]> git.ipfire.org Git - ipfire-2.x.git/blame - html/cgi-bin/ovpnmain.cgi
OpenVPN: Drop Path MTU discovery settings
[ipfire-2.x.git] / html / cgi-bin / ovpnmain.cgi
CommitLineData
6e13d0a5 1#!/usr/bin/perl
70df8302
MT
2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
49abe7af 5# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
70df8302
MT
6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
54fd0535 21###
f527e53f 22# Based on IPFireCore 77
54fd0535 23###
6e13d0a5
MT
24use CGI;
25use CGI qw/:standard/;
26use Net::DNS;
ce9abb66 27use Net::Ping;
54fd0535 28use Net::Telnet;
6e13d0a5
MT
29use File::Copy;
30use File::Temp qw/ tempfile tempdir /;
31use strict;
32use Archive::Zip qw(:ERROR_CODES :CONSTANTS);
eff2dbf8 33use Sort::Naturally;
6e13d0a5 34require '/var/ipfire/general-functions.pl';
6e13d0a5
MT
35require "${General::swroot}/lang.pl";
36require "${General::swroot}/header.pl";
37require "${General::swroot}/countries.pl";
38
39# enable only the following on debugging purpose
8c877a82
AM
40#use warnings;
41#use CGI::Carp 'fatalsToBrowser';
6e13d0a5 42#workaround to suppress a warning when a variable is used only once
8c877a82 43my @dummy = ( ${Header::colourgreen}, ${Header::colourblue} );
6e13d0a5
MT
44undef (@dummy);
45
f2fdd0c1
CS
46my %color = ();
47my %mainsettings = ();
48&General::readhash("${General::swroot}/main/settings", \%mainsettings);
49&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
6e13d0a5
MT
50
51###
52### Initialize variables
53###
e81be1e1
AM
54my %ccdconfhash=();
55my %ccdroutehash=();
56my %ccdroute2hash=();
6e13d0a5
MT
57my %netsettings=();
58my %cgiparams=();
59my %vpnsettings=();
60my %checked=();
61my %confighash=();
62my %cahash=();
63my %selected=();
64my $warnmessage = '';
65my $errormessage = '';
66my %settings=();
54fd0535 67my $routes_push_file = '';
df9b48b7
AM
68my $confighost="${General::swroot}/fwhosts/customhosts";
69my $configgrp="${General::swroot}/fwhosts/customgroups";
70my $customnet="${General::swroot}/fwhosts/customnetworks";
71my $name;
99bfa85c 72my $col="";
ffbe77c8
EK
73my $local_serverconf = "${General::swroot}/ovpn/scripts/server.conf.local";
74my $local_clientconf = "${General::swroot}/ovpn/scripts/client.conf.local";
75
6e13d0a5
MT
76&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
77$cgiparams{'ENABLED'} = 'off';
78$cgiparams{'ENABLED_BLUE'} = 'off';
79$cgiparams{'ENABLED_ORANGE'} = 'off';
80$cgiparams{'EDIT_ADVANCED'} = 'off';
81$cgiparams{'NAT'} = 'off';
82$cgiparams{'COMPRESSION'} = 'off';
83$cgiparams{'ONLY_PROPOSED'} = 'off';
84$cgiparams{'ACTION'} = '';
85$cgiparams{'CA_NAME'} = '';
4c962356
EK
86$cgiparams{'DH_NAME'} = 'dh1024.pem';
87$cgiparams{'DHLENGHT'} = '';
6e13d0a5
MT
88$cgiparams{'DHCP_DOMAIN'} = '';
89$cgiparams{'DHCP_DNS'} = '';
90$cgiparams{'DHCP_WINS'} = '';
54fd0535 91$cgiparams{'ROUTES_PUSH'} = '';
6e13d0a5 92$cgiparams{'DCOMPLZO'} = 'off';
a79fa1d6 93$cgiparams{'MSSFIX'} = '';
8c877a82 94$cgiparams{'number'} = '';
4c962356 95$cgiparams{'DCIPHER'} = '';
49abe7af
EK
96$cgiparams{'DAUTH'} = '';
97$cgiparams{'TLSAUTH'} = '';
54fd0535 98$routes_push_file = "${General::swroot}/ovpn/routes_push";
ffbe77c8
EK
99
100# Add CCD files if not already presant
101unless (-e $routes_push_file) {
102 open(RPF, ">$routes_push_file");
103 close(RPF);
104}
105unless (-e "${General::swroot}/ovpn/ccd.conf") {
106 open(CCDC, ">${General::swroot}/ovpn/ccd.conf");
107 close (CCDC);
108}
109unless (-e "${General::swroot}/ovpn/ccdroute") {
110 open(CCDR, ">${General::swroot}/ovpn/ccdroute");
111 close (CCDR);
112}
113unless (-e "${General::swroot}/ovpn/ccdroute2") {
114 open(CCDRT, ">${General::swroot}/ovpn/ccdroute2");
115 close (CCDRT);
116}
117# Add additional configs if not already presant
118unless (-e "$local_serverconf") {
119 open(LSC, ">$local_serverconf");
120 close (LSC);
121}
122unless (-e "$local_clientconf") {
123 open(LCC, ">$local_clientconf");
124 close (LCC);
125}
ce9abb66 126
6e13d0a5
MT
127&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
128
129# prepare openvpn config file
130###
131### Useful functions
132###
c6c9630e
MT
133sub haveOrangeNet
134{
13211b21
CS
135 if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;}
136 if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
c6c9630e
MT
137 return 0;
138}
139
140sub haveBlueNet
141{
13211b21 142 if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;}
c6c9630e 143 if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
c6c9630e
MT
144 return 0;
145}
146
147sub sizeformat{
148 my $bytesize = shift;
149 my $i = 0;
150
151 while(abs($bytesize) >= 1024){
152 $bytesize=$bytesize/1024;
153 $i++;
154 last if($i==6);
155 }
156
157 my @units = ("Bytes","KB","MB","GB","TB","PB","EB");
158 my $newsize=(int($bytesize*100 +0.5))/100;
159 return("$newsize $units[$i]");
160}
161
c6c9630e
MT
162sub cleanssldatabase
163{
164 if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
165 print FILE "01";
166 close FILE;
167 }
168 if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt")) {
169 print FILE "";
170 close FILE;
171 }
172 unlink ("${General::swroot}/ovpn/certs/index.txt.old");
173 unlink ("${General::swroot}/ovpn/certs/serial.old");
174 unlink ("${General::swroot}/ovpn/certs/01.pem");
175}
176
177sub newcleanssldatabase
178{
179 if (! -s "${General::swroot}/ovpn/certs/serial" ) {
180 open(FILE, ">${General::swroot}(ovpn/certs/serial");
181 print FILE "01";
182 close FILE;
183 }
184 if (! -s ">${General::swroot}/ovpn/certs/index.txt") {
185 system ("touch ${General::swroot}/ovpn/certs/index.txt");
186 }
187 unlink ("${General::swroot}/ovpn/certs/index.txt.old");
188 unlink ("${General::swroot}/ovpn/certs/serial.old");
189}
190
191sub deletebackupcert
192{
193 if (open(FILE, "${General::swroot}/ovpn/certs/serial.old")) {
194 my $hexvalue = <FILE>;
195 chomp $hexvalue;
196 close FILE;
197 unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem");
198 }
199}
4c962356 200
c6c9630e 201sub writeserverconf {
54fd0535
MT
202 my %sovpnsettings = ();
203 my @temp = ();
c6c9630e 204 &General::readhash("${General::swroot}/ovpn/settings", \%sovpnsettings);
54fd0535
MT
205 &read_routepushfile;
206
c6c9630e
MT
207 open(CONF, ">${General::swroot}/ovpn/server.conf") or die "Unable to open ${General::swroot}/ovpn/server.conf: $!";
208 flock CONF, 2;
209 print CONF "#OpenVPN Server conf\n";
210 print CONF "\n";
211 print CONF "daemon openvpnserver\n";
212 print CONF "writepid /var/run/openvpn.pid\n";
afabe9f7 213 print CONF "#DAN prepare OpenVPN for listening on blue and orange\n";
c6c9630e 214 print CONF ";local $sovpnsettings{'VPN_IP'}\n";
79e7688b 215 print CONF "dev tun\n";
c6c9630e
MT
216 print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
217 print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
a4fd2325 218 print CONF "script-security 3\n";
07675dc3 219 print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n";
6140e7e0 220 print CONF "client-config-dir /var/ipfire/ovpn/ccd\n";
c6c9630e 221 print CONF "tls-server\n";
4c962356
EK
222 print CONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
223 print CONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
224 print CONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
49abe7af 225 print CONF "dh ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}\n";
c6c9630e
MT
226 my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'});
227 print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n";
8c877a82 228 #print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
4c962356 229
2ee746be
SS
230 # Check if we are using mssfix, fragment or mtu-disc and set the corretct mtu of 1500.
231 # If we doesn't use one of them, we can use the configured mtu value.
232 if ($sovpnsettings{'MSSFIX'} eq 'on')
79e7688b 233 { print CONF "tun-mtu 1500\n"; }
2ee746be 234 elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp')
79e7688b 235 { print CONF "tun-mtu 1500\n"; }
2ee746be 236 else
79e7688b 237 { print CONF "tun-mtu $sovpnsettings{'DMTU'}\n"; }
2ee746be 238
54fd0535 239 if ($vpnsettings{'ROUTES_PUSH'} ne '') {
8c877a82
AM
240 @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'});
241 foreach (@temp)
242 {
243 @tempovpnsubnet = split("\/",&General::ipcidr2msk($_));
244 print CONF "push \"route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . "\"\n";
245 }
54fd0535 246 }
8c877a82
AM
247# a.marx ccd
248 my %ccdconfhash=();
249 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
250 foreach my $key (keys %ccdconfhash) {
251 my $a=$ccdconfhash{$key}[1];
252 my ($b,$c) = split (/\//, $a);
253 print CONF "route $b ".&General::cidrtosub($c)."\n";
254 }
255 my %ccdroutehash=();
256 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
257 foreach my $key (keys %ccdroutehash) {
258 foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
259 my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]);
260 print CONF "route $a $b\n";
261 }
262 }
263# ccd end
54fd0535 264
8c877a82 265 if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
c6c9630e
MT
266 print CONF "client-to-client\n";
267 }
1de5c945 268 if ($sovpnsettings{MSSFIX} eq 'on') {
4c962356 269 print CONF "mssfix\n";
1de5c945
EK
270 }
271 if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') {
4c962356 272 print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
a79fa1d6 273 }
2ee746be 274
c6c9630e
MT
275 if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {
276 print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
277 }
278 print CONF "status-version 1\n";
87fe47e9 279 print CONF "status /var/run/ovpnserver.log 30\n";
a4fd2325 280 print CONF "ncp-disable\n";
c6c9630e 281 print CONF "cipher $sovpnsettings{DCIPHER}\n";
49abe7af
EK
282 if ($sovpnsettings{'DAUTH'} eq '') {
283 print CONF "";
284 } else {
285 print CONF "auth $sovpnsettings{'DAUTH'}\n";
286 }
287 if ($sovpnsettings{'TLSAUTH'} eq 'on') {
4be45949 288 print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n";
49abe7af 289 }
c6c9630e
MT
290 if ($sovpnsettings{DCOMPLZO} eq 'on') {
291 print CONF "comp-lzo\n";
292 }
293 if ($sovpnsettings{REDIRECT_GW_DEF1} eq 'on') {
294 print CONF "push \"redirect-gateway def1\"\n";
295 }
296 if ($sovpnsettings{DHCP_DOMAIN} ne '') {
297 print CONF "push \"dhcp-option DOMAIN $sovpnsettings{DHCP_DOMAIN}\"\n";
298 }
299
300 if ($sovpnsettings{DHCP_DNS} ne '') {
301 print CONF "push \"dhcp-option DNS $sovpnsettings{DHCP_DNS}\"\n";
302 }
303
304 if ($sovpnsettings{DHCP_WINS} ne '') {
305 print CONF "push \"dhcp-option WINS $sovpnsettings{DHCP_WINS}\"\n";
306 }
307
308 if ($sovpnsettings{DHCP_WINS} eq '') {
309 print CONF "max-clients 100\n";
a79fa1d6 310 }
c6c9630e
MT
311 if ($sovpnsettings{DHCP_WINS} ne '') {
312 print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n";
313 }
1d0a260a 314 print CONF "tls-verify /usr/lib/openvpn/verify\n";
c6c9630e
MT
315 print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n";
316 print CONF "user nobody\n";
317 print CONF "group nobody\n";
318 print CONF "persist-key\n";
319 print CONF "persist-tun\n";
320 if ($sovpnsettings{LOG_VERB} ne '') {
321 print CONF "verb $sovpnsettings{LOG_VERB}\n";
322 } else {
323 print CONF "verb 3\n";
ffbe77c8
EK
324 }
325 # Print server.conf.local if entries exist to server.conf
326 if ( !-z $local_serverconf && $sovpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') {
327 open (LSC, "$local_serverconf");
328 print CONF "\n#---------------------------\n";
329 print CONF "# Start of custom directives\n";
330 print CONF "# from server.conf.local\n";
331 print CONF "#---------------------------\n\n";
332 while (<LSC>) {
333 print CONF $_;
334 }
335 print CONF "\n#-----------------------------\n";
336 print CONF "# End of custom directives\n";
337 print CONF "#-----------------------------\n";
338 close (LSC);
339 }
c6c9630e
MT
340 print CONF "\n";
341
342 close(CONF);
343}
8c877a82 344
c6c9630e 345sub emptyserverlog{
87fe47e9 346 if (open(FILE, ">/var/run/ovpnserver.log")) {
c6c9630e
MT
347 flock FILE, 2;
348 print FILE "";
349 close FILE;
350 }
351
352}
353
8c877a82
AM
354sub delccdnet
355{
356 my %ccdconfhash = ();
357 my %ccdhash = ();
358 my $ccdnetname=$_[0];
359 if (-f "${General::swroot}/ovpn/ovpnconfig"){
360 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
361 foreach my $key (keys %ccdhash) {
362 if ($ccdhash{$key}[32] eq $ccdnetname) {
363 $errormessage=$Lang::tr{'ccd err hostinnet'};
364 return;
365 }
366 }
367 }
368 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
369 foreach my $key (keys %ccdconfhash) {
370 if ($ccdconfhash{$key}[0] eq $ccdnetname){
371 delete $ccdconfhash{$key};
372 }
373 }
374 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
375
376 &writeserverconf;
377 return 0;
378}
379
380sub addccdnet
381{
382 my %ccdconfhash=();
383 my @ccdconf=();
384 my $ccdname=$_[0];
385 my $ccdnet=$_[1];
8c877a82
AM
386 my $subcidr;
387 my @ip2=();
388 my $checkup;
389 my $ccdip;
390 my $baseaddress;
290007b3
AM
391
392
393 #check name
394 if ($ccdname eq '')
395 {
396 $errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>";
397 return
398 }
399
400 if(!&General::validhostname($ccdname))
401 {
8c877a82
AM
402 $errormessage=$Lang::tr{'ccd err invalidname'};
403 return;
404 }
290007b3
AM
405
406 ($ccdip,$subcidr) = split (/\//,$ccdnet);
407 $subcidr=&General::iporsubtocidr($subcidr);
408 #check subnet
409 if ($subcidr > 30)
410 {
8c877a82
AM
411 $errormessage=$Lang::tr{'ccd err invalidnet'};
412 return;
413 }
290007b3
AM
414 #check ip
415 if (!&General::validipandmask($ccdnet)){
416 $errormessage=$Lang::tr{'ccd err invalidnet'};
417 return;
8c877a82 418 }
290007b3 419
e2429e8d 420 $errormessage=&General::checksubnets($ccdname,$ccdnet);
290007b3 421
8c877a82
AM
422
423 if (!$errormessage) {
424 my %ccdconfhash=();
425 $baseaddress=&General::getnetworkip($ccdip,$subcidr);
426 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
427 my $key = &General::findhasharraykey (\%ccdconfhash);
428 foreach my $i (0 .. 1) { $ccdconfhash{$key}[$i] = "";}
429 $ccdconfhash{$key}[0] = $ccdname;
430 $ccdconfhash{$key}[1] = $baseaddress."/".$subcidr;
431 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
432 &writeserverconf;
433 $cgiparams{'ccdname'}='';
434 $cgiparams{'ccdsubnet'}='';
435 return 1;
436 }
437}
438
439sub modccdnet
440{
441
442 my $newname=$_[0];
443 my $oldname=$_[1];
444 my %ccdconfhash=();
445 my %ccdhash=();
446 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
447 foreach my $key (keys %ccdconfhash) {
448 if ($ccdconfhash{$key}[0] eq $oldname) {
449 foreach my $key1 (keys %ccdconfhash) {
450 if ($ccdconfhash{$key1}[0] eq $newname){
451 $errormessage=$errormessage.$Lang::tr{'ccd err netadrexist'};
452 return;
453 }else{
454 $ccdconfhash{$key}[0]= $newname;
455 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
456 last;
457 }
458 }
459 }
460 }
461
462 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
463 foreach my $key (keys %ccdhash) {
464 if ($ccdhash{$key}[32] eq $oldname) {
465 $ccdhash{$key}[32]=$newname;
466 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
467 last;
468 }
469 }
470
471 return 0;
472}
473sub ccdmaxclients
474{
475 my $ccdnetwork=$_[0];
476 my @octets=();
477 my @subnet=();
478 @octets=split("\/",$ccdnetwork);
479 @subnet= split /\./, &General::cidrtosub($octets[1]);
480 my ($a,$b,$c,$d,$e);
481 $a=256-$subnet[0];
482 $b=256-$subnet[1];
483 $c=256-$subnet[2];
484 $d=256-$subnet[3];
485 $e=($a*$b*$c*$d)/4;
486 return $e-1;
487}
488
489sub getccdadresses
490{
491 my $ipin=$_[0];
492 my ($ip1,$ip2,$ip3,$ip4)=split /\./, $ipin;
493 my $cidr=$_[1];
494 chomp($cidr);
495 my $count=$_[2];
496 my $hasip=$_[3];
497 chomp($hasip);
498 my @iprange=();
499 my %ccdhash=();
500 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
d9fe5693 501 $iprange[0]=$ip1.".".$ip2.".".$ip3.".".($ip4+2);
ac87f371 502 for (my $i=1;$i<=$count;$i++) {
8c877a82
AM
503 my $tmpip=$iprange[$i-1];
504 my $stepper=$i*4;
505 $iprange[$i]= &General::getnextip($tmpip,4);
506 }
507 my $r=0;
508 foreach my $key (keys %ccdhash) {
509 $r=0;
510 foreach my $tmp (@iprange){
511 my ($net,$sub) = split (/\//,$ccdhash{$key}[33]);
512 if ($net eq $tmp) {
513 if ( $hasip ne $ccdhash{$key}[33] ){
514 splice (@iprange,$r,1);
515 }
516 }
517 $r++;
518 }
519 }
520 return @iprange;
521}
522
523sub fillselectbox
524{
525 my $boxname=$_[1];
526 my ($ccdip,$subcidr) = split("/",$_[0]);
527 my $tz=$_[2];
528 my @allccdips=&getccdadresses($ccdip,$subcidr,&ccdmaxclients($ccdip."/".$subcidr),$tz);
529 print"<select name='$boxname' STYLE='font-family : arial; font-size : 9pt; width:130px;' >";
530 foreach (@allccdips) {
531 my $ip=$_."/30";
532 chomp($ip);
533 print "<option value='$ip' ";
534 if ( $ip eq $cgiparams{$boxname} ){
535 print"selected";
536 }
537 print ">$ip</option>";
538 }
539 print "</select>";
540}
541
542sub hostsinnet
543{
544 my $name=$_[0];
545 my %ccdhash=();
546 my $i=0;
547 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
548 foreach my $key (keys %ccdhash) {
549 if ($ccdhash{$key}[32] eq $name){ $i++;}
550 }
551 return $i;
552}
553
554sub check_routes_push
555{
556 my $val=$_[0];
557 my ($ip,$cidr) = split (/\//, $val);
558 ##check for existing routes in routes_push
559 if (-e "${General::swroot}/ovpn/routes_push") {
560 open(FILE,"${General::swroot}/ovpn/routes_push");
561 while (<FILE>) {
562 $_=~s/\s*$//g;
563
564 my ($ip2,$cidr2) = split (/\//,"$_");
565 my $val2=$ip2."/".&General::iporsubtodec($cidr2);
566
567 if($val eq $val2){
568 return 0;
569 }
570 #subnetcheck
571 if (&General::IpInSubnet ($ip,$ip2,&General::iporsubtodec($cidr2))){
572 return 0;
573 }
574 };
575 close(FILE);
576 }
577 return 1;
578}
579
580sub check_ccdroute
581{
582 my %ccdroutehash=();
583 my $val=$_[0];
584 my ($ip,$cidr) = split (/\//, $val);
585 #check for existing routes in ccdroute
586 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
587 foreach my $key (keys %ccdroutehash) {
588 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
589 if (&General::iporsubtodec($val) eq $ccdroutehash{$key}[$i] && $ccdroutehash{$key}[0] ne $cgiparams{'NAME'}){
590 return 0;
591 }
592 my ($ip2,$cidr2) = split (/\//,$ccdroutehash{$key}[$i]);
593 #subnetcheck
594 if (&General::IpInSubnet ($ip,$ip2,$cidr2)&& $ccdroutehash{$key}[0] ne $cgiparams{'NAME'} ){
595 return 0;
596 }
597 }
598 }
599 return 1;
600}
601sub check_ccdconf
602{
603 my %ccdconfhash=();
604 my $val=$_[0];
605 my ($ip,$cidr) = split (/\//, $val);
606 #check for existing routes in ccdroute
607 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
608 foreach my $key (keys %ccdconfhash) {
609 if (&General::iporsubtocidr($val) eq $ccdconfhash{$key}[1]){
610 return 0;
611 }
612 my ($ip2,$cidr2) = split (/\//,$ccdconfhash{$key}[1]);
613 #subnetcheck
614 if (&General::IpInSubnet ($ip,$ip2,&General::cidrtosub($cidr2))){
615 return 0;
616 }
617
618 }
619 return 1;
620}
621
7c1d9faf
AH
622###
623# m.a.d net2net
624###
625
626sub validdotmask
627{
628 my $ipdotmask = $_[0];
629 if (&General::validip($ipdotmask)) { return 0; }
630 if (!($ipdotmask =~ /^(.*?)\/(.*?)$/)) { }
631 my $mask = $2;
632 if (($mask =~ /\./ )) { return 0; }
633 return 1;
634}
54fd0535
MT
635
636# -------------------------------------------------------------------
637
638sub write_routepushfile
639{
640 open(FILE, ">$routes_push_file");
641 flock(FILE, 2);
642 if ($vpnsettings{'ROUTES_PUSH'} ne '') {
643 print FILE $vpnsettings{'ROUTES_PUSH'};
644 }
645 close(FILE);
646}
647
648sub read_routepushfile
649{
650 if (-e "$routes_push_file") {
651 open(FILE,"$routes_push_file");
652 delete $vpnsettings{'ROUTES_PUSH'};
653 while (<FILE>) { $vpnsettings{'ROUTES_PUSH'} .= $_ };
654 close(FILE);
655 $cgiparams{'ROUTES_PUSH'} = $vpnsettings{'ROUTES_PUSH'};
8c877a82 656
54fd0535
MT
657 }
658}
7c1d9faf 659
775b4494
AM
660sub writecollectdconf {
661 my $vpncollectd;
662 my %ccdhash=();
663
664 open(COLLECTDVPN, ">${General::swroot}/ovpn/collectd.vpn") or die "Unable to open collectd.vpn: $!";
665 print COLLECTDVPN "Loadplugin openvpn\n";
666 print COLLECTDVPN "\n";
667 print COLLECTDVPN "<Plugin openvpn>\n";
668 print COLLECTDVPN "Statusfile \"/var/run/ovpnserver.log\"\n";
669
670 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
671 foreach my $key (keys %ccdhash) {
672 if ($ccdhash{$key}[0] eq 'on' && $ccdhash{$key}[3] eq 'net') {
673 print COLLECTDVPN "Statusfile \"/var/run/openvpn/$ccdhash{$key}[1]-n2n\"\n";
674 }
675 }
676
677 print COLLECTDVPN "</Plugin>\n";
678 close(COLLECTDVPN);
679
680 # Reload collectd afterwards
681 system("/usr/local/bin/collectdctrl restart &>/dev/null");
682}
7c1d9faf 683
c6c9630e
MT
684#hier die refresh page
685if ( -e "${General::swroot}/ovpn/gencanow") {
686 my $refresh = '';
687 $refresh = "<meta http-equiv='refresh' content='15;' />";
688 &Header::showhttpheaders();
689 &Header::openpage($Lang::tr{'OVPN'}, 1, $refresh);
690 &Header::openbigbox('100%', 'center');
691 &Header::openbox('100%', 'left', "$Lang::tr{'generate root/host certificates'}:");
692 print "<tr>\n<td align='center'><img src='/images/clock.gif' alt='' /></td>\n";
693 print "<td colspan='2'><font color='red'>Please be patient this realy can take some time on older hardware...</font></td></tr>\n";
694 &Header::closebox();
695 &Header::closebigbox();
696 &Header::closepage();
697 exit (0);
698}
699##hier die refresh page
700
6e13d0a5
MT
701
702###
703### OpenVPN Server Control
704###
705if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'} ||
706 $cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'} ||
707 $cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}) {
6e13d0a5
MT
708 #start openvpn server
709 if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'}){
c6c9630e 710 &emptyserverlog();
6e13d0a5
MT
711 system('/usr/local/bin/openvpnctrl', '-s');
712 }
713 #stop openvpn server
714 if ($cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'}){
6e13d0a5 715 system('/usr/local/bin/openvpnctrl', '-k');
c6c9630e 716 &emptyserverlog();
6e13d0a5
MT
717 }
718# #restart openvpn server
8c877a82 719# if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){
6e13d0a5 720#workarund, till SIGHUP also works when running as nobody
8c877a82
AM
721# system('/usr/local/bin/openvpnctrl', '-r');
722# &emptyserverlog();
723# }
6e13d0a5
MT
724}
725
726###
727### Save Advanced options
728###
729
730if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
731 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
732 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
733 #DAN this value has to leave.
734#new settings for daemon
735 $vpnsettings{'LOG_VERB'} = $cgiparams{'LOG_VERB'};
736 $vpnsettings{'KEEPALIVE_1'} = $cgiparams{'KEEPALIVE_1'};
737 $vpnsettings{'KEEPALIVE_2'} = $cgiparams{'KEEPALIVE_2'};
738 $vpnsettings{'MAX_CLIENTS'} = $cgiparams{'MAX_CLIENTS'};
739 $vpnsettings{'REDIRECT_GW_DEF1'} = $cgiparams{'REDIRECT_GW_DEF1'};
740 $vpnsettings{'CLIENT2CLIENT'} = $cgiparams{'CLIENT2CLIENT'};
ffbe77c8 741 $vpnsettings{'ADDITIONAL_CONFIGS'} = $cgiparams{'ADDITIONAL_CONFIGS'};
6e13d0a5
MT
742 $vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'};
743 $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
744 $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
54fd0535 745 $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
4c962356 746 $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
49abe7af 747 $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
54fd0535 748 my @temp=();
6e13d0a5 749
a79fa1d6
JPT
750 if ($cgiparams{'FRAGMENT'} eq '') {
751 delete $vpnsettings{'FRAGMENT'};
752 } else {
753 if ($cgiparams{'FRAGMENT'} !~ /^[0-9]+$/) {
754 $errormessage = "Incorrect value, please insert only numbers.";
755 goto ADV_ERROR;
756 } else {
757 $vpnsettings{'FRAGMENT'} = $cgiparams{'FRAGMENT'};
758 }
759 }
49abe7af 760
a79fa1d6 761 if ($cgiparams{'MSSFIX'} ne 'on') {
1de5c945 762 delete $vpnsettings{'MSSFIX'};
a79fa1d6
JPT
763 } else {
764 $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
765 }
2ee746be 766
6e13d0a5 767 if ($cgiparams{'DHCP_DOMAIN'} ne ''){
81da1b01 768 unless (&General::validdomainname($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
6e13d0a5
MT
769 $errormessage = $Lang::tr{'invalid input for dhcp domain'};
770 goto ADV_ERROR;
771 }
772 }
773 if ($cgiparams{'DHCP_DNS'} ne ''){
774 unless (&General::validfqdn($cgiparams{'DHCP_DNS'}) || &General::validip($cgiparams{'DHCP_DNS'})) {
775 $errormessage = $Lang::tr{'invalid input for dhcp dns'};
776 goto ADV_ERROR;
777 }
778 }
779 if ($cgiparams{'DHCP_WINS'} ne ''){
780 unless (&General::validfqdn($cgiparams{'DHCP_WINS'}) || &General::validip($cgiparams{'DHCP_WINS'})) {
781 $errormessage = $Lang::tr{'invalid input for dhcp wins'};
54fd0535
MT
782 goto ADV_ERROR;
783 }
784 }
785 if ($cgiparams{'ROUTES_PUSH'} ne ''){
786 @temp = split(/\n/,$cgiparams{'ROUTES_PUSH'});
787 undef $vpnsettings{'ROUTES_PUSH'};
8c877a82
AM
788
789 foreach my $tmpip (@temp)
54fd0535
MT
790 {
791 s/^\s+//g; s/\s+$//g;
8c877a82
AM
792
793 if ($tmpip)
54fd0535 794 {
8c877a82
AM
795 $tmpip=~s/\s*$//g;
796 unless (&General::validipandmask($tmpip)) {
797 $errormessage = "$tmpip ".$Lang::tr{'ovpn errmsg invalid ip or mask'};
798 goto ADV_ERROR;
54fd0535 799 }
8c877a82
AM
800 my ($ip, $cidr) = split("\/",&General::ipcidr2msk($tmpip));
801
54fd0535
MT
802 if ($ip eq $netsettings{'GREEN_NETADDRESS'} && $cidr eq $netsettings{'GREEN_NETMASK'}) {
803 $errormessage = $Lang::tr{'ovpn errmsg green already pushed'};
8c877a82
AM
804 goto ADV_ERROR;
805 }
806# a.marx ccd
807 my %ccdroutehash=();
808 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
809 foreach my $key (keys %ccdroutehash) {
810 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
811 if ( $ip."/".$cidr eq $ccdroutehash{$key}[$i] ){
812 $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ;
813 goto ADV_ERROR;
814 }
815 my ($ip2,$cidr2) = split(/\//,$ccdroutehash{$key}[$i]);
816 if (&General::IpInSubnet ($ip,$ip2,$cidr2)){
817 $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ;
818 goto ADV_ERROR;
819 }
820 }
54fd0535 821 }
8c877a82
AM
822
823# ccd end
824
825 $vpnsettings{'ROUTES_PUSH'} .= $tmpip."\n";
54fd0535 826 }
8c877a82
AM
827 }
828 &write_routepushfile;
54fd0535 829 undef $vpnsettings{'ROUTES_PUSH'};
8e148dc3
NP
830 }
831 else {
832 undef $vpnsettings{'ROUTES_PUSH'};
833 &write_routepushfile;
6e13d0a5 834 }
6e13d0a5
MT
835 if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 255 )) {
836 $errormessage = $Lang::tr{'invalid input for max clients'};
837 goto ADV_ERROR;
838 }
839 if ($cgiparams{'KEEPALIVE_1'} ne '') {
840 if ($cgiparams{'KEEPALIVE_1'} !~ /^[0-9]+$/) {
841 $errormessage = $Lang::tr{'invalid input for keepalive 1'};
842 goto ADV_ERROR;
843 }
844 }
845 if ($cgiparams{'KEEPALIVE_2'} ne ''){
846 if ($cgiparams{'KEEPALIVE_2'} !~ /^[0-9]+$/) {
847 $errormessage = $Lang::tr{'invalid input for keepalive 2'};
848 goto ADV_ERROR;
849 }
850 }
851 if ($cgiparams{'KEEPALIVE_2'} < ($cgiparams{'KEEPALIVE_1'} * 2)){
852 $errormessage = $Lang::tr{'invalid input for keepalive 1:2'};
853 goto ADV_ERROR;
854 }
4be45949
EK
855 # Create ta.key for tls-auth if not presant
856 if ($cgiparams{'TLSAUTH'} eq 'on') {
857 if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
858 system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
859 if ($?) {
860 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
861 goto ADV_ERROR;
862 }
863 }
864 }
6e13d0a5
MT
865
866 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
c6c9630e 867 &writeserverconf();#hier ok
6e13d0a5
MT
868}
869
ce9abb66 870###
7c1d9faf 871# m.a.d net2net
ce9abb66
AH
872###
873
874if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'server')
875{
c6c9630e 876
ce9abb66
AH
877my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
878my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'});
54fd0535 879my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
d96c89eb 880my $tunmtu = '';
531f0835
AH
881
882unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
883unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
ce9abb66
AH
884
885 open(SERVERCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
886
887 flock SERVERCONF, 2;
7c1d9faf 888 print SERVERCONF "# IPFire n2n Open VPN Server Config by ummeegge und m.a.d\n";
ce9abb66 889 print SERVERCONF "\n";
b278daf3 890 print SERVERCONF "# User Security\n";
ce9abb66
AH
891 print SERVERCONF "user nobody\n";
892 print SERVERCONF "group nobody\n";
893 print SERVERCONF "persist-tun\n";
894 print SERVERCONF "persist-key\n";
7c1d9faf 895 print SERVERCONF "script-security 2\n";
60f396d7 896 print SERVERCONF "# IP/DNS for remote Server Gateway\n";
c125d8a2
SS
897
898 if ($cgiparams{'REMOTE'} ne '') {
ce9abb66 899 print SERVERCONF "remote $cgiparams{'REMOTE'}\n";
c125d8a2
SS
900 }
901
b278daf3 902 print SERVERCONF "float\n";
60f396d7 903 print SERVERCONF "# IP adresses of the VPN Subnet\n";
ce9abb66 904 print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n";
60f396d7 905 print SERVERCONF "# Client Gateway Network\n";
54fd0535 906 print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n";
2913185a 907 print SERVERCONF "up \"/etc/init.d/static-routes start\"\n";
60f396d7 908 print SERVERCONF "# tun Device\n";
ce9abb66 909 print SERVERCONF "dev tun\n";
5795fc1b
AM
910 print SERVERCONF "#Logfile for statistics\n";
911 print SERVERCONF "status-version 1\n";
87fe47e9 912 print SERVERCONF "status /var/run/openvpn/$cgiparams{'NAME'}-n2n 10\n";
60f396d7 913 print SERVERCONF "# Port and Protokol\n";
ce9abb66 914 print SERVERCONF "port $cgiparams{'DEST_PORT'}\n";
5795fc1b 915
60f396d7
AH
916 if ($cgiparams{'PROTOCOL'} eq 'tcp') {
917 print SERVERCONF "proto tcp-server\n";
918 print SERVERCONF "# Packet size\n";
d96c89eb 919 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
60f396d7 920 print SERVERCONF "tun-mtu $tunmtu\n";
d96c89eb 921 }
60f396d7
AH
922
923 if ($cgiparams{'PROTOCOL'} eq 'udp') {
924 print SERVERCONF "proto udp\n";
925 print SERVERCONF "# Paketsize\n";
926 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
927 print SERVERCONF "tun-mtu $tunmtu\n";
54fd0535
MT
928 if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";}
929 if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; };
d96c89eb 930 }
1647059d 931
60f396d7 932 print SERVERCONF "# Auth. Server\n";
ce9abb66
AH
933 print SERVERCONF "tls-server\n";
934 print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
935 print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
936 print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
49abe7af 937 print SERVERCONF "dh ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}\n";
b278daf3 938 print SERVERCONF "# Cipher\n";
4c962356 939 print SERVERCONF "cipher $cgiparams{'DCIPHER'}\n";
52f61e49
EKD
940
941 # If GCM cipher is used, do not use --auth
942 if (($cgiparams{'DCIPHER'} eq 'AES-256-GCM') ||
943 ($cgiparams{'DCIPHER'} eq 'AES-192-GCM') ||
944 ($cgiparams{'DCIPHER'} eq 'AES-128-GCM')) {
945 print SERVERCONF unless "# HMAC algorithm\n";
946 print SERVERCONF unless "auth $cgiparams{'DAUTH'}\n";
49abe7af 947 } else {
52f61e49
EKD
948 print SERVERCONF "# HMAC algorithm\n";
949 print SERVERCONF "auth $cgiparams{'DAUTH'}\n";
49abe7af 950 }
52f61e49 951
ce9abb66 952 if ($cgiparams{'COMPLZO'} eq 'on') {
60f396d7 953 print SERVERCONF "# Enable Compression\n";
66298ef2 954 print SERVERCONF "comp-lzo\n";
b278daf3 955 }
60f396d7 956 print SERVERCONF "# Debug Level\n";
ce9abb66 957 print SERVERCONF "verb 3\n";
b278daf3 958 print SERVERCONF "# Tunnel check\n";
ce9abb66 959 print SERVERCONF "keepalive 10 60\n";
60f396d7 960 print SERVERCONF "# Start as daemon\n";
ce9abb66
AH
961 print SERVERCONF "daemon $cgiparams{'NAME'}n2n\n";
962 print SERVERCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n";
60f396d7 963 print SERVERCONF "# Activate Management Interface and Port\n";
54fd0535
MT
964 if ($cgiparams{'OVPN_MGMT'} eq '') {print SERVERCONF "management localhost $cgiparams{'DEST_PORT'}\n"}
965 else {print SERVERCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"};
ce9abb66
AH
966 close(SERVERCONF);
967
968}
969
970###
7c1d9faf 971# m.a.d net2net
ce9abb66 972###
7c1d9faf 973
ce9abb66
AH
974if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client')
975{
4c962356 976
ce9abb66 977 my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'});
54fd0535 978 my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
ce9abb66 979 my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
d96c89eb 980 my $tunmtu = '';
54fd0535 981
531f0835
AH
982unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
983unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
ce9abb66
AH
984
985 open(CLIENTCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
986
987 flock CLIENTCONF, 2;
7c1d9faf 988 print CLIENTCONF "# IPFire rewritten n2n Open VPN Client Config by ummeegge und m.a.d\n";
ce9abb66 989 print CLIENTCONF "#\n";
b278daf3 990 print CLIENTCONF "# User Security\n";
ce9abb66
AH
991 print CLIENTCONF "user nobody\n";
992 print CLIENTCONF "group nobody\n";
993 print CLIENTCONF "persist-tun\n";
994 print CLIENTCONF "persist-key\n";
7c1d9faf 995 print CLIENTCONF "script-security 2\n";
60f396d7 996 print CLIENTCONF "# IP/DNS for remote Server Gateway\n";
ce9abb66 997 print CLIENTCONF "remote $cgiparams{'REMOTE'}\n";
b278daf3 998 print CLIENTCONF "float\n";
60f396d7 999 print CLIENTCONF "# IP adresses of the VPN Subnet\n";
ce9abb66 1000 print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n";
60f396d7 1001 print CLIENTCONF "# Server Gateway Network\n";
54fd0535 1002 print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";
2913185a 1003 print CLIENTCONF "up \"/etc/init.d/static-routes start\"\n";
60f396d7 1004 print CLIENTCONF "# tun Device\n";
ce9abb66 1005 print CLIENTCONF "dev tun\n";
35a21a25
AM
1006 print CLIENTCONF "#Logfile for statistics\n";
1007 print CLIENTCONF "status-version 1\n";
1008 print CLIENTCONF "status /var/run/openvpn/$cgiparams{'NAME'}-n2n 10\n";
60f396d7 1009 print CLIENTCONF "# Port and Protokol\n";
ce9abb66 1010 print CLIENTCONF "port $cgiparams{'DEST_PORT'}\n";
60f396d7
AH
1011
1012 if ($cgiparams{'PROTOCOL'} eq 'tcp') {
1013 print CLIENTCONF "proto tcp-client\n";
1014 print CLIENTCONF "# Packet size\n";
d96c89eb 1015 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
60f396d7 1016 print CLIENTCONF "tun-mtu $tunmtu\n";
d96c89eb 1017 }
60f396d7
AH
1018
1019 if ($cgiparams{'PROTOCOL'} eq 'udp') {
1020 print CLIENTCONF "proto udp\n";
1021 print CLIENTCONF "# Paketsize\n";
1022 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
1023 print CLIENTCONF "tun-mtu $tunmtu\n";
54fd0535
MT
1024 if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";}
1025 if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; };
d96c89eb 1026 }
1647059d 1027
b66b02ab
EK
1028 # Check host certificate if X509 is RFC3280 compliant.
1029 # If not, old --ns-cert-type directive will be used.
1030 # If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
1031 my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
1032 if ($hostcert !~ /TLS Web Server Authentication/) {
1033 print CLIENTCONF "ns-cert-type server\n";
1034 } else {
1035 print CLIENTCONF "remote-cert-tls server\n";
1036 }
ce9abb66
AH
1037 print CLIENTCONF "# Auth. Client\n";
1038 print CLIENTCONF "tls-client\n";
b278daf3 1039 print CLIENTCONF "# Cipher\n";
4c962356 1040 print CLIENTCONF "cipher $cgiparams{'DCIPHER'}\n";
ce9abb66 1041 print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n";
52f61e49
EKD
1042
1043 # If GCM cipher is used, do not use --auth
1044 if (($cgiparams{'DCIPHER'} eq 'AES-256-GCM') ||
1045 ($cgiparams{'DCIPHER'} eq 'AES-192-GCM') ||
1046 ($cgiparams{'DCIPHER'} eq 'AES-128-GCM')) {
1047 print CLIENTCONF unless "# HMAC algorithm\n";
1048 print CLIENTCONF unless "auth $cgiparams{'DAUTH'}\n";
49abe7af 1049 } else {
52f61e49
EKD
1050 print CLIENTCONF "# HMAC algorithm\n";
1051 print CLIENTCONF "auth $cgiparams{'DAUTH'}\n";
49abe7af 1052 }
52f61e49 1053
ce9abb66 1054 if ($cgiparams{'COMPLZO'} eq 'on') {
60f396d7 1055 print CLIENTCONF "# Enable Compression\n";
66298ef2 1056 print CLIENTCONF "comp-lzo\n";
4c962356 1057 }
ce9abb66
AH
1058 print CLIENTCONF "# Debug Level\n";
1059 print CLIENTCONF "verb 3\n";
b278daf3 1060 print CLIENTCONF "# Tunnel check\n";
ce9abb66 1061 print CLIENTCONF "keepalive 10 60\n";
60f396d7 1062 print CLIENTCONF "# Start as daemon\n";
ce9abb66
AH
1063 print CLIENTCONF "daemon $cgiparams{'NAME'}n2n\n";
1064 print CLIENTCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n";
60f396d7 1065 print CLIENTCONF "# Activate Management Interface and Port\n";
54fd0535
MT
1066 if ($cgiparams{'OVPN_MGMT'} eq '') {print CLIENTCONF "management localhost $cgiparams{'DEST_PORT'}\n"}
1067 else {print CLIENTCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"};
ce9abb66 1068 close(CLIENTCONF);
c6c9630e 1069
ce9abb66
AH
1070}
1071
6e13d0a5
MT
1072###
1073### Save main settings
1074###
ce9abb66 1075
6e13d0a5
MT
1076if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') {
1077 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
6e13d0a5
MT
1078 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
1079 #DAN this value has to leave.
1080 if ($cgiparams{'ENABLED'} eq 'on'){
1081 unless (&General::validfqdn($cgiparams{'VPN_IP'}) || &General::validip($cgiparams{'VPN_IP'})) {
1082 $errormessage = $Lang::tr{'invalid input for hostname'};
c6c9630e 1083 goto SETTINGS_ERROR;
6e13d0a5
MT
1084 }
1085 }
f7fb5bc5 1086
6e13d0a5 1087 if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) {
c6c9630e 1088 $errormessage = $Lang::tr{'ovpn subnet is invalid'};
4c962356 1089 goto SETTINGS_ERROR;
c6c9630e
MT
1090 }
1091 my @tmpovpnsubnet = split("\/",$cgiparams{'DOVPN_SUBNET'});
1092
1093 if (&General::IpInSubnet ( $netsettings{'RED_ADDRESS'},
1094 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1095 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire RED Network $netsettings{'RED_ADDRESS'}";
1096 goto SETTINGS_ERROR;
1097 }
1098
1099 if (&General::IpInSubnet ( $netsettings{'GREEN_ADDRESS'},
1100 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1101 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Green Network $netsettings{'GREEN_ADDRESS'}";
1102 goto SETTINGS_ERROR;
1103 }
1104
1105 if (&General::IpInSubnet ( $netsettings{'BLUE_ADDRESS'},
1106 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1107 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Blue Network $netsettings{'BLUE_ADDRESS'}";
1108 goto SETTINGS_ERROR;
1109 }
1110
1111 if (&General::IpInSubnet ( $netsettings{'ORANGE_ADDRESS'},
1112 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1113 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Orange Network $netsettings{'ORANGE_ADDRESS'}";
1114 goto SETTINGS_ERROR;
1115 }
1116 open(ALIASES, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.';
1117 while (<ALIASES>)
1118 {
1119 chomp($_);
1120 my @tempalias = split(/\,/,$_);
1121 if ($tempalias[1] eq 'on') {
1122 if (&General::IpInSubnet ($tempalias[0] ,
1123 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1124 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire alias entry $tempalias[0]";
1125 }
1126 }
1127 }
1128 close(ALIASES);
6e13d0a5 1129 if ($errormessage ne ''){
c6c9630e 1130 goto SETTINGS_ERROR;
6e13d0a5
MT
1131 }
1132 if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
1133 $errormessage = $Lang::tr{'invalid input'};
1134 goto SETTINGS_ERROR;
1135 }
1136 if ((length($cgiparams{'DMTU'})==0) || (($cgiparams{'DMTU'}) < 1000 )) {
1137 $errormessage = $Lang::tr{'invalid mtu input'};
1138 goto SETTINGS_ERROR;
1139 }
1140
1141 unless (&General::validport($cgiparams{'DDEST_PORT'})) {
c6c9630e
MT
1142 $errormessage = $Lang::tr{'invalid port'};
1143 goto SETTINGS_ERROR;
6e13d0a5 1144 }
8c252e6a 1145
6e13d0a5
MT
1146 $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
1147 $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
1148 $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
1149 $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
1150#new settings for daemon
1151 $vpnsettings{'DOVPN_SUBNET'} = $cgiparams{'DOVPN_SUBNET'};
6e13d0a5
MT
1152 $vpnsettings{'DPROTOCOL'} = $cgiparams{'DPROTOCOL'};
1153 $vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'};
1154 $vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
1155 $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
1156 $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
3ffee04b
CS
1157#wrtie enable
1158
1159 if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");}
1160 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_orange 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_orange 2>/dev/null");}
1161 if ( $vpnsettings{'ENABLED'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable 2>/dev/null");}
6e13d0a5
MT
1162#new settings for daemon
1163 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
c6c9630e 1164 &writeserverconf();#hier ok
6e13d0a5
MT
1165SETTINGS_ERROR:
1166###
1167### Reset all step 2
1168###
4c962356 1169}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'} && $cgiparams{'AREUSURE'} eq 'yes') {
6e13d0a5
MT
1170 my $file = '';
1171 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1172
1e499e90
MT
1173 # Kill all N2N connections
1174 system("/usr/local/bin/openvpnctrl -kn2n &>/dev/null");
1175
6e13d0a5 1176 foreach my $key (keys %confighash) {
2f36a7b4
MT
1177 my $name = $confighash{$cgiparams{'$key'}}[1];
1178
c6c9630e
MT
1179 if ($confighash{$key}[4] eq 'cert') {
1180 delete $confighash{$cgiparams{'$key'}};
1181 }
2f36a7b4
MT
1182
1183 system ("/usr/local/bin/openvpnctrl -drrd $name");
6e13d0a5
MT
1184 }
1185 while ($file = glob("${General::swroot}/ovpn/ca/*")) {
49abe7af 1186 unlink $file;
6e13d0a5
MT
1187 }
1188 while ($file = glob("${General::swroot}/ovpn/certs/*")) {
49abe7af 1189 unlink $file;
6e13d0a5
MT
1190 }
1191 while ($file = glob("${General::swroot}/ovpn/crls/*")) {
49abe7af 1192 unlink $file;
6e13d0a5 1193 }
4c962356 1194 &cleanssldatabase();
6e13d0a5
MT
1195 if (open(FILE, ">${General::swroot}/ovpn/caconfig")) {
1196 print FILE "";
1197 close FILE;
1198 }
49abe7af
EK
1199 if (open(FILE, ">${General::swroot}/ovpn/ccdroute")) {
1200 print FILE "";
1201 close FILE;
1202 }
1203 if (open(FILE, ">${General::swroot}/ovpn/ccdroute2")) {
1204 print FILE "";
1205 close FILE;
1206 }
1207 while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
1208 unlink $file
1209 }
5795fc1b
AM
1210 while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
1211 unlink $file
1212 }
49abe7af
EK
1213 if (open(FILE, ">${General::swroot}/ovpn/ovpn-leases.db")) {
1214 print FILE "";
1215 close FILE;
1216 }
1217 if (open(FILE, ">${General::swroot}/ovpn/ovpnconfig")) {
1218 print FILE "";
1219 close FILE;
1220 }
1221 while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) {
1222 system ("rm -rf $file");
1223 }
1224
2f36a7b4
MT
1225 # Remove everything from the collectd configuration
1226 &writecollectdconf();
1227
c6c9630e 1228 #&writeserverconf();
6e13d0a5
MT
1229###
1230### Reset all step 1
1231###
4c962356 1232}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'}) {
6e13d0a5 1233 &Header::showhttpheaders();
4c962356
EK
1234 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
1235 &Header::openbigbox('100%', 'left', '', '');
1236 &Header::openbox('100%', 'left', $Lang::tr{'are you sure'});
1237 print <<END;
1238 <form method='post'>
1239 <table width='100%'>
1240 <tr>
1241 <td align='center'>
1242 <input type='hidden' name='AREUSURE' value='yes' />
49abe7af 1243 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
4c962356
EK
1244 $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}</td>
1245 </tr>
1246 <tr>
1247 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' />
1248 <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td>
1249 </tr>
1250 </table>
1251 </form>
6e13d0a5
MT
1252END
1253 ;
1254 &Header::closebox();
1255 &Header::closebigbox();
1256 &Header::closepage();
1257 exit (0);
1258
4c962356
EK
1259###
1260### Generate DH key step 2
1261###
1262} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'} && $cgiparams{'AREUSURE'} eq 'yes') {
49abe7af 1263 # Delete if old key exists
4c962356
EK
1264 if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
1265 unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
1266 }
1267 # Create Diffie Hellmann Parameter
badd8c1c 1268 system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
4c962356
EK
1269 if ($?) {
1270 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1271 unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
1272 }
1273
1274###
1275### Generate DH key step 1
1276###
1277} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'}) {
1278 &Header::showhttpheaders();
1279 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
1280 &Header::openbigbox('100%', 'LEFT', '', '');
1281 &Header::openbox('100%', 'LEFT', "$Lang::tr{'gen dh'}:");
1282 print <<END;
1283 <table width='100%'>
1284 <tr>
f527e53f 1285 <td width='20%'> </td> <td width='15%'></td> <td width='65%'></td>
49abe7af 1286 </tr>
4c962356
EK
1287 <tr>
1288 <td class='base'>$Lang::tr{'ovpn dh'}:</td>
1289 <td align='center'>
1290 <form method='post'><input type='hidden' name='AREUSURE' value='yes' />
1291 <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
1292 <select name='DHLENGHT'>
6fc0f5eb 1293 <option value='1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit'} ($Lang::tr{'vpn weak'})</option>
4c962356
EK
1294 <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
1295 <option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
1296 <option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
1297 </select>
1298 </td>
1299 </tr>
1300 <tr><td colspan='4'><br></td></tr>
1301 </table>
1302 <table width='100%'>
1303 <tr>
49abe7af 1304 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}: </font></b>$Lang::tr{'dh key warn'}
4c962356 1305 </tr>
49abe7af
EK
1306 <tr>
1307 <td class='base'>$Lang::tr{'dh key warn1'}</td>
1308 </tr>
1309 <tr><td colspan='2'><br></td></tr>
4c962356
EK
1310 <tr>
1311 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
1312 </form>
1313 </tr>
1314 </table>
1315
1316END
1317 ;
1318 &Header::closebox();
1319 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1320 &Header::closebigbox();
1321 &Header::closepage();
1322 exit (0);
1323
1324###
1325### Upload DH key
1326###
1327} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload dh key'}) {
4c962356
EK
1328 if (ref ($cgiparams{'FH'}) ne 'Fh') {
1329 $errormessage = $Lang::tr{'there was no file upload'};
1330 goto UPLOADCA_ERROR;
1331 }
49abe7af 1332 # Move uploaded dh key to a temporary file
4c962356
EK
1333 (my $fh, my $filename) = tempfile( );
1334 if (copy ($cgiparams{'FH'}, $fh) != 1) {
1335 $errormessage = $!;
49abe7af 1336 goto UPLOADCA_ERROR;
4c962356 1337 }
49abe7af 1338 my $temp = `/usr/bin/openssl dhparam -text -in $filename`;
4c962356
EK
1339 if ($temp !~ /DH Parameters: \((1024|2048|3072|4096) bit\)/) {
1340 $errormessage = $Lang::tr{'not a valid dh key'};
1341 unlink ($filename);
1342 goto UPLOADCA_ERROR;
1343 } else {
1344 # Delete if old key exists
1345 if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
1346 unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
1347 }
1348 move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
49abe7af
EK
1349 if ($? ne 0) {
1350 $errormessage = "$Lang::tr{'dh key move failed'}: $!";
1351 unlink ($filename);
1352 goto UPLOADCA_ERROR;
1353 }
4c962356
EK
1354 }
1355
6e13d0a5
MT
1356###
1357### Upload CA Certificate
1358###
1359} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload ca certificate'}) {
1360 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1361
1362 if ($cgiparams{'CA_NAME'} !~ /^[a-zA-Z0-9]+$/) {
1363 $errormessage = $Lang::tr{'name must only contain characters'};
1364 goto UPLOADCA_ERROR;
1365 }
1366
1367 if (length($cgiparams{'CA_NAME'}) >60) {
1368 $errormessage = $Lang::tr{'name too long'};
1369 goto VPNCONF_ERROR;
1370 }
1371
1372 if ($cgiparams{'CA_NAME'} eq 'ca') {
1373 $errormessage = $Lang::tr{'name is invalid'};
4c962356 1374 goto UPLOADCA_ERROR;
6e13d0a5
MT
1375 }
1376
1377 # Check if there is no other entry with this name
1378 foreach my $key (keys %cahash) {
c6c9630e
MT
1379 if ($cahash{$key}[0] eq $cgiparams{'CA_NAME'}) {
1380 $errormessage = $Lang::tr{'a ca certificate with this name already exists'};
1381 goto UPLOADCA_ERROR;
1382 }
6e13d0a5
MT
1383 }
1384
1385 if (ref ($cgiparams{'FH'}) ne 'Fh') {
c6c9630e
MT
1386 $errormessage = $Lang::tr{'there was no file upload'};
1387 goto UPLOADCA_ERROR;
6e13d0a5
MT
1388 }
1389 # Move uploaded ca to a temporary file
1390 (my $fh, my $filename) = tempfile( );
1391 if (copy ($cgiparams{'FH'}, $fh) != 1) {
c6c9630e
MT
1392 $errormessage = $!;
1393 goto UPLOADCA_ERROR;
6e13d0a5
MT
1394 }
1395 my $temp = `/usr/bin/openssl x509 -text -in $filename`;
c6c9630e
MT
1396 if ($temp !~ /CA:TRUE/i) {
1397 $errormessage = $Lang::tr{'not a valid ca certificate'};
1398 unlink ($filename);
1399 goto UPLOADCA_ERROR;
6e13d0a5 1400 } else {
c6c9630e
MT
1401 move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem");
1402 if ($? ne 0) {
1403 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1404 unlink ($filename);
1405 goto UPLOADCA_ERROR;
1406 }
6e13d0a5
MT
1407 }
1408
1409 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem`;
1410 $casubject =~ /Subject: (.*)[\n]/;
1411 $casubject = $1;
1412 $casubject =~ s+/Email+, E+;
1413 $casubject =~ s/ ST=/ S=/;
1414 $casubject = &Header::cleanhtml($casubject);
1415
1416 my $key = &General::findhasharraykey (\%cahash);
1417 $cahash{$key}[0] = $cgiparams{'CA_NAME'};
1418 $cahash{$key}[1] = $casubject;
1419 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
c6c9630e
MT
1420# system('/usr/local/bin/ipsecctrl', 'R');
1421
6e13d0a5
MT
1422 UPLOADCA_ERROR:
1423
1424###
1425### Display ca certificate
1426###
1427} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show ca certificate'}) {
c6c9630e
MT
1428 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1429
1430 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem") {
1431 &Header::showhttpheaders();
4c962356 1432 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
c6c9630e
MT
1433 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
1434 &Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:");
1435 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
1436 $output = &Header::cleanhtml($output,"y");
1437 print "<pre>$output</pre>\n";
1438 &Header::closebox();
1439 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1440 &Header::closebigbox();
1441 &Header::closepage();
1442 exit(0);
1443 } else {
1444 $errormessage = $Lang::tr{'invalid key'};
1445 }
1446
6e13d0a5
MT
1447###
1448### Download ca certificate
1449###
1450} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download ca certificate'}) {
1451 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1452
1453 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1454 print "Content-Type: application/octet-stream\r\n";
1455 print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
1456 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
1457 exit(0);
1458 } else {
1459 $errormessage = $Lang::tr{'invalid key'};
1460 }
1461
1462###
1463### Remove ca certificate (step 2)
1464###
1465} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'} && $cgiparams{'AREUSURE'} eq 'yes') {
1466 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1467 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1468
1469 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1470 foreach my $key (keys %confighash) {
1471 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
1472 if ($test =~ /: OK/) {
c6c9630e
MT
1473 # Delete connection
1474# if ($vpnsettings{'ENABLED'} eq 'on' ||
1475# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
1476# system('/usr/local/bin/ipsecctrl', 'D', $key);
1477# }
6e13d0a5
MT
1478 unlink ("${General::swroot}/ovpn//certs/$confighash{$key}[1]cert.pem");
1479 unlink ("${General::swroot}/ovpn/certs/$confighash{$key}[1].p12");
1480 delete $confighash{$key};
1481 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 1482# &writeipsecfiles();
6e13d0a5
MT
1483 }
1484 }
1485 unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
1486 delete $cahash{$cgiparams{'KEY'}};
1487 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
c6c9630e 1488# system('/usr/local/bin/ipsecctrl', 'R');
6e13d0a5
MT
1489 } else {
1490 $errormessage = $Lang::tr{'invalid key'};
1491 }
1492###
1493### Remove ca certificate (step 1)
1494###
1495} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'}) {
1496 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1497 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1498
1499 my $assignedcerts = 0;
1500 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1501 foreach my $key (keys %confighash) {
1502 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
1503 if ($test =~ /: OK/) {
1504 $assignedcerts++;
1505 }
1506 }
1507 if ($assignedcerts) {
1508 &Header::showhttpheaders();
