diff --git a/config/ipsec.conf b/config/ipsec.conf index d3e949290..787c57e5d 100644 --- a/config/ipsec.conf +++ b/config/ipsec.conf @@ -76,6 +76,7 @@ CONFIG_PACKAGE_strongswan-mod-vici=y CONFIG_PACKAGE_strongswan-mod-x509=y CONFIG_PACKAGE_strongswan-mod-xauth-generic=y CONFIG_PACKAGE_strongswan-mod-xcbc=y ++CONFIG_PACKAGE_strongswan-mod-openssl=y CONFIG_PACKAGE_strongswan-swanctl=y CONFIG_PACKAGE_xfrm=y diff --git a/packages/ns-api/Makefile b/packages/ns-api/Makefile index 625af78d9..3353ea74e 100644 --- a/packages/ns-api/Makefile +++ b/packages/ns-api/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ns-api -PKG_VERSION:=0.0.15 +PKG_VERSION:=0.0.16 PKG_RELEASE:=1 PKG_BUILD_DIR:=$(BUILD_DIR)/ns-api-$(PKG_VERSION) @@ -109,6 +109,8 @@ define Package/ns-api/install $(INSTALL_DATA) ./files/ns.backup.json $(1)/usr/share/rpcd/acl.d/ $(INSTALL_BIN) ./files/ns.migration $(1)/usr/libexec/rpcd/ $(INSTALL_DATA) ./files/ns.migration.json $(1)/usr/share/rpcd/acl.d/ + $(INSTALL_BIN) ./files/ns.ipsectunnel $(1)/usr/libexec/rpcd/ + $(INSTALL_DATA) ./files/ns.ipsectunnel.json $(1)/usr/share/rpcd/acl.d/ $(INSTALL_DIR) $(1)/lib/upgrade/keep.d $(INSTALL_CONF) files/msmtp.keep $(1)/lib/upgrade/keep.d/msmtp $(LN) /usr/bin/msmtp $(1)/usr/sbin/sendmail diff --git a/packages/ns-api/README.md b/packages/ns-api/README.md index 5665bde4b..8e7f81323 100644 --- a/packages/ns-api/README.md +++ b/packages/ns-api/README.md @@ -3038,3 +3038,212 @@ Response example: ```json {"result": "success"} ``` + +## ns.ipsectunnel + +### list-tunnels + +List existing tunnels: +``` +api-cli ns.ipsectunnel list-tunnels +``` + +Response example: +```json +{ + "tunnels": [ + { + "id": "ns_81df3995", + "name": "tun1", + "local": [ + "192.168.100.0/24" + ], + "remote": [ + "192.168.200.0/24" + ], + "enabled": "1", + "connected": false + } + ] +} +``` + +### list-wans + +List available wans: +``` +api-cli ns.ipsectunnel list-wans +``` + +Response example: +```json +{ + "wans": [ + { + "device": "eth1", + "ipaddr": "192.168.122.49" + }, + { + "device": "eth1", + "ipaddr": "fe80::5054:ff:fe20:82a6" + } + ] +} +``` + +### get-defaults + +Get tunnel defaults: +``` +api-cli ns.ipsectunnel get-defaults +``` + +Response example: +```json +{ + "pre_shared_key": "gFWPtHR38XaAWrT4GjeFOS0aOtGJnVksvbVcGdJ1EYWB", + "local_identifier": "@tun2.local", + "remote_identifier": "@tun2.local" +} + +``` + +### get-tunnel + +Retrieve tunnel info: +``` +api-cli ns.ipsectunnel get-tunnel --data '{"id": "ns_81df3995"}' +``` + +Response example: +```json +{ + "ike": { + "encryption_algorithm": "3des", + "hash_algorithm": "md5", + "dh_group": "modp1024", + "rekeytime": "3600" + }, + "esp": { + "encryption_algorithm": "3des", + "hash_algorithm": "md5", + "dh_group": "modp1024", + "rekeytime": "3600" + }, + "ipcomp": "false", + "dpdaction": "restart", + "remote_subnet": "192.168.200.0/24", + "local_subnet": "192.168.100.0/24", + "ns_name": "tun1", + "gateway": "10.10.0.172", + "keyexchange": "ike", + "local_identifier": "@ipsec1.local", + "local_ip": "192.168.122.49", + "enabled": "1", + "remote_identifier": "@ipsec1.remote", + "pre_shared_key": "xxxxxxxxxxxxxxxxxxx" +} +``` + +### add-tunnel + +Create a tunnel: +``` +api-cli ns.ipsectunnel add-tunnel --data '{"ns_name": "tun1", "ike": {"hash_algorithm": "md5", "encryption_algorithm": "3des", "dh_group": "modp1024", "rekeytime": "3600"}, "esp": {"hash_algorithm": "md5", "encryption_algorithm": "3des", "dh_group": "modp1024", "rekeytime": "3600"}, "pre_shared_key": "xxxxxxxxxxxxxxxxxxx", "local_identifier": "@ipsec1.local", "remote_identifier": "@ipsec1.remote", "local_subnet": ["192.168.100.0/24"], "remote_subnet": ["192.168.200.0/24"], "enabled": "1", "local_ip": "192.168.122.49", "keyexchange": "ike", "ipcomp": "false", "dpdaction": "restart", "gateway": "10.10.0.172"}' +``` + +Response example: +```json +{"id": "ns_81df3995"} +``` + +### edit-tunnel + +Edit a tunnel: +``` +api-cli ns.ipsectunnel add-tunnel --data '{"id": "ns_81df3995", "ns_name": "tun1", "ike": {"hash_algorithm": "md5", "encryption_algorithm": "3des", "dh_group": "modp1024", "rekeytime": "3600"}, "esp": {"hash_algorithm": "md5", "encryption_algorithm": "3des", "dh_group": "modp1024", "rekeytime": "3600"}, "pre_shared_key": "xxxxxxxxxxxxxxxxxxx", "local_identifier": "@ipsec1.local", "remote_identifier": "@ipsec1.remote", "local_subnet": ["192.168.100.0/24"], "remote_subnet": ["192.168.200.0/24"], "enabled": "1", "local_ip": "192.168.122.49", "keyexchange": "ike", "ipcomp": "false", "dpdaction": "restart", "gateway": "10.10.0.172"}' +``` + +Response example: +```json +{"id": "ns_81df3995"} +``` + +### enable-tunnel + +Enable a tunnel: +``` +api-cli ns.ipsectunnel enable-tunnel --data '{"id": "ns_81df3995"}' +``` + +Response example: +```json +{"result": "success"} +``` + +### disable-tunnel + +Disable a tunnel: +``` +api-cli ns.ipsectunnel disable-tunnel --data '{"id": "ns_81df3995"}' +``` + +Response example: +```json +{"result": "success"} +``` + +### delete-tunnel + +Delete a tunnel all associated configurations like routes and interfaces: +``` +api-cli ns.ipsectunnel delete-tunnel --data '{"id": "ns_81df3995"}' +``` + +Response example: +```json +{"result": "success"} +``` + +### list-algs + +List available algorithms: +``` +api-cli ns.ipsectunnel list-algs +``` + +Result example: +```json +{ + "encryption": [ + { + "name": "AES 128", + "id": "aes128" + }, + { + "name": "128 bit Blowfish-CBC", + "id": "blowfish" + } + ], + "integrity": [ + { + "name": "MD5", + "id": "md5" + }, + { + "name": "AES XCBX", + "id": "aesxcbc" + } + ], + "dh": [ + { + "name": "1024 bit (DH-2)", + "id": "modp1024" + }, + { + "name": "Newhope 128", + "id": "newhope" + } + ] +} +``` diff --git a/packages/ns-api/files/ns.ipsectunnel b/packages/ns-api/files/ns.ipsectunnel new file mode 100755 index 000000000..7f903d3a1 --- /dev/null +++ b/packages/ns-api/files/ns.ipsectunnel @@ -0,0 +1,371 @@ +#!/usr/bin/python3 + +# +# Copyright (C) 2022 Nethesis S.r.l. +# SPDX-License-Identifier: GPL-2.0-only +# + +# Manage IPSec tunnels + +import os +import sys +import json +import subprocess +from euci import EUci +from nethsec import utils, firewall, ipsec + +## Utils + +def get_device_ips(): + ret = {} + p = subprocess.run(["/sbin/ip", "-j", "address"], check=True, text=True, capture_output=True) + data = json.loads(p.stdout) + for interface in data: + ipaddr = [] + name = interface.get("ifname") + for addr in interface.get("addr_info", []): + if name not in ret: + ret[name] = [] + ret[name].append(addr.get('local', '')) + return ret + + +def next_id(): + max_id = 0 + u = EUci() + for t in utils.get_all_by_type(u, 'ipsec', 'tunnel'): + try: + if_id = int(u.get('ipsec', t, 'if_id', default=-1)) + max_id = max(if_id, max_id) + except: + continue + return max_id + 1 + +def is_connected(id): + p = subprocess.run(["swanctl", "--list-sas", "--ike", id], capture_output=True, text=True, check=True) + for