Use firewall function for vpn

2017-09-26 16:31:51 +01:00 · 2017-09-26 16:31:51 +01:00 · 43c6406e2f
parent 10da38da0c
commit 43c6406e2f
2 changed files with 3 additions and 6 deletions
--- a/src/freedombone-app-vpn
+++ b/src/freedombone-app-vpn
@ -11,6 +11,7 @@
 # VPN functions
 # https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-debian-8
 # https://jamielinux.com/blog/force-all-network-traffic-through-openvpn-using-iptables/
+# http://www.farrellf.com/projects/software/2016-05-04_Running_a_VPN_Server_with_OpenVPN_and_Stunnel/index_.php
 #
 # License
 # =======
--- a/src/freedombone-utils-firewall
+++ b/src/freedombone-utils-firewall
@ -111,6 +111,7 @@ function enable_ipv6 {
 }

 function firewall_disable_vpn {
+    firewall_remove VPN 1194
    iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
    iptables -D INPUT -i tun+ -j ACCEPT
    iptables -D FORWARD -i tun+ -j ACCEPT
@ -119,11 +120,10 @@ function firewall_disable_vpn {
    iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
    iptables -D OUTPUT -o tun+ -j ACCEPT
    save_firewall_settings
-
-    sed -i '/VPN=/d' $FIREWALL_CONFIG
 }

 function firewall_enable_vpn {
+    firewall_add VPN 1194 tcp
    iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
    iptables -A INPUT -i tun+ -j ACCEPT
    iptables -A FORWARD -i tun+ -j ACCEPT
@ -132,10 +132,6 @@ function firewall_enable_vpn {
    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
    iptables -A OUTPUT -o tun+ -j ACCEPT
    save_firewall_settings
-
-    if ! grep -q "VPN=" $FIREWALL_CONFIG; then
-        echo "VPN=1194" >> $FIREWALL_CONFIG
-    fi
 }

 function configure_firewall {