diff options
author | Othmar Gsenger <otti@anytun.org> | 2008-04-12 11:38:42 +0000 |
---|---|---|
committer | Othmar Gsenger <otti@anytun.org> | 2008-04-12 11:38:42 +0000 |
commit | fffd213c8cba2135afda493d797c41c10354770e (patch) | |
tree | bb5eea1b12871d8c3fed0e687d83be3e504d11b2 /openvpn/contrib | |
parent | svn cleanup (diff) |
big svn cleanup
Diffstat (limited to 'openvpn/contrib')
-rw-r--r-- | openvpn/contrib/README | 2 | ||||
-rw-r--r-- | openvpn/contrib/multilevel-init.patch | 79 | ||||
-rw-r--r-- | openvpn/contrib/openvpn-fwmarkroute-1.00/README | 44 | ||||
-rwxr-xr-x | openvpn/contrib/openvpn-fwmarkroute-1.00/fwmarkroute.down | 22 | ||||
-rwxr-xr-x | openvpn/contrib/openvpn-fwmarkroute-1.00/fwmarkroute.up | 49 | ||||
-rw-r--r-- | openvpn/contrib/pull-resolv-conf/client.down | 76 | ||||
-rw-r--r-- | openvpn/contrib/pull-resolv-conf/client.up | 75 |
7 files changed, 0 insertions, 347 deletions
diff --git a/openvpn/contrib/README b/openvpn/contrib/README deleted file mode 100644 index e1a57d0..0000000 --- a/openvpn/contrib/README +++ /dev/null @@ -1,2 +0,0 @@ -This directory contains scripts and patches contributed -by users. diff --git a/openvpn/contrib/multilevel-init.patch b/openvpn/contrib/multilevel-init.patch deleted file mode 100644 index 8d48fbc..0000000 --- a/openvpn/contrib/multilevel-init.patch +++ /dev/null @@ -1,79 +0,0 @@ ---- /etc/init.d/openvpn 2004-05-12 20:30:06.000000000 +0200 -+++ openvpn 2004-05-12 20:34:33.000000000 +0200 -@@ -58,13 +58,13 @@ - # returning success or failure status to caller (James Yonan). - - # Location of openvpn binary --openvpn="/usr/sbin/openvpn" -+openvpn=/usr/sbin/openvpn - - # Lockfile --lock="/var/lock/subsys/openvpn" -+lock=/var/lock/subsys/openvpn - - # PID directory --piddir="/var/run/openvpn" -+piddir=/var/run/openvpn - - # Our working directory - work=/etc/openvpn -@@ -106,7 +106,7 @@ - - if [ -f $lock ]; then - # we were not shut down correctly -- for pidf in `/bin/ls $piddir/*.pid $piddir/*/*.pid 2>/dev/null`; do -+ for pidf in `find $piddir -name "*.pid" 2>/dev/null`; do - if [ -s $pidf ]; then - kill `cat $pidf` >/dev/null 2>&1 - fi -@@ -116,12 +116,12 @@ - sleep 2 - fi - -- rm -f $piddir/*.pid $piddir/*/*.pid -+ find $piddir -name "*.pid"|xargs rm -f - - # Start every .conf in $work and run .sh if exists - errors=0 - successes=0 -- for c in `/bin/ls *.conf */*.conf 2>/dev/null`; do -+ for c in `find * -name "*.conf" 2>/dev/null`; do - bn=${c%%.conf} - if [ -f "$bn.sh" ]; then - . $bn.sh -@@ -147,7 +147,7 @@ - ;; - stop) - echo -n $"Shutting down openvpn: " -- for pidf in `/bin/ls $piddir/*.pid $piddir/*/*.pid 2>/dev/null`; do -+ for pidf in `find $piddir -name "*.pid" 2>/dev/null`; do - if [ -s $pidf ]; then - kill `cat $pidf` >/dev/null 2>&1 - fi -@@ -163,7 +163,7 @@ - ;; - reload) - if [ -f $lock ]; then -- for pidf in `/bin/ls $piddir/*.pid $piddir/*/*.pid 2>/dev/null`; do -+ for pidf in `find $piddir -name "*.pid" 2>/dev/null`; do - if [ -s $pidf ]; then - kill -HUP `cat $pidf` >/dev/null 2>&1 - fi -@@ -175,7 +175,7 @@ - ;; - reopen) - if [ -f $lock ]; then -- for pidf in `/bin/ls $piddir/*.pid $piddir/*/*.pid 2>/dev/null`; do -+ for pidf in `find $piddir -name "*.pid" 2>/dev/null`; do - if [ -s $pidf ]; then - kill -USR1 `cat $pidf` >/dev/null 2>&1 - fi -@@ -195,7 +195,7 @@ - ;; - status) - if [ -f $lock ]; then -- for pidf in `/bin/ls $piddir/*.pid $piddir/*/*.pid 2>/dev/null`; do -+ for pidf in `find $piddir -name "*.pid" 2>/dev/null`; do - if [ -s $pidf ]; then - kill -USR2 `cat $pidf` >/dev/null 2>&1 - fi diff --git a/openvpn/contrib/openvpn-fwmarkroute-1.00/README b/openvpn/contrib/openvpn-fwmarkroute-1.00/README deleted file mode 100644 index 66fe61a..0000000 --- a/openvpn/contrib/openvpn-fwmarkroute-1.00/README +++ /dev/null @@ -1,44 +0,0 @@ -OpenVPN fwmark Routing -Sean Reifschneider, <jafo@tummy.com> -Thursday November 27, 2003 -========================== - -These scripts can be used with OpenVPN up and down scripts to set up -routing on a Linux system such that the VPN traffic is sent via normal -network connectivity, but other traffic to that network runs over the VPN. -The idea is to allow encryption of data to the network the remote host is -on, without interfering with the VPN traffic. You can't simply add a route -to the remote network, becaues that will cause the VPN traffic to also try -to run over the VPN, and breaks the VPN. - -These scripts use the Linux "fwmark" iptables rules to specify routing -based not only on IP address, but also by port and protocol. This allows -you to effectively say "if the packet is to this IP address on this port -using this protocol, then use the normal default gateway, otherwise use the -VPN gateway. - -This is set up on the client VPN system, not the VPN server. These scripts -also set up all ICMP echo-responses to run across the VPN. You can -comment the lines in the scripts to disable this, but I find this useful -at coffee shops which have networks that block ICMP. - -To configure this, you need to set up these scripts as your up and down -scripts in the config file. You will need to set these values in the -config file: - - up /etc/openvpn/fwmarkroute.up - down /etc/openvpn/fwmarkroute.down - up-restart - up-delay - - setenv remote_netmask_bits 24 - -Note: For this to work, you can't set the "user" or "group" config options, -because then the scripts will not run as root. - -The last setting allows you to control the size of the network the remote -system is on. The remote end has to be set up to route, probably with -masquerading or NAT. The network this netmask relates to is calculated -using the value of "remote" in the conf file. - -Sean diff --git a/openvpn/contrib/openvpn-fwmarkroute-1.00/fwmarkroute.down b/openvpn/contrib/openvpn-fwmarkroute-1.00/fwmarkroute.down deleted file mode 100755 index 87d67d4..0000000 --- a/openvpn/contrib/openvpn-fwmarkroute-1.00/fwmarkroute.down +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh -# -# Bring down vpn routing. - -# calculate the network address -remote_network=`ipcalc -n "$remote"/"$remote_netmask_bits"` -remote_network="${remote_network#*=}" - -# clear routing via VPN -ip route del "$remote_network"/"$remote_netmask_bits" via "$5" table vpn.out -ip route del table vpnonly.out via "$5" -iptables -D OUTPUT -t mangle -p "$proto" \ - -d "$remote_network"/"$remote_netmask_bits" \ - --dport "$remote_port" -j ACCEPT -iptables -D OUTPUT -t mangle -d "$remote" -j MARK --set-mark 2 - -# undo the ICMP ping tunneling -iptables -D OUTPUT -t mangle --protocol icmp --icmp-type echo-request \ - -j MARK --set-mark 3 - -# flush route cache -ip route flush cache diff --git a/openvpn/contrib/openvpn-fwmarkroute-1.00/fwmarkroute.up b/openvpn/contrib/openvpn-fwmarkroute-1.00/fwmarkroute.up deleted file mode 100755 index 661ec31..0000000 --- a/openvpn/contrib/openvpn-fwmarkroute-1.00/fwmarkroute.up +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh -# -# Bring up vpn routing. - -# calculate the network address -remote_network=`ipcalc -n "$remote"/"$remote_netmask_bits"` -remote_network="${remote_network#*=}" - -# add the stuff that doesn't change if it's not already there -grep -q '^202 ' /etc/iproute2/rt_tables -if [ "$?" -ne 0 ] -then - echo 202 vpn.out >> /etc/iproute2/rt_tables -fi -grep -q '^203 ' /etc/iproute2/rt_tables -if [ "$?" -ne 0 ] -then - echo 203 vpnonly.out >> /etc/iproute2/rt_tables -fi -ip rule ls | grep -q 'lookup vpn.out *$' -if [ "$?" -ne 0 ] -then - ip rule add fwmark 2 table vpn.out -fi -ip rule ls | grep -q 'lookup vpnonly.out *$' -if [ "$?" -ne 0 ] -then - ip rule add fwmark 3 table vpnonly.out -fi - -# route VPN traffic using the normal table -iptables -A OUTPUT -t mangle -p "$proto" -d "$remote" --dport "$remote_port" \ - -j ACCEPT - -# route all other traffic to that host via VPN -iptables -A OUTPUT -t mangle -d "$remote_network"/"$remote_netmask_bits" \ - -j MARK --set-mark 2 - -# route all ICMP pings over the VPN -iptables -A OUTPUT -t mangle --protocol icmp --icmp-type echo-request \ - -j MARK --set-mark 3 - -# NAT traffic going over the VPN, so it doesn't have an unknown address -iptables -t nat -A POSTROUTING -o "$1" -j SNAT --to-source "$4" - -# add routing commands -ip route add "$remote_network"/"$remote_netmask_bits" via "$5" table vpn.out -ip route add table vpnonly.out via "$5" -ip route flush cache diff --git a/openvpn/contrib/pull-resolv-conf/client.down