Ejemplo n.º 1
0
static int
openvpn_create_server_conf(const char *conf_file, int is_tun)
{
	FILE *fp;
	int i, i_prot, i_atls, i_rdgw, i_dhcp, i_dns, i_cli0, i_cli1;
	unsigned int laddr, lmask;
	struct in_addr pool_in;
	char pooll[32], pool1[32], pool2[32];
	char *lanip, *lannm, *wins, *dns1, *dns2;

	i_atls = nvram_get_int("vpns_ov_atls");

	for (i=0; i<5; i++) {
		if (!i_atls && (i == 4))
			continue;
		if (!openvpn_check_key(openvpn_server_keys[i], 1))
			return 1;
	}

	i_prot = nvram_get_int("vpns_ov_prot");
	i_rdgw = nvram_get_int("vpns_ov_rdgw");
	i_cli0 = nvram_get_int("vpns_cli0");
	i_cli1 = nvram_get_int("vpns_cli1");

	i_dns = 0;
	i_dhcp = nvram_get_int("dhcp_enable_x");

	lanip = nvram_safe_get("lan_ipaddr");
	lannm = nvram_safe_get("lan_netmask");

	if (i_cli0 <   2) i_cli0 =   2;
	if (i_cli0 > 254) i_cli0 = 254;
	if (i_cli1 <   2) i_cli1 =   2;
	if (i_cli1 > 254) i_cli1 = 254;
	if (i_cli1 < i_cli0) i_cli1 = i_cli0;

	laddr = ntohl(inet_addr(lanip));
	lmask = ntohl(inet_addr(lannm));
	pool_in.s_addr = htonl(laddr & lmask);
	strcpy(pooll, inet_ntoa(pool_in));
	pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli0);
	strcpy(pool1, inet_ntoa(pool_in));
	pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli1);
	strcpy(pool2, inet_ntoa(pool_in));

	fp = fopen(conf_file, "w+");
	if (fp) {
		if (i_prot > 0)
			fprintf(fp, "proto %s\n", "tcp-server");
		else
			fprintf(fp, "proto %s\n", "udp");
		fprintf(fp, "port %d\n", nvram_safe_get_int("vpns_ov_port", 1194, 1, 65535));
		
		if (is_tun) {
			char *vnet, *vmsk;
			vnet = nvram_safe_get("vpns_vnet");
			vmsk = VPN_SERVER_SUBNET_MASK;
			laddr = ntohl(inet_addr(vnet));
			lmask = ntohl(inet_addr(vmsk));
			pool_in.s_addr = htonl(laddr & lmask);
			
			fprintf(fp, "dev %s\n", IFNAME_SERVER_TUN);
			fprintf(fp, "topology %s\n", "subnet");
			fprintf(fp, "server %s %s\n", inet_ntoa(pool_in), vmsk);
			fprintf(fp, "client-config-dir %s\n", "ccd");
			openvpn_create_server_acl(fp, "ccd");
			fprintf(fp, "push \"route %s %s\"\n", pooll, lannm);
		} else {
			fprintf(fp, "dev %s\n", IFNAME_SERVER_TAP);
			fprintf(fp, "server-bridge %s %s %s %s\n", lanip, lannm, pool1, pool2);
		}
		
		if (i_rdgw) {
			fprintf(fp, "push \"redirect-gateway def1 %s\"\n", "bypass-dhcp");
			if (i_dhcp == 1) {
				dns1 = nvram_safe_get("dhcp_dns1_x");
				dns2 = nvram_safe_get("dhcp_dns2_x");
				if ((inet_addr_(dns1) != INADDR_ANY) && (strcmp(dns1, lanip))) {
					i_dns++;
					fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns1);
				}
				if ((inet_addr_(dns2) != INADDR_ANY) && (strcmp(dns2, lanip)) && (strcmp(dns2, dns1))) {
					i_dns++;
					fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns2);
				}
			}
			
			if (i_dns < 2)
				fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", lanip);
		}
		
		if (i_dhcp == 1)
		{
			wins = nvram_safe_get("dhcp_wins_x");
			if (inet_addr_(wins) != INADDR_ANY)
				fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", wins);
		}
		
		fprintf(fp, "ca %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[0]);
		fprintf(fp, "dh %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[1]);
		fprintf(fp, "cert %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[2]);
		fprintf(fp, "key %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[3]);
		
		if (i_atls)
			fprintf(fp, "tls-auth %s/%s %d\n", SERVER_CERT_DIR, openvpn_server_keys[4], 0);
		
		fprintf(fp, "persist-key\n");
		fprintf(fp, "persist-tun\n");
		fprintf(fp, "user %s\n", "nobody");
		fprintf(fp, "group %s\n", "nogroup");
		fprintf(fp, "script-security %d\n", 2);
		fprintf(fp, "tmp-dir %s\n", COMMON_TEMP_DIR);
		fprintf(fp, "writepid %s\n", SERVER_PID_FILE);
		
		fprintf(fp, "client-connect %s\n", SCRIPT_OVPN_SERVER);
		fprintf(fp, "client-disconnect %s\n", SCRIPT_OVPN_SERVER);
		
		fprintf(fp, "\n### User params:\n");
		
		openvpn_load_user_config(fp, SERVER_CERT_DIR, "server.conf");
		
		fclose(fp);
		
		chmod(conf_file, 0644);
		
		return 0;
	}

	return 1;
}
Ejemplo n.º 2
0
static int
openvpn_create_server_conf(const char *conf_file, int is_tun)
{
	FILE *fp;
	int i, i_prot, i_atls, i_rdgw, i_dhcp, i_items, i_cli0, i_cli1;
	unsigned int laddr, lmask, lsnet;
	struct in_addr pool_in;
	char pooll[32], pool1[32], pool2[32];
	char *lanip, *lannm, *wins, *dns1, *dns2;

	i_atls = nvram_get_int("vpns_ov_atls");

	for (i=0; i<5; i++) {
		if (!i_atls && (i == 4))
			continue;
		if (!openvpn_check_key(openvpn_server_keys[i], 1))
			return 1;
	}

	i_prot = nvram_get_int("vpns_ov_prot");
	i_rdgw = nvram_get_int("vpns_ov_rdgw");
	i_cli0 = nvram_safe_get_int("vpns_cli0", 245, 1, 254);
	i_cli1 = nvram_safe_get_int("vpns_cli1", 254, 2, 254);

	i_dhcp = is_dhcpd_enabled(0);

	lanip = nvram_safe_get("lan_ipaddr");
	lannm = nvram_safe_get("lan_netmask");

	laddr = ntohl(inet_addr(lanip));
	lmask = ntohl(inet_addr(lannm));
	lsnet = (~lmask) - 1;

	if (i_cli0 > (int)lsnet) i_cli0 = (int)lsnet;
	if (i_cli1 > (int)lsnet) i_cli1 = (int)lsnet;
	if (i_cli1 < i_cli0) i_cli1 = i_cli0;

	pool_in.s_addr = htonl(laddr & lmask);
	strcpy(pooll, inet_ntoa(pool_in));
	pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli0);
	strcpy(pool1, inet_ntoa(pool_in));
	pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli1);
	strcpy(pool2, inet_ntoa(pool_in));

	fp = fopen(conf_file, "w+");
	if (fp) {
		if (i_prot > 0)
			fprintf(fp, "proto %s\n", "tcp-server");
		else
			fprintf(fp, "proto %s\n", "udp");
		fprintf(fp, "port %d\n", nvram_safe_get_int("vpns_ov_port", 1194, 1, 65535));
		
		if (is_tun) {
			char *vnet, *vmsk;
			
			vnet = nvram_safe_get("vpns_vnet");
			vmsk = VPN_SERVER_SUBNET_MASK;
			laddr = ntohl(inet_addr(vnet));
			lmask = ntohl(inet_addr(vmsk));
			pool_in.s_addr = htonl(laddr & lmask);
			
			fprintf(fp, "dev %s\n", IFNAME_SERVER_TUN);
			fprintf(fp, "topology %s\n", "subnet");
			fprintf(fp, "server %s %s\n", inet_ntoa(pool_in), vmsk);
			fprintf(fp, "client-config-dir %s\n", "ccd");
			openvpn_create_server_acl(fp, "ccd");
			fprintf(fp, "push \"route %s %s\"\n", pooll, lannm);
		} else {
			fprintf(fp, "dev %s\n", IFNAME_SERVER_TAP);
			fprintf(fp, "server-bridge %s %s %s %s\n", lanip, lannm, pool1, pool2);
		}
		
		openvpn_add_auth(fp, nvram_get_int("vpns_ov_mdig"));
		openvpn_add_cipher(fp, nvram_get_int("vpns_ov_ciph"));
		openvpn_add_lzo(fp, nvram_get_int("vpns_ov_clzo"), 1);
		
		i_items = 0;
		if (i_rdgw) {
			fprintf(fp, "push \"redirect-gateway def1 %s\"\n", "bypass-dhcp");
			if (i_dhcp) {
				dns1 = nvram_safe_get("dhcp_dns1_x");
				dns2 = nvram_safe_get("dhcp_dns2_x");
				if (is_valid_ipv4(dns1) && (strcmp(dns1, lanip))) {
					i_items++;
					fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns1);
				}
				if (is_valid_ipv4(dns2) && (strcmp(dns2, lanip)) && (strcmp(dns2, dns1))) {
					i_items++;
					fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns2);
				}
			}
			
			if (i_items < 2)
				fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", lanip);
		}
		
		i_items = 0;
		if (i_dhcp) {
			wins = nvram_safe_get("dhcp_wins_x");
			if (is_valid_ipv4(wins)) {
				i_items++;
				fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", wins);
			}
		}
		
#if defined(APP_SMBD) || defined(APP_NMBD)
		if ((i_items < 1) && nvram_get_int("wins_enable"))
			fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", lanip);
#endif
		
		fprintf(fp, "ca %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[0]);
		fprintf(fp, "dh %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[1]);
		fprintf(fp, "cert %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[2]);
		fprintf(fp, "key %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[3]);
		
		if (i_atls)
			fprintf(fp, "tls-auth %s/%s %d\n", SERVER_CERT_DIR, openvpn_server_keys[4], 0);
		
		fprintf(fp, "persist-key\n");
		fprintf(fp, "persist-tun\n");
		fprintf(fp, "user %s\n", SYS_USER_NOBODY);
		fprintf(fp, "group %s\n", SYS_GROUP_NOGROUP);
		fprintf(fp, "script-security %d\n", 2);
		fprintf(fp, "tmp-dir %s\n", COMMON_TEMP_DIR);
		fprintf(fp, "writepid %s\n", SERVER_PID_FILE);
		
		fprintf(fp, "client-connect %s\n", SCRIPT_OVPN_SERVER);
		fprintf(fp, "client-disconnect %s\n", SCRIPT_OVPN_SERVER);
		
		fprintf(fp, "\n### User params:\n");
		
		load_user_config(fp, SERVER_CERT_DIR, "server.conf", forbidden_list);
		
		fclose(fp);
		
		chmod(conf_file, 0644);
		
		return 0;
	}

	return 1;
}
Ejemplo n.º 3
0
static int
openvpn_create_server_conf(const char *conf_file, int is_tun)
{
    FILE *fp;
    int i, i_prot, i_prot_ori, i_atls, i_rdgw, i_dhcp, i_items;
    unsigned int laddr, lmask;
    char *lanip, *lannm, *wins, *dns1, *dns2;
    const char *p_prot;
    struct in_addr pool_in;

    i_atls = nvram_get_int("vpns_ov_atls");

    for (i=0; i<5; i++) {
        if (!i_atls && (i == 4))
            continue;
        if (!openvpn_check_key(openvpn_server_keys[i], 1))
            return 1;
    }

    i_prot = nvram_get_int("vpns_ov_prot");
    i_rdgw = nvram_get_int("vpns_ov_rdgw");

    i_dhcp = is_dhcpd_enabled(0);

    lanip = nvram_safe_get("lan_ipaddr");
    lannm = nvram_safe_get("lan_netmask");

    laddr = ntohl(inet_addr(lanip));
    lmask = ntohl(inet_addr(lannm));

    i_prot_ori = i_prot;
    if (i_prot > 1 && get_ipv6_type() == IPV6_DISABLED)
        i_prot &= 1;

    /* note: upcoming openvpn 2.4 will need direct set udp4/tcp4-server for ipv4 only */
#if defined (USE_IPV6)
    if (i_prot == 3)
        p_prot = "tcp6-server";
    else if (i_prot == 2)
        p_prot = "udp6";
    else
#endif
        if (i_prot == 1)
            p_prot = "tcp-server";
        else
            p_prot = "udp";

