Merge pull request #4301 from billsq/ifname_addr_fix
ocserv: Correctly get runtime LAN ifname and addresses
This commit is contained in:
Nikos Mavrogiannopoulos
GitHub
commit
b1c73c93a3
2 changed files with 18 additions and 15 deletions
|
|
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=ocserv
|
PKG_NAME:=ocserv
|
||||||
PKG_VERSION:=0.11.7
|
PKG_VERSION:=0.11.7
|
||||||
PKG_RELEASE:=1
|
PKG_RELEASE:=2
|
||||||
PKG_USE_MIPS16:=0
|
PKG_USE_MIPS16:=0
|
||||||
|
|
||||||
PKG_BUILD_DIR :=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
|
PKG_BUILD_DIR :=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
|
||||||
|
|
@ -44,12 +44,12 @@ define Package/ocserv
|
||||||
endef
|
endef
|
||||||
|
|
||||||
define Package/ocserv/description
|
define Package/ocserv/description
|
||||||
OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be
|
OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be
|
||||||
a secure, small, fast and configurable VPN server. It implements the
|
a secure, small, fast and configurable VPN server. It implements the
|
||||||
OpenConnect SSL VPN protocol, and has also (currently experimental)
|
OpenConnect SSL VPN protocol, and has also (currently experimental)
|
||||||
compatibility with clients using the AnyConnect SSL VPN protocol. The
|
compatibility with clients using the AnyConnect SSL VPN protocol. The
|
||||||
OpenConnect VPN protocol uses the standard IETF security protocols such
|
OpenConnect VPN protocol uses the standard IETF security protocols such
|
||||||
as TLS 1.2, and Datagram TLS to provide the secure VPN service.
|
as TLS 1.2, and Datagram TLS to provide the secure VPN service.
|
||||||
endef
|
endef
|
||||||
|
|
||||||
EXTRA_CPPFLAGS+=-I$(STAGING_DIR)/usr/include/readline/
|
EXTRA_CPPFLAGS+=-I$(STAGING_DIR)/usr/include/readline/
|
||||||
|
|
|
||||||
27
net/ocserv/files/ocserv.init
Normal file → Executable file
27
net/ocserv/files/ocserv.init
Normal file → Executable file
|
|
@ -3,6 +3,8 @@
|
||||||
START=50
|
START=50
|
||||||
USE_PROCD=1
|
USE_PROCD=1
|
||||||
|
|
||||||
|
. $IPKG_INSTROOT/lib/functions/network.sh
|
||||||
|
|
||||||
setup_config() {
|
setup_config() {
|
||||||
config_get port $1 port "4443"
|
config_get port $1 port "4443"
|
||||||
config_get max_clients $1 max_clients "8"
|
config_get max_clients $1 max_clients "8"
|
||||||
|
|
@ -33,26 +35,27 @@ setup_config() {
|
||||||
uci set dhcp.lan.start=100
|
uci set dhcp.lan.start=100
|
||||||
uci set dhcp.lan.limit=91
|
uci set dhcp.lan.limit=91
|
||||||
fi
|
fi
|
||||||
ip=$(uci get network.lan.ipaddr)
|
network_get_ipaddr ip lan
|
||||||
ipaddr="$(echo $ip|cut -d . -f1,2,3).192"
|
ipaddr="$(echo $ip|cut -d . -f1,2,3).192"
|
||||||
netmask="255.255.255.192"
|
netmask="255.255.255.192"
|
||||||
uci set ocserv.config.ipaddr="$ipaddr"
|
|
||||||
uci set ocserv.config.netmask="$netmask"
|
|
||||||
uci commit
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if test -z "$ip6addr";then
|
if test -z "$ip6addr";then
|
||||||
ip6addr=$(uci get network.lan.ip6addr 2>/dev/null)
|
network_get_ipaddr6 ip6addr lan
|
||||||
test -n "$ip6addr" && uci set ocserv.config.ip6addr="$ip6addr"
|
# Append ipv6 prefix
|
||||||
uci commit
|
test -n "$ip6addr" && ip6addr="$ip6addr/96"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ping_leases=1
|
ping_leases=1
|
||||||
test -n "$ipaddr" && sysctl -w "net.ipv4.conf.$(uci get network.lan.ifname).proxy_arp"=1 >/dev/null
|
local ifname
|
||||||
test -n "$ip6addr" && sysctl -w "net.ipv6.conf.$(uci get network.lan.ifname).proxy_ndp"=1 >/dev/null
|
network_get_device ifname lan
|
||||||
|
if test -n "ifname";then
|
||||||
|
test -n "$ipaddr" && sysctl -w "net.ipv4.conf.$ifname.proxy_arp"=1 >/dev/null
|
||||||
|
test -n "$ip6addr" && sysctl -w "net.ipv6.conf.$ifname.proxy_ndp"=1 >/dev/null
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
test "$ipaddr" = "" && ipaddr="192.168.100.0"
|
test -z "$ipaddr" && ipaddr="192.168.100.0"
|
||||||
test "$netmask" = "" && ipaddr="255.255.255.0"
|
test -z "$netmask" && netmask="255.255.255.0"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
enable_default_domain="#"
|
enable_default_domain="#"
|
||||||
|
|
@ -147,7 +150,7 @@ start_service() {
|
||||||
[ -f /etc/config/ocserv-dir/ca-key.pem ] && mv /etc/config/ocserv-dir/ca-key.pem /etc/ocserv/ca-key.pem
|
[ -f /etc/config/ocserv-dir/ca-key.pem ] && mv /etc/config/ocserv-dir/ca-key.pem /etc/ocserv/ca-key.pem
|
||||||
[ -f /etc/config/ocserv-dir/ca.pem ] && mv /etc/config/ocserv-dir/ca.pem /etc/ocserv/ca.pem
|
[ -f /etc/config/ocserv-dir/ca.pem ] && mv /etc/config/ocserv-dir/ca.pem /etc/ocserv/ca.pem
|
||||||
[ -f /etc/config/ocserv-dir/server-key.pem ] && mv /etc/config/ocserv-dir/server-key.pem /etc/ocserv/server-key.pem
|
[ -f /etc/config/ocserv-dir/server-key.pem ] && mv /etc/config/ocserv-dir/server-key.pem /etc/ocserv/server-key.pem
|
||||||
[ -f /etc/config/ocserv-dir/server-cert.pem ] && mv /etc/config/ocserv-dir/server-cert.pem /etc/ocserv/server-cert.pem
|
[ -f /etc/config/ocserv-dir/server-cert.pem ] && mv /etc/config/ocserv-dir/server-cert.pem /etc/ocserv/server-cert.pem
|
||||||
[ -d /etc/config/ocserv-dir ] && rmdir /etc/config/ocserv-dir
|
[ -d /etc/config/ocserv-dir ] && rmdir /etc/config/ocserv-dir
|
||||||
|
|
||||||
[ ! -f /etc/ocserv/ca-key.pem ] && [ -x /usr/bin/certtool ] && {
|
[ ! -f /etc/ocserv/ca-key.pem ] && [ -x /usr/bin/certtool ] && {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue