]> git.ipfire.org Git - ipfire-2.x.git/blame - html/cgi-bin/ovpnmain.cgi
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
libloc: Import changes from upstream
[ipfire-2.x.git] / html / cgi-bin / ovpnmain.cgi
CommitLineData
6e13d0a5 1#!/usr/bin/perl
70df8302
MT		 2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
49abe7af 5# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
70df8302
MT		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
54fd0535 21###
f527e53f 22# Based on IPFireCore 77
54fd0535 23###
6e13d0a5
MT		 24use CGI;
25use CGI qw/:standard/;
26use Net::DNS;
ce9abb66 27use Net::Ping;
54fd0535 28use Net::Telnet;
6e13d0a5
MT		 29use File::Copy;
30use File::Temp qw/ tempfile tempdir /;
31use strict;
32use Archive::Zip qw(:ERROR_CODES :CONSTANTS);
eff2dbf8 33use Sort::Naturally;
6e13d0a5 34require '/var/ipfire/general-functions.pl';
6e13d0a5
MT		 35require "${General::swroot}/lang.pl";
36require "${General::swroot}/header.pl";
37require "${General::swroot}/countries.pl";
e2e270e1 38require "${General::swroot}/location-functions.pl";
6e13d0a5
MT		 39
40# enable only the following on debugging purpose
8c877a82
AM		 41#use warnings;
42#use CGI::Carp 'fatalsToBrowser';
6e13d0a5 43#workaround to suppress a warning when a variable is used only once
8c877a82 44my @dummy = ( ${Header::colourgreen}, ${Header::colourblue} );
6e13d0a5
MT		 45undef (@dummy);
46
f2fdd0c1
CS		 47my %color = ();
48my %mainsettings = ();
49&General::readhash("${General::swroot}/main/settings", \%mainsettings);
50&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
6e13d0a5
MT		 51
52###
53### Initialize variables
54###
e81be1e1
AM		 55my %ccdconfhash=();
56my %ccdroutehash=();
57my %ccdroute2hash=();
6e13d0a5
MT		 58my %netsettings=();
59my %cgiparams=();
60my %vpnsettings=();
61my %checked=();
62my %confighash=();
63my %cahash=();
64my %selected=();
65my $warnmessage = '';
66my $errormessage = '';
400c8afd
EK		 67my $cryptoerror = '';
68my $cryptowarning = '';
6e13d0a5 69my %settings=();
54fd0535 70my $routes_push_file = '';
df9b48b7
AM		 71my $confighost="${General::swroot}/fwhosts/customhosts";
72my $configgrp="${General::swroot}/fwhosts/customgroups";
73my $customnet="${General::swroot}/fwhosts/customnetworks";
74my $name;
99bfa85c 75my $col="";
ffbe77c8
EK		 76my $local_serverconf = "${General::swroot}/ovpn/scripts/server.conf.local";
77my $local_clientconf = "${General::swroot}/ovpn/scripts/client.conf.local";
78
6e13d0a5
MT		 79&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
80$cgiparams{'ENABLED'} = 'off';
81$cgiparams{'ENABLED_BLUE'} = 'off';
82$cgiparams{'ENABLED_ORANGE'} = 'off';
83$cgiparams{'EDIT_ADVANCED'} = 'off';
84$cgiparams{'NAT'} = 'off';
85$cgiparams{'COMPRESSION'} = 'off';
86$cgiparams{'ONLY_PROPOSED'} = 'off';
87$cgiparams{'ACTION'} = '';
88$cgiparams{'CA_NAME'} = '';
4c962356
EK		 89$cgiparams{'DH_NAME'} = 'dh1024.pem';
90$cgiparams{'DHLENGHT'} = '';
6e13d0a5
MT		 91$cgiparams{'DHCP_DOMAIN'} = '';
92$cgiparams{'DHCP_DNS'} = '';
93$cgiparams{'DHCP_WINS'} = '';
54fd0535 94$cgiparams{'ROUTES_PUSH'} = '';
6e13d0a5 95$cgiparams{'DCOMPLZO'} = 'off';
a79fa1d6 96$cgiparams{'MSSFIX'} = '';
8c877a82 97$cgiparams{'number'} = '';
4c962356 98$cgiparams{'DCIPHER'} = '';
49abe7af
EK		 99$cgiparams{'DAUTH'} = '';
100$cgiparams{'TLSAUTH'} = '';
54fd0535 101$routes_push_file = "${General::swroot}/ovpn/routes_push";
400c8afd
EK		 102# Perform crypto and configration test
103&pkiconfigcheck;
ffbe77c8
EK		 104
105# Add CCD files if not already presant
106unless (-e $routes_push_file) {
107 open(RPF, ">$routes_push_file");
108 close(RPF);
109}
110unless (-e "${General::swroot}/ovpn/ccd.conf") {
111 open(CCDC, ">${General::swroot}/ovpn/ccd.conf");
112 close (CCDC);
113}
114unless (-e "${General::swroot}/ovpn/ccdroute") {
115 open(CCDR, ">${General::swroot}/ovpn/ccdroute");
116 close (CCDR);
117}
118unless (-e "${General::swroot}/ovpn/ccdroute2") {
119 open(CCDRT, ">${General::swroot}/ovpn/ccdroute2");
120 close (CCDRT);
121}
122# Add additional configs if not already presant
123unless (-e "$local_serverconf") {
124 open(LSC, ">$local_serverconf");
125 close (LSC);
126}
127unless (-e "$local_clientconf") {
128 open(LCC, ">$local_clientconf");
129 close (LCC);
130}
ce9abb66 131
6e13d0a5
MT		 132&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
133
134# prepare openvpn config file
135###
136### Useful functions
137###
c6c9630e
MT		 138sub haveOrangeNet
139{
13211b21
CS		 140 if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;}
141 if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
c6c9630e
MT		 142 return 0;
143}
144
145sub haveBlueNet
146{
13211b21 147 if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;}
c6c9630e 148 if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
c6c9630e
MT		 149 return 0;
150}
151
152sub sizeformat{
153 my $bytesize = shift;
154 my $i = 0;
155
156 while(abs($bytesize) >= 1024){
157 $bytesize=$bytesize/1024;
158 $i++;
159 last if($i==6);
160 }
161
162 my @units = ("Bytes","KB","MB","GB","TB","PB","EB");
163 my $newsize=(int($bytesize*100 +0.5))/100;
164 return("$newsize $units[$i]");
165}
166
c6c9630e
MT		 167sub cleanssldatabase
168{
169 if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
170 print FILE "01";
171 close FILE;
172 }
173 if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt")) {
174 print FILE "";
175 close FILE;
176 }
e6f7f8e7
EK		 177 if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt.attr")) {
178 print FILE "";
179 close FILE;
180 }
c6c9630e 181 unlink ("${General::swroot}/ovpn/certs/index.txt.old");
e6f7f8e7 182 unlink ("${General::swroot}/ovpn/certs/index.txt.attr.old");
c6c9630e
MT		 183 unlink ("${General::swroot}/ovpn/certs/serial.old");
184 unlink ("${General::swroot}/ovpn/certs/01.pem");
185}
186
187sub newcleanssldatabase
188{
189 if (! -s "${General::swroot}/ovpn/certs/serial" ) {
190 open(FILE, ">${General::swroot}(ovpn/certs/serial");
191 print FILE "01";
192 close FILE;
193 }
194 if (! -s ">${General::swroot}/ovpn/certs/index.txt") {
195 system ("touch ${General::swroot}/ovpn/certs/index.txt");
196 }
e6f7f8e7
EK		 197 if (! -s ">${General::swroot}/ovpn/certs/index.txt.attr") {
198 system ("touch ${General::swroot}/ovpn/certs/index.txt.attr");
199 }
c6c9630e 200 unlink ("${General::swroot}/ovpn/certs/index.txt.old");
e6f7f8e7 201 unlink ("${General::swroot}/ovpn/certs/index.txt.attr.old");
c6c9630e
MT		 202 unlink ("${General::swroot}/ovpn/certs/serial.old");
203}
204
205sub deletebackupcert
206{
207 if (open(FILE, "${General::swroot}/ovpn/certs/serial.old")) {
208 my $hexvalue = <FILE>;
209 chomp $hexvalue;
210 close FILE;
211 unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem");
212 }
213}
4c962356 214
400c8afd
EK		 215###
216### Check for PKI and configure problems
217###
218
219sub pkiconfigcheck
220{
221 # Warning if DH parameter is 1024 bit
222 if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
223 my $dhparameter = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}`;
224 my @dhbit = ($dhparameter =~ /(\d+)/);
225 if ($1 < 2048) {
226 $cryptoerror = "$Lang::tr{'ovpn error dh'}";
227 goto CRYPTO_ERROR;
228 }
229 }
230
231 # Warning if md5 is in usage
232 if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
233 my $signature = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
234 if ($signature =~ /md5WithRSAEncryption/) {
235 $cryptoerror = "$Lang::tr{'ovpn error md5'}";
236 goto CRYPTO_ERROR;
237 }
238 }
239
240 CRYPTO_ERROR:
241
242 # Warning if certificate is not compliant to RFC3280 TLS rules
243 if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
244 my $extendkeyusage = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
245 if ($extendkeyusage !~ /TLS Web Server Authentication/) {
246 $cryptowarning = "$Lang::tr{'ovpn warning rfc3280'}";
247 goto CRYPTO_WARNING;
248 }
249 }
250
251 CRYPTO_WARNING:
252}
253
c6c9630e 254sub writeserverconf {
54fd0535
MT		 255 my %sovpnsettings = ();
256 my @temp = ();
c6c9630e 257 &General::readhash("${General::swroot}/ovpn/settings", \%sovpnsettings);
54fd0535
MT		 258 &read_routepushfile;
259
c6c9630e
MT		 260 open(CONF, ">${General::swroot}/ovpn/server.conf") or die "Unable to open ${General::swroot}/ovpn/server.conf: $!";
261 flock CONF, 2;
262 print CONF "#OpenVPN Server conf\n";
263 print CONF "\n";
264 print CONF "daemon openvpnserver\n";
265 print CONF "writepid /var/run/openvpn.pid\n";
afabe9f7 266 print CONF "#DAN prepare OpenVPN for listening on blue and orange\n";
c6c9630e 267 print CONF ";local $sovpnsettings{'VPN_IP'}\n";
79e7688b 268 print CONF "dev tun\n";
c6c9630e
MT		 269 print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
270 print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
a4fd2325 271 print CONF "script-security 3\n";
07675dc3 272 print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n";
6140e7e0 273 print CONF "client-config-dir /var/ipfire/ovpn/ccd\n";
c6c9630e 274 print CONF "tls-server\n";
4c962356
EK		 275 print CONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
276 print CONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
277 print CONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
49abe7af 278 print CONF "dh ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}\n";
c6c9630e
MT		 279 my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'});
280 print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n";
8c877a82 281 #print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
4c962356 282
32405d88 283 # Check if we are using mssfix, fragment and set the corretct mtu of 1500.
2ee746be
SS		 284 # If we doesn't use one of them, we can use the configured mtu value.
285 if ($sovpnsettings{'MSSFIX'} eq 'on')
79e7688b 286 { print CONF "tun-mtu 1500\n"; }
2ee746be 287 elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp')
79e7688b 288 { print CONF "tun-mtu 1500\n"; }
2ee746be 289 else
79e7688b 290 { print CONF "tun-mtu $sovpnsettings{'DMTU'}\n"; }
2ee746be 291
54fd0535 292 if ($vpnsettings{'ROUTES_PUSH'} ne '') {
8c877a82
AM		 293 @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'});
294 foreach (@temp)
295 {
296 @tempovpnsubnet = split("\/",&General::ipcidr2msk($_));
297 print CONF "push \"route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . "\"\n";
298 }
54fd0535 299 }
8c877a82
AM		 300# a.marx ccd
301 my %ccdconfhash=();
302 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
303 foreach my $key (keys %ccdconfhash) {
304 my $a=$ccdconfhash{$key}[1];
305 my ($b,$c) = split (/\//, $a);
306 print CONF "route $b ".&General::cidrtosub($c)."\n";
307 }
308 my %ccdroutehash=();
309 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
310 foreach my $key (keys %ccdroutehash) {
311 foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
312 my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]);
313 print CONF "route $a $b\n";
314 }
315 }
316# ccd end
54fd0535 317
8c877a82 318 if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
c6c9630e
MT		 319 print CONF "client-to-client\n";
320 }
1de5c945 321 if ($sovpnsettings{MSSFIX} eq 'on') {
4c962356 322 print CONF "mssfix\n";
1de5c945
EK		 323 }
324 if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') {
4c962356 325 print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
a79fa1d6 326 }
2ee746be 327
c6c9630e
MT		 328 if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {
329 print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
330 }
331 print CONF "status-version 1\n";
87fe47e9 332 print CONF "status /var/run/ovpnserver.log 30\n";
a4fd2325 333 print CONF "ncp-disable\n";
c6c9630e 334 print CONF "cipher $sovpnsettings{DCIPHER}\n";
49abe7af 335 print CONF "auth $sovpnsettings{'DAUTH'}\n";
942446b5
EK		 336 # Set TLSv2 as minimum
337 print CONF "tls-version-min 1.2\n";
86308adb 338
49abe7af 339 if ($sovpnsettings{'TLSAUTH'} eq 'on') {
4be45949 340 print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n";
49abe7af 341 }
c6c9630e
MT		 342 if ($sovpnsettings{DCOMPLZO} eq 'on') {
343 print CONF "comp-lzo\n";
344 }
345 if ($sovpnsettings{REDIRECT_GW_DEF1} eq 'on') {
346 print CONF "push \"redirect-gateway def1\"\n";
347 }
348 if ($sovpnsettings{DHCP_DOMAIN} ne '') {
349 print CONF "push \"dhcp-option DOMAIN $sovpnsettings{DHCP_DOMAIN}\"\n";
350 }
351
352 if ($sovpnsettings{DHCP_DNS} ne '') {
353 print CONF "push \"dhcp-option DNS $sovpnsettings{DHCP_DNS}\"\n";
354 }
355
356 if ($sovpnsettings{DHCP_WINS} ne '') {
357 print CONF "push \"dhcp-option WINS $sovpnsettings{DHCP_WINS}\"\n";
358 }
359
fa527476 360 if ($sovpnsettings{MAX_CLIENTS} eq '') {
c6c9630e 361 print CONF "max-clients 100\n";
a79fa1d6 362 }
fa527476 363 if ($sovpnsettings{MAX_CLIENTS} ne '') {
c6c9630e
MT		 364 print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n";
365 }
1d0a260a 366 print CONF "tls-verify /usr/lib/openvpn/verify\n";
c6c9630e
MT		 367 print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n";
368 print CONF "user nobody\n";
369 print CONF "group nobody\n";
370 print CONF "persist-key\n";
371 print CONF "persist-tun\n";
372 if ($sovpnsettings{LOG_VERB} ne '') {
373 print CONF "verb $sovpnsettings{LOG_VERB}\n";
374 } else {
375 print CONF "verb 3\n";
ffbe77c8 376 }
708f2b73
MT		 377
378 print CONF "# Log clients connecting/disconnecting\n";
379 print CONF "client-connect \"/usr/sbin/openvpn-metrics client-connect\"\n";
380 print CONF "client-disconnect \"/usr/sbin/openvpn-metrics client-disconnect\"\n";
381
ffbe77c8
EK		 382 # Print server.conf.local if entries exist to server.conf
383 if ( !-z $local_serverconf && $sovpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') {
384 open (LSC, "$local_serverconf");
385 print CONF "\n#---------------------------\n";
386 print CONF "# Start of custom directives\n";
387 print CONF "# from server.conf.local\n";
388 print CONF "#---------------------------\n\n";
389 while (<LSC>) {
390 print CONF $_;
391 }
392 print CONF "\n#-----------------------------\n";
393 print CONF "# End of custom directives\n";
394 print CONF "#-----------------------------\n";
395 close (LSC);
396 }
c6c9630e
MT		 397 print CONF "\n";
398
399 close(CONF);
400}
8c877a82 401
c6c9630e 402sub emptyserverlog{
87fe47e9 403 if (open(FILE, ">/var/run/ovpnserver.log")) {
c6c9630e
MT		 404 flock FILE, 2;
405 print FILE "";
406 close FILE;
407 }
408
409}
410
8c877a82
AM		 411sub delccdnet
412{
413 my %ccdconfhash = ();
414 my %ccdhash = ();
415 my $ccdnetname=$_[0];
416 if (-f "${General::swroot}/ovpn/ovpnconfig"){
417 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
418 foreach my $key (keys %ccdhash) {
419 if ($ccdhash{$key}[32] eq $ccdnetname) {
420 $errormessage=$Lang::tr{'ccd err hostinnet'};
421 return;
422 }
423 }
424 }
425 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
426 foreach my $key (keys %ccdconfhash) {
427 if ($ccdconfhash{$key}[0] eq $ccdnetname){
428 delete $ccdconfhash{$key};
429 }
430 }
431 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
432
433 &writeserverconf;
434 return 0;
435}
436
437sub addccdnet
438{
439 my %ccdconfhash=();
440 my @ccdconf=();
441 my $ccdname=$_[0];
442 my $ccdnet=$_[1];
8c877a82
AM		 443 my $subcidr;
444 my @ip2=();
445 my $checkup;
446 my $ccdip;
447 my $baseaddress;
290007b3
AM		 448
449
450 #check name
451 if ($ccdname eq '')
452 {
453 $errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>";
454 return
455 }
456
457 if(!&General::validhostname($ccdname))
458 {
8c877a82
AM		 459 $errormessage=$Lang::tr{'ccd err invalidname'};
460 return;
461 }
290007b3
AM		 462
463 ($ccdip,$subcidr) = split (/\//,$ccdnet);
464 $subcidr=&General::iporsubtocidr($subcidr);
465 #check subnet
466 if ($subcidr > 30)
467 {
8c877a82
AM		 468 $errormessage=$Lang::tr{'ccd err invalidnet'};
469 return;
470 }
290007b3
AM		 471 #check ip
472 if (!&General::validipandmask($ccdnet)){
473 $errormessage=$Lang::tr{'ccd err invalidnet'};
474 return;
8c877a82 475 }
b6c60092 476
8c877a82
AM		 477 if (!$errormessage) {
478 my %ccdconfhash=();
479 $baseaddress=&General::getnetworkip($ccdip,$subcidr);
480 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
481 my $key = &General::findhasharraykey (\%ccdconfhash);
482 foreach my $i (0 .. 1) { $ccdconfhash{$key}[$i] = "";}
483 $ccdconfhash{$key}[0] = $ccdname;
484 $ccdconfhash{$key}[1] = $baseaddress."/".$subcidr;
485 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
486 &writeserverconf;
487 $cgiparams{'ccdname'}='';
488 $cgiparams{'ccdsubnet'}='';
489 return 1;
490 }
491}
492
493sub modccdnet
494{
495
496 my $newname=$_[0];
497 my $oldname=$_[1];
498 my %ccdconfhash=();
499 my %ccdhash=();
7ad653cc
SS		 500
501 # Check if the new name is valid.
502 if(!&General::validhostname($newname)) {
503 $errormessage=$Lang::tr{'ccd err invalidname'};
504 return;
505 }
506
8c877a82
AM		 507 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
508 foreach my $key (keys %ccdconfhash) {
509 if ($ccdconfhash{$key}[0] eq $oldname) {
510 foreach my $key1 (keys %ccdconfhash) {
511 if ($ccdconfhash{$key1}[0] eq $newname){
512 $errormessage=$errormessage.$Lang::tr{'ccd err netadrexist'};
513 return;
514 }else{
515 $ccdconfhash{$key}[0]= $newname;
516 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
517 last;
518 }
519 }
520 }
521 }
522
523 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
524 foreach my $key (keys %ccdhash) {
525 if ($ccdhash{$key}[32] eq $oldname) {
526 $ccdhash{$key}[32]=$newname;
527 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
528 last;
529 }
530 }
531
532 return 0;
533}
534sub ccdmaxclients
535{
536 my $ccdnetwork=$_[0];
537 my @octets=();
538 my @subnet=();
539 @octets=split("\/",$ccdnetwork);
540 @subnet= split /\./, &General::cidrtosub($octets[1]);
541 my ($a,$b,$c,$d,$e);
542 $a=256-$subnet[0];
543 $b=256-$subnet[1];
544 $c=256-$subnet[2];
545 $d=256-$subnet[3];
546 $e=($a*$b*$c*$d)/4;
547 return $e-1;
548}
549
550sub getccdadresses
551{
552 my $ipin=$_[0];
553 my ($ip1,$ip2,$ip3,$ip4)=split /\./, $ipin;
554 my $cidr=$_[1];
555 chomp($cidr);
556 my $count=$_[2];
557 my $hasip=$_[3];
558 chomp($hasip);
559 my @iprange=();
560 my %ccdhash=();
561 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
d9fe5693 562 $iprange[0]=$ip1.".".$ip2.".".$ip3.".".($ip4+2);
ac87f371 563 for (my $i=1;$i<=$count;$i++) {
8c877a82
AM		 564 my $tmpip=$iprange[$i-1];
565 my $stepper=$i*4;
566 $iprange[$i]= &General::getnextip($tmpip,4);
567 }
568 my $r=0;
569 foreach my $key (keys %ccdhash) {
570 $r=0;
571 foreach my $tmp (@iprange){
572 my ($net,$sub) = split (/\//,$ccdhash{$key}[33]);
573 if ($net eq $tmp) {
574 if ( $hasip ne $ccdhash{$key}[33] ){
575 splice (@iprange,$r,1);
576 }
577 }
578 $r++;
579 }
580 }
581 return @iprange;
582}
583
584sub fillselectbox
585{
586 my $boxname=$_[1];
587 my ($ccdip,$subcidr) = split("/",$_[0]);
588 my $tz=$_[2];
589 my @allccdips=&getccdadresses($ccdip,$subcidr,&ccdmaxclients($ccdip."/".$subcidr),$tz);
590 print"<select name='$boxname' STYLE='font-family : arial; font-size : 9pt; width:130px;' >";
591 foreach (@allccdips) {
592 my $ip=$_."/30";
593 chomp($ip);
594 print "<option value='$ip' ";
595 if ( $ip eq $cgiparams{$boxname} ){
596 print"selected";
597 }
598 print ">$ip</option>";
599 }
600 print "</select>";
601}
602
603sub hostsinnet
604{
605 my $name=$_[0];
606 my %ccdhash=();
607 my $i=0;
608 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
609 foreach my $key (keys %ccdhash) {
610 if ($ccdhash{$key}[32] eq $name){ $i++;}
611 }
612 return $i;
613}
614
615sub check_routes_push
616{
617 my $val=$_[0];
618 my ($ip,$cidr) = split (/\//, $val);
619 ##check for existing routes in routes_push
620 if (-e "${General::swroot}/ovpn/routes_push") {
621 open(FILE,"${General::swroot}/ovpn/routes_push");
622 while (<FILE>) {
623 $_=~s/\s*$//g;
624
625 my ($ip2,$cidr2) = split (/\//,"$_");
626 my $val2=$ip2."/".&General::iporsubtodec($cidr2);
627
628 if($val eq $val2){
629 return 0;
630 }
631 #subnetcheck
632 if (&General::IpInSubnet ($ip,$ip2,&General::iporsubtodec($cidr2))){
633 return 0;
634 }
635 };
636 close(FILE);
637 }
638 return 1;
639}
640
641sub check_ccdroute
642{
643 my %ccdroutehash=();
644 my $val=$_[0];
645 my ($ip,$cidr) = split (/\//, $val);
646 #check for existing routes in ccdroute
647 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
648 foreach my $key (keys %ccdroutehash) {
649 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
650 if (&General::iporsubtodec($val) eq $ccdroutehash{$key}[$i] && $ccdroutehash{$key}[0] ne $cgiparams{'NAME'}){
651 return 0;
652 }
653 my ($ip2,$cidr2) = split (/\//,$ccdroutehash{$key}[$i]);
654 #subnetcheck
655 if (&General::IpInSubnet ($ip,$ip2,$cidr2)&& $ccdroutehash{$key}[0] ne $cgiparams{'NAME'} ){
656 return 0;
657 }
658 }
659 }
660 return 1;
661}
662sub check_ccdconf
663{
664 my %ccdconfhash=();
665 my $val=$_[0];
666 my ($ip,$cidr) = split (/\//, $val);
667 #check for existing routes in ccdroute
668 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
669 foreach my $key (keys %ccdconfhash) {
670 if (&General::iporsubtocidr($val) eq $ccdconfhash{$key}[1]){
671 return 0;
672 }
673 my ($ip2,$cidr2) = split (/\//,$ccdconfhash{$key}[1]);
674 #subnetcheck
675 if (&General::IpInSubnet ($ip,$ip2,&General::cidrtosub($cidr2))){
676 return 0;
677 }
678
679 }
680 return 1;
681}
682
7c1d9faf
AH		 683###
684# m.a.d net2net
685###
686
687sub validdotmask
688{
689 my $ipdotmask = $_[0];
690 if (&General::validip($ipdotmask)) { return 0; }
691 if (!($ipdotmask =~ /^(.*?)\/(.*?)$/)) { }
692 my $mask = $2;
693 if (($mask =~ /\./ )) { return 0; }
694 return 1;
695}
54fd0535
MT		 696
697# -------------------------------------------------------------------
698
699sub write_routepushfile
700{
701 open(FILE, ">$routes_push_file");
702 flock(FILE, 2);
703 if ($vpnsettings{'ROUTES_PUSH'} ne '') {
704 print FILE $vpnsettings{'ROUTES_PUSH'};
705 }
706 close(FILE);
707}
708
709sub read_routepushfile
710{
711 if (-e "$routes_push_file") {
712 open(FILE,"$routes_push_file");
713 delete $vpnsettings{'ROUTES_PUSH'};
714 while (<FILE>) { $vpnsettings{'ROUTES_PUSH'} .= $_ };
715 close(FILE);
716 $cgiparams{'ROUTES_PUSH'} = $vpnsettings{'ROUTES_PUSH'};
8c877a82 717
54fd0535
MT		 718 }
719}
7c1d9faf 720
775b4494
AM		 721sub writecollectdconf {
722 my $vpncollectd;
723 my %ccdhash=();
724
725 open(COLLECTDVPN, ">${General::swroot}/ovpn/collectd.vpn") or die "Unable to open collectd.vpn: $!";
726 print COLLECTDVPN "Loadplugin openvpn\n";
727 print COLLECTDVPN "\n";
728 print COLLECTDVPN "<Plugin openvpn>\n";
729 print COLLECTDVPN "Statusfile \"/var/run/ovpnserver.log\"\n";
730
731 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
732 foreach my $key (keys %ccdhash) {
733 if ($ccdhash{$key}[0] eq 'on' && $ccdhash{$key}[3] eq 'net') {
734 print COLLECTDVPN "Statusfile \"/var/run/openvpn/$ccdhash{$key}[1]-n2n\"\n";
735 }
736 }
737
738 print COLLECTDVPN "</Plugin>\n";
739 close(COLLECTDVPN);
740
741 # Reload collectd afterwards
742 system("/usr/local/bin/collectdctrl restart &>/dev/null");
743}
7c1d9faf 744
c6c9630e
MT		 745#hier die refresh page
746if ( -e "${General::swroot}/ovpn/gencanow") {
747 my $refresh = '';
748 $refresh = "<meta http-equiv='refresh' content='15;' />";
749 &Header::showhttpheaders();
750 &Header::openpage($Lang::tr{'OVPN'}, 1, $refresh);
751 &Header::openbigbox('100%', 'center');
752 &Header::openbox('100%', 'left', "$Lang::tr{'generate root/host certificates'}:");
753 print "<tr>\n<td align='center'><img src='/images/clock.gif' alt='' /></td>\n";
754 print "<td colspan='2'><font color='red'>Please be patient this realy can take some time on older hardware...</font></td></tr>\n";
755 &Header::closebox();
756 &Header::closebigbox();
757 &Header::closepage();
758 exit (0);
759}
760##hier die refresh page
761
6e13d0a5
MT		 762
763###
764### OpenVPN Server Control
765###
766if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'} ||
767 $cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'} ||
768 $cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}) {
6e13d0a5
MT		 769 #start openvpn server
770 if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'}){
c6c9630e 771 &emptyserverlog();
6e13d0a5
MT		 772 system('/usr/local/bin/openvpnctrl', '-s');
773 }
774 #stop openvpn server
775 if ($cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'}){
6e13d0a5 776 system('/usr/local/bin/openvpnctrl', '-k');
c6c9630e 777 &emptyserverlog();
6e13d0a5
MT		 778 }
779# #restart openvpn server
8c877a82 780# if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){
6e13d0a5 781#workarund, till SIGHUP also works when running as nobody
8c877a82
AM		 782# system('/usr/local/bin/openvpnctrl', '-r');
783# &emptyserverlog();
784# }
6e13d0a5
MT		 785}
786
787###
788### Save Advanced options
789###
790
791if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
792 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
793 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
794 #DAN this value has to leave.
