Merge remote-tracking branch 'amarx/BUG10797' into next
authorMichael Tremer <michael.tremer@ipfire.org>
Mon, 13 Apr 2015 09:28:57 +0000 (11:28 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Mon, 13 Apr 2015 09:28:57 +0000 (11:28 +0200)
27 files changed:
config/backup/include
config/cfgroot/graphs.pl
config/hostapd/config
config/rootfiles/common/collectd
config/rootfiles/common/misc-progs
config/rootfiles/common/stage2
config/rootfiles/core/89/filelists/files
config/rootfiles/core/89/update.sh
html/cgi-bin/netovpnrw.cgi
html/cgi-bin/netovpnsrv.cgi
html/cgi-bin/ovpnmain.cgi
html/cgi-bin/wlanap.cgi
langs/de/cgi-bin/de.pl
langs/en/cgi-bin/en.pl
lfs/collectd
lfs/hostapd
lfs/pound
lfs/stage2
lfs/wpa_supplicant
src/initscripts/init.d/hostapd
src/initscripts/sysconfig/createfiles
src/misc-progs/Makefile
src/misc-progs/collectdctrl.c [new file with mode: 0644]
src/misc-progs/openvpnctrl.c
src/patches/collectd/0022-openvpn-Change-data-type-from-COUNTER-to-DERIVE.patch
src/patches/collectd/silence-openvpn-errors.patch [new file with mode: 0644]
src/scripts/ovpn-collectd-convert [new file with mode: 0644]

index cc9546f..d7a1d3a 100644 (file)
@@ -4,6 +4,7 @@
 /var/ipfire/*/config
 /var/ipfire/*/enable
 /var/ipfire/*/*enable*
+/var/ipfire/ovpn/collectd.vpn
 /etc/passwd
 /etc/shadow
 /etc/group
index 5e6fddb..40c1bc8 100644 (file)
@@ -664,32 +664,32 @@ sub updatevpnn2ngraph {
                "COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
                "COMMENT:".sprintf("%15s",$Lang::tr{'minimal'}),
                "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
-               "AREA:incoming#00dd00:".sprintf("%-20s",$Lang::tr{'incoming traffic in bytes per second'}),
+               "AREA:incoming#00dd00:".sprintf("%-23s",$Lang::tr{'incoming traffic in bytes per second'}),
                "GPRINT:incoming:MAX:%8.1lf %sBps",
                "GPRINT:incoming:AVERAGE:%8.1lf %sBps",
                "GPRINT:incoming:MIN:%8.1lf %sBps",
                "GPRINT:incoming:LAST:%8.1lf %sBps\\j",
-               "STACK:overhead_in#116B11:".sprintf("%-20s",$Lang::tr{'incoming overhead in bytes per second'}),
+               "STACK:overhead_in#116B11:".sprintf("%-23s",$Lang::tr{'incoming overhead in bytes per second'}),
                "GPRINT:overhead_in:MAX:%8.1lf %sBps",
                "GPRINT:overhead_in:AVERAGE:%8.1lf %sBps",
                "GPRINT:overhead_in:MIN:%8.1lf %sBps",
                "GPRINT:overhead_in:LAST:%8.1lf %sBps\\j",
-               "LINE1:compression_in#ff00ff:".sprintf("%-20s",$Lang::tr{'incoming compression in bytes per second'}),
+               "LINE1:compression_in#ff00ff:".sprintf("%-23s",$Lang::tr{'incoming compression in bytes per second'}),
                "GPRINT:compression_in:MAX:%8.1lf %sBps",
                "GPRINT:compression_in:AVERAGE:%8.1lf %sBps",
                "GPRINT:compression_in:MIN:%8.1lf %sBps",
                "GPRINT:compression_in:LAST:%8.1lf %sBps\\j",
-               "AREA:outgoingn#dd0000:".sprintf("%-20s",$Lang::tr{'outgoing traffic in bytes per second'}),
+               "AREA:outgoingn#dd0000:".sprintf("%-23s",$Lang::tr{'outgoing traffic in bytes per second'}),
                "GPRINT:outgoing:MAX:%8.1lf %sBps",
                "GPRINT:outgoing:AVERAGE:%8.1lf %sBps",
                "GPRINT:outgoing:MIN:%8.1lf %sBps",
                "GPRINT:outgoing:LAST:%8.1lf %sBps\\j",
-               "STACK:overhead_outn#870C0C:".sprintf("%-20s",$Lang::tr{'outgoing overhead in bytes per second'}),
+               "STACK:overhead_outn#870C0C:".sprintf("%-23s",$Lang::tr{'outgoing overhead in bytes per second'}),
                "GPRINT:overhead_out:MAX:%8.1lf %sBps",
                "GPRINT:overhead_out:AVERAGE:%8.1lf %sBps",
                "GPRINT:overhead_out:MIN:%8.1lf %sBps",
                "GPRINT:overhead_out:LAST:%8.1lf %sBps\\j",
-               "LINE1:compression_outn#000000:".sprintf("%-20s",$Lang::tr{'outgoing compression in bytes per second'}),
+               "LINE1:compression_outn#000000:".sprintf("%-23s",$Lang::tr{'outgoing compression in bytes per second'}),
                "GPRINT:compression_out:MAX:%8.1lf %sBps",
                "GPRINT:compression_out:AVERAGE:%8.1lf %sBps",
                "GPRINT:compression_out:MIN:%8.1lf %sBps",
index 1cd7676..c3672c5 100644 (file)
@@ -15,10 +15,6 @@ CONFIG_DRIVER_HOSTAP=y
 # Driver interface for wired authenticator
 #CONFIG_DRIVER_WIRED=y
 
-# Driver interface for madwifi driver
-#CONFIG_DRIVER_MADWIFI=y
-#CFLAGS += -I../../madwifi # change to the madwifi source directory
-
 # Driver interface for Prism54 driver
 CONFIG_DRIVER_PRISM54=y
 
@@ -49,14 +45,14 @@ CONFIG_RSN_PREAUTH=y
 CONFIG_PEERKEY=y
 
 # IEEE 802.11w (management frame protection)
-# This version is an experimental implementation based on IEEE 802.11w/D1.0
-# draft and is subject to change since the standard has not yet been finalized.
-# Driver support is also needed for IEEE 802.11w.
-#CONFIG_IEEE80211W=y
+CONFIG_IEEE80211W=y
 
