int
start_syslogd(void)
{
char *log_ipaddr, log_rot[8], host_dst[32];
char *syslogd_argv[] = {
"/sbin/syslogd",
log_rot, /* max size before rotation */
"-b0", /* purge on rotate */
"-S", /* smaller output */
"-D", /* drop duplicates */
"-O", "/tmp/syslog.log", /* syslog file */
NULL, /* -L */
NULL, NULL, /* -R host:port */
NULL
};
snprintf(log_rot, sizeof(log_rot), "-s%d", LOG_ROTATE_SIZE_MAX);
log_ipaddr = nvram_safe_get("log_ipaddr");
if (is_valid_ipv4(log_ipaddr)) {
int log_port = nvram_safe_get_int("log_port", 514, 1, 65535);
snprintf(host_dst, sizeof(host_dst), "%s:%d", log_ipaddr, log_port);
syslogd_argv[7] = "-L"; /* local & remote */
syslogd_argv[8] = "-R";
syslogd_argv[9] = host_dst;
}
setenv_tz();
return _eval(syslogd_argv, NULL, 0, NULL);
}
int
launch_wan_usbnet(int unit)
{
int modem_devnum = 0;
char ndis_ifname[16] = {0};
if (get_modem_ndis_ifname(ndis_ifname, &modem_devnum) && is_interface_exist(ndis_ifname)) {
int ndis_mtu = nvram_safe_get_int("modem_mtu", 1500, 1000, 1500);
check_upnp_wanif_changed(ndis_ifname);
set_wan_unit_value(unit, "proto_t", "NDIS Modem");
set_wan_unit_value(unit, "ifname_t", ndis_ifname);
/* bring up NDIS interface */
doSystem("ifconfig %s mtu %d up %s", ndis_ifname, ndis_mtu, "0.0.0.0");
/* re-build iptables rules (first stage w/o WAN IP) */
start_firewall_ex();
if (ndis_control_network(ndis_ifname, modem_devnum, 1) == 0)
sleep(1);
start_udhcpc_wan(ndis_ifname, unit, 0);
return 0;
}
set_wan_unit_value(unit, "ifname_t", "");
return -1;
}
void recreate_passwd_unix(int force_create)
{
FILE *fp1, *fp2;
int i, uid, sh_num;
char tmp[32], *rootnm, *usernm;
rootnm = nvram_safe_get("http_username");
if (strlen(rootnm) < 1)
rootnm = SYS_USER_ROOT;
fp1 = fopen("/etc/passwd", "w");
fp2 = fopen("/etc/group", "w");
if (fp1 && fp2) {
fprintf(fp1, "%s:x:%d:%d::%s:%s\n", rootnm, 0, 0, SYS_HOME_PATH_ROOT, SYS_SHELL);
fprintf(fp1, "%s:x:%d:%d::%s:%s\n", SYS_USER_NOBODY, 99, 99, "/media", "/bin/false");
fprintf(fp1, "%s:x:%d:%d::%s:%s\n", "sshd", 100, 99, "/var/empty", "/bin/false");
fprintf(fp2, "%s:x:%d:%s\n", SYS_GROUP_ROOT, 0, rootnm);
fprintf(fp2, "%s:x:%d:\n", SYS_GROUP_NOGROUP, 99);
uid = 1000;
sh_num = nvram_safe_get_int("acc_num", 0, 0, 100);
for (i=0; i<sh_num; i++) {
snprintf(tmp, sizeof(tmp), "acc_username%d", i);
usernm = nvram_safe_get(tmp);
if (*usernm && strcmp(usernm, "root") &&
strcmp(usernm, rootnm) &&
strcmp(usernm, SYS_USER_NOBODY) &&
strcmp(usernm, "sshd")) {
fprintf(fp1, "%s:x:%d:%d:::\n", usernm, uid, uid);
fprintf(fp2, "%s:x:%d:\n", usernm, uid);
uid++;
}
}
}
if (fp1)
fclose(fp1);
if (fp2)
fclose(fp2);
chmod("/etc/passwd", 0644);
chmod("/etc/group", 0644);
if (force_create) {
fp1 = fopen("/etc/shadow", "w");
if (fp1) {
fprintf(fp1, "%s:%s:%d:0:99999:7:::\n", rootnm, "", 16000);
fprintf(fp1, "%s:%s:%d:0:99999:7:::\n", SYS_USER_NOBODY, "*", 16000);
fprintf(fp1, "%s:%s:%d:0:99999:7:::\n", "sshd", "*", 16000);
fclose(fp1);
}
chmod("/etc/shadow", 0640);
change_passwd_unix(rootnm, nvram_safe_get("http_passwd"));
}
}
int get_lan_dhcp6s_prefix_size(void)
{
int lan_size6 = 64;
if (is_lan_addr6_static() == 1)
lan_size6 = nvram_safe_get_int("ip6_lan_size", 64, 64, 80);
return lan_size6;
}
void run_samba(void)
{
int sh_num, has_nmbd, i;
char tmpuser[40], tmp2[40];
char cmd[256];
if (nvram_match("enable_samba", "0") || nvram_match("st_samba_mode", "0"))
return;
mkdir_if_none("/etc/samba", "777");
has_nmbd = pids("nmbd");
if (!has_nmbd) {
doSystem("rm -f %s", "/etc/samba/*");
clean_smbd_trash();
}
recreate_passwd_unix(0);
write_smb_conf();
sh_num = nvram_safe_get_int("acc_num", 0, 0, MAX_ACCOUNT_NUM);
for (i = 0; i < sh_num; i++) {
snprintf(tmpuser, sizeof(tmpuser), "acc_username%d", i);
snprintf(tmp2, sizeof(tmp2), "acc_password%d", i);
snprintf(cmd, sizeof(cmd), "smbpasswd %s %s", nvram_safe_get(tmpuser), nvram_safe_get(tmp2));
system(cmd);
}
if (has_nmbd)
doSystem("killall %s %s", "-SIGHUP", "nmbd");
else
eval("/sbin/nmbd", "-D", "-s", "/etc/smb.conf");
eval("/sbin/smbd", "-D", "-s", "/etc/smb.conf");
if (pids("smbd") && pids("nmbd"))
logmessage("Samba Server", "daemon is started");
}
static int
openvpn_create_client_conf(const char *conf_file, int is_tun)
{
FILE *fp;
int i, i_prot, i_auth, i_atls;
i_auth = nvram_get_int("vpnc_ov_auth");
i_atls = nvram_get_int("vpnc_ov_atls");
for (i=0; i<4; i++) {
if (i_auth == 1 && (i == 1 || i == 2))
continue;
if (!i_atls && (i == 3))
continue;
if (!openvpn_check_key(openvpn_client_keys[i], 0))
return 1;
}
i_prot = nvram_get_int("vpnc_ov_prot");
fp = fopen(conf_file, "w+");
if (fp) {
fprintf(fp, "client\n");
if (i_prot > 0)
fprintf(fp, "proto %s\n", "tcp-client");
else
fprintf(fp, "proto %s\n", "udp");
fprintf(fp, "remote %s %d\n", nvram_safe_get("vpnc_peer"), nvram_safe_get_int("vpnc_ov_port", 1194, 1, 65535));
fprintf(fp, "resolv-retry %s\n", "infinite");
fprintf(fp, "nobind\n");
fprintf(fp, "dev %s\n", (is_tun) ? IFNAME_CLIENT_TUN : IFNAME_CLIENT_TAP);
fprintf(fp, "ca %s/%s\n", CLIENT_CERT_DIR, openvpn_client_keys[0]);
if (i_auth == 0) {
fprintf(fp, "cert %s/%s\n", CLIENT_CERT_DIR, openvpn_client_keys[1]);
fprintf(fp, "key %s/%s\n", CLIENT_CERT_DIR, openvpn_client_keys[2]);
}
if (i_atls)
fprintf(fp, "tls-auth %s/%s %d\n", CLIENT_CERT_DIR, openvpn_client_keys[3], 1);
openvpn_add_auth(fp, nvram_get_int("vpnc_ov_mdig"));
openvpn_add_cipher(fp, nvram_get_int("vpnc_ov_ciph"));
