require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
require "${General::swroot}/countries.pl";
-require "${General::swroot}/geoip-functions.pl";
+require "${General::swroot}/location-functions.pl";
# enable only the following on debugging purpose
#use warnings;
my %color = ();
my %mainsettings = ();
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
-&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
###
### Initialize variables
close FILE;
}
if (! -s ">${General::swroot}/ovpn/certs/index.txt") {
- system ("touch ${General::swroot}/ovpn/certs/index.txt");
+ &General::system("touch", "${General::swroot}/ovpn/certs/index.txt");
}
if (! -s ">${General::swroot}/ovpn/certs/index.txt.attr") {
- system ("touch ${General::swroot}/ovpn/certs/index.txt.attr");
+ &General::system("touch", "${General::swroot}/ovpn/certs/index.txt.attr");
}
unlink ("${General::swroot}/ovpn/certs/index.txt.old");
unlink ("${General::swroot}/ovpn/certs/index.txt.attr.old");
{
# Warning if DH parameter is 1024 bit
if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
- my $dhparameter = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}`;
- my @dhbit = ($dhparameter =~ /(\d+)/);
- if ($1 < 2048) {
- $cryptoerror = "$Lang::tr{'ovpn error dh'}";
- goto CRYPTO_ERROR;
+ my @dhparameter = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
+
+ foreach my $line (@dhparameter) {
+ my @dhbit = ($line =~ /(\d+)/);
+ if ($1 < 2048) {
+ $cryptoerror = "$Lang::tr{'ovpn error dh'}";
+ goto CRYPTO_ERROR;
+ }
}
}
# Warning if md5 is in usage
if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
- my $signature = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
- if ($signature =~ /md5WithRSAEncryption/) {
+ my @signature = &General::system_output("/usr/bin/openssl", "x509", "-noout", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+ if (grep(/md5WithRSAEncryption/, @signature) ) {
$cryptoerror = "$Lang::tr{'ovpn error md5'}";
goto CRYPTO_ERROR;
}
# Warning if certificate is not compliant to RFC3280 TLS rules
if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
- my $extendkeyusage = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
- if ($extendkeyusage !~ /TLS Web Server Authentication/) {
+ my @extendkeyusage = &General::system_output("/usr/bin/openssl", "x509", "-noout", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+ if ( ! grep(/TLS Web Server Authentication/, @extendkeyusage)) {
$cryptowarning = "$Lang::tr{'ovpn warning rfc3280'}";
goto CRYPTO_WARNING;
}
print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n";
#print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
- # Check if we are using mssfix, fragment and set the corretct mtu of 1500.
- # If we doesn't use one of them, we can use the configured mtu value.
- if ($sovpnsettings{'MSSFIX'} eq 'on')
- { print CONF "tun-mtu 1500\n"; }
- elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp')
- { print CONF "tun-mtu 1500\n"; }
- else
- { print CONF "tun-mtu $sovpnsettings{'DMTU'}\n"; }
+ print CONF "tun-mtu $sovpnsettings{'DMTU'}\n";
if ($vpnsettings{'ROUTES_PUSH'} ne '') {
@temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'});
}
if ($sovpnsettings{MSSFIX} eq 'on') {
print CONF "mssfix\n";
+ } else {
+ print CONF "mssfix 0\n";
}
if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') {
print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
print CONF "ncp-disable\n";
print CONF "cipher $sovpnsettings{DCIPHER}\n";
print CONF "auth $sovpnsettings{'DAUTH'}\n";
+ # Set TLSv2 as minimum
+ print CONF "tls-version-min 1.2\n";
if ($sovpnsettings{'TLSAUTH'} eq 'on') {
print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n";
print CONF "push \"dhcp-option WINS $sovpnsettings{DHCP_WINS}\"\n";
}
- if ($sovpnsettings{DHCP_WINS} eq '') {
+ if ($sovpnsettings{MAX_CLIENTS} eq '') {
print CONF "max-clients 100\n";
}
- if ($sovpnsettings{DHCP_WINS} ne '') {
+ if ($sovpnsettings{MAX_CLIENTS} ne '') {
print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n";
}
print CONF "tls-verify /usr/lib/openvpn/verify\n";
} else {
print CONF "verb 3\n";
}
+
+ print CONF "# Log clients connecting/disconnecting\n";
+ print CONF "client-connect \"/usr/sbin/openvpn-metrics client-connect\"\n";
+ print CONF "client-disconnect \"/usr/sbin/openvpn-metrics client-disconnect\"\n";
+
# Print server.conf.local if entries exist to server.conf
if ( !-z $local_serverconf && $sovpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') {
open (LSC, "$local_serverconf");
my $oldname=$_[1];
my %ccdconfhash=();
my %ccdhash=();
+
+ # Check if the new name is valid.