l in p.stdout.split("\n"): + if 'ESTABLISHED' in l: + return True + return False + +## APIs + +def list_tunnels(): + ret = [] + u = EUci() + for r in utils.get_all_by_type(u, 'ipsec', 'remote'): + try: + tunnels = u.get_all('ipsec', r, 'tunnel') + for t in tunnels: + t_config = u.get_all('ipsec', t) + if t_config: + ret.append({ + 'id': r, + 'name': u.get('ipsec', r, 'ns_name', default=r), + 'local': list(t_config.get('local_subnet', ())), + 'remote': list(t_config.get('remote_subnet', ())), + 'enabled': u.get('ipsec', r, 'enabled', default='1'), + 'connected': is_connected(r) + }) + except: + return {"tunnel": []} + + return {"tunnels": ret} + +def add_tunnel(args): + u = EUci() + iname = utils.get_random_id() + return setup_tunnel(u, iname, args) + +def setup_tunnel(u, iname, args): + ike_p = f'{iname}_ike' + esp_p = f'{iname}_esp' + tunnel = f'{iname}_tunnel' + + link = f'ipsec/{iname}' + # create proposals + u.set('ipsec', ike_p, 'crypto_proposal') + for opt in ['encryption_algorithm', 'hash_algorithm', 'dh_group']: + u.set('ipsec', ike_p, opt, args['ike'][opt]) + u.set('ipsec', ike_p, 'ns_link', link) + u.set('ipsec', esp_p, 'crypto_proposal') + for opt in ['encryption_algorithm', 'hash_algorithm', 'dh_group']: + u.set('ipsec', esp_p, opt, args['esp'][opt]) + u.set('ipsec', esp_p, 'ns_link', link) + + # create tunnel + u.set('ipsec', tunnel, 'tunnel') + for opt in ['ipcomp', 'dpdaction', 'remote_subnet', 'local_subnet']: + u.set('ipsec', tunnel, opt, args[opt]) + + u.set('ipsec', tunnel, 'rekeytime', args['esp']['rekeytime']) + u.set('ipsec', tunnel, 'crypto_proposal', [esp_p]) + u.set('ipsec', tunnel, 'closeaction', 'none') + u.set('ipsec', tunnel, 'startaction', 'start') + if_id = next_id() + u.set('ipsec', tunnel, 'if_id', if_id) + u.set('ipsec', tunnel, 'ns_link', link) + + # create remote + u.set('ipsec', iname, 'remote') + u.set('ipsec', iname, 'ns_name', args['ns_name']) + u.set('ipsec', iname, 'authentication_method', 'psk') + for opt in ['gateway', 'keyexchange', 'local_identifier', 'local_ip', 'enabled', 'remote_identifier', 'pre_shared_key']: + u.set('ipsec', iname, opt, args[opt]) + u.set('ipsec', iname, 'crypto_proposal', [ike_p]) + u.set('ipsec', iname, 'rekeytime', args['ike']['rekeytime']) + u.set('ipsec', iname, 'tunnel', [tunnel]) + + u.save('ipsec') + + # create interface + dname = f'ipsec{if_id}' + u.set('network', dname, 'interface') + u.set('network', dname, 'ifid', if_id) + u.set('network', dname, 'mtu', '1438') + u.set('network', dname, 'zone', 'ipsec') + u.set('network', dname, 'proto', 'xfrm') + u.set('network', dname, 'multicast', 'true') + u.set('network', dname, 'tunlink', 'wan') + u.set('network', dname, 'ns_link', link) + + # create route + subnets = 1 + for net in args['remote_subnet']: + rname = f'{iname}_route_{subnets}' + u.set('network', rname, 'route') + u.set('network', rname, 'target', net) + u.set('network', rname, 'interface', dname) + u.set('network', rname, 'ns_link', link) + u.set('network', rname, 'disabled', '0') + subnets = subnets + 1 + + u.save('network') + + # Add interface to trusted zone + ipsec.add_trusted_interface(u, dname) + + # Open firewall ports only if required + ipsec.open_firewall_ports(u) + + return {"id": iname} + +def edit_tunnel(args): + ret = delete_tunnel(args['id']) + if 'result' in ret: + return add_tunnel(args) + else: + return utils.generic_error('cant_edit_tunnel') + +def delete_tunnel(id): + u = EUci() + if_id = '' + try: + if_id = u.get('ipsec', f'{id}_tunnel', 'if_id') + u.delete('ipsec', id) + u.save('ipsec') + except: + return utils.generic_error('cant_delete_tunnel') + + firewall.delete_linked_sections(u, f'ipsec/{id}') + firewall.remove_interface_from_zone(u, ipsec.IPSEC_ZONE, f'ipsec{if_id}') + return {"result": "success"} + +def disable_tunnel(id): + u = EUci() + try: + u.get("ipsec", id) + except: + return utils.validation_error("tunnel_not_found") + try: + u.set('ipsec', id, 'enabled', '0') + u.save('ipsec') + + # disable route + for r in utils.get_all_by_type(u, 'network', 'route'): + if u.get('network', r, 'ns_link', default='') == f'ipsec/{id}': + u.set('network', r, 'disabled', '1') + u.save('network') + + return {"result": "success"} + except: + return utils.generic_error("tunnel_not_disabled") + +def enable_tunnel(id): + u = EUci() + try: + u.get("ipsec", id) + except: + return utils.validation_error("tunnel_not_found") + try: + u.set('ipsec', id, 'enabled', '1') + u.save('ipsec') + + # disable route + for r in utils.get_all_by_type(u, 'network', 'route'): + if u.get('network', r, 'ns_link', default='') == f'ipsec/{id}': + u.set('network', r, 'disabled', '0') + u.save('network') + + return {"result": "success"} + except: + return utils.generic_error("tunnel_not_enabled") + +def get_tunnel(id): + u = EUci() + try: + u.get("ipsec", id) + except: + return utils.validation_error("tunnel_not_found") + + ike_p = f'{id}_ike' + esp_p = f'{id}_esp' + tunnel = f'{id}_tunnel' + ret = {'ike': {}, 'esp': {}} + for opt in ['encryption_algorithm', 'hash_algorithm', 'dh_group']: + ret['ike'][opt] = u.get('ipsec', ike_p, opt, default="") + for opt in ['encryption_algorithm', 'hash_algorithm', 'dh_group']: + ret['esp'][opt] = u.get('ipsec', esp_p, opt, default="") + + for opt in ['ipcomp', 'dpdaction']: + ret[opt] = u.get('ipsec', tunnel, opt, default="") + for opt in ['remote_subnet', 'local_subnet']: + ret[opt] = u.get('ipsec', tunnel, opt, default=[], list=True) + + ret['esp']['rekeytime'] = u.get('ipsec', tunnel, 'rekeytime') + ret['ns_name'] = u.get('ipsec', id, 'ns_name', default="") + for opt in ['gateway', 'keyexchange', 'local_identifier', 'local_ip', 'enabled', 'remote_identifier', 'pre_shared_key']: + ret[opt] = u.get('ipsec', id, opt, default="") + ret['ike']['rekeytime'] = u.get('ipsec', id, 'rekeytime', default='') + + return ret + +def list_wans(): + ret = {"wans": []} + ips = get_device_ips() + wans = utils.get_all_wan_devices(EUci()) + for device in ips.keys(): + if device in wans: + for ip in ips[device]: + ret["wans"].append({"device": device, "ipaddr": ip}) + return ret + +def get_defaults(): + u = EUci() + num = 1 + for r in utils.get_all_by_type(u, 'ipsec', 'remote'): + num = num + 1 + local = f"@tun{num}.local" + remote = f"@tun{num}.local" + key = subprocess.run(["openssl", "rand", "-base64", "33"], capture_output=True, text=True).stdout.rstrip() + return {"pre_shared_key": key, "local_identifier": local, "remote_identifier": remote} + +def list_algs(): + ret = { + "encryption" : [ + {"name": "AES 128", "id": "aes128"}, + {"name": "AES 192", "id": "aes192"}, + {"name": "AES 256", "id": "aes256"}, + {"name": "3DES", "id": "3des"}, + {"name": "128 bit Blowfish-CBC", "id": "blowfish"} + ], + "integrity" : [ + {"name": "MD5", "id": "md5"}, + {"name": "SHA1", "id": "sha1"}, + {"name": "SHA256", "id": "sha256"}, + {"name": "SHA384", "id": "sha384"}, + {"name": "SHA512", "id": "sha512"}, + {"name": "AES