printf(" -kn2n --kill-net-2-net\n");
printf(" kills all net2net connections\n");
printf(" you may pass a connection name to the switch to only start a specific one\n");
+ printf(" -drrd --delete-rrd\n");
+ printf(" Deletes the RRD data for a specific client\n");
+ printf(" you need to pass a connection name (RW) to the switch to delete the directory (case sensitive)\n");
printf(" -d --display\n");
printf(" displays OpenVPN status to syslog\n");
printf(" -fwr --firewall-rules\n");
return pid;
}
+int readExternalAddress(char* address) {
+ FILE *fp = fopen("/var/ipfire/red/local-ipaddress", "r");
+ if (!fp)
+ goto ERROR;
+
+ int r = fscanf(fp, "%s", address);
+ fclose(fp);
+
+ if (r < 0)
+ goto ERROR;
+
+ /* In case the read IP address is not valid, we empty
+ * the content of address and return non-zero. */
+ if (!VALID_IP(address))
+ goto ERROR;
+
+ return 0;
+
+ERROR:
+ address = NULL;
+ return 1;
+}
+
void ovpnInit(void) {
// Read OpenVPN configuration
kv = initkeyvalues();
}
void setFirewallRules(void) {
+ char command[STRING_SIZE];
char protocol[STRING_SIZE] = "";
char dport[STRING_SIZE] = "";
char dovpnip[STRING_SIZE] = "";
if (!strcmp(enableorange, "on") && strlen(orangeif))
addRule(OVPNINPUT, orangeif, protocol, dport);
+ /* Allow ICMP error messages to pass. */
+ snprintf(command, STRING_SIZE - 1, "/sbin/iptables -A %s -p icmp"
+ " -m conntrack --ctstate RELATED -j RETURN", OVPNBLOCK);
+ executeCommand(command);
+
// read connection configuration
connection *conn = getConnections();
// set firewall rules for n2n connections
- char command[STRING_SIZE];
char *local_subnet_address = NULL;
char *transfer_subnet_address = NULL;
while (conn != NULL) {
// Make sure all firewall rules are up to date.
setFirewallRules();
+ // Get the external IP address.
+ char address[STRING_SIZE] = "";
+ int r = readExternalAddress(address);
+ if (r) {
+ fprintf(stderr, "Could not read the external address\n");
+ exit(1);
+ }
+
char command[STRING_SIZE];
snprintf(command, STRING_SIZE-1, "/sbin/modprobe tun");
executeCommand(command);
- snprintf(command, STRING_SIZE-1, "/usr/sbin/openvpn --config %s", configfile);
+ snprintf(command, STRING_SIZE-1, "/usr/sbin/openvpn --local %s --config %s", address, configfile);
executeCommand(command);
return 0;
return 0;
}
+int deleterrd(char *name) {
+ connection *conn = getConnections();
+
+ char rrd_file[STRING_SIZE];
+ snprintf(rrd_file, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s/if_octets.rrd", name);
+
+ char rrd_dir[STRING_SIZE];
+ snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s", name);
+
+ while(conn) {
+ /* Find only RW-Connections with the given name. */
+ if (((strcmp(conn->type, "host") == 0) && (strcmp(conn->name, name) == 0))) {
+ remove(rrd_file);
+ remove(rrd_dir);
+ return 0;
+ }
+ conn = conn->next;
+ }
+
+ return 1;
+}
+
void startAllNet2Net() {
int exitcode = 0, _exitcode = 0;
else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) {
killNet2Net(argv[2]);
return 0;
+ }
+ else if( (strcmp(argv[1], "-drrd") == 0) || (strcmp(argv[1], "--delete-rrd") == 0) ) {
+ deleterrd(argv[2]);
+ return 0;
} else {
usage();
return 1;
projects / ipfire-2.x.git / blobdiff