+sub haveOrangeNet
+{
+ if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;}
+ if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
+ return 0;
+}
+
+sub haveBlueNet
+{
+ if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;}
+ if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
+ return 0;
+}
+
+sub sizeformat{
+ my $bytesize = shift;
+ my $i = 0;
+
+ while(abs($bytesize) >= 1024){
+ $bytesize=$bytesize/1024;
+ $i++;
+ last if($i==6);
+ }
+
+ my @units = ("Bytes","KB","MB","GB","TB","PB","EB");
+ my $newsize=(int($bytesize*100 +0.5))/100;
+ return("$newsize $units[$i]");
+}
+
+sub valid_dns_host {
+ my $hostname = $_[0];
+ unless ($hostname) { return "No hostname"};
+ my $res = new Net::DNS::Resolver;
+ my $query = $res->search("$hostname");
+ if ($query) {
+ foreach my $rr ($query->answer) {
+ ## Potential bug - we are only looking at A records:
+ return 0 if $rr->type eq "A";
+ }
+ } else {
+ return $res->errorstring;
+ }
+}
+
+sub cleanssldatabase
+{
+ if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
+ print FILE "01";
+ close FILE;
+ }
+ if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt")) {
+ print FILE "";
+ close FILE;
+ }
+ unlink ("${General::swroot}/ovpn/certs/index.txt.old");
+ unlink ("${General::swroot}/ovpn/certs/serial.old");
+ unlink ("${General::swroot}/ovpn/certs/01.pem");
+}
+
+sub newcleanssldatabase
+{
+ if (! -s "${General::swroot}/ovpn/certs/serial" ) {
+ open(FILE, ">${General::swroot}(ovpn/certs/serial");
+ print FILE "01";
+ close FILE;
+ }
+ if (! -s ">${General::swroot}/ovpn/certs/index.txt") {
+ system ("touch ${General::swroot}/ovpn/certs/index.txt");
+ }
+ unlink ("${General::swroot}/ovpn/certs/index.txt.old");
+ unlink ("${General::swroot}/ovpn/certs/serial.old");
+}
+
+sub deletebackupcert
+{
+ if (open(FILE, "${General::swroot}/ovpn/certs/serial.old")) {
+ my $hexvalue = <FILE>;
+ chomp $hexvalue;
+ close FILE;
+ unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem");
+ }
+}
+
+sub checkportfw {
+ my $KEY2 = $_[0]; # key2
+ my $SRC_PORT = $_[1]; # src_port
+ my $PROTOCOL = $_[2]; # protocol
+ my $SRC_IP = $_[3]; # sourceip
+
+ my $pfwfilename = "${General::swroot}/portfw/config";
+ open(FILE, $pfwfilename) or die 'Unable to open config file.';
+ my @pfwcurrent = <FILE>;
+ close(FILE);
+ my $pfwkey1 = 0; # used for finding last sequence number used
+ foreach my $pfwline (@pfwcurrent)
+ {
+ my @pfwtemp = split(/\,/,$pfwline);
+
+ chomp ($pfwtemp[8]);
+ if ($KEY2 eq "0"){ # if key2 is 0 then it is a portfw addition
+ if ( $SRC_PORT eq $pfwtemp[3] &&
+ $PROTOCOL eq $pfwtemp[2] &&
+ $SRC_IP eq $pfwtemp[7])
+ {
+ $errormessage = "$Lang::tr{'source port in use'} $SRC_PORT";
+ }
+ # Check if key2 = 0, if it is then it is a port forward entry and we want the sequence number
+ if ( $pfwtemp[1] eq "0") {
+ $pfwkey1=$pfwtemp[0];
+ }
+ # Darren Critchley - Duplicate or overlapping Port range check
+ if ($pfwtemp[1] eq "0" &&
+ $PROTOCOL eq $pfwtemp[2] &&
+ $SRC_IP eq $pfwtemp[7] &&
+ $errormessage eq '')
+ {
+ &portchecks($SRC_PORT, $pfwtemp[5]);
+# &portchecks($pfwtemp[3], $pfwtemp[5]);
+# &portchecks($pfwtemp[3], $SRC_IP);
+ }
+ }
+ }
+# $errormessage="$KEY2 $SRC_PORT $PROTOCOL $SRC_IP";
+
+ return;
+}
+
+sub checkportoverlap
+{
+ my $portrange1 = $_[0]; # New port range
+ my $portrange2 = $_[1]; # existing port range
+ my @tempr1 = split(/\:/,$portrange1);
+ my @tempr2 = split(/\:/,$portrange2);
+
+ unless (&checkportinc($tempr1[0], $portrange2)){ return 0;}
+ unless (&checkportinc($tempr1[1], $portrange2)){ return 0;}
+
+ unless (&checkportinc($tempr2[0], $portrange1)){ return 0;}
+ unless (&checkportinc($tempr2[1], $portrange1)){ return 0;}
+
+ return 1; # Everything checks out!
+}
+
+# Darren Critchley - we want to make sure that a port entry is not within an already existing range
+sub checkportinc
+{
+ my $port1 = $_[0]; # Port
+ my $portrange2 = $_[1]; # Port range
+ my @tempr1 = split(/\:/,$portrange2);
+
+ if ($port1 < $tempr1[0] || $port1 > $tempr1[1]) {
+ return 1;
+ } else {
+ return 0;
+ }
+}
+# Darren Critchley - Duplicate or overlapping Port range check
+sub portchecks
+{
+ my $p1 = $_[0]; # New port range
+ my $p2 = $_[1]; # existing port range
+# $_ = $_[0];
+ our ($prtrange1, $prtrange2);
+ $prtrange1 = 0;
+# if (m/:/ && $prtrange1 == 1) { # comparing two port ranges
+# unless (&checkportoverlap($p1,$p2)) {
+# $errormessage = "$Lang::tr{'source port overlaps'} $p1";
+# }
+# }
+ if (m/:/ && $prtrange1 == 0 && $errormessage eq '') { # compare one port to a range
+ unless (&checkportinc($p2,$p1)) {
+ $errormessage = "$Lang::tr{'srcprt within existing'} $p1";
+ }
+ }
+ $prtrange1 = 1;
+ if (! m/:/ && $prtrange1 == 1 && $errormessage eq '') { # compare one port to a range
+ unless (&checkportinc($p1,$p2)) {
+ $errormessage = "$Lang::tr{'srcprt range overlaps'} $p2";
+ }
+ }
+ return;
+}
+
+# Darren Critchley - certain ports are reserved for IPFire
+# TCP 67,68,81,222,445
+# UDP 67,68
+# Params passed in -> port, rangeyn, protocol
+sub disallowreserved
+{
+ # port 67 and 68 same for tcp and udp, don't bother putting in an array
+ my $msg = "";
+ my @tcp_reserved = (81,222,445);
+ my $prt = $_[0]; # the port or range
+ my $ryn = $_[1]; # tells us whether or not it is a port range
+ my $prot = $_[2]; # protocol
+ my $srcdst = $_[3]; # source or destination
+ if ($ryn) { # disect port range
+ if ($srcdst eq "src") {
+ $msg = "$Lang::tr{'rsvd src port overlap'}";
+ } else {
+ $msg = "$Lang::tr{'rsvd dst port overlap'}";
+ }
+ my @tmprng = split(/\:/,$prt);
+ unless (67 < $tmprng[0] || 67 > $tmprng[1]) { $errormessage="$msg 67"; return; }
+ unless (68 < $tmprng[0] || 68 > $tmprng[1]) { $errormessage="$msg 68"; return; }
+ if ($prot eq "tcp") {
+ foreach my $prange (@tcp_reserved) {
+ unless ($prange < $tmprng[0] || $prange > $tmprng[1]) { $errormessage="$msg $prange"; return; }
+ }
+ }
+ } else {
+ if ($srcdst eq "src") {
+ $msg = "$Lang::tr{'reserved src port'}";
+ } else {
+ $msg = "$Lang::tr{'reserved dst port'}";
+ }
+ if ($prt == 67) { $errormessage="$msg 67"; return; }
+ if ($prt == 68) { $errormessage="$msg 68"; return; }
+ if ($prot eq "tcp") {
+ foreach my $prange (@tcp_reserved) {
+ if ($prange == $prt) { $errormessage="$msg $prange"; return; }
+ }
+ }
+ }
+ return;
+}
+
+sub writeserverconf {
+ my %sovpnsettings = ();
+ my @temp = ();
+ &General::readhash("${General::swroot}/ovpn/settings", \%sovpnsettings);
+ &read_routepushfile;
+
+ open(CONF, ">${General::swroot}/ovpn/server.conf") or die "Unable to open ${General::swroot}/ovpn/server.conf: $!";
+ flock CONF, 2;
+ print CONF "#OpenVPN Server conf\n";
+ print CONF "\n";
+ print CONF "daemon openvpnserver\n";
+ print CONF "writepid /var/run/openvpn.pid\n";
+ print CONF "#DAN prepare OpenVPN for listening on blue and orange\n";
+ print CONF ";local $sovpnsettings{'VPN_IP'}\n";
+ print CONF "dev $sovpnsettings{'DDEVICE'}\n";
+ print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
+ print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
+ print CONF "script-security 3 system\n";
+ print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n";
+ print CONF "client-config-dir /var/ipfire/ovpn/ccd\n";
+ print CONF "tls-server\n";
+ print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n";
+ print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n";
+ print CONF "key /var/ipfire/ovpn/certs/serverkey.pem\n";
+ print CONF "dh /var/ipfire/ovpn/ca/dh1024.pem\n";
+ my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'});
+ print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n";
+ #print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
+
+ # Check if we are using mssfix, fragment or mtu-disc and set the corretct mtu of 1500.
+ # If we doesn't use one of them, we can use the configured mtu value.
+ if ($sovpnsettings{'MSSFIX'} eq 'on')
+ { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
+ elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp')
+ { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
+ elsif (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
+ { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
+ else
+ { print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; }
+
+ if ($vpnsettings{'ROUTES_PUSH'} ne '') {
+ @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'});
+ foreach (@temp)
+ {
+ @tempovpnsubnet = split("\/",&General::ipcidr2msk($_));
+ print CONF "push \"route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . "\"\n";
+ }
+ }
+# a.marx ccd
+ my %ccdconfhash=();
+ &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+ foreach my $key (keys %ccdconfhash) {
+ my $a=$ccdconfhash{$key}[1];
+ my ($b,$c) = split (/\//, $a);
+ print CONF "route $b ".&General::cidrtosub($c)."\n";
+ }
+ my %ccdroutehash=();
+ &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+ foreach my $key (keys %ccdroutehash) {
+ foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
+ my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]);
+ print CONF "route $a $b\n";
+ }
+ }
+# ccd end
+
+ if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
+ print CONF "client-to-client\n";
+ }
+ if ($sovpnsettings{MSSFIX} eq 'on') {
+ print CONF "mssfix\n";
+ }
+ if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') {
+ print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
+ }
+
+ # Check if a valid operating mode has been choosen and use it.
+ if (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' )) {
+ print CONF "mtu-disc $sovpnsettings{'PMTU_DISCOVERY'}\n";
+ }
+
+ if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {
+ print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
+ }
+ print CONF "status-version 1\n";
+ print CONF "status /var/log/ovpnserver.log 30\n";
+ print CONF "cipher $sovpnsettings{DCIPHER}\n";
+ if ($sovpnsettings{DCOMPLZO} eq 'on') {
+ print CONF "comp-lzo\n";
+ }
+ if ($sovpnsettings{REDIRECT_GW_DEF1} eq 'on') {
+ print CONF "push \"redirect-gateway def1\"\n";
+ }
+ if ($sovpnsettings{DHCP_DOMAIN} ne '') {
+ print CONF "push \"dhcp-option DOMAIN $sovpnsettings{DHCP_DOMAIN}\"\n";
+ }
+
+ if ($sovpnsettings{DHCP_DNS} ne '') {
+ print CONF "push \"dhcp-option DNS $sovpnsettings{DHCP_DNS}\"\n";
+ }
+
+ if ($sovpnsettings{DHCP_WINS} ne '') {
+ print CONF "push \"dhcp-option WINS $sovpnsettings{DHCP_WINS}\"\n";
+ }
+
+ if ($sovpnsettings{DHCP_WINS} eq '') {
+ print CONF "max-clients 100\n";
+ }
+ if ($sovpnsettings{DHCP_WINS} ne '') {
+ print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n";
+ }
+ print CONF "tls-verify /var/ipfire/ovpn/verify\n";
+ print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n";
+ print CONF "user nobody\n";
+ print CONF "group nobody\n";
+ print CONF "persist-key\n";
+ print CONF "persist-tun\n";
+ if ($sovpnsettings{LOG_VERB} ne '') {
+ print CONF "verb $sovpnsettings{LOG_VERB}\n";
+ } else {
+ print CONF "verb 3\n";
+ }
+ print CONF "\n";
+
+ close(CONF);
+}
+
+sub emptyserverlog{
+ if (open(FILE, ">/var/log/ovpnserver.log")) {
+ flock FILE, 2;
+ print FILE "";
+ close FILE;
+ }
+
+}
+
+sub delccdnet
+{
+ my %ccdconfhash = ();
+ my %ccdhash = ();
+ my $ccdnetname=$_[0];
+ if (-f "${General::swroot}/ovpn/ovpnconfig"){
+ &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
+ foreach my $key (keys %ccdhash) {
+ if ($ccdhash{$key}[32] eq $ccdnetname) {
+ $errormessage=$Lang::tr{'ccd err hostinnet'};
+ return;
+ }
+ }
+ }
+ &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+ foreach my $key (keys %ccdconfhash) {
+ if ($ccdconfhash{$key}[0] eq $ccdnetname){
+ delete $ccdconfhash{$key};
+ }
+ }
+ &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+
+ &writeserverconf;
+ return 0;
+}
+
+sub addccdnet
+{
+ my %ccdconfhash=();
+ my @ccdconf=();
+ my $ccdname=$_[0];
+ my $ccdnet=$_[1];
+ my $subcidr;
+ my @ip2=();
+ my $checkup;
+ my $ccdip;
+ my $baseaddress;
+
+
+ #check name
+ if ($ccdname eq '')
+ {
+ $errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>";
+ return
+ }
+
+ if(!&General::validhostname($ccdname))
+ {
+ $errormessage=$Lang::tr{'ccd err invalidname'};
+ return;
+ }
+
+ ($ccdip,$subcidr) = split (/\//,$ccdnet);
+ $subcidr=&General::iporsubtocidr($subcidr);
+ #check subnet
+ if ($subcidr > 30)
+ {
+ $errormessage=$Lang::tr{'ccd err invalidnet'};
+ return;
+ }
+ #check ip
+ if (!&General::validipandmask($ccdnet)){
+ $errormessage=$Lang::tr{'ccd err invalidnet'};
+ return;
+ }
+
+ $errormessage=&General::checksubnets($ccdname,$ccdnet);
+
+
+ if (!$errormessage) {
+ my %ccdconfhash=();
+ $baseaddress=&General::getnetworkip($ccdip,$subcidr);
+ &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+ my $key = &General::findhasharraykey (\%ccdconfhash);
+ foreach my $i (0 .. 1) { $ccdconfhash{$key}[$i] = "";}
+ $ccdconfhash{$key}[0] = $ccdname;
+ $ccdconfhash{$key}[1] = $baseaddress."/".$subcidr;
+ &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+ &writeserverconf;
+ $cgiparams{'ccdname'}='';
+ $cgiparams{'ccdsubnet'}='';
+ return 1;
+ }
+}
+
+sub modccdnet
+{
+
+ my $newname=$_[0];
+ my $oldname=$_[1];
+ my %ccdconfhash=();
+ my %ccdhash=();
+ &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+ foreach my $key (keys %ccdconfhash) {
+ if ($ccdconfhash{$key}[0] eq $oldname) {
+ foreach my $key1 (keys %ccdconfhash) {
+ if ($ccdconfhash{$key1}[0] eq $newname){
+ $errormessage=$errormessage.$Lang::tr{'ccd err netadrexist'};
+ return;
+ }else{
+ $ccdconfhash{$key}[0]= $newname;
+ &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+ last;
+ }
+ }
+ }
+ }
+
+ &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
+ foreach my $key (keys %ccdhash) {
+ if ($ccdhash{$key}[32] eq $oldname) {
+ $ccdhash{$key}[32]=$newname;
+ &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
+ last;
+ }
+ }
+
+ return 0;
+}
+sub ccdmaxclients
+{
+ my $ccdnetwork=$_[0];
+ my @octets=();
+ my @subnet=();
+ @octets=split("\/",$ccdnetwork);
+ @subnet= split /\./, &General::cidrtosub($octets[1]);
+ my ($a,$b,$c,$d,$e);
+ $a=256-$subnet[0];
+ $b=256-$subnet[1];
+ $c=256-$subnet[2];
+ $d=256-$subnet[3];
+ $e=($a*$b*$c*$d)/4;
+ return $e-1;
+}
+
+sub getccdadresses
+{
+ my $ipin=$_[0];
+ my ($ip1,$ip2,$ip3,$ip4)=split /\./, $ipin;
+ my $cidr=$_[1];
+ chomp($cidr);
+ my $count=$_[2];
+ my $hasip=$_[3];
+ chomp($hasip);
+ my @iprange=();
+ my %ccdhash=();
+ &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
+ $iprange[0]=$ip1.".".$ip2.".".$ip3.".".2;
+ for (my $i=1;$i<=$count;$i++) {
+ my $tmpip=$iprange[$i-1];
+ my $stepper=$i*4;
+ $iprange[$i]= &General::getnextip($tmpip,4);
+ }
+ my $r=0;
+ foreach my $key (keys %ccdhash) {
+ $r=0;
+ foreach my $tmp (@iprange){
+ my ($net,$sub) = split (/\//,$ccdhash{$key}[33]);
+ if ($net eq $tmp) {
+ if ( $hasip ne $ccdhash{$key}[33] ){
+ splice (@iprange,$r,1);
+ }
+ }
+ $r++;
+ }
+ }
+ return @iprange;
+}
+
+sub fillselectbox
+{
+ my $boxname=$_[1];
+ my ($ccdip,$subcidr) = split("/",$_[0]);
+ my $tz=$_[2];
+ my @allccdips=&getccdadresses($ccdip,$subcidr,&ccdmaxclients($ccdip."/".$subcidr),$tz);
+ print"<select name='$boxname' STYLE='font-family : arial; font-size : 9pt; width:130px;' >";
+ foreach (@allccdips) {
+ my $ip=$_."/30";
+ chomp($ip);
+ print "<option value='$ip' ";
+ if ( $ip eq $cgiparams{$boxname} ){
+ print"selected";
+ }
+ print ">$ip</option>";
+ }
+ print "</select>";
+}
+
+sub hostsinnet
+{
+ my $name=$_[0];
+ my %ccdhash=();
+ my $i=0;
+ &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
+ foreach my $key (keys %ccdhash) {
+ if ($ccdhash{$key}[32] eq $name){ $i++;}
+ }
+ return $i;
+}
+
+sub check_routes_push
+{
+ my $val=$_[0];
+ my ($ip,$cidr) = split (/\//, $val);
