]>
git.ipfire.org Git - people/meitelwein/ipfire-2.x.git/blob - html/cgi-bin/ovpnmain.cgi
2 # based on SmoothWall and IPCop CGIs
4 # This code is distributed under the terms of the GPL
5 # Main idea from zeroconcept
6 # ZERNINA-VERSION:0.9.7a9
7 # (c) 2005 Ufuk Altinkaynak
9 # Ipcop and OpenVPN eas as one two three..
13 use CGI qw
/:standard/ ;
16 use File
:: Temp qw
/ tempfile tempdir / ;
18 use Archive
:: Zip
qw(:ERROR_CODES :CONSTANTS) ;
20 require '/var/ipfire/general-functions.pl' ;
21 require '/home/httpd/cgi-bin/ovpnfunc.pl' ;
22 require "${General::swroot}/lang.pl" ;
23 require "${General::swroot}/header.pl" ;
24 require "${General::swroot}/countries.pl" ;
26 # enable only the following on debugging purpose
28 #use CGI::Carp 'fatalsToBrowser';
29 #workaround to suppress a warning when a variable is used only once
30 my @dummy = ( ${ Header
:: colourgreen
} );
36 ### Initialize variables
46 my $errormessage = '' ;
48 my $zerinaclient = '' ;
49 & General
:: readhash
( "${General::swroot}/ethernet/settings" , \
%netsettings );
50 $cgiparams { 'ENABLED' } = 'off' ;
51 $cgiparams { 'ENABLED_BLUE' } = 'off' ;
52 $cgiparams { 'ENABLED_ORANGE' } = 'off' ;
53 $cgiparams { 'EDIT_ADVANCED' } = 'off' ;
54 $cgiparams { 'NAT' } = 'off' ;
55 $cgiparams { 'COMPRESSION' } = 'off' ;
56 $cgiparams { 'ONLY_PROPOSED' } = 'off' ;
57 $cgiparams { 'ACTION' } = '' ;
58 $cgiparams { 'CA_NAME' } = '' ;
59 $cgiparams { 'DHCP_DOMAIN' } = '' ;
60 $cgiparams { 'DHCP_DNS' } = '' ;
61 $cgiparams { 'DHCP_WINS' } = '' ;
62 $cgiparams { 'DCOMPLZO' } = 'off' ;
63 & Header
:: getcgihash
( \
%cgiparams , { 'wantfile' => 1 , 'filevar' => 'FH' });
65 # prepare openvpn config file
71 ### OpenVPN Server Control
73 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'start ovpn server' } ||
74 $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'stop ovpn server' } ||
75 $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'restart ovpn server' }) {
76 my $serveractive = `/bin/ps ax|grep server.conf|grep -v grep|awk \' {print \ $1 } \' ` ;
78 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'start ovpn server' }){
79 & Ovpnfunc
:: emptyserverlog
();
80 system ( '/usr/local/bin/openvpnctrl' , '-s' );
83 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'stop ovpn server' }){
84 if ( $serveractive ne '' ){
85 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $serveractive );
87 system ( '/usr/local/bin/openvpnctrl' , '-k' );
88 & Ovpnfunc
:: emptyserverlog
();
90 # #restart openvpn server
91 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'restart ovpn server' }){
92 #workarund, till SIGHUP also works when running as nobody
93 if ( $serveractive ne '' ){
94 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $serveractive );
96 system ( '/usr/local/bin/openvpnctrl' , '-k' );
97 & Ovpnfunc
:: emptyserverlog
();
98 system ( '/usr/local/bin/openvpnctrl' , '-s' );
103 ### Save Advanced options
106 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save-adv-options' }) {
107 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
108 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
109 #DAN this value has to leave.
110 #new settings for daemon
111 $vpnsettings { 'LOG_VERB' } = $cgiparams { 'LOG_VERB' };
112 $vpnsettings { 'KEEPALIVE_1' } = $cgiparams { 'KEEPALIVE_1' };
113 $vpnsettings { 'KEEPALIVE_2' } = $cgiparams { 'KEEPALIVE_2' };
114 $vpnsettings { 'MAX_CLIENTS' } = $cgiparams { 'MAX_CLIENTS' };
115 $vpnsettings { 'REDIRECT_GW_DEF1' } = $cgiparams { 'REDIRECT_GW_DEF1' };
116 $vpnsettings { 'CLIENT2CLIENT' } = $cgiparams { 'CLIENT2CLIENT' };
117 $vpnsettings { 'DHCP_DOMAIN' } = $cgiparams { 'DHCP_DOMAIN' };
118 $vpnsettings { 'DHCP_DNS' } = $cgiparams { 'DHCP_DNS' };
119 $vpnsettings { 'DHCP_WINS' } = $cgiparams { 'DHCP_WINS' };
120 #additional push route
121 $vpnsettings { 'AD_ROUTE1' } = $cgiparams { 'AD_ROUTE1' };
122 $vpnsettings { 'AD_ROUTE2' } = $cgiparams { 'AD_ROUTE2' };
123 $vpnsettings { 'AD_ROUTE3' } = $cgiparams { 'AD_ROUTE3' };
124 #additional push route
126 #################################################################################
127 # Added by Philipp Jenni #
129 # Contact: philipp.jenni-at-gmx.ch #
131 # Description: Add the FAST-IO Parameter from OpenVPN to the Zerina Config #
132 # Add the NICE Parameter from OpenVPN to the Zerina Config #
133 # Add the MTU-DISC Parameter from OpenVPN to the Zerina Config #
134 # Add the MSSFIX Parameter from OpenVPN to the Zerina Config #
135 # Add the FRAMGMENT Parameter from OpenVPN to the Zerina Config #
136 #################################################################################
137 $vpnsettings { 'EXTENDED_FASTIO' } = $cgiparams { 'EXTENDED_FASTIO' };
138 $vpnsettings { 'EXTENDED_NICE' } = $cgiparams { 'EXTENDED_NICE' };
139 $vpnsettings { 'EXTENDED_MTUDISC' } = $cgiparams { 'EXTENDED_MTUDISC' };
140 $vpnsettings { 'EXTENDED_MSSFIX' } = $cgiparams { 'EXTENDED_MSSFIX' };
141 $vpnsettings { 'EXTENDED_FRAGMENT' } = $cgiparams { 'EXTENDED_FRAGMENT' };
142 #################################################################################
143 # End of Inserted Data #
144 #################################################################################
147 if ( $cgiparams { 'DHCP_DOMAIN' } ne '' ){
148 unless (& General
:: validfqdn
( $cgiparams { 'DHCP_DOMAIN' }) || & General
:: validip
( $cgiparams { 'DHCP_DOMAIN' })) {
149 $errormessage = $Lang :: tr
{ 'invalid input for dhcp domain' };
153 if ( $cgiparams { 'DHCP_DNS' } ne '' ){
154 unless (& General
:: validfqdn
( $cgiparams { 'DHCP_DNS' }) || & General
:: validip
( $cgiparams { 'DHCP_DNS' })) {
155 $errormessage = $Lang :: tr
{ 'invalid input for dhcp dns' };
159 if ( $cgiparams { 'DHCP_WINS' } ne '' ){
160 unless (& General
:: validfqdn
( $cgiparams { 'DHCP_WINS' }) || & General
:: validip
( $cgiparams { 'DHCP_WINS' })) {
161 $errormessage = $Lang :: tr
{ 'invalid input for dhcp wins' };
165 if ( $cgiparams { 'AD_ROUTE1' } ne '' ){
166 if (! & General
:: validipandmask
( $cgiparams { 'AD_ROUTE1' })) {
167 $errormessage = $Lang :: tr
{ 'route subnet is invalid' };
171 if ( $cgiparams { 'AD_ROUTE2' } ne '' ){
172 if (! & General
:: validipandmask
( $cgiparams { 'AD_ROUTE2' })) {
173 $errormessage = $Lang :: tr
{ 'route subnet is invalid' };
177 if ( $cgiparams { 'AD_ROUTE3' } ne '' ){
178 if (! & General
:: validipandmask
( $cgiparams { 'AD_ROUTE3' })) {
179 $errormessage = $Lang :: tr
{ 'route subnet is invalid' };
184 if (( length ( $cgiparams { 'MAX_CLIENTS' }) == 0 ) || (( $cgiparams { 'MAX_CLIENTS' }) < 1 ) || (( $cgiparams { 'MAX_CLIENTS' }) > 255 )) {
185 $errormessage = $Lang :: tr
{ 'invalid input for max clients' };
188 if ( $cgiparams { 'KEEPALIVE_1' } ne '' ) {
189 if ( $cgiparams { 'KEEPALIVE_1' } !~ /^[0-9]+$/ ) {
190 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 1' };
194 if ( $cgiparams { 'KEEPALIVE_2' } ne '' ){
195 if ( $cgiparams { 'KEEPALIVE_2' } !~ /^[0-9]+$/ ) {
196 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 2' };
200 if ( $cgiparams { 'KEEPALIVE_2' } < ( $cgiparams { 'KEEPALIVE_1' } * 2 )){
201 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 1:2' };
205 & General
:: writehash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
206 & Ovpnfunc
:: writeserverconf
(); #hier ok
210 ### Save main settings
212 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' } && $cgiparams { 'TYPE' } eq '' && $cgiparams { 'KEY' } eq '' ) {
213 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
214 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
215 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
216 #DAN this value has to leave.
217 if ( $cgiparams { 'ENABLED' } eq 'on' ){
218 unless (& General
:: validfqdn
( $cgiparams { 'VPN_IP' }) || & General
:: validip
( $cgiparams { 'VPN_IP' })) {
219 $errormessage = $Lang :: tr
{ 'invalid input for hostname' };
223 if ( $cgiparams { 'ENABLED' } eq 'on' ){
224 $errormessage = & Ovpnfunc
:: disallowreserved
( $cgiparams { 'DDEST_PORT' }, 0 , $cgiparams { 'DPROTOCOL' }, "dest" );
226 if ( $errormessage ) { goto SETTINGS_ERROR
; }
229 if ( $cgiparams { 'ENABLED' } eq 'on' ){
230 $errormessage = & Ovpnfunc
:: checkportfw
( 0 , $cgiparams { 'DDEST_PORT' }, $cgiparams { 'DPROTOCOL' }, '0.0.0.0' );
233 if ( $errormessage ) { goto SETTINGS_ERROR
; }
235 if (! & General
:: validipandmask
( $cgiparams { 'DOVPN_SUBNET' })) {
236 $errormessage = $Lang :: tr
{ 'ovpn subnet is invalid' };
239 my @tmpovpnsubnet = split ( "\/" , $cgiparams { 'DOVPN_SUBNET' });
240 $tmpovpnsubnet [ 1 ] = & Ovpnfunc
:: cidrormask
( $tmpovpnsubnet [ 1 ]);
241 $cgiparams { 'DOVPN_SUBNET' } = " $tmpovpnsubnet [0]/ $tmpovpnsubnet [1]" ; #convert from cidr
243 $errormessage = & Ovpnfunc
:: ovelapplausi
( $tmpovpnsubnet [ 0 ], $tmpovpnsubnet [ 1 ]);
245 if ( $errormessage ne '' ){
248 if ( $cgiparams { 'ENABLED' } !~ /^(on|off)$/ ) {
249 $errormessage = $Lang :: tr
{ 'invalid input' };
252 if (( length ( $cgiparams { 'DMTU' })== 0 ) || (( $cgiparams { 'DMTU' }) < 1000 )) {
253 $errormessage = $Lang :: tr
{ 'invalid mtu input' };
257 unless (& General
:: validport
( $cgiparams { 'DDEST_PORT' })) {
258 $errormessage = $Lang :: tr
{ 'invalid port' };
262 foreach my $dkey ( keys %confighash ) { #Check if there is no other entry with this name
263 if ( $confighash { $dkey }[ 14 ] eq $cgiparams { 'DPROTOCOL' } && $confighash { $dkey }[ 15 ] eq $cgiparams { 'DDEST_PORT' }){
264 $errormessage = "Choosed Protocol/Port combination is already used by connection: $confighash { $dkey }[1]" ;
269 $vpnsettings { 'ENABLED_BLUE' } = $cgiparams { 'ENABLED_BLUE' };
270 $vpnsettings { 'ENABLED_ORANGE' } = $cgiparams { 'ENABLED_ORANGE' };
271 $vpnsettings { 'ENABLED' } = $cgiparams { 'ENABLED' };
272 $vpnsettings { 'VPN_IP' } = $cgiparams { 'VPN_IP' };
273 #new settings for daemon
274 $vpnsettings { 'DOVPN_SUBNET' } = $cgiparams { 'DOVPN_SUBNET' };
275 $vpnsettings { 'DDEVICE' } = $cgiparams { 'DDEVICE' };
276 $vpnsettings { 'DPROTOCOL' } = $cgiparams { 'DPROTOCOL' };
277 $vpnsettings { 'DDEST_PORT' } = $cgiparams { 'DDEST_PORT' };
278 $vpnsettings { 'DMTU' } = $cgiparams { 'DMTU' };
279 $vpnsettings { 'DCOMPLZO' } = $cgiparams { 'DCOMPLZO' };
280 $vpnsettings { 'DCIPHER' } = $cgiparams { 'DCIPHER' };
281 #new settings for daemon
282 & General
:: writehash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
283 & Ovpnfunc
:: writeserverconf
(); #hier ok
288 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'reset' } && $cgiparams { 'AREUSURE' } eq 'yes' ) {
290 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
292 foreach my $key ( keys %confighash ) {
293 if ( $confighash { $key }[ 4 ] eq 'cert' ) {
294 delete $confighash { $cgiparams { ' $key ' }};
297 while ( $file = glob ( "${General::swroot}/ovpn/ca/*" )) {
300 while ( $file = glob ( "${General::swroot}/ovpn/certs/*" )) {
303 while ( $file = glob ( "${General::swroot}/ovpn/crls/*" )) {
306 & Ovpnfunc
:: cleanssldatabase
();
307 if ( open ( FILE
, ">${General::swroot}/ovpn/caconfig" )) {
311 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
315 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'reset' }) {
316 & Header
:: showhttpheaders
();
317 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
318 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
319 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'are you sure' });
321 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
322 <tr><td align='center'>
323 <b><font color='${Header::colourred}'> $Lang ::tr{'capswarning'}</font></b>:
324 $Lang ::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}
325 <tr><td align='center'><input type='submit' name='ACTION' value=' $Lang ::tr{'reset'}' />
326 <input type='submit' name='ACTION' value=' $Lang ::tr{'cancel'}' /></td></tr>
331 & Header
:: closebigbox
();
332 & Header
:: closepage
();
336 ### Upload CA Certificate
338 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'upload ca certificate' }) {
339 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
341 if ( $cgiparams { 'CA_NAME' } !~ /^[a-zA-Z0-9]+$/ ) {
342 $errormessage = $Lang :: tr
{ 'name must only contain characters' };
346 if ( length ( $cgiparams { 'CA_NAME' }) > 60 ) {
347 $errormessage = $Lang :: tr
{ 'name too long' };
351 if ( $cgiparams { 'CA_NAME' } eq 'ca' ) {
352 $errormessage = $Lang :: tr
{ 'name is invalid' };
353 goto UPLOAD_CA_ERROR
;
356 # Check if there is no other entry with this name
357 foreach my $key ( keys %cahash ) {
358 if ( $cahash { $key }[ 0 ] eq $cgiparams { 'CA_NAME' }) {
359 $errormessage = $Lang :: tr
{ 'a ca certificate with this name already exists' };
364 if ( ref ( $cgiparams { 'FH' }) ne 'Fh' ) {
365 $errormessage = $Lang :: tr
{ 'there was no file upload' };
368 # Move uploaded ca to a temporary file
369 ( my $fh , my $filename ) = tempfile
( );
370 if ( copy
( $cgiparams { 'FH' }, $fh ) != 1 ) {
374 my $temp = `/usr/bin/openssl x509 -text -in $filename ` ;
375 if ( $temp !~ /CA:TRUE/i ) {
376 $errormessage = $Lang :: tr
{ 'not a valid ca certificate' };
380 move
( $filename , "${General::swroot}/ovpn/ca/ $cgiparams {'CA_NAME'}cert.pem" );
382 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
388 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/ $cgiparams {'CA_NAME'}cert.pem` ;
389 $casubject =~ /Subject: (.*)[\n]/ ;
391 $casubject =~ s
+/ Email
+, E
+;
392 $casubject =~ s/ ST=/ S=/ ;
393 $casubject = & Header
:: cleanhtml
( $casubject );
395 my $key = & General
:: findhasharraykey
( \
%cahash );
396 $cahash { $key }[ 0 ] = $cgiparams { 'CA_NAME' };
397 $cahash { $key }[ 1 ] = $casubject ;
398 & General
:: writehasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
402 ### Display ca certificate
404 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'show ca certificate' }) {
405 & Ovpnfunc
:: displayca
( $cgiparams { 'KEY' });
407 ### Download ca certificate
409 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'download ca certificate' }) {
410 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
412 if ( - f
"${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem" ) {
413 print "Content-Type: application/octet-stream \r\n " ;
414 print "Content-Disposition: filename= $cahash { $cgiparams {'KEY'}}[0]cert.pem \r\n\r\n " ;
415 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem` ;
418 $errormessage = $Lang :: tr
{ 'invalid key' };
422 ### Remove ca certificate (step 2)
424 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'remove ca certificate' } && $cgiparams { 'AREUSURE' } eq 'yes' ) {
425 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
426 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
428 if ( - f
"${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem" ) {
429 foreach my $key ( keys %confighash ) {
430 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/ $confighash { $key }[1]cert.pem` ;
431 if ( $test =~ /: OK/ ) {
432 unlink ( "${General::swroot}/ovpn//certs/ $confighash { $key }[1]cert.pem" );
433 unlink ( "${General::swroot}/ovpn/certs/ $confighash { $key }[1].p12" );
434 delete $confighash { $key };
435 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
438 unlink ( "${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem" );
439 delete $cahash { $cgiparams { 'KEY' }};
440 & General
:: writehasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
442 $errormessage = $Lang :: tr
{ 'invalid key' };
445 ### Remove ca certificate (step 1)
447 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'remove ca certificate' }) {
448 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
449 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
451 my $assignedcerts = 0 ;
452 if ( - f
"${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem" ) {
453 foreach my $key ( keys %confighash ) {
454 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/ $confighash { $key }[1]cert.pem` ;
455 if ( $test =~ /: OK/ ) {
459 if ( $assignedcerts ) {
460 & Header
:: showhttpheaders
();
461 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
462 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
463 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'are you sure' });
465 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
466 <input type='hidden' name='KEY' value=' $cgiparams {'KEY'}' />
467 <tr><td align='center'>
468 <b><font color='${Header::colourred}'> $Lang ::tr{'capswarning'}</font></b>: $assignedcerts
469 $Lang ::tr{'connections are associated with this ca. deleting the ca will delete these connections as well.'}
470 <tr><td align='center'><input type='submit' name='ACTION' value=' $Lang ::tr{'remove ca certificate'}' />
471 <input type='submit' name='ACTION' value=' $Lang ::tr{'cancel'}' /></td></tr>
476 & Header
:: closebigbox
();
477 & Header
:: closepage
();
480 unlink ( "${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem" );
481 delete $cahash { $cgiparams { 'KEY' }};
482 & General
:: writehasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
483 # system('/usr/local/bin/ipsecctrl', 'R');
486 $errormessage = $Lang :: tr
{ 'invalid key' };
490 ### Display root certificate
492 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'show root certificate' } || $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'show host certificate' }) {
493 & Ovpnfunc
:: displayroothost
( $cgiparams { 'ACTION' });
495 ### Download root certificate
497 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'download root certificate' }) {
498 if ( - f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
499 print "Content-Type: application/octet-stream \r\n " ;
500 print "Content-Disposition: filename=cacert.pem \r\n\r\n " ;
501 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/cacert.pem` ;
506 ### Download host certificate
508 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'download host certificate' }) {
509 if ( - f
"${General::swroot}/ovpn/certs/servercert.pem" ) {
510 print "Content-Type: application/octet-stream \r\n " ;
511 print "Content-Disposition: filename=servercert.pem \r\n\r\n " ;
512 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem` ;
516 ### Form for generating a root certificate
518 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'generate root/host certificates' } ||
519 $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'upload p12 file' }) {
521 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
522 if (- f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
523 $errormessage = $Lang :: tr
{ 'valid root certificate already exists' };
524 $cgiparams { 'ACTION' } = '' ;
528 if (( $cgiparams { 'ROOTCERT_HOSTNAME' } eq '' ) && - e
"${General::swroot}/red/active" ) {
529 if ( open ( IPADDR
, "${General::swroot}/red/local-ipaddress" )) {
530 my $ipaddr = < IPADDR
>;
533 $cgiparams { 'ROOTCERT_HOSTNAME' } = ( gethostbyaddr ( pack ( "C4" , split ( /\./ , $ipaddr )), 2 ))[ 0 ];
534 if ( $cgiparams { 'ROOTCERT_HOSTNAME' } eq '' ) {
535 $cgiparams { 'ROOTCERT_HOSTNAME' } = $ipaddr ;
538 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'upload p12 file' }) {
540 if ( ref ( $cgiparams { 'FH' }) ne 'Fh' ) {
541 $errormessage = $Lang :: tr
{ 'there was no file upload' };
545 # Move uploaded certificate request to a temporary file
546 ( my $fh , my $filename ) = tempfile
( );
547 if ( copy
( $cgiparams { 'FH' }, $fh ) != 1 ) {
552 # Create a temporary dirctory
553 my $tempdir = tempdir
( CLEANUP
=> 1 );
555 # Extract the CA certificate from the file
556 my $pid = open ( OPENSSL
, "|-" );
557 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto ROOTCERT_ERROR
;};
559 if ( $cgiparams { 'P12_PASS' } ne '' ) {
560 print OPENSSL
" $cgiparams {'P12_PASS'} \n " ;
564 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
569 unless ( exec ( '/usr/bin/openssl' , 'pkcs12' , '-cacerts' , '-nokeys' ,
571 '-out' , " $tempdir /cacert.pem" )) {
572 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
578 # Extract the Host certificate from the file
579 $pid = open ( OPENSSL
, "|-" );
580 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto ROOTCERT_ERROR
;};
582 if ( $cgiparams { 'P12_PASS' } ne '' ) {
583 print OPENSSL
" $cgiparams {'P12_PASS'} \n " ;
587 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
592 unless ( exec ( '/usr/bin/openssl' , 'pkcs12' , '-clcerts' , '-nokeys' ,
594 '-out' , " $tempdir /hostcert.pem" )) {
595 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
601 # Extract the Host key from the file
602 $pid = open ( OPENSSL
, "|-" );
603 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto ROOTCERT_ERROR
;};
605 if ( $cgiparams { 'P12_PASS' } ne '' ) {
606 print OPENSSL
" $cgiparams {'P12_PASS'} \n " ;
610 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
615 unless ( exec ( '/usr/bin/openssl' , 'pkcs12' , '-nocerts' ,
618 '-out' , " $tempdir /serverkey.pem" )) {
619 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
625 move
( " $tempdir /cacert.pem" , "${General::swroot}/ovpn/ca/cacert.pem" );
627 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
629 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
630 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
631 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
635 move
( " $tempdir /hostcert.pem" , "${General::swroot}/ovpn/certs/servercert.pem" );
637 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
639 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
640 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
641 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
645 move
( " $tempdir /serverkey.pem" , "${General::swroot}/ovpn/certs/serverkey.pem" );
647 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
649 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
650 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
651 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
655 goto ROOTCERT_SUCCESS
;
657 } elsif ( $cgiparams { 'ROOTCERT_COUNTRY' } ne '' ) {
659 # Validate input since the form was submitted
660 if ( $cgiparams { 'ROOTCERT_ORGANIZATION' } eq '' ){
661 $errormessage = $Lang :: tr
{ 'organization cant be empty' };
664 if ( length ( $cgiparams { 'ROOTCERT_ORGANIZATION' }) > 60 ) {
665 $errormessage = $Lang :: tr
{ 'organization too long' };
668 if ( $cgiparams { 'ROOTCERT_ORGANIZATION' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
669 $errormessage = $Lang :: tr
{ 'invalid input for organization' };
672 if ( $cgiparams { 'ROOTCERT_HOSTNAME' } eq '' ){
673 $errormessage = $Lang :: tr
{ 'hostname cant be empty' };
676 unless (& General
:: validfqdn
( $cgiparams { 'ROOTCERT_HOSTNAME' }) || & General
:: validip
( $cgiparams { 'ROOTCERT_HOSTNAME' })) {
677 $errormessage = $Lang :: tr
{ 'invalid input for hostname' };
680 if ( $cgiparams { 'ROOTCERT_EMAIL' } ne '' && (! & General
:: validemail
( $cgiparams { 'ROOTCERT_EMAIL' }))) {
681 $errormessage = $Lang :: tr
{ 'invalid input for e-mail address' };
684 if ( length ( $cgiparams { 'ROOTCERT_EMAIL' }) > 40 ) {
685 $errormessage = $Lang :: tr
{ 'e-mail address too long' };
688 if ( $cgiparams { 'ROOTCERT_OU' } ne '' && $cgiparams { 'ROOTCERT_OU' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
689 $errormessage = $Lang :: tr
{ 'invalid input for department' };
692 if ( $cgiparams { 'ROOTCERT_CITY' } ne '' && $cgiparams { 'ROOTCERT_CITY' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
693 $errormessage = $Lang :: tr
{ 'invalid input for city' };
696 if ( $cgiparams { 'ROOTCERT_STATE' } ne '' && $cgiparams { 'ROOTCERT_STATE' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
697 $errormessage = $Lang :: tr
{ 'invalid input for state or province' };
700 if ( $cgiparams { 'ROOTCERT_COUNTRY' } !~ /^[A-Z]*$/ ) {
701 $errormessage = $Lang :: tr
{ 'invalid input for country' };
705 # Copy the cgisettings to vpnsettings and save the configfile
706 $vpnsettings { 'ROOTCERT_ORGANIZATION' } = $cgiparams { 'ROOTCERT_ORGANIZATION' };
707 $vpnsettings { 'ROOTCERT_HOSTNAME' } = $cgiparams { 'ROOTCERT_HOSTNAME' };
708 $vpnsettings { 'ROOTCERT_EMAIL' } = $cgiparams { 'ROOTCERT_EMAIL' };
709 $vpnsettings { 'ROOTCERT_OU' } = $cgiparams { 'ROOTCERT_OU' };
710 $vpnsettings { 'ROOTCERT_CITY' } = $cgiparams { 'ROOTCERT_CITY' };
711 $vpnsettings { 'ROOTCERT_STATE' } = $cgiparams { 'ROOTCERT_STATE' };
712 $vpnsettings { 'ROOTCERT_COUNTRY' } = $cgiparams { 'ROOTCERT_COUNTRY' };
713 & General
:: writehash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
715 # Replace empty strings with a .
716 ( my $ou = $cgiparams { 'ROOTCERT_OU' }) =~ s/^\s*$/\./ ;
717 ( my $city = $cgiparams { 'ROOTCERT_CITY' }) =~ s/^\s*$/\./ ;
718 ( my $state = $cgiparams { 'ROOTCERT_STATE' }) =~ s/^\s*$/\./ ;
721 #system ('/bin/touch', "${General::swroot}/ovpn/gencanow");
723 # Create the CA certificate
724 my $pid = open ( OPENSSL
, "|-" );
725 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto ROOTCERT_ERROR
;};
727 print OPENSSL
" $cgiparams {'ROOTCERT_COUNTRY'} \n " ;
728 print OPENSSL
" $state \n " ;
729 print OPENSSL
" $city \n " ;
730 print OPENSSL
" $cgiparams {'ROOTCERT_ORGANIZATION'} \n " ;
731 print OPENSSL
" $ou \n " ;
732 print OPENSSL
" $cgiparams {'ROOTCERT_ORGANIZATION'} CA \n " ;
733 print OPENSSL
" $cgiparams {'ROOTCERT_EMAIL'} \n " ;
736 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
737 unlink ( "${General::swroot}/ovpn/ca/cakey.pem" );
738 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
742 unless ( exec ( '/usr/bin/openssl' , 'req' , '-x509' , '-nodes' , '-rand' , '/proc/interrupts:/proc/net/rt_cache' ,
743 '-days' , '999999' , '-newkey' , 'rsa:2048' ,
744 '-keyout' , "${General::swroot}/ovpn/ca/cakey.pem" ,
745 '-out' , "${General::swroot}/ovpn/ca/cacert.pem" ,
746 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
747 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
752 # Create the Host certificate request
753 $pid = open ( OPENSSL
, "|-" );
754 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto ROOTCERT_ERROR
;};
756 print OPENSSL
" $cgiparams {'ROOTCERT_COUNTRY'} \n " ;
757 print OPENSSL
" $state \n " ;
758 print OPENSSL
" $city \n " ;
759 print OPENSSL
" $cgiparams {'ROOTCERT_ORGANIZATION'} \n " ;
760 print OPENSSL
" $ou \n " ;
761 print OPENSSL
" $cgiparams {'ROOTCERT_HOSTNAME'} \n " ;
762 print OPENSSL
" $cgiparams {'ROOTCERT_EMAIL'} \n " ;
767 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
768 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
769 unlink ( "${General::swroot}/ovpn/certs/serverreq.pem" );
773 unless ( exec ( '/usr/bin/openssl' , 'req' , '-nodes' , '-rand' , '/proc/interrupts:/proc/net/rt_cache' ,
774 '-newkey' , 'rsa:1024' ,
775 '-keyout' , "${General::swroot}/ovpn/certs/serverkey.pem" ,
776 '-out' , "${General::swroot}/ovpn/certs/serverreq.pem" ,
777 '-extensions' , 'server' ,
778 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
779 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
780 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
781 unlink ( "${General::swroot}/ovpn/certs/serverreq.pem" );
782 unlink ( "${General::swroot}/ovpn/ca/cakey.pem" );
783 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
788 # Sign the host certificate request
789 system ( '/usr/bin/openssl' , 'ca' , '-days' , '999999' ,
791 '-in' , "${General::swroot}/ovpn/certs/serverreq.pem" ,
792 '-out' , "${General::swroot}/ovpn/certs/servercert.pem" ,
793 '-extensions' , 'server' ,
794 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" );
796 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
797 unlink ( "${General::swroot}/ovpn/ca/cakey.pem" );
798 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
799 unlink ( "${General::swroot}/ovpn/serverkey.pem" );
800 unlink ( "${General::swroot}/ovpn/certs/serverreq.pem" );
801 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
802 & Ovpnfunc
:: newcleanssldatabase
();
805 unlink ( "${General::swroot}/ovpn/certs/serverreq.pem" );
806 & Ovpnfunc
:: deletebackupcert
();
809 # Create an empty CRL
810 system ( '/usr/bin/openssl' , 'ca' , '-gencrl' ,
811 '-out' , "${General::swroot}/ovpn/crls/cacrl.pem" ,
812 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" );
814 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
815 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
816 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
817 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
818 unlink ( "${General::swroot}/ovpn/crls/cacrl.pem" );
819 & Ovpnfunc
:: cleanssldatabase
();
822 # Create Diffie Hellmann Parameter
823 system ( '/usr/bin/openssl' , 'dhparam' , '-rand' , '/proc/interrupts:/proc/net/rt_cache' ,
824 '-out' , "${General::swroot}/ovpn/ca/dh1024.pem" ,
827 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
828 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
829 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
830 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
831 unlink ( "${General::swroot}/ovpn/crls/cacrl.pem" );
832 unlink ( "${General::swroot}/ovpn/ca/dh1024.pem" );
833 & Ovpnfunc
:: cleanssldatabase
();
836 goto ROOTCERT_SUCCESS
;
839 if ( $cgiparams { 'ACTION' } ne '' ) {
840 & Header
:: showhttpheaders
();
841 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
842 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
844 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
845 print "<class name='base'> $errormessage " ;
846 print " </class>" ;
849 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'generate root/host certificates'}:" );
851 <form method='post' enctype='multipart/form-data'>
852 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
853 <tr><td width='30%' class='base'> $Lang ::tr{'organization name'}:</td>
854 <td width='35%' class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_ORGANIZATION' value=' $cgiparams {'ROOTCERT_ORGANIZATION'}' size='32' /></td>
855 <td width='35%' colspan='2'> </td></tr>
856 <tr><td class='base'> $Lang ::tr{'ipfires hostname'}:</td>
857 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_HOSTNAME' value=' $cgiparams {'ROOTCERT_HOSTNAME'}' size='32' /></td>
858 <td colspan='2'> </td></tr>
859 <tr><td class='base'> $Lang ::tr{'your e-mail'}: <img src='/blob.gif' alt'*' /></td>
860 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_EMAIL' value=' $cgiparams {'ROOTCERT_EMAIL'}' size='32' /></td>
861 <td colspan='2'> </td></tr>
862 <tr><td class='base'> $Lang ::tr{'your department'}: <img src='/blob.gif' alt'*' /></td>
863 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_OU' value=' $cgiparams {'ROOTCERT_OU'}' size='32' /></td>
864 <td colspan='2'> </td></tr>
865 <tr><td class='base'> $Lang ::tr{'city'}: <img src='/blob.gif' alt'*' /></td>
866 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_CITY' value=' $cgiparams {'ROOTCERT_CITY'}' size='32' /></td>
867 <td colspan='2'> </td></tr>
868 <tr><td class='base'> $Lang ::tr{'state or province'}: <img src='/blob.gif' alt'*' /></td>
869 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_STATE' value=' $cgiparams {'ROOTCERT_STATE'}' size='32' /></td>
870 <td colspan='2'> </td></tr>
871 <tr><td class='base'> $Lang ::tr{'country'}:</td>
872 <td class='base'><select name='ROOTCERT_COUNTRY'>
876 foreach my $country ( sort keys %{ Countries
:: countries
}) {
877 print "<option value=' $Countries ::countries{ $country }'" ;
878 if ( $Countries :: countries
{ $country } eq $cgiparams { 'ROOTCERT_COUNTRY' } ) {
879 print " selected='selected'" ;
881 print "> $country </option>" ;
885 <td colspan='2'> </td></tr>