4c962356 1509 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
6e13d0a5
MT
1510 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
1511 &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'});
4c962356 1512 print <<END;
6e13d0a5
MT
1513 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
1514 <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
1515 <tr><td align='center'>
1516 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>: $assignedcerts
1517 $Lang::tr{'connections are associated with this ca. deleting the ca will delete these connections as well.'}
1518 <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
1519 <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td></tr>
1520 </form></table>
1521END
1522 ;
1523 &Header::closebox();
1524 &Header::closebigbox();
1525 &Header::closepage();
1526 exit (0);
1527 } else {
1528 unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
1529 delete $cahash{$cgiparams{'KEY'}};
1530 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1531# system('/usr/local/bin/ipsecctrl', 'R');
1532 }
1533 } else {
1534 $errormessage = $Lang::tr{'invalid key'};
1535 }
1536
1537###
1538### Display root certificate
1539###
c6c9630e
MT
1540}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} ||
1541 $cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
1542 my $output;
1543 &Header::showhttpheaders();
4c962356 1544 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
c6c9630e
MT
1545 &Header::openbigbox('100%', 'LEFT', '', '');
1546 if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
1547 &Header::openbox('100%', 'LEFT', "$Lang::tr{'root certificate'}:");
1548 $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
1549 } else {
1550 &Header::openbox('100%', 'LEFT', "$Lang::tr{'host certificate'}:");
1551 $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
1552 }
1553 $output = &Header::cleanhtml($output,"y");
1554 print "<pre>$output</pre>\n";
1555 &Header::closebox();
1556 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1557 &Header::closebigbox();
1558 &Header::closepage();
1559 exit(0);
1560
6e13d0a5
MT
1561###
1562### Download root certificate
1563###
1564}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download root certificate'}) {
1565 if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
1566 print "Content-Type: application/octet-stream\r\n";
1567 print "Content-Disposition: filename=cacert.pem\r\n\r\n";
1568 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/cacert.pem`;
1569 exit(0);
1570 }
1571
1572###
1573### Download host certificate
1574###
1575}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download host certificate'}) {
1576 if ( -f "${General::swroot}/ovpn/certs/servercert.pem" ) {
1577 print "Content-Type: application/octet-stream\r\n";
1578 print "Content-Disposition: filename=servercert.pem\r\n\r\n";
1579 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem`;
1580 exit(0);
1581 }
f7fb5bc5 1582
fd5ccb2d
EK
1583###
1584### Download tls-auth key
1585###
1586}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download tls-auth key'}) {
1587 if ( -f "${General::swroot}/ovpn/certs/ta.key" ) {
1588 print "Content-Type: application/octet-stream\r\n";
1589 print "Content-Disposition: filename=ta.key\r\n\r\n";
1590 print `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
1591 exit(0);
1592 }
1593
6e13d0a5
MT
1594###
1595### Form for generating a root certificate
1596###
1597}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate root/host certificates'} ||
1598 $cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
1599
1600 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1601 if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
1602 $errormessage = $Lang::tr{'valid root certificate already exists'};
1603 $cgiparams{'ACTION'} = '';
1604 goto ROOTCERT_ERROR;
1605 }
1606
1607 if (($cgiparams{'ROOTCERT_HOSTNAME'} eq '') && -e "${General::swroot}/red/active") {
1608 if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
1609 my $ipaddr = <IPADDR>;
1610 close IPADDR;
1611 chomp ($ipaddr);
1612 $cgiparams{'ROOTCERT_HOSTNAME'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
1613 if ($cgiparams{'ROOTCERT_HOSTNAME'} eq '') {
1614 $cgiparams{'ROOTCERT_HOSTNAME'} = $ipaddr;
1615 }
1616 }
1617 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
1618
1619 if (ref ($cgiparams{'FH'}) ne 'Fh') {
1620 $errormessage = $Lang::tr{'there was no file upload'};
1621 goto ROOTCERT_ERROR;
1622 }
1623
1624 # Move uploaded certificate request to a temporary file
1625 (my $fh, my $filename) = tempfile( );
1626 if (copy ($cgiparams{'FH'}, $fh) != 1) {
1627 $errormessage = $!;
1628 goto ROOTCERT_ERROR;
1629 }
1630
1631 # Create a temporary dirctory
1632 my $tempdir = tempdir( CLEANUP => 1 );
1633
1634 # Extract the CA certificate from the file
1635 my $pid = open(OPENSSL, "|-");
1636 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1637 if ($pid) { # parent
1638 if ($cgiparams{'P12_PASS'} ne '') {
1639 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1640 }
1641 close (OPENSSL);
1642 if ($?) {
1643 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1644 unlink ($filename);
1645 goto ROOTCERT_ERROR;
1646 }
1647 } else { # child
1648 unless (exec ('/usr/bin/openssl', 'pkcs12', '-cacerts', '-nokeys',
1649 '-in', $filename,
1650 '-out', "$tempdir/cacert.pem")) {
1651 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1652 unlink ($filename);
1653 goto ROOTCERT_ERROR;
1654 }
1655 }
1656
1657 # Extract the Host certificate from the file
1658 $pid = open(OPENSSL, "|-");
1659 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1660 if ($pid) { # parent
1661 if ($cgiparams{'P12_PASS'} ne '') {
1662 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1663 }
1664 close (OPENSSL);
1665 if ($?) {
1666 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1667 unlink ($filename);
1668 goto ROOTCERT_ERROR;
1669 }
1670 } else { # child
1671 unless (exec ('/usr/bin/openssl', 'pkcs12', '-clcerts', '-nokeys',
1672 '-in', $filename,
1673 '-out', "$tempdir/hostcert.pem")) {
1674 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1675 unlink ($filename);
1676 goto ROOTCERT_ERROR;
1677 }
1678 }
1679
1680 # Extract the Host key from the file
1681 $pid = open(OPENSSL, "|-");
1682 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1683 if ($pid) { # parent
1684 if ($cgiparams{'P12_PASS'} ne '') {
1685 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1686 }
1687 close (OPENSSL);
1688 if ($?) {
1689 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1690 unlink ($filename);
1691 goto ROOTCERT_ERROR;
1692 }
1693 } else { # child
1694 unless (exec ('/usr/bin/openssl', 'pkcs12', '-nocerts',
1695 '-nodes',
1696 '-in', $filename,
1697 '-out', "$tempdir/serverkey.pem")) {
1698 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1699 unlink ($filename);
1700 goto ROOTCERT_ERROR;
1701 }
1702 }
1703
1704 move("$tempdir/cacert.pem", "${General::swroot}/ovpn/ca/cacert.pem");
1705 if ($? ne 0) {
1706 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1707 unlink ($filename);
1708 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1709 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1710 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1711 goto ROOTCERT_ERROR;
1712 }
1713
1714 move("$tempdir/hostcert.pem", "${General::swroot}/ovpn/certs/servercert.pem");
1715 if ($? ne 0) {
1716 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1717 unlink ($filename);
1718 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1719 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1720 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1721 goto ROOTCERT_ERROR;
1722 }
1723
1724 move("$tempdir/serverkey.pem", "${General::swroot}/ovpn/certs/serverkey.pem");
1725 if ($? ne 0) {
1726 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1727 unlink ($filename);
1728 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1729 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1730 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1731 goto ROOTCERT_ERROR;
1732 }
1733
1734 goto ROOTCERT_SUCCESS;
1735
1736 } elsif ($cgiparams{'ROOTCERT_COUNTRY'} ne '') {
1737
1738 # Validate input since the form was submitted
1739 if ($cgiparams{'ROOTCERT_ORGANIZATION'} eq ''){
1740 $errormessage = $Lang::tr{'organization cant be empty'};
1741 goto ROOTCERT_ERROR;
1742 }
1743 if (length($cgiparams{'ROOTCERT_ORGANIZATION'}) >60) {
1744 $errormessage = $Lang::tr{'organization too long'};
1745 goto ROOTCERT_ERROR;
1746 }
1747 if ($cgiparams{'ROOTCERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1748 $errormessage = $Lang::tr{'invalid input for organization'};
1749 goto ROOTCERT_ERROR;
1750 }
1751 if ($cgiparams{'ROOTCERT_HOSTNAME'} eq ''){
1752 $errormessage = $Lang::tr{'hostname cant be empty'};
1753 goto ROOTCERT_ERROR;
1754 }
1755 unless (&General::validfqdn($cgiparams{'ROOTCERT_HOSTNAME'}) || &General::validip($cgiparams{'ROOTCERT_HOSTNAME'})) {
1756 $errormessage = $Lang::tr{'invalid input for hostname'};
1757 goto ROOTCERT_ERROR;
1758 }
1759 if ($cgiparams{'ROOTCERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'ROOTCERT_EMAIL'}))) {
1760 $errormessage = $Lang::tr{'invalid input for e-mail address'};
1761 goto ROOTCERT_ERROR;
1762 }
1763 if (length($cgiparams{'ROOTCERT_EMAIL'}) > 40) {
1764 $errormessage = $Lang::tr{'e-mail address too long'};
1765 goto ROOTCERT_ERROR;
1766 }
1767 if ($cgiparams{'ROOTCERT_OU'} ne '' && $cgiparams{'ROOTCERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1768 $errormessage = $Lang::tr{'invalid input for department'};
1769 goto ROOTCERT_ERROR;
1770 }
1771 if ($cgiparams{'ROOTCERT_CITY'} ne '' && $cgiparams{'ROOTCERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1772 $errormessage = $Lang::tr{'invalid input for city'};
1773 goto ROOTCERT_ERROR;
1774 }
1775 if ($cgiparams{'ROOTCERT_STATE'} ne '' && $cgiparams{'ROOTCERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1776 $errormessage = $Lang::tr{'invalid input for state or province'};
1777 goto ROOTCERT_ERROR;
1778 }
1779 if ($cgiparams{'ROOTCERT_COUNTRY'} !~ /^[A-Z]*$/) {
1780 $errormessage = $Lang::tr{'invalid input for country'};
1781 goto ROOTCERT_ERROR;
1782 }
1783
1784 # Copy the cgisettings to vpnsettings and save the configfile
1785 $vpnsettings{'ROOTCERT_ORGANIZATION'} = $cgiparams{'ROOTCERT_ORGANIZATION'};
1786 $vpnsettings{'ROOTCERT_HOSTNAME'} = $cgiparams{'ROOTCERT_HOSTNAME'};
1787 $vpnsettings{'ROOTCERT_EMAIL'} = $cgiparams{'ROOTCERT_EMAIL'};
1788 $vpnsettings{'ROOTCERT_OU'} = $cgiparams{'ROOTCERT_OU'};
1789 $vpnsettings{'ROOTCERT_CITY'} = $cgiparams{'ROOTCERT_CITY'};
1790 $vpnsettings{'ROOTCERT_STATE'} = $cgiparams{'ROOTCERT_STATE'};
1791 $vpnsettings{'ROOTCERT_COUNTRY'} = $cgiparams{'ROOTCERT_COUNTRY'};
1792 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
1793
1794 # Replace empty strings with a .
1795 (my $ou = $cgiparams{'ROOTCERT_OU'}) =~ s/^\s*$/\./;
1796 (my $city = $cgiparams{'ROOTCERT_CITY'}) =~ s/^\s*$/\./;
1797 (my $state = $cgiparams{'ROOTCERT_STATE'}) =~ s/^\s*$/\./;
1798
1799 # refresh
c6c9630e 1800 #system ('/bin/touch', "${General::swroot}/ovpn/gencanow");
6e13d0a5
MT
1801
1802 # Create the CA certificate
1803 my $pid = open(OPENSSL, "|-");
1804 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1805 if ($pid) { # parent
1806 print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n";
1807 print OPENSSL "$state\n";
1808 print OPENSSL "$city\n";
1809 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n";
1810 print OPENSSL "$ou\n";
1811 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'} CA\n";
1812 print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n";
1813 close (OPENSSL);
1814 if ($?) {
1815 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1816 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1817 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1818 goto ROOTCERT_ERROR;
1819 }
1820 } else { # child
badd8c1c 1821 unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes',
49abe7af 1822 '-days', '999999', '-newkey', 'rsa:4096', '-sha512',
6e13d0a5
MT
1823 '-keyout', "${General::swroot}/ovpn/ca/cakey.pem",
1824 '-out', "${General::swroot}/ovpn/ca/cacert.pem",
1825 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
1826 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1827 goto ROOTCERT_ERROR;
1828 }
1829 }
1830
1831 # Create the Host certificate request
1832 $pid = open(OPENSSL, "|-");
1833 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1834 if ($pid) { # parent
1835 print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n";
1836 print OPENSSL "$state\n";
1837 print OPENSSL "$city\n";
1838 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n";
1839 print OPENSSL "$ou\n";
1840 print OPENSSL "$cgiparams{'ROOTCERT_HOSTNAME'}\n";
1841 print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n";
1842 print OPENSSL ".\n";
1843 print OPENSSL ".\n";
1844 close (OPENSSL);
1845 if ($?) {
1846 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1847 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1848 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1849 goto ROOTCERT_ERROR;
1850 }
1851 } else { # child
badd8c1c 1852 unless (exec ('/usr/bin/openssl', 'req', '-nodes',
4c962356 1853 '-newkey', 'rsa:2048',
6e13d0a5
MT
1854 '-keyout', "${General::swroot}/ovpn/certs/serverkey.pem",
1855 '-out', "${General::swroot}/ovpn/certs/serverreq.pem",
1856 '-extensions', 'server',
1857 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
1858 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1859 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1860 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1861 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1862 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1863 goto ROOTCERT_ERROR;
1864 }
1865 }
1866
1867 # Sign the host certificate request
1868 system('/usr/bin/openssl', 'ca', '-days', '999999',
1869 '-batch', '-notext',
1870 '-in', "${General::swroot}/ovpn/certs/serverreq.pem",
1871 '-out', "${General::swroot}/ovpn/certs/servercert.pem",
1872 '-extensions', 'server',
1873 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf");
1874 if ($?) {
1875 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1876 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1877 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1878 unlink ("${General::swroot}/ovpn/serverkey.pem");
1879 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1880 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
c6c9630e 1881 &newcleanssldatabase();
6e13d0a5
MT
1882 goto ROOTCERT_ERROR;
1883 } else {
1884 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
c6c9630e 1885 &deletebackupcert();
6e13d0a5
MT
1886 }
1887
1888 # Create an empty CRL
1889 system('/usr/bin/openssl', 'ca', '-gencrl',
1890 '-out', "${General::swroot}/ovpn/crls/cacrl.pem",
1891 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" );
1892 if ($?) {
1893 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1894 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1895 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1896 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1897 unlink ("${General::swroot}/ovpn/crls/cacrl.pem");
c6c9630e 1898 &cleanssldatabase();
6e13d0a5 1899 goto ROOTCERT_ERROR;
c6c9630e
MT
1900# } else {
1901# &cleanssldatabase();
6e13d0a5
MT
1902 }
1903 # Create Diffie Hellmann Parameter
badd8c1c 1904 system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
6e13d0a5
MT
1905 if ($?) {
1906 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1907 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1908 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1909 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1910 unlink ("${General::swroot}/ovpn/crls/cacrl.pem");
1911 unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
c6c9630e 1912 &cleanssldatabase();
6e13d0a5 1913 goto ROOTCERT_ERROR;
c6c9630e
MT
1914# } else {
1915# &cleanssldatabase();
4be45949
EK
1916 }
1917 # Create ta.key for tls-auth
1918 system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
1919 if ($?) {
1920 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1921 &cleanssldatabase();
1922 goto ROOTCERT_ERROR;
1923 }
6e13d0a5
MT
1924 goto ROOTCERT_SUCCESS;
1925 }
1926 ROOTCERT_ERROR:
1927 if ($cgiparams{'ACTION'} ne '') {
1928 &Header::showhttpheaders();
4c962356 1929 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
6e13d0a5
MT
1930 &Header::openbigbox('100%', 'LEFT', '', '');
1931 if ($errormessage) {
1932 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
1933 print "<class name='base'>$errormessage";
1934 print "&nbsp;</class>";
1935 &Header::closebox();
1936 }
1937 &Header::openbox('100%', 'LEFT', "$Lang::tr{'generate root/host certificates'}:");
49abe7af 1938 print <<END;
6e13d0a5
MT
1939 <form method='post' enctype='multipart/form-data'>
1940 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
e3edceeb 1941 <tr><td width='30%' class='base'>$Lang::tr{'organization name'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
6e13d0a5
MT
1942 <td width='35%' class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_ORGANIZATION' value='$cgiparams{'ROOTCERT_ORGANIZATION'}' size='32' /></td>
1943 <td width='35%' colspan='2'>&nbsp;</td></tr>
e3edceeb 1944 <tr><td class='base'>$Lang::tr{'ipfires hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
6e13d0a5
MT
1945 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_HOSTNAME' value='$cgiparams{'ROOTCERT_HOSTNAME'}' size='32' /></td>
1946 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 1947 <tr><td class='base'>$Lang::tr{'your e-mail'}:</td>
6e13d0a5
MT
1948 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_EMAIL' value='$cgiparams{'ROOTCERT_EMAIL'}' size='32' /></td>
1949 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 1950 <tr><td class='base'>$Lang::tr{'your department'}:</td>
6e13d0a5
MT
1951 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_OU' value='$cgiparams{'ROOTCERT_OU'}' size='32' /></td>
1952 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 1953 <tr><td class='base'>$Lang::tr{'city'}:</td>
6e13d0a5
MT
1954 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_CITY' value='$cgiparams{'ROOTCERT_CITY'}' size='32' /></td>
1955 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 1956 <tr><td class='base'>$Lang::tr{'state or province'}:</td>
6e13d0a5
MT
1957 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_STATE' value='$cgiparams{'ROOTCERT_STATE'}' size='32' /></td>
1958 <td colspan='2'>&nbsp;</td></tr>
1959 <tr><td class='base'>$Lang::tr{'country'}:</td>
1960 <td class='base'><select name='ROOTCERT_COUNTRY'>
1961
1962END
1963 ;
1964 foreach my $country (sort keys %{Countries::countries}) {
1965 print "<option value='$Countries::countries{$country}'";
1966 if ( $Countries::countries{$country} eq $cgiparams{'ROOTCERT_COUNTRY'} ) {
1967 print " selected='selected'";
1968 }
1969 print ">$country</option>";
1970 }
49abe7af 1971 print <<END;
6e13d0a5 1972 </select></td>
4c962356
EK
1973 <tr><td class='base'>$Lang::tr{'ovpn dh'}:</td>
1974 <td class='base'><select name='DHLENGHT'>
ea6dd5b0 1975 <option value='1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit'} ($Lang::tr{'vpn weak'}</option>
4c962356
EK
1976 <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
1977 <option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
1978 <option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
1979 </select>
1980 </td>
1981 </tr>
1982
6e13d0a5
MT
1983 <tr><td>&nbsp;</td>
1984 <td><input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' /></td>
1985 <td>&nbsp;</td><td>&nbsp;</td></tr>
1986 <tr><td class='base' colspan='4' align='left'>
e3edceeb 1987 <img src='/blob.gif' valign='top' alt='*' />&nbsp;$Lang::tr{'required field'}</td></tr>
49abe7af
EK
1988 <tr><td colspan='2'><br></td></tr>
1989 <table width='100%'>
1990 <tr>
1991 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}: </font></b>$Lang::tr{'ovpn generating the root and host certificates'}
1992 <td class='base'>$Lang::tr{'dh key warn'}</td>
4c962356 1993 </tr>
49abe7af
EK
1994 <tr>
1995 <td class='base'>$Lang::tr{'dh key warn1'}</td>
4c962356 1996 </tr>
49abe7af
EK
1997 <tr><td colspan='2'><br></td></tr>
1998 <tr>
1999 </table>
4c962356 2000
49abe7af 2001 <table width='100%'>
4c962356 2002 <tr><td colspan='4'><hr></td></tr>
e3edceeb 2003 <tr><td class='base' nowrap='nowrap'>$Lang::tr{'upload p12 file'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
6e13d0a5
MT
2004 <td nowrap='nowrap'><input type='file' name='FH' size='32'></td>
2005 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2006 <tr><td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
6e13d0a5
MT
2007 <td class='base' nowrap='nowrap'><input type='password' name='P12_PASS' value='$cgiparams{'P12_PASS'}' size='32' /></td>
2008 <td colspan='2'>&nbsp;</td></tr>
2009 <tr><td>&nbsp;</td>
2010 <td><input type='submit' name='ACTION' value='$Lang::tr{'upload p12 file'}' /></td>
2011 <td colspan='2'>&nbsp;</td></tr>
2012 <tr><td class='base' colspan='4' align='left'>
e3edceeb 2013 <img src='/blob.gif' valign='top' alt='*' >&nbsp;$Lang::tr{'required field'}</td>
4c962356 2014 </tr>
6e13d0a5
MT
2015 </form></table>
2016END
2017 ;
2018 &Header::closebox();
4c962356 2019 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
6e13d0a5
MT
2020 &Header::closebigbox();
2021 &Header::closepage();
2022 exit(0)
2023 }
2024
2025 ROOTCERT_SUCCESS:
2026 system ("chmod 600 ${General::swroot}/ovpn/certs/serverkey.pem");
c6c9630e
MT
2027# if ($vpnsettings{'ENABLED'} eq 'on' ||
2028# $vpnsettings{'ENABLE_BLUE'} eq 'on') {
2029# system('/usr/local/bin/ipsecctrl', 'S');
2030# }
6e13d0a5
MT
2031
2032###
2033### Enable/Disable connection
2034###
ce9abb66
AH
2035
2036###
7c1d9faf 2037# m.a.d net2net
ce9abb66
AH
2038###
2039
6e13d0a5 2040}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
c6c9630e
MT
2041
2042 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
6e13d0a5 2043 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66
AH
2044# my $n2nactive = '';
2045 my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk \'{print \$1}\'`;
2046
6e13d0a5 2047 if ($confighash{$cgiparams{'KEY'}}) {
8c877a82
AM
2048 if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
2049 $confighash{$cgiparams{'KEY'}}[0] = 'on';
2050 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66 2051
8c877a82 2052 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
775b4494
AM
2053 system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
2054 &writecollectdconf();
8c877a82
AM
2055 }
2056 } else {
ce9abb66 2057
8c877a82
AM
2058 $confighash{$cgiparams{'KEY'}}[0] = 'off';
2059 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66 2060
8c877a82 2061 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
775b4494
AM
2062 if ($n2nactive ne '') {
2063 system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
2064 &writecollectdconf();
2065 }
ce9abb66 2066
8c877a82 2067 } else {
775b4494 2068 $errormessage = $Lang::tr{'invalid key'};
8c877a82 2069 }
775b4494 2070 }
ce9abb66 2071 }
6e13d0a5
MT
2072
2073###
2074### Download OpenVPN client package
2075###
ce9abb66
AH
2076
2077
6e13d0a5
MT
2078} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'dl client arch'}) {
2079 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2080 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2081 my $file = '';
2082 my $clientovpn = '';
2083 my @fileholder;
2084 my $tempdir = tempdir( CLEANUP => 1 );
2085 my $zippath = "$tempdir/";
ce9abb66
AH
2086
2087###
7c1d9faf
AH
2088# m.a.d net2net
2089###
ce9abb66
AH
2090
2091if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
2092
2093 my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-Client.zip";
2094 my $zippathname = "$zippath$zipname";
2095 $clientovpn = "$confighash{$cgiparams{'KEY'}}[1].conf";
2096 my @ovsubnettemp = split(/\./,$confighash{$cgiparams{'KEY'}}[27]);
54fd0535 2097 my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
ce9abb66 2098 my $tunmtu = '';
7c1d9faf 2099 my @remsubnet = split(/\//,$confighash{$cgiparams{'KEY'}}[8]);
54fd0535 2100 my $n2nfragment = '';
ce9abb66
AH
2101
2102 open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
2103 flock CLIENTCONF, 2;
2104
2105 my $zip = Archive::Zip->new();
7c1d9faf 2106 print CLIENTCONF "# IPFire n2n Open VPN Client Config by ummeegge und m.a.d\n";
ce9abb66 2107 print CLIENTCONF "# \n";
b278daf3 2108 print CLIENTCONF "# User Security\n";
ce9abb66
AH
2109 print CLIENTCONF "user nobody\n";
2110 print CLIENTCONF "group nobody\n";
2111 print CLIENTCONF "persist-tun\n";
2112 print CLIENTCONF "persist-key\n";
7c1d9faf 2113 print CLIENTCONF "script-security 2\n";
60f396d7 2114 print CLIENTCONF "# IP/DNS for remote Server Gateway\n";
531f0835 2115 print CLIENTCONF "remote $vpnsettings{'VPN_IP'}\n";
b278daf3 2116 print CLIENTCONF "float\n";
60f396d7 2117 print CLIENTCONF "# IP adresses of the VPN Subnet\n";
ce9abb66 2118 print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n";
b278daf3 2119 print CLIENTCONF "# Server Gateway Network\n";
7c1d9faf 2120 print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";
b278daf3 2121 print CLIENTCONF "# tun Device\n";
79e7688b 2122 print CLIENTCONF "dev tun\n";
35a21a25
AM
2123 print CLIENTCONF "#Logfile for statistics\n";
2124 print CLIENTCONF "status-version 1\n";
2125 print CLIENTCONF "status /var/run/openvpn/$cgiparams{'NAME'}-n2n 10\n";
60f396d7 2126 print CLIENTCONF "# Port and Protokoll\n";
ce9abb66 2127 print CLIENTCONF "port $confighash{$cgiparams{'KEY'}}[29]\n";
60f396d7
AH
2128
2129 if ($confighash{$cgiparams{'KEY'}}[28] eq 'tcp') {
2130 print CLIENTCONF "proto tcp-client\n";
2131 print CLIENTCONF "# Packet size\n";
d96c89eb 2132 if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1400'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
60f396d7 2133 print CLIENTCONF "tun-mtu $tunmtu\n";
d96c89eb 2134 }
60f396d7
AH
2135
2136 if ($confighash{$cgiparams{'KEY'}}[28] eq 'udp') {
2137 print CLIENTCONF "proto udp\n";
2138 print CLIENTCONF "# Paketsize\n";
2139 if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1500'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
2140 print CLIENTCONF "tun-mtu $tunmtu\n";
54fd0535 2141 if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";}
60f396d7 2142 if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";}
d96c89eb 2143 }
1647059d
SS
2144 if (($confighash{$cgiparams{'KEY'}}[38] eq 'yes') ||
2145 ($confighash{$cgiparams{'KEY'}}[38] eq 'maybe') ||
2146 ($confighash{$cgiparams{'KEY'}}[38] eq 'no' )) {
2ee746be
SS
2147 if (($confighash{$cgiparams{'KEY'}}[23] ne 'on') || ($confighash{$cgiparams{'KEY'}}[24] eq '')) {
2148 if ($tunmtu eq '1500' ) {
350f2980 2149 print CLIENTCONF "mtu-disc $confighash{$cgiparams{'KEY'}}[38]\n";
2ee746be
SS
2150 }
2151 }
2152 }
b66b02ab
EK
2153 # Check host certificate if X509 is RFC3280 compliant.
2154 # If not, old --ns-cert-type directive will be used.
2155 # If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
2156 my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
2157 if ($hostcert !~ /TLS Web Server Authentication/) {
2158 print CLIENTCONF "ns-cert-type server\n";
2159 } else {
2160 print CLIENTCONF "remote-cert-tls server\n";
2161 }
ce9abb66
AH
2162 print CLIENTCONF "# Auth. Client\n";
2163 print CLIENTCONF "tls-client\n";
49abe7af 2164 print CLIENTCONF "# Cipher\n";
4c962356 2165 print CLIENTCONF "cipher $confighash{$cgiparams{'KEY'}}[40]\n";
ce9abb66
AH
2166 if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
2167 print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n";
2168 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
49abe7af 2169 }
52f61e49
EKD
2170
2171 # If GCM cipher is used, do not use --auth
2172 if (($confighash{$cgiparams{'KEY'}}[40] eq 'AES-256-GCM') ||
2173 ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-192-GCM') ||
2174 ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-128-GCM')) {
2175 print CLIENTCONF unless "# HMAC algorithm\n";
2176 print CLIENTCONF unless "auth $confighash{$cgiparams{'KEY'}}[39]\n";
49abe7af 2177 } else {
52f61e49
EKD
2178 print CLIENTCONF "# HMAC algorithm\n";
2179 print CLIENTCONF "auth $confighash{$cgiparams{'KEY'}}[39]\n";
49abe7af 2180 }
52f61e49 2181
4c962356 2182 if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') {
b278daf3 2183 print CLIENTCONF "# Enable Compression\n";
66298ef2 2184 print CLIENTCONF "comp-lzo\n";
b278daf3 2185 }
ce9abb66
AH
2186 print CLIENTCONF "# Debug Level\n";
2187 print CLIENTCONF "verb 3\n";
b278daf3 2188 print CLIENTCONF "# Tunnel check\n";
ce9abb66 2189 print CLIENTCONF "keepalive 10 60\n";
b278daf3 2190 print CLIENTCONF "# Start as daemon\n";
ce9abb66
AH
2191 print CLIENTCONF "daemon $confighash{$cgiparams{'KEY'}}[1]n2n\n";
2192 print CLIENTCONF "writepid /var/run/$confighash{$cgiparams{'KEY'}}[1]n2n.pid\n";
b278daf3 2193 print CLIENTCONF "# Activate Management Interface and Port\n";
54fd0535
MT
2194 if ($confighash{$cgiparams{'KEY'}}[22] eq '') {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[29]\n"}
2195 else {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[22]\n"};
ce9abb66 2196 print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n";
531f0835 2197
ce9abb66
AH
2198
2199 close(CLIENTCONF);
2200
2201 $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
2202 my $status = $zip->writeToFileNamed($zippathname);
2203
2204 open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!";
2205 @fileholder = <DLFILE>;
2206 print "Content-Type:application/x-download\n";
2207 print "Content-Disposition:attachment;filename=$zipname\n\n";
2208 print @fileholder;
2209 exit (0);
2210}
2211else
2212{
2213 my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip";
2214 my $zippathname = "$zippath$zipname";
2215 $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn";
2216
2217###
7c1d9faf 2218# m.a.d net2net
ce9abb66
AH
2219###
2220
c6c9630e 2221 open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
6e13d0a5
MT
2222 flock CLIENTCONF, 2;
2223
2224 my $zip = Archive::Zip->new();
2225
8c877a82 2226 print CLIENTCONF "#OpenVPN Client conf\r\n";
6e13d0a5
MT
2227 print CLIENTCONF "tls-client\r\n";
2228 print CLIENTCONF "client\r\n";
4f6e3ae3 2229 print CLIENTCONF "nobind\r\n";
79e7688b 2230 print CLIENTCONF "dev tun\r\n";
c6c9630e 2231 print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n";
2ee746be
SS
2232
2233 # Check if we are using fragment, mssfix or mtu-disc and set MTU to 1500
2234 # or use configured value.
2235 if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' )
79e7688b 2236 { print CLIENTCONF "tun-mtu 1500\r\n"; }
2ee746be 2237 elsif ($vpnsettings{MSSFIX} eq 'on')
79e7688b 2238 { print CLIENTCONF "tun-mtu 1500\r\n"; }
2ee746be 2239 else
79e7688b 2240 { print CLIENTCONF "tun-mtu $vpnsettings{'DMTU'}\r\n"; }
2ee746be 2241
6e13d0a5
MT
2242 if ( $vpnsettings{'ENABLED'} eq 'on'){
2243 print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n";
c6c9630e
MT
2244 if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){
2245 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Blue interface\r\n";
2246 print CLIENTCONF ";remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2247 }
2248 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2249 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n";
2250 print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2251 }
2252 } elsif ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){
2253 print CLIENTCONF "remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2254 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2255 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n";
2256 print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2257 }
2258 } elsif ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2259 print CLIENTCONF "remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
6e13d0a5
MT
2260 }
2261
71af643c
MT
2262 my $file_crt = new File::Temp( UNLINK => 1 );
2263 my $file_key = new File::Temp( UNLINK => 1 );
b22d8aaf 2264 my $include_certs = 0;
71af643c 2265
6e13d0a5 2266 if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
71af643c 2267 if ($cgiparams{'MODE'} eq 'insecure') {
b22d8aaf
MT
2268 $include_certs = 1;
2269
71af643c 2270 # Add the CA
b22d8aaf 2271 print CLIENTCONF ";ca cacert.pem\r\n";
71af643c
MT
2272 $zip->addFile("${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
2273
2274 # Extract the certificate
2275 system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
2276 '-clcerts', '-nokeys', '-nodes', '-out', "$file_crt" , '-passin', 'pass:');
2277 if ($?) {
2278 die "openssl error: $?";
2279 }
2280
2281 $zip->addFile("$file_crt", "$confighash{$cgiparams{'KEY'}}[1].pem") or die;
b22d8aaf 2282 print CLIENTCONF ";cert $confighash{$cgiparams{'KEY'}}[1].pem\r\n";
71af643c
MT
2283
2284 # Extract the key
2285 system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
2286 '-nocerts', '-nodes', '-out', "$file_key", '-passin', 'pass:');
2287 if ($?) {
2288 die "openssl error: $?";
2289 }
2290
2291 $zip->addFile("$file_key", "$confighash{$cgiparams{'KEY'}}[1].key") or die;
b22d8aaf 2292 print CLIENTCONF ";key $confighash{$cgiparams{'KEY'}}[1].key\r\n";
71af643c
MT
2293 } else {
2294 print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n";
2295 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
2296 }
6e13d0a5 2297 } else {
c6c9630e
MT
2298 print CLIENTCONF "ca cacert.pem\r\n";
2299 print CLIENTCONF "cert $confighash{$cgiparams{'KEY'}}[1]cert.pem\r\n";
2300 print CLIENTCONF "key $confighash{$cgiparams{'KEY'}}[1].key\r\n";
2301 $zip->addFile( "${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
2302 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n";
6e13d0a5
MT
2303 }
2304 print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
49abe7af
EK
2305 if ($vpnsettings{'DAUTH'} eq '') {
2306 print CLIENTCONF "";
2307 } else {
2308 print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n";
2309 }
2310 if ($vpnsettings{'TLSAUTH'} eq 'on') {
b22d8aaf
MT
2311 if ($cgiparams{'MODE'} eq 'insecure') {
2312 print CLIENTCONF ";";
2313 }
4be45949
EK
2314 print CLIENTCONF "tls-auth ta.key\r\n";
2315 $zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key") or die "Can't add file ta.key\n";
49abe7af 2316 }
6e13d0a5
MT
2317 if ($vpnsettings{DCOMPLZO} eq 'on') {
2318 print CLIENTCONF "comp-lzo\r\n";
2319 }
2320 print CLIENTCONF "verb 3\r\n";
b66b02ab
EK
2321 # Check host certificate if X509 is RFC3280 compliant.
2322 # If not, old --ns-cert-type directive will be used.
2323 # If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
2324 my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
2325 if ($hostcert !~ /TLS Web Server Authentication/) {
2326 print CLIENTCONF "ns-cert-type server\r\n";
2327 } else {
2328 print CLIENTCONF "remote-cert-tls server\r\n";
2329 }
964700d4 2330 print CLIENTCONF "verify-x509-name $vpnsettings{ROOTCERT_HOSTNAME} name\r\n";
a79fa1d6
JPT
2331 if ($vpnsettings{MSSFIX} eq 'on') {
2332 print CLIENTCONF "mssfix\r\n";
2333 }
74225cce 2334 if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) {
a79fa1d6
JPT
2335 print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
2336 }
1647059d 2337
b22d8aaf
MT
2338 if ($include_certs) {
2339 print CLIENTCONF "\r\n";
2340
2341 # CA
2342 open(FILE, "<${General::swroot}/ovpn/ca/cacert.pem");
2343 print CLIENTCONF "<ca>\r\n";
2344 while (<FILE>) {
2345 chomp($_);
2346 print CLIENTCONF "$_\r\n";
2347 }
2348 print CLIENTCONF "</ca>\r\n\r\n";
2349 close(FILE);
2350
2351 # Cert
2352 open(FILE, "<$file_crt");
2353 print CLIENTCONF "<cert>\r\n";
2354 while (<FILE>) {
2355 chomp($_);
2356 print CLIENTCONF "$_\r\n";
2357 }
2358 print CLIENTCONF "</cert>\r\n\r\n";
2359 close(FILE);
2360
2361 # Key
2362 open(FILE, "<$file_key");
2363 print CLIENTCONF "<key>\r\n";
2364 while (<FILE>) {
2365 chomp($_);
2366 print CLIENTCONF "$_\r\n";
2367 }
2368 print CLIENTCONF "</key>\r\n\r\n";
2369 close(FILE);
2370
2371 # TLS auth
2372 if ($vpnsettings{'TLSAUTH'} eq 'on') {
2373 open(FILE, "<${General::swroot}/ovpn/certs/ta.key");
2374 print CLIENTCONF "<tls-auth>\r\n";
2375 while (<FILE>) {
2376 chomp($_);
2377 print CLIENTCONF "$_\r\n";
2378 }
2379 print CLIENTCONF "</tls-auth>\r\n\r\n";
2380 close(FILE);
2381 }
2382 }
2383
ffbe77c8
EK
2384 # Print client.conf.local if entries exist to client.ovpn
2385 if (!-z $local_clientconf && $vpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') {
2386 open (LCC, "$local_clientconf");
2387 print CLIENTCONF "\n#---------------------------\n";
2388 print CLIENTCONF "# Start of custom directives\n";
2389 print CLIENTCONF "# from client.conf.local\n";
2390 print CLIENTCONF "#---------------------------\n\n";
2391 while (<LCC>) {
2392 print CLIENTCONF $_;
2393 }
2394 print CLIENTCONF "\n#---------------------------\n";
2395 print CLIENTCONF "# End of custom directives\n";
2396 print CLIENTCONF "#---------------------------\n\n";
2397 close (LCC);
2398 }
6e13d0a5 2399 close(CLIENTCONF);
ce9abb66 2400
6e13d0a5
MT
2401 $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
2402 my $status = $zip->writeToFileNamed($zippathname);
2403
2404 open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!";
2405 @fileholder = <DLFILE>;
2406 print "Content-Type:application/x-download\n";
2407 print "Content-Disposition:attachment;filename=$zipname\n\n";
2408 print @fileholder;
2409 exit (0);
ce9abb66
AH
2410 }
2411
2412
2413
6e13d0a5
MT
2414###
2415### Remove connection
2416###
ce9abb66
AH
2417
2418
6e13d0a5 2419} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
323be7c4
AM
2420 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2421 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 2422
323be7c4 2423 if ($confighash{$cgiparams{'KEY'}}) {
fde9c9dd 2424 # Revoke certificate if certificate was deleted and rewrite the CRL
323be7c4 2425 my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
fde9c9dd 2426 my $tempA = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
ce9abb66
AH
2427
2428###
7c1d9faf 2429# m.a.d net2net
ce9abb66 2430###
7c1d9faf 2431
323be7c4 2432 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
1e499e90
MT
2433 # Stop the N2N connection before it is removed
2434 system("/usr/local/bin/openvpnctrl -kn2n $confighash{$cgiparams{'KEY'}}[1] &>/dev/null");
2435
323be7c4
AM
2436 my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
2437 my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
2438 unlink ($certfile);
2439 unlink ($conffile);
8e6a8fd5 2440
323be7c4
AM
2441 if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") {
2442 rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
2443 }
323be7c4 2444 }
ce9abb66 2445
323be7c4
AM
2446 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
2447 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
8c877a82
AM
2448
2449# A.Marx CCD delete ccd files and routes
2450
323be7c4
AM
2451 if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]")
2452 {
2453 unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]";
8c877a82 2454 }
e81be1e1 2455
323be7c4
AM
2456 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
2457 foreach my $key (keys %ccdroutehash) {
2458 if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
2459 delete $ccdroutehash{$key};
2460 }
8c877a82 2461 }
323be7c4 2462 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
8c877a82 2463
323be7c4
AM
2464 &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
2465 foreach my $key (keys %ccdroute2hash) {
2466 if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
2467 delete $ccdroute2hash{$key};
2468 }
2469 }
2470 &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
2471 &writeserverconf;
8c877a82 2472
323be7c4
AM
2473# CCD end
2474 # Update collectd configuration and delete all RRD files of the removed connection
2475 &writecollectdconf();
2476 system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]");
8c877a82 2477
323be7c4
AM
2478 delete $confighash{$cgiparams{'KEY'}};
2479 my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
2480 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2481
2482 } else {
2483 $errormessage = $Lang::tr{'invalid key'};
2484 }
b2e75449 2485 &General::firewall_reload();
ce9abb66 2486
6e13d0a5
MT
2487###
2488### Download PKCS12 file
2489###
2490} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download pkcs12 file'}) {
2491 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2492
2493 print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . ".p12\r\n";
2494 print "Content-Type: application/octet-stream\r\n\r\n";
2495 print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12`;
2496 exit (0);
2497
2498###
2499### Display certificate
2500###
2501} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show certificate'}) {
2502 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2503
2504 if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
c6c9630e 2505 &Header::showhttpheaders();
4c962356 2506 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
c6c9630e
MT
2507 &Header::openbigbox('100%', 'LEFT', '', '');
2508 &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:");
2509 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
2510 $output = &Header::cleanhtml($output,"y");
2511 print "<pre>$output</pre>\n";
2512 &Header::closebox();
2513 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2514 &Header::closebigbox();
2515 &Header::closepage();
2516 exit(0);
6e13d0a5 2517 }
4c962356
EK
2518
2519###
2520### Display Diffie-Hellman key
2521###
2522} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show dh'}) {
2523
2524 if (! -e "${General::swroot}/ovpn/ca/dh1024.pem") {
49abe7af 2525 $errormessage = $Lang::tr{'not present'};
4c962356
EK
2526 } else {
2527 &Header::showhttpheaders();
2528 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
2529 &Header::openbigbox('100%', 'LEFT', '', '');
2530 &Header::openbox('100%', 'LEFT', "$Lang::tr{'dh'}:");
2531 my $output = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
2532 $output = &Header::cleanhtml($output,"y");
2533 print "<pre>$output</pre>\n";
2534 &Header::closebox();
2535 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2536 &Header::closebigbox();
2537 &Header::closepage();
2538 exit(0);
2539 }
2540
fd5ccb2d
EK
2541###
2542### Display tls-auth key
2543###
2544} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show tls-auth key'}) {
2545
2546 if (! -e "${General::swroot}/ovpn/certs/ta.key") {
2547 $errormessage = $Lang::tr{'not present'};
2548 } else {
2549 &Header::showhttpheaders();
2550 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
2551 &Header::openbigbox('100%', 'LEFT', '', '');
2552 &Header::openbox('100%', 'LEFT', "$Lang::tr{'ta key'}:");
2553 my $output = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
2554 $output = &Header::cleanhtml($output,"y");
2555 print "<pre>$output</pre>\n";
2556 &Header::closebox();
2557 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2558 &Header::closebigbox();
2559 &Header::closepage();
2560 exit(0);
2561 }
2562
6e13d0a5
MT
2563###
2564### Display Certificate Revoke List
2565###
2566} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show crl'}) {
c6c9630e
MT
2567# &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2568
49abe7af
EK
2569 if (! -e "${General::swroot}/ovpn/crls/cacrl.pem") {
2570 $errormessage = $Lang::tr{'not present'};
2571 } else {
b2e75449
MT
2572 &Header::showhttpheaders();
2573 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
2574 &Header::openbigbox('100%', 'LEFT', '', '');
2575 &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
2576 my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`;
2577 $output = &Header::cleanhtml($output,"y");
2578 print "<pre>$output</pre>\n";
2579 &Header::closebox();
2580 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2581 &Header::closebigbox();
2582 &Header::closepage();
2583 exit(0);
6e13d0a5
MT
2584 }
2585
2586###
2587### Advanced Server Settings
2588###
2589
2590} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'advanced server'}) {
2591 %cgiparams = ();
2592 %cahash = ();
2593 %confighash = ();
8c877a82 2594 my $disabled;
6e13d0a5 2595 &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
54fd0535 2596 read_routepushfile;
8c877a82
AM
2597
2598
c6c9630e
MT
2599# if ($cgiparams{'CLIENT2CLIENT'} eq '') {
2600# $cgiparams{'CLIENT2CLIENT'} = 'on';
2601# }
6e13d0a5
MT
2602ADV_ERROR:
2603 if ($cgiparams{'MAX_CLIENTS'} eq '') {
4c962356 2604 $cgiparams{'MAX_CLIENTS'} = '100';
6e13d0a5 2605 }
6e13d0a5 2606 if ($cgiparams{'KEEPALIVE_1'} eq '') {
4c962356 2607 $cgiparams{'KEEPALIVE_1'} = '10';
6e13d0a5
MT
2608 }
2609 if ($cgiparams{'KEEPALIVE_2'} eq '') {
4c962356 2610 $cgiparams{'KEEPALIVE_2'} = '60';
6e13d0a5
MT
2611 }
2612 if ($cgiparams{'LOG_VERB'} eq '') {
4c962356 2613 $cgiparams{'LOG_VERB'} = '3';
ae9f6139 2614 }
4c962356 2615 if ($cgiparams{'DAUTH'} eq '') {
70900745 2616 $cgiparams{'DAUTH'} = 'SHA512';
92b87e17 2617 }
f527e53f 2618 if ($cgiparams{'TLSAUTH'} eq '') {
754066e6 2619 $cgiparams{'TLSAUTH'} = 'off';
f527e53f 2620 }
6e13d0a5
MT
2621 $checked{'CLIENT2CLIENT'}{'off'} = '';
2622 $checked{'CLIENT2CLIENT'}{'on'} = '';
2623 $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
2624 $checked{'REDIRECT_GW_DEF1'}{'off'} = '';
2625 $checked{'REDIRECT_GW_DEF1'}{'on'} = '';
2626 $checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED';
ffbe77c8
EK
2627 $checked{'ADDITIONAL_CONFIGS'}{'off'} = '';
2628 $checked{'ADDITIONAL_CONFIGS'}{'on'} = '';
2629 $checked{'ADDITIONAL_CONFIGS'}{$cgiparams{'ADDITIONAL_CONFIGS'}} = 'CHECKED';
a79fa1d6
JPT
2630 $checked{'MSSFIX'}{'off'} = '';
2631 $checked{'MSSFIX'}{'on'} = '';
2632 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
49abe7af 2633 $selected{'LOG_VERB'}{'0'} = '';
6e13d0a5
MT
2634 $selected{'LOG_VERB'}{'1'} = '';
2635 $selected{'LOG_VERB'}{'2'} = '';
2636 $selected{'LOG_VERB'}{'3'} = '';
2637 $selected{'LOG_VERB'}{'4'} = '';
2638 $selected{'LOG_VERB'}{'5'} = '';
2639 $selected{'LOG_VERB'}{'6'} = '';
2640 $selected{'LOG_VERB'}{'7'} = '';
2641 $selected{'LOG_VERB'}{'8'} = '';
2642 $selected{'LOG_VERB'}{'9'} = '';
2643 $selected{'LOG_VERB'}{'10'} = '';
2644 $selected{'LOG_VERB'}{'11'} = '';
6e13d0a5 2645 $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
4c962356
EK
2646 $selected{'DAUTH'}{'whirlpool'} = '';
2647 $selected{'DAUTH'}{'SHA512'} = '';
2648 $selected{'DAUTH'}{'SHA384'} = '';
2649 $selected{'DAUTH'}{'SHA256'} = '';
4c962356
EK
2650 $selected{'DAUTH'}{'SHA1'} = '';
2651 $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
49abe7af
EK
2652 $checked{'TLSAUTH'}{'off'} = '';
2653 $checked{'TLSAUTH'}{'on'} = '';
2654 $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
f527e53f 2655
6e13d0a5
MT
2656 &Header::showhttpheaders();
2657 &Header::openpage($Lang::tr{'status ovpn'}, 1, '');
2658 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
2659 if ($errormessage) {
c6c9630e
MT
2660 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2661 print "<class name='base'>$errormessage\n";
2662 print "&nbsp;</class>\n";
2663 &Header::closebox();
6e13d0a5
MT
2664 }
2665 &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'});
4c962356 2666 print <<END;
b376fae4 2667 <form method='post' enctype='multipart/form-data'>
b2e75449 2668<table width='100%' border=0>
4c962356
EK
2669 <tr>
2670 <td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
6e13d0a5
MT
2671 </tr>
2672 <tr>
4c962356 2673 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
6e13d0a5
MT
2674 </tr>
2675 <tr>
4c962356 2676 <td class='base'>Domain</td>
8c877a82 2677 <td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30' /></td>
6e13d0a5
MT
2678 </tr>
2679 <tr>
4c962356
EK
2680 <td class='base'>DNS</td>
2681 <td><input type='TEXT' name='DHCP_DNS' value='$cgiparams{'DHCP_DNS'}' size='30' /></td>
6e13d0a5
MT
2682 </tr>
2683 <tr>
4c962356
EK
2684 <td class='base'>WINS</td>
2685 <td><input type='TEXT' name='DHCP_WINS' value='$cgiparams{'DHCP_WINS'}' size='30' /></td>
2686 </tr>
54fd0535 2687 <tr>
4c962356 2688 <td colspan='4'><b>$Lang::tr{'ovpn routes push options'}</b></td>
54fd0535
MT
2689 </tr>
2690 <tr>
4c962356
EK
2691 <td class='base'>$Lang::tr{'ovpn routes push'}</td>
2692 <td colspan='2'>
2693 <textarea name='ROUTES_PUSH' cols='26' rows='6' wrap='off'>
54fd0535
MT
2694END
2695;
2696
2697if ($cgiparams{'ROUTES_PUSH'} ne '')
2698{
2699 print $cgiparams{'ROUTES_PUSH'};
2700}
2701
8c877a82 2702print <<END;
54fd0535
MT
2703</textarea></td>
2704</tr>
6e13d0a5
MT
2705 </tr>
2706</table>
2707<hr size='1'>
4c962356 2708<table width='100%'>
ffbe77c8 2709 <tr>
4c962356 2710 <td class'base'><b>$Lang::tr{'misc-options'}</b></td>
ffbe77c8
EK
2711 </tr>
2712
2713 <tr>
4c962356 2714 <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td>
ffbe77c8
EK
2715 </tr>
2716
2717 <tr>
4c962356
EK
2718 <td class='base'>Client-To-Client</td>
2719 <td><input type='checkbox' name='CLIENT2CLIENT' $checked{'CLIENT2CLIENT'}{'on'} /></td>
ffbe77c8
EK
2720 </tr>
2721
2722 <tr>
4c962356
EK
2723 <td class='base'>Redirect-Gateway def1</td>
2724 <td><input type='checkbox' name='REDIRECT_GW_DEF1' $checked{'REDIRECT_GW_DEF1'}{'on'} /></td>
ffbe77c8
EK
2725 </tr>
2726
4c962356 2727 <tr>
ffbe77c8
EK
2728 <td class='base'>$Lang::tr{'ovpn add conf'}</td>
2729 <td><input type='checkbox' name='ADDITIONAL_CONFIGS' $checked{'ADDITIONAL_CONFIGS'}{'on'} /></td>
2730 <td>$Lang::tr{'openvpn default'}: off</td>
2731 </tr>
2732
2733 <tr>
2734 <td class='base'>mssfix</td>
2735 <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
2736 <td>$Lang::tr{'openvpn default'}: off</td>
2737 </tr>
2738
4c962356 2739 <tr>
ffbe77c8
EK
2740 <td class='base'>fragment <br></td>
2741 <td><input type='TEXT' name='FRAGMENT' value='$cgiparams{'FRAGMENT'}' size='10' /></td>
2742 </tr>
2743
2744
2745 <tr>
2746 <td class='base'>Max-Clients</td>
2747 <td><input type='text' name='MAX_CLIENTS' value='$cgiparams{'MAX_CLIENTS'}' size='10' /></td>
2748 </tr>
2749 <tr>
2750 <td class='base'>Keepalive <br />
2751 (ping/ping-restart)</td>
2752 <td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='10' /></td>
2753 <td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='10' /></td>
2754 </tr>
a79fa1d6
JPT
2755</table>
2756
a79fa1d6 2757<hr size='1'>
4c962356 2758<table width='100%'>
a79fa1d6 2759 <tr>
49abe7af 2760 <td class'base'><b>$Lang::tr{'log-options'}</b></td>
a79fa1d6
JPT
2761 </tr>
2762 <tr>
49abe7af 2763 <td width='20%'></td> <td width='30%'> </td><td width='25%'> </td><td width='25%'></td>
4c962356
EK
2764 </tr>
2765
2766 <tr><td class='base'>VERB</td>
2767 <td><select name='LOG_VERB'>
49abe7af
EK
2768 <option value='0' $selected{'LOG_VERB'}{'0'}>0</option>
2769 <option value='1' $selected{'LOG_VERB'}{'1'}>1</option>
2770 <option value='2' $selected{'LOG_VERB'}{'2'}>2</option>
2771 <option value='3' $selected{'LOG_VERB'}{'3'}>3</option>
2772 <option value='4' $selected{'LOG_VERB'}{'4'}>4</option>
2773 <option value='5' $selected{'LOG_VERB'}{'5'}>5</option>
2774 <option value='6' $selected{'LOG_VERB'}{'6'}>6</option>
2775 <option value='7' $selected{'LOG_VERB'}{'7'}>7</option>
2776 <option value='8' $selected{'LOG_VERB'}{'8'}>8</option>
2777 <option value='9' $selected{'LOG_VERB'}{'9'}>9</option>
2778 <option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
2779 <option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
2780 </td></select>
2781 </table>
4c962356 2782
6e13d0a5 2783<hr size='1'>
4c962356 2784<table width='100%'>
6e13d0a5 2785 <tr>
4c962356
EK
2786 <td class'base'><b>$Lang::tr{'ovpn crypt options'}</b></td>
2787 </tr>
2788 <tr>
2789 <td width='20%'></td> <td width='30%'> </td><td width='25%'> </td><td width='25%'></td>
6e13d0a5 2790 </tr>
4c962356
EK
2791 <tr><td class='base'>$Lang::tr{'ovpn ha'}</td>
2792 <td><select name='DAUTH'>
b2e75449
MT
2793 <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
2794 <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
2795 <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
2796 <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
f3dfb261 2797 <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4c962356
EK
2798 </select>
2799 </td>
040b8b0c 2800 <td>$Lang::tr{'openvpn default'}: <span class="base">SHA1 (160 $Lang::tr{'bit'})</span></td>
49abe7af 2801 </tr>
6e13d0a5 2802</table>
49abe7af
EK
2803
2804<table width='100%'>
6e13d0a5 2805 <tr>
49abe7af 2806 <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td>
6e13d0a5 2807 </tr>
4c962356 2808
6e13d0a5 2809 <tr>
49abe7af
EK
2810 <td class='base'>HMAC tls-auth</td>
2811 <td><input type='checkbox' name='TLSAUTH' $checked{'TLSAUTH'}{'on'} /></td>
2812 </tr>
2813 </table><hr>
8c877a82
AM
2814END
2815
2816if ( -e "/var/run/openvpn.pid"){
2817print" <br><b><font color='#990000'>$Lang::tr{'attention'}:</b></font><br>
2818 $Lang::tr{'server restart'}<br><br>
2819 <hr>";
49abe7af 2820 print<<END;
52d08bcb
AM
2821<table width='100%'>
2822<tr>
2823 <td>&nbsp;</td>
2824 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' disabled='disabled' /></td>
2825 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
2826 <td>&nbsp;</td>
2827</tr>
2828</table>
2829</form>
2830END
2831;
2832
2833
2834}else{
8c877a82 2835
49abe7af 2836 print<<END;
6e13d0a5
MT
2837<table width='100%'>
2838<tr>
2839 <td>&nbsp;</td>
2840 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' /></td>
2841 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
2842 <td>&nbsp;</td>
2843</tr>
2844</table>
2845</form>
2846END
2847;
52d08bcb 2848}
6e13d0a5 2849 &Header::closebox();
c6c9630e 2850# print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
6e13d0a5
MT
2851 &Header::closebigbox();
2852 &Header::closepage();
2853 exit(0);
2854
8c877a82
AM
2855
2856# A.Marx CCD Add,delete or edit CCD net
2857
2858} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ccd net'} ||
2859 $cgiparams{'ACTION'} eq $Lang::tr{'ccd add'} ||
2860 $cgiparams{'ACTION'} eq "kill" ||
2861 $cgiparams{'ACTION'} eq "edit" ||
2862 $cgiparams{'ACTION'} eq 'editsave'){
2863 &Header::showhttpheaders();
2864 &Header::openpage($Lang::tr{'ccd net'}, 1, '');
2865 &Header::openbigbox('100%', 'LEFT', '', '');
2866
2867 if ($cgiparams{'ACTION'} eq "kill"){
2868 &delccdnet($cgiparams{'net'});
2869 }
2870
2871 if ($cgiparams{'ACTION'} eq 'editsave'){
2872 my ($a,$b) =split (/\|/,$cgiparams{'ccdname'});
2873 if ( $a ne $b){ &modccdnet($a,$b);}
5068ac38
AM
2874 $cgiparams{'ccdname'}='';
2875 $cgiparams{'ccdsubnet'}='';
8c877a82
AM
2876 }
2877
2878 if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) {
e2429e8d 2879 &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'});
8c877a82
AM
2880 }
2881 if ($errormessage) {
2882 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2883 print "<class name='base'>$errormessage";
2884 print "&nbsp;</class>";
2885 &Header::closebox();
2886 }
2887if ($cgiparams{'ACTION'} eq "edit"){
2888
2889 &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'});
2890
49abe7af 2891 print <<END;
631b67b7 2892 <table width='100%' border='0'>
8c877a82
AM
2893 <tr><form method='post'>
2894 <td width='10%' nowrap='nowrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
a9fb14d0 2895 <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' readonly='readonly' /></td></tr>
8c877a82
AM
2896 <tr><td colspan='4' align='right'><hr><input type='submit' value='$Lang::tr{'save'}' /><input type='hidden' name='ACTION' value='editsave'/>
2897 <input type='hidden' name='ccdname' value='$cgiparams{'ccdname'}'/><input type='submit' value='$Lang::tr{'cancel'}' />
2898 </td></tr>
2899 </table></form>
2900END
2901;
2902 &Header::closebox();
2903
2904 &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
49abe7af 2905 print <<END;
8c877a82
AM
2906 <table width='100%' border='0' cellpadding='0' cellspacing='1'>
2907 <tr>
2908 <td class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' width='15%' align='center'><b>$Lang::tr{'ccd used'}</td><td width='3%'></td><td width='3%'></td></tr>
2909END
2910;
2911}
2912else{
2913 if (! -e "/var/run/openvpn.pid"){
2914 &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd add'});
49abe7af 2915 print <<END;
8c877a82
AM
2916 <table width='100%' border='0'>
2917 <tr><form method='post'>
2918 <td colspan='4'>$Lang::tr{'ccd hint'}<br><br></td></tr>
2919 <tr>
2920 <td width='10%' nowrap='nwrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
2921 <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' /></td></tr>
2922 <tr><td colspan=4><hr /></td></tr><tr>
2923 <td colspan='4' align='right'><input type='hidden' name='ACTION' value='$Lang::tr{'ccd add'}' /><input type='submit' value='$Lang::tr{'add'}' /><input type='hidden' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}'/></td></tr>
2924 </table></form>
2925END
2926
2927 &Header::closebox();
2928}
2929 &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
5068ac38
AM
2930 if ( -e "/var/run/openvpn.pid"){
2931 print "<b>$Lang::tr{'attention'}:</b><br>";
2932 print "$Lang::tr{'ccd noaddnet'}<br><hr>";
2933 }
2934
4c962356 2935 print <<END;
99bfa85c 2936 <table width='100%' cellpadding='0' cellspacing='1'>
8c877a82
AM
2937 <tr>
2938 <td class='boldbase' align='center' nowrap='nowrap' width='20%'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center' width='8%'><b>$Lang::tr{'network'}</td><td class='boldbase' width='8%' align='center' nowrap='nowrap'><b>$Lang::tr{'ccd used'}</td><td width='1%' align='center'></td><td width='1%' align='center'></td></tr>
2939END
2940;
2941}
2942 my %ccdconfhash=();
2943 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
2944 my @ccdconf=();
2945 my $count=0;
df9b48b7 2946 foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
8c877a82
AM
2947 @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
2948 $count++;
2949 my $ccdhosts = &hostsinnet($ccdconf[0]);
2950 if ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";}
2951 else{ print" <tr bgcolor='$color{'color20'}'>";}
2952 print"<td>$ccdconf[0]</td><td align='center'>$ccdconf[1]</td><td align='center'>$ccdhosts/".(&ccdmaxclients($ccdconf[1])+1)."</td><td>";
4c962356 2953 print <<END;
8c877a82 2954 <form method='post' />
1638682b 2955 <input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
8c877a82
AM
2956 <input type='hidden' name='ACTION' value='edit'/>
2957 <input type='hidden' name='ccdname' value='$ccdconf[0]' />
2958 <input type='hidden' name='ccdsubnet' value='$ccdconf[1]' />
2959 </form></td>
2960 <form method='post' />
2961 <td><input type='hidden' name='ACTION' value='kill'/>
2962 <input type='hidden' name='number' value='$count' />
2963 <input type='hidden' name='net' value='$ccdconf[0]' />
1638682b 2964 <input type='image' src='/images/delete.gif' align='middle' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' /></form></td></tr>
8c877a82
AM
2965END
2966;
2967 }
2968 print "</table></form>";
2969 &Header::closebox();
2970 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2971 &Header::closebigbox();
2972 &Header::closepage();
2973 exit(0);
2974
2975#END CCD
2976
6e13d0a5
MT
2977###
2978### Openvpn Connections Statistics
2979###
2980} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ovpn con stat'}) {
2981 &Header::showhttpheaders();
2982 &Header::openpage($Lang::tr{'ovpn con stat'}, 1, '');
2983 &Header::openbigbox('100%', 'LEFT', '', '');
2984 &Header::openbox('100%', 'LEFT', $Lang::tr{'ovpn con stat'});
2985
2986#
2987# <td><b>$Lang::tr{'protocol'}</b></td>
2988# protocol temp removed
4c962356 2989 print <<END;
99bfa85c 2990 <table width='100%' cellpadding='2' cellspacing='0' class='tbl'>
6e13d0a5 2991 <tr>
99bfa85c
AM
2992 <th><b>$Lang::tr{'common name'}</b></th>
2993 <th><b>$Lang::tr{'real address'}</b></th>
2994 <th><b>$Lang::tr{'virtual address'}</b></th>
2995 <th><b>$Lang::tr{'loged in at'}</b></th>
2996 <th><b>$Lang::tr{'bytes sent'}</b></th>
2997 <th><b>$Lang::tr{'bytes received'}</b></th>
2998 <th><b>$Lang::tr{'last activity'}</b></th>
6e13d0a5
MT
2999 </tr>
3000END
3001;
87fe47e9 3002 my $filename = "/var/run/ovpnserver.log";
6e13d0a5
MT
3003 open(FILE, $filename) or die 'Unable to open config file.';
3004 my @current = <FILE>;
3005 close(FILE);
3006 my @users =();
3007 my $status;
3008 my $uid = 0;
3009 my $cn;
3010 my @match = ();
3011 my $proto = "udp";
3012 my $address;
3013 my %userlookup = ();
3014 foreach my $line (@current)
3015 {
3016 chomp($line);
3017 if ( $line =~ /^Updated,(.+)/){
3018 @match = split( /^Updated,(.+)/, $line);
3019 $status = $match[1];
3020 }
c6c9630e 3021#gian
6e13d0a5
MT
3022 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
3023 @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
3024 if ($match[1] ne "Common Name") {
3025 $cn = $match[1];
3026 $userlookup{$match[2]} = $uid;
3027 $users[$uid]{'CommonName'} = $match[1];
3028 $users[$uid]{'RealAddress'} = $match[2];
c6c9630e
MT
3029 $users[$uid]{'BytesReceived'} = &sizeformat($match[3]);
3030 $users[$uid]{'BytesSent'} = &sizeformat($match[4]);
6e13d0a5
MT
3031 $users[$uid]{'Since'} = $match[5];
3032 $users[$uid]{'Proto'} = $proto;
3033 $uid++;
3034 }
3035 }
3036 if ( $line =~ /^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/) {
3037 @match = split(m/^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/, $line);
3038 if ($match[1] ne "Virtual Address") {
3039 $address = $match[3];
3040 #find the uid in the lookup table
3041 $uid = $userlookup{$address};
