/var/ipfire/dhcp/*
/var/ipfire/main/*
/var/ipfire/outgoing/groups
+/var/ipfire/outgoing/macgroups
/var/ipfire/outgoing/rules
/var/ipfire/outgoing/p2protocols
/var/ipfire/ovpn
/var/ipfire/vpn
/var/log/ip-acct/*
/var/log/rrd/*
+/var/log/rrd/collectd
+/var/log/rrd/vnstat
/etc/sysconfig/firewall.local
/etc/sysconfig/rc.local
/root/.gitconfig
use Socket;
use IO::Socket;
use Net::SSLeay;
-use Net::IPv4Addr;
-
+use Net::IPv4Addr qw(:all);
$|=1; # line buffering
$General::version = 'VERSION';
return &validmask($mask);
}
+sub subtocidr
+{
+ #gets: Subnet in decimal (255.255.255.0)
+ #Gives: 24 (The cidr of network)
+ my ($byte1, $byte2, $byte3, $byte4) = split(/\./, $_[0].".0.0.0.0");
+ my $num = ($byte1 * 16777216) + ($byte2 * 65536) + ($byte3 * 256) + $byte4;
+ my $bin = unpack("B*", pack("N", $num));
+ my $count = ($bin =~ tr/1/1/);
+ return $count;
+}
+
+sub cidrtosub
+{
+ #gets: Cidr of network (20-30 for ccd)
+ #Konverts 30 to 255.255.255.252 e.g
+ my $cidr=$_[0];
+ my $netmask = &Net::IPv4Addr::ipv4_cidr2msk($cidr);
+ return "$netmask";
+}
+
+sub iporsubtodec
+{
+ #Gets: Ip address or subnetmask in decimal oder CIDR
+ #Gives: What it gets only in CIDR format
+ my $subnet=$_[0];
+ my $net;
+ my $mask;
+ my $full=0;
+ if ($subnet =~ /^(.*?)\/(.*?)$/) {
+ ($net,$mask) = split (/\//,$subnet);
+ $full=1;
+ return "$subnet";
+ }else{
+ $mask=$subnet;
+ }
+ #Subnet already in decimal and valid?
+ if ($mask=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ &&(($1<=255 && $2<=$1 && $3<=$2 && $4<=$3 ))) {
+ for (my $i=8;$i<=32;$i++){
+ if (&General::cidrtosub($i) eq $mask){
+ if ($full == 0){return $mask;}else{
+ return $net."/".$mask;
+ }
+ }
+ }
+ }
+ #Subnet in binary format?
+ if ($mask=~/^(\d{1,2})$/ && (($1<=32 && $1>=8))){
+ if($full == 0){ return &General::cidrtosub($mask);}else{
+ return $net."/".&General::cidrtosub($mask);
+ }
+ }else{
+ return 3;
+ }
+ return 3;
+}
+
+
+sub iporsubtocidr
+{
+ #gets: Ip Address or subnetmask in decimal oder CIDR
+ #Gives: What it gets only in CIDR format
+ my $subnet=$_[0];
+ my $net;
+ my $mask;
+ my $full=0;
+ if ($subnet =~ /^(.*?)\/(.*?)$/) {
+ ($net,$mask) = split (/\//,$subnet);
+ $full=1;
+ }else{
+ $mask=$subnet;
+ }
+ #Subnet in decimal and valid?
+ if ($mask=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ &&(($1<=255 && $2<=$1 && $3<=$2 && $4<=$3 ))) {
+ for (my $i=8;$i<=32;$i++){
+ if (&General::cidrtosub($i) eq $mask){
+ if ($full == 0){return &General::subtocidr($mask);}else{
+ return $net."/".&General::subtocidr($mask);
+ }
+ }
+ }
+ }
+ #Subnet already in binary format?
+ if ($mask=~/^(\d{1,2})$/ && (($1<=32 && $1>=8))){
+ if($full == 0){ return $mask;}else{
+ return $net."/".$mask;
+ }
+ }else{
+ return 3;
+ }
+ return 3;
+}
+
+sub getnetworkip
+{
+ #Gets: IP, CIDR (10.10.10.0-255, 24)
+ #Gives: 10.10.10.0
+ my ($ccdip,$ccdsubnet) = @_;
+ my $ip_address_binary = inet_aton( $ccdip );
+ my $netmask_binary = ~pack("N", (2**(32-$ccdsubnet))-1);
+ my $network_address = inet_ntoa( $ip_address_binary & $netmask_binary );
+ return $network_address;
+}
+
+sub getccdbc
+{
+ #Gets: IP in Form ("192.168.0.0/24")
+ #Gives: Broadcastaddress of network
+ my $ccdnet=$_;
+ my ($ccdip,$ccdsubnet) = split "/",$ccdnet;
+ my $ip_address_binary = inet_aton( $ccdip );
+ my $netmask_binary = ~pack("N", (2**(32-$ccdsubnet))-1);
+ my $broadcast_address = inet_ntoa( $ip_address_binary | ~$netmask_binary );
+ return $broadcast_address;
+}
+
+sub ip2dec
+{
+ my $ip_num;
+ my $ip=$_[0];
+ if ( $ip =~ /(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/ ) {
+ $ip_num = (($1*256**3) + ($2*256**2) + ($3*256) + $4);
+ } else {
+ $ip_num = -1;
+ }
+ $ip_num = (($1*256**3) + ($2*256**2) + ($3*256) + $4);
+ return($ip_num);
+}
+
+sub dec2ip
+{
+ my $ip;
+ my $ip_num=$_[0];
+ my $o1=$ip_num%256;
+ $ip_num=int($ip_num/256);
+ my $o2=$ip_num%256;
+ $ip_num=int($ip_num/256);
+ my $o3=$ip_num%256;
+ $ip_num=int($ip_num/256);
+ my $o4=$ip_num%256;
+ $ip="$o4.$o3.$o2.$o1";
+ return ($ip);
+}
+
+sub getnextip
+{
+ my $decip=&ip2dec($_[0]);
+ $decip=$decip+4;
+ return &dec2ip($decip);
+}
+
+sub getlastip
+{
+ my $decip=&ip2dec($_[0]);
+ $decip--;
+ return &dec2ip($decip);
+}
+
sub validipandmask
{
- my $ipandmask = $_[0];
+ #Gets: Ip address in 192.168.0.0/24 or 192.168.0.0/255.255.255.0 and checks if subnet valid
+ #Gives: True bzw 0 if success or false
+ my $ccdnet=$_[0];
+ my $subcidr;
+
+ if (!($ccdnet =~ /^(.*?)\/(.*?)$/)) {
+ return 0;
+ }
+ my ($ccdip,$ccdsubnet)=split (/\//, $ccdnet);
+ #IP valid?
+ if ($ccdip=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ &&(($1>0 && $1<=255 && $2>=0 && $2<=255 && $3>=0 && $3<=255 && $4<=255 ))) {
+ #Subnet in decimal and valid?
+ if ($ccdsubnet=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ &&(($1<=255 && $2<=$1 && $3<=$2 && $4<=$3 ))) {
+ for (my $i=8;$i<=32;$i++){
+ if (&General::cidrtosub($i) eq $ccdsubnet){
+ return 1;
+ }
+ }
+ #Subnet already in binary format?
+ }elsif ($ccdsubnet=~/^(\d{1,2})$/ && (($1<=32 && $1>=8))){
+ return 1;
+ }else{
+ return 0;
+ }
+
+ }
+ return 0;
+}
+
+sub checksubnets
+{
+
+ my %ccdconfhash=();
+ my @ccdconf=();
+ my $ccdname=$_[0];
+ my $ccdnet=$_[1];
+ my $errormessage;
+ my ($ip,$cidr)=split(/\//,$ccdnet);
+ $cidr=&iporsubtocidr($cidr);
+
+
+ #get OVPN-Subnet (dynamic range)
+ my %ovpnconf=();
+ &readhash("${General::swroot}/ovpn/settings", \%ovpnconf);
+ my ($ovpnip,$ovpncidr)= split (/\//,$ovpnconf{'DOVPN_SUBNET'});
+ $ovpncidr=&iporsubtocidr($ovpncidr);
+
+ #check if we try to use same network as ovpn server
+ if ("$ip/$cidr" eq "$ovpnip/$ovpncidr") {
+ $errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."<br>";
+ return $errormessage;
+ }
+
+ #check if we use a network-name/subnet that already exists
+ &readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+ foreach my $key (keys %ccdconfhash) {
+ @ccdconf=split(/\//,$ccdconfhash{$key}[1]);
+ if ($ccdname eq $ccdconfhash{$key}[0])
+ {
+ $errormessage=$errormessage.$Lang::tr{'ccd err nameexist'}."<br>";
+ return $errormessage;
+ }
+ my ($newip,$newsub) = split(/\//,$ccdnet);
+ if (&IpInSubnet($newip,$ccdconf[0],&iporsubtodec($ccdconf[1])))
+ {
+ $errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."<br>";
+ return $errormessage;
+ }
+
+ }
+ #check if we use a name which is already used by ovpn
+
+
+
+
+
+ #check if we use a ipsec right network which is already defined
+ my %ipsecconf=();
+ &General::readhasharray("${General::swroot}/vpn/config", \%ipsecconf);
+ foreach my $key (keys %ipsecconf){
+ if ($ipsecconf{$key}[11] ne ''){
+ #$errormessage="DRIN!";
+ #return $errormessage;
+
+ my ($ipsecip,$ipsecsub) = split (/\//, $ipsecconf{$key}[11]);
+ $ipsecsub=&iporsubtodec($ipsecsub);
+
+ if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){
+ $errormessage=$Lang::tr{'ccd err isipsecnet'}." Name: $ipsecconf{$key}[2]";
+ return $errormessage;
+ }
+ }
+ }
+
+
+ #check if we use one of ipfire's networks (green,orange,blue)
+ my %ownnet=();
+ &readhash("${General::swroot}/ethernet/settings", \%ownnet);
+ if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;}
+ if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;}
+ if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;}
+ if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'RED_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;}
+
+
- # split it into number and mask.
- if (!($ipandmask =~ /^(.*?)\/(.*?)$/)) {
- return 0; }
- my $ip = $1;
- my $mask = $2;
- # first part not a ip?
