]>
Commit | Line | Data |
---|---|---|
e1297cbb | 1 | #define _XOPEN_SOURCE 500 |
39877197 | 2 | #include <signal.h> |
6e13d0a5 MT |
3 | #include <stdio.h> |
4 | #include <string.h> | |
5 | #include <unistd.h> | |
6 | #include <stdlib.h> | |
7 | #include <sys/types.h> | |
3d1fbbb0 MT |
8 | #include <arpa/inet.h> |
9 | #include <netinet/in.h> | |
6e13d0a5 | 10 | #include <fcntl.h> |
e1297cbb | 11 | #include <ftw.h> |
6e13d0a5 | 12 | #include "setuid.h" |
52e54c1c | 13 | #include "netutil.h" |
6e13d0a5 MT |
14 | #include "libsmooth.h" |
15 | ||
c894a342 | 16 | #define noovpndebug |
6e13d0a5 MT |
17 | |
18 | // global vars | |
19 | struct keyvalue *kv = NULL; | |
20 | FILE *ifacefile = NULL; | |
21 | ||
22 | char redif[STRING_SIZE]; | |
23 | char blueif[STRING_SIZE]; | |
24 | char orangeif[STRING_SIZE]; | |
25 | char enablered[STRING_SIZE] = "off"; | |
26 | char enableblue[STRING_SIZE] = "off"; | |
27 | char enableorange[STRING_SIZE] = "off"; | |
28 | ||
29 | // consts | |
ab4876ad | 30 | char OVPNINPUT[STRING_SIZE] = "OVPNINPUT"; |
c31f18b6 | 31 | char OVPNBLOCK[STRING_SIZE] = "OVPNBLOCK"; |
3d1fbbb0 | 32 | char OVPNNAT[STRING_SIZE] = "OVPNNAT"; |
ab4876ad | 33 | char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.2.4"; |
6925b8ef AF |
34 | |
35 | struct connection_struct { | |
36 | char name[STRING_SIZE]; | |
91a0a221 | 37 | char type[STRING_SIZE]; |
6925b8ef | 38 | char proto[STRING_SIZE]; |
99b01b84 | 39 | char status[STRING_SIZE]; |
3d1fbbb0 MT |
40 | char local_subnet[STRING_SIZE]; |
41 | char transfer_subnet[STRING_SIZE]; | |
42 | char role[STRING_SIZE]; | |
ab4876ad | 43 | char port[STRING_SIZE]; |
6925b8ef AF |
44 | struct connection_struct *next; |
45 | }; | |
46 | ||
47 | typedef struct connection_struct connection; | |
6e13d0a5 | 48 | |
187590f7 MT |
49 | static int recursive_remove_callback(const char* fpath, const struct stat* sb, int typeflag, struct FTW* ftwbuf) { |
50 | int rv = remove(fpath); | |
51 | if (rv) | |
52 | perror(fpath); | |
53 | ||
54 | return rv; | |
55 | } | |
56 | ||
57 | static int recursive_remove(const char* path) { | |
58 | return nftw(path, recursive_remove_callback, 64, FTW_DEPTH | FTW_PHYS); | |
59 | } | |
60 | ||
6e13d0a5 MT |
61 | void exithandler(void) |
62 | { | |
63 | if(kv) | |
64 | freekeyvalues(kv); | |
65 | if (ifacefile) | |
66 | fclose(ifacefile); | |
67 | } | |
68 | ||
69 | void usage(void) | |
70 | { | |
71 | #ifdef ovpndebug | |
07081137 | 72 | printf("Wrapper for OpenVPN %s-debug\n", WRAPPERVERSION); |
6e13d0a5 | 73 | #else |
07081137 | 74 | printf("Wrapper for OpenVPN %s\n", WRAPPERVERSION); |
6e13d0a5 MT |
75 | #endif |
76 | printf("openvpnctrl <option>\n"); | |
77 | printf(" Valid options are:\n"); | |
78 | printf(" -s --start\n"); | |
79 | printf(" starts OpenVPN (implicitly creates chains and firewall rules)\n"); | |
80 | printf(" -k --kill\n"); | |
81 | printf(" kills/stops OpenVPN\n"); | |
82 | printf(" -r --restart\n"); | |
83 | printf(" restarts OpenVPN (implicitly creates chains and firewall rules)\n"); | |
64f0c354 MT |
84 | printf(" -sn2n --start-net-2-net\n"); |
85 | printf(" starts all net2net connections\n"); | |
86 | printf(" you may pass a connection name to the switch to only start a specific one\n"); | |
87 | printf(" -kn2n --kill-net-2-net\n"); | |
88 | printf(" kills all net2net connections\n"); | |
89 | printf(" you may pass a connection name to the switch to only start a specific one\n"); | |
