]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blame - src/misc-progs/openvpnctrl.c
projects / people / teissler / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
probenic.sh: add usb support for kernel 3.10.
[people/teissler/ipfire-2.x.git] / src / misc-progs / openvpnctrl.c
CommitLineData
39877197 1#include <signal.h>
6e13d0a5
MT		 2#include <stdio.h>
3#include <string.h>
4#include <unistd.h>
5#include <stdlib.h>
6#include <sys/types.h>
3d1fbbb0
MT		 7#include <arpa/inet.h>
8#include <netinet/in.h>
6e13d0a5
MT		 9#include <fcntl.h>
10#include "setuid.h"
11#include "libsmooth.h"
12
c894a342 13#define noovpndebug
6e13d0a5
MT		 14
15// global vars
16 struct keyvalue *kv = NULL;
17 FILE *ifacefile = NULL;
18
19char redif[STRING_SIZE];
20char blueif[STRING_SIZE];
21char orangeif[STRING_SIZE];
22char enablered[STRING_SIZE] = "off";
23char enableblue[STRING_SIZE] = "off";
24char enableorange[STRING_SIZE] = "off";
25
26// consts
27char OVPNRED[STRING_SIZE] = "OVPN";
28char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_";
29char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_";
c31f18b6 30char OVPNBLOCK[STRING_SIZE] = "OVPNBLOCK";
3d1fbbb0
MT		 31char OVPNNAT[STRING_SIZE] = "OVPNNAT";
32char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.2.3";
6925b8ef
AF		 33
34struct connection_struct {
35 char name[STRING_SIZE];
91a0a221 36 char type[STRING_SIZE];
6925b8ef 37 char proto[STRING_SIZE];
99b01b84 38 char status[STRING_SIZE];
3d1fbbb0
MT		 39 char local_subnet[STRING_SIZE];
40 char transfer_subnet[STRING_SIZE];
41 char role[STRING_SIZE];
6925b8ef
AF		 42 int port;
43 struct connection_struct *next;
44};
45
46typedef struct connection_struct connection;
6e13d0a5
MT		 47
48void exithandler(void)
49{
50 if(kv)
51 freekeyvalues(kv);
52 if (ifacefile)
53 fclose(ifacefile);
54}
55
56void usage(void)
57{
58#ifdef ovpndebug
07081137 59 printf("Wrapper for OpenVPN %s-debug\n", WRAPPERVERSION);
6e13d0a5 60#else
07081137 61 printf("Wrapper for OpenVPN %s\n", WRAPPERVERSION);
6e13d0a5
MT		 62#endif
63 printf("openvpnctrl <option>\n");
64 printf(" Valid options are:\n");
65 printf(" -s --start\n");
66 printf(" starts OpenVPN (implicitly creates chains and firewall rules)\n");
67 printf(" -k --kill\n");
68 printf(" kills/stops OpenVPN\n");
69 printf(" -r --restart\n");
70 printf(" restarts OpenVPN (implicitly creates chains and firewall rules)\n");
64f0c354
MT		 71 printf(" -sn2n --start-net-2-net\n");
72 printf(" starts all net2net connections\n");
73 printf(" you may pass a connection name to the switch to only start a specific one\n");
74 printf(" -kn2n --kill-net-2-net\n");
75 printf(" kills all net2net connections\n");
76 printf(" you may pass a connection name to the switch to only start a specific one\n");
6e13d0a5
MT		 77 printf(" -d --display\n");
78 printf(" displays OpenVPN status to syslog\n");
79 printf(" -fwr --firewall-rules\n");
80 printf(" removes current OpenVPN chains and rules and resets them according to the config\n");
81 printf(" -sdo --start-daemon-only\n");
afabe9f7 82 printf(" starts OpenVPN daemon only\n");
6e13d0a5
MT		 83 printf(" -ccr --create-chains-and-rules\n");
84 printf(" creates chains and rules for OpenVPN\n");
85 printf(" -dcr --delete-chains-and-rules\n");
86 printf(" removes all chains for OpenVPN\n");
87 exit(1);
88}
89
6925b8ef
AF		 90connection *getConnections() {
