]>
git.ipfire.org Git - ipfire-2.x.git/blob - html/cgi-bin/ovpnmain.cgi
2 # based on SmoothWall and IPCop CGIs
4 # This code is distributed under the terms of the GPL
5 # Main idea from zeroconcept
6 # ZERNINA-VERSION:0.9.7a7
7 # (c) 2005 Ufuk Altinkaynak
9 # Ipcop and OpenVPN easy as one two three..
13 use CGI qw
/:standard/ ;
16 use File
:: Temp qw
/ tempfile tempdir / ;
18 use Archive
:: Zip
qw(:ERROR_CODES :CONSTANTS) ;
20 require '/var/ipfire/general-functions.pl' ;
21 require '/home/httpd/cgi-bin/ovpnfunc.pl' ;
22 require "${General::swroot}/lang.pl" ;
23 require "${General::swroot}/header.pl" ;
24 require "${General::swroot}/countries.pl" ;
26 # enable only the following on debugging purpose
28 #use CGI::Carp 'fatalsToBrowser';
29 #workaround to suppress a warning when a variable is used only once
30 my @dummy = ( ${ Header
:: colourgreen
} );
36 ### Initialize variables
46 my $errormessage = '' ;
48 my $zerinaclient = '' ;
49 & General
:: readhash
( "${General::swroot}/ethernet/settings" , \
%netsettings );
50 $cgiparams { 'ENABLED' } = 'off' ;
51 $cgiparams { 'ENABLED_BLUE' } = 'off' ;
52 $cgiparams { 'ENABLED_ORANGE' } = 'off' ;
53 $cgiparams { 'EDIT_ADVANCED' } = 'off' ;
54 $cgiparams { 'NAT' } = 'off' ;
55 $cgiparams { 'COMPRESSION' } = 'off' ;
56 $cgiparams { 'ONLY_PROPOSED' } = 'off' ;
57 $cgiparams { 'ACTION' } = '' ;
58 $cgiparams { 'CA_NAME' } = '' ;
59 $cgiparams { 'DHCP_DOMAIN' } = '' ;
60 $cgiparams { 'DHCP_DNS' } = '' ;
61 $cgiparams { 'DHCP_WINS' } = '' ;
62 $cgiparams { 'DCOMPLZO' } = 'off' ;
63 & Header
:: getcgihash
( \
%cgiparams , { 'wantfile' => 1 , 'filevar' => 'FH' });
65 # prepare openvpn config file
71 ### OpenVPN Server Control
73 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'start ovpn server' } ||
74 $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'stop ovpn server' } ||
75 $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'restart ovpn server' }) {
77 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'start ovpn server' }){
78 & Ovpnfunc
:: emptyserverlog
();
79 system ( '/usr/local/bin/openvpnctrl' , '-s' );
82 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'stop ovpn server' }){
83 system ( '/usr/local/bin/openvpnctrl' , '-k' );
84 & Ovpnfunc
:: emptyserverlog
();
86 # #restart openvpn server
87 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'restart ovpn server' }){
88 #workarund, till SIGHUP also works when running as nobody
89 system ( '/usr/local/bin/openvpnctrl' , '-r' );
90 & Ovpnfunc
:: emptyserverlog
();
97 ### Save Advanced options
100 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save-adv-options' }) {
101 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
102 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
103 #DAN this value has to leave.
104 #new settings for daemon
105 $vpnsettings { 'LOG_VERB' } = $cgiparams { 'LOG_VERB' };
106 $vpnsettings { 'KEEPALIVE_1' } = $cgiparams { 'KEEPALIVE_1' };
107 $vpnsettings { 'KEEPALIVE_2' } = $cgiparams { 'KEEPALIVE_2' };
108 $vpnsettings { 'MAX_CLIENTS' } = $cgiparams { 'MAX_CLIENTS' };
109 $vpnsettings { 'REDIRECT_GW_DEF1' } = $cgiparams { 'REDIRECT_GW_DEF1' };
110 $vpnsettings { 'CLIENT2CLIENT' } = $cgiparams { 'CLIENT2CLIENT' };
111 $vpnsettings { 'DHCP_DOMAIN' } = $cgiparams { 'DHCP_DOMAIN' };
112 $vpnsettings { 'DHCP_DNS' } = $cgiparams { 'DHCP_DNS' };
113 $vpnsettings { 'DHCP_WINS' } = $cgiparams { 'DHCP_WINS' };
114 #additional push route
115 $vpnsettings { 'AD_ROUTE1' } = $cgiparams { 'AD_ROUTE1' };
116 $vpnsettings { 'AD_ROUTE2' } = $cgiparams { 'AD_ROUTE2' };
117 $vpnsettings { 'AD_ROUTE3' } = $cgiparams { 'AD_ROUTE3' };
118 #additional push route
120 #################################################################################
121 # Added by Philipp Jenni #
123 # Contact: philipp.jenni-at-gmx.ch #
125 # Description: Add the FAST-IO Parameter from OpenVPN to the Zerina Config #
126 # Add the NICE Parameter from OpenVPN to the Zerina Config #
127 # Add the MTU-DISC Parameter from OpenVPN to the Zerina Config #
128 # Add the MSSFIX Parameter from OpenVPN to the Zerina Config #
129 # Add the FRAMGMENT Parameter from OpenVPN to the Zerina Config #
130 #################################################################################
131 $vpnsettings { 'EXTENDED_FASTIO' } = $cgiparams { 'EXTENDED_FASTIO' };
132 $vpnsettings { 'EXTENDED_NICE' } = $cgiparams { 'EXTENDED_NICE' };
133 $vpnsettings { 'EXTENDED_MTUDISC' } = $cgiparams { 'EXTENDED_MTUDISC' };
134 $vpnsettings { 'EXTENDED_MSSFIX' } = $cgiparams { 'EXTENDED_MSSFIX' };
135 $vpnsettings { 'EXTENDED_FRAGMENT' } = $cgiparams { 'EXTENDED_FRAGMENT' };
136 #################################################################################
137 # End of Inserted Data #
138 #################################################################################
141 if ( $cgiparams { 'DHCP_DOMAIN' } ne '' ){
142 unless (& General
:: validfqdn
( $cgiparams { 'DHCP_DOMAIN' }) || & General
:: validip
( $cgiparams { 'DHCP_DOMAIN' })) {
143 $errormessage = $Lang :: tr
{ 'invalid input for dhcp domain' };
147 if ( $cgiparams { 'DHCP_DNS' } ne '' ){
148 unless (& General
:: validfqdn
( $cgiparams { 'DHCP_DNS' }) || & General
:: validip
( $cgiparams { 'DHCP_DNS' })) {
149 $errormessage = $Lang :: tr
{ 'invalid input for dhcp dns' };
153 if ( $cgiparams { 'DHCP_WINS' } ne '' ){
154 unless (& General
:: validfqdn
( $cgiparams { 'DHCP_WINS' }) || & General
:: validip
( $cgiparams { 'DHCP_WINS' })) {
155 $errormessage = $Lang :: tr
{ 'invalid input for dhcp wins' };
159 if ( $cgiparams { 'AD_ROUTE1' } ne '' ){
160 if (! & General
:: validipandmask
( $cgiparams { 'AD_ROUTE1' })) {
161 $errormessage = $Lang :: tr
{ 'route subnet is invalid' };
165 if ( $cgiparams { 'AD_ROUTE2' } ne '' ){
166 if (! & General
:: validipandmask
( $cgiparams { 'AD_ROUTE2' })) {
167 $errormessage = $Lang :: tr
{ 'route subnet is invalid' };
171 if ( $cgiparams { 'AD_ROUTE3' } ne '' ){
172 if (! & General
:: validipandmask
( $cgiparams { 'AD_ROUTE3' })) {
173 $errormessage = $Lang :: tr
{ 'route subnet is invalid' };
178 if (( length ( $cgiparams { 'MAX_CLIENTS' }) == 0 ) || (( $cgiparams { 'MAX_CLIENTS' }) < 1 ) || (( $cgiparams { 'MAX_CLIENTS' }) > 255 )) {
179 $errormessage = $Lang :: tr
{ 'invalid input for max clients' };
182 if ( $cgiparams { 'KEEPALIVE_1' } ne '' ) {
183 if ( $cgiparams { 'KEEPALIVE_1' } !~ /^[0-9]+$/ ) {
184 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 1' };
188 if ( $cgiparams { 'KEEPALIVE_2' } ne '' ){
189 if ( $cgiparams { 'KEEPALIVE_2' } !~ /^[0-9]+$/ ) {
190 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 2' };
194 if ( $cgiparams { 'KEEPALIVE_2' } < ( $cgiparams { 'KEEPALIVE_1' } * 2 )){
195 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 1:2' };
199 & General
:: writehash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
200 & Ovpnfunc
:: writeserverconf
(); #hier ok
204 ### Save main settings
206 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' } && $cgiparams { 'TYPE' } eq '' && $cgiparams { 'KEY' } eq '' ) {
207 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
208 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
209 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
210 #DAN this value has to leave.
211 if ( $cgiparams { 'ENABLED' } eq 'on' ){
212 unless (& General
:: validfqdn
( $cgiparams { 'VPN_IP' }) || & General
:: validip
( $cgiparams { 'VPN_IP' })) {
213 $errormessage = $Lang :: tr
{ 'invalid input for hostname' };
217 if ( $cgiparams { 'ENABLED' } eq 'on' ){
218 $errormessage = & Ovpnfunc
:: disallowreserved
( $cgiparams { 'DDEST_PORT' }, 0 , $cgiparams { 'DPROTOCOL' }, "dest" );
220 if ( $errormessage ) { goto SETTINGS_ERROR
; }
223 if ( $cgiparams { 'ENABLED' } eq 'on' ){
224 $errormessage = & Ovpnfunc
:: checkportfw
( 0 , $cgiparams { 'DDEST_PORT' }, $cgiparams { 'DPROTOCOL' }, '0.0.0.0' );
227 if ( $errormessage ) { goto SETTINGS_ERROR
; }
229 if (! & General
:: validipandmask
( $cgiparams { 'DOVPN_SUBNET' })) {
230 $errormessage = $Lang :: tr
{ 'ovpn subnet is invalid' };
233 my @tmpovpnsubnet = split ( "\/" , $cgiparams { 'DOVPN_SUBNET' });
234 $tmpovpnsubnet [ 1 ] = & Ovpnfunc
:: cidrormask
( $tmpovpnsubnet [ 1 ]);
235 $cgiparams { 'DOVPN_SUBNET' } = " $tmpovpnsubnet [0]/ $tmpovpnsubnet [1]" ; #convert from cidr
237 $errormessage = & Ovpnfunc
:: ovelapplausi
( $tmpovpnsubnet [ 0 ], $tmpovpnsubnet [ 1 ]);
239 if ( $errormessage ne '' ){
242 if ( $cgiparams { 'ENABLED' } !~ /^(on|off)$/ ) {
243 $errormessage = $Lang :: tr
{ 'invalid input' };
246 if (( length ( $cgiparams { 'DMTU' })== 0 ) || (( $cgiparams { 'DMTU' }) < 1000 )) {
247 $errormessage = $Lang :: tr
{ 'invalid mtu input' };
251 unless (& General
:: validport
( $cgiparams { 'DDEST_PORT' })) {
252 $errormessage = $Lang :: tr
{ 'invalid port' };
256 foreach my $dkey ( keys %confighash ) { #Check if there is no other entry with this name
257 if ( $confighash { $dkey }[ 14 ] eq $cgiparams { 'DPROTOCOL' } && $confighash { $dkey }[ 15 ] eq $cgiparams { 'DDEST_PORT' }){
258 $errormessage = "Choosed Protocol/Port combination is already used by connection: $confighash { $dkey }[1]" ;
263 $vpnsettings { 'ENABLED_BLUE' } = $cgiparams { 'ENABLED_BLUE' };
264 $vpnsettings { 'ENABLED_ORANGE' } = $cgiparams { 'ENABLED_ORANGE' };
265 $vpnsettings { 'ENABLED' } = $cgiparams { 'ENABLED' };
266 $vpnsettings { 'VPN_IP' } = $cgiparams { 'VPN_IP' };
267 #new settings for daemon
268 $vpnsettings { 'DOVPN_SUBNET' } = $cgiparams { 'DOVPN_SUBNET' };
269 $vpnsettings { 'DDEVICE' } = $cgiparams { 'DDEVICE' };
270 $vpnsettings { 'DPROTOCOL' } = $cgiparams { 'DPROTOCOL' };
271 $vpnsettings { 'DDEST_PORT' } = $cgiparams { 'DDEST_PORT' };
272 $vpnsettings { 'DMTU' } = $cgiparams { 'DMTU' };
273 $vpnsettings { 'DCOMPLZO' } = $cgiparams { 'DCOMPLZO' };
274 $vpnsettings { 'DCIPHER' } = $cgiparams { 'DCIPHER' };
275 #new settings for daemon
276 & General
:: writehash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
277 & Ovpnfunc
:: writeserverconf
(); #hier ok
282 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'reset' } && $cgiparams { 'AREUSURE' } eq 'yes' ) {
284 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
286 foreach my $key ( keys %confighash ) {
287 if ( $confighash { $key }[ 4 ] eq 'cert' ) {
288 delete $confighash { $cgiparams { ' $key ' }};
291 while ( $file = glob ( "${General::swroot}/ovpn/ca/*" )) {
294 while ( $file = glob ( "${General::swroot}/ovpn/certs/*" )) {
297 while ( $file = glob ( "${General::swroot}/ovpn/crls/*" )) {
300 & Ovpnfunc
:: cleanssldatabase
();
301 if ( open ( FILE
, ">${General::swroot}/ovpn/caconfig" )) {
305 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
309 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'reset' }) {
310 & Header
:: showhttpheaders
();
311 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
312 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
313 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'are you sure' });
315 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
316 <tr><td align='center'>
317 <b><font color='${Header::colourred}'> $Lang ::tr{'capswarning'}</font></b>:
318 $Lang ::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}
319 <tr><td align='center'><input type='submit' name='ACTION' value=' $Lang ::tr{'reset'}' />
320 <input type='submit' name='ACTION' value=' $Lang ::tr{'cancel'}' /></td></tr>
325 & Header
:: closebigbox
();
326 & Header
:: closepage
();
330 ### Upload CA Certificate
332 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'upload ca certificate' }) {
333 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
335 if ( $cgiparams { 'CA_NAME' } !~ /^[a-zA-Z0-9]+$/ ) {
336 $errormessage = $Lang :: tr
{ 'name must only contain characters' };
340 if ( length ( $cgiparams { 'CA_NAME' }) > 60 ) {
341 $errormessage = $Lang :: tr
{ 'name too long' };
345 if ( $cgiparams { 'CA_NAME' } eq 'ca' ) {
346 $errormessage = $Lang :: tr
{ 'name is invalid' };
347 goto UPLOAD_CA_ERROR
;
350 # Check if there is no other entry with this name
351 foreach my $key ( keys %cahash ) {
352 if ( $cahash { $key }[ 0 ] eq $cgiparams { 'CA_NAME' }) {
353 $errormessage = $Lang :: tr
{ 'a ca certificate with this name already exists' };
358 if ( ref ( $cgiparams { 'FH' }) ne 'Fh' ) {
359 $errormessage = $Lang :: tr
{ 'there was no file upload' };
362 # Move uploaded ca to a temporary file
363 ( my $fh , my $filename ) = tempfile
( );
364 if ( copy
( $cgiparams { 'FH' }, $fh ) != 1 ) {
368 my $temp = `/usr/bin/openssl x509 -text -in $filename ` ;
369 if ( $temp !~ /CA:TRUE/i ) {
370 $errormessage = $Lang :: tr
{ 'not a valid ca certificate' };
374 move
( $filename , "${General::swroot}/ovpn/ca/ $cgiparams {'CA_NAME'}cert.pem" );
376 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
382 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/ $cgiparams {'CA_NAME'}cert.pem` ;
383 $casubject =~ /Subject: (.*)[\n]/ ;
385 $casubject =~ s
+/ Email
+, E
+;
386 $casubject =~ s/ ST=/ S=/ ;
387 $casubject = & Header
:: cleanhtml
( $casubject );
389 my $key = & General
:: findhasharraykey
( \
%cahash );
390 $cahash { $key }[ 0 ] = $cgiparams { 'CA_NAME' };
391 $cahash { $key }[ 1 ] = $casubject ;
392 & General
:: writehasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
396 ### Display ca certificate
398 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'show ca certificate' }) {
399 & Ovpnfunc
:: displayca
( $cgiparams { 'KEY' });
401 ### Download ca certificate
403 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'download ca certificate' }) {
404 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
406 if ( - f
"${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem" ) {
407 print "Content-Type: application/octet-stream \r\n " ;
408 print "Content-Disposition: filename= $cahash { $cgiparams {'KEY'}}[0]cert.pem \r\n\r\n " ;
409 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem` ;
412 $errormessage = $Lang :: tr
{ 'invalid key' };
416 ### Remove ca certificate (step 2)
418 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'remove ca certificate' } && $cgiparams { 'AREUSURE' } eq 'yes' ) {
419 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
420 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
422 if ( - f
"${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem" ) {
423 foreach my $key ( keys %confighash ) {
424 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/ $confighash { $key }[1]cert.pem` ;
425 if ( $test =~ /: OK/ ) {
426 unlink ( "${General::swroot}/ovpn//certs/ $confighash { $key }[1]cert.pem" );
427 unlink ( "${General::swroot}/ovpn/certs/ $confighash { $key }[1].p12" );
428 delete $confighash { $key };
429 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
432 unlink ( "${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem" );
433 delete $cahash { $cgiparams { 'KEY' }};
434 & General
:: writehasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
436 $errormessage = $Lang :: tr
{ 'invalid key' };
439 ### Remove ca certificate (step 1)
441 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'remove ca certificate' }) {
442 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
443 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
445 my $assignedcerts = 0 ;
446 if ( - f
"${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem" ) {
447 foreach my $key ( keys %confighash ) {
448 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/ $confighash { $key }[1]cert.pem` ;
449 if ( $test =~ /: OK/ ) {
453 if ( $assignedcerts ) {
454 & Header
:: showhttpheaders
();
455 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
456 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
457 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'are you sure' });
459 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
460 <input type='hidden' name='KEY' value=' $cgiparams {'KEY'}' />
461 <tr><td align='center'>
462 <b><font color='${Header::colourred}'> $Lang ::tr{'capswarning'}</font></b>: $assignedcerts
463 $Lang ::tr{'connections are associated with this ca. deleting the ca will delete these connections as well.'}
464 <tr><td align='center'><input type='submit' name='ACTION' value=' $Lang ::tr{'remove ca certificate'}' />
465 <input type='submit' name='ACTION' value=' $Lang ::tr{'cancel'}' /></td></tr>
470 & Header
:: closebigbox
();
471 & Header
:: closepage
();
474 unlink ( "${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem" );
475 delete $cahash { $cgiparams { 'KEY' }};
476 & General
:: writehasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
477 # system('/usr/local/bin/ipsecctrl', 'R');
480 $errormessage = $Lang :: tr
{ 'invalid key' };
484 ### Display root certificate
486 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'show root certificate' } || $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'show host certificate' }) {
487 & Ovpnfunc
:: displayroothost
( $cgiparams { 'ACTION' });
489 ### Download root certificate
491 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'download root certificate' }) {
492 if ( - f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
493 print "Content-Type: application/octet-stream \r\n " ;
494 print "Content-Disposition: filename=cacert.pem \r\n\r\n " ;
495 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/cacert.pem` ;
500 ### Download host certificate
502 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'download host certificate' }) {
503 if ( - f
"${General::swroot}/ovpn/certs/servercert.pem" ) {
504 print "Content-Type: application/octet-stream \r\n " ;
505 print "Content-Disposition: filename=servercert.pem \r\n\r\n " ;
506 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem` ;
510 ### Form for generating a root certificate
512 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'generate root/host certificates' } ||
513 $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'upload p12 file' }) {
515 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
516 if (- f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
517 $errormessage = $Lang :: tr
{ 'valid root certificate already exists' };
518 $cgiparams { 'ACTION' } = '' ;
522 if (( $cgiparams { 'ROOTCERT_HOSTNAME' } eq '' ) && - e
"${General::swroot}/red/active" ) {
523 if ( open ( IPADDR
, "${General::swroot}/red/local-ipaddress" )) {
524 my $ipaddr = < IPADDR
>;
527 $cgiparams { 'ROOTCERT_HOSTNAME' } = ( gethostbyaddr ( pack ( "C4" , split ( /\./ , $ipaddr )), 2 ))[ 0 ];
528 if ( $cgiparams { 'ROOTCERT_HOSTNAME' } eq '' ) {
529 $cgiparams { 'ROOTCERT_HOSTNAME' } = $ipaddr ;
532 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'upload p12 file' }) {
534 if ( ref ( $cgiparams { 'FH' }) ne 'Fh' ) {
535 $errormessage = $Lang :: tr
{ 'there was no file upload' };
539 # Move uploaded certificate request to a temporary file
540 ( my $fh , my $filename ) = tempfile
( );
541 if ( copy
( $cgiparams { 'FH' }, $fh ) != 1 ) {
546 # Create a temporary dirctory
547 my $tempdir = tempdir
( CLEANUP
=> 1 );
549 # Extract the CA certificate from the file
550 my $pid = open ( OPENSSL
, "|-" );
551 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto ROOTCERT_ERROR
;};
553 if ( $cgiparams { 'P12_PASS' } ne '' ) {
554 print OPENSSL
" $cgiparams {'P12_PASS'} \n " ;
558 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
563 unless ( exec ( '/usr/bin/openssl' , 'pkcs12' , '-cacerts' , '-nokeys' ,
565 '-out' , " $tempdir /cacert.pem" )) {
566 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
572 # Extract the Host certificate from the file
573 $pid = open ( OPENSSL
, "|-" );
574 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto ROOTCERT_ERROR
;};
576 if ( $cgiparams { 'P12_PASS' } ne '' ) {
577 print OPENSSL
" $cgiparams {'P12_PASS'} \n " ;
581 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
586 unless ( exec ( '/usr/bin/openssl' , 'pkcs12' , '-clcerts' , '-nokeys' ,
588 '-out' , " $tempdir /hostcert.pem" )) {
589 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
595 # Extract the Host key from the file
596 $pid = open ( OPENSSL
, "|-" );
597 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto ROOTCERT_ERROR
;};
599 if ( $cgiparams { 'P12_PASS' } ne '' ) {
600 print OPENSSL
" $cgiparams {'P12_PASS'} \n " ;
604 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
609 unless ( exec ( '/usr/bin/openssl' , 'pkcs12' , '-nocerts' ,
612 '-out' , " $tempdir /serverkey.pem" )) {
613 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
619 move
( " $tempdir /cacert.pem" , "${General::swroot}/ovpn/ca/cacert.pem" );
621 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
623 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
624 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
625 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
629 move
( " $tempdir /hostcert.pem" , "${General::swroot}/ovpn/certs/servercert.pem" );
631 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
633 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
634 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
635 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
639 move
( " $tempdir /serverkey.pem" , "${General::swroot}/ovpn/certs/serverkey.pem" );
641 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
643 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
644 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
645 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
649 goto ROOTCERT_SUCCESS
;
651 } elsif ( $cgiparams { 'ROOTCERT_COUNTRY' } ne '' ) {
653 # Validate input since the form was submitted
654 if ( $cgiparams { 'ROOTCERT_ORGANIZATION' } eq '' ){
655 $errormessage = $Lang :: tr
{ 'organization cant be empty' };
658 if ( length ( $cgiparams { 'ROOTCERT_ORGANIZATION' }) > 60 ) {
659 $errormessage = $Lang :: tr
{ 'organization too long' };
662 if ( $cgiparams { 'ROOTCERT_ORGANIZATION' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
663 $errormessage = $Lang :: tr
{ 'invalid input for organization' };
666 if ( $cgiparams { 'ROOTCERT_HOSTNAME' } eq '' ){
667 $errormessage = $Lang :: tr
{ 'hostname cant be empty' };
670 unless (& General
:: validfqdn
( $cgiparams { 'ROOTCERT_HOSTNAME' }) || & General
:: validip
( $cgiparams { 'ROOTCERT_HOSTNAME' })) {
671 $errormessage = $Lang :: tr
{ 'invalid input for hostname' };
674 if ( $cgiparams { 'ROOTCERT_EMAIL' } ne '' && (! & General
:: validemail
( $cgiparams { 'ROOTCERT_EMAIL' }))) {
675 $errormessage = $Lang :: tr
{ 'invalid input for e-mail address' };
678 if ( length ( $cgiparams { 'ROOTCERT_EMAIL' }) > 40 ) {
679 $errormessage = $Lang :: tr
{ 'e-mail address too long' };
682 if ( $cgiparams { 'ROOTCERT_OU' } ne '' && $cgiparams { 'ROOTCERT_OU' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
683 $errormessage = $Lang :: tr
{ 'invalid input for department' };
686 if ( $cgiparams { 'ROOTCERT_CITY' } ne '' && $cgiparams { 'ROOTCERT_CITY' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
687 $errormessage = $Lang :: tr
{ 'invalid input for city' };
690 if ( $cgiparams { 'ROOTCERT_STATE' } ne '' && $cgiparams { 'ROOTCERT_STATE' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
691 $errormessage = $Lang :: tr
{ 'invalid input for state or province' };
694 if ( $cgiparams { 'ROOTCERT_COUNTRY' } !~ /^[A-Z]*$/ ) {
695 $errormessage = $Lang :: tr
{ 'invalid input for country' };
699 # Copy the cgisettings to vpnsettings and save the configfile
700 $vpnsettings { 'ROOTCERT_ORGANIZATION' } = $cgiparams { 'ROOTCERT_ORGANIZATION' };
701 $vpnsettings { 'ROOTCERT_HOSTNAME' } = $cgiparams { 'ROOTCERT_HOSTNAME' };
702 $vpnsettings { 'ROOTCERT_EMAIL' } = $cgiparams { 'ROOTCERT_EMAIL' };
703 $vpnsettings { 'ROOTCERT_OU' } = $cgiparams { 'ROOTCERT_OU' };
704 $vpnsettings { 'ROOTCERT_CITY' } = $cgiparams { 'ROOTCERT_CITY' };
705 $vpnsettings { 'ROOTCERT_STATE' } = $cgiparams { 'ROOTCERT_STATE' };
706 $vpnsettings { 'ROOTCERT_COUNTRY' } = $cgiparams { 'ROOTCERT_COUNTRY' };
707 & General
:: writehash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
709 # Replace empty strings with a .
710 ( my $ou = $cgiparams { 'ROOTCERT_OU' }) =~ s/^\s*$/\./ ;
711 ( my $city = $cgiparams { 'ROOTCERT_CITY' }) =~ s/^\s*$/\./ ;
712 ( my $state = $cgiparams { 'ROOTCERT_STATE' }) =~ s/^\s*$/\./ ;
715 #system ('/bin/touch', "${General::swroot}/ovpn/gencanow");
717 # Create the CA certificate
718 my $pid = open ( OPENSSL
, "|-" );
719 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto ROOTCERT_ERROR
;};
721 print OPENSSL
" $cgiparams {'ROOTCERT_COUNTRY'} \n " ;
722 print OPENSSL
" $state \n " ;
723 print OPENSSL
" $city \n " ;
724 print OPENSSL
" $cgiparams {'ROOTCERT_ORGANIZATION'} \n " ;
725 print OPENSSL
" $ou \n " ;
726 print OPENSSL
" $cgiparams {'ROOTCERT_ORGANIZATION'} CA \n " ;
727 print OPENSSL
" $cgiparams {'ROOTCERT_EMAIL'} \n " ;
730 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
731 unlink ( "${General::swroot}/ovpn/ca/cakey.pem" );
732 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
736 unless ( exec ( '/usr/bin/openssl' , 'req' , '-x509' , '-nodes' , '-rand' , '/proc/interrupts:/proc/net/rt_cache' ,
737 '-days' , '999999' , '-newkey' , 'rsa:2048' ,
738 '-keyout' , "${General::swroot}/ovpn/ca/cakey.pem" ,
739 '-out' , "${General::swroot}/ovpn/ca/cacert.pem" ,
740 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
741 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
746 # Create the Host certificate request
747 $pid = open ( OPENSSL
, "|-" );
748 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto ROOTCERT_ERROR
;};
750 print OPENSSL
" $cgiparams {'ROOTCERT_COUNTRY'} \n " ;
751 print OPENSSL
" $state \n " ;
752 print OPENSSL
" $city \n " ;
753 print OPENSSL
" $cgiparams {'ROOTCERT_ORGANIZATION'} \n " ;
754 print OPENSSL
" $ou \n " ;
755 print OPENSSL
" $cgiparams {'ROOTCERT_HOSTNAME'} \n " ;
756 print OPENSSL
" $cgiparams {'ROOTCERT_EMAIL'} \n " ;
761 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
762 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
763 unlink ( "${General::swroot}/ovpn/certs/serverreq.pem" );
767 unless ( exec ( '/usr/bin/openssl' , 'req' , '-nodes' , '-rand' , '/proc/interrupts:/proc/net/rt_cache' ,
768 '-newkey' , 'rsa:1024' ,
769 '-keyout' , "${General::swroot}/ovpn/certs/serverkey.pem" ,
770 '-out' , "${General::swroot}/ovpn/certs/serverreq.pem" ,
771 '-extensions' , 'server' ,
772 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
773 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
774 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
775 unlink ( "${General::swroot}/ovpn/certs/serverreq.pem" );
776 unlink ( "${General::swroot}/ovpn/ca/cakey.pem" );
777 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
782 # Sign the host certificate request
783 system ( '/usr/bin/openssl' , 'ca' , '-days' , '999999' ,
785 '-in' , "${General::swroot}/ovpn/certs/serverreq.pem" ,
786 '-out' , "${General::swroot}/ovpn/certs/servercert.pem" ,
787 '-extensions' , 'server' ,
788 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" );
790 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
791 unlink ( "${General::swroot}/ovpn/ca/cakey.pem" );
792 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
793 unlink ( "${General::swroot}/ovpn/serverkey.pem" );
794 unlink ( "${General::swroot}/ovpn/certs/serverreq.pem" );
795 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
796 & Ovpnfunc
:: newcleanssldatabase
();
799 unlink ( "${General::swroot}/ovpn/certs/serverreq.pem" );
800 & Ovpnfunc
:: deletebackupcert
();
803 # Create an empty CRL
804 system ( '/usr/bin/openssl' , 'ca' , '-gencrl' ,
805 '-out' , "${General::swroot}/ovpn/crls/cacrl.pem" ,
806 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" );
808 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
809 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
810 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
811 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
812 unlink ( "${General::swroot}/ovpn/crls/cacrl.pem" );
813 & Ovpnfunc
:: cleanssldatabase
();
816 # Create Diffie Hellmann Parameter
817 system ( '/usr/bin/openssl' , 'dhparam' , '-rand' , '/proc/interrupts:/proc/net/rt_cache' ,
818 '-out' , "${General::swroot}/ovpn/ca/dh1024.pem" ,
821 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
822 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
823 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
824 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
825 unlink ( "${General::swroot}/ovpn/crls/cacrl.pem" );
826 unlink ( "${General::swroot}/ovpn/ca/dh1024.pem" );
827 & Ovpnfunc
:: cleanssldatabase
();
830 goto ROOTCERT_SUCCESS
;
833 if ( $cgiparams { 'ACTION' } ne '' ) {
834 & Header
:: showhttpheaders
();
835 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
836 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
838 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
839 print "<class name='base'> $errormessage " ;
840 print " </class>" ;
843 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'generate root/host certificates'}:" );
845 <form method='post' enctype='multipart/form-data'>
846 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
847 <tr><td width='30%' class='base'> $Lang ::tr{'organization name'}:</td>
848 <td width='35%' class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_ORGANIZATION' value=' $cgiparams {'ROOTCERT_ORGANIZATION'}' size='32' /></td>
849 <td width='35%' colspan='2'> </td></tr>
850 <tr><td class='base'> $Lang ::tr{'ipfires hostname'}:</td>
851 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_HOSTNAME' value=' $cgiparams {'ROOTCERT_HOSTNAME'}' size='32' /></td>
852 <td colspan='2'> </td></tr>
853 <tr><td class='base'> $Lang ::tr{'your e-mail'}: <img src='/blob.gif' alt'*' /></td>
854 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_EMAIL' value=' $cgiparams {'ROOTCERT_EMAIL'}' size='32' /></td>
855 <td colspan='2'> </td></tr>
856 <tr><td class='base'> $Lang ::tr{'your department'}: <img src='/blob.gif' alt'*' /></td>
857 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_OU' value=' $cgiparams {'ROOTCERT_OU'}' size='32' /></td>
858 <td colspan='2'> </td></tr>
859 <tr><td class='base'> $Lang ::tr{'city'}: <img src='/blob.gif' alt'*' /></td>
860 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_CITY' value=' $cgiparams {'ROOTCERT_CITY'}' size='32' /></td>
861 <td colspan='2'> </td></tr>
862 <tr><td class='base'> $Lang ::tr{'state or province'}: <img src='/blob.gif' alt'*' /></td>
863 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_STATE' value=' $cgiparams {'ROOTCERT_STATE'}' size='32' /></td>
864 <td colspan='2'> </td></tr>
865 <tr><td class='base'> $Lang ::tr{'country'}:</td>
866 <td class='base'><select name='ROOTCERT_COUNTRY'>
870 foreach my $country ( sort keys %{ Countries
:: countries
}) {
871 print "<option value=' $Countries ::countries{ $country }'" ;
872 if ( $Countries :: countries
{ $country } eq $cgiparams { 'ROOTCERT_COUNTRY' } ) {
873 print " selected='selected'" ;
875 print "> $country </option>" ;
879 <td colspan='2'> </td></tr>
881 <td><input type='submit' name='ACTION' value=' $Lang ::tr{'generate root/host certificates'}' /></td>
882 <td> </td><td> </td></tr>
883 <tr><td class='base' colspan='4' align='left'>
884 <img src='/blob.gif' valign='top' alt='*' /> $Lang ::tr{'this field may be blank'}</td></tr>
885 <tr><td class='base' colspan='4' align='left'>
886 <b><font color='${Header::colourred}'> $Lang ::tr{'capswarning'}</font></b>:
887 $Lang ::tr{'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient'}
889 <tr><td colspan='4' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr>
890 <tr><td class='base' nowrap='nowrap'> $Lang ::tr{'upload p12 file'}:</td>
891 <td nowrap='nowrap'><input type='file' name='FH' size='32'></td>
892 <td colspan='2'> </td></tr>
893 <tr><td class='base'> $Lang ::tr{'pkcs12 file password'}: <img src='/blob.gif' alt='*' ></td>
894 <td class='base' nowrap='nowrap'><input type='password' name='P12_PASS' value=' $cgiparams {'P12_PASS'}' size='32' /></td>
895 <td colspan='2'> </td></tr>
897 <td><input type='submit' name='ACTION' value=' $Lang ::tr{'upload p12 file'}' /></td>
898 <td colspan='2'> </td></tr>
899 <tr><td class='base' colspan='4' align='left'>
900 <img src='/blob.gif' valign='top' al='*' > $Lang ::tr{'this field may be blank'}</td></tr>
906 & Header
:: closebigbox
();
907 & Header
:: closepage
();
912 system ( "chmod 600 ${General::swroot}/ovpn/certs/serverkey.pem" );
915 ### Enable/Disable connection
917 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'toggle enable disable' }) {
918 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
919 if ( $confighash { $cgiparams { 'KEY' }}) {
920 my $n2nactive = `/bin/ps ax|grep $confighash { $cgiparams {'KEY'}}[1].conf|grep -v grep|awk \' {print \ $1 } \' ` ;
921 if ( $confighash { $cgiparams { 'KEY' }}[ 0 ] eq 'off' ) {
922 $confighash { $cgiparams { 'KEY' }}[ 0 ] = 'on' ;
923 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
924 if ( $n2nactive eq '' ){
925 system ( '/usr/local/bin/openvpnctrl' , '-sn2n' , $confighash { $cgiparams { 'KEY' }}[ 1 ]);
927 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $n2nactive );
928 system ( '/usr/local/bin/openvpnctrl' , '-sn2n' , $confighash { $cgiparams { 'KEY' }}[ 1 ]);
931 $confighash { $cgiparams { 'KEY' }}[ 0 ] = 'off' ;
932 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
933 if ( $n2nactive ne '' ){
934 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $n2nactive );
938 $errormessage = $Lang :: tr
{ 'invalid key' };
942 ### Download OpenVPN client package
944 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'dl client arch' }) {
945 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
946 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
950 my $tempdir = tempdir
( CLEANUP
=> 1 );
951 my $zippath = " $tempdir /" ;
952 my $zipname = " $confighash { $cgiparams {'KEY'}}[1]-TO-IPFire.zip" ;
953 my $zippathname = " $zippath $zipname " ;
955 if ( $confighash { $cgiparams { 'KEY' }}[ 3 ] eq 'net' ){
956 $zerinaclient = 'true' ;
957 & Ovpnfunc
:: writenet2netconf
( $cgiparams { 'KEY' }, $zerinaclient );
960 $clientovpn = " $confighash { $cgiparams {'KEY'}}[1]-TO-IPFire.ovpn" ;
961 open ( CLIENTCONF
, "> $tempdir / $clientovpn " ) or die "Unable to open tempfile: $!" ;
964 my $zip = Archive
:: Zip
-> new ();
966 print CLIENTCONF
"#OpenVPN Server conf \r\n " ;
967 print CLIENTCONF
"tls-client \r\n " ;
968 print CLIENTCONF
"client \r\n " ;
969 print CLIENTCONF
"dev $vpnsettings {'DDEVICE'} \r\n " ;
970 print CLIENTCONF
"proto $vpnsettings {'DPROTOCOL'} \r\n " ;
971 print CLIENTCONF
" $vpnsettings {'DDEVICE'}-mtu $vpnsettings {'DMTU'} \r\n " ;
972 if ( $vpnsettings { 'ENABLED' } eq 'on' ){
973 print CLIENTCONF
"remote $vpnsettings {'VPN_IP'} $vpnsettings {'DDEST_PORT'} \r\n " ;
974 if ( $vpnsettings { 'ENABLED_BLUE' } eq 'on' && (& Ovpnfunc
:: haveBlueNet
())){
975 print CLIENTCONF
"#Coment the above line and uncoment the next line, if you want to connect on the Blue interface \r\n " ;
976 print CLIENTCONF
";remote $netsettings {'BLUE_ADDRESS'} $vpnsettings {'DDEST_PORT'} \r\n " ;
978 if ( $vpnsettings { 'ENABLED_ORANGE' } eq 'on' && (& Ovpnfunc
:: haveOrangeNet
())){
979 print CLIENTCONF
"#Coment the above line and uncoment the next line, if you want to connect on the Orange interface \r\n " ;
980 print CLIENTCONF
";remote $netsettings {'ORANGE_ADDRESS'} $vpnsettings {'DDEST_PORT'} \r\n " ;
982 } elsif ( $vpnsettings { 'ENABLED_BLUE' } eq 'on' && (& Ovpnfunc
:: haveBlueNet
())){
983 print CLIENTCONF
"remote $netsettings {'BLUE_ADDRESS'} $vpnsettings {'DDEST_PORT'} \r\n " ;
984 if ( $vpnsettings { 'ENABLED_ORANGE' } eq 'on' && (& Ovpnfunc
:: haveOrangeNet
())){
985 print CLIENTCONF
"#Coment the above line and uncoment the next line, if you want to connect on the Orange interface \r\n " ;
986 print CLIENTCONF
";remote $netsettings {'ORANGE_ADDRESS'} $vpnsettings {'DDEST_PORT'} \r\n " ;
988 } elsif ( $vpnsettings { 'ENABLED_ORANGE' } eq 'on' && (& Ovpnfunc
:: haveOrangeNet
())){
989 print CLIENTCONF
"remote $netsettings {'ORANGE_ADDRESS'} $vpnsettings {'DDEST_PORT'} \r\n " ;
992 if ( $confighash { $cgiparams { 'KEY' }}[ 4 ] eq 'cert' && - f
"${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1].p12" ) {
993 print CLIENTCONF
"pkcs12 $confighash { $cgiparams {'KEY'}}[1].p12 \r\n " ;
994 $zip -> addFile ( "${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1].p12" , " $confighash { $cgiparams {'KEY'}}[1].p12" ) or die "Can't add file $confighash { $cgiparams {'KEY'}}[1].p12 \n " ;
996 print CLIENTCONF
"ca cacert.pem \r\n " ;
997 print CLIENTCONF
"cert $confighash { $cgiparams {'KEY'}}[1]cert.pem \r\n " ;
998 print CLIENTCONF
"key $confighash { $cgiparams {'KEY'}}[1].key \r\n " ;
999 $zip -> addFile ( "${General::swroot}/ovpn/ca/cacert.pem" , "cacert.pem" ) or die "Can't add file cacert.pem \n " ;
1000 $zip -> addFile ( "${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem" , " $confighash { $cgiparams {'KEY'}}[1]cert.pem" ) or die "Can't add file $confighash { $cgiparams {'KEY'}}[1]cert.pem \n " ;
1002 print CLIENTCONF
"cipher $vpnsettings {DCIPHER} \r\n " ;
1003 if ( $vpnsettings { DCOMPLZO
} eq 'on' ) {
1004 print CLIENTCONF
"comp-lzo \r\n " ;
1006 print CLIENTCONF
"verb 3 \r\n " ;
1007 print CLIENTCONF
"ns-cert-type server \r\n " ;
1009 $zip -> addFile ( " $tempdir / $clientovpn " , $clientovpn ) or die "Can't add file $clientovpn \n " ;
1010 my $status = $zip -> writeToFileNamed ( $zippathname );
1012 open ( DLFILE
, "< $zippathname " ) or die "Unable to open $zippathname : $!" ;
1013 @fileholder = < DLFILE
>;
1014 print "Content-Type:application/x-download \n " ;
1015 print "Content-Disposition:attachment;filename= $zipname \n\n " ;
1020 ### Remove connection
1022 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'remove' }) {
1023 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
1024 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1025 if ( $confighash { $cgiparams { 'KEY' }}) {
1026 if ( $confighash { $cgiparams { 'KEY' }}[ 19 ] eq 'yes' ) {
1027 & Ovpnfunc
:: killconnection
( $cgiparams { 'KEY' });
1028 & Ovpnfunc
:: removenet2netconf
( $cgiparams { 'KEY' });
1029 delete $confighash { $cgiparams { 'KEY' }};
1030 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1032 my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf` ;
1033 unlink ( "${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem" );
1034 unlink ( "${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1].p12" );
1035 & Ovpnfunc
:: killconnection
( $cgiparams { 'KEY' });
1036 & Ovpnfunc
:: removenet2netconf
( $cgiparams { 'KEY' });
1037 delete $confighash { $cgiparams { 'KEY' }};
1038 my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf` ;
1039 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1042 $errormessage = $Lang :: tr
{ 'invalid key' };
1045 ### Download PKCS12 file
1047 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'download pkcs12 file' }) {
1048 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1050 print "Content-Disposition: filename=" . $confighash { $cgiparams { 'KEY' }}[ 1 ] . ".p12 \r\n " ;
1051 print "Content-Type: application/octet-stream \r\n\r\n " ;
1052 print `/bin/cat ${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1].p12` ;
1056 ### Display certificate
1058 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'show certificate' }) {
1059 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1061 if ( - f
"${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem" ) {
1062 & Header
:: showhttpheaders
();
1063 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
1064 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
1065 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'certificate'}:" );
1066 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem` ;
1067 $output = & Header
:: cleanhtml
( $output , "y" );
1068 print "<pre> $output </pre> \n " ;
1069 & Header
:: closebox
();
1070 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'> $Lang ::tr{'back'}</a></div>" ;
1071 & Header
:: closebigbox
();
1072 & Header
:: closepage
();
1076 ### Display Certificate Revoke List
1078 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'show crl' }) {
1079 if ( - f
"${General::swroot}/ovpn/crls/cacrl.pem" ) {
1080 & Header
:: showhttpheaders
();
1081 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
1082 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
1083 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'crl'}:" );
1084 my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem` ;
1085 $output = & Header
:: cleanhtml
( $output , "y" );
1086 print "<pre> $output </pre> \n " ;
1087 & Header
:: closebox
();
1088 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'> $Lang ::tr{'back'}</a></div>" ;
1089 & Header
:: closebigbox
();
1090 & Header
:: closepage
();
1095 ### Advanced Server Settings
1098 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'advanced server' }) {
1102 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%cgiparams );
1105 if ( $cgiparams { 'MAX_CLIENTS' } eq '' ) {
1106 $cgiparams { 'MAX_CLIENTS' } = '100' ;
1109 if ( $cgiparams { 'KEEPALIVE_1' } eq '' ) {
1110 $cgiparams { 'KEEPALIVE_1' } = '10' ;
1112 if ( $cgiparams { 'KEEPALIVE_2' } eq '' ) {
1113 $cgiparams { 'KEEPALIVE_2' } = '60' ;
1115 if ( $cgiparams { 'LOG_VERB' } eq '' ) {
1116 $cgiparams { 'LOG_VERB' } = '3' ;
1118 if ( $cgiparams { 'EXTENDED_NICE' } eq '' ) {
1119 $cgiparams { 'EXTENDED_NICE' } = '0' ;
1121 $checked { 'CLIENT2CLIENT' }{ 'off' } = '' ;
1122 $checked { 'CLIENT2CLIENT' }{ 'on' } = '' ;
1123 $checked { 'CLIENT2CLIENT' }{ $cgiparams { 'CLIENT2CLIENT' }} = 'CHECKED' ;
1124 $checked { 'REDIRECT_GW_DEF1' }{ 'off' } = '' ;
1125 $checked { 'REDIRECT_GW_DEF1' }{ 'on' } = '' ;
1126 $checked { 'REDIRECT_GW_DEF1' }{ $cgiparams { 'REDIRECT_GW_DEF1' }} = 'CHECKED' ;
1127 $selected { 'LOG_VERB' }{ '1' } = '' ;
1128 $selected { 'LOG_VERB' }{ '2' } = '' ;
1129 $selected { 'LOG_VERB' }{ '3' } = '' ;
1130 $selected { 'LOG_VERB' }{ '4' } = '' ;
1131 $selected { 'LOG_VERB' }{ '5' } = '' ;
1132 $selected { 'LOG_VERB' }{ '6' } = '' ;
1133 $selected { 'LOG_VERB' }{ '7' } = '' ;
1134 $selected { 'LOG_VERB' }{ '8' } = '' ;
1135 $selected { 'LOG_VERB' }{ '9' } = '' ;
1136 $selected { 'LOG_VERB' }{ '10' } = '' ;
1137 $selected { 'LOG_VERB' }{ '11' } = '' ;
1138 $selected { 'LOG_VERB' }{ '0' } = '' ;
1139 $selected { 'LOG_VERB' }{ $cgiparams { 'LOG_VERB' }} = 'SELECTED' ;
1141 #################################################################################
1142 # Added by Philipp Jenni #
1144 # Contact: philipp.jenni-at-gmx.ch #
1145 # Date: 2006-04-22 #
1146 # Description: Definitions to set the FASTIO Checkbox #
1147 # Definitions to set the MTUDISC Checkbox #
1148 # Definitions to set the NICE Selectionbox #
1149 #################################################################################
1150 $checked { 'EXTENDED_FASTIO' }{ 'off' } = '' ;
1151 $checked { 'EXTENDED_FASTIO' }{ 'on' } = '' ;
1152 $checked { 'EXTENDED_FASTIO' }{ $cgiparams { 'EXTENDED_FASTIO' }} = 'CHECKED' ;
1153 $checked { 'EXTENDED_MTUDISC' }{ 'off' } = '' ;
1154 $checked { 'EXTENDED_MTUDISC' }{ 'on' } = '' ;
1155 $checked { 'EXTENDED_MTUDISC' }{ $cgiparams { 'EXTENDED_MTUDISC' }} = 'CHECKED' ;
1156 $selected { 'EXTENDED_NICE' }{ '-13' } = '' ;
1157 $selected { 'EXTENDED_NICE' }{ '-10' } = '' ;
1158 $selected { 'EXTENDED_NICE' }{ '-7' } = '' ;
1159 $selected { 'EXTENDED_NICE' }{ '-3' } = '' ;
1160 $selected { 'EXTENDED_NICE' }{ '0' } = '' ;
1161 $selected { 'EXTENDED_NICE' }{ '3' } = '' ;
1162 $selected { 'EXTENDED_NICE' }{ '7' } = '' ;
1163 $selected { 'EXTENDED_NICE' }{ '10' } = '' ;
1164 $selected { 'EXTENDED_NICE' }{ '13' } = '' ;
1165 $selected { 'EXTENDED_NICE' }{ $cgiparams { 'EXTENDED_NICE' }} = 'SELECTED' ;
1166 #################################################################################
1167 # End of inserted Data #
1168 #################################################################################
1170 & Header
:: showhttpheaders
();
1171 & Header
:: openpage
( $Lang :: tr
{ 'status ovpn' }, 1 , '' );
1172 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
1173 if ( $errormessage ) {
1174 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
1175 print "<class name='base'> $errormessage \n " ;
1176 print " </class> \n " ;
1177 & Header
:: closebox
();
1179 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'advanced server' });
1181 <form method='post' enctype='multipart/form-data'>
1182 <table width='100%'>
1184 <td colspan='4'><b> $Lang ::tr{'dhcp-options'}</b></td>
1187 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1190 <td class='base'>Domain</td>
1191 <td><input type='TEXT' name='DHCP_DOMAIN' value=' $cgiparams {'DHCP_DOMAIN'}' size='30' /></td>
1194 <td class='base'>DNS</td>
1195 <td><input type='TEXT' name='DHCP_DNS' value=' $cgiparams {'DHCP_DNS'}' size='30' /></td>
1198 <td class='base'>WINS</td>
1199 <td><input type='TEXT' name='DHCP_WINS' value=' $cgiparams {'DHCP_WINS'}' size='30' /></td>
1203 <!-- Additional push route START-->
1204 <table width='100%'>
1206 <td colspan='4'><b> $Lang ::tr{'add-route'}</b></td>
1209 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1212 <td class='base'> $Lang ::tr{'subnet'} 1</td>
1213 <td><input type='TEXT' name='AD_ROUTE1' value=' $cgiparams {'AD_ROUTE1'}' size='30' /></td>
1216 <td class='base'> $Lang ::tr{'subnet'} 2</td>
1217 <td><input type='TEXT' name='AD_ROUTE2' value=' $cgiparams {'AD_ROUTE2'}' size='30' /></td>
1220 <td class='base'> $Lang ::tr{'subnet'} 3</td>
1221 <td><input type='TEXT' name='AD_ROUTE3' value=' $cgiparams {'AD_ROUTE3'}' size='30' /></td>
1225 <!-- Additional push route END -->
1226 < table width
= '100%' >
1228 < td
class 'base' >< b
> $Lang :: tr
{ 'misc-options' }< /b></ td
>
1231 < td width
= '25%' >< /td> <td width='20%'> </ td
>< td width
= '25%' > < /td><td width='30%'></ td
>
1234 < td
class = 'base' > Client
- To
- Client
</ td
>
1235 < td
>< input type
= 'checkbox' name
= 'CLIENT2CLIENT' $checked { 'CLIENT2CLIENT' }{ 'on' } /></ td
>
1238 < td
class = 'base' > Redirect
- Gateway def1
</ td
>
1239 < td
>< input type
= 'checkbox' name
= 'REDIRECT_GW_DEF1' $checked { 'REDIRECT_GW_DEF1' }{ 'on' } /></ td
>
1242 < td
class = 'base' > Max
- Clients
</ td
>
1243 < td
>< input type
= 'text' name
= 'MAX_CLIENTS' value
= ' $cgiparams {' MAX_CLIENTS
'}' size
= '30' /></ td
>
1245 < td
class = 'base' > Keppalive
( ping
/ping-restart)</ td
>
1246 < td
>< input type
= 'TEXT' name
= 'KEEPALIVE_1' value
= ' $cgiparams {' KEEPALIVE_1
'}' size
= '30' /></ td
>
1247 < td
>< input type
= 'TEXT' name
= 'KEEPALIVE_2' value
= ' $cgiparams {' KEEPALIVE_2
'}' size
= '30' /></ td
>
1251 #################################################################################
1252 # Added by Philipp Jenni #
1254 # Contact: philipp.jenni-at-gmx.ch #
1255 # Date: 2006-04-22 #
1256 # Description: Add the FAST-IO Checkbox to the HTML Form #
1257 # Add the NICE Selectionbox to the HTML Form #
1258 # Add the MTU-DISC Checkbox to the HTML Form #
1259 # Add the MSSFIX Textbox to the HTML Form #
1260 # Add the FRAMGMENT Textbox to the HTML Form #
1262 # 2006-04-27 Include Multilanguage-Support #
1263 #################################################################################
1267 < td
class = 'base' > $Lang :: tr
{ 'ovpn_processprio' }</ td
>
1269 < select name
= 'EXTENDED_NICE' >
1270 < option value
= '-13' $selected { 'EXTENDED_NICE' }{ '-13' }> $Lang :: tr
{ 'ovpn_processprioEH' }</ option
>
1271 < option value
= '-10' $selected { 'EXTENDED_NICE' }{ '-10' }> $Lang :: tr
{ 'ovpn_processprioVH' }</ option
>
1272 < option value
= '-7' $selected { 'EXTENDED_NICE' }{ '-7' }> $Lang :: tr
{ 'ovpn_processprioH' }</ option
>
1273 < option value
= '-3' $selected { 'EXTENDED_NICE' }{ '-3' }> $Lang :: tr
{ 'ovpn_processprioEN' }</ option
>
1274 < option value
= '0' $selected { 'EXTENDED_NICE' }{ '0' }> $Lang :: tr
{ 'ovpn_processprioN' }</ option
>
1275 < option value
= '3' $selected { 'EXTENDED_NICE' }{ '3' }> $Lang :: tr
{ 'ovpn_processprioLN' }</ option
>
1276 < option value
= '7' $selected { 'EXTENDED_NICE' }{ '7' }> $Lang :: tr
{ 'ovpn_processprioD' }</ option
>
1277 < option value
= '10' $selected { 'EXTENDED_NICE' }{ '10' }> $Lang :: tr
{ 'ovpn_processprioVD' }</ option
>
1278 < option value
= '13' $selected { 'EXTENDED_NICE' }{ '13' }> $Lang :: tr
{ 'ovpn_processprioED' }</ option
>
1283 < td
class = 'base' > $Lang :: tr
{ 'ovpn_fastio' }</ td
>
1285 < input type
= 'checkbox' name
= 'EXTENDED_FASTIO' $checked { 'EXTENDED_FASTIO' }{ 'on' } />
1289 < td
class = 'base' > $Lang :: tr
{ 'ovpn_mtudisc' }</ td
>
1291 < input type
= 'checkbox' name
= 'EXTENDED_MTUDISC' $checked { 'EXTENDED_MTUDISC' }{ 'on' } />
1295 < td
class = 'base' > $Lang :: tr
{ 'ovpn_mssfix' }</ td
>
1297 < input type
= 'TEXT' name
= 'EXTENDED_MSSFIX' value
= ' $cgiparams {' EXTENDED_MSSFIX
'}' size
= '30' />
1301 < td
class = 'base' > $Lang :: tr
{ 'ovpn_fragment' }</ td
>
1303 < input type
= 'TEXT' name
= 'EXTENDED_FRAGMENT' value
= ' $cgiparams {' EXTENDED_FRAGMENT
'}' size
= '30' />
1308 #################################################################################
1309 # End of Inserted Data #
1310 #################################################################################
1316 < table width
= '100%' >
1318 < td
class 'base' >< b
> $Lang :: tr
{ 'log-options' }< /b></ td
>
1321 < td width
= '25%' >< /td> <td width='20%'> </ td
>< td width
= '25%' > < /td><td width='30%'></ td
>
1324 < tr
>< td
class = 'base' > VERB
</ td
>
1325 < td
>< select name
= 'LOG_VERB' >< option value
= '1' $selected { 'LOG_VERB' }{ '1' }> 1 </ option
>
1326 < option value
= '2' $selected { 'LOG_VERB' }{ '2' }> 2 </ option
>
1327 < option value
= '3' $selected { 'LOG_VERB' }{ '3' }> 3 </ option
>
1328 < option value
= '4' $selected { 'LOG_VERB' }{ '4' }> 4 </ option
>
1329 < option value
= '5' $selected { 'LOG_VERB' }{ '5' }> 5 </ option
>
1330 < option value
= '6' $selected { 'LOG_VERB' }{ '6' }> 6 </ option
>
1331 < option value
= '7' $selected { 'LOG_VERB' }{ '7' }> 7 </ option
>
1332 < option value
= '8' $selected { 'LOG_VERB' }{ '8' }> 8 </ option
>
1333 < option value
= '9' $selected { 'LOG_VERB' }{ '9' }> 9 </ option
>
1334 < option value
= '10' $selected { 'LOG_VERB' }{ '10' }> 10 </ option
>
1335 < option value
= '11' $selected { 'LOG_VERB' }{ '11' }> 11 </ option
>
1336 < option value
= '0' $selected { 'LOG_VERB' }{ '0' }> 0 < /option></s elect
></ td
>
1338 #################################################################################
1339 # Added by Philipp Jenni #
1341 # Contact: philipp.jenni-at-gmx.ch #
1342 # Date: 2006-04-22 #
1343 # Description: Required </TR> Command from this Table #
1344 #################################################################################
1348 #################################################################################
1349 # End of Inserted Data #
1350 #################################################################################
1355 < table width
= '100%' >
1358 < td allign
= 'center' >< input type
= 'submit' name
= 'ACTION' value
= ' $Lang ::tr{' save
- adv
- options
'}' /></ td
>
1359 < td allign
= 'center' >< input type
= 'submit' name
= 'ACTION' value
= ' $Lang ::tr{' cancel
- adv
- options
'}' /></ td
>
1367 & Header
:: closebox
();
1368 & Header
:: closebigbox
();
1369 & Header
:: closepage
();
1373 ### Openvpn Connections Statistics
1375 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'ovpn con stat' }) {
1376 & Header
:: showhttpheaders
();
1377 & Header
:: openpage
( $Lang :: tr
{ 'ovpn con stat' }, 1 , '' );
1378 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
1379 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'ovpn con stat' });
1382 # <td><b>$Lang::tr{'protocol'}</b></td>
1383 # protocol temp removed
1385 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
1387 <td><b> $Lang ::tr{'common name'}</b></td>
1388 <td><b> $Lang ::tr{'real address'}</b></td>
1389 <td><b> $Lang ::tr{'virtual address'}</b></td>
1390 <td><b> $Lang ::tr{'loged in at'}</b></td>
1391 <td><b> $Lang ::tr{'bytes sent'}</b></td>
1392 <td><b> $Lang ::tr{'bytes received'}</b></td>
1393 <td><b> $Lang ::tr{'last activity'}</b></td>
1397 my $filename = "/var/log/ovpnserver.log" ;
1398 open ( FILE
, $filename ) or die 'Unable to open config file.' ;
1399 my @current = < FILE
>;
1408 my %userlookup = ();
1409 foreach my $line ( @current )
1412 if ( $line =~ /^Updated,(.+)/ ){
1413 @match = split ( /^Updated,(.+)/ , $line );
1414 $status = $match [ 1 ];
1416 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/ ) {
1417 @match = split ( m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/ , $line );
1418 if ( $match [ 1 ] ne "Common Name" ) {
1420 $userlookup { $match [ 2 ]} = $uid ;
1421 $users [ $uid ]{ 'CommonName' } = $match [ 1 ];
1422 $users [ $uid ]{ 'RealAddress' } = $match [ 2 ];
1423 $users [ $uid ]{ 'BytesReceived' } = & Ovpnfunc
:: sizeformat
( $match [ 3 ]);
1424 $users [ $uid ]{ 'BytesSent' } = & Ovpnfunc
:: sizeformat
( $match [ 4 ]);
1425 $users [ $uid ]{ 'Since' } = $match [ 5 ];
1426 $users [ $uid ]{ 'Proto' } = $proto ;
1430 if ( $line =~ /^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/ ) {
1431 @match = split ( m/^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/ , $line );
1432 if ( $match [ 1 ] ne "Virtual Address" ) {
1433 $address = $match [ 3 ];
1434 #find the uid in the lookup table
1435 $uid = $userlookup { $address };
1436 $users [ $uid ]{ 'VirtualAddress' } = $match [ 1 ];
1437 $users [ $uid ]{ 'LastRef' } = $match [ 4 ];
1443 for ( my $idx = 1 ; $idx <= $user2 ; $idx ++){
1445 print "<tr bgcolor='${Header::table1colour}'> \n " ;
1447 print "<tr bgcolor='${Header::table2colour}'> \n " ;
1449 print "<td align='left'> $users [ $idx -1]{'CommonName'}</td>" ;
1450 print "<td align='left'> $users [ $idx -1]{'RealAddress'}</td>" ;
1451 print "<td align='left'> $users [ $idx -1]{'VirtualAddress'}</td>" ;
1452 print "<td align='left'> $users [ $idx -1]{'Since'}</td>" ;
1453 print "<td align='left'> $users [ $idx -1]{'BytesSent'}</td>" ;
1454 print "<td align='left'> $users [ $idx -1]{'BytesReceived'}</td>" ;
1455 print "<td align='left'> $users [ $idx -1]{'LastRef'}</td>" ;
1456 # print "<td align='left'>$users[$idx-1]{'Proto'}</td>";
1462 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
1467 <tr><td align='center' > $Lang ::tr{'the statistics were last updated at'} <b> $status </b></td></tr>
1471 & Header
:: closebox
();
1472 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'> $Lang ::tr{'back'}</a></div>" ;
1473 & Header
:: closebigbox
();
1474 & Header
:: closepage
();
1478 ### Download Certificate
1480 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'download certificate' }) {
1481 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1482 if ( - f
"${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem" ) {
1483 print "Content-Disposition: filename=" . $confighash { $cgiparams { 'KEY' }}[ 1 ] . "cert.pem \r\n " ;
1484 print "Content-Type: application/octet-stream \r\n\r\n " ;
1485 print `/bin/cat ${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem` ;
1490 ### Restart connection
1492 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'restart' }) {
1493 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
1494 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1496 if ( $confighash { $cgiparams { 'KEY' }}) {
1498 $errormessage = $Lang :: tr
{ 'invalid key' };
1502 ### Choose between adding a host-net or net-net connection
1504 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'add' } && $cgiparams { 'TYPE' } eq '' ) {
1505 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
1506 & Header
:: showhttpheaders
();
1507 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
1508 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
1509 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'connection type' });
1511 <b> $Lang ::tr{'connection type'}:</b><br />
1512 <table><form method='post' enctype='multipart/form-data'>
1513 <tr><td><input type='radio' name='TYPE' value='host' checked /></td>
1514 <td class='base'> $Lang ::tr{'host to net vpn'}</td></tr>
1515 <tr><td><input type='radio' name='TYPE' value='net' /></td>
1516 <td class='base'> $Lang ::tr{'net to net vpn'}</td></tr>
1517 <tr><td><input type='radio' name='TYPE' value='zerinan2n' /></td>
1518 <td class='base'>upload a ZERINA Net-to-Net package</td>
1519 <td class='base'><input type='file' name='FH' size='30'></td></tr>
1520 <tr><td align='center'><input type='submit' name='ACTION' value=' $Lang ::tr{'add'}' /></td></tr>
1524 & Header
:: closebox
();
1525 & Header
:: closebigbox
();
1526 & Header
:: closepage
();
1530 ### uploading a ZERINA n2n connection package
1532 } elsif (( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'add' }) && ( $cgiparams { 'TYPE' } eq 'zerinan2n' )){
1535 my $uplconffilename = '' ;
1536 my $uplp12name = '' ;
1537 my $complzoactive = '' ;
1542 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1543 # Move uploaded ZERINA n2n package to a temporary file
1544 if ( ref ( $cgiparams { 'FH' }) ne 'Fh' ) {
1545 $errormessage = $Lang :: tr
{ 'there was no file upload' };
1548 # Move uploaded ca to a temporary file
1549 ( my $fh , my $filename ) = tempfile
( );
1550 if ( copy
( $cgiparams { 'FH' }, $fh ) != 1 ) {
1555 my $zip = Archive
:: Zip
-> new ();
1556 my $zipName = $filename ;
1557 my $status = $zip -> read ( $zipName );
1558 if ( $status != AZ_OK
) {
1559 $errormessage = "Read of $zipName failed \n " ;
1562 #my $tempdir = tempdir( CLEANUP => 1 );
1563 my $tempdir = tempdir
();
1564 my @files = $zip -> memberNames ();
1566 $zip -> extractMemberWithoutPaths ( $_ , " $tempdir / $_ " );
1568 my $countfiles = @files ;
1569 # see if we have 2 files
1570 if ( $countfiles == 2 ){
1572 if ( $_ =~ /.conf$/ ){
1573 $uplconffilename = $_ ;
1575 if ( $_ =~ /.p12$/ ){
1579 if (( $uplconffilename eq '' ) || ( $uplp12name eq '' )){
1580 $errormessage = "Either no *.conf or no *.p12 file found \n " ;
1583 open ( FILE
, " $tempdir / $uplconffilename " ) or die 'Unable to open*.conf file' ;
1584 @zerinaconf = < FILE
>;
1588 # only 2 files are allowed
1589 $errormessage = "Filecount does not match only 2 files are allowed \n " ;
1592 #prepare imported data not elegant, will be changed later
1593 my $ufuk = ( @zerinaconf );
1594 push ( @confdetails , substr ( $zerinaconf [ 0 ], 4 )); #dev tun 0
1595 push ( @confdetails , substr ( $zerinaconf [ 1 ], 8 )); #mtu value 1
1596 push ( @confdetails , substr ( $zerinaconf [ 2 ], 6 )); #protocol 2
1597 push ( @confdetails , substr ( $zerinaconf [ 3 ], 5 )); #port 3
1598 push ( @confdetails , substr ( $zerinaconf [ 4 ], 9 )); #ovpn subnet 4
1599 push ( @confdetails , substr ( $zerinaconf [ 5 ], 7 )); #remote ip 5
1600 push ( @confdetails , $zerinaconf [ 6 ]); #tls-server/tls-client 6
1601 push ( @confdetails , substr ( $zerinaconf [ 7 ], 7 )); #pkcs12 name 7
1602 push ( @confdetails , substr ( $zerinaconf [ $ufuk - 1 ], 1 )); #remote subnet 8
1603 push ( @confdetails , substr ( $zerinaconf [ 9 ], 10 )); #keepalive 9
1604 push ( @confdetails , substr ( $zerinaconf [ 10 ], 7 )); #cipher 10
1606 push ( @confdetails , $zerinaconf [ $ufuk - 3 ]); #complzo 11
1607 $complzoactive = "on" ;
1609 $complzoactive = "off" ;
1611 push ( @confdetails , substr ( $zerinaconf [ $ufuk - 2 ], 5 )); #verb 12
1612 push ( @confdetails , substr ( $zerinaconf [ 8 ], 6 )); #localsubnet 13
1613 #push(@confdetails, substr($uplconffilename,0,-5));#connection Name 14
1614 push ( @confdetails , substr ( $uplp12name , 0 ,- 4 )); #connection Name 14
1615 #chomp(@confdetails);
1616 foreach my $dkey ( keys %confighash ) { #Check if there is no other entry with this name
1617 if ( $confighash { $dkey }[ 1 ] eq $confdetails [ $ufuk ]) {
1618 $errormessage = $Lang :: tr
{ 'a connection with this name already exists' };
1622 if ( $confdetails [ $ufuk ] eq 'server' ) {
1623 $errormessage = $Lang :: tr
{ 'server reserved' };
1626 @rem_subnet2 = split ( / / , $confdetails [ 4 ]);
1627 @tmposupnet3 = split /\./ , $rem_subnet2 [ 0 ];
1628 $errormessage = & Ovpnfunc
:: ovelapplausi
( " $tmposupnet3 [0]. $tmposupnet3 [1]. $tmposupnet3 [2].0" , "255.255.255.0" );
1629 if ( $errormessage ne '' ){
1633 $key = & General
:: findhasharraykey
( \
%confighash );
1634 foreach my $i ( 0 .. 42 ) { $confighash { $key }[ $i ] = "" ;}
1635 $confighash { $key }[ 0 ] = 'off' ;
1636 $confighash { $key }[ 1 ] = $confdetails [ $ufuk ];
1637 #$confighash{$key}[2] = $confdetails[7];
1638 $confighash { $key }[ 2 ] = $confdetails [ $ufuk ];
1639 $confighash { $key }[ 3 ] = 'net' ;
1640 $confighash { $key }[ 4 ] = 'cert' ;
1641 $confighash { $key }[ 6 ] = 'client' ;
1642 $confighash { $key }[ 8 ] = $confdetails [ 8 ];
1643 @rem_subnet = split ( / / , $confdetails [ $ufuk - 1 ]);
1644 $confighash { $key }[ 11 ] = " $rem_subnet [0]/ $rem_subnet [1]" ;
1645 $confighash { $key }[ 10 ] = $confdetails [ 5 ];
1646 $confighash { $key }[ 25 ] = 'imported' ;
1647 $confighash { $key }[ 12 ] = 'red' ;
1648 my @tmposupnet = split ( / / , $confdetails [ 4 ]);
1649 my @tmposupnet2 = split /\./ , $tmposupnet [ 0 ];
1650 $confighash { $key }[ 13 ] = " $tmposupnet2 [0]. $tmposupnet2 [1]. $tmposupnet2 [2].0/255.255.255.0" ;
1651 $confighash { $key }[ 14 ] = $confdetails [ 2 ];
1652 $confighash { $key }[ 15 ] = $confdetails [ 3 ];
1653 $confighash { $key }[ 16 ] = $complzoactive ;
1654 $confighash { $key }[ 17 ] = $confdetails [ 1 ];
1655 $confighash { $key }[ 18 ] = '' ; # nn2nvpn_ip
1656 $confighash { $key }[ 19 ] = 'yes' ; # nn2nvpn_ip
1657 $cgiparams { 'KEY' } = $key ;
1658 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1659 mkdir ( "${General::swroot}/ovpn/n2nconf/ $confdetails [14]" , 0770 );
1660 move
( " $tempdir / $uplconffilename " , "${General::swroot}/ovpn/n2nconf/ $confdetails [14]/ $uplconffilename " );
1662 $errormessage = "*.conf move failed: $!" ;
1666 move
( " $tempdir / $uplp12name " , "${General::swroot}/ovpn/n2nconf/ $confdetails [14]/ $uplp12name " );
1668 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
1674 & Header
:: showhttpheaders
();
1675 & Header
:: openpage
( 'Validate imported configuration' , 1 , '' );
1676 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
1677 if ( $errormessage ) {
1678 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
1679 print "<class name='base'> $errormessage " ;
1680 print " </class>" ;
1681 & Header
:: closebox
();
1683 & Header
:: openbox
( '100%' , 'LEFT' , 'Validate imported configuration' );
1685 if ( $errormessage eq '' ){
1687 <!-- net2net config gui -->
1688 <tr><td width='25%'> </td>
1689 <td width='25%'> </td></tr>
1690 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'name'}:</td>
1691 <td><b> $confdetails [ $ufuk ]</b></td></tr>
1692 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'Act as'}</td>
1693 <td><b> $confdetails [6]</b></td>
1694 <td class='boldbase'> $Lang ::tr{'remote host/ip'}:</td>
1695 <td><b> $confdetails [5]</b></td></tr>
1696 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'local subnet'}</td>
1697 <td><b> $confighash { $key }[8]</b></td>
1698 <td class='boldbase' nowrap='nowrap'> $Lang ::tr{'remote subnet'}</td>
1699 <td><b> $confighash { $key }[11]</b></td></tr>
1700 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'ovpn subnet'}</td>
1701 <td><b> $confighash { $key }[ $ufuk -1]</b></td></tr>
1702 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'protocol'}</td>
1703 <td><b> $confdetails [2]</b></td>
1704 <td class='boldbase'> $Lang ::tr{'destination port'}:</td>
1705 <td><b> $confdetails [3]</b></td></tr>
1706 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'comp-lzo'}</td>
1707 <td><b> $complzoactive </b></td>
1708 <td class='boldbase'> $Lang ::tr{'cipher'}</td>
1709 <td><b> $confdetails [10]</b></td></tr>
1710 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'MTU'} <img src='/blob.gif' /></td>
1711 <td><b> $confdetails [1]</b></td></tr>
1715 & Header
:: closebox
();
1717 if ( $errormessage ) {
1718 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'> $Lang ::tr{'back'}</a></div>" ;
1720 print "<div align='center'><form method='post' enctype='multipart/form-data'><input type='submit' name='ACTION' value='Approved' />" ;
1721 print "<input type='hidden' name='TYPE' value='zerinan2n' />" ;
1722 print "<input type='hidden' name='KEY' value=' $cgiparams {'KEY'}' />" ;
1723 print "<input type='submit' name='ACTION' value='Discard' /></div></form>" ;
1725 & Header
:: closebigbox
();
1726 & Header
:: closepage
();
1730 ### Approve Zerina n2n
1732 } elsif (( $cgiparams { 'ACTION' } eq 'Approved' ) && ( $cgiparams { 'TYPE' } eq 'zerinan2n' )){
1733 & Ovpnfunc
:: writenet2netconf
( $cgiparams { 'KEY' }, $zerinaclient );
1735 ### Discard Zerina n2n
1737 } elsif (( $cgiparams { 'ACTION' } eq 'Discard' ) && ( $cgiparams { 'TYPE' } eq 'zerinan2n' )){
1738 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
1739 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1741 if ( $confighash { $cgiparams { 'KEY' }}) {
1742 & Ovpnfunc
:: removenet2netconf
();
1743 delete $confighash { $cgiparams { 'KEY' }};
1744 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1746 $errormessage = $Lang :: tr
{ 'invalid key' };
1749 ### Adding a new connection
1751 } elsif (( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'add' }) ||
1752 ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'edit' }) ||
1753 ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' } && $cgiparams { 'ADVANCED' } eq '' )) {
1755 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
1756 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
1757 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1759 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'edit' }) {
1760 if (! $confighash { $cgiparams { 'KEY' }}[ 0 ]) {
1761 $errormessage = $Lang :: tr
{ 'invalid key' };
1764 $cgiparams { 'ENABLED' } = $confighash { $cgiparams { 'KEY' }}[ 0 ];
1765 $cgiparams { 'NAME' } = $confighash { $cgiparams { 'KEY' }}[ 1 ];
1766 $cgiparams { 'TYPE' } = $confighash { $cgiparams { 'KEY' }}[ 3 ];
1767 $cgiparams { 'AUTH' } = $confighash { $cgiparams { 'KEY' }}[ 4 ];
1768 $cgiparams { 'PSK' } = $confighash { $cgiparams { 'KEY' }}[ 5 ];
1769 $cgiparams { 'SIDE' } = $confighash { $cgiparams { 'KEY' }}[ 6 ];
1770 $cgiparams { 'LOCAL_SUBNET' } = $confighash { $cgiparams { 'KEY' }}[ 8 ];
1771 $cgiparams { 'REMOTE' } = $confighash { $cgiparams { 'KEY' }}[ 10 ];
1772 $cgiparams { 'REMOTE_SUBNET' } = $confighash { $cgiparams { 'KEY' }}[ 11 ];
1773 $cgiparams { 'REMARK' } = $confighash { $cgiparams { 'KEY' }}[ 25 ];
1774 $cgiparams { 'INTERFACE' } = $confighash { $cgiparams { 'KEY' }}[ 12 ];
1775 $cgiparams { 'OVPN_SUBNET' } = $confighash { $cgiparams { 'KEY' }}[ 13 ]; #new fields
1776 $cgiparams { 'PROTOCOL' } = $confighash { $cgiparams { 'KEY' }}[ 14 ];
1777 $cgiparams { 'DEST_PORT' } = $confighash { $cgiparams { 'KEY' }}[ 15 ];
1778 $cgiparams { 'COMPLZO' } = $confighash { $cgiparams { 'KEY' }}[ 16 ];
1779 $cgiparams { 'MTU' } = $confighash { $cgiparams { 'KEY' }}[ 17 ];
1780 $cgiparams { 'N2NVPN_IP' } = $confighash { $cgiparams { 'KEY' }}[ 18 ]; #new fields
1781 $cgiparams { 'ZERINA_CLIENT' } = $confighash { $cgiparams { 'KEY' }}[ 19 ]; #new fields
1782 $cgiparams { 'CIPHER' } = $confighash { $cgiparams { 'KEY' }}[ 20 ]; #new fields
1783 if ( $cgiparams { 'ZERINA_CLIENT' } eq '' ){
1784 $cgiparams { 'ZERINA_CLIENT' } = 'no' ;
1786 #ab hiere error uebernehmen
1787 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' }) {
1788 $cgiparams { 'REMARK' } = & Header
:: cleanhtml
( $cgiparams { 'REMARK' });
1790 if ( $cgiparams { 'TYPE' } !~ /^(host|net)$/ ) {
1791 $errormessage = $Lang :: tr
{ 'connection type is invalid' };
1794 if ( $cgiparams { 'NAME' } !~ /^[a-zA-Z0-9]+$/ ) {
1795 $errormessage = $Lang :: tr
{ 'name must only contain characters' };
1798 if ( $cgiparams { 'NAME' } =~ /^(host|01|block|private|clear|packetdefault|server)$/ ) {
1799 $errormessage = $Lang :: tr
{ 'name is invalid' };
1802 if ( length ( $cgiparams { 'NAME' }) > 60 ) {
1803 $errormessage = $Lang :: tr
{ 'name too long' };
1806 if (! $cgiparams { 'KEY' }) { # Check if there is no other entry with this name
1807 foreach my $key ( keys %confighash ) {
1808 if ( $confighash { $key }[ 1 ] eq $cgiparams { 'NAME' }) {
1809 $errormessage = $Lang :: tr
{ 'a connection with this name already exists' };
1814 if (( $cgiparams { 'TYPE' } eq 'net' ) && (! $cgiparams { 'REMOTE' })) {
1815 $errormessage = $Lang :: tr
{ 'invalid input for remote host/ip' };
1818 if ( $cgiparams { 'REMOTE' }) {
1819 if (! & General
:: validip
( $cgiparams { 'REMOTE' })) {
1820 if (! & General
:: validfqdn
( $cgiparams { 'REMOTE' })) {
1821 $errormessage = $Lang :: tr
{ 'invalid input for remote host/ip' };
1824 if (& Ovpnfunc
:: valid_dns_host
( $cgiparams { 'REMOTE' })) {
1825 $warnmessage = " $Lang ::tr{'check vpn lr'} $cgiparams {'REMOTE'}. $Lang ::tr{'dns check failed'}" ;
1830 if ( $cgiparams { 'TYPE' } ne 'host' ) {
1831 unless (& General
:: validipandmask
( $cgiparams { 'LOCAL_SUBNET' })) {
1832 $errormessage = $Lang :: tr
{ 'local subnet is invalid' };
1837 my @tmpovpnsubnet = split ( "\/" , $cgiparams { 'LOCAL_SUBNET' });
1838 $tmpovpnsubnet [ 1 ] = & Ovpnfunc
:: cidrormask
( $tmpovpnsubnet [ 1 ]);
1839 $cgiparams { 'LOCAL_SUBNET' } = " $tmpovpnsubnet [0]/ $tmpovpnsubnet [1]" ; #convert from cidr
1841 if ( $cgiparams { 'REMOTE' } eq '' ) { # Check if there is no other entry without IP-address and PSK
1842 foreach my $key ( keys %confighash ) {
1843 if (( $cgiparams { 'KEY' } ne $key ) && ( $confighash { $key }[ 4 ] eq 'psk' || $cgiparams { 'AUTH' } eq 'psk' ) && $confighash { $key }[ 10 ] eq '' ) {
1844 $errormessage = $Lang :: tr
{ 'you can only define one roadwarrior connection when using pre-shared key authentication' };
1849 if (( $cgiparams { 'TYPE' } eq 'net' ) && (! & General
:: validipandmask
( $cgiparams { 'REMOTE_SUBNET' }))) {
1850 $errormessage = $Lang :: tr
{ 'remote subnet is invalid' };
1854 my @tmpovpnsubnet = split ( "\/" , $cgiparams { 'REMOTE_SUBNET' });
1855 $tmpovpnsubnet [ 1 ] = & Ovpnfunc
:: cidrormask
( $tmpovpnsubnet [ 1 ]);
1856 $cgiparams { 'REMOTE_SUBNET' } = " $tmpovpnsubnet [0]/ $tmpovpnsubnet [1]" ; #convert from cidr
1858 if ( $cgiparams { 'ENABLED' } !~ /^(on|off)$/ ) {
1859 $errormessage = $Lang :: tr
{ 'invalid input' };
1862 if ( $cgiparams { 'EDIT_ADVANCED' } !~ /^(on|off)$/ ) {
1863 $errormessage = $Lang :: tr
{ 'invalid input' };
1866 if ( $cgiparams { 'ENABLED' } eq 'on' ){
1867 $errormessage = & Ovpnfunc
:: disallowreserved
( $cgiparams { 'DEST_PORT' }, 0 , $cgiparams { 'PROTOCOL' }, "dest" );
1869 if ( $errormessage ) { goto VPNCONF_ERROR
; }
1871 if ( $cgiparams { 'ENABLED' } eq 'on' ){
1872 $errormessage = & Ovpnfunc
:: checkportfw
( 0 , $cgiparams { 'DEST_PORT' }, $cgiparams { 'PROTOCOL' }, '0.0.0.0' );
1874 if ( $errormessage ) { goto VPNCONF_ERROR
; }
1876 if ( $cgiparams { 'TYPE' } eq 'net' ) {
1877 if (! & General
:: validipandmask
( $cgiparams { 'OVPN_SUBNET' })) {
1878 $errormessage = $Lang :: tr
{ 'ovpn subnet is invalid' };
1882 my @tmpovpnsubnet = split ( "\/" , $cgiparams { 'OVPN_SUBNET' });
1883 $tmpovpnsubnet [ 1 ] = & Ovpnfunc
:: cidrormask
( $tmpovpnsubnet [ 1 ]);
1884 $cgiparams { 'OVPN_SUBNET' } = " $tmpovpnsubnet [0]/ $tmpovpnsubnet [1]" ; #convert from cidr
1887 $errormessage = & Ovpnfunc
:: ovelapplausi
( $tmpovpnsubnet [ 0 ], $tmpovpnsubnet [ 1 ]);
1889 if ( $errormessage ne '' ){
1892 if (( length ( $cgiparams { 'MTU' })== 0 ) || (( $cgiparams { 'MTU' }) < 1000 )) {
1893 $errormessage = $Lang :: tr
{ 'invalid mtu input' };
1896 unless (& General
:: validport
( $cgiparams { 'DEST_PORT' })) {
1897 $errormessage = $Lang :: tr
{ 'invalid port' };
1900 # check protcol/port overlap against existing connections gian
1901 foreach my $dkey ( keys %confighash ) { #Check if there is no other entry with this name
1902 if ( $dkey ne $cgiparams { 'KEY' }) {
1903 if ( $confighash { $dkey }[ 14 ] eq $cgiparams { 'PROTOCOL' } && $confighash { $dkey }[ 15 ] eq $cgiparams { 'DEST_PORT' }){
1904 #if ($confighash{$dkey}[14] eq 'on') {
1905 $errormessage = "Choosed Protocol/Port combination is already used by connection: $confighash { $dkey }[1]" ;
1908 # $warnmessage = "Choosed Protcol/Port combination is used by inactive connection: $confighash{$dkey}[1]";
1913 #check protcol/port overlap against RWserver gian
1914 if ( $vpnsettings { 'ENABLED' } eq 'on' ) {
1915 if ( $vpnsettings { 'DPROTOCOL' } eq $cgiparams { 'PROTOCOL' } && $vpnsettings { 'DDEST_PORT' } eq $cgiparams { 'DEST_PORT' }){
1916 $errormessage = "Choosed Protocol/Port combination is already used OpenVPN Roadwarrior Server" ;
1921 if ( $cgiparams { 'AUTH' } eq 'psk' ) {
1923 } elsif ( $cgiparams { 'AUTH' } eq 'certreq' ) {
1925 if ( $cgiparams { 'KEY' }) {
1926 $errormessage = $Lang :: tr
{ 'cant change certificates' };
1929 if ( ref ( $cgiparams { 'FH' }) ne 'Fh' ) {
1930 $errormessage = $Lang :: tr
{ 'there was no file upload' };
1933 ( my $fh , my $filename ) = tempfile
( ); # Move uploaded certificate request to a temporary file
1934 if ( copy
( $cgiparams { 'FH' }, $fh ) != 1 ) {
1938 # Sign the certificate request and move it
1939 # Sign the host certificate request
1940 system ( '/usr/bin/openssl' , 'ca' , '-days' , '999999' ,
1941 '-batch' , '-notext' ,
1943 '-out' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" ,
1944 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" );
1946 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
1948 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" );
1949 & Ovpnfunc
:: newcleanssldatabase
();
1953 & Ovpnfunc
:: deletebackupcert
();
1955 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem` ;
1956 $temp =~ /Subject:.*CN=(.*)[\n]/ ;
1958 $temp =~ s
+/ Email
+, E
+;
1959 $temp =~ s/ ST=/ S=/ ;
1960 $cgiparams { 'CERT_NAME' } = $temp ;
1961 $cgiparams { 'CERT_NAME' } =~ s/,//g ;
1962 $cgiparams { 'CERT_NAME' } =~ s/\'//g ;
1963 if ( $cgiparams { 'CERT_NAME' } eq '' ) {
1964 $errormessage = $Lang :: tr
{ 'could not retrieve common name from certificate' };
1967 } elsif ( $cgiparams { 'AUTH' } eq 'certfile' ) {
1968 if ( $cgiparams { 'KEY' }) {
1969 $errormessage = $Lang :: tr
{ 'cant change certificates' };
1972 if ( ref ( $cgiparams { 'FH' }) ne 'Fh' ) {
1973 $errormessage = $Lang :: tr
{ 'there was no file upload' };
1976 ( my $fh , my $filename ) = tempfile
( ); # Move uploaded certificate to a temporary file
1977 if ( copy
( $cgiparams { 'FH' }, $fh ) != 1 ) {
1981 my $validca = 0 ; # Verify the certificate has a valid CA and move it
1982 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/cacert.pem $filename ` ;
1983 if ( $test =~ /: OK/ ) {
1986 foreach my $key ( keys %cahash ) {
1987 $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/ $cahash { $key }[0]cert.pem $filename ` ;
1988 if ( $test =~ /: OK/ ) {
1994 $errormessage = $Lang :: tr
{ 'certificate does not have a valid ca associated with it' };
1998 move
( $filename , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" );
2000 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
2005 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem` ;
2006 $temp =~ /Subject:.*CN=(.*)[\n]/ ;
2008 $temp =~ s
+/ Email
+, E
+;
2009 $temp =~ s/ ST=/ S=/ ;
2010 $cgiparams { 'CERT_NAME' } = $temp ;
2011 $cgiparams { 'CERT_NAME' } =~ s/,//g ;
2012 $cgiparams { 'CERT_NAME' } =~ s/\'//g ;
2013 if ( $cgiparams { 'CERT_NAME' } eq '' ) {
2014 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" );
2015 $errormessage = $Lang :: tr
{ 'could not retrieve common name from certificate' };
2018 } elsif ( $cgiparams { 'AUTH' } eq 'certgen' ){
2019 if ( $cgiparams { 'KEY' }) {
2020 $errormessage = $Lang :: tr
{ 'cant change certificates' };
2023 if ( length ( $cgiparams { 'CERT_NAME' }) > 60 ) { # Validate input since the form was submitted
2024 $errormessage = $Lang :: tr
{ 'name too long' };
2027 if ( $cgiparams { 'CERT_NAME' } !~ /^[a-zA-Z0-9 ,\.\-_]+$/ ) {
2028 $errormessage = $Lang :: tr
{ 'invalid input for name' };
2031 if ( $cgiparams { 'CERT_EMAIL' } ne '' && (! & General
:: validemail
( $cgiparams { 'CERT_EMAIL' }))) {
2032 $errormessage = $Lang :: tr
{ 'invalid input for e-mail address' };
2035 if ( length ( $cgiparams { 'CERT_EMAIL' }) > 40 ) {
2036 $errormessage = $Lang :: tr
{ 'e-mail address too long' };
2039 if ( $cgiparams { 'CERT_OU' } ne '' && $cgiparams { 'CERT_OU' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
2040 $errormessage = $Lang :: tr
{ 'invalid input for department' };
2043 if ( length ( $cgiparams { 'CERT_ORGANIZATION' }) > 60 ) {
2044 $errormessage = $Lang :: tr
{ 'organization too long' };
2047 if ( $cgiparams { 'CERT_ORGANIZATION' } !~ /^[a-zA-Z0-9 ,\.\-_]+$/ ) {
2048 $errormessage = $Lang :: tr
{ 'invalid input for organization' };
2051 if ( $cgiparams { 'CERT_CITY' } ne '' && $cgiparams { 'CERT_CITY' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
2052 $errormessage = $Lang :: tr
{ 'invalid input for city' };
2055 if ( $cgiparams { 'CERT_STATE' } ne '' && $cgiparams { 'CERT_STATE' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
2056 $errormessage = $Lang :: tr
{ 'invalid input for state or province' };
2059 if ( $cgiparams { 'CERT_COUNTRY' } !~ /^[A-Z]*$/ ) {
2060 $errormessage = $Lang :: tr
{ 'invalid input for country' };
2063 if ( $cgiparams { 'CERT_PASS1' } ne '' && $cgiparams { 'CERT_PASS2' } ne '' ){
2064 if ( length ( $cgiparams { 'CERT_PASS1' }) < 5 ) {
2065 $errormessage = $Lang :: tr
{ 'password too short' };
2069 if ( $cgiparams { 'CERT_PASS1' } ne $cgiparams { 'CERT_PASS2' }) {
2070 $errormessage = $Lang :: tr
{ 'passwords do not match' };
2073 ( my $ou = $cgiparams { 'CERT_OU' }) =~ s/^\s*$/\./ ; # Replace empty strings with a .
2074 ( my $city = $cgiparams { 'CERT_CITY' }) =~ s/^\s*$/\./ ;
2075 ( my $state = $cgiparams { 'CERT_STATE' }) =~ s/^\s*$/\./ ;
2076 my $pid = open ( OPENSSL
, "|-" ); # Create the Host certificate request client
2077 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto VPNCONF_ERROR
;};
2078 if ( $pid ) { # parent
2079 print OPENSSL
" $cgiparams {'CERT_COUNTRY'} \n " ;
2080 print OPENSSL
" $state \n " ;
2081 print OPENSSL
" $city \n " ;
2082 print OPENSSL
" $cgiparams {'CERT_ORGANIZATION'} \n " ;
2083 print OPENSSL
" $ou \n " ;
2084 print OPENSSL
" $cgiparams {'CERT_NAME'} \n " ;
2085 print OPENSSL
" $cgiparams {'CERT_EMAIL'} \n " ;
2086 print OPENSSL
". \n " ;
2087 print OPENSSL
". \n " ;
2090 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
2091 unlink ( "${General::swroot}ovpn/certs/ $cgiparams {'NAME'}key.pem" );
2092 unlink ( "${General::swroot}ovpn/certs/ $cgiparams {'NAME'}req.pem" );
2096 unless ( exec ( '/usr/bin/openssl' , 'req' , '-nodes' , '-rand' , '/proc/interrupts:/proc/net/rt_cache' ,
2097 '-newkey' , 'rsa:1024' ,
2098 '-keyout' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" ,
2099 '-out' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}req.pem" ,
2100 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
2101 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
2102 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" );
2103 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}req.pem" );
2107 # Sign the host certificate request
2108 system ( '/usr/bin/openssl' , 'ca' , '-days' , '999999' ,
2109 '-batch' , '-notext' ,
2110 '-in' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}req.pem" ,
2111 '-out' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" ,
2112 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" );
2114 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
2115 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" );
2116 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}req.pem" );
2117 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" );
2118 & Ovpnfunc
:: newcleanssldatabase
();
2121 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}req.pem" );
2122 & Ovpnfunc
:: deletebackupcert
();
2124 # Create the pkcs12 file
2125 system ( '/usr/bin/openssl' , 'pkcs12' , '-export' ,
2126 '-inkey' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" ,
2127 '-in' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" ,
2128 '-name' , $cgiparams { 'NAME' },
2129 '-passout' , "pass: $cgiparams {'CERT_PASS1'}" ,
2130 '-certfile' , "${General::swroot}/ovpn/ca/cacert.pem" ,
2131 '-caname' , " $vpnsettings {'ROOTCERT_ORGANIZATION'} CA" ,
2132 '-out' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}.p12" );
2134 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
2135 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" );
2136 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" );
2137 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}.p12" );
2140 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" );
2142 } elsif ( $cgiparams { 'AUTH' } eq 'cert' ) {
2143 ; # Nothing, just editing
2145 $errormessage = $Lang :: tr
{ 'invalid input for authentication method' };
2148 if ((! $cgiparams { 'KEY' }) && ( $cgiparams { 'AUTH' } ne 'psk' )) { # Check if there is no other entry with this common name
2149 foreach my $key ( keys %confighash ) {
2150 if ( $confighash { $key }[ 2 ] eq $cgiparams { 'CERT_NAME' }) {
2151 $errormessage = $Lang :: tr
{ 'a connection with this common name already exists' };
2157 my $key = $cgiparams { 'KEY' }; # Save the config
2159 $key = & General
:: findhasharraykey
( \
%confighash );
2160 foreach my $i ( 0 .. 42 ) { $confighash { $key }[ $i ] = "" ;}
2162 $confighash { $key }[ 0 ] = $cgiparams { 'ENABLED' };
2163 $confighash { $key }[ 1 ] = $cgiparams { 'NAME' };
2164 if ((! $cgiparams { 'KEY' }) && $cgiparams { 'AUTH' } ne 'psk' ) {
2165 $confighash { $key }[ 2 ] = $cgiparams { 'CERT_NAME' };
2167 $confighash { $key }[ 3 ] = $cgiparams { 'TYPE' };
2168 if ( $cgiparams { 'AUTH' } eq 'psk' ) {
2169 $confighash { $key }[ 4 ] = 'psk' ;
2170 $confighash { $key }[ 5 ] = $cgiparams { 'PSK' };
2172 $confighash { $key }[ 4 ] = 'cert' ;
2174 if ( $cgiparams { 'TYPE' } eq 'net' ) {
2175 $confighash { $key }[ 6 ] = $cgiparams { 'SIDE' };
2176 $confighash { $key }[ 11 ] = $cgiparams { 'REMOTE_SUBNET' };
2177 if ( $cgiparams { 'SIDE' } eq 'client' ) {
2178 $confighash { $key }[ 19 ] = 'yes' ;
2180 $confighash { $key }[ 19 ] = 'no' ;
2183 $confighash { $key }[ 8 ] = $cgiparams { 'LOCAL_SUBNET' };
2184 $confighash { $key }[ 10 ] = $cgiparams { 'REMOTE' };
2185 $confighash { $key }[ 25 ] = $cgiparams { 'REMARK' };
2186 $confighash { $key }[ 12 ] = $cgiparams { 'INTERFACE' };
2187 $confighash { $key }[ 13 ] = $cgiparams { 'OVPN_SUBNET' }; # new fields
2188 $confighash { $key }[ 14 ] = $cgiparams { 'PROTOCOL' };
2189 $confighash { $key }[ 15 ] = $cgiparams { 'DEST_PORT' };
2190 $confighash { $key }[ 16 ] = $cgiparams { 'COMPLZO' };
2191 $confighash { $key }[ 17 ] = $cgiparams { 'MTU' };
2192 $confighash { $key }[ 18 ] = $cgiparams { 'N2NVPN_IP' }; # new fileds
2193 $confighash { $key }[ 19 ] = $cgiparams { 'ZERINA_CLIENT' }; # new fileds
2194 $confighash { $key }[ 20 ] = $cgiparams { 'CIPHER' };
2196 #default n2n advanced
2197 $confighash { $key }[ 26 ] = '10' ; #keepalive ping
2198 $confighash { $key }[ 27 ] = '60' ; #keepalive restart
2199 $confighash { $key }[ 28 ] = '0' ; #nice
2200 $confighash { $key }[ 42 ] = '3' ; #verb
2201 #default n2n advanced
2202 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
2203 & Ovpnfunc
:: writenet2netconf
( $key , $zerinaclient );
2205 my $n2nactive = `/bin/ps ax|grep $cgiparams {'NAME'}.conf|grep -v grep|awk \' {print \ $1 } \' ` ;
2206 if ( $cgiparams { 'ENABLED' }) {
2207 if ( $n2nactive eq '' ){
2208 system ( '/usr/local/bin/openvpnctrl' , '-sn2n' , $cgiparams { 'NAME' });
2210 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $n2nactive );
2211 system ( '/usr/local/bin/openvpnctrl' , '-sn2n' , $cgiparams { 'NAME' });
2214 if ( $n2nactive ne '' ){
2215 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $cgiparams { 'NAME' });
2218 if ( $cgiparams { 'EDIT_ADVANCED' } eq 'on' ) {
2219 $cgiparams { 'KEY' } = $key ;
2220 $cgiparams { 'ACTION' } = $Lang :: tr
{ 'advanced' };
2224 $cgiparams { 'ENABLED' } = 'on' ;