5795fc1b AM |
90 | printf(" -drrd --delete-rrd\n"); |
91 | printf(" Deletes the RRD data for a specific client\n"); | |
92 | printf(" you need to pass a connection name (RW) to the switch to delete the directory (case sensitive)\n"); | |
6e13d0a5 MT |
93 | printf(" -d --display\n"); |
94 | printf(" displays OpenVPN status to syslog\n"); | |
95 | printf(" -fwr --firewall-rules\n"); | |
96 | printf(" removes current OpenVPN chains and rules and resets them according to the config\n"); | |
97 | printf(" -sdo --start-daemon-only\n"); | |
afabe9f7 | 98 | printf(" starts OpenVPN daemon only\n"); |
6e13d0a5 MT |
99 | exit(1); |
100 | } | |
101 | ||
6925b8ef AF |
102 | connection *getConnections() { |
103 | FILE *fp = NULL; | |
104 | ||
105 | if (!(fp = fopen(CONFIG_ROOT "/ovpn/ovpnconfig", "r"))) { | |
106 | fprintf(stderr, "Could not open openvpn n2n configuration file.\n"); | |
107 | exit(1); | |
108 | } | |
109 | ||
110 | char line[STRING_SIZE] = ""; | |
d4f2fb97 MT |
111 | char result[STRING_SIZE] = ""; |
112 | char *resultptr; | |
6925b8ef AF |
113 | int count; |
114 | connection *conn_first = NULL; | |
115 | connection *conn_last = NULL; | |
116 | connection *conn_curr; | |
117 | ||
118 | while ((fgets(line, STRING_SIZE, fp) != NULL)) { | |
119 | if (line[strlen(line) - 1] == '\n') | |
120 | line[strlen(line) - 1] = '\0'; | |
121 | ||
122 | conn_curr = (connection *)malloc(sizeof(connection)); | |
123 | memset(conn_curr, 0, sizeof(connection)); | |
124 | ||
125 | if (conn_first == NULL) { | |
126 | conn_first = conn_curr; | |
127 | } else { | |
128 | conn_last->next = conn_curr; | |
129 | } | |
130 | conn_last = conn_curr; | |
131 | ||
132 | count = 0; | |
d4f2fb97 MT |
133 | char *lineptr = &line; |
134 | while (1) { | |
135 | if (*lineptr == NULL) | |
136 | break; | |
137 | ||
138 | resultptr = result; | |
139 | while (*lineptr != NULL) { | |
140 | if (*lineptr == ',') { | |
141 | lineptr++; | |
142 | break; | |
143 | } | |
144 | *resultptr++ = *lineptr++; | |
145 | } | |
146 | *resultptr = '\0'; | |
147 | ||
99b01b84 MT |
148 | if (count == 1) { |
149 | strcpy(conn_curr->status, result); | |
150 | } else if (count == 2) { | |
6925b8ef | 151 | strcpy(conn_curr->name, result); |
91a0a221 MT |
152 | } else if (count == 4) { |
153 | strcpy(conn_curr->type, result); | |
3d1fbbb0 MT |
154 | } else if (count == 7) { |
155 | strcpy(conn_curr->role, result); | |
156 | } else if (count == 9) { | |
157 | strcpy(conn_curr->local_subnet, result); | |
158 | } else if (count == 28) { | |
159 | strcpy(conn_curr->transfer_subnet, result); | |
d4f2fb97 | 160 | } else if (count == 29) { |
6925b8ef | 161 | strcpy(conn_curr->proto, result); |
d4f2fb97 | 162 | } else if (count == 30) { |
ab4876ad | 163 | strcpy(conn_curr->port, result); |
6925b8ef AF |
164 | } |
165 | ||
6925b8ef AF |
166 | count++; |
167 | } | |
168 | } | |
169 | ||
170 | fclose(fp); | |
171 | ||
172 | return conn_first; | |
173 | } | |
174 | ||
80ca8bd0 MT |
175 | int readPidFile(const char *pidfile) { |
176 | FILE *fp = fopen(pidfile, "r"); | |
177 | if (fp == NULL) { | |
80ca8bd0 MT |
178 | exit(1); |
179 | } | |
180 | ||
181 | int pid = 0; | |
182 | fscanf(fp, "%d", &pid); | |
183 | fclose(fp); | |
184 | ||
185 | return pid; | |
186 | } | |
187 | ||
e1a51ebb SS |
188 | int readExternalAddress(char* address) { |
189 | FILE *fp = fopen("/var/ipfire/red/local-ipaddress", "r"); | |
190 | if (!fp) | |
191 | goto ERROR; | |
192 | ||
193 | int r = fscanf(fp, "%s", address); | |
194 | fclose(fp); | |
195 | ||
196 | if (r < 0) | |
197 | goto ERROR; | |
198 | ||
199 | /* In case the read IP address is not valid, we empty | |
200 | * the content of address and return non-zero. */ | |
201 | if (!VALID_IP(address)) | |
202 | goto ERROR; | |
203 | ||
204 | return 0; | |
205 | ||
206 | ERROR: | |
207 | address = NULL; | |
208 | return 1; | |
209 | } | |
210 | ||
6e13d0a5 | 211 | void ovpnInit(void) { |
6e13d0a5 MT |
212 | // Read OpenVPN configuration |
213 | kv = initkeyvalues(); | |
214 | if (!readkeyvalues(kv, CONFIG_ROOT "/ovpn/settings")) { | |
215 | fprintf(stderr, "Cannot read ovpn settings\n"); | |
216 | exit(1); | |
217 | } | |
218 | ||
219 | if (!findkey(kv, "ENABLED", enablered)) { | |
6e13d0a5 MT |
220 | exit(1); |
221 | } | |
222 | ||
223 | if (!findkey(kv, "ENABLED_BLUE", enableblue)){ | |
6e13d0a5 MT |
224 | exit(1); |
225 | } | |
226 | ||
227 | if (!findkey(kv, "ENABLED_ORANGE", enableorange)){ | |
6e13d0a5 MT |
228 | exit(1); |
229 | } | |
230 | freekeyvalues(kv); | |
231 | ||
232 | // read interface settings | |
233 | ||
234 | // details for the red int | |
235 | memset(redif, 0, STRING_SIZE); | |
236 | if ((ifacefile = fopen(CONFIG_ROOT "/red/iface", "r"))) | |
237 | { | |
238 | if (fgets(redif, STRING_SIZE, ifacefile)) | |
239 | { | |
240 | if (redif[strlen(redif) - 1] == '\n') | |
241 | redif[strlen(redif) - 1] = '\0'; | |
242 | } | |
243 | fclose (ifacefile); | |
244 | ifacefile = NULL; | |
245 | ||
246 | if (!VALID_DEVICE(redif)) | |
247 | { | |
248 | memset(redif, 0, STRING_SIZE); | |
249 | } | |
250 | } | |
251 | ||
252 | kv=initkeyvalues(); | |
3ad23ee1 | 253 | if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")) { |
6e13d0a5 MT |
254 | fprintf(stderr, "Cannot read ethernet settings\n"); |
255 | exit(1); | |
256 | } | |
66c36198 | 257 | |
3ad23ee1 MT |
258 | if (strcmp(enableblue, "on") == 0) { |
259 | if (!findkey(kv, "BLUE_DEV", blueif)) { | |
6e13d0a5 MT |
260 | exit(1); |
261 | } | |
262 | } | |
3ad23ee1 MT |
263 | |
264 | if (strcmp(enableorange, "on") == 0) { | |
265 | if (!findkey(kv, "ORANGE_DEV", orangeif)) { | |
6e13d0a5 MT |
266 | exit(1); |
267 | } | |
3ad23ee1 | 268 | } |
6e13d0a5 MT |
269 | freekeyvalues(kv); |
270 | } | |
271 | ||
272 | void executeCommand(char *command) { | |
273 | #ifdef ovpndebug | |
274 | printf(strncat(command, "\n", 2)); | |
275 | #endif | |
276 | safe_system(strncat(command, " >/dev/null 2>&1", 17)); | |
277 | } | |
278 | ||
ab4876ad MT |
279 | void addRule(const char *chain, const char *interface, const char *protocol, const char *port) { |
280 | char command[STRING_SIZE]; | |
07081137 | 281 | |
ab4876ad MT |
282 | snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A %s -i %s -p %s --dport %s -j ACCEPT", |
283 | chain, interface, protocol, port); | |
284 | executeCommand(command); | |
6e13d0a5 MT |
285 | } |
286 | ||
287 | void flushChain(char *chain) { | |
288 | char str[STRING_SIZE]; | |
289 | ||
ab4876ad | 290 | snprintf(str, STRING_SIZE - 1, "/sbin/iptables -F %s", chain); |
6e13d0a5 | 291 | executeCommand(str); |
6e13d0a5 MT |
292 | } |
293 | ||
3d1fbbb0 MT |
294 | void flushChainNAT(char *chain) { |
295 | char str[STRING_SIZE]; | |
296 | ||
ab4876ad | 297 | snprintf(str, STRING_SIZE - 1, "/sbin/iptables -t nat -F %s", chain); |
