require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
require "${General::swroot}/countries.pl";
-require "${General::swroot}/geoip-functions.pl";
+require "${General::swroot}/location-functions.pl";
# enable only the following on debugging purpose
#use warnings;
print CONF "ncp-disable\n";
print CONF "cipher $sovpnsettings{DCIPHER}\n";
print CONF "auth $sovpnsettings{'DAUTH'}\n";
+ # Set TLSv2 as minimum
+ print CONF "tls-version-min 1.2\n";
if ($sovpnsettings{'TLSAUTH'} eq 'on') {
print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n";
print CONF "push \"dhcp-option WINS $sovpnsettings{DHCP_WINS}\"\n";
}
- if ($sovpnsettings{DHCP_WINS} eq '') {
+ if ($sovpnsettings{MAX_CLIENTS} eq '') {
print CONF "max-clients 100\n";
}
- if ($sovpnsettings{DHCP_WINS} ne '') {
+ if ($sovpnsettings{MAX_CLIENTS} ne '') {
print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n";
}
print CONF "tls-verify /usr/lib/openvpn/verify\n";
} else {
print CONF "verb 3\n";
}
+
+ print CONF "# Log clients connecting/disconnecting\n";
+ print CONF "client-connect \"/usr/sbin/openvpn-metrics client-connect\"\n";
+ print CONF "client-disconnect \"/usr/sbin/openvpn-metrics client-disconnect\"\n";
+
# Print server.conf.local if entries exist to server.conf
if ( !-z $local_serverconf && $sovpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') {
open (LSC, "$local_serverconf");
my $oldname=$_[1];
my %ccdconfhash=();
my %ccdhash=();
+
+ # Check if the new name is valid.
+ if(!&General::validhostname($newname)) {
+ $errormessage=$Lang::tr{'ccd err invalidname'};
+ return;
+ }
+
&General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
foreach my $key (keys %ccdconfhash) {
if ($ccdconfhash{$key}[0] eq $oldname) {
$vpnsettings{'MAX_CLIENTS'} = $cgiparams{'MAX_CLIENTS'};
$vpnsettings{'REDIRECT_GW_DEF1'} = $cgiparams{'REDIRECT_GW_DEF1'};
$vpnsettings{'CLIENT2CLIENT'} = $cgiparams{'CLIENT2CLIENT'};
- $vpnsettings{'COMPLZO'} = $cgiparams{'DCOMPLZO'};
+ $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
$vpnsettings{'ADDITIONAL_CONFIGS'} = $cgiparams{'ADDITIONAL_CONFIGS'};
$vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'};
$vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
undef $vpnsettings{'ROUTES_PUSH'};
&write_routepushfile;
}
- if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 255 )) {
+ if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 1024 )) {
$errormessage = $Lang::tr{'invalid input for max clients'};
goto ADV_ERROR;
}
$errormessage = $Lang::tr{'invalid input for keepalive 1:2'};
goto ADV_ERROR;
}
- # Create ta.key for tls-auth if not presant
- if ($cgiparams{'TLSAUTH'} eq 'on') {
- if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
- system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
- if ($?) {
- $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
- goto ADV_ERROR;
- }
- }
- }
-
&General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
&writeserverconf();#hier ok
}
print SERVERCONF "auth $cgiparams{'DAUTH'}\n";
}
+ # Set TLSv1.2 as minimum
+ print SERVERCONF "tls-version-min 1.2\n";
+
if ($cgiparams{'COMPLZO'} eq 'on') {
print SERVERCONF "# Enable Compression\n";
print SERVERCONF "comp-lzo\n";
print CLIENTCONF "auth $cgiparams{'DAUTH'}\n";
}
+ # Set TLSv1.2 as minimum
+ print CLIENTCONF "tls-version-min 1.2\n";
+
if ($cgiparams{'COMPLZO'} eq 'on') {
print CLIENTCONF "# Enable Compression\n";
print CLIENTCONF "comp-lzo\n";
goto SETTINGS_ERROR;
}
+ # Create ta.key for tls-auth if not presant
+ if ($cgiparams{'TLSAUTH'} eq 'on') {
+ if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
+ system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
+ if ($?) {
+ $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
+ goto SETTINGS_ERROR;
+ }
+ }
+ }
+
$vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
$vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
$vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
### Upload DH key
###
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload dh key'}) {
- if (ref ($cgiparams{'FH'}) ne 'Fh') {
+ unless (ref ($cgiparams{'FH'})) {
$errormessage = $Lang::tr{'there was no file upload'};
goto UPLOADCA_ERROR;
}
}
}
- if (ref ($cgiparams{'FH'}) ne 'Fh') {
+ unless (ref ($cgiparams{'FH'})) {
$errormessage = $Lang::tr{'there was no file upload'};
goto UPLOADCA_ERROR;
}
}
}
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
-
- if (ref ($cgiparams{'FH'}) ne 'Fh') {
+ unless (ref ($cgiparams{'FH'})) {
$errormessage = $Lang::tr{'there was no file upload'};
goto ROOTCERT_ERROR;
}
# } else {
# &cleanssldatabase();
}
+ # Create ta.key for tls-auth
+ system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
+ if ($?) {
+ $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
+ &cleanssldatabase();
+ goto ROOTCERT_ERROR;
+ }
# Create Diffie Hellmann Parameter
system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
if ($?) {
# } else {
# &cleanssldatabase();
}
- # Create ta.key for tls-auth
- system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
- if ($?) {
- $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
- &cleanssldatabase();
- goto ROOTCERT_ERROR;
- }
goto ROOTCERT_SUCCESS;
}
ROOTCERT_ERROR:
if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
# Stop the N2N connection before it is removed
- system("/usr/local/bin/openvpnctrl -kn2n $confighash{$cgiparams{'KEY'}}[1] &>/dev/null");
+ system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
# CCD end
# Update collectd configuration and delete all RRD files of the removed connection
&writecollectdconf();
- system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]");
+ system ('/usr/local/bin/openvpnctrl', '-drrd', $confighash{$cgiparams{'KEY'}}[1]);
delete $confighash{$cgiparams{'KEY'}};
my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
&Header::openbigbox('100%', 'LEFT', '', '');
&Header::openbox('100%', 'LEFT', $Lang::tr{'ovpn con stat'});
+ # Libloc database handle.
