Add openvpnclient and openvpnserver tunnel types

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2511 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -3,6 +3,8 @@ Changes in 2.5.3
 
 1) Allow exclusion lists in /etc/shorewall/tcrules.
 
+2) Added 'openvpnserver' and 'openvpnclient' tunnel types.
+
 Changes in 2.5.2
 
 1) Allow port lists in /etc/sorewall/accounting.

Shorewall/firewall

@@ -2225,6 +2225,50 @@ setup_tunnels() # $1 = name of tunnels file
 	progress_message "   OPENVPN tunnel to $1:$protocol:$p defined."
     }
 
+    setup_one_openvpn_server() # $1 = gateway, $2 = kind[:port]
+    {
+	local protocol=udp
+	local p=1194
+
+	case $2 in
+	    *:*:*)
+		protocol=${2%:*}
+		protocol=${protocol#*:}
+		p=${2##*:}
+		;;
+	    *:*)
+		p=${2#*:}
+		;;
+	esac
+
+	addrule2 $inchain  -p $protocol $(source_ip_range $1) --dport $p -j ACCEPT
+	addrule2 $outchain -p $protocol $(dest_ip_range $1)   --sport $p -j ACCEPT
+
+	progress_message "   OPENVPN server tunnel to $1:$protocol:$p defined."
+    }
+
+    setup_one_openvpn_client() # $1 = gateway, $2 = kind[:port]
+    {
+	local protocol=udp
+	local p=1194
+
+	case $2 in
+	    *:*:*)
+		protocol=${2%:*}
+		protocol=${protocol#*:}
+		p=${2##*:}
+		;;
+	    *:*)
+		p=${2#*:}
+		;;
+	esac
+
+	addrule2 $inchain  -p $protocol $(source_ip_range $1) --dsport $p -j ACCEPT
+	addrule2 $outchain -p $protocol $(dest_ip_range $1)   --dport  $p -j ACCEPT
+
+	progress_message "   OPENVPN client tunnel to $1:$protocol:$p defined."
+    }
+
     setup_one_generic() # $1 = gateway, $2 = kind:protocol[:port], $3 = Gateway Zone
     {
 	local protocol
@@ -2297,6 +2341,12 @@ setup_tunnels() # $1 = name of tunnels file
 		openvpn|OPENVPN|openvpn:*|OPENVPN:*)
 		    setup_one_openvpn $gateway $kind
 		    ;;
+		openvpnclient|OPENVPNCLIENT|openvpnclient:*|OPENVPNCLIENT:*)
+		    setup_one_openvpn_client $gateway $kind
+		    ;;
+		openvpnserver|OPENVPNSERVER|openvpnserver:*|OPENVPNSERVER:*)
+		    setup_one_openvpn_server $gateway $kind
+		    ;;
 		generic:*|GENERIC:*)
 		    setup_one_generic $gateway $kind $z1
 		    ;;

Shorewall/releasenotes.txt

@@ -8,6 +8,10 @@ New Features in Shorewall 2.5.3
     SOURCE and DEST columns of entries in /etc/shorewall/tcrules and
     Shorewall will generate the rule that you expect.
 
+2)  Tunnel types "openvpnserver" and "openvpnclient" have been added
+    to reflect the introduction of client and server OpenVPN
+    configurations in OpenVPN 2.0.
+
 Problems Corrected in 2.5.2:
 
 1) You may now include port lists in in the /etc/shorewall/accounting

Shorewall/tunnels

@@ -13,16 +13,18 @@
 #
 #	TYPE	    --	must start in column 1 and be "ipsec", "ipsecnat",
 #			"ipip", "gre", "6to4", "pptpclient", "pptpserver",
-#			"openvpn" or "generic"
+#			"openvpn", "openvpnclient", "openvpnserver" or
+#			"generic"
 #
 #			If the type is "ipsec" or "ipsecnat", it may be
 #			followed by ":noah" to indicate that the Authentication
 #			Header protocol (51) is not used by the tunnel.
 #
-#			If type is "openvpn", it may optionally be followed
+#			If type is "openvpn", "openvpnclient" or
+#			"openvpnserver" it may optionally be followed
 #			by ":" and the port number used by the tunnel. if no
 #			":" and port number are included, then the default port
-#			of 5000 will be used
+#			of 1194 will be used
 #
 #			If type is "generic", it must be followed by ":" and
 #			a protocol name (from /etc/protocols) or a protocol