795#new settings for daemon
796 $vpnsettings{'LOG_VERB'} = $cgiparams{'LOG_VERB'};
797 $vpnsettings{'KEEPALIVE_1'} = $cgiparams{'KEEPALIVE_1'};
798 $vpnsettings{'KEEPALIVE_2'} = $cgiparams{'KEEPALIVE_2'};
799 $vpnsettings{'MAX_CLIENTS'} = $cgiparams{'MAX_CLIENTS'};
800 $vpnsettings{'REDIRECT_GW_DEF1'} = $cgiparams{'REDIRECT_GW_DEF1'};
801 $vpnsettings{'CLIENT2CLIENT'} = $cgiparams{'CLIENT2CLIENT'};
6a9d9ff4 802 $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
ffbe77c8 803 $vpnsettings{'ADDITIONAL_CONFIGS'} = $cgiparams{'ADDITIONAL_CONFIGS'};
6e13d0a5
MT		 804 $vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'};
805 $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
806 $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
54fd0535
MT		 807 $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
808 my @temp=();
6e13d0a5 809
a79fa1d6
JPT		 810 if ($cgiparams{'FRAGMENT'} eq '') {
811 delete $vpnsettings{'FRAGMENT'};
812 } else {
813 if ($cgiparams{'FRAGMENT'} !~ /^[0-9]+$/) {
814 $errormessage = "Incorrect value, please insert only numbers.";
815 goto ADV_ERROR;
816 } else {
817 $vpnsettings{'FRAGMENT'} = $cgiparams{'FRAGMENT'};
818 }
819 }
49abe7af 820
a79fa1d6 821 if ($cgiparams{'MSSFIX'} ne 'on') {
1de5c945 822 delete $vpnsettings{'MSSFIX'};
a79fa1d6
JPT		 823 } else {
824 $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
825 }
2ee746be 826
6e13d0a5 827 if ($cgiparams{'DHCP_DOMAIN'} ne ''){
81da1b01 828 unless (&General::validdomainname($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
6e13d0a5
MT		 829 $errormessage = $Lang::tr{'invalid input for dhcp domain'};
830 goto ADV_ERROR;
831 }
832 }
833 if ($cgiparams{'DHCP_DNS'} ne ''){
834 unless (&General::validfqdn($cgiparams{'DHCP_DNS'}) || &General::validip($cgiparams{'DHCP_DNS'})) {
835 $errormessage = $Lang::tr{'invalid input for dhcp dns'};
836 goto ADV_ERROR;
837 }
838 }
839 if ($cgiparams{'DHCP_WINS'} ne ''){
840 unless (&General::validfqdn($cgiparams{'DHCP_WINS'}) || &General::validip($cgiparams{'DHCP_WINS'})) {
841 $errormessage = $Lang::tr{'invalid input for dhcp wins'};
54fd0535
MT		 842 goto ADV_ERROR;
843 }
844 }
845 if ($cgiparams{'ROUTES_PUSH'} ne ''){
846 @temp = split(/\n/,$cgiparams{'ROUTES_PUSH'});
847 undef $vpnsettings{'ROUTES_PUSH'};
8c877a82
AM		 848
849 foreach my $tmpip (@temp)
54fd0535
MT		 850 {
851 s/^\s+//g; s/\s+$//g;
8c877a82
AM		 852
853 if ($tmpip)
54fd0535 854 {
8c877a82
AM		 855 $tmpip=~s/\s*$//g;
856 unless (&General::validipandmask($tmpip)) {
857 $errormessage = "$tmpip ".$Lang::tr{'ovpn errmsg invalid ip or mask'};
858 goto ADV_ERROR;
54fd0535 859 }
8c877a82
AM		 860 my ($ip, $cidr) = split("\/",&General::ipcidr2msk($tmpip));
861
54fd0535
MT		 862 if ($ip eq $netsettings{'GREEN_NETADDRESS'} && $cidr eq $netsettings{'GREEN_NETMASK'}) {
863 $errormessage = $Lang::tr{'ovpn errmsg green already pushed'};
8c877a82
AM		 864 goto ADV_ERROR;
865 }
866# a.marx ccd
867 my %ccdroutehash=();
868 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
869 foreach my $key (keys %ccdroutehash) {
870 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
871 if ( $ip."/".$cidr eq $ccdroutehash{$key}[$i] ){
872 $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ;
873 goto ADV_ERROR;
874 }
875 my ($ip2,$cidr2) = split(/\//,$ccdroutehash{$key}[$i]);
876 if (&General::IpInSubnet ($ip,$ip2,$cidr2)){
877 $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ;
878 goto ADV_ERROR;
879 }
880 }
54fd0535 881 }
8c877a82
AM		 882
883# ccd end
884
885 $vpnsettings{'ROUTES_PUSH'} .= $tmpip."\n";
54fd0535 886 }
8c877a82
AM		 887 }
888 &write_routepushfile;
54fd0535 889 undef $vpnsettings{'ROUTES_PUSH'};
8e148dc3
NP		 890 }
891 else {
892 undef $vpnsettings{'ROUTES_PUSH'};
893 &write_routepushfile;
6e13d0a5 894 }
ba50f66d 895 if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 1024 )) {
6e13d0a5
MT		 896 $errormessage = $Lang::tr{'invalid input for max clients'};
897 goto ADV_ERROR;
898 }
899 if ($cgiparams{'KEEPALIVE_1'} ne '') {
900 if ($cgiparams{'KEEPALIVE_1'} !~ /^[0-9]+$/) {
901 $errormessage = $Lang::tr{'invalid input for keepalive 1'};
902 goto ADV_ERROR;
903 }
904 }
905 if ($cgiparams{'KEEPALIVE_2'} ne ''){
906 if ($cgiparams{'KEEPALIVE_2'} !~ /^[0-9]+$/) {
907 $errormessage = $Lang::tr{'invalid input for keepalive 2'};
908 goto ADV_ERROR;
909 }
910 }
911 if ($cgiparams{'KEEPALIVE_2'} < ($cgiparams{'KEEPALIVE_1'} * 2)){
912 $errormessage = $Lang::tr{'invalid input for keepalive 1:2'};
913 goto ADV_ERROR;
914 }
6e13d0a5 915 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
c6c9630e 916 &writeserverconf();#hier ok
6e13d0a5
MT		 917}
918
ce9abb66 919###
7c1d9faf 920# m.a.d net2net
ce9abb66
AH		 921###
922
923if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'server')
924{
c6c9630e 925
ce9abb66
AH		 926my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
927my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'});
54fd0535 928my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
d96c89eb 929my $tunmtu = '';
531f0835
AH		 930
931unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
932unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
ce9abb66
AH		 933
934 open(SERVERCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
935
936 flock SERVERCONF, 2;
7c1d9faf 937 print SERVERCONF "# IPFire n2n Open VPN Server Config by ummeegge und m.a.d\n";
ce9abb66 938 print SERVERCONF "\n";
b278daf3 939 print SERVERCONF "# User Security\n";
ce9abb66
AH		 940 print SERVERCONF "user nobody\n";
941 print SERVERCONF "group nobody\n";
942 print SERVERCONF "persist-tun\n";
943 print SERVERCONF "persist-key\n";
7c1d9faf 944 print SERVERCONF "script-security 2\n";
60f396d7 945 print SERVERCONF "# IP/DNS for remote Server Gateway\n";
c125d8a2
SS		 946
947 if ($cgiparams{'REMOTE'} ne '') {
ce9abb66 948 print SERVERCONF "remote $cgiparams{'REMOTE'}\n";
c125d8a2
SS		 949 }
950
b278daf3 951 print SERVERCONF "float\n";
60f396d7 952 print SERVERCONF "# IP adresses of the VPN Subnet\n";
ce9abb66 953 print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n";
60f396d7 954 print SERVERCONF "# Client Gateway Network\n";
54fd0535 955 print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n";
1c612d9e 956 print SERVERCONF "# Call up script for static routes\n";
2913185a 957 print SERVERCONF "up \"/etc/init.d/static-routes start\"\n";
60f396d7 958 print SERVERCONF "# tun Device\n";
ce9abb66 959 print SERVERCONF "dev tun\n";
5795fc1b
AM		 960 print SERVERCONF "#Logfile for statistics\n";
961 print SERVERCONF "status-version 1\n";
87fe47e9 962 print SERVERCONF "status /var/run/openvpn/$cgiparams{'NAME'}-n2n 10\n";
60f396d7 963 print SERVERCONF "# Port and Protokol\n";
ce9abb66 964 print SERVERCONF "port $cgiparams{'DEST_PORT'}\n";
5795fc1b 965
60f396d7
AH		 966 if ($cgiparams{'PROTOCOL'} eq 'tcp') {
967 print SERVERCONF "proto tcp-server\n";
968 print SERVERCONF "# Packet size\n";
d96c89eb 969 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
60f396d7 970 print SERVERCONF "tun-mtu $tunmtu\n";
d96c89eb 971 }
60f396d7
AH		 972
973 if ($cgiparams{'PROTOCOL'} eq 'udp') {
974 print SERVERCONF "proto udp\n";
975 print SERVERCONF "# Paketsize\n";
976 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
977 print SERVERCONF "tun-mtu $tunmtu\n";
54fd0535
MT		 978 if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";}
979 if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; };
d96c89eb 980 }
1647059d 981
60f396d7 982 print SERVERCONF "# Auth. Server\n";
ce9abb66
AH		 983 print SERVERCONF "tls-server\n";
984 print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
985 print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
986 print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
49abe7af 987 print SERVERCONF "dh ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}\n";
b278daf3 988 print SERVERCONF "# Cipher\n";
4c962356 989 print SERVERCONF "cipher $cgiparams{'DCIPHER'}\n";
52f61e49
EKD		 990
991 # If GCM cipher is used, do not use --auth
992 if (($cgiparams{'DCIPHER'} eq 'AES-256-GCM') ||
993 ($cgiparams{'DCIPHER'} eq 'AES-192-GCM') ||
994 ($cgiparams{'DCIPHER'} eq 'AES-128-GCM')) {
995 print SERVERCONF unless "# HMAC algorithm\n";
996 print SERVERCONF unless "auth $cgiparams{'DAUTH'}\n";
49abe7af 997 } else {
52f61e49
EKD		 998 print SERVERCONF "# HMAC algorithm\n";
999 print SERVERCONF "auth $cgiparams{'DAUTH'}\n";
49abe7af 1000 }
52f61e49 1001
942446b5
EK		 1002 # Set TLSv1.2 as minimum
1003 print SERVERCONF "tls-version-min 1.2\n";
1004
ce9abb66 1005 if ($cgiparams{'COMPLZO'} eq 'on') {
60f396d7 1006 print SERVERCONF "# Enable Compression\n";
66298ef2 1007 print SERVERCONF "comp-lzo\n";
b278daf3 1008 }
60f396d7 1009 print SERVERCONF "# Debug Level\n";
ce9abb66 1010 print SERVERCONF "verb 3\n";
b278daf3 1011 print SERVERCONF "# Tunnel check\n";
ce9abb66 1012 print SERVERCONF "keepalive 10 60\n";
60f396d7 1013 print SERVERCONF "# Start as daemon\n";
ce9abb66
AH		 1014 print SERVERCONF "daemon $cgiparams{'NAME'}n2n\n";
1015 print SERVERCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n";
60f396d7 1016 print SERVERCONF "# Activate Management Interface and Port\n";
54fd0535
MT		 1017 if ($cgiparams{'OVPN_MGMT'} eq '') {print SERVERCONF "management localhost $cgiparams{'DEST_PORT'}\n"}
1018 else {print SERVERCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"};
ce9abb66
AH		 1019 close(SERVERCONF);
1020
1021}
1022
1023###
7c1d9faf 1024# m.a.d net2net
ce9abb66 1025###
7c1d9faf 1026
ce9abb66
AH		 1027if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client')
1028{
4c962356 1029
ce9abb66 1030 my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'});
54fd0535 1031 my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
ce9abb66 1032 my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
d96c89eb 1033 my $tunmtu = '';
54fd0535 1034
531f0835
AH		 1035unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
1036unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
ce9abb66
AH		 1037
1038 open(CLIENTCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
1039
1040 flock CLIENTCONF, 2;
7c1d9faf 1041 print CLIENTCONF "# IPFire rewritten n2n Open VPN Client Config by ummeegge und m.a.d\n";
ce9abb66 1042 print CLIENTCONF "#\n";
b278daf3 1043 print CLIENTCONF "# User Security\n";
ce9abb66
AH		 1044 print CLIENTCONF "user nobody\n";
1045 print CLIENTCONF "group nobody\n";
1046 print CLIENTCONF "persist-tun\n";
1047 print CLIENTCONF "persist-key\n";
7c1d9faf 1048 print CLIENTCONF "script-security 2\n";
60f396d7 1049 print CLIENTCONF "# IP/DNS for remote Server Gateway\n";
ce9abb66 1050 print CLIENTCONF "remote $cgiparams{'REMOTE'}\n";
b278daf3 1051 print CLIENTCONF "float\n";
60f396d7 1052 print CLIENTCONF "# IP adresses of the VPN Subnet\n";
ce9abb66 1053 print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n";
60f396d7 1054 print CLIENTCONF "# Server Gateway Network\n";
54fd0535 1055 print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";
60f396d7 1056 print CLIENTCONF "# tun Device\n";
ce9abb66 1057 print CLIENTCONF "dev tun\n";
35a21a25
AM		 1058 print CLIENTCONF "#Logfile for statistics\n";
1059 print CLIENTCONF "status-version 1\n";
1060 print CLIENTCONF "status /var/run/openvpn/$cgiparams{'NAME'}-n2n 10\n";
60f396d7 1061 print CLIENTCONF "# Port and Protokol\n";
ce9abb66 1062 print CLIENTCONF "port $cgiparams{'DEST_PORT'}\n";
60f396d7
AH		 1063
1064 if ($cgiparams{'PROTOCOL'} eq 'tcp') {
1065 print CLIENTCONF "proto tcp-client\n";
1066 print CLIENTCONF "# Packet size\n";
d96c89eb 1067 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
60f396d7 1068 print CLIENTCONF "tun-mtu $tunmtu\n";
d96c89eb 1069 }
60f396d7
AH		 1070
1071 if ($cgiparams{'PROTOCOL'} eq 'udp') {
1072 print CLIENTCONF "proto udp\n";
1073 print CLIENTCONF "# Paketsize\n";
1074 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
1075 print CLIENTCONF "tun-mtu $tunmtu\n";
54fd0535
MT		 1076 if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";}
1077 if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; };
d96c89eb 1078 }
1647059d 1079
b66b02ab
EK		 1080 # Check host certificate if X509 is RFC3280 compliant.
1081 # If not, old --ns-cert-type directive will be used.
1082 # If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
1083 my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
1084 if ($hostcert !~ /TLS Web Server Authentication/) {
1085 print CLIENTCONF "ns-cert-type server\n";
1086 } else {
1087 print CLIENTCONF "remote-cert-tls server\n";
1088 }
ce9abb66
AH		 1089 print CLIENTCONF "# Auth. Client\n";
1090 print CLIENTCONF "tls-client\n";
b278daf3 1091 print CLIENTCONF "# Cipher\n";
4c962356 1092 print CLIENTCONF "cipher $cgiparams{'DCIPHER'}\n";
ce9abb66 1093 print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n";
52f61e49
EKD		 1094
1095 # If GCM cipher is used, do not use --auth
1096 if (($cgiparams{'DCIPHER'} eq 'AES-256-GCM') ||
1097 ($cgiparams{'DCIPHER'} eq 'AES-192-GCM') ||
1098 ($cgiparams{'DCIPHER'} eq 'AES-128-GCM')) {
1099 print CLIENTCONF unless "# HMAC algorithm\n";
1100 print CLIENTCONF unless "auth $cgiparams{'DAUTH'}\n";
49abe7af 1101 } else {
52f61e49
EKD		 1102 print CLIENTCONF "# HMAC algorithm\n";
1103 print CLIENTCONF "auth $cgiparams{'DAUTH'}\n";
49abe7af 1104 }
52f61e49 1105
942446b5
EK		 1106 # Set TLSv1.2 as minimum
1107 print CLIENTCONF "tls-version-min 1.2\n";
1108
ce9abb66 1109 if ($cgiparams{'COMPLZO'} eq 'on') {
60f396d7 1110 print CLIENTCONF "# Enable Compression\n";
66298ef2 1111 print CLIENTCONF "comp-lzo\n";
4c962356 1112 }
ce9abb66
AH		 1113 print CLIENTCONF "# Debug Level\n";
1114 print CLIENTCONF "verb 3\n";
b278daf3 1115 print CLIENTCONF "# Tunnel check\n";
ce9abb66 1116 print CLIENTCONF "keepalive 10 60\n";
60f396d7 1117 print CLIENTCONF "# Start as daemon\n";
ce9abb66
AH		 1118 print CLIENTCONF "daemon $cgiparams{'NAME'}n2n\n";
1119 print CLIENTCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n";
60f396d7 1120 print CLIENTCONF "# Activate Management Interface and Port\n";
54fd0535
MT		 1121 if ($cgiparams{'OVPN_MGMT'} eq '') {print CLIENTCONF "management localhost $cgiparams{'DEST_PORT'}\n"}
1122 else {print CLIENTCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"};
ce9abb66 1123 close(CLIENTCONF);
c6c9630e 1124
ce9abb66 1125}
400c8afd 1126
6e13d0a5
MT		 1127###
1128### Save main settings
1129###
ce9abb66 1130
6e13d0a5
MT		 1131if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') {
1132 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
6e13d0a5
MT		 1133 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
1134 #DAN this value has to leave.
1135 if ($cgiparams{'ENABLED'} eq 'on'){
1136 unless (&General::validfqdn($cgiparams{'VPN_IP'}) || &General::validip($cgiparams{'VPN_IP'})) {
1137 $errormessage = $Lang::tr{'invalid input for hostname'};
c6c9630e 1138 goto SETTINGS_ERROR;
6e13d0a5
MT		 1139 }
1140 }
f7fb5bc5 1141
6e13d0a5 1142 if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) {
c6c9630e 1143 $errormessage = $Lang::tr{'ovpn subnet is invalid'};
4c962356 1144 goto SETTINGS_ERROR;
c6c9630e
MT		 1145 }
1146 my @tmpovpnsubnet = split("\/",$cgiparams{'DOVPN_SUBNET'});
1147
1148 if (&General::IpInSubnet ( $netsettings{'RED_ADDRESS'},
1149 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1150 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire RED Network $netsettings{'RED_ADDRESS'}";
1151 goto SETTINGS_ERROR;
1152 }
1153
1154 if (&General::IpInSubnet ( $netsettings{'GREEN_ADDRESS'},
1155 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1156 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Green Network $netsettings{'GREEN_ADDRESS'}";
1157 goto SETTINGS_ERROR;
1158 }
1159
1160 if (&General::IpInSubnet ( $netsettings{'BLUE_ADDRESS'},
1161 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1162 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Blue Network $netsettings{'BLUE_ADDRESS'}";
1163 goto SETTINGS_ERROR;
1164 }
1165
1166 if (&General::IpInSubnet ( $netsettings{'ORANGE_ADDRESS'},
1167 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1168 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Orange Network $netsettings{'ORANGE_ADDRESS'}";
1169 goto SETTINGS_ERROR;
1170 }
1171 open(ALIASES, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.';
1172 while (<ALIASES>)
1173 {
1174 chomp($_);
1175 my @tempalias = split(/\,/,$_);
1176 if ($tempalias[1] eq 'on') {
1177 if (&General::IpInSubnet ($tempalias[0] ,
1178 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1179 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire alias entry $tempalias[0]";
1180 }
1181 }
1182 }
1183 close(ALIASES);
6e13d0a5 1184 if ($errormessage ne ''){
c6c9630e 1185 goto SETTINGS_ERROR;
6e13d0a5
MT		 1186 }
1187 if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
1188 $errormessage = $Lang::tr{'invalid input'};
1189 goto SETTINGS_ERROR;
1190 }
1191 if ((length($cgiparams{'DMTU'})==0) || (($cgiparams{'DMTU'}) < 1000 )) {
1192 $errormessage = $Lang::tr{'invalid mtu input'};
1193 goto SETTINGS_ERROR;
1194 }
1195
1196 unless (&General::validport($cgiparams{'DDEST_PORT'})) {
c6c9630e
MT		 1197 $errormessage = $Lang::tr{'invalid port'};
1198 goto SETTINGS_ERROR;
6e13d0a5 1199 }
8c252e6a 1200
b21a6319
EK		 1201 # Create ta.key for tls-auth if not presant
1202 if ($cgiparams{'TLSAUTH'} eq 'on') {
1203 if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
1204 system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
1205 if ($?) {
1206 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1207 goto SETTINGS_ERROR;
1208 }
1209 }
1210 }
1211
6e13d0a5
MT		 1212 $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
1213 $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
1214 $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
1215 $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
1216#new settings for daemon
1217 $vpnsettings{'DOVPN_SUBNET'} = $cgiparams{'DOVPN_SUBNET'};
6e13d0a5
MT		 1218 $vpnsettings{'DPROTOCOL'} = $cgiparams{'DPROTOCOL'};
1219 $vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'};
1220 $vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
1221 $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
1222 $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
86308adb 1223 $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
0c4ffc69 1224 $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
3ffee04b
CS		 1225#wrtie enable
1226
1227 if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");}
1228 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_orange 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_orange 2>/dev/null");}
1229 if ( $vpnsettings{'ENABLED'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable 2>/dev/null");}
6e13d0a5
MT		 1230#new settings for daemon
1231 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
c6c9630e 1232 &writeserverconf();#hier ok
6e13d0a5
MT		 1233SETTINGS_ERROR:
1234###
1235### Reset all step 2
1236###
4c962356 1237}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'} && $cgiparams{'AREUSURE'} eq 'yes') {
6e13d0a5
MT		 1238 my $file = '';
1239 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1240
1e499e90
MT		 1241 # Kill all N2N connections
1242 system("/usr/local/bin/openvpnctrl -kn2n &>/dev/null");
1243
6e13d0a5 1244 foreach my $key (keys %confighash) {
2f36a7b4
MT		 1245 my $name = $confighash{$cgiparams{'$key'}}[1];
1246
c6c9630e
MT		 1247 if ($confighash{$key}[4] eq 'cert') {
1248 delete $confighash{$cgiparams{'$key'}};
1249 }
2f36a7b4 1250
8ae4010b 1251 system ("/usr/local/bin/openvpnctrl -drrd $name &>/dev/null");
6e13d0a5
MT		 1252 }
1253 while ($file = glob("${General::swroot}/ovpn/ca/*")) {
49abe7af 1254 unlink $file;
6e13d0a5
MT		 1255 }
1256 while ($file = glob("${General::swroot}/ovpn/certs/*")) {
49abe7af 1257 unlink $file;
6e13d0a5
MT		 1258 }
1259 while ($file = glob("${General::swroot}/ovpn/crls/*")) {
49abe7af 1260 unlink $file;
6e13d0a5 1261 }
4c962356 1262 &cleanssldatabase();
6e13d0a5
MT		 1263 if (open(FILE, ">${General::swroot}/ovpn/caconfig")) {
1264 print FILE "";
1265 close FILE;
1266 }
49abe7af
EK		 1267 if (open(FILE, ">${General::swroot}/ovpn/ccdroute")) {
1268 print FILE "";
1269 close FILE;
1270 }
1271 if (open(FILE, ">${General::swroot}/ovpn/ccdroute2")) {
1272 print FILE "";
1273 close FILE;
1274 }
1275 while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
1276 unlink $file
1277 }
5795fc1b
AM		 1278 while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
1279 unlink $file
1280 }
49abe7af
EK		 1281 if (open(FILE, ">${General::swroot}/ovpn/ovpn-leases.db")) {
1282 print FILE "";
1283 close FILE;
1284 }
1285 if (open(FILE, ">${General::swroot}/ovpn/ovpnconfig")) {
1286 print FILE "";
1287 close FILE;
1288 }
1289 while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) {
1290 system ("rm -rf $file");
1291 }
1292
2f36a7b4
MT		 1293 # Remove everything from the collectd configuration
1294 &writecollectdconf();
1295
c6c9630e 1296 #&writeserverconf();
6e13d0a5
MT		 1297###
1298### Reset all step 1
1299###
4c962356 1300}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'}) {
6e13d0a5 1301 &Header::showhttpheaders();
4c962356
EK		 1302 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
1303 &Header::openbigbox('100%', 'left', '', '');
1304 &Header::openbox('100%', 'left', $Lang::tr{'are you sure'});
1305 print <<END;
1306 <form method='post'>
1307 <table width='100%'>
1308 <tr>
1309 <td align='center'>
1310 <input type='hidden' name='AREUSURE' value='yes' />
49abe7af 1311 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
4c962356
EK		 1312 $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}</td>
1313 </tr>
1314 <tr>
1315 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' />
1316 <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td>
1317 </tr>
1318 </table>
1319 </form>
6e13d0a5
MT		 1320END
1321 ;
1322 &Header::closebox();
1323 &Header::closebigbox();
1324 &Header::closepage();
1325 exit (0);
1326
4c962356
EK		 1327###
1328### Generate DH key step 2
1329###
1330} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'} && $cgiparams{'AREUSURE'} eq 'yes') {
49abe7af 1331 # Delete if old key exists
4c962356
EK		 1332 if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
1333 unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
1334 }
1335 # Create Diffie Hellmann Parameter
badd8c1c 1336 system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
4c962356
EK		 1337 if ($?) {
1338 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1339 unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
1340 }
1341
1342###
1343### Generate DH key step 1
1344###
1345} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'}) {
1346 &Header::showhttpheaders();
1347 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
1348 &Header::openbigbox('100%', 'LEFT', '', '');
1349 &Header::openbox('100%', 'LEFT', "$Lang::tr{'gen dh'}:");
1350 print <<END;
1351 <table width='100%'>
1352 <tr>
f527e53f 1353 <td width='20%'> </td> <td width='15%'></td> <td width='65%'></td>
49abe7af 1354 </tr>
4c962356
EK		 1355 <tr>
1356 <td class='base'>$Lang::tr{'ovpn dh'}:</td>
1357 <td align='center'>
1358 <form method='post'><input type='hidden' name='AREUSURE' value='yes' />
1359 <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
1360 <select name='DHLENGHT'>
4c962356
EK		 1361 <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
1362 <option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
1363 <option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
1364 </select>
1365 </td>
1366 </tr>
1367 <tr><td colspan='4'><br></td></tr>
1368 </table>
1369 <table width='100%'>
1370 <tr>
49abe7af 1371 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}: </font></b>$Lang::tr{'dh key warn'}
4c962356 1372 </tr>
49abe7af
EK		 1373 <tr>
1374 <td class='base'>$Lang::tr{'dh key warn1'}</td>
1375 </tr>
1376 <tr><td colspan='2'><br></td></tr>
4c962356
EK		 1377 <tr>
1378 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
1379 </form>
1380 </tr>
1381 </table>
1382
1383END
1384 ;
1385 &Header::closebox();
1386 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1387 &Header::closebigbox();
1388 &Header::closepage();
1389 exit (0);
1390
1391###
1392### Upload DH key
1393###
1394} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload dh key'}) {
2ad1b18b 1395 unless (ref ($cgiparams{'FH'})) {
4c962356
EK		 1396 $errormessage = $Lang::tr{'there was no file upload'};
1397 goto UPLOADCA_ERROR;
1398 }
49abe7af 1399 # Move uploaded dh key to a temporary file
4c962356
EK		 1400 (my $fh, my $filename) = tempfile( );
1401 if (copy ($cgiparams{'FH'}, $fh) != 1) {
1402 $errormessage = $!;
49abe7af 1403 goto UPLOADCA_ERROR;
4c962356 1404 }
49abe7af 1405 my $temp = `/usr/bin/openssl dhparam -text -in $filename`;
400c8afd 1406 if ($temp !~ /DH Parameters: \((2048|3072|4096) bit\)/) {
4c962356
EK		 1407 $errormessage = $Lang::tr{'not a valid dh key'};
1408 unlink ($filename);
1409 goto UPLOADCA_ERROR;
1410 } else {
1411 # Delete if old key exists
1412 if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
1413 unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
1414 }
1415 move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
49abe7af
EK		 1416 if ($? ne 0) {
1417 $errormessage = "$Lang::tr{'dh key move failed'}: $!";
1418 unlink ($filename);
1419 goto UPLOADCA_ERROR;
1420 }
4c962356
EK		 1421 }
1422
6e13d0a5
MT		 1423###
1424### Upload CA Certificate
1425###
1426} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload ca certificate'}) {
1427 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1428
1429 if ($cgiparams{'CA_NAME'} !~ /^[a-zA-Z0-9]+$/) {
1430 $errormessage = $Lang::tr{'name must only contain characters'};
1431 goto UPLOADCA_ERROR;
1432 }
1433
1434 if (length($cgiparams{'CA_NAME'}) >60) {
1435 $errormessage = $Lang::tr{'name too long'};
1436 goto VPNCONF_ERROR;
1437 }
1438
1439 if ($cgiparams{'CA_NAME'} eq 'ca') {
1440 $errormessage = $Lang::tr{'name is invalid'};
4c962356 1441 goto UPLOADCA_ERROR;
6e13d0a5
MT		 1442 }
1443
1444 # Check if there is no other entry with this name
1445 foreach my $key (keys %cahash) {
c6c9630e
MT		 1446 if ($cahash{$key}[0] eq $cgiparams{'CA_NAME'}) {
1447 $errormessage = $Lang::tr{'a ca certificate with this name already exists'};
1448 goto UPLOADCA_ERROR;
1449 }
6e13d0a5
MT		 1450 }
1451
2ad1b18b 1452 unless (ref ($cgiparams{'FH'})) {
c6c9630e
MT		 1453 $errormessage = $Lang::tr{'there was no file upload'};
1454 goto UPLOADCA_ERROR;
6e13d0a5
MT		 1455 }
1456 # Move uploaded ca to a temporary file
1457 (my $fh, my $filename) = tempfile( );
1458 if (copy ($cgiparams{'FH'}, $fh) != 1) {
c6c9630e
MT		 1459 $errormessage = $!;
1460 goto UPLOADCA_ERROR;
6e13d0a5
MT		 1461 }
1462 my $temp = `/usr/bin/openssl x509 -text -in $filename`;
c6c9630e
MT		 1463 if ($temp !~ /CA:TRUE/i) {
1464 $errormessage = $Lang::tr{'not a valid ca certificate'};
1465 unlink ($filename);
1466 goto UPLOADCA_ERROR;
6e13d0a5 1467 } else {
c6c9630e
MT		 1468 move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem");
1469 if ($? ne 0) {
1470 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1471 unlink ($filename);
1472 goto UPLOADCA_ERROR;
1473 }
6e13d0a5
MT		 1474 }
1475
1476 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem`;
1477 $casubject =~ /Subject: (.*)[\n]/;
1478 $casubject = $1;
1479 $casubject =~ s+/Email+, E+;
1480 $casubject =~ s/ ST=/ S=/;
1481 $casubject = &Header::cleanhtml($casubject);
1482
1483 my $key = &General::findhasharraykey (\%cahash);
1484 $cahash{$key}[0] = $cgiparams{'CA_NAME'};
1485 $cahash{$key}[1] = $casubject;
1486 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
c6c9630e
MT		 1487# system('/usr/local/bin/ipsecctrl', 'R');
1488
6e13d0a5
MT		 1489 UPLOADCA_ERROR:
1490
1491###
1492### Display ca certificate
1493###
1494} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show ca certificate'}) {
c6c9630e
MT		 1495 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1496
1497 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem") {
1498 &Header::showhttpheaders();
4c962356 1499 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
c6c9630e
MT		 1500 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
1501 &Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:");
1502 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
1503 $output = &Header::cleanhtml($output,"y");
1504 print "<pre>$output</pre>\n";
1505 &Header::closebox();
1506 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1507 &Header::closebigbox();
1508 &Header::closepage();
1509 exit(0);
1510 } else {
1511 $errormessage = $Lang::tr{'invalid key'};
1512 }
1513
6e13d0a5
MT		 1514###
1515### Download ca certificate
1516###
1517} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download ca certificate'}) {
1518 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1519
1520 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1521 print "Content-Type: application/octet-stream\r\n";
1522 print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
1523 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
1524 exit(0);
1525 } else {
1526 $errormessage = $Lang::tr{'invalid key'};
1527 }
1528
1529###
1530### Remove ca certificate (step 2)
1531###
1532} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'} && $cgiparams{'AREUSURE'} eq 'yes') {
1533 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1534 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1535
1536 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1537 foreach my $key (keys %confighash) {
1538 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
1539 if ($test =~ /: OK/) {
c6c9630e
MT		 1540 # Delete connection
1541# if ($vpnsettings{'ENABLED'} eq 'on' ||
1542# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
1543# system('/usr/local/bin/ipsecctrl', 'D', $key);
1544# }
6e13d0a5
MT		 1545 unlink ("${General::swroot}/ovpn//certs/$confighash{$key}[1]cert.pem");
1546 unlink ("${General::swroot}/ovpn/certs/$confighash{$key}[1].p12");
1547 delete $confighash{$key};
1548 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 1549# &writeipsecfiles();
6e13d0a5
MT		 1550 }
1551 }
1552 unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
1553 delete $cahash{$cgiparams{'KEY'}};
1554 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
c6c9630e 1555# system('/usr/local/bin/ipsecctrl', 'R');
6e13d0a5
MT		 1556 } else {
1557 $errormessage = $Lang::tr{'invalid key'};
1558 }
1559###
1560### Remove ca certificate (step 1)
1561###
1562} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'}) {
1563 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1564 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1565
1566 my $assignedcerts = 0;
1567 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1568 foreach my $key (keys %confighash) {
1569 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
1570 if ($test =~ /: OK/) {
1571 $assignedcerts++;
1572 }
1573 }
1574 if ($assignedcerts) {
1575 &Header::showhttpheaders();
4c962356 1576 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
6e13d0a5
MT		 1577 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
1578 &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'});
4c962356 1579 print <<END;
6e13d0a5
MT		 1580 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
1581 <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
1582 <tr><td align='center'>
1583 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>: $assignedcerts
1584 $Lang::tr{'connections are associated with this ca. deleting the ca will delete these connections as well.'}
1585 <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
1586 <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td></tr>
1587 </form></table>
1588END
1589 ;
1590 &Header::closebox();
1591 &Header::closebigbox();
1592 &Header::closepage();
1593 exit (0);
1594 } else {
1595 unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
1596 delete $cahash{$cgiparams{'KEY'}};
1597 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1598# system('/usr/local/bin/ipsecctrl', 'R');
1599 }
1600 } else {
1601 $errormessage = $Lang::tr{'invalid key'};
1602 }
1603
1604###
1605### Display root certificate
1606###
c6c9630e
MT		 1607}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} ||
1608 $cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
1609 my $output;
1610 &Header::showhttpheaders();
4c962356 1611 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
c6c9630e
MT		 1612 &Header::openbigbox('100%', 'LEFT', '', '');
1613 if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
1614 &Header::openbox('100%', 'LEFT', "$Lang::tr{'root certificate'}:");
1615 $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
1616 } else {
1617 &Header::openbox('100%', 'LEFT', "$Lang::tr{'host certificate'}:");
1618 $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
1619 }
1620 $output = &Header::cleanhtml($output,"y");
1621 print "<pre>$output</pre>\n";
1622 &Header::closebox();
1623 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1624 &Header::closebigbox();
1625 &Header::closepage();
1626 exit(0);
1627
6e13d0a5
MT		 1628###
1629### Download root certificate
1630###
1631}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download root certificate'}) {
1632 if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
1633 print "Content-Type: application/octet-stream\r\n";
1634 print "Content-Disposition: filename=cacert.pem\r\n\r\n";
1635 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/cacert.pem`;
1636 exit(0);
1637 }
1638
1639###
1640### Download host certificate
1641###
1642}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download host certificate'}) {
1643 if ( -f "${General::swroot}/ovpn/certs/servercert.pem" ) {
1644 print "Content-Type: application/octet-stream\r\n";
1645 print "Content-Disposition: filename=servercert.pem\r\n\r\n";
1646 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem`;
1647 exit(0);
1648 }
f7fb5bc5 1649
fd5ccb2d
EK		 1650###
1651### Download tls-auth key
1652###
1653}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download tls-auth key'}) {
1654 if ( -f "${General::swroot}/ovpn/certs/ta.key" ) {
1655 print "Content-Type: application/octet-stream\r\n";
1656 print "Content-Disposition: filename=ta.key\r\n\r\n";
1657 print `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
1658 exit(0);
1659 }
1660
6e13d0a5
MT		 1661###
1662### Form for generating a root certificate
1663###
1664}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate root/host certificates'} ||
1665 $cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
1666
1667 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1668 if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
1669 $errormessage = $Lang::tr{'valid root certificate already exists'};
1670 $cgiparams{'ACTION'} = '';
1671 goto ROOTCERT_ERROR;
1672 }
1673
1674 if (($cgiparams{'ROOTCERT_HOSTNAME'} eq '') && -e "${General::swroot}/red/active") {
1675 if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
1676 my $ipaddr = <IPADDR>;
1677 close IPADDR;
1678 chomp ($ipaddr);
1679 $cgiparams{'ROOTCERT_HOSTNAME'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
1680 if ($cgiparams{'ROOTCERT_HOSTNAME'} eq '') {
1681 $cgiparams{'ROOTCERT_HOSTNAME'} = $ipaddr;
1682 }
1683 }
1684 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
2ad1b18b 1685 unless (ref ($cgiparams{'FH'})) {
6e13d0a5
MT		 1686 $errormessage = $Lang::tr{'there was no file upload'};
1687 goto ROOTCERT_ERROR;
1688 }
1689
1690 # Move uploaded certificate request to a temporary file
1691 (my $fh, my $filename) = tempfile( );
1692 if (copy ($cgiparams{'FH'}, $fh) != 1) {
1693 $errormessage = $!;
1694 goto ROOTCERT_ERROR;
1695 }
1696
1697 # Create a temporary dirctory
1698 my $tempdir = tempdir( CLEANUP => 1 );
1699
1700 # Extract the CA certificate from the file
1701 my $pid = open(OPENSSL, "|-");
1702 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1703 if ($pid) { # parent
1704 if ($cgiparams{'P12_PASS'} ne '') {
1705 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1706 }
1707 close (OPENSSL);
1708 if ($?) {
1709 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1710 unlink ($filename);
1711 goto ROOTCERT_ERROR;
1712 }
1713 } else { # child
1714 unless (exec ('/usr/bin/openssl', 'pkcs12', '-cacerts', '-nokeys',
1715 '-in', $filename,
1716 '-out', "$tempdir/cacert.pem")) {
1717 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1718 unlink ($filename);
1719 goto ROOTCERT_ERROR;
1720 }
1721 }
1722
1723 # Extract the Host certificate from the file
1724 $pid = open(OPENSSL, "|-");
1725 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1726 if ($pid) { # parent
1727 if ($cgiparams{'P12_PASS'} ne '') {
1728 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1729 }
1730 close (OPENSSL);
1731 if ($?) {
1732 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1733 unlink ($filename);
1734 goto ROOTCERT_ERROR;
1735 }
1736 } else { # child
1737 unless (exec ('/usr/bin/openssl', 'pkcs12', '-clcerts', '-nokeys',
1738 '-in', $filename,
1739 '-out', "$tempdir/hostcert.pem")) {
1740 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1741 unlink ($filename);
1742 goto ROOTCERT_ERROR;
1743 }
1744 }
1745
1746 # Extract the Host key from the file
1747 $pid = open(OPENSSL, "|-");
1748 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1749 if ($pid) { # parent
1750 if ($cgiparams{'P12_PASS'} ne '') {
1751 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1752 }
1753 close (OPENSSL);
1754 if ($?) {
1755 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1756 unlink ($filename);
1757 goto ROOTCERT_ERROR;
1758 }
1759 } else { # child
1760 unless (exec ('/usr/bin/openssl', 'pkcs12', '-nocerts',
1761 '-nodes',
1762 '-in', $filename,
1763 '-out', "$tempdir/serverkey.pem")) {
1764 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1765 unlink ($filename);
1766 goto ROOTCERT_ERROR;
1767 }
1768 }
1769
1770 move("$tempdir/cacert.pem", "${General::swroot}/ovpn/ca/cacert.pem");
1771 if ($? ne 0) {
1772 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1773 unlink ($filename);
1774 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1775 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1776 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1777 goto ROOTCERT_ERROR;
1778 }
1779
1780 move("$tempdir/hostcert.pem", "${General::swroot}/ovpn/certs/servercert.pem");
1781 if ($? ne 0) {
1782 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1783 unlink ($filename);
1784 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1785 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1786 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1787 goto ROOTCERT_ERROR;
1788 }
1789
1790 move("$tempdir/serverkey.pem", "${General::swroot}/ovpn/certs/serverkey.pem");
1791 if ($? ne 0) {
1792 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1793 unlink ($filename);
1794 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1795 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1796 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1797 goto ROOTCERT_ERROR;
1798 }
1799
1800 goto ROOTCERT_SUCCESS;
1801
1802 } elsif ($cgiparams{'ROOTCERT_COUNTRY'} ne '') {
1803
1804 # Validate input since the form was submitted
1805 if ($cgiparams{'ROOTCERT_ORGANIZATION'} eq ''){
1806 $errormessage = $Lang::tr{'organization cant be empty'};
1807 goto ROOTCERT_ERROR;
1808 }
1809 if (length($cgiparams{'ROOTCERT_ORGANIZATION'}) >60) {
1810 $errormessage = $Lang::tr{'organization too long'};
1811 goto ROOTCERT_ERROR;
1812 }
1813 if ($cgiparams{'ROOTCERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1814 $errormessage = $Lang::tr{'invalid input for organization'};
1815 goto ROOTCERT_ERROR;
1816 }
1817 if ($cgiparams{'ROOTCERT_HOSTNAME'} eq ''){
1818 $errormessage = $Lang::tr{'hostname cant be empty'};
1819 goto ROOTCERT_ERROR;
1820 }
1821 unless (&General::validfqdn($cgiparams{'ROOTCERT_HOSTNAME'}) || &General::validip($cgiparams{'ROOTCERT_HOSTNAME'})) {
1822 $errormessage = $Lang::tr{'invalid input for hostname'};
1823 goto ROOTCERT_ERROR;
1824 }
1825 if ($cgiparams{'ROOTCERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'ROOTCERT_EMAIL'}))) {
1826 $errormessage = $Lang::tr{'invalid input for e-mail address'};
1827 goto ROOTCERT_ERROR;
1828 }
1829 if (length($cgiparams{'ROOTCERT_EMAIL'}) > 40) {
1830 $errormessage = $Lang::tr{'e-mail address too long'};
1831 goto ROOTCERT_ERROR;
1832 }
1833 if ($cgiparams{'ROOTCERT_OU'} ne '' && $cgiparams{'ROOTCERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1834 $errormessage = $Lang::tr{'invalid input for department'};
1835 goto ROOTCERT_ERROR;
1836 }
1837 if ($cgiparams{'ROOTCERT_CITY'} ne '' && $cgiparams{'ROOTCERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1838 $errormessage = $Lang::tr{'invalid input for city'};
1839 goto ROOTCERT_ERROR;
1840 }
1841 if ($cgiparams{'ROOTCERT_STATE'} ne '' && $cgiparams{'ROOTCERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1842 $errormessage = $Lang::tr{'invalid input for state or province'};
1843 goto ROOTCERT_ERROR;
1844 }
1845 if ($cgiparams{'ROOTCERT_COUNTRY'} !~ /^[A-Z]*$/) {
1846 $errormessage = $Lang::tr{'invalid input for country'};
1847 goto ROOTCERT_ERROR;
1848 }
1849
1850 # Copy the cgisettings to vpnsettings and save the configfile
1851 $vpnsettings{'ROOTCERT_ORGANIZATION'} = $cgiparams{'ROOTCERT_ORGANIZATION'};
1852 $vpnsettings{'ROOTCERT_HOSTNAME'} = $cgiparams{'ROOTCERT_HOSTNAME'};
1853 $vpnsettings{'ROOTCERT_EMAIL'} = $cgiparams{'ROOTCERT_EMAIL'};
1854 $vpnsettings{'ROOTCERT_OU'} = $cgiparams{'ROOTCERT_OU'};
1855 $vpnsettings{'ROOTCERT_CITY'} = $cgiparams{'ROOTCERT_CITY'};
1856 $vpnsettings{'ROOTCERT_STATE'} = $cgiparams{'ROOTCERT_STATE'};
1857 $vpnsettings{'ROOTCERT_COUNTRY'} = $cgiparams{'ROOTCERT_COUNTRY'};
1858 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
1859
1860 # Replace empty strings with a .
1861 (my $ou = $cgiparams{'ROOTCERT_OU'}) =~ s/^\s*$/\./;
1862 (my $city = $cgiparams{'ROOTCERT_CITY'}) =~ s/^\s*$/\./;
1863 (my $state = $cgiparams{'ROOTCERT_STATE'}) =~ s/^\s*$/\./;
1864
1865 # refresh
c6c9630e 1866 #system ('/bin/touch', "${General::swroot}/ovpn/gencanow");
6e13d0a5
MT		 1867
1868 # Create the CA certificate
1869 my $pid = open(OPENSSL, "|-");
1870 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1871 if ($pid) { # parent
1872 print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n";
1873 print OPENSSL "$state\n";
1874 print OPENSSL "$city\n";
1875 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n";
1876 print OPENSSL "$ou\n";
1877 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'} CA\n";
1878 print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n";
1879 close (OPENSSL);
1880 if ($?) {
1881 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1882 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1883 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1884 goto ROOTCERT_ERROR;
1885 }
1886 } else { # child
badd8c1c 1887 unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes',
49abe7af 1888 '-days', '999999', '-newkey', 'rsa:4096', '-sha512',
6e13d0a5
MT		 1889 '-keyout', "${General::swroot}/ovpn/ca/cakey.pem",
1890 '-out', "${General::swroot}/ovpn/ca/cacert.pem",
1891 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
1892 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1893 goto ROOTCERT_ERROR;
1894 }
1895 }
1896
1897 # Create the Host certificate request
1898 $pid = open(OPENSSL, "|-");
1899 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1900 if ($pid) { # parent
1901 print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n";
1902 print OPENSSL "$state\n";
1903 print OPENSSL "$city\n";
1904 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n";
1905 print OPENSSL "$ou\n";
1906 print OPENSSL "$cgiparams{'ROOTCERT_HOSTNAME'}\n";
1907 print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n";
1908 print OPENSSL ".\n";
1909 print OPENSSL ".\n";
1910 close (OPENSSL);
1911 if ($?) {
1912 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1913 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1914 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1915 goto ROOTCERT_ERROR;
1916 }
1917 } else { # child
badd8c1c 1918 unless (exec ('/usr/bin/openssl', 'req', '-nodes',
4c962356 1919 '-newkey', 'rsa:2048',
6e13d0a5
MT		 1920 '-keyout', "${General::swroot}/ovpn/certs/serverkey.pem",
1921 '-out', "${General::swroot}/ovpn/certs/serverreq.pem",
1922 '-extensions', 'server',
1923 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
1924 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1925 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1926 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1927 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1928 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1929 goto ROOTCERT_ERROR;
1930 }
1931 }
1932
1933 # Sign the host certificate request
1934 system('/usr/bin/openssl', 'ca', '-days', '999999',
1935 '-batch', '-notext',
1936 '-in', "${General::swroot}/ovpn/certs/serverreq.pem",
1937 '-out', "${General::swroot}/ovpn/certs/servercert.pem",
1938 '-extensions', 'server',
1939 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf");
1940 if ($?) {
1941 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1942 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1943 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1944 unlink ("${General::swroot}/ovpn/serverkey.pem");
1945 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1946 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
c6c9630e 1947 &newcleanssldatabase();
6e13d0a5
MT		 1948 goto ROOTCERT_ERROR;
1949 } else {
1950 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
c6c9630e 1951 &deletebackupcert();
6e13d0a5
MT		 1952 }
1953
1954 # Create an empty CRL
1955 system('/usr/bin/openssl', 'ca', '-gencrl',
1956 '-out', "${General::swroot}/ovpn/crls/cacrl.pem",
1957 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" );
1958 if ($?) {
1959 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1960 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1961 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1962 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1963 unlink ("${General::swroot}/ovpn/crls/cacrl.pem");
c6c9630e 1964 &cleanssldatabase();
6e13d0a5 1965 goto ROOTCERT_ERROR;
c6c9630e
MT		 1966# } else {
1967# &cleanssldatabase();
6e13d0a5 1968 }
ae04d0a3
EK		 1969 # Create ta.key for tls-auth
1970 system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
1971 if ($?) {
1972 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1973 &cleanssldatabase();
1974 goto ROOTCERT_ERROR;
1975 }
6e13d0a5 1976 # Create Diffie Hellmann Parameter
badd8c1c 1977 system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
6e13d0a5
MT		 1978 if ($?) {
1979 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1980 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1981 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1982 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1983 unlink ("${General::swroot}/ovpn/crls/cacrl.pem");
1984 unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
c6c9630e 1985 &cleanssldatabase();
6e13d0a5 1986 goto ROOTCERT_ERROR;
c6c9630e
MT		 1987# } else {
1988# &cleanssldatabase();
4be45949 1989 }
6e13d0a5
MT		 1990 goto ROOTCERT_SUCCESS;
1991 }
1992 ROOTCERT_ERROR:
1993 if ($cgiparams{'ACTION'} ne '') {
1994 &Header::showhttpheaders();
4c962356 1995 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
6e13d0a5
MT		 1996 &Header::openbigbox('100%', 'LEFT', '', '');
1997 if ($errormessage) {
1998 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
1999 print "<class name='base'>$errormessage";
2000 print "&nbsp;</class>";
2001 &Header::closebox();
2002 }
2003 &Header::openbox('100%', 'LEFT', "$Lang::tr{'generate root/host certificates'}:");
49abe7af 2004 print <<END;
6e13d0a5
MT		 2005 <form method='post' enctype='multipart/form-data'>
2006 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
e3edceeb 2007 <tr><td width='30%' class='base'>$Lang::tr{'organization name'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
6e13d0a5
MT		 2008 <td width='35%' class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_ORGANIZATION' value='$cgiparams{'ROOTCERT_ORGANIZATION'}' size='32' /></td>
2009 <td width='35%' colspan='2'>&nbsp;</td></tr>
e3edceeb 2010 <tr><td class='base'>$Lang::tr{'ipfires hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
6e13d0a5
MT		 2011 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_HOSTNAME' value='$cgiparams{'ROOTCERT_HOSTNAME'}' size='32' /></td>
2012 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2013 <tr><td class='base'>$Lang::tr{'your e-mail'}:</td>
6e13d0a5
MT		 2014 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_EMAIL' value='$cgiparams{'ROOTCERT_EMAIL'}' size='32' /></td>
2015 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2016 <tr><td class='base'>$Lang::tr{'your department'}:</td>
6e13d0a5
MT		 2017 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_OU' value='$cgiparams{'ROOTCERT_OU'}' size='32' /></td>
2018 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2019 <tr><td class='base'>$Lang::tr{'city'}:</td>
6e13d0a5
MT		 2020 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_CITY' value='$cgiparams{'ROOTCERT_CITY'}' size='32' /></td>
2021 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2022 <tr><td class='base'>$Lang::tr{'state or province'}:</td>
6e13d0a5
MT		 2023 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_STATE' value='$cgiparams{'ROOTCERT_STATE'}' size='32' /></td>
2024 <td colspan='2'>&nbsp;</td></tr>
2025 <tr><td class='base'>$Lang::tr{'country'}:</td>
2026 <td class='base'><select name='ROOTCERT_COUNTRY'>
2027
2028END
2029 ;
2030 foreach my $country (sort keys %{Countries::countries}) {
2031 print "<option value='$Countries::countries{$country}'";
2032 if ( $Countries::countries{$country} eq $cgiparams{'ROOTCERT_COUNTRY'} ) {
2033 print " selected='selected'";
2034 }
2035 print ">$country</option>";
2036 }
49abe7af 2037 print <<END;
6e13d0a5 2038 </select></td>
4c962356
EK		 2039 <tr><td class='base'>$Lang::tr{'ovpn dh'}:</td>
2040 <td class='base'><select name='DHLENGHT'>
4c962356
EK		 2041 <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
2042 <option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
2043 <option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
2044 </select>
2045 </td>
2046 </tr>
2047
6e13d0a5
MT		 2048 <tr><td>&nbsp;</td>
2049 <td><input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' /></td>
2050 <td>&nbsp;</td><td>&nbsp;</td></tr>
2051 <tr><td class='base' colspan='4' align='left'>
e3edceeb 2052 <img src='/blob.gif' valign='top' alt='*' />&nbsp;$Lang::tr{'required field'}</td></tr>
49abe7af
EK		 2053 <tr><td colspan='2'><br></td></tr>
2054 <table width='100%'>
2055 <tr>
2056 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}: </font></b>$Lang::tr{'ovpn generating the root and host certificates'}
2057 <td class='base'>$Lang::tr{'dh key warn'}</td>
4c962356 2058 </tr>
49abe7af
EK		 2059 <tr>
2060 <td class='base'>$Lang::tr{'dh key warn1'}</td>
4c962356 2061 </tr>
49abe7af
EK		 2062 <tr><td colspan='2'><br></td></tr>
2063 <tr>
2064 </table>
4c962356 2065
49abe7af 2066 <table width='100%'>
4c962356 2067 <tr><td colspan='4'><hr></td></tr>
e3edceeb 2068 <tr><td class='base' nowrap='nowrap'>$Lang::tr{'upload p12 file'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
6e13d0a5
MT		 2069 <td nowrap='nowrap'><input type='file' name='FH' size='32'></td>
2070 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2071 <tr><td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
6e13d0a5
MT		 2072 <td class='base' nowrap='nowrap'><input type='password' name='P12_PASS' value='$cgiparams{'P12_PASS'}' size='32' /></td>
2073 <td colspan='2'>&nbsp;</td></tr>
2074 <tr><td>&nbsp;</td>
2075 <td><input type='submit' name='ACTION' value='$Lang::tr{'upload p12 file'}' /></td>
2076 <td colspan='2'>&nbsp;</td></tr>
2077 <tr><td class='base' colspan='4' align='left'>
e3edceeb 2078 <img src='/blob.gif' valign='top' alt='*' >&nbsp;$Lang::tr{'required field'}</td>
4c962356 2079 </tr>
6e13d0a5
MT		 2080 </form></table>
2081END
2082 ;
2083 &Header::closebox();
4c962356 2084 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
6e13d0a5
MT		 2085 &Header::closebigbox();
2086 &Header::closepage();
2087 exit(0)
2088 }
2089
2090 ROOTCERT_SUCCESS:
2091 system ("chmod 600 ${General::swroot}/ovpn/certs/serverkey.pem");
c6c9630e
MT		 2092# if ($vpnsettings{'ENABLED'} eq 'on' ||
2093# $vpnsettings{'ENABLE_BLUE'} eq 'on') {
2094# system('/usr/local/bin/ipsecctrl', 'S');
2095# }
6e13d0a5
MT		 2096
2097###
2098### Enable/Disable connection
2099###
ce9abb66
AH		 2100
2101###
7c1d9faf 2102# m.a.d net2net
ce9abb66
AH		 2103###
2104
6e13d0a5 2105}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
c6c9630e
MT		 2106
2107 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
6e13d0a5 2108 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66
AH		 2109# my $n2nactive = '';
2110 my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk \'{print \$1}\'`;
2111
6e13d0a5 2112 if ($confighash{$cgiparams{'KEY'}}) {
8c877a82
AM		 2113 if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
2114 $confighash{$cgiparams{'KEY'}}[0] = 'on';
2115 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66 2116
8c877a82 2117 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
775b4494
AM		 2118 system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
2119 &writecollectdconf();
8c877a82
AM		 2120 }
2121 } else {
ce9abb66 2122
8c877a82
AM		 2123 $confighash{$cgiparams{'KEY'}}[0] = 'off';
2124 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66 2125
8c877a82 2126 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
775b4494
AM		 2127 if ($n2nactive ne '') {
2128 system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
2129 &writecollectdconf();
2130 }
ce9abb66 2131
8c877a82 2132 } else {
775b4494 2133 $errormessage = $Lang::tr{'invalid key'};
8c877a82 2134 }
775b4494 2135 }
ce9abb66 2136 }
6e13d0a5
MT		 2137
2138###
2139### Download OpenVPN client package
2140###
ce9abb66
AH		 2141
2142
6e13d0a5
MT		 2143} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'dl client arch'}) {
2144 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2145 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2146 my $file = '';
2147 my $clientovpn = '';
2148 my @fileholder;
2149 my $tempdir = tempdir( CLEANUP => 1 );
2150 my $zippath = "$tempdir/";
ce9abb66
AH		 2151
2152###
7c1d9faf
AH		 2153# m.a.d net2net
2154###
ce9abb66
AH		 2155
2156if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
2157
2158 my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-Client.zip";
2159 my $zippathname = "$zippath$zipname";
2160 $clientovpn = "$confighash{$cgiparams{'KEY'}}[1].conf";
2161 my @ovsubnettemp = split(/\./,$confighash{$cgiparams{'KEY'}}[27]);
54fd0535 2162 my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
ce9abb66 2163 my $tunmtu = '';
7c1d9faf 2164 my @remsubnet = split(/\//,$confighash{$cgiparams{'KEY'}}[8]);
54fd0535 2165 my $n2nfragment = '';
ce9abb66
AH		 2166
2167 open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
2168 flock CLIENTCONF, 2;
2169
2170 my $zip = Archive::Zip->new();
7c1d9faf 2171 print CLIENTCONF "# IPFire n2n Open VPN Client Config by ummeegge und m.a.d\n";
ce9abb66 2172 print CLIENTCONF "# \n";
b278daf3 2173 print CLIENTCONF "# User Security\n";
ce9abb66
AH		 2174 print CLIENTCONF "user nobody\n";
2175 print CLIENTCONF "group nobody\n";
2176 print CLIENTCONF "persist-tun\n";
2177 print CLIENTCONF "persist-key\n";
7c1d9faf 2178 print CLIENTCONF "script-security 2\n";
60f396d7 2179 print CLIENTCONF "# IP/DNS for remote Server Gateway\n";
531f0835 2180 print CLIENTCONF "remote $vpnsettings{'VPN_IP'}\n";
b278daf3 2181 print CLIENTCONF "float\n";
60f396d7 2182 print CLIENTCONF "# IP adresses of the VPN Subnet\n";
ce9abb66 2183 print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n";
b278daf3 2184 print CLIENTCONF "# Server Gateway Network\n";
7c1d9faf 2185 print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";
b278daf3 2186 print CLIENTCONF "# tun Device\n";
79e7688b 2187 print CLIENTCONF "dev tun\n";
35a21a25
AM		 2188 print CLIENTCONF "#Logfile for statistics\n";
2189 print CLIENTCONF "status-version 1\n";
2190 print CLIENTCONF "status /var/run/openvpn/$cgiparams{'NAME'}-n2n 10\n";
60f396d7 2191 print CLIENTCONF "# Port and Protokoll\n";
ce9abb66 2192 print CLIENTCONF "port $confighash{$cgiparams{'KEY'}}[29]\n";
60f396d7
AH		 2193
2194 if ($confighash{$cgiparams{'KEY'}}[28] eq 'tcp') {
2195 print CLIENTCONF "proto tcp-client\n";
2196 print CLIENTCONF "# Packet size\n";
d96c89eb 2197 if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1400'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
60f396d7 2198 print CLIENTCONF "tun-mtu $tunmtu\n";
d96c89eb 2199 }
60f396d7
AH		 2200
2201 if ($confighash{$cgiparams{'KEY'}}[28] eq 'udp') {
2202 print CLIENTCONF "proto udp\n";
2203 print CLIENTCONF "# Paketsize\n";
2204 if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1500'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
2205 print CLIENTCONF "tun-mtu $tunmtu\n";
54fd0535 2206 if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";}
60f396d7 2207 if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";}
d96c89eb 2208 }
b66b02ab
EK		 2209 # Check host certificate if X509 is RFC3280 compliant.
2210 # If not, old --ns-cert-type directive will be used.
2211 # If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
2212 my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
2213 if ($hostcert !~ /TLS Web Server Authentication/) {
2214 print CLIENTCONF "ns-cert-type server\n";
2215 } else {
2216 print CLIENTCONF "remote-cert-tls server\n";
2217 }
ce9abb66
AH		 2218 print CLIENTCONF "# Auth. Client\n";
2219 print CLIENTCONF "tls-client\n";
49abe7af 2220 print CLIENTCONF "# Cipher\n";
4c962356 2221 print CLIENTCONF "cipher $confighash{$cgiparams{'KEY'}}[40]\n";
ce9abb66
AH		 2222 if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
2223 print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n";
2224 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
49abe7af 2225 }
52f61e49
EKD		 2226
2227 # If GCM cipher is used, do not use --auth
2228 if (($confighash{$cgiparams{'KEY'}}[40] eq 'AES-256-GCM') ||
2229 ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-192-GCM') ||
2230 ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-128-GCM')) {
2231 print CLIENTCONF unless "# HMAC algorithm\n";
2232 print CLIENTCONF unless "auth $confighash{$cgiparams{'KEY'}}[39]\n";
49abe7af 2233 } else {
52f61e49
EKD		 2234 print CLIENTCONF "# HMAC algorithm\n";
2235 print CLIENTCONF "auth $confighash{$cgiparams{'KEY'}}[39]\n";
49abe7af 2236 }
52f61e49 2237
4c962356 2238 if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') {
b278daf3 2239 print CLIENTCONF "# Enable Compression\n";
66298ef2 2240 print CLIENTCONF "comp-lzo\n";
b278daf3 2241 }
ce9abb66
AH		 2242 print CLIENTCONF "# Debug Level\n";
2243 print CLIENTCONF "verb 3\n";
b278daf3 2244 print CLIENTCONF "# Tunnel check\n";
ce9abb66 2245 print CLIENTCONF "keepalive 10 60\n";
b278daf3 2246 print CLIENTCONF "# Start as daemon\n";
ce9abb66
AH		 2247 print CLIENTCONF "daemon $confighash{$cgiparams{'KEY'}}[1]n2n\n";
2248 print CLIENTCONF "writepid /var/run/$confighash{$cgiparams{'KEY'}}[1]n2n.pid\n";
b278daf3 2249 print CLIENTCONF "# Activate Management Interface and Port\n";
54fd0535
MT		 2250 if ($confighash{$cgiparams{'KEY'}}[22] eq '') {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[29]\n"}
2251 else {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[22]\n"};
ce9abb66 2252 print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n";
531f0835 2253
ce9abb66
AH		 2254
2255 close(CLIENTCONF);
2256
2257 $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
2258 my $status = $zip->writeToFileNamed($zippathname);
2259
2260 open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!";
2261 @fileholder = <DLFILE>;
2262 print "Content-Type:application/x-download\n";
2263 print "Content-Disposition:attachment;filename=$zipname\n\n";
2264 print @fileholder;
2265 exit (0);
2266}
2267else
2268{
2269 my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip";
2270 my $zippathname = "$zippath$zipname";
2271 $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn";
2272
2273###
7c1d9faf 2274# m.a.d net2net
ce9abb66
AH		 2275###
2276
c6c9630e 2277 open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
6e13d0a5
MT		 2278 flock CLIENTCONF, 2;
2279
2280 my $zip = Archive::Zip->new();
2281
8c877a82 2282 print CLIENTCONF "#OpenVPN Client conf\r\n";
6e13d0a5
MT		 2283 print CLIENTCONF "tls-client\r\n";
2284 print CLIENTCONF "client\r\n";
4f6e3ae3 2285 print CLIENTCONF "nobind\r\n";
79e7688b 2286 print CLIENTCONF "dev tun\r\n";
c6c9630e 2287 print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n";
2ee746be 2288
32405d88 2289 # Check if we are using fragment, mssfix and set MTU to 1500
2ee746be
SS		 2290 # or use configured value.
