Merge remote-tracking branch 'origin/next' into thirteen
authorArne Fitzenreiter <arne_f@ipfire.org>
Thu, 6 Dec 2012 18:29:29 +0000 (19:29 +0100)
committerArne Fitzenreiter <arne_f@ipfire.org>
Thu, 6 Dec 2012 18:29:29 +0000 (19:29 +0100)
Conflicts:
config/rootfiles/common/stage2
make.sh

44 files changed:
config/backup/include
config/cfgroot/general-functions.pl
config/cron/crontab
config/httpd/vhosts.d/ipfire-interface-ssl.conf
config/rootfiles/common/stage2
config/rootfiles/core/65/exclude [new file with mode: 0644]
config/rootfiles/core/65/filelists/GeoIP [new file with mode: 0644]
config/rootfiles/core/65/filelists/daq [new symlink]
config/rootfiles/core/65/filelists/files [new file with mode: 0644]
config/rootfiles/core/65/meta [new file with mode: 0644]
config/rootfiles/core/65/update.sh [new file with mode: 0644]
config/rootfiles/packages/libstatgrab [new file with mode: 0644]
config/rootfiles/packages/sarg [new file with mode: 0644]
config/rootfiles/packages/stress [new file with mode: 0644]
config/sarg/cron.daily [new file with mode: 0644]
config/sarg/cron.hourly [new file with mode: 0644]
config/sarg/cron.monthly [new file with mode: 0644]
config/sarg/cron.weekly [new file with mode: 0644]
config/sarg/sarg.conf [new file with mode: 0644]
config/sarg/update-sarg-reports [new file with mode: 0644]
doc/language_issues.de
doc/language_issues.en
doc/language_issues.es
doc/language_issues.fr
doc/language_issues.pl
doc/language_issues.ru
doc/language_missings
html/cgi-bin/logs.cgi/calamaris.dat
html/cgi-bin/ovpnmain.cgi [changed mode: 0644->0755]
html/cgi-bin/vpnmain.cgi [changed mode: 0644->0755]
langs/de/cgi-bin/de.pl
langs/en/cgi-bin/en.pl
lfs/GeoIP
lfs/libstatgrab [new file with mode: 0644]
lfs/mediatomb
lfs/sarg [new file with mode: 0644]
lfs/stage2
lfs/stress [new file with mode: 0644]
make.sh
src/paks/sarg/install.sh [new file with mode: 0644]
src/paks/sarg/uninstall.sh [new file with mode: 0644]
src/paks/sarg/update.sh [new file with mode: 0644]
src/scripts/ovpn-ccd-convert [new file with mode: 0644]
src/scripts/update-lang-cache [new file with mode: 0644]

index 8806640..a1d1fbc 100644 (file)
@@ -16,6 +16,7 @@
 /var/ipfire/dhcp/*
 /var/ipfire/main/*
 /var/ipfire/outgoing/groups
+/var/ipfire/outgoing/macgroups
 /var/ipfire/outgoing/rules
 /var/ipfire/outgoing/p2protocols
 /var/ipfire/ovpn
@@ -28,6 +29,8 @@
 /var/ipfire/vpn
 /var/log/ip-acct/*
 /var/log/rrd/*
+/var/log/rrd/collectd
+/var/log/rrd/vnstat
 /etc/sysconfig/firewall.local
 /etc/sysconfig/rc.local
 /root/.gitconfig
index 567f2e1..c14f990 100644 (file)
@@ -18,8 +18,7 @@ use strict;
 use Socket;
 use IO::Socket;
 use Net::SSLeay;
-use Net::IPv4Addr;
-
+use Net::IPv4Addr qw(:all);
 $|=1; # line buffering
 
 $General::version = 'VERSION';
@@ -212,21 +211,273 @@ sub validipormask
        return &validmask($mask);
 }
 
+sub subtocidr
+{
+       #gets: Subnet in decimal (255.255.255.0) 
+       #Gives: 24 (The cidr of network)
+       my ($byte1, $byte2, $byte3, $byte4) = split(/\./, $_[0].".0.0.0.0"); 
+       my $num = ($byte1 * 16777216) + ($byte2 * 65536) + ($byte3 * 256) + $byte4; 
+       my $bin = unpack("B*", pack("N", $num)); 
+       my $count = ($bin =~ tr/1/1/); 
+       return $count;
+}
+
+sub cidrtosub
+{
+       #gets: Cidr of network (20-30 for ccd) 
+       #Konverts 30 to 255.255.255.252 e.g
+       my $cidr=$_[0];
+    my $netmask = &Net::IPv4Addr::ipv4_cidr2msk($cidr);
+    return "$netmask";
+}
+  
+sub iporsubtodec
+{
+       #Gets: Ip address or subnetmask in decimal oder CIDR
+       #Gives: What it gets only in CIDR format
+       my $subnet=$_[0];
+       my $net;
+       my $mask;
+       my $full=0;
+       if ($subnet =~ /^(.*?)\/(.*?)$/) {
+               ($net,$mask) = split (/\//,$subnet);
+               $full=1;
+               return "$subnet";
+       }else{
+               $mask=$subnet;
+       }
+       #Subnet already in decimal and valid?
+       if ($mask=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ &&(($1<=255  && $2<=$1 && $3<=$2  && $4<=$3 )))       {
+               for (my $i=8;$i<=32;$i++){
+                       if (&General::cidrtosub($i) eq $mask){
+                               if ($full == 0){return $mask;}else{
+                                                        return $net."/".$mask;
+                               }
+                       }
+               }       
+       }
+       #Subnet in binary format?
+       if ($mask=~/^(\d{1,2})$/ && (($1<=32 && $1>=8))){
+                       if($full == 0){ return &General::cidrtosub($mask);}else{
+                                                return $net."/".&General::cidrtosub($mask);
+                       }
+       }else{
+                       return 3;
+       }
+       return 3;
+}
+  
+  
+sub iporsubtocidr
+{
+       #gets: Ip Address  or subnetmask in decimal oder CIDR
+       #Gives: What it gets only in CIDR format
+       my $subnet=$_[0];
+       my $net;
+       my $mask;
+       my $full=0;
+       if ($subnet =~ /^(.*?)\/(.*?)$/) {
+               ($net,$mask) = split (/\//,$subnet);
+               $full=1;
+       }else{
+               $mask=$subnet;
+       }
+       #Subnet in decimal and valid?
+       if ($mask=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ &&(($1<=255  && $2<=$1 && $3<=$2  && $4<=$3 )))       {
+               for (my $i=8;$i<=32;$i++){
+                       if (&General::cidrtosub($i) eq $mask){
+                               if ($full == 0){return &General::subtocidr($mask);}else{
+                                                        return $net."/".&General::subtocidr($mask);
+                               }
+                       }
+               }       
+       }
+       #Subnet already in binary format?
+       if ($mask=~/^(\d{1,2})$/ && (($1<=32 && $1>=8))){
+                       if($full == 0){ return $mask;}else{
+                                                return $net."/".$mask;
+                       }
+       }else{
+                       return 3;
+       }
+       return 3;
+}
+
+sub getnetworkip
+{
+       #Gets:  IP, CIDR    (10.10.10.0-255, 24)
+       #Gives:  10.10.10.0
+       my ($ccdip,$ccdsubnet) = @_;
+       my $ip_address_binary = inet_aton( $ccdip );
+       my $netmask_binary    = ~pack("N", (2**(32-$ccdsubnet))-1);
+       my $network_address    = inet_ntoa( $ip_address_binary & $netmask_binary );
+       return $network_address;
+}
+
+sub getccdbc
+{
+       #Gets: IP in Form ("192.168.0.0/24")
+       #Gives: Broadcastaddress of network
+       my $ccdnet=$_;
+       my ($ccdip,$ccdsubnet) = split "/",$ccdnet;
+       my $ip_address_binary = inet_aton( $ccdip );
+       my $netmask_binary    = ~pack("N", (2**(32-$ccdsubnet))-1);
+       my $broadcast_address  = inet_ntoa( $ip_address_binary | ~$netmask_binary );
+       return $broadcast_address;
+}
+
+sub ip2dec 
+{
+    my $ip_num;
+    my $ip=$_[0];
+    if ( $ip =~ /(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/ ) {
+        $ip_num = (($1*256**3) + ($2*256**2) + ($3*256) + $4);
+    } else {
+        $ip_num = -1;
+    }
+    $ip_num = (($1*256**3) + ($2*256**2) + ($3*256) + $4);
+    return($ip_num);
+}
+
+sub dec2ip 
+{
+    my $ip;
+    my $ip_num=$_[0];
+       my $o1=$ip_num%256;
+       $ip_num=int($ip_num/256);
+       my $o2=$ip_num%256;
+       $ip_num=int($ip_num/256);
+       my $o3=$ip_num%256;
+       $ip_num=int($ip_num/256);
+       my $o4=$ip_num%256;
+       $ip="$o4.$o3.$o2.$o1";
+    return ($ip);
+}
+
+sub getnextip
+{
+       my $decip=&ip2dec($_[0]);
+       $decip=$decip+4;
+       return &dec2ip($decip);
+}
+
+sub getlastip
+{
+       my $decip=&ip2dec($_[0]);
+       $decip--;
+       return &dec2ip($decip);
+}
+
 sub validipandmask
 {
-       my $ipandmask = $_[0];
+       #Gets: Ip address in 192.168.0.0/24 or 192.168.0.0/255.255.255.0 and checks if subnet valid
+       #Gives: True bzw 0 if success or false 
+       my $ccdnet=$_[0];
+       my $subcidr;
+       
+       if (!($ccdnet =~ /^(.*?)\/(.*?)$/)) {
+               return 0;
+       }
+       my ($ccdip,$ccdsubnet)=split (/\//, $ccdnet);
+       #IP valid?
+       if ($ccdip=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ &&(($1>0 && $1<=255 && $2>=0 && $2<=255 && $3>=0 && $3<=255 && $4<=255 ))) {
+               #Subnet in decimal and valid?
+               if ($ccdsubnet=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ &&(($1<=255  && $2<=$1 && $3<=$2  && $4<=$3 )))  {
+                       for (my $i=8;$i<=32;$i++){
+                               if (&General::cidrtosub($i) eq $ccdsubnet){
+                                       return 1;
+                               }
+                       }       
+               #Subnet already in binary format?
+               }elsif ($ccdsubnet=~/^(\d{1,2})$/ && (($1<=32 && $1>=8))){
+                       return 1;
+               }else{
+                       return 0;
+               }
+               
+       }
+       return 0;
+}
+
+sub checksubnets
+{
+       
+       my %ccdconfhash=();                     
+       my @ccdconf=();                         
+       my $ccdname=$_[0];                      
+       my $ccdnet=$_[1];                       
+       my $errormessage;
+       my ($ip,$cidr)=split(/\//,$ccdnet);
+       $cidr=&iporsubtocidr($cidr);
+       
+       
+       #get OVPN-Subnet (dynamic range)
+       my %ovpnconf=();
+       &readhash("${General::swroot}/ovpn/settings", \%ovpnconf);
+       my ($ovpnip,$ovpncidr)= split (/\//,$ovpnconf{'DOVPN_SUBNET'});
+       $ovpncidr=&iporsubtocidr($ovpncidr);
+       
+       #check if we try to use same network as ovpn server
+       if ("$ip/$cidr" eq "$ovpnip/$ovpncidr") {
+                       $errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."<br>";
+                       return $errormessage;
+       }
+               
+       #check if we use a network-name/subnet that already exists
+       &readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+       foreach my $key (keys %ccdconfhash) {
+               @ccdconf=split(/\//,$ccdconfhash{$key}[1]);
+               if ($ccdname eq $ccdconfhash{$key}[0]) 
+               {
+                       $errormessage=$errormessage.$Lang::tr{'ccd err nameexist'}."<br>";
+                       return $errormessage;
+               }
+               my ($newip,$newsub) = split(/\//,$ccdnet);
+               if (&IpInSubnet($newip,$ccdconf[0],&iporsubtodec($ccdconf[1]))) 
+               {
+                       $errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."<br>";
+                       return $errormessage;
+               }
+                       
+       }
+       #check if we use a name which is already used by ovpn
+       
+       
+       
+       
+       
+       #check if we use a ipsec right network which is already defined
+       my %ipsecconf=();
+       &General::readhasharray("${General::swroot}/vpn/config", \%ipsecconf);
+       foreach my $key (keys %ipsecconf){
+               if ($ipsecconf{$key}[11] ne ''){
+                       #$errormessage="DRIN!";
+                       #return $errormessage;
+                       
+                       my ($ipsecip,$ipsecsub) = split (/\//, $ipsecconf{$key}[11]);
+                       $ipsecsub=&iporsubtodec($ipsecsub);
+                       
+                       if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){
+                               $errormessage=$Lang::tr{'ccd err isipsecnet'}." Name:  $ipsecconf{$key}[2]";
+                               return $errormessage;
+                       }
+               }
+       }
+       
+               
+       #check if we use one of ipfire's networks (green,orange,blue)
+       my %ownnet=();
+       &readhash("${General::swroot}/ethernet/settings", \%ownnet);
+       if (($ownnet{'GREEN_NETADDRESS'}        ne '' && $ownnet{'GREEN_NETADDRESS'}    ne '0.0.0.0') && &IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;}
+       if (($ownnet{'ORANGE_NETADDRESS'}       ne '' && $ownnet{'ORANGE_NETADDRESS'}   ne '0.0.0.0') && &IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;}
+       if (($ownnet{'BLUE_NETADDRESS'}         ne '' && $ownnet{'BLUE_NETADDRESS'}     ne '0.0.0.0') && &IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;}
+       if (($ownnet{'RED_NETADDRESS'}          ne '' && $ownnet{'RED_NETADDRESS'}              ne '0.0.0.0') && &IpInSubnet($ownnet{'RED_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;}
+       
+       
 
-       # split it into number and mask.
-       if (!($ipandmask =~ /^(.*?)\/(.*?)$/)) {
-               return 0; }
-       my $ip = $1;
-       my $mask = $2;
-       # first part not a ip?
-       if (!(&validip($ip))) {
-               return 0; }
-       return &validmask($mask);
 }
 
+
 sub validport
 {
        $_ = $_[0];
@@ -276,7 +527,7 @@ sub validhostname
        if (length ($hostname) < 1 || length ($hostname) > 63) {
                return 0;}
        # Only valid characters are a-z, A-Z, 0-9 and -
-       if ($hostname !~ /^[a-zA-Z0-9-]*$/) {
+       if ($hostname !~ /^[a-zA-Z0-9-\s]*$/) {
                return 0;}
        # First character can only be a letter or a digit
        if (substr ($hostname, 0, 1) !~ /^[a-zA-Z0-9]*$/) {
@@ -407,7 +658,12 @@ sub NextIP
                                   )
                             );
 }
-
+sub NextIP2
+{
+    return &Socket::inet_ntoa( pack("N", 4 +  unpack('N', &Socket::inet_aton(shift))
+                                  )
+                            );
+}
 sub ipcidr
 {
        my ($ip,$cidr) = &Net::IPv4Addr::ipv4_parse(shift);
@@ -465,13 +721,13 @@ sub writehasharray {
     open(FILE, ">$filename") or die "Unable to write to file $filename";
 
     foreach $key (keys %$hash) {
-       if ($key =~ /^[0-9]+$/) {
-           print FILE "$key";
-           foreach $i (0 .. $#{$hash->{$key}}) {
-               print FILE ",$hash->{$key}[$i]";
-           }
-           print FILE "\n";
-       }
+               if ($key =~ /^[0-9]+$/) {
+                       print FILE "$key";
+                       foreach $i (0 .. $#{$hash->{$key}}) {
+                               print FILE ",$hash->{$key}[$i]";
+                       }
+                       print FILE "\n";
+               }
     }
     close FILE;
     return;
index 5cca1fa..ad90b07 100644 (file)
@@ -11,7 +11,7 @@ HOME=/
 */5 * * * *    test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.cyclic
 01 * * * *     test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.hourly
 &nice(10),bootrun 25 1 * * *   test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.daily
-&nice(10),bootrun 47 2 * * 0   test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.weekly
+&nice(10),bootrun 47 2 * * 1   test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.weekly
 &nice(10),bootrun 52 3 1 * *   test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.monthly
 
