use CGI;
use CGI qw/:standard/;
use Net::DNS;
+use Net::Ping;
use File::Copy;
use File::Temp qw/ tempfile tempdir /;
use strict;
require "${General::swroot}/countries.pl";
# enable only the following on debugging purpose
-#use warnings;
-#use CGI::Carp 'fatalsToBrowser';
+use warnings;
+use CGI::Carp 'fatalsToBrowser';
#workaround to suppress a warning when a variable is used only once
my @dummy = ( ${Header::colourgreen} );
undef (@dummy);
$cgiparams{'DCOMPLZO'} = 'off';
$cgiparams{'MSSFIX'} = '';
+
&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
# prepare openvpn config file
&writeserverconf();#hier ok
}
+###
+# m.a.d Save net2net server config
+###
+
+if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'server')
+{
+my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
+my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'});
+my $ovsubnet = "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]";
+my $tunmtu = '';
+
+unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
+unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
+
+ open(SERVERCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
+
+ flock SERVERCONF, 2;
+ print SERVERCONF "# n2n Open VPN Server Config by ummeegge und m.a.d\n";
+ print SERVERCONF "\n";
+ print SERVERCONF "# User Sicherheit\n";
+ print SERVERCONF "user nobody\n";
+ print SERVERCONF "group nobody\n";
+ print SERVERCONF "persist-tun\n";
+ print SERVERCONF "persist-key\n";
+ print SERVERCONF "\n";
+ print SERVERCONF "# IP/DNS fuer das Server Gateway - g2g Mode\n";
+ print SERVERCONF "remote $cgiparams{'REMOTE'}\n";
+ print SERVERCONF "\n";
+ print SERVERCONF "# IP Adressen des VPN Tunnels\n";
+ print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n";
+ print SERVERCONF "\n";
+ print SERVERCONF "# Netzwerk auf dem Client Gateway\n";
+ print SERVERCONF "route @remsubnet[0] @remsubnet[1]\n";
+ print SERVERCONF "# Device fuer den Tunnel\n";
+ print SERVERCONF "dev tun\n";
+ print SERVERCONF "\n";
+ print SERVERCONF "#Port und Protokoll\n";
+ print SERVERCONF "port $cgiparams{'DEST_PORT'}\n";
+ print SERVERCONF "proto $cgiparams{'PROTOCOL'}\n";
+ print SERVERCONF "\n";
+ print SERVERCONF "# Paketgroessen\n";
+ if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
+ print SERVERCONF "tun-mtu $tunmtu\n";
+ if ($cgiparams{'PROTOCOL'} eq 'udp') {
+ if ($cgiparams{'FRAGMENT'} eq '') {
+ print SERVERCONF "fragment 1300\r\n";
+ } else {
+ print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n"
+ }
+ if ($cgiparams{'MSSFIX'} eq 'on') {
+ print SERVERCONF "mssfix\n";
+ }
+ }
+ print SERVERCONF "\n";
+ print SERVERCONF "# Auth Server\n";
+ print SERVERCONF "tls-server\n";
+ print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
+ print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
+ print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
+ print SERVERCONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n";
+ print SERVERCONF "\n";
+ print SERVERCONF "# Verschluesselung\n";
+ print SERVERCONF "cipher AES-256-CBC\n";
+ if ($cgiparams{'COMPLZO'} eq 'on') {
+ print SERVERCONF "# Kompression einschalten\n";
+ print SERVERCONF "comp-lzo\r\n";
+ print SERVERCONF "#\n";
+ }
+ print SERVERCONF "# Debug Level setzen\n";
+ print SERVERCONF "verb 3\n";
+ print SERVERCONF "\n";
+ print SERVERCONF "# Tunnel Ueberwachung\n";
+ print SERVERCONF "keepalive 10 60\n";
+ print SERVERCONF "\n";
+ print SERVERCONF "# Als Daemon starten mit Namen ovpnn2n\n";
+ print SERVERCONF "daemon $cgiparams{'NAME'}n2n\n";
+ print SERVERCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n";
+ print SERVERCONF "\n";
+ print SERVERCONF "# Management Interface aktivieren\n";
+ print SERVERCONF "#management localhost 4711\n";
+ close(SERVERCONF);
+}
+
+###
+# m.a.d Save net2net client config
+###
+if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client')
+{
+ my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'});
+ my $ovsubnet = "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]";
+ my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
+ my $tunmtu = '';
+
+unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
+unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
+
+ open(CLIENTCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
+
+ flock CLIENTCONF, 2;
+ print CLIENTCONF "# rewritten n2n Open VPN Client Config by ummeegge und m.a.d\n";
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "# User Sicherheit\n";
+ print CLIENTCONF "user nobody\n";
+ print CLIENTCONF "group nobody\n";
+ print CLIENTCONF "persist-tun\n";
+ print CLIENTCONF "persist-key\n";
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "# IP/DNS fuer das Server Gateway - g2g Mode\n";
+ print CLIENTCONF "remote $cgiparams{'REMOTE'}\n";
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "# IP Adressen des VPN Tunnels\n";
+ print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n";
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "# Netzwerk auf dem Server Gateway\n";
+ print CLIENTCONF "route @remsubnet[0]/@remsubnet[1]\n";
+ print CLIENTCONF "# Device fuer den Tunnel\n";
+ print CLIENTCONF "dev tun\n";
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "#Port und Protokoll\n";
+ print CLIENTCONF "port $cgiparams{'DEST_PORT'}\n";
+ print CLIENTCONF "proto $cgiparams{'PROTOCOL'}\n";
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "# Paketgroessen\n";
+ if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
+ print CLIENTCONF "tun-mtu $tunmtu\n";
+ if ($cgiparams{'PROTOCOL'} eq 'udp') {
+ if ($cgiparams{'FRAGMENT'} eq '') {
+ print CLIENTCONF "fragment 1300\r\n";
+ } else {
+ print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n"
+ }
+ if ($cgiparams{'MSSFIX'} eq 'on') {
+ print CLIENTCONF "mssfix\n";
+ }
+ }
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "# Auth. Client\n";
+ print CLIENTCONF "tls-client\n";
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "# Verschluesselung\n";
+ print CLIENTCONF "cipher AES-256-CBC\n";
+ print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n";
+ print CLIENTCONF "#\n";
+ if ($cgiparams{'COMPLZO'} eq 'on') {
+ print CLIENTCONF "# Kompression einschalten\n";
+ print CLIENTCONF "comp-lzo\r\n";
+ print CLIENTCONF "#\n";
+ }
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "# Debug Level\n";
+ print CLIENTCONF "verb 3\n";
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "# Tunnel Ueberwachung\n";
+ print CLIENTCONF "keepalive 10 60\n";
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "# Als Daemon starten\n";
+ print CLIENTCONF "daemon $cgiparams{'NAME'}n2n\n";
+ print CLIENTCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n";
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "# Management Interface aktivieren\n";
+ print CLIENTCONF "# management localhost 4711\n";
+ close(CLIENTCONF);
+
+}
+
+###
+# m.a.d Save net2net config end
+###
###
### Save main settings
###
+
+
if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') {
&General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
#DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
###
### Enable/Disable connection
###
+
+###
+# m.a.d net2net Anpassung
+###
+
}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
&General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-
+# my $n2nactive = '';
+ my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk \'{print \$1}\'`;
+
if ($confighash{$cgiparams{'KEY'}}) {
- if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
+
+
+ if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
$confighash{$cgiparams{'KEY'}}[0] = 'on';
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- #&writeserverconf();
-# if ($vpnsettings{'ENABLED'} eq 'on' ||
-# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
-# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
-# }
- } else {
+
+ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
+ system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
+ }
+
+ } else {
+
$confighash{$cgiparams{'KEY'}}[0] = 'off';
-# if ($vpnsettings{'ENABLED'} eq 'on' ||
-# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
-# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
-# }
- &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- #&writeserverconf();
- }
- } else {
- $errormessage = $Lang::tr{'invalid key'};
- }
+ &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+
+ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
+ if ($n2nactive ne ''){
+ system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
+ }
+
+ } else {
+ $errormessage = $Lang::tr{'invalid key'};
+ }
+ }
+ }
###
### Download OpenVPN client package
###
+
+
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'dl client arch'}) {
&General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
my @fileholder;
my $tempdir = tempdir( CLEANUP => 1 );
my $zippath = "$tempdir/";
- my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip";
- my $zippathname = "$zippath$zipname";
- $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn";
+
+###
+# m.a.d net2net DL Client Package
+###
+
+if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
+
+ my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-Client.zip";
+ my $zippathname = "$zippath$zipname";
+ $clientovpn = "$confighash{$cgiparams{'KEY'}}[1].conf";
+ my @ovsubnettemp = split(/\./,$confighash{$cgiparams{'KEY'}}[27]);
+ my $ovsubnet = "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]";
+ my $tunmtu = '';
+
+ open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
+ flock CLIENTCONF, 2;
+
+ my $zip = Archive::Zip->new();
+ print CLIENTCONF "# n2n Open VPN Client Config by ummeegge und m.a.d\n";
+ print CLIENTCONF "# \n";
+ print CLIENTCONF "# User Sicherheit\n";
+ print CLIENTCONF "user nobody\n";
+ print CLIENTCONF "group nobody\n";
+ print CLIENTCONF "persist-tun\n";
+ print CLIENTCONF "persist-key\n";
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "# IP/DNS fuer das Server Gateway - g2g Mode\n";
+ print CLIENTCONF "remote $vpnsettings{'VPN_IP'}\n";
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "# IP Adressen des VPN Tunnels\n";
+ print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n";
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "# Netzwerk auf dem Server Gateway\n";
+ print CLIENTCONF "route $confighash{$cgiparams{'KEY'}}[8]\n";
+ print CLIENTCONF "# Device fuer den Tunnel\n";
+ print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\n";
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "#Port und Protokoll\n";
+ print CLIENTCONF "port $confighash{$cgiparams{'KEY'}}[29]\n";
+ print CLIENTCONF "proto $confighash{$cgiparams{'KEY'}}[28]\n";
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "# Paketgroessen\n";
+ if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1400'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
+ print CLIENTCONF "tun-mtu $tunmtu\n";
+ if ($confighash{$cgiparams{'KEY'}}[28] eq 'udp') {
+ if ($cgiparams{'FRAGMENT'} eq '') {
+ print CLIENTCONF "fragment 1300\r\n";
+ } else {
+ print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n"
+ }
+ if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {
+ print CLIENTCONF "mssfix\n";
+ }
+ }
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "# Auth. Client\n";
+ print CLIENTCONF "tls-client\n";
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "# Verschluesselung\n";
+ print CLIENTCONF "cipher AES-256-CBC\n";
+ if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
+ print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n";
+ $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
+ }
+ print CLIENTCONF "#\n";
+ if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') {
+ print CLIENTCONF "# Kompression einschalten\n";
+ print CLIENTCONF "comp-lzo\r\n";
+ print CLIENTCONF "#\n";
+ }
+ print CLIENTCONF "# Debug Level\n";
+ print CLIENTCONF "verb 3\n";
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "# Tunnel Ueberwachung\n";
+ print CLIENTCONF "keepalive 10 60\n";
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "# Als Daemon starten\n";
+ print CLIENTCONF "daemon $confighash{$cgiparams{'KEY'}}[1]n2n\n";
+ print CLIENTCONF "writepid /var/run/$confighash{$cgiparams{'KEY'}}[1]n2n.pid\n";
+ print CLIENTCONF "#\n";
+ print CLIENTCONF "# Management Interface aktivieren\n";
+ print CLIENTCONF "# management localhost 4711\n";
+ print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n";
+
+
+ close(CLIENTCONF);
+
+ $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
+ my $status = $zip->writeToFileNamed($zippathname);
+
+ open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!";
+ @fileholder = <DLFILE>;
+ print "Content-Type:application/x-download\n";
+ print "Content-Disposition:attachment;filename=$zipname\n\n";
+ print @fileholder;
+ exit (0);
+}
+else
+{
+ my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip";
+ my $zippathname = "$zippath$zipname";
+ $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn";
+
+###
+# m.a.d net2net DL Client Package end
+###
+
open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
flock CLIENTCONF, 2;
print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
}
close(CLIENTCONF);
+
$zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
my $status = $zip->writeToFileNamed($zippathname);
print "Content-Disposition:attachment;filename=$zipname\n\n";
print @fileholder;
exit (0);
-
+ }
+
+
+
###
### Remove connection
###
+
+
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
&General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
# }
#
my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
- unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
+
+###
+# m.a.d net2net Anpassung
+###
+ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
+
+ my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
+ my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+ unlink ($certfile) or die "Removing $certfile fail: $!";
+ unlink ($conffile) or die "Removing $conffile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
+
+}
+###
+# m.a.d net2net Anpassung end
+###
+
+ unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
delete $confighash{$cgiparams{'KEY'}};
my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
} else {
$errormessage = $Lang::tr{'invalid key'};
}
+
+
###
### Download PKCS12 file
###
###
### Enable/Disable connection
###
+
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
&General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
if ($confighash{$cgiparams{'KEY'}}) {
- if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
+ if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
$confighash{$cgiparams{'KEY'}}[0] = 'on';
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
#&writeserverconf();
} else {
$errormessage = $Lang::tr{'invalid key'};
}
+#test33
+
+###
+### Choose between adding a host-net or net-net connection
+###
+
+###
+# m.a.d Anpassung wegen upload n2n Package
+###
+
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') {
+ &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
+ &Header::showhttpheaders();
+ &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+ &Header::openbigbox('100%', 'LEFT', '', '');
+ &Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'});
+ print <<END
+ <b>$Lang::tr{'connection type'}:</b><br />
+ <table><form method='post' ENCTYPE="multipart/form-data">
+ <tr><td><input type='radio' name='TYPE' value='host' checked /></td>
+ <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
+ <tr><td><input type='radio' name='TYPE' value='net' /></td>
+ <td class='base'>$Lang::tr{'net to net vpn'}</td></tr>
+ <tr><td><input type='radio' name='TYPE' value='net2net' /></td>
+ <td class='base'>$Lang::tr{'net to net vpn'} (Upload Client Package)</td></tr>
+ <tr><td> </td><td class='base'><input type='file' name='FH' size='30'></td></tr>
+ <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
+ </form></table>
+END
+ ;
+
+ &Header::closebox();
+ &Header::closebigbox();
+ &Header::closepage();
+ exit (0);
+
+###
+# m.a.d uploading a IPFire n2n Client package
+###
+
+} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2net')){
+
+ my @firen2nconf;
+ my @confdetails;
+ my $uplconffilename ='';
+ my $uplp12name = '';
+ my @rem_subnet;
+ my @rem_subnet2;
+ my @tmposupnet3;
+ my $key;
+
+ &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+
+# Check if a file is uploaded
+
+ if (ref ($cgiparams{'FH'}) ne 'Fh') {
+ $errormessage = $Lang::tr{'there was no file upload'};
+ goto N2N_ERROR;
+ }
+
+# Move uploaded IPfire n2n package to temporary file
+
+ (my $fh, my $filename) = tempfile( );
+ if (copy ($cgiparams{'FH'}, $fh) != 1) {
+ $errormessage = $!;
+ goto N2N_ERROR;
+ }
+
+ my $zip = Archive::Zip->new();
+ my $zipName = $filename;
+ my $status = $zip->read( $zipName );
+ if ($status != AZ_OK) {
+ $errormessage = "Read of $zipName failed\n";
+ goto N2N_ERROR;
+ }
+
+ my $tempdir = tempdir( CLEANUP => 1 );
+ my @files = $zip->memberNames();
+ for(@files) {
+ $zip->extractMemberWithoutPaths($_,"$tempdir/$_");
+ }
+ my $countfiles = @files;
+
+# Check if we have not more then 2 files
+
+ if ( $countfiles == 2){
+ foreach (@files){
+ if ( $_ =~ /.conf$/){
+ $uplconffilename = $_;
+ }
+ if ( $_ =~ /.p12$/){
+ $uplp12name = $_;
+ }
+ }
+ if (($uplconffilename eq '') || ($uplp12name eq '')){
+ $errormessage = "Either no *.conf or no *.p12 file found\n";
+ goto N2N_ERROR;
+ }
+
+ open(FILE, "$tempdir/$uplconffilename") or die 'Unable to open*.conf file';
+ @firen2nconf = <FILE>;
+ close (FILE);
+ chomp(@firen2nconf);
+
+ } else {
+
+ $errormessage = "Filecount does not match only 2 files are allowed\n";
+ goto N2N_ERROR;
+ }
+
+###
+# m.a.d prepare imported ipfire net2net data
+###
+
+ my @n2nname = split(/\./,$uplconffilename);
+ $n2nname[0] =~ s/\n|\r//g;
+
+ if ( !-d "${General::swroot}/ovpn/n2nconf/$n2nname[0]") {
+ mkdir("${General::swroot}/ovpn/n2nconf/$n2nname[0]", 0770); }
+
+ move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename");
+
+ if ($? ne 0) {
+ $errormessage = "*.conf move failed: $!";
+ unlink ($filename);
+ goto N2N_ERROR;
+ }
+
+ move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name");
+ if ($? ne 0) {
+ $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
+ unlink ($filename);
+ goto N2N_ERROR;
+ }
+
+my $complzoactive;
+my $mssfixactive;
+my $n2nfragment;
+my @n2nproto = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
+my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]);
+my @n2ntunmtu = split(/ /, (grep { /^tun-mtu/ } @firen2nconf)[0]);
+my @n2ncomplzo = grep { /^comp-lzo/ } @firen2nconf;
+if ($n2ncomplzo[0] =~ /comp-lzo/){$complzoactive = "on";} else {$complzoactive = "off";}
+my @n2nmssfix = grep { /^mssfix/ } @firen2nconf;
+if ($n2nmssfix[0] =~ /mssfix/){$mssfixactive = "on";} else {$mssfixactive = "off";}
+my @n2nfragment = split(/ /, (grep { /^fragment/ } @firen2nconf)[0]);
+my @n2nremote = split(/ /, (grep { /^remote/ } @firen2nconf)[0]);
+my @n2novpnsuball = split(/ /, (grep { /^ifconfig/ } @firen2nconf)[0]);
+my @n2novpnsub = split(/\./,$n2novpnsuball[1]);
+my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]);
+my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]);
+
+###
+# m.a.d delete CR and LF from arrays for this chomp doesnt work
+###
+
+$n2nremote[1] =~ s/\n|\r//g;
+$n2novpnsub[0] =~ s/\n|\r//g;
+$n2novpnsub[1] =~ s/\n|\r//g;
+$n2novpnsub[2] =~ s/\n|\r//g;
+$n2nproto[1] =~ s/\n|\r//g;
+$n2nport[1] =~ s/\n|\r//g;
+$n2ntunmtu[1] =~ s/\n|\r//g;
+$n2nremsub[1] =~ s/\n|\r//g;
+$n2nlocalsub[2] =~ s/\n|\r//g;
+$n2nfragment[1] =~ s/\n|\r//g;
+chomp ($complzoactive);
+chomp ($mssfixactive);
+
+###
+# m.a.d Write n2n config
+###
+
+###
+# Check if there is no other entry with this name
+###
+
+ foreach my $dkey (keys %confighash) {
+ if ($confighash{$dkey}[1] eq $n2nname[0]) {
+ $errormessage = $Lang::tr{'a connection with this name already exists'};
+ goto N2N_ERROR;
+ }
+ }
+
+###
+# Check if RemSubnet is green orange blue
+###
+
+
+###
+# Check if OpenVPN Subnet is valid
+###
+
+foreach my $dkey (keys %confighash) {
+ if ($confighash{$dkey}[27] eq "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0") {
+ $errormessage = 'The OpenVPN Subnet is already in use';
+ goto N2N_ERROR;
+ }
+ }
+
+###
+# Check im Dest Port is vaild
+###
+
+foreach my $dkey (keys %confighash) {
+ if ($confighash{$dkey}[29] eq $n2nport[1] ) {
+ $errormessage = 'The OpenVPN Port is already in use';
+ goto N2N_ERROR;
+ }
+ }
+
+
+
+ $key = &General::findhasharraykey (\%confighash);
+
+ foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
+ $confighash{$key}[0] = 'off';
+ $confighash{$key}[1] = $n2nname[0];
+ $confighash{$key}[2] = $n2nname[0];
+ $confighash{$key}[3] = 'net';
+ $confighash{$key}[4] = 'cert';
+ $confighash{$key}[6] = 'client';
+ $confighash{$key}[8] = $n2nlocalsub[2];
+ $confighash{$key}[10] = $n2nremote[1];
+ $confighash{$key}[11] = $n2nremsub[1];
+ $confighash{$key}[23] = $mssfixactive;
+ $confighash{$key}[24] = $n2nfragment[1];
+ $confighash{$key}[25] = 'IPFire n2n Client';
+ $confighash{$key}[26] = 'red';
+ $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0";
+ $confighash{$key}[28] = $n2nproto[1];
+ $confighash{$key}[29] = $n2nport[1];
+ $confighash{$key}[30] = $complzoactive;
+ $confighash{$key}[31] = $n2ntunmtu[1];
+
+
+ &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+
+ N2N_ERROR:
+
+ &Header::showhttpheaders();
+ &Header::openpage('Validate imported configuration', 1, '');
+ &Header::openbigbox('100%', 'LEFT', '', $errormessage);
+ if ($errormessage) {
+ &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
+ print "<class name='base'>$errormessage";
+ print " </class>";
+ &Header::closebox();
+
+ } else
+ {
+ &Header::openbox('100%', 'LEFT', 'import ipfire net2net config');
+ }
+ if ($errormessage eq ''){
+ print <<END
+ <!-- ipfire net2net config gui -->
+ <table width='100%'>
+ <tr><td width='25%'> </td><td width='25%'> </td></tr>
+ <tr><td class='boldbase'>$Lang::tr{'name'}:</td><td><b>$n2nname[0]</b></td></tr>
+ <tr><td> </td><td> </td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td><td><b>$confighash{$key}[6]</b></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>Remote Host </td><td><b>$confighash{$key}[10]</b></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td><td><b>$confighash{$key}[8]</b></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td><td><b>$confighash{$key}[11]</b></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td><td><b>$confighash{$key}[27]</b></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td><td><b>$confighash{$key}[28]</b></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'destination port'}:</td><td><b>$confighash{$key}[29]</b></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td><td><b>$confighash{$key}[30]</b></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
+ <tr><td> </td><td> </td></tr>
+ </table>
+END
+;
+ &Header::closebox();
+ }
+
+ if ($errormessage) {
+ print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
+ } else {
+ print "<div align='center'><form method='post' ENCTYPE='multipart/form-data'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' />";
+ print "<input type='hidden' name='TYPE' value='net2netakn' />";
+ print "<input type='hidden' name='KEY' value='$key' />";
+ print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>";
+ }
+ &Header::closebigbox();
+ &Header::closepage();
+ exit(0);
+
+
+##
+### Accept IPFire n2n Package Settings
+###
+
+ } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){
+
+###
+### Discard and Rollback IPFire n2n Package Settings
+###
+
+ } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'cancel'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){
+
+ &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+
+if ($confighash{$cgiparams{'KEY'}}) {
+
+ my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
+ my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+ unlink ($certfile) or die "Removing $certfile fail: $!";
+ unlink ($conffile) or die "Removing $conffile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
+ delete $confighash{$cgiparams{'KEY'}};
+ &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+
+ } else {
+ $errormessage = $Lang::tr{'invalid key'};
+ }
+
+
+###
+# m.a.d end uploading a IPFire n2n Client package
+###
+
+
+###
+### Adding a new connection
+###
} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) ||
($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) ||
($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) {
$errormessage = $Lang::tr{'invalid key'};
goto VPNCONF_END;
}
-
$cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0];
$cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1];
- $cgiparams{'TYPE'} = 'host';
+ $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
$cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
$cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
$cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6];
$cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
- $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10];
- $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
+ $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10];
+ $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
+# n2n m.a.d new fields
+ $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23];
+ $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24];
$cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25];
$cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
#new fields
$cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29];
$cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30];
$cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31];
+
#new fields
#ab hiere error uebernehmen
+
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
goto VPNCONF_ERROR;
}
+###
+# n2n Plausi m.a.d
+###
+
+ if ($cgiparams{'DEST_PORT'} eq $vpnsettings{'DDEST_PORT'}) {