2291 if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' )
79e7688b 2292 { print CLIENTCONF "tun-mtu 1500\r\n"; }
2ee746be 2293 elsif ($vpnsettings{MSSFIX} eq 'on')
79e7688b 2294 { print CLIENTCONF "tun-mtu 1500\r\n"; }
2ee746be 2295 else
79e7688b 2296 { print CLIENTCONF "tun-mtu $vpnsettings{'DMTU'}\r\n"; }
2ee746be 2297
6e13d0a5
MT		 2298 if ( $vpnsettings{'ENABLED'} eq 'on'){
2299 print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n";
c6c9630e
MT		 2300 if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){
2301 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Blue interface\r\n";
2302 print CLIENTCONF ";remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2303 }
2304 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2305 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n";
2306 print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2307 }
2308 } elsif ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){
2309 print CLIENTCONF "remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2310 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2311 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n";
2312 print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2313 }
2314 } elsif ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2315 print CLIENTCONF "remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
6e13d0a5
MT		 2316 }
2317
71af643c
MT		 2318 my $file_crt = new File::Temp( UNLINK => 1 );
2319 my $file_key = new File::Temp( UNLINK => 1 );
b22d8aaf 2320 my $include_certs = 0;
71af643c 2321
6e13d0a5 2322 if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
71af643c 2323 if ($cgiparams{'MODE'} eq 'insecure') {
b22d8aaf
MT		 2324 $include_certs = 1;
2325
71af643c 2326 # Add the CA
b22d8aaf 2327 print CLIENTCONF ";ca cacert.pem\r\n";
71af643c
MT		 2328 $zip->addFile("${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
2329
2330 # Extract the certificate
2331 system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
2332 '-clcerts', '-nokeys', '-nodes', '-out', "$file_crt" , '-passin', 'pass:');
2333 if ($?) {
2334 die "openssl error: $?";
2335 }
2336
2337 $zip->addFile("$file_crt", "$confighash{$cgiparams{'KEY'}}[1].pem") or die;
b22d8aaf 2338 print CLIENTCONF ";cert $confighash{$cgiparams{'KEY'}}[1].pem\r\n";
71af643c
MT		 2339
2340 # Extract the key
2341 system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
2342 '-nocerts', '-nodes', '-out', "$file_key", '-passin', 'pass:');
2343 if ($?) {
2344 die "openssl error: $?";
2345 }
2346
2347 $zip->addFile("$file_key", "$confighash{$cgiparams{'KEY'}}[1].key") or die;
b22d8aaf 2348 print CLIENTCONF ";key $confighash{$cgiparams{'KEY'}}[1].key\r\n";
71af643c
MT		 2349 } else {
2350 print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n";
2351 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
2352 }
6e13d0a5 2353 } else {
c6c9630e
MT		 2354 print CLIENTCONF "ca cacert.pem\r\n";
2355 print CLIENTCONF "cert $confighash{$cgiparams{'KEY'}}[1]cert.pem\r\n";
2356 print CLIENTCONF "key $confighash{$cgiparams{'KEY'}}[1].key\r\n";
2357 $zip->addFile( "${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
2358 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n";
6e13d0a5
MT		 2359 }
2360 print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
49abe7af 2361 print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n";
86308adb 2362
49abe7af 2363 if ($vpnsettings{'TLSAUTH'} eq 'on') {
b22d8aaf
MT		 2364 if ($cgiparams{'MODE'} eq 'insecure') {
2365 print CLIENTCONF ";";
2366 }
4be45949
EK		 2367 print CLIENTCONF "tls-auth ta.key\r\n";
2368 $zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key") or die "Can't add file ta.key\n";
49abe7af 2369 }
6e13d0a5
MT		 2370 if ($vpnsettings{DCOMPLZO} eq 'on') {
2371 print CLIENTCONF "comp-lzo\r\n";
2372 }
2373 print CLIENTCONF "verb 3\r\n";
b66b02ab
EK		 2374 # Check host certificate if X509 is RFC3280 compliant.
2375 # If not, old --ns-cert-type directive will be used.
2376 # If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
2377 my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
2378 if ($hostcert !~ /TLS Web Server Authentication/) {
2379 print CLIENTCONF "ns-cert-type server\r\n";
2380 } else {
2381 print CLIENTCONF "remote-cert-tls server\r\n";
2382 }
964700d4 2383 print CLIENTCONF "verify-x509-name $vpnsettings{ROOTCERT_HOSTNAME} name\r\n";
a79fa1d6
JPT		 2384 if ($vpnsettings{MSSFIX} eq 'on') {
2385 print CLIENTCONF "mssfix\r\n";
2386 }
74225cce 2387 if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) {
a79fa1d6
JPT		 2388 print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
2389 }
1647059d 2390
b22d8aaf
MT		 2391 if ($include_certs) {
2392 print CLIENTCONF "\r\n";
2393
2394 # CA
2395 open(FILE, "<${General::swroot}/ovpn/ca/cacert.pem");
2396 print CLIENTCONF "<ca>\r\n";
2397 while (<FILE>) {
2398 chomp($_);
2399 print CLIENTCONF "$_\r\n";
2400 }
2401 print CLIENTCONF "</ca>\r\n\r\n";
2402 close(FILE);
2403
2404 # Cert
2405 open(FILE, "<$file_crt");
2406 print CLIENTCONF "<cert>\r\n";
2407 while (<FILE>) {
2408 chomp($_);
2409 print CLIENTCONF "$_\r\n";
2410 }
2411 print CLIENTCONF "</cert>\r\n\r\n";
2412 close(FILE);
2413
2414 # Key
2415 open(FILE, "<$file_key");
2416 print CLIENTCONF "<key>\r\n";
2417 while (<FILE>) {
2418 chomp($_);
2419 print CLIENTCONF "$_\r\n";
2420 }
2421 print CLIENTCONF "</key>\r\n\r\n";
2422 close(FILE);
2423
2424 # TLS auth
2425 if ($vpnsettings{'TLSAUTH'} eq 'on') {
2426 open(FILE, "<${General::swroot}/ovpn/certs/ta.key");
2427 print CLIENTCONF "<tls-auth>\r\n";
2428 while (<FILE>) {
2429 chomp($_);
2430 print CLIENTCONF "$_\r\n";
2431 }
2432 print CLIENTCONF "</tls-auth>\r\n\r\n";
2433 close(FILE);
2434 }
2435 }
2436
ffbe77c8
EK		 2437 # Print client.conf.local if entries exist to client.ovpn
2438 if (!-z $local_clientconf && $vpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') {
2439 open (LCC, "$local_clientconf");
2440 print CLIENTCONF "\n#---------------------------\n";
2441 print CLIENTCONF "# Start of custom directives\n";
2442 print CLIENTCONF "# from client.conf.local\n";
2443 print CLIENTCONF "#---------------------------\n\n";
2444 while (<LCC>) {
2445 print CLIENTCONF $_;
2446 }
2447 print CLIENTCONF "\n#---------------------------\n";
2448 print CLIENTCONF "# End of custom directives\n";
2449 print CLIENTCONF "#---------------------------\n\n";
2450 close (LCC);
2451 }
6e13d0a5 2452 close(CLIENTCONF);
ce9abb66 2453
6e13d0a5
MT		 2454 $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
2455 my $status = $zip->writeToFileNamed($zippathname);
2456
2457 open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!";
2458 @fileholder = <DLFILE>;
2459 print "Content-Type:application/x-download\n";
2460 print "Content-Disposition:attachment;filename=$zipname\n\n";
2461 print @fileholder;
2462 exit (0);
ce9abb66
AH		 2463 }
2464
2465
2466
6e13d0a5
MT		 2467###
2468### Remove connection
2469###
ce9abb66
AH		 2470
2471
6e13d0a5 2472} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
323be7c4
AM		 2473 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2474 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 2475
323be7c4 2476 if ($confighash{$cgiparams{'KEY'}}) {
fde9c9dd 2477 # Revoke certificate if certificate was deleted and rewrite the CRL
323be7c4 2478 my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
fde9c9dd 2479 my $tempA = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
ce9abb66
AH		 2480
2481###
7c1d9faf 2482# m.a.d net2net
ce9abb66 2483###
7c1d9faf 2484
323be7c4 2485 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
1e499e90 2486 # Stop the N2N connection before it is removed
6ad43b0f 2487 system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
1e499e90 2488
323be7c4
AM		 2489 my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
2490 my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
2491 unlink ($certfile);
2492 unlink ($conffile);
8e6a8fd5 2493
323be7c4
AM		 2494 if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") {
2495 rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
2496 }
323be7c4 2497 }
ce9abb66 2498
323be7c4
AM		 2499 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
2500 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
8c877a82
AM		 2501
2502# A.Marx CCD delete ccd files and routes
2503
323be7c4
AM		 2504 if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]")
2505 {
2506 unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]";
8c877a82 2507 }
e81be1e1 2508
323be7c4
AM		 2509 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
2510 foreach my $key (keys %ccdroutehash) {
2511 if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
2512 delete $ccdroutehash{$key};
2513 }
8c877a82 2514 }
323be7c4 2515 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
8c877a82 2516
323be7c4
AM		 2517 &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
2518 foreach my $key (keys %ccdroute2hash) {
2519 if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
2520 delete $ccdroute2hash{$key};
2521 }
2522 }
2523 &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
2524 &writeserverconf;
8c877a82 2525
323be7c4
AM		 2526# CCD end
2527 # Update collectd configuration and delete all RRD files of the removed connection
2528 &writecollectdconf();
fa4dbe27 2529 system ('/usr/local/bin/openvpnctrl', '-drrd', $confighash{$cgiparams{'KEY'}}[1]);
8c877a82 2530
323be7c4
AM		 2531 delete $confighash{$cgiparams{'KEY'}};
2532 my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
2533 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2534
2535 } else {
2536 $errormessage = $Lang::tr{'invalid key'};
2537 }
b2e75449 2538 &General::firewall_reload();
ce9abb66 2539
6e13d0a5
MT		 2540###
2541### Download PKCS12 file
2542###
2543} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download pkcs12 file'}) {
2544 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2545
2546 print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . ".p12\r\n";
2547 print "Content-Type: application/octet-stream\r\n\r\n";
2548 print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12`;
2549 exit (0);
2550
2551###
2552### Display certificate
2553###
2554} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show certificate'}) {
2555 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2556
2557 if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
c6c9630e 2558 &Header::showhttpheaders();
4c962356 2559 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
c6c9630e
MT		 2560 &Header::openbigbox('100%', 'LEFT', '', '');
2561 &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:");
2562 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
2563 $output = &Header::cleanhtml($output,"y");
2564 print "<pre>$output</pre>\n";
2565 &Header::closebox();
2566 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2567 &Header::closebigbox();
2568 &Header::closepage();
2569 exit(0);
6e13d0a5 2570 }
4c962356
EK		 2571
2572###
2573### Display Diffie-Hellman key
2574###
2575} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show dh'}) {
2576
2577 if (! -e "${General::swroot}/ovpn/ca/dh1024.pem") {
49abe7af 2578 $errormessage = $Lang::tr{'not present'};
4c962356
EK		 2579 } else {
2580 &Header::showhttpheaders();
2581 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
2582 &Header::openbigbox('100%', 'LEFT', '', '');
2583 &Header::openbox('100%', 'LEFT', "$Lang::tr{'dh'}:");
2584 my $output = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
2585 $output = &Header::cleanhtml($output,"y");
2586 print "<pre>$output</pre>\n";
2587 &Header::closebox();
2588 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2589 &Header::closebigbox();
2590 &Header::closepage();
2591 exit(0);
2592 }
2593
fd5ccb2d
EK		 2594###
2595### Display tls-auth key
2596###
2597} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show tls-auth key'}) {
2598
2599 if (! -e "${General::swroot}/ovpn/certs/ta.key") {
2600 $errormessage = $Lang::tr{'not present'};
2601 } else {
2602 &Header::showhttpheaders();
2603 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
2604 &Header::openbigbox('100%', 'LEFT', '', '');
2605 &Header::openbox('100%', 'LEFT', "$Lang::tr{'ta key'}:");
2606 my $output = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
2607 $output = &Header::cleanhtml($output,"y");
2608 print "<pre>$output</pre>\n";
2609 &Header::closebox();
2610 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2611 &Header::closebigbox();
2612 &Header::closepage();
2613 exit(0);
2614 }
2615
6e13d0a5
MT		 2616###
2617### Display Certificate Revoke List
2618###
2619} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show crl'}) {
c6c9630e
MT		 2620# &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2621
49abe7af
EK		 2622 if (! -e "${General::swroot}/ovpn/crls/cacrl.pem") {
2623 $errormessage = $Lang::tr{'not present'};
2624 } else {
b2e75449
MT		 2625 &Header::showhttpheaders();
2626 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
2627 &Header::openbigbox('100%', 'LEFT', '', '');
2628 &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
2629 my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`;
2630 $output = &Header::cleanhtml($output,"y");
2631 print "<pre>$output</pre>\n";
2632 &Header::closebox();
2633 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2634 &Header::closebigbox();
2635 &Header::closepage();
2636 exit(0);
6e13d0a5
MT		 2637 }
2638
2639###
2640### Advanced Server Settings
2641###
2642
2643} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'advanced server'}) {
2644 %cgiparams = ();
2645 %cahash = ();
2646 %confighash = ();
8c877a82 2647 my $disabled;
6e13d0a5 2648 &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
54fd0535 2649 read_routepushfile;
8c877a82
AM		 2650
2651
c6c9630e
MT		 2652# if ($cgiparams{'CLIENT2CLIENT'} eq '') {
2653# $cgiparams{'CLIENT2CLIENT'} = 'on';
2654# }
6e13d0a5
MT		 2655ADV_ERROR:
2656 if ($cgiparams{'MAX_CLIENTS'} eq '') {
4c962356 2657 $cgiparams{'MAX_CLIENTS'} = '100';
6e13d0a5 2658 }
6e13d0a5 2659 if ($cgiparams{'KEEPALIVE_1'} eq '') {
4c962356 2660 $cgiparams{'KEEPALIVE_1'} = '10';
6e13d0a5
MT		 2661 }
2662 if ($cgiparams{'KEEPALIVE_2'} eq '') {
4c962356 2663 $cgiparams{'KEEPALIVE_2'} = '60';
6e13d0a5
MT		 2664 }
2665 if ($cgiparams{'LOG_VERB'} eq '') {
4c962356 2666 $cgiparams{'LOG_VERB'} = '3';
ae9f6139 2667 }
f527e53f 2668 if ($cgiparams{'TLSAUTH'} eq '') {
754066e6 2669 $cgiparams{'TLSAUTH'} = 'off';
f527e53f 2670 }
6e13d0a5
MT		 2671 $checked{'CLIENT2CLIENT'}{'off'} = '';
2672 $checked{'CLIENT2CLIENT'}{'on'} = '';
2673 $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
2674 $checked{'REDIRECT_GW_DEF1'}{'off'} = '';
2675 $checked{'REDIRECT_GW_DEF1'}{'on'} = '';
2676 $checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED';
13389777
EK		 2677 $checked{'DCOMPLZO'}{'off'} = '';
2678 $checked{'DCOMPLZO'}{'on'} = '';
2679 $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
ffbe77c8
EK		 2680 $checked{'ADDITIONAL_CONFIGS'}{'off'} = '';
2681 $checked{'ADDITIONAL_CONFIGS'}{'on'} = '';
2682 $checked{'ADDITIONAL_CONFIGS'}{$cgiparams{'ADDITIONAL_CONFIGS'}} = 'CHECKED';
a79fa1d6
JPT		 2683 $checked{'MSSFIX'}{'off'} = '';
2684 $checked{'MSSFIX'}{'on'} = '';
2685 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
49abe7af 2686 $selected{'LOG_VERB'}{'0'} = '';
6e13d0a5
MT		 2687 $selected{'LOG_VERB'}{'1'} = '';
2688 $selected{'LOG_VERB'}{'2'} = '';
2689 $selected{'LOG_VERB'}{'3'} = '';
2690 $selected{'LOG_VERB'}{'4'} = '';
2691 $selected{'LOG_VERB'}{'5'} = '';
2692 $selected{'LOG_VERB'}{'6'} = '';
2693 $selected{'LOG_VERB'}{'7'} = '';
2694 $selected{'LOG_VERB'}{'8'} = '';
2695 $selected{'LOG_VERB'}{'9'} = '';
2696 $selected{'LOG_VERB'}{'10'} = '';
2697 $selected{'LOG_VERB'}{'11'} = '';
6e13d0a5 2698 $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
f527e53f 2699
6e13d0a5
MT		 2700 &Header::showhttpheaders();
2701 &Header::openpage($Lang::tr{'status ovpn'}, 1, '');
2702 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
2703 if ($errormessage) {
c6c9630e
MT		 2704 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2705 print "<class name='base'>$errormessage\n";
2706 print "&nbsp;</class>\n";
2707 &Header::closebox();
6e13d0a5
MT		 2708 }
2709 &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'});
4c962356 2710 print <<END;
b376fae4 2711 <form method='post' enctype='multipart/form-data'>
b2e75449 2712<table width='100%' border=0>
4c962356
EK		 2713 <tr>
2714 <td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
6e13d0a5
MT		 2715 </tr>
2716 <tr>
4c962356 2717 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
6e13d0a5
MT		 2718 </tr>
2719 <tr>
4c962356 2720 <td class='base'>Domain</td>
8c877a82 2721 <td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30' /></td>
6e13d0a5
MT		 2722 </tr>
2723 <tr>
4c962356
EK		 2724 <td class='base'>DNS</td>
2725 <td><input type='TEXT' name='DHCP_DNS' value='$cgiparams{'DHCP_DNS'}' size='30' /></td>
6e13d0a5
MT		 2726 </tr>
2727 <tr>
4c962356
EK		 2728 <td class='base'>WINS</td>
2729 <td><input type='TEXT' name='DHCP_WINS' value='$cgiparams{'DHCP_WINS'}' size='30' /></td>
2730 </tr>
54fd0535 2731 <tr>
4c962356 2732 <td colspan='4'><b>$Lang::tr{'ovpn routes push options'}</b></td>
54fd0535
MT		 2733 </tr>
2734 <tr>
4c962356
EK		 2735 <td class='base'>$Lang::tr{'ovpn routes push'}</td>
2736 <td colspan='2'>
2737 <textarea name='ROUTES_PUSH' cols='26' rows='6' wrap='off'>
54fd0535
MT		 2738END
2739;
2740
2741if ($cgiparams{'ROUTES_PUSH'} ne '')
2742{
2743 print $cgiparams{'ROUTES_PUSH'};
2744}
2745
8c877a82 2746print <<END;
54fd0535
MT		 2747</textarea></td>
2748</tr>
6e13d0a5
MT		 2749 </tr>
2750</table>
2751<hr size='1'>
4c962356 2752<table width='100%'>
ffbe77c8 2753 <tr>
4c962356 2754 <td class'base'><b>$Lang::tr{'misc-options'}</b></td>
ffbe77c8
EK		 2755 </tr>
2756
2757 <tr>
d2de0a00 2758 <td width='20%'></td> <td width='15%'> </td><td width='35%'> </td><td width='20%'></td><td width='35%'></td>
ffbe77c8
EK		 2759 </tr>
2760
2761 <tr>
4c962356
EK		 2762 <td class='base'>Client-To-Client</td>
2763 <td><input type='checkbox' name='CLIENT2CLIENT' $checked{'CLIENT2CLIENT'}{'on'} /></td>
ffbe77c8
EK		 2764 </tr>
2765
2766 <tr>
4c962356
EK		 2767 <td class='base'>Redirect-Gateway def1</td>
2768 <td><input type='checkbox' name='REDIRECT_GW_DEF1' $checked{'REDIRECT_GW_DEF1'}{'on'} /></td>
ffbe77c8
EK		 2769 </tr>
2770
13389777
EK		 2771 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
2772 <td><input type='checkbox' name='DCOMPLZO' $checked{'DCOMPLZO'}{'on'} /></td>
2773 <td>$Lang::tr{'openvpn default'}: off <font color='red'>($Lang::tr{'attention'} exploitable via Voracle)</font></td>
2774 </tr>
2775
4c962356 2776 <tr>
ffbe77c8
EK		 2777 <td class='base'>$Lang::tr{'ovpn add conf'}</td>
2778 <td><input type='checkbox' name='ADDITIONAL_CONFIGS' $checked{'ADDITIONAL_CONFIGS'}{'on'} /></td>
2779 <td>$Lang::tr{'openvpn default'}: off</td>
2780 </tr>
2781
2782 <tr>
2783 <td class='base'>mssfix</td>
2784 <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
2785 <td>$Lang::tr{'openvpn default'}: off</td>
2786 </tr>
2787
4c962356 2788 <tr>
ffbe77c8
EK		 2789 <td class='base'>fragment <br></td>
2790 <td><input type='TEXT' name='FRAGMENT' value='$cgiparams{'FRAGMENT'}' size='10' /></td>
2791 </tr>
2792
2793
2794 <tr>
2795 <td class='base'>Max-Clients</td>
2796 <td><input type='text' name='MAX_CLIENTS' value='$cgiparams{'MAX_CLIENTS'}' size='10' /></td>
2797 </tr>
2798 <tr>
2799 <td class='base'>Keepalive <br />
2800 (ping/ping-restart)</td>
2801 <td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='10' /></td>
2802 <td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='10' /></td>
2803 </tr>
a79fa1d6
JPT		 2804</table>
2805
a79fa1d6 2806<hr size='1'>
4c962356 2807<table width='100%'>
a79fa1d6 2808 <tr>
49abe7af 2809 <td class'base'><b>$Lang::tr{'log-options'}</b></td>
a79fa1d6
JPT		 2810 </tr>
2811 <tr>
49abe7af 2812 <td width='20%'></td> <td width='30%'> </td><td width='25%'> </td><td width='25%'></td>
4c962356
EK		 2813 </tr>
2814
2815 <tr><td class='base'>VERB</td>
2816 <td><select name='LOG_VERB'>
49abe7af
EK		 2817 <option value='0' $selected{'LOG_VERB'}{'0'}>0</option>
2818 <option value='1' $selected{'LOG_VERB'}{'1'}>1</option>
2819 <option value='2' $selected{'LOG_VERB'}{'2'}>2</option>
2820 <option value='3' $selected{'LOG_VERB'}{'3'}>3</option>
2821 <option value='4' $selected{'LOG_VERB'}{'4'}>4</option>
2822 <option value='5' $selected{'LOG_VERB'}{'5'}>5</option>
2823 <option value='6' $selected{'LOG_VERB'}{'6'}>6</option>
2824 <option value='7' $selected{'LOG_VERB'}{'7'}>7</option>
2825 <option value='8' $selected{'LOG_VERB'}{'8'}>8</option>
2826 <option value='9' $selected{'LOG_VERB'}{'9'}>9</option>
2827 <option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
2828 <option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
2829 </td></select>
2830 </table>
4c962356 2831
6e13d0a5 2832<hr size='1'>
8c877a82
AM		 2833END
2834
2835if ( -e "/var/run/openvpn.pid"){
2836print" <br><b><font color='#990000'>$Lang::tr{'attention'}:</b></font><br>
2837 $Lang::tr{'server restart'}<br><br>
2838 <hr>";
49abe7af 2839 print<<END;
52d08bcb
AM		 2840<table width='100%'>
2841<tr>
2842 <td>&nbsp;</td>
2843 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' disabled='disabled' /></td>
2844 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
2845 <td>&nbsp;</td>
2846</tr>
2847</table>
2848</form>
2849END
2850;
2851
2852
2853}else{
8c877a82 2854
49abe7af 2855 print<<END;
6e13d0a5
MT		 2856<table width='100%'>
2857<tr>
2858 <td>&nbsp;</td>
2859 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' /></td>
2860 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
2861 <td>&nbsp;</td>
2862</tr>
2863</table>
2864</form>
2865END
2866;
52d08bcb 2867}
6e13d0a5 2868 &Header::closebox();
c6c9630e 2869# print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
6e13d0a5
MT		 2870 &Header::closebigbox();
2871 &Header::closepage();
2872 exit(0);
2873
8c877a82
AM		 2874
2875# A.Marx CCD Add,delete or edit CCD net
2876
2877} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ccd net'} ||
2878 $cgiparams{'ACTION'} eq $Lang::tr{'ccd add'} ||
2879 $cgiparams{'ACTION'} eq "kill" ||
2880 $cgiparams{'ACTION'} eq "edit" ||
2881 $cgiparams{'ACTION'} eq 'editsave'){
2882 &Header::showhttpheaders();
2883 &Header::openpage($Lang::tr{'ccd net'}, 1, '');
2884 &Header::openbigbox('100%', 'LEFT', '', '');
2885
2886 if ($cgiparams{'ACTION'} eq "kill"){
2887 &delccdnet($cgiparams{'net'});
2888 }
2889
2890 if ($cgiparams{'ACTION'} eq 'editsave'){
2891 my ($a,$b) =split (/\|/,$cgiparams{'ccdname'});
2892 if ( $a ne $b){ &modccdnet($a,$b);}
5068ac38
AM		 2893 $cgiparams{'ccdname'}='';
2894 $cgiparams{'ccdsubnet'}='';
8c877a82
AM		 2895 }
2896
2897 if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) {
e2429e8d 2898 &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'});
8c877a82
AM		 2899 }
2900 if ($errormessage) {
2901 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2902 print "<class name='base'>$errormessage";
2903 print "&nbsp;</class>";
2904 &Header::closebox();
2905 }
2906if ($cgiparams{'ACTION'} eq "edit"){
2907
2908 &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'});
2909
49abe7af 2910 print <<END;
631b67b7 2911 <table width='100%' border='0'>
8c877a82
AM		 2912 <tr><form method='post'>
2913 <td width='10%' nowrap='nowrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
a9fb14d0 2914 <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' readonly='readonly' /></td></tr>
8c877a82
AM		 2915 <tr><td colspan='4' align='right'><hr><input type='submit' value='$Lang::tr{'save'}' /><input type='hidden' name='ACTION' value='editsave'/>
2916 <input type='hidden' name='ccdname' value='$cgiparams{'ccdname'}'/><input type='submit' value='$Lang::tr{'cancel'}' />
2917 </td></tr>
2918 </table></form>
2919END
2920;
2921 &Header::closebox();
2922
2923 &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
49abe7af 2924 print <<END;
8c877a82
AM		 2925 <table width='100%' border='0' cellpadding='0' cellspacing='1'>
2926 <tr>
2927 <td class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' width='15%' align='center'><b>$Lang::tr{'ccd used'}</td><td width='3%'></td><td width='3%'></td></tr>
2928END
2929;
2930}
2931else{
2932 if (! -e "/var/run/openvpn.pid"){
2933 &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd add'});
49abe7af 2934 print <<END;
8c877a82
AM		 2935 <table width='100%' border='0'>
2936 <tr><form method='post'>
2937 <td colspan='4'>$Lang::tr{'ccd hint'}<br><br></td></tr>
2938 <tr>
2939 <td width='10%' nowrap='nwrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
2940 <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' /></td></tr>
2941 <tr><td colspan=4><hr /></td></tr><tr>
2942 <td colspan='4' align='right'><input type='hidden' name='ACTION' value='$Lang::tr{'ccd add'}' /><input type='submit' value='$Lang::tr{'add'}' /><input type='hidden' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}'/></td></tr>
2943 </table></form>
2944END
2945
2946 &Header::closebox();
2947}
2948 &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
5068ac38
AM		 2949 if ( -e "/var/run/openvpn.pid"){
2950 print "<b>$Lang::tr{'attention'}:</b><br>";
2951 print "$Lang::tr{'ccd noaddnet'}<br><hr>";
2952 }
2953
4c962356 2954 print <<END;
99bfa85c 2955 <table width='100%' cellpadding='0' cellspacing='1'>
8c877a82
AM		 2956 <tr>
2957 <td class='boldbase' align='center' nowrap='nowrap' width='20%'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center' width='8%'><b>$Lang::tr{'network'}</td><td class='boldbase' width='8%' align='center' nowrap='nowrap'><b>$Lang::tr{'ccd used'}</td><td width='1%' align='center'></td><td width='1%' align='center'></td></tr>
2958END
2959;
2960}
2961 my %ccdconfhash=();
2962 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
2963 my @ccdconf=();
2964 my $count=0;
df9b48b7 2965 foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
8c877a82
AM		 2966 @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
2967 $count++;
2968 my $ccdhosts = &hostsinnet($ccdconf[0]);
2969 if ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";}
2970 else{ print" <tr bgcolor='$color{'color20'}'>";}
2971 print"<td>$ccdconf[0]</td><td align='center'>$ccdconf[1]</td><td align='center'>$ccdhosts/".(&ccdmaxclients($ccdconf[1])+1)."</td><td>";
4c962356 2972 print <<END;
8c877a82 2973 <form method='post' />
1638682b 2974 <input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
8c877a82
AM		 2975 <input type='hidden' name='ACTION' value='edit'/>
2976 <input type='hidden' name='ccdname' value='$ccdconf[0]' />
2977 <input type='hidden' name='ccdsubnet' value='$ccdconf[1]' />
2978 </form></td>
2979 <form method='post' />
2980 <td><input type='hidden' name='ACTION' value='kill'/>
2981 <input type='hidden' name='number' value='$count' />
2982 <input type='hidden' name='net' value='$ccdconf[0]' />
1638682b 2983 <input type='image' src='/images/delete.gif' align='middle' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' /></form></td></tr>
8c877a82
AM		 2984END
2985;
2986 }
2987 print "</table></form>";
2988 &Header::closebox();
2989 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2990 &Header::closebigbox();
2991 &Header::closepage();
2992 exit(0);
2993
2994#END CCD
2995
6e13d0a5
MT		 2996###
2997### Openvpn Connections Statistics
2998###
2999} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ovpn con stat'}) {
3000 &Header::showhttpheaders();
3001 &Header::openpage($Lang::tr{'ovpn con stat'}, 1, '');
3002 &Header::openbigbox('100%', 'LEFT', '', '');
3003 &Header::openbox('100%', 'LEFT', $Lang::tr{'ovpn con stat'});
3004
3005#
3006# <td><b>$Lang::tr{'protocol'}</b></td>
3007# protocol temp removed
4c962356 3008 print <<END;
99bfa85c 3009 <table width='100%' cellpadding='2' cellspacing='0' class='tbl'>
6e13d0a5 3010 <tr>
99bfa85c
AM		 3011 <th><b>$Lang::tr{'common name'}</b></th>
3012 <th><b>$Lang::tr{'real address'}</b></th>
d8ef6a95 3013 <th><b>$Lang::tr{'country'}</b></th>
99bfa85c
AM		 3014 <th><b>$Lang::tr{'virtual address'}</b></th>
3015 <th><b>$Lang::tr{'loged in at'}</b></th>
3016 <th><b>$Lang::tr{'bytes sent'}</b></th>
3017 <th><b>$Lang::tr{'bytes received'}</b></th>
3018 <th><b>$Lang::tr{'last activity'}</b></th>
6e13d0a5
MT		 3019 </tr>
3020END
3021;
87fe47e9 3022 my $filename = "/var/run/ovpnserver.log";
6e13d0a5
MT		 3023 open(FILE, $filename) or die 'Unable to open config file.';
3024 my @current = <FILE>;
3025 close(FILE);
3026 my @users =();
3027 my $status;
3028 my $uid = 0;
3029 my $cn;
3030 my @match = ();
3031 my $proto = "udp";
3032 my $address;
3033 my %userlookup = ();
3034 foreach my $line (@current)
3035 {
3036 chomp($line);
3037 if ( $line =~ /^Updated,(.+)/){
3038 @match = split( /^Updated,(.+)/, $line);
3039 $status = $match[1];
3040 }
c6c9630e 3041#gian
6e13d0a5
MT		 3042 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
3043 @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
3044 if ($match[1] ne "Common Name") {
3045 $cn = $match[1];
3046 $userlookup{$match[2]} = $uid;
3047 $users[$uid]{'CommonName'} = $match[1];
3048 $users[$uid]{'RealAddress'} = $match[2];
c6c9630e
MT		 3049 $users[$uid]{'BytesReceived'} = &sizeformat($match[3]);
3050 $users[$uid]{'BytesSent'} = &sizeformat($match[4]);
6e13d0a5
MT		 3051 $users[$uid]{'Since'} = $match[5];
3052 $users[$uid]{'Proto'} = $proto;
d8ef6a95
PM		 3053
3054 # get country code for "RealAddress"...