887 <td><input type='submit' name='ACTION' value=' $Lang ::tr{'generate root/host certificates'}' /></td>
888 <td> </td><td> </td></tr>
889 <tr><td class='base' colspan='4' align='left'>
890 <img src='/blob.gif' valign='top' alt='*' /> $Lang ::tr{'this field may be blank'}</td></tr>
891 <tr><td class='base' colspan='4' align='left'>
892 <b><font color='${Header::colourred}'> $Lang ::tr{'capswarning'}</font></b>:
893 $Lang ::tr{'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient'}
895 <tr><td colspan='4' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr>
896 <tr><td class='base' nowrap='nowrap'> $Lang ::tr{'upload p12 file'}:</td>
897 <td nowrap='nowrap'><input type='file' name='FH' size='32'></td>
898 <td colspan='2'> </td></tr>
899 <tr><td class='base'> $Lang ::tr{'pkcs12 file password'}: <img src='/blob.gif' alt='*' ></td>
900 <td class='base' nowrap='nowrap'><input type='password' name='P12_PASS' value=' $cgiparams {'P12_PASS'}' size='32' /></td>
901 <td colspan='2'> </td></tr>
903 <td><input type='submit' name='ACTION' value=' $Lang ::tr{'upload p12 file'}' /></td>
904 <td colspan='2'> </td></tr>
905 <tr><td class='base' colspan='4' align='left'>
906 <img src='/blob.gif' valign='top' al='*' > $Lang ::tr{'this field may be blank'}</td></tr>
912 & Header
:: closebigbox
();
913 & Header
:: closepage
();
918 system ( "chmod 600 ${General::swroot}/ovpn/certs/serverkey.pem" );
921 ### Enable/Disable connection
923 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'toggle enable disable' }) {
924 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
925 if ( $confighash { $cgiparams { 'KEY' }}) {
926 my $n2nactive = `/bin/ps ax|grep $confighash { $cgiparams {'KEY'}}[1].conf|grep -v grep|awk \' {print \ $1 } \' ` ;
927 if ( $confighash { $cgiparams { 'KEY' }}[ 0 ] eq 'off' ) {
928 $confighash { $cgiparams { 'KEY' }}[ 0 ] = 'on' ;
929 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
930 if ( $n2nactive eq '' ){
931 system ( '/usr/local/bin/openvpnctrl' , '-sn2n' , $confighash { $cgiparams { 'KEY' }}[ 1 ]);
933 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $n2nactive );
934 system ( '/usr/local/bin/openvpnctrl' , '-sn2n' , $confighash { $cgiparams { 'KEY' }}[ 1 ]);
937 $confighash { $cgiparams { 'KEY' }}[ 0 ] = 'off' ;
938 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
939 if ( $n2nactive ne '' ){
940 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $n2nactive );
944 $errormessage = $Lang :: tr
{ 'invalid key' };
948 ### Download OpenVPN client package
950 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'dl client arch' }) {
951 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
952 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
957 my $uhost = `/bin/uname -n` ;
959 my @uhost2 = split /\./ , $uhost ;
960 $uhost3 = $uhost2 [ 0 ];
964 my $tempdir = tempdir
( CLEANUP
=> 1 );
965 my $zippath = " $tempdir /" ;
966 my $zipname = " $confighash { $cgiparams {'KEY'}}[1]-TO- $uhost3 .zip" ;
967 my $zippathname = " $zippath $zipname " ;
969 if ( $confighash { $cgiparams { 'KEY' }}[ 3 ] eq 'net' ){
970 $zerinaclient = 'true' ;
971 & Ovpnfunc
:: writenet2netconf
( $cgiparams { 'KEY' }, $zerinaclient );
974 $clientovpn = " $confighash { $cgiparams {'KEY'}}[1]-TO- $uhost3 .ovpn" ;
975 open ( CLIENTCONF
, "> $tempdir / $clientovpn " ) or die "Unable to open tempfile: $clientovpn $!" ;
978 my $zip = Archive
:: Zip
-> new ();
980 print CLIENTCONF
"#OpenVPN Client conf \r\n " ;
981 print CLIENTCONF
"tls-client \r\n " ;
982 print CLIENTCONF
"client \r\n " ;
983 print CLIENTCONF
"dev $vpnsettings {'DDEVICE'} \r\n " ;
984 if ( $vpnsettings { 'DPROTOCOL' } eq 'tcp' ) {
985 print CLIENTCONF
"proto $vpnsettings {'DPROTOCOL'}-client \r\n " ;
987 print CLIENTCONF
"proto $vpnsettings {'DPROTOCOL'} \r\n " ;
989 print CLIENTCONF
" $vpnsettings {'DDEVICE'}-mtu $vpnsettings {'DMTU'} \r\n " ;
990 if ( $vpnsettings { 'ENABLED' } eq 'on' ){
991 print CLIENTCONF
"remote $vpnsettings {'VPN_IP'} $vpnsettings {'DDEST_PORT'} \r\n " ;
992 if ( $vpnsettings { 'ENABLED_BLUE' } eq 'on' && (& Ovpnfunc
:: haveBlueNet
())){
993 print CLIENTCONF
"#Coment the above line and uncoment the next line, if you want to connect on the Blue interface \r\n " ;
994 print CLIENTCONF
";remote $netsettings {'BLUE_ADDRESS'} $vpnsettings {'DDEST_PORT'} \r\n " ;
996 if ( $vpnsettings { 'ENABLED_ORANGE' } eq 'on' && (& Ovpnfunc
:: haveOrangeNet
())){
997 print CLIENTCONF
"#Coment the above line and uncoment the next line, if you want to connect on the Orange interface \r\n " ;
998 print CLIENTCONF
";remote $netsettings {'ORANGE_ADDRESS'} $vpnsettings {'DDEST_PORT'} \r\n " ;
1000 } elsif ( $vpnsettings { 'ENABLED_BLUE' } eq 'on' && (& Ovpnfunc
:: haveBlueNet
())){
1001 print CLIENTCONF
"remote $netsettings {'BLUE_ADDRESS'} $vpnsettings {'DDEST_PORT'} \r\n " ;
1002 if ( $vpnsettings { 'ENABLED_ORANGE' } eq 'on' && (& Ovpnfunc
:: haveOrangeNet
())){
1003 print CLIENTCONF
"#Coment the above line and uncoment the next line, if you want to connect on the Orange interface \r\n " ;
1004 print CLIENTCONF
";remote $netsettings {'ORANGE_ADDRESS'} $vpnsettings {'DDEST_PORT'} \r\n " ;
1006 } elsif ( $vpnsettings { 'ENABLED_ORANGE' } eq 'on' && (& Ovpnfunc
:: haveOrangeNet
())){
1007 print CLIENTCONF
"remote $netsettings {'ORANGE_ADDRESS'} $vpnsettings {'DDEST_PORT'} \r\n " ;
1010 if ( $confighash { $cgiparams { 'KEY' }}[ 4 ] eq 'cert' && - f
"${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1].p12" ) {
1011 print CLIENTCONF
"pkcs12 $confighash { $cgiparams {'KEY'}}[1].p12 \r\n " ;
1012 $zip -> addFile ( "${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1].p12" , " $confighash { $cgiparams {'KEY'}}[1].p12" ) or die "Can't add file $confighash { $cgiparams {'KEY'}}[1].p12 \n " ;
1014 print CLIENTCONF
"ca cacert.pem \r\n " ;
1015 print CLIENTCONF
"cert $confighash { $cgiparams {'KEY'}}[1]cert.pem \r\n " ;
1016 print CLIENTCONF
"key $confighash { $cgiparams {'KEY'}}[1].key \r\n " ;
1017 $zip -> addFile ( "${General::swroot}/ovpn/ca/cacert.pem" , "cacert.pem" ) or die "Can't add file cacert.pem \n " ;
1018 $zip -> addFile ( "${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem" , " $confighash { $cgiparams {'KEY'}}[1]cert.pem" ) or die "Can't add file $confighash { $cgiparams {'KEY'}}[1]cert.pem \n " ;
1020 print CLIENTCONF
"cipher $vpnsettings {DCIPHER} \r\n " ;
1021 if ( $vpnsettings { DCOMPLZO
} eq 'on' ) {
1022 print CLIENTCONF
"comp-lzo \r\n " ;
1024 print CLIENTCONF
"verb 3 \r\n " ;
1025 print CLIENTCONF
"ns-cert-type server \r\n " ;
1027 $zip -> addFile ( " $tempdir / $clientovpn " , $clientovpn ) or die "Can't add file $clientovpn \n " ;
1028 my $status = $zip -> writeToFileNamed ( $zippathname );
1030 open ( DLFILE
, "< $zippathname " ) or die "Unable to open $zippathname : $!" ;
1031 @fileholder = < DLFILE
>;
1032 print "Content-Type:application/x-download \n " ;
1033 print "Content-Disposition:attachment;filename= $zipname \n\n " ;
1038 ### Remove connection
1040 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'remove' }) {
1041 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
1042 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1043 if ( $confighash { $cgiparams { 'KEY' }}) {
1044 if ( $confighash { $cgiparams { 'KEY' }}[ 19 ] eq 'yes' ) {
1045 & Ovpnfunc
:: killconnection
( $cgiparams { 'KEY' });
1046 & Ovpnfunc
:: removenet2netconf
( $cgiparams { 'KEY' });
1047 delete $confighash { $cgiparams { 'KEY' }};
1048 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1050 my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf` ;
1051 unlink ( "${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem" );
1052 unlink ( "${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1].p12" );
1053 & Ovpnfunc
:: killconnection
( $cgiparams { 'KEY' });
1054 & Ovpnfunc
:: removenet2netconf
( $cgiparams { 'KEY' });
1055 delete $confighash { $cgiparams { 'KEY' }};
1056 my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf` ;
1057 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1060 $errormessage = $Lang :: tr
{ 'invalid key' };
1063 ### Download PKCS12 file
1065 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'download pkcs12 file' }) {
1066 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1068 print "Content-Disposition: filename=" . $confighash { $cgiparams { 'KEY' }}[ 1 ] . ".p12 \r\n " ;
1069 print "Content-Type: application/octet-stream \r\n\r\n " ;
1070 print `/bin/cat ${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1].p12` ;
1074 ### Display certificate
1076 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'show certificate' }) {
1077 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1079 if ( - f
"${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem" ) {
1080 & Header
:: showhttpheaders
();
1081 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
1082 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
1083 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'certificate'}:" );
1084 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem` ;
1085 $output = & Header
:: cleanhtml
( $output , "y" );
1086 print "<pre> $output </pre> \n " ;
1087 & Header
:: closebox
();
1088 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'> $Lang ::tr{'back'}</a></div>" ;
1089 & Header
:: closebigbox
();
1090 & Header
:: closepage
();
1094 ### Display Certificate Revoke List
1096 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'show crl' }) {
1097 if ( - f
"${General::swroot}/ovpn/crls/cacrl.pem" ) {
1098 & Header
:: showhttpheaders
();
1099 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
1100 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
1101 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'crl'}:" );
1102 my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem` ;
1103 $output = & Header
:: cleanhtml
( $output , "y" );
1104 print "<pre> $output </pre> \n " ;
1105 & Header
:: closebox
();
1106 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'> $Lang ::tr{'back'}</a></div>" ;
1107 & Header
:: closebigbox
();
1108 & Header
:: closepage
();
1113 ### Advanced Server Settings
1116 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'advanced server' }) {
1120 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%cgiparams );
1123 if ( $cgiparams { 'MAX_CLIENTS' } eq '' ) {
1124 $cgiparams { 'MAX_CLIENTS' } = '100' ;
1127 if ( $cgiparams { 'KEEPALIVE_1' } eq '' ) {
1128 $cgiparams { 'KEEPALIVE_1' } = '10' ;
1130 if ( $cgiparams { 'KEEPALIVE_2' } eq '' ) {
1131 $cgiparams { 'KEEPALIVE_2' } = '60' ;
1133 if ( $cgiparams { 'LOG_VERB' } eq '' ) {
1134 $cgiparams { 'LOG_VERB' } = '3' ;
1136 if ( $cgiparams { 'EXTENDED_NICE' } eq '' ) {
1137 $cgiparams { 'EXTENDED_NICE' } = '0' ;
1139 $checked { 'CLIENT2CLIENT' }{ 'off' } = '' ;
1140 $checked { 'CLIENT2CLIENT' }{ 'on' } = '' ;
1141 $checked { 'CLIENT2CLIENT' }{ $cgiparams { 'CLIENT2CLIENT' }} = 'CHECKED' ;
1142 $checked { 'REDIRECT_GW_DEF1' }{ 'off' } = '' ;
1143 $checked { 'REDIRECT_GW_DEF1' }{ 'on' } = '' ;
1144 $checked { 'REDIRECT_GW_DEF1' }{ $cgiparams { 'REDIRECT_GW_DEF1' }} = 'CHECKED' ;
1145 $selected { 'LOG_VERB' }{ '1' } = '' ;
1146 $selected { 'LOG_VERB' }{ '2' } = '' ;
1147 $selected { 'LOG_VERB' }{ '3' } = '' ;
1148 $selected { 'LOG_VERB' }{ '4' } = '' ;
1149 $selected { 'LOG_VERB' }{ '5' } = '' ;
1150 $selected { 'LOG_VERB' }{ '6' } = '' ;
1151 $selected { 'LOG_VERB' }{ '7' } = '' ;
1152 $selected { 'LOG_VERB' }{ '8' } = '' ;
1153 $selected { 'LOG_VERB' }{ '9' } = '' ;
1154 $selected { 'LOG_VERB' }{ '10' } = '' ;
1155 $selected { 'LOG_VERB' }{ '11' } = '' ;
1156 $selected { 'LOG_VERB' }{ '0' } = '' ;
1157 $selected { 'LOG_VERB' }{ $cgiparams { 'LOG_VERB' }} = 'SELECTED' ;
1159 #################################################################################
1160 # Added by Philipp Jenni #
1162 # Contact: philipp.jenni-at-gmx.ch #
1163 # Date: 2006-04-22 #
1164 # Description: Definitions to set the FASTIO Checkbox #
1165 # Definitions to set the MTUDISC Checkbox #
1166 # Definitions to set the NICE Selectionbox #
1167 #################################################################################
1168 $checked { 'EXTENDED_FASTIO' }{ 'off' } = '' ;
1169 $checked { 'EXTENDED_FASTIO' }{ 'on' } = '' ;
1170 $checked { 'EXTENDED_FASTIO' }{ $cgiparams { 'EXTENDED_FASTIO' }} = 'CHECKED' ;
1171 $checked { 'EXTENDED_MTUDISC' }{ 'off' } = '' ;
1172 $checked { 'EXTENDED_MTUDISC' }{ 'on' } = '' ;
1173 $checked { 'EXTENDED_MTUDISC' }{ $cgiparams { 'EXTENDED_MTUDISC' }} = 'CHECKED' ;
1174 $selected { 'EXTENDED_NICE' }{ '-13' } = '' ;
1175 $selected { 'EXTENDED_NICE' }{ '-10' } = '' ;
1176 $selected { 'EXTENDED_NICE' }{ '-7' } = '' ;
1177 $selected { 'EXTENDED_NICE' }{ '-3' } = '' ;
1178 $selected { 'EXTENDED_NICE' }{ '0' } = '' ;
1179 $selected { 'EXTENDED_NICE' }{ '3' } = '' ;
1180 $selected { 'EXTENDED_NICE' }{ '7' } = '' ;
1181 $selected { 'EXTENDED_NICE' }{ '10' } = '' ;
1182 $selected { 'EXTENDED_NICE' }{ '13' } = '' ;
1183 $selected { 'EXTENDED_NICE' }{ $cgiparams { 'EXTENDED_NICE' }} = 'SELECTED' ;
1184 #################################################################################
1185 # End of inserted Data #
1186 #################################################################################
1188 & Header
:: showhttpheaders
();
1189 & Header
:: openpage
( $Lang :: tr
{ 'status ovpn' }, 1 , '' );
1190 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
1191 if ( $errormessage ) {
1192 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
1193 print "<class name='base'> $errormessage \n " ;
1194 print " </class> \n " ;
1195 & Header
:: closebox
();
1197 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'advanced server' });
1199 <form method='post' enctype='multipart/form-data'>
1200 <table width='100%'>
1202 <td colspan='4'><b> $Lang ::tr{'dhcp-options'}</b></td>
1205 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1208 <td class='base'>Domain</td>
1209 <td><input type='TEXT' name='DHCP_DOMAIN' value=' $cgiparams {'DHCP_DOMAIN'}' size='30' /></td>
1212 <td class='base'>DNS</td>
1213 <td><input type='TEXT' name='DHCP_DNS' value=' $cgiparams {'DHCP_DNS'}' size='30' /></td>
1216 <td class='base'>WINS</td>
1217 <td><input type='TEXT' name='DHCP_WINS' value=' $cgiparams {'DHCP_WINS'}' size='30' /></td>
1221 <!-- Additional push route START-->
1222 <table width='100%'>
1224 <td colspan='4'><b> $Lang ::tr{'add-route'}</b></td>
1227 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1230 <td class='base'> $Lang ::tr{'subnet'} 1</td>
1231 <td><input type='TEXT' name='AD_ROUTE1' value=' $cgiparams {'AD_ROUTE1'}' size='30' /></td>
1234 <td class='base'> $Lang ::tr{'subnet'} 2</td>
1235 <td><input type='TEXT' name='AD_ROUTE2' value=' $cgiparams {'AD_ROUTE2'}' size='30' /></td>
1238 <td class='base'> $Lang ::tr{'subnet'} 3</td>
1239 <td><input type='TEXT' name='AD_ROUTE3' value=' $cgiparams {'AD_ROUTE3'}' size='30' /></td>
1243 <!-- Additional push route END -->
1244 < table width
= '100%' >
1246 < td
class 'base' >< b
> $Lang :: tr
{ 'misc-options' }< /b></ td
>
1249 < td width
= '25%' >< /td> <td width='20%'> </ td
>< td width
= '25%' > < /td><td width='30%'></ td
>
1252 < td
class = 'base' > Client
- To
- Client
</ td
>
1253 < td
>< input type
= 'checkbox' name
= 'CLIENT2CLIENT' $checked { 'CLIENT2CLIENT' }{ 'on' } /></ td
>
1256 < td
class = 'base' > Redirect
- Gateway def1
</ td
>
1257 < td
>< input type
= 'checkbox' name
= 'REDIRECT_GW_DEF1' $checked { 'REDIRECT_GW_DEF1' }{ 'on' } /></ td
>
1260 < td
class = 'base' > Max
- Clients
</ td
>
1261 < td
>< input type
= 'text' name
= 'MAX_CLIENTS' value
= ' $cgiparams {' MAX_CLIENTS
'}' size
= '30' /></ td
>
1263 < td
class = 'base' > Keppalive
( ping
/ping-restart)</ td
>