+ if(!&General::validhostname($newname)) {
+ $errormessage=$Lang::tr{'ccd err invalidname'};
+ return;
+ }
+
&General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
foreach my $key (keys %ccdconfhash) {
if ($ccdconfhash{$key}[0] eq $oldname) {
close(COLLECTDVPN);
# Reload collectd afterwards
- system("/usr/local/bin/collectdctrl restart &>/dev/null");
+ &General::system("/usr/local/bin/collectdctrl", "restart");
}
#hier die refresh page
#start openvpn server
if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'}){
&emptyserverlog();
- system('/usr/local/bin/openvpnctrl', '-s');
+ &General::system("/usr/local/bin/openvpnctrl", "-s");
}
#stop openvpn server
if ($cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'}){
- system('/usr/local/bin/openvpnctrl', '-k');
+ &General::system("/usr/local/bin/openvpnctrl", "-k");
&emptyserverlog();
}
# #restart openvpn server
$vpnsettings{'MAX_CLIENTS'} = $cgiparams{'MAX_CLIENTS'};
$vpnsettings{'REDIRECT_GW_DEF1'} = $cgiparams{'REDIRECT_GW_DEF1'};
$vpnsettings{'CLIENT2CLIENT'} = $cgiparams{'CLIENT2CLIENT'};
- $vpnsettings{'COMPLZO'} = $cgiparams{'DCOMPLZO'};
+ $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
$vpnsettings{'ADDITIONAL_CONFIGS'} = $cgiparams{'ADDITIONAL_CONFIGS'};
$vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'};
$vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
undef $vpnsettings{'ROUTES_PUSH'};
&write_routepushfile;
}
- if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 255 )) {
+ if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 1024 )) {
$errormessage = $Lang::tr{'invalid input for max clients'};
goto ADV_ERROR;
}
if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
print SERVERCONF "tun-mtu $tunmtu\n";
if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";}
- if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; };
+ if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; } else { print SERVERCONF "mssfix 0\n" };
}
print SERVERCONF "# Auth. Server\n";
print SERVERCONF "auth $cgiparams{'DAUTH'}\n";
}
+ # Set TLSv1.2 as minimum
+ print SERVERCONF "tls-version-min 1.2\n";
+
if ($cgiparams{'COMPLZO'} eq 'on') {
print SERVERCONF "# Enable Compression\n";
print SERVERCONF "comp-lzo\n";
if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
print CLIENTCONF "tun-mtu $tunmtu\n";
if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";}
- if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; };
+ if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; } else { print CLIENTCONF "mssfix 0\n" };
}
# Check host certificate if X509 is RFC3280 compliant.
# If not, old --ns-cert-type directive will be used.
# If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
- my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
- if ($hostcert !~ /TLS Web Server Authentication/) {
+ my @hostcert = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+ if ( ! grep(/TLS Web Server Authentication/, @hostcert)) {
print CLIENTCONF "ns-cert-type server\n";
} else {
print CLIENTCONF "remote-cert-tls server\n";
print CLIENTCONF "auth $cgiparams{'DAUTH'}\n";
}
+ # Set TLSv1.2 as minimum
+ print CLIENTCONF "tls-version-min 1.2\n";
+
if ($cgiparams{'COMPLZO'} eq 'on') {
print CLIENTCONF "# Enable Compression\n";
print CLIENTCONF "comp-lzo\n";
# Create ta.key for tls-auth if not presant
if ($cgiparams{'TLSAUTH'} eq 'on') {
if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
- system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
+ # This system call is safe, because all arguements are passed as an array.
+ system("/usr/sbin/openvpn", "--genkey", "--secret", "${General::swroot}/ovpn/certs/ta.key");
if ($?) {
$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
goto SETTINGS_ERROR;
$vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
#wrtie enable
- if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");}
- if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_orange 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_orange 2>/dev/null");}
- if ( $vpnsettings{'ENABLED'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable 2>/dev/null");}
+ if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {
+ &General::system("touch", "${General::swroot}/ovpn/enable_blue");
+ } else {
+ unlink(${General::swroot}/ovpn/enable_blue);
+ }
+
+ if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {
+ &General::system("touch", "${General::swroot}/ovpn/enable_orange");
+ } else {
+ unlink("${General::swroot}/ovpn/enable_orange");
+ }
+
+ if ( $vpnsettings{'ENABLED'} eq 'on' ) {
+ &General::system("touch", "${General::swroot}/ovpn/enable");
+ } else {
+ unlink("${General::swroot}/ovpn/enable");
+ }
+
#new settings for daemon
&General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
&writeserverconf();#hier ok
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
# Kill all N2N connections
- system("/usr/local/bin/openvpnctrl -kn2n &>/dev/null");
+ &General::system("/usr/local/bin/openvpnctrl", "-kn2n");
foreach my $key (keys %confighash) {
my $name = $confighash{$cgiparams{'$key'}}[1];
delete $confighash{$cgiparams{'$key'}};
}
- system ("/usr/local/bin/openvpnctrl -drrd $name &>/dev/null");
+ &General::system("/usr/local/bin/openvpnctrl", "-drrd", "$name");
}
while ($file = glob("${General::swroot}/ovpn/ca/*")) {
unlink $file;
close FILE;
}
while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) {
- system ("rm -rf $file");
+ unlink($file);
}
# Remove everything from the collectd configuration
unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
}
# Create Diffie Hellmann Parameter
- system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
+ # The system call is safe, because all arguments are passed as an array.
+ system("/usr/bin/openssl", "dhparam", "-out", "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
if ($?) {
$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
$errormessage = $!;
goto UPLOADCA_ERROR;
}
- my $temp = `/usr/bin/openssl dhparam -text -in $filename`;
- if ($temp !~ /DH Parameters: \((2048|3072|4096) bit\)/) {
+ my @temp = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "$filename");
+ if ( ! grep(/DH Parameters: \((2048|3072|4096) bit\)/, @temp)) {
$errormessage = $Lang::tr{'not a valid dh key'};
unlink ($filename);
goto UPLOADCA_ERROR;
$errormessage = $!;
goto UPLOADCA_ERROR;
}
- my $temp = `/usr/bin/openssl x509 -text -in $filename`;
- if ($temp !~ /CA:TRUE/i) {
+ my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$filename");
+ if ( ! grep(/CA:TRUE/i, @temp )) {
$errormessage = $Lang::tr{'not a valid ca certificate'};
unlink ($filename);
goto UPLOADCA_ERROR;
}
}
- my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem`;
- $casubject =~ /Subject: (.*)[\n]/;
- $casubject = $1;
- $casubject =~ s+/Email+, E+;
- $casubject =~ s/ ST=/ S=/;
+ @casubject = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem");
+ my $casubject;
+
+ foreach my $line (@casubject) {
+ if ($line =~ /Subject: (.*)[\n]/) {
+ $casubject = $1;
+ $casubject =~ s+/Email+, E+;
+ $casubject =~ s/ ST=/ S=/;
+
+ last;
+ }
+ }
+
$casubject = &Header::cleanhtml($casubject);
my $key = &General::findhasharraykey (\%cahash);
&Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', $errormessage);
&Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:");
- my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
- $output = &Header::cleanhtml($output,"y");
