]>
git.ipfire.org Git - ipfire-2.x.git/blob - src/misc-progs/openvpnctrl.c
13 1.0.0.0 many things happend before ...
15 2.0.0.1 2005/06/09 tarralan
17 add. deleteChainReference(char*)
18 add. createChainReference(char*)
19 mod. deleteChain(char*)
20 mod. flushChain(char*)
23 add. consts for chain names
25 add. createAllChains()
27 add. global vars for chain and interface status
28 add. usage of consts for chain names
29 mod. reworked createAllChains()
31 2.0.0.2 2005/06/09 horizont
32 change the input + forward chain position index based on active interfaces
34 2.0.0.3 2005/06/09 tarralan
35 mod. removed const attribute
37 2.0.0.4 2005/06/12 tarralan
38 add. debug condition für output
39 mod. changed definition auf consts
41 2.0.0.5-7 2005/06/12 tarralan
44 2.0.0.8 2005/06/12 tarralan
47 2.0.0.9-16 2005/06/12 tarralan
50 2.0.0.17 2005/06/12 tarralan
53 2.0.1.1 2005/06/12 tarralan
56 2.0.1.2 2005/06/13 tarralan
57 mod. some options renamed
59 2.0.1.3 2005/06/13 tarralan
60 mod. startDaemon() to verify if OpenVPN is enabled
61 mod. createAllChains() to verify if OpenVPN is enabled
64 2.0.1.4 2005/06/13 tarralan
65 mod. bug fixed with the -sdo option
66 2.0.1.5 2005/11/06 Ufuk Altinkaynak
67 mod. bug fixed no need to read blue and orange dev, when they are not enabled
68 2.0.1.6 2005/01/03 Ufuk Altinkaynak
69 mod. bug fixed reported by weizen_42 see http://www.vpnforum.de/viewtopic.php?p=7113#7113
71 # ZERNINA-VERSION:0.9.0b
72 # (c) 2005 tarralan + Ufuk Altinkaynak
74 # Ipcop and OpenVPN eas as one two three..
80 struct keyvalue
*kv
= NULL
;
81 FILE *ifacefile
= NULL
;
83 char redif
[STRING_SIZE
];
84 char blueif
[STRING_SIZE
];
85 char orangeif
[STRING_SIZE
];
86 char enablered
[STRING_SIZE
] = "off";
87 char enableblue
[STRING_SIZE
] = "off";
88 char enableorange
[STRING_SIZE
] = "off";
91 char OVPNRED
[STRING_SIZE
] = "OVPN";
92 char OVPNBLUE
[STRING_SIZE
] = "OVPN_BLUE_";
93 char OVPNORANGE
[STRING_SIZE
] = "OVPN_ORANGE_";
94 char WRAPPERVERSION
[STRING_SIZE
] = "2.0.1.6";
96 void exithandler(void)
107 printf("Wrapper for OpenVPN v%s-debug\n", WRAPPERVERSION
);
109 printf("Wrapper for OpenVPN v%s\n", WRAPPERVERSION
);
111 printf("openvpnctrl <option>\n");
112 printf(" Valid options are:\n");
113 printf(" -s --start\n");
114 printf(" starts OpenVPN (implicitly creates chains and firewall rules)\n");
115 printf(" -k --kill\n");
116 printf(" kills/stops OpenVPN\n");
117 printf(" -r --restart\n");
118 printf(" restarts OpenVPN (implicitly creates chains and firewall rules)\n");
119 printf(" -d --display\n");
120 printf(" displays OpenVPN status to syslog\n");
121 printf(" -fwr --firewall-rules\n");
122 printf(" removes current OpenVPN chains and rules and resets them according to the config\n");
123 printf(" -sdo --start-daemon-only\n");
124 printf(" starts OpenVPN daemon only (useful for rc.local)\n");
125 printf(" -ccr --create-chains-and-rules\n");
126 printf(" creates chains and rules for OpenVPN\n");
127 printf(" -dcr --delete-chains-and-rules\n");
128 printf(" removes all chains for OpenVPN\n");
132 void ovpnInit(void) {
134 // Read OpenVPN configuration
135 kv
= initkeyvalues();
136 if (!readkeyvalues(kv
, CONFIG_ROOT
"/ovpn/settings")) {
137 fprintf(stderr
, "Cannot read ovpn settings\n");
141 if (!findkey(kv
, "ENABLED", enablered
)) {
