X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=src%2Fmisc-progs%2Fopenvpnctrl.c;h=462ce77cce0b99019a09cc8c3df75161b5e94924;hb=ba2a22487ae87281a33805827ec174d87b04c3fe;hp=2af537272b209fa73c5ff0355d9464946aa5dde9;hpb=5d4d41b18c80f236b4dc796e1394ef0035cb034d;p=ipfire-2.x.git diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c index 2af537272b..462ce77cce 100644 --- a/src/misc-progs/openvpnctrl.c +++ b/src/misc-progs/openvpnctrl.c @@ -168,6 +168,29 @@ int readPidFile(const char *pidfile) { return pid; } +int readExternalAddress(char* address) { + FILE *fp = fopen("/var/ipfire/red/local-ipaddress", "r"); + if (!fp) + goto ERROR; + + int r = fscanf(fp, "%s", address); + fclose(fp); + + if (r < 0) + goto ERROR; + + /* In case the read IP address is not valid, we empty + * the content of address and return non-zero. */ + if (!VALID_IP(address)) + goto ERROR; + + return 0; + +ERROR: + address = NULL; + return 1; +} + void ovpnInit(void) { // Read OpenVPN configuration kv = initkeyvalues(); @@ -342,6 +365,7 @@ ERROR: } void setFirewallRules(void) { + char command[STRING_SIZE]; char protocol[STRING_SIZE] = ""; char dport[STRING_SIZE] = ""; char dovpnip[STRING_SIZE] = ""; @@ -382,11 +406,15 @@ void setFirewallRules(void) { if (!strcmp(enableorange, "on") && strlen(orangeif)) addRule(OVPNINPUT, orangeif, protocol, dport); + /* Allow ICMP error messages to pass. */ + snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A %s -p icmp" + " -m conntrack --ctstate RELATED -j RETURN", OVPNBLOCK); + executeCommand(command); + // read connection configuration connection *conn = getConnections(); // set firewall rules for n2n connections - char command[STRING_SIZE]; char *local_subnet_address = NULL; char *transfer_subnet_address = NULL; while (conn != NULL) { @@ -482,10 +510,18 @@ int startNet2Net(char *name) { // Make sure all firewall rules are up to date. setFirewallRules(); + // Get the external IP address. + char address[STRING_SIZE] = ""; + int r = readExternalAddress(address); + if (r) { + fprintf(stderr, "Could not read the external address\n"); + exit(1); + } + char command[STRING_SIZE]; snprintf(command, STRING_SIZE-1, "/sbin/modprobe tun"); executeCommand(command); - snprintf(command, STRING_SIZE-1, "/usr/sbin/openvpn --config %s", configfile); + snprintf(command, STRING_SIZE-1, "/usr/sbin/openvpn --local %s --config %s", address, configfile); executeCommand(command); return 0;