]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blame - html/cgi-bin/ovpnmain.cgi
projects / people / pmueller / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
locations-functions.pl: Allow get_locations() function to skip special locations.
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / ovpnmain.cgi
CommitLineData
6e13d0a5 1#!/usr/bin/perl
70df8302
MT		 2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
49abe7af 5# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
70df8302
MT		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
54fd0535 21###
f527e53f 22# Based on IPFireCore 77
54fd0535 23###
6e13d0a5
MT		 24use CGI;
25use CGI qw/:standard/;
26use Net::DNS;
ce9abb66 27use Net::Ping;
54fd0535 28use Net::Telnet;
6e13d0a5
MT		 29use File::Copy;
30use File::Temp qw/ tempfile tempdir /;
31use strict;
32use Archive::Zip qw(:ERROR_CODES :CONSTANTS);
eff2dbf8 33use Sort::Naturally;
6e13d0a5 34require '/var/ipfire/general-functions.pl';
6e13d0a5
MT		 35require "${General::swroot}/lang.pl";
36require "${General::swroot}/header.pl";
37require "${General::swroot}/countries.pl";
e2e270e1 38require "${General::swroot}/location-functions.pl";
6e13d0a5
MT		 39
40# enable only the following on debugging purpose
8c877a82
AM		 41#use warnings;
42#use CGI::Carp 'fatalsToBrowser';
6e13d0a5 43#workaround to suppress a warning when a variable is used only once
8c877a82 44my @dummy = ( ${Header::colourgreen}, ${Header::colourblue} );
6e13d0a5
MT		 45undef (@dummy);
46
f2fdd0c1
CS		 47my %color = ();
48my %mainsettings = ();
49&General::readhash("${General::swroot}/main/settings", \%mainsettings);
50&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
6e13d0a5
MT		 51
52###
53### Initialize variables
54###
e81be1e1
AM		 55my %ccdconfhash=();
56my %ccdroutehash=();
57my %ccdroute2hash=();
6e13d0a5
MT		 58my %netsettings=();
59my %cgiparams=();
60my %vpnsettings=();
61my %checked=();
62my %confighash=();
63my %cahash=();
64my %selected=();
65my $warnmessage = '';
66my $errormessage = '';
400c8afd
EK		 67my $cryptoerror = '';
68my $cryptowarning = '';
6e13d0a5 69my %settings=();
54fd0535 70my $routes_push_file = '';
df9b48b7
AM		 71my $confighost="${General::swroot}/fwhosts/customhosts";
72my $configgrp="${General::swroot}/fwhosts/customgroups";
73my $customnet="${General::swroot}/fwhosts/customnetworks";
74my $name;
99bfa85c 75my $col="";
ffbe77c8
EK		 76my $local_serverconf = "${General::swroot}/ovpn/scripts/server.conf.local";
77my $local_clientconf = "${General::swroot}/ovpn/scripts/client.conf.local";
78
6e13d0a5
MT		 79&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
80$cgiparams{'ENABLED'} = 'off';
81$cgiparams{'ENABLED_BLUE'} = 'off';
82$cgiparams{'ENABLED_ORANGE'} = 'off';
83$cgiparams{'EDIT_ADVANCED'} = 'off';
84$cgiparams{'NAT'} = 'off';
85$cgiparams{'COMPRESSION'} = 'off';
86$cgiparams{'ONLY_PROPOSED'} = 'off';
87$cgiparams{'ACTION'} = '';
88$cgiparams{'CA_NAME'} = '';
4c962356
EK		 89$cgiparams{'DH_NAME'} = 'dh1024.pem';
90$cgiparams{'DHLENGHT'} = '';
6e13d0a5
MT		 91$cgiparams{'DHCP_DOMAIN'} = '';
92$cgiparams{'DHCP_DNS'} = '';
93$cgiparams{'DHCP_WINS'} = '';
54fd0535 94$cgiparams{'ROUTES_PUSH'} = '';
6e13d0a5 95$cgiparams{'DCOMPLZO'} = 'off';
a79fa1d6 96$cgiparams{'MSSFIX'} = '';
8c877a82 97$cgiparams{'number'} = '';
4c962356 98$cgiparams{'DCIPHER'} = '';
49abe7af
EK		 99$cgiparams{'DAUTH'} = '';
100$cgiparams{'TLSAUTH'} = '';
54fd0535 101$routes_push_file = "${General::swroot}/ovpn/routes_push";
400c8afd
EK		 102# Perform crypto and configration test
103&pkiconfigcheck;
ffbe77c8
EK		 104
105# Add CCD files if not already presant
106unless (-e $routes_push_file) {
107 open(RPF, ">$routes_push_file");
108 close(RPF);
109}
110unless (-e "${General::swroot}/ovpn/ccd.conf") {
111 open(CCDC, ">${General::swroot}/ovpn/ccd.conf");
112 close (CCDC);
113}
114unless (-e "${General::swroot}/ovpn/ccdroute") {
115 open(CCDR, ">${General::swroot}/ovpn/ccdroute");
116 close (CCDR);
117}
118unless (-e "${General::swroot}/ovpn/ccdroute2") {
119 open(CCDRT, ">${General::swroot}/ovpn/ccdroute2");
120 close (CCDRT);
121}
122# Add additional configs if not already presant
123unless (-e "$local_serverconf") {
124 open(LSC, ">$local_serverconf");
125 close (LSC);
126}
127unless (-e "$local_clientconf") {
128 open(LCC, ">$local_clientconf");
129 close (LCC);
130}
ce9abb66 131
6e13d0a5
MT		 132&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
133
134# prepare openvpn config file
135###
136### Useful functions
137###
c6c9630e
MT		 138sub haveOrangeNet
139{
13211b21
CS		 140 if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;}
141 if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
c6c9630e
MT		 142 return 0;
143}
144
145sub haveBlueNet
146{
13211b21 147 if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;}
c6c9630e 148 if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
c6c9630e
MT		 149 return 0;
150}
151
152sub sizeformat{
153 my $bytesize = shift;
154 my $i = 0;
155
156 while(abs($bytesize) >= 1024){
157 $bytesize=$bytesize/1024;
158 $i++;
159 last if($i==6);
160 }
161
162 my @units = ("Bytes","KB","MB","GB","TB","PB","EB");
163 my $newsize=(int($bytesize*100 +0.5))/100;
164 return("$newsize $units[$i]");
165}
166
c6c9630e
MT		 167sub cleanssldatabase
168{
169 if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
170 print FILE "01";
171 close FILE;
172 }
173 if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt")) {
174 print FILE "";
175 close FILE;
176 }
e6f7f8e7
EK		 177 if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt.attr")) {
178 print FILE "";
179 close FILE;
180 }
c6c9630e 181 unlink ("${General::swroot}/ovpn/certs/index.txt.old");
e6f7f8e7 182 unlink ("${General::swroot}/ovpn/certs/index.txt.attr.old");
c6c9630e
MT		 183 unlink ("${General::swroot}/ovpn/certs/serial.old");
184 unlink ("${General::swroot}/ovpn/certs/01.pem");
185}
186
187sub newcleanssldatabase
188{
189 if (! -s "${General::swroot}/ovpn/certs/serial" ) {
190 open(FILE, ">${General::swroot}(ovpn/certs/serial");
191 print FILE "01";
192 close FILE;
193 }
194 if (! -s ">${General::swroot}/ovpn/certs/index.txt") {
195 system ("touch ${General::swroot}/ovpn/certs/index.txt");
196 }
e6f7f8e7
EK		 197 if (! -s ">${General::swroot}/ovpn/certs/index.txt.attr") {
198 system ("touch ${General::swroot}/ovpn/certs/index.txt.attr");
199 }
c6c9630e 200 unlink ("${General::swroot}/ovpn/certs/index.txt.old");
e6f7f8e7 201 unlink ("${General::swroot}/ovpn/certs/index.txt.attr.old");
c6c9630e
MT		 202 unlink ("${General::swroot}/ovpn/certs/serial.old");
203}
204
205sub deletebackupcert
206{
207 if (open(FILE, "${General::swroot}/ovpn/certs/serial.old")) {
208 my $hexvalue = <FILE>;
209 chomp $hexvalue;
210 close FILE;
211 unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem");
212 }
213}
4c962356 214
400c8afd
EK		 215###
216### Check for PKI and configure problems
217###
218
219sub pkiconfigcheck
220{
221 # Warning if DH parameter is 1024 bit
222 if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
223 my $dhparameter = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}`;
224 my @dhbit = ($dhparameter =~ /(\d+)/);
225 if ($1 < 2048) {
226 $cryptoerror = "$Lang::tr{'ovpn error dh'}";
227 goto CRYPTO_ERROR;
228 }
229 }
230
231 # Warning if md5 is in usage
232 if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
233 my $signature = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
234 if ($signature =~ /md5WithRSAEncryption/) {
235 $cryptoerror = "$Lang::tr{'ovpn error md5'}";
236 goto CRYPTO_ERROR;
237 }
238 }
239
240 CRYPTO_ERROR:
241
242 # Warning if certificate is not compliant to RFC3280 TLS rules
243 if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
244 my $extendkeyusage = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
245 if ($extendkeyusage !~ /TLS Web Server Authentication/) {
246 $cryptowarning = "$Lang::tr{'ovpn warning rfc3280'}";
247 goto CRYPTO_WARNING;
248 }
249 }
250
251 CRYPTO_WARNING:
252}
253
c6c9630e 254sub writeserverconf {
54fd0535
MT		 255 my %sovpnsettings = ();
256 my @temp = ();
c6c9630e 257 &General::readhash("${General::swroot}/ovpn/settings", \%sovpnsettings);
54fd0535
MT		 258 &read_routepushfile;
259
c6c9630e
MT		 260 open(CONF, ">${General::swroot}/ovpn/server.conf") or die "Unable to open ${General::swroot}/ovpn/server.conf: $!";
261 flock CONF, 2;
262 print CONF "#OpenVPN Server conf\n";
263 print CONF "\n";
264 print CONF "daemon openvpnserver\n";
265 print CONF "writepid /var/run/openvpn.pid\n";
afabe9f7 266 print CONF "#DAN prepare OpenVPN for listening on blue and orange\n";
c6c9630e 267 print CONF ";local $sovpnsettings{'VPN_IP'}\n";
79e7688b 268 print CONF "dev tun\n";
c6c9630e
MT		 269 print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
270 print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
a4fd2325 271 print CONF "script-security 3\n";
07675dc3 272 print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n";
6140e7e0 273 print CONF "client-config-dir /var/ipfire/ovpn/ccd\n";
c6c9630e 274 print CONF "tls-server\n";
4c962356
EK		 275 print CONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
276 print CONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
277 print CONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
49abe7af 278 print CONF "dh ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}\n";
c6c9630e
MT		 279 my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'});
280 print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n";
8c877a82 281 #print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
4c962356 282
32405d88 283 # Check if we are using mssfix, fragment and set the corretct mtu of 1500.
2ee746be
SS		 284 # If we doesn't use one of them, we can use the configured mtu value.
285 if ($sovpnsettings{'MSSFIX'} eq 'on')
79e7688b 286 { print CONF "tun-mtu 1500\n"; }
2ee746be 287 elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp')
79e7688b 288 { print CONF "tun-mtu 1500\n"; }
2ee746be 289 else
79e7688b 290 { print CONF "tun-mtu $sovpnsettings{'DMTU'}\n"; }
2ee746be 291
54fd0535 292 if ($vpnsettings{'ROUTES_PUSH'} ne '') {
8c877a82
AM		 293 @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'});
294 foreach (@temp)
295 {
296 @tempovpnsubnet = split("\/",&General::ipcidr2msk($_));
297 print CONF "push \"route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . "\"\n";
298 }
54fd0535 299 }
8c877a82
AM		 300# a.marx ccd
301 my %ccdconfhash=();
302 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
303 foreach my $key (keys %ccdconfhash) {
304 my $a=$ccdconfhash{$key}[1];
305 my ($b,$c) = split (/\//, $a);
306 print CONF "route $b ".&General::cidrtosub($c)."\n";
307 }
308 my %ccdroutehash=();
309 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
310 foreach my $key (keys %ccdroutehash) {
311 foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
312 my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]);
313 print CONF "route $a $b\n";
314 }
315 }
316# ccd end
54fd0535 317
8c877a82 318 if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
c6c9630e
MT		 319 print CONF "client-to-client\n";
320 }
1de5c945 321 if ($sovpnsettings{MSSFIX} eq 'on') {
4c962356 322 print CONF "mssfix\n";
1de5c945
EK		 323 }
324 if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') {
4c962356 325 print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
a79fa1d6 326 }
2ee746be 327
c6c9630e
MT		 328 if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {
329 print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
330 }
331 print CONF "status-version 1\n";
87fe47e9 332 print CONF "status /var/run/ovpnserver.log 30\n";
a4fd2325 333 print CONF "ncp-disable\n";
c6c9630e 334 print CONF "cipher $sovpnsettings{DCIPHER}\n";
49abe7af 335 print CONF "auth $sovpnsettings{'DAUTH'}\n";
942446b5
EK		 336 # Set TLSv2 as minimum
337 print CONF "tls-version-min 1.2\n";
86308adb 338
49abe7af 339 if ($sovpnsettings{'TLSAUTH'} eq 'on') {
4be45949 340 print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n";
49abe7af 341 }
c6c9630e
MT		 342 if ($sovpnsettings{DCOMPLZO} eq 'on') {
343 print CONF "comp-lzo\n";
344 }
345 if ($sovpnsettings{REDIRECT_GW_DEF1} eq 'on') {
346 print CONF "push \"redirect-gateway def1\"\n";
347 }
348 if ($sovpnsettings{DHCP_DOMAIN} ne '') {
349 print CONF "push \"dhcp-option DOMAIN $sovpnsettings{DHCP_DOMAIN}\"\n";
350 }
351
352 if ($sovpnsettings{DHCP_DNS} ne '') {
353 print CONF "push \"dhcp-option DNS $sovpnsettings{DHCP_DNS}\"\n";
354 }
355
356 if ($sovpnsettings{DHCP_WINS} ne '') {
357 print CONF "push \"dhcp-option WINS $sovpnsettings{DHCP_WINS}\"\n";
358 }
359
fa527476 360 if ($sovpnsettings{MAX_CLIENTS} eq '') {
c6c9630e 361 print CONF "max-clients 100\n";
a79fa1d6 362 }
fa527476 363 if ($sovpnsettings{MAX_CLIENTS} ne '') {
c6c9630e
MT		 364 print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n";
365 }
1d0a260a 366 print CONF "tls-verify /usr/lib/openvpn/verify\n";
c6c9630e
MT		 367 print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n";
368 print CONF "user nobody\n";
369 print CONF "group nobody\n";
370 print CONF "persist-key\n";
371 print CONF "persist-tun\n";
372 if ($sovpnsettings{LOG_VERB} ne '') {
373 print CONF "verb $sovpnsettings{LOG_VERB}\n";
374 } else {
375 print CONF "verb 3\n";
ffbe77c8 376 }
708f2b73
MT		 377
378 print CONF "# Log clients connecting/disconnecting\n";
379 print CONF "client-connect \"/usr/sbin/openvpn-metrics client-connect\"\n";
380 print CONF "client-disconnect \"/usr/sbin/openvpn-metrics client-disconnect\"\n";
381
ffbe77c8
EK		 382 # Print server.conf.local if entries exist to server.conf
383 if ( !-z $local_serverconf && $sovpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') {
384 open (LSC, "$local_serverconf");
385 print CONF "\n#---------------------------\n";
386 print CONF "# Start of custom directives\n";
387 print CONF "# from server.conf.local\n";
388 print CONF "#---------------------------\n\n";
389 while (<LSC>) {
390 print CONF $_;
391 }
392 print CONF "\n#-----------------------------\n";
393 print CONF "# End of custom directives\n";
394 print CONF "#-----------------------------\n";
395 close (LSC);
396 }
c6c9630e
MT		 397 print CONF "\n";
398
399 close(CONF);
400}
8c877a82 401
c6c9630e 402sub emptyserverlog{
87fe47e9 403 if (open(FILE, ">/var/run/ovpnserver.log")) {
c6c9630e
MT		 404 flock FILE, 2;
405 print FILE "";
406 close FILE;
407 }
408
409}
410
8c877a82
AM		 411sub delccdnet
412{
413 my %ccdconfhash = ();
414 my %ccdhash = ();
415 my $ccdnetname=$_[0];
416 if (-f "${General::swroot}/ovpn/ovpnconfig"){
417 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
418 foreach my $key (keys %ccdhash) {
419 if ($ccdhash{$key}[32] eq $ccdnetname) {
420 $errormessage=$Lang::tr{'ccd err hostinnet'};
421 return;
422 }
423 }
424 }
425 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
426 foreach my $key (keys %ccdconfhash) {
427 if ($ccdconfhash{$key}[0] eq $ccdnetname){
428 delete $ccdconfhash{$key};
429 }
430 }
431 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
432
433 &writeserverconf;
434 return 0;
435}
436
437sub addccdnet
438{
439 my %ccdconfhash=();
440 my @ccdconf=();
441 my $ccdname=$_[0];
442 my $ccdnet=$_[1];
8c877a82
AM		 443 my $subcidr;
444 my @ip2=();
445 my $checkup;
446 my $ccdip;
447 my $baseaddress;
290007b3
AM		 448
449
450 #check name
451 if ($ccdname eq '')
452 {
453 $errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>";
454 return
455 }
456
457 if(!&General::validhostname($ccdname))
458 {
8c877a82
AM		 459 $errormessage=$Lang::tr{'ccd err invalidname'};
460 return;
461 }
290007b3
AM		 462
463 ($ccdip,$subcidr) = split (/\//,$ccdnet);
464 $subcidr=&General::iporsubtocidr($subcidr);
465 #check subnet
466 if ($subcidr > 30)
467 {
8c877a82
AM		 468 $errormessage=$Lang::tr{'ccd err invalidnet'};
469 return;
470 }
290007b3
AM		 471 #check ip
472 if (!&General::validipandmask($ccdnet)){
473 $errormessage=$Lang::tr{'ccd err invalidnet'};
474 return;
8c877a82 475 }
b6c60092 476
8c877a82
AM		 477 if (!$errormessage) {
478 my %ccdconfhash=();
479 $baseaddress=&General::getnetworkip($ccdip,$subcidr);
480 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
481 my $key = &General::findhasharraykey (\%ccdconfhash);
482 foreach my $i (0 .. 1) { $ccdconfhash{$key}[$i] = "";}
483 $ccdconfhash{$key}[0] = $ccdname;
484 $ccdconfhash{$key}[1] = $baseaddress."/".$subcidr;
485 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
486 &writeserverconf;
487 $cgiparams{'ccdname'}='';
488 $cgiparams{'ccdsubnet'}='';
489 return 1;
490 }
491}
492
493sub modccdnet
494{
495
496 my $newname=$_[0];
497 my $oldname=$_[1];
498 my %ccdconfhash=();
499 my %ccdhash=();
7ad653cc
SS		 500
501 # Check if the new name is valid.
502 if(!&General::validhostname($newname)) {
503 $errormessage=$Lang::tr{'ccd err invalidname'};
504 return;
505 }
506
8c877a82
AM		 507 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
508 foreach my $key (keys %ccdconfhash) {
509 if ($ccdconfhash{$key}[0] eq $oldname) {
510 foreach my $key1 (keys %ccdconfhash) {
511 if ($ccdconfhash{$key1}[0] eq $newname){
512 $errormessage=$errormessage.$Lang::tr{'ccd err netadrexist'};
513 return;
514 }else{
515 $ccdconfhash{$key}[0]= $newname;
516 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
517 last;
518 }
519 }
520 }
521 }
522
523 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
524 foreach my $key (keys %ccdhash) {
525 if ($ccdhash{$key}[32] eq $oldname) {
526 $ccdhash{$key}[32]=$newname;
527 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
528 last;
529 }
530 }
531
532 return 0;
533}
534sub ccdmaxclients
535{
536 my $ccdnetwork=$_[0];
537 my @octets=();
538 my @subnet=();
539 @octets=split("\/",$ccdnetwork);
540 @subnet= split /\./, &General::cidrtosub($octets[1]);
541 my ($a,$b,$c,$d,$e);
542 $a=256-$subnet[0];
543 $b=256-$subnet[1];
544 $c=256-$subnet[2];
545 $d=256-$subnet[3];
546 $e=($a*$b*$c*$d)/4;
547 return $e-1;
548}
549
550sub getccdadresses
551{
552 my $ipin=$_[0];
553 my ($ip1,$ip2,$ip3,$ip4)=split /\./, $ipin;
554 my $cidr=$_[1];
555 chomp($cidr);
556 my $count=$_[2];
557 my $hasip=$_[3];
558 chomp($hasip);
559 my @iprange=();
560 my %ccdhash=();
561 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
d9fe5693 562 $iprange[0]=$ip1.".".$ip2.".".$ip3.".".($ip4+2);
ac87f371 563 for (my $i=1;$i<=$count;$i++) {
8c877a82
AM		 564 my $tmpip=$iprange[$i-1];
565 my $stepper=$i*4;
566 $iprange[$i]= &General::getnextip($tmpip,4);
567 }
568 my $r=0;
569 foreach my $key (keys %ccdhash) {
570 $r=0;
571 foreach my $tmp (@iprange){
572 my ($net,$sub) = split (/\//,$ccdhash{$key}[33]);
573 if ($net eq $tmp) {
574 if ( $hasip ne $ccdhash{$key}[33] ){
575 splice (@iprange,$r,1);
576 }
577 }
578 $r++;
579 }
580 }
581 return @iprange;
582}
583
584sub fillselectbox
585{
586 my $boxname=$_[1];
587 my ($ccdip,$subcidr) = split("/",$_[0]);
588 my $tz=$_[2];
589 my @allccdips=&getccdadresses($ccdip,$subcidr,&ccdmaxclients($ccdip."/".$subcidr),$tz);
590 print"<select name='$boxname' STYLE='font-family : arial; font-size : 9pt; width:130px;' >";
591 foreach (@allccdips) {
592 my $ip=$_."/30";
593 chomp($ip);
594 print "<option value='$ip' ";
595 if ( $ip eq $cgiparams{$boxname} ){
596 print"selected";
597 }
598 print ">$ip</option>";
599 }
600 print "</select>";
601}
602
603sub hostsinnet
604{
605 my $name=$_[0];
606 my %ccdhash=();
607 my $i=0;
608 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
609 foreach my $key (keys %ccdhash) {
610 if ($ccdhash{$key}[32] eq $name){ $i++;}
611 }
612 return $i;
613}
614
615sub check_routes_push
616{
617 my $val=$_[0];
618 my ($ip,$cidr) = split (/\//, $val);
619 ##check for existing routes in routes_push
620 if (-e "${General::swroot}/ovpn/routes_push") {
621 open(FILE,"${General::swroot}/ovpn/routes_push");
622 while (<FILE>) {
623 $_=~s/\s*$//g;
624
625 my ($ip2,$cidr2) = split (/\//,"$_");
626 my $val2=$ip2."/".&General::iporsubtodec($cidr2);
627
628 if($val eq $val2){
629 return 0;
630 }
631 #subnetcheck
632 if (&General::IpInSubnet ($ip,$ip2,&General::iporsubtodec($cidr2))){
633 return 0;
634 }
635 };
636 close(FILE);
637 }
638 return 1;
639}
640
641sub check_ccdroute
642{
643 my %ccdroutehash=();
644 my $val=$_[0];
645 my ($ip,$cidr) = split (/\//, $val);
646 #check for existing routes in ccdroute
647 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
648 foreach my $key (keys %ccdroutehash) {
649 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
650 if (&General::iporsubtodec($val) eq $ccdroutehash{$key}[$i] && $ccdroutehash{$key}[0] ne $cgiparams{'NAME'}){
651 return 0;
652 }
653 my ($ip2,$cidr2) = split (/\//,$ccdroutehash{$key}[$i]);
654 #subnetcheck
655 if (&General::IpInSubnet ($ip,$ip2,$cidr2)&& $ccdroutehash{$key}[0] ne $cgiparams{'NAME'} ){
656 return 0;
657 }
658 }
659 }
660 return 1;
661}
662sub check_ccdconf
663{
664 my %ccdconfhash=();
665 my $val=$_[0];
666 my ($ip,$cidr) = split (/\//, $val);
667 #check for existing routes in ccdroute
668 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
669 foreach my $key (keys %ccdconfhash) {
670 if (&General::iporsubtocidr($val) eq $ccdconfhash{$key}[1]){
671 return 0;
672 }
673 my ($ip2,$cidr2) = split (/\//,$ccdconfhash{$key}[1]);
674 #subnetcheck
675 if (&General::IpInSubnet ($ip,$ip2,&General::cidrtosub($cidr2))){
676 return 0;
677 }
678
679 }
680 return 1;
681}
682
7c1d9faf
AH		 683###
684# m.a.d net2net
685###
686
687sub validdotmask
688{
689 my $ipdotmask = $_[0];
690 if (&General::validip($ipdotmask)) { return 0; }
691 if (!($ipdotmask =~ /^(.*?)\/(.*?)$/)) { }
692 my $mask = $2;
693 if (($mask =~ /\./ )) { return 0; }
694 return 1;
695}
54fd0535
MT		 696
697# -------------------------------------------------------------------
698
699sub write_routepushfile
700{
701 open(FILE, ">$routes_push_file");
702 flock(FILE, 2);
703 if ($vpnsettings{'ROUTES_PUSH'} ne '') {
704 print FILE $vpnsettings{'ROUTES_PUSH'};
705 }
706 close(FILE);
707}
708
709sub read_routepushfile
710{
711 if (-e "$routes_push_file") {
712 open(FILE,"$routes_push_file");
713 delete $vpnsettings{'ROUTES_PUSH'};
714 while (<FILE>) { $vpnsettings{'ROUTES_PUSH'} .= $_ };
715 close(FILE);
716 $cgiparams{'ROUTES_PUSH'} = $vpnsettings{'ROUTES_PUSH'};
8c877a82 717
54fd0535
MT		 718 }
719}
7c1d9faf 720
775b4494
AM		 721sub writecollectdconf {
722 my $vpncollectd;
723 my %ccdhash=();
724
725 open(COLLECTDVPN, ">${General::swroot}/ovpn/collectd.vpn") or die "Unable to open collectd.vpn: $!";
726 print COLLECTDVPN "Loadplugin openvpn\n";
727 print COLLECTDVPN "\n";
728 print COLLECTDVPN "<Plugin openvpn>\n";
729 print COLLECTDVPN "Statusfile \"/var/run/ovpnserver.log\"\n";
730
731 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
732 foreach my $key (keys %ccdhash) {
733 if ($ccdhash{$key}[0] eq 'on' && $ccdhash{$key}[3] eq 'net') {
734 print COLLECTDVPN "Statusfile \"/var/run/openvpn/$ccdhash{$key}[1]-n2n\"\n";
735 }
736 }
737
738 print COLLECTDVPN "</Plugin>\n";
739 close(COLLECTDVPN);
740
741 # Reload collectd afterwards
742 system("/usr/local/bin/collectdctrl restart &>/dev/null");
743}
7c1d9faf 744
c6c9630e
MT		 745#hier die refresh page
746if ( -e "${General::swroot}/ovpn/gencanow") {
747 my $refresh = '';
748 $refresh = "<meta http-equiv='refresh' content='15;' />";
749 &Header::showhttpheaders();
750 &Header::openpage($Lang::tr{'OVPN'}, 1, $refresh);
751 &Header::openbigbox('100%', 'center');
752 &Header::openbox('100%', 'left', "$Lang::tr{'generate root/host certificates'}:");
753 print "<tr>\n<td align='center'><img src='/images/clock.gif' alt='' /></td>\n";
754 print "<td colspan='2'><font color='red'>Please be patient this realy can take some time on older hardware...</font></td></tr>\n";
755 &Header::closebox();
756 &Header::closebigbox();
757 &Header::closepage();
758 exit (0);
759}
760##hier die refresh page
761
6e13d0a5
MT		 762
763###
764### OpenVPN Server Control
765###
766if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'} ||
767 $cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'} ||
768 $cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}) {
6e13d0a5
MT		 769 #start openvpn server
770 if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'}){
c6c9630e 771 &emptyserverlog();
6e13d0a5
MT		 772 system('/usr/local/bin/openvpnctrl', '-s');
773 }
774 #stop openvpn server
775 if ($cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'}){
6e13d0a5 776 system('/usr/local/bin/openvpnctrl', '-k');
c6c9630e 777 &emptyserverlog();
6e13d0a5
MT		 778 }
779# #restart openvpn server
8c877a82 780# if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){
6e13d0a5 781#workarund, till SIGHUP also works when running as nobody
8c877a82
AM		 782# system('/usr/local/bin/openvpnctrl', '-r');
783# &emptyserverlog();
784# }
6e13d0a5
MT		 785}
786
787###
788### Save Advanced options
789###
790
791if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
792 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
793 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
794 #DAN this value has to leave.
795#new settings for daemon
796 $vpnsettings{'LOG_VERB'} = $cgiparams{'LOG_VERB'};
797 $vpnsettings{'KEEPALIVE_1'} = $cgiparams{'KEEPALIVE_1'};
798 $vpnsettings{'KEEPALIVE_2'} = $cgiparams{'KEEPALIVE_2'};
799 $vpnsettings{'MAX_CLIENTS'} = $cgiparams{'MAX_CLIENTS'};
800 $vpnsettings{'REDIRECT_GW_DEF1'} = $cgiparams{'REDIRECT_GW_DEF1'};
801 $vpnsettings{'CLIENT2CLIENT'} = $cgiparams{'CLIENT2CLIENT'};
6a9d9ff4 802 $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
ffbe77c8 803 $vpnsettings{'ADDITIONAL_CONFIGS'} = $cgiparams{'ADDITIONAL_CONFIGS'};
6e13d0a5
MT		 804 $vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'};
805 $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
806 $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
54fd0535
MT		 807 $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
808 my @temp=();
6e13d0a5 809
a79fa1d6
JPT		 810 if ($cgiparams{'FRAGMENT'} eq '') {
811 delete $vpnsettings{'FRAGMENT'};
812 } else {
813 if ($cgiparams{'FRAGMENT'} !~ /^[0-9]+$/) {
814 $errormessage = "Incorrect value, please insert only numbers.";
815 goto ADV_ERROR;
816 } else {
817 $vpnsettings{'FRAGMENT'} = $cgiparams{'FRAGMENT'};
818 }
819 }
49abe7af 820
a79fa1d6 821 if ($cgiparams{'MSSFIX'} ne 'on') {
1de5c945 822 delete $vpnsettings{'MSSFIX'};
a79fa1d6
JPT		 823 } else {
824 $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
825 }
2ee746be 826
6e13d0a5 827 if ($cgiparams{'DHCP_DOMAIN'} ne ''){
81da1b01 828 unless (&General::validdomainname($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
6e13d0a5
MT		 829 $errormessage = $Lang::tr{'invalid input for dhcp domain'};
830 goto ADV_ERROR;
831 }
832 }
833 if ($cgiparams{'DHCP_DNS'} ne ''){
834 unless (&General::validfqdn($cgiparams{'DHCP_DNS'}) || &General::validip($cgiparams{'DHCP_DNS'})) {
835 $errormessage = $Lang::tr{'invalid input for dhcp dns'};
836 goto ADV_ERROR;
837 }
838 }
839 if ($cgiparams{'DHCP_WINS'} ne ''){
840 unless (&General::validfqdn($cgiparams{'DHCP_WINS'}) || &General::validip($cgiparams{'DHCP_WINS'})) {
841 $errormessage = $Lang::tr{'invalid input for dhcp wins'};
54fd0535
MT		 842 goto ADV_ERROR;
843 }
844 }
845 if ($cgiparams{'ROUTES_PUSH'} ne ''){
846 @temp = split(/\n/,$cgiparams{'ROUTES_PUSH'});
847 undef $vpnsettings{'ROUTES_PUSH'};
8c877a82
AM		 848
849 foreach my $tmpip (@temp)
54fd0535
MT		 850 {
851 s/^\s+//g; s/\s+$//g;
8c877a82
AM		 852
853 if ($tmpip)
54fd0535 854 {
8c877a82
AM		 855 $tmpip=~s/\s*$//g;
856 unless (&General::validipandmask($tmpip)) {
857 $errormessage = "$tmpip ".$Lang::tr{'ovpn errmsg invalid ip or mask'};
858 goto ADV_ERROR;
54fd0535 859 }
8c877a82
AM		 860 my ($ip, $cidr) = split("\/",&General::ipcidr2msk($tmpip));
861
54fd0535
MT		 862 if ($ip eq $netsettings{'GREEN_NETADDRESS'} && $cidr eq $netsettings{'GREEN_NETMASK'}) {
863 $errormessage = $Lang::tr{'ovpn errmsg green already pushed'};
8c877a82
AM		 864 goto ADV_ERROR;
865 }
866# a.marx ccd
867 my %ccdroutehash=();
868 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
869 foreach my $key (keys %ccdroutehash) {
870 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
871 if ( $ip."/".$cidr eq $ccdroutehash{$key}[$i] ){
872 $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ;
873 goto ADV_ERROR;
874 }
875 my ($ip2,$cidr2) = split(/\//,$ccdroutehash{$key}[$i]);
876 if (&General::IpInSubnet ($ip,$ip2,$cidr2)){
877 $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ;
878 goto ADV_ERROR;
879 }
880 }
54fd0535 881 }
8c877a82
AM		 882
883# ccd end
884
885 $vpnsettings{'ROUTES_PUSH'} .= $tmpip."\n";
54fd0535 886 }
8c877a82
AM		 887 }
888 &write_routepushfile;
54fd0535 889 undef $vpnsettings{'ROUTES_PUSH'};
8e148dc3
NP		 890 }
891 else {
892 undef $vpnsettings{'ROUTES_PUSH'};
893 &write_routepushfile;
6e13d0a5 894 }
ba50f66d 895 if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 1024 )) {
6e13d0a5
MT		 896 $errormessage = $Lang::tr{'invalid input for max clients'};
897 goto ADV_ERROR;
898 }
899 if ($cgiparams{'KEEPALIVE_1'} ne '') {
900 if ($cgiparams{'KEEPALIVE_1'} !~ /^[0-9]+$/) {
901 $errormessage = $Lang::tr{'invalid input for keepalive 1'};
902 goto ADV_ERROR;
903 }
904 }
905 if ($cgiparams{'KEEPALIVE_2'} ne ''){
906 if ($cgiparams{'KEEPALIVE_2'} !~ /^[0-9]+$/) {
907 $errormessage = $Lang::tr{'invalid input for keepalive 2'};
908 goto ADV_ERROR;
909 }
910 }
911 if ($cgiparams{'KEEPALIVE_2'} < ($cgiparams{'KEEPALIVE_1'} * 2)){
912 $errormessage = $Lang::tr{'invalid input for keepalive 1:2'};
913 goto ADV_ERROR;
914 }
6e13d0a5 915 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
c6c9630e 916 &writeserverconf();#hier ok
6e13d0a5
MT		 917}
918
ce9abb66 919###
7c1d9faf 920# m.a.d net2net
ce9abb66
AH		 921###
922
923if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'server')
924{
c6c9630e 925
ce9abb66
AH		 926my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
927my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'});
54fd0535 928my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
d96c89eb 929my $tunmtu = '';
531f0835
AH		 930
931unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
932unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
ce9abb66
AH		 933
934 open(SERVERCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
935
936 flock SERVERCONF, 2;
7c1d9faf 937 print SERVERCONF "# IPFire n2n Open VPN Server Config by ummeegge und m.a.d\n";
ce9abb66 938 print SERVERCONF "\n";
b278daf3 939 print SERVERCONF "# User Security\n";
ce9abb66
AH		 940 print SERVERCONF "user nobody\n";
941 print SERVERCONF "group nobody\n";
942 print SERVERCONF "persist-tun\n";
943 print SERVERCONF "persist-key\n";
7c1d9faf 944 print SERVERCONF "script-security 2\n";
60f396d7 945 print SERVERCONF "# IP/DNS for remote Server Gateway\n";
c125d8a2
SS		 946
947 if ($cgiparams{'REMOTE'} ne '') {
ce9abb66 948 print SERVERCONF "remote $cgiparams{'REMOTE'}\n";
c125d8a2
SS		 949 }
950
b278daf3 951 print SERVERCONF "float\n";
60f396d7 952 print SERVERCONF "# IP adresses of the VPN Subnet\n";
ce9abb66 953 print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n";
60f396d7 954 print SERVERCONF "# Client Gateway Network\n";
54fd0535 955 print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n";
2913185a 956 print SERVERCONF "up \"/etc/init.d/static-routes start\"\n";
60f396d7 957 print SERVERCONF "# tun Device\n";
ce9abb66 958 print SERVERCONF "dev tun\n";
5795fc1b
AM		 959 print SERVERCONF "#Logfile for statistics\n";
960 print SERVERCONF "status-version 1\n";
87fe47e9 961 print SERVERCONF "status /var/run/openvpn/$cgiparams{'NAME'}-n2n 10\n";
60f396d7 962 print SERVERCONF "# Port and Protokol\n";
ce9abb66 963 print SERVERCONF "port $cgiparams{'DEST_PORT'}\n";
5795fc1b 964
60f396d7
AH		 965 if ($cgiparams{'PROTOCOL'} eq 'tcp') {
966 print SERVERCONF "proto tcp-server\n";
967 print SERVERCONF "# Packet size\n";
d96c89eb 968 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
60f396d7 969 print SERVERCONF "tun-mtu $tunmtu\n";
d96c89eb 970 }
60f396d7
AH		 971
972 if ($cgiparams{'PROTOCOL'} eq 'udp') {
973 print SERVERCONF "proto udp\n";
974 print SERVERCONF "# Paketsize\n";
975 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
976 print SERVERCONF "tun-mtu $tunmtu\n";
54fd0535
MT		 977 if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";}
978 if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; };
d96c89eb 979 }
1647059d 980
60f396d7 981 print SERVERCONF "# Auth. Server\n";
ce9abb66
AH		 982 print SERVERCONF "tls-server\n";
983 print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
984 print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
985 print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
49abe7af 986 print SERVERCONF "dh ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}\n";
b278daf3 987 print SERVERCONF "# Cipher\n";
4c962356 988 print SERVERCONF "cipher $cgiparams{'DCIPHER'}\n";
52f61e49
EKD		 989
990 # If GCM cipher is used, do not use --auth
991 if (($cgiparams{'DCIPHER'} eq 'AES-256-GCM') ||
992 ($cgiparams{'DCIPHER'} eq 'AES-192-GCM') ||
993 ($cgiparams{'DCIPHER'} eq 'AES-128-GCM')) {
994 print SERVERCONF unless "# HMAC algorithm\n";
995 print SERVERCONF unless "auth $cgiparams{'DAUTH'}\n";
49abe7af 996 } else {
52f61e49
EKD		 997 print SERVERCONF "# HMAC algorithm\n";
998 print SERVERCONF "auth $cgiparams{'DAUTH'}\n";
49abe7af 999 }
52f61e49 1000
942446b5
EK		 1001 # Set TLSv1.2 as minimum
1002 print SERVERCONF "tls-version-min 1.2\n";
1003
ce9abb66 1004 if ($cgiparams{'COMPLZO'} eq 'on') {
60f396d7 1005 print SERVERCONF "# Enable Compression\n";
66298ef2 1006 print SERVERCONF "comp-lzo\n";
b278daf3 1007 }
60f396d7 1008 print SERVERCONF "# Debug Level\n";
ce9abb66 1009 print SERVERCONF "verb 3\n";
b278daf3 1010 print SERVERCONF "# Tunnel check\n";
ce9abb66 1011 print SERVERCONF "keepalive 10 60\n";
60f396d7 1012 print SERVERCONF "# Start as daemon\n";
ce9abb66
AH		 1013 print SERVERCONF "daemon $cgiparams{'NAME'}n2n\n";
1014 print SERVERCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n";
60f396d7 1015 print SERVERCONF "# Activate Management Interface and Port\n";
54fd0535
MT		 1016 if ($cgiparams{'OVPN_MGMT'} eq '') {print SERVERCONF "management localhost $cgiparams{'DEST_PORT'}\n"}
1017 else {print SERVERCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"};
ce9abb66
AH		 1018 close(SERVERCONF);
1019
1020}
1021
1022###
7c1d9faf 1023# m.a.d net2net
ce9abb66 1024###
7c1d9faf 1025
ce9abb66
AH		 1026if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client')
1027{
4c962356 1028
ce9abb66 1029 my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'});
54fd0535 1030 my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
ce9abb66 1031 my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
d96c89eb 1032 my $tunmtu = '';
54fd0535 1033
531f0835
AH		 1034unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
1035unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
ce9abb66
AH		 1036
1037 open(CLIENTCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
1038
1039 flock CLIENTCONF, 2;
7c1d9faf 1040 print CLIENTCONF "# IPFire rewritten n2n Open VPN Client Config by ummeegge und m.a.d\n";
ce9abb66 1041 print CLIENTCONF "#\n";
b278daf3 1042 print CLIENTCONF "# User Security\n";
ce9abb66
AH		 1043 print CLIENTCONF "user nobody\n";
1044 print CLIENTCONF "group nobody\n";
1045 print CLIENTCONF "persist-tun\n";
1046 print CLIENTCONF "persist-key\n";
7c1d9faf 1047 print CLIENTCONF "script-security 2\n";
60f396d7 1048 print CLIENTCONF "# IP/DNS for remote Server Gateway\n";
ce9abb66 1049 print CLIENTCONF "remote $cgiparams{'REMOTE'}\n";
b278daf3 1050 print CLIENTCONF "float\n";
60f396d7 1051 print CLIENTCONF "# IP adresses of the VPN Subnet\n";
ce9abb66 1052 print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n";
60f396d7 1053 print CLIENTCONF "# Server Gateway Network\n";
54fd0535 1054 print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";
2913185a 1055 print CLIENTCONF "up \"/etc/init.d/static-routes start\"\n";
60f396d7 1056 print CLIENTCONF "# tun Device\n";
ce9abb66 1057 print CLIENTCONF "dev tun\n";
35a21a25
AM		 1058 print CLIENTCONF "#Logfile for statistics\n";
1059 print CLIENTCONF "status-version 1\n";
1060 print CLIENTCONF "status /var/run/openvpn/$cgiparams{'NAME'}-n2n 10\n";
60f396d7 1061 print CLIENTCONF "# Port and Protokol\n";
ce9abb66 1062 print CLIENTCONF "port $cgiparams{'DEST_PORT'}\n";
60f396d7
AH		 1063
1064 if ($cgiparams{'PROTOCOL'} eq 'tcp') {
1065 print CLIENTCONF "proto tcp-client\n";
1066 print CLIENTCONF "# Packet size\n";
d96c89eb 1067 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
60f396d7 1068 print CLIENTCONF "tun-mtu $tunmtu\n";
d96c89eb 1069 }
60f396d7
AH		 1070
1071 if ($cgiparams{'PROTOCOL'} eq 'udp') {
1072 print CLIENTCONF "proto udp\n";
1073 print CLIENTCONF "# Paketsize\n";
1074 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
1075 print CLIENTCONF "tun-mtu $tunmtu\n";
54fd0535
MT		 1076 if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";}
1077 if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; };
d96c89eb 1078 }
1647059d 1079
b66b02ab
EK		 1080 # Check host certificate if X509 is RFC3280 compliant.
1081 # If not, old --ns-cert-type directive will be used.
1082 # If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
1083 my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
1084 if ($hostcert !~ /TLS Web Server Authentication/) {
1085 print CLIENTCONF "ns-cert-type server\n";
1086 } else {
1087 print CLIENTCONF "remote-cert-tls server\n";
1088 }
ce9abb66
AH		 1089 print CLIENTCONF "# Auth. Client\n";
1090 print CLIENTCONF "tls-client\n";
b278daf3 1091 print CLIENTCONF "# Cipher\n";
4c962356 1092 print CLIENTCONF "cipher $cgiparams{'DCIPHER'}\n";
ce9abb66 1093 print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n";
52f61e49
EKD		 1094
1095 # If GCM cipher is used, do not use --auth
1096 if (($cgiparams{'DCIPHER'} eq 'AES-256-GCM') ||
1097 ($cgiparams{'DCIPHER'} eq 'AES-192-GCM') ||
1098 ($cgiparams{'DCIPHER'} eq 'AES-128-GCM')) {
1099 print CLIENTCONF unless "# HMAC algorithm\n";
1100 print CLIENTCONF unless "auth $cgiparams{'DAUTH'}\n";
49abe7af 1101 } else {
52f61e49
EKD		 1102 print CLIENTCONF "# HMAC algorithm\n";
1103 print CLIENTCONF "auth $cgiparams{'DAUTH'}\n";
49abe7af 1104 }
52f61e49 1105
942446b5
EK		 1106 # Set TLSv1.2 as minimum
1107 print CLIENTCONF "tls-version-min 1.2\n";
1108
ce9abb66 1109 if ($cgiparams{'COMPLZO'} eq 'on') {
60f396d7 1110 print CLIENTCONF "# Enable Compression\n";
66298ef2 1111 print CLIENTCONF "comp-lzo\n";
4c962356 1112 }
ce9abb66
AH		 1113 print CLIENTCONF "# Debug Level\n";
1114 print CLIENTCONF "verb 3\n";
b278daf3 1115 print CLIENTCONF "# Tunnel check\n";
ce9abb66 1116 print CLIENTCONF "keepalive 10 60\n";
60f396d7 1117 print CLIENTCONF "# Start as daemon\n";
ce9abb66
AH		 1118 print CLIENTCONF "daemon $cgiparams{'NAME'}n2n\n";
1119 print CLIENTCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n";
60f396d7 1120 print CLIENTCONF "# Activate Management Interface and Port\n";
54fd0535
MT		 1121 if ($cgiparams{'OVPN_MGMT'} eq '') {print CLIENTCONF "management localhost $cgiparams{'DEST_PORT'}\n"}
1122 else {print CLIENTCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"};
ce9abb66 1123 close(CLIENTCONF);
c6c9630e 1124
ce9abb66 1125}
400c8afd 1126
6e13d0a5
MT		 1127###
1128### Save main settings
1129###
ce9abb66 1130
6e13d0a5
MT		 1131if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') {
1132 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
6e13d0a5
MT		 1133 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
1134 #DAN this value has to leave.
1135 if ($cgiparams{'ENABLED'} eq 'on'){
1136 unless (&General::validfqdn($cgiparams{'VPN_IP'}) || &General::validip($cgiparams{'VPN_IP'})) {
1137 $errormessage = $Lang::tr{'invalid input for hostname'};
c6c9630e 1138 goto SETTINGS_ERROR;
6e13d0a5
MT		 1139 }
1140 }
f7fb5bc5 1141
6e13d0a5 1142 if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) {
c6c9630e 1143 $errormessage = $Lang::tr{'ovpn subnet is invalid'};
4c962356 1144 goto SETTINGS_ERROR;
c6c9630e
MT		 1145 }
1146 my @tmpovpnsubnet = split("\/",$cgiparams{'DOVPN_SUBNET'});
1147
1148 if (&General::IpInSubnet ( $netsettings{'RED_ADDRESS'},
1149 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1150 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire RED Network $netsettings{'RED_ADDRESS'}";
1151 goto SETTINGS_ERROR;
1152 }
1153
1154 if (&General::IpInSubnet ( $netsettings{'GREEN_ADDRESS'},
1155 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1156 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Green Network $netsettings{'GREEN_ADDRESS'}";
1157 goto SETTINGS_ERROR;
1158 }
1159
1160 if (&General::IpInSubnet ( $netsettings{'BLUE_ADDRESS'},
1161 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1162 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Blue Network $netsettings{'BLUE_ADDRESS'}";
1163 goto SETTINGS_ERROR;
1164 }
1165
1166 if (&General::IpInSubnet ( $netsettings{'ORANGE_ADDRESS'},
1167 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1168 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Orange Network $netsettings{'ORANGE_ADDRESS'}";
1169 goto SETTINGS_ERROR;
1170 }
1171 open(ALIASES, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.';
1172 while (<ALIASES>)
1173 {
1174 chomp($_);
1175 my @tempalias = split(/\,/,$_);
1176 if ($tempalias[1] eq 'on') {
1177 if (&General::IpInSubnet ($tempalias[0] ,
1178 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1179 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire alias entry $tempalias[0]";
1180 }
1181 }
1182 }
1183 close(ALIASES);
6e13d0a5 1184 if ($errormessage ne ''){
c6c9630e 1185 goto SETTINGS_ERROR;
6e13d0a5
MT		 1186 }
1187 if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
1188 $errormessage = $Lang::tr{'invalid input'};
1189 goto SETTINGS_ERROR;
1190 }
1191 if ((length($cgiparams{'DMTU'})==0) || (($cgiparams{'DMTU'}) < 1000 )) {
1192 $errormessage = $Lang::tr{'invalid mtu input'};
1193 goto SETTINGS_ERROR;
1194 }
1195
1196 unless (&General::validport($cgiparams{'DDEST_PORT'})) {
c6c9630e
MT		 1197 $errormessage = $Lang::tr{'invalid port'};
1198 goto SETTINGS_ERROR;
6e13d0a5 1199 }
8c252e6a 1200
b21a6319
EK		 1201 # Create ta.key for tls-auth if not presant
1202 if ($cgiparams{'TLSAUTH'} eq 'on') {
1203 if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
1204 system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
1205 if ($?) {
1206 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1207 goto SETTINGS_ERROR;
1208 }
1209 }
1210 }
1211
6e13d0a5
MT		 1212 $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
1213 $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
1214 $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
1215 $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
1216#new settings for daemon
1217 $vpnsettings{'DOVPN_SUBNET'} = $cgiparams{'DOVPN_SUBNET'};
6e13d0a5
MT		 1218 $vpnsettings{'DPROTOCOL'} = $cgiparams{'DPROTOCOL'};
1219 $vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'};
1220 $vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
1221 $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
1222 $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
86308adb 1223 $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
0c4ffc69 1224 $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
3ffee04b
CS		 1225#wrtie enable
1226
1227 if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");}
1228 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_orange 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_orange 2>/dev/null");}
1229 if ( $vpnsettings{'ENABLED'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable 2>/dev/null");}
6e13d0a5
MT		 1230#new settings for daemon
1231 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
c6c9630e 1232 &writeserverconf();#hier ok
6e13d0a5
MT		 1233SETTINGS_ERROR:
1234###
1235### Reset all step 2
1236###
4c962356 1237}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'} && $cgiparams{'AREUSURE'} eq 'yes') {
6e13d0a5
MT		 1238 my $file = '';
1239 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1240
1e499e90
MT		 1241 # Kill all N2N connections
1242 system("/usr/local/bin/openvpnctrl -kn2n &>/dev/null");
1243
6e13d0a5 1244 foreach my $key (keys %confighash) {
2f36a7b4
MT		 1245 my $name = $confighash{$cgiparams{'$key'}}[1];
1246
c6c9630e
MT		 1247 if ($confighash{$key}[4] eq 'cert') {
1248 delete $confighash{$cgiparams{'$key'}};
1249 }
2f36a7b4 1250
8ae4010b 1251 system ("/usr/local/bin/openvpnctrl -drrd $name &>/dev/null");
6e13d0a5
MT		 1252 }
1253 while ($file = glob("${General::swroot}/ovpn/ca/*")) {
49abe7af 1254 unlink $file;
6e13d0a5
MT		 1255 }
1256 while ($file = glob("${General::swroot}/ovpn/certs/*")) {
49abe7af 1257 unlink $file;
6e13d0a5
MT		 1258 }
1259 while ($file = glob("${General::swroot}/ovpn/crls/*")) {
49abe7af 1260 unlink $file;
6e13d0a5 1261 }
4c962356 1262 &cleanssldatabase();
6e13d0a5
MT		 1263 if (open(FILE, ">${General::swroot}/ovpn/caconfig")) {
1264 print FILE "";
1265 close FILE;
1266 }
49abe7af
EK		 1267 if (open(FILE, ">${General::swroot}/ovpn/ccdroute")) {
1268 print FILE "";
1269 close FILE;
1270 }
1271 if (open(FILE, ">${General::swroot}/ovpn/ccdroute2")) {
1272 print FILE "";
1273 close FILE;
1274 }
1275 while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
1276 unlink $file
1277 }
5795fc1b
AM		 1278 while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
1279 unlink $file
1280 }
49abe7af
EK		 1281 if (open(FILE, ">${General::swroot}/ovpn/ovpn-leases.db")) {
1282 print FILE "";
1283 close FILE;
1284 }
1285 if (open(FILE, ">${General::swroot}/ovpn/ovpnconfig")) {
1286 print FILE "";
1287 close FILE;
1288 }
1289 while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) {
1290 system ("rm -rf $file");
1291 }
1292
2f36a7b4
MT		 1293 # Remove everything from the collectd configuration
1294 &writecollectdconf();
1295
c6c9630e 1296 #&writeserverconf();
6e13d0a5
MT		 1297###
1298### Reset all step 1
1299###
4c962356 1300}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'}) {
6e13d0a5 1301 &Header::showhttpheaders();
4c962356
EK		 1302 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
1303 &Header::openbigbox('100%', 'left', '', '');
1304 &Header::openbox('100%', 'left', $Lang::tr{'are you sure'});
1305 print <<END;
1306 <form method='post'>
1307 <table width='100%'>
1308 <tr>
1309 <td align='center'>
1310 <input type='hidden' name='AREUSURE' value='yes' />
49abe7af 1311 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
4c962356
EK		 1312 $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}</td>
1313 </tr>
1314 <tr>
1315 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' />
1316 <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td>
1317 </tr>
1318 </table>
1319 </form>
6e13d0a5
MT		 1320END
1321 ;
1322 &Header::closebox();
1323 &Header::closebigbox();
1324 &Header::closepage();
1325 exit (0);
1326
4c962356
EK		 1327###
1328### Generate DH key step 2
1329###
1330} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'} && $cgiparams{'AREUSURE'} eq 'yes') {
49abe7af 1331 # Delete if old key exists
4c962356
EK		 1332 if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
1333 unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
1334 }
1335 # Create Diffie Hellmann Parameter
badd8c1c 1336 system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
4c962356
EK		 1337 if ($?) {
1338 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1339 unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
1340 }
1341
1342###
1343### Generate DH key step 1
1344###
1345} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'}) {
1346 &Header::showhttpheaders();
1347 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
1348 &Header::openbigbox('100%', 'LEFT', '', '');
1349 &Header::openbox('100%', 'LEFT', "$Lang::tr{'gen dh'}:");
1350 print <<END;
1351 <table width='100%'>
1352 <tr>
f527e53f 1353 <td width='20%'> </td> <td width='15%'></td> <td width='65%'></td>
49abe7af 1354 </tr>
4c962356
EK		 1355 <tr>
1356 <td class='base'>$Lang::tr{'ovpn dh'}:</td>
1357 <td align='center'>
1358 <form method='post'><input type='hidden' name='AREUSURE' value='yes' />
1359 <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
1360 <select name='DHLENGHT'>
4c962356
EK		 1361 <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
1362 <option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
1363 <option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
1364 </select>
1365 </td>
1366 </tr>
1367 <tr><td colspan='4'><br></td></tr>
1368 </table>
1369 <table width='100%'>
1370 <tr>
49abe7af 1371 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}: </font></b>$Lang::tr{'dh key warn'}
4c962356 1372 </tr>
49abe7af
EK		 1373 <tr>
1374 <td class='base'>$Lang::tr{'dh key warn1'}</td>
1375 </tr>
1376 <tr><td colspan='2'><br></td></tr>
4c962356
EK		 1377 <tr>
1378 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
1379 </form>
1380 </tr>
1381 </table>
1382
1383END
1384 ;
1385 &Header::closebox();
1386 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1387 &Header::closebigbox();
1388 &Header::closepage();
1389 exit (0);
1390
1391###
1392### Upload DH key
1393###
1394} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload dh key'}) {
2ad1b18b 1395 unless (ref ($cgiparams{'FH'})) {
4c962356
EK		 1396 $errormessage = $Lang::tr{'there was no file upload'};
1397 goto UPLOADCA_ERROR;
1398 }
49abe7af 1399 # Move uploaded dh key to a temporary file
4c962356
EK		 1400 (my $fh, my $filename) = tempfile( );
1401 if (copy ($cgiparams{'FH'}, $fh) != 1) {
1402 $errormessage = $!;
49abe7af 1403 goto UPLOADCA_ERROR;
4c962356 1404 }
49abe7af 1405 my $temp = `/usr/bin/openssl dhparam -text -in $filename`;
400c8afd 1406 if ($temp !~ /DH Parameters: \((2048|3072|4096) bit\)/) {
4c962356
EK		 1407 $errormessage = $Lang::tr{'not a valid dh key'};
1408 unlink ($filename);
1409 goto UPLOADCA_ERROR;
1410 } else {
1411 # Delete if old key exists
1412 if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
1413 unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
1414 }
1415 move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
49abe7af
EK		 1416 if ($? ne 0) {
1417 $errormessage = "$Lang::tr{'dh key move failed'}: $!";
1418 unlink ($filename);
1419 goto UPLOADCA_ERROR;
1420 }
4c962356
EK		 1421 }
1422
6e13d0a5
MT		 1423###
1424### Upload CA Certificate
1425###
1426} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload ca certificate'}) {
1427 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1428
1429 if ($cgiparams{'CA_NAME'} !~ /^[a-zA-Z0-9]+$/) {
1430 $errormessage = $Lang::tr{'name must only contain characters'};
1431 goto UPLOADCA_ERROR;
1432 }
1433
1434 if (length($cgiparams{'CA_NAME'}) >60) {
1435 $errormessage = $Lang::tr{'name too long'};
1436 goto VPNCONF_ERROR;
1437 }
1438
1439 if ($cgiparams{'CA_NAME'} eq 'ca') {
1440 $errormessage = $Lang::tr{'name is invalid'};
4c962356 1441 goto UPLOADCA_ERROR;
6e13d0a5
MT		 1442 }
1443
1444 # Check if there is no other entry with this name
1445 foreach my $key (keys %cahash) {
c6c9630e
MT		 1446 if ($cahash{$key}[0] eq $cgiparams{'CA_NAME'}) {
1447 $errormessage = $Lang::tr{'a ca certificate with this name already exists'};
1448 goto UPLOADCA_ERROR;
1449 }
6e13d0a5
MT		 1450 }
1451
2ad1b18b 1452 unless (ref ($cgiparams{'FH'})) {
c6c9630e
MT		 1453 $errormessage = $Lang::tr{'there was no file upload'};
1454 goto UPLOADCA_ERROR;
6e13d0a5
MT		 1455 }
1456 # Move uploaded ca to a temporary file
1457 (my $fh, my $filename) = tempfile( );
1458 if (copy ($cgiparams{'FH'}, $fh) != 1) {
c6c9630e
MT		 1459 $errormessage = $!;
1460 goto UPLOADCA_ERROR;
6e13d0a5
MT		 1461 }
1462 my $temp = `/usr/bin/openssl x509 -text -in $filename`;
c6c9630e
MT		 1463 if ($temp !~ /CA:TRUE/i) {
1464 $errormessage = $Lang::tr{'not a valid ca certificate'};
1465 unlink ($filename);
1466 goto UPLOADCA_ERROR;
6e13d0a5 1467 } else {
c6c9630e
MT		 1468 move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem");
1469 if ($? ne 0) {
1470 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1471 unlink ($filename);
1472 goto UPLOADCA_ERROR;
1473 }
6e13d0a5
MT		 1474 }
1475
1476 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem`;
1477 $casubject =~ /Subject: (.*)[\n]/;
1478 $casubject = $1;
1479 $casubject =~ s+/Email+, E+;
1480 $casubject =~ s/ ST=/ S=/;
1481 $casubject = &Header::cleanhtml($casubject);
1482
1483 my $key = &General::findhasharraykey (\%cahash);
1484 $cahash{$key}[0] = $cgiparams{'CA_NAME'};
1485 $cahash{$key}[1] = $casubject;
1486 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
c6c9630e
MT		 1487# system('/usr/local/bin/ipsecctrl', 'R');
1488
6e13d0a5
MT		 1489 UPLOADCA_ERROR:
1490
1491###
1492### Display ca certificate
1493###
1494} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show ca certificate'}) {
c6c9630e
MT		 1495 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1496
1497 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem") {
1498 &Header::showhttpheaders();
4c962356 1499 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
c6c9630e
MT		 1500 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
1501 &Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:");
1502 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
1503 $output = &Header::cleanhtml($output,"y");
1504 print "<pre>$output</pre>\n";
1505 &Header::closebox();
1506 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1507 &Header::closebigbox();
1508 &Header::closepage();
1509 exit(0);
1510 } else {
1511 $errormessage = $Lang::tr{'invalid key'};
1512 }
1513
6e13d0a5
MT		 1514###
1515### Download ca certificate
1516###
1517} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download ca certificate'}) {
1518 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1519
1520 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1521 print "Content-Type: application/octet-stream\r\n";
1522 print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
1523 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
1524 exit(0);
1525 } else {
1526 $errormessage = $Lang::tr{'invalid key'};
1527 }
1528
1529###
1530### Remove ca certificate (step 2)
1531###
1532} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'} && $cgiparams{'AREUSURE'} eq 'yes') {
1533 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1534 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1535
1536 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1537 foreach my $key (keys %confighash) {
1538 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
1539 if ($test =~ /: OK/) {
c6c9630e
MT		 1540 # Delete connection
1541# if ($vpnsettings{'ENABLED'} eq 'on' ||
1542# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
1543# system('/usr/local/bin/ipsecctrl', 'D', $key);
1544# }
6e13d0a5
MT		 1545 unlink ("${General::swroot}/ovpn//certs/$confighash{$key}[1]cert.pem");
1546 unlink ("${General::swroot}/ovpn/certs/$confighash{$key}[1].p12");
1547 delete $confighash{$key};
1548 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 1549# &writeipsecfiles();
6e13d0a5
MT		 1550 }
1551 }
1552 unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
1553 delete $cahash{$cgiparams{'KEY'}};
1554 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
c6c9630e 1555# system('/usr/local/bin/ipsecctrl', 'R');
6e13d0a5
MT		 1556 } else {
1557 $errormessage = $Lang::tr{'invalid key'};
1558 }
1559###
1560### Remove ca certificate (step 1)
1561###
1562} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'}) {
1563 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1564 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1565
1566 my $assignedcerts = 0;
1567 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1568 foreach my $key (keys %confighash) {
1569 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
1570 if ($test =~ /: OK/) {
1571 $assignedcerts++;
1572 }
1573 }
1574 if ($assignedcerts) {
1575 &Header::showhttpheaders();
4c962356 1576 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
6e13d0a5
MT		 1577 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
1578 &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'});
4c962356 1579 print <<END;
6e13d0a5
MT		 1580 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
1581 <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
1582 <tr><td align='center'>
1583 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>: $assignedcerts
1584 $Lang::tr{'connections are associated with this ca. deleting the ca will delete these connections as well.'}
1585 <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
1586 <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td></tr>
1587 </form></table>
1588END
1589 ;
1590 &Header::closebox();
1591 &Header::closebigbox();
1592 &Header::closepage();
1593 exit (0);
1594 } else {
1595 unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
1596 delete $cahash{$cgiparams{'KEY'}};
1597 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1598# system('/usr/local/bin/ipsecctrl', 'R');
1599 }
1600 } else {
1601 $errormessage = $Lang::tr{'invalid key'};
1602 }
1603
1604###
1605### Display root certificate
1606###
c6c9630e
MT		 1607}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} ||
1608 $cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
1609 my $output;
1610 &Header::showhttpheaders();
4c962356 1611 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
c6c9630e
MT		 1612 &Header::openbigbox('100%', 'LEFT', '', '');
1613 if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
1614 &Header::openbox('100%', 'LEFT', "$Lang::tr{'root certificate'}:");
1615 $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
1616 } else {
1617 &Header::openbox('100%', 'LEFT', "$Lang::tr{'host certificate'}:");
1618 $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
1619 }
1620 $output = &Header::cleanhtml($output,"y");
1621 print "<pre>$output</pre>\n";
1622 &Header::closebox();
1623 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1624 &Header::closebigbox();
1625 &Header::closepage();
1626 exit(0);
1627
6e13d0a5
MT		 1628###
1629### Download root certificate
1630###
1631}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download root certificate'}) {
1632 if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
1633 print "Content-Type: application/octet-stream\r\n";
1634 print "Content-Disposition: filename=cacert.pem\r\n\r\n";
1635 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/cacert.pem`;
1636 exit(0);
1637 }
1638
1639###
1640### Download host certificate
1641###
1642}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download host certificate'}) {
1643 if ( -f "${General::swroot}/ovpn/certs/servercert.pem" ) {
1644 print "Content-Type: application/octet-stream\r\n";
1645 print "Content-Disposition: filename=servercert.pem\r\n\r\n";
1646 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem`;
1647 exit(0);
1648 }
f7fb5bc5 1649
fd5ccb2d
EK		 1650###
1651### Download tls-auth key
1652###
1653}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download tls-auth key'}) {
1654 if ( -f "${General::swroot}/ovpn/certs/ta.key" ) {
1655 print "Content-Type: application/octet-stream\r\n";
1656 print "Content-Disposition: filename=ta.key\r\n\r\n";
1657 print `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
1658 exit(0);
1659 }
1660
6e13d0a5
MT		 1661###
1662### Form for generating a root certificate
1663###
1664}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate root/host certificates'} ||
1665 $cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
1666
1667 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1668 if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
1669 $errormessage = $Lang::tr{'valid root certificate already exists'};
1670 $cgiparams{'ACTION'} = '';
1671 goto ROOTCERT_ERROR;
1672 }
1673
1674 if (($cgiparams{'ROOTCERT_HOSTNAME'} eq '') && -e "${General::swroot}/red/active") {
1675 if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
1676 my $ipaddr = <IPADDR>;
1677 close IPADDR;
1678 chomp ($ipaddr);
1679 $cgiparams{'ROOTCERT_HOSTNAME'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
1680 if ($cgiparams{'ROOTCERT_HOSTNAME'} eq '') {
1681 $cgiparams{'ROOTCERT_HOSTNAME'} = $ipaddr;
1682 }
1683 }
1684 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
2ad1b18b 1685 unless (ref ($cgiparams{'FH'})) {
6e13d0a5
MT		 1686 $errormessage = $Lang::tr{'there was no file upload'};
1687 goto ROOTCERT_ERROR;
1688 }
1689
1690 # Move uploaded certificate request to a temporary file
1691 (my $fh, my $filename) = tempfile( );
1692 if (copy ($cgiparams{'FH'}, $fh) != 1) {
1693 $errormessage = $!;
1694 goto ROOTCERT_ERROR;
1695 }
1696
1697 # Create a temporary dirctory
1698 my $tempdir = tempdir( CLEANUP => 1 );
1699
1700 # Extract the CA certificate from the file
1701 my $pid = open(OPENSSL, "|-");
1702 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1703 if ($pid) { # parent
1704 if ($cgiparams{'P12_PASS'} ne '') {
1705 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1706 }
1707 close (OPENSSL);
1708 if ($?) {
1709 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1710 unlink ($filename);
1711 goto ROOTCERT_ERROR;
1712 }
1713 } else { # child
1714 unless (exec ('/usr/bin/openssl', 'pkcs12', '-cacerts', '-nokeys',
1715 '-in', $filename,
1716 '-out', "$tempdir/cacert.pem")) {
1717 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1718 unlink ($filename);
1719 goto ROOTCERT_ERROR;
1720 }
1721 }
1722
1723 # Extract the Host certificate from the file
1724 $pid = open(OPENSSL, "|-");
1725 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1726 if ($pid) { # parent
1727 if ($cgiparams{'P12_PASS'} ne '') {
1728 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1729 }
1730 close (OPENSSL);
1731 if ($?) {
1732 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1733 unlink ($filename);
1734 goto ROOTCERT_ERROR;
1735 }
1736 } else { # child
1737 unless (exec ('/usr/bin/openssl', 'pkcs12', '-clcerts', '-nokeys',
1738 '-in', $filename,
1739 '-out', "$tempdir/hostcert.pem")) {
1740 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1741 unlink ($filename);
1742 goto ROOTCERT_ERROR;
1743 }
1744 }
1745
1746 # Extract the Host key from the file
1747 $pid = open(OPENSSL, "|-");
1748 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1749 if ($pid) { # parent
1750 if ($cgiparams{'P12_PASS'} ne '') {
1751 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1752 }
1753 close (OPENSSL);
1754 if ($?) {
1755 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1756 unlink ($filename);
1757 goto ROOTCERT_ERROR;
1758 }
1759 } else { # child
1760 unless (exec ('/usr/bin/openssl', 'pkcs12', '-nocerts',
1761 '-nodes',
1762 '-in', $filename,
1763 '-out', "$tempdir/serverkey.pem")) {
1764 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1765 unlink ($filename);
1766 goto ROOTCERT_ERROR;
1767 }
1768 }
1769
1770 move("$tempdir/cacert.pem", "${General::swroot}/ovpn/ca/cacert.pem");
1771 if ($? ne 0) {
1772 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1773 unlink ($filename);
1774 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1775 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1776 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1777 goto ROOTCERT_ERROR;
1778 }
1779
1780 move("$tempdir/hostcert.pem", "${General::swroot}/ovpn/certs/servercert.pem");
1781 if ($? ne 0) {
1782 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1783 unlink ($filename);
1784 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1785 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1786 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1787 goto ROOTCERT_ERROR;
1788 }
1789
1790 move("$tempdir/serverkey.pem", "${General::swroot}/ovpn/certs/serverkey.pem");
1791 if ($? ne 0) {
1792 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1793 unlink ($filename);
1794 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1795 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1796 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1797 goto ROOTCERT_ERROR;
1798 }
1799
1800 goto ROOTCERT_SUCCESS;
1801
1802 } elsif ($cgiparams{'ROOTCERT_COUNTRY'} ne '') {
1803
1804 # Validate input since the form was submitted
1805 if ($cgiparams{'ROOTCERT_ORGANIZATION'} eq ''){
1806 $errormessage = $Lang::tr{'organization cant be empty'};
1807 goto ROOTCERT_ERROR;
1808 }
1809 if (length($cgiparams{'ROOTCERT_ORGANIZATION'}) >60) {
1810 $errormessage = $Lang::tr{'organization too long'};
1811 goto ROOTCERT_ERROR;
1812 }
1813 if ($cgiparams{'ROOTCERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1814 $errormessage = $Lang::tr{'invalid input for organization'};
1815 goto ROOTCERT_ERROR;
1816 }
1817 if ($cgiparams{'ROOTCERT_HOSTNAME'} eq ''){
1818 $errormessage = $Lang::tr{'hostname cant be empty'};
1819 goto ROOTCERT_ERROR;
1820 }
1821 unless (&General::validfqdn($cgiparams{'ROOTCERT_HOSTNAME'}) || &General::validip($cgiparams{'ROOTCERT_HOSTNAME'})) {
1822 $errormessage = $Lang::tr{'invalid input for hostname'};
1823 goto ROOTCERT_ERROR;
1824 }
1825 if ($cgiparams{'ROOTCERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'ROOTCERT_EMAIL'}))) {
1826 $errormessage = $Lang::tr{'invalid input for e-mail address'};
1827 goto ROOTCERT_ERROR;
1828 }
1829 if (length($cgiparams{'ROOTCERT_EMAIL'}) > 40) {
1830 $errormessage = $Lang::tr{'e-mail address too long'};
1831 goto ROOTCERT_ERROR;
1832 }
1833 if ($cgiparams{'ROOTCERT_OU'} ne '' && $cgiparams{'ROOTCERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1834 $errormessage = $Lang::tr{'invalid input for department'};
1835 goto ROOTCERT_ERROR;
1836 }
1837 if ($cgiparams{'ROOTCERT_CITY'} ne '' && $cgiparams{'ROOTCERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1838 $errormessage = $Lang::tr{'invalid input for city'};
1839 goto ROOTCERT_ERROR;
1840 }
1841 if ($cgiparams{'ROOTCERT_STATE'} ne '' && $cgiparams{'ROOTCERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1842 $errormessage = $Lang::tr{'invalid input for state or province'};
1843 goto ROOTCERT_ERROR;
1844 }
1845 if ($cgiparams{'ROOTCERT_COUNTRY'} !~ /^[A-Z]*$/) {
1846 $errormessage = $Lang::tr{'invalid input for country'};
1847 goto ROOTCERT_ERROR;
1848 }
1849
1850 # Copy the cgisettings to vpnsettings and save the configfile
1851 $vpnsettings{'ROOTCERT_ORGANIZATION'} = $cgiparams{'ROOTCERT_ORGANIZATION'};
1852 $vpnsettings{'ROOTCERT_HOSTNAME'} = $cgiparams{'ROOTCERT_HOSTNAME'};
1853 $vpnsettings{'ROOTCERT_EMAIL'} = $cgiparams{'ROOTCERT_EMAIL'};
1854 $vpnsettings{'ROOTCERT_OU'} = $cgiparams{'ROOTCERT_OU'};
1855 $vpnsettings{'ROOTCERT_CITY'} = $cgiparams{'ROOTCERT_CITY'};
1856 $vpnsettings{'ROOTCERT_STATE'} = $cgiparams{'ROOTCERT_STATE'};
1857 $vpnsettings{'ROOTCERT_COUNTRY'} = $cgiparams{'ROOTCERT_COUNTRY'};
1858 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
1859
1860 # Replace empty strings with a .
1861 (my $ou = $cgiparams{'ROOTCERT_OU'}) =~ s/^\s*$/\./;
1862 (my $city = $cgiparams{'ROOTCERT_CITY'}) =~ s/^\s*$/\./;
1863 (my $state = $cgiparams{'ROOTCERT_STATE'}) =~ s/^\s*$/\./;
1864
1865 # refresh
c6c9630e 1866 #system ('/bin/touch', "${General::swroot}/ovpn/gencanow");
6e13d0a5
MT		 1867
1868 # Create the CA certificate
1869 my $pid = open(OPENSSL, "|-");
1870 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1871 if ($pid) { # parent
1872 print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n";
1873 print OPENSSL "$state\n";
1874 print OPENSSL "$city\n";
1875 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n";
1876 print OPENSSL "$ou\n";
1877 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'} CA\n";
1878 print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n";
1879 close (OPENSSL);
1880 if ($?) {
1881 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1882 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1883 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1884 goto ROOTCERT_ERROR;
1885 }
1886 } else { # child
badd8c1c 1887 unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes',
49abe7af 1888 '-days', '999999', '-newkey', 'rsa:4096', '-sha512',
6e13d0a5
MT		 1889 '-keyout', "${General::swroot}/ovpn/ca/cakey.pem",
1890 '-out', "${General::swroot}/ovpn/ca/cacert.pem",
1891 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
1892 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1893 goto ROOTCERT_ERROR;
1894 }
1895 }
1896
1897 # Create the Host certificate request
1898 $pid = open(OPENSSL, "|-");
1899 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1900 if ($pid) { # parent
1901 print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n";
1902 print OPENSSL "$state\n";
1903 print OPENSSL "$city\n";
1904 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n";
1905 print OPENSSL "$ou\n";
1906 print OPENSSL "$cgiparams{'ROOTCERT_HOSTNAME'}\n";
1907 print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n";
1908 print OPENSSL ".\n";
1909 print OPENSSL ".\n";
1910 close (OPENSSL);
1911 if ($?) {
1912 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1913 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1914 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1915 goto ROOTCERT_ERROR;
1916 }
1917 } else { # child
badd8c1c 1918 unless (exec ('/usr/bin/openssl', 'req', '-nodes',
4c962356 1919 '-newkey', 'rsa:2048',
6e13d0a5
MT		 1920 '-keyout', "${General::swroot}/ovpn/certs/serverkey.pem",
1921 '-out', "${General::swroot}/ovpn/certs/serverreq.pem",
1922 '-extensions', 'server',
1923 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
1924 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1925 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1926 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1927 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1928 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1929 goto ROOTCERT_ERROR;
1930 }
1931 }
1932
1933 # Sign the host certificate request
1934 system('/usr/bin/openssl', 'ca', '-days', '999999',
1935 '-batch', '-notext',
1936 '-in', "${General::swroot}/ovpn/certs/serverreq.pem",
1937 '-out', "${General::swroot}/ovpn/certs/servercert.pem",
1938 '-extensions', 'server',
1939 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf");
1940 if ($?) {
1941 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1942 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1943 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1944 unlink ("${General::swroot}/ovpn/serverkey.pem");
1945 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1946 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
c6c9630e 1947 &newcleanssldatabase();
6e13d0a5
MT		 1948 goto ROOTCERT_ERROR;
1949 } else {
1950 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
c6c9630e 1951 &deletebackupcert();
6e13d0a5
MT		 1952 }
1953
1954 # Create an empty CRL
1955 system('/usr/bin/openssl', 'ca', '-gencrl',
1956 '-out', "${General::swroot}/ovpn/crls/cacrl.pem",
1957 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" );
1958 if ($?) {
1959 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1960 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1961 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1962 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1963 unlink ("${General::swroot}/ovpn/crls/cacrl.pem");
c6c9630e 1964 &cleanssldatabase();
6e13d0a5 1965 goto ROOTCERT_ERROR;
c6c9630e
MT		 1966# } else {
1967# &cleanssldatabase();
6e13d0a5 1968 }
ae04d0a3
EK		 1969 # Create ta.key for tls-auth
1970 system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
1971 if ($?) {
1972 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1973 &cleanssldatabase();
1974 goto ROOTCERT_ERROR;
1975 }
6e13d0a5 1976 # Create Diffie Hellmann Parameter
badd8c1c 1977 system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
6e13d0a5
MT		 1978 if ($?) {
1979 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1980 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1981 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1982 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1983 unlink ("${General::swroot}/ovpn/crls/cacrl.pem");
1984 unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
c6c9630e 1985 &cleanssldatabase();
6e13d0a5 1986 goto ROOTCERT_ERROR;
c6c9630e
MT		 1987# } else {
1988# &cleanssldatabase();
4be45949 1989 }
6e13d0a5
MT		 1990 goto ROOTCERT_SUCCESS;
1991 }
1992 ROOTCERT_ERROR:
1993 if ($cgiparams{'ACTION'} ne '') {
1994 &Header::showhttpheaders();
4c962356 1995 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
6e13d0a5
MT		 1996 &Header::openbigbox('100%', 'LEFT', '', '');
1997 if ($errormessage) {
1998 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
1999 print "<class name='base'>$errormessage";
2000 print "&nbsp;</class>";
2001 &Header::closebox();
2002 }
2003 &Header::openbox('100%', 'LEFT', "$Lang::tr{'generate root/host certificates'}:");
49abe7af 2004 print <<END;
6e13d0a5
MT		 2005 <form method='post' enctype='multipart/form-data'>
2006 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
e3edceeb 2007 <tr><td width='30%' class='base'>$Lang::tr{'organization name'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
6e13d0a5
MT		 2008 <td width='35%' class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_ORGANIZATION' value='$cgiparams{'ROOTCERT_ORGANIZATION'}' size='32' /></td>
2009 <td width='35%' colspan='2'>&nbsp;</td></tr>
e3edceeb 2010 <tr><td class='base'>$Lang::tr{'ipfires hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
6e13d0a5
MT		 2011 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_HOSTNAME' value='$cgiparams{'ROOTCERT_HOSTNAME'}' size='32' /></td>
2012 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2013 <tr><td class='base'>$Lang::tr{'your e-mail'}:</td>
6e13d0a5
MT		 2014 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_EMAIL' value='$cgiparams{'ROOTCERT_EMAIL'}' size='32' /></td>
2015 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2016 <tr><td class='base'>$Lang::tr{'your department'}:</td>
6e13d0a5
MT		 2017 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_OU' value='$cgiparams{'ROOTCERT_OU'}' size='32' /></td>
2018 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2019 <tr><td class='base'>$Lang::tr{'city'}:</td>
6e13d0a5
MT		 2020 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_CITY' value='$cgiparams{'ROOTCERT_CITY'}' size='32' /></td>
2021 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2022 <tr><td class='base'>$Lang::tr{'state or province'}:</td>
6e13d0a5
MT		 2023 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_STATE' value='$cgiparams{'ROOTCERT_STATE'}' size='32' /></td>
2024 <td colspan='2'>&nbsp;</td></tr>
2025 <tr><td class='base'>$Lang::tr{'country'}:</td>
2026 <td class='base'><select name='ROOTCERT_COUNTRY'>
2027
2028END
2029 ;
2030 foreach my $country (sort keys %{Countries::countries}) {
2031 print "<option value='$Countries::countries{$country}'";
2032 if ( $Countries::countries{$country} eq $cgiparams{'ROOTCERT_COUNTRY'} ) {
2033 print " selected='selected'";
2034 }
2035 print ">$country</option>";
2036 }
49abe7af 2037 print <<END;
6e13d0a5 2038 </select></td>
4c962356
EK		 2039 <tr><td class='base'>$Lang::tr{'ovpn dh'}:</td>
2040 <td class='base'><select name='DHLENGHT'>
4c962356
EK		 2041 <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
2042 <option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
2043 <option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
2044 </select>
2045 </td>
2046 </tr>
2047
6e13d0a5
MT		 2048 <tr><td>&nbsp;</td>
2049 <td><input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' /></td>
2050 <td>&nbsp;</td><td>&nbsp;</td></tr>
2051 <tr><td class='base' colspan='4' align='left'>
e3edceeb 2052 <img src='/blob.gif' valign='top' alt='*' />&nbsp;$Lang::tr{'required field'}</td></tr>
49abe7af
EK		 2053 <tr><td colspan='2'><br></td></tr>
2054 <table width='100%'>
2055 <tr>
2056 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}: </font></b>$Lang::tr{'ovpn generating the root and host certificates'}
2057 <td class='base'>$Lang::tr{'dh key warn'}</td>
4c962356 2058 </tr>
49abe7af
EK		 2059 <tr>
2060 <td class='base'>$Lang::tr{'dh key warn1'}</td>
4c962356 2061 </tr>
49abe7af
EK		 2062 <tr><td colspan='2'><br></td></tr>
2063 <tr>
2064 </table>
4c962356 2065
49abe7af 2066 <table width='100%'>
4c962356 2067 <tr><td colspan='4'><hr></td></tr>
e3edceeb 2068 <tr><td class='base' nowrap='nowrap'>$Lang::tr{'upload p12 file'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
6e13d0a5
MT		 2069 <td nowrap='nowrap'><input type='file' name='FH' size='32'></td>
2070 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2071 <tr><td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
6e13d0a5
MT		 2072 <td class='base' nowrap='nowrap'><input type='password' name='P12_PASS' value='$cgiparams{'P12_PASS'}' size='32' /></td>
2073 <td colspan='2'>&nbsp;</td></tr>
2074 <tr><td>&nbsp;</td>
2075 <td><input type='submit' name='ACTION' value='$Lang::tr{'upload p12 file'}' /></td>
2076 <td colspan='2'>&nbsp;</td></tr>
2077 <tr><td class='base' colspan='4' align='left'>
e3edceeb 2078 <img src='/blob.gif' valign='top' alt='*' >&nbsp;$Lang::tr{'required field'}</td>
4c962356 2079 </tr>
6e13d0a5
MT		 2080 </form></table>
2081END
2082 ;
2083 &Header::closebox();
4c962356 2084 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
6e13d0a5
MT		 2085 &Header::closebigbox();
2086 &Header::closepage();
2087 exit(0)
2088 }
2089
2090 ROOTCERT_SUCCESS:
2091 system ("chmod 600 ${General::swroot}/ovpn/certs/serverkey.pem");
c6c9630e
MT		 2092# if ($vpnsettings{'ENABLED'} eq 'on' ||
2093# $vpnsettings{'ENABLE_BLUE'} eq 'on') {
2094# system('/usr/local/bin/ipsecctrl', 'S');
2095# }
6e13d0a5
MT		 2096
2097###
2098### Enable/Disable connection
2099###
ce9abb66
AH		 2100
2101###
7c1d9faf 2102# m.a.d net2net
ce9abb66
AH		 2103###
2104
6e13d0a5 2105}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
c6c9630e
MT		 2106
2107 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
6e13d0a5 2108 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66
AH		 2109# my $n2nactive = '';
2110 my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk \'{print \$1}\'`;
2111
6e13d0a5 2112 if ($confighash{$cgiparams{'KEY'}}) {
8c877a82
AM		 2113 if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
2114 $confighash{$cgiparams{'KEY'}}[0] = 'on';
2115 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66 2116
8c877a82 2117 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
775b4494
AM		 2118 system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
2119 &writecollectdconf();
8c877a82
AM		 2120 }
2121 } else {
ce9abb66 2122
8c877a82
AM		 2123 $confighash{$cgiparams{'KEY'}}[0] = 'off';
2124 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66 2125
8c877a82 2126 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
775b4494
AM		 2127 if ($n2nactive ne '') {
2128 system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
2129 &writecollectdconf();
2130 }
ce9abb66 2131
8c877a82 2132 } else {
775b4494 2133 $errormessage = $Lang::tr{'invalid key'};
8c877a82 2134 }
775b4494 2135 }
ce9abb66 2136 }
6e13d0a5
MT		 2137
2138###
2139### Download OpenVPN client package
2140###
ce9abb66
AH		 2141
2142
6e13d0a5
MT		 2143} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'dl client arch'}) {
2144 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2145 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2146 my $file = '';
2147 my $clientovpn = '';
2148 my @fileholder;
2149 my $tempdir = tempdir( CLEANUP => 1 );
2150 my $zippath = "$tempdir/";
ce9abb66
AH		 2151
2152###
7c1d9faf
AH		 2153# m.a.d net2net
2154###
ce9abb66
AH		 2155
2156if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
2157
2158 my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-Client.zip";
2159 my $zippathname = "$zippath$zipname";
2160 $clientovpn = "$confighash{$cgiparams{'KEY'}}[1].conf";
2161 my @ovsubnettemp = split(/\./,$confighash{$cgiparams{'KEY'}}[27]);
54fd0535 2162 my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
ce9abb66 2163 my $tunmtu = '';
7c1d9faf 2164 my @remsubnet = split(/\//,$confighash{$cgiparams{'KEY'}}[8]);
54fd0535 2165 my $n2nfragment = '';
ce9abb66
AH		 2166
2167 open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
2168 flock CLIENTCONF, 2;
2169
2170 my $zip = Archive::Zip->new();
7c1d9faf 2171 print CLIENTCONF "# IPFire n2n Open VPN Client Config by ummeegge und m.a.d\n";
ce9abb66 2172 print CLIENTCONF "# \n";
b278daf3 2173 print CLIENTCONF "# User Security\n";
ce9abb66
AH		 2174 print CLIENTCONF "user nobody\n";
2175 print CLIENTCONF "group nobody\n";
2176 print CLIENTCONF "persist-tun\n";
2177 print CLIENTCONF "persist-key\n";
7c1d9faf 2178 print CLIENTCONF "script-security 2\n";
60f396d7 2179 print CLIENTCONF "# IP/DNS for remote Server Gateway\n";
531f0835 2180 print CLIENTCONF "remote $vpnsettings{'VPN_IP'}\n";
b278daf3 2181 print CLIENTCONF "float\n";
60f396d7 2182 print CLIENTCONF "# IP adresses of the VPN Subnet\n";
ce9abb66 2183 print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n";
b278daf3 2184 print CLIENTCONF "# Server Gateway Network\n";
7c1d9faf 2185 print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";
b278daf3 2186 print CLIENTCONF "# tun Device\n";
79e7688b 2187 print CLIENTCONF "dev tun\n";
35a21a25
AM		 2188 print CLIENTCONF "#Logfile for statistics\n";
2189 print CLIENTCONF "status-version 1\n";
2190 print CLIENTCONF "status /var/run/openvpn/$cgiparams{'NAME'}-n2n 10\n";
60f396d7 2191 print CLIENTCONF "# Port and Protokoll\n";
ce9abb66 2192 print CLIENTCONF "port $confighash{$cgiparams{'KEY'}}[29]\n";
60f396d7
AH		 2193
2194 if ($confighash{$cgiparams{'KEY'}}[28] eq 'tcp') {
2195 print CLIENTCONF "proto tcp-client\n";
2196 print CLIENTCONF "# Packet size\n";
d96c89eb 2197 if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1400'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
60f396d7 2198 print CLIENTCONF "tun-mtu $tunmtu\n";
d96c89eb 2199 }
60f396d7
AH		 2200
2201 if ($confighash{$cgiparams{'KEY'}}[28] eq 'udp') {
2202 print CLIENTCONF "proto udp\n";
2203 print CLIENTCONF "# Paketsize\n";
2204 if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1500'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
2205 print CLIENTCONF "tun-mtu $tunmtu\n";
54fd0535 2206 if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";}
60f396d7 2207 if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";}
d96c89eb 2208 }
b66b02ab
EK		 2209 # Check host certificate if X509 is RFC3280 compliant.
2210 # If not, old --ns-cert-type directive will be used.
2211 # If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
2212 my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
2213 if ($hostcert !~ /TLS Web Server Authentication/) {
2214 print CLIENTCONF "ns-cert-type server\n";
2215 } else {
2216 print CLIENTCONF "remote-cert-tls server\n";
2217 }
ce9abb66
AH		 2218 print CLIENTCONF "# Auth. Client\n";
2219 print CLIENTCONF "tls-client\n";
49abe7af 2220 print CLIENTCONF "# Cipher\n";
4c962356 2221 print CLIENTCONF "cipher $confighash{$cgiparams{'KEY'}}[40]\n";
ce9abb66
AH		 2222 if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
2223 print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n";
2224 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
49abe7af 2225 }
52f61e49
EKD		 2226
2227 # If GCM cipher is used, do not use --auth
2228 if (($confighash{$cgiparams{'KEY'}}[40] eq 'AES-256-GCM') ||
2229 ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-192-GCM') ||
2230 ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-128-GCM')) {
2231 print CLIENTCONF unless "# HMAC algorithm\n";
2232 print CLIENTCONF unless "auth $confighash{$cgiparams{'KEY'}}[39]\n";
49abe7af 2233 } else {
52f61e49
EKD		 2234 print CLIENTCONF "# HMAC algorithm\n";
2235 print CLIENTCONF "auth $confighash{$cgiparams{'KEY'}}[39]\n";
49abe7af 2236 }
52f61e49 2237
4c962356 2238 if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') {
b278daf3 2239 print CLIENTCONF "# Enable Compression\n";
66298ef2 2240 print CLIENTCONF "comp-lzo\n";
b278daf3 2241 }
ce9abb66
AH		 2242 print CLIENTCONF "# Debug Level\n";
2243 print CLIENTCONF "verb 3\n";
b278daf3 2244 print CLIENTCONF "# Tunnel check\n";
ce9abb66 2245 print CLIENTCONF "keepalive 10 60\n";
b278daf3 2246 print CLIENTCONF "# Start as daemon\n";
ce9abb66
AH		 2247 print CLIENTCONF "daemon $confighash{$cgiparams{'KEY'}}[1]n2n\n";
2248 print CLIENTCONF "writepid /var/run/$confighash{$cgiparams{'KEY'}}[1]n2n.pid\n";
b278daf3 2249 print CLIENTCONF "# Activate Management Interface and Port\n";
54fd0535
MT		 2250 if ($confighash{$cgiparams{'KEY'}}[22] eq '') {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[29]\n"}
2251 else {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[22]\n"};
ce9abb66 2252 print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n";
531f0835 2253
ce9abb66
AH		 2254
2255 close(CLIENTCONF);
2256
2257 $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
2258 my $status = $zip->writeToFileNamed($zippathname);
2259
2260 open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!";
2261 @fileholder = <DLFILE>;
2262 print "Content-Type:application/x-download\n";
2263 print "Content-Disposition:attachment;filename=$zipname\n\n";
2264 print @fileholder;
2265 exit (0);
2266}
2267else
2268{
2269 my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip";
2270 my $zippathname = "$zippath$zipname";
2271 $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn";
2272
2273###
7c1d9faf 2274# m.a.d net2net
ce9abb66
AH		 2275###
2276
c6c9630e 2277 open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
6e13d0a5
MT		 2278 flock CLIENTCONF, 2;
2279
2280 my $zip = Archive::Zip->new();
2281
8c877a82 2282 print CLIENTCONF "#OpenVPN Client conf\r\n";
6e13d0a5
MT		 2283 print CLIENTCONF "tls-client\r\n";
2284 print CLIENTCONF "client\r\n";
4f6e3ae3 2285 print CLIENTCONF "nobind\r\n";
79e7688b 2286 print CLIENTCONF "dev tun\r\n";
c6c9630e 2287 print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n";
2ee746be 2288
32405d88 2289 # Check if we are using fragment, mssfix and set MTU to 1500
2ee746be
SS		 2290 # or use configured value.
2291 if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' )
79e7688b 2292 { print CLIENTCONF "tun-mtu 1500\r\n"; }
2ee746be 2293 elsif ($vpnsettings{MSSFIX} eq 'on')
79e7688b 2294 { print CLIENTCONF "tun-mtu 1500\r\n"; }
2ee746be 2295 else
79e7688b 2296 { print CLIENTCONF "tun-mtu $vpnsettings{'DMTU'}\r\n"; }
2ee746be 2297
6e13d0a5
MT		 2298 if ( $vpnsettings{'ENABLED'} eq 'on'){
2299 print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n";
c6c9630e
MT		 2300 if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){
2301 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Blue interface\r\n";
2302 print CLIENTCONF ";remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2303 }
2304 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2305 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n";
2306 print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2307 }
2308 } elsif ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){
2309 print CLIENTCONF "remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2310 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2311 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n";
2312 print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2313 }
2314 } elsif ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2315 print CLIENTCONF "remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
6e13d0a5
MT		 2316 }
2317
71af643c
MT		 2318 my $file_crt = new File::Temp( UNLINK => 1 );
2319 my $file_key = new File::Temp( UNLINK => 1 );
b22d8aaf 2320 my $include_certs = 0;
71af643c 2321
6e13d0a5 2322 if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
71af643c 2323 if ($cgiparams{'MODE'} eq 'insecure') {
b22d8aaf
MT		 2324 $include_certs = 1;
2325
71af643c 2326 # Add the CA
b22d8aaf 2327 print CLIENTCONF ";ca cacert.pem\r\n";
71af643c
MT		 2328 $zip->addFile("${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
2329
2330 # Extract the certificate
2331 system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
2332 '-clcerts', '-nokeys', '-nodes', '-out', "$file_crt" , '-passin', 'pass:');
2333 if ($?) {
2334 die "openssl error: $?";
2335 }
2336
2337 $zip->addFile("$file_crt", "$confighash{$cgiparams{'KEY'}}[1].pem") or die;
b22d8aaf 2338 print CLIENTCONF ";cert $confighash{$cgiparams{'KEY'}}[1].pem\r\n";
71af643c
MT		 2339
2340 # Extract the key
2341 system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
2342 '-nocerts', '-nodes', '-out', "$file_key", '-passin', 'pass:');
2343 if ($?) {
2344 die "openssl error: $?";
2345 }
2346
2347 $zip->addFile("$file_key", "$confighash{$cgiparams{'KEY'}}[1].key") or die;
b22d8aaf 2348 print CLIENTCONF ";key $confighash{$cgiparams{'KEY'}}[1].key\r\n";
71af643c
MT		 2349 } else {
2350 print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n";
2351 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
2352 }
6e13d0a5 2353 } else {
c6c9630e
MT		 2354 print CLIENTCONF "ca cacert.pem\r\n";
2355 print CLIENTCONF "cert $confighash{$cgiparams{'KEY'}}[1]cert.pem\r\n";
2356 print CLIENTCONF "key $confighash{$cgiparams{'KEY'}}[1].key\r\n";
2357 $zip->addFile( "${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
2358 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n";
6e13d0a5
MT		 2359 }
2360 print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
49abe7af 2361 print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n";
86308adb 2362
49abe7af 2363 if ($vpnsettings{'TLSAUTH'} eq 'on') {
b22d8aaf
MT		 2364 if ($cgiparams{'MODE'} eq 'insecure') {
2365 print CLIENTCONF ";";
2366 }
4be45949
EK		 2367 print CLIENTCONF "tls-auth ta.key\r\n";
2368 $zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key") or die "Can't add file ta.key\n";
49abe7af 2369 }
6e13d0a5
MT		 2370 if ($vpnsettings{DCOMPLZO} eq 'on') {
2371 print CLIENTCONF "comp-lzo\r\n";
2372 }
2373 print CLIENTCONF "verb 3\r\n";
b66b02ab
EK		 2374 # Check host certificate if X509 is RFC3280 compliant.
2375 # If not, old --ns-cert-type directive will be used.
2376 # If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
2377 my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
2378 if ($hostcert !~ /TLS Web Server Authentication/) {
2379 print CLIENTCONF "ns-cert-type server\r\n";
2380 } else {
2381 print CLIENTCONF "remote-cert-tls server\r\n";
2382 }
964700d4 2383 print CLIENTCONF "verify-x509-name $vpnsettings{ROOTCERT_HOSTNAME} name\r\n";
a79fa1d6
JPT		 2384 if ($vpnsettings{MSSFIX} eq 'on') {
2385 print CLIENTCONF "mssfix\r\n";
2386 }
74225cce 2387 if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) {
a79fa1d6
JPT		 2388 print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
2389 }
1647059d 2390
b22d8aaf
MT		 2391 if ($include_certs) {
2392 print CLIENTCONF "\r\n";
2393
2394 # CA
2395 open(FILE, "<${General::swroot}/ovpn/ca/cacert.pem");
2396 print CLIENTCONF "<ca>\r\n";
2397 while (<FILE>) {
2398 chomp($_);
2399 print CLIENTCONF "$_\r\n";
2400 }
2401 print CLIENTCONF "</ca>\r\n\r\n";
2402 close(FILE);
2403
2404 # Cert
2405 open(FILE, "<$file_crt");
2406 print CLIENTCONF "<cert>\r\n";
2407 while (<FILE>) {
2408 chomp($_);
2409 print CLIENTCONF "$_\r\n";
2410 }
2411 print CLIENTCONF "</cert>\r\n\r\n";
2412 close(FILE);
2413
2414 # Key
2415 open(FILE, "<$file_key");
2416 print CLIENTCONF "<key>\r\n";
2417 while (<FILE>) {
2418 chomp($_);
2419 print CLIENTCONF "$_\r\n";
2420 }
2421 print CLIENTCONF "</key>\r\n\r\n";
2422 close(FILE);
2423
2424 # TLS auth
2425 if ($vpnsettings{'TLSAUTH'} eq 'on') {
2426 open(FILE, "<${General::swroot}/ovpn/certs/ta.key");
2427 print CLIENTCONF "<tls-auth>\r\n";
2428 while (<FILE>) {
2429 chomp($_);
2430 print CLIENTCONF "$_\r\n";
2431 }
2432 print CLIENTCONF "</tls-auth>\r\n\r\n";
2433 close(FILE);
2434 }
2435 }
2436
ffbe77c8
EK		 2437 # Print client.conf.local if entries exist to client.ovpn
2438 if (!-z $local_clientconf && $vpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') {
2439 open (LCC, "$local_clientconf");
2440 print CLIENTCONF "\n#---------------------------\n";
2441 print CLIENTCONF "# Start of custom directives\n";
2442 print CLIENTCONF "# from client.conf.local\n";
2443 print CLIENTCONF "#---------------------------\n\n";
2444 while (<LCC>) {
2445 print CLIENTCONF $_;
2446 }
2447 print CLIENTCONF "\n#---------------------------\n";
2448 print CLIENTCONF "# End of custom directives\n";
2449 print CLIENTCONF "#---------------------------\n\n";
2450 close (LCC);
2451 }
6e13d0a5 2452 close(CLIENTCONF);
ce9abb66 2453
6e13d0a5
MT		 2454 $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
2455 my $status = $zip->writeToFileNamed($zippathname);
2456
2457 open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!";
2458 @fileholder = <DLFILE>;
2459 print "Content-Type:application/x-download\n";
2460 print "Content-Disposition:attachment;filename=$zipname\n\n";
2461 print @fileholder;
2462 exit (0);
ce9abb66
AH		 2463 }
2464
2465
2466
6e13d0a5
MT		 2467###
2468### Remove connection
2469###
ce9abb66
AH		 2470
2471
6e13d0a5 2472} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
323be7c4
AM		 2473 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2474 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 2475
323be7c4 2476 if ($confighash{$cgiparams{'KEY'}}) {
fde9c9dd 2477 # Revoke certificate if certificate was deleted and rewrite the CRL
323be7c4 2478 my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
fde9c9dd 2479 my $tempA = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
ce9abb66
AH		 2480
2481###
7c1d9faf 2482# m.a.d net2net
ce9abb66 2483###
7c1d9faf 2484
323be7c4 2485 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
1e499e90 2486 # Stop the N2N connection before it is removed
6ad43b0f 2487 system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
1e499e90 2488
323be7c4
AM		 2489 my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
2490 my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
2491 unlink ($certfile);
2492 unlink ($conffile);
8e6a8fd5 2493
323be7c4
AM		 2494 if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") {
2495 rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
2496 }
323be7c4 2497 }
ce9abb66 2498
323be7c4
AM		 2499 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
2500 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
8c877a82
AM		 2501
2502# A.Marx CCD delete ccd files and routes
2503
323be7c4
AM		 2504 if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]")
2505 {
2506 unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]";
8c877a82 2507 }
e81be1e1 2508
323be7c4
AM		 2509 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
2510 foreach my $key (keys %ccdroutehash) {
2511 if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
2512 delete $ccdroutehash{$key};
2513 }
8c877a82 2514 }
323be7c4 2515 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
8c877a82 2516
323be7c4
AM		 2517 &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
2518 foreach my $key (keys %ccdroute2hash) {
2519 if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
2520 delete $ccdroute2hash{$key};
2521 }
2522 }
2523 &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
2524 &writeserverconf;
8c877a82 2525
323be7c4
AM		 2526# CCD end
2527 # Update collectd configuration and delete all RRD files of the removed connection
2528 &writecollectdconf();
fa4dbe27 2529 system ('/usr/local/bin/openvpnctrl', '-drrd', $confighash{$cgiparams{'KEY'}}[1]);
8c877a82 2530
323be7c4
AM		 2531 delete $confighash{$cgiparams{'KEY'}};
2532 my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
2533 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2534
2535 } else {
2536 $errormessage = $Lang::tr{'invalid key'};
2537 }
b2e75449 2538 &General::firewall_reload();
ce9abb66 2539
6e13d0a5
MT		 2540###
2541### Download PKCS12 file
2542###
2543} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download pkcs12 file'}) {
2544 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2545
2546 print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . ".p12\r\n";
2547 print "Content-Type: application/octet-stream\r\n\r\n";
2548 print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12`;
2549 exit (0);
2550
2551###
2552### Display certificate
2553###
2554} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show certificate'}) {
2555 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2556
2557 if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
c6c9630e 2558 &Header::showhttpheaders();
4c962356 2559 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
c6c9630e
MT		 2560 &Header::openbigbox('100%', 'LEFT', '', '');
2561 &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:");
2562 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
2563 $output = &Header::cleanhtml($output,"y");
2564 print "<pre>$output</pre>\n";
2565 &Header::closebox();
2566 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2567 &Header::closebigbox();
2568 &Header::closepage();
2569 exit(0);
6e13d0a5 2570 }
4c962356
EK		 2571
2572###
2573### Display Diffie-Hellman key
2574###
2575} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show dh'}) {
2576
2577 if (! -e "${General::swroot}/ovpn/ca/dh1024.pem") {
49abe7af 2578 $errormessage = $Lang::tr{'not present'};
4c962356
EK		 2579 } else {
2580 &Header::showhttpheaders();
2581 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
2582 &Header::openbigbox('100%', 'LEFT', '', '');
2583 &Header::openbox('100%', 'LEFT', "$Lang::tr{'dh'}:");
2584 my $output = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
2585 $output = &Header::cleanhtml($output,"y");
2586 print "<pre>$output</pre>\n";
2587 &Header::closebox();
2588 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2589 &Header::closebigbox();
2590 &Header::closepage();
2591 exit(0);
2592 }
2593
fd5ccb2d
EK		 2594###
2595### Display tls-auth key
2596###
2597} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show tls-auth key'}) {
2598
2599 if (! -e "${General::swroot}/ovpn/certs/ta.key") {
2600 $errormessage = $Lang::tr{'not present'};
2601 } else {
2602 &Header::showhttpheaders();
2603 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
2604 &Header::openbigbox('100%', 'LEFT', '', '');
2605 &Header::openbox('100%', 'LEFT', "$Lang::tr{'ta key'}:");
2606 my $output = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
2607 $output = &Header::cleanhtml($output,"y");
2608 print "<pre>$output</pre>\n";
2609 &Header::closebox();
2610 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2611 &Header::closebigbox();
2612 &Header::closepage();
2613 exit(0);
2614 }
2615
6e13d0a5
MT		 2616###
2617### Display Certificate Revoke List
2618###
2619} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show crl'}) {
c6c9630e
MT		 2620# &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2621
49abe7af
EK		 2622 if (! -e "${General::swroot}/ovpn/crls/cacrl.pem") {
2623 $errormessage = $Lang::tr{'not present'};
2624 } else {
b2e75449
MT		 2625 &Header::showhttpheaders();
2626 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
2627 &Header::openbigbox('100%', 'LEFT', '', '');
2628 &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
2629 my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`;
2630 $output = &Header::cleanhtml($output,"y");
2631 print "<pre>$output</pre>\n";
2632 &Header::closebox();
2633 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2634 &Header::closebigbox();
2635 &Header::closepage();
2636 exit(0);
6e13d0a5
MT		 2637 }
2638
2639###
2640### Advanced Server Settings
2641###
2642
2643} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'advanced server'}) {
2644 %cgiparams = ();
2645 %cahash = ();
2646 %confighash = ();
8c877a82 2647 my $disabled;
6e13d0a5 2648 &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
54fd0535 2649 read_routepushfile;
8c877a82
AM		 2650
2651
c6c9630e
MT		 2652# if ($cgiparams{'CLIENT2CLIENT'} eq '') {
2653# $cgiparams{'CLIENT2CLIENT'} = 'on';
2654# }
6e13d0a5
MT		 2655ADV_ERROR:
2656 if ($cgiparams{'MAX_CLIENTS'} eq '') {
4c962356 2657 $cgiparams{'MAX_CLIENTS'} = '100';
6e13d0a5 2658 }
6e13d0a5 2659 if ($cgiparams{'KEEPALIVE_1'} eq '') {
4c962356 2660 $cgiparams{'KEEPALIVE_1'} = '10';
6e13d0a5
MT		 2661 }
2662 if ($cgiparams{'KEEPALIVE_2'} eq '') {
4c962356 2663 $cgiparams{'KEEPALIVE_2'} = '60';
6e13d0a5
MT		 2664 }
2665 if ($cgiparams{'LOG_VERB'} eq '') {
4c962356 2666 $cgiparams{'LOG_VERB'} = '3';
ae9f6139 2667 }
f527e53f 2668 if ($cgiparams{'TLSAUTH'} eq '') {
754066e6 2669 $cgiparams{'TLSAUTH'} = 'off';
f527e53f 2670 }
6e13d0a5
MT		 2671 $checked{'CLIENT2CLIENT'}{'off'} = '';
2672 $checked{'CLIENT2CLIENT'}{'on'} = '';
2673 $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
2674 $checked{'REDIRECT_GW_DEF1'}{'off'} = '';
2675 $checked{'REDIRECT_GW_DEF1'}{'on'} = '';
2676 $checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED';
13389777
EK		 2677 $checked{'DCOMPLZO'}{'off'} = '';
2678 $checked{'DCOMPLZO'}{'on'} = '';
2679 $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
ffbe77c8
EK		 2680 $checked{'ADDITIONAL_CONFIGS'}{'off'} = '';
2681 $checked{'ADDITIONAL_CONFIGS'}{'on'} = '';
2682 $checked{'ADDITIONAL_CONFIGS'}{$cgiparams{'ADDITIONAL_CONFIGS'}} = 'CHECKED';
a79fa1d6
JPT		 2683 $checked{'MSSFIX'}{'off'} = '';
2684 $checked{'MSSFIX'}{'on'} = '';
2685 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
49abe7af 2686 $selected{'LOG_VERB'}{'0'} = '';
6e13d0a5
MT		 2687 $selected{'LOG_VERB'}{'1'} = '';
2688 $selected{'LOG_VERB'}{'2'} = '';
2689 $selected{'LOG_VERB'}{'3'} = '';
2690 $selected{'LOG_VERB'}{'4'} = '';
2691 $selected{'LOG_VERB'}{'5'} = '';
2692 $selected{'LOG_VERB'}{'6'} = '';
2693 $selected{'LOG_VERB'}{'7'} = '';
2694 $selected{'LOG_VERB'}{'8'} = '';
2695 $selected{'LOG_VERB'}{'9'} = '';
2696 $selected{'LOG_VERB'}{'10'} = '';
2697 $selected{'LOG_VERB'}{'11'} = '';
6e13d0a5 2698 $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
f527e53f 2699
6e13d0a5
MT		 2700 &Header::showhttpheaders();
2701 &Header::openpage($Lang::tr{'status ovpn'}, 1, '');
2702 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
2703 if ($errormessage) {
c6c9630e
MT		 2704 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2705 print "<class name='base'>$errormessage\n";
2706 print "&nbsp;</class>\n";
2707 &Header::closebox();
6e13d0a5
MT		 2708 }
2709 &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'});
4c962356 2710 print <<END;
b376fae4 2711 <form method='post' enctype='multipart/form-data'>
b2e75449 2712<table width='100%' border=0>
4c962356
EK		 2713 <tr>
2714 <td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
6e13d0a5
MT		 2715 </tr>
2716 <tr>
4c962356 2717 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
6e13d0a5
MT		 2718 </tr>
2719 <tr>
4c962356 2720 <td class='base'>Domain</td>
8c877a82 2721 <td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30' /></td>
6e13d0a5
MT		 2722 </tr>
2723 <tr>
4c962356
EK		 2724 <td class='base'>DNS</td>
2725 <td><input type='TEXT' name='DHCP_DNS' value='$cgiparams{'DHCP_DNS'}' size='30' /></td>
6e13d0a5
MT		 2726 </tr>
2727 <tr>
4c962356
EK		 2728 <td class='base'>WINS</td>
2729 <td><input type='TEXT' name='DHCP_WINS' value='$cgiparams{'DHCP_WINS'}' size='30' /></td>
2730 </tr>
54fd0535 2731 <tr>
4c962356 2732 <td colspan='4'><b>$Lang::tr{'ovpn routes push options'}</b></td>
54fd0535
MT		 2733 </tr>
2734 <tr>
4c962356
EK		 2735 <td class='base'>$Lang::tr{'ovpn routes push'}</td>
2736 <td colspan='2'>
2737 <textarea name='ROUTES_PUSH' cols='26' rows='6' wrap='off'>
54fd0535
MT		 2738END
2739;
2740
2741if ($cgiparams{'ROUTES_PUSH'} ne '')
2742{
2743 print $cgiparams{'ROUTES_PUSH'};
2744}
2745
8c877a82 2746print <<END;
54fd0535
MT		 2747</textarea></td>
2748</tr>
6e13d0a5
MT		 2749 </tr>
2750</table>
2751<hr size='1'>
4c962356 2752<table width='100%'>
ffbe77c8 2753 <tr>
4c962356 2754 <td class'base'><b>$Lang::tr{'misc-options'}</b></td>
ffbe77c8
EK		 2755 </tr>
2756
2757 <tr>
d2de0a00 2758 <td width='20%'></td> <td width='15%'> </td><td width='35%'> </td><td width='20%'></td><td width='35%'></td>
ffbe77c8
EK		 2759 </tr>
2760
2761 <tr>
4c962356
EK		 2762 <td class='base'>Client-To-Client</td>
2763 <td><input type='checkbox' name='CLIENT2CLIENT' $checked{'CLIENT2CLIENT'}{'on'} /></td>
ffbe77c8
EK		 2764 </tr>
2765
2766 <tr>
4c962356
EK		 2767 <td class='base'>Redirect-Gateway def1</td>
2768 <td><input type='checkbox' name='REDIRECT_GW_DEF1' $checked{'REDIRECT_GW_DEF1'}{'on'} /></td>
ffbe77c8
EK		 2769 </tr>
2770
13389777
EK		 2771 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
2772 <td><input type='checkbox' name='DCOMPLZO' $checked{'DCOMPLZO'}{'on'} /></td>
2773 <td>$Lang::tr{'openvpn default'}: off <font color='red'>($Lang::tr{'attention'} exploitable via Voracle)</font></td>
2774 </tr>
2775
4c962356 2776 <tr>
ffbe77c8
EK		 2777 <td class='base'>$Lang::tr{'ovpn add conf'}</td>
2778 <td><input type='checkbox' name='ADDITIONAL_CONFIGS' $checked{'ADDITIONAL_CONFIGS'}{'on'} /></td>
2779 <td>$Lang::tr{'openvpn default'}: off</td>
2780 </tr>
2781
2782 <tr>
2783 <td class='base'>mssfix</td>
2784 <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
2785 <td>$Lang::tr{'openvpn default'}: off</td>
2786 </tr>
2787
4c962356 2788 <tr>
ffbe77c8
EK		 2789 <td class='base'>fragment <br></td>
2790 <td><input type='TEXT' name='FRAGMENT' value='$cgiparams{'FRAGMENT'}' size='10' /></td>
2791 </tr>
2792
2793
2794 <tr>
2795 <td class='base'>Max-Clients</td>
2796 <td><input type='text' name='MAX_CLIENTS' value='$cgiparams{'MAX_CLIENTS'}' size='10' /></td>
2797 </tr>
2798 <tr>
2799 <td class='base'>Keepalive <br />
2800 (ping/ping-restart)</td>
2801 <td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='10' /></td>
2802 <td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='10' /></td>
2803 </tr>
a79fa1d6
JPT		 2804</table>
2805
a79fa1d6 2806<hr size='1'>
4c962356 2807<table width='100%'>
a79fa1d6 2808 <tr>
49abe7af 2809 <td class'base'><b>$Lang::tr{'log-options'}</b></td>
a79fa1d6
JPT		 2810 </tr>
2811 <tr>
49abe7af 2812 <td width='20%'></td> <td width='30%'> </td><td width='25%'> </td><td width='25%'></td>
4c962356
EK		 2813 </tr>
2814
2815 <tr><td class='base'>VERB</td>
2816 <td><select name='LOG_VERB'>
49abe7af
EK		 2817 <option value='0' $selected{'LOG_VERB'}{'0'}>0</option>
2818 <option value='1' $selected{'LOG_VERB'}{'1'}>1</option>
2819 <option value='2' $selected{'LOG_VERB'}{'2'}>2</option>
2820 <option value='3' $selected{'LOG_VERB'}{'3'}>3</option>
2821 <option value='4' $selected{'LOG_VERB'}{'4'}>4</option>
2822 <option value='5' $selected{'LOG_VERB'}{'5'}>5</option>
2823 <option value='6' $selected{'LOG_VERB'}{'6'}>6</option>
2824 <option value='7' $selected{'LOG_VERB'}{'7'}>7</option>
2825 <option value='8' $selected{'LOG_VERB'}{'8'}>8</option>
2826 <option value='9' $selected{'LOG_VERB'}{'9'}>9</option>
2827 <option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
2828 <option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
2829 </td></select>
2830 </table>
4c962356 2831
6e13d0a5 2832<hr size='1'>
8c877a82
AM		 2833END
2834
2835if ( -e "/var/run/openvpn.pid"){
2836print" <br><b><font color='#990000'>$Lang::tr{'attention'}:</b></font><br>
2837 $Lang::tr{'server restart'}<br><br>
2838 <hr>";
49abe7af 2839 print<<END;
52d08bcb
AM		 2840<table width='100%'>
2841<tr>
2842 <td>&nbsp;</td>
2843 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' disabled='disabled' /></td>
2844 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
2845 <td>&nbsp;</td>
2846</tr>
2847</table>
2848</form>
2849END
2850;
2851
2852
2853}else{
8c877a82 2854
49abe7af 2855 print<<END;
6e13d0a5
MT		 2856<table width='100%'>
2857<tr>
2858 <td>&nbsp;</td>
2859 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' /></td>
2860 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
2861 <td>&nbsp;</td>
2862</tr>
2863</table>
2864</form>
2865END
2866;
52d08bcb 2867}
6e13d0a5 2868 &Header::closebox();
c6c9630e 2869# print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
6e13d0a5
MT		 2870 &Header::closebigbox();
2871 &Header::closepage();
2872 exit(0);
2873
8c877a82
AM		 2874
2875# A.Marx CCD Add,delete or edit CCD net
2876
2877} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ccd net'} ||
2878 $cgiparams{'ACTION'} eq $Lang::tr{'ccd add'} ||
2879 $cgiparams{'ACTION'} eq "kill" ||
2880 $cgiparams{'ACTION'} eq "edit" ||
2881 $cgiparams{'ACTION'} eq 'editsave'){
2882 &Header::showhttpheaders();
2883 &Header::openpage($Lang::tr{'ccd net'}, 1, '');
2884 &Header::openbigbox('100%', 'LEFT', '', '');
2885
2886 if ($cgiparams{'ACTION'} eq "kill"){
2887 &delccdnet($cgiparams{'net'});
2888 }
2889
2890 if ($cgiparams{'ACTION'} eq 'editsave'){
2891 my ($a,$b) =split (/\|/,$cgiparams{'ccdname'});
2892 if ( $a ne $b){ &modccdnet($a,$b);}
5068ac38
AM		 2893 $cgiparams{'ccdname'}='';
2894 $cgiparams{'ccdsubnet'}='';
8c877a82
AM		 2895 }
2896
2897 if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) {
e2429e8d 2898 &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'});
8c877a82
AM		 2899 }
2900 if ($errormessage) {
2901 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2902 print "<class name='base'>$errormessage";
2903 print "&nbsp;</class>";
2904 &Header::closebox();
2905 }
2906if ($cgiparams{'ACTION'} eq "edit"){
2907
2908 &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'});
2909
49abe7af 2910 print <<END;
631b67b7 2911 <table width='100%' border='0'>
8c877a82
AM		 2912 <tr><form method='post'>
2913 <td width='10%' nowrap='nowrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
a9fb14d0 2914 <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' readonly='readonly' /></td></tr>
8c877a82
AM		 2915 <tr><td colspan='4' align='right'><hr><input type='submit' value='$Lang::tr{'save'}' /><input type='hidden' name='ACTION' value='editsave'/>
2916 <input type='hidden' name='ccdname' value='$cgiparams{'ccdname'}'/><input type='submit' value='$Lang::tr{'cancel'}' />
2917 </td></tr>
2918 </table></form>
2919END
2920;
2921 &Header::closebox();
2922
2923 &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
49abe7af 2924 print <<END;
8c877a82
AM		 2925 <table width='100%' border='0' cellpadding='0' cellspacing='1'>
2926 <tr>
2927 <td class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' width='15%' align='center'><b>$Lang::tr{'ccd used'}</td><td width='3%'></td><td width='3%'></td></tr>
2928END
2929;
2930}
2931else{
2932 if (! -e "/var/run/openvpn.pid"){
2933 &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd add'});
49abe7af 2934 print <<END;
8c877a82
AM		 2935 <table width='100%' border='0'>
2936 <tr><form method='post'>
2937 <td colspan='4'>$Lang::tr{'ccd hint'}<br><br></td></tr>
2938 <tr>
2939 <td width='10%' nowrap='nwrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
2940 <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' /></td></tr>
2941 <tr><td colspan=4><hr /></td></tr><tr>
2942 <td colspan='4' align='right'><input type='hidden' name='ACTION' value='$Lang::tr{'ccd add'}' /><input type='submit' value='$Lang::tr{'add'}' /><input type='hidden' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}'/></td></tr>
2943 </table></form>
2944END
2945
2946 &Header::closebox();
2947}
2948 &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
5068ac38
AM		 2949 if ( -e "/var/run/openvpn.pid"){
2950 print "<b>$Lang::tr{'attention'}:</b><br>";
2951 print "$Lang::tr{'ccd noaddnet'}<br><hr>";
2952 }
2953
4c962356 2954 print <<END;
99bfa85c 2955 <table width='100%' cellpadding='0' cellspacing='1'>
8c877a82
AM		 2956 <tr>
2957 <td class='boldbase' align='center' nowrap='nowrap' width='20%'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center' width='8%'><b>$Lang::tr{'network'}</td><td class='boldbase' width='8%' align='center' nowrap='nowrap'><b>$Lang::tr{'ccd used'}</td><td width='1%' align='center'></td><td width='1%' align='center'></td></tr>
2958END
2959;
2960}
2961 my %ccdconfhash=();
2962 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
2963 my @ccdconf=();
2964 my $count=0;
df9b48b7 2965 foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
8c877a82
AM		 2966 @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
2967 $count++;
2968 my $ccdhosts = &hostsinnet($ccdconf[0]);
2969 if ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";}
2970 else{ print" <tr bgcolor='$color{'color20'}'>";}
2971 print"<td>$ccdconf[0]</td><td align='center'>$ccdconf[1]</td><td align='center'>$ccdhosts/".(&ccdmaxclients($ccdconf[1])+1)."</td><td>";
4c962356 2972 print <<END;
8c877a82 2973 <form method='post' />
1638682b 2974 <input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
8c877a82
AM		 2975 <input type='hidden' name='ACTION' value='edit'/>
2976 <input type='hidden' name='ccdname' value='$ccdconf[0]' />
2977 <input type='hidden' name='ccdsubnet' value='$ccdconf[1]' />
2978 </form></td>
2979 <form method='post' />
2980 <td><input type='hidden' name='ACTION' value='kill'/>
2981 <input type='hidden' name='number' value='$count' />
2982 <input type='hidden' name='net' value='$ccdconf[0]' />
1638682b 2983 <input type='image' src='/images/delete.gif' align='middle' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' /></form></td></tr>
8c877a82
AM		 2984END
2985;
2986 }
2987 print "</table></form>";
2988 &Header::closebox();
2989 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2990 &Header::closebigbox();
2991 &Header::closepage();
2992 exit(0);
2993
2994#END CCD
2995
6e13d0a5
MT		 2996###
2997### Openvpn Connections Statistics
2998###
2999} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ovpn con stat'}) {
3000 &Header::showhttpheaders();
3001 &Header::openpage($Lang::tr{'ovpn con stat'}, 1, '');
3002 &Header::openbigbox('100%', 'LEFT', '', '');
3003 &Header::openbox('100%', 'LEFT', $Lang::tr{'ovpn con stat'});
3004
83ccdf7f 3005 # Libloc database handle.
e2e270e1 3006 my $libloc_db_handle = &Location::Functions::init();
83ccdf7f 3007
6e13d0a5
MT		 3008#
3009# <td><b>$Lang::tr{'protocol'}</b></td>
3010# protocol temp removed
4c962356 3011 print <<END;
99bfa85c 3012 <table width='100%' cellpadding='2' cellspacing='0' class='tbl'>
6e13d0a5 3013 <tr>
99bfa85c
AM		 3014 <th><b>$Lang::tr{'common name'}</b></th>
3015 <th><b>$Lang::tr{'real address'}</b></th>
d8ef6a95 3016 <th><b>$Lang::tr{'country'}</b></th>
99bfa85c
AM		 3017 <th><b>$Lang::tr{'virtual address'}</b></th>
3018 <th><b>$Lang::tr{'loged in at'}</b></th>
3019 <th><b>$Lang::tr{'bytes sent'}</b></th>
3020 <th><b>$Lang::tr{'bytes received'}</b></th>
3021 <th><b>$Lang::tr{'last activity'}</b></th>
6e13d0a5
MT		 3022 </tr>
3023END
3024;
87fe47e9 3025 my $filename = "/var/run/ovpnserver.log";
6e13d0a5
MT		 3026 open(FILE, $filename) or die 'Unable to open config file.';
3027 my @current = <FILE>;
3028 close(FILE);
3029 my @users =();
3030 my $status;
3031 my $uid = 0;
3032 my $cn;
3033 my @match = ();
3034 my $proto = "udp";
3035 my $address;
3036 my %userlookup = ();
3037 foreach my $line (@current)
3038 {
3039 chomp($line);
3040 if ( $line =~ /^Updated,(.+)/){
3041 @match = split( /^Updated,(.+)/, $line);
3042 $status = $match[1];
3043 }
c6c9630e 3044#gian
6e13d0a5
MT		 3045 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
3046 @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
3047 if ($match[1] ne "Common Name") {
3048 $cn = $match[1];
3049 $userlookup{$match[2]} = $uid;
3050 $users[$uid]{'CommonName'} = $match[1];
3051 $users[$uid]{'RealAddress'} = $match[2];
c6c9630e
MT		 3052 $users[$uid]{'BytesReceived'} = &sizeformat($match[3]);
3053 $users[$uid]{'BytesSent'} = &sizeformat($match[4]);
6e13d0a5
MT		 3054 $users[$uid]{'Since'} = $match[5];
3055 $users[$uid]{'Proto'} = $proto;
d8ef6a95
PM		 3056
3057 # get country code for "RealAddress"...
e2e270e1
SS		 3058 my $ccode = &Location::Functions::lookup_country_code($libloc_db_handle, (split ':', $users[$uid]{'RealAddress'})[0]);
3059 my $flag_icon = &Location::Functions::get_flag_icon($ccode);
d8ef6a95 3060 $users[$uid]{'Country'} = "<a href='country.cgi#$ccode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode' title='$ccode' /></a>";
6e13d0a5
MT		 3061 $uid++;
3062 }
3063 }
3064 if ( $line =~ /^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/) {
3065 @match = split(m/^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/, $line);
3066 if ($match[1] ne "Virtual Address") {
3067 $address = $match[3];
3068 #find the uid in the lookup table
3069 $uid = $userlookup{$address};
3070 $users[$uid]{'VirtualAddress'} = $match[1];
3071 $users[$uid]{'LastRef'} = $match[4];
3072 }
3073 }
3074 }
3075 my $user2 = @users;
3076 if ($user2 >= 1){
99bfa85c 3077 for (my $idx = 1; $idx <= $user2; $idx++){
6e13d0a5 3078 if ($idx % 2) {
99bfa85c
AM		 3079 print "<tr>";
3080 $col="bgcolor='$color{'color22'}'";
3081 } else {
3082 print "<tr>";
3083 $col="bgcolor='$color{'color20'}'";
6e13d0a5 3084 }
99bfa85c
AM		 3085 print "<td align='left' $col>$users[$idx-1]{'CommonName'}</td>";
3086 print "<td align='left' $col>$users[$idx-1]{'RealAddress'}</td>";
d8ef6a95
PM		 3087 print "<td align='center' $col>$users[$idx-1]{'Country'}</td>";
3088 print "<td align='center' $col>$users[$idx-1]{'VirtualAddress'}</td>";
99bfa85c
AM		 3089 print "<td align='left' $col>$users[$idx-1]{'Since'}</td>";
3090 print "<td align='left' $col>$users[$idx-1]{'BytesSent'}</td>";
3091 print "<td align='left' $col>$users[$idx-1]{'BytesReceived'}</td>";
3092 print "<td align='left' $col>$users[$idx-1]{'LastRef'}</td>";
3093 }
3094 }
6e13d0a5
MT		 3095
3096 print "</table>";
49abe7af 3097 print <<END;
6e13d0a5
MT		 3098 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
3099 <tr><td></td></tr>
3100 <tr><td></td></tr>
3101 <tr><td></td></tr>
3102 <tr><td></td></tr>
3103 <tr><td align='center' >$Lang::tr{'the statistics were last updated at'} <b>$status</b></td></tr>
3104 </table>
3105END
3106;
3107 &Header::closebox();
3108 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
3109 &Header::closebigbox();
3110 &Header::closepage();
3111 exit(0);
3112
3113###
3114### Download Certificate
3115###
3116} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download certificate'}) {
3117 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 3118
6e13d0a5 3119 if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
c6c9630e
MT		 3120 print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\r\n";
3121 print "Content-Type: application/octet-stream\r\n\r\n";
3122 print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
3123 exit (0);
3124 }
3125
3126###
3127### Enable/Disable connection
3128###
ce9abb66 3129
c6c9630e
MT		 3130} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
3131
3132 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3133 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3134
3135 if ($confighash{$cgiparams{'KEY'}}) {
ce9abb66 3136 if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
c6c9630e
MT		 3137 $confighash{$cgiparams{'KEY'}}[0] = 'on';
3138 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3139 #&writeserverconf();
3140# if ($vpnsettings{'ENABLED'} eq 'on' ||
3141# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
3142# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
3143# }
3144 } else {
3145 $confighash{$cgiparams{'KEY'}}[0] = 'off';
3146# if ($vpnsettings{'ENABLED'} eq 'on' ||
3147# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
3148# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
3149# }
3150 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3151 #&writeserverconf();
3152 }
3153 } else {
3154 $errormessage = $Lang::tr{'invalid key'};
6e13d0a5
MT		 3155 }
3156
3157###
3158### Restart connection
3159###
3160} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'restart'}) {
3161 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3162 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3163
3164 if ($confighash{$cgiparams{'KEY'}}) {
c6c9630e
MT		 3165# if ($vpnsettings{'ENABLED'} eq 'on' ||
3166# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
3167# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
3168# }
6e13d0a5 3169 } else {
c6c9630e 3170 $errormessage = $Lang::tr{'invalid key'};
6e13d0a5
MT		 3171 }
3172
ce9abb66 3173###
7c1d9faf 3174# m.a.d net2net
ce9abb66
AH		 3175###
3176
3177} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') {
3178 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3179 &Header::showhttpheaders();
4c962356 3180 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
ce9abb66
AH		 3181 &Header::openbigbox('100%', 'LEFT', '', '');
3182 &Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'});
b278daf3
AH		 3183
3184if ( -s "${General::swroot}/ovpn/settings") {
3185
49abe7af 3186 print <<END;
ce9abb66 3187 <b>$Lang::tr{'connection type'}:</b><br />
8c877a82 3188 <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
ce9abb66
AH		 3189 <tr><td><input type='radio' name='TYPE' value='host' checked /></td>
3190 <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
3191 <tr><td><input type='radio' name='TYPE' value='net' /></td>
3192 <td class='base'>$Lang::tr{'net to net vpn'}</td></tr>
3193 <tr><td><input type='radio' name='TYPE' value='net2net' /></td>
3194 <td class='base'>$Lang::tr{'net to net vpn'} (Upload Client Package)</td></tr>
3195 <tr><td>&nbsp;</td><td class='base'><input type='file' name='FH' size='30'></td></tr>
e3edceeb 3196 <tr><td>&nbsp;</td><td>Import Connection Name</td></tr>
040b8b0c 3197 <tr><td>&nbsp;</td><td class='base'><input type='text' name='n2nname' size='30'>$Lang::tr{'openvpn default'}: Client Packagename</td></tr>
54fd0535 3198 <tr><td colspan='3'><hr /></td></tr>
8c877a82 3199 <tr><td align='right' colspan='3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
ce9abb66
AH		 3200 </form></table>
3201END
3202 ;
8c877a82 3203
ce9abb66 3204
b278daf3 3205} else {
49abe7af 3206 print <<END;
b278daf3 3207 <b>$Lang::tr{'connection type'}:</b><br />
8c877a82 3208 <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
b278daf3 3209 <tr><td><input type='radio' name='TYPE' value='host' checked /></td> <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
8c877a82 3210 <tr><td align='right' colspan'3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
b278daf3
AH		 3211 </form></table>
3212END
3213 ;
3214
3215}
3216
ce9abb66 3217 &Header::closebox();
4c962356 3218 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
ce9abb66
AH		 3219 &Header::closebigbox();
3220 &Header::closepage();
3221 exit (0);
3222
3223###
7c1d9faf 3224# m.a.d net2net
ce9abb66
AH		 3225###
3226
3227} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2net')){
3228
3229 my @firen2nconf;
3230 my @confdetails;
3231 my $uplconffilename ='';
54fd0535 3232 my $uplconffilename2 ='';
ce9abb66 3233 my $uplp12name = '';
54fd0535 3234 my $uplp12name2 = '';
ce9abb66
AH		 3235 my @rem_subnet;
3236 my @rem_subnet2;
3237 my @tmposupnet3;
3238 my $key;
54fd0535 3239 my @n2nname;
ce9abb66
AH		 3240
3241 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3242
2ad1b18b
MT		 3243 # Check if a file is uploaded
3244 unless (ref ($cgiparams{'FH'})) {
ce9abb66
AH		 3245 $errormessage = $Lang::tr{'there was no file upload'};
3246 goto N2N_ERROR;
3247 }
3248
3249# Move uploaded IPfire n2n package to temporary file
3250
3251 (my $fh, my $filename) = tempfile( );
3252 if (copy ($cgiparams{'FH'}, $fh) != 1) {
3253 $errormessage = $!;
3254 goto N2N_ERROR;
3255 }
3256
3257 my $zip = Archive::Zip->new();
3258 my $zipName = $filename;
3259 my $status = $zip->read( $zipName );
3260 if ($status != AZ_OK) {
3261 $errormessage = "Read of $zipName failed\n";
3262 goto N2N_ERROR;
3263 }
3264
3265 my $tempdir = tempdir( CLEANUP => 1 );
3266 my @files = $zip->memberNames();
3267 for(@files) {
3268 $zip->extractMemberWithoutPaths($_,"$tempdir/$_");
3269 }
3270 my $countfiles = @files;
3271
3272# Check if we have not more then 2 files
3273
3274 if ( $countfiles == 2){
3275 foreach (@files){
3276 if ( $_ =~ /.conf$/){
3277 $uplconffilename = $_;
3278 }
3279 if ( $_ =~ /.p12$/){
3280 $uplp12name = $_;
3281 }
3282 }
3283 if (($uplconffilename eq '') || ($uplp12name eq '')){
3284 $errormessage = "Either no *.conf or no *.p12 file found\n";
3285 goto N2N_ERROR;
3286 }
3287
3288 open(FILE, "$tempdir/$uplconffilename") or die 'Unable to open*.conf file';
3289 @firen2nconf = <FILE>;
3290 close (FILE);
3291 chomp(@firen2nconf);
ce9abb66
AH		 3292 } else {
3293
3294 $errormessage = "Filecount does not match only 2 files are allowed\n";
3295 goto N2N_ERROR;
3296 }
3297
7c1d9faf
AH		 3298###
3299# m.a.d net2net
ce9abb66 3300###
54fd0535
MT		 3301
3302 if ($cgiparams{'n2nname'} ne ''){
3303
3304 $uplconffilename2 = "$cgiparams{'n2nname'}.conf";
3305 $uplp12name2 = "$cgiparams{'n2nname'}.p12";
3306 $n2nname[0] = $cgiparams{'n2nname'};
3307 my @n2nname2 = split(/\./,$uplconffilename);
3308 $n2nname2[0] =~ s/\n|\r//g;
3309 my $input1 = "${General::swroot}/ovpn/certs/$uplp12name";
3310 my $output1 = "${General::swroot}/ovpn/certs/$uplp12name2";
3311 my $input2 = "$n2nname2[0]n2n";
3312 my $output2 = "$n2nname[0]n2n";
3313 my $filename = "$tempdir/$uplconffilename";
3314 open(FILE, "< $filename") or die 'Unable to open config file.';
3315 my @current = <FILE>;
3316 close(FILE);
3317 foreach (@current) {s/$input1/$output1/g;}
3318 foreach (@current) {s/$input2/$output2/g;}
3319 open (OUT, "> $filename") || die 'Unable to open config file.';
3320 print OUT @current;
3321 close OUT;
ce9abb66 3322
54fd0535
MT		 3323 }else{
3324 $uplconffilename2 = $uplconffilename;
3325 $uplp12name2 = $uplp12name;
3326 @n2nname = split(/\./,$uplconffilename);
ce9abb66 3327 $n2nname[0] =~ s/\n|\r//g;
54fd0535 3328 }
7c1d9faf
AH		 3329 unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
3330 unless(-d "${General::swroot}/ovpn/n2nconf/$n2nname[0]"){mkdir "${General::swroot}/ovpn/n2nconf/$n2nname[0]", 0770 or die "Unable to create dir $!";}
ce9abb66 3331
7dfcaef0
AM		 3332 #Add collectd settings to configfile
3333 open(FILE, ">> $tempdir/$uplconffilename") or die 'Unable to open config file.';
3334 print FILE "# Logfile\n";
3335 print FILE "status-version 1\n";
3336 print FILE "status /var/run/openvpn/$n2nname[0]-n2n 10\n";
3337 close FILE;
3338
54fd0535 3339 move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2");
ce9abb66
AH		 3340
3341 if ($? ne 0) {
3342 $errormessage = "*.conf move failed: $!";
3343 unlink ($filename);
3344 goto N2N_ERROR;
3345 }
3346
54fd0535 3347 move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name2");
b278daf3
AH		 3348 chmod 0600, "${General::swroot}/ovpn/certs/$uplp12name";
3349
ce9abb66
AH		 3350 if ($? ne 0) {
3351 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
3352 unlink ($filename);
3353 goto N2N_ERROR;
3354 }
3355
3356my $complzoactive;
d96c89eb 3357my $mssfixactive;
4c962356 3358my $authactive;
d96c89eb 3359my $n2nfragment;
60f396d7 3360my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
54fd0535 3361my @n2nproto = split(/-/, $n2nproto2[1]);
ce9abb66
AH		 3362my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]);
3363my @n2ntunmtu = split(/ /, (grep { /^tun-mtu/ } @firen2nconf)[0]);
3364my @n2ncomplzo = grep { /^comp-lzo/ } @firen2nconf;
3365if ($n2ncomplzo[0] =~ /comp-lzo/){$complzoactive = "on";} else {$complzoactive = "off";}
d96c89eb
AH		 3366my @n2nmssfix = grep { /^mssfix/ } @firen2nconf;
3367if ($n2nmssfix[0] =~ /mssfix/){$mssfixactive = "on";} else {$mssfixactive = "off";}
54fd0535 3368#my @n2nmssfix = split(/ /, (grep { /^mssfix/ } @firen2nconf)[0]);
d96c89eb 3369my @n2nfragment = split(/ /, (grep { /^fragment/ } @firen2nconf)[0]);
ce9abb66
AH		 3370my @n2nremote = split(/ /, (grep { /^remote/ } @firen2nconf)[0]);
3371my @n2novpnsuball = split(/ /, (grep { /^ifconfig/ } @firen2nconf)[0]);
3372my @n2novpnsub = split(/\./,$n2novpnsuball[1]);
3373my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]);
54fd0535 3374my @n2nmgmt = split(/ /, (grep { /^management/ } @firen2nconf)[0]);
ce9abb66 3375my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]);
4c962356 3376my @n2ncipher = split(/ /, (grep { /^cipher/ } @firen2nconf)[0]);
f527e53f 3377my @n2nauth = split(/ /, (grep { /^auth/ } @firen2nconf)[0]);;
60f396d7 3378
ce9abb66
AH		 3379###
3380# m.a.d delete CR and LF from arrays for this chomp doesnt work
3381###
3382
ce9abb66 3383$n2nremote[1] =~ s/\n|\r//g;
ce9abb66
AH		 3384$n2novpnsub[0] =~ s/\n|\r//g;
3385$n2novpnsub[1] =~ s/\n|\r//g;
3386$n2novpnsub[2] =~ s/\n|\r//g;
60f396d7 3387$n2nproto[0] =~ s/\n|\r//g;
ce9abb66
AH		 3388$n2nport[1] =~ s/\n|\r//g;
3389$n2ntunmtu[1] =~ s/\n|\r//g;
3390$n2nremsub[1] =~ s/\n|\r//g;
b278daf3 3391$n2nremsub[2] =~ s/\n|\r//g;
ce9abb66 3392$n2nlocalsub[2] =~ s/\n|\r//g;
d96c89eb 3393$n2nfragment[1] =~ s/\n|\r//g;
54fd0535 3394$n2nmgmt[2] =~ s/\n|\r//g;
4c962356
EK		 3395$n2ncipher[1] =~ s/\n|\r//g;
3396$n2nauth[1] =~ s/\n|\r//g;
ce9abb66 3397chomp ($complzoactive);
d96c89eb 3398chomp ($mssfixactive);
ce9abb66
AH		 3399
3400###
7c1d9faf 3401# m.a.d net2net
ce9abb66
AH		 3402###
3403
3404###
3405# Check if there is no other entry with this name
3406###
3407
3408 foreach my $dkey (keys %confighash) {
3409 if ($confighash{$dkey}[1] eq $n2nname[0]) {
3410 $errormessage = $Lang::tr{'a connection with this name already exists'};
b278daf3
AH		 3411 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
3412 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
3413 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
ce9abb66
AH		 3414 goto N2N_ERROR;
3415 }
3416 }
3417
d96c89eb
AH		 3418###
3419# Check if OpenVPN Subnet is valid
3420###
3421
3422foreach my $dkey (keys %confighash) {
3423 if ($confighash{$dkey}[27] eq "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0") {
3424 $errormessage = 'The OpenVPN Subnet is already in use';
b278daf3
AH		 3425 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
3426 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
3427 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
d96c89eb
AH		 3428 goto N2N_ERROR;
3429 }
3430 }
3431
3432###
4c962356 3433# Check if Dest Port is vaild
d96c89eb
AH		 3434###
3435
3436foreach my $dkey (keys %confighash) {
3437 if ($confighash{$dkey}[29] eq $n2nport[1] ) {
3438 $errormessage = 'The OpenVPN Port is already in use';
b278daf3
AH		 3439 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
3440 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
3441 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
d96c89eb
AH		 3442 goto N2N_ERROR;
3443 }
3444 }
3445
3446
3447
ce9abb66
AH		 3448 $key = &General::findhasharraykey (\%confighash);
3449
49abe7af 3450 foreach my $i (0 .. 42) { $confighash{$key}[$i] = "";}
350f2980 3451
ce9abb66
AH		 3452 $confighash{$key}[0] = 'off';
3453 $confighash{$key}[1] = $n2nname[0];
350f2980 3454 $confighash{$key}[2] = $n2nname[0];
ce9abb66
AH		 3455 $confighash{$key}[3] = 'net';
3456 $confighash{$key}[4] = 'cert';
3457 $confighash{$key}[6] = 'client';
3458 $confighash{$key}[8] = $n2nlocalsub[2];
350f2980
SS		 3459 $confighash{$key}[10] = $n2nremote[1];
3460 $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]";
54fd0535 3461 $confighash{$key}[22] = $n2nmgmt[2];
350f2980 3462 $confighash{$key}[23] = $mssfixactive;
d96c89eb 3463 $confighash{$key}[24] = $n2nfragment[1];
350f2980 3464 $confighash{$key}[25] = 'IPFire n2n Client';
ce9abb66 3465 $confighash{$key}[26] = 'red';
350f2980
SS		 3466 $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0";
3467 $confighash{$key}[28] = $n2nproto[0];
3468 $confighash{$key}[29] = $n2nport[1];
3469 $confighash{$key}[30] = $complzoactive;
3470 $confighash{$key}[31] = $n2ntunmtu[1];
4c962356
EK		 3471 $confighash{$key}[39] = $n2nauth[1];
3472 $confighash{$key}[40] = $n2ncipher[1];
49abe7af 3473 $confighash{$key}[41] = 'disabled';
ce9abb66
AH		 3474
3475 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
d96c89eb 3476
ce9abb66
AH		 3477 N2N_ERROR:
3478
3479 &Header::showhttpheaders();
3480 &Header::openpage('Validate imported configuration', 1, '');
3481 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
3482 if ($errormessage) {
3483 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
3484 print "<class name='base'>$errormessage";
3485 print "&nbsp;</class>";
3486 &Header::closebox();
3487
3488 } else
3489 {
3490 &Header::openbox('100%', 'LEFT', 'import ipfire net2net config');
3491 }
3492 if ($errormessage eq ''){
49abe7af 3493 print <<END;
ce9abb66
AH		 3494 <!-- ipfire net2net config gui -->
3495 <table width='100%'>
3496 <tr><td width='25%'>&nbsp;</td><td width='25%'>&nbsp;</td></tr>
3497 <tr><td class='boldbase'>$Lang::tr{'name'}:</td><td><b>$n2nname[0]</b></td></tr>
3498 <tr><td>&nbsp;</td><td>&nbsp;</td></tr>
3499 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td><td><b>$confighash{$key}[6]</b></td></tr>
3500 <tr><td class='boldbase' nowrap='nowrap'>Remote Host </td><td><b>$confighash{$key}[10]</b></td></tr>
3501 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td><td><b>$confighash{$key}[8]</b></td></tr>
4c962356 3502 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}:</td><td><b>$confighash{$key}[11]</b></td></tr>
ce9abb66
AH		 3503 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td><td><b>$confighash{$key}[27]</b></td></tr>
3504 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td><td><b>$confighash{$key}[28]</b></td></tr>
3505 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'destination port'}:</td><td><b>$confighash{$key}[29]</b></td></tr>
3506 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td><td><b>$confighash{$key}[30]</b></td></tr>
4c962356
EK		 3507 <tr><td class='boldbase' nowrap='nowrap'>MSSFIX:</td><td><b>$confighash{$key}[23]</b></td></tr>
3508 <tr><td class='boldbase' nowrap='nowrap'>Fragment:</td><td><b>$confighash{$key}[24]</b></td></tr>
ce9abb66 3509 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
54fd0535 3510 <tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr>
0c4ffc69 3511 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn tls auth'}:</td><td><b>$confighash{$key}[39]</b></td></tr>
4c962356 3512 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td><td><b>$confighash{$key}[40]</b></td></tr>
ce9abb66
AH		 3513 <tr><td>&nbsp;</td><td>&nbsp;</td></tr>
3514 </table>
3515END
3516;
3517 &Header::closebox();
3518 }
3519
3520 if ($errormessage) {
3521 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
3522 } else {
3523 print "<div align='center'><form method='post' ENCTYPE='multipart/form-data'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' />";
3524 print "<input type='hidden' name='TYPE' value='net2netakn' />";
3525 print "<input type='hidden' name='KEY' value='$key' />";
3526 print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>";
3527 }
3528 &Header::closebigbox();
3529 &Header::closepage();
4c962356 3530 exit(0);
ce9abb66
AH		 3531
3532
3533##
3534### Accept IPFire n2n Package Settings
3535###
3536
3537 } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){
3538
3539###
3540### Discard and Rollback IPFire n2n Package Settings
3541###
3542
3543 } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'cancel'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){
3544
3545 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3546
3547if ($confighash{$cgiparams{'KEY'}}) {
3548
3549 my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
3550 my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
3551 unlink ($certfile) or die "Removing $certfile fail: $!";
3552 unlink ($conffile) or die "Removing $conffile fail: $!";
3553 rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
3554 delete $confighash{$cgiparams{'KEY'}};
3555 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3556
3557 } else {
3558 $errormessage = $Lang::tr{'invalid key'};
3559 }
3560
3561
3562###
7c1d9faf 3563# m.a.d net2net
ce9abb66
AH		 3564###
3565
3566
3567###
3568### Adding a new connection
3569###
6e13d0a5
MT		 3570} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) ||
3571 ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) ||
3572 ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) {
8c877a82 3573
6e13d0a5
MT		 3574 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3575 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
3576 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3577
3578 if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
8c877a82
AM		 3579 if (! $confighash{$cgiparams{'KEY'}}[0]) {
3580 $errormessage = $Lang::tr{'invalid key'};
3581 goto VPNCONF_END;
3582 }
4c962356
EK		 3583 $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0];
3584 $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1];
3585 $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
3586 $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
3587 $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
3588 $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6];
3589 $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
3590 $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10];
8c877a82 3591 $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
4c962356
EK		 3592 $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22];
3593 $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23];
3594 $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24];
3595 $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25];
3596 $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
3597 $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27];
3598 $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28];
3599 $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29];
3600 $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30];
3601 $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31];
3602 $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32];
df9b48b7 3603 $name=$cgiparams{'CHECK1'} ;
4c962356
EK		 3604 $cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33];
3605 $cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34];
3606 $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35];
3607 $cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36];
3608 $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37];
4c962356
EK		 3609 $cgiparams{'DAUTH'} = $confighash{$cgiparams{'KEY'}}[39];
3610 $cgiparams{'DCIPHER'} = $confighash{$cgiparams{'KEY'}}[40];
49abe7af 3611 $cgiparams{'TLSAUTH'} = $confighash{$cgiparams{'KEY'}}[41];
8c877a82 3612 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
c6c9630e 3613 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
18837a6a 3614
8c877a82 3615#A.Marx CCD check iroute field and convert it to decimal
52d08bcb 3616if ($cgiparams{'TYPE'} eq 'host') {
8c877a82
AM		 3617 my @temp=();
3618 my %ccdroutehash=();
3619 my $keypoint=0;
5068ac38
AM		 3620 my $ip;
3621 my $cidr;
8c877a82
AM		 3622 if ($cgiparams{'IR'} ne ''){
3623 @temp = split("\n",$cgiparams{'IR'});
3624 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3625 #find key to use
3626 foreach my $key (keys %ccdroutehash) {
3627 if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) {
3628 $keypoint=$key;
3629 delete $ccdroutehash{$key};
3630 }else{
3631 $keypoint = &General::findhasharraykey (\%ccdroutehash);
3632 }
3633 }
3634 $ccdroutehash{$keypoint}[0]=$cgiparams{'NAME'};
3635 my $i=1;
3636 my $val=0;
3637 foreach $val (@temp){
3638 chomp($val);
3639 $val=~s/\s*$//g;
5068ac38 3640 #check if iroute exists in ccdroute or if new iroute is part of an existing one
8c877a82
AM		 3641 foreach my $key (keys %ccdroutehash) {
3642 foreach my $oldiroute ( 1 .. $#{$ccdroutehash{$key}}){
5068ac38
AM		 3643 if ($ccdroutehash{$key}[$oldiroute] eq "$val") {
3644 $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
3645 goto VPNCONF_ERROR;
3646 }
3647 my ($ip1,$cidr1) = split (/\//, $val);
82c809c7 3648 $ip1 = &General::getnetworkip($ip1,&General::iporsubtocidr($cidr1));
5068ac38
AM		 3649 my ($ip2,$cidr2) = split (/\//, $ccdroutehash{$key}[$oldiroute]);
3650 if (&General::IpInSubnet ($ip1,$ip2,$cidr2)){
3651 $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
3652 goto VPNCONF_ERROR;
3653 }
3654
8c877a82
AM		 3655 }
3656 }
5068ac38
AM		 3657 if (!&General::validipandmask($val)){
3658 $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
3659 goto VPNCONF_ERROR;
3660 }else{
3661 ($ip,$cidr) = split(/\//,$val);
3662 $ip=&General::getnetworkip($ip,&General::iporsubtocidr($cidr));
3663 $cidr=&General::iporsubtodec($cidr);
3664 $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
3665
3666 }
8c877a82
AM		 3667
3668 #check for existing network IP's
52d08bcb
AM		 3669 if (&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0')
3670 {
3671 $errormessage=$Lang::tr{'ccd err green'};
3672 goto VPNCONF_ERROR;
3673 }elsif(&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0')
3674 {
3675 $errormessage=$Lang::tr{'ccd err red'};
3676 goto VPNCONF_ERROR;
3677 }elsif(&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '')
3678 {
3679 $errormessage=$Lang::tr{'ccd err blue'};
3680 goto VPNCONF_ERROR;
3681 }elsif(&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' )
3682 {
3683 $errormessage=$Lang::tr{'ccd err orange'};
8c877a82
AM		 3684 goto VPNCONF_ERROR;
3685 }
52d08bcb 3686
8c877a82
AM		 3687 if (&General::validipandmask($val)){
3688 $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
3689 }else{
3690 $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($ip/$cidr)";
3691 goto VPNCONF_ERROR;
3692 }
3693 $i++;
3694 }
3695 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3696 &writeserverconf;
3697 }else{
3698 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3699 foreach my $key (keys %ccdroutehash) {
3700 if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) {
3701 delete $ccdroutehash{$key};
3702 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3703 &writeserverconf;
3704 }
3705 }
3706 }
3707 undef @temp;
3708 #check route field and convert it to decimal
8c877a82
AM		 3709 my $val=0;
3710 my $i=1;
8c877a82 3711 &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
52d08bcb
AM		 3712 #find key to use
3713 foreach my $key (keys %ccdroute2hash) {
3714 if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) {
3715 $keypoint=$key;
3716 delete $ccdroute2hash{$key};
3717 }else{
3718 $keypoint = &General::findhasharraykey (\%ccdroute2hash);
3719 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3720 &writeserverconf;
8c877a82 3721 }
52d08bcb
AM		 3722 }
3723 $ccdroute2hash{$keypoint}[0]=$cgiparams{'NAME'};
3724 if ($cgiparams{'IFROUTE'} eq ''){$cgiparams{'IFROUTE'} = $Lang::tr{'ccd none'};}
3725 @temp = split(/\|/,$cgiparams{'IFROUTE'});
3726 my %ownnet=();
3727 &General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
3728 foreach $val (@temp){
3729 chomp($val);
3730 $val=~s/\s*$//g;
3731 if ($val eq $Lang::tr{'green'})
3732 {
3733 $val=$ownnet{GREEN_NETADDRESS}."/".$ownnet{GREEN_NETMASK};
3734 }
3735 if ($val eq $Lang::tr{'blue'})
3736 {
3737 $val=$ownnet{BLUE_NETADDRESS}."/".$ownnet{BLUE_NETMASK};
3738 }
3739 if ($val eq $Lang::tr{'orange'})
3740 {
3741 $val=$ownnet{ORANGE_NETADDRESS}."/".$ownnet{ORANGE_NETMASK};
3742 }
3743 my ($ip,$cidr) = split (/\//, $val);
3744
3745 if ($val ne $Lang::tr{'ccd none'})
3746 {
8c877a82
AM		 3747 if (! &check_routes_push($val)){$errormessage=$errormessage."Route $val ".$Lang::tr{'ccd err routeovpn2'}." ($val)";goto VPNCONF_ERROR;}
3748 if (! &check_ccdroute($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err inuse'}." ($val)" ;goto VPNCONF_ERROR;}
3749 if (! &check_ccdconf($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err routeovpn'}." ($val)";goto VPNCONF_ERROR;}
3750 if (&General::validipandmask($val)){
3751 $val=$ip."/".&General::iporsubtodec($cidr);
3752 $ccdroute2hash{$keypoint}[$i] = $val;
3753 }else{
3754 $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
3755 goto VPNCONF_ERROR;
3756 }
52d08bcb
AM		 3757 }else{
3758 $ccdroute2hash{$keypoint}[$i]='';
3759 }
3760 $i++;
3761 }
3762 &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
3763
8c877a82
AM		 3764 #check dns1 ip
3765 if ($cgiparams{'CCD_DNS1'} ne '' && ! &General::validip($cgiparams{'CCD_DNS1'})) {
3766 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 1";
3767 goto VPNCONF_ERROR;
3768 }
3769 #check dns2 ip
3770 if ($cgiparams{'CCD_DNS2'} ne '' && ! &General::validip($cgiparams{'CCD_DNS2'})) {
3771 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 2";
3772 goto VPNCONF_ERROR;
3773 }
3774 #check wins ip
3775 if ($cgiparams{'CCD_WINS'} ne '' && ! &General::validip($cgiparams{'CCD_WINS'})) {
3776 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp wins'};
3777 goto VPNCONF_ERROR;
3778 }
52d08bcb 3779}
8c877a82
AM		 3780
3781#CCD End
52d08bcb 3782
8c877a82 3783
73735ad9
EK		 3784 if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
3785 $errormessage = $Lang::tr{'connection type is invalid'};
3786 if ($cgiparams{'TYPE'} eq 'net') {
3787 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3788 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3789 goto VPNCONF_ERROR;
3790 }
3791 goto VPNCONF_ERROR;
c6c9630e
MT		 3792 }
3793
c6c9630e 3794 if ($cgiparams{'NAME'} !~ /^[a-zA-Z0-9]+$/) {
73735ad9
EK		 3795 $errormessage = $Lang::tr{'name must only contain characters'};
3796 if ($cgiparams{'TYPE'} eq 'net') {
3797 goto VPNCONF_ERROR;
3798 }
3799 goto VPNCONF_ERROR;
3800 }
c6c9630e
MT		 3801
3802 if ($cgiparams{'NAME'} =~ /^(host|01|block|private|clear|packetdefault)$/) {
73735ad9
EK		 3803 $errormessage = $Lang::tr{'name is invalid'};
3804 if ($cgiparams{'TYPE'} eq 'net') {
3805 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3806 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3807 goto VPNCONF_ERROR;
3808 }
3809 goto VPNCONF_ERROR;
c6c9630e
MT		 3810 }
3811
3812 if (length($cgiparams{'NAME'}) >60) {
73735ad9
EK		 3813 $errormessage = $Lang::tr{'name too long'};
3814 if ($cgiparams{'TYPE'} eq 'net') {
3815 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3816 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3817 goto VPNCONF_ERROR;
3818 }
3819 goto VPNCONF_ERROR;
c6c9630e
MT		 3820 }
3821
d96c89eb 3822###
7c1d9faf 3823# m.a.d net2net
d96c89eb
AH		 3824###
3825
7c1d9faf 3826if ($cgiparams{'TYPE'} eq 'net') {
ab4cf06c 3827 if ($cgiparams{'DEST_PORT'} eq $vpnsettings{'DDEST_PORT'}) {
cd0c0a0d 3828 $errormessage = $Lang::tr{'openvpn destination port used'};
b278daf3
AH		 3829 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3830 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3831 goto VPNCONF_ERROR;
d96c89eb 3832 }
ab4cf06c
AM		 3833 #Bugfix 10357
3834 foreach my $key (sort keys %confighash){
3835 if ( ($confighash{$key}[22] eq $cgiparams{'DEST_PORT'} && $cgiparams{'NAME'} ne $confighash{$key}[1]) || ($confighash{$key}[29] eq $cgiparams{'DEST_PORT'} && $cgiparams{'NAME'} ne $confighash{$key}[1])){
54fd0535
MT		 3836 $errormessage = $Lang::tr{'openvpn destination port used'};
3837 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3838 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
ab4cf06c
AM		 3839 goto VPNCONF_ERROR;
3840 }
3841 }
3842 if ($cgiparams{'DEST_PORT'} eq '') {
3843 $errormessage = $Lang::tr{'invalid port'};
3844 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3845 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
54fd0535
MT		 3846 goto VPNCONF_ERROR;
3847 }
d96c89eb 3848
f48074ba
SS		 3849 # Check if the input for the transfer net is valid.