91 FILE *fp = NULL;
92
93 if (!(fp = fopen(CONFIG_ROOT "/ovpn/ovpnconfig", "r"))) {
94 fprintf(stderr, "Could not open openvpn n2n configuration file.\n");
95 exit(1);
96 }
97
98 char line[STRING_SIZE] = "";
d4f2fb97
MT		 99 char result[STRING_SIZE] = "";
100 char *resultptr;
6925b8ef
AF		 101 int count;
102 connection *conn_first = NULL;
103 connection *conn_last = NULL;
104 connection *conn_curr;
105
106 while ((fgets(line, STRING_SIZE, fp) != NULL)) {
107 if (line[strlen(line) - 1] == '\n')
108 line[strlen(line) - 1] = '\0';
109
110 conn_curr = (connection *)malloc(sizeof(connection));
111 memset(conn_curr, 0, sizeof(connection));
112
113 if (conn_first == NULL) {
114 conn_first = conn_curr;
115 } else {
116 conn_last->next = conn_curr;
117 }
118 conn_last = conn_curr;
119
120 count = 0;
d4f2fb97
MT		 121 char *lineptr = &line;
122 while (1) {
123 if (*lineptr == NULL)
124 break;
125
126 resultptr = result;
127 while (*lineptr != NULL) {
128 if (*lineptr == ',') {
129 lineptr++;
130 break;
131 }
132 *resultptr++ = *lineptr++;
133 }
134 *resultptr = '\0';
135
99b01b84
MT		 136 if (count == 1) {
137 strcpy(conn_curr->status, result);
138 } else if (count == 2) {
6925b8ef 139 strcpy(conn_curr->name, result);
91a0a221
MT		 140 } else if (count == 4) {
141 strcpy(conn_curr->type, result);
3d1fbbb0
MT		 142 } else if (count == 7) {
143 strcpy(conn_curr->role, result);
144 } else if (count == 9) {
145 strcpy(conn_curr->local_subnet, result);
146 } else if (count == 28) {
147 strcpy(conn_curr->transfer_subnet, result);
d4f2fb97 148 } else if (count == 29) {
6925b8ef 149 strcpy(conn_curr->proto, result);
d4f2fb97 150 } else if (count == 30) {
6925b8ef
AF		 151 conn_curr->port = atoi(result);
152 }
153
6925b8ef
AF		 154 count++;
155 }
156 }
157
158 fclose(fp);
159
160 return conn_first;
161}
162
80ca8bd0
MT		 163int readPidFile(const char *pidfile) {
164 FILE *fp = fopen(pidfile, "r");
165 if (fp == NULL) {
166 fprintf(stderr, "PID file not found: '%s'\n", pidfile);
167 exit(1);
168 }
169
170 int pid = 0;
171 fscanf(fp, "%d", &pid);
172 fclose(fp);
173
174 return pid;
175}
176
6e13d0a5
MT		 177void ovpnInit(void) {
178
179 // Read OpenVPN configuration
180 kv = initkeyvalues();
181 if (!readkeyvalues(kv, CONFIG_ROOT "/ovpn/settings")) {
182 fprintf(stderr, "Cannot read ovpn settings\n");
183 exit(1);
184 }
185
186 if (!findkey(kv, "ENABLED", enablered)) {
187 fprintf(stderr, "Cannot read ENABLED\n");
188 exit(1);
189 }
190
191 if (!findkey(kv, "ENABLED_BLUE", enableblue)){
192 fprintf(stderr, "Cannot read ENABLED_BLUE\n");
193 exit(1);
194 }
195
196 if (!findkey(kv, "ENABLED_ORANGE", enableorange)){
197 fprintf(stderr, "Cannot read ENABLED_ORANGE\n");
198 exit(1);
199 }
200 freekeyvalues(kv);
201
202 // read interface settings
203
204 // details for the red int
205 memset(redif, 0, STRING_SIZE);
206 if ((ifacefile = fopen(CONFIG_ROOT "/red/iface", "r")))
207 {
208 if (fgets(redif, STRING_SIZE, ifacefile))
209 {
210 if (redif[strlen(redif) - 1] == '\n')
211 redif[strlen(redif) - 1] = '\0';
212 }
213 fclose (ifacefile);
214 ifacefile = NULL;
215
216 if (!VALID_DEVICE(redif))
217 {
218 memset(redif, 0, STRING_SIZE);
219 }
220 }
221
222 kv=initkeyvalues();
223 if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))
224 {
225 fprintf(stderr, "Cannot read ethernet settings\n");
226 exit(1);
227 }
228
229 if (strcmp(enableblue, "on")==0){
