vpn on tcp

10da38da · Bob Mottram · 63df10c2 · 10da38da · 10da38da
Commit 10da38da authored 7 years ago by Bob Mottram
--- a/src/freedombone-app-vpn
+++ b/src/freedombone-app-vpn
@@ -122,7 +122,7 @@ function restore_remote_vpn {

 function remove_vpn {
    systemctl stop openvpn
-    apt-get -yq remove --purge fastd openvpn easy-rsa
+    apt-get -yq remove --purge fastd openvpn easy-rsa stunnel4
    if [ -d /etc/openvpn ]; then
        rm -rf /etc/openvpn
    fi
@@ -206,6 +206,9 @@ function create_user_vpn_key {
    sed -i 's|key client.key|;key client.key|g' $user_vpn_cert_file
    sed -i 's|tls-auth ta.key|;tls-auth ta.key|g' $user_vpn_cert_file

+    sed -i 's|;proto tcp|proto tcp|g' $user_vpn_cert_file
+    sed -i 's|proto udp|;proto udp|g' $user_vpn_cert_file
+
    echo '<ca>' >> $user_vpn_cert_file
    cat /etc/openvpn/ca.crt >> $user_vpn_cert_file
    echo '</ca>' >> $user_vpn_cert_file
@@ -239,7 +242,7 @@ function remove_user_vpn {
 }

 function install_vpn {
-    apt-get -yq install fastd openvpn easy-rsa
+    apt-get -yq install fastd openvpn easy-rsa stunnel4

    if [ ! -f /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz ]; then
        echo $'Example openvpn server config not found'
@@ -257,6 +260,9 @@ function install_vpn {
    sed -i 's|;group no.*|group vpn|g' /etc/openvpn/server.conf
    sed -i 's|;max-clients.*|max-clients 2|g' /etc/openvpn/server.conf

+    sed -i 's|;proto tcp|proto tcp|g' /etc/openvpn/server.conf
+    sed -i 's|proto udp|;proto udp|g' /etc/openvpn/server.conf
+
    echo 1 > /proc/sys/net/ipv4/ip_forward
    sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
    sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf

--- a/src/freedombone-utils-firewall
+++ b/src/freedombone-utils-firewall
@@ -111,8 +111,7 @@ function enable_ipv6 {
 }

 function firewall_disable_vpn {
-    iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
-    iptables -D INPUT -p tcp --dport 1194 -j ACCEPT
+    iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
    iptables -D INPUT -i tun+ -j ACCEPT
    iptables -D FORWARD -i tun+ -j ACCEPT
    iptables -D FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
@@ -125,8 +124,7 @@ function firewall_disable_vpn {
 }

 function firewall_enable_vpn {
-    iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
-    iptables -A INPUT -p tcp --dport 1194 -j ACCEPT
+    iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
    iptables -A INPUT -i tun+ -j ACCEPT
    iptables -A FORWARD -i tun+ -j ACCEPT
    iptables -A FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT