X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Fovpnmain.cgi;h=92bab473243cac4b8d2f7fa392e6389741e54df9;hb=12a8cc1ed90b108fbbcb2d1093e754f05e98bdc1;hp=95eb67a1ec746530e7e5d75444da3ad4ccda48b7;hpb=9c7da0c6d9adc6020a4815a90f0bb5930d57a97b;p=people%2Fteissler%2Fipfire-2.x.git

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 95eb67a1e..92bab4732 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2007-2011  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -18,11 +18,14 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
 #                                                                             #
 ###############################################################################
-
+###
+# Based on IPFireCore 55
+###
 use CGI;
 use CGI qw/:standard/;
 use Net::DNS;
 use Net::Ping;
+use Net::Telnet;
 use File::Copy;
 use File::Temp qw/ tempfile tempdir /;
 use strict;
@@ -57,6 +60,7 @@ my %selected=();
 my $warnmessage = '';
 my $errormessage = '';
 my %settings=();
+my $routes_push_file = '';
 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
 $cgiparams{'ENABLED'} = 'off';
 $cgiparams{'ENABLED_BLUE'} = 'off';
@@ -70,9 +74,11 @@ $cgiparams{'CA_NAME'} = '';
 $cgiparams{'DHCP_DOMAIN'} = '';
 $cgiparams{'DHCP_DNS'} = '';
 $cgiparams{'DHCP_WINS'} = '';
+$cgiparams{'ROUTES_PUSH'} = '';
 $cgiparams{'DCOMPLZO'} = 'off';
 $cgiparams{'MSSFIX'} = '';
-
+$routes_push_file = "${General::swroot}/ovpn/routes_push";
+unless (-e $routes_push_file)    { system("touch $routes_push_file"); }
 
 &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
 
@@ -307,10 +313,13 @@ sub disallowreserved
 	return;
 }
 
+
 sub writeserverconf {
-    my %sovpnsettings = ();    
+    my %sovpnsettings = ();  
+    my @temp = ();  
     &General::readhash("${General::swroot}/ovpn/settings", \%sovpnsettings);
-
+    &read_routepushfile;
+    
     open(CONF,    ">${General::swroot}/ovpn/server.conf") or die "Unable to open ${General::swroot}/ovpn/server.conf: $!";
     flock CONF, 2;
     print CONF "#OpenVPN Server conf\n";
@@ -325,6 +334,7 @@ sub writeserverconf {
     print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
     print CONF "script-security 3 system\n";
     print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n";
+    print CONF "client-config-dir /var/ipfire/ovpn/ccd\n";
     print CONF "tls-server\n";
     print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n";
     print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n";
@@ -333,13 +343,23 @@ sub writeserverconf {
     my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'});
     print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n";
     print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
+    
+    if ($vpnsettings{'ROUTES_PUSH'} ne '') {
+	@temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'});
+   	foreach (@temp)
+	{
+		@tempovpnsubnet = split("\/",&General::ipcidr2msk($_));
+		print CONF "push \"route " . $tempovpnsubnet[0]. " " .  $tempovpnsubnet[1] . "\"\n";
+	}
+    }
+
     if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
 	print CONF "client-to-client\n";
     }
     if ($sovpnsettings{MSSFIX} eq 'on') {
 	print CONF "mssfix\n";
     }
-    if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') {
+    if (($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{FRAGMENT} ne 0) && $sovpnsettings{'DPROTOCOL'} ne 'tcp') {
 	print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
     }
     if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {	
@@ -397,6 +417,44 @@ sub emptyserverlog{
 
 }
 
+###
+# m.a.d net2net
+###
+
+sub validdotmask
+{
+	my $ipdotmask = $_[0];
+	if (&General::validip($ipdotmask)) { return 0; }
+	if (!($ipdotmask =~ /^(.*?)\/(.*?)$/)) {  }
+	my $mask = $2;
+	if (($mask =~ /\./ )) { return 0; }	
+  return 1;
+}
+
+# -------------------------------------------------------------------
+
+sub write_routepushfile
+{
+	open(FILE, ">$routes_push_file");
+	flock(FILE, 2);
+	if ($vpnsettings{'ROUTES_PUSH'} ne '') {
+		print FILE $vpnsettings{'ROUTES_PUSH'};
+	}
+	close(FILE); 
+}
+
+sub read_routepushfile
+{
+	if (-e "$routes_push_file") {
+		open(FILE,"$routes_push_file");
+		delete $vpnsettings{'ROUTES_PUSH'};
+		while (<FILE>) { $vpnsettings{'ROUTES_PUSH'} .= $_ };
+		close(FILE);
+		$cgiparams{'ROUTES_PUSH'} = $vpnsettings{'ROUTES_PUSH'};
+	}
+}
+
+
 #hier die refresh page
 if ( -e "${General::swroot}/ovpn/gencanow") {
     my $refresh = '';
@@ -457,6 +515,8 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
     $vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'};
     $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
     $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
+    $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
+    my @temp=();
     
     if ($cgiparams{'FRAGMENT'} eq '') {
     	delete $vpnsettings{'FRAGMENT'};
@@ -488,8 +548,35 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
     if ($cgiparams{'DHCP_WINS'} ne ''){
 	unless (&General::validfqdn($cgiparams{'DHCP_WINS'}) || &General::validip($cgiparams{'DHCP_WINS'})) {
 		$errormessage = $Lang::tr{'invalid input for dhcp wins'};
-	goto ADV_ERROR;
+		goto ADV_ERROR;
+    	}
+    }
+    if ($cgiparams{'ROUTES_PUSH'} ne ''){
+	@temp = split(/\n/,$cgiparams{'ROUTES_PUSH'});
+    	undef $vpnsettings{'ROUTES_PUSH'};
+   	foreach (@temp)
+	{
+		s/^\s+//g; s/\s+$//g;
+		if ($_)
+		{
+			unless (&General::validipandmask($_)) {
+				$errormessage = $Lang::tr{'ovpn errmsg invalid ip or mask'};
+			goto ADV_ERROR;
+			}
+			my ($ip, $cidr) = split("\/",&General::ipcidr2msk($_));
+			if ($ip eq $netsettings{'GREEN_NETADDRESS'} && $cidr eq $netsettings{'GREEN_NETMASK'}) {
+				$errormessage = $Lang::tr{'ovpn errmsg green already pushed'};
+  goto ADV_ERROR;
+			}
+			$vpnsettings{'ROUTES_PUSH'} .= $_."\n";
+		}
     	}
+	&write_routepushfile;
+	undef $vpnsettings{'ROUTES_PUSH'};
+    }
+	else {
+	undef $vpnsettings{'ROUTES_PUSH'};
+	&write_routepushfile;
     }
     if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 255 )) {
         $errormessage = $Lang::tr{'invalid input for max clients'};
@@ -517,7 +604,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
 }
 
 ###
-# m.a.d Save net2net server config
+# m.a.d net2net
 ###
 
 if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'server')
@@ -525,7 +612,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' &&
 
 my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
 my @ovsubnettemp =  split(/\./,$cgiparams{'OVPN_SUBNET'});
-my $ovsubnet =  "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]";
+my $ovsubnet =  "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
 my $tunmtu =  '';
 
 unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
@@ -534,159 +621,144 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
   open(SERVERCONF,    ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
   
   flock SERVERCONF, 2;
-  print SERVERCONF "# n2n Open VPN Server Config by ummeegge und m.a.d\n"; 
+  print SERVERCONF "# IPFire n2n Open VPN Server Config by ummeegge und m.a.d\n"; 
   print SERVERCONF "\n"; 
-  print SERVERCONF "# User Sicherheit\n";
+  print SERVERCONF "# User Security\n";
   print SERVERCONF "user nobody\n";
   print SERVERCONF "group nobody\n";
   print SERVERCONF "persist-tun\n";
   print SERVERCONF "persist-key\n";
-  print SERVERCONF "\n";
-  print SERVERCONF "# IP/DNS fuer das Server Gateway - g2g Mode\n"; 
+  print SERVERCONF "script-security 2\n";
+  print SERVERCONF "# IP/DNS for remote Server Gateway\n"; 
   print SERVERCONF "remote $cgiparams{'REMOTE'}\n";
-  print SERVERCONF "\n"; 
-  print SERVERCONF "# IP Adressen des VPN Tunnels\n"; 
+  print SERVERCONF "float\n";
+  print SERVERCONF "# IP adresses of the VPN Subnet\n"; 
   print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; 
-  print SERVERCONF "\n"; 
-  print SERVERCONF "# Netzwerk auf dem Client Gateway\n"; 
-  print SERVERCONF "route @remsubnet[0] @remsubnet[1]\n";
-  print SERVERCONF "# Device fuer den Tunnel\n"; 
+  print SERVERCONF "# Client Gateway Network\n"; 
+  print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n";
+  print SERVERCONF "# tun Device\n"; 
   print SERVERCONF "dev tun\n"; 
-  print SERVERCONF "\n"; 
-  print SERVERCONF "#Port und Protokoll\n"; 
+  print SERVERCONF "# Port and Protokol\n"; 
   print SERVERCONF "port $cgiparams{'DEST_PORT'}\n"; 
-  print SERVERCONF "proto $cgiparams{'PROTOCOL'}\n"; 
-  print SERVERCONF "\n"; 
-  print SERVERCONF "# Paketgroessen\n"; 
+  
+  if ($cgiparams{'PROTOCOL'} eq 'tcp') {
+  print SERVERCONF "proto tcp-server\n";
+  print SERVERCONF "# Packet size\n";
   if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
-  print SERVERCONF "tun-mtu $tunmtu\n"; 
-  if ($cgiparams{'PROTOCOL'} eq 'udp') {
-  if ($cgiparams{'FRAGMENT'} eq '') {
-  print SERVERCONF "fragment 1300\r\n";
-  } else {
-  print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n"
-  }
-  if ($cgiparams{'MSSFIX'} eq 'on') {
-  print SERVERCONF "mssfix\n"; 
+  print SERVERCONF "tun-mtu $tunmtu\n";
   }
+  
+  if ($cgiparams{'PROTOCOL'} eq 'udp') {
+  print SERVERCONF "proto udp\n"; 
+  print SERVERCONF "# Paketsize\n";
+  if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
+  print SERVERCONF "tun-mtu $tunmtu\n";
+  if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";} 
+  if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; }; 
   }
-  print SERVERCONF "\n"; 
-  print SERVERCONF "# Auth Server\n"; 
+  print SERVERCONF "# Auth. Server\n"; 
   print SERVERCONF "tls-server\n"; 
   print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; 
   print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n"; 
   print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n"; 
   print SERVERCONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n"; 
-  print SERVERCONF "\n"; 
-  print SERVERCONF "# Verschluesselung\n"; 
+  print SERVERCONF "# Cipher\n"; 
   print SERVERCONF "cipher AES-256-CBC\n"; 
   if ($cgiparams{'COMPLZO'} eq 'on') {
-   print SERVERCONF "# Kompression einschalten\n";
+   print SERVERCONF "# Enable Compression\n";
    print SERVERCONF "comp-lzo\r\n";
-   print SERVERCONF "#\n";
-   }
-  print SERVERCONF "# Debug Level setzen\n"; 
+     }
+  print SERVERCONF "# Debug Level\n"; 
   print SERVERCONF "verb 3\n"; 
-  print SERVERCONF "\n"; 
-  print SERVERCONF "# Tunnel Ueberwachung\n"; 
+  print SERVERCONF "# Tunnel check\n"; 
   print SERVERCONF "keepalive 10 60\n"; 
-  print SERVERCONF "\n"; 
-  print SERVERCONF "# Als Daemon starten mit Namen ovpnn2n\n"; 
+  print SERVERCONF "# Start as daemon\n"; 
   print SERVERCONF "daemon $cgiparams{'NAME'}n2n\n"; 
   print SERVERCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n"; 
-  print SERVERCONF "\n"; 
-  print SERVERCONF "# Management Interface aktivieren\n"; 
-  print SERVERCONF "#management localhost 4711\n";
+  print SERVERCONF "# Activate Management Interface and Port\n"; 
+  if ($cgiparams{'OVPN_MGMT'} eq '') {print SERVERCONF "management localhost $cgiparams{'DEST_PORT'}\n"}
+  else {print SERVERCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"};
   close(SERVERCONF);
 
 }
 
 ###
-# m.a.d Save net2net client config
+# m.a.d net2net
 ###
+
 if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client')
 {
         my @ovsubnettemp =  split(/\./,$cgiparams{'OVPN_SUBNET'});
-        my $ovsubnet =  "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]";
+        my $ovsubnet =  "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
         my @remsubnet =  split(/\//,$cgiparams{'REMOTE_SUBNET'});
         my $tunmtu =  '';
-           
+                   
 unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
 unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
   
