]>
Commit | Line | Data |
---|---|---|
39877197 | 1 | #include <signal.h> |
6e13d0a5 MT |
2 | #include <stdio.h> |
3 | #include <string.h> | |
4 | #include <unistd.h> | |
5 | #include <stdlib.h> | |
6 | #include <sys/types.h> | |
3d1fbbb0 MT |
7 | #include <arpa/inet.h> |
8 | #include <netinet/in.h> | |
6e13d0a5 MT |
9 | #include <fcntl.h> |
10 | #include "setuid.h" | |
11 | #include "libsmooth.h" | |
12 | ||
c894a342 | 13 | #define noovpndebug |
6e13d0a5 MT |
14 | |
15 | // global vars | |
16 | struct keyvalue *kv = NULL; | |
17 | FILE *ifacefile = NULL; | |
18 | ||
19 | char redif[STRING_SIZE]; | |
20 | char blueif[STRING_SIZE]; | |
21 | char orangeif[STRING_SIZE]; | |
22 | char enablered[STRING_SIZE] = "off"; | |
23 | char enableblue[STRING_SIZE] = "off"; | |
24 | char enableorange[STRING_SIZE] = "off"; | |
25 | ||
26 | // consts | |
27 | char OVPNRED[STRING_SIZE] = "OVPN"; | |
28 | char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_"; | |
29 | char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_"; | |
3d1fbbb0 MT |
30 | char OVPNNAT[STRING_SIZE] = "OVPNNAT"; |
31 | char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.2.3"; | |
6925b8ef AF |
32 | |
33 | struct connection_struct { | |
34 | char name[STRING_SIZE]; | |
91a0a221 | 35 | char type[STRING_SIZE]; |
6925b8ef | 36 | char proto[STRING_SIZE]; |
99b01b84 | 37 | char status[STRING_SIZE]; |
3d1fbbb0 MT |
38 | char local_subnet[STRING_SIZE]; |
39 | char transfer_subnet[STRING_SIZE]; | |
40 | char role[STRING_SIZE]; | |
6925b8ef AF |
41 | int port; |
42 | struct connection_struct *next; | |
43 | }; | |
44 | ||
45 | typedef struct connection_struct connection; | |
6e13d0a5 MT |
46 | |
47 | void exithandler(void) | |
48 | { | |
49 | if(kv) | |
50 | freekeyvalues(kv); | |
51 | if (ifacefile) | |
52 | fclose(ifacefile); | |
53 | } | |
54 | ||
55 | void usage(void) | |
56 | { | |
57 | #ifdef ovpndebug | |
07081137 | 58 | printf("Wrapper for OpenVPN %s-debug\n", WRAPPERVERSION); |
6e13d0a5 | 59 | #else |
07081137 | 60 | printf("Wrapper for OpenVPN %s\n", WRAPPERVERSION); |
6e13d0a5 MT |
61 | #endif |
62 | printf("openvpnctrl <option>\n"); | |
63 | printf(" Valid options are:\n"); | |
64 | printf(" -s --start\n"); | |
65 | printf(" starts OpenVPN (implicitly creates chains and firewall rules)\n"); | |
66 | printf(" -k --kill\n"); | |
67 | printf(" kills/stops OpenVPN\n"); | |
68 | printf(" -r --restart\n"); | |
69 | printf(" restarts OpenVPN (implicitly creates chains and firewall rules)\n"); | |
64f0c354 MT |
70 | printf(" -sn2n --start-net-2-net\n"); |
71 | printf(" starts all net2net connections\n"); | |
72 | printf(" you may pass a connection name to the switch to only start a specific one\n"); | |
73 | printf(" -kn2n --kill-net-2-net\n"); | |
74 | printf(" kills all net2net connections\n"); | |
75 | printf(" you may pass a connection name to the switch to only start a specific one\n"); | |
6e13d0a5 MT |
76 | printf(" -d --display\n"); |
77 | printf(" displays OpenVPN status to syslog\n"); | |
78 | printf(" -fwr --firewall-rules\n"); | |
79 | printf(" removes current OpenVPN chains and rules and resets them according to the config\n"); | |
80 | printf(" -sdo --start-daemon-only\n"); | |
