X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Fovpnmain.cgi;h=927616a55d2217f9b30c30a5c5e6cc8f7db6f2d8;hb=e3c3a6ba5bae10987336ce8170f1d0359c6e8efb;hp=df5f9ece2a3a0732c8d21fe07ec471310028e6cc;hpb=dbe2a1cc36f78e1cf48150dc4e1756be1d04abce;p=people%2Fpmueller%2Fipfire-2.x.git diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index df5f9ece2a..927616a55d 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -19,6 +19,7 @@ # # ############################################################################### ### +# Based on IPFireCore 77 ### use CGI; use CGI qw/:standard/; @@ -92,7 +93,6 @@ $cgiparams{'PMTU_DISCOVERY'} = ''; $cgiparams{'DCIPHER'} = ''; $cgiparams{'DAUTH'} = ''; $cgiparams{'TLSAUTH'} = ''; -$cgiparams{'ENGINES'} = ''; $routes_push_file = "${General::swroot}/ovpn/routes_push"; unless (-e $routes_push_file) { system("touch $routes_push_file"); } unless (-e "${General::swroot}/ovpn/ccd.conf") { system("touch ${General::swroot}/ovpn/ccd.conf"); } @@ -172,105 +172,6 @@ sub deletebackupcert unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem"); } } -sub checkportfw { - my $DPORT = shift; - my $DPROT = shift; - my %natconfig =(); - my $confignat = "${General::swroot}/firewall/config"; - $DPROT= uc ($DPROT); - &General::readhasharray($confignat, \%natconfig); - foreach my $key (sort keys %natconfig){ - my @portarray = split (/\|/,$natconfig{$key}[30]); - foreach my $value (@portarray){ - if ($value =~ /:/i){ - my ($a,$b) = split (":",$value); - if ($DPROT eq $natconfig{$key}[12] && $DPORT gt $a && $DPORT lt $b){ - $errormessage= "$Lang::tr{'source port in use'} $DPORT"; - } - }else{ - if ($DPROT eq $natconfig{$key}[12] && $DPORT eq $value){ - $errormessage= "$Lang::tr{'source port in use'} $DPORT"; - } - } - } - } - return; -} - -sub checkportoverlap -{ - my $portrange1 = $_[0]; # New port range - my $portrange2 = $_[1]; # existing port range - my @tempr1 = split(/\:/,$portrange1); - my @tempr2 = split(/\:/,$portrange2); - - unless (&checkportinc($tempr1[0], $portrange2)){ return 0;} - unless (&checkportinc($tempr1[1], $portrange2)){ return 0;} - - unless (&checkportinc($tempr2[0], $portrange1)){ return 0;} - unless (&checkportinc($tempr2[1], $portrange1)){ return 0;} - - return 1; # Everything checks out! -} - -# Darren Critchley - we want to make sure that a port entry is not within an already existing range -sub checkportinc -{ - my $port1 = $_[0]; # Port - my $portrange2 = $_[1]; # Port range - my @tempr1 = split(/\:/,$portrange2); - - if ($port1 < $tempr1[0] || $port1 > $tempr1[1]) { - return 1; - } else { - return 0; - } -} - -# Darren Critchley - certain ports are reserved for IPFire -# TCP 67,68,81,222,444 -# UDP 67,68 -# Params passed in -> port, rangeyn, protocol -sub disallowreserved -{ - # port 67 and 68 same for tcp and udp, don't bother putting in an array - my $msg = ""; - my @tcp_reserved = (81,222,444); - my $prt = $_[0]; # the port or range - my $ryn = $_[1]; # tells us whether or not it is a port range - my $prot = $_[2]; # protocol - my $srcdst = $_[3]; # source or destination - if ($ryn) { # disect port range - if ($srcdst eq "src") { - $msg = "$Lang::tr{'rsvd src port overlap'}"; - } else { - $msg = "$Lang::tr{'rsvd dst port overlap'}"; - } - my @tmprng = split(/\:/,$prt); - unless (67 < $tmprng[0] || 67 > $tmprng[1]) { $errormessage="$msg 67"; return; } - unless (68 < $tmprng[0] || 68 > $tmprng[1]) { $errormessage="$msg 68"; return; } - if ($prot eq "tcp") { - foreach my $prange (@tcp_reserved) { - unless ($prange < $tmprng[0] || $prange > $tmprng[1]) { $errormessage="$msg $prange"; return; } - } - } - } else { - if ($srcdst eq "src") { - $msg = "$Lang::tr{'reserved src port'}"; - } else { - $msg = "$Lang::tr{'reserved dst port'}"; - } - if ($prt == 67) { $errormessage="$msg 67"; return; } - if ($prt == 68) { $errormessage="$msg 68"; return; } - if ($prot eq "tcp") { - foreach my $prange (@tcp_reserved) { - if ($prange == $prt) { $errormessage="$msg $prange"; return; } - } - } - } - return; -} - sub writeserverconf { my %sovpnsettings = (); @@ -369,12 +270,7 @@ sub writeserverconf { print CONF "auth $sovpnsettings{'DAUTH'}\n"; } if ($sovpnsettings{'TLSAUTH'} eq 'on') { - print CONF "tls-auth ${General::swroot}/ovpn/ca/ta.key 0\n"; - } - if ($sovpnsettings{ENGINES} eq 'disabled') { - print CONF ""; - } else { - print CONF "engine $sovpnsettings{ENGINES}\n"; + print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n"; } if ($sovpnsettings{DCOMPLZO} eq 'on') { print CONF "comp-lzo\n"; @@ -572,7 +468,7 @@ sub getccdadresses my @iprange=(); my %ccdhash=(); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); - $iprange[0]=$ip1.".".$ip2.".".$ip3.".".2; + $iprange[0]=$ip1.".".$ip2.".".$ip3.".".($ip4+2); for (my $i=1;$i<=$count;$i++) { my $tmpip=$iprange[$i-1]; my $stepper=$i*4; @@ -796,7 +692,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { $vpnsettings{'PMTU_DISCOVERY'} = $cgiparams{'PMTU_DISCOVERY'}; $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'}; $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'}; - $vpnsettings{'ENGINES'} = $cgiparams{'ENGINES'}; my @temp=(); if ($cgiparams{'FRAGMENT'} eq '') { @@ -816,13 +711,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'}; } - # Create ta.key for tls-auth if not presant - if ($cgiparams{'TLSAUTH'} eq 'on') { - if ( ! -e "${General::swroot}/ovpn/ca/ta.key") { - system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/ca/ta.key") - } - } - if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') || ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') || ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) { @@ -921,6 +809,16 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { $errormessage = $Lang::tr{'invalid input for keepalive 1:2'}; goto ADV_ERROR; } + # Create ta.key for tls-auth if not presant + if ($cgiparams{'TLSAUTH'} eq 'on') { + if ( ! -e "${General::swroot}/ovpn/certs/ta.key") { + system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key"); + if ($?) { + $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; + goto ADV_ERROR; + } + } + } &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings); &writeserverconf();#hier ok @@ -1008,12 +906,6 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "# HMAC