#!/usr/local/bin/php-cgi -f . * Copyright (c) 2007-2016 Rubicon Communications, LLC (Netgate) * All rights reserved. * * Originally part of m0n0wall (http://m0n0.ch/wall) * Copyright (c) 2007 Manuel Kasper . * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgment: * "This product includes software developed by the pfSense Project * for use in the pfSense® software distribution. (http://www.pfsense.org/). * * 4. The names "pfSense" and "pfSense Project" must not be used to * endorse or promote products derived from this software without * prior written permission. For written permission, please contact * coreteam@pfsense.org. * * 5. Products derived from this software may not be called "pfSense" * nor may "pfSense" appear in their names without prior written * permission of the Electric Sheep Fencing, LLC. * * 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * * "This product includes software developed by the pfSense Project * for use in the pfSense software distribution (http://www.pfsense.org/). * * THIS SOFTWARE IS PROVIDED BY THE pfSense PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE pfSense PROJECT OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED * OF THE POSSIBILITY OF SUCH DAMAGE. */ /* parse the configuration and include all functions used below */ require_once("util.inc"); require_once("config.inc"); require_once("functions.inc"); require_once("filter.inc"); require_once("gwlb.inc"); require_once("openvpn.inc"); function openvpn_resync_if_needed ($mode, $ovpn_settings, $interface) { global $g, $config; $resync_needed = true; if (isset($ovpn_settings['disable'])) { $resync_needed = false; } else { if (!empty($interface)) { $mode_id = $mode . $ovpn_settings['vpnid']; $fpath = "{$g['varetc_path']}/openvpn/{$mode_id}.interface"; if (file_exists($fpath)) { /* Compare the interface currently used by the VPN with the interface that should be used. If the VPN should stay on the same interface, do not resync */ if (trim(file_get_contents($fpath), " \t\n") == get_failover_interface($ovpn_settings['interface'])) { $resync_needed = false; } } } } if ($resync_needed == true) { log_error("OpenVPN: Resync " . $mode_id . " " . $ovpn_settings['description']); openvpn_resync($mode, $ovpn_settings); } } /* make sure to wait until the boot scripts have finished */ if (file_exists("{$g['varrun_path']}/booting")) { return; } /* Input argument is a comma-separated list of gateway names, blank or "all". */ if (isset($_GET['interface'])) { $argument = $_GET['interface']; } else { $argument = trim($argv[1], " \n"); } if ((is_array($config['openvpn']['openvpn-server']) && count($config['openvpn']['openvpn-server'])) || (is_array($config['openvpn']['openvpn-client']) && count($config['openvpn']['openvpn-client']))) { if (empty($argument) || $argument == "all") { $argument = "all"; $log_text = "all"; } else { $log_text = "endpoints that may use " . $argument; } log_error("OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading " . $log_text . "."); } else { return; } $openvpnlck = try_lock('openvpn', 10); if (!$openvpnlck) { log_error(gettext("Could not obtain openvpn lock for executing rc.openvpn for more than 10 seconds continuing...")); unlock_force('openvpn'); $openvpnlck = lock('openvpn', LOCK_EX); } $arg_array = explode(",", $argument); foreach ($arg_array as $arg_element) { $gwgroups = array(); if ($arg_element == "all") { $interface = ""; } else { // e.g. $arg_element = "WANGW", $interface = "wan" $interface = lookup_gateway_interface_by_name($arg_element); if (empty($interface)) { $interface = $arg_element; } else { // e.g. $arg_element = "WANGW", $gwgroups = array of gateway groups that use "wan" $gwgroups = gateway_is_gwgroup_member($arg_element); } } if (is_array($config['openvpn']['openvpn-server'])) { foreach ($config['openvpn']['openvpn-server'] as &$server) { if ($server['interface'] == $interface || empty($interface) || (!empty($gwgroups) && in_array($server['interface'], $gwgroups))) { openvpn_resync_if_needed('server', $server, $interface); } } } if (is_array($config['openvpn']['openvpn-client'])) { foreach ($config['openvpn']['openvpn-client'] as &$client) { if ($client['interface'] == $interface || empty($interface) || (!empty($gwgroups) && in_array($client['interface'], $gwgroups))) { openvpn_resync_if_needed('client', $client, $interface); } } } } unlock($openvpnlck); ?>