int start_syslogd(void) { char *log_ipaddr, log_rot[8], host_dst[32]; char *syslogd_argv[] = { "/sbin/syslogd", log_rot, /* max size before rotation */ "-b0", /* purge on rotate */ "-S", /* smaller output */ "-D", /* drop duplicates */ "-O", "/tmp/syslog.log", /* syslog file */ NULL, /* -L */ NULL, NULL, /* -R host:port */ NULL }; snprintf(log_rot, sizeof(log_rot), "-s%d", LOG_ROTATE_SIZE_MAX); log_ipaddr = nvram_safe_get("log_ipaddr"); if (is_valid_ipv4(log_ipaddr)) { int log_port = nvram_safe_get_int("log_port", 514, 1, 65535); snprintf(host_dst, sizeof(host_dst), "%s:%d", log_ipaddr, log_port); syslogd_argv[7] = "-L"; /* local & remote */ syslogd_argv[8] = "-R"; syslogd_argv[9] = host_dst; } setenv_tz(); return _eval(syslogd_argv, NULL, 0, NULL); }
int launch_wan_usbnet(int unit) { int modem_devnum = 0; char ndis_ifname[16] = {0}; if (get_modem_ndis_ifname(ndis_ifname, &modem_devnum) && is_interface_exist(ndis_ifname)) { int ndis_mtu = nvram_safe_get_int("modem_mtu", 1500, 1000, 1500); check_upnp_wanif_changed(ndis_ifname); set_wan_unit_value(unit, "proto_t", "NDIS Modem"); set_wan_unit_value(unit, "ifname_t", ndis_ifname); /* bring up NDIS interface */ doSystem("ifconfig %s mtu %d up %s", ndis_ifname, ndis_mtu, "0.0.0.0"); /* re-build iptables rules (first stage w/o WAN IP) */ start_firewall_ex(); if (ndis_control_network(ndis_ifname, modem_devnum, 1) == 0) sleep(1); start_udhcpc_wan(ndis_ifname, unit, 0); return 0; } set_wan_unit_value(unit, "ifname_t", ""); return -1; }
void recreate_passwd_unix(int force_create) { FILE *fp1, *fp2; int i, uid, sh_num; char tmp[32], *rootnm, *usernm; rootnm = nvram_safe_get("http_username"); if (strlen(rootnm) < 1) rootnm = SYS_USER_ROOT; fp1 = fopen("/etc/passwd", "w"); fp2 = fopen("/etc/group", "w"); if (fp1 && fp2) { fprintf(fp1, "%s:x:%d:%d::%s:%s\n", rootnm, 0, 0, SYS_HOME_PATH_ROOT, SYS_SHELL); fprintf(fp1, "%s:x:%d:%d::%s:%s\n", SYS_USER_NOBODY, 99, 99, "/media", "/bin/false"); fprintf(fp1, "%s:x:%d:%d::%s:%s\n", "sshd", 100, 99, "/var/empty", "/bin/false"); fprintf(fp2, "%s:x:%d:%s\n", SYS_GROUP_ROOT, 0, rootnm); fprintf(fp2, "%s:x:%d:\n", SYS_GROUP_NOGROUP, 99); uid = 1000; sh_num = nvram_safe_get_int("acc_num", 0, 0, 100); for (i=0; i<sh_num; i++) { snprintf(tmp, sizeof(tmp), "acc_username%d", i); usernm = nvram_safe_get(tmp); if (*usernm && strcmp(usernm, "root") && strcmp(usernm, rootnm) && strcmp(usernm, SYS_USER_NOBODY) && strcmp(usernm, "sshd")) { fprintf(fp1, "%s:x:%d:%d:::\n", usernm, uid, uid); fprintf(fp2, "%s:x:%d:\n", usernm, uid); uid++; } } } if (fp1) fclose(fp1); if (fp2) fclose(fp2); chmod("/etc/passwd", 0644); chmod("/etc/group", 0644); if (force_create) { fp1 = fopen("/etc/shadow", "w"); if (fp1) { fprintf(fp1, "%s:%s:%d:0:99999:7:::\n", rootnm, "", 16000); fprintf(fp1, "%s:%s:%d:0:99999:7:::\n", SYS_USER_NOBODY, "*", 16000); fprintf(fp1, "%s:%s:%d:0:99999:7:::\n", "sshd", "*", 16000); fclose(fp1); } chmod("/etc/shadow", 0640); change_passwd_unix(rootnm, nvram_safe_get("http_passwd")); } }
int get_lan_dhcp6s_prefix_size(void) { int lan_size6 = 64; if (is_lan_addr6_static() == 1) lan_size6 = nvram_safe_get_int("ip6_lan_size", 64, 64, 80); return lan_size6; }
void run_samba(void) { int sh_num, has_nmbd, i; char tmpuser[40], tmp2[40]; char cmd[256]; if (nvram_match("enable_samba", "0") || nvram_match("st_samba_mode", "0")) return; mkdir_if_none("/etc/samba", "777"); has_nmbd = pids("nmbd"); if (!has_nmbd) { doSystem("rm -f %s", "/etc/samba/*"); clean_smbd_trash(); } recreate_passwd_unix(0); write_smb_conf(); sh_num = nvram_safe_get_int("acc_num", 0, 0, MAX_ACCOUNT_NUM); for (i = 0; i < sh_num; i++) { snprintf(tmpuser, sizeof(tmpuser), "acc_username%d", i); snprintf(tmp2, sizeof(tmp2), "acc_password%d", i); snprintf(cmd, sizeof(cmd), "smbpasswd %s %s", nvram_safe_get(tmpuser), nvram_safe_get(tmp2)); system(cmd); } if (has_nmbd) doSystem("killall %s %s", "-SIGHUP", "nmbd"); else eval("/sbin/nmbd", "-D", "-s", "/etc/smb.conf"); eval("/sbin/smbd", "-D", "-s", "/etc/smb.conf"); if (pids("smbd") && pids("nmbd")) logmessage("Samba Server", "daemon is started"); }
static int openvpn_create_client_conf(const char *conf_file, int is_tun) { FILE *fp; int i, i_prot, i_auth, i_atls; i_auth = nvram_get_int("vpnc_ov_auth"); i_atls = nvram_get_int("vpnc_ov_atls"); for (i=0; i<4; i++) { if (i_auth == 1 && (i == 1 || i == 2)) continue; if (!i_atls && (i == 3)) continue; if (!openvpn_check_key(openvpn_client_keys[i], 0)) return 1; } i_prot = nvram_get_int("vpnc_ov_prot"); fp = fopen(conf_file, "w+"); if (fp) { fprintf(fp, "client\n"); if (i_prot > 0) fprintf(fp, "proto %s\n", "tcp-client"); else fprintf(fp, "proto %s\n", "udp"); fprintf(fp, "remote %s %d\n", nvram_safe_get("vpnc_peer"), nvram_safe_get_int("vpnc_ov_port", 1194, 1, 65535)); fprintf(fp, "resolv-retry %s\n", "infinite"); fprintf(fp, "nobind\n"); fprintf(fp, "dev %s\n", (is_tun) ? IFNAME_CLIENT_TUN : IFNAME_CLIENT_TAP); fprintf(fp, "ca %s/%s\n", CLIENT_CERT_DIR, openvpn_client_keys[0]); if (i_auth == 0) { fprintf(fp, "cert %s/%s\n", CLIENT_CERT_DIR, openvpn_client_keys[1]); fprintf(fp, "key %s/%s\n", CLIENT_CERT_DIR, openvpn_client_keys[2]); } if (i_atls) fprintf(fp, "tls-auth %s/%s %d\n", CLIENT_CERT_DIR, openvpn_client_keys[3], 1); openvpn_add_auth(fp, nvram_get_int("vpnc_ov_mdig")); openvpn_add_cipher(fp, nvram_get_int("vpnc_ov_ciph")); openvpn_add_lzo(fp, nvram_get_int("vpnc_ov_clzo"), 0); if (i_auth == 1) { fprintf(fp, "auth-user-pass %s\n", "secret"); openvpn_create_client_secret("secret"); } if (nvram_match("vpnc_dgw", "1")) fprintf(fp, "redirect-gateway def1 bypass-dhcp\n"); fprintf(fp, "persist-key\n"); fprintf(fp, "script-security %d\n", 2); fprintf(fp, "writepid %s\n", CLIENT_PID_FILE); fprintf(fp, "up %s\n", SCRIPT_OVPN_CLIENT); fprintf(fp, "down %s\n", SCRIPT_OVPN_CLIENT); fprintf(fp, "\n### User params:\n"); load_user_config(fp, CLIENT_CERT_DIR, "client.conf", forbidden_list); fclose(fp); chmod(conf_file, 0644); return 0; } return 1; }
static int openvpn_create_server_conf(const char *conf_file, int is_tun) { FILE *fp; int i, i_prot, i_atls, i_rdgw, i_dhcp, i_items, i_cli0, i_cli1; unsigned int laddr, lmask, lsnet; struct in_addr pool_in; char pooll[32], pool1[32], pool2[32]; char *lanip, *lannm, *wins, *dns1, *dns2; i_atls = nvram_get_int("vpns_ov_atls"); for (i=0; i<5; i++) { if (!i_atls && (i == 4)) continue; if (!openvpn_check_key(openvpn_server_keys[i], 1)) return 1; } i_prot = nvram_get_int("vpns_ov_prot"); i_rdgw = nvram_get_int("vpns_ov_rdgw"); i_cli0 = nvram_safe_get_int("vpns_cli0", 245, 1, 254); i_cli1 = nvram_safe_get_int("vpns_cli1", 254, 2, 254); i_dhcp = is_dhcpd_enabled(0); lanip = nvram_safe_get("lan_ipaddr"); lannm = nvram_safe_get("lan_netmask"); laddr = ntohl(inet_addr(lanip)); lmask = ntohl(inet_addr(lannm)); lsnet = (~lmask) - 1; if (i_cli0 > (int)lsnet) i_cli0 = (int)lsnet; if (i_cli1 > (int)lsnet) i_cli1 = (int)lsnet; if (i_cli1 < i_cli0) i_cli1 = i_cli0; pool_in.s_addr = htonl(laddr & lmask); strcpy(pooll, inet_ntoa(pool_in)); pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli0); strcpy(pool1, inet_ntoa(pool_in)); pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli1); strcpy(pool2, inet_ntoa(pool_in)); fp = fopen(conf_file, "w+"); if (fp) { if (i_prot > 0) fprintf(fp, "proto %s\n", "tcp-server"); else fprintf(fp, "proto %s\n", "udp"); fprintf(fp, "port %d\n", nvram_safe_get_int("vpns_ov_port", 1194, 1, 65535)); if (is_tun) { char *vnet, *vmsk; vnet = nvram_safe_get("vpns_vnet"); vmsk = VPN_SERVER_SUBNET_MASK; laddr = ntohl(inet_addr(vnet)); lmask = ntohl(inet_addr(vmsk)); pool_in.s_addr = htonl(laddr & lmask); fprintf(fp, "dev %s\n", IFNAME_SERVER_TUN); fprintf(fp, "topology %s\n", "subnet"); fprintf(fp, "server %s %s\n", inet_ntoa(pool_in), vmsk); fprintf(fp, "client-config-dir %s\n", "ccd"); openvpn_create_server_acl(fp, "ccd"); fprintf(fp, "push \"route %s %s\"\n", pooll, lannm); } else { fprintf(fp, "dev %s\n", IFNAME_SERVER_TAP); fprintf(fp, "server-bridge %s %s %s %s\n", lanip, lannm, pool1, pool2); } openvpn_add_auth(fp, nvram_get_int("vpns_ov_mdig")); openvpn_add_cipher(fp, nvram_get_int("vpns_ov_ciph")); openvpn_add_lzo(fp, nvram_get_int("vpns_ov_clzo"), 1); i_items = 0; if (i_rdgw) { fprintf(fp, "push \"redirect-gateway def1 %s\"\n", "bypass-dhcp"); if (i_dhcp) { dns1 = nvram_safe_get("dhcp_dns1_x"); dns2 = nvram_safe_get("dhcp_dns2_x"); if (is_valid_ipv4(dns1) && (strcmp(dns1, lanip))) { i_items++; fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns1); } if (is_valid_ipv4(dns2) && (strcmp(dns2, lanip)) && (strcmp(dns2, dns1))) { i_items++; fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns2); } } if (i_items < 2) fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", lanip); } i_items = 0; if (i_dhcp) { wins = nvram_safe_get("dhcp_wins_x"); if (is_valid_ipv4(wins)) { i_items++; fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", wins); } } #if defined(APP_SMBD) || defined(APP_NMBD) if ((i_items < 1) && nvram_get_int("wins_enable")) fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", lanip); #endif fprintf(fp, "ca %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[0]); fprintf(fp, "dh %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[1]); fprintf(fp, "cert %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[2]); fprintf(fp, "key %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[3]); if (i_atls) fprintf(fp, "tls-auth %s/%s %d\n", SERVER_CERT_DIR, openvpn_server_keys[4], 0); fprintf(fp, "persist-key\n"); fprintf(fp, "persist-tun\n"); fprintf(fp, "user %s\n", SYS_USER_NOBODY); fprintf(fp, "group %s\n", SYS_GROUP_NOGROUP); fprintf(fp, "script-security %d\n", 2); fprintf(fp, "tmp-dir %s\n", COMMON_TEMP_DIR); fprintf(fp, "writepid %s\n", SERVER_PID_FILE); fprintf(fp, "client-connect %s\n", SCRIPT_OVPN_SERVER); fprintf(fp, "client-disconnect %s\n", SCRIPT_OVPN_SERVER); fprintf(fp, "\n### User params:\n"); load_user_config(fp, SERVER_CERT_DIR, "server.conf", forbidden_list); fclose(fp); chmod(conf_file, 0644); return 0; } return 1; }
static int write_pppd_ras_conf(const char* call_path, const char *modem_node, int unit) { FILE *fp; int modem_type, vid = 0, pid = 0; char tmp[256], *user, *pass, *isp, *connect; if (!get_modem_vid_pid(modem_node, &vid, &pid)) return 0; if (!(fp = fopen(call_path, "w+"))) return 0; modem_type = nvram_get_int("modem_type"); user = nvram_safe_get("modem_user"); pass = nvram_safe_get("modem_pass"); isp = nvram_safe_get("modem_isp"); fprintf(fp, "/dev/%s\n", modem_node); fprintf(fp, "crtscts\n"); fprintf(fp, "modem\n"); fprintf(fp, "noauth\n"); if(strlen(user) > 0) fprintf(fp, "user '%s'\n", safe_pppd_line(user, tmp, sizeof(tmp))); if(strlen(pass) > 0) fprintf(fp, "password '%s'\n", safe_pppd_line(pass, tmp, sizeof(tmp))); if(!strcmp(isp, "Virgin") || !strcmp(isp, "CDMA-UA")){ fprintf(fp, "refuse-chap\n"); fprintf(fp, "refuse-mschap\n"); fprintf(fp, "refuse-mschap-v2\n"); } fprintf(fp, "mtu %d\n", nvram_safe_get_int("modem_mtu", 1500, 1000, 1500)); fprintf(fp, "mru %d\n", 1500); fprintf(fp, "persist\n"); fprintf(fp, "maxfail %d\n", 0); fprintf(fp, "holdoff %d\n", 10); fprintf(fp, "nopcomp noaccomp\n"); fprintf(fp, "novj nobsdcomp nodeflate\n"); fprintf(fp, "noipdefault\n"); if (nvram_invmatch("modem_dnsa", "0")) fprintf(fp, "usepeerdns\n"); fprintf(fp, "minunit %d\n", RAS_PPP_UNIT); fprintf(fp, "linkname wan%d\n", unit); if (nvram_get_int("modem_dbg") == 1) fprintf(fp, "debug\n"); connect = "Generic_conn.scr"; if (modem_type == 1) { connect = "EVDO_conn.scr"; } else if( modem_type == 2) { connect = "td_conn.scr"; } else { if (vid == 0x0b05 && pid == 0x0302) // T500 connect = "t500_conn.scr"; else if (vid == 0x0421 && pid == 0x0612) // CS-15 connect = "t500_conn.scr"; else if (vid == 0x106c && pid == 0x3716) connect = "verizon_conn.scr"; else if (vid == 0x1410 && pid == 0x4400) connect = "rogers_conn.scr"; } fprintf(fp, "%s \"/bin/comgt -d /dev/%s -s %s/ppp/3g/%s\"\n", "connect", modem_node, MODEM_SCRIPTS_DIR, connect); fprintf(fp, "%s \"/bin/comgt -d /dev/%s -s %s/ppp/3g/%s\"\n", "disconnect", modem_node, MODEM_SCRIPTS_DIR, "Generic_disconn.scr"); fclose(fp); return 1; }
static int openvpn_create_server_conf(const char *conf_file, int is_tun) { FILE *fp; int i, i_prot, i_atls, i_rdgw, i_dhcp, i_dns, i_cli0, i_cli1; unsigned int laddr, lmask; struct in_addr pool_in; char pooll[32], pool1[32], pool2[32]; char *lanip, *lannm, *wins, *dns1, *dns2; i_atls = nvram_get_int("vpns_ov_atls"); for (i=0; i<5; i++) { if (!i_atls && (i == 4)) continue; if (!openvpn_check_key(openvpn_server_keys[i], 1)) return 1; } i_prot = nvram_get_int("vpns_ov_prot"); i_rdgw = nvram_get_int("vpns_ov_rdgw"); i_cli0 = nvram_get_int("vpns_cli0"); i_cli1 = nvram_get_int("vpns_cli1"); i_dns = 0; i_dhcp = nvram_get_int("dhcp_enable_x"); lanip = nvram_safe_get("lan_ipaddr"); lannm = nvram_safe_get("lan_netmask"); if (i_cli0 < 2) i_cli0 = 2; if (i_cli0 > 254) i_cli0 = 254; if (i_cli1 < 2) i_cli1 = 2; if (i_cli1 > 254) i_cli1 = 254; if (i_cli1 < i_cli0) i_cli1 = i_cli0; laddr = ntohl(inet_addr(lanip)); lmask = ntohl(inet_addr(lannm)); pool_in.s_addr = htonl(laddr & lmask); strcpy(pooll, inet_ntoa(pool_in)); pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli0); strcpy(pool1, inet_ntoa(pool_in)); pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli1); strcpy(pool2, inet_ntoa(pool_in)); fp = fopen(conf_file, "w+"); if (fp) { if (i_prot > 0) fprintf(fp, "proto %s\n", "tcp-server"); else fprintf(fp, "proto %s\n", "udp"); fprintf(fp, "port %d\n", nvram_safe_get_int("vpns_ov_port", 1194, 1, 65535)); if (is_tun) { char *vnet, *vmsk; vnet = nvram_safe_get("vpns_vnet"); vmsk = VPN_SERVER_SUBNET_MASK; laddr = ntohl(inet_addr(vnet)); lmask = ntohl(inet_addr(vmsk)); pool_in.s_addr = htonl(laddr & lmask); fprintf(fp, "dev %s\n", IFNAME_SERVER_TUN); fprintf(fp, "topology %s\n", "subnet"); fprintf(fp, "server %s %s\n", inet_ntoa(pool_in), vmsk); fprintf(fp, "client-config-dir %s\n", "ccd"); openvpn_create_server_acl(fp, "ccd"); fprintf(fp, "push \"route %s %s\"\n", pooll, lannm); } else { fprintf(fp, "dev %s\n", IFNAME_SERVER_TAP); fprintf(fp, "server-bridge %s %s %s %s\n", lanip, lannm, pool1, pool2); } if (i_rdgw) { fprintf(fp, "push \"redirect-gateway def1 %s\"\n", "bypass-dhcp"); if (i_dhcp == 1) { dns1 = nvram_safe_get("dhcp_dns1_x"); dns2 = nvram_safe_get("dhcp_dns2_x"); if ((inet_addr_(dns1) != INADDR_ANY) && (strcmp(dns1, lanip))) { i_dns++; fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns1); } if ((inet_addr_(dns2) != INADDR_ANY) && (strcmp(dns2, lanip)) && (strcmp(dns2, dns1))) { i_dns++; fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns2); } } if (i_dns < 2) fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", lanip); } if (i_dhcp == 1) { wins = nvram_safe_get("dhcp_wins_x"); if (inet_addr_(wins) != INADDR_ANY) fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", wins); } fprintf(fp, "ca %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[0]); fprintf(fp, "dh %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[1]); fprintf(fp, "cert %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[2]); fprintf(fp, "key %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[3]); if (i_atls) fprintf(fp, "tls-auth %s/%s %d\n", SERVER_CERT_DIR, openvpn_server_keys[4], 0); fprintf(fp, "persist-key\n"); fprintf(fp, "persist-tun\n"); fprintf(fp, "user %s\n", "nobody"); fprintf(fp, "group %s\n", "nogroup"); fprintf(fp, "script-security %d\n", 2); fprintf(fp, "tmp-dir %s\n", COMMON_TEMP_DIR); fprintf(fp, "writepid %s\n", SERVER_PID_FILE); fprintf(fp, "client-connect %s\n", SCRIPT_OVPN_SERVER); fprintf(fp, "client-disconnect %s\n", SCRIPT_OVPN_SERVER); fprintf(fp, "\n### User params:\n"); openvpn_load_user_config(fp, SERVER_CERT_DIR, "server.conf"); fclose(fp); chmod(conf_file, 0644); return 0; } return 1; }
static int write_pppd_ras_conf(const char* call_path, const char *modem_node, int ppp_unit) { FILE *fp; int modem_type; char *user, *pass, *isp; char usb_port_id[64], vid[8], pid[8]; // get USB port. if(!get_usb_port_by_device(modem_node, usb_port_id, sizeof(usb_port_id))) return 0; // get VID. if(!get_usb_vid(usb_port_id, vid, sizeof(vid))) return 0; // get PID. if(!get_usb_pid(usb_port_id, pid, sizeof(pid))) return 0; if (!(fp = fopen(call_path, "w+"))){ return 0; } modem_type = nvram_get_int("modem_type"); user = nvram_safe_get("modem_user"); pass = nvram_safe_get("modem_pass"); isp = nvram_safe_get("modem_isp"); fprintf(fp, "/dev/%s\n", modem_node); fprintf(fp, "modem\n"); fprintf(fp, "crtscts\n"); fprintf(fp, "noauth\n"); if(strlen(user) > 0) fprintf(fp, "user '%s'\n", user); if(strlen(pass) > 0) fprintf(fp, "password '%s'\n", pass); if(!strcmp(isp, "Virgin") || !strcmp(isp, "CDMA-UA")){ fprintf(fp, "refuse-chap\n"); fprintf(fp, "refuse-mschap\n"); fprintf(fp, "refuse-mschap-v2\n"); } fprintf(fp, "defaultroute\n"); fprintf(fp, "noipdefault\n"); fprintf(fp, "usepeerdns\n"); fprintf(fp, "nopcomp\n"); fprintf(fp, "noaccomp\n"); fprintf(fp, "novj\n"); fprintf(fp, "nobsdcomp\n"); fprintf(fp, "persist\n"); fprintf(fp, "maxfail %d\n", 0); fprintf(fp, "holdoff %d\n", 10); fprintf(fp, "nodeflate\n"); fprintf(fp, "mtu %d\n", nvram_safe_get_int("modem_mtu", 1500, 1000, 1500)); fprintf(fp, "mru %d\n", nvram_safe_get_int("modem_mru", 1500, 1000, 1500)); fprintf(fp, "unit %d\n", ppp_unit); if(modem_type == 2){ fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/td.scr\"\n", modem_node, MODEM_SCRIPTS_DIR); fprintf(fp, "disconnect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/Generic_disconn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR); } else if(modem_type == 1){ fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/EVDO_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR); fprintf(fp, "disconnect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/EVDO_disconn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR); } else { if(!strcmp(vid, "0b05") && !strcmp(pid, "0302")) // T500 fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/t500_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR); else if(!strcmp(vid, "0421") && !strcmp(pid, "0612")) // CS-15 fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/t500_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR); else if(!strcmp(vid, "106c") && !strcmp(pid, "3716")) fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/verizon_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR); else if(!strcmp(vid, "1410") && !strcmp(pid, "4400")) fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/rogers_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR); else fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/Generic_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR); fprintf(fp, "disconnect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/Generic_disconn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR); } fclose(fp); return 1; }
static int openvpn_create_client_conf(const char *conf_file, int is_tun) { FILE *fp; int i, i_prot, i_prot_ori, i_auth, i_atls; const char *p_peer, *p_prot; i_auth = nvram_get_int("vpnc_ov_auth"); i_atls = nvram_get_int("vpnc_ov_atls"); for (i=0; i<4; i++) { if (i_auth == 1 && (i == 1 || i == 2)) continue; if (!i_atls && (i == 3)) continue; if (!openvpn_check_key(openvpn_client_keys[i], 0)) return 1; } i_prot = nvram_get_int("vpnc_ov_prot"); i_prot_ori = i_prot; if (i_prot > 1 && get_ipv6_type() == IPV6_DISABLED) i_prot &= 1; p_peer = nvram_safe_get("vpnc_peer"); /* note: upcoming openvpn 2.4 will need direct set udp4/tcp4-client for ipv4 only */ #if defined (USE_IPV6) /* check peer address is direct ipv4/ipv6 */ if (i_prot > 1 && is_valid_ipv4(p_peer)) i_prot &= 1; else if (i_prot < 2 && is_valid_ipv6(p_peer)) i_prot += 2; if (i_prot == 3) p_prot = "tcp6-client"; else if (i_prot == 2) p_prot = "udp6"; else #endif if (i_prot == 1) p_prot = "tcp-client"; else p_prot = "udp"; /* fixup ipv4/ipv6 mismatch */ if (i_prot != i_prot_ori) nvram_set_int("vpnc_ov_prot", i_prot); fp = fopen(conf_file, "w+"); if (!fp) return 1; fprintf(fp, "client\n"); fprintf(fp, "proto %s\n", p_prot); fprintf(fp, "remote %s %d\n", p_peer, nvram_safe_get_int("vpnc_ov_port", 1194, 1, 65535)); fprintf(fp, "resolv-retry %s\n", "infinite"); fprintf(fp, "nobind\n"); fprintf(fp, "dev %s\n", (is_tun) ? IFNAME_CLIENT_TUN : IFNAME_CLIENT_TAP); fprintf(fp, "ca %s/%s\n", CLIENT_CERT_DIR, openvpn_client_keys[0]); if (i_auth == 0) { fprintf(fp, "cert %s/%s\n", CLIENT_CERT_DIR, openvpn_client_keys[1]); fprintf(fp, "key %s/%s\n", CLIENT_CERT_DIR, openvpn_client_keys[2]); } if (i_atls) fprintf(fp, "tls-auth %s/%s %d\n", CLIENT_CERT_DIR, openvpn_client_keys[3], 1); openvpn_add_auth(fp, nvram_get_int("vpnc_ov_mdig")); openvpn_add_cipher(fp, nvram_get_int("vpnc_ov_ciph")); openvpn_add_lzo(fp, nvram_get_int("vpnc_ov_clzo"), 0); if (i_auth == 1) { fprintf(fp, "auth-user-pass %s\n", "secret"); openvpn_create_client_secret("secret"); } if (nvram_match("vpnc_dgw", "1")) fprintf(fp, "redirect-gateway def1 bypass-dhcp\n"); fprintf(fp, "persist-key\n"); fprintf(fp, "script-security %d\n", 2); fprintf(fp, "writepid %s\n", CLIENT_PID_FILE); fprintf(fp, "up %s\n", SCRIPT_OVPN_CLIENT); fprintf(fp, "down %s\n", SCRIPT_OVPN_CLIENT); fprintf(fp, "\n### User params:\n"); load_user_config(fp, CLIENT_CERT_DIR, "client.conf", forbidden_list); fclose(fp); chmod(conf_file, 0644); return 0; }
static int write_pppd_ras_conf(const char* call_path, const char *modem_node, int ppp_unit) { FILE *fp; int modem_type, vid = 0, pid = 0; char *user, *pass, *isp; if (!get_modem_vid_pid(modem_node, &vid, &pid)) return 0; if (!(fp = fopen(call_path, "w+"))) return 0; modem_type = nvram_get_int("modem_type"); user = nvram_safe_get("modem_user"); pass = nvram_safe_get("modem_pass"); isp = nvram_safe_get("modem_isp"); fprintf(fp, "/dev/%s\n", modem_node); fprintf(fp, "modem\n"); fprintf(fp, "crtscts\n"); fprintf(fp, "noauth\n"); if(strlen(user) > 0) fprintf(fp, "user '%s'\n", user); if(strlen(pass) > 0) fprintf(fp, "password '%s'\n", pass); if(!strcmp(isp, "Virgin") || !strcmp(isp, "CDMA-UA")){ fprintf(fp, "refuse-chap\n"); fprintf(fp, "refuse-mschap\n"); fprintf(fp, "refuse-mschap-v2\n"); } fprintf(fp, "mtu %d\n", nvram_safe_get_int("modem_mtu", 1500, 1000, 1500)); fprintf(fp, "mru %d\n", 1500); fprintf(fp, "persist\n"); fprintf(fp, "maxfail %d\n", 0); fprintf(fp, "holdoff %d\n", 10); fprintf(fp, "nopcomp noaccomp\n"); fprintf(fp, "novj nobsdcomp nodeflate\n"); fprintf(fp, "noipdefault\n"); if (nvram_invmatch("modem_dnsa", "0")) fprintf(fp, "usepeerdns\n"); fprintf(fp, "minunit %d\n", ppp_unit); if(modem_type == 2){ fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/td.scr\"\n", modem_node, MODEM_SCRIPTS_DIR); fprintf(fp, "disconnect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/Generic_disconn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR); } else if(modem_type == 1){ fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/EVDO_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR); fprintf(fp, "disconnect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/EVDO_disconn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR); } else { if (vid == 0x0b05 && pid == 0x0302) // T500 fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/t500_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR); else if(vid == 0x0421 && pid == 0x0612) // CS-15 fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/t500_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR); else if(vid == 0x106c && pid == 0x3716) fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/verizon_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR); else if(vid == 0x1410 && pid == 0x4400) fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/rogers_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR); else fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/Generic_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR); fprintf(fp, "disconnect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/Generic_disconn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR); } fclose(fp); return 1; }
static int create_vpns_pppd_options(int vpns_type) { FILE *fp; int i_mppe, i_auth, i_vuse, i_dhcp, i_items; char *vpns_opt, *lanip, *wins, *dns1, *dns2; i_auth = nvram_get_int("vpns_auth"); i_mppe = nvram_get_int("vpns_mppe"); i_vuse = nvram_get_int("vpns_vuse"); i_dhcp = is_dhcpd_enabled(0); lanip = nvram_safe_get("lan_ipaddr"); vpns_opt = VPN_SERVER_PPPD_OPTIONS; if (!