free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

vpn on tcp

Bob Mottram 7 years ago
parent
63df10c225
commit
10da38da0c
2 changed files with 10 additions and 6 deletions
Unified View Show Diff Stats
  1. 8
    2
      src/freedombone-app-vpn
  2. 2
    4
      src/freedombone-utils-firewall

+ 8
- 2
src/freedombone-app-vpn View File

122
122
123 
 function remove_vpn {
 123 
 function remove_vpn {
124 
     systemctl stop openvpn
 124 
     systemctl stop openvpn
125 
-    apt-get -yq remove --purge fastd openvpn easy-rsa
125 
+    apt-get -yq remove --purge fastd openvpn easy-rsa stunnel4
126 
     if [ -d /etc/openvpn ]; then
 126 
     if [ -d /etc/openvpn ]; then
127 
         rm -rf /etc/openvpn
 127 
         rm -rf /etc/openvpn
128 
     fi
 128 
     fi
206 
     sed -i 's|key client.key|;key client.key|g' $user_vpn_cert_file
 206 
     sed -i 's|key client.key|;key client.key|g' $user_vpn_cert_file
207 
     sed -i 's|tls-auth ta.key|;tls-auth ta.key|g' $user_vpn_cert_file
 207 
     sed -i 's|tls-auth ta.key|;tls-auth ta.key|g' $user_vpn_cert_file
208
208
209 
+    sed -i 's|;proto tcp|proto tcp|g' $user_vpn_cert_file
210 
+    sed -i 's|proto udp|;proto udp|g' $user_vpn_cert_file
211 
+
209 
     echo '<ca>' >> $user_vpn_cert_file
 212 
     echo '<ca>' >> $user_vpn_cert_file
210 
     cat /etc/openvpn/ca.crt >> $user_vpn_cert_file
 213 
     cat /etc/openvpn/ca.crt >> $user_vpn_cert_file
211 
     echo '</ca>' >> $user_vpn_cert_file
 214 
     echo '</ca>' >> $user_vpn_cert_file
239 
 }
 242 
 }
240
243
241 
 function install_vpn {
 244 
 function install_vpn {
242 
-    apt-get -yq install fastd openvpn easy-rsa
245 
+    apt-get -yq install fastd openvpn easy-rsa stunnel4
243
246
244 
     if [ ! -f /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz ]; then
 247 
     if [ ! -f /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz ]; then
245 
         echo $'Example openvpn server config not found'
 248 
         echo $'Example openvpn server config not found'
257 
     sed -i 's|;group no.*|group vpn|g' /etc/openvpn/server.conf
 260 
     sed -i 's|;group no.*|group vpn|g' /etc/openvpn/server.conf
258 
     sed -i 's|;max-clients.*|max-clients 2|g' /etc/openvpn/server.conf
 261 
     sed -i 's|;max-clients.*|max-clients 2|g' /etc/openvpn/server.conf
259
262
263 
+    sed -i 's|;proto tcp|proto tcp|g' /etc/openvpn/server.conf
264 
+    sed -i 's|proto udp|;proto udp|g' /etc/openvpn/server.conf
265 
+
260 
     echo 1 > /proc/sys/net/ipv4/ip_forward
 266 
     echo 1 > /proc/sys/net/ipv4/ip_forward
261 
     sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
 267 
     sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
262 
     sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
 268 
     sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf

+ 2
- 4
src/freedombone-utils-firewall View File

111 
 }
 111 
 }
112
112
113 
 function firewall_disable_vpn {
 113 
 function firewall_disable_vpn {
114 
-    iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
115 
-    iptables -D INPUT -p tcp --dport 1194 -j ACCEPT
114 
+    iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
116 
     iptables -D INPUT -i tun+ -j ACCEPT
 115 
     iptables -D INPUT -i tun+ -j ACCEPT
117 
     iptables -D FORWARD -i tun+ -j ACCEPT
 116 
     iptables -D FORWARD -i tun+ -j ACCEPT
118 
     iptables -D FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
 117 
     iptables -D FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
125 
 }
 124 
 }
126
125
127 
 function firewall_enable_vpn {
 126 
 function firewall_enable_vpn {
128 
-    iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
129 
-    iptables -A INPUT -p tcp --dport 1194 -j ACCEPT
127 
+    iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
130 
     iptables -A INPUT -i tun+ -j ACCEPT
 128 
     iptables -A INPUT -i tun+ -j ACCEPT
131 
     iptables -A FORWARD -i tun+ -j ACCEPT
 129 
     iptables -A FORWARD -i tun+ -j ACCEPT
132 
     iptables -A FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
 130 
     iptables -A FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT