From f7dc8cc77cecd4b0784ea3350cb223b2eefdab04 Mon Sep 17 00:00:00 2001
From: Shibby <shibby@openlinksys.info>
Date: Wed, 19 Nov 2014 13:46:08 +0100
Subject: [PATCH] OpenVPN GUI: Selectable LAN interface to bridge with TAP

---
 release/src-rt-6.x.4708/router/httpd/tomato.c     |  4 ++++
 release/src-rt-6.x.4708/router/rc/vpn.c           |  8 +++++--
 release/src-rt-6.x.4708/router/shared/defaults.c  |  4 ++++
 release/src-rt-6.x.4708/router/www/vpn-client.asp | 29 ++++++++++++++++++++++-
 release/src-rt-6.x.4708/router/www/vpn-server.asp | 29 ++++++++++++++++++++++-
 5 files changed, 70 insertions(+), 4 deletions(-)

diff --git a/release/src-rt-6.x.4708/router/httpd/tomato.c b/release/src-rt-6.x.4708/router/httpd/tomato.c
index 97b8a6413c..cf5d25b276 100644
--- a/release/src-rt-6.x.4708/router/httpd/tomato.c
+++ b/release/src-rt-6.x.4708/router/httpd/tomato.c
@@ -1365,6 +1365,7 @@ static const nvset_t nvset_list[] = {
 	{ "vpn_server1_crt",      V_NONE              },
 	{ "vpn_server1_key",      V_NONE              },
 	{ "vpn_server1_dh",       V_NONE              },
+	{ "vpn_server1_br",       V_LENGTH(0, 50)     },
 	{ "vpn_server2_poll",     V_RANGE(0, 1440)    },
 	{ "vpn_server2_if",       V_TEXT(3, 3)        },  // tap, tun
 	{ "vpn_server2_proto",    V_TEXT(3, 10)       },  // udp, tcp-server
@@ -1398,6 +1399,7 @@ static const nvset_t nvset_list[] = {
 	{ "vpn_server2_crt",      V_NONE              },
 	{ "vpn_server2_key",      V_NONE              },
 	{ "vpn_server2_dh",       V_NONE              },
+	{ "vpn_server2_br",       V_LENGTH(0, 50)     },
 	{ "vpn_client_eas",       V_NONE              },
 	{ "vpn_client1_poll",     V_RANGE(0, 1440)    },
 	{ "vpn_client1_if",       V_TEXT(3, 3)        },  // tap, tun
@@ -1430,6 +1432,7 @@ static const nvset_t nvset_list[] = {
 	{ "vpn_client1_useronly", V_01                },
 	{ "vpn_client1_tlsremote",V_01                },
 	{ "vpn_client1_cn",       V_NONE              },
+	{ "vpn_client1_br",       V_LENGTH(0, 50)     },
 	{ "vpn_client2_poll",     V_RANGE(0, 1440)    },
 	{ "vpn_client2_if",       V_TEXT(3, 3)        },  // tap, tun
 	{ "vpn_client2_bridge",   V_01                },
@@ -1461,6 +1464,7 @@ static const nvset_t nvset_list[] = {
 	{ "vpn_client2_useronly", V_01                },
 	{ "vpn_client2_tlsremote",V_01                },
 	{ "vpn_client2_cn",       V_NONE              },
+	{ "vpn_client2_br",       V_LENGTH(0, 50)     },
 #endif // vpn
 
 #ifdef TCONFIG_PPTPD
diff --git a/release/src-rt-6.x.4708/router/rc/vpn.c b/release/src-rt-6.x.4708/router/rc/vpn.c
index dddfb5a4fe..31795c8203 100644
--- a/release/src-rt-6.x.4708/router/rc/vpn.c
+++ b/release/src-rt-6.x.4708/router/rc/vpn.c
@@ -50,6 +50,7 @@ void start_vpnclient(int clientNum)
 	FILE *fp;
 	char iface[IF_SIZE];
 	char buffer[BUF_SIZE];
+	char buffer2[BUF_SIZE];
 	char *argv[6];
 	int argc = 0;
 	enum { TLS, SECRET, CUSTOM } cryptMode = CUSTOM;
@@ -148,7 +149,8 @@ void start_vpnclient(int clientNum)
 	{
 		if ( routeMode == BRIDGE )
 		{
-			snprintf(&buffer[0], BUF_SIZE, "brctl addif %s %s", nvram_safe_get("lan_ifname"), &iface[0]);
+			sprintf(&buffer2[0], "vpn_client%d_br", clientNum);
+			snprintf(&buffer[0], BUF_SIZE, "brctl addif %s %s", nvram_safe_get(&buffer2[0]), &iface[0]);
 			for (argv[argc=0] = strtok(&buffer[0], " "); argv[argc] != NULL; argv[++argc] = strtok(NULL, " "));
 			if ( _eval(argv, NULL, 0, NULL) )
 			{
@@ -511,6 +513,7 @@ void start_vpnserver(int serverNum)
 	FILE *fp, *ccd;
 	char iface[IF_SIZE];
 	char buffer[BUF_SIZE];
+	char buffer2[BUF_SIZE];
 	char *argv[6], *chp, *route;
 	int argc = 0;
 	int c2c = 0;
@@ -597,7 +600,8 @@ void start_vpnserver(int serverNum)
 	// Add interface to LAN bridge (TAP only)
 	if( ifType == TAP )
 	{
-		snprintf(&buffer[0], BUF_SIZE, "brctl addif %s %s", nvram_safe_get("lan_ifname"), &iface[0]);
+		sprintf(&buffer2[0], "vpn_server%d_br", serverNum);
+		snprintf(&buffer[0], BUF_SIZE, "brctl addif %s %s", nvram_safe_get(&buffer2[0]), &iface[0]);
 		for (argv[argc=0] = strtok(&buffer[0], " "); argv[argc] != NULL; argv[++argc] = strtok(NULL, " "));
 		if ( _eval(argv, NULL, 0, NULL) )
 		{
diff --git a/release/src-rt-6.x.4708/router/shared/defaults.c b/release/src-rt-6.x.4708/router/shared/defaults.c
index 2acfc99e8d..9507c65aa1 100644
--- a/release/src-rt-6.x.4708/router/shared/defaults.c
+++ b/release/src-rt-6.x.4708/router/shared/defaults.c
@@ -849,6 +849,7 @@ struct nvram_tuple router_defaults[] = {
 	{ "vpn_server1_crt",      ""              , 0 },
 	{ "vpn_server1_key",      ""              , 0 },
 	{ "vpn_server1_dh",       ""              , 0 },
+	{ "vpn_server1_br",       "br0"           , 0 },
 	{ "vpn_server2_poll",     "0"             , 0 },
 	{ "vpn_server2_if",       "tun"           , 0 },
 	{ "vpn_server2_proto",    "udp"           , 0 },
@@ -879,6 +880,7 @@ struct nvram_tuple router_defaults[] = {
 	{ "vpn_server2_crt",      ""              , 0 },
 	{ "vpn_server2_key",      ""              , 0 },
 	{ "vpn_server2_dh",       ""              , 0 },
+	{ "vpn_server2_br",       "br0"           , 0 },
 	{ "vpn_client_eas",       ""              , 0 },
 	{ "vpn_client1_poll",     "0"             , 0 },
 	{ "vpn_client1_if",       "tun"           , 0 },
@@ -906,6 +908,7 @@ struct nvram_tuple router_defaults[] = {
 	{ "vpn_client1_ca",       ""              , 0 },
 	{ "vpn_client1_crt",      ""              , 0 },
 	{ "vpn_client1_key",      ""              , 0 },
+	{ "vpn_client1_br",       "br0"           , 0 },
 	{ "vpn_client2_poll",     "0"             , 0 },
 	{ "vpn_client2_if",       "tun"           , 0 },
 	{ "vpn_client2_bridge",   "1"             , 0 },
@@ -932,6 +935,7 @@ struct nvram_tuple router_defaults[] = {
 	{ "vpn_client2_ca",       ""              , 0 },
 	{ "vpn_client2_crt",      ""              , 0 },
 	{ "vpn_client2_key",      ""              , 0 },
+	{ "vpn_client2_br",       "br0"           , 0 },
 #endif	// vpn
 #ifdef TCONFIG_PPTPD
 	{ "pptp_client_enable",   "0"             , 0 },
diff --git a/release/src-rt-6.x.4708/router/www/vpn-client.asp b/release/src-rt-6.x.4708/router/www/vpn-client.asp
index ef0efe3b0a..c6d716a4fc 100644
--- a/release/src-rt-6.x.4708/router/www/vpn-client.asp
+++ b/release/src-rt-6.x.4708/router/www/vpn-client.asp
@@ -21,7 +21,7 @@
 <script type='text/javascript' src='vpn.js'></script>
 <script type='text/javascript'>
 
-//	<% nvram("vpn_client_eas,vpn_client1_poll,vpn_client1_if,vpn_client1_bridge,vpn_client1_nat,vpn_client1_proto,vpn_client1_addr,vpn_client1_port,vpn_client1_retry,vpn_client1_firewall,vpn_client1_crypt,vpn_client1_comp,vpn_client1_cipher,vpn_client1_local,vpn_client1_remote,vpn_client1_nm,vpn_client1_reneg,vpn_client1_hmac,vpn_client1_adns,vpn_client1_rgw,vpn_client1_gw,vpn_client1_custom,vpn_client1_static,vpn_client1_ca,vpn_client1_crt,vpn_client1_key,vpn_client1_userauth,vpn_client1_username,vpn_client1_password,vpn_client1_useronly,vpn_client1_tlsremote,vpn_client1_cn,vpn_client2_poll,vpn_client2_if,vpn_client2_bridge,vpn_client2_nat,vpn_client2_proto,vpn_client2_addr,vpn_client2_port,vpn_client2_retry,vpn_client2_firewall,vpn_client2_crypt,vpn_client2_comp,vpn_client2_cipher,vpn_client2_local,vpn_client2_remote,vpn_client2_nm,vpn_client2_reneg,vpn_client2_hmac,vpn_client2_adns,vpn_client2_rgw,vpn_client2_gw,vpn_client2_custom,vpn_client2_static,vpn_client2_ca,vpn_client2_crt,vpn_client2_key,vpn_client2_userauth,vpn_client2_username,vpn_client2_password,vpn_client2_useronly,vpn_client2_tlsremote,vpn_client2_cn"); %>
+//	<% nvram("vpn_client_eas,vpn_client1_poll,vpn_client1_if,vpn_client1_bridge,vpn_client1_nat,vpn_client1_proto,vpn_client1_addr,vpn_client1_port,vpn_client1_retry,vpn_client1_firewall,vpn_client1_crypt,vpn_client1_comp,vpn_client1_cipher,vpn_client1_local,vpn_client1_remote,vpn_client1_nm,vpn_client1_reneg,vpn_client1_hmac,vpn_client1_adns,vpn_client1_rgw,vpn_client1_gw,vpn_client1_custom,vpn_client1_static,vpn_client1_ca,vpn_client1_crt,vpn_client1_key,vpn_client1_userauth,vpn_client1_username,vpn_client1_password,vpn_client1_useronly,vpn_client1_tlsremote,vpn_client1_cn,vpn_client1_br,vpn_client2_poll,vpn_client2_if,vpn_client2_bridge,vpn_client2_nat,vpn_client2_proto,vpn_client2_addr,vpn_client2_port,vpn_client2_retry,vpn_client2_firewall,vpn_client2_crypt,vpn_client2_comp,vpn_client2_cipher,vpn_client2_local,vpn_client2_remote,vpn_client2_nm,vpn_client2_reneg,vpn_client2_hmac,vpn_client2_adns,vpn_client2_rgw,vpn_client2_gw,vpn_client2_custom,vpn_client2_static,vpn_client2_ca,vpn_client2_crt,vpn_client2_key,vpn_client2_userauth,vpn_client2_username,vpn_client2_password,vpn_client2_useronly,vpn_client2_tlsremote,vpn_client2_cn,vpn_client2_br,lan_ifname,lan1_ifname,lan2_ifname,lan3_ifname"); %>
 
 tabs = [['client1', 'Client 1'],['client2', 'Client 2']];
 sections = [['basic', 'Basic'],['advanced', 'Advanced'],['keys','Keys'],['status','Status']];
@@ -171,6 +171,7 @@ function verifyFields(focused, quiet)
 		elem.display(PR('_vpn_'+t+'_hmac'), auth == "tls");
 		elem.display(E(t+'_custom_crypto_text'), auth == "custom");
 		elem.display(PR('_f_vpn_'+t+'_bridge'), iface == "tap");
+		elem.display(PR('_vpn_'+t+'_br'), iface == "tap");
 		elem.display(E(t+'_bridge_warn_text'), !bridge);
 		elem.display(PR('_f_vpn_'+t+'_nat'), fw != "custom" && (iface == "tun" || !bridge));
 		elem.display(E(t+'_nat_warn_text'), fw != "custom" && (!nat || (auth == "secret" && iface == "tun")));
@@ -203,6 +204,26 @@ function verifyFields(focused, quiet)
 		}
 	}
 
+	var bridge1 = E('_vpn_client1_br');
+	if(nvram.lan_ifname.length < 1)
+		bridge1.options[0].disabled=true;
+	if(nvram.lan1_ifname.length < 1)
+		bridge1.options[1].disabled=true;
+	if(nvram.lan2_ifname.length < 1)
+		bridge1.options[2].disabled=true;
+	if(nvram.lan3_ifname.length < 1)
+		bridge1.options[3].disabled=true;
+
+	var bridge2 = E('_vpn_client2_br');
+	if(nvram.lan_ifname.length < 1)
+		bridge2.options[0].disabled=true;
+	if(nvram.lan1_ifname.length < 1)
+		bridge2.options[1].disabled=true;
+	if(nvram.lan2_ifname.length < 1)
+		bridge2.options[2].disabled=true;
+	if(nvram.lan3_ifname.length < 1)
+		bridge2.options[3].disabled=true;
+
 	return ret;
 }
 
@@ -320,6 +341,12 @@ for (i = 0; i < tabs.length; ++i)
 	createFieldTable('', [
 		{ title: 'Start with WAN', name: 'f_vpn_'+t+'_eas', type: 'checkbox', value: nvram.vpn_client_eas.indexOf(''+(i+1)) >= 0 },
 		{ title: 'Interface Type', name: 'vpn_'+t+'_if', type: 'select', options: [ ['tap','TAP'], ['tun','TUN'] ], value: eval( 'nvram.vpn_'+t+'_if' ) },
+		{ title: 'Bridge TAP with', indent: 2, name: 'vpn_'+t+'_br', type: 'select', options: [
+			['br0','LAN (br0)*'],
+			['br1','LAN1 (br1)'],
+			['br2','LAN2 (br2)'],
+			['br3','LAN3 (br3)']
+			], value: eval ( 'nvram.vpn_'+t+'_br' ), suffix: ' <small>* default</small> ' },
 		{ title: 'Protocol', name: 'vpn_'+t+'_proto', type: 'select', options: [ ['udp','UDP'], ['tcp-client','TCP'] ], value: eval( 'nvram.vpn_'+t+'_proto' ) },
 		{ title: 'Server Address/Port', multi: [
 			{ name: 'vpn_'+t+'_addr', type: 'text', size: 17, value: eval( 'nvram.vpn_'+t+'_addr' ) },
diff --git a/release/src-rt-6.x.4708/router/www/vpn-server.asp b/release/src-rt-6.x.4708/router/www/vpn-server.asp
index 0c4669a556..1c9aa4bb22 100644
--- a/release/src-rt-6.x.4708/router/www/vpn-server.asp
+++ b/release/src-rt-6.x.4708/router/www/vpn-server.asp
@@ -20,7 +20,7 @@
 <script type='text/javascript' src='vpn.js'></script>
 <script type='text/javascript'>
 
