diff --git a/vpn-proxy/app/migrations/0005_tunnel_protocol.py b/vpn-proxy/app/migrations/0005_tunnel_protocol.py new file mode 100644 index 0000000..6448729 --- /dev/null +++ b/vpn-proxy/app/migrations/0005_tunnel_protocol.py @@ -0,0 +1,20 @@ +# -*- coding: utf-8 -*- +# Generated by Django 1.9.7 on 2016-08-01 13:16 +from __future__ import unicode_literals + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('app', '0004_remove_forwarding_src_addr'), + ] + + operations = [ + migrations.AddField( + model_name='tunnel', + name='protocol', + field=models.CharField(choices=[('udp', 'UDP'), ('tcp', 'TCP')], default='udp', max_length=3), + ), + ] diff --git a/vpn-proxy/app/models.py b/vpn-proxy/app/models.py index c22fc81..c301b75 100644 --- a/vpn-proxy/app/models.py +++ b/vpn-proxy/app/models.py @@ -145,6 +145,8 @@ class Tunnel(BaseModel): client = models.GenericIPAddressField(protocol='IPv4', validators=[check_ip]) key = models.TextField(default=gen_key, blank=False, unique=True) + protocol = models.CharField(max_length=3, default='udp', + choices=[('udp', 'UDP'), ('tcp', 'TCP')]) @property def name(self): @@ -182,6 +184,14 @@ def client_conf(self): def client_script(self): return get_client_script(self) + @property + def server_protocol(self): + return 'tcp-server' if self.protocol == 'tcp' else 'udp' + + @property + def client_protocol(self): + return 'tcp-client' if self.protocol == 'tcp' else 'udp' + def _enable(self): start_tunnel(self) for forwarding in self.forwarding_set.all(): @@ -200,6 +210,7 @@ def to_dict(self): 'name': self.name, 'server': self.server, 'client': self.client, + 'protocol': self.protocol, 'port': self.port, 'key': self.key, 'active': self.active, diff --git a/vpn-proxy/app/tunnels.py b/vpn-proxy/app/tunnels.py index e386b77..3567371 100644 --- a/vpn-proxy/app/tunnels.py +++ b/vpn-proxy/app/tunnels.py @@ -228,7 +228,8 @@ def get_conf(tunnel): 'dev-type tun', 'port %s' % tunnel.port, 'ifconfig %s %s' % (tunnel.server, tunnel.client), - 'secret %s' % tunnel.key_path]) + 'secret %s' % tunnel.key_path, + 'proto %s' % tunnel.server_protocol]) def get_client_conf(tunnel): @@ -237,7 +238,9 @@ def get_client_conf(tunnel): 'dev-type tun', 'port %s' % tunnel.port, 'ifconfig %s %s' % (tunnel.client, tunnel.server), - 'secret %s' % tunnel.key_path]) + 'secret %s' % tunnel.key_path, + 'proto %s' % tunnel.client_protocol, + 'keepalive 10 120']) def get_client_script(tunnel): @@ -257,7 +260,6 @@ def get_client_script(tunnel): echo "Could not find a package management tool" exit 1 fi - } if ! which openvpn > /dev/null; then @@ -280,9 +282,9 @@ def get_client_script(tunnel): echo 1 > /proc/sys/net/ipv4/ip_forward -ifaces=`ip link show | grep '^[0-9]*:' | awk '{print $2}' | sed 's/:$//'` -eth_ifaces=`echo "$ifaces" | grep ^eth` -for iface in $eth_ifaces; do +ifaces=`ip link show | grep '^[0-9]*:' | awk '{print $2}' | sed 's/:$//' | \ + grep -v ^lo$` +for iface in $ifaces; do iptables -t nat -A POSTROUTING -o $iface -j MASQUERADE done """ % {'key_path': tunnel.key_path, 'conf_path': tunnel.conf_path, diff --git a/vpn-proxy/app/views.py b/vpn-proxy/app/views.py index 3a685d0..92a1d96 100644 --- a/vpn-proxy/app/views.py +++ b/vpn-proxy/app/views.py @@ -32,6 +32,8 @@ def tunnels(request): client = choose_ip(cidrs, excluded_cidrs) params['client'] = client params['server'] = choose_ip(cidrs, excluded_cidrs, client_addr=client) + if 'proto' in request.POST: + params['protocol'] = request.POST['proto'] tun = Tunnel(**params) tun.save() return JsonResponse(tun.to_dict())