 # Log rotation
index 7b10832..cc3cb1d 100644 (file)
                 Order deny,allow
                 Allow from all
        </Directory>
+
+    Alias /proxy-reports/ /var/log/sarg/
+    <Directory /var/log/sarg>
+        AllowOverride None
+        Options None
+        AuthName "IPFire - Restricted"
+        AuthType Basic
+        AuthUserFile /var/ipfire/auth/users
+        Require user admin
+    </Directory>
 </VirtualHost>
index 7fa4a43..7cd1934 100644 (file)
@@ -84,6 +84,9 @@ usr/local/bin/scanhd
 usr/local/bin/setddns.pl
 usr/local/bin/settime
 usr/local/bin/timecheck
+#usr/local/bin/uname
+usr/local/bin/update-lang-cache
+usr/local/bin/vpn-watch
 #usr/local/include
 #usr/local/lib
 #usr/local/sbin
@@ -105,6 +108,7 @@ usr/local/bin/timecheck
 #usr/local/share/zoneinfo
 #usr/local/src
 #usr/sbin
+usr/sbin/ovpn-ccd-convert
 #usr/share
 #usr/share/doc
 #usr/share/doc/licenses
diff --git a/config/rootfiles/core/65/exclude b/config/rootfiles/core/65/exclude
new file mode 100644 (file)
index 0000000..b6a8d1d
--- /dev/null
@@ -0,0 +1,13 @@
+srv/web/ipfire/html/proxy.pac
+etc/udev/rules.d/30-persistent-network.rules
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+var/updatecache
+etc/localtime
+var/ipfire/ovpn
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+var/state/dhcp/dhcpd.leases
diff --git a/config/rootfiles/core/65/filelists/GeoIP b/config/rootfiles/core/65/filelists/GeoIP
new file mode 100644 (file)
index 0000000..0258236
--- /dev/null
@@ -0,0 +1 @@
+usr/local/share/GeoIP/GeoIP.dat
diff --git a/config/rootfiles/core/65/filelists/daq b/config/rootfiles/core/65/filelists/daq
new file mode 120000 (symlink)
index 0000000..d0e0956
--- /dev/null
@@ -0,0 +1 @@
+../../../common/daq
\ No newline at end of file
diff --git a/config/rootfiles/core/65/filelists/files b/config/rootfiles/core/65/filelists/files
new file mode 100644 (file)
index 0000000..67bd0b3
--- /dev/null
@@ -0,0 +1,10 @@
+etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf
+etc/system-release
+etc/issue
+srv/web/ipfire/cgi-bin/logs.cgi/calamaris.dat
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
+usr/sbin/ovpn-ccd-convert
+var/ipfire/general-functions.pl
+var/ipfire/langs
+var/ipfire/backup/include
diff --git a/config/rootfiles/core/65/meta b/config/rootfiles/core/65/meta
new file mode 100644 (file)
index 0000000..d547fa8
--- /dev/null
@@ -0,0 +1 @@
+DEPS=""
diff --git a/config/rootfiles/core/65/update.sh b/config/rootfiles/core/65/update.sh
new file mode 100644 (file)
index 0000000..88f5b36
--- /dev/null
@@ -0,0 +1,91 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 3 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2012 IPFire-Team <info@ipfire.org>.                        #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+#
+# Remove old core updates from pakfire cache to save space...
+core=65
+for (( i=1; i<=$core; i++ ))
+do
+       rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+#
+#Stop services
+
+#
+#Extract files
+extract_files
+
+#
+#Start services
+
+#
+#Update Language cache
+perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+
+# Convert OpenVPN RW connections.
+/usr/sbin/ovpn-ccd-convert
+
+# Update crontab.
+sed -i /var/spool/cron/root.orig \
+       -e 's@^.*fcron.weekly.*$@\&nice(10),bootrun 47 2 \* \* 1\ttest -x /usr/local/bin/run-parts \&\& /usr/local/bin/run-parts /etc/fcron.weekly@'
+fcrontab -z &>/dev/null
+
+# Reload apache configuration.
+/etc/init.d/apache reload &>/dev/null
+
+#Rebuild module dep's
+#arch=`uname -m`
+#if [ ${arch::3} == "arm" ]; then
+#      depmod -a 2.6.32.45-ipfire-versatile >/dev/null 2>&1
+#      depmod -a 2.6.32.45-ipfire-kirkwood >/dev/null 2>&1
+#else
+#      depmod -a 2.6.32.45-ipfire     >/dev/null 2>&1
+#      depmod -a 2.6.32.45-ipfire-pae >/dev/null 2>&1
+#      depmod -a 2.6.32.45-ipfire-xen >/dev/null 2>&1
+#fi
+
+
+#Rebuild initrd's because some compat-wireless modules are inside
+#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45.img 2.6.32.45-ipfire
+#if [ -e /boot/ipfirerd-2.6.32.45-pae.img ]; then
+#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45-pae.img 2.6.32.45-ipfire-pae
+#fi
+#if [ -e /boot/ipfirerd-2.6.32.45-xen.img ]; then
+#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45-xen.img 2.6.32.45-ipfire-xen
+#fi
+
+sync
+
+# This update need a reboot...
+#touch /var/run/need_reboot
+
+#
+#Finish
+/etc/init.d/fireinfo start
+sendprofile
+#Don't report the exitcode last command
+exit 0
diff --git a/config/rootfiles/packages/libstatgrab b/config/rootfiles/packages/libstatgrab
new file mode 100644 (file)
index 0000000..2c61411
--- /dev/null
@@ -0,0 +1,35 @@
+usr/bin/saidar
+usr/bin/statgrab
+#usr/bin/statgrab-make-mrtg-config
+#usr/bin/statgrab-make-mrtg-index
+#usr/include/statgrab.h
+#usr/include/statgrab_deprecated.h
+#usr/lib/libstatgrab.a
+#usr/lib/libstatgrab.la
+#usr/lib/libstatgrab.so
+usr/lib/libstatgrab.so.6
+usr/lib/libstatgrab.so.6.2.3
+#usr/lib/pkgconfig/libstatgrab.pc
+#usr/share/man/man1/saidar.1
+#usr/share/man/man1/statgrab-make-mrtg-config.1
+#usr/share/man/man1/statgrab-make-mrtg-index.1
+#usr/share/man/man1/statgrab.1
+#usr/share/man/man3/sg_get_cpu_percents.3
+#usr/share/man/man3/sg_get_cpu_stats.3
+#usr/share/man/man3/sg_get_cpu_stats_diff.3
+#usr/share/man/man3/sg_get_disk_io_stats.3
+#usr/share/man/man3/sg_get_disk_io_stats_diff.3
+#usr/share/man/man3/sg_get_fs_stats.3
+#usr/share/man/man3/sg_get_host_info.3
+#usr/share/man/man3/sg_get_load_stats.3
+#usr/share/man/man3/sg_get_mem_stats.3
+#usr/share/man/man3/sg_get_network_iface_stats.3
+#usr/share/man/man3/sg_get_network_io_stats.3
+#usr/share/man/man3/sg_get_network_io_stats_diff.3
+#usr/share/man/man3/sg_get_page_stats.3
+#usr/share/man/man3/sg_get_page_stats_diff.3
+#usr/share/man/man3/sg_get_process_count.3
+#usr/share/man/man3/sg_get_process_stats.3
+#usr/share/man/man3/sg_get_swap_stats.3
+#usr/share/man/man3/sg_get_user_stats.3
+#usr/share/man/man3/statgrab.3
diff --git a/config/rootfiles/packages/sarg b/config/rootfiles/packages/sarg
new file mode 100644 (file)
index 0000000..9a0672c
--- /dev/null
@@ -0,0 +1,48 @@
+etc/fcron.daily/sarg-reports
+etc/fcron.hourly/sarg-reports
+etc/fcron.monthly/sarg-reports
+etc/fcron.weekly/sarg-reports
+etc/sarg
+etc/sarg/css.tpl
+etc/sarg/exclude_codes
+etc/sarg/sarg.conf
+#etc/sarg/sarg.conf.default
+etc/sarg/user_limit_block
+usr/bin/sarg
+usr/sbin/update-sarg-reports
+usr/share/locale/bg/LC_MESSAGES/sarg.mo
+usr/share/locale/ca/LC_MESSAGES/sarg.mo
+usr/share/locale/cs/LC_MESSAGES/sarg.mo
+usr/share/locale/da/LC_MESSAGES/sarg.mo
+usr/share/locale/de/LC_MESSAGES/sarg.mo
+usr/share/locale/el/LC_MESSAGES/sarg.mo
+usr/share/locale/es/LC_MESSAGES/sarg.mo
+usr/share/locale/fr/LC_MESSAGES/sarg.mo
+usr/share/locale/hu/LC_MESSAGES/sarg.mo
+usr/share/locale/id/LC_MESSAGES/sarg.mo
+usr/share/locale/it/LC_MESSAGES/sarg.mo
+usr/share/locale/ja/LC_MESSAGES/sarg.mo
+usr/share/locale/lv/LC_MESSAGES/sarg.mo
+usr/share/locale/nl/LC_MESSAGES/sarg.mo
+usr/share/locale/pl/LC_MESSAGES/sarg.mo
+usr/share/locale/pt/LC_MESSAGES/sarg.mo
+usr/share/locale/pt_BR/LC_MESSAGES/sarg.mo
+usr/share/locale/ro/LC_MESSAGES/sarg.mo
+usr/share/locale/ru/LC_MESSAGES/sarg.mo
+usr/share/locale/sk/LC_MESSAGES/sarg.mo
+usr/share/locale/sr/LC_MESSAGES/sarg.mo
+usr/share/locale/tr/LC_MESSAGES/sarg.mo
+usr/share/locale/uk/LC_MESSAGES/sarg.mo
+usr/share/locale/zh_CN/LC_MESSAGES/sarg.mo
+#usr/share/man/man1/sarg.1
+usr/share/sarg
+usr/share/sarg/fonts
+usr/share/sarg/fonts/DejaVuSans.ttf
+usr/share/sarg/fonts/FreeSans.ttf
+usr/share/sarg/fonts/README
+usr/share/sarg/fonts/license
+usr/share/sarg/images
+usr/share/sarg/images/datetime.png
+usr/share/sarg/images/graph.png
+usr/share/sarg/images/sarg-squidguard-block.png
+usr/share/sarg/images/sarg.png
diff --git a/config/rootfiles/packages/stress b/config/rootfiles/packages/stress
new file mode 100644 (file)
index 0000000..2b0a000
--- /dev/null
@@ -0,0 +1,3 @@
+usr/bin/stress
+#usr/share/info/stress.info
+#usr/share/man/man1/stress.1
\ No newline at end of file
diff --git a/config/sarg/cron.daily b/config/sarg/cron.daily
new file mode 100644 (file)
index 0000000..8ae1b1b
--- /dev/null
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+/usr/sbin/update-sarg-reports daily >/dev/null 2>&1
+
+exit 0
diff --git a/config/sarg/cron.hourly b/config/sarg/cron.hourly
new file mode 100644 (file)
index 0000000..1e7b5ff
--- /dev/null
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+/usr/sbin/update-sarg-reports today >/dev/null 2>&1
+
+exit 0
diff --git a/config/sarg/cron.monthly b/config/sarg/cron.monthly
new file mode 100644 (file)
index 0000000..07b9efc
--- /dev/null
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+/usr/sbin/update-sarg-reports monthly >/dev/null 2>&1
+
+exit 0
diff --git a/config/sarg/cron.weekly b/config/sarg/cron.weekly
new file mode 100644 (file)
index 0000000..1f8287c
--- /dev/null
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+/usr/sbin/update-sarg-reports weekly >/dev/null 2>&1
+
+exit 0
diff --git a/config/sarg/sarg.conf b/config/sarg/sarg.conf
new file mode 100644 (file)
index 0000000..6331aaf
--- /dev/null
@@ -0,0 +1,696 @@
+# sarg.conf
+#
+# TAG:  access_log file
+#       Where is the access.log file
+#       sarg -l file
+#
+access_log /var/log/squid/access.log
+
+# TAG: graphs yes|no
+#      Use graphics where is possible.
+#           graph_days_bytes_bar_color blue|green|yellow|orange|brown|red
+#
+graphs yes
+graph_days_bytes_bar_color orange
+
+# TAG:  graph_font
+#       The full path to the TTF font file to use to create the graphs. It is required
+#       if graphs is set to yes.
+#
+graph_font /usr/share/sarg/fonts/DejaVuSans.ttf
+
+# TAG: title
+#      Especify the title for html page.
+#
+title "Squid User Access Reports"
+
+# TAG: font_face
+#      Especify the font for html page.
+#
+font_face Tahoma,Verdana,Arial
+
+# TAG: header_color
+#      Especify the header color
+#
+header_color darkblue
+
+# TAG: header_bgcolor
+#      Especify the header bgcolor
+#
+header_bgcolor blanchedalmond
+
+# TAG: font_size
+#      Especify the text font size
+#
+font_size 12px
+
+# TAG: header_font_size
+#      Especify the header font size
+#
+header_font_size 12px
+
+# TAG: title_font_size
+#      Especify the title font size
+#
+title_font_size 12px
+
+# TAG: background_color
+# TAG: background_color
+#      Html page background color
+#
+# background_color white
+
+# TAG: text_color
+#      Html page text color
+#
+text_color #000000
+
+# TAG: text_bgcolor
+#      Html page text background color
+#
+text_bgcolor lavender
+
+# TAG: title_color
+#      Html page title color
+#
+#title_color green
+
+# TAG: logo_image
+#      Html page logo.
+#
+#logo_image none
+
+# TAG: logo_text
+#      Html page logo text.
+#
+#logo_text ""
+
+# TAG: logo_text_color
+#      Html page logo texti color.
+#
+#logo_text_color #000000
+
+# TAG: logo_image_size
+#      Html page logo image size. 
+#       width height
+#
+#image_size 80 45
+
+# TAG: background_image
+#      Html page background image
+#
+#background_image none
+
+# TAG:  password
+#       User password file used by Squid authentication scheme
+#       If used, generate reports just for that users.
+#
+#password none
+
+# TAG:  temporary_dir
+#       Temporary directory name for work files
+#       sarg -w dir
+#
+#temporary_dir /tmp
+
+# TAG:  output_dir
+#       The reports will be saved in that directory
+#       sarg -o dir
+#
+output_dir /srv/web/ipfire/html/sarg
+
+# TAG:  output_email
+#       Email address to send the reports. If you use this tag, no html reports will be generated.
+#       sarg -e email
+#
+#output_email none
+
+# TAG:  resolve_ip yes/no
+#       Convert ip address to dns name
+#       sarg -n
+resolve_ip no
+
+# TAG:  user_ip yes/no
+#       Use Ip Address instead userid in reports.
+#       sarg -p
+#user_ip no
+
+# TAG:  topuser_sort_field field normal/reverse
+#       Sort field for the Topuser Report.
+#       Allowed fields: USER CONNECT BYTES TIME
+#
+#topuser_sort_field BYTES reverse
+
+# TAG:  user_sort_field field normal/reverse
+#       Sort field for the User Report.
+#       Allowed fields: SITE CONNECT BYTES TIME
+#
+#user_sort_field BYTES reverse
+
+# TAG:  exclude_users file
+#       users within the file will be excluded from reports.
+#       you can use indexonly to have only index.html file.
+#
+#exclude_users none
+
+# TAG:  exclude_hosts file
+#       Hosts, domains or subnets will be excluded from reports.
+#
+#       Eg.: 192.168.10.10   - exclude ip address only
+#            192.168.10.0/24 - exclude full C class
+#            s1.acme.foo     - exclude hostname only
+#            *.acme.foo      - exclude full domain name
+#
+#exclude_hosts none
+
+# TAG:  useragent_log file
+#       useragent.log file patch to generate useragent report.
+#
+#useragent_log /var/log/squid/user_agent.log
+
+# TAG:  date_format
+#       Date format in reports: e (European=dd/mm/yy), u (American=mm/dd/yy), w (Weekly=yy.ww)
+#       
+date_format e
+
+# TAG:  per_user_limit file MB
+#       Saves userid on file if download exceed n MB.
+#       This option allow you to disable user access if user exceed a download limit.
+#       
+#per_user_limit none
+
+# TAG: lastlog n
+#      How many reports files must be keept in reports directory.
+#      The oldest report file will be automatically removed.
+#      0 - no limit.
+#
+#lastlog 0
+
+# TAG: remove_temp_files yes
+#      Remove temporary files: geral, usuarios, top, periodo from root report directory.
+#
+#remove_temp_files yes
+
+# TAG: index yes|no|only
+#      Generate the main index.html.
+#      only - generate only the main index.html
+#
+#index yes
+
+# TAG: index_tree date|file
+#      How to generate the index.
+#
+#index_tree file
+
+# TAG: overwrite_report yes|no
+#      yes - if report date already exist then will be overwrited.
+#       no - if report date already exist then will be renamed to filename.n, filename.n+1
+#
+overwrite_report yes
+
+# TAG: records_without_userid ignore|ip|everybody
+#      What can I do with records without user id (no authentication) in access.log file ?
+#
+#      ignore - This record will be ignored.
+#          ip - Use ip address instead. (default)
+#   everybody - Use "everybody" instead.
+#
+#records_without_userid ip
+
+# TAG: use_comma no|yes
+#      Use comma instead point in reports.
+#      Eg.: use_comma yes => 23,450,110
+#           use_comma no  => 23.450.110
+#
+#use_comma no
+
+# TAG: mail_utility
+#      Mail command to use to send reports via SMTP. Sarg calls it like this:
+#         mail_utility -s "SARG report, date" "output_email" <"mail_content"
+#
+#      Therefore, it is possible to add more arguments to the command by specifying them
+#      here.
+#
+#      If you need too, you can use a shell script to process the content of /dev/stdin
+#      (/dev/stdin is the mail_content passed by sarg to the script) and call whatever
+#      command you like. It is not limited to mailing the report via SMTP.
+#
+#      Don't forget to quote the command if necessary (i.e. if the path contains
+#      characters that must be quoted).
+#
+#mail_utility mailx
+
+# TAG: topsites_num n
+#      How many sites in topsites report.
+#
+#topsites_num 100
+
+# TAG: topsites_sort_order CONNECT|BYTES A|D
+#      Sort for topsites report, where A=Ascendent, D=Descendent
+#
+#topsites_sort_order CONNECT D
+
+# TAG: index_sort_order A/D
+#      Sort for index.html, where A=Ascendent, D=Descendent
+#
+#index_sort_order D
+
+# TAG: exclude_codes file
+#      Ignore records with these codes. Eg.: NONE/400
+#      Write one code per line. Lines starting with a # are ignored.
+#      Only codes matching exactly one of the line is rejected. The
+#      comparison is not case sensitive.
+#
+#exclude_codes /usr/local/sarg/exclude_codes
+
+# TAG: replace_index string
+#      Replace "index.html" in the main index file with this string
+#      If null "index.html" is used 
+#
+#replace_index <?php echo str_replace(".", "_", $REMOTE_ADDR); echo ".html"; ?>
+
+# TAG: max_elapsed milliseconds
+#      If elapsed time is recorded in log is greater than max_elapsed use 0 for elapsed time.
+#      Use 0 for no checking 
+#
+#max_elapsed 28800000
+# 8 Hours
+
+# TAG: report_type type
+#      What kind of reports to generate.
+#      topusers            - users, sites, times, bytes, connects, links to accessed sites, etc
+#      topsites                   - site, connect and bytes report
+#      sites_users        - users and sites report
+#      users_sites        - accessed sites by the user report
+#      date_time          - bytes used per day and hour report
+#      denied             - denied sites with full URL report
+#      auth_failures       - autentication failures report
+#      site_user_time_date - sites, dates, times and bytes report
+#      downloads           - downloads per user report
+#
+#      Eg.: report_type topsites denied 
+#
+report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
+
+# TAG: usertab filename
+#      You can change the "userid" or the "ip address" to be a real user name on the reports.
+#      If resolve_ip is active, the ip address is resolved before being looked up into this
+#      file. That is, if you want to map the ip address, be sure to set resolv_ip to no or
+#      the resolved name will be looked into the file instead of the ip address. Note that
+#      it can be used to resolve any ip address known to the dns and then map the unresolved
+#      ip addresses to a name found in the usertab file.
+#      Table syntax:
+#              userid name   or   ip address name
+#      Eg:
+#              SirIsaac Isaac Newton
+#              vinci Leonardo da Vinci
+#              192.168.10.1 Karol Wojtyla
+#
+#      Each line must be terminated with '\n'
+#      If usertab have value "ldap" (case ignoring), user names
+#      will be taken from LDAP server. This method as approaches for reception
+#      of usernames from Active Didectory
+#
+#usertab none
+
+# TAG: LDAPHost hostname
+#      FQDN or IP address of host with LDAP service or AD DC
+#      default is '127.0.0.1'
+#LDAPHost 127.0.0.1
+
+# TAG: LDAPPort port
+#       LDAP service port number
+#      default is '389'
+#LDAPPort 389
+
+# TAG: LDAPBindDN CN=username,OU=group,DC=mydomain,DC=com
+#      DN of LDAP user, who is authorized to read user's names from LDAP base
+#      default is empty line
+#LDAPBindDN cn=proxy,dc=mydomain,dc=local
+
+# TAG: LDAPBindPW secret
+#      Password of DN, who is authorized to read user's names from LDAP base
+#      default is empty line
+#LDAPBindPW secret
+
+# TAG: LDAPBaseSearch OU=users,DC=mydomain,DC=com
+#      LDAP search base
+#      default is empty line
+#LDAPBaseSearch ou=users,dc=mydomain,dc=local
+
+# TAG: LDAPFilterSearch (uid=%s)
+#      User search filter by user's logins in LDAP
+#      First founded record will be used
+#      %s - will be changed to userlogins from access.log file
+#       filter string can have up to 5 '%s' tags
+#      default value is '(uid=%s)'
+#LDAPFilterSearch (uid=%s)
+
+# TAG: LDAPTargetAttr attributename
+#      Name of the attribute containing a name of the user
+#      default value is 'cn'
+#LDAPTargetAttr cn
+
+# TAG: long_url yes|no
+#      If yes, the full url is showed in report.
+#      If no, only the site will be showed
+#
+#      YES option generate very big sort files and reports.
+#
+#long_url no
+
+# TAG: date_time_by bytes|elap
+#      Date/Time reports show the downloaded volume or the elapsed time or both.
+#
+#date_time_by bytes
+
+# TAG: charset name
+#      ISO 8859 is a full series of 10 standardized multilingual single-byte coded (8bit)
+#      graphic character sets for writing in alphabetic languages
+#      You can use the following charsets:
+#              Latin1          - West European
+#              Latin2          - East European 
+#              Latin3          - South European 
+#              Latin4          - North European 
+#              Cyrillic 
+#              Arabic 
+#              Greek 
+#              Hebrew 
+#              Latin5          - Turkish 
+#              Latin6
+#              Windows-1251
+#              Japan
+#              Koi8-r
+#              UTF-8
+#
+#charset Latin1
+
+# TAG: user_invalid_char "&/"
+#      Records that contain invalid characters in userid will be ignored by Sarg.
+#
+#user_invalid_char "&/"
+
+# TAG: privacy yes|no
+#      privacy_string "***.***.***.***"
+#      privacy_string_color blue
+#      In some countries the sysadm cannot see the visited sites by a restrictive law.
+#      Using privacy yes the visited url will be changes by privacy_string and the link
+#      will be removed from reports.
+#
+#privacy no
+#privacy_string "***.***.***.***"
+#privacy_string_color blue
+
+# TAG: include_users "user1:user2:...:usern"
+#      Reports will be generated only for listed users.
+#
+#include_users none
+
+# TAG: exclude_string "string1:string2:...:stringn"
+#      Records from access.log file that contain one of listed strings will be ignored.
+#
+#exclude_string none
+
+# TAG: show_successful_message yes|no
+#      Shows "Successful report generated on dir" at end of process.
+#
+#show_successful_message yes
+
+# TAG: show_read_statistics yes|no
+#      Shows some reading statistics.
+#
+show_read_statistics yes
+
+# TAG: topuser_fields
+#      Which fields must be in Topuser report.
+#
+#topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
+
+# TAG: user_report_fields
+#      Which fields must be in User report.
+#
+#user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
+
+# TAG: bytes_in_sites_users_report yes|no
+#      Bytes field must be in Site & Users Report ?
+#
+#bytes_in_sites_users_report no
+
+# TAG: topuser_num n
+#      How many users in topsites report. 0 = no limit
+#
+#topuser_num 0
+
+# TAG: datafile file
+#      Save the report results in a file to populate some database
+#
+#datafile none
+
+# TAG: datafile_delimiter ";"
+#      ascii character to use as a field separator in datafile
+#
+#datafile_delimiter ";"
+
+# TAG: datafile_fields all
+#      Which data fields must be in datafile
+#      user;date;time;url;connect;bytes;in_cache;out_cache;elapsed
+#
+#datafile_fields user;date;time;url;connect;bytes;in_cache;out_cache;elapsed
+
+# TAG: datafile_url ip|name
+#      Saves the URL as ip or name in datafile
+#
+#datafile_url ip
+
+# TAG: weekdays
+#      The weekdays to take into account ( Sunday->0, Saturday->6 )
+# Example:
+#weekdays 1-3,5
+# Default:
+#weekdays 0-6
+
+# TAG: hours
+#      The hours to take into account
+# Example:
+#hours 7-12,14,16,18-20
+# Default:
+#hours 0-23
+
+# TAG: dansguardian_conf file
+#      DansGuardian.conf file path
+#      Generate reports from DansGuardian logs.
+#      Use 'none' to disable it.
+#      dansguardian_conf /usr/dansguardian/dansguardian.conf
+#
+#dansguardian_conf none
+
+# TAG: dansguardian_filter_out_date on|off
+#      This option replaces dansguardian_ignore_date whose name was not appropriate with respect to its action.
+#      Note the change of parameter value compared with the old option.
+#      'off' use the record even if its date is outside of the range found in the input log file.
+#      'on'  use the record only if its date is in the range found in the input log file.
+#
+#dansguardian_filter_out_date on
+
+# TAG: squidguard_conf file
+#      path to squidGuard.conf file
+#      Generate reports from SquidGuard logs.
+#      Use 'none' to disable.
+#      You can use sarg -L filename to use an alternate squidGuard log.
+#      squidguard_conf /usr/local/squidGuard/squidGuard.conf
+#
+#squidguard_conf none
+
+# TAG: redirector_log file
+#      the location of the web proxy redirector log such as one created by squidGuard or Rejik. The option
+#      may be repeated up to 64 times to read multiple files.
+#      If this option is specified, it takes precedence over squidguard_conf.
+#      The command line option -L override this option.
+#
+#redirector_log /usr/local/squidGuard/var/logs/urls.log
+
+# TAG: redirector_filter_out_date on|off
+#      This option replaces squidguard_ignore_date and redirector_ignore_date whose names were not
+#      appropriate with respect to their action.
+#      Note the change of parameter value compared with the old options.
+#      'off' use the record even if its date is outside of the range found in the input log file.
+#      'on'  use the record only if its date is in the range found in the input log file.
+#
+#redirector_filter_out_date on
+
+# TAG: redirector_log_format
+#      Format string for web proxy redirector logs.
+#      This option was named squidguard_log_format before sarg 2.3.
+#      REJIK       #year#-#mon#-#day# #hour# #list#:#tmp# #ip# #user# #tmp#/#tmp#/#url#/#end#
+#      SQUIDGUARD  #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
+#redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
+
+# TAG: show_sarg_info yes|no
+#      shows sarg information and site path on each report bottom
+#
+#show_sarg_info yes
+
+# TAG: show_sarg_logo yes|no
+#      shows sarg logo
+#
+#show_sarg_logo yes
+
+# TAG: parsed_output_log directory
+#      Saves the processed log in a sarg format after parsing the squid log file.
+#      This is a way to dump all of the data structures out, after parsing from 
+#      the logs (presumably this data will be much smaller than the log files themselves),
+#      and pull them back in for later processing and merging with data from previous logs.
+#
+#parsed_output_log none
+
+# TAG: parsed_output_log_compress /bin/gzip|/usr/bin/bzip2|nocompress
+#      Command to run to compress sarg parsed output log. It may contain
+#      options (such as -f to overwrite existing target file). The name of
+#      the file to compresse is provided at the end of this
+#      command line. Don't forget to quote things appropriately.
+#
+#parsed_output_log_compress /bin/gzip
+
+# TAG: displayed_values bytes|abbreviation
+#      how the values will be displayed in reports.
+#      eg. bytes       -  209.526
+#          abbreviation -  210K
+#
+#displayed_values bytes
+
+# Report limits
+# TAG: authfail_report_limit n
+# TAG: denied_report_limit n
+# TAG: siteusers_report_limit n
+# TAG: squidguard_report_limit n
+# TAG: user_report_limit n
+# TAG: dansguardian_report_limit n
+# TAG: download_report_limit n
+#      report limits (lines).
+#      '0' no limit
+#
+#authfail_report_limit 10
+#denied_report_limit 10
+#siteusers_report_limit 0
+#squidguard_report_limit 10
+#dansguardian_report_limit 10
+#user_report_limit 10
+#user_report_limit 50
+
+# TAG: www_document_root dir
+#     Where is your Web DocumentRoot
+#     Sarg will create sarg-php directory with some PHP modules:
+#     - sarg-squidguard-block.php - add urls from user reports to squidGuard DB
+#
+#www_document_root /var/www/html
+
+# TAG: block_it module_url
+#     This tag allow you to pass urls from user reports to a cgi or php module,
+#     to be blocked by some Squid acl
+#
+#     Eg.: block_it /sarg-php/sarg-block-it.php
+#     sarg-block-it is a php that will append a url to a flat file.
+#     You must change /var/www/html/sarg-php/sarg-block-it to point to your file
+#     in $filename variable, and chown to a httpd owner.
+#
+#     sarg will pass http://module_url?url=url
+#
+#block_it none
+
+# TAG: external_css_file path
+#     Provide the path to an external css file to link into the HTML reports instead of
+#     the inline css written by sarg when this option is not set.
+#
+#     In versions prior to 2.3, this used to be an absolute file name to
+#     a file to include verbatim in each HTML page but, as it takes a lot of
+#     space, version 2.3 switched to a link to an external css file.
+#     Therefore, this option must contain the HTTP server path on which a client
+#     browser may find the css file.
+#
+#     Sarg use theses style classes:
+#      .logo           logo class
+#      .info           sarg information class, align=center
+#      .title_c        title class, align=center
+#      .header_c       header class, align:center
+#      .header_l       header class, align:left
+#      .header_r       header class, align:right
+#      .text           text class, align:right
+#      .data           table text class, align:right
+#      .data2          table text class, align:left
+#      .data3          table text class, align:center
+#      .link           link class
+#
+#     Sarg can be instructed to output the internal css it inline
+#     into the reports with this command:
+#
+#        sarg --css
+#
+#     You can redirect the output to a file of your choice and edit
+#     it to your liking.
+#
+#external_css_file none
+
+# TAG: user_authentication yes|no
+#     Allow user authentication in User Reports using .htaccess
+#     Parameters:  
+#      AuthUserTemplateFile - The template to use to create the
+#     .htaccess file. In the template, %u is replaced by the
+#     user's ID for which the report is generated. The path of the
+#     template is relative to the directory containing sarg
+#     configuration file.
+#
+# user_authentication no
+# AuthUserTemplateFile sarg_htaccess
+
+# TAG: download_suffix "suffix,suffix,...,suffix"
+#    file suffix to be considered as "download" in Download report.
+#    Use 'none' to disable.    
+#
+download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"
+
+# TAG: ulimit n
+#    The maximum number of open file descriptors to avoid "Too many open files" error message.
+#    You need to run sarg as root to use ulimit tag.
+#    If you run sarg with a low privilege user, set to 'none' to disable ulimit
+#
+#ulimit 20000
+
+# TAG: ntlm_user_format username|domainname+username
+#      NTLM users format.
+#
+#ntlm_user_format domainname+username
+
+# TAG: realtime_refresh_time num sec
+#      How many time to auto refresh the realtime report
+#      0 = disable
+#
+# realtime_refresh_time 3
+
+# TAG: realtime_access_log_lines num
+#      How many last lines to get from access.log file 
+#
+# realtime_access_log_lines 1000
+
+# TAG: realtime_types: GET,PUT,CONNECT,ICP_QUERY,POST
+#      Which records must be in realtime report.
+#
+# realtime_types GET,PUT,CONNECT  
+
+# TAG: realtime_unauthenticated_records: ignore|show
+#      What to do with unauthenticated records in realtime report.
+#
+# realtime_unauthenticated_records: show
+
+# TAG: byte_cost value no_cost_limit
+#      Cost per byte.
+#      Eg. byte_cost 0.01 100000000
+#           per byte cost      = 0.01
+#           bytes with no cost = 100 Mb
+#      0 = disable
+#
+# byte_cost 0.01 50000000
+
+# TAG: squid24 on|off
+#      Compatilibity with squid version <= 2.4 when using emulate_http_log on
+#
+# squid24 off
diff --git a/config/sarg/update-sarg-reports b/config/sarg/update-sarg-reports
new file mode 100644 (file)
index 0000000..9f2ab4c
--- /dev/null
@@ -0,0 +1,188 @@
+#!/bin/bash
+###############################################################################
+#                                                                             #
+# IPFire.org - An Open Source Firewall Solution                               #
+# Copyright (C) 2012 Michael Tremer                                           #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+export LC_ALL=C
+
+SARG_CONFIG="/etc/sarg/sarg.conf"
+SQUID_LOG="/var/log/squid/access.log"
+REPORTS_PATH="/var/log/sarg"
+
+function date_calc() {
+       local when
+       local range="false"
+
+       case "${1}" in
+               month)
+                       when="1 month ago"
+                       range="true"
+                       ;;
+               week)
+                       when="1 week ago"
+                       ;;
+               yesterday)
+                       when="1 day ago"
+                       ;;
+               today)
+                       when="today"
+                       ;;
+               *)
+                       return 1
+                       ;;
+       esac
+
+       if [ "${range}" = "true" ]; then
+               echo "$(date --date "${when}" +01/%m/%Y)-$(date --date "${when}" +31/%m/%Y)"
+       else
+               date --date "${when}" +%d/%m/%Y
+       fi
+
+       return 0
+}
+
+function compile_report() {
+       local interval=${1}
+
+       local date
+       case "${interval}" in
+               today)
+                       date=$(date_calc today)
+                       ;;
+               daily)
+                       date=$(date_calc yesterday)
+                       ;;
+               weekly)
+                       date="$(date_calc week)-$(date_calc yesterday)"
+                       ;;
+               monthly)
+                       date="$(date_calc month)"
+                       ;;
+       esac
+       [ -n "${date}" ] || return 1
+
+       # Determine max. number of archived log files to search.
+       local max_logs
+       case "${interval}" in
+               today|daily)
+                       max_logs=3
+                       ;;
+               weekly)
+                       max_logs=14
+                       ;;
+               monthly)
+                       max_logs=40
+                       ;;
+       esac
+
+       # Create reports_path, if not exists.
+       local reports_path="${REPORTS_PATH}/${interval}"
+       mkdir -p ${reports_path}
+
+       # Remove already existant data on today's reports.
+       case "${interval}" in
+               today)
+                       rm -rf ${reports_path}/*
+                       ;;
+       esac
+
+       # Run SARG.
+       get_logs ${max_logs} | sarg -f ${SARG_CONFIG} -l - -d ${date} -o ${reports_path}
+}
+
+function get_logs() {
+       local max=${1}
+
+       if [ -z "${max}" ]; then
+               max=10000
+       fi
+
+       local idx=0
+       while [ ${idx} -le ${max} ]; do
+               file=$(search_log_file ${idx})
+
+               # If no log file could be opened, we are done.
+               [ -z "${file}" ] && break
+
+               case "${file}" in
+                       # Logs in plain text.
+                       *.log)
+                               cat ${file}
+                               ;;
+
+                       # GZip compressed log files.
+                       *.gz)
+                               gzip -d < ${file}
+                               ;;
+
+                       # XZ compressed log files.
+                       *.xz)
+                               xz -d < ${file}
+                               ;;
+
+                       # Unhandled stuff.
+                       *)
+                               echo "Unhandled file type: ${file}" >&2
+                               ;;
+               esac
+
+               idx=$(( ${idx} + 1 ))
+       done
+
+       return 0
+}
+
+function search_log_file() {
+       local idx=${1}
+
+       if [ "${idx}" = "0" ] && [ -e "${SQUID_LOG}" ]; then
+               echo "${SQUID_LOG}"
+               return 0
+       fi
+
+       local algo
+       for algo in gz xz; do
+               file="${SQUID_LOG}.${idx}.${algo}"
+
+               if [ -e "${file}" ]; then
+                       echo "${file}"
+                       return 0
+               fi
+       done
+
+       return 1
+}
+
+# Main.
+
+case "${1}" in
+       today|daily|weekly|monthly)
+               compile_report ${1}
+               ;;
+       *)
+               echo "${0} - Squid proxy reports creation tool"
+               echo
+               echo "Usage: ${0} [interval]"
+               echo "    interval: today, daily, weekly, monthly"
+               echo
+               exit 0
+               ;;
+esac
+
+exit 0
index 5a42ae5..137217c 100644 (file)
@@ -68,6 +68,9 @@ WARNING: translation string unused: cache size
 WARNING: translation string unused: calamaris report interval (in minutes)
 WARNING: translation string unused: calc traffic all x minutes
 WARNING: translation string unused: capsinactive
+WARNING: translation string unused: ccd err iroute
+WARNING: translation string unused: ccd err netadr
+WARNING: translation string unused: ccd maxclients
 WARNING: translation string unused: cfg restart
 WARNING: translation string unused: check for net traffic update
 WARNING: translation string unused: choose config
index 6d6a2a6..68fef77 100644 (file)
@@ -87,6 +87,8 @@ WARNING: translation string unused: cache size
 WARNING: translation string unused: calamaris report interval (in minutes)
 WARNING: translation string unused: calc traffic all x minutes
 WARNING: translation string unused: capsinactive
+WARNING: translation string unused: ccd err iroute
+WARNING: translation string unused: ccd err netadr
 WARNING: translation string unused: cfg restart
 WARNING: translation string unused: check for net traffic update
 WARNING: translation string unused: choose config
index 6bcbf86..eca067d 100644 (file)
@@ -500,7 +500,43 @@ WARNING: untranslated string: Async logging enabled
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: Set time on boot
 WARNING: untranslated string: advproxy errmsg invalid upstream proxy
+WARNING: untranslated string: attention
 WARNING: untranslated string: bytes
+WARNING: untranslated string: ccd add
+WARNING: untranslated string: ccd choose net
+WARNING: untranslated string: ccd client options
+WARNING: untranslated string: ccd clientip
+WARNING: untranslated string: ccd dynrange
+WARNING: untranslated string: ccd err blue
+WARNING: untranslated string: ccd err green
+WARNING: untranslated string: ccd err hostinnet
+WARNING: untranslated string: ccd err inuse
+WARNING: untranslated string: ccd err invalidname
+WARNING: untranslated string: ccd err invalidnet
+WARNING: untranslated string: ccd err irouteexist
+WARNING: untranslated string: ccd err isipsecnet
+WARNING: untranslated string: ccd err isovpnnet
+WARNING: untranslated string: ccd err issubnet
+WARNING: untranslated string: ccd err name
+WARNING: untranslated string: ccd err nameexist
+WARNING: untranslated string: ccd err netadrexist
+WARNING: untranslated string: ccd err orange
+WARNING: untranslated string: ccd err red
+WARNING: untranslated string: ccd err routeovpn
+WARNING: untranslated string: ccd err routeovpn2
+WARNING: untranslated string: ccd hint
+WARNING: untranslated string: ccd invalid
+WARNING: untranslated string: ccd iroute
+WARNING: untranslated string: ccd iroute2
+WARNING: untranslated string: ccd iroutehint
+WARNING: untranslated string: ccd modify
+WARNING: untranslated string: ccd name
+WARNING: untranslated string: ccd net
+WARNING: untranslated string: ccd noaddnet
+WARNING: untranslated string: ccd none
+WARNING: untranslated string: ccd routes
+WARNING: untranslated string: ccd subnet
+WARNING: untranslated string: ccd used
 WARNING: untranslated string: deprecated fs warn
 WARNING: untranslated string: fireinfo ipfire version
 WARNING: untranslated string: fireinfo is disabled
@@ -546,11 +582,28 @@ WARNING: untranslated string: outgoing firewall p2p description 2
 WARNING: untranslated string: outgoing firewall p2p description 3
 WARNING: untranslated string: outgoing firewall reserved groupname
 WARNING: untranslated string: outgoing firewall view group
+WARNING: untranslated string: ovpn errmsg green already pushed
+WARNING: untranslated string: ovpn errmsg invalid ip or mask
+WARNING: untranslated string: ovpn mtu-disc
+WARNING: untranslated string: ovpn mtu-disc and mtu not 1500
+WARNING: untranslated string: ovpn mtu-disc maybe
+WARNING: untranslated string: ovpn mtu-disc no
+WARNING: untranslated string: ovpn mtu-disc off
+WARNING: untranslated string: ovpn mtu-disc with mssfix or fragment
+WARNING: untranslated string: ovpn mtu-disc yes
+WARNING: untranslated string: ovpn routes push
+WARNING: untranslated string: ovpn routes push options
 WARNING: untranslated string: pakfire ago
+WARNING: untranslated string: proxy reports
+WARNING: untranslated string: proxy reports daily
+WARNING: untranslated string: proxy reports monthly
+WARNING: untranslated string: proxy reports today
+WARNING: untranslated string: proxy reports weekly
 WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: server restart
 WARNING: untranslated string: static routes
 WARNING: untranslated string: system information
 WARNING: untranslated string: visit us at
index 189932f..91beb6f 100644 (file)
@@ -499,7 +499,43 @@ WARNING: translation string unused: year-graph
 WARNING: translation string unused: yearly firewallhits
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: advproxy errmsg invalid upstream proxy
+WARNING: untranslated string: attention
 WARNING: untranslated string: bytes
+WARNING: untranslated string: ccd add
+WARNING: untranslated string: ccd choose net
+WARNING: untranslated string: ccd client options
+WARNING: untranslated string: ccd clientip
+WARNING: untranslated string: ccd dynrange
+WARNING: untranslated string: ccd err blue
+WARNING: untranslated string: ccd err green
+WARNING: untranslated string: ccd err hostinnet
+WARNING: untranslated string: ccd err inuse
+WARNING: untranslated string: ccd err invalidname
+WARNING: untranslated string: ccd err invalidnet
+WARNING: untranslated string: ccd err irouteexist
+WARNING: untranslated string: ccd err isipsecnet
+WARNING: untranslated string: ccd err isovpnnet
+WARNING: untranslated string: ccd err issubnet
+WARNING: untranslated string: ccd err name
+WARNING: untranslated string: ccd err nameexist
+WARNING: untranslated string: ccd err netadrexist
+WARNING: untranslated string: ccd err orange
+WARNING: untranslated string: ccd err red
+WARNING: untranslated string: ccd err routeovpn
+WARNING: untranslated string: ccd err routeovpn2
+WARNING: untranslated string: ccd hint
+WARNING: untranslated string: ccd invalid
+WARNING: untranslated string: ccd iroute
+WARNING: untranslated string: ccd iroute2
+WARNING: untranslated string: ccd iroutehint
+WARNING: untranslated string: ccd modify
+WARNING: untranslated string: ccd name
+WARNING: untranslated string: ccd net
+WARNING: untranslated string: ccd noaddnet
+WARNING: untranslated string: ccd none
+WARNING: untranslated string: ccd routes
+WARNING: untranslated string: ccd subnet
+WARNING: untranslated string: ccd used
 WARNING: untranslated string: deprecated fs warn
 WARNING: untranslated string: dns address deleted txt
 WARNING: untranslated string: fireinfo ipfire version
@@ -534,11 +570,24 @@ WARNING: untranslated string: openvpn subnet is used
 WARNING: untranslated string: other
 WARNING: untranslated string: our donors
 WARNING: untranslated string: outgoing firewall reserved groupname
+WARNING: untranslated string: ovpn mtu-disc
+WARNING: untranslated string: ovpn mtu-disc and mtu not 1500
+WARNING: untranslated string: ovpn mtu-disc maybe
+WARNING: untranslated string: ovpn mtu-disc no
+WARNING: untranslated string: ovpn mtu-disc off
+WARNING: untranslated string: ovpn mtu-disc with mssfix or fragment
+WARNING: untranslated string: ovpn mtu-disc yes
 WARNING: untranslated string: pakfire ago
+WARNING: untranslated string: proxy reports
+WARNING: untranslated string: proxy reports daily
+WARNING: untranslated string: proxy reports monthly
+WARNING: untranslated string: proxy reports today
+WARNING: untranslated string: proxy reports weekly
 WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: server restart
 WARNING: untranslated string: snort working
 WARNING: untranslated string: static routes
 WARNING: untranslated string: system information
index 6bcbf86..eca067d 100644 (file)
@@ -500,7 +500,43 @@ WARNING: untranslated string: Async logging enabled
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: Set time on boot
 WARNING: untranslated string: advproxy errmsg invalid upstream proxy
+WARNING: untranslated string: attention
 WARNING: untranslated string: bytes
+WARNING: untranslated string: ccd add
+WARNING: untranslated string: ccd choose net
+WARNING: untranslated string: ccd client options
+WARNING: untranslated string: ccd clientip
+WARNING: untranslated string: ccd dynrange
+WARNING: untranslated string: ccd err blue
+WARNING: untranslated string: ccd err green
+WARNING: untranslated string: ccd err hostinnet
+WARNING: untranslated string: ccd err inuse
+WARNING: untranslated string: ccd err invalidname
+WARNING: untranslated string: ccd err invalidnet
+WARNING: untranslated string: ccd err irouteexist
+WARNING: untranslated string: ccd err isipsecnet
+WARNING: untranslated string: ccd err isovpnnet
+WARNING: untranslated string: ccd err issubnet
+WARNING: untranslated string: ccd err name
+WARNING: untranslated string: ccd err nameexist
+WARNING: untranslated string: ccd err netadrexist
+WARNING: untranslated string: ccd err orange
+WARNING: untranslated string: ccd err red
+WARNING: untranslated string: ccd err routeovpn
+WARNING: untranslated string: ccd err routeovpn2
+WARNING: untranslated string: ccd hint
+WARNING: untranslated string: ccd invalid
+WARNING: untranslated string: ccd iroute
+WARNING: untranslated string: ccd iroute2
+WARNING: untranslated string: ccd iroutehint
+WARNING: untranslated string: ccd modify
+WARNING: untranslated string: ccd name
+WARNING: untranslated string: ccd net
+WARNING: untranslated string: ccd noaddnet
+WARNING: untranslated string: ccd none
+WARNING: untranslated string: ccd routes
+WARNING: untranslated string: ccd subnet
+WARNING: untranslated string: ccd used
 WARNING: untranslated string: deprecated fs warn
 WARNING: untranslated string: fireinfo ipfire version
 WARNING: untranslated string: fireinfo is disabled
@@ -546,11 +582,28 @@ WARNING: untranslated string: outgoing firewall p2p description 2
 WARNING: untranslated string: outgoing firewall p2p description 3
 WARNING: untranslated string: outgoing firewall reserved groupname
 WARNING: untranslated string: outgoing firewall view group
+WARNING: untranslated string: ovpn errmsg green already pushed
+WARNING: untranslated string: ovpn errmsg invalid ip or mask
+WARNING: untranslated string: ovpn mtu-disc
+WARNING: untranslated string: ovpn mtu-disc and mtu not 1500
+WARNING: untranslated string: ovpn mtu-disc maybe
+WARNING: untranslated string: ovpn mtu-disc no
+WARNING: untranslated string: ovpn mtu-disc off
+WARNING: untranslated string: ovpn mtu-disc with mssfix or fragment
+WARNING: untranslated string: ovpn mtu-disc yes
+WARNING: untranslated string: ovpn routes push
+WARNING: untranslated string: ovpn routes push options
 WARNING: untranslated string: pakfire ago
+WARNING: untranslated string: proxy reports
+WARNING: untranslated string: proxy reports daily
+WARNING: untranslated string: proxy reports monthly
+WARNING: untranslated string: proxy reports today
+WARNING: untranslated string: proxy reports weekly
 WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: server restart
 WARNING: untranslated string: static routes
 WARNING: untranslated string: system information
 WARNING: untranslated string: visit us at
index e25d81d..e36449a 100644 (file)
@@ -491,7 +491,43 @@ WARNING: untranslated string: Add a route
 WARNING: untranslated string: Edit an existing route
 WARNING: untranslated string: Scan for Songs
 WARNING: untranslated string: advproxy errmsg invalid upstream proxy
+WARNING: untranslated string: attention
 WARNING: untranslated string: bytes
+WARNING: untranslated string: ccd add
+WARNING: untranslated string: ccd choose net
+WARNING: untranslated string: ccd client options
+WARNING: untranslated string: ccd clientip
+WARNING: untranslated string: ccd dynrange
+WARNING: untranslated string: ccd err blue
+WARNING: untranslated string: ccd err green
+WARNING: untranslated string: ccd err hostinnet
+WARNING: untranslated string: ccd err inuse
+WARNING: untranslated string: ccd err invalidname
+WARNING: untranslated string: ccd err invalidnet
+WARNING: untranslated string: ccd err irouteexist
+WARNING: untranslated string: ccd err isipsecnet
+WARNING: untranslated string: ccd err isovpnnet
+WARNING: untranslated string: ccd err issubnet
+WARNING: untranslated string: ccd err name
+WARNING: untranslated string: ccd err nameexist
+WARNING: untranslated string: ccd err netadrexist
+WARNING: untranslated string: ccd err orange
+WARNING: untranslated string: ccd err red
+WARNING: untranslated string: ccd err routeovpn
+WARNING: untranslated string: ccd err routeovpn2
+WARNING: untranslated string: ccd hint
+WARNING: untranslated string: ccd invalid
+WARNING: untranslated string: ccd iroute
+WARNING: untranslated string: ccd iroute2
+WARNING: untranslated string: ccd iroutehint
+WARNING: untranslated string: ccd modify
+WARNING: untranslated string: ccd name
+WARNING: untranslated string: ccd net
+WARNING: untranslated string: ccd noaddnet
+WARNING: untranslated string: ccd none
+WARNING: untranslated string: ccd routes
+WARNING: untranslated string: ccd subnet
+WARNING: untranslated string: ccd used
 WARNING: untranslated string: deprecated fs warn
 WARNING: untranslated string: disk access per
 WARNING: untranslated string: extrahd because there is already a device mounted
@@ -516,10 +552,23 @@ WARNING: untranslated string: other
 WARNING: untranslated string: our donors
 WARNING: untranslated string: outgoing firewall reserved groupname
 WARNING: untranslated string: outgoing traffic in bytes per second
+WARNING: untranslated string: ovpn mtu-disc
+WARNING: untranslated string: ovpn mtu-disc and mtu not 1500
+WARNING: untranslated string: ovpn mtu-disc maybe
+WARNING: untranslated string: ovpn mtu-disc no
+WARNING: untranslated string: ovpn mtu-disc off
+WARNING: untranslated string: ovpn mtu-disc with mssfix or fragment
+WARNING: untranslated string: ovpn mtu-disc yes
+WARNING: untranslated string: proxy reports
+WARNING: untranslated string: proxy reports daily
+WARNING: untranslated string: proxy reports monthly
+WARNING: untranslated string: proxy reports today
+WARNING: untranslated string: proxy reports weekly
 WARNING: untranslated string: route config changed
 WARNING: untranslated string: routing config added
 WARNING: untranslated string: routing config changed
 WARNING: untranslated string: routing table
+WARNING: untranslated string: server restart
 WARNING: untranslated string: static routes
 WARNING: untranslated string: visit us at
 WARNING: untranslated string: vpn keyexchange
index 55e0e40..83fbf90 100644 (file)
@@ -4,6 +4,7 @@
 ############################################################################
 # Checking cgi-bin translations for language: en                           #
 ############################################################################
+< ccd maxclients
 ############################################################################
 # Checking install/setup translations for language: fr                     #
 ############################################################################
 # Checking cgi-bin translations for language: fr                           #
 ############################################################################
 < advproxy errmsg invalid upstream proxy
+< attention
+< ccd add
+< ccd choose net
+< ccd clientip
+< ccd client options
+< ccd dynrange
+< ccd err blue
+< ccd err green
+< ccd err hostinnet
+< ccd err inuse
+< ccd err invalidname
+< ccd err invalidnet
+< ccd err iroute
+< ccd err irouteexist
+< ccd err isipsecnet
+< ccd err isovpnnet
+< ccd err issubnet
+< ccd err name
+< ccd err nameexist
+< ccd err netadr
+< ccd err netadrexist
+< ccd err orange
+< ccd err red
+< ccd err routeovpn
+< ccd err routeovpn2
+< ccd hint
+< ccd invalid
+< ccd iroute
+< ccd iroute2
+< ccd iroutehint
+< ccd maxclients
+< ccd modify
+< ccd name
+< ccd net
+< ccd noaddnet
+< ccd none
+< ccd routes
+< ccd subnet
+< ccd used
 < deprecated fs warn
 < dns address deleted txt
 < fireinfo ipfire version
 < openvpn subnet is used
 < other
 < our donors
+< ovpn mtu-disc
+< ovpn mtu-disc and mtu not 1500
+< ovpn mtu-disc maybe
+< ovpn mtu-disc no
+< ovpn mtu-disc off
+< ovpn mtu-disc with mssfix or fragment
+< ovpn mtu-disc yes
+< proxy reports
+< proxy reports daily
+< proxy reports monthly
+< proxy reports today
+< proxy reports weekly
+< server restart
 < snort working
 < static routes
 < system information
 ############################################################################
 < advproxy errmsg invalid upstream proxy
 < Async logging enabled
+< attention
+< ccd add
+< ccd choose net
+< ccd clientip
+< ccd client options
+< ccd dynrange
+< ccd err blue
+< ccd err green
+< ccd err hostinnet
+< ccd err inuse
+< ccd err invalidname
+< ccd err invalidnet
+< ccd err iroute
+< ccd err irouteexist
+< ccd err isipsecnet
+< ccd err isovpnnet
+< ccd err issubnet
+< ccd err name
+< ccd err nameexist
+< ccd err netadr
+< ccd err netadrexist
+< ccd err orange
+< ccd err red
+< ccd err routeovpn
+< ccd err routeovpn2
+< ccd hint
+< ccd invalid
+< ccd iroute
+< ccd iroute2
+< ccd iroutehint
+< ccd maxclients
+< ccd modify
+< ccd name
+< ccd net
+< ccd noaddnet
+< ccd none
+< ccd routes
+< ccd subnet
+< ccd used
 < deprecated fs warn
 < fireinfo ipfire version
 < fireinfo is disabled
 < outgoing firewall p2p description 2
 < outgoing firewall p2p description 3
 < outgoing firewall view group
+< ovpn errmsg green already pushed
+< ovpn errmsg invalid ip or mask
+< ovpn mtu-disc
+< ovpn mtu-disc and mtu not 1500
+< ovpn mtu-disc maybe
+< ovpn mtu-disc no
+< ovpn mtu-disc off
+< ovpn mtu-disc with mssfix or fragment
+< ovpn mtu-disc yes
+< ovpn routes push
+< ovpn routes push options
+< proxy reports
+< proxy reports daily
+< proxy reports monthly
+< proxy reports today
+< proxy reports weekly
+< server restart
 < Set time on boot
 < static routes
 < system information
 # Checking cgi-bin translations for language: pl                           #
 ############################################################################
 < advproxy errmsg invalid upstream proxy
+< attention
+< ccd add
+< ccd choose net
+< ccd clientip
+< ccd client options
+< ccd dynrange
+< ccd err blue
+< ccd err green
+< ccd err hostinnet
+< ccd err inuse
+< ccd err invalidname
+< ccd err invalidnet
+< ccd err iroute
+< ccd err irouteexist
+< ccd err isipsecnet
+< ccd err isovpnnet
+< ccd err issubnet
+< ccd err name
+< ccd err nameexist
+< ccd err netadr
+< ccd err netadrexist
+< ccd err orange
+< ccd err red
+< ccd err routeovpn
+< ccd err routeovpn2
+< ccd hint
+< ccd invalid
+< ccd iroute
+< ccd iroute2
+< ccd iroutehint
+< ccd maxclients
+< ccd modify
+< ccd name
+< ccd net
+< ccd noaddnet
+< ccd none
+< ccd routes
+< ccd subnet
+< ccd used
 < deprecated fs warn
 < extrahd because there is already a device mounted
 < extrahd cant umount
 < openvpn subnet is used
 < other
 < our donors
+< ovpn errmsg green already pushed
+< ovpn errmsg invalid ip or mask
+< ovpn mtu-disc
+< ovpn mtu-disc and mtu not 1500
+< ovpn mtu-disc maybe
+< ovpn mtu-disc no
+< ovpn mtu-disc off
+< ovpn mtu-disc with mssfix or fragment
+< ovpn mtu-disc yes
+< ovpn routes push
+< ovpn routes push options
+< proxy reports
+< proxy reports daily
+< proxy reports monthly
+< proxy reports today
+< proxy reports weekly
+< server restart
 < static routes
 < visit us at
 < vpn keyexchange
 ############################################################################
 < Add a route
 < advproxy errmsg invalid upstream proxy
+< attention
+< ccd add
+< ccd choose net
+< ccd clientip
+< ccd client options
+< ccd dynrange
+< ccd err blue
+< ccd err green
+< ccd err hostinnet
+< ccd err inuse
+< ccd err invalidname
+< ccd err invalidnet
+< ccd err iroute
+< ccd err irouteexist
+< ccd err isipsecnet
+< ccd err isovpnnet
+< ccd err issubnet
+< ccd err name
+< ccd err nameexist
+< ccd err netadr
+< ccd err netadrexist
+< ccd err orange
+< ccd err red
+< ccd err routeovpn
+< ccd err routeovpn2
+< ccd hint
+< ccd invalid
+< ccd iroute
+< ccd iroute2
+< ccd iroutehint
+< ccd maxclients
+< ccd modify
+< ccd name
+< ccd net
+< ccd noaddnet
+< ccd none
+< ccd routes
+< ccd subnet
+< ccd used
 < day-graph
 < deprecated fs warn
 < disk access per
 < other
 < our donors
 < outgoing traffic in bytes per second
+< ovpn mtu-disc
+< ovpn mtu-disc and mtu not 1500
+< ovpn mtu-disc maybe
+< ovpn mtu-disc no
+< ovpn mtu-disc off
+< ovpn mtu-disc with mssfix or fragment
+< ovpn mtu-disc yes
+< proxy reports
+< proxy reports daily
+< proxy reports monthly
+< proxy reports today
+< proxy reports weekly
+< server restart
 < static routes
 < visit us at
 < vpn keyexchange
index 19a3693..07fdf8a 100644 (file)
@@ -24,6 +24,7 @@ my $unique=time;
 