+ $errormessage = 'The Destination Port is used by the OpenVPN Server please change';
+ goto VPNCONF_ERROR;
+ }
+
+ if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) {
+ $errormessage = 'The OpenVPN Subnet is used by the OpenVPN Server please change';
+ goto VPNCONF_ERROR;
+ }
+
+ if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'MSSFIX'} eq 'on')) {
+ $errormessage = 'mssfix only allowed with udp';
+ goto VPNCONF_ERROR;
+ }
+
+ if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'FRAGMENT'} ne '')) {
+ $errormessage = 'fragment only allowed with udp';
+ goto VPNCONF_ERROR;
+ }
+
+
+###
+# n2n Plausi m.a.d
+###
+
+# if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
+# $errormessage = $Lang::tr{'ipfire side is invalid'};
+# goto VPNCONF_ERROR;
+# }
+
# Check if there is no other entry with this name
if (! $cgiparams{'KEY'}) {
foreach my $key (keys %confighash) {
}
}
+ if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) {
+ $errormessage = $Lang::tr{'invalid input for remote host/ip'};
+ goto VPNCONF_ERROR;
+ }
+
if ($cgiparams{'REMOTE'}) {
if (! &General::validip($cgiparams{'REMOTE'})) {
if (! &General::validfqdn ($cgiparams{'REMOTE'})) {
}
}
}
+ if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) {
+ $errormessage = $Lang::tr{'remote subnet is invalid'};
+ goto VPNCONF_ERROR;
+ }
if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
$errormessage = $Lang::tr{'invalid input'};
goto VPNCONF_ERROR;
}
} elsif ($cgiparams{'AUTH'} eq 'certgen') {
-
- $cgiparams{'CERT_NAME'} =~ s/ //g;
-
if ($cgiparams{'KEY'}) {
$errormessage = $Lang::tr{'cant change certificates'};
goto VPNCONF_ERROR;
if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') {
$confighash{$key}[2] = $cgiparams{'CERT_NAME'};
}
- $confighash{$key}[3] = 'host';
+ $confighash{$key}[3] = $cgiparams{'TYPE'};
if ($cgiparams{'AUTH'} eq 'psk') {
$confighash{$key}[4] = 'psk';
$confighash{$key}[5] = $cgiparams{'PSK'};
} else {
$confighash{$key}[4] = 'cert';
}
+ if ($cgiparams{'TYPE'} eq 'net') {
+ $confighash{$key}[6] = $cgiparams{'SIDE'};
+ $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
+ }
$confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
$confighash{$key}[10] = $cgiparams{'REMOTE'};
+ $confighash{$key}[23] = $cgiparams{'MSSFIX'};
+ if ($cgiparams{'FRAGMENT'} eq '') {
+ $confighash{$key}[24] = '1300';
+ } else {
+ $confighash{$key}[24] = $cgiparams{'FRAGMENT'};
+ }
$confighash{$key}[25] = $cgiparams{'REMARK'};
$confighash{$key}[26] = $cgiparams{'INTERFACE'};
# new fields
$selected{'SIDE'}{'server'} = '';
$selected{'SIDE'}{'client'} = '';
$selected{'SIDE'}{$cgiparams{'SIDE'}} = 'SELECTED';
+
+ $selected{'PROTOCOL'}{'udp'} = '';
+ $selected{'PROTOCOL'}{'tcp'} = '';
+ $selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = 'SELECTED';
+
$checked{'AUTH'}{'psk'} = '';
$checked{'AUTH'}{'certreq'} = '';
$checked{'COMPLZO'}{'on'} = '';
$checked{'COMPLZO'}{$cgiparams{'COMPLZO'}} = 'CHECKED';
+ $checked{'MSSFIX'}{'off'} = '';
+ $checked{'MSSFIX'}{'on'} = '';
+ $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
+
if (1) {
&Header::showhttpheaders();
}
print "<form method='post' enctype='multipart/form-data'>";
- print "<input type='hidden' name='TYPE' value='host' />";
+ print "<input type='hidden' name='TYPE' value='$cgiparams{'TYPE'}' />";
if ($cgiparams{'KEY'}) {
print "<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />";
&Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:");
print "<table width='100%'>\n";
print "<tr><td width='25%' class='boldbase'>$Lang::tr{'name'}:</td>";
+ if ($cgiparams{'TYPE'} eq 'host') {
if ($cgiparams{'KEY'}) {
print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>\n";
} else {
# print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>";
# print "</select></td></tr>";
# print <<END
+ } else {
+ print "<input type='hidden' name='INTERFACE' value='red' />";
+ if ($cgiparams{'KEY'}) {
+ print "<td width='25%' class='base' nowrap='nowrap'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
+ } else {
+ print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>";
+ }
+ print <<END
+ <td width='25%'> </td>
+ <td width='25%'> </td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td>
+ <td><select name='SIDE'><option value='server' $selected{'SIDE'}{'server'}>OpenVPN Server</option>
+ <option value='client' $selected{'SIDE'}{'client'}>OpenVPN Client</option></select></td>
+ <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
+ <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
+ <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td>
+ <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td>
+ <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td>
+ <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
+
+ <td><select name='PROTOCOL'><option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
+ <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>
+
+ <td class='boldbase'>$Lang::tr{'destination port'}:</td>
+ <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'} <img src='/blob.gif'</td>
+ <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>
+
+ <tr><td class='boldbase' nowrap='nowrap'>mssfix <img src='/blob.gif' /></td>
+ <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
+
+ <tr><td class='boldbase' nowrap='nowrap'>Fragment <img src='/blob.gif' /></td>
+ <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td>
+ <td>Default: <span class="base">1300</span></td>
+
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'} <img src='/blob.gif' /></td>
+ <td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></TD>
+
+END
+ ;
+ }
+
print "<tr><td class='boldbase'>$Lang::tr{'remark title'} <img src='/blob.gif' /></td>";
print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr>";
-# if ($cgiparams{'TYPE'} eq 'net') {
- print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>\n";
-
+ if ($cgiparams{'TYPE'} eq 'host') {
+
+ print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>\n";
+ }
+
# if ($cgiparams{'KEY'}) {
# print "<td colspan='3'> </td></tr></table>";
# } else {
if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" };
if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" };
&Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'});
- print <<END
+
+
+ if ($cgiparams{'TYPE'} eq 'host') {
+
+print <<END
<table width='100%' cellpadding='0' cellspacing='5' border='0'>
<tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr>
- <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td>
