From: Marcus Scholz <commander1024@ipfire.org>
Date: Sat, 5 Sep 2009 11:13:37 +0000 (+0200)
Subject: Fixed update script, added ovpn lease db + settings.
X-Git-Tag: v2.5-core31~49
X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=commitdiff_plain;h=7a1fb216e6efde13dc2475aa52a0c118b6397821;ds=sidebyside

Fixed update script, added ovpn lease db + settings.

Besides an error in the update.sh file, openvpn now uses a lease file, to
to be able to "remember" dynamic ips not just for runtime but beyond reboots
or restarts of openvpn.
Also modified rootfiles and cgi as well as lfs.
---

diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/openvpn
index 7d60e3c947..47b42f991b 100644
--- a/config/rootfiles/common/openvpn
+++ b/config/rootfiles/common/openvpn
@@ -13,3 +13,4 @@ var/ipfire/ovpn/openssl/ovpn.cnf
 var/ipfire/ovpn/ovpnconfig
 var/ipfire/ovpn/settings
 var/ipfire/ovpn/verify
+var/ipfire/ovpn/ovpn-leases.db
diff --git a/config/rootfiles/core/31/update.sh b/config/rootfiles/core/31/update.sh
index ebb5083a9a..fcbee29baf 100644
--- a/config/rootfiles/core/31/update.sh
+++ b/config/rootfiles/core/31/update.sh
@@ -119,10 +119,20 @@ grub-install --no-floppy ${ROOT::`expr length $ROOT`-1} --recheck
 #
 # Add "script-security 3 system" to openvpn config
 #
-if [ ! -s "/var/ipfire/ovpn/server.conf" ]; then
+if [ ! -x "/var/ipfire/ovpn/server.conf" ]; then
 	grep -q "script-security" /var/ipfire/ovpn/server.conf \
 	|| echo "script-security 3 system" >> /var/ipfire/ovpn/server.conf
 fi
+
+if [ ! -x "/var/ipfire/ovpn/server.conf" ]; then
+	grep -q "ipp-persist" /var/ipfire/ovpn/server.conf \
+	|| echo "ipp-persist /var/ipfire/ovpn/ovpn-leases.db" >> /var/ipfire/ovpn/server.conf
+fi
+
+if [ ! -x "/var/ipfire/ovpn/ovpn-leases.db" ]; then
+	touch /var/ipfire/ovpn/ovpn-leases.db
+fi
+        
 #
 # Delete old lm-sensor modullist...
 #
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 8a8390a8f7..b982ee99ae 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -320,6 +320,7 @@ sub writeserverconf {
     print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
     print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
     print CONF "script-security 3 system\n";
+    print CONF "ipp-persist /var/ipfire/ovpn/ovpn-leases.db\n";
     print CONF "tls-server\n";
     print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n";
     print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n";
diff --git a/lfs/openvpn b/lfs/openvpn
index e118f8b6cb..2537a91c69 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -75,8 +75,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install
 	cd $(DIR_APP) && cp -Rvf $(DIR_SRC)/config/ovpn /var/ipfire
-	-mkdir -p /var/ipfire/ovpn/ca
-	-mkdir -p /var/ipfire/ovpn/crls
+	-mkdir -vp /var/ipfire/ovpn/ca
+	-mkdir -vp /var/ipfire/ovpn/crls
+	touch /var/ipfire/ovpn/ovpn-leases.db
+        chmod 700 /var/ipfire/ovpn/ovpn-leases.db
 	chown -R nobody:nobody /var/ipfire/ovpn
 	chown root.nobody /var/log/ovpnserver.log
 	chmod 755 /var/ipfire/ovpn/verify