]> git.ipfire.org Git - ipfire-2.x.git/blame - html/cgi-bin/ovpnmain.cgi
projects / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
openvpn-2fa: Enable management socket for RW server
[ipfire-2.x.git] / html / cgi-bin / ovpnmain.cgi
CommitLineData
6e13d0a5 1#!/usr/bin/perl
70df8302
MT		 2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
49abe7af 5# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
70df8302
MT		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
54fd0535 21###
f527e53f 22# Based on IPFireCore 77
54fd0535 23###
6e13d0a5
MT		 24use CGI;
25use CGI qw/:standard/;
c63a54f0
MT		 26use Imager::QRCode;
27use MIME::Base32;
28use MIME::Base64;
6e13d0a5 29use Net::DNS;
ce9abb66 30use Net::Ping;
54fd0535 31use Net::Telnet;
6e13d0a5
MT		 32use File::Copy;
33use File::Temp qw/ tempfile tempdir /;
34use strict;
35use Archive::Zip qw(:ERROR_CODES :CONSTANTS);
eff2dbf8 36use Sort::Naturally;
6e13d0a5 37require '/var/ipfire/general-functions.pl';
6e13d0a5
MT		 38require "${General::swroot}/lang.pl";
39require "${General::swroot}/header.pl";
40require "${General::swroot}/countries.pl";
e2e270e1 41require "${General::swroot}/location-functions.pl";
6e13d0a5
MT		 42
43# enable only the following on debugging purpose
2050be20
MT		 44#use warnings;
45#use CGI::Carp 'fatalsToBrowser';
46
6e13d0a5 47#workaround to suppress a warning when a variable is used only once
8c877a82 48my @dummy = ( ${Header::colourgreen}, ${Header::colourblue} );
6e13d0a5
MT		 49undef (@dummy);
50
f2fdd0c1
CS		 51my %color = ();
52my %mainsettings = ();
53&General::readhash("${General::swroot}/main/settings", \%mainsettings);
8186b372 54&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
6e13d0a5
MT		 55
56###
57### Initialize variables
58###
e81be1e1
AM		 59my %ccdconfhash=();
60my %ccdroutehash=();
61my %ccdroute2hash=();
6e13d0a5
MT		 62my %netsettings=();
63my %cgiparams=();
64my %vpnsettings=();
65my %checked=();
66my %confighash=();
67my %cahash=();
68my %selected=();
69my $warnmessage = '';
70my $errormessage = '';
400c8afd
EK		 71my $cryptoerror = '';
72my $cryptowarning = '';
6e13d0a5 73my %settings=();
54fd0535 74my $routes_push_file = '';
df9b48b7
AM		 75my $confighost="${General::swroot}/fwhosts/customhosts";
76my $configgrp="${General::swroot}/fwhosts/customgroups";
77my $customnet="${General::swroot}/fwhosts/customnetworks";
78my $name;
99bfa85c 79my $col="";
ffbe77c8
EK		 80my $local_serverconf = "${General::swroot}/ovpn/scripts/server.conf.local";
81my $local_clientconf = "${General::swroot}/ovpn/scripts/client.conf.local";
82
6e13d0a5
MT		 83&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
84$cgiparams{'ENABLED'} = 'off';
85$cgiparams{'ENABLED_BLUE'} = 'off';
86$cgiparams{'ENABLED_ORANGE'} = 'off';
87$cgiparams{'EDIT_ADVANCED'} = 'off';
88$cgiparams{'NAT'} = 'off';
89$cgiparams{'COMPRESSION'} = 'off';
90$cgiparams{'ONLY_PROPOSED'} = 'off';
91$cgiparams{'ACTION'} = '';
92$cgiparams{'CA_NAME'} = '';
4c962356
EK		 93$cgiparams{'DH_NAME'} = 'dh1024.pem';
94$cgiparams{'DHLENGHT'} = '';
6e13d0a5
MT		 95$cgiparams{'DHCP_DOMAIN'} = '';
96$cgiparams{'DHCP_DNS'} = '';
97$cgiparams{'DHCP_WINS'} = '';
54fd0535 98$cgiparams{'ROUTES_PUSH'} = '';
6e13d0a5 99$cgiparams{'DCOMPLZO'} = 'off';
a79fa1d6 100$cgiparams{'MSSFIX'} = '';
8c877a82 101$cgiparams{'number'} = '';
4c962356 102$cgiparams{'DCIPHER'} = '';
49abe7af
EK		 103$cgiparams{'DAUTH'} = '';
104$cgiparams{'TLSAUTH'} = '';
54fd0535 105$routes_push_file = "${General::swroot}/ovpn/routes_push";
400c8afd
EK		 106# Perform crypto and configration test
107&pkiconfigcheck;
ffbe77c8
EK		 108
109# Add CCD files if not already presant
110unless (-e $routes_push_file) {
111 open(RPF, ">$routes_push_file");
112 close(RPF);
113}
114unless (-e "${General::swroot}/ovpn/ccd.conf") {
115 open(CCDC, ">${General::swroot}/ovpn/ccd.conf");
116 close (CCDC);
117}
118unless (-e "${General::swroot}/ovpn/ccdroute") {
119 open(CCDR, ">${General::swroot}/ovpn/ccdroute");
120 close (CCDR);
121}
122unless (-e "${General::swroot}/ovpn/ccdroute2") {
123 open(CCDRT, ">${General::swroot}/ovpn/ccdroute2");
124 close (CCDRT);
125}
126# Add additional configs if not already presant
127unless (-e "$local_serverconf") {
128 open(LSC, ">$local_serverconf");
129 close (LSC);
130}
131unless (-e "$local_clientconf") {
132 open(LCC, ">$local_clientconf");
133 close (LCC);
134}
ce9abb66 135
6e13d0a5
MT		 136&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
137
138# prepare openvpn config file
139###
140### Useful functions
141###
c6c9630e
MT		 142sub haveOrangeNet
143{
13211b21
CS		 144 if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;}
145 if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
c6c9630e
MT		 146 return 0;
147}
148
149sub haveBlueNet
150{
13211b21 151 if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;}
c6c9630e 152 if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
c6c9630e
MT		 153 return 0;
154}
155
156sub sizeformat{
157 my $bytesize = shift;
158 my $i = 0;
159
160 while(abs($bytesize) >= 1024){
161 $bytesize=$bytesize/1024;
162 $i++;
163 last if($i==6);
164 }
165
166 my @units = ("Bytes","KB","MB","GB","TB","PB","EB");
167 my $newsize=(int($bytesize*100 +0.5))/100;
168 return("$newsize $units[$i]");
169}
170
c6c9630e
MT		 171sub cleanssldatabase
172{
173 if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
174 print FILE "01";
175 close FILE;
176 }
177 if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt")) {
178 print FILE "";
179 close FILE;
180 }
e6f7f8e7
EK		 181 if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt.attr")) {
182 print FILE "";
183 close FILE;
184 }
c6c9630e 185 unlink ("${General::swroot}/ovpn/certs/index.txt.old");
e6f7f8e7 186 unlink ("${General::swroot}/ovpn/certs/index.txt.attr.old");
c6c9630e
MT		 187 unlink ("${General::swroot}/ovpn/certs/serial.old");
188 unlink ("${General::swroot}/ovpn/certs/01.pem");
189}
190
191sub newcleanssldatabase
192{
193 if (! -s "${General::swroot}/ovpn/certs/serial" ) {
194 open(FILE, ">${General::swroot}(ovpn/certs/serial");
195 print FILE "01";
196 close FILE;
197 }
198 if (! -s ">${General::swroot}/ovpn/certs/index.txt") {
2feacd98 199 &General::system("touch", "${General::swroot}/ovpn/certs/index.txt");
c6c9630e 200 }
e6f7f8e7 201 if (! -s ">${General::swroot}/ovpn/certs/index.txt.attr") {
2feacd98 202 &General::system("touch", "${General::swroot}/ovpn/certs/index.txt.attr");
e6f7f8e7 203 }
c6c9630e 204 unlink ("${General::swroot}/ovpn/certs/index.txt.old");
e6f7f8e7 205 unlink ("${General::swroot}/ovpn/certs/index.txt.attr.old");
c6c9630e
MT		 206 unlink ("${General::swroot}/ovpn/certs/serial.old");
207}
208
209sub deletebackupcert
210{
211 if (open(FILE, "${General::swroot}/ovpn/certs/serial.old")) {
212 my $hexvalue = <FILE>;
213 chomp $hexvalue;
214 close FILE;
215 unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem");
216 }
217}
4c962356 218
400c8afd
EK		 219###
220### Check for PKI and configure problems
221###
222
223sub pkiconfigcheck
224{
225 # Warning if DH parameter is 1024 bit
226 if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
2feacd98 227 my @dhparameter = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
f5604080 228 my $dhbit;
2feacd98 229
f5604080 230 # Loop through the output and search for the DH bit lenght.
2feacd98 231 foreach my $line (@dhparameter) {
f5604080
SS		 232 if ($line =~ (/(\d+)/)) {
233 # Assign match to dhbit value.
234 $dhbit = $1;
235
236 last;
2feacd98 237 }
400c8afd 238 }
f5604080
SS		 239
240 # Check if the used key lenght is at least 2048 bit.
241 if ($dhbit < 2048) {
242 $cryptoerror = "$Lang::tr{'ovpn error dh'}";
243 goto CRYPTO_ERROR;
244 }
400c8afd
EK		 245 }
246
247 # Warning if md5 is in usage
248 if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
2feacd98
SS		 249 my @signature = &General::system_output("/usr/bin/openssl", "x509", "-noout", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
250 if (grep(/md5WithRSAEncryption/, @signature) ) {
400c8afd
EK		 251 $cryptoerror = "$Lang::tr{'ovpn error md5'}";
252 goto CRYPTO_ERROR;
253 }
254 }
255
256 CRYPTO_ERROR:
257
258 # Warning if certificate is not compliant to RFC3280 TLS rules
259 if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
2feacd98
SS		 260 my @extendkeyusage = &General::system_output("/usr/bin/openssl", "x509", "-noout", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
261 if ( ! grep(/TLS Web Server Authentication/, @extendkeyusage)) {
400c8afd
EK		 262 $cryptowarning = "$Lang::tr{'ovpn warning rfc3280'}";
263 goto CRYPTO_WARNING;
264 }
265 }
266
267 CRYPTO_WARNING:
268}
269
c6c9630e 270sub writeserverconf {
66c36198
PM		 271 my %sovpnsettings = ();
272 my @temp = ();
c6c9630e 273 &General::readhash("${General::swroot}/ovpn/settings", \%sovpnsettings);
54fd0535 274 &read_routepushfile;
66c36198 275
c6c9630e
MT		 276 open(CONF, ">${General::swroot}/ovpn/server.conf") or die "Unable to open ${General::swroot}/ovpn/server.conf: $!";
277 flock CONF, 2;
278 print CONF "#OpenVPN Server conf\n";
279 print CONF "\n";
280 print CONF "daemon openvpnserver\n";
281 print CONF "writepid /var/run/openvpn.pid\n";
afabe9f7 282 print CONF "#DAN prepare OpenVPN for listening on blue and orange\n";
c6c9630e 283 print CONF ";local $sovpnsettings{'VPN_IP'}\n";
79e7688b 284 print CONF "dev tun\n";
c6c9630e
MT		 285 print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
286 print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
a4fd2325 287 print CONF "script-security 3\n";
07675dc3 288 print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n";
6140e7e0 289 print CONF "client-config-dir /var/ipfire/ovpn/ccd\n";
c6c9630e 290 print CONF "tls-server\n";
4c962356
EK		 291 print CONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
292 print CONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
293 print CONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
49abe7af 294 print CONF "dh ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}\n";
c6c9630e
MT		 295 my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'});
296 print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n";
8c877a82 297 #print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
4c962356 298
d6989b4b 299 print CONF "tun-mtu $sovpnsettings{'DMTU'}\n";
2ee746be 300
54fd0535 301 if ($vpnsettings{'ROUTES_PUSH'} ne '') {
8c877a82
AM		 302 @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'});
303 foreach (@temp)
304 {
305 @tempovpnsubnet = split("\/",&General::ipcidr2msk($_));
306 print CONF "push \"route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . "\"\n";
307 }
54fd0535 308 }
8c877a82
AM		 309# a.marx ccd
310 my %ccdconfhash=();
311 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
312 foreach my $key (keys %ccdconfhash) {
313 my $a=$ccdconfhash{$key}[1];
314 my ($b,$c) = split (/\//, $a);
315 print CONF "route $b ".&General::cidrtosub($c)."\n";
316 }
317 my %ccdroutehash=();
318 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
319 foreach my $key (keys %ccdroutehash) {
320 foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
321 my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]);
322 print CONF "route $a $b\n";
323 }
324 }
325# ccd end
54fd0535 326
8c877a82 327 if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
c6c9630e
MT		 328 print CONF "client-to-client\n";
329 }
1de5c945 330 if ($sovpnsettings{MSSFIX} eq 'on') {
4c962356 331 print CONF "mssfix\n";
d6989b4b
MT		 332 } else {
333 print CONF "mssfix 0\n";
1de5c945
EK		 334 }
335 if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') {
4c962356 336 print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
a79fa1d6 337 }
2ee746be 338
66c36198 339 if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {
c6c9630e 340 print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
66c36198 341 }
c6c9630e 342 print CONF "status-version 1\n";
87fe47e9 343 print CONF "status /var/run/ovpnserver.log 30\n";
a4fd2325 344 print CONF "ncp-disable\n";
c6c9630e 345 print CONF "cipher $sovpnsettings{DCIPHER}\n";
49abe7af 346 print CONF "auth $sovpnsettings{'DAUTH'}\n";
942446b5
EK		 347 # Set TLSv2 as minimum
348 print CONF "tls-version-min 1.2\n";
86308adb 349
49abe7af 350 if ($sovpnsettings{'TLSAUTH'} eq 'on') {
4be45949 351 print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n";
49abe7af 352 }
c6c9630e
MT		 353 if ($sovpnsettings{DCOMPLZO} eq 'on') {
354 print CONF "comp-lzo\n";
355 }
356 if ($sovpnsettings{REDIRECT_GW_DEF1} eq 'on') {
357 print CONF "push \"redirect-gateway def1\"\n";
358 }
359 if ($sovpnsettings{DHCP_DOMAIN} ne '') {
360 print CONF "push \"dhcp-option DOMAIN $sovpnsettings{DHCP_DOMAIN}\"\n";
361 }
362
363 if ($sovpnsettings{DHCP_DNS} ne '') {
364 print CONF "push \"dhcp-option DNS $sovpnsettings{DHCP_DNS}\"\n";
365 }
366
367 if ($sovpnsettings{DHCP_WINS} ne '') {
368 print CONF "push \"dhcp-option WINS $sovpnsettings{DHCP_WINS}\"\n";
369 }
66c36198 370
fa527476 371 if ($sovpnsettings{MAX_CLIENTS} eq '') {
c6c9630e 372 print CONF "max-clients 100\n";
a79fa1d6 373 }
fa527476 374 if ($sovpnsettings{MAX_CLIENTS} ne '') {
c6c9630e 375 print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n";
66c36198 376 }
1d0a260a 377 print CONF "tls-verify /usr/lib/openvpn/verify\n";
c6c9630e 378 print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n";
e1e10515
TE		 379 print CONF "auth-user-pass-optional\n";
380 print CONF "reneg-sec 86400\n";
c6c9630e
MT		 381 print CONF "user nobody\n";
382 print CONF "group nobody\n";
383 print CONF "persist-key\n";
384 print CONF "persist-tun\n";
385 if ($sovpnsettings{LOG_VERB} ne '') {
386 print CONF "verb $sovpnsettings{LOG_VERB}\n";
387 } else {
388 print CONF "verb 3\n";
ffbe77c8 389 }
708f2b73
MT		 390
391 print CONF "# Log clients connecting/disconnecting\n";
392 print CONF "client-connect \"/usr/sbin/openvpn-metrics client-connect\"\n";
393 print CONF "client-disconnect \"/usr/sbin/openvpn-metrics client-disconnect\"\n";
5111dc3d
MT		 394 print CONF "\n";
395
396 print CONF "# Enable Management Socket\n";
397 print CONF "management /var/run/openvpn.sock unix\n";
398 print CONF "management-client-auth\n";
708f2b73 399
ffbe77c8
EK		 400 # Print server.conf.local if entries exist to server.conf
401 if ( !-z $local_serverconf && $sovpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') {
402 open (LSC, "$local_serverconf");
403 print CONF "\n#---------------------------\n";
404 print CONF "# Start of custom directives\n";
405 print CONF "# from server.conf.local\n";
406 print CONF "#---------------------------\n\n";
407 while (<LSC>) {
408 print CONF $_;
409 }
410 print CONF "\n#-----------------------------\n";
411 print CONF "# End of custom directives\n";
412 print CONF "#-----------------------------\n";
413 close (LSC);
414 }
c6c9630e 415 print CONF "\n";
66c36198 416
c6c9630e 417 close(CONF);
66c36198 418}
8c877a82 419
c6c9630e 420sub emptyserverlog{
87fe47e9 421 if (open(FILE, ">/var/run/ovpnserver.log")) {
c6c9630e
MT		 422 flock FILE, 2;
423 print FILE "";
424 close FILE;
425 }
426
427}
428
66c36198 429sub delccdnet
8c877a82
AM		 430{
431 my %ccdconfhash = ();
432 my %ccdhash = ();
433 my $ccdnetname=$_[0];
434 if (-f "${General::swroot}/ovpn/ovpnconfig"){
435 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
436 foreach my $key (keys %ccdhash) {
437 if ($ccdhash{$key}[32] eq $ccdnetname) {
438 $errormessage=$Lang::tr{'ccd err hostinnet'};
439 return;
440 }
441 }
442 }
443 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
444 foreach my $key (keys %ccdconfhash) {
445 if ($ccdconfhash{$key}[0] eq $ccdnetname){
446 delete $ccdconfhash{$key};
447 }
448 }
449 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
66c36198 450
8c877a82
AM		 451 &writeserverconf;
452 return 0;
453}
454
455sub addccdnet
456{
457 my %ccdconfhash=();
458 my @ccdconf=();
459 my $ccdname=$_[0];
460 my $ccdnet=$_[1];
8c877a82
AM		 461 my $subcidr;
462 my @ip2=();
463 my $checkup;
464 my $ccdip;
465 my $baseaddress;
66c36198
PM		 466
467
468 #check name
469 if ($ccdname eq '')
290007b3
AM		 470 {
471 $errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>";
472 return
473 }
66c36198 474
290007b3
AM		 475 if(!&General::validhostname($ccdname))
476 {
8c877a82
AM		 477 $errormessage=$Lang::tr{'ccd err invalidname'};
478 return;
479 }
66c36198 480
290007b3
AM		 481 ($ccdip,$subcidr) = split (/\//,$ccdnet);
482 $subcidr=&General::iporsubtocidr($subcidr);
483 #check subnet
484 if ($subcidr > 30)
485 {
8c877a82
AM		 486 $errormessage=$Lang::tr{'ccd err invalidnet'};
487 return;
488 }
290007b3
AM		 489 #check ip
490 if (!&General::validipandmask($ccdnet)){
491 $errormessage=$Lang::tr{'ccd err invalidnet'};
492 return;
8c877a82 493 }
b6c60092 494
8c877a82
AM		 495 if (!$errormessage) {
496 my %ccdconfhash=();
497 $baseaddress=&General::getnetworkip($ccdip,$subcidr);
498 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
499 my $key = &General::findhasharraykey (\%ccdconfhash);
500 foreach my $i (0 .. 1) { $ccdconfhash{$key}[$i] = "";}
501 $ccdconfhash{$key}[0] = $ccdname;
502 $ccdconfhash{$key}[1] = $baseaddress."/".$subcidr;
503 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
504 &writeserverconf;
505 $cgiparams{'ccdname'}='';
506 $cgiparams{'ccdsubnet'}='';
507 return 1;
508 }
509}
510
511sub modccdnet
512{
66c36198 513
8c877a82
AM		 514 my $newname=$_[0];
515 my $oldname=$_[1];
516 my %ccdconfhash=();
517 my %ccdhash=();
7ad653cc
SS		 518
519 # Check if the new name is valid.
520 if(!&General::validhostname($newname)) {
521 $errormessage=$Lang::tr{'ccd err invalidname'};
522 return;
523 }
524
8c877a82
AM		 525 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
526 foreach my $key (keys %ccdconfhash) {
527 if ($ccdconfhash{$key}[0] eq $oldname) {
528 foreach my $key1 (keys %ccdconfhash) {
529 if ($ccdconfhash{$key1}[0] eq $newname){
530 $errormessage=$errormessage.$Lang::tr{'ccd err netadrexist'};
531 return;
532 }else{
533 $ccdconfhash{$key}[0]= $newname;
534 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
535 last;
536 }
537 }
538 }
539 }
66c36198 540
8c877a82
AM		 541 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
542 foreach my $key (keys %ccdhash) {
543 if ($ccdhash{$key}[32] eq $oldname) {
544 $ccdhash{$key}[32]=$newname;
545 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
546 last;
547 }
548 }
66c36198 549
8c877a82
AM		 550 return 0;
551}
552sub ccdmaxclients
553{
554 my $ccdnetwork=$_[0];
555 my @octets=();
556 my @subnet=();
557 @octets=split("\/",$ccdnetwork);
558 @subnet= split /\./, &General::cidrtosub($octets[1]);
559 my ($a,$b,$c,$d,$e);
560 $a=256-$subnet[0];
561 $b=256-$subnet[1];
562 $c=256-$subnet[2];
563 $d=256-$subnet[3];
564 $e=($a*$b*$c*$d)/4;
565 return $e-1;
566}
567
66c36198 568sub getccdadresses
8c877a82
AM		 569{
570 my $ipin=$_[0];
571 my ($ip1,$ip2,$ip3,$ip4)=split /\./, $ipin;
572 my $cidr=$_[1];
573 chomp($cidr);
574 my $count=$_[2];
575 my $hasip=$_[3];
576 chomp($hasip);
577 my @iprange=();
578 my %ccdhash=();
579 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
d9fe5693 580 $iprange[0]=$ip1.".".$ip2.".".$ip3.".".($ip4+2);
ac87f371 581 for (my $i=1;$i<=$count;$i++) {
8c877a82
AM		 582 my $tmpip=$iprange[$i-1];
583 my $stepper=$i*4;
584 $iprange[$i]= &General::getnextip($tmpip,4);
585 }
586 my $r=0;
587 foreach my $key (keys %ccdhash) {
588 $r=0;
589 foreach my $tmp (@iprange){
590 my ($net,$sub) = split (/\//,$ccdhash{$key}[33]);
591 if ($net eq $tmp) {
592 if ( $hasip ne $ccdhash{$key}[33] ){
593 splice (@iprange,$r,1);
594 }
595 }
596 $r++;
597 }
598 }
599 return @iprange;
600}
601
602sub fillselectbox
603{
604 my $boxname=$_[1];
66c36198 605 my ($ccdip,$subcidr) = split("/",$_[0]);
8c877a82
AM		 606 my $tz=$_[2];
607 my @allccdips=&getccdadresses($ccdip,$subcidr,&ccdmaxclients($ccdip."/".$subcidr),$tz);
608 print"<select name='$boxname' STYLE='font-family : arial; font-size : 9pt; width:130px;' >";
609 foreach (@allccdips) {
610 my $ip=$_."/30";
611 chomp($ip);
612 print "<option value='$ip' ";
613 if ( $ip eq $cgiparams{$boxname} ){
614 print"selected";
615 }
616 print ">$ip</option>";
617 }
618 print "</select>";
619}
620
621sub hostsinnet
622{
623 my $name=$_[0];
624 my %ccdhash=();
625 my $i=0;
626 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
627 foreach my $key (keys %ccdhash) {
628 if ($ccdhash{$key}[32] eq $name){ $i++;}
629 }
630 return $i;
631}
632
633sub check_routes_push
634{
635 my $val=$_[0];
636 my ($ip,$cidr) = split (/\//, $val);
637 ##check for existing routes in routes_push
638 if (-e "${General::swroot}/ovpn/routes_push") {
639 open(FILE,"${General::swroot}/ovpn/routes_push");
640 while (<FILE>) {
641 $_=~s/\s*$//g;
66c36198 642
8c877a82
AM		 643 my ($ip2,$cidr2) = split (/\//,"$_");
644 my $val2=$ip2."/".&General::iporsubtodec($cidr2);
66c36198 645
8c877a82
AM		 646 if($val eq $val2){
647 return 0;
648 }
649 #subnetcheck
650 if (&General::IpInSubnet ($ip,$ip2,&General::iporsubtodec($cidr2))){
651 return 0;
652 }
653 };
654 close(FILE);
655 }
656 return 1;
657}
658
659sub check_ccdroute
660{
661 my %ccdroutehash=();
662 my $val=$_[0];
663 my ($ip,$cidr) = split (/\//, $val);
664 #check for existing routes in ccdroute
665 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
666 foreach my $key (keys %ccdroutehash) {
667 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
668 if (&General::iporsubtodec($val) eq $ccdroutehash{$key}[$i] && $ccdroutehash{$key}[0] ne $cgiparams{'NAME'}){
669 return 0;
670 }
671 my ($ip2,$cidr2) = split (/\//,$ccdroutehash{$key}[$i]);
672 #subnetcheck
673 if (&General::IpInSubnet ($ip,$ip2,$cidr2)&& $ccdroutehash{$key}[0] ne $cgiparams{'NAME'} ){
674 return 0;
675 }
676 }
677 }
678 return 1;
679}
680sub check_ccdconf
681{
682 my %ccdconfhash=();
683 my $val=$_[0];
684 my ($ip,$cidr) = split (/\//, $val);
685 #check for existing routes in ccdroute
686 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
687 foreach my $key (keys %ccdconfhash) {
688 if (&General::iporsubtocidr($val) eq $ccdconfhash{$key}[1]){
689 return 0;
690 }
691 my ($ip2,$cidr2) = split (/\//,$ccdconfhash{$key}[1]);
692 #subnetcheck
693 if (&General::IpInSubnet ($ip,$ip2,&General::cidrtosub($cidr2))){
694 return 0;
695 }
66c36198 696
8c877a82
AM		 697 }
698 return 1;
699}
700
7c1d9faf
AH		 701###
702# m.a.d net2net
703###
704
705sub validdotmask
706{
707 my $ipdotmask = $_[0];
708 if (&General::validip($ipdotmask)) { return 0; }
709 if (!($ipdotmask =~ /^(.*?)\/(.*?)$/)) { }
710 my $mask = $2;
66c36198 711 if (($mask =~ /\./ )) { return 0; }
7c1d9faf
AH		 712 return 1;
713}
54fd0535
MT		 714
715# -------------------------------------------------------------------
716
717sub write_routepushfile
718{
719 open(FILE, ">$routes_push_file");
720 flock(FILE, 2);
721 if ($vpnsettings{'ROUTES_PUSH'} ne '') {
722 print FILE $vpnsettings{'ROUTES_PUSH'};
723 }
66c36198 724 close(FILE);
54fd0535
MT		 725}
726
727sub read_routepushfile
728{
729 if (-e "$routes_push_file") {
730 open(FILE,"$routes_push_file");
731 delete $vpnsettings{'ROUTES_PUSH'};
732 while (<FILE>) { $vpnsettings{'ROUTES_PUSH'} .= $_ };
733 close(FILE);
734 $cgiparams{'ROUTES_PUSH'} = $vpnsettings{'ROUTES_PUSH'};
66c36198 735
54fd0535
MT		 736 }
737}
7c1d9faf 738
775b4494
AM		 739sub writecollectdconf {
740 my $vpncollectd;
741 my %ccdhash=();
742
743 open(COLLECTDVPN, ">${General::swroot}/ovpn/collectd.vpn") or die "Unable to open collectd.vpn: $!";
744 print COLLECTDVPN "Loadplugin openvpn\n";
745 print COLLECTDVPN "\n";
746 print COLLECTDVPN "<Plugin openvpn>\n";
747 print COLLECTDVPN "Statusfile \"/var/run/ovpnserver.log\"\n";
748
749 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
750 foreach my $key (keys %ccdhash) {
751 if ($ccdhash{$key}[0] eq 'on' && $ccdhash{$key}[3] eq 'net') {
752 print COLLECTDVPN "Statusfile \"/var/run/openvpn/$ccdhash{$key}[1]-n2n\"\n";
753 }
754 }
755
756 print COLLECTDVPN "</Plugin>\n";
757 close(COLLECTDVPN);
758
759 # Reload collectd afterwards
2feacd98 760 &General::system("/usr/local/bin/collectdctrl", "restart");
775b4494 761}
7c1d9faf 762
c6c9630e
MT		 763#hier die refresh page
764if ( -e "${General::swroot}/ovpn/gencanow") {
765 my $refresh = '';
766 $refresh = "<meta http-equiv='refresh' content='15;' />";
767 &Header::showhttpheaders();
768 &Header::openpage($Lang::tr{'OVPN'}, 1, $refresh);
769 &Header::openbigbox('100%', 'center');
770 &Header::openbox('100%', 'left', "$Lang::tr{'generate root/host certificates'}:");
771 print "<tr>\n<td align='center'><img src='/images/clock.gif' alt='' /></td>\n";
772 print "<td colspan='2'><font color='red'>Please be patient this realy can take some time on older hardware...</font></td></tr>\n";
773 &Header::closebox();
774 &Header::closebigbox();
775 &Header::closepage();
776 exit (0);
777}
778##hier die refresh page
779
6e13d0a5
MT		 780
781###
782### OpenVPN Server Control
783###
784if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'} ||
785 $cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'} ||
786 $cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}) {
6e13d0a5
MT		 787 #start openvpn server
788 if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'}){
c6c9630e 789 &emptyserverlog();
2feacd98 790 &General::system("/usr/local/bin/openvpnctrl", "-s");
66c36198 791 }
6e13d0a5
MT		 792 #stop openvpn server
793 if ($cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'}){
2feacd98 794 &General::system("/usr/local/bin/openvpnctrl", "-k");
66c36198
PM		 795 &emptyserverlog();
796 }
6e13d0a5 797# #restart openvpn server
8c877a82 798# if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){
66c36198
PM		 799#workarund, till SIGHUP also works when running as nobody
800# system('/usr/local/bin/openvpnctrl', '-r');
801# &emptyserverlog();
802# }
6e13d0a5
MT		 803}
804
805###
806### Save Advanced options
807###
808
809if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
810 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
811 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
812 #DAN this value has to leave.
