You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

185 lines
5.6 KiB

11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
  1. #!/bin/sh /etc/rc.common
  2. SERVICE_USE_PID=1
  3. START=50
  4. setup_config() {
  5. config_get port $1 port "4443"
  6. config_get max_clients $1 max_clients "8"
  7. config_get max_same $1 max_same "2"
  8. config_get dpd $1 dpd "120"
  9. config_get predictable_ips $1 predictable_ips "1"
  10. config_get compression $1 compression "0"
  11. config_get udp $1 udp "1"
  12. config_get auth $1 auth "plain"
  13. config_get cisco_compat $1 cisco_compat "1"
  14. config_get ipaddr $1 ipaddr "192.168.100.0"
  15. config_get netmask $1 netmask "255.255.255.0"
  16. config_get ip6addr $1 ip6addr ""
  17. config_get default_domain $1 default_domain ""
  18. enable_default_domain="#"
  19. enable_udp="#"
  20. enable_compression="#"
  21. test $predictable_ips = "0" && predictable_ips="false"
  22. test $predictable_ips = "1" && predictable_ips="true"
  23. test $cisco_compat = "0" && cisco_compat="false"
  24. test $cisco_compat = "1" && cisco_compat="true"
  25. test $udp = "1" && enable_udp=""
  26. test $compression = "1" && enable_compression=""
  27. test -z $default_domain && enable_default_domain=""
  28. test -z $ip6addr && enable_ipv6="#"
  29. ipv6_addr=`echo $ip6addr|cut -d '/' -f 1`
  30. ipv6_prefix=`echo $ip6addr|cut -d '/' -f 2`
  31. test $auth = "plain" && authsuffix="\[passwd=/var/etc/ocpasswd\]"
  32. dyndns="false"
  33. hostname=`uci show ddns|grep domain|head -1|cut -d '=' -f 2 2>/dev/null`
  34. [ -n "$hostname" ] && dyndns="true"
  35. mkdir -p /var/etc
  36. sed -e "s/|PORT|/$port/g" \
  37. -e "s/|MAX_CLIENTS|/$max_clients/g" \
  38. -e "s/|MAX_SAME|/$max_same/g" \
  39. -e "s/|DPD|/$dpd/g" \
  40. -e "s#|AUTH|#$auth$authsuffix#g" \
  41. -e "s#|DYNDNS|#$dyndns#g" \
  42. -e "s/|PREDICTABLE_IPS|/$predictable_ips/g" \
  43. -e "s/|DEFAULT_DOMAIN|/$default_domain/g" \
  44. -e "s/|ENABLE_DEFAULT_DOMAIN|/$enable_default_domain/g" \
  45. -e "s/|CISCO_COMPAT|/$cisco_compat/g" \
  46. -e "s/|UDP|/$enable_udp/g" \
  47. -e "s/|COMPRESSION|/$enable_compression/g" \
  48. -e "s/|IPV4ADDR|/$ipaddr/g" \
  49. -e "s/|NETMASK|/$netmask/g" \
  50. -e "s/|IPV6ADDR|/$ipv6_addr/g" \
  51. -e "s/|IPV6PREFIX|/$ipv6_prefix/g" \
  52. -e "s/|ENABLE_IPV6|/$enable_ipv6/g" \
  53. /etc/ocserv/ocserv.conf.template > /var/etc/ocserv.conf
  54. }
  55. setup_users() {
  56. local name
  57. local group
  58. local password
  59. config_get name $1 name
  60. config_get group $1 group
  61. config_get password $1 password
  62. [ -z "$group" ] && group='*'
  63. [ -z "$name" -o -z "$password" ] && return
  64. echo "$name:$group:$password" >> /var/etc/ocpasswd
  65. }
  66. setup_routes() {
  67. local routes
  68. config_get ip $1 ip
  69. config_get netmask $1 netmask
  70. [ -z "$ip" -o -z "$netmask" ] && return
  71. echo "route = $ip/$netmask" >> /var/etc/ocserv.conf
  72. }
  73. setup_dns() {
  74. local routes
  75. config_get ip $1 ip
  76. [ -z "$ip" ] && return
  77. echo "dns = $ip" >> /var/etc/ocserv.conf
  78. }
  79. start() {
  80. local hostname iface
  81. hostname=`uci show ddns|grep domain|head -1|cut -d '=' -f 2 2>/dev/null`
  82. [ -z "$hostname" ] && hostname=`uci get system.@system[0].hostname 2>/dev/null`
  83. [ -f /etc/config/ocserv-dir/ca-key.pem ] && mv /etc/config/ocserv-dir/ca-key.pem /etc/ocserv/ca-key.pem
  84. [ -f /etc/config/ocserv-dir/ca.pem ] && mv /etc/config/ocserv-dir/ca.pem /etc/ocserv/ca.pem
  85. [ -f /etc/config/ocserv-dir/server-key.pem ] && mv /etc/config/ocserv-dir/server-key.pem /etc/ocserv/server-key.pem
  86. [ -f /etc/config/ocserv-dir/server-cert.pem ] && mv /etc/config/ocserv-dir/server-cert.pem /etc/ocserv/server-cert.pem
  87. [ -d /etc/config/ocserv-dir ] && rmdir /etc/config/ocserv-dir
  88. [ ! -f /etc/ocserv/ca-key.pem ] && [ -x /usr/bin/certtool ] && {
  89. logger -t ocserv "Generating CA certificate..."
