From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 23 Mar 2024 14:03:36 +0000 (+0100)
Subject: openvpnctrl: Rewrite the entire thing
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3fc65c5c1981f11a241c76b33eef75d922f423db;p=people%2Fms%2Fipfire-2.x.git

openvpnctrl: Rewrite the entire thing

This binary because a major headache as it has been changed so many
times by so many people neglegting the code quality. Therefore, the
logic has now been moved into initscripts and the binary changed so that
it only serves as a SUID wrapper to call the initscripts.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index a79ed4d44..b5a8fd6df 100755
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -936,10 +936,10 @@ sub writecollectdconf {
 ###
 
 if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'}) {
-	&General::system("/usr/local/bin/openvpnctrl", "-s");
+	&General::system("/usr/local/bin/openvpnctrl", "rw", "start");
 
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'}) {
-	&General::system("/usr/local/bin/openvpnctrl", "-k");
+	&General::system("/usr/local/bin/openvpnctrl", "rw", "stop");
 }
 
 ###
@@ -1399,8 +1399,8 @@ SETTINGS_ERROR:
     my $file = '';
     &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
-    # Kill all N2N connections
-    &General::system("/usr/local/bin/openvpnctrl", "-kn2n");
+    # Stop all N2N connections
+    &General::system("/usr/local/bin/openvpnctrl", "n2n", "stop");
 
     foreach my $key (keys %confighash) {
 	my $name = $confighash{$cgiparams{'$key'}}[1];
@@ -1409,7 +1409,7 @@ SETTINGS_ERROR:
 	    delete $confighash{$cgiparams{'$key'}};
 	}
 
-	&General::system("/usr/local/bin/openvpnctrl", "-drrd", "$name");
+	&General::system("/usr/local/bin/openvpnctrl", "n2n", "delete", "$name");
     }
     while ($file = glob("${General::swroot}/ovpn/ca/*")) {
 	unlink $file;
@@ -2167,7 +2167,7 @@ END
 			&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
 			if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
-				&General::system("/usr/local/bin/openvpnctrl", "-sn2n", "$confighash{$cgiparams{'KEY'}}[1]");
+				&General::system("/usr/local/bin/openvpnctrl", "n2n", "start", "$confighash{$cgiparams{'KEY'}}[1]");
 				&writecollectdconf();
 			}
 		} else {
@@ -2177,7 +2177,7 @@ END
 
 			if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
 				if ($n2nactive ne '') {
-					&General::system("/usr/local/bin/openvpnctrl", "-kn2n", "$confighash{$cgiparams{'KEY'}}[1]");
+					&General::system("/usr/local/bin/openvpnctrl", "n2n", "stop", "$confighash{$cgiparams{'KEY'}}[1]");
 					&writecollectdconf();
 				}
 			}
@@ -2535,7 +2535,7 @@ else
 
 		if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
 			# Stop the N2N connection before it is removed
-			&General::system("/usr/local/bin/openvpnctrl", "-kn2n", "$confighash{$cgiparams{'KEY'}}[1]");
+			&General::system("/usr/local/bin/openvpnctrl", "n2n", "stop", "$confighash{$cgiparams{'KEY'}}[1]");
 
 			my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
 			my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
@@ -2576,7 +2576,7 @@ else
 
 		# Update collectd configuration and delete all RRD files of the removed connection
 		&writecollectdconf();
-		&General::system("/usr/local/bin/openvpnctrl", "-drrd", "$confighash{$cgiparams{'KEY'}}[1]");
+		&General::system("/usr/local/bin/openvpnctrl", "n2n", "delete", "$confighash{$cgiparams{'KEY'}}[1]");
 
 		delete $confighash{$cgiparams{'KEY'}};
 		&General::system("/usr/bin/openssl", "ca", "-gencrl", "-out", "${General::swroot}/ovpn/crls/cacrl.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf");
@@ -4548,7 +4548,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
 	if ($cgiparams{'TYPE'} eq 'net') {
 
 		if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
-			&General::system("/usr/local/bin/openvpnctrl", "-kn2n", "$confighash{$cgiparams{'KEY'}}[1]");
+			&General::system("/usr/local/bin/openvpnctrl", "n2n", "stop", "$confighash{$cgiparams{'KEY'}}[1]");
 
 			&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 			my $key = $cgiparams{'KEY'};
@@ -4562,7 +4562,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
 			$confighash{$key}[0] = 'on';
 			&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
-			&General::system("/usr/local/bin/openvpnctrl", "-sn2n", "$confighash{$cgiparams{'KEY'}}[1]");
+			&General::system("/usr/local/bin/openvpnctrl", "n2n", "start", "$confighash{$cgiparams{'KEY'}}[1]");
 		}
 	}
 
diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index cb5855015..cd2a9ca4d 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -1,647 +1,41 @@
-#define _XOPEN_SOURCE 500
-#include <signal.h>
+/* This file is part of the IPFire Firewall.
+ *
+ * This program is distributed under the terms of the GNU General Public
+ * Licence.  See the file COPYING for details.
+ *
+ */
+
 #include <stdio.h>
 #include <string.h>
-#include <unistd.h>
-#include <stdlib.h>
-#include <sys/types.h>
-#include <arpa/inet.h>
-#include <netinet/in.h>
-#include <fcntl.h>
-#include <ftw.h>
-#include "setuid.h"
-#include "netutil.h"
-#include "libsmooth.h"
-
-#define noovpndebug
-
-// global vars
-	struct keyvalue *kv = NULL;
-
-// consts
-char OVPNINPUT[STRING_SIZE] = "OVPNINPUT";
-char OVPNBLOCK[STRING_SIZE] = "OVPNBLOCK";
-char OVPNNAT[STRING_SIZE] = "OVPNNAT";
-char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.2.4";
-
-struct connection_struct {
-	char name[STRING_SIZE];
-	char type[STRING_SIZE];
-	char proto[STRING_SIZE];
-	char status[STRING_SIZE];
-	char local_subnet[STRING_SIZE];
-	char transfer_subnet[STRING_SIZE];
-	char role[STRING_SIZE];
-	char port[STRING_SIZE];
-	struct connection_struct *next;
-};
-
-typedef struct connection_struct connection;
-
-static int recursive_remove_callback(const char* fpath, const struct stat* sb, int typeflag, struct FTW* ftwbuf) {
-	int rv = remove(fpath);
-	if (rv)
-		perror(fpath);
-
-	return rv;
-}
-
-static int recursive_remove(const char* path) {
-	return nftw(path, recursive_remove_callback, 64, FTW_DEPTH | FTW_PHYS);
-}
-
-void exithandler(void)
-{
-	if(kv)
-		freekeyvalues(kv);
-	if (ifacefile)
-		fclose(ifacefile);
-}
-
-void usage(void)
-{
-#ifdef ovpndebug
-	printf("Wrapper for OpenVPN %s-debug\n", WRAPPERVERSION);
-#else
-	printf("Wrapper for OpenVPN %s\n", WRAPPERVERSION);
-#endif
-	printf("openvpnctrl <option>\n");
-	printf(" Valid options are:\n");
-	printf(" -s   --start\n");
-	printf("      starts OpenVPN (implicitly creates chains and firewall rules)\n");
-	printf(" -k   --kill\n");
-	printf("      kills/stops OpenVPN\n");
-	printf(" -r   --restart\n");
-	printf("      restarts OpenVPN (implicitly creates chains and firewall rules)\n");
-	printf(" -sn2n --start-net-2-net\n");
-	printf("      starts all net2net connections\n");
-	printf("      you may pass a connection name to the switch to only start a specific one\n");
-	printf(" -kn2n --kill-net-2-net\n");
-	printf("      kills all net2net connections\n");
-	printf("      you may pass a connection name to the switch to only start a specific one\n");
-	printf(" -drrd --delete-rrd\n");
-	printf("      Deletes the RRD data for a specific client\n");
-	printf("      you need to pass a connection name (RW) to the switch to delete the directory (case sensitive)\n");
-	printf(" -d   --display\n");
-	printf("      displays OpenVPN status to syslog\n");
-	printf(" -fwr --firewall-rules\n");
-	printf("      removes current OpenVPN chains and rules and resets them according to the config\n");
-	printf(" -sdo --start-daemon-only\n");
-	printf("      starts OpenVPN daemon only\n");
-	exit(1);
-}
-
-connection *getConnections() {
-	FILE *fp = NULL;
-
-	if (!(fp = fopen(CONFIG_ROOT "/ovpn/ovpnconfig", "r"))) {
-		fprintf(stderr, "Could not open openvpn n2n configuration file.\n");
-		exit(1);
-	}
-
-	char line[STRING_SIZE] = "";
-	char result[STRING_SIZE] = "";
-	char *resultptr;
-	int count;
-	connection *conn_first = NULL;
-	connection *conn_last = NULL;
-	connection *conn_curr;
-
-	while ((fgets(line, STRING_SIZE, fp) != NULL)) {
-		if (line[strlen(line) - 1] == '\n')
-			line[strlen(line) - 1] = '\0';
 