6e13d0a5 | 298 | executeCommand(str); |
6e13d0a5 MT |
299 | } |
300 | ||
3d1fbbb0 | 301 | char* calcTransferNetAddress(const connection* conn) { |
a19ff965 MT |
302 | char *subnetmask = strdup(conn->transfer_subnet); |
303 | char *address = strsep(&subnetmask, "/"); | |
3d1fbbb0 | 304 | |
cdbe3504 MT |
305 | if ((address == NULL) || (subnetmask == NULL)) { |
306 | goto ERROR; | |
307 | } | |
308 | ||
a19ff965 MT |
309 | in_addr_t _address = inet_addr(address); |
310 | in_addr_t _subnetmask = inet_addr(subnetmask); | |
311 | _address &= _subnetmask; | |
3d1fbbb0 | 312 | |
a19ff965 MT |
313 | if (strcmp(conn->role, "server") == 0) { |
314 | _address += 1 << 24; | |
315 | } else if (strcmp(conn->role, "client") == 0) { | |
316 | _address += 2 << 24; | |
3d1fbbb0 MT |
317 | } else { |
318 | goto ERROR; | |
319 | } | |
320 | ||
a19ff965 MT |
321 | struct in_addr address_info; |
322 | address_info.s_addr = _address; | |
323 | ||
324 | return inet_ntoa(address_info); | |
3d1fbbb0 MT |
325 | |
326 | ERROR: | |
a19ff965 MT |
327 | fprintf(stderr, "Could not determine transfer net address: %s\n", conn->name); |
328 | ||
3d1fbbb0 MT |
329 | free(address); |
330 | return NULL; | |
331 | } | |
332 | ||
333 | char* getLocalSubnetAddress(const connection* conn) { | |
334 | kv = initkeyvalues(); | |
335 | if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")) { | |
336 | fprintf(stderr, "Cannot read ethernet settings\n"); | |
337 | exit(1); | |
338 | } | |
339 | ||
340 | const char *zones[] = {"GREEN", "BLUE", "ORANGE", NULL}; | |
341 | char *zone = NULL; | |
342 | ||
343 | // Get net address of the local openvpn subnet. | |
344 | char *subnetmask = strdup(conn->local_subnet); | |
345 | char *address = strsep(&subnetmask, "/"); | |
346 | ||
347 | if ((address == NULL) || (subnetmask == NULL)) { | |
348 | goto ERROR; | |
349 | } | |
350 | ||
351 | in_addr_t _address = inet_addr(address); | |
352 | in_addr_t _subnetmask = inet_addr(subnetmask); | |
353 | ||
354 | in_addr_t _netaddr = (_address & _subnetmask); | |
355 | in_addr_t _broadcast = (_address | ~_subnetmask); | |
356 | ||
357 | char zone_address_key[STRING_SIZE]; | |
358 | char zone_address[STRING_SIZE]; | |
359 | in_addr_t zone_addr; | |
360 | ||
361 | int i = 0; | |
362 | while (zones[i]) { | |
363 | zone = zones[i++]; | |
364 | snprintf(zone_address_key, STRING_SIZE, "%s_ADDRESS", zone); | |
365 | ||
366 | if (!findkey(kv, zone_address_key, zone_address)) | |
367 | continue; | |
368 | ||
369 | zone_addr = inet_addr(zone_address); | |
370 | if ((zone_addr > _netaddr) && (zone_addr < _broadcast)) { | |
371 | freekeyvalues(kv); | |
372 | ||
373 | return strdup(zone_address); | |
374 | } | |
375 | } | |
376 | ||
377 | ERROR: | |
a19ff965 MT |
378 | fprintf(stderr, "Could not determine local subnet address: %s\n", conn->name); |
379 | ||
3d1fbbb0 MT |
380 | freekeyvalues(kv); |
381 | return NULL; | |
382 | } | |
383 | ||
6e13d0a5 | 384 | void setFirewallRules(void) { |
5c3de120 | 385 | char command[STRING_SIZE]; |
6e13d0a5 MT |
386 | char protocol[STRING_SIZE] = ""; |
387 | char dport[STRING_SIZE] = ""; | |
388 | char dovpnip[STRING_SIZE] = ""; | |
389 | ||
6e13d0a5 MT |
390 | kv = initkeyvalues(); |
391 | if (!readkeyvalues(kv, CONFIG_ROOT "/ovpn/settings")) | |
392 | { | |
393 | fprintf(stderr, "Cannot read ovpn settings\n"); | |
394 | exit(1); | |
395 | } | |
396 | ||
66c36198 | 397 | /* we got one device, so lets proceed further */ |
6e13d0a5 MT |
398 | if (!findkey(kv, "DDEST_PORT", dport)){ |
399 | fprintf(stderr, "Cannot read DDEST_PORT\n"); | |
400 | exit(1); | |
401 | } | |
402 | ||
403 | if (!findkey(kv, "DPROTOCOL", protocol)){ | |
404 | fprintf(stderr, "Cannot read DPROTOCOL\n"); | |
405 | exit(1); | |
406 | } | |
407 | ||
408 | if (!findkey(kv, "VPN_IP", dovpnip)){ | |
409 | fprintf(stderr, "Cannot read VPN_IP\n"); | |
6e13d0a5 MT |
410 | } |
411 | freekeyvalues(kv); | |
412 | ||
07081137 | 413 | // Flush all chains. |
ab4876ad | 414 | flushChain(OVPNINPUT); |
2181b555 | 415 | flushChain(OVPNBLOCK); |
3d1fbbb0 | 416 | flushChainNAT(OVPNNAT); |
07081137 | 417 | |
6e13d0a5 MT |
418 | // set firewall rules |
419 | if (!strcmp(enablered, "on") && strlen(redif)) | |
ab4876ad | 420 | addRule(OVPNINPUT, redif, protocol, dport); |
6e13d0a5 | 421 | if (!strcmp(enableblue, "on") && strlen(blueif)) |
ab4876ad | 422 | addRule(OVPNINPUT, blueif, protocol, dport); |
6e13d0a5 | 423 | if (!strcmp(enableorange, "on") && strlen(orangeif)) |
ab4876ad | 424 | addRule(OVPNINPUT, orangeif, protocol, dport); |
6925b8ef | 425 | |
5c3de120 MT |
426 | /* Allow ICMP error messages to pass. */ |
427 | snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A %s -p icmp" | |
428 | " -m conntrack --ctstate RELATED -j RETURN", OVPNBLOCK); | |
429 | executeCommand(command); | |
430 | ||
91a0a221 MT |
431 | // read connection configuration |
432 | connection *conn = getConnections(); | |
433 | ||
6925b8ef | 434 | // set firewall rules for n2n connections |
3d1fbbb0 MT |
435 | char *local_subnet_address = NULL; |
436 | char *transfer_subnet_address = NULL; | |
7d653d51 | 437 | while (conn != NULL) { |
91a0a221 | 438 | if (strcmp(conn->type, "net") == 0) { |
ab4876ad | 439 | addRule(OVPNINPUT, redif, conn->proto, conn->port); |
3d1fbbb0 | 440 | |
c31f18b6 | 441 | /* Block all communication from the transfer nets. */ |
ab4876ad | 442 | snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A %s -s %s -j DROP", |
c31f18b6 MT |
443 | OVPNBLOCK, conn->transfer_subnet); |
444 | executeCommand(command); | |
445 | ||
3d1fbbb0 MT |
446 | local_subnet_address = getLocalSubnetAddress(conn); |
447 | transfer_subnet_address = calcTransferNetAddress(conn); | |
448 | ||
cdbe3504 | 449 | if ((local_subnet_address) && (transfer_subnet_address)) { |
ab4876ad | 450 | snprintf(command, STRING_SIZE - 1, "/sbin/iptables -t nat -A %s -s %s -j SNAT --to-source %s", |
cdbe3504 MT |
451 | OVPNNAT, transfer_subnet_address, local_subnet_address); |
452 | executeCommand(command); | |
453 | } | |
91a0a221 MT |
454 | } |
455 | ||
6925b8ef AF |
456 | conn = conn->next; |
457 | } | |
6e13d0a5 MT |
458 | } |
459 | ||
339b84d5 MT |
460 | static void stopAuthenticator() { |
461 | const char* argv[] = { | |
462 | "/usr/sbin/openvpn-authenticator", | |
463 | NULL, | |
464 | }; | |
465 | ||
466 | run("/sbin/killall", argv); | |
467 | } | |
468 | ||
6e13d0a5 MT |
469 | void stopDaemon(void) { |
470 | char command[STRING_SIZE]; | |
471 | ||
435076bb MT |
472 | // Stop OpenVPN authenticator |
473 | stopAuthenticator(); | |
474 | ||
2bcff894 | 475 | int pid = readPidFile("/var/run/openvpn.pid"); |
80ca8bd0 | 476 | if (!pid > 0) { |
2bcff894 MT |
477 | exit(1); |
478 | } | |
479 | ||
480 | fprintf(stderr, "Killing PID %d.\n", pid); | |
481 | kill(pid, SIGTERM); | |
482 | ||
6e13d0a5 MT |
