diff --git a/doc/Makefile.am b/doc/Makefile.am index 9a7a804a..c6f05380 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1,4 +1,4 @@ -EXTRA_DIST = design.dia sample.config scripts/ocserv-up scripts/ocserv-down +EXTRA_DIST = design.dia sample.config scripts/ocserv-script dist_man_MANS = ocserv.8 diff --git a/doc/sample.config b/doc/sample.config index 579c981f..835a7860 100644 --- a/doc/sample.config +++ b/doc/sample.config @@ -2,7 +2,7 @@ # all should succeed. # Options: certificate, pam. #auth = "certificate" -auth = "plain[/tmp/passwd]" +auth = "plain[./passwd]" #auth = "pam" # A banner to be displayed on clients @@ -102,7 +102,7 @@ cookie-validity = 172800 # Script to call when a client connects and obtains an IP # Parameters are passed on the environment. -# USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client), +# REASON, USERNAME, GROUPNAME, HOSTNAME (the hostname selected by client), # DEVICE, IP_REAL (the real IP of the client), IP_LOCAL (the local IP # in the P-t-P connect), IP_REMOTE (the VPN IP of the client). #connect-script = /usr/bin/myscript diff --git a/doc/scripts/ocserv-down b/doc/scripts/ocserv-down deleted file mode 100755 index 0b8d8f20..00000000 --- a/doc/scripts/ocserv-down +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -iptables -D INPUT -i $DEVICE -j ACCEPT - -echo "User '$USERNAME' from '$IP_REAL' disconnected." diff --git a/doc/scripts/ocserv-script b/doc/scripts/ocserv-script new file mode 100755 index 00000000..7544e3db --- /dev/null +++ b/doc/scripts/ocserv-script @@ -0,0 +1,19 @@ +#!/bin/sh + +if [ "$REASON" = "connect" ];then + # Disable the firewall for the user's device + iptables -A INPUT -i $DEVICE -j ACCEPT + + if [ "$GROUPNAME" != "admins" ];then + #rate limit the tun device to 64kbyte + wondershaper $DEVICE 524288 524288 + fi + + echo "User '$USERNAME' from '$IP_REAL' connected. Local IP is '$IP_REMOTE'" +else + iptables -D INPUT -i $DEVICE -j ACCEPT + + echo "User '$USERNAME' from '$IP_REAL' disconnected." +fi + +exit 0 diff --git a/doc/scripts/ocserv-up b/doc/scripts/ocserv-up deleted file mode 100755 index 035e2520..00000000 --- a/doc/scripts/ocserv-up +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - -# Disable the firewall for the user's device -iptables -A INPUT -i $DEVICE -j ACCEPT - -if [ "$GROUPNAME" != "admins" ];then - #rate limit the tun device to 64kbyte - wondershaper $DEVICE 524288 524288 -fi - -echo "User '$USERNAME' from '$IP_REAL' connected. Local IP is '$IP_REMOTE'"