aiden
/
freshtomato-arm
mirror of https://bitbucket.org/pedro311/freshtomato-arm
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

rc: openvpn.c: use getNVRAMVar() where possible; use already defined const as a size of buffer

Browse Source
arm-master
pedro 5 months ago
parent 907ef34676
commit 6aaba02cf0
1 changed files with 109 additions and 145 deletions
Show Stats Download Patch File Download Diff File

254
release/src-rt-6.x.4708/router/rc/openvpn.c
Unescape Escape View File

@ -333,13 +333,13 @@ void start_ovpn_client(int unit)
#endif #endif
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpnclient%d", unit); snprintf(buffer, BUF_SIZE, "vpnclient%d", unit);
if (serialize_restart(buffer, 1)) if (serialize_restart(buffer, 1))
return; return;
/* Determine interface */ /* Determine interface */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_client%d_if", unit); snprintf(buffer, BUF_SIZE, "vpn_client%d_if", unit);
if (nvram_contains_word(buffer, "tap")) if (nvram_contains_word(buffer, "tap"))
if_type = OVPN_IF_TAP; if_type = OVPN_IF_TAP;
else if (nvram_contains_word(buffer, "tun")) else if (nvram_contains_word(buffer, "tun"))
@ -354,7 +354,7 @@ void start_ovpn_client(int unit)
/* Determine encryption mode */ /* Determine encryption mode */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_client%d_crypt", unit); snprintf(buffer, BUF_SIZE, "vpn_client%d_crypt", unit);
if (nvram_contains_word(buffer, "tls")) if (nvram_contains_word(buffer, "tls"))
auth_mode = OVPN_AUTH_TLS; auth_mode = OVPN_AUTH_TLS;
else if (nvram_contains_word(buffer, "secret")) else if (nvram_contains_word(buffer, "secret"))
@ -367,15 +367,11 @@ void start_ovpn_client(int unit)
} }
/* Determine if we should bridge the tunnel */ /* Determine if we should bridge the tunnel */
memset(buffer, 0, BUF_SIZE); if (if_type == OVPN_IF_TAP && atoi(getNVRAMVar("vpn_client%d_bridge", unit)) == 1)
snprintf(buffer, sizeof(buffer), "vpn_client%d_bridge", unit);
if (if_type == OVPN_IF_TAP && nvram_get_int(buffer) == 1)
route_mode = BRIDGE; route_mode = BRIDGE;
/* Determine if we should NAT the tunnel */ /* Determine if we should NAT the tunnel */
memset(buffer, 0, BUF_SIZE); if (((if_type == OVPN_IF_TUN) || (route_mode != BRIDGE)) && atoi(getNVRAMVar("vpn_client%d_nat", unit)) == 1)
snprintf(buffer, sizeof(buffer), "vpn_client%d_nat", unit);
if (((if_type == OVPN_IF_TUN) || (route_mode != BRIDGE)) && nvram_get_int(buffer) == 1)
route_mode = NAT; route_mode = NAT;
/* Setup directories and symlinks */ /* Setup directories and symlinks */
@ -392,7 +388,7 @@ void start_ovpn_client(int unit)
/* Build and write config file */ /* Build and write config file */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/client%d/config.ovpn", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/client%d/config.ovpn", unit);
fp = fopen(buffer, "w"); fp = fopen(buffer, "w");
chmod(buffer, (S_IRUSR | S_IWUSR)); chmod(buffer, (S_IRUSR | S_IWUSR));
@ -424,9 +420,7 @@ void start_ovpn_client(int unit)
fprintf(fp, "%s\n", getNVRAMVar("vpn_client%d_nm", unit)); fprintf(fp, "%s\n", getNVRAMVar("vpn_client%d_nm", unit));
} }
memset(buffer, 0, BUF_SIZE); if ((nvi = atoi(getNVRAMVar("vpn_client%d_retry", unit))) >= 0)
snprintf(buffer, sizeof(buffer), "vpn_client%d_retry", unit);
if ((nvi = nvram_get_int(buffer)) >= 0)
fprintf(fp, "resolv-retry %d\n", nvi); fprintf(fp, "resolv-retry %d\n", nvi);
else else
fprintf(fp, "resolv-retry infinite\n"); fprintf(fp, "resolv-retry infinite\n");
@ -434,14 +428,12 @@ void start_ovpn_client(int unit)
if ((nvl = atol(getNVRAMVar("vpn_client%d_reneg", unit))) >= 0) if ((nvl = atol(getNVRAMVar("vpn_client%d_reneg", unit))) >= 0)
fprintf(fp, "reneg-sec %ld\n", nvl); fprintf(fp, "reneg-sec %ld\n", nvl);
memset(buffer, 0, BUF_SIZE); if (atoi(getNVRAMVar("vpn_client%d_nobind", unit)) > 0)
snprintf(buffer, sizeof(buffer), "vpn_client%d_nobind", unit);
if (nvram_get_int(buffer) > 0)
fprintf(fp, "nobind\n"); fprintf(fp, "nobind\n");
/* Compression */ /* Compression */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
strlcpy(buffer, getNVRAMVar("vpn_client%d_comp", unit), sizeof(buffer)); strlcpy(buffer, getNVRAMVar("vpn_client%d_comp", unit), BUF_SIZE);
if (strcmp(buffer, "-1")) { if (strcmp(buffer, "-1")) {
#ifndef TCONFIG_OPTIMIZE_SIZE_MORE #ifndef TCONFIG_OPTIMIZE_SIZE_MORE
if ((!strcmp(buffer, "lz4")) || (!strcmp(buffer, "lz4-v2"))) if ((!strcmp(buffer, "lz4")) || (!strcmp(buffer, "lz4-v2")))
@ -462,7 +454,7 @@ void start_ovpn_client(int unit)
/* Cipher */ /* Cipher */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
strlcpy(buffer, getNVRAMVar("vpn_client%d_ncp_ciphers", unit), sizeof(buffer)); strlcpy(buffer, getNVRAMVar("vpn_client%d_ncp_ciphers", unit), BUF_SIZE);
if (auth_mode == OVPN_AUTH_TLS) { if (auth_mode == OVPN_AUTH_TLS) {
if (buffer[0] != '\0') if (buffer[0] != '\0')
#ifndef TCONFIG_OPTIMIZE_SIZE_MORE #ifndef TCONFIG_OPTIMIZE_SIZE_MORE
