my $errormessage = '';
my %settings=();
my $routes_push_file = '';
+my $confighost="${General::swroot}/fwhosts/customhosts";
+my $configgrp="${General::swroot}/fwhosts/customgroups";
+my $customnet="${General::swroot}/fwhosts/customnetworks";
+my $name;
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
$cgiparams{'ENABLED'} = 'off';
$cgiparams{'ENABLED_BLUE'} = 'off';
return;
}
-
sub writeserverconf {
my %sovpnsettings = ();
my @temp = ();
{ print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp')
{ print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
- elsif ($sovpnsettings{'PMTU_DISCOVERY'} ne 'off')
+ elsif (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
{ print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
else
{ print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; }
print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
}
- if ($sovpnsettings{PMTU_DISCOVERY} ne 'off') {
- print CONF "mtu-disc $sovpnsettings{'PMTU_DISCOVERY'}\n";
+ # Check if a valid operating mode has been choosen and use it.
+ if (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' )) {
+ print CONF "mtu-disc $sovpnsettings{'PMTU_DISCOVERY'}\n";
}
if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {
my @ccdconf=();
my $ccdname=$_[0];
my $ccdnet=$_[1];
- my $ovpnsubnet=$_[2];
my $subcidr;
my @ip2=();
my $checkup;
my $ccdip;
my $baseaddress;
- if(!&General::validhostname($ccdname)){
+
+
+ #check name
+ if ($ccdname eq '')
+ {
+ $errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>";
+ return
+ }
+
+ if(!&General::validhostname($ccdname))
+ {
$errormessage=$Lang::tr{'ccd err invalidname'};
return;
}
- #check ip
- if (&General::validipandmask($ccdnet)){
- $ccdnet=&General::iporsubtocidr($ccdnet);
- }else{
+
+ ($ccdip,$subcidr) = split (/\//,$ccdnet);
+ $subcidr=&General::iporsubtocidr($subcidr);
+ #check subnet
+ if ($subcidr > 30)
+ {
$errormessage=$Lang::tr{'ccd err invalidnet'};
return;
}
- ($ccdip,$subcidr) = split (/\//,$ccdnet);
- if ($ccdname eq '') {
- $errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>";
- }
- #check if we try to use same network as ovpn server
- if (&General::iporsubtocidr($ccdnet) eq &General::iporsubtocidr($ovpnsubnet)) {
- $errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."<br>";
- }
-
- #check if we use a name/subnet that already exists
- &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
- foreach my $key (keys %ccdconfhash) {
- @ccdconf=split(/\//,$ccdconfhash{$key}[1]);
- if ($ccdname eq $ccdconfhash{$key}[0]) {$errormessage=$errormessage.$Lang::tr{'ccd err nameexist'}."<br>";}
- my ($newip,$newsub) = split(/\//,$ccdnet);
- if (&General::IpInSubnet($newip,$ccdconf[0],&General::iporsubtodec($ccdconf[1]))) {$errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."<br>";}
-
+ #check ip
+ if (!&General::validipandmask($ccdnet)){
+ $errormessage=$Lang::tr{'ccd err invalidnet'};
+ return;
}
- #check if we use one of ipfire's networks (green,orange,blue)
- my %ownnet=();
- &General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
- if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err green'};}
- if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err orange'};}
- if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err blue'};}
- if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'RED_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err red'};}
-
+
+ $errormessage=&General::checksubnets($ccdname,$ccdnet);
+
if (!$errormessage) {
my %ccdconfhash=();
my %ccdhash=();
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
$iprange[0]=$ip1.".".$ip2.".".$ip3.".".2;
- for (my $i=0;$i<=$count-1;$i++) {
+ for (my $i=1;$i<=$count;$i++) {
my $tmpip=$iprange[$i-1];
my $stepper=$i*4;
$iprange[$i]= &General::getnextip($tmpip,4);
$vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
}
- if ($cgiparams{'PMTU_DISCOVERY'} ne 'off') {
+ if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
+
if (($cgiparams{'MSSFIX'} eq 'on') || ($cgiparams{'FRAGMENT'} ne '')) {
$errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'};
goto ADV_ERROR;
if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";}
if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; };
}
- if ($cgiparams{'PMTU_DISCOVERY'} ne 'off') {
+
+ # Check if a valid operating mode has been choosen and use it.
+ if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) {
if($cgiparams{'MTU'} eq '1500') {
print SERVERCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n";
if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";}
if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; };
}
- if ($cgiparams{'PMTU_DISCOVERY'} ne 'off') {
+
+ # Check if a valid operating mode has been choosen and use it.
+ if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) {
if ($cgiparams{'MTU'} eq '1500') {
print CLIENTCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n";
}
}
- }
+ }
+
print CLIENTCONF "ns-cert-type server\n";
print CLIENTCONF "# Auth. Client\n";
print CLIENTCONF "tls-client\n";
if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";}
if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";}
}
- if ($confighash{$cgiparams{'KEY'}}[38] ne 'off') {
+ if (($confighash{$cgiparams{'KEY'}}[38] eq 'yes') ||
+ ($confighash{$cgiparams{'KEY'}}[38] eq 'maybe') ||
+ ($confighash{$cgiparams{'KEY'}}[38] eq 'no' )) {
if (($confighash{$cgiparams{'KEY'}}[23] ne 'on') || ($confighash{$cgiparams{'KEY'}}[24] eq '')) {
if ($tunmtu eq '1500' ) {
print CLIENTCONF "mtu-disc $confighash{$cgiparams{'KEY'}}[38]\n";
{ print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
elsif ($vpnsettings{MSSFIX} eq 'on')
{ print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
- elsif ($vpnsettings{PMTU_DISCOVERY} ne 'off')
+ elsif (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
{ print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
else
{ print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; }
if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) {
print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
}
- if ($vpnsettings{PMTU_DISCOVERY} ne 'off') {
+
+ # Check if a valid operating mode has been choosen and use it.
+ if (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' )) {
if(($vpnsettings{MSSFIX} ne 'on') || ($vpnsettings{FRAGMENT} eq '')) {
print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\n";
}
}
}
&General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
-
+ &writeserverconf;
# CCD end
print" <br><b><font color='#990000'>$Lang::tr{'attention'}:</b></font><br>
$Lang::tr{'server restart'}<br><br>
<hr>";
-}
+ print<<END
+<table width='100%'>
+<tr>
+ <td> </td>
+ <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' disabled='disabled' /></td>
+ <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
+ <td> </td>
+</tr>
+</table>
+</form>
+END
+;
+
+
+}else{
print<<END
<table width='100%'>
</form>
END
;
-
+}
&Header::closebox();
# print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
if ($cgiparams{'ACTION'} eq 'editsave'){
my ($a,$b) =split (/\|/,$cgiparams{'ccdname'});
if ( $a ne $b){ &modccdnet($a,$b);}
+ $cgiparams{'ccdname'}='';
+ $cgiparams{'ccdsubnet'}='';
}
if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) {
- &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'},$cgiparams{'DOVPN_SUBNET'});
+ &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'});
}
if ($errormessage) {
&Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
&Header::closebox();
}
&Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
+ if ( -e "/var/run/openvpn.pid"){
+ print "<b>$Lang::tr{'attention'}:</b><br>";
+ print "$Lang::tr{'ccd noaddnet'}<br><hr>";
+ }
+
print <<END
<table width='100%' border='0' cellpadding='0' cellspacing='1'>
<tr>
&General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
my @ccdconf=();
my $count=0;
- foreach my $key (keys %ccdconfhash) {
+ foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
@ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
$count++;
my $ccdhosts = &hostsinnet($ccdconf[0]);
$cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0];
$cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1];
$cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
- $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
+ $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
$cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
$cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6];
$cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
$cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
$cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22];
$cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23];
- $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24];
+ $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24];
$cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25];
- $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
+ $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
$cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27];
$cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28];
- $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29];
+ $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29];
$cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30];
$cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31];
- $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32];
- my $name=$cgiparams{'CHECK1'} ;
+ $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32];
+ $name=$cgiparams{'CHECK1'} ;
$cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33];
$cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34];
$cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35];
$cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36];
$cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37];
- $cgiparams{'PMTU_DISCOVERY'} = $confighash{$cgiparams{'KEY'}}[38];
+ $cgiparams{'PMTU_DISCOVERY'} = $confighash{$cgiparams{'KEY'}}[38];
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
#A.Marx CCD check iroute field and convert it to decimal
-
+if ($cgiparams{'TYPE'} eq 'host') {
my @temp=();
my %ccdroutehash=();
my $keypoint=0;
+ my $ip;
+ my $cidr;
if ($cgiparams{'IR'} ne ''){
@temp = split("\n",$cgiparams{'IR'});
&General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
foreach $val (@temp){
chomp($val);
$val=~s/\s*$//g;
- my($ip,$cidr) = split(/\//,$val);
- $cidr=&General::iporsubtodec($cidr);
-
- #check if iroute exists in ccdroute
+ #check if iroute exists in ccdroute or if new iroute is part of an existing one
foreach my $key (keys %ccdroutehash) {
foreach my $oldiroute ( 1 .. $#{$ccdroutehash{$key}}){
- if ($ccdroutehash{$key}[$oldiroute] eq "$ip/$cidr") {
- $errormessage=$Lang::tr{'ccd err irouteexist'};
- goto VPNCONF_ERROR;
- }
+ if ($ccdroutehash{$key}[$oldiroute] eq "$val") {
+ $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
+ goto VPNCONF_ERROR;
+ }
+ my ($ip1,$cidr1) = split (/\//, $val);
+ my ($ip2,$cidr2) = split (/\//, $ccdroutehash{$key}[$oldiroute]);
+ if (&General::IpInSubnet ($ip1,$ip2,$cidr2)){
+ $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
+ goto VPNCONF_ERROR;
+ }
+
}
}
+ if (!&General::validipandmask($val)){
+ $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
+ goto VPNCONF_ERROR;
+ }else{
+ ($ip,$cidr) = split(/\//,$val);
+ $ip=&General::getnetworkip($ip,&General::iporsubtocidr($cidr));
+ $cidr=&General::iporsubtodec($cidr);
+ $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
+
+ }
#check for existing network IP's
- if ((&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0')||
- (&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0')||
- (&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '')||
- (&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' )){
- $errormessage="$ip USED FOR SYSTEM!";
+ if (&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0')
+ {
+ $errormessage=$Lang::tr{'ccd err green'};
+ goto VPNCONF_ERROR;
+ }elsif(&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0')
+ {
+ $errormessage=$Lang::tr{'ccd err red'};
+ goto VPNCONF_ERROR;
+ }elsif(&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '')
+ {
+ $errormessage=$Lang::tr{'ccd err blue'};
+ goto VPNCONF_ERROR;
+ }elsif(&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' )
+ {
+ $errormessage=$Lang::tr{'ccd err orange'};
goto VPNCONF_ERROR;
}
-
-
-
+
if (&General::validipandmask($val)){
$ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
}else{
}
undef @temp;
#check route field and convert it to decimal
-
my $val=0;
my $i=1;
-
