static void openvpn_create_server_acl(FILE *fp, const char *ccd) { int i, i_max; char *acl_user, *acl_rnet, *acl_rmsk; char acl_user_var[16], acl_rnet_var[16], acl_rmsk_var[16], vpns_ccd[64]; snprintf(vpns_ccd, sizeof(vpns_ccd), "%s/%s", SERVER_ROOT_DIR, ccd); mkdir(vpns_ccd, 0755); i_max = nvram_get_int("vpns_num_x"); if (i_max > MAX_CLIENTS_NUM) i_max = MAX_CLIENTS_NUM; for (i = 0; i < i_max; i++) { sprintf(acl_user_var, "vpns_user_x%d", i); sprintf(acl_rnet_var, "vpns_rnet_x%d", i); sprintf(acl_rmsk_var, "vpns_rmsk_x%d", i); acl_user = nvram_safe_get(acl_user_var); acl_rnet = nvram_safe_get(acl_rnet_var); acl_rmsk = nvram_safe_get(acl_rmsk_var); if (*acl_user && inet_addr_(acl_rnet) != INADDR_ANY && inet_addr_(acl_rmsk) != INADDR_ANY) { FILE *fp_ccf; char ccf[80]; snprintf(ccf, sizeof(ccf), "%s/%s", vpns_ccd, acl_user); fp_ccf = fopen(ccf, "w+"); if (fp_ccf) { int i_cli2; char acl_addr_var[16]; struct in_addr pool_in; unsigned int vaddr, vmask; vaddr = ntohl(inet_addr(nvram_safe_get("vpns_vnet"))); vmask = ntohl(inet_addr(VPN_SERVER_SUBNET_MASK)); vaddr = (vaddr & vmask) | 1; sprintf(acl_addr_var, "vpns_addr_x%d", i); i_cli2 = nvram_get_int(acl_addr_var); if (i_cli2 > 1 && i_cli2 < 255 ) { pool_in.s_addr = htonl((vaddr & vmask) | (unsigned int)i_cli2); fprintf(fp_ccf, "ifconfig-push %s %s\n", inet_ntoa(pool_in), VPN_SERVER_SUBNET_MASK); fprintf(fp, "route %s %s %s\n", acl_rnet, acl_rmsk, inet_ntoa(pool_in)); } fprintf(fp_ccf, "iroute %s %s\n", acl_rnet, acl_rmsk); fclose(fp_ccf); chmod(ccf, 0644); } } } }
int start_auth_kabinet(void) { int ret; char *gateip = nvram_safe_get("wan_heartbeat_x"); char *passwd = nvram_safe_get("wan_auth_pass"); stop_auth_kabinet(); if ( !passwd[0] ) { logmessage("lanauth", "password is empty, unable to start!"); return -1; } if (inet_addr_(gateip) != INADDR_ANY) { ret = eval("/usr/sbin/lanauth", "-s", gateip, "-p", passwd); } else { ret = eval("/usr/sbin/lanauth", "-p", passwd); } if (ret == 0) { logmessage("lanauth", "start authentication..."); } return ret; }
void start_sit_tunnel(int ipv6_type, char *wan_addr4, char *wan_addr6) { int sit_ttl, sit_mtu, size4, size6; char *sit_remote, *sit_relay, *wan_gate6; char addr6s[INET6_ADDRSTRLEN]; struct in_addr addr4; struct in6_addr addr6; size4 = 0; addr4.s_addr = inet_addr_(wan_addr4); if (addr4.s_addr == INADDR_ANY) return; // cannot start SIT tunnel w/o IPv4 WAN addr sit_mtu = nvram_get_int("ip6_sit_mtu"); sit_ttl = nvram_get_int("ip6_sit_ttl"); if (sit_mtu < 1280) sit_mtu = 1280; if (sit_ttl < 1) sit_ttl = 1; if (sit_ttl > 255) sit_ttl = 255; memset(&addr6, 0, sizeof(addr6)); size6 = ipv6_from_string(wan_addr6, &addr6); if (size6 < 0) size6 = 0; sit_relay = ""; sit_remote = "any"; if (ipv6_type == IPV6_6IN4) sit_remote = nvram_safe_get("ip6_6in4_remote"); if (is_interface_exist(IFNAME_SIT)) doSystem("ip tunnel del %s", IFNAME_SIT); doSystem("ip tunnel %s %s mode sit remote %s local %s ttl %d", "add", IFNAME_SIT, sit_remote, wan_addr4, sit_ttl); if (ipv6_type == IPV6_6TO4) { size6 = 16; memset(&addr6, 