- if (!(&validip($ip))) {
- return 0; }
- return &validmask($mask);
}
+
sub validport
{
$_ = $_[0];
if (length ($hostname) < 1 || length ($hostname) > 63) {
return 0;}
# Only valid characters are a-z, A-Z, 0-9 and -
- if ($hostname !~ /^[a-zA-Z0-9-]*$/) {
+ if ($hostname !~ /^[a-zA-Z0-9-\s]*$/) {
return 0;}
# First character can only be a letter or a digit
if (substr ($hostname, 0, 1) !~ /^[a-zA-Z0-9]*$/) {
)
);
}
-
+sub NextIP2
+{
+ return &Socket::inet_ntoa( pack("N", 4 + unpack('N', &Socket::inet_aton(shift))
+ )
+ );
+}
sub ipcidr
{
my ($ip,$cidr) = &Net::IPv4Addr::ipv4_parse(shift);
open(FILE, ">$filename") or die "Unable to write to file $filename";
foreach $key (keys %$hash) {
- if ($key =~ /^[0-9]+$/) {
- print FILE "$key";
- foreach $i (0 .. $#{$hash->{$key}}) {
- print FILE ",$hash->{$key}[$i]";
- }
- print FILE "\n";
- }
+ if ($key =~ /^[0-9]+$/) {
+ print FILE "$key";
+ foreach $i (0 .. $#{$hash->{$key}}) {
+ print FILE ",$hash->{$key}[$i]";
+ }
+ print FILE "\n";
+ }
}
close FILE;
return;
*/5 * * * * test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.cyclic
01 * * * * test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.hourly
&nice(10),bootrun 25 1 * * * test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.daily
-&nice(10),bootrun 47 2 * * 0 test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.weekly
+&nice(10),bootrun 47 2 * * 1 test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.weekly
&nice(10),bootrun 52 3 1 * * test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.monthly
# Log rotation
Order deny,allow
Allow from all
</Directory>
+
+ Alias /proxy-reports/ /var/log/sarg/
+ <Directory /var/log/sarg>
+ AllowOverride None
+ Options None
+ AuthName "IPFire - Restricted"
+ AuthType Basic
+ AuthUserFile /var/ipfire/auth/users
+ Require user admin
+ </Directory>
</VirtualHost>
usr/local/bin/setddns.pl
usr/local/bin/settime
usr/local/bin/timecheck
+#usr/local/bin/uname
+usr/local/bin/update-lang-cache
+usr/local/bin/vpn-watch
#usr/local/include
#usr/local/lib
#usr/local/sbin
#usr/local/share/zoneinfo
#usr/local/src
#usr/sbin
+usr/sbin/ovpn-ccd-convert
#usr/share
#usr/share/doc
#usr/share/doc/licenses
--- /dev/null
+srv/web/ipfire/html/proxy.pac
+etc/udev/rules.d/30-persistent-network.rules
+etc/ipsec.conf
+etc/ipsec.secrets
+etc/ipsec.user.conf
+etc/ipsec.user.secrets
+var/updatecache
+etc/localtime
+var/ipfire/ovpn
+etc/ssh/ssh_config
+etc/ssh/sshd_config
+etc/ssl/openssl.cnf
+var/state/dhcp/dhcpd.leases
--- /dev/null
+usr/local/share/GeoIP/GeoIP.dat
--- /dev/null
+../../../common/daq
\ No newline at end of file
--- /dev/null
+etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf
+etc/system-release
+etc/issue
+srv/web/ipfire/cgi-bin/logs.cgi/calamaris.dat
+srv/web/ipfire/cgi-bin/ovpnmain.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
+usr/sbin/ovpn-ccd-convert
+var/ipfire/general-functions.pl
+var/ipfire/langs
+var/ipfire/backup/include
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2012 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+/usr/local/bin/backupctrl exclude >/dev/null 2>&1
+
+#
+# Remove old core updates from pakfire cache to save space...
+core=65
+for (( i=1; i<=$core; i++ ))
+do
+ rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire
+done
+
+#
+#Stop services
+
+#
+#Extract files
+extract_files
+
+#
+#Start services
+
+#
+#Update Language cache
+perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+
+# Convert OpenVPN RW connections.
+/usr/sbin/ovpn-ccd-convert
+
+# Update crontab.
+sed -i /var/spool/cron/root.orig \
+ -e 's@^.*fcron.weekly.*$@\&nice(10),bootrun 47 2 \* \* 1\ttest -x /usr/local/bin/run-parts \&\& /usr/local/bin/run-parts /etc/fcron.weekly@'
+fcrontab -z &>/dev/null
+
+# Reload apache configuration.
+/etc/init.d/apache reload &>/dev/null
+
+#Rebuild module dep's
+#arch=`uname -m`
+#if [ ${arch::3} == "arm" ]; then
+# depmod -a 2.6.32.45-ipfire-versatile >/dev/null 2>&1
+# depmod -a 2.6.32.45-ipfire-kirkwood >/dev/null 2>&1
+#else
+# depmod -a 2.6.32.45-ipfire >/dev/null 2>&1
+# depmod -a 2.6.32.45-ipfire-pae >/dev/null 2>&1
+# depmod -a 2.6.32.45-ipfire-xen >/dev/null 2>&1
+#fi
+
+
+#Rebuild initrd's because some compat-wireless modules are inside
+#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45.img 2.6.32.45-ipfire
+#if [ -e /boot/ipfirerd-2.6.32.45-pae.img ]; then
+#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45-pae.img 2.6.32.45-ipfire-pae
+#fi
+#if [ -e /boot/ipfirerd-2.6.32.45-xen.img ]; then
+#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45-xen.img 2.6.32.45-ipfire-xen
+#fi
+
+sync
+
+# This update need a reboot...