230 if (!findkey(kv, "BLUE_DEV", blueif)){
231 fprintf(stderr, "Cannot read BLUE_DEV\n");
232 exit(1);
233 }
234 }
235 if (strcmp(enableorange, "on")==0){
236 if (!findkey(kv, "ORANGE_DEV", orangeif)){
237 fprintf(stderr, "Cannot read ORNAGE_DEV\n");
238 exit(1);
239 }
240 }
241 freekeyvalues(kv);
242}
243
244void executeCommand(char *command) {
245#ifdef ovpndebug
246 printf(strncat(command, "\n", 2));
247#endif
248 safe_system(strncat(command, " >/dev/null 2>&1", 17));
249}
250
251void setChainRules(char *chain, char *interface, char *protocol, char *port)
252{
253 char str[STRING_SIZE];
07081137 254
6e13d0a5
MT		 255 sprintf(str, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %s -j ACCEPT", chain, interface, protocol, port);
256 executeCommand(str);
6e13d0a5
MT		 257}
258
259void flushChain(char *chain) {
260 char str[STRING_SIZE];
261
d2c4a3ca 262 sprintf(str, "/sbin/iptables -F %s", chain);
6e13d0a5 263 executeCommand(str);
6e13d0a5
MT		 264}
265
3d1fbbb0
MT		 266void flushChainNAT(char *chain) {
267 char str[STRING_SIZE];
268
269 sprintf(str, "/sbin/iptables -t nat -F %s", chain);
270 executeCommand(str);
271}
272
d2c4a3ca
MT		 273void flushChainINPUT(char *chain) {
274 char str[STRING_SIZE];
275
276 snprintf(str, STRING_SIZE, "%sINPUT", chain);
277 flushChain(str);
278}
279
6e13d0a5
MT		 280void deleteChainReference(char *chain) {
281 char str[STRING_SIZE];
282
283 sprintf(str, "/sbin/iptables -D INPUT -j %sINPUT", chain);
284 executeCommand(str);
6e13d0a5
MT		 285}
286
287void deleteChain(char *chain) {
288 char str[STRING_SIZE];
289
290 sprintf(str, "/sbin/iptables -X %sINPUT", chain);
291 executeCommand(str);
6e13d0a5
MT		 292}
293
294void deleteAllChains(void) {
295 // not an elegant solution, but to avoid timing problems with undeleted chain references
296 deleteChainReference(OVPNRED);
297 deleteChainReference(OVPNBLUE);
298 deleteChainReference(OVPNORANGE);
d2c4a3ca
MT		 299 flushChainINPUT(OVPNRED);
300 flushChainINPUT(OVPNBLUE);
301 flushChainINPUT(OVPNORANGE);
6e13d0a5
MT		 302 deleteChain(OVPNRED);
303 deleteChain(OVPNBLUE);
304 deleteChain(OVPNORANGE);
2181b555
MT		 305
306 // Only flush chains that are created by the firewall
307 flushChain(OVPNBLOCK);
308 flushChainNAT(OVPNNAT);
6e13d0a5
MT		 309}
310
311void createChainReference(char *chain) {
312 char str[STRING_SIZE];
313 sprintf(str, "/sbin/iptables -I INPUT %s -j %sINPUT", "14", chain);
314 executeCommand(str);
6e13d0a5
MT		 315}
316
317void createChain(char *chain) {
318 char str[STRING_SIZE];
319 sprintf(str, "/sbin/iptables -N %sINPUT", chain);
320 executeCommand(str);
6e13d0a5
MT		 321}
322
323void createAllChains(void) {
858d8d90
MT		 324 // create chain and chain references
325 if (!strcmp(enableorange, "on")) {
326 if (strlen(orangeif)) {
327 createChain(OVPNORANGE);
328 createChainReference(OVPNORANGE);
329 } else {
330 fprintf(stderr, "OpenVPN enabled on orange but no orange interface found\n");
331 //exit(1);
6e13d0a5 332 }
858d8d90
MT		 333 }
334
335 if (!strcmp(enableblue, "on")) {
336 if (strlen(blueif)) {
337 createChain(OVPNBLUE);
338 createChainReference(OVPNBLUE);
339 } else {
340 fprintf(stderr, "OpenVPN enabled on blue but no blue interface found\n");
341 //exit(1);
6e13d0a5 342 }
858d8d90
MT		 343 }
344
345 if (!strcmp(enablered, "on")) {
346 if (strlen(redif)) {
347 createChain(OVPNRED);
348 createChainReference(OVPNRED);
349 } else {
350 fprintf(stderr, "OpenVPN enabled on red but no red interface found\n");
351 //exit(1);
6e13d0a5
MT		 352 }
353 }
354}
355
3d1fbbb0 356char* calcTransferNetAddress(const connection* conn) {
a19ff965
MT		 357 char *subnetmask = strdup(conn->transfer_subnet);
358 char *address = strsep(&subnetmask, "/");
3d1fbbb0 359
cdbe3504
MT		 360 if ((address == NULL) || (subnetmask == NULL)) {
361 goto ERROR;
362 }
363
a19ff965
MT		 364 in_addr_t _address = inet_addr(address);
365 in_addr_t _subnetmask = inet_addr(subnetmask);
366 _address &= _subnetmask;
3d1fbbb0 367
a19ff965
MT		 368 if (strcmp(conn->role, "server") == 0) {
369 _address += 1 << 24;
370 } else if (strcmp(conn->role, "client") == 0) {
371 _address += 2 << 24;
3d1fbbb0
MT		 372 } else {
373 goto ERROR;
374 }
375
a19ff965
MT		 376 struct in_addr address_info;
377 address_info.s_addr = _address;
378
379 return inet_ntoa(address_info);
3d1fbbb0
MT		 380
381ERROR:
a19ff965
MT		 382 fprintf(stderr, "Could not determine transfer net address: %s\n", conn->name);
383
3d1fbbb0
MT		 384 free(address);
385 return NULL;
386}
387
388char* getLocalSubnetAddress(const connection* conn) {
389 kv = initkeyvalues();
390 if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")) {
391 fprintf(stderr, "Cannot read ethernet settings\n");
392 exit(1);
393 }
394
395 const char *zones[] = {"GREEN", "BLUE", "ORANGE", NULL};
396 char *zone = NULL;
397
398 // Get net address of the local openvpn subnet.
399 char *subnetmask = strdup(conn->local_subnet);
400 char *address = strsep(&subnetmask, "/");
401
402 if ((address == NULL) || (subnetmask == NULL)) {
403 goto ERROR;
404 }
405
406 in_addr_t _address = inet_addr(address);
407 in_addr_t _subnetmask = inet_addr(subnetmask);
408
409 in_addr_t _netaddr = (_address & _subnetmask);
410 in_addr_t _broadcast = (_address | ~_subnetmask);
411
412 char zone_address_key[STRING_SIZE];
413 char zone_address[STRING_SIZE];
414 in_addr_t zone_addr;
415
416 int i = 0;
417 while (zones[i]) {
418 zone = zones[i++];
419 snprintf(zone_address_key, STRING_SIZE, "%s_ADDRESS", zone);
420
421 if (!findkey(kv, zone_address_key, zone_address))
422 continue;
423
424 zone_addr = inet_addr(zone_address);
425 if ((zone_addr > _netaddr) && (zone_addr < _broadcast)) {
426 freekeyvalues(kv);
427
428 return strdup(zone_address);
429 }
430 }
431
432ERROR:
a19ff965
MT		 433 fprintf(stderr, "Could not determine local subnet address: %s\n", conn->name);
434
3d1fbbb0
MT		 435 freekeyvalues(kv);
436 return NULL;
437}
438
6e13d0a5
MT		 439void setFirewallRules(void) {
440 char protocol[STRING_SIZE] = "";
441 char dport[STRING_SIZE] = "";
442 char dovpnip[STRING_SIZE] = "";
443
6e13d0a5
MT		 444 kv = initkeyvalues();
445 if (!readkeyvalues(kv, CONFIG_ROOT "/ovpn/settings"))
446 {
447 fprintf(stderr, "Cannot read ovpn settings\n");
448 exit(1);
449 }
450
451 /* we got one device, so lets proceed further */
452 if (!findkey(kv, "DDEST_PORT", dport)){
453 fprintf(stderr, "Cannot read DDEST_PORT\n");
454 exit(1);
455 }
456
457 if (!findkey(kv, "DPROTOCOL", protocol)){
458 fprintf(stderr, "Cannot read DPROTOCOL\n");
459 exit(1);
460 }
461
462 if (!findkey(kv, "VPN_IP", dovpnip)){
463 fprintf(stderr, "Cannot read VPN_IP\n");
464// exit(1); step further as we don't need an ip
465 }
466 freekeyvalues(kv);
467
07081137 468 // Flush all chains.
