function OpenVPNCLientStart($id){ $unix=new unix(); $sock=new sockets(); $main_path="/etc/artica-postfix/openvpn/clients"; chdir("/root"); $count=0; if(!is_numeric($id)){echo "Starting......: OpenVPN client $id is not numeric (".__LINE__.")\n";return;} if($id==0){echo "Starting......: OpenVPN client $id is not a valid integer (".__LINE__.")\n";return;} if(!is_file("$main_path/$id/settings.ovpn")){ BuildOpenVpnSingleClient($id); if(!is_file("$main_path/$id/settings.ovpn")){ echo "Starting......: OpenVPN client $id, unable to stat $main_path/$id/settings.ovpn (".__LINE__.")\n"; return; } } $pid=vpn_client_pid($id); if($unix->process_exists($pid)){ echo "Starting......: OpenVPN client $id, Already running PID $pid\n"; return; } BuildOpenVpnSingleClient($id); $bridge=OpenVPNCLientIsOnTap($id); if(!$bridge){ $tun=OpenVPNCLientStartGetDev($id); if($tun<>null){ if(!is_file("/dev/net/$tun")){ echo "Starting......: OpenVPN client TUN $id,creating dev \"$tun\"\n"; system($unix->find_program("mknod") ." /dev/net/$tun c 10 200 >/dev/null 2>&1"); system($unix->find_program("chmod"). " 600 /dev/net/$tun >/dev/null 2>&1"); }} }else{ $tap=OpenVPNCLientStartGetTAPDev($id); echo "Starting......: OpenVPN client TAP $id,creating dev \"$tap\"\n"; system("$openvpn --mktun --dev $tap"); } if(is_file("$main_path/$id/auth-user-pass")){ echo "Starting......: OpenVPN client [$id] authentication is enabled...\n"; $EnableAuth=" --auth-user-pass $main_path/$id/auth-user-pass"; } echo "Starting......: OpenVPN client [$id] log file will be $main_path/$id/openvpn-status.log\n"; shell_exec("/bin/chmod -R 600 $main_path/$id"); $cmd="openvpn --askpass $main_path/$id/keypassword$EnableAuth --config $main_path/$id/settings.ovpn --writepid $main_path/$id/pid --daemon --log $main_path/$id/log"; $cmd=$cmd. " --status $main_path/$id/openvpn-status.log 10"; if($GLOBALS["VERBOSE"]){echo "\n\n$cmd\n\n";} shell_exec($cmd); $count=0; $pid=vpn_client_pid($id); for($i=0;$i<7;$i++){ $count++; echo "Starting......: OpenVPN client [$id] (pid=$pid), waiting for pid $i/7\n"; if($unix->process_exists($pid)){break;} if($count>5){echo "Starting......: OpenVPN client $id, time-out\n";break;} $pid=vpn_client_pid($id); if($pid==null){sleep(5);continue;} if($unix->process_exists($id)){break;} sleep(5); } $pid=vpn_client_pid($id); if(!$unix->process_exists($pid)){ echo "Starting......: OpenVPN client $id, failed \"$cmd\"\n"; iptables_delete_client_rules($id); return; } echo "Starting......: OpenVPN client $id, success running pid number $pid\n"; if(!$bridge){ $ethlink=trim(@file_get_contents("$main_path/$id/ethlink")); if(trim($ethlink)==null){ $ethlink=OpenVpnClientGetDefaultethLink(); echo "Starting......: OpenVPN client $id, no ethlink...create a default one for $ethlink\n"; @file_put_contents("$main_path/$id/ethlink",$ethlink); } if($ethlink<>null){ iptables_delete_client_rules($id); BuildIpTablesClient($ethlink,$id); }else{ echo "Starting......: OpenVPN client $id, no ethlink...in $main_path/$id/ethlink\n"; } } BuildClientRoute($id); }
function BuildOpenVpnClients() { chdir("/root"); iptables_delete_client_rules(); $main_path = "/etc/artica-postfix/openvpn/clients"; $sql = "SELECT * FROM vpnclient WHERE connexion_type=2 and enabled=1 ORDER BY ID"; $q = new mysql(); $results = $q->QUERY_SQL($sql, "artica_backup"); if (!$q->ok) { echo "Starting......: OpenVPN client, mysql database error, starting from cache\n"; return null; } @mkdir("/etc/artica-postfix/openvpn/clients", 0666, true); while ($ligne = mysql_fetch_array($results, MYSQL_ASSOC)) { $subpath = "{$main_path}/{$ligne["ID"]}"; @mkdir("{$subpath}", 0666, true); $password = base64_decode($ligne["keypassword"]); if ($password == null) { $password = "******"; } echo "Starting......: OpenVPN client, building configuration for {$ligne["connexion_name"]}\n"; @file_put_contents("{$subpath}/ca.crt", $ligne["ca_bin"]); @file_put_contents("{$subpath}/certificate.crt", $ligne["cert_bin"]); @file_put_contents("{$subpath}/master-key.key", $ligne["key_bin"]); @file_put_contents("{$subpath}/settings.ovpn", $ligne["ovpn"]); @file_put_contents("{$subpath}/ethlink", $ligne["ethlisten"]); @file_put_contents("{$subpath}/keypassword", $password); BuildOpenVpnClients_changeConfig($subpath, "{$ligne["ID"]}"); } }