From 8e0daba796fdc0aa77e49265cf6c793d1c797ccb Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Tue, 14 Dec 2004 16:11:49 +0000
Subject: [PATCH] Implement OpenVPN TCP Support

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1828 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall2/changelog.txt    |  2 ++
 Shorewall2/firewall         | 17 +++++++++++------
 Shorewall2/releasenotes.txt | 10 ++++++++++
 3 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt
index 9a3e2c2d9..03addfb32 100644
--- a/Shorewall2/changelog.txt
+++ b/Shorewall2/changelog.txt
@@ -181,3 +181,5 @@ Changes since 2.0.3
     with "add" and "delete"
 
 89) Clarify add/delete syntax in /sbin/shorewall usage summary.
+
+90) Implement OpenVPN TCP support
diff --git a/Shorewall2/firewall b/Shorewall2/firewall
index d6ca8cd20..cb0cd6f8f 100755
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@@ -1654,19 +1654,24 @@ setup_tunnels() # $1 = name of tunnels file
 
     setup_one_openvpn() # $1 = gateway, $2 = kind[:port]
     {
+	local protocol=udp
+	local p=5000
+
 	case $2 in
+	    *:*:*)
+		protocol=${2%:*}
+		protocol=${protocol#*:}
+		p=${2##*:}
+		;;
 	    *:*)
 		p=${2#*:}
 		;;
-	    *)
-		p=5000
-		;;
 	esac
 
-	addrule2 $inchain  -p udp $(source_ip_range $1) --dport $p -j ACCEPT
-	addrule2 $outchain -p udp $(dest_ip_range $1)   --dport $p -j ACCEPT
+	addrule2 $inchain  -p $protocol $(source_ip_range $1) --dport $p -j ACCEPT
+	addrule2 $outchain -p $protocol $(dest_ip_range $1)   --dport $p -j ACCEPT
 
-	progress_message "   OPENVPN tunnel to $1:$p defined."
+	progress_message "   OPENVPN tunnel to $1:$protocol:$p defined."
     }
 
     setup_one_generic() # $1 = gateway, $2 = kind:protocol[:port], $3 = Gateway Zone
diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt
index e7abe37df..82b660cff 100755
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@@ -828,3 +828,13 @@ New Features:
     shorewall add eth1:1.2.3.4,2.3.4.5 z12
     shorewall delete eth1:1.2.3.4,2.3.4.5 z12
    
+37) TCP OpenVPN tunnels are now supported using the 'openvpn' tunnel
+    type. OpenVPN entries in /etc/shorewall/tunnels have this format:
+
+    openvpn[:{tcp|udp}][:<port>]	<zone>		<gateway>
+
+    Examples:
+
+	openvpn:tcp		net	1.2.3.4 # TCP tunnel on port 5000
+	openvpn:3344		net	1.2.3.4 # UDP on port 3344
+	openvpn:tcp:4455	net	1.2.3.4	# TCP on port 4455