void
restart_openvpn_server(void)
{
/* Note: SIGHUP is buggy with server drop privilegies */
stop_openvpn_server();
unlink(VPN_SERVER_LEASE_FILE);
start_openvpn_server();
}
int
start_vpn_server(void)
{
FILE *fp;
int i, i_type, i_vuse, i_cli0, i_cli1;
char *vpns_cfg, *vpns_sec, *lanip;
struct in_addr pool_in;
unsigned int laddr, lmask, lsnet;
if (nvram_invmatch("vpns_enable", "1") || get_ap_mode())
return 0;
unlink(VPN_SERVER_LEASE_FILE);
i_type = nvram_get_int("vpns_type");
#if defined(APP_OPENVPN)
if (i_type == 2)
return start_openvpn_server();
#endif
vpns_cfg = "/etc/pptpd.conf";
vpns_sec = "/tmp/ppp/chap-secrets";
mkdir("/tmp/ppp", 0777);
symlink("/sbin/rc", VPNS_PPP_UP_SCRIPT);
symlink("/sbin/rc", VPNS_PPP_DW_SCRIPT);
i_vuse = nvram_get_int("vpns_vuse");
lanip = nvram_safe_get("lan_ipaddr");
if (i_vuse == 0) {
laddr = ntohl(inet_addr(lanip));
lmask = ntohl(inet_addr(nvram_safe_get("lan_netmask")));
lsnet = (~lmask) - 1;
i_cli0 = nvram_safe_get_int("vpns_cli0", 245, 1, 254);
i_cli1 = nvram_safe_get_int("vpns_cli1", 254, 2, 254);
if (i_cli0 >= (int)lsnet) i_cli0 = (int)(lsnet - 1);
if (i_cli1 > (int)lsnet) i_cli1 = (int)lsnet;
if (i_cli1 <= i_cli0) i_cli1 = i_cli0 + 1;
laddr = (laddr & lmask) | (unsigned int)i_cli0;
i_cli0 += 1;
} else {
laddr = ntohl(inet_addr(nvram_safe_get("vpns_vnet")));
lmask = ntohl(inet_addr(VPN_SERVER_SUBNET_MASK));
laddr = (laddr & lmask) | 1;
i_cli0 = 2;
i_cli1 = i_cli0 + MAX_CLIENTS_NUM - 1;
}
if (i_type != 1) {
if (!(fp = fopen(vpns_cfg, "w")))
return -1;
fprintf(fp, "option %s\n", VPN_SERVER_PPPD_OPTIONS);
fprintf(fp, "connections %d\n", MAX_CLIENTS_NUM);
pool_in.s_addr = htonl(laddr);
fprintf(fp, "localip %s\n", inet_ntoa(pool_in));
pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli0);
fprintf(fp, "remoteip %s-%d\n", inet_ntoa(pool_in), i_cli1);
fclose(fp);
chmod(vpns_cfg, 0644);
}
create_vpns_pppd_options(i_type);
/* create /tmp/ppp/chap-secrets */
fp = fopen(vpns_sec, "w+");
if (fp) {
char *acl_user, *acl_pass;
char acl_user_var[32], acl_pass_var[32], acl_addr_var[32];
int i_cli2;
int i_max = nvram_get_int("vpns_num_x");
if (i_max > MAX_CLIENTS_NUM) i_max = MAX_CLIENTS_NUM;
for (i = 0; i < i_max; i++) {
sprintf(acl_user_var, "vpns_user_x%d", i);
sprintf(acl_pass_var, "vpns_pass_x%d", i);
acl_user = nvram_safe_get(acl_user_var);
acl_pass = nvram_safe_get(acl_pass_var);
if (*acl_user && *acl_pass) {
sprintf(acl_addr_var, "vpns_addr_x%d", i);
i_cli2 = nvram_get_int(acl_addr_var);
if (i_cli2 >= i_cli0 && i_cli2 <= i_cli1 ) {
pool_in.s_addr = htonl((laddr & lmask) | (unsigned int)i_cli2);
strcpy(acl_addr_var, inet_ntoa(pool_in));
} else
strcpy(acl_addr_var, "*");
fprintf(fp, "\"%s\" * \"%s\" %s\n", acl_user, acl_pass, acl_addr_var);
}
}
fclose(fp);
chmod(vpns_sec, 0600);
}
if (i_type == 1) {
nvram_set_int_temp("l2tp_srv_t", 1);
safe_start_xl2tpd();
} else {
nvram_set_int_temp("l2tp_srv_t", 0);
/* execute pptpd daemon */
return eval("/usr/sbin/pptpd", "-c", vpns_cfg);
}
return 0;
}
