Jean-Philippe Pialasse
10d358c088
- set lzo compression as disabled [SME: 13123] - set default hmac sha256 and ciphers AES-256-GCM [SME: 13115] remove BF-CBC - remove /var/service/openvpn-routed [SME: 12379] - use locatime to log connexions [SME: 13128]
40 lines
2.1 KiB
Bash
40 lines
2.1 KiB
Bash
#!/bin/bash
|
|
|
|
[[ ! -f /etc/openvpn/routed/pub/cert.pem && -f /etc/openvpn/bridge/pub/cert.pem ]] && cp -a /etc/openvpn/bridge/pub/cert.pem /etc/openvpn/routed/pub/cert.pem
|
|
[[ ! -f /etc/openvpn/routed/pub/cacert.pem && -f /etc/openvpn/bridge/pub/cacert.pem ]] && cp -a /etc/openvpn/bridge/pub/cacert.pem /etc/openvpn/routed/pub/cacert.pem
|
|
[[ ! -f /etc/openvpn/routed/pub/dh.pem && -f /etc/openvpn/bridge/pub/dh.pem ]] && cp -a /etc/openvpn/bridge/pub/dh.pem /etc/openvpn/routed/pub/dh.pem
|
|
[[ ! -f /etc/openvpn/routed/priv/key.pem && -f /etc/openvpn/bridge/priv/key.pem ]] && cp -a /etc/openvpn/bridge/priv/key.pem /etc/openvpn/routed/priv/key.pem
|
|
[[ ! -f /etc/openvpn/routed/priv/takey.pem && -f /etc/openvpn/bridge/priv/takey.pem ]] && cp -a /etc/openvpn/bridge/priv/takey.pem /etc/openvpn/routed/priv/takey.pem
|
|
if [[ ! -f /etc/openvpn/routed/pub/cacrl.pem && -f /etc/openvpn/bridge/pub/cacrl.pem ]] ; then
|
|
cp -a /etc/openvpn/bridge/pub/cacrl.pem /etc/openvpn/routed/pub/cacrl.pem
|
|
CrlUrl=`/sbin/e-smith/config getprop openvpn-bridge CrlUrl`
|
|
/sbin/e-smith/config setprop openvpn-routed CrlUrl "$CrlUrl="
|
|
|
|
myport=`/sbin/e-smith/config getprop openvpn-routed UDPPort`
|
|
oriport="$myiport"
|
|
bridgeport=`/sbin/e-smith/config getprop openvpn-bridge UDPPort`
|
|
s2sports=`/sbin/e-smith/db openvpn-s2s print |sed -re 's/.*Port\|([0-9]+).*/\1/'|sort|uniq`
|
|
while [[ $s2sports =~ $myport || $myport == $bridgeport ]]
|
|
do
|
|
myport=$[$myport+1]
|
|
done
|
|
if [[ $myport != $oriport ]]; then
|
|
echo "set UDPPort to $myport as $oriport was already taken"
|
|
/sbin/e-smith/db configuration setprop openvpn-routed UDPPort $myport
|
|
/sbin/e-smith/expand-template /etc/openvpn/routed/openvpn.conf
|
|
fi
|
|
fi
|
|
|
|
# to use localtime to log
|
|
/usr/bin/cp -L /etc/localtime /etc/openvpn/routed/etc/
|
|
|
|
if [ ! -z "$( ls -A '/etc/openvpn/routed/priv/' )" ]; then
|
|
chmod 0600 /etc/openvpn/routed/priv/*
|
|
chown root:admin /etc/openvpn/routed/priv/*
|
|
fi
|
|
if [ ! -z "$( ls -A '/etc/openvpn/routed/pub/' )" ]; then
|
|
chmod 0644 /etc/openvpn/routed/pub/*
|
|
chown root:admin /etc/openvpn/routed/pub/*
|
|
fi
|
|
exit 0
|