openvpn_add_lzo(fp, nvram_get_int("vpnc_ov_clzo"), 0);
if (i_auth == 1) {
fprintf(fp, "auth-user-pass %s\n", "secret");
openvpn_create_client_secret("secret");
}
if (nvram_match("vpnc_dgw", "1"))
fprintf(fp, "redirect-gateway def1 bypass-dhcp\n");
fprintf(fp, "persist-key\n");
fprintf(fp, "script-security %d\n", 2);
fprintf(fp, "writepid %s\n", CLIENT_PID_FILE);
fprintf(fp, "up %s\n", SCRIPT_OVPN_CLIENT);
fprintf(fp, "down %s\n", SCRIPT_OVPN_CLIENT);
fprintf(fp, "\n### User params:\n");
load_user_config(fp, CLIENT_CERT_DIR, "client.conf", forbidden_list);
fclose(fp);
chmod(conf_file, 0644);
return 0;
}
return 1;
}
static int
openvpn_create_server_conf(const char *conf_file, int is_tun)
{
FILE *fp;
int i, i_prot, i_atls, i_rdgw, i_dhcp, i_items, i_cli0, i_cli1;
unsigned int laddr, lmask, lsnet;
struct in_addr pool_in;
char pooll[32], pool1[32], pool2[32];
char *lanip, *lannm, *wins, *dns1, *dns2;
i_atls = nvram_get_int("vpns_ov_atls");
for (i=0; i<5; i++) {
if (!i_atls && (i == 4))
continue;
if (!openvpn_check_key(openvpn_server_keys[i], 1))
return 1;
}
i_prot = nvram_get_int("vpns_ov_prot");
i_rdgw = nvram_get_int("vpns_ov_rdgw");
i_cli0 = nvram_safe_get_int("vpns_cli0", 245, 1, 254);
i_cli1 = nvram_safe_get_int("vpns_cli1", 254, 2, 254);
i_dhcp = is_dhcpd_enabled(0);
lanip = nvram_safe_get("lan_ipaddr");
lannm = nvram_safe_get("lan_netmask");
laddr = ntohl(inet_addr(lanip));
lmask = ntohl(inet_addr(lannm));
lsnet = (~lmask) - 1;
if (i_cli0 > (int)lsnet) i_cli0 = (int)lsnet;
if (i_cli1 > (int)lsnet) i_cli1 = (int)lsnet;
if (i_cli1 < i_cli0) i_cli1 = i_cli0;
pool_in.s_addr = htonl(laddr & lmask);
strcpy(pooll, inet_ntoa(pool_in));
pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli0);
strcpy(pool1, inet_ntoa(pool_in));
pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli1);
strcpy(pool2, inet_ntoa(pool_in));
fp = fopen(conf_file, "w+");
if (fp) {
if (i_prot > 0)
fprintf(fp, "proto %s\n", "tcp-server");
else
fprintf(fp, "proto %s\n", "udp");
fprintf(fp, "port %d\n", nvram_safe_get_int("vpns_ov_port", 1194, 1, 65535));
if (is_tun) {
char *vnet, *vmsk;
vnet = nvram_safe_get("vpns_vnet");
vmsk = VPN_SERVER_SUBNET_MASK;
laddr = ntohl(inet_addr(vnet));
lmask = ntohl(inet_addr(vmsk));
pool_in.s_addr = htonl(laddr & lmask);
fprintf(fp, "dev %s\n", IFNAME_SERVER_TUN);
fprintf(fp, "topology %s\n", "subnet");
fprintf(fp, "server %s %s\n", inet_ntoa(pool_in), vmsk);
fprintf(fp, "client-config-dir %s\n", "ccd");
openvpn_create_server_acl(fp, "ccd");
fprintf(fp, "push \"route %s %s\"\n", pooll, lannm);
} else {
fprintf(fp, "dev %s\n", IFNAME_SERVER_TAP);
fprintf(fp, "server-bridge %s %s %s %s\n", lanip, lannm, pool1, pool2);
}
openvpn_add_auth(fp, nvram_get_int("vpns_ov_mdig"));
openvpn_add_cipher(fp, nvram_get_int("vpns_ov_ciph"));
openvpn_add_lzo(fp, nvram_get_int("vpns_ov_clzo"), 1);
i_items = 0;
if (i_rdgw) {
fprintf(fp, "push \"redirect-gateway def1 %s\"\n", "bypass-dhcp");
if (i_dhcp) {
dns1 = nvram_safe_get("dhcp_dns1_x");
dns2 = nvram_safe_get("dhcp_dns2_x");
if (is_valid_ipv4(dns1) && (strcmp(dns1, lanip))) {
i_items++;
fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns1);
}
if (is_valid_ipv4(dns2) && (strcmp(dns2, lanip)) && (strcmp(dns2, dns1))) {
i_items++;
fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns2);
}
}
if (i_items < 2)
fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", lanip);
}
i_items = 0;
if (i_dhcp) {
wins = nvram_safe_get("dhcp_wins_x");
if (is_valid_ipv4(wins)) {
i_items++;
fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", wins);
}
}
#if defined(APP_SMBD) || defined(APP_NMBD)
if ((i_items < 1) && nvram_get_int("wins_enable"))
fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", lanip);
#endif
fprintf(fp, "ca %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[0]);
fprintf(fp, "dh %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[1]);
fprintf(fp, "cert %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[2]);
fprintf(fp, "key %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[3]);
if (i_atls)
fprintf(fp, "tls-auth %s/%s %d\n", SERVER_CERT_DIR, openvpn_server_keys[4], 0);
fprintf(fp, "persist-key\n");
fprintf(fp, "persist-tun\n");
fprintf(fp, "user %s\n", SYS_USER_NOBODY);
fprintf(fp, "group %s\n", SYS_GROUP_NOGROUP);
fprintf(fp, "script-security %d\n", 2);
fprintf(fp, "tmp-dir %s\n", COMMON_TEMP_DIR);
fprintf(fp, "writepid %s\n", SERVER_PID_FILE);
fprintf(fp, "client-connect %s\n", SCRIPT_OVPN_SERVER);
fprintf(fp, "client-disconnect %s\n", SCRIPT_OVPN_SERVER);
fprintf(fp, "\n### User params:\n");
load_user_config(fp, SERVER_CERT_DIR, "server.conf", forbidden_list);
fclose(fp);
chmod(conf_file, 0644);
return 0;
}
return 1;
}
static int
write_pppd_ras_conf(const char* call_path, const char *modem_node, int unit)
{
FILE *fp;
int modem_type, vid = 0, pid = 0;
char tmp[256], *user, *pass, *isp, *connect;
if (!get_modem_vid_pid(modem_node, &vid, &pid))
return 0;
if (!(fp = fopen(call_path, "w+")))
return 0;
modem_type = nvram_get_int("modem_type");
user = nvram_safe_get("modem_user");
pass = nvram_safe_get("modem_pass");
isp = nvram_safe_get("modem_isp");
fprintf(fp, "/dev/%s\n", modem_node);
fprintf(fp, "crtscts\n");
fprintf(fp, "modem\n");
fprintf(fp, "noauth\n");
if(strlen(user) > 0)
fprintf(fp, "user '%s'\n", safe_pppd_line(user, tmp, sizeof(tmp)));
if(strlen(pass) > 0)
fprintf(fp, "password '%s'\n", safe_pppd_line(pass, tmp, sizeof(tmp)));
if(!strcmp(isp, "Virgin") || !strcmp(isp, "CDMA-UA")){
fprintf(fp, "refuse-chap\n");
fprintf(fp, "refuse-mschap\n");
fprintf(fp, "refuse-mschap-v2\n");
}
fprintf(fp, "mtu %d\n", nvram_safe_get_int("modem_mtu", 1500, 1000, 1500));
fprintf(fp, "mru %d\n", 1500);
fprintf(fp, "persist\n");
fprintf(fp, "maxfail %d\n", 0);
fprintf(fp, "holdoff %d\n", 10);
fprintf(fp, "nopcomp noaccomp\n");
fprintf(fp, "novj nobsdcomp nodeflate\n");
fprintf(fp, "noipdefault\n");
if (nvram_invmatch("modem_dnsa", "0"))
fprintf(fp, "usepeerdns\n");
fprintf(fp, "minunit %d\n", RAS_PPP_UNIT);
fprintf(fp, "linkname wan%d\n", unit);
if (nvram_get_int("modem_dbg") == 1)
fprintf(fp, "debug\n");
connect = "Generic_conn.scr";
if (modem_type == 1) {
connect = "EVDO_conn.scr";
} else if( modem_type == 2) {
connect = "td_conn.scr";
} else {
if (vid == 0x0b05 && pid == 0x0302) // T500
connect = "t500_conn.scr";
else if (vid == 0x0421 && pid == 0x0612) // CS-15
connect = "t500_conn.scr";
else if (vid == 0x106c && pid == 0x3716)
connect = "verizon_conn.scr";
else if (vid == 0x1410 && pid == 0x4400)
connect = "rogers_conn.scr";
}
fprintf(fp, "%s \"/bin/comgt -d /dev/%s -s %s/ppp/3g/%s\"\n", "connect", modem_node, MODEM_SCRIPTS_DIR, connect);
fprintf(fp, "%s \"/bin/comgt -d /dev/%s -s %s/ppp/3g/%s\"\n", "disconnect", modem_node, MODEM_SCRIPTS_DIR, "Generic_disconn.scr");
fclose(fp);
return 1;
}
static int
openvpn_create_server_conf(const char *conf_file, int is_tun)
{
FILE *fp;
int i, i_prot, i_atls, i_rdgw, i_dhcp, i_dns, i_cli0, i_cli1;
unsigned int laddr, lmask;
struct in_addr pool_in;
char pooll[32], pool1[32], pool2[32];
char *lanip, *lannm, *wins, *dns1, *dns2;
i_atls = nvram_get_int("vpns_ov_atls");
for (i=0; i<5; i++) {
if (!i_atls && (i == 4))
continue;
if (!openvpn_check_key(openvpn_server_keys[i], 1))
return 1;
}
i_prot = nvram_get_int("vpns_ov_prot");
i_rdgw = nvram_get_int("vpns_ov_rdgw");
i_cli0 = nvram_get_int("vpns_cli0");
i_cli1 = nvram_get_int("vpns_cli1");
i_dns = 0;
i_dhcp = nvram_get_int("dhcp_enable_x");
lanip = nvram_safe_get("lan_ipaddr");
lannm = nvram_safe_get("lan_netmask");
if (i_cli0 < 2) i_cli0 = 2;
if (i_cli0 > 254) i_cli0 = 254;
if (i_cli1 < 2) i_cli1 = 2;
if (i_cli1 > 254) i_cli1 = 254;
if (i_cli1 < i_cli0) i_cli1 = i_cli0;
laddr = ntohl(inet_addr(lanip));
lmask = ntohl(inet_addr(lannm));
pool_in.s_addr = htonl(laddr & lmask);
strcpy(pooll, inet_ntoa(pool_in));
pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli0);
strcpy(pool1, inet_ntoa(pool_in));
pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli1);
strcpy(pool2, inet_ntoa(pool_in));
fp = fopen(conf_file, "w+");
if (fp) {
if (i_prot > 0)
fprintf(fp, "proto %s\n", "tcp-server");
else
fprintf(fp, "proto %s\n", "udp");
fprintf(fp, "port %d\n", nvram_safe_get_int("vpns_ov_port", 1194, 1, 65535));
if (is_tun) {
char *vnet, *vmsk;
vnet = nvram_safe_get("vpns_vnet");
vmsk = VPN_SERVER_SUBNET_MASK;
laddr = ntohl(inet_addr(vnet));
lmask = ntohl(inet_addr(vmsk));
pool_in.s_addr = htonl(laddr & lmask);
fprintf(fp, "dev %s\n", IFNAME_SERVER_TUN);
fprintf(fp, "topology %s\n", "subnet");
fprintf(fp, "server %s %s\n", inet_ntoa(pool_in), vmsk);
fprintf(fp, "client-config-dir %s\n", "ccd");
openvpn_create_server_acl(fp, "ccd");
fprintf(fp, "push \"route %s %s\"\n", pooll, lannm);
} else {
fprintf(fp, "dev %s\n", IFNAME_SERVER_TAP);
fprintf(fp, "server-bridge %s %s %s %s\n", lanip, lannm, pool1, pool2);
}
if (i_rdgw) {
fprintf(fp, "push \"redirect-gateway def1 %s\"\n", "bypass-dhcp");
if (i_dhcp == 1) {
dns1 = nvram_safe_get("dhcp_dns1_x");
dns2 = nvram_safe_get("dhcp_dns2_x");
if ((inet_addr_(dns1) != INADDR_ANY) && (strcmp(dns1, lanip))) {
i_dns++;
fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns1);
}
if ((inet_addr_(dns2) != INADDR_ANY) && (strcmp(dns2, lanip)) && (strcmp(dns2, dns1))) {
i_dns++;
fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns2);
}
}
if (i_dns < 2)
fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", lanip);
}
if (i_dhcp == 1)
{
wins = nvram_safe_get("dhcp_wins_x");
if (inet_addr_(wins) != INADDR_ANY)
fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", wins);
}
fprintf(fp, "ca %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[0]);
fprintf(fp, "dh %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[1]);
fprintf(fp, "cert %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[2]);
fprintf(fp, "key %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[3]);
if (i_atls)
fprintf(fp, "tls-auth %s/%s %d\n", SERVER_CERT_DIR, openvpn_server_keys[4], 0);
fprintf(fp, "persist-key\n");
fprintf(fp, "persist-tun\n");
fprintf(fp, "user %s\n", "nobody");
fprintf(fp, "group %s\n", "nogroup");
fprintf(fp, "script-security %d\n", 2);
fprintf(fp, "tmp-dir %s\n", COMMON_TEMP_DIR);
fprintf(fp, "writepid %s\n", SERVER_PID_FILE);
fprintf(fp, "client-connect %s\n", SCRIPT_OVPN_SERVER);
fprintf(fp, "client-disconnect %s\n", SCRIPT_OVPN_SERVER);
fprintf(fp, "\n### User params:\n");
openvpn_load_user_config(fp, SERVER_CERT_DIR, "server.conf");
fclose(fp);
chmod(conf_file, 0644);
return 0;
}
return 1;
}
static int
write_pppd_ras_conf(const char* call_path, const char *modem_node, int ppp_unit)
{
FILE *fp;
int modem_type;
char *user, *pass, *isp;
char usb_port_id[64], vid[8], pid[8];
// get USB port.
