X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fovpnmain.cgi;h=dec27b722c68587c2c96552391f352de09168119;hp=ceb63d45669ab1799292b5b3ccb9ccffa237eba7;hb=c2b5d12b3453c55afce7ef84451a65e130b0d80f;hpb=ae6ae33f847ea063331b8ce205148334925385fd diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index ceb63d4566..dec27b722c 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -226,50 +226,6 @@ sub checkportinc } } -# Darren Critchley - certain ports are reserved for IPFire -# TCP 67,68,81,222,444 -# UDP 67,68 -# Params passed in -> port, rangeyn, protocol -sub disallowreserved -{ - # port 67 and 68 same for tcp and udp, don't bother putting in an array - my $msg = ""; - my @tcp_reserved = (81,222,444); - my $prt = $_[0]; # the port or range - my $ryn = $_[1]; # tells us whether or not it is a port range - my $prot = $_[2]; # protocol - my $srcdst = $_[3]; # source or destination - if ($ryn) { # disect port range - if ($srcdst eq "src") { - $msg = "$Lang::tr{'rsvd src port overlap'}"; - } else { - $msg = "$Lang::tr{'rsvd dst port overlap'}"; - } - my @tmprng = split(/\:/,$prt); - unless (67 < $tmprng[0] || 67 > $tmprng[1]) { $errormessage="$msg 67"; return; } - unless (68 < $tmprng[0] || 68 > $tmprng[1]) { $errormessage="$msg 68"; return; } - if ($prot eq "tcp") { - foreach my $prange (@tcp_reserved) { - unless ($prange < $tmprng[0] || $prange > $tmprng[1]) { $errormessage="$msg $prange"; return; } - } - } - } else { - if ($srcdst eq "src") { - $msg = "$Lang::tr{'reserved src port'}"; - } else { - $msg = "$Lang::tr{'reserved dst port'}"; - } - if ($prt == 67) { $errormessage="$msg 67"; return; } - if ($prt == 68) { $errormessage="$msg 68"; return; } - if ($prot eq "tcp") { - foreach my $prange (@tcp_reserved) { - if ($prange == $prt) { $errormessage="$msg $prange"; return; } - } - } - } - return; -} - sub writeserverconf { my %sovpnsettings = (); @@ -362,7 +318,11 @@ sub writeserverconf { print CONF "status-version 1\n"; print CONF "status /var/log/ovpnserver.log 30\n"; print CONF "cipher $sovpnsettings{DCIPHER}\n"; - print CONF "auth $sovpnsettings{DAUTH}\n"; + if ($sovpnsettings{'DAUTH'} eq '') { + print CONF ""; + } else { + print CONF "auth $sovpnsettings{'DAUTH'}\n"; + } if ($sovpnsettings{DCOMPLZO} eq 'on') { print CONF "comp-lzo\n"; } @@ -559,7 +519,7 @@ sub getccdadresses my @iprange=(); my %ccdhash=(); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); - $iprange[0]=$ip1.".".$ip2.".".$ip3.".".2; + $iprange[0]=$ip1.".".$ip2.".".$ip3.".".($ip4+2); for (my $i=1;$i<=$count;$i++) { my $tmpip=$iprange[$i-1]; my $stepper=$i*4; @@ -1370,7 +1330,6 @@ END } } - ### ### Upload CA Certificate ### @@ -2248,7 +2207,11 @@ else $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n"; } print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n"; - print CLIENTCONF "auth $vpnsettings{DAUTH}\r\n"; + if ($vpnsettings{'DAUTH'} eq '') { + print CLIENTCONF ""; + } else { + print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n"; + } if ($vpnsettings{DCOMPLZO} eq 'on') { print CLIENTCONF "comp-lzo\r\n"; } @@ -2357,7 +2320,8 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { } else { $errormessage = $Lang::tr{'invalid key'}; } - &General::firewall_reload(); + + &General::firewall_reload(); ### ### Download PKCS12 file @@ -2419,19 +2383,21 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show crl'}) { # &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - if ( -f "${General::swroot}/ovpn/crls/cacrl.pem") { - &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'ovpn'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', ''); - &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:"); - my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`; - $output = &Header::cleanhtml($output,"y"); - print "