@ -475,7 +467,7 @@ void start_ovpn_client(int unit)
else { /* SECRET/CUSTOM */ else { /* SECRET/CUSTOM */
#endif #endif
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_client%d_cipher", unit); snprintf(buffer, BUF_SIZE, "vpn_client%d_cipher", unit);
if (!nvram_contains_word(buffer, "default")) if (!nvram_contains_word(buffer, "default"))
fprintf(fp, "cipher %s\n", nvram_safe_get(buffer)); fprintf(fp, "cipher %s\n", nvram_safe_get(buffer));
#ifndef TCONFIG_OPTIMIZE_SIZE_MORE #ifndef TCONFIG_OPTIMIZE_SIZE_MORE
@ -484,14 +476,12 @@ void start_ovpn_client(int unit)
/* Digest */ /* Digest */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_client%d_digest", unit); snprintf(buffer, BUF_SIZE, "vpn_client%d_digest", unit);
if (!nvram_contains_word(buffer, "default")) if (!nvram_contains_word(buffer, "default"))
fprintf(fp, "auth %s\n", nvram_safe_get(buffer)); fprintf(fp, "auth %s\n", nvram_safe_get(buffer));
/* Routing */ /* Routing */
memset(buffer, 0, BUF_SIZE); nvi = atoi(getNVRAMVar("vpn_client%d_rgw", unit));
snprintf(buffer, sizeof(buffer), "vpn_client%d_rgw", unit);
nvi = nvram_get_int(buffer);
if (nvi == OVPN_RGW_ALL) { if (nvi == OVPN_RGW_ALL) {
if (if_type == OVPN_IF_TAP && getNVRAMVar("vpn_client%d_gw", unit)[0] != '\0') if (if_type == OVPN_IF_TAP && getNVRAMVar("vpn_client%d_gw", unit)[0] != '\0')
@ -511,11 +501,10 @@ void start_ovpn_client(int unit)
"route-pre-down vpnrouting.sh\n"); "route-pre-down vpnrouting.sh\n");
if (auth_mode == OVPN_AUTH_TLS) { if (auth_mode == OVPN_AUTH_TLS) {
nvi = atoi(getNVRAMVar("vpn_client%d_hmac", unit));
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_client%d_hmac", unit); snprintf(buffer, BUF_SIZE, "vpn_client%d_static", unit);
nvi = nvram_get_int(buffer);
memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_client%d_static", unit);
if (!nvram_is_empty(buffer) && nvi >= 0) { if (!nvram_is_empty(buffer) && nvi >= 0) {
if (nvi == 3) if (nvi == 3)
@ -533,25 +522,23 @@ void start_ovpn_client(int unit)
} }
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_client%d_ca", unit); snprintf(buffer, BUF_SIZE, "vpn_client%d_ca", unit);
if (!nvram_is_empty(buffer)) if (!nvram_is_empty(buffer))
fprintf(fp, "ca ca.crt\n"); fprintf(fp, "ca ca.crt\n");
if (!useronly) { if (!useronly) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_client%d_crt", unit); snprintf(buffer, BUF_SIZE, "vpn_client%d_crt", unit);
if (!nvram_is_empty(buffer)) if (!nvram_is_empty(buffer))
fprintf(fp, "cert client.crt\n"); fprintf(fp, "cert client.crt\n");
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_client%d_key", unit); snprintf(buffer, BUF_SIZE, "vpn_client%d_key", unit);
if (!nvram_is_empty(buffer)) if (!nvram_is_empty(buffer))
fprintf(fp, "key client.key\n"); fprintf(fp, "key client.key\n");
} }
memset(buffer, 0, BUF_SIZE); if (atoi(getNVRAMVar("vpn_client%d_tlsremote", unit)))
snprintf(buffer, sizeof(buffer), "vpn_client%d_tlsremote", unit);
if (nvram_get_int(buffer))
fprintf(fp, "remote-cert-tls server\n"); fprintf(fp, "remote-cert-tls server\n");
if ((nvi = atoi(getNVRAMVar("vpn_client%d_tlsvername", unit))) > 0) { if ((nvi = atoi(getNVRAMVar("vpn_client%d_tlsvername", unit))) > 0) {
@ -569,7 +556,7 @@ void start_ovpn_client(int unit)
} }
else if (auth_mode == OVPN_AUTH_STATIC) { else if (auth_mode == OVPN_AUTH_STATIC) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_client%d_static", unit); snprintf(buffer, BUF_SIZE, "vpn_client%d_static", unit);
if (!nvram_is_empty(buffer)) if (!nvram_is_empty(buffer))
fprintf(fp, "secret static.key\n"); fprintf(fp, "secret static.key\n");
@ -587,10 +574,10 @@ void start_ovpn_client(int unit)
/* Write certification and key files */ /* Write certification and key files */
if (auth_mode == OVPN_AUTH_TLS) { if (auth_mode == OVPN_AUTH_TLS) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_client%d_ca", unit); snprintf(buffer, BUF_SIZE, "vpn_client%d_ca", unit);
if (!nvram_is_empty(buffer)) { if (!nvram_is_empty(buffer)) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/client%d/ca.crt", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/client%d/ca.crt", unit);
fp = fopen(buffer, "w"); fp = fopen(buffer, "w");
chmod(buffer, (S_IRUSR | S_IWUSR)); chmod(buffer, (S_IRUSR | S_IWUSR));
fprintf(fp, "%s", getNVRAMVar("vpn_client%d_ca", unit)); fprintf(fp, "%s", getNVRAMVar("vpn_client%d_ca", unit));
@ -599,10 +586,10 @@ void start_ovpn_client(int unit)
if (!useronly) { if (!useronly) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_client%d_key", unit); snprintf(buffer, BUF_SIZE, "vpn_client%d_key", unit);
if (!nvram_is_empty(buffer)) { if (!nvram_is_empty(buffer)) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/client%d/client.key", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/client%d/client.key", unit);
fp = fopen(buffer, "w"); fp = fopen(buffer, "w");
chmod(buffer, (S_IRUSR | S_IWUSR)); chmod(buffer, (S_IRUSR | S_IWUSR));
