Merge branch 'tomato-RT' into Toastman-RT
[tomato.git] / release / src / router / rc / vpn.c
blob44bdaaa26bf35c852e00402b702b276a52f7daa2
1 /*
3 Copyright (C) 2008-2010 Keith Moyer, tomatovpn@keithmoyer.com
5 No part of this file may be used without permission.
7 */
9 #include "rc.h"
11 #include <sys/types.h>
12 #include <sys/wait.h>
13 #include <dirent.h>
14 #include <string.h>
15 #include <time.h>
17 // Line number as text string
18 #define __LINE_T__ __LINE_T_(__LINE__)
19 #define __LINE_T_(x) __LINE_T(x)
20 #define __LINE_T(x) # x
22 #define VPN_LOG_ERROR -1
23 #define VPN_LOG_NOTE 0
24 #define VPN_LOG_INFO 1
25 #define VPN_LOG_EXTRA 2
26 #define vpnlog(level,x...) if(nvram_get_int("vpn_debug")>=level) syslog(LOG_INFO, #level ": " __LINE_T__ ": " x)
28 #define CLIENT_IF_START 10
29 #define SERVER_IF_START 20
31 #define BUF_SIZE 256
32 #define IF_SIZE 8
34 static int waitfor(const char *name)
36 int pid, n = 5;
38 killall_tk(name);
39 while ( (pid = pidof(name)) >= 0 && (n-- > 0) )
41 // Reap the zombie if it has terminated
42 waitpid(pid, NULL, WNOHANG);
43 sleep(1);
45 return (pid >= 0);
48 void start_vpnclient(int clientNum)
50 FILE *fp;
51 char iface[IF_SIZE];
52 char buffer[BUF_SIZE];
53 char *argv[6];
54 int argc = 0;
55 enum { TLS, SECRET, CUSTOM } cryptMode = CUSTOM;
56 enum { TAP, TUN } ifType = TUN;
57 enum { BRIDGE, NAT, NONE } routeMode = NONE;
58 int nvi, ip[4], nm[4];
59 long int nvl;
60 int pid;
62 sprintf(&buffer[0], "vpnclient%d", clientNum);
63 if (getpid() != 1) {
64 start_service(&buffer[0]);
65 return;
68 vpnlog(VPN_LOG_INFO,"VPN GUI client backend starting...");
70 if ( (pid = pidof(&buffer[0])) >= 0 )
72 vpnlog(VPN_LOG_NOTE, "VPN Client %d already running...", clientNum);
73 vpnlog(VPN_LOG_INFO,"PID: %d", pid);
74 return;
77 // Determine interface
78 sprintf(&buffer[0], "vpn_client%d_if", clientNum);
79 if ( nvram_contains_word(&buffer[0], "tap") )
80 ifType = TAP;
81 else if ( nvram_contains_word(&buffer[0], "tun") )
82 ifType = TUN;
83 else
85 vpnlog(VPN_LOG_ERROR, "Invalid interface type, %.3s", nvram_safe_get(&buffer[0]));
86 return;
89 // Build interface name
90 snprintf(&iface[0], IF_SIZE, "%s%d", nvram_safe_get(&buffer[0]), clientNum+CLIENT_IF_START);
92 // Determine encryption mode
93 sprintf(&buffer[0], "vpn_client%d_crypt", clientNum);
94 if ( nvram_contains_word(&buffer[0], "tls") )
95 cryptMode = TLS;
96 else if ( nvram_contains_word(&buffer[0], "secret") )
97 cryptMode = SECRET;
98 else if ( nvram_contains_word(&buffer[0], "custom") )
99 cryptMode = CUSTOM;
100 else
102 vpnlog(VPN_LOG_ERROR,"Invalid encryption mode, %.6s", nvram_safe_get(&buffer[0]));
103 return;
106 // Determine if we should bridge the tunnel
107 sprintf(&buffer[0], "vpn_client%d_bridge", clientNum);
108 if ( ifType == TAP && nvram_get_int(&buffer[0]) == 1 )
109 routeMode = BRIDGE;
111 // Determine if we should NAT the tunnel
112 sprintf(&buffer[0], "vpn_client%d_nat", clientNum);
113 if ( (ifType == TUN || routeMode != BRIDGE) && nvram_get_int(&buffer[0]) == 1 )
114 routeMode = NAT;
116 // Make sure openvpn directory exists
117 mkdir("/etc/openvpn", 0700);
118 sprintf(&buffer[0], "/etc/openvpn/client%d", clientNum);
119 mkdir(&buffer[0], 0700);
121 // Make sure symbolic link exists
122 sprintf(&buffer[0], "/etc/openvpn/vpnclient%d", clientNum);
123 unlink(&buffer[0]);
124 if ( symlink("/usr/sbin/openvpn", &buffer[0]) )
126 vpnlog(VPN_LOG_ERROR,"Creating symlink failed...");
127 stop_vpnclient(clientNum);
128 return;
131 // Make sure module is loaded
132 modprobe("tun");
133 f_wait_exists("/dev/net/tun", 5);
135 // Create tap/tun interface
136 sprintf(&buffer[0], "openvpn --mktun --dev %s", &iface[0]);
137 for (argv[argc=0] = strtok(&buffer[0], " "); argv[argc] != NULL; argv[++argc] = strtok(NULL, " "));
138 if ( _eval(argv, NULL, 0, NULL) )
140 vpnlog(VPN_LOG_ERROR,"Creating tunnel interface failed...");
141 stop_vpnclient(clientNum);
142 return;
145 // Bring interface up (TAP only)
146 if( ifType == TAP )
148 if ( routeMode == BRIDGE )
150 snprintf(&buffer[0], BUF_SIZE, "brctl addif %s %s", nvram_safe_get("lan_ifname"), &iface[0]);
151 for (argv[argc=0] = strtok(&buffer[0], " "); argv[argc] != NULL; argv[++argc] = strtok(NULL, " "));
152 if ( _eval(argv, NULL, 0, NULL) )
154 vpnlog(VPN_LOG_ERROR,"Adding tunnel interface to bridge failed...");
155 stop_vpnclient(clientNum);
156 return;
160 snprintf(&buffer[0], BUF_SIZE, "ifconfig %s promisc up", &iface[0]);
161 for (argv[argc=0] = strtok(&buffer[0], " "); argv[argc] != NULL; argv[++argc] = strtok(NULL, " "));
162 if ( _eval(argv, NULL, 0, NULL) )
164 vpnlog(VPN_LOG_ERROR,"Bringing interface up failed...");
165 stop_vpnclient(clientNum);
166 return;
170 // Build and write config file
171 vpnlog(VPN_LOG_EXTRA,"Writing config file");
172 sprintf(&buffer[0], "/etc/openvpn/client%d/config.ovpn", clientNum);
173 fp = fopen(&buffer[0], "w");
174 chmod(&buffer[0], S_IRUSR|S_IWUSR);
175 fprintf(fp, "# Automatically generated configuration\n");
176 fprintf(fp, "daemon\n");
177 if ( cryptMode == TLS )
178 fprintf(fp, "client\n");
179 fprintf(fp, "dev %s\n", &iface[0]);
180 sprintf(&buffer[0], "vpn_client%d_proto", clientNum);
181 fprintf(fp, "proto %s\n", nvram_safe_get(&buffer[0]));
182 sprintf(&buffer[0], "vpn_client%d_addr", clientNum);
183 fprintf(fp, "remote %s ", nvram_safe_get(&buffer[0]));
184 sprintf(&buffer[0], "vpn_client%d_port", clientNum);
185 fprintf(fp, "%d\n", nvram_get_int(&buffer[0]));
186 if ( cryptMode == SECRET )
188 if ( ifType == TUN )
190 sprintf(&buffer[0], "vpn_client%d_local", clientNum);
191 fprintf(fp, "ifconfig %s ", nvram_safe_get(&buffer[0]));
192 sprintf(&buffer[0], "vpn_client%d_remote", clientNum);
193 fprintf(fp, "%s\n", nvram_safe_get(&buffer[0]));
195 else if ( ifType == TAP )
197 sprintf(&buffer[0], "vpn_client%d_local", clientNum);
198 fprintf(fp, "ifconfig %s ", nvram_safe_get(&buffer[0]));
199 sprintf(&buffer[0], "vpn_client%d_nm", clientNum);
200 fprintf(fp, "%s\n", nvram_safe_get(&buffer[0]));
203 sprintf(&buffer[0], "vpn_client%d_retry", clientNum);
204 if ( (nvi = nvram_get_int(&buffer[0])) >= 0 )
205 fprintf(fp, "resolv-retry %d\n", nvi);
206 else
207 fprintf(fp, "resolv-retry infinite\n");
208 sprintf(&buffer[0], "vpn_client%d_reneg", clientNum);
209 if ( (nvl = atol(nvram_safe_get(&buffer[0]))) >= 0 )
210 fprintf(fp, "reneg-sec %ld\n", nvl);
211 fprintf(fp, "nobind\n");
212 fprintf(fp, "persist-key\n");
213 fprintf(fp, "persist-tun\n");
214 sprintf(&buffer[0], "vpn_client%d_comp", clientNum);
215 if ( nvram_get_int(&buffer[0]) >= 0 )
216 fprintf(fp, "comp-lzo %s\n", nvram_safe_get(&buffer[0]));
217 sprintf(&buffer[0], "vpn_client%d_cipher", clientNum);
218 if ( !nvram_contains_word(&buffer[0], "default") )
219 fprintf(fp, "cipher %s\n", nvram_safe_get(&buffer[0]));
220 sprintf(&buffer[0], "vpn_client%d_rgw", clientNum);
221 if ( nvram_get_int(&buffer[0]) )
223 sprintf(&buffer[0], "vpn_client%d_gw", clientNum);
224 if ( ifType == TAP && nvram_safe_get(&buffer[0])[0] != '\0' )
225 fprintf(fp, "route-gateway %s\n", nvram_safe_get(&buffer[0]));
226 fprintf(fp, "redirect-gateway def1\n");
228 fprintf(fp, "verb 3\n");
229 if ( cryptMode == TLS )
231 sprintf(&buffer[0], "vpn_client%d_adns", clientNum);
232 if ( nvram_get_int(&buffer[0]) > 0 )
234 sprintf(&buffer[0], "/etc/openvpn/client%d/updown.sh", clientNum);
235 symlink("/rom/openvpn/updown.sh", &buffer[0]);
236 fprintf(fp, "script-security 2\n");
237 fprintf(fp, "up updown.sh\n");
238 fprintf(fp, "down updown.sh\n");
241 sprintf(&buffer[0], "vpn_client%d_hmac", clientNum);
242 nvi = nvram_get_int(&buffer[0]);
243 sprintf(&buffer[0], "vpn_client%d_static", clientNum);
244 if ( !nvram_is_empty(&buffer[0]) && nvi >= 0 )
246 fprintf(fp, "tls-auth static.key");
247 if ( nvi < 2 )
248 fprintf(fp, " %d", nvi);
249 fprintf(fp, "\n");
252 sprintf(&buffer[0], "vpn_client%d_ca", clientNum);
253 if ( !nvram_is_empty(&buffer[0]) )
254 fprintf(fp, "ca ca.crt\n");
255 sprintf(&buffer[0], "vpn_client%d_crt", clientNum);
256 if ( !nvram_is_empty(&buffer[0]) )
257 fprintf(fp, "cert client.crt\n");
258 sprintf(&buffer[0], "vpn_client%d_key", clientNum);
259 if ( !nvram_is_empty(&buffer[0]) )
260 fprintf(fp, "key client.key\n");
262 else if ( cryptMode == SECRET )
264 sprintf(&buffer[0], "vpn_client%d_static", clientNum);
265 if ( !nvram_is_empty(&buffer[0]) )
266 fprintf(fp, "secret static.key\n");
268 fprintf(fp, "status-version 2\n");
269 fprintf(fp, "status status\n");
270 fprintf(fp, "\n# Custom Configuration\n");
271 sprintf(&buffer[0], "vpn_client%d_custom", clientNum);
272 fprintf(fp, "%s", nvram_safe_get(&buffer[0]));
273 fclose(fp);
274 vpnlog(VPN_LOG_EXTRA,"Done writing config file");
276 // Write certification and key files
277 vpnlog(VPN_LOG_EXTRA,"Writing certs/keys");
278 if ( cryptMode == TLS )
280 sprintf(&buffer[0], "vpn_client%d_ca", clientNum);
281 if ( !nvram_is_empty(&buffer[0]) )
283 sprintf(&buffer[0], "/etc/openvpn/client%d/ca.crt", clientNum);
284 fp = fopen(&buffer[0], "w");
285 chmod(&buffer[0], S_IRUSR|S_IWUSR);
286 sprintf(&buffer[0], "vpn_client%d_ca", clientNum);
287 fprintf(fp, "%s", nvram_safe_get(&buffer[0]));
288 fclose(fp);
291 sprintf(&buffer[0], "vpn_client%d_key", clientNum);
292 if ( !nvram_is_empty(&buffer[0]) )
294 sprintf(&buffer[0], "/etc/openvpn/client%d/client.key", clientNum);
295 fp = fopen(&buffer[0], "w");
296 chmod(&buffer[0], S_IRUSR|S_IWUSR);
297 sprintf(&buffer[0], "vpn_client%d_key", clientNum);
298 fprintf(fp, "%s", nvram_safe_get(&buffer[0]));
299 fclose(fp);
302 sprintf(&buffer[0], "vpn_client%d_crt", clientNum);
303 if ( !nvram_is_empty(&buffer[0]) )
305 sprintf(&buffer[0], "/etc/openvpn/client%d/client.crt", clientNum);
306 fp = fopen(&buffer[0], "w");
307 chmod(&buffer[0], S_IRUSR|S_IWUSR);
308 sprintf(&buffer[0], "vpn_client%d_crt", clientNum);
309 fprintf(fp, "%s", nvram_safe_get(&buffer[0]));
310 fclose(fp);
313 sprintf(&buffer[0], "vpn_client%d_hmac", clientNum);
314 if ( cryptMode == SECRET || (cryptMode == TLS && nvram_get_int(&buffer[0]) >= 0) )
316 sprintf(&buffer[0], "vpn_client%d_static", clientNum);
317 if ( !nvram_is_empty(&buffer[0]) )
319 sprintf(&buffer[0], "/etc/openvpn/client%d/static.key", clientNum);
320 fp = fopen(&buffer[0], "w");
321 chmod(&buffer[0], S_IRUSR|S_IWUSR);
322 sprintf(&buffer[0], "vpn_client%d_static", clientNum);
323 fprintf(fp, "%s", nvram_safe_get(&buffer[0]));
324 fclose(fp);
327 vpnlog(VPN_LOG_EXTRA,"Done writing certs/keys");
329 // Start the VPN client
330 sprintf(&buffer[0], "/etc/openvpn/vpnclient%d --cd /etc/openvpn/client%d --config config.ovpn", clientNum, clientNum);
331 vpnlog(VPN_LOG_INFO,"Starting OpenVPN: %s",&buffer[0]);
332 for (argv[argc=0] = strtok(&buffer[0], " "); argv[argc] != NULL; argv[++argc] = strtok(NULL, " "));
333 if ( _eval(argv, NULL, 0, &pid) )
335 vpnlog(VPN_LOG_ERROR,"Starting OpenVPN failed...");
336 stop_vpnclient(clientNum);
337 return;
339 vpnlog(VPN_LOG_EXTRA,"Done starting openvpn");
341 // Handle firewall rules if appropriate
342 sprintf(&buffer[0], "vpn_client%d_firewall", clientNum);
343 if ( !nvram_contains_word(&buffer[0], "custom") )
345 // Create firewall rules
346 vpnlog(VPN_LOG_EXTRA,"Creating firewall rules");
347 mkdir("/etc/openvpn/fw", 0700);
348 sprintf(&buffer[0], "/etc/openvpn/fw/client%d-fw.sh", clientNum);
349 fp = fopen(&buffer[0], "w");
350 chmod(&buffer[0], S_IRUSR|S_IWUSR|S_IXUSR);
351 fprintf(fp, "#!/bin/sh\n");
352 fprintf(fp, "iptables -I INPUT -i %s -j ACCEPT\n", &iface[0]);
353 fprintf(fp, "iptables -I FORWARD -i %s -j ACCEPT\n", &iface[0]);
354 if ( routeMode == NAT )
356 sscanf(nvram_safe_get("lan_ipaddr"), "%d.%d.%d.%d", &ip[0], &ip[1], &ip[2], &ip[3]);
357 sscanf(nvram_safe_get("lan_netmask"), "%d.%d.%d.%d", &nm[0], &nm[1], &nm[2], &nm[3]);
358 fprintf(fp, "iptables -t nat -I POSTROUTING -s %d.%d.%d.%d/%s -o %s -j MASQUERADE\n",
359 ip[0]&nm[0], ip[1]&nm[1], ip[2]&nm[2], ip[3]&nm[3], nvram_safe_get("lan_netmask"), &iface[0]);
361 fclose(fp);
362 vpnlog(VPN_LOG_EXTRA,"Done creating firewall rules");
364 // Run the firewall rules
365 vpnlog(VPN_LOG_EXTRA,"Running firewall rules");
366 sprintf(&buffer[0], "/etc/openvpn/fw/client%d-fw.sh", clientNum);
367 argv[0] = &buffer[0];
368 argv[1] = NULL;
369 _eval(argv, NULL, 0, NULL);
370 vpnlog(VPN_LOG_EXTRA,"Done running firewall rules");
373 // Set up cron job
374 sprintf(&buffer[0], "vpn_client%d_poll", clientNum);
375 if ( (nvi = nvram_get_int(&buffer[0])) > 0 )
377 vpnlog(VPN_LOG_EXTRA,"Adding cron job");
378 argv[0] = "cru";
379 argv[1] = "a";
380 sprintf(&buffer[0], "CheckVPNClient%d", clientNum);
381 argv[2] = &buffer[0];
382 sprintf(&buffer[strlen(&buffer[0])+1], "*/%d * * * * service vpnclient%d start", nvi, clientNum);
383 argv[3] = &buffer[strlen(&buffer[0])+1];
384 argv[4] = NULL;
385 _eval(argv, NULL, 0, NULL);
386 vpnlog(VPN_LOG_EXTRA,"Done adding cron job");
389 #ifdef LINUX26
390 sprintf(&buffer[0], "vpn_client%d", clientNum);
391 allow_fastnat(buffer, 0);
392 try_enabling_fastnat();
393 #endif
394 vpnlog(VPN_LOG_INFO,"VPN GUI client backend complete.");
397 void stop_vpnclient(int clientNum)
399 int argc;
400 char *argv[7];
401 char buffer[BUF_SIZE];
403 sprintf(&buffer[0], "vpnclient%d", clientNum);
404 if (getpid() != 1) {
405 stop_service(&buffer[0]);
406 return;
409 vpnlog(VPN_LOG_INFO,"Stopping VPN GUI client backend.");
411 // Remove cron job
412 vpnlog(VPN_LOG_EXTRA,"Removing cron job");
413 argv[0] = "cru";
414 argv[1] = "d";
415 sprintf(&buffer[0], "CheckVPNClient%d", clientNum);
416 argv[2] = &buffer[0];
417 argv[3] = NULL;
418 _eval(argv, NULL, 0, NULL);
419 vpnlog(VPN_LOG_EXTRA,"Done removing cron job");
421 // Remove firewall rules
422 vpnlog(VPN_LOG_EXTRA,"Removing firewall rules.");
423 sprintf(&buffer[0], "/etc/openvpn/fw/client%d-fw.sh", clientNum);
424 argv[0] = "sed";
425 argv[1] = "-i";
426 argv[2] = "s/-A/-D/g;s/-I/-D/g";
427 argv[3] = &buffer[0];
428 argv[4] = NULL;
429 if (!_eval(argv, NULL, 0, NULL))
431 argv[0] = &buffer[0];
432 argv[1] = NULL;
433 _eval(argv, NULL, 0, NULL);
435 vpnlog(VPN_LOG_EXTRA,"Done removing firewall rules.");
437 // Stop the VPN client
438 vpnlog(VPN_LOG_EXTRA,"Stopping OpenVPN client.");
439 sprintf(&buffer[0], "vpnclient%d", clientNum);
440 if ( !waitfor(&buffer[0]) )
441 vpnlog(VPN_LOG_EXTRA,"OpenVPN client stopped.");
443 // NVRAM setting for device type could have changed, just try to remove both
444 vpnlog(VPN_LOG_EXTRA,"Removing VPN device.");
445 sprintf(&buffer[0], "openvpn --rmtun --dev tap%d", clientNum+CLIENT_IF_START);
446 for (argv[argc=0] = strtok(&buffer[0], " "); argv[argc] != NULL; argv[++argc] = strtok(NULL, " "));
447 _eval(argv, NULL, 0, NULL);
449 sprintf(&buffer[0], "openvpn --rmtun --dev tun%d", clientNum+CLIENT_IF_START);
450 for (argv[argc=0] = strtok(&buffer[0], " "); argv[argc] != NULL; argv[++argc] = strtok(NULL, " "));
451 _eval(argv, NULL, 0, NULL);
452 vpnlog(VPN_LOG_EXTRA,"VPN device removed.");
454 modprobe_r("tun");
456 if ( nvram_get_int("vpn_debug") <= VPN_LOG_EXTRA )
458 vpnlog(VPN_LOG_EXTRA,"Removing generated files.");
459 // Delete all files for this client
460 sprintf(&buffer[0], "rm -rf /etc/openvpn/client%d /etc/openvpn/fw/client%d-fw.sh /etc/openvpn/vpnclient%d",clientNum,clientNum,clientNum);
461 for (argv[argc=0] = strtok(&buffer[0], " "); argv[argc] != NULL; argv[++argc] = strtok(NULL, " "));
462 _eval(argv, NULL, 0, NULL);
464 // Attempt to remove directories. Will fail if not empty
465 rmdir("/etc/openvpn/fw");
466 rmdir("/etc/openvpn");
467 vpnlog(VPN_LOG_EXTRA,"Done removing generated files.");
470 #ifdef LINUX26
471 sprintf(&buffer[0], "vpn_client%d", clientNum);
472 allow_fastnat(buffer, 1);
473 try_enabling_fastnat();
474 #endif
475 vpnlog(VPN_LOG_INFO,"VPN GUI client backend stopped.");
478 void start_vpnserver(int serverNum)
480 FILE *fp, *ccd;
481 char iface[IF_SIZE];
482 char buffer[BUF_SIZE];
483 char *argv[6], *chp, *route;
484 int argc = 0;
485 int c2c = 0;
486 enum { TAP, TUN } ifType = TUN;
487 enum { TLS, SECRET, CUSTOM } cryptMode = CUSTOM;
488 int nvi, ip[4], nm[4];
489 long int nvl;
490 int pid;
492 sprintf(&buffer[0], "vpnserver%d", serverNum);
493 if (getpid() != 1) {
494 start_service(&buffer[0]);
495 return;
498 vpnlog(VPN_LOG_INFO,"VPN GUI server backend starting...");
500 if ( (pid = pidof(&buffer[0])) >= 0 )
502 vpnlog(VPN_LOG_NOTE, "VPN Server %d already running...", serverNum);
503 vpnlog(VPN_LOG_INFO,"PID: %d", pid);
504 return;
507 // Determine interface type
508 sprintf(&buffer[0], "vpn_server%d_if", serverNum);
509 if ( nvram_contains_word(&buffer[0], "tap") )
510 ifType = TAP;
511 else if ( nvram_contains_word(&buffer[0], "tun") )
512 ifType = TUN;
513 else
515 vpnlog(VPN_LOG_ERROR,"Invalid interface type, %.3s", nvram_safe_get(&buffer[0]));
516 return;
519 // Build interface name
520 snprintf(&iface[0], IF_SIZE, "%s%d", nvram_safe_get(&buffer[0]), serverNum+SERVER_IF_START);
522 // Determine encryption mode
523 sprintf(&buffer[0], "vpn_server%d_crypt", serverNum);
524 if ( nvram_contains_word(&buffer[0], "tls") )
525 cryptMode = TLS;
526 else if ( nvram_contains_word(&buffer[0], "secret") )
527 cryptMode = SECRET;
528 else if ( nvram_contains_word(&buffer[0], "custom") )
529 cryptMode = CUSTOM;
530 else
532 vpnlog(VPN_LOG_ERROR,"Invalid encryption mode, %.6s", nvram_safe_get(&buffer[0]));
533 return;
536 // Make sure openvpn directory exists
537 mkdir("/etc/openvpn", 0700);
538 sprintf(&buffer[0], "/etc/openvpn/server%d", serverNum);
539 mkdir(&buffer[0], 0700);
541 // Make sure symbolic link exists
542 sprintf(&buffer[0], "/etc/openvpn/vpnserver%d", serverNum);
543 unlink(&buffer[0]);
544 if ( symlink("/usr/sbin/openvpn", &buffer[0]) )
546 vpnlog(VPN_LOG_ERROR,"Creating symlink failed...");
547 stop_vpnserver(serverNum);
548 return;
551 // Make sure module is loaded
552 modprobe("tun");
553 f_wait_exists("/dev/net/tun", 5);
555 // Create tap/tun interface
556 sprintf(&buffer[0], "openvpn --mktun --dev %s", &iface[0]);
557 for (argv[argc=0] = strtok(&buffer[0], " "); argv[argc] != NULL; argv[++argc] = strtok(NULL, " "));
558 if ( _eval(argv, NULL, 0, NULL) )
560 vpnlog(VPN_LOG_ERROR,"Creating tunnel interface failed...");
561 stop_vpnserver(serverNum);
562 return;
565 // Add interface to LAN bridge (TAP only)
566 if( ifType == TAP )
568 snprintf(&buffer[0], BUF_SIZE, "brctl addif %s %s", nvram_safe_get("lan_ifname"), &iface[0]);
569 for (argv[argc=0] = strtok(&buffer[0], " "); argv[argc] != NULL; argv[++argc] = strtok(NULL, " "));
570 if ( _eval(argv, NULL, 0, NULL) )
572 vpnlog(VPN_LOG_ERROR,"Adding tunnel interface to bridge failed...");
573 stop_vpnserver(serverNum);
574 return;
578 // Bring interface up
579 sprintf(&buffer[0], "ifconfig %s 0.0.0.0 promisc up", &iface[0]);
580 for (argv[argc=0] = strtok(&buffer[0], " "); argv[argc] != NULL; argv[++argc] = strtok(NULL, " "));
581 if ( _eval(argv, NULL, 0, NULL) )
583 vpnlog(VPN_LOG_ERROR,"Bringing up tunnel interface failed...");
584 stop_vpnserver(serverNum);
585 return;
588 // Build and write config files
589 vpnlog(VPN_LOG_EXTRA,"Writing config file");
590 sprintf(&buffer[0], "/etc/openvpn/server%d/config.ovpn", serverNum);
591 fp = fopen(&buffer[0], "w");
592 chmod(&buffer[0], S_IRUSR|S_IWUSR);
593 fprintf(fp, "# Automatically generated configuration\n");
594 fprintf(fp, "daemon\n");
595 if ( cryptMode == TLS )
597 if ( ifType == TUN )
599 sprintf(&buffer[0], "vpn_server%d_sn", serverNum);
600 fprintf(fp, "server %s ", nvram_safe_get(&buffer[0]));
601 sprintf(&buffer[0], "vpn_server%d_nm", serverNum);
602 fprintf(fp, "%s\n", nvram_safe_get(&buffer[0]));
604 else if ( ifType == TAP )
606 fprintf(fp, "server-bridge");
607 sprintf(&buffer[0], "vpn_server%d_dhcp", serverNum);
608 if ( nvram_get_int(&buffer[0]) == 0 )
610 fprintf(fp, " %s ", nvram_safe_get("lan_ipaddr"));
611 fprintf(fp, "%s ", nvram_safe_get("lan_netmask"));
612 sprintf(&buffer[0], "vpn_server%d_r1", serverNum);
613 fprintf(fp, "%s ", nvram_safe_get(&buffer[0]));
614 sprintf(&buffer[0], "vpn_server%d_r2", serverNum);
615 fprintf(fp, "%s", nvram_safe_get(&buffer[0]));
617 fprintf(fp, "\n");
620 else if ( cryptMode == SECRET )
622 if ( ifType == TUN )
624 sprintf(&buffer[0], "vpn_server%d_local", serverNum);
625 fprintf(fp, "ifconfig %s ", nvram_safe_get(&buffer[0]));
626 sprintf(&buffer[0], "vpn_server%d_remote", serverNum);
627 fprintf(fp, "%s\n", nvram_safe_get(&buffer[0]));
630 sprintf(&buffer[0], "vpn_server%d_proto", serverNum);
631 fprintf(fp, "proto %s\n", nvram_safe_get(&buffer[0]));
632 sprintf(&buffer[0], "vpn_server%d_port", serverNum);
633 fprintf(fp, "port %d\n", nvram_get_int(&buffer[0]));
634 fprintf(fp, "dev %s\n", &iface[0]);
635 sprintf(&buffer[0], "vpn_server%d_cipher", serverNum);
636 if ( !nvram_contains_word(&buffer[0], "default") )
637 fprintf(fp, "cipher %s\n", nvram_safe_get(&buffer[0]));
638 sprintf(&buffer[0], "vpn_server%d_comp", serverNum);
639 if ( nvram_get_int(&buffer[0]) >= 0 )
640 fprintf(fp, "comp-lzo %s\n", nvram_safe_get(&buffer[0]));
641 sprintf(&buffer[0], "vpn_server%d_reneg", serverNum);
642 if ( (nvl = atol(nvram_safe_get(&buffer[0]))) >= 0 )
643 fprintf(fp, "reneg-sec %ld\n", nvl);
644 fprintf(fp, "keepalive 15 60\n");
645 fprintf(fp, "verb 3\n");
646 if ( cryptMode == TLS )
648 sprintf(&buffer[0], "vpn_server%d_plan", serverNum);
649 if ( ifType == TUN && nvram_get_int(&buffer[0]) )
651 sscanf(nvram_safe_get("lan_ipaddr"), "%d.%d.%d.%d", &ip[0], &ip[1], &ip[2], &ip[3]);
652 sscanf(nvram_safe_get("lan_netmask"), "%d.%d.%d.%d", &nm[0], &nm[1], &nm[2], &nm[3]);
653 fprintf(fp, "push \"route %d.%d.%d.%d %s\"\n", ip[0]&nm[0], ip[1]&nm[1], ip[2]&nm[2], ip[3]&nm[3],
654 nvram_safe_get("lan_netmask"));
657 sprintf(&buffer[0], "vpn_server%d_ccd", serverNum);
658 if ( nvram_get_int(&buffer[0]) )
660 fprintf(fp, "client-config-dir ccd\n");
662 sprintf(&buffer[0], "vpn_server%d_c2c", serverNum);
663 if ( (c2c = nvram_get_int(&buffer[0])) )
664 fprintf(fp, "client-to-client\n");
666 sprintf(&buffer[0], "vpn_server%d_ccd_excl", serverNum);
667 if ( nvram_get_int(&buffer[0]) )
668 fprintf(fp, "ccd-exclusive\n");
670 sprintf(&buffer[0], "/etc/openvpn/server%d/ccd", serverNum);
671 mkdir(&buffer[0], 0700);
672 chdir(&buffer[0]);
674 sprintf(&buffer[0], "vpn_server%d_ccd_val", serverNum);
675 strcpy(&buffer[0], nvram_safe_get(&buffer[0]));
676 chp = strtok(&buffer[0],">");
677 while ( chp != NULL )
679 nvi = strlen(chp);
681 chp[strcspn(chp,"<")] = '\0';
682 vpnlog(VPN_LOG_EXTRA,"CCD: enabled: %d", atoi(chp));
683 if ( atoi(chp) == 1 )
685 nvi -= strlen(chp)+1;
686 chp += strlen(chp)+1;
688 ccd = NULL;
689 route = NULL;
690 if ( nvi > 0 )
692 chp[strcspn(chp,"<")] = '\0';
693 vpnlog(VPN_LOG_EXTRA,"CCD: Common name: %s", chp);
694 ccd = fopen(chp, "w");
695 chmod(chp, S_IRUSR|S_IWUSR);
697 nvi -= strlen(chp)+1;
698 chp += strlen(chp)+1;
700 if ( nvi > 0 && ccd != NULL && strcspn(chp,"<") != strlen(chp) )
702 chp[strcspn(chp,"<")] = ' ';
703 chp[strcspn(chp,"<")] = '\0';
704 route = chp;
705 vpnlog(VPN_LOG_EXTRA,"CCD: Route: %s", chp);
706 if ( strlen(route) > 1 )
708 fprintf(ccd, "iroute %s\n", route);
709 fprintf(fp, "route %s\n", route);
712 nvi -= strlen(chp)+1;
713 chp += strlen(chp)+1;
715 if ( ccd != NULL )
716 fclose(ccd);
717 if ( nvi > 0 && route != NULL )
719 chp[strcspn(chp,"<")] = '\0';
720 vpnlog(VPN_LOG_EXTRA,"CCD: Push: %d", atoi(chp));
721 if ( c2c && atoi(chp) == 1 && strlen(route) > 1 )
722 fprintf(fp, "push \"route %s\"\n", route);
724 nvi -= strlen(chp)+1;
725 chp += strlen(chp)+1;
728 vpnlog(VPN_LOG_EXTRA,"CCD leftover: %d", nvi+1);
730 // Advance to next entry
731 chp = strtok(NULL, ">");
733 vpnlog(VPN_LOG_EXTRA,"CCD processing complete");
736 sprintf(&buffer[0], "vpn_server%d_pdns", serverNum);
737 if ( nvram_get_int(&buffer[0]) )
739 if ( nvram_safe_get("wan_domain")[0] != '\0' )
740 fprintf(fp, "push \"dhcp-option DOMAIN %s\"\n", nvram_safe_get("wan_domain"));
741 if ( (nvram_safe_get("wan_wins")[0] != '\0' && strcmp(nvram_safe_get("wan_wins"), "0.0.0.0") != 0) )
742 fprintf(fp, "push \"dhcp-option WINS %s\"\n", nvram_safe_get("wan_wins"));
743 fprintf(fp, "push \"dhcp-option DNS %s\"\n", nvram_safe_get("lan_ipaddr"));
746 sprintf(&buffer[0], "vpn_server%d_rgw", serverNum);
747 if ( nvram_get_int(&buffer[0]) )
749 if ( ifType == TAP )
750 fprintf(fp, "push \"route-gateway %s\"\n", nvram_safe_get("lan_ipaddr"));
751 fprintf(fp, "push \"redirect-gateway def1\"\n");
754 sprintf(&buffer[0], "vpn_server%d_hmac", serverNum);
755 nvi = nvram_get_int(&buffer[0]);
756 sprintf(&buffer[0], "vpn_server%d_static", serverNum);
757 if ( !nvram_is_empty(&buffer[0]) && nvi >= 0 )
759 fprintf(fp, "tls-auth static.key");
760 if ( nvi < 2 )
761 fprintf(fp, " %d", nvi);
762 fprintf(fp, "\n");
765 sprintf(&buffer[0], "vpn_server%d_ca", serverNum);
766 if ( !nvram_is_empty(&buffer[0]) )
767 fprintf(fp, "ca ca.crt\n");
768 sprintf(&buffer[0], "vpn_server%d_dh", serverNum);
769 if ( !nvram_is_empty(&buffer[0]) )
770 fprintf(fp, "dh dh.pem\n");
771 sprintf(&buffer[0], "vpn_server%d_crt", serverNum);
772 if ( !nvram_is_empty(&buffer[0]) )
773 fprintf(fp, "cert server.crt\n");
774 sprintf(&buffer[0], "vpn_server%d_key", serverNum);
775 if ( !nvram_is_empty(&buffer[0]) )
776 fprintf(fp, "key server.key\n");
778 else if ( cryptMode == SECRET )
780 sprintf(&buffer[0], "vpn_server%d_static", serverNum);
781 if ( !nvram_is_empty(&buffer[0]) )
782 fprintf(fp, "secret static.key\n");
784 fprintf(fp, "status-version 2\n");
785 fprintf(fp, "status status\n");
786 fprintf(fp, "\n# Custom Configuration\n");
787 sprintf(&buffer[0], "vpn_server%d_custom", serverNum);
788 fprintf(fp, "%s", nvram_safe_get(&buffer[0]));
789 fclose(fp);
790 vpnlog(VPN_LOG_EXTRA,"Done writing config file");
792 // Write certification and key files
793 vpnlog(VPN_LOG_EXTRA,"Writing certs/keys");
794 if ( cryptMode == TLS )
796 sprintf(&buffer[0], "vpn_server%d_ca", serverNum);
797 if ( !nvram_is_empty(&buffer[0]) )
799 sprintf(&buffer[0], "/etc/openvpn/server%d/ca.crt", serverNum);
800 fp = fopen(&buffer[0], "w");
801 chmod(&buffer[0], S_IRUSR|S_IWUSR);
802 sprintf(&buffer[0], "vpn_server%d_ca", serverNum);
803 fprintf(fp, "%s", nvram_safe_get(&buffer[0]));
804 fclose(fp);
807 sprintf(&buffer[0], "vpn_server%d_key", serverNum);
808 if ( !nvram_is_empty(&buffer[0]) )
810 sprintf(&buffer[0], "/etc/openvpn/server%d/server.key", serverNum);
811 fp = fopen(&buffer[0], "w");
812 chmod(&buffer[0], S_IRUSR|S_IWUSR);
813 sprintf(&buffer[0], "vpn_server%d_key", serverNum);
814 fprintf(fp, "%s", nvram_safe_get(&buffer[0]));
815 fclose(fp);
818 sprintf(&buffer[0], "vpn_server%d_crt", serverNum);
819 if ( !nvram_is_empty(&buffer[0]) )
821 sprintf(&buffer[0], "/etc/openvpn/server%d/server.crt", serverNum);
822 fp = fopen(&buffer[0], "w");
823 chmod(&buffer[0], S_IRUSR|S_IWUSR);
824 sprintf(&buffer[0], "vpn_server%d_crt", serverNum);
825 fprintf(fp, "%s", nvram_safe_get(&buffer[0]));
826 fclose(fp);
829 sprintf(&buffer[0], "vpn_server%d_dh", serverNum);
830 if ( !nvram_is_empty(&buffer[0]) )
832 sprintf(&buffer[0], "/etc/openvpn/server%d/dh.pem", serverNum);
833 fp = fopen(&buffer[0], "w");
834 chmod(&buffer[0], S_IRUSR|S_IWUSR);
835 sprintf(&buffer[0], "vpn_server%d_dh", serverNum);
836 fprintf(fp, "%s", nvram_safe_get(&buffer[0]));
837 fclose(fp);
840 sprintf(&buffer[0], "vpn_server%d_hmac", serverNum);
841 if ( cryptMode == SECRET || (cryptMode == TLS && nvram_get_int(&buffer[0]) >= 0) )
843 sprintf(&buffer[0], "vpn_server%d_static", serverNum);
844 if ( !nvram_is_empty(&buffer[0]) )
846 sprintf(&buffer[0], "/etc/openvpn/server%d/static.key", serverNum);
847 fp = fopen(&buffer[0], "w");
848 chmod(&buffer[0], S_IRUSR|S_IWUSR);
849 sprintf(&buffer[0], "vpn_server%d_static", serverNum);
850 fprintf(fp, "%s", nvram_safe_get(&buffer[0]));
851 fclose(fp);
854 vpnlog(VPN_LOG_EXTRA,"Done writing certs/keys");
856 sprintf(&buffer[0], "/etc/openvpn/vpnserver%d --cd /etc/openvpn/server%d --config config.ovpn", serverNum, serverNum);
857 vpnlog(VPN_LOG_INFO,"Starting OpenVPN: %s",&buffer[0]);
858 for (argv[argc=0] = strtok(&buffer[0], " "); argv[argc] != NULL; argv[++argc] = strtok(NULL, " "));
859 if ( _eval(argv, NULL, 0, &pid) )
861 vpnlog(VPN_LOG_ERROR,"Starting VPN instance failed...");
862 stop_vpnserver(serverNum);
863 return;
865 vpnlog(VPN_LOG_EXTRA,"Done starting openvpn");
867 // Handle firewall rules if appropriate
868 sprintf(&buffer[0], "vpn_server%d_firewall", serverNum);
869 if ( !nvram_contains_word(&buffer[0], "custom") )
871 // Create firewall rules
872 vpnlog(VPN_LOG_EXTRA,"Creating firewall rules");
873 mkdir("/etc/openvpn/fw", 0700);
874 sprintf(&buffer[0], "/etc/openvpn/fw/server%d-fw.sh", serverNum);
875 fp = fopen(&buffer[0], "w");
876 chmod(&buffer[0], S_IRUSR|S_IWUSR|S_IXUSR);
877 fprintf(fp, "#!/bin/sh\n");
878 sprintf(&buffer[0], "vpn_server%d_proto", serverNum);
879 strncpy(&buffer[0], nvram_safe_get(&buffer[0]), BUF_SIZE);
880 fprintf(fp, "iptables -t nat -I PREROUTING -p %s ", strtok(&buffer[0], "-"));
881 sprintf(&buffer[0], "vpn_server%d_port", serverNum);
882 fprintf(fp, "--dport %d -j ACCEPT\n", nvram_get_int(&buffer[0]));
883 sprintf(&buffer[0], "vpn_server%d_proto", serverNum);
884 strncpy(&buffer[0], nvram_safe_get(&buffer[0]), BUF_SIZE);
885 fprintf(fp, "iptables -I INPUT -p %s ", strtok(&buffer[0], "-"));
886 sprintf(&buffer[0], "vpn_server%d_port", serverNum);
887 fprintf(fp, "--dport %d -j ACCEPT\n", nvram_get_int(&buffer[0]));
888 sprintf(&buffer[0], "vpn_server%d_firewall", serverNum);
889 if ( !nvram_contains_word(&buffer[0], "external") )
891 fprintf(fp, "iptables -I INPUT -i %s -j ACCEPT\n", &iface[0]);
892 fprintf(fp, "iptables -I FORWARD -i %s -j ACCEPT\n", &iface[0]);
894 fclose(fp);
895 vpnlog(VPN_LOG_EXTRA,"Done creating firewall rules");
897 // Run the firewall rules
898 vpnlog(VPN_LOG_EXTRA,"Running firewall rules");
899 sprintf(&buffer[0], "/etc/openvpn/fw/server%d-fw.sh", serverNum);
900 argv[0] = &buffer[0];
901 argv[1] = NULL;
902 _eval(argv, NULL, 0, NULL);
903 vpnlog(VPN_LOG_EXTRA,"Done running firewall rules");
906 // Set up cron job
907 sprintf(&buffer[0], "vpn_server%d_poll", serverNum);
908 if ( (nvi = nvram_get_int(&buffer[0])) > 0 )
910 vpnlog(VPN_LOG_EXTRA,"Adding cron job");
911 argv[0] = "cru";
912 argv[1] = "a";
913 sprintf(&buffer[0], "CheckVPNServer%d", serverNum);
914 argv[2] = &buffer[0];
915 sprintf(&buffer[strlen(&buffer[0])+1], "*/%d * * * * service vpnserver%d start", nvi, serverNum);
916 argv[3] = &buffer[strlen(&buffer[0])+1];
917 argv[4] = NULL;
918 _eval(argv, NULL, 0, NULL);
919 vpnlog(VPN_LOG_EXTRA,"Done adding cron job");
922 #ifdef LINUX26
923 sprintf(&buffer[0], "vpn_server%d", serverNum);
924 allow_fastnat(buffer, 0);
925 try_enabling_fastnat();
926 #endif
927 vpnlog(VPN_LOG_INFO,"VPN GUI server backend complete.");
930 void stop_vpnserver(int serverNum)
932 int argc;
933 char *argv[9];
934 char buffer[BUF_SIZE];
936 sprintf(&buffer[0], "vpnserver%d", serverNum);
937 if (getpid() != 1) {
938 stop_service(&buffer[0]);
939 return;
942 vpnlog(VPN_LOG_INFO,"Stopping VPN GUI server backend.");
944 // Remove cron job
945 vpnlog(VPN_LOG_EXTRA,"Removing cron job");
946 argv[0] = "cru";
947 argv[1] = "d";
948 sprintf(&buffer[0], "CheckVPNServer%d", serverNum);
949 argv[2] = &buffer[0];
950 argv[3] = NULL;
951 _eval(argv, NULL, 0, NULL);
952 vpnlog(VPN_LOG_EXTRA,"Done removing cron job");
954 // Remove firewall rules
955 vpnlog(VPN_LOG_EXTRA,"Removing firewall rules.");
956 sprintf(&buffer[0], "/etc/openvpn/fw/server%d-fw.sh", serverNum);
957 argv[0] = "sed";
958 argv[1] = "-i";
959 argv[2] = "s/-A/-D/g;s/-I/-D/g";
960 argv[3] = &buffer[0];
961 argv[4] = NULL;
962 if (!_eval(argv, NULL, 0, NULL))
964 argv[0] = &buffer[0];
965 argv[1] = NULL;
966 _eval(argv, NULL, 0, NULL);
968 vpnlog(VPN_LOG_EXTRA,"Done removing firewall rules.");
970 // Stop the VPN server
971 vpnlog(VPN_LOG_EXTRA,"Stopping OpenVPN server.");
972 sprintf(&buffer[0], "vpnserver%d", serverNum);
973 if ( !waitfor(&buffer[0]) )
974 vpnlog(VPN_LOG_EXTRA,"OpenVPN server stopped.");
976 // NVRAM setting for device type could have changed, just try to remove both
977 vpnlog(VPN_LOG_EXTRA,"Removing VPN device.");
978 sprintf(&buffer[0], "openvpn --rmtun --dev tap%d", serverNum+SERVER_IF_START);
979 for (argv[argc=0] = strtok(&buffer[0], " "); argv[argc] != NULL; argv[++argc] = strtok(NULL, " "));
980 _eval(argv, NULL, 0, NULL);
982 sprintf(&buffer[0], "openvpn --rmtun --dev tun%d", serverNum+SERVER_IF_START);
983 for (argv[argc=0] = strtok(&buffer[0], " "); argv[argc] != NULL; argv[++argc] = strtok(NULL, " "));
984 _eval(argv, NULL, 0, NULL);
985 vpnlog(VPN_LOG_EXTRA,"VPN device removed.");
987 modprobe_r("tun");
989 if ( nvram_get_int("vpn_debug") <= VPN_LOG_EXTRA )
991 vpnlog(VPN_LOG_EXTRA,"Removing generated files.");
992 // Delete all files for this server
993 sprintf(&buffer[0], "rm -rf /etc/openvpn/server%d /etc/openvpn/fw/server%d-fw.sh /etc/openvpn/vpnserver%d",serverNum,serverNum,serverNum);
994 for (argv[argc=0] = strtok(&buffer[0], " "); argv[argc] != NULL; argv[++argc] = strtok(NULL, " "));
995 _eval(argv, NULL, 0, NULL);
997 // Attempt to remove directories. Will fail if not empty
998 rmdir("/etc/openvpn/fw");
999 rmdir("/etc/openvpn");
1000 vpnlog(VPN_LOG_EXTRA,"Done removing generated files.");
