var/ipfire/ovpn/ovpnconfig
var/ipfire/ovpn/settings
var/ipfire/ovpn/verify
+var/ipfire/ovpn/ovpn-leases.db
#
# Add "script-security 3 system" to openvpn config
#
-if [ ! -s "/var/ipfire/ovpn/server.conf" ]; then
+if [ ! -x "/var/ipfire/ovpn/server.conf" ]; then
grep -q "script-security" /var/ipfire/ovpn/server.conf \
|| echo "script-security 3 system" >> /var/ipfire/ovpn/server.conf
fi
+
+if [ ! -x "/var/ipfire/ovpn/server.conf" ]; then
+ grep -q "ipp-persist" /var/ipfire/ovpn/server.conf \
+ || echo "ipp-persist /var/ipfire/ovpn/ovpn-leases.db" >> /var/ipfire/ovpn/server.conf
+fi
+
+if [ ! -x "/var/ipfire/ovpn/ovpn-leases.db" ]; then
+ touch /var/ipfire/ovpn/ovpn-leases.db
+fi
+
#
# Delete old lm-sensor modullist...
#
print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
print CONF "script-security 3 system\n";
+ print CONF "ipp-persist /var/ipfire/ovpn/ovpn-leases.db\n";
print CONF "tls-server\n";
print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n";
print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n";
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
cd $(DIR_APP) && cp -Rvf $(DIR_SRC)/config/ovpn /var/ipfire
- -mkdir -p /var/ipfire/ovpn/ca
- -mkdir -p /var/ipfire/ovpn/crls
+ -mkdir -vp /var/ipfire/ovpn/ca
+ -mkdir -vp /var/ipfire/ovpn/crls
+ touch /var/ipfire/ovpn/ovpn-leases.db
+ chmod 700 /var/ipfire/ovpn/ovpn-leases.db
chown -R nobody:nobody /var/ipfire/ovpn
chown root.nobody /var/log/ovpnserver.log
chmod 755 /var/ipfire/ovpn/verify