- <td class='base'>$Lang::tr{'upload a certificate request'}</td>
- <td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr>
- <tr><td><input type='radio' name='AUTH' value='certfile' $checked{'AUTH'}{'certfile'} $cacrtdisabled /></td>
- <td class='base'>$Lang::tr{'upload a certificate'}</td></tr>
+ <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td><td class='base'>$Lang::tr{'upload a certificate request'}</td><td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr>
+ <tr><td><input type='radio' name='AUTH' value='certfile' $checked{'AUTH'}{'certfile'} $cacrtdisabled /></td><td class='base'>$Lang::tr{'upload a certificate'}</td></tr>
<tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' BORDER='0' /></td></tr>
- <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td>
- <td class='base'>$Lang::tr{'generate a certificate'}</td><td> </td></tr>
- <tr><td> </td>
- <td class='base'>$Lang::tr{'users fullname or system hostname'}:</td>
- <td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
- <tr><td> </td>
- <td class='base'>$Lang::tr{'users email'}: <img src='/blob.gif' /></td>
- <td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
- <tr><td> </td>
- <td class='base'>$Lang::tr{'users department'}: <img src='/blob.gif' /></td>
- <td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
- <tr><td> </td>
- <td class='base'>$Lang::tr{'organization name'}: <img src='/blob.gif' /></td>
- <td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
- <tr><td> </td>
- <td class='base'>$Lang::tr{'city'}: <img src='/blob.gif'></td>
- <td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
- <tr><td> </td>
- <td class='base'>$Lang::tr{'state or province'}: <img src='/blob.gif' /></td>
- <td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
- <tr><td> </td>
- <td class='base'>$Lang::tr{'country'}:</td>
- <td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
+ <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td> </td></tr>
+ <tr><td> </td><td class='base'>$Lang::tr{'users fullname or system hostname'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
+ <tr><td> </td><td class='base'>$Lang::tr{'users email'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
+ <tr><td> </td><td class='base'>$Lang::tr{'users department'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
+ <tr><td> </td><td class='base'>$Lang::tr{'organization name'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
+ <tr><td> </td><td class='base'>$Lang::tr{'city'}: <img src='/blob.gif'></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
+ <tr><td> </td><td class='base'>$Lang::tr{'state or province'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
+ <tr><td> </td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
END
+;
+
+###
+# m.a.d Disbale upload cert for n2n connections
+###
+
+} else {
+
+print <<END
+ <table width='100%' cellpadding='0' cellspacing='5' border='0'>
+
+ <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td> </td></tr>
+ <tr><td> </td><td class='base'>$Lang::tr{'users fullname or system hostname'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
+ <tr><td> </td><td class='base'>$Lang::tr{'users email'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
+ <tr><td> </td><td class='base'>$Lang::tr{'users department'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
+ <tr><td> </td><td class='base'>$Lang::tr{'organization name'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
+ <tr><td> </td><td class='base'>$Lang::tr{'city'}: <img src='/blob.gif'></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
+ <tr><td> </td><td class='base'>$Lang::tr{'state or province'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
+ <tr><td> </td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
+
+END
+;
+
+}
+
+###
+# m.a.d Disbale upload cert for n2n connections end
+###
- ;
foreach my $country (sort keys %{Countries::countries}) {
print "<option value='$Countries::countries{$country}'";
if ( $Countries::countries{$country} eq $cgiparams{'CERT_COUNTRY'} ) {
}
print ">$country</option>";
}
+###
+# m.a.d Disbale pkcs-password for n2n connections
+###
+
+if ($cgiparams{'TYPE'} eq 'host') {
print <<END
</select></td></tr>
- <tr><td> </td>
-
- <td class='base'>$Lang::tr{'valid till'} (days):</td>
- <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
-
- <tr><td> </td>
+
+ <td class='base'>$Lang::tr{'valid till'} (days):</td>
+ <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
+ <tr><td> </td>
<td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
<td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value='$cgiparams{'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr>
<tr><td> </td><td class='base'>$Lang::tr{'pkcs12 file password'}:<BR>($Lang::tr{'confirmation'})</td>
<td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr>
- </table>
+ </table>
+END
+}else{
+ print <<END
+ </select></td></tr>
+ <tr><td> </td><td> </td><td> </td></tr>
+ <tr><td> </td><td> </td><td> </td></tr>
+ </table>
+
END
+}
+
+###
+# m.a.d Disbale pkcs-password for n2n connections end
+###
;
&Header::closebox();
}
$checked{'ENABLED_ORANGE'}{'off'} = '';
$checked{'ENABLED_ORANGE'}{'on'} = '';
$checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
-
-
-#new settings
$selected{'DDEVICE'}{'tun'} = '';
$selected{'DDEVICE'}{'tap'} = '';
$selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED';
$checked{'DCOMPLZO'}{'off'} = '';
$checked{'DCOMPLZO'}{'on'} = '';
$checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
-
+# m.a.d
+ $checked{'MSSFIX'}{'off'} = '';
+ $checked{'MSSFIX'}{'on'} = '';
+ $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
#new settings
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'status ovpn'}, 1, '');
print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' /></div></form>\n";
}
if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
+
+###
+# m.a.d Client Status Table
+###
+
&Header::openbox('100%', 'LEFT', $Lang::tr{'Client status and controlc' });
print <<END
+
+
<table width='100%' border='0' cellspacing='1' cellpadding='0'>
<tr>
<td width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td>
$cavalid = $1;
print "<td align='center'>$cavalid</td>";
print "<td align='center'>$confighash{$key}[25]</td>";
+
my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
+
if ($confighash{$key}[0] eq 'off') {
$active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
} else {
+
+###
+# m.a.d net2net Status