if(!get_usb_port_by_device(modem_node, usb_port_id, sizeof(usb_port_id)))
return 0;
// get VID.
if(!get_usb_vid(usb_port_id, vid, sizeof(vid)))
return 0;
// get PID.
if(!get_usb_pid(usb_port_id, pid, sizeof(pid)))
return 0;
if (!(fp = fopen(call_path, "w+"))){
return 0;
}
modem_type = nvram_get_int("modem_type");
user = nvram_safe_get("modem_user");
pass = nvram_safe_get("modem_pass");
isp = nvram_safe_get("modem_isp");
fprintf(fp, "/dev/%s\n", modem_node);
fprintf(fp, "modem\n");
fprintf(fp, "crtscts\n");
fprintf(fp, "noauth\n");
if(strlen(user) > 0)
fprintf(fp, "user '%s'\n", user);
if(strlen(pass) > 0)
fprintf(fp, "password '%s'\n", pass);
if(!strcmp(isp, "Virgin") || !strcmp(isp, "CDMA-UA")){
fprintf(fp, "refuse-chap\n");
fprintf(fp, "refuse-mschap\n");
fprintf(fp, "refuse-mschap-v2\n");
}
fprintf(fp, "defaultroute\n");
fprintf(fp, "noipdefault\n");
fprintf(fp, "usepeerdns\n");
fprintf(fp, "nopcomp\n");
fprintf(fp, "noaccomp\n");
fprintf(fp, "novj\n");
fprintf(fp, "nobsdcomp\n");
fprintf(fp, "persist\n");
fprintf(fp, "maxfail %d\n", 0);
fprintf(fp, "holdoff %d\n", 10);
fprintf(fp, "nodeflate\n");
fprintf(fp, "mtu %d\n", nvram_safe_get_int("modem_mtu", 1500, 1000, 1500));
fprintf(fp, "mru %d\n", nvram_safe_get_int("modem_mru", 1500, 1000, 1500));
fprintf(fp, "unit %d\n", ppp_unit);
if(modem_type == 2){
fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/td.scr\"\n", modem_node, MODEM_SCRIPTS_DIR);
fprintf(fp, "disconnect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/Generic_disconn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR);
}
else if(modem_type == 1){
fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/EVDO_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR);
fprintf(fp, "disconnect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/EVDO_disconn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR);
}
else {
if(!strcmp(vid, "0b05") && !strcmp(pid, "0302")) // T500
fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/t500_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR);
else if(!strcmp(vid, "0421") && !strcmp(pid, "0612")) // CS-15
fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/t500_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR);
else if(!strcmp(vid, "106c") && !strcmp(pid, "3716"))
fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/verizon_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR);
else if(!strcmp(vid, "1410") && !strcmp(pid, "4400"))
fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/rogers_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR);
else
fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/Generic_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR);
fprintf(fp, "disconnect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/Generic_disconn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR);
}
fclose(fp);
return 1;
}
static int
openvpn_create_client_conf(const char *conf_file, int is_tun)
{
FILE *fp;
int i, i_prot, i_prot_ori, i_auth, i_atls;
const char *p_peer, *p_prot;
i_auth = nvram_get_int("vpnc_ov_auth");
i_atls = nvram_get_int("vpnc_ov_atls");
for (i=0; i<4; i++) {
if (i_auth == 1 && (i == 1 || i == 2))
continue;
if (!i_atls && (i == 3))
continue;
if (!openvpn_check_key(openvpn_client_keys[i], 0))
return 1;
}
i_prot = nvram_get_int("vpnc_ov_prot");
i_prot_ori = i_prot;
if (i_prot > 1 && get_ipv6_type() == IPV6_DISABLED)
i_prot &= 1;
p_peer = nvram_safe_get("vpnc_peer");
/* note: upcoming openvpn 2.4 will need direct set udp4/tcp4-client for ipv4 only */
#if defined (USE_IPV6)
/* check peer address is direct ipv4/ipv6 */
if (i_prot > 1 && is_valid_ipv4(p_peer))
i_prot &= 1;
else if (i_prot < 2 && is_valid_ipv6(p_peer))
i_prot += 2;
if (i_prot == 3)
p_prot = "tcp6-client";
else if (i_prot == 2)
p_prot = "udp6";
else
#endif
if (i_prot == 1)
p_prot = "tcp-client";
else
p_prot = "udp";
/* fixup ipv4/ipv6 mismatch */
if (i_prot != i_prot_ori)
nvram_set_int("vpnc_ov_prot", i_prot);
fp = fopen(conf_file, "w+");
if (!fp)
return 1;
fprintf(fp, "client\n");
fprintf(fp, "proto %s\n", p_prot);
fprintf(fp, "remote %s %d\n", p_peer, nvram_safe_get_int("vpnc_ov_port", 1194, 1, 65535));
fprintf(fp, "resolv-retry %s\n", "infinite");
fprintf(fp, "nobind\n");
fprintf(fp, "dev %s\n", (is_tun) ? IFNAME_CLIENT_TUN : IFNAME_CLIENT_TAP);
fprintf(fp, "ca %s/%s\n", CLIENT_CERT_DIR, openvpn_client_keys[0]);
if (i_auth == 0) {
fprintf(fp, "cert %s/%s\n", CLIENT_CERT_DIR, openvpn_client_keys[1]);
fprintf(fp, "key %s/%s\n", CLIENT_CERT_DIR, openvpn_client_keys[2]);
}
if (i_atls)
fprintf(fp, "tls-auth %s/%s %d\n", CLIENT_CERT_DIR, openvpn_client_keys[3], 1);
openvpn_add_auth(fp, nvram_get_int("vpnc_ov_mdig"));
openvpn_add_cipher(fp, nvram_get_int("vpnc_ov_ciph"));
openvpn_add_lzo(fp, nvram_get_int("vpnc_ov_clzo"), 0);
