From 43c6406e2faecb279eda2fb451ab4c578ceae703 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Tue, 26 Sep 2017 16:31:51 +0100
Subject: [PATCH] Use firewall function for vpn

---
 src/freedombone-app-vpn        | 1 +
 src/freedombone-utils-firewall | 8 ++------
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/src/freedombone-app-vpn b/src/freedombone-app-vpn
index 7e1ec4dcf..c2715a2a4 100755
--- a/src/freedombone-app-vpn
+++ b/src/freedombone-app-vpn
@@ -11,6 +11,7 @@
 # VPN functions
 # https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-debian-8
 # https://jamielinux.com/blog/force-all-network-traffic-through-openvpn-using-iptables/
+# http://www.farrellf.com/projects/software/2016-05-04_Running_a_VPN_Server_with_OpenVPN_and_Stunnel/index_.php
 #
 # License
 # =======
diff --git a/src/freedombone-utils-firewall b/src/freedombone-utils-firewall
index 785ea7feb..f9b02827d 100755
--- a/src/freedombone-utils-firewall
+++ b/src/freedombone-utils-firewall
@@ -111,6 +111,7 @@ function enable_ipv6 {
 }
 
 function firewall_disable_vpn {
+    firewall_remove VPN 1194
     iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
     iptables -D INPUT -i tun+ -j ACCEPT
     iptables -D FORWARD -i tun+ -j ACCEPT
@@ -119,11 +120,10 @@ function firewall_disable_vpn {
     iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
     iptables -D OUTPUT -o tun+ -j ACCEPT
     save_firewall_settings
-
-    sed -i '/VPN=/d' $FIREWALL_CONFIG
 }
 
 function firewall_enable_vpn {
+    firewall_add VPN 1194 tcp
     iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
     iptables -A INPUT -i tun+ -j ACCEPT
     iptables -A FORWARD -i tun+ -j ACCEPT
@@ -132,10 +132,6 @@ function firewall_enable_vpn {
     iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${FIREWALL_EIFACE} -j MASQUERADE
     iptables -A OUTPUT -o tun+ -j ACCEPT
     save_firewall_settings
-
-    if ! grep -q "VPN=" $FIREWALL_CONFIG; then
-        echo "VPN=1194" >> $FIREWALL_CONFIG
-    fi
 }
 
 function configure_firewall {
-- 
GitLab