07e42be9 3055 my $ccode = &Location::Functions::lookup_country_code((split ':', $users[$uid]{'RealAddress'})[0]);
e2e270e1 3056 my $flag_icon = &Location::Functions::get_flag_icon($ccode);
d8ef6a95 3057 $users[$uid]{'Country'} = "<a href='country.cgi#$ccode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode' title='$ccode' /></a>";
6e13d0a5
MT		 3058 $uid++;
3059 }
3060 }
3061 if ( $line =~ /^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/) {
3062 @match = split(m/^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/, $line);
3063 if ($match[1] ne "Virtual Address") {
3064 $address = $match[3];
3065 #find the uid in the lookup table
3066 $uid = $userlookup{$address};
3067 $users[$uid]{'VirtualAddress'} = $match[1];
3068 $users[$uid]{'LastRef'} = $match[4];
3069 }
3070 }
3071 }
3072 my $user2 = @users;
3073 if ($user2 >= 1){
99bfa85c 3074 for (my $idx = 1; $idx <= $user2; $idx++){
6e13d0a5 3075 if ($idx % 2) {
99bfa85c
AM		 3076 print "<tr>";
3077 $col="bgcolor='$color{'color22'}'";
3078 } else {
3079 print "<tr>";
3080 $col="bgcolor='$color{'color20'}'";
6e13d0a5 3081 }
99bfa85c
AM		 3082 print "<td align='left' $col>$users[$idx-1]{'CommonName'}</td>";
3083 print "<td align='left' $col>$users[$idx-1]{'RealAddress'}</td>";
d8ef6a95
PM		 3084 print "<td align='center' $col>$users[$idx-1]{'Country'}</td>";
3085 print "<td align='center' $col>$users[$idx-1]{'VirtualAddress'}</td>";
99bfa85c
AM		 3086 print "<td align='left' $col>$users[$idx-1]{'Since'}</td>";
3087 print "<td align='left' $col>$users[$idx-1]{'BytesSent'}</td>";
3088 print "<td align='left' $col>$users[$idx-1]{'BytesReceived'}</td>";
3089 print "<td align='left' $col>$users[$idx-1]{'LastRef'}</td>";
3090 }
3091 }
6e13d0a5
MT		 3092
3093 print "</table>";
49abe7af 3094 print <<END;
6e13d0a5
MT		 3095 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
3096 <tr><td></td></tr>
3097 <tr><td></td></tr>
3098 <tr><td></td></tr>
3099 <tr><td></td></tr>
3100 <tr><td align='center' >$Lang::tr{'the statistics were last updated at'} <b>$status</b></td></tr>
3101 </table>
3102END
3103;
3104 &Header::closebox();
3105 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
3106 &Header::closebigbox();
3107 &Header::closepage();
3108 exit(0);
3109
3110###
3111### Download Certificate
3112###
3113} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download certificate'}) {
3114 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 3115
6e13d0a5 3116 if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
c6c9630e
MT		 3117 print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\r\n";
3118 print "Content-Type: application/octet-stream\r\n\r\n";
3119 print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
3120 exit (0);
3121 }
3122
3123###
3124### Enable/Disable connection
3125###
ce9abb66 3126
c6c9630e
MT		 3127} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
3128
3129 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3130 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3131
3132 if ($confighash{$cgiparams{'KEY'}}) {
ce9abb66 3133 if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
c6c9630e
MT		 3134 $confighash{$cgiparams{'KEY'}}[0] = 'on';
3135 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3136 #&writeserverconf();
3137# if ($vpnsettings{'ENABLED'} eq 'on' ||
3138# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
3139# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
3140# }
3141 } else {
3142 $confighash{$cgiparams{'KEY'}}[0] = 'off';
3143# if ($vpnsettings{'ENABLED'} eq 'on' ||
3144# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
3145# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
3146# }
3147 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3148 #&writeserverconf();
3149 }
3150 } else {
3151 $errormessage = $Lang::tr{'invalid key'};
6e13d0a5
MT		 3152 }
3153
3154###
3155### Restart connection
3156###
3157} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'restart'}) {
3158 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3159 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3160
3161 if ($confighash{$cgiparams{'KEY'}}) {
c6c9630e
MT		 3162# if ($vpnsettings{'ENABLED'} eq 'on' ||
3163# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
3164# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
3165# }
6e13d0a5 3166 } else {
c6c9630e 3167 $errormessage = $Lang::tr{'invalid key'};
6e13d0a5
MT		 3168 }
3169
ce9abb66 3170###
7c1d9faf 3171# m.a.d net2net
ce9abb66
AH		 3172###
3173
3174} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') {
3175 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3176 &Header::showhttpheaders();
4c962356 3177 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
ce9abb66
AH		 3178 &Header::openbigbox('100%', 'LEFT', '', '');
3179 &Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'});
b278daf3
AH		 3180
3181if ( -s "${General::swroot}/ovpn/settings") {
3182
49abe7af 3183 print <<END;
ce9abb66 3184 <b>$Lang::tr{'connection type'}:</b><br />
8c877a82 3185 <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
ce9abb66
AH		 3186 <tr><td><input type='radio' name='TYPE' value='host' checked /></td>
3187 <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
3188 <tr><td><input type='radio' name='TYPE' value='net' /></td>
3189 <td class='base'>$Lang::tr{'net to net vpn'}</td></tr>
3190 <tr><td><input type='radio' name='TYPE' value='net2net' /></td>
3191 <td class='base'>$Lang::tr{'net to net vpn'} (Upload Client Package)</td></tr>
3192 <tr><td>&nbsp;</td><td class='base'><input type='file' name='FH' size='30'></td></tr>
e3edceeb 3193 <tr><td>&nbsp;</td><td>Import Connection Name</td></tr>
040b8b0c 3194 <tr><td>&nbsp;</td><td class='base'><input type='text' name='n2nname' size='30'>$Lang::tr{'openvpn default'}: Client Packagename</td></tr>
54fd0535 3195 <tr><td colspan='3'><hr /></td></tr>
8c877a82 3196 <tr><td align='right' colspan='3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
ce9abb66
AH		 3197 </form></table>
3198END
3199 ;
8c877a82 3200
ce9abb66 3201
b278daf3 3202} else {
49abe7af 3203 print <<END;
b278daf3 3204 <b>$Lang::tr{'connection type'}:</b><br />
8c877a82 3205 <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
b278daf3 3206 <tr><td><input type='radio' name='TYPE' value='host' checked /></td> <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
8c877a82 3207 <tr><td align='right' colspan'3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
b278daf3
AH		 3208 </form></table>
3209END
3210 ;
3211
3212}
3213
ce9abb66 3214 &Header::closebox();
4c962356 3215 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
ce9abb66
AH		 3216 &Header::closebigbox();
3217 &Header::closepage();
3218 exit (0);
3219
3220###
7c1d9faf 3221# m.a.d net2net
ce9abb66
AH		 3222###
3223
3224} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2net')){
3225
3226 my @firen2nconf;
3227 my @confdetails;
3228 my $uplconffilename ='';
54fd0535 3229 my $uplconffilename2 ='';
ce9abb66 3230 my $uplp12name = '';
54fd0535 3231 my $uplp12name2 = '';
ce9abb66
AH		 3232 my @rem_subnet;
3233 my @rem_subnet2;
3234 my @tmposupnet3;
3235 my $key;
54fd0535 3236 my @n2nname;
ce9abb66
AH		 3237
3238 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3239
2ad1b18b
MT		 3240 # Check if a file is uploaded
3241 unless (ref ($cgiparams{'FH'})) {
ce9abb66
AH		 3242 $errormessage = $Lang::tr{'there was no file upload'};
3243 goto N2N_ERROR;
3244 }
3245
3246# Move uploaded IPfire n2n package to temporary file
3247
3248 (my $fh, my $filename) = tempfile( );
3249 if (copy ($cgiparams{'FH'}, $fh) != 1) {
3250 $errormessage = $!;
3251 goto N2N_ERROR;
3252 }
3253
3254 my $zip = Archive::Zip->new();
3255 my $zipName = $filename;
3256 my $status = $zip->read( $zipName );
3257 if ($status != AZ_OK) {
3258 $errormessage = "Read of $zipName failed\n";
3259 goto N2N_ERROR;
3260 }
3261
3262 my $tempdir = tempdir( CLEANUP => 1 );
3263 my @files = $zip->memberNames();
3264 for(@files) {
3265 $zip->extractMemberWithoutPaths($_,"$tempdir/$_");
3266 }
3267 my $countfiles = @files;
3268
3269# Check if we have not more then 2 files
3270
3271 if ( $countfiles == 2){
3272 foreach (@files){
3273 if ( $_ =~ /.conf$/){
3274 $uplconffilename = $_;
3275 }
3276 if ( $_ =~ /.p12$/){
3277 $uplp12name = $_;
3278 }
3279 }
3280 if (($uplconffilename eq '') || ($uplp12name eq '')){
3281 $errormessage = "Either no *.conf or no *.p12 file found\n";
3282 goto N2N_ERROR;
3283 }
3284
3285 open(FILE, "$tempdir/$uplconffilename") or die 'Unable to open*.conf file';
3286 @firen2nconf = <FILE>;
3287 close (FILE);
3288 chomp(@firen2nconf);
ce9abb66
AH		 3289 } else {
3290
3291 $errormessage = "Filecount does not match only 2 files are allowed\n";
3292 goto N2N_ERROR;
3293 }
3294
7c1d9faf
AH		 3295###
3296# m.a.d net2net
ce9abb66 3297###
54fd0535
MT		 3298
3299 if ($cgiparams{'n2nname'} ne ''){
3300
3301 $uplconffilename2 = "$cgiparams{'n2nname'}.conf";
3302 $uplp12name2 = "$cgiparams{'n2nname'}.p12";
3303 $n2nname[0] = $cgiparams{'n2nname'};
3304 my @n2nname2 = split(/\./,$uplconffilename);
3305 $n2nname2[0] =~ s/\n|\r//g;
3306 my $input1 = "${General::swroot}/ovpn/certs/$uplp12name";
3307 my $output1 = "${General::swroot}/ovpn/certs/$uplp12name2";
3308 my $input2 = "$n2nname2[0]n2n";
3309 my $output2 = "$n2nname[0]n2n";
3310 my $filename = "$tempdir/$uplconffilename";
3311 open(FILE, "< $filename") or die 'Unable to open config file.';
3312 my @current = <FILE>;
3313 close(FILE);
3314 foreach (@current) {s/$input1/$output1/g;}
3315 foreach (@current) {s/$input2/$output2/g;}
3316 open (OUT, "> $filename") || die 'Unable to open config file.';
3317 print OUT @current;
3318 close OUT;
ce9abb66 3319
54fd0535
MT		 3320 }else{
3321 $uplconffilename2 = $uplconffilename;
3322 $uplp12name2 = $uplp12name;
3323 @n2nname = split(/\./,$uplconffilename);
ce9abb66 3324 $n2nname[0] =~ s/\n|\r//g;
54fd0535 3325 }
7c1d9faf
AH		 3326 unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
3327 unless(-d "${General::swroot}/ovpn/n2nconf/$n2nname[0]"){mkdir "${General::swroot}/ovpn/n2nconf/$n2nname[0]", 0770 or die "Unable to create dir $!";}
ce9abb66 3328
7dfcaef0
AM		 3329 #Add collectd settings to configfile
3330 open(FILE, ">> $tempdir/$uplconffilename") or die 'Unable to open config file.';
3331 print FILE "# Logfile\n";
3332 print FILE "status-version 1\n";
3333 print FILE "status /var/run/openvpn/$n2nname[0]-n2n 10\n";
3334 close FILE;
3335
1c612d9e 3336 # Add static route command to client configuration
3337 open(FILE, ">> $tempdir/$uplconffilename") or die 'Unable to open config file.';
3338 print FILE "# Call up script for static routes\n";
3339 print FILE "up \"/etc/init.d/static-routes start\"\n";
3340 close FILE;
3341
54fd0535 3342 move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2");
ce9abb66
AH		 3343
3344 if ($? ne 0) {
3345 $errormessage = "*.conf move failed: $!";
3346 unlink ($filename);
3347 goto N2N_ERROR;
3348 }
3349
54fd0535 3350 move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name2");
b278daf3
AH		 3351 chmod 0600, "${General::swroot}/ovpn/certs/$uplp12name";
3352
ce9abb66
AH		 3353 if ($? ne 0) {
3354 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
3355 unlink ($filename);
3356 goto N2N_ERROR;
3357 }
3358
3359my $complzoactive;
d96c89eb 3360my $mssfixactive;
4c962356 3361my $authactive;
d96c89eb 3362my $n2nfragment;
60f396d7 3363my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
54fd0535 3364my @n2nproto = split(/-/, $n2nproto2[1]);
ce9abb66
AH		 3365my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]);
3366my @n2ntunmtu = split(/ /, (grep { /^tun-mtu/ } @firen2nconf)[0]);
3367my @n2ncomplzo = grep { /^comp-lzo/ } @firen2nconf;
3368if ($n2ncomplzo[0] =~ /comp-lzo/){$complzoactive = "on";} else {$complzoactive = "off";}
d96c89eb
AH		 3369my @n2nmssfix = grep { /^mssfix/ } @firen2nconf;
3370if ($n2nmssfix[0] =~ /mssfix/){$mssfixactive = "on";} else {$mssfixactive = "off";}
54fd0535 3371#my @n2nmssfix = split(/ /, (grep { /^mssfix/ } @firen2nconf)[0]);
d96c89eb 3372my @n2nfragment = split(/ /, (grep { /^fragment/ } @firen2nconf)[0]);
ce9abb66
AH		 3373my @n2nremote = split(/ /, (grep { /^remote/ } @firen2nconf)[0]);
3374my @n2novpnsuball = split(/ /, (grep { /^ifconfig/ } @firen2nconf)[0]);
3375my @n2novpnsub = split(/\./,$n2novpnsuball[1]);
3376my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]);
54fd0535 3377my @n2nmgmt = split(/ /, (grep { /^management/ } @firen2nconf)[0]);
ce9abb66 3378my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]);
4c962356 3379my @n2ncipher = split(/ /, (grep { /^cipher/ } @firen2nconf)[0]);
f527e53f 3380my @n2nauth = split(/ /, (grep { /^auth/ } @firen2nconf)[0]);;
60f396d7 3381
ce9abb66
AH		 3382###
3383# m.a.d delete CR and LF from arrays for this chomp doesnt work
3384###
3385
ce9abb66 3386$n2nremote[1] =~ s/\n|\r//g;
ce9abb66
AH		 3387$n2novpnsub[0] =~ s/\n|\r//g;
3388$n2novpnsub[1] =~ s/\n|\r//g;
3389$n2novpnsub[2] =~ s/\n|\r//g;
60f396d7 3390$n2nproto[0] =~ s/\n|\r//g;
ce9abb66
AH		 3391$n2nport[1] =~ s/\n|\r//g;
3392$n2ntunmtu[1] =~ s/\n|\r//g;
3393$n2nremsub[1] =~ s/\n|\r//g;
b278daf3 3394$n2nremsub[2] =~ s/\n|\r//g;
ce9abb66 3395$n2nlocalsub[2] =~ s/\n|\r//g;
d96c89eb 3396$n2nfragment[1] =~ s/\n|\r//g;
54fd0535 3397$n2nmgmt[2] =~ s/\n|\r//g;
4c962356
EK		 3398$n2ncipher[1] =~ s/\n|\r//g;
3399$n2nauth[1] =~ s/\n|\r//g;
ce9abb66 3400chomp ($complzoactive);
d96c89eb 3401chomp ($mssfixactive);
ce9abb66
AH		 3402
3403###
7c1d9faf 3404# m.a.d net2net
ce9abb66
AH		 3405###
3406
3407###
3408# Check if there is no other entry with this name
3409###
3410
3411 foreach my $dkey (keys %confighash) {
3412 if ($confighash{$dkey}[1] eq $n2nname[0]) {
3413 $errormessage = $Lang::tr{'a connection with this name already exists'};
b278daf3
AH		 3414 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
3415 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
3416 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
ce9abb66
AH		 3417 goto N2N_ERROR;
3418 }
3419 }
3420
d96c89eb
AH		 3421###
3422# Check if OpenVPN Subnet is valid
3423###
3424
3425foreach my $dkey (keys %confighash) {
3426 if ($confighash{$dkey}[27] eq "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0") {
3427 $errormessage = 'The OpenVPN Subnet is already in use';
b278daf3
AH		 3428 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
3429 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
3430 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
d96c89eb
AH		 3431 goto N2N_ERROR;
3432 }
3433 }
3434
3435###
4c962356 3436# Check if Dest Port is vaild
d96c89eb
AH		 3437###
3438
3439foreach my $dkey (keys %confighash) {
3440 if ($confighash{$dkey}[29] eq $n2nport[1] ) {
3441 $errormessage = 'The OpenVPN Port is already in use';
b278daf3
AH		 3442 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
3443 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
3444 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
d96c89eb
AH		 3445 goto N2N_ERROR;
3446 }
3447 }
3448
3449
3450
ce9abb66
AH		 3451 $key = &General::findhasharraykey (\%confighash);
3452
49abe7af 3453 foreach my $i (0 .. 42) { $confighash{$key}[$i] = "";}
350f2980 3454
ce9abb66
AH		 3455 $confighash{$key}[0] = 'off';
3456 $confighash{$key}[1] = $n2nname[0];
350f2980 3457 $confighash{$key}[2] = $n2nname[0];
ce9abb66
AH		 3458 $confighash{$key}[3] = 'net';
3459 $confighash{$key}[4] = 'cert';
3460 $confighash{$key}[6] = 'client';
3461 $confighash{$key}[8] = $n2nlocalsub[2];
350f2980
SS		 3462 $confighash{$key}[10] = $n2nremote[1];
3463 $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]";
54fd0535 3464 $confighash{$key}[22] = $n2nmgmt[2];
350f2980 3465 $confighash{$key}[23] = $mssfixactive;
d96c89eb 3466 $confighash{$key}[24] = $n2nfragment[1];
350f2980 3467 $confighash{$key}[25] = 'IPFire n2n Client';
ce9abb66 3468 $confighash{$key}[26] = 'red';
350f2980
SS		 3469 $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0";
3470 $confighash{$key}[28] = $n2nproto[0];
3471 $confighash{$key}[29] = $n2nport[1];
3472 $confighash{$key}[30] = $complzoactive;
3473 $confighash{$key}[31] = $n2ntunmtu[1];
4c962356
EK		 3474 $confighash{$key}[39] = $n2nauth[1];
3475 $confighash{$key}[40] = $n2ncipher[1];
49abe7af 3476 $confighash{$key}[41] = 'disabled';
ce9abb66
AH		 3477
3478 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
d96c89eb 3479
ce9abb66
AH		 3480 N2N_ERROR:
3481
3482 &Header::showhttpheaders();
3483 &Header::openpage('Validate imported configuration', 1, '');
3484 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
3485 if ($errormessage) {
3486 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
3487 print "<class name='base'>$errormessage";
3488 print "&nbsp;</class>";
3489 &Header::closebox();
3490
3491 } else
3492 {
3493 &Header::openbox('100%', 'LEFT', 'import ipfire net2net config');
3494 }
3495 if ($errormessage eq ''){
49abe7af 3496 print <<END;
ce9abb66
AH		 3497 <!-- ipfire net2net config gui -->
3498 <table width='100%'>
3499 <tr><td width='25%'>&nbsp;</td><td width='25%'>&nbsp;</td></tr>
3500 <tr><td class='boldbase'>$Lang::tr{'name'}:</td><td><b>$n2nname[0]</b></td></tr>
3501 <tr><td>&nbsp;</td><td>&nbsp;</td></tr>
3502 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td><td><b>$confighash{$key}[6]</b></td></tr>
3503 <tr><td class='boldbase' nowrap='nowrap'>Remote Host </td><td><b>$confighash{$key}[10]</b></td></tr>
3504 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td><td><b>$confighash{$key}[8]</b></td></tr>
4c962356 3505 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}:</td><td><b>$confighash{$key}[11]</b></td></tr>
ce9abb66
AH		 3506 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td><td><b>$confighash{$key}[27]</b></td></tr>
3507 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td><td><b>$confighash{$key}[28]</b></td></tr>
3508 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'destination port'}:</td><td><b>$confighash{$key}[29]</b></td></tr>
3509 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td><td><b>$confighash{$key}[30]</b></td></tr>
4c962356
EK		 3510 <tr><td class='boldbase' nowrap='nowrap'>MSSFIX:</td><td><b>$confighash{$key}[23]</b></td></tr>
3511 <tr><td class='boldbase' nowrap='nowrap'>Fragment:</td><td><b>$confighash{$key}[24]</b></td></tr>
ce9abb66 3512 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
54fd0535 3513 <tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr>
0c4ffc69 3514 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn tls auth'}:</td><td><b>$confighash{$key}[39]</b></td></tr>
4c962356 3515 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td><td><b>$confighash{$key}[40]</b></td></tr>
ce9abb66
AH		 3516 <tr><td>&nbsp;</td><td>&nbsp;</td></tr>
3517 </table>
3518END
3519;
3520 &Header::closebox();
3521 }
3522
3523 if ($errormessage) {
3524 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
3525 } else {
3526 print "<div align='center'><form method='post' ENCTYPE='multipart/form-data'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' />";
3527 print "<input type='hidden' name='TYPE' value='net2netakn' />";
3528 print "<input type='hidden' name='KEY' value='$key' />";
3529 print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>";
3530 }
3531 &Header::closebigbox();
3532 &Header::closepage();
4c962356 3533 exit(0);
ce9abb66
AH		 3534
3535
3536##
3537### Accept IPFire n2n Package Settings
3538###
3539
3540 } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){
3541
3542###
3543### Discard and Rollback IPFire n2n Package Settings
3544###
3545
3546 } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'cancel'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){
3547
3548 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3549
3550if ($confighash{$cgiparams{'KEY'}}) {
3551
3552 my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
3553 my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
3554 unlink ($certfile) or die "Removing $certfile fail: $!";
3555 unlink ($conffile) or die "Removing $conffile fail: $!";
3556 rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
3557 delete $confighash{$cgiparams{'KEY'}};
3558 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3559
3560 } else {
3561 $errormessage = $Lang::tr{'invalid key'};
3562 }
3563
3564
3565###
7c1d9faf 3566# m.a.d net2net
ce9abb66
AH		 3567###
3568
3569
3570###
3571### Adding a new connection
3572###
6e13d0a5
MT		 3573} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) ||
3574 ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) ||
3575 ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) {
8c877a82 3576
6e13d0a5
MT		 3577 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3578 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
3579 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3580
3581 if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
8c877a82
AM		 3582 if (! $confighash{$cgiparams{'KEY'}}[0]) {
3583 $errormessage = $Lang::tr{'invalid key'};
3584 goto VPNCONF_END;
3585 }
4c962356
EK		 3586 $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0];
3587 $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1];
3588 $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
3589 $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
3590 $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
3591 $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6];
3592 $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
3593 $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10];
8c877a82 3594 $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
4c962356
EK		 3595 $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22];
3596 $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23];
3597 $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24];
3598 $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25];
3599 $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
3600 $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27];
3601 $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28];
3602 $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29];
3603 $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30];
3604 $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31];
3605 $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32];
df9b48b7 3606 $name=$cgiparams{'CHECK1'} ;
4c962356
EK		 3607 $cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33];
3608 $cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34];
3609 $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35];
3610 $cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36];
3611 $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37];
4c962356
EK		 3612 $cgiparams{'DAUTH'} = $confighash{$cgiparams{'KEY'}}[39];
3613 $cgiparams{'DCIPHER'} = $confighash{$cgiparams{'KEY'}}[40];
49abe7af 3614 $cgiparams{'TLSAUTH'} = $confighash{$cgiparams{'KEY'}}[41];
8c877a82 3615 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
c6c9630e 3616 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
18837a6a 3617
8c877a82 3618#A.Marx CCD check iroute field and convert it to decimal
52d08bcb 3619if ($cgiparams{'TYPE'} eq 'host') {
8c877a82
AM		 3620 my @temp=();
3621 my %ccdroutehash=();
3622 my $keypoint=0;
5068ac38
AM		 3623 my $ip;
3624 my $cidr;
8c877a82
AM		 3625 if ($cgiparams{'IR'} ne ''){
3626 @temp = split("\n",$cgiparams{'IR'});
3627 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3628 #find key to use
3629 foreach my $key (keys %ccdroutehash) {
3630 if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) {
3631 $keypoint=$key;
3632 delete $ccdroutehash{$key};
3633 }else{
3634 $keypoint = &General::findhasharraykey (\%ccdroutehash);
3635 }
3636 }
3637 $ccdroutehash{$keypoint}[0]=$cgiparams{'NAME'};
3638 my $i=1;
3639 my $val=0;
3640 foreach $val (@temp){
3641 chomp($val);
3642 $val=~s/\s*$//g;
5068ac38 3643 #check if iroute exists in ccdroute or if new iroute is part of an existing one
8c877a82
AM		 3644 foreach my $key (keys %ccdroutehash) {
3645 foreach my $oldiroute ( 1 .. $#{$ccdroutehash{$key}}){
5068ac38
AM		 3646 if ($ccdroutehash{$key}[$oldiroute] eq "$val") {
3647 $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
3648 goto VPNCONF_ERROR;
3649 }
3650 my ($ip1,$cidr1) = split (/\//, $val);
82c809c7 3651 $ip1 = &General::getnetworkip($ip1,&General::iporsubtocidr($cidr1));
5068ac38
AM		 3652 my ($ip2,$cidr2) = split (/\//, $ccdroutehash{$key}[$oldiroute]);
3653 if (&General::IpInSubnet ($ip1,$ip2,$cidr2)){
3654 $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
3655 goto VPNCONF_ERROR;
3656 }
3657
8c877a82
AM		 3658 }
3659 }
5068ac38
AM		 3660 if (!&General::validipandmask($val)){
3661 $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
3662 goto VPNCONF_ERROR;
3663 }else{
3664 ($ip,$cidr) = split(/\//,$val);
3665 $ip=&General::getnetworkip($ip,&General::iporsubtocidr($cidr));
3666 $cidr=&General::iporsubtodec($cidr);
3667 $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
3668
3669 }
8c877a82
AM		 3670
3671 #check for existing network IP's
52d08bcb
AM		 3672 if (&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0')
3673 {
3674 $errormessage=$Lang::tr{'ccd err green'};
3675 goto VPNCONF_ERROR;
3676 }elsif(&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0')
3677 {
3678 $errormessage=$Lang::tr{'ccd err red'};
3679 goto VPNCONF_ERROR;
3680 }elsif(&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '')
3681 {
3682 $errormessage=$Lang::tr{'ccd err blue'};
3683 goto VPNCONF_ERROR;
3684 }elsif(&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' )
3685 {
3686 $errormessage=$Lang::tr{'ccd err orange'};
8c877a82
AM		 3687 goto VPNCONF_ERROR;
3688 }
52d08bcb 3689
8c877a82
AM		 3690 if (&General::validipandmask($val)){
3691 $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
3692 }else{
3693 $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($ip/$cidr)";
3694 goto VPNCONF_ERROR;
3695 }
3696 $i++;
3697 }
3698 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3699 &writeserverconf;
3700 }else{
3701 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3702 foreach my $key (keys %ccdroutehash) {
3703 if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) {
3704 delete $ccdroutehash{$key};
3705 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3706 &writeserverconf;
3707 }
3708 }
3709 }
3710 undef @temp;
3711 #check route field and convert it to decimal
8c877a82
AM		 3712 my $val=0;
3713 my $i=1;
8c877a82 3714 &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
52d08bcb
AM		 3715 #find key to use
3716 foreach my $key (keys %ccdroute2hash) {
3717 if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) {
3718 $keypoint=$key;
3719 delete $ccdroute2hash{$key};
3720 }else{
3721 $keypoint = &General::findhasharraykey (\%ccdroute2hash);
3722 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3723 &writeserverconf;
8c877a82 3724 }
52d08bcb
AM		 3725 }
3726 $ccdroute2hash{$keypoint}[0]=$cgiparams{'NAME'};
3727 if ($cgiparams{'IFROUTE'} eq ''){$cgiparams{'IFROUTE'} = $Lang::tr{'ccd none'};}
3728 @temp = split(/\|/,$cgiparams{'IFROUTE'});
3729 my %ownnet=();
3730 &General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
3731 foreach $val (@temp){
3732 chomp($val);
3733 $val=~s/\s*$//g;
3734 if ($val eq $Lang::tr{'green'})
3735 {
3736 $val=$ownnet{GREEN_NETADDRESS}."/".$ownnet{GREEN_NETMASK};
3737 }
3738 if ($val eq $Lang::tr{'blue'})
3739 {
3740 $val=$ownnet{BLUE_NETADDRESS}."/".$ownnet{BLUE_NETMASK};
3741 }
3742 if ($val eq $Lang::tr{'orange'})
3743 {
3744 $val=$ownnet{ORANGE_NETADDRESS}."/".$ownnet{ORANGE_NETMASK};
3745 }
3746 my ($ip,$cidr) = split (/\//, $val);
3747
3748 if ($val ne $Lang::tr{'ccd none'})
3749 {
8c877a82
AM		 3750 if (! &check_routes_push($val)){$errormessage=$errormessage."Route $val ".$Lang::tr{'ccd err routeovpn2'}." ($val)";goto VPNCONF_ERROR;}
3751 if (! &check_ccdroute($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err inuse'}." ($val)" ;goto VPNCONF_ERROR;}
3752 if (! &check_ccdconf($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err routeovpn'}." ($val)";goto VPNCONF_ERROR;}
3753 if (&General::validipandmask($val)){
3754 $val=$ip."/".&General::iporsubtodec($cidr);
3755 $ccdroute2hash{$keypoint}[$i] = $val;
3756 }else{
3757 $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
3758 goto VPNCONF_ERROR;
3759 }
52d08bcb
AM		 3760 }else{
3761 $ccdroute2hash{$keypoint}[$i]='';
3762 }
3763 $i++;
3764 }
3765 &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
3766
8c877a82
AM		 3767 #check dns1 ip
3768 if ($cgiparams{'CCD_DNS1'} ne '' && ! &General::validip($cgiparams{'CCD_DNS1'})) {
3769 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 1";
3770 goto VPNCONF_ERROR;
3771 }
3772 #check dns2 ip
3773 if ($cgiparams{'CCD_DNS2'} ne '' && ! &General::validip($cgiparams{'CCD_DNS2'})) {
3774 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 2";
3775 goto VPNCONF_ERROR;
3776 }
3777 #check wins ip
3778 if ($cgiparams{'CCD_WINS'} ne '' && ! &General::validip($cgiparams{'CCD_WINS'})) {
3779 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp wins'};
3780 goto VPNCONF_ERROR;
3781 }
52d08bcb 3782}
8c877a82
AM		 3783
3784#CCD End
52d08bcb 3785
8c877a82 3786
73735ad9
EK		 3787 if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
3788 $errormessage = $Lang::tr{'connection type is invalid'};
3789 if ($cgiparams{'TYPE'} eq 'net') {
3790 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3791 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3792 goto VPNCONF_ERROR;
3793 }
3794 goto VPNCONF_ERROR;
c6c9630e
MT		 3795 }
3796
c6c9630e 3797 if ($cgiparams{'NAME'} !~ /^[a-zA-Z0-9]+$/) {
73735ad9
EK		 3798 $errormessage = $Lang::tr{'name must only contain characters'};
3799 if ($cgiparams{'TYPE'} eq 'net') {
3800 goto VPNCONF_ERROR;
3801 }
3802 goto VPNCONF_ERROR;
3803 }
c6c9630e
MT		 3804
3805 if ($cgiparams{'NAME'} =~ /^(host|01|block|private|clear|packetdefault)$/) {
73735ad9
EK		 3806 $errormessage = $Lang::tr{'name is invalid'};
3807 if ($cgiparams{'TYPE'} eq 'net') {
3808 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3809 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3810 goto VPNCONF_ERROR;
3811 }
3812 goto VPNCONF_ERROR;
c6c9630e
MT		 3813 }
3814
3815 if (length($cgiparams{'NAME'}) >60) {
73735ad9
EK		 3816 $errormessage = $Lang::tr{'name too long'};
3817 if ($cgiparams{'TYPE'} eq 'net') {
3818 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3819 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3820 goto VPNCONF_ERROR;
3821 }
3822 goto VPNCONF_ERROR;
c6c9630e
MT		 3823 }
3824
d96c89eb 3825###
7c1d9faf 3826# m.a.d net2net
d96c89eb
AH		 3827###
3828
7c1d9faf 3829if ($cgiparams{'TYPE'} eq 'net') {
ab4cf06c 3830 if ($cgiparams{'DEST_PORT'} eq $vpnsettings{'DDEST_PORT'}) {
cd0c0a0d 3831 $errormessage = $Lang::tr{'openvpn destination port used'};
b278daf3
AH		 3832 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3833 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3834 goto VPNCONF_ERROR;
d96c89eb 3835 }
ab4cf06c
AM		 3836 #Bugfix 10357
3837 foreach my $key (sort keys %confighash){
3838 if ( ($confighash{$key}[22] eq $cgiparams{'DEST_PORT'} && $cgiparams{'NAME'} ne $confighash{$key}[1]) || ($confighash{$key}[29] eq $cgiparams{'DEST_PORT'} && $cgiparams{'NAME'} ne $confighash{$key}[1])){
54fd0535
MT		 3839 $errormessage = $Lang::tr{'openvpn destination port used'};
3840 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3841 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
ab4cf06c
AM		 3842 goto VPNCONF_ERROR;
3843 }
3844 }
3845 if ($cgiparams{'DEST_PORT'} eq '') {
3846 $errormessage = $Lang::tr{'invalid port'};
3847 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3848 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
54fd0535
MT		 3849 goto VPNCONF_ERROR;
3850 }
d96c89eb 3851
f48074ba
SS		 3852 # Check if the input for the transfer net is valid.
