|
1
|
#!/bin/sh
|
|
2
|
#
|
|
3
|
# openvpn.attributes.sh
|
|
4
|
#
|
|
5
|
# part of pfSense (https://www.pfsense.org)
|
|
6
|
# Copyright (c) 2004-2013 BSD Perimeter
|
|
7
|
# Copyright (c) 2013-2016 Electric Sheep Fencing
|
|
8
|
# Copyright (c) 2014-2020 Rubicon Communications, LLC (Netgate)
|
|
9
|
# All rights reserved.
|
|
10
|
#
|
|
11
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
12
|
# you may not use this file except in compliance with the License.
|
|
13
|
# You may obtain a copy of the License at
|
|
14
|
#
|
|
15
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
16
|
#
|
|
17
|
# Unless required by applicable law or agreed to in writing, software
|
|
18
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
19
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
20
|
# See the License for the specific language governing permissions and
|
|
21
|
# limitations under the License.
|
|
22
|
|
|
23
|
|
|
24
|
lockfile="/tmp/ovpn_${dev}_${username}_${trusted_port}.lock"
|
|
25
|
rulesfile="/tmp/ovpn_${dev}_${username}_${trusted_port}.rules"
|
|
26
|
anchorname="openvpn/${dev}_${username}_${trusted_port}"
|
|
27
|
|
|
28
|
if [ "$script_type" = "client-connect" ]; then
|
|
29
|
i=1
|
|
30
|
while [ -f "${lockfile}" ]; do
|
|
31
|
if [ $i -ge 30 ]; then
|
|
32
|
/bin/echo "Timeout while waiting for lockfile"
|
|
33
|
exit 1
|
|
34
|
fi
|
|
35
|
|
|
36
|
/bin/sleep 1
|
|
37
|
i=$(( i + 1 ))
|
|
38
|
done
|
|
39
|
/usr/bin/touch "${lockfile}"
|
|
40
|
|
|
41
|
/bin/cat "${rulesfile}" | /usr/bin/sed "s/{clientip}/${ifconfig_pool_remote_ip}/g" > "${rulesfile}.tmp" && /bin/mv "${rulesfile}.tmp" "${rulesfile}"
|
|
42
|
/sbin/pfctl -a "openvpn/${dev}_${username}_${trusted_port}" -f "${rulesfile}"
|
|
43
|
/bin/rm "${rulesfile}"
|
|
44
|
|
|
45
|
if [ -f /tmp/$common_name ]; then
|
|
46
|
/bin/cat /tmp/$common_name > $1
|
|
47
|
/bin/rm /tmp/$common_name
|
|
48
|
fi
|
|
49
|
|
|
50
|
/bin/rm "${lockfile}"
|
|
51
|
elif [ "$script_type" = "client-disconnect" ]; then
|
|
52
|
i=1
|
|
53
|
while [ -f "${lockfile}" ]; do
|
|
54
|
if [ $i -ge 30 ]; then
|
|
55
|
/bin/echo "Timeout while waiting for lockfile"
|
|
56
|
exit 1
|
|
57
|
fi
|
|
58
|
|
|
59
|
/bin/sleep 1
|
|
60
|
i=$(( i + 1 ))
|
|
61
|
done
|
|
62
|
/usr/bin/touch "${lockfile}"
|
|
63
|
|
|
64
|
command="/sbin/pfctl -a '${anchorname}' -F rules"
|
|
65
|
eval $command
|
|
66
|
/sbin/pfctl -k $ifconfig_pool_remote_ip
|
|
67
|
/sbin/pfctl -K $ifconfig_pool_remote_ip
|
|
68
|
|
|
69
|
/bin/rm "${lockfile}"
|
|
70
|
fi
|
|
71
|
|
|
72
|
exit 0
|