13 struct keyvalue
*kv
= NULL
;
14 FILE *ifacefile
= NULL
;
16 char redif
[STRING_SIZE
];
17 char blueif
[STRING_SIZE
];
18 char orangeif
[STRING_SIZE
];
19 char enablered
[STRING_SIZE
] = "off";
20 char enableblue
[STRING_SIZE
] = "off";
21 char enableorange
[STRING_SIZE
] = "off";
24 char OVPNRED
[STRING_SIZE
] = "OVPN";
25 char OVPNBLUE
[STRING_SIZE
] = "OVPN_BLUE_";
26 char OVPNORANGE
[STRING_SIZE
] = "OVPN_ORANGE_";
27 char WRAPPERVERSION
[STRING_SIZE
] = "ipfire-2.1.0";
29 struct connection_struct
{
30 char name
[STRING_SIZE
];
31 char proto
[STRING_SIZE
];
33 struct connection_struct
*next
;
36 typedef struct connection_struct connection
;
38 void exithandler(void)
49 printf("Wrapper for OpenVPN v%s-debug\n", WRAPPERVERSION
);
51 printf("Wrapper for OpenVPN v%s\n", WRAPPERVERSION
);
53 printf("openvpnctrl <option>\n");
54 printf(" Valid options are:\n");
55 printf(" -s --start\n");
56 printf(" starts OpenVPN (implicitly creates chains and firewall rules)\n");
57 printf(" -k --kill\n");
58 printf(" kills/stops OpenVPN\n");
59 printf(" -r --restart\n");
60 printf(" restarts OpenVPN (implicitly creates chains and firewall rules)\n");
61 printf(" -d --display\n");
62 printf(" displays OpenVPN status to syslog\n");
63 printf(" -fwr --firewall-rules\n");
64 printf(" removes current OpenVPN chains and rules and resets them according to the config\n");
65 printf(" -sdo --start-daemon-only\n");
66 printf(" starts OpenVPN daemon only\n");
67 printf(" -ccr --create-chains-and-rules\n");
68 printf(" creates chains and rules for OpenVPN\n");
69 printf(" -dcr --delete-chains-and-rules\n");
70 printf(" removes all chains for OpenVPN\n");
74 connection
*getConnections() {
77 if (!(fp
= fopen(CONFIG_ROOT
"/ovpn/ovpnconfig", "r"))) {
78 fprintf(stderr
, "Could not open openvpn n2n configuration file.\n");
82 char line
[STRING_SIZE
] = "";
85 connection
*conn_first
= NULL
;
86 connection
*conn_last
= NULL
;
87 connection
*conn_curr
;
89 while ((fgets(line
, STRING_SIZE
, fp
) != NULL
)) {
90 if (line
[strlen(line
) - 1] == '\n')
91 line
[strlen(line
) - 1] = '\0';
93 conn_curr
= (connection
*)malloc(sizeof(connection
));
94 memset(conn_curr
, 0, sizeof(connection
));
96 if (conn_first
== NULL
) {
97 conn_first
= conn_curr
;
99 conn_last
->next
= conn_curr
;
101 conn_last
= conn_curr
;
104 result
= strtok(line
, ",");
107 strcpy(conn_curr
->name
, result
);
108 } else if (count
== 12) {
109 strcpy(conn_curr
->proto
, result
);
110 } else if (count
== 13) {
111 conn_curr
->port
= atoi(result
);
114 result
= strtok(NULL
, ",");
124 void ovpnInit(void) {
126 // Read OpenVPN configuration
127 kv
= initkeyvalues();
128 if (!readkeyvalues(kv
, CONFIG_ROOT
"/ovpn/settings")) {
129 fprintf(stderr
, "Cannot read ovpn settings\n");
133 if (!findkey(kv
, "ENABLED", enablered
)) {
134 fprintf(stderr
, "Cannot read ENABLED\n");
138 if (!findkey(kv
, "ENABLED_BLUE", enableblue
)){
139 fprintf(stderr
, "Cannot read ENABLED_BLUE\n");
143 if (!findkey(kv
, "ENABLED_ORANGE", enableorange
)){
144 fprintf(stderr
, "Cannot read ENABLED_ORANGE\n");
149 // read interface settings
151 // details for the red int
152 memset(redif
, 0, STRING_SIZE
);
153 if ((ifacefile
= fopen(CONFIG_ROOT
"/red/iface", "r")))
155 if (fgets(redif
, STRING_SIZE
, ifacefile
))
157 if (redif
[strlen(redif
) - 1] == '\n')
158 redif
[strlen(redif
) - 1] = '\0';
163 if (!VALID_DEVICE(redif
))
165 memset(redif
, 0, STRING_SIZE
);
170 if (!readkeyvalues(kv
, CONFIG_ROOT
"/ethernet/settings"))
172 fprintf(stderr
, "Cannot read ethernet settings\n");