- print "<pre>$output</pre>\n";
+ my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
+ @output = &Header::cleanhtml(@output,"y");
+ print "<pre>@output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
print "Content-Type: application/octet-stream\r\n";
print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
- print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
+
+ my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
+ print "@tmp";
+
exit(0);
} else {
$errormessage = $Lang::tr{'invalid key'};
if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
foreach my $key (keys %confighash) {
- my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
- if ($test =~ /: OK/) {
+ my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
+ if (grep(/: OK/, @test)) {
# Delete connection
# if ($vpnsettings{'ENABLED'} eq 'on' ||
# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
my $assignedcerts = 0;
if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
foreach my $key (keys %confighash) {
- my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
- if ($test =~ /: OK/) {
+ my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
+ if (grep(/: OK/, @test)) {
$assignedcerts++;
}
}
###
}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} ||
$cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
- my $output;
+ my @output;
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', '');
if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
&Header::openbox('100%', 'LEFT', "$Lang::tr{'root certificate'}:");
- $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
+ @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
} else {
&Header::openbox('100%', 'LEFT', "$Lang::tr{'host certificate'}:");
- $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
+ @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
}
- $output = &Header::cleanhtml($output,"y");
- print "<pre>$output</pre>\n";
+ @output = &Header::cleanhtml(@output,"y");
+ print "<pre>@output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
print "Content-Type: application/octet-stream\r\n";
print "Content-Disposition: filename=cacert.pem\r\n\r\n";
- print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/cacert.pem`;
+
+ my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
+ print "@tmp";
+
exit(0);
}
if ( -f "${General::swroot}/ovpn/certs/servercert.pem" ) {
print "Content-Type: application/octet-stream\r\n";
print "Content-Disposition: filename=servercert.pem\r\n\r\n";
- print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem`;
+
+ my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+ print "@tmp";
+
exit(0);
}
if ( -f "${General::swroot}/ovpn/certs/ta.key" ) {
print "Content-Type: application/octet-stream\r\n";
print "Content-Disposition: filename=ta.key\r\n\r\n";
- print `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
+
+ open(FILE, "${General::swroot}/ovpn/certs/ta.key");
+ my @tmp = <FILE>;
+ close(FILE);
+
+ print "@tmp";
+
exit(0);
}
}
# Sign the host certificate request
+ # This system call is safe, because all argeuments are passed as an array.
system('/usr/bin/openssl', 'ca', '-days', '999999',
'-batch', '-notext',
'-in', "${General::swroot}/ovpn/certs/serverreq.pem",
}
# Create an empty CRL
+ # System call is safe, because all arguments are passed as array.
system('/usr/bin/openssl', 'ca', '-gencrl',
'-out', "${General::swroot}/ovpn/crls/cacrl.pem",
'-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" );
# &cleanssldatabase();
}
# Create ta.key for tls-auth
+ # This system call is safe, because all arguments are passed as an array.
system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
if ($?) {
$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
goto ROOTCERT_ERROR;
}
# Create Diffie Hellmann Parameter
+ # The system call is safe, because all arguments are passed as an array.
