def get_push_networks_config(config): """ Get list of internal networks to push to VPN clients """ internal_zones = get_zones_types()[0] internal_interfaces = get_zones_interfaces(internal_zones) networks = [] for interface in netifaces.interfaces(): if interface.startswith(MANAGED_INTERFACE_NAMES): for internal_interface in internal_interfaces: if internal_interface[1] == interface: detail = netifaces.ifaddresses(interface) addr = detail[netifaces.AF_INET][0]['addr'] netmask = detail[netifaces.AF_INET][0]['netmask'] network = IP(addr).make_net(netmask) networks.append( [str(network.net()), str(network.netmask())]) config.append({ 'slug': 'openvpn', 'name': 'push_networks', 'label': _('Shared networks', 'openvpn'), 'help': _( 'The list of internal networks that will be accessible to VPN clients.', 'openvpn'), 'type': 'network', 'format': 'long', 'multi': 'yes', 'default': networks }) return config
def get_listen_config(config): """ Get list of external addresses for openvpn """ external_zones = get_zones_types()[1] external_interfaces = get_zones_interfaces(external_zones) ifaces = [] for interface in netifaces.interfaces(): if interface.startswith(MANAGED_INTERFACE_NAMES): for external_interface in external_interfaces: # tuple of ('zone', 'interface', 'options') if external_interface[1] == interface: detail = netifaces.ifaddresses(interface) addr = detail[netifaces.AF_INET][0]['addr'] ifaces.append({ 'name': '%s (%s)' % (addr, external_interface[0]), 'value': "%s:%s" % (addr, external_interface[0]) }) config.append({ 'slug': 'openvpn', 'name': 'listen', 'require': 'yes', 'label': _('Listen address', 'openvpn'), 'help': _( 'The IP address where the VPN server will listen. It must be accessible by your VPN clients.', 'openvpn'), 'type': 'options', 'options': ifaces }) return config
from mmc.plugins.shorewall import get_zones, get_zones_types, \ ShorewallPolicies, ShorewallRules internal_zones = get_zones(get_zones_types()[0]) external_zones = get_zones(get_zones_types()[1]) policies = ShorewallPolicies() rules = ShorewallRules() last_policy_idx = len(policies.get_conf()) - 1 # insert VPN policies before the last one policies.add_line(['vpn', 'fw', 'DROP'], last_policy_idx) for zone in internal_zones + external_zones: policies.add_line(['vpn', zone, 'DROP'], last_policy_idx) policies.add_line([zone, 'vpn', 'DROP'], last_policy_idx) # duplicate lan -> fw rules to vpn -> fw for rule in rules.get(srcs=internal_zones, dsts=["fw"]): # [('ACCEPT', 'lan3', 'fw', 'tcp', '8000')] rules.add(rule[0], 'vpn', rule[2], rule[3], rule[4]) policies.write() rules.write()