 # Integrated EAP server
 CONFIG_EAP=y
 
+# EAP Re-authentication Protocol (ERP) in integrated EAP server
+CONFIG_ERP=y
+
 # EAP-MD5 for the integrated EAP server
 CONFIG_EAP_MD5=y
 
@@ -91,6 +87,9 @@ CONFIG_EAP_TTLS=y
 # EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
 #CONFIG_EAP_PSK=y
 
+# EAP-pwd for the integrated EAP server (secure authentication with a password)
+#CONFIG_EAP_PWD=y
+
 # EAP-SAKE for the integrated EAP server
 #CONFIG_EAP_SAKE=y
 
@@ -110,6 +109,8 @@ CONFIG_EAP_TTLS=y
 CONFIG_WPS=y
 # Enable UPnP support for external WPS Registrars
 CONFIG_WPS_UPNP=y
+# Enable WPS support with NFC config method
+#CONFIG_WPS_NFC=y
 
 # EAP-IKEv2
 CONFIG_EAP_IKEV2=y
@@ -117,6 +118,9 @@ CONFIG_EAP_IKEV2=y
 # Trusted Network Connect (EAP-TNC)
 CONFIG_EAP_TNC=y
 
+# EAP-EKE for the integrated EAP server
+#CONFIG_EAP_EKE=y
+
 # PKCS#12 (PFX) support (used to read private key and certificate file from
 # a file that usually has extension .p12 or .pfx)
 CONFIG_PKCS12=y
@@ -138,14 +142,171 @@ CONFIG_IEEE80211R=y
 # IEEE 802.11n (High Throughput) support
 CONFIG_IEEE80211N=y
 
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+#CONFIG_WNM=y
+
+# IEEE 802.11ac (Very High Throughput) support
+CONFIG_IEEE80211AC=y
+
 # Remove debugging code that is printing out debug messages to stdout.
 # This can be used to reduce the size of the hostapd considerably if debugging
 # code is not needed.
 CONFIG_NO_STDOUT_DEBUG=y
 
-# IEEE 802.11ac (Very High Throughput) support
-CONFIG_IEEE80211AC=y
 
-# Enable AUTO_CHANNEL_SELECTION
-# This is needed for dfs (radar detection) channels
+# Add support for writing debug log to a file: -f /tmp/hostapd.log
+# Disabled by default.
+#CONFIG_DEBUG_FILE=y
+
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
+# Remove support for RADIUS accounting
+#CONFIG_NO_ACCOUNTING=y
+
+# Remove support for RADIUS
+#CONFIG_NO_RADIUS=y
+
+# Remove support for VLANs
+#CONFIG_NO_VLAN=y
+
+# Enable support for fully dynamic VLANs. This enables hostapd to
+# automatically create bridge and VLAN interfaces if necessary.
+#CONFIG_FULL_DYNAMIC_VLAN=y
+
+# Use netlink-based kernel API for VLAN operations instead of ioctl()
+# Note: This requires libnl 3.1 or newer.
+#CONFIG_VLAN_NETLINK=y
+
+# Remove support for dumping internal state through control interface commands
+# This can be used to reduce binary size at the cost of disabling a debugging
+# option.
+#CONFIG_NO_DUMP_STATE=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, comment out these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, comment out these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+# hostapd depends on strong random number generation being available from the
+# operating system. os_get_random() function is used to fetch random data when
+# needed, e.g., for key generation. On Linux and BSD systems, this works by
+# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
+# properly initialized before hostapd is started. This is important especially
+# on embedded devices that do not have a hardware random number generator and
+# may by default start up with minimal entropy available for random number
+# generation.
+#
+# As a safety net, hostapd is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data
+# fetched from the OS. This by itself is not considered to be very strong, but
+# it may help in cases where the system pool is not initialized properly.
+# However, it is very strongly recommended that the system pool is initialized
+# with enough entropy either by using hardware assisted random number
+# generator or by storing state over device reboots.
+#
+# hostapd can be configured to maintain its own entropy store over restarts to
+# enhance random number generation. This is not perfect, but it is much more
+# secure than using the same sequence of random numbers after every reboot.
+# This can be enabled with -e<entropy file> command line option. The specified
+# file needs to be readable and writable by hostapd.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal hostapd random pool can be disabled.
+# This will save some in binary size and CPU use. However, this should only be
+# considered for builds that are known to be used on devices that meet the
+# requirements described above.
+#CONFIG_NO_RANDOM_POOL=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# none = Empty template
+#CONFIG_TLS=openssl
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used.
+#CONFIG_TLSV11=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms.
+#CONFIG_TLSV12=y
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks.
+#CONFIG_INTERWORKING=y
+
+# Hotspot 2.0
+#CONFIG_HS20=y
+
+# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
+#CONFIG_SQLITE=y
+
+# Testing options
+# This can be used to enable some testing options (see also the example
+# configuration file) that are really useful only for testing clients that
+# connect to this hostapd. These options allow, for example, to drop a
+# certain percentage of probe requests or auth/(re)assoc frames.
+#
+#CONFIG_TESTING_OPTIONS=y
+
+# Automatic Channel Selection
+# This will allow hostapd to pick the channel automatically when channel is set
+# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
+# similar way.
+#
+# Automatic selection is currently only done through initialization, later on
+# we hope to do background checks to keep us moving to more ideal channels as
+# time goes by. ACS is currently only supported through the nl80211 driver and
+# your driver must have survey dump capability that is filled by the driver
+# during scanning.
+#
+# You can customize the ACS survey algorithm with the hostapd.conf variable
+# acs_num_scans.
+#
+# Supported ACS drivers:
+# * ath9k
+# * ath5k
+# * ath10k
+#
+# For more details refer to:
+# http://wireless.kernel.org/en/users/Documentation/acs
+#
 CONFIG_ACS=y
index 72b2dee..2732494 100644 (file)
@@ -243,3 +243,4 @@ usr/share/collectd/types.db
 #usr/share/man/man5/collectd.conf.5
 #usr/share/man/man5/types.db.5
 #var/lib/collectd
+var/ipfire/ovpn/collectd.vpn
index 1ab4dec..f33d08c 100644 (file)
@@ -2,6 +2,7 @@ usr/local/bin/addonctrl
 #usr/local/bin/applejuicectrl
 usr/local/bin/backupctrl
 #usr/local/bin/clamavctrl
+usr/local/bin/collectdctrl
 usr/local/bin/dhcpctrl
 usr/local/bin/dnsmasqctrl
 usr/local/bin/extrahdctrl
index 44f24b4..f506daf 100644 (file)
@@ -124,6 +124,7 @@ usr/local/bin/update-lang-cache
 #usr/local/src
 #usr/sbin
 usr/sbin/ovpn-ccd-convert
+usr/sbin/ovpn-collectd-convert
 #usr/share
 #usr/share/doc
 #usr/share/doc/licenses
index 5ed7194..70c5f3d 100644 (file)
@@ -11,6 +11,10 @@ srv/web/ipfire/cgi-bin/netovpnrw.cgi
 srv/web/ipfire/cgi-bin/netovpnsrv.cgi
 srv/web/ipfire/cgi-bin/ovpnmain.cgi
 srv/web/ipfire/cgi-bin/vpnmain.cgi
+usr/local/bin/collectdctrl
+usr/local/bin/openvpnctrl
+usr/sbin/ovpn-collectd-convert
+usr/sbin/setup
 var/ipfire/backup/bin/backup.pl
 var/ipfire/graphs.pl
 var/ipfire/langs
index f3de863..832feaa 100644 (file)
@@ -35,10 +35,22 @@ done
 /etc/init.d/ipsec stop
 
