Innovenergy_trunk/firmware/opt/innovenergy/openvpn/service/run

54 lines
1.2 KiB
Plaintext
Raw Permalink Normal View History

2023-02-16 12:57:06 +00:00
#!/bin/sh
exec 2>&1
ie_url='static.innovenergy.ch'
ie_data_dir='/data/innovenergy'
ovpn_bin_dir='/opt/innovenergy/openvpn'
ovpn_data_dir=${ie_data_dir}'/openvpn'
ovpn_status_file='/var/volatile/ovpnstatus'
# somehow the new (static) openvpn binary lost the ability to dns lookup, so we have to do this:
ie_ip=$(nslookup "$ie_url" | grep -F -A 1 "$ie_url" | grep -o -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+')
# certificate query
query="https://${ie_url}/get_cert?machine_serial="
serial=$(cat /data/venus/serial-number)
delay=1
# create data dirs if necessary
[ -d ${ie_data_dir} ] || mkdir ${ie_data_dir}
[ -d ${ovpn_data_dir} ] || mkdir ${ovpn_data_dir}
# download certificates from server if necessary
while [ ! -f ${ovpn_data_dir}/client-certificate ]
do
curl ${query}${serial} | tar -C ${ovpn_data_dir} -xv
sleep ${delay}
delay=$(( $delay * 2 ))
done
# run ovpn
exe="${ovpn_bin_dir}/openvpn
--client
--nobind
--resolv-retry infinite
--ca ${ovpn_data_dir}/ca-certificate
--cert ${ovpn_data_dir}/client-certificate
--key ${ovpn_data_dir}/client-key
--status ${ovpn_status_file} 5
--remote ${ie_ip}
--port 7002
--proto udp
--dev innovenergy
--dev-type tun
--auth SHA256
--cipher AES-256-CBC
--verb 3
--keepalive 10 120
--persist-key
--persist-tun"
exec ${exe}