/src/etc/rc.openvpn - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/src/etc/rc.openvpn @ 51d2e735

1	cb7d18d5	Renato Botelho	#!/usr/local/bin/php-cgi -f
2	2b73d3a0	smos	<?php
3			/*
4	8acd654a	Renato Botelho	* rc.openvpn
5			*
6			* part of pfSense (https://www.pfsense.org)
7	aaec5634	Renato Botelho	* Copyright (c) 2009 Seth Mos <seth.mos@dds.nl>.
8	8acd654a	Renato Botelho	* Copyright (c) 2007-2016 Electric Sheep Fencing, LLC
9			* All rights reserved.
10			*
11			* Originally part of m0n0wall (http://m0n0.ch/wall)
12	aaec5634	Renato Botelho	* Copyright (c) 2007 Manuel Kasper <mk@neon1.net>.
13	8acd654a	Renato Botelho	* All rights reserved.
14			*
15			* Redistribution and use in source and binary forms, with or without
16			* modification, are permitted provided that the following conditions are met:
17			*
18			* 1. Redistributions of source code must retain the above copyright notice,
19			* this list of conditions and the following disclaimer.
20			*
21			* 2. Redistributions in binary form must reproduce the above copyright
22			* notice, this list of conditions and the following disclaimer in
23			* the documentation and/or other materials provided with the
24			* distribution.
25			*
26			* 3. All advertising materials mentioning features or use of this software
27			* must display the following acknowledgment:
28			* "This product includes software developed by the pfSense Project
29			* for use in the pfSense® software distribution. (http://www.pfsense.org/).
30			*
31			* 4. The names "pfSense" and "pfSense Project" must not be used to
32			* endorse or promote products derived from this software without
33			* prior written permission. For written permission, please contact
34			* coreteam@pfsense.org.
35			*
36			* 5. Products derived from this software may not be called "pfSense"
37			* nor may "pfSense" appear in their names without prior written
38			* permission of the Electric Sheep Fencing, LLC.
39			*
40			* 6. Redistributions of any form whatsoever must retain the following
41			* acknowledgment:
42			*
43			* "This product includes software developed by the pfSense Project
44			* for use in the pfSense software distribution (http://www.pfsense.org/).
45			*
46			* THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY
47			* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
48			* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
49			* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR
50			* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
51			* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
52			* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
53			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
54			* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
55			* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
56			* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
57			* OF THE POSSIBILITY OF SUCH DAMAGE.
58			*/
59	2b73d3a0	smos
60	8f10998b	Ermal	/* parse the configuration and include all functions used below */
61			require_once("util.inc");
62			require_once("config.inc");
63			require_once("functions.inc");
64			require_once("filter.inc");
65			require_once("gwlb.inc");
66			require_once("openvpn.inc");
67	2b73d3a0	smos
68	e960b298	Phil Davis	function openvpn_resync_if_needed ($mode, $ovpn_settings, $interface) {
69			global $g, $config;
70
71	f33dcc5c	Ermal	$resync_needed = true;
72	634054cc	Phil Davis	if (isset($ovpn_settings['disable'])) {
73			$resync_needed = false;
74			} else {
75			if (!empty($interface)) {
76			$mode_id = $mode . $ovpn_settings['vpnid'];
77			$fpath = "{$g['varetc_path']}/openvpn/{$mode_id}.interface";
78			if (file_exists($fpath)) {
79	a3cecbc3	jim-p	/* Compare the interface currently used by the VPN with the interface that should be used.
80			If the VPN should stay on the same interface, do not resync */
81			if (trim(file_get_contents($fpath), " \t\n") == get_failover_interface($ovpn_settings['interface'])) {
82			$resync_needed = false;
83	634054cc	Phil Davis	}
84	f33dcc5c	Ermal	}
85			}
86	e960b298	Phil Davis	}
87	f33dcc5c	Ermal	if ($resync_needed == true) {
88	e960b298	Phil Davis	log_error("OpenVPN: Resync " . $mode_id . " " . $ovpn_settings['description']);
89			openvpn_resync($mode, $ovpn_settings);
90			}
91			}
92
93	8f10998b	Ermal	/* make sure to wait until the boot scripts have finished */
94	e173dd74	Phil Davis	if (file_exists("{$g['varrun_path']}/booting")) {
95	1f64b66b	Phil Davis	return;
96	e173dd74	Phil Davis	}
97	8f10998b	Ermal
98	7ef9de3f	Phil Davis	/* Input argument is a comma-separated list of gateway names, blank or "all". */
99	e173dd74	Phil Davis	if (isset($_GET['interface'])) {
100	c71b14fd	Ermal	$argument = $_GET['interface'];
101	e173dd74	Phil Davis	} else {
102	c71b14fd	Ermal	$argument = trim($argv[1], " \n");
103	e173dd74	Phil Davis	}
104	8f10998b	Ermal
105	e173dd74	Phil Davis	if ((is_array($config['openvpn']['openvpn-server']) && count($config['openvpn']['openvpn-server'])) \|\|
106	4e322e2c	Phil Davis	(is_array($config['openvpn']['openvpn-client']) && count($config['openvpn']['openvpn-client']))) {
107	7ef9de3f	Phil Davis	if (empty($argument) \|\| $argument == "all") {
108	e173dd74	Phil Davis	$argument = "all";
109	252612d7	Renato Botelho	$log_text = "all";
110	7ef9de3f	Phil Davis	} else {
111	1f64b66b	Phil Davis	$log_text = "endpoints that may use " . $argument;
112	7ef9de3f	Phil Davis	}
113	1f64b66b	Phil Davis	log_error("OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading " . $log_text . ".");
114	e173dd74	Phil Davis	} else {
115	8f10998b	Ermal	return;
116	e173dd74	Phil Davis	}
117	c653ce27	Ermal
118	8171a2c2	Ermal	$openvpnlck = try_lock('openvpn', 10);
119			if (!$openvpnlck) {
120			log_error(gettext("Could not obtain openvpn lock for executing rc.openvpn for more than 10 seconds continuing..."));
121			unlock_force('openvpn');
122			$openvpnlck = lock('openvpn', LOCK_EX);
123			}
124
125	086cf944	Phil Davis	$arg_array = explode(",", $argument);
126	7ef9de3f	Phil Davis	foreach ($arg_array as $arg_element) {
127			$gwgroups = array();
128	e173dd74	Phil Davis	if ($arg_element == "all") {
129			$interface = "";
130			} else {
131	7ef9de3f	Phil Davis	// e.g. $arg_element = "WANGW", $interface = "wan"
132			$interface = lookup_gateway_interface_by_name($arg_element);
133	e173dd74	Phil Davis	if (empty($interface)) {
134	7ef9de3f	Phil Davis	$interface = $arg_element;
135	e173dd74	Phil Davis	} else {
136	7ef9de3f	Phil Davis	// e.g. $arg_element = "WANGW", $gwgroups = array of gateway groups that use "wan"
137			$gwgroups = gateway_is_gwgroup_member($arg_element);
138	e173dd74	Phil Davis	}
139	7ef9de3f	Phil Davis	}
140	8f10998b	Ermal
141	e173dd74	Phil Davis	if (is_array($config['openvpn']['openvpn-server'])) {
142			foreach ($config['openvpn']['openvpn-server'] as &$server) {
143			if ($server['interface'] == $interface \|\| empty($interface) \|\| (!empty($gwgroups) && in_array($server['interface'], $gwgroups))) {
144	7ef9de3f	Phil Davis	openvpn_resync_if_needed('server', $server, $interface);
145	e173dd74	Phil Davis	}
146	7ef9de3f	Phil Davis	}
147	e288ddb1	smos	}
148	8f10998b	Ermal
149	7ef9de3f	Phil Davis	if (is_array($config['openvpn']['openvpn-client'])) {
150	e173dd74	Phil Davis	foreach ($config['openvpn']['openvpn-client'] as &$client) {
151			if ($client['interface'] == $interface \|\| empty($interface) \|\| (!empty($gwgroups) && in_array($client['interface'], $gwgroups))) {
152	7ef9de3f	Phil Davis	openvpn_resync_if_needed('client', $client, $interface);
153	e173dd74	Phil Davis	}
154	7ef9de3f	Phil Davis	}
155	ea68f6cc	jim-p	}
156	8f10998b	Ermal	}
157	b95f5460	Phil Davis
158	8f10998b	Ermal	unlock($openvpnlck);
159	2b73d3a0	smos	?>

Project

General

Profile

pfSense