mirror of https://github.com/aredn/aredn.git
bugfix: network and firewall tunnel rules reworked
This commit is contained in:
Darryl Quinn
parent
5dc1d0fa02
commit
807f381a04
|
|
@ -83,9 +83,6 @@ config rule
|
|||
config include
|
||||
option path /etc/firewall.user
|
||||
|
||||
config include
|
||||
option path /etc/firewall.tun
|
||||
|
||||
config rule
|
||||
option src wan
|
||||
option dest_port 2222
|
||||
|
|
|
|||
|
|
@ -42,6 +42,4 @@ config interface dtdlink
|
|||
config interface wifi_mon
|
||||
option proto none
|
||||
|
||||
include /etc/config.mesh/network.tun
|
||||
|
||||
include /etc/aredn_include/swconfig
|
||||
|
|
|
|||
|
|
@ -131,12 +131,15 @@ sub add_network_interfaces() {
|
|||
|
||||
for (my $tunnum=50; $tunnum<=69; $tunnum++)
|
||||
{
|
||||
&uci_add_named_section("network.tun","tun${tunnum}","interface");
|
||||
&uci_set_named_option("network.tun","tun${tunnum}","ifname","tun${tunnum}");
|
||||
&uci_set_named_option("network.tun","tun${tunnum}","proto","none");
|
||||
&uci_add_named_section("network_tun","tun${tunnum}","interface");
|
||||
&uci_set_named_option("network_tun","tun${tunnum}","ifname","tun${tunnum}");
|
||||
&uci_set_named_option("network_tun","tun${tunnum}","proto","none");
|
||||
}
|
||||
&uci_commit("network.tun");
|
||||
&uci_clone("network.tun");
|
||||
&uci_commit("network_tun");
|
||||
&uci_clone("network_tun");
|
||||
# required to support node_setup script
|
||||
system "cat /etc/config.mesh/network_tun >> /etc/config.mesh/network";
|
||||
system "cat /etc/config.mesh/network_tun >> /etc/config/network";
|
||||
}
|
||||
|
||||
#################################
|
||||
|
|
@ -153,14 +156,26 @@ sub check_freespace()
|
|||
# Config firewall to allow port 5525 on WAN interface
|
||||
##########################
|
||||
sub open_5525_on_wan() {
|
||||
my $rc;
|
||||
$rc=&uci_add_sectiontype("firewall.tun","rule");
|
||||
$rc=&uci_set_indexed_option("firewall.tun","rule","-1","src","wan");
|
||||
$rc=&uci_set_indexed_option("firewall.tun","rule","-1","dest_port","5525");
|
||||
$rc=&uci_set_indexed_option("firewall.tun","rule","-1","proto","tcp");
|
||||
$rc=&uci_set_indexed_option("firewall.tun","rule","-1","target","ACCEPT");
|
||||
$rc=&uci_commit("firewall.tun");
|
||||
$rc=&uci_clone("firewall.tun");
|
||||
#my $rc;
|
||||
#$rc=&uci_add_sectiontype("firewall_tun","rule");
|
||||
#$rc=&uci_set_indexed_option("firewall_tun","rule","0","src","wan");
|
||||
#$rc=&uci_set_indexed_option("firewall_tun","rule","0","dest_port","5525");
|
||||
#$rc=&uci_set_indexed_option("firewall_tun","rule","0","proto","tcp");
|
||||
#$rc=&uci_set_indexed_option("firewall_tun","rule","0","target","ACCEPT");
|
||||
#$rc=&uci_commit("firewall_tun");
|
||||
#$rc=&uci_clone("firewall_tun");
|
||||
|
||||
my $filename = '/etc/config/firewall_tun';
|
||||
open(my $fh, '>', $filename) or die "Could not open file '$filename' $!";
|
||||
print $fh "\nconfig rule\n";
|
||||
print $fh " option src 'wan'\n";
|
||||
print $fh " option dest_port '5525'\n";
|
||||
print $fh " option proto 'tcp'\n";
|
||||
print $fh " option target 'ACCEPT'\n";
|
||||
close $fh;
|
||||
system "cp /etc/config/firewall_tun /etc/config.mesh";
|
||||
system "cat /etc/config.mesh/firewall_tun >> /etc/config.mesh/firewall";
|
||||
system "cat /etc/config.mesh/firewall_tun >> /etc/config/firewall";
|
||||
}
|
||||
|
||||
sub vpn_setup_required()
|
||||
|
|
|
|||
|
|
@ -170,6 +170,7 @@ sub uci_add_list_named_option()
|
|||
sub uci_add_named_section()
|
||||
{
|
||||
my ($config,$sname,$stype)=@_;
|
||||
system `touch /etc/config/$config` if (! -f "/etc/config/$config");
|
||||
my $cmd=sprintf('uci set %s.%s=%s',$config,$sname,$stype);
|
||||
#uci set olsrd.tunnelserver=Interface
|
||||
my $res=`$cmd`;
|
||||
|
|
@ -221,6 +222,7 @@ sub uci_set_named_option()
|
|||
return $rc;