afabe9f7 | 81 | printf(" starts OpenVPN daemon only\n"); |
6e13d0a5 MT |
82 | printf(" -ccr --create-chains-and-rules\n"); |
83 | printf(" creates chains and rules for OpenVPN\n"); | |
84 | printf(" -dcr --delete-chains-and-rules\n"); | |
85 | printf(" removes all chains for OpenVPN\n"); | |
86 | exit(1); | |
87 | } | |
88 | ||
6925b8ef AF |
89 | connection *getConnections() { |
90 | FILE *fp = NULL; | |
91 | ||
92 | if (!(fp = fopen(CONFIG_ROOT "/ovpn/ovpnconfig", "r"))) { | |
93 | fprintf(stderr, "Could not open openvpn n2n configuration file.\n"); | |
94 | exit(1); | |
95 | } | |
96 | ||
97 | char line[STRING_SIZE] = ""; | |
d4f2fb97 MT |
98 | char result[STRING_SIZE] = ""; |
99 | char *resultptr; | |
6925b8ef AF |
100 | int count; |
101 | connection *conn_first = NULL; | |
102 | connection *conn_last = NULL; | |
103 | connection *conn_curr; | |
104 | ||
105 | while ((fgets(line, STRING_SIZE, fp) != NULL)) { | |
106 | if (line[strlen(line) - 1] == '\n') | |
107 | line[strlen(line) - 1] = '\0'; | |
108 | ||
109 | conn_curr = (connection *)malloc(sizeof(connection)); | |
110 | memset(conn_curr, 0, sizeof(connection)); | |
111 | ||
112 | if (conn_first == NULL) { | |
113 | conn_first = conn_curr; | |
114 | } else { | |
115 | conn_last->next = conn_curr; | |
116 | } | |
117 | conn_last = conn_curr; | |
118 | ||
119 | count = 0; | |
d4f2fb97 MT |
120 | char *lineptr = &line; |
121 | while (1) { | |
122 | if (*lineptr == NULL) | |
123 | break; | |
124 | ||
125 | resultptr = result; | |
126 | while (*lineptr != NULL) { | |
127 | if (*lineptr == ',') { | |
128 | lineptr++; | |
129 | break; | |
130 | } | |
131 | *resultptr++ = *lineptr++; | |
132 | } | |
133 | *resultptr = '\0'; | |
134 | ||
99b01b84 MT |
135 | if (count == 1) { |
136 | strcpy(conn_curr->status, result); | |
137 | } else if (count == 2) { | |
6925b8ef | 138 | strcpy(conn_curr->name, result); |
91a0a221 MT |
139 | } else if (count == 4) { |
140 | strcpy(conn_curr->type, result); | |
3d1fbbb0 MT |
141 | } else if (count == 7) { |
142 | strcpy(conn_curr->role, result); | |
143 | } else if (count == 9) { | |
144 | strcpy(conn_curr->local_subnet, result); | |
145 | } else if (count == 28) { | |
146 | strcpy(conn_curr->transfer_subnet, result); | |
d4f2fb97 | 147 | } else if (count == 29) { |
6925b8ef | 148 | strcpy(conn_curr->proto, result); |
d4f2fb97 | 149 | } else if (count == 30) { |
6925b8ef AF |
150 | conn_curr->port = atoi(result); |
151 | } | |
152 | ||
6925b8ef AF |
153 | count++; |
154 | } | |
155 | } | |
156 | ||
157 | fclose(fp); | |
158 | ||
159 | return conn_first; | |
160 | } | |
161 | ||
80ca8bd0 MT |
162 | int readPidFile(const char *pidfile) { |
163 | FILE *fp = fopen(pidfile, "r"); | |
164 | if (fp == NULL) { | |
165 | fprintf(stderr, "PID file not found: '%s'\n", pidfile); | |
166 | exit(1); | |
167 | } | |
168 | ||
169 | int pid = 0; | |
170 | fscanf(fp, "%d", &pid); | |
171 | fclose(fp); | |
172 | ||
173 | return pid; | |
174 | } | |
175 | ||
6e13d0a5 MT |
176 | void ovpnInit(void) { |
177 | ||
178 | // Read OpenVPN configuration | |
179 | kv = initkeyvalues(); | |
180 | if (!readkeyvalues(kv, CONFIG_ROOT "/ovpn/settings")) { | |
181 | fprintf(stderr, "Cannot read ovpn settings\n"); | |