+###
+
+ if ($confighash{$cgiparams{'KEY'}}[3] eq 'host'){
+
my $cn;
- my @match = ();
+ my @match = ();
foreach my $line (@status) {
+
chomp($line);
if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
@match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
}
$cn =~ s/[_]/ /g;
if ($cn eq "$confighash{$key}[2]") {
- $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>";
+ $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
}
- }
- }
+ }
+ }
+ } else {
+ my @tempovpnsubnet = split("\/",$confighash{$key}[27]);
+ my @ovpnip = split /\./,$tempovpnsubnet[0];
+ my $pingip = "";
+
+ if ($confighash{$key}[6] eq 'server') {
+ $pingip = "$ovpnip[0].$ovpnip[1].$ovpnip[2].2";
+ } else {
+ $pingip = "$ovpnip[0].$ovpnip[1].$ovpnip[2].1";
+ }
+
+ my $p = Net::Ping->new("udp",1);
+
+ if ($p->ping($pingip)) {
+ $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>";
+ }
+ $p->close();
+
+ }
}
+
+###
+# m.a.d net2net Status end
+###
+
+
my $disable_clientdl = "disabled='disabled'";
if (( $cgiparams{'ENABLED'} eq 'on') ||
( $cgiparams{'ENABLED_BLUE'} eq 'on') ||
&Header::closebox();
}
&Header::closepage();
+
+
+
+#include <signal.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
char OVPNRED[STRING_SIZE] = "OVPN";
char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_";
char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_";
-char WRAPPERVERSION[STRING_SIZE] = "2.0.1.6";
+char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.2.0";
+
+struct connection_struct {
+ char name[STRING_SIZE];
+ char type[STRING_SIZE];
+ char proto[STRING_SIZE];
+ int port;
+ struct connection_struct *next;
+};
+
+typedef struct connection_struct connection;
void exithandler(void)
{
void usage(void)
{
#ifdef ovpndebug
- printf("Wrapper for OpenVPN v%s-debug\n", WRAPPERVERSION);
+ printf("Wrapper for OpenVPN %s-debug\n", WRAPPERVERSION);
#else
- printf("Wrapper for OpenVPN v%s\n", WRAPPERVERSION);
+ printf("Wrapper for OpenVPN %s\n", WRAPPERVERSION);
#endif
printf("openvpnctrl <option>\n");
printf(" Valid options are:\n");
printf(" kills/stops OpenVPN\n");
printf(" -r --restart\n");
printf(" restarts OpenVPN (implicitly creates chains and firewall rules)\n");
+ printf(" -sn2n --start-net-2-net\n");
+ printf(" starts all net2net connections\n");
+ printf(" you may pass a connection name to the switch to only start a specific one\n");
+ printf(" -kn2n --kill-net-2-net\n");
+ printf(" kills all net2net connections\n");
+ printf(" you may pass a connection name to the switch to only start a specific one\n");
printf(" -d --display\n");
printf(" displays OpenVPN status to syslog\n");
printf(" -fwr --firewall-rules\n");
exit(1);
}
+connection *getConnections() {
+ FILE *fp = NULL;
+
+ if (!(fp = fopen(CONFIG_ROOT "/ovpn/ovpnconfig", "r"))) {
+ fprintf(stderr, "Could not open openvpn n2n configuration file.\n");
+ exit(1);
+ }
+
+ char line[STRING_SIZE] = "";
+ char *result;
+ int count;
+ connection *conn_first = NULL;
+ connection *conn_last = NULL;
+ connection *conn_curr;
+
+ while ((fgets(line, STRING_SIZE, fp) != NULL)) {
+ if (line[strlen(line) - 1] == '\n')
+ line[strlen(line) - 1] = '\0';
+
+ conn_curr = (connection *)malloc(sizeof(connection));
+ memset(conn_curr, 0, sizeof(connection));
+
+ if (conn_first == NULL) {
+ conn_first = conn_curr;
+ } else {
+ conn_last->next = conn_curr;
+ }
+ conn_last = conn_curr;
+
+ count = 0;
+ result = strtok(line, ",");
+ while (result) {
+ if (count == 2) {
+ strcpy(conn_curr->name, result);
+ } else if (count == 4) {
+ strcpy(conn_curr->type, result);
+ } else if (count == 12) {
+ strcpy(conn_curr->proto, result);
+ } else if (count == 13) {
+ conn_curr->port = atoi(result);
+ }
+
+ result = strtok(NULL, ",");
+ count++;
+ }
+ }
+
+ fclose(fp);
+
+ return conn_first;
+}
+
+int readPidFile(const char *pidfile) {
+ FILE *fp = fopen(pidfile, "r");
+ if (fp == NULL) {
+ fprintf(stderr, "PID file not found: '%s'\n", pidfile);
+ exit(1);
+ }
+
+ int pid = 0;
+ fscanf(fp, "%d", &pid);
+ fclose(fp);
+
+ return pid;
+}
+
void ovpnInit(void) {
// Read OpenVPN configuration
void setChainRules(char *chain, char *interface, char *protocol, char *port)
{
char str[STRING_SIZE];
-
+
sprintf(str, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %s -j ACCEPT", chain, interface, protocol, port);
executeCommand(str);
sprintf(str, "/sbin/iptables -A %sINPUT -i tun+ -j ACCEPT", chain);
}
void createAllChains(void) {
- if (!((strcmp(enablered, "on")==0) || (strcmp(enableblue, "on")==0) || (strcmp(enableorange, "on")==0))){
- fprintf(stderr, "OpenVPN is not enabled on any interface\n");
- exit(1);
- } else {
- // create chain and chain references
- if (!strcmp(enableorange, "on")) {
- if (strlen(orangeif)) {
- createChain(OVPNORANGE);
- createChainReference(OVPNORANGE);
- } else {
- fprintf(stderr, "OpenVPN enabled on orange but no orange interface found\n");
- //exit(1);
- }
+ // create chain and chain references
+ if (!strcmp(enableorange, "on")) {
+ if (strlen(orangeif)) {
+ createChain(OVPNORANGE);
+ createChainReference(OVPNORANGE);
+ } else {
+ fprintf(stderr, "OpenVPN enabled on orange but no orange interface found\n");
+ //exit(1);
}
-
- if (!strcmp(enableblue, "on")) {
- if (strlen(blueif)) {
- createChain(OVPNBLUE);
- createChainReference(OVPNBLUE);
- } else {
- fprintf(stderr, "OpenVPN enabled on blue but no blue interface found\n");
- //exit(1);
- }
+ }
+
+ if (!strcmp(enableblue, "on")) {
+ if (strlen(blueif)) {
+ createChain(OVPNBLUE);
+ createChainReference(OVPNBLUE);
+ } else {
+ fprintf(stderr, "OpenVPN enabled on blue but no blue interface found\n");
+ //exit(1);
}
-
- if (!strcmp(enablered, "on")) {
- if (strlen(redif)) {
- createChain(OVPNRED);
- createChainReference(OVPNRED);
- } else {
- fprintf(stderr, "OpenVPN enabled on red but no red interface found\n");
- //exit(1);
- }
+ }
+
+ if (!strcmp(enablered, "on")) {
+ if (strlen(redif)) {
+ createChain(OVPNRED);
+ createChainReference(OVPNRED);
+ } else {
+ fprintf(stderr, "OpenVPN enabled on red but no red interface found\n");
+ //exit(1);
}
}
}
char dport[STRING_SIZE] = "";
char dovpnip[STRING_SIZE] = "";
- /* check if it makes sence to proceed further */
- if (!((strcmp(enablered, "on")==0) || (strcmp(enableblue, "on")==0) || (strcmp(enableorange, "on")==0))){
- fprintf(stderr, "Config error, at least one device must be enabled\n");
- exit(1);
- }
-
kv = initkeyvalues();
if (!readkeyvalues(kv, CONFIG_ROOT "/ovpn/settings"))
{
}
freekeyvalues(kv);
+ // Flush all chains.