-		conn_curr = (connection *)malloc(sizeof(connection));
-		memset(conn_curr, 0, sizeof(connection));
-
-		if (conn_first == NULL) {
-			conn_first = conn_curr;
-		} else {
-			conn_last->next = conn_curr;
-		}
-		conn_last = conn_curr;
-
-		count = 0;
-		char *lineptr = &line;
-		while (1) {
-			if (*lineptr == NULL)
-				break;
-
-			resultptr = result;
-			while (*lineptr != NULL) {
-				if (*lineptr == ',') {
-					lineptr++;
-					break;
-				}
-				*resultptr++ = *lineptr++;
-			}
-			*resultptr = '\0';
-
-			if (count == 1) {
-				strcpy(conn_curr->status, result);
-			} else if (count == 2) {
-				strcpy(conn_curr->name, result);
-			} else if (count == 4) {
-				strcpy(conn_curr->type, result);
-			} else if (count == 7) {
-				strcpy(conn_curr->role, result);
-			} else if (count == 9) {
-				strcpy(conn_curr->local_subnet, result);
-			} else if (count == 28) {
-				strcpy(conn_curr->transfer_subnet, result);
-			} else if (count == 29) {
-				strcpy(conn_curr->proto, result);
-			} else if (count == 30) {
-				strcpy(conn_curr->port, result);
-			}
-
-			count++;
-		}
-	}
-
-	fclose(fp);
-
-	return conn_first;
-}
-
-int readPidFile(const char *pidfile) {
-	FILE *fp = fopen(pidfile, "r");
-	if (fp == NULL) {
-		exit(1);
-	}
-
-	int pid = 0;
-	fscanf(fp, "%d", &pid);
-	fclose(fp);
-
-	return pid;
-}
-
-int readExternalAddress(char* address) {
-	FILE *fp = fopen("/var/ipfire/red/local-ipaddress", "r");
-	if (!fp)
-		goto ERROR;
-
-	int r = fscanf(fp, "%s", address);
-	fclose(fp);
-
-	if (r < 0)
-		goto ERROR;
-
-	/* In case the read IP address is not valid, we empty
-	 * the content of address and return non-zero. */
-	if (!VALID_IP(address))
-		goto ERROR;
-
-	return 0;
-
-ERROR:
-	address = NULL;
-	return 1;
-}
+#include "setuid.h"
 
-void ovpnInit(void) {
-	// Read OpenVPN configuration
-	kv = initkeyvalues();
+int main(int argc, char** argv) {
+	const char* command = NULL;
 
-	if (!readkeyvalues(kv, CONFIG_ROOT "/ovpn/settings")) {
-		fprintf(stderr, "Cannot read ovpn settings\n");
+	// Become root
+	if (!initsetuid())
 		exit(1);
-	}
 
-	if (!findkey(kv, "ENABLED", enabled)) {
-		fprintf(stderr, "Could not read ENABLED key\n");
+	// Check if we have enough arguments
+	if (argc < 2) {
+		fprintf(stderr, "\nNot enough arguments.\n\n");
 		exit(1);
 	}
 
-	freekeyvalues(kv);
-}
-
-void executeCommand(char *command) {
-#ifdef ovpndebug
-	printf(strncat(command, "\n", 2));
-#endif
-	safe_system(strncat(command, " >/dev/null 2>&1", 17));
-}
-
-void addRule(const char *chain, const char *protocol, const char *port) {
-	char command[STRING_SIZE];
-
-	snprintf(command, STRING_SIZE - 1,
-		"/sbin/iptables -A %s -p %s --dport %s -j ACCEPT", chain, protocol, port);
-	executeCommand(command);
-}
-
-void flushChain(char *chain) {
-	char str[STRING_SIZE];
-
-	snprintf(str, STRING_SIZE - 1, "/sbin/iptables -F %s", chain);
-	executeCommand(str);
-}
-
-void flushChainNAT(char *chain) {
-	char str[STRING_SIZE];
-
-	snprintf(str, STRING_SIZE - 1, "/sbin/iptables -t nat -F %s", chain);
-	executeCommand(str);
-}
-
-char* calcTransferNetAddress(const connection* conn) {
-	char *subnetmask = strdup(conn->transfer_subnet);
-	char *address = strsep(&subnetmask, "/");
-
-	if ((address == NULL) || (subnetmask == NULL)) {
-		goto ERROR;
-	}
+	// Roadwarrior
+	if (strcmp(argv[1], "rw") == 0) {
+		command = "/etc/rc.d/init.d/openvpn-rw";
 
-	in_addr_t _address    = inet_addr(address);
-	in_addr_t _subnetmask = inet_addr(subnetmask);
-	_address &= _subnetmask;
+	// N2N
+	} else if (strcmp(argv[1], "n2n") == 0) {
+		command = "/etc/rc.d/init.d/openvpn-n2n";
 
-	if (strcmp(conn->role, "server") == 0) {
-		_address += 1 << 24;
-	} else if (strcmp(conn->role, "client") == 0) {
-		_address += 2 << 24;
+	// Unknown
 	} else {
-		goto ERROR;
-	}
-
-	struct in_addr address_info;
-	address_info.s_addr = _address;
-
-	return inet_ntoa(address_info);
-
-ERROR:
-	fprintf(stderr, "Could not determine transfer net address: %s\n", conn->name);
-
-	free(address);
-	return NULL;
-}
-
-char* getLocalSubnetAddress(const connection* conn) {
-	kv = initkeyvalues();
-	if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")) {
-		fprintf(stderr, "Cannot read ethernet settings\n");
-		exit(1);
-	}
-
-	const char *zones[] = {"GREEN", "BLUE", "ORANGE", NULL};
-	char *zone = NULL;
-
-	// Get net address of the local openvpn subnet.
-	char *subnetmask = strdup(conn->local_subnet);
-	char *address = strsep(&subnetmask, "/");
-
-	if ((address == NULL) || (subnetmask == NULL)) {
-		goto ERROR;
-	}
-
-	in_addr_t _address    = inet_addr(address);
-	in_addr_t _subnetmask = inet_addr(subnetmask);
-
-	in_addr_t _netaddr    = (_address &  _subnetmask);
-	in_addr_t _broadcast  = (_address | ~_subnetmask);
-
-	char zone_address_key[STRING_SIZE];
-	char zone_address[STRING_SIZE];
-	in_addr_t zone_addr;
-
-	int i = 0;
-	while (zones[i]) {
-		zone = zones[i++];
-		snprintf(zone_address_key, STRING_SIZE, "%s_ADDRESS", zone);
-
-		if (!findkey(kv, zone_address_key, zone_address))
-			continue;
-
-		zone_addr = inet_addr(zone_address);
-		if ((zone_addr > _netaddr) && (zone_addr < _broadcast)) {
-			freekeyvalues(kv);
-
-			return strdup(zone_address);
-		}
-	}
-
-ERROR:
-	fprintf(stderr, "Could not determine local subnet address: %s\n", conn->name);
-
-	freekeyvalues(kv);
-	return NULL;
-}
-
-void setFirewallRules(void) {
-	char command[STRING_SIZE];
-	char protocol[STRING_SIZE] = "";
-	char dport[STRING_SIZE] = "";
-	char dovpnip[STRING_SIZE] = "";
-
-	kv = initkeyvalues();
-	if (!readkeyvalues(kv, CONFIG_ROOT "/ovpn/settings"))
-	{
-		fprintf(stderr, "Cannot read ovpn settings\n");
+		fprintf(stderr, "Invalid connection type '%s'\n", argv[1]);
 		exit(1);
 	}
 