182 | exit(1); | |
183 | } | |
184 | ||
185 | if (!findkey(kv, "ENABLED", enablered)) { | |
186 | fprintf(stderr, "Cannot read ENABLED\n"); | |
187 | exit(1); | |
188 | } | |
189 | ||
190 | if (!findkey(kv, "ENABLED_BLUE", enableblue)){ | |
191 | fprintf(stderr, "Cannot read ENABLED_BLUE\n"); | |
192 | exit(1); | |
193 | } | |
194 | ||
195 | if (!findkey(kv, "ENABLED_ORANGE", enableorange)){ | |
196 | fprintf(stderr, "Cannot read ENABLED_ORANGE\n"); | |
197 | exit(1); | |
198 | } | |
199 | freekeyvalues(kv); | |
200 | ||
201 | // read interface settings | |
202 | ||
203 | // details for the red int | |
204 | memset(redif, 0, STRING_SIZE); | |
205 | if ((ifacefile = fopen(CONFIG_ROOT "/red/iface", "r"))) | |
206 | { | |
207 | if (fgets(redif, STRING_SIZE, ifacefile)) | |
208 | { | |
209 | if (redif[strlen(redif) - 1] == '\n') | |
210 | redif[strlen(redif) - 1] = '\0'; | |
211 | } | |
212 | fclose (ifacefile); | |
213 | ifacefile = NULL; | |
214 | ||
215 | if (!VALID_DEVICE(redif)) | |
216 | { | |
217 | memset(redif, 0, STRING_SIZE); | |
218 | } | |
219 | } | |
220 | ||
221 | kv=initkeyvalues(); | |
222 | if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")) | |
223 | { | |
224 | fprintf(stderr, "Cannot read ethernet settings\n"); | |
225 | exit(1); | |
226 | } | |
227 | ||
228 | if (strcmp(enableblue, "on")==0){ | |
229 | if (!findkey(kv, "BLUE_DEV", blueif)){ | |
230 | fprintf(stderr, "Cannot read BLUE_DEV\n"); | |
231 | exit(1); | |
232 | } | |
233 | } | |
234 | if (strcmp(enableorange, "on")==0){ | |
235 | if (!findkey(kv, "ORANGE_DEV", orangeif)){ | |
236 | fprintf(stderr, "Cannot read ORNAGE_DEV\n"); | |
237 | exit(1); | |
238 | } | |
239 | } | |
240 | freekeyvalues(kv); | |
241 | } | |
242 | ||
243 | void executeCommand(char *command) { | |
244 | #ifdef ovpndebug | |
245 | printf(strncat(command, "\n", 2)); | |
246 | #endif | |
247 | safe_system(strncat(command, " >/dev/null 2>&1", 17)); | |
248 | } | |
249 | ||
250 | void setChainRules(char *chain, char *interface, char *protocol, char *port) | |
251 | { | |
252 | char str[STRING_SIZE]; | |
07081137 | 253 | |
6e13d0a5 MT |
254 | sprintf(str, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %s -j ACCEPT", chain, interface, protocol, port); |
255 | executeCommand(str); | |
6e13d0a5 MT |
256 | } |
257 | ||
258 | void flushChain(char *chain) { | |
259 | char str[STRING_SIZE]; | |
260 | ||
261 | sprintf(str, "/sbin/iptables -F %sINPUT", chain); | |
262 | executeCommand(str); | |
6e13d0a5 MT |
263 | } |
264 | ||
3d1fbbb0 MT |
265 | void flushChainNAT(char *chain) { |
266 | char str[STRING_SIZE]; | |
267 | ||
268 | sprintf(str, "/sbin/iptables -t nat -F %s", chain); | |
269 | executeCommand(str); | |
270 | } | |
271 | ||
6e13d0a5 MT |
272 | void deleteChainReference(char *chain) { |
273 | char str[STRING_SIZE]; | |
274 | ||
275 | sprintf(str, "/sbin/iptables -D INPUT -j %sINPUT", chain); | |
276 | executeCommand(str); | |
6e13d0a5 MT |
277 | } |
278 | ||
279 | void deleteChain(char *chain) { | |
280 | char str[STRING_SIZE]; | |
281 | ||
282 | sprintf(str, "/sbin/iptables -X %sINPUT", chain); | |
283 | executeCommand(str); | |
6e13d0a5 MT |
284 | } |
285 | ||
286 | void deleteAllChains(void) { | |
287 | // not an elegant solution, but to avoid timing problems with undeleted chain references | |
288 | deleteChainReference(OVPNRED); | |
289 | deleteChainReference(OVPNBLUE); | |
290 | deleteChainReference(OVPNORANGE); | |
291 | flushChain(OVPNRED); | |
292 | flushChain(OVPNBLUE); | |
293 | flushChain(OVPNORANGE); | |
294 | deleteChain(OVPNRED); | |
295 | deleteChain(OVPNBLUE); | |
296 | deleteChain(OVPNORANGE); | |
297 | } | |
298 | ||
299 | void createChainReference(char *chain) { | |
300 | char str[STRING_SIZE]; | |
301 | sprintf(str, "/sbin/iptables -I INPUT %s -j %sINPUT", "14", chain); | |
302 | executeCommand(str); | |
6e13d0a5 MT |
303 | } |
304 | ||
305 | void createChain(char *chain) { | |
306 | char str[STRING_SIZE]; | |
307 | sprintf(str, "/sbin/iptables -N %sINPUT", chain); | |
308 | executeCommand(str); | |
6e13d0a5 MT |
309 | } |
310 | ||
311 | void createAllChains(void) { | |
858d8d90 MT |
312 | // create chain and chain references |
313 | if (!strcmp(enableorange, "on")) { | |
314 | if (strlen(orangeif)) { | |
315 | createChain(OVPNORANGE); | |
316 | createChainReference(OVPNORANGE); | |
317 | } else { | |
318 | fprintf(stderr, "OpenVPN enabled on orange but no orange interface found\n"); | |
319 | //exit(1); | |
6e13d0a5 | 320 | } |
858d8d90 MT |
321 | } |
322 | ||
323 | if (!strcmp(enableblue, "on")) { | |
324 | if (strlen(blueif)) { | |
325 | createChain(OVPNBLUE); | |
326 | createChainReference(OVPNBLUE); | |
327 | } else { | |
328 | fprintf(stderr, "OpenVPN enabled on blue but no blue interface found\n"); | |
329 | //exit(1); | |
6e13d0a5 | 330 | } |
858d8d90 MT |
331 | } |
332 | ||
333 | if (!strcmp(enablered, "on")) { | |
334 | if (strlen(redif)) { | |
335 | createChain(OVPNRED); | |
336 | createChainReference(OVPNRED); | |
337 | } else { | |
338 | fprintf(stderr, "OpenVPN enabled on red but no red interface found\n"); | |
339 | //exit(1); | |
6e13d0a5 MT |
340 | } |
341 | } | |
342 | } | |
343 | ||
3d1fbbb0 | 344 | char* calcTransferNetAddress(const connection* conn) { |
a19ff965 MT |
345 | char *subnetmask = strdup(conn->transfer_subnet); |
346 | char *address = strsep(&subnetmask, "/"); | |
3d1fbbb0 | 347 | |
cdbe3504 MT |
348 | if ((address == NULL) || (subnetmask == NULL)) { |
349 | goto ERROR; | |
350 | } | |
351 | ||
a19ff965 MT |
352 | in_addr_t _address = inet_addr(address); |
353 | in_addr_t _subnetmask = inet_addr(subnetmask); | |
354 | _address &= _subnetmask; | |
3d1fbbb0 | 355 | |
a19ff965 MT |
356 | if (strcmp(conn->role, "server") == 0) { |
357 | _address += 1 << 24; | |
358 | } else if (strcmp(conn->role, "client") == 0) { | |
359 | _address += 2 << 24; | |
3d1fbbb0 MT |
360 | } else { |
361 | goto ERROR; | |
362 | } | |
363 | ||
a19ff965 MT |
364 | struct in_addr address_info; |
365 | address_info.s_addr = _address; | |
366 | ||
367 | return inet_ntoa(address_info); | |
3d1fbbb0 MT |
368 | |
369 | ERROR: | |
a19ff965 MT |
370 | fprintf(stderr, "Could not determine transfer net address: %s\n", conn->name); |
371 | ||
3d1fbbb0 MT |
372 | free(address); |
373 | return NULL; | |
374 | } | |
375 | ||
376 | char* getLocalSubnetAddress(const connection* conn) { | |
377 | kv = initkeyvalues(); | |
378 | if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")) { | |
379 | fprintf(stderr, "Cannot read ethernet settings\n"); | |
380 | exit(1); | |
381 | } | |
382 | ||
383 | const char *zones[] = {"GREEN", "BLUE", "ORANGE", NULL}; | |
384 | char *zone = NULL; | |
385 | ||
386 | // Get net address of the local openvpn subnet. | |
387 | char *subnetmask = strdup(conn->local_subnet); | |
388 | char *address = strsep(&subnetmask, "/"); | |
389 | ||
390 | if ((address == NULL) || (subnetmask == NULL)) { | |
391 | goto ERROR; | |
392 | } | |
393 | ||
394 | in_addr_t _address = inet_addr(address); | |
395 | in_addr_t _subnetmask = inet_addr(subnetmask); | |
396 | ||
397 | in_addr_t _netaddr = (_address & _subnetmask); | |
398 | in_addr_t _broadcast = (_address | ~_subnetmask); | |
399 | ||
400 | char zone_address_key[STRING_SIZE]; | |
401 | char zone_address[STRING_SIZE]; | |
402 | in_addr_t zone_addr; | |
403 | ||
404 | int i = 0; | |
405 | while (zones[i]) { | |
406 | zone = zones[i++]; | |
407 | snprintf(zone_address_key, STRING_SIZE, "%s_ADDRESS", zone); | |
408 | ||
409 | if (!findkey(kv, zone_address_key, zone_address)) | |
410 | continue; | |
411 | ||
412 | zone_addr = inet_addr(zone_address); | |
413 | if ((zone_addr > _netaddr) && (zone_addr < _broadcast)) { | |
414 | freekeyvalues(kv); | |
415 | ||
416 | return strdup(zone_address); | |
417 | } | |
418 | } | |
419 | ||
420 | ERROR: | |
a19ff965 MT |
421 | fprintf(stderr, "Could not determine local subnet address: %s\n", conn->name); |
422 | ||
3d1fbbb0 MT |
423 | freekeyvalues(kv); |
424 | return NULL; | |
425 | } | |
426 | ||
6e13d0a5 MT |
427 | void setFirewallRules(void) { |
428 | char protocol[STRING_SIZE] = ""; | |
429 | char dport[STRING_SIZE] = ""; | |
430 | char dovpnip[STRING_SIZE] = ""; | |
431 | ||
6e13d0a5 MT |
432 | kv = initkeyvalues(); |
433 | if (!readkeyvalues(kv, CONFIG_ROOT "/ovpn/settings")) | |
434 | { | |
435 | fprintf(stderr, "Cannot read ovpn settings\n"); | |
436 | exit(1); | |
437 | } | |
438 | ||
439 | /* we got one device, so lets proceed further */ | |
440 | if (!findkey(kv, "DDEST_PORT", dport)){ | |
441 | fprintf(stderr, "Cannot read DDEST_PORT\n"); | |
442 | exit(1); | |
443 | } | |
444 | ||
445 | if (!findkey(kv, "DPROTOCOL", protocol)){ | |
446 | fprintf(stderr, "Cannot read DPROTOCOL\n"); | |
447 | exit(1); | |
448 | } | |
449 | ||
450 | if (!findkey(kv, "VPN_IP", dovpnip)){ | |
451 | fprintf(stderr, "Cannot read VPN_IP\n"); | |
452 | // exit(1); step further as we don't need an ip | |
453 | } | |
454 | freekeyvalues(kv); | |
455 | ||
07081137 MT |
456 | // Flush all chains. |
457 | flushChain(OVPNRED); | |
458 | flushChain(OVPNBLUE); | |
459 | flushChain(OVPNORANGE); | |
3d1fbbb0 | 460 | flushChainNAT(OVPNNAT); |
07081137 | 461 | |
6e13d0a5 MT |
462 | // set firewall rules |
463 | if (!strcmp(enablered, "on") && strlen(redif)) | |
464 | setChainRules(OVPNRED, redif, protocol, dport); | |
465 | if (!strcmp(enableblue, "on") && strlen(blueif)) | |
466 | setChainRules(OVPNBLUE, blueif, protocol, dport); | |
467 | if (!strcmp(enableorange, "on") && strlen(orangeif)) | |
468 | setChainRules(OVPNORANGE, orangeif, protocol, dport); | |
6925b8ef | 469 | |
91a0a221 MT |
470 | // read connection configuration |