d2c4a3ca
MT		 469 flushChainINPUT(OVPNRED);
470 flushChainINPUT(OVPNBLUE);
471 flushChainINPUT(OVPNORANGE);
2181b555 472 flushChain(OVPNBLOCK);
3d1fbbb0 473 flushChainNAT(OVPNNAT);
07081137 474
6e13d0a5
MT		 475 // set firewall rules
476 if (!strcmp(enablered, "on") && strlen(redif))
477 setChainRules(OVPNRED, redif, protocol, dport);
478 if (!strcmp(enableblue, "on") && strlen(blueif))
479 setChainRules(OVPNBLUE, blueif, protocol, dport);
480 if (!strcmp(enableorange, "on") && strlen(orangeif))
481 setChainRules(OVPNORANGE, orangeif, protocol, dport);
6925b8ef 482
91a0a221
MT		 483 // read connection configuration
484 connection *conn = getConnections();
485
6925b8ef 486 // set firewall rules for n2n connections
91a0a221 487 char command[STRING_SIZE];
3d1fbbb0
MT		 488 char *local_subnet_address = NULL;
489 char *transfer_subnet_address = NULL;
7d653d51 490 while (conn != NULL) {
91a0a221
MT		 491 if (strcmp(conn->type, "net") == 0) {
492 sprintf(command, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %d -j ACCEPT",
493 OVPNRED, redif, conn->proto, conn->port);
494 executeCommand(command);
3d1fbbb0 495
c31f18b6
MT		 496 /* Block all communication from the transfer nets. */
497 snprintf(command, STRING_SIZE, "/sbin/iptables -A %s -s %s -j DROP",
498 OVPNBLOCK, conn->transfer_subnet);
499 executeCommand(command);
500
3d1fbbb0
MT		 501 local_subnet_address = getLocalSubnetAddress(conn);
502 transfer_subnet_address = calcTransferNetAddress(conn);
503
cdbe3504
MT		 504 if ((local_subnet_address) && (transfer_subnet_address)) {
505 snprintf(command, STRING_SIZE, "/sbin/iptables -t nat -A %s -s %s -j SNAT --to-source %s",
506 OVPNNAT, transfer_subnet_address, local_subnet_address);
507 executeCommand(command);
508 }
91a0a221
MT		 509 }
510
6925b8ef
AF		 511 conn = conn->next;
512 }
6e13d0a5
MT		 513}
514
515void stopDaemon(void) {
516 char command[STRING_SIZE];
517
2bcff894 518 int pid = readPidFile("/var/run/openvpn.pid");
80ca8bd0 519 if (!pid > 0) {
2bcff894
MT		 520 exit(1);
521 }
522
523 fprintf(stderr, "Killing PID %d.\n", pid);
524 kill(pid, SIGTERM);
525
6e13d0a5
MT		 526 snprintf(command, STRING_SIZE - 1, "/bin/rm -f /var/run/openvpn.pid");
527 executeCommand(command);
528}
529
530void startDaemon(void) {
531 char command[STRING_SIZE];
532
533 if (!((strcmp(enablered, "on")==0) || (strcmp(enableblue, "on")==0) || (strcmp(enableorange, "on")==0))){
534 fprintf(stderr, "OpenVPN is not enabled on any interface\n");
535 exit(1);
536 } else {
7d3af7f7
MT		 537 snprintf(command, STRING_SIZE-1, "/sbin/modprobe tun");
538 executeCommand(command);
072cd997 539 snprintf(command, STRING_SIZE-1, "/usr/sbin/openvpn --config /var/ipfire/ovpn/server.conf");
6e13d0a5
MT		 540 executeCommand(command);
541 }
542}
543
99b01b84 544int startNet2Net(char *name) {
6925b8ef
AF		 545 connection *conn = NULL;
546 connection *conn_iter;
547
548 conn_iter = getConnections();
549
550 while (conn_iter) {
91a0a221 551 if ((strcmp(conn_iter->type, "net") == 0) && (strcmp(conn_iter->name, name) == 0)) {
