aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEirik Oeverby <ltning@anduin.net>2009-03-08 21:34:50 +0100
committerEirik Oeverby <ltning@anduin.net>2009-03-08 21:34:50 +0100
commitc11007c6618df6a0dca523c7a4544c0f8c74db9f (patch)
treea5ddaf60ff0be7a4c92d9beaf54ae37704259bbb
parentb8aef919ecfd63ac8a75bb9bbb93dc483091e595 (diff)
downloadpfsense-packages-c11007c6618df6a0dca523c7a4544c0f8c74db9f.tar.gz
pfsense-packages-c11007c6618df6a0dca523c7a4544c0f8c74db9f.tar.bz2
pfsense-packages-c11007c6618df6a0dca523c7a4544c0f8c74db9f.zip
Create necessary directories, add 'local =' parameter
Ensures stunnel can actually be used after installation. Add optional 'local =' parameter to a tunnel, to force binding to a particular IP for outgoing connections. Useful for transport mode IPSec, or with VPNs in general. Known issues: After (re)install, list of tunnels must be saved once to produce proper config file. Not sure why this isn't happening automagically.
-rw-r--r--config/stunnel.xml47
1 files changed, 34 insertions, 13 deletions
diff --git a/config/stunnel.xml b/config/stunnel.xml
index 85e43081..d2f0dd3a 100644
--- a/config/stunnel.xml
+++ b/config/stunnel.xml
@@ -111,6 +111,13 @@
<description>Enter the port to redirect to.</description>
<type>input</type>
</field>
+ <field>
+ <fielddescr>Outgoing source IP</fielddescr>
+ <fieldname>sourceip</fieldname>
+ <description>Enter the source IP address for outgoing connections.</description>
+ <type>input</type>
+ </field>
+
</fields>
<service>
<name>stunnel</name>
@@ -128,6 +135,7 @@
fwrite($fout, "setgid = stunnel \n");
foreach($config['installedpackages']['stunnel']['config'] as $pkgconfig) {
fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n");
+ if($pkgconfig['sourceip']) fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n");
fwrite($fout, "accept = " . $pkgconfig['localip'] . ":" . $pkgconfig['localport'] . "\n");
fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n");
fwrite($fout, "TIMEOUTclose = 0\n\n");
@@ -135,7 +143,7 @@
fclose($fout);
conf_mount_ro();
config_unlock();
- system("/usr/bin/killall stunnel 2>/dev/null");
+ system("/usr/local/etc/rc.d/stunnel.sh stop 2>/dev/null");
system("/usr/local/etc/rc.d/stunnel.sh start 2>/dev/null");
]]>
</custom_add_php_command_late>
@@ -144,25 +152,38 @@
safe_mkdir("/usr/local/etc/stunnel");
system("/usr/bin/openssl req -new -x509 -days 365 -nodes -out /usr/local/etc/stunnel/stunnel.pem -keyout /usr/local/etc/stunnel/stunnel.pem 2>/dev/null");
chmod("/usr/local/etc/stunnel/stunnel.pem", 600);
- system("/bin/mkdir /var/tmp/stunnel");
- system("/bin/mkdir /var/tmp/stunnel/var");
- system("/bin/mkdir /var/tmp/stunnel/var/tmp");
+ system("/bin/mkdir -p /var/tmp/stunnel/var/tmp/run/stunnel");
system("/usr/sbin/chown -R stunnel:stunnel /var/tmp/stunnel");
- chmod("/var/tmp/stunnel/var/tmp/", 1777);
- $fout = fopen("/usr/local/etc/rc.d/stunnel.sh","w");
- system("/usr/sbin/chown -R stunnel:stunnel /var/tmp/stunnel/var/stunnel");
- fwrite($fout, "#!/bin/sh\n");
- fwrite($fout, "# PACKAGE: STunnel\n");
- fwrite($fout, "# EXECUTABLE: stunnel\n");
- fwrite($fout, "/usr/local/sbin/stunnel /usr/local/etc/stunnel/stunnel.conf\n\n");
- fclose($fout);
- chmod("/usr/local/etc/rc.d/stunnel.sh", 0555);
+ $_rcfile['file']='stunnel.sh';
+ $_rcfile['start'].="/usr/local/bin/stunnel /usr/local/etc/stunnel/stunnel.conf \n\t";
+ $_rcfile['stop'].="killall stunnel \n\t";
+ write_rcfile($_rcfile);
+ system("rm /usr/local/etc/rc.d/stunnel");
+
+ conf_mount_rw();
+ config_lock();
+ $fout = fopen("/usr/local/etc/stunnel/stunnel.conf","w");
+ fwrite($fout, "cert = /usr/local/etc/stunnel/stunnel.pem \n");
+ fwrite($fout, "chroot = /var/tmp/stunnel \n");
+ fwrite($fout, "setuid = stunnel \n");
+ fwrite($fout, "setgid = stunnel \n");
+ foreach($config['installedpackages']['stunnel']['config'] as $pkgconfig) {
+ fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n");
+ if($pkgconfig['sourceip']) fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n");
+ fwrite($fout, "accept = " . $pkgconfig['localip'] . ":" . $pkgconfig['localport'] . "\n");
+ fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n");
+ fwrite($fout, "TIMEOUTclose = 0\n\n");
+ }
+ fclose($fout);
+ conf_mount_ro();
+ config_unlock();
]]>
</custom_php_install_command>
<custom_php_deinstall_command>
<![CDATA[
rmdir_recursive("/var/tmp/stunnel");
rmdir_recursive("/usr/local/etc/stunnel*");
+ system("rm /usr/local/etc/rc.d/stunnel.sh");
]]>
</custom_php_deinstall_command>
</packagegui>