+ flushChain(OVPNRED);
+ flushChain(OVPNBLUE);
+ flushChain(OVPNORANGE);
+
// set firewall rules
if (!strcmp(enablered, "on") && strlen(redif))
setChainRules(OVPNRED, redif, protocol, dport);
setChainRules(OVPNBLUE, blueif, protocol, dport);
if (!strcmp(enableorange, "on") && strlen(orangeif))
setChainRules(OVPNORANGE, orangeif, protocol, dport);
+
+ // read connection configuration
+ connection *conn = getConnections();
+
+ // set firewall rules for n2n connections
+ char command[STRING_SIZE];
+ while (conn != NULL) {
+ if (strcmp(conn->type, "net") == 0) {
+ sprintf(command, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %d -j ACCEPT",
+ OVPNRED, redif, conn->proto, conn->port);
+ executeCommand(command);
+ }
+
+ conn = conn->next;
+ }
}
void stopDaemon(void) {
char command[STRING_SIZE];
- snprintf(command, STRING_SIZE - 1, "/bin/killall openvpn");
- executeCommand(command);
+ int pid = readPidFile("/var/run/openvpn.pid");
+ if (!pid > 0) {
+ exit(1);
+ }
+
+ fprintf(stderr, "Killing PID %d.\n", pid);
+ kill(pid, SIGTERM);
+
snprintf(command, STRING_SIZE - 1, "/bin/rm -f /var/run/openvpn.pid");
executeCommand(command);
- snprintf(command, STRING_SIZE-1, "/sbin/modprobe -r tun");
- executeCommand(command);
}
void startDaemon(void) {
}
}
+void startNet2Net(char *name) {
+ connection *conn = NULL;
+ connection *conn_iter;
+
+ conn_iter = getConnections();
+
+ while (conn_iter) {
+ if ((strcmp(conn_iter->type, "net") == 0) && (strcmp(conn_iter->name, name) == 0)) {
+ conn = conn_iter;
+ break;
+ }
+ conn_iter = conn_iter->next;
+ }
+
+ if (conn == NULL) {
+ fprintf(stderr, "Connection not found.\n");
+ exit(1);
+ }
+
+ char configfile[STRING_SIZE];
+ snprintf(configfile, STRING_SIZE - 1, CONFIG_ROOT "/ovpn/n2nconf/%s/%s.conf",
+ conn->name, conn->name);
+
+ FILE *fp = fopen(configfile, "r");
+ if (fp == NULL) {
+ fprintf(stderr, "Could not find configuration file for connection '%s' at '%s'.\n",
+ conn->name, configfile);
+ exit(2);
+ }
+ fclose(fp);
+
+ // Make sure all firewall rules are up to date.
+ setFirewallRules();
+
+ char command[STRING_SIZE];
+ snprintf(command, STRING_SIZE-1, "/sbin/modprobe tun");
+ executeCommand(command);
+ snprintf(command, STRING_SIZE-1, "/usr/sbin/openvpn --config %s", configfile);
+ executeCommand(command);
+}
+
+void killNet2Net(char *name) {
+ connection *conn = NULL;
+ connection *conn_iter;
+
+ conn_iter = getConnections();
+
+ while (conn_iter) {
+ if (strcmp(conn_iter->name, name) == 0) {
+ conn = conn_iter;
+ break;
+ }
+ conn_iter = conn_iter->next;
+ }
+
+ if (conn == NULL) {
+ fprintf(stderr, "Connection not found.\n");
+ exit(1);
+ }
+
+ char pidfile[STRING_SIZE];
+ snprintf(pidfile, STRING_SIZE - 1, "/var/run/%sn2n.pid", conn->name);
+
+ int pid = readPidFile(pidfile);
+ if (!pid > 0) {
+ exit(1);
+ }
+
+ fprintf(stderr, "Killing PID %d.\n", pid);
+ kill(pid, SIGTERM);
+
+ char command[STRING_SIZE];
+ snprintf(command, STRING_SIZE - 1, "/bin/rm -f %s", pidfile);
+ executeCommand(command);
+
+ exit(0);
+}
+
+void startAllNet2Net() {
+ connection *conn = getConnections();
+
+ while(conn) {
+ startNet2Net(conn->name);
+ conn = conn->next;
+ }
+
+ exit(0);
+}
+
+void killAllNet2Net() {
+ connection *conn = getConnections();
+
+ while(conn) {
+ killNet2Net(conn->name);
+ conn = conn->next;
+ }
+
+ exit(0);
+}
+
void displayopenvpn(void) {
char command[STRING_SIZE];
exit(1);
if(argc < 2)
usage();
-
- if(argc == 2) {
+
+ if(argc == 3) {
+ ovpnInit();
+
+ if( (strcmp(argv[1], "-sn2n") == 0) || (strcmp(argv[1], "--start-net-2-net") == 0) ) {
+ startNet2Net(argv[2]);
+ return 0;
+ }
+ else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) {
+ killNet2Net(argv[2]);
+ return 0;
+ } else {
+ usage();
+ return 1;
+ }
+ }
+ else if(argc == 2) {
if( (strcmp(argv[1], "-k") == 0) || (strcmp(argv[1], "--kill") == 0) ) {
stopDaemon();
return 0;
startDaemon();
return 0;
}
+ else if( (strcmp(argv[1], "-sn2n") == 0) || (strcmp(argv[1], "--start-net-2-net") == 0) ) {
+ startAllNet2Net();
+ return 0;
+ }
+ else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) {
+ killAllNet2Net();
+ return 0;
+ }
else if( (strcmp(argv[1], "-sdo") == 0) || (strcmp(argv[1], "--start-daemon-only") == 0) ) {
startDaemon();
return 0;