3850 if (!&General::validipandmask($cgiparams{'OVPN_SUBNET'})){
3851 $errormessage = $Lang::tr{'ccd err invalidnet'};
3852 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3853 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3854 goto VPNCONF_ERROR;
3855 }
3856
d96c89eb 3857 if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) {
cd0c0a0d 3858 $errormessage = $Lang::tr{'openvpn subnet is used'};
b278daf3
AH		 3859 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3860 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
d96c89eb
AH		 3861 goto VPNCONF_ERROR;
3862 }
3863
3864 if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'MSSFIX'} eq 'on')) {
cd0c0a0d 3865 $errormessage = $Lang::tr{'openvpn mssfix allowed with udp'};
b278daf3
AH		 3866 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3867 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
d96c89eb
AH		 3868 goto VPNCONF_ERROR;
3869 }
3870
3871 if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'FRAGMENT'} ne '')) {
cd0c0a0d 3872 $errormessage = $Lang::tr{'openvpn fragment allowed with udp'};
b278daf3
AH		 3873 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3874 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
d96c89eb
AH		 3875 goto VPNCONF_ERROR;
3876 }
d96c89eb 3877
7c1d9faf 3878 if ( &validdotmask ($cgiparams{'LOCAL_SUBNET'})) {
cd0c0a0d 3879 $errormessage = $Lang::tr{'openvpn prefix local subnet'};
b278daf3
AH		 3880 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3881 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3882 goto VPNCONF_ERROR;
7c1d9faf
AH		 3883 }
3884
3885 if ( &validdotmask ($cgiparams{'OVPN_SUBNET'})) {
cd0c0a0d 3886 $errormessage = $Lang::tr{'openvpn prefix openvpn subnet'};
b278daf3
AH		 3887 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3888 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3889 goto VPNCONF_ERROR;
7c1d9faf
AH		 3890 }
3891
3892 if ( &validdotmask ($cgiparams{'REMOTE_SUBNET'})) {
cd0c0a0d 3893 $errormessage = $Lang::tr{'openvpn prefix remote subnet'};
b278daf3
AH		 3894 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3895 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3896 goto VPNCONF_ERROR;
8c252e6a
EK		 3897 }
3898
3899 if ($cgiparams{'DEST_PORT'} <= 1023) {
3900 $errormessage = $Lang::tr{'ovpn port in root range'};
3901 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3902 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3903 goto VPNCONF_ERROR;
3904 }
54fd0535 3905
4c962356 3906 if ($cgiparams{'OVPN_MGMT'} eq '') {
8c252e6a
EK		 3907 $cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'};
3908 }
3909
3910 if ($cgiparams{'OVPN_MGMT'} <= 1023) {
3911 $errormessage = $Lang::tr{'ovpn mgmt in root range'};
3912 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3913 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3914 goto VPNCONF_ERROR;
b2e75449
MT		 3915 }
3916 #Check if remote subnet is used elsewhere
3917 my ($n2nip,$n2nsub)=split("/",$cgiparams{'REMOTE_SUBNET'});
3918 $warnmessage=&General::checksubnets('',$n2nip,'ovpn');
3919 if ($warnmessage){
3920 $warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage;
3921 }
7c1d9faf 3922}
d96c89eb 3923
ce9abb66
AH		 3924# if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
3925# $errormessage = $Lang::tr{'ipfire side is invalid'};
3926# goto VPNCONF_ERROR;
3927# }
3928
c6c9630e
MT		 3929 # Check if there is no other entry with this name
3930 if (! $cgiparams{'KEY'}) {
3931 foreach my $key (keys %confighash) {
3932 if ($confighash{$key}[1] eq $cgiparams{'NAME'}) {
3933 $errormessage = $Lang::tr{'a connection with this name already exists'};
b278daf3
AH		 3934 if ($cgiparams{'TYPE'} eq 'net') {
3935 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3936 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3937 }
c6c9630e 3938 goto VPNCONF_ERROR;
6e13d0a5 3939 }
c6c9630e
MT		 3940 }
3941 }
3942
c125d8a2 3943 # Check if a remote host/IP has been set for the client.
86228a56
MT		 3944 if ($cgiparams{'TYPE'} eq 'net') {
3945 if ($cgiparams{'SIDE'} ne 'server' && $cgiparams{'REMOTE'} eq '') {
3946 $errormessage = $Lang::tr{'invalid input for remote host/ip'};
c125d8a2 3947
86228a56
MT		 3948 # Check if this is a N2N connection and drop temporary config.
3949 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3950 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
ce9abb66 3951
86228a56
MT		 3952 goto VPNCONF_ERROR;
3953 }
c125d8a2 3954
86228a56
MT		 3955 # Check if a remote host/IP has been configured - the field can be empty on the server side.
3956 if ($cgiparams{'REMOTE'} ne '') {
3957 # Check if the given IP is valid - otherwise check if it is a valid domain.
3958 if (! &General::validip($cgiparams{'REMOTE'})) {
3959 # Check for a valid domain.
3960 if (! &General::validfqdn ($cgiparams{'REMOTE'})) {
3961 $errormessage = $Lang::tr{'invalid input for remote host/ip'};
c125d8a2 3962
86228a56
MT		 3963 # Check if this is a N2N connection and drop temporary config.
3964 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3965 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
c125d8a2 3966
86228a56
MT		 3967 goto VPNCONF_ERROR;
3968 }
3969 }
6e13d0a5 3970 }
c6c9630e 3971 }
c125d8a2 3972
c6c9630e
MT		 3973 if ($cgiparams{'TYPE'} ne 'host') {
3974 unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) {
3975 $errormessage = $Lang::tr{'local subnet is invalid'};
b278daf3
AH		 3976 if ($cgiparams{'TYPE'} eq 'net') {
3977 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3978 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3979 }
c6c9630e
MT		 3980 goto VPNCONF_ERROR;}
3981 }
3982 # Check if there is no other entry without IP-address and PSK
3983 if ($cgiparams{'REMOTE'} eq '') {
3984 foreach my $key (keys %confighash) {
3985 if(($cgiparams{'KEY'} ne $key) &&
3986 ($confighash{$key}[4] eq 'psk' || $cgiparams{'AUTH'} eq 'psk') &&
3987 $confighash{$key}[10] eq '') {
3988 $errormessage = $Lang::tr{'you can only define one roadwarrior connection when using pre-shared key authentication'};
3989 goto VPNCONF_ERROR;
6e13d0a5 3990 }
c6c9630e
MT		 3991 }
3992 }
ce9abb66
AH		 3993 if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) {
3994 $errormessage = $Lang::tr{'remote subnet is invalid'};
b278daf3
AH		 3995 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3996 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3997 goto VPNCONF_ERROR;
ce9abb66 3998 }
c6c9630e 3999
425465ed
EK		 4000 # Check for N2N that OpenSSL maximum of valid days will not be exceeded
4001 if ($cgiparams{'TYPE'} eq 'net') {
4002 if ($cgiparams{'DAYS_VALID'} >= '999999') {
4003 $errormessage = $Lang::tr{'invalid input for valid till days'};
4004 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
4005 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
4006 goto VPNCONF_ERROR;
4007 }
4008 }
4009
c6c9630e
MT		 4010 if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
4011 $errormessage = $Lang::tr{'invalid input'};
4012 goto VPNCONF_ERROR;
4013 }
4014 if ($cgiparams{'EDIT_ADVANCED'} !~ /^(on|off)$/) {
4015 $errormessage = $Lang::tr{'invalid input'};
4016 goto VPNCONF_ERROR;
4017 }
4018
4019#fixplausi
4020 if ($cgiparams{'AUTH'} eq 'psk') {
4021# if (! length($cgiparams{'PSK'}) ) {
4022# $errormessage = $Lang::tr{'pre-shared key is too short'};
4023# goto VPNCONF_ERROR;
4024# }
4025# if ($cgiparams{'PSK'} =~ /['",&]/) {
4026# $errormessage = $Lang::tr{'invalid characters found in pre-shared key'};
4027# goto VPNCONF_ERROR;
4028# }
4029 } elsif ($cgiparams{'AUTH'} eq 'certreq') {
4030 if ($cgiparams{'KEY'}) {
4031 $errormessage = $Lang::tr{'cant change certificates'};
4032 goto VPNCONF_ERROR;
4033 }
2ad1b18b 4034 unless (ref ($cgiparams{'FH'})) {
c6c9630e
MT		 4035 $errormessage = $Lang::tr{'there was no file upload'};
4036 goto VPNCONF_ERROR;
4037 }
4038
4039 # Move uploaded certificate request to a temporary file
4040 (my $fh, my $filename) = tempfile( );
4041 if (copy ($cgiparams{'FH'}, $fh) != 1) {
4042 $errormessage = $!;
4043 goto VPNCONF_ERROR;
4044 }
6e13d0a5 4045
c6c9630e
MT		 4046 # Sign the certificate request and move it
4047 # Sign the host certificate request
f6e12093 4048 system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
c6c9630e
MT		 4049 '-batch', '-notext',
4050 '-in', $filename,
4051 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
4052 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf");
4053 if ($?) {
4054 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
4055 unlink ($filename);
4056 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4057 &newcleanssldatabase();
4058 goto VPNCONF_ERROR;
4059 } else {
4060 unlink ($filename);
4061 &deletebackupcert();
4062 }
4063
4064 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
87ea30ff 4065 $temp =~ /Subject:.*CN\s?=\s?(.*)[\n]/;
c6c9630e
MT		 4066 $temp = $1;
4067 $temp =~ s+/Email+, E+;
4068 $temp =~ s/ ST=/ S=/;
4069 $cgiparams{'CERT_NAME'} = $temp;
4070 $cgiparams{'CERT_NAME'} =~ s/,//g;
4071 $cgiparams{'CERT_NAME'} =~ s/\'//g;
4072 if ($cgiparams{'CERT_NAME'} eq '') {
4073 $errormessage = $Lang::tr{'could not retrieve common name from certificate'};
4074 goto VPNCONF_ERROR;
4075 }
4076 } elsif ($cgiparams{'AUTH'} eq 'certfile') {
4077 if ($cgiparams{'KEY'}) {
4078 $errormessage = $Lang::tr{'cant change certificates'};
4079 goto VPNCONF_ERROR;
4080 }
2ad1b18b 4081 unless (ref ($cgiparams{'FH'})) {
c6c9630e
MT		 4082 $errormessage = $Lang::tr{'there was no file upload'};
4083 goto VPNCONF_ERROR;
4084 }
4085 # Move uploaded certificate to a temporary file
4086 (my $fh, my $filename) = tempfile( );
4087 if (copy ($cgiparams{'FH'}, $fh) != 1) {
4088 $errormessage = $!;
4089 goto VPNCONF_ERROR;
4090 }
4091
4092 # Verify the certificate has a valid CA and move it
4093 my $validca = 0;
4094 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/cacert.pem $filename`;
4095 if ($test =~ /: OK/) {
4096 $validca = 1;
4097 } else {
4098 foreach my $key (keys %cahash) {
4099 $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem $filename`;
4100 if ($test =~ /: OK/) {
4101 $validca = 1;
4102 }
6e13d0a5 4103 }
c6c9630e
MT		 4104 }
4105 if (! $validca) {
4106 $errormessage = $Lang::tr{'certificate does not have a valid ca associated with it'};
4107 unlink ($filename);
4108 goto VPNCONF_ERROR;
4109 } else {
4110 move($filename, "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4111 if ($? ne 0) {
4112 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
4113 unlink ($filename);
4114 goto VPNCONF_ERROR;
6e13d0a5 4115 }
c6c9630e
MT		 4116 }
4117
4118 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
87ea30ff 4119 $temp =~ /Subject:.*CN\s?=\s?(.*)[\n]/;
c6c9630e
MT		 4120 $temp = $1;
4121 $temp =~ s+/Email+, E+;
4122 $temp =~ s/ ST=/ S=/;
4123 $cgiparams{'CERT_NAME'} = $temp;
4124 $cgiparams{'CERT_NAME'} =~ s/,//g;
4125 $cgiparams{'CERT_NAME'} =~ s/\'//g;
4126 if ($cgiparams{'CERT_NAME'} eq '') {
4127 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4128 $errormessage = $Lang::tr{'could not retrieve common name from certificate'};
4129 goto VPNCONF_ERROR;
4130 }
4131 } elsif ($cgiparams{'AUTH'} eq 'certgen') {
4132 if ($cgiparams{'KEY'}) {
4133 $errormessage = $Lang::tr{'cant change certificates'};
4134 goto VPNCONF_ERROR;
4135 }
4136 # Validate input since the form was submitted
4137 if (length($cgiparams{'CERT_NAME'}) >60) {
4138 $errormessage = $Lang::tr{'name too long'};
4139 goto VPNCONF_ERROR;
4140 }
194314b2 4141 if ($cgiparams{'CERT_NAME'} eq '' || $cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
c6c9630e
MT		 4142 $errormessage = $Lang::tr{'invalid input for name'};
4143 goto VPNCONF_ERROR;
4144 }
4145 if ($cgiparams{'CERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'CERT_EMAIL'}))) {
4146 $errormessage = $Lang::tr{'invalid input for e-mail address'};
4147 goto VPNCONF_ERROR;
4148 }
4149 if (length($cgiparams{'CERT_EMAIL'}) > 40) {
4150 $errormessage = $Lang::tr{'e-mail address too long'};
4151 goto VPNCONF_ERROR;
4152 }
4153 if ($cgiparams{'CERT_OU'} ne '' && $cgiparams{'CERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
4154 $errormessage = $Lang::tr{'invalid input for department'};
4155 goto VPNCONF_ERROR;
4156 }
4157 if (length($cgiparams{'CERT_ORGANIZATION'}) >60) {
4158 $errormessage = $Lang::tr{'organization too long'};
4159 goto VPNCONF_ERROR;
4160 }
4161 if ($cgiparams{'CERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
4162 $errormessage = $Lang::tr{'invalid input for organization'};
4163 goto VPNCONF_ERROR;
4164 }
4165 if ($cgiparams{'CERT_CITY'} ne '' && $cgiparams{'CERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
4166 $errormessage = $Lang::tr{'invalid input for city'};
4167 goto VPNCONF_ERROR;
4168 }
4169 if ($cgiparams{'CERT_STATE'} ne '' && $cgiparams{'CERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
4170 $errormessage = $Lang::tr{'invalid input for state or province'};
4171 goto VPNCONF_ERROR;
4172 }
4173 if ($cgiparams{'CERT_COUNTRY'} !~ /^[A-Z]*$/) {
4174 $errormessage = $Lang::tr{'invalid input for country'};
4175 goto VPNCONF_ERROR;
4176 }
4177 if ($cgiparams{'CERT_PASS1'} ne '' && $cgiparams{'CERT_PASS2'} ne ''){
4178 if (length($cgiparams{'CERT_PASS1'}) < 5) {
4179 $errormessage = $Lang::tr{'password too short'};
4180 goto VPNCONF_ERROR;
6e13d0a5 4181 }
c6c9630e
MT		 4182 }
4183 if ($cgiparams{'CERT_PASS1'} ne $cgiparams{'CERT_PASS2'}) {
4184 $errormessage = $Lang::tr{'passwords do not match'};
4185 goto VPNCONF_ERROR;
4186 }
425465ed 4187 if ($cgiparams{'DAYS_VALID'} eq '' && $cgiparams{'DAYS_VALID'} !~ /^[0-9]+$/) {
f4fbb935
EK		 4188 $errormessage = $Lang::tr{'invalid input for valid till days'};
4189 goto VPNCONF_ERROR;
4190 }
c6c9630e 4191
425465ed
EK		 4192 # Check for RW that OpenSSL maximum of valid days will not be exceeded
4193 if ($cgiparams{'TYPE'} eq 'host') {
4194 if ($cgiparams{'DAYS_VALID'} >= '999999') {
4195 $errormessage = $Lang::tr{'invalid input for valid till days'};
4196 goto VPNCONF_ERROR;
4197 }
4198 }
4199
beac479f
EK		 4200 # Check for RW if client name is already set
4201 if ($cgiparams{'TYPE'} eq 'host') {
4202 foreach my $key (keys %confighash) {
4203 if ($confighash{$key}[1] eq $cgiparams{'NAME'}) {
4204 $errormessage = $Lang::tr{'a connection with this name already exists'};
4205 goto VPNCONF_ERROR;
4206 }
4207 }
4208 }
4209
c6c9630e
MT		 4210 # Replace empty strings with a .
4211 (my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./;
4212 (my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./;
4213 (my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/\./;
4214
4215 # Create the Host certificate request client
4216 my $pid = open(OPENSSL, "|-");
4217 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto VPNCONF_ERROR;};
4218 if ($pid) { # parent
4219 print OPENSSL "$cgiparams{'CERT_COUNTRY'}\n";
4220 print OPENSSL "$state\n";
4221 print OPENSSL "$city\n";
4222 print OPENSSL "$cgiparams{'CERT_ORGANIZATION'}\n";
4223 print OPENSSL "$ou\n";
4224 print OPENSSL "$cgiparams{'CERT_NAME'}\n";
4225 print OPENSSL "$cgiparams{'CERT_EMAIL'}\n";
4226 print OPENSSL ".\n";
4227 print OPENSSL ".\n";
4228 close (OPENSSL);
4229 if ($?) {
4230 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
4231 unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}key.pem");
4232 unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}req.pem");
4233 goto VPNCONF_ERROR;
6e13d0a5 4234 }
c6c9630e 4235 } else { # child
badd8c1c 4236 unless (exec ('/usr/bin/openssl', 'req', '-nodes',
4c962356 4237 '-newkey', 'rsa:2048',
c6c9630e
MT		 4238 '-keyout', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
4239 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
4240 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
4241 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
4242 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
4243 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
4244 goto VPNCONF_ERROR;
6e13d0a5 4245 }
c6c9630e
MT		 4246 }
4247
4248 # Sign the host certificate request
f6e12093 4249 system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
c6c9630e
MT		 4250 '-batch', '-notext',
4251 '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
4252 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
4253 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf");
4254 if ($?) {
4255 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
4256 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
4257 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
4258 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4259 &newcleanssldatabase();
4260 goto VPNCONF_ERROR;
4261 } else {
4262 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
4263 &deletebackupcert();
4264 }
4265
4266 # Create the pkcs12 file
4267 system('/usr/bin/openssl', 'pkcs12', '-export',
4268 '-inkey', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
4269 '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
4270 '-name', $cgiparams{'NAME'},
4271 '-passout', "pass:$cgiparams{'CERT_PASS1'}",
4272 '-certfile', "${General::swroot}/ovpn/ca/cacert.pem",
4273 '-caname', "$vpnsettings{'ROOTCERT_ORGANIZATION'} CA",
4274 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12");
4275 if ($?) {
4276 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
4277 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
4278 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4279 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12");
4280 goto VPNCONF_ERROR;
4281 } else {
4282 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
4283 }
4284 } elsif ($cgiparams{'AUTH'} eq 'cert') {
4285 ;# Nothing, just editing
4286 } else {
4287 $errormessage = $Lang::tr{'invalid input for authentication method'};
4288 goto VPNCONF_ERROR;
4289 }
4290
4291 # Check if there is no other entry with this common name
4292 if ((! $cgiparams{'KEY'}) && ($cgiparams{'AUTH'} ne 'psk')) {
4293 foreach my $key (keys %confighash) {
4294 if ($confighash{$key}[2] eq $cgiparams{'CERT_NAME'}) {
4295 $errormessage = $Lang::tr{'a connection with this common name already exists'};
4296 goto VPNCONF_ERROR;
6e13d0a5 4297 }
c6c9630e
MT		 4298 }
4299 }
4300
ab4cf06c 4301 # Save the config
c6c9630e 4302 my $key = $cgiparams{'KEY'};
8c877a82 4303
c6c9630e
MT		 4304 if (! $key) {
4305 $key = &General::findhasharraykey (\%confighash);
49abe7af 4306 foreach my $i (0 .. 43) { $confighash{$key}[$i] = "";}
c6c9630e 4307 }
8c877a82
AM		 4308 $confighash{$key}[0] = $cgiparams{'ENABLED'};
4309 $confighash{$key}[1] = $cgiparams{'NAME'};
c6c9630e 4310 if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') {
8c877a82 4311 $confighash{$key}[2] = $cgiparams{'CERT_NAME'};
c6c9630e 4312 }
8c877a82
AM		 4313
4314 $confighash{$key}[3] = $cgiparams{'TYPE'};
c6c9630e 4315 if ($cgiparams{'AUTH'} eq 'psk') {
8c877a82
AM		 4316 $confighash{$key}[4] = 'psk';
4317 $confighash{$key}[5] = $cgiparams{'PSK'};
c6c9630e 4318 } else {
8c877a82 4319 $confighash{$key}[4] = 'cert';
c6c9630e 4320 }
ce9abb66 4321 if ($cgiparams{'TYPE'} eq 'net') {
8c877a82
AM		 4322 $confighash{$key}[6] = $cgiparams{'SIDE'};
4323 $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
ce9abb66 4324 }
4c962356 4325 $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
8c877a82 4326 $confighash{$key}[10] = $cgiparams{'REMOTE'};
4c962356 4327 if ($cgiparams{'OVPN_MGMT'} eq '') {
8c877a82 4328 $confighash{$key}[22] = $confighash{$key}[29];
4c962356 4329 } else {
8c877a82 4330 $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'};
4c962356 4331 }
8c877a82
AM		 4332 $confighash{$key}[23] = $cgiparams{'MSSFIX'};
4333 $confighash{$key}[24] = $cgiparams{'FRAGMENT'};
4334 $confighash{$key}[25] = $cgiparams{'REMARK'};
4335 $confighash{$key}[26] = $cgiparams{'INTERFACE'};
c6c9630e 4336# new fields
8c877a82
AM		 4337 $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'};
4338 $confighash{$key}[28] = $cgiparams{'PROTOCOL'};
4339 $confighash{$key}[29] = $cgiparams{'DEST_PORT'};
4340 $confighash{$key}[30] = $cgiparams{'COMPLZO'};
4341 $confighash{$key}[31] = $cgiparams{'MTU'};
4342 $confighash{$key}[32] = $cgiparams{'CHECK1'};
df9b48b7 4343 $name=$cgiparams{'CHECK1'};
8c877a82
AM		 4344 $confighash{$key}[33] = $cgiparams{$name};
4345 $confighash{$key}[34] = $cgiparams{'RG'};
4346 $confighash{$key}[35] = $cgiparams{'CCD_DNS1'};
4347 $confighash{$key}[36] = $cgiparams{'CCD_DNS2'};
4348 $confighash{$key}[37] = $cgiparams{'CCD_WINS'};
4c962356
EK		 4349 $confighash{$key}[39] = $cgiparams{'DAUTH'};
4350 $confighash{$key}[40] = $cgiparams{'DCIPHER'};
350f2980 4351
71af643c
MT		 4352 if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) {
4353 $confighash{$key}[41] = "no-pass";
4354 }
4355
c6c9630e 4356 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
8c877a82
AM		 4357
4358 if ($cgiparams{'CHECK1'} ){
4359
4360 my ($ccdip,$ccdsub)=split "/",$cgiparams{$name};
4361 my ($a,$b,$c,$d) = split (/\./,$ccdip);
df9b48b7
AM		 4362 if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){
4363 unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";
4364 }
8c877a82 4365 open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!";
82c809c7 4366 print CCDRWCONF "# OpenVPN clientconfig from ccd extension by Copymaster#\n\n";
8c877a82
AM		 4367 if($cgiparams{'CHECK1'} eq 'dynamic'){
4368 print CCDRWCONF "#This client uses the dynamic pool\n";
4369 }else{
82c809c7 4370 print CCDRWCONF "#Ip address client and server\n";
8c877a82
AM		 4371 print CCDRWCONF "ifconfig-push $ccdip ".&General::getlastip($ccdip,1)."\n";
4372 }
4373 if ($confighash{$key}[34] eq 'on'){
4374 print CCDRWCONF "\n#Redirect Gateway: \n#All IP traffic is redirected through the vpn \n";
4375 print CCDRWCONF "push redirect-gateway\n";
4376 }
52d08bcb 4377 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
8c877a82 4378 if ($cgiparams{'IR'} ne ''){
82c809c7 4379 print CCDRWCONF "\n#Client routes these networks (behind Client)\n";
8c877a82
AM		 4380 foreach my $key (keys %ccdroutehash){
4381 if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}){
4382 foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
4383 my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]);
4384 print CCDRWCONF "iroute $a $b\n";
4385 }
4386 }
4387 }
4388 }
52d08bcb 4389 if ($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} ){$cgiparams{'IFROUTE'}='';}
8c877a82 4390 if ($cgiparams{'IFROUTE'} ne ''){
82c809c7 4391 print CCDRWCONF "\n#Client gets routes to these networks (behind IPFire)\n";
8c877a82
AM		 4392 foreach my $key (keys %ccdroute2hash){
4393 if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
4394 foreach my $i ( 1 .. $#{$ccdroute2hash{$key}}){
4395 if($ccdroute2hash{$key}[$i] eq $Lang::tr{'blue'}){
4396 my %blue=();
4397 &General::readhash("${General::swroot}/ethernet/settings", \%blue);
52d08bcb 4398 print CCDRWCONF "push \"route $blue{BLUE_ADDRESS} $blue{BLUE_NETMASK}\n";
8c877a82
AM		 4399 }elsif($ccdroute2hash{$key}[$i] eq $Lang::tr{'orange'}){
4400 my %orange=();
4401 &General::readhash("${General::swroot}/ethernet/settings", \%orange);
4402 print CCDRWCONF "push \"route $orange{ORANGE_ADDRESS} $orange{ORANGE_NETMASK}\n";
4403 }else{
4404 my ($a,$b)=split (/\//,$ccdroute2hash{$key}[$i]);
4405 print CCDRWCONF "push \"route $a $b\"\n";
4406 }
4407 }
4408 }
4409 }
4410 }
4411 if(($cgiparams{'CCD_DNS1'} eq '') && ($cgiparams{'CCD_DNS1'} ne '')){ $cgiparams{'CCD_DNS1'} = $cgiparams{'CCD_DNS2'};$cgiparams{'CCD_DNS2'}='';}
4412 if($cgiparams{'CCD_DNS1'} ne ''){
82c809c7 4413 print CCDRWCONF "\n#Client gets these nameservers\n";
8c877a82
AM		 4414 print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS1'}\" \n";
4415 }
4416 if($cgiparams{'CCD_DNS2'} ne ''){
4417 print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS2'}\" \n";
4418 }
4419 if($cgiparams{'CCD_WINS'} ne ''){
4420 print CCDRWCONF "\n#Client gets this WINS server\n";
4421 print CCDRWCONF "push \"dhcp-option WINS $cgiparams{'CCD_WINS'}\" \n";
4422 }
4423 close CCDRWCONF;
4424 }
18837a6a
AH		 4425
4426###
4427# m.a.d n2n begin
4428###
4429
4430 if ($cgiparams{'TYPE'} eq 'net') {
4431
4432 if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
4433 system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
4434
4435 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
4436 my $key = $cgiparams{'KEY'};
4437 if (! $key) {
4438 $key = &General::findhasharraykey (\%confighash);
4439 foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
4440 }
4441 $confighash{$key}[0] = 'on';
4442 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
4443
4444 system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
4445 }
4446 }
4447
4448###
4449# m.a.d n2n end
4450###
4451
c6c9630e
MT		 4452 if ($cgiparams{'EDIT_ADVANCED'} eq 'on') {
4453 $cgiparams{'KEY'} = $key;
4454 $cgiparams{'ACTION'} = $Lang::tr{'advanced'};
4455 }
4456 goto VPNCONF_END;
6e13d0a5 4457 } else {
c6c9630e 4458 $cgiparams{'ENABLED'} = 'on';
54fd0535
MT		 4459###
4460# m.a.d n2n begin
4461###
4462 $cgiparams{'MSSFIX'} = 'on';
4463 $cgiparams{'FRAGMENT'} = '1300';
70900745 4464 $cgiparams{'DAUTH'} = 'SHA512';
54fd0535
MT		 4465###
4466# m.a.d n2n end
4467###
4c962356 4468 $cgiparams{'SIDE'} = 'left';
c6c9630e
MT		 4469 if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) {
4470 $cgiparams{'AUTH'} = 'psk';
4471 } elsif ( ! -f "${General::swroot}/ovpn/ca/cacert.pem") {
4472 $cgiparams{'AUTH'} = 'certfile';
4473 } else {
6e13d0a5 4474 $cgiparams{'AUTH'} = 'certgen';
c6c9630e
MT		 4475 }
4476 $cgiparams{'LOCAL_SUBNET'} ="$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
4477 $cgiparams{'CERT_ORGANIZATION'} = $vpnsettings{'ROOTCERT_ORGANIZATION'};
4478 $cgiparams{'CERT_CITY'} = $vpnsettings{'ROOTCERT_CITY'};
4479 $cgiparams{'CERT_STATE'} = $vpnsettings{'ROOTCERT_STATE'};
4480 $cgiparams{'CERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'};
c0a7c9b2 4481 $cgiparams{'DAYS_VALID'} = $vpnsettings{'DAYS_VALID'} = '730';
6e13d0a5 4482 }
c6c9630e 4483
6e13d0a5 4484 VPNCONF_ERROR:
6e13d0a5
MT		 4485 $checked{'ENABLED'}{'off'} = '';
4486 $checked{'ENABLED'}{'on'} = '';
4487 $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
4488 $checked{'ENABLED_BLUE'}{'off'} = '';
4489 $checked{'ENABLED_BLUE'}{'on'} = '';
4490 $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED';
4491 $checked{'ENABLED_ORANGE'}{'off'} = '';
4492 $checked{'ENABLED_ORANGE'}{'on'} = '';
4493 $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
c6c9630e
MT		 4494
4495
6e13d0a5
MT		 4496 $checked{'EDIT_ADVANCED'}{'off'} = '';
4497 $checked{'EDIT_ADVANCED'}{'on'} = '';
4498 $checked{'EDIT_ADVANCED'}{$cgiparams{'EDIT_ADVANCED'}} = 'CHECKED';
c6c9630e 4499
6e13d0a5
MT		 4500 $selected{'SIDE'}{'server'} = '';
4501 $selected{'SIDE'}{'client'} = '';
4502 $selected{'SIDE'}{$cgiparams{'SIDE'}} = 'SELECTED';
d96c89eb
AH		 4503
4504 $selected{'PROTOCOL'}{'udp'} = '';
4505 $selected{'PROTOCOL'}{'tcp'} = '';
4506 $selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = 'SELECTED';
4507
c6c9630e 4508
6e13d0a5
MT		 4509 $checked{'AUTH'}{'psk'} = '';
4510 $checked{'AUTH'}{'certreq'} = '';
4511 $checked{'AUTH'}{'certgen'} = '';
4512 $checked{'AUTH'}{'certfile'} = '';
4513 $checked{'AUTH'}{$cgiparams{'AUTH'}} = 'CHECKED';
c6c9630e 4514
6e13d0a5 4515 $selected{'INTERFACE'}{$cgiparams{'INTERFACE'}} = 'SELECTED';
c6c9630e 4516
6e13d0a5
MT		 4517 $checked{'COMPLZO'}{'off'} = '';
4518 $checked{'COMPLZO'}{'on'} = '';
4519 $checked{'COMPLZO'}{$cgiparams{'COMPLZO'}} = 'CHECKED';
c6c9630e 4520
d96c89eb
AH		 4521 $checked{'MSSFIX'}{'off'} = '';
4522 $checked{'MSSFIX'}{'on'} = '';
4523 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
4524
52f61e49
EKD		 4525 $selected{'DCIPHER'}{'AES-256-GCM'} = '';
4526 $selected{'DCIPHER'}{'AES-192-GCM'} = '';
4527 $selected{'DCIPHER'}{'AES-128-GCM'} = '';
4c962356
EK		 4528 $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
4529 $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
4530 $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
4531 $selected{'DCIPHER'}{'AES-256-CBC'} = '';
4532 $selected{'DCIPHER'}{'AES-192-CBC'} = '';
4533 $selected{'DCIPHER'}{'AES-128-CBC'} = '';
4534 $selected{'DCIPHER'}{'DESX-CBC'} = '';
4535 $selected{'DCIPHER'}{'SEED-CBC'} = '';
4536 $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
4537 $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
4538 $selected{'DCIPHER'}{'CAST5-CBC'} = '';
4539 $selected{'DCIPHER'}{'BF-CBC'} = '';
4c962356 4540 $selected{'DCIPHER'}{'DES-CBC'} = '';
49abe7af
EK		 4541 # If no cipher has been chossen yet, select
4542 # the old default (AES-256-CBC) for compatiblity reasons.