   open(CLIENTCONF,    ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
   
   flock CLIENTCONF, 2;
-  print CLIENTCONF "# rewritten n2n Open VPN Client Config by ummeegge und m.a.d\n";
+  print CLIENTCONF "# IPFire rewritten n2n Open VPN Client Config by ummeegge und m.a.d\n";
   print CLIENTCONF "#\n"; 
-  print CLIENTCONF "# User Sicherheit\n";
+  print CLIENTCONF "# User Security\n";
   print CLIENTCONF "user nobody\n";
   print CLIENTCONF "group nobody\n";
   print CLIENTCONF "persist-tun\n";
   print CLIENTCONF "persist-key\n";
-  print CLIENTCONF "#\n";
-  print CLIENTCONF "# IP/DNS fuer das Server Gateway - g2g Mode\n"; 
+  print CLIENTCONF "script-security 2\n";
+  print CLIENTCONF "# IP/DNS for remote Server Gateway\n"; 
   print CLIENTCONF "remote $cgiparams{'REMOTE'}\n";
-  print CLIENTCONF "#\n"; 
-  print CLIENTCONF "# IP Adressen des VPN Tunnels\n"; 
+  print CLIENTCONF "float\n";
+  print CLIENTCONF "# IP adresses of the VPN Subnet\n"; 
   print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; 
-  print CLIENTCONF "#\n"; 
-  print CLIENTCONF "# Netzwerk auf dem Server Gateway\n"; 
-  print CLIENTCONF "route @remsubnet[0]/@remsubnet[1]\n"; 
-  print CLIENTCONF "# Device fuer den Tunnel\n"; 
+  print CLIENTCONF "# Server Gateway Network\n"; 
+  print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n"; 
+  print CLIENTCONF "# tun Device\n"; 
   print CLIENTCONF "dev tun\n"; 
-  print CLIENTCONF "#\n"; 
-  print CLIENTCONF "#Port und Protokoll\n"; 
+  print CLIENTCONF "# Port and Protokol\n"; 
   print CLIENTCONF "port $cgiparams{'DEST_PORT'}\n"; 
-  print CLIENTCONF "proto $cgiparams{'PROTOCOL'}\n"; 
-  print CLIENTCONF "#\n"; 
-  print CLIENTCONF "# Paketgroessen\n"; 
+
+  if ($cgiparams{'PROTOCOL'} eq 'tcp') {
+  print CLIENTCONF "proto tcp-client\n";
+  print CLIENTCONF "# Packet size\n";
   if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
-  print CLIENTCONF "tun-mtu $tunmtu\n"; 
-  if ($cgiparams{'PROTOCOL'} eq 'udp') {
-  if ($cgiparams{'FRAGMENT'} eq '') {
-  print CLIENTCONF "fragment 1300\r\n";
-  } else {
-  print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n"
-  }
-  if ($cgiparams{'MSSFIX'} eq 'on') {
-  print CLIENTCONF "mssfix\n"; 
+  print CLIENTCONF "tun-mtu $tunmtu\n";
   }
+  
+  if ($cgiparams{'PROTOCOL'} eq 'udp') {
+  print CLIENTCONF "proto udp\n"; 
+  print CLIENTCONF "# Paketsize\n";
+  if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
+  print CLIENTCONF "tun-mtu $tunmtu\n";
+  if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";}
+  if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; }; 
   }
-  print CLIENTCONF "#\n"; 
+ 
+  print CLIENTCONF "ns-cert-type server\n";   
   print CLIENTCONF "# Auth. Client\n"; 
   print CLIENTCONF "tls-client\n"; 
-  print CLIENTCONF "#\n"; 
-  print CLIENTCONF "# Verschluesselung\n"; 
+  print CLIENTCONF "# Cipher\n"; 
   print CLIENTCONF "cipher AES-256-CBC\n"; 
   print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n";
-  print CLIENTCONF "#\n"; 
   if ($cgiparams{'COMPLZO'} eq 'on') {
-   print CLIENTCONF "# Kompression einschalten\n";
+   print CLIENTCONF "# Enable Compression\n";
    print CLIENTCONF "comp-lzo\r\n";
-   print CLIENTCONF "#\n";
-   }
-  print CLIENTCONF "#\n"; 
+     }
   print CLIENTCONF "# Debug Level\n"; 
   print CLIENTCONF "verb 3\n"; 
-  print CLIENTCONF "#\n"; 
-  print CLIENTCONF "# Tunnel Ueberwachung\n"; 
+  print CLIENTCONF "# Tunnel check\n"; 
   print CLIENTCONF "keepalive 10 60\n"; 
-  print CLIENTCONF "#\n";
-  print CLIENTCONF "# Als Daemon starten\n"; 
+  print CLIENTCONF "# Start as daemon\n"; 
   print CLIENTCONF "daemon $cgiparams{'NAME'}n2n\n";
   print CLIENTCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n"; 
-  print CLIENTCONF "#\n";
-  print CLIENTCONF "# Management Interface aktivieren\n"; 
-  print CLIENTCONF "# management localhost 4711\n";
+  print CLIENTCONF "# Activate Management Interface and Port\n"; 
+  if ($cgiparams{'OVPN_MGMT'} eq '') {print CLIENTCONF "management localhost $cgiparams{'DEST_PORT'}\n"}
+  else {print CLIENTCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"};
   close(CLIENTCONF);
 
 }
   
-###
-# m.a.d Save net2net config  end
-###
-
 ###
 ### Save main settings
 ###
@@ -1488,7 +1560,7 @@ END
 ###
 
 ###
-# m.a.d net2net Anpassung
+# m.a.d net2net
 ###
 
 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
@@ -1540,8 +1612,8 @@ END
     my $zippath = "$tempdir/";
 
 ###
-# m.a.d net2net DL Client Package
-###  
+# m.a.d net2net
+###
 
 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
         
@@ -1549,77 +1621,73 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
         my $zippathname = "$zippath$zipname";
         $clientovpn = "$confighash{$cgiparams{'KEY'}}[1].conf";  
         my @ovsubnettemp =  split(/\./,$confighash{$cgiparams{'KEY'}}[27]);
-        my $ovsubnet =  "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]";
+        my $ovsubnet =  "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
         my $tunmtu = ''; 
+        my @remsubnet = split(/\//,$confighash{$cgiparams{'KEY'}}[8]);
+        my $n2nfragment = '';
         
     open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
     flock CLIENTCONF, 2;
     
     my $zip = Archive::Zip->new();
-   print CLIENTCONF "# n2n Open VPN Client Config by ummeegge und m.a.d\n";
+   print CLIENTCONF "# IPFire n2n Open VPN Client Config by ummeegge und m.a.d\n";
    print CLIENTCONF "# \n";
-   print CLIENTCONF "# User Sicherheit\n";
+   print CLIENTCONF "# User Security\n";
    print CLIENTCONF "user nobody\n";
    print CLIENTCONF "group nobody\n";
    print CLIENTCONF "persist-tun\n";
    print CLIENTCONF "persist-key\n";
-   print CLIENTCONF "#\n";
-   print CLIENTCONF "# IP/DNS fuer das Server Gateway - g2g Mode\n"; 
+   print CLIENTCONF "script-security 2\n";
+   print CLIENTCONF "# IP/DNS for remote Server Gateway\n"; 
    print CLIENTCONF "remote $vpnsettings{'VPN_IP'}\n";
-   print CLIENTCONF "#\n"; 
-   print CLIENTCONF "# IP Adressen des VPN Tunnels\n"; 
+   print CLIENTCONF "float\n";
+   print CLIENTCONF "# IP adresses of the VPN Subnet\n"; 
    print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; 
-   print CLIENTCONF "#\n"; 
-   print CLIENTCONF "# Netzwerk auf dem Server Gateway\n"; 
-   print CLIENTCONF "route $confighash{$cgiparams{'KEY'}}[8]\n";
-   print CLIENTCONF "# Device fuer den Tunnel\n"; 
+   print CLIENTCONF "# Server Gateway Network\n"; 
+   print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";
+   print CLIENTCONF "# tun Device\n"; 
    print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\n"; 
-   print CLIENTCONF "#\n"; 
-   print CLIENTCONF "#Port und Protokoll\n"; 
+   print CLIENTCONF "# Port and Protokoll\n"; 
    print CLIENTCONF "port $confighash{$cgiparams{'KEY'}}[29]\n"; 
-   print CLIENTCONF "proto $confighash{$cgiparams{'KEY'}}[28]\n"; 
-   print CLIENTCONF "#\n"; 
-   print CLIENTCONF "# Paketgroessen\n"; 
+   
+   if ($confighash{$cgiparams{'KEY'}}[28] eq 'tcp') {
+   print CLIENTCONF "proto tcp-client\n";
+   print CLIENTCONF "# Packet size\n";
    if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1400'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
-   print CLIENTCONF "tun-mtu $tunmtu\n"; 
-   if ($confighash{$cgiparams{'KEY'}}[28] eq 'udp') {
-   if ($cgiparams{'FRAGMENT'} eq '') {
-   print CLIENTCONF "fragment 1300\r\n";
-   } else {
-   print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n"
-   }
-   if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {
-   print CLIENTCONF "mssfix\n"; 
+   print CLIENTCONF "tun-mtu $tunmtu\n";
    }
+  
+   if ($confighash{$cgiparams{'KEY'}}[28] eq 'udp') {
+   print CLIENTCONF "proto udp\n"; 
+   print CLIENTCONF "# Paketsize\n";
+   if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1500'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
+   print CLIENTCONF "tun-mtu $tunmtu\n";
+   if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";}
+   if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";}
    }
-   print CLIENTCONF "#\n"; 
+   print CLIENTCONF "ns-cert-type server\n";   
    print CLIENTCONF "# Auth. Client\n"; 
    print CLIENTCONF "tls-client\n"; 
-   print CLIENTCONF "#\n"; 
-   print CLIENTCONF "# Verschluesselung\n"; 
+   print CLIENTCONF "# Cipher\n"; 
    print CLIENTCONF "cipher AES-256-CBC\n"; 
     if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") { 
 	 print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n";
      $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
    } 
-   print CLIENTCONF "#\n"; 
     if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') {
-   print CLIENTCONF "# Kompression einschalten\n";
+   print CLIENTCONF "# Enable Compression\n";
    print CLIENTCONF "comp-lzo\r\n";
-   print CLIENTCONF "#\n";
-   }
+     }
    print CLIENTCONF "# Debug Level\n"; 
    print CLIENTCONF "verb 3\n"; 
-   print CLIENTCONF "#\n"; 
-   print CLIENTCONF "# Tunnel Ueberwachung\n"; 
+   print CLIENTCONF "# Tunnel check\n"; 
    print CLIENTCONF "keepalive 10 60\n"; 
-   print CLIENTCONF "#\n";
-   print CLIENTCONF "# Als Daemon starten\n"; 
+   print CLIENTCONF "# Start as daemon\n"; 
    print CLIENTCONF "daemon $confighash{$cgiparams{'KEY'}}[1]n2n\n"; 
    print CLIENTCONF "writepid /var/run/$confighash{$cgiparams{'KEY'}}[1]n2n.pid\n"; 
-   print CLIENTCONF "#\n";
-   print CLIENTCONF "# Management Interface aktivieren\n"; 
-   print CLIENTCONF "# management localhost 4711\n";
+   print CLIENTCONF "# Activate Management Interface and Port\n"; 
+   if ($confighash{$cgiparams{'KEY'}}[22] eq '') {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[29]\n"}
+    else {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[22]\n"};
    print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n";
   
 
@@ -1642,7 +1710,7 @@ else
         $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn";
 
 ###
-# m.a.d net2net DL Client Package end
+# m.a.d net2net
 ###
   
     open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
@@ -1732,8 +1800,9 @@ else
 	my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
 
 ###
-# m.a.d net2net Anpassung
+# m.a.d net2net
 ###
+
  if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
 
 	my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
@@ -1743,9 +1812,6 @@ else
   rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
   
 }
-###
-# m.a.d net2net Anpassung end
-###
 
   unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
 	unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
@@ -1819,6 +1885,7 @@ else
     %cahash = ();
     %confighash = ();
     &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
+    read_routepushfile;
 
 #    if ($cgiparams{'CLIENT2CLIENT'} eq '') {
 #	$cgiparams{'CLIENT2CLIENT'} =  'on';     
@@ -1893,6 +1960,25 @@ ADV_ERROR:
     <tr>	
 	<td class='base'>WINS</td>
 	<td><input type='TEXT' name='DHCP_WINS' value='$cgiparams{'DHCP_WINS'}' size='30' /></td>
+       </tr>
+    <tr>
+	<td colspan='4'><b>$Lang::tr{'ovpn routes push options'}</b></td>
+    </tr>
+    <tr>	
+	<td class='base'>$Lang::tr{'ovpn routes push'}</td>
+  <td colspan='2'>
+       <textarea name='ROUTES_PUSH' cols='26' rows='6' wrap='off'>
+END
+;
+
+if ($cgiparams{'ROUTES_PUSH'} ne '')
+{
+	print $cgiparams{'ROUTES_PUSH'};
+}
+
+print <<END
+</textarea></td>
+</tr>
     </tr>
 </table>
 <hr size='1'>
@@ -1924,8 +2010,8 @@ ADV_ERROR:
      	<tr>
      	  <td class='base'>fragment <br></td>
      	  <td><input type='TEXT' name='FRAGMENT' value='$cgiparams{'FRAGMENT'}' size='10' /></td>
-     	  <td>Default: <span class="base">1300</span></td>
-   	  </tr>
+        <td>Default: <span class="base">1300</span></td>
+      </tr>
      	<tr>
      	  <td class='base'>mssfix</td>
      	  <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
@@ -2185,7 +2271,7 @@ END
 ###
 
 ###
-# m.a.d Anpassung wegen upload n2n Package
+# m.a.d net2net
 ###
 
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') {
@@ -2194,6 +2280,9 @@ END
 	&Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
 	&Header::openbigbox('100%', 'LEFT', '', '');
 	&Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'});
+
+if ( -s "${General::swroot}/ovpn/settings") {
+
 	print <<END
 	    <b>$Lang::tr{'connection type'}:</b><br />
 	    <table><form method='post' ENCTYPE="multipart/form-data">
@@ -2204,18 +2293,35 @@ END
   		<tr><td><input type='radio' name='TYPE' value='net2net' /></td>		
 		<td class='base'>$Lang::tr{'net to net vpn'} (Upload Client Package)</td></tr>
 	  <tr><td>&nbsp;</td><td class='base'><input type='file' name='FH' size='30'></td></tr>
-	  <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
+	  <tr><td>&nbsp;</td><td>Import Connection Name <img src='/blob.gif' /></td></tr>
+    <tr><td>&nbsp;</td><td class='base'><input type='text' name='n2nname' size='30'><td class='base'>Default : Client Packagename</td></td></tr>
+	  <tr><td colspan='3'><hr /></td></tr>
+    <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
+	  <tr><td>&nbsp;</td></tr>
+	  <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
+	    </form></table>
+END
+	;
+
+} else {
+	print <<END
+		    <b>$Lang::tr{'connection type'}:</b><br />
+	    <table><form method='post' ENCTYPE="multipart/form-data">
+	    <tr><td><input type='radio' name='TYPE' value='host' checked /></td> <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
+	    <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
 	    </form></table>
 END
 	;
 
