Implement OpenVPN TCP Support

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1828 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/changelog.txt

@@ -181,3 +181,5 @@ Changes since 2.0.3
     with "add" and "delete"
 
 89) Clarify add/delete syntax in /sbin/shorewall usage summary.
+
+90) Implement OpenVPN TCP support

Shorewall2/firewall

@@ -1654,19 +1654,24 @@ setup_tunnels() # $1 = name of tunnels file
 
     setup_one_openvpn() # $1 = gateway, $2 = kind[:port]
     {
+	local protocol=udp
+	local p=5000
+
 	case $2 in
+	    *:*:*)
+		protocol=${2%:*}
+		protocol=${protocol#*:}
+		p=${2##*:}
+		;;
 	    *:*)
 		p=${2#*:}
 		;;
-	    *)
-		p=5000
-		;;
 	esac
 
-	addrule2 $inchain  -p udp $(source_ip_range $1) --dport $p -j ACCEPT
-	addrule2 $outchain -p udp $(dest_ip_range $1)   --dport $p -j ACCEPT
+	addrule2 $inchain  -p $protocol $(source_ip_range $1) --dport $p -j ACCEPT
+	addrule2 $outchain -p $protocol $(dest_ip_range $1)   --dport $p -j ACCEPT
 
-	progress_message "   OPENVPN tunnel to $1:$p defined."
+	progress_message "   OPENVPN tunnel to $1:$protocol:$p defined."
     }
 
     setup_one_generic() # $1 = gateway, $2 = kind:protocol[:port], $3 = Gateway Zone

Shorewall2/releasenotes.txt

@@ -828,3 +828,13 @@ New Features:
     shorewall add eth1:1.2.3.4,2.3.4.5 z12
     shorewall delete eth1:1.2.3.4,2.3.4.5 z12
    
+37) TCP OpenVPN tunnels are now supported using the 'openvpn' tunnel
+    type. OpenVPN entries in /etc/shorewall/tunnels have this format:
+
+    openvpn[:{tcp|udp}][:<port>]	<zone>		<gateway>
+
+    Examples:
+
+	openvpn:tcp		net	1.2.3.4 # TCP tunnel on port 5000
+	openvpn:3344		net	1.2.3.4 # UDP on port 3344
+	openvpn:tcp:4455	net	1.2.3.4	# TCP on port 4455