system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
if ($?) {
$errormessage = "$Lang::tr{'openssl produced an error'}: $?";
}
ROOTCERT_SUCCESS:
- system ("chmod 600 ${General::swroot}/ovpn/certs/serverkey.pem");
+ &General::system("chmod", "600", "${General::swroot}/ovpn/certs/serverkey.pem");
# if ($vpnsettings{'ENABLED'} eq 'on' ||
# $vpnsettings{'ENABLE_BLUE'} eq 'on') {
# system('/usr/local/bin/ipsecctrl', 'S');
&General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-# my $n2nactive = '';
- my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk \'{print \$1}\'`;
+ my $n2nactive = '';
+ my @ps = &General::system_output("/bin/ps", "ax");
+
+ if(grep(/$confighash{$cgiparams{'KEY'}}[1]/, @ps)) {
+ $n2nactive = "1";
+ }
if ($confighash{$cgiparams{'KEY'}}) {
if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
- system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
+ &General::system("/usr/local/bin/openvpnctrl", "-sn2n", "$confighash{$cgiparams{'KEY'}}[1]");
&writecollectdconf();
}
} else {
if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
if ($n2nactive ne '') {
- system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
+ &General::system("/usr/local/bin/openvpnctrl", "-kn2n", "$confighash{$cgiparams{'KEY'}}[1]");
&writecollectdconf();
}
if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1500'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
print CLIENTCONF "tun-mtu $tunmtu\n";
if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";}
- if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";}
+ if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";} else { print CLIENTCONF "mssfix 0\n"; }
}
# Check host certificate if X509 is RFC3280 compliant.
# If not, old --ns-cert-type directive will be used.
# If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
- my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
- if ($hostcert !~ /TLS Web Server Authentication/) {
+ my @hostcert = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+ if (! grep(/TLS Web Server Authentication/, @hostcert)) {
print CLIENTCONF "ns-cert-type server\n";
} else {
print CLIENTCONF "remote-cert-tls server\n";
print CLIENTCONF "nobind\r\n";
print CLIENTCONF "dev tun\r\n";
print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n";
-
- # Check if we are using fragment, mssfix and set MTU to 1500
- # or use configured value.
- if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' )
- { print CLIENTCONF "tun-mtu 1500\r\n"; }
- elsif ($vpnsettings{MSSFIX} eq 'on')
- { print CLIENTCONF "tun-mtu 1500\r\n"; }
- else
- { print CLIENTCONF "tun-mtu $vpnsettings{'DMTU'}\r\n"; }
+ print CLIENTCONF "tun-mtu $vpnsettings{'DMTU'}\r\n";
if ( $vpnsettings{'ENABLED'} eq 'on'){
print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n";
$zip->addFile("${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
# Extract the certificate
+ # This system call is safe, because all arguments are passed as an array.
system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
'-clcerts', '-nokeys', '-nodes', '-out', "$file_crt" , '-passin', 'pass:');
if ($?) {
print CLIENTCONF ";cert $confighash{$cgiparams{'KEY'}}[1].pem\r\n";
# Extract the key
+ # This system call is safe, because all arguments are passed as an array.
system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
'-nocerts', '-nodes', '-out', "$file_key", '-passin', 'pass:');
if ($?) {
# Check host certificate if X509 is RFC3280 compliant.
# If not, old --ns-cert-type directive will be used.
# If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
- my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
- if ($hostcert !~ /TLS Web Server Authentication/) {
+ my @hostcert = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+ if (! grep(/TLS Web Server Authentication/, @hostcert)) {
print CLIENTCONF "ns-cert-type server\r\n";
} else {
print CLIENTCONF "remote-cert-tls server\r\n";
print CLIENTCONF "verify-x509-name $vpnsettings{ROOTCERT_HOSTNAME} name\r\n";
if ($vpnsettings{MSSFIX} eq 'on') {
print CLIENTCONF "mssfix\r\n";
+ } else {
+ print CLIENTCONF "mssfix 0\r\n";
}
if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) {
print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
if ($confighash{$cgiparams{'KEY'}}) {
# Revoke certificate if certificate was deleted and rewrite the CRL
- my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
- my $tempA = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+ &General::system("/usr/bin/openssl", "ca", "-revoke", "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf)";
+ &General::system("/usr/bin/openssl", "ca", "-gencrl", "-out", "${General::swroot}/ovpn/crls/cacrl.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf");
###
# m.a.d net2net
if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
# Stop the N2N connection before it is removed
- system("/usr/local/bin/openvpnctrl -kn2n $confighash{$cgiparams{'KEY'}}[1] &>/dev/null");
+ &General::system("/usr/local/bin/openvpnctrl", "-kn2n", "$confighash{$cgiparams{'KEY'}}[1]");
my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
# CCD end
# Update collectd configuration and delete all RRD files of the removed connection
&writecollectdconf();
- system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]");
+ &General::system("/usr/local/bin/openvpnctrl", "-drrd", "$confighash{$cgiparams{'KEY'}}[1]");
delete $confighash{$cgiparams{'KEY'}};
- my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+ &General::system("/usr/bin/openssl", "ca", "-gencrl", "-out", "${General::swroot}/ovpn/crls/cacrl.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf");
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
} else {
print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . ".p12\r\n";
print "Content-Type: application/octet-stream\r\n\r\n";
- print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12`;
+
+ open(FILE, "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+ my @tmp = <FILE>;
+ close(FILE);
+
+ print "@tmp";
exit (0);
###
&Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', '');
&Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:");
- my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
- $output = &Header::cleanhtml($output,"y");
- print "<pre>$output</pre>\n";
+ my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
+ @output = &Header::cleanhtml(@output,"y");
+ print "<pre>@output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
&Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', '');
&Header::openbox('100%', 'LEFT', "$Lang::tr{'dh'}:");
- my $output = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
- $output = &Header::cleanhtml($output,"y");
- print "<pre>$output</pre>\n";
+ my @output = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/dh1024.pem");
+ @output = &Header::cleanhtml(@output,"y");
+ print "<pre>@output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
&Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', '');
&Header::openbox('100%', 'LEFT', "$Lang::tr{'ta key'}:");
- my $output = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
- $output = &Header::cleanhtml($output,"y");
- print "<pre>$output</pre>\n";
+
+ open(FILE, "${General::swroot}/ovpn/certs/ta.key");
+ my @output = <FILE>;
+ close(FILE);
+
+ @output = &Header::cleanhtml(@output,"y");
+ print "<pre>@output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
&Header::openpage($Lang::tr{'ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', '');
&Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
- my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`;
- $output = &Header::cleanhtml($output,"y");
- print "<pre>$output</pre>\n";
+ my @output = &General::system_output("/usr/bin/openssl", "crl", "-text", "-noout", "-in", "${General::swroot}/ovpn/crls/cacrl.pem");
+ @output = &Header::cleanhtml(@output,"y");
+ print "<pre>@output</pre>\n";
&Header::closebox();
print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
$users[$uid]{'Proto'} = $proto;
# get country code for "RealAddress"...
- my $ccode = &GeoIP::lookup((split ':', $users[$uid]{'RealAddress'})[0]);
- my $flag_icon = &GeoIP::get_flag_icon($ccode);
+ my $ccode = &Location::Functions::lookup_country_code((split ':', $users[$uid]{'RealAddress'})[0]);
+ my $flag_icon = &Location::Functions::get_flag_icon($ccode);
$users[$uid]{'Country'} = "<a href='country.cgi#$ccode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode' title='$ccode' /></a>";
$uid++;
}
if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\r\n";
print "Content-Type: application/octet-stream\r\n\r\n";