813#new settings for daemon
814 $vpnsettings{'LOG_VERB'} = $cgiparams{'LOG_VERB'};
815 $vpnsettings{'KEEPALIVE_1'} = $cgiparams{'KEEPALIVE_1'};
816 $vpnsettings{'KEEPALIVE_2'} = $cgiparams{'KEEPALIVE_2'};
817 $vpnsettings{'MAX_CLIENTS'} = $cgiparams{'MAX_CLIENTS'};
818 $vpnsettings{'REDIRECT_GW_DEF1'} = $cgiparams{'REDIRECT_GW_DEF1'};
819 $vpnsettings{'CLIENT2CLIENT'} = $cgiparams{'CLIENT2CLIENT'};
6a9d9ff4 820 $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
ffbe77c8 821 $vpnsettings{'ADDITIONAL_CONFIGS'} = $cgiparams{'ADDITIONAL_CONFIGS'};
6e13d0a5
MT		 822 $vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'};
823 $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
824 $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
54fd0535
MT		 825 $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
826 my @temp=();
66c36198 827
a79fa1d6
JPT		 828 if ($cgiparams{'FRAGMENT'} eq '') {
829 delete $vpnsettings{'FRAGMENT'};
830 } else {
66c36198 831 if ($cgiparams{'FRAGMENT'} !~ /^[0-9]+$/) {
a79fa1d6
JPT		 832 $errormessage = "Incorrect value, please insert only numbers.";
833 goto ADV_ERROR;
834 } else {
835 $vpnsettings{'FRAGMENT'} = $cgiparams{'FRAGMENT'};
836 }
837 }
49abe7af 838
a79fa1d6 839 if ($cgiparams{'MSSFIX'} ne 'on') {
1de5c945 840 delete $vpnsettings{'MSSFIX'};
a79fa1d6
JPT		 841 } else {
842 $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
843 }
2ee746be 844
6e13d0a5 845 if ($cgiparams{'DHCP_DOMAIN'} ne ''){
81da1b01 846 unless (&General::validdomainname($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
6e13d0a5
MT		 847 $errormessage = $Lang::tr{'invalid input for dhcp domain'};
848 goto ADV_ERROR;
849 }
850 }
851 if ($cgiparams{'DHCP_DNS'} ne ''){
852 unless (&General::validfqdn($cgiparams{'DHCP_DNS'}) || &General::validip($cgiparams{'DHCP_DNS'})) {
853 $errormessage = $Lang::tr{'invalid input for dhcp dns'};
854 goto ADV_ERROR;
855 }
856 }
857 if ($cgiparams{'DHCP_WINS'} ne ''){
858 unless (&General::validfqdn($cgiparams{'DHCP_WINS'}) || &General::validip($cgiparams{'DHCP_WINS'})) {
859 $errormessage = $Lang::tr{'invalid input for dhcp wins'};
54fd0535
MT		 860 goto ADV_ERROR;
861 }
862 }
863 if ($cgiparams{'ROUTES_PUSH'} ne ''){
864 @temp = split(/\n/,$cgiparams{'ROUTES_PUSH'});
865 undef $vpnsettings{'ROUTES_PUSH'};
66c36198 866
8c877a82 867 foreach my $tmpip (@temp)
54fd0535
MT		 868 {
869 s/^\s+//g; s/\s+$//g;
66c36198 870
8c877a82 871 if ($tmpip)
54fd0535 872 {
66c36198 873 $tmpip=~s/\s*$//g;
8c877a82
AM		 874 unless (&General::validipandmask($tmpip)) {
875 $errormessage = "$tmpip ".$Lang::tr{'ovpn errmsg invalid ip or mask'};
876 goto ADV_ERROR;
54fd0535 877 }
8c877a82 878 my ($ip, $cidr) = split("\/",&General::ipcidr2msk($tmpip));
66c36198 879
54fd0535
MT		 880 if ($ip eq $netsettings{'GREEN_NETADDRESS'} && $cidr eq $netsettings{'GREEN_NETMASK'}) {
881 $errormessage = $Lang::tr{'ovpn errmsg green already pushed'};
8c877a82
AM		 882 goto ADV_ERROR;
883 }
66c36198 884# a.marx ccd
8c877a82
AM		 885 my %ccdroutehash=();
886 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
887 foreach my $key (keys %ccdroutehash) {
66c36198 888 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
8c877a82
AM		 889 if ( $ip."/".$cidr eq $ccdroutehash{$key}[$i] ){
890 $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ;
891 goto ADV_ERROR;
892 }
893 my ($ip2,$cidr2) = split(/\//,$ccdroutehash{$key}[$i]);
894 if (&General::IpInSubnet ($ip,$ip2,$cidr2)){
895 $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ;
896 goto ADV_ERROR;
897 }
898 }
54fd0535 899 }
66c36198 900
8c877a82 901# ccd end
66c36198 902
8c877a82 903 $vpnsettings{'ROUTES_PUSH'} .= $tmpip."\n";
54fd0535 904 }
8c877a82
AM		 905 }
906 &write_routepushfile;
54fd0535 907 undef $vpnsettings{'ROUTES_PUSH'};
8e148dc3
NP		 908 }
909 else {
910 undef $vpnsettings{'ROUTES_PUSH'};
911 &write_routepushfile;
6e13d0a5 912 }
ba50f66d 913 if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 1024 )) {
6e13d0a5
MT		 914 $errormessage = $Lang::tr{'invalid input for max clients'};
915 goto ADV_ERROR;
916 }
917 if ($cgiparams{'KEEPALIVE_1'} ne '') {
66c36198 918 if ($cgiparams{'KEEPALIVE_1'} !~ /^[0-9]+$/) {
6e13d0a5
MT		 919 $errormessage = $Lang::tr{'invalid input for keepalive 1'};
920 goto ADV_ERROR;
921 }
922 }
923 if ($cgiparams{'KEEPALIVE_2'} ne ''){
66c36198 924 if ($cgiparams{'KEEPALIVE_2'} !~ /^[0-9]+$/) {
6e13d0a5
MT		 925 $errormessage = $Lang::tr{'invalid input for keepalive 2'};
926 goto ADV_ERROR;
927 }
928 }
929 if ($cgiparams{'KEEPALIVE_2'} < ($cgiparams{'KEEPALIVE_1'} * 2)){
930 $errormessage = $Lang::tr{'invalid input for keepalive 1:2'};
66c36198 931 goto ADV_ERROR;
6e13d0a5 932 }
6e13d0a5 933 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
c6c9630e 934 &writeserverconf();#hier ok
6e13d0a5
MT		 935}
936
ce9abb66 937###
7c1d9faf 938# m.a.d net2net
ce9abb66
AH		 939###
940
941if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'server')
942{
c6c9630e 943
ce9abb66
AH		 944my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
945my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'});
54fd0535 946my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
d96c89eb 947my $tunmtu = '';
531f0835
AH		 948
949unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
66c36198 950unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
ce9abb66
AH		 951
952 open(SERVERCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
66c36198 953
ce9abb66 954 flock SERVERCONF, 2;
66c36198
PM		 955 print SERVERCONF "# IPFire n2n Open VPN Server Config by ummeegge und m.a.d\n";
956 print SERVERCONF "\n";
b278daf3 957 print SERVERCONF "# User Security\n";
ce9abb66
AH		 958 print SERVERCONF "user nobody\n";
959 print SERVERCONF "group nobody\n";
960 print SERVERCONF "persist-tun\n";
961 print SERVERCONF "persist-key\n";
7c1d9faf 962 print SERVERCONF "script-security 2\n";
66c36198 963 print SERVERCONF "# IP/DNS for remote Server Gateway\n";
c125d8a2
SS		 964
965 if ($cgiparams{'REMOTE'} ne '') {
ce9abb66 966 print SERVERCONF "remote $cgiparams{'REMOTE'}\n";
c125d8a2
SS		 967 }
968
b278daf3 969 print SERVERCONF "float\n";
66c36198
PM		 970 print SERVERCONF "# IP adresses of the VPN Subnet\n";
971 print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n";
972 print SERVERCONF "# Client Gateway Network\n";
54fd0535 973 print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n";
2913185a 974 print SERVERCONF "up \"/etc/init.d/static-routes start\"\n";
66c36198
PM		 975 print SERVERCONF "# tun Device\n";
976 print SERVERCONF "dev tun\n";
5795fc1b
AM		 977 print SERVERCONF "#Logfile for statistics\n";
978 print SERVERCONF "status-version 1\n";
87fe47e9 979 print SERVERCONF "status /var/run/openvpn/$cgiparams{'NAME'}-n2n 10\n";
66c36198
PM		 980 print SERVERCONF "# Port and Protokol\n";
981 print SERVERCONF "port $cgiparams{'DEST_PORT'}\n";
5795fc1b 982
60f396d7 983 if ($cgiparams{'PROTOCOL'} eq 'tcp') {
1580d3b1 984 print SERVERCONF "proto tcp4-server\n";
60f396d7 985 print SERVERCONF "# Packet size\n";
d96c89eb 986 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
60f396d7 987 print SERVERCONF "tun-mtu $tunmtu\n";
d96c89eb 988 }
66c36198 989
60f396d7 990 if ($cgiparams{'PROTOCOL'} eq 'udp') {
1580d3b1 991 print SERVERCONF "proto udp4\n";
60f396d7
AH		 992 print SERVERCONF "# Paketsize\n";
993 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
994 print SERVERCONF "tun-mtu $tunmtu\n";
66c36198 995 if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";}
d6989b4b 996 if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; } else { print SERVERCONF "mssfix 0\n" };
d96c89eb 997 }
1647059d 998
66c36198
PM		 999 print SERVERCONF "# Auth. Server\n";
1000 print SERVERCONF "tls-server\n";
1001 print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
1002 print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
1003 print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
49abe7af 1004 print SERVERCONF "dh ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}\n";
66c36198 1005 print SERVERCONF "# Cipher\n";
4c962356 1006 print SERVERCONF "cipher $cgiparams{'DCIPHER'}\n";
52f61e49
EKD		 1007
1008 # If GCM cipher is used, do not use --auth
1009 if (($cgiparams{'DCIPHER'} eq 'AES-256-GCM') ||
1010 ($cgiparams{'DCIPHER'} eq 'AES-192-GCM') ||
1011 ($cgiparams{'DCIPHER'} eq 'AES-128-GCM')) {
1012 print SERVERCONF unless "# HMAC algorithm\n";
1013 print SERVERCONF unless "auth $cgiparams{'DAUTH'}\n";
49abe7af 1014 } else {
52f61e49
EKD		 1015 print SERVERCONF "# HMAC algorithm\n";
1016 print SERVERCONF "auth $cgiparams{'DAUTH'}\n";
49abe7af 1017 }
52f61e49 1018
942446b5
EK		 1019 # Set TLSv1.2 as minimum
1020 print SERVERCONF "tls-version-min 1.2\n";
1021
ce9abb66 1022 if ($cgiparams{'COMPLZO'} eq 'on') {
60f396d7 1023 print SERVERCONF "# Enable Compression\n";
66298ef2 1024 print SERVERCONF "comp-lzo\n";
b278daf3 1025 }
66c36198
PM		 1026 print SERVERCONF "# Debug Level\n";
1027 print SERVERCONF "verb 3\n";
1028 print SERVERCONF "# Tunnel check\n";
1029 print SERVERCONF "keepalive 10 60\n";
1030 print SERVERCONF "# Start as daemon\n";
1031 print SERVERCONF "daemon $cgiparams{'NAME'}n2n\n";
1032 print SERVERCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n";
1033 print SERVERCONF "# Activate Management Interface and Port\n";
54fd0535
MT		 1034 if ($cgiparams{'OVPN_MGMT'} eq '') {print SERVERCONF "management localhost $cgiparams{'DEST_PORT'}\n"}
1035 else {print SERVERCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"};
ce9abb66
AH		 1036 close(SERVERCONF);
1037
1038}
1039
1040###
7c1d9faf 1041# m.a.d net2net
ce9abb66 1042###
7c1d9faf 1043
ce9abb66
AH		 1044if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client')
1045{
4c962356 1046
ce9abb66 1047 my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'});
54fd0535 1048 my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
ce9abb66 1049 my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
d96c89eb 1050 my $tunmtu = '';
66c36198 1051
531f0835
AH		 1052unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
1053unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
66c36198 1054
ce9abb66 1055 open(CLIENTCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
66c36198 1056
ce9abb66 1057 flock CLIENTCONF, 2;
7c1d9faf 1058 print CLIENTCONF "# IPFire rewritten n2n Open VPN Client Config by ummeegge und m.a.d\n";
66c36198 1059 print CLIENTCONF "#\n";
b278daf3 1060 print CLIENTCONF "# User Security\n";
ce9abb66
AH		 1061 print CLIENTCONF "user nobody\n";
1062 print CLIENTCONF "group nobody\n";
1063 print CLIENTCONF "persist-tun\n";
1064 print CLIENTCONF "persist-key\n";
7c1d9faf 1065 print CLIENTCONF "script-security 2\n";
66c36198 1066 print CLIENTCONF "# IP/DNS for remote Server Gateway\n";
ce9abb66 1067 print CLIENTCONF "remote $cgiparams{'REMOTE'}\n";
b278daf3 1068 print CLIENTCONF "float\n";
66c36198
PM		 1069 print CLIENTCONF "# IP adresses of the VPN Subnet\n";
1070 print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n";
1071 print CLIENTCONF "# Server Gateway Network\n";
1072 print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";
ebcecb4b 1073 print CLIENTCONF "up \"/etc/init.d/static-routes start\"\n";
66c36198
PM		 1074 print CLIENTCONF "# tun Device\n";
1075 print CLIENTCONF "dev tun\n";
35a21a25
AM		 1076 print CLIENTCONF "#Logfile for statistics\n";
1077 print CLIENTCONF "status-version 1\n";
1078 print CLIENTCONF "status /var/run/openvpn/$cgiparams{'NAME'}-n2n 10\n";
66c36198
PM		 1079 print CLIENTCONF "# Port and Protokol\n";
1080 print CLIENTCONF "port $cgiparams{'DEST_PORT'}\n";
60f396d7
AH		 1081
1082 if ($cgiparams{'PROTOCOL'} eq 'tcp') {
1580d3b1 1083 print CLIENTCONF "proto tcp4-client\n";
60f396d7 1084 print CLIENTCONF "# Packet size\n";
d96c89eb 1085 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
60f396d7 1086 print CLIENTCONF "tun-mtu $tunmtu\n";
d96c89eb 1087 }
66c36198 1088
60f396d7 1089 if ($cgiparams{'PROTOCOL'} eq 'udp') {
1580d3b1 1090 print CLIENTCONF "proto udp4\n";
60f396d7
AH		 1091 print CLIENTCONF "# Paketsize\n";
1092 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
1093 print CLIENTCONF "tun-mtu $tunmtu\n";
54fd0535 1094 if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";}
d6989b4b 1095 if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; } else { print CLIENTCONF "mssfix 0\n" };
d96c89eb 1096 }
1647059d 1097
b66b02ab
EK		 1098 # Check host certificate if X509 is RFC3280 compliant.
1099 # If not, old --ns-cert-type directive will be used.
1100 # If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
2feacd98
SS		 1101 my @hostcert = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
1102 if ( ! grep(/TLS Web Server Authentication/, @hostcert)) {
b66b02ab
EK		 1103 print CLIENTCONF "ns-cert-type server\n";
1104 } else {
1105 print CLIENTCONF "remote-cert-tls server\n";
1106 }
66c36198
PM		 1107 print CLIENTCONF "# Auth. Client\n";
1108 print CLIENTCONF "tls-client\n";
1109 print CLIENTCONF "# Cipher\n";
4c962356 1110 print CLIENTCONF "cipher $cgiparams{'DCIPHER'}\n";
ce9abb66 1111 print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n";
52f61e49
EKD		 1112
1113 # If GCM cipher is used, do not use --auth
1114 if (($cgiparams{'DCIPHER'} eq 'AES-256-GCM') ||
1115 ($cgiparams{'DCIPHER'} eq 'AES-192-GCM') ||
1116 ($cgiparams{'DCIPHER'} eq 'AES-128-GCM')) {
1117 print CLIENTCONF unless "# HMAC algorithm\n";
1118 print CLIENTCONF unless "auth $cgiparams{'DAUTH'}\n";
49abe7af 1119 } else {
52f61e49
EKD		 1120 print CLIENTCONF "# HMAC algorithm\n";
1121 print CLIENTCONF "auth $cgiparams{'DAUTH'}\n";
49abe7af 1122 }
52f61e49 1123
942446b5
EK		 1124 # Set TLSv1.2 as minimum
1125 print CLIENTCONF "tls-version-min 1.2\n";
1126
ce9abb66 1127 if ($cgiparams{'COMPLZO'} eq 'on') {
60f396d7 1128 print CLIENTCONF "# Enable Compression\n";
66298ef2 1129 print CLIENTCONF "comp-lzo\n";
4c962356 1130 }
66c36198
PM		 1131 print CLIENTCONF "# Debug Level\n";
1132 print CLIENTCONF "verb 3\n";
1133 print CLIENTCONF "# Tunnel check\n";
1134 print CLIENTCONF "keepalive 10 60\n";
1135 print CLIENTCONF "# Start as daemon\n";
ce9abb66 1136 print CLIENTCONF "daemon $cgiparams{'NAME'}n2n\n";
66c36198
PM		 1137 print CLIENTCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n";
1138 print CLIENTCONF "# Activate Management Interface and Port\n";
54fd0535
MT		 1139 if ($cgiparams{'OVPN_MGMT'} eq '') {print CLIENTCONF "management localhost $cgiparams{'DEST_PORT'}\n"}
1140 else {print CLIENTCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"};
ce9abb66 1141 close(CLIENTCONF);
c6c9630e 1142
ce9abb66 1143}
400c8afd 1144
6e13d0a5
MT		 1145###
1146### Save main settings
1147###
ce9abb66 1148
6e13d0a5
MT		 1149if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') {
1150 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
6e13d0a5
MT		 1151 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
1152 #DAN this value has to leave.
1153 if ($cgiparams{'ENABLED'} eq 'on'){
1154 unless (&General::validfqdn($cgiparams{'VPN_IP'}) || &General::validip($cgiparams{'VPN_IP'})) {
1155 $errormessage = $Lang::tr{'invalid input for hostname'};
c6c9630e 1156 goto SETTINGS_ERROR;
6e13d0a5
MT		 1157 }
1158 }
f7fb5bc5 1159
6e13d0a5 1160 if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) {
c6c9630e 1161 $errormessage = $Lang::tr{'ovpn subnet is invalid'};
4c962356 1162 goto SETTINGS_ERROR;
c6c9630e
MT		 1163 }
1164 my @tmpovpnsubnet = split("\/",$cgiparams{'DOVPN_SUBNET'});
66c36198
PM		 1165
1166 if (&General::IpInSubnet ( $netsettings{'RED_ADDRESS'},
c6c9630e
MT		 1167 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1168 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire RED Network $netsettings{'RED_ADDRESS'}";
1169 goto SETTINGS_ERROR;
1170 }
66c36198
PM		 1171
1172 if (&General::IpInSubnet ( $netsettings{'GREEN_ADDRESS'},
c6c9630e
MT		 1173 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1174 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Green Network $netsettings{'GREEN_ADDRESS'}";
1175 goto SETTINGS_ERROR;
1176 }
1177
66c36198 1178 if (&General::IpInSubnet ( $netsettings{'BLUE_ADDRESS'},
c6c9630e
MT		 1179 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1180 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Blue Network $netsettings{'BLUE_ADDRESS'}";
1181 goto SETTINGS_ERROR;
1182 }
66c36198
PM		 1183
1184 if (&General::IpInSubnet ( $netsettings{'ORANGE_ADDRESS'},
c6c9630e
MT		 1185 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1186 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Orange Network $netsettings{'ORANGE_ADDRESS'}";
1187 goto SETTINGS_ERROR;
1188 }
1189 open(ALIASES, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.';
1190 while (<ALIASES>)
1191 {
1192 chomp($_);
1193 my @tempalias = split(/\,/,$_);
1194 if ($tempalias[1] eq 'on') {
66c36198 1195 if (&General::IpInSubnet ($tempalias[0] ,
c6c9630e
MT		 1196 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1197 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire alias entry $tempalias[0]";
66c36198 1198 }
c6c9630e
MT		 1199 }
1200 }
1201 close(ALIASES);
6e13d0a5 1202 if ($errormessage ne ''){
c6c9630e 1203 goto SETTINGS_ERROR;
6e13d0a5
MT		 1204 }
1205 if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
1206 $errormessage = $Lang::tr{'invalid input'};
1207 goto SETTINGS_ERROR;
1208 }
1209 if ((length($cgiparams{'DMTU'})==0) || (($cgiparams{'DMTU'}) < 1000 )) {
1210 $errormessage = $Lang::tr{'invalid mtu input'};
1211 goto SETTINGS_ERROR;
1212 }
66c36198 1213
6e13d0a5 1214 unless (&General::validport($cgiparams{'DDEST_PORT'})) {
c6c9630e
MT		 1215 $errormessage = $Lang::tr{'invalid port'};
1216 goto SETTINGS_ERROR;
6e13d0a5 1217 }
8c252e6a 1218
b21a6319
EK		 1219 # Create ta.key for tls-auth if not presant
1220 if ($cgiparams{'TLSAUTH'} eq 'on') {
1221 if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
2feacd98 1222 # This system call is safe, because all arguements are passed as an array.
acbd6ff4 1223 system("/usr/sbin/openvpn", "--genkey", "secret", "${General::swroot}/ovpn/certs/ta.key");
b21a6319
EK		 1224 if ($?) {
1225 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1226 goto SETTINGS_ERROR;
1227 }
1228 }
1229 }
1230
6e13d0a5
MT		 1231 $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
1232 $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
1233 $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
1234 $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
1235#new settings for daemon
1236 $vpnsettings{'DOVPN_SUBNET'} = $cgiparams{'DOVPN_SUBNET'};
6e13d0a5
MT		 1237 $vpnsettings{'DPROTOCOL'} = $cgiparams{'DPROTOCOL'};
1238 $vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'};
1239 $vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
1240 $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
1241 $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
86308adb 1242 $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
0c4ffc69 1243 $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
3ffee04b
CS		 1244#wrtie enable
1245
2feacd98
SS		 1246 if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {
1247 &General::system("touch", "${General::swroot}/ovpn/enable_blue");
1248 } else {
274ca65b 1249 unlink("${General::swroot}/ovpn/enable_blue");
2feacd98
SS		 1250 }
1251
1252 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {
1253 &General::system("touch", "${General::swroot}/ovpn/enable_orange");
1254 } else {
1255 unlink("${General::swroot}/ovpn/enable_orange");
1256 }
1257
1258 if ( $vpnsettings{'ENABLED'} eq 'on' ) {
1259 &General::system("touch", "${General::swroot}/ovpn/enable");
1260 } else {
1261 unlink("${General::swroot}/ovpn/enable");
1262 }
1263
66c36198 1264#new settings for daemon
6e13d0a5 1265 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
c6c9630e 1266 &writeserverconf();#hier ok
6e13d0a5
MT		 1267SETTINGS_ERROR:
1268###
1269### Reset all step 2
1270###
4c962356 1271}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'} && $cgiparams{'AREUSURE'} eq 'yes') {
6e13d0a5
MT		 1272 my $file = '';
1273 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1274
1e499e90 1275 # Kill all N2N connections
2feacd98 1276 &General::system("/usr/local/bin/openvpnctrl", "-kn2n");
1e499e90 1277
6e13d0a5 1278 foreach my $key (keys %confighash) {
2f36a7b4
MT		 1279 my $name = $confighash{$cgiparams{'$key'}}[1];
1280
c6c9630e
MT		 1281 if ($confighash{$key}[4] eq 'cert') {
1282 delete $confighash{$cgiparams{'$key'}};
1283 }
2f36a7b4 1284
2feacd98 1285 &General::system("/usr/local/bin/openvpnctrl", "-drrd", "$name");
6e13d0a5
MT		 1286 }
1287 while ($file = glob("${General::swroot}/ovpn/ca/*")) {
49abe7af 1288 unlink $file;
6e13d0a5
MT		 1289 }
1290 while ($file = glob("${General::swroot}/ovpn/certs/*")) {
49abe7af 1291 unlink $file;
6e13d0a5
MT		 1292 }
1293 while ($file = glob("${General::swroot}/ovpn/crls/*")) {
49abe7af 1294 unlink $file;
6e13d0a5 1295 }
4c962356 1296 &cleanssldatabase();
6e13d0a5
MT		 1297 if (open(FILE, ">${General::swroot}/ovpn/caconfig")) {
1298 print FILE "";
1299 close FILE;
1300 }
49abe7af
EK		 1301 if (open(FILE, ">${General::swroot}/ovpn/ccdroute")) {
1302 print FILE "";
1303 close FILE;
1304 }
1305 if (open(FILE, ">${General::swroot}/ovpn/ccdroute2")) {
1306 print FILE "";
1307 close FILE;
1308 }
1309 while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
1310 unlink $file
1311 }
5795fc1b
AM		 1312 while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
1313 unlink $file
1314 }
49abe7af
EK		 1315 if (open(FILE, ">${General::swroot}/ovpn/ovpn-leases.db")) {
1316 print FILE "";
1317 close FILE;
1318 }
1319 if (open(FILE, ">${General::swroot}/ovpn/ovpnconfig")) {
1320 print FILE "";
1321 close FILE;
1322 }
1323 while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) {
2feacd98 1324 unlink($file);
49abe7af
EK		 1325 }
1326
2f36a7b4
MT		 1327 # Remove everything from the collectd configuration
1328 &writecollectdconf();
1329
c6c9630e 1330 #&writeserverconf();
6e13d0a5
MT		 1331###
1332### Reset all step 1
1333###
4c962356 1334}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'}) {
6e13d0a5 1335 &Header::showhttpheaders();
4c962356
EK		 1336 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
1337 &Header::openbigbox('100%', 'left', '', '');
1338 &Header::openbox('100%', 'left', $Lang::tr{'are you sure'});
1339 print <<END;
1340 <form method='post'>
1341 <table width='100%'>
1342 <tr>
1343 <td align='center'>
1344 <input type='hidden' name='AREUSURE' value='yes' />
49abe7af 1345 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
4c962356
EK		 1346 $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}</td>
1347 </tr>
1348 <tr>
1349 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' />
1350 <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td>
1351 </tr>
1352 </table>
1353 </form>
6e13d0a5
MT		 1354END
1355 ;
1356 &Header::closebox();
1357 &Header::closebigbox();
1358 &Header::closepage();
1359 exit (0);
1360
4c962356
EK		 1361###
1362### Generate DH key step 2
1363###
1364} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'} && $cgiparams{'AREUSURE'} eq 'yes') {
49abe7af 1365 # Delete if old key exists
4c962356
EK		 1366 if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
1367 unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
1368 }
1369 # Create Diffie Hellmann Parameter
2feacd98
SS		 1370 # The system call is safe, because all arguments are passed as an array.
1371 system("/usr/bin/openssl", "dhparam", "-out", "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
4c962356
EK		 1372 if ($?) {
1373 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1374 unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
1375 }
1376
1377###
1378### Generate DH key step 1
1379###
1380} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'}) {
1381 &Header::showhttpheaders();
1382 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
1383 &Header::openbigbox('100%', 'LEFT', '', '');
1384 &Header::openbox('100%', 'LEFT', "$Lang::tr{'gen dh'}:");
1385 print <<END;
1386 <table width='100%'>
1387 <tr>
f527e53f 1388 <td width='20%'> </td> <td width='15%'></td> <td width='65%'></td>
49abe7af 1389 </tr>
4c962356
EK		 1390 <tr>
1391 <td class='base'>$Lang::tr{'ovpn dh'}:</td>
1392 <td align='center'>
1393 <form method='post'><input type='hidden' name='AREUSURE' value='yes' />
1394 <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
1395 <select name='DHLENGHT'>
4c962356
EK		 1396 <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
1397 <option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
1398 <option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
1399 </select>
1400 </td>
1401 </tr>
1402 <tr><td colspan='4'><br></td></tr>
1403 </table>
1404 <table width='100%'>
1405 <tr>
49abe7af 1406 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}: </font></b>$Lang::tr{'dh key warn'}
4c962356 1407 </tr>
49abe7af
EK		 1408 <tr>
1409 <td class='base'>$Lang::tr{'dh key warn1'}</td>
1410 </tr>
1411 <tr><td colspan='2'><br></td></tr>
4c962356
EK		 1412 <tr>
1413 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
1414 </form>
1415 </tr>
1416 </table>
1417
1418END
1419 ;
1420 &Header::closebox();
1421 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1422 &Header::closebigbox();
1423 &Header::closepage();
1424 exit (0);
1425
1426###
1427### Upload DH key
1428###
1429} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload dh key'}) {
2ad1b18b 1430 unless (ref ($cgiparams{'FH'})) {
4c962356
EK		 1431 $errormessage = $Lang::tr{'there was no file upload'};
1432 goto UPLOADCA_ERROR;
1433 }
49abe7af 1434 # Move uploaded dh key to a temporary file
4c962356
EK		 1435 (my $fh, my $filename) = tempfile( );
1436 if (copy ($cgiparams{'FH'}, $fh) != 1) {
1437 $errormessage = $!;
49abe7af 1438 goto UPLOADCA_ERROR;
4c962356 1439 }
2feacd98
SS		 1440 my @temp = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "$filename");
1441 if ( ! grep(/DH Parameters: \((2048|3072|4096) bit\)/, @temp)) {
4c962356
EK		 1442 $errormessage = $Lang::tr{'not a valid dh key'};
1443 unlink ($filename);
1444 goto UPLOADCA_ERROR;
1445 } else {
cc79d281
SS		 1446 # Delete if old key exists
1447 if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
1448 unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
4c962356 1449 }
cc79d281
SS		 1450
1451 unless(move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}")) {
49abe7af
EK		 1452 $errormessage = "$Lang::tr{'dh key move failed'}: $!";
1453 unlink ($filename);
1454 goto UPLOADCA_ERROR;
cc79d281 1455 }
4c962356 1456 }
6e13d0a5
MT		 1457###
1458### Upload CA Certificate
1459###
1460} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload ca certificate'}) {
1461 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1462
1463 if ($cgiparams{'CA_NAME'} !~ /^[a-zA-Z0-9]+$/) {
1464 $errormessage = $Lang::tr{'name must only contain characters'};
1465 goto UPLOADCA_ERROR;
1466 }
1467
1468 if (length($cgiparams{'CA_NAME'}) >60) {
1469 $errormessage = $Lang::tr{'name too long'};
1470 goto VPNCONF_ERROR;
1471 }
1472
1473 if ($cgiparams{'CA_NAME'} eq 'ca') {
1474 $errormessage = $Lang::tr{'name is invalid'};
4c962356 1475 goto UPLOADCA_ERROR;
6e13d0a5
MT		 1476 }
1477
1478 # Check if there is no other entry with this name
1479 foreach my $key (keys %cahash) {
c6c9630e
MT		 1480 if ($cahash{$key}[0] eq $cgiparams{'CA_NAME'}) {
1481 $errormessage = $Lang::tr{'a ca certificate with this name already exists'};
1482 goto UPLOADCA_ERROR;
1483 }
6e13d0a5
MT		 1484 }
1485
2ad1b18b 1486 unless (ref ($cgiparams{'FH'})) {
c6c9630e
MT		 1487 $errormessage = $Lang::tr{'there was no file upload'};
1488 goto UPLOADCA_ERROR;
6e13d0a5
MT		 1489 }
1490 # Move uploaded ca to a temporary file
1491 (my $fh, my $filename) = tempfile( );
1492 if (copy ($cgiparams{'FH'}, $fh) != 1) {
c6c9630e
MT		 1493 $errormessage = $!;
1494 goto UPLOADCA_ERROR;
6e13d0a5 1495 }
2feacd98
SS		 1496 my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "$filename");
1497 if ( ! grep(/CA:TRUE/i, @temp )) {
c6c9630e
MT		 1498 $errormessage = $Lang::tr{'not a valid ca certificate'};
1499 unlink ($filename);
1500 goto UPLOADCA_ERROR;
6e13d0a5 1501 } else {
cc79d281 1502 unless(move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem")) {
c6c9630e
MT		 1503 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1504 unlink ($filename);
1505 goto UPLOADCA_ERROR;
1506 }
6e13d0a5
MT		 1507 }
1508
274ca65b 1509 my @casubject = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem");
2feacd98
SS		 1510 my $casubject;
1511
1512 foreach my $line (@casubject) {
1513 if ($line =~ /Subject: (.*)[\n]/) {
1514 $casubject = $1;
1515 $casubject =~ s+/Email+, E+;
1516 $casubject =~ s/ ST=/ S=/;
1517
1518 last;
1519 }
1520 }
1521
6e13d0a5
MT		 1522 $casubject = &Header::cleanhtml($casubject);
1523
1524 my $key = &General::findhasharraykey (\%cahash);
1525 $cahash{$key}[0] = $cgiparams{'CA_NAME'};
1526 $cahash{$key}[1] = $casubject;
1527 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
c6c9630e
MT		 1528# system('/usr/local/bin/ipsecctrl', 'R');
1529
6e13d0a5
MT		 1530 UPLOADCA_ERROR:
1531
1532###
1533### Display ca certificate
1534###
1535} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show ca certificate'}) {
c6c9630e
MT		 1536 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1537
1538 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem") {
1539 &Header::showhttpheaders();
4c962356 1540 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
c6c9630e
MT		 1541 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
1542 &Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:");
2feacd98 1543 my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
8c946d1c
MT		 1544 my $output = &Header::cleanhtml(join("", @output),"y");
1545 print "<pre>$output</pre>\n";
c6c9630e
MT		 1546 &Header::closebox();
1547 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1548 &Header::closebigbox();
1549 &Header::closepage();
1550 exit(0);
1551 } else {
1552 $errormessage = $Lang::tr{'invalid key'};
1553 }
1554
6e13d0a5
MT		 1555###
1556### Download ca certificate
1557###
1558} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download ca certificate'}) {
1559 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1560
1561 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1562 print "Content-Type: application/octet-stream\r\n";
1563 print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
2feacd98
SS		 1564
1565 my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
1566 print "@tmp";
1567
6e13d0a5
MT		 1568 exit(0);
1569 } else {
1570 $errormessage = $Lang::tr{'invalid key'};
1571 }
1572
1573###
1574### Remove ca certificate (step 2)
1575###
1576} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'} && $cgiparams{'AREUSURE'} eq 'yes') {
1577 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1578 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1579
1580 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1581 foreach my $key (keys %confighash) {
2feacd98
SS		 1582 my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
1583 if (grep(/: OK/, @test)) {
c6c9630e
MT		 1584 # Delete connection
1585# if ($vpnsettings{'ENABLED'} eq 'on' ||
1586# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
1587# system('/usr/local/bin/ipsecctrl', 'D', $key);
1588# }
6e13d0a5
MT		 1589 unlink ("${General::swroot}/ovpn//certs/$confighash{$key}[1]cert.pem");
1590 unlink ("${General::swroot}/ovpn/certs/$confighash{$key}[1].p12");
1591 delete $confighash{$key};
1592 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 1593# &writeipsecfiles();
6e13d0a5
MT		 1594 }
1595 }
1596 unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
1597 delete $cahash{$cgiparams{'KEY'}};
1598 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
c6c9630e 1599# system('/usr/local/bin/ipsecctrl', 'R');
6e13d0a5
MT		 1600 } else {
1601 $errormessage = $Lang::tr{'invalid key'};
1602 }
1603###
1604### Remove ca certificate (step 1)
1605###
1606} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'}) {
1607 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1608 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1609
1610 my $assignedcerts = 0;
1611 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1612 foreach my $key (keys %confighash) {
2feacd98
SS		 1613 my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
1614 if (grep(/: OK/, @test)) {
6e13d0a5
MT		 1615 $assignedcerts++;
1616 }
1617 }
1618 if ($assignedcerts) {
1619 &Header::showhttpheaders();
4c962356 1620 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
6e13d0a5
MT		 1621 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
1622 &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'});
4c962356 1623 print <<END;
6e13d0a5
MT		 1624 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
1625 <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
1626 <tr><td align='center'>
1627 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>: $assignedcerts
1628 $Lang::tr{'connections are associated with this ca. deleting the ca will delete these connections as well.'}
1629 <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
1630 <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td></tr>
1631 </form></table>
1632END
1633 ;
1634 &Header::closebox();
1635 &Header::closebigbox();
1636 &Header::closepage();
1637 exit (0);
1638 } else {
1639 unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
1640 delete $cahash{$cgiparams{'KEY'}};
1641 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1642# system('/usr/local/bin/ipsecctrl', 'R');
1643 }
1644 } else {
1645 $errormessage = $Lang::tr{'invalid key'};
1646 }
1647
1648###
1649### Display root certificate
1650###
c6c9630e
MT		 1651}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} ||
1652 $cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
2feacd98 1653 my @output;
c6c9630e 1654 &Header::showhttpheaders();
4c962356 1655 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
c6c9630e
MT		 1656 &Header::openbigbox('100%', 'LEFT', '', '');
1657 if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
1658 &Header::openbox('100%', 'LEFT', "$Lang::tr{'root certificate'}:");
2feacd98 1659 @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
c6c9630e
MT		 1660 } else {
1661 &Header::openbox('100%', 'LEFT', "$Lang::tr{'host certificate'}:");
2feacd98 1662 @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
c6c9630e 1663 }
8c946d1c
MT		 1664 my $output = &Header::cleanhtml(join("", @output), "y");
1665 print "<pre>$output</pre>\n";
c6c9630e
MT		 1666 &Header::closebox();
1667 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1668 &Header::closebigbox();
1669 &Header::closepage();
1670 exit(0);
1671
6e13d0a5
MT		 1672###
1673### Download root certificate
1674###
1675}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download root certificate'}) {
1676 if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
1677 print "Content-Type: application/octet-stream\r\n";
1678 print "Content-Disposition: filename=cacert.pem\r\n\r\n";
2feacd98
SS		 1679
1680 my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
1681 print "@tmp";
1682
6e13d0a5
MT		 1683 exit(0);
1684 }
66c36198 1685
6e13d0a5
MT		 1686###
1687### Download host certificate
1688###
1689}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download host certificate'}) {
1690 if ( -f "${General::swroot}/ovpn/certs/servercert.pem" ) {
1691 print "Content-Type: application/octet-stream\r\n";
1692 print "Content-Disposition: filename=servercert.pem\r\n\r\n";
2feacd98
SS		 1693
1694 my @tmp = &General::system_output("/usr/bin/openssl", "x509", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
1695 print "@tmp";
1696
6e13d0a5
MT		 1697 exit(0);
1698 }
f7fb5bc5 1699
fd5ccb2d
EK		 1700###
1701### Download tls-auth key
1702###
1703}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download tls-auth key'}) {
1704 if ( -f "${General::swroot}/ovpn/certs/ta.key" ) {
1705 print "Content-Type: application/octet-stream\r\n";
1706 print "Content-Disposition: filename=ta.key\r\n\r\n";
2feacd98
SS		 1707
1708 open(FILE, "${General::swroot}/ovpn/certs/ta.key");
1709 my @tmp = <FILE>;
1710 close(FILE);
1711
1712 print "@tmp";
1713
fd5ccb2d
EK		 1714 exit(0);
1715 }
1716
6e13d0a5
MT		 1717###
1718### Form for generating a root certificate
1719###
1720}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate root/host certificates'} ||
1721 $cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
1722
1723 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1724 if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
1725 $errormessage = $Lang::tr{'valid root certificate already exists'};
1726 $cgiparams{'ACTION'} = '';
1727 goto ROOTCERT_ERROR;
1728 }
1729
1730 if (($cgiparams{'ROOTCERT_HOSTNAME'} eq '') && -e "${General::swroot}/red/active") {
1731 if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
1732 my $ipaddr = <IPADDR>;
1733 close IPADDR;
1734 chomp ($ipaddr);
1735 $cgiparams{'ROOTCERT_HOSTNAME'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
1736 if ($cgiparams{'ROOTCERT_HOSTNAME'} eq '') {
1737 $cgiparams{'ROOTCERT_HOSTNAME'} = $ipaddr;
1738 }
1739 }
1740 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
2ad1b18b 1741 unless (ref ($cgiparams{'FH'})) {
6e13d0a5
MT		 1742 $errormessage = $Lang::tr{'there was no file upload'};
1743 goto ROOTCERT_ERROR;
1744 }
1745
1746 # Move uploaded certificate request to a temporary file
1747 (my $fh, my $filename) = tempfile( );
1748 if (copy ($cgiparams{'FH'}, $fh) != 1) {
1749 $errormessage = $!;
1750 goto ROOTCERT_ERROR;
1751 }
1752
1753 # Create a temporary dirctory
1754 my $tempdir = tempdir( CLEANUP => 1 );
1755
1756 # Extract the CA certificate from the file
1757 my $pid = open(OPENSSL, "|-");
1758 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1759 if ($pid) { # parent
1760 if ($cgiparams{'P12_PASS'} ne '') {
1761 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1762 }
1763 close (OPENSSL);
1764 if ($?) {
1765 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1766 unlink ($filename);
1767 goto ROOTCERT_ERROR;
1768 }
1769 } else { # child
1770 unless (exec ('/usr/bin/openssl', 'pkcs12', '-cacerts', '-nokeys',
1771 '-in', $filename,
1772 '-out', "$tempdir/cacert.pem")) {
1773 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1774 unlink ($filename);
1775 goto ROOTCERT_ERROR;
1776 }
1777 }
1778
1779 # Extract the Host certificate from the file
1780 $pid = open(OPENSSL, "|-");
1781 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1782 if ($pid) { # parent
1783 if ($cgiparams{'P12_PASS'} ne '') {
1784 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1785 }
1786 close (OPENSSL);
1787 if ($?) {
1788 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1789 unlink ($filename);
1790 goto ROOTCERT_ERROR;
1791 }
1792 } else { # child
1793 unless (exec ('/usr/bin/openssl', 'pkcs12', '-clcerts', '-nokeys',
1794 '-in', $filename,
1795 '-out', "$tempdir/hostcert.pem")) {
1796 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1797 unlink ($filename);
1798 goto ROOTCERT_ERROR;
1799 }
1800 }
1801
1802 # Extract the Host key from the file
1803 $pid = open(OPENSSL, "|-");
1804 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1805 if ($pid) { # parent
1806 if ($cgiparams{'P12_PASS'} ne '') {
1807 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1808 }
1809 close (OPENSSL);
1810 if ($?) {
1811 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1812 unlink ($filename);
1813 goto ROOTCERT_ERROR;
1814 }
1815 } else { # child
1816 unless (exec ('/usr/bin/openssl', 'pkcs12', '-nocerts',
1817 '-nodes',
1818 '-in', $filename,
1819 '-out', "$tempdir/serverkey.pem")) {
1820 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1821 unlink ($filename);
1822 goto ROOTCERT_ERROR;
1823 }
1824 }
1825
cc79d281 1826 unless(move("$tempdir/cacert.pem", "${General::swroot}/ovpn/ca/cacert.pem")) {
6e13d0a5
MT		 1827 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1828 unlink ($filename);
1829 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1830 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1831 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1832 goto ROOTCERT_ERROR;
1833 }
1834
cc79d281 1835 unless(move("$tempdir/hostcert.pem", "${General::swroot}/ovpn/certs/servercert.pem")) {
6e13d0a5
MT		 1836 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1837 unlink ($filename);
1838 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1839 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1840 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1841 goto ROOTCERT_ERROR;
1842 }
1843
cc79d281 1844 unless(move("$tempdir/serverkey.pem", "${General::swroot}/ovpn/certs/serverkey.pem")) {
6e13d0a5
MT		 1845 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1846 unlink ($filename);
1847 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1848 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1849 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1850 goto ROOTCERT_ERROR;
1851 }
1852
1853 goto ROOTCERT_SUCCESS;
1854
1855 } elsif ($cgiparams{'ROOTCERT_COUNTRY'} ne '') {
1856
1857 # Validate input since the form was submitted
1858 if ($cgiparams{'ROOTCERT_ORGANIZATION'} eq ''){
1859 $errormessage = $Lang::tr{'organization cant be empty'};
1860 goto ROOTCERT_ERROR;
1861 }
1862 if (length($cgiparams{'ROOTCERT_ORGANIZATION'}) >60) {
1863 $errormessage = $Lang::tr{'organization too long'};
1864 goto ROOTCERT_ERROR;
1865 }
1866 if ($cgiparams{'ROOTCERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1867 $errormessage = $Lang::tr{'invalid input for organization'};
1868 goto ROOTCERT_ERROR;
1869 }
1870 if ($cgiparams{'ROOTCERT_HOSTNAME'} eq ''){
1871 $errormessage = $Lang::tr{'hostname cant be empty'};
1872 goto ROOTCERT_ERROR;
1873 }
1874 unless (&General::validfqdn($cgiparams{'ROOTCERT_HOSTNAME'}) || &General::validip($cgiparams{'ROOTCERT_HOSTNAME'})) {
1875 $errormessage = $Lang::tr{'invalid input for hostname'};
1876 goto ROOTCERT_ERROR;
1877 }
1878 if ($cgiparams{'ROOTCERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'ROOTCERT_EMAIL'}))) {
1879 $errormessage = $Lang::tr{'invalid input for e-mail address'};
1880 goto ROOTCERT_ERROR;
1881 }
1882 if (length($cgiparams{'ROOTCERT_EMAIL'}) > 40) {
1883 $errormessage = $Lang::tr{'e-mail address too long'};
1884 goto ROOTCERT_ERROR;
1885 }
1886 if ($cgiparams{'ROOTCERT_OU'} ne '' && $cgiparams{'ROOTCERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1887 $errormessage = $Lang::tr{'invalid input for department'};
1888 goto ROOTCERT_ERROR;
1889 }
1890 if ($cgiparams{'ROOTCERT_CITY'} ne '' && $cgiparams{'ROOTCERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1891 $errormessage = $Lang::tr{'invalid input for city'};
1892 goto ROOTCERT_ERROR;
1893 }
1894 if ($cgiparams{'ROOTCERT_STATE'} ne '' && $cgiparams{'ROOTCERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1895 $errormessage = $Lang::tr{'invalid input for state or province'};
1896 goto ROOTCERT_ERROR;
1897 }
1898 if ($cgiparams{'ROOTCERT_COUNTRY'} !~ /^[A-Z]*$/) {
1899 $errormessage = $Lang::tr{'invalid input for country'};
1900 goto ROOTCERT_ERROR;
1901 }
1902
1903 # Copy the cgisettings to vpnsettings and save the configfile
1904 $vpnsettings{'ROOTCERT_ORGANIZATION'} = $cgiparams{'ROOTCERT_ORGANIZATION'};
1905 $vpnsettings{'ROOTCERT_HOSTNAME'} = $cgiparams{'ROOTCERT_HOSTNAME'};
1906 $vpnsettings{'ROOTCERT_EMAIL'} = $cgiparams{'ROOTCERT_EMAIL'};
1907 $vpnsettings{'ROOTCERT_OU'} = $cgiparams{'ROOTCERT_OU'};
1908 $vpnsettings{'ROOTCERT_CITY'} = $cgiparams{'ROOTCERT_CITY'};
1909 $vpnsettings{'ROOTCERT_STATE'} = $cgiparams{'ROOTCERT_STATE'};
1910 $vpnsettings{'ROOTCERT_COUNTRY'} = $cgiparams{'ROOTCERT_COUNTRY'};
1911 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
1912
1913 # Replace empty strings with a .
1914 (my $ou = $cgiparams{'ROOTCERT_OU'}) =~ s/^\s*$/\./;
1915 (my $city = $cgiparams{'ROOTCERT_CITY'}) =~ s/^\s*$/\./;
1916 (my $state = $cgiparams{'ROOTCERT_STATE'}) =~ s/^\s*$/\./;
1917
1918 # refresh
c6c9630e 1919 #system ('/bin/touch', "${General::swroot}/ovpn/gencanow");
66c36198 1920
6e13d0a5
MT		 1921 # Create the CA certificate
1922 my $pid = open(OPENSSL, "|-");
1923 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1924 if ($pid) { # parent
1925 print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n";
1926 print OPENSSL "$state\n";
1927 print OPENSSL "$city\n";
1928 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n";
1929 print OPENSSL "$ou\n";
1930 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'} CA\n";
1931 print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n";
1932 close (OPENSSL);
1933 if ($?) {
1934 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1935 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1936 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1937 goto ROOTCERT_ERROR;
1938 }
1939 } else { # child
badd8c1c 1940 unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes',
49abe7af 1941 '-days', '999999', '-newkey', 'rsa:4096', '-sha512',
6e13d0a5
MT		 1942 '-keyout', "${General::swroot}/ovpn/ca/cakey.pem",
1943 '-out', "${General::swroot}/ovpn/ca/cacert.pem",
1944 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
1945 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1946 goto ROOTCERT_ERROR;
1947 }
1948 }
1949
1950 # Create the Host certificate request
1951 $pid = open(OPENSSL, "|-");
1952 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1953 if ($pid) { # parent
1954 print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n";
1955 print OPENSSL "$state\n";
1956 print OPENSSL "$city\n";
1957 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n";
1958 print OPENSSL "$ou\n";
1959 print OPENSSL "$cgiparams{'ROOTCERT_HOSTNAME'}\n";
1960 print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n";
1961 print OPENSSL ".\n";
1962 print OPENSSL ".\n";
1963 close (OPENSSL);
1964 if ($?) {
1965 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1966 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1967 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1968 goto ROOTCERT_ERROR;
1969 }
1970 } else { # child
badd8c1c 1971 unless (exec ('/usr/bin/openssl', 'req', '-nodes',
4c962356 1972 '-newkey', 'rsa:2048',
6e13d0a5
MT		 1973 '-keyout', "${General::swroot}/ovpn/certs/serverkey.pem",
1974 '-out', "${General::swroot}/ovpn/certs/serverreq.pem",
1975 '-extensions', 'server',
1976 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
1977 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1978 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1979 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1980 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1981 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1982 goto ROOTCERT_ERROR;
1983 }
1984 }
66c36198 1985
6e13d0a5 1986 # Sign the host certificate request
2feacd98 1987 # This system call is safe, because all argeuments are passed as an array.
6e13d0a5
MT		 1988 system('/usr/bin/openssl', 'ca', '-days', '999999',
1989 '-batch', '-notext',
1990 '-in', "${General::swroot}/ovpn/certs/serverreq.pem",
1991 '-out', "${General::swroot}/ovpn/certs/servercert.pem",
1992 '-extensions', 'server',
1993 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf");
1994 if ($?) {
1995 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1996 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1997 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1998 unlink ("${General::swroot}/ovpn/serverkey.pem");
1999 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
2000 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
c6c9630e 2001 &newcleanssldatabase();
6e13d0a5
MT		 2002 goto ROOTCERT_ERROR;
2003 } else {
2004 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
c6c9630e 2005 &deletebackupcert();
6e13d0a5
MT		 2006 }
2007
2008 # Create an empty CRL
2feacd98 2009 # System call is safe, because all arguments are passed as array.
6e13d0a5
MT		 2010 system('/usr/bin/openssl', 'ca', '-gencrl',
2011 '-out', "${General::swroot}/ovpn/crls/cacrl.pem",
2012 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" );
2013 if ($?) {
2014 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
2015 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
2016 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
2017 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
66c36198 2018 unlink ("${General::swroot}/ovpn/crls/cacrl.pem");
c6c9630e 2019 &cleanssldatabase();
6e13d0a5 2020 goto ROOTCERT_ERROR;
c6c9630e
MT		 2021# } else {
2022# &cleanssldatabase();
6e13d0a5 2023 }
ae04d0a3 2024 # Create ta.key for tls-auth
2feacd98 2025 # This system call is safe, because all arguments are passed as an array.
acbd6ff4 2026 system('/usr/sbin/openvpn', '--genkey', 'secret', "${General::swroot}/ovpn/certs/ta.key");
ae04d0a3
EK		 2027 if ($?) {
2028 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
2029 &cleanssldatabase();
2030 goto ROOTCERT_ERROR;
2031 }
6e13d0a5 2032 # Create Diffie Hellmann Parameter
2feacd98 2033 # The system call is safe, because all arguments are passed as an array.
badd8c1c 2034 system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
6e13d0a5
MT		 2035 if ($?) {
2036 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
2037 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
2038 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
2039 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
2040 unlink ("${General::swroot}/ovpn/crls/cacrl.pem");
2041 unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
c6c9630e 2042 &cleanssldatabase();
6e13d0a5 2043 goto ROOTCERT_ERROR;
c6c9630e
MT		 2044# } else {
2045# &cleanssldatabase();
4be45949 2046 }
6e13d0a5
MT		 2047 goto ROOTCERT_SUCCESS;
2048 }
2049 ROOTCERT_ERROR:
2050 if ($cgiparams{'ACTION'} ne '') {
2051 &Header::showhttpheaders();
4c962356 2052 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
6e13d0a5
MT		 2053 &Header::openbigbox('100%', 'LEFT', '', '');
2054 if ($errormessage) {
2055 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2056 print "<class name='base'>$errormessage";
2057 print "&nbsp;</class>";
2058 &Header::closebox();
2059 }
2060 &Header::openbox('100%', 'LEFT', "$Lang::tr{'generate root/host certificates'}:");
49abe7af 2061 print <<END;
6e13d0a5
MT		 2062 <form method='post' enctype='multipart/form-data'>
2063 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
e3edceeb 2064 <tr><td width='30%' class='base'>$Lang::tr{'organization name'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
6e13d0a5
MT		 2065 <td width='35%' class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_ORGANIZATION' value='$cgiparams{'ROOTCERT_ORGANIZATION'}' size='32' /></td>
2066 <td width='35%' colspan='2'>&nbsp;</td></tr>
e3edceeb 2067 <tr><td class='base'>$Lang::tr{'ipfires hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
6e13d0a5
MT		 2068 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_HOSTNAME' value='$cgiparams{'ROOTCERT_HOSTNAME'}' size='32' /></td>
2069 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2070 <tr><td class='base'>$Lang::tr{'your e-mail'}:</td>
6e13d0a5
MT		 2071 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_EMAIL' value='$cgiparams{'ROOTCERT_EMAIL'}' size='32' /></td>
2072 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2073 <tr><td class='base'>$Lang::tr{'your department'}:</td>
6e13d0a5
MT		 2074 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_OU' value='$cgiparams{'ROOTCERT_OU'}' size='32' /></td>
2075 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2076 <tr><td class='base'>$Lang::tr{'city'}:</td>
6e13d0a5
MT		 2077 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_CITY' value='$cgiparams{'ROOTCERT_CITY'}' size='32' /></td>
2078 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2079 <tr><td class='base'>$Lang::tr{'state or province'}:</td>
6e13d0a5
MT		 2080 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_STATE' value='$cgiparams{'ROOTCERT_STATE'}' size='32' /></td>
2081 <td colspan='2'>&nbsp;</td></tr>
2082 <tr><td class='base'>$Lang::tr{'country'}:</td>
66c36198 2083 <td class='base'><select name='ROOTCERT_COUNTRY'>
6e13d0a5
MT		 2084
2085END
2086 ;
2087 foreach my $country (sort keys %{Countries::countries}) {
2088 print "<option value='$Countries::countries{$country}'";
2089 if ( $Countries::countries{$country} eq $cgiparams{'ROOTCERT_COUNTRY'} ) {
2090 print " selected='selected'";
2091 }
2092 print ">$country</option>";
2093 }
49abe7af 2094 print <<END;
6e13d0a5 2095 </select></td>
4c962356
EK		 2096 <tr><td class='base'>$Lang::tr{'ovpn dh'}:</td>
2097 <td class='base'><select name='DHLENGHT'>
4c962356
EK		 2098 <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
2099 <option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
2100 <option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
2101 </select>
2102 </td>
2103 </tr>
2104
6e13d0a5
MT		 2105 <tr><td>&nbsp;</td>
2106 <td><input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' /></td>
66c36198 2107 <td>&nbsp;</td><td>&nbsp;</td></tr>
6e13d0a5 2108 <tr><td class='base' colspan='4' align='left'>
e3edceeb 2109 <img src='/blob.gif' valign='top' alt='*' />&nbsp;$Lang::tr{'required field'}</td></tr>
49abe7af
EK		 2110 <tr><td colspan='2'><br></td></tr>
2111 <table width='100%'>
2112 <tr>
2113 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}: </font></b>$Lang::tr{'ovpn generating the root and host certificates'}
2114 <td class='base'>$Lang::tr{'dh key warn'}</td>
4c962356 2115 </tr>
49abe7af
EK		 2116 <tr>
2117 <td class='base'>$Lang::tr{'dh key warn1'}</td>
4c962356 2118 </tr>
49abe7af
EK		 2119 <tr><td colspan='2'><br></td></tr>
2120 <tr>
2121 </table>
4c962356 2122
49abe7af 2123 <table width='100%'>
4c962356 2124 <tr><td colspan='4'><hr></td></tr>
e3edceeb 2125 <tr><td class='base' nowrap='nowrap'>$Lang::tr{'upload p12 file'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
6e13d0a5
MT		 2126 <td nowrap='nowrap'><input type='file' name='FH' size='32'></td>
2127 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2128 <tr><td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
6e13d0a5
MT		 2129 <td class='base' nowrap='nowrap'><input type='password' name='P12_PASS' value='$cgiparams{'P12_PASS'}' size='32' /></td>
2130 <td colspan='2'>&nbsp;</td></tr>
2131 <tr><td>&nbsp;</td>
2132 <td><input type='submit' name='ACTION' value='$Lang::tr{'upload p12 file'}' /></td>
2133 <td colspan='2'>&nbsp;</td></tr>
2134 <tr><td class='base' colspan='4' align='left'>
e3edceeb 2135 <img src='/blob.gif' valign='top' alt='*' >&nbsp;$Lang::tr{'required field'}</td>
4c962356 2136 </tr>
6e13d0a5
MT		 2137 </form></table>
2138END
2139 ;
2140 &Header::closebox();
4c962356 2141 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
6e13d0a5
MT		 2142 &Header::closebigbox();
2143 &Header::closepage();
2144 exit(0)
2145 }
2146
2147 ROOTCERT_SUCCESS:
2feacd98 2148 &General::system("chmod", "600", "${General::swroot}/ovpn/certs/serverkey.pem");
c6c9630e
MT		 2149# if ($vpnsettings{'ENABLED'} eq 'on' ||
2150# $vpnsettings{'ENABLE_BLUE'} eq 'on') {
2151# system('/usr/local/bin/ipsecctrl', 'S');
2152# }
6e13d0a5
MT		 2153
2154###
2155### Enable/Disable connection
2156###
ce9abb66
AH		 2157
2158###
7c1d9faf 2159# m.a.d net2net
ce9abb66
AH		 2160###
2161
6e13d0a5 2162}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
66c36198 2163
c6c9630e 2164 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
6e13d0a5 2165 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2feacd98
SS		 2166 my $n2nactive = '';
2167 my @ps = &General::system_output("/bin/ps", "ax");
2168
2169 if(grep(/$confighash{$cgiparams{'KEY'}}[1]/, @ps)) {
2170 $n2nactive = "1";
2171 }
66c36198 2172
6e13d0a5 2173 if ($confighash{$cgiparams{'KEY'}}) {
8c877a82
AM		 2174 if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
2175 $confighash{$cgiparams{'KEY'}}[0] = 'on';
2176 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66 2177
8c877a82 2178 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
2feacd98 2179 &General::system("/usr/local/bin/openvpnctrl", "-sn2n", "$confighash{$cgiparams{'KEY'}}[1]");
775b4494 2180 &writecollectdconf();
8c877a82
AM		 2181 }
2182 } else {
ce9abb66 2183
8c877a82
AM		 2184 $confighash{$cgiparams{'KEY'}}[0] = 'off';
2185 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66 2186
8c877a82 2187 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
775b4494 2188 if ($n2nactive ne '') {
2feacd98 2189 &General::system("/usr/local/bin/openvpnctrl", "-kn2n", "$confighash{$cgiparams{'KEY'}}[1]");
775b4494
AM		 2190 &writecollectdconf();
2191 }
8c877a82 2192 }
775b4494 2193 }
ce9abb66 2194 }
6e13d0a5
MT		 2195
2196###
2197### Download OpenVPN client package
2198###
ce9abb66
AH		 2199
2200
6e13d0a5
MT		 2201} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'dl client arch'}) {
2202 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2203 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2204 my $file = '';
2205 my $clientovpn = '';
2206 my @fileholder;
2207 my $tempdir = tempdir( CLEANUP => 1 );
2208 my $zippath = "$tempdir/";
ce9abb66
AH		 2209
2210###
7c1d9faf
AH		 2211# m.a.d net2net
2212###
ce9abb66
AH		 2213
2214if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
66c36198 2215
ce9abb66
AH		 2216 my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-Client.zip";
2217 my $zippathname = "$zippath$zipname";
66c36198 2218 $clientovpn = "$confighash{$cgiparams{'KEY'}}[1].conf";
ce9abb66 2219 my @ovsubnettemp = split(/\./,$confighash{$cgiparams{'KEY'}}[27]);
54fd0535 2220 my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
66c36198 2221 my $tunmtu = '';
7c1d9faf 2222 my @remsubnet = split(/\//,$confighash{$cgiparams{'KEY'}}[8]);
54fd0535 2223 my $n2nfragment = '';
66c36198 2224
ce9abb66
AH		 2225 open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
2226 flock CLIENTCONF, 2;
66c36198 2227
ce9abb66 2228 my $zip = Archive::Zip->new();
7c1d9faf 2229 print CLIENTCONF "# IPFire n2n Open VPN Client Config by ummeegge und m.a.d\n";
ce9abb66 2230 print CLIENTCONF "# \n";
b278daf3 2231 print CLIENTCONF "# User Security\n";
ce9abb66
AH		 2232 print CLIENTCONF "user nobody\n";
2233 print CLIENTCONF "group nobody\n";
2234 print CLIENTCONF "persist-tun\n";
2235 print CLIENTCONF "persist-key\n";
7c1d9faf 2236 print CLIENTCONF "script-security 2\n";
66c36198 2237 print CLIENTCONF "# IP/DNS for remote Server Gateway\n";
531f0835 2238 print CLIENTCONF "remote $vpnsettings{'VPN_IP'}\n";
b278daf3 2239 print CLIENTCONF "float\n";
66c36198
PM		 2240 print CLIENTCONF "# IP adresses of the VPN Subnet\n";
2241 print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n";
2242 print CLIENTCONF "# Server Gateway Network\n";
7c1d9faf 2243 print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";
66c36198
PM		 2244 print CLIENTCONF "# tun Device\n";
2245 print CLIENTCONF "dev tun\n";
35a21a25
AM		 2246 print CLIENTCONF "#Logfile for statistics\n";
2247 print CLIENTCONF "status-version 1\n";
2248 print CLIENTCONF "status /var/run/openvpn/$cgiparams{'NAME'}-n2n 10\n";
66c36198
PM		 2249 print CLIENTCONF "# Port and Protokoll\n";
2250 print CLIENTCONF "port $confighash{$cgiparams{'KEY'}}[29]\n";
2251
60f396d7 2252 if ($confighash{$cgiparams{'KEY'}}[28] eq 'tcp') {
1580d3b1 2253 print CLIENTCONF "proto tcp4-client\n";
60f396d7 2254 print CLIENTCONF "# Packet size\n";
d96c89eb 2255 if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1400'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
60f396d7 2256 print CLIENTCONF "tun-mtu $tunmtu\n";
d96c89eb 2257 }
66c36198 2258
60f396d7 2259 if ($confighash{$cgiparams{'KEY'}}[28] eq 'udp') {
1580d3b1 2260 print CLIENTCONF "proto udp4\n";
60f396d7
AH		 2261 print CLIENTCONF "# Paketsize\n";
2262 if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1500'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
2263 print CLIENTCONF "tun-mtu $tunmtu\n";
54fd0535 2264 if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";}
d6989b4b 2265 if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";} else { print CLIENTCONF "mssfix 0\n"; }
d96c89eb 2266 }
b66b02ab
EK		 2267 # Check host certificate if X509 is RFC3280 compliant.
2268 # If not, old --ns-cert-type directive will be used.
2269 # If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
2feacd98
SS		 2270 my @hostcert = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
2271 if (! grep(/TLS Web Server Authentication/, @hostcert)) {
b66b02ab
EK		 2272 print CLIENTCONF "ns-cert-type server\n";
2273 } else {
2274 print CLIENTCONF "remote-cert-tls server\n";
2275 }
66c36198
PM		 2276 print CLIENTCONF "# Auth. Client\n";
2277 print CLIENTCONF "tls-client\n";
49abe7af 2278 print CLIENTCONF "# Cipher\n";
4c962356 2279 print CLIENTCONF "cipher $confighash{$cgiparams{'KEY'}}[40]\n";
66c36198 2280 if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
ce9abb66
AH		 2281 print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n";
2282 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
49abe7af 2283 }
52f61e49
EKD		 2284
2285 # If GCM cipher is used, do not use --auth
2286 if (($confighash{$cgiparams{'KEY'}}[40] eq 'AES-256-GCM') ||
2287 ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-192-GCM') ||
2288 ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-128-GCM')) {
2289 print CLIENTCONF unless "# HMAC algorithm\n";
2290 print CLIENTCONF unless "auth $confighash{$cgiparams{'KEY'}}[39]\n";
49abe7af 2291 } else {
52f61e49
EKD		 2292 print CLIENTCONF "# HMAC algorithm\n";
2293 print CLIENTCONF "auth $confighash{$cgiparams{'KEY'}}[39]\n";
49abe7af 2294 }
52f61e49 2295
4c962356 2296 if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') {
b278daf3 2297 print CLIENTCONF "# Enable Compression\n";
66298ef2 2298 print CLIENTCONF "comp-lzo\n";
b278daf3 2299 }
66c36198
PM		 2300 print CLIENTCONF "# Debug Level\n";
2301 print CLIENTCONF "verb 3\n";
2302 print CLIENTCONF "# Tunnel check\n";
2303 print CLIENTCONF "keepalive 10 60\n";
2304 print CLIENTCONF "# Start as daemon\n";
2305 print CLIENTCONF "daemon $confighash{$cgiparams{'KEY'}}[1]n2n\n";
2306 print CLIENTCONF "writepid /var/run/$confighash{$cgiparams{'KEY'}}[1]n2n.pid\n";
2307 print CLIENTCONF "# Activate Management Interface and Port\n";
54fd0535
MT		 2308 if ($confighash{$cgiparams{'KEY'}}[22] eq '') {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[29]\n"}
2309 else {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[22]\n"};
ce9abb66 2310 print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n";
66c36198 2311
ce9abb66
AH		 2312
2313 close(CLIENTCONF);
66c36198 2314
ce9abb66
AH		 2315 $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
2316 my $status = $zip->writeToFileNamed($zippathname);
2317
2318 open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!";
2319 @fileholder = <DLFILE>;
2320 print "Content-Type:application/x-download\n";
2321 print "Content-Disposition:attachment;filename=$zipname\n\n";
2322 print @fileholder;
2323 exit (0);
2324}
2325else
2326{
2327 my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip";
2328 my $zippathname = "$zippath$zipname";
2329 $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn";
2330
2331###
7c1d9faf 2332# m.a.d net2net
ce9abb66 2333###
66c36198 2334
c6c9630e 2335 open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
6e13d0a5 2336 flock CLIENTCONF, 2;
66c36198 2337
6e13d0a5 2338 my $zip = Archive::Zip->new();
66c36198 2339
8c877a82 2340 print CLIENTCONF "#OpenVPN Client conf\r\n";
6e13d0a5
MT		 2341 print CLIENTCONF "tls-client\r\n";
2342 print CLIENTCONF "client\r\n";
4f6e3ae3 2343 print CLIENTCONF "nobind\r\n";
79e7688b 2344 print CLIENTCONF "dev tun\r\n";
c6c9630e 2345 print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n";
d6989b4b 2346 print CLIENTCONF "tun-mtu $vpnsettings{'DMTU'}\r\n";
2ee746be 2347
6e13d0a5
MT		 2348 if ( $vpnsettings{'ENABLED'} eq 'on'){
2349 print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n";
66c36198 2350 if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){
574f4538 2351 print CLIENTCONF "#comment the above line and uncomment the next line, if you want to connect on the Blue interface\r\n";
c6c9630e
MT		 2352 print CLIENTCONF ";remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2353 }
2354 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
574f4538 2355 print CLIENTCONF "#comment the above line and uncomment the next line, if you want to connect on the Orange interface\r\n";
c6c9630e
MT		 2356 print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2357 }
2358 } elsif ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){
2359 print CLIENTCONF "remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2360 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
574f4538 2361 print CLIENTCONF "#comment the above line and uncomment the next line, if you want to connect on the Orange interface\r\n";
c6c9630e
MT		 2362 print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2363 }
2364 } elsif ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2365 print CLIENTCONF "remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
6e13d0a5 2366 }
66c36198 2367
71af643c
MT		 2368 my $file_crt = new File::Temp( UNLINK => 1 );
2369 my $file_key = new File::Temp( UNLINK => 1 );
b22d8aaf 2370 my $include_certs = 0;
71af643c 2371
66c36198 2372 if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
71af643c 2373 if ($cgiparams{'MODE'} eq 'insecure') {
b22d8aaf
MT		 2374 $include_certs = 1;
2375
71af643c 2376 # Add the CA
b22d8aaf 2377 print CLIENTCONF ";ca cacert.pem\r\n";
71af643c
MT		 2378 $zip->addFile("${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
2379
2380 # Extract the certificate
2feacd98 2381 # This system call is safe, because all arguments are passed as an array.