3042 $users[$uid]{'VirtualAddress'} = $match[1];
3043 $users[$uid]{'LastRef'} = $match[4];
3044 }
3045 }
3046 }
3047 my $user2 = @users;
3048 if ($user2 >= 1){
99bfa85c 3049 for (my $idx = 1; $idx <= $user2; $idx++){
6e13d0a5 3050 if ($idx % 2) {
99bfa85c
AM
3051 print "<tr>";
3052 $col="bgcolor='$color{'color22'}'";
3053 } else {
3054 print "<tr>";
3055 $col="bgcolor='$color{'color20'}'";
6e13d0a5 3056 }
99bfa85c
AM
3057 print "<td align='left' $col>$users[$idx-1]{'CommonName'}</td>";
3058 print "<td align='left' $col>$users[$idx-1]{'RealAddress'}</td>";
3059 print "<td align='left' $col>$users[$idx-1]{'VirtualAddress'}</td>";
3060 print "<td align='left' $col>$users[$idx-1]{'Since'}</td>";
3061 print "<td align='left' $col>$users[$idx-1]{'BytesSent'}</td>";
3062 print "<td align='left' $col>$users[$idx-1]{'BytesReceived'}</td>";
3063 print "<td align='left' $col>$users[$idx-1]{'LastRef'}</td>";
3064 }
3065 }
6e13d0a5
MT
3066
3067 print "</table>";
49abe7af 3068 print <<END;
6e13d0a5
MT
3069 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
3070 <tr><td></td></tr>
3071 <tr><td></td></tr>
3072 <tr><td></td></tr>
3073 <tr><td></td></tr>
3074 <tr><td align='center' >$Lang::tr{'the statistics were last updated at'} <b>$status</b></td></tr>
3075 </table>
3076END
3077;
3078 &Header::closebox();
3079 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
3080 &Header::closebigbox();
3081 &Header::closepage();
3082 exit(0);
3083
3084###
3085### Download Certificate
3086###
3087} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download certificate'}) {
3088 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 3089
6e13d0a5 3090 if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
c6c9630e
MT
3091 print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\r\n";
3092 print "Content-Type: application/octet-stream\r\n\r\n";
3093 print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
3094 exit (0);
3095 }
3096
3097###
3098### Enable/Disable connection
3099###
ce9abb66 3100
c6c9630e
MT
3101} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
3102
3103 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3104 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3105
3106 if ($confighash{$cgiparams{'KEY'}}) {
ce9abb66 3107 if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
c6c9630e
MT
3108 $confighash{$cgiparams{'KEY'}}[0] = 'on';
3109 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3110 #&writeserverconf();
3111# if ($vpnsettings{'ENABLED'} eq 'on' ||
3112# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
3113# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
3114# }
3115 } else {
3116 $confighash{$cgiparams{'KEY'}}[0] = 'off';
3117# if ($vpnsettings{'ENABLED'} eq 'on' ||
3118# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
3119# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
3120# }
3121 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3122 #&writeserverconf();
3123 }
3124 } else {
3125 $errormessage = $Lang::tr{'invalid key'};
6e13d0a5
MT
3126 }
3127
3128###
3129### Restart connection
3130###
3131} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'restart'}) {
3132 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3133 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3134
3135 if ($confighash{$cgiparams{'KEY'}}) {
c6c9630e
MT
3136# if ($vpnsettings{'ENABLED'} eq 'on' ||
3137# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
3138# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
3139# }
6e13d0a5 3140 } else {
c6c9630e 3141 $errormessage = $Lang::tr{'invalid key'};
6e13d0a5
MT
3142 }
3143
ce9abb66 3144###
7c1d9faf 3145# m.a.d net2net
ce9abb66
AH
3146###
3147
3148} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') {
3149 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3150 &Header::showhttpheaders();
4c962356 3151 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
ce9abb66
AH
3152 &Header::openbigbox('100%', 'LEFT', '', '');
3153 &Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'});
b278daf3
AH
3154
3155if ( -s "${General::swroot}/ovpn/settings") {
3156
49abe7af 3157 print <<END;
ce9abb66 3158 <b>$Lang::tr{'connection type'}:</b><br />
8c877a82 3159 <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
ce9abb66
AH
3160 <tr><td><input type='radio' name='TYPE' value='host' checked /></td>
3161 <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
3162 <tr><td><input type='radio' name='TYPE' value='net' /></td>
3163 <td class='base'>$Lang::tr{'net to net vpn'}</td></tr>
3164 <tr><td><input type='radio' name='TYPE' value='net2net' /></td>
3165 <td class='base'>$Lang::tr{'net to net vpn'} (Upload Client Package)</td></tr>
3166 <tr><td>&nbsp;</td><td class='base'><input type='file' name='FH' size='30'></td></tr>
e3edceeb 3167 <tr><td>&nbsp;</td><td>Import Connection Name</td></tr>
040b8b0c 3168 <tr><td>&nbsp;</td><td class='base'><input type='text' name='n2nname' size='30'>$Lang::tr{'openvpn default'}: Client Packagename</td></tr>
54fd0535 3169 <tr><td colspan='3'><hr /></td></tr>
8c877a82 3170 <tr><td align='right' colspan='3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
ce9abb66
AH
3171 </form></table>
3172END
3173 ;
8c877a82 3174
ce9abb66 3175
b278daf3 3176} else {
49abe7af 3177 print <<END;
b278daf3 3178 <b>$Lang::tr{'connection type'}:</b><br />
8c877a82 3179 <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
b278daf3 3180 <tr><td><input type='radio' name='TYPE' value='host' checked /></td> <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
8c877a82 3181 <tr><td align='right' colspan'3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
b278daf3
AH
3182 </form></table>
3183END
3184 ;
3185
3186}
3187
ce9abb66 3188 &Header::closebox();
4c962356 3189 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
ce9abb66
AH
3190 &Header::closebigbox();
3191 &Header::closepage();
3192 exit (0);
3193
3194###
7c1d9faf 3195# m.a.d net2net
ce9abb66
AH
3196###
3197
3198} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2net')){
3199
3200 my @firen2nconf;
3201 my @confdetails;
3202 my $uplconffilename ='';
54fd0535 3203 my $uplconffilename2 ='';
ce9abb66 3204 my $uplp12name = '';
54fd0535 3205 my $uplp12name2 = '';
ce9abb66
AH
3206 my @rem_subnet;
3207 my @rem_subnet2;
3208 my @tmposupnet3;
3209 my $key;
54fd0535 3210 my @n2nname;
ce9abb66
AH
3211
3212 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3213
3214# Check if a file is uploaded
3215
3216 if (ref ($cgiparams{'FH'}) ne 'Fh') {
3217 $errormessage = $Lang::tr{'there was no file upload'};
3218 goto N2N_ERROR;
3219 }
3220
3221# Move uploaded IPfire n2n package to temporary file
3222
3223 (my $fh, my $filename) = tempfile( );
3224 if (copy ($cgiparams{'FH'}, $fh) != 1) {
3225 $errormessage = $!;
3226 goto N2N_ERROR;
3227 }
3228
3229 my $zip = Archive::Zip->new();
3230 my $zipName = $filename;
3231 my $status = $zip->read( $zipName );
3232 if ($status != AZ_OK) {
3233 $errormessage = "Read of $zipName failed\n";
3234 goto N2N_ERROR;
3235 }
3236
3237 my $tempdir = tempdir( CLEANUP => 1 );
3238 my @files = $zip->memberNames();
3239 for(@files) {
3240 $zip->extractMemberWithoutPaths($_,"$tempdir/$_");
3241 }
3242 my $countfiles = @files;
3243
3244# Check if we have not more then 2 files
3245
3246 if ( $countfiles == 2){
3247 foreach (@files){
3248 if ( $_ =~ /.conf$/){
3249 $uplconffilename = $_;
3250 }
3251 if ( $_ =~ /.p12$/){
3252 $uplp12name = $_;
3253 }
3254 }
3255 if (($uplconffilename eq '') || ($uplp12name eq '')){
3256 $errormessage = "Either no *.conf or no *.p12 file found\n";
3257 goto N2N_ERROR;
3258 }
3259
3260 open(FILE, "$tempdir/$uplconffilename") or die 'Unable to open*.conf file';
3261 @firen2nconf = <FILE>;
3262 close (FILE);
3263 chomp(@firen2nconf);
ce9abb66
AH
3264 } else {
3265
3266 $errormessage = "Filecount does not match only 2 files are allowed\n";
3267 goto N2N_ERROR;
3268 }
3269
7c1d9faf
AH
3270###
3271# m.a.d net2net
ce9abb66 3272###
54fd0535
MT
3273
3274 if ($cgiparams{'n2nname'} ne ''){
3275
3276 $uplconffilename2 = "$cgiparams{'n2nname'}.conf";
3277 $uplp12name2 = "$cgiparams{'n2nname'}.p12";
3278 $n2nname[0] = $cgiparams{'n2nname'};
3279 my @n2nname2 = split(/\./,$uplconffilename);
3280 $n2nname2[0] =~ s/\n|\r//g;
3281 my $input1 = "${General::swroot}/ovpn/certs/$uplp12name";
3282 my $output1 = "${General::swroot}/ovpn/certs/$uplp12name2";
3283 my $input2 = "$n2nname2[0]n2n";
3284 my $output2 = "$n2nname[0]n2n";
3285 my $filename = "$tempdir/$uplconffilename";
3286 open(FILE, "< $filename") or die 'Unable to open config file.';
3287 my @current = <FILE>;
3288 close(FILE);
3289 foreach (@current) {s/$input1/$output1/g;}
3290 foreach (@current) {s/$input2/$output2/g;}
3291 open (OUT, "> $filename") || die 'Unable to open config file.';
3292 print OUT @current;
3293 close OUT;
ce9abb66 3294
54fd0535
MT
3295 }else{
3296 $uplconffilename2 = $uplconffilename;
3297 $uplp12name2 = $uplp12name;
3298 @n2nname = split(/\./,$uplconffilename);
ce9abb66 3299 $n2nname[0] =~ s/\n|\r//g;
54fd0535 3300 }
7c1d9faf
AH
3301 unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
3302 unless(-d "${General::swroot}/ovpn/n2nconf/$n2nname[0]"){mkdir "${General::swroot}/ovpn/n2nconf/$n2nname[0]", 0770 or die "Unable to create dir $!";}
ce9abb66 3303
7dfcaef0
AM
3304 #Add collectd settings to configfile
3305 open(FILE, ">> $tempdir/$uplconffilename") or die 'Unable to open config file.';
3306 print FILE "# Logfile\n";
3307 print FILE "status-version 1\n";
3308 print FILE "status /var/run/openvpn/$n2nname[0]-n2n 10\n";
3309 close FILE;
3310
54fd0535 3311 move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2");
ce9abb66
AH
3312
3313 if ($? ne 0) {
3314 $errormessage = "*.conf move failed: $!";
3315 unlink ($filename);
3316 goto N2N_ERROR;
3317 }
3318
54fd0535 3319 move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name2");
b278daf3
AH
3320 chmod 0600, "${General::swroot}/ovpn/certs/$uplp12name";
3321
ce9abb66
AH
3322 if ($? ne 0) {
3323 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
3324 unlink ($filename);
3325 goto N2N_ERROR;
3326 }
3327
3328my $complzoactive;
d96c89eb 3329my $mssfixactive;
4c962356 3330my $authactive;
d96c89eb 3331my $n2nfragment;
4c962356 3332my @n2nmtudisc = split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]);
60f396d7 3333my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
54fd0535 3334my @n2nproto = split(/-/, $n2nproto2[1]);
ce9abb66
AH
3335my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]);
3336my @n2ntunmtu = split(/ /, (grep { /^tun-mtu/ } @firen2nconf)[0]);
3337my @n2ncomplzo = grep { /^comp-lzo/ } @firen2nconf;
3338if ($n2ncomplzo[0] =~ /comp-lzo/){$complzoactive = "on";} else {$complzoactive = "off";}
d96c89eb
AH
3339my @n2nmssfix = grep { /^mssfix/ } @firen2nconf;
3340if ($n2nmssfix[0] =~ /mssfix/){$mssfixactive = "on";} else {$mssfixactive = "off";}
54fd0535 3341#my @n2nmssfix = split(/ /, (grep { /^mssfix/ } @firen2nconf)[0]);
d96c89eb 3342my @n2nfragment = split(/ /, (grep { /^fragment/ } @firen2nconf)[0]);
ce9abb66
AH
3343my @n2nremote = split(/ /, (grep { /^remote/ } @firen2nconf)[0]);
3344my @n2novpnsuball = split(/ /, (grep { /^ifconfig/ } @firen2nconf)[0]);
3345my @n2novpnsub = split(/\./,$n2novpnsuball[1]);
3346my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]);
54fd0535 3347my @n2nmgmt = split(/ /, (grep { /^management/ } @firen2nconf)[0]);
ce9abb66 3348my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]);
4c962356 3349my @n2ncipher = split(/ /, (grep { /^cipher/ } @firen2nconf)[0]);
f527e53f 3350my @n2nauth = split(/ /, (grep { /^auth/ } @firen2nconf)[0]);;
60f396d7 3351
ce9abb66
AH
3352###
3353# m.a.d delete CR and LF from arrays for this chomp doesnt work
3354###
3355
ce9abb66 3356$n2nremote[1] =~ s/\n|\r//g;
ce9abb66
AH
3357$n2novpnsub[0] =~ s/\n|\r//g;
3358$n2novpnsub[1] =~ s/\n|\r//g;
3359$n2novpnsub[2] =~ s/\n|\r//g;
60f396d7 3360$n2nproto[0] =~ s/\n|\r//g;
ce9abb66
AH
3361$n2nport[1] =~ s/\n|\r//g;
3362$n2ntunmtu[1] =~ s/\n|\r//g;
3363$n2nremsub[1] =~ s/\n|\r//g;
b278daf3 3364$n2nremsub[2] =~ s/\n|\r//g;
ce9abb66 3365$n2nlocalsub[2] =~ s/\n|\r//g;
d96c89eb 3366$n2nfragment[1] =~ s/\n|\r//g;
54fd0535 3367$n2nmgmt[2] =~ s/\n|\r//g;
2ee746be 3368$n2nmtudisc[1] =~ s/\n|\r//g;
4c962356
EK
3369$n2ncipher[1] =~ s/\n|\r//g;
3370$n2nauth[1] =~ s/\n|\r//g;
ce9abb66 3371chomp ($complzoactive);
d96c89eb 3372chomp ($mssfixactive);
ce9abb66
AH
3373
3374###
7c1d9faf 3375# m.a.d net2net
ce9abb66
AH
3376###
3377
3378###
3379# Check if there is no other entry with this name
3380###
3381
3382 foreach my $dkey (keys %confighash) {
3383 if ($confighash{$dkey}[1] eq $n2nname[0]) {
3384 $errormessage = $Lang::tr{'a connection with this name already exists'};
b278daf3
AH
3385 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
3386 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
3387 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
ce9abb66
AH
3388 goto N2N_ERROR;
3389 }
3390 }
3391
d96c89eb
AH
3392###
3393# Check if OpenVPN Subnet is valid
3394###
3395
3396foreach my $dkey (keys %confighash) {
3397 if ($confighash{$dkey}[27] eq "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0") {
3398 $errormessage = 'The OpenVPN Subnet is already in use';
b278daf3
AH
3399 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
3400 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
3401 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
d96c89eb
AH
3402 goto N2N_ERROR;
3403 }
3404 }
3405
3406###
4c962356 3407# Check if Dest Port is vaild
d96c89eb
AH
3408###
3409
3410foreach my $dkey (keys %confighash) {
3411 if ($confighash{$dkey}[29] eq $n2nport[1] ) {
3412 $errormessage = 'The OpenVPN Port is already in use';
b278daf3
AH
3413 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
3414 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
3415 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
d96c89eb
AH
3416 goto N2N_ERROR;
3417 }
3418 }
3419
3420
3421
ce9abb66
AH
3422 $key = &General::findhasharraykey (\%confighash);
3423
49abe7af 3424 foreach my $i (0 .. 42) { $confighash{$key}[$i] = "";}
350f2980 3425
ce9abb66
AH
3426 $confighash{$key}[0] = 'off';
3427 $confighash{$key}[1] = $n2nname[0];
350f2980 3428 $confighash{$key}[2] = $n2nname[0];
ce9abb66
AH
3429 $confighash{$key}[3] = 'net';
3430 $confighash{$key}[4] = 'cert';
3431 $confighash{$key}[6] = 'client';
3432 $confighash{$key}[8] = $n2nlocalsub[2];
350f2980
SS
3433 $confighash{$key}[10] = $n2nremote[1];
3434 $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]";
54fd0535 3435 $confighash{$key}[22] = $n2nmgmt[2];
350f2980 3436 $confighash{$key}[23] = $mssfixactive;
d96c89eb 3437 $confighash{$key}[24] = $n2nfragment[1];
350f2980 3438 $confighash{$key}[25] = 'IPFire n2n Client';
ce9abb66 3439 $confighash{$key}[26] = 'red';
350f2980
SS
3440 $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0";
3441 $confighash{$key}[28] = $n2nproto[0];
3442 $confighash{$key}[29] = $n2nport[1];
3443 $confighash{$key}[30] = $complzoactive;
3444 $confighash{$key}[31] = $n2ntunmtu[1];
49abe7af 3445 $confighash{$key}[38] = $n2nmtudisc[1];
4c962356
EK
3446 $confighash{$key}[39] = $n2nauth[1];
3447 $confighash{$key}[40] = $n2ncipher[1];
49abe7af 3448 $confighash{$key}[41] = 'disabled';
ce9abb66
AH
3449
3450 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
d96c89eb 3451
ce9abb66
AH
3452 N2N_ERROR:
3453
3454 &Header::showhttpheaders();
3455 &Header::openpage('Validate imported configuration', 1, '');
3456 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
3457 if ($errormessage) {
3458 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
3459 print "<class name='base'>$errormessage";
3460 print "&nbsp;</class>";
3461 &Header::closebox();
3462
3463 } else
3464 {
3465 &Header::openbox('100%', 'LEFT', 'import ipfire net2net config');
3466 }
3467 if ($errormessage eq ''){
49abe7af 3468 print <<END;
ce9abb66
AH
3469 <!-- ipfire net2net config gui -->
3470 <table width='100%'>
3471 <tr><td width='25%'>&nbsp;</td><td width='25%'>&nbsp;</td></tr>
3472 <tr><td class='boldbase'>$Lang::tr{'name'}:</td><td><b>$n2nname[0]</b></td></tr>
3473 <tr><td>&nbsp;</td><td>&nbsp;</td></tr>
3474 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td><td><b>$confighash{$key}[6]</b></td></tr>
3475 <tr><td class='boldbase' nowrap='nowrap'>Remote Host </td><td><b>$confighash{$key}[10]</b></td></tr>
3476 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td><td><b>$confighash{$key}[8]</b></td></tr>
4c962356 3477 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}:</td><td><b>$confighash{$key}[11]</b></td></tr>
ce9abb66
AH
3478 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td><td><b>$confighash{$key}[27]</b></td></tr>
3479 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td><td><b>$confighash{$key}[28]</b></td></tr>
3480 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'destination port'}:</td><td><b>$confighash{$key}[29]</b></td></tr>
3481 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td><td><b>$confighash{$key}[30]</b></td></tr>
4c962356
EK
3482 <tr><td class='boldbase' nowrap='nowrap'>MSSFIX:</td><td><b>$confighash{$key}[23]</b></td></tr>
3483 <tr><td class='boldbase' nowrap='nowrap'>Fragment:</td><td><b>$confighash{$key}[24]</b></td></tr>
ce9abb66 3484 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
350f2980 3485 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td><td><b>$confighash{$key}[38]</b></td></tr>
54fd0535 3486 <tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr>
4c962356
EK
3487 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn hmac'}:</td><td><b>$confighash{$key}[39]</b></td></tr>
3488 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td><td><b>$confighash{$key}[40]</b></td></tr>
ce9abb66
AH
3489 <tr><td>&nbsp;</td><td>&nbsp;</td></tr>
3490 </table>
3491END
3492;
3493 &Header::closebox();
3494 }
3495
3496 if ($errormessage) {
3497 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
3498 } else {
3499 print "<div align='center'><form method='post' ENCTYPE='multipart/form-data'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' />";
3500 print "<input type='hidden' name='TYPE' value='net2netakn' />";
3501 print "<input type='hidden' name='KEY' value='$key' />";
3502 print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>";
3503 }
3504 &Header::closebigbox();
3505 &Header::closepage();
4c962356 3506 exit(0);
ce9abb66
AH
3507
3508
3509##
3510### Accept IPFire n2n Package Settings
3511###
3512
3513 } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){
3514
3515###
3516### Discard and Rollback IPFire n2n Package Settings
3517###
3518
3519 } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'cancel'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){
3520
3521 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3522
3523if ($confighash{$cgiparams{'KEY'}}) {
3524
3525 my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
3526 my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
3527 unlink ($certfile) or die "Removing $certfile fail: $!";
3528 unlink ($conffile) or die "Removing $conffile fail: $!";
3529 rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
3530 delete $confighash{$cgiparams{'KEY'}};
3531 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3532
3533 } else {
3534 $errormessage = $Lang::tr{'invalid key'};
3535 }
3536
3537
3538###
7c1d9faf 3539# m.a.d net2net
ce9abb66
AH
3540###
3541
3542
3543###
3544### Adding a new connection
3545###
6e13d0a5
MT
3546} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) ||
3547 ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) ||
3548 ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) {
8c877a82 3549
6e13d0a5
MT
3550 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3551 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
3552 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3553
3554 if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
8c877a82
AM
3555 if (! $confighash{$cgiparams{'KEY'}}[0]) {
3556 $errormessage = $Lang::tr{'invalid key'};
3557 goto VPNCONF_END;
3558 }
4c962356
EK
3559 $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0];
3560 $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1];
3561 $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
3562 $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
3563 $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
3564 $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6];
3565 $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
3566 $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10];
8c877a82 3567 $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
4c962356
EK
3568 $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22];
3569 $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23];
3570 $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24];
3571 $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25];
3572 $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
3573 $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27];
3574 $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28];
3575 $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29];
3576 $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30];
3577 $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31];
3578 $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32];
df9b48b7 3579 $name=$cgiparams{'CHECK1'} ;
4c962356
EK
3580 $cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33];
3581 $cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34];
3582 $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35];
3583 $cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36];
3584 $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37];
4c962356
EK
3585 $cgiparams{'DAUTH'} = $confighash{$cgiparams{'KEY'}}[39];
3586 $cgiparams{'DCIPHER'} = $confighash{$cgiparams{'KEY'}}[40];
49abe7af 3587 $cgiparams{'TLSAUTH'} = $confighash{$cgiparams{'KEY'}}[41];
8c877a82 3588 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
c6c9630e 3589 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
18837a6a 3590
8c877a82 3591#A.Marx CCD check iroute field and convert it to decimal
52d08bcb 3592if ($cgiparams{'TYPE'} eq 'host') {
8c877a82
AM
3593 my @temp=();
3594 my %ccdroutehash=();
3595 my $keypoint=0;
5068ac38
AM
3596 my $ip;
3597 my $cidr;
8c877a82
AM
3598 if ($cgiparams{'IR'} ne ''){
3599 @temp = split("\n",$cgiparams{'IR'});
3600 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3601 #find key to use
3602 foreach my $key (keys %ccdroutehash) {
3603 if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) {
3604 $keypoint=$key;
3605 delete $ccdroutehash{$key};
3606 }else{
3607 $keypoint = &General::findhasharraykey (\%ccdroutehash);
3608 }
3609 }
3610 $ccdroutehash{$keypoint}[0]=$cgiparams{'NAME'};
3611 my $i=1;
3612 my $val=0;
3613 foreach $val (@temp){
3614 chomp($val);
3615 $val=~s/\s*$//g;
5068ac38 3616 #check if iroute exists in ccdroute or if new iroute is part of an existing one
8c877a82
AM
3617 foreach my $key (keys %ccdroutehash) {
3618 foreach my $oldiroute ( 1 .. $#{$ccdroutehash{$key}}){
5068ac38
AM
3619 if ($ccdroutehash{$key}[$oldiroute] eq "$val") {
3620 $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
3621 goto VPNCONF_ERROR;
3622 }
3623 my ($ip1,$cidr1) = split (/\//, $val);
82c809c7 3624 $ip1 = &General::getnetworkip($ip1,&General::iporsubtocidr($cidr1));
5068ac38
AM
3625 my ($ip2,$cidr2) = split (/\//, $ccdroutehash{$key}[$oldiroute]);
3626 if (&General::IpInSubnet ($ip1,$ip2,$cidr2)){
3627 $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
3628 goto VPNCONF_ERROR;
3629 }
3630
8c877a82
AM
3631 }
3632 }
5068ac38
AM
3633 if (!&General::validipandmask($val)){
3634 $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
3635 goto VPNCONF_ERROR;
3636 }else{
3637 ($ip,$cidr) = split(/\//,$val);
3638 $ip=&General::getnetworkip($ip,&General::iporsubtocidr($cidr));
3639 $cidr=&General::iporsubtodec($cidr);
3640 $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
3641
3642 }
8c877a82
AM
3643
3644 #check for existing network IP's
52d08bcb
AM
3645 if (&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0')
3646 {
3647 $errormessage=$Lang::tr{'ccd err green'};
3648 goto VPNCONF_ERROR;
3649 }elsif(&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0')
3650 {
3651 $errormessage=$Lang::tr{'ccd err red'};
3652 goto VPNCONF_ERROR;
3653 }elsif(&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '')
3654 {
3655 $errormessage=$Lang::tr{'ccd err blue'};
3656 goto VPNCONF_ERROR;
3657 }elsif(&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' )
3658 {
3659 $errormessage=$Lang::tr{'ccd err orange'};
8c877a82
AM
3660 goto VPNCONF_ERROR;
3661 }
52d08bcb 3662
8c877a82
AM
3663 if (&General::validipandmask($val)){
3664 $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
3665 }else{
3666 $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($ip/$cidr)";
3667 goto VPNCONF_ERROR;
3668 }
3669 $i++;
3670 }
3671 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3672 &writeserverconf;
3673 }else{
3674 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3675 foreach my $key (keys %ccdroutehash) {
3676 if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) {
3677 delete $ccdroutehash{$key};
3678 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3679 &writeserverconf;
3680 }
3681 }
3682 }
3683 undef @temp;
3684 #check route field and convert it to decimal
8c877a82
AM
3685 my $val=0;
3686 my $i=1;
8c877a82 3687 &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
52d08bcb
AM
3688 #find key to use
3689 foreach my $key (keys %ccdroute2hash) {
3690 if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) {
3691 $keypoint=$key;
3692 delete $ccdroute2hash{$key};
3693 }else{
3694 $keypoint = &General::findhasharraykey (\%ccdroute2hash);
3695 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3696 &writeserverconf;
8c877a82 3697 }
52d08bcb
AM
3698 }
3699 $ccdroute2hash{$keypoint}[0]=$cgiparams{'NAME'};
3700 if ($cgiparams{'IFROUTE'} eq ''){$cgiparams{'IFROUTE'} = $Lang::tr{'ccd none'};}
3701 @temp = split(/\|/,$cgiparams{'IFROUTE'});
3702 my %ownnet=();
3703 &General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
3704 foreach $val (@temp){
3705 chomp($val);
3706 $val=~s/\s*$//g;
3707 if ($val eq $Lang::tr{'green'})
3708 {
3709 $val=$ownnet{GREEN_NETADDRESS}."/".$ownnet{GREEN_NETMASK};
3710 }
3711 if ($val eq $Lang::tr{'blue'})
3712 {
3713 $val=$ownnet{BLUE_NETADDRESS}."/".$ownnet{BLUE_NETMASK};
3714 }
3715 if ($val eq $Lang::tr{'orange'})
3716 {
3717 $val=$ownnet{ORANGE_NETADDRESS}."/".$ownnet{ORANGE_NETMASK};
3718 }
3719 my ($ip,$cidr) = split (/\//, $val);
3720
3721 if ($val ne $Lang::tr{'ccd none'})
3722 {
8c877a82
AM
3723 if (! &check_routes_push($val)){$errormessage=$errormessage."Route $val ".$Lang::tr{'ccd err routeovpn2'}." ($val)";goto VPNCONF_ERROR;}
3724 if (! &check_ccdroute($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err inuse'}." ($val)" ;goto VPNCONF_ERROR;}
3725 if (! &check_ccdconf($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err routeovpn'}." ($val)";goto VPNCONF_ERROR;}
3726 if (&General::validipandmask($val)){
3727 $val=$ip."/".&General::iporsubtodec($cidr);
3728 $ccdroute2hash{$keypoint}[$i] = $val;
3729 }else{
3730 $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
3731 goto VPNCONF_ERROR;
3732 }
52d08bcb
AM
3733 }else{
3734 $ccdroute2hash{$keypoint}[$i]='';
3735 }
3736 $i++;
3737 }
3738 &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
3739
8c877a82
AM
3740 #check dns1 ip
3741 if ($cgiparams{'CCD_DNS1'} ne '' && ! &General::validip($cgiparams{'CCD_DNS1'})) {
3742 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 1";
3743 goto VPNCONF_ERROR;
3744 }
3745 #check dns2 ip
3746 if ($cgiparams{'CCD_DNS2'} ne '' && ! &General::validip($cgiparams{'CCD_DNS2'})) {
3747 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 2";
3748 goto VPNCONF_ERROR;
3749 }
3750 #check wins ip
3751 if ($cgiparams{'CCD_WINS'} ne '' && ! &General::validip($cgiparams{'CCD_WINS'})) {
3752 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp wins'};
3753 goto VPNCONF_ERROR;
3754 }
52d08bcb 3755}
8c877a82
AM
3756
3757#CCD End
52d08bcb 3758
8c877a82
AM
3759
3760 if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
c6c9630e 3761 $errormessage = $Lang::tr{'connection type is invalid'};
b278daf3
AH
3762 if ($cgiparams{'TYPE'} eq 'net') {
3763 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3764 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3765 }
c6c9630e
MT
3766 goto VPNCONF_ERROR;
3767 }
3768
3769
3770 if ($cgiparams{'NAME'} !~ /^[a-zA-Z0-9]+$/) {
3771 $errormessage = $Lang::tr{'name must only contain characters'};
b278daf3
AH
3772 if ($cgiparams{'TYPE'} eq 'net') {
3773 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3774 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3775 }
3776 goto VPNCONF_ERROR;
3777 }
c6c9630e
MT
3778
3779 if ($cgiparams{'NAME'} =~ /^(host|01|block|private|clear|packetdefault)$/) {
3780 $errormessage = $Lang::tr{'name is invalid'};
b278daf3
AH
3781 if ($cgiparams{'TYPE'} eq 'net') {
3782 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3783 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3784 }
c6c9630e
MT
3785 goto VPNCONF_ERROR;
3786 }
3787
3788 if (length($cgiparams{'NAME'}) >60) {
3789 $errormessage = $Lang::tr{'name too long'};
b278daf3
AH
3790 if ($cgiparams{'TYPE'} eq 'net') {
3791 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3792 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3793 }
c6c9630e
MT
3794 goto VPNCONF_ERROR;
3795 }
3796
d96c89eb 3797###
7c1d9faf 3798# m.a.d net2net
d96c89eb
AH
3799###
3800
7c1d9faf 3801if ($cgiparams{'TYPE'} eq 'net') {
ab4cf06c 3802 if ($cgiparams{'DEST_PORT'} eq $vpnsettings{'DDEST_PORT'}) {
cd0c0a0d 3803 $errormessage = $Lang::tr{'openvpn destination port used'};
b278daf3
AH
3804 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3805 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3806 goto VPNCONF_ERROR;
d96c89eb 3807 }
ab4cf06c
AM
3808 #Bugfix 10357
3809 foreach my $key (sort keys %confighash){
3810 if ( ($confighash{$key}[22] eq $cgiparams{'DEST_PORT'} && $cgiparams{'NAME'} ne $confighash{$key}[1]) || ($confighash{$key}[29] eq $cgiparams{'DEST_PORT'} && $cgiparams{'NAME'} ne $confighash{$key}[1])){
54fd0535
MT
3811 $errormessage = $Lang::tr{'openvpn destination port used'};
3812 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3813 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
ab4cf06c
AM
3814 goto VPNCONF_ERROR;
3815 }
3816 }
3817 if ($cgiparams{'DEST_PORT'} eq '') {
3818 $errormessage = $Lang::tr{'invalid port'};
3819 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3820 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
54fd0535
MT
3821 goto VPNCONF_ERROR;
3822 }
d96c89eb 3823
f48074ba
SS
3824 # Check if the input for the transfer net is valid.
3825 if (!&General::validipandmask($cgiparams{'OVPN_SUBNET'})){
3826 $errormessage = $Lang::tr{'ccd err invalidnet'};
3827 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3828 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3829 goto VPNCONF_ERROR;
3830 }
3831
d96c89eb 3832 if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) {
cd0c0a0d 3833 $errormessage = $Lang::tr{'openvpn subnet is used'};
b278daf3
AH
3834 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3835 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
d96c89eb
AH
3836 goto VPNCONF_ERROR;
3837 }
3838
3839 if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'MSSFIX'} eq 'on')) {
cd0c0a0d 3840 $errormessage = $Lang::tr{'openvpn mssfix allowed with udp'};
b278daf3
AH
3841 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3842 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
d96c89eb
AH
3843 goto VPNCONF_ERROR;
3844 }
3845
3846 if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'FRAGMENT'} ne '')) {
cd0c0a0d 3847 $errormessage = $Lang::tr{'openvpn fragment allowed with udp'};
b278daf3
AH
3848 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3849 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
d96c89eb
AH
3850 goto VPNCONF_ERROR;
3851 }
d96c89eb 3852
7c1d9faf 3853 if ( &validdotmask ($cgiparams{'LOCAL_SUBNET'})) {
cd0c0a0d 3854 $errormessage = $Lang::tr{'openvpn prefix local subnet'};
b278daf3
AH
3855 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3856 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3857 goto VPNCONF_ERROR;
7c1d9faf
AH
3858 }
3859
3860 if ( &validdotmask ($cgiparams{'OVPN_SUBNET'})) {
cd0c0a0d 3861 $errormessage = $Lang::tr{'openvpn prefix openvpn subnet'};
b278daf3
AH
3862 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3863 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3864 goto VPNCONF_ERROR;
7c1d9faf
AH
3865 }
3866
3867 if ( &validdotmask ($cgiparams{'REMOTE_SUBNET'})) {
cd0c0a0d 3868 $errormessage = $Lang::tr{'openvpn prefix remote subnet'};
b278daf3
AH
3869 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3870 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3871 goto VPNCONF_ERROR;
8c252e6a
EK
3872 }
3873
3874 if ($cgiparams{'DEST_PORT'} <= 1023) {
3875 $errormessage = $Lang::tr{'ovpn port in root range'};
3876 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3877 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3878 goto VPNCONF_ERROR;
3879 }
54fd0535 3880
4c962356 3881 if ($cgiparams{'OVPN_MGMT'} eq '') {
8c252e6a
EK
3882 $cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'};
3883 }
3884
3885 if ($cgiparams{'OVPN_MGMT'} <= 1023) {
3886 $errormessage = $Lang::tr{'ovpn mgmt in root range'};
3887 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3888 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3889 goto VPNCONF_ERROR;
b2e75449
MT
3890 }
3891 #Check if remote subnet is used elsewhere
3892 my ($n2nip,$n2nsub)=split("/",$cgiparams{'REMOTE_SUBNET'});
3893 $warnmessage=&General::checksubnets('',$n2nip,'ovpn');
3894 if ($warnmessage){
3895 $warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage;
3896 }
7c1d9faf 3897}
d96c89eb 3898
ce9abb66
AH
3899# if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
3900# $errormessage = $Lang::tr{'ipfire side is invalid'};
3901# goto VPNCONF_ERROR;
3902# }
3903
c6c9630e
MT
3904 # Check if there is no other entry with this name
3905 if (! $cgiparams{'KEY'}) {
3906 foreach my $key (keys %confighash) {
3907 if ($confighash{$key}[1] eq $cgiparams{'NAME'}) {
3908 $errormessage = $Lang::tr{'a connection with this name already exists'};
b278daf3
AH
3909 if ($cgiparams{'TYPE'} eq 'net') {
3910 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3911 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3912 }
c6c9630e 3913 goto VPNCONF_ERROR;
6e13d0a5 3914 }
c6c9630e
MT
3915 }
3916 }
3917
c125d8a2 3918 # Check if a remote host/IP has been set for the client.
86228a56
MT
3919 if ($cgiparams{'TYPE'} eq 'net') {
3920 if ($cgiparams{'SIDE'} ne 'server' && $cgiparams{'REMOTE'} eq '') {
3921 $errormessage = $Lang::tr{'invalid input for remote host/ip'};
c125d8a2 3922
86228a56
MT
3923 # Check if this is a N2N connection and drop temporary config.
3924 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3925 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
ce9abb66 3926
86228a56
MT
3927 goto VPNCONF_ERROR;
3928 }
c125d8a2 3929
86228a56
MT
3930 # Check if a remote host/IP has been configured - the field can be empty on the server side.
3931 if ($cgiparams{'REMOTE'} ne '') {
3932 # Check if the given IP is valid - otherwise check if it is a valid domain.
3933 if (! &General::validip($cgiparams{'REMOTE'})) {
3934 # Check for a valid domain.
3935 if (! &General::validfqdn ($cgiparams{'REMOTE'})) {
3936 $errormessage = $Lang::tr{'invalid input for remote host/ip'};
c125d8a2 3937
86228a56
MT
3938 # Check if this is a N2N connection and drop temporary config.
3939 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3940 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
c125d8a2 3941
86228a56
MT
3942 goto VPNCONF_ERROR;
3943 }
3944 }
6e13d0a5 3945 }
c6c9630e 3946 }
c125d8a2 3947
c6c9630e
MT
3948 if ($cgiparams{'TYPE'} ne 'host') {
3949 unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) {
3950 $errormessage = $Lang::tr{'local subnet is invalid'};
b278daf3
AH
3951 if ($cgiparams{'TYPE'} eq 'net') {
3952 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3953 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3954 }
c6c9630e
MT
3955 goto VPNCONF_ERROR;}
3956 }
3957 # Check if there is no other entry without IP-address and PSK
3958 if ($cgiparams{'REMOTE'} eq '') {
3959 foreach my $key (keys %confighash) {
3960 if(($cgiparams{'KEY'} ne $key) &&
3961 ($confighash{$key}[4] eq 'psk' || $cgiparams{'AUTH'} eq 'psk') &&
3962 $confighash{$key}[10] eq '') {
3963 $errormessage = $Lang::tr{'you can only define one roadwarrior connection when using pre-shared key authentication'};
3964 goto VPNCONF_ERROR;
6e13d0a5 3965 }
c6c9630e
MT
3966 }
3967 }
ce9abb66
AH
3968 if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) {
3969 $errormessage = $Lang::tr{'remote subnet is invalid'};
b278daf3
AH
3970 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3971 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3972 goto VPNCONF_ERROR;
ce9abb66 3973 }
c6c9630e
MT
3974
3975 if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
3976 $errormessage = $Lang::tr{'invalid input'};
3977 goto VPNCONF_ERROR;
3978 }
3979 if ($cgiparams{'EDIT_ADVANCED'} !~ /^(on|off)$/) {
3980 $errormessage = $Lang::tr{'invalid input'};
3981 goto VPNCONF_ERROR;
3982 }
3983
3984#fixplausi
3985 if ($cgiparams{'AUTH'} eq 'psk') {
3986# if (! length($cgiparams{'PSK'}) ) {
3987# $errormessage = $Lang::tr{'pre-shared key is too short'};
3988# goto VPNCONF_ERROR;
3989# }
3990# if ($cgiparams{'PSK'} =~ /['",&]/) {
3991# $errormessage = $Lang::tr{'invalid characters found in pre-shared key'};
3992# goto VPNCONF_ERROR;
3993# }
3994 } elsif ($cgiparams{'AUTH'} eq 'certreq') {
3995 if ($cgiparams{'KEY'}) {
3996 $errormessage = $Lang::tr{'cant change certificates'};
3997 goto VPNCONF_ERROR;
3998 }
3999 if (ref ($cgiparams{'FH'}) ne 'Fh') {
4000 $errormessage = $Lang::tr{'there was no file upload'};
4001 goto VPNCONF_ERROR;
4002 }
4003
4004 # Move uploaded certificate request to a temporary file
4005 (my $fh, my $filename) = tempfile( );
4006 if (copy ($cgiparams{'FH'}, $fh) != 1) {
4007 $errormessage = $!;
4008 goto VPNCONF_ERROR;
4009 }
6e13d0a5 4010
c6c9630e
MT
4011 # Sign the certificate request and move it
4012 # Sign the host certificate request
f6e12093 4013 system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
c6c9630e
MT
4014 '-batch', '-notext',
4015 '-in', $filename,
4016 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
4017 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf");
4018 if ($?) {
4019 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
4020 unlink ($filename);
4021 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4022 &newcleanssldatabase();
4023 goto VPNCONF_ERROR;
4024 } else {
4025 unlink ($filename);
4026 &deletebackupcert();
4027 }
4028
4029 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
4030 $temp =~ /Subject:.*CN=(.*)[\n]/;
4031 $temp = $1;
4032 $temp =~ s+/Email+, E+;
4033 $temp =~ s/ ST=/ S=/;
4034 $cgiparams{'CERT_NAME'} = $temp;
4035 $cgiparams{'CERT_NAME'} =~ s/,//g;
4036 $cgiparams{'CERT_NAME'} =~ s/\'//g;
4037 if ($cgiparams{'CERT_NAME'} eq '') {
4038 $errormessage = $Lang::tr{'could not retrieve common name from certificate'};
4039 goto VPNCONF_ERROR;
4040 }
4041 } elsif ($cgiparams{'AUTH'} eq 'certfile') {
4042 if ($cgiparams{'KEY'}) {
4043 $errormessage = $Lang::tr{'cant change certificates'};
4044 goto VPNCONF_ERROR;
4045 }
4046 if (ref ($cgiparams{'FH'}) ne 'Fh') {
4047 $errormessage = $Lang::tr{'there was no file upload'};
4048 goto VPNCONF_ERROR;
4049 }
4050 # Move uploaded certificate to a temporary file
4051 (my $fh, my $filename) = tempfile( );
4052 if (copy ($cgiparams{'FH'}, $fh) != 1) {
4053 $errormessage = $!;
4054 goto VPNCONF_ERROR;
4055 }
4056
4057 # Verify the certificate has a valid CA and move it
4058 my $validca = 0;
4059 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/cacert.pem $filename`;
4060 if ($test =~ /: OK/) {
4061 $validca = 1;
4062 } else {
4063 foreach my $key (keys %cahash) {
4064 $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem $filename`;
4065 if ($test =~ /: OK/) {
4066 $validca = 1;
4067 }
6e13d0a5 4068 }
c6c9630e
MT
4069 }
4070 if (! $validca) {
4071 $errormessage = $Lang::tr{'certificate does not have a valid ca associated with it'};
4072 unlink ($filename);
4073 goto VPNCONF_ERROR;
4074 } else {
4075 move($filename, "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4076 if ($? ne 0) {
4077 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
4078 unlink ($filename);
4079 goto VPNCONF_ERROR;
6e13d0a5 4080 }
c6c9630e
MT
4081 }
4082
4083 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
4084 $temp =~ /Subject:.*CN=(.*)[\n]/;
4085 $temp = $1;
4086 $temp =~ s+/Email+, E+;
4087 $temp =~ s/ ST=/ S=/;
4088 $cgiparams{'CERT_NAME'} = $temp;
4089 $cgiparams{'CERT_NAME'} =~ s/,//g;
4090 $cgiparams{'CERT_NAME'} =~ s/\'//g;
4091 if ($cgiparams{'CERT_NAME'} eq '') {
4092 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4093 $errormessage = $Lang::tr{'could not retrieve common name from certificate'};
4094 goto VPNCONF_ERROR;
4095 }
4096 } elsif ($cgiparams{'AUTH'} eq 'certgen') {
4097 if ($cgiparams{'KEY'}) {
4098 $errormessage = $Lang::tr{'cant change certificates'};
4099 goto VPNCONF_ERROR;
4100 }
4101 # Validate input since the form was submitted
4102 if (length($cgiparams{'CERT_NAME'}) >60) {
4103 $errormessage = $Lang::tr{'name too long'};
4104 goto VPNCONF_ERROR;
4105 }
194314b2 4106 if ($cgiparams{'CERT_NAME'} eq '' || $cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
c6c9630e
MT
4107 $errormessage = $Lang::tr{'invalid input for name'};
4108 goto VPNCONF_ERROR;
4109 }
4110 if ($cgiparams{'CERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'CERT_EMAIL'}))) {
4111 $errormessage = $Lang::tr{'invalid input for e-mail address'};
4112 goto VPNCONF_ERROR;
4113 }
4114 if (length($cgiparams{'CERT_EMAIL'}) > 40) {
4115 $errormessage = $Lang::tr{'e-mail address too long'};
4116 goto VPNCONF_ERROR;
4117 }
4118 if ($cgiparams{'CERT_OU'} ne '' && $cgiparams{'CERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
4119 $errormessage = $Lang::tr{'invalid input for department'};
4120 goto VPNCONF_ERROR;
4121 }
4122 if (length($cgiparams{'CERT_ORGANIZATION'}) >60) {
4123 $errormessage = $Lang::tr{'organization too long'};
4124 goto VPNCONF_ERROR;
4125 }
4126 if ($cgiparams{'CERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
4127 $errormessage = $Lang::tr{'invalid input for organization'};
4128 goto VPNCONF_ERROR;
4129 }
4130 if ($cgiparams{'CERT_CITY'} ne '' && $cgiparams{'CERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
4131 $errormessage = $Lang::tr{'invalid input for city'};
4132 goto VPNCONF_ERROR;
4133 }
4134 if ($cgiparams{'CERT_STATE'} ne '' && $cgiparams{'CERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
4135 $errormessage = $Lang::tr{'invalid input for state or province'};
4136 goto VPNCONF_ERROR;
4137 }
4138 if ($cgiparams{'CERT_COUNTRY'} !~ /^[A-Z]*$/) {
4139 $errormessage = $Lang::tr{'invalid input for country'};
4140 goto VPNCONF_ERROR;
4141 }
4142 if ($cgiparams{'CERT_PASS1'} ne '' && $cgiparams{'CERT_PASS2'} ne ''){
4143 if (length($cgiparams{'CERT_PASS1'}) < 5) {
4144 $errormessage = $Lang::tr{'password too short'};
4145 goto VPNCONF_ERROR;
6e13d0a5 4146 }
c6c9630e
MT
4147 }
4148 if ($cgiparams{'CERT_PASS1'} ne $cgiparams{'CERT_PASS2'}) {
4149 $errormessage = $Lang::tr{'passwords do not match'};
4150 goto VPNCONF_ERROR;
4151 }
f4fbb935
EK
4152 if ($cgiparams{'DAYS_VALID'} ne '' && $cgiparams{'DAYS_VALID'} !~ /^[0-9]+$/) {
4153 $errormessage = $Lang::tr{'invalid input for valid till days'};
4154 goto VPNCONF_ERROR;
4155 }
c6c9630e
MT
4156
4157 # Replace empty strings with a .
4158 (my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./;
4159 (my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./;
4160 (my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/\./;
4161
4162 # Create the Host certificate request client
4163 my $pid = open(OPENSSL, "|-");
4164 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto VPNCONF_ERROR;};
4165 if ($pid) { # parent
4166 print OPENSSL "$cgiparams{'CERT_COUNTRY'}\n";
4167 print OPENSSL "$state\n";
4168 print OPENSSL "$city\n";
4169 print OPENSSL "$cgiparams{'CERT_ORGANIZATION'}\n";
4170 print OPENSSL "$ou\n";
4171 print OPENSSL "$cgiparams{'CERT_NAME'}\n";
4172 print OPENSSL "$cgiparams{'CERT_EMAIL'}\n";
4173 print OPENSSL ".\n";
4174 print OPENSSL ".\n";
4175 close (OPENSSL);
4176 if ($?) {
4177 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
4178 unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}key.pem");
4179 unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}req.pem");
4180 goto VPNCONF_ERROR;
6e13d0a5 4181 }
c6c9630e 4182 } else { # child
badd8c1c 4183 unless (exec ('/usr/bin/openssl', 'req', '-nodes',
4c962356 4184 '-newkey', 'rsa:2048',
c6c9630e
MT
4185 '-keyout', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
4186 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
4187 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
4188 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
4189 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
4190 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
4191 goto VPNCONF_ERROR;
6e13d0a5 4192 }
c6c9630e
MT
4193 }
4194
4195 # Sign the host certificate request
f6e12093 4196 system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
c6c9630e
MT
4197 '-batch', '-notext',
4198 '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
4199 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
4200 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf");
4201 if ($?) {
4202 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
4203 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
4204 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
4205 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4206 &newcleanssldatabase();
4207 goto VPNCONF_ERROR;
4208 } else {
4209 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
4210 &deletebackupcert();
4211 }
4212
4213 # Create the pkcs12 file
4214 system('/usr/bin/openssl', 'pkcs12', '-export',
4215 '-inkey', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
4216 '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
4217 '-name', $cgiparams{'NAME'},
4218 '-passout', "pass:$cgiparams{'CERT_PASS1'}",
4219 '-certfile', "${General::swroot}/ovpn/ca/cacert.pem",
4220 '-caname', "$vpnsettings{'ROOTCERT_ORGANIZATION'} CA",
4221 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12");
4222 if ($?) {
4223 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
4224 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
4225 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4226 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12");
4227 goto VPNCONF_ERROR;
4228 } else {
4229 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
4230 }
4231 } elsif ($cgiparams{'AUTH'} eq 'cert') {
4232 ;# Nothing, just editing
4233 } else {
4234 $errormessage = $Lang::tr{'invalid input for authentication method'};
4235 goto VPNCONF_ERROR;
4236 }
4237
4238 # Check if there is no other entry with this common name
4239 if ((! $cgiparams{'KEY'}) && ($cgiparams{'AUTH'} ne 'psk')) {
4240 foreach my $key (keys %confighash) {
4241 if ($confighash{$key}[2] eq $cgiparams{'CERT_NAME'}) {
4242 $errormessage = $Lang::tr{'a connection with this common name already exists'};
4243 goto VPNCONF_ERROR;
6e13d0a5 4244 }
c6c9630e
MT
4245 }
4246 }
4247
ab4cf06c 4248 # Save the config
c6c9630e 4249 my $key = $cgiparams{'KEY'};
8c877a82 4250
c6c9630e
MT
4251 if (! $key) {
4252 $key = &General::findhasharraykey (\%confighash);
49abe7af 4253 foreach my $i (0 .. 43) { $confighash{$key}[$i] = "";}
c6c9630e 4254 }
8c877a82
AM
4255 $confighash{$key}[0] = $cgiparams{'ENABLED'};
4256 $confighash{$key}[1] = $cgiparams{'NAME'};
c6c9630e 4257 if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') {
8c877a82 4258 $confighash{$key}[2] = $cgiparams{'CERT_NAME'};
c6c9630e 4259 }
8c877a82
AM
4260
4261 $confighash{$key}[3] = $cgiparams{'TYPE'};
c6c9630e 4262 if ($cgiparams{'AUTH'} eq 'psk') {
8c877a82
AM
4263 $confighash{$key}[4] = 'psk';
4264 $confighash{$key}[5] = $cgiparams{'PSK'};
c6c9630e 4265 } else {
8c877a82 4266 $confighash{$key}[4] = 'cert';
c6c9630e 4267 }
ce9abb66 4268 if ($cgiparams{'TYPE'} eq 'net') {
8c877a82
AM
4269 $confighash{$key}[6] = $cgiparams{'SIDE'};
4270 $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
ce9abb66 4271 }
4c962356 4272 $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
8c877a82 4273 $confighash{$key}[10] = $cgiparams{'REMOTE'};
4c962356 4274 if ($cgiparams{'OVPN_MGMT'} eq '') {
8c877a82 4275 $confighash{$key}[22] = $confighash{$key}[29];
4c962356 4276 } else {
8c877a82 4277 $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'};
4c962356 4278 }
8c877a82
AM
4279 $confighash{$key}[23] = $cgiparams{'MSSFIX'};
4280 $confighash{$key}[24] = $cgiparams{'FRAGMENT'};
4281 $confighash{$key}[25] = $cgiparams{'REMARK'};
4282 $confighash{$key}[26] = $cgiparams{'INTERFACE'};
c6c9630e 4283# new fields
8c877a82
AM
4284 $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'};
4285 $confighash{$key}[28] = $cgiparams{'PROTOCOL'};
4286 $confighash{$key}[29] = $cgiparams{'DEST_PORT'};
4287 $confighash{$key}[30] = $cgiparams{'COMPLZO'};
4288 $confighash{$key}[31] = $cgiparams{'MTU'};
4289 $confighash{$key}[32] = $cgiparams{'CHECK1'};
df9b48b7 4290 $name=$cgiparams{'CHECK1'};
8c877a82
AM
4291 $confighash{$key}[33] = $cgiparams{$name};
4292 $confighash{$key}[34] = $cgiparams{'RG'};
4293 $confighash{$key}[35] = $cgiparams{'CCD_DNS1'};
4294 $confighash{$key}[36] = $cgiparams{'CCD_DNS2'};
4295 $confighash{$key}[37] = $cgiparams{'CCD_WINS'};
4c962356
EK
4296 $confighash{$key}[39] = $cgiparams{'DAUTH'};
4297 $confighash{$key}[40] = $cgiparams{'DCIPHER'};
350f2980 4298
71af643c
MT
4299 if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) {
4300 $confighash{$key}[41] = "no-pass";
4301 }
4302
c6c9630e 4303 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
8c877a82
AM
4304
4305 if ($cgiparams{'CHECK1'} ){
4306
4307 my ($ccdip,$ccdsub)=split "/",$cgiparams{$name};
4308 my ($a,$b,$c,$d) = split (/\./,$ccdip);
df9b48b7
AM
4309 if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){
4310 unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";
4311 }
8c877a82 4312 open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!";
82c809c7 4313 print CCDRWCONF "# OpenVPN clientconfig from ccd extension by Copymaster#\n\n";
8c877a82
AM
4314 if($cgiparams{'CHECK1'} eq 'dynamic'){
4315 print CCDRWCONF "#This client uses the dynamic pool\n";
4316 }else{
82c809c7 4317 print CCDRWCONF "#Ip address client and server\n";
8c877a82
AM
4318 print CCDRWCONF "ifconfig-push $ccdip ".&General::getlastip($ccdip,1)."\n";
4319 }
4320 if ($confighash{$key}[34] eq 'on'){
4321 print CCDRWCONF "\n#Redirect Gateway: \n#All IP traffic is redirected through the vpn \n";
4322 print CCDRWCONF "push redirect-gateway\n";
4323 }
52d08bcb 4324 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
8c877a82 4325 if ($cgiparams{'IR'} ne ''){
82c809c7 4326 print CCDRWCONF "\n#Client routes these networks (behind Client)\n";
8c877a82
AM
4327 foreach my $key (keys %ccdroutehash){
4328 if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}){
4329 foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
4330 my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]);
4331 print CCDRWCONF "iroute $a $b\n";
4332 }
4333 }
4334 }
4335 }
52d08bcb 4336 if ($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} ){$cgiparams{'IFROUTE'}='';}
8c877a82 4337 if ($cgiparams{'IFROUTE'} ne ''){
82c809c7 4338 print CCDRWCONF "\n#Client gets routes to these networks (behind IPFire)\n";
8c877a82
AM
4339 foreach my $key (keys %ccdroute2hash){
4340 if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
4341 foreach my $i ( 1 .. $#{$ccdroute2hash{$key}}){
4342 if($ccdroute2hash{$key}[$i] eq $Lang::tr{'blue'}){
4343 my %blue=();
4344 &General::readhash("${General::swroot}/ethernet/settings", \%blue);
52d08bcb 4345 print CCDRWCONF "push \"route $blue{BLUE_ADDRESS} $blue{BLUE_NETMASK}\n";
8c877a82
AM
4346 }elsif($ccdroute2hash{$key}[$i] eq $Lang::tr{'orange'}){
4347 my %orange=();
4348 &General::readhash("${General::swroot}/ethernet/settings", \%orange);
4349 print CCDRWCONF "push \"route $orange{ORANGE_ADDRESS} $orange{ORANGE_NETMASK}\n";
4350 }else{
4351 my ($a,$b)=split (/\//,$ccdroute2hash{$key}[$i]);
4352 print CCDRWCONF "push \"route $a $b\"\n";
4353 }
4354 }
4355 }
4356 }
4357 }
4358 if(($cgiparams{'CCD_DNS1'} eq '') && ($cgiparams{'CCD_DNS1'} ne '')){ $cgiparams{'CCD_DNS1'} = $cgiparams{'CCD_DNS2'};$cgiparams{'CCD_DNS2'}='';}
4359 if($cgiparams{'CCD_DNS1'} ne ''){
82c809c7 4360 print CCDRWCONF "\n#Client gets these nameservers\n";
8c877a82
AM
4361 print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS1'}\" \n";
4362 }
4363 if($cgiparams{'CCD_DNS2'} ne ''){
4364 print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS2'}\" \n";
4365 }
4366 if($cgiparams{'CCD_WINS'} ne ''){
4367 print CCDRWCONF "\n#Client gets this WINS server\n";
4368 print CCDRWCONF "push \"dhcp-option WINS $cgiparams{'CCD_WINS'}\" \n";
4369 }
4370 close CCDRWCONF;
4371 }
18837a6a
AH
4372
4373###
4374# m.a.d n2n begin
4375###
4376
4377 if ($cgiparams{'TYPE'} eq 'net') {
4378
4379 if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
4380 system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
4381
4382 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
4383 my $key = $cgiparams{'KEY'};
4384 if (! $key) {
4385 $key = &General::findhasharraykey (\%confighash);
4386 foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
4387 }
4388 $confighash{$key}[0] = 'on';
4389 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
4390
4391 system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
4392 }
4393 }
4394
4395###
4396# m.a.d n2n end
4397###
4398
c6c9630e
MT
4399 if ($cgiparams{'EDIT_ADVANCED'} eq 'on') {
4400 $cgiparams{'KEY'} = $key;
4401 $cgiparams{'ACTION'} = $Lang::tr{'advanced'};
4402 }
4403 goto VPNCONF_END;
6e13d0a5 4404 } else {
c6c9630e 4405 $cgiparams{'ENABLED'} = 'on';
54fd0535
MT
4406###
4407# m.a.d n2n begin
4408###
4409 $cgiparams{'MSSFIX'} = 'on';
4410 $cgiparams{'FRAGMENT'} = '1300';
70900745 4411 $cgiparams{'DAUTH'} = 'SHA512';
54fd0535
MT
4412###
4413# m.a.d n2n end
4414###
4c962356 4415 $cgiparams{'SIDE'} = 'left';
c6c9630e
MT
4416 if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) {
4417 $cgiparams{'AUTH'} = 'psk';
4418 } elsif ( ! -f "${General::swroot}/ovpn/ca/cacert.pem") {
4419 $cgiparams{'AUTH'} = 'certfile';
4420 } else {
6e13d0a5 4421 $cgiparams{'AUTH'} = 'certgen';
c6c9630e
MT
4422 }
4423 $cgiparams{'LOCAL_SUBNET'} ="$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
4424 $cgiparams{'CERT_ORGANIZATION'} = $vpnsettings{'ROOTCERT_ORGANIZATION'};
4425 $cgiparams{'CERT_CITY'} = $vpnsettings{'ROOTCERT_CITY'};
4426 $cgiparams{'CERT_STATE'} = $vpnsettings{'ROOTCERT_STATE'};
4427 $cgiparams{'CERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'};
f4fbb935 4428 $cgiparams{'DAYS_VALID'} = $vpnsettings{'DAYS_VALID'};
6e13d0a5 4429 }
c6c9630e 4430
6e13d0a5 4431 VPNCONF_ERROR:
6e13d0a5
MT
4432 $checked{'ENABLED'}{'off'} = '';
4433 $checked{'ENABLED'}{'on'} = '';
4434 $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
4435 $checked{'ENABLED_BLUE'}{'off'} = '';
4436 $checked{'ENABLED_BLUE'}{'on'} = '';
4437 $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED';
4438 $checked{'ENABLED_ORANGE'}{'off'} = '';
4439 $checked{'ENABLED_ORANGE'}{'on'} = '';
4440 $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
c6c9630e
MT
4441
4442
6e13d0a5
MT
4443 $checked{'EDIT_ADVANCED'}{'off'} = '';
4444 $checked{'EDIT_ADVANCED'}{'on'} = '';
4445 $checked{'EDIT_ADVANCED'}{$cgiparams{'EDIT_ADVANCED'}} = 'CHECKED';
c6c9630e 4446
6e13d0a5
MT
4447 $selected{'SIDE'}{'server'} = '';
4448 $selected{'SIDE'}{'client'} = '';
4449 $selected{'SIDE'}{$cgiparams{'SIDE'}} = 'SELECTED';
d96c89eb
AH
4450
4451 $selected{'PROTOCOL'}{'udp'} = '';
4452 $selected{'PROTOCOL'}{'tcp'} = '';
4453 $selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = 'SELECTED';
4454
c6c9630e 4455
6e13d0a5
MT
4456 $checked{'AUTH'}{'psk'} = '';
4457 $checked{'AUTH'}{'certreq'} = '';
4458 $checked{'AUTH'}{'certgen'} = '';
4459 $checked{'AUTH'}{'certfile'} = '';
4460 $checked{'AUTH'}{$cgiparams{'AUTH'}} = 'CHECKED';
c6c9630e 4461
6e13d0a5 4462 $selected{'INTERFACE'}{$cgiparams{'INTERFACE'}} = 'SELECTED';
c6c9630e 4463
6e13d0a5
MT
4464 $checked{'COMPLZO'}{'off'} = '';
4465 $checked{'COMPLZO'}{'on'} = '';
4466 $checked{'COMPLZO'}{$cgiparams{'COMPLZO'}} = 'CHECKED';
c6c9630e 4467
d96c89eb
AH
4468 $checked{'MSSFIX'}{'off'} = '';
4469 $checked{'MSSFIX'}{'on'} = '';
4470 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
4471
52f61e49
EKD
4472 $selected{'DCIPHER'}{'AES-256-GCM'} = '';
4473 $selected{'DCIPHER'}{'AES-192-GCM'} = '';
4474 $selected{'DCIPHER'}{'AES-128-GCM'} = '';
4c962356
EK
4475 $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
4476 $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
4477 $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
4478 $selected{'DCIPHER'}{'AES-256-CBC'} = '';
4479 $selected{'DCIPHER'}{'AES-192-CBC'} = '';
4480 $selected{'DCIPHER'}{'AES-128-CBC'} = '';
4481 $selected{'DCIPHER'}{'DESX-CBC'} = '';
4482 $selected{'DCIPHER'}{'SEED-CBC'} = '';
4483 $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
4484 $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
4485 $selected{'DCIPHER'}{'CAST5-CBC'} = '';
4486 $selected{'DCIPHER'}{'BF-CBC'} = '';
4c962356 4487 $selected{'DCIPHER'}{'DES-CBC'} = '';
49abe7af
EK
4488 # If no cipher has been chossen yet, select
4489 # the old default (AES-256-CBC) for compatiblity reasons.
