- - $Lang::tr{'capswarning'}: - $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'} | -||
-
+
|
$output\n"; - &Header::closebox(); - print ""; - &Header::closebigbox(); - &Header::closepage(); - exit(0); - } else { - $errormessage = $Lang::tr{'invalid key'}; - } + &General::readhasharray("${General::swroot}/vpn/caconfig", \%cahash); + + if ( -f "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem") { + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'ipsec'}, 1, ''); + &Header::openbigbox('100%', 'left', '', ''); + &Header::openbox('100%', 'left', "$Lang::tr{'ca certificate'}:"); + my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`; + $output = &Header::cleanhtml($output,"y"); + print "
$output\n"; + &Header::closebox(); + print ""; + &Header::closebigbox(); + &Header::closepage(); + exit(0); + } else { + $errormessage = $Lang::tr{'invalid key'}; + } ### ### Export ca certificate to browser ### } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download ca certificate'}) { - &General::readhasharray("${General::swroot}/vpn/caconfig", \%cahash); - - if ( -f "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) { - print "Content-Type: application/force-download\n"; - print "Content-Type: application/octet-stream\r\n"; - print "Content-Disposition: attachment; filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n"; - print `/usr/bin/openssl x509 -in ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`; - exit(0); - } else { - $errormessage = $Lang::tr{'invalid key'}; - } + &General::readhasharray("${General::swroot}/vpn/caconfig", \%cahash); + + if ( -f "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) { + print "Content-Type: application/force-download\n"; + print "Content-Type: application/octet-stream\r\n"; + print "Content-Disposition: attachment; filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n"; + print `/usr/bin/openssl x509 -in ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`; + exit(0); + } else { + $errormessage = $Lang::tr{'invalid key'}; + } ### ### Remove ca certificate (step 2) ### } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'} && $cgiparams{'AREUSURE'} eq 'yes') { - &General::readhasharray("${General::swroot}/vpn/config", \%confighash); - &General::readhasharray("${General::swroot}/vpn/caconfig", \%cahash); - - if ( -f "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) { - foreach my $key (keys %confighash) { - my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/certs/$confighash{$key}[1]cert.pem`; - if ($test =~ /: OK/) { - # Delete connection - system('/usr/local/bin/ipsecctrl', 'D', $key) if (&vpnenabled); - unlink ("${General::swroot}/certs/$confighash{$key}[1]cert.pem"); - unlink ("${General::swroot}/certs/$confighash{$key}[1].p12"); - delete $confighash{$key}; - &General::writehasharray("${General::swroot}/vpn/config", \%confighash); - &writeipsecfiles(); - } + &General::readhasharray("${General::swroot}/vpn/config", \%confighash); + &General::readhasharray("${General::swroot}/vpn/caconfig", \%cahash); + + if ( -f "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) { + foreach my $key (keys %confighash) { + my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/certs/$confighash{$key}[1]cert.pem`; + if ($test =~ /: OK/) { + # Delete connection + system('/usr/local/bin/ipsecctrl', 'D', $key) if (&vpnenabled); + unlink ("${General::swroot}/certs/$confighash{$key}[1]cert.pem"); + unlink ("${General::swroot}/certs/$confighash{$key}[1].p12"); + delete $confighash{$key}; + &General::writehasharray("${General::swroot}/vpn/config", \%confighash); + &writeipsecfiles(); + } + } + unlink ("${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem"); + delete $cahash{$cgiparams{'KEY'}}; + &General::writehasharray("${General::swroot}/vpn/caconfig", \%cahash); + system('/usr/local/bin/ipsecctrl', 'R'); + sleep $sleepDelay; + } else { + $errormessage = $Lang::tr{'invalid key'}; } - unlink ("${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem"); - delete $cahash{$cgiparams{'KEY'}}; - &General::writehasharray("${General::swroot}/vpn/caconfig", \%cahash); - system('/usr/local/bin/ipsecctrl', 'R'); - sleep $sleepDelay; - } else { - $errormessage = $Lang::tr{'invalid key'}; - } ### ### Remove ca certificate (step 1) ### } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'}) { - &General::readhasharray("${General::swroot}/vpn/config", \%confighash); - &General::readhasharray("${General::swroot}/vpn/caconfig", \%cahash); - - my $assignedcerts = 0; - if ( -f "${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) { - foreach my $key (keys %confighash) { - my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/certs/$confighash{$key}[1]cert.pem`; - if ($test =~ /: OK/) { - $assignedcerts++; - } - } - if ($assignedcerts) { - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'ipsec'}, 1, ''); - &Header::openbigbox('100%', 'left', '', ''); - &Header::openbox('100%', 'left', $Lang::tr{'are you sure'}); - print <
- - | -
- $Lang::tr{'capswarning'} - $Lang::tr{'connections are associated with this ca. deleting the ca will delete these connections as well.'} | -
- - | -
+ + | +
+ $Lang::tr{'capswarning'} $Lang::tr{'connections are associated with this ca. deleting the ca will delete these connections as well.'} | +
+ + | +
$output\n"; - &Header::closebox(); - print ""; - &Header::closebigbox(); - &Header::closepage(); - exit(0); + my $output; + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'ipsec'}, 1, ''); + &Header::openbigbox('100%', 'left', '', ''); + if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) { + &Header::openbox('100%', 'left', "$Lang::tr{'root certificate'}:"); + $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ca/cacert.pem`; + } else { + &Header::openbox('100%', 'left', "$Lang::tr{'host certificate'}:"); + $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/certs/hostcert.pem`; + } + $output = &Header::cleanhtml($output,"y"); + print "
$output\n"; + &Header::closebox(); + print ""; + &Header::closebigbox(); + &Header::closepage(); + exit(0); ### ### Export root certificate to browser ### } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download root certificate'}) { - if ( -f "${General::swroot}/ca/cacert.pem" ) { - print "Content-Type: application/force-download\n"; - print "Content-Disposition: attachment; filename=cacert.pem\r\n\r\n"; - print `/usr/bin/openssl x509 -in ${General::swroot}/ca/cacert.pem`; - exit(0); - } + if ( -f "${General::swroot}/ca/cacert.pem" ) { + print "Content-Type: application/force-download\n"; + print "Content-Disposition: attachment; filename=cacert.pem\r\n\r\n"; + print `/usr/bin/openssl x509 -in ${General::swroot}/ca/cacert.pem`; + exit(0); + } ### ### Export host certificate to browser ### } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download host certificate'}) { - if ( -f "${General::swroot}/certs/hostcert.pem" ) { - print "Content-Type: application/force-download\n"; - print "Content-Disposition: attachment; filename=hostcert.pem\r\n\r\n"; - print `/usr/bin/openssl x509 -in ${General::swroot}/certs/hostcert.pem`; - exit(0); - } + if ( -f "${General::swroot}/certs/hostcert.pem" ) { + print "Content-Type: application/force-download\n"; + print "Content-Disposition: attachment; filename=hostcert.pem\r\n\r\n"; + print `/usr/bin/openssl x509 -in ${General::swroot}/certs/hostcert.pem`; + exit(0); + } ### ### Form for generating/importing the caroot+host certificate ### } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate root/host certificates'} || - $cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) { - - if (-f "${General::swroot}/ca/cacert.pem") { - $errormessage = $Lang::tr{'valid root certificate already exists'}; - goto ROOTCERT_SKIP; - } - - &General::readhash("${General::swroot}/vpn/settings", \%vpnsettings); - # fill in initial values - if ($cgiparams{'ROOTCERT_HOSTNAME'} eq '') { - if (-e "${General::swroot}/red/active" && open(IPADDR, "${General::swroot}/red/local-ipaddress")) { - my $ipaddr =
$Lang::tr{'organization name'}: | -|
$Lang::tr{'ipfires hostname'}: | -|
$Lang::tr{'your e-mail'}: | -|
$Lang::tr{'your department'}: | -|
$Lang::tr{'city'}: | -|
$Lang::tr{'state or province'}: | -|
$Lang::tr{'country'}: | -
$output\n"; - &Header::closebox(); - print ""; - &Header::closebigbox(); - &Header::closepage(); - exit(0); - } + &General::readhasharray("${General::swroot}/vpn/config", \%confighash); + + if ( -f "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") { + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'ipsec'}, 1, ''); + &Header::openbigbox('100%', 'left', '', ''); + &Header::openbox('100%', 'left', "$Lang::tr{'cert'}:"); + my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`; + $output = &Header::cleanhtml($output,"y"); + print "
$output\n"; + &Header::closebox(); + print ""; + &Header::closebigbox(); + &Header::closepage(); + exit(0); + } ### ### Export Certificate to browser ### } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download certificate'}) { - &General::readhasharray("${General::swroot}/vpn/config", \%confighash); + &General::readhasharray("${General::swroot}/vpn/config", \%confighash); - if ( -f "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") { - print "Content-Type: application/force-download\n"; - print "Content-Disposition: attachment; filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\n\n"; - print `/bin/cat ${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`; - exit (0); - } + if ( -f "${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") { + print "Content-Type: application/force-download\n"; + print "Content-Disposition: attachment; filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\n\n"; + print `/bin/cat ${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`; + exit (0); + } ### ### Enable/Disable connection ### } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { - - &General::readhash("${General::swroot}/vpn/settings", \%vpnsettings); - &General::readhasharray("${General::swroot}/vpn/config", \%confighash); - - if ($confighash{$cgiparams{'KEY'}}) { - if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { - $confighash{$cgiparams{'KEY'}}[0] = 'on'; - &General::writehasharray("${General::swroot}/vpn/config", \%confighash); - &writeipsecfiles(); - system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}) if (&vpnenabled); + + &General::readhash("${General::swroot}/vpn/settings", \%vpnsettings); + &General::readhasharray("${General::swroot}/vpn/config", \%confighash); + + if ($confighash{$cgiparams{'KEY'}}) { + if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { + $confighash{$cgiparams{'KEY'}}[0] = 'on'; + &General::writehasharray("${General::swroot}/vpn/config", \%confighash); + &writeipsecfiles(); + system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}) if (&vpnenabled); + } else { + system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled); + $confighash{$cgiparams{'KEY'}}[0] = 'off'; + &General::writehasharray("${General::swroot}/vpn/config", \%confighash); + &writeipsecfiles(); + } + sleep $sleepDelay; } else { - system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled); - $confighash{$cgiparams{'KEY'}}[0] = 'off'; - &General::writehasharray("${General::swroot}/vpn/config", \%confighash); - &writeipsecfiles(); + $errormessage = $Lang::tr{'invalid key'}; } - sleep $sleepDelay; - } else { - $errormessage = $Lang::tr{'invalid key'}; - } ### ### Restart connection ### } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'restart'}) { - &General::readhash("${General::swroot}/vpn/settings", \%vpnsettings); - &General::readhasharray("${General::swroot}/vpn/config", \%confighash); + &General::readhash("${General::swroot}/vpn/settings", \%vpnsettings); + &General::readhasharray("${General::swroot}/vpn/config", \%confighash); - if ($confighash{$cgiparams{'KEY'}}) { - if (&vpnenabled) { - system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}); - sleep $sleepDelay; + if ($confighash{$cgiparams{'KEY'}}) { + if (&vpnenabled) { + system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}); + sleep $sleepDelay; + } + } else { + $errormessage = $Lang::tr{'invalid key'}; } - } else { - $errormessage = $Lang::tr{'invalid key'}; - } ### ### Remove connection ### } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) { - &General::readhash("${General::swroot}/vpn/settings", \%vpnsettings); - &General::readhasharray("${General::swroot}/vpn/config", \%confighash); - - if ($confighash{$cgiparams{'KEY'}}) { - system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled); - unlink ("${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); - unlink ("${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); - delete $confighash{$cgiparams{'KEY'}}; - &General::writehasharray("${General::swroot}/vpn/config", \%confighash); - &writeipsecfiles(); - } else { - $errormessage = $Lang::tr{'invalid key'}; - } + &General::readhash("${General::swroot}/vpn/settings", \%vpnsettings); + &General::readhasharray("${General::swroot}/vpn/config", \%confighash); + + if ($confighash{$cgiparams{'KEY'}}) { + system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled); + unlink ("${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); + unlink ("${General::swroot}/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + delete $confighash{$cgiparams{'KEY'}}; + &General::writehasharray("${General::swroot}/vpn/config", \%confighash); + &writeipsecfiles(); + } else { + $errormessage = $Lang::tr{'invalid key'}; + } &General::firewall_reload(); ### ### Choose between adding a host-net or net-net connection @@ -1235,530 +1232,545 @@ END &Header::openbigbox('100%', 'left', '', ''); &Header::openbox('100%', 'left', $Lang::tr{'connection type'}); print <
+ + |
@@ -2416,42 +2458,42 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || | $Lang::tr{'encryption'} |
|
|
@@ -2473,14 +2515,14 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || + - | ||
---|---|---|---|---|---|---|
$Lang::tr{'lifetime'} | +$Lang::tr{'lifetime'} | $Lang::tr{'hours'} | @@ -2492,15 +2534,16 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||$Lang::tr{'grouptype'} |
|
- + |
+ |
$Lang::tr{'dpd action'}: |
|
|
$Lang::tr{'dpd timeout'}: | +$Lang::tr{'dpd timeout'}: | |
$Lang::tr{'dpd delay'}: | +$Lang::tr{'dpd delay'}: |
+ |
+
+ |
|
+ | ||
+ | ||
+ | + + | + +|
$Lang::tr{'required field'} | +
$Lang::tr{'vpn red name'}: | + &Header::openbox('100%', 'left', $Lang::tr{'global settings'}); + print <
$Lang::tr{'vpn red name'}: | $Lang::tr{'enabled'} | -$Lang::tr{'vpn delayed start'}: | +
$Lang::tr{'vpn delayed start'}: | - | |
$Lang::tr{'host to net vpn'}: | +||
$Lang::tr{'host to net vpn'}: | - |
- | $Lang::tr{'this field may be blank'} | + | + | $Lang::tr{'required field'} | |
- | $Lang::tr{'vpn delayed start help'} | -+ | + | $Lang::tr{'vpn delayed start help'} | +
$Lang::tr{'ca name'}: | +; + } + my $createCA = -f "${General::swroot}/ca/cacert.pem" ? '' : "|||
$Lang::tr{'ca name'}: | - | ||
$Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}: | - |