fprintf(fp, "%s", getNVRAMVar("vpn_client%d_key", unit)); fprintf(fp, "%s", getNVRAMVar("vpn_client%d_key", unit));
@ -610,10 +597,10 @@ void start_ovpn_client(int unit)
} }
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_client%d_crt", unit); snprintf(buffer, BUF_SIZE, "vpn_client%d_crt", unit);
if (!nvram_is_empty(buffer)) { if (!nvram_is_empty(buffer)) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/client%d/client.crt", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/client%d/client.crt", unit);
fp = fopen(buffer, "w"); fp = fopen(buffer, "w");
chmod(buffer, (S_IRUSR | S_IWUSR)); chmod(buffer, (S_IRUSR | S_IWUSR));
fprintf(fp, "%s", getNVRAMVar("vpn_client%d_crt", unit)); fprintf(fp, "%s", getNVRAMVar("vpn_client%d_crt", unit));
@ -622,7 +609,7 @@ void start_ovpn_client(int unit)
} }
if (userauth) { if (userauth) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/client%d/up", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/client%d/up", unit);
fp = fopen(buffer, "w"); fp = fopen(buffer, "w");
chmod(buffer, (S_IRUSR | S_IWUSR)); chmod(buffer, (S_IRUSR | S_IWUSR));
fprintf(fp, "%s\n", getNVRAMVar("vpn_client%d_username", unit)); fprintf(fp, "%s\n", getNVRAMVar("vpn_client%d_username", unit));
@ -630,14 +617,13 @@ void start_ovpn_client(int unit)
fclose(fp); fclose(fp);
} }
} }
memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_client%d_hmac", unit); if ((auth_mode == OVPN_AUTH_STATIC) || (auth_mode == OVPN_AUTH_TLS && atoi(getNVRAMVar("vpn_client%d_hmac", unit)) >= 0)) {
if ((auth_mode == OVPN_AUTH_STATIC) || (auth_mode == OVPN_AUTH_TLS && nvram_get_int(buffer) >= 0)) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_client%d_static", unit); snprintf(buffer, BUF_SIZE, "vpn_client%d_static", unit);
if (!nvram_is_empty(buffer)) { if (!nvram_is_empty(buffer)) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/client%d/static.key", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/client%d/static.key", unit);
fp = fopen(buffer, "w"); fp = fopen(buffer, "w");
chmod(buffer, (S_IRUSR | S_IWUSR)); chmod(buffer, (S_IRUSR | S_IWUSR));
fprintf(fp, "%s", getNVRAMVar("vpn_client%d_static", unit)); fprintf(fp, "%s", getNVRAMVar("vpn_client%d_static", unit));
@ -647,21 +633,20 @@ void start_ovpn_client(int unit)
/* Handle firewall rules if appropriate */ /* Handle firewall rules if appropriate */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_client%d_firewall", unit); snprintf(buffer, BUF_SIZE, "vpn_client%d_firewall", unit);
if (!nvram_contains_word(buffer, "custom")) { if (!nvram_contains_word(buffer, "custom")) {
chains_log_detection(); chains_log_detection();
/* Create firewall rules */ /* Create firewall rules */
mkdir(OVPN_DIR"/fw", 0700); mkdir(OVPN_DIR"/fw", 0700);
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/fw/client%d-fw.sh", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/fw/client%d-fw.sh", unit);
fp = fopen(buffer, "w"); fp = fopen(buffer, "w");
chmod(buffer, (S_IRUSR | S_IWUSR | S_IXUSR)); chmod(buffer, (S_IRUSR | S_IWUSR | S_IXUSR));
fprintf(fp, "#!/bin/sh\n"); fprintf(fp, "#!/bin/sh\n");
memset(buffer, 0, BUF_SIZE); nvi = atoi(getNVRAMVar("vpn_client%d_fw", unit));
snprintf(buffer, sizeof(buffer), "vpn_client%d_fw", unit);
nvi = nvram_get_int(buffer);
fprintf(fp, "iptables -I INPUT -i %s -m state --state NEW -j %s\n" fprintf(fp, "iptables -I INPUT -i %s -m state --state NEW -j %s\n"
"iptables -I FORWARD -i %s -m state --state NEW -j %s\n" "iptables -I FORWARD -i %s -m state --state NEW -j %s\n"
"iptables -I FORWARD -o %s -j ACCEPT\n", "iptables -I FORWARD -o %s -j ACCEPT\n",
@ -689,9 +674,7 @@ void start_ovpn_client(int unit)
} }
#endif #endif
memset(buffer, 0, BUF_SIZE); nvi = atoi(getNVRAMVar("vpn_client%d_rgw", unit));
snprintf(buffer, sizeof(buffer), "vpn_client%d_rgw", unit);
nvi = nvram_get_int(buffer);
if (nvi >= OVPN_RGW_POLICY) { if (nvi >= OVPN_RGW_POLICY) {
/* Disable rp_filter when in policy mode */ /* Disable rp_filter when in policy mode */
fprintf(fp, "echo 0 > /proc/sys/net/ipv4/conf/%s/rp_filter\n" fprintf(fp, "echo 0 > /proc/sys/net/ipv4/conf/%s/rp_filter\n"
@ -714,7 +697,7 @@ void start_ovpn_client(int unit)
/* firewall rules */ /* firewall rules */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/fw/client%d-fw.sh", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/fw/client%d-fw.sh", unit);
/* first remove existing firewall rule(s) */ /* first remove existing firewall rule(s) */
run_del_firewall_script(buffer, OVPN_DIR_DEL_SCRIPT); run_del_firewall_script(buffer, OVPN_DIR_DEL_SCRIPT);
@ -728,7 +711,7 @@ void start_ovpn_client(int unit)
/* Start the VPN client */ /* Start the VPN client */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/vpnclient%d", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/vpnclient%d", unit);
memset(buffer2, 0, sizeof(buffer2)); memset(buffer2, 0, sizeof(buffer2));
snprintf(buffer2, sizeof(buffer2), OVPN_DIR"/client%d", unit); snprintf(buffer2, sizeof(buffer2), OVPN_DIR"/client%d", unit);
@ -751,7 +734,7 @@ void start_ovpn_client(int unit)
ovpn_setup_watchdog(OVPN_TYPE_CLIENT, unit); ovpn_setup_watchdog(OVPN_TYPE_CLIENT, unit);
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_client%d", unit); snprintf(buffer, BUF_SIZE, "vpn_client%d", unit);
allow_fastnat(buffer, 0); allow_fastnat(buffer, 0);
try_enabling_fastnat(); try_enabling_fastnat();
} }
@ -761,32 +744,32 @@ void stop_ovpn_client(int unit)
char buffer[BUF_SIZE]; char buffer[BUF_SIZE];
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpnclient%d", unit); snprintf(buffer, BUF_SIZE, "vpnclient%d", unit);
if (serialize_restart(buffer, 0)) if (serialize_restart(buffer, 0))
return; return;
/* Remove cron job */ /* Remove cron job */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "CheckVPNclient%d", unit); snprintf(buffer, BUF_SIZE, "CheckVPNclient%d", unit);
eval("cru", "d", buffer); eval("cru", "d", buffer);
/* Stop the VPN client */ /* Stop the VPN client */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpnclient%d", unit); snprintf(buffer, BUF_SIZE, "vpnclient%d", unit);
killall_and_waitfor(buffer, 5, 50); killall_and_waitfor(buffer, 5, 50);
ovpn_remove_iface(OVPN_TYPE_CLIENT, unit); ovpn_remove_iface(OVPN_TYPE_CLIENT, unit);
/* Remove firewall rules after VPN exit */ /* Remove firewall rules after VPN exit */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/fw/client%d-fw.sh", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/fw/client%d-fw.sh", unit);
run_del_firewall_script(buffer, OVPN_DIR_DEL_SCRIPT); run_del_firewall_script(buffer, OVPN_DIR_DEL_SCRIPT);
/* Delete all files for this client */ /* Delete all files for this client */
ovpn_cleanup_dirs(OVPN_TYPE_CLIENT, unit); ovpn_cleanup_dirs(OVPN_TYPE_CLIENT, unit);
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_client%d", unit); snprintf(buffer, BUF_SIZE, "vpn_client%d", unit);
allow_fastnat(buffer, 1); allow_fastnat(buffer, 1);
try_enabling_fastnat(); try_enabling_fastnat();
} }
@ -818,13 +801,13 @@ void start_ovpn_server(int unit)
#endif #endif
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpnserver%d", unit); snprintf(buffer, BUF_SIZE, "vpnserver%d", unit);
if (serialize_restart(buffer, 1)) if (serialize_restart(buffer, 1))
return; return;
/* Determine interface */ /* Determine interface */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_if", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_if", unit);
if (nvram_contains_word(buffer, "tap")) if (nvram_contains_word(buffer, "tap"))
if_type = OVPN_IF_TAP; if_type = OVPN_IF_TAP;
else if (nvram_contains_word(buffer, "tun")) else if (nvram_contains_word(buffer, "tun"))
@ -839,7 +822,7 @@ void start_ovpn_server(int unit)
/* Determine encryption mode */ /* Determine encryption mode */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_crypt", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_crypt", unit);
if (nvram_contains_word(buffer, "tls")) if (nvram_contains_word(buffer, "tls"))
auth_mode = OVPN_AUTH_TLS; auth_mode = OVPN_AUTH_TLS;
else if (nvram_contains_word(buffer, "secret")) else if (nvram_contains_word(buffer, "secret"))
@ -865,12 +848,10 @@ void start_ovpn_server(int unit)
/* Build and write config files */ /* Build and write config files */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/server%d/config.ovpn", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/server%d/config.ovpn", unit);
fp = fopen(buffer, "w"); fp = fopen(buffer, "w");
chmod(buffer, (S_IRUSR | S_IWUSR)); chmod(buffer, (S_IRUSR | S_IWUSR));
memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_port", unit);
fprintf(fp, "# Generated Configuration\n" fprintf(fp, "# Generated Configuration\n"
"daemon openvpn-server%d\n" "daemon openvpn-server%d\n"
"port %d\n" "port %d\n"
@ -879,7 +860,7 @@ void start_ovpn_server(int unit)
"keepalive 15 60\n" "keepalive 15 60\n"
"verb 3\n", "verb 3\n",
unit, unit,
nvram_get_int(buffer), atoi(getNVRAMVar("vpn_server%d_port", unit)),
iface); iface);
#ifndef TCONFIG_OPTIMIZE_SIZE_MORE #ifndef TCONFIG_OPTIMIZE_SIZE_MORE
@ -892,11 +873,10 @@ void start_ovpn_server(int unit)
} }
else if (if_type == OVPN_IF_TAP) { else if (if_type == OVPN_IF_TAP) {
fprintf(fp, "server-bridge"); fprintf(fp, "server-bridge");
memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_dhcp", unit); if (atoi(getNVRAMVar("vpn_server%d_dhcp", unit)) == 0) {
if (nvram_get_int(buffer) == 0) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_br", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_br", unit);
if (nvram_contains_word(buffer, "br1")) { if (nvram_contains_word(buffer, "br1")) {
br_ipaddr = nvram_get("lan1_ipaddr"); br_ipaddr = nvram_get("lan1_ipaddr");
br_netmask = nvram_get("lan1_netmask"); br_netmask = nvram_get("lan1_netmask");
@ -940,14 +920,14 @@ void start_ovpn_server(int unit)
mwan_num = 1; mwan_num = 1;