 # Remove old files
+rm -f /usr/local/sbin/setup
 
 # Extract files
 extract_files
 
+# Update /etc/sysconfig/createfiles
+cat <<EOF >> /etc/sysconfig/createfiles
+/var/run/ovpnserver.log file    644     nobody  nobody
+/var/run/openvpn        dir     644     nobody  nobody
+EOF
+
+# Update /etc/collectd.conf
+if ! grep -q "collectd.vpn" /etc/collectd.conf; then
+       echo "include \"/etc/collectd.vpn\"" >> /etc/collectd.conf
+fi
+
 # Generate ddns configuration file
 sudo -u nobody /srv/web/ipfire/cgi-bin/ddns.cgi
 
@@ -56,6 +68,10 @@ rm -f \
        /opt/pakfire/db/*/meta-sqlite \
        /opt/pakfire/db/rootfiles/sqlite
 
+# Update OpenVPN/collectd configuration
+/usr/sbin/ovpn-collectd-convert
+chown nobody.nobody /var/ipfire/ovpn/collectd.vpn
+
 # Fix #10625
 mkdir -p /etc/logrotate.d
 
index f775b23..e0b1148 100755 (executable)
@@ -47,10 +47,10 @@ if ( $querry[0] ne "" && $querry[0] ne "UNDEF"){
        &Graphs::updatevpngraph($querry[0],$querry[1]);
 }else{
        &Header::showhttpheaders();
-       &Header::openpage($Lang::tr{'host to net vpn'}, 1, '');
+       &Header::openpage($Lang::tr{'vpn statistic rw'}, 1, '');
        &Header::openbigbox('100%', 'left');
 
-       my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*/ -not  -path *openvpn-UNDEF*  -not -path *openvpn-*n2n* -name *.rrd|sort`;
+       my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*/ -not  -path *openvpn-UNDEF*  -not -path *openvpn-*n2n* -name *.rrd 2>/dev/null|sort`;
        foreach (@vpngraphs){
                if($_ =~ /(.*)\/openvpn-(.*)\/if_octets_derive.rrd/){
                        push(@vpns,$2);
index 0ec9c67..f843462 100755 (executable)
@@ -47,10 +47,10 @@ if ( $querry[0] ne ""){
        &Graphs::updatevpnn2ngraph($querry[0],$querry[1]);
 }else{
        &Header::showhttpheaders();
-       &Header::openpage($Lang::tr{'openvpn server'}, 1, '');
+       &Header::openpage($Lang::tr{'vpn statistic n2n'}, 1, '');
        &Header::openbigbox('100%', 'left');
 
-       my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*-n2n/ -not  -path *openvpn-UNDEF* -name *traffic.rrd|sort`;
+       my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*-n2n/ -not  -path *openvpn-UNDEF* -name *traffic.rrd 2>/dev/null|sort`;
        foreach (@vpngraphs){
                if($_ =~ /(.*)\/openvpn-(.*)\/if_octets_derive-traffic.rrd/){
                        push(@vpns,$2);
index 1e07492..d36a49e 100644 (file)
@@ -213,7 +213,7 @@ sub writeserverconf {
     print CONF "writepid /var/run/openvpn.pid\n";
     print CONF "#DAN prepare OpenVPN for listening on blue and orange\n";
     print CONF ";local $sovpnsettings{'VPN_IP'}\n";
-    print CONF "dev $sovpnsettings{'DDEVICE'}\n";
+    print CONF "dev tun\n";
     print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
     print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
     print CONF "script-security 3 system\n";
@@ -231,15 +231,15 @@ sub writeserverconf {
     # Check if we are using mssfix, fragment or mtu-disc and set the corretct mtu of 1500.
     # If we doesn't use one of them, we can use the configured mtu value.
     if ($sovpnsettings{'MSSFIX'} eq 'on') 
-       { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
+       { print CONF "tun-mtu 1500\n"; }
     elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') 
-       { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
+       { print CONF "tun-mtu 1500\n"; }
     elsif (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
        ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
        ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
-       { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } 
+       { print CONF "tun-mtu 1500\n"; } 
     else 
-       { print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; }
+       { print CONF "tun-mtu $sovpnsettings{'DMTU'}\n"; }
 
     if ($vpnsettings{'ROUTES_PUSH'} ne '') {
                @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'});
@@ -668,6 +668,29 @@ sub read_routepushfile
        }
 }
 
+sub writecollectdconf {
+       my $vpncollectd;
+       my %ccdhash=();
+
+       open(COLLECTDVPN, ">${General::swroot}/ovpn/collectd.vpn") or die "Unable to open collectd.vpn: $!";
+       print COLLECTDVPN "Loadplugin openvpn\n";
+       print COLLECTDVPN "\n";
+       print COLLECTDVPN "<Plugin openvpn>\n";
+       print COLLECTDVPN "Statusfile \"/var/run/ovpnserver.log\"\n";
+
+       &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
+       foreach my $key (keys %ccdhash) {
+               if ($ccdhash{$key}[0] eq 'on' && $ccdhash{$key}[3] eq 'net') {
+                       print COLLECTDVPN "Statusfile \"/var/run/openvpn/$ccdhash{$key}[1]-n2n\"\n";
+               }
+       }
+
+       print COLLECTDVPN "</Plugin>\n";
+       close(COLLECTDVPN);
+
+       # Reload collectd afterwards
+       system("/usr/local/bin/collectdctrl restart &>/dev/null");
+}
 