1264 < td
>< input type
= 'TEXT' name
= 'KEEPALIVE_1' value
= ' $cgiparams {' KEEPALIVE_1
'}' size
= '30' /></ td
>
1265 < td
>< input type
= 'TEXT' name
= 'KEEPALIVE_2' value
= ' $cgiparams {' KEEPALIVE_2
'}' size
= '30' /></ td
>
1269 #################################################################################
1270 # Added by Philipp Jenni #
1272 # Contact: philipp.jenni-at-gmx.ch #
1273 # Date: 2006-04-22 #
1274 # Description: Add the FAST-IO Checkbox to the HTML Form #
1275 # Add the NICE Selectionbox to the HTML Form #
1276 # Add the MTU-DISC Checkbox to the HTML Form #
1277 # Add the MSSFIX Textbox to the HTML Form #
1278 # Add the FRAMGMENT Textbox to the HTML Form #
1280 # 2006-04-27 Include Multilanguage-Support #
1281 #################################################################################
1285 < td
class = 'base' > $Lang :: tr
{ 'ovpn_processprio' }</ td
>
1287 < select name
= 'EXTENDED_NICE' >
1288 < option value
= '-13' $selected { 'EXTENDED_NICE' }{ '-13' }> $Lang :: tr
{ 'ovpn_processprioEH' }</ option
>
1289 < option value
= '-10' $selected { 'EXTENDED_NICE' }{ '-10' }> $Lang :: tr
{ 'ovpn_processprioVH' }</ option
>
1290 < option value
= '-7' $selected { 'EXTENDED_NICE' }{ '-7' }> $Lang :: tr
{ 'ovpn_processprioH' }</ option
>
1291 < option value
= '-3' $selected { 'EXTENDED_NICE' }{ '-3' }> $Lang :: tr
{ 'ovpn_processprioEN' }</ option
>
1292 < option value
= '0' $selected { 'EXTENDED_NICE' }{ '0' }> $Lang :: tr
{ 'ovpn_processprioN' }</ option
>
1293 < option value
= '3' $selected { 'EXTENDED_NICE' }{ '3' }> $Lang :: tr
{ 'ovpn_processprioLN' }</ option
>
1294 < option value
= '7' $selected { 'EXTENDED_NICE' }{ '7' }> $Lang :: tr
{ 'ovpn_processprioD' }</ option
>
1295 < option value
= '10' $selected { 'EXTENDED_NICE' }{ '10' }> $Lang :: tr
{ 'ovpn_processprioVD' }</ option
>
1296 < option value
= '13' $selected { 'EXTENDED_NICE' }{ '13' }> $Lang :: tr
{ 'ovpn_processprioED' }</ option
>
1301 < td
class = 'base' > $Lang :: tr
{ 'ovpn_fastio' }</ td
>
1303 < input type
= 'checkbox' name
= 'EXTENDED_FASTIO' $checked { 'EXTENDED_FASTIO' }{ 'on' } />
1307 < td
class = 'base' > $Lang :: tr
{ 'ovpn_mtudisc' }</ td
>
1309 < input type
= 'checkbox' name
= 'EXTENDED_MTUDISC' $checked { 'EXTENDED_MTUDISC' }{ 'on' } />
1313 < td
class = 'base' > $Lang :: tr
{ 'ovpn_mssfix' }</ td
>
1315 < input type
= 'TEXT' name
= 'EXTENDED_MSSFIX' value
= ' $cgiparams {' EXTENDED_MSSFIX
'}' size
= '30' />
1319 < td
class = 'base' > $Lang :: tr
{ 'ovpn_fragment' }</ td
>
1321 < input type
= 'TEXT' name
= 'EXTENDED_FRAGMENT' value
= ' $cgiparams {' EXTENDED_FRAGMENT
'}' size
= '30' />
1326 #################################################################################
1327 # End of Inserted Data #
1328 #################################################################################
1334 < table width
= '100%' >
1336 < td
class 'base' >< b
> $Lang :: tr
{ 'log-options' }< /b></ td
>
1339 < td width
= '25%' >< /td> <td width='20%'> </ td
>< td width
= '25%' > < /td><td width='30%'></ td
>
1342 < tr
>< td
class = 'base' > VERB
</ td
>
1343 < td
>< select name
= 'LOG_VERB' >< option value
= '1' $selected { 'LOG_VERB' }{ '1' }> 1 </ option
>
1344 < option value
= '2' $selected { 'LOG_VERB' }{ '2' }> 2 </ option
>
1345 < option value
= '3' $selected { 'LOG_VERB' }{ '3' }> 3 </ option
>
1346 < option value
= '4' $selected { 'LOG_VERB' }{ '4' }> 4 </ option
>
1347 < option value
= '5' $selected { 'LOG_VERB' }{ '5' }> 5 </ option
>
1348 < option value
= '6' $selected { 'LOG_VERB' }{ '6' }> 6 </ option
>
1349 < option value
= '7' $selected { 'LOG_VERB' }{ '7' }> 7 </ option
>
1350 < option value
= '8' $selected { 'LOG_VERB' }{ '8' }> 8 </ option
>
1351 < option value
= '9' $selected { 'LOG_VERB' }{ '9' }> 9 </ option
>
1352 < option value
= '10' $selected { 'LOG_VERB' }{ '10' }> 10 </ option
>
1353 < option value
= '11' $selected { 'LOG_VERB' }{ '11' }> 11 </ option
>
1354 < option value
= '0' $selected { 'LOG_VERB' }{ '0' }> 0 < /option></s elect
></ td
>
1356 #################################################################################
1357 # Added by Philipp Jenni #
1359 # Contact: philipp.jenni-at-gmx.ch #
1360 # Date: 2006-04-22 #
1361 # Description: Required </TR> Command from this Table #
1362 #################################################################################
1366 #################################################################################
1367 # End of Inserted Data #
1368 #################################################################################
1373 < table width
= '100%' >
1376 < td allign
= 'center' >< input type
= 'submit' name
= 'ACTION' value
= ' $Lang ::tr{' save
- adv
- options
'}' /></ td
>
1377 < td allign
= 'center' >< input type
= 'submit' name
= 'ACTION' value
= ' $Lang ::tr{' cancel
- adv
- options
'}' /></ td
>
1385 & Header
:: closebox
();
1386 & Header
:: closebigbox
();
1387 & Header
:: closepage
();
1391 ### Openvpn Connections Statistics
1393 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'ovpn con stat' }) {
1394 & Header
:: showhttpheaders
();
1395 & Header
:: openpage
( $Lang :: tr
{ 'ovpn con stat' }, 1 , '' );
1396 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
1397 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'ovpn con stat' });
1400 # <td><b>$Lang::tr{'protocol'}</b></td>
1401 # protocol temp removed
1403 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
1405 <td><b> $Lang ::tr{'common name'}</b></td>
1406 <td><b> $Lang ::tr{'real address'}</b></td>
1407 <td><b> $Lang ::tr{'virtual address'}</b></td>
1408 <td><b> $Lang ::tr{'loged in at'}</b></td>
1409 <td><b> $Lang ::tr{'bytes sent'}</b></td>
1410 <td><b> $Lang ::tr{'bytes received'}</b></td>
1411 <td><b> $Lang ::tr{'last activity'}</b></td>
1415 my $filename = "/var/log/ovpnserver.log" ;
1416 open ( FILE
, $filename ) or die 'Unable to open config file.' ;
1417 my @current = < FILE
>;
1426 my %userlookup = ();
1427 foreach my $line ( @current )
1430 if ( $line =~ /^Updated,(.+)/ ){
1431 @match = split ( /^Updated,(.+)/ , $line );
1432 $status = $match [ 1 ];
1434 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/ ) {
1435 @match = split ( m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/ , $line );
1436 if ( $match [ 1 ] ne "Common Name" ) {
1438 $userlookup { $match [ 2 ]} = $uid ;
1439 $users [ $uid ]{ 'CommonName' } = $match [ 1 ];
1440 $users [ $uid ]{ 'RealAddress' } = $match [ 2 ];
1441 $users [ $uid ]{ 'BytesReceived' } = & Ovpnfunc
:: sizeformat
( $match [ 3 ]);
1442 $users [ $uid ]{ 'BytesSent' } = & Ovpnfunc
:: sizeformat
( $match [ 4 ]);
1443 $users [ $uid ]{ 'Since' } = $match [ 5 ];
1444 $users [ $uid ]{ 'Proto' } = $proto ;
1448 if ( $line =~ /^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/ ) {
1449 @match = split ( m/^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/ , $line );
1450 if ( $match [ 1 ] ne "Virtual Address" ) {
1451 $address = $match [ 3 ];
1452 #find the uid in the lookup table
1453 $uid = $userlookup { $address };
1454 $users [ $uid ]{ 'VirtualAddress' } = $match [ 1 ];
1455 $users [ $uid ]{ 'LastRef' } = $match [ 4 ];
1461 for ( my $idx = 1 ; $idx <= $user2 ; $idx ++){
1463 print "<tr bgcolor='${Header::table1colour}'> \n " ;
1465 print "<tr bgcolor='${Header::table2colour}'> \n " ;
1467 print "<td align='left'> $users [ $idx -1]{'CommonName'}</td>" ;
1468 print "<td align='left'> $users [ $idx -1]{'RealAddress'}</td>" ;
1469 print "<td align='left'> $users [ $idx -1]{'VirtualAddress'}</td>" ;
1470 print "<td align='left'> $users [ $idx -1]{'Since'}</td>" ;
1471 print "<td align='left'> $users [ $idx -1]{'BytesSent'}</td>" ;
1472 print "<td align='left'> $users [ $idx -1]{'BytesReceived'}</td>" ;
1473 print "<td align='left'> $users [ $idx -1]{'LastRef'}</td>" ;
1474 # print "<td align='left'>$users[$idx-1]{'Proto'}</td>";
1480 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
1485 <tr><td align='center' > $Lang ::tr{'the statistics were last updated at'} <b> $status </b></td></tr>
1489 & Header
:: closebox
();
1490 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'> $Lang ::tr{'back'}</a></div>" ;
1491 & Header
:: closebigbox
();
1492 & Header
:: closepage
();
1496 ### Download Certificate
1498 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'download certificate' }) {
1499 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1500 if ( - f
"${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem" ) {
1501 print "Content-Disposition: filename=" . $confighash { $cgiparams { 'KEY' }}[ 1 ] . "cert.pem \r\n " ;
1502 print "Content-Type: application/octet-stream \r\n\r\n " ;
1503 print `/bin/cat ${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem` ;
1508 ### Restart connection
1510 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'restart' }) {
1511 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
1512 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1514 if ( $confighash { $cgiparams { 'KEY' }}) {
1516 $errormessage = $Lang :: tr
{ 'invalid key' };
1520 ### Choose between adding a host-net or net-net connection
1522 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'add' } && $cgiparams { 'TYPE' } eq '' ) {
1523 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
1524 & Header
:: showhttpheaders
();
1525 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
1526 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
1527 & Header
:: openbox
( '100%' , 'LEFT' , "Net to Net $Lang ::tr{'connection type'}" );
1529 <b> $Lang ::tr{'connection type'}:</b><br />
1530 <table><form method='post' enctype='multipart/form-data'>
1531 <tr><td><input type='radio' name='TYPE' value='net' checked /></td>
1532 <td class='base'> $Lang ::tr{'net to net vpn'}</td></tr>
1533 <tr><td><input type='radio' name='TYPE' value='zerinan2n' /></td>
1534 <td class='base'>upload a ZERINA Net-to-Net package</td>
1535 <td class='base'><input type='file' name='FH' size='30'></td></tr>
1536 <tr><td align='center'><input type='submit' name='ACTION' value=' $Lang ::tr{'add'}' /></td></tr>
1540 & Header
:: closebox
();
1541 & Header
:: closebigbox
();
1542 & Header
:: closepage
();
1546 ### uploading a ZERINA n2n connection package
1548 } elsif (( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'add' }) && ( $cgiparams { 'TYPE' } eq 'zerinan2n' )){
1551 my $uplconffilename = '' ;
1552 my $uplp12name = '' ;
1553 my $complzoactive = '' ;
1558 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1559 # Move uploaded ZERINA n2n package to a temporary file
1560 if ( ref ( $cgiparams { 'FH' }) ne 'Fh' ) {
1561 $errormessage = $Lang :: tr
{ 'there was no file upload' };
1564 # Move uploaded ca to a temporary file
1565 ( my $fh , my $filename ) = tempfile
( );
1566 if ( copy
( $cgiparams { 'FH' }, $fh ) != 1 ) {
1571 my $zip = Archive
:: Zip
-> new ();
1572 my $zipName = $filename ;
1573 my $status = $zip -> read ( $zipName );
1574 if ( $status != AZ_OK
) {
1575 $errormessage = "Read of $zipName failed \n " ;
1578 #my $tempdir = tempdir( CLEANUP => 1 );
1579 my $tempdir = tempdir
();
1580 my @files = $zip -> memberNames ();
1582 $zip -> extractMemberWithoutPaths ( $_ , " $tempdir / $_ " );
1584 my $countfiles = @files ;
1585 # see if we have 2 files
1586 if ( $countfiles == 2 ){
1588 if ( $_ =~ /.conf$/ ){
1589 $uplconffilename = $_ ;
1591 if ( $_ =~ /.p12$/ ){
1595 if (( $uplconffilename eq '' ) || ( $uplp12name eq '' )){
1596 $errormessage = "Either no *.conf or no *.p12 file found \n " ;
1599 open ( FILE
, " $tempdir / $uplconffilename " ) or die 'Unable to open*.conf file' ;
1600 @zerinaconf = < FILE
>;
1604 # only 2 files are allowed
1605 $errormessage = "Filecount does not match only 2 files are allowed \n " ;
1608 #prepare imported data not elegant, will be changed later
1609 my $ufuk = ( @zerinaconf );
1610 push ( @confdetails , substr ( $zerinaconf [ 0 ], 4 )); #dev tun 0
1611 push ( @confdetails , substr ( $zerinaconf [ 1 ], 8 )); #mtu value 1
1612 push ( @confdetails , substr ( $zerinaconf [ 2 ], 6 )); #protocol 2
1613 if ( $confdetails [ 2 ] eq 'tcp-client' || $confdetails [ 2 ] eq 'tcp-server' ) {
1614 $confdetails [ 2 ] = 'tcp' ;
1616 push ( @confdetails , substr ( $zerinaconf [ 3 ], 5 )); #port 3
1617 push ( @confdetails , substr ( $zerinaconf [ 4 ], 9 )); #ovpn subnet 4
1618 push ( @confdetails , substr ( $zerinaconf [ 5 ], 7 )); #remote ip 5
1619 push ( @confdetails , $zerinaconf [ 6 ]); #tls-server/tls-client 6
1620 push ( @confdetails , substr ( $zerinaconf [ 7 ], 7 )); #pkcs12 name 7
1621 push ( @confdetails , substr ( $zerinaconf [ $ufuk - 1 ], 1 )); #remote subnet 8
1622 push ( @confdetails , substr ( $zerinaconf [ 9 ], 10 )); #keepalive 9
1623 push ( @confdetails , substr ( $zerinaconf [ 10 ], 7 )); #cipher 10
1625 push ( @confdetails , $zerinaconf [ $ufuk - 3 ]); #complzo 11
1626 $complzoactive = "on" ;
1628 $complzoactive = "off" ;
1630 push ( @confdetails , substr ( $zerinaconf [ $ufuk - 2 ], 5 )); #verb 12
1631 push ( @confdetails , substr ( $zerinaconf [ 8 ], 6 )); #localsubnet 13
1632 #push(@confdetails, substr($uplconffilename,0,-5));#connection Name 14
1633 push ( @confdetails , substr ( $uplp12name , 0 ,- 4 )); #connection Name 14
1634 #chomp(@confdetails);
1635 foreach my $dkey ( keys %confighash ) { #Check if there is no other entry with this name
1636 if ( $confighash { $dkey }[ 1 ] eq $confdetails [ $ufuk ]) {
1637 $errormessage = $Lang :: tr
{ 'a connection with this name already exists' };
1641 if ( $confdetails [ $ufuk ] eq 'server' ) {
1642 $errormessage = $Lang :: tr
{ 'server reserved' };
1645 @rem_subnet2 = split ( / / , $confdetails [ 4 ]);
1646 @tmposupnet3 = split /\./ , $rem_subnet2 [ 0 ];
1647 $errormessage = & Ovpnfunc
:: ovelapplausi
( " $tmposupnet3 [0]. $tmposupnet3 [1]. $tmposupnet3 [2].0" , "255.255.255.0" );
1648 if ( $errormessage ne '' ){
1652 $key = & General
:: findhasharraykey
( \
%confighash );
1653 foreach my $i ( 0 .. 42 ) { $confighash { $key }[ $i ] = "" ;}
1654 $confighash { $key }[ 0 ] = 'off' ;
1655 $confighash { $key }[ 1 ] = $confdetails [ $ufuk ];
1656 #$confighash{$key}[2] = $confdetails[7];
1657 $confighash { $key }[ 2 ] = $confdetails [ $ufuk ];
1658 $confighash { $key }[ 3 ] = 'net' ;
1659 $confighash { $key }[ 4 ] = 'cert' ;
1660 $confighash { $key }[ 6 ] = 'client' ;
1661 $confighash { $key }[ 8 ] = $confdetails [ 8 ];
1662 @rem_subnet = split ( / / , $confdetails [ $ufuk - 1 ]);
1663 $confighash { $key }[ 11 ] = " $rem_subnet [0]/ $rem_subnet [1]" ;
1664 $confighash { $key }[ 10 ] = $confdetails [ 5 ];
1665 $confighash { $key }[ 25 ] = 'imported' ;
1666 $confighash { $key }[ 12 ] = 'red' ;
1667 my @tmposupnet = split ( / / , $confdetails [ 4 ]);
1668 my @tmposupnet2 = split /\./ , $tmposupnet [ 0 ];
1669 $confighash { $key }[ 13 ] = " $tmposupnet2 [0]. $tmposupnet2 [1]. $tmposupnet2 [2].0/255.255.255.0" ;
1670 $confighash { $key }[ 14 ] = $confdetails [ 2 ];
1671 $confighash { $key }[ 15 ] = $confdetails [ 3 ];
1672 $confighash { $key }[ 16 ] = $complzoactive ;
1673 $confighash { $key }[ 17 ] = $confdetails [ 1 ];
1674 $confighash { $key }[ 18 ] = '' ; # nn2nvpn_ip
1675 $confighash { $key }[ 19 ] = 'yes' ; # nn2nvpn_ip
1676 $confighash { $key }[ 20 ] = $confdetails [ 10 ];
1677 $cgiparams { 'KEY' } = $key ;
1678 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1679 mkdir ( "${General::swroot}/ovpn/n2nconf/ $confdetails [ $ufuk ]" , 0770 );
1680 move
( " $tempdir / $uplconffilename " , "${General::swroot}/ovpn/n2nconf/ $confdetails [ $ufuk ]/ $uplconffilename " );
1682 $errormessage = "*.conf move failed: $!" ;
1686 move
( " $tempdir / $uplp12name " , "${General::swroot}/ovpn/n2nconf/ $confdetails [ $ufuk ]/ $uplp12name " );
1688 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
1694 & Header
:: showhttpheaders
();
1695 & Header
:: openpage
( 'Validate imported configuration' , 1 , '' );
1696 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
1697 if ( $errormessage ) {
1698 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
1699 print "<class name='base'> $errormessage " ;
1700 print " </class>" ;
1701 & Header
:: closebox
();
1703 & Header
:: openbox
( '100%' , 'LEFT' , 'Validate imported configuration' );
1705 if ( $errormessage eq '' ){
1707 <!-- net2net config gui -->
1708 <tr><td width='25%'> </td>
1709 <td width='25%'> </td></tr>
1710 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'name'}:</td>
1711 <td><b> $confdetails [ $ufuk ]</b></td></tr>
1712 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'Act as'}</td>
1713 <td><b> $confdetails [6]</b></td>
1714 <td class='boldbase'> $Lang ::tr{'remote host/ip'}:</td>
1715 <td><b> $confdetails [5]</b></td></tr>
1716 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'local subnet'}</td>
1717 <td><b> $confighash { $key }[8]</b></td>
1718 <td class='boldbase' nowrap='nowrap'> $Lang ::tr{'remote subnet'}</td>
1719 <td><b> $confighash { $key }[11]</b></td></tr>
1720 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'ovpn subnet'}</td>
1721 <td><b> $confighash { $key }[ $ufuk -1]</b></td></tr>
1722 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'protocol'}</td>
1723 <td><b> $confdetails [2]</b></td>
1724 <td class='boldbase'> $Lang ::tr{'destination port'}:</td>
1725 <td><b> $confdetails [3]</b></td></tr>
1726 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'comp-lzo'}</td>
1727 <td><b> $complzoactive </b></td>
1728 <td class='boldbase'> $Lang ::tr{'cipher'}</td>
1729 <td><b> $confdetails [10]</b></td></tr>
1730 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'MTU'} <img src='/blob.gif' /></td>
1731 <td><b> $confdetails [1]</b></td></tr>
1735 & Header
:: closebox
();
1737 if ( $errormessage ) {
1738 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'> $Lang ::tr{'back'}</a></div>" ;
1740 print "<div align='center'><form method='post' enctype='multipart/form-data'><input type='submit' name='ACTION' value='Approved' />" ;
1741 print "<input type='hidden' name='TYPE' value='zerinan2n' />" ;
1742 print "<input type='hidden' name='KEY' value=' $cgiparams {'KEY'}' />" ;
1743 print "<input type='submit' name='ACTION' value='Discard' /></div></form>" ;
1745 & Header
:: closebigbox
();
1746 & Header
:: closepage
();
1750 ### Approve Zerina n2n
1752 } elsif (( $cgiparams { 'ACTION' } eq 'Approved' ) && ( $cgiparams { 'TYPE' } eq 'zerinan2n' )){
1753 & Ovpnfunc
:: writenet2netconf
( $cgiparams { 'KEY' }, $zerinaclient );
1755 ### Discard Zerina n2n
1757 } elsif (( $cgiparams { 'ACTION' } eq 'Discard' ) && ( $cgiparams { 'TYPE' } eq 'zerinan2n' )){
1758 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
1759 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1761 if ( $confighash { $cgiparams { 'KEY' }}) {
1762 & Ovpnfunc
:: removenet2netconf
();
1763 delete $confighash { $cgiparams { 'KEY' }};
1764 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1766 $errormessage = $Lang :: tr
{ 'invalid key' };
1769 ### Adding a new connection
1771 } elsif (( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'add' }) ||
1772 ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'edit' }) ||
1773 ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' } && $cgiparams { 'ADVANCED' } eq '' )) {
1775 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
1776 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
1777 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1779 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'edit' }) {
1780 if (! $confighash { $cgiparams { 'KEY' }}[ 0 ]) {
1781 $errormessage = $Lang :: tr
{ 'invalid key' };
1784 $cgiparams { 'ENABLED' } = $confighash { $cgiparams { 'KEY' }}[ 0 ];
1785 $cgiparams { 'NAME' } = $confighash { $cgiparams { 'KEY' }}[ 1 ];
1786 $cgiparams { 'TYPE' } = $confighash { $cgiparams { 'KEY' }}[ 3 ];
1787 $cgiparams { 'AUTH' } = $confighash { $cgiparams { 'KEY' }}[ 4 ];
1788 $cgiparams { 'PSK' } = $confighash { $cgiparams { 'KEY' }}[ 5 ];
1789 $cgiparams { 'SIDE' } = $confighash { $cgiparams { 'KEY' }}[ 6 ];
1790 $cgiparams { 'LOCAL_SUBNET' } = $confighash { $cgiparams { 'KEY' }}[ 8 ];
1791 $cgiparams { 'REMOTE' } = $confighash { $cgiparams { 'KEY' }}[ 10 ];
1792 $cgiparams { 'REMOTE_SUBNET' } = $confighash { $cgiparams { 'KEY' }}[ 11 ];
1793 $cgiparams { 'REMARK' } = $confighash { $cgiparams { 'KEY' }}[ 25 ];
1794 $cgiparams { 'INTERFACE' } = $confighash { $cgiparams { 'KEY' }}[ 12 ];
1795 $cgiparams { 'OVPN_SUBNET' } = $confighash { $cgiparams { 'KEY' }}[ 13 ]; #new fields
1796 $cgiparams { 'PROTOCOL' } = $confighash { $cgiparams { 'KEY' }}[ 14 ];
1797 $cgiparams { 'DEST_PORT' } = $confighash { $cgiparams { 'KEY' }}[ 15 ];
1798 $cgiparams { 'COMPLZO' } = $confighash { $cgiparams { 'KEY' }}[ 16 ];
1799 $cgiparams { 'MTU' } = $confighash { $cgiparams { 'KEY' }}[ 17 ];
1800 $cgiparams { 'N2NVPN_IP' } = $confighash { $cgiparams { 'KEY' }}[ 18 ]; #new fields
1801 $cgiparams { 'ZERINA_CLIENT' } = $confighash { $cgiparams { 'KEY' }}[ 19 ]; #new fields
1802 $cgiparams { 'CIPHER' } = $confighash { $cgiparams { 'KEY' }}[ 20 ]; #new fields
1803 if ( $cgiparams { 'ZERINA_CLIENT' } eq '' ){
1804 $cgiparams { 'ZERINA_CLIENT' } = 'no' ;
1806 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' }) { #ab hiere error uebernehmen
1807 $cgiparams { 'REMARK' } = & Header
:: cleanhtml
( $cgiparams { 'REMARK' });
1809 if ( $cgiparams { 'TYPE' } !~ /^(host|net)$/ ) {
1810 $errormessage = $Lang :: tr
{ 'connection type is invalid' };
1813 if ( $cgiparams { 'NAME' } !~ /^[a-zA-Z0-9]+$/ ) {
1814 $errormessage = $Lang :: tr
{ 'name must only contain characters' };
1817 if ( $cgiparams { 'NAME' } =~ /^(host|01|block|private|clear|packetdefault|server)$/ ) {
1818 $errormessage = $Lang :: tr
{ 'name is invalid' };
1821 if ( length ( $cgiparams { 'NAME' }) > 60 ) {
1822 $errormessage = $Lang :: tr
{ 'name too long' };
1825 if (! $cgiparams { 'KEY' }) { # Check if there is no other entry with this name
1826 foreach my $key ( keys %confighash ) {
1827 if ( $confighash { $key }[ 1 ] eq $cgiparams { 'NAME' }) {
1828 $errormessage = $Lang :: tr
{ 'a connection with this name already exists' };
1833 if (( $cgiparams { 'TYPE' } eq 'net' ) && (! $cgiparams { 'REMOTE' })) {
1834 $errormessage = $Lang :: tr
{ 'invalid input for remote host/ip' };
1837 if ( $cgiparams { 'REMOTE' }) {
1838 if (! & General
:: validip
( $cgiparams { 'REMOTE' })) {
1839 if (! & General
:: validfqdn
( $cgiparams { 'REMOTE' })) {
1840 $errormessage = $Lang :: tr
{ 'invalid input for remote host/ip' };
1843 if (& Ovpnfunc
:: valid_dns_host
( $cgiparams { 'REMOTE' })) {
1844 $warnmessage = " $Lang ::tr{'check vpn lr'} $cgiparams {'REMOTE'}. $Lang ::tr{'dns check failed'}" ;
1849 if ( $cgiparams { 'TYPE' } ne 'host' ) {
1850 unless (& General
:: validipandmask
( $cgiparams { 'LOCAL_SUBNET' })) {
1851 $errormessage = $Lang :: tr
{ 'local subnet is invalid' };
1856 my @tmpovpnsubnet = split ( "\/" , $cgiparams { 'LOCAL_SUBNET' });
1857 $tmpovpnsubnet [ 1 ] = & Ovpnfunc
:: cidrormask
( $tmpovpnsubnet [ 1 ]);
1858 $cgiparams { 'LOCAL_SUBNET' } = " $tmpovpnsubnet [0]/ $tmpovpnsubnet [1]" ; #convert from cidr
1860 if ( $cgiparams { 'REMOTE' } eq '' ) { # Check if there is no other entry without IP-address and PSK
1861 foreach my $key ( keys %confighash ) {
1862 if (( $cgiparams { 'KEY' } ne $key ) && ( $confighash { $key }[ 4 ] eq 'psk' || $cgiparams { 'AUTH' } eq 'psk' ) && $confighash { $key }[ 10 ] eq '' ) {
1863 $errormessage = $Lang :: tr
{ 'you can only define one roadwarrior connection when using pre-shared key authentication' };
1868 if (( $cgiparams { 'TYPE' } eq 'net' ) && (! & General
:: validipandmask
( $cgiparams { 'REMOTE_SUBNET' }))) {
1869 $errormessage = $Lang :: tr
{ 'remote subnet is invalid' };
1873 my @tmpovpnsubnet = split ( "\/" , $cgiparams { 'REMOTE_SUBNET' });
1874 $tmpovpnsubnet [ 1 ] = & Ovpnfunc
:: cidrormask
( $tmpovpnsubnet [ 1 ]);
1875 $cgiparams { 'REMOTE_SUBNET' } = " $tmpovpnsubnet [0]/ $tmpovpnsubnet [1]" ; #convert from cidr
1877 if ( $cgiparams { 'ENABLED' } !~ /^(on|off)$/ ) {
1878 $errormessage = $Lang :: tr
{ 'invalid input' };
1881 if ( $cgiparams { 'EDIT_ADVANCED' } !~ /^(on|off)$/ ) {
1882 $errormessage = $Lang :: tr
{ 'invalid input' };
1885 if ( $cgiparams { 'ENABLED' } eq 'on' ){
1886 $errormessage = & Ovpnfunc
:: disallowreserved
( $cgiparams { 'DEST_PORT' }, 0 , $cgiparams { 'PROTOCOL' }, "dest" );
1888 if ( $errormessage ) { goto VPNCONF_ERROR
; }
1890 if ( $cgiparams { 'ENABLED' } eq 'on' ){
1891 $errormessage = & Ovpnfunc
:: checkportfw
( 0 , $cgiparams { 'DEST_PORT' }, $cgiparams { 'PROTOCOL' }, '0.0.0.0' );
1893 if ( $errormessage ) { goto VPNCONF_ERROR
; }
1895 if ( $cgiparams { 'TYPE' } eq 'net' ) {
1896 if (! & General
:: validipandmask
( $cgiparams { 'OVPN_SUBNET' })) {
1897 $errormessage = $Lang :: tr
{ 'ovpn subnet is invalid' };
1901 my @tmpovpnsubnet = split ( "\/" , $cgiparams { 'OVPN_SUBNET' });
1902 $tmpovpnsubnet [ 1 ] = & Ovpnfunc
:: cidrormask
( $tmpovpnsubnet [ 1 ]);
1903 $cgiparams { 'OVPN_SUBNET' } = " $tmpovpnsubnet [0]/ $tmpovpnsubnet [1]" ; #convert from cidr
1906 $errormessage = & Ovpnfunc
:: ovelapplausi
( $tmpovpnsubnet [ 0 ], $tmpovpnsubnet [ 1 ]);
1908 if ( $errormessage ne '' ){
1911 if (( length ( $cgiparams { 'MTU' })== 0 ) || (( $cgiparams { 'MTU' }) < 1000 )) {
1912 $errormessage = $Lang :: tr
{ 'invalid mtu input' };
1915 unless (& General
:: validport
( $cgiparams { 'DEST_PORT' })) {
1916 $errormessage = $Lang :: tr
{ 'invalid port' };
1919 # check protcol/port overlap against existing connections gian
1920 foreach my $dkey ( keys %confighash ) { #Check if there is no other entry with this name
1921 if ( $dkey ne $cgiparams { 'KEY' }) {
1922 if ( $confighash { $dkey }[ 14 ] eq $cgiparams { 'PROTOCOL' } && $confighash { $dkey }[ 15 ] eq $cgiparams { 'DEST_PORT' }){
1923 #if ($confighash{$dkey}[14] eq 'on') {
1924 $errormessage = "Choosed Protocol/Port combination is already used by connection: $confighash { $dkey }[1]" ;
1927 # $warnmessage = "Choosed Protcol/Port combination is used by inactive connection: $confighash{$dkey}[1]";
1932 #check protcol/port overlap against RWserver gian
1933 if ( $vpnsettings { 'ENABLED' } eq 'on' ) {
1934 if ( $vpnsettings { 'DPROTOCOL' } eq $cgiparams { 'PROTOCOL' } && $vpnsettings { 'DDEST_PORT' } eq $cgiparams { 'DEST_PORT' }){
1935 $errormessage = "Choosed Protocol/Port combination is already used OpenVPN Roadwarrior Server" ;
1940 if ( $cgiparams { 'AUTH' } eq 'psk' ) {
1942 } elsif ( $cgiparams { 'AUTH' } eq 'certreq' ) {
1944 if ( $cgiparams { 'KEY' }) {
1945 $errormessage = $Lang :: tr
{ 'cant change certificates' };
1948 if ( ref ( $cgiparams { 'FH' }) ne 'Fh' ) {
1949 $errormessage = $Lang :: tr
{ 'there was no file upload' };
1952 ( my $fh , my $filename ) = tempfile
( ); # Move uploaded certificate request to a temporary file
1953 if ( copy
( $cgiparams { 'FH' }, $fh ) != 1 ) {
1957 # Sign the certificate request and move it
1958 # Sign the host certificate request
1959 system ( '/usr/bin/openssl' , 'ca' , '-days' , '999999' ,
1960 '-batch' , '-notext' ,
1962 '-out' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" ,
1963 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" );
1965 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
1967 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" );
1968 & Ovpnfunc
:: newcleanssldatabase
();
1972 & Ovpnfunc
:: deletebackupcert
();
1974 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem` ;
1975 $temp =~ /Subject:.*CN=(.*)[\n]/ ;
1977 $temp =~ s
+/ Email
+, E
+;
1978 $temp =~ s/ ST=/ S=/ ;
1979 $cgiparams { 'CERT_NAME' } = $temp ;
1980 $cgiparams { 'CERT_NAME' } =~ s/,//g ;
1981 $cgiparams { 'CERT_NAME' } =~ s/\'//g ;
1982 if ( $cgiparams { 'CERT_NAME' } eq '' ) {
1983 $errormessage = $Lang :: tr
{ 'could not retrieve common name from certificate' };
1986 } elsif ( $cgiparams { 'AUTH' } eq 'certfile' ) {
1987 if ( $cgiparams { 'KEY' }) {
1988 $errormessage = $Lang :: tr
{ 'cant change certificates' };
1991 if ( ref ( $cgiparams { 'FH' }) ne 'Fh' ) {
1992 $errormessage = $Lang :: tr
{ 'there was no file upload' };
1995 ( my $fh , my $filename ) = tempfile
( ); # Move uploaded certificate to a temporary file
1996 if ( copy
( $cgiparams { 'FH' }, $fh ) != 1 ) {
2000 my $validca = 0 ; # Verify the certificate has a valid CA and move it
2001 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/cacert.pem $filename ` ;
2002 if ( $test =~ /: OK/ ) {
2005 foreach my $key ( keys %cahash ) {
2006 $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/ $cahash { $key }[0]cert.pem $filename ` ;
2007 if ( $test =~ /: OK/ ) {
2013 $errormessage = $Lang :: tr
{ 'certificate does not have a valid ca associated with it' };
2017 move
( $filename , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" );
2019 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
2024 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem` ;
2025 $temp =~ /Subject:.*CN=(.*)[\n]/ ;
2027 $temp =~ s
+/ Email
+, E
+;
2028 $temp =~ s/ ST=/ S=/ ;
2029 $cgiparams { 'CERT_NAME' } = $temp ;
2030 $cgiparams { 'CERT_NAME' } =~ s/,//g ;
2031 $cgiparams { 'CERT_NAME' } =~ s/\'//g ;
2032 if ( $cgiparams { 'CERT_NAME' } eq '' ) {
2033 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" );
2034 $errormessage = $Lang :: tr
{ 'could not retrieve common name from certificate' };
2037 } elsif ( $cgiparams { 'AUTH' } eq 'certgen' ){
2038 if ( $cgiparams { 'KEY' }) {
2039 $errormessage = $Lang :: tr
{ 'cant change certificates' };
2042 if ( length ( $cgiparams { 'CERT_NAME' }) > 60 ) { # Validate input since the form was submitted
2043 $errormessage = $Lang :: tr
{ 'name too long' };
2046 if ( $cgiparams { 'CERT_NAME' } !~ /^[a-zA-Z0-9 ,\.\-_]+$/ ) {
2047 $errormessage = $Lang :: tr
{ 'invalid input for name' };
2050 if ( $cgiparams { 'CERT_EMAIL' } ne '' && (! & General
:: validemail
( $cgiparams { 'CERT_EMAIL' }))) {
2051 $errormessage = $Lang :: tr
{ 'invalid input for e-mail address' };
2054 if ( length ( $cgiparams { 'CERT_EMAIL' }) > 40 ) {
2055 $errormessage = $Lang :: tr
{ 'e-mail address too long' };
2058 if ( $cgiparams { 'CERT_OU' } ne '' && $cgiparams { 'CERT_OU' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
2059 $errormessage = $Lang :: tr
{ 'invalid input for department' };
2062 if ( length ( $cgiparams { 'CERT_ORGANIZATION' }) > 60 ) {
2063 $errormessage = $Lang :: tr
{ 'organization too long' };
2066 if ( $cgiparams { 'CERT_ORGANIZATION' } !~ /^[a-zA-Z0-9 ,\.\-_]+$/ ) {
2067 $errormessage = $Lang :: tr
{ 'invalid input for organization' };
2070 if ( $cgiparams { 'CERT_CITY' } ne '' && $cgiparams { 'CERT_CITY' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
2071 $errormessage = $Lang :: tr
{ 'invalid input for city' };
2074 if ( $cgiparams { 'CERT_STATE' } ne '' && $cgiparams { 'CERT_STATE' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
2075 $errormessage = $Lang :: tr
{ 'invalid input for state or province' };
2078 if ( $cgiparams { 'CERT_COUNTRY' } !~ /^[A-Z]*$/ ) {
2079 $errormessage = $Lang :: tr
{ 'invalid input for country' };
2082 if ( $cgiparams { 'CERT_PASS1' } ne '' && $cgiparams { 'CERT_PASS2' } ne '' ){
2083 if ( length ( $cgiparams { 'CERT_PASS1' }) < 5 ) {
2084 $errormessage = $Lang :: tr
{ 'password too short' };
2088 if ( $cgiparams { 'CERT_PASS1' } ne $cgiparams { 'CERT_PASS2' }) {
2089 $errormessage = $Lang :: tr
{ 'passwords do not match' };
2092 ( my $ou = $cgiparams { 'CERT_OU' }) =~ s/^\s*$/\./ ; # Replace empty strings with a .