6925b8ef
AF		 552 conn = conn_iter;
553 break;
554 }
555 conn_iter = conn_iter->next;
556 }
557
558 if (conn == NULL) {
559 fprintf(stderr, "Connection not found.\n");
99b01b84
MT		 560 return 1;
561 }
562
563 if (strcmp(conn->status, "on") != 0) {
564 fprintf(stderr, "Connection '%s' is not enabled.\n", conn->name);
565 return 1;
6925b8ef
AF		 566 }
567
99b01b84
MT		 568 fprintf(stderr, "Starting connection %s...\n", conn->name);
569
39877197
MT		 570 char configfile[STRING_SIZE];
571 snprintf(configfile, STRING_SIZE - 1, CONFIG_ROOT "/ovpn/n2nconf/%s/%s.conf",
572 conn->name, conn->name);
573
574 FILE *fp = fopen(configfile, "r");
575 if (fp == NULL) {
576 fprintf(stderr, "Could not find configuration file for connection '%s' at '%s'.\n",
577 conn->name, configfile);
99b01b84 578 return 2;
39877197
MT		 579 }
580 fclose(fp);
581
07081137
MT		 582 // Make sure all firewall rules are up to date.
583 setFirewallRules();
584
6925b8ef 585 char command[STRING_SIZE];
81a789d9
MT		 586 snprintf(command, STRING_SIZE-1, "/sbin/modprobe tun");
587 executeCommand(command);
588 snprintf(command, STRING_SIZE-1, "/usr/sbin/openvpn --config %s", configfile);
6925b8ef 589 executeCommand(command);
99b01b84
MT		 590
591 return 0;
6925b8ef
AF		 592}
593
99b01b84 594int killNet2Net(char *name) {
39877197
MT		 595 connection *conn = NULL;
596 connection *conn_iter;
597
598 conn_iter = getConnections();
599
600 while (conn_iter) {
601 if (strcmp(conn_iter->name, name) == 0) {
602 conn = conn_iter;
603 break;
604 }
605 conn_iter = conn_iter->next;
606 }
607
608 if (conn == NULL) {
609 fprintf(stderr, "Connection not found.\n");
99b01b84 610 return 1;
39877197
MT		 611 }
612
613 char pidfile[STRING_SIZE];
80ca8bd0 614 snprintf(pidfile, STRING_SIZE - 1, "/var/run/%sn2n.pid", conn->name);
39877197 615
2bcff894 616 int pid = readPidFile(pidfile);
80ca8bd0 617 if (!pid > 0) {
99b01b84
MT		 618 fprintf(stderr, "Could not read pid file of connection %s.", conn->name);
619 return 1;
39877197
MT		 620 }
621
99b01b84 622 fprintf(stderr, "Killing connection %s (PID %d)...\n", conn->name, pid);
39877197
MT		 623 kill(pid, SIGTERM);
624
d4c8b6be
MT		 625 char command[STRING_SIZE];
626 snprintf(command, STRING_SIZE - 1, "/bin/rm -f %s", pidfile);
627 executeCommand(command);
628
99b01b84 629 return 0;
6925b8ef
AF		 630}
631
64f0c354 632void startAllNet2Net() {
99b01b84
MT		 633 int exitcode = 0, _exitcode = 0;
634
64f0c354
MT		 635 connection *conn = getConnections();
636
637 while(conn) {
99b01b84
MT		 638 /* Skip all connections that are not of type "net" or disabled. */
639 if ((strcmp(conn->type, "net") != 0) || (strcmp(conn->status, "on") != 0)) {
640 conn = conn->next;
641 continue;
642 }
643
644 _exitcode = startNet2Net(conn->name);
64f0c354 645 conn = conn->next;
99b01b84
MT		 646
647 if (_exitcode > exitcode) {
648 exitcode = _exitcode;
649 }
64f0c354
MT		 650 }
651
99b01b84 652 exit(exitcode);
64f0c354
MT		 653}
654