+}
+
 	&Header::closebox();
 	&Header::closebigbox();
 	&Header::closepage();
 	exit (0);
 
 ###
-# m.a.d uploading a IPFire n2n Client package
+# m.a.d net2net
 ###
 
 }  elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2net')){
@@ -2223,11 +2329,14 @@ END
 	my @firen2nconf;
 	my @confdetails;
 	my $uplconffilename ='';
+	my $uplconffilename2 ='';
 	my $uplp12name = '';
+	my $uplp12name2 = '';
 	my @rem_subnet;
 	my @rem_subnet2;
 	my @tmposupnet3;	
 	my $key;
+	my @n2nname;
 
 	&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);	
 
@@ -2288,17 +2397,41 @@ END
 		goto N2N_ERROR;
 	}
 
-###	
-# m.a.d prepare imported ipfire net2net data
 ###
+# m.a.d net2net
+###
+  
+ if ($cgiparams{'n2nname'} ne ''){
+
+  $uplconffilename2 = "$cgiparams{'n2nname'}.conf"; 
+  $uplp12name2 = "$cgiparams{'n2nname'}.p12"; 
+  $n2nname[0] = $cgiparams{'n2nname'};
+  my @n2nname2 = split(/\./,$uplconffilename);
+  $n2nname2[0] =~ s/\n|\r//g;
+  my $input1 = "${General::swroot}/ovpn/certs/$uplp12name";
+	my $output1 = "${General::swroot}/ovpn/certs/$uplp12name2";
+	my $input2 = "$n2nname2[0]n2n";
+  my $output2 = "$n2nname[0]n2n";
+  my $filename = "$tempdir/$uplconffilename";
+  open(FILE, "< $filename") or die 'Unable to open config file.';
+	my @current = <FILE>;
+	close(FILE);
+	foreach (@current) {s/$input1/$output1/g;}
+	foreach (@current) {s/$input2/$output2/g;}
+  open (OUT, "> $filename") || die 'Unable to open config file.';
+  print OUT @current;
+  close OUT;
 
- my @n2nname = split(/\./,$uplconffilename);
+    }else{
+    $uplconffilename2 =  $uplconffilename;
+    $uplp12name2 = $uplp12name;
+    @n2nname = split(/\./,$uplconffilename);
     $n2nname[0] =~ s/\n|\r//g;
+   } 
+    unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
+    unless(-d "${General::swroot}/ovpn/n2nconf/$n2nname[0]"){mkdir "${General::swroot}/ovpn/n2nconf/$n2nname[0]", 0770 or die "Unable to create dir $!";}   
 
-    if ( !-d "${General::swroot}/ovpn/n2nconf/$n2nname[0]") { 
-      mkdir("${General::swroot}/ovpn/n2nconf/$n2nname[0]", 0770); } 
-
-	move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename");
+	move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2");
 
 	if ($? ne 0) {
 	    $errormessage = "*.conf move failed: $!";
@@ -2306,7 +2439,9 @@ END
 	    goto N2N_ERROR;
 	}
 	
-	move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name");
+	move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name2");
+	chmod 0600, "${General::swroot}/ovpn/certs/$uplp12name";
+	
 	if ($? ne 0) {
 	    $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
 	    unlink ($filename);
@@ -2316,20 +2451,24 @@ END
 my $complzoactive;
 my $mssfixactive;
 my $n2nfragment;
-my @n2nproto = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
+my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
+my @n2nproto = split(/-/, $n2nproto2[1]);
 my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]);
 my @n2ntunmtu = split(/ /, (grep { /^tun-mtu/ } @firen2nconf)[0]);
 my @n2ncomplzo = grep { /^comp-lzo/ } @firen2nconf;
 if ($n2ncomplzo[0] =~ /comp-lzo/){$complzoactive = "on";} else {$complzoactive = "off";}	
 my @n2nmssfix  = grep { /^mssfix/ } @firen2nconf;
 if ($n2nmssfix[0] =~ /mssfix/){$mssfixactive = "on";} else {$mssfixactive = "off";}
+#my @n2nmssfix = split(/ /, (grep { /^mssfix/ } @firen2nconf)[0]);
 my @n2nfragment = split(/ /, (grep { /^fragment/ } @firen2nconf)[0]);
 my @n2nremote = split(/ /, (grep { /^remote/ } @firen2nconf)[0]);
 my @n2novpnsuball = split(/ /, (grep { /^ifconfig/ } @firen2nconf)[0]);
 my @n2novpnsub =  split(/\./,$n2novpnsuball[1]);
 my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]);
+my @n2nmgmt =  split(/ /, (grep { /^management/ } @firen2nconf)[0]);
 my @n2nlocalsub  = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]);
 
+
 ###
 # m.a.d delete CR and LF from arrays for this chomp doesnt work
 ###
@@ -2338,17 +2477,19 @@ $n2nremote[1] =~ s/\n|\r//g;
 $n2novpnsub[0] =~ s/\n|\r//g;
 $n2novpnsub[1] =~ s/\n|\r//g;
 $n2novpnsub[2] =~ s/\n|\r//g;
-$n2nproto[1] =~ s/\n|\r//g;
+$n2nproto[0] =~ s/\n|\r//g;
 $n2nport[1] =~ s/\n|\r//g;
 $n2ntunmtu[1] =~ s/\n|\r//g;
 $n2nremsub[1] =~ s/\n|\r//g;
+$n2nremsub[2] =~ s/\n|\r//g;
 $n2nlocalsub[2] =~ s/\n|\r//g;
 $n2nfragment[1] =~ s/\n|\r//g;
+$n2nmgmt[2] =~ s/\n|\r//g;
 chomp ($complzoactive);
 chomp ($mssfixactive);
 
 ###
-# m.a.d Write n2n config
+# m.a.d net2net
 ###
 
 ###
@@ -2358,15 +2499,13 @@ chomp ($mssfixactive);
 	foreach my $dkey (keys %confighash) {
 		if ($confighash{$dkey}[1] eq $n2nname[0]) {
 			$errormessage = $Lang::tr{'a connection with this name already exists'};
+			unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
+	    unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
+      rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
 			goto N2N_ERROR;			
 		}
 	}
 