algorithm\n"; print SERVERCONF "auth $cgiparams{'DAUTH'}\n"; } - if ($cgiparams{'ENGINES'} eq 'disabled') { - print SERVERCONF ""; - } else { - print SERVERCONF "# Crypto engine\n"; - print SERVERCONF "engine $cgiparams{'ENGINES'}\n"; - } if ($cgiparams{'COMPLZO'} eq 'on') { print SERVERCONF "# Enable Compression\n"; print SERVERCONF "comp-lzo\r\n"; @@ -1109,12 +1001,6 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "# HMAC algorithm\n"; print CLIENTCONF "auth $cgiparams{'DAUTH'}\n"; } - if ($cgiparams{'ENGINES'} eq 'disabled') { - print CLIENTCONF ""; - } else { - print CLIENTCONF "# Crypto engine\n"; - print CLIENTCONF "engine $cgiparams{'ENGINES'}\n"; - } if ($cgiparams{'COMPLZO'} eq 'on') { print CLIENTCONF "# Enable Compression\n"; print CLIENTCONF "comp-lzo\r\n"; @@ -1137,7 +1023,6 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General ### Save main settings ### - if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') { &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too, @@ -1148,13 +1033,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg goto SETTINGS_ERROR; } } - if ($errormessage) { goto SETTINGS_ERROR; } - if ($cgiparams{'ENABLED'} eq 'on'){ - &checkportfw($cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'}); - } - if ($errormessage) { goto SETTINGS_ERROR; } - if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) { $errormessage = $Lang::tr{'ovpn subnet is invalid'}; goto SETTINGS_ERROR; @@ -1299,7 +1178,6 @@ SETTINGS_ERROR: - $Lang::tr{'capswarning'}: $Lang::tr{'capswarning'}: $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'} @@ -1343,7 +1221,7 @@ END print < - + $Lang::tr{'ovpn dh'}: @@ -1640,6 +1518,18 @@ END print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem`; exit(0); } + +### +### Download tls-auth key +### +}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download tls-auth key'}) { + if ( -f "${General::swroot}/ovpn/certs/ta.key" ) { + print "Content-Type: application/octet-stream\r\n"; + print "Content-Disposition: filename=ta.key\r\n\r\n"; + print `/bin/cat ${General::swroot}/ovpn/certs/ta.key`; + exit(0); + } + ### ### Form for generating a root certificate ### @@ -1963,7 +1853,14 @@ END goto ROOTCERT_ERROR; # } else { # &cleanssldatabase(); - } + } + # Create ta.key for tls-auth + system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key"); + if ($?) { + $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; + &cleanssldatabase(); + goto ROOTCERT_ERROR; + } goto ROOTCERT_SUCCESS; } ROOTCERT_ERROR: @@ -2305,8 +2202,8 @@ else print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n"; } if ($vpnsettings{'TLSAUTH'} eq 'on') { - print CLIENTCONF "tls-auth ta.key 1\r\n"; - $zip->addFile( "${General::swroot}/ovpn/ca/ta.key", "ta.key") or die "Can't add file ta.key\n"; + print CLIENTCONF "tls-auth ta.key\r\n"; + $zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key") or die "Can't add file ta.key\n"; } if ($vpnsettings{DCOMPLZO} eq 'on') { print CLIENTCONF "comp-lzo\r\n"; @@ -2472,6 +2369,28 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { exit(0); } +### +### Display tls-auth key +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show tls-auth key'}) { + + if (! -e "${General::swroot}/ovpn/certs/ta.key") { + $errormessage = $Lang::tr{'not present'}; + } else { + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + &Header::openbox('100%', 'LEFT', "$Lang::tr{'ta key'}:"); + my $output = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`; + $output = &Header::cleanhtml($output,"y"); + print "
