Besides an error in the update.sh file, openvpn now uses a lease file, to
to be able to "remember" dynamic ips not just for runtime but beyond reboots
or restarts of openvpn.
Also modified rootfiles and cgi as well as lfs.
var/ipfire/ovpn/ovpnconfig
var/ipfire/ovpn/settings
var/ipfire/ovpn/verify
var/ipfire/ovpn/ovpnconfig
var/ipfire/ovpn/settings
var/ipfire/ovpn/verify
+var/ipfire/ovpn/ovpn-leases.db
#
# Add "script-security 3 system" to openvpn config
#
#
# Add "script-security 3 system" to openvpn config
#
-if [ ! -s "/var/ipfire/ovpn/server.conf" ]; then
+if [ ! -x "/var/ipfire/ovpn/server.conf" ]; then
grep -q "script-security" /var/ipfire/ovpn/server.conf \
|| echo "script-security 3 system" >> /var/ipfire/ovpn/server.conf
fi
grep -q "script-security" /var/ipfire/ovpn/server.conf \
|| echo "script-security 3 system" >> /var/ipfire/ovpn/server.conf
fi
+
+if [ ! -x "/var/ipfire/ovpn/server.conf" ]; then
+ grep -q "ipp-persist" /var/ipfire/ovpn/server.conf \
+ || echo "ipp-persist /var/ipfire/ovpn/ovpn-leases.db" >> /var/ipfire/ovpn/server.conf
+fi
+
+if [ ! -x "/var/ipfire/ovpn/ovpn-leases.db" ]; then
+ touch /var/ipfire/ovpn/ovpn-leases.db
+fi
+
#
# Delete old lm-sensor modullist...
#
#
# Delete old lm-sensor modullist...
#
print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
print CONF "script-security 3 system\n";
print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
print CONF "script-security 3 system\n";
+ print CONF "ipp-persist /var/ipfire/ovpn/ovpn-leases.db\n";
print CONF "tls-server\n";
print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n";
print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n";
print CONF "tls-server\n";
print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n";
print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n";
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
cd $(DIR_APP) && cp -Rvf $(DIR_SRC)/config/ovpn /var/ipfire
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
cd $(DIR_APP) && cp -Rvf $(DIR_SRC)/config/ovpn /var/ipfire
- -mkdir -p /var/ipfire/ovpn/ca
- -mkdir -p /var/ipfire/ovpn/crls
+ -mkdir -vp /var/ipfire/ovpn/ca
+ -mkdir -vp /var/ipfire/ovpn/crls
+ touch /var/ipfire/ovpn/ovpn-leases.db
+ chmod 700 /var/ipfire/ovpn/ovpn-leases.db
chown -R nobody:nobody /var/ipfire/ovpn
chown root.nobody /var/log/ovpnserver.log
chmod 755 /var/ipfire/ovpn/verify
chown -R nobody:nobody /var/ipfire/ovpn
chown root.nobody /var/log/ovpnserver.log
chmod 755 /var/ipfire/ovpn/verify