bool CUtil::is_valid_ip(const char* str)
{
return is_valid_ipv4(str) || is_valid_ipv6(str);
}
static int
openvpn_create_client_conf(const char *conf_file, int is_tun)
{
FILE *fp;
int i, i_prot, i_prot_ori, i_auth, i_atls;
const char *p_peer, *p_prot;
i_auth = nvram_get_int("vpnc_ov_auth");
i_atls = nvram_get_int("vpnc_ov_atls");
for (i=0; i<4; i++) {
if (i_auth == 1 && (i == 1 || i == 2))
continue;
if (!i_atls && (i == 3))
continue;
if (!openvpn_check_key(openvpn_client_keys[i], 0))
return 1;
}
i_prot = nvram_get_int("vpnc_ov_prot");
i_prot_ori = i_prot;
if (i_prot > 1 && get_ipv6_type() == IPV6_DISABLED)
i_prot &= 1;
p_peer = nvram_safe_get("vpnc_peer");
/* note: upcoming openvpn 2.4 will need direct set udp4/tcp4-client for ipv4 only */
#if defined (USE_IPV6)
/* check peer address is direct ipv4/ipv6 */
if (i_prot > 1 && is_valid_ipv4(p_peer))
i_prot &= 1;
else if (i_prot < 2 && is_valid_ipv6(p_peer))
i_prot += 2;
if (i_prot == 3)
p_prot = "tcp6-client";
else if (i_prot == 2)
p_prot = "udp6";
else
#endif
if (i_prot == 1)
p_prot = "tcp-client";
else
p_prot = "udp";
/* fixup ipv4/ipv6 mismatch */
if (i_prot != i_prot_ori)
nvram_set_int("vpnc_ov_prot", i_prot);
fp = fopen(conf_file, "w+");
if (!fp)
return 1;
fprintf(fp, "client\n");
fprintf(fp, "proto %s\n", p_prot);
fprintf(fp, "remote %s %d\n", p_peer, nvram_safe_get_int("vpnc_ov_port", 1194, 1, 65535));
fprintf(fp, "resolv-retry %s\n", "infinite");
fprintf(fp, "nobind\n");
fprintf(fp, "dev %s\n", (is_tun) ? IFNAME_CLIENT_TUN : IFNAME_CLIENT_TAP);
fprintf(fp, "ca %s/%s\n", CLIENT_CERT_DIR, openvpn_client_keys[0]);
if (i_auth == 0) {
fprintf(fp, "cert %s/%s\n", CLIENT_CERT_DIR, openvpn_client_keys[1]);
fprintf(fp, "key %s/%s\n", CLIENT_CERT_DIR, openvpn_client_keys[2]);
}
if (i_atls)
fprintf(fp, "tls-auth %s/%s %d\n", CLIENT_CERT_DIR, openvpn_client_keys[3], 1);
openvpn_add_auth(fp, nvram_get_int("vpnc_ov_mdig"));
openvpn_add_cipher(fp, nvram_get_int("vpnc_ov_ciph"));
openvpn_add_lzo(fp, nvram_get_int("vpnc_ov_clzo"), 0);
if (i_auth == 1) {
fprintf(fp, "auth-user-pass %s\n", "secret");
openvpn_create_client_secret("secret");
}
if (nvram_match("vpnc_dgw", "1"))
fprintf(fp, "redirect-gateway def1 bypass-dhcp\n");
fprintf(fp, "persist-key\n");
fprintf(fp, "script-security %d\n", 2);
fprintf(fp, "writepid %s\n", CLIENT_PID_FILE);
fprintf(fp, "up %s\n", SCRIPT_OVPN_CLIENT);
fprintf(fp, "down %s\n", SCRIPT_OVPN_CLIENT);
fprintf(fp, "\n### User params:\n");
load_user_config(fp, CLIENT_CERT_DIR, "client.conf", forbidden_list);
fclose(fp);
chmod(conf_file, 0644);
return 0;
}
