void wan6_up(char *wan_ifname, int unit) { int ipv6_type, allow_ra, start_radvd_now; char *wan_addr6, *wan_gate6, *wan_addr4; ipv6_type = get_ipv6_type(); if (ipv6_type == IPV6_DISABLED) return; stop_dhcp6c(); build_dns6_var(); control_if_ipv6_dad(IFNAME_BR, 1); start_radvd_now = 1; if (ipv6_type == IPV6_6IN4 || ipv6_type == IPV6_6TO4 || ipv6_type == IPV6_6RD) { wan_addr4 = get_wan_unit_value(unit, "ipaddr"); wan_addr6 = get_wan_unit_value(unit, "addr6"); start_sit_tunnel(ipv6_type, wan_addr4, wan_addr6); } else { control_if_ipv6_dad(wan_ifname, 1); if (ipv6_type == IPV6_NATIVE_STATIC) { wan_addr6 = get_wan_unit_value(unit, "addr6"); wan_gate6 = get_wan_unit_value(unit, "gate6"); control_if_ipv6_privacy(wan_ifname, 0); control_if_ipv6_radv(wan_ifname, 0); clear_if_addr6(wan_ifname); if (*wan_addr6) doSystem("ip -6 addr add %s dev %s", wan_addr6, wan_ifname); if (*wan_gate6) { doSystem("ip -6 route add %s dev %s", wan_gate6, wan_ifname); doSystem("ip -6 route add default via %s metric %d", wan_gate6, 1); } } else { doSystem("ip -6 route add default dev %s metric %d", wan_ifname, 2048); allow_ra = nvram_invmatch("ip6_wan_dhcp", "1"); control_if_ipv6_privacy(wan_ifname, allow_ra && nvram_match("ip6_wan_priv", "1")); control_if_ipv6_autoconf(wan_ifname, allow_ra); control_if_ipv6_radv(wan_ifname, 1); /* wait for interface ready */ sleep(2); start_dhcp6c(wan_ifname); if (nvram_match("ip6_lan_auto", "1")) start_radvd_now = 0; } } if (start_radvd_now) reload_radvd(); }
int store_wan_dns6(char *dns6_new) { char dns6s[INET6_ADDRSTRLEN*3+8] = {0}; char *dns6_old; if (!dns6_new) return 0; snprintf(dns6s, sizeof(dns6s), "%s", dns6_new); trim_r(dns6s); if (!(*dns6s)) return 0; dns6_old = get_wan_unit_value(0, "dns6"); if (strcmp(dns6s, dns6_old) != 0) { set_wan_unit_value(0, "dns6", dns6s); return 1; } return 0; }
int ovpn_server_expcli_main(int argc, char **argv) { FILE *fp; int i, i_atls, rsa_bits, days_valid; char *wan_addr; const char *tmp_ovpn_path = "/tmp/export_ovpn"; const char *tmp_ovpn_conf = "/tmp/client.ovpn"; if (argc < 2 || strlen(argv[1]) < 1) { printf("Usage: %s common_name [rsa_bits] [days_valid]\n", argv[0]); return 1; } rsa_bits = 1024; if (argc > 2 && atoi(argv[2]) >= 1024) rsa_bits = atoi(argv[2]); days_valid = 365; if (argc > 3 && atoi(argv[3]) > 0) days_valid = atoi(argv[3]); i_atls = nvram_get_int("vpns_ov_atls"); for (i=0; i<5; i++) { if (!i_atls && (i == 4)) continue; if (!openvpn_check_key(openvpn_server_keys[i], 1)) { printf("Error: server file %s is not found\n", openvpn_server_keys[i]); return 1; } } /* Generate client cert and key */ doSystem("rm -rf %s", tmp_ovpn_path); setenv("CRT_PATH_CLI", tmp_ovpn_path, 1); doSystem("/usr/bin/openvpn-cert.sh %s -n '%s' -b %d -d %d", "client", argv[1], rsa_bits, days_valid); unsetenv("CRT_PATH_CLI"); fp = fopen(tmp_ovpn_conf, "w+"); if (!fp) { doSystem("rm -rf %s", tmp_ovpn_path); printf("Error: unable to create file %s\n", tmp_ovpn_conf); return 1; } wan_addr = get_ddns_fqdn(); if (!wan_addr) { wan_addr = get_wan_unit_value(0, "ipaddr"); if (!is_valid_ipv4(wan_addr)) wan_addr = NULL; } if (!wan_addr) wan_addr = "{wan_address}"; fprintf(fp, "client\n"); fprintf(fp, "dev %s\n", (nvram_get_int("vpns_ov_mode") == 1) ? "tun" : "tap"); fprintf(fp, "proto %s\n", (nvram_get_int("vpns_ov_prot") > 0) ? "tcp-client" : "udp"); fprintf(fp, "remote %s %d\n", wan_addr, nvram_safe_get_int("vpns_ov_port", 1194, 1, 65535)); fprintf(fp, "resolv-retry %s\n", "infinite"); fprintf(fp, "nobind\n"); fprintf(fp, "persist-key\n"); fprintf(fp, "persist-tun\n"); openvpn_add_auth(fp, nvram_get_int("vpns_ov_mdig")); openvpn_add_cipher(fp, nvram_get_int("vpns_ov_ciph")); openvpn_add_lzo(fp, nvram_get_int("vpns_ov_clzo"), 0); fprintf(fp, "nice %d\n", 0); fprintf(fp, "verb %d\n", 3); fprintf(fp, "mute %d\n", 10); fprintf(fp, ";ns-cert-type %s\n", "server"); openvpn_add_key(fp, SERVER_CERT_DIR, openvpn_server_keys[0], "ca"); openvpn_add_key(fp, tmp_ovpn_path, openvpn_client_keys[1], "cert"); openvpn_add_key(fp, tmp_ovpn_path, openvpn_client_keys[2], "key"); if (i_atls) { openvpn_add_key(fp, SERVER_CERT_DIR, openvpn_server_keys[4], "tls-auth"); fprintf(fp, "key-direction %d\n", 1); } fclose(fp); doSystem("rm -rf %s", tmp_ovpn_path); doSystem("unix2dos %s", tmp_ovpn_conf); chmod(tmp_ovpn_conf, 0600); return 0; }
int start_auth_eapol(char *ifname, int unit, int eap_algo) { FILE *fp; int ret; const char *wpa_conf = "/etc/wpa_supplicant.conf"; char *eap_type = "MD5"; char *log_prefix = "EAPoL-MD5"; char *wpa_argv[] = {"/usr/sbin/wpa_supplicant", "-B", "-W", "-D", "wired", "-i", ifname, "-c", (char *)wpa_conf, NULL }; char *cli_argv[] = {"/usr/sbin/wpa_cli", "-B", "-i", ifname, "-a", SCRIPT_WPACLI_WAN, NULL }; stop_auth_eapol(); /* Generate options file */ if ((fp = fopen(wpa_conf, "w")) == NULL) { perror(wpa_conf); return -1; } #if defined(SUPPORT_PEAP_SSL) if (eap_algo == 5) { eap_type = "PEAP"; log_prefix = "EAPoL-PEAP"; } else if (eap_algo == 4 || eap_algo == 3 || eap_algo == 2 || eap_algo == 1) { eap_type = "TTLS"; log_prefix = "EAPoL-TTLS"; } #endif fprintf(fp, "ctrl_interface=/var/run/wpa_supplicant\n" "ap_scan=0\n" "fast_reauth=1\n" "network={\n" " key_mgmt=IEEE8021X\n" " eap=%s\n" " identity=\"%s\"\n" " password=\"%s\"\n" , eap_type, get_wan_unit_value(unit, "auth_user"), get_wan_unit_value(unit, "auth_pass")); #if defined(SUPPORT_PEAP_SSL) if (eap_algo == 5) { fprintf(fp, " phase1=\"peaplabel=0\"\n" " phase2=\"auth=%s\"\n", "MSCHAPV2"); } else if (eap_algo == 4 || eap_algo == 3 || eap_algo == 2 || eap_algo == 1) { char *phase2_auth = "MSCHAPV2"; if (eap_algo == 1) phase2_auth = "PAP"; else if (eap_algo == 2) phase2_auth = "CHAP"; else if (eap_algo == 3) phase2_auth = "MSCHAP"; fprintf(fp, " anonymous_identity=\"anonymous\"\n" " phase2=\"auth=%s\"\n", phase2_auth); } #endif fprintf(fp, " eapol_flags=0\n" "}\n"); fclose(fp); /* Start wpa_supplicant */ ret = _eval(wpa_argv, NULL, 0, NULL); if (ret == 0) { logmessage(log_prefix, "Start authentication..."); _eval(cli_argv, NULL, 0, NULL); } return ret; }