(fp = fopen(vpns_opt, "w"))) return -1; fprintf(fp, "lock\n"); fprintf(fp, "name %s\n", get_our_hostname()); fprintf(fp, "auth\n"); fprintf(fp, "refuse-eap\n"); fprintf(fp, "refuse-pap\n"); fprintf(fp, "refuse-mschap\n"); if (i_auth == 0) { fprintf(fp, "refuse-chap\n"); fprintf(fp, "require-mschap-v2\n"); } fprintf(fp, "default-asyncmap\n"); /* looks like pptp also likes them */ fprintf(fp, "nopcomp noaccomp\n"); /* ccp should still be enabled - mppe/mppc requires this */ fprintf(fp, "novj nobsdcomp nodeflate\n"); if (i_mppe == 3) { fprintf(fp, "nomppe nomppc\n"); } else { if (i_mppe == 1) { fprintf(fp, "+mppe\n"); fprintf(fp, "-mppe-40\n"); fprintf(fp, "+mppe-128\n"); } else if (i_mppe == 2) { fprintf(fp, "+mppe\n"); fprintf(fp, "+mppe-40\n"); fprintf(fp, "-mppe-128\n"); } else { fprintf(fp, "+mppe-40\n"); fprintf(fp, "+mppe-128\n"); } fprintf(fp, "nomppe-stateful\n"); } // DNS Server i_items = 0; if (i_dhcp) { dns1 = nvram_safe_get("dhcp_dns1_x"); dns2 = nvram_safe_get("dhcp_dns2_x"); if (is_valid_ipv4(dns1) && (strcmp(dns1, lanip))) { i_items++; fprintf(fp, "ms-dns %s\n", dns1); } if (is_valid_ipv4(dns2) && (strcmp(dns2, lanip)) && (strcmp(dns2, dns1))) { i_items++; fprintf(fp, "ms-dns %s\n", dns2); } } if (i_items < 2) fprintf(fp, "ms-dns %s\n", lanip); // WINS Server i_items = 0; if (i_dhcp) { wins = nvram_safe_get("dhcp_wins_x"); if (is_valid_ipv4(wins)) { i_items++; fprintf(fp, "ms-wins %s\n", wins); } } #if defined(APP_SMBD) || defined(APP_NMBD) if ((i_items < 1) && nvram_get_int("wins_enable")) fprintf(fp, "ms-wins %s\n", lanip); #endif fprintf(fp, "mtu %d\n", nvram_safe_get_int("vpns_mtu", 1450, 1000, 1460)); fprintf(fp, "mru %d\n", nvram_safe_get_int("vpns_mru", 1450, 1000, 1460)); fprintf(fp, "ipcp-accept-remote ipcp-accept-local\n"); fprintf(fp, "nodefaultroute\n"); if (i_vuse == 0) fprintf(fp, "proxyarp\n"); if (vpns_type == 1) { // L2TP: Don't wait for LCP term responses; exit immediately when killed fprintf(fp, "lcp-max-terminate %d\n", 0); } /* echo failures (6*20s) */ fprintf(fp, "lcp-echo-interval %d\n", 20); fprintf(fp, "lcp-echo-failure %d\n", 6); fprintf(fp, "lcp-echo-adaptive\n"); fprintf(fp, "ip-up-script %s\n", VPNS_PPP_UP_SCRIPT); fprintf(fp, "ip-down-script %s\n", VPNS_PPP_DW_SCRIPT); fprintf(fp, "minunit %d\n", VPN_SERVER_PPP_UNIT); fclose(fp); chmod(vpns_opt, 0644); return 0; }
int start_vpn_server(void) { FILE *fp; int i, i_type, i_vuse, i_cli0, i_cli1; char *vpns_cfg, *vpns_sec, *lanip; struct in_addr pool_in; unsigned int laddr, lmask, lsnet; if (nvram_invmatch("vpns_enable", "1") || get_ap_mode()) return 0; unlink(VPN_SERVER_LEASE_FILE); i_type = nvram_get_int("vpns_type"); #if defined(APP_OPENVPN) if (i_type == 2) return start_openvpn_server(); #endif vpns_cfg = "/etc/pptpd.conf"; vpns_sec = "/tmp/ppp/chap-secrets"; mkdir("/tmp/ppp", 0777); symlink("/sbin/rc", VPNS_PPP_UP_SCRIPT); symlink("/sbin/rc", VPNS_PPP_DW_SCRIPT); i_vuse = nvram_get_int("vpns_vuse"); lanip = nvram_safe_get("lan_ipaddr"); if (i_vuse == 0) { laddr = ntohl(inet_addr(lanip)); lmask = ntohl(inet_addr(nvram_safe_get("lan_netmask"))); lsnet = (~lmask) - 1; i_cli0 = nvram_safe_get_int("vpns_cli0", 245, 1, 254); i_cli1 = nvram_safe_get_int("vpns_cli1", 254, 2, 254); if (i_cli0 >= (int)lsnet) i_cli0 = (int)(lsnet - 1); if (i_cli1 > (int)lsnet) i_cli1 = (int)lsnet; if (i_cli1 <= i_cli0) i_cli1 = i_cli0 + 1; laddr = (laddr & lmask) | (unsigned int)i_cli0; i_cli0 += 1; } else { laddr = ntohl(inet_addr(nvram_safe_get("vpns_vnet"))); lmask = ntohl(inet_addr(VPN_SERVER_SUBNET_MASK)); laddr = (laddr & lmask) | 1; i_cli0 = 2; i_cli1 = i_cli0 + MAX_CLIENTS_NUM - 1; } if (i_type != 1) { if (!(fp = fopen(vpns_cfg, "w"))) return -1; fprintf(fp, "option %s\n", VPN_SERVER_PPPD_OPTIONS); fprintf(fp, "connections %d\n", MAX_CLIENTS_NUM); pool_in.s_addr = htonl(laddr); fprintf(fp, "localip %s\n", inet_ntoa(pool_in)); pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli0); fprintf(fp, "remoteip %s-%d\n", inet_ntoa(pool_in), i_cli1); fclose(fp); chmod(vpns_cfg, 0644); } create_vpns_pppd_options(i_type); /* create /tmp/ppp/chap-secrets */ fp = fopen(vpns_sec, "w+"); if (fp) { char *acl_user, *acl_pass; char acl_user_var[32], acl_pass_var[32], acl_addr_var[32]; int i_cli2; int i_max = nvram_get_int("vpns_num_x"); if (i_max > MAX_CLIENTS_NUM) i_max = MAX_CLIENTS_NUM; for (i = 0; i < i_max; i++) { sprintf(acl_user_var, "vpns_user_x%d", i); sprintf(acl_pass_var, "vpns_pass_x%d", i); acl_user = nvram_safe_get(acl_user_var); acl_pass = nvram_safe_get(acl_pass_var); if (*acl_user && *acl_pass) { sprintf(acl_addr_var, "vpns_addr_x%d", i); i_cli2 = nvram_get_int(acl_addr_var); if (i_cli2 >= i_cli0 && i_cli2 <= i_cli1 ) { pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli2); strcpy(acl_addr_var, inet_ntoa(pool_in)); } else strcpy(acl_addr_var, "*"); fprintf(fp, "\"%s\" * \"%s\" %s\n", acl_user, acl_pass, acl_addr_var); } } fclose(fp); chmod(vpns_sec, 0600); } if (i_type == 1) { nvram_set_int_temp("l2tp_srv_t", 1); safe_start_xl2tpd(); } else { nvram_set_int_temp("l2tp_srv_t", 0); /* execute pptpd daemon */ return eval("/usr/sbin/pptpd", "-c", vpns_cfg); } return 0; }
