14 struct keyvalue
*kv
= NULL
;
15 FILE *ifacefile
= NULL
;
17 char redif
[STRING_SIZE
];
18 char blueif
[STRING_SIZE
];
19 char orangeif
[STRING_SIZE
];
20 char enablered
[STRING_SIZE
] = "off";
21 char enableblue
[STRING_SIZE
] = "off";
22 char enableorange
[STRING_SIZE
] = "off";
25 char OVPNRED
[STRING_SIZE
] = "OVPN";
26 char OVPNBLUE
[STRING_SIZE
] = "OVPN_BLUE_";
27 char OVPNORANGE
[STRING_SIZE
] = "OVPN_ORANGE_";
28 char WRAPPERVERSION
[STRING_SIZE
] = "ipfire-2.1.2";
30 struct connection_struct
{
31 char name
[STRING_SIZE
];
32 char type
[STRING_SIZE
];
33 char proto
[STRING_SIZE
];
35 struct connection_struct
*next
;
38 typedef struct connection_struct connection
;
40 void exithandler(void)
51 printf("Wrapper for OpenVPN %s-debug\n", WRAPPERVERSION
);
53 printf("Wrapper for OpenVPN %s\n", WRAPPERVERSION
);
55 printf("openvpnctrl <option>\n");
56 printf(" Valid options are:\n");
57 printf(" -s --start\n");
58 printf(" starts OpenVPN (implicitly creates chains and firewall rules)\n");
59 printf(" -k --kill\n");
60 printf(" kills/stops OpenVPN\n");
61 printf(" -r --restart\n");
62 printf(" restarts OpenVPN (implicitly creates chains and firewall rules)\n");
63 printf(" -d --display\n");
64 printf(" displays OpenVPN status to syslog\n");
65 printf(" -fwr --firewall-rules\n");
66 printf(" removes current OpenVPN chains and rules and resets them according to the config\n");
67 printf(" -sdo --start-daemon-only\n");
68 printf(" starts OpenVPN daemon only\n");
69 printf(" -ccr --create-chains-and-rules\n");
70 printf(" creates chains and rules for OpenVPN\n");
71 printf(" -dcr --delete-chains-and-rules\n");
72 printf(" removes all chains for OpenVPN\n");
76 connection
*getConnections() {
79 if (!(fp
= fopen(CONFIG_ROOT
"/ovpn/ovpnconfig", "r"))) {
80 fprintf(stderr
, "Could not open openvpn n2n configuration file.\n");
84 char line
[STRING_SIZE
] = "";
87 connection
*conn_first
= NULL
;
88 connection
*conn_last
= NULL
;
89 connection
*conn_curr
;
91 while ((fgets(line
, STRING_SIZE
, fp
) != NULL
)) {
92 if (line
[strlen(line
) - 1] == '\n')
93 line
[strlen(line
) - 1] = '\0';
95 conn_curr
= (connection
*)malloc(sizeof(connection
));
96 memset(conn_curr
, 0, sizeof(connection
));
98 if (conn_first
== NULL
) {
99 conn_first
= conn_curr
;
101 conn_last
->next
= conn_curr
;
103 conn_last
= conn_curr
;
106 result
= strtok(line
, ",");
109 strcpy(conn_curr
->name
, result
);
110 } else if (count
== 4) {
111 strcpy(conn_curr
->type
, result
);
112 } else if (count
== 12) {
113 strcpy(conn_curr
->proto
, result
);
114 } else if (count
== 13) {
115 conn_curr
->port
= atoi(result
);
118 result
= strtok(NULL
, ",");
128 int readPidFile(const char *pidfile
) {
129 FILE *fp
= fopen(pidfile
, "r");
131 fprintf(stderr
, "PID file not found: '%s'\n", pidfile
);
136 fscanf(fp
, "%d", &pid
);
142 void ovpnInit(void) {
144 // Read OpenVPN configuration
145 kv
= initkeyvalues();
146 if (!readkeyvalues(kv
, CONFIG_ROOT
"/ovpn/settings")) {
147 fprintf(stderr
, "Cannot read ovpn settings\n");
151 if (!findkey(kv
, "ENABLED", enablered
)) {
152 fprintf(stderr
, "Cannot read ENABLED\n");
156 if (!findkey(kv
, "ENABLED_BLUE", enableblue
)){
157 fprintf(stderr
, "Cannot read ENABLED_BLUE\n");
161 if (!findkey(kv
, "ENABLED_ORANGE", enableorange
)){
162 fprintf(stderr
, "Cannot read ENABLED_ORANGE\n");
167 // read interface settings
169 // details for the red int
170 memset(redif
, 0, STRING_SIZE
);
171 if ((ifacefile
= fopen(CONFIG_ROOT
"/red/iface", "r")))
173 if (fgets(redif
, STRING_SIZE
, ifacefile
))
175 if (redif
[strlen(redif
) - 1] == '\n')
176 redif
[strlen(redif
) - 1] = '\0';
181 if (!VALID_DEVICE(redif
))
183 memset(redif
, 0, STRING_SIZE
);
188 if (!readkeyvalues(kv
, CONFIG_ROOT
"/ethernet/settings"))
190 fprintf(stderr
, "Cannot read ethernet settings\n");
194 if (strcmp(enableblue
, "on")==0){
195 if (!findkey(kv
, "BLUE_DEV", blueif
)){
196 fprintf(stderr
, "Cannot read BLUE_DEV\n");
200 if (strcmp(enableorange
, "on")==0){
201 if (!findkey(kv
, "ORANGE_DEV", orangeif
)){
202 fprintf(stderr
, "Cannot read ORNAGE_DEV\n");
209 void executeCommand(char *command
) {
211 printf(strncat(command
, "\n", 2));
213 safe_system(strncat(command
, " >/dev/null 2>&1", 17));
216 void setChainRules(char *chain
, char *interface
, char *protocol
, char *port
)
218 char str
[STRING_SIZE
];
220 sprintf(str
, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %s -j ACCEPT", chain
, interface
, protocol
, port
);
222 sprintf(str
, "/sbin/iptables -A %sINPUT -i tun+ -j ACCEPT", chain
);
224 sprintf(str
, "/sbin/iptables -A %sFORWARD -i tun+ -j ACCEPT", chain
);
228 void flushChain(char *chain
) {
229 char str
[STRING_SIZE
];
231 sprintf(str
, "/sbin/iptables -F %sINPUT", chain
);
233 sprintf(str
, "/sbin/iptables -F %sFORWARD", chain
);
238 void deleteChainReference(char *chain
) {
239 char str
[STRING_SIZE
];
241 sprintf(str
, "/sbin/iptables -D INPUT -j %sINPUT", chain
);
244 sprintf(str
, "/sbin/iptables -D FORWARD -j %sFORWARD", chain
);
249 void deleteChain(char *chain
) {
250 char str
[STRING_SIZE
];
252 sprintf(str
, "/sbin/iptables -X %sINPUT", chain
);
254 sprintf(str
, "/sbin/iptables -X %sFORWARD", chain
);
258 void deleteAllChains(void) {
259 // not an elegant solution, but to avoid timing problems with undeleted chain references
260 deleteChainReference(OVPNRED
);
261 deleteChainReference(OVPNBLUE
);
262 deleteChainReference(OVPNORANGE
);
264 flushChain(OVPNBLUE
);
265 flushChain(OVPNORANGE
);
266 deleteChain(OVPNRED
);
267 deleteChain(OVPNBLUE
);
268 deleteChain(OVPNORANGE
);
271 void createChainReference(char *chain
) {
272 char str
[STRING_SIZE
];
273 sprintf(str
, "/sbin/iptables -I INPUT %s -j %sINPUT", "14", chain
);
275 sprintf(str
, "/sbin/iptables -I FORWARD %s -j %sFORWARD", "12", chain
);
279 void createChain(char *chain
) {
280 char str
[STRING_SIZE
];
281 sprintf(str
, "/sbin/iptables -N %sINPUT", chain
);
283 sprintf(str
, "/sbin/iptables -N %sFORWARD", chain
);
287 void createAllChains(void) {
288 // create chain and chain references
289 if (!strcmp(enableorange
, "on")) {
290 if (strlen(orangeif
)) {
291 createChain(OVPNORANGE
);
292 createChainReference(OVPNORANGE
);
294 fprintf(stderr
, "OpenVPN enabled on orange but no orange interface found\n");
299 if (!strcmp(enableblue
, "on")) {
300 if (strlen(blueif
)) {
301 createChain(OVPNBLUE
);
302 createChainReference(OVPNBLUE
);
304 fprintf(stderr
, "OpenVPN enabled on blue but no blue interface found\n");
309 if (!strcmp(enablered
, "on")) {
311 createChain(OVPNRED
);
312 createChainReference(OVPNRED
);
314 fprintf(stderr
, "OpenVPN enabled on red but no red interface found\n");
320 void setFirewallRules(void) {
321 char protocol
[STRING_SIZE
] = "";
322 char dport
[STRING_SIZE
] = "";
323 char dovpnip
[STRING_SIZE
] = "";
325 kv
= initkeyvalues();
326 if (!readkeyvalues(kv
, CONFIG_ROOT
"/ovpn/settings"))
328 fprintf(stderr
, "Cannot read ovpn settings\n");
332 /* we got one device, so lets proceed further */
333 if (!findkey(kv
, "DDEST_PORT", dport
)){
334 fprintf(stderr
, "Cannot read DDEST_PORT\n");
338 if (!findkey(kv
, "DPROTOCOL", protocol
)){
339 fprintf(stderr
, "Cannot read DPROTOCOL\n");
343 if (!findkey(kv
, "VPN_IP", dovpnip
)){
344 fprintf(stderr
, "Cannot read VPN_IP\n");
345 // exit(1); step further as we don't need an ip
351 flushChain(OVPNBLUE
);
352 flushChain(OVPNORANGE
);
354 // set firewall rules
355 if (!strcmp(enablered
, "on") && strlen(redif
))
356 setChainRules(OVPNRED
, redif
, protocol
, dport
);
357 if (!strcmp(enableblue
, "on") && strlen(blueif
))
358 setChainRules(OVPNBLUE
, blueif
, protocol
, dport
);
359 if (!strcmp(enableorange
, "on") && strlen(orangeif
))
360 setChainRules(OVPNORANGE
, orangeif
, protocol
, dport
);
362 // read connection configuration
363 connection
*conn
= getConnections();
365 // set firewall rules for n2n connections
366 char command
[STRING_SIZE
];
367 while (conn
!= NULL
) {
368 if (strcmp(conn
->type
, "net") == 0) {
369 sprintf(command
, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %d -j ACCEPT",
370 OVPNRED
, redif
, conn
->proto
, conn
->port
);
371 executeCommand(command
);
378 void stopDaemon(void) {
379 char command
[STRING_SIZE
];
381 int pid
= readPidFile("/var/run/openvpn.pid");
386 fprintf(stderr
, "Killing PID %d.\n", pid
);
389 snprintf(command
, STRING_SIZE
- 1, "/bin/rm -f /var/run/openvpn.pid");
390 executeCommand(command
);
393 void startDaemon(void) {
394 char command
[STRING_SIZE
];
396 if (!((strcmp(enablered
, "on")==0) || (strcmp(enableblue
, "on")==0) || (strcmp(enableorange
, "on")==0))){
397 fprintf(stderr
, "OpenVPN is not enabled on any interface\n");
400 snprintf(command
, STRING_SIZE
-1, "/sbin/modprobe tun");
401 executeCommand(command
);
402 snprintf(command
, STRING_SIZE
-1, "/usr/sbin/openvpn --config /var/ipfire/ovpn/server.conf");
403 executeCommand(command
);
407 void startNet2Net(char *name
) {
408 connection
*conn
= NULL
;
409 connection
*conn_iter
;
411 conn_iter
= getConnections();
414 if ((strcmp(conn_iter
->type
, "net") == 0) && (strcmp(conn_iter
->name
, name
) == 0)) {
418 conn_iter
= conn_iter
->next
;
422 fprintf(stderr
, "Connection not found.\n");
426 char configfile
[STRING_SIZE
];
427 snprintf(configfile
, STRING_SIZE
- 1, CONFIG_ROOT
"/ovpn/n2nconf/%s/%s.conf",
428 conn
->name
, conn
->name
);
430 FILE *fp
= fopen(configfile
, "r");
432 fprintf(stderr
, "Could not find configuration file for connection '%s' at '%s'.\n",
433 conn
->name
, configfile
);
438 // Make sure all firewall rules are up to date.
441 char command
[STRING_SIZE
];
442 sprintf(command
, "/usr/sbin/openvpn --config %s", configfile
);
443 executeCommand(command
);
446 void killNet2Net(char *name
) {
447 connection
*conn
= NULL
;
448 connection
*conn_iter
;
450 conn_iter
= getConnections();
453 if (strcmp(conn_iter
->name
, name
) == 0) {
457 conn_iter
= conn_iter
->next
;
461 fprintf(stderr
, "Connection not found.\n");
465 char pidfile
[STRING_SIZE
];
466 snprintf(pidfile
, STRING_SIZE
- 1, "/var/run/%sn2n.pid", conn
->name
);
468 int pid
= readPidFile(pidfile
);
473 fprintf(stderr
, "Killing PID %d.\n", pid
);
476 char command
[STRING_SIZE
];
477 snprintf(command
, STRING_SIZE
- 1, "/bin/rm -f %s", pidfile
);
478 executeCommand(command
);
483 void displayopenvpn(void) {
484 char command
[STRING_SIZE
];
486 snprintf(command
, STRING_SIZE
- 1, "/bin/killall -sSIGUSR2 openvpn");
487 executeCommand(command
);
490 int main(int argc
, char *argv
[]) {
499 if( (strcmp(argv
[1], "-sn2n") == 0) || (strcmp(argv
[1], "--start-net-2-net") == 0) ) {
500 startNet2Net(argv
[2]);
503 else if( (strcmp(argv
[1], "-kn2n") == 0) || (strcmp(argv
[1], "--kill-net-2-net") == 0) ) {
504 killNet2Net(argv
[2]);
512 if( (strcmp(argv
[1], "-k") == 0) || (strcmp(argv
[1], "--kill") == 0) ) {
516 else if( (strcmp(argv
[1], "-d") == 0) || (strcmp(argv
[1], "--display") == 0) ) {
520 else if( (strcmp(argv
[1], "-dcr") == 0) || (strcmp(argv
[1], "--delete-chains-and-rules") == 0) ) {
527 if( (strcmp(argv
[1], "-s") == 0) || (strcmp(argv
[1], "--start") == 0) ) {
534 else if( (strcmp(argv
[1], "-sdo") == 0) || (strcmp(argv
[1], "--start-daemon-only") == 0) ) {
538 else if( (strcmp(argv
[1], "-r") == 0) || (strcmp(argv
[1], "--restart") == 0) ) {
546 else if( (strcmp(argv
[1], "-fwr") == 0) || (strcmp(argv
[1], "--firewall-rules") == 0) ) {
552 else if( (strcmp(argv
[1], "-ccr") == 0) || (strcmp(argv
[1], "--create-chains-and-rules") == 0) ) {
projects / people / teissler / ipfire-2.x.git / blob