 my $squidlogdir = "/var/log/squid";
 my $reportdir = "${General::swroot}/proxy/calamaris/reports";
+my $sargdir = "/var/log/sarg";
 
 unless (-e $reportdir) { mkdir($reportdir) }
 
@@ -98,6 +99,7 @@ if ($reportsettings{'ACTION'} eq $Lang::tr{'calamaris create report'})
        delete $reportsettings{'DAY_END'};
        delete $reportsettings{'MONTH_END'};
        delete $reportsettings{'YEAR_END'};
+       delete $reportsettings{'REPORT'};
 
        &General::writehash("${General::swroot}/proxy/calamaris/settings", \%reportsettings);
 
@@ -240,6 +242,86 @@ if ($errormessage) {
        &Header::closebox();
 }
 
+# Link sarg reports.
+if (-e $sargdir) {
+       &Header::openbox('100%', 'left', "$Lang::tr{'proxy reports'}:");
+
+       print <<END;
+               <table width="100%">
+                       <tr>
+END
+
+       # Today.
+       if (-e "$sargdir/today") {
+               print <<END;
+                       <td width="25%" align="center">
+                               <a href="/proxy-reports/today" target="_blank">$Lang::tr{'proxy reports today'}</a>
+                       </td>
+END
+       } else {
+               print <<END;
+                       <td width="25%" align="center">
+                               $Lang::tr{'proxy reports today'}
+                       </td>
+END
+       }
+
+       # Daily.
+       if (-e "$sargdir/daily") {
+               print <<END;
+                       <td width="25%" align="center">
+                               <a href="/proxy-reports/daily" target="_blank">$Lang::tr{'proxy reports daily'}</a>
+                       </td>
+END
+       } else {
+               print <<END;
+                       <td width="25%" align="center">
+                               $Lang::tr{'proxy reports daily'}
+                       </td>
+END
+       }
+
+       # Weekly.
+       if (-e "$sargdir/weekly") {
+               print <<END;
+                       <td width="25%" align="center">
+                               <a href="/proxy-reports/weekly" target="_blank">$Lang::tr{'proxy reports weekly'}</a>
+                       </td>
+END
+       } else {
+               print <<END;
+                       <td width="25%" align="center">
+                               $Lang::tr{'proxy reports weekly'}
+                       </td>
+END
+       }
+
+       # Monthly.
+       if (-e "$sargdir/monthly") {
+               print <<END;
+                       <td width="25%" align="center">
+                               <a href="/proxy-reports/monthly" target="_blank">$Lang::tr{'proxy reports monthly'}</a>
+                       </td>
+END
+       } else {
+               print <<END;
+                       <td width="25%" align="center">
+                               $Lang::tr{'proxy reports monthly'}
+                       </td>
+END
+       }
+
+       print <<END;
+                       </tr>
+               </table>
+
+               <br><br>
+END
+
+       &Header::closebox();
+}
+
+
 &Header::openbox('100%', 'left', "$Lang::tr{'settings'}:");
 
 print <<END
@@ -493,12 +575,11 @@ END
 if (@reports)
 {
        print "<td><select name='REPORT' size='5'>\n";
-       my $n=0;
        foreach (@reports)
        {
                @reportdata=split(/#/);
                print "\t<option ";
-               if ($n eq '0') { print "selected "; $reportsettings{'REPORT'}=$reportdata[1]; $n++}
+               if ($reportsettings{'REPORT'} eq $reportdata[1]) { print "selected ";}
                print "value='$reportdata[1]'>$reportdata[2] &nbsp;-&nbsp; $reportdata[3]</option>\n";
        }
        print "</select></td>\n";
old mode 100644 (file)
new mode 100755 (executable)
index 990fe66..2b0c4ba
@@ -36,10 +36,10 @@ require "${General::swroot}/header.pl";
 require "${General::swroot}/countries.pl";
 
 # enable only the following on debugging purpose
-use warnings;
-use CGI::Carp 'fatalsToBrowser';
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
 #workaround to suppress a warning when a variable is used only once
-my @dummy = ( ${Header::colourgreen} );
+my @dummy = ( ${Header::colourgreen}, ${Header::colourblue} );
 undef (@dummy);
 
 my %color = ();
@@ -50,6 +50,9 @@ my %mainsettings = ();
 ###
 ### Initialize variables
 ###
+my %ccdconfhash=();
+my %ccdroutehash=();
+my %ccdroute2hash=();
 my %netsettings=();
 my %cgiparams=();
 my %vpnsettings=();
@@ -61,6 +64,10 @@ my $warnmessage = '';
 my $errormessage = '';
 my %settings=();
 my $routes_push_file = '';
+my $confighost="${General::swroot}/fwhosts/customhosts";
+my $configgrp="${General::swroot}/fwhosts/customgroups";
+my $customnet="${General::swroot}/fwhosts/customnetworks";
+my $name;
 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
 $cgiparams{'ENABLED'} = 'off';
 $cgiparams{'ENABLED_BLUE'} = 'off';
@@ -77,8 +84,13 @@ $cgiparams{'DHCP_WINS'} = '';
 $cgiparams{'ROUTES_PUSH'} = '';
 $cgiparams{'DCOMPLZO'} = 'off';
 $cgiparams{'MSSFIX'} = '';
+$cgiparams{'number'} = '';
+$cgiparams{'PMTU_DISCOVERY'} = '';
 $routes_push_file = "${General::swroot}/ovpn/routes_push";
 unless (-e $routes_push_file)    { system("touch $routes_push_file"); }
+unless (-e "${General::swroot}/ovpn/ccd.conf")    { system("touch ${General::swroot}/ovpn/ccd.conf"); }
+unless (-e "${General::swroot}/ovpn/ccdroute")    { system("touch ${General::swroot}/ovpn/ccdroute"); }
+unless (-e "${General::swroot}/ovpn/ccdroute2")    { system("touch ${General::swroot}/ovpn/ccdroute2"); }
 
 &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
 
@@ -313,7 +325,6 @@ sub disallowreserved
        return;
 }
 
-
 sub writeserverconf {
     my %sovpnsettings = ();  
     my @temp = ();  
@@ -329,7 +340,6 @@ sub writeserverconf {
     print CONF "#DAN prepare OpenVPN for listening on blue and orange\n";
     print CONF ";local $sovpnsettings{'VPN_IP'}\n";
     print CONF "dev $sovpnsettings{'DDEVICE'}\n";
-    print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n";
     print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
     print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
     print CONF "script-security 3 system\n";
@@ -342,18 +352,48 @@ sub writeserverconf {
     print CONF "dh /var/ipfire/ovpn/ca/dh1024.pem\n";
     my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'});
     print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n";
-    print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
-    
+    #print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
+   
+    # Check if we are using mssfix, fragment or mtu-disc and set the corretct mtu of 1500.
+    # If we doesn't use one of them, we can use the configured mtu value.
+    if ($sovpnsettings{'MSSFIX'} eq 'on') 
+       { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
+    elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') 
+       { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
+    elsif (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
+          ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
+          ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
+       { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } 
+    else 
+       { print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; }
+
     if ($vpnsettings{'ROUTES_PUSH'} ne '') {
-       @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'});
-       foreach (@temp)
-       {
-               @tempovpnsubnet = split("\/",&General::ipcidr2msk($_));
-               print CONF "push \"route " . $tempovpnsubnet[0]. " " .  $tempovpnsubnet[1] . "\"\n";
+               @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'});
+               foreach (@temp)
+               {
+                       @tempovpnsubnet = split("\/",&General::ipcidr2msk($_));
+                       print CONF "push \"route " . $tempovpnsubnet[0]. " " .  $tempovpnsubnet[1] . "\"\n";
+               }
        }
-    }
+# a.marx ccd
+       my %ccdconfhash=();
+       &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+       foreach my $key (keys %ccdconfhash) {
+               my $a=$ccdconfhash{$key}[1];
+               my ($b,$c) = split (/\//, $a);
+               print CONF "route $b ".&General::cidrtosub($c)."\n";
+       }
+       my %ccdroutehash=();
+       &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+       foreach my $key (keys %ccdroutehash) {
+               foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
+                       my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]);
+                       print CONF "route $a $b\n";
+               }
+       }
+# ccd end
 
-    if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
+       if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
        print CONF "client-to-client\n";
     }
     if ($sovpnsettings{MSSFIX} eq 'on') {
@@ -362,6 +402,14 @@ sub writeserverconf {
     if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') {
        print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";   
     }
+
+    # Check if a valid operating mode has been choosen and use it.
+    if (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
+       ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
+       ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' )) {
+               print CONF "mtu-disc $sovpnsettings{'PMTU_DISCOVERY'}\n";
+    }
+
     if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {  
        print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
     }  
@@ -407,7 +455,7 @@ sub writeserverconf {
     
     close(CONF);
 }    
-#
+
 sub emptyserverlog{
     if (open(FILE, ">/var/log/ovpnserver.log")) {
        flock FILE, 2;
@@ -417,6 +465,274 @@ sub emptyserverlog{
 