-###
-# Check if RemSubnet is green orange blue
-###
-
-
 ###
 # Check if OpenVPN Subnet is valid
 ###
@@ -2374,6 +2513,9 @@ chomp ($mssfixactive);
 foreach my $dkey (keys %confighash) {
 		if ($confighash{$dkey}[27] eq "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0") {
 			$errormessage = 'The OpenVPN Subnet is already in use';
+			unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
+	    unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
+      rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
 			goto N2N_ERROR;			
 		}
 	}
@@ -2385,6 +2527,9 @@ foreach my $dkey (keys %confighash) {
 foreach my $dkey (keys %confighash) {
 		if ($confighash{$dkey}[29] eq $n2nport[1] ) {
 			$errormessage = 'The OpenVPN Port is already in use';
+			unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
+	    unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
+      rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
 			goto N2N_ERROR;			
 		}
 	}
@@ -2402,13 +2547,14 @@ foreach my $dkey (keys %confighash) {
 	$confighash{$key}[6] = 'client';		
 	$confighash{$key}[8] =  $n2nlocalsub[2];
   $confighash{$key}[10] = $n2nremote[1];
-  $confighash{$key}[11] = $n2nremsub[1];		
-	$confighash{$key}[23] = $mssfixactive;
+  $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]";		
+	$confighash{$key}[22] = $n2nmgmt[2];
+  $confighash{$key}[23] = $mssfixactive;
 	$confighash{$key}[24] = $n2nfragment[1];
   $confighash{$key}[25] = 'IPFire n2n Client';
 	$confighash{$key}[26] = 'red';
   $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0";
-  $confighash{$key}[28] = $n2nproto[1];
+  $confighash{$key}[28] = $n2nproto[0];
   $confighash{$key}[29] = $n2nport[1];
   $confighash{$key}[30] = $complzoactive;
   $confighash{$key}[31] = $n2ntunmtu[1];
@@ -2446,7 +2592,10 @@ foreach my $dkey (keys %confighash) {
 		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td><td><b>$confighash{$key}[28]</b></td></tr>
 		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'destination port'}:</td><td><b>$confighash{$key}[29]</b></td></tr>
 		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td><td><b>$confighash{$key}[30]</b></td></tr>
+		<tr><td class='boldbase' nowrap='nowrap'>MSSFIX </td><td><b>$confighash{$key}[23]</b></td></tr>
+		<tr><td class='boldbase' nowrap='nowrap'>Fragment </td><td><b>$confighash{$key}[24]</b></td></tr>
 		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
+		<tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr>
 		<tr><td>&nbsp;</td><td>&nbsp;</td></tr>	
     </table>
 END
@@ -2497,7 +2646,7 @@ if ($confighash{$cgiparams{'KEY'}}) {
     
 
 ###
-# m.a.d end uploading a IPFire n2n Client package
+# m.a.d net2net
 ###
 
 
@@ -2527,6 +2676,7 @@ if ($confighash{$cgiparams{'KEY'}}) {
   $cgiparams{'REMOTE'}	= $confighash{$cgiparams{'KEY'}}[10];
   $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
 # n2n m.a.d new fields
+  $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22];
   $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23];
   $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24];
 	$cgiparams{'REMARK'}	= $confighash{$cgiparams{'KEY'}}[25];
@@ -2543,55 +2693,111 @@ if ($confighash{$cgiparams{'KEY'}}) {
 
     } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
 	$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
-	if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
+	
+  if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
 	    $errormessage = $Lang::tr{'connection type is invalid'};
+	    if ($cgiparams{'TYPE'} eq 'net') {
+      unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+      }
 	    goto VPNCONF_ERROR;
 	}
 
 
 	if ($cgiparams{'NAME'} !~ /^[a-zA-Z0-9]+$/) {
 	    $errormessage = $Lang::tr{'name must only contain characters'};
-	    goto VPNCONF_ERROR;
-	}
+      if ($cgiparams{'TYPE'} eq 'net') {
+      unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+      }
+      goto VPNCONF_ERROR;
+  }
 
 	if ($cgiparams{'NAME'} =~ /^(host|01|block|private|clear|packetdefault)$/) {
 	    $errormessage = $Lang::tr{'name is invalid'};
+	    if ($cgiparams{'TYPE'} eq 'net') {
+      unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+      }
 	    goto VPNCONF_ERROR;
 	}
 
 	if (length($cgiparams{'NAME'}) >60) {
 	    $errormessage = $Lang::tr{'name too long'};
+	    if ($cgiparams{'TYPE'} eq 'net') {
+      unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+      }
 	    goto VPNCONF_ERROR;
 	}
 
 ###
-# n2n Plausi m.a.d
+# m.a.d net2net
 ###
 
-		if ($cgiparams{'DEST_PORT'} eq  $vpnsettings{'DDEST_PORT'}) {
-			$errormessage = 'The Destination Port is used by the OpenVPN Server please change';
-			goto VPNCONF_ERROR;			
+if ($cgiparams{'TYPE'} eq 'net') {
+		
+    if ($cgiparams{'DEST_PORT'} eq  $vpnsettings{'DDEST_PORT'}) {
+			$errormessage = $Lang::tr{'openvpn destination port used'};
+			unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+      goto VPNCONF_ERROR;			
+		}
+    
+    if ($cgiparams{'DEST_PORT'} eq  '') {
+			$errormessage = $Lang::tr{'openvpn destination port used'};
+			unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+      goto VPNCONF_ERROR;			
 		}
 
     if ($cgiparams{'OVPN_SUBNET'} eq  $vpnsettings{'DOVPN_SUBNET'}) {
-			$errormessage = 'The OpenVPN Subnet is used by the OpenVPN Server please change';
+			$errormessage = $Lang::tr{'openvpn subnet is used'};
+			unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
 			goto VPNCONF_ERROR;			
 		}
 
 	  if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'MSSFIX'} eq 'on')) {
-	    $errormessage = 'mssfix only allowed with udp';
+	    $errormessage = $Lang::tr{'openvpn mssfix allowed with udp'};
+	    unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
 	    goto VPNCONF_ERROR;
     }
      
     if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'FRAGMENT'} ne '')) {
-	    $errormessage = 'fragment only allowed with udp';
+	    $errormessage = $Lang::tr{'openvpn fragment allowed with udp'};
+	    unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
 	    goto VPNCONF_ERROR;
     }
-    
 
-###
-# n2n Plausi m.a.d
-###
+    if ( &validdotmask ($cgiparams{'LOCAL_SUBNET'}))  {
+		  $errormessage = $Lang::tr{'openvpn prefix local subnet'};
+		  unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+		  goto VPNCONF_ERROR;
+		} 
+    
+    if ( &validdotmask ($cgiparams{'OVPN_SUBNET'}))  {
+		  $errormessage = $Lang::tr{'openvpn prefix openvpn subnet'};
+		  unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+		  goto VPNCONF_ERROR;
+		} 
+    
+    if ( &validdotmask ($cgiparams{'REMOTE_SUBNET'}))  {
+		  $errormessage = $Lang::tr{'openvpn prefix remote subnet'};
+		  unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+		  goto VPNCONF_ERROR;
+		} 
+
+    if ($cgiparams{'OVPN_MGMT'} eq  '') {
+			$cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'};		
+		}
+   
+}
 
 #	if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
 #	    $errormessage = $Lang::tr{'ipfire side is invalid'};
@@ -2603,6 +2809,10 @@ if ($confighash{$cgiparams{'KEY'}}) {
 	    foreach my $key (keys %confighash) {
 		if ($confighash{$key}[1] eq $cgiparams{'NAME'}) {
 		    $errormessage = $Lang::tr{'a connection with this name already exists'};
+		    if ($cgiparams{'TYPE'} eq 'net') {
+        unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	      rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+        }
 		    goto VPNCONF_ERROR;
 		}
 	    }
@@ -2610,6 +2820,10 @@ if ($confighash{$cgiparams{'KEY'}}) {
 
 	if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) {
 	    $errormessage = $Lang::tr{'invalid input for remote host/ip'};
+	    if ($cgiparams{'TYPE'} eq 'net') {
+      unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+      }
 	    goto VPNCONF_ERROR;
 	}
 
@@ -2617,10 +2831,17 @@ if ($confighash{$cgiparams{'KEY'}}) {
 	    if (! &General::validip($cgiparams{'REMOTE'})) {
 		if (! &General::validfqdn ($cgiparams{'REMOTE'}))  {
 		    $errormessage = $Lang::tr{'invalid input for remote host/ip'};
+		    if ($cgiparams{'TYPE'} eq 'net') {
+        unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	      rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+        }
 		    goto VPNCONF_ERROR;
 		} else {
 		    if (&valid_dns_host($cgiparams{'REMOTE'})) {
 			$warnmessage = "$Lang::tr{'check vpn lr'} $cgiparams{'REMOTE'}. $Lang::tr{'dns check failed'}";
+			if ($cgiparams{'TYPE'} eq 'net') {
+
+      }
 		    }
 		}
 	    }
@@ -2628,6 +2849,10 @@ if ($confighash{$cgiparams{'KEY'}}) {
 	if ($cgiparams{'TYPE'} ne 'host') {
             unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) {
 	            $errormessage = $Lang::tr{'local subnet is invalid'}; 
+	            if ($cgiparams{'TYPE'} eq 'net') {
+              unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	            rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+              }
 			goto VPNCONF_ERROR;}
 	}
 	# Check if there is no other entry without IP-address and PSK
@@ -2643,7 +2868,9 @@ if ($confighash{$cgiparams{'KEY'}}) {
 	}
 	if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) {
                 $errormessage = $Lang::tr{'remote subnet is invalid'};
-		goto VPNCONF_ERROR;
+                unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	              rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+      		goto VPNCONF_ERROR;
 	}
 
 	if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
@@ -2684,7 +2911,7 @@ if ($confighash{$cgiparams{'KEY'}}) {
 
 	    # Sign the certificate request and move it
 	    # Sign the host certificate request
-	    system('/usr/bin/openssl', 'ca', '-days', '999999',
+	    system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
 		'-batch', '-notext',
 		'-in', $filename,
 		'-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
@@ -2863,7 +3090,7 @@ if ($confighash{$cgiparams{'KEY'}}) {
 	    }
 	
 	    # Sign the host certificate request
-	    system('/usr/bin/openssl', 'ca', '-days', '999999',
+	    system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
 		'-batch', '-notext',
 		'-in',  "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
 		'-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
@@ -2939,12 +3166,13 @@ if ($confighash{$cgiparams{'KEY'}}) {
 	}
 	$confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
 	$confighash{$key}[10] = $cgiparams{'REMOTE'};
-  $confighash{$key}[23] = $cgiparams{'MSSFIX'};
-  if ($cgiparams{'FRAGMENT'} eq '') {
-  $confighash{$key}[24] = '1300';
+  if ($cgiparams{'OVPN_MGMT'} eq '') {
+  $confighash{$key}[22] = $confighash{$key}[29];
   } else {
-  $confighash{$key}[24] = $cgiparams{'FRAGMENT'};
+  $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'};
   }
+  $confighash{$key}[23] = $cgiparams{'MSSFIX'};
+  $confighash{$key}[24] = $cgiparams{'FRAGMENT'};
 	$confighash{$key}[25] = $cgiparams{'REMARK'};
 	$confighash{$key}[26] = $cgiparams{'INTERFACE'};
 # new fields	
@@ -2955,6 +3183,33 @@ if ($confighash{$cgiparams{'KEY'}}) {
 	$confighash{$key}[31] = $cgiparams{'MTU'};
 # new fileds	
 	&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+
+###
+# m.a.d n2n begin
+###
+	
+	if ($cgiparams{'TYPE'} eq 'net') {
+	
+	if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
+  system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
+	
+  &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+	my $key = $cgiparams{'KEY'};
+	if (! $key) {
+	    $key = &General::findhasharraykey (\%confighash);
+	    foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
+	    }
+  $confighash{$key}[0] = 'on';
+  &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+  
+  system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
+	 }          
+  }
+
+###
+# m.a.d n2n end
+###	
+
 	if ($cgiparams{'EDIT_ADVANCED'} eq 'on') {
 	    $cgiparams{'KEY'} = $key;
 	    $cgiparams{'ACTION'} = $Lang::tr{'advanced'};
@@ -2962,6 +3217,14 @@ if ($confighash{$cgiparams{'KEY'}}) {
 	goto VPNCONF_END;
     } else {
         $cgiparams{'ENABLED'} = 'on';
+###
+# m.a.d n2n begin
+###	
+        $cgiparams{'MSSFIX'} = 'on';
+        $cgiparams{'FRAGMENT'} = '1300';
+###
+# m.a.d n2n end
+###	
 	$cgiparams{'SIDE'} = 'left';
 	if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) {
 	    $cgiparams{'AUTH'} = 'psk';
@@ -3075,8 +3338,8 @@ if ($confighash{$cgiparams{'KEY'}}) {
 		    <td width='25%'>&nbsp;</td>
 		    <td width='25%'>&nbsp;</td></tr>
 		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td>
-		    <td><select name='SIDE'><option value='server' $selected{'SIDE'}{'server'}>OpenVPN Server</option>
-					    <option value='client' $selected{'SIDE'}{'client'}>OpenVPN Client</option></select></td>
+		    <td><select name='SIDE'><option value='server' $selected{'SIDE'}{'server'}>$Lang::tr{'openvpn server'}</option>
+					    <option value='client' $selected{'SIDE'}{'client'}>$Lang::tr{'openvpn client'}</option></select></td>
  		    <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
 		    <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td></tr>
 		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
@@ -3097,13 +3360,19 @@ if ($confighash{$cgiparams{'KEY'}}) {
 		    
 		      <tr><td class='boldbase' nowrap='nowrap'>mssfix &nbsp;<img src='/blob.gif' /></td>
 		    <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
-		    
-		      <tr><td class='boldbase' nowrap='nowrap'>Fragment &nbsp;<img src='/blob.gif' /></td>
+        <td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td>
+        
+          <tr><td class='boldbase' nowrap='nowrap'>fragment &nbsp;<img src='/blob.gif' /></td>
 		    <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td>
-		    <td>Default: <span class="base">1300</span></td>
+		    <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td>
 		    
 	        <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;<img src='/blob.gif' /></td>
-		    <td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></TD>
+		    <td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td>
+        <td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td>
+        
+        <tr><td class='boldbase' nowrap='nowrap'>Management Port&nbsp;<img src='/blob.gif' /></td>
+		    <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td>
+        <td colspan='2'>$Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}</span></td>
 
 END
 	    ;
@@ -3153,10 +3422,12 @@ END
 
 print <<END
 	    <table width='100%' cellpadding='0' cellspacing='5' border='0'>
-	    <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr>
+	    
 	    <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td><td class='base'>$Lang::tr{'upload a certificate request'}</td><td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr>
 	    <tr><td><input type='radio' name='AUTH' value='certfile' $checked{'AUTH'}{'certfile'} $cacrtdisabled /></td><td class='base'>$Lang::tr{'upload a certificate'}</td></tr>
-	    <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' BORDER='0' /></td></tr>
+	    <tr><td colspan='3'>&nbsp;</td></tr>
+      <tr><td colspan='3'><hr /></td></tr>
+      <tr><td colspan='3'>&nbsp;</td></tr>
 	    <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
 	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users fullname or system hostname'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
 	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users email'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
@@ -3169,7 +3440,7 @@ END
 ;
 
 ###
-# m.a.d  Disbale upload cert for n2n connections
+# m.a.d net2net
 ###
 
 } else {
@@ -3185,14 +3456,15 @@ print <<END
 	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'city'}:&nbsp;<img src='/blob.gif'></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
 	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'state or province'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
 	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
-
+          
+      
 END
 ;
 
 }
 
 ###
-# m.a.d  Disbale upload cert for n2n connections end
+# m.a.d net2net
 ###
 
 	    foreach my $country (sort keys %{Countries::countries}) {
@@ -3203,20 +3475,23 @@ END
 		print ">$country</option>";
 	    }
 ###
-# m.a.d  Disbale pkcs-password for n2n connections
+# m.a.d net2net
 ###
 
 if ($cgiparams{'TYPE'} eq 'host') {
 	    print <<END
 	    </select></td></tr>
 
-	<td class='base'>$Lang::tr{'valid till'} (days):</td>
+	<td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):</td>
 	<td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
    <tr><td>&nbsp;</td>
 		<td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
 		<td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value='$cgiparams{'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr>
 	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'pkcs12 file password'}:<BR>($Lang::tr{'confirmation'})</td>
 		<td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr>
+     <tr><td colspan='3'>&nbsp;</td></tr>
+     <tr><td colspan='3'><hr /></td></tr>
+     <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
      </table>
 END
 }else{
@@ -3224,13 +3499,15 @@ END
 	    </select></td></tr>
    <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
 	 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+	 <tr><td colspan='3'><hr /></td></tr>
+	 <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
        </table>
  
 END
 }
 
 ###
-# m.a.d  Disbale pkcs-password for n2n connections end
+# m.a.d net2net
 ###
 	    ;
 	    &Header::closebox();
@@ -3575,7 +3852,8 @@ END
     if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
 
 ###
-# m.a.d Client Status Table
+# m.a.d net2net
+#<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b><br /><img src='/images/null.gif' width='125' height='1' border='0' alt='L2089' /></td>
 ###
 
     &Header::openbox('100%', 'LEFT', $Lang::tr{'Client status and controlc' });
@@ -3587,8 +3865,8 @@ END
     <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td>
     <td width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></td>
     <td width='18%' class='boldbase' align='center'><b>$Lang::tr{'common name'}</b></td>
-    <td width='17%' class='boldbase' align='center'><b>$Lang::tr{'valid till'}</b></td>
-    <td width='25%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b><br /><img src='/images/null.gif' width='125' height='1' border='0' alt='L2089' /></td>
+    <td width='22%' class='boldbase' align='center'><b>$Lang::tr{'valid till'}</b></td>
+    <td width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td>
     <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></td>
     <td width='5%' class='boldbase' colspan='6' align='center'><b>$Lang::tr{'action'}</b></td>
 </tr>
@@ -3596,7 +3874,7 @@ END
 	;
         my $id = 0;
         my $gif;
-        foreach my $key (keys %confighash) {
+	 foreach my $key (sort { uc($confighash{$a}[1]) cmp uc($confighash{$b}[1]) } keys %confighash) {
     	if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
 
 	if ($id % 2) {
@@ -3620,19 +3898,48 @@ END
 	my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
 
 	if ($confighash{$key}[0] eq 'off') {
-	    $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
+	 $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
 	} else {
 
 ###
-# m.a.d net2net Status
-###		    
-
-  if ($confighash{$cgiparams{'KEY'}}[3] eq 'host'){
-
-	    my $cn;
-    	my @match = ();	
-	    foreach my $line (@status) {
+# m.a.d net2net
+###       
+       
+       if ($confighash{$key}[3] eq 'net') {
+
+        if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
+          my @output = "";
+          my @tustate = "";
+          my $tport = $confighash{$key}[22];
+          my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport); 
+          if ($tport ne '') {
+          $tnet->open('127.0.0.1');
+          @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/');
+          @tustate = split(/\,/, $output[1]);
+###
+#CONNECTING    -- OpenVPN's initial state.
+#WAIT          -- (Client only) Waiting for initial response from server.
+#AUTH          -- (Client only) Authenticating with server.
+#GET_CONFIG    -- (Client only) Downloading configuration options from server.
+#ASSIGN_IP     -- Assigning IP address to virtual network interface.
+#ADD_ROUTES    -- Adding routes to system.
+#CONNECTED     -- Initialization Sequence Completed.
+#RECONNECTING  -- A restart has occurred.
+#EXITING       -- A graceful exit is in progress.
+####
+
+        if ( $tustate[1] eq 'CONNECTED') {
+          $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></tr></td></table>";
+                          } else {
+          $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$tustate[1]</font></b></td></tr></table>";                          
+           }
+           } 
+           }
+        }	else {
 
+	        my $cn;
+    	    my @match = ();	
+	  foreach my $line (@status) {
 		chomp($line);
 		if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
 		    @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
@@ -3641,34 +3948,13 @@ END
 		    }	    
 	    	$cn =~ s/[_]/ /g;
 		    if ($cn eq "$confighash{$key}[2]") {
-			$active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
+			$active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>";
 		    }
-		 }   
-    }
-     } else {
-       my @tempovpnsubnet = split("\/",$confighash{$key}[27]);
-			 my @ovpnip = split /\./,$tempovpnsubnet[0];
-			 my $pingip = "";
-			
-      		if ($confighash{$key}[6] eq 'server') {
-						$pingip = "$ovpnip[0].$ovpnip[1].$ovpnip[2].2";
-					} else {
-						$pingip = "$ovpnip[0].$ovpnip[1].$ovpnip[2].1";
-					}
-				
-         my $p = Net::Ping->new("udp",1);
-				
-         if ($p->ping($pingip)) {
-			   $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>";
-			   }	
-			   $p->close();	
+   }
       
-       }	
 	}
-
-###
-# m.a.d net2net Status end
-###	
+}
+}
 
 
 	my $disable_clientdl = "disabled='disabled'";