71af643c
MT		 2382 system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
2383 '-clcerts', '-nokeys', '-nodes', '-out', "$file_crt" , '-passin', 'pass:');
2384 if ($?) {
2385 die "openssl error: $?";
2386 }
2387
2388 $zip->addFile("$file_crt", "$confighash{$cgiparams{'KEY'}}[1].pem") or die;
b22d8aaf 2389 print CLIENTCONF ";cert $confighash{$cgiparams{'KEY'}}[1].pem\r\n";
71af643c
MT		 2390
2391 # Extract the key
2feacd98 2392 # This system call is safe, because all arguments are passed as an array.
71af643c
MT		 2393 system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
2394 '-nocerts', '-nodes', '-out', "$file_key", '-passin', 'pass:');
2395 if ($?) {
2396 die "openssl error: $?";
2397 }
2398
2399 $zip->addFile("$file_key", "$confighash{$cgiparams{'KEY'}}[1].key") or die;
b22d8aaf 2400 print CLIENTCONF ";key $confighash{$cgiparams{'KEY'}}[1].key\r\n";
71af643c
MT		 2401 } else {
2402 print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n";
2403 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
2404 }
6e13d0a5 2405 } else {
c6c9630e
MT		 2406 print CLIENTCONF "ca cacert.pem\r\n";
2407 print CLIENTCONF "cert $confighash{$cgiparams{'KEY'}}[1]cert.pem\r\n";
2408 print CLIENTCONF "key $confighash{$cgiparams{'KEY'}}[1].key\r\n";
2409 $zip->addFile( "${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
66c36198 2410 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n";
6e13d0a5
MT		 2411 }
2412 print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
49abe7af 2413 print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n";
86308adb 2414
49abe7af 2415 if ($vpnsettings{'TLSAUTH'} eq 'on') {
b22d8aaf
MT		 2416 if ($cgiparams{'MODE'} eq 'insecure') {
2417 print CLIENTCONF ";";
2418 }
4be45949
EK		 2419 print CLIENTCONF "tls-auth ta.key\r\n";
2420 $zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key") or die "Can't add file ta.key\n";
49abe7af 2421 }
6e13d0a5
MT		 2422 if ($vpnsettings{DCOMPLZO} eq 'on') {
2423 print CLIENTCONF "comp-lzo\r\n";
2424 }
2425 print CLIENTCONF "verb 3\r\n";
b66b02ab
EK		 2426 # Check host certificate if X509 is RFC3280 compliant.
2427 # If not, old --ns-cert-type directive will be used.
2428 # If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
2feacd98
SS		 2429 my @hostcert = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
2430 if (! grep(/TLS Web Server Authentication/, @hostcert)) {
b66b02ab
EK		 2431 print CLIENTCONF "ns-cert-type server\r\n";
2432 } else {
2433 print CLIENTCONF "remote-cert-tls server\r\n";
2434 }
964700d4 2435 print CLIENTCONF "verify-x509-name $vpnsettings{ROOTCERT_HOSTNAME} name\r\n";
a79fa1d6
JPT		 2436 if ($vpnsettings{MSSFIX} eq 'on') {
2437 print CLIENTCONF "mssfix\r\n";
d6989b4b
MT		 2438 } else {
2439 print CLIENTCONF "mssfix 0\r\n";
a79fa1d6 2440 }
74225cce 2441 if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) {
a79fa1d6
JPT		 2442 print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
2443 }
e1e10515
TE		 2444 if ($confighash{$cgiparams{'KEY'}}[43] eq 'on') {
2445 print CLIENTCONF "auth-nocache\r\n";
2446 print CLIENTCONF "auth-user-pass credentials\r\n";
2447 print CLIENTCONF "static-challenge \"One Time Password (OTP): \" 1\r\n";
2448
2449 open(CLIENTCREDS, ">$tempdir/credentials") or die "Unable to open tempfile: $!";
2450 print CLIENTCREDS "user\r\n";
2451 print CLIENTCREDS "password";
2452 close(CLIENTCREDS);
2453 $zip->addFile( "$tempdir/credentials", "credentials") or die "Can't add file credentials\n";
2454 }
1647059d 2455
b22d8aaf
MT		 2456 if ($include_certs) {
2457 print CLIENTCONF "\r\n";
2458
2459 # CA
2460 open(FILE, "<${General::swroot}/ovpn/ca/cacert.pem");
2461 print CLIENTCONF "<ca>\r\n";
2462 while (<FILE>) {
2463 chomp($_);
2464 print CLIENTCONF "$_\r\n";
2465 }
2466 print CLIENTCONF "</ca>\r\n\r\n";
2467 close(FILE);
2468
2469 # Cert
2470 open(FILE, "<$file_crt");
2471 print CLIENTCONF "<cert>\r\n";
2472 while (<FILE>) {
2473 chomp($_);
2474 print CLIENTCONF "$_\r\n";
2475 }
2476 print CLIENTCONF "</cert>\r\n\r\n";
2477 close(FILE);
2478
2479 # Key
2480 open(FILE, "<$file_key");
2481 print CLIENTCONF "<key>\r\n";
2482 while (<FILE>) {
2483 chomp($_);
2484 print CLIENTCONF "$_\r\n";
2485 }
2486 print CLIENTCONF "</key>\r\n\r\n";
2487 close(FILE);
2488
2489 # TLS auth
2490 if ($vpnsettings{'TLSAUTH'} eq 'on') {
2491 open(FILE, "<${General::swroot}/ovpn/certs/ta.key");
2492 print CLIENTCONF "<tls-auth>\r\n";
2493 while (<FILE>) {
2494 chomp($_);
2495 print CLIENTCONF "$_\r\n";
2496 }
2497 print CLIENTCONF "</tls-auth>\r\n\r\n";
2498 close(FILE);
2499 }
2500 }
2501
ffbe77c8
EK		 2502 # Print client.conf.local if entries exist to client.ovpn
2503 if (!-z $local_clientconf && $vpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') {
2504 open (LCC, "$local_clientconf");
2505 print CLIENTCONF "\n#---------------------------\n";
2506 print CLIENTCONF "# Start of custom directives\n";
2507 print CLIENTCONF "# from client.conf.local\n";
2508 print CLIENTCONF "#---------------------------\n\n";
2509 while (<LCC>) {
2510 print CLIENTCONF $_;
2511 }
2512 print CLIENTCONF "\n#---------------------------\n";
2513 print CLIENTCONF "# End of custom directives\n";
2514 print CLIENTCONF "#---------------------------\n\n";
2515 close (LCC);
2516 }
6e13d0a5 2517 close(CLIENTCONF);
66c36198 2518
6e13d0a5
MT		 2519 $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
2520 my $status = $zip->writeToFileNamed($zippathname);
2521
2522 open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!";
2523 @fileholder = <DLFILE>;
2524 print "Content-Type:application/x-download\n";
2525 print "Content-Disposition:attachment;filename=$zipname\n\n";
2526 print @fileholder;
2527 exit (0);
ce9abb66 2528 }
66c36198
PM		 2529
2530
2531
6e13d0a5
MT		 2532###
2533### Remove connection
2534###
ce9abb66
AH		 2535
2536
6e13d0a5 2537} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
323be7c4
AM		 2538 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2539 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 2540
323be7c4 2541 if ($confighash{$cgiparams{'KEY'}}) {
fde9c9dd 2542 # Revoke certificate if certificate was deleted and rewrite the CRL
274ca65b 2543 &General::system("/usr/bin/openssl", "ca", "-revoke", "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf");
2feacd98 2544 &General::system("/usr/bin/openssl", "ca", "-gencrl", "-out", "${General::swroot}/ovpn/crls/cacrl.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf");
ce9abb66
AH		 2545
2546###
7c1d9faf 2547# m.a.d net2net
ce9abb66 2548###
7c1d9faf 2549
323be7c4 2550 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
1e499e90 2551 # Stop the N2N connection before it is removed
2feacd98 2552 &General::system("/usr/local/bin/openvpnctrl", "-kn2n", "$confighash{$cgiparams{'KEY'}}[1]");
1e499e90 2553
323be7c4
AM		 2554 my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
2555 my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
2556 unlink ($certfile);
2557 unlink ($conffile);
8e6a8fd5 2558
323be7c4
AM		 2559 if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") {
2560 rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
2561 }
323be7c4 2562 }
ce9abb66 2563
323be7c4
AM		 2564 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
2565 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
8c877a82
AM		 2566
2567# A.Marx CCD delete ccd files and routes
2568
323be7c4
AM		 2569 if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]")
2570 {
2571 unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]";
8c877a82 2572 }
66c36198 2573
323be7c4
AM		 2574 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
2575 foreach my $key (keys %ccdroutehash) {
2576 if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
2577 delete $ccdroutehash{$key};
2578 }
8c877a82 2579 }
323be7c4 2580 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
66c36198 2581
323be7c4
AM		 2582 &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
2583 foreach my $key (keys %ccdroute2hash) {
2584 if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
2585 delete $ccdroute2hash{$key};
2586 }
2587 }
2588 &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
2589 &writeserverconf;
8c877a82 2590
323be7c4
AM		 2591# CCD end
2592 # Update collectd configuration and delete all RRD files of the removed connection
2593 &writecollectdconf();
2feacd98 2594 &General::system("/usr/local/bin/openvpnctrl", "-drrd", "$confighash{$cgiparams{'KEY'}}[1]");
8c877a82 2595
323be7c4 2596 delete $confighash{$cgiparams{'KEY'}};
2feacd98 2597 &General::system("/usr/bin/openssl", "ca", "-gencrl", "-out", "${General::swroot}/ovpn/crls/cacrl.pem", "-config", "${General::swroot}/ovpn/openssl/ovpn.cnf");
323be7c4
AM		 2598 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2599
2600 } else {
2601 $errormessage = $Lang::tr{'invalid key'};
2602 }
b2e75449 2603 &General::firewall_reload();
ce9abb66 2604
6e13d0a5
MT		 2605###
2606### Download PKCS12 file
2607###
2608} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download pkcs12 file'}) {
2609 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2610
2611 print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . ".p12\r\n";
2612 print "Content-Type: application/octet-stream\r\n\r\n";
2feacd98
SS		 2613
2614 open(FILE, "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
2615 my @tmp = <FILE>;
2616 close(FILE);
2617
2618 print "@tmp";
6e13d0a5
MT		 2619 exit (0);
2620
2621###
2622### Display certificate
2623###
2624} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show certificate'}) {
2625 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2626
2627 if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
c6c9630e 2628 &Header::showhttpheaders();
4c962356 2629 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
c6c9630e
MT		 2630 &Header::openbigbox('100%', 'LEFT', '', '');
2631 &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:");
2feacd98 2632 my @output = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
8c946d1c
MT		 2633 my $output = &Header::cleanhtml(join("", @output), "y");
2634 print "<pre>$output</pre>\n";
c6c9630e
MT		 2635 &Header::closebox();
2636 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2637 &Header::closebigbox();
2638 &Header::closepage();
2639 exit(0);
6e13d0a5 2640 }
4c962356 2641
e1e10515
TE		 2642###
2643### Display OTP QRCode
2644###
2645} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show otp qrcode'}) {
2646 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2647
e1e10515
TE		 2648 my $qrcode = Imager::QRCode->new(
2649 size => 6,
2650 margin => 0,
2651 version => 0,
2652 level => 'M',
2653 mode => '8-bit',
2654 casesensitive => 1,
2655 lightcolor => Imager::Color->new(255, 255, 255),
2656 darkcolor => Imager::Color->new(0, 0, 0),
2657 );
2658 my $cn = $confighash{$cgiparams{'KEY'}}[2];
2659 my $secret = encode_base32($confighash{$cgiparams{'KEY'}}[44]);
2660 my $issuer = "$mainsettings{'HOSTNAME'}.$mainsettings{'DOMAINNAME'}";
2661 my $qrcodeimg = $qrcode->plot("otpauth://totp/$cn?secret=$secret&issuer=$issuer");
2662 my $qrcodeimgdata;
2663 $qrcodeimg->write(data => \$qrcodeimgdata, type=> 'png')
2664 or die $qrcodeimg->errstr;
2665 $qrcodeimgdata = encode_base64($qrcodeimgdata, '');
2666
2667 &Header::showhttpheaders();
2668 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
2669 &Header::openbigbox('100%', 'LEFT', '', '');
2670 &Header::openbox('100%', 'LEFT', "$Lang::tr{'otp qrcode'}:");
2671 print <<END;
2672$Lang::tr{'secret'}:&nbsp;$secret</br></br>
2673<img alt="$Lang::tr{'otp qrcode'}" src="data:image/png;base64,$qrcodeimgdata">
2674END
2675 &Header::closebox();
2676 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2677 &Header::closebigbox();
2678 &Header::closepage();
2679 exit(0);
2680
4c962356
EK		 2681###
2682### Display Diffie-Hellman key
2683###
2684} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show dh'}) {
2685
2686 if (! -e "${General::swroot}/ovpn/ca/dh1024.pem") {
49abe7af 2687 $errormessage = $Lang::tr{'not present'};
4c962356
EK		 2688 } else {
2689 &Header::showhttpheaders();
2690 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
2691 &Header::openbigbox('100%', 'LEFT', '', '');
2692 &Header::openbox('100%', 'LEFT', "$Lang::tr{'dh'}:");
2feacd98 2693 my @output = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/dh1024.pem");
8c946d1c
MT		 2694 my $output = &Header::cleanhtml(join("", @output) ,"y");
2695 print "<pre>$output</pre>\n";
4c962356
EK		 2696 &Header::closebox();
2697 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2698 &Header::closebigbox();
2699 &Header::closepage();
2700 exit(0);
2701 }
2702
fd5ccb2d
EK		 2703###
2704### Display tls-auth key
2705###
2706} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show tls-auth key'}) {
2707
2708 if (! -e "${General::swroot}/ovpn/certs/ta.key") {
2709 $errormessage = $Lang::tr{'not present'};
2710 } else {
2711 &Header::showhttpheaders();
2712 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
2713 &Header::openbigbox('100%', 'LEFT', '', '');
2714 &Header::openbox('100%', 'LEFT', "$Lang::tr{'ta key'}:");
2feacd98
SS		 2715
2716 open(FILE, "${General::swroot}/ovpn/certs/ta.key");
2717 my @output = <FILE>;
2718 close(FILE);
2719
8c946d1c
MT		 2720 my $output = &Header::cleanhtml(join("", @output),"y");
2721 print "<pre>$output</pre>\n";
fd5ccb2d
EK		 2722 &Header::closebox();
2723 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2724 &Header::closebigbox();
2725 &Header::closepage();
2726 exit(0);
2727 }
2728
6e13d0a5
MT		 2729###
2730### Display Certificate Revoke List
2731###
2732} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show crl'}) {
c6c9630e
MT		 2733# &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2734
49abe7af
EK		 2735 if (! -e "${General::swroot}/ovpn/crls/cacrl.pem") {
2736 $errormessage = $Lang::tr{'not present'};
2737 } else {
b2e75449
MT		 2738 &Header::showhttpheaders();
2739 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
2740 &Header::openbigbox('100%', 'LEFT', '', '');
2741 &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
2feacd98 2742 my @output = &General::system_output("/usr/bin/openssl", "crl", "-text", "-noout", "-in", "${General::swroot}/ovpn/crls/cacrl.pem");
8c946d1c
MT		 2743 my $output = &Header::cleanhtml(join("", @output), "y");
2744 print "<pre>$output</pre>\n";
b2e75449
MT		 2745 &Header::closebox();
2746 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2747 &Header::closebigbox();
2748 &Header::closepage();
2749 exit(0);
6e13d0a5
MT		 2750 }
2751
2752###
2753### Advanced Server Settings
2754###
2755
2756} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'advanced server'}) {
2757 %cgiparams = ();
2758 %cahash = ();
2759 %confighash = ();
8c877a82 2760 my $disabled;
6e13d0a5 2761 &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
54fd0535 2762 read_routepushfile;
66c36198
PM		 2763
2764
c6c9630e 2765# if ($cgiparams{'CLIENT2CLIENT'} eq '') {
66c36198 2766# $cgiparams{'CLIENT2CLIENT'} = 'on';
c6c9630e 2767# }
6e13d0a5
MT		 2768ADV_ERROR:
2769 if ($cgiparams{'MAX_CLIENTS'} eq '') {
4c962356 2770 $cgiparams{'MAX_CLIENTS'} = '100';
6e13d0a5 2771 }
6e13d0a5 2772 if ($cgiparams{'KEEPALIVE_1'} eq '') {
4c962356 2773 $cgiparams{'KEEPALIVE_1'} = '10';
6e13d0a5
MT		 2774 }
2775 if ($cgiparams{'KEEPALIVE_2'} eq '') {
4c962356 2776 $cgiparams{'KEEPALIVE_2'} = '60';
6e13d0a5
MT		 2777 }
2778 if ($cgiparams{'LOG_VERB'} eq '') {
4c962356 2779 $cgiparams{'LOG_VERB'} = '3';
ae9f6139 2780 }
f527e53f 2781 if ($cgiparams{'TLSAUTH'} eq '') {
754066e6 2782 $cgiparams{'TLSAUTH'} = 'off';
f527e53f 2783 }
6e13d0a5
MT		 2784 $checked{'CLIENT2CLIENT'}{'off'} = '';
2785 $checked{'CLIENT2CLIENT'}{'on'} = '';
2786 $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
2787 $checked{'REDIRECT_GW_DEF1'}{'off'} = '';
2788 $checked{'REDIRECT_GW_DEF1'}{'on'} = '';
2789 $checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED';
13389777
EK		 2790 $checked{'DCOMPLZO'}{'off'} = '';
2791 $checked{'DCOMPLZO'}{'on'} = '';
2792 $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
ffbe77c8
EK		 2793 $checked{'ADDITIONAL_CONFIGS'}{'off'} = '';
2794 $checked{'ADDITIONAL_CONFIGS'}{'on'} = '';
2795 $checked{'ADDITIONAL_CONFIGS'}{$cgiparams{'ADDITIONAL_CONFIGS'}} = 'CHECKED';
a79fa1d6
JPT		 2796 $checked{'MSSFIX'}{'off'} = '';
2797 $checked{'MSSFIX'}{'on'} = '';
2798 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
49abe7af 2799 $selected{'LOG_VERB'}{'0'} = '';
6e13d0a5
MT		 2800 $selected{'LOG_VERB'}{'1'} = '';
2801 $selected{'LOG_VERB'}{'2'} = '';
2802 $selected{'LOG_VERB'}{'3'} = '';
2803 $selected{'LOG_VERB'}{'4'} = '';
2804 $selected{'LOG_VERB'}{'5'} = '';
2805 $selected{'LOG_VERB'}{'6'} = '';
2806 $selected{'LOG_VERB'}{'7'} = '';
2807 $selected{'LOG_VERB'}{'8'} = '';
2808 $selected{'LOG_VERB'}{'9'} = '';
2809 $selected{'LOG_VERB'}{'10'} = '';
2810 $selected{'LOG_VERB'}{'11'} = '';
6e13d0a5 2811 $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
66c36198 2812
6e13d0a5
MT		 2813 &Header::showhttpheaders();
2814 &Header::openpage($Lang::tr{'status ovpn'}, 1, '');
66c36198 2815 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
6e13d0a5 2816 if ($errormessage) {
c6c9630e
MT		 2817 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2818 print "<class name='base'>$errormessage\n";
2819 print "&nbsp;</class>\n";
2820 &Header::closebox();
6e13d0a5
MT		 2821 }
2822 &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'});
4c962356 2823 print <<END;
b376fae4 2824 <form method='post' enctype='multipart/form-data'>
b2e75449 2825<table width='100%' border=0>
4c962356
EK		 2826 <tr>
2827 <td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
6e13d0a5
MT		 2828 </tr>
2829 <tr>
4c962356 2830 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
66c36198
PM		 2831 </tr>
2832 <tr>
4c962356 2833 <td class='base'>Domain</td>
8c877a82 2834 <td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30' /></td>
6e13d0a5 2835 </tr>
66c36198 2836 <tr>
4c962356
EK		 2837 <td class='base'>DNS</td>
2838 <td><input type='TEXT' name='DHCP_DNS' value='$cgiparams{'DHCP_DNS'}' size='30' /></td>
66c36198
PM		 2839 </tr>
2840 <tr>
4c962356
EK		 2841 <td class='base'>WINS</td>
2842 <td><input type='TEXT' name='DHCP_WINS' value='$cgiparams{'DHCP_WINS'}' size='30' /></td>
2843 </tr>
54fd0535 2844 <tr>
4c962356 2845 <td colspan='4'><b>$Lang::tr{'ovpn routes push options'}</b></td>
54fd0535 2846 </tr>
66c36198 2847 <tr>
4c962356
EK		 2848 <td class='base'>$Lang::tr{'ovpn routes push'}</td>
2849 <td colspan='2'>
2850 <textarea name='ROUTES_PUSH' cols='26' rows='6' wrap='off'>
54fd0535
MT		 2851END
2852;
2853
2854if ($cgiparams{'ROUTES_PUSH'} ne '')
2855{
2856 print $cgiparams{'ROUTES_PUSH'};
2857}
2858
8c877a82 2859print <<END;
54fd0535
MT		 2860</textarea></td>
2861</tr>
6e13d0a5
MT		 2862 </tr>
2863</table>
2864<hr size='1'>
4c962356 2865<table width='100%'>
ffbe77c8 2866 <tr>
4c962356 2867 <td class'base'><b>$Lang::tr{'misc-options'}</b></td>
ffbe77c8
EK		 2868 </tr>
2869
2870 <tr>
d2de0a00 2871 <td width='20%'></td> <td width='15%'> </td><td width='35%'> </td><td width='20%'></td><td width='35%'></td>
ffbe77c8
EK		 2872 </tr>
2873
2874 <tr>
4c962356
EK		 2875 <td class='base'>Client-To-Client</td>
2876 <td><input type='checkbox' name='CLIENT2CLIENT' $checked{'CLIENT2CLIENT'}{'on'} /></td>
ffbe77c8
EK		 2877 </tr>
2878
2879 <tr>
4c962356
EK		 2880 <td class='base'>Redirect-Gateway def1</td>
2881 <td><input type='checkbox' name='REDIRECT_GW_DEF1' $checked{'REDIRECT_GW_DEF1'}{'on'} /></td>
ffbe77c8
EK		 2882 </tr>
2883
13389777
EK		 2884 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
2885 <td><input type='checkbox' name='DCOMPLZO' $checked{'DCOMPLZO'}{'on'} /></td>
2886 <td>$Lang::tr{'openvpn default'}: off <font color='red'>($Lang::tr{'attention'} exploitable via Voracle)</font></td>
2887 </tr>
2888
4c962356 2889 <tr>
ffbe77c8
EK		 2890 <td class='base'>$Lang::tr{'ovpn add conf'}</td>
2891 <td><input type='checkbox' name='ADDITIONAL_CONFIGS' $checked{'ADDITIONAL_CONFIGS'}{'on'} /></td>
2892 <td>$Lang::tr{'openvpn default'}: off</td>
2893 </tr>
2894
2895 <tr>
2896 <td class='base'>mssfix</td>
2897 <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
2898 <td>$Lang::tr{'openvpn default'}: off</td>
2899 </tr>
2900
4c962356 2901 <tr>
ffbe77c8
EK		 2902 <td class='base'>fragment <br></td>
2903 <td><input type='TEXT' name='FRAGMENT' value='$cgiparams{'FRAGMENT'}' size='10' /></td>
2904 </tr>
2905
2906
2907 <tr>
2908 <td class='base'>Max-Clients</td>
2909 <td><input type='text' name='MAX_CLIENTS' value='$cgiparams{'MAX_CLIENTS'}' size='10' /></td>
2910 </tr>
2911 <tr>
2912 <td class='base'>Keepalive <br />
2913 (ping/ping-restart)</td>
2914 <td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='10' /></td>
2915 <td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='10' /></td>
2916 </tr>
a79fa1d6
JPT		 2917</table>
2918
a79fa1d6 2919<hr size='1'>
4c962356 2920<table width='100%'>
a79fa1d6 2921 <tr>
49abe7af 2922 <td class'base'><b>$Lang::tr{'log-options'}</b></td>
a79fa1d6
JPT		 2923 </tr>
2924 <tr>
49abe7af 2925 <td width='20%'></td> <td width='30%'> </td><td width='25%'> </td><td width='25%'></td>
4c962356
EK		 2926 </tr>
2927
2928 <tr><td class='base'>VERB</td>
2929 <td><select name='LOG_VERB'>
49abe7af
EK		 2930 <option value='0' $selected{'LOG_VERB'}{'0'}>0</option>
2931 <option value='1' $selected{'LOG_VERB'}{'1'}>1</option>
2932 <option value='2' $selected{'LOG_VERB'}{'2'}>2</option>
2933 <option value='3' $selected{'LOG_VERB'}{'3'}>3</option>
2934 <option value='4' $selected{'LOG_VERB'}{'4'}>4</option>
2935 <option value='5' $selected{'LOG_VERB'}{'5'}>5</option>
2936 <option value='6' $selected{'LOG_VERB'}{'6'}>6</option>
2937 <option value='7' $selected{'LOG_VERB'}{'7'}>7</option>
2938 <option value='8' $selected{'LOG_VERB'}{'8'}>8</option>
2939 <option value='9' $selected{'LOG_VERB'}{'9'}>9</option>
2940 <option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
2941 <option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
2942 </td></select>
2943 </table>
4c962356 2944
6e13d0a5 2945<hr size='1'>
8c877a82
AM		 2946END
2947
2948if ( -e "/var/run/openvpn.pid"){
2949print" <br><b><font color='#990000'>$Lang::tr{'attention'}:</b></font><br>
2950 $Lang::tr{'server restart'}<br><br>
2951 <hr>";
49abe7af 2952 print<<END;
52d08bcb
AM		 2953<table width='100%'>
2954<tr>
2955 <td>&nbsp;</td>
2956 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' disabled='disabled' /></td>
2957 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
66c36198 2958 <td>&nbsp;</td>
52d08bcb 2959</tr>
66c36198 2960</table>
52d08bcb
AM		 2961</form>
2962END
66c36198
PM		 2963;
2964
2965
52d08bcb 2966}else{
8c877a82 2967
49abe7af 2968 print<<END;
6e13d0a5
MT		 2969<table width='100%'>
2970<tr>
2971 <td>&nbsp;</td>
2972 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' /></td>
2973 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
66c36198 2974 <td>&nbsp;</td>
6e13d0a5 2975</tr>
66c36198 2976</table>
6e13d0a5
MT		 2977</form>
2978END
66c36198 2979;
52d08bcb 2980}
6e13d0a5 2981 &Header::closebox();
c6c9630e 2982# print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
6e13d0a5
MT		 2983 &Header::closebigbox();
2984 &Header::closepage();
2985 exit(0);
66c36198 2986
8c877a82
AM		 2987
2988# A.Marx CCD Add,delete or edit CCD net
2989
66c36198
PM		 2990} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ccd net'} ||
2991 $cgiparams{'ACTION'} eq $Lang::tr{'ccd add'} ||
2992 $cgiparams{'ACTION'} eq "kill" ||
8c877a82
AM		 2993 $cgiparams{'ACTION'} eq "edit" ||
2994 $cgiparams{'ACTION'} eq 'editsave'){
2995 &Header::showhttpheaders();
2996 &Header::openpage($Lang::tr{'ccd net'}, 1, '');
2997 &Header::openbigbox('100%', 'LEFT', '', '');
2998
2999 if ($cgiparams{'ACTION'} eq "kill"){
3000 &delccdnet($cgiparams{'net'});
3001 }
66c36198 3002
8c877a82
AM		 3003 if ($cgiparams{'ACTION'} eq 'editsave'){
3004 my ($a,$b) =split (/\|/,$cgiparams{'ccdname'});
3005 if ( $a ne $b){ &modccdnet($a,$b);}
5068ac38
AM		 3006 $cgiparams{'ccdname'}='';
3007 $cgiparams{'ccdsubnet'}='';
8c877a82 3008 }
66c36198 3009
8c877a82 3010 if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) {
e2429e8d 3011 &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'});
8c877a82
AM		 3012 }
3013 if ($errormessage) {
3014 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
3015 print "<class name='base'>$errormessage";
3016 print "&nbsp;</class>";
66c36198 3017 &Header::closebox();
8c877a82
AM		 3018 }
3019if ($cgiparams{'ACTION'} eq "edit"){
66c36198 3020
8c877a82
AM		 3021 &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'});
3022
49abe7af 3023 print <<END;
631b67b7 3024 <table width='100%' border='0'>
8c877a82
AM		 3025 <tr><form method='post'>
3026 <td width='10%' nowrap='nowrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
a9fb14d0 3027 <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' readonly='readonly' /></td></tr>
8c877a82
AM		 3028 <tr><td colspan='4' align='right'><hr><input type='submit' value='$Lang::tr{'save'}' /><input type='hidden' name='ACTION' value='editsave'/>
3029 <input type='hidden' name='ccdname' value='$cgiparams{'ccdname'}'/><input type='submit' value='$Lang::tr{'cancel'}' />
3030 </td></tr>
3031 </table></form>
3032END
3033;
3034 &Header::closebox();
3035
3036 &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
49abe7af 3037 print <<END;
8c877a82
AM		 3038 <table width='100%' border='0' cellpadding='0' cellspacing='1'>
3039 <tr>
3040 <td class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' width='15%' align='center'><b>$Lang::tr{'ccd used'}</td><td width='3%'></td><td width='3%'></td></tr>
3041END
3042;
3043}
3044else{
3045 if (! -e "/var/run/openvpn.pid"){
3046 &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd add'});
49abe7af 3047 print <<END;
8c877a82
AM		 3048 <table width='100%' border='0'>
3049 <tr><form method='post'>
3050 <td colspan='4'>$Lang::tr{'ccd hint'}<br><br></td></tr>
3051 <tr>
3052 <td width='10%' nowrap='nwrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
3053 <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' /></td></tr>
3054 <tr><td colspan=4><hr /></td></tr><tr>
3055 <td colspan='4' align='right'><input type='hidden' name='ACTION' value='$Lang::tr{'ccd add'}' /><input type='submit' value='$Lang::tr{'add'}' /><input type='hidden' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}'/></td></tr>
3056 </table></form>
3057END
66c36198 3058
8c877a82
AM		 3059 &Header::closebox();
3060}
3061 &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
5068ac38
AM		 3062 if ( -e "/var/run/openvpn.pid"){
3063 print "<b>$Lang::tr{'attention'}:</b><br>";
3064 print "$Lang::tr{'ccd noaddnet'}<br><hr>";
3065 }
66c36198 3066
4c962356 3067 print <<END;
99bfa85c 3068 <table width='100%' cellpadding='0' cellspacing='1'>
8c877a82
AM		 3069 <tr>
3070 <td class='boldbase' align='center' nowrap='nowrap' width='20%'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center' width='8%'><b>$Lang::tr{'network'}</td><td class='boldbase' width='8%' align='center' nowrap='nowrap'><b>$Lang::tr{'ccd used'}</td><td width='1%' align='center'></td><td width='1%' align='center'></td></tr>
3071END
3072;
3073}
66c36198
PM		 3074 my %ccdconfhash=();
3075 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
8c877a82
AM		 3076 my @ccdconf=();
3077 my $count=0;
df9b48b7 3078 foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
8c877a82
AM		 3079 @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
3080 $count++;
3081 my $ccdhosts = &hostsinnet($ccdconf[0]);
3082 if ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";}
3083 else{ print" <tr bgcolor='$color{'color20'}'>";}
3084 print"<td>$ccdconf[0]</td><td align='center'>$ccdconf[1]</td><td align='center'>$ccdhosts/".(&ccdmaxclients($ccdconf[1])+1)."</td><td>";
4c962356 3085 print <<END;
8c877a82 3086 <form method='post' />
1638682b 3087 <input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
8c877a82
AM		 3088 <input type='hidden' name='ACTION' value='edit'/>
3089 <input type='hidden' name='ccdname' value='$ccdconf[0]' />
3090 <input type='hidden' name='ccdsubnet' value='$ccdconf[1]' />
3091 </form></td>
3092 <form method='post' />
3093 <td><input type='hidden' name='ACTION' value='kill'/>
3094 <input type='hidden' name='number' value='$count' />
3095 <input type='hidden' name='net' value='$ccdconf[0]' />
1638682b 3096 <input type='image' src='/images/delete.gif' align='middle' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' /></form></td></tr>
8c877a82
AM		 3097END
3098;
66c36198 3099 }
8c877a82
AM		 3100 print "</table></form>";
3101 &Header::closebox();
3102 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
3103 &Header::closebigbox();
3104 &Header::closepage();
3105 exit(0);
66c36198 3106
8c877a82
AM		 3107#END CCD
3108
6e13d0a5
MT		 3109###
3110### Openvpn Connections Statistics
3111###
3112} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ovpn con stat'}) {
3113 &Header::showhttpheaders();
3114 &Header::openpage($Lang::tr{'ovpn con stat'}, 1, '');
3115 &Header::openbigbox('100%', 'LEFT', '', '');
3116 &Header::openbox('100%', 'LEFT', $Lang::tr{'ovpn con stat'});
3117
3118#
3119# <td><b>$Lang::tr{'protocol'}</b></td>
66c36198 3120# protocol temp removed
4c962356 3121 print <<END;
99bfa85c 3122 <table width='100%' cellpadding='2' cellspacing='0' class='tbl'>
6e13d0a5 3123 <tr>
99bfa85c
AM		 3124 <th><b>$Lang::tr{'common name'}</b></th>
3125 <th><b>$Lang::tr{'real address'}</b></th>
d8ef6a95 3126 <th><b>$Lang::tr{'country'}</b></th>
99bfa85c
AM		 3127 <th><b>$Lang::tr{'virtual address'}</b></th>
3128 <th><b>$Lang::tr{'loged in at'}</b></th>
3129 <th><b>$Lang::tr{'bytes sent'}</b></th>
3130 <th><b>$Lang::tr{'bytes received'}</b></th>
3131 <th><b>$Lang::tr{'last activity'}</b></th>
6e13d0a5
MT		 3132 </tr>
3133END
3134;
87fe47e9 3135 my $filename = "/var/run/ovpnserver.log";
6e13d0a5
MT		 3136 open(FILE, $filename) or die 'Unable to open config file.';
3137 my @current = <FILE>;
3138 close(FILE);
3139 my @users =();
3140 my $status;
3141 my $uid = 0;
3142 my $cn;
3143 my @match = ();
3144 my $proto = "udp";
3145 my $address;
3146 my %userlookup = ();
3147 foreach my $line (@current)
3148 {
3149 chomp($line);
3150 if ( $line =~ /^Updated,(.+)/){
66c36198 3151 @match = split( /^Updated,(.+)/, $line);
6e13d0a5
MT		 3152 $status = $match[1];
3153 }
66c36198 3154#gian
6e13d0a5
MT		 3155 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
3156 @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
3157 if ($match[1] ne "Common Name") {
3158 $cn = $match[1];
3159 $userlookup{$match[2]} = $uid;
3160 $users[$uid]{'CommonName'} = $match[1];
3161 $users[$uid]{'RealAddress'} = $match[2];
c6c9630e
MT		 3162 $users[$uid]{'BytesReceived'} = &sizeformat($match[3]);
3163 $users[$uid]{'BytesSent'} = &sizeformat($match[4]);
6e13d0a5
MT		 3164 $users[$uid]{'Since'} = $match[5];
3165 $users[$uid]{'Proto'} = $proto;
d8ef6a95
PM		 3166
3167 # get country code for "RealAddress"...