if (i_auth == 1) {
fprintf(fp, "auth-user-pass %s\n", "secret");
openvpn_create_client_secret("secret");
}
if (nvram_match("vpnc_dgw", "1"))
fprintf(fp, "redirect-gateway def1 bypass-dhcp\n");
fprintf(fp, "persist-key\n");
fprintf(fp, "script-security %d\n", 2);
fprintf(fp, "writepid %s\n", CLIENT_PID_FILE);
fprintf(fp, "up %s\n", SCRIPT_OVPN_CLIENT);
fprintf(fp, "down %s\n", SCRIPT_OVPN_CLIENT);
fprintf(fp, "\n### User params:\n");
load_user_config(fp, CLIENT_CERT_DIR, "client.conf", forbidden_list);
fclose(fp);
chmod(conf_file, 0644);
return 0;
}
static int
write_pppd_ras_conf(const char* call_path, const char *modem_node, int ppp_unit)
{
FILE *fp;
int modem_type, vid = 0, pid = 0;
char *user, *pass, *isp;
if (!get_modem_vid_pid(modem_node, &vid, &pid))
return 0;
if (!(fp = fopen(call_path, "w+")))
return 0;
modem_type = nvram_get_int("modem_type");
user = nvram_safe_get("modem_user");
pass = nvram_safe_get("modem_pass");
isp = nvram_safe_get("modem_isp");
fprintf(fp, "/dev/%s\n", modem_node);
fprintf(fp, "modem\n");
fprintf(fp, "crtscts\n");
fprintf(fp, "noauth\n");
if(strlen(user) > 0)
fprintf(fp, "user '%s'\n", user);
if(strlen(pass) > 0)
fprintf(fp, "password '%s'\n", pass);
if(!strcmp(isp, "Virgin") || !strcmp(isp, "CDMA-UA")){
fprintf(fp, "refuse-chap\n");
fprintf(fp, "refuse-mschap\n");
fprintf(fp, "refuse-mschap-v2\n");
}
fprintf(fp, "mtu %d\n", nvram_safe_get_int("modem_mtu", 1500, 1000, 1500));
fprintf(fp, "mru %d\n", 1500);
fprintf(fp, "persist\n");
fprintf(fp, "maxfail %d\n", 0);
fprintf(fp, "holdoff %d\n", 10);
fprintf(fp, "nopcomp noaccomp\n");
fprintf(fp, "novj nobsdcomp nodeflate\n");
fprintf(fp, "noipdefault\n");
if (nvram_invmatch("modem_dnsa", "0"))
fprintf(fp, "usepeerdns\n");
fprintf(fp, "minunit %d\n", ppp_unit);
if(modem_type == 2){
fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/td.scr\"\n", modem_node, MODEM_SCRIPTS_DIR);
fprintf(fp, "disconnect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/Generic_disconn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR);
}
else if(modem_type == 1){
fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/EVDO_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR);
fprintf(fp, "disconnect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/EVDO_disconn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR);
}
else {
if (vid == 0x0b05 && pid == 0x0302) // T500
fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/t500_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR);
else if(vid == 0x0421 && pid == 0x0612) // CS-15
fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/t500_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR);
else if(vid == 0x106c && pid == 0x3716)
fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/verizon_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR);
else if(vid == 0x1410 && pid == 0x4400)
fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/rogers_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR);
else
fprintf(fp, "connect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/Generic_conn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR);
fprintf(fp, "disconnect \"/bin/comgt -d /dev/%s -s %s/ppp/3g/Generic_disconn.scr\"\n", modem_node, MODEM_SCRIPTS_DIR);
}
fclose(fp);
return 1;
}
static int
create_vpns_pppd_options(int vpns_type)
{
FILE *fp;
int i_mppe, i_auth, i_vuse, i_dhcp, i_items;
char *vpns_opt, *lanip, *wins, *dns1, *dns2;
i_auth = nvram_get_int("vpns_auth");
i_mppe = nvram_get_int("vpns_mppe");
i_vuse = nvram_get_int("vpns_vuse");
i_dhcp = is_dhcpd_enabled(0);
lanip = nvram_safe_get("lan_ipaddr");
vpns_opt = VPN_SERVER_PPPD_OPTIONS;
if (!(fp = fopen(vpns_opt, "w")))
return -1;
fprintf(fp, "lock\n");
fprintf(fp, "name %s\n", get_our_hostname());
fprintf(fp, "auth\n");
fprintf(fp, "refuse-eap\n");
fprintf(fp, "refuse-pap\n");
fprintf(fp, "refuse-mschap\n");
if (i_auth == 0) {
fprintf(fp, "refuse-chap\n");
fprintf(fp, "require-mschap-v2\n");
}
fprintf(fp, "default-asyncmap\n");
/* looks like pptp also likes them */
fprintf(fp, "nopcomp noaccomp\n");
/* ccp should still be enabled - mppe/mppc requires this */
fprintf(fp, "novj nobsdcomp nodeflate\n");
if (i_mppe == 3) {
fprintf(fp, "nomppe nomppc\n");
} else {
if (i_mppe == 1) {
fprintf(fp, "+mppe\n");
fprintf(fp, "-mppe-40\n");
fprintf(fp, "+mppe-128\n");
} else if (i_mppe == 2) {
fprintf(fp, "+mppe\n");
fprintf(fp, "+mppe-40\n");
fprintf(fp, "-mppe-128\n");
} else {
fprintf(fp, "+mppe-40\n");
fprintf(fp, "+mppe-128\n");
}
fprintf(fp, "nomppe-stateful\n");
}
// DNS Server
i_items = 0;
if (i_dhcp) {
dns1 = nvram_safe_get("dhcp_dns1_x");
dns2 = nvram_safe_get("dhcp_dns2_x");
if (is_valid_ipv4(dns1) && (strcmp(dns1, lanip))) {
i_items++;
fprintf(fp, "ms-dns %s\n", dns1);
}
