You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

184 lines
5.6 KiB

11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
11 years ago
  1. #!/bin/sh /etc/rc.common
  2. SERVICE_USE_PID=1
  3. START=50
  4. setup_config() {
  5. config_get port $1 port "4443"
  6. config_get max_clients $1 max_clients "8"
  7. config_get max_same $1 max_same "2"
  8. config_get dpd $1 dpd "120"
  9. config_get predictable_ips $1 predictable_ips "1"
  10. config_get compression $1 compression "0"
  11. config_get udp $1 udp "1"
  12. config_get auth $1 auth "plain"
  13. config_get cisco_compat $1 cisco_compat "1"
  14. config_get ipaddr $1 ipaddr "192.168.100.0"
  15. config_get netmask $1 netmask "255.255.255.0"
  16. config_get ip6addr $1 ip6addr ""
  17. config_get default_domain $1 default_domain ""
  18. enable_default_domain="#"
  19. enable_udp="#"
  20. enable_compression="#"
  21. test $predictable_ips = "0" && predictable_ips="false"
  22. test $predictable_ips = "1" && predictable_ips="true"
  23. test $cisco_compat = "0" && cisco_compat="false"
  24. test $cisco_compat = "1" && cisco_compat="true"
  25. test $udp = "1" && enable_udp=""
  26. test $compression = "1" && enable_compression=""
  27. test -z $default_domain && enable_default_domain=""
  28. test -z $ip6addr && enable_ipv6="#"
  29. ipv6_addr=`echo $ip6addr|cut -d '/' -f 1`
  30. ipv6_prefix=`echo $ip6addr|cut -d '/' -f 2`
  31. test $auth = "plain" && authsuffix="\[passwd=/var/etc/ocpasswd\]"
  32. dyndns="false"
  33. hostname=`uci show ddns 2>/dev/null|grep domain|head -1|cut -d '=' -f 2`
  34. [ -n "$hostname" ] && dyndns="true"
  35. mkdir -p /var/etc
  36. sed -e "s/|PORT|/$port/g" \
  37. -e "s/|MAX_CLIENTS|/$max_clients/g" \
  38. -e "s/|MAX_SAME|/$max_same/g" \
  39. -e "s/|DPD|/$dpd/g" \
  40. -e "s#|AUTH|#$auth$authsuffix#g" \
  41. -e "s#|DYNDNS|#$dyndns#g" \
  42. -e "s/|PREDICTABLE_IPS|/$predictable_ips/g" \
  43. -e "s/|DEFAULT_DOMAIN|/$default_domain/g" \
  44. -e "s/|ENABLE_DEFAULT_DOMAIN|/$enable_default_domain/g" \
  45. -e "s/|CISCO_COMPAT|/$cisco_compat/g" \
  46. -e "s/|UDP|/$enable_udp/g" \
  47. -e "s/|COMPRESSION|/$enable_compression/g" \
  48. -e "s/|IPV4ADDR|/$ipaddr/g" \
  49. -e "s/|NETMASK|/$netmask/g" \
  50. -e "s/|IPV6ADDR|/$ipv6_addr/g" \
  51. -e "s/|IPV6PREFIX|/$ipv6_prefix/g" \
  52. -e "s/|ENABLE_IPV6|/$enable_ipv6/g" \
  53. /etc/ocserv/ocserv.conf.template > /var/etc/ocserv.conf
  54. }
  55. setup_users() {
  56. local name
  57. local group
  58. local password
  59. config_get name $1 name
  60. config_get group $1 group '*'
  61. config_get password $1 password
  62. [ -z "$name" -o -z "$password" ] && return
  63. echo "$name:$group:$password" >> /var/etc/ocpasswd
  64. }
  65. setup_routes() {
  66. local routes
  67. config_get ip $1 ip
  68. config_get netmask $1 netmask
  69. [ -z "$ip" -o -z "$netmask" ] && return
  70. echo "route = $ip/$netmask" >> /var/etc/ocserv.conf
  71. }
  72. setup_dns() {
  73. local routes
  74. config_get ip $1 ip
  75. [ -z "$ip" ] && return
  76. echo "dns = $ip" >> /var/etc/ocserv.conf
  77. }
  78. start() {
  79. local hostname iface
  80. hostname=`uci show ddns 2>/dev/null|grep domain|head -1|cut -d '=' -f 2`
  81. [ -z "$hostname" ] && hostname=`uci get system.@system[0].hostname 2>/dev/null`
  82. [ -f /etc/config/ocserv-dir/ca-key.pem ] && mv /etc/config/ocserv-dir/ca-key.pem /etc/ocserv/ca-key.pem
  83. [ -f /etc/config/ocserv-dir/ca.pem ] && mv /etc/config/ocserv-dir/ca.pem /etc/ocserv/ca.pem
  84. [ -f /etc/config/ocserv-dir/server-key.pem ] && mv /etc/config/ocserv-dir/server-key.pem /etc/ocserv/server-key.pem
  85. [ -f /etc/config/ocserv-dir/server-cert.pem ] && mv /etc/config/ocserv-dir/server-cert.pem /etc/ocserv/server-cert.pem
  86. [ -d /etc/config/ocserv-dir ] && rmdir /etc/config/ocserv-dir
  87. [ ! -f /etc/ocserv/ca-key.pem ] && [ -x /usr/bin/certtool ] && {
  88. logger -t ocserv "Generating CA certificate..."