483 | snprintf(command, STRING_SIZE - 1, "/bin/rm -f /var/run/openvpn.pid"); |
484 | executeCommand(command); | |
339b84d5 MT |
485 | } |
486 | ||
487 | static int startAuthenticator(void) { | |
488 | const char* argv[] = { "-d", NULL }; | |
489 | ||
490 | return run("/usr/sbin/openvpn-authenticator", argv); | |
6e13d0a5 MT |
491 | } |
492 | ||
493 | void startDaemon(void) { | |
494 | char command[STRING_SIZE]; | |
66c36198 | 495 | |
3ad23ee1 | 496 | if (!((strcmp(enablered, "on") == 0) || (strcmp(enableblue, "on") == 0) || (strcmp(enableorange, "on") == 0))) { |
6e13d0a5 MT |
497 | fprintf(stderr, "OpenVPN is not enabled on any interface\n"); |
498 | exit(1); | |
499 | } else { | |
e420c103 MT |
500 | snprintf(command, STRING_SIZE-1, "/etc/fcron.daily/openvpn-crl-updater"); |
501 | executeCommand(command); | |
7d3af7f7 MT |
502 | snprintf(command, STRING_SIZE-1, "/sbin/modprobe tun"); |
503 | executeCommand(command); | |
072cd997 | 504 | snprintf(command, STRING_SIZE-1, "/usr/sbin/openvpn --config /var/ipfire/ovpn/server.conf"); |
6e13d0a5 | 505 | executeCommand(command); |
8516edcc AM |
506 | snprintf(command, STRING_SIZE-1, "/bin/chown root.nobody /var/run/ovpnserver.log"); |
507 | executeCommand(command); | |
508 | snprintf(command, STRING_SIZE-1, "/bin/chmod 644 /var/run/ovpnserver.log"); | |
509 | executeCommand(command); | |
339b84d5 MT |
510 | |
511 | // Start OpenVPN Authenticator | |
512 | startAuthenticator(); | |
6e13d0a5 MT |
513 | } |
514 | } | |
515 | ||
99b01b84 | 516 | int startNet2Net(char *name) { |
6925b8ef AF |
517 | connection *conn = NULL; |
518 | connection *conn_iter; | |
519 | ||
520 | conn_iter = getConnections(); | |
521 | ||
522 | while (conn_iter) { | |
91a0a221 | 523 | if ((strcmp(conn_iter->type, "net") == 0) && (strcmp(conn_iter->name, name) == 0)) { |
6925b8ef AF |
524 | conn = conn_iter; |
525 | break; | |
526 | } | |
527 | conn_iter = conn_iter->next; | |
528 | } | |
529 | ||
530 | if (conn == NULL) { | |
531 | fprintf(stderr, "Connection not found.\n"); | |
99b01b84 MT |
532 | return 1; |
533 | } | |
534 | ||
535 | if (strcmp(conn->status, "on") != 0) { | |
536 | fprintf(stderr, "Connection '%s' is not enabled.\n", conn->name); | |
537 | return 1; | |
6925b8ef AF |
538 | } |
539 | ||
99b01b84 MT |
540 | fprintf(stderr, "Starting connection %s...\n", conn->name); |
541 | ||
39877197 MT |
542 | char configfile[STRING_SIZE]; |
543 | snprintf(configfile, STRING_SIZE - 1, CONFIG_ROOT "/ovpn/n2nconf/%s/%s.conf", | |
544 | conn->name, conn->name); | |
545 | ||
546 | FILE *fp = fopen(configfile, "r"); | |
547 | if (fp == NULL) { | |
548 | fprintf(stderr, "Could not find configuration file for connection '%s' at '%s'.\n", | |
549 | conn->name, configfile); | |
99b01b84 | 550 | return 2; |
39877197 MT |
551 | } |
552 | fclose(fp); | |
553 | ||
07081137 MT |
554 | // Make sure all firewall rules are up to date. |
555 | setFirewallRules(); | |
556 | ||
e1a51ebb SS |
557 | // Get the external IP address. |
558 | char address[STRING_SIZE] = ""; | |
559 | int r = readExternalAddress(address); | |
560 | if (r) { | |
561 | fprintf(stderr, "Could not read the external address\n"); | |
562 | exit(1); | |
563 | } | |
564 | ||
6925b8ef | 565 | char command[STRING_SIZE]; |
81a789d9 MT |
566 | snprintf(command, STRING_SIZE-1, "/sbin/modprobe tun"); |
567 | executeCommand(command); | |
e1a51ebb | 568 | snprintf(command, STRING_SIZE-1, "/usr/sbin/openvpn --local %s --config %s", address, configfile); |