4490 if ($cgiparams{'DCIPHER'} eq '') {
4491 $cgiparams{'DCIPHER'} = 'AES-256-CBC';
4492 }
4c962356 4493 $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
49abe7af
EK
4494 $selected{'DAUTH'}{'whirlpool'} = '';
4495 $selected{'DAUTH'}{'SHA512'} = '';
4496 $selected{'DAUTH'}{'SHA384'} = '';
4497 $selected{'DAUTH'}{'SHA256'} = '';
4498 $selected{'DAUTH'}{'SHA1'} = '';
4499 # If no hash algorythm has been choosen yet, select
4500 # the old default value (SHA1) for compatiblity reasons.
4501 if ($cgiparams{'DAUTH'} eq '') {
4502 $cgiparams{'DAUTH'} = 'SHA1';
4503 }
4504 $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
4505
6e13d0a5
MT
4506 if (1) {
4507 &Header::showhttpheaders();
4c962356 4508 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
6e13d0a5
MT
4509 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
4510 if ($errormessage) {
4511 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
4512 print "<class name='base'>$errormessage";
4513 print "&nbsp;</class>";
4514 &Header::closebox();
4515 }
c6c9630e 4516
6e13d0a5
MT
4517 if ($warnmessage) {
4518 &Header::openbox('100%', 'LEFT', "$Lang::tr{'warning messages'}:");
4519 print "<class name='base'>$warnmessage";
4520 print "&nbsp;</class>";
4521 &Header::closebox();
4522 }
c6c9630e 4523
6e13d0a5 4524 print "<form method='post' enctype='multipart/form-data'>";
ce9abb66 4525 print "<input type='hidden' name='TYPE' value='$cgiparams{'TYPE'}' />";
c6c9630e 4526
6e13d0a5
MT
4527 if ($cgiparams{'KEY'}) {
4528 print "<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />";
4529 print "<input type='hidden' name='AUTH' value='$cgiparams{'AUTH'}' />";
6e13d0a5 4530 }
c6c9630e 4531
6e13d0a5 4532 &Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:");
8c877a82 4533 print "<table width='100%' border='0'>\n";
4c962356 4534
e3edceeb 4535 print "<tr><td width='14%' class='boldbase'>$Lang::tr{'name'}:&nbsp;<img src='/blob.gif' alt='*' /></td>";
8c877a82 4536
ce9abb66 4537 if ($cgiparams{'TYPE'} eq 'host') {
6e13d0a5 4538 if ($cgiparams{'KEY'}) {
8c877a82 4539 print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
6e13d0a5
MT
4540 } else {
4541 print "<td width='35%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' size='30' /></td>";
4542 }
c6c9630e
MT
4543# print "<tr><td>$Lang::tr{'interface'}</td>";
4544# print "<td><select name='INTERFACE'>";
4545# print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED</option>";
4c962356
EK
4546# if ($netsettings{'BLUE_DEV'} ne '') {
4547# print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE</option>";
4548# }
4549# print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN</option>";
4550# print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>";
4551# print "</select></td></tr>";
4552# print <<END;
ce9abb66
AH
4553 } else {
4554 print "<input type='hidden' name='INTERFACE' value='red' />";
4555 if ($cgiparams{'KEY'}) {
4556 print "<td width='25%' class='base' nowrap='nowrap'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
4557 } else {
4558 print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>";
4559 }
52f61e49
EKD
4560
4561 # If GCM ciphers are in usage, HMAC menu is disabled
4562 my $hmacdisabled;
4563 if (($confighash{$cgiparams{'KEY'}}[40] eq 'AES-256-GCM') ||
4564 ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-192-GCM') ||
4565 ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-128-GCM')) {
4566 $hmacdisabled = "disabled='disabled'";
4567 };
4568
4c962356 4569 print <<END;
ce9abb66 4570 <td width='25%'>&nbsp;</td>
f527e53f
EK
4571 <td width='25%'>&nbsp;</td></tr>
4572 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td>
4573 <td><select name='SIDE'>
4574 <option value='server' $selected{'SIDE'}{'server'}>$Lang::tr{'openvpn server'}</option>
4575 <option value='client' $selected{'SIDE'}{'client'}>$Lang::tr{'openvpn client'}</option>
4576 </select>
4577 </td>
4c962356 4578
f527e53f
EK
4579 <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
4580 <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td>
4581 </tr>
4c962356 4582
e3edceeb 4583 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}&nbsp;<img src='/blob.gif' alt='*' /></td>
f527e53f 4584 <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td>
4c962356 4585
e3edceeb 4586 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}&nbsp;<img src='/blob.gif' alt='*' /></td>
f527e53f
EK
4587 <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td>
4588 </tr>
4c962356 4589
e3edceeb 4590 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}&nbsp;<img src='/blob.gif' alt='*' /></td>
f527e53f 4591 <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td>
49abe7af 4592
f527e53f
EK
4593 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
4594 <td><select name='PROTOCOL'>
4595 <option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
4596 <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>
4597 </tr>
4598
4599 <tr>
e3edceeb 4600 <td class='boldbase'>$Lang::tr{'destination port'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
f527e53f 4601 <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td>
4c962356 4602
e3edceeb 4603 <td class='boldbase' nowrap='nowrap'>Management Port ($Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}):</td>
f527e53f
EK
4604 <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td>
4605 </tr>
49abe7af 4606
f527e53f
EK
4607 <tr><td colspan=4><hr /></td></tr><tr>
4608
4609 <tr>
4610 <td class'base'><b>$Lang::tr{'MTU settings'}</b></td>
4611 </tr>
49abe7af 4612
e3edceeb 4613 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td>
f527e53f
EK
4614 <td><input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td>
4615 <td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td>
4616 </tr>
4c962356 4617
e3edceeb 4618 <tr><td class='boldbase' nowrap='nowrap'>fragment:</td>
f527e53f
EK
4619 <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td>
4620 <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td>
4621 </tr>
4c962356 4622
e3edceeb 4623 <tr><td class='boldbase' nowrap='nowrap'>mssfix:</td>
f527e53f
EK
4624 <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
4625 <td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td>
4626 </tr>
4c962356 4627
e3edceeb 4628 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
f527e53f
EK
4629 <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>
4630 </tr>
2ee746be 4631
f527e53f
EK
4632<tr><td colspan=4><hr /></td></tr><tr>
4633 <tr>
4634 <td class'base'><b>$Lang::tr{'ovpn crypt options'}:</b></td>
4635 </tr>
4636
4637 <tr><td class='boldbase'>$Lang::tr{'cipher'}</td>
52f61e49
EKD
4638 <td><select name='DCIPHER' id="n2ncipher" required>
4639 <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option>
4640 <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option>
4641 <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option>
f527e53f
EK
4642 <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
4643 <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
4644 <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
f7fb5bc5 4645 <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'}, $Lang::tr{'default'})</option>
f527e53f
EK
4646 <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
4647 <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
ea6dd5b0
EK
4648 <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
4649 <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4650 <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4651 <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4652 <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4653 <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
f527e53f
EK
4654 </select>
4655 </td>
4656
4657 <td class='boldbase'>$Lang::tr{'ovpn ha'}:</td>
52f61e49 4658 <td><select name='DAUTH' id="n2nhmac" $hmacdisabled>
f527e53f
EK
4659 <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
4660 <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
4661 <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
4662 <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
f3dfb261 4663 <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
f527e53f
EK
4664 </select>
4665 </td>
4666 </tr>
4667 <tr><td colspan=4><hr /></td></tr><tr>
4668
ce9abb66 4669END
8c877a82 4670;
ce9abb66 4671 }
52f61e49
EKD
4672
4673#### JAVA SCRIPT ####
4674# Validate N2N cipher. If GCM will be used, HMAC menu will be disabled onchange
4675print<<END;
4676 <script>
4677 var disable_options = false;
4678 document.getElementById('n2ncipher').onchange = function () {
4679 if((this.value == "AES-256-GCM"||this.value == "AES-192-GCM"||this.value == "AES-128-GCM")) {
4680 document.getElementById('n2nhmac').setAttribute('disabled', true);
4681 } else {
4682 document.getElementById('n2nhmac').removeAttribute('disabled');
4683 }
4684 }
4685 </script>
4686END
4687
2ee746be 4688#jumper
e3edceeb 4689 print "<tr><td class='boldbase'>$Lang::tr{'remark title'}</td>";
8c877a82 4690 print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr></table>";
c6c9630e 4691
ce9abb66 4692 if ($cgiparams{'TYPE'} eq 'host') {
8c877a82
AM
4693 print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>";
4694 }
ce9abb66 4695
8c877a82
AM
4696 print"</tr></table><br><br>";
4697#A.Marx CCD new client
e81be1e1 4698if ($cgiparams{'TYPE'} eq 'host') {
8c877a82 4699 print "<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td colspan='3'><hr><br><b>$Lang::tr{'ccd choose net'}</td></tr><tr><td height='20' colspan='3'></td></tr>";
8c877a82
AM
4700 my %vpnnet=();
4701 my $vpnip;
4702 &General::readhash("${General::swroot}/ovpn/settings", \%vpnnet);
4703 $vpnip=$vpnnet{'DOVPN_SUBNET'};
4704 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
4705 my @ccdconf=();
4706 my $count=0;
4707 my $checked;
4708 $checked{'check1'}{'off'} = '';
4709 $checked{'check1'}{'on'} = '';
4710 $checked{'check1'}{$cgiparams{'CHECK1'}} = 'CHECKED';
4711 print"<tr><td align='center' width='1%' valign='top'><input type='radio' name='CHECK1' value='dynamic' checked /></td><td align='left' valign='top' width='35%'>$Lang::tr{'ccd dynrange'} ($vpnip)</td><td width='30%'>";
4712 print"</td></tr></table><br><br>";
4713 my $name=$cgiparams{'CHECK1'};
4714 $checked{'RG'}{$cgiparams{'RG'}} = 'CHECKED';
4715
4716 if (! -z "${General::swroot}/ovpn/ccd.conf"){
4717 print"<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td width='1%'></td><td width='30%' class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td width='15%' class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' align='center' width='18%'><b>$Lang::tr{'ccd clientip'}</td></tr>";
df9b48b7 4718 foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
8c877a82
AM
4719 $count++;
4720 @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
4721 if ($count % 2){print"<tr bgcolor='$color{'color22'}'>";}else{print"<tr bgcolor='$color{'color20'}'>";}
4722 print"<td align='center' width='1%'><input type='radio' name='CHECK1' value='$ccdconf[0]' $checked{'check1'}{$ccdconf[0]}/></td><td>$ccdconf[0]</td><td width='40%' align='center'>$ccdconf[1]</td><td align='left' width='10%'>";
4723 &fillselectbox($ccdconf[1],$ccdconf[0],$cgiparams{$name});
4724 print"</td></tr>";
4725 }
4726 print "</table><br><br><hr><br><br>";
4727 }
e81be1e1 4728}
8c877a82 4729# ccd end
6e13d0a5
MT
4730 &Header::closebox();
4731 if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') {
8c877a82
AM
4732
4733 } elsif (! $cgiparams{'KEY'}) {
4734
4735
6e13d0a5
MT
4736 my $disabled='';
4737 my $cakeydisabled='';
4738 my $cacrtdisabled='';
4739 if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" };
4740 if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" };
8c877a82 4741
6e13d0a5 4742 &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'});
ce9abb66
AH
4743
4744
4745 if ($cgiparams{'TYPE'} eq 'host') {
4746
49abe7af 4747 print <<END;
6e13d0a5 4748 <table width='100%' cellpadding='0' cellspacing='5' border='0'>
54fd0535 4749
ce9abb66
AH
4750 <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td><td class='base'>$Lang::tr{'upload a certificate request'}</td><td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr>
4751 <tr><td><input type='radio' name='AUTH' value='certfile' $checked{'AUTH'}{'certfile'} $cacrtdisabled /></td><td class='base'>$Lang::tr{'upload a certificate'}</td></tr>
54fd0535
MT
4752 <tr><td colspan='3'>&nbsp;</td></tr>
4753 <tr><td colspan='3'><hr /></td></tr>
4754 <tr><td colspan='3'>&nbsp;</td></tr>
ce9abb66 4755 <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
e3edceeb
LS
4756 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users fullname or system hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
4757 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users email'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
4758 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users department'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
4759 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'organization name'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
4760 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'city'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
4761 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'state or province'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
ce9abb66 4762 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
6e13d0a5 4763END
ce9abb66
AH
4764;
4765
4766###
7c1d9faf 4767# m.a.d net2net
ce9abb66
AH
4768###
4769
4770} else {
4771
49abe7af 4772 print <<END;
ce9abb66
AH
4773 <table width='100%' cellpadding='0' cellspacing='5' border='0'>
4774
4775 <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
e3edceeb
LS
4776 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users fullname or system hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
4777 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users email'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
4778 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users department'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
4779 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'organization name'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
4780 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'city'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
4781 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'state or province'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
ce9abb66 4782 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
54fd0535
MT
4783
4784
ce9abb66
AH
4785END
4786;
4787
4788}
4789
4790###
7c1d9faf 4791# m.a.d net2net
ce9abb66 4792###
c6c9630e 4793
6e13d0a5
MT
4794 foreach my $country (sort keys %{Countries::countries}) {
4795 print "<option value='$Countries::countries{$country}'";
4796 if ( $Countries::countries{$country} eq $cgiparams{'CERT_COUNTRY'} ) {
4797 print " selected='selected'";
4798 }
4799 print ">$country</option>";
4800 }
ce9abb66 4801###
7c1d9faf 4802# m.a.d net2net
ce9abb66
AH
4803###
4804
4805if ($cgiparams{'TYPE'} eq 'host') {
49abe7af 4806 print <<END;
f4fbb935
EK
4807 </select></td></tr>
4808 <td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):</td>
4809 <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
4810 <tr><td>&nbsp;</td>
6e13d0a5
MT
4811 <td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
4812 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value='$cgiparams{'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr>
f4fbb935 4813 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'pkcs12 file password'}:<br>($Lang::tr{'confirmation'})</td>
6e13d0a5 4814 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr>
f4fbb935
EK
4815 <tr><td colspan='3'>&nbsp;</td></tr>
4816 <tr><td colspan='3'><hr /></td></tr>
e3edceeb 4817 <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'required field'}</td></tr>
f4fbb935 4818 </table>
ce9abb66
AH
4819END
4820}else{
49abe7af 4821 print <<END;
f4fbb935
EK
4822 </select></td></tr>
4823 <td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):</td>
4824 <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
4825 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
4826 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
4827 <tr><td colspan='3'><hr /></td></tr>
e3edceeb 4828 <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'required field'}</td></tr>
ce9abb66
AH
4829 </table>
4830
c6c9630e 4831END
ce9abb66
AH
4832}
4833
4834###
7c1d9faf 4835# m.a.d net2net
ce9abb66 4836###
c6c9630e
MT
4837 ;
4838 &Header::closebox();
8c877a82
AM
4839
4840 }
e81be1e1
AM
4841
4842#A.Marx CCD new client
4843if ($cgiparams{'TYPE'} eq 'host') {
8c877a82
AM
4844 print"<br><br>";
4845 &Header::openbox('100%', 'LEFT', "$Lang::tr{'ccd client options'}:");
4846
8c877a82
AM
4847
4848 print <<END;
4849 <table border='0' width='100%'>
4850 <tr><td width='20%'>Redirect Gateway:</td><td colspan='3'><input type='checkbox' name='RG' $checked{'RG'}{'on'} /></td></tr>
4851 <tr><td colspan='4'><b><br>$Lang::tr{'ccd routes'}</b></td></tr>
4852 <tr><td colspan='4'>&nbsp</td></tr>
4853 <tr><td valign='top'>$Lang::tr{'ccd iroute'}</td><td align='left' width='30%'><textarea name='IR' cols='26' rows='6' wrap='off'>
4854END
4855
4856 if ($cgiparams{'IR'} ne ''){
4857 print $cgiparams{'IR'};
4858 }else{
4859 &General::readhasharray ("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
4860 foreach my $key (keys %ccdroutehash) {
4861 if( $cgiparams{'NAME'} eq $ccdroutehash{$key}[0]){
4862 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
4863 if ($ccdroutehash{$key}[$i] ne ''){
4864 print $ccdroutehash{$key}[$i]."\n";
4865 }
4866 $cgiparams{'IR'} .= $ccdroutehash{$key}[$i];
4867 }
4868 }
4869 }
c6c9630e 4870 }
8c877a82
AM
4871
4872 print <<END;
4873</textarea></td><td valign='top' colspan='2'>$Lang::tr{'ccd iroutehint'}</td></tr>
4874 <tr><td colspan='4'><br></td></tr>
4875 <tr><td valign='top' rowspan='3'>$Lang::tr{'ccd iroute2'}</td><td align='left' valign='top' rowspan='3'><select name='IFROUTE' style="width: 205px"; size='6' multiple>
4876END
52d08bcb
AM
4877
4878 my $set=0;
4879 my $selorange=0;
4880 my $selblue=0;
4881 my $selgreen=0;
4882 my $helpblue=0;
4883 my $helporange=0;
4884 my $other=0;
df9b48b7 4885 my $none=0;
52d08bcb
AM
4886 my @temp=();
4887
8c877a82 4888 our @current = ();
52d08bcb
AM
4889 open(FILE, "${General::swroot}/main/routing") ;
4890 @current = <FILE>;
4891 close (FILE);
4892 &General::readhasharray ("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
df9b48b7
AM
4893 #check for "none"
4894 foreach my $key (keys %ccdroute2hash) {
4895 if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
4896 if ($ccdroute2hash{$key}[1] eq ''){
4897 $none=1;
4898 last;
4899 }
4900 }
4901 }
4902 if ($none ne '1'){
4903 print"<option>$Lang::tr{'ccd none'}</option>";
4904 }else{
4905 print"<option selected>$Lang::tr{'ccd none'}</option>";
4906 }
52d08bcb
AM
4907 #check if static routes are defined for client
4908 foreach my $line (@current) {
4909 chomp($line);
4910 $line=~s/\s*$//g; # remove newline
4911 @temp=split(/\,/,$line);
4912 $temp[1] = '' unless defined $temp[1]; # not always populated
4913 my ($a,$b) = split(/\//,$temp[1]);
4914 $temp[1] = $a."/".&General::iporsubtocidr($b);
4915 foreach my $key (keys %ccdroute2hash) {
4916 if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
4917 foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
4918 if($ccdroute2hash{$key}[$i] eq $a."/".&General::iporsubtodec($b)){
4919 $set=1;
8c877a82
AM
4920 }
4921 }
8c877a82 4922 }
52d08bcb
AM
4923 }
4924 if ($set == '1' && $#temp != -1){ print"<option selected>$temp[1]</option>";$set=0;}elsif($set == '0' && $#temp != -1){print"<option>$temp[1]</option>";}
4925 }
3a445974
MT
4926
4927 my %vpnconfig = ();
4928 &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig);
4929 foreach my $vpn (keys %vpnconfig) {
4930 # Skip all disabled VPN connections
4931 my $enabled = $vpnconfig{$vpn}[0];
4932 next unless ($enabled eq "on");
4933
4934 my $name = $vpnconfig{$vpn}[1];
4935
4936 # Remote subnets
4937 my @networks = split(/\|/, $vpnconfig{$vpn}[11]);
4938 foreach my $network (@networks) {
4939 my $selected = "";
4940
4941 foreach my $key (keys %ccdroute2hash) {
4942 if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) {
4943 foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
4944 if ($ccdroute2hash{$key}[$i] eq $network) {
4945 $selected = "selected";
4946 }
4947 }
4948 }
4949 }
4950
4951 print "<option value=\"$network\" $selected>$name ($network)</option>\n";
4952 }
4953 }
4954
52d08bcb
AM
4955 #check if green,blue,orange are defined for client
4956 foreach my $key (keys %ccdroute2hash) {
4957 if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
4958 $other=1;
4959 foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
4960 if ($ccdroute2hash{$key}[$i] eq $netsettings{'GREEN_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'GREEN_NETMASK'})){
4961 $selgreen=1;
4962 }
4963 if (&haveBlueNet()){
4964 if( $ccdroute2hash{$key}[$i] eq $netsettings{'BLUE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'BLUE_NETMASK'})) {
4965 $selblue=1;
4966 }
4967 }
4968 if (&haveOrangeNet()){
4969 if( $ccdroute2hash{$key}[$i] eq $netsettings{'ORANGE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'ORANGE_NETMASK'}) ) {
4970 $selorange=1;
4971 }
4972 }
4973 }
4974 }
4975 }
4976 if (&haveBlueNet() && $selblue == '1'){ print"<option selected>$Lang::tr{'blue'}</option>";$selblue=0;}elsif(&haveBlueNet() && $selblue == '0'){print"<option>$Lang::tr{'blue'}</option>";}
4977 if (&haveOrangeNet() && $selorange == '1'){ print"<option selected>$Lang::tr{'orange'}</option>";$selorange=0;}elsif(&haveOrangeNet() && $selorange == '0'){print"<option>$Lang::tr{'orange'}</option>";}
4978 if ($selgreen == '1' || $other == '0'){ print"<option selected>$Lang::tr{'green'}</option>";$set=0;}else{print"<option>$Lang::tr{'green'}</option>";};
4979
49abe7af 4980 print<<END;
8c877a82
AM
4981 </select></td><td valign='top'>DNS1:</td><td valign='top'><input type='TEXT' name='CCD_DNS1' value='$cgiparams{'CCD_DNS1'}' size='30' /></td></tr>
4982 <tr valign='top'><td>DNS2:</td><td><input type='TEXT' name='CCD_DNS2' value='$cgiparams{'CCD_DNS2'}' size='30' /></td></tr>
4983 <tr valign='top'><td valign='top'>WINS:</td><td><input type='TEXT' name='CCD_WINS' value='$cgiparams{'CCD_WINS'}' size='30' /></td></tr></table><br><hr>
4984
4985END
4986;
4987 &Header::closebox();
e81be1e1 4988}
c6c9630e
MT
4989 print "<div align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
4990 if ($cgiparams{'KEY'}) {
4991# print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced'}' />";
4992 }
4993 print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>";
4994 &Header::closebigbox();
4995 &Header::closepage();
4996 exit (0);
6e13d0a5 4997 }
c6c9630e 4998 VPNCONF_END:
6e13d0a5 4999}
c6c9630e
MT
5000
5001# SETTINGS_ERROR:
6e13d0a5
MT
5002###
5003### Default status page
5004###
c6c9630e
MT
5005 %cgiparams = ();
5006 %cahash = ();
5007 %confighash = ();
5008 &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
5009 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
5010 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
5011
87fe47e9 5012 my @status = `/bin/cat /var/run/ovpnserver.log`;
c6c9630e
MT
5013
5014 if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
8c877a82
AM
5015 if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
5016 my $ipaddr = <IPADDR>;
5017 close IPADDR;
5018 chomp ($ipaddr);
5019 $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
5020 if ($cgiparams{'VPN_IP'} eq '') {
5021 $cgiparams{'VPN_IP'} = $ipaddr;
5022 }
5023 }
c6c9630e
MT
5024 }
5025
6e13d0a5 5026#default setzen
c6c9630e 5027 if ($cgiparams{'DCIPHER'} eq '') {
4c962356 5028 $cgiparams{'DCIPHER'} = 'AES-256-CBC';
c6c9630e 5029 }
c6c9630e 5030 if ($cgiparams{'DDEST_PORT'} eq '') {
4c962356 5031 $cgiparams{'DDEST_PORT'} = '1194';
c6c9630e
MT
5032 }
5033 if ($cgiparams{'DMTU'} eq '') {
4c962356
EK
5034 $cgiparams{'DMTU'} = '1400';
5035 }
5036 if ($cgiparams{'MSSFIX'} eq '') {
5037 $cgiparams{'MSSFIX'} = 'off';
5038 }
5039 if ($cgiparams{'DAUTH'} eq '') {
70900745 5040 $cgiparams{'DAUTH'} = 'SHA512';
c6c9630e
MT
5041 }
5042 if ($cgiparams{'DOVPN_SUBNET'} eq '') {
4c962356 5043 $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
c6c9630e 5044 }
4c962356 5045 $checked{'ENABLED'}{'off'} = '';
c6c9630e
MT
5046 $checked{'ENABLED'}{'on'} = '';
5047 $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
5048 $checked{'ENABLED_BLUE'}{'off'} = '';
5049 $checked{'ENABLED_BLUE'}{'on'} = '';
5050 $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED';
5051 $checked{'ENABLED_ORANGE'}{'off'} = '';
5052 $checked{'ENABLED_ORANGE'}{'on'} = '';
5053 $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
c6c9630e
MT
5054
5055 $selected{'DPROTOCOL'}{'udp'} = '';
5056 $selected{'DPROTOCOL'}{'tcp'} = '';
5057 $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
4c962356 5058
52f61e49
EKD
5059 $selected{'DCIPHER'}{'AES-256-GCM'} = '';
5060 $selected{'DCIPHER'}{'AES-192-GCM'} = '';
5061 $selected{'DCIPHER'}{'AES-128-GCM'} = '';
4c962356
EK
5062 $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
5063 $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
5064 $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
5065 $selected{'DCIPHER'}{'AES-256-CBC'} = '';
5066 $selected{'DCIPHER'}{'AES-192-CBC'} = '';
5067 $selected{'DCIPHER'}{'AES-128-CBC'} = '';
c6c9630e
MT
5068 $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
5069 $selected{'DCIPHER'}{'DESX-CBC'} = '';
4c962356
EK
5070 $selected{'DCIPHER'}{'SEED-CBC'} = '';
5071 $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
5072 $selected{'DCIPHER'}{'CAST5-CBC'} = '';
5073 $selected{'DCIPHER'}{'BF-CBC'} = '';
4c962356 5074 $selected{'DCIPHER'}{'DES-CBC'} = '';
c6c9630e 5075 $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
4c962356
EK
5076
5077 $selected{'DAUTH'}{'whirlpool'} = '';
5078 $selected{'DAUTH'}{'SHA512'} = '';
5079 $selected{'DAUTH'}{'SHA384'} = '';
5080 $selected{'DAUTH'}{'SHA256'} = '';
4c962356
EK
5081 $selected{'DAUTH'}{'SHA1'} = '';
5082 $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
5083
c6c9630e
MT
5084 $checked{'DCOMPLZO'}{'off'} = '';
5085 $checked{'DCOMPLZO'}{'on'} = '';
5086 $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
4c962356 5087
d96c89eb
AH
5088# m.a.d
5089 $checked{'MSSFIX'}{'off'} = '';
5090 $checked{'MSSFIX'}{'on'} = '';
5091 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
6e13d0a5 5092#new settings
c6c9630e
MT
5093 &Header::showhttpheaders();
5094 &Header::openpage($Lang::tr{'status ovpn'}, 1, '');
5095 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
6e13d0a5 5096
c6c9630e 5097 if ($errormessage) {
6e13d0a5
MT
5098 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
5099 print "<class name='base'>$errormessage\n";
5100 print "&nbsp;</class>\n";
5101 &Header::closebox();
c6c9630e 5102 }
6e13d0a5 5103
b2e75449
MT
5104 if ($warnmessage) {
5105 &Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'});
5106 print "$warnmessage<br>";
5107 print "$Lang::tr{'fwdfw warn1'}<br>";
5108 &Header::closebox();
5109 print"<center><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'ok'}' style='width: 5em;'></form>";
5110 &Header::closepage();
5111 exit 0;
5112 }
4d81e0f3 5113
c6c9630e
MT
5114 my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
5115 my $srunning = "no";
5116 my $activeonrun = "";
5117 if ( -e "/var/run/openvpn.pid"){
6e13d0a5
MT
5118 $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'running'}</font></b></td></tr></table>";
5119 $srunning ="yes";
5120 $activeonrun = "";
c6c9630e 5121 } else {
6e13d0a5 5122 $activeonrun = "disabled='disabled'";
c6c9630e 5123 }
afabe9f7 5124 &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'});
4c962356 5125 print <<END;
631b67b7 5126 <table width='100%' border='0'>
c6c9630e
MT
5127 <form method='post'>
5128 <td width='25%'>&nbsp;</td>
5129 <td width='25%'>&nbsp;</td>
5130 <td width='25%'>&nbsp;</td></tr>
5131 <tr><td class='boldbase'>$Lang::tr{'ovpn server status'}</td>
5132 <td align='left'>$sactive</td>
5133 <tr><td class='boldbase'>$Lang::tr{'ovpn on red'}</td>
8c877a82 5134 <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
c6c9630e
MT
5135END
5136;
5137 if (&haveBlueNet()) {
5138 print "<tr><td class='boldbase'>$Lang::tr{'ovpn on blue'}</td>";
5139 print "<td><input type='checkbox' name='ENABLED_BLUE' $checked{'ENABLED_BLUE'}{'on'} /></td>";
5140 }
5141 if (&haveOrangeNet()) {
5142 print "<tr><td class='boldbase'>$Lang::tr{'ovpn on orange'}</td>";
5143 print "<td><input type='checkbox' name='ENABLED_ORANGE' $checked{'ENABLED_ORANGE'}{'on'} /></td>";
5144 }
4c962356 5145 print <<END;
4e17adad
CS
5146 <tr><td class='base' nowrap='nowrap' colspan='2'>$Lang::tr{'local vpn hostname/ip'}:<br /><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' size='30' /></td>
5147 <td class='boldbase' nowrap='nowrap' colspan='2'>$Lang::tr{'ovpn subnet'}<br /><input type='TEXT' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}' size='30' /></td></tr>
c6c9630e
MT
5148 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
5149 <td><select name='DPROTOCOL'><option value='udp' $selected{'DPROTOCOL'}{'udp'}>UDP</option>
5150 <option value='tcp' $selected{'DPROTOCOL'}{'tcp'}>TCP</option></select></td>
5151 <td class='boldbase'>$Lang::tr{'destination port'}:</td>
5152 <td><input type='TEXT' name='DDEST_PORT' value='$cgiparams{'DDEST_PORT'}' size='5' /></td></tr>
5153 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;</td>
bc2b3e94 5154 <td> <input type='TEXT' name='DMTU' VALUE='$cgiparams{'DMTU'}' size='5' /></td>
f527e53f 5155
4c962356
EK
5156 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>
5157 <td><select name='DCIPHER'>
52f61e49
EKD
5158 <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option>
5159 <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option>
5160 <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option>
4c962356 5161 <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
f527e53f 5162 <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
4c962356
EK
5163 <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
5164 <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option>
5165 <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
5166 <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
4c962356 5167 <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
ea6dd5b0
EK
5168 <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5169 <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5170 <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5171 <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5172 <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4c962356
EK
5173 </select>
5174 </td>
c6c9630e
MT
5175 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
5176 <td><input type='checkbox' name='DCOMPLZO' $checked{'DCOMPLZO'}{'on'} /></td>
4c962356 5177 </tr>
f7edf97a 5178 <tr><td colspan='4'><br><br></td></tr>
c6c9630e
MT
5179END
5180;
5181
5182 if ( $srunning eq "yes" ) {
8c877a82
AM
5183 print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' disabled='disabled' />";
5184 print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />";
5185 print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />";
5186 print "<input type='submit' name='ACTION' value='$Lang::tr{'stop ovpn server'}' /></td></tr>";
c6c9630e 5187 } else{
8c877a82
AM
5188 print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
5189 print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />";
5190 print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />";
c6c9630e
MT
5191 if (( -e "${General::swroot}/ovpn/ca/cacert.pem" &&
5192 -e "${General::swroot}/ovpn/ca/dh1024.pem" &&
5193 -e "${General::swroot}/ovpn/certs/servercert.pem" &&
5194 -e "${General::swroot}/ovpn/certs/serverkey.pem") &&
5195 (( $cgiparams{'ENABLED'} eq 'on') ||
5196 ( $cgiparams{'ENABLED_BLUE'} eq 'on') ||
5197 ( $cgiparams{'ENABLED_ORANGE'} eq 'on'))){
8c877a82 5198 print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' /></td></tr>";
c6c9630e 5199 } else {
8c877a82 5200 print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' disabled='disabled' /></td></tr>";
c6c9630e
MT
5201 }
5202 }
5203 print "</form></table>";
5204 &Header::closebox();
6e13d0a5 5205
c6c9630e 5206 if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
ce9abb66 5207###
7c1d9faf 5208# m.a.d net2net
54fd0535 5209#<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b><br /><img src='/images/null.gif' width='125' height='1' border='0' alt='L2089' /></td>
ce9abb66
AH
5210###
5211
4c962356 5212 &Header::openbox('100%', 'LEFT', $Lang::tr{'connection status and controlc' });
c6c9630e 5213 ;
99bfa85c
AM
5214 my $id = 0;
5215 my $gif;
f7edf97a 5216 my $col1="";
5b942f7f 5217 my $lastnet;
c8b51e28 5218 foreach my $key (sort { ncmp ($confighash{$a}[32],$confighash{$b}[32]) } sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) {
5b942f7f
AM
5219 if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]=$Lang::tr{'fwhost OpenVPN N-2-N'};}
5220 if ($confighash{$key}[32] eq "dynamic"){$confighash{$key}[32]=$Lang::tr{'ccd dynrange'};}
5221 if($id == 0){
5222 print"<b>$confighash{$key}[32]</b>";
5223 print <<END;
5224 <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
5225<tr>
5226 <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
5227 <th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th>
5228 <th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
5229 <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
71af643c 5230 <th width='5%' class='boldbase' colspan='7' align='center'><b>$Lang::tr{'action'}</b></th>
5b942f7f
AM
5231</tr>
5232END
5233 }
5234 if ($id > 0 && $lastnet ne $confighash{$key}[32]){
5235 print "</table><br>";
5236 print"<b>$confighash{$key}[32]</b>";
5237 print <<END;
5238 <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
5239<tr>
5240 <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
5241 <th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th>
5242 <th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
5243 <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
71af643c 5244 <th width='5%' class='boldbase' colspan='7' align='center'><b>$Lang::tr{'action'}</b></th>
5b942f7f
AM
5245</tr>
5246END
5247 }
eff2dbf8 5248 if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
c6c9630e 5249 if ($id % 2) {
99bfa85c
AM
5250 print "<tr>";
5251 $col="bgcolor='$color{'color20'}'";
bb89e92a 5252 } else {
99bfa85c
AM
5253 print "<tr>";
5254 $col="bgcolor='$color{'color22'}'";
c6c9630e 5255 }
99bfa85c
AM
5256 print "<td align='center' nowrap='nowrap' $col>$confighash{$key}[1]</td>";
5257 print "<td align='center' nowrap='nowrap' $col>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>";
8c877a82
AM
5258 #if ($confighash{$key}[4] eq 'cert') {
5259 #print "<td align='left' nowrap='nowrap'>$confighash{$key}[2]</td>";
5260 #} else {
5261 #print "<td align='left'>&nbsp;</td>";
5262 #}
c6c9630e
MT
5263 my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
5264 $cavalid =~ /Not After : (.*)[\n]/;
5265 $cavalid = $1;
99bfa85c 5266 print "<td align='center' $col>$confighash{$key}[25]</td>";
f7edf97a
AM
5267 $col1="bgcolor='${Header::colourred}'";
5268 my $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>";
ce9abb66 5269
c6c9630e 5270 if ($confighash{$key}[0] eq 'off') {
f7edf97a
AM
5271 $col1="bgcolor='${Header::colourblue}'";
5272 $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>";
c6c9630e 5273 } else {
ce9abb66
AH
5274
5275###
7c1d9faf 5276# m.a.d net2net
f7edf97a
AM
5277###
5278
b278daf3 5279 if ($confighash{$key}[3] eq 'net') {
54fd0535
MT
5280
5281 if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
5282 my @output = "";
5283 my @tustate = "";
5284 my $tport = $confighash{$key}[22];
5285 my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport);
5286 if ($tport ne '') {
5287 $tnet->open('127.0.0.1');
5288 @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/');
5289 @tustate = split(/\,/, $output[1]);
5290###
5291#CONNECTING -- OpenVPN's initial state.
5292#WAIT -- (Client only) Waiting for initial response from server.
5293#AUTH -- (Client only) Authenticating with server.
5294#GET_CONFIG -- (Client only) Downloading configuration options from server.
5295#ASSIGN_IP -- Assigning IP address to virtual network interface.
5296#ADD_ROUTES -- Adding routes to system.
5297#CONNECTED -- Initialization Sequence Completed.
5298#RECONNECTING -- A restart has occurred.
5299#EXITING -- A graceful exit is in progress.
5300####
5301
ed4b4c19 5302 if (($tustate[1] eq 'CONNECTED') || ($tustate[1] eq 'WAIT')) {
f7edf97a
AM
5303 $col1="bgcolor='${Header::colourgreen}'";
5304 $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b>";
5305 }else {
5306 $col1="bgcolor='${Header::colourred}'";
5307 $active = "<b><font color='#FFFFFF'>$tustate[1]</font></b>";
5308 }
54fd0535 5309 }
54fd0535 5310 }
f7edf97a
AM
5311 }else {
5312
5313 my $cn;
5314 my @match = ();
5315 foreach my $line (@status) {
5316 chomp($line);
5317 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
5318 @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
5319 if ($match[1] ne "Common Name") {
5320 $cn = $match[1];
5321 }
5322 $cn =~ s/[_]/ /g;
5323 if ($cn eq "$confighash{$key}[2]") {
5324 $col1="bgcolor='${Header::colourgreen}'";
5325 $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b>";
5326 }
5327 }
5328 }
c6c9630e 5329 }
7c1d9faf 5330}
ce9abb66
AH
5331
5332
4c962356 5333 print <<END;
f7edf97a 5334 <td align='center' $col1>$active</td>
c6c9630e 5335
99bfa85c 5336 <form method='post' name='frm${key}a'><td align='center' $col>
96096995
AM
5337 <input type='image' name='$Lang::tr{'dl client arch'}' src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
5338 <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
5339 <input type='hidden' name='KEY' value='$key' />
c6c9630e
MT
5340 </td></form>
5341END
5342 ;
71af643c
MT
5343
5344 if ($confighash{$key}[41] eq "no-pass") {
5345 print <<END;
5346 <form method='post' name='frm${key}g'><td align='center' $col>
5347 <input type='image' name='$Lang::tr{'dl client arch insecure'}' src='/images/openvpn.png'
5348 alt='$Lang::tr{'dl client arch insecure'}' title='$Lang::tr{'dl client arch insecure'}' border='0' />
5349 <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
5350 <input type='hidden' name='MODE' value='insecure' />
5351 <input type='hidden' name='KEY' value='$key' />
5352 </td></form>
5353END
5354 } else {
5355 print "<td $col>&nbsp;</td>";
5356 }
5357
c6c9630e 5358 if ($confighash{$key}[4] eq 'cert') {
4c962356 5359 print <<END;
99bfa85c 5360 <form method='post' name='frm${key}b'><td align='center' $col>
c6c9630e
MT
5361 <input type='image' name='$Lang::tr{'show certificate'}' src='/images/info.gif' alt='$Lang::tr{'show certificate'}' title='$Lang::tr{'show certificate'}' border='0' />
5362 <input type='hidden' name='ACTION' value='$Lang::tr{'show certificate'}' />
5363 <input type='hidden' name='KEY' value='$key' />
5364 </td></form>
5365END
5366 ; } else {
5367 print "<td>&nbsp;</td>";
5368 }
5369 if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") {
4c962356 5370 print <<END;
99bfa85c 5371 <form method='post' name='frm${key}c'><td align='center' $col>
438dd0cc 5372 <input type='image' name='$Lang::tr{'download pkcs12 file'}' src='/images/media-floppy.png' alt='$Lang::tr{'download pkcs12 file'}' title='$Lang::tr{'download pkcs12 file'}' border='0' />
c6c9630e
MT
5373 <input type='hidden' name='ACTION' value='$Lang::tr{'download pkcs12 file'}' />
5374 <input type='hidden' name='KEY' value='$key' />
5375 </td></form>
5376END
5377 ; } elsif ($confighash{$key}[4] eq 'cert') {
4c962356 5378 print <<END;
99bfa85c 5379 <form method='post' name='frm${key}c'><td align='center' $col>
438dd0cc 5380 <input type='image' name='$Lang::tr{'download certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' title='$Lang::tr{'download certificate'}' border='0' />
c6c9630e
MT
5381 <input type='hidden' name='ACTION' value='$Lang::tr{'download certificate'}' />
5382 <input type='hidden' name='KEY' value='$key' />
5383 </td></form>
5384END
5385 ; } else {
5386 print "<td>&nbsp;</td>";
5387 }
5388 print <<END
99bfa85c 5389 <form method='post' name='frm${key}d'><td align='center' $col>
c6c9630e
MT
5390 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$Lang::tr{'toggle enable disable'}' title='$Lang::tr{'toggle enable disable'}' border='0' />
5391 <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
5392 <input type='hidden' name='KEY' value='$key' />
5393 </td></form>
5394
99bfa85c 5395 <form method='post' name='frm${key}e'><td align='center' $col>
c6c9630e
MT
5396 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
5397 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' width='20' height='20' border='0'/>
5398 <input type='hidden' name='KEY' value='$key' />
5399 </td></form>
99bfa85c 5400 <form method='post' name='frm${key}f'><td align='center' $col>
c6c9630e
MT
5401 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
5402 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' width='20' height='20' border='0' />
5403 <input type='hidden' name='KEY' value='$key' />
5404 </td></form>
5405 </tr>
5406END
5407 ;
5408 $id++;
5b942f7f 5409 $lastnet = $confighash{$key}[32];
c6c9630e 5410 }
5b942f7f 5411 print"</table>";
c6c9630e
MT
5412 ;
5413
5414 # If the config file contains entries, print Key to action icons
5415 if ( $id ) {
4c962356 5416 print <<END;
8c877a82 5417 <table border='0'>
c6c9630e 5418 <tr>
4c962356
EK
5419 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
5420 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
5421 <td class='base'>$Lang::tr{'click to disable'}</td>
5422 <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
5423 <td class='base'>$Lang::tr{'show certificate'}</td>
5424 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
5425 <td class='base'>$Lang::tr{'edit'}</td>
5426 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
5427 <td class='base'>$Lang::tr{'remove'}</td>
c6c9630e
MT
5428 </tr>
5429 <tr>
4c962356
EK
5430 <td>&nbsp; </td>
5431 <td>&nbsp; <img src='/images/off.gif' alt='?OFF' /></td>
5432 <td class='base'>$Lang::tr{'click to enable'}</td>
5433 <td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
5434 <td class='base'>$Lang::tr{'download certificate'}</td>
5435 <td>&nbsp; &nbsp; <img src='/images/openvpn.png' alt='?RELOAD'/></td>
5436 <td class='base'>$Lang::tr{'dl client arch'}</td>
5437 </tr>
f7edf97a 5438 </table><br>
c6c9630e
MT
5439END
5440 ;
5441 }
5442
4c962356 5443 print <<END;
c6c9630e
MT
5444 <table width='100%'>
5445 <form method='post'>
4c962356
EK
5446 <tr><td align='right'>
5447 <input type='submit' name='ACTION' value='$Lang::tr{'add'}' />
5448 <input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td>
5449 </tr>
c6c9630e
MT
5450 </form>
5451 </table>
5452END
4c962356
EK
5453 ;
5454 &Header::closebox();
5455 }
fd5ccb2d
EK
5456
5457 # CA/key listing
4c962356
EK
5458 &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}");
5459 print <<END;
5460 <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
5461 <tr>
5462 <th width='25%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
5463 <th width='65%' class='boldbase' align='center'><b>$Lang::tr{'subject'}</b></th>
5464 <th width='10%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></th>
5465 </tr>
5466END
5467 ;
5468 my $col1="bgcolor='$color{'color22'}'";
f7fb5bc5 5469 my $col2="bgcolor='$color{'color20'}'";
c8f50356 5470 # DH parameter line
f7fb5bc5 5471 my $col3="bgcolor='$color{'color22'}'";
fd5ccb2d
EK
5472 # ta.key line
5473 my $col4="bgcolor='$color{'color20'}'";
f7fb5bc5 5474
4c962356
EK
5475 if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
5476 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
5477 $casubject =~ /Subject: (.*)[\n]/;
5478 $casubject = $1;
5479 $casubject =~ s+/Email+, E+;
5480 $casubject =~ s/ ST=/ S=/;
5481 print <<END;
5482 <tr>
5483 <td class='base' $col1>$Lang::tr{'root certificate'}</td>
5484 <td class='base' $col1>$casubject</td>
c8f50356 5485 <form method='post' name='frmrootcrta'><td width='3%' align='center' $col1>
4c962356
EK
5486 <input type='hidden' name='ACTION' value='$Lang::tr{'show root certificate'}' />
5487 <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show root certificate'}' title='$Lang::tr{'show root certificate'}' width='20' height='20' border='0' />
c8f50356
EK
5488 </form>
5489 <form method='post' name='frmrootcrtb'><td width='3%' align='center' $col1>
4c962356
EK
5490 <input type='image' name='$Lang::tr{'download root certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download root certificate'}' title='$Lang::tr{'download root certificate'}' border='0' />
5491 <input type='hidden' name='ACTION' value='$Lang::tr{'download root certificate'}' />
c8f50356
EK
5492 </form>
5493 <td width='4%' $col1>&nbsp;</td>
5494 </tr>
4c962356
EK
5495END
5496 ;
5497 } else {
5498 # display rootcert generation buttons
5499 print <<END;
5500 <tr>
5501 <td class='base' $col1>$Lang::tr{'root certificate'}:</td>
5502 <td class='base' $col1>$Lang::tr{'not present'}</td>
c8f50356
EK
5503 <td colspan='3' $col1>&nbsp;</td>
5504 </tr>
4c962356
EK
5505END
5506 ;
5507 }
5508
5509 if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
5510 my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
5511 $hostsubject =~ /Subject: (.*)[\n]/;
5512 $hostsubject = $1;
5513 $hostsubject =~ s+/Email+, E+;
5514 $hostsubject =~ s/ ST=/ S=/;
5515
5516 print <<END;
5517 <tr>
5518 <td class='base' $col2>$Lang::tr{'host certificate'}</td>
5519 <td class='base' $col2>$hostsubject</td>
c8f50356 5520 <form method='post' name='frmhostcrta'><td width='3%' align='center' $col2>
4c962356
EK
5521 <input type='hidden' name='ACTION' value='$Lang::tr{'show host certificate'}' />
5522 <input type='image' name='$Lang::tr{'show host certificate'}' src='/images/info.gif' alt='$Lang::tr{'show host certificate'}' title='$Lang::tr{'show host certificate'}' width='20' height='20' border='0' />
c8f50356
EK
5523 </form>
5524 <form method='post' name='frmhostcrtb'><td width='3%' align='center' $col2>
4c962356
EK
5525 <input type='image' name="$Lang::tr{'download host certificate'}" src='/images/media-floppy.png' alt="$Lang::tr{'download host certificate'}" title="$Lang::tr{'download host certificate'}" border='0' />
5526 <input type='hidden' name='ACTION' value="$Lang::tr{'download host certificate'}" />
c8f50356
EK
5527 </td></form>
5528 <td width='4%' $col2>&nbsp;</td>
5529 </tr>
4c962356
EK
5530END
5531 ;
5532 } else {
5533 # Nothing
5534 print <<END;
5535 <tr>
5536 <td width='25%' class='base' $col2>$Lang::tr{'host certificate'}:</td>
5537 <td class='base' $col2>$Lang::tr{'not present'}</td>
c8f50356
EK
5538 </td><td colspan='3' $col2>&nbsp;</td>
5539 </tr>
4c962356
EK
5540END
5541 ;
5542 }
ce9abb66 5543
f7fb5bc5
EK
5544 # Adding DH parameter to chart
5545 if (-f "${General::swroot}/ovpn/ca/dh1024.pem") {
5546 my $dhsubject = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
c8f50356 5547 $dhsubject =~ / (.*)[\n]/;
f7fb5bc5
EK
5548 $dhsubject = $1;
5549
5550
5551 print <<END;
5552 <tr>
5553 <td class='base' $col3>$Lang::tr{'dh parameter'}</td>
5554 <td class='base' $col3>$dhsubject</td>
c8f50356 5555 <form method='post' name='frmdhparam'><td width='3%' align='center' $col3>
f7fb5bc5
EK
5556 <input type='hidden' name='ACTION' value='$Lang::tr{'show dh'}' />
5557 <input type='image' name='$Lang::tr{'show dh'}' src='/images/info.gif' alt='$Lang::tr{'show dh'}' title='$Lang::tr{'show dh'}' width='20' height='20' border='0' />
c8f50356
EK
5558 </form>
5559 <form method='post' name='frmdhparam'><td width='3%' align='center' $col3>
c8f50356
EK
5560 </form>
5561 <td width='4%' $col3>&nbsp;</td>
5562 </tr>
f7fb5bc5
EK
5563END
5564 ;
5565 } else {
5566 # Nothing
5567 print <<END;
5568 <tr>
5569 <td width='25%' class='base' $col3>$Lang::tr{'dh parameter'}:</td>
5570 <td class='base' $col3>$Lang::tr{'not present'}</td>
c8f50356
EK
5571 </td><td colspan='3' $col3>&nbsp;</td>
5572 </tr>
f7fb5bc5
EK
5573END
5574 ;
5575 }
5576
fd5ccb2d
EK
5577 # Adding ta.key to chart
5578 if (-f "${General::swroot}/ovpn/certs/ta.key") {
5579 my $tasubject = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
5580 $tasubject =~ /# (.*)[\n]/;
5581 $tasubject = $1;
5582 print <<END;
5583
5584 <tr>
5585 <td class='base' $col4>$Lang::tr{'ta key'}</td>
5586 <td class='base' $col4>$tasubject</td>
5587 <form method='post' name='frmtakey'><td width='3%' align='center' $col4>
5588 <input type='hidden' name='ACTION' value='$Lang::tr{'show tls-auth key'}' />
5589 <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show tls-auth key'}' title='$Lang::tr{'show tls-auth key'}' width='20' height='20' border='0' />
5590 </form>
5591 <form method='post' name='frmtakey'><td width='3%' align='center' $col4>
5592 <input type='image' name='$Lang::tr{'download tls-auth key'}' src='/images/media-floppy.png' alt='$Lang::tr{'download tls-auth key'}' title='$Lang::tr{'download tls-auth key'}' border='0' />
5593 <input type='hidden' name='ACTION' value='$Lang::tr{'download tls-auth key'}' />
5594 </form>
5595 <td width='4%' $col4>&nbsp;</td>
5596 </tr>
5597END
5598 ;
5599 } else {
5600 # Nothing
5601 print <<END;
5602 <tr>
5603 <td width='25%' class='base' $col4>$Lang::tr{'ta key'}:</td>
5604 <td class='base' $col4>$Lang::tr{'not present'}</td>
5605 <td colspan='3' $col4>&nbsp;</td>
5606 </tr>
5607END
5608 ;
5609 }
5610
4c962356
EK
5611 if (! -f "${General::swroot}/ovpn/ca/cacert.pem") {
5612 print "<tr><td colspan='5' align='center'><form method='post'>";
5613 print "<input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' />";
5614 print "</form></td></tr>\n";
5615 }
5616
5617 if (keys %cahash > 0) {
5618 foreach my $key (keys %cahash) {
5619 if (($key + 1) % 2) {
5620 print "<tr bgcolor='$color{'color20'}'>\n";
5621 } else {
5622 print "<tr bgcolor='$color{'color22'}'>\n";
5623 }
5624 print "<td class='base'>$cahash{$key}[0]</td>\n";
5625 print "<td class='base'>$cahash{$key}[1]</td>\n";
5626 print <<END;
5627 <form method='post' name='cafrm${key}a'><td align='center'>
5628 <input type='image' name='$Lang::tr{'show ca certificate'}' src='/images/info.gif' alt='$Lang::tr{'show ca certificate'}' title='$Lang::tr{'show ca certificate'}' border='0' />
5629 <input type='hidden' name='ACTION' value='$Lang::tr{'show ca certificate'}' />
5630 <input type='hidden' name='KEY' value='$key' />
5631 </td></form>
5632 <form method='post' name='cafrm${key}b'><td align='center'>
5633 <input type='image' name='$Lang::tr{'download ca certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download ca certificate'}' title='$Lang::tr{'download ca certificate'}' border='0' />
5634 <input type='hidden' name='ACTION' value='$Lang::tr{'download ca certificate'}' />
5635 <input type='hidden' name='KEY' value='$key' />
5636 </td></form>
5637 <form method='post' name='cafrm${key}c'><td align='center'>
5638 <input type='hidden' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
5639 <input type='image' name='$Lang::tr{'remove ca certificate'}' src='/images/delete.gif' alt='$Lang::tr{'remove ca certificate'}' title='$Lang::tr{'remove ca certificate'}' width='20' height='20' border='0' />
5640 <input type='hidden' name='KEY' value='$key' />
5641 </td></form></tr>
5642END
5643 ;
5644 }
5645 }
5646
5647 print "</table>";
5648
5649 # If the file contains entries, print Key to action icons
5650 if ( -f "${General::swroot}/ovpn/ca/cacert.pem") {
5651 print <<END;
5652 <table>
5653 <tr>
5654 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
5655 <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
5656 <td class='base'>$Lang::tr{'show certificate'}</td>
5657 <td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' /></td>
5658 <td class='base'>$Lang::tr{'download certificate'}</td>
5659 </tr>
5660 </table>
5661END
5662 ;
5663 }
ce9abb66 5664
4c962356 5665 print <<END
578f23c8
SS
5666
5667 <br><hr><br>
5668
4c962356 5669 <form method='post' enctype='multipart/form-data'>
578f23c8
SS
5670 <table border='0' width='100%'>
5671 <tr>
5672 <td colspan='4'><b>$Lang::tr{'upload ca certificate'}</b></td>
5673 </tr>
4c962356 5674
578f23c8
SS
5675 <tr>
5676 <td width='10%'>$Lang::tr{'ca name'}:</td>
5677 <td width='30%'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'></td>
5678 <td width='30%'><input type='file' name='FH' size='25'>
5679 <td width='30%'align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}'></td>
5680 </tr>
f527e53f 5681
578f23c8
SS
5682 <tr>
5683 <td colspan='3'>&nbsp;</td>
5684 <td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td>
5685 </tr>
5686 </table>
f527e53f 5687
578f23c8
SS
5688 <br>
5689
5690 <table border='0' width='100%'>
5691 <tr>
5692 <td colspan='4'><b>$Lang::tr{'ovpn dh parameters'}</b></td>
5693 </tr>
5694
5695 <tr>
5696 <td width='40%'>$Lang::tr{'ovpn dh upload'}:</td>
5697 <td width='30%'><input type='file' name='FH' size='25'>
5698 <td width='30%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload dh key'}'></td>
5699 </tr>
5700
5701 <tr>
5702 <td width='40%'>$Lang::tr{'ovpn dh new key'}:</td>
5703 <td colspan='2' width='60%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
5704 </tr>
5705 </table>
5706 </form>
f527e53f 5707
578f23c8 5708 <br><hr>
4c962356
EK
5709END
5710 ;
5711
5712 if ( $srunning eq "yes" ) {
5713 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' disabled='disabled' /></div></form>\n";
5714 } else {
5715 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' /></div></form>\n";
5716 }
5717 &Header::closebox();
5718END
5719 ;
5720
5721&Header::closepage();
ce9abb66 5722