From 10da38da0cfea60b14d14e393e07e7484d5bb53c Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Tue, 26 Sep 2017 15:51:43 +0100
Subject: [PATCH] vpn on tcp

---
 src/freedombone-app-vpn        | 10 ++++++++--
 src/freedombone-utils-firewall |  6 ++----
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/src/freedombone-app-vpn b/src/freedombone-app-vpn
index 7f7af5adf..7e1ec4dcf 100755
--- a/src/freedombone-app-vpn
+++ b/src/freedombone-app-vpn
@@ -122,7 +122,7 @@ function restore_remote_vpn {
 
 function remove_vpn {
     systemctl stop openvpn
-    apt-get -yq remove --purge fastd openvpn easy-rsa
+    apt-get -yq remove --purge fastd openvpn easy-rsa stunnel4
     if [ -d /etc/openvpn ]; then
         rm -rf /etc/openvpn
     fi
@@ -206,6 +206,9 @@ function create_user_vpn_key {
     sed -i 's|key client.key|;key client.key|g' $user_vpn_cert_file
     sed -i 's|tls-auth ta.key|;tls-auth ta.key|g' $user_vpn_cert_file
 
+    sed -i 's|;proto tcp|proto tcp|g' $user_vpn_cert_file
+    sed -i 's|proto udp|;proto udp|g' $user_vpn_cert_file
+
     echo '<ca>' >> $user_vpn_cert_file
     cat /etc/openvpn/ca.crt >> $user_vpn_cert_file
     echo '</ca>' >> $user_vpn_cert_file
@@ -239,7 +242,7 @@ function remove_user_vpn {
 }
 
 function install_vpn {
-    apt-get -yq install fastd openvpn easy-rsa
+    apt-get -yq install fastd openvpn easy-rsa stunnel4
 
     if [ ! -f /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz ]; then
         echo $'Example openvpn server config not found'
@@ -257,6 +260,9 @@ function install_vpn {
     sed -i 's|;group no.*|group vpn|g' /etc/openvpn/server.conf
     sed -i 's|;max-clients.*|max-clients 2|g' /etc/openvpn/server.conf
 
+    sed -i 's|;proto tcp|proto tcp|g' /etc/openvpn/server.conf
+    sed -i 's|proto udp|;proto udp|g' /etc/openvpn/server.conf
+
     echo 1 > /proc/sys/net/ipv4/ip_forward
     sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
     sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall
index fa839d696..785ea7feb 100755
--- a/src/freedombone-utils-firewall
+++ b/src/freedombone-utils-firewall
@@ -111,8 +111,7 @@ function enable_ipv6 {
 }
 
 function firewall_disable_vpn {
-    iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
-    iptables -D INPUT -p tcp --dport 1194 -j ACCEPT
+    iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
     iptables -D INPUT -i tun+ -j ACCEPT
     iptables -D FORWARD -i tun+ -j ACCEPT
     iptables -D FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
@@ -125,8 +124,7 @@ function firewall_disable_vpn {
 }
 
 function firewall_enable_vpn {
-    iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
-    iptables -A INPUT -p tcp --dport 1194 -j ACCEPT
+    iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
     iptables -A INPUT -i tun+ -j ACCEPT
     iptables -A FORWARD -i tun+ -j ACCEPT
     iptables -A FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
-- 
GitLab