3853 if (!&General::validipandmask($cgiparams{'OVPN_SUBNET'})){
3854 $errormessage = $Lang::tr{'ccd err invalidnet'};
3855 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3856 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3857 goto VPNCONF_ERROR;
3858 }
3859
d96c89eb 3860 if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) {
cd0c0a0d 3861 $errormessage = $Lang::tr{'openvpn subnet is used'};
b278daf3
AH		 3862 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3863 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
d96c89eb
AH		 3864 goto VPNCONF_ERROR;
3865 }
3866
3867 if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'MSSFIX'} eq 'on')) {
cd0c0a0d 3868 $errormessage = $Lang::tr{'openvpn mssfix allowed with udp'};
b278daf3
AH		 3869 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3870 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
d96c89eb
AH		 3871 goto VPNCONF_ERROR;
3872 }
3873
3874 if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'FRAGMENT'} ne '')) {
cd0c0a0d 3875 $errormessage = $Lang::tr{'openvpn fragment allowed with udp'};
b278daf3
AH		 3876 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3877 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
d96c89eb
AH		 3878 goto VPNCONF_ERROR;
3879 }
d96c89eb 3880
7c1d9faf 3881 if ( &validdotmask ($cgiparams{'LOCAL_SUBNET'})) {
cd0c0a0d 3882 $errormessage = $Lang::tr{'openvpn prefix local subnet'};
b278daf3
AH		 3883 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3884 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3885 goto VPNCONF_ERROR;
7c1d9faf
AH		 3886 }
3887
3888 if ( &validdotmask ($cgiparams{'OVPN_SUBNET'})) {
cd0c0a0d 3889 $errormessage = $Lang::tr{'openvpn prefix openvpn subnet'};
b278daf3
AH		 3890 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3891 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3892 goto VPNCONF_ERROR;
7c1d9faf
AH		 3893 }
3894
3895 if ( &validdotmask ($cgiparams{'REMOTE_SUBNET'})) {
cd0c0a0d 3896 $errormessage = $Lang::tr{'openvpn prefix remote subnet'};
b278daf3
AH		 3897 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3898 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3899 goto VPNCONF_ERROR;
8c252e6a
EK		 3900 }
3901
3902 if ($cgiparams{'DEST_PORT'} <= 1023) {
3903 $errormessage = $Lang::tr{'ovpn port in root range'};
3904 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3905 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3906 goto VPNCONF_ERROR;
3907 }
54fd0535 3908
4c962356 3909 if ($cgiparams{'OVPN_MGMT'} eq '') {
8c252e6a
EK		 3910 $cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'};
3911 }
3912
3913 if ($cgiparams{'OVPN_MGMT'} <= 1023) {
3914 $errormessage = $Lang::tr{'ovpn mgmt in root range'};
3915 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3916 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3917 goto VPNCONF_ERROR;
b2e75449
MT		 3918 }
3919 #Check if remote subnet is used elsewhere
3920 my ($n2nip,$n2nsub)=split("/",$cgiparams{'REMOTE_SUBNET'});
3921 $warnmessage=&General::checksubnets('',$n2nip,'ovpn');
3922 if ($warnmessage){
3923 $warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage;
3924 }
7c1d9faf 3925}
d96c89eb 3926
ce9abb66
AH		 3927# if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
3928# $errormessage = $Lang::tr{'ipfire side is invalid'};
3929# goto VPNCONF_ERROR;
3930# }
3931
c6c9630e
MT		 3932 # Check if there is no other entry with this name
3933 if (! $cgiparams{'KEY'}) {
3934 foreach my $key (keys %confighash) {
3935 if ($confighash{$key}[1] eq $cgiparams{'NAME'}) {
3936 $errormessage = $Lang::tr{'a connection with this name already exists'};
b278daf3
AH		 3937 if ($cgiparams{'TYPE'} eq 'net') {
3938 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3939 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3940 }
c6c9630e 3941 goto VPNCONF_ERROR;
6e13d0a5 3942 }
c6c9630e
MT		 3943 }
3944 }
3945
c125d8a2 3946 # Check if a remote host/IP has been set for the client.
86228a56
MT		 3947 if ($cgiparams{'TYPE'} eq 'net') {
3948 if ($cgiparams{'SIDE'} ne 'server' && $cgiparams{'REMOTE'} eq '') {
3949 $errormessage = $Lang::tr{'invalid input for remote host/ip'};
c125d8a2 3950
86228a56
MT		 3951 # Check if this is a N2N connection and drop temporary config.
3952 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3953 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
ce9abb66 3954
86228a56
MT		 3955 goto VPNCONF_ERROR;
3956 }
c125d8a2 3957
86228a56
MT		 3958 # Check if a remote host/IP has been configured - the field can be empty on the server side.
3959 if ($cgiparams{'REMOTE'} ne '') {
3960 # Check if the given IP is valid - otherwise check if it is a valid domain.
3961 if (! &General::validip($cgiparams{'REMOTE'})) {
3962 # Check for a valid domain.
3963 if (! &General::validfqdn ($cgiparams{'REMOTE'})) {
3964 $errormessage = $Lang::tr{'invalid input for remote host/ip'};
c125d8a2 3965
86228a56
MT		 3966 # Check if this is a N2N connection and drop temporary config.
3967 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3968 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
c125d8a2 3969
86228a56
MT		 3970 goto VPNCONF_ERROR;
3971 }
3972 }
6e13d0a5 3973 }
c6c9630e 3974 }
c125d8a2 3975
c6c9630e
MT		 3976 if ($cgiparams{'TYPE'} ne 'host') {
3977 unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) {
3978 $errormessage = $Lang::tr{'local subnet is invalid'};
b278daf3
AH		 3979 if ($cgiparams{'TYPE'} eq 'net') {
3980 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3981 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3982 }
c6c9630e
MT		 3983 goto VPNCONF_ERROR;}
3984 }
3985 # Check if there is no other entry without IP-address and PSK
3986 if ($cgiparams{'REMOTE'} eq '') {
3987 foreach my $key (keys %confighash) {
3988 if(($cgiparams{'KEY'} ne $key) &&
3989 ($confighash{$key}[4] eq 'psk' || $cgiparams{'AUTH'} eq 'psk') &&
3990 $confighash{$key}[10] eq '') {
3991 $errormessage = $Lang::tr{'you can only define one roadwarrior connection when using pre-shared key authentication'};
3992 goto VPNCONF_ERROR;
6e13d0a5 3993 }
c6c9630e
MT		 3994 }
3995 }
ce9abb66
AH		 3996 if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) {
3997 $errormessage = $Lang::tr{'remote subnet is invalid'};
b278daf3
AH		 3998 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3999 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
4000 goto VPNCONF_ERROR;
ce9abb66 4001 }
c6c9630e 4002
425465ed
EK		 4003 # Check for N2N that OpenSSL maximum of valid days will not be exceeded
4004 if ($cgiparams{'TYPE'} eq 'net') {
4005 if ($cgiparams{'DAYS_VALID'} >= '999999') {
4006 $errormessage = $Lang::tr{'invalid input for valid till days'};
4007 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
4008 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
4009 goto VPNCONF_ERROR;
4010 }
4011 }
4012
c6c9630e
MT		 4013 if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
4014 $errormessage = $Lang::tr{'invalid input'};
4015 goto VPNCONF_ERROR;
4016 }
4017 if ($cgiparams{'EDIT_ADVANCED'} !~ /^(on|off)$/) {
4018 $errormessage = $Lang::tr{'invalid input'};
4019 goto VPNCONF_ERROR;
4020 }
4021
4022#fixplausi
4023 if ($cgiparams{'AUTH'} eq 'psk') {
4024# if (! length($cgiparams{'PSK'}) ) {
4025# $errormessage = $Lang::tr{'pre-shared key is too short'};
4026# goto VPNCONF_ERROR;
4027# }
4028# if ($cgiparams{'PSK'} =~ /['",&]/) {
4029# $errormessage = $Lang::tr{'invalid characters found in pre-shared key'};
4030# goto VPNCONF_ERROR;
4031# }
4032 } elsif ($cgiparams{'AUTH'} eq 'certreq') {
4033 if ($cgiparams{'KEY'}) {
4034 $errormessage = $Lang::tr{'cant change certificates'};
4035 goto VPNCONF_ERROR;
4036 }
2ad1b18b 4037 unless (ref ($cgiparams{'FH'})) {
c6c9630e
MT		 4038 $errormessage = $Lang::tr{'there was no file upload'};
4039 goto VPNCONF_ERROR;
4040 }
4041
4042 # Move uploaded certificate request to a temporary file
4043 (my $fh, my $filename) = tempfile( );
4044 if (copy ($cgiparams{'FH'}, $fh) != 1) {
4045 $errormessage = $!;
4046 goto VPNCONF_ERROR;
4047 }
6e13d0a5 4048
c6c9630e
MT		 4049 # Sign the certificate request and move it
4050 # Sign the host certificate request
f6e12093 4051 system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
c6c9630e
MT		 4052 '-batch', '-notext',
4053 '-in', $filename,
4054 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
4055 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf");
4056 if ($?) {
4057 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
4058 unlink ($filename);
4059 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4060 &newcleanssldatabase();
4061 goto VPNCONF_ERROR;
4062 } else {
4063 unlink ($filename);
4064 &deletebackupcert();
4065 }
4066
4067 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
87ea30ff 4068 $temp =~ /Subject:.*CN\s?=\s?(.*)[\n]/;
c6c9630e
MT		 4069 $temp = $1;
4070 $temp =~ s+/Email+, E+;
4071 $temp =~ s/ ST=/ S=/;
4072 $cgiparams{'CERT_NAME'} = $temp;
4073 $cgiparams{'CERT_NAME'} =~ s/,//g;
4074 $cgiparams{'CERT_NAME'} =~ s/\'//g;
4075 if ($cgiparams{'CERT_NAME'} eq '') {
4076 $errormessage = $Lang::tr{'could not retrieve common name from certificate'};
4077 goto VPNCONF_ERROR;
4078 }
4079 } elsif ($cgiparams{'AUTH'} eq 'certfile') {
4080 if ($cgiparams{'KEY'}) {
4081 $errormessage = $Lang::tr{'cant change certificates'};
4082 goto VPNCONF_ERROR;
4083 }
2ad1b18b 4084 unless (ref ($cgiparams{'FH'})) {
c6c9630e
MT		 4085 $errormessage = $Lang::tr{'there was no file upload'};
4086 goto VPNCONF_ERROR;
4087 }
4088 # Move uploaded certificate to a temporary file
4089 (my $fh, my $filename) = tempfile( );
4090 if (copy ($cgiparams{'FH'}, $fh) != 1) {
4091 $errormessage = $!;
4092 goto VPNCONF_ERROR;
4093 }
4094
4095 # Verify the certificate has a valid CA and move it
4096 my $validca = 0;
4097 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/cacert.pem $filename`;
4098 if ($test =~ /: OK/) {
4099 $validca = 1;
4100 } else {
4101 foreach my $key (keys %cahash) {
4102 $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem $filename`;
4103 if ($test =~ /: OK/) {
4104 $validca = 1;
4105 }
6e13d0a5 4106 }
c6c9630e
MT		 4107 }
4108 if (! $validca) {
4109 $errormessage = $Lang::tr{'certificate does not have a valid ca associated with it'};
4110 unlink ($filename);
4111 goto VPNCONF_ERROR;
4112 } else {
4113 move($filename, "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4114 if ($? ne 0) {
4115 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
4116 unlink ($filename);
4117 goto VPNCONF_ERROR;
6e13d0a5 4118 }
c6c9630e
MT		 4119 }
4120
4121 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
87ea30ff 4122 $temp =~ /Subject:.*CN\s?=\s?(.*)[\n]/;
c6c9630e
MT		 4123 $temp = $1;
4124 $temp =~ s+/Email+, E+;
4125 $temp =~ s/ ST=/ S=/;
4126 $cgiparams{'CERT_NAME'} = $temp;
4127 $cgiparams{'CERT_NAME'} =~ s/,//g;
4128 $cgiparams{'CERT_NAME'} =~ s/\'//g;
4129 if ($cgiparams{'CERT_NAME'} eq '') {
4130 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4131 $errormessage = $Lang::tr{'could not retrieve common name from certificate'};
4132 goto VPNCONF_ERROR;
4133 }
4134 } elsif ($cgiparams{'AUTH'} eq 'certgen') {
4135 if ($cgiparams{'KEY'}) {
4136 $errormessage = $Lang::tr{'cant change certificates'};
4137 goto VPNCONF_ERROR;
4138 }
4139 # Validate input since the form was submitted
4140 if (length($cgiparams{'CERT_NAME'}) >60) {
4141 $errormessage = $Lang::tr{'name too long'};
4142 goto VPNCONF_ERROR;
4143 }
194314b2 4144 if ($cgiparams{'CERT_NAME'} eq '' || $cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
c6c9630e
MT		 4145 $errormessage = $Lang::tr{'invalid input for name'};
4146 goto VPNCONF_ERROR;
4147 }
4148 if ($cgiparams{'CERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'CERT_EMAIL'}))) {
4149 $errormessage = $Lang::tr{'invalid input for e-mail address'};
4150 goto VPNCONF_ERROR;
4151 }
4152 if (length($cgiparams{'CERT_EMAIL'}) > 40) {
4153 $errormessage = $Lang::tr{'e-mail address too long'};
4154 goto VPNCONF_ERROR;
4155 }
4156 if ($cgiparams{'CERT_OU'} ne '' && $cgiparams{'CERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
4157 $errormessage = $Lang::tr{'invalid input for department'};
4158 goto VPNCONF_ERROR;
4159 }
4160 if (length($cgiparams{'CERT_ORGANIZATION'}) >60) {
4161 $errormessage = $Lang::tr{'organization too long'};
4162 goto VPNCONF_ERROR;
4163 }
4164 if ($cgiparams{'CERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
4165 $errormessage = $Lang::tr{'invalid input for organization'};
4166 goto VPNCONF_ERROR;
4167 }
4168 if ($cgiparams{'CERT_CITY'} ne '' && $cgiparams{'CERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
4169 $errormessage = $Lang::tr{'invalid input for city'};
4170 goto VPNCONF_ERROR;
4171 }
4172 if ($cgiparams{'CERT_STATE'} ne '' && $cgiparams{'CERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
4173 $errormessage = $Lang::tr{'invalid input for state or province'};
4174 goto VPNCONF_ERROR;
4175 }
4176 if ($cgiparams{'CERT_COUNTRY'} !~ /^[A-Z]*$/) {
4177 $errormessage = $Lang::tr{'invalid input for country'};
4178 goto VPNCONF_ERROR;
4179 }
4180 if ($cgiparams{'CERT_PASS1'} ne '' && $cgiparams{'CERT_PASS2'} ne ''){
4181 if (length($cgiparams{'CERT_PASS1'}) < 5) {
4182 $errormessage = $Lang::tr{'password too short'};
4183 goto VPNCONF_ERROR;
6e13d0a5 4184 }
c6c9630e
MT		 4185 }
4186 if ($cgiparams{'CERT_PASS1'} ne $cgiparams{'CERT_PASS2'}) {
4187 $errormessage = $Lang::tr{'passwords do not match'};
4188 goto VPNCONF_ERROR;
4189 }
425465ed 4190 if ($cgiparams{'DAYS_VALID'} eq '' && $cgiparams{'DAYS_VALID'} !~ /^[0-9]+$/) {
f4fbb935
EK		 4191 $errormessage = $Lang::tr{'invalid input for valid till days'};
4192 goto VPNCONF_ERROR;
4193 }
c6c9630e 4194
425465ed
EK		 4195 # Check for RW that OpenSSL maximum of valid days will not be exceeded
4196 if ($cgiparams{'TYPE'} eq 'host') {
4197 if ($cgiparams{'DAYS_VALID'} >= '999999') {
4198 $errormessage = $Lang::tr{'invalid input for valid till days'};
4199 goto VPNCONF_ERROR;
4200 }
4201 }
4202
beac479f
EK		 4203 # Check for RW if client name is already set
4204 if ($cgiparams{'TYPE'} eq 'host') {
4205 foreach my $key (keys %confighash) {
4206 if ($confighash{$key}[1] eq $cgiparams{'NAME'}) {
4207 $errormessage = $Lang::tr{'a connection with this name already exists'};
4208 goto VPNCONF_ERROR;
4209 }
4210 }
4211 }
4212
c6c9630e
MT		 4213 # Replace empty strings with a .
4214 (my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./;
4215 (my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./;
4216 (my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/\./;
4217
4218 # Create the Host certificate request client
4219 my $pid = open(OPENSSL, "|-");
4220 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto VPNCONF_ERROR;};
4221 if ($pid) { # parent
4222 print OPENSSL "$cgiparams{'CERT_COUNTRY'}\n";
4223 print OPENSSL "$state\n";
4224 print OPENSSL "$city\n";
4225 print OPENSSL "$cgiparams{'CERT_ORGANIZATION'}\n";
4226 print OPENSSL "$ou\n";
4227 print OPENSSL "$cgiparams{'CERT_NAME'}\n";
4228 print OPENSSL "$cgiparams{'CERT_EMAIL'}\n";
4229 print OPENSSL ".\n";
4230 print OPENSSL ".\n";
4231 close (OPENSSL);
4232 if ($?) {
4233 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
4234 unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}key.pem");
4235 unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}req.pem");
4236 goto VPNCONF_ERROR;
6e13d0a5 4237 }
c6c9630e 4238 } else { # child
badd8c1c 4239 unless (exec ('/usr/bin/openssl', 'req', '-nodes',
4c962356 4240 '-newkey', 'rsa:2048',
c6c9630e
MT		 4241 '-keyout', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
4242 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
4243 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
4244 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
4245 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
4246 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
4247 goto VPNCONF_ERROR;
6e13d0a5 4248 }
c6c9630e
MT		 4249 }
4250
4251 # Sign the host certificate request
f6e12093 4252 system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
c6c9630e
MT		 4253 '-batch', '-notext',
4254 '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
4255 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
4256 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf");
4257 if ($?) {
4258 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
4259 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
4260 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
4261 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4262 &newcleanssldatabase();
4263 goto VPNCONF_ERROR;
4264 } else {
4265 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
4266 &deletebackupcert();
4267 }
4268
4269 # Create the pkcs12 file
4270 system('/usr/bin/openssl', 'pkcs12', '-export',
4271 '-inkey', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
4272 '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
4273 '-name', $cgiparams{'NAME'},
4274 '-passout', "pass:$cgiparams{'CERT_PASS1'}",
4275 '-certfile', "${General::swroot}/ovpn/ca/cacert.pem",
4276 '-caname', "$vpnsettings{'ROOTCERT_ORGANIZATION'} CA",
4277 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12");
4278 if ($?) {
4279 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
4280 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
4281 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4282 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12");
4283 goto VPNCONF_ERROR;
4284 } else {
4285 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
4286 }
4287 } elsif ($cgiparams{'AUTH'} eq 'cert') {
4288 ;# Nothing, just editing
4289 } else {
4290 $errormessage = $Lang::tr{'invalid input for authentication method'};
4291 goto VPNCONF_ERROR;
4292 }
4293
4294 # Check if there is no other entry with this common name
4295 if ((! $cgiparams{'KEY'}) && ($cgiparams{'AUTH'} ne 'psk')) {
4296 foreach my $key (keys %confighash) {
4297 if ($confighash{$key}[2] eq $cgiparams{'CERT_NAME'}) {
4298 $errormessage = $Lang::tr{'a connection with this common name already exists'};
4299 goto VPNCONF_ERROR;
6e13d0a5 4300 }
c6c9630e
MT		 4301 }
4302 }
4303
ab4cf06c 4304 # Save the config
c6c9630e 4305 my $key = $cgiparams{'KEY'};
8c877a82 4306
c6c9630e
MT		 4307 if (! $key) {
4308 $key = &General::findhasharraykey (\%confighash);
49abe7af 4309 foreach my $i (0 .. 43) { $confighash{$key}[$i] = "";}
c6c9630e 4310 }
8c877a82
AM		 4311 $confighash{$key}[0] = $cgiparams{'ENABLED'};
4312 $confighash{$key}[1] = $cgiparams{'NAME'};
c6c9630e 4313 if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') {
8c877a82 4314 $confighash{$key}[2] = $cgiparams{'CERT_NAME'};
c6c9630e 4315 }
8c877a82
AM		 4316
4317 $confighash{$key}[3] = $cgiparams{'TYPE'};
c6c9630e 4318 if ($cgiparams{'AUTH'} eq 'psk') {
8c877a82
AM		 4319 $confighash{$key}[4] = 'psk';
4320 $confighash{$key}[5] = $cgiparams{'PSK'};
c6c9630e 4321 } else {
8c877a82 4322 $confighash{$key}[4] = 'cert';
c6c9630e 4323 }
ce9abb66 4324 if ($cgiparams{'TYPE'} eq 'net') {
8c877a82
AM		 4325 $confighash{$key}[6] = $cgiparams{'SIDE'};
4326 $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
ce9abb66 4327 }
4c962356 4328 $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
8c877a82 4329 $confighash{$key}[10] = $cgiparams{'REMOTE'};
4c962356 4330 if ($cgiparams{'OVPN_MGMT'} eq '') {
8c877a82 4331 $confighash{$key}[22] = $confighash{$key}[29];
4c962356 4332 } else {
8c877a82 4333 $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'};
4c962356 4334 }
8c877a82
AM		 4335 $confighash{$key}[23] = $cgiparams{'MSSFIX'};
4336 $confighash{$key}[24] = $cgiparams{'FRAGMENT'};
4337 $confighash{$key}[25] = $cgiparams{'REMARK'};
4338 $confighash{$key}[26] = $cgiparams{'INTERFACE'};
c6c9630e 4339# new fields
8c877a82
AM		 4340 $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'};
4341 $confighash{$key}[28] = $cgiparams{'PROTOCOL'};
4342 $confighash{$key}[29] = $cgiparams{'DEST_PORT'};
4343 $confighash{$key}[30] = $cgiparams{'COMPLZO'};
4344 $confighash{$key}[31] = $cgiparams{'MTU'};
4345 $confighash{$key}[32] = $cgiparams{'CHECK1'};
df9b48b7 4346 $name=$cgiparams{'CHECK1'};
8c877a82
AM		 4347 $confighash{$key}[33] = $cgiparams{$name};
4348 $confighash{$key}[34] = $cgiparams{'RG'};
4349 $confighash{$key}[35] = $cgiparams{'CCD_DNS1'};
4350 $confighash{$key}[36] = $cgiparams{'CCD_DNS2'};
4351 $confighash{$key}[37] = $cgiparams{'CCD_WINS'};
4c962356
EK		 4352 $confighash{$key}[39] = $cgiparams{'DAUTH'};
4353 $confighash{$key}[40] = $cgiparams{'DCIPHER'};
350f2980 4354
71af643c
MT		 4355 if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) {
4356 $confighash{$key}[41] = "no-pass";
4357 }
4358
c6c9630e 4359 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
8c877a82
AM		 4360
4361 if ($cgiparams{'CHECK1'} ){
4362
4363 my ($ccdip,$ccdsub)=split "/",$cgiparams{$name};
4364 my ($a,$b,$c,$d) = split (/\./,$ccdip);
df9b48b7
AM		 4365 if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){
4366 unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";
4367 }
8c877a82 4368 open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!";
82c809c7 4369 print CCDRWCONF "# OpenVPN clientconfig from ccd extension by Copymaster#\n\n";
8c877a82
AM		 4370 if($cgiparams{'CHECK1'} eq 'dynamic'){
4371 print CCDRWCONF "#This client uses the dynamic pool\n";
4372 }else{
82c809c7 4373 print CCDRWCONF "#Ip address client and server\n";
8c877a82
AM		 4374 print CCDRWCONF "ifconfig-push $ccdip ".&General::getlastip($ccdip,1)."\n";
4375 }
4376 if ($confighash{$key}[34] eq 'on'){
4377 print CCDRWCONF "\n#Redirect Gateway: \n#All IP traffic is redirected through the vpn \n";
4378 print CCDRWCONF "push redirect-gateway\n";
4379 }
52d08bcb 4380 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
8c877a82 4381 if ($cgiparams{'IR'} ne ''){
82c809c7 4382 print CCDRWCONF "\n#Client routes these networks (behind Client)\n";
8c877a82
AM		 4383 foreach my $key (keys %ccdroutehash){
4384 if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}){
4385 foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
4386 my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]);
4387 print CCDRWCONF "iroute $a $b\n";
4388 }
4389 }
4390 }
4391 }
52d08bcb 4392 if ($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} ){$cgiparams{'IFROUTE'}='';}
8c877a82 4393 if ($cgiparams{'IFROUTE'} ne ''){
82c809c7 4394 print CCDRWCONF "\n#Client gets routes to these networks (behind IPFire)\n";
8c877a82
AM		 4395 foreach my $key (keys %ccdroute2hash){
4396 if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
4397 foreach my $i ( 1 .. $#{$ccdroute2hash{$key}}){
4398 if($ccdroute2hash{$key}[$i] eq $Lang::tr{'blue'}){
4399 my %blue=();
4400 &General::readhash("${General::swroot}/ethernet/settings", \%blue);
52d08bcb 4401 print CCDRWCONF "push \"route $blue{BLUE_ADDRESS} $blue{BLUE_NETMASK}\n";
8c877a82
AM		 4402 }elsif($ccdroute2hash{$key}[$i] eq $Lang::tr{'orange'}){
4403 my %orange=();
4404 &General::readhash("${General::swroot}/ethernet/settings", \%orange);
4405 print CCDRWCONF "push \"route $orange{ORANGE_ADDRESS} $orange{ORANGE_NETMASK}\n";
4406 }else{
4407 my ($a,$b)=split (/\//,$ccdroute2hash{$key}[$i]);
4408 print CCDRWCONF "push \"route $a $b\"\n";
4409 }
4410 }
4411 }
4412 }
4413 }
4414 if(($cgiparams{'CCD_DNS1'} eq '') && ($cgiparams{'CCD_DNS1'} ne '')){ $cgiparams{'CCD_DNS1'} = $cgiparams{'CCD_DNS2'};$cgiparams{'CCD_DNS2'}='';}
4415 if($cgiparams{'CCD_DNS1'} ne ''){
82c809c7 4416 print CCDRWCONF "\n#Client gets these nameservers\n";
8c877a82
AM		 4417 print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS1'}\" \n";
4418 }
4419 if($cgiparams{'CCD_DNS2'} ne ''){
4420 print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS2'}\" \n";
4421 }
4422 if($cgiparams{'CCD_WINS'} ne ''){
4423 print CCDRWCONF "\n#Client gets this WINS server\n";
4424 print CCDRWCONF "push \"dhcp-option WINS $cgiparams{'CCD_WINS'}\" \n";
4425 }
4426 close CCDRWCONF;
4427 }
18837a6a
AH		 4428
4429###
4430# m.a.d n2n begin
4431###
4432
4433 if ($cgiparams{'TYPE'} eq 'net') {
4434
4435 if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
4436 system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
4437
4438 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
4439 my $key = $cgiparams{'KEY'};
4440 if (! $key) {
4441 $key = &General::findhasharraykey (\%confighash);
4442 foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
4443 }
4444 $confighash{$key}[0] = 'on';
4445 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
4446
4447 system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
4448 }
4449 }
4450
4451###
4452# m.a.d n2n end
4453###
4454
c6c9630e
MT		 4455 if ($cgiparams{'EDIT_ADVANCED'} eq 'on') {
4456 $cgiparams{'KEY'} = $key;
4457 $cgiparams{'ACTION'} = $Lang::tr{'advanced'};
4458 }
4459 goto VPNCONF_END;
6e13d0a5 4460 } else {
c6c9630e 4461 $cgiparams{'ENABLED'} = 'on';
54fd0535
MT		 4462###
4463# m.a.d n2n begin
4464###
4465 $cgiparams{'MSSFIX'} = 'on';
4466 $cgiparams{'FRAGMENT'} = '1300';
70900745 4467 $cgiparams{'DAUTH'} = 'SHA512';
54fd0535
MT		 4468###
4469# m.a.d n2n end
4470###
4c962356 4471 $cgiparams{'SIDE'} = 'left';
c6c9630e
MT		 4472 if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) {
4473 $cgiparams{'AUTH'} = 'psk';
4474 } elsif ( ! -f "${General::swroot}/ovpn/ca/cacert.pem") {
4475 $cgiparams{'AUTH'} = 'certfile';
4476 } else {
6e13d0a5 4477 $cgiparams{'AUTH'} = 'certgen';
c6c9630e
MT		 4478 }
4479 $cgiparams{'LOCAL_SUBNET'} ="$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
4480 $cgiparams{'CERT_ORGANIZATION'} = $vpnsettings{'ROOTCERT_ORGANIZATION'};
4481 $cgiparams{'CERT_CITY'} = $vpnsettings{'ROOTCERT_CITY'};
4482 $cgiparams{'CERT_STATE'} = $vpnsettings{'ROOTCERT_STATE'};
4483 $cgiparams{'CERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'};
c0a7c9b2 4484 $cgiparams{'DAYS_VALID'} = $vpnsettings{'DAYS_VALID'} = '730';
6e13d0a5 4485 }
c6c9630e 4486
6e13d0a5 4487 VPNCONF_ERROR:
6e13d0a5
MT		 4488 $checked{'ENABLED'}{'off'} = '';
4489 $checked{'ENABLED'}{'on'} = '';
4490 $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
4491 $checked{'ENABLED_BLUE'}{'off'} = '';
4492 $checked{'ENABLED_BLUE'}{'on'} = '';
4493 $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED';
4494 $checked{'ENABLED_ORANGE'}{'off'} = '';
4495 $checked{'ENABLED_ORANGE'}{'on'} = '';
4496 $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
c6c9630e
MT		 4497
4498
6e13d0a5
MT		 4499 $checked{'EDIT_ADVANCED'}{'off'} = '';
4500 $checked{'EDIT_ADVANCED'}{'on'} = '';
4501 $checked{'EDIT_ADVANCED'}{$cgiparams{'EDIT_ADVANCED'}} = 'CHECKED';
c6c9630e 4502
6e13d0a5
MT		 4503 $selected{'SIDE'}{'server'} = '';
4504 $selected{'SIDE'}{'client'} = '';
4505 $selected{'SIDE'}{$cgiparams{'SIDE'}} = 'SELECTED';
d96c89eb
AH		 4506
4507 $selected{'PROTOCOL'}{'udp'} = '';
4508 $selected{'PROTOCOL'}{'tcp'} = '';
4509 $selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = 'SELECTED';
4510
c6c9630e 4511
6e13d0a5
MT		 4512 $checked{'AUTH'}{'psk'} = '';
4513 $checked{'AUTH'}{'certreq'} = '';
4514 $checked{'AUTH'}{'certgen'} = '';
4515 $checked{'AUTH'}{'certfile'} = '';
4516 $checked{'AUTH'}{$cgiparams{'AUTH'}} = 'CHECKED';
c6c9630e 4517
6e13d0a5 4518 $selected{'INTERFACE'}{$cgiparams{'INTERFACE'}} = 'SELECTED';
c6c9630e 4519
6e13d0a5
MT		 4520 $checked{'COMPLZO'}{'off'} = '';
4521 $checked{'COMPLZO'}{'on'} = '';
4522 $checked{'COMPLZO'}{$cgiparams{'COMPLZO'}} = 'CHECKED';
c6c9630e 4523
d96c89eb
AH		 4524 $checked{'MSSFIX'}{'off'} = '';
4525 $checked{'MSSFIX'}{'on'} = '';
4526 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
4527
52f61e49
EKD		 4528 $selected{'DCIPHER'}{'AES-256-GCM'} = '';
4529 $selected{'DCIPHER'}{'AES-192-GCM'} = '';
4530 $selected{'DCIPHER'}{'AES-128-GCM'} = '';
4c962356
EK		 4531 $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
4532 $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
4533 $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
4534 $selected{'DCIPHER'}{'AES-256-CBC'} = '';
4535 $selected{'DCIPHER'}{'AES-192-CBC'} = '';
4536 $selected{'DCIPHER'}{'AES-128-CBC'} = '';
4537 $selected{'DCIPHER'}{'DESX-CBC'} = '';
4538 $selected{'DCIPHER'}{'SEED-CBC'} = '';
4539 $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
4540 $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
4541 $selected{'DCIPHER'}{'CAST5-CBC'} = '';
4542 $selected{'DCIPHER'}{'BF-CBC'} = '';
4c962356 4543 $selected{'DCIPHER'}{'DES-CBC'} = '';
49abe7af
EK		 4544 # If no cipher has been chossen yet, select
4545 # the old default (AES-256-CBC) for compatiblity reasons.