655void killAllNet2Net() {
99b01b84
MT		 656 int exitcode = 0, _exitcode = 0;
657
64f0c354
MT		 658 connection *conn = getConnections();
659
660 while(conn) {
99b01b84
MT		 661 /* Skip all connections that are not of type "net". */
662 if (strcmp(conn->type, "net") != 0) {
663 conn = conn->next;
664 continue;
665 }
666
667 _exitcode = killNet2Net(conn->name);
64f0c354 668 conn = conn->next;
99b01b84
MT		 669
670 if (_exitcode > exitcode) {
671 exitcode = _exitcode;
672 }
64f0c354
MT		 673 }
674
99b01b84 675 exit(exitcode);
64f0c354
MT		 676}
677
6e13d0a5
MT		 678void displayopenvpn(void) {
679 char command[STRING_SIZE];
680
681 snprintf(command, STRING_SIZE - 1, "/bin/killall -sSIGUSR2 openvpn");
682 executeCommand(command);
683}
684
685int main(int argc, char *argv[]) {
686 if (!(initsetuid()))
687 exit(1);
688 if(argc < 2)
689 usage();
6925b8ef
AF		 690
691 if(argc == 3) {
91a0a221
MT		 692 ovpnInit();
693
6925b8ef
AF		 694 if( (strcmp(argv[1], "-sn2n") == 0) || (strcmp(argv[1], "--start-net-2-net") == 0) ) {
695 startNet2Net(argv[2]);
696 return 0;
697 }
698 else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) {
699 killNet2Net(argv[2]);
700 return 0;
701 } else {
702 usage();
703 return 1;
704 }
705 }
706 else if(argc == 2) {
6e13d0a5
MT		 707 if( (strcmp(argv[1], "-k") == 0) || (strcmp(argv[1], "--kill") == 0) ) {
708 stopDaemon();
709 return 0;
710 }
711 else if( (strcmp(argv[1], "-d") == 0) || (strcmp(argv[1], "--display") == 0) ) {
712 displayopenvpn();
713 return 0;
714 }
715 else if( (strcmp(argv[1], "-dcr") == 0) || (strcmp(argv[1], "--delete-chains-and-rules") == 0) ) {
716 deleteAllChains();
717 return 0;
718 }
719 else {
720 ovpnInit();
721
722 if( (strcmp(argv[1], "-s") == 0) || (strcmp(argv[1], "--start") == 0) ) {
723 deleteAllChains();
724 createAllChains();
725 setFirewallRules();
726 startDaemon();
727 return 0;
728 }
64f0c354
MT		 729 else if( (strcmp(argv[1], "-sn2n") == 0) || (strcmp(argv[1], "--start-net-2-net") == 0) ) {
730 startAllNet2Net();
731 return 0;
732 }
733 else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) {
734 killAllNet2Net();
735 return 0;
736 }
6e13d0a5
MT		 737 else if( (strcmp(argv[1], "-sdo") == 0) || (strcmp(argv[1], "--start-daemon-only") == 0) ) {
738 startDaemon();
739 return 0;
740 }
741 else if( (strcmp(argv[1], "-r") == 0) || (strcmp(argv[1], "--restart") == 0) ) {
742 stopDaemon();
743 deleteAllChains();
744 createAllChains();
745 setFirewallRules();
746 startDaemon();
747 return 0;
748 }
749 else if( (strcmp(argv[1], "-fwr") == 0) || (strcmp(argv[1], "--firewall-rules") == 0) ) {
750 deleteAllChains();
751 createAllChains();
752 setFirewallRules();
753 return 0;
754 }
755 else if( (strcmp(argv[1], "-ccr") == 0) || (strcmp(argv[1], "--create-chains-and-rules") == 0) ) {
756 createAllChains();
757 setFirewallRules();
758 return 0;
759 }
760 else {
761 usage();
762 return 0;
763 }
764 }
765 }
766 else {
767 usage();
768 return 0;
769 }
770return 0;
771}
772
Timo's tree of IPFire 2.x