    /* fixup ipv4/ipv6 mismatch */
    if (i_prot != i_prot_ori)
        nvram_set_int("vpns_ov_prot", i_prot);

    fp = fopen(conf_file, "w+");
    if (!fp)
        return 1;

    fprintf(fp, "proto %s\n", p_prot);
    fprintf(fp, "port %d\n", nvram_safe_get_int("vpns_ov_port", 1194, 1, 65535));

    if (is_tun) {
        unsigned int vnet, vmsk;

        vnet = ntohl(inet_addr(nvram_safe_get("vpns_vnet")));
        vmsk = ntohl(inet_addr(VPN_SERVER_SUBNET_MASK));
        pool_in.s_addr = htonl(vnet & vmsk);

        fprintf(fp, "dev %s\n", IFNAME_SERVER_TUN);
        fprintf(fp, "topology %s\n", "subnet");
        fprintf(fp, "server %s %s\n", inet_ntoa(pool_in), VPN_SERVER_SUBNET_MASK);
        fprintf(fp, "client-config-dir %s\n", "ccd");

        openvpn_create_server_acl(fp, "ccd", vnet, vmsk);

        pool_in.s_addr = htonl(laddr & lmask);
        fprintf(fp, "push \"route %s %s\"\n", inet_ntoa(pool_in), lannm);
    } else {
        char sp_b[INET_ADDRSTRLEN], sp_e[INET_ADDRSTRLEN];
        unsigned int vp_b, vp_e, lnet;

        lnet = ~(lmask) - 1;
        vp_b = (unsigned int)nvram_safe_get_int("vpns_cli0", 245, 1, 254);
        vp_e = (unsigned int)nvram_safe_get_int("vpns_cli1", 254, 2, 254);
        if (vp_b > lnet)
            vp_b = lnet;
        if (vp_e > lnet)
            vp_e = lnet;
        if (vp_e < vp_b)
            vp_e = vp_b;

        pool_in.s_addr = htonl((laddr & lmask) | vp_b);
        strcpy(sp_b, inet_ntoa(pool_in));

        pool_in.s_addr = htonl((laddr & lmask) | vp_e);
        strcpy(sp_e, inet_ntoa(pool_in));

        fprintf(fp, "dev %s\n", IFNAME_SERVER_TAP);
        fprintf(fp, "server-bridge %s %s %s %s\n", lanip, lannm, sp_b, sp_e);
    }

    openvpn_add_auth(fp, nvram_get_int("vpns_ov_mdig"));
    openvpn_add_cipher(fp, nvram_get_int("vpns_ov_ciph"));
    openvpn_add_lzo(fp, nvram_get_int("vpns_ov_clzo"), 1);

    i_items = 0;
    if (i_rdgw) {
        fprintf(fp, "push \"redirect-gateway def1 %s\"\n", "bypass-dhcp");

        if (i_dhcp) {
            dns1 = nvram_safe_get("dhcp_dns1_x");
            dns2 = nvram_safe_get("dhcp_dns2_x");
            if (is_valid_ipv4(dns1)) {
                i_items++;
                fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns1);
            }
            if (is_valid_ipv4(dns2) && strcmp(dns2, dns1)) {
                i_items++;
                fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns2);
            }
        }

        if (i_items < 1)
            fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", lanip);
    }

    i_items = 0;
    if (i_dhcp) {
        wins = nvram_safe_get("dhcp_wins_x");
        if (is_valid_ipv4(wins)) {
            i_items++;
            fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", wins);
        }
    }

#if defined(APP_SMBD) || defined(APP_NMBD)
    if ((i_items < 1) && nvram_get_int("wins_enable"))
        fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", lanip);
#endif

    fprintf(fp, "ca %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[0]);
    fprintf(fp, "dh %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[1]);
    fprintf(fp, "cert %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[2]);
    fprintf(fp, "key %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[3]);

    if (i_atls)
        fprintf(fp, "tls-auth %s/%s %d\n", SERVER_CERT_DIR, openvpn_server_keys[4], 0);

    fprintf(fp, "persist-key\n");
    fprintf(fp, "persist-tun\n");
    fprintf(fp, "user %s\n", SYS_USER_NOBODY);
    fprintf(fp, "group %s\n", SYS_GROUP_NOGROUP);
    fprintf(fp, "script-security %d\n", 2);
    fprintf(fp, "tmp-dir %s\n", COMMON_TEMP_DIR);
    fprintf(fp, "writepid %s\n", SERVER_PID_FILE);

    fprintf(fp, "client-connect %s\n", SCRIPT_OVPN_SERVER);
    fprintf(fp, "client-disconnect %s\n", SCRIPT_OVPN_SERVER);

    fprintf(fp, "\n### User params:\n");

    load_user_config(fp, SERVER_CERT_DIR, "server.conf", forbidden_list);

    fclose(fp);

    chmod(conf_file, 0644);

    return 0;
}