 #hier die refresh page
 if ( -e "${General::swroot}/ovpn/gencanow") {
@@ -1144,7 +1167,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
     $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
 #new settings for daemon
     $vpnsettings{'DOVPN_SUBNET'} = $cgiparams{'DOVPN_SUBNET'};
-    $vpnsettings{'DDEVICE'} = $cgiparams{'DDEVICE'};
     $vpnsettings{'DPROTOCOL'} = $cgiparams{'DPROTOCOL'};
     $vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'};
     $vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
@@ -1166,10 +1188,17 @@ SETTINGS_ERROR:
     my $file = '';
     &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
+    # Kill all N2N connections
+    system("/usr/local/bin/openvpnctrl -kn2n &>/dev/null");
+
     foreach my $key (keys %confighash) {
+       my $name = $confighash{$cgiparams{'$key'}}[1];
+
        if ($confighash{$key}[4] eq 'cert') {
            delete $confighash{$cgiparams{'$key'}};
        }
+
+       system ("/usr/local/bin/openvpnctrl -drrd $name");
     }
     while ($file = glob("${General::swroot}/ovpn/ca/*")) {
        unlink $file;
@@ -1196,11 +1225,6 @@ SETTINGS_ERROR:
     while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
        unlink $file
     }
-# Delete all RRD files for Roadwarrior connections
-    chdir('/var/ipfire/ovpn/ccd');
-       while ($file = glob("*")) {
-       system ("/usr/local/bin/openvpnctrl -drrd $file");
-       }
     while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
        unlink $file
     }
@@ -1216,6 +1240,9 @@ SETTINGS_ERROR:
        system ("rm -rf $file");
     }
 
+    # Remove everything from the collectd configuration
+    &writecollectdconf();
+
     #&writeserverconf();
 ###
 ### Reset all step 1
@@ -2041,7 +2068,8 @@ END
                        &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
                        if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
-                 system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
+                               system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
+                               &writecollectdconf();
                        }
                } else {
 
@@ -2049,14 +2077,15 @@ END
                        &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
                        if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
-                    if ($n2nactive ne ''){                             
-                                               system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
-                                       }
+                               if ($n2nactive ne '') {
+                                       system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
+                                       &writecollectdconf();
+                               }
  
                        } else {
-                 $errormessage = $Lang::tr{'invalid key'};
+                               $errormessage = $Lang::tr{'invalid key'};
                        }
-      }
+               }
   }
 
 ###
@@ -2108,7 +2137,7 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
    print CLIENTCONF "# Server Gateway Network\n"; 
    print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";
    print CLIENTCONF "# tun Device\n"; 
-   print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\n"; 
+   print CLIENTCONF "dev tun\n"; 
    print CLIENTCONF "# Port and Protokoll\n"; 
    print CLIENTCONF "port $confighash{$cgiparams{'KEY'}}[29]\n"; 
    
@@ -2200,21 +2229,21 @@ else
     print CLIENTCONF "tls-client\r\n";
     print CLIENTCONF "client\r\n";
     print CLIENTCONF "nobind\r\n";
-    print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n";
+    print CLIENTCONF "dev tun\r\n";
     print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n";
 
     # Check if we are using fragment, mssfix or mtu-disc and set MTU to 1500
     # or use configured value.
     if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' )
-       { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; }
+       { print CLIENTCONF "tun-mtu 1500\r\n"; }
     elsif ($vpnsettings{MSSFIX} eq 'on')
-       { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; }
+       { print CLIENTCONF "tun-mtu 1500\r\n"; }
     elsif (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
            ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
            ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' )) 
-       { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; }
+       { print CLIENTCONF "tun-mtu 1500\r\n"; }
     else
-       { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; }
+       { print CLIENTCONF "tun-mtu $vpnsettings{'DMTU'}\r\n"; }
 
     if ( $vpnsettings{'ENABLED'} eq 'on'){
        print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n";
@@ -2313,75 +2342,69 @@ else
 
 
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
-    &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
-    &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+       &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
+       &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
-    if ($confighash{$cgiparams{'KEY'}}) {
-#      if ($vpnsettings{'ENABLED'} eq 'on' ||
-#          $vpnsettings{'ENABLED_BLUE'} eq 'on') {
-#          system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
-#      }
-#
-       my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+       if ($confighash{$cgiparams{'KEY'}}) {
+               my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
 
 ###
 # m.a.d net2net
 ###
 
-if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
-       my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
-       my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
-       unlink ($certfile);
-       unlink ($conffile);
+               if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
+                       # Stop the N2N connection before it is removed
+                       system("/usr/local/bin/openvpnctrl -kn2n $confighash{$cgiparams{'KEY'}}[1] &>/dev/null");
 
-       if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") {
-               rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
-       }
-}
+                       my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
+                       my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+                       unlink ($certfile);
+                       unlink ($conffile);
+
+                       if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") {
+                               rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
+                       }
+               }
 
-  unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
-  unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+               unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
+               unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
 
 # A.Marx CCD delete ccd files and routes
 
-       
-       if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]")
-       {
-               unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]";
-       }
-       
-       &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
-       foreach my $key (keys %ccdroutehash) {
-               if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
-                       delete $ccdroutehash{$key};
+               if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]")
+               {
+                       unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]";
                }
-       }
-       &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
        
-       &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
-       foreach my $key (keys %ccdroute2hash) {
-               if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
-                       delete $ccdroute2hash{$key};
+               &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+               foreach my $key (keys %ccdroutehash) {
+                       if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
+                               delete $ccdroutehash{$key};
+                       }
                }
-       }
-       &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
-       &writeserverconf;
-       
+               &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
        
-# CCD end 
+               &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+               foreach my $key (keys %ccdroute2hash) {
+                       if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
+                               delete $ccdroute2hash{$key};
+                       }
+               }
+               &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+               &writeserverconf;
 