2093 ( my $city = $cgiparams { 'CERT_CITY' }) =~ s/^\s*$/\./ ;
2094 ( my $state = $cgiparams { 'CERT_STATE' }) =~ s/^\s*$/\./ ;
2095 my $pid = open ( OPENSSL
, "|-" ); # Create the Host certificate request client
2096 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto VPNCONF_ERROR
;};
2097 if ( $pid ) { # parent
2098 print OPENSSL
" $cgiparams {'CERT_COUNTRY'} \n " ;
2099 print OPENSSL
" $state \n " ;
2100 print OPENSSL
" $city \n " ;
2101 print OPENSSL
" $cgiparams {'CERT_ORGANIZATION'} \n " ;
2102 print OPENSSL
" $ou \n " ;
2103 print OPENSSL
" $cgiparams {'CERT_NAME'} \n " ;
2104 print OPENSSL
" $cgiparams {'CERT_EMAIL'} \n " ;
2105 print OPENSSL
". \n " ;
2106 print OPENSSL
". \n " ;
2109 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
2110 unlink ( "${General::swroot}ovpn/certs/ $cgiparams {'NAME'}key.pem" );
2111 unlink ( "${General::swroot}ovpn/certs/ $cgiparams {'NAME'}req.pem" );
2115 unless ( exec ( '/usr/bin/openssl' , 'req' , '-nodes' , '-rand' , '/proc/interrupts:/proc/net/rt_cache' ,
2116 '-newkey' , 'rsa:1024' ,
2117 '-keyout' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" ,
2118 '-out' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}req.pem" ,
2119 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
2120 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
2121 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" );
2122 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}req.pem" );
2126 # Sign the host certificate request
2127 system ( '/usr/bin/openssl' , 'ca' , '-days' , '999999' ,
2128 '-batch' , '-notext' ,
2129 '-in' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}req.pem" ,
2130 '-out' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" ,
2131 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" );
2133 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
2134 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" );
2135 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}req.pem" );
2136 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" );
2137 & Ovpnfunc
:: newcleanssldatabase
();
2140 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}req.pem" );
2141 & Ovpnfunc
:: deletebackupcert
();
2143 # Create the pkcs12 file
2144 system ( '/usr/bin/openssl' , 'pkcs12' , '-export' ,
2145 '-inkey' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" ,
2146 '-in' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" ,
2147 '-name' , $cgiparams { 'NAME' },
2148 '-passout' , "pass: $cgiparams {'CERT_PASS1'}" ,
2149 '-certfile' , "${General::swroot}/ovpn/ca/cacert.pem" ,
2150 '-caname' , " $vpnsettings {'ROOTCERT_ORGANIZATION'} CA" ,
2151 '-out' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}.p12" );
2153 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
2154 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" );
2155 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" );
2156 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}.p12" );
2159 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" );
2161 } elsif ( $cgiparams { 'AUTH' } eq 'cert' ) {
2162 ; # Nothing, just editing
2164 $errormessage = $Lang :: tr
{ 'invalid input for authentication method' };
2167 if ((! $cgiparams { 'KEY' }) && ( $cgiparams { 'AUTH' } ne 'psk' )) { # Check if there is no other entry with this common name
2168 foreach my $key ( keys %confighash ) {
2169 if ( $confighash { $key }[ 2 ] eq $cgiparams { 'CERT_NAME' }) {
2170 $errormessage = $Lang :: tr
{ 'a connection with this common name already exists' };
2176 my $key = $cgiparams { 'KEY' }; # Save the config
2178 $key = & General
:: findhasharraykey
( \
%confighash );
2179 foreach my $i ( 0 .. 42 ) { $confighash { $key }[ $i ] = "" ;}
2181 $confighash { $key }[ 0 ] = $cgiparams { 'ENABLED' };
2182 $confighash { $key }[ 1 ] = $cgiparams { 'NAME' };
2183 if ((! $cgiparams { 'KEY' }) && $cgiparams { 'AUTH' } ne 'psk' ) {
2184 $confighash { $key }[ 2 ] = $cgiparams { 'CERT_NAME' };
2186 $confighash { $key }[ 3 ] = $cgiparams { 'TYPE' };
2187 if ( $cgiparams { 'AUTH' } eq 'psk' ) {
2188 $confighash { $key }[ 4 ] = 'psk' ;
2189 $confighash { $key }[ 5 ] = $cgiparams { 'PSK' };
2191 $confighash { $key }[ 4 ] = 'cert' ;
2193 if ( $cgiparams { 'TYPE' } eq 'net' ) {
2194 $confighash { $key }[ 6 ] = $cgiparams { 'SIDE' };
2195 $confighash { $key }[ 11 ] = $cgiparams { 'REMOTE_SUBNET' };
2196 if ( $cgiparams { 'SIDE' } eq 'client' ) {
2197 $confighash { $key }[ 19 ] = 'yes' ;
2199 $confighash { $key }[ 19 ] = 'no' ;
2202 $confighash { $key }[ 8 ] = $cgiparams { 'LOCAL_SUBNET' };
2203 $confighash { $key }[ 10 ] = $cgiparams { 'REMOTE' };
2204 $confighash { $key }[ 25 ] = $cgiparams { 'REMARK' };
2205 $confighash { $key }[ 12 ] = $cgiparams { 'INTERFACE' };
2206 $confighash { $key }[ 13 ] = $cgiparams { 'OVPN_SUBNET' }; # new fields
2207 $confighash { $key }[ 14 ] = $cgiparams { 'PROTOCOL' };
2208 $confighash { $key }[ 15 ] = $cgiparams { 'DEST_PORT' };
2209 $confighash { $key }[ 16 ] = $cgiparams { 'COMPLZO' };
2210 $confighash { $key }[ 17 ] = $cgiparams { 'MTU' };
2211 $confighash { $key }[ 18 ] = $cgiparams { 'N2NVPN_IP' }; # new fileds
2212 $confighash { $key }[ 19 ] = $cgiparams { 'ZERINA_CLIENT' }; # new fileds
2213 $confighash { $key }[ 20 ] = $cgiparams { 'CIPHER' };
2215 #default n2n advanced
2216 $confighash { $key }[ 26 ] = '10' ; #keepalive ping
2217 $confighash { $key }[ 27 ] = '60' ; #keepalive restart
2218 $confighash { $key }[ 28 ] = '0' ; #nice
2219 $confighash { $key }[ 42 ] = '3' ; #verb
2220 #default n2n advanced
2221 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
2222 & Ovpnfunc
:: writenet2netconf
( $key , $zerinaclient );
2224 my $n2nactive = `/bin/ps ax|grep $cgiparams {'NAME'}.conf|grep -v grep|awk \' {print \ $1 } \' ` ;
2225 if ( $cgiparams { 'ENABLED' }) {
2226 if ( $n2nactive eq '' ){
2227 system ( '/usr/local/bin/openvpnctrl' , '-sn2n' , $cgiparams { 'NAME' });
2229 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $n2nactive );
2230 system ( '/usr/local/bin/openvpnctrl' , '-sn2n' , $cgiparams { 'NAME' });
2233 if ( $n2nactive ne '' ){
2234 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $cgiparams { 'NAME' });
2237 if ( $cgiparams { 'EDIT_ADVANCED' } eq 'on' ) {
2238 $cgiparams { 'KEY' } = $key ;
2239 $cgiparams { 'ACTION' } = $Lang :: tr
{ 'advanced' };
2243 $cgiparams { 'ENABLED' } = 'on' ;
2244 if ( $cgiparams { 'ZERINA_CLIENT' } eq '' ){
2245 $cgiparams { 'ZERINA_CLIENT' } = 'no' ;
2247 if ( ! - f
"${General::swroot}/ovpn/ca/cakey.pem" ) {
2248 $cgiparams { 'AUTH' } = 'psk' ;
2249 } elsif ( ! - f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
2250 $cgiparams { 'AUTH' } = 'certfile' ;
2252 $cgiparams { 'AUTH' } = 'certgen' ;
2254 $cgiparams { 'LOCAL_SUBNET' } = " $netsettings {'GREEN_NETADDRESS'}/ $netsettings {'GREEN_NETMASK'}" ;
2255 $cgiparams { 'CERT_ORGANIZATION' } = $vpnsettings { 'ROOTCERT_ORGANIZATION' };
2256 $cgiparams { 'CERT_CITY' } = $vpnsettings { 'ROOTCERT_CITY' };
2257 $cgiparams { 'CERT_STATE' } = $vpnsettings { 'ROOTCERT_STATE' };
2258 $cgiparams { 'CERT_COUNTRY' } = $vpnsettings { 'ROOTCERT_COUNTRY' };
2261 # n2n default settings
2262 if ( $cgiparams { 'CIPHER' } eq '' ) {
2263 $cgiparams { 'CIPHER' } = 'BF-CBC' ;
2265 if ( $cgiparams { 'MTU' } eq '' ) {
2266 $cgiparams { 'MTU' } = '1400' ;
2268 if ( $cgiparams { 'OVPN_SUBNET' } eq '' ) {
2269 $cgiparams { 'OVPN_SUBNET' } = '10.' . int ( rand ( 256 )) . '.' . int ( rand ( 256 )) . '.0/255.255.255.0' ;
2271 #n2n default settings
2272 $checked { 'ENABLED' }{ 'off' } = '' ;
2273 $checked { 'ENABLED' }{ 'on' } = '' ;
2274 $checked { 'ENABLED' }{ $cgiparams { 'ENABLED' }} = 'CHECKED' ;
2275 $checked { 'ENABLED_BLUE' }{ 'off' } = '' ;
2276 $checked { 'ENABLED_BLUE' }{ 'on' } = '' ;
2277 $checked { 'ENABLED_BLUE' }{ $cgiparams { 'ENABLED_BLUE' }} = 'CHECKED' ;
2278 $checked { 'ENABLED_ORANGE' }{ 'off' } = '' ;
2279 $checked { 'ENABLED_ORANGE' }{ 'on' } = '' ;
2280 $checked { 'ENABLED_ORANGE' }{ $cgiparams { 'ENABLED_ORANGE' }} = 'CHECKED' ;
2281 $checked { 'EDIT_ADVANCED' }{ 'off' } = '' ;
2282 $checked { 'EDIT_ADVANCED' }{ 'on' } = '' ;
2283 $checked { 'EDIT_ADVANCED' }{ $cgiparams { 'EDIT_ADVANCED' }} = 'CHECKED' ;
2284 $selected { 'SIDE' }{ 'server' } = '' ;
2285 $selected { 'SIDE' }{ 'client' } = '' ;
2286 $selected { 'SIDE' }{ $cgiparams { 'SIDE' }} = 'SELECTED' ;
2288 # $selected{'DDEVICE'}{'tun'} = '';
2289 # $selected{'DDEVICE'}{'tap'} = '';
2290 # $selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED';
2292 $selected { 'PROTOCOL' }{ 'udp' } = '' ;
2293 $selected { 'PROTOCOL' }{ 'tcp' } = '' ;
2294 $selected { 'PROTOCOL' }{ $cgiparams { 'PROTOCOL' }} = 'SELECTED' ;
2296 $checked { 'AUTH' }{ 'psk' } = '' ;
2297 $checked { 'AUTH' }{ 'certreq' } = '' ;
2298 $checked { 'AUTH' }{ 'certgen' } = '' ;
2299 $checked { 'AUTH' }{ 'certfile' } = '' ;
2300 $checked { 'AUTH' }{ $cgiparams { 'AUTH' }} = 'CHECKED' ;
2301 $selected { 'INTERFACE' }{ $cgiparams { 'INTERFACE' }} = 'SELECTED' ;
2302 $checked { 'COMPLZO' }{ 'off' } = '' ;
2303 $checked { 'COMPLZO' }{ 'on' } = '' ;
2304 $checked { 'COMPLZO' }{ $cgiparams { 'COMPLZO' }} = 'CHECKED' ;
2305 $selected { 'CIPHER' }{ 'DES-CBC' } = '' ;
2306 $selected { 'CIPHER' }{ 'DES-EDE-CBC' } = '' ;
2307 $selected { 'CIPHER' }{ 'DES-EDE3-CBC' } = '' ;
2308 $selected { 'CIPHER' }{ 'DESX-CBC' } = '' ;
2309 $selected { 'CIPHER' }{ 'RC2-CBC' } = '' ;
2310 $selected { 'CIPHER' }{ 'RC2-40-CBC' } = '' ;
2311 $selected { 'CIPHER' }{ 'RC2-64-CBC' } = '' ;
2312 $selected { 'CIPHER' }{ 'BF-CBC' } = '' ;
2313 $selected { 'CIPHER' }{ 'CAST5-CBC' } = '' ;
2314 $selected { 'CIPHER' }{ 'AES-128-CBC' } = '' ;
2315 $selected { 'CIPHER' }{ 'AES-192-CBC' } = '' ;
2316 $selected { 'CIPHER' }{ 'AES-256-CBC' } = '' ;
2317 $selected { 'CIPHER' }{ $cgiparams { 'CIPHER' }} = 'SELECTED' ;
2320 & Header
:: showhttpheaders
();
2321 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
2322 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
2323 if ( $errormessage ) {
2324 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
2325 print "<class name='base'> $errormessage " ;
2326 print " </class>" ;
2327 & Header
:: closebox
();
2330 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'warning messages'}:" );
2331 print "<class name='base'> $warnmessage " ;
2332 print " </class>" ;
2333 & Header
:: closebox
();
2335 print "<form method='post' enctype='multipart/form-data'>" ;
2336 print "<input type='hidden' name='TYPE' value=' $cgiparams {'TYPE'}' />" ;
2337 print "<input type='hidden' name='ZERINA_CLIENT' value=' $cgiparams {'ZERINA_CLIENT'}' />" ;
2338 if ( $cgiparams { 'KEY' }) {
2339 print "<input type='hidden' name='KEY' value=' $cgiparams {'KEY'}' />" ;
2340 print "<input type='hidden' name='AUTH' value=' $cgiparams {'AUTH'}' />" ;
2342 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'connection'}:" );
2343 print "<table width='100%'> \n " ;
2344 print "<tr><td width='25%' class='boldbase'> $Lang ::tr{'name'}:</td>" ;
2345 if ( $cgiparams { 'TYPE' } eq 'host' ) {
2346 if ( $cgiparams { 'KEY' }) {
2347 print "<td width='35%' class='base'><input type='hidden' name='NAME' value=' $cgiparams {'NAME'}' /> $cgiparams {'NAME'}</td> \n " ;
2349 print "<td width='35%'><input type='text' name='NAME' value=' $cgiparams {'NAME'}' maxlength='20' size='30' /></td>" ;
2352 print "<input type='hidden' name='INTERFACE' value='red' />" ;
2353 if ( $cgiparams { 'KEY' }) {
2354 print "<td width='25%' class='base' nowrap='nowrap'><input type='hidden' name='NAME' value=' $cgiparams {'NAME'}' /> $cgiparams {'NAME'}</td>" ;
2356 print "<td width='25%'><input type='text' name='NAME' value=' $cgiparams {'NAME'}' maxlength='20' /></td>" ;
2358 print "<!-- net2net config gui -->" ;
2359 print "<td width='25%'> </td>" ;
2360 print "<td width='25%'> </td></tr>" ;
2361 if ((( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'edit' }) && ( $cgiparams { 'ZERINA_CLIENT' } eq 'no' )) ||
2362 (( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' }) && ( $cgiparams { 'ZERINA_CLIENT' } eq 'no' )) ||
2363 (( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'add' }) && ( $cgiparams { 'ZERINA_CLIENT' } eq 'no' ))) {
2364 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'Act as'}</td>" ;
2365 print "<td><select name='SIDE'><option value='server' $selected {'SIDE'}{'server'}>OpenVPN Server</option>" ;
2366 print "<option value='client' $selected {'SIDE'}{'client'}>OpenVPN Client</option></select></td>" ;
2367 print "<tr><td class='base' nowrap='nowrap'> $Lang ::tr{'local vpn hostname/ip'}:</td>" ;
2368 print "<td><input type='text' name='N2NVPN_IP' value=' $cgiparams {'N2NVPN_IP'}' size='30' /></td>" ;
2369 print "<td class='boldbase'> $Lang ::tr{'remote host/ip'}:</td>" ;
2371 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'Act as'}</td>" ;
2372 print "<td> $cgiparams {'SIDE'}</td><input type='hidden' name='SIDE' value=' $cgiparams {'SIDE'}' />" ;
2373 print "<td class='boldbase'> $Lang ::tr{'remote host/ip'}:</td>" ;
2375 print "<td><input type='TEXT' name='REMOTE' value=' $cgiparams {'REMOTE'}' /></td></tr>" ;
2376 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'local subnet'}</td>" ;
2377 print "<td><input type='TEXT' name='LOCAL_SUBNET' value=' $cgiparams {'LOCAL_SUBNET'}' /></td>" ;
2378 print "<td class='boldbase' nowrap='nowrap'> $Lang ::tr{'remote subnet'}</td>" ;
2379 print "<td><input type='text' name='REMOTE_SUBNET' value=' $cgiparams {'REMOTE_SUBNET'}' /></td></tr>" ;
2380 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'ovpn subnet'}</td>" ;
2381 print "<td><input type='TEXT' name='OVPN_SUBNET' value=' $cgiparams {'OVPN_SUBNET'}' /></td></tr>" ;
2382 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'protocol'}</td>" ;
2383 print "<td><select name='PROTOCOL'><option value='udp' $selected {'PROTOCOL'}{'udp'}>UDP</option>" ;
2384 print "<option value='tcp' $selected {'PROTOCOL'}{'tcp'}>TCP</option></select></td>" ;
2385 print "<td class='boldbase'> $Lang ::tr{'destination port'}:</td>" ;
2386 print "<td><input type='TEXT' name='DEST_PORT' value=' $cgiparams {'DEST_PORT'}' size='5' /></td></tr>" ;
2387 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'comp-lzo'}</td>" ;
2388 print "<td><input type='checkbox' name='COMPLZO' $checked {'COMPLZO'}{'on'} /></td>" ;
2389 print "<td class='boldbase' nowrap='nowrap'> $Lang ::tr{'cipher'}</td>" ;
2390 print "<td><select name='CIPHER'><option value='DES-CBC' $selected {'CIPHER'}{'DES-CBC'}>DES-CBC</option>" ;
2391 print "<option value='DES-EDE-CBC' $selected {'CIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC</option>" ;
2392 print "<option value='DES-EDE3-CBC' $selected {'CIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC</option>" ;
2393 print "<option value='DESX-CBC' $selected {'CIPHER'}{'DESX-CBC'}>DESX-CBC</option>" ;
2394 print "<option value='RC2-CBC' $selected {'CIPHER'}{'RC2-CBC'}>RC2-CBC</option>" ;
2395 print "<option value='RC2-40-CBC' $selected {'CIPHER'}{'RC2-40-CBC'}>RC2-40-CBC</option>" ;
2396 print "<option value='RC2-64-CBC' $selected {'CIPHER'}{'RC2-64-CBC'}>RC2-64-CBC</option>" ;
2397 print "<option value='BF-CBC' $selected {'CIPHER'}{'BF-CBC'}>BF-CBC</option>" ;
2398 print "<option value='CAST5-CBC' $selected {'CIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>" ;
2399 print "<option value='AES-128-CBC' $selected {'CIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>" ;
2400 print "<option value='AES-192-CBC' $selected {'CIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>" ;
2401 print "<option value='AES-256-CBC' $selected {'CIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td>" ;
2402 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'MTU'} </td>" ;
2403 print "<td> <input type='TEXT' name='MTU' VALUE=' $cgiparams {'MTU'}'size='5' /></TD>" ;
2405 print "<tr><td class='boldbase'> $Lang ::tr{'remark title'} <img src='/blob.gif' /></td>" ;
2406 print "<td colspan='3'><input type='text' name='REMARK' value=' $cgiparams {'REMARK'}' size='55' maxlength='50' /></td></tr>" ;
2407 # if ($cgiparams{'TYPE'} eq 'net') {
2408 print "<tr><td> $Lang ::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td> \n " ;
2410 if ( $cgiparams { 'TYPE' } eq 'host' ) {
2411 print "<td colspan='3'> </td></tr></table>" ;
2412 } elsif ( $cgiparams { 'ACTION' } ne $Lang :: tr
{ 'edit' }){
2413 print "<td colspan='3'><input type='checkbox' name='EDIT_ADVANCED' $checked {'EDIT_ADVANCED'}{'on'}/> $Lang ::tr{'edit advanced settings when done'}</tr></table>" ;
2415 print "<td colspan='3'></tr></table>" ;
2419 & Header
:: closebox
();
2420 if ( $cgiparams { 'KEY' } && $cgiparams { 'AUTH' } eq 'psk' ) {
2422 } elsif (! $cgiparams { 'KEY' }) {
2424 my $cakeydisabled = '' ;
2425 my $cacrtdisabled = '' ;
2426 if ( ! - f
"${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" };
2427 if ( ! - f
"${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" };
2428 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'authentication' });
2430 <table width='100%' cellpadding='0' cellspacing='5' border='0'>
2431 <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr>
2432 <tr><td><input type='radio' name='AUTH' value='certreq' $checked {'AUTH'}{'certreq'} $cakeydisabled /></td>
2433 <td class='base'> $Lang ::tr{'upload a certificate request'}</td>
2434 <td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled ></td></tr>
2435 <tr><td><input type='radio' name='AUTH' value='certfile' $checked {'AUTH'}{'certfile'} $cacrtdisabled /></td>
2436 <td class='base'> $Lang ::tr{'upload a certificate'}</td></tr>
2437 <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' BORDER='0' /></td></tr>
2438 <tr><td><input type='radio' name='AUTH' value='certgen' $checked {'AUTH'}{'certgen'} $cakeydisabled /></td>
2439 <td class='base'> $Lang ::tr{'generate a certificate'}</td><td> </td></tr>
2441 <td class='base'> $Lang ::tr{'users fullname or system hostname'}:</td>
2442 <td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value=' $cgiparams {'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
2444 <td class='base'> $Lang ::tr{'users email'}: <img src='/blob.gif' /></td>
2445 <td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value=' $cgiparams {'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
2447 <td class='base'> $Lang ::tr{'users department'}: <img src='/blob.gif' /></td>
2448 <td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value=' $cgiparams {'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
2450 <td class='base'> $Lang ::tr{'organization name'}: <img src='/blob.gif' /></td>
2451 <td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value=' $cgiparams {'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
2453 <td class='base'> $Lang ::tr{'city'}: <img src='/blob.gif'></td>
2454 <td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value=' $cgiparams {'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
2456 <td class='base'> $Lang ::tr{'state or province'}: <img src='/blob.gif' /></td>
2457 <td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value=' $cgiparams {'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
2459 <td class='base'> $Lang ::tr{'country'}:</td>
2460 <td class='base'><select name='CERT_COUNTRY' $cakeydisabled >
2463 foreach my $country ( sort keys %{ Countries
:: countries
}) {
2464 print "<option value=' $Countries ::countries{ $country }'" ;
2465 if ( $Countries :: countries
{ $country } eq $cgiparams { 'CERT_COUNTRY' } ) {
2466 print " selected='selected'" ;
2468 print "> $country </option>" ;
2473 <td class='base'> $Lang ::tr{'pkcs12 file password'}:</td>
2474 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value=' $cgiparams {'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr>
2475 <tr><td> </td><td class='base'> $Lang ::tr{'pkcs12 file password'}:<BR>( $Lang ::tr{'confirmation'})</td>
2476 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value=' $cgiparams {'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr>
2480 & Header
:: closebox
();
2482 print "<div align='center'><input type='submit' name='ACTION' value=' $Lang ::tr{'save'}' />" ;
2483 if ( $cgiparams { 'KEY' }) {
2484 if ( $cgiparams { 'TYPE' } ne 'host' ) {
2485 print "<input type='submit' name='ACTION' value=' $Lang ::tr{'advanced'}' />" ;
2488 print "<input type='submit' name='ACTION' value=' $Lang ::tr{'cancel'}' /></div></form>" ;
2489 & Header
:: closebigbox
();
2490 & Header
:: closepage
();
2496 ### Advanced settings
2498 if (( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'advanced' }) ||
2499 ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' } && $cgiparams { 'ADVANCED' } eq 'yes' )) {
2500 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
2501 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
2503 if (! $confighash { $cgiparams { 'KEY' }}) {
2504 $errormessage = $Lang :: tr
{ 'invalid key' };
2508 if ( $cgiparams { 'KEEPALIVE_1' } ne '' ) {
2509 if ( $cgiparams { 'KEEPALIVE_1' } !~ /^[0-9]+$/ ) {
2510 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 1' };
2511 goto ADVANCED_ERROR
;
2514 if ( $cgiparams { 'KEEPALIVE_2' } ne '' ){
2515 if ( $cgiparams { 'KEEPALIVE_2' } !~ /^[0-9]+$/ ) {
2516 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 2' };
2517 goto ADVANCED_ERROR
;
2520 if ( $cgiparams { 'KEEPALIVE_2' } < ( $cgiparams { 'KEEPALIVE_1' } * 2 )){
2521 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 1:2' };
2522 goto ADVANCED_ERROR
;
2524 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' }) {
2525 # if ($cgiparams{'NAT'} !~ /^(on|off)$/) {
2526 # $errormessage = $Lang::tr{'invalid input'};
2527 # goto ADVANCED_ERROR;
2531 $confighash { $cgiparams { 'KEY' }}[ 26 ] = $cgiparams { 'KEEPALIVE_1' };
2532 $confighash { $cgiparams { 'KEY' }}[ 27 ] = $cgiparams { 'KEEPALIVE_2' };
2533 $confighash { $cgiparams { 'KEY' }}[ 28 ] = $cgiparams { 'EXTENDED_NICE' };
2534 $confighash { $cgiparams { 'KEY' }}[ 29 ] = $cgiparams { 'EXTENDED_FASTIO' };
2535 $confighash { $cgiparams { 'KEY' }}[ 30 ] = $cgiparams { 'EXTENDED_MTUDISC' };
2536 $confighash { $cgiparams { 'KEY' }}[ 31 ] = $cgiparams { 'EXTENDED_MSSFIX' };
2537 $confighash { $cgiparams { 'KEY' }}[ 32 ] = $cgiparams { 'EXTENDED_FRAGMENT' };
2538 $confighash { $cgiparams { 'KEY' }}[ 33 ] = $cgiparams { 'PROXY_HOST' };
2539 $confighash { $cgiparams { 'KEY' }}[ 34 ] = $cgiparams { 'PROXY_PORT' };
2540 $confighash { $cgiparams { 'KEY' }}[ 35 ] = $cgiparams { 'PROXY_USERNAME' };
2541 $confighash { $cgiparams { 'KEY' }}[ 36 ] = $cgiparams { 'PROXY_PASS' };
2542 $confighash { $cgiparams { 'KEY' }}[ 37 ] = $cgiparams { 'PROXY_AUTH_METHOD' };
2543 $confighash { $cgiparams { 'KEY' }}[ 38 ] = $cgiparams { 'http-proxy-retry' };
2544 $confighash { $cgiparams { 'KEY' }}[ 39 ] = $cgiparams { 'PROXY_TIMEOUT' };
2545 $confighash { $cgiparams { 'KEY' }}[ 40 ] = $cgiparams { 'PROXY_OPT_VERSION' };
2546 $confighash { $cgiparams { 'KEY' }}[ 41 ] = $cgiparams { 'PROXY_OPT_AGENT' };
2547 $confighash { $cgiparams { 'KEY' }}[ 42 ] = $cgiparams { 'LOG_VERB' };
2548 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
2549 & Ovpnfunc
:: writenet2netconf
( $cgiparams { 'KEY' }, $zerinaclient );
2550 # restart n2n after advanced save ?
2553 $cgiparams { 'KEEPALIVE_1' } = $confighash { $cgiparams { 'KEY' }}[ 26 ];
2554 $cgiparams { 'KEEPALIVE_2' } = $confighash { $cgiparams { 'KEY' }}[ 27 ];
2555 $cgiparams { 'EXTENDED_NICE' } = $confighash { $cgiparams { 'KEY' }}[ 28 ];
2556 $cgiparams { 'EXTENDED_FASTIO' } = $confighash { $cgiparams { 'KEY' }}[ 29 ];
2557 $cgiparams { 'EXTENDED_MTUDISC' } = $confighash { $cgiparams { 'KEY' }}[ 30 ];
2558 $cgiparams { 'EXTENDED_MSSFIX' } = $confighash { $cgiparams { 'KEY' }}[ 31 ];
2559 $cgiparams { 'EXTENDED_FRAGMENT' } = $confighash { $cgiparams { 'KEY' }}[ 32 ];
2560 $cgiparams { 'PROXY_HOST' } = $confighash { $cgiparams { 'KEY' }}[ 33 ];
2561 $cgiparams { 'PROXY_PORT' } = $confighash { $cgiparams { 'KEY' }}[ 34 ];
2562 $cgiparams { 'PROXY_USERNAME' } = $confighash { $cgiparams { 'KEY' }}[ 35 ];
2563 $cgiparams { 'PROXY_PASS' } = $confighash { $cgiparams { 'KEY' }}[ 36 ];
2564 $cgiparams { 'PROXY_AUTH_METHOD' } = $confighash { $cgiparams { 'KEY' }}[ 37 ];
2565 $cgiparams { 'http-proxy-retry' } = $confighash { $cgiparams { 'KEY' }}[ 38 ];
2566 $cgiparams { 'PROXY_TIMEOUT' } = $confighash { $cgiparams { 'KEY' }}[ 39 ];
2567 $cgiparams { 'PROXY_OPT_VERSION' } = $confighash { $cgiparams { 'KEY' }}[ 40 ];
2568 $cgiparams { 'PROXY_OPT_AGENT' } = $confighash { $cgiparams { 'KEY' }}[ 41 ];
2569 $cgiparams { 'LOG_VERB' } = $confighash { $cgiparams { 'KEY' }}[ 42 ];
2574 $selected { 'EXTENDED_NICE' }{ '-13' } = '' ;
2575 $selected { 'EXTENDED_NICE' }{ '-10' } = '' ;
2576 $selected { 'EXTENDED_NICE' }{ '-7' } = '' ;
2577 $selected { 'EXTENDED_NICE' }{ '-3' } = '' ;
2578 $selected { 'EXTENDED_NICE' }{ '0' } = '' ;
2579 $selected { 'EXTENDED_NICE' }{ '3' } = '' ;
2580 $selected { 'EXTENDED_NICE' }{ '7' } = '' ;
2581 $selected { 'EXTENDED_NICE' }{ '10' } = '' ;
2582 $selected { 'EXTENDED_NICE' }{ '13' } = '' ;
2583 $selected { 'EXTENDED_NICE' }{ $cgiparams { 'EXTENDED_NICE' }} = 'SELECTED' ;
2584 $checked { 'EXTENDED_FASTIO' }{ 'off' } = '' ;
2585 $checked { 'EXTENDED_FASTIO' }{ 'on' } = '' ;
2586 $checked { 'EXTENDED_FASTIO' }{ $cgiparams { 'EXTENDED_FASTIO' }} = 'CHECKED' ;
2587 $checked { 'EXTENDED_MTUDISC' }{ 'off' } = '' ;
2588 $checked { 'EXTENDED_MTUDISC' }{ 'on' } = '' ;
2589 $checked { 'EXTENDED_MTUDISC' }{ $cgiparams { 'EXTENDED_MTUDISC' }} = 'CHECKED' ;
2590 $selected { 'LOG_VERB' }{ '1' } = '' ;
2591 $selected { 'LOG_VERB' }{ '2' } = '' ;
2592 $selected { 'LOG_VERB' }{ '3' } = '' ;
2593 $selected { 'LOG_VERB' }{ '4' } = '' ;
2594 $selected { 'LOG_VERB' }{ '5' } = '' ;
2595 $selected { 'LOG_VERB' }{ '6' } = '' ;
2596 $selected { 'LOG_VERB' }{ '7' } = '' ;
2597 $selected { 'LOG_VERB' }{ '8' } = '' ;
2598 $selected { 'LOG_VERB' }{ '9' } = '' ;
2599 $selected { 'LOG_VERB' }{ '10' } = '' ;
2600 $selected { 'LOG_VERB' }{ '11' } = '' ;
2601 $selected { 'LOG_VERB' }{ '0' } = '' ;
2602 $selected { 'LOG_VERB' }{ $cgiparams { 'LOG_VERB' }} = 'SELECTED' ;
2603 $selected { 'PROXY_AUTH_METHOD' }{ 'none' } = '' ;
2604 $selected { 'PROXY_AUTH_METHOD' }{ 'basic' } = '' ;
2605 $selected { 'PROXY_AUTH_METHOD' }{ 'ntlm' } = '' ;
2606 $selected { 'PROXY_AUTH_METHOD' }{ $cgiparams { 'PROXY_AUTH_METHOD' }} = 'SELECTED' ;
2607 $checked { 'PROXY_RETRY' }{ 'off' } = '' ;
2608 $checked { 'PROXY_RETRY' }{ 'on' } = '' ;
2609 $checked { 'PROXY_RETRY' }{ $cgiparams { 'PROXY_RETRY' }} = 'CHECKED' ;
2611 & Header
:: showhttpheaders
();
2612 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
2613 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
2615 if ( $errormessage ) {
2616 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
2617 print "<class name='base'> $errormessage " ;
2618 print " </class>" ;
2619 & Header
:: closebox
();
2623 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'warning messages' });
2624 print "<class name='base'> $warnmessage " ;
2625 print " </class>" ;
2626 & Header
:: closebox
();
2629 print "<form method='post' enctype='multipart/form-data'> \n " ;
2630 print "<input type='hidden' name='ADVANCED' value='yes' /> \n " ;
2631 print "<input type='hidden' name='KEY' value=' $cgiparams {'KEY'}' /> \n " ;
2633 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'advanced'}:" );
2635 <form method='post' enctype='multipart/form-data'>
2636 <table width='100%'>
2638 <td class'base'><b> $Lang ::tr{'misc-options'}</b></td>
2641 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
2643 <td class='base'>Keppalive (ping/ping-restart)</td>
2644 <td><input type='TEXT' name='KEEPALIVE_1' value=' $cgiparams {'KEEPALIVE_1'}' size='30' /></td>
2645 <td><input type='TEXT' name='KEEPALIVE_2' value=' $cgiparams {'KEEPALIVE_2'}' size='30' /></td>
2649 <td class='base'> $Lang ::tr{'ovpn_processprio'}</td>
2651 <select name='EXTENDED_NICE' disabled='disabled'>
2652 <option value='-13' $selected {'EXTENDED_NICE'}{'-13'}> $Lang ::tr{'ovpn_processprioEH'}</option>
2653 <option value='-10' $selected {'EXTENDED_NICE'}{'-10'}> $Lang ::tr{'ovpn_processprioVH'}</option>
2654 <option value='-7' $selected {'EXTENDED_NICE'}{'-7'}> $Lang ::tr{'ovpn_processprioH'}</option>
2655 <option value='-3' $selected {'EXTENDED_NICE'}{'-3'}> $Lang ::tr{'ovpn_processprioEN'}</option>
2656 <option value='0' $selected {'EXTENDED_NICE'}{'0'}> $Lang ::tr{'ovpn_processprioN'}</option>
2657 <option value='3' $selected {'EXTENDED_NICE'}{'3'}> $Lang ::tr{'ovpn_processprioLN'}</option>
2658 <option value='7' $selected {'EXTENDED_NICE'}{'7'}> $Lang ::tr{'ovpn_processprioD'}</option>
2659 <option value='10' $selected {'EXTENDED_NICE'}{'10'}> $Lang ::tr{'ovpn_processprioVD'}</option>
2660 <option value='13' $selected {'EXTENDED_NICE'}{'13'}> $Lang ::tr{'ovpn_processprioED'}</option>
2665 <td class='base'> $Lang ::tr{'ovpn_fastio'}</td>
2667 <input type='checkbox' name='EXTENDED_FASTIO' $checked {'EXTENDED_FASTIO'}{'on'} disabled='disabled'/>
2671 <td class='base'> $Lang ::tr{'ovpn_mtudisc'}</td>
2673 <input type='checkbox' name='EXTENDED_MTUDISC' $checked {'EXTENDED_MTUDISC'}{'on'} disabled='disabled'/>
2677 <td class='base'> $Lang ::tr{'ovpn_mssfix'}</td>
2679 <input type='TEXT' name='EXTENDED_MSSFIX' value=' $cgiparams {'EXTENDED_MSSFIX'}' size='30' disabled='disabled'/>
2683 <td class='base'> $Lang ::tr{'ovpn_fragment'}</td>
2685 <input type='TEXT' name='EXTENDED_FRAGMENT' value=' $cgiparams {'EXTENDED_FRAGMENT'}' size='30' disabled='disabled'/>
2690 <table width='100%'>
2692 <td class'base'><b> $Lang ::tr{'proxy'} $Lang ::tr{'settings'}</b></td>
2695 <td width='25%'></td> <td width='25%'> </td><td width='25%'> </td><td width='25%'></td>
2697 <td class='base'> $Lang ::tr{'proxy'} $Lang ::tr{'host'}:</td>
2698 <td><input type='TEXT' name='PROXY_HOST' value=' $cgiparams {'PROXY_HOST'}' size='30' disabled='disabled'/></td>
2699 <td class='base'> $Lang ::tr{'proxy port'}:</td>
2700 <td><input type='TEXT' name='PROXY_PORT' value=' $cgiparams {'PROXY_PORT'}' size='10' disabled='disabled'/></td>
2703 <td class='base'> $Lang ::tr{'username'}</td>
2704 <td><input type='TEXT' name='PROXY_USERNAME' value=' $cgiparams {'PROXY_USERNAME'}' size='30' disabled='disabled' /></td>
2705 <td class='base'> $Lang ::tr{'password'}</td>
2706 <td><input type='TEXT' name='PROXY_PASS' value=' $cgiparams {'PROXY_PASS'}' size='10' disabled='disabled'/></td>
2709 <td class='base'> $Lang ::tr{'authentication'} $Lang ::tr{'method'}</td>
2711 <select name='PROXY_AUTH_METHOD' disabled='disabled'>
2712 <option value='none' $selected {'PROXY_AUTH_METHOD'}{'none'}>none</option>
2713 <option value='basic' $selected {'PROXY_AUTH_METHOD'}{'basic'}>basic</option>
2714 <option value='ntlm' $selected {'PROXY_AUTH_METHOD'}{'ntlm'}>ntlm</option>
2719 <td class='base'>http-proxy-retry</td>
2720 <td><input type='checkbox' name='PROXY_RETRY' $checked {'PROXY_RETRY'}{'on'} disabled='disabled' /></td>
2721 <td class='base'>http-proxy-timeout</td>
2722 <td><input type='TEXT' name='PROXY_TIMEOUT' value=' $cgiparams {'PROXY_TIMEOUT'}' size='10' disabled='disabled'/></td>
2724 <td class='base'>http-proxy-option VERSION</td>
2725 <td><input type='TEXT' name='PROXY_OPT_VERSION' value=' $cgiparams {'PROXY_OPT_VERSION'}' size='30' disabled='disabled'/></td>
2726 <td class='base'>http-proxy-option AGENT</td>
2727 <td><input type='TEXT' name='PROXY_OPT_AGENT' value=' $cgiparams {'PROXY_OPT_AGENT'}' size='10' disabled='disabled'/></td>
2731 <table width='100%'>
2733 <td class'base'><b> $Lang ::tr{'log-options'}</b></td>
2736 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
2738 <tr><td class='base'>VERB</td>
2739 <td><select name='LOG_VERB'><option value='1' $selected {'LOG_VERB'}{'1'}>1</option>
2740 <option value='2' $selected {'LOG_VERB'}{'2'}>2</option>
2741 <option value='3' $selected {'LOG_VERB'}{'3'}>3</option>
2742 <option value='4' $selected {'LOG_VERB'}{'4'}>4</option>
2743 <option value='5' $selected {'LOG_VERB'}{'5'}>5</option>
2744 <option value='6' $selected {'LOG_VERB'}{'6'}>6</option>
2745 <option value='7' $selected {'LOG_VERB'}{'7'}>7</option>
2746 <option value='8' $selected {'LOG_VERB'}{'8'}>8</option>
2747 <option value='9' $selected {'LOG_VERB'}{'9'}>9</option>
2748 <option value='10' $selected {'LOG_VERB'}{'10'}>10</option>
2749 <option value='11' $selected {'LOG_VERB'}{'11'}>11</option>
2750 <option value='0' $selected {'LOG_VERB'}{'0'}>0</option></select></td>
2756 & Header
:: closebox
();
2757 print "<div align='center'><input type='submit' name='ACTION' value=' $Lang ::tr{'save'}' />" ;
2758 print "<input type='submit' name='ACTION' value=' $Lang ::tr{'cancel'}' /></div></form>" ;
2759 & Header
:: closebigbox
();
2760 & Header
:: closepage
();
2766 ### Default status page
2771 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%cgiparams );
2772 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
2773 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
2774 my @status = `/bin/cat /var/log/ovpnserver.log` ;
2775 if ( $cgiparams { 'VPN_IP' } eq '' && - e
"${General::swroot}/red/active" ) {
2776 if ( open ( IPADDR
, "${General::swroot}/red/local-ipaddress" )) {
2777 my $ipaddr = < IPADDR
>;
2780 $cgiparams { 'VPN_IP' } = ( gethostbyaddr ( pack ( "C4" , split ( /\./ , $ipaddr )), 2 ))[ 0 ];
2781 if ( $cgiparams { 'VPN_IP' } eq '' ) {
2782 $cgiparams { 'VPN_IP' } = $ipaddr ;
2787 if ( $cgiparams { 'DCIPHER' } eq '' ) {
2788 $cgiparams { 'DCIPHER' } = 'BF-CBC' ;
2790 # if ($cgiparams{'DCOMPLZO'} eq '') {
2791 # $cgiparams{'DCOMPLZO'} = 'on';
2793 if ( $cgiparams { 'DDEST_PORT' } eq '' ) {
2794 $cgiparams { 'DDEST_PORT' } = '1194' ;
2796 if ( $cgiparams { 'DMTU' } eq '' ) {
2797 $cgiparams { 'DMTU' } = '1400' ;
2799 if ( $cgiparams { 'DOVPN_SUBNET' } eq '' ) {
2800 $cgiparams { 'DOVPN_SUBNET' } = '10.' . int ( rand ( 256 )) . '.' . int ( rand ( 256 )) . '.0/255.255.255.0' ;
2802 $checked { 'ENABLED' }{ 'off' } = '' ;
2803 $checked { 'ENABLED' }{ 'on' } = '' ;
2804 $checked { 'ENABLED' }{ $cgiparams { 'ENABLED' }} = 'CHECKED' ;
2805 $checked { 'ENABLED_BLUE' }{ 'off' } = '' ;
2806 $checked { 'ENABLED_BLUE' }{ 'on' } = '' ;
2807 $checked { 'ENABLED_BLUE' }{ $cgiparams { 'ENABLED_BLUE' }} = 'CHECKED' ;
2808 $checked { 'ENABLED_ORANGE' }{ 'off' } = '' ;
2809 $checked { 'ENABLED_ORANGE' }{ 'on' } = '' ;
2810 $checked { 'ENABLED_ORANGE' }{ $cgiparams { 'ENABLED_ORANGE' }} = 'CHECKED' ;
2812 $selected { 'DDEVICE' }{ 'tun' } = '' ;
2813 $selected { 'DDEVICE' }{ 'tap' } = '' ;
2814 $selected { 'DDEVICE' }{ $cgiparams { 'DDEVICE' }} = 'SELECTED' ;
2815 $selected { 'DPROTOCOL' }{ 'udp' } = '' ;
2816 $selected { 'DPROTOCOL' }{ 'tcp' } = '' ;
2817 $selected { 'DPROTOCOL' }{ $cgiparams { 'DPROTOCOL' }} = 'SELECTED' ;
2818 $selected { 'DCIPHER' }{ 'DES-CBC' } = '' ;
2819 $selected { 'DCIPHER' }{ 'DES-EDE-CBC' } = '' ;
2820 $selected { 'DCIPHER' }{ 'DES-EDE3-CBC' } = '' ;
2821 $selected { 'DCIPHER' }{ 'DESX-CBC' } = '' ;
2822 $selected { 'DCIPHER' }{ 'RC2-CBC' } = '' ;
2823 $selected { 'DCIPHER' }{ 'RC2-40-CBC' } = '' ;
2824 $selected { 'DCIPHER' }{ 'RC2-64-CBC' } = '' ;
2825 $selected { 'DCIPHER' }{ 'BF-CBC' } = '' ;
2826 $selected { 'DCIPHER' }{ 'CAST5-CBC' } = '' ;
2827 $selected { 'DCIPHER' }{ 'AES-128-CBC' } = '' ;
2828 $selected { 'DCIPHER' }{ 'AES-192-CBC' } = '' ;
2829 $selected { 'DCIPHER' }{ 'AES-256-CBC' } = '' ;
2830 $selected { 'DCIPHER' }{ $cgiparams { 'DCIPHER' }} = 'SELECTED' ;
2831 $checked { 'DCOMPLZO' }{ 'off' } = '' ;
2832 $checked { 'DCOMPLZO' }{ 'on' } = '' ;
2833 $checked { 'DCOMPLZO' }{ $cgiparams { 'DCOMPLZO' }} = 'CHECKED' ;
2836 & Header
:: showhttpheaders
();
2837 & Header
:: openpage
( $Lang :: tr
{ 'status ovpn' }, 1 , '' );
2838 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
2840 if ( $errormessage ) {
2841 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
2842 print "<class name='base'> $errormessage \n " ;
2843 print " </class> \n " ;
2844 & Header
:: closebox
();
2847 my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'> $Lang ::tr{'stopped'}</font></b></td></tr></table>" ;
2848 my $srunning = "no" ;
2849 my $activeonrun = "" ;
2850 if ( - e
"/var/run/openvpn.pid" ){
2851 $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'> $Lang ::tr{'running'}</font></b></td></tr></table>" ;
2855 $activeonrun = "disabled='disabled'" ;
2859 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'certificate authorities'}:" );
2860 print "<div align='center'><strong>ZERINA-0.9.7a9</strong></div>" ;
2863 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
2865 <td width='25%' class='boldbase' align='center'><b> $Lang ::tr{'name'}</b></td>
2866 <td width='65%' class='boldbase' align='center'><b> $Lang ::tr{'subject'}</b></td>
2867 <td width='10%' class='boldbase' colspan='3' align='center'><b> $Lang ::tr{'action'}</b></td>
2871 if (- f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
2872 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem` ;
2873 $casubject =~ /Subject: (.*)[\n]/ ;
2875 $casubject =~ s
+/ Email
+, E
+;
2876 $casubject =~ s/ ST=/ S=/ ;
2878 <tr bgcolor='${Header::table2colour}'>
2879 <td class='base'> $Lang ::tr{'root certificate'}</td>
2880 <td class='base'> $casubject </td>
2881 <form method='post' name='frmrootcrta'><td width='3%' align='center'>
2882 <input type='hidden' name='ACTION' value=' $Lang ::tr{'show root certificate'}' />
2883 <input type='image' name=' $Lang ::tr{'edit'}' src='/images/info.gif' alt=' $Lang ::tr{'show root certificate'}' title=' $Lang ::tr{'show root certificate'}' width='20' height='20' border='0' />
2885 <form method='post' name='frmrootcrtb'><td width='3%' align='center'>
2886 <input type='image' name=' $Lang ::tr{'download root certificate'}' src='/images/floppy.gif' alt=' $Lang ::tr{'download root certificate'}' title=' $Lang ::tr{'download root certificate'}' border='0' />
2887 <input type='hidden' name='ACTION' value=' $Lang ::tr{'download root certificate'}' />
2889 <td width='4%'> </td></tr>
2893 # display rootcert generation buttons
2895 <tr bgcolor='${Header::table2colour}'>
2896 <td class='base'> $Lang ::tr{'root certificate'}:</td>
2897 <td class='base'> $Lang ::tr{'not present'}</td>
2898 <td colspan='3'> </td></tr>
2903 if (- f
"${General::swroot}/ovpn/certs/servercert.pem" ) {
2904 my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem` ;
2905 $hostsubject =~ /Subject: (.*)[\n]/ ;
2907 $hostsubject =~ s
+/ Email
+, E
+;
2908 $hostsubject =~ s/ ST=/ S=/ ;
2910 <tr bgcolor='${Header::table1colour}'>
2911 <td class='base'> $Lang ::tr{'host certificate'}</td>
2912 <td class='base'> $hostsubject </td>
2913 <form method='post' name='frmhostcrta'><td width='3%' align='center'>
2914 <input type='hidden' name='ACTION' value=' $Lang ::tr{'show host certificate'}' />
2915 <input type='image' name=' $Lang ::tr{'show host certificate'}' src='/images/info.gif' alt=' $Lang ::tr{'show host certificate'}' title=' $Lang ::tr{'show host certificate'}' width='20' height='20' border='0' />
2917 <form method='post' name='frmhostcrtb'><td width='3%' align='center'>
2918 <input type='image' name=' $Lang ::tr{'download host certificate'}' src='/images/floppy.gif' alt=' $Lang ::tr{'download host certificate'}' title=' $Lang ::tr{'download host certificate'}' border='0' />
2919 <input type='hidden' name='ACTION' value=' $Lang ::tr{'download host certificate'}' />
2921 <td width='4%'> </td></tr>
2927 <tr bgcolor='${Header::table1colour}'>
2928 <td width='25%' class='base'> $Lang ::tr{'host certificate'}:</td>
2929 <td class='base'> $Lang ::tr{'not present'}</td>
2930 </td><td colspan='3'> </td></tr>
2935 if (! - f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
2936 print "<tr><td colspan='5' align='center'><form method='post'>" ;
2937 print "<input type='submit' name='ACTION' value=' $Lang ::tr{'generate root/host certificates'}' />" ;
2938 print "</form></td></tr> \n " ;
2941 if ( keys %cahash > 0 ) {
2942 foreach my $key ( keys %cahash ) {
2943 if (( $key + 1 ) % 2 ) {
2944 print "<tr bgcolor='${Header::table1colour}'> \n " ;
2946 print "<tr bgcolor='${Header::table2colour}'> \n " ;
2948 print "<td class='base'> $cahash { $key }[0]</td> \n " ;
2949 print "<td class='base'> $cahash { $key }[1]</td> \n " ;
2951 <form method='post' name='cafrm${key}a'><td align='center'>
2952 <input type='image' name=' $Lang ::tr{'show ca certificate'}' src='/images/info.gif' alt=' $Lang ::tr{'show ca certificate'}' title=' $Lang ::tr{'show ca certificate'}' border='0' />
2953 <input type='hidden' name='ACTION' value=' $Lang ::tr{'show ca certificate'}' />
2954 <input type='hidden' name='KEY' value=' $key ' />
2956 <form method='post' name='cafrm${key}b'><td align='center'>
2957 <input type='image' name=' $Lang ::tr{'download ca certificate'}' src='/images/floppy.gif' alt=' $Lang ::tr{'download ca certificate'}' title=' $Lang ::tr{'download ca certificate'}' border='0' />
2958 <input type='hidden' name='ACTION' value=' $Lang ::tr{'download ca certificate'}' />
2959 <input type='hidden' name='KEY' value=' $key ' />
2961 <form method='post' name='cafrm${key}c'><td align='center'>
2962 <input type='hidden' name='ACTION' value=' $Lang ::tr{'remove ca certificate'}' />
2963 <input type='image' name=' $Lang ::tr{'remove ca certificate'}' src='/images/delete.gif' alt=' $Lang ::tr{'remove ca certificate'}' title=' $Lang ::tr{'remove ca certificate'}' width='20' height='20' border='0' />
2964 <input type='hidden' name='KEY' value=' $key ' />
2971 if ( - f
"${General::swroot}/ovpn/ca/cacert.pem" ) { # If the file contains entries, print Key to action icons
2975 <td class='boldbase'> <b> $Lang ::tr{'legend'}:</b></td>
2976 <td> <img src='/images/info.gif' alt=' $Lang ::tr{'show certificate'}' /></td>
2977 <td class='base'> $Lang ::tr{'show certificate'}</td>
2978 <td> <img src='/images/floppy.gif' alt=' $Lang ::tr{'download certificate'}' /></td>
2979 <td class='base'> $Lang ::tr{'download certificate'}</td>
2986 <form method='post' enctype='multipart/form-data'>
2987 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
2988 <tr><td class='base' nowrap='nowrap'> $Lang ::tr{'ca name'}:</td>
2989 <td nowrap='nowrap'><input type='text' name='CA_NAME' value=' $cgiparams {'CA_NAME'}' size='15' />
2990 <td nowrap='nowrap'><input type='file' name='FH' size='30' /></td>
2991 <td nowrap='nowrap'><input type='submit' name='ACTION' value=' $Lang ::tr{'upload ca certificate'}' /></td>
2992 <td nowrap='nowrap'><input type='submit' name='ACTION' value=' $Lang ::tr{'show crl'}' /></td>
2993 </tr></table></form>
2996 & Header
:: closebox
();
2997 if ( $srunning eq "yes" ) {
2998 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value=' $Lang ::tr{'reset'}' disabled='disabled' /></div></form> \n " ;
3000 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value=' $Lang ::tr{'reset'}' /></div></form> \n " ;
3004 #&Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'});
3005 & Header
:: openbox
( '100%' , 'LEFT' , 'Roadwarrior Server' );
3007 <table width='100%'>
3008 <form method='post'>
3009 <td width='25%'> </td>
3010 <td width='25%'> </td>
3011 <td width='25%'> </td></tr>
3012 <tr><td class='boldbase'> $Lang ::tr{'ovpn server status'}</td>
3013 <td align='left'> $sactive </td>
3014 <tr><td class='boldbase'> $Lang ::tr{'ovpn on red'}</td>
3015 <td><input type='checkbox' name='ENABLED' $checked {'ENABLED'}{'on'} /></td>
3018 if (& Ovpnfunc
:: haveBlueNet
()) {
3019 print "<tr><td class='boldbase'> $Lang ::tr{'ovpn on blue'}</td>" ;
3020 print "<td><input type='checkbox' name='ENABLED_BLUE' $checked {'ENABLED_BLUE'}{'on'} /></td>" ;
3022 if (& Ovpnfunc
:: haveOrangeNet
()) {
3023 print "<tr><td class='boldbase'> $Lang ::tr{'ovpn on orange'}</td>" ;
3024 print "<td><input type='checkbox' name='ENABLED_ORANGE' $checked {'ENABLED_ORANGE'}{'on'} /></td>" ;
3027 <tr><td class='base' nowrap='nowrap'> $Lang ::tr{'local vpn hostname/ip'}:</td>
3028 <td><input type='text' name='VPN_IP' value=' $cgiparams {'VPN_IP'}' size='30' /></td>
3029 <td class='boldbase' nowrap='nowrap'> $Lang ::tr{'ovpn subnet'}</td>
3030 <td><input type='TEXT' name='DOVPN_SUBNET' value=' $cgiparams {'DOVPN_SUBNET'}' size='30' /></td></tr>
3031 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'ovpn device'}</td>
3032 <td><select name='DDEVICE' ><option value='tun' $selected {'DDEVICE'}{'tun'}>TUN</option>
3033 <option value='tap' $selected {'DDEVICE'}{'tap'}>TAP</option></select></td>
3034 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'protocol'}</td>
3035 <td><select name='DPROTOCOL'><option value='udp' $selected {'DPROTOCOL'}{'udp'}>UDP</option>
3036 <option value='tcp' $selected {'DPROTOCOL'}{'tcp'}>TCP</option></select></td>
3037 <td class='boldbase'> $Lang ::tr{'destination port'}:</td>
3038 <td><input type='TEXT' name='DDEST_PORT' value=' $cgiparams {'DDEST_PORT'}' size='5' /></td></tr>
3039 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'MTU'} </td>
3040 <td> <input type='TEXT' name='DMTU' VALUE=' $cgiparams {'DMTU'}'size='5' /></TD>
3041 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'comp-lzo'}</td>
3042 <td><input type='checkbox' name='DCOMPLZO' $checked {'DCOMPLZO'}{'on'} /></td>
3043 <td class='boldbase' nowrap='nowrap'> $Lang ::tr{'cipher'}</td>
3044 <td><select name='DCIPHER'><option value='DES-CBC' $selected {'DCIPHER'}{'DES-CBC'}>DES-CBC</option>
3045 <option value='DES-EDE-CBC' $selected {'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC</option>
3046 <option value='DES-EDE3-CBC' $selected {'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC</option>
3047 <option value='DESX-CBC' $selected {'DCIPHER'}{'DESX-CBC'}>DESX-CBC</option>
3048 <option value='RC2-CBC' $selected {'DCIPHER'}{'RC2-CBC'}>RC2-CBC</option>
3049 <option value='RC2-40-CBC' $selected {'DCIPHER'}{'RC2-40-CBC'}>RC2-40-CBC</option>
3050 <option value='RC2-64-CBC' $selected {'DCIPHER'}{'RC2-64-CBC'}>RC2-64-CBC</option>
3051 <option value='BF-CBC' $selected {'DCIPHER'}{'BF-CBC'}>BF-CBC</option>
3052 <option value='CAST5-CBC' $selected {'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>
3053 <option value='AES-128-CBC' $selected {'DCIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>
3054 <option value='AES-192-CBC' $selected {'DCIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>
3055 <option value='AES-256-CBC' $selected {'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td>
3059 if ( $srunning eq "yes" ) {
3060 print "<tr><td align='left'><input type='submit' name='ACTION' value=' $Lang ::tr{'save'}' disabled='disabled' /></td>" ;
3061 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'advanced server'}' disabled='disabled'/></td>" ;
3062 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'stop ovpn server'}' /></td>" ;
3063 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'restart ovpn server'}' /></td></tr>" ;
3065 print "<tr><td align='left'><input type='submit' name='ACTION' value=' $Lang ::tr{'save'}' /></td>" ;
3066 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'advanced server'}' /></td>" ;
3067 if (( - e
"${General::swroot}/ovpn/ca/cacert.pem" &&
3068 - e
"${General::swroot}/ovpn/ca/dh1024.pem" &&
3069 - e
"${General::swroot}/ovpn/certs/servercert.pem" &&
3070 - e
"${General::swroot}/ovpn/certs/serverkey.pem" ) &&
3071 (( $cgiparams { 'ENABLED' } eq 'on' ) ||
3072 ( $cgiparams { 'ENABLED_BLUE' } eq 'on' ) ||
3073 ( $cgiparams { 'ENABLED_ORANGE' } eq 'on' ))){
3074 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'start ovpn server'}' /></td>" ;
3075 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'restart ovpn server'}' /></td></tr>" ;
3077 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'start ovpn server'}' disabled='disabled' /></td>" ;
3078 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'restart ovpn server'}' disabled='disabled' /></td></tr>" ;
3081 print "</form></table>" ;
3082 & Header
:: closebox
();
3084 & Ovpnfunc
:: rwclientstatus
( $activeonrun );
3085 & Ovpnfunc
:: net2netstatus
( $activeonrun );
3086 & Header
:: closepage
();