1#!/bin/sh 2START=60 3 4CONFIG=/bin/config 5PROG=/usr/sbin/openvpn 6mtdn=`grep cert /proc/mtd | awk -F ':' '{print $1}' | awk -F 'd' '{print $2}'` 7partion=/dev/mtd$mtdn 8OPENVPN_CONF_DIR=/tmp/openvpn/ 9EASY_RSA_DIR=/tmp/etc/easy-rsa 10 11generate_server_conf_file() { 12 if [ "$1" = "tap" ]; then 13 port=$($CONFIG get vpn_serv_port) 14 proto=$($CONFIG get vpn_serv_type) 15 if [ "$proto" = "udp" ]; then 16 sndbuf=393216 17 rcvbuf=393216 18 else 19 sndbuf=0 20 rcvbuf=0 21 fi 22 cat <<EOF 23dh /tmp/openvpn/dh1024.pem 24ca /tmp/openvpn/ca.crt 25cert /tmp/openvpn/server.crt 26key /tmp/openvpn/server.key 27dev tap0 28server-bridge nogw 29proto $proto 30port $port 31keepalive 10 120 32verb 0 33mute 5 34log-append /tmp/openvpn_log 35writepid /tmp/openvpnd.pid 36status /tmp/openvpnd.status 37mtu-disc yes 38topology subnet 39script-security 2 40cipher AES-128-CBC 41auth sha1 42tls-server 43client-to-client 44duplicate-cn 45comp-lzo 46fast-io 47client-connect "/tmp/openvpn/push_routing_rule tap" 48sndbuf $sndbuf 49rcvbuf $rcvbuf 50EOF 51 else 52 port=$($CONFIG get tun_vpn_serv_port) 53 proto=$($CONFIG get tun_vpn_serv_type) 54 lan_netmask=$($CONFIG get lan_netmask) 55 lan_ipaddr=$($CONFIG get lan_ipaddr) 56 subnet=$(tun_net $lan_ipaddr $lan_netmask) 57 if [ "$proto" = "udp" ]; then 58 sndbuf=393216 59 rcvbuf=393216 60 else 61 sndbuf=0 62 rcvbuf=0 63 fi 64 cat <<EOF 65dh /tmp/openvpn/dh1024.pem 66ca /tmp/openvpn/ca.crt 67cert /tmp/openvpn/server.crt 68key /tmp/openvpn/server.key 69server $subnet $lan_netmask 70dev tun0 71proto $proto 72port $port 73keepalive 10 120 74verb 0 75mute 5 76log-append /tmp/openvpn_tun_log 77writepid /tmp/openvpnd_tun.pid 78status /tmp/openvpnd_tun.status 79mtu-disc yes 80topology subnet 81script-security 2 82cipher AES-128-CBC 83auth sha1 84client-to-client 85duplicate-cn 86comp-lzo 87fast-io 88push "dhcp-option DNS $lan_ipaddr" 89client-connect "/tmp/openvpn/push_routing_rule tun" 90sndbuf $sndbuf 91rcvbuf $rcvbuf 92EOF 93 fi 94} 95 96set_up_ethernet_bridge() { 97 br="br0" 98 tap="tap0" 99 lan_ipaddr=$($CONFIG get lan_ipaddr) 100 lan_netmask=$($CONFIG get lan_netmask) 101 $PROG --mktun --dev $tap 102 brctl addif $br $tap 103 ifconfig $tap 0.0.0.0 promisc up 104 ifconfig $br $lan_ipaddr netmask $lan_netmask 105 106} 107 108extract_cert_file() { 109 mkdir -p $OPENVPN_CONF_DIR 110 111 dd if=$partion of=/tmp/openvpn_keys.tar.gz 112 tar -xzvf /tmp/openvpn_keys.tar.gz -C $OPENVPN_CONF_DIR 113 TAR_STATUS=$? 114 if [ -s $OPENVPN_CONF_DIR/cert.info -a -s $OPENVPN_CONF_DIR/ca.crt -a -s $OPENVPN_CONF_DIR/dh1024.pem -a -s $OPENVPN_CONF_DIR/client.crt -a -s $OPENVPN_CONF_DIR/client.key -a -s $OPENVPN_CONF_DIR/server.crt -a -s $OPENVPN_CONF_DIR/server.key ]; then 115 FILES_EXIST=1 116 fi 117 if [ "$TAR_STATUS" = "0" -a "$FILES_EXIST" = "1" ]; then 118 RET_STATUS=0 119 else 120 RET_STATUS=1 121 rm -f $OPENVPN_CONF_DIR/* 122 fi 123 rm -f /tmp/openvpn_keys.tar.gz 124 echo $RET_STATUS > $OPENVPN_CONF_DIR/cert_file_status 125 cp /etc/openvpn/push_routing_rule $OPENVPN_CONF_DIR 126 return $RET_STATUS 127} 128 129write_back_to_partion(){ 130 cd $EASY_RSA_DIR/keys 131 CERT_FILE="cert.info ca.crt dh1024.pem client.crt client.key server.crt server.key" 132 133 tar -czvf openvpn_keys.tar.gz $CERT_FILE 134 dd if=/dev/zero bs=124k count=1 | tr "\000" "\377" >124kdata 135 dd if=openvpn_keys.tar.gz of=124kdata conv=notrunc 136 flash_erase $partion 0 0 137 cat 124kdata > $partion 138 139 cp $CERT_FILE $OPENVPN_CONF_DIR 140} 141 142regenerate_cert_file() { 143 mkdir $EASY_RSA_DIR 144 cp /etc/easy-rsa/openssl-*.cnf $EASY_RSA_DIR 145 146 clean-all 147 build-ca 148 build-key-server server 149 build-dh 150 build-key client 151 152 # input: artmtd -r sn 153 # output: sn:3V01475S00025 154 # SN: 3V01475S00025 155 sn=$(artmtd -r sn | grep sn: | sed 's/sn://g') 156 echo $sn > $EASY_RSA_DIR/keys/cert.info 157 write_back_to_partion 158} 159 160boot() { 161 extract_cert_file || { 162 echo "extract vpn cert file fail, can not start vpn server" >/dev/console 163 exit 1 164 } 165 start 166} 167 168start() { 169 if [ "$($CONFIG get vpn_enable)" = "0" ]; then 170 exit 1 171 fi 172 if [ "$($CONFIG get endis_ddns)" = "0" ] && [ "$($CONFIG get wan_proto)" != "static" ] && [ "$($CONFIG get wan_pppoe_wan_assign)" = "0" ]; then 173 exit 1 174 fi 175 if [ "$($CONFIG get ap-mode)" = "1" ]; then 176 exit 1 177 fi 178 179 [ -d /tmp/openvpn ] || extract_cert_file 180 OPENVPN_TAP_CONF_FILE=/tmp/openvpn/server_tap.conf 181 OPENVPN_TUN_CONF_FILE=/tmp/openvpn/server_tun.conf 182 183 generate_server_conf_file tap > $OPENVPN_TAP_CONF_FILE 184 generate_server_conf_file tun > $OPENVPN_TUN_CONF_FILE 185 186 set_up_ethernet_bridge 187 188 # open the door to let client in 189 net-wall rule 190 net-wall start 191 192 $PROG $OPENVPN_TAP_CONF_FILE & 193 $PROG $OPENVPN_TUN_CONF_FILE & 194 195 /usr/sbin/wget -T 10 http://www.speedtest.net/api/country -O /tmp/openvpn/server_location 196} 197 198stop() { 199 br="br0" 200 tap="tap0" 201 202 kill `cat /tmp/openvpnd.pid` 203 rm -f /tmp/openvpnd.pid 204 kill `cat /tmp/openvpnd_tun.pid` 205 rm -f /tmp/openvpnd_tun.pid 206 207 brctl delif $br $tap 208 $PROG --rmtun --dev $tap 209 210 #close the door 211 net-wall rule 212 net-wall start 213} 214 215restart() { 216 stop 217 start 218} 219 220case "$1" in 221 "boot") 222 boot 223 ;; 224 "start") 225 start 226 ;; 227 "stop") 228 stop 229 ;; 230 "restart") 231 restart 232 ;; 233 "regenerate_cert_file") 234 regenerate_cert_file 235 ;; 236 *) 237 echo "Unknow command" > /dev/console 238 echo "Usage: $0 boot|start|stop|restart|regenerate_cert_file" > /dev/console 239 ;; 240esac 241