- print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
+
+ open(FILE, "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
+ my @tmp = <FILE>;
+ close(FILE);
+
+ print "@tmp";
exit (0);
}
#CCD End
- if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
- $errormessage = $Lang::tr{'connection type is invalid'};
- if ($cgiparams{'TYPE'} eq 'net') {
- unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
- rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
- }
- goto VPNCONF_ERROR;
+ if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
+ $errormessage = $Lang::tr{'connection type is invalid'};
+ if ($cgiparams{'TYPE'} eq 'net') {
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ goto VPNCONF_ERROR;
+ }
+ goto VPNCONF_ERROR;
}
-
if ($cgiparams{'NAME'} !~ /^[a-zA-Z0-9]+$/) {
- $errormessage = $Lang::tr{'name must only contain characters'};
- if ($cgiparams{'TYPE'} eq 'net') {
- unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
- rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
- }
- goto VPNCONF_ERROR;
- }
+ $errormessage = $Lang::tr{'name must only contain characters'};
+ if ($cgiparams{'TYPE'} eq 'net') {
+ goto VPNCONF_ERROR;
+ }
+ goto VPNCONF_ERROR;
+ }
if ($cgiparams{'NAME'} =~ /^(host|01|block|private|clear|packetdefault)$/) {
- $errormessage = $Lang::tr{'name is invalid'};
- if ($cgiparams{'TYPE'} eq 'net') {
- unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
- rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
- }
- goto VPNCONF_ERROR;
+ $errormessage = $Lang::tr{'name is invalid'};
+ if ($cgiparams{'TYPE'} eq 'net') {
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ goto VPNCONF_ERROR;
+ }
+ goto VPNCONF_ERROR;
}
if (length($cgiparams{'NAME'}) >60) {
- $errormessage = $Lang::tr{'name too long'};
- if ($cgiparams{'TYPE'} eq 'net') {
- unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
- rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
- }
- goto VPNCONF_ERROR;
+ $errormessage = $Lang::tr{'name too long'};
+ if ($cgiparams{'TYPE'} eq 'net') {
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ goto VPNCONF_ERROR;
+ }
+ goto VPNCONF_ERROR;
}
###
# Sign the certificate request and move it
# Sign the host certificate request
+ # The system call is safe, because all arguments are passed as an array.
system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
'-batch', '-notext',
'-in', $filename,
&deletebackupcert();
}
- my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
- $temp =~ /Subject:.*CN\s?=\s?(.*)[\n]/;
- $temp = $1;
- $temp =~ s+/Email+, E+;
- $temp =~ s/ ST=/ S=/;
+ my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
+ my $temp;
+
+ foreach my $line (@temp) {
+ if ($line =~ /Subject:.*CN\s?=\s?(.*)[\n]/) {
+ $temp = $1;
+ $temp =~ s+/Email+, E+;
+ $temp =~ s/ ST=/ S=/;
+
+ last;
+ }
+ }
+
$cgiparams{'CERT_NAME'} = $temp;
$cgiparams{'CERT_NAME'} =~ s/,//g;
$cgiparams{'CERT_NAME'} =~ s/\'//g;
# Verify the certificate has a valid CA and move it
my $validca = 0;
- my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/cacert.pem $filename`;
- if ($test =~ /: OK/) {
+ my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/cacert.pem", "$filename");
+ if (grep(/: OK/, @test)) {
$validca = 1;
} else {
foreach my $key (keys %cahash) {
- $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem $filename`;
- if ($test =~ /: OK/) {
+ @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem", "$filename");
+ if (grep(/: OK/, @test)) {
$validca = 1;
}
}
}
}
- my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
- $temp =~ /Subject:.*CN\s?=\s?(.*)[\n]/;
- $temp = $1;
- $temp =~ s+/Email+, E+;
- $temp =~ s/ ST=/ S=/;
+ my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
+ my $temp;
+
+ foreach my $line (@temp) {
+ if ($line =~ /Subject:.*CN\s?=\s?(.*)[\n]/) {
+ $temp = $1;
+ $temp =~ s+/Email+, E+;
+ $temp =~ s/ ST=/ S=/;
+
+ last;
+ }
+ }
+
$cgiparams{'CERT_NAME'} = $temp;
$cgiparams{'CERT_NAME'} =~ s/,//g;
$cgiparams{'CERT_NAME'} =~ s/\'//g;
}
# Sign the host certificate request
+ # The system call is safe, because all arguments are passed as an array.
system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
'-batch', '-notext',
'-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
}
# Create the pkcs12 file
+ # The system call is safe, because all arguments are passed as an array.
