LILiK
/
openwrt-packages-dist

#!/bin/sh /etc/rc.common
SERVICE_USE_PID=1
START=50
setup_config() {	config_get port         $1 port "4443"	config_get max_clients  $1 max_clients "8"	config_get max_same     $1 max_same "2"	config_get dpd          $1 dpd "120"	config_get predictable_ips  $1 predictable_ips "1"	config_get udp          $1 udp "1"	config_get auth         $1 auth "plain"	config_get cisco_compat $1 cisco_compat "1"	config_get ipaddr       $1 ipaddr "192.168.100.0"	config_get netmask      $1 netmask "255.255.255.0"	config_get ip6addr      $1 ip6addr ""
	test $predictable_ips = "0" && predictable_ips="false"	test $predictable_ips = "1" && predictable_ips="true"	test $cisco_compat = "0" && cisco_compat="false"	test $cisco_compat = "1" && cisco_compat="true"	test $udp = "0" && udp="#"	test $udp = "1" && udp=""	test -z $ip6addr && enable_ipv6="#"
	ipv6_addr=`echo $ip6addr|cut -d '/' -f 1`	ipv6_prefix=`echo $ip6addr|cut -d '/' -f 2`
	test $auth = "plain" && authsuffix="\[/var/etc/ocpasswd\]"
	dyndns="false"	hostname=`uci show ddns|grep domain|head -1|cut -d '=' -f 2`	[ -n "$hostname" ] && dyndns="true"
	mkdir -p /var/etc	sed -e "s/|PORT|/$port/g" \	    -e "s/|MAX_CLIENTS|/$max_clients/g" \	    -e "s/|MAX_SAME|/$max_same/g" \	    -e "s/|DPD|/$dpd/g" \	    -e "s#|AUTH|#$auth$authsuffix#g" \	    -e "s#|DYNDNS|#$dyndns#g" \	    -e "s/|PREDICTABLE_IPS|/$predictable_ips/g" \	    -e "s/|CISCO_COMPAT|/$cisco_compat/g" \	    -e "s/|UDP|/$udp/g" \	    -e "s/|IPV4ADDR|/$ipaddr/g" \	    -e "s/|NETMASK|/$netmask/g" \	    -e "s/|IPV6ADDR|/$ipv6_addr/g" \	    -e "s/|IPV6PREFIX|/$ipv6_prefix/g" \	    -e "s/|ENABLE_IPV6|/$enable_ipv6/g" \	    /etc/ocserv/ocserv.conf.template > /var/etc/ocserv.conf}
setup_users() {	local name	local group	local password
	config_get name $1 name	config_get group $1 group	config_get password $1 password
	[ -z "$group" ] && group='*'	[ -z "$name" -o -z "$password" ] && return
	echo "$name:$group:$password" >> /var/etc/ocpasswd}
setup_routes() {	local routes
	config_get ip $1 ip	config_get netmask $1 netmask
	[ -z "$ip" -o -z "$netmask" ] && return
	echo "route = $ip/$netmask" >> /var/etc/ocserv.conf}
setup_dns() {	local routes
	config_get ip $1 ip
	[ -z "$ip" ] && return
	echo "dns = $ip" >> /var/etc/ocserv.conf}
start() {	local hostname iface
	hostname=`uci show ddns|grep domain|head -1|cut -d '=' -f 2`	[ -z "$hostname" ] && hostname=`uci get system.@system[0].hostname`
	[ -d /etc/config/ocserv-dir ] || mkdir -p /etc/config/ocserv-dir	[ -f /etc/ocserv/ca-key.pem ] && mv /etc/ocserv/ca-key.pem /etc/config/ocserv-dir/ca-key.pem	[ -f /etc/ocserv/ca.pem ] && mv /etc/ocserv/ca.pem /etc/config/ocserv-dir/ca.pem	[ -f /etc/ocserv/server-key.pem ] && mv /etc/ocserv/server-key.pem /etc/config/ocserv-dir/server-key.pem	[ -f /etc/ocserv/server-cert.pem ] && mv /etc/ocserv/server-cert.pem /etc/config/ocserv-dir/server-cert.pem
	[ ! -f /etc/config/ocserv-dir/ca-key.pem ] && [ -x /usr/bin/certtool ] && {		logger -t ocserv "Generating CA certificate..."		mkdir -p /tmp/ocserv-pki/		certtool --bits 2048 --generate-privkey --outfile /etc/config/ocserv-dir/ca-key.pem >/dev/null 2>&1		echo "cn=$hostname CA" >/tmp/ocserv-pki/ca.tmpl		echo "expiration_days=-1" >>/tmp/ocserv-pki/ca.tmpl		echo "serial=1" >>/tmp/ocserv-pki/ca.tmpl		echo "ca" >>/tmp/ocserv-pki/ca.tmpl		echo "cert_signing_key" >>/tmp/ocserv-pki/ca.tmpl
		certtool --template /tmp/ocserv-pki/ca.tmpl \			--generate-self-signed --load-privkey /etc/config/ocserv-dir/ca-key.pem \			--outfile /etc/config/ocserv-dir/ca.pem >/dev/null 2>&1	}
	#generate server certificate/key	[ ! -f /etc/config/ocserv-dir/server-key.pem ] && [ -x /usr/bin/certtool ] && {		logger -t ocserv "Generating server certificate..."		mkdir -p /tmp/ocserv-pki/		certtool --bits 2048 --generate-privkey --outfile /etc/config/ocserv-dir/server-key.pem >/dev/null 2>&1		echo "cn=$hostname" >/tmp/ocserv-pki/server.tmpl		echo "serial=2" >>/tmp/ocserv-pki/server.tmpl		echo "expiration_days=-1" >>/tmp/ocserv-pki/server.tmpl		echo "signing_key" >>/tmp/ocserv-pki/server.tmpl		echo "encryption_key" >>/tmp/ocserv-pki/server.tmpl		certtool --template /tmp/ocserv-pki/server.tmpl \			--generate-certificate --load-privkey /etc/config/ocserv-dir/server-key.pem \			--load-ca-certificate /etc/config/ocserv-dir/ca.pem --load-ca-privkey \			/etc/config/ocserv-dir/ca-key.pem --outfile /etc/config/ocserv-dir/server-cert.pem >/dev/null 2>&1	}
	[ -f /var/run/ocserv.pid ] || {		touch /var/run/ocserv.pid		chown ocserv:ocserv /var/run/ocserv.pid	}	[ -d /var/lib/ocserv ] || {		mkdir -m 0755 -p /var/lib/ocserv		chmod 0700 /var/lib/ocserv		chown ocserv:ocserv /var/lib/ocserv	}
	config_load "ocserv"
	rm -f /var/etc/ocserv.conf	touch /var/etc/ocserv.conf	setup_config config	config_foreach setup_routes routes	config_foreach setup_dns dns
	rm -f /var/etc/ocpasswd	touch /var/etc/ocpasswd	chmod 600 /var/etc/ocpasswd	config_foreach setup_users ocservusers
	service_start /usr/sbin/ocserv -c /var/etc/ocserv.conf}
stop() {	service_stop /usr/sbin/ocserv}       reload() {	rm -f /var/etc/ocpasswd	touch /var/etc/ocpasswd	chmod 600 /var/etc/ocpasswd	config_foreach setup_users ocservusers
	/usr/bin/occtl show status >/dev/null 2>&1	if test $? != 0;then		start	else		/usr/bin/occtl reload	fi}