 }
 
+sub delccdnet 
+{
+       my %ccdconfhash = ();
+       my %ccdhash = ();
+       my $ccdnetname=$_[0];
+       if (-f "${General::swroot}/ovpn/ovpnconfig"){
+               &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
+               foreach my $key (keys %ccdhash) {
+                       if ($ccdhash{$key}[32] eq $ccdnetname) {
+                               $errormessage=$Lang::tr{'ccd err hostinnet'};
+                               return;
+                       }
+               }
+       }
+       &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+       foreach my $key (keys %ccdconfhash) {
+                       if ($ccdconfhash{$key}[0] eq $ccdnetname){
+                               delete $ccdconfhash{$key};
+                       }
+       }
+       &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+       
+       &writeserverconf;
+       return 0;
+}
+
+sub addccdnet
+{
+       my %ccdconfhash=();
+       my @ccdconf=();
+       my $ccdname=$_[0];
+       my $ccdnet=$_[1];
+       my $subcidr;
+       my @ip2=();
+       my $checkup;
+       my $ccdip;
+       my $baseaddress;
+       
+       
+       #check name     
+       if ($ccdname eq '') 
+       {
+               $errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>";
+               return
+       }
+       
+       if(!&General::validhostname($ccdname))
+       {
+               $errormessage=$Lang::tr{'ccd err invalidname'};
+               return;
+       }
+               
+       ($ccdip,$subcidr) = split (/\//,$ccdnet);
+       $subcidr=&General::iporsubtocidr($subcidr);
+       #check subnet
+       if ($subcidr > 30)
+       {
+               $errormessage=$Lang::tr{'ccd err invalidnet'};
+               return;
+       }
+       #check ip
+       if (!&General::validipandmask($ccdnet)){
+               $errormessage=$Lang::tr{'ccd err invalidnet'};
+               return;
+       }
+       
+       $errormessage=&General::checksubnets($ccdname,$ccdnet);
+       
+               
+       if (!$errormessage) {
+               my %ccdconfhash=();
+               $baseaddress=&General::getnetworkip($ccdip,$subcidr);
+               &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+               my $key = &General::findhasharraykey (\%ccdconfhash);
+               foreach my $i (0 .. 1) { $ccdconfhash{$key}[$i] = "";}
+               $ccdconfhash{$key}[0] = $ccdname;
+               $ccdconfhash{$key}[1] = $baseaddress."/".$subcidr;
+               &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+               &writeserverconf;
+               $cgiparams{'ccdname'}='';
+               $cgiparams{'ccdsubnet'}='';
+               return 1;
+       }
+}
+
+sub modccdnet
+{
+       
+       my $newname=$_[0];
+       my $oldname=$_[1];
+       my %ccdconfhash=();
+       my %ccdhash=();
+       &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+       foreach my $key (keys %ccdconfhash) {
+               if ($ccdconfhash{$key}[0] eq $oldname) {
+                       foreach my $key1 (keys %ccdconfhash) {
+                               if ($ccdconfhash{$key1}[0] eq $newname){
+                                       $errormessage=$errormessage.$Lang::tr{'ccd err netadrexist'};
+                                       return;
+                               }else{
+                                       $ccdconfhash{$key}[0]= $newname;
+                                       &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+                                       last;
+                               }
+                       }
+               }
+       }
+       
+       &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
+               foreach my $key (keys %ccdhash) {
+                       if ($ccdhash{$key}[32] eq $oldname) {
+                               $ccdhash{$key}[32]=$newname;
+                               &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
+                               last;
+                       }
+               }
+       
+       return 0;
+}
+sub ccdmaxclients
+{
+       my $ccdnetwork=$_[0];
+       my @octets=();
+       my @subnet=();
+       @octets=split("\/",$ccdnetwork);
+       @subnet= split /\./, &General::cidrtosub($octets[1]);
+       my ($a,$b,$c,$d,$e);
+       $a=256-$subnet[0];
+       $b=256-$subnet[1];
+       $c=256-$subnet[2];
+       $d=256-$subnet[3];
+       $e=($a*$b*$c*$d)/4;
+       return $e-1;
+}
+
+sub getccdadresses 
+{
+       my $ipin=$_[0];
+       my ($ip1,$ip2,$ip3,$ip4)=split  /\./, $ipin;
+       my $cidr=$_[1];
+       chomp($cidr);
+       my $count=$_[2];
+       my $hasip=$_[3];
+       chomp($hasip);
+       my @iprange=();
+       my %ccdhash=();
+       &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
+       $iprange[0]=$ip1.".".$ip2.".".$ip3.".".2;
+       for (my $i=1;$i<=$count;$i++) {
+               my $tmpip=$iprange[$i-1];
+               my $stepper=$i*4;
+               $iprange[$i]= &General::getnextip($tmpip,4);
+       }
+       my $r=0;
+       foreach my $key (keys %ccdhash) {
+               $r=0;
+               foreach  my $tmp (@iprange){
+                       my ($net,$sub) = split (/\//,$ccdhash{$key}[33]);
+                       if ($net eq $tmp) {
+                               if ( $hasip ne  $ccdhash{$key}[33] ){
+                                       splice (@iprange,$r,1);
+                               }
+                       }
+                       $r++;
+               }
+       }
+       return @iprange;
+}
+
+sub fillselectbox
+{
+       my $boxname=$_[1];
+       my ($ccdip,$subcidr) = split("/",$_[0]); 
+       my $tz=$_[2];
+       my @allccdips=&getccdadresses($ccdip,$subcidr,&ccdmaxclients($ccdip."/".$subcidr),$tz);
+       print"<select name='$boxname' STYLE='font-family : arial; font-size : 9pt; width:130px;' >";
+       foreach (@allccdips) {
+               my $ip=$_."/30";
+               chomp($ip);
+               print "<option value='$ip' ";
+               if ( $ip eq $cgiparams{$boxname} ){
+                       print"selected";
+               }
+               print ">$ip</option>";
+       }
+       print "</select>";
+}
+
+sub hostsinnet
+{
+       my $name=$_[0];
+       my %ccdhash=();
+       my $i=0;
+       &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
+       foreach my $key (keys %ccdhash) {
+               if ($ccdhash{$key}[32] eq $name){ $i++;}
+       }
+       return $i;
+}
+
+sub check_routes_push
+{
+                       my $val=$_[0];
+                       my ($ip,$cidr) = split (/\//, $val);
+                       ##check for existing routes in routes_push
+                       if (-e "${General::swroot}/ovpn/routes_push") {
+                               open(FILE,"${General::swroot}/ovpn/routes_push");
+                               while (<FILE>) {
+                                       $_=~s/\s*$//g;
+                                       
+                                       my ($ip2,$cidr2) = split (/\//,"$_");
+                                       my $val2=$ip2."/".&General::iporsubtodec($cidr2);
+                                       
+                                       if($val eq $val2){
+                                               return 0;
+                                       }
+                                       #subnetcheck
+                                       if (&General::IpInSubnet ($ip,$ip2,&General::iporsubtodec($cidr2))){
+                                               return 0;
+                                       }
+                               };
+                               close(FILE);
+                       }
+       return 1;
+}
+
+sub check_ccdroute
+{
+       my %ccdroutehash=();
+       my $val=$_[0];
+       my ($ip,$cidr) = split (/\//, $val);
+       #check for existing routes in ccdroute
+       &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+       foreach my $key (keys %ccdroutehash) {
+               foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
+                       if (&General::iporsubtodec($val) eq $ccdroutehash{$key}[$i] && $ccdroutehash{$key}[0] ne $cgiparams{'NAME'}){
+                               return 0;
+                       }
+                       my ($ip2,$cidr2) = split (/\//,$ccdroutehash{$key}[$i]);
+                       #subnetcheck
+                       if (&General::IpInSubnet ($ip,$ip2,$cidr2)&& $ccdroutehash{$key}[0] ne $cgiparams{'NAME'} ){
+                               return 0;
+                       }
+               }
+       }
+       return 1;
+}
+sub check_ccdconf
+{
+       my %ccdconfhash=();
+       my $val=$_[0];
+       my ($ip,$cidr) = split (/\//, $val);
+       #check for existing routes in ccdroute
+       &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+       foreach my $key (keys %ccdconfhash) {
+               if (&General::iporsubtocidr($val) eq $ccdconfhash{$key}[1]){
+                               return 0;
+                       }
+                       my ($ip2,$cidr2) = split (/\//,$ccdconfhash{$key}[1]);
+                       #subnetcheck
+                       if (&General::IpInSubnet ($ip,$ip2,&General::cidrtosub($cidr2))){
+                               return 0;
+                       }
+               
+       }
+       return 1;
+}
+
 ###
 # m.a.d net2net
 ###
@@ -451,6 +767,7 @@ sub read_routepushfile
                while (<FILE>) { $vpnsettings{'ROUTES_PUSH'} .= $_ };
                close(FILE);
                $cgiparams{'ROUTES_PUSH'} = $vpnsettings{'ROUTES_PUSH'};
+               
        }
 }
 
@@ -490,11 +807,11 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'} ||
        &emptyserverlog();      
     }   
 #    #restart openvpn server
-    if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){
+#    if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){
 #workarund, till SIGHUP also works when running as nobody    
-       system('/usr/local/bin/openvpnctrl', '-r');     
-       &emptyserverlog();      
-    }       
+#      system('/usr/local/bin/openvpnctrl', '-r');     
+#      &emptyserverlog();      
+#    }       
 }
 
 ###
@@ -516,6 +833,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
     $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
     $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
     $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
+    $vpnsettings{'PMTU_DISCOVERY'} = $cgiparams{'PMTU_DISCOVERY'};
     my @temp=();
     
     if ($cgiparams{'FRAGMENT'} eq '') {
@@ -533,6 +851,17 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
     } else {
        $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
     }
+
+    if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
+        ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
+        ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
+
+       if (($cgiparams{'MSSFIX'} eq 'on') || ($cgiparams{'FRAGMENT'} ne '')) {
+               $errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'};
+               goto ADV_ERROR;
+       }
+    }
+               
     if ($cgiparams{'DHCP_DOMAIN'} ne ''){
        unless (&General::validfqdn($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
                $errormessage = $Lang::tr{'invalid input for dhcp domain'};
@@ -554,24 +883,47 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
     if ($cgiparams{'ROUTES_PUSH'} ne ''){
        @temp = split(/\n/,$cgiparams{'ROUTES_PUSH'});
        undef $vpnsettings{'ROUTES_PUSH'};
-       foreach (@temp)
+       
+       foreach my $tmpip (@temp)
        {
                s/^\s+//g; s/\s+$//g;
-               if ($_)
+               
+               if ($tmpip)
                {
-                       unless (&General::validipandmask($_)) {
-                               $errormessage = $Lang::tr{'ovpn errmsg invalid ip or mask'};
-                       goto ADV_ERROR;
+                       $tmpip=~s/\s*$//g; 
+                       unless (&General::validipandmask($tmpip)) {
+                               $errormessage = "$tmpip ".$Lang::tr{'ovpn errmsg invalid ip or mask'};
+                               goto ADV_ERROR;
                        }
-                       my ($ip, $cidr) = split("\/",&General::ipcidr2msk($_));
+                       my ($ip, $cidr) = split("\/",&General::ipcidr2msk($tmpip));
+                       
                        if ($ip eq $netsettings{'GREEN_NETADDRESS'} && $cidr eq $netsettings{'GREEN_NETMASK'}) {
                                $errormessage = $Lang::tr{'ovpn errmsg green already pushed'};
-  goto ADV_ERROR;
+                               goto ADV_ERROR;
                        }
-                       $vpnsettings{'ROUTES_PUSH'} .= $_."\n";
+# a.marx ccd                   
+                       my %ccdroutehash=();
+                       &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+                       foreach my $key (keys %ccdroutehash) {
+                               foreach my $i (1 .. $#{$ccdroutehash{$key}}) { 
+                                       if ( $ip."/".$cidr eq $ccdroutehash{$key}[$i] ){
+                                               $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ;
+                                               goto ADV_ERROR;
+                                       }
+                                       my ($ip2,$cidr2) = split(/\//,$ccdroutehash{$key}[$i]);
+                                       if (&General::IpInSubnet ($ip,$ip2,$cidr2)){
+                                               $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ;
+                                               goto ADV_ERROR;
+                                       }
+                               }
+                       }
+                       
+# ccd end
+                       
+                       $vpnsettings{'ROUTES_PUSH'} .= $tmpip."\n";
                }
-       }
-       &write_routepushfile;
+       }
+    &write_routepushfile;
        undef $vpnsettings{'ROUTES_PUSH'};
     }
        else {
@@ -656,6 +1008,17 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
   if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";} 
   if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; }; 
   }
+
+  # Check if a valid operating mode has been choosen and use it.
+  if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
+      ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
+      ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
+       if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) {
+               if($cgiparams{'MTU'} eq '1500') {
+                       print SERVERCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n";
+               }
+       }
+  }
   print SERVERCONF "# Auth. Server\n"; 
   print SERVERCONF "tls-server\n"; 
   print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; 
@@ -734,6 +1097,17 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
   if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";}
   if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; }; 
   }
+
+  # Check if a valid operating mode has been choosen and use it.
+  if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
+      ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
+      ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
+        if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) {
+               if ($cgiparams{'MTU'} eq '1500') {
+                       print CLIENTCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n";
+               }
+        }
+  }
  
   print CLIENTCONF "ns-cert-type server\n";   
   print CLIENTCONF "# Auth. Client\n"; 
@@ -1571,29 +1945,26 @@ END
     my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk \'{print \$1}\'`;
     
     if ($confighash{$cgiparams{'KEY'}}) {
+               if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
+                       $confighash{$cgiparams{'KEY'}}[0] = 'on';
+                       &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
-
-       if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
-           $confighash{$cgiparams{'KEY'}}[0] = 'on';
-           &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-
-     if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
+                       if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
                  system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
-          }
-  } else {
+                       }
+               } else {
 
-           $confighash{$cgiparams{'KEY'}}[0] = 'off';
-      &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+                       $confighash{$cgiparams{'KEY'}}[0] = 'off';
+                       &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
-          if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
+                       if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
                     if ($n2nactive ne ''){                             
-                    system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
-           }
+                                               system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
+                                       }
  
-          } else {
+                       } else {
                  $errormessage = $Lang::tr{'invalid key'};
-          }
+                       }
       }
   }
 
@@ -1665,6 +2036,15 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
    if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";}
    if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";}
    }
+   if (($confighash{$cgiparams{'KEY'}}[38] eq 'yes') ||
+       ($confighash{$cgiparams{'KEY'}}[38] eq 'maybe') ||
+       ($confighash{$cgiparams{'KEY'}}[38] eq 'no' )) {
+       if (($confighash{$cgiparams{'KEY'}}[23] ne 'on') || ($confighash{$cgiparams{'KEY'}}[24] eq '')) {
+               if ($tunmtu eq '1500' ) {
+                       print CLIENTCONF "mtu-disc $confighash{$cgiparams{'KEY'}}[38]\n";
+               }
+       }
+   }
    print CLIENTCONF "ns-cert-type server\n";   
    print CLIENTCONF "# Auth. Client\n"; 
    print CLIENTCONF "tls-client\n"; 
@@ -1718,12 +2098,26 @@ else
     
     my $zip = Archive::Zip->new();
     
-    print CLIENTCONF "#OpenVPN Server conf\r\n";
+    print CLIENTCONF "#OpenVPN Client conf\r\n";
     print CLIENTCONF "tls-client\r\n";
     print CLIENTCONF "client\r\n";
+    print CLIENTCONF "nobind\n";
     print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n";
     print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n";
-    print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n";
+
+    # Check if we are using fragment, mssfix or mtu-disc and set MTU to 1500
+    # or use configured value.
+    if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' )
+       { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
+    elsif ($vpnsettings{MSSFIX} eq 'on')
+       { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
+    elsif (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
+           ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
+           ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' )) 
+       { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
+    else
+       { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; }
+
     if ( $vpnsettings{'ENABLED'} eq 'on'){
        print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n";
        if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){ 
@@ -1767,6 +2161,15 @@ else
     if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) {
        print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
     }
+
+    # Check if a valid operating mode has been choosen and use it.
+    if (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
+        ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
+        ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' )) {
+       if(($vpnsettings{MSSFIX} ne 'on') || ($vpnsettings{FRAGMENT} eq '')) {
+               print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\n";
+       }
+    }
     close(CLIENTCONF);
         
     $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
@@ -1814,10 +2217,41 @@ else
 }
 
   unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
-       unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+  unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+
+# A.Marx CCD delete ccd files and routes
+
+       
+       if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]")
+       {
+               unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]";
+       }
+       
+       &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+       foreach my $key (keys %ccdroutehash) {
+               if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
+                       delete $ccdroutehash{$key};
+               }
+       }
+       &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+       
+       &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+       foreach my $key (keys %ccdroute2hash) {
+               if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
+                       delete $ccdroute2hash{$key};
+               }
+       }
+       &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+       &writeserverconf;
+       
+       
+# CCD end 
+
+       
        delete $confighash{$cgiparams{'KEY'}};
        my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
        &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+
        #&writeserverconf();
     } else {
        $errormessage = $Lang::tr{'invalid key'};
@@ -1884,9 +2318,11 @@ else
     %cgiparams = ();
     %cahash = ();
     %confighash = ();
+    my $disabled;
     &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
     read_routepushfile;
-
+       
+       
 #    if ($cgiparams{'CLIENT2CLIENT'} eq '') {
 #      $cgiparams{'CLIENT2CLIENT'} =  'on';     
 #    }
@@ -1913,6 +2349,7 @@ ADV_ERROR:
     $checked{'MSSFIX'}{'off'} = '';
     $checked{'MSSFIX'}{'on'} = '';
     $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
+    $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
     $selected{'LOG_VERB'}{'1'} = '';
     $selected{'LOG_VERB'}{'2'} = '';
     $selected{'LOG_VERB'}{'3'} = '';
@@ -1926,9 +2363,7 @@ ADV_ERROR:
     $selected{'LOG_VERB'}{'11'} = '';
     $selected{'LOG_VERB'}{'0'} = '';
     $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
-
-
-    
+   
     &Header::showhttpheaders();
     &Header::openpage($Lang::tr{'status ovpn'}, 1, '');
     &Header::openbigbox('100%', 'LEFT', '', $errormessage);    
@@ -1940,8 +2375,8 @@ ADV_ERROR:
     }
     &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'});
     print <<END
-    <form method='post' enctype='multipart/form-data'>
-    <table width='100%'>
+    <form method='post' enctype='multipart/form-data' disabled>
+    <table width='100%' border=0>
     <tr>
        <td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
     </tr>
@@ -1950,7 +2385,7 @@ ADV_ERROR:
     </tr>      
     <tr>               
        <td class='base'>Domain</td>
-        <td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30' /></td>
+        <td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30'  /></td>
     </tr>
     <tr>       
        <td class='base'>DNS</td>
@@ -1975,7 +2410,7 @@ if ($cgiparams{'ROUTES_PUSH'} ne '')
        print $cgiparams{'ROUTES_PUSH'};
 }
 
-print <<END
+print <<END;
 </textarea></td>
 </tr>
     </tr>
@@ -1986,7 +2421,7 @@ print <<END
        <td class'base'><b>$Lang::tr{'misc-options'}</b></td>
     </tr>
     <tr>
-       <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='50%'></td>
+       <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td>
     </tr>
     <tr>
        <td class='base'>Client-To-Client</td>
@@ -2015,7 +2450,15 @@ print <<END
          <td class='base'>mssfix</td>
          <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
          <td>Default: on</td>
-         </tr> 
+         </tr>
+
+       <tr>
+               <td class='base'>$Lang::tr{'ovpn mtu-disc'}</td>
+               <td><input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}</td>
+               <td><input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}</td>
+               <td><input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'}</td>
+               <td><input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'}</td>
+       </tr>
 </table>
 
 <!--
@@ -2057,8 +2500,30 @@ print <<END
                                    <option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
                                    <option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
                                    <option value='0'  $selected{'LOG_VERB'}{'0'}>0</option></select></td>      
-</table>
-<hr size='1'>
+</table><hr>
+END
+
+if ( -e "/var/run/openvpn.pid"){
+print" <br><b><font color='#990000'>$Lang::tr{'attention'}:</b></font><br>
+               $Lang::tr{'server restart'}<br><br>
+               <hr>";
+               print<<END
+<table width='100%'>
+<tr>
+    <td>&nbsp;</td>
+    <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' disabled='disabled' /></td>
+    <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
+    <td>&nbsp;</td>    
+</tr>
+</table>    
+</form>
+END
+;              
+               
+               
+}else{
+
+print<<END
 <table width='100%'>
 <tr>
     <td>&nbsp;</td>
@@ -2070,13 +2535,135 @@ print <<END
 </form>
 END
 ;                                 
-
+}
     &Header::closebox();
 #    print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
     &Header::closebigbox();
     &Header::closepage();
     exit(0);
        
+
+# A.Marx CCD   Add,delete or edit CCD net
+
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ccd net'} || 
+               $cgiparams{'ACTION'} eq $Lang::tr{'ccd add'} ||  
+               $cgiparams{'ACTION'} eq "kill" || 
+               $cgiparams{'ACTION'} eq "edit" ||
+               $cgiparams{'ACTION'} eq 'editsave'){
+       &Header::showhttpheaders();
+       &Header::openpage($Lang::tr{'ccd net'}, 1, '');
+       &Header::openbigbox('100%', 'LEFT', '', '');
+
+       if ($cgiparams{'ACTION'} eq "kill"){
+               &delccdnet($cgiparams{'net'});
+       }
+       
+       if ($cgiparams{'ACTION'} eq 'editsave'){
+               my ($a,$b) =split (/\|/,$cgiparams{'ccdname'});
+               if ( $a ne $b){ &modccdnet($a,$b);}
+               $cgiparams{'ccdname'}='';
+               $cgiparams{'ccdsubnet'}='';
+       }
+       
+       if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) {
+               &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'});
+       }
+       if ($errormessage) {
+           &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
+           print "<class name='base'>$errormessage";
+           print "&nbsp;</class>";
+           &Header::closebox();                
+       }
+if ($cgiparams{'ACTION'} eq "edit"){
+       
+       &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'});
+
+       print <<END
+    <table width='100%' border=0>
+    <tr><form method='post'>
+       <td width='10%' nowrap='nowrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
+       <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' readonly /></td></tr>
+       <tr><td colspan='4' align='right'><hr><input type='submit' value='$Lang::tr{'save'}' /><input type='hidden' name='ACTION' value='editsave'/>
+       <input type='hidden' name='ccdname' value='$cgiparams{'ccdname'}'/><input type='submit' value='$Lang::tr{'cancel'}' />
+       </td></tr>
+       </table></form>
+END
+;
+       &Header::closebox();
+
+       &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
+       print <<END
+    <table width='100%' border='0'  cellpadding='0' cellspacing='1'>
+    <tr>
+       <td class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' width='15%' align='center'><b>$Lang::tr{'ccd used'}</td><td width='3%'></td><td width='3%'></td></tr>
+END
+;
+}
+else{
+       if (! -e "/var/run/openvpn.pid"){
+       &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd add'});
+               print <<END;
+           <table width='100%' border='0'>
+           <tr><form method='post'>
+               <td colspan='4'>$Lang::tr{'ccd hint'}<br><br></td></tr>
+               <tr>
+               <td width='10%' nowrap='nwrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
+               <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' /></td></tr>
+               <tr><td colspan=4><hr /></td></tr><tr>
+               <td colspan='4' align='right'><input type='hidden' name='ACTION' value='$Lang::tr{'ccd add'}' /><input type='submit' value='$Lang::tr{'add'}' /><input type='hidden' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}'/></td></tr>
+               </table></form>
+END
+       
+       &Header::closebox();
+}
+       &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
+       if ( -e "/var/run/openvpn.pid"){
+               print "<b>$Lang::tr{'attention'}:</b><br>";
+               print "$Lang::tr{'ccd noaddnet'}<br><hr>";
+       }
+       
+       print <<END
+    <table width='100%' border='0'  cellpadding='0' cellspacing='1'>
+    <tr>
+       <td class='boldbase' align='center' nowrap='nowrap' width='20%'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center' width='8%'><b>$Lang::tr{'network'}</td><td class='boldbase' width='8%' align='center' nowrap='nowrap'><b>$Lang::tr{'ccd used'}</td><td width='1%' align='center'></td><td width='1%' align='center'></td></tr>
+END
+;
+}
+       my %ccdconfhash=();     
+       &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);     
+       my @ccdconf=();
+       my $count=0;
+       foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
+               @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
+               $count++;
+               my $ccdhosts = &hostsinnet($ccdconf[0]);
+               if ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";}
+               else{            print" <tr bgcolor='$color{'color20'}'>";}
+               print"<td>$ccdconf[0]</td><td align='center'>$ccdconf[1]</td><td align='center'>$ccdhosts/".(&ccdmaxclients($ccdconf[1])+1)."</td><td>";
+print <<END
+               <form method='post' />
+               <input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} />
+               <input type='hidden' name='ACTION' value='edit'/>
+               <input type='hidden' name='ccdname' value='$ccdconf[0]' />
+               <input type='hidden' name='ccdsubnet' value='$ccdconf[1]' />
+               </form></td>
+               <form method='post' />
+               <td><input type='hidden' name='ACTION' value='kill'/>
+               <input type='hidden' name='number' value='$count' />
+               <input type='hidden' name='net' value='$ccdconf[0]' />
+               <input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'remove'} title=$Lang::tr{'remove'} /></form></td></tr>
+END
+;
+       }       
+       print "</table></form>";
+       &Header::closebox();
+       print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
+       &Header::closebigbox();
+       &Header::closepage();
+       exit(0);
+       
+#END CCD
+
 ###
 ### Openvpn Connections Statistics
 ###
@@ -2284,7 +2871,7 @@ if ( -s "${General::swroot}/ovpn/settings") {
 
        print <<END
            <b>$Lang::tr{'connection type'}:</b><br />
-           <table><form method='post' ENCTYPE="multipart/form-data">
+           <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
            <tr><td><input type='radio' name='TYPE' value='host' checked /></td>
                <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
            <tr><td><input type='radio' name='TYPE' value='net' /></td>
@@ -2293,21 +2880,21 @@ if ( -s "${General::swroot}/ovpn/settings") {
                <td class='base'>$Lang::tr{'net to net vpn'} (Upload Client Package)</td></tr>
          <tr><td>&nbsp;</td><td class='base'><input type='file' name='FH' size='30'></td></tr>
          <tr><td>&nbsp;</td><td>Import Connection Name <img src='/blob.gif' /></td></tr>
-    <tr><td>&nbsp;</td><td class='base'><input type='text' name='n2nname' size='30'><td class='base'>Default : Client Packagename</td></td></tr>
+    <tr><td>&nbsp;</td><td class='base'><input type='text' name='n2nname' size='30'>Default : Client Packagename</td></tr>
          <tr><td colspan='3'><hr /></td></tr>
-    <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
-         <tr><td>&nbsp;</td></tr>
+    <tr><td align='right' colspan='3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
          <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
            </form></table>
 END
        ;
+       
 
 } else {
        print <<END
                    <b>$Lang::tr{'connection type'}:</b><br />
-           <table><form method='post' ENCTYPE="multipart/form-data">
+           <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
            <tr><td><input type='radio' name='TYPE' value='host' checked /></td> <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
-           <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
+           <tr><td align='right' colspan'3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
            </form></table>
 END
        ;
@@ -2450,6 +3037,7 @@ END
 my $complzoactive;
 my $mssfixactive;
 my $n2nfragment;
+my @n2nmtudisc = split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]);;
 my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
 my @n2nproto = split(/-/, $n2nproto2[1]);
 my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]);
@@ -2484,6 +3072,7 @@ $n2nremsub[2] =~ s/\n|\r//g;
 $n2nlocalsub[2] =~ s/\n|\r//g;
 $n2nfragment[1] =~ s/\n|\r//g;
 $n2nmgmt[2] =~ s/\n|\r//g;
+$n2nmtudisc[1] =~ s/\n|\r//g;
 chomp ($complzoactive);
 chomp ($mssfixactive);
 
@@ -2537,26 +3126,28 @@ foreach my $dkey (keys %confighash) {
        
   $key = &General::findhasharraykey (\%confighash);
 
-       foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
+       foreach my $i (0 .. 39) { $confighash{$key}[$i] = "";}
+
        $confighash{$key}[0] = 'off';
        $confighash{$key}[1] = $n2nname[0];
-  $confighash{$key}[2] = $n2nname[0];  
+       $confighash{$key}[2] = $n2nname[0];     
        $confighash{$key}[3] = 'net';
        $confighash{$key}[4] = 'cert';  
        $confighash{$key}[6] = 'client';                
        $confighash{$key}[8] =  $n2nlocalsub[2];
-  $confighash{$key}[10] = $n2nremote[1];
-  $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]";               
+       $confighash{$key}[10] = $n2nremote[1];
+       $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]";          
        $confighash{$key}[22] = $n2nmgmt[2];
-  $confighash{$key}[23] = $mssfixactive;
+       $confighash{$key}[23] = $mssfixactive;
        $confighash{$key}[24] = $n2nfragment[1];
-  $confighash{$key}[25] = 'IPFire n2n Client';
+       $confighash{$key}[25] = 'IPFire n2n Client';
        $confighash{$key}[26] = 'red';
-  $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0";
-  $confighash{$key}[28] = $n2nproto[0];
-  $confighash{$key}[29] = $n2nport[1];
-  $confighash{$key}[30] = $complzoactive;
-  $confighash{$key}[31] = $n2ntunmtu[1];
+       $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0";
+       $confighash{$key}[28] = $n2nproto[0];
+       $confighash{$key}[29] = $n2nport[1];
+       $confighash{$key}[30] = $complzoactive;
+       $confighash{$key}[31] = $n2ntunmtu[1];
+       $confighash{$key}[38] = $n2nmtudisc[1]; 
 
 
   &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
@@ -2594,6 +3185,7 @@ foreach my $dkey (keys %confighash) {
                <tr><td class='boldbase' nowrap='nowrap'>MSSFIX </td><td><b>$confighash{$key}[23]</b></td></tr>
                <tr><td class='boldbase' nowrap='nowrap'>Fragment </td><td><b>$confighash{$key}[24]</b></td></tr>
                <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
+               <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td><td><b>$confighash{$key}[38]</b></td></tr>
                <tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr>
                <tr><td>&nbsp;</td><td>&nbsp;</td></tr> 
     </table>
@@ -2655,45 +3247,216 @@ if ($confighash{$cgiparams{'KEY'}}) {
 } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) ||
         ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) ||
         ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) {
-
+           
     &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
     &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
     &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
     if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
-       if (! $confighash{$cgiparams{'KEY'}}[0]) {
-           $errormessage = $Lang::tr{'invalid key'};
-           goto VPNCONF_END;
-       }
-       $cgiparams{'ENABLED'}   = $confighash{$cgiparams{'KEY'}}[0];
-       $cgiparams{'NAME'}      = $confighash{$cgiparams{'KEY'}}[1];
-       $cgiparams{'TYPE'}      = $confighash{$cgiparams{'KEY'}}[3];
-       $cgiparams{'AUTH'}      = $confighash{$cgiparams{'KEY'}}[4];
-       $cgiparams{'PSK'}       = $confighash{$cgiparams{'KEY'}}[5];
-       $cgiparams{'SIDE'}      = $confighash{$cgiparams{'KEY'}}[6];
-       $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
-  $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10];
-  $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
-# n2n m.a.d new fields
-  $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22];
-  $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23];
-  $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24];
-       $cgiparams{'REMARK'}    = $confighash{$cgiparams{'KEY'}}[25];
-       $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
-#new fields    
-       $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27];
-       $cgiparams{'PROTOCOL'}    = $confighash{$cgiparams{'KEY'}}[28];
-       $cgiparams{'DEST_PORT'}   = $confighash{$cgiparams{'KEY'}}[29];
-       $cgiparams{'COMPLZO'}     = $confighash{$cgiparams{'KEY'}}[30];
-       $cgiparams{'MTU'}         = $confighash{$cgiparams{'KEY'}}[31];
-
-#new fields
-#ab hiere error uebernehmen
-
-    } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
+               if (! $confighash{$cgiparams{'KEY'}}[0]) {
+                   $errormessage = $Lang::tr{'invalid key'};
+                   goto VPNCONF_END;
+               }
+               $cgiparams{'ENABLED'}                   = $confighash{$cgiparams{'KEY'}}[0];
+               $cgiparams{'NAME'}                              = $confighash{$cgiparams{'KEY'}}[1];
+               $cgiparams{'TYPE'}                              = $confighash{$cgiparams{'KEY'}}[3];
+               $cgiparams{'AUTH'}                              = $confighash{$cgiparams{'KEY'}}[4];
+               $cgiparams{'PSK'}                               = $confighash{$cgiparams{'KEY'}}[5];
+               $cgiparams{'SIDE'}                              = $confighash{$cgiparams{'KEY'}}[6];
+               $cgiparams{'LOCAL_SUBNET'}              = $confighash{$cgiparams{'KEY'}}[8];
+               $cgiparams{'REMOTE'}                    = $confighash{$cgiparams{'KEY'}}[10];
+               $cgiparams{'REMOTE_SUBNET'}     = $confighash{$cgiparams{'KEY'}}[11];
+               $cgiparams{'OVPN_MGMT'}                 = $confighash{$cgiparams{'KEY'}}[22];
+               $cgiparams{'MSSFIX'}                    = $confighash{$cgiparams{'KEY'}}[23];
+               $cgiparams{'FRAGMENT'}                  = $confighash{$cgiparams{'KEY'}}[24];
+               $cgiparams{'REMARK'}                    = $confighash{$cgiparams{'KEY'}}[25];
+               $cgiparams{'INTERFACE'}                 = $confighash{$cgiparams{'KEY'}}[26];
+               $cgiparams{'OVPN_SUBNET'}               = $confighash{$cgiparams{'KEY'}}[27];
+               $cgiparams{'PROTOCOL'}                  = $confighash{$cgiparams{'KEY'}}[28];
+               $cgiparams{'DEST_PORT'}                 = $confighash{$cgiparams{'KEY'}}[29];
+               $cgiparams{'COMPLZO'}                   = $confighash{$cgiparams{'KEY'}}[30];
+               $cgiparams{'MTU'}                               = $confighash{$cgiparams{'KEY'}}[31];
+               $cgiparams{'CHECK1'}                    = $confighash{$cgiparams{'KEY'}}[32];
+               $name=$cgiparams{'CHECK1'}      ;
+               $cgiparams{$name}                               = $confighash{$cgiparams{'KEY'}}[33];
+               $cgiparams{'RG'}                                = $confighash{$cgiparams{'KEY'}}[34];
+               $cgiparams{'CCD_DNS1'}                  = $confighash{$cgiparams{'KEY'}}[35];
+               $cgiparams{'CCD_DNS2'}                  = $confighash{$cgiparams{'KEY'}}[36];
+               $cgiparams{'CCD_WINS'}                  = $confighash{$cgiparams{'KEY'}}[37];
+               $cgiparams{'PMTU_DISCOVERY'}    = $confighash{$cgiparams{'KEY'}}[38];
+       } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
        $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
        
-  if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
+#A.Marx CCD check iroute field and convert it to decimal
+if ($cgiparams{'TYPE'} eq 'host') {
+       my @temp=();
+       my %ccdroutehash=();
+       my $keypoint=0;
+       my $ip;
+       my $cidr;
+       if ($cgiparams{'IR'} ne ''){
+               @temp = split("\n",$cgiparams{'IR'});
+               &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+               #find key to use
+               foreach my $key (keys %ccdroutehash) {
+                       if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) {
+                               $keypoint=$key;
+                               delete $ccdroutehash{$key};
+                       }else{
+                               $keypoint = &General::findhasharraykey (\%ccdroutehash);
+                       }
+               }
+               $ccdroutehash{$keypoint}[0]=$cgiparams{'NAME'};
+               my $i=1;
+               my $val=0;
+               foreach $val (@temp){
+                       chomp($val);
+                       $val=~s/\s*$//g; 
+                       #check if iroute exists in ccdroute or if new iroute is part of an existing one
+                       foreach my $key (keys %ccdroutehash) {
+                               foreach my $oldiroute ( 1 .. $#{$ccdroutehash{$key}}){
+                                               if ($ccdroutehash{$key}[$oldiroute] eq "$val") {
+                                                       $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
+                                                       goto VPNCONF_ERROR;
+                                               }
+                                               my ($ip1,$cidr1) = split (/\//, $val);
+                                               $ip1 = &General::getnetworkip($ip1,&General::iporsubtocidr($cidr1));
+                                               my ($ip2,$cidr2) = split (/\//, $ccdroutehash{$key}[$oldiroute]);
+                                               if (&General::IpInSubnet ($ip1,$ip2,$cidr2)){
+                                                       $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
+                                                       goto VPNCONF_ERROR;
+                                               } 
+                                                                       
+                               }
+                       }
+                       if (!&General::validipandmask($val)){
+                               $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
+                               goto VPNCONF_ERROR;
+                       }else{
+                               ($ip,$cidr) = split(/\//,$val);
+                               $ip=&General::getnetworkip($ip,&General::iporsubtocidr($cidr));
+                               $cidr=&General::iporsubtodec($cidr);
+                               $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
+                       
+                       }
+                                                                                                                                       
+                       #check for existing network IP's
+                       if (&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0')
+                       {
+                               $errormessage=$Lang::tr{'ccd err green'};
+                               goto VPNCONF_ERROR;
+                       }elsif(&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0')
+                       {
+                               $errormessage=$Lang::tr{'ccd err red'};
+                               goto VPNCONF_ERROR;
+                       }elsif(&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '')
+                       {
+                               $errormessage=$Lang::tr{'ccd err blue'};
+                               goto VPNCONF_ERROR;
+                       }elsif(&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' )
+                       {
+                               $errormessage=$Lang::tr{'ccd err orange'};
+                               goto VPNCONF_ERROR;
+                       }
+                                               
+                       if (&General::validipandmask($val)){
+                               $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
+                       }else{
+                               $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($ip/$cidr)";
+                               goto VPNCONF_ERROR;
+                       }
+                       $i++;
+               }
+               &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+               &writeserverconf;
+       }else{
+               &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+               foreach my $key (keys %ccdroutehash) {
+                       if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) {
+                               delete $ccdroutehash{$key};
+                               &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+                               &writeserverconf;
+                       }
+               }       
+       }
+       undef @temp;
+       #check route field and convert it to decimal
+       my $val=0;
+       my $i=1;
+       &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+       #find key to use
+       foreach my $key (keys %ccdroute2hash) {
+               if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) {
+                       $keypoint=$key;
+                       delete $ccdroute2hash{$key};
+               }else{
+                       $keypoint = &General::findhasharraykey (\%ccdroute2hash);
+                       &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+                       &writeserverconf;
+               }
+       }
+       $ccdroute2hash{$keypoint}[0]=$cgiparams{'NAME'};
+       if ($cgiparams{'IFROUTE'} eq ''){$cgiparams{'IFROUTE'} = $Lang::tr{'ccd none'};}
+       @temp = split(/\|/,$cgiparams{'IFROUTE'});
+       my %ownnet=();
+       &General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
+       foreach $val (@temp){
+               chomp($val);
+               $val=~s/\s*$//g; 
+               if ($val eq $Lang::tr{'green'})
+               {
+                       $val=$ownnet{GREEN_NETADDRESS}."/".$ownnet{GREEN_NETMASK};
+               }
+               if ($val eq $Lang::tr{'blue'})
+               {
+                       $val=$ownnet{BLUE_NETADDRESS}."/".$ownnet{BLUE_NETMASK};
+               }
+               if ($val eq $Lang::tr{'orange'})
+               {
+                       $val=$ownnet{ORANGE_NETADDRESS}."/".$ownnet{ORANGE_NETMASK};
+               }
+               my ($ip,$cidr) = split (/\//, $val);
+               
+               if ($val ne $Lang::tr{'ccd none'})
+               {       
+                       if (! &check_routes_push($val)){$errormessage=$errormessage."Route $val ".$Lang::tr{'ccd err routeovpn2'}." ($val)";goto VPNCONF_ERROR;}
+                       if (! &check_ccdroute($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err inuse'}." ($val)" ;goto VPNCONF_ERROR;}
+                       if (! &check_ccdconf($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err routeovpn'}." ($val)";goto VPNCONF_ERROR;}
+                       if (&General::validipandmask($val)){
+                               $val=$ip."/".&General::iporsubtodec($cidr);
+                               $ccdroute2hash{$keypoint}[$i] = $val;
+                       }else{
+                               $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
+                               goto VPNCONF_ERROR;
+                       }
+               }else{
+                       $ccdroute2hash{$keypoint}[$i]='';
+               }
+               $i++;
+       }       
+       &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+
+       #check dns1 ip
+       if ($cgiparams{'CCD_DNS1'} ne '' &&  ! &General::validip($cgiparams{'CCD_DNS1'})) {
+                       $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 1";
+                       goto VPNCONF_ERROR;
+       }
+       #check dns2 ip
+       if ($cgiparams{'CCD_DNS2'} ne '' &&  ! &General::validip($cgiparams{'CCD_DNS2'})) {
+                       $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 2";
+                       goto VPNCONF_ERROR;
+       }
+       #check wins ip
+       if ($cgiparams{'CCD_WINS'} ne '' &&  ! &General::validip($cgiparams{'CCD_WINS'})) {
+                       $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp wins'};
+                       goto VPNCONF_ERROR;
+       }
+}
+
+#CCD End
+
+       
+ if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
            $errormessage = $Lang::tr{'connection type is invalid'};
            if ($cgiparams{'TYPE'} eq 'net') {
       unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
@@ -2771,6 +3534,22 @@ if ($cgiparams{'TYPE'} eq 'net') {
            goto VPNCONF_ERROR;
     }
 
+    if ($cgiparams{'PMTU_DISCOVERY'} ne 'off') {
+       if (($cgiparams{'FRAGMENT'} ne '') || ($cgiparams{'MSSFIX'} eq 'on')) {
+               $errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'};
+               unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+               rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+               goto VPNCONF_ERROR;
+       }
+    }
+
+    if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') && ($cgiparams{'MTU'} ne '1500')) {
+       $errormessage = $Lang::tr{'ovpn mtu-disc and mtu not 1500'};
+       unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+       rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+       goto VPNCONF_ERROR;
+    }
+
     if ( &validdotmask ($cgiparams{'LOCAL_SUBNET'}))  {
                  $errormessage = $Lang::tr{'openvpn prefix local subnet'};
                  unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
@@ -3143,45 +3922,124 @@ if ($cgiparams{'TYPE'} eq 'net') {
 
         # Save the config
        my $key = $cgiparams{'KEY'};
+       
        if (! $key) {
            $key = &General::findhasharraykey (\%confighash);
-           foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
+           foreach my $i (0 .. 38) { $confighash{$key}[$i] = "";}
        }
-       $confighash{$key}[0] = $cgiparams{'ENABLED'};
-       $confighash{$key}[1] = $cgiparams{'NAME'};
+       $confighash{$key}[0]            = $cgiparams{'ENABLED'};
+       $confighash{$key}[1]            = $cgiparams{'NAME'};
        if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') {
-           $confighash{$key}[2] = $cgiparams{'CERT_NAME'};
+           $confighash{$key}[2]        = $cgiparams{'CERT_NAME'};
        }
-       $confighash{$key}[3] = $cgiparams{'TYPE'};
+       
+       $confighash{$key}[3]            = $cgiparams{'TYPE'};
        if ($cgiparams{'AUTH'} eq 'psk') {
-           $confighash{$key}[4] = 'psk';
-           $confighash{$key}[5] = $cgiparams{'PSK'};
+           $confighash{$key}[4]        = 'psk';
+           $confighash{$key}[5]        = $cgiparams{'PSK'};
        } else {
-           $confighash{$key}[4] = 'cert';
+           $confighash{$key}[4]        = 'cert';
        }
        if ($cgiparams{'TYPE'} eq 'net') {
-           $confighash{$key}[6] = $cgiparams{'SIDE'};
-           $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
+           $confighash{$key}[6]        = $cgiparams{'SIDE'};
+           $confighash{$key}[11]       = $cgiparams{'REMOTE_SUBNET'};
        }
-       $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
-       $confighash{$key}[10] = $cgiparams{'REMOTE'};
+       $confighash{$key}[8]                    = $cgiparams{'LOCAL_SUBNET'};
+       $confighash{$key}[10]           = $cgiparams{'REMOTE'};
   if ($cgiparams{'OVPN_MGMT'} eq '') {
-  $confighash{$key}[22] = $confighash{$key}[29];
+       $confighash{$key}[22]           = $confighash{$key}[29];
   } else {
-  $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'};
+       $confighash{$key}[22]           = $cgiparams{'OVPN_MGMT'};
   }
-  $confighash{$key}[23] = $cgiparams{'MSSFIX'};
-  $confighash{$key}[24] = $cgiparams{'FRAGMENT'};
-       $confighash{$key}[25] = $cgiparams{'REMARK'};
-       $confighash{$key}[26] = $cgiparams{'INTERFACE'};
+       $confighash{$key}[23]           = $cgiparams{'MSSFIX'};
+       $confighash{$key}[24]           = $cgiparams{'FRAGMENT'};
+       $confighash{$key}[25]           = $cgiparams{'REMARK'};
+       $confighash{$key}[26]           = $cgiparams{'INTERFACE'};
 # new fields   
-       $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'};
-       $confighash{$key}[28] = $cgiparams{'PROTOCOL'};
-       $confighash{$key}[29] = $cgiparams{'DEST_PORT'};
-       $confighash{$key}[30] = $cgiparams{'COMPLZO'};
-       $confighash{$key}[31] = $cgiparams{'MTU'};
-# new fileds   
+       $confighash{$key}[27]           = $cgiparams{'OVPN_SUBNET'};
+       $confighash{$key}[28]           = $cgiparams{'PROTOCOL'};
+       $confighash{$key}[29]           = $cgiparams{'DEST_PORT'};
+       $confighash{$key}[30]           = $cgiparams{'COMPLZO'};
+       $confighash{$key}[31]           = $cgiparams{'MTU'};
+       $confighash{$key}[32]           = $cgiparams{'CHECK1'};
+       $name=$cgiparams{'CHECK1'};
+       $confighash{$key}[33]           = $cgiparams{$name};
+       $confighash{$key}[34]           = $cgiparams{'RG'};
+       $confighash{$key}[35]           = $cgiparams{'CCD_DNS1'};
+       $confighash{$key}[36]           = $cgiparams{'CCD_DNS2'};
+       $confighash{$key}[37]           = $cgiparams{'CCD_WINS'};
+       $confighash{$key}[38]                   = $cgiparams{'PMTU_DISCOVERY'};
+
+
        &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+       
+       if ($cgiparams{'CHECK1'} ){
+               
+               my ($ccdip,$ccdsub)=split "/",$cgiparams{$name};
+               my ($a,$b,$c,$d) = split (/\./,$ccdip);
+                       if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){
+                               unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";
+                       }
+                       open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!";
+                       print CCDRWCONF "# OpenVPN clientconfig from ccd extension by Copymaster#\n\n";
+                       if($cgiparams{'CHECK1'} eq 'dynamic'){
+                               print CCDRWCONF "#This client uses the dynamic pool\n";
+                       }else{
+                               print CCDRWCONF "#Ip address client and server\n";
+                               print CCDRWCONF "ifconfig-push $ccdip ".&General::getlastip($ccdip,1)."\n";
+                       }
+                       if ($confighash{$key}[34] eq 'on'){
+                               print CCDRWCONF "\n#Redirect Gateway: \n#All IP traffic is redirected through the vpn \n";
+                               print CCDRWCONF "push redirect-gateway\n";
+                       }
+                       &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+                       if ($cgiparams{'IR'} ne ''){
+                               print CCDRWCONF "\n#Client routes these networks (behind Client)\n";
+                               foreach my $key (keys %ccdroutehash){
+                                       if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}){
+                                               foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
+                                                       my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]);
+                                                       print CCDRWCONF "iroute $a $b\n";
+                                               }
+                                       }
+                               }
+                       }
+                       if ($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} ){$cgiparams{'IFROUTE'}='';}
+                       if ($cgiparams{'IFROUTE'} ne ''){
+                               print CCDRWCONF "\n#Client gets routes to these networks (behind IPFire)\n";
+                               foreach my $key (keys %ccdroute2hash){
+                                       if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
+                                               foreach my $i ( 1 .. $#{$ccdroute2hash{$key}}){
+                                                       if($ccdroute2hash{$key}[$i] eq $Lang::tr{'blue'}){
+                                                               my %blue=();
+                                                               &General::readhash("${General::swroot}/ethernet/settings", \%blue);
+                                                               print CCDRWCONF "push \"route $blue{BLUE_ADDRESS} $blue{BLUE_NETMASK}\n";
+                                                       }elsif($ccdroute2hash{$key}[$i] eq $Lang::tr{'orange'}){
+                                                               my %orange=();
+                                                               &General::readhash("${General::swroot}/ethernet/settings", \%orange);
+                                                               print CCDRWCONF "push \"route $orange{ORANGE_ADDRESS}  $orange{ORANGE_NETMASK}\n";
+                                                       }else{
+                                                               my ($a,$b)=split (/\//,$ccdroute2hash{$key}[$i]);
+                                                               print CCDRWCONF "push \"route $a $b\"\n";
+                                                       }
+                                               }
+                                       }
+                               }
+                       }
+                       if(($cgiparams{'CCD_DNS1'} eq '') && ($cgiparams{'CCD_DNS1'} ne '')){ $cgiparams{'CCD_DNS1'} = $cgiparams{'CCD_DNS2'};$cgiparams{'CCD_DNS2'}='';}
+                       if($cgiparams{'CCD_DNS1'} ne ''){
+                               print CCDRWCONF "\n#Client gets these nameservers\n";
+                               print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS1'}\" \n";
+                       }
+                       if($cgiparams{'CCD_DNS2'} ne ''){
+                               print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS2'}\" \n";
+                       }
+                       if($cgiparams{'CCD_WINS'} ne ''){
+                               print CCDRWCONF "\n#Client gets this WINS server\n";
+                               print CCDRWCONF "push \"dhcp-option WINS $cgiparams{'CCD_WINS'}\" \n";
+                       }
+                       close CCDRWCONF;
+       }
 
