#!/bin/sh scriptname=$0 scriptname=${scriptname##*/} prefix=${scriptname%%_conf} CCD_REL=/clients_$prefix CCD=/var/tmp/openvpn$CCD_REL . /mod/etc/conf/openvpn.cfg uebergabe="" wert (){ IFS=$2 local number=$3 local c=0 uebergabe="" for inhalt in $1; do if [ "$c" -eq "$number" ]; then uebergabe=$inhalt; fi let c++ done unset IFS } delimiter="#" vars="DEBUG DEBUG_TIME LOCAL MODE REMOTE PORT PROTO IPV6 TYPE BOX_IP BOX_MASK REMOTE_IP DHCP_RANGE LOCAL_NET REMOTE_NET DHCP_CLIENT MTU AUTH_TYPE CIPHER TLS_AUTH FLOAT KEEPALIVE KEEPALIVE_PING KEEPALIVE_TIMEOUT COMPLZO MAXCLIENTS CLIENT2CLIENT PUSH_DNS PUSH_WINS REDIRECT VERBOSE SHAPER PULL LOGFILE MGMNT CLIENTS_DEFINED CLIENT_INFO CLIENT_IPS CLIENT_NAMES CLIENT_NETS CLIENT_MASKS CONFIG_NAMES UDP_FRAGMENT ADDITIONAL OWN_KEYS NO_CERTTYPE TAP2LAN PARAM_1 PARAM_2 PARAM_3" count=1 while [ $count -le $OPENVPN_CONFIG_COUNT ]; do for var in $vars; do tmp=$var configvar='OPENVPN_' eval configvar=\$$configvar$var IFS='' wert "$configvar" "$delimiter" "$count" eval $tmp=\$uebergabe done if [ "openvpn_$CONFIG_NAMES" = "$prefix" ] || [ "$prefix" = "openvpn" -a $count -eq 1 ]; then if [ $1 ]; then CONFFILE=$1 else CONFFILE=/mod/etc/${prefix}.conf fi [ "${TYPE}_${CLIENT_INFO}_${AUTH_TYPE}" = "tun_yes_certs" ] && TUNSUBNET=true || TUNSUBNET="" echo "# OpenVPN 2.1 Config, $(date)" > $CONFFILE [ "$IPV6" = yes ] && V6=6 || V6="" if [ "$PROTO" = "tcp" ]; then echo "proto tcp${V6}-$MODE" >> $CONFFILE else echo "proto udp${V6}" >> $CONFFILE fi if [ "$TYPE" = "tap" ]; then echo "dev tap$(( $count -1))" >> $CONFFILE [ "$TAP2LAN" = yes ] && echo "#Helperline for rc.openvpn to add tap$(( $count -1)) to lan bridge" >> $CONFFILE else echo "dev tun" >> $CONFFILE fi DEV=$(find /dev -type c -name tun 2>/dev/null) if [ "$DEV" ]; then [ "$DEV" = "/dev/net/tun" ] || echo "dev-node $DEV" >> $CONFFILE else echo -e "\n\tWarning: No tunnel device found." fi if [ "$OWN_KEYS" != "" -a $count -gt 1 ]; then keypath="/tmp/flash/openvpn/${CONFIG_NAMES}_" else keypath="/tmp/flash/openvpn/" fi if [ "$AUTH_TYPE" = "certs" ]; then echo "ca ${keypath}ca.crt" >> $CONFFILE echo "cert ${keypath}box.crt" >> $CONFFILE echo "key ${keypath}box.key" >> $CONFFILE if [ "$MODE" = "server" ]; then echo "dh ${keypath}dh.pem" >> $CONFFILE [ -r "${keypath}crl.pem" -a "$(sed 's/[ \t]*//g' ${keypath}crl.pem)" ] && echo "crl-verify ${keypath}crl.pem" >> $CONFFILE echo "tls-server" >> $CONFFILE [ "$TLS_AUTH" = "yes" ] && echo "tls-auth ${keypath}static.key 0" >> $CONFFILE else echo "tls-client" >> $CONFFILE [ "yes" != "$NO_CERTTYPE" ] && echo "ns-cert-type server" >> $CONFFILE [ "$TLS_AUTH" = "yes" ] && echo "tls-auth ${keypath}static.key 1" >> $CONFFILE fi else echo "secret ${keypath}static.key" >> $CONFFILE fi if [ "$MODE" = "server" ]; then [ "$LOCAL" ] && echo "local $LOCAL" >> $CONFFILE echo "port $PORT" >> $CONFFILE if [ "$TYPE" = "tap" ] || [ $TUNSUBNET ]; then echo "ifconfig $BOX_IP $BOX_MASK" >> $CONFFILE echo "push \"route-gateway $BOX_IP\"" >> $CONFFILE [ $TUNSUBNET ] && echo -e 'topology subnet\npush "topology subnet"' >> $CONFFILE [ "$LOCAL_NET" ] && echo "push \"route $LOCAL_NET\"" | sed 's/[[:space:]]*;[[:space:]]*/\"\npush \"route /g' >> $CONFFILE [ "$REMOTE_NET" ] && echo "route $REMOTE_NET" | sed 's/[[:space:]]*;[[:space:]]*/\nroute /g' >> $CONFFILE [ "$MAXCLIENTS" ] && echo "max-clients $MAXCLIENTS" >> $CONFFILE else # TUN and Point2Point echo "ifconfig $BOX_IP $REMOTE_IP" >> $CONFFILE [ "$REMOTE_NET" ] && echo "route $REMOTE_NET" | sed 's/[[:space:]]*;[[:space:]]*/\nroute /g' >> $CONFFILE [ "$LOCAL_NET" -a "$AUTH_TYPE" = "certs" ] && echo "push \"route $LOCAL_NET\"" | sed 's/[[:space:]]*;[[:space:]]*/\"\npush \"route /g' >> $CONFFILE fi if [ "$AUTH_TYPE" = "certs" ]; then if [ "$DHCP_RANGE" ]; then echo "mode server" >> $CONFFILE echo "ifconfig-pool $DHCP_RANGE" >> $CONFFILE if [ "$CLIENT2CLIENT" = "yes" ]; then echo "push \"route ${DHCP_RANGE%.