Commit c7f1542c authored by Nick's avatar Nick

Add basic frameword to fix #4. Ultimately 10-openvpn needs moving into...

Add basic frameword to fix #4. Ultimately 10-openvpn needs moving into firewall-lua and the webconfig needs to be changed
parent a82dff8a
Pipeline #129560318 passed with stages
in 7 minutes and 25 seconds
......@@ -5,7 +5,7 @@
/////////////////////////////////////////////////////////////////////////////
$app['basename'] = 'openvpn';
$app['version'] = '2.4.9';
$app['version'] = '2.4.10';
$app['vendor'] = 'ClearFoundation';
$app['packager'] = 'ClearFoundation';
$app['license'] = 'GPLv3';
......@@ -102,6 +102,10 @@ $app['core_file_manifest'] = array(
'target' => '/var/clearos/events/samba_configuration/openvpn',
'mode' => '0755'
),
'10-openvpn' => array(
'target' => '/etc/clearos/firewall.d/10-openvpn',
'mode' => '0755',
),
);
$app['delete_dependency'] = array(
......
......@@ -105,7 +105,7 @@ for CONFIG in $CONFIGS; do
done
# Update status parameter (gitlab #13)
#------------------------------------------------------
#-------------------------------------
CHECK=`grep '^status /var/lib/openvpn/openvpn-status.log$' /etc/openvpn/clients-tcp.conf`
if [ -n "$CHECK" ] ; then
......@@ -113,6 +113,15 @@ if [ -n "$CHECK" ] ; then
sed -i -e 's/^status \/var\/lib\/openvpn\/openvpn-status.log$/status \/var\/lib\/openvpn\/openvpn-status-tcp.log/' /etc/openvpn/clients-tcp.conf
fi
# Add nat_enabled to /etc/clearos/openvpn.conf (gitlab #4)
#---------------------------------------------------------
CHECK=$(grep '^nat_enabled' /etc/clearos/openvpn.conf)
if [ -z "$CHECK" ] ; then
logger -p local6.notice -t installer "app-openvpn-core - adding nat_enabled to /etc/clearos/openvpn.conf"
echo "nat_enabled = no" >> /etc/clearos/openvpn.conf
fi
# Sync action: updates configuration using clearsync hook
#--------------------------------------------------------
......
# IPv4 only for now
#------------------
if [ "$FW_PROTO" != 'ipv4' ]; then
return 0
fi
# Bail if not in Gateway mode
#---------------------------------
declare $(grep ^MODE /etc/clearos/network.conf | awk '{gsub(/\"/,""); print}')
if [ "$MODE" != "gateway" ] ; then
return 0
fi
NAT_ENABLED=$(grep ^nat_enabled /etc/clearos/openvpn.conf | awk '{print $3}')
if [ "$NAT_ENABLED" == "yes" ]; then
UDP_NETWORK=$(grep ^server /etc/openvpn/clients.conf | awk '{print $2}')
UDP_NETMASK=$(grep ^server /etc/openvpn/clients.conf | awk '{print $3}')
TCP_NETWORK=$(grep ^server /etc/openvpn/clients-tcp.conf | awk '{print $2}')
TCP_NETMASK=$(grep ^server /etc/openvpn/clients-tcp.conf | awk '{print $3}')
$IPTABLES -t nat -I POSTROUTING -s $UDP_NETWORK/$UDP_NETMASK -j MASQUERADE
$IPTABLES -t nat -I POSTROUTING -s $TCP_NETWORK/$TCP_NETMASK -j MASQUERADE
fi
\ No newline at end of file
Name: app-openvpn
Epoch: 1
Version: 2.4.9
Version: 2.4.10
Release: 1%{dist}
Summary: OpenVPN
License: GPLv3
......@@ -50,6 +50,7 @@ install -d -m 0755 %{buildroot}/etc/clearos/openvpn.d
install -d -m 0755 %{buildroot}/etc/openvpn/ssl
install -d -m 0755 %{buildroot}/var/clearos/openvpn
install -d -m 0755 %{buildroot}/var/clearos/openvpn/backup
install -D -m 0755 packaging/10-openvpn %{buildroot}/etc/clearos/firewall.d/10-openvpn
install -D -m 0644 packaging/authorize %{buildroot}/etc/clearos/openvpn.d/authorize
install -D -m 0644 packaging/clients-tcp.conf %{buildroot}/etc/openvpn/clients-tcp.conf
install -D -m 0644 packaging/clients.conf %{buildroot}/etc/openvpn/clients.conf
......@@ -104,6 +105,7 @@ exit 0
/usr/clearos/apps/openvpn/deploy
/usr/clearos/apps/openvpn/language
/usr/clearos/apps/openvpn/libraries
/etc/clearos/firewall.d/10-openvpn
%config(noreplace) /etc/clearos/openvpn.d/authorize
%config(noreplace) /etc/openvpn/clients-tcp.conf
%config(noreplace) /etc/openvpn/clients.conf
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment