"plain"
15 config_get cisco_compat
$1 cisco_compat
"1"
16 config_get ipaddr
$1 ipaddr
"192.168.100.0"
17 config_get netmask
$1 netmask
"255.255.255.0"
18 config_get ip6addr
$1 ip6addr
""
19 config_get default_domain
$1 default_domain
""
21 enable_default_domain
="#"
23 test $predictable_ips = "0" && predictable_ips
="false"
24 test $predictable_ips = "1" && predictable_ips
="true"
25 test $cisco_compat = "0" && cisco_compat
="false"
26 test $cisco_compat = "1" && cisco_compat
="true"
27 test $udp = "1" && enable_udp
=""
28 test -z $default_domain && enable_default_domain
=""
29 test -z $ip6addr && enable_ipv6
="#"
31 ipv6_addr
=`echo $ip6addr|cut -d '/' -f 1`
32 ipv6_prefix
=`echo $ip6addr|cut -d '/' -f 2`
34 test $auth = "plain" && authsuffix
="\[/var/etc/ocpasswd\]"
37 hostname
=`uci show ddns|grep domain|head -1|cut -d '=' -f 2 2>/dev/null`
38 [ -n "$hostname" ] && dyndns
="true"
41 sed -e "s/|PORT|/$port/g" \
42 -e "s/|MAX_CLIENTS|/$max_clients/g" \
43 -e "s/|MAX_SAME|/$max_same/g" \
45 -e "s#|AUTH|#$auth$authsuffix#g" \
46 -e "s#|DYNDNS|#$dyndns#g" \
47 -e "s/|PREDICTABLE_IPS|/$predictable_ips/g" \
48 -e "s/|DEFAULT_DOMAIN|/$default_domain/g" \
49 -e "s/|ENABLE_DEFAULT_DOMAIN|/$enable_default_domain/g" \
50 -e "s/|CISCO_COMPAT|/$cisco_compat/g" \
51 -e "s/|UDP|/$enable_udp/g" \
52 -e "s/|IPV4ADDR|/$ipaddr/g" \
53 -e "s/|NETMASK|/$netmask/g" \
54 -e "s/|IPV6ADDR|/$ipv6_addr/g" \
55 -e "s/|IPV6PREFIX|/$ipv6_prefix/g" \
56 -e "s/|ENABLE_IPV6|/$enable_ipv6/g" \
57 /etc
/ocserv
/ocserv.conf.template
> /var
/etc
/ocserv.conf
65 config_get name
$1 name
66 config_get group
$1 group
67 config_get password
$1 password
69 [ -z "$group" ] && group
='*'
70 [ -z "$name" -o -z "$password" ] && return
72 echo "$name:$group:$password" >> /var
/etc
/ocpasswd
79 config_get netmask
$1 netmask
81 [ -z "$ip" -o -z "$netmask" ] && return
83 echo "route = $ip/$netmask" >> /var
/etc
/ocserv.conf
91 [ -z "$ip" ] && return
93 echo "dns = $ip" >> /var
/etc
/ocserv.conf
99 hostname
=`uci show ddns|grep domain|head -1|cut -d '=' -f 2 2>/dev/null`
100 [ -z "$hostname" ] && hostname
=`uci get system.@system[0].hostname 2>/dev/null`
102 [ -f /etc
/config
/ocserv-dir
/ca-key.pem
] && mv /etc
/config
/ocserv-dir
/ca-key.pem
/etc
/ocserv
/ca-key.pem
103 [ -f /etc
/config
/ocserv-dir
/ca.pem
] && mv /etc
/config
/ocserv-dir
/ca.pem
/etc
/ocserv
/ca.pem
104 [ -f /etc
/config
/ocserv-dir
/server-key.pem
] && mv /etc
/config
/ocserv-dir
/server-key.pem
/etc
/ocserv
/server-key.pem
105 [ -f /etc
/config
/ocserv-dir
/server-cert.pem
] && mv /etc
/config
/ocserv-dir
/server-cert.pem
/etc
/ocserv
/server-cert.pem
106 [ -d /etc
/config
/ocserv-dir
] && rmdir /etc
/config
/ocserv-dir
108 [ ! -f /etc
/ocserv
/ca-key.pem
] && [ -x /usr
/bin
/certtool
] && {
109 logger
-t ocserv
"Generating CA certificate..."
110 mkdir
-p /etc
/ocserv
/pki
/
111 certtool
--bits 2048 --generate-privkey --outfile /etc
/ocserv
/ca-key.pem
>/dev
/null
2>&1
112 echo "cn=$hostname CA" >/etc
/ocserv
/pki
/ca.tmpl
113 echo "expiration_days=-1" >>/etc
/ocserv
/pki
/ca.tmpl
114 echo "serial=1" >>/etc
/ocserv
/pki
/ca.tmpl
115 echo "ca" >>/etc
/ocserv
/pki
/ca.tmpl
116 echo "cert_signing_key" >>/etc
/ocserv
/pki
/ca.tmpl
118 certtool
--template /etc
/ocserv
/pki
/ca.tmpl \
119 --generate-self-signed --load-privkey /etc
/ocserv
/ca-key.pem \
120 --outfile /etc
/ocserv
/ca.pem
>/dev
/null
2>&1
123 #generate server certificate/key
124 [ ! -f /etc
/ocserv
/server-key.pem
] && [ -x /usr
/bin
/certtool
] && {
125 logger
-t ocserv
"Generating server certificate..."
126 mkdir
-p /etc
/ocserv
/pki
/
127 certtool
--bits 2048 --generate-privkey --outfile /etc
/ocserv
/server-key.pem
>/dev
/null
2>&1
128 echo "cn=$hostname" >/etc
/ocserv
/pki
/server.tmpl
129 echo "serial=2" >>/etc
/ocserv
/pki
/server.tmpl
130 echo "expiration_days=-1" >>/etc
/ocserv
/pki
/server.tmpl
131 echo "signing_key" >>/etc
/ocserv
/pki
/server.tmpl
132 echo "encryption_key" >>/etc
/ocserv
/pki
/server.tmpl
133 certtool
--template /etc
/ocserv
/pki
/server.tmpl \
134 --generate-certificate --load-privkey /etc
/ocserv
/server-key.pem \
135 --load-ca-certificate /etc
/ocserv
/ca.pem
--load-ca-privkey \
136 /etc
/ocserv
/ca-key.pem
--outfile /etc
/ocserv
/server-cert.pem
>/dev
/null
2>&1
139 [ -f /var
/run
/ocserv.pid
] ||
{
140 touch /var
/run
/ocserv.pid
141 chown ocserv
:ocserv
/var
/run
/ocserv.pid
143 [ -d /var
/lib
/ocserv
] ||
{
144 mkdir
-m 0755 -p /var
/lib
/ocserv
145 chmod 0700 /var
/lib
/ocserv
146 chown ocserv
:ocserv
/var
/lib
/ocserv
151 rm -f /var
/etc
/ocserv.conf
152 touch /var
/etc
/ocserv.conf
154 config_foreach setup_routes routes
155 config_foreach setup_dns dns
157 rm -f /var
/etc
/ocpasswd
158 touch /var
/etc
/ocpasswd
159 chmod 600 /var
/etc
/ocpasswd
160 config_foreach setup_users ocservusers
162 service_start
/usr
/sbin
/ocserv
-c /var
/etc
/ocserv.conf
166 service_stop
/usr
/sbin
/ocserv
170 rm -f /var
/etc
/ocpasswd
171 touch /var
/etc
/ocpasswd
172 chmod 600 /var
/etc
/ocpasswd
173 config_foreach setup_users ocservusers
175 /usr
/bin
/occtl show status
>/dev
/null
2>&1
179 /usr
/bin
/occtl reload