X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=html%2Fcgi-bin%2Fovpnmain.cgi;h=c99e7beaebd0d0890a55d84cfa3f6f6c32bd264f;hb=1d43a0fb89f66c94a4e96f005ddd694c1a402385;hp=b982ee99ae6b277a4da7747b87cfa29f7bfa7989;hpb=7a1fb216e6efde13dc2475aa52a0c118b6397821;p=people%2Fpmueller%2Fipfire-2.x.git diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index b982ee99ae..c99e7beaeb 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -70,6 +70,8 @@ $cgiparams{'DHCP_DOMAIN'} = ''; $cgiparams{'DHCP_DNS'} = ''; $cgiparams{'DHCP_WINS'} = ''; $cgiparams{'DCOMPLZO'} = 'off'; +$cgiparams{'MSSFIX'} = ''; + &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'}); # prepare openvpn config file @@ -320,7 +322,7 @@ sub writeserverconf { print CONF "proto $sovpnsettings{'DPROTOCOL'}\n"; print CONF "port $sovpnsettings{'DDEST_PORT'}\n"; print CONF "script-security 3 system\n"; - print CONF "ipp-persist /var/ipfire/ovpn/ovpn-leases.db\n"; + print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n"; print CONF "tls-server\n"; print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n"; print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n"; @@ -332,6 +334,12 @@ sub writeserverconf { if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { print CONF "client-to-client\n"; } + if ($sovpnsettings{MSSFIX} eq 'on') { + print CONF "mssfix\n"; + } + if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') { + print CONF "fragment $sovpnsettings{'FRAGMENT'}\n"; + } if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) { print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n"; } @@ -358,8 +366,7 @@ sub writeserverconf { if ($sovpnsettings{DHCP_WINS} eq '') { print CONF "max-clients 100\n"; - } - + } if ($sovpnsettings{DHCP_WINS} ne '') { print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n"; } @@ -449,6 +456,21 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'}; $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'}; + if ($cgiparams{'FRAGMENT'} eq '') { + delete $vpnsettings{'FRAGMENT'}; + } else { + if ($cgiparams{'FRAGMENT'} !~ /^[0-9]+$/) { + $errormessage = "Incorrect value, please insert only numbers."; + goto ADV_ERROR; + } else { + $vpnsettings{'FRAGMENT'} = $cgiparams{'FRAGMENT'}; + } + } + if ($cgiparams{'MSSFIX'} ne 'on') { + delete $vpnsettings{'MSSFIX'}; + } else { + $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'}; + } if ($cgiparams{'DHCP_DOMAIN'} ne ''){ unless (&General::validfqdn($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) { $errormessage = $Lang::tr{'invalid input for dhcp domain'}; @@ -1380,7 +1402,13 @@ END } print CLIENTCONF "verb 3\r\n"; print CLIENTCONF "ns-cert-type server\r\n"; - print CLIENTCONF "tls-remote $vpnsettings{ROOTCERT_HOSTNAME}\r\n"; + print CLIENTCONF "tls-remote $vpnsettings{ROOTCERT_HOSTNAME}\r\n"; + if ($vpnsettings{MSSFIX} eq 'on') { + print CLIENTCONF "mssfix\r\n"; + } + if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) { + print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n"; + } close(CLIENTCONF); $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n"; my $status = $zip->writeToFileNamed($zippathname); @@ -1500,6 +1528,10 @@ ADV_ERROR: $checked{'REDIRECT_GW_DEF1'}{'off'} = ''; $checked{'REDIRECT_GW_DEF1'}{'on'} = ''; $checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED'; + $selected{'ENGINES'}{$cgiparams{'ENGINES'}} = 'SELECTED'; + $checked{'MSSFIX'}{'off'} = ''; + $checked{'MSSFIX'}{'on'} = ''; + $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED'; $selected{'LOG_VERB'}{'1'} = ''; $selected{'LOG_VERB'}{'2'} = ''; $selected{'LOG_VERB'}{'3'} = ''; @@ -1513,6 +1545,8 @@ ADV_ERROR: $selected{'LOG_VERB'}{'11'} = ''; $selected{'LOG_VERB'}{'0'} = ''; $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED'; + + &Header::showhttpheaders(); &Header::openpage($Lang::tr{'status ovpn'}, 1, ''); @@ -1552,7 +1586,7 @@ ADV_ERROR: $Lang::tr{'misc-options'} - + Client-To-Client @@ -1564,20 +1598,50 @@ ADV_ERROR: Max-Clients - + - Keppalive (ping/ping-restart) - - + + Keppalive
+ (ping/ping-restart) + + + + + fragment
+ + Default: 1300 + + + mssfix + + Default: on + + + +
