20180529_jeffrey - silenceuncrio/diary GitHub Wiki
0900
繼續 maintis issue 0000157: [OpenVPN+DMZ] LTE link up, and OpenVPN create tunnel success, DMZ fail
0915
目前的解法如下
diff --git a/proscend/prosrc/icos/icoslib/dmz/dmzcfg.c b/proscend/prosrc/icos/icoslib/dmz/dmzcfg.c
index c40e8ea..88edb29 100644
--- a/proscend/prosrc/icos/icoslib/dmz/dmzcfg.c
+++ b/proscend/prosrc/icos/icoslib/dmz/dmzcfg.c
@@ -245,6 +245,18 @@ static int _notify(PRO_EVENT *pevent)
IPTN_A("%s -p udp -d %s -j DNAT --to-destination %s",
IPT_UC_DMZ_PRER, szSrcIpAddr, szDstIpAddr);
+ // for openvpn
+ IPTN_A("%s -p tcp -i tun+ -j DNAT --to-destination %s",
+ IPT_UC_DMZ_PRER, szDstIpAddr);
+ IPTN_A("%s -p udp -i tun+ -j DNAT --to-destination %s",
+ IPT_UC_DMZ_PRER, szDstIpAddr);
+
+ // for ipsec
+ IPTN_A("%s -p tcp -i tap+ -j DNAT --to-destination %s",
+ IPT_UC_DMZ_PRER, szDstIpAddr);
+ IPTN_A("%s -p udp -i tap+ -j DNAT --to-destination %s",
+ IPT_UC_DMZ_PRER, szDstIpAddr);
+
IPTN_F(IPT_UC_DMZ_FWD);
IPTF_A("%s -o lan -d %s -m state --state NEW -j ACCEPT",
IPT_UC_DMZ_FWD, szDstIpAddr);
@@ -300,6 +312,18 @@ static int _notify(PRO_EVENT *pevent)
IPTN_A("%s -p udp -d %s -j DNAT --to-destination %s",
IPT_UC_DMZ_PRER, szSrcIpAddr, szDstIpAddr);
+ // for openvpn
+ IPTN_A("%s -p tcp -i tun+ -j DNAT --to-destination %s",
+ IPT_UC_DMZ_PRER, szDstIpAddr);
+ IPTN_A("%s -p udp -i tun+ -j DNAT --to-destination %s",
+ IPT_UC_DMZ_PRER, szDstIpAddr);
+
+ // for ipsec
+ IPTN_A("%s -p tcp -i tap+ -j DNAT --to-destination %s",
+ IPT_UC_DMZ_PRER, szDstIpAddr);
+ IPTN_A("%s -p udp -i tap+ -j DNAT --to-destination %s",
+ IPT_UC_DMZ_PRER, szDstIpAddr);
+
IPTN_F(IPT_UC_DMZ_FWD);
IPTF_A("%s -o lan -d %s -m state --state NEW -j ACCEPT",
IPT_UC_DMZ_FWD, szDstIpAddr);
(END)
不過跟 openvpn 或 ipsec 的交互影響需要多做驗證
等明天 V1.68 release 完再多花時間來驗證是比較合適的安排
0920
先準備一個 hytec 版本方便兩個追加項目
- 不要 read only user
- 從 web ui 直接拿掉 read only level
- status 頁面追加 DO status
注意只有 hytec 才有這些
可以用以下的 c pre-processor 語法包起來
#if !defined(PROSRC_NO_DIDO) && defined(PROSRC_DO_REMOTE)
...
#endif
1025
commit 3fd0840782a753fd4b177c89d9997baed17db84c
Refs: [hotfix/v1.68], {origin/hotfix/v1.68}
Author: jeffrey <[email protected]>
Date: Tue May 29 10:24:53 2018 +0800
add 'DO Status' panel to the 'status' web page
proscend/prosrc/webcgi/icos_shm.c | 26 +++++++++++++++++++
proscend/prosrc/www/app/feature/status.js | 11 +++++++-
proscend/prosrc/www/app/locale-en.json | 3 +++
proscend/prosrc/www/app/locale-fr.json | 3 +++
proscend/prosrc/www/app/locale-zh-tw.json | 3 +++
proscend/prosrc/www/app/services/icos.service.js | 3 +++
.../prosrc/www/src/app/feature/status.html.src | 30 ++++++++++++++++++++++
7 files changed, 78 insertions(+), 1 deletion(-)
1040
commit 19b208414d45535eb2d430155cf0ffdfe11041ba
Refs: [hotfix/v1.68], {origin/hotfix/v1.68}
Author: jeffrey <[email protected]>
Date: Tue May 29 10:39:27 2018 +0800
remove the 'Read Only' level of user for HYTEC(CID 53)
proscend/prosrc/www/Makefile | 4 +
.../prosrc/www/app/feature/administration.html | 267 -------------------
.../www/src/app/feature/administration.html.src | 285 +++++++++++++++++++++
3 files changed, 289 insertions(+), 267 deletions(-)
1600
DMZ 追加了兩個 bug
- 0000167: [L2TP+DMZ] DMZ not working
- 0000169: [PPPTP Server + DMZ] DMZ not working
這跟目前再解的問題應該都可以擁有類似的解法
- 0000157: [OpenVPN+DMZ] LTE link up, and OpenVPN create tunnel success, DMZ fail