176 if (strcmp(enableblue
, "on")==0){
177 if (!findkey(kv
, "BLUE_DEV", blueif
)){
178 fprintf(stderr
, "Cannot read BLUE_DEV\n");
182 if (strcmp(enableorange
, "on")==0){
183 if (!findkey(kv
, "ORANGE_DEV", orangeif
)){
184 fprintf(stderr
, "Cannot read ORNAGE_DEV\n");
191 void executeCommand(char *command
) {
193 printf(strncat(command
, "\n", 2));
195 safe_system(strncat(command
, " >/dev/null 2>&1", 17));
198 void setChainRules(char *chain
, char *interface
, char *protocol
, char *port
)
200 char str
[STRING_SIZE
];
202 sprintf(str
, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %s -j ACCEPT", chain
, interface
, protocol
, port
);
204 sprintf(str
, "/sbin/iptables -A %sINPUT -i tun+ -j ACCEPT", chain
);
206 sprintf(str
, "/sbin/iptables -A %sFORWARD -i tun+ -j ACCEPT", chain
);
210 void flushChain(char *chain
) {
211 char str
[STRING_SIZE
];
213 sprintf(str
, "/sbin/iptables -F %sINPUT", chain
);
215 sprintf(str
, "/sbin/iptables -F %sFORWARD", chain
);
220 void deleteChainReference(char *chain
) {
221 char str
[STRING_SIZE
];
223 sprintf(str
, "/sbin/iptables -D INPUT -j %sINPUT", chain
);
226 sprintf(str
, "/sbin/iptables -D FORWARD -j %sFORWARD", chain
);
231 void deleteChain(char *chain
) {
232 char str
[STRING_SIZE
];
234 sprintf(str
, "/sbin/iptables -X %sINPUT", chain
);
236 sprintf(str
, "/sbin/iptables -X %sFORWARD", chain
);
240 void deleteAllChains(void) {
241 // not an elegant solution, but to avoid timing problems with undeleted chain references
242 deleteChainReference(OVPNRED
);
243 deleteChainReference(OVPNBLUE
);
244 deleteChainReference(OVPNORANGE
);
246 flushChain(OVPNBLUE
);
247 flushChain(OVPNORANGE
);
248 deleteChain(OVPNRED
);
249 deleteChain(OVPNBLUE
);
250 deleteChain(OVPNORANGE
);
253 void createChainReference(char *chain
) {
254 char str
[STRING_SIZE
];
255 sprintf(str
, "/sbin/iptables -I INPUT %s -j %sINPUT", "14", chain
);
257 sprintf(str
, "/sbin/iptables -I FORWARD %s -j %sFORWARD", "12", chain
);
261 void createChain(char *chain
) {
262 char str
[STRING_SIZE
];
263 sprintf(str
, "/sbin/iptables -N %sINPUT", chain
);
265 sprintf(str
, "/sbin/iptables -N %sFORWARD", chain
);
269 void createAllChains(void) {
270 if (!((strcmp(enablered
, "on")==0) || (strcmp(enableblue
, "on")==0) || (strcmp(enableorange
, "on")==0))){
271 fprintf(stderr
, "OpenVPN is not enabled on any interface\n");
274 // create chain and chain references
275 if (!strcmp(enableorange
, "on")) {
276 if (strlen(orangeif
)) {
277 createChain(OVPNORANGE
);
278 createChainReference(OVPNORANGE
);
280 fprintf(stderr
, "OpenVPN enabled on orange but no orange interface found\n");
285 if (!strcmp(enableblue
, "on")) {
286 if (strlen(blueif
)) {
287 createChain(OVPNBLUE
);
288 createChainReference(OVPNBLUE
);
290 fprintf(stderr
, "OpenVPN enabled on blue but no blue interface found\n");
295 if (!strcmp(enablered
, "on")) {
297 createChain(OVPNRED
);
298 createChainReference(OVPNRED
);
300 fprintf(stderr
, "OpenVPN enabled on red but no red interface found\n");
307 void setFirewallRules(void) {
308 char protocol
[STRING_SIZE
] = "";
309 char dport
[STRING_SIZE
] = "";
310 char dovpnip
[STRING_SIZE
] = "";
312 /* check if it makes sence to proceed further */
313 if (!((strcmp(enablered
, "on")==0) || (strcmp(enableblue
, "on")==0) || (strcmp(enableorange
, "on")==0))){
314 fprintf(stderr
, "Config error, at least one device must be enabled\n");
318 kv
= initkeyvalues();
319 if (!readkeyvalues(kv
, CONFIG_ROOT
"/ovpn/settings"))
321 fprintf(stderr
, "Cannot read ovpn settings\n");