CMAC", "id": "aescmac"}, + {"name": "AES XCBX", "id": "aesxcbc"}, + + ], + "dh" : [ + {"name": "-", "id": ""}, + {"name": "1024 bit (DH-2)", "id": "modp1024"}, + {"name": "1536 bit (DH-5)", "id": "modp1536"}, + {"name": "2048 bit (DH-14)", "id": "modp2048"}, + {"name": "3072 bit (DH-15)", "id": "modp3072"}, + {"name": "4096 bit (DH-16)", "id": "modp4096"}, + {"name": "6144 bit (DH-17)", "id": "modp6144"}, + {"name": "8192 bit (DH-18)", "id": "modp8192"}, + {"name": "Curve 25519", "id": "curve25519"}, + {"name": "Newhope 128", "id": "newhope"}, + ] + } + return ret + +cmd = sys.argv[1] + +# Make sure the config file exists +ipsec.init_ipsec(EUci()) + +if cmd == 'list': + print(json.dumps({ + "list-tunnels": {}, + "get-defaults": {}, + "list-wans": {}, + "list-algs": {}, + "add-tunnel": { + "ns_name": "tun1", + "ike": {"encryption_algorithm": "3des", "hash_algorithm": "md5", "encryption_algorithm": "3des", "dh_group": "mod1024", "rekeytime": "3600"}, + "esp": {"encryption_algorithm": "3des", "hash_algorithm": "md5", "encryption_algorithm": "3des", "dh_group": "mod1024", "rekeytime": "3600"}, + "pre_shared_key": "xxxxxxxxxxxxxxxxxxx", + "local_identifier": "@ipsec1.local", + "remote_identifier": "@ipsec1.remote", + "local_subnet": ["192.168.120.0/24"], + "remote_subnet": ["192.168.100.0/24"], + "enabled": "1", + "local_ip": "10.10.0.200", + "keyexchange": "ike", # ike, ikev1, ikev2 + "ipcomp": "false", # compression + "dpdaction": "restart", + "gateway": "1.2.3.4" # remote server + }, + "edit-tunnel": { + "id": "ns_tun1", + "ns_name": "tun1", + "ike": {"encryption_algorithm": "3des", "hash_algorithm": "md5", "encryption_algorithm": "3des", "dh_group": "mod1024", "rekeytime": "3600"}, + "esp": {"encryption_algorithm": "3des", "hash_algorithm": "md5", "encryption_algorithm": "3des", "dh_group": "mod1024", "rekeytime": "3600"}, + "pre_shared_key": "xxxxxxxxxxxxxxxxxxx", + "local_identifier": "@ipsec1.local", + "remote_identifier": "@ipsec1.remote", + "local_subnet": ["192.168.120.0/24"], + "remote_subnet": ["192.168.100.0/24"], + "enabled": "1", + "local_ip": "10.10.0.200", + "keyexchange": "ike", # ike, ikev1, ikev2 + "ipcomp": "false", # compression + "dpdaction": "restart", + "gateway": "1.2.3.4" # remote server + }, + "enable-tunnel": {"id": "ns_tun1"}, + "disable-tunnel": {"id": "ns_tun1"}, + "delete-tunnel": {"id": "ns_tun1"}, + "get-tunnel": {"id": "ns_tun1"} + })) +else: + action = sys.argv[2] + if action == "list-tunnels": + ret = list_tunnels() + elif action == "get-defaults": + ret = get_defaults() + elif action == "list-wans": + ret = list_wans() + elif action == "list-algs": + ret = list_algs() + else: + args = json.loads(sys.stdin.read()) + + if action == "add-tunnel": + ret = add_tunnel(args) + elif action == "edit-tunnel": + ret = edit_tunnel(args) + elif action == "enable-tunnel": + ret = enable_tunnel(args["id"]) + elif action == "disable-tunnel": + ret = disable_tunnel(args["id"]) + elif action == "delete-tunnel": + ret = delete_tunnel(args["id"]) + elif action == "get-tunnel": + ret = get_tunnel(args["id"]) + print(json.dumps(ret)) diff --git a/packages/ns-api/files/ns.ipsectunnel.json b/packages/ns-api/files/ns.ipsectunnel.json new file mode 100644 index 000000000..ec83ae421 --- /dev/null +++ b/packages/ns-api/files/ns.ipsectunnel.json @@ -0,0 +1,13 @@ +{ + "ipsectunnel-manager": { + "description": "Read and write IPSec tunnels", + "write": {}, + "read": { + "ubus": { + "ns.ipsectunnel": [ + "*" + ] + } + } + } +} diff --git a/packages/ns-api/files/templates b/packages/ns-api/files/templates index f838e7000..68c30d325 100644 --- a/packages/ns-api/files/templates +++ b/packages/ns-api/files/templates @@ -110,6 +110,28 @@ config template_forwarding 'ns_lan2guest' option src 'lan' option dest 'guest' +# IPSec + +config template_rule 'ns_ipsec_esp' + option name 'Allow-IPSec-ESP' + option src 'wan' + option proto 'esp' + option target 'ACCEPT' + +config template_rule 'ns_ipsec_ike' + option name 'Allow-IPSec-IKE' + option src 'wan' + option dest_port '500' + option proto 'udp' + option target 'ACCEPT' + +config template_rule 'ns_ipsec_nat' + option name 'Allow-IPSec-NAT' + option src 'wan' + option dest_port '500' + option proto 'udp' + option target 'ACCEPT' + # Service groups config template_service_group 'ns_web_secure' diff --git a/packages/ns-migration/Makefile b/packages/ns-migration/Makefile index 7ccb227cf..4ecca1c69 100644 --- a/packages/ns-migration/Makefile +++ b/packages/ns-migration/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ns-migration -PKG_VERSION:=0.0.1 +PKG_VERSION:=0.0.2 PKG_RELEASE:=1 PKG_BUILD_DIR:=$(BUILD_DIR)/ns-migration-$(PKG_VERSION) diff --git a/packages/ns-migration/files/scripts/ipsec b/packages/ns-migration/files/scripts/ipsec index acd4bed46..5629ac448 100755 --- a/packages/ns-migration/files/scripts/ipsec +++ b/packages/ns-migration/files/scripts/ipsec @@ -6,7 +6,7 @@ # import nsmigration -from nethsec import firewall, utils +from nethsec import firewall, utils, ipsec import os import sys @@ -25,17 +25,8 @@ def find_first_wan(): return None # Create config files if not exists -if not os.path.isfile('/etc/config/ipsec'): - with open('/etc/config/ipsec', 'a'): - pass - -# Setup global options -gsettings = utils.get_id("ipsec_global") -nsmigration.vprint(f'Settings IPSec {gsettings}') -u.set("ipsec", gsettings, "ipsec") -u.set("ipsec", gsettings, "rtinstall_enabled", '0') -u.set("ipsec", gsettings, "debug", '0') -u.set("ipsec", gsettings, "zone", 'ipsectun') +ipsec.init_ipsec(u) +ipsec.open_firewall_ports(u) for p in data['proposals']: name = p.pop('name') @@ -85,8 +76,8 @@ for i in data['interfaces']: u.set("network", iname, "tunlink", utils.get_interface_from_mac(u, nsmigration.remap(hwaddr, nmap))) else: u.set("network", iname, "tunlink", find_first_wan()) - # Add interface to LAN - ivpn_zone = firewall.add_trusted_zone(u, i['zone'], [iname]) + + ipsec.add_trusted_interface(u, iname) # Save configuration u.commit("ipsec") diff --git a/packages/ns-openvpn/files/ns-openvpnrw-setup b/packages/ns-openvpn/files/ns-openvpnrw-setup index d44964ffb..5cd5a2817 100755 --- a/packages/ns-openvpn/files/ns-openvpnrw-setup +++ b/packages/ns-openvpn/files/ns-openvpnrw-setup @@ -18,7 +18,7 @@ if os.path.isdir(f'/etc/openvpn/{instance}'): sys.exit(0) u = EUci() -firewall.add_to_lan(u, 'tunrw') +firewall.add_device_to_lan(u, 'tunrw') olink = f"openvpn/{instance}" ovpn_interface = firewall.add_vpn_interface(u, 'rwopenvpn', 'tunrw', link=olink) ovpn_zone = firewall.add_trusted_zone(u, "rwpenvpn", [ovpn_interface], link=olink) diff --git a/packages/python3-nethsec/Makefile b/packages/python3-nethsec/Makefile index 98e248dee..53100319f 100644 --- a/packages/python3-nethsec/Makefile +++ b/packages/python3-nethsec/Makefile @@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=python3-nethsec -PKG_VERSION:=0.0.13 +PKG_VERSION:=0.0.14 PKG_RELEASE:=1 PKG_MAINTAINER:=Giacomo Sanchietti