system('/usr/bin/openssl', 'pkcs12', '-export',
'-inkey', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
'-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
if ($cgiparams{'TYPE'} eq 'net') {
- if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
- system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
+ if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
+ &General::system("/usr/local/bin/openvpnctrl", "-kn2n", "$confighash{$cgiparams{'KEY'}}[1]");
- &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- my $key = $cgiparams{'KEY'};
- if (! $key) {
- $key = &General::findhasharraykey (\%confighash);
- foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
- }
- $confighash{$key}[0] = 'on';
- &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+ &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+ my $key = $cgiparams{'KEY'};
+ if (! $key) {
+ $key = &General::findhasharraykey (\%confighash);
+ foreach my $i (0 .. 31) {
+ $confighash{$key}[$i] = "";
+ }
+ }
+
+ $confighash{$key}[0] = 'on';
+ &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
- }
- }
+ &General::system("/usr/local/bin/openvpnctrl", "-sn2n", "$confighash{$cgiparams{'KEY'}}[1]");
+ }
+ }
###
# m.a.d n2n end
&General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- my @status = `/bin/cat /var/run/ovpnserver.log`;
+ open(FILE, "/var/run/ovpnserver.log");
+ my @status = <FILE>;
+ close(FILE);
if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
#} else {
#print "<td align='left'> </td>";
#}
- my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
- $cavalid =~ /Not After : (.*)[\n]/;
- $cavalid = $1;
+ my @cavalid = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
+ my $cavalid;
+
+ foreach my $line (@cavalid) {
+ if ($line =~ /Not After : (.*)[\n]/) {
+ $cavalid = $1;
+
+ last;
+ }
+ }
+
print "<td align='center' $col>$confighash{$key}[25]</td>";
$col1="bgcolor='${Header::colourred}'";
my $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>";
my $col4="bgcolor='$color{'color20'}'";
if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
- my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
- $casubject =~ /Subject: (.*)[\n]/;
- $casubject = $1;
- $casubject =~ s+/Email+, E+;
- $casubject =~ s/ ST=/ S=/;
+ my @casubject = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
+ my $casubject;
+
+ foreach my $line (@casubject) {
+ if ($line =~ /Subject: (.*)[\n]/) {
+ $casubject = $1;
+ $casubject =~ s+/Email+, E+;
+ $casubject =~ s/ ST=/ S=/;
+
+ last;
+ }
+ }
+
print <<END;
<tr>
<td class='base' $col1>$Lang::tr{'root certificate'}</td>
}
if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
- my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
- $hostsubject =~ /Subject: (.*)[\n]/;
- $hostsubject = $1;
- $hostsubject =~ s+/Email+, E+;
- $hostsubject =~ s/ ST=/ S=/;
+ my @hostsubject = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
+ my $hostsubject;
+
+ foreach my $line (@hostsubject) {
+ if ($line =~ /Subject: (.*)[\n]/) {
+ $hostsubject = $1;
+ $hostsubject =~ s+/Email+, E+;
+ $hostsubject =~ s/ ST=/ S=/;
+
+ last;
+ }
+ }
print <<END;
<tr>
# Adding DH parameter to chart
if (-f "${General::swroot}/ovpn/ca/dh1024.pem") {
- my $dhsubject = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
- $dhsubject =~ / (.*)[\n]/;
- $dhsubject = $1;
+ my @dhsubject = &System_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/dh1024.pem");
+ my $dhsubject;
+
+ foreach my $line (@dhsubject) {
+ if ($line =~ / (.*)[\n]/) {
+ $dhsubject = $1;
+ last;
+ }
+ }
print <<END;
<tr>
# Adding ta.key to chart
if (-f "${General::swroot}/ovpn/certs/ta.key") {
- my $tasubject = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
- $tasubject =~ /# (.*)[\n]/;
- $tasubject = $1;
+ open(FILE, "${General::swroot}/ovpn/certs/ta.key");
+ my @tasubject = <FILE>;
+ close(FILE);
+
+ my $tasubject;
+ foreach my $line (@tasubject) {
+ if($line =~ /# (.*)[\n]/) {
+ $tasubject = $1;
+
+ last;
+ }
+ }
+
print <<END;
<tr>
projects / people / pmueller / ipfire-2.x.git / blobdiff