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_proto", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_proto", unit);
fprintf(fp, "proto %s\n", nvram_safe_get(buffer)); /* full dual-stack functionality starting with OpenVPN 2.4.0 */ fprintf(fp, "proto %s\n", nvram_safe_get(buffer)); /* full dual-stack functionality starting with OpenVPN 2.4.0 */
if (nvram_contains_word(buffer, "udp") && mwan_num > 1) /* udp/udp4/udp6 - only if multiwan */ if (nvram_contains_word(buffer, "udp") && mwan_num > 1) /* udp/udp4/udp6 - only if multiwan */
fprintf(fp, "multihome\n"); fprintf(fp, "multihome\n");
/* Cipher */ /* Cipher */
strlcpy(buffer, getNVRAMVar("vpn_server%d_ncp_ciphers", unit), sizeof(buffer)); strlcpy(buffer, getNVRAMVar("vpn_server%d_ncp_ciphers", unit), BUF_SIZE);
#ifndef TCONFIG_OPTIMIZE_SIZE_MORE #ifndef TCONFIG_OPTIMIZE_SIZE_MORE
if (auth_mode == OVPN_AUTH_TLS) { if (auth_mode == OVPN_AUTH_TLS) {
if (buffer[0] != '\0') if (buffer[0] != '\0')
@ -957,20 +937,20 @@ void start_ovpn_server(int unit)
#endif #endif
{ /* SECRET/CUSTOM */ { /* SECRET/CUSTOM */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_cipher", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_cipher", unit);
if (!nvram_contains_word(buffer, "default")) if (!nvram_contains_word(buffer, "default"))
fprintf(fp, "cipher %s\n", nvram_safe_get(buffer)); fprintf(fp, "cipher %s\n", nvram_safe_get(buffer));
} }
/* Digest */ /* Digest */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_digest", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_digest", unit);
if (!nvram_contains_word(buffer, "default")) if (!nvram_contains_word(buffer, "default"))
fprintf(fp, "auth %s\n", nvram_safe_get(buffer)); fprintf(fp, "auth %s\n", nvram_safe_get(buffer));
/* Compression */ /* Compression */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
strlcpy(buffer, getNVRAMVar("vpn_server%d_comp", unit), sizeof(buffer)); strlcpy(buffer, getNVRAMVar("vpn_server%d_comp", unit), BUF_SIZE);
if (strcmp(buffer, "-1")) { if (strcmp(buffer, "-1")) {
#ifndef TCONFIG_OPTIMIZE_SIZE_MORE #ifndef TCONFIG_OPTIMIZE_SIZE_MORE
if (!strcmp(buffer, "lz4") || !strcmp(buffer, "lz4-v2")) if (!strcmp(buffer, "lz4") || !strcmp(buffer, "lz4-v2"))
@ -994,7 +974,7 @@ void start_ovpn_server(int unit)
/* push LANs */ /* push LANs */
for (i = 0; i < BRIDGE_COUNT; i++) { for (i = 0; i < BRIDGE_COUNT; i++) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), (i == 0 ? "vpn_server%d_plan" : "vpn_server%d_plan%d"), unit, i); snprintf(buffer, BUF_SIZE, (i == 0 ? "vpn_server%d_plan" : "vpn_server%d_plan%d"), unit, i);
if (nvram_get_int(buffer)) { if (nvram_get_int(buffer)) {
int ret3 = 0, ret4 = 0; int ret3 = 0, ret4 = 0;
@ -1008,29 +988,23 @@ void start_ovpn_server(int unit)
} }
} }
memset(buffer, 0, BUF_SIZE); if (atoi(getNVRAMVar("vpn_server%d_ccd", unit))) {
snprintf(buffer, sizeof(buffer), "vpn_server%d_ccd", unit);
if (nvram_get_int(buffer)) {
fprintf(fp, "client-config-dir ccd\n"); fprintf(fp, "client-config-dir ccd\n");
memset(buffer, 0, BUF_SIZE); if ((c2c = atoi(getNVRAMVar("vpn_server%d_c2c", unit))))
snprintf(buffer, sizeof(buffer), "vpn_server%d_c2c", unit);
if ((c2c = nvram_get_int(buffer)))
fprintf(fp, "client-to-client\n"); fprintf(fp, "client-to-client\n");
memset(buffer, 0, BUF_SIZE); if (atoi(getNVRAMVar("vpn_server%d_ccd_excl", unit)))
snprintf(buffer, sizeof(buffer), "vpn_server%d_ccd_excl", unit);
if (nvram_get_int(buffer))
fprintf(fp, "ccd-exclusive\n"); fprintf(fp, "ccd-exclusive\n");
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/server%d/ccd", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/server%d/ccd", unit);
mkdir(buffer, 0700); mkdir(buffer, 0700);
chdir(buffer); chdir(buffer);
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_ccd_val", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_ccd_val", unit);
strlcpy(buffer, nvram_safe_get(buffer), sizeof(buffer)); strlcpy(buffer, nvram_safe_get(buffer), BUF_SIZE);
chp = strtok(buffer, ">"); chp = strtok(buffer, ">");
while (chp != NULL) { while (chp != NULL) {
nvi = strlen(chp); nvi = strlen(chp);
@ -1084,24 +1058,18 @@ void start_ovpn_server(int unit)
logmsg(LOG_DEBUG, "*** %s: CCD processing complete", __FUNCTION__); logmsg(LOG_DEBUG, "*** %s: CCD processing complete", __FUNCTION__);
} }
memset(buffer, 0, BUF_SIZE); if (atoi(getNVRAMVar("vpn_server%d_userpass", unit))) {
snprintf(buffer, sizeof(buffer), "vpn_server%d_userpass", unit);
if (nvram_get_int(buffer)) {
fprintf(fp, "plugin /lib/openvpn_plugin_auth_nvram.so vpn_server%d_users_val\n" fprintf(fp, "plugin /lib/openvpn_plugin_auth_nvram.so vpn_server%d_users_val\n"
"script-security 2\n", "script-security 2\n",
unit); unit);
memset(buffer, 0, BUF_SIZE); if (atoi(getNVRAMVar("vpn_server%d_nocert", unit))) {
snprintf(buffer, sizeof(buffer), "vpn_server%d_nocert", unit);
if (nvram_get_int(buffer)) {
fprintf(fp, "verify-client-cert optional\n" fprintf(fp, "verify-client-cert optional\n"