325 /* we got one device, so lets proceed further */
326 if (!findkey(kv
, "DDEST_PORT", dport
)){
327 fprintf(stderr
, "Cannot read DDEST_PORT\n");
331 if (!findkey(kv
, "DPROTOCOL", protocol
)){
332 fprintf(stderr
, "Cannot read DPROTOCOL\n");
336 if (!findkey(kv
, "VPN_IP", dovpnip
)){
337 fprintf(stderr
, "Cannot read VPN_IP\n");
338 // exit(1); step further as we don't need an ip
342 // read connection configuration
343 connection
*conn
= getConnections();
345 // set firewall rules
346 if (!strcmp(enablered
, "on") && strlen(redif
))
347 setChainRules(OVPNRED
, redif
, protocol
, dport
);
348 if (!strcmp(enableblue
, "on") && strlen(blueif
))
349 setChainRules(OVPNBLUE
, blueif
, protocol
, dport
);
350 if (!strcmp(enableorange
, "on") && strlen(orangeif
))
351 setChainRules(OVPNORANGE
, orangeif
, protocol
, dport
);
353 // set firewall rules for n2n connections
354 char port
[STRING_SIZE
];
356 sprintf(port
, "%d", conn
->port
);
357 setChainRules(OVPNRED
, redif
, &conn
->proto
, &port
);
362 void stopDaemon(void) {
363 char command
[STRING_SIZE
];
365 snprintf(command
, STRING_SIZE
- 1, "/bin/killall openvpn");
366 executeCommand(command
);
367 snprintf(command
, STRING_SIZE
- 1, "/bin/rm -f /var/run/openvpn.pid");
368 executeCommand(command
);
369 snprintf(command
, STRING_SIZE
-1, "/sbin/modprobe -r tun");
370 executeCommand(command
);
373 void startDaemon(void) {
374 char command
[STRING_SIZE
];
376 if (!((strcmp(enablered
, "on")==0) || (strcmp(enableblue
, "on")==0) || (strcmp(enableorange
, "on")==0))){
377 fprintf(stderr
, "OpenVPN is not enabled on any interface\n");
380 snprintf(command
, STRING_SIZE
-1, "/sbin/modprobe tun");
381 executeCommand(command
);
382 snprintf(command
, STRING_SIZE
-1, "/usr/sbin/openvpn --config /var/ipfire/ovpn/server.conf");
383 executeCommand(command
);
387 void startNet2Net(char *name
) {
388 connection
*conn
= NULL
;
389 connection
*conn_iter
;
391 conn_iter
= getConnections();
394 if (strcmp(conn_iter
->name
, name
) == 0) {
398 conn_iter
= conn_iter
->next
;
402 fprintf(stderr
, "Connection not found.\n");
406 char command
[STRING_SIZE
];
407 sprintf(command
, "/usr/sbin/openvpn --config " CONFIG_ROOT
"/ovpn/n2nconf/%s/%s.conf", conn
->name
, conn
->name
);
408 executeCommand(command
);
411 void killNet2Net(char *conn
) {
412 printf("TO BE DONE %s\n", conn
);
415 void displayopenvpn(void) {
416 char command
[STRING_SIZE
];
418 snprintf(command
, STRING_SIZE
- 1, "/bin/killall -sSIGUSR2 openvpn");
419 executeCommand(command
);
422 int main(int argc
, char *argv
[]) {
429 if( (strcmp(argv
[1], "-sn2n") == 0) || (strcmp(argv
[1], "--start-net-2-net") == 0) ) {
430 startNet2Net(argv
[2]);
433 else if( (strcmp(argv
[1], "-kn2n") == 0) || (strcmp(argv
[1], "--kill-net-2-net") == 0) ) {
434 killNet2Net(argv
[2]);
442 if( (strcmp(argv
[1], "-k") == 0) || (strcmp(argv
[1], "--kill") == 0) ) {
446 else if( (strcmp(argv
[1], "-d") == 0) || (strcmp(argv
[1], "--display") == 0) ) {
450 else if( (strcmp(argv
[1], "-dcr") == 0) || (strcmp(argv
[1], "--delete-chains-and-rules") == 0) ) {
457 if( (strcmp(argv
[1], "-s") == 0) || (strcmp(argv
[1], "--start") == 0) ) {
464 else if( (strcmp(argv
[1], "-sdo") == 0) || (strcmp(argv
[1], "--start-daemon-only") == 0) ) {
468 else if( (strcmp(argv
[1], "-r") == 0) || (strcmp(argv
[1], "--restart") == 0) ) {
476 else if( (strcmp(argv
[1], "-fwr") == 0) || (strcmp(argv
[1], "--firewall-rules") == 0) ) {
482 else if( (strcmp(argv
[1], "-ccr") == 0) || (strcmp(argv
[1], "--create-chains-and-rules") == 0) ) {