static int openvpn_create_server_conf(const char *conf_file, int is_tun) { FILE *fp; int i, i_prot, i_atls, i_rdgw, i_dhcp, i_dns, i_cli0, i_cli1; unsigned int laddr, lmask; struct in_addr pool_in; char pooll[32], pool1[32], pool2[32]; char *lanip, *lannm, *wins, *dns1, *dns2; i_atls = nvram_get_int("vpns_ov_atls"); for (i=0; i<5; i++) { if (!i_atls && (i == 4)) continue; if (!openvpn_check_key(openvpn_server_keys[i], 1)) return 1; } i_prot = nvram_get_int("vpns_ov_prot"); i_rdgw = nvram_get_int("vpns_ov_rdgw"); i_cli0 = nvram_get_int("vpns_cli0"); i_cli1 = nvram_get_int("vpns_cli1"); i_dns = 0; i_dhcp = nvram_get_int("dhcp_enable_x"); lanip = nvram_safe_get("lan_ipaddr"); lannm = nvram_safe_get("lan_netmask"); if (i_cli0 < 2) i_cli0 = 2; if (i_cli0 > 254) i_cli0 = 254; if (i_cli1 < 2) i_cli1 = 2; if (i_cli1 > 254) i_cli1 = 254; if (i_cli1 < i_cli0) i_cli1 = i_cli0; laddr = ntohl(inet_addr(lanip)); lmask = ntohl(inet_addr(lannm)); pool_in.s_addr = htonl(laddr & lmask); strcpy(pooll, inet_ntoa(pool_in)); pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli0); strcpy(pool1, inet_ntoa(pool_in)); pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli1); strcpy(pool2, inet_ntoa(pool_in)); fp = fopen(conf_file, "w+"); if (fp) { if (i_prot > 0) fprintf(fp, "proto %s\n", "tcp-server"); else fprintf(fp, "proto %s\n", "udp"); fprintf(fp, "port %d\n", nvram_safe_get_int("vpns_ov_port", 1194, 1, 65535)); if (is_tun) { char *vnet, *vmsk; vnet = nvram_safe_get("vpns_vnet"); vmsk = VPN_SERVER_SUBNET_MASK; laddr = ntohl(inet_addr(vnet)); lmask = ntohl(inet_addr(vmsk)); pool_in.s_addr = htonl(laddr & lmask); fprintf(fp, "dev %s\n", IFNAME_SERVER_TUN); fprintf(fp, "topology %s\n", "subnet"); fprintf(fp, "server %s %s\n", inet_ntoa(pool_in), vmsk); fprintf(fp, "client-config-dir %s\n", "ccd"); openvpn_create_server_acl(fp, "ccd"); fprintf(fp, "push \"route %s %s\"\n", pooll, lannm); } else { fprintf(fp, "dev %s\n", IFNAME_SERVER_TAP); fprintf(fp, "server-bridge %s %s %s %s\n", lanip, lannm, pool1, pool2); } if (i_rdgw) { fprintf(fp, "push \"redirect-gateway def1 %s\"\n", "bypass-dhcp"); if (i_dhcp == 1) { dns1 = nvram_safe_get("dhcp_dns1_x"); dns2 = nvram_safe_get("dhcp_dns2_x"); if ((inet_addr_(dns1) != INADDR_ANY) && (strcmp(dns1, lanip))) { i_dns++; fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns1); } if ((inet_addr_(dns2) != INADDR_ANY) && (strcmp(dns2, lanip)) && (strcmp(dns2, dns1))) { i_dns++; fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns2); } } if (i_dns < 2) fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", lanip); } if (i_dhcp == 1) { wins = nvram_safe_get("dhcp_wins_x"); if (inet_addr_(wins) != INADDR_ANY) fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", wins); } fprintf(fp, "ca %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[0]); fprintf(fp, "dh %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[1]); fprintf(fp, "cert %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[2]); fprintf(fp, "key %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[3]); if (i_atls) fprintf(fp, "tls-auth %s/%s %d\n", SERVER_CERT_DIR, openvpn_server_keys[4], 0); fprintf(fp, "persist-key\n"); fprintf(fp, "persist-tun\n"); fprintf(fp, "user %s\n", "nobody"); fprintf(fp, "group %s\n", "nogroup"); fprintf(fp, "script-security %d\n", 2); fprintf(fp, "tmp-dir %s\n", COMMON_TEMP_DIR); fprintf(fp, "writepid %s\n", SERVER_PID_FILE); fprintf(fp, "client-connect %s\n", SCRIPT_OVPN_SERVER); fprintf(fp, "client-disconnect %s\n", SCRIPT_OVPN_SERVER); fprintf(fp, "\n### User params:\n"); openvpn_load_user_config(fp, SERVER_CERT_DIR, "server.conf"); fclose(fp); chmod(conf_file, 0644); return 0; } return 1; }
static int openvpn_create_server_conf(const char *conf_file, int is_tun) { FILE *fp; int i, i_prot, i_atls, i_rdgw, i_dhcp, i_items, i_cli0, i_cli1; unsigned int laddr, lmask, lsnet; struct in_addr pool_in; char pooll[32], pool1[32], pool2[32]; char *lanip, *lannm, *wins, *dns1, *dns2; i_atls = nvram_get_int("vpns_ov_atls"); for (i=0; i<5; i++) { if (!i_atls && (i == 4)) continue; if (!openvpn_check_key(openvpn_server_keys[i], 1)) return 1; } i_prot = nvram_get_int("vpns_ov_prot"); i_rdgw = nvram_get_int("vpns_ov_rdgw"); i_cli0 = nvram_safe_get_int("vpns_cli0", 245, 1, 254); i_cli1 = nvram_safe_get_int("vpns_cli1", 254, 2, 254); i_dhcp = is_dhcpd_enabled(0); lanip = nvram_safe_get("lan_ipaddr"); lannm = nvram_safe_get("lan_netmask"); laddr = ntohl(inet_addr(lanip)); lmask = ntohl(inet_addr(lannm)); lsnet = (~lmask) - 1; if (i_cli0 > (int)lsnet) i_cli0 = (int)lsnet; if (i_cli1 > (int)lsnet) i_cli1 = (int)lsnet; if (i_cli1 < i_cli0) i_cli1 = i_cli0; pool_in.s_addr = htonl(laddr & lmask); strcpy(pooll, inet_ntoa(pool_in)); pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli0); strcpy(pool1, inet_ntoa(pool_in)); pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli1); strcpy(pool2, inet_ntoa(pool_in)); fp = fopen(conf_file, "w+"); if (fp) { if (i_prot > 0) fprintf(fp, "proto %s\n", "tcp-server"); else fprintf(fp, "proto %s\n", "udp"); fprintf(fp, "port %d\n", nvram_safe_get_int("vpns_ov_port", 1194, 1, 65535)); if (is_tun) { char *vnet, *vmsk; vnet = nvram_safe_get("vpns_vnet"); vmsk = VPN_SERVER_SUBNET_MASK; laddr = ntohl(inet_addr(vnet)); lmask = ntohl(inet_addr(vmsk)); pool_in.s_addr = htonl(laddr & lmask); fprintf(fp, "dev %s\n", IFNAME_SERVER_TUN); fprintf(fp, "topology %s\n", "subnet"); fprintf(fp, "server %s %s\n", inet_ntoa(pool_in), vmsk); fprintf(fp, "client-config-dir %s\n", "ccd"); openvpn_create_server_acl(fp, "ccd"); fprintf(fp, "push \"route %s %s\"\n", pooll, lannm); } else { fprintf(fp, "dev %s\n", IFNAME_SERVER_TAP); fprintf(fp, "server-bridge %s %s %s %s\n", lanip, lannm, pool1, pool2); } openvpn_add_auth(fp, nvram_get_int("vpns_ov_mdig")); openvpn_add_cipher(fp, nvram_get_int("vpns_ov_ciph")); openvpn_add_lzo(fp, nvram_get_int("vpns_ov_clzo"), 1); i_items = 0; if (i_rdgw) { fprintf(fp, "push \"redirect-gateway def1 %s\"\n", "bypass-dhcp"); if (i_dhcp) { dns1 = nvram_safe_get("dhcp_dns1_x"); dns2 = nvram_safe_get("dhcp_dns2_x"); if (is_valid_ipv4(dns1) && (strcmp(dns1, lanip))) { i_items++; fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns1); } if (is_valid_ipv4(dns2) && (strcmp(dns2, lanip)) && (strcmp(dns2, dns1))) { i_items++; fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns2); } } if (i_items < 2) fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", lanip); } i_items = 0; if (i_dhcp) { wins = nvram_safe_get("dhcp_wins_x"); if (is_valid_ipv4(wins)) { i_items++; fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", wins); } } #if defined(APP_SMBD) || defined(APP_NMBD) if ((i_items < 1) && nvram_get_int("wins_enable")) fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", lanip); #endif fprintf(fp, "ca %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[0]); fprintf(fp, "dh %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[1]); fprintf(fp, "cert %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[2]); fprintf(fp, "key %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[3]); if (i_atls) fprintf(fp, "tls-auth %s/%s %d\n", SERVER_CERT_DIR, openvpn_server_keys[4], 0); fprintf(fp, "persist-key\n"); fprintf(fp, "persist-tun\n"); fprintf(fp, "user %s\n", SYS_USER_NOBODY); fprintf(fp, "group %s\n", SYS_GROUP_NOGROUP); fprintf(fp, "script-security %d\n", 2); fprintf(fp, "tmp-dir %s\n", COMMON_TEMP_DIR); fprintf(fp, "writepid %s\n", SERVER_PID_FILE); fprintf(fp, "client-connect %s\n", SCRIPT_OVPN_SERVER); fprintf(fp, "client-disconnect %s\n", SCRIPT_OVPN_SERVER); fprintf(fp, "\n### User params:\n"); load_user_config(fp, SERVER_CERT_DIR, "server.conf", forbidden_list); fclose(fp); chmod(conf_file, 0644); return 0; } return 1; }
static int openvpn_create_server_conf(const char *conf_file, int is_tun) { FILE *fp; int i, i_prot, i_prot_ori, i_atls, i_rdgw, i_dhcp, i_items; unsigned int laddr, lmask; char *lanip, *lannm, *wins, *dns1, *dns2; const char *p_prot; struct in_addr pool_in; i_atls = nvram_get_int("vpns_ov_atls"); for (i=0; i<5; i++) { if (!i_atls && (i == 4)) continue; if (!openvpn_check_key(openvpn_server_keys[i], 1)) return 1; } i_prot = nvram_get_int("vpns_ov_prot"); i_rdgw = nvram_get_int("vpns_ov_rdgw"); i_dhcp = is_dhcpd_enabled(0); lanip = nvram_safe_get("lan_ipaddr"); lannm = nvram_safe_get("lan_netmask"); laddr = ntohl(inet_addr(lanip)); lmask = ntohl(inet_addr(lannm)); i_prot_ori = i_prot; if (i_prot > 1 && get_ipv6_type() == IPV6_DISABLED) i_prot &= 1; /* note: upcoming openvpn 2.4 will need direct set udp4/tcp4-server for ipv4 only */ #if defined (USE_IPV6) if (i_prot == 3) p_prot = "tcp6-server"; else if (i_prot == 2) p_prot = "udp6"; else #endif if (i_prot == 1) p_prot = "tcp-server"; else p_prot = "udp"; /* fixup ipv4/ipv6 mismatch */ if (i_prot != i_prot_ori) nvram_set_int("vpns_ov_prot", i_prot); fp = fopen(conf_file, "w+"); if (!fp) return 1; fprintf(fp, "proto %s\n", p_prot); fprintf(fp, "port %d\n", nvram_safe_get_int("vpns_ov_port", 1194, 1, 65535)); if (is_tun) { unsigned int vnet, vmsk; vnet = ntohl(inet_addr(nvram_safe_get("vpns_vnet"))); vmsk = ntohl(inet_addr(VPN_SERVER_SUBNET_MASK)); pool_in.s_addr = htonl(vnet & vmsk); fprintf(fp, "dev %s\n", IFNAME_SERVER_TUN); fprintf(fp, "topology %s\n", "subnet"); fprintf(fp, "server %s %s\n", inet_ntoa(pool_in), VPN_SERVER_SUBNET_MASK); fprintf(fp, "client-config-dir %s\n", "ccd"); openvpn_create_server_acl(fp, "ccd", vnet, vmsk); pool_in.s_addr = htonl(laddr & lmask); fprintf(fp, "push \"route %s %s\"\n", inet_ntoa(pool_in), lannm); } else { char sp_b[INET_ADDRSTRLEN], sp_e[INET_ADDRSTRLEN]; unsigned int vp_b, vp_e, lnet; lnet = ~(lmask) - 1; vp_b = (unsigned int)nvram_safe_get_int("vpns_cli0", 245, 1, 254); vp_e = (unsigned int)nvram_safe_get_int("vpns_cli1", 254, 2, 254); if (vp_b > lnet) vp_b = lnet; if (vp_e > lnet) vp_e = lnet; if (vp_e < vp_b) vp_e = vp_b; pool_in.s_addr = htonl((laddr & lmask) | vp_b); strcpy(sp_b, inet_ntoa(pool_in)); pool_in.s_addr = htonl((laddr & lmask) | vp_e); strcpy(sp_e, inet_ntoa(pool_in)); fprintf(fp, "dev %s\n", IFNAME_SERVER_TAP); fprintf(fp, "server-bridge %s %s %s %s\n", lanip, lannm, sp_b, sp_e); } openvpn_add_auth(fp, nvram_get_int("vpns_ov_mdig")); openvpn_add_cipher(fp, nvram_get_int("vpns_ov_ciph")); openvpn_add_lzo(fp, nvram_get_int("vpns_ov_clzo"), 1); i_items = 0; if (i_rdgw) { fprintf(fp, "push \"redirect-gateway def1 %s\"\n", "bypass-dhcp"); if (i_dhcp) { dns1 = nvram_safe_get("dhcp_dns1_x"); dns2 = nvram_safe_get("dhcp_dns2_x"); if (is_valid_ipv4(dns1)) { i_items++; fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns1); } if (is_valid_ipv4(dns2) && strcmp(dns2, dns1)) { i_items++; fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns2); } } if (i_items < 1) fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", lanip); } i_items = 0; if (i_dhcp) { wins = nvram_safe_get("dhcp_wins_x"); if (is_valid_ipv4(wins)) { i_items++; fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", wins); } } #if defined(APP_SMBD) || defined(APP_NMBD) if ((i_items < 1) && nvram_get_int("wins_enable")) fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", lanip); #endif fprintf(fp, "ca %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[0]); fprintf(fp, "dh %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[1]); fprintf(fp, "cert %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[2]); fprintf(fp, "key %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[3]); if (i_atls) fprintf(fp, "tls-auth %s/%s %d\n", SERVER_CERT_DIR, openvpn_server_keys[4], 0); fprintf(fp, "persist-key\n"); fprintf(fp, "persist-tun\n"); fprintf(fp, "user %s\n", SYS_USER_NOBODY); fprintf(fp, "group %s\n", SYS_GROUP_NOGROUP); fprintf(fp, "script-security %d\n", 2); fprintf(fp, "tmp-dir %s\n", COMMON_TEMP_DIR); fprintf(fp, "writepid %s\n", SERVER_PID_FILE); fprintf(fp, "client-connect %s\n", SCRIPT_OVPN_SERVER); fprintf(fp, "client-disconnect %s\n", SCRIPT_OVPN_SERVER); fprintf(fp, "\n### User params:\n"); load_user_config(fp, SERVER_CERT_DIR, "server.conf", forbidden_list); fclose(fp); chmod(conf_file, 0644); return 0; }