if (is_valid_ipv4(dns2) && (strcmp(dns2, lanip)) && (strcmp(dns2, dns1))) {
i_items++;
fprintf(fp, "ms-dns %s\n", dns2);
}
}
if (i_items < 2)
fprintf(fp, "ms-dns %s\n", lanip);
// WINS Server
i_items = 0;
if (i_dhcp) {
wins = nvram_safe_get("dhcp_wins_x");
if (is_valid_ipv4(wins)) {
i_items++;
fprintf(fp, "ms-wins %s\n", wins);
}
}
#if defined(APP_SMBD) || defined(APP_NMBD)
if ((i_items < 1) && nvram_get_int("wins_enable"))
fprintf(fp, "ms-wins %s\n", lanip);
#endif
fprintf(fp, "mtu %d\n", nvram_safe_get_int("vpns_mtu", 1450, 1000, 1460));
fprintf(fp, "mru %d\n", nvram_safe_get_int("vpns_mru", 1450, 1000, 1460));
fprintf(fp, "ipcp-accept-remote ipcp-accept-local\n");
fprintf(fp, "nodefaultroute\n");
if (i_vuse == 0)
fprintf(fp, "proxyarp\n");
if (vpns_type == 1) {
// L2TP: Don't wait for LCP term responses; exit immediately when killed
fprintf(fp, "lcp-max-terminate %d\n", 0);
}
/* echo failures (6*20s) */
fprintf(fp, "lcp-echo-interval %d\n", 20);
fprintf(fp, "lcp-echo-failure %d\n", 6);
fprintf(fp, "lcp-echo-adaptive\n");
fprintf(fp, "ip-up-script %s\n", VPNS_PPP_UP_SCRIPT);
fprintf(fp, "ip-down-script %s\n", VPNS_PPP_DW_SCRIPT);
fprintf(fp, "minunit %d\n", VPN_SERVER_PPP_UNIT);
fclose(fp);
chmod(vpns_opt, 0644);
return 0;
}
int
start_vpn_server(void)
{
FILE *fp;
int i, i_type, i_vuse, i_cli0, i_cli1;
char *vpns_cfg, *vpns_sec, *lanip;
struct in_addr pool_in;
unsigned int laddr, lmask, lsnet;
if (nvram_invmatch("vpns_enable", "1") || get_ap_mode())
return 0;
unlink(VPN_SERVER_LEASE_FILE);
i_type = nvram_get_int("vpns_type");
#if defined(APP_OPENVPN)
if (i_type == 2)
return start_openvpn_server();
#endif
vpns_cfg = "/etc/pptpd.conf";
vpns_sec = "/tmp/ppp/chap-secrets";
mkdir("/tmp/ppp", 0777);
symlink("/sbin/rc", VPNS_PPP_UP_SCRIPT);
symlink("/sbin/rc", VPNS_PPP_DW_SCRIPT);
i_vuse = nvram_get_int("vpns_vuse");
lanip = nvram_safe_get("lan_ipaddr");
if (i_vuse == 0) {
laddr = ntohl(inet_addr(lanip));
lmask = ntohl(inet_addr(nvram_safe_get("lan_netmask")));
lsnet = (~lmask) - 1;
i_cli0 = nvram_safe_get_int("vpns_cli0", 245, 1, 254);
i_cli1 = nvram_safe_get_int("vpns_cli1", 254, 2, 254);
if (i_cli0 >= (int)lsnet) i_cli0 = (int)(lsnet - 1);
if (i_cli1 > (int)lsnet) i_cli1 = (int)lsnet;
if (i_cli1 <= i_cli0) i_cli1 = i_cli0 + 1;
laddr = (laddr & lmask) | (unsigned int)i_cli0;
i_cli0 += 1;
} else {
laddr = ntohl(inet_addr(nvram_safe_get("vpns_vnet")));
lmask = ntohl(inet_addr(VPN_SERVER_SUBNET_MASK));
laddr = (laddr & lmask) | 1;
i_cli0 = 2;
i_cli1 = i_cli0 + MAX_CLIENTS_NUM - 1;
}
if (i_type != 1) {
if (!(fp = fopen(vpns_cfg, "w")))
return -1;
fprintf(fp, "option %s\n", VPN_SERVER_PPPD_OPTIONS);
fprintf(fp, "connections %d\n", MAX_CLIENTS_NUM);
pool_in.s_addr = htonl(laddr);
fprintf(fp, "localip %s\n", inet_ntoa(pool_in));
pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli0);
fprintf(fp, "remoteip %s-%d\n", inet_ntoa(pool_in), i_cli1);
fclose(fp);
chmod(vpns_cfg, 0644);
}
create_vpns_pppd_options(i_type);
/* create /tmp/ppp/chap-secrets */
fp = fopen(vpns_sec, "w+");
if (fp) {
char *acl_user, *acl_pass;
char acl_user_var[32], acl_pass_var[32], acl_addr_var[32];
int i_cli2;
int i_max = nvram_get_int("vpns_num_x");
if (i_max > MAX_CLIENTS_NUM) i_max = MAX_CLIENTS_NUM;
for (i = 0; i < i_max; i++) {
sprintf(acl_user_var, "vpns_user_x%d", i);
sprintf(acl_pass_var, "vpns_pass_x%d", i);
acl_user = nvram_safe_get(acl_user_var);
acl_pass = nvram_safe_get(acl_pass_var);
if (*acl_user && *acl_pass) {
sprintf(acl_addr_var, "vpns_addr_x%d", i);
i_cli2 = nvram_get_int(acl_addr_var);
if (i_cli2 >= i_cli0 && i_cli2 <= i_cli1 ) {
pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli2);
strcpy(acl_addr_var, inet_ntoa(pool_in));
} else
strcpy(acl_addr_var, "*");
fprintf(fp, "\"%s\" * \"%s\" %s\n", acl_user, acl_pass, acl_addr_var);
}
}
fclose(fp);
chmod(vpns_sec, 0600);
}
if (i_type == 1) {
nvram_set_int_temp("l2tp_srv_t", 1);
safe_start_xl2tpd();
} else {
nvram_set_int_temp("l2tp_srv_t", 0);
/* execute pptpd daemon */
return eval("/usr/sbin/pptpd", "-c", vpns_cfg);
}
return 0;
}
int
ovpn_server_expcli_main(int argc, char **argv)
{
FILE *fp;
int i, i_atls, rsa_bits, days_valid;
char *wan_addr;
const char *tmp_ovpn_path = "/tmp/export_ovpn";
const char *tmp_ovpn_conf = "/tmp/client.ovpn";
if (argc < 2 || strlen(argv[1]) < 1) {
printf("Usage: %s common_name [rsa_bits] [days_valid]\n", argv[0]);
return 1;
}
rsa_bits = 1024;
if (argc > 2 && atoi(argv[2]) >= 1024)
rsa_bits = atoi(argv[2]);
days_valid = 365;
if (argc > 3 && atoi(argv[3]) > 0)
days_valid = atoi(argv[3]);
i_atls = nvram_get_int("vpns_ov_atls");
for (i=0; i<5; i++) {
if (!i_atls && (i == 4))
continue;
if (!openvpn_check_key(openvpn_server_keys[i], 1)) {
printf("Error: server file %s is not found\n", openvpn_server_keys[i]);
return 1;
}
}
/* Generate client cert and key */
