This makes sure, that all rules (esp. for new connections) are up
and running.
char OVPNRED[STRING_SIZE] = "OVPN";
char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_";
char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_";
char OVPNRED[STRING_SIZE] = "OVPN";
char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_";
char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_";
-char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.1.0";
+char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.1.1";
struct connection_struct {
char name[STRING_SIZE];
struct connection_struct {
char name[STRING_SIZE];
void usage(void)
{
#ifdef ovpndebug
void usage(void)
{
#ifdef ovpndebug
- printf("Wrapper for OpenVPN v%s-debug\n", WRAPPERVERSION);
+ printf("Wrapper for OpenVPN %s-debug\n", WRAPPERVERSION);
- printf("Wrapper for OpenVPN v%s\n", WRAPPERVERSION);
+ printf("Wrapper for OpenVPN %s\n", WRAPPERVERSION);
#endif
printf("openvpnctrl <option>\n");
printf(" Valid options are:\n");
#endif
printf("openvpnctrl <option>\n");
printf(" Valid options are:\n");
void setChainRules(char *chain, char *interface, char *protocol, char *port)
{
char str[STRING_SIZE];
void setChainRules(char *chain, char *interface, char *protocol, char *port)
{
char str[STRING_SIZE];
sprintf(str, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %s -j ACCEPT", chain, interface, protocol, port);
executeCommand(str);
sprintf(str, "/sbin/iptables -A %sINPUT -i tun+ -j ACCEPT", chain);
sprintf(str, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %s -j ACCEPT", chain, interface, protocol, port);
executeCommand(str);
sprintf(str, "/sbin/iptables -A %sINPUT -i tun+ -j ACCEPT", chain);
// read connection configuration
connection *conn = getConnections();
// read connection configuration
connection *conn = getConnections();
+ // Flush all chains.
+ flushChain(OVPNRED);
+ flushChain(OVPNBLUE);
+ flushChain(OVPNORANGE);
+
// set firewall rules
if (!strcmp(enablered, "on") && strlen(redif))
setChainRules(OVPNRED, redif, protocol, dport);
// set firewall rules
if (!strcmp(enablered, "on") && strlen(redif))
setChainRules(OVPNRED, redif, protocol, dport);
setChainRules(OVPNORANGE, orangeif, protocol, dport);
// set firewall rules for n2n connections
setChainRules(OVPNORANGE, orangeif, protocol, dport);
// set firewall rules for n2n connections
- char port[STRING_SIZE];
while (conn) {
sprintf(port, "%d", conn->port);
while (conn) {
sprintf(port, "%d", conn->port);
- setChainRules(OVPNRED, redif, &conn->proto, &port);
+ setChainRules(OVPNRED, redif, conn->proto, port);
+ // Make sure all firewall rules are up to date.
+ setFirewallRules();
+
char command[STRING_SIZE];
sprintf(command, "/usr/sbin/openvpn --config " CONFIG_ROOT "/ovpn/n2nconf/%s/%s.conf", conn->name, conn->name);
executeCommand(command);
char command[STRING_SIZE];
sprintf(command, "/usr/sbin/openvpn --config " CONFIG_ROOT "/ovpn/n2nconf/%s/%s.conf", conn->name, conn->name);
executeCommand(command);
projects / ipfire-2.x.git / commitdiff