&General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
- if($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} || $cgiparams{'IFROUTE'} eq '') {
- undef $cgiparams{'IFROUTE'};
- foreach my $key (keys %ccdroute2hash){
- if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) {
- delete $ccdroute2hash{$key};
- }
- }
- &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
- }else{
- #find key to use
- foreach my $key (keys %ccdroute2hash) {
- if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) {
- $keypoint=$key;
- delete $ccdroute2hash{$key};
- }else{
- $keypoint = &General::findhasharraykey (\%ccdroute2hash);
- &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
- &writeserverconf;
- }
+ #find key to use
+ foreach my $key (keys %ccdroute2hash) {
+ if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) {
+ $keypoint=$key;
+ delete $ccdroute2hash{$key};
+ }else{
+ $keypoint = &General::findhasharraykey (\%ccdroute2hash);
+ &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+ &writeserverconf;
}
- $ccdroute2hash{$keypoint}[0]=$cgiparams{'NAME'};
- @temp = split(/\|/,$cgiparams{'IFROUTE'});
- my %ownnet=();
- &General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
- foreach $val (@temp){
- chomp($val);
- $val=~s/\s*$//g;
- if ($val eq $Lang::tr{'green'})
- {
- $val=$ownnet{GREEN_NETADDRESS}."/".$ownnet{GREEN_NETMASK};
- }
- if ($val eq $Lang::tr{'blue'})
- {
- $val=$ownnet{BLUE_NETADDRESS}."/".$ownnet{BLUE_NETMASK};
- }
- if ($val eq $Lang::tr{'orange'})
- {
- $val=$ownnet{ORANGE_NETADDRESS}."/".$ownnet{ORANGE_NETMASK};
- }
- my ($ip,$cidr) = split (/\//, $val);
+ }
+ $ccdroute2hash{$keypoint}[0]=$cgiparams{'NAME'};
+ if ($cgiparams{'IFROUTE'} eq ''){$cgiparams{'IFROUTE'} = $Lang::tr{'ccd none'};}
+ @temp = split(/\|/,$cgiparams{'IFROUTE'});
+ my %ownnet=();
+ &General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
+ foreach $val (@temp){
+ chomp($val);
+ $val=~s/\s*$//g;
+ if ($val eq $Lang::tr{'green'})
+ {
+ $val=$ownnet{GREEN_NETADDRESS}."/".$ownnet{GREEN_NETMASK};
+ }
+ if ($val eq $Lang::tr{'blue'})
+ {
+ $val=$ownnet{BLUE_NETADDRESS}."/".$ownnet{BLUE_NETMASK};
+ }
+ if ($val eq $Lang::tr{'orange'})
+ {
+ $val=$ownnet{ORANGE_NETADDRESS}."/".$ownnet{ORANGE_NETMASK};
+ }
+ my ($ip,$cidr) = split (/\//, $val);
+
+ if ($val ne $Lang::tr{'ccd none'})
+ {
if (! &check_routes_push($val)){$errormessage=$errormessage."Route $val ".$Lang::tr{'ccd err routeovpn2'}." ($val)";goto VPNCONF_ERROR;}
if (! &check_ccdroute($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err inuse'}." ($val)" ;goto VPNCONF_ERROR;}
if (! &check_ccdconf($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err routeovpn'}." ($val)";goto VPNCONF_ERROR;}
$errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
goto VPNCONF_ERROR;
}
- $i++;
- }
- &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
- }
+ }else{
+ $ccdroute2hash{$keypoint}[$i]='';
+ }
+ $i++;
+ }
+ &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+
#check dns1 ip
if ($cgiparams{'CCD_DNS1'} ne '' && ! &General::validip($cgiparams{'CCD_DNS1'})) {
$errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 1";
$errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp wins'};
goto VPNCONF_ERROR;
}
-
+}
#CCD End
-
+
if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
$errormessage = $Lang::tr{'connection type is invalid'};
goto VPNCONF_ERROR;
}
- if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') && ($cgiparams{'MTU'} ne '1500')) {
- $errormessage = $Lang::tr{'ovpn mtu-disc and mtu not 1500'};
- unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
- rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
- goto VPNCONF_ERROR;
- }
-
if ($cgiparams{'PMTU_DISCOVERY'} ne 'off') {
if (($cgiparams{'FRAGMENT'} ne '') || ($cgiparams{'MSSFIX'} eq 'on')) {
$errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'};
}
}
+ if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') && ($cgiparams{'MTU'} ne '1500')) {
+ $errormessage = $Lang::tr{'ovpn mtu-disc and mtu not 1500'};
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ goto VPNCONF_ERROR;
+ }
+
if ( &validdotmask ($cgiparams{'LOCAL_SUBNET'})) {