07e42be9 3168 my $ccode = &Location::Functions::lookup_country_code((split ':', $users[$uid]{'RealAddress'})[0]);
e2e270e1 3169 my $flag_icon = &Location::Functions::get_flag_icon($ccode);
d8ef6a95 3170 $users[$uid]{'Country'} = "<a href='country.cgi#$ccode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode' title='$ccode' /></a>";
6e13d0a5 3171 $uid++;
66c36198 3172 }
6e13d0a5
MT		 3173 }
3174 if ( $line =~ /^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/) {
3175 @match = split(m/^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/, $line);
3176 if ($match[1] ne "Virtual Address") {
3177 $address = $match[3];
3178 #find the uid in the lookup table
3179 $uid = $userlookup{$address};
3180 $users[$uid]{'VirtualAddress'} = $match[1];
3181 $users[$uid]{'LastRef'} = $match[4];
3182 }
3183 }
3184 }
3185 my $user2 = @users;
3186 if ($user2 >= 1){
99bfa85c 3187 for (my $idx = 1; $idx <= $user2; $idx++){
6e13d0a5 3188 if ($idx % 2) {
99bfa85c
AM		 3189 print "<tr>";
3190 $col="bgcolor='$color{'color22'}'";
3191 } else {
3192 print "<tr>";
3193 $col="bgcolor='$color{'color20'}'";
6e13d0a5 3194 }
99bfa85c
AM		 3195 print "<td align='left' $col>$users[$idx-1]{'CommonName'}</td>";
3196 print "<td align='left' $col>$users[$idx-1]{'RealAddress'}</td>";
d8ef6a95
PM		 3197 print "<td align='center' $col>$users[$idx-1]{'Country'}</td>";
3198 print "<td align='center' $col>$users[$idx-1]{'VirtualAddress'}</td>";
99bfa85c
AM		 3199 print "<td align='left' $col>$users[$idx-1]{'Since'}</td>";
3200 print "<td align='left' $col>$users[$idx-1]{'BytesSent'}</td>";
3201 print "<td align='left' $col>$users[$idx-1]{'BytesReceived'}</td>";
3202 print "<td align='left' $col>$users[$idx-1]{'LastRef'}</td>";
3203 }
3204 }
66c36198 3205
6e13d0a5 3206 print "</table>";
49abe7af 3207 print <<END;
6e13d0a5
MT		 3208 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
3209 <tr><td></td></tr>
3210 <tr><td></td></tr>
3211 <tr><td></td></tr>
3212 <tr><td></td></tr>
3213 <tr><td align='center' >$Lang::tr{'the statistics were last updated at'} <b>$status</b></td></tr>
3214 </table>
3215END
66c36198 3216;
6e13d0a5
MT		 3217 &Header::closebox();
3218 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
3219 &Header::closebigbox();
3220 &Header::closepage();
3221 exit(0);
3222
3223###
3224### Download Certificate
3225###
3226} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download certificate'}) {
3227 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 3228
6e13d0a5 3229 if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
c6c9630e
MT		 3230 print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\r\n";
3231 print "Content-Type: application/octet-stream\r\n\r\n";
2feacd98
SS		 3232
3233 open(FILE, "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
3234 my @tmp = <FILE>;
3235 close(FILE);
3236
3237 print "@tmp";
c6c9630e
MT		 3238 exit (0);
3239 }
3240
3241###
3242### Enable/Disable connection
3243###
ce9abb66 3244
c6c9630e 3245} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
66c36198 3246
c6c9630e
MT		 3247 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3248 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3249
3250 if ($confighash{$cgiparams{'KEY'}}) {
ce9abb66 3251 if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
c6c9630e
MT		 3252 $confighash{$cgiparams{'KEY'}}[0] = 'on';
3253 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3254 #&writeserverconf();
3255# if ($vpnsettings{'ENABLED'} eq 'on' ||
3256# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
3257# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
3258# }
3259 } else {
3260 $confighash{$cgiparams{'KEY'}}[0] = 'off';
3261# if ($vpnsettings{'ENABLED'} eq 'on' ||
3262# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
3263# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
3264# }
3265 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3266 #&writeserverconf();
3267 }
3268 } else {
3269 $errormessage = $Lang::tr{'invalid key'};
6e13d0a5
MT		 3270 }
3271
3272###
3273### Restart connection
3274###
3275} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'restart'}) {
3276 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3277 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3278
3279 if ($confighash{$cgiparams{'KEY'}}) {
c6c9630e
MT		 3280# if ($vpnsettings{'ENABLED'} eq 'on' ||
3281# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
3282# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
3283# }
6e13d0a5 3284 } else {
c6c9630e 3285 $errormessage = $Lang::tr{'invalid key'};
6e13d0a5
MT		 3286 }
3287
ce9abb66 3288###
7c1d9faf 3289# m.a.d net2net
ce9abb66
AH		 3290###
3291
3292} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') {
3293 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3294 &Header::showhttpheaders();
4c962356 3295 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
ce9abb66
AH		 3296 &Header::openbigbox('100%', 'LEFT', '', '');
3297 &Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'});
b278daf3
AH		 3298
3299if ( -s "${General::swroot}/ovpn/settings") {
3300
49abe7af 3301 print <<END;
ce9abb66 3302 <b>$Lang::tr{'connection type'}:</b><br />
8c877a82 3303 <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
ce9abb66
AH		 3304 <tr><td><input type='radio' name='TYPE' value='host' checked /></td>
3305 <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
3306 <tr><td><input type='radio' name='TYPE' value='net' /></td>
3307 <td class='base'>$Lang::tr{'net to net vpn'}</td></tr>
66c36198 3308 <tr><td><input type='radio' name='TYPE' value='net2net' /></td>
ce9abb66
AH		 3309 <td class='base'>$Lang::tr{'net to net vpn'} (Upload Client Package)</td></tr>
3310 <tr><td>&nbsp;</td><td class='base'><input type='file' name='FH' size='30'></td></tr>
e3edceeb 3311 <tr><td>&nbsp;</td><td>Import Connection Name</td></tr>
040b8b0c 3312 <tr><td>&nbsp;</td><td class='base'><input type='text' name='n2nname' size='30'>$Lang::tr{'openvpn default'}: Client Packagename</td></tr>
54fd0535 3313 <tr><td colspan='3'><hr /></td></tr>
8c877a82 3314 <tr><td align='right' colspan='3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
ce9abb66
AH		 3315 </form></table>
3316END
3317 ;
66c36198 3318
ce9abb66 3319
b278daf3 3320} else {
49abe7af 3321 print <<END;
b278daf3 3322 <b>$Lang::tr{'connection type'}:</b><br />
8c877a82 3323 <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
b278daf3 3324 <tr><td><input type='radio' name='TYPE' value='host' checked /></td> <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
8c877a82 3325 <tr><td align='right' colspan'3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
b278daf3
AH		 3326 </form></table>
3327END
3328 ;
3329
3330}
3331
ce9abb66 3332 &Header::closebox();
4c962356 3333 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
ce9abb66
AH		 3334 &Header::closebigbox();
3335 &Header::closepage();
3336 exit (0);
3337
3338###
7c1d9faf 3339# m.a.d net2net
ce9abb66
AH		 3340###
3341
3342} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2net')){
3343
3344 my @firen2nconf;
3345 my @confdetails;
3346 my $uplconffilename ='';
54fd0535 3347 my $uplconffilename2 ='';
ce9abb66 3348 my $uplp12name = '';
54fd0535 3349 my $uplp12name2 = '';
ce9abb66
AH		 3350 my @rem_subnet;
3351 my @rem_subnet2;
66c36198 3352 my @tmposupnet3;
ce9abb66 3353 my $key;
54fd0535 3354 my @n2nname;
ce9abb66 3355
66c36198 3356 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66 3357
2ad1b18b
MT		 3358 # Check if a file is uploaded
3359 unless (ref ($cgiparams{'FH'})) {
ce9abb66
AH		 3360 $errormessage = $Lang::tr{'there was no file upload'};
3361 goto N2N_ERROR;
3362 }
3363
3364# Move uploaded IPfire n2n package to temporary file
3365
3366 (my $fh, my $filename) = tempfile( );
3367 if (copy ($cgiparams{'FH'}, $fh) != 1) {
3368 $errormessage = $!;
3369 goto N2N_ERROR;
3370 }
3371
3372 my $zip = Archive::Zip->new();
3373 my $zipName = $filename;
3374 my $status = $zip->read( $zipName );
66c36198 3375 if ($status != AZ_OK) {
ce9abb66
AH		 3376 $errormessage = "Read of $zipName failed\n";
3377 goto N2N_ERROR;
3378 }
3379
3380 my $tempdir = tempdir( CLEANUP => 1 );
3381 my @files = $zip->memberNames();
3382 for(@files) {
3383 $zip->extractMemberWithoutPaths($_,"$tempdir/$_");
3384 }
3385 my $countfiles = @files;
3386
3387# Check if we have not more then 2 files
3388
3389 if ( $countfiles == 2){
3390 foreach (@files){
3391 if ( $_ =~ /.conf$/){
3392 $uplconffilename = $_;
3393 }
3394 if ( $_ =~ /.p12$/){
3395 $uplp12name = $_;
66c36198 3396 }
ce9abb66
AH		 3397 }
3398 if (($uplconffilename eq '') || ($uplp12name eq '')){
3399 $errormessage = "Either no *.conf or no *.p12 file found\n";
3400 goto N2N_ERROR;
3401 }
3402
3403 open(FILE, "$tempdir/$uplconffilename") or die 'Unable to open*.conf file';
3404 @firen2nconf = <FILE>;
3405 close (FILE);
3406 chomp(@firen2nconf);
ce9abb66
AH		 3407 } else {
3408
3409 $errormessage = "Filecount does not match only 2 files are allowed\n";
3410 goto N2N_ERROR;
3411 }
3412
7c1d9faf
AH		 3413###
3414# m.a.d net2net
ce9abb66 3415###
66c36198 3416
54fd0535
MT		 3417 if ($cgiparams{'n2nname'} ne ''){
3418
66c36198
PM		 3419 $uplconffilename2 = "$cgiparams{'n2nname'}.conf";
3420 $uplp12name2 = "$cgiparams{'n2nname'}.p12";
54fd0535
MT		 3421 $n2nname[0] = $cgiparams{'n2nname'};
3422 my @n2nname2 = split(/\./,$uplconffilename);
3423 $n2nname2[0] =~ s/\n|\r//g;
3424 my $input1 = "${General::swroot}/ovpn/certs/$uplp12name";
3425 my $output1 = "${General::swroot}/ovpn/certs/$uplp12name2";
3426 my $input2 = "$n2nname2[0]n2n";
3427 my $output2 = "$n2nname[0]n2n";
3428 my $filename = "$tempdir/$uplconffilename";
3429 open(FILE, "< $filename") or die 'Unable to open config file.';
3430 my @current = <FILE>;
3431 close(FILE);
3432 foreach (@current) {s/$input1/$output1/g;}
3433 foreach (@current) {s/$input2/$output2/g;}
3434 open (OUT, "> $filename") || die 'Unable to open config file.';
3435 print OUT @current;
3436 close OUT;
ce9abb66 3437
54fd0535
MT		 3438 }else{
3439 $uplconffilename2 = $uplconffilename;
3440 $uplp12name2 = $uplp12name;
3441 @n2nname = split(/\./,$uplconffilename);
ce9abb66 3442 $n2nname[0] =~ s/\n|\r//g;
66c36198 3443 }
7c1d9faf 3444 unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
66c36198 3445 unless(-d "${General::swroot}/ovpn/n2nconf/$n2nname[0]"){mkdir "${General::swroot}/ovpn/n2nconf/$n2nname[0]", 0770 or die "Unable to create dir $!";}
ce9abb66 3446
7dfcaef0
AM		 3447 #Add collectd settings to configfile
3448 open(FILE, ">> $tempdir/$uplconffilename") or die 'Unable to open config file.';
3449 print FILE "# Logfile\n";
3450 print FILE "status-version 1\n";
3451 print FILE "status /var/run/openvpn/$n2nname[0]-n2n 10\n";
3452 close FILE;
3453
cc79d281 3454 unless(move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2")) {
ce9abb66
AH		 3455 $errormessage = "*.conf move failed: $!";
3456 unlink ($filename);
3457 goto N2N_ERROR;
3458 }
66c36198 3459
cc79d281 3460 unless(move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name2")) {
ce9abb66
AH		 3461 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
3462 unlink ($filename);
3463 goto N2N_ERROR;
cc79d281
SS		 3464 }
3465
3466 chmod 0600, "${General::swroot}/ovpn/certs/$uplp12name";
66c36198 3467
ce9abb66 3468my $complzoactive;
d96c89eb 3469my $mssfixactive;
4c962356 3470my $authactive;
d96c89eb 3471my $n2nfragment;
60f396d7 3472my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
54fd0535 3473my @n2nproto = split(/-/, $n2nproto2[1]);
ce9abb66
AH		 3474my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]);
3475my @n2ntunmtu = split(/ /, (grep { /^tun-mtu/ } @firen2nconf)[0]);
3476my @n2ncomplzo = grep { /^comp-lzo/ } @firen2nconf;
66c36198 3477if ($n2ncomplzo[0] =~ /comp-lzo/){$complzoactive = "on";} else {$complzoactive = "off";}
d96c89eb
AH		 3478my @n2nmssfix = grep { /^mssfix/ } @firen2nconf;
3479if ($n2nmssfix[0] =~ /mssfix/){$mssfixactive = "on";} else {$mssfixactive = "off";}
54fd0535 3480#my @n2nmssfix = split(/ /, (grep { /^mssfix/ } @firen2nconf)[0]);
d96c89eb 3481my @n2nfragment = split(/ /, (grep { /^fragment/ } @firen2nconf)[0]);
ce9abb66
AH		 3482my @n2nremote = split(/ /, (grep { /^remote/ } @firen2nconf)[0]);
3483my @n2novpnsuball = split(/ /, (grep { /^ifconfig/ } @firen2nconf)[0]);
3484my @n2novpnsub = split(/\./,$n2novpnsuball[1]);
3485my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]);
54fd0535 3486my @n2nmgmt = split(/ /, (grep { /^management/ } @firen2nconf)[0]);
ce9abb66 3487my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]);
4c962356 3488my @n2ncipher = split(/ /, (grep { /^cipher/ } @firen2nconf)[0]);
f527e53f 3489my @n2nauth = split(/ /, (grep { /^auth/ } @firen2nconf)[0]);;
60f396d7 3490
ce9abb66
AH		 3491###
3492# m.a.d delete CR and LF from arrays for this chomp doesnt work
3493###
3494
ce9abb66 3495$n2nremote[1] =~ s/\n|\r//g;
ce9abb66
AH		 3496$n2novpnsub[0] =~ s/\n|\r//g;
3497$n2novpnsub[1] =~ s/\n|\r//g;
3498$n2novpnsub[2] =~ s/\n|\r//g;
60f396d7 3499$n2nproto[0] =~ s/\n|\r//g;
ce9abb66
AH		 3500$n2nport[1] =~ s/\n|\r//g;
3501$n2ntunmtu[1] =~ s/\n|\r//g;
3502$n2nremsub[1] =~ s/\n|\r//g;
b278daf3 3503$n2nremsub[2] =~ s/\n|\r//g;
ce9abb66 3504$n2nlocalsub[2] =~ s/\n|\r//g;
d96c89eb 3505$n2nfragment[1] =~ s/\n|\r//g;
54fd0535 3506$n2nmgmt[2] =~ s/\n|\r//g;
4c962356
EK		 3507$n2ncipher[1] =~ s/\n|\r//g;
3508$n2nauth[1] =~ s/\n|\r//g;
ce9abb66 3509chomp ($complzoactive);
d96c89eb 3510chomp ($mssfixactive);
ce9abb66
AH		 3511
3512###
7c1d9faf 3513# m.a.d net2net
ce9abb66
AH		 3514###
3515
3516###
3517# Check if there is no other entry with this name
3518###
3519
3520 foreach my $dkey (keys %confighash) {
3521 if ($confighash{$dkey}[1] eq $n2nname[0]) {
3522 $errormessage = $Lang::tr{'a connection with this name already exists'};
b278daf3
AH		 3523 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
3524 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
3525 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
66c36198 3526 goto N2N_ERROR;
ce9abb66
AH		 3527 }
3528 }
3529
d96c89eb
AH		 3530###
3531# Check if OpenVPN Subnet is valid
3532###
3533
3534foreach my $dkey (keys %confighash) {
3535 if ($confighash{$dkey}[27] eq "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0") {
3536 $errormessage = 'The OpenVPN Subnet is already in use';
b278daf3
AH		 3537 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
3538 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
3539 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
66c36198 3540 goto N2N_ERROR;
d96c89eb
AH		 3541 }
3542 }
3543
3544###
4c962356 3545# Check if Dest Port is vaild
d96c89eb
AH		 3546###
3547
3548foreach my $dkey (keys %confighash) {
3549 if ($confighash{$dkey}[29] eq $n2nport[1] ) {
3550 $errormessage = 'The OpenVPN Port is already in use';
b278daf3
AH		 3551 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
3552 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
3553 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
66c36198 3554 goto N2N_ERROR;
d96c89eb
AH		 3555 }
3556 }
66c36198
PM		 3557
3558
3559
ce9abb66
AH		 3560 $key = &General::findhasharraykey (\%confighash);
3561
49abe7af 3562 foreach my $i (0 .. 42) { $confighash{$key}[$i] = "";}
350f2980 3563
ce9abb66
AH		 3564 $confighash{$key}[0] = 'off';
3565 $confighash{$key}[1] = $n2nname[0];
66c36198 3566 $confighash{$key}[2] = $n2nname[0];
ce9abb66 3567 $confighash{$key}[3] = 'net';
66c36198
PM		 3568 $confighash{$key}[4] = 'cert';
3569 $confighash{$key}[6] = 'client';
ce9abb66 3570 $confighash{$key}[8] = $n2nlocalsub[2];
350f2980 3571 $confighash{$key}[10] = $n2nremote[1];
66c36198 3572 $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]";
54fd0535 3573 $confighash{$key}[22] = $n2nmgmt[2];
350f2980 3574 $confighash{$key}[23] = $mssfixactive;
d96c89eb 3575 $confighash{$key}[24] = $n2nfragment[1];
350f2980 3576 $confighash{$key}[25] = 'IPFire n2n Client';
ce9abb66 3577 $confighash{$key}[26] = 'red';
350f2980
SS		 3578 $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0";
3579 $confighash{$key}[28] = $n2nproto[0];
3580 $confighash{$key}[29] = $n2nport[1];
3581 $confighash{$key}[30] = $complzoactive;
3582 $confighash{$key}[31] = $n2ntunmtu[1];
4c962356
EK		 3583 $confighash{$key}[39] = $n2nauth[1];
3584 $confighash{$key}[40] = $n2ncipher[1];
49abe7af 3585 $confighash{$key}[41] = 'disabled';
ce9abb66
AH		 3586
3587 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
66c36198 3588
ce9abb66 3589 N2N_ERROR:
66c36198 3590
ce9abb66
AH		 3591 &Header::showhttpheaders();
3592 &Header::openpage('Validate imported configuration', 1, '');
3593 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
3594 if ($errormessage) {
3595 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
3596 print "<class name='base'>$errormessage";
3597 print "&nbsp;</class>";
66c36198 3598 &Header::closebox();
ce9abb66 3599
66c36198
PM		 3600 } else
3601 {
ce9abb66
AH		 3602 &Header::openbox('100%', 'LEFT', 'import ipfire net2net config');
3603 }
3604 if ($errormessage eq ''){
49abe7af 3605 print <<END;
ce9abb66
AH		 3606 <!-- ipfire net2net config gui -->
3607 <table width='100%'>
3608 <tr><td width='25%'>&nbsp;</td><td width='25%'>&nbsp;</td></tr>
3609 <tr><td class='boldbase'>$Lang::tr{'name'}:</td><td><b>$n2nname[0]</b></td></tr>
66c36198
PM		 3610 <tr><td>&nbsp;</td><td>&nbsp;</td></tr>
3611 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td><td><b>$confighash{$key}[6]</b></td></tr>
ce9abb66
AH		 3612 <tr><td class='boldbase' nowrap='nowrap'>Remote Host </td><td><b>$confighash{$key}[10]</b></td></tr>
3613 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td><td><b>$confighash{$key}[8]</b></td></tr>
4c962356 3614 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}:</td><td><b>$confighash{$key}[11]</b></td></tr>
ce9abb66
AH		 3615 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td><td><b>$confighash{$key}[27]</b></td></tr>
3616 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td><td><b>$confighash{$key}[28]</b></td></tr>
3617 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'destination port'}:</td><td><b>$confighash{$key}[29]</b></td></tr>
3618 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td><td><b>$confighash{$key}[30]</b></td></tr>
4c962356
EK		 3619 <tr><td class='boldbase' nowrap='nowrap'>MSSFIX:</td><td><b>$confighash{$key}[23]</b></td></tr>
3620 <tr><td class='boldbase' nowrap='nowrap'>Fragment:</td><td><b>$confighash{$key}[24]</b></td></tr>
ce9abb66 3621 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
54fd0535 3622 <tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr>
0c4ffc69 3623 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn tls auth'}:</td><td><b>$confighash{$key}[39]</b></td></tr>
4c962356 3624 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td><td><b>$confighash{$key}[40]</b></td></tr>
66c36198 3625 <tr><td>&nbsp;</td><td>&nbsp;</td></tr>
ce9abb66
AH		 3626 </table>
3627END
66c36198 3628;
ce9abb66
AH		 3629 &Header::closebox();
3630 }
3631
3632 if ($errormessage) {
3633 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
66c36198
PM		 3634 } else {
3635 print "<div align='center'><form method='post' ENCTYPE='multipart/form-data'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' />";
ce9abb66 3636 print "<input type='hidden' name='TYPE' value='net2netakn' />";
66c36198 3637 print "<input type='hidden' name='KEY' value='$key' />";
ce9abb66 3638 print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>";
66c36198 3639 }
ce9abb66
AH		 3640 &Header::closebigbox();
3641 &Header::closepage();
4c962356 3642 exit(0);
ce9abb66
AH		 3643
3644
3645##
3646### Accept IPFire n2n Package Settings
3647###
3648
3649 } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){
3650
3651###
3652### Discard and Rollback IPFire n2n Package Settings
3653###
3654
3655 } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'cancel'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){
66c36198 3656
ce9abb66
AH		 3657 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3658
3659if ($confighash{$cgiparams{'KEY'}}) {
3660
3661 my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
3662 my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
3663 unlink ($certfile) or die "Removing $certfile fail: $!";
3664 unlink ($conffile) or die "Removing $conffile fail: $!";
3665 rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
3666 delete $confighash{$cgiparams{'KEY'}};
66c36198 3667 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66
AH		 3668
3669 } else {
3670 $errormessage = $Lang::tr{'invalid key'};
66c36198
PM		 3671 }
3672
ce9abb66
AH		 3673
3674###
7c1d9faf 3675# m.a.d net2net
ce9abb66
AH		 3676###
3677
3678
3679###
3680### Adding a new connection
3681###
6e13d0a5
MT		 3682} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) ||
3683 ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) ||
3684 ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) {
66c36198 3685
6e13d0a5
MT		 3686 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3687 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
3688 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3689
3690 if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
8c877a82
AM		 3691 if (! $confighash{$cgiparams{'KEY'}}[0]) {
3692 $errormessage = $Lang::tr{'invalid key'};
3693 goto VPNCONF_END;
3694 }
4c962356
EK		 3695 $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0];
3696 $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1];
3697 $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
3698 $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
3699 $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
3700 $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6];
3701 $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
3702 $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10];
8c877a82 3703 $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
4c962356
EK		 3704 $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22];
3705 $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23];
3706 $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24];
3707 $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25];
3708 $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
3709 $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27];
3710 $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28];
3711 $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29];
3712 $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30];
3713 $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31];
3714 $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32];
df9b48b7 3715 $name=$cgiparams{'CHECK1'} ;
4c962356
EK		 3716 $cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33];
3717 $cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34];
3718 $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35];
3719 $cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36];
3720 $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37];
4c962356
EK		 3721 $cgiparams{'DAUTH'} = $confighash{$cgiparams{'KEY'}}[39];
3722 $cgiparams{'DCIPHER'} = $confighash{$cgiparams{'KEY'}}[40];
49abe7af 3723 $cgiparams{'TLSAUTH'} = $confighash{$cgiparams{'KEY'}}[41];
e1e10515 3724 $cgiparams{'OTP_STATE'} = $confighash{$cgiparams{'KEY'}}[43];
8c877a82 3725 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
c6c9630e 3726 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
66c36198 3727
8c877a82 3728#A.Marx CCD check iroute field and convert it to decimal
52d08bcb 3729if ($cgiparams{'TYPE'} eq 'host') {
8c877a82
AM		 3730 my @temp=();
3731 my %ccdroutehash=();
3732 my $keypoint=0;
5068ac38
AM		 3733 my $ip;
3734 my $cidr;
8c877a82
AM		 3735 if ($cgiparams{'IR'} ne ''){
3736 @temp = split("\n",$cgiparams{'IR'});
3737 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3738 #find key to use
3739 foreach my $key (keys %ccdroutehash) {
3740 if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) {
3741 $keypoint=$key;
3742 delete $ccdroutehash{$key};
3743 }else{
3744 $keypoint = &General::findhasharraykey (\%ccdroutehash);
3745 }
3746 }
3747 $ccdroutehash{$keypoint}[0]=$cgiparams{'NAME'};
3748 my $i=1;
3749 my $val=0;
3750 foreach $val (@temp){
3751 chomp($val);
66c36198 3752 $val=~s/\s*$//g;
5068ac38 3753 #check if iroute exists in ccdroute or if new iroute is part of an existing one
8c877a82
AM		 3754 foreach my $key (keys %ccdroutehash) {
3755 foreach my $oldiroute ( 1 .. $#{$ccdroutehash{$key}}){
5068ac38
AM		 3756 if ($ccdroutehash{$key}[$oldiroute] eq "$val") {
3757 $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
3758 goto VPNCONF_ERROR;
3759 }
3760 my ($ip1,$cidr1) = split (/\//, $val);
82c809c7 3761 $ip1 = &General::getnetworkip($ip1,&General::iporsubtocidr($cidr1));
5068ac38
AM		 3762 my ($ip2,$cidr2) = split (/\//, $ccdroutehash{$key}[$oldiroute]);
3763 if (&General::IpInSubnet ($ip1,$ip2,$cidr2)){
3764 $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
3765 goto VPNCONF_ERROR;
66c36198
PM		 3766 }
3767
8c877a82
AM		 3768 }
3769 }
5068ac38
AM		 3770 if (!&General::validipandmask($val)){
3771 $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
3772 goto VPNCONF_ERROR;
3773 }else{
3774 ($ip,$cidr) = split(/\//,$val);
3775 $ip=&General::getnetworkip($ip,&General::iporsubtocidr($cidr));
3776 $cidr=&General::iporsubtodec($cidr);
3777 $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
66c36198 3778
5068ac38 3779 }
66c36198 3780
8c877a82 3781 #check for existing network IP's
52d08bcb
AM		 3782 if (&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0')
3783 {
3784 $errormessage=$Lang::tr{'ccd err green'};
3785 goto VPNCONF_ERROR;
3786 }elsif(&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0')
3787 {
3788 $errormessage=$Lang::tr{'ccd err red'};
3789 goto VPNCONF_ERROR;
3790 }elsif(&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '')
3791 {
3792 $errormessage=$Lang::tr{'ccd err blue'};
3793 goto VPNCONF_ERROR;
3794 }elsif(&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' )
3795 {
3796 $errormessage=$Lang::tr{'ccd err orange'};
8c877a82
AM		 3797 goto VPNCONF_ERROR;
3798 }
66c36198 3799
8c877a82
AM		 3800 if (&General::validipandmask($val)){
3801 $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
3802 }else{
3803 $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($ip/$cidr)";
3804 goto VPNCONF_ERROR;
3805 }
3806 $i++;
3807 }
3808 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3809 &writeserverconf;
3810 }else{
3811 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3812 foreach my $key (keys %ccdroutehash) {
3813 if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) {
3814 delete $ccdroutehash{$key};
3815 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3816 &writeserverconf;
3817 }
66c36198 3818 }
8c877a82
AM		 3819 }
3820 undef @temp;
3821 #check route field and convert it to decimal
8c877a82
AM		 3822 my $val=0;
3823 my $i=1;
8c877a82 3824 &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
52d08bcb
AM		 3825 #find key to use
3826 foreach my $key (keys %ccdroute2hash) {
3827 if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) {
3828 $keypoint=$key;
3829 delete $ccdroute2hash{$key};
3830 }else{
3831 $keypoint = &General::findhasharraykey (\%ccdroute2hash);
3832 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3833 &writeserverconf;
8c877a82 3834 }
52d08bcb
AM		 3835 }
3836 $ccdroute2hash{$keypoint}[0]=$cgiparams{'NAME'};
3837 if ($cgiparams{'IFROUTE'} eq ''){$cgiparams{'IFROUTE'} = $Lang::tr{'ccd none'};}
3838 @temp = split(/\|/,$cgiparams{'IFROUTE'});
3839 my %ownnet=();
3840 &General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
3841 foreach $val (@temp){
3842 chomp($val);
66c36198 3843 $val=~s/\s*$//g;
52d08bcb
AM		 3844 if ($val eq $Lang::tr{'green'})
3845 {
3846 $val=$ownnet{GREEN_NETADDRESS}."/".$ownnet{GREEN_NETMASK};
3847 }
3848 if ($val eq $Lang::tr{'blue'})
3849 {
3850 $val=$ownnet{BLUE_NETADDRESS}."/".$ownnet{BLUE_NETMASK};
3851 }
3852 if ($val eq $Lang::tr{'orange'})
3853 {
3854 $val=$ownnet{ORANGE_NETADDRESS}."/".$ownnet{ORANGE_NETMASK};
3855 }
3856 my ($ip,$cidr) = split (/\//, $val);
66c36198 3857
52d08bcb 3858 if ($val ne $Lang::tr{'ccd none'})
66c36198 3859 {
8c877a82
AM		 3860 if (! &check_routes_push($val)){$errormessage=$errormessage."Route $val ".$Lang::tr{'ccd err routeovpn2'}." ($val)";goto VPNCONF_ERROR;}
3861 if (! &check_ccdroute($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err inuse'}." ($val)" ;goto VPNCONF_ERROR;}
3862 if (! &check_ccdconf($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err routeovpn'}." ($val)";goto VPNCONF_ERROR;}
3863 if (&General::validipandmask($val)){
3864 $val=$ip."/".&General::iporsubtodec($cidr);
3865 $ccdroute2hash{$keypoint}[$i] = $val;
3866 }else{
3867 $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
3868 goto VPNCONF_ERROR;
3869 }
52d08bcb
AM		 3870 }else{
3871 $ccdroute2hash{$keypoint}[$i]='';
3872 }
3873 $i++;
66c36198 3874 }
52d08bcb
AM		 3875 &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
3876
8c877a82
AM		 3877 #check dns1 ip
3878 if ($cgiparams{'CCD_DNS1'} ne '' && ! &General::validip($cgiparams{'CCD_DNS1'})) {
3879 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 1";
3880 goto VPNCONF_ERROR;
3881 }
3882 #check dns2 ip
3883 if ($cgiparams{'CCD_DNS2'} ne '' && ! &General::validip($cgiparams{'CCD_DNS2'})) {
3884 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 2";
3885 goto VPNCONF_ERROR;
3886 }
3887 #check wins ip
3888 if ($cgiparams{'CCD_WINS'} ne '' && ! &General::validip($cgiparams{'CCD_WINS'})) {
3889 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp wins'};
3890 goto VPNCONF_ERROR;
3891 }
52d08bcb 3892}
8c877a82
AM		 3893
3894#CCD End
52d08bcb 3895
66c36198 3896
73735ad9
EK		 3897 if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
3898 $errormessage = $Lang::tr{'connection type is invalid'};
3899 if ($cgiparams{'TYPE'} eq 'net') {
3900 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3901 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3902 goto VPNCONF_ERROR;
3903 }
3904 goto VPNCONF_ERROR;
c6c9630e
MT		 3905 }
3906
c6c9630e 3907 if ($cgiparams{'NAME'} !~ /^[a-zA-Z0-9]+$/) {
73735ad9
EK		 3908 $errormessage = $Lang::tr{'name must only contain characters'};
3909 if ($cgiparams{'TYPE'} eq 'net') {
3910 goto VPNCONF_ERROR;
3911 }
3912 goto VPNCONF_ERROR;
3913 }
c6c9630e
MT		 3914
3915 if ($cgiparams{'NAME'} =~ /^(host|01|block|private|clear|packetdefault)$/) {
73735ad9
EK		 3916 $errormessage = $Lang::tr{'name is invalid'};
3917 if ($cgiparams{'TYPE'} eq 'net') {
3918 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3919 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3920 goto VPNCONF_ERROR;
3921 }
3922 goto VPNCONF_ERROR;
c6c9630e
MT		 3923 }
3924
3925 if (length($cgiparams{'NAME'}) >60) {
73735ad9
EK		 3926 $errormessage = $Lang::tr{'name too long'};
3927 if ($cgiparams{'TYPE'} eq 'net') {
3928 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3929 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3930 goto VPNCONF_ERROR;
3931 }
3932 goto VPNCONF_ERROR;
c6c9630e
MT		 3933 }
3934
d96c89eb 3935###
7c1d9faf 3936# m.a.d net2net
d96c89eb
AH		 3937###
3938
7c1d9faf 3939if ($cgiparams{'TYPE'} eq 'net') {
ab4cf06c 3940 if ($cgiparams{'DEST_PORT'} eq $vpnsettings{'DDEST_PORT'}) {
cd0c0a0d 3941 $errormessage = $Lang::tr{'openvpn destination port used'};
b278daf3
AH		 3942 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3943 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
66c36198 3944 goto VPNCONF_ERROR;
d96c89eb 3945 }
ab4cf06c
AM		 3946 #Bugfix 10357
3947 foreach my $key (sort keys %confighash){
3948 if ( ($confighash{$key}[22] eq $cgiparams{'DEST_PORT'} && $cgiparams{'NAME'} ne $confighash{$key}[1]) || ($confighash{$key}[29] eq $cgiparams{'DEST_PORT'} && $cgiparams{'NAME'} ne $confighash{$key}[1])){
54fd0535
MT		 3949 $errormessage = $Lang::tr{'openvpn destination port used'};
3950 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3951 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
66c36198 3952 goto VPNCONF_ERROR;
ab4cf06c
AM		 3953 }
3954 }
3955 if ($cgiparams{'DEST_PORT'} eq '') {
3956 $errormessage = $Lang::tr{'invalid port'};
3957 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3958 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
66c36198 3959 goto VPNCONF_ERROR;
54fd0535 3960 }
d96c89eb 3961
f48074ba
SS		 3962 # Check if the input for the transfer net is valid.
3963 if (!&General::validipandmask($cgiparams{'OVPN_SUBNET'})){
3964 $errormessage = $Lang::tr{'ccd err invalidnet'};
3965 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3966 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3967 goto VPNCONF_ERROR;
3968 }
3969
d96c89eb 3970 if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) {
cd0c0a0d 3971 $errormessage = $Lang::tr{'openvpn subnet is used'};
b278daf3
AH		 3972 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3973 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
66c36198 3974 goto VPNCONF_ERROR;
d96c89eb
AH		 3975 }
3976
3977 if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'MSSFIX'} eq 'on')) {
cd0c0a0d 3978 $errormessage = $Lang::tr{'openvpn mssfix allowed with udp'};
b278daf3
AH		 3979 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3980 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
d96c89eb
AH		 3981 goto VPNCONF_ERROR;
3982 }
66c36198 3983
d96c89eb 3984 if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'FRAGMENT'} ne '')) {
cd0c0a0d 3985 $errormessage = $Lang::tr{'openvpn fragment allowed with udp'};
b278daf3
AH		 3986 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3987 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
d96c89eb
AH		 3988 goto VPNCONF_ERROR;
3989 }
d96c89eb 3990
7c1d9faf 3991 if ( &validdotmask ($cgiparams{'LOCAL_SUBNET'})) {
cd0c0a0d 3992 $errormessage = $Lang::tr{'openvpn prefix local subnet'};
b278daf3
AH		 3993 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3994 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3995 goto VPNCONF_ERROR;
66c36198
PM		 3996 }
3997
7c1d9faf 3998 if ( &validdotmask ($cgiparams{'OVPN_SUBNET'})) {
cd0c0a0d 3999 $errormessage = $Lang::tr{'openvpn prefix openvpn subnet'};
b278daf3
AH		 4000 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
4001 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
4002 goto VPNCONF_ERROR;
66c36198
PM		 4003 }
4004
7c1d9faf 4005 if ( &validdotmask ($cgiparams{'REMOTE_SUBNET'})) {
cd0c0a0d 4006 $errormessage = $Lang::tr{'openvpn prefix remote subnet'};
b278daf3
AH		 4007 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
4008 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
4009 goto VPNCONF_ERROR;
8c252e6a 4010 }
66c36198 4011
8c252e6a
EK		 4012 if ($cgiparams{'DEST_PORT'} <= 1023) {
4013 $errormessage = $Lang::tr{'ovpn port in root range'};
4014 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
4015 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
4016 goto VPNCONF_ERROR;
4017 }
54fd0535 4018
4c962356 4019 if ($cgiparams{'OVPN_MGMT'} eq '') {
66c36198 4020 $cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'};
8c252e6a 4021 }
66c36198 4022
8c252e6a
EK		 4023 if ($cgiparams{'OVPN_MGMT'} <= 1023) {
4024 $errormessage = $Lang::tr{'ovpn mgmt in root range'};
4025 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
4026 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
4027 goto VPNCONF_ERROR;
b2e75449
MT		 4028 }
4029 #Check if remote subnet is used elsewhere
4030 my ($n2nip,$n2nsub)=split("/",$cgiparams{'REMOTE_SUBNET'});
4031 $warnmessage=&General::checksubnets('',$n2nip,'ovpn');
4032 if ($warnmessage){
4033 $warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage;
4034 }
7c1d9faf 4035}
d96c89eb 4036
ce9abb66
AH		 4037# if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
4038# $errormessage = $Lang::tr{'ipfire side is invalid'};
4039# goto VPNCONF_ERROR;
4040# }
4041
c6c9630e
MT		 4042 # Check if there is no other entry with this name
4043 if (! $cgiparams{'KEY'}) {
4044 foreach my $key (keys %confighash) {
4045 if ($confighash{$key}[1] eq $cgiparams{'NAME'}) {
4046 $errormessage = $Lang::tr{'a connection with this name already exists'};
b278daf3
AH		 4047 if ($cgiparams{'TYPE'} eq 'net') {
4048 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
4049 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
4050 }
c6c9630e 4051 goto VPNCONF_ERROR;
6e13d0a5 4052 }
c6c9630e
MT		 4053 }
4054 }
4055
c125d8a2 4056 # Check if a remote host/IP has been set for the client.
86228a56
MT		 4057 if ($cgiparams{'TYPE'} eq 'net') {
4058 if ($cgiparams{'SIDE'} ne 'server' && $cgiparams{'REMOTE'} eq '') {
4059 $errormessage = $Lang::tr{'invalid input for remote host/ip'};
c125d8a2 4060
86228a56
MT		 4061 # Check if this is a N2N connection and drop temporary config.
4062 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
4063 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
ce9abb66 4064
86228a56
MT		 4065 goto VPNCONF_ERROR;
4066 }
c125d8a2 4067
86228a56
MT		 4068 # Check if a remote host/IP has been configured - the field can be empty on the server side.
4069 if ($cgiparams{'REMOTE'} ne '') {
4070 # Check if the given IP is valid - otherwise check if it is a valid domain.
4071 if (! &General::validip($cgiparams{'REMOTE'})) {
4072 # Check for a valid domain.
4073 if (! &General::validfqdn ($cgiparams{'REMOTE'})) {
4074 $errormessage = $Lang::tr{'invalid input for remote host/ip'};
c125d8a2 4075
86228a56
MT		 4076 # Check if this is a N2N connection and drop temporary config.
4077 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
4078 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
c125d8a2 4079
86228a56
MT		 4080 goto VPNCONF_ERROR;
4081 }
4082 }
6e13d0a5 4083 }
c6c9630e 4084 }
c125d8a2 4085
c6c9630e
MT		 4086 if ($cgiparams{'TYPE'} ne 'host') {
4087 unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) {
66c36198 4088 $errormessage = $Lang::tr{'local subnet is invalid'};
b278daf3
AH		 4089 if ($cgiparams{'TYPE'} eq 'net') {
4090 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
4091 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
4092 }
c6c9630e
MT		 4093 goto VPNCONF_ERROR;}
4094 }
4095 # Check if there is no other entry without IP-address and PSK
4096 if ($cgiparams{'REMOTE'} eq '') {
4097 foreach my $key (keys %confighash) {
66c36198
PM		 4098 if(($cgiparams{'KEY'} ne $key) &&
4099 ($confighash{$key}[4] eq 'psk' || $cgiparams{'AUTH'} eq 'psk') &&
c6c9630e
MT		 4100 $confighash{$key}[10] eq '') {
4101 $errormessage = $Lang::tr{'you can only define one roadwarrior connection when using pre-shared key authentication'};
4102 goto VPNCONF_ERROR;
6e13d0a5 4103 }
c6c9630e
MT		 4104 }
4105 }
ce9abb66
AH		 4106 if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) {
4107 $errormessage = $Lang::tr{'remote subnet is invalid'};
b278daf3
AH		 4108 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
4109 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
4110 goto VPNCONF_ERROR;
ce9abb66 4111 }
c6c9630e 4112
425465ed
EK		 4113 # Check for N2N that OpenSSL maximum of valid days will not be exceeded
4114 if ($cgiparams{'TYPE'} eq 'net') {
4115 if ($cgiparams{'DAYS_VALID'} >= '999999') {
4116 $errormessage = $Lang::tr{'invalid input for valid till days'};
4117 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
4118 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
4119 goto VPNCONF_ERROR;
4120 }
4121 }
4122
c6c9630e
MT		 4123 if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
4124 $errormessage = $Lang::tr{'invalid input'};
4125 goto VPNCONF_ERROR;
4126 }
4127 if ($cgiparams{'EDIT_ADVANCED'} !~ /^(on|off)$/) {
4128 $errormessage = $Lang::tr{'invalid input'};
4129 goto VPNCONF_ERROR;
4130 }
4131
4132#fixplausi
4133 if ($cgiparams{'AUTH'} eq 'psk') {
4134# if (! length($cgiparams{'PSK'}) ) {
4135# $errormessage = $Lang::tr{'pre-shared key is too short'};
4136# goto VPNCONF_ERROR;
4137# }
4138# if ($cgiparams{'PSK'} =~ /['",&]/) {
4139# $errormessage = $Lang::tr{'invalid characters found in pre-shared key'};
4140# goto VPNCONF_ERROR;
4141# }
4142 } elsif ($cgiparams{'AUTH'} eq 'certreq') {
4143 if ($cgiparams{'KEY'}) {
4144 $errormessage = $Lang::tr{'cant change certificates'};
4145 goto VPNCONF_ERROR;
4146 }
2ad1b18b 4147 unless (ref ($cgiparams{'FH'})) {
c6c9630e
MT		 4148 $errormessage = $Lang::tr{'there was no file upload'};
4149 goto VPNCONF_ERROR;
4150 }
4151
4152 # Move uploaded certificate request to a temporary file
4153 (my $fh, my $filename) = tempfile( );
4154 if (copy ($cgiparams{'FH'}, $fh) != 1) {
4155 $errormessage = $!;
4156 goto VPNCONF_ERROR;
4157 }
6e13d0a5 4158
c6c9630e
MT		 4159 # Sign the certificate request and move it
4160 # Sign the host certificate request
2feacd98 4161 # The system call is safe, because all arguments are passed as an array.
f6e12093 4162 system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
c6c9630e
MT		 4163 '-batch', '-notext',
4164 '-in', $filename,
4165 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
4166 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf");
4167 if ($?) {
4168 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
4169 unlink ($filename);
4170 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4171 &newcleanssldatabase();
4172 goto VPNCONF_ERROR;
4173 } else {
4174 unlink ($filename);
4175 &deletebackupcert();
4176 }
4177
2feacd98
SS		 4178 my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4179 my $temp;
4180
4181 foreach my $line (@temp) {
4182 if ($line =~ /Subject:.*CN\s?=\s?(.*)[\n]/) {
4183 $temp = $1;
4184 $temp =~ s+/Email+, E+;
4185 $temp =~ s/ ST=/ S=/;
4186
4187 last;
4188 }
4189 }
66c36198 4190
c6c9630e
MT		 4191 $cgiparams{'CERT_NAME'} = $temp;
4192 $cgiparams{'CERT_NAME'} =~ s/,//g;
4193 $cgiparams{'CERT_NAME'} =~ s/\'//g;
4194 if ($cgiparams{'CERT_NAME'} eq '') {
4195 $errormessage = $Lang::tr{'could not retrieve common name from certificate'};
4196 goto VPNCONF_ERROR;
4197 }
4198 } elsif ($cgiparams{'AUTH'} eq 'certfile') {
4199 if ($cgiparams{'KEY'}) {
4200 $errormessage = $Lang::tr{'cant change certificates'};
4201 goto VPNCONF_ERROR;
4202 }
2ad1b18b 4203 unless (ref ($cgiparams{'FH'})) {
c6c9630e
MT		 4204 $errormessage = $Lang::tr{'there was no file upload'};
4205 goto VPNCONF_ERROR;
4206 }
4207 # Move uploaded certificate to a temporary file
4208 (my $fh, my $filename) = tempfile( );
4209 if (copy ($cgiparams{'FH'}, $fh) != 1) {
4210 $errormessage = $!;
4211 goto VPNCONF_ERROR;
4212 }
4213
4214 # Verify the certificate has a valid CA and move it
4215 my $validca = 0;
2feacd98
SS		 4216 my @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/cacert.pem", "$filename");
4217 if (grep(/: OK/, @test)) {
c6c9630e
MT		 4218 $validca = 1;
4219 } else {
4220 foreach my $key (keys %cahash) {
2feacd98
SS		 4221 @test = &General::system_output("/usr/bin/openssl", "verify", "-CAfile", "${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem", "$filename");
4222 if (grep(/: OK/, @test)) {
c6c9630e
MT		 4223 $validca = 1;
4224 }
6e13d0a5 4225 }
c6c9630e
MT		 4226 }
4227 if (! $validca) {
4228 $errormessage = $Lang::tr{'certificate does not have a valid ca associated with it'};
4229 unlink ($filename);
4230 goto VPNCONF_ERROR;
4231 } else {
cc79d281 4232 unless(move($filename, "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem")) {
c6c9630e
MT		 4233 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
4234 unlink ($filename);
4235 goto VPNCONF_ERROR;
6e13d0a5 4236 }
c6c9630e
MT		 4237 }
4238
2feacd98
SS		 4239 my @temp = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4240 my $temp;
4241
4242 foreach my $line (@temp) {
4243 if ($line =~ /Subject:.*CN\s?=\s?(.*)[\n]/) {
4244 $temp = $1;
4245 $temp =~ s+/Email+, E+;
4246 $temp =~ s/ ST=/ S=/;
4247
4248 last;
4249 }
4250 }
4251
c6c9630e
MT		 4252 $cgiparams{'CERT_NAME'} = $temp;
4253 $cgiparams{'CERT_NAME'} =~ s/,//g;
4254 $cgiparams{'CERT_NAME'} =~ s/\'//g;
4255 if ($cgiparams{'CERT_NAME'} eq '') {
4256 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4257 $errormessage = $Lang::tr{'could not retrieve common name from certificate'};
4258 goto VPNCONF_ERROR;
4259 }
4260 } elsif ($cgiparams{'AUTH'} eq 'certgen') {
4261 if ($cgiparams{'KEY'}) {
4262 $errormessage = $Lang::tr{'cant change certificates'};
4263 goto VPNCONF_ERROR;
4264 }
4265 # Validate input since the form was submitted
4266 if (length($cgiparams{'CERT_NAME'}) >60) {
4267 $errormessage = $Lang::tr{'name too long'};
4268 goto VPNCONF_ERROR;
4269 }
194314b2 4270 if ($cgiparams{'CERT_NAME'} eq '' || $cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
c6c9630e
MT		 4271 $errormessage = $Lang::tr{'invalid input for name'};
4272 goto VPNCONF_ERROR;
4273 }
4274 if ($cgiparams{'CERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'CERT_EMAIL'}))) {
4275 $errormessage = $Lang::tr{'invalid input for e-mail address'};
4276 goto VPNCONF_ERROR;
4277 }
4278 if (length($cgiparams{'CERT_EMAIL'}) > 40) {
4279 $errormessage = $Lang::tr{'e-mail address too long'};
4280 goto VPNCONF_ERROR;
4281 }
4282 if ($cgiparams{'CERT_OU'} ne '' && $cgiparams{'CERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
4283 $errormessage = $Lang::tr{'invalid input for department'};
4284 goto VPNCONF_ERROR;
4285 }
4286 if (length($cgiparams{'CERT_ORGANIZATION'}) >60) {
4287 $errormessage = $Lang::tr{'organization too long'};
4288 goto VPNCONF_ERROR;
4289 }
4290 if ($cgiparams{'CERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
4291 $errormessage = $Lang::tr{'invalid input for organization'};
4292 goto VPNCONF_ERROR;
4293 }
4294 if ($cgiparams{'CERT_CITY'} ne '' && $cgiparams{'CERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
4295 $errormessage = $Lang::tr{'invalid input for city'};
4296 goto VPNCONF_ERROR;
4297 }
4298 if ($cgiparams{'CERT_STATE'} ne '' && $cgiparams{'CERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
4299 $errormessage = $Lang::tr{'invalid input for state or province'};
4300 goto VPNCONF_ERROR;
4301 }
4302 if ($cgiparams{'CERT_COUNTRY'} !~ /^[A-Z]*$/) {
4303 $errormessage = $Lang::tr{'invalid input for country'};
4304 goto VPNCONF_ERROR;
4305 }
4306 if ($cgiparams{'CERT_PASS1'} ne '' && $cgiparams{'CERT_PASS2'} ne ''){
4307 if (length($cgiparams{'CERT_PASS1'}) < 5) {
4308 $errormessage = $Lang::tr{'password too short'};
4309 goto VPNCONF_ERROR;
6e13d0a5 4310 }
66c36198 4311 }
c6c9630e
MT		 4312 if ($cgiparams{'CERT_PASS1'} ne $cgiparams{'CERT_PASS2'}) {
4313 $errormessage = $Lang::tr{'passwords do not match'};
4314 goto VPNCONF_ERROR;
4315 }
425465ed 4316 if ($cgiparams{'DAYS_VALID'} eq '' && $cgiparams{'DAYS_VALID'} !~ /^[0-9]+$/) {
f4fbb935
EK		 4317 $errormessage = $Lang::tr{'invalid input for valid till days'};
4318 goto VPNCONF_ERROR;
4319 }
c6c9630e 4320
425465ed
EK		 4321 # Check for RW that OpenSSL maximum of valid days will not be exceeded
4322 if ($cgiparams{'TYPE'} eq 'host') {
4323 if ($cgiparams{'DAYS_VALID'} >= '999999') {
4324 $errormessage = $Lang::tr{'invalid input for valid till days'};
4325 goto VPNCONF_ERROR;
4326 }
4327 }
4328
beac479f
EK		 4329 # Check for RW if client name is already set
4330 if ($cgiparams{'TYPE'} eq 'host') {
4331 foreach my $key (keys %confighash) {
4332 if ($confighash{$key}[1] eq $cgiparams{'NAME'}) {
4333 $errormessage = $Lang::tr{'a connection with this name already exists'};
4334 goto VPNCONF_ERROR;
4335 }
4336 }
4337 }
4338
c6c9630e
MT		 4339 # Replace empty strings with a .
4340 (my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./;
4341 (my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./;
4342 (my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/\./;
4343
4344 # Create the Host certificate request client
4345 my $pid = open(OPENSSL, "|-");
4346 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto VPNCONF_ERROR;};
4347 if ($pid) { # parent
4348 print OPENSSL "$cgiparams{'CERT_COUNTRY'}\n";
4349 print OPENSSL "$state\n";
4350 print OPENSSL "$city\n";
4351 print OPENSSL "$cgiparams{'CERT_ORGANIZATION'}\n";
4352 print OPENSSL "$ou\n";
4353 print OPENSSL "$cgiparams{'CERT_NAME'}\n";
4354 print OPENSSL "$cgiparams{'CERT_EMAIL'}\n";
4355 print OPENSSL ".\n";
4356 print OPENSSL ".\n";
4357 close (OPENSSL);
4358 if ($?) {
4359 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
4360 unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}key.pem");
4361 unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}req.pem");
4362 goto VPNCONF_ERROR;
6e13d0a5 4363 }
c6c9630e 4364 } else { # child
badd8c1c 4365 unless (exec ('/usr/bin/openssl', 'req', '-nodes',
4c962356 4366 '-newkey', 'rsa:2048',
c6c9630e
MT		 4367 '-keyout', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
4368 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
4369 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
4370 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
4371 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
4372 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
4373 goto VPNCONF_ERROR;
6e13d0a5 4374 }
c6c9630e 4375 }
66c36198 4376
c6c9630e 4377 # Sign the host certificate request
2feacd98 4378 # The system call is safe, because all arguments are passed as an array.
f6e12093 4379 system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
c6c9630e
MT		 4380 '-batch', '-notext',
4381 '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
4382 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
4383 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf");
4384 if ($?) {
4385 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
4386 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
4387 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
4388 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4389 &newcleanssldatabase();
4390 goto VPNCONF_ERROR;
4391 } else {
4392 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
4393 &deletebackupcert();
4394 }
4395
4396 # Create the pkcs12 file
2feacd98 4397 # The system call is safe, because all arguments are passed as an array.
66c36198 4398 system('/usr/bin/openssl', 'pkcs12', '-export',
c6c9630e
MT		 4399 '-inkey', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
4400 '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
4401 '-name', $cgiparams{'NAME'},
4402 '-passout', "pass:$cgiparams{'CERT_PASS1'}",
66c36198 4403 '-certfile', "${General::swroot}/ovpn/ca/cacert.pem",
c6c9630e
MT		 4404 '-caname', "$vpnsettings{'ROOTCERT_ORGANIZATION'} CA",
4405 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12");
4406 if ($?) {
4407 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
4408 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
4409 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4410 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12");
4411 goto VPNCONF_ERROR;
4412 } else {
4413 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
4414 }
4415 } elsif ($cgiparams{'AUTH'} eq 'cert') {
4416 ;# Nothing, just editing
4417 } else {
4418 $errormessage = $Lang::tr{'invalid input for authentication method'};
4419 goto VPNCONF_ERROR;
4420 }
4421
4422 # Check if there is no other entry with this common name
4423 if ((! $cgiparams{'KEY'}) && ($cgiparams{'AUTH'} ne 'psk')) {
4424 foreach my $key (keys %confighash) {
4425 if ($confighash{$key}[2] eq $cgiparams{'CERT_NAME'}) {
4426 $errormessage = $Lang::tr{'a connection with this common name already exists'};
4427 goto VPNCONF_ERROR;
6e13d0a5 4428 }
c6c9630e
MT		 4429 }
4430 }
4431
ab4cf06c 4432 # Save the config
c6c9630e 4433 my $key = $cgiparams{'KEY'};
66c36198 4434
c6c9630e
MT		 4435 if (! $key) {
4436 $key = &General::findhasharraykey (\%confighash);
49abe7af 4437 foreach my $i (0 .. 43) { $confighash{$key}[$i] = "";}
c6c9630e 4438 }
8c877a82
AM		 4439 $confighash{$key}[0] = $cgiparams{'ENABLED'};
4440 $confighash{$key}[1] = $cgiparams{'NAME'};
c6c9630e 4441 if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') {
8c877a82 4442 $confighash{$key}[2] = $cgiparams{'CERT_NAME'};
c6c9630e 4443 }
66c36198 4444
8c877a82 4445 $confighash{$key}[3] = $cgiparams{'TYPE'};
c6c9630e 4446 if ($cgiparams{'AUTH'} eq 'psk') {
8c877a82
AM		 4447 $confighash{$key}[4] = 'psk';
4448 $confighash{$key}[5] = $cgiparams{'PSK'};
c6c9630e 4449 } else {
8c877a82 4450 $confighash{$key}[4] = 'cert';
c6c9630e 4451 }
ce9abb66 4452 if ($cgiparams{'TYPE'} eq 'net') {
8c877a82
AM		 4453 $confighash{$key}[6] = $cgiparams{'SIDE'};
4454 $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
ce9abb66 4455 }
4c962356 4456 $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
8c877a82 4457 $confighash{$key}[10] = $cgiparams{'REMOTE'};
4c962356 4458 if ($cgiparams{'OVPN_MGMT'} eq '') {
8c877a82 4459 $confighash{$key}[22] = $confighash{$key}[29];
4c962356 4460 } else {
8c877a82 4461 $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'};
4c962356 4462 }
8c877a82
AM		 4463 $confighash{$key}[23] = $cgiparams{'MSSFIX'};
4464 $confighash{$key}[24] = $cgiparams{'FRAGMENT'};
4465 $confighash{$key}[25] = $cgiparams{'REMARK'};
4466 $confighash{$key}[26] = $cgiparams{'INTERFACE'};
66c36198 4467# new fields
8c877a82
AM		 4468 $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'};
4469 $confighash{$key}[28] = $cgiparams{'PROTOCOL'};
4470 $confighash{$key}[29] = $cgiparams{'DEST_PORT'};
4471 $confighash{$key}[30] = $cgiparams{'COMPLZO'};
4472 $confighash{$key}[31] = $cgiparams{'MTU'};
4473 $confighash{$key}[32] = $cgiparams{'CHECK1'};
df9b48b7 4474 $name=$cgiparams{'CHECK1'};
8c877a82
AM		 4475 $confighash{$key}[33] = $cgiparams{$name};
4476 $confighash{$key}[34] = $cgiparams{'RG'};
4477 $confighash{$key}[35] = $cgiparams{'CCD_DNS1'};
4478 $confighash{$key}[36] = $cgiparams{'CCD_DNS2'};
4479 $confighash{$key}[37] = $cgiparams{'CCD_WINS'};
4c962356
EK		 4480 $confighash{$key}[39] = $cgiparams{'DAUTH'};
4481 $confighash{$key}[40] = $cgiparams{'DCIPHER'};
350f2980 4482
71af643c
MT		 4483 if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) {
4484 $confighash{$key}[41] = "no-pass";
4485 }
4486
e1e10515
TE		 4487 $confighash{$key}[42] = 'HOTP/T30/6';
4488 $confighash{$key}[43] = $cgiparams{'OTP_STATE'};
4489 if (($confighash{$key}[43] == 'on') && ($confighash{$key}[44] == '')) {
4490 my @otp_secret = &General::system_output("/usr/bin/openssl", "rand", "-hex", "20");
4491 $confighash{$key}[44] = $otp_secret[0];
4492 } elsif ($confighash{$key}[43] == '') {
4493 $confighash{$key}[44] = '';
4494 }
4495
c6c9630e 4496 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
66c36198 4497
8c877a82 4498 if ($cgiparams{'CHECK1'} ){
66c36198 4499
8c877a82
AM		 4500 my ($ccdip,$ccdsub)=split "/",$cgiparams{$name};
4501 my ($a,$b,$c,$d) = split (/\./,$ccdip);
df9b48b7
AM		 4502 if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){
4503 unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";
4504 }
8c877a82 4505 open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!";
82c809c7 4506 print CCDRWCONF "# OpenVPN clientconfig from ccd extension by Copymaster#\n\n";
8c877a82
AM		 4507 if($cgiparams{'CHECK1'} eq 'dynamic'){
4508 print CCDRWCONF "#This client uses the dynamic pool\n";
4509 }else{
82c809c7 4510 print CCDRWCONF "#Ip address client and server\n";
8c877a82
AM		 4511 print CCDRWCONF "ifconfig-push $ccdip ".&General::getlastip($ccdip,1)."\n";
4512 }
4513 if ($confighash{$key}[34] eq 'on'){
4514 print CCDRWCONF "\n#Redirect Gateway: \n#All IP traffic is redirected through the vpn \n";
4515 print CCDRWCONF "push redirect-gateway\n";
4516 }
52d08bcb 4517 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
8c877a82 4518 if ($cgiparams{'IR'} ne ''){
82c809c7 4519 print CCDRWCONF "\n#Client routes these networks (behind Client)\n";
8c877a82
AM		 4520 foreach my $key (keys %ccdroutehash){
4521 if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}){
4522 foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
4523 my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]);
4524 print CCDRWCONF "iroute $a $b\n";
4525 }
4526 }
4527 }
4528 }
52d08bcb 4529 if ($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} ){$cgiparams{'IFROUTE'}='';}
8c877a82 4530 if ($cgiparams{'IFROUTE'} ne ''){
82c809c7 4531 print CCDRWCONF "\n#Client gets routes to these networks (behind IPFire)\n";
8c877a82
AM		 4532 foreach my $key (keys %ccdroute2hash){
4533 if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
4534 foreach my $i ( 1 .. $#{$ccdroute2hash{$key}}){
4535 if($ccdroute2hash{$key}[$i] eq $Lang::tr{'blue'}){
4536 my %blue=();
4537 &General::readhash("${General::swroot}/ethernet/settings", \%blue);
52d08bcb 4538 print CCDRWCONF "push \"route $blue{BLUE_ADDRESS} $blue{BLUE_NETMASK}\n";
8c877a82
AM		 4539 }elsif($ccdroute2hash{$key}[$i] eq $Lang::tr{'orange'}){
4540 my %orange=();
4541 &General::readhash("${General::swroot}/ethernet/settings", \%orange);
4542 print CCDRWCONF "push \"route $orange{ORANGE_ADDRESS} $orange{ORANGE_NETMASK}\n";
4543 }else{
4544 my ($a,$b)=split (/\//,$ccdroute2hash{$key}[$i]);
4545 print CCDRWCONF "push \"route $a $b\"\n";
4546 }
4547 }
4548 }
4549 }
4550 }
4551 if(($cgiparams{'CCD_DNS1'} eq '') && ($cgiparams{'CCD_DNS1'} ne '')){ $cgiparams{'CCD_DNS1'} = $cgiparams{'CCD_DNS2'};$cgiparams{'CCD_DNS2'}='';}
4552 if($cgiparams{'CCD_DNS1'} ne ''){
82c809c7 4553 print CCDRWCONF "\n#Client gets these nameservers\n";
8c877a82
AM		 4554 print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS1'}\" \n";
4555 }
4556 if($cgiparams{'CCD_DNS2'} ne ''){
4557 print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS2'}\" \n";
4558 }
4559 if($cgiparams{'CCD_WINS'} ne ''){
4560 print CCDRWCONF "\n#Client gets this WINS server\n";
4561 print CCDRWCONF "push \"dhcp-option WINS $cgiparams{'CCD_WINS'}\" \n";
4562 }
4563 close CCDRWCONF;
4564 }
18837a6a
AH		 4565
4566###
4567# m.a.d n2n begin
4568###
66c36198 4569
18837a6a 4570 if ($cgiparams{'TYPE'} eq 'net') {
66c36198 4571
2feacd98
SS		 4572 if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
4573 &General::system("/usr/local/bin/openvpnctrl", "-kn2n", "$confighash{$cgiparams{'KEY'}}[1]");
66c36198 4574
2feacd98
SS		 4575 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
4576 my $key = $cgiparams{'KEY'};
4577 if (! $key) {
4578 $key = &General::findhasharraykey (\%confighash);
4579 foreach my $i (0 .. 31) {
4580 $confighash{$key}[$i] = "";
4581 }
4582 }
4583
4584 $confighash{$key}[0] = 'on';
4585 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
66c36198 4586
2feacd98
SS		 4587 &General::system("/usr/local/bin/openvpnctrl", "-sn2n", "$confighash{$cgiparams{'KEY'}}[1]");
4588 }
4589 }
18837a6a
AH		 4590
4591###
4592# m.a.d n2n end
66c36198 4593###
18837a6a 4594
c6c9630e
MT		 4595 if ($cgiparams{'EDIT_ADVANCED'} eq 'on') {
4596 $cgiparams{'KEY'} = $key;
4597 $cgiparams{'ACTION'} = $Lang::tr{'advanced'};
4598 }
4599 goto VPNCONF_END;
6e13d0a5 4600 } else {
c6c9630e 4601 $cgiparams{'ENABLED'} = 'on';
54fd0535
MT		 4602###
4603# m.a.d n2n begin
66c36198 4604###
54fd0535
MT		 4605 $cgiparams{'MSSFIX'} = 'on';
4606 $cgiparams{'FRAGMENT'} = '1300';
70900745 4607 $cgiparams{'DAUTH'} = 'SHA512';
54fd0535
MT		 4608###
4609# m.a.d n2n end
66c36198 4610###
4c962356 4611 $cgiparams{'SIDE'} = 'left';
c6c9630e
MT		 4612 if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) {
4613 $cgiparams{'AUTH'} = 'psk';
4614 } elsif ( ! -f "${General::swroot}/ovpn/ca/cacert.pem") {
4615 $cgiparams{'AUTH'} = 'certfile';
4616 } else {
6e13d0a5 4617 $cgiparams{'AUTH'} = 'certgen';
c6c9630e
MT		 4618 }
4619 $cgiparams{'LOCAL_SUBNET'} ="$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
4620 $cgiparams{'CERT_ORGANIZATION'} = $vpnsettings{'ROOTCERT_ORGANIZATION'};
4621 $cgiparams{'CERT_CITY'} = $vpnsettings{'ROOTCERT_CITY'};
4622 $cgiparams{'CERT_STATE'} = $vpnsettings{'ROOTCERT_STATE'};
4623 $cgiparams{'CERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'};
c0a7c9b2 4624 $cgiparams{'DAYS_VALID'} = $vpnsettings{'DAYS_VALID'} = '730';
6e13d0a5 4625 }
c6c9630e 4626
6e13d0a5 4627 VPNCONF_ERROR:
6e13d0a5
MT		 4628 $checked{'ENABLED'}{'off'} = '';
4629 $checked{'ENABLED'}{'on'} = '';
4630 $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
4631 $checked{'ENABLED_BLUE'}{'off'} = '';
4632 $checked{'ENABLED_BLUE'}{'on'} = '';
4633 $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED';
4634 $checked{'ENABLED_ORANGE'}{'off'} = '';
4635 $checked{'ENABLED_ORANGE'}{'on'} = '';
4636 $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
c6c9630e
MT		 4637
4638
6e13d0a5
MT		 4639 $checked{'EDIT_ADVANCED'}{'off'} = '';
4640 $checked{'EDIT_ADVANCED'}{'on'} = '';
4641 $checked{'EDIT_ADVANCED'}{$cgiparams{'EDIT_ADVANCED'}} = 'CHECKED';
c6c9630e 4642
6e13d0a5
MT		 4643 $selected{'SIDE'}{'server'} = '';
4644 $selected{'SIDE'}{'client'} = '';
4645 $selected{'SIDE'}{$cgiparams{'SIDE'}} = 'SELECTED';
66c36198 4646
d96c89eb
AH		 4647 $selected{'PROTOCOL'}{'udp'} = '';
4648 $selected{'PROTOCOL'}{'tcp'} = '';
4649 $selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = 'SELECTED';
4650
c6c9630e 4651
6e13d0a5
MT		 4652 $checked{'AUTH'}{'psk'} = '';
4653 $checked{'AUTH'}{'certreq'} = '';
4654 $checked{'AUTH'}{'certgen'} = '';
4655 $checked{'AUTH'}{'certfile'} = '';
4656 $checked{'AUTH'}{$cgiparams{'AUTH'}} = 'CHECKED';
c6c9630e 4657
6e13d0a5 4658 $selected{'INTERFACE'}{$cgiparams{'INTERFACE'}} = 'SELECTED';
66c36198 4659
6e13d0a5
MT		 4660 $checked{'COMPLZO'}{'off'} = '';
4661 $checked{'COMPLZO'}{'on'} = '';
4662 $checked{'COMPLZO'}{$cgiparams{'COMPLZO'}} = 'CHECKED';
c6c9630e 4663
d96c89eb
AH		 4664 $checked{'MSSFIX'}{'off'} = '';
4665 $checked{'MSSFIX'}{'on'} = '';
4666 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
4667
52f61e49
EKD		 4668 $selected{'DCIPHER'}{'AES-256-GCM'} = '';
4669 $selected{'DCIPHER'}{'AES-192-GCM'} = '';
4670 $selected{'DCIPHER'}{'AES-128-GCM'} = '';
4c962356
EK		 4671 $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
4672 $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
4673 $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
4674 $selected{'DCIPHER'}{'AES-256-CBC'} = '';
4675 $selected{'DCIPHER'}{'AES-192-CBC'} = '';
4676 $selected{'DCIPHER'}{'AES-128-CBC'} = '';
4677 $selected{'DCIPHER'}{'DESX-CBC'} = '';
4678 $selected{'DCIPHER'}{'SEED-CBC'} = '';
4679 $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
4680 $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
4681 $selected{'DCIPHER'}{'CAST5-CBC'} = '';
4682 $selected{'DCIPHER'}{'BF-CBC'} = '';
4c962356 4683 $selected{'DCIPHER'}{'DES-CBC'} = '';
49abe7af
EK		 4684 # If no cipher has been chossen yet, select
4685 # the old default (AES-256-CBC) for compatiblity reasons.
4686 if ($cgiparams{'DCIPHER'} eq '') {
4687 $cgiparams{'DCIPHER'} = 'AES-256-CBC';
4688 }
4c962356 4689 $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
49abe7af
EK		 4690 $selected{'DAUTH'}{'whirlpool'} = '';
4691 $selected{'DAUTH'}{'SHA512'} = '';
4692 $selected{'DAUTH'}{'SHA384'} = '';
4693 $selected{'DAUTH'}{'SHA256'} = '';
4694 $selected{'DAUTH'}{'SHA1'} = '';
49abe7af 4695 $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
0c4ffc69
EK		 4696 $checked{'TLSAUTH'}{'off'} = '';
4697 $checked{'TLSAUTH'}{'on'} = '';
4698 $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
49abe7af 4699
6e13d0a5
MT		 4700 if (1) {
4701 &Header::showhttpheaders();
4c962356 4702 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
6e13d0a5
MT		 4703 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
4704 if ($errormessage) {
4705 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
4706 print "<class name='base'>$errormessage";
4707 print "&nbsp;</class>";
4708 &Header::closebox();
4709 }
c6c9630e 4710
6e13d0a5
MT		 4711 if ($warnmessage) {
4712 &Header::openbox('100%', 'LEFT', "$Lang::tr{'warning messages'}:");
4713 print "<class name='base'>$warnmessage";
4714 print "&nbsp;</class>";
4715 &Header::closebox();
4716 }
c6c9630e 4717
6e13d0a5 4718 print "<form method='post' enctype='multipart/form-data'>";
ce9abb66 4719 print "<input type='hidden' name='TYPE' value='$cgiparams{'TYPE'}' />";
c6c9630e 4720
6e13d0a5
MT		 4721 if ($cgiparams{'KEY'}) {
4722 print "<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />";
4723 print "<input type='hidden' name='AUTH' value='$cgiparams{'AUTH'}' />";
6e13d0a5 4724 }
c6c9630e 4725
6e13d0a5 4726 &Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:");
8c877a82 4727 print "<table width='100%' border='0'>\n";
4c962356 4728
e3edceeb 4729 print "<tr><td width='14%' class='boldbase'>$Lang::tr{'name'}:&nbsp;<img src='/blob.gif' alt='*' /></td>";
66c36198 4730
ce9abb66 4731 if ($cgiparams{'TYPE'} eq 'host') {
6e13d0a5 4732 if ($cgiparams{'KEY'}) {
8c877a82 4733 print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
6e13d0a5
MT		 4734 } else {
4735 print "<td width='35%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' size='30' /></td>";
4736 }
c6c9630e
MT		 4737# print "<tr><td>$Lang::tr{'interface'}</td>";
4738# print "<td><select name='INTERFACE'>";
4739# print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED</option>";
4c962356
EK		 4740# if ($netsettings{'BLUE_DEV'} ne '') {
4741# print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE</option>";
4742# }
4743# print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN</option>";
4744# print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>";
4745# print "</select></td></tr>";
4746# print <<END;
ce9abb66
AH		 4747 } else {
4748 print "<input type='hidden' name='INTERFACE' value='red' />";
4749 if ($cgiparams{'KEY'}) {
4750 print "<td width='25%' class='base' nowrap='nowrap'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
4751 } else {
4752 print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>";
4753 }
52f61e49
EKD		 4754
4755 # If GCM ciphers are in usage, HMAC menu is disabled
4756 my $hmacdisabled;
4757 if (($confighash{$cgiparams{'KEY'}}[40] eq 'AES-256-GCM') ||
4758 ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-192-GCM') ||
4759 ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-128-GCM')) {
4760 $hmacdisabled = "disabled='disabled'";
4761 };
4762
4c962356 4763 print <<END;
ce9abb66 4764 <td width='25%'>&nbsp;</td>
66c36198 4765 <td width='25%'>&nbsp;</td></tr>
f527e53f
EK		 4766 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td>
4767 <td><select name='SIDE'>
4768 <option value='server' $selected{'SIDE'}{'server'}>$Lang::tr{'openvpn server'}</option>
4769 <option value='client' $selected{'SIDE'}{'client'}>$Lang::tr{'openvpn client'}</option>
4770 </select>
4771 </td>
4c962356 4772
f527e53f
EK		 4773 <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
4774 <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td>
4775 </tr>
4c962356 4776
e3edceeb 4777 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}&nbsp;<img src='/blob.gif' alt='*' /></td>
f527e53f 4778 <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td>
4c962356 4779
e3edceeb 4780 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}&nbsp;<img src='/blob.gif' alt='*' /></td>
f527e53f
EK		 4781 <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td>
4782 </tr>
4c962356 4783
e3edceeb 4784 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}&nbsp;<img src='/blob.gif' alt='*' /></td>
f527e53f 4785 <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td>
49abe7af 4786
f527e53f
EK		 4787 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
4788 <td><select name='PROTOCOL'>
4789 <option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
4790 <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>
4791 </tr>
66c36198 4792
f527e53f 4793 <tr>
e3edceeb 4794 <td class='boldbase'>$Lang::tr{'destination port'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
f527e53f 4795 <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td>
4c962356 4796
e3edceeb 4797 <td class='boldbase' nowrap='nowrap'>Management Port ($Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}):</td>
f527e53f
EK		 4798 <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td>
4799 </tr>
49abe7af 4800
f527e53f 4801 <tr><td colspan=4><hr /></td></tr><tr>
66c36198 4802
f527e53f
EK		 4803 <tr>
4804 <td class'base'><b>$Lang::tr{'MTU settings'}</b></td>
4805 </tr>
49abe7af 4806
e3edceeb 4807 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td>
f527e53f
EK		 4808 <td><input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td>
4809 <td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td>
4810 </tr>
4c962356 4811
e3edceeb 4812 <tr><td class='boldbase' nowrap='nowrap'>fragment:</td>
f527e53f
EK		 4813 <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td>
4814 <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td>
4815 </tr>
4c962356 4816
e3edceeb 4817 <tr><td class='boldbase' nowrap='nowrap'>mssfix:</td>
f527e53f
EK		 4818 <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
4819 <td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td>
4820 </tr>
4c962356 4821
e3edceeb 4822 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
f527e53f
EK		 4823 <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>
4824 </tr>
2ee746be 4825
f527e53f
EK		 4826<tr><td colspan=4><hr /></td></tr><tr>
4827 <tr>
4828 <td class'base'><b>$Lang::tr{'ovpn crypt options'}:</b></td>
4829 </tr>
4830
4831 <tr><td class='boldbase'>$Lang::tr{'cipher'}</td>
52f61e49
EKD		 4832 <td><select name='DCIPHER' id="n2ncipher" required>
4833 <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option>
4834 <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option>
4835 <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option>
f527e53f
EK		 4836 <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
4837 <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
4838 <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
f7fb5bc5 4839 <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'}, $Lang::tr{'default'})</option>
f527e53f
EK		 4840 <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
4841 <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
ea6dd5b0
EK		 4842 <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
4843 <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4844 <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4845 <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4846 <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4847 <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
f527e53f
EK		 4848 </select>
4849 </td>
4850
4851 <td class='boldbase'>$Lang::tr{'ovpn ha'}:</td>
52f61e49 4852 <td><select name='DAUTH' id="n2nhmac" $hmacdisabled>
f527e53f
EK		 4853 <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
4854 <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
4855 <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
4856 <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
f3dfb261 4857 <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
f527e53f
EK		 4858 </select>
4859 </td>
4860 </tr>
4861 <tr><td colspan=4><hr /></td></tr><tr>
4862
ce9abb66 4863END
8c877a82 4864;
ce9abb66 4865 }
52f61e49
EKD		 4866
4867#### JAVA SCRIPT ####
4868# Validate N2N cipher. If GCM will be used, HMAC menu will be disabled onchange
4869print<<END;
4870 <script>
4871 var disable_options = false;
4872 document.getElementById('n2ncipher').onchange = function () {
4873 if((this.value == "AES-256-GCM"||this.value == "AES-192-GCM"||this.value == "AES-128-GCM")) {
4874 document.getElementById('n2nhmac').setAttribute('disabled', true);
4875 } else {
4876 document.getElementById('n2nhmac').removeAttribute('disabled');
4877 }
4878 }
4879 </script>
4880END
4881
2ee746be 4882#jumper
e3edceeb 4883 print "<tr><td class='boldbase'>$Lang::tr{'remark title'}</td>";
8c877a82 4884 print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr></table>";
66c36198 4885
ce9abb66 4886 if ($cgiparams{'TYPE'} eq 'host') {
8c877a82 4887 print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>";
66c36198 4888 }
ce9abb66 4889
8c877a82 4890 print"</tr></table><br><br>";
66c36198
PM		 4891#A.Marx CCD new client
4892if ($cgiparams{'TYPE'} eq 'host') {
8c877a82 4893 print "<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td colspan='3'><hr><br><b>$Lang::tr{'ccd choose net'}</td></tr><tr><td height='20' colspan='3'></td></tr>";
8c877a82
AM		 4894 my %vpnnet=();
4895 my $vpnip;
4896 &General::readhash("${General::swroot}/ovpn/settings", \%vpnnet);
4897 $vpnip=$vpnnet{'DOVPN_SUBNET'};
4898 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
4899 my @ccdconf=();
4900 my $count=0;
4901 my $checked;
4902 $checked{'check1'}{'off'} = '';
4903 $checked{'check1'}{'on'} = '';
4904 $checked{'check1'}{$cgiparams{'CHECK1'}} = 'CHECKED';
4905 print"<tr><td align='center' width='1%' valign='top'><input type='radio' name='CHECK1' value='dynamic' checked /></td><td align='left' valign='top' width='35%'>$Lang::tr{'ccd dynrange'} ($vpnip)</td><td width='30%'>";
4906 print"</td></tr></table><br><br>";
4907 my $name=$cgiparams{'CHECK1'};
4908 $checked{'RG'}{$cgiparams{'RG'}} = 'CHECKED';
e1e10515 4909 $checked{'OTP_STATE'}{$cgiparams{'OTP_STATE'}} = 'CHECKED';
66c36198
PM		 4910
4911 if (! -z "${General::swroot}/ovpn/ccd.conf"){
8c877a82 4912 print"<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td width='1%'></td><td width='30%' class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td width='15%' class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' align='center' width='18%'><b>$Lang::tr{'ccd clientip'}</td></tr>";
df9b48b7 4913 foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
8c877a82
AM		 4914 $count++;
4915 @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
4916 if ($count % 2){print"<tr bgcolor='$color{'color22'}'>";}else{print"<tr bgcolor='$color{'color20'}'>";}
4917 print"<td align='center' width='1%'><input type='radio' name='CHECK1' value='$ccdconf[0]' $checked{'check1'}{$ccdconf[0]}/></td><td>$ccdconf[0]</td><td width='40%' align='center'>$ccdconf[1]</td><td align='left' width='10%'>";
4918 &fillselectbox($ccdconf[1],$ccdconf[0],$cgiparams{$name});
4919 print"</td></tr>";
4920 }
4921 print "</table><br><br><hr><br><br>";
4922 }
e81be1e1 4923}
8c877a82 4924# ccd end
6e13d0a5
MT		 4925 &Header::closebox();
4926 if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') {
66c36198 4927
8c877a82 4928 } elsif (! $cgiparams{'KEY'}) {
66c36198
PM		 4929
4930
6e13d0a5
MT		 4931 my $disabled='';
4932 my $cakeydisabled='';
4933 my $cacrtdisabled='';
4934 if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" };
4935 if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" };
66c36198 4936
6e13d0a5 4937 &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'});
66c36198
PM		 4938
4939
ce9abb66
AH		 4940 if ($cgiparams{'TYPE'} eq 'host') {
4941
49abe7af 4942 print <<END;
6e13d0a5 4943 <table width='100%' cellpadding='0' cellspacing='5' border='0'>
66c36198 4944
ce9abb66
AH		 4945 <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td><td class='base'>$Lang::tr{'upload a certificate request'}</td><td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr>
4946 <tr><td><input type='radio' name='AUTH' value='certfile' $checked{'AUTH'}{'certfile'} $cacrtdisabled /></td><td class='base'>$Lang::tr{'upload a certificate'}</td></tr>
54fd0535
MT		 4947 <tr><td colspan='3'>&nbsp;</td></tr>
4948 <tr><td colspan='3'><hr /></td></tr>
4949 <tr><td colspan='3'>&nbsp;</td></tr>
ce9abb66 4950 <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
e3edceeb
LS		 4951 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users fullname or system hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
4952 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users email'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
4953 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users department'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
4954 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'organization name'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
4955 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'city'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
4956 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'state or province'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
ce9abb66 4957 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
6e13d0a5 4958END
ce9abb66
AH		 4959;
4960
4961###
7c1d9faf 4962# m.a.d net2net
ce9abb66
AH		 4963###
4964
4965} else {
4966
49abe7af 4967 print <<END;
ce9abb66 4968 <table width='100%' cellpadding='0' cellspacing='5' border='0'>
66c36198 4969
ce9abb66 4970 <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
e3edceeb
LS		 4971 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users fullname or system hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
4972 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users email'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
4973 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users department'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
4974 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'organization name'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
4975 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'city'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
4976 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'state or province'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
ce9abb66 4977 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
66c36198
PM		 4978
4979
ce9abb66
AH		 4980END
4981;
4982
4983}
4984
4985###
7c1d9faf 4986# m.a.d net2net
ce9abb66 4987###
c6c9630e 4988
6e13d0a5
MT		 4989 foreach my $country (sort keys %{Countries::countries}) {
4990 print "<option value='$Countries::countries{$country}'";
4991 if ( $Countries::countries{$country} eq $cgiparams{'CERT_COUNTRY'} ) {
4992 print " selected='selected'";
4993 }
4994 print ">$country</option>";
4995 }
ce9abb66 4996###
7c1d9faf 4997# m.a.d net2net
ce9abb66
AH		 4998###
4999
5000if ($cgiparams{'TYPE'} eq 'host') {
49abe7af 5001 print <<END;
f4fbb935 5002 </select></td></tr>
425465ed 5003 <td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):&nbsp;<img src='/blob.gif' alt='*' /</td>
f4fbb935
EK		 5004 <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
5005 <tr><td>&nbsp;</td>
6e13d0a5
MT		 5006 <td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
5007 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value='$cgiparams{'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr>
f4fbb935 5008 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'pkcs12 file password'}:<br>($Lang::tr{'confirmation'})</td>
6e13d0a5 5009 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr>
f4fbb935
EK		 5010 <tr><td colspan='3'>&nbsp;</td></tr>
5011 <tr><td colspan='3'><hr /></td></tr>
e3edceeb 5012 <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'required field'}</td></tr>
f4fbb935 5013 </table>
ce9abb66
AH		 5014END
5015}else{
49abe7af 5016 print <<END;
f4fbb935 5017 </select></td></tr>
425465ed 5018 <td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):&nbsp;<img src='/blob.gif' alt='*' /</td>
f4fbb935
EK		 5019 <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
5020 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
5021 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
5022 <tr><td colspan='3'><hr /></td></tr>
e3edceeb 5023 <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'required field'}</td></tr>
ce9abb66 5024 </table>
66c36198 5025
c6c9630e 5026END
ce9abb66
AH		 5027}
5028
5029###
7c1d9faf 5030# m.a.d net2net
ce9abb66 5031###
c6c9630e
MT		 5032 ;
5033 &Header::closebox();
66c36198 5034
8c877a82 5035 }
e81be1e1 5036
66c36198 5037#A.Marx CCD new client
e81be1e1 5038if ($cgiparams{'TYPE'} eq 'host') {
8c877a82
AM		 5039 print"<br><br>";
5040 &Header::openbox('100%', 'LEFT', "$Lang::tr{'ccd client options'}:");
5041
66c36198 5042
8c877a82
AM		 5043 print <<END;
5044 <table border='0' width='100%'>
e1e10515 5045 <tr><td width='20%'>$Lang::tr{'enable otp'}:</td><td colspan='3'><input type='checkbox' name='OTP_STATE' $checked{'OTP_STATE'}{'on'} /></td></tr>
8c877a82
AM		 5046 <tr><td width='20%'>Redirect Gateway:</td><td colspan='3'><input type='checkbox' name='RG' $checked{'RG'}{'on'} /></td></tr>
5047 <tr><td colspan='4'><b><br>$Lang::tr{'ccd routes'}</b></td></tr>
5048 <tr><td colspan='4'>&nbsp</td></tr>
5049 <tr><td valign='top'>$Lang::tr{'ccd iroute'}</td><td align='left' width='30%'><textarea name='IR' cols='26' rows='6' wrap='off'>
5050END
66c36198 5051
8c877a82
AM		 5052 if ($cgiparams{'IR'} ne ''){
5053 print $cgiparams{'IR'};
5054 }else{
5055 &General::readhasharray ("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
5056 foreach my $key (keys %ccdroutehash) {
5057 if( $cgiparams{'NAME'} eq $ccdroutehash{$key}[0]){
5058 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
5059 if ($ccdroutehash{$key}[$i] ne ''){
5060 print $ccdroutehash{$key}[$i]."\n";
5061 }
5062 $cgiparams{'IR'} .= $ccdroutehash{$key}[$i];
5063 }
5064 }
5065 }
c6c9630e 5066 }
66c36198 5067
8c877a82
AM		 5068 print <<END;
5069</textarea></td><td valign='top' colspan='2'>$Lang::tr{'ccd iroutehint'}</td></tr>
5070 <tr><td colspan='4'><br></td></tr>
5071 <tr><td valign='top' rowspan='3'>$Lang::tr{'ccd iroute2'}</td><td align='left' valign='top' rowspan='3'><select name='IFROUTE' style="width: 205px"; size='6' multiple>
5072END
66c36198 5073
52d08bcb
AM		 5074 my $set=0;
5075 my $selorange=0;
5076 my $selblue=0;
5077 my $selgreen=0;
5078 my $helpblue=0;
5079 my $helporange=0;
5080 my $other=0;
df9b48b7 5081 my $none=0;
52d08bcb 5082 my @temp=();
66c36198 5083
8c877a82 5084 our @current = ();
52d08bcb
AM		 5085 open(FILE, "${General::swroot}/main/routing") ;
5086 @current = <FILE>;
5087 close (FILE);
66c36198 5088 &General::readhasharray ("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
df9b48b7
AM		 5089 #check for "none"
5090 foreach my $key (keys %ccdroute2hash) {
5091 if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
5092 if ($ccdroute2hash{$key}[1] eq ''){
5093 $none=1;
5094 last;
5095 }
5096 }
5097 }
5098 if ($none ne '1'){
5099 print"<option>$Lang::tr{'ccd none'}</option>";
5100 }else{
5101 print"<option selected>$Lang::tr{'ccd none'}</option>";
5102 }
52d08bcb
AM		 5103 #check if static routes are defined for client
5104 foreach my $line (@current) {
66c36198 5105 chomp($line);
52d08bcb
AM		 5106 $line=~s/\s*$//g; # remove newline
5107 @temp=split(/\,/,$line);
5108 $temp[1] = '' unless defined $temp[1]; # not always populated
5109 my ($a,$b) = split(/\//,$temp[1]);
5110 $temp[1] = $a."/".&General::iporsubtocidr($b);
5111 foreach my $key (keys %ccdroute2hash) {
5112 if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
5113 foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
5114 if($ccdroute2hash{$key}[$i] eq $a."/".&General::iporsubtodec($b)){
5115 $set=1;
8c877a82
AM		 5116 }
5117 }
8c877a82 5118 }
52d08bcb
AM		 5119 }
5120 if ($set == '1' && $#temp != -1){ print"<option selected>$temp[1]</option>";$set=0;}elsif($set == '0' && $#temp != -1){print"<option>$temp[1]</option>";}
66c36198 5121 }
3a445974
MT		 5122
5123 my %vpnconfig = ();
5124 &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig);
5125 foreach my $vpn (keys %vpnconfig) {
5126 # Skip all disabled VPN connections
5127 my $enabled = $vpnconfig{$vpn}[0];
5128 next unless ($enabled eq "on");
5129
5130 my $name = $vpnconfig{$vpn}[1];
5131
5132 # Remote subnets
5133 my @networks = split(/\|/, $vpnconfig{$vpn}[11]);
5134 foreach my $network (@networks) {
5135 my $selected = "";
5136
5137 foreach my $key (keys %ccdroute2hash) {
5138 if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) {
5139 foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
5140 if ($ccdroute2hash{$key}[$i] eq $network) {
5141 $selected = "selected";
5142 }
5143 }
5144 }
5145 }
5146
5147 print "<option value=\"$network\" $selected>$name ($network)</option>\n";
5148 }
5149 }
5150
52d08bcb
AM		 5151 #check if green,blue,orange are defined for client
5152 foreach my $key (keys %ccdroute2hash) {
5153 if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
5154 $other=1;
5155 foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
5156 if ($ccdroute2hash{$key}[$i] eq $netsettings{'GREEN_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'GREEN_NETMASK'})){
5157 $selgreen=1;
5158 }
5159 if (&haveBlueNet()){
5160 if( $ccdroute2hash{$key}[$i] eq $netsettings{'BLUE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'BLUE_NETMASK'})) {
5161 $selblue=1;
5162 }
5163 }
5164 if (&haveOrangeNet()){
5165 if( $ccdroute2hash{$key}[$i] eq $netsettings{'ORANGE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'ORANGE_NETMASK'}) ) {
5166 $selorange=1;
5167 }
5168 }
5169 }
5170 }
5171 }
5172 if (&haveBlueNet() && $selblue == '1'){ print"<option selected>$Lang::tr{'blue'}</option>";$selblue=0;}elsif(&haveBlueNet() && $selblue == '0'){print"<option>$Lang::tr{'blue'}</option>";}
66c36198 5173 if (&haveOrangeNet() && $selorange == '1'){ print"<option selected>$Lang::tr{'orange'}</option>";$selorange=0;}elsif(&haveOrangeNet() && $selorange == '0'){print"<option>$Lang::tr{'orange'}</option>";}
52d08bcb 5174 if ($selgreen == '1' || $other == '0'){ print"<option selected>$Lang::tr{'green'}</option>";$set=0;}else{print"<option>$Lang::tr{'green'}</option>";};
66c36198 5175
49abe7af 5176 print<<END;
8c877a82
AM		 5177 </select></td><td valign='top'>DNS1:</td><td valign='top'><input type='TEXT' name='CCD_DNS1' value='$cgiparams{'CCD_DNS1'}' size='30' /></td></tr>
5178 <tr valign='top'><td>DNS2:</td><td><input type='TEXT' name='CCD_DNS2' value='$cgiparams{'CCD_DNS2'}' size='30' /></td></tr>
5179 <tr valign='top'><td valign='top'>WINS:</td><td><input type='TEXT' name='CCD_WINS' value='$cgiparams{'CCD_WINS'}' size='30' /></td></tr></table><br><hr>
66c36198 5180
8c877a82
AM		 5181END
5182;
5183 &Header::closebox();
e81be1e1 5184}
c6c9630e
MT		 5185 print "<div align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
5186 if ($cgiparams{'KEY'}) {
5187# print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced'}' />";
5188 }
5189 print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>";
5190 &Header::closebigbox();
5191 &Header::closepage();
5192 exit (0);
6e13d0a5 5193 }
c6c9630e 5194 VPNCONF_END:
6e13d0a5 5195}
c6c9630e
MT		 5196
5197# SETTINGS_ERROR:
6e13d0a5
MT		 5198###
5199### Default status page
5200###
c6c9630e
MT		 5201 %cgiparams = ();
5202 %cahash = ();
5203 %confighash = ();
5204 &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
5205 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
5206 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
5207
2feacd98
SS		 5208 open(FILE, "/var/run/ovpnserver.log");
5209 my @status = <FILE>;
5210 close(FILE);
c6c9630e
MT		 5211
5212 if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
8c877a82
AM		 5213 if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
5214 my $ipaddr = <IPADDR>;
5215 close IPADDR;
5216 chomp ($ipaddr);
5217 $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
5218 if ($cgiparams{'VPN_IP'} eq '') {
5219 $cgiparams{'VPN_IP'} = $ipaddr;
5220 }
5221 }
c6c9630e 5222 }
66c36198 5223
6e13d0a5 5224#default setzen
c6c9630e 5225 if ($cgiparams{'DCIPHER'} eq '') {
4c962356 5226 $cgiparams{'DCIPHER'} = 'AES-256-CBC';
c6c9630e 5227 }
c6c9630e 5228 if ($cgiparams{'DDEST_PORT'} eq '') {
4c962356 5229 $cgiparams{'DDEST_PORT'} = '1194';
c6c9630e
MT		 5230 }
5231 if ($cgiparams{'DMTU'} eq '') {
4c962356
EK		 5232 $cgiparams{'DMTU'} = '1400';
5233 }
5234 if ($cgiparams{'MSSFIX'} eq '') {
5235 $cgiparams{'MSSFIX'} = 'off';
5236 }
5237 if ($cgiparams{'DAUTH'} eq '') {
86308adb
EK		 5238 if (-z "${General::swroot}/ovpn/ovpnconfig") {
5239 $cgiparams{'DAUTH'} = 'SHA512';
5240 }
5241 foreach my $key (keys %confighash) {
5242 if ($confighash{$key}[3] ne 'host') {
5243 $cgiparams{'DAUTH'} = 'SHA512';
5244 } else {
5245 $cgiparams{'DAUTH'} = 'SHA1';
5246 }
5247 }
5248 }
0c4ffc69
EK		 5249 if ($cgiparams{'TLSAUTH'} eq '') {
5250 $cgiparams{'TLSAUTH'} = 'off';
5251 }
c6c9630e 5252 if ($cgiparams{'DOVPN_SUBNET'} eq '') {
4c962356 5253 $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
c6c9630e 5254 }
4c962356 5255 $checked{'ENABLED'}{'off'} = '';
c6c9630e
MT		 5256 $checked{'ENABLED'}{'on'} = '';
5257 $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
5258 $checked{'ENABLED_BLUE'}{'off'} = '';
5259 $checked{'ENABLED_BLUE'}{'on'} = '';
5260 $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED';
5261 $checked{'ENABLED_ORANGE'}{'off'} = '';
5262 $checked{'ENABLED_ORANGE'}{'on'} = '';
5263 $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
c6c9630e
MT		 5264
5265 $selected{'DPROTOCOL'}{'udp'} = '';
5266 $selected{'DPROTOCOL'}{'tcp'} = '';
5267 $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
4c962356 5268
52f61e49
EKD		 5269 $selected{'DCIPHER'}{'AES-256-GCM'} = '';
5270 $selected{'DCIPHER'}{'AES-192-GCM'} = '';
5271 $selected{'DCIPHER'}{'AES-128-GCM'} = '';
4c962356
EK		 5272 $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
5273 $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
5274 $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
5275 $selected{'DCIPHER'}{'AES-256-CBC'} = '';
5276 $selected{'DCIPHER'}{'AES-192-CBC'} = '';
5277 $selected{'DCIPHER'}{'AES-128-CBC'} = '';
c6c9630e
MT		 5278 $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
5279 $selected{'DCIPHER'}{'DESX-CBC'} = '';
4c962356
EK		 5280 $selected{'DCIPHER'}{'SEED-CBC'} = '';
5281 $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
5282 $selected{'DCIPHER'}{'CAST5-CBC'} = '';
5283 $selected{'DCIPHER'}{'BF-CBC'} = '';
4c962356 5284 $selected{'DCIPHER'}{'DES-CBC'} = '';
c6c9630e 5285 $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
4c962356
EK		 5286
5287 $selected{'DAUTH'}{'whirlpool'} = '';
5288 $selected{'DAUTH'}{'SHA512'} = '';
5289 $selected{'DAUTH'}{'SHA384'} = '';
5290 $selected{'DAUTH'}{'SHA256'} = '';
4c962356
EK		 5291 $selected{'DAUTH'}{'SHA1'} = '';
5292 $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
5293
0c4ffc69
EK		 5294 $checked{'TLSAUTH'}{'off'} = '';
5295 $checked{'TLSAUTH'}{'on'} = '';
5296 $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
5297
c6c9630e
MT		 5298 $checked{'DCOMPLZO'}{'off'} = '';
5299 $checked{'DCOMPLZO'}{'on'} = '';
5300 $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
4c962356 5301
d96c89eb
AH		 5302# m.a.d
5303 $checked{'MSSFIX'}{'off'} = '';
5304 $checked{'MSSFIX'}{'on'} = '';
5305 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
6e13d0a5 5306#new settings
c6c9630e
MT		 5307 &Header::showhttpheaders();
5308 &Header::openpage($Lang::tr{'status ovpn'}, 1, '');
5309 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
6e13d0a5 5310
c6c9630e 5311 if ($errormessage) {
6e13d0a5
MT		 5312 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
5313 print "<class name='base'>$errormessage\n";
5314 print "&nbsp;</class>\n";
5315 &Header::closebox();
c6c9630e 5316 }
6e13d0a5 5317
400c8afd
EK		 5318 if ($cryptoerror) {
5319 &Header::openbox('100%', 'LEFT', $Lang::tr{'crypto error'});
5320 print "<class name='base'>$cryptoerror";
5321 print "&nbsp;</class>";
5322 &Header::closebox();
5323 }
5324
5325 if ($cryptowarning) {
5326 &Header::openbox('100%', 'LEFT', $Lang::tr{'crypto warning'});
5327 print "<class name='base'>$cryptowarning";
5328 print "&nbsp;</class>";
5329 &Header::closebox();
5330 }
5331
b2e75449
MT		 5332 if ($warnmessage) {
5333 &Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'});
5334 print "$warnmessage<br>";
5335 print "$Lang::tr{'fwdfw warn1'}<br>";
5336 &Header::closebox();
5337 print"<center><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'ok'}' style='width: 5em;'></form>";
5338 &Header::closepage();
5339 exit 0;
5340 }
4d81e0f3 5341
c6c9630e
MT		 5342 my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
5343 my $srunning = "no";
5344 my $activeonrun = "";
5345 if ( -e "/var/run/openvpn.pid"){
6e13d0a5
MT		 5346 $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'running'}</font></b></td></tr></table>";
5347 $srunning ="yes";
5348 $activeonrun = "";
c6c9630e 5349 } else {
6e13d0a5 5350 $activeonrun = "disabled='disabled'";
66c36198
PM		 5351 }
5352 &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'});
4c962356 5353 print <<END;
631b67b7 5354 <table width='100%' border='0'>
c6c9630e
MT		 5355 <form method='post'>
5356 <td width='25%'>&nbsp;</td>
5357 <td width='25%'>&nbsp;</td>
5358 <td width='25%'>&nbsp;</td></tr>
5359 <tr><td class='boldbase'>$Lang::tr{'ovpn server status'}</td>
5360 <td align='left'>$sactive</td>
5361 <tr><td class='boldbase'>$Lang::tr{'ovpn on red'}</td>
8c877a82 5362 <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
c6c9630e
MT		 5363END
5364;
5365 if (&haveBlueNet()) {
5366 print "<tr><td class='boldbase'>$Lang::tr{'ovpn on blue'}</td>";
5367 print "<td><input type='checkbox' name='ENABLED_BLUE' $checked{'ENABLED_BLUE'}{'on'} /></td>";
5368 }
66c36198 5369 if (&haveOrangeNet()) {
c6c9630e
MT		 5370 print "<tr><td class='boldbase'>$Lang::tr{'ovpn on orange'}</td>";
5371 print "<td><input type='checkbox' name='ENABLED_ORANGE' $checked{'ENABLED_ORANGE'}{'on'} /></td>";
86308adb
EK		 5372 }
5373
5374 print <<END;
5375
5376 <tr><td colspan='4'><br></td></tr>
5377 <tr>
5378 <td class'base'><b>$Lang::tr{'net config'}:</b></td>
5379 </tr>
5380 <tr><td colspan='1'><br></td></tr>
5381
4e17adad
CS		 5382 <tr><td class='base' nowrap='nowrap' colspan='2'>$Lang::tr{'local vpn hostname/ip'}:<br /><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' size='30' /></td>
5383 <td class='boldbase' nowrap='nowrap' colspan='2'>$Lang::tr{'ovpn subnet'}<br /><input type='TEXT' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}' size='30' /></td></tr>
c6c9630e
MT		 5384 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
5385 <td><select name='DPROTOCOL'><option value='udp' $selected{'DPROTOCOL'}{'udp'}>UDP</option>
66c36198 5386 <option value='tcp' $selected{'DPROTOCOL'}{'tcp'}>TCP</option></select></td>
c6c9630e
MT		 5387 <td class='boldbase'>$Lang::tr{'destination port'}:</td>
5388 <td><input type='TEXT' name='DDEST_PORT' value='$cgiparams{'DDEST_PORT'}' size='5' /></td></tr>
5389 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;</td>
bc2b3e94 5390 <td> <input type='TEXT' name='DMTU' VALUE='$cgiparams{'DMTU'}' size='5' /></td>
86308adb
EK		 5391 </tr>
5392
5393 <tr><td colspan='4'><br></td></tr>
5394 <tr>
5395 <td class'base'><b>$Lang::tr{'ovpn crypt options'}:</b></td>
5396 </tr>
5397 <tr><td colspan='1'><br></td></tr>
5398
5399 <tr>
5400 <td class='base'>$Lang::tr{'ovpn ha'}</td>
5401 <td><select name='DAUTH'>
5402 <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
5403 <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
5404 <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
5405 <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
5406 <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5407 </select>
5408 </td>
f527e53f 5409
4c962356
EK		 5410 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>
5411 <td><select name='DCIPHER'>
52f61e49
EKD		 5412 <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option>
5413 <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option>
5414 <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option>
4c962356 5415 <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
f527e53f 5416 <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
4c962356
EK		 5417 <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
5418 <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option>
5419 <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
5420 <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
4c962356 5421 <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
ea6dd5b0
EK		 5422 <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5423 <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5424 <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5425 <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5426 <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4c962356
EK		 5427 </select>
5428 </td>
4c962356 5429 </tr>
0c4ffc69
EK		 5430
5431 <tr><td colspan='4'><br></td></tr>
5432 <tr>
5433 <td class='base'>$Lang::tr{'ovpn tls auth'}</td>
5434 <td><input type='checkbox' name='TLSAUTH' $checked{'TLSAUTH'}{'on'} /></td>
5435 </tr>
5436
f7edf97a 5437 <tr><td colspan='4'><br><br></td></tr>
c6c9630e 5438END
66c36198
PM		 5439;
5440
c6c9630e 5441 if ( $srunning eq "yes" ) {
8c877a82
AM		 5442 print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' disabled='disabled' />";
5443 print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />";
66c36198 5444 print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />";
8c877a82 5445 print "<input type='submit' name='ACTION' value='$Lang::tr{'stop ovpn server'}' /></td></tr>";
c6c9630e 5446 } else{
8c877a82
AM		 5447 print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
5448 print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />";
5449 print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />";
c6c9630e
MT		 5450 if (( -e "${General::swroot}/ovpn/ca/cacert.pem" &&
5451 -e "${General::swroot}/ovpn/ca/dh1024.pem" &&
5452 -e "${General::swroot}/ovpn/certs/servercert.pem" &&
5453 -e "${General::swroot}/ovpn/certs/serverkey.pem") &&
66c36198 5454 (( $cgiparams{'ENABLED'} eq 'on') ||
c6c9630e
MT		 5455 ( $cgiparams{'ENABLED_BLUE'} eq 'on') ||
5456 ( $cgiparams{'ENABLED_ORANGE'} eq 'on'))){
8c877a82 5457 print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' /></td></tr>";
c6c9630e 5458 } else {
66c36198
PM		 5459 print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' disabled='disabled' /></td></tr>";
5460 }
c6c9630e
MT		 5461 }
5462 print "</form></table>";
5463 &Header::closebox();
6e13d0a5 5464
c6c9630e 5465 if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
ce9abb66 5466###
7c1d9faf 5467# m.a.d net2net
54fd0535 5468#<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b><br /><img src='/images/null.gif' width='125' height='1' border='0' alt='L2089' /></td>
ce9abb66
AH		 5469###
5470
4c962356 5471 &Header::openbox('100%', 'LEFT', $Lang::tr{'connection status and controlc' });
c6c9630e 5472 ;
99bfa85c
AM		 5473 my $id = 0;
5474 my $gif;
f7edf97a 5475 my $col1="";
5b942f7f 5476 my $lastnet;
c8b51e28 5477 foreach my $key (sort { ncmp ($confighash{$a}[32],$confighash{$b}[32]) } sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) {
5b942f7f
AM		 5478 if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]=$Lang::tr{'fwhost OpenVPN N-2-N'};}
5479 if ($confighash{$key}[32] eq "dynamic"){$confighash{$key}[32]=$Lang::tr{'ccd dynrange'};}
5480 if($id == 0){
5481 print"<b>$confighash{$key}[32]</b>";
5482 print <<END;
5483 <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
5484<tr>
5485 <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
5486 <th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th>
5487 <th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
5488 <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
e1e10515 5489 <th width='5%' class='boldbase' colspan='8' align='center'><b>$Lang::tr{'action'}</b></th>
5b942f7f
AM		 5490</tr>
5491END
5492 }
5493 if ($id > 0 && $lastnet ne $confighash{$key}[32]){
5494 print "</table><br>";
5495 print"<b>$confighash{$key}[32]</b>";
5496 print <<END;
5497 <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
5498<tr>
5499 <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
5500 <th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th>
5501 <th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
5502 <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
e1e10515 5503 <th width='5%' class='boldbase' colspan='8' align='center'><b>$Lang::tr{'action'}</b></th>
5b942f7f
AM		 5504</tr>
5505END
5506 }
eff2dbf8 5507 if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
c6c9630e 5508 if ($id % 2) {
99bfa85c
AM		 5509 print "<tr>";
5510 $col="bgcolor='$color{'color20'}'";
bb89e92a 5511 } else {
99bfa85c
AM		 5512 print "<tr>";
5513 $col="bgcolor='$color{'color22'}'";
c6c9630e 5514 }
99bfa85c
AM		 5515 print "<td align='center' nowrap='nowrap' $col>$confighash{$key}[1]</td>";
5516 print "<td align='center' nowrap='nowrap' $col>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>";
8c877a82
AM		 5517 #if ($confighash{$key}[4] eq 'cert') {
5518 #print "<td align='left' nowrap='nowrap'>$confighash{$key}[2]</td>";
5519 #} else {
5520 #print "<td align='left'>&nbsp;</td>";
5521 #}
2feacd98
SS		 5522 my @cavalid = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem");
5523 my $cavalid;
5524
5525 foreach my $line (@cavalid) {
5526 if ($line =~ /Not After : (.*)[\n]/) {
5527 $cavalid = $1;
5528
5529 last;
5530 }
5531 }
5532
99bfa85c 5533 print "<td align='center' $col>$confighash{$key}[25]</td>";
f7edf97a
AM		 5534 $col1="bgcolor='${Header::colourred}'";
5535 my $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>";
ce9abb66 5536
c6c9630e 5537 if ($confighash{$key}[0] eq 'off') {
f7edf97a
AM		 5538 $col1="bgcolor='${Header::colourblue}'";
5539 $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>";
c6c9630e 5540 } else {
ce9abb66
AH		 5541
5542###
7c1d9faf 5543# m.a.d net2net
f7edf97a
AM		 5544###
5545
b278daf3 5546 if ($confighash{$key}[3] eq 'net') {
54fd0535
MT		 5547
5548 if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
5549 my @output = "";
5550 my @tustate = "";
5551 my $tport = $confighash{$key}[22];
66c36198 5552 my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport);
54fd0535
MT		 5553 if ($tport ne '') {
5554 $tnet->open('127.0.0.1');
5555 @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/');
5556 @tustate = split(/\,/, $output[1]);
5557###
5558#CONNECTING -- OpenVPN's initial state.
5559#WAIT -- (Client only) Waiting for initial response from server.
5560#AUTH -- (Client only) Authenticating with server.
5561#GET_CONFIG -- (Client only) Downloading configuration options from server.
5562#ASSIGN_IP -- Assigning IP address to virtual network interface.
5563#ADD_ROUTES -- Adding routes to system.
5564#CONNECTED -- Initialization Sequence Completed.
5565#RECONNECTING -- A restart has occurred.
5566#EXITING -- A graceful exit is in progress.
5567####
5568
ed4b4c19 5569 if (($tustate[1] eq 'CONNECTED') || ($tustate[1] eq 'WAIT')) {
f7edf97a
AM		 5570 $col1="bgcolor='${Header::colourgreen}'";
5571 $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b>";
5572 }else {
5573 $col1="bgcolor='${Header::colourred}'";
5574 $active = "<b><font color='#FFFFFF'>$tustate[1]</font></b>";
5575 }
54fd0535 5576 }
54fd0535 5577 }
f7edf97a
AM		 5578 }else {
5579
5580 my $cn;
5581 my @match = ();
5582 foreach my $line (@status) {
5583 chomp($line);
5584 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
5585 @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
5586 if ($match[1] ne "Common Name") {
5587 $cn = $match[1];
5588 }
5589 $cn =~ s/[_]/ /g;
5590 if ($cn eq "$confighash{$key}[2]") {
5591 $col1="bgcolor='${Header::colourgreen}'";
5592 $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b>";
5593 }
5594 }
5595 }
c6c9630e 5596 }
7c1d9faf 5597}
ce9abb66
AH		 5598
5599
4c962356 5600 print <<END;
f7edf97a 5601 <td align='center' $col1>$active</td>
66c36198 5602
99bfa85c 5603 <form method='post' name='frm${key}a'><td align='center' $col>
96096995
AM		 5604 <input type='image' name='$Lang::tr{'dl client arch'}' src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
5605 <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
5606 <input type='hidden' name='KEY' value='$key' />
c6c9630e
MT		 5607 </td></form>
5608END
5609 ;
71af643c
MT		 5610
5611 if ($confighash{$key}[41] eq "no-pass") {
5612 print <<END;
5613 <form method='post' name='frm${key}g'><td align='center' $col>
5614 <input type='image' name='$Lang::tr{'dl client arch insecure'}' src='/images/openvpn.png'
5615 alt='$Lang::tr{'dl client arch insecure'}' title='$Lang::tr{'dl client arch insecure'}' border='0' />
5616 <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
5617 <input type='hidden' name='MODE' value='insecure' />
5618 <input type='hidden' name='KEY' value='$key' />
5619 </td></form>
5620END
5621 } else {
5622 print "<td $col>&nbsp;</td>";
5623 }
5624
c6c9630e 5625 if ($confighash{$key}[4] eq 'cert') {
4c962356 5626 print <<END;
99bfa85c 5627 <form method='post' name='frm${key}b'><td align='center' $col>
c6c9630e
MT		 5628 <input type='image' name='$Lang::tr{'show certificate'}' src='/images/info.gif' alt='$Lang::tr{'show certificate'}' title='$Lang::tr{'show certificate'}' border='0' />
5629 <input type='hidden' name='ACTION' value='$Lang::tr{'show certificate'}' />
5630 <input type='hidden' name='KEY' value='$key' />
5631 </td></form>
5632END
5633 ; } else {
5634 print "<td>&nbsp;</td>";
5635 }
e1e10515
TE		 5636
5637 if ($confighash{$key}[43] eq 'on') {
5638 print <<END;
5639<form method='post' name='frm${key}o'><td align='center' $col>
5640<input type='image' name='$Lang::tr{'show otp qrcode'}' src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}' title='$Lang::tr{'show otp qrcode'}' border='0' />
5641<input type='hidden' name='ACTION' value='$Lang::tr{'show otp qrcode'}' />
5642<input type='hidden' name='KEY' value='$key' />
5643</td></form>
5644END
5645; } else {
5646 print "<td $col>&nbsp;</td>";
5647 }
5648
66c36198 5649 if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") {
4c962356 5650 print <<END;
99bfa85c 5651 <form method='post' name='frm${key}c'><td align='center' $col>
438dd0cc 5652 <input type='image' name='$Lang::tr{'download pkcs12 file'}' src='/images/media-floppy.png' alt='$Lang::tr{'download pkcs12 file'}' title='$Lang::tr{'download pkcs12 file'}' border='0' />
c6c9630e
MT		 5653 <input type='hidden' name='ACTION' value='$Lang::tr{'download pkcs12 file'}' />
5654 <input type='hidden' name='KEY' value='$key' />
5655 </td></form>
5656END
5657 ; } elsif ($confighash{$key}[4] eq 'cert') {
4c962356 5658 print <<END;
99bfa85c 5659 <form method='post' name='frm${key}c'><td align='center' $col>
438dd0cc 5660 <input type='image' name='$Lang::tr{'download certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' title='$Lang::tr{'download certificate'}' border='0' />
c6c9630e
MT		 5661 <input type='hidden' name='ACTION' value='$Lang::tr{'download certificate'}' />
5662 <input type='hidden' name='KEY' value='$key' />
5663 </td></form>
5664END
5665 ; } else {
5666 print "<td>&nbsp;</td>";
5667 }
5668 print <<END
99bfa85c 5669 <form method='post' name='frm${key}d'><td align='center' $col>
c6c9630e
MT		 5670 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$Lang::tr{'toggle enable disable'}' title='$Lang::tr{'toggle enable disable'}' border='0' />
5671 <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
5672 <input type='hidden' name='KEY' value='$key' />
5673 </td></form>
5674
99bfa85c 5675 <form method='post' name='frm${key}e'><td align='center' $col>
c6c9630e
MT		 5676 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
5677 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' width='20' height='20' border='0'/>
5678 <input type='hidden' name='KEY' value='$key' />
5679 </td></form>
99bfa85c 5680 <form method='post' name='frm${key}f'><td align='center' $col>
c6c9630e
MT		 5681 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
5682 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' width='20' height='20' border='0' />
5683 <input type='hidden' name='KEY' value='$key' />
5684 </td></form>
5685 </tr>
5686END
5687 ;
5688 $id++;
5b942f7f 5689 $lastnet = $confighash{$key}[32];
c6c9630e 5690 }
5b942f7f 5691 print"</table>";
c6c9630e
MT		 5692 ;
5693
5694 # If the config file contains entries, print Key to action icons
5695 if ( $id ) {
4c962356 5696 print <<END;
8c877a82 5697 <table border='0'>
c6c9630e 5698 <tr>
4c962356
EK		 5699 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
5700 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
5701 <td class='base'>$Lang::tr{'click to disable'}</td>
5702 <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
5703 <td class='base'>$Lang::tr{'show certificate'}</td>
5704 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
5705 <td class='base'>$Lang::tr{'edit'}</td>
5706 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
5707 <td class='base'>$Lang::tr{'remove'}</td>
c6c9630e
MT		 5708 </tr>
5709 <tr>
4c962356
EK		 5710 <td>&nbsp; </td>
5711 <td>&nbsp; <img src='/images/off.gif' alt='?OFF' /></td>
5712 <td class='base'>$Lang::tr{'click to enable'}</td>
5713 <td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
5714 <td class='base'>$Lang::tr{'download certificate'}</td>
5715 <td>&nbsp; &nbsp; <img src='/images/openvpn.png' alt='?RELOAD'/></td>
5716 <td class='base'>$Lang::tr{'dl client arch'}</td>
e1e10515
TE		 5717 <td>&nbsp; &nbsp; <img src='/images/qr-code.png' alt='$Lang::tr{'show otp qrcode'}'/></td>
5718 <td class='base'>$Lang::tr{'show otp qrcode'}</td>
4c962356 5719 </tr>
f7edf97a 5720 </table><br>
c6c9630e
MT		 5721END
5722 ;
5723 }
5724
4c962356 5725 print <<END;
c6c9630e
MT		 5726 <table width='100%'>
5727 <form method='post'>
4c962356
EK		 5728 <tr><td align='right'>
5729 <input type='submit' name='ACTION' value='$Lang::tr{'add'}' />
5730 <input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td>
5731 </tr>
c6c9630e
MT		 5732 </form>
5733 </table>
5734END
4c962356
EK		 5735 ;
5736 &Header::closebox();
5737 }
fd5ccb2d
EK		 5738
5739 # CA/key listing
4c962356
EK		 5740 &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}");
5741 print <<END;
5742 <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
5743 <tr>
5744 <th width='25%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
5745 <th width='65%' class='boldbase' align='center'><b>$Lang::tr{'subject'}</b></th>
5746 <th width='10%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></th>
5747 </tr>
5748END
5749 ;
5750 my $col1="bgcolor='$color{'color22'}'";
f7fb5bc5 5751 my $col2="bgcolor='$color{'color20'}'";
c8f50356 5752 # DH parameter line
f7fb5bc5 5753 my $col3="bgcolor='$color{'color22'}'";
fd5ccb2d
EK		 5754 # ta.key line
5755 my $col4="bgcolor='$color{'color20'}'";
f7fb5bc5 5756
4c962356 5757 if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
2feacd98
SS		 5758 my @casubject = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/ca/cacert.pem");
5759 my $casubject;
5760
5761 foreach my $line (@casubject) {
5762 if ($line =~ /Subject: (.*)[\n]/) {
5763 $casubject = $1;
5764 $casubject =~ s+/Email+, E+;
5765 $casubject =~ s/ ST=/ S=/;
5766
5767 last;
5768 }
5769 }
5770
4c962356
EK		 5771 print <<END;
5772 <tr>
5773 <td class='base' $col1>$Lang::tr{'root certificate'}</td>
5774 <td class='base' $col1>$casubject</td>
c8f50356 5775 <form method='post' name='frmrootcrta'><td width='3%' align='center' $col1>
4c962356
EK		 5776 <input type='hidden' name='ACTION' value='$Lang::tr{'show root certificate'}' />
5777 <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show root certificate'}' title='$Lang::tr{'show root certificate'}' width='20' height='20' border='0' />
c8f50356
EK		 5778 </form>
5779 <form method='post' name='frmrootcrtb'><td width='3%' align='center' $col1>
4c962356
EK		 5780 <input type='image' name='$Lang::tr{'download root certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download root certificate'}' title='$Lang::tr{'download root certificate'}' border='0' />
5781 <input type='hidden' name='ACTION' value='$Lang::tr{'download root certificate'}' />
c8f50356
EK		 5782 </form>
5783 <td width='4%' $col1>&nbsp;</td>
5784 </tr>
4c962356
EK		 5785END
5786 ;
5787 } else {
5788 # display rootcert generation buttons
5789 print <<END;
5790 <tr>
5791 <td class='base' $col1>$Lang::tr{'root certificate'}:</td>
5792 <td class='base' $col1>$Lang::tr{'not present'}</td>
c8f50356
EK		 5793 <td colspan='3' $col1>&nbsp;</td>
5794 </tr>
4c962356
EK		 5795END
5796 ;
5797 }
5798
5799 if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
2feacd98
SS		 5800 my @hostsubject = &General::system_output("/usr/bin/openssl", "x509", "-text", "-in", "${General::swroot}/ovpn/certs/servercert.pem");
5801 my $hostsubject;
5802
5803 foreach my $line (@hostsubject) {
5804 if ($line =~ /Subject: (.*)[\n]/) {
5805 $hostsubject = $1;
5806 $hostsubject =~ s+/Email+, E+;
5807 $hostsubject =~ s/ ST=/ S=/;
5808
5809 last;
5810 }
5811 }
4c962356
EK		 5812
5813 print <<END;
5814 <tr>
5815 <td class='base' $col2>$Lang::tr{'host certificate'}</td>
5816 <td class='base' $col2>$hostsubject</td>
c8f50356 5817 <form method='post' name='frmhostcrta'><td width='3%' align='center' $col2>
4c962356
EK		 5818 <input type='hidden' name='ACTION' value='$Lang::tr{'show host certificate'}' />
5819 <input type='image' name='$Lang::tr{'show host certificate'}' src='/images/info.gif' alt='$Lang::tr{'show host certificate'}' title='$Lang::tr{'show host certificate'}' width='20' height='20' border='0' />
c8f50356
EK		 5820 </form>
5821 <form method='post' name='frmhostcrtb'><td width='3%' align='center' $col2>
4c962356
EK		 5822 <input type='image' name="$Lang::tr{'download host certificate'}" src='/images/media-floppy.png' alt="$Lang::tr{'download host certificate'}" title="$Lang::tr{'download host certificate'}" border='0' />
5823 <input type='hidden' name='ACTION' value="$Lang::tr{'download host certificate'}" />
c8f50356
EK		 5824 </td></form>
5825 <td width='4%' $col2>&nbsp;</td>
5826 </tr>
4c962356
EK		 5827END
5828 ;
5829 } else {
5830 # Nothing
5831 print <<END;
5832 <tr>
5833 <td width='25%' class='base' $col2>$Lang::tr{'host certificate'}:</td>
5834 <td class='base' $col2>$Lang::tr{'not present'}</td>
c8f50356
EK		 5835 </td><td colspan='3' $col2>&nbsp;</td>
5836 </tr>
4c962356
EK		 5837END
5838 ;
5839 }
ce9abb66 5840
f7fb5bc5
EK		 5841 # Adding DH parameter to chart
5842 if (-f "${General::swroot}/ovpn/ca/dh1024.pem") {
b959b9f5 5843 my @dhsubject = &General::system_output("/usr/bin/openssl", "dhparam", "-text", "-in", "${General::swroot}/ovpn/ca/dh1024.pem");
2feacd98 5844 my $dhsubject;
f7fb5bc5 5845
2feacd98
SS		 5846 foreach my $line (@dhsubject) {
5847 if ($line =~ / (.*)[\n]/) {
5848 $dhsubject = $1;
5849
5850 last;
5851 }
5852 }
f7fb5bc5
EK		 5853
5854 print <<END;
5855 <tr>
5856 <td class='base' $col3>$Lang::tr{'dh parameter'}</td>
5857 <td class='base' $col3>$dhsubject</td>
c8f50356 5858 <form method='post' name='frmdhparam'><td width='3%' align='center' $col3>
f7fb5bc5
EK		 5859 <input type='hidden' name='ACTION' value='$Lang::tr{'show dh'}' />
5860 <input type='image' name='$Lang::tr{'show dh'}' src='/images/info.gif' alt='$Lang::tr{'show dh'}' title='$Lang::tr{'show dh'}' width='20' height='20' border='0' />
c8f50356
EK		 5861 </form>
5862 <form method='post' name='frmdhparam'><td width='3%' align='center' $col3>
c8f50356
EK		 5863 </form>
5864 <td width='4%' $col3>&nbsp;</td>
5865 </tr>
f7fb5bc5
EK		 5866END
5867 ;
5868 } else {
5869 # Nothing
5870 print <<END;
5871 <tr>
5872 <td width='25%' class='base' $col3>$Lang::tr{'dh parameter'}:</td>
5873 <td class='base' $col3>$Lang::tr{'not present'}</td>
c8f50356
EK		 5874 </td><td colspan='3' $col3>&nbsp;</td>
5875 </tr>
f7fb5bc5
EK		 5876END
5877 ;
5878 }
5879
fd5ccb2d
EK		 5880 # Adding ta.key to chart
5881 if (-f "${General::swroot}/ovpn/certs/ta.key") {
2feacd98
SS		 5882 open(FILE, "${General::swroot}/ovpn/certs/ta.key");
5883 my @tasubject = <FILE>;
5884 close(FILE);
5885
5886 my $tasubject;
5887 foreach my $line (@tasubject) {
5888 if($line =~ /# (.*)[\n]/) {
5889 $tasubject = $1;
5890
5891 last;
5892 }
5893 }
5894
fd5ccb2d
EK		 5895 print <<END;
5896
5897 <tr>
5898 <td class='base' $col4>$Lang::tr{'ta key'}</td>
5899 <td class='base' $col4>$tasubject</td>
5900 <form method='post' name='frmtakey'><td width='3%' align='center' $col4>
5901 <input type='hidden' name='ACTION' value='$Lang::tr{'show tls-auth key'}' />
5902 <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show tls-auth key'}' title='$Lang::tr{'show tls-auth key'}' width='20' height='20' border='0' />
5903 </form>
5904 <form method='post' name='frmtakey'><td width='3%' align='center' $col4>
5905 <input type='image' name='$Lang::tr{'download tls-auth key'}' src='/images/media-floppy.png' alt='$Lang::tr{'download tls-auth key'}' title='$Lang::tr{'download tls-auth key'}' border='0' />
5906 <input type='hidden' name='ACTION' value='$Lang::tr{'download tls-auth key'}' />
5907 </form>
5908 <td width='4%' $col4>&nbsp;</td>
5909 </tr>
5910END
5911 ;
5912 } else {
5913 # Nothing
5914 print <<END;
5915 <tr>
5916 <td width='25%' class='base' $col4>$Lang::tr{'ta key'}:</td>
5917 <td class='base' $col4>$Lang::tr{'not present'}</td>
5918 <td colspan='3' $col4>&nbsp;</td>
5919 </tr>
5920END
5921 ;
5922 }
5923
4c962356
EK		 5924 if (! -f "${General::swroot}/ovpn/ca/cacert.pem") {
5925 print "<tr><td colspan='5' align='center'><form method='post'>";
5926 print "<input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' />";
5927 print "</form></td></tr>\n";
5928 }
5929
5930 if (keys %cahash > 0) {
5931 foreach my $key (keys %cahash) {
5932 if (($key + 1) % 2) {
5933 print "<tr bgcolor='$color{'color20'}'>\n";
5934 } else {
5935 print "<tr bgcolor='$color{'color22'}'>\n";
5936 }
5937 print "<td class='base'>$cahash{$key}[0]</td>\n";
5938 print "<td class='base'>$cahash{$key}[1]</td>\n";
5939 print <<END;
5940 <form method='post' name='cafrm${key}a'><td align='center'>
5941 <input type='image' name='$Lang::tr{'show ca certificate'}' src='/images/info.gif' alt='$Lang::tr{'show ca certificate'}' title='$Lang::tr{'show ca certificate'}' border='0' />
5942 <input type='hidden' name='ACTION' value='$Lang::tr{'show ca certificate'}' />
5943 <input type='hidden' name='KEY' value='$key' />
5944 </td></form>
5945 <form method='post' name='cafrm${key}b'><td align='center'>
5946 <input type='image' name='$Lang::tr{'download ca certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download ca certificate'}' title='$Lang::tr{'download ca certificate'}' border='0' />
5947 <input type='hidden' name='ACTION' value='$Lang::tr{'download ca certificate'}' />
5948 <input type='hidden' name='KEY' value='$key' />
5949 </td></form>
5950 <form method='post' name='cafrm${key}c'><td align='center'>
5951 <input type='hidden' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
5952 <input type='image' name='$Lang::tr{'remove ca certificate'}' src='/images/delete.gif' alt='$Lang::tr{'remove ca certificate'}' title='$Lang::tr{'remove ca certificate'}' width='20' height='20' border='0' />
5953 <input type='hidden' name='KEY' value='$key' />
5954 </td></form></tr>
5955END
5956 ;
5957 }
5958 }
5959
5960 print "</table>";
5961
5962 # If the file contains entries, print Key to action icons
5963 if ( -f "${General::swroot}/ovpn/ca/cacert.pem") {
5964 print <<END;
5965 <table>
5966 <tr>
5967 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
5968 <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
5969 <td class='base'>$Lang::tr{'show certificate'}</td>
5970 <td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' /></td>
5971 <td class='base'>$Lang::tr{'download certificate'}</td>
5972 </tr>
5973 </table>
5974END
5975 ;
5976 }
ce9abb66 5977
4c962356 5978 print <<END
578f23c8
SS		 5979
5980 <br><hr><br>
5981
4c962356 5982 <form method='post' enctype='multipart/form-data'>
578f23c8
SS		 5983 <table border='0' width='100%'>
5984 <tr>
5985 <td colspan='4'><b>$Lang::tr{'upload ca certificate'}</b></td>
5986 </tr>
4c962356 5987
578f23c8
SS		 5988 <tr>
5989 <td width='10%'>$Lang::tr{'ca name'}:</td>
5990 <td width='30%'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'></td>
5991 <td width='30%'><input type='file' name='FH' size='25'>
5992 <td width='30%'align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}'></td>
5993 </tr>
f527e53f 5994
578f23c8
SS		 5995 <tr>
5996 <td colspan='3'>&nbsp;</td>
5997 <td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td>
5998 </tr>
5999 </table>
f527e53f 6000
578f23c8
SS		 6001 <br>
6002
6003 <table border='0' width='100%'>
6004 <tr>
6005 <td colspan='4'><b>$Lang::tr{'ovpn dh parameters'}</b></td>
6006 </tr>
6007
6008 <tr>
6009 <td width='40%'>$Lang::tr{'ovpn dh upload'}:</td>
6010 <td width='30%'><input type='file' name='FH' size='25'>
6011 <td width='30%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload dh key'}'></td>
6012 </tr>
6013
6014 <tr>
6015 <td width='40%'>$Lang::tr{'ovpn dh new key'}:</td>
6016 <td colspan='2' width='60%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
6017 </tr>
6018 </table>
6019 </form>
66c36198 6020
578f23c8 6021 <br><hr>
4c962356
EK		 6022END
6023 ;
6024
6025 if ( $srunning eq "yes" ) {
6026 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' disabled='disabled' /></div></form>\n";
6027 } else {
6028 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' /></div></form>\n";
6029 }
6030 &Header::closebox();
6031END
6032 ;
6033
6034&Header::closepage();
ce9abb66 6035
IPFire 2.x development tree