+#touch /var/run/need_reboot
+
+#
+#Finish
+/etc/init.d/fireinfo start
+sendprofile
+#Don't report the exitcode last command
+exit 0
--- /dev/null
+usr/bin/saidar
+usr/bin/statgrab
+#usr/bin/statgrab-make-mrtg-config
+#usr/bin/statgrab-make-mrtg-index
+#usr/include/statgrab.h
+#usr/include/statgrab_deprecated.h
+#usr/lib/libstatgrab.a
+#usr/lib/libstatgrab.la
+#usr/lib/libstatgrab.so
+usr/lib/libstatgrab.so.6
+usr/lib/libstatgrab.so.6.2.3
+#usr/lib/pkgconfig/libstatgrab.pc
+#usr/share/man/man1/saidar.1
+#usr/share/man/man1/statgrab-make-mrtg-config.1
+#usr/share/man/man1/statgrab-make-mrtg-index.1
+#usr/share/man/man1/statgrab.1
+#usr/share/man/man3/sg_get_cpu_percents.3
+#usr/share/man/man3/sg_get_cpu_stats.3
+#usr/share/man/man3/sg_get_cpu_stats_diff.3
+#usr/share/man/man3/sg_get_disk_io_stats.3
+#usr/share/man/man3/sg_get_disk_io_stats_diff.3
+#usr/share/man/man3/sg_get_fs_stats.3
+#usr/share/man/man3/sg_get_host_info.3
+#usr/share/man/man3/sg_get_load_stats.3
+#usr/share/man/man3/sg_get_mem_stats.3
+#usr/share/man/man3/sg_get_network_iface_stats.3
+#usr/share/man/man3/sg_get_network_io_stats.3
+#usr/share/man/man3/sg_get_network_io_stats_diff.3
+#usr/share/man/man3/sg_get_page_stats.3
+#usr/share/man/man3/sg_get_page_stats_diff.3
+#usr/share/man/man3/sg_get_process_count.3
+#usr/share/man/man3/sg_get_process_stats.3
+#usr/share/man/man3/sg_get_swap_stats.3
+#usr/share/man/man3/sg_get_user_stats.3
+#usr/share/man/man3/statgrab.3
--- /dev/null
+etc/fcron.daily/sarg-reports
+etc/fcron.hourly/sarg-reports
+etc/fcron.monthly/sarg-reports
+etc/fcron.weekly/sarg-reports
+etc/sarg
+etc/sarg/css.tpl
+etc/sarg/exclude_codes
+etc/sarg/sarg.conf
+#etc/sarg/sarg.conf.default
+etc/sarg/user_limit_block
+usr/bin/sarg
+usr/sbin/update-sarg-reports
+usr/share/locale/bg/LC_MESSAGES/sarg.mo
+usr/share/locale/ca/LC_MESSAGES/sarg.mo
+usr/share/locale/cs/LC_MESSAGES/sarg.mo
+usr/share/locale/da/LC_MESSAGES/sarg.mo
+usr/share/locale/de/LC_MESSAGES/sarg.mo
+usr/share/locale/el/LC_MESSAGES/sarg.mo
+usr/share/locale/es/LC_MESSAGES/sarg.mo
+usr/share/locale/fr/LC_MESSAGES/sarg.mo
+usr/share/locale/hu/LC_MESSAGES/sarg.mo
+usr/share/locale/id/LC_MESSAGES/sarg.mo
+usr/share/locale/it/LC_MESSAGES/sarg.mo
+usr/share/locale/ja/LC_MESSAGES/sarg.mo
+usr/share/locale/lv/LC_MESSAGES/sarg.mo
+usr/share/locale/nl/LC_MESSAGES/sarg.mo
+usr/share/locale/pl/LC_MESSAGES/sarg.mo
+usr/share/locale/pt/LC_MESSAGES/sarg.mo
+usr/share/locale/pt_BR/LC_MESSAGES/sarg.mo
+usr/share/locale/ro/LC_MESSAGES/sarg.mo
+usr/share/locale/ru/LC_MESSAGES/sarg.mo
+usr/share/locale/sk/LC_MESSAGES/sarg.mo
+usr/share/locale/sr/LC_MESSAGES/sarg.mo
+usr/share/locale/tr/LC_MESSAGES/sarg.mo
+usr/share/locale/uk/LC_MESSAGES/sarg.mo
+usr/share/locale/zh_CN/LC_MESSAGES/sarg.mo
+#usr/share/man/man1/sarg.1
+usr/share/sarg
+usr/share/sarg/fonts
+usr/share/sarg/fonts/DejaVuSans.ttf
+usr/share/sarg/fonts/FreeSans.ttf
+usr/share/sarg/fonts/README
+usr/share/sarg/fonts/license
+usr/share/sarg/images
+usr/share/sarg/images/datetime.png
+usr/share/sarg/images/graph.png
+usr/share/sarg/images/sarg-squidguard-block.png
+usr/share/sarg/images/sarg.png
--- /dev/null
+usr/bin/stress
+#usr/share/info/stress.info
+#usr/share/man/man1/stress.1
\ No newline at end of file
--- /dev/null
+#!/bin/bash
+
+/usr/sbin/update-sarg-reports daily >/dev/null 2>&1
+
+exit 0
--- /dev/null
+#!/bin/bash
+
+/usr/sbin/update-sarg-reports today >/dev/null 2>&1
+
+exit 0
--- /dev/null
+#!/bin/bash
+
+/usr/sbin/update-sarg-reports monthly >/dev/null 2>&1
+
+exit 0
--- /dev/null
+#!/bin/bash
+
+/usr/sbin/update-sarg-reports weekly >/dev/null 2>&1
+
+exit 0
--- /dev/null
+# sarg.conf
+#
+# TAG: access_log file
+# Where is the access.log file
+# sarg -l file
+#
+access_log /var/log/squid/access.log
+
+# TAG: graphs yes|no
+# Use graphics where is possible.
+# graph_days_bytes_bar_color blue|green|yellow|orange|brown|red
+#
+graphs yes
+graph_days_bytes_bar_color orange
+
+# TAG: graph_font
+# The full path to the TTF font file to use to create the graphs. It is required
+# if graphs is set to yes.
+#
+graph_font /usr/share/sarg/fonts/DejaVuSans.ttf
+
+# TAG: title
+# Especify the title for html page.
+#
+title "Squid User Access Reports"
+
+# TAG: font_face
+# Especify the font for html page.
+#
+font_face Tahoma,Verdana,Arial
+
+# TAG: header_color
+# Especify the header color
+#
+header_color darkblue
+
+# TAG: header_bgcolor
+# Especify the header bgcolor
+#
+header_bgcolor blanchedalmond
+
+# TAG: font_size
+# Especify the text font size
+#
+font_size 12px
+
+# TAG: header_font_size
+# Especify the header font size
+#
+header_font_size 12px
+
+# TAG: title_font_size
+# Especify the title font size
+#
+title_font_size 12px
+
+# TAG: background_color
+# TAG: background_color
+# Html page background color
+#
+# background_color white
+
+# TAG: text_color
+# Html page text color
+#
+text_color #000000
+
+# TAG: text_bgcolor
+# Html page text background color
+#
+text_bgcolor lavender
+
+# TAG: title_color
+# Html page title color
+#
+#title_color green
+
+# TAG: logo_image
+# Html page logo.
+#
+#logo_image none
+
+# TAG: logo_text
+# Html page logo text.
+#
+#logo_text ""
+
+# TAG: logo_text_color
+# Html page logo texti color.
+#
+#logo_text_color #000000
+
+# TAG: logo_image_size
+# Html page logo image size.
+# width height
+#
+#image_size 80 45
+
+# TAG: background_image
+# Html page background image
+#
+#background_image none
+
+# TAG: password
+# User password file used by Squid authentication scheme
+# If used, generate reports just for that users.
+#
+#password none
+
+# TAG: temporary_dir
+# Temporary directory name for work files
+# sarg -w dir
+#
+#temporary_dir /tmp
+
+# TAG: output_dir
+# The reports will be saved in that directory
+# sarg -o dir
+#
+output_dir /srv/web/ipfire/html/sarg
+
+# TAG: output_email
+# Email address to send the reports. If you use this tag, no html reports will be generated.
+# sarg -e email
+#
+#output_email none
+
+# TAG: resolve_ip yes/no
+# Convert ip address to dns name
+# sarg -n
+resolve_ip no
+
+# TAG: user_ip yes/no
+# Use Ip Address instead userid in reports.
+# sarg -p
+#user_ip no
+
+# TAG: topuser_sort_field field normal/reverse
+# Sort field for the Topuser Report.
+# Allowed fields: USER CONNECT BYTES TIME
+#
+#topuser_sort_field BYTES reverse
+
+# TAG: user_sort_field field normal/reverse
+# Sort field for the User Report.
+# Allowed fields: SITE CONNECT BYTES TIME
+#
+#user_sort_field BYTES reverse
+
+# TAG: exclude_users file
+# users within the file will be excluded from reports.
+# you can use indexonly to have only index.html file.
+#
+#exclude_users none
+
+# TAG: exclude_hosts file
+# Hosts, domains or subnets will be excluded from reports.
+#
+# Eg.: 192.168.10.10 - exclude ip address only
+# 192.168.10.0/24 - exclude full C class
+# s1.acme.foo - exclude hostname only
+# *.acme.foo - exclude full domain name
+#
+#exclude_hosts none
+
+# TAG: useragent_log file
+# useragent.log file patch to generate useragent report.
+#
+#useragent_log /var/log/squid/user_agent.log
+
+# TAG: date_format
+# Date format in reports: e (European=dd/mm/yy), u (American=mm/dd/yy), w (Weekly=yy.ww)
+#
+date_format e
+
+# TAG: per_user_limit file MB
+# Saves userid on file if download exceed n MB.
+# This option allow you to disable user access if user exceed a download limit.
+#
+#per_user_limit none
+
+# TAG: lastlog n
+# How many reports files must be keept in reports directory.
+# The oldest report file will be automatically removed.
+# 0 - no limit.
+#
+#lastlog 0
+
+# TAG: remove_temp_files yes
+# Remove temporary files: geral, usuarios, top, periodo from root report directory.
+#
+#remove_temp_files yes
+
+# TAG: index yes|no|only
+# Generate the main index.html.
+# only - generate only the main index.html
+#
+#index yes
+
+# TAG: index_tree date|file
+# How to generate the index.
+#
+#index_tree file
+
+# TAG: overwrite_report yes|no
+# yes - if report date already exist then will be overwrited.
+# no - if report date already exist then will be renamed to filename.n, filename.n+1
+#
+overwrite_report yes
+
+# TAG: records_without_userid ignore|ip|everybody
+# What can I do with records without user id (no authentication) in access.log file ?
+#
+# ignore - This record will be ignored.
+# ip - Use ip address instead. (default)
+# everybody - Use "everybody" instead.
+#
+#records_without_userid ip
+
+# TAG: use_comma no|yes
+# Use comma instead point in reports.
+# Eg.: use_comma yes => 23,450,110
+# use_comma no => 23.450.110
+#
+#use_comma no
+
+# TAG: mail_utility
+# Mail command to use to send reports via SMTP. Sarg calls it like this:
+# mail_utility -s "SARG report, date" "output_email" <"mail_content"
+#
+# Therefore, it is possible to add more arguments to the command by specifying them
+# here.
+#
+# If you need too, you can use a shell script to process the content of /dev/stdin
+# (/dev/stdin is the mail_content passed by sarg to the script) and call whatever
+# command you like. It is not limited to mailing the report via SMTP.
+#
+# Don't forget to quote the command if necessary (i.e. if the path contains
+# characters that must be quoted).
+#
+#mail_utility mailx
+
+# TAG: topsites_num n
+# How many sites in topsites report.
+#
+#topsites_num 100
+
+# TAG: topsites_sort_order CONNECT|BYTES A|D
+# Sort for topsites report, where A=Ascendent, D=Descendent
+#
+#topsites_sort_order CONNECT D
+
+# TAG: index_sort_order A/D
+# Sort for index.html, where A=Ascendent, D=Descendent
+#
+#index_sort_order D
+
+# TAG: exclude_codes file
+# Ignore records with these codes. Eg.: NONE/400
+# Write one code per line. Lines starting with a # are ignored.
+# Only codes matching exactly one of the line is rejected. The
+# comparison is not case sensitive.
+#
+#exclude_codes /usr/local/sarg/exclude_codes
+
+# TAG: replace_index string
+# Replace "index.html" in the main index file with this string
+# If null "index.html" is used
+#
+#replace_index <?php echo str_replace(".", "_", $REMOTE_ADDR); echo ".html"; ?>
+
+# TAG: max_elapsed milliseconds
+# If elapsed time is recorded in log is greater than max_elapsed use 0 for elapsed time.
+# Use 0 for no checking
+#
+#max_elapsed 28800000
+# 8 Hours
+
+# TAG: report_type type
+# What kind of reports to generate.
+# topusers - users, sites, times, bytes, connects, links to accessed sites, etc
+# topsites - site, connect and bytes report
+# sites_users - users and sites report
+# users_sites - accessed sites by the user report
+# date_time - bytes used per day and hour report
+# denied - denied sites with full URL report
+# auth_failures - autentication failures report
+# site_user_time_date - sites, dates, times and bytes report
+# downloads - downloads per user report
+#
+# Eg.: report_type topsites denied
+#
+report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads
+
+# TAG: usertab filename
+# You can change the "userid" or the "ip address" to be a real user name on the reports.
+# If resolve_ip is active, the ip address is resolved before being looked up into this
+# file. That is, if you want to map the ip address, be sure to set resolv_ip to no or
+# the resolved name will be looked into the file instead of the ip address. Note that
+# it can be used to resolve any ip address known to the dns and then map the unresolved
+# ip addresses to a name found in the usertab file.
+# Table syntax:
+# userid name or ip address name
+# Eg:
+# SirIsaac Isaac Newton
+# vinci Leonardo da Vinci
+# 192.168.10.1 Karol Wojtyla
+#
+# Each line must be terminated with '\n'
+# If usertab have value "ldap" (case ignoring), user names
+# will be taken from LDAP server. This method as approaches for reception
+# of usernames from Active Didectory
+#
+#usertab none
+
+# TAG: LDAPHost hostname
+# FQDN or IP address of host with LDAP service or AD DC
+# default is '127.0.0.1'
+#LDAPHost 127.0.0.1
+
+# TAG: LDAPPort port
+# LDAP service port number
+# default is '389'
+#LDAPPort 389
+
+# TAG: LDAPBindDN CN=username,OU=group,DC=mydomain,DC=com
+# DN of LDAP user, who is authorized to read user's names from LDAP base
+# default is empty line
+#LDAPBindDN cn=proxy,dc=mydomain,dc=local
+
+# TAG: LDAPBindPW secret
+# Password of DN, who is authorized to read user's names from LDAP base
+# default is empty line
+#LDAPBindPW secret
+
+# TAG: LDAPBaseSearch OU=users,DC=mydomain,DC=com
+# LDAP search base
+# default is empty line
+#LDAPBaseSearch ou=users,dc=mydomain,dc=local
+
+# TAG: LDAPFilterSearch (uid=%s)
+# User search filter by user's logins in LDAP
+# First founded record will be used
+# %s - will be changed to userlogins from access.log file
+# filter string can have up to 5 '%s' tags
+# default value is '(uid=%s)'
+#LDAPFilterSearch (uid=%s)
+
+# TAG: LDAPTargetAttr attributename
+# Name of the attribute containing a name of the user
+# default value is 'cn'
+#LDAPTargetAttr cn
+
+# TAG: long_url yes|no
+# If yes, the full url is showed in report.
+# If no, only the site will be showed
+#
+# YES option generate very big sort files and reports.
+#
+#long_url no
+
+# TAG: date_time_by bytes|elap
+# Date/Time reports show the downloaded volume or the elapsed time or both.
+#
+#date_time_by bytes
+
+# TAG: charset name
+# ISO 8859 is a full series of 10 standardized multilingual single-byte coded (8bit)
+# graphic character sets for writing in alphabetic languages
+# You can use the following charsets:
+# Latin1 - West European
+# Latin2 - East European
+# Latin3 - South European
+# Latin4 - North European
+# Cyrillic
+# Arabic
+# Greek
+# Hebrew
+# Latin5 - Turkish
+# Latin6
+# Windows-1251
+# Japan
+# Koi8-r
+# UTF-8
+#
+#charset Latin1
+
+# TAG: user_invalid_char "&/"
+# Records that contain invalid characters in userid will be ignored by Sarg.
+#
+#user_invalid_char "&/"
+
+# TAG: privacy yes|no
+# privacy_string "***.***.***.***"
+# privacy_string_color blue
+# In some countries the sysadm cannot see the visited sites by a restrictive law.
+# Using privacy yes the visited url will be changes by privacy_string and the link
+# will be removed from reports.
+#
+#privacy no
+#privacy_string "***.***.***.***"
+#privacy_string_color blue
+
+# TAG: include_users "user1:user2:...:usern"
+# Reports will be generated only for listed users.
+#
+#include_users none
+
+# TAG: exclude_string "string1:string2:...:stringn"
+# Records from access.log file that contain one of listed strings will be ignored.
+#
+#exclude_string none
+
+# TAG: show_successful_message yes|no
+# Shows "Successful report generated on dir" at end of process.
+#
+#show_successful_message yes
+
+# TAG: show_read_statistics yes|no
+# Shows some reading statistics.
+#
+show_read_statistics yes
+
+# TAG: topuser_fields
+# Which fields must be in Topuser report.
+#
+#topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
+
+# TAG: user_report_fields
+# Which fields must be in User report.
+#
+#user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE
+
+# TAG: bytes_in_sites_users_report yes|no
+# Bytes field must be in Site & Users Report ?
