X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Fovpnmain.cgi;h=969b2557fffde5033403d13aa75bd2cf61934fca;hb=9bd0bfd233b2297a3c2e91e90b56fdfd96011c3b;hp=921009fc70ba194ffbcd22f9d1de34cca7756a88;hpb=c16d97c617b8a7a663f536da61f7b161251c6500;p=ipfire-2.x.git diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 921009fc70..969b2557ff 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -908,7 +908,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General } if ($cgiparams{'COMPLZO'} eq 'on') { print SERVERCONF "# Enable Compression\n"; - print SERVERCONF "comp-lzo\r\n"; + print SERVERCONF "comp-lzo\n"; } print SERVERCONF "# Debug Level\n"; print SERVERCONF "verb 3\n"; @@ -1003,7 +1003,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General } if ($cgiparams{'COMPLZO'} eq 'on') { print CLIENTCONF "# Enable Compression\n"; - print CLIENTCONF "comp-lzo\r\n"; + print CLIENTCONF "comp-lzo\n"; } print CLIENTCONF "# Debug Level\n"; print CLIENTCONF "verb 3\n"; @@ -1520,13 +1520,13 @@ END } ### -### Download Diffie-Hellman parameter +### Download tls-auth key ### -}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download dh parameter'}) { - if ( -f "${General::swroot}/ovpn/ca/dh1024.pem" ) { +}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download tls-auth key'}) { + if ( -f "${General::swroot}/ovpn/certs/ta.key" ) { print "Content-Type: application/octet-stream\r\n"; - print "Content-Disposition: filename=dh1024.pem\r\n\r\n"; - print `/usr/bin/openssl dhparam -in ${General::swroot}/ovpn/ca/dh1024.pem`; + print "Content-Disposition: filename=ta.key\r\n\r\n"; + print `/bin/cat ${General::swroot}/ovpn/certs/ta.key`; exit(0); } @@ -2103,7 +2103,7 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ } if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') { print CLIENTCONF "# Enable Compression\n"; - print CLIENTCONF "comp-lzo\r\n"; + print CLIENTCONF "comp-lzo\n"; } print CLIENTCONF "# Debug Level\n"; print CLIENTCONF "verb 3\n"; @@ -2369,6 +2369,28 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { exit(0); } +### +### Display tls-auth key +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show tls-auth key'}) { + + if (! -e "${General::swroot}/ovpn/certs/ta.key") { + $errormessage = $Lang::tr{'not present'}; + } else { + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + &Header::openbox('100%', 'LEFT', "$Lang::tr{'ta key'}:"); + my $output = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`; + $output = &Header::cleanhtml($output,"y"); + print "
$output
\n"; + &Header::closebox(); + print "
$Lang::tr{'back'}
"; + &Header::closebigbox(); + &Header::closepage(); + exit(0); + } + ### ### Display Certificate Revoke List ### @@ -3155,7 +3177,6 @@ my $complzoactive; my $mssfixactive; my $authactive; my $n2nfragment; -my $authactive; my @n2nmtudisc = split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]); my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]); my @n2nproto = split(/-/, $n2nproto2[1]); @@ -3947,10 +3968,8 @@ if ($cgiparams{'TYPE'} eq 'net') { $errormessage = $Lang::tr{'name too long'}; goto VPNCONF_ERROR; } - if ($cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) { + if ($cgiparams{'CERT_NAME'} eq '' || $cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) { $errormessage = $Lang::tr{'invalid input for name'}; - unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; - rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; goto VPNCONF_ERROR; } if ($cgiparams{'CERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'CERT_EMAIL'}))) { @@ -5003,24 +5022,41 @@ END ### &Header::openbox('100%', 'LEFT', $Lang::tr{'connection status and controlc' }); - print < - - $Lang::tr{'name'} - $Lang::tr{'type'} - $Lang::tr{'network'} - $Lang::tr{'remark'} - $Lang::tr{'status'} - $Lang::tr{'action'} - -END ; my $id = 0; my $gif; my $col1=""; - foreach my $key (sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) { + my $lastnet; + foreach my $key (sort { ncmp ($confighash{$a}[32],$confighash{$b}[32]) } sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) { + if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]=$Lang::tr{'fwhost OpenVPN N-2-N'};} + if ($confighash{$key}[32] eq "dynamic"){$confighash{$key}[32]=$Lang::tr{'ccd dynrange'};} + if($id == 0){ + print"$confighash{$key}[32]"; + print < + + $Lang::tr{'name'} + $Lang::tr{'type'} + $Lang::tr{'remark'} + $Lang::tr{'status'} + $Lang::tr{'action'} + +END + } + if ($id > 0 && $lastnet ne $confighash{$key}[32]){ + print "
"; + print"$confighash{$key}[32]"; + print < + + $Lang::tr{'name'} + $Lang::tr{'type'} + $Lang::tr{'remark'} + $Lang::tr{'status'} + $Lang::tr{'action'} + +END + } if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; } if ($id % 2) { print ""; @@ -5039,9 +5075,6 @@ END my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`; $cavalid =~ /Not After : (.*)[\n]/; $cavalid = $1; - if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]="net-2-net";} - if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'host' ){$confighash{$key}[32]="dynamic";} - print "$confighash{$key}[32]"; print "$confighash{$key}[25]"; $col1="bgcolor='${Header::colourred}'"; my $active = "$Lang::tr{'capsclosed'}"; @@ -5170,7 +5203,9 @@ END END ; $id++; + $lastnet = $confighash{$key}[32]; } + print""; ; # If the config file contains entries, print Key to action icons @@ -5215,6 +5250,8 @@ END ; &Header::closebox(); } + + # CA/key listing &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}"); print < @@ -5227,7 +5264,10 @@ END ; my $col1="bgcolor='$color{'color22'}'"; my $col2="bgcolor='$color{'color20'}'"; + # DH parameter line my $col3="bgcolor='$color{'color22'}'"; + # ta.key line + my $col4="bgcolor='$color{'color20'}'"; if (-f "${General::swroot}/ovpn/ca/cacert.pem") { my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`; @@ -5239,15 +5279,16 @@ END $Lang::tr{'root certificate'} $casubject -
+ -
-
+
+
-
-   + +   + END ; } else { @@ -5256,7 +5297,8 @@ END $Lang::tr{'root certificate'}: $Lang::tr{'not present'} -   +   + END ; } @@ -5272,15 +5314,16 @@ END $Lang::tr{'host certificate'} $hostsubject -
+ -
-
+
+
-
-   + +   + END ; } else { @@ -5289,7 +5332,8 @@ END $Lang::tr{'host certificate'}: $Lang::tr{'not present'} -   +   + END ; } @@ -5297,7 +5341,7 @@ END # Adding DH parameter to chart if (-f "${General::swroot}/ovpn/ca/dh1024.pem") { my $dhsubject = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`; - $dhsubject =~ /PKCS#3 (.*)[\n]/; + $dhsubject =~ / (.*)[\n]/; $dhsubject = $1; @@ -5305,15 +5349,14 @@ END $Lang::tr{'dh parameter'} $dhsubject -
+ -
-
- - -
-   + +
+
+   + END ; } else { @@ -5322,7 +5365,42 @@ END $Lang::tr{'dh parameter'}: $Lang::tr{'not present'} -   +   + +END + ; + } + + # Adding ta.key to chart + if (-f "${General::swroot}/ovpn/certs/ta.key") { + my $tasubject = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`; + $tasubject =~ /# (.*)[\n]/; + $tasubject = $1; + print < + $Lang::tr{'ta key'} + $tasubject +
+ + +
+
+ + +
+   + +END + ; + } else { + # Nothing + print < + $Lang::tr{'ta key'}: + $Lang::tr{'not present'} +   + END ; } @@ -5385,6 +5463,9 @@ END
+ + +
$Lang::tr{'upload ca certificate'}
$Lang::tr{'ca name'}: