openfortivpn: add package

An open implementation of Fortinet's proprietary PPP+SSL VPN solution Signed-off-by: Lucian Cristian <lucian.cristian@gmail.com>
2026-04-30 07:28:39 +01:00 · 2019-06-21 20:48:52 +03:00
parent d68afee955
commit 559afd02c6
3 changed files with 153 additions and 0 deletions
@@ -0,0 +1,12 @@
+config service 'openfortivpn'
+    option 'enabled' '0'
+    option 'host' 'vpn-gateway'
+    option 'port' '10443'
+    option 'set_routes' '0'
+    option 'set_dns' '0'
+    option 'pppd_use_peerdns' '0'
+    option 'username' 'foo'
+    option 'password' 'bar'
+config 'certs'
+# example X509 certificate sha256 sum, trust only defined one(s)!
+    option 'trusted_cert' 'e46d4aff08ba6914e64daa85bc6112a422fa7ce16631bff0b592a28556f993db'
@@ -0,0 +1,75 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+USE_PROCD=1
+BIN=/usr/sbin/openfortivpn
+CONFIG=/var/etc/openfortivpn.config
+
+
+validate_certs_section() {
+	uci_load_validate openfortivpn certs "$1" "$2" \
+		'trusted_cert:string'
+}
+
+validate_openfortivpn_section() {
+	uci_load_validate openfortivpn service "$1" "$2" \
+		'enabled:uinteger' \
+		'host:string' \
+		'port:uinteger' \
+		'username:string' \
+		'password:string' \
+		'set_routes:uinteger' \
+		'set_dns:uinteger' \
+		'pppd_use_peerdns:uinteger'
+}
+
+setup_certs() {
+	[ "$2" = 0 ] || {
+		echo "validation failed"
+		return 1
+	}
+
+	[ -n "$trusted_cert" ] || return 0
+	echo "trusted-cert = $trusted_cert" >> $CONFIG
+}
+
+setup_config() {
+	[ "$2" = 0 ] || {
+		echo "validation failed"
+		return 1
+	}
+
+	[ "$enabled" -eq 0 ] && return 1
+
+	mkdir -p /var/etc
+	echo '# auto-generated config file from /etc/config/openfortivpn' > $CONFIG
+
+	[ -n "$host" ] && echo "host =  $host" >> $CONFIG
+	[ -n "$port" ] && echo "port =  $port" >> $CONFIG
+	[ -n "$username" ] && echo "username =  $username" >> $CONFIG
+	[ -n "$password" ] && echo "password =  $password" >> $CONFIG
+	[ -n "$set_routes" ] && echo "set-routes = $set_routes" >> $CONFIG
+	[ -n "$set_dns" ] && echo "set-dns = $set_dns" >> $CONFIG
+	[ -n "$pppd_use_peerdns" ] && echo "pppd-use-peerdns = $pppd_use_peerdns" >> $CONFIG
+	return 0
+}
+
+start_service() {
+	config_load openfortivpn
+	validate_openfortivpn_section openfortivpn setup_config || return
+	config_foreach validate_certs_section certs setup_certs
+
+	procd_open_instance
+	procd_set_param stderr 1
+	procd_set_param command $BIN -c $CONFIG --use-syslog
+	procd_close_instance
+}
+
+service_triggers () {
+	procd_add_reload_trigger "openfortivpn"
+
+	procd_open_validate
+	validate_openfortivpn_section
+	validate_certs_section
+	procd_close_validate
+}