+ ##check for existing routes in routes_push
+ if (-e "${General::swroot}/ovpn/routes_push") {
+ open(FILE,"${General::swroot}/ovpn/routes_push");
+ while (<FILE>) {
+ $_=~s/\s*$//g;
+
+ my ($ip2,$cidr2) = split (/\//,"$_");
+ my $val2=$ip2."/".&General::iporsubtodec($cidr2);
+
+ if($val eq $val2){
+ return 0;
+ }
+ #subnetcheck
+ if (&General::IpInSubnet ($ip,$ip2,&General::iporsubtodec($cidr2))){
+ return 0;
+ }
+ };
+ close(FILE);
+ }
+ return 1;
+}
+
+sub check_ccdroute
+{
+ my %ccdroutehash=();
+ my $val=$_[0];
+ my ($ip,$cidr) = split (/\//, $val);
+ #check for existing routes in ccdroute
+ &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+ foreach my $key (keys %ccdroutehash) {
+ foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
+ if (&General::iporsubtodec($val) eq $ccdroutehash{$key}[$i] && $ccdroutehash{$key}[0] ne $cgiparams{'NAME'}){
+ return 0;
+ }
+ my ($ip2,$cidr2) = split (/\//,$ccdroutehash{$key}[$i]);
+ #subnetcheck
+ if (&General::IpInSubnet ($ip,$ip2,$cidr2)&& $ccdroutehash{$key}[0] ne $cgiparams{'NAME'} ){
+ return 0;
+ }
+ }
+ }
+ return 1;
+}
+sub check_ccdconf
+{
+ my %ccdconfhash=();
+ my $val=$_[0];
+ my ($ip,$cidr) = split (/\//, $val);
+ #check for existing routes in ccdroute
+ &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+ foreach my $key (keys %ccdconfhash) {
+ if (&General::iporsubtocidr($val) eq $ccdconfhash{$key}[1]){
+ return 0;
+ }
+ my ($ip2,$cidr2) = split (/\//,$ccdconfhash{$key}[1]);
+ #subnetcheck
+ if (&General::IpInSubnet ($ip,$ip2,&General::cidrtosub($cidr2))){
+ return 0;
+ }
+
+ }
+ return 1;
+}
+
+###
+# m.a.d net2net
+###
+
+sub validdotmask
+{
+ my $ipdotmask = $_[0];
+ if (&General::validip($ipdotmask)) { return 0; }
+ if (!($ipdotmask =~ /^(.*?)\/(.*?)$/)) { }
+ my $mask = $2;
+ if (($mask =~ /\./ )) { return 0; }
+ return 1;
+}
+
+# -------------------------------------------------------------------
+
+sub write_routepushfile
+{
+ open(FILE, ">$routes_push_file");
+ flock(FILE, 2);
+ if ($vpnsettings{'ROUTES_PUSH'} ne '') {
+ print FILE $vpnsettings{'ROUTES_PUSH'};
+ }
+ close(FILE);
+}
+
+sub read_routepushfile
+{
+ if (-e "$routes_push_file") {
+ open(FILE,"$routes_push_file");
+ delete $vpnsettings{'ROUTES_PUSH'};
+ while (<FILE>) { $vpnsettings{'ROUTES_PUSH'} .= $_ };
+ close(FILE);
+ $cgiparams{'ROUTES_PUSH'} = $vpnsettings{'ROUTES_PUSH'};
+
+ }
+}
+
+
+#hier die refresh page
+if ( -e "${General::swroot}/ovpn/gencanow") {
+ my $refresh = '';
+ $refresh = "<meta http-equiv='refresh' content='15;' />";
+ &Header::showhttpheaders();
+ &Header::openpage($Lang::tr{'OVPN'}, 1, $refresh);
+ &Header::openbigbox('100%', 'center');
+ &Header::openbox('100%', 'left', "$Lang::tr{'generate root/host certificates'}:");
+ print "<tr>\n<td align='center'><img src='/images/clock.gif' alt='' /></td>\n";
+ print "<td colspan='2'><font color='red'>Please be patient this realy can take some time on older hardware...</font></td></tr>\n";
+ &Header::closebox();
+ &Header::closebigbox();
+ &Header::closepage();
+ exit (0);
+}
+##hier die refresh page
+