+#
+#bytes_in_sites_users_report no
+
+# TAG: topuser_num n
+# How many users in topsites report. 0 = no limit
+#
+#topuser_num 0
+
+# TAG: datafile file
+# Save the report results in a file to populate some database
+#
+#datafile none
+
+# TAG: datafile_delimiter ";"
+# ascii character to use as a field separator in datafile
+#
+#datafile_delimiter ";"
+
+# TAG: datafile_fields all
+# Which data fields must be in datafile
+# user;date;time;url;connect;bytes;in_cache;out_cache;elapsed
+#
+#datafile_fields user;date;time;url;connect;bytes;in_cache;out_cache;elapsed
+
+# TAG: datafile_url ip|name
+# Saves the URL as ip or name in datafile
+#
+#datafile_url ip
+
+# TAG: weekdays
+# The weekdays to take into account ( Sunday->0, Saturday->6 )
+# Example:
+#weekdays 1-3,5
+# Default:
+#weekdays 0-6
+
+# TAG: hours
+# The hours to take into account
+# Example:
+#hours 7-12,14,16,18-20
+# Default:
+#hours 0-23
+
+# TAG: dansguardian_conf file
+# DansGuardian.conf file path
+# Generate reports from DansGuardian logs.
+# Use 'none' to disable it.
+# dansguardian_conf /usr/dansguardian/dansguardian.conf
+#
+#dansguardian_conf none
+
+# TAG: dansguardian_filter_out_date on|off
+# This option replaces dansguardian_ignore_date whose name was not appropriate with respect to its action.
+# Note the change of parameter value compared with the old option.
+# 'off' use the record even if its date is outside of the range found in the input log file.
+# 'on' use the record only if its date is in the range found in the input log file.
+#
+#dansguardian_filter_out_date on
+
+# TAG: squidguard_conf file
+# path to squidGuard.conf file
+# Generate reports from SquidGuard logs.
+# Use 'none' to disable.
+# You can use sarg -L filename to use an alternate squidGuard log.
+# squidguard_conf /usr/local/squidGuard/squidGuard.conf
+#
+#squidguard_conf none
+
+# TAG: redirector_log file
+# the location of the web proxy redirector log such as one created by squidGuard or Rejik. The option
+# may be repeated up to 64 times to read multiple files.
+# If this option is specified, it takes precedence over squidguard_conf.
+# The command line option -L override this option.
+#
+#redirector_log /usr/local/squidGuard/var/logs/urls.log
+
+# TAG: redirector_filter_out_date on|off
+# This option replaces squidguard_ignore_date and redirector_ignore_date whose names were not
+# appropriate with respect to their action.
+# Note the change of parameter value compared with the old options.
+# 'off' use the record even if its date is outside of the range found in the input log file.
+# 'on' use the record only if its date is in the range found in the input log file.
+#
+#redirector_filter_out_date on
+
+# TAG: redirector_log_format
+# Format string for web proxy redirector logs.
+# This option was named squidguard_log_format before sarg 2.3.
+# REJIK #year#-#mon#-#day# #hour# #list#:#tmp# #ip# #user# #tmp#/#tmp#/#url#/#end#
+# SQUIDGUARD #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
+#redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end#
+
+# TAG: show_sarg_info yes|no
+# shows sarg information and site path on each report bottom
+#
+#show_sarg_info yes
+
+# TAG: show_sarg_logo yes|no
+# shows sarg logo
+#
+#show_sarg_logo yes
+
+# TAG: parsed_output_log directory
+# Saves the processed log in a sarg format after parsing the squid log file.
+# This is a way to dump all of the data structures out, after parsing from
+# the logs (presumably this data will be much smaller than the log files themselves),
+# and pull them back in for later processing and merging with data from previous logs.
+#
+#parsed_output_log none
+
+# TAG: parsed_output_log_compress /bin/gzip|/usr/bin/bzip2|nocompress
+# Command to run to compress sarg parsed output log. It may contain
+# options (such as -f to overwrite existing target file). The name of
+# the file to compresse is provided at the end of this
+# command line. Don't forget to quote things appropriately.
+#
+#parsed_output_log_compress /bin/gzip
+
+# TAG: displayed_values bytes|abbreviation
+# how the values will be displayed in reports.
+# eg. bytes - 209.526
+# abbreviation - 210K
+#
+#displayed_values bytes
+
+# Report limits
+# TAG: authfail_report_limit n
+# TAG: denied_report_limit n
+# TAG: siteusers_report_limit n
+# TAG: squidguard_report_limit n
+# TAG: user_report_limit n
+# TAG: dansguardian_report_limit n
+# TAG: download_report_limit n
+# report limits (lines).
+# '0' no limit
+#
+#authfail_report_limit 10
+#denied_report_limit 10
+#siteusers_report_limit 0
+#squidguard_report_limit 10
+#dansguardian_report_limit 10
+#user_report_limit 10
+#user_report_limit 50
+
+# TAG: www_document_root dir
+# Where is your Web DocumentRoot
+# Sarg will create sarg-php directory with some PHP modules:
+# - sarg-squidguard-block.php - add urls from user reports to squidGuard DB
+#
+#www_document_root /var/www/html
+
+# TAG: block_it module_url
+# This tag allow you to pass urls from user reports to a cgi or php module,
+# to be blocked by some Squid acl
+#
+# Eg.: block_it /sarg-php/sarg-block-it.php
+# sarg-block-it is a php that will append a url to a flat file.
+# You must change /var/www/html/sarg-php/sarg-block-it to point to your file
+# in $filename variable, and chown to a httpd owner.
+#
+# sarg will pass http://module_url?url=url
+#
+#block_it none
+
+# TAG: external_css_file path
+# Provide the path to an external css file to link into the HTML reports instead of
+# the inline css written by sarg when this option is not set.
+#
+# In versions prior to 2.3, this used to be an absolute file name to
+# a file to include verbatim in each HTML page but, as it takes a lot of
+# space, version 2.3 switched to a link to an external css file.
+# Therefore, this option must contain the HTTP server path on which a client
+# browser may find the css file.
