### Save main settings
###
-
if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') {
&General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
#DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
goto SETTINGS_ERROR;
}
}
- if ($errormessage) { goto SETTINGS_ERROR; }
-
+
if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) {
$errormessage = $Lang::tr{'ovpn subnet is invalid'};
goto SETTINGS_ERROR;
print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem`;
exit(0);
}
+
+###
+### Download tls-auth key
+###
+}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download tls-auth key'}) {
+ if ( -f "${General::swroot}/ovpn/certs/ta.key" ) {
+ print "Content-Type: application/octet-stream\r\n";
+ print "Content-Disposition: filename=ta.key\r\n\r\n";
+ print `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
+ exit(0);
+ }
+
###
### Form for generating a root certificate
###
exit(0);
}
+###
+### Display tls-auth key
+###
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show tls-auth key'}) {
+
+ if (! -e "${General::swroot}/ovpn/certs/ta.key") {
+ $errormessage = $Lang::tr{'not present'};
+ } else {
+ &Header::showhttpheaders();
+ &Header::openpage($Lang::tr{'ovpn'}, 1, '');
+ &Header::openbigbox('100%', 'LEFT', '', '');
+ &Header::openbox('100%', 'LEFT', "$Lang::tr{'ta key'}:");
+ my $output = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
+ $output = &Header::cleanhtml($output,"y");
+ print "<pre>$output</pre>\n";
+ &Header::closebox();
+ print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
+ &Header::closebigbox();
+ &Header::closepage();
+ exit(0);
+ }
+
###
### Display Certificate Revoke List
###
my $mssfixactive;
my $authactive;
my $n2nfragment;
-my $authactive;
my @n2nmtudisc = split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]);
my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
my @n2nproto = split(/-/, $n2nproto2[1]);
$errormessage = $Lang::tr{'name too long'};
goto VPNCONF_ERROR;
}
- if ($cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
+ if ($cgiparams{'CERT_NAME'} eq '' || $cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
$errormessage = $Lang::tr{'invalid input for name'};
- unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
- rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
goto VPNCONF_ERROR;
}
if ($cgiparams{'CERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'CERT_EMAIL'}))) {
<option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
<option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
<option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
- <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option>
+ <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'}, $Lang::tr{'default'})</option>
<option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
<option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
<option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'})</option>
###
&Header::openbox('100%', 'LEFT', $Lang::tr{'connection status and controlc' });
- print <<END;
-
-
- <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
-<tr>
- <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
- <th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th>
- <th width='22%' class='boldbase' align='center'><b>$Lang::tr{'network'}</b></th>
- <th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
- <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
- <th width='5%' class='boldbase' colspan='6' align='center'><b>$Lang::tr{'action'}</b></th>
-</tr>
-END
;
my $id = 0;
my $gif;
my $col1="";
- foreach my $key (sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) {
+ my $lastnet;
+ foreach my $key (sort { ncmp ($confighash{$a}[32],$confighash{$b}[32]) } sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) {
+ if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]=$Lang::tr{'fwhost OpenVPN N-2-N'};}
+ if ($confighash{$key}[32] eq "dynamic"){$confighash{$key}[32]=$Lang::tr{'ccd dynrange'};}
+ if($id == 0){
+ print"<b>$confighash{$key}[32]</b>";
+ print <<END;
+ <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
+<tr>
+ <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
+ <th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th>
+ <th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
+ <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
+ <th width='5%' class='boldbase' colspan='6' align='center'><b>$Lang::tr{'action'}</b></th>
+</tr>
+END
+ }
+ if ($id > 0 && $lastnet ne $confighash{$key}[32]){
+ print "</table><br>";
+ print"<b>$confighash{$key}[32]</b>";
+ print <<END;
+ <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
+<tr>
+ <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
+ <th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th>
+ <th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
+ <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
+ <th width='5%' class='boldbase' colspan='6' align='center'><b>$Lang::tr{'action'}</b></th>
+</tr>
+END
+ }
if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
if ($id % 2) {
print "<tr>";
my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
$cavalid =~ /Not After : (.*)[\n]/;
$cavalid = $1;
- if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]="net-2-net";}
- if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'host' ){$confighash{$key}[32]="dynamic";}
- print "<td align='center' $col>$confighash{$key}[32]</td>";
print "<td align='center' $col>$confighash{$key}[25]</td>";
$col1="bgcolor='${Header::colourred}'";
my $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>";
END
;
$id++;
+ $lastnet = $confighash{$key}[32];
}
+ print"</table>";
;
# If the config file contains entries, print Key to action icons
;
&Header::closebox();
}
+
+ # CA/key listing
&Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}");
print <<END;
<table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
END
;
my $col1="bgcolor='$color{'color22'}'";
- my $col2="bgcolor='$color{'color20'}'";
+ my $col2="bgcolor='$color{'color20'}'";
+ # DH parameter line
+ my $col3="bgcolor='$color{'color22'}'";
+ # ta.key line
+ my $col4="bgcolor='$color{'color20'}'";
+
if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
$casubject =~ /Subject: (.*)[\n]/;
<tr>
<td class='base' $col1>$Lang::tr{'root certificate'}</td>
<td class='base' $col1>$casubject</td>
- <form method='post' name='frmrootcrta'><td width='3%' align='center' $col1>
+ <form method='post' name='frmrootcrta'><td width='3%' align='center' $col1>
<input type='hidden' name='ACTION' value='$Lang::tr{'show root certificate'}' />
<input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show root certificate'}' title='$Lang::tr{'show root certificate'}' width='20' height='20' border='0' />
- </td></form>
- <form method='post' name='frmrootcrtb'><td width='3%' align='center' $col1>
+ </form>
+ <form method='post' name='frmrootcrtb'><td width='3%' align='center' $col1>
<input type='image' name='$Lang::tr{'download root certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download root certificate'}' title='$Lang::tr{'download root certificate'}' border='0' />
<input type='hidden' name='ACTION' value='$Lang::tr{'download root certificate'}' />
- </td></form>
- <td width='4%' $col1> </td></tr>
+ </form>
+ <td width='4%' $col1> </td>
+ </tr>
END
;
} else {
<tr>
<td class='base' $col1>$Lang::tr{'root certificate'}:</td>
<td class='base' $col1>$Lang::tr{'not present'}</td>
- <td colspan='3' $col1> </td></tr>
+ <td colspan='3' $col1> </td>
+ </tr>
END
;
}
<tr>
<td class='base' $col2>$Lang::tr{'host certificate'}</td>
<td class='base' $col2>$hostsubject</td>
- <form method='post' name='frmhostcrta'><td width='3%' align='center' $col2>
+ <form method='post' name='frmhostcrta'><td width='3%' align='center' $col2>
<input type='hidden' name='ACTION' value='$Lang::tr{'show host certificate'}' />
