use SURFnet\VPN\Server\InstanceConfig; use SURFnet\VPN\Common\FileIO; use SURFnet\VPN\Common\CliParser; try { $p = new CliParser('Generate firewall rules for all instances', ['install' => ['install the firewall', false, false]]); $opt = $p->parse($argv); if ($opt->e('help')) { echo $p->help(); exit(0); } // detect all instances $configList = []; $configDir = sprintf('%s/config', dirname(__DIR__)); foreach (glob(sprintf('%s/*', $configDir), GLOB_ONLYDIR | GLOB_ERR) as $instanceDir) { $instanceId = basename($instanceDir); $configList[$instanceId] = InstanceConfig::fromFile(sprintf('%s/%s/config.yaml', $configDir, $instanceId)); } $firewall = Firewall::getFirewall4($configList); $firewall6 = Firewall::getFirewall6($configList); if ($opt->e('install')) { FileIO::writeFile('/etc/sysconfig/iptables', $firewall, 0600); FileIO::writeFile('/etc/sysconfig/ip6tables', $firewall6, 0600); } else { echo '##########################################' . PHP_EOL; echo '# IPv4' . PHP_EOL; echo '##########################################' . PHP_EOL; echo $firewall; echo '##########################################' . PHP_EOL; echo '# IPv6' . PHP_EOL; echo '##########################################' . PHP_EOL; echo $firewall6;
* * IPv6: * The IPv6 address is generated according to RFC 4193 (Global ID), it results * in a /60 network. */ try { $p = new CliParser('Automatically generate an IP address and basic config for a pool', ['instance' => ['the instance to target, e.g. vpn.example', true, true], 'pool' => ['the pool to target, e.g. internet', true, true], 'host' => ['the hostname clients connect to', true, true], 'ext' => ['the external interface, e.g. eth0', true, true]]); $opt = $p->parse($argv); if ($opt->e('help')) { echo $p->help(); exit(0); } $v4 = sprintf('10.%s.%s.0/24', hexdec(bin2hex(random_bytes(1))), hexdec(bin2hex(random_bytes(1)))); $v6 = sprintf('fd%s:%s:%s:%s::/60', bin2hex(random_bytes(1)), bin2hex(random_bytes(2)), bin2hex(random_bytes(2)), bin2hex(random_bytes(2) & hex2bin('fff0'))); echo sprintf('IPv4 CIDR : %s', $v4) . PHP_EOL; echo sprintf('IPv6 prefix: %s', $v6) . PHP_EOL; $configFile = sprintf('%s/config/%s/config.yaml', dirname(__DIR__), $opt->v('instance')); $instanceConfig = InstanceConfig::fromFile($configFile); $poolConfig = new PoolConfig($instanceConfig->v('vpnPools', $opt->v('pool'))); $instanceConfigData = $instanceConfig->v(); $poolConfigData = $poolConfig->v(); $poolConfigData['range'] = $v4; $poolConfigData['range6'] = $v6; $poolConfigData['hostName'] = $opt->v('host'); $poolConfigData['extIf'] = $opt->v('ext'); $instanceConfigData['vpnPools'][$opt->v('pool')] = $poolConfigData; InstanceConfig::toFile($configFile, $instanceConfigData); } catch (Exception $e) { echo sprintf('ERROR: %s', $e->getMessage()) . PHP_EOL; exit(1); }
use SURFnet\VPN\Server\Api\OpenVpnModule; use SURFnet\VPN\Common\Http\Service; use SURFnet\VPN\Server\Api\Users; use SURFnet\VPN\Server\Api\UsersModule; use SURFnet\VPN\Server\InstanceConfig; use SURFnet\VPN\Common\Logger; use SURFnet\VPN\Server\OpenVpn\ManagementSocket; use SURFnet\VPN\Server\OpenVpn\ServerManager; $logger = new Logger('vpn-server-api'); try { // this is provided by Apache, using CanonicalName $request = new Request($_SERVER, $_GET, $_POST); $instanceId = $request->getServerName(); $dataDir = sprintf('%s/data/%s', dirname(__DIR__), $instanceId); $configDir = sprintf('%s/config/%s', dirname(__DIR__), $instanceId); $config = InstanceConfig::fromFile(sprintf('%s/config.yaml', $configDir)); $service = new Service(); $basicAuthentication = new BasicAuthenticationHook($config->v('apiConsumers'), 'vpn-server-api'); $service->addBeforeHook('auth', $basicAuthentication); $service->addModule(new LogModule($dataDir)); $service->addModule(new OpenVpnModule(new ServerManager($config, new ManagementSocket(), $logger))); $service->addModule(new CommonNamesModule(new CommonNames(sprintf('%s/common_names', $dataDir)), $logger)); $service->addModule(new UsersModule(new Users(sprintf('%s/users', $dataDir)), $logger)); $groupProviders = []; if ($config->e('groupProviders')) { foreach (array_keys($config->v('groupProviders')) as $groupProviderId) { $groupProviderClass = sprintf('SURFnet\\VPN\\Server\\GroupProvider\\%s', $groupProviderId); $groupProviders[] = new $groupProviderClass($dataDir, $config); } } $service->addModule(new GroupsModule($groupProviders, $logger));