2225 if ( $cgiparams { 'ZERINA_CLIENT' } eq '' ){
2226 $cgiparams { 'ZERINA_CLIENT' } = 'no' ;
2228 if ( ! - f
"${General::swroot}/ovpn/ca/cakey.pem" ) {
2229 $cgiparams { 'AUTH' } = 'psk' ;
2230 } elsif ( ! - f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
2231 $cgiparams { 'AUTH' } = 'certfile' ;
2233 $cgiparams { 'AUTH' } = 'certgen' ;
2235 $cgiparams { 'LOCAL_SUBNET' } = " $netsettings {'GREEN_NETADDRESS'}/ $netsettings {'GREEN_NETMASK'}" ;
2236 $cgiparams { 'CERT_ORGANIZATION' } = $vpnsettings { 'ROOTCERT_ORGANIZATION' };
2237 $cgiparams { 'CERT_CITY' } = $vpnsettings { 'ROOTCERT_CITY' };
2238 $cgiparams { 'CERT_STATE' } = $vpnsettings { 'ROOTCERT_STATE' };
2239 $cgiparams { 'CERT_COUNTRY' } = $vpnsettings { 'ROOTCERT_COUNTRY' };
2242 # n2n default settings
2243 if ( $cgiparams { 'CIPHER' } eq '' ) {
2244 $cgiparams { 'CIPHER' } = 'BF-CBC' ;
2246 if ( $cgiparams { 'MTU' } eq '' ) {
2247 $cgiparams { 'MTU' } = '1400' ;
2249 if ( $cgiparams { 'OVPN_SUBNET' } eq '' ) {
2250 $cgiparams { 'OVPN_SUBNET' } = '10.' . int ( rand ( 256 )) . '.' . int ( rand ( 256 )) . '.0/255.255.255.0' ;
2252 #n2n default settings
2253 $checked { 'ENABLED' }{ 'off' } = '' ;
2254 $checked { 'ENABLED' }{ 'on' } = '' ;
2255 $checked { 'ENABLED' }{ $cgiparams { 'ENABLED' }} = 'CHECKED' ;
2256 $checked { 'ENABLED_BLUE' }{ 'off' } = '' ;
2257 $checked { 'ENABLED_BLUE' }{ 'on' } = '' ;
2258 $checked { 'ENABLED_BLUE' }{ $cgiparams { 'ENABLED_BLUE' }} = 'CHECKED' ;
2259 $checked { 'ENABLED_ORANGE' }{ 'off' } = '' ;
2260 $checked { 'ENABLED_ORANGE' }{ 'on' } = '' ;
2261 $checked { 'ENABLED_ORANGE' }{ $cgiparams { 'ENABLED_ORANGE' }} = 'CHECKED' ;
2262 $checked { 'EDIT_ADVANCED' }{ 'off' } = '' ;
2263 $checked { 'EDIT_ADVANCED' }{ 'on' } = '' ;
2264 $checked { 'EDIT_ADVANCED' }{ $cgiparams { 'EDIT_ADVANCED' }} = 'CHECKED' ;
2265 $selected { 'SIDE' }{ 'server' } = '' ;
2266 $selected { 'SIDE' }{ 'client' } = '' ;
2267 $selected { 'SIDE' }{ $cgiparams { 'SIDE' }} = 'SELECTED' ;
2269 # $selected{'DDEVICE'}{'tun'} = '';
2270 # $selected{'DDEVICE'}{'tap'} = '';
2271 # $selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED';
2273 $selected { 'PROTOCOL' }{ 'udp' } = '' ;
2274 $selected { 'PROTOCOL' }{ 'tcp' } = '' ;
2275 $selected { 'PROTOCOL' }{ $cgiparams { 'PROTOCOL' }} = 'SELECTED' ;
2277 $checked { 'AUTH' }{ 'psk' } = '' ;
2278 $checked { 'AUTH' }{ 'certreq' } = '' ;
2279 $checked { 'AUTH' }{ 'certgen' } = '' ;
2280 $checked { 'AUTH' }{ 'certfile' } = '' ;
2281 $checked { 'AUTH' }{ $cgiparams { 'AUTH' }} = 'CHECKED' ;
2282 $selected { 'INTERFACE' }{ $cgiparams { 'INTERFACE' }} = 'SELECTED' ;
2283 $checked { 'COMPLZO' }{ 'off' } = '' ;
2284 $checked { 'COMPLZO' }{ 'on' } = '' ;
2285 $checked { 'COMPLZO' }{ $cgiparams { 'COMPLZO' }} = 'CHECKED' ;
2286 $selected { 'CIPHER' }{ 'DES-CBC' } = '' ;
2287 $selected { 'CIPHER' }{ 'DES-EDE-CBC' } = '' ;
2288 $selected { 'CIPHER' }{ 'DES-EDE3-CBC' } = '' ;
2289 $selected { 'CIPHER' }{ 'DESX-CBC' } = '' ;
2290 $selected { 'CIPHER' }{ 'RC2-CBC' } = '' ;
2291 $selected { 'CIPHER' }{ 'RC2-40-CBC' } = '' ;
2292 $selected { 'CIPHER' }{ 'RC2-64-CBC' } = '' ;
2293 $selected { 'CIPHER' }{ 'BF-CBC' } = '' ;
2294 $selected { 'CIPHER' }{ 'CAST5-CBC' } = '' ;
2295 $selected { 'CIPHER' }{ 'AES-128-CBC' } = '' ;
2296 $selected { 'CIPHER' }{ 'AES-192-CBC' } = '' ;
2297 $selected { 'CIPHER' }{ 'AES-256-CBC' } = '' ;
2298 $selected { 'CIPHER' }{ $cgiparams { 'CIPHER' }} = 'SELECTED' ;
2301 & Header
:: showhttpheaders
();
2302 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
2303 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
2304 if ( $errormessage ) {
2305 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
2306 print "<class name='base'> $errormessage " ;
2307 print " </class>" ;
2308 & Header
:: closebox
();
2311 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'warning messages'}:" );
2312 print "<class name='base'> $warnmessage " ;
2313 print " </class>" ;
2314 & Header
:: closebox
();
2316 print "<form method='post' enctype='multipart/form-data'>" ;
2317 print "<input type='hidden' name='TYPE' value=' $cgiparams {'TYPE'}' />" ;
2318 print "<input type='hidden' name='ZERINA_CLIENT' value=' $cgiparams {'ZERINA_CLIENT'}' />" ;
2319 if ( $cgiparams { 'KEY' }) {
2320 print "<input type='hidden' name='KEY' value=' $cgiparams {'KEY'}' />" ;
2321 print "<input type='hidden' name='AUTH' value=' $cgiparams {'AUTH'}' />" ;
2322 print "<input type='hidden' name='ZERINA_CLIENT' value=' $cgiparams {'ZERINA_CLIENT'}' />" ;
2324 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'connection'}:" );
2325 print "<table width='100%'> \n " ;
2326 print "<tr><td width='25%' class='boldbase'> $Lang ::tr{'name'}:</td>" ;
2327 if ( $cgiparams { 'TYPE' } eq 'host' ) {
2328 if ( $cgiparams { 'KEY' }) {
2329 print "<td width='35%' class='base'><input type='hidden' name='NAME' value=' $cgiparams {'NAME'}' /> $cgiparams {'NAME'}</td> \n " ;
2331 print "<td width='35%'><input type='text' name='NAME' value=' $cgiparams {'NAME'}' maxlength='20' size='30' /></td>" ;
2334 print "<input type='hidden' name='INTERFACE' value='red' />" ;
2335 if ( $cgiparams { 'KEY' }) {
2336 print "<td width='25%' class='base' nowrap='nowrap'><input type='hidden' name='NAME' value=' $cgiparams {'NAME'}' /> $cgiparams {'NAME'}</td>" ;
2338 print "<td width='25%'><input type='text' name='NAME' value=' $cgiparams {'NAME'}' maxlength='20' /></td>" ;
2340 print "<!-- net2net config gui -->" ;
2341 print "<td width='25%'> </td>" ;
2342 print "<td width='25%'> </td></tr>" ;
2343 if ((( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'edit' }) && ( $cgiparams { 'ZERINA_CLIENT' } eq 'no' )) ||
2344 (( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' }) && ( $cgiparams { 'ZERINA_CLIENT' } eq 'no' )) ||
2345 (( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'add' }) && ( $cgiparams { 'ZERINA_CLIENT' } eq 'no' ))) {
2346 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'Act as'}</td>" ;
2347 print "<td><select name='SIDE'><option value='server' $selected {'SIDE'}{'server'}>OpenVPN Server</option>" ;
2348 print "<option value='client' $selected {'SIDE'}{'client'}>OpenVPN Client</option></select></td>" ;
2349 print "<tr><td class='base' nowrap='nowrap'> $Lang ::tr{'local vpn hostname/ip'}:</td>" ;
2350 print "<td><input type='text' name='N2NVPN_IP' value=' $cgiparams {'N2NVPN_IP'}' size='30' /></td>" ;
2351 print "<td class='boldbase'> $Lang ::tr{'remote host/ip'}:</td>" ;
2353 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'Act as'}</td>" ;
2354 print "<td> $cgiparams {'SIDE'}</td><input type='hidden' name='SIDE' value=' $cgiparams {'SIDE'}' />" ;
2355 print "<td class='boldbase'> $Lang ::tr{'remote host/ip'}:</td>" ;
2357 print "<td><input type='TEXT' name='REMOTE' value=' $cgiparams {'REMOTE'}' /></td></tr>" ;
2358 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'local subnet'}</td>" ;
2359 print "<td><input type='TEXT' name='LOCAL_SUBNET' value=' $cgiparams {'LOCAL_SUBNET'}' /></td>" ;
2360 print "<td class='boldbase' nowrap='nowrap'> $Lang ::tr{'remote subnet'}</td>" ;
2361 print "<td><input type='text' name='REMOTE_SUBNET' value=' $cgiparams {'REMOTE_SUBNET'}' /></td></tr>" ;
2362 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'ovpn subnet'}</td>" ;
2363 print "<td><input type='TEXT' name='OVPN_SUBNET' value=' $cgiparams {'OVPN_SUBNET'}' /></td></tr>" ;
2364 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'protocol'}</td>" ;
2365 print "<td><select name='PROTOCOL'><option value='udp' $selected {'PROTOCOL'}{'udp'}>UDP</option>" ;
2366 print "<option value='tcp' $selected {'PROTOCOL'}{'tcp'}>TCP</option></select></td>" ;
2367 print "<td class='boldbase'> $Lang ::tr{'destination port'}:</td>" ;
2368 print "<td><input type='TEXT' name='DEST_PORT' value=' $cgiparams {'DEST_PORT'}' size='5' /></td></tr>" ;
2369 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'comp-lzo'}</td>" ;
2370 print "<td><input type='checkbox' name='COMPLZO' $checked {'COMPLZO'}{'on'} /></td>" ;
2371 print "<td class='boldbase' nowrap='nowrap'> $Lang ::tr{'cipher'}</td>" ;
2372 print "<td><select name='CIPHER'><option value='DES-CBC' $selected {'CIPHER'}{'DES-CBC'}>DES-CBC</option>" ;
2373 print "<option value='DES-EDE-CBC' $selected {'CIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC</option>" ;
2374 print "<option value='DES-EDE3-CBC' $selected {'CIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC</option>" ;
2375 print "<option value='DESX-CBC' $selected {'CIPHER'}{'DESX-CBC'}>DESX-CBC</option>" ;
2376 print "<option value='RC2-CBC' $selected {'CIPHER'}{'RC2-CBC'}>RC2-CBC</option>" ;
2377 print "<option value='RC2-40-CBC' $selected {'CIPHER'}{'RC2-40-CBC'}>RC2-40-CBC</option>" ;
2378 print "<option value='RC2-64-CBC' $selected {'CIPHER'}{'RC2-64-CBC'}>RC2-64-CBC</option>" ;
2379 print "<option value='BF-CBC' $selected {'CIPHER'}{'BF-CBC'}>BF-CBC</option>" ;
2380 print "<option value='CAST5-CBC' $selected {'CIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>" ;
2381 print "<option value='AES-128-CBC' $selected {'CIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>" ;
2382 print "<option value='AES-192-CBC' $selected {'CIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>" ;
2383 print "<option value='AES-256-CBC' $selected {'CIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td>" ;
2384 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'MTU'} </td>" ;
2385 print "<td> <input type='TEXT' name='MTU' VALUE=' $cgiparams {'MTU'}'size='5' /></TD>" ;
2387 print "<tr><td class='boldbase'> $Lang ::tr{'remark title'} <img src='/blob.gif' /></td>" ;
2388 print "<td colspan='3'><input type='text' name='REMARK' value=' $cgiparams {'REMARK'}' size='55' maxlength='50' /></td></tr>" ;
2389 # if ($cgiparams{'TYPE'} eq 'net') {
2390 print "<tr><td> $Lang ::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td> \n " ;
2392 if ( $cgiparams { 'TYPE' } eq 'host' ) {
2393 print "<td colspan='3'> </td></tr></table>" ;
2394 } elsif ( $cgiparams { 'ACTION' } ne $Lang :: tr
{ 'edit' }){
2395 print "<td colspan='3'><input type='checkbox' name='EDIT_ADVANCED' $checked {'EDIT_ADVANCED'}{'on'}/> $Lang ::tr{'edit advanced settings when done'}</tr></table>" ;
2397 print "<td colspan='3'></tr></table>" ;
2401 & Header
:: closebox
();
2402 if ( $cgiparams { 'KEY' } && $cgiparams { 'AUTH' } eq 'psk' ) {
2404 } elsif (! $cgiparams { 'KEY' }) {
2406 my $cakeydisabled = '' ;
2407 my $cacrtdisabled = '' ;
2408 if ( ! - f
"${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" };
2409 if ( ! - f
"${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" };
2410 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'authentication' });
2412 <table width='100%' cellpadding='0' cellspacing='5' border='0'>
2413 <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr>
2414 <tr><td><input type='radio' name='AUTH' value='certreq' $checked {'AUTH'}{'certreq'} $cakeydisabled /></td>
2415 <td class='base'> $Lang ::tr{'upload a certificate request'}</td>
2416 <td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled ></td></tr>
2417 <tr><td><input type='radio' name='AUTH' value='certfile' $checked {'AUTH'}{'certfile'} $cacrtdisabled /></td>
2418 <td class='base'> $Lang ::tr{'upload a certificate'}</td></tr>
2419 <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' BORDER='0' /></td></tr>
2420 <tr><td><input type='radio' name='AUTH' value='certgen' $checked {'AUTH'}{'certgen'} $cakeydisabled /></td>
2421 <td class='base'> $Lang ::tr{'generate a certificate'}</td><td> </td></tr>
2423 <td class='base'> $Lang ::tr{'users fullname or system hostname'}:</td>
2424 <td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value=' $cgiparams {'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
2426 <td class='base'> $Lang ::tr{'users email'}: <img src='/blob.gif' /></td>
2427 <td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value=' $cgiparams {'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
2429 <td class='base'> $Lang ::tr{'users department'}: <img src='/blob.gif' /></td>
2430 <td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value=' $cgiparams {'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
2432 <td class='base'> $Lang ::tr{'organization name'}: <img src='/blob.gif' /></td>
2433 <td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value=' $cgiparams {'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
2435 <td class='base'> $Lang ::tr{'city'}: <img src='/blob.gif'></td>
2436 <td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value=' $cgiparams {'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
2438 <td class='base'> $Lang ::tr{'state or province'}: <img src='/blob.gif' /></td>
2439 <td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value=' $cgiparams {'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
2441 <td class='base'> $Lang ::tr{'country'}:</td>
2442 <td class='base'><select name='CERT_COUNTRY' $cakeydisabled >
2445 foreach my $country ( sort keys %{ Countries
:: countries
}) {
2446 print "<option value=' $Countries ::countries{ $country }'" ;
2447 if ( $Countries :: countries
{ $country } eq $cgiparams { 'CERT_COUNTRY' } ) {
2448 print " selected='selected'" ;
2450 print "> $country </option>" ;
2455 <td class='base'> $Lang ::tr{'pkcs12 file password'}:</td>
2456 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value=' $cgiparams {'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr>
2457 <tr><td> </td><td class='base'> $Lang ::tr{'pkcs12 file password'}:<BR>( $Lang ::tr{'confirmation'})</td>
2458 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value=' $cgiparams {'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr>
2462 & Header
:: closebox
();
2464 print "<div align='center'><input type='submit' name='ACTION' value=' $Lang ::tr{'save'}' />" ;
2465 if ( $cgiparams { 'KEY' }) {
2466 print "<input type='submit' name='ACTION' value=' $Lang ::tr{'advanced'}' />" ;
2468 print "<input type='submit' name='ACTION' value=' $Lang ::tr{'cancel'}' /></div></form>" ;
2469 & Header
:: closebigbox
();
2470 & Header
:: closepage
();
2476 ### Advanced settings
2478 if (( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'advanced' }) ||
2479 ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' } && $cgiparams { 'ADVANCED' } eq 'yes' )) {
2480 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
2481 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
2483 if (! $confighash { $cgiparams { 'KEY' }}) {
2484 $errormessage = $Lang :: tr
{ 'invalid key' };
2488 if ( $cgiparams { 'KEEPALIVE_1' } ne '' ) {
2489 if ( $cgiparams { 'KEEPALIVE_1' } !~ /^[0-9]+$/ ) {
2490 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 1' };
2491 goto ADVANCED_ERROR
;
2494 if ( $cgiparams { 'KEEPALIVE_2' } ne '' ){
2495 if ( $cgiparams { 'KEEPALIVE_2' } !~ /^[0-9]+$/ ) {
2496 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 2' };
2497 goto ADVANCED_ERROR
;
2500 if ( $cgiparams { 'KEEPALIVE_2' } < ( $cgiparams { 'KEEPALIVE_1' } * 2 )){
2501 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 1:2' };
2502 goto ADVANCED_ERROR
;
2504 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' }) {
2505 # if ($cgiparams{'NAT'} !~ /^(on|off)$/) {
2506 # $errormessage = $Lang::tr{'invalid input'};
2507 # goto ADVANCED_ERROR;
2511 $confighash { $cgiparams { 'KEY' }}[ 26 ] = $cgiparams { 'KEEPALIVE_1' };
2512 $confighash { $cgiparams { 'KEY' }}[ 27 ] = $cgiparams { 'KEEPALIVE_2' };
2513 $confighash { $cgiparams { 'KEY' }}[ 28 ] = $cgiparams { 'EXTENDED_NICE' };
2514 $confighash { $cgiparams { 'KEY' }}[ 29 ] = $cgiparams { 'EXTENDED_FASTIO' };
2515 $confighash { $cgiparams { 'KEY' }}[ 30 ] = $cgiparams { 'EXTENDED_MTUDISC' };
2516 $confighash { $cgiparams { 'KEY' }}[ 31 ] = $cgiparams { 'EXTENDED_MSSFIX' };
2517 $confighash { $cgiparams { 'KEY' }}[ 32 ] = $cgiparams { 'EXTENDED_FRAGMENT' };
2518 $confighash { $cgiparams { 'KEY' }}[ 33 ] = $cgiparams { 'PROXY_HOST' };
2519 $confighash { $cgiparams { 'KEY' }}[ 34 ] = $cgiparams { 'PROXY_PORT' };
2520 $confighash { $cgiparams { 'KEY' }}[ 35 ] = $cgiparams { 'PROXY_USERNAME' };
2521 $confighash { $cgiparams { 'KEY' }}[ 36 ] = $cgiparams { 'PROXY_PASS' };
2522 $confighash { $cgiparams { 'KEY' }}[ 37 ] = $cgiparams { 'PROXY_AUTH_METHOD' };
2523 $confighash { $cgiparams { 'KEY' }}[ 38 ] = $cgiparams { 'http-proxy-retry' };
2524 $confighash { $cgiparams { 'KEY' }}[ 39 ] = $cgiparams { 'PROXY_TIMEOUT' };
2525 $confighash { $cgiparams { 'KEY' }}[ 40 ] = $cgiparams { 'PROXY_OPT_VERSION' };
2526 $confighash { $cgiparams { 'KEY' }}[ 41 ] = $cgiparams { 'PROXY_OPT_AGENT' };
2527 $confighash { $cgiparams { 'KEY' }}[ 42 ] = $cgiparams { 'LOG_VERB' };
2528 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
2529 & Ovpnfunc
:: writenet2netconf
( $cgiparams { 'KEY' }, $zerinaclient );
2530 # restart n2n after advanced save ?
2533 $cgiparams { 'KEEPALIVE_1' } = $confighash { $cgiparams { 'KEY' }}[ 26 ];
2534 $cgiparams { 'KEEPALIVE_2' } = $confighash { $cgiparams { 'KEY' }}[ 27 ];
2535 $cgiparams { 'EXTENDED_NICE' } = $confighash { $cgiparams { 'KEY' }}[ 28 ];
2536 $cgiparams { 'EXTENDED_FASTIO' } = $confighash { $cgiparams { 'KEY' }}[ 29 ];
2537 $cgiparams { 'EXTENDED_MTUDISC' } = $confighash { $cgiparams { 'KEY' }}[ 30 ];
2538 $cgiparams { 'EXTENDED_MSSFIX' } = $confighash { $cgiparams { 'KEY' }}[ 31 ];
2539 $cgiparams { 'EXTENDED_FRAGMENT' } = $confighash { $cgiparams { 'KEY' }}[ 32 ];
2540 $cgiparams { 'PROXY_HOST' } = $confighash { $cgiparams { 'KEY' }}[ 33 ];
2541 $cgiparams { 'PROXY_PORT' } = $confighash { $cgiparams { 'KEY' }}[ 34 ];
2542 $cgiparams { 'PROXY_USERNAME' } = $confighash { $cgiparams { 'KEY' }}[ 35 ];
2543 $cgiparams { 'PROXY_PASS' } = $confighash { $cgiparams { 'KEY' }}[ 36 ];
2544 $cgiparams { 'PROXY_AUTH_METHOD' } = $confighash { $cgiparams { 'KEY' }}[ 37 ];
2545 $cgiparams { 'http-proxy-retry' } = $confighash { $cgiparams { 'KEY' }}[ 38 ];
2546 $cgiparams { 'PROXY_TIMEOUT' } = $confighash { $cgiparams { 'KEY' }}[ 39 ];
2547 $cgiparams { 'PROXY_OPT_VERSION' } = $confighash { $cgiparams { 'KEY' }}[ 40 ];
2548 $cgiparams { 'PROXY_OPT_AGENT' } = $confighash { $cgiparams { 'KEY' }}[ 41 ];
2549 $cgiparams { 'LOG_VERB' } = $confighash { $cgiparams { 'KEY' }}[ 42 ];
2554 $selected { 'EXTENDED_NICE' }{ '-13' } = '' ;
2555 $selected { 'EXTENDED_NICE' }{ '-10' } = '' ;
2556 $selected { 'EXTENDED_NICE' }{ '-7' } = '' ;
2557 $selected { 'EXTENDED_NICE' }{ '-3' } = '' ;
2558 $selected { 'EXTENDED_NICE' }{ '0' } = '' ;
2559 $selected { 'EXTENDED_NICE' }{ '3' } = '' ;
2560 $selected { 'EXTENDED_NICE' }{ '7' } = '' ;
2561 $selected { 'EXTENDED_NICE' }{ '10' } = '' ;
2562 $selected { 'EXTENDED_NICE' }{ '13' } = '' ;
2563 $selected { 'EXTENDED_NICE' }{ $cgiparams { 'EXTENDED_NICE' }} = 'SELECTED' ;
2564 $checked { 'EXTENDED_FASTIO' }{ 'off' } = '' ;
2565 $checked { 'EXTENDED_FASTIO' }{ 'on' } = '' ;
2566 $checked { 'EXTENDED_FASTIO' }{ $cgiparams { 'EXTENDED_FASTIO' }} = 'CHECKED' ;
2567 $checked { 'EXTENDED_MTUDISC' }{ 'off' } = '' ;
2568 $checked { 'EXTENDED_MTUDISC' }{ 'on' } = '' ;
2569 $checked { 'EXTENDED_MTUDISC' }{ $cgiparams { 'EXTENDED_MTUDISC' }} = 'CHECKED' ;
2570 $selected { 'LOG_VERB' }{ '1' } = '' ;
2571 $selected { 'LOG_VERB' }{ '2' } = '' ;
2572 $selected { 'LOG_VERB' }{ '3' } = '' ;
2573 $selected { 'LOG_VERB' }{ '4' } = '' ;
2574 $selected { 'LOG_VERB' }{ '5' } = '' ;
2575 $selected { 'LOG_VERB' }{ '6' } = '' ;
2576 $selected { 'LOG_VERB' }{ '7' } = '' ;
2577 $selected { 'LOG_VERB' }{ '8' } = '' ;
2578 $selected { 'LOG_VERB' }{ '9' } = '' ;
2579 $selected { 'LOG_VERB' }{ '10' } = '' ;
2580 $selected { 'LOG_VERB' }{ '11' } = '' ;
2581 $selected { 'LOG_VERB' }{ '0' } = '' ;
2582 $selected { 'LOG_VERB' }{ $cgiparams { 'LOG_VERB' }} = 'SELECTED' ;
2583 $selected { 'PROXY_AUTH_METHOD' }{ 'none' } = '' ;
2584 $selected { 'PROXY_AUTH_METHOD' }{ 'basic' } = '' ;
2585 $selected { 'PROXY_AUTH_METHOD' }{ 'ntlm' } = '' ;
2586 $selected { 'PROXY_AUTH_METHOD' }{ $cgiparams { 'PROXY_AUTH_METHOD' }} = 'SELECTED' ;
2587 $checked { 'PROXY_RETRY' }{ 'off' } = '' ;
2588 $checked { 'PROXY_RETRY' }{ 'on' } = '' ;
2589 $checked { 'PROXY_RETRY' }{ $cgiparams { 'PROXY_RETRY' }} = 'CHECKED' ;
2591 & Header
:: showhttpheaders
();
2592 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
2593 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
2595 if ( $errormessage ) {
2596 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
2597 print "<class name='base'> $errormessage " ;
2598 print " </class>" ;
2599 & Header
:: closebox
();
2603 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'warning messages' });
2604 print "<class name='base'> $warnmessage " ;
2605 print " </class>" ;
2606 & Header
:: closebox
();
2609 print "<form method='post' enctype='multipart/form-data'> \n " ;
2610 print "<input type='hidden' name='ADVANCED' value='yes' /> \n " ;
2611 print "<input type='hidden' name='KEY' value=' $cgiparams {'KEY'}' /> \n " ;
2613 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'advanced'}:" );
2615 <form method='post' enctype='multipart/form-data'>
2616 <table width='100%'>
2618 <td class'base'><b> $Lang ::tr{'misc-options'}</b></td>
2621 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
2623 <td class='base'>Keppalive (ping/ping-restart)</td>
2624 <td><input type='TEXT' name='KEEPALIVE_1' value=' $cgiparams {'KEEPALIVE_1'}' size='30' /></td>
2625 <td><input type='TEXT' name='KEEPALIVE_2' value=' $cgiparams {'KEEPALIVE_2'}' size='30' /></td>
2629 <td class='base'> $Lang ::tr{'ovpn_processprio'}</td>
2631 <select name='EXTENDED_NICE' disabled='disabled'>
2632 <option value='-13' $selected {'EXTENDED_NICE'}{'-13'}> $Lang ::tr{'ovpn_processprioEH'}</option>
2633 <option value='-10' $selected {'EXTENDED_NICE'}{'-10'}> $Lang ::tr{'ovpn_processprioVH'}</option>
2634 <option value='-7' $selected {'EXTENDED_NICE'}{'-7'}> $Lang ::tr{'ovpn_processprioH'}</option>
2635 <option value='-3' $selected {'EXTENDED_NICE'}{'-3'}> $Lang ::tr{'ovpn_processprioEN'}</option>
2636 <option value='0' $selected {'EXTENDED_NICE'}{'0'}> $Lang ::tr{'ovpn_processprioN'}</option>
2637 <option value='3' $selected {'EXTENDED_NICE'}{'3'}> $Lang ::tr{'ovpn_processprioLN'}</option>
2638 <option value='7' $selected {'EXTENDED_NICE'}{'7'}> $Lang ::tr{'ovpn_processprioD'}</option>
2639 <option value='10' $selected {'EXTENDED_NICE'}{'10'}> $Lang ::tr{'ovpn_processprioVD'}</option>
2640 <option value='13' $selected {'EXTENDED_NICE'}{'13'}> $Lang ::tr{'ovpn_processprioED'}</option>
2645 <td class='base'> $Lang ::tr{'ovpn_fastio'}</td>
2647 <input type='checkbox' name='EXTENDED_FASTIO' $checked {'EXTENDED_FASTIO'}{'on'} disabled='disabled'/>
2651 <td class='base'> $Lang ::tr{'ovpn_mtudisc'}</td>
2653 <input type='checkbox' name='EXTENDED_MTUDISC' $checked {'EXTENDED_MTUDISC'}{'on'} disabled='disabled'/>
2657 <td class='base'> $Lang ::tr{'ovpn_mssfix'}</td>
2659 <input type='TEXT' name='EXTENDED_MSSFIX' value=' $cgiparams {'EXTENDED_MSSFIX'}' size='30' disabled='disabled'/>
2663 <td class='base'> $Lang ::tr{'ovpn_fragment'}</td>
2665 <input type='TEXT' name='EXTENDED_FRAGMENT' value=' $cgiparams {'EXTENDED_FRAGMENT'}' size='30' disabled='disabled'/>
2670 <table width='100%'>
2672 <td class'base'><b> $Lang ::tr{'proxy'} $Lang ::tr{'settings'}</b></td>
2675 <td width='25%'></td> <td width='25%'> </td><td width='25%'> </td><td width='25%'></td>
2677 <td class='base'> $Lang ::tr{'proxy'} $Lang ::tr{'host'}:</td>
2678 <td><input type='TEXT' name='PROXY_HOST' value=' $cgiparams {'PROXY_HOST'}' size='30' disabled='disabled'/></td>
2679 <td class='base'> $Lang ::tr{'proxy port'}:</td>
2680 <td><input type='TEXT' name='PROXY_PORT' value=' $cgiparams {'PROXY_PORT'}' size='10' disabled='disabled'/></td>
2683 <td class='base'> $Lang ::tr{'username'}</td>
2684 <td><input type='TEXT' name='PROXY_USERNAME' value=' $cgiparams {'PROXY_USERNAME'}' size='30' disabled='disabled' /></td>
2685 <td class='base'> $Lang ::tr{'password'}</td>
2686 <td><input type='TEXT' name='PROXY_PASS' value=' $cgiparams {'PROXY_PASS'}' size='10' disabled='disabled'/></td>
2689 <td class='base'> $Lang ::tr{'authentication'} $Lang ::tr{'method'}</td>
2691 <select name='PROXY_AUTH_METHOD' disabled='disabled'>
2692 <option value='none' $selected {'PROXY_AUTH_METHOD'}{'none'}>none</option>
2693 <option value='basic' $selected {'PROXY_AUTH_METHOD'}{'basic'}>basic</option>
2694 <option value='ntlm' $selected {'PROXY_AUTH_METHOD'}{'ntlm'}>ntlm</option>
2699 <td class='base'>http-proxy-retry</td>
2700 <td><input type='checkbox' name='PROXY_RETRY' $checked {'PROXY_RETRY'}{'on'} disabled='disabled' /></td>
2701 <td class='base'>http-proxy-timeout</td>
2702 <td><input type='TEXT' name='PROXY_TIMEOUT' value=' $cgiparams {'PROXY_TIMEOUT'}' size='10' disabled='disabled'/></td>
2704 <td class='base'>http-proxy-option VERSION</td>
2705 <td><input type='TEXT' name='PROXY_OPT_VERSION' value=' $cgiparams {'PROXY_OPT_VERSION'}' size='30' disabled='disabled'/></td>
2706 <td class='base'>http-proxy-option AGENT</td>
2707 <td><input type='TEXT' name='PROXY_OPT_AGENT' value=' $cgiparams {'PROXY_OPT_AGENT'}' size='10' disabled='disabled'/></td>
2711 <table width='100%'>
2713 <td class'base'><b> $Lang ::tr{'log-options'}</b></td>
2716 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
2718 <tr><td class='base'>VERB</td>
2719 <td><select name='LOG_VERB'><option value='1' $selected {'LOG_VERB'}{'1'}>1</option>
2720 <option value='2' $selected {'LOG_VERB'}{'2'}>2</option>
2721 <option value='3' $selected {'LOG_VERB'}{'3'}>3</option>
2722 <option value='4' $selected {'LOG_VERB'}{'4'}>4</option>
2723 <option value='5' $selected {'LOG_VERB'}{'5'}>5</option>
2724 <option value='6' $selected {'LOG_VERB'}{'6'}>6</option>
2725 <option value='7' $selected {'LOG_VERB'}{'7'}>7</option>
2726 <option value='8' $selected {'LOG_VERB'}{'8'}>8</option>
2727 <option value='9' $selected {'LOG_VERB'}{'9'}>9</option>
2728 <option value='10' $selected {'LOG_VERB'}{'10'}>10</option>
2729 <option value='11' $selected {'LOG_VERB'}{'11'}>11</option>
2730 <option value='0' $selected {'LOG_VERB'}{'0'}>0</option></select></td>
2736 & Header
:: closebox
();
2737 print "<div align='center'><input type='submit' name='ACTION' value=' $Lang ::tr{'save'}' />" ;
2738 print "<input type='submit' name='ACTION' value=' $Lang ::tr{'cancel'}' /></div></form>" ;
2739 & Header
:: closebigbox
();
2740 & Header
:: closepage
();
2746 ### Default status page
2751 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%cgiparams );
2752 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
2753 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
2754 my @status = `/bin/cat /var/log/ovpnserver.log` ;
2755 if ( $cgiparams { 'VPN_IP' } eq '' && - e
"${General::swroot}/red/active" ) {
2756 if ( open ( IPADDR
, "${General::swroot}/red/local-ipaddress" )) {
2757 my $ipaddr = < IPADDR
>;
2760 $cgiparams { 'VPN_IP' } = ( gethostbyaddr ( pack ( "C4" , split ( /\./ , $ipaddr )), 2 ))[ 0 ];
2761 if ( $cgiparams { 'VPN_IP' } eq '' ) {
2762 $cgiparams { 'VPN_IP' } = $ipaddr ;
2767 if ( $cgiparams { 'DCIPHER' } eq '' ) {
2768 $cgiparams { 'DCIPHER' } = 'BF-CBC' ;
2770 # if ($cgiparams{'DCOMPLZO'} eq '') {
2771 # $cgiparams{'DCOMPLZO'} = 'on';
2773 if ( $cgiparams { 'DDEST_PORT' } eq '' ) {
2774 $cgiparams { 'DDEST_PORT' } = '1194' ;
2776 if ( $cgiparams { 'DMTU' } eq '' ) {
2777 $cgiparams { 'DMTU' } = '1400' ;
2779 if ( $cgiparams { 'DOVPN_SUBNET' } eq '' ) {
2780 $cgiparams { 'DOVPN_SUBNET' } = '10.' . int ( rand ( 256 )) . '.' . int ( rand ( 256 )) . '.0/255.255.255.0' ;
2782 $checked { 'ENABLED' }{ 'off' } = '' ;
2783 $checked { 'ENABLED' }{ 'on' } = '' ;
2784 $checked { 'ENABLED' }{ $cgiparams { 'ENABLED' }} = 'CHECKED' ;
2785 $checked { 'ENABLED_BLUE' }{ 'off' } = '' ;
2786 $checked { 'ENABLED_BLUE' }{ 'on' } = '' ;
2787 $checked { 'ENABLED_BLUE' }{ $cgiparams { 'ENABLED_BLUE' }} = 'CHECKED' ;
2788 $checked { 'ENABLED_ORANGE' }{ 'off' } = '' ;
2789 $checked { 'ENABLED_ORANGE' }{ 'on' } = '' ;
2790 $checked { 'ENABLED_ORANGE' }{ $cgiparams { 'ENABLED_ORANGE' }} = 'CHECKED' ;
2792 $selected { 'DDEVICE' }{ 'tun' } = '' ;
2793 $selected { 'DDEVICE' }{ 'tap' } = '' ;
2794 $selected { 'DDEVICE' }{ $cgiparams { 'DDEVICE' }} = 'SELECTED' ;
2795 $selected { 'DPROTOCOL' }{ 'udp' } = '' ;
2796 $selected { 'DPROTOCOL' }{ 'tcp' } = '' ;
2797 $selected { 'DPROTOCOL' }{ $cgiparams { 'DPROTOCOL' }} = 'SELECTED' ;
2798 $selected { 'DCIPHER' }{ 'DES-CBC' } = '' ;
2799 $selected { 'DCIPHER' }{ 'DES-EDE-CBC' } = '' ;
2800 $selected { 'DCIPHER' }{ 'DES-EDE3-CBC' } = '' ;
2801 $selected { 'DCIPHER' }{ 'DESX-CBC' } = '' ;
2802 $selected { 'DCIPHER' }{ 'RC2-CBC' } = '' ;
2803 $selected { 'DCIPHER' }{ 'RC2-40-CBC' } = '' ;
2804 $selected { 'DCIPHER' }{ 'RC2-64-CBC' } = '' ;
2805 $selected { 'DCIPHER' }{ 'BF-CBC' } = '' ;
2806 $selected { 'DCIPHER' }{ 'CAST5-CBC' } = '' ;
2807 $selected { 'DCIPHER' }{ 'AES-128-CBC' } = '' ;
2808 $selected { 'DCIPHER' }{ 'AES-192-CBC' } = '' ;
2809 $selected { 'DCIPHER' }{ 'AES-256-CBC' } = '' ;
2810 $selected { 'DCIPHER' }{ $cgiparams { 'DCIPHER' }} = 'SELECTED' ;
2811 $checked { 'DCOMPLZO' }{ 'off' } = '' ;
2812 $checked { 'DCOMPLZO' }{ 'on' } = '' ;
2813 $checked { 'DCOMPLZO' }{ $cgiparams { 'DCOMPLZO' }} = 'CHECKED' ;
2816 & Header
:: showhttpheaders
();
2817 & Header
:: openpage
( $Lang :: tr
{ 'status ovpn' }, 1 , '' );
2818 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
2820 if ( $errormessage ) {
2821 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
2822 print "<class name='base'> $errormessage \n " ;
2823 print " </class> \n " ;
2824 & Header
:: closebox
();
2827 my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'> $Lang ::tr{'stopped'}</font></b></td></tr></table>" ;
2828 my $srunning = "no" ;
2829 my $activeonrun = "" ;
2830 if ( - e
"/var/run/openvpn.pid" ){
2831 $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'> $Lang ::tr{'running'}</font></b></td></tr></table>" ;
2835 $activeonrun = "disabled='disabled'" ;
2837 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'global settings' });
2838 print "<div align='center'><strong>ZERINA-0.9.7a7</strong></div>" ;
2840 <table width='100%'>
2841 <form method='post'>
2842 <td width='25%'> </td>
2843 <td width='25%'> </td>
2844 <td width='25%'> </td></tr>
2845 <tr><td class='boldbase'> $Lang ::tr{'ovpn server status'}</td>
2846 <td align='left'> $sactive </td>
2847 <tr><td class='boldbase'> $Lang ::tr{'ovpn on red'}</td>
2848 <td><input type='checkbox' name='ENABLED' $checked {'ENABLED'}{'on'} /></td>
2851 if (& Ovpnfunc
:: haveBlueNet
()) {
2852 print "<tr><td class='boldbase'> $Lang ::tr{'ovpn on blue'}</td>" ;
2853 print "<td><input type='checkbox' name='ENABLED_BLUE' $checked {'ENABLED_BLUE'}{'on'} /></td>" ;
2855 if (& Ovpnfunc
:: haveOrangeNet
()) {
2856 print "<tr><td class='boldbase'> $Lang ::tr{'ovpn on orange'}</td>" ;
2857 print "<td><input type='checkbox' name='ENABLED_ORANGE' $checked {'ENABLED_ORANGE'}{'on'} /></td>" ;
2860 <tr><td class='base' nowrap='nowrap'> $Lang ::tr{'local vpn hostname/ip'}:</td>
2861 <td><input type='text' name='VPN_IP' value=' $cgiparams {'VPN_IP'}' size='30' /></td>
2862 <td class='boldbase' nowrap='nowrap'> $Lang ::tr{'ovpn subnet'}</td>
2863 <td><input type='TEXT' name='DOVPN_SUBNET' value=' $cgiparams {'DOVPN_SUBNET'}' size='30' /></td></tr>
2864 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'ovpn device'}</td>
2865 <td><select name='DDEVICE' ><option value='tun' $selected {'DDEVICE'}{'tun'}>TUN</option>
2866 <option value='tap' $selected {'DDEVICE'}{'tap'}>TAP</option></select></td>
2867 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'protocol'}</td>
2868 <td><select name='DPROTOCOL'><option value='udp' $selected {'DPROTOCOL'}{'udp'}>UDP</option>
2869 <option value='tcp' $selected {'DPROTOCOL'}{'tcp'}>TCP</option></select></td>
2870 <td class='boldbase'> $Lang ::tr{'destination port'}:</td>
2871 <td><input type='TEXT' name='DDEST_PORT' value=' $cgiparams {'DDEST_PORT'}' size='5' /></td></tr>
2872 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'MTU'} </td>
2873 <td> <input type='TEXT' name='DMTU' VALUE=' $cgiparams {'DMTU'}'size='5' /></TD>
2874 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'comp-lzo'}</td>
2875 <td><input type='checkbox' name='DCOMPLZO' $checked {'DCOMPLZO'}{'on'} /></td>
2876 <td class='boldbase' nowrap='nowrap'> $Lang ::tr{'cipher'}</td>
2877 <td><select name='DCIPHER'><option value='DES-CBC' $selected {'DCIPHER'}{'DES-CBC'}>DES-CBC</option>
2878 <option value='DES-EDE-CBC' $selected {'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC</option>
2879 <option value='DES-EDE3-CBC' $selected {'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC</option>
2880 <option value='DESX-CBC' $selected {'DCIPHER'}{'DESX-CBC'}>DESX-CBC</option>
2881 <option value='RC2-CBC' $selected {'DCIPHER'}{'RC2-CBC'}>RC2-CBC</option>
2882 <option value='RC2-40-CBC' $selected {'DCIPHER'}{'RC2-40-CBC'}>RC2-40-CBC</option>
2883 <option value='RC2-64-CBC' $selected {'DCIPHER'}{'RC2-64-CBC'}>RC2-64-CBC</option>
2884 <option value='BF-CBC' $selected {'DCIPHER'}{'BF-CBC'}>BF-CBC</option>
2885 <option value='CAST5-CBC' $selected {'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>
2886 <option value='AES-128-CBC' $selected {'DCIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>
2887 <option value='AES-192-CBC' $selected {'DCIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>
2888 <option value='AES-256-CBC' $selected {'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td>
2892 if ( $srunning eq "yes" ) {
2893 print "<tr><td align='left'><input type='submit' name='ACTION' value=' $Lang ::tr{'save'}' disabled='disabled' /></td>" ;
2894 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'advanced server'}' disabled='disabled'/></td>" ;
2895 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'stop ovpn server'}' /></td>" ;
2896 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'restart ovpn server'}' /></td></tr>" ;
2898 print "<tr><td align='left'><input type='submit' name='ACTION' value=' $Lang ::tr{'save'}' /></td>" ;
2899 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'advanced server'}' /></td>" ;
2900 if (( - e
"${General::swroot}/ovpn/ca/cacert.pem" &&
2901 - e
"${General::swroot}/ovpn/ca/dh1024.pem" &&
2902 - e
"${General::swroot}/ovpn/certs/servercert.pem" &&
2903 - e
"${General::swroot}/ovpn/certs/serverkey.pem" ) &&
2904 (( $cgiparams { 'ENABLED' } eq 'on' ) ||
2905 ( $cgiparams { 'ENABLED_BLUE' } eq 'on' ) ||
2906 ( $cgiparams { 'ENABLED_ORANGE' } eq 'on' ))){
2907 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'start ovpn server'}' /></td>" ;
2908 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'restart ovpn server'}' /></td></tr>" ;
2910 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'start ovpn server'}' disabled='disabled' /></td>" ;
2911 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'restart ovpn server'}' disabled='disabled' /></td></tr>" ;
2914 print "</form></table>" ;
2915 & Header
:: closebox
();
2916 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'certificate authorities'}:" );
2918 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
2920 <td width='25%' class='boldbase' align='center'><b> $Lang ::tr{'name'}</b></td>
2921 <td width='65%' class='boldbase' align='center'><b> $Lang ::tr{'subject'}</b></td>
2922 <td width='10%' class='boldbase' colspan='3' align='center'><b> $Lang ::tr{'action'}</b></td>
2926 if (- f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
2927 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem` ;
2928 $casubject =~ /Subject: (.*)[\n]/ ;
2930 $casubject =~ s
+/ Email
+, E
+;
2931 $casubject =~ s/ ST=/ S=/ ;
2933 <tr bgcolor='${Header::table2colour}'>
2934 <td class='base'> $Lang ::tr{'root certificate'}</td>
2935 <td class='base'> $casubject </td>
2936 <form method='post' name='frmrootcrta'><td width='3%' align='center'>
2937 <input type='hidden' name='ACTION' value=' $Lang ::tr{'show root certificate'}' />
2938 <input type='image' name=' $Lang ::tr{'edit'}' src='/images/info.gif' alt=' $Lang ::tr{'show root certificate'}' title=' $Lang ::tr{'show root certificate'}' width='20' height='20' border='0' />
2940 <form method='post' name='frmrootcrtb'><td width='3%' align='center'>
2941 <input type='image' name=' $Lang ::tr{'download root certificate'}' src='/images/floppy.gif' alt=' $Lang ::tr{'download root certificate'}' title=' $Lang ::tr{'download root certificate'}' border='0' />
2942 <input type='hidden' name='ACTION' value=' $Lang ::tr{'download root certificate'}' />
2944 <td width='4%'> </td></tr>
2948 # display rootcert generation buttons
2950 <tr bgcolor='${Header::table2colour}'>
2951 <td class='base'> $Lang ::tr{'root certificate'}:</td>
2952 <td class='base'> $Lang ::tr{'not present'}</td>
2953 <td colspan='3'> </td></tr>
2958 if (- f
"${General::swroot}/ovpn/certs/servercert.pem" ) {
2959 my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem` ;
2960 $hostsubject =~ /Subject: (.*)[\n]/ ;
2962 $hostsubject =~ s
+/ Email
+, E
+;
2963 $hostsubject =~ s/ ST=/ S=/ ;
2965 <tr bgcolor='${Header::table1colour}'>
2966 <td class='base'> $Lang ::tr{'host certificate'}</td>
2967 <td class='base'> $hostsubject </td>
2968 <form method='post' name='frmhostcrta'><td width='3%' align='center'>
2969 <input type='hidden' name='ACTION' value=' $Lang ::tr{'show host certificate'}' />
2970 <input type='image' name=' $Lang ::tr{'show host certificate'}' src='/images/info.gif' alt=' $Lang ::tr{'show host certificate'}' title=' $Lang ::tr{'show host certificate'}' width='20' height='20' border='0' />
2972 <form method='post' name='frmhostcrtb'><td width='3%' align='center'>
2973 <input type='image' name=' $Lang ::tr{'download host certificate'}' src='/images/floppy.gif' alt=' $Lang ::tr{'download host certificate'}' title=' $Lang ::tr{'download host certificate'}' border='0' />
2974 <input type='hidden' name='ACTION' value=' $Lang ::tr{'download host certificate'}' />
2976 <td width='4%'> </td></tr>
2982 <tr bgcolor='${Header::table1colour}'>
2983 <td width='25%' class='base'> $Lang ::tr{'host certificate'}:</td>
2984 <td class='base'> $Lang ::tr{'not present'}</td>
2985 </td><td colspan='3'> </td></tr>
2990 if (! - f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
2991 print "<tr><td colspan='5' align='center'><form method='post'>" ;
2992 print "<input type='submit' name='ACTION' value=' $Lang ::tr{'generate root/host certificates'}' />" ;
2993 print "</form></td></tr> \n " ;
2996 if ( keys %cahash > 0 ) {
2997 foreach my $key ( keys %cahash ) {
2998 if (( $key + 1 ) % 2 ) {
2999 print "<tr bgcolor='${Header::table1colour}'> \n " ;
3001 print "<tr bgcolor='${Header::table2colour}'> \n " ;
3003 print "<td class='base'> $cahash { $key }[0]</td> \n " ;
3004 print "<td class='base'> $cahash { $key }[1]</td> \n " ;
3006 <form method='post' name='cafrm${key}a'><td align='center'>
3007 <input type='image' name=' $Lang ::tr{'show ca certificate'}' src='/images/info.gif' alt=' $Lang ::tr{'show ca certificate'}' title=' $Lang ::tr{'show ca certificate'}' border='0' />
3008 <input type='hidden' name='ACTION' value=' $Lang ::tr{'show ca certificate'}' />
3009 <input type='hidden' name='KEY' value=' $key ' />
3011 <form method='post' name='cafrm${key}b'><td align='center'>
3012 <input type='image' name=' $Lang ::tr{'download ca certificate'}' src='/images/floppy.gif' alt=' $Lang ::tr{'download ca certificate'}' title=' $Lang ::tr{'download ca certificate'}' border='0' />
3013 <input type='hidden' name='ACTION' value=' $Lang ::tr{'download ca certificate'}' />
3014 <input type='hidden' name='KEY' value=' $key ' />
3016 <form method='post' name='cafrm${key}c'><td align='center'>
3017 <input type='hidden' name='ACTION' value=' $Lang ::tr{'remove ca certificate'}' />
3018 <input type='image' name=' $Lang ::tr{'remove ca certificate'}' src='/images/delete.gif' alt=' $Lang ::tr{'remove ca certificate'}' title=' $Lang ::tr{'remove ca certificate'}' width='20' height='20' border='0' />
3019 <input type='hidden' name='KEY' value=' $key ' />
3026 if ( - f
"${General::swroot}/ovpn/ca/cacert.pem" ) { # If the file contains entries, print Key to action icons
3030 <td class='boldbase'> <b> $Lang ::tr{'legend'}:</b></td>
3031 <td> <img src='/images/info.gif' alt=' $Lang ::tr{'show certificate'}' /></td>
3032 <td class='base'> $Lang ::tr{'show certificate'}</td>
3033 <td> <img src='/images/floppy.gif' alt=' $Lang ::tr{'download certificate'}' /></td>
3034 <td class='base'> $Lang ::tr{'download certificate'}</td>
3041 <form method='post' enctype='multipart/form-data'>
3042 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
3043 <tr><td class='base' nowrap='nowrap'> $Lang ::tr{'ca name'}:</td>
3044 <td nowrap='nowrap'><input type='text' name='CA_NAME' value=' $cgiparams {'CA_NAME'}' size='15' />
3045 <td nowrap='nowrap'><input type='file' name='FH' size='30' /></td>
3046 <td nowrap='nowrap'><input type='submit' name='ACTION' value=' $Lang ::tr{'upload ca certificate'}' /></td>
3047 <td nowrap='nowrap'><input type='submit' name='ACTION' value=' $Lang ::tr{'show crl'}' /></td>
3048 </tr></table></form>
3051 & Header
:: closebox
();
3052 if ( $srunning eq "yes" ) {
3053 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value=' $Lang ::tr{'reset'}' disabled='disabled' /></div></form> \n " ;
3055 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value=' $Lang ::tr{'reset'}' /></div></form> \n " ;
3057 if ( - f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
3058 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'Client status and controlc' });
3060 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
3062 <td width='10%' class='boldbase' align='center'><b> $Lang ::tr{'name'}</b></td>
3063 <td width='15%' class='boldbase' align='center'><b> $Lang ::tr{'type'}</b></td>
3064 <td width='18%' class='boldbase' align='center'><b> $Lang ::tr{'common name'}</b></td>
3065 <td width='17%' class='boldbase' align='center'><b> $Lang ::tr{'valid till'}</b></td>
3066 <td width='25%' class='boldbase' align='center'><b> $Lang ::tr{'remark'}</b><br /><img src='/images/null.gif' width='125' height='1' border='0' alt='L2089' /></td>
3067 <td width='10%' class='boldbase' align='center'><b> $Lang ::tr{'status'}</b></td>
3068 <td width='5%' class='boldbase' colspan='6' align='center'><b> $Lang ::tr{'action'}</b></td>
3074 foreach my $key ( keys %confighash ) {
3075 if ( $confighash { $key }[ 0 ] eq 'on' ) { $gif = 'on.gif' ; } else { $gif = 'off.gif' ; }
3077 print "<tr bgcolor='${Header::table1colour}'> \n " ;
3079 print "<tr bgcolor='${Header::table2colour}'> \n " ;
3081 print "<td align='center' nowrap='nowrap'> $confighash { $key }[1]</td>" ;
3082 if ( $confighash { $key }[ 3 ] ne 'host' ) {
3083 print "<td align='center' nowrap='nowrap'>" . $confighash { $key }[ 6 ] . "-" . $Lang :: tr
{ " $confighash { $key }[3]" } . " (" . $Lang :: tr
{ " $confighash { $key }[4]" } . ")</td>" ;
3085 print "<td align='center' nowrap='nowrap'>" . $Lang :: tr
{ " $confighash { $key }[3]" } . " (" . $Lang :: tr
{ " $confighash { $key }[4]" } . ")</td>" ;
3087 if ( $confighash { $key }[ 4 ] eq 'cert' ) {
3088 print "<td align='left' nowrap='nowrap'> $confighash { $key }[2]</td>" ;
3090 print "<td align='left'> </td>" ;
3092 if ( $confighash { $key }[ 19 ] ne 'yes' ) {
3093 my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/ $confighash { $key }[1]cert.pem` ;
3094 $cavalid =~ /Not After : (.*)[\n]/ ;
3096 print "<td align='center'> $cavalid </td>" ;
3098 print "<td> </td>" ;
3100 print "<td align='center'> $confighash { $key }[25]</td>" ;
3101 my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'> $Lang ::tr{'capsclosed'}</font></b></td></tr></table>" ;
3102 if ( $confighash { $key }[ 0 ] eq 'off' ) {
3103 $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'> $Lang ::tr{'capsclosed'}</font></b></td></tr></table>" ;
3105 if ( $confighash { $key }[ 3 ] eq 'host' ) {
3108 foreach my $line ( @status ) {
3110 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/ ) {
3111 @match = split ( m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/ , $line );
3112 if ( $match [ 1 ] ne "Common Name" ) {
3116 if ( $cn eq " $confighash { $key }[2]" ) {
3117 $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'> $Lang ::tr{'capsopen'}</font></b></td></tr></table>" ;
3122 my @tempovpnsubnet = split ( "\/" , $confighash { $key }[ 13 ]);
3123 my @ovpnip = split /\./ , $tempovpnsubnet [ 0 ];
3125 if ( $confighash { $key }[ 6 ] eq 'server' ) {
3126 $pingip = " $ovpnip [0]. $ovpnip [1]. $ovpnip [2].2" ;
3128 $pingip = " $ovpnip [0]. $ovpnip [1]. $ovpnip [2].1" ;
3130 my $p = Net
:: Ping
-> new ( "udp" , 1 );
3131 if ( $p -> ping ( $pingip )) {
3132 $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'> $Lang ::tr{'capsopen'}</font></b></td></tr></table>" ;
3137 print "<td align='center'> $active </td>" ;
3138 my $disable_clientdl = "" ;
3139 if ( $confighash { $key }[ 6 ] ne 'client' ) {
3141 <form method='post' name='frm${key}a'><td align='center'>
3142 <input type='image' name=' $Lang ::tr{'dl client arch'}' $disable_clientdl src='/images/openvpn.gif' alt=' $Lang ::tr{'dl client arch'}' title=' $Lang ::tr{'dl client arch'}' border='0' />
3143 <input type='hidden' name='ACTION' value=' $Lang ::tr{'dl client arch'}' $disable_clientdl />
3144 <input type='hidden' name='KEY' value=' $key ' $disable_clientdl />
3148 print "<td> </td>" ;
3150 if ( $confighash { $key }[ 4 ] eq 'cert' && $confighash { $key }[ 19 ] ne 'yes' ) {
3152 <form method='post' name='frm${key}b'><td align='center'>
3153 <input type='image' name=' $Lang ::tr{'show certificate'}' src='/images/info.gif' alt=' $Lang ::tr{'show certificate'}' title=' $Lang ::tr{'show certificate'}' border='0' />
3154 <input type='hidden' name='ACTION' value=' $Lang ::tr{'show certificate'}' />
3155 <input type='hidden' name='KEY' value=' $key ' />
3159 print "<td> </td>" ;
3161 if ( $confighash { $key }[ 4 ] eq 'cert' && - f
"${General::swroot}/ovpn/certs/ $confighash { $key }[1].p12" ) {
3163 <form method='post' name='frm${key}c'><td align='center'>
3164 <input type='image' name=' $Lang ::tr{'download pkcs12 file'}' src='/images/floppy.gif' alt=' $Lang ::tr{'download pkcs12 file'}' title=' $Lang ::tr{'download pkcs12 file'}' border='0' />
3165 <input type='hidden' name='ACTION' value=' $Lang ::tr{'download pkcs12 file'}' />
3166 <input type='hidden' name='KEY' value=' $key ' />
3169 ; } elsif ( $confighash { $key }[ 4 ] eq 'cert' && $confighash { $key }[ 19 ] ne 'yes' ) {
3171 <form method='post' name='frm${key}c'><td align='center'>
3172 <input type='image' name=' $Lang ::tr{'download certificate'}' src='/images/floppy.gif' alt=' $Lang ::tr{'download certificate'}' title=' $Lang ::tr{'download certificate'}' border='0' />
3173 <input type='hidden' name='ACTION' value=' $Lang ::tr{'download certificate'}' />
3174 <input type='hidden' name='KEY' value=' $key ' />
3178 print "<td> </td>" ;
3181 <form method='post' name='frm${key}d'><td align='center'>
3182 <input type='image' name=' $Lang ::tr{'toggle enable disable'}' src='/images/ $gif ' alt=' $Lang ::tr{'toggle enable disable'}' title=' $Lang ::tr{'toggle enable disable'}' border='0' />
3183 <input type='hidden' name='ACTION' value=' $Lang ::tr{'toggle enable disable'}' />
3184 <input type='hidden' name='KEY' value=' $key ' />
3186 <form method='post' name='frm${key}e'><td align='center'>
3187 <input type='hidden' name='ACTION' value=' $Lang ::tr{'edit'}' />
3188 <input type='image' name=' $Lang ::tr{'edit'}' src='/images/edit.gif' alt=' $Lang ::tr{'edit'}' title=' $Lang ::tr{'edit'}' width='20' height='20' border='0'/>
3189 <input type='hidden' name='KEY' value=' $key ' />
3191 <form method='post' name='frm${key}f'><td align='center'>
3192 <input type='hidden' name='ACTION' value=' $Lang ::tr{'remove'}' />
3193 <input type='image' name=' $Lang ::tr{'remove'}' src='/images/delete.gif' alt=' $Lang ::tr{'remove'}' title=' $Lang ::tr{'remove'}' width='20' height='20' border='0' />
3194 <input type='hidden' name='KEY' value=' $key ' />
3203 # If the config file contains entries, print Key to action icons
3208 <td class='boldbase'> <b> $Lang ::tr{'legend'}:</b></td>
3209 <td> <img src='/images/on.gif' alt=' $Lang ::tr{'click to disable'}' /></td>
3210 <td class='base'> $Lang ::tr{'click to disable'}</td>
3211 <td> <img src='/images/info.gif' alt=' $Lang ::tr{'show certificate'}' /></td>
3212 <td class='base'> $Lang ::tr{'show certificate'}</td>
3213 <td> <img src='/images/edit.gif' alt=' $Lang ::tr{'edit'}' /></td>
3214 <td class='base'> $Lang ::tr{'edit'}</td>
3215 <td> <img src='/images/delete.gif' alt=' $Lang ::tr{'remove'}' /></td>
3216 <td class='base'> $Lang ::tr{'remove'}</td>
3220 <td> <img src='/images/off.gif' alt='?OFF' /></td>
3221 <td class='base'> $Lang ::tr{'click to enable'}</td>
3222 <td> <img src='/images/floppy.gif' alt='?FLOPPY' /></td>
3223 <td class='base'> $Lang ::tr{'download certificate'}</td>
3224 <td> <img src='/images/openvpn.gif' alt='?RELOAD'/></td>
3225 <td class='base'> $Lang ::tr{'dl client arch'}</td>
3232 <table width='100%'>
3233 <form method='post'>
3234 <tr><td width='50%' ><input type='submit' name='ACTION' value=' $Lang ::tr{'add'}' /></td>
3235 <td width='50%' ><input type='submit' name='ACTION' value=' $Lang ::tr{'ovpn con stat'}' $activeonrun /></td></tr>
3240 & Header
:: closebox
();
3242 & Header
:: closepage
();