void start_sit_tunnel(int ipv6_type, char *wan_addr4, char *wan_addr6) { int sit_ttl, sit_mtu, size4, size6; char *sit_remote, *sit_relay, *wan_gate6; char addr6s[INET6_ADDRSTRLEN]; struct in_addr addr4; struct in6_addr addr6; size4 = 0; addr4.s_addr = inet_addr_safe(wan_addr4); if (addr4.s_addr == INADDR_ANY) return; // cannot start SIT tunnel w/o IPv4 WAN addr sit_mtu = nvram_get_int("ip6_sit_mtu"); sit_ttl = nvram_get_int("ip6_sit_ttl"); if (sit_mtu < 1280) sit_mtu = 1280; if (sit_ttl < 1) sit_ttl = 1; if (sit_ttl > 255) sit_ttl = 255; memset(&addr6, 0, sizeof(addr6)); size6 = ipv6_from_string(wan_addr6, &addr6); if (size6 < 0) size6 = 0; sit_relay = ""; sit_remote = "any"; if (ipv6_type == IPV6_6IN4) sit_remote = nvram_safe_get("ip6_6in4_remote"); if (is_interface_exist(IFNAME_SIT)) doSystem("ip tunnel del %s", IFNAME_SIT); doSystem("ip tunnel %s %s mode sit remote %s local %s ttl %d", "add", IFNAME_SIT, sit_remote, wan_addr4, sit_ttl); if (ipv6_type == IPV6_6TO4) { size6 = 16; memset(&addr6, 0, sizeof(addr6)); addr6.s6_addr16[0] = htons(0x2002); ipv6_to_ipv4_map(&addr6, size6, &addr4, 0); addr6.s6_addr16[7] = htons(0x0001); sit_relay = nvram_safe_get("ip6_6to4_relay"); } else if (ipv6_type == IPV6_6RD) { struct in_addr net4; struct in6_addr net6; char sit_6rd_prefix[INET6_ADDRSTRLEN], sit_6rd_relay_prefix[32]; memcpy(&net6, &addr6, sizeof(addr6)); ipv6_to_net(&net6, size6); inet_ntop(AF_INET6, &net6, sit_6rd_prefix, INET6_ADDRSTRLEN); sprintf(sit_6rd_prefix, "%s/%d", sit_6rd_prefix, size6); strcpy(sit_6rd_relay_prefix, "0.0.0.0/0"); size4 = get_wan_unit_value_int(0, "6rd_size"); if (size4 > 0 && size4 <= 32) { net4.s_addr = addr4.s_addr & htonl(0xffffffffUL << (32 - size4)); sprintf(sit_6rd_relay_prefix, "%s/%d", inet_ntoa(net4), size4); } doSystem("ip tunnel 6rd dev %s 6rd-prefix %s 6rd-relay_prefix %s", IFNAME_SIT, sit_6rd_prefix, sit_6rd_relay_prefix); ipv6_to_ipv4_map(&addr6, size6, &addr4, size4); addr6.s6_addr16[7] = htons(0x0001); sit_relay = get_wan_unit_value(0, "6rd_relay"); } // WAN IPv6 address inet_ntop(AF_INET6, &addr6, addr6s, INET6_ADDRSTRLEN); if (size6 > 0) sprintf(addr6s, "%s/%d", addr6s, size6); control_if_ipv6_radv(IFNAME_SIT, 0); doSystem("ip link set mtu %d dev %s up", sit_mtu, IFNAME_SIT); control_if_ipv6(IFNAME_SIT, 1); clear_if_addr6(IFNAME_SIT); doSystem("ip -6 addr add %s dev %s", addr6s, IFNAME_SIT); /* WAN IPv6 gateway (auto-generate for 6to4/6rd) */ if (ipv6_type == IPV6_6TO4 || ipv6_type == IPV6_6RD) { sprintf(addr6s, "::%s", sit_relay); wan_gate6 = addr6s; /* add direct default gateway for workaround "No route to host" on new kernel */ doSystem("ip -6 route add default dev %s metric %d", IFNAME_SIT, 2048); } else { wan_gate6 = get_wan_unit_value(0, "gate6"); } if (*wan_gate6) doSystem("ip -6 route add default via %s dev %s metric %d", wan_gate6, IFNAME_SIT, 1); /* LAN IPv6 address (auto-generate for 6to4/6rd) */ if (ipv6_type == IPV6_6TO4 || ipv6_type == IPV6_6RD) { memset(&addr6, 0, sizeof(addr6)); if (ipv6_type == IPV6_6TO4) { addr6.s6_addr16[0] = htons(0x2002); ipv6_to_ipv4_map(&addr6, 16, &addr4, 0); addr6.s6_addr16[3] = htons(0x0001); addr6.s6_addr16[7] = htons(0x0001); } else { ipv6_from_string(wan_addr6, &addr6); ipv6_to_ipv4_map(&addr6, size6, &addr4, size4); addr6.s6_addr16[7] = htons(0x0001); } inet_ntop(AF_INET6, &addr6, addr6s, INET6_ADDRSTRLEN); sprintf(addr6s, "%s/%d", addr6s, 64); clear_if_addr6(IFNAME_BR); doSystem("ip -6 addr add %s dev %s", addr6s, IFNAME_BR); store_lan_addr6(addr6s); } }