* *}.0 255.255.255.0\"" >> $CONFFILE else echo "push \"route $BOX_IP\"" >> $CONFFILE fi echo "route ${DHCP_RANGE%.* *}.0 255.255.255.0" >> $CONFFILE fi if [ "$CLIENT_INFO" = "yes" ]; then mkdir -p $CCD rm -f $CCD/* [ ! "$DHCP_RANGE" ] && echo "mode server" >> $CONFFILE echo "client-config-dir $CCD_REL" >> $CONFFILE client=1 actcip=${CLIENT_IPS%%:*} restip=${CLIENT_IPS#*:} actcname=${CLIENT_NAMES%%:*} restname=${CLIENT_NAMES#*:} actcnet=${CLIENT_NETS%%:*} restnet=${CLIENT_NETS#*:} while [ $client -le "$CLIENTS_DEFINED" ] do eval C_IP$client=$actcip eval C_NAME$client=$actcname eval C_NET$client=\"$actcnet\" actcip=${restip%%:*} restip=${restip#*:} actcname=${restname%%:*} restname=${restname#*:} actcnet=${restnet%%:*} restnet=${restnet#*:} let client++ done client=1 while [ $client -le "$CLIENTS_DEFINED" ] do eval net=\$C_NET$client eval name=\$C_NAME$client eval ip=\$C_IP$client echo "ifconfig-push $ip $BOX_MASK" > $CCD/$name if [ "$net" != "-" ]; then echo -e "route $net $ip" | sed "s/[[:space:]]*;[[:space:]]*/ ${ip}\nroute /g" >> $CONFFILE echo -e "iroute $net" | sed "s/[[:space:]]*;[[:space:]]*/\niroute /g" >> $CCD/$name fi if [ "$CLIENT2CLIENT" = "yes" ]; then i=1 while [ $i -le $CLIENTS_DEFINED ]; do if [ $i -ne $client ]; then eval cnet=\$C_NET$i eval cip=\$C_IP$i [ "$cnet" != "-" ] && echo -e "push \"route $cnet $cip\"" | sed "s/[[:space:]]*;[[:space:]]*/ ${cip}\"\npush \"route /g" >> $CCD/$name fi i=$((1+$i)) done fi let client++ done fi fi # of CERTS [ "$CLIENT2CLIENT" = "yes" ] && echo "client-to-client" >> $CONFFILE [ "$PUSH_DNS" ] && echo "push \"dhcp-option DNS $PUSH_DNS\"" >> $CONFFILE [ "$PUSH_WINS" ] && echo "push \"dhcp-option WINS $PUSH_WINS\"" >> $CONFFILE [ "$REDIRECT" ] && echo "push \"redirect-gateway\"" >> $CONFFILE else # Client echo "remote $REMOTE" >> $CONFFILE echo "nobind" >> $CONFFILE [ "$PULL" = "yes" ] && echo "pull" >> $CONFFILE [ "$REMOTE_NET" ] && echo "route $REMOTE_NET" | sed 's/[[:space:]]*;[[:space:]]*/\nroute /g' >> $CONFFILE [ "$REDIRECT" ] && echo "redirect-gateway" >> $CONFFILE if [ "$DHCP_CLIENT" != "yes" ]; then if [ "$TYPE" = "tun" ]; then echo "ifconfig $BOX_IP $REMOTE_IP" >> $CONFFILE else echo "ifconfig $BOX_IP $BOX_MASK" >> $CONFFILE fi fi fi echo "tun-mtu $MTU" >> $CONFFILE echo "mssfix" >> $CONFFILE [ "$UDP_FRAGMENT" != "" -a "$UDP_FRAGMENT" != "0" ] && echo "fragment $UDP_FRAGMENT" >> $CONFFILE df=/var/tmp/debug_${prefix}.out if [ "$DEBUG" = "yes" ]; then echo "log $df" >> $CONFFILE else rm -f $df fi echo "verb $VERBOSE" >> $CONFFILE echo "daemon" >> $CONFFILE echo "cipher $CIPHER" >> $CONFFILE [ "$SHAPER" ] && echo "shaper $SHAPER" >> $CONFFILE [ "$COMPLZO" = "yes" ] && echo "comp-lzo" >> $CONFFILE [ "$FLOAT" = "yes" ] && echo "float" >> $CONFFILE if [ "$KEEPALIVE" = "yes" ]; then echo "keepalive $KEEPALIVE_PING $KEEPALIVE_TIMEOUT" >> $CONFFILE [ "$MODE" = "client" ] && echo "resolv-retry infinite" >> $CONFFILE fi [ "$OPENVPN_MGMNT" = "yes" ] && echo "management $OPENVPN_MGMNT" >> $CONFFILE [ "$LOGFILE" = "yes" ] && echo "status /var/log/$prefix.log" >> $CONFFILE echo "chroot /tmp/openvpn" >> $CONFFILE echo "user openvpn" >> $CONFFILE echo "group openvpn" >> $CONFFILE echo "persist-tun" >> $CONFFILE echo "persist-key" >> $CONFFILE [ "$ADDITIONAL" != "" ] && echo "$ADDITIONAL" | sed 's/[[:space:]]*;[[:space:]]*/\n/g' >> $CONFFILE fi let count++ done