4546 if ($cgiparams{'DCIPHER'} eq '') {
4547 $cgiparams{'DCIPHER'} = 'AES-256-CBC';
4548 }
4c962356 4549 $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
49abe7af
EK		 4550 $selected{'DAUTH'}{'whirlpool'} = '';
4551 $selected{'DAUTH'}{'SHA512'} = '';
4552 $selected{'DAUTH'}{'SHA384'} = '';
4553 $selected{'DAUTH'}{'SHA256'} = '';
4554 $selected{'DAUTH'}{'SHA1'} = '';
49abe7af 4555 $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
0c4ffc69
EK		 4556 $checked{'TLSAUTH'}{'off'} = '';
4557 $checked{'TLSAUTH'}{'on'} = '';
4558 $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
49abe7af 4559
6e13d0a5
MT		 4560 if (1) {
4561 &Header::showhttpheaders();
4c962356 4562 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
6e13d0a5
MT		 4563 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
4564 if ($errormessage) {
4565 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
4566 print "<class name='base'>$errormessage";
4567 print "&nbsp;</class>";
4568 &Header::closebox();
4569 }
c6c9630e 4570
6e13d0a5
MT		 4571 if ($warnmessage) {
4572 &Header::openbox('100%', 'LEFT', "$Lang::tr{'warning messages'}:");
4573 print "<class name='base'>$warnmessage";
4574 print "&nbsp;</class>";
4575 &Header::closebox();
4576 }
c6c9630e 4577
6e13d0a5 4578 print "<form method='post' enctype='multipart/form-data'>";
ce9abb66 4579 print "<input type='hidden' name='TYPE' value='$cgiparams{'TYPE'}' />";
c6c9630e 4580
6e13d0a5
MT		 4581 if ($cgiparams{'KEY'}) {
4582 print "<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />";
4583 print "<input type='hidden' name='AUTH' value='$cgiparams{'AUTH'}' />";
6e13d0a5 4584 }
c6c9630e 4585
6e13d0a5 4586 &Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:");
8c877a82 4587 print "<table width='100%' border='0'>\n";
4c962356 4588
e3edceeb 4589 print "<tr><td width='14%' class='boldbase'>$Lang::tr{'name'}:&nbsp;<img src='/blob.gif' alt='*' /></td>";
8c877a82 4590
ce9abb66 4591 if ($cgiparams{'TYPE'} eq 'host') {
6e13d0a5 4592 if ($cgiparams{'KEY'}) {
8c877a82 4593 print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
6e13d0a5
MT		 4594 } else {
4595 print "<td width='35%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' size='30' /></td>";
4596 }
c6c9630e
MT		 4597# print "<tr><td>$Lang::tr{'interface'}</td>";
4598# print "<td><select name='INTERFACE'>";
4599# print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED</option>";
4c962356
EK		 4600# if ($netsettings{'BLUE_DEV'} ne '') {
4601# print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE</option>";
4602# }
4603# print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN</option>";
4604# print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>";
4605# print "</select></td></tr>";
4606# print <<END;
ce9abb66
AH		 4607 } else {
4608 print "<input type='hidden' name='INTERFACE' value='red' />";
4609 if ($cgiparams{'KEY'}) {
4610 print "<td width='25%' class='base' nowrap='nowrap'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
4611 } else {
4612 print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>";
4613 }
52f61e49
EKD		 4614
4615 # If GCM ciphers are in usage, HMAC menu is disabled
4616 my $hmacdisabled;
4617 if (($confighash{$cgiparams{'KEY'}}[40] eq 'AES-256-GCM') ||
4618 ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-192-GCM') ||
4619 ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-128-GCM')) {
4620 $hmacdisabled = "disabled='disabled'";
4621 };
4622
4c962356 4623 print <<END;
ce9abb66 4624 <td width='25%'>&nbsp;</td>
f527e53f
EK		 4625 <td width='25%'>&nbsp;</td></tr>
4626 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td>
4627 <td><select name='SIDE'>
4628 <option value='server' $selected{'SIDE'}{'server'}>$Lang::tr{'openvpn server'}</option>
4629 <option value='client' $selected{'SIDE'}{'client'}>$Lang::tr{'openvpn client'}</option>
4630 </select>
4631 </td>
4c962356 4632
f527e53f
EK		 4633 <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
4634 <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td>
4635 </tr>
4c962356 4636
e3edceeb 4637 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}&nbsp;<img src='/blob.gif' alt='*' /></td>
f527e53f 4638 <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td>
4c962356 4639
e3edceeb 4640 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}&nbsp;<img src='/blob.gif' alt='*' /></td>
f527e53f
EK		 4641 <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td>
4642 </tr>
4c962356 4643
e3edceeb 4644 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}&nbsp;<img src='/blob.gif' alt='*' /></td>
f527e53f 4645 <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td>
49abe7af 4646
f527e53f
EK		 4647 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
4648 <td><select name='PROTOCOL'>
4649 <option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
4650 <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>
4651 </tr>
4652
4653 <tr>
e3edceeb 4654 <td class='boldbase'>$Lang::tr{'destination port'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
f527e53f 4655 <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td>
4c962356 4656
e3edceeb 4657 <td class='boldbase' nowrap='nowrap'>Management Port ($Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}):</td>
f527e53f
EK		 4658 <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td>
4659 </tr>
49abe7af 4660
f527e53f
EK		 4661 <tr><td colspan=4><hr /></td></tr><tr>
4662
4663 <tr>
4664 <td class'base'><b>$Lang::tr{'MTU settings'}</b></td>
4665 </tr>
49abe7af 4666
e3edceeb 4667 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td>
f527e53f
EK		 4668 <td><input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td>
4669 <td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td>
4670 </tr>
4c962356 4671
e3edceeb 4672 <tr><td class='boldbase' nowrap='nowrap'>fragment:</td>
f527e53f
EK		 4673 <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td>
4674 <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td>
4675 </tr>
4c962356 4676
e3edceeb 4677 <tr><td class='boldbase' nowrap='nowrap'>mssfix:</td>
f527e53f
EK		 4678 <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
4679 <td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td>
4680 </tr>
4c962356 4681
e3edceeb 4682 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
f527e53f
EK		 4683 <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>
4684 </tr>
2ee746be 4685
f527e53f
EK		 4686<tr><td colspan=4><hr /></td></tr><tr>
4687 <tr>
4688 <td class'base'><b>$Lang::tr{'ovpn crypt options'}:</b></td>
4689 </tr>
4690
4691 <tr><td class='boldbase'>$Lang::tr{'cipher'}</td>
52f61e49
EKD		 4692 <td><select name='DCIPHER' id="n2ncipher" required>
4693 <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option>
4694 <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option>
4695 <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option>
f527e53f
EK		 4696 <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
4697 <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
4698 <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
f7fb5bc5 4699 <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'}, $Lang::tr{'default'})</option>
f527e53f
EK		 4700 <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
4701 <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
ea6dd5b0
EK		 4702 <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
4703 <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4704 <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4705 <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4706 <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4707 <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
f527e53f
EK		 4708 </select>
4709 </td>
4710
4711 <td class='boldbase'>$Lang::tr{'ovpn ha'}:</td>
52f61e49 4712 <td><select name='DAUTH' id="n2nhmac" $hmacdisabled>
f527e53f
EK		 4713 <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
4714 <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
4715 <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
4716 <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
f3dfb261 4717 <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
f527e53f
EK		 4718 </select>
4719 </td>
4720 </tr>
4721 <tr><td colspan=4><hr /></td></tr><tr>
4722
ce9abb66 4723END
8c877a82 4724;
ce9abb66 4725 }
52f61e49
EKD		 4726
4727#### JAVA SCRIPT ####
4728# Validate N2N cipher. If GCM will be used, HMAC menu will be disabled onchange
4729print<<END;
4730 <script>
4731 var disable_options = false;
4732 document.getElementById('n2ncipher').onchange = function () {
4733 if((this.value == "AES-256-GCM"||this.value == "AES-192-GCM"||this.value == "AES-128-GCM")) {
4734 document.getElementById('n2nhmac').setAttribute('disabled', true);
4735 } else {
4736 document.getElementById('n2nhmac').removeAttribute('disabled');
4737 }
4738 }
4739 </script>
4740END
4741
2ee746be 4742#jumper
e3edceeb 4743 print "<tr><td class='boldbase'>$Lang::tr{'remark title'}</td>";
8c877a82 4744 print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr></table>";
c6c9630e 4745
ce9abb66 4746 if ($cgiparams{'TYPE'} eq 'host') {
8c877a82
AM		 4747 print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>";
4748 }
ce9abb66 4749
8c877a82
AM		 4750 print"</tr></table><br><br>";
4751#A.Marx CCD new client
e81be1e1 4752if ($cgiparams{'TYPE'} eq 'host') {
8c877a82 4753 print "<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td colspan='3'><hr><br><b>$Lang::tr{'ccd choose net'}</td></tr><tr><td height='20' colspan='3'></td></tr>";
8c877a82
AM		 4754 my %vpnnet=();
4755 my $vpnip;
4756 &General::readhash("${General::swroot}/ovpn/settings", \%vpnnet);
4757 $vpnip=$vpnnet{'DOVPN_SUBNET'};
4758 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
4759 my @ccdconf=();
4760 my $count=0;
4761 my $checked;
4762 $checked{'check1'}{'off'} = '';
4763 $checked{'check1'}{'on'} = '';
4764 $checked{'check1'}{$cgiparams{'CHECK1'}} = 'CHECKED';
4765 print"<tr><td align='center' width='1%' valign='top'><input type='radio' name='CHECK1' value='dynamic' checked /></td><td align='left' valign='top' width='35%'>$Lang::tr{'ccd dynrange'} ($vpnip)</td><td width='30%'>";
4766 print"</td></tr></table><br><br>";
4767 my $name=$cgiparams{'CHECK1'};
4768 $checked{'RG'}{$cgiparams{'RG'}} = 'CHECKED';
4769
4770 if (! -z "${General::swroot}/ovpn/ccd.conf"){
4771 print"<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td width='1%'></td><td width='30%' class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td width='15%' class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' align='center' width='18%'><b>$Lang::tr{'ccd clientip'}</td></tr>";
df9b48b7 4772 foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
8c877a82
AM		 4773 $count++;
4774 @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
4775 if ($count % 2){print"<tr bgcolor='$color{'color22'}'>";}else{print"<tr bgcolor='$color{'color20'}'>";}
4776 print"<td align='center' width='1%'><input type='radio' name='CHECK1' value='$ccdconf[0]' $checked{'check1'}{$ccdconf[0]}/></td><td>$ccdconf[0]</td><td width='40%' align='center'>$ccdconf[1]</td><td align='left' width='10%'>";
4777 &fillselectbox($ccdconf[1],$ccdconf[0],$cgiparams{$name});
4778 print"</td></tr>";
4779 }
4780 print "</table><br><br><hr><br><br>";
4781 }
e81be1e1 4782}
8c877a82 4783# ccd end
6e13d0a5
MT		 4784 &Header::closebox();
4785 if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') {
8c877a82
AM		 4786
4787 } elsif (! $cgiparams{'KEY'}) {
4788
4789
6e13d0a5
MT		 4790 my $disabled='';
4791 my $cakeydisabled='';
4792 my $cacrtdisabled='';
4793 if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" };
4794 if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" };
8c877a82 4795
6e13d0a5 4796 &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'});
ce9abb66
AH		 4797
4798
4799 if ($cgiparams{'TYPE'} eq 'host') {
4800
49abe7af 4801 print <<END;
6e13d0a5 4802 <table width='100%' cellpadding='0' cellspacing='5' border='0'>
54fd0535 4803
ce9abb66
AH		 4804 <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td><td class='base'>$Lang::tr{'upload a certificate request'}</td><td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr>
4805 <tr><td><input type='radio' name='AUTH' value='certfile' $checked{'AUTH'}{'certfile'} $cacrtdisabled /></td><td class='base'>$Lang::tr{'upload a certificate'}</td></tr>
54fd0535
MT		 4806 <tr><td colspan='3'>&nbsp;</td></tr>
4807 <tr><td colspan='3'><hr /></td></tr>
4808 <tr><td colspan='3'>&nbsp;</td></tr>
ce9abb66 4809 <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
e3edceeb
LS		 4810 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users fullname or system hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
4811 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users email'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
4812 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users department'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
4813 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'organization name'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
4814 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'city'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
4815 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'state or province'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
ce9abb66 4816 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
6e13d0a5 4817END
ce9abb66
AH		 4818;
4819
4820###
7c1d9faf 4821# m.a.d net2net
ce9abb66
AH		 4822###
4823
4824} else {
4825
49abe7af 4826 print <<END;
ce9abb66
AH		 4827 <table width='100%' cellpadding='0' cellspacing='5' border='0'>
4828
4829 <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
e3edceeb
LS		 4830 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users fullname or system hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
4831 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users email'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
4832 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users department'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
4833 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'organization name'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
4834 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'city'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
4835 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'state or province'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
ce9abb66 4836 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
54fd0535
MT		 4837
4838
ce9abb66
AH		 4839END
4840;
4841
4842}
4843
4844###
7c1d9faf 4845# m.a.d net2net
ce9abb66 4846###
c6c9630e 4847
6e13d0a5
MT		 4848 foreach my $country (sort keys %{Countries::countries}) {
4849 print "<option value='$Countries::countries{$country}'";
4850 if ( $Countries::countries{$country} eq $cgiparams{'CERT_COUNTRY'} ) {
4851 print " selected='selected'";
4852 }
4853 print ">$country</option>";
4854 }
ce9abb66 4855###
7c1d9faf 4856# m.a.d net2net
ce9abb66
AH		 4857###
4858
4859if ($cgiparams{'TYPE'} eq 'host') {
49abe7af 4860 print <<END;
f4fbb935 4861 </select></td></tr>
425465ed 4862 <td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):&nbsp;<img src='/blob.gif' alt='*' /</td>
f4fbb935
EK		 4863 <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
4864 <tr><td>&nbsp;</td>
6e13d0a5
MT		 4865 <td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
4866 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value='$cgiparams{'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr>
f4fbb935 4867 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'pkcs12 file password'}:<br>($Lang::tr{'confirmation'})</td>
6e13d0a5 4868 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr>
f4fbb935
EK		 4869 <tr><td colspan='3'>&nbsp;</td></tr>
4870 <tr><td colspan='3'><hr /></td></tr>
e3edceeb 4871 <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'required field'}</td></tr>
f4fbb935 4872 </table>
ce9abb66
AH		 4873END
4874}else{
49abe7af 4875 print <<END;
f4fbb935 4876 </select></td></tr>
425465ed 4877 <td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):&nbsp;<img src='/blob.gif' alt='*' /</td>
f4fbb935
EK		 4878 <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
4879 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
4880 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
4881 <tr><td colspan='3'><hr /></td></tr>
e3edceeb 4882 <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'required field'}</td></tr>
ce9abb66
AH		 4883 </table>
4884
c6c9630e 4885END
ce9abb66
AH		 4886}
4887
4888###
7c1d9faf 4889# m.a.d net2net
ce9abb66 4890###
c6c9630e
MT		 4891 ;
4892 &Header::closebox();
8c877a82
AM		 4893
4894 }
e81be1e1
AM		 4895
4896#A.Marx CCD new client
4897if ($cgiparams{'TYPE'} eq 'host') {
8c877a82
AM		 4898 print"<br><br>";
4899 &Header::openbox('100%', 'LEFT', "$Lang::tr{'ccd client options'}:");
4900
8c877a82
AM		 4901
4902 print <<END;
4903 <table border='0' width='100%'>
4904 <tr><td width='20%'>Redirect Gateway:</td><td colspan='3'><input type='checkbox' name='RG' $checked{'RG'}{'on'} /></td></tr>
4905 <tr><td colspan='4'><b><br>$Lang::tr{'ccd routes'}</b></td></tr>
4906 <tr><td colspan='4'>&nbsp</td></tr>
4907 <tr><td valign='top'>$Lang::tr{'ccd iroute'}</td><td align='left' width='30%'><textarea name='IR' cols='26' rows='6' wrap='off'>
4908END
4909
4910 if ($cgiparams{'IR'} ne ''){
4911 print $cgiparams{'IR'};
4912 }else{
4913 &General::readhasharray ("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
4914 foreach my $key (keys %ccdroutehash) {
4915 if( $cgiparams{'NAME'} eq $ccdroutehash{$key}[0]){
4916 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
4917 if ($ccdroutehash{$key}[$i] ne ''){
4918 print $ccdroutehash{$key}[$i]."\n";
4919 }
4920 $cgiparams{'IR'} .= $ccdroutehash{$key}[$i];
4921 }
4922 }
4923 }
c6c9630e 4924 }
8c877a82
AM		 4925
4926 print <<END;
4927</textarea></td><td valign='top' colspan='2'>$Lang::tr{'ccd iroutehint'}</td></tr>
4928 <tr><td colspan='4'><br></td></tr>
4929 <tr><td valign='top' rowspan='3'>$Lang::tr{'ccd iroute2'}</td><td align='left' valign='top' rowspan='3'><select name='IFROUTE' style="width: 205px"; size='6' multiple>
4930END
52d08bcb
AM		 4931
4932 my $set=0;
4933 my $selorange=0;
4934 my $selblue=0;
4935 my $selgreen=0;
4936 my $helpblue=0;
4937 my $helporange=0;
4938 my $other=0;
df9b48b7 4939 my $none=0;
52d08bcb
AM		 4940 my @temp=();
4941
8c877a82 4942 our @current = ();
52d08bcb
AM		 4943 open(FILE, "${General::swroot}/main/routing") ;
4944 @current = <FILE>;
4945 close (FILE);
4946 &General::readhasharray ("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
df9b48b7
AM		 4947 #check for "none"
4948 foreach my $key (keys %ccdroute2hash) {
4949 if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
4950 if ($ccdroute2hash{$key}[1] eq ''){
4951 $none=1;
4952 last;
4953 }
4954 }
4955 }
4956 if ($none ne '1'){
4957 print"<option>$Lang::tr{'ccd none'}</option>";
4958 }else{
4959 print"<option selected>$Lang::tr{'ccd none'}</option>";
4960 }
52d08bcb
AM		 4961 #check if static routes are defined for client
4962 foreach my $line (@current) {
4963 chomp($line);
4964 $line=~s/\s*$//g; # remove newline
4965 @temp=split(/\,/,$line);
4966 $temp[1] = '' unless defined $temp[1]; # not always populated
4967 my ($a,$b) = split(/\//,$temp[1]);
4968 $temp[1] = $a."/".&General::iporsubtocidr($b);
4969 foreach my $key (keys %ccdroute2hash) {
4970 if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
4971 foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
4972 if($ccdroute2hash{$key}[$i] eq $a."/".&General::iporsubtodec($b)){
4973 $set=1;
8c877a82
AM		 4974 }
4975 }
8c877a82 4976 }
52d08bcb
AM		 4977 }
4978 if ($set == '1' && $#temp != -1){ print"<option selected>$temp[1]</option>";$set=0;}elsif($set == '0' && $#temp != -1){print"<option>$temp[1]</option>";}
4979 }
3a445974
MT		 4980
4981 my %vpnconfig = ();
4982 &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig);
4983 foreach my $vpn (keys %vpnconfig) {
4984 # Skip all disabled VPN connections
4985 my $enabled = $vpnconfig{$vpn}[0];
4986 next unless ($enabled eq "on");
4987
4988 my $name = $vpnconfig{$vpn}[1];
4989
4990 # Remote subnets
4991 my @networks = split(/\|/, $vpnconfig{$vpn}[11]);
4992 foreach my $network (@networks) {
4993 my $selected = "";
4994
4995 foreach my $key (keys %ccdroute2hash) {
4996 if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) {
4997 foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
4998 if ($ccdroute2hash{$key}[$i] eq $network) {
4999 $selected = "selected";
5000 }
5001 }
5002 }
5003 }
5004
5005 print "<option value=\"$network\" $selected>$name ($network)</option>\n";
5006 }
5007 }
5008
52d08bcb
AM		 5009 #check if green,blue,orange are defined for client
5010 foreach my $key (keys %ccdroute2hash) {
5011 if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
5012 $other=1;
5013 foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
5014 if ($ccdroute2hash{$key}[$i] eq $netsettings{'GREEN_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'GREEN_NETMASK'})){
5015 $selgreen=1;
5016 }
5017 if (&haveBlueNet()){
5018 if( $ccdroute2hash{$key}[$i] eq $netsettings{'BLUE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'BLUE_NETMASK'})) {
5019 $selblue=1;
5020 }
5021 }
5022 if (&haveOrangeNet()){
5023 if( $ccdroute2hash{$key}[$i] eq $netsettings{'ORANGE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'ORANGE_NETMASK'}) ) {
5024 $selorange=1;
5025 }
5026 }
5027 }
5028 }
5029 }
5030 if (&haveBlueNet() && $selblue == '1'){ print"<option selected>$Lang::tr{'blue'}</option>";$selblue=0;}elsif(&haveBlueNet() && $selblue == '0'){print"<option>$Lang::tr{'blue'}</option>";}
5031 if (&haveOrangeNet() && $selorange == '1'){ print"<option selected>$Lang::tr{'orange'}</option>";$selorange=0;}elsif(&haveOrangeNet() && $selorange == '0'){print"<option>$Lang::tr{'orange'}</option>";}
5032 if ($selgreen == '1' || $other == '0'){ print"<option selected>$Lang::tr{'green'}</option>";$set=0;}else{print"<option>$Lang::tr{'green'}</option>";};
5033
49abe7af 5034 print<<END;
8c877a82
AM		 5035 </select></td><td valign='top'>DNS1:</td><td valign='top'><input type='TEXT' name='CCD_DNS1' value='$cgiparams{'CCD_DNS1'}' size='30' /></td></tr>
5036 <tr valign='top'><td>DNS2:</td><td><input type='TEXT' name='CCD_DNS2' value='$cgiparams{'CCD_DNS2'}' size='30' /></td></tr>
5037 <tr valign='top'><td valign='top'>WINS:</td><td><input type='TEXT' name='CCD_WINS' value='$cgiparams{'CCD_WINS'}' size='30' /></td></tr></table><br><hr>
5038
5039END
5040;
5041 &Header::closebox();
e81be1e1 5042}
c6c9630e
MT		 5043 print "<div align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
5044 if ($cgiparams{'KEY'}) {
5045# print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced'}' />";
5046 }
5047 print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>";
5048 &Header::closebigbox();
5049 &Header::closepage();
5050 exit (0);
6e13d0a5 5051 }
c6c9630e 5052 VPNCONF_END:
6e13d0a5 5053}
c6c9630e
MT		 5054
5055# SETTINGS_ERROR:
6e13d0a5
MT		 5056###
5057### Default status page
5058###
c6c9630e
MT		 5059 %cgiparams = ();
5060 %cahash = ();
5061 %confighash = ();
5062 &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
5063 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
5064 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
5065
87fe47e9 5066 my @status = `/bin/cat /var/run/ovpnserver.log`;
c6c9630e
MT		 5067
5068 if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
8c877a82
AM		 5069 if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
5070 my $ipaddr = <IPADDR>;
5071 close IPADDR;
5072 chomp ($ipaddr);
5073 $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
5074 if ($cgiparams{'VPN_IP'} eq '') {
5075 $cgiparams{'VPN_IP'} = $ipaddr;
5076 }
5077 }
c6c9630e
MT		 5078 }
5079
6e13d0a5 5080#default setzen
c6c9630e 5081 if ($cgiparams{'DCIPHER'} eq '') {
4c962356 5082 $cgiparams{'DCIPHER'} = 'AES-256-CBC';
c6c9630e 5083 }
c6c9630e 5084 if ($cgiparams{'DDEST_PORT'} eq '') {
4c962356 5085 $cgiparams{'DDEST_PORT'} = '1194';
c6c9630e
MT		 5086 }
5087 if ($cgiparams{'DMTU'} eq '') {
4c962356
EK		 5088 $cgiparams{'DMTU'} = '1400';
5089 }
5090 if ($cgiparams{'MSSFIX'} eq '') {
5091 $cgiparams{'MSSFIX'} = 'off';
5092 }
5093 if ($cgiparams{'DAUTH'} eq '') {
86308adb
EK		 5094 if (-z "${General::swroot}/ovpn/ovpnconfig") {
5095 $cgiparams{'DAUTH'} = 'SHA512';
5096 }
5097 foreach my $key (keys %confighash) {
5098 if ($confighash{$key}[3] ne 'host') {
5099 $cgiparams{'DAUTH'} = 'SHA512';
5100 } else {
5101 $cgiparams{'DAUTH'} = 'SHA1';
5102 }
5103 }
5104 }
0c4ffc69
EK		 5105 if ($cgiparams{'TLSAUTH'} eq '') {
5106 $cgiparams{'TLSAUTH'} = 'off';
5107 }
c6c9630e 5108 if ($cgiparams{'DOVPN_SUBNET'} eq '') {
4c962356 5109 $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
c6c9630e 5110 }
4c962356 5111 $checked{'ENABLED'}{'off'} = '';
c6c9630e
MT		 5112 $checked{'ENABLED'}{'on'} = '';
5113 $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
5114 $checked{'ENABLED_BLUE'}{'off'} = '';
5115 $checked{'ENABLED_BLUE'}{'on'} = '';
5116 $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED';
5117 $checked{'ENABLED_ORANGE'}{'off'} = '';
5118 $checked{'ENABLED_ORANGE'}{'on'} = '';
5119 $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
c6c9630e
MT		 5120
5121 $selected{'DPROTOCOL'}{'udp'} = '';
5122 $selected{'DPROTOCOL'}{'tcp'} = '';
5123 $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
4c962356 5124
52f61e49
EKD		 5125 $selected{'DCIPHER'}{'AES-256-GCM'} = '';
5126 $selected{'DCIPHER'}{'AES-192-GCM'} = '';
5127 $selected{'DCIPHER'}{'AES-128-GCM'} = '';
4c962356
EK		 5128 $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
5129 $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
5130 $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
5131 $selected{'DCIPHER'}{'AES-256-CBC'} = '';
5132 $selected{'DCIPHER'}{'AES-192-CBC'} = '';
5133 $selected{'DCIPHER'}{'AES-128-CBC'} = '';
c6c9630e
MT		 5134 $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
5135 $selected{'DCIPHER'}{'DESX-CBC'} = '';
4c962356
EK		 5136 $selected{'DCIPHER'}{'SEED-CBC'} = '';
5137 $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
5138 $selected{'DCIPHER'}{'CAST5-CBC'} = '';
5139 $selected{'DCIPHER'}{'BF-CBC'} = '';
4c962356 5140 $selected{'DCIPHER'}{'DES-CBC'} = '';
c6c9630e 5141 $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
4c962356
EK		 5142
5143 $selected{'DAUTH'}{'whirlpool'} = '';
5144 $selected{'DAUTH'}{'SHA512'} = '';
5145 $selected{'DAUTH'}{'SHA384'} = '';
5146 $selected{'DAUTH'}{'SHA256'} = '';
4c962356
EK		 5147 $selected{'DAUTH'}{'SHA1'} = '';
5148 $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
5149
0c4ffc69
EK		 5150 $checked{'TLSAUTH'}{'off'} = '';
5151 $checked{'TLSAUTH'}{'on'} = '';
5152 $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
5153
c6c9630e
MT		 5154 $checked{'DCOMPLZO'}{'off'} = '';
5155 $checked{'DCOMPLZO'}{'on'} = '';
5156 $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
4c962356 5157
d96c89eb
AH		 5158# m.a.d
5159 $checked{'MSSFIX'}{'off'} = '';
5160 $checked{'MSSFIX'}{'on'} = '';
5161 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
6e13d0a5 5162#new settings
c6c9630e
MT		 5163 &Header::showhttpheaders();
5164 &Header::openpage($Lang::tr{'status ovpn'}, 1, '');
5165 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
6e13d0a5 5166
c6c9630e 5167 if ($errormessage) {
6e13d0a5
MT		 5168 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
5169 print "<class name='base'>$errormessage\n";
5170 print "&nbsp;</class>\n";
5171 &Header::closebox();
c6c9630e 5172 }
6e13d0a5 5173
400c8afd
EK		 5174 if ($cryptoerror) {
5175 &Header::openbox('100%', 'LEFT', $Lang::tr{'crypto error'});
5176 print "<class name='base'>$cryptoerror";
5177 print "&nbsp;</class>";
5178 &Header::closebox();
5179 }
5180
5181 if ($cryptowarning) {
5182 &Header::openbox('100%', 'LEFT', $Lang::tr{'crypto warning'});