- + @@ -1798,35 +1862,6 @@ END } else { $errormessage = $Lang::tr{'invalid key'}; } -#test33 - -### -### Choose between adding a host-net or net-net connection -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') { - &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', ''); - &Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'}); - print <$Lang::tr{'connection type'}:
-
$Lang::tr{'log-options'}
VERB
- - - - - -
$Lang::tr{'host to net vpn'}
$Lang::tr{'net to net vpn'}
-END - ; - &Header::closebox(); - &Header::closebigbox(); - &Header::closepage(); - exit (0); -### -### Adding a new connection -### } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) || ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) || ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) { @@ -1840,9 +1875,10 @@ END $errormessage = $Lang::tr{'invalid key'}; goto VPNCONF_END; } + $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0]; $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1]; - $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3]; + $cgiparams{'TYPE'} = 'host'; $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5]; $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6]; @@ -1882,11 +1918,6 @@ END goto VPNCONF_ERROR; } -# if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) { -# $errormessage = $Lang::tr{'ipfire side is invalid'}; -# goto VPNCONF_ERROR; -# } - # Check if there is no other entry with this name if (! $cgiparams{'KEY'}) { foreach my $key (keys %confighash) { @@ -1897,11 +1928,6 @@ END } } - if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) { - $errormessage = $Lang::tr{'invalid input for remote host/ip'}; - goto VPNCONF_ERROR; - } - if ($cgiparams{'REMOTE'}) { if (! &General::validip($cgiparams{'REMOTE'})) { if (! &General::validfqdn ($cgiparams{'REMOTE'})) { @@ -1930,10 +1956,6 @@ END } } } - if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) { - $errormessage = $Lang::tr{'remote subnet is invalid'}; - goto VPNCONF_ERROR; - } if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) { $errormessage = $Lang::tr{'invalid input'}; @@ -2057,6 +2079,9 @@ END goto VPNCONF_ERROR; } } elsif ($cgiparams{'AUTH'} eq 'certgen') { + + $cgiparams{'CERT_NAME'} =~ s/ //g; + if ($cgiparams{'KEY'}) { $errormessage = $Lang::tr{'cant change certificates'}; goto VPNCONF_ERROR; @@ -2215,17 +2240,13 @@ END if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') { $confighash{$key}[2] = $cgiparams{'CERT_NAME'}; } - $confighash{$key}[3] = $cgiparams{'TYPE'}; + $confighash{$key}[3] = 'host'; if ($cgiparams{'AUTH'} eq 'psk') { $confighash{$key}[4] = 'psk'; $confighash{$key}[5] = $cgiparams{'PSK'}; } else { $confighash{$key}[4] = 'cert'; } - if ($cgiparams{'TYPE'} eq 'net') { - $confighash{$key}[6] = $cgiparams{'SIDE'}; - $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; - } $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; $confighash{$key}[10] = $cgiparams{'REMOTE'}; $confighash{$key}[25] = $cgiparams{'REMARK'}; @@ -2312,7 +2333,7 @@ END } print "
"; - print ""; + print ""; if ($cgiparams{'KEY'}) { print ""; @@ -2322,7 +2343,6 @@ END &Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:"); print "\n"; print ""; - if ($cgiparams{'TYPE'} eq 'host') { if ($cgiparams{'KEY'}) { print "\n"; } else { @@ -2338,42 +2358,6 @@ END # print ""; # print ""; # print <"; - if ($cgiparams{'KEY'}) { - print ""; - } else { - print ""; - } - print <  - - - - - - - - - -ttt - - - - - - - - - - - - -END - ; - } print ""; print ""; @@ -2455,6 +2439,11 @@ END print < + + + + + @@ -2604,7 +2593,8 @@ END +
$Lang::tr{'name'}:$cgiparams{'NAME'}
$cgiparams{'NAME'} 
$Lang::tr{'Act as'}$Lang::tr{'remote host/ip'}:
$Lang::tr{'local subnet'}$Lang::tr{'remote subnet'}
$Lang::tr{'ovpn subnet'}
$Lang::tr{'protocol'}$Lang::tr{'destination port'}:
$Lang::tr{'comp-lzo'}
$Lang::tr{'MTU'} 
$Lang::tr{'remark title'} 
 $Lang::tr{'valid till'} (days):
  $Lang::tr{'pkcs12 file password'}:
 $Lang::tr{'pkcs12 file password'}:
($Lang::tr{'confirmation'})		$Lang::tr{'ovpn subnet'}
$Lang::tr{'ovpn device'}
$Lang::tr{'protocol'}