142 fprintf(stderr
, "Cannot read ENABLED\n");
146 if (!findkey(kv
, "ENABLED_BLUE", enableblue
)){
147 fprintf(stderr
, "Cannot read ENABLED_BLUE\n");
151 if (!findkey(kv
, "ENABLED_ORANGE", enableorange
)){
152 fprintf(stderr
, "Cannot read ENABLED_ORANGE\n");
157 // read interface settings
159 // details for the red int
160 memset(redif
, 0, STRING_SIZE
);
161 if ((ifacefile
= fopen(CONFIG_ROOT
"/red/iface", "r")))
163 if (fgets(redif
, STRING_SIZE
, ifacefile
))
165 if (redif
[strlen(redif
) - 1] == '\n')
166 redif
[strlen(redif
) - 1] = '\0';
171 if (!VALID_DEVICE(redif
))
173 memset(redif
, 0, STRING_SIZE
);
178 if (!readkeyvalues(kv
, CONFIG_ROOT
"/ethernet/settings"))
180 fprintf(stderr
, "Cannot read ethernet settings\n");
184 if (strcmp(enableblue
, "on")==0){
185 if (!findkey(kv
, "BLUE_DEV", blueif
)){
186 fprintf(stderr
, "Cannot read BLUE_DEV\n");
190 if (strcmp(enableorange
, "on")==0){
191 if (!findkey(kv
, "ORANGE_DEV", orangeif
)){
192 fprintf(stderr
, "Cannot read ORNAGE_DEV\n");
199 void executeCommand(char *command
) {
201 printf(strncat(command
, "\n", 2));
203 safe_system(strncat(command
, " >/dev/null 2>&1", 17));
206 void setChainRules(char *chain
, char *interface
, char *protocol
, char *port
)
208 char str
[STRING_SIZE
];
210 sprintf(str
, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %s -j ACCEPT", chain
, interface
, protocol
, port
);
212 sprintf(str
, "/sbin/iptables -A %sINPUT -i tun+ -j ACCEPT", chain
);
214 sprintf(str
, "/sbin/iptables -A %sFORWARD -i tun+ -j ACCEPT", chain
);
218 void flushChain(char *chain
) {
219 char str
[STRING_SIZE
];
221 sprintf(str
, "/sbin/iptables -F %sINPUT", chain
);
223 sprintf(str
, "/sbin/iptables -F %sFORWARD", chain
);
228 void deleteChainReference(char *chain
) {
229 char str
[STRING_SIZE
];
231 sprintf(str
, "/sbin/iptables -D INPUT -j %sINPUT", chain
);
234 sprintf(str
, "/sbin/iptables -D FORWARD -j %sFORWARD", chain
);
239 void deleteChain(char *chain
) {
240 char str
[STRING_SIZE
];
242 sprintf(str
, "/sbin/iptables -X %sINPUT", chain
);
244 sprintf(str
, "/sbin/iptables -X %sFORWARD", chain
);
248 void deleteAllChains(void) {
249 // not an elegant solution, but to avoid timing problems with undeleted chain references
250 deleteChainReference(OVPNRED
);
251 deleteChainReference(OVPNBLUE
);
252 deleteChainReference(OVPNORANGE
);
254 flushChain(OVPNBLUE
);
255 flushChain(OVPNORANGE
);
256 deleteChain(OVPNRED
);
257 deleteChain(OVPNBLUE
);
258 deleteChain(OVPNORANGE
);
261 void createChainReference(char *chain
) {
262 char str
[STRING_SIZE
];
263 sprintf(str
, "/sbin/iptables -I INPUT %s -j %sINPUT", "14", chain
);
265 sprintf(str
, "/sbin/iptables -I FORWARD %s -j %sFORWARD", "12", chain
);
269 void createChain(char *chain
) {
270 char str
[STRING_SIZE
];
271 sprintf(str
, "/sbin/iptables -N %sINPUT", chain
);
273 sprintf(str
, "/sbin/iptables -N %sFORWARD", chain
);
277 void createAllChains(void) {
278 if (!((strcmp(enablered
, "on")==0) || (strcmp(enableblue
, "on")==0) || (strcmp(enableorange
, "on")==0))){
279 fprintf(stderr
, "OpenVPN is not enabled on any interface\n");
282 // create chain and chain references
283 if (!strcmp(enableorange
, "on")) {
284 if (strlen(orangeif
)) {
285 createChain(OVPNORANGE
);
286 createChainReference(OVPNORANGE
);
288 fprintf(stderr
, "OpenVPN enabled on orange but no orange interface found\n");
293 if (!strcmp(enableblue
, "on")) {
294 if (strlen(blueif
)) {
295 createChain(OVPNBLUE
);
296 createChainReference(OVPNBLUE
);
298 fprintf(stderr
, "OpenVPN enabled on blue but no blue interface found\n");
303 if (!strcmp(enablered
, "on")) {
305 createChain(OVPNRED
);
306 createChainReference(OVPNRED
);
308 fprintf(stderr
, "OpenVPN enabled on red but no red interface found\n");
315 void setFirewallRules(void) {
316 char protocol
[STRING_SIZE
] = "";
317 char dport
[STRING_SIZE
] = "";
318 char dovpnip
[STRING_SIZE
] = "";
320 /* check if it makes sence to proceed further */
321 if (!((strcmp(enablered
, "on")==0) || (strcmp(enableblue
, "on")==0) || (strcmp(enableorange
, "on")==0))){
322 fprintf(stderr
, "Config error, at least one device must be enabled\n");
326 kv
= initkeyvalues();
327 if (!readkeyvalues(kv
, CONFIG_ROOT
"/ovpn/settings"))
329 fprintf(stderr
, "Cannot read ovpn settings\n");
333 /* we got one device, so lets proceed further */
334 if (!findkey(kv
, "DDEST_PORT", dport
)){
335 fprintf(stderr
, "Cannot read DDEST_PORT\n");
339 if (!findkey(kv
, "DPROTOCOL", protocol
)){
340 fprintf(stderr
, "Cannot read DPROTOCOL\n");
344 if (!findkey(kv
, "VPN_IP", dovpnip
)){
345 fprintf(stderr
, "Cannot read VPN_IP\n");
346 // exit(1); step further as we don't need an ip
350 // set firewall rules
351 if (!strcmp(enablered
, "on") && strlen(redif
))
352 setChainRules(OVPNRED
, redif
, protocol
, dport
);
353 if (!strcmp(enableblue
, "on") && strlen(blueif
))
354 setChainRules(OVPNBLUE
, blueif
, protocol
, dport
);
355 if (!strcmp(enableorange
, "on") && strlen(orangeif
))
356 setChainRules(OVPNORANGE
, orangeif
, protocol
, dport
);
359 void stopDaemon(void) {
360 char command
[STRING_SIZE
];
362 snprintf(command
, STRING_SIZE
- 1, "/bin/killall openvpn");
363 executeCommand(command
);
364 snprintf(command
, STRING_SIZE
- 1, "/bin/rm -f /var/run/openvpn.pid");
365 executeCommand(command
);
368 void startDaemon(void) {
369 char command
[STRING_SIZE
];
371 if (!((strcmp(enablered
, "on")==0) || (strcmp(enableblue
, "on")==0) || (strcmp(enableorange
, "on")==0))){
372 fprintf(stderr
, "OpenVPN is not enabled on any interface\n");
375 snprintf(command
, STRING_SIZE
-1, "/usr/sbin/openvpn --config /var/ipfire/ovpn/server.conf");
376 executeCommand(command
);
380 void displayopenvpn(void) {
381 char command
[STRING_SIZE
];
383 snprintf(command
, STRING_SIZE
- 1, "/bin/killall -sSIGUSR2 openvpn");
384 executeCommand(command
);
387 int main(int argc
, char *argv
[]) {
394 if( (strcmp(argv
[1], "-k") == 0) || (strcmp(argv
[1], "--kill") == 0) ) {
398 else if( (strcmp(argv
[1], "-d") == 0) || (strcmp(argv
[1], "--display") == 0) ) {
402 else if( (strcmp(argv
[1], "-dcr") == 0) || (strcmp(argv
[1], "--delete-chains-and-rules") == 0) ) {
409 if( (strcmp(argv
[1], "-s") == 0) || (strcmp(argv
[1], "--start") == 0) ) {
416 else if( (strcmp(argv
[1], "-sdo") == 0) || (strcmp(argv
[1], "--start-daemon-only") == 0) ) {
420 else if( (strcmp(argv
[1], "-r") == 0) || (strcmp(argv
[1], "--restart") == 0) ) {
428 else if( (strcmp(argv
[1], "-fwr") == 0) || (strcmp(argv
[1], "--firewall-rules") == 0) ) {
434 else if( (strcmp(argv
[1], "-ccr") == 0) || (strcmp(argv
[1], "--create-chains-and-rules") == 0) ) {