  89. mkdir -p /etc/ocserv/pki/
  90. certtool --bits 2048 --generate-privkey --outfile /etc/ocserv/ca-key.pem >/dev/null 2>&1
  91. echo "cn=$hostname CA" >/etc/ocserv/pki/ca.tmpl
  92. echo "expiration_days=-1" >>/etc/ocserv/pki/ca.tmpl
  93. echo "serial=1" >>/etc/ocserv/pki/ca.tmpl
  94. echo "ca" >>/etc/ocserv/pki/ca.tmpl
  95. echo "cert_signing_key" >>/etc/ocserv/pki/ca.tmpl
  96. certtool --template /etc/ocserv/pki/ca.tmpl \
  97. --generate-self-signed --load-privkey /etc/ocserv/ca-key.pem \
  98. --outfile /etc/ocserv/ca.pem >/dev/null 2>&1
  99. }
  100. #generate server certificate/key
  101. [ ! -f /etc/ocserv/server-key.pem ] && [ -x /usr/bin/certtool ] && {
  102. logger -t ocserv "Generating server certificate..."
  103. mkdir -p /etc/ocserv/pki/
  104. certtool --bits 2048 --generate-privkey --outfile /etc/ocserv/server-key.pem >/dev/null 2>&1
  105. echo "cn=$hostname" >/etc/ocserv/pki/server.tmpl
  106. echo "serial=2" >>/etc/ocserv/pki/server.tmpl
  107. echo "expiration_days=-1" >>/etc/ocserv/pki/server.tmpl
  108. echo "signing_key" >>/etc/ocserv/pki/server.tmpl
  109. echo "encryption_key" >>/etc/ocserv/pki/server.tmpl
  110. certtool --template /etc/ocserv/pki/server.tmpl \
  111. --generate-certificate --load-privkey /etc/ocserv/server-key.pem \
  112. --load-ca-certificate /etc/ocserv/ca.pem --load-ca-privkey \
  113. /etc/ocserv/ca-key.pem --outfile /etc/ocserv/server-cert.pem >/dev/null 2>&1
  114. }
  115. [ -f /var/run/ocserv.pid ] || {
  116. touch /var/run/ocserv.pid
  117. chown ocserv:ocserv /var/run/ocserv.pid
  118. }
  119. [ -d /var/lib/ocserv ] || {
  120. mkdir -m 0755 -p /var/lib/ocserv
  121. chmod 0700 /var/lib/ocserv
  122. chown ocserv:ocserv /var/lib/ocserv
  123. }
  124. config_load "ocserv"
  125. rm -f /var/etc/ocserv.conf
  126. touch /var/etc/ocserv.conf
  127. setup_config config
  128. config_foreach setup_routes routes
  129. config_foreach setup_dns dns
  130. rm -f /var/etc/ocpasswd
  131. touch /var/etc/ocpasswd
  132. chmod 600 /var/etc/ocpasswd
  133. config_foreach setup_users ocservusers
  134. service_start /usr/sbin/ocserv -c /var/etc/ocserv.conf
  135. }
  136. stop() {
  137. service_stop /usr/sbin/ocserv
  138. }
  139. reload() {
  140. rm -f /var/etc/ocpasswd
  141. touch /var/etc/ocpasswd
  142. chmod 600 /var/etc/ocpasswd
  143. config_foreach setup_users ocservusers
  144. /usr/bin/occtl show status >/dev/null 2>&1
  145. if test $? != 0;then
  146. start
  147. else
  148. /usr/bin/occtl reload
  149. fi
  150. }