|
||||
}
|
||||
|
||||
## issue with multiple sections added!
|
||||
sub uci_set_indexed_option()
|
||||
{
|
||||
my ($config,$stype,$index,$option,$val)=@_;
|
||||
|
|
|
|||
|
|
@ -62,8 +62,6 @@ if($parms{button_install})
|
|||
reboot_required() if($config eq "" or -e "/tmp/reboot-required");
|
||||
&vpn_setup_required("vpn") unless(-e "/usr/sbin/vtund" );
|
||||
|
||||
@active_tun=&get_active_tun();
|
||||
|
||||
#################
|
||||
# If RESET, revert the UCI file
|
||||
#################
|
||||
|
|
@ -204,9 +202,12 @@ if($parms{button_save} and not @cli_err)
|
|||
# Regenerate olsrd files and restart olsrd
|
||||
push(@errors,"Problem restarting olsrd") if system "/etc/init.d/olsrd restart > /dev/null 2>&1";
|
||||
push(@errors,"Problem restaring vtundsrv") if system "/etc/init.d/vtundsrv restart > /dev/null 2>&1";
|
||||
# delay to allow clients to connect and have an accurate "cloud" status
|
||||
sleep 5;
|
||||
}
|
||||
}
|
||||
|
||||
@active_tun=&get_active_tun();
|
||||
|
||||
######################################################################################
|
||||
# generate the page
|
||||
|
|
@ -382,14 +383,14 @@ sub print_vpn_clients()
|
|||
print "<input type=hidden name=client${val}_netip value='$fullnet'/></td>";
|
||||
print "<td align=center> ";
|
||||
if (&is_tunnel_active($fullnet,@active_tun) && ($val ne "_add")) {
|
||||
print "<img class='tun_client_active_img' src='/connected.png'/>";
|
||||
print "<img class='tun_client_active_img' src='/connected.png' title='Connected' />";
|
||||
} else {
|
||||
print "<img class='tun_client_inactive_img' src='/disconnected.png'/>";
|
||||
print "<img class='tun_client_inactive_img' src='/disconnected.png' title='Not connected' />";
|
||||
}
|
||||
print "</td>";
|
||||
print "<td><input type=submit name=client_add value=Add title='Add this client'>" if($val eq "_add");
|
||||
print "</td>";
|
||||
print "<td class='tun_client_mailto'><a href='mailto:?subject=AREDN%20Tunnel%20Connection&body=Your%20connection%20details:%0D%0AName:%20$name%0D%0APassword:%20$passwd%0D%0ANetwork:%20$fullnet%0D%0AServer%20address:%20$dns'><img class='tun_client_mailto_img' src='/email.png'/></a></td>" unless($val eq "_add");
|
||||
print "<td class='tun_client_mailto'><a href='mailto:?subject=AREDN%20Tunnel%20Connection&body=Your%20connection%20details:%0D%0AName:%20$name%0D%0APassword:%20$passwd%0D%0ANetwork:%20$fullnet%0D%0AServer%20address:%20$dns'><img class='tun_client_mailto_img' src='/email.png' title='Email details' /></a></td>" unless($val eq "_add");
|
||||
print "</tr>\n";
|
||||
|
||||
# display any errors
|
||||
|
|
|
|||
|
|
@ -62,8 +62,6 @@ if($parms{button_install})
|
|||
reboot_required() if($config eq "" or -e "/tmp/reboot-required");
|
||||
&vpn_setup_required("vpnc") unless(-e "/usr/sbin/vtund" );
|
||||
|
||||
@active_tun=&get_active_tun();
|
||||
|
||||
#################
|
||||
# If RESET, revert the UCI file
|
||||
#################
|
||||
|
|
@ -182,9 +180,11 @@ if($parms{button_save} and not @conn_err)
|
|||
# Regenerate olsrd files and restart olsrd
|
||||
push(@errors,"Problem restarting olsrd") if system "/etc/init.d/olsrd restart > /dev/null 2>&1";
|
||||
push(@errors,"Problem restaring vtund") if system "/etc/init.d/vtund restart > /dev/null 2>&1";
|
||||
sleep 5;
|
||||
}
|
||||
}
|
||||
|
||||
@active_tun=&get_active_tun();
|
||||
|
||||
######################################################################################
|
||||
# generate the page
|
||||
|
|
@ -341,9 +341,9 @@ sub print_vpn_connections()
|
|||
print "</td>";
|
||||
print "<td> ";
|
||||
if (&is_tunnel_active($netip,@active_tun) && ($val ne "_add")) {
|
||||
print "<img class='tun_client_active_img' src='/connected.png'/>";
|
||||
print "<img class='tun_client_active_img' src='/connected.png' title='Connected' />";
|
||||
} else {
|
||||
print "<img class='tun_client_inactive_img' src='/disconnected.png'/>" if ($val ne "_add");
|
||||
print "<img class='tun_client_inactive_img' src='/disconnected.png' title='Not connected' />" if ($val ne "_add");
|
||||
}
|
||||
print "</td>";
|
||||
print "<td> ";
|
||||
|
|
|
|||
Loading…
Reference in New Issue