$output
\n"; - &Header::closebox(); - print "
$Lang::tr{'back'}
"; - &Header::closebigbox(); - &Header::closepage(); - exit(0); + if (! -e "${General::swroot}/ovpn/crls/cacrl.pem") { + $errormessage = $Lang::tr{'not present'}; + } else { + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:"); + my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`; + $output = &Header::cleanhtml($output,"y"); + print "
$output
\n"; + &Header::closebox(); + print "
$Lang::tr{'back'}
"; + &Header::closebigbox(); + &Header::closepage(); + exit(0); } ### @@ -2512,7 +2478,7 @@ ADV_ERROR: &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'}); print < - +
@@ -2584,6 +2550,7 @@ print < + @@ -2632,12 +2599,12 @@ print < @@ -2721,10 +2688,10 @@ if ($cgiparams{'ACTION'} eq "edit"){ &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'}); print < +
$Lang::tr{'dhcp-options'}
mssfix $Lang::tr{'openvpn default'}: on
$Lang::tr{'ovpn mtu-disc'}
$Lang::tr{'ovpn ha'} Default: SHA1 (160 $Lang::tr{'bit'})
- + @@ -2784,7 +2751,7 @@ END print" + END ; } @@ -3023,7 +2990,7 @@ if ( -s "${General::swroot}/ovpn/settings") { - + @@ -3756,13 +3723,14 @@ if ($cgiparams{'TYPE'} eq 'net') { unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; goto VPNCONF_ERROR; - } - #Check if remote subnet is used elsewhere - my ($n2nip,$n2nsub)=split("/",$cgiparams{'REMOTE_SUBNET'}); - $warnmessage=&General::checksubnets('',$n2nip,'ovpn'); - if ($warnmessage){ - $warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'})
".$warnmessage; - } + } + #Check if remote subnet is used elsewhere + my ($n2nip,$n2nsub)=split("/",$cgiparams{'REMOTE_SUBNET'}); + $warnmessage=&General::checksubnets('',$n2nip,'ovpn'); + if ($warnmessage){ + $warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'})
".$warnmessage; + } + } # if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) { @@ -4637,7 +4605,7 @@ if ($cgiparams{'TYPE'} eq 'host') { - + @@ -4901,15 +4869,15 @@ END &Header::closebox(); } - if ($warnmessage) { - &Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'}); - print "$warnmessage
"; - print "$Lang::tr{'fwdfw warn1'}
"; - &Header::closebox(); - print"
"; - &Header::closepage(); - exit 0; - } + if ($warnmessage) { + &Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'}); + print "$warnmessage
"; + print "$Lang::tr{'fwdfw warn1'}
"; + &Header::closebox(); + print"
"; + &Header::closepage(); + exit 0; + } my $sactive = "
$Lang::tr{'ccd name'}:$Lang::tr{'ccd subnet'}:
$Lang::tr{'ccd subnet'}:
$ccdconf[0]$ccdconf[1]$ccdhosts/".(&ccdmaxclients($ccdconf[1])+1).""; print < - + @@ -2793,7 +2760,7 @@ END -
$Lang::tr{'net to net vpn'} (Upload Client Package)
 
 Import Connection Name
 Default : Client Packagename
 $Lang::tr{'openvpn default'}: Client Packagename
* $Lang::tr{'this field may be blank'}
  $Lang::tr{'pkcs12 file password'}:
 $Lang::tr{'pkcs12 file password'}:
($Lang::tr{'confirmation'})
 $Lang::tr{'pkcs12 file password'}:
($Lang::tr{'confirmation'})
 
$Lang::tr{'stopped'}
"; my $srunning = "no"; @@ -4923,7 +4891,7 @@ END } &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'}); print < +