Project

General

Profile

« Previous | Next » 

Revision ae472dc1

Added by Shawn Bruce over 5 years ago

OpenVPN radius ACL enhancements. Issue #9206

View differences:

src/usr/local/sbin/openvpn.attributes.sh
20 20 
# See the License for the specific language governing permissions and
21 21 
# limitations under the License.
22 22 

  		




  
  23
  
    

  		




  
  24
  
    
lockfile="/tmp/ovpn_${dev}_${username}_${trusted_port}.lock"


  		




  
  25
  
    
rulesfile="/tmp/ovpn_${dev}_${username}_${trusted_port}.rules"


  		




  
  26
  
    
anchorname="openvpn/${dev}_${username}_${trusted_port}"


  		




  
  27
  
    

  		




  23
  28
  
    
if [ "$script_type" = "client-connect" ]; then


  		




  
  29
  
    
	i=1


  		




  
  30
  
    
	while [ -f "${lockfile}" ]; do


  		




  
  31
  
    
		if [ $i -ge 30 ]; then


  		




  
  32
  
    
			/bin/echo "Timeout while waiting for lockfile"


  		




  
  33
  
    
			exit 1


  		




  
  34
  
    
		fi


  		




  
  35
  
    

  		




  
  36
  
    
		/bin/sleep 1


  		




  
  37
  
    
		i=$(( i + 1 ))


  		




  
  38
  
    
	done


  		




  
  39
  
    
	/usr/bin/touch "${lockfile}"


  		




  
  40
  
    

  		




  
  41
  
    
	/bin/cat "${rulesfile}" | /usr/bin/sed "s/{clientip}/${ifconfig_pool_remote_ip}/g" > "${rulesfile}.tmp" && /bin/mv "${rulesfile}.tmp" "${rulesfile}"


  		




  
  42
  
    
	/sbin/pfctl -a "openvpn/${dev}_${username}_${trusted_port}" -f "${rulesfile}"


  		




  
  43
  
    
	/bin/rm "${rulesfile}"


  		




  
  44
  
    

  		




  24
  45
  
    
	if [ -f /tmp/$common_name ]; then


  		




  25
  46
  
    
		/bin/cat /tmp/$common_name > $1


  		




  26
  47
  
    
		/bin/rm /tmp/$common_name


  		




  27
  48
  
    
	fi


  		




  
  49
  
    

  		




  
  50
  
    
	/bin/rm "${lockfile}"


  		




  28
  51
  
    
elif [ "$script_type" = "client-disconnect" ]; then


  		




  29
  
  
    
	command="/sbin/pfctl -a 'openvpn/$common_name' -F rules"


  		




  
  52
  
    
	i=1


  		




  
  53
  
    
	while [ -f "${lockfile}" ]; do


  		




  
  54
  
    
		if [ $i -ge 30 ]; then


  		




  
  55
  
    
			/bin/echo "Timeout while waiting for lockfile"


  		




  
  56
  
    
			exit 1


  		




  
  57
  
    
		fi


  		




  
  58
  
    

  		




  
  59
  
    
		/bin/sleep 1


  		




  
  60
  
    
		i=$(( i + 1 ))


  		




  
  61
  
    
	done


  		




  
  62
  
    
	/usr/bin/touch "${lockfile}"


  		




  
  63
  
    

  		




  
  64
  
    
	command="/sbin/pfctl -a '${anchorname}' -F rules"


  		




  30
  65
  
    
	eval $command


  		




  31
  66
  
    
	/sbin/pfctl -k $ifconfig_pool_remote_ip


  		




  32
  67
  
    
	/sbin/pfctl -K $ifconfig_pool_remote_ip


  		




  
  68
  
    

  		




  
  69
  
    
	/bin/rm "${lockfile}"


  		




  33
  70
  
    
fi


  		




  34
  71
  
    

  		




  35
  72
  
    
exit 0


  		












Also available in:  Unified diff