1 #!/bin/sh /etc/rc.common
6 .
$IPKG_INSTROOT/lib
/functions
/network.sh
9 config_get port
$1 port
"4443"
10 config_get max_clients
$1 max_clients
"8"
11 config_get max_same
$1 max_same
"2"
12 config_get dpd
$1 dpd
"120"
13 config_get predictable_ips
$1 predictable_ips
"1"
14 config_get compression
$1 compression
"0"
15 config_get udp
$1 udp
"1"
16 config_get udp_port
$1 udp_port
""
17 config_get auth
$1 auth
"plain"
18 config_get cisco_compat
$1 cisco_compat
"1"
19 config_get ipaddr
$1 ipaddr
""
20 config_get netmask
$1 netmask
""
21 config_get ip6addr
$1 ip6addr
""
22 config_get proxy_arp
$1 proxy_arp
"0"
23 config_get ping_leases
$1 ping_leases
"0"
24 config_get split_dns
$1 split_dns
"0"
25 config_get default_domain
$1 default_domain
""
27 # Enable proxy arp, and make sure that ping leases is set to true in that case,
28 # to prevent conflicts.
29 if test "$proxy_arp" = 1;then
31 # IP address is empty. Auto-configure LAN + VPN.
32 if test -z "$ipaddr";then
34 mask
=$
(uci get network.lan.netmask
)
35 if test "$mask" = "255.255.255.0";then
36 uci
set dhcp.lan.start
=100
37 uci
set dhcp.lan.limit
=91
39 network_get_ipaddr ip lan
40 ipaddr
="$(echo $ip|cut -d . -f1,2,3).192"
41 netmask
="255.255.255.192"
44 if test -z "$ip6addr";then
45 network_get_ipaddr6 ip6addr lan
47 test -n "$ip6addr" && ip6addr
="$ip6addr/96"
52 if network_get_device ifname lan
; then
53 test -n "$ipaddr" && sysctl
-w "net.ipv4.conf.$ifname.proxy_arp"=1 >/dev
/null
54 test -n "$ip6addr" && sysctl
-w "net.ipv6.conf.$ifname.proxy_ndp"=1 >/dev
/null
57 test -z "$ipaddr" && ipaddr
="192.168.100.0"
58 test -z "$netmask" && netmask
="255.255.255.0"
61 enable_default_domain
="#"
63 enable_compression
="#"
65 test $predictable_ips = "0" && predictable_ips
="false"
66 test $predictable_ips = "1" && predictable_ips
="true"
67 test $cisco_compat = "0" && cisco_compat
="false"
68 test $cisco_compat = "1" && cisco_compat
="true"
69 test $ping_leases = "0" && ping_leases
="false"
70 test $ping_leases = "1" && ping_leases
="true"
71 test $udp = "1" && enable_udp
=""
72 test $split_dns = "1" && enable_split_dns
=""
73 test $compression = "1" && enable_compression
=""
75 test -z $udp_port && udp_port
="$port"
76 test -z $default_domain && default_domain
=$
(uci get dhcp.@dnsmasq
[0].domain
)
77 test -n $default_domain && enable_default_domain
=""
78 test -z $ip6addr && enable_ipv6
="#"
80 test $auth = "plain" && authsuffix
="\[passwd=/var/etc/ocpasswd\]"
83 hostname
=`uci show ddns 2>/dev/null|grep domain|head -1|cut -d '=' -f 2`
84 [ -n "$hostname" ] && dyndns
="true"
87 sed -e "s/|PORT|/$port/g" \
88 -e "s/|UDP_PORT|/$udp_port/g" \
89 -e "s/|MAX_CLIENTS|/$max_clients/g" \
90 -e "s/|MAX_SAME|/$max_same/g" \
92 -e "s#|AUTH|#$auth$authsuffix#g" \
93 -e "s#|DYNDNS|#$dyndns#g" \
94 -e "s/|PREDICTABLE_IPS|/$predictable_ips/g" \
95 -e "s/|DEFAULT_DOMAIN|/$default_domain/g" \
96 -e "s/|ENABLE_DEFAULT_DOMAIN|/$enable_default_domain/g" \
97 -e "s/|ENABLE_SPLIT_DNS|/$enable_split_dns/g" \
98 -e "s/|CISCO_COMPAT|/$cisco_compat/g" \
99 -e "s/|PING_LEASES|/$ping_leases/g" \
100 -e "s/|UDP|/$enable_udp/g" \
101 -e "s/|COMPRESSION|/$enable_compression/g" \
102 -e "s/|IPV4ADDR|/$ipaddr/g" \
103 -e "s/|NETMASK|/$netmask/g" \
104 -e "s#|IPV6ADDR|#$ip6addr#g" \
105 -e "s/|ENABLE_IPV6|/$enable_ipv6/g" \
106 /etc
/ocserv
/ocserv.conf.template
> /var
/etc
/ocserv.conf
108 test -f /etc
/ocserv
/ocserv.conf.
local && cat /etc
/ocserv
/ocserv.conf.