doSystem("rm -rf %s", tmp_ovpn_path);
setenv("CRT_PATH_CLI", tmp_ovpn_path, 1);
doSystem("/usr/bin/openvpn-cert.sh %s -n '%s' -b %d -d %d", "client", argv[1], rsa_bits, days_valid);
unsetenv("CRT_PATH_CLI");
fp = fopen(tmp_ovpn_conf, "w+");
if (!fp) {
doSystem("rm -rf %s", tmp_ovpn_path);
printf("Error: unable to create file %s\n", tmp_ovpn_conf);
return 1;
}
wan_addr = get_ddns_fqdn();
if (!wan_addr) {
wan_addr = get_wan_unit_value(0, "ipaddr");
if (!is_valid_ipv4(wan_addr))
wan_addr = NULL;
}
if (!wan_addr)
wan_addr = "{wan_address}";
fprintf(fp, "client\n");
fprintf(fp, "dev %s\n", (nvram_get_int("vpns_ov_mode") == 1) ? "tun" : "tap");
fprintf(fp, "proto %s\n", (nvram_get_int("vpns_ov_prot") > 0) ? "tcp-client" : "udp");
fprintf(fp, "remote %s %d\n", wan_addr, nvram_safe_get_int("vpns_ov_port", 1194, 1, 65535));
fprintf(fp, "resolv-retry %s\n", "infinite");
fprintf(fp, "nobind\n");
fprintf(fp, "persist-key\n");
fprintf(fp, "persist-tun\n");
openvpn_add_auth(fp, nvram_get_int("vpns_ov_mdig"));
openvpn_add_cipher(fp, nvram_get_int("vpns_ov_ciph"));
openvpn_add_lzo(fp, nvram_get_int("vpns_ov_clzo"), 0);
fprintf(fp, "nice %d\n", 0);
fprintf(fp, "verb %d\n", 3);
fprintf(fp, "mute %d\n", 10);
fprintf(fp, ";ns-cert-type %s\n", "server");
openvpn_add_key(fp, SERVER_CERT_DIR, openvpn_server_keys[0], "ca");
openvpn_add_key(fp, tmp_ovpn_path, openvpn_client_keys[1], "cert");
openvpn_add_key(fp, tmp_ovpn_path, openvpn_client_keys[2], "key");
if (i_atls) {
openvpn_add_key(fp, SERVER_CERT_DIR, openvpn_server_keys[4], "tls-auth");
fprintf(fp, "key-direction %d\n", 1);
}
fclose(fp);
doSystem("rm -rf %s", tmp_ovpn_path);
doSystem("unix2dos %s", tmp_ovpn_conf);
chmod(tmp_ovpn_conf, 0600);
return 0;
}
int
start_vpn_client(void)
{
FILE *fp;
int i_type, i_mppe, i_auth;
char *vpnc_peer, *vpnc_opt, tmp[256];
if (nvram_invmatch("vpnc_enable", "1") || get_ap_mode())
return 1;
vpnc_peer = nvram_safe_get("vpnc_peer");
if (strlen(vpnc_peer) < 1) {
logmessage(VPNC_LOG_NAME, "Unable to start - remote server host is not defined!");
return 1;
}
nvram_set_temp("vpnc_dns_t", "");
nvram_set_temp("vpnc_dom_t", "");
nvram_set_int_temp("vpnc_state_t", 0);
i_type = nvram_get_int("vpnc_type");
#if defined(APP_OPENVPN)
if (i_type == 2)
return start_openvpn_client();
#endif
vpnc_opt = VPN_CLIENT_PPPD_OPTIONS;
mkdir("/tmp/ppp", 0777);
symlink("/sbin/rc", VPNC_PPP_UP_SCRIPT);
symlink("/sbin/rc", VPNC_PPP_DW_SCRIPT);
i_auth = nvram_get_int("vpnc_auth");
i_mppe = nvram_get_int("vpnc_mppe");
// Create options for pppd
if (!(fp = fopen(vpnc_opt, "w"))) {
return -1;
}
fprintf(fp, "noauth\n");
fprintf(fp, "user '%s'\n", safe_pppd_line(nvram_safe_get("vpnc_user"), tmp, sizeof(tmp)));
fprintf(fp, "password '%s'\n", safe_pppd_line(nvram_safe_get("vpnc_pass"), tmp, sizeof(tmp)));
fprintf(fp, "refuse-eap\n");
if (i_auth == 1) {
/* MS-CHAPv2 */
fprintf(fp, "refuse-pap\n");
fprintf(fp, "refuse-chap\n");
fprintf(fp, "refuse-mschap\n");
}
else if (i_auth == 2) {
/* CHAP */
fprintf(fp, "refuse-pap\n");
fprintf(fp, "refuse-mschap\n");
fprintf(fp, "refuse-mschap-v2\n");
}
else if (i_auth == 3) {
/* PAP */
fprintf(fp, "refuse-chap\n");
fprintf(fp, "refuse-mschap\n");
fprintf(fp, "refuse-mschap-v2\n");
}
if (i_type != 1)
{
fprintf(fp, "plugin pptp.so\n");
fprintf(fp, "pptp_server '%s'\n", vpnc_peer);
fprintf(fp, "route_rdgw %d\n", (nvram_match("vpnc_dgw", "1")) ? 2 : 0);
fprintf(fp, "persist\n");
fprintf(fp, "linkname %s\n", VPNC_PPP_LINK_NAME);
}
fprintf(fp, "mtu %d\n", nvram_safe_get_int("vpnc_mtu", 1450, 1000, 1460));
fprintf(fp, "mru %d\n", nvram_safe_get_int("vpnc_mru", 1450, 1000, 1460));
fprintf(fp, "maxfail %d\n", 0); // pppd re-call count (0=infinite)
fprintf(fp, "holdoff %d\n", 10); // pppd re-call time (10s)
fprintf(fp, "ipcp-accept-remote ipcp-accept-local\n");
fprintf(fp, "noipdefault\n");
fprintf(fp, "usepeerdns\n");
fprintf(fp, "default-asyncmap\n");
/* looks like pptp also likes them */
fprintf(fp, "nopcomp noaccomp\n");
/* ccp should still be enabled - mppe/mppc requires this */
fprintf(fp, "novj nobsdcomp nodeflate\n");
if (i_mppe == 3) {
fprintf(fp, "nomppe nomppc\n");
} else {
if (i_mppe == 1) {
fprintf(fp, "+mppe\n");
fprintf(fp, "-mppe-40\n");
fprintf(fp, "+mppe-128\n");
} else if (i_mppe == 2) {
fprintf(fp, "+mppe\n");
fprintf(fp, "+mppe-40\n");
fprintf(fp, "-mppe-128\n");
} else {
fprintf(fp, "+mppe-40\n");
fprintf(fp, "+mppe-128\n");
}
fprintf(fp, "nomppe-stateful\n");
}
if (i_type == 1)
{
// Don't wait for LCP term responses; exit immediately when killed
fprintf(fp, "lcp-max-terminate %d\n", 0);
}
/* echo failures (6*20s) */
fprintf(fp, "lcp-echo-interval %d\n", 20);
fprintf(fp, "lcp-echo-failure %d\n", 6);
fprintf(fp, "lcp-echo-adaptive\n");
fprintf(fp, "ip-up-script %s\n", VPNC_PPP_UP_SCRIPT);
fprintf(fp, "ip-down-script %s\n", VPNC_PPP_DW_SCRIPT);
fprintf(fp, "minunit %d\n", VPNC_PPP_UNIT);
fprintf(fp, "ktune\n");
/* user specific options */
fprintf(fp, "%s\n", nvram_safe_get("vpnc_pppd"));
fclose(fp);
chmod(vpnc_opt, 0600);
if (i_type == 1)
{
nvram_set_int_temp("l2tp_cli_t", 1);
if (safe_start_xl2tpd() != 0)
control_xl2tpd("c", "VPNC");
}
else
{
nvram_set_int_temp("l2tp_cli_t", 0);
return eval("/usr/sbin/pppd", "file", vpnc_opt);
}
return 0;
}
static int
openvpn_create_server_conf(const char *conf_file, int is_tun)
{
FILE *fp;
int i, i_prot, i_prot_ori, i_atls, i_rdgw, i_dhcp, i_items;
unsigned int laddr, lmask;
char *lanip, *lannm, *wins, *dns1, *dns2;
const char *p_prot;
struct in_addr pool_in;
i_atls = nvram_get_int("vpns_ov_atls");
for (i=0; i<5; i++) {
if (!i_atls && (i == 4))
continue;
if (!openvpn_check_key(openvpn_server_keys[i], 1))
return 1;
}
i_prot = nvram_get_int("vpns_ov_prot");
i_rdgw = nvram_get_int("vpns_ov_rdgw");
i_dhcp = is_dhcpd_enabled(0);
lanip = nvram_safe_get("lan_ipaddr");
lannm = nvram_safe_get("lan_netmask");
laddr = ntohl(inet_addr(lanip));
lmask = ntohl(inet_addr(lannm));
i_prot_ori = i_prot;
if (i_prot > 1 && get_ipv6_type() == IPV6_DISABLED)
i_prot &= 1;
/* note: upcoming openvpn 2.4 will need direct set udp4/tcp4-server for ipv4 only */
#if defined (USE_IPV6)
if (i_prot == 3)
p_prot = "tcp6-server";
else if (i_prot == 2)
p_prot = "udp6";
else
#endif
if (i_prot == 1)
p_prot = "tcp-server";
else
p_prot = "udp";
/* fixup ipv4/ipv6 mismatch */
if (i_prot != i_prot_ori)
nvram_set_int("vpns_ov_prot", i_prot);
fp = fopen(conf_file, "w+");
if (!fp)
return 1;
fprintf(fp, "proto %s\n", p_prot);
fprintf(fp, "port %d\n", nvram_safe_get_int("vpns_ov_port", 1194, 1, 65535));
if (is_tun) {
unsigned int vnet, vmsk;
vnet = ntohl(inet_addr(nvram_safe_get("vpns_vnet")));
vmsk = ntohl(inet_addr(VPN_SERVER_SUBNET_MASK));
pool_in.s_addr = htonl(vnet & vmsk);
fprintf(fp, "dev %s\n", IFNAME_SERVER_TUN);
fprintf(fp, "topology %s\n", "subnet");
fprintf(fp, "server %s %s\n", inet_ntoa(pool_in), VPN_SERVER_SUBNET_MASK);
fprintf(fp, "client-config-dir %s\n", "ccd");
openvpn_create_server_acl(fp, "ccd", vnet, vmsk);
pool_in.s_addr = htonl(laddr & lmask);
fprintf(fp, "push \"route %s %s\"\n", inet_ntoa(pool_in), lannm);
} else {
char sp_b[INET_ADDRSTRLEN], sp_e[INET_ADDRSTRLEN];
unsigned int vp_b, vp_e, lnet;
lnet = ~(lmask) - 1;
vp_b = (unsigned int)nvram_safe_get_int("vpns_cli0", 245, 1, 254);
vp_e = (unsigned int)nvram_safe_get_int("vpns_cli1", 254, 2, 254);
if (vp_b > lnet)
vp_b = lnet;
if (vp_e > lnet)
vp_e = lnet;
if (vp_e < vp_b)
vp_e = vp_b;
pool_in.s_addr = htonl((laddr & lmask) | vp_b);
strcpy(sp_b, inet_ntoa(pool_in));
pool_in.s_addr = htonl((laddr & lmask) | vp_e);
strcpy(sp_e, inet_ntoa(pool_in));
fprintf(fp, "dev %s\n", IFNAME_SERVER_TAP);
fprintf(fp, "server-bridge %s %s %s %s\n", lanip, lannm, sp_b, sp_e);
}
openvpn_add_auth(fp, nvram_get_int("vpns_ov_mdig"));
openvpn_add_cipher(fp, nvram_get_int("vpns_ov_ciph"));
openvpn_add_lzo(fp, nvram_get_int("vpns_ov_clzo"), 1);
i_items = 0;
if (i_rdgw) {
fprintf(fp, "push \"redirect-gateway def1 %s\"\n", "bypass-dhcp");
if (i_dhcp) {
dns1 = nvram_safe_get("dhcp_dns1_x");
dns2 = nvram_safe_get("dhcp_dns2_x");
if (is_valid_ipv4(dns1)) {
i_items++;
fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns1);
}
if (is_valid_ipv4(dns2) && strcmp(dns2, dns1)) {
i_items++;
fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", dns2);
}
}
if (i_items < 1)
fprintf(fp, "push \"dhcp-option %s %s\"\n", "DNS", lanip);
}
i_items = 0;
if (i_dhcp) {
wins = nvram_safe_get("dhcp_wins_x");
if (is_valid_ipv4(wins)) {
i_items++;
fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", wins);
}
}
#if defined(APP_SMBD) || defined(APP_NMBD)
if ((i_items < 1) && nvram_get_int("wins_enable"))
fprintf(fp, "push \"dhcp-option %s %s\"\n", "WINS", lanip);
#endif
fprintf(fp, "ca %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[0]);
fprintf(fp, "dh %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[1]);
fprintf(fp, "cert %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[2]);
fprintf(fp, "key %s/%s\n", SERVER_CERT_DIR, openvpn_server_keys[3]);
if (i_atls)
fprintf(fp, "tls-auth %s/%s %d\n", SERVER_CERT_DIR, openvpn_server_keys[4], 0);
fprintf(fp, "persist-key\n");
fprintf(fp, "persist-tun\n");
fprintf(fp, "user %s\n", SYS_USER_NOBODY);
fprintf(fp, "group %s\n", SYS_GROUP_NOGROUP);
fprintf(fp, "script-security %d\n", 2);
fprintf(fp, "tmp-dir %s\n", COMMON_TEMP_DIR);
fprintf(fp, "writepid %s\n", SERVER_PID_FILE);
fprintf(fp, "client-connect %s\n", SCRIPT_OVPN_SERVER);
fprintf(fp, "client-disconnect %s\n", SCRIPT_OVPN_SERVER);
fprintf(fp, "\n### User params:\n");
load_user_config(fp, SERVER_CERT_DIR, "server.conf", forbidden_list);
fclose(fp);
chmod(conf_file, 0644);
return 0;
}