6925b8ef | 569 | executeCommand(command); |
99b01b84 MT |
570 | |
571 | return 0; | |
6925b8ef AF |
572 | } |
573 | ||
99b01b84 | 574 | int killNet2Net(char *name) { |
39877197 MT |
575 | connection *conn = NULL; |
576 | connection *conn_iter; | |
187590f7 | 577 | int rc = 0; |
39877197 MT |
578 | |
579 | conn_iter = getConnections(); | |
580 | ||
581 | while (conn_iter) { | |
582 | if (strcmp(conn_iter->name, name) == 0) { | |
583 | conn = conn_iter; | |
584 | break; | |
585 | } | |
586 | conn_iter = conn_iter->next; | |
587 | } | |
588 | ||
589 | if (conn == NULL) { | |
590 | fprintf(stderr, "Connection not found.\n"); | |
99b01b84 | 591 | return 1; |
39877197 MT |
592 | } |
593 | ||
594 | char pidfile[STRING_SIZE]; | |
80ca8bd0 | 595 | snprintf(pidfile, STRING_SIZE - 1, "/var/run/%sn2n.pid", conn->name); |
39877197 | 596 | |
2bcff894 | 597 | int pid = readPidFile(pidfile); |
80ca8bd0 | 598 | if (!pid > 0) { |
99b01b84 MT |
599 | fprintf(stderr, "Could not read pid file of connection %s.", conn->name); |
600 | return 1; | |
39877197 MT |
601 | } |
602 | ||
99b01b84 | 603 | fprintf(stderr, "Killing connection %s (PID %d)...\n", conn->name, pid); |
39877197 MT |
604 | kill(pid, SIGTERM); |
605 | ||
d4c8b6be MT |
606 | char command[STRING_SIZE]; |
607 | snprintf(command, STRING_SIZE - 1, "/bin/rm -f %s", pidfile); | |
608 | executeCommand(command); | |
609 | ||
187590f7 MT |
610 | char runfile[STRING_SIZE]; |
611 | snprintf(runfile, STRING_SIZE - 1, "/var/run/openvpn/%s-n2n", conn->name); | |
612 | rc = recursive_remove(runfile); | |
613 | if (rc) | |
614 | perror(runfile); | |
e1297cbb | 615 | |
187590f7 | 616 | return 0; |
e1297cbb | 617 | } |
5795fc1b | 618 | |
e1297cbb | 619 | int deleterrd(char *name) { |
5795fc1b | 620 | char rrd_dir[STRING_SIZE]; |
5795fc1b | 621 | |
e1297cbb | 622 | connection *conn = getConnections(); |
5795fc1b | 623 | while(conn) { |
e1297cbb MT |
624 | if (strcmp(conn->name, name) != 0) { |
625 | conn = conn->next; | |
626 | continue; | |
5795fc1b | 627 | } |
e1297cbb MT |
628 | |
629 | // Handle RW connections | |
630 | if (strcmp(conn->type, "host") == 0) { | |
c63e97bb | 631 | snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s/", name); |
e1297cbb MT |
632 | |
633 | // Handle N2N connections | |
634 | } else if (strcmp(conn->type, "net") == 0) { | |
635 | snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s-n2n/", name); | |
636 | ||
637 | // Unhandled connection type | |
638 | } else { | |
639 | conn = conn->next; | |
640 | continue; | |
641 | } | |
642 | ||
643 | return recursive_remove(rrd_dir); | |
5795fc1b AM |
644 | } |
645 | ||
646 | return 1; | |
647 | } | |
648 | ||
64f0c354 | 649 | void startAllNet2Net() { |
99b01b84 MT |
650 | int exitcode = 0, _exitcode = 0; |
651 | ||
64f0c354 MT |
652 | connection *conn = getConnections(); |
653 | ||
654 | while(conn) { | |
99b01b84 MT |
655 | /* Skip all connections that are not of type "net" or disabled. */ |
656 | if ((strcmp(conn->type, "net") != 0) || (strcmp(conn->status, "on") != 0)) { | |
657 | conn = conn->next; | |
658 | continue; | |
659 | } | |
660 | ||
661 | _exitcode = startNet2Net(conn->name); | |
64f0c354 | 662 | conn = conn->next; |
99b01b84 MT |
663 | |
664 | if (_exitcode > exitcode) { | |
665 | exitcode = _exitcode; | |
666 | } | |
64f0c354 MT |
667 | } |
668 | ||
99b01b84 | 669 | exit(exitcode); |
64f0c354 MT |
670 | } |
671 | ||
672 | void killAllNet2Net() { | |
99b01b84 MT |
673 | int exitcode = 0, _exitcode = 0; |
674 | ||
64f0c354 MT |
675 | connection *conn = getConnections(); |
676 | ||
677 | while(conn) { | |
99b01b84 MT |
678 | /* Skip all connections that are not of type "net". */ |
679 | if (strcmp(conn->type, "net") != 0) { | |
680 | conn = conn->next; | |
681 | continue; | |
682 | } | |
683 | ||
684 | _exitcode = killNet2Net(conn->name); | |
64f0c354 | 685 | conn = conn->next; |
99b01b84 MT |
686 | |
687 | if (_exitcode > exitcode) { | |
688 | exitcode = _exitcode; | |
689 | } | |
64f0c354 MT |
690 | } |
691 | ||
99b01b84 | 692 | exit(exitcode); |
64f0c354 MT |
693 | } |
694 | ||
6e13d0a5 MT |
695 | void displayopenvpn(void) { |
696 | char command[STRING_SIZE]; | |
697 | ||
698 | snprintf(command, STRING_SIZE - 1, "/bin/killall -sSIGUSR2 openvpn"); | |
699 | executeCommand(command); | |
700 | } | |
701 | ||
702 | int main(int argc, char *argv[]) { | |
703 | if (!(initsetuid())) | |
704 | exit(1); | |
705 | if(argc < 2) | |
706 | usage(); | |
6925b8ef AF |
707 | |
708 | if(argc == 3) { | |
91a0a221 MT |
709 | ovpnInit(); |
710 | ||
6925b8ef AF |
711 | if( (strcmp(argv[1], "-sn2n") == 0) || (strcmp(argv[1], "--start-net-2-net") == 0) ) { |
712 | startNet2Net(argv[2]); | |
713 | return 0; | |
714 | } | |
715 | else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) { | |
716 | killNet2Net(argv[2]); | |
717 | return 0; | |
5795fc1b AM |
718 | } |
719 | else if( (strcmp(argv[1], "-drrd") == 0) || (strcmp(argv[1], "--delete-rrd") == 0) ) { | |
720 | deleterrd(argv[2]); | |
721 | return 0; | |
6925b8ef AF |
722 | } else { |
723 | usage(); | |
724 | return 1; | |
725 | } | |
726 | } | |
727 | else if(argc == 2) { | |
6e13d0a5 MT |
728 | if( (strcmp(argv[1], "-k") == 0) || (strcmp(argv[1], "--kill") == 0) ) { |
729 | stopDaemon(); | |
730 | return 0; | |
731 | } | |
732 | else if( (strcmp(argv[1], "-d") == 0) || (strcmp(argv[1], "--display") == 0) ) { | |
733 | displayopenvpn(); | |
734 | return 0; | |
735 | } | |
6e13d0a5 MT |
736 | else { |
737 | ovpnInit(); | |
66c36198 | 738 | |
6e13d0a5 | 739 | if( (strcmp(argv[1], "-s") == 0) || (strcmp(argv[1], "--start") == 0) ) { |
6e13d0a5 MT |
740 | setFirewallRules(); |
741 | startDaemon(); | |
742 | return 0; | |
743 | } | |
64f0c354 MT |
744 | else if( (strcmp(argv[1], "-sn2n") == 0) || (strcmp(argv[1], "--start-net-2-net") == 0) ) { |
745 | startAllNet2Net(); | |
746 | return 0; | |
747 | } | |
748 | else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) { | |
749 | killAllNet2Net(); | |
750 | return 0; | |
751 | } | |
6e13d0a5 MT |
752 | else if( (strcmp(argv[1], "-sdo") == 0) || (strcmp(argv[1], "--start-daemon-only") == 0) ) { |
753 | startDaemon(); | |
754 | return 0; | |
755 | } | |
756 | else if( (strcmp(argv[1], "-r") == 0) || (strcmp(argv[1], "--restart") == 0) ) { | |
757 | stopDaemon(); | |
6e13d0a5 MT |
758 | setFirewallRules(); |
759 | startDaemon(); | |
760 | return 0; | |
761 | } | |
762 | else if( (strcmp(argv[1], "-fwr") == 0) || (strcmp(argv[1], "--firewall-rules") == 0) ) { | |
6e13d0a5 MT |
763 | setFirewallRules(); |
764 | return 0; | |
765 | } | |
766 | else { | |
767 | usage(); | |
768 | return 0; | |
769 | } | |
770 | } | |
771 | } | |
772 | else { | |
773 | usage(); | |
774 | return 0; | |
775 | } | |
776 | return 0; | |
777 | } | |
778 |