From c11007c6618df6a0dca523c7a4544c0f8c74db9f Mon Sep 17 00:00:00 2001 From: Eirik Oeverby Date: Sun, 8 Mar 2009 21:34:50 +0100 Subject: Create necessary directories, add 'local =' parameter Ensures stunnel can actually be used after installation. Add optional 'local =' parameter to a tunnel, to force binding to a particular IP for outgoing connections. Useful for transport mode IPSec, or with VPNs in general. Known issues: After (re)install, list of tunnels must be saved once to produce proper config file. Not sure why this isn't happening automagically. --- config/stunnel.xml | 47 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 34 insertions(+), 13 deletions(-) diff --git a/config/stunnel.xml b/config/stunnel.xml index 85e43081..d2f0dd3a 100644 --- a/config/stunnel.xml +++ b/config/stunnel.xml @@ -111,6 +111,13 @@ Enter the port to redirect to. input + + Outgoing source IP + sourceip + Enter the source IP address for outgoing connections. + input + + stunnel @@ -128,6 +135,7 @@ fwrite($fout, "setgid = stunnel \n"); foreach($config['installedpackages']['stunnel']['config'] as $pkgconfig) { fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n"); + if($pkgconfig['sourceip']) fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); fwrite($fout, "accept = " . $pkgconfig['localip'] . ":" . $pkgconfig['localport'] . "\n"); fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n"); fwrite($fout, "TIMEOUTclose = 0\n\n"); @@ -135,7 +143,7 @@ fclose($fout); conf_mount_ro(); config_unlock(); - system("/usr/bin/killall stunnel 2>/dev/null"); + system("/usr/local/etc/rc.d/stunnel.sh stop 2>/dev/null"); system("/usr/local/etc/rc.d/stunnel.sh start 2>/dev/null"); ]]> @@ -144,25 +152,38 @@ safe_mkdir("/usr/local/etc/stunnel"); system("/usr/bin/openssl req -new -x509 -days 365 -nodes -out /usr/local/etc/stunnel/stunnel.pem -keyout /usr/local/etc/stunnel/stunnel.pem 2>/dev/null"); chmod("/usr/local/etc/stunnel/stunnel.pem", 600); - system("/bin/mkdir /var/tmp/stunnel"); - system("/bin/mkdir /var/tmp/stunnel/var"); - system("/bin/mkdir /var/tmp/stunnel/var/tmp"); + system("/bin/mkdir -p /var/tmp/stunnel/var/tmp/run/stunnel"); system("/usr/sbin/chown -R stunnel:stunnel /var/tmp/stunnel"); - chmod("/var/tmp/stunnel/var/tmp/", 1777); - $fout = fopen("/usr/local/etc/rc.d/stunnel.sh","w"); - system("/usr/sbin/chown -R stunnel:stunnel /var/tmp/stunnel/var/stunnel"); - fwrite($fout, "#!/bin/sh\n"); - fwrite($fout, "# PACKAGE: STunnel\n"); - fwrite($fout, "# EXECUTABLE: stunnel\n"); - fwrite($fout, "/usr/local/sbin/stunnel /usr/local/etc/stunnel/stunnel.conf\n\n"); - fclose($fout); - chmod("/usr/local/etc/rc.d/stunnel.sh", 0555); + $_rcfile['file']='stunnel.sh'; + $_rcfile['start'].="/usr/local/bin/stunnel /usr/local/etc/stunnel/stunnel.conf \n\t"; + $_rcfile['stop'].="killall stunnel \n\t"; + write_rcfile($_rcfile); + system("rm /usr/local/etc/rc.d/stunnel"); + + conf_mount_rw(); + config_lock(); + $fout = fopen("/usr/local/etc/stunnel/stunnel.conf","w"); + fwrite($fout, "cert = /usr/local/etc/stunnel/stunnel.pem \n"); + fwrite($fout, "chroot = /var/tmp/stunnel \n"); + fwrite($fout, "setuid = stunnel \n"); + fwrite($fout, "setgid = stunnel \n"); + foreach($config['installedpackages']['stunnel']['config'] as $pkgconfig) { + fwrite($fout, "\n[" . $pkgconfig['description'] . "]\n"); + if($pkgconfig['sourceip']) fwrite($fout, "local = " . $pkgconfig['sourceip'] . "\n"); + fwrite($fout, "accept = " . $pkgconfig['localip'] . ":" . $pkgconfig['localport'] . "\n"); + fwrite($fout, "connect = " . $pkgconfig['redirectip'] . ":" . $pkgconfig['redirectport'] . "\n"); + fwrite($fout, "TIMEOUTclose = 0\n\n"); + } + fclose($fout); + conf_mount_ro(); + config_unlock(); ]]> -- cgit v1.2.3