b/openvpn/contrib/pull-resolv-conf/client.down deleted file mode 100644 index d51472f..0000000 --- a/openvpn/contrib/pull-resolv-conf/client.down +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -# Copyright (c) 2005 by OpenVPN Solutions LLC -# Licensed under the GPL version 2 - -# First version by Jesse Adelman -# someone at boldandbusted dink com -# http://www.boldandbusted.com/ - -# PURPOSE: This script automatically removes the /etc/resolv.conf entries previously -# set by the companion script "client.up". - -# INSTALL NOTES: -# Place this in /etc/openvpn/client.down -# Then, add the following to your /etc/openvpn/<clientconfig>.conf: -# client -# pull dhcp-options -# up /etc/openvpn/client.up -# down /etc/openvpn/client.down -# Next, "chmod a+x /etc/openvpn/client.down" - -# USAGE NOTES: -# Note that this script is best served with the companion "client.up" -# script. - -# Only tested on Gentoo Linux 2005.0 with OpenVPN 2.0 -# It should work with any GNU/Linux with /etc/resolv.conf - -# This runs with the context of the OpenVPN UID/GID -# at the time of execution. This generally means that -# the client "up" script will run fine, but the "down" script -# will require the use of the OpenVPN "down-root" plugin -# which is in the plugins/ directory of the OpenVPN source tree - -# A horrid work around, from a security perspective, -# is to run OpenVPN as root. THIS IS NOT RECOMMENDED. You have -# been WARNED. - -# init variables - -i=1 -j=1 -unset fopt -unset dns -unset opt - -# Convert ENVs to an array - -while fopt=foreign_option_$i; [ -n "${!fopt}" ]; do -{ - opt[i-1]=${!fopt} - case ${opt[i-1]} in - *DOMAIN* ) domain=`echo ${opt[i-1]} | \ - sed -e 's/dhcp-option DOMAIN //g'` ;; - *DNS* ) dns[j-1]=`echo ${opt[i-1]} | \ - sed -e 's/dhcp-option DNS //g'` - let j++ ;; - esac - let i++ -} -done - -# Now, do the work - -if [ -n "${dns[*]}" ]; then - for i in "${dns[@]}"; do - sed -i -e "/nameserver ${i}/D" /etc/resolv.conf || die - done -fi - -if [ -n "${domain}" ]; then - sed -i -e "/search ${domain}/D" /etc/resolv.conf || die -fi - -# all done... -exit 0 diff --git a/openvpn/contrib/pull-resolv-conf/client.up b/openvpn/contrib/pull-resolv-conf/client.up deleted file mode 100644 index 48b1a39..0000000 --- a/openvpn/contrib/pull-resolv-conf/client.up +++ /dev/null @@ -1,75 +0,0 @@ -#!/bin/bash - -# Copyright (c) 2005 by OpenVPN Solutions LLC -# Licensed under the GPL version 2 - -# First version by Jesse Adelman -# someone at boldandbusted dink com -# http://www.boldandbusted.com/ - -# PURPOSE: This script automatically sets the proper /etc/resolv.conf entries -# as pulled down from an OpenVPN server. - -# INSTALL NOTES: -# Place this in /etc/openvpn/client.up -# Then, add the following to your /etc/openvpn/<clientconfig>.conf: -# client -# pull dhcp-options -# up /etc/openvpn/client.up -# Next, "chmod a+x /etc/openvpn/client.up" - -# USAGE NOTES: -# Note that this script is best served with the companion "client.down" -# script. - -# Only tested on Gentoo Linux 2005.0 with OpenVPN 2.0 -# It should work with any GNU/Linux with /etc/resolv.conf - -# This runs with the context of the OpenVPN UID/GID -# at the time of execution. This generally means that -# the client "up" script will run fine, but the "down" script -# will require the use of the OpenVPN "down-root" plugin -# which is in the plugins/ directory of the OpenVPN source tree - -# A horrid work around, from a security perspective, -# is to run OpenVPN as root. THIS IS NOT RECOMMENDED. You have -# been WARNED. - -# init variables - -i=1 -j=1 -unset fopt -unset dns -unset opt - -# Convert ENVs to an array - -while fopt=foreign_option_$i; [ -n "${!fopt}" ]; do -{ - opt[i-1]=${!fopt} - case ${opt[i-1]} in - *DOMAIN* ) domain=`echo ${opt[i-1]} | \ - sed -e 's/dhcp-option DOMAIN //g'` ;; - *DNS* ) dns[j-1]=`echo ${opt[i-1]} | \ - sed -e 's/dhcp-option DNS //g'` - let j++ ;; - esac - let i++ -} -done - -# Now, do the work - -if [ -n "${dns[*]}" ]; then - for i in "${dns[@]}"; do - sed -i -e "1,1 i nameserver ${i}" /etc/resolv.conf || die - done -fi - -if [ -n "${domain}" ]; then - sed -i -e "$j,1 i search ${domain}" /etc/resolv.conf || die -fi - -# all done... -exit 0 |