#!/usr/bin/perl ############################################################################### # # # IPFire.org - A linux based firewall # # Copyright (C) 2007-2014 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation, either version 3 of the License, or # # (at your option) any later version. # # # # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # # GNU General Public License for more details. # # # # You should have received a copy of the GNU General Public License # # along with this program. If not, see . # # # ############################################################################### use strict; use Net::Telnet; use Sort::Naturally; # enable only the following on debugging purpose #use warnings; #use CGI::Carp 'fatalsToBrowser'; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; require "/opt/pakfire/lib/functions.pl"; my %cgiparams=(); my %pppsettings=(); my %modemsettings=(); my %netsettings=(); my %ddnssettings=(); my %proxysettings=(); my %vpnsettings=(); my %vpnconfig=(); my %ovpnconfig=(); my $warnmessage = ''; my $refresh = ""; my $ipaddr=''; my $showbox=0; my $showipsec=0; my $showovpn=0; if ( ! -e "/var/ipfire/main/gpl_accepted" ) { print "Status: 302 Moved Temporarily\n"; print "Location: gpl.cgi\n\n"; exit (0); } &Header::showhttpheaders(); $cgiparams{'ACTION'} = ''; &Header::getcgihash(\%cgiparams); $pppsettings{'VALID'} = ''; $pppsettings{'PROFILENAME'} = 'None'; &General::readhash("${General::swroot}/ppp/settings", \%pppsettings); &General::readhash("${General::swroot}/modem/settings", \%modemsettings); &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); &General::readhash("${General::swroot}/ddns/settings", \%ddnssettings); &General::readhash("${General::swroot}/proxy/advanced/settings", \%proxysettings); &General::readhash("${General::swroot}/vpn/settings", \%vpnsettings); my %color = (); my %mainsettings = (); &General::readhash("${General::swroot}/main/settings", \%mainsettings); &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); my $connstate = &Header::connectionstatus(); if ( -e "/var/ipfire/main/gpl-accepted" ) { if ($connstate =~ /$Lang::tr{'connecting'}/ || /$Lang::tr{'connection closed'}/ ){ $refresh = ""; }elsif ($connstate =~ /$Lang::tr{'dod waiting'}/ || -e "${General::swroot}/main/refreshindex") { $refresh = ""; } } if ($cgiparams{'ACTION'} eq $Lang::tr{'dial profile'}) { my $profile = $cgiparams{'PROFILE'}; my %tempcgiparams = (); $tempcgiparams{'PROFILE'} = ''; &General::readhash("${General::swroot}/ppp/settings-$cgiparams{'PROFILE'}", \%tempcgiparams); # make a link from the selected profile to the "default" one. unlink("${General::swroot}/ppp/settings"); link("${General::swroot}/ppp/settings-$cgiparams{'PROFILE'}", "${General::swroot}/ppp/settings"); open (TMP, ">${General::swroot}/ppp/updatesettings"); close TMP; # read in the new params "early" so we can write secrets. %cgiparams = (); &General::readhash("${General::swroot}/ppp/settings", \%cgiparams); $cgiparams{'PROFILE'} = $profile; $cgiparams{'BACKUPPROFILE'} = $profile; &General::writehash("${General::swroot}/ppp/settings-$cgiparams{'PROFILE'}", \%cgiparams); # write secrets file. open(FILE, ">/${General::swroot}/ppp/secrets") or die "Unable to write secrets file."; flock(FILE, 2); my $username = $cgiparams{'USERNAME'}; my $password = $cgiparams{'PASSWORD'}; print FILE "'$username' * '$password'\n"; chmod 0600, "${General::swroot}/ppp/secrets"; close FILE; &General::log("$Lang::tr{'profile made current'} $tempcgiparams{'PROFILENAME'}"); $cgiparams{'ACTION'} = "$Lang::tr{'dial'}"; } if ($cgiparams{'ACTION'} eq $Lang::tr{'dial'}) { system('/usr/local/bin/redctrl start > /dev/null') == 0 or &General::log("Dial failed: $?"); sleep 1; }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'hangup'}) { system('/usr/local/bin/redctrl stop > /dev/null') == 0 or &General::log("Hangup failed: $?"); sleep 1; } my $c; my $maxprofiles = 5; my @profilenames = (); for ($c = 1; $c <= $maxprofiles; $c++) { my %temppppsettings = (); $temppppsettings{'PROFILENAME'} = ''; &General::readhash("${General::swroot}/ppp/settings-$c", \%temppppsettings); $profilenames[$c] = $temppppsettings{'PROFILENAME'}; } my %selected; for ($c = 1; $c <= $maxprofiles; $c++) { $selected{'PROFILE'}{$c} = ''; } $selected{'PROFILE'}{$pppsettings{'PROFILE'}} = "selected='selected'"; my $dialButtonDisabled = "disabled='disabled'"; &Header::openpage($Lang::tr{'main page'}, 1, $refresh); &Header::openbigbox('', 'center'); if (open(IPADDR,"${General::swroot}/red/local-ipaddress")) { $ipaddr = ; close IPADDR; chomp ($ipaddr); } &Header::openbox('100%', 'center', ''); if ( ( $pppsettings{'VALID'} eq 'yes' && $modemsettings{'VALID'} eq 'yes' ) || ( $netsettings{'CONFIG_TYPE'} =~ /^(1|2|3|4)$/ && $netsettings{'RED_TYPE'} =~ /^(DHCP|STATIC)$/ )) { if (open(IPADDR,"${General::swroot}/ddns/ipcache")) { $ipaddr = ; close IPADDR; chomp ($ipaddr); } if (open(IPADDR,"${General::swroot}/red/local-ipaddress")) { $ipaddr = ; close IPADDR; chomp ($ipaddr); } } elsif ($modemsettings{'VALID'} eq 'no') { print "$Lang::tr{'modem settings have errors'}\n \n"; } else { print "$Lang::tr{'profile has errors'}\n \n"; } print < END my $HOSTNAME = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0]; if ( "$HOSTNAME" ne "" ) { print < END } if ( -e "${General::swroot}/red/remote-ipaddress" ) { open (TMP, "<${General::swroot}/red/remote-ipaddress"); my $GATEWAY = ; chomp($GATEWAY); close TMP; print < END } my @dns_servers = (); foreach my $f ("${General::swroot}/red/dns1", "${General::swroot}/red/dns2") { open(DNS, "<$f"); my $dns_server = ; close(DNS); chomp($dns_server); if ($dns_server) { push(@dns_servers, $dns_server); } } my $dns_servers_str = join(", ", @dns_servers); print <
$Lang::tr{'network'} $Lang::tr{'ip address'} $Lang::tr{'status'}
$Lang::tr{'internet'}
$ipaddr $connstate
$Lang::tr{'hostname'}:$HOSTNAME$Lang::tr{'gateway'}:$GATEWAY
$Lang::tr{'dns servers'}: $dns_servers_str
END #Dial profiles if ( $netsettings{'RED_TYPE'} ne "STATIC" && $netsettings{'RED_TYPE'} ne "DHCP" ){ if ( ( $pppsettings{'VALID'} eq 'yes' ) || ( $netsettings{'CONFIG_TYPE'} =~ /^(1|2|3|4)$/ && $netsettings{'RED_TYPE'} =~ /^(DHCP|STATIC)$/ ) ) { print <
$Lang::tr{'profile'}:
END } else { print "
$Lang::tr{'profile has errors'}
"; } } print < END if ( $netsettings{'GREEN_DEV'} ) { my $sub=&General::iporsubtocidr($netsettings{'GREEN_NETMASK'}); print < '; print ''; } if ( $netsettings{'BLUE_DEV'} ) { my $sub=&General::iporsubtocidr($netsettings{'BLUE_NETMASK'}); print < '; print ''; } if ( $netsettings{'ORANGE_DEV'} ) { my $sub=&General::iporsubtocidr($netsettings{'ORANGE_NETMASK'}); print < END } #check if IPSEC is running if ( $vpnsettings{'ENABLED'} eq 'on' || $vpnsettings{'ENABLED_BLUE'} eq 'on' ) { my $ipsecip = $vpnsettings{'VPN_IP'}; print< END } #check if OpenVPN is running my %confighash=(); &General::readhash("${General::swroot}/ovpn/settings", \%confighash); if (($confighash{'ENABLED'} eq "on") || ($confighash{'ENABLED_BLUE'} eq "on") || ($confighash{'ENABLED_ORANGE'} eq "on")) { my ($ovpnip,$sub) = split("/",$confighash{'DOVPN_SUBNET'}); $sub=&General::iporsubtocidr($sub); $ovpnip="$ovpnip/$sub"; print < END } print"
$Lang::tr{'network'} $Lang::tr{'ip address'} $Lang::tr{'status'}
$Lang::tr{'lan'} $netsettings{'GREEN_ADDRESS'}/$sub END if ( $proxysettings{'ENABLE'} eq 'on' ) { print $Lang::tr{'advproxy on'}; if ( $proxysettings{'TRANSPARENT'} eq 'on' ) { print " (transparent)"; } } else { print $Lang::tr{'advproxy off'}; } print '
$Lang::tr{'wireless'} $netsettings{'BLUE_ADDRESS'}/$sub END if ( $proxysettings{'ENABLE_BLUE'} eq 'on' ) { print $Lang::tr{'advproxy on'}; if ( $proxysettings{'TRANSPARENT_BLUE'} eq 'on' ) { print " (transparent)"; } } else { print $Lang::tr{'advproxy off'}; } print '
$Lang::tr{'dmz'} $netsettings{'ORANGE_ADDRESS'}/$sub Online
$Lang::tr{'ipsec'} $ipsecip Online
OpenVPN $ovpnip Online
"; &Header::closebox(); #Check if there are any vpns configured (ipsec and openvpn) &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig); foreach my $key (sort { ncmp($vpnconfig{$a}[1],$vpnconfig{$b}[1]) } keys %vpnconfig) { if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host'){ $showipsec=1; $showbox=1; last; } } &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig); foreach my $dkey (sort { ncmp($ovpnconfig{$a}[1],$ovpnconfig{$b}[1])} keys %ovpnconfig) { if (($ovpnconfig{$dkey}[3] eq 'net') && (-e "/var/run/$ovpnconfig{$dkey}[1]n2n.pid")){ $showbox=1; $showovpn=1; last; } } if ($showbox){ # Start of Box wich contains all vpn connections &Header::openbox('100%', 'center', $Lang::tr{'vpn'}); #show ipsec connectiontable if ( $showipsec ) { my $ipsecip = $vpnsettings{'VPN_IP'}; my @status = `/usr/local/bin/ipsecctrl I`; my %confighash = (); my $id = 0; my $gif; my $col=""; my $count=0; print < $Lang::tr{'ipsec network'} $Lang::tr{'ip address'} $Lang::tr{'status'} END foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) { if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') { $count++; my ($vpnip,$vpnsub) = split("/",$vpnconfig{$key}[11]); $vpnsub=&General::iporsubtocidr($vpnsub); $vpnip="$vpnip/$vpnsub"; if ($count % 2){ $col = $color{'color22'}; }else{ $col = $color{'color20'}; } print ""; print "$vpnconfig{$key}[1]"; print "$vpnip"; my $activecolor = $Header::colourred; my $activestatus = $Lang::tr{'capsclosed'}; if ($vpnconfig{$key}[0] eq 'off') { $activecolor = $Header::colourblue; $activestatus = $Lang::tr{'capsclosed'}; } else { foreach my $line (@status) { if (($line =~ /\"$vpnconfig{$key}[1]\".*IPsec SA established/) || ($line =~/$vpnconfig{$key}[1]\{.