<input type='image' name='$Lang::tr{'show host certificate'}' src='/images/info.gif' alt='$Lang::tr{'show host certificate'}' title='$Lang::tr{'show host certificate'}' width='20' height='20' border='0' />
- </td></form>
- <form method='post' name='frmhostcrtb'><td width='3%' align='center' $col2>
+ </form>
+ <form method='post' name='frmhostcrtb'><td width='3%' align='center' $col2>
<input type='image' name="$Lang::tr{'download host certificate'}" src='/images/media-floppy.png' alt="$Lang::tr{'download host certificate'}" title="$Lang::tr{'download host certificate'}" border='0' />
<input type='hidden' name='ACTION' value="$Lang::tr{'download host certificate'}" />
- </td></form>
- <td width='4%' $col2> </td></tr>
+ </td></form>
+ <td width='4%' $col2> </td>
+ </tr>
END
;
} else {
<tr>
<td width='25%' class='base' $col2>$Lang::tr{'host certificate'}:</td>
<td class='base' $col2>$Lang::tr{'not present'}</td>
- </td><td colspan='3' $col2> </td></tr>
+ </td><td colspan='3' $col2> </td>
+ </tr>
+END
+ ;
+ }
+
+ # Adding DH parameter to chart
+ if (-f "${General::swroot}/ovpn/ca/dh1024.pem") {
+ my $dhsubject = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
+ $dhsubject =~ / (.*)[\n]/;
+ $dhsubject = $1;
+
+
+ print <<END;
+ <tr>
+ <td class='base' $col3>$Lang::tr{'dh parameter'}</td>
+ <td class='base' $col3>$dhsubject</td>
+ <form method='post' name='frmdhparam'><td width='3%' align='center' $col3>
+ <input type='hidden' name='ACTION' value='$Lang::tr{'show dh'}' />
+ <input type='image' name='$Lang::tr{'show dh'}' src='/images/info.gif' alt='$Lang::tr{'show dh'}' title='$Lang::tr{'show dh'}' width='20' height='20' border='0' />
+ </form>
+ <form method='post' name='frmdhparam'><td width='3%' align='center' $col3>
+ </form>
+ <td width='4%' $col3> </td>
+ </tr>
+END
+ ;
+ } else {
+ # Nothing
+ print <<END;
+ <tr>
+ <td width='25%' class='base' $col3>$Lang::tr{'dh parameter'}:</td>
+ <td class='base' $col3>$Lang::tr{'not present'}</td>
+ </td><td colspan='3' $col3> </td>
+ </tr>
+END
+ ;
+ }
+
+ # Adding ta.key to chart
+ if (-f "${General::swroot}/ovpn/certs/ta.key") {
+ my $tasubject = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
+ $tasubject =~ /# (.*)[\n]/;
+ $tasubject = $1;
+ print <<END;
+
+ <tr>
+ <td class='base' $col4>$Lang::tr{'ta key'}</td>
+ <td class='base' $col4>$tasubject</td>
+ <form method='post' name='frmtakey'><td width='3%' align='center' $col4>
+ <input type='hidden' name='ACTION' value='$Lang::tr{'show tls-auth key'}' />
+ <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show tls-auth key'}' title='$Lang::tr{'show tls-auth key'}' width='20' height='20' border='0' />
+ </form>
+ <form method='post' name='frmtakey'><td width='3%' align='center' $col4>
+ <input type='image' name='$Lang::tr{'download tls-auth key'}' src='/images/media-floppy.png' alt='$Lang::tr{'download tls-auth key'}' title='$Lang::tr{'download tls-auth key'}' border='0' />
+ <input type='hidden' name='ACTION' value='$Lang::tr{'download tls-auth key'}' />
+ </form>
+ <td width='4%' $col4> </td>
+ </tr>
+END
+ ;
+ } else {
+ # Nothing
+ print <<END;
+ <tr>
+ <td width='25%' class='base' $col4>$Lang::tr{'ta key'}:</td>
+ <td class='base' $col4>$Lang::tr{'not present'}</td>
+ <td colspan='3' $col4> </td>
+ </tr>
END
;
}
<hr size='1'>
<form method='post' enctype='multipart/form-data'>
<table width='100%' border='0'cellspacing='1' cellpadding='0'>
+ <tr>
+ <td class'base'><b>$Lang::tr{'upload ca certificate'}</b></td>
+ </tr>
<tr>
<td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td>
<td nowrap='nowrap'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'/></td>
<tr><td colspan=4><hr /></td></tr><tr>
<tr>
- <td class'base'><b>$Lang::tr{'ovpn dh parameters'}:</b></td>
+ <td class'base'><b>$Lang::tr{'ovpn dh parameters'}</b></td>
</tr>
<tr>
<td nowrap='nowrap'><size='15' align='left'/></td>
<td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
</tr>
- <tr>
- <td colspan='4' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'show dh'}' /></td>
- </tr>
</table>
<tr><td colspan=4><hr /></td></tr><tr>