free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

vpn on tcp

This commit is contained in:
Bob Mottram 2017-09-26 15:51:43 +01:00
parent 63df10c225
commit 10da38da0c
2 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/freedombone-app-vpn
View File

@ -122,7 +122,7 @@ function restore_remote_vpn {
function remove_vpn { function remove_vpn {
systemctl stop openvpn systemctl stop openvpn
apt-get -yq remove --purge fastd openvpn easy-rsa apt-get -yq remove --purge fastd openvpn easy-rsa stunnel4
if [ -d /etc/openvpn ]; then if [ -d /etc/openvpn ]; then
rm -rf /etc/openvpn rm -rf /etc/openvpn
fi fi
@ -206,6 +206,9 @@ function create_user_vpn_key {
sed -i 's|key client.key|;key client.key|g' $user_vpn_cert_file sed -i 's|key client.key|;key client.key|g' $user_vpn_cert_file
sed -i 's|tls-auth ta.key|;tls-auth ta.key|g' $user_vpn_cert_file sed -i 's|tls-auth ta.key|;tls-auth ta.key|g' $user_vpn_cert_file
sed -i 's|;proto tcp|proto tcp|g' $user_vpn_cert_file
sed -i 's|proto udp|;proto udp|g' $user_vpn_cert_file
echo '<ca>' >> $user_vpn_cert_file echo '<ca>' >> $user_vpn_cert_file
cat /etc/openvpn/ca.crt >> $user_vpn_cert_file cat /etc/openvpn/ca.crt >> $user_vpn_cert_file
echo '</ca>' >> $user_vpn_cert_file echo '</ca>' >> $user_vpn_cert_file
@ -239,7 +242,7 @@ function remove_user_vpn {
} }
function install_vpn { function install_vpn {
apt-get -yq install fastd openvpn easy-rsa apt-get -yq install fastd openvpn easy-rsa stunnel4
if [ ! -f /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz ]; then if [ ! -f /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz ]; then
echo $'Example openvpn server config not found' echo $'Example openvpn server config not found'
@ -257,6 +260,9 @@ function install_vpn {
sed -i 's|;group no.*|group vpn|g' /etc/openvpn/server.conf sed -i 's|;group no.*|group vpn|g' /etc/openvpn/server.conf
sed -i 's|;max-clients.*|max-clients 2|g' /etc/openvpn/server.conf sed -i 's|;max-clients.*|max-clients 2|g' /etc/openvpn/server.conf
sed -i 's|;proto tcp|proto tcp|g' /etc/openvpn/server.conf
sed -i 's|proto udp|;proto udp|g' /etc/openvpn/server.conf
echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward
sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf

6
src/freedombone-utils-firewall
View File

@ -111,8 +111,7 @@ function enable_ipv6 {
} }
function firewall_disable_vpn { function firewall_disable_vpn {
iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
iptables -D INPUT -p tcp --dport 1194 -j ACCEPT
iptables -D INPUT -i tun+ -j ACCEPT iptables -D INPUT -i tun+ -j ACCEPT
iptables -D FORWARD -i tun+ -j ACCEPT iptables -D FORWARD -i tun+ -j ACCEPT
iptables -D FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -D FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
@ -125,8 +124,7 @@ function firewall_disable_vpn {
} }
function firewall_enable_vpn { function firewall_enable_vpn {
iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
iptables -A INPUT -p tcp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT