mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 22:58:52 +01:00
Add openvpn tunnel support
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@426 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
4cf3600e5c
commit
5aeecee8ab
@ -13,3 +13,9 @@ Changes since 1.3.13
|
||||
/etc/shorewall/masq.
|
||||
|
||||
6. Restore $dev.$vid naming of VLAN interfaces.
|
||||
|
||||
7. Updated copyrights for 2003.
|
||||
|
||||
8. Added support for openvpn tunnels on arbitrary ports
|
||||
|
||||
9. Added support for openvpn with NAT on the other end.
|
||||
|
@ -1424,6 +1424,29 @@ setup_tunnels() # $1 = name of tunnels file
|
||||
echo " PPTP server defined."
|
||||
}
|
||||
|
||||
setup_one_openvpn() # $1 = gateway, $2 = kind
|
||||
{
|
||||
case $2 in
|
||||
*:*)
|
||||
p=${2#*:}
|
||||
;;
|
||||
*)
|
||||
p=5000
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ $3 = openvpn ]; then
|
||||
sport="--sport $p"
|
||||
else
|
||||
sport=
|
||||
fi
|
||||
|
||||
addrule $inchain -p udp -s $1 $sport --dport $p -j ACCEPT
|
||||
addrule $outchain -p udp -d $1 $sport --dport $p -j ACCEPT
|
||||
|
||||
echo " OPENVPN tunnel to $1:$p defined."
|
||||
}
|
||||
|
||||
strip_file tunnels $1
|
||||
|
||||
while read kind z gateway z1; do
|
||||
@ -1451,6 +1474,12 @@ setup_tunnels() # $1 = name of tunnels file
|
||||
pptpserver|PPTPSERVER)
|
||||
setup_pptp_server
|
||||
;;
|
||||
openvpn*|OPENVPN*)
|
||||
setup_one_openvpn $gateway $kind openvpn
|
||||
;;
|
||||
openvpnnat*|OPENVPNNAT*)
|
||||
setup_one_openvpn $gateway $kind openvpnnat
|
||||
;;
|
||||
*)
|
||||
error_message "Tunnels of type $kind are not supported:" \
|
||||
"Tunnel \"$tunnel\" Ignored"
|
||||
|
@ -24,7 +24,10 @@ New features include:
|
||||
convention (e.g., "eth0.0") has been restored. This capability was
|
||||
inadvertently broken in version 1.3.12.
|
||||
|
||||
4) When an interface name is entered in the SUBNET column of the
|
||||
4) Support has been added for defining OpenVPN tunnels in the
|
||||
/etc/shorewall/tunnels file.
|
||||
|
||||
5) When an interface name is entered in the SUBNET column of the
|
||||
/etc/shorewall/masq file, Shorewall previously masqueraded traffic
|
||||
from only the first subnet defined on that interface. It did not
|
||||
masquerade traffic from:
|
||||
|
@ -1,16 +1,22 @@
|
||||
#
|
||||
# Shorewall 1.3 - /etc/shorewall/tunnels
|
||||
#
|
||||
# This file defines IPSEC, GRE and IPIP tunnels.
|
||||
# This file defines IPSEC, GRE, IPIP and OPENVPN tunnels.
|
||||
#
|
||||
# IPIP and GRE tunnels must be configured on the firewall/gateway itself.
|
||||
# IPSEC endpoints may be defined on the firewall/gateway or on an
|
||||
# internal system.
|
||||
# IPIP, GRE and OPENVPN tunnels must be configured on the
|
||||
# firewall/gateway itself. IPSEC endpoints may be defined
|
||||
# on the firewall/gateway or on an internal system.
|
||||
#
|
||||
# The columns are:
|
||||
#
|
||||
# TYPE -- must start in column 1 and be "ipsec", "ipsecnat","ip"
|
||||
# "gre","pptpclient" or "pptpserver"
|
||||
# "gre", "pptpclient", "pptpserver", "openvpn" or
|
||||
# "openvpnnat"
|
||||
#
|
||||
# If type is "openvpn" or "openvpnnam", it may optionally
|
||||
# be followed by ":" and the port number used by the
|
||||
# tunnel. If no ":" and port number are included, then
|
||||
# the default port of 5000 will be used
|
||||
#
|
||||
# ZONE -- The zone of the physical interface through which
|
||||
# tunnel traffic passes. This is normally your internet
|
||||
@ -20,10 +26,12 @@
|
||||
# remote getway has no fixed address (Road Warrior)
|
||||
# then specify the gateway as 0.0.0.0/0.
|
||||
#
|
||||
# GATEWAY ZONES -- Optional. If the gateway system specified in the third
|
||||
# GATEWAY
|
||||
# ZONES -- Optional. If the gateway system specified in the third
|
||||
# column is a standalone host then this column should
|
||||
# contain a comma-separated list of the names of the zones that
|
||||
# the host might be in. This column only applies to IPSEC tunnels.
|
||||
# contain a comma-separated list of the names of the
|
||||
# zones that the host might be in. This column only
|
||||
# applies to IPSEC tunnels.
|
||||
#
|
||||
# Example 1:
|
||||
#
|
||||
@ -71,5 +79,12 @@
|
||||
#
|
||||
# pptpserver net
|
||||
#
|
||||
# TYPE ZONE GATEWAY GATEWAY ZONE
|
||||
# Example 7:
|
||||
#
|
||||
# OPENVPN tunnel. The remote gateway is 4.33.99.124 and
|
||||
# openvpn uses port 7777.
|
||||
#
|
||||
# openvpn:7777 net 4.33.99.124
|
||||
#
|
||||
# TYPE ZONE GATEWAY GATEWAY ZONE PORT
|
||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||
|
Loading…
Reference in New Issue
Block a user