"username-as-common-name\n"); "username-as-common-name\n");
} }
} }
memset(buffer, 0, BUF_SIZE); if (atoi(getNVRAMVar("vpn_server%d_pdns", unit))) {
snprintf(buffer, sizeof(buffer), "vpn_server%d_pdns", unit);
if (nvram_get_int(buffer)) {
if (nvram_safe_get("wan_domain")[0] != '\0') if (nvram_safe_get("wan_domain")[0] != '\0')
fprintf(fp, "push \"dhcp-option DOMAIN %s\"\n", nvram_safe_get("wan_domain")); fprintf(fp, "push \"dhcp-option DOMAIN %s\"\n", nvram_safe_get("wan_domain"));
if ((nvram_safe_get("wan_wins")[0] != '\0' && strcmp(nvram_safe_get("wan_wins"), "0.0.0.0") != 0)) if ((nvram_safe_get("wan_wins")[0] != '\0' && strcmp(nvram_safe_get("wan_wins"), "0.0.0.0") != 0))
@ -1111,7 +1079,7 @@ void start_ovpn_server(int unit)
for (i = 0; i < BRIDGE_COUNT; i++) { for (i = 0; i < BRIDGE_COUNT; i++) {
if (push_lan[i] == 1) { /* push IPv4 LANx DNS */ if (push_lan[i] == 1) { /* push IPv4 LANx DNS */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), (i == 0 ? "lan_ipaddr" : "lan%d_ipaddr"), i); snprintf(buffer, BUF_SIZE, (i == 0 ? "lan_ipaddr" : "lan%d_ipaddr"), i);
fprintf(fp, "push \"dhcp-option DNS %s\"\n", nvram_safe_get(buffer)); fprintf(fp, "push \"dhcp-option DNS %s\"\n", nvram_safe_get(buffer));
dont_push_active = 1; dont_push_active = 1;
} }
@ -1121,7 +1089,7 @@ void start_ovpn_server(int unit)
if (dont_push_active == 0) { if (dont_push_active == 0) {
for (i = 0; i < BRIDGE_COUNT; i++) { for (i = 0; i < BRIDGE_COUNT; i++) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), (i == 0 ? "lan_ipaddr" : "lan%d_ipaddr"), i); snprintf(buffer, BUF_SIZE, (i == 0 ? "lan_ipaddr" : "lan%d_ipaddr"), i);
if (strcmp(nvram_safe_get(buffer), "") != 0) { if (strcmp(nvram_safe_get(buffer), "") != 0) {
fprintf(fp, "push \"dhcp-option DNS %s\"\n", nvram_safe_get(buffer)); fprintf(fp, "push \"dhcp-option DNS %s\"\n", nvram_safe_get(buffer));
break; break;
@ -1130,9 +1098,7 @@ void start_ovpn_server(int unit)
} }
} }
memset(buffer, 0, BUF_SIZE); if (atoi(getNVRAMVar("vpn_server%d_rgw", unit))) {
snprintf(buffer, sizeof(buffer), "vpn_server%d_rgw", unit);
if (nvram_get_int(buffer)) {
if (if_type == OVPN_IF_TAP) if (if_type == OVPN_IF_TAP)
fprintf(fp, "push \"route-gateway %s\"\n", nvram_safe_get("lan_ipaddr")); fprintf(fp, "push \"route-gateway %s\"\n", nvram_safe_get("lan_ipaddr"));
fprintf(fp, "push \"redirect-gateway def1\"\n"); fprintf(fp, "push \"redirect-gateway def1\"\n");
@ -1140,7 +1106,7 @@ void start_ovpn_server(int unit)
nvi = atoi(getNVRAMVar("vpn_server%d_hmac", unit)); nvi = atoi(getNVRAMVar("vpn_server%d_hmac", unit));
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_static", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_static", unit);
if (!nvram_is_empty(buffer) && nvi >= 0) { if (!nvram_is_empty(buffer) && nvi >= 0) {
if (nvi == 3) if (nvi == 3)
fprintf(fp, "tls-crypt static.key"); fprintf(fp, "tls-crypt static.key");
@ -1155,28 +1121,28 @@ void start_ovpn_server(int unit)
} }
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_ca", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_ca", unit);
if (!nvram_is_empty(buffer)) if (!nvram_is_empty(buffer))
fprintf(fp, "ca ca.crt\n"); fprintf(fp, "ca ca.crt\n");
nvi = atoi(getNVRAMVar("vpn_server%d_ecdh", unit)); nvi = atoi(getNVRAMVar("vpn_server%d_ecdh", unit));
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_dh", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_dh", unit);
if (!nvram_is_empty(buffer) && nvi == 0) if (!nvram_is_empty(buffer) && nvi == 0)
fprintf(fp, "dh dh.pem\n"); fprintf(fp, "dh dh.pem\n");
else else
fprintf(fp, "dh none\n"); fprintf(fp, "dh none\n");
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_crt", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_crt", unit);
if (!nvram_is_empty(buffer)) if (!nvram_is_empty(buffer))
fprintf(fp, "cert server.crt\n"); fprintf(fp, "cert server.crt\n");
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_crl", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_crl", unit);
if (!nvram_is_empty(buffer)) if (!nvram_is_empty(buffer))
fprintf(fp, "crl-verify crl.pem\n"); fprintf(fp, "crl-verify crl.pem\n");
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_key", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_key", unit);
if (!nvram_is_empty(buffer)) if (!nvram_is_empty(buffer))
fprintf(fp, "key server.key\n"); fprintf(fp, "key server.key\n");
} }
@ -1184,7 +1150,7 @@ void start_ovpn_server(int unit)
#endif #endif
if (auth_mode == OVPN_AUTH_STATIC) { if (auth_mode == OVPN_AUTH_STATIC) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_static", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_static", unit);
if (!nvram_is_empty(buffer)) if (!nvram_is_empty(buffer))
fprintf(fp, "secret static.key\n"); fprintf(fp, "secret static.key\n");
} }
@ -1200,10 +1166,10 @@ void start_ovpn_server(int unit)
#ifndef TCONFIG_OPTIMIZE_SIZE_MORE #ifndef TCONFIG_OPTIMIZE_SIZE_MORE