471 | connection *conn = getConnections(); | |
472 | ||
6925b8ef | 473 | // set firewall rules for n2n connections |
91a0a221 | 474 | char command[STRING_SIZE]; |
3d1fbbb0 MT |
475 | char *local_subnet_address = NULL; |
476 | char *transfer_subnet_address = NULL; | |
7d653d51 | 477 | while (conn != NULL) { |
91a0a221 MT |
478 | if (strcmp(conn->type, "net") == 0) { |
479 | sprintf(command, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %d -j ACCEPT", | |
480 | OVPNRED, redif, conn->proto, conn->port); | |
481 | executeCommand(command); | |
3d1fbbb0 MT |
482 | |
483 | local_subnet_address = getLocalSubnetAddress(conn); | |
484 | transfer_subnet_address = calcTransferNetAddress(conn); | |
485 | ||
cdbe3504 MT |
486 | if ((local_subnet_address) && (transfer_subnet_address)) { |
487 | snprintf(command, STRING_SIZE, "/sbin/iptables -t nat -A %s -s %s -j SNAT --to-source %s", | |
488 | OVPNNAT, transfer_subnet_address, local_subnet_address); | |
489 | executeCommand(command); | |
490 | } | |
91a0a221 MT |
491 | } |
492 | ||
6925b8ef AF |
493 | conn = conn->next; |
494 | } | |
6e13d0a5 MT |
495 | } |
496 | ||
497 | void stopDaemon(void) { | |
498 | char command[STRING_SIZE]; | |
499 | ||
2bcff894 | 500 | int pid = readPidFile("/var/run/openvpn.pid"); |
80ca8bd0 | 501 | if (!pid > 0) { |
2bcff894 MT |
502 | exit(1); |
503 | } | |
504 | ||
505 | fprintf(stderr, "Killing PID %d.\n", pid); | |
506 | kill(pid, SIGTERM); | |
507 | ||
6e13d0a5 MT |
508 | snprintf(command, STRING_SIZE - 1, "/bin/rm -f /var/run/openvpn.pid"); |
509 | executeCommand(command); | |
510 | } | |
511 | ||
512 | void startDaemon(void) { | |
513 | char command[STRING_SIZE]; | |
514 | ||
515 | if (!((strcmp(enablered, "on")==0) || (strcmp(enableblue, "on")==0) || (strcmp(enableorange, "on")==0))){ | |
516 | fprintf(stderr, "OpenVPN is not enabled on any interface\n"); | |
517 | exit(1); | |
518 | } else { | |
7d3af7f7 MT |
519 | snprintf(command, STRING_SIZE-1, "/sbin/modprobe tun"); |
520 | executeCommand(command); | |
072cd997 | 521 | snprintf(command, STRING_SIZE-1, "/usr/sbin/openvpn --config /var/ipfire/ovpn/server.conf"); |
6e13d0a5 MT |
522 | executeCommand(command); |
523 | } | |
524 | } | |
525 | ||
99b01b84 | 526 | int startNet2Net(char *name) { |
6925b8ef AF |
527 | connection *conn = NULL; |
528 | connection *conn_iter; | |
529 | ||
530 | conn_iter = getConnections(); | |
531 | ||
532 | while (conn_iter) { | |
91a0a221 | 533 | if ((strcmp(conn_iter->type, "net") == 0) && (strcmp(conn_iter->name, name) == 0)) { |
6925b8ef AF |
534 | conn = conn_iter; |
535 | break; | |
536 | } | |
537 | conn_iter = conn_iter->next; | |
538 | } | |
539 | ||
540 | if (conn == NULL) { | |
541 | fprintf(stderr, "Connection not found.\n"); | |
99b01b84 MT |
542 | return 1; |
543 | } | |
544 | ||
545 | if (strcmp(conn->status, "on") != 0) { | |
546 | fprintf(stderr, "Connection '%s' is not enabled.\n", conn->name); | |
547 | return 1; | |
6925b8ef AF |
548 | } |
549 | ||
99b01b84 MT |
550 | fprintf(stderr, "Starting connection %s...\n", conn->name); |
551 | ||
39877197 MT |
552 | char configfile[STRING_SIZE]; |
553 | snprintf(configfile, STRING_SIZE - 1, CONFIG_ROOT "/ovpn/n2nconf/%s/%s.conf", | |
554 | conn->name, conn->name); | |
555 | ||
556 | FILE *fp = fopen(configfile, "r"); | |
557 | if (fp == NULL) { | |
558 | fprintf(stderr, "Could not find configuration file for connection '%s' at '%s'.\n", | |
559 | conn->name, configfile); | |
99b01b84 | 560 | return 2; |
39877197 MT |
561 | } |
562 | fclose(fp); | |
563 | ||
07081137 MT |
564 | // Make sure all firewall rules are up to date. |
565 | setFirewallRules(); | |
566 | ||
6925b8ef | 567 | char command[STRING_SIZE]; |
81a789d9 MT |
568 | snprintf(command, STRING_SIZE-1, "/sbin/modprobe tun"); |
569 | executeCommand(command); | |
570 | snprintf(command, STRING_SIZE-1, "/usr/sbin/openvpn --config %s", configfile); | |
6925b8ef | 571 | executeCommand(command); |
99b01b84 MT |
572 | |
573 | return 0; | |
6925b8ef AF |
574 | } |
575 | ||
99b01b84 | 576 | int killNet2Net(char *name) { |
39877197 MT |
577 | connection *conn = NULL; |
578 | connection *conn_iter; | |
579 | ||
580 | conn_iter = getConnections(); | |
581 | ||
582 | while (conn_iter) { | |
583 | if (strcmp(conn_iter->name, name) == 0) { | |
584 | conn = conn_iter; | |
585 | break; | |
586 | } | |
587 | conn_iter = conn_iter->next; | |
588 | } | |
589 | ||
590 | if (conn == NULL) { | |
591 | fprintf(stderr, "Connection not found.\n"); | |
99b01b84 | 592 | return 1; |
39877197 MT |
593 | } |
594 | ||
595 | char pidfile[STRING_SIZE]; | |
80ca8bd0 | 596 | snprintf(pidfile, STRING_SIZE - 1, "/var/run/%sn2n.pid", conn->name); |
39877197 | 597 | |
2bcff894 | 598 | int pid = readPidFile(pidfile); |
80ca8bd0 | 599 | if (!pid > 0) { |
99b01b84 MT |
600 | fprintf(stderr, "Could not read pid file of connection %s.", conn->name); |
601 | return 1; | |
39877197 MT |
602 | } |
603 | ||
99b01b84 | 604 | fprintf(stderr, "Killing connection %s (PID %d)...\n", conn->name, pid); |
39877197 MT |
605 | kill(pid, SIGTERM); |
606 | ||
d4c8b6be MT |
607 | char command[STRING_SIZE]; |
608 | snprintf(command, STRING_SIZE - 1, "/bin/rm -f %s", pidfile); | |
609 | executeCommand(command); | |
610 | ||
99b01b84 | 611 | return 0; |
6925b8ef AF |
612 | } |
613 | ||
64f0c354 | 614 | void startAllNet2Net() { |
99b01b84 MT |
615 | int exitcode = 0, _exitcode = 0; |
616 | ||
64f0c354 MT |
617 | connection *conn = getConnections(); |
618 | ||
619 | while(conn) { | |
99b01b84 MT |
620 | /* Skip all connections that are not of type "net" or disabled. */ |
621 | if ((strcmp(conn->type, "net") != 0) || (strcmp(conn->status, "on") != 0)) { | |
622 | conn = conn->next; | |
623 | continue; | |
624 | } | |
625 | ||
626 | _exitcode = startNet2Net(conn->name); | |
64f0c354 | 627 | conn = conn->next; |
99b01b84 MT |
628 | |
629 | if (_exitcode > exitcode) { | |
630 | exitcode = _exitcode; | |
631 | } | |
64f0c354 MT |
632 | } |
633 | ||
99b01b84 | 634 | exit(exitcode); |
64f0c354 MT |
635 | } |
636 | ||
637 | void killAllNet2Net() { | |
99b01b84 MT |
638 | int exitcode = 0, _exitcode = 0; |
639 | ||
64f0c354 MT |
640 | connection *conn = getConnections(); |
641 | ||
642 | while(conn) { | |
99b01b84 MT |
643 | /* Skip all connections that are not of type "net". */ |
644 | if (strcmp(conn->type, "net") != 0) { | |
645 | conn = conn->next; | |
646 | continue; | |
647 | } | |
648 | ||
649 | _exitcode = killNet2Net(conn->name); | |
64f0c354 | 650 | conn = conn->next; |
99b01b84 MT |
651 | |
652 | if (_exitcode > exitcode) { | |
653 | exitcode = _exitcode; | |
654 | } | |
64f0c354 MT |
655 | } |
656 | ||
99b01b84 | 657 | exit(exitcode); |
64f0c354 MT |
658 | } |
659 | ||
6e13d0a5 MT |
660 | void displayopenvpn(void) { |
661 | char command[STRING_SIZE]; | |
662 | ||
663 | snprintf(command, STRING_SIZE - 1, "/bin/killall -sSIGUSR2 openvpn"); | |
664 | executeCommand(command); | |
665 | } | |
666 | ||
667 | int main(int argc, char *argv[]) { | |
668 | if (!(initsetuid())) | |
669 | exit(1); | |
670 | if(argc < 2) | |
671 | usage(); | |
6925b8ef AF |
672 | |
673 | if(argc == 3) { | |
91a0a221 MT |
674 | ovpnInit(); |
675 | ||
6925b8ef AF |
676 | if( (strcmp(argv[1], "-sn2n") == 0) || (strcmp(argv[1], "--start-net-2-net") == 0) ) { |
677 | startNet2Net(argv[2]); | |
678 | return 0; | |
679 | } | |
680 | else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) { | |
681 | killNet2Net(argv[2]); | |
682 | return 0; | |
683 | } else { | |
684 | usage(); | |
685 | return 1; | |
686 | } | |
687 | } | |
688 | else if(argc == 2) { | |
6e13d0a5 MT |
689 | if( (strcmp(argv[1], "-k") == 0) || (strcmp(argv[1], "--kill") == 0) ) { |
690 | stopDaemon(); | |
691 | return 0; | |
692 | } | |
693 | else if( (strcmp(argv[1], "-d") == 0) || (strcmp(argv[1], "--display") == 0) ) { | |
694 | displayopenvpn(); | |
695 | return 0; | |
696 | } | |
697 | else if( (strcmp(argv[1], "-dcr") == 0) || (strcmp(argv[1], "--delete-chains-and-rules") == 0) ) { | |
698 | deleteAllChains(); | |
699 | return 0; | |
700 | } | |
701 | else { | |
702 | ovpnInit(); | |
703 | ||
704 | if( (strcmp(argv[1], "-s") == 0) || (strcmp(argv[1], "--start") == 0) ) { | |
705 | deleteAllChains(); | |
706 | createAllChains(); | |
707 | setFirewallRules(); | |
708 | startDaemon(); | |
709 | return 0; | |
710 | } | |
64f0c354 MT |
711 | else if( (strcmp(argv[1], "-sn2n") == 0) || (strcmp(argv[1], "--start-net-2-net") == 0) ) { |
712 | startAllNet2Net(); | |
713 | return 0; | |
714 | } | |
715 | else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) { | |
716 | killAllNet2Net(); | |
717 | return 0; | |
718 | } | |
6e13d0a5 MT |
719 | else if( (strcmp(argv[1], "-sdo") == 0) || (strcmp(argv[1], "--start-daemon-only") == 0) ) { |
720 | startDaemon(); | |
721 | return 0; | |
722 | } | |
723 | else if( (strcmp(argv[1], "-r") == 0) || (strcmp(argv[1], "--restart") == 0) ) { | |
724 | stopDaemon(); | |
725 | deleteAllChains(); | |
726 | createAllChains(); | |
727 | setFirewallRules(); | |
728 | startDaemon(); | |
729 | return 0; | |
730 | } | |
731 | else if( (strcmp(argv[1], "-fwr") == 0) || (strcmp(argv[1], "--firewall-rules") == 0) ) { | |
732 | deleteAllChains(); | |
733 | createAllChains(); | |
734 | setFirewallRules(); | |
735 | return 0; | |
736 | } | |
737 | else if( (strcmp(argv[1], "-ccr") == 0) || (strcmp(argv[1], "--create-chains-and-rules") == 0) ) { | |
738 | createAllChains(); | |
739 | setFirewallRules(); | |
740 | return 0; | |
741 | } | |
742 | else { | |
743 | usage(); | |
744 | return 0; | |
745 | } | |
746 | } | |
747 | } | |
748 | else { | |
749 | usage(); | |
750 | return 0; | |
751 | } | |
752 | return 0; | |
753 | } | |
754 |