#!/usr/local/bin/php-cgi -f . * Copyright (c) 2007-2016 Rubicon Communications, LLC (Netgate) * All rights reserved. * * Originally part of m0n0wall (http://m0n0.ch/wall) * Copyright (c) 2007 Manuel Kasper . * All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /* parse the configuration and include all functions used below */ require_once("util.inc"); require_once("config.inc"); require_once("functions.inc"); require_once("filter.inc"); require_once("gwlb.inc"); require_once("openvpn.inc"); function openvpn_resync_if_needed ($mode, $ovpn_settings, $interface) { global $g, $config; $resync_needed = true; if (isset($ovpn_settings['disable'])) { $resync_needed = false; } else { if (!empty($interface)) { $mode_id = $mode . $ovpn_settings['vpnid']; $fpath = "{$g['varetc_path']}/openvpn/{$mode_id}.interface"; if (file_exists($fpath)) { /* Compare the interface currently used by the VPN with the interface that should be used. If the VPN should stay on the same interface, do not resync */ if (trim(file_get_contents($fpath), " \t\n") == get_failover_interface($ovpn_settings['interface'])) { $resync_needed = false; } } } } if ($resync_needed == true) { log_error("OpenVPN: Resync " . $mode_id . " " . $ovpn_settings['description']); openvpn_resync($mode, $ovpn_settings); } } /* make sure to wait until the boot scripts have finished */ if (file_exists("{$g['varrun_path']}/booting")) { return; } /* Input argument is a comma-separated list of gateway names, blank or "all". */ if (isset($_GET['interface'])) { $argument = $_GET['interface']; } else { $argument = trim($argv[1], " \n"); } if ((is_array($config['openvpn']['openvpn-server']) && count($config['openvpn']['openvpn-server'])) || (is_array($config['openvpn']['openvpn-client']) && count($config['openvpn']['openvpn-client']))) { if (empty($argument) || $argument == "all") { $argument = "all"; $log_text = "all"; } else { $log_text = "endpoints that may use " . $argument; } log_error("OpenVPN: One or more OpenVPN tunnel endpoints may have changed its IP. Reloading " . $log_text . "."); } else { return; } $openvpnlck = try_lock('openvpn', 10); if (!$openvpnlck) { log_error(gettext("Could not obtain openvpn lock for executing rc.openvpn for more than 10 seconds continuing...")); unlock_force('openvpn'); $openvpnlck = lock('openvpn', LOCK_EX); } $arg_array = explode(",", $argument); foreach ($arg_array as $arg_element) { $gwgroups = array(); if ($arg_element == "all") { $interface = ""; } else { // e.g. $arg_element = "WANGW", $interface = "wan" $interface = lookup_gateway_interface_by_name($arg_element); if (empty($interface)) { $interface = $arg_element; } else { // e.g. $arg_element = "WANGW", $gwgroups = array of gateway groups that use "wan" $gwgroups = gateway_is_gwgroup_member($arg_element); } } if (is_array($config['openvpn']['openvpn-server'])) { foreach ($config['openvpn']['openvpn-server'] as &$server) { if ($server['interface'] == $interface || empty($interface) || (!empty($gwgroups) && in_array($server['interface'], $gwgroups))) { openvpn_resync_if_needed('server', $server, $interface); } } } if (is_array($config['openvpn']['openvpn-client'])) { foreach ($config['openvpn']['openvpn-client'] as &$client) { if ($client['interface'] == $interface || empty($interface) || (!empty($gwgroups) && in_array($client['interface'], $gwgroups))) { openvpn_resync_if_needed('client', $client, $interface); } } } } unlock($openvpnlck); ?>