def get_push_networks_config(config):
"""
Get list of internal networks to push to VPN clients
"""
internal_zones = get_zones_types()[0]
internal_interfaces = get_zones_interfaces(internal_zones)
networks = []
for interface in netifaces.interfaces():
if interface.startswith(MANAGED_INTERFACE_NAMES):
for internal_interface in internal_interfaces:
if internal_interface[1] == interface:
detail = netifaces.ifaddresses(interface)
addr = detail[netifaces.AF_INET][0]['addr']
netmask = detail[netifaces.AF_INET][0]['netmask']
network = IP(addr).make_net(netmask)
networks.append(
[str(network.net()),
str(network.netmask())])
config.append({
'slug':
'openvpn',
'name':
'push_networks',
'label':
_('Shared networks', 'openvpn'),
'help':
_(
'The list of internal networks that will be accessible to VPN clients.',
'openvpn'),
'type':
'network',
'format':
'long',
'multi':
'yes',
'default':
networks
})
return config
def get_listen_config(config):
"""
Get list of external addresses for openvpn
"""
external_zones = get_zones_types()[1]
external_interfaces = get_zones_interfaces(external_zones)
ifaces = []
for interface in netifaces.interfaces():
if interface.startswith(MANAGED_INTERFACE_NAMES):
for external_interface in external_interfaces:
# tuple of ('zone', 'interface', 'options')
if external_interface[1] == interface:
detail = netifaces.ifaddresses(interface)
addr = detail[netifaces.AF_INET][0]['addr']
ifaces.append({
'name':
'%s (%s)' % (addr, external_interface[0]),
'value':
"%s:%s" % (addr, external_interface[0])
})
config.append({
'slug':
'openvpn',
'name':
'listen',
'require':
'yes',
'label':
_('Listen address', 'openvpn'),
'help':
_(
'The IP address where the VPN server will listen. It must be accessible by your VPN clients.',
'openvpn'),
'type':
'options',
'options':
ifaces
})
return config
from mmc.plugins.shorewall import get_zones, get_zones_types, \
ShorewallPolicies, ShorewallRules
internal_zones = get_zones(get_zones_types()[0])
external_zones = get_zones(get_zones_types()[1])
policies = ShorewallPolicies()
rules = ShorewallRules()
last_policy_idx = len(policies.get_conf()) - 1
# insert VPN policies before the last one
policies.add_line(['vpn', 'fw', 'DROP'], last_policy_idx)
for zone in internal_zones + external_zones:
policies.add_line(['vpn', zone, 'DROP'], last_policy_idx)
policies.add_line([zone, 'vpn', 'DROP'], last_policy_idx)
# duplicate lan -> fw rules to vpn -> fw
for rule in rules.get(srcs=internal_zones, dsts=["fw"]):
# [('ACCEPT', 'lan3', 'fw', 'tcp', '8000')]
rules.add(rule[0], 'vpn', rule[2], rule[3], rule[4])
policies.write()
rules.write()