5183 print "<class name='base'>$cryptowarning";
5184 print "&nbsp;</class>";
5185 &Header::closebox();
5186 }
5187
b2e75449
MT		 5188 if ($warnmessage) {
5189 &Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'});
5190 print "$warnmessage<br>";
5191 print "$Lang::tr{'fwdfw warn1'}<br>";
5192 &Header::closebox();
5193 print"<center><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'ok'}' style='width: 5em;'></form>";
5194 &Header::closepage();
5195 exit 0;
5196 }
4d81e0f3 5197
c6c9630e
MT		 5198 my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
5199 my $srunning = "no";
5200 my $activeonrun = "";
5201 if ( -e "/var/run/openvpn.pid"){
6e13d0a5
MT		 5202 $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'running'}</font></b></td></tr></table>";
5203 $srunning ="yes";
5204 $activeonrun = "";
c6c9630e 5205 } else {
6e13d0a5 5206 $activeonrun = "disabled='disabled'";
c6c9630e 5207 }
afabe9f7 5208 &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'});
4c962356 5209 print <<END;
631b67b7 5210 <table width='100%' border='0'>
c6c9630e
MT		 5211 <form method='post'>
5212 <td width='25%'>&nbsp;</td>
5213 <td width='25%'>&nbsp;</td>
5214 <td width='25%'>&nbsp;</td></tr>
5215 <tr><td class='boldbase'>$Lang::tr{'ovpn server status'}</td>
5216 <td align='left'>$sactive</td>
5217 <tr><td class='boldbase'>$Lang::tr{'ovpn on red'}</td>
8c877a82 5218 <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
c6c9630e
MT		 5219END
5220;
5221 if (&haveBlueNet()) {
5222 print "<tr><td class='boldbase'>$Lang::tr{'ovpn on blue'}</td>";
5223 print "<td><input type='checkbox' name='ENABLED_BLUE' $checked{'ENABLED_BLUE'}{'on'} /></td>";
5224 }
5225 if (&haveOrangeNet()) {
5226 print "<tr><td class='boldbase'>$Lang::tr{'ovpn on orange'}</td>";
5227 print "<td><input type='checkbox' name='ENABLED_ORANGE' $checked{'ENABLED_ORANGE'}{'on'} /></td>";
86308adb
EK		 5228 }
5229
5230 print <<END;
5231
5232 <tr><td colspan='4'><br></td></tr>
5233 <tr>
5234 <td class'base'><b>$Lang::tr{'net config'}:</b></td>
5235 </tr>
5236 <tr><td colspan='1'><br></td></tr>
5237
4e17adad
CS		 5238 <tr><td class='base' nowrap='nowrap' colspan='2'>$Lang::tr{'local vpn hostname/ip'}:<br /><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' size='30' /></td>
5239 <td class='boldbase' nowrap='nowrap' colspan='2'>$Lang::tr{'ovpn subnet'}<br /><input type='TEXT' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}' size='30' /></td></tr>
c6c9630e
MT		 5240 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
5241 <td><select name='DPROTOCOL'><option value='udp' $selected{'DPROTOCOL'}{'udp'}>UDP</option>
5242 <option value='tcp' $selected{'DPROTOCOL'}{'tcp'}>TCP</option></select></td>
5243 <td class='boldbase'>$Lang::tr{'destination port'}:</td>
5244 <td><input type='TEXT' name='DDEST_PORT' value='$cgiparams{'DDEST_PORT'}' size='5' /></td></tr>
5245 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;</td>
bc2b3e94 5246 <td> <input type='TEXT' name='DMTU' VALUE='$cgiparams{'DMTU'}' size='5' /></td>
86308adb
EK		 5247 </tr>
5248
5249 <tr><td colspan='4'><br></td></tr>
5250 <tr>
5251 <td class'base'><b>$Lang::tr{'ovpn crypt options'}:</b></td>
5252 </tr>
5253 <tr><td colspan='1'><br></td></tr>
5254
5255 <tr>
5256 <td class='base'>$Lang::tr{'ovpn ha'}</td>
5257 <td><select name='DAUTH'>
5258 <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
5259 <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
5260 <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
5261 <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
5262 <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5263 </select>
5264 </td>
f527e53f 5265
4c962356
EK		 5266 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>
5267 <td><select name='DCIPHER'>
52f61e49
EKD		 5268 <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option>
5269 <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option>
5270 <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option>
4c962356 5271 <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
f527e53f 5272 <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
4c962356
EK		 5273 <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
5274 <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option>
5275 <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
5276 <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
4c962356 5277 <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
ea6dd5b0
EK		 5278 <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5279 <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5280 <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5281 <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5282 <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4c962356
EK		 5283 </select>
5284 </td>
4c962356 5285 </tr>
0c4ffc69
EK		 5286
5287 <tr><td colspan='4'><br></td></tr>
5288 <tr>
5289 <td class='base'>$Lang::tr{'ovpn tls auth'}</td>
5290 <td><input type='checkbox' name='TLSAUTH' $checked{'TLSAUTH'}{'on'} /></td>
5291 </tr>
5292
f7edf97a 5293 <tr><td colspan='4'><br><br></td></tr>
c6c9630e
MT		 5294END
5295;
5296
5297 if ( $srunning eq "yes" ) {
8c877a82
AM		 5298 print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' disabled='disabled' />";
5299 print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />";
5300 print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />";
5301 print "<input type='submit' name='ACTION' value='$Lang::tr{'stop ovpn server'}' /></td></tr>";
c6c9630e 5302 } else{
8c877a82
AM		 5303 print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
5304 print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />";
5305 print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />";
c6c9630e
MT		 5306 if (( -e "${General::swroot}/ovpn/ca/cacert.pem" &&
5307 -e "${General::swroot}/ovpn/ca/dh1024.pem" &&
5308 -e "${General::swroot}/ovpn/certs/servercert.pem" &&
5309 -e "${General::swroot}/ovpn/certs/serverkey.pem") &&
5310 (( $cgiparams{'ENABLED'} eq 'on') ||
5311 ( $cgiparams{'ENABLED_BLUE'} eq 'on') ||
5312 ( $cgiparams{'ENABLED_ORANGE'} eq 'on'))){
8c877a82 5313 print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' /></td></tr>";
c6c9630e 5314 } else {
8c877a82 5315 print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' disabled='disabled' /></td></tr>";
c6c9630e
MT		 5316 }
5317 }
5318 print "</form></table>";
5319 &Header::closebox();
6e13d0a5 5320
c6c9630e 5321 if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
ce9abb66 5322###
7c1d9faf 5323# m.a.d net2net
54fd0535 5324#<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b><br /><img src='/images/null.gif' width='125' height='1' border='0' alt='L2089' /></td>
ce9abb66
AH		 5325###
5326
4c962356 5327 &Header::openbox('100%', 'LEFT', $Lang::tr{'connection status and controlc' });
c6c9630e 5328 ;
99bfa85c
AM		 5329 my $id = 0;
5330 my $gif;
f7edf97a 5331 my $col1="";
5b942f7f 5332 my $lastnet;
c8b51e28 5333 foreach my $key (sort { ncmp ($confighash{$a}[32],$confighash{$b}[32]) } sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) {
5b942f7f
AM		 5334 if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]=$Lang::tr{'fwhost OpenVPN N-2-N'};}
5335 if ($confighash{$key}[32] eq "dynamic"){$confighash{$key}[32]=$Lang::tr{'ccd dynrange'};}
5336 if($id == 0){
5337 print"<b>$confighash{$key}[32]</b>";
5338 print <<END;
5339 <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
5340<tr>
5341 <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
5342 <th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th>
5343 <th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
5344 <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
71af643c 5345 <th width='5%' class='boldbase' colspan='7' align='center'><b>$Lang::tr{'action'}</b></th>
5b942f7f
AM		 5346</tr>
5347END
5348 }
5349 if ($id > 0 && $lastnet ne $confighash{$key}[32]){
5350 print "</table><br>";
5351 print"<b>$confighash{$key}[32]</b>";
5352 print <<END;
5353 <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
5354<tr>
5355 <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
5356 <th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th>
5357 <th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
5358 <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
71af643c 5359 <th width='5%' class='boldbase' colspan='7' align='center'><b>$Lang::tr{'action'}</b></th>
5b942f7f
AM		 5360</tr>
5361END
5362 }
eff2dbf8 5363 if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
c6c9630e 5364 if ($id % 2) {
99bfa85c
AM		 5365 print "<tr>";
5366 $col="bgcolor='$color{'color20'}'";
bb89e92a 5367 } else {
99bfa85c
AM		 5368 print "<tr>";
5369 $col="bgcolor='$color{'color22'}'";
c6c9630e 5370 }
99bfa85c
AM		 5371 print "<td align='center' nowrap='nowrap' $col>$confighash{$key}[1]</td>";
5372 print "<td align='center' nowrap='nowrap' $col>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>";
8c877a82
AM		 5373 #if ($confighash{$key}[4] eq 'cert') {
5374 #print "<td align='left' nowrap='nowrap'>$confighash{$key}[2]</td>";
5375 #} else {
5376 #print "<td align='left'>&nbsp;</td>";
5377 #}
c6c9630e
MT		 5378 my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
5379 $cavalid =~ /Not After : (.*)[\n]/;
5380 $cavalid = $1;
99bfa85c 5381 print "<td align='center' $col>$confighash{$key}[25]</td>";
f7edf97a
AM		 5382 $col1="bgcolor='${Header::colourred}'";
5383 my $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>";
ce9abb66 5384
c6c9630e 5385 if ($confighash{$key}[0] eq 'off') {
f7edf97a
AM		 5386 $col1="bgcolor='${Header::colourblue}'";
5387 $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>";
c6c9630e 5388 } else {
ce9abb66
AH		 5389
5390###
7c1d9faf 5391# m.a.d net2net
f7edf97a
AM		 5392###
5393
b278daf3 5394 if ($confighash{$key}[3] eq 'net') {
54fd0535
MT		 5395
5396 if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
5397 my @output = "";
5398 my @tustate = "";
5399 my $tport = $confighash{$key}[22];
5400 my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport);
5401 if ($tport ne '') {
5402 $tnet->open('127.0.0.1');
5403 @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/');
5404 @tustate = split(/\,/, $output[1]);
5405###
5406#CONNECTING -- OpenVPN's initial state.
5407#WAIT -- (Client only) Waiting for initial response from server.
5408#AUTH -- (Client only) Authenticating with server.
5409#GET_CONFIG -- (Client only) Downloading configuration options from server.
5410#ASSIGN_IP -- Assigning IP address to virtual network interface.
5411#ADD_ROUTES -- Adding routes to system.
5412#CONNECTED -- Initialization Sequence Completed.
5413#RECONNECTING -- A restart has occurred.
5414#EXITING -- A graceful exit is in progress.
5415####
5416
ed4b4c19 5417 if (($tustate[1] eq 'CONNECTED') || ($tustate[1] eq 'WAIT')) {
f7edf97a
AM		 5418 $col1="bgcolor='${Header::colourgreen}'";
5419 $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b>";
5420 }else {
5421 $col1="bgcolor='${Header::colourred}'";
5422 $active = "<b><font color='#FFFFFF'>$tustate[1]</font></b>";
5423 }
54fd0535 5424 }
54fd0535 5425 }
f7edf97a
AM		 5426 }else {
5427
5428 my $cn;
5429 my @match = ();
5430 foreach my $line (@status) {
5431 chomp($line);
5432 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
5433 @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
5434 if ($match[1] ne "Common Name") {
5435 $cn = $match[1];
5436 }
5437 $cn =~ s/[_]/ /g;
5438 if ($cn eq "$confighash{$key}[2]") {
5439 $col1="bgcolor='${Header::colourgreen}'";
5440 $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b>";
5441 }
5442 }
5443 }
c6c9630e 5444 }
7c1d9faf 5445}
ce9abb66
AH		 5446
5447
4c962356 5448 print <<END;
f7edf97a 5449 <td align='center' $col1>$active</td>
c6c9630e 5450
99bfa85c 5451 <form method='post' name='frm${key}a'><td align='center' $col>
96096995
AM		 5452 <input type='image' name='$Lang::tr{'dl client arch'}' src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
5453 <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
5454 <input type='hidden' name='KEY' value='$key' />
c6c9630e
MT		 5455 </td></form>
5456END
5457 ;
71af643c
MT		 5458
5459 if ($confighash{$key}[41] eq "no-pass") {
5460 print <<END;
5461 <form method='post' name='frm${key}g'><td align='center' $col>
5462 <input type='image' name='$Lang::tr{'dl client arch insecure'}' src='/images/openvpn.png'
5463 alt='$Lang::tr{'dl client arch insecure'}' title='$Lang::tr{'dl client arch insecure'}' border='0' />
5464 <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
5465 <input type='hidden' name='MODE' value='insecure' />
5466 <input type='hidden' name='KEY' value='$key' />
5467 </td></form>
5468END
5469 } else {
5470 print "<td $col>&nbsp;</td>";
5471 }
5472
c6c9630e 5473 if ($confighash{$key}[4] eq 'cert') {
4c962356 5474 print <<END;
99bfa85c 5475 <form method='post' name='frm${key}b'><td align='center' $col>
c6c9630e
MT		 5476 <input type='image' name='$Lang::tr{'show certificate'}' src='/images/info.gif' alt='$Lang::tr{'show certificate'}' title='$Lang::tr{'show certificate'}' border='0' />
5477 <input type='hidden' name='ACTION' value='$Lang::tr{'show certificate'}' />
5478 <input type='hidden' name='KEY' value='$key' />
5479 </td></form>
5480END
5481 ; } else {
5482 print "<td>&nbsp;</td>";
5483 }
5484 if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") {
4c962356 5485 print <<END;
99bfa85c 5486 <form method='post' name='frm${key}c'><td align='center' $col>
438dd0cc 5487 <input type='image' name='$Lang::tr{'download pkcs12 file'}' src='/images/media-floppy.png' alt='$Lang::tr{'download pkcs12 file'}' title='$Lang::tr{'download pkcs12 file'}' border='0' />
c6c9630e
MT		 5488 <input type='hidden' name='ACTION' value='$Lang::tr{'download pkcs12 file'}' />
5489 <input type='hidden' name='KEY' value='$key' />
5490 </td></form>
5491END
5492 ; } elsif ($confighash{$key}[4] eq 'cert') {
4c962356 5493 print <<END;
99bfa85c 5494 <form method='post' name='frm${key}c'><td align='center' $col>
438dd0cc 5495 <input type='image' name='$Lang::tr{'download certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' title='$Lang::tr{'download certificate'}' border='0' />
c6c9630e
MT		 5496 <input type='hidden' name='ACTION' value='$Lang::tr{'download certificate'}' />
5497 <input type='hidden' name='KEY' value='$key' />
5498 </td></form>
5499END
5500 ; } else {
5501 print "<td>&nbsp;</td>";
5502 }
5503 print <<END
99bfa85c 5504 <form method='post' name='frm${key}d'><td align='center' $col>
c6c9630e
MT		 5505 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$Lang::tr{'toggle enable disable'}' title='$Lang::tr{'toggle enable disable'}' border='0' />
5506 <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
5507 <input type='hidden' name='KEY' value='$key' />
5508 </td></form>
5509
99bfa85c 5510 <form method='post' name='frm${key}e'><td align='center' $col>
c6c9630e
MT		 5511 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
5512 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' width='20' height='20' border='0'/>
5513 <input type='hidden' name='KEY' value='$key' />
5514 </td></form>
99bfa85c 5515 <form method='post' name='frm${key}f'><td align='center' $col>
c6c9630e
MT		 5516 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
5517 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' width='20' height='20' border='0' />
5518 <input type='hidden' name='KEY' value='$key' />
5519 </td></form>
5520 </tr>
5521END
5522 ;
5523 $id++;
5b942f7f 5524 $lastnet = $confighash{$key}[32];
c6c9630e 5525 }
5b942f7f 5526 print"</table>";
c6c9630e
MT		 5527 ;
5528
5529 # If the config file contains entries, print Key to action icons
5530 if ( $id ) {
4c962356 5531 print <<END;
8c877a82 5532 <table border='0'>
c6c9630e 5533 <tr>
4c962356
EK		 5534 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
5535 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
5536 <td class='base'>$Lang::tr{'click to disable'}</td>
5537 <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
5538 <td class='base'>$Lang::tr{'show certificate'}</td>
5539 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
5540 <td class='base'>$Lang::tr{'edit'}</td>
5541 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
5542 <td class='base'>$Lang::tr{'remove'}</td>
c6c9630e
MT		 5543 </tr>
5544 <tr>
4c962356
EK		 5545 <td>&nbsp; </td>
5546 <td>&nbsp; <img src='/images/off.gif' alt='?OFF' /></td>
5547 <td class='base'>$Lang::tr{'click to enable'}</td>
5548 <td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
5549 <td class='base'>$Lang::tr{'download certificate'}</td>
5550 <td>&nbsp; &nbsp; <img src='/images/openvpn.png' alt='?RELOAD'/></td>
5551 <td class='base'>$Lang::tr{'dl client arch'}</td>
5552 </tr>
f7edf97a 5553 </table><br>
c6c9630e
MT		 5554END
5555 ;
5556 }
5557
4c962356 5558 print <<END;
c6c9630e
MT		 5559 <table width='100%'>
5560 <form method='post'>
4c962356
EK		 5561 <tr><td align='right'>
5562 <input type='submit' name='ACTION' value='$Lang::tr{'add'}' />
5563 <input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td>
5564 </tr>
c6c9630e
MT		 5565 </form>
5566 </table>
5567END
4c962356
EK		 5568 ;
5569 &Header::closebox();
5570 }
fd5ccb2d
EK		 5571
5572 # CA/key listing
4c962356
EK		 5573 &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}");
5574 print <<END;
5575 <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
5576 <tr>
5577 <th width='25%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
5578 <th width='65%' class='boldbase' align='center'><b>$Lang::tr{'subject'}</b></th>
5579 <th width='10%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></th>
5580 </tr>
5581END
5582 ;
5583 my $col1="bgcolor='$color{'color22'}'";
f7fb5bc5 5584 my $col2="bgcolor='$color{'color20'}'";
c8f50356 5585 # DH parameter line
f7fb5bc5 5586 my $col3="bgcolor='$color{'color22'}'";
fd5ccb2d
EK		 5587 # ta.key line
5588 my $col4="bgcolor='$color{'color20'}'";
f7fb5bc5 5589
4c962356
EK		 5590 if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
5591 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
5592 $casubject =~ /Subject: (.*)[\n]/;
5593 $casubject = $1;
5594 $casubject =~ s+/Email+, E+;
5595 $casubject =~ s/ ST=/ S=/;
5596 print <<END;
5597 <tr>
5598 <td class='base' $col1>$Lang::tr{'root certificate'}</td>
5599 <td class='base' $col1>$casubject</td>
c8f50356 5600 <form method='post' name='frmrootcrta'><td width='3%' align='center' $col1>
4c962356
EK		 5601 <input type='hidden' name='ACTION' value='$Lang::tr{'show root certificate'}' />
5602 <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show root certificate'}' title='$Lang::tr{'show root certificate'}' width='20' height='20' border='0' />
c8f50356
EK		 5603 </form>
5604 <form method='post' name='frmrootcrtb'><td width='3%' align='center' $col1>
4c962356
EK		 5605 <input type='image' name='$Lang::tr{'download root certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download root certificate'}' title='$Lang::tr{'download root certificate'}' border='0' />
5606 <input type='hidden' name='ACTION' value='$Lang::tr{'download root certificate'}' />
c8f50356
EK		 5607 </form>
5608 <td width='4%' $col1>&nbsp;</td>
5609 </tr>
4c962356
EK		 5610END
5611 ;
5612 } else {
5613 # display rootcert generation buttons
5614 print <<END;
5615 <tr>
5616 <td class='base' $col1>$Lang::tr{'root certificate'}:</td>
5617 <td class='base' $col1>$Lang::tr{'not present'}</td>
c8f50356
EK		 5618 <td colspan='3' $col1>&nbsp;</td>
5619 </tr>
4c962356
EK		 5620END
5621 ;
5622 }
5623
5624 if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
5625 my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
5626 $hostsubject =~ /Subject: (.*)[\n]/;
5627 $hostsubject = $1;
5628 $hostsubject =~ s+/Email+, E+;
5629 $hostsubject =~ s/ ST=/ S=/;
5630
5631 print <<END;
5632 <tr>
5633 <td class='base' $col2>$Lang::tr{'host certificate'}</td>
5634 <td class='base' $col2>$hostsubject</td>
c8f50356 5635 <form method='post' name='frmhostcrta'><td width='3%' align='center' $col2>
4c962356
EK		 5636 <input type='hidden' name='ACTION' value='$Lang::tr{'show host certificate'}' />
5637 <input type='image' name='$Lang::tr{'show host certificate'}' src='/images/info.gif' alt='$Lang::tr{'show host certificate'}' title='$Lang::tr{'show host certificate'}' width='20' height='20' border='0' />
c8f50356
EK		 5638 </form>
5639 <form method='post' name='frmhostcrtb'><td width='3%' align='center' $col2>
4c962356
EK		 5640 <input type='image' name="$Lang::tr{'download host certificate'}" src='/images/media-floppy.png' alt="$Lang::tr{'download host certificate'}" title="$Lang::tr{'download host certificate'}" border='0' />
5641 <input type='hidden' name='ACTION' value="$Lang::tr{'download host certificate'}" />
c8f50356
EK		 5642 </td></form>
5643 <td width='4%' $col2>&nbsp;</td>
5644 </tr>
4c962356
EK		 5645END
5646 ;
5647 } else {
5648 # Nothing
5649 print <<END;
5650 <tr>
5651 <td width='25%' class='base' $col2>$Lang::tr{'host certificate'}:</td>
5652 <td class='base' $col2>$Lang::tr{'not present'}</td>
c8f50356
EK		 5653 </td><td colspan='3' $col2>&nbsp;</td>
5654 </tr>
4c962356
EK		 5655END
5656 ;
5657 }
ce9abb66 5658
f7fb5bc5
EK		 5659 # Adding DH parameter to chart
5660 if (-f "${General::swroot}/ovpn/ca/dh1024.pem") {
5661 my $dhsubject = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
c8f50356 5662 $dhsubject =~ / (.*)[\n]/;
f7fb5bc5
EK		 5663 $dhsubject = $1;
5664
5665
5666 print <<END;
5667 <tr>
5668 <td class='base' $col3>$Lang::tr{'dh parameter'}</td>
5669 <td class='base' $col3>$dhsubject</td>
c8f50356 5670 <form method='post' name='frmdhparam'><td width='3%' align='center' $col3>
f7fb5bc5
EK		 5671 <input type='hidden' name='ACTION' value='$Lang::tr{'show dh'}' />
5672 <input type='image' name='$Lang::tr{'show dh'}' src='/images/info.gif' alt='$Lang::tr{'show dh'}' title='$Lang::tr{'show dh'}' width='20' height='20' border='0' />
c8f50356
EK		 5673 </form>
5674 <form method='post' name='frmdhparam'><td width='3%' align='center' $col3>
c8f50356
EK		 5675 </form>
5676 <td width='4%' $col3>&nbsp;</td>
5677 </tr>
f7fb5bc5
EK		 5678END
5679 ;
5680 } else {
5681 # Nothing
5682 print <<END;
5683 <tr>
5684 <td width='25%' class='base' $col3>$Lang::tr{'dh parameter'}:</td>
5685 <td class='base' $col3>$Lang::tr{'not present'}</td>
c8f50356
EK		 5686 </td><td colspan='3' $col3>&nbsp;</td>
5687 </tr>
f7fb5bc5
EK		 5688END
5689 ;
5690 }
5691
fd5ccb2d
EK		 5692 # Adding ta.key to chart
5693 if (-f "${General::swroot}/ovpn/certs/ta.key") {
5694 my $tasubject = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
5695 $tasubject =~ /# (.*)[\n]/;
5696 $tasubject = $1;
5697 print <<END;
5698
5699 <tr>
5700 <td class='base' $col4>$Lang::tr{'ta key'}</td>
5701 <td class='base' $col4>$tasubject</td>
5702 <form method='post' name='frmtakey'><td width='3%' align='center' $col4>
5703 <input type='hidden' name='ACTION' value='$Lang::tr{'show tls-auth key'}' />
5704 <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show tls-auth key'}' title='$Lang::tr{'show tls-auth key'}' width='20' height='20' border='0' />
5705 </form>
5706 <form method='post' name='frmtakey'><td width='3%' align='center' $col4>
5707 <input type='image' name='$Lang::tr{'download tls-auth key'}' src='/images/media-floppy.png' alt='$Lang::tr{'download tls-auth key'}' title='$Lang::tr{'download tls-auth key'}' border='0' />
5708 <input type='hidden' name='ACTION' value='$Lang::tr{'download tls-auth key'}' />
5709 </form>
5710 <td width='4%' $col4>&nbsp;</td>
5711 </tr>
5712END
5713 ;
5714 } else {
5715 # Nothing
5716 print <<END;
5717 <tr>
5718 <td width='25%' class='base' $col4>$Lang::tr{'ta key'}:</td>
5719 <td class='base' $col4>$Lang::tr{'not present'}</td>
5720 <td colspan='3' $col4>&nbsp;</td>
5721 </tr>
5722END
5723 ;
5724 }
5725
4c962356
EK		 5726 if (! -f "${General::swroot}/ovpn/ca/cacert.pem") {
5727 print "<tr><td colspan='5' align='center'><form method='post'>";
5728 print "<input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' />";
5729 print "</form></td></tr>\n";
5730 }
5731
5732 if (keys %cahash > 0) {
5733 foreach my $key (keys %cahash) {
5734 if (($key + 1) % 2) {
5735 print "<tr bgcolor='$color{'color20'}'>\n";
5736 } else {
5737 print "<tr bgcolor='$color{'color22'}'>\n";
5738 }
5739 print "<td class='base'>$cahash{$key}[0]</td>\n";
5740 print "<td class='base'>$cahash{$key}[1]</td>\n";
5741 print <<END;
5742 <form method='post' name='cafrm${key}a'><td align='center'>
5743 <input type='image' name='$Lang::tr{'show ca certificate'}' src='/images/info.gif' alt='$Lang::tr{'show ca certificate'}' title='$Lang::tr{'show ca certificate'}' border='0' />
5744 <input type='hidden' name='ACTION' value='$Lang::tr{'show ca certificate'}' />
5745 <input type='hidden' name='KEY' value='$key' />
5746 </td></form>
5747 <form method='post' name='cafrm${key}b'><td align='center'>
5748 <input type='image' name='$Lang::tr{'download ca certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download ca certificate'}' title='$Lang::tr{'download ca certificate'}' border='0' />
5749 <input type='hidden' name='ACTION' value='$Lang::tr{'download ca certificate'}' />
5750 <input type='hidden' name='KEY' value='$key' />
5751 </td></form>
5752 <form method='post' name='cafrm${key}c'><td align='center'>
5753 <input type='hidden' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
5754 <input type='image' name='$Lang::tr{'remove ca certificate'}' src='/images/delete.gif' alt='$Lang::tr{'remove ca certificate'}' title='$Lang::tr{'remove ca certificate'}' width='20' height='20' border='0' />
5755 <input type='hidden' name='KEY' value='$key' />
5756 </td></form></tr>
5757END
5758 ;
5759 }
5760 }
5761
5762 print "</table>";
5763
5764 # If the file contains entries, print Key to action icons
5765 if ( -f "${General::swroot}/ovpn/ca/cacert.pem") {
5766 print <<END;
5767 <table>
5768 <tr>
5769 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
5770 <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
5771 <td class='base'>$Lang::tr{'show certificate'}</td>
5772 <td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' /></td>
5773 <td class='base'>$Lang::tr{'download certificate'}</td>
5774 </tr>
5775 </table>
5776END
5777 ;
5778 }
ce9abb66 5779
4c962356 5780 print <<END
578f23c8
SS		 5781
5782 <br><hr><br>
5783
4c962356 5784 <form method='post' enctype='multipart/form-data'>
578f23c8
SS		 5785 <table border='0' width='100%'>
5786 <tr>
5787 <td colspan='4'><b>$Lang::tr{'upload ca certificate'}</b></td>
5788 </tr>
4c962356 5789
578f23c8
SS		 5790 <tr>
5791 <td width='10%'>$Lang::tr{'ca name'}:</td>
5792 <td width='30%'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'></td>
5793 <td width='30%'><input type='file' name='FH' size='25'>
5794 <td width='30%'align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}'></td>
5795 </tr>
f527e53f 5796
578f23c8
SS		 5797 <tr>
5798 <td colspan='3'>&nbsp;</td>
5799 <td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td>
5800 </tr>
5801 </table>
f527e53f 5802
578f23c8
SS		 5803 <br>
5804
5805 <table border='0' width='100%'>
5806 <tr>
5807 <td colspan='4'><b>$Lang::tr{'ovpn dh parameters'}</b></td>
5808 </tr>
5809
5810 <tr>
5811 <td width='40%'>$Lang::tr{'ovpn dh upload'}:</td>
5812 <td width='30%'><input type='file' name='FH' size='25'>
5813 <td width='30%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload dh key'}'></td>
5814 </tr>
5815
5816 <tr>
5817 <td width='40%'>$Lang::tr{'ovpn dh new key'}:</td>
5818 <td colspan='2' width='60%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
5819 </tr>
5820 </table>
5821 </form>
f527e53f 5822
578f23c8 5823 <br><hr>
4c962356
EK		 5824END
5825 ;
5826
5827 if ( $srunning eq "yes" ) {
5828 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' disabled='disabled' /></div></form>\n";
5829 } else {
5830 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' /></div></form>\n";
5831 }
5832 &Header::closebox();
5833END
5834 ;
5835
5836&Header::closepage();
ce9abb66 5837
IPFire 2.x development tree