test $auth = "plain" && authsuffix="\[/var/etc/ocpasswd\]"
+ dyndns="false"
+ hostname=`uci show ddns|grep domain|head -1|cut -d '=' -f 1`
+ [ -n "$hostname" ] && dyndns="true"
+
mkdir -p /var/etc
sed -e "s/|PORT|/$port/g" \
-e "s/|MAX_CLIENTS|/$max_clients/g" \
-e "s/|MAX_SAME|/$max_same/g" \
-e "s/|DPD|/$dpd/g" \
-e "s#|AUTH|#$auth$authsuffix#g" \
+ -e "s#|DYNDNS|#$dyndns#g" \
-e "s/|PREDICTABLE_IPS|/$predictable_ips/g" \
-e "s/|CISCO_COMPAT|/$cisco_compat/g" \
-e "s/|UDP|/$udp/g" \
start() {
local hostname iface
- hostname=`uci get ddns.myddns.domain`
+ hostname=`uci show ddns|grep domain|head -1|cut -d '=' -f 1`
[ -z "$hostname" ] && hostname=`uci get system.@system[0].hostname`
[ ! -f /etc/ocserv/ca-key.pem ] && [ -x /usr/bin/certtool ] && {
--- /dev/null
+From cb9dcde3874441bf66d52b70ac8b0d6f6bb557d9 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Sun, 30 Nov 2014 11:30:08 +0100
+Subject: [PATCH] Notify the client that the server may have a dynamic DNS
+ address
+
+That is send "X-CSTP-DynDNS: true", in CSTP headers if the
+server is configured as having a dynamic DNS address.
+---
+ doc/sample.config | 5 +++++
+ src/config.c | 2 ++
+ src/ocserv-args.def | 5 +++++
+ src/vpn.h | 1 +
+ src/worker-vpn.c | 7 +++++++
+ 5 files changed, 20 insertions(+)
+
+diff --git a/doc/sample.config b/doc/sample.config
+index a39e573..e07e36a 100644
+--- a/doc/sample.config
++++ b/doc/sample.config
+@@ -51,6 +51,11 @@ max-same-clients = 2
+ # hostname.
+ #listen-host = [IP|HOSTNAME]
+
++# When the server has a dynamic DNS address (that may change),
++# should set that to true to ask the client to resolve again on
++# reconnects.
++#listen-host-is-dyndns = true
++
+ # TCP and UDP port number
+ tcp-port = 443
+ udp-port = 443
+diff --git a/src/config.c b/src/config.c
+index 2721a45..0b7e029 100644
+--- a/src/config.c
++++ b/src/config.c
+@@ -60,6 +60,7 @@ static struct cfg_options available_options[] = {
+ { .name = "custom-header", .type = OPTION_MULTI_LINE, .mandatory = 0 },
+ { .name = "split-dns", .type = OPTION_MULTI_LINE, .mandatory = 0 },
+ { .name = "listen-host", .type = OPTION_STRING, .mandatory = 0 },
++ { .name = "listen-host-is-dyndns", .type = OPTION_BOOLEAN, .mandatory = 0 },
+ { .name = "tcp-port", .type = OPTION_NUMERIC, .mandatory = 0 },
+ { .name = "udp-port", .type = OPTION_NUMERIC, .mandatory = 0 },
+ { .name = "keepalive", .type = OPTION_NUMERIC, .mandatory = 0 },
+@@ -403,6 +404,7 @@ unsigned force_cert_auth;
+ * reload_cfg_file();
+ */
+ READ_STRING("listen-host", config->name);
++ READ_TF("listen-host-is-dyndns", config->is_dyndns, 0);
+
+ READ_NUMERIC("tcp-port", config->port);
+ READ_NUMERIC("udp-port", config->udp_port);
+diff --git a/src/ocserv-args.def b/src/ocserv-args.def
+index cdc60bd..146e59a 100644
+--- a/src/ocserv-args.def
++++ b/src/ocserv-args.def
+@@ -126,6 +126,11 @@ max-same-clients = 2
+ # hostname.
+ #listen-host = [IP|HOSTNAME]
+
++# When the server has a dynamic DNS address (that may change),
++# should set that to true to ask the client to resolve again on
++# reconnects.
++#listen-host-is-dyndns = true
++
+ # TCP and UDP port number
+ tcp-port = 3333
+ udp-port = 3333
+diff --git a/src/vpn.h b/src/vpn.h
+index a460370..03721e1 100644
+--- a/src/vpn.h
++++ b/src/vpn.h
+@@ -188,6 +188,7 @@ struct cfg_st {
+ char *name; /* server name */
+ unsigned int port;
+ unsigned int udp_port;
++ unsigned int is_dyndns;
+ char* unix_conn_file;
+
+ char *pin_file;
+diff --git a/src/worker-vpn.c b/src/worker-vpn.c
+index 364cbff..4cb5d99 100644
+--- a/src/worker-vpn.c
++++ b/src/worker-vpn.c
+@@ -1650,6 +1650,13 @@ static int connect_handler(worker_st * ws)
+ "X-CSTP-Smartcard-Removal-Disconnect: true\r\n");
+ SEND_ERR(ret);
+
++ if (ws->config->is_dyndns != 0) {
++ ret =
++ cstp_puts(ws,
++ "X-CSTP-DynDNS: true\r\n");
++ SEND_ERR(ret);
++ }
++
+ if (ws->config->rekey_time > 0) {
+ unsigned method;
+
+--
+2.1.3
+
projects / feed / packages.git / commitdiff