$output
\n"; + &Header::closebox(); + print "
$Lang::tr{'back'}
"; + &Header::closebigbox(); + &Header::closepage(); + exit(0); + } + ### ### Display Certificate Revoke List ### @@ -2530,14 +2449,8 @@ ADV_ERROR: if ($cgiparams{'DAUTH'} eq '') { $cgiparams{'DAUTH'} = 'SHA1'; } - if ($cgiparams{'DAUTH'} eq '') { - $cgiparams{'DAUTH'} = 'SHA1'; - } - if ($cgiparams{'ENGINES'} eq '') { - $cgiparams{'ENGINES'} = 'disabled'; - } if ($cgiparams{'TLSAUTH'} eq '') { - $cgiparams{'TLSAUTH'} = 'off'; + $cgiparams{'TLSAUTH'} = 'off'; } $checked{'CLIENT2CLIENT'}{'off'} = ''; $checked{'CLIENT2CLIENT'}{'on'} = ''; @@ -2571,13 +2484,7 @@ ADV_ERROR: $checked{'TLSAUTH'}{'off'} = ''; $checked{'TLSAUTH'}{'on'} = ''; $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED'; - $selected{'ENGINES'}{'cryptodev'} = ''; - $selected{'ENGINES'}{'dynamic'} = ''; - $selected{'ENGINES'}{'aesni'} = ''; - $selected{'ENGINES'}{'padlock'} = ''; - $selected{'ENGINES'}{'disabled'} = ''; - $selected{'ENGINES'}{$cgiparams{'ENGINES'}} = 'SELECTED'; - + &Header::showhttpheaders(); &Header::openpage($Lang::tr{'status ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', $errormessage); @@ -2717,20 +2624,8 @@ print <SHA1 (160 $Lang::tr{'bit'}) - Default: SHA1 (160 $Lang::tr{'bit'}) + $Lang::tr{'openvpn default'}: SHA1 (160 $Lang::tr{'bit'}) - - $Lang::tr{'ovpn engines'} - - - Default: $Lang::tr{'disabled'} - @@ -2824,7 +2719,7 @@ if ($cgiparams{'ACTION'} eq "edit"){
- + @@ -2884,7 +2779,7 @@ END print" + END ; } @@ -3123,7 +3018,7 @@ if ( -s "${General::swroot}/ovpn/settings") { - + @@ -3282,7 +3177,6 @@ my $complzoactive; my $mssfixactive; my $authactive; my $n2nfragment; -my $authactive; my @n2nmtudisc = split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]); my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]); my @n2nproto = split(/-/, $n2nproto2[1]); @@ -3301,8 +3195,7 @@ my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]); my @n2nmgmt = split(/ /, (grep { /^management/ } @firen2nconf)[0]); my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]); my @n2ncipher = split(/ /, (grep { /^cipher/ } @firen2nconf)[0]); -my @n2nauth = split(/ /, (grep { /^auth/ } @firen2nconf)[0]); -my @n2nengine = split(/ /, (grep { /^engine/ } @firen2nconf)[0]);; +my @n2nauth = split(/ /, (grep { /^auth/ } @firen2nconf)[0]);; ### # m.a.d delete CR and LF from arrays for this chomp doesnt work @@ -3323,7 +3216,6 @@ $n2nmgmt[2] =~ s/\n|\r//g; $n2nmtudisc[1] =~ s/\n|\r//g; $n2ncipher[1] =~ s/\n|\r//g; $n2nauth[1] =~ s/\n|\r//g; -$n2nengine[1] =~ s/\n|\r//g; chomp ($complzoactive); chomp ($mssfixactive); @@ -3542,7 +3434,6 @@ if ($confighash{$cgiparams{'KEY'}}) { $cgiparams{'DAUTH'} = $confighash{$cgiparams{'KEY'}}[39]; $cgiparams{'DCIPHER'} = $confighash{$cgiparams{'KEY'}}[40]; $cgiparams{'TLSAUTH'} = $confighash{$cgiparams{'KEY'}}[41]; - $cgiparams{'ENGINES'} = $confighash{$cgiparams{'KEY'}}[42]; } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); @@ -4268,7 +4159,6 @@ if ($cgiparams{'TYPE'} eq 'net') { $confighash{$key}[38] = $cgiparams{'PMTU_DISCOVERY'}; $confighash{$key}[39] = $cgiparams{'DAUTH'}; $confighash{$key}[40] = $cgiparams{'DCIPHER'}; - $confighash{$key}[42] = $cgiparams{'ENGINES'}; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); @@ -4380,7 +4270,6 @@ if ($cgiparams{'TYPE'} eq 'net') { $cgiparams{'FRAGMENT'} = '1300'; $cgiparams{'PMTU_DISCOVERY'} = 'off'; $cgiparams{'DAUTH'} = 'SHA1'; - $cgiparams{'ENGINES'} = 'disabled'; ### # m.a.d n2n end ### @@ -4457,10 +4346,7 @@ if ($cgiparams{'TYPE'} eq 'net') { $selected{'DCIPHER'}{'DES-EDE-CBC'} = ''; $selected{'DCIPHER'}{'CAST5-CBC'} = ''; $selected{'DCIPHER'}{'BF-CBC'} = ''; - $selected{'DCIPHER'}{'RC2-CBC'} = ''; $selected{'DCIPHER'}{'DES-CBC'} = ''; - $selected{'DCIPHER'}{'RC2-64-CBC'} = ''; - $selected{'DCIPHER'}{'RC2-40-CBC'} = ''; # If no cipher has been chossen yet, select # the old default (AES-256-CBC) for compatiblity reasons. if ($cgiparams{'DCIPHER'} eq '') { @@ -4479,18 +4365,6 @@ if ($cgiparams{'TYPE'} eq 'net') { } $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED'; - $selected{'ENGINES'}{'disabled'} = ''; - $selected{'ENGINES'}{'cryptodev'} = ''; - $selected{'ENGINES'}{'dynamic'} = ''; - $selected{'ENGINES'}{'aesni'} = ''; - $selected{'ENGINES'}{'padlock'} = ''; - # If no engine has been choosen yet, select - # a default one (disabled). - if ($cgiparams{'ENGINES'} eq '') { - $cgiparams{'ENGINES'} = 'disabled'; - } - $selected{'ENGINES'}{$cgiparams{'ENGINES'}} = 'SELECTED'; - if (1) { &Header::showhttpheaders(); &Header::openpage($Lang::tr{'ovpn'}, 1, ''); @@ -4547,100 +4421,66 @@ if ($cgiparams{'TYPE'} eq 'net') { } print <  - - - - - - - - - - - - - + + + - - + + + - - - + + - - - + + + - - - - - - + + - - + + + + + + + - + + + - - - + + + + + - - - - + + + + - - - - + + + + - - - - + + + + - - + + + + + + + + + + + + + + + + END ; } @@ -4779,7 +4654,7 @@ if ($cgiparams{'TYPE'} eq 'host') { - + @@ -4977,9 +4852,6 @@ END if ($cgiparams{'DAUTH'} eq '') { $cgiparams{'DAUTH'} = 'SHA1'; } - if ($cgiparams{'ENGINES'} eq '') { - $cgiparams{'ENGINES'} = 'disabled'; - } if ($cgiparams{'DOVPN_SUBNET'} eq '') { $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0'; } @@ -5012,10 +4884,7 @@ END $selected{'DCIPHER'}{'DES-EDE-CBC'} = ''; $selected{'DCIPHER'}{'CAST5-CBC'} = ''; $selected{'DCIPHER'}{'BF-CBC'} = ''; - $selected{'DCIPHER'}{'RC2-CBC'} = ''; $selected{'DCIPHER'}{'DES-CBC'} = ''; - $selected{'DCIPHER'}{'RC2-64-CBC'} = ''; - $selected{'DCIPHER'}{'RC2-40-CBC'} = ''; $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED'; $selected{'DAUTH'}{'whirlpool'} = ''; @@ -5025,13 +4894,6 @@ END $selected{'DAUTH'}{'SHA1'} = ''; $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED'; - $selected{'ENGINES'}{'cryptodev'} = ''; - $selected{'ENGINES'}{'dynamic'} = ''; - $selected{'ENGINES'}{'aesni'} = ''; - $selected{'ENGINES'}{'padlock'} = ''; - $selected{'ENGINES'}{'disabled'} = ''; - $selected{'ENGINES'}{$cgiparams{'ENGINES'}} = 'SELECTED'; - $checked{'DCOMPLZO'}{'off'} = ''; $checked{'DCOMPLZO'}{'on'} = ''; $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED'; @@ -5106,11 +4968,12 @@ END - + + @@ -5165,24 +5024,41 @@ END ### &Header::openbox('100%', 'LEFT', $Lang::tr{'connection status and controlc' }); - print < - - - - - - - - -END ; my $id = 0; my $gif; my $col1=""; - foreach my $key (sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) { + my $lastnet; + foreach my $key (sort { ncmp ($confighash{$a}[32],$confighash{$b}[32]) } sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) { + if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]=$Lang::tr{'fwhost OpenVPN N-2-N'};} + if ($confighash{$key}[32] eq "dynamic"){$confighash{$key}[32]=$Lang::tr{'ccd dynrange'};} + if($id == 0){ + print"$confighash{$key}[32]"; + print < + + + + + + + +END + } + if ($id > 0 && $lastnet ne $confighash{$key}[32]){ + print "
$Lang::tr{'ccd name'}:$Lang::tr{'ccd subnet'}:
$Lang::tr{'ccd subnet'}:
$ccdconf[0]$ccdconf[1]$ccdhosts/".(&ccdmaxclients($ccdconf[1])+1).""; print < - + @@ -2893,7 +2788,7 @@ END -
$Lang::tr{'net to net vpn'} (Upload Client Package)
 
 Import Connection Name
 Default : Client Packagename
 $Lang::tr{'openvpn default'}: Client Packagename
* $Lang::tr{'this field may be blank'}
 
$Lang::tr{'Act as'}$Lang::tr{'remote host/ip'}:
$Lang::tr{'local subnet'}$Lang::tr{'remote subnet'}
 
$Lang::tr{'Act as'} +
$Lang::tr{'ovpn subnet'}
$Lang::tr{'remote host/ip'}:
$Lang::tr{'protocol'}
$Lang::tr{'local subnet'}$Lang::tr{'destination port'}:
$Lang::tr{'remote subnet'}
$Lang::tr{'cipher'} - $Lang::tr{'ovpn ha'}: -
$Lang::tr{'ovpn subnet'}
$Lang::tr{'ovpn engines'}   - -
$Lang::tr{'protocol'}
$Lang::tr{'destination port'}:
Management Port ($Lang::tr{'openvpn default'}: $Lang::tr{'destination port'}):  
Management Port ($Lang::tr{'openvpn default'}: $Lang::tr{'destination port'}):  
$Lang::tr{'MTU settings'}
$Lang::tr{'MTU'}  $Lang::tr{'openvpn default'}: udp/tcp 1500/1400
$Lang::tr{'MTU'} $Lang::tr{'openvpn default'}: udp/tcp 1500/1400
fragment  $Lang::tr{'openvpn default'}: 1300
fragment  $Lang::tr{'openvpn default'}: 1300
mssfix  $Lang::tr{'openvpn default'}: on
mssfix  $Lang::tr{'openvpn default'}: on
$Lang::tr{'comp-lzo'}   -
$Lang::tr{'comp-lzo'}   +
$Lang::tr{'ovpn mtu-disc'} @@ -4650,6 +4490,41 @@ if ($cgiparams{'TYPE'} eq 'net') { $Lang::tr{'ovpn mtu-disc off'}
$Lang::tr{'ovpn crypt options'}:
$Lang::tr{'cipher'} + $Lang::tr{'ovpn ha'}: +
  $Lang::tr{'pkcs12 file password'}:
 $Lang::tr{'pkcs12 file password'}:
($Lang::tr{'confirmation'})
 $Lang::tr{'pkcs12 file password'}:
($Lang::tr{'confirmation'})
 
$Lang::tr{'destination port'}:
$Lang::tr{'MTU'}  $Lang::tr{'cipher'}
$Lang::tr{'comp-lzo'}
$Lang::tr{'name'}$Lang::tr{'type'}$Lang::tr{'network'}$Lang::tr{'remark'}$Lang::tr{'status'}$Lang::tr{'action'}
$Lang::tr{'name'}$Lang::tr{'type'}$Lang::tr{'remark'}$Lang::tr{'status'}$Lang::tr{'action'}

"; + print"$confighash{$key}[32]"; + print < + + $Lang::tr{'name'} + $Lang::tr{'type'} + $Lang::tr{'remark'} + $Lang::tr{'status'} + $Lang::tr{'action'} + +END + } if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; } if ($id % 2) { print ""; @@ -5201,9 +5077,6 @@ END my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`; $cavalid =~ /Not After : (.*)[\n]/; $cavalid = $1; - if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]="net-2-net";} - if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'host' ){$confighash{$key}[32]="dynamic";} - print "$confighash{$key}[32]"; print "$confighash{$key}[25]"; $col1="bgcolor='${Header::colourred}'"; my $active = "$Lang::tr{'capsclosed'}"; @@ -5240,7 +5113,7 @@ END #EXITING -- A graceful exit is in progress. #### - if ($tustate[1] eq 'CONNECTED') { + if (($tustate[1] eq 'CONNECTED') || ($tustate[1] eq 'WAIT')) { $col1="bgcolor='${Header::colourgreen}'"; $active = "$Lang::tr{'capsopen'}"; }else { @@ -5332,7 +5205,9 @@ END END ; $id++; + $lastnet = $confighash{$key}[32]; } + print""; ; # If the config file contains entries, print Key to action icons @@ -5377,6 +5252,8 @@ END ; &Header::closebox(); } + + # CA/key listing &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}"); print < @@ -5388,7 +5265,12 @@ END END ; my $col1="bgcolor='$color{'color22'}'"; - my $col2="bgcolor='$color{'color20'}'"; + my $col2="bgcolor='$color{'color20'}'"; + # DH parameter line + my $col3="bgcolor='$color{'color22'}'"; + # ta.key line + my $col4="bgcolor='$color{'color20'}'"; + if (-f "${General::swroot}/ovpn/ca/cacert.pem") { my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`; $casubject =~ /Subject: (.*)[\n]/; @@ -5399,15 +5281,16 @@ END $Lang::tr{'root certificate'} $casubject -
+ -
-
+
+
-
-   + +   + END ; } else { @@ -5416,7 +5299,8 @@ END $Lang::tr{'root certificate'}: $Lang::tr{'not present'} -   +   + END ; } @@ -5432,15 +5316,16 @@ END $Lang::tr{'host certificate'} $hostsubject -
+ -
-
+
+
-
-   + +   + END ; } else { @@ -5449,7 +5334,75 @@ END $Lang::tr{'host certificate'}: $Lang::tr{'not present'} -   +   + +END + ; + } + + # Adding DH parameter to chart + if (-f "${General::swroot}/ovpn/ca/dh1024.pem") { + my $dhsubject = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`; + $dhsubject =~ / (.*)[\n]/; + $dhsubject = $1; + + + print < + $Lang::tr{'dh parameter'} + $dhsubject +
+ + +
+
+
+   + +END + ; + } else { + # Nothing + print < + $Lang::tr{'dh parameter'}: + $Lang::tr{'not present'} +   + +END + ; + } + + # Adding ta.key to chart + if (-f "${General::swroot}/ovpn/certs/ta.key") { + my $tasubject = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`; + $tasubject =~ /# (.*)[\n]/; + $tasubject = $1; + print < + $Lang::tr{'ta key'} + $tasubject +
+ + +
+
+ + +
+   + +END + ; + } else { + # Nothing + print < + $Lang::tr{'ta key'}: + $Lang::tr{'not present'} +   + END ; } @@ -5512,6 +5465,9 @@ END
+ + + @@ -5519,22 +5475,29 @@ END + + + + + + + + + - + + - - - - -
$Lang::tr{'upload ca certificate'}
$Lang::tr{'ca name'}:
$Lang::tr{'ovpn dh parameters'}
$Lang::tr{'ovpn dh upload'}:

$Lang::tr{'ovpn dh new key'}:
+ +
END ;