 ###
 # m.a.d n2n begin
@@ -3221,6 +4079,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
 ###    
         $cgiparams{'MSSFIX'} = 'on';
         $cgiparams{'FRAGMENT'} = '1300';
+       $cgiparams{'PMTU_DISCOVERY'} = 'off';
 ###
 # m.a.d n2n end
 ###    
@@ -3280,6 +4139,8 @@ if ($cgiparams{'TYPE'} eq 'net') {
     $checked{'MSSFIX'}{'on'} = '';
     $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
 
+    $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
+
 
     if (1) {
        &Header::showhttpheaders();
@@ -3308,12 +4169,17 @@ if ($cgiparams{'TYPE'} eq 'net') {
        }
 
        &Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:");
-       print "<table width='100%'>\n";
-       print "<tr><td width='25%' class='boldbase'>$Lang::tr{'name'}:</td>";
+       print "<table width='100%'  border='0'>\n";
+       
+       
+       
+       print "<tr><td width='14%' class='boldbase'>$Lang::tr{'name'}: </td>";
+       
        if ($cgiparams{'TYPE'} eq 'host') {
            if ($cgiparams{'KEY'}) {
-               print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>\n";
+               print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
            } else {
+                       
                print "<td width='35%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' size='30' /></td>";
            }
 #          print "<tr><td>$Lang::tr{'interface'}</td>";
@@ -3333,6 +4199,9 @@ if ($cgiparams{'TYPE'} eq 'net') {
            } else {
                print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>";
            }
+           
+           
+           
            print <<END
                    <td width='25%'>&nbsp;</td>
                    <td width='25%'>&nbsp;</td></tr>
@@ -3373,47 +4242,73 @@ if ($cgiparams{'TYPE'} eq 'net') {
                    <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td>
         <td colspan='2'>$Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}</span></td>
 
+       <tr>
+               <td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td>
+               <td colspan='3'>
+                       <input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}
+                       <input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}
+                       <input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'}
+                       <input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'}
+               </td>
+       </tr>
+
 END
-           ;
+;
        }
-
+#jumper
        print "<tr><td class='boldbase'>$Lang::tr{'remark title'}&nbsp;<img src='/blob.gif' /></td>";
-       print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr>";
+       print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr></table>";
        
        if ($cgiparams{'TYPE'} eq 'host') {
+      print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>";
+    }  
 
-      print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>\n";
-         }     
-
-#          if ($cgiparams{'KEY'}) {
-#              print "<td colspan='3'>&nbsp;</td></tr></table>";
-#          } else {
-#              print "<td colspan='3'><input type='checkbox' name='EDIT_ADVANCED' $checked{'EDIT_ADVANCED'}{'on'} /> $Lang::tr{'edit advanced settings when done'}</tr></table>";
-#          }
-#      }else{
-           print "<td colspan='3'>&nbsp;</td></tr></table>";
-#      }    
-           
-       
-
+               print"</tr></table><br><br>";
+#A.Marx CCD new client         
+if ($cgiparams{'TYPE'} eq 'host') {    
+           print "<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td colspan='3'><hr><br><b>$Lang::tr{'ccd choose net'}</td></tr><tr><td height='20' colspan='3'></td></tr>";
+           my %vpnnet=();
+           my $vpnip;
+           &General::readhash("${General::swroot}/ovpn/settings", \%vpnnet);
+           $vpnip=$vpnnet{'DOVPN_SUBNET'};
+           &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+           my @ccdconf=();
+               my $count=0;
+               my $checked;
+               $checked{'check1'}{'off'} = '';
+           $checked{'check1'}{'on'} = '';
+           $checked{'check1'}{$cgiparams{'CHECK1'}} = 'CHECKED';
+           print"<tr><td align='center' width='1%' valign='top'><input type='radio' name='CHECK1' value='dynamic' checked /></td><td align='left' valign='top' width='35%'>$Lang::tr{'ccd dynrange'} ($vpnip)</td><td width='30%'>";
+           print"</td></tr></table><br><br>";
+               my $name=$cgiparams{'CHECK1'};
+               $checked{'RG'}{$cgiparams{'RG'}} = 'CHECKED';
+               
+       if (! -z "${General::swroot}/ovpn/ccd.conf"){   
+               print"<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td width='1%'></td><td width='30%' class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td width='15%' class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' align='center' width='18%'><b>$Lang::tr{'ccd clientip'}</td></tr>";
+               foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
+                       $count++;
+                       @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
+                       if ($count % 2){print"<tr bgcolor='$color{'color22'}'>";}else{print"<tr bgcolor='$color{'color20'}'>";}
+                       print"<td align='center' width='1%'><input type='radio' name='CHECK1' value='$ccdconf[0]' $checked{'check1'}{$ccdconf[0]}/></td><td>$ccdconf[0]</td><td width='40%' align='center'>$ccdconf[1]</td><td align='left' width='10%'>";
+                       &fillselectbox($ccdconf[1],$ccdconf[0],$cgiparams{$name});
+                       print"</td></tr>";
+               }
+               print "</table><br><br><hr><br><br>";
+       }
+}
+# ccd end
        &Header::closebox();
-       
        if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') {
-       #    &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'});
-       #    print <<END
-       #    <table width='100%' cellpadding='0' cellspacing='5' border='0'>
-       #    <tr><td class='base' width='50%'>$Lang::tr{'use a pre-shared key'}</td>
-       #       <td class='base' width='50%'><input type='text' name='PSK' size='30' value='$cgiparams{'PSK'}' /></td></tr>
-       #    </table>
-END
-       #    ;
-       #    &Header::closebox();
-       } elsif (! $cgiparams{'KEY'}) {
+               
+               } elsif (! $cgiparams{'KEY'}) {
+               
+               
            my $disabled='';
            my $cakeydisabled='';
            my $cacrtdisabled='';
            if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" };
            if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" };
+           
            &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'});
  
  
@@ -3510,8 +4405,127 @@ END
 ###
            ;
            &Header::closebox();
+           
        }
 
+#A.Marx CCD new client 
+if ($cgiparams{'TYPE'} eq 'host') {
+           print"<br><br>";
+           &Header::openbox('100%', 'LEFT', "$Lang::tr{'ccd client options'}:");
+
+       
+       print <<END;
+       <table border='0' width='100%'>
+       <tr><td width='20%'>Redirect Gateway:</td><td colspan='3'><input type='checkbox' name='RG' $checked{'RG'}{'on'} /></td></tr>
+       <tr><td colspan='4'><b><br>$Lang::tr{'ccd routes'}</b></td></tr>
+       <tr><td colspan='4'>&nbsp</td></tr>
+       <tr><td valign='top'>$Lang::tr{'ccd iroute'}</td><td align='left' width='30%'><textarea name='IR' cols='26' rows='6' wrap='off'>
+END
+       
+       if ($cgiparams{'IR'} ne ''){
+               print $cgiparams{'IR'};
+       }else{
+               &General::readhasharray ("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+               foreach my $key (keys %ccdroutehash) {
+                       if( $cgiparams{'NAME'} eq $ccdroutehash{$key}[0]){
+                               foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
+                                               if ($ccdroutehash{$key}[$i] ne ''){
+                                                       print $ccdroutehash{$key}[$i]."\n";
+                                               }
+                                               $cgiparams{'IR'} .= $ccdroutehash{$key}[$i];
+                               }
+                       }
+               }
+       }
+        
+       print <<END;
+</textarea></td><td valign='top' colspan='2'>$Lang::tr{'ccd iroutehint'}</td></tr>
+       <tr><td colspan='4'><br></td></tr>
+       <tr><td valign='top' rowspan='3'>$Lang::tr{'ccd iroute2'}</td><td align='left' valign='top' rowspan='3'><select name='IFROUTE' style="width: 205px"; size='6' multiple>
+END
+       
+       my $set=0;
+       my $selorange=0;
+       my $selblue=0;
+       my $selgreen=0;
+       my $helpblue=0;
+       my $helporange=0;
+       my $other=0;
+       my $none=0;
+       my @temp=();
+       
+       our @current = ();
+       open(FILE, "${General::swroot}/main/routing") ;
+       @current = <FILE>;
+       close (FILE);
+       &General::readhasharray ("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);         
+       #check for "none"
+       foreach my $key (keys %ccdroute2hash) {
+               if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
+                       if ($ccdroute2hash{$key}[1] eq ''){
+                               $none=1;
+                               last;
+                       }
+               }
+       }
+       if ($none ne '1'){
+               print"<option>$Lang::tr{'ccd none'}</option>";
+       }else{
+               print"<option selected>$Lang::tr{'ccd none'}</option>";
+       }
+       #check if static routes are defined for client
+       foreach my $line (@current) {
+               chomp($line);   
+               $line=~s/\s*$//g;                       # remove newline
+               @temp=split(/\,/,$line);
+               $temp[1] = '' unless defined $temp[1]; # not always populated
+               my ($a,$b) = split(/\//,$temp[1]);
+               $temp[1] = $a."/".&General::iporsubtocidr($b);
+               foreach my $key (keys %ccdroute2hash) {
+                       if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
+                               foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
+                                       if($ccdroute2hash{$key}[$i] eq $a."/".&General::iporsubtodec($b)){
+                                               $set=1;
+                                       }
+                               }
+                       }
+               }
+               if ($set == '1' && $#temp != -1){ print"<option selected>$temp[1]</option>";$set=0;}elsif($set == '0' && $#temp != -1){print"<option>$temp[1]</option>";}
+       }       
+       #check if green,blue,orange are defined for client
+       foreach my $key (keys %ccdroute2hash) {
+               if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
+                       $other=1;
+                       foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
+                               if ($ccdroute2hash{$key}[$i] eq $netsettings{'GREEN_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'GREEN_NETMASK'})){
+                                       $selgreen=1;
+                               }
+                               if (&haveBlueNet()){
+                                       if( $ccdroute2hash{$key}[$i] eq $netsettings{'BLUE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'BLUE_NETMASK'})) {
+                                               $selblue=1;
+                                       }
+                               }
+                               if (&haveOrangeNet()){
+                                       if( $ccdroute2hash{$key}[$i] eq $netsettings{'ORANGE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'ORANGE_NETMASK'}) ) {
+                                               $selorange=1;
+                                       }
+                               }
+                       }
+               }
+       }
+       if (&haveBlueNet() && $selblue == '1'){ print"<option selected>$Lang::tr{'blue'}</option>";$selblue=0;}elsif(&haveBlueNet() && $selblue == '0'){print"<option>$Lang::tr{'blue'}</option>";}
+       if (&haveOrangeNet() && $selorange == '1'){ print"<option selected>$Lang::tr{'orange'}</option>";$selorange=0;}elsif(&haveOrangeNet() && $selorange == '0'){print"<option>$Lang::tr{'orange'}</option>";}                       
+       if ($selgreen == '1' || $other == '0'){ print"<option selected>$Lang::tr{'green'}</option>";$set=0;}else{print"<option>$Lang::tr{'green'}</option>";};
+       
+       print<<END
+       </select></td><td valign='top'>DNS1:</td><td valign='top'><input type='TEXT' name='CCD_DNS1' value='$cgiparams{'CCD_DNS1'}' size='30' /></td></tr>
+       <tr valign='top'><td>DNS2:</td><td><input type='TEXT' name='CCD_DNS2' value='$cgiparams{'CCD_DNS2'}' size='30' /></td></tr>
+       <tr valign='top'><td valign='top'>WINS:</td><td><input type='TEXT' name='CCD_WINS' value='$cgiparams{'CCD_WINS'}' size='30' /></td></tr></table><br><hr>
+       
+END
+;
+     &Header::closebox();
+}
        print "<div align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
        if ($cgiparams{'KEY'}) {
 #          print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced'}' />";
@@ -3538,24 +4552,21 @@ END
     my @status = `/bin/cat /var/log/ovpnserver.log`;
 
     if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
-       if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
-           my $ipaddr = <IPADDR>;
-           close IPADDR;
-           chomp ($ipaddr);
-           $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
-           if ($cgiparams{'VPN_IP'} eq '') {
-               $cgiparams{'VPN_IP'} = $ipaddr;
-           }
-       }
+               if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
+                   my $ipaddr = <IPADDR>;
+                   close IPADDR;
+                   chomp ($ipaddr);
+                   $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
+                   if ($cgiparams{'VPN_IP'} eq '') {
+                               $cgiparams{'VPN_IP'} = $ipaddr;
+                   }
+               }
     }
     
 #default setzen
     if ($cgiparams{'DCIPHER'} eq '') {
        $cgiparams{'DCIPHER'} =  'BF-CBC';     
     }
-#    if ($cgiparams{'DCOMPLZO'} eq '') {
-#      $cgiparams{'DCOMPLZO'} =  'on';     
-#    }
     if ($cgiparams{'DDEST_PORT'} eq '') {
        $cgiparams{'DDEST_PORT'} =  '1194';     
     }
@@ -3565,8 +4576,7 @@ END
     if ($cgiparams{'DOVPN_SUBNET'} eq '') {
        $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
     }
-
-    $checked{'ENABLED'}{'off'} = '';
+       $checked{'ENABLED'}{'off'} = '';
     $checked{'ENABLED'}{'on'} = '';
     $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
     $checked{'ENABLED_BLUE'}{'off'} = '';
@@ -3626,8 +4636,8 @@ END
        $activeonrun = "disabled='disabled'";
     }  
     &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'});    
-    print <<END        
-    <table width='100%'>
+       print <<END     
+    <table width='100%' border=0>
     <form method='post'>
     <td width='25%'>&nbsp;</td>
     <td width='25%'>&nbsp;</td>
@@ -3635,7 +4645,7 @@ END
     <tr><td class='boldbase'>$Lang::tr{'ovpn server status'}</td>
     <td align='left'>$sactive</td>
     <tr><td class='boldbase'>$Lang::tr{'ovpn on red'}</td>
-        <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
+    <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
 END
 ;
     if (&haveBlueNet()) {
@@ -3674,18 +4684,20 @@ END
                                   <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>
                                   <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>
                                   <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>
-                                  <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td>
+                                  <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td></tr>
+                                  <tr><td colspan='4'><hr /></td></tr>
 END
 ;                                 
     
     if ( $srunning eq "yes" ) {
-       print "<tr><td align='left'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' disabled='disabled' /></td>";
-       print "<td><input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' disabled='disabled'/></td>"; 
-       print "<td><input type='submit' name='ACTION' value='$Lang::tr{'stop ovpn server'}' /></td>";
-       print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' /></td></tr>";   
+       print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' disabled='disabled' />";
+       print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />";
+       print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />";     
+       print "<input type='submit' name='ACTION' value='$Lang::tr{'stop ovpn server'}' /></td></tr>";
     } else{
-       print "<tr><td align='left'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>";
-       print "<td><input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' /></td>";
+       print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
+       print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />";
+       print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />";
        if (( -e "${General::swroot}/ovpn/ca/cacert.pem" &&
             -e "${General::swroot}/ovpn/ca/dh1024.pem" &&
             -e "${General::swroot}/ovpn/certs/servercert.pem" &&
@@ -3693,11 +4705,9 @@ END
            (( $cgiparams{'ENABLED'} eq 'on') || 
            ( $cgiparams{'ENABLED_BLUE'} eq 'on') ||
            ( $cgiparams{'ENABLED_ORANGE'} eq 'on'))){
-           print "<td><input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' /></td>";
-           print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' /></td></tr>";       
+           print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' /></td></tr>";
        } else {
-           print "<td><input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' disabled='disabled' /></td>";    
-           print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' disabled='disabled' /></td></tr>";               
+           print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' disabled='disabled' /></td></tr>";    
        }    
     }
     print "</form></table>";
@@ -3829,18 +4839,19 @@ END
     </tr>
     </table>
 END
-    ;
+;
     }
-    print <<END
-    <form method='post' enctype='multipart/form-data'>
-    <table width='100%' border='0' cellspacing='1' cellpadding='0'>
-    <tr><td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td>
-    <td nowrap='nowrap'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' />
-    <td nowrap='nowrap'><input type='file' name='FH' size='30' /></td>
-    <td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /><br /><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td>    
-    </tr></table></form>
+    
+print <<END
+<form method='post' enctype='multipart/form-data'>
+<table width='100%' border='0'>
+<tr><td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td><td nowrap='nowrap' width='8%'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'/></td><td nowrap='nowrap' align='right'><input type='file' name='FH' size='25' /><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /></td></tr>
+<tr><td colspan='4'><hr /></td></tr>
+<tr align='right'><td colspan='4' align='right' width='80%'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td></tr>
+</table>
 END
-    ;
+;
 
     &Header::closebox();
     if ( $srunning eq "yes" ) {    
@@ -3863,8 +4874,7 @@ END
 <tr>
     <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td>
     <td width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></td>
-    <td width='18%' class='boldbase' align='center'><b>$Lang::tr{'common name'}</b></td>
-    <td width='22%' class='boldbase' align='center'><b>$Lang::tr{'valid till'}</b></td>
+    <td width='22%' class='boldbase' align='center'><b>$Lang::tr{'network'}</b></td>
     <td width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td>
     <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></td>
     <td width='5%' class='boldbase' colspan='6' align='center'><b>$Lang::tr{'action'}</b></td>
@@ -3883,15 +4893,17 @@ END
        }
        print "<td align='center' nowrap='nowrap'>$confighash{$key}[1]</td>";
        print "<td align='center' nowrap='nowrap'>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>";
-       if ($confighash{$key}[4] eq 'cert') {
-           print "<td align='left' nowrap='nowrap'>$confighash{$key}[2]</td>";
-       } else {
-           print "<td align='left'>&nbsp;</td>";
-       }
+       #if ($confighash{$key}[4] eq 'cert') {
+           #print "<td align='left' nowrap='nowrap'>$confighash{$key}[2]</td>";
+       #} else {
+           #print "<td align='left'>&nbsp;</td>";
+       #}
        my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
        $cavalid    =~ /Not After : (.*)[\n]/;
        $cavalid    = $1;
-       print "<td align='center'>$cavalid</td>";
+       if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]="net-2-net";}
+       if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'host' ){$confighash{$key}[32]="dynamic";}
+       print "<td align='center'>$confighash{$key}[32]</td>";
        print "<td align='center'>$confighash{$key}[25]</td>";
 
        my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
@@ -4029,7 +5041,7 @@ END
     # If the config file contains entries, print Key to action icons
     if ( $id ) {
     print <<END
-    <table>
+    <table border='0'>
     <tr>
        <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
        <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
@@ -4050,7 +5062,7 @@ END
        <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td>
        <td class='base'>$Lang::tr{'dl client arch'}</td>
     </tr>
-    </table>
+    </table><hr>
 END
     ;
     }
@@ -4058,8 +5070,8 @@ END
     print <<END
     <table width='100%'>
     <form method='post'>
-    <tr><td width='50%' ><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td>
-       <td width='50%' ><input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td></tr>
+    <tr><td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' />
+    <input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td></tr>
     </form>
     </table>
 END
old mode 100644 (file)
new mode 100755 (executable)
index eaf6f48..e9d114b
@@ -1367,6 +1367,14 @@ END
            goto VPNCONF_ERROR;
        }
 