local >> /var
/etc
/ocserv.conf
116 config_get name
$1 name
117 config_get group
$1 group
'*'
118 config_get password
$1 password
120 [ -z "$name" -o -z "$password" ] && return
122 echo "$name:$group:$password" >> /var
/etc
/ocpasswd
129 config_get netmask
$1 netmask
131 [ -z "$ip" -o -z "$netmask" ] && return
133 echo "route = $ip/$netmask" >> /var
/etc
/ocserv.conf
141 [ -z "$ip" ] && return
143 echo "dns = $ip" >> /var
/etc
/ocserv.conf
149 hostname
=`uci show ddns 2>/dev/null|grep domain|head -1|cut -d '=' -f 2`
150 [ -z "$hostname" ] && hostname
=`uci get system.@system[0].hostname 2>/dev/null`
152 [ -f /etc
/config
/ocserv-dir
/ca-key.pem
] && mv /etc
/config
/ocserv-dir
/ca-key.pem
/etc
/ocserv
/ca-key.pem
153 [ -f /etc
/config
/ocserv-dir
/ca.pem
] && mv /etc
/config
/ocserv-dir
/ca.pem
/etc
/ocserv
/ca.pem
154 [ -f /etc
/config
/ocserv-dir
/server-key.pem
] && mv /etc
/config
/ocserv-dir
/server-key.pem
/etc
/ocserv
/server-key.pem
155 [ -f /etc
/config
/ocserv-dir
/server-cert.pem
] && mv /etc
/config
/ocserv-dir
/server-cert.pem
/etc
/ocserv
/server-cert.pem
156 [ -d /etc
/config
/ocserv-dir
] && rmdir /etc
/config
/ocserv-dir
158 [ ! -f /etc
/ocserv
/ca-key.pem
] && [ -x /usr
/bin
/certtool
] && {
159 logger
-t ocserv
"Generating CA certificate..."
160 mkdir
-p /etc
/ocserv
/pki
/
161 certtool
--bits 2048 --generate-privkey --outfile /etc
/ocserv
/ca-key.pem
>/dev
/null
2>&1
162 echo "cn=$hostname CA" >/etc
/ocserv
/pki
/ca.tmpl
163 echo "expiration_days=-1" >>/etc
/ocserv
/pki
/ca.tmpl
164 echo "serial=1" >>/etc
/ocserv
/pki
/ca.tmpl
165 echo "ca" >>/etc
/ocserv
/pki
/ca.tmpl
166 echo "cert_signing_key" >>/etc
/ocserv
/pki
/ca.tmpl
168 certtool
--template /etc
/ocserv
/pki
/ca.tmpl \
169 --generate-self-signed --load-privkey /etc
/ocserv
/ca-key.pem \
170 --outfile /etc
/ocserv
/ca.pem
>/dev
/null
2>&1
173 #generate server certificate/key
174 [ ! -f /etc
/ocserv
/server-key.pem
] && [ -x /usr
/bin
/certtool
] && {
175 logger
-t ocserv
"Generating server certificate..."
176 mkdir
-p /etc
/ocserv
/pki
/
177 certtool
--bits 2048 --generate-privkey --outfile /etc
/ocserv
/server-key.pem
>/dev
/null
2>&1
178 echo "cn=$hostname" >/etc
/ocserv
/pki
/server.tmpl
179 echo "serial=2" >>/etc
/ocserv
/pki
/server.tmpl
180 echo "expiration_days=-1" >>/etc
/ocserv
/pki
/server.tmpl
181 echo "signing_key" >>/etc
/ocserv
/pki
/server.tmpl
182 echo "encryption_key" >>/etc
/ocserv
/pki
/server.tmpl
183 certtool
--template /etc
/ocserv
/pki
/server.tmpl \
184 --generate-certificate --load-privkey /etc
/ocserv
/server-key.pem \
185 --load-ca-certificate /etc
/ocserv
/ca.pem
--load-ca-privkey \
186 /etc
/ocserv
/ca-key.pem
--outfile /etc
/ocserv
/server-cert.pem
>/dev
/null
2>&1
189 [ -f /var
/run
/ocserv.pid
] ||
{
190 touch /var
/run
/ocserv.pid
191 chown ocserv
:ocserv
/var
/run
/ocserv.pid
193 [ -d /var
/lib
/ocserv
] ||
{
194 mkdir
-m 0755 -p /var
/lib
/ocserv
195 chmod 0700 /var
/lib
/ocserv
196 chown ocserv
:ocserv
/var
/lib
/ocserv
201 rm -f /var
/etc
/ocserv.conf
202 touch /var
/etc
/ocserv.conf
204 config_foreach setup_routes routes
205 config_foreach setup_dns dns
207 rm -f /var
/etc
/ocpasswd
208 touch /var
/etc
/ocpasswd
209 chmod 600 /var
/etc
/ocpasswd
210 config_foreach setup_users ocservusers
213 procd_set_param
command /usr
/sbin
/ocserv
-f -c /var
/etc
/ocserv.conf
214 procd_set_param respawn