$errormessage = $Lang::tr{'openvpn prefix local subnet'};
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
$confighash{$key}[6] = $cgiparams{'SIDE'};
$confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
}
- $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
+ $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
$confighash{$key}[10] = $cgiparams{'REMOTE'};
if ($cgiparams{'OVPN_MGMT'} eq '') {
$confighash{$key}[22] = $confighash{$key}[29];
$confighash{$key}[30] = $cgiparams{'COMPLZO'};
$confighash{$key}[31] = $cgiparams{'MTU'};
$confighash{$key}[32] = $cgiparams{'CHECK1'};
- my $name=$cgiparams{'CHECK1'};
+ $name=$cgiparams{'CHECK1'};
$confighash{$key}[33] = $cgiparams{$name};
$confighash{$key}[34] = $cgiparams{'RG'};
$confighash{$key}[35] = $cgiparams{'CCD_DNS1'};
$confighash{$key}[36] = $cgiparams{'CCD_DNS2'};
$confighash{$key}[37] = $cgiparams{'CCD_WINS'};
- $confighash{$key}[38] = $cgiparams{'PMTU_DISCOVERY'};
+ $confighash{$key}[38] = $cgiparams{'PMTU_DISCOVERY'};
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
my ($ccdip,$ccdsub)=split "/",$cgiparams{$name};
my ($a,$b,$c,$d) = split (/\./,$ccdip);
- if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";}
+ if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){
+ unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";
+ }
open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!";
print CCDRWCONF "# OpenVPN Clientconfig from CCD extension by Copymaster#\n\n";
if($cgiparams{'CHECK1'} eq 'dynamic'){
print CCDRWCONF "\n#Redirect Gateway: \n#All IP traffic is redirected through the vpn \n";
print CCDRWCONF "push redirect-gateway\n";
}
+ &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
if ($cgiparams{'IR'} ne ''){
print CCDRWCONF "\n#Client routes these Networks (behind Client)\n";
foreach my $key (keys %ccdroutehash){
}
}
}
+ if ($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} ){$cgiparams{'IFROUTE'}='';}
if ($cgiparams{'IFROUTE'} ne ''){
print CCDRWCONF "\n#Client gets routes to these Networks (behind IPFIRE)\n";
foreach my $key (keys %ccdroute2hash){
if($ccdroute2hash{$key}[$i] eq $Lang::tr{'blue'}){
my %blue=();
&General::readhash("${General::swroot}/ethernet/settings", \%blue);
- print CCDRWCONF "push \"route $blue{BLUE_ADDRESS} $blue{BLUE_NETMASK}\n";
+ print CCDRWCONF "push \"route $blue{BLUE_ADDRESS} $blue{BLUE_NETMASK}\n";
}elsif($ccdroute2hash{$key}[$i] eq $Lang::tr{'orange'}){
my %orange=();
&General::readhash("${General::swroot}/ethernet/settings", \%orange);
<tr>
<td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td>
- <td colspan='2'>
+ <td colspan='3'>
<input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}
<input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}
<input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'}
if (! -z "${General::swroot}/ovpn/ccd.conf"){
print"<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td width='1%'></td><td width='30%' class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td width='15%' class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' align='center' width='18%'><b>$Lang::tr{'ccd clientip'}</td></tr>";
- foreach my $key (keys %ccdconfhash) {
+ foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
$count++;
@ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
if ($count % 2){print"<tr bgcolor='$color{'color22'}'>";}else{print"<tr bgcolor='$color{'color20'}'>";}
<tr><td colspan='4'><br></td></tr>
<tr><td valign='top' rowspan='3'>$Lang::tr{'ccd iroute2'}</td><td align='left' valign='top' rowspan='3'><select name='IFROUTE' style="width: 205px"; size='6' multiple>
END
-
+
+ my $set=0;
+ my $selorange=0;
+ my $selblue=0;
+ my $selgreen=0;
+ my $helpblue=0;
+ my $helporange=0;
+ my $other=0;
+ my $none=0;
+ my @temp=();
+
our @current = ();
- open(FILE, "${General::swroot}/main/routing") ;
- @current = <FILE>;
- close (FILE);
- &General::readhasharray ("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
- my $set=0;
- my $selorange=0;
- my $selblue=0;
- my $helpblue=0;
- my $helporange=0;
+ open(FILE, "${General::swroot}/main/routing") ;