  90. mkdir -p /etc/ocserv/pki/
  91. certtool --bits 2048 --generate-privkey --outfile /etc/ocserv/ca-key.pem >/dev/null 2>&1
  92. echo "cn=$hostname CA" >/etc/ocserv/pki/ca.tmpl
  93. echo "expiration_days=-1" >>/etc/ocserv/pki/ca.tmpl
  94. echo "serial=1" >>/etc/ocserv/pki/ca.tmpl
  95. echo "ca" >>/etc/ocserv/pki/ca.tmpl
  96. echo "cert_signing_key" >>/etc/ocserv/pki/ca.tmpl
  97. certtool --template /etc/ocserv/pki/ca.tmpl \
  98. --generate-self-signed --load-privkey /etc/ocserv/ca-key.pem \
  99. --outfile /etc/ocserv/ca.pem >/dev/null 2>&1
  100. }
  101. #generate server certificate/key
  102. [ ! -f /etc/ocserv/server-key.pem ] && [ -x /usr/bin/certtool ] && {
  103. logger -t ocserv "Generating server certificate..."
  104. mkdir -p /etc/ocserv/pki/
  105. certtool --bits 2048 --generate-privkey --outfile /etc/ocserv/server-key.pem >/dev/null 2>&1
  106. echo "cn=$hostname" >/etc/ocserv/pki/server.tmpl
  107. echo "serial=2" >>/etc/ocserv/pki/server.tmpl
  108. echo "expiration_days=-1" >>/etc/ocserv/pki/server.tmpl
  109. echo "signing_key" >>/etc/ocserv/pki/server.tmpl
  110. echo "encryption_key" >>/etc/ocserv/pki/server.tmpl
  111. certtool --template /etc/ocserv/pki/server.tmpl \
  112. --generate-certificate --load-privkey /etc/ocserv/server-key.pem \
  113. --load-ca-certificate /etc/ocserv/ca.pem --load-ca-privkey \
  114. /etc/ocserv/ca-key.pem --outfile /etc/ocserv/server-cert.pem >/dev/null 2>&1
  115. }
  116. [ -f /var/run/ocserv.pid ] || {
  117. touch /var/run/ocserv.pid
  118. chown ocserv:ocserv /var/run/ocserv.pid
  119. }
  120. [ -d /var/lib/ocserv ] || {
  121. mkdir -m 0755 -p /var/lib/ocserv
  122. chmod 0700 /var/lib/ocserv
  123. chown ocserv:ocserv /var/lib/ocserv
  124. }
  125. config_load "ocserv"
  126. rm -f /var/etc/ocserv.conf
  127. touch /var/etc/ocserv.conf
  128. setup_config config
  129. config_foreach setup_routes routes
  130. config_foreach setup_dns dns
  131. rm -f /var/etc/ocpasswd
  132. touch /var/etc/ocpasswd
  133. chmod 600 /var/etc/ocpasswd
  134. config_foreach setup_users ocservusers
  135. service_start /usr/sbin/ocserv -c /var/etc/ocserv.conf
  136. }
  137. stop() {
  138. service_stop /usr/sbin/ocserv
  139. }
  140. reload() {
  141. rm -f /var/etc/ocpasswd
  142. touch /var/etc/ocpasswd
  143. chmod 600 /var/etc/ocpasswd
  144. config_foreach setup_users ocservusers
  145. /usr/bin/occtl show status >/dev/null 2>&1
  146. if test $? != 0;then
  147. start
  148. else
  149. /usr/bin/occtl reload
  150. fi
  151. }