+ my $libloc_db_handle = &Location::Functions::init();
+
#
# <td><b>$Lang::tr{'protocol'}</b></td>
# protocol temp removed
$users[$uid]{'Proto'} = $proto;
# get country code for "RealAddress"...
- my $ccode = &GeoIP::lookup((split ':', $users[$uid]{'RealAddress'})[0]);
- my $flag_icon = &GeoIP::get_flag_icon($ccode);
+ my $ccode = &Location::Functions::lookup_country_code($libloc_db_handle, (split ':', $users[$uid]{'RealAddress'})[0]);
+ my $flag_icon = &Location::Functions::get_flag_icon($ccode);
$users[$uid]{'Country'} = "<a href='country.cgi#$ccode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode' title='$ccode' /></a>";
$uid++;
}
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-# Check if a file is uploaded
-
- if (ref ($cgiparams{'FH'}) ne 'Fh') {
+ # Check if a file is uploaded
+ unless (ref ($cgiparams{'FH'})) {
$errormessage = $Lang::tr{'there was no file upload'};
goto N2N_ERROR;
}
#CCD End
- if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
- $errormessage = $Lang::tr{'connection type is invalid'};
- if ($cgiparams{'TYPE'} eq 'net') {
- unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
- rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
- }
- goto VPNCONF_ERROR;
+ if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
+ $errormessage = $Lang::tr{'connection type is invalid'};
+ if ($cgiparams{'TYPE'} eq 'net') {
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ goto VPNCONF_ERROR;
+ }
+ goto VPNCONF_ERROR;
}
-
if ($cgiparams{'NAME'} !~ /^[a-zA-Z0-9]+$/) {
- $errormessage = $Lang::tr{'name must only contain characters'};
- if ($cgiparams{'TYPE'} eq 'net') {
- unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
- rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
- }
- goto VPNCONF_ERROR;
- }
+ $errormessage = $Lang::tr{'name must only contain characters'};
+ if ($cgiparams{'TYPE'} eq 'net') {
+ goto VPNCONF_ERROR;
+ }
+ goto VPNCONF_ERROR;
+ }
if ($cgiparams{'NAME'} =~ /^(host|01|block|private|clear|packetdefault)$/) {
- $errormessage = $Lang::tr{'name is invalid'};
- if ($cgiparams{'TYPE'} eq 'net') {
- unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
- rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
- }
- goto VPNCONF_ERROR;
+ $errormessage = $Lang::tr{'name is invalid'};
+ if ($cgiparams{'TYPE'} eq 'net') {
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ goto VPNCONF_ERROR;
+ }
+ goto VPNCONF_ERROR;
}
if (length($cgiparams{'NAME'}) >60) {
- $errormessage = $Lang::tr{'name too long'};
- if ($cgiparams{'TYPE'} eq 'net') {
- unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
- rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
- }
- goto VPNCONF_ERROR;
+ $errormessage = $Lang::tr{'name too long'};
+ if ($cgiparams{'TYPE'} eq 'net') {
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ goto VPNCONF_ERROR;
+ }
+ goto VPNCONF_ERROR;
}
###
$errormessage = $Lang::tr{'cant change certificates'};
goto VPNCONF_ERROR;
}
- if (ref ($cgiparams{'FH'}) ne 'Fh') {
+ unless (ref ($cgiparams{'FH'})) {
$errormessage = $Lang::tr{'there was no file upload'};
goto VPNCONF_ERROR;
}
$errormessage = $Lang::tr{'cant change certificates'};
goto VPNCONF_ERROR;
}
- if (ref ($cgiparams{'FH'}) ne 'Fh') {
+ unless (ref ($cgiparams{'FH'})) {
$errormessage = $Lang::tr{'there was no file upload'};
goto VPNCONF_ERROR;
}