-	/* we got one device, so lets proceed further	*/
-	if (!findkey(kv, "DDEST_PORT", dport)){
-		fprintf(stderr, "Cannot read DDEST_PORT\n");
-		exit(1);
-	}
-
-	if (!findkey(kv, "DPROTOCOL", protocol)){
-		fprintf(stderr, "Cannot read DPROTOCOL\n");
-		exit(1);
-	}
-
-	if (!findkey(kv, "VPN_IP", dovpnip)){
-		fprintf(stderr, "Cannot read VPN_IP\n");
-	}
-	freekeyvalues(kv);
-
-	// Flush all chains.
-	flushChain(OVPNINPUT);
-	flushChain(OVPNBLOCK);
-	flushChainNAT(OVPNNAT);
-
-	// set firewall rules
-	if (strcmp(enabled, "on") == 0)
-		addRule(OVPNINPUT, protocol, dport);
-
-	/* Allow ICMP error messages to pass. */
-	snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A %s -p icmp"
-		" -m conntrack --ctstate RELATED -j RETURN", OVPNBLOCK);
-	executeCommand(command);
-
-	// read connection configuration
-	connection *conn = getConnections();
-
-	// set firewall rules for n2n connections
-	char *local_subnet_address = NULL;
-	char *transfer_subnet_address = NULL;
-	while (conn != NULL) {
-		if (strcmp(conn->type, "net") == 0) {
-			addRule(OVPNINPUT, conn->proto, conn->port);
-
-			/* Block all communication from the transfer nets. */
-			snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A %s -s %s -j DROP",
-				OVPNBLOCK, conn->transfer_subnet);
-			executeCommand(command);
-
-			local_subnet_address = getLocalSubnetAddress(conn);
-			transfer_subnet_address = calcTransferNetAddress(conn);
-
-			if ((local_subnet_address) && (transfer_subnet_address)) {
-				snprintf(command, STRING_SIZE - 1, "/sbin/iptables -t nat -A %s -s %s -j SNAT --to-source %s",
-					OVPNNAT, transfer_subnet_address, local_subnet_address);
-				executeCommand(command);
-			}
-		}
-
-		conn = conn->next;
-	}
-}
-
-int startNet2Net(char *name) {
-	connection *conn = NULL;
-	connection *conn_iter;
-
-	conn_iter = getConnections();
-
-	while (conn_iter) {
-		if ((strcmp(conn_iter->type, "net") == 0) && (strcmp(conn_iter->name, name) == 0)) {
-			conn = conn_iter;
-			break;
-		}
-		conn_iter = conn_iter->next;
-	}
-
-	if (conn == NULL) {
-		fprintf(stderr, "Connection not found.\n");
-		return 1;
-	}
-
-	if (strcmp(conn->status, "on") != 0) {
-		fprintf(stderr, "Connection '%s' is not enabled.\n", conn->name);
-		return 1;
-	}
-
-	fprintf(stderr, "Starting connection %s...\n", conn->name);
-
-	char configfile[STRING_SIZE];
-	snprintf(configfile, STRING_SIZE - 1, CONFIG_ROOT "/ovpn/n2nconf/%s/%s.conf",
-		conn->name, conn->name);
-
-	FILE *fp = fopen(configfile, "r");
-	if (fp == NULL) {
-		fprintf(stderr, "Could not find configuration file for connection '%s' at '%s'.\n",
-			conn->name, configfile);
-		return 2;
-	}
-	fclose(fp);
-
-	// Make sure all firewall rules are up to date.
-	setFirewallRules();
-
-	// Get the external IP address.
-	char address[STRING_SIZE] = "";
-	int r = readExternalAddress(address);
-	if (r) {
-		fprintf(stderr, "Could not read the external address\n");
-		exit(1);
-	}
-
-	char command[STRING_SIZE];
-	snprintf(command, STRING_SIZE-1, "/sbin/modprobe tun");
-	executeCommand(command);
-	snprintf(command, STRING_SIZE-1, "/usr/sbin/openvpn --local %s --config %s", address, configfile);
-	executeCommand(command);
-
-	return 0;
+	return run(command, argv + 2);
 }
-
-int killNet2Net(char *name) {
-	connection *conn = NULL;
-	connection *conn_iter;
-	int rc = 0;
-
-	conn_iter = getConnections();
-
-	while (conn_iter) {
-		if (strcmp(conn_iter->name, name) == 0) {
-			conn = conn_iter;
-			break;
-		}
-		conn_iter = conn_iter->next;
-	}
-
-	if (conn == NULL) {
-		fprintf(stderr, "Connection not found.\n");
-		return 1;
-	}