0, sizeof(addr6)); addr6.s6_addr16[0] = htons(0x2002); ipv6_to_ipv4_map(&addr6, size6, &addr4, 0); addr6.s6_addr16[7] = htons(0x0001); sit_relay = nvram_safe_get("ip6_6to4_relay"); } else if (ipv6_type == IPV6_6RD) { struct in_addr net4; struct in6_addr net6; char sit_6rd_prefix[INET6_ADDRSTRLEN], sit_6rd_relay_prefix[32]; memcpy(&net6, &addr6, sizeof(addr6)); ipv6_to_net(&net6, size6); inet_ntop(AF_INET6, &net6, sit_6rd_prefix, INET6_ADDRSTRLEN); sprintf(sit_6rd_prefix, "%s/%d", sit_6rd_prefix, size6); strcpy(sit_6rd_relay_prefix, "0.0.0.0/0"); size4 = nvram_get_int("wan0_6rd_size"); if (size4 > 0 && size4 <= 32) { net4.s_addr = addr4.s_addr & htonl(0xffffffffUL << (32 - size4)); sprintf(sit_6rd_relay_prefix, "%s/%d", inet_ntoa(net4), size4); } doSystem("ip tunnel 6rd dev %s 6rd-prefix %s 6rd-relay_prefix %s", IFNAME_SIT, sit_6rd_prefix, sit_6rd_relay_prefix); ipv6_to_ipv4_map(&addr6, size6, &addr4, size4); addr6.s6_addr16[7] = htons(0x0001); sit_relay = nvram_safe_get("wan0_6rd_relay"); } // WAN IPv6 address inet_ntop(AF_INET6, &addr6, addr6s, INET6_ADDRSTRLEN); if (size6 > 0) sprintf(addr6s, "%s/%d", addr6s, size6); control_if_ipv6_radv(IFNAME_SIT, 0); doSystem("ip link set mtu %d dev %s up", sit_mtu, IFNAME_SIT); control_if_ipv6(IFNAME_SIT, 1); clear_if_addr6(IFNAME_SIT); doSystem("ip -6 addr add %s dev %s", addr6s, IFNAME_SIT); /* WAN IPv6 gateway (auto-generate for 6to4/6rd) */ if (ipv6_type == IPV6_6TO4 || ipv6_type == IPV6_6RD) { sprintf(addr6s, "::%s", sit_relay); wan_gate6 = addr6s; /* add direct default gateway for workaround "No route to host" on new kernel */ doSystem("ip -6 route add default dev %s metric %d", IFNAME_SIT, 2048); } else { wan_gate6 = nvram_safe_get("wan0_gate6"); } if (*wan_gate6) doSystem("ip -6 route add default via %s dev %s metric %d", wan_gate6, IFNAME_SIT, 1); /* LAN IPv6 address (auto-generate for 6to4/6rd) */ if (ipv6_type == IPV6_6TO4 || ipv6_type == IPV6_6RD) { memset(&addr6, 0, sizeof(addr6)); if (ipv6_type == IPV6_6TO4) { addr6.s6_addr16[0] = htons(0x2002); ipv6_to_ipv4_map(&addr6, 16, &addr4, 0); addr6.s6_addr16[3] = htons(0x0001); addr6.s6_addr16[7] = htons(0x0001); } else { ipv6_from_string(wan_addr6, &addr6); ipv6_to_ipv4_map(&addr6, size6, &addr4, size4); addr6.s6_addr16[7] = htons(0x0001); } inet_ntop(AF_INET6, &addr6, addr6s, INET6_ADDRSTRLEN); sprintf(addr6s, "%s/%d", addr6s, 64); clear_if_addr6(IFNAME_BR); doSystem("ip -6 addr add %s dev %s", addr6s, IFNAME_BR); store_lan_addr6(addr6s); } }
static int openvpn_create_server_conf(const char *conf_file, int is_tun) { FILE *fp; int i, i_prot, i_atls, i_rdgw, i_dhcp, i_dns, i_cli0, i_cli1; unsigned int laddr, lmask; struct in_addr pool_in; char pooll[32], pool1[32], pool2[32]; char *lanip, *lannm, *wins, *dns1, *dns2; i_atls = nvram_get_int("vpns_ov_atls"); for (i=0; i<5; i++) { if (!i_atls && (i == 4)) continue; if (!openvpn_check_key(openvpn_server_keys[i], 1)) return 1; } i_prot = nvram_get_int("vpns_ov_prot"); i_rdgw = nvram_get_int("vpns_ov_rdgw"); i_cli0 = nvram_get_int("vpns_cli0"); i_cli1 = nvram_get_int("vpns_cli1"); i_dns = 0; i_dhcp = nvram_get_int("dhcp_enable_x"); lanip = nvram_safe_get("lan_ipaddr"); lannm = nvram_safe_get("lan_netmask"); if (i_cli0 < 2) i_cli0 = 2; if (i_cli0 > 254) i_cli0 = 254; if (i_cli1 < 2) i_cli1 = 2; if (i_cli1 > 254) i_cli1 = 254; if (i_cli1 < i_cli0) i_cli1 = i_cli0; laddr = ntohl(inet_addr(lanip)); lmask = ntohl(inet_addr(lannm)); pool_in.s_addr = htonl(laddr & lmask); strcpy(pooll, inet_ntoa(pool_in)); pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli0); strcpy(pool1, inet_ntoa(pool_in)); pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli1); strcpy(pool2, inet_ntoa(pool_in)); fp = fopen(conf_file, "w+"); if (fp) { if (i_prot > 0) fprintf(fp, "proto %s\n", "tcp-server"); else fprintf(fp, "proto %s\n", "udp"); fprintf(fp, "port %d\n", nvram_safe_get_int("vpns_ov_port", 1194, 1, 65535)); if (is_tun) { char *vnet, *vmsk; vnet = nvram_safe_get("vpns_vnet"); vmsk = VPN_SERVER_SUBNET_MASK; laddr = ntohl(inet_addr(vnet)); lmask = ntohl(inet_addr(vmsk)); pool_in.s_addr = htonl(laddr & lmask); fprintf(fp, "dev %s\n", IFNAME_SERVER_TUN); fprintf(fp, "topology %s\n", "subnet"); fprintf(fp, "server %s %s\n", inet_ntoa(pool_in), vmsk); fprintf(fp, "client-config-dir %s\n", "ccd"); openvpn_create_server_acl(fp, "ccd"); fprintf(fp, "push \"route %s %s\"\n", pooll, lannm); } else { fprintf(fp, "dev %s\n", IFNAME_SERVER_TAP); fprintf(fp, "server-bridge %s %s %s %s\n", lanip, lannm, pool1, pool2); } if (i_rdgw) { fprintf(fp, "push \"redirect-gateway def1 %s\"\n", "bypass-dhcp"); if (i_dhcp == 1) { dns1 = nvram_safe_get("dhcp_dns1_x"); dns2 = nvram_safe_get("dhcp_dns2_x"); if ((inet_addr_(dns1) != INADDR_ANY) && (strcmp(dns1, lanip))) { i_dns++; fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns1); } if ((inet_addr_(dns2) != INADDR_ANY) && (strcmp(dns2, lanip)) && (strcmp(dns2, dns1))) { i_dns++; fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns2); } } if (i_dns < 2) fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", lanip); } if (i_dhcp == 1) { wins = nvram_safe_get("dhcp_wins_x"); if (inet_addr_(wins) != INADDR_ANY) fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", wins); } fprintf(fp, "ca %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[0]); fprintf(fp, "dh %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[1]); fprintf(fp, "cert %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[2]); fprintf(fp, "key %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[3]); if (i_atls) fprintf(fp, "tls-auth %s/%s %d\n", SERVER_CERT_DIR, openvpn_server_keys[4], 0); fprintf(fp, "persist-key\n"); fprintf(fp, "persist-tun\n"); fprintf(fp, "user %s\n", "nobody"); fprintf(fp, "group %s\n", "nogroup"); fprintf(fp, "script-security %d\n", 2); fprintf(fp, "tmp-dir %s\n", COMMON_TEMP_DIR); fprintf(fp, "writepid %s\n", SERVER_PID_FILE); fprintf(fp, "client-connect %s\n", SCRIPT_OVPN_SERVER); fprintf(fp, "client-disconnect %s\n", SCRIPT_OVPN_SERVER); fprintf(fp, "\n### User params:\n"); openvpn_load_user_config(fp, SERVER_CERT_DIR, "server.conf"); fclose(fp); chmod(conf_file, 0644); return 0; } return 1; }