ovpnmain.cgi: Implement a better way to set defaults

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

general-function.pl: Add a function to easily set defaults

This function can be used to set values in a hash if they have not been
set, yet.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Load the main settings just once

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Use the same hash for the configuration like everywhere else

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Restart instead of reload

The option to reload the server does not seem to work well. The running
is process is performing a number of checks that make very little sense
and PID files get written by the user that launches the process (i.e.
root) instead of the user that the process is running as later on (i.e.
nobody). Since there is no chance to keep any existing connections alive
this way, we may just as well restart the service for now.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

openvpn-rw: Use a sensible name for the PID file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Give the status log a more sensible name

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Explicitly notify clients that the server is going down

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

i18n: Update note on the file format of the OpenVPN client configuration

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Refactor top table of adding/creating connections

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Remove yet another "if (1)" statement

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Refactor connection statistics page

No functional changes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Remove ns-cert-type server

This option has been removed in OpenVPN 2.5. We do not support anything
prior to that.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Remove unnecessary client configuration options

We should send the most minimal configuration so that we do not
overwrite any sensible defaults.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Fix spacing in client configuration file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Use LF only without CR for config files

Fixes: #13355
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Remove the ZIP container around configuration files

Since we can now include everything in one file, there is no need to put
it in a ZIP container.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Remove the "insecure" client package

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Include the PKCS12 certificate on config export

Before, OpenVPN did not support PKCS12 files in an embedded format. We
extracted the key and the certificate in PEM format instead.

This is no longer necessary and therefore we can simply include the
file.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Reindent generating the client configuration

There are no functional changes.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

header.pl: Allow passing more HTTP headers to showhttpheaders()

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Refactor CCD pool configuration

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Remove code to restart a connection

This could not be triggered.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Refactor the connection listing

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Unify the error message box

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Enable legacy provider for auths, too

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Load the OpenSSL legacy provider if required

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Move "ROUTE_PUSH" settings into the main settings file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Fix checking custom routes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Reload the server after changing advanced settings

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Remove more unused variables

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Refactor the entire advanced settings page

There are no functional changes.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

CSS: Don't make headings so skinny

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Remove "additional configs"

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Remove client-to-client

This is a potential security issue. See #13636.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Hard-code keepalive packets

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Hard-code "verb 3"

There is no reason why users will need to change this.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Improve wording for RW settings

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

initscripts: Manually load the tun module for OpenVPN

The server cannot load the module itself.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Remove manual start/stop actions

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Redesign the roadwarrior section

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

CSS: Make text/number inputs 100% wide, too

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Only allow removing X.509 when the server is not enabled

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Remove left-over code

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Move destination port to advanced settings

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Move MTU setting to advanced settings

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Move protocol setting to advanced settings

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Remove the old status indicator

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

web: Refactor graphs

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

services.cgi: Remove unused variables

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

services.cgi: Use a section for the main services

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

vulnerabilities.cgi: Use section

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

web: Introduce sections

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

vulnerabilities.cgi: Use CSS to colour the table

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

vulnerabilities.cgi: Remove manual alternation of colours

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

header.pl: Simplify boxes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

header.pl: Remove unused openpagewithoutmenu function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ids.cgi: Use new services function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

web: Explain memory consumption

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

samba.cgi: Use new service function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

tor.cgi: Use new service function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

CSS: Automatically stripe all tables

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

services.cgi: Use the new service status function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

web: Create a function to show the service status

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Use global ethernet settings

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Remove RECONNECTION=dialondemand

We don't support this at all and so we don't need to check any more.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

network-functions.pl: Read PPP settings globally

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

web: Read ethernet settings file only once in headers

The web UI is rather slow and one of the reasons for that is that we are
reading the same files over and over again...

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

general-functions.pl: Don't use line buffering

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

web-user-interface: Move theme functions back into header.pl

Since we no longer support other themes, the web UI should load quicker
if not importing too many other files.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

header.pl: Remove unused function "is_modem"

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

header.pl: Fix whitespace errors

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

general-functions.pl: Remove unused NextIP* functions

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

general-functions.pl: Remove unused srtarray function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

general-functions.pl: Remove getlastip/getnextip

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

general-functions.pl: Drop unused getccdbc function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

general-functions.pl: Drop unused "writehashpart" function

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

general-functions.pl: Fix various whitespace issues

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

OpenVPN: Rename "Global Settings" to "Roadwarrior Settings"

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

make.sh: Update language files

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

initscripts: Silence error messages when testing if a process is running

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

openvpnctrl: Rewrite the entire thing

This binary because a major headache as it has been changed so many
times by so many people neglegting the code quality. Therefore, the
logic has now been moved into initscripts and the binary changed so that
it only serves as a SUID wrapper to call the initscripts.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

initscripts: Call the initscript to create firewall rules

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

initscripts: No longer restart OpenVPN when RED comes up/goes down

This is probably a relic from when dial-up connections where on trend
and systems were offline for long times of the day. Now, we should
always be on and there is no need to restart all those services on a
reconnect.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

openvpn-n2n: Implement deleting RRD databases

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

openvpn: Add an initscript for N2N connections

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

initscripts: Don't overwrite the PID file

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

initscripts: Add some basic functions for IP address maths

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

initscripts: Fix reading PIDs

An incorrect variable has been used.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

initscripts: Handle command arguments as array

For some reason, the function is refusing to launch a command that has
extra arguments.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

network: Don't include initscript headers twice

Everywhere we import the functions, we have already imported the
standard includes.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

openvpnctrl: Remove the stuff we no longer need

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

initscripts: Start the OpenVPN Authenticator, too

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

initscripts: Add an initscript for OpenVPN RW

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

firewall: Split OpenVPN INPUT chains for RW & N2N

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Remove option to enable on ORANGE/BLUE

There is no point in not making this service available to any local
networks when it always has to be reachable from the Internet.

This still has to be reflected in the initscripts

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Migrate to subnet topology

For dynamic pools, this change is easy and does not require any extra
steps. For CCD clients however, we need to update the configuration to
replace the server IP address with the subnet mask.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Create functions to read CCD client/server routes

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Remove comment that a restart is required

This is incorrect as we can change CCD data without restarting the
server.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

ovpnmain.cgi: Refactor writing CCD files

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>