-###
-###  Delete all RRD's for client
-###
-       system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]");
-       delete $confighash{$cgiparams{'KEY'}};
-       my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
-       &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+# CCD end
+               # Update collectd configuration and delete all RRD files of the removed connection
+               &writecollectdconf();
+               system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]");
 
-       #&writeserverconf();
-    } else {
-       $errormessage = $Lang::tr{'invalid key'};
-    }
+               delete $confighash{$cgiparams{'KEY'}};
+               my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+               &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+
+       } else {
+               $errormessage = $Lang::tr{'invalid key'};
+       }
        &General::firewall_reload();
 
 ###
@@ -3053,32 +3076,6 @@ END
        $errormessage = $Lang::tr{'invalid key'};
     }
 
-###
-### Remove connection
-###
-} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
-    &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
-    &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-
-    if ($confighash{$cgiparams{'KEY'}}) {
-#      if ($vpnsettings{'ENABLED'} eq 'on' ||
-#          $vpnsettings{'ENABLED_BLUE'} eq 'on') {
-#          system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
-#      }
-       unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
-       unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
-       delete $confighash{$cgiparams{'KEY'}};
-       &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-       #&writeserverconf();
-    } else {
-       $errormessage = $Lang::tr{'invalid key'};
-    }
-#test33
-
-###
-### Choose between adding a host-net or net-net connection
-###
-
 ###
 # m.a.d net2net
 ###
@@ -4953,9 +4950,6 @@ END
     $checked{'ENABLED_ORANGE'}{'off'} = '';
     $checked{'ENABLED_ORANGE'}{'on'} = '';
     $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
-    $selected{'DDEVICE'}{'tun'} = '';
-    $selected{'DDEVICE'}{'tap'} = '';
-    $selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED';
 
     $selected{'DPROTOCOL'}{'udp'} = '';
     $selected{'DPROTOCOL'}{'tcp'} = '';
@@ -5047,10 +5041,6 @@ END
     print <<END;
     <tr><td class='base' nowrap='nowrap' colspan='2'>$Lang::tr{'local vpn hostname/ip'}:<br /><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' size='30' /></td>
        <td class='boldbase' nowrap='nowrap' colspan='2'>$Lang::tr{'ovpn subnet'}<br /><input type='TEXT' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}' size='30' /></td></tr>
-    <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn device'}</td>
-        <td><select name='DDEVICE' ><option value='tun' $selected{'DDEVICE'}{'tun'}>TUN</option>
-                                       <!-- this is still not working
-                                           <option value='tap' $selected{'DDEVICE'}{'tap'}>TAP</option></select>--> </td>                                  
     <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
         <td><select name='DPROTOCOL'><option value='udp' $selected{'DPROTOCOL'}{'udp'}>UDP</option>
                                            <option value='tcp' $selected{'DPROTOCOL'}{'tcp'}>TCP</option></select></td>                                    
@@ -5551,42 +5541,49 @@ END
     }
 
        print <<END
-       <hr size='1'>
+
+       <br><hr><br>
+
        <form method='post' enctype='multipart/form-data'>
-       <table width='100%' border='0'cellspacing='1' cellpadding='0'>
-       <tr>
-               <td class'base'><b>$Lang::tr{'upload ca certificate'}</b></td>
-       </tr>
-       <tr>
-               <td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td>
-               <td nowrap='nowrap'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'/></td>
-               <td nowrap='nowrap'><input type='file' name='FH' size='25' />
-               <td nowrap='nowrap' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /></td>
-       </tr>
+               <table border='0' width='100%'>
+                       <tr>
+                               <td colspan='4'><b>$Lang::tr{'upload ca certificate'}</b></td>
+                       </tr>
 
-       <tr align='right'>
-               <td colspan='4' align='right' width='80%'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td>
-       </tr>
+                       <tr>
+                               <td width='10%'>$Lang::tr{'ca name'}:</td>
+                               <td width='30%'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'></td>
+                               <td width='30%'><input type='file' name='FH' size='25'>
+                               <td width='30%'align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}'></td>
+                       </tr>
 
-       <tr><td colspan=4><hr /></td></tr><tr>
-       <tr>
-               <td class'base'><b>$Lang::tr{'ovpn dh parameters'}</b></td>
-       </tr>
+                       <tr>
+                               <td colspan='3'>&nbsp;</td>
+                               <td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td>
+                       </tr>
+               </table>
 
-       <tr>
-               <td class='base' nowrap='nowrap'>$Lang::tr{'ovpn dh upload'}:</td>
-               <td nowrap='nowrap'><size='15' align='left'/></td>
-               <td nowrap='nowrap'><input type='file' name='FH' size='25' />
-               <td colspan='4' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload dh key'}' /></td>
-       </tr>
-       <tr>
-               <td class='base' nowrap='nowrap'>$Lang::tr{'ovpn dh new key'}:</td>
-               <td nowrap='nowrap'><size='15' align='left'/></td>
-               <td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
-       </tr>
-       </table>
+               <br>
+
+               <table border='0' width='100%'>
+                       <tr>
+                               <td colspan='4'><b>$Lang::tr{'ovpn dh parameters'}</b></td>
+                       </tr>
+
+                       <tr>
+                               <td width='40%'>$Lang::tr{'ovpn dh upload'}:</td>
+                               <td width='30%'><input type='file' name='FH' size='25'>
+                               <td width='30%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload dh key'}'></td>
+                       </tr>
+
+                       <tr>
+                               <td width='40%'>$Lang::tr{'ovpn dh new key'}:</td>
+                               <td colspan='2' width='60%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
+                       </tr>
+               </table>
+       </form>
        
-       <tr><td colspan=4><hr /></td></tr><tr>
+       <br><hr>
 END
        ;
 
index ec9022d..844c395 100644 (file)
@@ -71,7 +71,7 @@ $wlanapsettings{'HW_MODE'} = 'g';
 $wlanapsettings{'PWD'} = 'IPFire-2.x';
 $wlanapsettings{'SYSLOGLEVEL'} = '0';
 $wlanapsettings{'DEBUG'} = '4';
-$wlanapsettings{'DRIVER'} = 'MADWIFI';
+$wlanapsettings{'DRIVER'} = 'NL80211';
 $wlanapsettings{'HTCAPS'} = '';
 
 &General::readhash("/var/ipfire/wlanap/settings", \%wlanapsettings);
@@ -265,7 +265,7 @@ if ( $wlanapsettings{'DRIVER'} eq 'NL80211' ){
 my $wiphy = `iw dev $wlanapsettings{'INTERFACE'} info | grep wiphy | cut -d" " -f2`;
 chomp $wiphy;
 
-@channellist_cmd = `iw phy phy$wiphy info | grep " MHz \\\[" | grep -v "(disabled)" | grep -v "no IBSS" | grep -v "passive scanning" 2>/dev/null`;
+@channellist_cmd = `iw phy phy$wiphy info | grep " MHz \\\[" | grep -v "(disabled)" | grep -v "no IBSS" | grep -v "no IR" | grep -v "passive scanning" 2>/dev/null`;
 # get available channels
 
 my @temp;
@@ -306,15 +306,6 @@ if ( $wlanapsettings{'DRIVER'} eq 'NL80211' ){
 }
 # get available power
 
-my @temp;
-foreach (@txpower_cmd){
-$_ =~ /(\s)(\d+)(\s)dBm(\s)(.*)(\W)(\d+)(.*)/;
-$txpower = $7;chomp $txpower;
-if ( $txpower =~ /\d+/ ){push(@temp,$txpower."mW");}
-}
-my @txpower = @temp;
-push(@txpower,"auto");
-
 $selected{'SYSLOGLEVEL'}{$wlanapsettings{'SYSLOGLEVEL'}} = "selected='selected'";
 $selected{'DEBUG'}{$wlanapsettings{'DEBUG'}} = "selected='selected'";
 
@@ -437,20 +428,7 @@ END
 ;
 print <<END
 <tr><td width='25%' class='base'>HT Caps:&nbsp;</td><td class='base' colspan='3'><input type='text' name='HTCAPS' size='30' value='$wlanapsettings{'HTCAPS'}' /></td></tr>
-<tr><td width='25%' class='base'>Tx Power:&nbsp;</td><td class='base' colspan='3'>
-END
-;
-
-if ( $wlanapsettings{'DRIVER'} eq 'MADWIFI' ){
-       print "<select name='TXPOWER'>";
-       foreach $txpower (@txpower){
-               print "<option $selected{'TXPOWER'}{$txpower}>$txpower</option>&nbsp;dBm";
-       }
-       print " </select></td></tr>";
-} else {
-       print "<input type='text' name='TXPOWER' size='10' value='$wlanapsettings{'TXPOWER'}' /></td></tr>"
-}
-print <<END
+<tr><td width='25%' class='base'>Tx Power:&nbsp;</td><td class='base' colspan='3'><input type='text' name='TXPOWER' size='10' value='$wlanapsettings{'TXPOWER'}' /></td></tr>
 <tr><td width='25%' class='base'>Loglevel (hostapd):&nbsp;</td><td class='base' width='25%'>
        <select name='SYSLOGLEVEL'>
                <option value='0' $selected{'SYSLOGLEVEL'}{'0'}>0 ($Lang::tr{'wlanap verbose'})</option>
@@ -508,9 +486,6 @@ print <<END
 END
 ;
 my @status;
-if ( $wlanapsettings{'DRIVER'} eq 'MADWIFI' ){
-        @status =  `wlanconfig $wlanapsettings{'INTERFACE'} list`;
-}
 if ( $wlanapsettings{'DRIVER'} eq 'NL80211' ){
         @status =  `iw dev $wlanapsettings{'INTERFACE'} info && iw dev $wlanapsettings{'INTERFACE'} station dump && echo ""`;
 }
index eb29b5f..859c8d3 100644 (file)
 'vpn red name' => 'Öffentliche IP oder FQDN für das rote Interface oder <%defaultroute>',
 'vpn remote id' => 'Remote ID',
 'vpn subjectaltname' => 'Subjekt Alternativer Name',
+'vpn statistic rw' => 'OpenVPN-Roadwarrior-Statistik',
+'vpn statistic n2n' => 'OpenVPN-Netz-zu-Netz-Statistik',
 'vpn vhost' => 'Roadwarrior virtuelle IP (manchmal auch Inner-IP genannt)',
 'vpn watch' => 'Netz-zu-Netz VPN neu starten, wenn sich Remote-IP ändert (DynDNS).',
 'waiting to synchronize clock' => 'Bitte warten, die Uhr wird synchronisiert',
index 8c049ff..6a9a983 100644 (file)
 'vpn payload compression' => 'Negotiate payload compression',
 'vpn red name' => 'Public IP or FQDN for RED interface or <%defaultroute>',
 'vpn remote id' => 'Remote ID',
+'vpn statistic rw' => 'OpenVPN Roadwarrior Statistics',
+'vpn statistic n2n' => 'OpenVPN Net-to-Net Statistics',
 'vpn subjectaltname' => 'Subject Alt Name',
 'vpn vhost' => 'Roadwarrior virtual IP (sometimes called Inner-IP)',
 'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes (dyndns).',
index f01c92a..1573e38 100644 (file)
@@ -101,6 +101,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0020-openvpn-Make-read-functions-robust-like-in-8516f9abb.patch
        cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0021-openvpn-Fix-copy-and-paste-error.patch
        cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/0022-openvpn-Change-data-type-from-COUNTER-to-DERIVE.patch
+       cd $(DIR_APP) && patch -p1 -i $(DIR_SRC)/src/patches/collectd/silence-openvpn-errors.patch
        cd $(DIR_APP) && ./configure --prefix=/usr --localstatedir=/var \
                --disable-{apple_sensors,csv,ipvs,mbmon,memcached,mysql} \
                --disable-{netlink,nginx,nut,perl,serial,snmp,tape,vserver,xmms} \
@@ -112,6 +113,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                --with-librrd=/usr/share/rrdtool-1.2.30
        cd $(DIR_APP) && make install
        cp -vf $(DIR_SRC)/config/collectd/collectd.* /etc/
+       mv /etc/collectd.vpn /var/ipfire/ovpn/collectd.vpn
+       chown nobody.nobody /var/ipfire/ovpn/collectd.vpn
+       ln -f -s ../var/ipfire/ovpn/collectd.vpn /etc/collectd.vpn
        ln -f -s ../init.d/collectd /etc/rc.d/rc0.d/K50collectd 
        ln -f -s ../init.d/collectd /etc/rc.d/rc3.d/S29collectd
        ln -f -s ../init.d/collectd /etc/rc.d/rc6.d/K50collectd 
index 2252837..e928668 100644 (file)
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.3
+VER        = 2.4
 
 THISAPP    = hostapd-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 40b89c61036add0c2dd1fc10767d3b5f
+$(DL_FILE)_MD5 = 04578f3f2c3eb1bec1adf30473813912
 
 install : $(TARGET)
 
index a0f6f29..3860122 100644 (file)
--- a/lfs/pound
+++ b/lfs/pound
@@ -32,7 +32,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = pound
-PAK_VER    = 7
+PAK_VER    = 8
 
 DEPS       = ""
 
@@ -77,7 +77,8 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
        @$(PREBUILD)
        @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-       cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc
+       cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/etc \
+               --with-dh=1024
        cd $(DIR_APP) && make $(MAKETUNING)
        cd $(DIR_APP) && make install
        install -v -m 644 $(DIR_SRC)/config/backup/includes/pound \
index 895ee15..53f81d1 100644 (file)
@@ -101,7 +101,8 @@ $(TARGET) :
 
        # Move script to correct place.
        mv -vf /usr/local/bin/ovpn-ccd-convert /usr/sbin/
-
+       mv -vf /usr/local/bin/ovpn-collectd-convert /usr/sbin/
+       
        # Install firewall scripts.
        mkdir -pv /usr/lib/firewall
        install -m 755 $(DIR_SRC)/config/firewall/rules.pl \
index 1cebaab..e7f46de 100644 (file)
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.3
+VER        = 2.4
 
 THISAPP    = wpa_supplicant-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -41,7 +41,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = f2ed8fef72cf63d8d446a2d0a6da630a
+$(DL_FILE)_MD5 = f0037dbe03897dcaf2ad2722e659095d
 
 install : $(TARGET)
 
index 1e7cec4..209f969 100644 (file)
@@ -2,7 +2,7 @@
 . /etc/sysconfig/rc
 . ${rc_functions}
 
-CHANNEL="05"
+CHANNEL="6"
 COUNTRY="00"
 TXPOWER="auto"
 INTERFACE="blue0"
@@ -38,9 +38,6 @@ case "${1}" in
                if [ -e "/sys/class/net/$INTERFACE/phy80211" ]; then
                        DRIVER="NL80211"
                        driver="nl80211"
-               elif [ -e "/sys/class/net/$INTERFACE/madwifi_name_type" ]; then
-                       DRIVER="MADWIFI"
-                       driver="madwifi"
                elif [ "$(/bin/grep hostap /sys/class/net/$INTERFACE/uevent)" != "" ]; then
                        DRIVER="HOSTAP"
                        driver="hostap"
@@ -60,14 +57,7 @@ case "${1}" in
                chmod 644 /var/ipfire/wlanap/settings.tmp
                mv /var/ipfire/wlanap/settings.tmp /var/ipfire/wlanap/settings
 
-               if [ "$DRIVER" == "MADWIFI" ]; then
-                       if [ "$(/usr/sbin/iwconfig $INTERFACE | /bin/grep "Mode:Master")" == "" ]; then
-                               boot_mesg "Setting MADWIFI wlan $INTERFACE to Master mode... "
-                               # Set Atheros Cards to master mode
-                               /usr/bin/wlanconfig $INTERFACE destroy > /dev/null
-                               /usr/bin/wlanconfig $INTERFACE create wlandev wifi0 wlanmode ap > /dev/null
-                       fi
-               elif [ "$DRIVER" == "HOSTAP" ]; then
+               if [ "$DRIVER" == "HOSTAP" ]; then
                        if [ "$(/usr/sbin/iwconfig $INTERFACE | /bin/grep "Mode:Master")" == "" ]; then
                                boot_mesg "Setting HOSTAP wlan $INTERFACE to Master mode... "
                                # Set Prism Cards to master mode
@@ -87,23 +77,7 @@ case "${1}" in
 
                /usr/bin/hostapd -P /var/run/hostapd /etc/hostapd.conf >/dev/null 2>&1 &
 
-               sleep 2
-
-               if [ $DRIVER == "MADWIFI" ]; then
-                       iwpriv $INTERFACE maccmd 3
-                       if [ $MACMODE != 0 ]; then
-                               FILE="/var/ipfire/wlanap/macfile"
-                               exec < $FILE
-                               while read LINE
-                               do
-                                       iwpriv $INTERFACE addmac $LINE
-                               done
-
-                               iwpriv $INTERFACE maccmd $MACMODE
-                       fi
-               fi
-
-               sleep 2
+               sleep 3
 
                if [ "$(/usr/sbin/iwconfig $INTERFACE | /bin/grep "Mode:Master")" == "" ]; then
                        killproc /usr/bin/hostapd > /dev/null 2>&1
index 8d1f89d..cf7d6e1 100644 (file)
@@ -25,4 +25,7 @@
 #              <major> and <minor> are the major and minor numbers used for the device.
 ########################################################################
 
+/var/run/ovpnserver.log        file    644     nobody  nobody
+/var/run/openvpn       dir     644     nobody  nobody
+
 # End /etc/sysconfig/createfiles
index f5802d2..43e6a90 100644 (file)
@@ -25,7 +25,7 @@ LIBS    = -lsmooth -lnewt
 PROGS = iowrap
 SUID_PROGS = squidctrl sshctrl ipfirereboot \
        ipsecctrl timectrl dhcpctrl snortctrl \
-       applejuicectrl rebuildhosts backupctrl \
+       applejuicectrl rebuildhosts backupctrl collectdctrl \
        logwatch openvpnctrl firewallctrl \
        wirelessctrl getipstat qosctrl launch-ether-wake \
        redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \
diff --git a/src/misc-progs/collectdctrl.c b/src/misc-progs/collectdctrl.c
new file mode 100644 (file)
index 0000000..86e4b2a
--- /dev/null
@@ -0,0 +1,39 @@
+/* This file is part of the IPFire Firewall.
+ *
+ * This program is distributed under the terms of the GNU General Public
+ * Licence.  See the file COPYING for details.
+ *
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include "setuid.h"
+
+int main(int argc, char *argv[]) {
+       if (!(initsetuid()))
+               exit(1);
+
+       if (argc < 2) {
+               fprintf(stderr, "\nNo argument given.\n\ncollectdctrl (start|stop|restart)\n\n");
+               exit(1);
+       }
+
+       if (strcmp(argv[1], "restart") == 0) {
+               safe_system("/etc/rc.d/init.d/collectd restart");
+
+       } else if (strcmp(argv[1], "stop") == 0) {
+               safe_system("/etc/rc.d/init.d/collectd stop");
+
+       } else if (strcmp(argv[1], "start") == 0) {
+               safe_system("/etc/rc.d/init.d/collectd start");
+
+       } else {
+               fprintf(stderr, "\nBad argument given.\n\ncollectdctrl (start|stop|restart)\n\n");
+               exit(1);
+       }
+
+       return 0;
+}
index d20cced..20967e4 100644 (file)
@@ -1,3 +1,4 @@
+#define _XOPEN_SOURCE 500
 #include <signal.h>
 #include <stdio.h>
 #include <string.h>
@@ -7,6 +8,7 @@
 #include <arpa/inet.h>
 #include <netinet/in.h>
 #include <fcntl.h>
+#include <ftw.h>
 #include "setuid.h"
 #include "netutil.h"
 #include "libsmooth.h"
@@ -44,6 +46,18 @@ struct connection_struct {
 
