#!/bin/sh scriptname=$0; scriptname=${scriptname##*/} prefix=${scriptname%%_conf} CCD=/var/tmp/clients_$prefix; . /mod/etc/conf/openvpn.cfg uebergabe=""; wert (){ IFS=$2; local number=$3; local c=0; uebergabe=""; for inhalt in $1; do if [ "$c" -eq "$number" ] ; then uebergabe=$inhalt; fi c=$((c+1)); done unset IFS; } delimiter="#" vars="DEBUG DEBUG_TIME LOCAL MODE REMOTE PORT PROTO TYPE BOX_IP BOX_MASK REMOTE_IP DHCP_RANGE LOCAL_NET REMOTE_NET DHCP_CLIENT MTU AUTH_TYPE CIPHER TLS_AUTH FLOAT KEEPALIVE KEEPALIVE_PING KEEPALIVE_TIMEOUT COMPLZO MAXCLIENTS CLIENT2CLIENT PUSH_DNS PUSH_WINS REDIRECT VERBOSE SHAPER PULL LOGFILE MGMNT CLIENTS_DEFINED CLIENT_INFO CLIENT_IPS CLIENT_NAMES CLIENT_NETS CLIENT_MASKS CONFIG_NAMES UDP_FRAGMENT ADDITIONAL OWN_KEYS NO_CERTTYPE TAP2LAN PARAM_1 PARAM_2 PARAM_3" ; count=1; while [ $count -le $OPENVPN_CONFIG_COUNT ]; do for var in $vars; do tmp="$var"; configvar='OPENVPN_'; eval configvar=\$$configvar$var; IFS=''; wert "$configvar" "$delimiter" "$count"; eval $tmp=\$uebergabe; done if [ "openvpn_$CONFIG_NAMES" == "$prefix" ] || [ "$prefix" == "openvpn" -a $count -eq 1 ] ; then if [ $1 ]; then CONFFILE=$1 else CONFFILE=/mod/etc/${prefix}.conf fi echo "# OpenVPN 2.1 Config, $(date)" > $CONFFILE if [ "$LOCAL" ];then echo "local $LOCAL" >> $CONFFILE fi if [ "$PROTO" == "tcp" ]; then echo "proto tcp-$MODE" >> $CONFFILE else echo "proto udp" >> $CONFFILE fi if [ "$TYPE" == "tap" ]; then echo "dev tap$(( $count -1))" >> $CONFFILE [ "$TAP2LAN" == yes ] && echo "#Helperline for rc.openvpn to add tap$(( $count -1)) to lan bridge" >> $CONFFILE else echo "dev tun" >> $CONFFILE fi if [ "$OWN_KEYS" != "" -a $count -gt 1 ]; then keypath="/tmp/flash/${prefix}/" else keypath="/tmp/flash/" fi if [ "$AUTH_TYPE" == "certs" ]; then echo "ca ${keypath}ca.crt" >> $CONFFILE echo "cert ${keypath}box.crt" >> $CONFFILE echo "key ${keypath}box.key" >> $CONFFILE if [ "$MODE" == "server" ]; then echo "dh ${keypath}dh.pem" >> $CONFFILE if [ -r "${keypath}crl.pem" ]; then echo "crl-verify ${keypath}crl.pem" >> $CONFFILE fi echo "tls-server" >> $CONFFILE if [ "$TLS_AUTH" == "yes" ]; then echo "tls-auth ${keypath}static.key 0" >> $CONFFILE fi else echo "tls-client" >> $CONFFILE [ "yes" != "$NO_CERTTYPE" ] && echo "ns-cert-type server" >> $CONFFILE if [ "$TLS_AUTH" == "yes" ]; then echo "tls-auth ${keypath}static.key 1" >> $CONFFILE fi fi else echo "secret ${keypath}static.key" >> $CONFFILE fi if [ "$MODE" == "server" ]; then echo "port $PORT" >> $CONFFILE if [ "$PUSH_DNS" ]; then echo "push \"dhcp-option DNS $PUSH_DNS\"" >> $CONFFILE fi if [ "$PUSH_WINS" ]; then echo "push \"dhcp-option WINS $PUSH_WINS\"" >> $CONFFILE fi if [ "$REDIRECT" ]; then echo "push \"redirect-gateway\"" >> $CONFFILE fi if [ "$DHCP_RANGE" -a "$AUTH_TYPE" == "certs" ]; then echo "mode server" >> $CONFFILE echo "ifconfig-pool $DHCP_RANGE" >> $CONFFILE if [ "$CLIENT2CLIENT" == "yes" ]; then echo "push \"route ${DHCP_RANGE%.* *}.0 255.255.255.0\"" >> $CONFFILE else echo "push \"route $BOX_IP \"" >> $CONFFILE fi fi if [ "$CLIENT_INFO" == "yes" ] && [ "$AUTH_TYPE" == "certs" ]; then if [ ! -d $CCD ]; then mkdir $CCD else rm $CCD/* fi echo "ifconfig $BOX_IP $BOX_MASK" >> $CONFFILE if [ ! "$DHCP_RANGE" ]; then echo "mode server" >> $CONFFILE fi echo "client-config-dir $CCD" >> $CONFFILE echo "topology subnet" >> $CONFFILE echo "push \"topology subnet\"" >> $CONFFILE echo "max-clients $MAXCLIENTS" >> $CONFFILE if [ "$LOCAL_NET" ]; then tmp="`echo $LOCAL_NET | sed 's/[[:space:]]*;[[:space:]]*/;/g'`" IFS=";" for i in $tmp; do echo "push \"route $i $BOX_IP\"" >> $CONFFILE done unset IFS fi client=1 actcip=${CLIENT_IPS%%:*} restip=${CLIENT_IPS#*:} actcname=${CLIENT_NAMES%%:*} restname=${CLIENT_NAMES#*:} actcnet="${CLIENT_NETS%%:*}" restnet="${CLIENT_NETS#*:}" while [ $client -le "$CLIENTS_DEFINED" ] do eval C_IP$client=$actcip; eval C_NAME$client=$actcname; eval C_NET$client=\"$actcnet\"; actcip=${restip%%:*} restip=${restip#*:} actcname=${restname%%:*} restname=${restname#*:} actcnet="${restnet%%:*}" restnet="${restnet#*:}" client=$((client+1)) done client=1 while [ $client -le "$CLIENTS_DEFINED" ] do eval net=\$C_NET$client eval name=\$C_NAME$client eval ip=\$C_IP$client echo "ifconfig-push $ip $BOX_MASK" > $CCD/$name echo "push \"topology subnet\"" >> $CCD/$name if [ "$net" != "-" ] ; then #echo "route $net $mask $ip" >> $CONFFILE echo -e "route $net $ip" | sed "s/[[:space:]]*;[[:space:]]*/ ${ip}\nroute /g" >> $CONFFILE #echo "iroute $net $mask" >> $CCD/$name echo -e "iroute $net" | sed "s/[[:space:]]*;[[:space:]]*/\niroute /g" >> $CCD/$name fi if [ "$CLIENT2CLIENT" == "yes" ]; then i=1 while [ $i -le $CLIENTS_DEFINED ]; do if [ $i -ne $client ]; then eval cnet=\$C_NET$i eval cip=\$C_IP$i if [ "$cnet" != "-" ] ; then #echo "push \"route $cnet $cip \"" >> $CCD/$name echo -e "push \"route $cnet $cip\"" | sed "s/[[:space:]]*;[[:space:]]*/ ${cip}\"\npush \"route /g" >> $CCD/$name fi fi i=$((1+$i)) done fi client=$(($client+1)) done fi [ "$CLIENT2CLIENT" == "yes" ] && echo "client-to-client" >> $CONFFILE if [ "$TYPE" == "tap" ]; then echo "ifconfig $BOX_IP $BOX_MASK" >> $CONFFILE echo "push \"route-gateway $BOX_IP\"" >> $CONFFILE if [ "$LOCAL_NET" ]; then #echo "push \"route $LOCAL_NET\"" >> $CONFFILE echo "push \"route $LOCAL_NET\"" | sed 's/[[:space:]]*;[[:space:]]*/\"\npush \"route /g' >> $CONFFILE fi if [ "$REMOTE_NET" ]; then #echo "route $REMOTE_NET" >> $CONFFILE echo "route $REMOTE_NET" | sed 's/[[:space:]]*;[[:space:]]*/\nroute /g' >> $CONFFILE fi if [ "$MAXCLIENTS" ]; then echo "max-clients $MAXCLIENTS" >> $CONFFILE fi else if [ "$CLIENT_INFO" != "yes" ] || [ "$AUTH_TYPE" == "static" ] ; then echo "ifconfig $BOX_IP $REMOTE_IP" >> $CONFFILE if [ "$REMOTE_NET" ]; then #echo "route $REMOTE_NET" >> $CONFFILE echo "route $REMOTE_NET" | sed 's/[[:space:]]*;[[:space:]]*/\nroute /g' >> $CONFFILE fi if [ "$LOCAL_NET" -a "$AUTH_TYPE" == "certs" ]; then #echo "push \"route $LOCAL_NET\"" >> $CONFFILE echo "push \"route $LOCAL_NET\"" | sed 's/[[:space:]]*;[[:space:]]*/\"\npush \"route /g' >> $CONFFILE fi fi fi [ "$CLIENT2CLIENT" == "yes" ] && echo "client-to-client" >> $CONFFILE else echo "remote $REMOTE" >> $CONFFILE echo "nobind" >> $CONFFILE if [ "$PULL" == "yes" ]; then echo "pull" >> $CONFFILE fi if [ "$REMOTE_NET" ]; then #echo "route $REMOTE_NET" >> $CONFFILE echo "route $REMOTE_NET" | sed 's/[[:space:]]*;[[:space:]]*/\nroute /g' >> $CONFFILE fi if [ "$REDIRECT" ]; then echo "redirect-gateway" >> $CONFFILE fi if [ "$DHCP_CLIENT" != "yes" ]; then if [ "$TYPE" == "tun" ]; then echo "ifconfig $BOX_IP $REMOTE_IP" >> $CONFFILE else echo "ifconfig $BOX_IP $BOX_MASK" >> $CONFFILE fi fi fi echo "tun-mtu $MTU" >> $CONFFILE echo "mssfix" >> $CONFFILE if [ "$UDP_FRAGMENT" != "" ] && [ "$UDP_FRAGMENT" != "0" ]; then echo "fragment $UDP_FRAGMENT" >> $CONFFILE fi df=/var/tmp/debug_${prefix}.out if [ "$DEBUG" == "yes" ]; then echo "log $df" >> $CONFFILE else rm -f $df fi echo "verb $VERBOSE" >> $CONFFILE echo "daemon" >> $CONFFILE echo "cipher $CIPHER" >> $CONFFILE if [ "$SHAPER" ]; then echo "shaper $SHAPER" >> $CONFFILE fi if [ "$COMPLZO" == "yes" ]; then echo "comp-lzo" >> $CONFFILE fi if [ "$FLOAT" == "yes" ]; then echo "float" >> $CONFFILE fi if [ "$KEEPALIVE" == "yes" ]; then echo "keepalive $KEEPALIVE_PING $KEEPALIVE_TIMEOUT" >> $CONFFILE if [ "$MODE" == "client" ]; then echo "resolv-retry infinite" >> $CONFFILE fi fi if [ "$OPENVPN_MGMNT" == "yes" ]; then echo "management $OPENVPN_MGMNT" >> $CONFFILE fi if [ "$LOGFILE" == "yes" ]; then echo "status /var/log/$prefix.log" >> $CONFFILE fi if [ "$ADDITIONAL" != "" ]; then echo "$ADDITIONAL" | sed 's/[[:space:]]*;[[:space:]]*/\n/g' >> $CONFFILE fi fi count=$((count+1)); done