-
-	char pidfile[STRING_SIZE];
-	snprintf(pidfile, STRING_SIZE - 1, "/var/run/%sn2n.pid", conn->name);
-
-	int pid = readPidFile(pidfile);
-	if (!pid > 0) {
-		fprintf(stderr, "Could not read pid file of connection %s.", conn->name);
-		return 1;
-	}
-
-	fprintf(stderr, "Killing connection %s (PID %d)...\n", conn->name, pid);
-	kill(pid, SIGTERM);
-
-	char command[STRING_SIZE];
-	snprintf(command, STRING_SIZE - 1, "/bin/rm -f %s", pidfile);
-	executeCommand(command);
-
-	char runfile[STRING_SIZE];
-	snprintf(runfile, STRING_SIZE - 1, "/var/run/openvpn/%s-n2n", conn->name);
-	rc = recursive_remove(runfile);
-	if (rc)
-		perror(runfile);
-
-	return 0;
-}
-
-int deleterrd(char *name) {
-	char rrd_dir[STRING_SIZE];
-
-	connection *conn = getConnections();
-	while(conn) {
-		if (strcmp(conn->name, name) != 0) {
-			conn = conn->next;
-			continue;
-		}
-
-		// Handle RW connections
-		if (strcmp(conn->type, "host") == 0) {
-			snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s/", name);
-
-		// Handle N2N connections
-		} else if (strcmp(conn->type, "net") == 0) {
-			snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s-n2n/", name);
-
-		// Unhandled connection type
-		} else {
-			conn = conn->next;
-			continue;
-		}
-
-		return recursive_remove(rrd_dir);
-	}
-
-	return 1;
-}
-
-void startAllNet2Net() {
-	int exitcode = 0, _exitcode = 0;
-
-	connection *conn = getConnections();
-
-	while(conn) {
-		/* Skip all connections that are not of type "net" or disabled. */
-		if ((strcmp(conn->type, "net") != 0) || (strcmp(conn->status, "on") != 0)) {
-			conn = conn->next;
-			continue;
-		}
-
-		_exitcode = startNet2Net(conn->name);
-		conn = conn->next;
-
-		if (_exitcode > exitcode) {
-			exitcode = _exitcode;
-		}
-	}
-
-	exit(exitcode);
-}
-
-void killAllNet2Net() {
-	int exitcode = 0, _exitcode = 0;
-
-	connection *conn = getConnections();
-
-	while(conn) {
-		/* Skip all connections that are not of type "net". */
-		if (strcmp(conn->type, "net") != 0) {
-			conn = conn->next;
-			continue;
-		}
-
-		_exitcode = killNet2Net(conn->name);
-		conn = conn->next;
-
-		if (_exitcode > exitcode) {
-			exitcode = _exitcode;
-		}
-	}
-
-	exit(exitcode);
-}
-
-void displayopenvpn(void) {
-	char command[STRING_SIZE];
-
-	snprintf(command, STRING_SIZE - 1, "/bin/killall -sSIGUSR2 openvpn");
-	executeCommand(command);
-}
-
-int main(int argc, char *argv[]) {
-	if (!(initsetuid()))
-	    exit(1);
-	if(argc < 2)
-	    usage();
-
-	if(argc == 3) {
-		ovpnInit();
-
-		if( (strcmp(argv[1], "-sn2n") == 0) || (strcmp(argv[1], "--start-net-2-net") == 0) ) {
-			startNet2Net(argv[2]);
-			return 0;
-		}
-		else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) {
-			killNet2Net(argv[2]);
-			return 0;
-		}
-		else if( (strcmp(argv[1], "-drrd") == 0) || (strcmp(argv[1], "--delete-rrd") == 0) ) {
-			deleterrd(argv[2]);
-			return 0;
-		} else {
-			usage();
-			return 1;
-		}
-	}
-	else if(argc == 2) {
-		else if( (strcmp(argv[1], "-d") == 0) || (strcmp(argv[1], "--display") == 0) ) {
-			displayopenvpn();
-			return 0;
-		}
-		else {
-			ovpnInit();
-
-			if( (strcmp(argv[1], "-sn2n") == 0) || (strcmp(argv[1], "--start-net-2-net") == 0) ) {
-				startAllNet2Net();
-				return 0;
-			}
-			else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) {
-				killAllNet2Net();
-				return 0;
-			}
-			else if( (strcmp(argv[1], "-fwr") == 0) || (strcmp(argv[1], "--firewall-rules") == 0) ) {
-				setFirewallRules();
-				return 0;
-			}
-			else {
-				usage();
-				return 0;
-			}
-		}
-	}
-	else {
-		usage();
-		return 0;
-	}
-return 0;
-}
-