1003 #ifdef LINUX26
1004 sprintf(&buffer[0], "vpn_server%d", serverNum);
1005 allow_fastnat(buffer, 1);
1006 try_enabling_fastnat();
1007 #endif
1008 vpnlog(VPN_LOG_INFO,"VPN GUI server backend stopped.");
1011 void start_vpn_eas()
1013 char buffer[16], *cur;
1014 int nums[4], i;
1016 if (strlen(nvram_safe_get("vpn_server_eas")) == 0 && strlen(nvram_safe_get("vpn_client_eas")) == 0) return;
1017 // wait for time sync for a while
1018 i = 10;
1019 while (time(0) < Y2K && i--) {
1020 sleep(1);
1023 // Parse and start servers
1024 strlcpy(&buffer[0], nvram_safe_get("vpn_server_eas"), sizeof(buffer));
1025 if ( strlen(&buffer[0]) != 0 ) vpnlog(VPN_LOG_INFO, "Starting servers (eas): %s", &buffer[0]);
1026 i = 0;
1027 for( cur = strtok(&buffer[0],","); cur != NULL && i < 4; cur = strtok(NULL, ",")) { nums[i++] = atoi(cur); }
1028 nums[i] = 0;
1029 for( i = 0; nums[i] > 0; i++ )
1031 sprintf(&buffer[0], "vpnserver%d", nums[i]);
1032 if ( pidof(&buffer[0]) >= 0 )
1034 vpnlog(VPN_LOG_INFO, "Stopping server %d (eas)", nums[i]);
1035 stop_vpnserver(nums[i]);
1038 vpnlog(VPN_LOG_INFO, "Starting server %d (eas)", nums[i]);
1039 start_vpnserver(nums[i]);
1042 // Parse and start clients
1043 strlcpy(&buffer[0], nvram_safe_get("vpn_client_eas"), sizeof(buffer));
1044 if ( strlen(&buffer[0]) != 0 ) vpnlog(VPN_LOG_INFO, "Starting clients (eas): %s", &buffer[0]);
1045 i = 0;
1046 for( cur = strtok(&buffer[0],","); cur != NULL && i < 4; cur = strtok(NULL, ",")) { nums[i++] = atoi(cur); }
1047 nums[i] = 0;
1048 for( i = 0; nums[i] > 0; i++ )
1050 sprintf(&buffer[0], "vpnclient%d", nums[i]);
1051 if ( pidof(&buffer[0]) >= 0 )
1053 vpnlog(VPN_LOG_INFO, "Stopping client %d (eas)", nums[i]);
1054 stop_vpnclient(nums[i]);
1057 vpnlog(VPN_LOG_INFO, "Starting client %d (eas)", nums[i]);
1058 start_vpnclient(nums[i]);
1062 void run_vpn_firewall_scripts()
1064 DIR *dir;
1065 struct dirent *file;
1066 char *fn;
1067 char *argv[3];
1069 if ( chdir("/etc/openvpn/fw") )
1070 return;
1072 dir = opendir("/etc/openvpn/fw");
1074 vpnlog(VPN_LOG_EXTRA,"Beginning all firewall scripts...");
1075 while ( (file = readdir(dir)) != NULL )
1077 fn = file->d_name;
1078 if ( fn[0] == '.' )
1079 continue;
1080 vpnlog(VPN_LOG_INFO,"Running firewall script: %s", fn);
1081 argv[0] = "/bin/sh";
1082 argv[1] = fn;
1083 argv[2] = NULL;
1084 _eval(argv, NULL, 0, NULL);
1086 vpnlog(VPN_LOG_EXTRA,"Done with all firewall scripts...");
1088 closedir(dir);
1091 void write_vpn_dnsmasq_config(FILE* f)
1093 char nv[16];
1094 char buf[24];
1095 char *pos, ch;
1096 int cur;
1097 DIR *dir;
1098 struct dirent *file;
1099 FILE *dnsf;
1101 strlcpy(&buf[0], nvram_safe_get("vpn_server_dns"), sizeof(buf));
1102 for ( pos = strtok(&buf[0],","); pos != NULL; pos=strtok(NULL, ",") )
1104 cur = atoi(pos);
1105 if ( cur )
1107 vpnlog(VPN_LOG_EXTRA, "Adding server %d interface to dns config", cur);
1108 snprintf(&nv[0], sizeof(nv), "vpn_server%d_if", cur);
1109 fprintf(f, "interface=%s%d\n", nvram_safe_get(&nv[0]), SERVER_IF_START+cur);
1113 if ( (dir = opendir("/etc/openvpn/dns")) != NULL )
1115 while ( (file = readdir(dir)) != NULL )
1117 if ( file->d_name[0] == '.' )
1118 continue;
1120 if ( sscanf(file->d_name, "client%d.resol%c", &cur, &ch) == 2 )
1122 vpnlog(VPN_LOG_EXTRA, "Checking ADNS settings for client %d", cur);
1123 snprintf(&buf[0], sizeof(buf), "vpn_client%d_adns", cur);
1124 if ( nvram_get_int(&buf[0]) == 2 )
1126 vpnlog(VPN_LOG_INFO, "Adding strict-order to dnsmasq config for client %d", cur);
1127 fprintf(f, "strict-order\n");
1128 break;
1132 if ( sscanf(file->d_name, "client%d.con%c", &cur, &ch) == 2 )
1134 if ( (dnsf = fopen(file->d_name, "r")) != NULL )
1136 vpnlog(VPN_LOG_INFO, "Adding Dnsmasq config from %s", file->d_name);
1138 while( !feof(dnsf) )
1140 ch = fgetc(dnsf);
1141 fputc(ch==EOF?'\n':ch, f);
1144 fclose(dnsf);
1151 int write_vpn_resolv(FILE* f)
1153 DIR *dir;
1154 struct dirent *file;
1155 char *fn, ch, num, buf[24];
1156 FILE *dnsf;
1157 int exclusive = 0;
1159 if ( chdir("/etc/openvpn/dns") )
1160 return 0;
1162 dir = opendir("/etc/openvpn/dns");
1164 vpnlog(VPN_LOG_EXTRA, "Adding DNS entries...");
1165 while ( (file = readdir(dir)) != NULL )
1167 fn = file->d_name;
1169 if ( fn[0] == '.' )
1170 continue;
1172 if ( sscanf(fn, "client%c.resol%c", &num, &ch) == 2 )
1174 if ( (dnsf = fopen(fn, "r")) == NULL )
1175 continue;
1177 vpnlog(VPN_LOG_INFO,"Adding DNS entries from %s", fn);
1179 while( !feof(dnsf) )
1181 ch = fgetc(dnsf);
1182 fputc(ch==EOF?'\n':ch, f);
1185 fclose(dnsf);
1187 snprintf(&buf[0], sizeof(buf), "vpn_client%c_adns", num);
1188 if ( nvram_get_int(&buf[0]) == 3 )
1189 exclusive = 1;
1192 vpnlog(VPN_LOG_EXTRA, "Done with DNS entries...");
1194 closedir(dir);
1196 return exclusive;