+       
+       if ($cgiparams{'TYPE'} eq 'net'){
+               $errormessage=&General::checksubnets($cgiparams{'NAME'},$cgiparams{'REMOTE_SUBNET'});
+               if ($errormessage ne ''){
+                       goto VPNCONF_ERROR;
+               }
+               
+       }
        if ($cgiparams{'AUTH'} eq 'psk') {
            if (! length($cgiparams{'PSK'}) ) {
                $errormessage = $Lang::tr{'pre-shared key is too short'};
index f686c30..05e1d85 100644 (file)
 'arp table entries' => 'Einträge der ARP-Tabelle:',
 'artist' => 'Künstler',
 'attemps' => 'Versuche',
+'attention' => 'ACHTUNG',
 'august' => 'August',
 'authentication' => 'Authentifizierung:',
 'automatic' => 'Automatisch',
 'capsopen' => 'VERBUNDEN',
 'capswarning' => 'WARNUNG',
 'caption' => 'Legende',
+'ccd add' => 'Netzwerk hinzufügen',
+'ccd choose net' => 'Netzwerk auswählen',
+'ccd client options' => 'Erweiterte Client-Optionen',
+'ccd clientip' => 'Hostadresse',
+'ccd dynrange' => 'Dynamischer OpenVPN IP-Addressen-Pool',
+'ccd err blue' => 'Das ist das BLAUE Subnetz.',
+'ccd err green' => 'Das ist das GRÜNE Subnetz.',
+'ccd err hostinnet' => 'Das Netzwerk kann nicht gelöscht werden, da sich in ihm noch Clients befinden.',
+'ccd err inuse' => 'Wird bereits von einem anderen Client genutzt.',
+'ccd err invalidname' => 'Ungültiger Name. Erlaubte Zeichen: A-Z, a-z, Bindestrich und Leerzeichen.',
+'ccd err invalidnet' => 'Ungültige IP-Addresse. Format: 192.168.0.0/24 oder 192.168.0.0/255.255.255.0.',
+'ccd err iroute' => 'Netzadresse für Route ungültig.',
+'ccd err irouteexist' => 'Diese Route wird bereits verwendet.',
+'ccd err isipsecnet' => 'Diese Subnetzadresse wird bereits für ein IPsec-Netzwerk verwendet.',
+'ccd err isovpnnet' => 'Subnetzadresse wird für bereits für den OpenVPN-Server verwendet!',
+'ccd err issubnet' => 'Subnetzadresse wird bereits verwendet.',
+'ccd err name' => 'Es muss ein Name angegeben werden.',
+'ccd err nameexist' => 'Name existiert bereits.',
+'ccd err netadr' => 'Subnetzadresse ist ungültig oder Bereich zu groß.',
+'ccd err netadrexist' => 'Netwerk existiert bereits.',
+'ccd err orange' => 'Das ist das ORANGE Subnetz.',
+'ccd err red' => 'Das ist das ROTE Subnetz.',
+'ccd err routeovpn' => 'Wird vom OpenVPN-Server genutzt.',
+'ccd err routeovpn2' => 'Wird bereits vom OpenVPN-Server verteilt.',
+'ccd hint' => 'Auf dieser Seite können statische Netzwerke definiert werden, von denen Roadwarrior-Clients feste Adressen zugewiesen bekommen können.',
+'ccd invalid' => 'ist ungültig.',
+'ccd iroute' => 'IPFire hat Zugriff auf diese Netzwerke auf Clientseite: ',
+'ccd iroute2' => 'Client hat Zugriff auf diese Netzwerke auf IPFire-Seite: ',
+'ccd iroutehint' => 'Achtung! Wenn Sie diese Einstellungen ändern, muss der OpenVPN Server neu gestartet werden!',
+'ccd maxclients' => 'Mögliche Adressen',
+'ccd modify' => 'Netzwerk ändern',
+'ccd name' => 'Name',
+'ccd net' => 'Statische IP-Adressen-Pools',
+'ccd noaddnet' => 'Neue statische Netze können erst erstellt werden, wenn der openVPN Server gestoppt wurde.',
+'ccd none' => 'Keine',
+'ccd routes' => 'Routen:',
+'ccd subnet' => 'Subnetz',
+'ccd used' => 'Genutzte Adressen',
 'cert' => 'Zertifikat',
 'certificate' => 'Zertifikat',
 'certificate authorities' => 'Zertifizierungsstellen (CAs)',
 'ovpn errmsg green already pushed' => 'Route für grünes Netzwerk wird immer gesetzt',
 'ovpn errmsg invalid ip or mask' => 'Ungültige Netzwerk-Adresse oder Subnetzmaske',
 'ovpn log' => 'OVPN-Log',
+'ovpn mtu-disc' => 'Path MTU Discovery',
+'ovpn mtu-disc and mtu not 1500' => 'Path MTU Discovery benötigt eine MTU von 1500.',
+'ovpn mtu-disc maybe' => 'Optional',
+'ovpn mtu-disc no' => 'Niemals',
+'ovpn mtu-disc off' => 'Deaktiviert',
+'ovpn mtu-disc with mssfix or fragment' => 'Path MTU Discovery kann nicht gemeinsam mit mssfix oder fragment verwendet werden.',
+'ovpn mtu-disc yes' => 'Forciert',
 'ovpn on blue' => 'OpenVPN auf BLAU',
 'ovpn on orange' => 'OpenVPN auf ORANGE',
 'ovpn on red' => 'OpenVPN auf ROT',
 'proxy no proxy local' => 'Lokalen Proxy auf blauen/grünen Netzwerken verhindern',
 'proxy port' => 'Proxy-Port',
 'proxy reconfigure' => 'Speichern und Laden',
+'proxy reports' => 'Proxyberichte',
+'proxy reports daily' => 'Tägliche Berichte',
+'proxy reports monthly' => 'Monatliche Berichte',
+'proxy reports today' => 'Heute',
+'proxy reports weekly' => 'Wöchentliche Berichte',
 'psk' => 'PSK',
 'pulse' => 'Puls',
 'pulse dial' => 'Pulswahl:',
 'september' => 'September',
 'serial' => 'serielle',
 'server reserved' => 'The connection name server is reserved and not allowed',
+'server restart' => 'Änderungen können nicht gespeichert werden, solange der OpenVPN-Server läuft.',
 'server string' => 'Server String',
 'service' => 'Dienst',
 'service added' => 'Benutzerdefinierter Netzwerkdienst wurde hinzugefügt',
index 5fe2391..f0fa2c2 100644 (file)
 'arp table entries' => 'ARP Table Entries:',
 'artist' => 'Artist',
 'attemps' => 'Attempts',
+'attention' => 'ATTENTION',
 'august' => 'August',
 'authentication' => 'Authentication:',
 'automatic' => 'Automatic',
 'capsopen' => 'CONNECTED',
 'capswarning' => 'WARNING',
 'caption' => 'Caption',
+'ccd add' => 'Add network',
+'ccd choose net' => 'Choose network',
+'ccd client options' => 'Advanced client options',
+'ccd clientip' => 'Host address',
+'ccd dynrange' => 'Dynamic OpenVPN IP address pool',
+'ccd err blue' => 'This is the BLUE subnet.',
+'ccd err green' => 'This is the GREEN subnet.',
+'ccd err hostinnet' => 'You are not able to delete this network, while it still contains clients.',
+'ccd err inuse' => 'Already used by another client.',
+'ccd err invalidname' => 'Invalid name. Allowed characters are A-Z, a-z, dash and space.',
+'ccd err invalidnet' => 'Invalid IP address. Format: 192.168.0.0/24 or 192.168.0.0/255.255.255.0.',
+'ccd err iroute' => 'Network address for route is invalid.',
+'ccd err irouteexist' => 'This route is already in use.',
+'ccd err isipsecnet' => 'The given subnet address already used by an IPsec network.',
+'ccd err isovpnnet' => 'Subnet address already in use for OpenVPN Server.',
+'ccd err issubnet' => 'Subnet address already in use.',
+'ccd err name' => 'Please choose a name.',
+'ccd err nameexist' => 'Name already exists.',
+'ccd err netadr' => 'Subnet address is invalid or range is too large.',
+'ccd err netadrexist' => 'Network already exists.',
+'ccd err orange' => 'This is the ORANGE subnet.',
+'ccd err red' => 'This is the RED subnet.',
+'ccd err routeovpn' => 'Already used by OpenVPN server.',
+'ccd err routeovpn2' => 'Already pushed from OpenVPN server.',
+'ccd hint' => 'On this page you are able to define static networks from which the roadwarrior clients can get fixed IP address assignments.',
+'ccd invalid' => 'Invalid.',
+'ccd iroute' => 'IPFire has access to these networks on the client\'s site',
+'ccd iroute2' => 'Client has access to these networks on IPFire\'s site',
+'ccd iroutehint' => 'Attention! If you change these settings, you have to restart the OpenVPN server that the changes take effect!',
+'ccd modify' => 'Change network',
+'ccd name' => 'Name',
+'ccd net' => 'Static IP address pools',
+'ccd noaddnet' => 'You can only add new static networks when OpenVPN server is stopped.',
+'ccd none' => 'None',
+'ccd routes' => 'Routing:',
+'ccd subnet' => 'Subnet',
+'ccd used' => 'Used addresses',
 'cert' => 'Certificate',
 'certificate' => 'Certificate',
 'certificate authorities' => 'Certificate Authorities',
 'gpl unofficial translation of the general public license v3' => 'Unofficial translation of the General Public License v3',
 'graph' => 'Graph',
 'graph per' => 'per',
-'green' => 'Green',
+'green' => 'GREEN',
 'green interface' => 'Green Interface',
 'guaranteed bandwith' => 'Guaranteed bandwith',
 'guardian alertfile' => 'Alertfile',
 'ovpn errmsg green already pushed' => 'Route for green network is always set',
 'ovpn errmsg invalid ip or mask' => 'Invalid network-address or subnetmask',
 'ovpn log' => 'OVPN-Log',
+'ovpn mtu-disc' => 'Path MTU Discovery',
+'ovpn mtu-disc and mtu not 1500' => 'Path MTU Discovery requires a MTU of 1500.',
+'ovpn mtu-disc maybe' => 'Optionally',
+'ovpn mtu-disc no' => 'Never',
+'ovpn mtu-disc off' => 'Disabled',
+'ovpn mtu-disc with mssfix or fragment' => 'Path MTU Discovery cannot be used with mssfix or fragment.',
+'ovpn mtu-disc yes' => 'Forced',
 'ovpn on blue' => 'OpenVPN on BLUE',
 'ovpn on orange' => 'OpenVPN on ORANGE',
 'ovpn on red' => 'OpenVPN on RED',
 'proxy no proxy local' => 'Disallow local proxying on BLUE/GREEN networks',
 'proxy port' => 'Proxy Port',
 'proxy reconfigure' => 'Save and Reload',
+'proxy reports' => 'Proxy Reports',
+'proxy reports daily' => 'Daily reports',
+'proxy reports monthly' => 'Monthly reports',
+'proxy reports today' => 'Today',
+'proxy reports weekly' => 'Weekly reports',
 'psk' => 'PSK',
 'pulse' => 'Pulse',
 'pulse dial' => 'Pulse dial:',
 'september' => 'September',
 'serial' => 'Serial',
 'server reserved' => 'The connection name server is reserved and not allowed',
+'server restart' => 'You are not able to save any changes while the OpenVPN server is running.',
 'server string' => 'Server String',
 'service' => 'Service',
 'service added' => 'Custom network service added',
index 68254a7..7e1dc9a 100644 (file)
--- a/lfs/GeoIP
+++ b/lfs/GeoIP
@@ -25,7 +25,7 @@
 include Config
 
 VER        = 1.17
-DATVER     = 06112012
+DATVER     = 05122012
 
 THISAPP    = Geo-IP-PurePerl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -43,7 +43,7 @@ $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 GeoIP.dat-$(DATVER).gz = $(DL_FROM)/GeoIP.dat-$(DATVER).gz
 
 $(DL_FILE)_MD5 = 42a6b9d4dd2563a20c8998556216e1de
-GeoIP.dat-$(DATVER).gz_MD5 = a8677695b0abecb69707ebe2444e64f9
+GeoIP.dat-$(DATVER).gz_MD5 = ab0f52a35128d1aced906ac4cbfbed9c
 
 install : $(TARGET)
 
diff --git a/lfs/libstatgrab b/lfs/libstatgrab
new file mode 100644 (file)
index 0000000..8bcb133
--- /dev/null
@@ -0,0 +1,69 @@
+###############################################################################
+# IPFire.org    - An Open Source Firewall Solution                            #
+# Copyright (C) - IPFire Development Team <info@ipfire.org>                   #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 0.17
+
+THISAPP    = libstatgrab-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+PROG       = libstatgrab
+PAK_VER    = 1
+
+DEPS       = ""
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 58385c9392898be3b09ffc5e3ebe8717
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist: 
+       @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+       @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+       @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+       @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+       @$(PREBUILD)
+       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && ./configure --prefix=/usr
+       cd $(DIR_APP) && make $(MAKETUNING)
+       cd $(DIR_APP) && make install
+       @rm -rf $(DIR_APP)
+       @$(POSTBUILD)
\ No newline at end of file
index 2bfde66..7de579e 100644 (file)
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2007-2012  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -34,7 +34,7 @@ TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = mediatomb
 PAK_VER    = 4
 
-DEPS       = "sqlite taglib ffmpeg-libs"
+DEPS       = "ffmpeg-libs libexif sqlite taglib "
 
 ###############################################################################
 # Top-level Rules
diff --git a/lfs/sarg b/lfs/sarg
new file mode 100644 (file)
index 0000000..c8794fe
--- /dev/null
+++ b/lfs/sarg
@@ -0,0 +1,100 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - An Open Source Firewall Solution                               #
+# Copyright (C) 2012 Michael Tremer                                           #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 2.3.3
+
+THISAPP    = sarg-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+PROG       = sarg
+PAK_VER    = 1
+
+DEPS       = ""
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 09dba9a960d500acd7f17802de62512c
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist: 
+       @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+       @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+       @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+       @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+       @$(PREBUILD)
+       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && ./configure \
+               --prefix=/usr \
+               --sysconfdir=/etc/sarg
+       cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+       cd $(DIR_APP) && make $(EXTRA_INSTALL) install
+
+       # Install configuration file.
+       cp -v $(DIR_SRC)/config/sarg/sarg.conf /etc/sarg/sarg.conf
+
+       # Install helper script.
+       install -m 755 $(DIR_SRC)/config/sarg/update-sarg-reports \
+               /usr/sbin/update-sarg-reports
+
+       # Install cron job.
+       for i in hourly daily weekly monthly; do \
+               install -m 754 -v $(DIR_SRC)/config/sarg/cron.$${i} \
+                       /etc/fcron.$${i}/sarg-reports; \
+       done
+
+       @rm -rf $(DIR_APP)
+       @$(POSTBUILD)
index 43edd86..beb0abb 100644 (file)
@@ -95,6 +95,9 @@ $(TARGET) :
            chmod 755 /usr/local/bin/`basename $$i`; \
        done
 
+       # Move script to correct place.
+       mv -vf /usr/local/bin/ovpn-ccd-convert /usr/sbin/
+
        # Nobody user
        -mkdir -p /home/nobody
        chown -R nobody:nobody /home/nobody
diff --git a/lfs/stress b/lfs/stress
new file mode 100644 (file)
index 0000000..166d840
--- /dev/null
@@ -0,0 +1,69 @@
+###############################################################################
+# IPFire.org    - An Open Source Firewall Solution                            #
+# Copyright (C) - IPFire Development Team <info@ipfire.org>                   #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = 1.0.4
+
+THISAPP    = stress-$(VER)
+DL_FILE    = $(THISAPP).tar.gz
+DL_FROM    = $(URL_IPFIRE)
+DIR_APP    = $(DIR_SRC)/$(THISAPP)
+TARGET     = $(DIR_INFO)/$(THISAPP)
+PROG       = stress
+PAK_VER    = 1
+
+DEPS       = ""
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = a607afa695a511765b40993a64c6e2f4
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist: 
+       @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+       @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+       @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+       @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+       @$(PREBUILD)
+       @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+       cd $(DIR_APP) && ./configure --prefix=/usr
+       cd $(DIR_APP) && make $(MAKETUNING)
+       cd $(DIR_APP) && make install
+       @rm -rf $(DIR_APP)
+       @$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 049bc0e..0934909 100755 (executable)
--- a/make.sh
+++ b/make.sh
@@ -25,8 +25,8 @@
 NAME="IPFire"                                                  # Software name
 SNAME="ipfire"                                                 # Short name
 VERSION="2.13"                                                 # Version number
-CORE="64"                                                      # Core Level (Filename)
-PAKFIRE_CORE="64"                                              # Core Level (PAKFIRE)
+CORE="65"                                                      # Core Level (Filename)
+PAKFIRE_CORE="65"                                              # Core Level (PAKFIRE)
 GIT_BRANCH=`git status | head -n1 | cut -d" " -f4`             # Git Branch
 SLOGAN="www.ipfire.org"                                                # Software slogan
 CONFIG_ROOT=/var/ipfire                                                # Configuration rootdir
@@ -747,6 +747,9 @@ buildipfire() {
   ipfiremake gpgme
   ipfiremake pygpgme
   ipfiremake pakfire3
+  ipfiremake stress
+  ipfiremake libstatgrab
+  ipfiremake sarg
   echo Build on $HOSTNAME > $BASEDIR/build/var/ipfire/firebuild
   cat /proc/version >> $BASEDIR/build/var/ipfire/firebuild
   echo >> $BASEDIR/build/var/ipfire/firebuild
diff --git a/src/paks/sarg/install.sh b/src/paks/sarg/install.sh
new file mode 100644 (file)
index 0000000..d3b17a9
--- /dev/null
@@ -0,0 +1,34 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>.                        #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+extract_files
+restore_backup ${NAME}
+
+# Create data directory.
+[ -d "/var/log/sarg" ] || mkdir /var/log/sarg
+
+# Create initial report.
+/usr/sbin/update-sarg-reports today >/dev/null 2>&1
+
+exit 0
diff --git a/src/paks/sarg/uninstall.sh b/src/paks/sarg/uninstall.sh
new file mode 100644 (file)
index 0000000..66f4344
--- /dev/null
@@ -0,0 +1,26 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>.                        #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+make_backup ${NAME}
+remove_files
diff --git a/src/paks/sarg/update.sh b/src/paks/sarg/update.sh
new file mode 100644 (file)
index 0000000..89c40d0
--- /dev/null
@@ -0,0 +1,26 @@
+#!/bin/bash
+############################################################################
+#                                                                          #
+# This file is part of the IPFire Firewall.                                #
+#                                                                          #
+# IPFire is free software; you can redistribute it and/or modify           #
+# it under the terms of the GNU General Public License as published by     #
+# the Free Software Foundation; either version 2 of the License, or        #
+# (at your option) any later version.                                      #
+#                                                                          #
+# IPFire is distributed in the hope that it will be useful,                #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of           #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the            #
+# GNU General Public License for more details.                             #
+#                                                                          #
+# You should have received a copy of the GNU General Public License        #
+# along with IPFire; if not, write to the Free Software                    #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA #
+#                                                                          #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>.                        #
+#                                                                          #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+./uninstall.sh
+./install.sh
diff --git a/src/scripts/ovpn-ccd-convert b/src/scripts/ovpn-ccd-convert
new file mode 100644 (file)
index 0000000..86b7c94
--- /dev/null
@@ -0,0 +1,48 @@
+#!/usr/bin/perl
+
+my %net=();
+my %ovpnconfig=();
+my @serverconf=();
+my $greennet;
+my $greensubnet;
+my $running='off';
+require '/var/ipfire/general-functions.pl';
+
+if ( -e "/var/run/openvpn.pid"){
+       $running='on';
+       system('/usr/local/bin/openvpnctrl', '-k');
+}
+
+&General::readhash("/var/ipfire/ethernet/settings", \%net);
+       $greennet=$net{'GREEN_NETADDRESS'};
+       $greensubnet=$net{'GREEN_NETMASK'};
+open(FILE,"/var/ipfire/ovpn/server.conf");
+                               while (<FILE>) {
+                                       $_=~s/\s*$//g;
+                                       if ($_ ne "route $greennet $greensubnet"){
+                                               push (@serverconf,$_."\n");
+                                       }else{
+                                               print"\nFound ROUTE >>route $greennet $greensubnet<< in server.conf.. Deleted!";
+                                       }
+                               }
+
+&General::readhasharray("/var/ipfire/ovpn/ovpnconfig", \%ovpnconfig);
+foreach my $key (keys %ovpnconfig){
+       if($ovpnconfig{$key}[32] eq '' && $ovpnconfig{$key}[3] eq 'host'){
+               open ( CCDRWCONF,'>',"/var/ipfire/ovpn/ccd/$ovpnconfig{$key}[2]") or die "Unable to create clientconfigfile $!";
+               print CCDRWCONF "# OpenVPN Clientconfig from CCD extension by Copymaster#\n\n";
+               print CCDRWCONF "#This client uses the dynamic pool\n\n";
+               print CCDRWCONF "\n#Client gets routes to these Networks (behind IPFIRE)\n";
+               print CCDRWCONF "push \"route $greennet $greensubnet\"\n";
+               close CCDRWCONF;
+               print"Client $ovpnconfig{$key}[2] converted! \n";
+       }else{
+               print "Client $ovpnconfig{$key}[2] NOT converted!\n";
+       }
+       $ovpnconfig{$key}[32] = 'dynamic';
+}
+&General::writehasharray("/var/ipfire/ovpn/ovpnconfig", \%ovpnconfig);
+if ($running eq 'on')
+{
+       system('/usr/local/bin/openvpnctrl', '-s');
+}
diff --git a/src/scripts/update-lang-cache b/src/scripts/update-lang-cache
new file mode 100644 (file)
index 0000000..971664e
--- /dev/null
@@ -0,0 +1,3 @@
+#!/bin/sh
+perl -e "require '//var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+