From patchwork Wed Sep 16 06:56:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristof Provost via Openvpn-devel X-Patchwork-Id: 1458 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.27.255.55]) by backend30.mail.ord1d.rsapps.net with LMTP id 8NYKGglMYl8hOAAAIUCqbw (envelope-from ) for ; Wed, 16 Sep 2020 13:31:53 -0400 Received: from proxy3.mail.iad3a.rsapps.net ([172.27.255.55]) by director9.mail.ord1d.rsapps.net with LMTP id qFr3GQlMYl+4QQAAalYnBA (envelope-from ) for ; Wed, 16 Sep 2020 13:31:53 -0400 Received: from smtp20.gate.iad3a ([172.27.255.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy3.mail.iad3a.rsapps.net with LMTPS id gODwEglMYl93DwAAYaqY3Q (envelope-from ) for ; Wed, 16 Sep 2020 13:31:53 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp20.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=pass header.d=lists.sourceforge.net; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=venturus.org.br; dmarc=pass (p=none; dis=none) header.from=lists.sourceforge.net X-Suspicious-Flag: NO X-Classification-ID: 81987ef4-f842-11ea-98b0-525400aab2f3-1-1 Received: from [216.105.38.7] ([216.105.38.7:59274] helo=lists.sourceforge.net) by smtp20.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id D6/4F-31093-70C426F5; Wed, 16 Sep 2020 13:31:52 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Type:Reply-To:From:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject: MIME-Version:Message-ID:Date:To:Sender:Cc:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Owner; bh=SObad6QST2cDNqjsdowQGg9h63qVp1vvZKASKHHfC2g=; b=GzmXN3mtQiifTlGjwtcgIF4GZW fr3J2O/N0b/lIMODfr4EgOC3l4k13w5WsnMiNJR9KBkcL2TSSHyAu8t3BpoIH6GpwjjbXhGtiYVv0 cxkLBS3gtZV6u5Q8NK/FPVto/DrV26CPFCkCqqcjglclVX8d4anH3cTIFtDSzp/GnDrk=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1kIbGo-0007dd-AK; Wed, 16 Sep 2020 17:31:02 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kIbGm-0007dA-S9 for openvpn-devel@lists.sourceforge.net; Wed, 16 Sep 2020 17:31:01 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=MIME-Version:Content-Type:Message-ID:Date:Subject: To:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=OGvDrFn6EC90efOPAfNnESEjqjh0o4SILWjkSeS99XA=; b=JyDS3blDjt/rET4wr/4sh4lVM9 0YWFubhCjLdwSIh2wcHu3xO4aqdTHyeAgdKCAbR4XfwO62aBOQ7E35dQGjJk3UveaczGu5qUzdMXF Z9BZtbJq3eMXYjSDlk8VzhhGUVPcHa1kvT/KdSYEBHf6P50e0tHpf3d9aNf45uAEe2kI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=MIME-Version:Content-Type:Message-ID:Date:Subject:To:From:Sender:Reply-To :Cc:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=OGvDrFn6EC90efOPAfNnESEjqjh0o4SILWjkSeS99XA=; b=E dRQO7OV+T62aafKR2iv3j9fUcGX4U3/LEuPZzsUNRpl7DWCJ5j8lqWV6P2NhMNFmDaW/aaK6x4BeJ lZQZeoVAVSh3vu3935STW3so3QLLujmIK0963AfKcvIpt1FIT/AB5YU+3nBUIQkMFIPS0daDGEPBu W5vmmWTfvbC6zn5c=; Received: from mail-eopbgr790131.outbound.protection.outlook.com ([40.107.79.131] helo=NAM03-CO1-obe.outbound.protection.outlook.com) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1kIbGd-00BgCG-Tp for openvpn-devel@lists.sourceforge.net; Wed, 16 Sep 2020 17:31:00 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YL1zvcUnL1LBOAvNh5VEfvAykjNlsbOynuYsbhh2zrhBVGrDOKITn3LtJTmXrIQK2TVyr6Tf/URoscqJgE1BJCS0lvkPonZSq381M2H9PhmQQkg9NM74fK4HGQqPhyH8SbnJbX7kDHB2hh/uQy0GZ0ShH/SKkGf6DvV9tEyRafbDG059k7gcs8LrhEyr8KuR7bMmkIHspVXPfDW+IdlAltG8UqJwsuCNTaHZfI3hv6O7m4huUljcWpU6axLGT2aedIfyOUywclG7EWrLZkf7meO0fP7xMNnl4o0gbxNjOMSTcb7BDWDuRSJtdzNxUCqBii/1Wb0ZB/tVo83vcduYow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OGvDrFn6EC90efOPAfNnESEjqjh0o4SILWjkSeS99XA=; b=kxlMMcaDlIdxbcPteVIELfBhrdh3zjeqruT4xrGncw0l6pfcymz00TYxGyhpBZncQUrvY1wlG0gSC6dIHDPxu4cZDgzsvIP9nIV3zx7QJseTpHKWIzL7rzp/ilWyhJyT2aTUEvoxcOorF5KtYoOukfoEDdvT4xQFLViEx4iX2V/r56W8i2ZtNZBd8Pr3tRARzOFdsw8WeSzsKEbfF+CmGh0fneJ5GtGkV+fiiWRajjrdmYgTO1dQuq2GbTzzTpAQLW+hEjwsOxSrXj16dDeGAEBNsMf7lWPm8G9lir5lRfJK4YS3VJCGYtn7VoXcybkl4Sd1ptC8rTs6Pbj3AM1oRQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=venturus.org.br; dmarc=pass action=none header.from=venturus.org.br; dkim=pass header.d=venturus.org.br; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=venturus.org.br; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OGvDrFn6EC90efOPAfNnESEjqjh0o4SILWjkSeS99XA=; b=PEO0eXzXB5y6GONU/eaAIdvriKaYvsvyyR2yss0hoK5ibn9FPiXJ859kohj2r1kMsUiwYEPaOt3nfGbkXLD1i56OEp7nZ5IxHlydNLhI/igJM7KAbHF/M7svULWUt0SgmewXpWuCjwJiIwg+KaTzBuv4KxTpL5qBZ9MZG7USSGk= Received: from CP2P152MB1668.LAMP152.PROD.OUTLOOK.COM (2603:10d6:101:28::10) by CP2P152MB3714.LAMP152.PROD.OUTLOOK.COM (2603:10d6:102:a::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3370.16; Wed, 16 Sep 2020 16:56:17 +0000 Received: from CP2P152MB1668.LAMP152.PROD.OUTLOOK.COM ([fe80::a424:22fb:792b:efad]) by CP2P152MB1668.LAMP152.PROD.OUTLOOK.COM ([fe80::a424:22fb:792b:efad%10]) with mapi id 15.20.3391.014; Wed, 16 Sep 2020 16:56:17 +0000 To: "openvpn-devel@lists.sourceforge.net" Thread-Topic: [PATCH] Added client-ip to NAT config Thread-Index: AdaMSjLRHDwJv3PdTEWyyvdE3zgQfQ== Date: Wed, 16 Sep 2020 16:56:17 +0000 Message-ID: Accept-Language: pt-BR, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2145fc9d-545c-48c6-66ef-08d85a616e0b x-ms-traffictypediagnostic: CP2P152MB3714: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6790; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: wRxCoYN2FAgTLtDzH2cjYYl40818xpeN1DBY3NXtGQ3DmlF+xwFKNkFFpQqnVhpWdV/jLMiV9dha/2n2VLcB1SbpH+4gsl10DDocaqxFgfGMm1W6Jv49cJW0h1xzluOPlhZSDlNdb3sy4cPw9lCJk0jHnZGDAl9C1VbdJrBhZp4LhFFvJyHHl7CLACIyEi9sDwUJCu2Nz6Tyt77OiXagpoF7HPUE4nXmpm1Q4rTMysJ/sZY58AkMVrDFzjP4ViFieZqvCVYbslZFYZ5yYoCuR3I5m3PIJhngInssd4kzdQ5rRQgIvdTcG0hB0cPvXUGuH1wpcTu5w05s6RhzelF3NJh0d2sssfS1e78DFQ/E3nD9iZT+E6lK1Mujv1rwQ0hK x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CP2P152MB1668.LAMP152.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(396003)(366004)(136003)(376002)(39840400004)(346002)(8676002)(316002)(33656002)(55016002)(9686003)(8936002)(2906002)(86362001)(71200400001)(186003)(66946007)(5660300002)(76116006)(66446008)(64756008)(66476007)(52536014)(66556008)(7696005)(6506007)(6916009)(478600001)(53546011)(83380400001); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata: jyAAFmuHOhsLghe1hLtJKWyyXR8Wf4q5U6yVPzEJwHbT2OPLM4JeaTUoipiFuG+aRMt6Yr6M+wb0Yx0A7p4I8UxbYeMTbm+X5LEklkz0CxyJjzS4VIPLpOTl8aqIENWsb5AEW6lEY1I5W6I9k0XVj5l8xU7/YDOmWrXSZo40umLN3VndJg5vTaWozRU59s/MJjDcjFOYnQbNv9UBCO0p7oVUgybyoAmVYnp7YrkXJVgA3Kp4aQ6y+T/Gpy0FCC3FUPdC7cwvw5NcSwD4YlYA6j0BsspNQ43KVb5YuJq1v7fi6AblgwE6xAJzugj/8cOaRWUhlgOXFrPCaSds+VPu7Id94wKjnOQO6hWS+TxhLOko7nyVBLiUd1rlFzieLXGE8lHxnVbxj0ijcO6ozbTo0JHqGDMYc0H+0+uMiAgoNYhBgWflpW/+1AsXKLurBpoFZJY/PoR/ptVMei/E6ahrbAkQ1/mayPcmpZ6J5EeOVn7X52PL/GO7NI34SRXA1CtoI9ziwG9GKSd2laxckkD9+1n0TpzuClocJL8dQva6iw3n/1VRbRsHbXJZeMm3oDmEsqJEEzEC9ix25qtDuqnmGOMFBQw8MRHxdSXS6/4LdbwVQ5X708m/GZnqDy39aq/cdRJTIg/F5IaxeyzDOGCitQtSJuGk+jPVaUEYvgDtKT92dOy9ujswy7scqqDUod6O5pn83lzfvwLOuetQDYz1Tw== x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-OriginatorOrg: venturus.org.br X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CP2P152MB1668.LAMP152.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-Network-Message-Id: 2145fc9d-545c-48c6-66ef-08d85a616e0b X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Sep 2020 16:56:17.7183 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: f4d16f32-3894-45d2-aa43-4998abfff44c X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: QdHmnycp4Gg3Ruzxdevg29gZQ566cEW0XIaIM4jg/P9BXaUWfiRsM/aJqXGIBwwtcImkRAWNhHzqt0qTkDgRvrjFDGroo9IREdq/6swEYEQ= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CP2P152MB3714 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [40.107.79.131 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [40.107.79.131 listed in wl.mailspike.net] -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1kIbGd-00BgCG-Tp Subject: [Openvpn-devel] [PATCH] Added client-ip to NAT config X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Rafael Gava de Oliveira via Openvpn-devel From: Kristof Provost via Openvpn-devel Reply-To: Rafael Gava de Oliveira Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Hello guys, A couple years ago I submitted this patch which allows the user to set the 'client-ip' as a convenient way to use the leased IP address received from OpenVPN server in NAT configuration. For example: client-nat snat client-ip 255.255.255.255 172.20.1.15 , where 'client-ip' string is replaced with the leased IP address received from OpenVPN server. At that time, it was NACKED due to the fact that I was using both client-ip and localhost strings. So, it's changed now and I'd like to re-submit it again for appreciation. Thanks Gava -------------------------------------------------------------------------------------------------------------------------------------- From cb56f9bd4acaf28a2af256eead009310d8ba063f Mon Sep 17 00:00:00 2001 From: Rafael Gava de Oliveira Date: Sat, 12 Sep 2020 19:27:25 -0300 Subject: [PATCH] Allows the usage of the string 'client-ip' in the client-nat network configuration in a way that is not necessary to inform the IP address beforehand. Openvpn will set dynamically the received IP from DHCP. Example: client-nat snat client-ip 255.255.255.255 172.20.1.15 Replaces the 'client-ip' string with the DHCP address received from the openvpn server. Signed-off-by: Rafael Gava de Oliveira --- src/openvpn/clinat.c | 45 ++++++++++++++++++++++++++++++++++++++++----- src/openvpn/clinat.h | 2 ++ src/openvpn/init.c | 2 ++ src/openvpn/options.c | 2 +- 4 files changed, 45 insertions(+), 6 deletions(-) mode change 100644 => 100755 src/openvpn/clinat.c -- 2.7.4 diff --git a/src/openvpn/clinat.c b/src/openvpn/clinat.c old mode 100644 new mode 100755 index b08fd54..865b0e2 --- a/src/openvpn/clinat.c +++ b/src/openvpn/clinat.c @@ -128,12 +128,16 @@ add_client_nat_to_option_list(struct client_nat_option_list *dest, msg(msglevel, "client-nat: type must be 'snat' or 'dnat'"); return; } - - e.network = getaddr(0, network, 0, &ok, NULL); - if (!ok) + if (network && !strcmp(network, "client-ip")) { - msg(msglevel, "client-nat: bad network: %s", network); - return; + e.network = 0xFFFFFFFF; + } else { + e.network = getaddr(0, network, 0, &ok, NULL); + if (!ok) + { + msg(msglevel, "client-nat: bad network: %s", network); + return; + } } e.netmask = getaddr(0, netmask, 0, &ok, NULL); if (!ok) @@ -276,3 +280,34 @@ client_nat_transform(const struct client_nat_option_list *list, } } } + +/* +* Replaces the client-ip token with the IP received from OpenVPN Server +*/ +bool +update_client_ip_nat(struct client_nat_option_list *dest, in_addr_t local_ip) +{ + int i; + bool ret = false; + + if (!dest) + return ret; + + for (i=0; i <= dest->n; i++) + { + struct client_nat_entry *nat_entry = &dest->entries[i]; + if (nat_entry && nat_entry->network == 0xFFFFFFFF) + { + struct in_addr addr; + + nat_entry->network = ntohl(local_ip); + addr.s_addr = nat_entry->network; + char *dot_ip = inet_ntoa(addr); + + msg (M_INFO, "Updating NAT table client-ip to: %s", dot_ip); + ret = true; + } + } + + return ret; +} diff --git a/src/openvpn/clinat.h b/src/openvpn/clinat.h index eec7a03..c2941b9 100644 --- a/src/openvpn/clinat.h +++ b/src/openvpn/clinat.h @@ -64,4 +64,6 @@ void client_nat_transform(const struct client_nat_option_list *list, struct buffer *ipbuf, const int direction); +bool update_client_ip_nat(struct client_nat_option_list *dest, in_addr_t local_ip); + #endif /* if !defined(CLINAT_H) */ diff --git a/src/openvpn/init.c b/src/openvpn/init.c index a785934..8d6f9a8 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -1920,6 +1920,8 @@ do_open_tun(struct context *c) SET_MTU_TUN | SET_MTU_UPPER_BOUND); } + update_client_ip_nat(c->options.client_nat, c->c1.tuntap->local); + ret = true; static_context = c; #ifndef TARGET_ANDROID diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 8bf82c5..26f11fa 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -231,7 +231,7 @@ static const char usage_message[] = " ICMPv6 host unreachable messages on the client.\n" " (Server) Instead of forwarding IPv6 packets send\n" " ICMPv6 host unreachable packets to the client.\n" - "--client-nat snat|dnat network netmask alias : on client add 1-to-1 NAT rule.\n" + "--client-nat snat|dnat network|'client-ip' netmask alias : on client add 1-to-1 NAT rule.\n" "--push-peer-info : (client only) push client info to server.\n" "--setenv name value : Set a custom environmental variable to pass to script.\n" "--setenv FORWARD_COMPATIBLE 1 : Relax config file syntax checking to allow\n"