-//	<% nvram("vpn_server_eas,vpn_server_dns,vpn_server1_poll,vpn_server1_if,vpn_server1_proto,vpn_server1_port,vpn_server1_firewall,vpn_server1_sn,vpn_server1_nm,vpn_server1_local,vpn_server1_remote,vpn_server1_dhcp,vpn_server1_r1,vpn_server1_r2,vpn_server1_crypt,vpn_server1_comp,vpn_server1_cipher,vpn_server1_reneg,vpn_server1_hmac,vpn_server1_plan,vpn_server1_ccd,vpn_server1_c2c,vpn_server1_ccd_excl,vpn_server1_ccd_val,vpn_server1_pdns,vpn_server1_rgw,vpn_server1_userpass,vpn_server1_nocert,vpn_server1_users_val,vpn_server1_custom,vpn_server1_static,vpn_server1_ca,vpn_server1_crt,vpn_server1_key,vpn_server1_dh,vpn_server2_poll,vpn_server2_if,vpn_server2_proto,vpn_server2_port,vpn_server2_firewall,vpn_server2_sn,vpn_server2_nm,vpn_server2_local,vpn_server2_remote,vpn_server2_dhcp,vpn_server2_r1,vpn_server2_r2,vpn_server2_crypt,vpn_server2_comp,vpn_server2_cipher,vpn_server2_reneg,vpn_server2_hmac,vpn_server2_plan,vpn_server2_ccd,vpn_server2_c2c,vpn_server2_ccd_excl,vpn_server2_ccd_val,vpn_server2_pdns,vpn_server2_rgw,vpn_server2_userpass,vpn_server2_nocert,vpn_server2_users_val,vpn_server2_custom,vpn_server2_static,vpn_server2_ca,vpn_server2_crt,vpn_server2_key,vpn_server2_dh"); %>
+//	<% nvram("vpn_server_eas,vpn_server_dns,vpn_server1_poll,vpn_server1_if,vpn_server1_proto,vpn_server1_port,vpn_server1_firewall,vpn_server1_sn,vpn_server1_nm,vpn_server1_local,vpn_server1_remote,vpn_server1_dhcp,vpn_server1_r1,vpn_server1_r2,vpn_server1_crypt,vpn_server1_comp,vpn_server1_cipher,vpn_server1_reneg,vpn_server1_hmac,vpn_server1_plan,vpn_server1_ccd,vpn_server1_c2c,vpn_server1_ccd_excl,vpn_server1_ccd_val,vpn_server1_pdns,vpn_server1_rgw,vpn_server1_userpass,vpn_server1_nocert,vpn_server1_users_val,vpn_server1_custom,vpn_server1_static,vpn_server1_ca,vpn_server1_crt,vpn_server1_key,vpn_server1_dh,vpn_server1_br,vpn_server2_poll,vpn_server2_if,vpn_server2_proto,vpn_server2_port,vpn_server2_firewall,vpn_server2_sn,vpn_server2_nm,vpn_server2_local,vpn_server2_remote,vpn_server2_dhcp,vpn_server2_r1,vpn_server2_r2,vpn_server2_crypt,vpn_server2_comp,vpn_server2_cipher,vpn_server2_reneg,vpn_server2_hmac,vpn_server2_plan,vpn_server2_ccd,vpn_server2_c2c,vpn_server2_ccd_excl,vpn_server2_ccd_val,vpn_server2_pdns,vpn_server2_rgw,vpn_server2_userpass,vpn_server2_nocert,vpn_server2_users_val,vpn_server2_custom,vpn_server2_static,vpn_server2_ca,vpn_server2_crt,vpn_server2_key,vpn_server2_dh,vpn_server2_br,lan_ifname,lan1_ifname,lan2_ifname,lan3_ifname"); %>
 
 function CCDGrid() { return this; }
 CCDGrid.prototype = new TomatoGrid;
@@ -181,6 +181,7 @@ function verifyFields(focused, quiet)
 		elem.display(E(t+'_custom_crypto_text'), auth.value == "custom");
 		elem.display(PR('_vpn_'+t+'_sn'), PR('_f_vpn_'+t+'_plan'), auth.value == "tls" && iface.value == "tun");
 		elem.display(PR('_f_vpn_'+t+'_dhcp'), auth.value == "tls" && iface.value == "tap");
+		elem.display(PR('_vpn_'+t+'_br'), iface.value == "tap");
 		elem.display(E(t+'_range'), !dhcp.checked);
 		elem.display(PR('_vpn_'+t+'_local'), auth.value == "secret" && iface.value == "tun");
 		elem.display(PR('_f_vpn_'+t+'_ccd'), auth.value == "tls");
@@ -204,6 +205,26 @@ function verifyFields(focused, quiet)
 		}
 	}
 
+	var bridge1 = E('_vpn_server1_br');
+	if(nvram.lan_ifname.length < 1)
+		bridge1.options[0].disabled=true;
+	if(nvram.lan1_ifname.length < 1)
+		bridge1.options[1].disabled=true;
+	if(nvram.lan2_ifname.length < 1)
+		bridge1.options[2].disabled=true;
+	if(nvram.lan3_ifname.length < 1)
+		bridge1.options[3].disabled=true;
+
+	var bridge2 = E('_vpn_server2_br');
+	if(nvram.lan_ifname.length < 1)
+		bridge2.options[0].disabled=true;
+	if(nvram.lan1_ifname.length < 1)
+		bridge2.options[1].disabled=true;
+	if(nvram.lan2_ifname.length < 1)
+		bridge2.options[2].disabled=true;
+	if(nvram.lan3_ifname.length < 1)
+		bridge2.options[3].disabled=true;
+
 	return ret;
 }
 
@@ -511,6 +532,12 @@ for (i = 0; i < tabs.length; ++i)
 	createFieldTable('', [
 		{ title: 'Start with WAN', name: 'f_vpn_'+t+'_eas', type: 'checkbox', value: nvram.vpn_server_eas.indexOf(''+(i+1)) >= 0 },
 		{ title: 'Interface Type', name: 'vpn_'+t+'_if', type: 'select', options: [ ['tap','TAP'], ['tun','TUN'] ], value: eval( 'nvram.vpn_'+t+'_if' ) },
+		{ title: 'Bridge TAP with', indent: 2, name: 'vpn_'+t+'_br', type: 'select', options: [
+			['br0','LAN (br0)*'],
+			['br1','LAN1 (br1)'],
+			['br2','LAN2 (br2)'],
+			['br3','LAN3 (br3)']
+			], value: eval ( 'nvram.vpn_'+t+'_br' ), suffix: ' <small>* default</small> ' },
 		{ title: 'Protocol', name: 'vpn_'+t+'_proto', type: 'select', options: [ ['udp','UDP'], ['tcp-server','TCP'] ], value: eval( 'nvram.vpn_'+t+'_proto' ) },
 		{ title: 'Port', name: 'vpn_'+t+'_port', type: 'text', value: eval( 'nvram.vpn_'+t+'_port' ) },
 		{ title: 'Firewall', name: 'vpn_'+t+'_firewall', type: 'select', options: [ ['auto', 'Automatic'], ['external', 'External Only'], ['custom', 'Custom'] ], value: eval( 'nvram.vpn_'+t+'_firewall' ) },
-- 
2.11.4.GIT