 typedef struct connection_struct connection;
 
+static int recursive_remove_callback(const char* fpath, const struct stat* sb, int typeflag, struct FTW* ftwbuf) {
+       int rv = remove(fpath);
+       if (rv)
+               perror(fpath);
+
+       return rv;
+}
+
+static int recursive_remove(const char* path) {
+       return nftw(path, recursive_remove_callback, 64, FTW_DEPTH | FTW_PHYS);
+}
+
 void exithandler(void)
 {
        if(kv)
@@ -537,6 +551,7 @@ int startNet2Net(char *name) {
 int killNet2Net(char *name) {
        connection *conn = NULL;
        connection *conn_iter;
+       int rc = 0;
 
        conn_iter = getConnections();
 
@@ -569,26 +584,40 @@ int killNet2Net(char *name) {
        snprintf(command, STRING_SIZE - 1, "/bin/rm -f %s", pidfile);
        executeCommand(command);
 
+       char runfile[STRING_SIZE];
+       snprintf(runfile, STRING_SIZE - 1, "/var/run/openvpn/%s-n2n", conn->name);
+       rc = recursive_remove(runfile);
+       if (rc)
+               perror(runfile);
+
        return 0;
 }
 
 int deleterrd(char *name) {
+       char rrd_dir[STRING_SIZE];
+
        connection *conn = getConnections();
+       while(conn) {
+               if (strcmp(conn->name, name) != 0) {
+                       conn = conn->next;
+                       continue;
+               }
 
-       char rrd_file[STRING_SIZE];
-       snprintf(rrd_file, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s/if_octets.rrd", name);
+               // Handle RW connections
+               if (strcmp(conn->type, "host") == 0) {
+                       snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s/", name);
 
-       char rrd_dir[STRING_SIZE];
-       snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s", name);
+               // Handle N2N connections
+               } else if (strcmp(conn->type, "net") == 0) {
+                       snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s-n2n/", name);
 
-       while(conn) {
-               /* Find only RW-Connections with the given name. */
-               if (((strcmp(conn->type, "host") == 0) && (strcmp(conn->name, name) == 0))) {
-                       remove(rrd_file);
-                       remove(rrd_dir);
-                       return 0;
+               // Unhandled connection type
+               } else {
+                       conn = conn->next;
+                       continue;
                }
-               conn = conn->next;
+
+               return recursive_remove(rrd_dir);
        }
 
        return 1;
index ec6819c..0704a6b 100644 (file)
@@ -61,7 +61,7 @@ index 2db3677..d446e99 100644
                sstrncpy (vl.plugin_instance, pinst,
                                sizeof (vl.plugin_instance));
 -      sstrncpy (vl.type, "compression", sizeof (vl.type));
-+      sstrncpy (vl.type, "compression_dervice", sizeof (vl.type));
++      sstrncpy (vl.type, "compression_derive", sizeof (vl.type));
        if (tinst != NULL)
                sstrncpy (vl.type_instance, tinst, sizeof (vl.type_instance));
  
diff --git a/src/patches/collectd/silence-openvpn-errors.patch b/src/patches/collectd/silence-openvpn-errors.patch
new file mode 100644 (file)
index 0000000..c909761
--- /dev/null
@@ -0,0 +1,13 @@
+diff --git a/src/openvpn.c b/src/openvpn.c
+index d446e9957b68..cc33eed61e25 100644
+--- a/src/openvpn.c
++++ b/src/openvpn.c
+@@ -567,7 +567,7 @@ static int openvpn_read (void)
+               read += vpn_read;
+       }
+-      return (read ? 0 : -1);
++      return 0;
+ } /* int openvpn_read */
+ static int version_detect (const char *filename)
diff --git a/src/scripts/ovpn-collectd-convert b/src/scripts/ovpn-collectd-convert
new file mode 100644 (file)
index 0000000..59d67b9
--- /dev/null
@@ -0,0 +1,26 @@
+#!/usr/bin/perl
+# Converter script for adding existing OpenVPN N2N connections to collectd
+# Used for core update 89
+
+my %ovpnconfig=();
+
+require '/var/ipfire/general-functions.pl';
+
+open(COLLECTDVPN, ">${General::swroot}/ovpn/collectd.vpn") or die "Unable to open collectd.vpn: $!";
+print COLLECTDVPN "Loadplugin openvpn\n";
+print COLLECTDVPN "\n";
+print COLLECTDVPN "<Plugin openvpn>\n";
+print COLLECTDVPN "Statusfile \"/var/run/ovpnserver.log\"\n";
+
+&General::readhasharray("/var/ipfire/ovpn/ovpnconfig", \%ovpnconfig);
+foreach my $key (keys %ovpnconfig) {
+       if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] eq 'net') {
+               print COLLECTDVPN "Statusfile \"/var/run/openvpn/$ovpnconfig{$key}[1]-n2n\"\n";
+       }
+}
+
+print COLLECTDVPN "</Plugin>\n";
+close(COLLECTDVPN);
+
+# Reload collectd afterwards
+system("/usr/local/bin/collectdctrl restart &>/dev/null");