X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Fovpnmain.cgi;h=7b759525fe31bf49837d06e606529a2d16f4edf9;hb=2913185aa487b605e38bdd5b5ac3820d1fa6f654;hp=fb52e680162b3429769e8e441519dcbe55c44874;hpb=f042e1d398bf4bade415773fe5849791f864444c;p=ipfire-2.x.git diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index fb52e68016..7b759525fe 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -926,6 +926,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; print SERVERCONF "# Client Gateway Network\n"; print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n"; + print SERVERCONF "up \"/etc/init.d/static-routes start\"\n"; print SERVERCONF "# tun Device\n"; print SERVERCONF "dev tun\n"; print SERVERCONF "#Logfile for statistics\n"; @@ -1025,6 +1026,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; print CLIENTCONF "# Server Gateway Network\n"; print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n"; + print CLIENTCONF "up \"/etc/init.d/static-routes start\"\n"; print CLIENTCONF "# tun Device\n"; print CLIENTCONF "dev tun\n"; print CLIENTCONF "# Port and Protokol\n"; @@ -1956,22 +1958,22 @@ END print < - + - + - + - + - + - + @@ -2002,7 +2004,7 @@ END + * $Lang::tr{'required field'}
$Lang::tr{'organization name'}:
$Lang::tr{'organization name'}: *  
$Lang::tr{'ipfires hostname'}:
$Lang::tr{'ipfires hostname'}: *  
$Lang::tr{'your e-mail'}: 
$Lang::tr{'your e-mail'}:  
$Lang::tr{'your department'}: 
$Lang::tr{'your department'}:  
$Lang::tr{'city'}: 
$Lang::tr{'city'}:  
$Lang::tr{'state or province'}: 
$Lang::tr{'state or province'}:  
$Lang::tr{'country'}:   
- * $Lang::tr{'this field may be blank'}

@@ -2018,17 +2020,17 @@ END
- + - + + * $Lang::tr{'required field'}
$Lang::tr{'upload p12 file'}:
$Lang::tr{'upload p12 file'}: *  
$Lang::tr{'pkcs12 file password'}: *
$Lang::tr{'pkcs12 file password'}:  
   
-  $Lang::tr{'this field may be blank'}
END @@ -2265,9 +2267,41 @@ else print CLIENTCONF "remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n"; } + my $file_crt = new File::Temp( UNLINK => 1 ); + my $file_key = new File::Temp( UNLINK => 1 ); + my $include_certs = 0; + if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") { - print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n"; - $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n"; + if ($cgiparams{'MODE'} eq 'insecure') { + $include_certs = 1; + + # Add the CA + print CLIENTCONF ";ca cacert.pem\r\n"; + $zip->addFile("${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n"; + + # Extract the certificate + system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", + '-clcerts', '-nokeys', '-nodes', '-out', "$file_crt" , '-passin', 'pass:'); + if ($?) { + die "openssl error: $?"; + } + + $zip->addFile("$file_crt", "$confighash{$cgiparams{'KEY'}}[1].pem") or die; + print CLIENTCONF ";cert $confighash{$cgiparams{'KEY'}}[1].pem\r\n"; + + # Extract the key + system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", + '-nocerts', '-nodes', '-out', "$file_key", '-passin', 'pass:'); + if ($?) { + die "openssl error: $?"; + } + + $zip->addFile("$file_key", "$confighash{$cgiparams{'KEY'}}[1].key") or die; + print CLIENTCONF ";key $confighash{$cgiparams{'KEY'}}[1].key\r\n"; + } else { + print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n"; + $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n"; + } } else { print CLIENTCONF "ca cacert.pem\r\n"; print CLIENTCONF "cert $confighash{$cgiparams{'KEY'}}[1]cert.pem\r\n"; @@ -2282,6 +2316,9 @@ else print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n"; } if ($vpnsettings{'TLSAUTH'} eq 'on') { + if ($cgiparams{'MODE'} eq 'insecure') { + print CLIENTCONF ";"; + } print CLIENTCONF "tls-auth ta.key\r\n"; $zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key") or die "Can't add file ta.key\n"; } @@ -2306,6 +2343,53 @@ else print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\r\n"; } } + + if ($include_certs) { + print CLIENTCONF "\r\n"; + + # CA + open(FILE, "<${General::swroot}/ovpn/ca/cacert.pem"); + print CLIENTCONF "\r\n"; + while () { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "\r\n\r\n"; + close(FILE); + + # Cert + open(FILE, "<$file_crt"); + print CLIENTCONF "\r\n"; + while () { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "\r\n\r\n"; + close(FILE); + + # Key + open(FILE, "<$file_key"); + print CLIENTCONF "\r\n"; + while () { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "\r\n\r\n"; + close(FILE); + + # TLS auth + if ($vpnsettings{'TLSAUTH'} eq 'on') { + open(FILE, "<${General::swroot}/ovpn/certs/ta.key"); + print CLIENTCONF "\r\n"; + while () { + chomp($_); + print CLIENTCONF "$_\r\n"; + } + print CLIENTCONF "\r\n\r\n"; + close(FILE); + } + } + # Print client.conf.local if entries exist to client.ovpn if (!