4543 if ($cgiparams{'DCIPHER'} eq '') {
4544 $cgiparams{'DCIPHER'} = 'AES-256-CBC';
4545 }
4c962356 4546 $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
49abe7af
EK		 4547 $selected{'DAUTH'}{'whirlpool'} = '';
4548 $selected{'DAUTH'}{'SHA512'} = '';
4549 $selected{'DAUTH'}{'SHA384'} = '';
4550 $selected{'DAUTH'}{'SHA256'} = '';
4551 $selected{'DAUTH'}{'SHA1'} = '';
49abe7af 4552 $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
0c4ffc69
EK		 4553 $checked{'TLSAUTH'}{'off'} = '';
4554 $checked{'TLSAUTH'}{'on'} = '';
4555 $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
49abe7af 4556
6e13d0a5
MT		 4557 if (1) {
4558 &Header::showhttpheaders();
4c962356 4559 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
6e13d0a5
MT		 4560 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
4561 if ($errormessage) {
4562 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
4563 print "<class name='base'>$errormessage";
4564 print "&nbsp;</class>";
4565 &Header::closebox();
4566 }
c6c9630e 4567
6e13d0a5
MT		 4568 if ($warnmessage) {
4569 &Header::openbox('100%', 'LEFT', "$Lang::tr{'warning messages'}:");
4570 print "<class name='base'>$warnmessage";
4571 print "&nbsp;</class>";
4572 &Header::closebox();
4573 }
c6c9630e 4574
6e13d0a5 4575 print "<form method='post' enctype='multipart/form-data'>";
ce9abb66 4576 print "<input type='hidden' name='TYPE' value='$cgiparams{'TYPE'}' />";
c6c9630e 4577
6e13d0a5
MT		 4578 if ($cgiparams{'KEY'}) {
4579 print "<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />";
4580 print "<input type='hidden' name='AUTH' value='$cgiparams{'AUTH'}' />";
6e13d0a5 4581 }
c6c9630e 4582
6e13d0a5 4583 &Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:");
8c877a82 4584 print "<table width='100%' border='0'>\n";
4c962356 4585
e3edceeb 4586 print "<tr><td width='14%' class='boldbase'>$Lang::tr{'name'}:&nbsp;<img src='/blob.gif' alt='*' /></td>";
8c877a82 4587
ce9abb66 4588 if ($cgiparams{'TYPE'} eq 'host') {
6e13d0a5 4589 if ($cgiparams{'KEY'}) {
8c877a82 4590 print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
6e13d0a5
MT		 4591 } else {
4592 print "<td width='35%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' size='30' /></td>";
4593 }
c6c9630e
MT		 4594# print "<tr><td>$Lang::tr{'interface'}</td>";
4595# print "<td><select name='INTERFACE'>";
4596# print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED</option>";
4c962356
EK		 4597# if ($netsettings{'BLUE_DEV'} ne '') {
4598# print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE</option>";
4599# }
4600# print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN</option>";
4601# print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>";
4602# print "</select></td></tr>";
4603# print <<END;
ce9abb66
AH		 4604 } else {
4605 print "<input type='hidden' name='INTERFACE' value='red' />";
4606 if ($cgiparams{'KEY'}) {
4607 print "<td width='25%' class='base' nowrap='nowrap'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
4608 } else {
4609 print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>";
4610 }
52f61e49
EKD		 4611
4612 # If GCM ciphers are in usage, HMAC menu is disabled
4613 my $hmacdisabled;
4614 if (($confighash{$cgiparams{'KEY'}}[40] eq 'AES-256-GCM') ||
4615 ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-192-GCM') ||
4616 ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-128-GCM')) {
4617 $hmacdisabled = "disabled='disabled'";
4618 };
4619
4c962356 4620 print <<END;
ce9abb66 4621 <td width='25%'>&nbsp;</td>
f527e53f
EK		 4622 <td width='25%'>&nbsp;</td></tr>
4623 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td>
4624 <td><select name='SIDE'>
4625 <option value='server' $selected{'SIDE'}{'server'}>$Lang::tr{'openvpn server'}</option>
4626 <option value='client' $selected{'SIDE'}{'client'}>$Lang::tr{'openvpn client'}</option>
4627 </select>
4628 </td>
4c962356 4629
f527e53f
EK		 4630 <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
4631 <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td>
4632 </tr>
4c962356 4633
e3edceeb 4634 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}&nbsp;<img src='/blob.gif' alt='*' /></td>
f527e53f 4635 <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td>
4c962356 4636
e3edceeb 4637 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}&nbsp;<img src='/blob.gif' alt='*' /></td>
f527e53f
EK		 4638 <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td>
4639 </tr>
4c962356 4640
e3edceeb 4641 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}&nbsp;<img src='/blob.gif' alt='*' /></td>
f527e53f 4642 <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td>
49abe7af 4643
f527e53f
EK		 4644 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
4645 <td><select name='PROTOCOL'>
4646 <option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
4647 <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>
4648 </tr>
4649
4650 <tr>
e3edceeb 4651 <td class='boldbase'>$Lang::tr{'destination port'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
f527e53f 4652 <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td>
4c962356 4653
e3edceeb 4654 <td class='boldbase' nowrap='nowrap'>Management Port ($Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}):</td>
f527e53f
EK		 4655 <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td>
4656 </tr>
49abe7af 4657
f527e53f
EK		 4658 <tr><td colspan=4><hr /></td></tr><tr>
4659
4660 <tr>
4661 <td class'base'><b>$Lang::tr{'MTU settings'}</b></td>
4662 </tr>
49abe7af 4663
e3edceeb 4664 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td>
f527e53f
EK		 4665 <td><input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td>
4666 <td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td>
4667 </tr>
4c962356 4668
e3edceeb 4669 <tr><td class='boldbase' nowrap='nowrap'>fragment:</td>
f527e53f
EK		 4670 <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td>
4671 <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td>
4672 </tr>
4c962356 4673
e3edceeb 4674 <tr><td class='boldbase' nowrap='nowrap'>mssfix:</td>
f527e53f
EK		 4675 <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
4676 <td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td>
4677 </tr>
4c962356 4678
e3edceeb 4679 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
f527e53f
EK		 4680 <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>
4681 </tr>
2ee746be 4682
f527e53f
EK		 4683<tr><td colspan=4><hr /></td></tr><tr>
4684 <tr>
4685 <td class'base'><b>$Lang::tr{'ovpn crypt options'}:</b></td>
4686 </tr>
4687
4688 <tr><td class='boldbase'>$Lang::tr{'cipher'}</td>
52f61e49
EKD		 4689 <td><select name='DCIPHER' id="n2ncipher" required>
4690 <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option>
4691 <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option>
4692 <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option>
f527e53f
EK		 4693 <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
4694 <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
4695 <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
f7fb5bc5 4696 <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'}, $Lang::tr{'default'})</option>
f527e53f
EK		 4697 <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
4698 <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
ea6dd5b0
EK		 4699 <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
4700 <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4701 <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4702 <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4703 <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4704 <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
f527e53f
EK		 4705 </select>
4706 </td>
4707
4708 <td class='boldbase'>$Lang::tr{'ovpn ha'}:</td>
52f61e49 4709 <td><select name='DAUTH' id="n2nhmac" $hmacdisabled>
f527e53f
EK		 4710 <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
4711 <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
4712 <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
4713 <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
f3dfb261 4714 <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
f527e53f
EK		 4715 </select>
4716 </td>
4717 </tr>
4718 <tr><td colspan=4><hr /></td></tr><tr>
4719
ce9abb66 4720END
8c877a82 4721;
ce9abb66 4722 }
52f61e49
EKD		 4723
4724#### JAVA SCRIPT ####
4725# Validate N2N cipher. If GCM will be used, HMAC menu will be disabled onchange
4726print<<END;
4727 <script>
4728 var disable_options = false;
4729 document.getElementById('n2ncipher').onchange = function () {
4730 if((this.value == "AES-256-GCM"||this.value == "AES-192-GCM"||this.value == "AES-128-GCM")) {
4731 document.getElementById('n2nhmac').setAttribute('disabled', true);
4732 } else {
4733 document.getElementById('n2nhmac').removeAttribute('disabled');
4734 }
4735 }
4736 </script>
4737END
4738
2ee746be 4739#jumper
e3edceeb 4740 print "<tr><td class='boldbase'>$Lang::tr{'remark title'}</td>";
8c877a82 4741 print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr></table>";
c6c9630e 4742
ce9abb66 4743 if ($cgiparams{'TYPE'} eq 'host') {
8c877a82
AM		 4744 print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>";
4745 }
ce9abb66 4746
8c877a82
AM		 4747 print"</tr></table><br><br>";
4748#A.Marx CCD new client
e81be1e1 4749if ($cgiparams{'TYPE'} eq 'host') {
8c877a82 4750 print "<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td colspan='3'><hr><br><b>$Lang::tr{'ccd choose net'}</td></tr><tr><td height='20' colspan='3'></td></tr>";
8c877a82
AM		 4751 my %vpnnet=();
4752 my $vpnip;
4753 &General::readhash("${General::swroot}/ovpn/settings", \%vpnnet);
4754 $vpnip=$vpnnet{'DOVPN_SUBNET'};
4755 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
4756 my @ccdconf=();
4757 my $count=0;
4758 my $checked;
4759 $checked{'check1'}{'off'} = '';
4760 $checked{'check1'}{'on'} = '';
4761 $checked{'check1'}{$cgiparams{'CHECK1'}} = 'CHECKED';
4762 print"<tr><td align='center' width='1%' valign='top'><input type='radio' name='CHECK1' value='dynamic' checked /></td><td align='left' valign='top' width='35%'>$Lang::tr{'ccd dynrange'} ($vpnip)</td><td width='30%'>";
4763 print"</td></tr></table><br><br>";
4764 my $name=$cgiparams{'CHECK1'};
4765 $checked{'RG'}{$cgiparams{'RG'}} = 'CHECKED';
4766
4767 if (! -z "${General::swroot}/ovpn/ccd.conf"){
4768 print"<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td width='1%'></td><td width='30%' class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td width='15%' class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' align='center' width='18%'><b>$Lang::tr{'ccd clientip'}</td></tr>";
df9b48b7 4769 foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
8c877a82
AM		 4770 $count++;
4771 @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
4772 if ($count % 2){print"<tr bgcolor='$color{'color22'}'>";}else{print"<tr bgcolor='$color{'color20'}'>";}
4773 print"<td align='center' width='1%'><input type='radio' name='CHECK1' value='$ccdconf[0]' $checked{'check1'}{$ccdconf[0]}/></td><td>$ccdconf[0]</td><td width='40%' align='center'>$ccdconf[1]</td><td align='left' width='10%'>";
4774 &fillselectbox($ccdconf[1],$ccdconf[0],$cgiparams{$name});
4775 print"</td></tr>";
4776 }
4777 print "</table><br><br><hr><br><br>";
4778 }
e81be1e1 4779}
8c877a82 4780# ccd end
6e13d0a5
MT		 4781 &Header::closebox();
4782 if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') {
8c877a82
AM		 4783
4784 } elsif (! $cgiparams{'KEY'}) {
4785
4786
6e13d0a5
MT		 4787 my $disabled='';
4788 my $cakeydisabled='';
4789 my $cacrtdisabled='';
4790 if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" };
4791 if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" };
8c877a82 4792
6e13d0a5 4793 &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'});
ce9abb66
AH		 4794
4795
4796 if ($cgiparams{'TYPE'} eq 'host') {
4797
49abe7af 4798 print <<END;
6e13d0a5 4799 <table width='100%' cellpadding='0' cellspacing='5' border='0'>
54fd0535 4800
ce9abb66
AH		 4801 <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td><td class='base'>$Lang::tr{'upload a certificate request'}</td><td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr>
4802 <tr><td><input type='radio' name='AUTH' value='certfile' $checked{'AUTH'}{'certfile'} $cacrtdisabled /></td><td class='base'>$Lang::tr{'upload a certificate'}</td></tr>
54fd0535
MT		 4803 <tr><td colspan='3'>&nbsp;</td></tr>
4804 <tr><td colspan='3'><hr /></td></tr>
4805 <tr><td colspan='3'>&nbsp;</td></tr>
ce9abb66 4806 <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
e3edceeb
LS		 4807 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users fullname or system hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
4808 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users email'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
4809 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users department'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
4810 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'organization name'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
4811 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'city'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
4812 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'state or province'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
ce9abb66 4813 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
6e13d0a5 4814END
ce9abb66
AH		 4815;
4816
4817###
7c1d9faf 4818# m.a.d net2net
ce9abb66
AH		 4819###
4820
4821} else {
4822
49abe7af 4823 print <<END;
ce9abb66
AH		 4824 <table width='100%' cellpadding='0' cellspacing='5' border='0'>
4825
4826 <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
e3edceeb
LS		 4827 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users fullname or system hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
4828 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users email'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
4829 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users department'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
4830 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'organization name'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
4831 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'city'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
4832 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'state or province'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
ce9abb66 4833 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
54fd0535
MT		 4834
4835
ce9abb66
AH		 4836END
4837;
4838
4839}
4840
4841###
7c1d9faf 4842# m.a.d net2net
ce9abb66 4843###
c6c9630e 4844
6e13d0a5
MT		 4845 foreach my $country (sort keys %{Countries::countries}) {
4846 print "<option value='$Countries::countries{$country}'";
4847 if ( $Countries::countries{$country} eq $cgiparams{'CERT_COUNTRY'} ) {
4848 print " selected='selected'";
4849 }
4850 print ">$country</option>";
4851 }
ce9abb66 4852###
7c1d9faf 4853# m.a.d net2net
ce9abb66
AH		 4854###
4855
4856if ($cgiparams{'TYPE'} eq 'host') {
49abe7af 4857 print <<END;
f4fbb935 4858 </select></td></tr>
425465ed 4859 <td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):&nbsp;<img src='/blob.gif' alt='*' /</td>
f4fbb935
EK		 4860 <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
4861 <tr><td>&nbsp;</td>
6e13d0a5
MT		 4862 <td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
4863 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value='$cgiparams{'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr>
f4fbb935 4864 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'pkcs12 file password'}:<br>($Lang::tr{'confirmation'})</td>
6e13d0a5 4865 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr>
f4fbb935
EK		 4866 <tr><td colspan='3'>&nbsp;</td></tr>
4867 <tr><td colspan='3'><hr /></td></tr>
e3edceeb 4868 <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'required field'}</td></tr>
f4fbb935 4869 </table>
ce9abb66
AH		 4870END
4871}else{
49abe7af 4872 print <<END;
f4fbb935 4873 </select></td></tr>
425465ed 4874 <td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):&nbsp;<img src='/blob.gif' alt='*' /</td>
f4fbb935
EK		 4875 <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
4876 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
4877 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
4878 <tr><td colspan='3'><hr /></td></tr>
e3edceeb 4879 <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'required field'}</td></tr>
ce9abb66
AH		 4880 </table>
4881
c6c9630e 4882END
ce9abb66
AH		 4883}
4884
4885###
7c1d9faf 4886# m.a.d net2net
ce9abb66 4887###
c6c9630e
MT		 4888 ;
4889 &Header::closebox();
8c877a82
AM		 4890
4891 }
e81be1e1
AM		 4892
4893#A.Marx CCD new client
4894if ($cgiparams{'TYPE'} eq 'host') {
8c877a82
AM		 4895 print"<br><br>";
4896 &Header::openbox('100%', 'LEFT', "$Lang::tr{'ccd client options'}:");
4897
8c877a82
AM		 4898
4899 print <<END;
4900 <table border='0' width='100%'>
4901 <tr><td width='20%'>Redirect Gateway:</td><td colspan='3'><input type='checkbox' name='RG' $checked{'RG'}{'on'} /></td></tr>
4902 <tr><td colspan='4'><b><br>$Lang::tr{'ccd routes'}</b></td></tr>
4903 <tr><td colspan='4'>&nbsp</td></tr>
4904 <tr><td valign='top'>$Lang::tr{'ccd iroute'}</td><td align='left' width='30%'><textarea name='IR' cols='26' rows='6' wrap='off'>
4905END
4906
4907 if ($cgiparams{'IR'} ne ''){
4908 print $cgiparams{'IR'};
4909 }else{
4910 &General::readhasharray ("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
4911 foreach my $key (keys %ccdroutehash) {
4912 if( $cgiparams{'NAME'} eq $ccdroutehash{$key}[0]){
4913 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
4914 if ($ccdroutehash{$key}[$i] ne ''){
4915 print $ccdroutehash{$key}[$i]."\n";
4916 }
4917 $cgiparams{'IR'} .= $ccdroutehash{$key}[$i];
4918 }
4919 }
4920 }
c6c9630e 4921 }
8c877a82
AM		 4922
4923 print <<END;
4924</textarea></td><td valign='top' colspan='2'>$Lang::tr{'ccd iroutehint'}</td></tr>
4925 <tr><td colspan='4'><br></td></tr>
4926 <tr><td valign='top' rowspan='3'>$Lang::tr{'ccd iroute2'}</td><td align='left' valign='top' rowspan='3'><select name='IFROUTE' style="width: 205px"; size='6' multiple>
4927END
52d08bcb
AM		 4928
4929 my $set=0;
4930 my $selorange=0;
4931 my $selblue=0;
4932 my $selgreen=0;
4933 my $helpblue=0;
4934 my $helporange=0;
4935 my $other=0;
df9b48b7 4936 my $none=0;
52d08bcb
AM		 4937 my @temp=();
4938
8c877a82 4939 our @current = ();
52d08bcb
AM		 4940 open(FILE, "${General::swroot}/main/routing") ;
4941 @current = <FILE>;
4942 close (FILE);
4943 &General::readhasharray ("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
df9b48b7
AM		 4944 #check for "none"
4945 foreach my $key (keys %ccdroute2hash) {
4946 if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
4947 if ($ccdroute2hash{$key}[1] eq ''){
4948 $none=1;
4949 last;
4950 }
4951 }
4952 }
4953 if ($none ne '1'){
4954 print"<option>$Lang::tr{'ccd none'}</option>";
4955 }else{
4956 print"<option selected>$Lang::tr{'ccd none'}</option>";
4957 }
52d08bcb
AM		 4958 #check if static routes are defined for client
4959 foreach my $line (@current) {
4960 chomp($line);
4961 $line=~s/\s*$//g; # remove newline
4962 @temp=split(/\,/,$line);
4963 $temp[1] = '' unless defined $temp[1]; # not always populated
4964 my ($a,$b) = split(/\//,$temp[1]);
4965 $temp[1] = $a."/".&General::iporsubtocidr($b);
4966 foreach my $key (keys %ccdroute2hash) {
4967 if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
4968 foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
4969 if($ccdroute2hash{$key}[$i] eq $a."/".&General::iporsubtodec($b)){
4970 $set=1;
8c877a82
AM		 4971 }
4972 }
8c877a82 4973 }
52d08bcb
AM		 4974 }
4975 if ($set == '1' && $#temp != -1){ print"<option selected>$temp[1]</option>";$set=0;}elsif($set == '0' && $#temp != -1){print"<option>$temp[1]</option>";}
4976 }
3a445974
MT		 4977
4978 my %vpnconfig = ();
4979 &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig);
4980 foreach my $vpn (keys %vpnconfig) {
4981 # Skip all disabled VPN connections
4982 my $enabled = $vpnconfig{$vpn}[0];
4983 next unless ($enabled eq "on");
4984
4985 my $name = $vpnconfig{$vpn}[1];
4986
4987 # Remote subnets
4988 my @networks = split(/\|/, $vpnconfig{$vpn}[11]);
4989 foreach my $network (@networks) {
4990 my $selected = "";
4991
4992 foreach my $key (keys %ccdroute2hash) {
4993 if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) {
4994 foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
4995 if ($ccdroute2hash{$key}[$i] eq $network) {
4996 $selected = "selected";
4997 }
4998 }
4999 }
5000 }
5001
5002 print "<option value=\"$network\" $selected>$name ($network)</option>\n";
5003 }
5004 }
5005
52d08bcb
AM		 5006 #check if green,blue,orange are defined for client
5007 foreach my $key (keys %ccdroute2hash) {
5008 if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
5009 $other=1;
5010 foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
5011 if ($ccdroute2hash{$key}[$i] eq $netsettings{'GREEN_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'GREEN_NETMASK'})){
5012 $selgreen=1;
5013 }
5014 if (&haveBlueNet()){
5015 if( $ccdroute2hash{$key}[$i] eq $netsettings{'BLUE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'BLUE_NETMASK'})) {
5016 $selblue=1;
5017 }
5018 }
5019 if (&haveOrangeNet()){
5020 if( $ccdroute2hash{$key}[$i] eq $netsettings{'ORANGE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'ORANGE_NETMASK'}) ) {
5021 $selorange=1;
5022 }
5023 }
5024 }
5025 }
5026 }
5027 if (&haveBlueNet() && $selblue == '1'){ print"<option selected>$Lang::tr{'blue'}</option>";$selblue=0;}elsif(&haveBlueNet() && $selblue == '0'){print"<option>$Lang::tr{'blue'}</option>";}
5028 if (&haveOrangeNet() && $selorange == '1'){ print"<option selected>$Lang::tr{'orange'}</option>";$selorange=0;}elsif(&haveOrangeNet() && $selorange == '0'){print"<option>$Lang::tr{'orange'}</option>";}
5029 if ($selgreen == '1' || $other == '0'){ print"<option selected>$Lang::tr{'green'}</option>";$set=0;}else{print"<option>$Lang::tr{'green'}</option>";};
5030
49abe7af 5031 print<<END;
8c877a82
AM		 5032 </select></td><td valign='top'>DNS1:</td><td valign='top'><input type='TEXT' name='CCD_DNS1' value='$cgiparams{'CCD_DNS1'}' size='30' /></td></tr>
5033 <tr valign='top'><td>DNS2:</td><td><input type='TEXT' name='CCD_DNS2' value='$cgiparams{'CCD_DNS2'}' size='30' /></td></tr>
5034 <tr valign='top'><td valign='top'>WINS:</td><td><input type='TEXT' name='CCD_WINS' value='$cgiparams{'CCD_WINS'}' size='30' /></td></tr></table><br><hr>
5035
5036END
5037;
5038 &Header::closebox();
e81be1e1 5039}
c6c9630e
MT		 5040 print "<div align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
5041 if ($cgiparams{'KEY'}) {
5042# print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced'}' />";
5043 }
5044 print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>";
5045 &Header::closebigbox();
5046 &Header::closepage();
5047 exit (0);
6e13d0a5 5048 }
c6c9630e 5049 VPNCONF_END:
6e13d0a5 5050}
c6c9630e
MT		 5051
5052# SETTINGS_ERROR:
6e13d0a5
MT		 5053###
5054### Default status page
5055###
c6c9630e
MT		 5056 %cgiparams = ();
5057 %cahash = ();
5058 %confighash = ();
5059 &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
5060 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
5061 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
5062
87fe47e9 5063 my @status = `/bin/cat /var/run/ovpnserver.log`;
c6c9630e
MT		 5064
5065 if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
8c877a82
AM		 5066 if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
5067 my $ipaddr = <IPADDR>;
5068 close IPADDR;
5069 chomp ($ipaddr);
5070 $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
5071 if ($cgiparams{'VPN_IP'} eq '') {
5072 $cgiparams{'VPN_IP'} = $ipaddr;
5073 }
5074 }
c6c9630e
MT		 5075 }
5076
6e13d0a5 5077#default setzen
c6c9630e 5078 if ($cgiparams{'DCIPHER'} eq '') {
4c962356 5079 $cgiparams{'DCIPHER'} = 'AES-256-CBC';
c6c9630e 5080 }
c6c9630e 5081 if ($cgiparams{'DDEST_PORT'} eq '') {
4c962356 5082 $cgiparams{'DDEST_PORT'} = '1194';
c6c9630e
MT		 5083 }
5084 if ($cgiparams{'DMTU'} eq '') {
4c962356
EK		 5085 $cgiparams{'DMTU'} = '1400';
5086 }
5087 if ($cgiparams{'MSSFIX'} eq '') {
5088 $cgiparams{'MSSFIX'} = 'off';
5089 }
5090 if ($cgiparams{'DAUTH'} eq '') {
86308adb
EK		 5091 if (-z "${General::swroot}/ovpn/ovpnconfig") {
5092 $cgiparams{'DAUTH'} = 'SHA512';
5093 }
5094 foreach my $key (keys %confighash) {
5095 if ($confighash{$key}[3] ne 'host') {
5096 $cgiparams{'DAUTH'} = 'SHA512';
5097 } else {
5098 $cgiparams{'DAUTH'} = 'SHA1';
5099 }
5100 }
5101 }
0c4ffc69
EK		 5102 if ($cgiparams{'TLSAUTH'} eq '') {
5103 $cgiparams{'TLSAUTH'} = 'off';
5104 }
c6c9630e 5105 if ($cgiparams{'DOVPN_SUBNET'} eq '') {
4c962356 5106 $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
c6c9630e 5107 }
4c962356 5108 $checked{'ENABLED'}{'off'} = '';
c6c9630e
MT		 5109 $checked{'ENABLED'}{'on'} = '';
5110 $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
5111 $checked{'ENABLED_BLUE'}{'off'} = '';
5112 $checked{'ENABLED_BLUE'}{'on'} = '';
5113 $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED';
5114 $checked{'ENABLED_ORANGE'}{'off'} = '';
5115 $checked{'ENABLED_ORANGE'}{'on'} = '';
5116 $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
c6c9630e
MT		 5117
5118 $selected{'DPROTOCOL'}{'udp'} = '';
5119 $selected{'DPROTOCOL'}{'tcp'} = '';
5120 $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
4c962356 5121
52f61e49
EKD		 5122 $selected{'DCIPHER'}{'AES-256-GCM'} = '';
5123 $selected{'DCIPHER'}{'AES-192-GCM'} = '';
5124 $selected{'DCIPHER'}{'AES-128-GCM'} = '';
4c962356
EK		 5125 $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
5126 $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
5127 $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
5128 $selected{'DCIPHER'}{'AES-256-CBC'} = '';
5129 $selected{'DCIPHER'}{'AES-192-CBC'} = '';
5130 $selected{'DCIPHER'}{'AES-128-CBC'} = '';
c6c9630e
MT		 5131 $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
5132 $selected{'DCIPHER'}{'DESX-CBC'} = '';
4c962356
EK		 5133 $selected{'DCIPHER'}{'SEED-CBC'} = '';
5134 $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
5135 $selected{'DCIPHER'}{'CAST5-CBC'} = '';
5136 $selected{'DCIPHER'}{'BF-CBC'} = '';
4c962356 5137 $selected{'DCIPHER'}{'DES-CBC'} = '';
c6c9630e 5138 $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
4c962356
EK		 5139
5140 $selected{'DAUTH'}{'whirlpool'} = '';
5141 $selected{'DAUTH'}{'SHA512'} = '';
5142 $selected{'DAUTH'}{'SHA384'} = '';
5143 $selected{'DAUTH'}{'SHA256'} = '';
4c962356
EK		 5144 $selected{'DAUTH'}{'SHA1'} = '';
5145 $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
5146
0c4ffc69
EK		 5147 $checked{'TLSAUTH'}{'off'} = '';
5148 $checked{'TLSAUTH'}{'on'} = '';
5149 $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
5150
c6c9630e
MT		 5151 $checked{'DCOMPLZO'}{'off'} = '';
5152 $checked{'DCOMPLZO'}{'on'} = '';
5153 $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
4c962356 5154
d96c89eb
AH		 5155# m.a.d
5156 $checked{'MSSFIX'}{'off'} = '';
5157 $checked{'MSSFIX'}{'on'} = '';
5158 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
6e13d0a5 5159#new settings
c6c9630e
MT		 5160 &Header::showhttpheaders();
5161 &Header::openpage($Lang::tr{'status ovpn'}, 1, '');
5162 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
6e13d0a5 5163
c6c9630e 5164 if ($errormessage) {
6e13d0a5
MT		 5165 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
5166 print "<class name='base'>$errormessage\n";
5167 print "&nbsp;</class>\n";
5168 &Header::closebox();
c6c9630e 5169 }
6e13d0a5 5170
400c8afd
EK		 5171 if ($cryptoerror) {
5172 &Header::openbox('100%', 'LEFT', $Lang::tr{'crypto error'});
5173 print "<class name='base'>$cryptoerror";
5174 print "&nbsp;</class>";
5175 &Header::closebox();
5176 }
5177
5178 if ($cryptowarning) {
5179 &Header::openbox('100%', 'LEFT', $Lang::tr{'crypto warning'});
5180 print "<class name='base'>$cryptowarning";
5181 print "&nbsp;</class>";
5182 &Header::closebox();
5183 }
5184
b2e75449
MT		 5185 if ($warnmessage) {
5186 &Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'});
5187 print "$warnmessage<br>";
5188 print "$Lang::tr{'fwdfw warn1'}<br>";
5189 &Header::closebox();
5190 print"<center><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'ok'}' style='width: 5em;'></form>";
5191 &Header::closepage();
5192 exit 0;
5193 }
4d81e0f3 5194
c6c9630e
MT		 5195 my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
5196 my $srunning = "no";
5197 my $activeonrun = "";
5198 if ( -e "/var/run/openvpn.pid"){
6e13d0a5
MT		 5199 $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'running'}</font></b></td></tr></table>";
5200 $srunning ="yes";
5201 $activeonrun = "";
c6c9630e 5202 } else {
6e13d0a5 5203 $activeonrun = "disabled='disabled'";
c6c9630e 5204 }
afabe9f7 5205 &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'});
4c962356 5206 print <<END;
631b67b7 5207 <table width='100%' border='0'>
c6c9630e
MT		 5208 <form method='post'>
5209 <td width='25%'>&nbsp;</td>
5210 <td width='25%'>&nbsp;</td>
5211 <td width='25%'>&nbsp;</td></tr>
5212 <tr><td class='boldbase'>$Lang::tr{'ovpn server status'}</td>
5213 <td align='left'>$sactive</td>
5214 <tr><td class='boldbase'>$Lang::tr{'ovpn on red'}</td>
8c877a82 5215 <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
c6c9630e
MT		 5216END
5217;
5218 if (&haveBlueNet()) {
5219 print "<tr><td class='boldbase'>$Lang::tr{'ovpn on blue'}</td>";
5220 print "<td><input type='checkbox' name='ENABLED_BLUE' $checked{'ENABLED_BLUE'}{'on'} /></td>";
5221 }
5222 if (&haveOrangeNet()) {
5223 print "<tr><td class='boldbase'>$Lang::tr{'ovpn on orange'}</td>";
5224 print "<td><input type='checkbox' name='ENABLED_ORANGE' $checked{'ENABLED_ORANGE'}{'on'} /></td>";
86308adb
EK		 5225 }
5226
5227 print <<END;
5228
5229 <tr><td colspan='4'><br></td></tr>
5230 <tr>
5231 <td class'base'><b>$Lang::tr{'net config'}:</b></td>
5232 </tr>
5233 <tr><td colspan='1'><br></td></tr>
5234
4e17adad
CS		 5235 <tr><td class='base' nowrap='nowrap' colspan='2'>$Lang::tr{'local vpn hostname/ip'}:<br /><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' size='30' /></td>
5236 <td class='boldbase' nowrap='nowrap' colspan='2'>$Lang::tr{'ovpn subnet'}<br /><input type='TEXT' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}' size='30' /></td></tr>
c6c9630e
MT		 5237 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
5238 <td><select name='DPROTOCOL'><option value='udp' $selected{'DPROTOCOL'}{'udp'}>UDP</option>
5239 <option value='tcp' $selected{'DPROTOCOL'}{'tcp'}>TCP</option></select></td>
5240 <td class='boldbase'>$Lang::tr{'destination port'}:</td>
5241 <td><input type='TEXT' name='DDEST_PORT' value='$cgiparams{'DDEST_PORT'}' size='5' /></td></tr>
5242 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;</td>
bc2b3e94 5243 <td> <input type='TEXT' name='DMTU' VALUE='$cgiparams{'DMTU'}' size='5' /></td>
86308adb
EK		 5244 </tr>
5245
5246 <tr><td colspan='4'><br></td></tr>
5247 <tr>
5248 <td class'base'><b>$Lang::tr{'ovpn crypt options'}:</b></td>
5249 </tr>
5250 <tr><td colspan='1'><br></td></tr>
5251
5252 <tr>
5253 <td class='base'>$Lang::tr{'ovpn ha'}</td>
5254 <td><select name='DAUTH'>
5255 <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
5256 <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
5257 <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
5258 <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
5259 <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5260 </select>
5261 </td>
f527e53f 5262
4c962356
EK		 5263 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>
5264 <td><select name='DCIPHER'>
52f61e49
EKD		 5265 <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option>
5266 <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option>
5267 <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option>
4c962356 5268 <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
f527e53f 5269 <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
4c962356
EK		 5270 <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
5271 <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option>
5272 <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
5273 <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
4c962356 5274 <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
ea6dd5b0
EK		 5275 <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5276 <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5277 <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5278 <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5279 <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4c962356
EK		 5280 </select>
5281 </td>
4c962356 5282 </tr>
0c4ffc69
EK		 5283
5284 <tr><td colspan='4'><br></td></tr>
5285 <tr>
5286 <td class='base'>$Lang::tr{'ovpn tls auth'}</td>
5287 <td><input type='checkbox' name='TLSAUTH' $checked{'TLSAUTH'}{'on'} /></td>
5288 </tr>
5289
f7edf97a 5290 <tr><td colspan='4'><br><br></td></tr>
c6c9630e
MT		 5291END
5292;
5293
5294 if ( $srunning eq "yes" ) {
8c877a82
AM		 5295 print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' disabled='disabled' />";
5296 print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />";
5297 print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />";
5298 print "<input type='submit' name='ACTION' value='$Lang::tr{'stop ovpn server'}' /></td></tr>";
c6c9630e 5299 } else{
8c877a82
AM		 5300 print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
5301 print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />";
5302 print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />";
c6c9630e
MT		 5303 if (( -e "${General::swroot}/ovpn/ca/cacert.pem" &&
5304 -e "${General::swroot}/ovpn/ca/dh1024.pem" &&
5305 -e "${General::swroot}/ovpn/certs/servercert.pem" &&
5306 -e "${General::swroot}/ovpn/certs/serverkey.pem") &&
5307 (( $cgiparams{'ENABLED'} eq 'on') ||
5308 ( $cgiparams{'ENABLED_BLUE'} eq 'on') ||
5309 ( $cgiparams{'ENABLED_ORANGE'} eq 'on'))){
8c877a82 5310 print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' /></td></tr>";
c6c9630e 5311 } else {
8c877a82 5312 print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' disabled='disabled' /></td></tr>";
c6c9630e
MT		 5313 }
5314 }
5315 print "</form></table>";
5316 &Header::closebox();
6e13d0a5 5317
c6c9630e 5318 if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
ce9abb66 5319###
7c1d9faf 5320# m.a.d net2net
54fd0535 5321#<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b><br /><img src='/images/null.gif' width='125' height='1' border='0' alt='L2089' /></td>
ce9abb66
AH		 5322###
5323
4c962356 5324 &Header::openbox('100%', 'LEFT', $Lang::tr{'connection status and controlc' });
c6c9630e 5325 ;
99bfa85c
AM		 5326 my $id = 0;
5327 my $gif;
f7edf97a 5328 my $col1="";
5b942f7f 5329 my $lastnet;
c8b51e28 5330 foreach my $key (sort { ncmp ($confighash{$a}[32],$confighash{$b}[32]) } sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) {
5b942f7f
AM		 5331 if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]=$Lang::tr{'fwhost OpenVPN N-2-N'};}
5332 if ($confighash{$key}[32] eq "dynamic"){$confighash{$key}[32]=$Lang::tr{'ccd dynrange'};}
5333 if($id == 0){
5334 print"<b>$confighash{$key}[32]</b>";
5335 print <<END;
5336 <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
5337<tr>
5338 <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
5339 <th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th>
5340 <th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
5341 <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
71af643c 5342 <th width='5%' class='boldbase' colspan='7' align='center'><b>$Lang::tr{'action'}</b></th>
5b942f7f
AM		 5343</tr>
5344END
5345 }
5346 if ($id > 0 && $lastnet ne $confighash{$key}[32]){
5347 print "</table><br>";
5348 print"<b>$confighash{$key}[32]</b>";
5349 print <<END;
5350 <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
5351<tr>
5352 <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
5353 <th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th>
5354 <th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
5355 <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
71af643c 5356 <th width='5%' class='boldbase' colspan='7' align='center'><b>$Lang::tr{'action'}</b></th>
5b942f7f
AM		 5357</tr>
5358END
5359 }
eff2dbf8 5360 if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
c6c9630e 5361 if ($id % 2) {
99bfa85c
AM		 5362 print "<tr>";
5363 $col="bgcolor='$color{'color20'}'";
bb89e92a 5364 } else {
99bfa85c
AM		 5365 print "<tr>";
5366 $col="bgcolor='$color{'color22'}'";
c6c9630e 5367 }
99bfa85c
AM		 5368 print "<td align='center' nowrap='nowrap' $col>$confighash{$key}[1]</td>";
5369 print "<td align='center' nowrap='nowrap' $col>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>";
8c877a82
AM		 5370 #if ($confighash{$key}[4] eq 'cert') {
5371 #print "<td align='left' nowrap='nowrap'>$confighash{$key}[2]</td>";
5372 #} else {
5373 #print "<td align='left'>&nbsp;</td>";
5374 #}
c6c9630e
MT		 5375 my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
5376 $cavalid =~ /Not After : (.*)[\n]/;
5377 $cavalid = $1;
99bfa85c 5378 print "<td align='center' $col>$confighash{$key}[25]</td>";
f7edf97a
AM		 5379 $col1="bgcolor='${Header::colourred}'";
5380 my $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>";
ce9abb66 5381
c6c9630e 5382 if ($confighash{$key}[0] eq 'off') {
f7edf97a
AM		 5383 $col1="bgcolor='${Header::colourblue}'";
5384 $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>";
c6c9630e 5385 } else {
ce9abb66
AH		 5386
5387###
7c1d9faf 5388# m.a.d net2net
f7edf97a
AM		 5389###
5390
b278daf3 5391 if ($confighash{$key}[3] eq 'net') {
54fd0535
MT		 5392
5393 if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
5394 my @output = "";
5395 my @tustate = "";
5396 my $tport = $confighash{$key}[22];
5397 my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport);
5398 if ($tport ne '') {
5399 $tnet->open('127.0.0.1');
5400 @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/');
5401 @tustate = split(/\,/, $output[1]);
5402###
5403#CONNECTING -- OpenVPN's initial state.
5404#WAIT -- (Client only) Waiting for initial response from server.
5405#AUTH -- (Client only) Authenticating with server.
5406#GET_CONFIG -- (Client only) Downloading configuration options from server.
5407#ASSIGN_IP -- Assigning IP address to virtual network interface.
5408#ADD_ROUTES -- Adding routes to system.
5409#CONNECTED -- Initialization Sequence Completed.
5410#RECONNECTING -- A restart has occurred.
5411#EXITING -- A graceful exit is in progress.
5412####
5413
ed4b4c19 5414 if (($tustate[1] eq 'CONNECTED') || ($tustate[1] eq 'WAIT')) {
f7edf97a
AM		 5415 $col1="bgcolor='${Header::colourgreen}'";
5416 $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b>";
5417 }else {
5418 $col1="bgcolor='${Header::colourred}'";
5419 $active = "<b><font color='#FFFFFF'>$tustate[1]</font></b>";
5420 }
54fd0535 5421 }
54fd0535 5422 }
f7edf97a
AM		 5423 }else {
5424
5425 my $cn;
5426 my @match = ();
5427 foreach my $line (@status) {
5428 chomp($line);
5429 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
5430 @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
5431 if ($match[1] ne "Common Name") {
5432 $cn = $match[1];
5433 }
5434 $cn =~ s/[_]/ /g;
5435 if ($cn eq "$confighash{$key}[2]") {
5436 $col1="bgcolor='${Header::colourgreen}'";
5437 $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b>";
5438 }
5439 }
5440 }
c6c9630e 5441 }
7c1d9faf 5442}
ce9abb66
AH		 5443
5444
4c962356 5445 print <<END;
f7edf97a 5446 <td align='center' $col1>$active</td>
c6c9630e 5447
99bfa85c 5448 <form method='post' name='frm${key}a'><td align='center' $col>
96096995
AM		 5449 <input type='image' name='$Lang::tr{'dl client arch'}' src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
5450 <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
5451 <input type='hidden' name='KEY' value='$key' />
c6c9630e
MT		 5452 </td></form>
5453END
5454 ;
71af643c
MT		 5455
5456 if ($confighash{$key}[41] eq "no-pass") {
5457 print <<END;
5458 <form method='post' name='frm${key}g'><td align='center' $col>
5459 <input type='image' name='$Lang::tr{'dl client arch insecure'}' src='/images/openvpn.png'
5460 alt='$Lang::tr{'dl client arch insecure'}' title='$Lang::tr{'dl client arch insecure'}' border='0' />
5461 <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
5462 <input type='hidden' name='MODE' value='insecure' />
5463 <input type='hidden' name='KEY' value='$key' />
5464 </td></form>
5465END
5466 } else {
5467 print "<td $col>&nbsp;</td>";
5468 }
5469
c6c9630e 5470 if ($confighash{$key}[4] eq 'cert') {
4c962356 5471 print <<END;
99bfa85c 5472 <form method='post' name='frm${key}b'><td align='center' $col>
c6c9630e
MT		 5473 <input type='image' name='$Lang::tr{'show certificate'}' src='/images/info.gif' alt='$Lang::tr{'show certificate'}' title='$Lang::tr{'show certificate'}' border='0' />
5474 <input type='hidden' name='ACTION' value='$Lang::tr{'show certificate'}' />
5475 <input type='hidden' name='KEY' value='$key' />
5476 </td></form>
5477END
5478 ; } else {
5479 print "<td>&nbsp;</td>";
5480 }
5481 if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") {
4c962356 5482 print <<END;
99bfa85c 5483 <form method='post' name='frm${key}c'><td align='center' $col>
438dd0cc 5484 <input type='image' name='$Lang::tr{'download pkcs12 file'}' src='/images/media-floppy.png' alt='$Lang::tr{'download pkcs12 file'}' title='$Lang::tr{'download pkcs12 file'}' border='0' />
c6c9630e
MT		 5485 <input type='hidden' name='ACTION' value='$Lang::tr{'download pkcs12 file'}' />
5486 <input type='hidden' name='KEY' value='$key' />
5487 </td></form>
5488END
5489 ; } elsif ($confighash{$key}[4] eq 'cert') {
4c962356 5490 print <<END;
99bfa85c 5491 <form method='post' name='frm${key}c'><td align='center' $col>
438dd0cc 5492 <input type='image' name='$Lang::tr{'download certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' title='$Lang::tr{'download certificate'}' border='0' />
c6c9630e
MT		 5493 <input type='hidden' name='ACTION' value='$Lang::tr{'download certificate'}' />
5494 <input type='hidden' name='KEY' value='$key' />
5495 </td></form>
5496END
5497 ; } else {
5498 print "<td>&nbsp;</td>";
5499 }
5500 print <<END
99bfa85c 5501 <form method='post' name='frm${key}d'><td align='center' $col>
c6c9630e
MT		 5502 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$Lang::tr{'toggle enable disable'}' title='$Lang::tr{'toggle enable disable'}' border='0' />
5503 <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
5504 <input type='hidden' name='KEY' value='$key' />
5505 </td></form>
5506
99bfa85c 5507 <form method='post' name='frm${key}e'><td align='center' $col>
c6c9630e
MT		 5508 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
5509 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' width='20' height='20' border='0'/>
5510 <input type='hidden' name='KEY' value='$key' />
5511 </td></form>
99bfa85c 5512 <form method='post' name='frm${key}f'><td align='center' $col>
c6c9630e
MT		 5513 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
5514 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' width='20' height='20' border='0' />
5515 <input type='hidden' name='KEY' value='$key' />
5516 </td></form>
5517 </tr>
5518END
5519 ;
5520 $id++;
5b942f7f 5521 $lastnet = $confighash{$key}[32];
c6c9630e 5522 }
5b942f7f 5523 print"</table>";
c6c9630e
MT		 5524 ;
5525
5526 # If the config file contains entries, print Key to action icons
5527 if ( $id ) {
4c962356 5528 print <<END;
8c877a82 5529 <table border='0'>
c6c9630e 5530 <tr>
4c962356
EK		 5531 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
5532 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
5533 <td class='base'>$Lang::tr{'click to disable'}</td>
5534 <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
5535 <td class='base'>$Lang::tr{'show certificate'}</td>
5536 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
5537 <td class='base'>$Lang::tr{'edit'}</td>
5538 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
5539 <td class='base'>$Lang::tr{'remove'}</td>
c6c9630e
MT		 5540 </tr>
5541 <tr>
4c962356
EK		 5542 <td>&nbsp; </td>
5543 <td>&nbsp; <img src='/images/off.gif' alt='?OFF' /></td>
5544 <td class='base'>$Lang::tr{'click to enable'}</td>
5545 <td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
5546 <td class='base'>$Lang::tr{'download certificate'}</td>
5547 <td>&nbsp; &nbsp; <img src='/images/openvpn.png' alt='?RELOAD'/></td>
5548 <td class='base'>$Lang::tr{'dl client arch'}</td>
5549 </tr>
f7edf97a 5550 </table><br>
c6c9630e
MT		 5551END
5552 ;
5553 }
5554
4c962356 5555 print <<END;
c6c9630e
MT		 5556 <table width='100%'>
5557 <form method='post'>
4c962356
EK		 5558 <tr><td align='right'>
5559 <input type='submit' name='ACTION' value='$Lang::tr{'add'}' />
5560 <input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td>
5561 </tr>
c6c9630e
MT		 5562 </form>
5563 </table>
5564END
4c962356
EK		 5565 ;
5566 &Header::closebox();
5567 }
fd5ccb2d
EK		 5568
5569 # CA/key listing
4c962356
EK		 5570 &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}");
5571 print <<END;
5572 <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
5573 <tr>
5574 <th width='25%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
5575 <th width='65%' class='boldbase' align='center'><b>$Lang::tr{'subject'}</b></th>
5576 <th width='10%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></th>
5577 </tr>
5578END
5579 ;
5580 my $col1="bgcolor='$color{'color22'}'";
f7fb5bc5 5581 my $col2="bgcolor='$color{'color20'}'";
c8f50356 5582 # DH parameter line
f7fb5bc5 5583 my $col3="bgcolor='$color{'color22'}'";
fd5ccb2d
EK		 5584 # ta.key line
5585 my $col4="bgcolor='$color{'color20'}'";
f7fb5bc5 5586
4c962356
EK		 5587 if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
5588 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
5589 $casubject =~ /Subject: (.*)[\n]/;
5590 $casubject = $1;
5591 $casubject =~ s+/Email+, E+;
5592 $casubject =~ s/ ST=/ S=/;
5593 print <<END;
5594 <tr>
5595 <td class='base' $col1>$Lang::tr{'root certificate'}</td>
5596 <td class='base' $col1>$casubject</td>
c8f50356 5597 <form method='post' name='frmrootcrta'><td width='3%' align='center' $col1>
4c962356
EK		 5598 <input type='hidden' name='ACTION' value='$Lang::tr{'show root certificate'}' />
5599 <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show root certificate'}' title='$Lang::tr{'show root certificate'}' width='20' height='20' border='0' />
c8f50356
EK		 5600 </form>
5601 <form method='post' name='frmrootcrtb'><td width='3%' align='center' $col1>
4c962356
EK		 5602 <input type='image' name='$Lang::tr{'download root certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download root certificate'}' title='$Lang::tr{'download root certificate'}' border='0' />
5603 <input type='hidden' name='ACTION' value='$Lang::tr{'download root certificate'}' />
c8f50356
EK		 5604 </form>
5605 <td width='4%' $col1>&nbsp;</td>
5606 </tr>
4c962356
EK		 5607END
5608 ;
5609 } else {
5610 # display rootcert generation buttons
5611 print <<END;
5612 <tr>
5613 <td class='base' $col1>$Lang::tr{'root certificate'}:</td>
5614 <td class='base' $col1>$Lang::tr{'not present'}</td>
c8f50356
EK		 5615 <td colspan='3' $col1>&nbsp;</td>
5616 </tr>
4c962356
EK		 5617END
5618 ;
5619 }
5620
5621 if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
5622 my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
5623 $hostsubject =~ /Subject: (.*)[\n]/;
5624 $hostsubject = $1;
5625 $hostsubject =~ s+/Email+, E+;
5626 $hostsubject =~ s/ ST=/ S=/;
5627
5628 print <<END;
5629 <tr>
5630 <td class='base' $col2>$Lang::tr{'host certificate'}</td>
5631 <td class='base' $col2>$hostsubject</td>
c8f50356 5632 <form method='post' name='frmhostcrta'><td width='3%' align='center' $col2>
4c962356
EK		 5633 <input type='hidden' name='ACTION' value='$Lang::tr{'show host certificate'}' />
5634 <input type='image' name='$Lang::tr{'show host certificate'}' src='/images/info.gif' alt='$Lang::tr{'show host certificate'}' title='$Lang::tr{'show host certificate'}' width='20' height='20' border='0' />
c8f50356
EK		 5635 </form>
5636 <form method='post' name='frmhostcrtb'><td width='3%' align='center' $col2>
4c962356
EK		 5637 <input type='image' name="$Lang::tr{'download host certificate'}" src='/images/media-floppy.png' alt="$Lang::tr{'download host certificate'}" title="$Lang::tr{'download host certificate'}" border='0' />
5638 <input type='hidden' name='ACTION' value="$Lang::tr{'download host certificate'}" />
c8f50356
EK		 5639 </td></form>
5640 <td width='4%' $col2>&nbsp;</td>
5641 </tr>
4c962356
EK		 5642END
5643 ;
5644 } else {
5645 # Nothing
5646 print <<END;
5647 <tr>
5648 <td width='25%' class='base' $col2>$Lang::tr{'host certificate'}:</td>
5649 <td class='base' $col2>$Lang::tr{'not present'}</td>
c8f50356
EK		 5650 </td><td colspan='3' $col2>&nbsp;</td>
5651 </tr>
4c962356
EK		 5652END
5653 ;
5654 }
ce9abb66 5655
f7fb5bc5
EK		 5656 # Adding DH parameter to chart
5657 if (-f "${General::swroot}/ovpn/ca/dh1024.pem") {
5658 my $dhsubject = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
c8f50356 5659 $dhsubject =~ / (.*)[\n]/;
f7fb5bc5
EK		 5660 $dhsubject = $1;
5661
5662
5663 print <<END;
5664 <tr>
5665 <td class='base' $col3>$Lang::tr{'dh parameter'}</td>
5666 <td class='base' $col3>$dhsubject</td>
c8f50356 5667 <form method='post' name='frmdhparam'><td width='3%' align='center' $col3>
f7fb5bc5
EK		 5668 <input type='hidden' name='ACTION' value='$Lang::tr{'show dh'}' />
5669 <input type='image' name='$Lang::tr{'show dh'}' src='/images/info.gif' alt='$Lang::tr{'show dh'}' title='$Lang::tr{'show dh'}' width='20' height='20' border='0' />
c8f50356
EK		 5670 </form>
5671 <form method='post' name='frmdhparam'><td width='3%' align='center' $col3>
c8f50356
EK		 5672 </form>
5673 <td width='4%' $col3>&nbsp;</td>
5674 </tr>
f7fb5bc5
EK		 5675END
5676 ;
5677 } else {
5678 # Nothing
5679 print <<END;
5680 <tr>
5681 <td width='25%' class='base' $col3>$Lang::tr{'dh parameter'}:</td>
5682 <td class='base' $col3>$Lang::tr{'not present'}</td>
c8f50356
EK		 5683 </td><td colspan='3' $col3>&nbsp;</td>
5684 </tr>
f7fb5bc5
EK		 5685END
5686 ;
5687 }
5688
fd5ccb2d
EK		 5689 # Adding ta.key to chart
5690 if (-f "${General::swroot}/ovpn/certs/ta.key") {
5691 my $tasubject = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
5692 $tasubject =~ /# (.*)[\n]/;
5693 $tasubject = $1;
5694 print <<END;
5695
5696 <tr>
5697 <td class='base' $col4>$Lang::tr{'ta key'}</td>
5698 <td class='base' $col4>$tasubject</td>
5699 <form method='post' name='frmtakey'><td width='3%' align='center' $col4>
5700 <input type='hidden' name='ACTION' value='$Lang::tr{'show tls-auth key'}' />
5701 <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show tls-auth key'}' title='$Lang::tr{'show tls-auth key'}' width='20' height='20' border='0' />
5702 </form>
5703 <form method='post' name='frmtakey'><td width='3%' align='center' $col4>
5704 <input type='image' name='$Lang::tr{'download tls-auth key'}' src='/images/media-floppy.png' alt='$Lang::tr{'download tls-auth key'}' title='$Lang::tr{'download tls-auth key'}' border='0' />
5705 <input type='hidden' name='ACTION' value='$Lang::tr{'download tls-auth key'}' />
5706 </form>
5707 <td width='4%' $col4>&nbsp;</td>
5708 </tr>
5709END
5710 ;
5711 } else {
5712 # Nothing
5713 print <<END;
5714 <tr>
5715 <td width='25%' class='base' $col4>$Lang::tr{'ta key'}:</td>
5716 <td class='base' $col4>$Lang::tr{'not present'}</td>
5717 <td colspan='3' $col4>&nbsp;</td>
5718 </tr>
5719END
5720 ;
5721 }
5722
4c962356
EK		 5723 if (! -f "${General::swroot}/ovpn/ca/cacert.pem") {
5724 print "<tr><td colspan='5' align='center'><form method='post'>";
5725 print "<input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' />";
5726 print "</form></td></tr>\n";
5727 }
5728
5729 if (keys %cahash > 0) {
5730 foreach my $key (keys %cahash) {
5731 if (($key + 1) % 2) {
5732 print "<tr bgcolor='$color{'color20'}'>\n";
5733 } else {
5734 print "<tr bgcolor='$color{'color22'}'>\n";
5735 }
5736 print "<td class='base'>$cahash{$key}[0]</td>\n";
5737 print "<td class='base'>$cahash{$key}[1]</td>\n";
5738 print <<END;
5739 <form method='post' name='cafrm${key}a'><td align='center'>
5740 <input type='image' name='$Lang::tr{'show ca certificate'}' src='/images/info.gif' alt='$Lang::tr{'show ca certificate'}' title='$Lang::tr{'show ca certificate'}' border='0' />
5741 <input type='hidden' name='ACTION' value='$Lang::tr{'show ca certificate'}' />
5742 <input type='hidden' name='KEY' value='$key' />
5743 </td></form>
5744 <form method='post' name='cafrm${key}b'><td align='center'>
5745 <input type='image' name='$Lang::tr{'download ca certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download ca certificate'}' title='$Lang::tr{'download ca certificate'}' border='0' />
5746 <input type='hidden' name='ACTION' value='$Lang::tr{'download ca certificate'}' />
5747 <input type='hidden' name='KEY' value='$key' />
5748 </td></form>
5749 <form method='post' name='cafrm${key}c'><td align='center'>
5750 <input type='hidden' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
5751 <input type='image' name='$Lang::tr{'remove ca certificate'}' src='/images/delete.gif' alt='$Lang::tr{'remove ca certificate'}' title='$Lang::tr{'remove ca certificate'}' width='20' height='20' border='0' />
5752 <input type='hidden' name='KEY' value='$key' />
5753 </td></form></tr>
5754END
5755 ;
5756 }
5757 }
5758
5759 print "</table>";
5760
5761 # If the file contains entries, print Key to action icons
5762 if ( -f "${General::swroot}/ovpn/ca/cacert.pem") {
5763 print <<END;
5764 <table>
5765 <tr>
5766 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
5767 <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
5768 <td class='base'>$Lang::tr{'show certificate'}</td>
5769 <td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' /></td>
5770 <td class='base'>$Lang::tr{'download certificate'}</td>
5771 </tr>
5772 </table>
5773END
5774 ;
5775 }
ce9abb66 5776
4c962356 5777 print <<END
578f23c8
SS		 5778
5779 <br><hr><br>
5780
4c962356 5781 <form method='post' enctype='multipart/form-data'>
578f23c8
SS		 5782 <table border='0' width='100%'>
5783 <tr>
5784 <td colspan='4'><b>$Lang::tr{'upload ca certificate'}</b></td>
5785 </tr>
4c962356 5786
578f23c8
SS		 5787 <tr>
5788 <td width='10%'>$Lang::tr{'ca name'}:</td>
5789 <td width='30%'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'></td>
5790 <td width='30%'><input type='file' name='FH' size='25'>
5791 <td width='30%'align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}'></td>
5792 </tr>
f527e53f 5793
578f23c8
SS		 5794 <tr>
5795 <td colspan='3'>&nbsp;</td>
5796 <td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td>
5797 </tr>
5798 </table>
f527e53f 5799
578f23c8
SS		 5800 <br>
5801
5802 <table border='0' width='100%'>
5803 <tr>
5804 <td colspan='4'><b>$Lang::tr{'ovpn dh parameters'}</b></td>
5805 </tr>
5806
5807 <tr>
5808 <td width='40%'>$Lang::tr{'ovpn dh upload'}:</td>
5809 <td width='30%'><input type='file' name='FH' size='25'>
5810 <td width='30%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload dh key'}'></td>
5811 </tr>
5812
5813 <tr>
5814 <td width='40%'>$Lang::tr{'ovpn dh new key'}:</td>
5815 <td colspan='2' width='60%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
5816 </tr>
5817 </table>
5818 </form>
f527e53f 5819
578f23c8 5820 <br><hr>
4c962356
EK		 5821END
5822 ;
5823
5824 if ( $srunning eq "yes" ) {
5825 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' disabled='disabled' /></div></form>\n";
5826 } else {
5827 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' /></div></form>\n";
5828 }
5829 &Header::closebox();
5830END
5831 ;
5832
5833&Header::closepage();
ce9abb66 5834
Peter's tree of IPFire 2.x