if (auth_mode == OVPN_AUTH_TLS) { if (auth_mode == OVPN_AUTH_TLS) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_ca", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_ca", unit);
if (!nvram_is_empty(buffer)) { if (!nvram_is_empty(buffer)) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/server%d/ca.crt", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/server%d/ca.crt", unit);
fp = fopen(buffer, "w"); fp = fopen(buffer, "w");
chmod(buffer, (S_IRUSR | S_IWUSR)); chmod(buffer, (S_IRUSR | S_IWUSR));
fprintf(fp, "%s", getNVRAMVar("vpn_server%d_ca", unit)); fprintf(fp, "%s", getNVRAMVar("vpn_server%d_ca", unit));
@ -1211,10 +1177,10 @@ void start_ovpn_server(int unit)
} }
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_key", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_key", unit);
if (!nvram_is_empty(buffer)) { if (!nvram_is_empty(buffer)) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/server%d/server.key", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/server%d/server.key", unit);
fp = fopen(buffer, "w"); fp = fopen(buffer, "w");
chmod(buffer, (S_IRUSR | S_IWUSR)); chmod(buffer, (S_IRUSR | S_IWUSR));
fprintf(fp, "%s", getNVRAMVar("vpn_server%d_key", unit)); fprintf(fp, "%s", getNVRAMVar("vpn_server%d_key", unit));
@ -1222,10 +1188,10 @@ void start_ovpn_server(int unit)
} }
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_crt", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_crt", unit);
if (!nvram_is_empty(buffer)) { if (!nvram_is_empty(buffer)) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/server%d/server.crt", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/server%d/server.crt", unit);
fp = fopen(buffer, "w"); fp = fopen(buffer, "w");
chmod(buffer, (S_IRUSR | S_IWUSR)); chmod(buffer, (S_IRUSR | S_IWUSR));
fprintf(fp, "%s", getNVRAMVar("vpn_server%d_crt", unit)); fprintf(fp, "%s", getNVRAMVar("vpn_server%d_crt", unit));
@ -1233,10 +1199,10 @@ void start_ovpn_server(int unit)
} }
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_crl", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_crl", unit);
if (!nvram_is_empty(buffer)) { if (!nvram_is_empty(buffer)) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/server%d/crl.pem", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/server%d/crl.pem", unit);
fp = fopen(buffer, "w"); fp = fopen(buffer, "w");
chmod(buffer, (S_IRUSR | S_IWUSR)); chmod(buffer, (S_IRUSR | S_IWUSR));
fprintf(fp, "%s", getNVRAMVar("vpn_server%d_crl", unit)); fprintf(fp, "%s", getNVRAMVar("vpn_server%d_crl", unit));
@ -1244,10 +1210,10 @@ void start_ovpn_server(int unit)
} }
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_dh", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_dh", unit);
if (!nvram_is_empty(buffer)) { if (!nvram_is_empty(buffer)) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/server%d/dh.pem", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/server%d/dh.pem", unit);
fp = fopen(buffer, "w"); fp = fopen(buffer, "w");
chmod(buffer, (S_IRUSR | S_IWUSR)); chmod(buffer, (S_IRUSR | S_IWUSR));
fprintf(fp, "%s", getNVRAMVar("vpn_server%d_dh", unit)); fprintf(fp, "%s", getNVRAMVar("vpn_server%d_dh", unit));
@ -1255,14 +1221,12 @@ void start_ovpn_server(int unit)
} }
} }
#endif #endif
memset(buffer, 0, BUF_SIZE); if ((auth_mode == OVPN_AUTH_STATIC) || (auth_mode == OVPN_AUTH_TLS && atoi(getNVRAMVar("vpn_server%d_hmac", unit)) >= 0)) {
snprintf(buffer, sizeof(buffer), "vpn_server%d_hmac", unit);
if ((auth_mode == OVPN_AUTH_STATIC) || (auth_mode == OVPN_AUTH_TLS && nvram_get_int(buffer) >= 0)) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_static", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_static", unit);
if (!nvram_is_empty(buffer)) { if (!nvram_is_empty(buffer)) {
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/server%d/static.key", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/server%d/static.key", unit);
fp = fopen(buffer, "w"); fp = fopen(buffer, "w");
chmod(buffer, (S_IRUSR | S_IWUSR)); chmod(buffer, (S_IRUSR | S_IWUSR));
fprintf(fp, "%s", getNVRAMVar("vpn_server%d_static", unit)); fprintf(fp, "%s", getNVRAMVar("vpn_server%d_static", unit));
@ -1272,14 +1236,14 @@ void start_ovpn_server(int unit)
/* Handle firewall rules if appropriate */ /* Handle firewall rules if appropriate */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_firewall", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_firewall", unit);
if (!nvram_contains_word(buffer, "custom")) { if (!nvram_contains_word(buffer, "custom")) {
chains_log_detection(); chains_log_detection();
/* Create firewall rules */ /* Create firewall rules */
mkdir(OVPN_DIR"/fw", 0700); mkdir(OVPN_DIR"/fw", 0700);
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/fw/server%d-fw.sh", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/fw/server%d-fw.sh", unit);
fp = fopen(buffer, "w"); fp = fopen(buffer, "w");
chmod(buffer, (S_IRUSR | S_IWUSR | S_IXUSR)); chmod(buffer, (S_IRUSR | S_IWUSR | S_IXUSR));
fprintf(fp, "#!/bin/sh\n"); fprintf(fp, "#!/bin/sh\n");
@ -1297,11 +1261,11 @@ void start_ovpn_server(int unit)
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
strncpy(buffer, getNVRAMVar("vpn_server%d_proto", unit), BUF_SIZE); strncpy(buffer, getNVRAMVar("vpn_server%d_proto", unit), BUF_SIZE);
fprintf(fp, "iptables -I INPUT -p %s ", buffer2); fprintf(fp, "iptables -I INPUT -p %s ", buffer2);
fprintf(fp, "--dport %d -j %s\n", atoi(getNVRAMVar("vpn_server%d_port", unit)), chain_in_accept);
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_port", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_firewall", unit);
fprintf(fp, "--dport %d -j %s\n", nvram_get_int(buffer), chain_in_accept);
memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_firewall", unit);
if (!nvram_contains_word(buffer, "external")) { if (!nvram_contains_word(buffer, "external")) {
fprintf(fp, "iptables -I INPUT -i %s -j %s\n" fprintf(fp, "iptables -I INPUT -i %s -j %s\n"
"iptables -I FORWARD -i %s -j ACCEPT\n", "iptables -I FORWARD -i %s -j ACCEPT\n",
@ -1318,11 +1282,11 @@ void start_ovpn_server(int unit)
if (ipv6_enabled()) { if (ipv6_enabled()) {
strncpy(buffer, getNVRAMVar("vpn_server%d_proto", unit), BUF_SIZE); strncpy(buffer, getNVRAMVar("vpn_server%d_proto", unit), BUF_SIZE);
fprintf(fp, "ip6tables -I INPUT -p %s ", buffer2); fprintf(fp, "ip6tables -I INPUT -p %s ", buffer2);
fprintf(fp, "--dport %d -j %s\n", atoi(getNVRAMVar("vpn_server%d_port", unit)), chain_in_accept);
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_port", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d_firewall", unit);
fprintf(fp, "--dport %d -j %s\n", nvram_get_int(buffer), chain_in_accept);
memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d_firewall", unit);
if (!nvram_contains_word(buffer, "external")) { if (!nvram_contains_word(buffer, "external")) {
fprintf(fp, "ip6tables -I INPUT -i %s -j %s\n" fprintf(fp, "ip6tables -I INPUT -i %s -j %s\n"
"ip6tables -I FORWARD -i %s -j ACCEPT\n", "ip6tables -I FORWARD -i %s -j ACCEPT\n",
@ -1336,7 +1300,7 @@ void start_ovpn_server(int unit)
/* firewall rules */ /* firewall rules */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/fw/server%d-fw.sh", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/fw/server%d-fw.sh", unit);
/* first remove existing firewall rule(s) */ /* first remove existing firewall rule(s) */
run_del_firewall_script(buffer, OVPN_DIR_DEL_SCRIPT); run_del_firewall_script(buffer, OVPN_DIR_DEL_SCRIPT);
@ -1347,7 +1311,7 @@ void start_ovpn_server(int unit)
/* Start the VPN server */ /* Start the VPN server */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/vpnserver%d", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/vpnserver%d", unit);
memset(buffer2, 0, sizeof(buffer2)); memset(buffer2, 0, sizeof(buffer2));
snprintf(buffer2, sizeof(buffer2), OVPN_DIR"/server%d", unit); snprintf(buffer2, sizeof(buffer2), OVPN_DIR"/server%d", unit);
@ -1370,7 +1334,7 @@ void start_ovpn_server(int unit)
ovpn_setup_watchdog(OVPN_TYPE_SERVER, unit); ovpn_setup_watchdog(OVPN_TYPE_SERVER, unit);
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d", unit);
allow_fastnat(buffer, 0); allow_fastnat(buffer, 0);
try_enabling_fastnat(); try_enabling_fastnat();
} }
@ -1380,32 +1344,32 @@ void stop_ovpn_server(int unit)
char buffer[BUF_SIZE]; char buffer[BUF_SIZE];
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpnserver%d", unit); snprintf(buffer, BUF_SIZE, "vpnserver%d", unit);
if (serialize_restart(buffer, 0)) if (serialize_restart(buffer, 0))
return; return;
/* Remove cron job */ /* Remove cron job */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "CheckVPNserver%d", unit); snprintf(buffer, BUF_SIZE, "CheckVPNserver%d", unit);
eval("cru", "d", buffer); eval("cru", "d", buffer);
/* Stop the VPN server */ /* Stop the VPN server */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpnserver%d", unit); snprintf(buffer, BUF_SIZE, "vpnserver%d", unit);
killall_and_waitfor(buffer, 5, 50); killall_and_waitfor(buffer, 5, 50);
ovpn_remove_iface(OVPN_TYPE_SERVER, unit); ovpn_remove_iface(OVPN_TYPE_SERVER, unit);
/* Remove firewall rules */ /* Remove firewall rules */
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), OVPN_DIR"/fw/server%d-fw.sh", unit); snprintf(buffer, BUF_SIZE, OVPN_DIR"/fw/server%d-fw.sh", unit);
run_del_firewall_script(buffer, OVPN_DIR_DEL_SCRIPT); run_del_firewall_script(buffer, OVPN_DIR_DEL_SCRIPT);
/* Delete all files for this server */ /* Delete all files for this server */
ovpn_cleanup_dirs(OVPN_TYPE_SERVER, unit); ovpn_cleanup_dirs(OVPN_TYPE_SERVER, unit);
memset(buffer, 0, BUF_SIZE); memset(buffer, 0, BUF_SIZE);
snprintf(buffer, sizeof(buffer), "vpn_server%d", unit); snprintf(buffer, BUF_SIZE, "vpn_server%d", unit);
allow_fastnat(buffer, 1); allow_fastnat(buffer, 1);
try_enabling_fastnat(); try_enabling_fastnat();
} }

Write Preview
Loading…
Cancel
Save