int ovpn_server_expcli_main(int argc, char **argv) { FILE *fp; int i, i_atls, rsa_bits, days_valid; char *wan_addr; const char *tmp_ovpn_path = "/tmp/export_ovpn"; const char *tmp_ovpn_conf = "/tmp/client.ovpn"; if (argc < 2 || strlen(argv[1]) < 1) { printf("Usage: %s common_name [rsa_bits] [days_valid]\n", argv[0]); return 1; } rsa_bits = 1024; if (argc > 2 && atoi(argv[2]) >= 1024) rsa_bits = atoi(argv[2]); days_valid = 365; if (argc > 3 && atoi(argv[3]) > 0) days_valid = atoi(argv[3]); i_atls = nvram_get_int("vpns_ov_atls"); for (i=0; i<5; i++) { if (!i_atls && (i == 4)) continue; if (!openvpn_check_key(openvpn_server_keys[i], 1)) { printf("Error: server file %s is not found\n", openvpn_server_keys[i]); return 1; } } /* Generate client cert and key */ doSystem("rm -rf %s", tmp_ovpn_path); setenv("CRT_PATH_CLI", tmp_ovpn_path, 1); doSystem("/usr/bin/openvpn-cert.sh %s -n '%s' -b %d -d %d", "client", argv[1], rsa_bits, days_valid); unsetenv("CRT_PATH_CLI"); fp = fopen(tmp_ovpn_conf, "w+"); if (!fp) { doSystem("rm -rf %s", tmp_ovpn_path); printf("Error: unable to create file %s\n", tmp_ovpn_conf); return 1; } wan_addr = get_ddns_fqdn(); if (!wan_addr) { wan_addr = get_wan_unit_value(0, "ipaddr"); if (!is_valid_ipv4(wan_addr)) wan_addr = NULL; } if (!wan_addr) wan_addr = "{wan_address}"; fprintf(fp, "client\n"); fprintf(fp, "dev %s\n", (nvram_get_int("vpns_ov_mode") == 1) ? "tun" : "tap"); fprintf(fp, "proto %s\n", (nvram_get_int("vpns_ov_prot") > 0) ? "tcp-client" : "udp"); fprintf(fp, "remote %s %d\n", wan_addr, nvram_safe_get_int("vpns_ov_port", 1194, 1, 65535)); fprintf(fp, "resolv-retry %s\n", "infinite"); fprintf(fp, "nobind\n"); fprintf(fp, "persist-key\n"); fprintf(fp, "persist-tun\n"); openvpn_add_auth(fp, nvram_get_int("vpns_ov_mdig")); openvpn_add_cipher(fp, nvram_get_int("vpns_ov_ciph")); openvpn_add_lzo(fp, nvram_get_int("vpns_ov_clzo"), 0); fprintf(fp, "nice %d\n", 0); fprintf(fp, "verb %d\n", 3); fprintf(fp, "mute %d\n", 10); fprintf(fp, ";ns-cert-type %s\n", "server"); openvpn_add_key(fp, SERVER_CERT_DIR, openvpn_server_keys[0], "ca"); openvpn_add_key(fp, tmp_ovpn_path, openvpn_client_keys[1], "cert"); openvpn_add_key(fp, tmp_ovpn_path, openvpn_client_keys[2], "key"); if (i_atls) { openvpn_add_key(fp, SERVER_CERT_DIR, openvpn_server_keys[4], "tls-auth"); fprintf(fp, "key-direction %d\n", 1); } fclose(fp); doSystem("rm -rf %s", tmp_ovpn_path); doSystem("unix2dos %s", tmp_ovpn_conf); chmod(tmp_ovpn_conf, 0600); return 0; }
int start_vpn_client(void) { FILE *fp; int i_type, i_mppe, i_auth; char *vpnc_peer, *vpnc_opt, tmp[256]; if (nvram_invmatch("vpnc_enable", "1") || get_ap_mode()) return 1; vpnc_peer = nvram_safe_get("vpnc_peer"); if (strlen(vpnc_peer) < 1) { logmessage(VPNC_LOG_NAME, "Unable to start - remote server host is not defined!"); return 1; } nvram_set_temp("vpnc_dns_t", ""); nvram_set_temp("vpnc_dom_t", ""); nvram_set_int_temp("vpnc_state_t", 0); i_type = nvram_get_int("vpnc_type"); #if defined(APP_OPENVPN) if (i_type == 2) return start_openvpn_client(); #endif vpnc_opt = VPN_CLIENT_PPPD_OPTIONS; mkdir("/tmp/ppp", 0777); symlink("/sbin/rc", VPNC_PPP_UP_SCRIPT); symlink("/sbin/rc", VPNC_PPP_DW_SCRIPT); i_auth = nvram_get_int("vpnc_auth"); i_mppe = nvram_get_int("vpnc_mppe"); // Create options for pppd if (!(fp = fopen(vpnc_opt, "w"))) { return -1; } fprintf(fp, "noauth\n"); fprintf(fp, "user '%s'\n", safe_pppd_line(nvram_safe_get("vpnc_user"), tmp, sizeof(tmp))); fprintf(fp, "password '%s'\n", safe_pppd_line(nvram_safe_get("vpnc_pass"), tmp, sizeof(tmp))); fprintf(fp, "refuse-eap\n"); if (i_auth == 1) { /* MS-CHAPv2 */ fprintf(fp, "refuse-pap\n"); fprintf(fp, "refuse-chap\n"); fprintf(fp, "refuse-mschap\n"); } else if (i_auth == 2) { /* CHAP */ fprintf(fp, "refuse-pap\n"); fprintf(fp, "refuse-mschap\n"); fprintf(fp, "refuse-mschap-v2\n"); } else if (i_auth == 3) { /* PAP */ fprintf(fp, "refuse-chap\n"); fprintf(fp, "refuse-mschap\n"); fprintf(fp, "refuse-mschap-v2\n"); } if (i_type != 1) { fprintf(fp, "plugin pptp.so\n"); fprintf(fp, "pptp_server '%s'\n", vpnc_peer); fprintf(fp, "route_rdgw %d\n", (nvram_match("vpnc_dgw", "1")) ? 2 : 0); fprintf(fp, "persist\n"); fprintf(fp, "linkname %s\n", VPNC_PPP_LINK_NAME); } fprintf(fp, "mtu %d\n", nvram_safe_get_int("vpnc_mtu", 1450, 1000, 1460)); fprintf(fp, "mru %d\n", nvram_safe_get_int("vpnc_mru", 1450, 1000, 1460)); fprintf(fp, "maxfail %d\n", 0); // pppd re-call count (0=infinite) fprintf(fp, "holdoff %d\n", 10); // pppd re-call time (10s) fprintf(fp, "ipcp-accept-remote ipcp-accept-local\n"); fprintf(fp, "noipdefault\n"); fprintf(fp, "usepeerdns\n"); fprintf(fp, "default-asyncmap\n"); /* looks like pptp also likes them */ fprintf(fp, "nopcomp noaccomp\n"); /* ccp should still be enabled - mppe/mppc requires this */ fprintf(fp, "novj nobsdcomp nodeflate\n"); if (i_mppe == 3) { fprintf(fp, "nomppe nomppc\n"); } else { if (i_mppe == 1) { fprintf(fp, "+mppe\n"); fprintf(fp, "-mppe-40\n"); fprintf(fp, "+mppe-128\n"); } else if (i_mppe == 2) { fprintf(fp, "+mppe\n"); fprintf(fp, "+mppe-40\n"); fprintf(fp, "-mppe-128\n"); } else { fprintf(fp, "+mppe-40\n"); fprintf(fp, "+mppe-128\n"); } fprintf(fp, "nomppe-stateful\n"); } if (i_type == 1) { // Don't wait for LCP term responses; exit immediately when killed fprintf(fp, "lcp-max-terminate %d\n", 0); } /* echo failures (6*20s) */ fprintf(fp, "lcp-echo-interval %d\n", 20); fprintf(fp, "lcp-echo-failure %d\n", 6); fprintf(fp, "lcp-echo-adaptive\n"); fprintf(fp, "ip-up-script %s\n", VPNC_PPP_UP_SCRIPT); fprintf(fp, "ip-down-script %s\n", VPNC_PPP_DW_SCRIPT); fprintf(fp, "minunit %d\n", VPNC_PPP_UNIT); fprintf(fp, "ktune\n"); /* user specific options */ fprintf(fp, "%s\n", nvram_safe_get("vpnc_pppd")); fclose(fp); chmod(vpnc_opt, 0600); if (i_type == 1) { nvram_set_int_temp("l2tp_cli_t", 1); if (safe_start_xl2tpd() != 0) control_xl2tpd("c", "VPNC"); } else { nvram_set_int_temp("l2tp_cli_t", 0); return eval("/usr/sbin/pppd", "file", vpnc_opt); } return 0; }