+ @current = <FILE>;
+ close (FILE);
+ &General::readhasharray ("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+ #check for "none"
+ foreach my $key (keys %ccdroute2hash) {
+ if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
+ if ($ccdroute2hash{$key}[1] eq ''){
+ $none=1;
+ last;
+ }
+ }
+ }
+ if ($none ne '1'){
print"<option>$Lang::tr{'ccd none'}</option>";
- print"<option selected>$Lang::tr{'green'}</option>";
-
- foreach my $line (@current) {
- chomp($line); # remove newline
- my @temp=split(/\,/,$line);
- $temp[1] = '' unless defined $temp[1]; # not always populated
- my ($a,$b) = split(/\//,$temp[1]);
- $temp[1] = $a."/".&General::iporsubtocidr($b);
- foreach my $key (keys %ccdroute2hash) {
- if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
- foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
-
- if($ccdroute2hash{$key}[$i] eq $a."/".&General::iporsubtodec($b)){
- $set=1;
- }
- if (&haveBlueNet()){
- if($netsettings{'BLUE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'BLUE_NETMASK'}) eq $ccdroute2hash{$key}[$i]) {
- $selblue=1;
-
- }
- }
- if (&haveOrangeNet()){
- if($netsettings{'ORANGE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'ORANGE_NETMASK'}) eq $ccdroute2hash{$key}[$i]) {
- $selorange=1;
- }
- }
- }
+ }else{
+ print"<option selected>$Lang::tr{'ccd none'}</option>";
+ }
+ #check if static routes are defined for client
+ foreach my $line (@current) {
+ chomp($line);
+ $line=~s/\s*$//g; # remove newline
+ @temp=split(/\,/,$line);
+ $temp[1] = '' unless defined $temp[1]; # not always populated
+ my ($a,$b) = split(/\//,$temp[1]);
+ $temp[1] = $a."/".&General::iporsubtocidr($b);
+ foreach my $key (keys %ccdroute2hash) {
+ if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
+ foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
+ if($ccdroute2hash{$key}[$i] eq $a."/".&General::iporsubtodec($b)){
+ $set=1;
}
}
- if ($set == '1'){ print"<option selected>$temp[1]</option>";$set=0;}else{print"<option>$temp[1]</option>";}
- if (&haveBlueNet() && $selblue == '1'){ print"<option selected>$Lang::tr{'blue'}</option>";$selblue=0;}elsif(&haveBlueNet() && $selblue == '0'){print"<option>$Lang::tr{'blue'}</option>";}
- if (&haveOrangeNet() && $selorange == '1'){ print"<option selected>$Lang::tr{'orange'}</option>";$selorange=0;}elsif(&haveOrangeNet() && $selorange == '0'){print"<option>$Lang::tr{'orange'}</option>";}
}
+ }
+ if ($set == '1' && $#temp != -1){ print"<option selected>$temp[1]</option>";$set=0;}elsif($set == '0' && $#temp != -1){print"<option>$temp[1]</option>";}
+ }
+ #check if green,blue,orange are defined for client
+ foreach my $key (keys %ccdroute2hash) {
+ if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
+ $other=1;
+ foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
+ if ($ccdroute2hash{$key}[$i] eq $netsettings{'GREEN_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'GREEN_NETMASK'})){
+ $selgreen=1;
+ }
+ if (&haveBlueNet()){
+ if( $ccdroute2hash{$key}[$i] eq $netsettings{'BLUE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'BLUE_NETMASK'})) {
+ $selblue=1;
+ }
+ }
+ if (&haveOrangeNet()){
+ if( $ccdroute2hash{$key}[$i] eq $netsettings{'ORANGE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'ORANGE_NETMASK'}) ) {
+ $selorange=1;
+ }
+ }
+ }
+ }
+ }
+ if (&haveBlueNet() && $selblue == '1'){ print"<option selected>$Lang::tr{'blue'}</option>";$selblue=0;}elsif(&haveBlueNet() && $selblue == '0'){print"<option>$Lang::tr{'blue'}</option>";}
+ if (&haveOrangeNet() && $selorange == '1'){ print"<option selected>$Lang::tr{'orange'}</option>";$selorange=0;}elsif(&haveOrangeNet() && $selorange == '0'){print"<option>$Lang::tr{'orange'}</option>";}
+ if ($selgreen == '1' || $other == '0'){ print"<option selected>$Lang::tr{'green'}</option>";$set=0;}else{print"<option>$Lang::tr{'green'}</option>";};
+
print<<END
</select></td><td valign='top'>DNS1:</td><td valign='top'><input type='TEXT' name='CCD_DNS1' value='$cgiparams{'CCD_DNS1'}' size='30' /></td></tr>
<tr valign='top'><td>DNS2:</td><td><input type='TEXT' name='CCD_DNS2' value='$cgiparams{'CCD_DNS2'}' size='30' /></td></tr>