-z $local_clientconf && $vpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') { open (LCC, "$local_clientconf"); @@ -3101,11 +3185,10 @@ if ( -s "${General::swroot}/ovpn/settings") { $Lang::tr{'net to net vpn'} (Upload Client Package)   -  Import Connection Name +  Import Connection Name  $Lang::tr{'openvpn default'}: Client Packagename
- * $Lang::tr{'this field may be blank'} END ; @@ -4252,6 +4335,10 @@ if ($cgiparams{'TYPE'} eq 'net') { $confighash{$key}[39] = $cgiparams{'DAUTH'}; $confighash{$key}[40] = $cgiparams{'DCIPHER'}; + if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) { + $confighash{$key}[41] = "no-pass"; + } + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); if ($cgiparams{'CHECK1'} ){ @@ -4487,7 +4574,7 @@ if ($cgiparams{'TYPE'} eq 'net') { &Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:"); print "\n"; - print ""; + print ""; if ($cgiparams{'TYPE'} eq 'host') { if ($cgiparams{'KEY'}) { @@ -4526,14 +4613,14 @@ if ($cgiparams{'TYPE'} eq 'net') { - + - + - + @@ -4543,10 +4630,10 @@ if ($cgiparams{'TYPE'} eq 'net') { - + - + @@ -4556,22 +4643,22 @@ if ($cgiparams{'TYPE'} eq 'net') { - + - + - + - @@ -4622,7 +4709,7 @@ END ; } #jumper - print ""; + print ""; print "
$Lang::tr{'name'}:
$Lang::tr{'name'}: *
$Lang::tr{'local subnet'}
$Lang::tr{'local subnet'} * $Lang::tr{'remote subnet'}$Lang::tr{'remote subnet'} *
$Lang::tr{'ovpn subnet'}
$Lang::tr{'ovpn subnet'} * $Lang::tr{'protocol'}
$Lang::tr{'destination port'}:$Lang::tr{'destination port'}: * Management Port ($Lang::tr{'openvpn default'}: $Lang::tr{'destination port'}):  Management Port ($Lang::tr{'openvpn default'}: $Lang::tr{'destination port'}):
$Lang::tr{'MTU settings'}
$Lang::tr{'MTU'} 
$Lang::tr{'MTU'} $Lang::tr{'openvpn default'}: udp/tcp 1500/1400
fragment  
fragment: $Lang::tr{'openvpn default'}: 1300
mssfix  
mssfix: $Lang::tr{'openvpn default'}: on
$Lang::tr{'comp-lzo'}   +
$Lang::tr{'comp-lzo'}
$Lang::tr{'remark title'} 
$Lang::tr{'remark title'}
"; if ($cgiparams{'TYPE'} eq 'host') { @@ -4689,12 +4776,12 @@ if ($cgiparams{'TYPE'} eq 'host') {
  $Lang::tr{'generate a certificate'}  -  $Lang::tr{'users fullname or system hostname'}: -  $Lang::tr{'users email'}:  -  $Lang::tr{'users department'}:  -  $Lang::tr{'organization name'}:  -  $Lang::tr{'city'}:  -  $Lang::tr{'state or province'}:  +  $Lang::tr{'users fullname or system hostname'}: * +  $Lang::tr{'users email'}: +  $Lang::tr{'users department'}: +  $Lang::tr{'organization name'}: +  $Lang::tr{'city'}: +  $Lang::tr{'state or province'}:  $Lang::tr{'country'}:$Lang::tr{'generate a certificate'}  -  $Lang::tr{'users fullname or system hostname'}: -  $Lang::tr{'users email'}:  -  $Lang::tr{'users department'}:  -  $Lang::tr{'organization name'}:  -  $Lang::tr{'city'}:  -  $Lang::tr{'state or province'}:  +  $Lang::tr{'users fullname or system hostname'}: * +  $Lang::tr{'users email'}: +  $Lang::tr{'users department'}: +  $Lang::tr{'organization name'}: +  $Lang::tr{'city'}: +  $Lang::tr{'state or province'}:  $Lang::tr{'country'}:  
- * $Lang::tr{'this field may be blank'} + * $Lang::tr{'required field'} END }else{ @@ -4761,7 +4848,7 @@ END        
- * $Lang::tr{'this field may be blank'} + * $Lang::tr{'required field'} END @@ -5128,7 +5215,7 @@ END $Lang::tr{'type'} $Lang::tr{'remark'} $Lang::tr{'status'} - $Lang::tr{'action'} + $Lang::tr{'action'} END } @@ -5142,7 +5229,7 @@ END $Lang::tr{'type'} $Lang::tr{'remark'} $Lang::tr{'status'} - $Lang::tr{'action'} + $Lang::tr{'action'} END } @@ -5241,6 +5328,21 @@ END END ; + + if ($confighash{$key}[41] eq "no-pass") { + print < + + + + + +END + } else { + print " "; + } + if ($confighash{$key}[4] eq 'cert') { print <