static int openvpn_create_server_conf(const char *conf_file, int is_tun) { FILE *fp; int i, i_prot, i_prot_ori, i_atls, i_rdgw, i_dhcp, i_items; unsigned int laddr, lmask; char *lanip, *lannm, *wins, *dns1, *dns2; const char *p_prot; struct in_addr pool_in; i_atls = nvram_get_int("vpns_ov_atls"); for (i=0; i<5; i++) { if (!i_atls && (i == 4)) continue; if (!openvpn_check_key(openvpn_server_keys[i], 1)) return 1; } i_prot = nvram_get_int("vpns_ov_prot"); i_rdgw = nvram_get_int("vpns_ov_rdgw"); i_dhcp = is_dhcpd_enabled(0); lanip = nvram_safe_get("lan_ipaddr"); lannm = nvram_safe_get("lan_netmask"); laddr = ntohl(inet_addr(lanip)); lmask = ntohl(inet_addr(lannm)); i_prot_ori = i_prot; if (i_prot > 1 && get_ipv6_type() == IPV6_DISABLED) i_prot &= 1; /* note: upcoming openvpn 2.4 will need direct set udp4/tcp4-server for ipv4 only */ #if defined (USE_IPV6) if (i_prot == 3) p_prot = "tcp6-server"; else if (i_prot == 2) p_prot = "udp6"; else #endif if (i_prot == 1) p_prot = "tcp-server"; else p_prot = "udp"; /* fixup ipv4/ipv6 mismatch */ if (i_prot != i_prot_ori) nvram_set_int("vpns_ov_prot", i_prot); fp = fopen(conf_file, "w+"); if (!fp) return 1; fprintf(fp, "proto %s\n", p_prot); fprintf(fp, "port %d\n", nvram_safe_get_int("vpns_ov_port", 1194, 1, 65535)); if (is_tun) { unsigned int vnet, vmsk; vnet = ntohl(inet_addr(nvram_safe_get("vpns_vnet"))); vmsk = ntohl(inet_addr(VPN_SERVER_SUBNET_MASK)); pool_in.s_addr = htonl(vnet & vmsk); fprintf(fp, "dev %s\n", IFNAME_SERVER_TUN); fprintf(fp, "topology %s\n", "subnet"); fprintf(fp, "server %s %s\n", inet_ntoa(pool_in), VPN_SERVER_SUBNET_MASK); fprintf(fp, "client-config-dir %s\n", "ccd"); openvpn_create_server_acl(fp, "ccd", vnet, vmsk); pool_in.s_addr = htonl(laddr & lmask); fprintf(fp, "push \"route %s %s\"\n", inet_ntoa(pool_in), lannm); } else { char sp_b[INET_ADDRSTRLEN], sp_e[INET_ADDRSTRLEN]; unsigned int vp_b, vp_e, lnet; lnet = ~(lmask) - 1; vp_b = (unsigned int)nvram_safe_get_int("vpns_cli0", 245, 1, 254); vp_e = (unsigned int)nvram_safe_get_int("vpns_cli1", 254, 2, 254); if (vp_b > lnet) vp_b = lnet; if (vp_e > lnet) vp_e = lnet; if (vp_e < vp_b) vp_e = vp_b; pool_in.s_addr = htonl((laddr & lmask) | vp_b); strcpy(sp_b, inet_ntoa(pool_in)); pool_in.s_addr = htonl((laddr & lmask) | vp_e); strcpy(sp_e, inet_ntoa(pool_in)); fprintf(fp, "dev %s\n", IFNAME_SERVER_TAP); fprintf(fp, "server-bridge %s %s %s %s\n", lanip, lannm, sp_b, sp_e); } openvpn_add_auth(fp, nvram_get_int("vpns_ov_mdig")); openvpn_add_cipher(fp, nvram_get_int("vpns_ov_ciph")); openvpn_add_lzo(fp, nvram_get_int("vpns_ov_clzo"), 1); i_items = 0; if (i_rdgw) { fprintf(fp, "push \"redirect-gateway def1 %s\"\n", "bypass-dhcp"); if (i_dhcp) { dns1 = nvram_safe_get("dhcp_dns1_x"); dns2 = nvram_safe_get("dhcp_dns2_x"); if (is_valid_ipv4(dns1)) { i_items++; fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns1); } if (is_valid_ipv4(dns2) && strcmp(dns2, dns1)) { i_items++; fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns2); } } if (i_items < 1) fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", lanip); } i_items = 0; if (i_dhcp) { wins = nvram_safe_get("dhcp_wins_x"); if (is_valid_ipv4(wins)) { i_items++; fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", wins); } } #if defined(APP_SMBD) || defined(APP_NMBD) if ((i_items < 1) && nvram_get_int("wins_enable")) fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", lanip); #endif fprintf(fp, "ca %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[0]); fprintf(fp, "dh %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[1]); fprintf(fp, "cert %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[2]); fprintf(fp, "key %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[3]); if (i_atls) fprintf(fp, "tls-auth %s/%s %d\n", SERVER_CERT_DIR, openvpn_server_keys[4], 0); fprintf(fp, "persist-key\n"); fprintf(fp, "persist-tun\n"); fprintf(fp, "user %s\n", SYS_USER_NOBODY); fprintf(fp, "group %s\n", SYS_GROUP_NOGROUP); fprintf(fp, "script-security %d\n", 2); fprintf(fp, "tmp-dir %s\n", COMMON_TEMP_DIR); fprintf(fp, "writepid %s\n", SERVER_PID_FILE); fprintf(fp, "client-connect %s\n", SCRIPT_OVPN_SERVER); fprintf(fp, "client-disconnect %s\n", SCRIPT_OVPN_SERVER); fprintf(fp, "\n### User params:\n"); load_user_config(fp, SERVER_CERT_DIR, "server.conf", forbidden_list); fclose(fp); chmod(conf_file, 0644); return 0; }