From 7a1fb216e6efde13dc2475aa52a0c118b6397821 Mon Sep 17 00:00:00 2001
From: Marcus Scholz <commander1024@ipfire.org>
Date: Sat, 5 Sep 2009 13:13:37 +0200
Subject: [PATCH] Fixed update script, added ovpn lease db + settings.

Besides an error in the update.sh file, openvpn now uses a lease file, to
to be able to "remember" dynamic ips not just for runtime but beyond reboots
or restarts of openvpn.
Also modified rootfiles and cgi as well as lfs.
---
 config/rootfiles/common/openvpn    |  1 +
 config/rootfiles/core/31/update.sh | 12 +++++++++++-
 html/cgi-bin/ovpnmain.cgi          |  1 +
 lfs/openvpn                        |  6 ++++--
 4 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/openvpn
index 7d60e3c947..47b42f991b 100644
--- a/config/rootfiles/common/openvpn
+++ b/config/rootfiles/common/openvpn
@@ -13,3 +13,4 @@ var/ipfire/ovpn/openssl/ovpn.cnf
 var/ipfire/ovpn/ovpnconfig
 var/ipfire/ovpn/settings
 var/ipfire/ovpn/verify
+var/ipfire/ovpn/ovpn-leases.db
diff --git a/config/rootfiles/core/31/update.sh b/config/rootfiles/core/31/update.sh
index ebb5083a9a..fcbee29baf 100644
--- a/config/rootfiles/core/31/update.sh
+++ b/config/rootfiles/core/31/update.sh
@@ -119,10 +119,20 @@ grub-install --no-floppy ${ROOT::`expr length $ROOT`-1} --recheck
 #
 # Add "script-security 3 system" to openvpn config
 #
-if [ ! -s "/var/ipfire/ovpn/server.conf" ]; then
+if [ ! -x "/var/ipfire/ovpn/server.conf" ]; then
 	grep -q "script-security" /var/ipfire/ovpn/server.conf \
 	|| echo "script-security 3 system" >> /var/ipfire/ovpn/server.conf
 fi
+
+if [ ! -x "/var/ipfire/ovpn/server.conf" ]; then
+	grep -q "ipp-persist" /var/ipfire/ovpn/server.conf \
+	|| echo "ipp-persist /var/ipfire/ovpn/ovpn-leases.db" >> /var/ipfire/ovpn/server.conf
+fi
+
+if [ ! -x "/var/ipfire/ovpn/ovpn-leases.db" ]; then
+	touch /var/ipfire/ovpn/ovpn-leases.db
+fi
+        
 #
 # Delete old lm-sensor modullist...
 #
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 8a8390a8f7..b982ee99ae 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -320,6 +320,7 @@ sub writeserverconf {
     print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
     print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
     print CONF "script-security 3 system\n";
+    print CONF "ipp-persist /var/ipfire/ovpn/ovpn-leases.db\n";
     print CONF "tls-server\n";
     print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n";
     print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n";
diff --git a/lfs/openvpn b/lfs/openvpn
index e118f8b6cb..2537a91c69 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -75,8 +75,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && make $(MAKETUNING)
 	cd $(DIR_APP) && make install
 	cd $(DIR_APP) && cp -Rvf $(DIR_SRC)/config/ovpn /var/ipfire
-	-mkdir -p /var/ipfire/ovpn/ca
-	-mkdir -p /var/ipfire/ovpn/crls
+	-mkdir -vp /var/ipfire/ovpn/ca
+	-mkdir -vp /var/ipfire/ovpn/crls
+	touch /var/ipfire/ovpn/ovpn-leases.db
+        chmod 700 /var/ipfire/ovpn/ovpn-leases.db
 	chown -R nobody:nobody /var/ipfire/ovpn
 	chown root.nobody /var/log/ovpnserver.log
 	chmod 755 /var/ipfire/ovpn/verify
-- 
2.39.2