# #
###############################################################################
+use Data::UUID;
+use MIME::Base64;
use Net::DNS;
use File::Copy;
use File::Temp qw/ tempfile tempdir /;
my %color = ();
my %mainsettings = ();
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
-&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/certs/$confighash{$key}[1]cert.pem`;
if ($test =~ /: OK/) {
# Delete connection
- system('/usr/local/bin/ipsecctrl', 'D', $key) if (&vpnenabled);
unlink ("${General::swroot}/certs/$confighash{$key}[1]cert.pem");
unlink ("${General::swroot}/certs/$confighash{$key}[1].p12");
delete $confighash{$key};
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
&writeipsecfiles();
+ system('/usr/local/bin/ipsecctrl', 'D', $key) if (&vpnenabled);
}
}
unlink ("${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
&General::log("ipsec", "Creating cacert...");
if (open(STDIN, "-|")) {
my $opt = " req -x509 -sha256 -nodes";
- $opt .= " -days 999999";
+ $opt .= " -days 3650";
$opt .= " -newkey rsa:4096";
$opt .= " -keyout ${General::swroot}/private/cakey.pem";
$opt .= " -out ${General::swroot}/ca/cacert.pem";
print $fh "subjectAltName=$cgiparams{'SUBJECTALTNAME'}" if ($cgiparams{'SUBJECTALTNAME'});
close ($fh);
- my $opt = " ca -md sha256 -days 999999";
+ my $opt = " ca -md sha256 -days 825";
$opt .= " -batch -notext";
$opt .= " -in ${General::swroot}/certs/hostreq.pem";
$opt .= " -out ${General::swroot}/certs/hostcert.pem";
print `/bin/cat ${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1].p12`;
exit (0);
+# Export Apple profile to browser
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download apple profile'}) {
+ &General::readhasharray("${General::swroot}/vpn/config", \%confighash);
+ my $key = $cgiparams{'KEY'};
+
+ # Create a UUID generator
+ my $uuid = Data::UUID->new();
+
+ my $uuid1 = $uuid->create_str();
+ my $uuid2 = $uuid->create_str();
+
+ my $cert = "";
+ my $cert_uuid = $uuid->create_str();
+
+ # Read and encode certificate
+ if ($confighash{$key}[4] eq "cert") {
+ my $cert_path = "${General::swroot}/certs/$confighash{$key}[1].p12";
+
+ # Read certificate and encode it into Base64
+ open(CERT, "<${cert_path}");
+ local($/) = undef; # slurp
+ $cert = MIME::Base64::encode_base64(<CERT>);
+ close(CERT);
+ }
+
+ print "Content-Type: application/octet-stream\n";
+ print "Content-Disposition: attachment; filename=" . $confighash{$key}[1] . ".mobileconfig\n";
+ print "\n"; # end headers
+
+ print "<!DOCTYPE plist PUBLIC \"-//Apple//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\">\n";
+ print "<plist version=\"1.0\">\n";
+ print " <dict>\n";
+ print " <key>PayloadDisplayName</key>\n";
+ print " <string>$confighash{$key}[1]</string>\n";
+ print " <key>PayloadIdentifier</key>\n";
+ print " <string>$confighash{$key}[1]</string>\n";
+ print " <key>PayloadUUID</key>\n";
+ print " <string>${uuid1}</string>\n";
+ print " <key>PayloadType</key>\n";
+ print " <string>Configuration</string>\n";
+ print " <key>PayloadVersion</key>\n";
+ print " <integer>1</integer>\n";
+ print " <key>PayloadContent</key>\n";
+ print " <array>\n";
+ print " <dict>\n";
+ print " <key>PayloadIdentifier</key>\n";
+ print " <string>org.example.vpn1.conf1</string>\n";
+ print " <key>PayloadUUID</key>\n";
+ print " <string>${uuid2}</string>\n";
+ print " <key>PayloadType</key>\n";
+ print " <string>com.apple.vpn.managed</string>\n";
+ print " <key>PayloadVersion</key>\n";
+ print " <integer>1</integer>\n";
+ print " <key>UserDefinedName</key>\n";
+ print " <string>$confighash{$key}[1]</string>\n";
+ print " <key>VPNType</key>\n";
+ print " <string>IKEv2</string>\n";
+ print " <key>IKEv2</key>\n";
+ print " <dict>\n";
+ print " <key>RemoteAddress</key>\n";
+ print " <string>18.206.152.26</string>\n";
+
+ # Left ID
+ if ($confighash{$key}[9]) {
+ print " <key>LocalIdentifier</key>\n";
+ print " <string>$confighash{$key}[9]</string>\n";
+ }
+
+ # Right ID
+ if ($confighash{$key}[7]) {
+ print " <key>RemoteIdentifier</key>\n";
+ print " <string>$confighash{$key}[7]</string>\n";
+ }
+
+ if ($confighash{$key}[4] eq "cert") {
+ print " <key>AuthenticationMethod</key>\n";
+ print " <string>Certificate</string>\n";
+
+ print " <key>PayloadCertificateUUID</key>\n";
+ print " <string>${cert_uuid}</string>\n";
+ } else {
+ print " <key>AuthenticationMethod</key>\n";
+ print " <string>SharedSecret</string>\n";
+ print " <key>SharedSecret</key>\n";
+ print " <string>$confighash{$key}[5]</string>\n";
+ }
+
+ print " <key>ExtendedAuthEnabled</key>\n";
+ print " <integer>0</integer>\n";
+ print " </dict>\n";
+ print " </dict>\n";
+
+ if ($confighash{$key}[4] eq "cert") {
+ print " <dict>\n";
+ print " <key>PayloadIdentifier</key>\n";
+ print " <string>org.example.vpn1.client</string>\n";
+ print " <key>PayloadUUID</key>\n";
+ print " <string>${cert_uuid}</string>\n";
+ print " <key>PayloadType</key>\n";
+ print " <string>com.apple.security.pkcs12</string>\n";
+ print " <key>PayloadVersion</key>\n";
+ print " <integer>1</integer>\n";
+ print " <key>PayloadContent</key>\n";
+ print " <data>\n";
+
+ foreach (split /\n/,${cert}) {
+ print " $_\n";
+ }
+
+ print " </data>\n";
+ print " </dict>\n";
+ }
+
+ print " </array>\n";
+ print " </dict>\n";
+ print "</plist>\n";
+
+ # Done
+ exit(0);
###
### Display certificate
###
&writeipsecfiles();
system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}) if (&vpnenabled);
} else {
- system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
$confighash{$cgiparams{'KEY'}}[0] = 'off';
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
&writeipsecfiles();
+ system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
}
sleep $sleepDelay;
} else {
&General::readhasharray("${General::swroot}/vpn/config", \%confighash);
if ($confighash{$cgiparams{'KEY'}}) {
- system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
unlink ("${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
unlink ("${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
delete $confighash{$cgiparams{'KEY'}};
&General::writehasharray("${General::swroot}/vpn/config", \%confighash);
&writeipsecfiles();
+ system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
} else {
$errormessage = $Lang::tr{'invalid key'};
}
# Sign the certificate request
&General::log("ipsec", "Signing your cert $cgiparams{'NAME'}...");
- my $opt = " ca -md sha256 -days 999999";
+ my $opt = " ca -md sha256 -days 825";
$opt .= " -batch -notext";
$opt .= " -in $filename";
$opt .= " -out ${General::swroot}/certs/$cgiparams{'NAME'}cert.pem";
print $fh "subjectAltName=$cgiparams{'SUBJECTALTNAME'}" if ($cgiparams{'SUBJECTALTNAME'});
close ($fh);
- my $opt = " ca -md sha256 -days 999999 -batch -notext";
+ my $opt = " ca -md sha256 -days 825 -batch -notext";
$opt .= " -in ${General::swroot}/certs/$cgiparams{'NAME'}req.pem";
$opt .= " -out ${General::swroot}/certs/$cgiparams{'NAME'}cert.pem";
$opt .= " -extfile $v3extname";
<th width='23%' class='boldbase' align='center'><b>$Lang::tr{'common name'}</b></th>
<th width='30%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
<th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
- <th class='boldbase' align='center' colspan='6'><b>$Lang::tr{'action'}</b></th>
+ <th class='boldbase' align='center' colspan='7'><b>$Lang::tr{'action'}</b></th>
</tr>
END
;
($line =~ /$confighash{$key}[1]\{.*INSTALLED/)) {
$col1="bgcolor='${Header::colourgreen}'";
$active = "<b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b>";
+ last;
} elsif ($line =~ /$confighash{$key}[1]\[.*CONNECTING/) {
$col1="bgcolor='${Header::colourorange}'";
$active = "<b><font color='#FFFFFF'>$Lang::tr{'vpn connecting'}</font></b>";
} else {
print "<td width='2%' $col> </td>";
}
+
+ # Apple Profile
+ if ($confighash{$key}[3] eq 'host') {
+ print <<END;
+ <td align='center' $col>
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='image' name='$Lang::tr{'download apple profile'}' src='/images/apple.png' alt='$Lang::tr{'download apple profile'}' title='$Lang::tr{'download apple profile'}' />
+ <input type='hidden' name='ACTION' value='$Lang::tr{'download apple profile'}' />
+ <input type='hidden' name='KEY' value='$key' />
+ </form>
+ </td>
+END
+ } else {
+ print "<td width='2%' $col> </td>";
+ }
+
print <<END
<td align='center' $col>
<form method='post' action='$ENV{'SCRIPT_NAME'}'>