diff options
author | Eirik Oeverby <ltning@anduin.net> | 2009-03-08 21:34:50 +0100 |
---|---|---|
committer | Eirik Oeverby <ltning@anduin.net> | 2009-03-08 21:34:50 +0100 |
commit | c11007c6618df6a0dca523c7a4544c0f8c74db9f (patch) | |
tree | a5ddaf60ff0be7a4c92d9beaf54ae37704259bbb | |
parent | b8aef919ecfd63ac8a75bb9bbb93dc483091e595 (diff) | |
download | pfsense-packages-c11007c6618df6a0dca523c7a4544c0f8c74db9f.tar.gz pfsense-packages-c11007c6618df6a0dca523c7a4544c0f8c74db9f.tar.bz2 pfsense-packages-c11007c6618df6a0dca523c7a4544c0f8c74db9f.zip |
Create necessary directories, add 'local =' parameter
Ensures stunnel can actually be used after installation.
Add optional 'local =' parameter to a tunnel, to force binding to a particular IP for outgoing connections. Useful for transport mode IPSec, or with VPNs in general.
Known issues: After (re)install, list of tunnels must be saved once to produce proper config file. Not sure why this isn't happening automagically.
-rw-r--r-- | config/stunnel.xml | 47 |
1 files changed, 34 insertions, 13 deletions
diff --git a/config/stunnel.xml b/config/stunnel.xml index 85e43081..d2f0dd3a 100644 --- a/config/stunnel.xml +++ b/config/stunnel.xml @@ -111,6 +111,13 @@ <description>Enter the port to redirect to.</description> <type>input</type> </field> + <field> + <fielddescr>Outgoing source IP</fielddescr> + <fieldname>sourceip</fieldname> + <description>Enter the source IP address for outgoing connections.</description> + <type>input</type> + </field> + </fields> <service> <name>stunnel</name> @@ -128,6 +135,7 @@ fwrite($fout, "setgid = stunnel \n"); foreach($config['installedpackages']['stunnel']['config'] as $pkgconfig) { fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n"); + if($pkgconfig['sourceip']) fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); fwrite($fout, "accept = " . $pkgconfig['localip'] . ":" . $pkgconfig['localport'] . "\n"); fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n"); fwrite($fout, "TIMEOUTclose = 0\n\n"); @@ -135,7 +143,7 @@ fclose($fout); conf_mount_ro(); config_unlock(); - system("/usr/bin/killall stunnel 2>/dev/null"); + system("/usr/local/etc/rc.d/stunnel.sh stop 2>/dev/null"); system("/usr/local/etc/rc.d/stunnel.sh start 2>/dev/null"); ]]> </custom_add_php_command_late> @@ -144,25 +152,38 @@ safe_mkdir("/usr/local/etc/stunnel"); system("/usr/bin/openssl req -new -x509 -days 365 -nodes -out /usr/local/etc/stunnel/stunnel.pem -keyout /usr/local/etc/stunnel/stunnel.pem 2>/dev/null"); chmod("/usr/local/etc/stunnel/stunnel.pem", 600); - system("/bin/mkdir /var/tmp/stunnel"); - system("/bin/mkdir /var/tmp/stunnel/var"); - system("/bin/mkdir /var/tmp/stunnel/var/tmp"); + system("/bin/mkdir -p /var/tmp/stunnel/var/tmp/run/stunnel"); system("/usr/sbin/chown -R stunnel:stunnel /var/tmp/stunnel"); - chmod("/var/tmp/stunnel/var/tmp/", 1777); - $fout = fopen("/usr/local/etc/rc.d/stunnel.sh","w"); - system("/usr/sbin/chown -R stunnel:stunnel /var/tmp/stunnel/var/stunnel"); - fwrite($fout, "#!/bin/sh\n"); - fwrite($fout, "# PACKAGE: STunnel\n"); - fwrite($fout, "# EXECUTABLE: stunnel\n"); - fwrite($fout, "/usr/local/sbin/stunnel /usr/local/etc/stunnel/stunnel.conf\n\n"); - fclose($fout); - chmod("/usr/local/etc/rc.d/stunnel.sh", 0555); + $_rcfile['file']='stunnel.sh'; + $_rcfile['start'].="/usr/local/bin/stunnel /usr/local/etc/stunnel/stunnel.conf \n\t"; + $_rcfile['stop'].="killall stunnel \n\t"; + write_rcfile($_rcfile); + system("rm /usr/local/etc/rc.d/stunnel"); + + conf_mount_rw(); + config_lock(); + $fout = fopen("/usr/local/etc/stunnel/stunnel.conf","w"); + fwrite($fout, "cert = /usr/local/etc/stunnel/stunnel.pem \n"); + fwrite($fout, "chroot = /var/tmp/stunnel \n"); + fwrite($fout, "setuid = stunnel \n"); + fwrite($fout, "setgid = stunnel \n"); + foreach($config['installedpackages']['stunnel']['config'] as $pkgconfig) { + fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n"); + if($pkgconfig['sourceip']) fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); + fwrite($fout, "accept = " . $pkgconfig['localip'] . ":" . $pkgconfig['localport'] . "\n"); + fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n"); + fwrite($fout, "TIMEOUTclose = 0\n\n"); + } + fclose($fout); + conf_mount_ro(); + config_unlock(); ]]> </custom_php_install_command> <custom_php_deinstall_command> <![CDATA[ rmdir_recursive("/var/tmp/stunnel"); rmdir_recursive("/usr/local/etc/stunnel*"); + system("rm /usr/local/etc/rc.d/stunnel.sh"); ]]> </custom_php_deinstall_command> </packagegui> |