*INSTALLED/ )){ $activecolor = $Header::colourgreen; $activestatus = $Lang::tr{'capsopen'}; } } } print "$activestatus"; print ""; } } print ""; } # Check if there is any OpenVPN connection configured. if ( $showovpn ){ print < END # Check if the OpenVPN server for Road Warrior Connections is running and display status information. my $active; my $count=0; # Print the OpenVPN N2N connection status. if ( -d "${General::swroot}/ovpn/n2nconf") { my $col=""; foreach my $dkey (sort { ncmp ($ovpnconfig{$a}[1],$ovpnconfig{$b}[1])} keys %ovpnconfig) { if (($ovpnconfig{$dkey}[3] eq 'net') && (-e "/var/run/$ovpnconfig{$dkey}[1]n2n.pid")){ $count++; my $tport = $ovpnconfig{$dkey}[22]; next if ($tport eq ''); my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport); $tnet->open('127.0.0.1'); my @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/'); my @tustate = split(/\,/, $output[1]); my $display; my $display_colour = $Header::colourred; if ( $tustate[1] eq 'CONNECTED' || ($tustate[1] eq 'WAIT')) { $display_colour = $Header::colourgreen; $display = $Lang::tr{'capsopen'}; } else { $display = $tustate[1]; } if ($count %2){ $col = $color{'color22'}; }else{ $col = $color{'color20'}; } $active='off'; #make cidr from ip my ($vpnip,$vpnsub) = split("/",$ovpnconfig{$dkey}[11]); my $vpnsub=&General::iporsubtocidr($vpnsub); my $vpnip="$vpnip/$vpnsub"; print < END } } } if ($active ne 'off'){ print ""; } print"
$Lang::tr{'openvpn network'} $Lang::tr{'ip address'} $Lang::tr{'status'}$ovpnconfig{$dkey}[1] $vpnip $display
$Lang::tr{'ovpn no connections'}
"; } &Header::closebox(); } # Fireinfo if ( ! -e "/var/ipfire/main/send_profile") { $warnmessage .= "
  • $Lang::tr{'fireinfo please enable'}
  • "; } # Memory usage warning my @free = `/usr/bin/free`; $free[1] =~ m/(\d+)/; my $mem = $1; $free[2] =~ m/(\d+)/; my $used = $1; my $pct = int 100 * ($mem - $used) / $mem; if ($used / $mem > 90) { $warnmessage .= "
  • $Lang::tr{'high memory usage'}: $pct% !
  • "; } # Diskspace usage warning my @temp=(); my $temp2=(); my @df = `/bin/df -B M -P -x rootfs`; foreach my $line (@df) { next if $line =~ m/^Filesystem/; if ($line =~ m/root/ ) { $line =~ m/^.* (\d+)M.*$/; @temp = split(/ +/,$line); if ($1<5) { # available:plain value in MB, and not %used as 10% is too much to waste on small disk # and root size should not vary during time $warnmessage .= "
  • $Lang::tr{'filesystem full'}: $temp[0] $Lang::tr{'free'}=$1M !
  • "; } } else { # $line =~ m/^.* (\d+)m.*$/; $line =~ m/^.* (\d+)\%.*$/; if ($1>90) { @temp = split(/ /,$line); $temp2=int(100-$1); $warnmessage .= "
  • $Lang::tr{'filesystem full'}: $temp[0] $Lang::tr{'free'}=$temp2% !
  • "; } } } # S.M.A.R.T. health warning my @files = `/bin/ls /var/run/smartctl_out_hddtemp-* 2>/dev/null`; foreach my $file (@files) { chomp ($file); my $disk=`echo $file | cut -d"-" -f2`; chomp ($disk); if (`/bin/grep "SAVE ALL DATA" $file`) { $warnmessage .= "
  • $Lang::tr{'smartwarn1'} /dev/$disk $Lang::tr{'smartwarn2'} !
  • "; } } # Reiser4 warning my @files = `mount | grep " reiser4 (" 2>/dev/null`; foreach my $disk (@files) { chomp ($disk); $warnmessage .= "
  • $disk - $Lang::tr{'deprecated fs warn'}
  • "; } if ($warnmessage) { &Header::openbox('100%','center', ); print ""; print ""; print ""; print "
    $Lang::tr{'fwhost hint'}
    $warnmessage
    "; &Header::closebox(); } &Pakfire::dblist("upgrade", "notice"); if ( -e "/var/run/need_reboot" ) { print "
    "; print "

    $Lang::tr{'needreboot'}!"; print "
    "; } &Header::closebigbox(); &Header::closepage();