+#
+# Sarg use theses style classes:
+# .logo logo class
+# .info sarg information class, align=center
+# .title_c title class, align=center
+# .header_c header class, align:center
+# .header_l header class, align:left
+# .header_r header class, align:right
+# .text text class, align:right
+# .data table text class, align:right
+# .data2 table text class, align:left
+# .data3 table text class, align:center
+# .link link class
+#
+# Sarg can be instructed to output the internal css it inline
+# into the reports with this command:
+#
+# sarg --css
+#
+# You can redirect the output to a file of your choice and edit
+# it to your liking.
+#
+#external_css_file none
+
+# TAG: user_authentication yes|no
+# Allow user authentication in User Reports using .htaccess
+# Parameters:
+# AuthUserTemplateFile - The template to use to create the
+# .htaccess file. In the template, %u is replaced by the
+# user's ID for which the report is generated. The path of the
+# template is relative to the directory containing sarg
+# configuration file.
+#
+# user_authentication no
+# AuthUserTemplateFile sarg_htaccess
+
+# TAG: download_suffix "suffix,suffix,...,suffix"
+# file suffix to be considered as "download" in Download report.
+# Use 'none' to disable.
+#
+download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg"
+
+# TAG: ulimit n
+# The maximum number of open file descriptors to avoid "Too many open files" error message.
+# You need to run sarg as root to use ulimit tag.
+# If you run sarg with a low privilege user, set to 'none' to disable ulimit
+#
+#ulimit 20000
+
+# TAG: ntlm_user_format username|domainname+username
+# NTLM users format.
+#
+#ntlm_user_format domainname+username
+
+# TAG: realtime_refresh_time num sec
+# How many time to auto refresh the realtime report
+# 0 = disable
+#
+# realtime_refresh_time 3
+
+# TAG: realtime_access_log_lines num
+# How many last lines to get from access.log file
+#
+# realtime_access_log_lines 1000
+
+# TAG: realtime_types: GET,PUT,CONNECT,ICP_QUERY,POST
+# Which records must be in realtime report.
+#
+# realtime_types GET,PUT,CONNECT
+
+# TAG: realtime_unauthenticated_records: ignore|show
+# What to do with unauthenticated records in realtime report.
+#
+# realtime_unauthenticated_records: show
+
+# TAG: byte_cost value no_cost_limit
+# Cost per byte.
+# Eg. byte_cost 0.01 100000000
+# per byte cost = 0.01
+# bytes with no cost = 100 Mb
+# 0 = disable
+#
+# byte_cost 0.01 50000000
+
+# TAG: squid24 on|off
+# Compatilibity with squid version <= 2.4 when using emulate_http_log on
+#
+# squid24 off
--- /dev/null
+#!/bin/bash
+###############################################################################
+# #
+# IPFire.org - An Open Source Firewall Solution #
+# Copyright (C) 2012 Michael Tremer #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+export LC_ALL=C
+
+SARG_CONFIG="/etc/sarg/sarg.conf"
+SQUID_LOG="/var/log/squid/access.log"
+REPORTS_PATH="/var/log/sarg"
+
+function date_calc() {
+ local when
+ local range="false"
+
+ case "${1}" in
+ month)
+ when="1 month ago"
+ range="true"
+ ;;
+ week)
+ when="1 week ago"
+ ;;
+ yesterday)
+ when="1 day ago"
+ ;;
+ today)
+ when="today"
+ ;;
+ *)
+ return 1
+ ;;
+ esac
+
+ if [ "${range}" = "true" ]; then
+ echo "$(date --date "${when}" +01/%m/%Y)-$(date --date "${when}" +31/%m/%Y)"
+ else
+ date --date "${when}" +%d/%m/%Y
+ fi
+
+ return 0
+}
+
+function compile_report() {
+ local interval=${1}
+
+ local date
+ case "${interval}" in
+ today)
+ date=$(date_calc today)
+ ;;
+ daily)
+ date=$(date_calc yesterday)
+ ;;
+ weekly)
+ date="$(date_calc week)-$(date_calc yesterday)"
+ ;;
+ monthly)
+ date="$(date_calc month)"
+ ;;
+ esac
+ [ -n "${date}" ] || return 1
+
+ # Determine max. number of archived log files to search.
+ local max_logs
+ case "${interval}" in
+ today|daily)
+ max_logs=3
+ ;;
+ weekly)
+ max_logs=14
+ ;;
+ monthly)
+ max_logs=40
+ ;;
+ esac
+
+ # Create reports_path, if not exists.
+ local reports_path="${REPORTS_PATH}/${interval}"
+ mkdir -p ${reports_path}
+
+ # Remove already existant data on today's reports.
+ case "${interval}" in
+ today)
+ rm -rf ${reports_path}/*
+ ;;
+ esac
+
+ # Run SARG.
+ get_logs ${max_logs} | sarg -f ${SARG_CONFIG} -l - -d ${date} -o ${reports_path}
+}
+
+function get_logs() {
+ local max=${1}
+
+ if [ -z "${max}" ]; then
+ max=10000
+ fi
+
+ local idx=0
+ while [ ${idx} -le ${max} ]; do
+ file=$(search_log_file ${idx})
+
+ # If no log file could be opened, we are done.
+ [ -z "${file}" ] && break
+
+ case "${file}" in
+ # Logs in plain text.
+ *.log)
+ cat ${file}
+ ;;
+
+ # GZip compressed log files.
+ *.gz)
+ gzip -d < ${file}
+ ;;
+
+ # XZ compressed log files.
+ *.xz)
+ xz -d < ${file}
+ ;;
+
+ # Unhandled stuff.
+ *)
+ echo "Unhandled file type: ${file}" >&2
+ ;;
+ esac
+
+ idx=$(( ${idx} + 1 ))
+ done
+
+ return 0
+}
+
+function search_log_file() {
+ local idx=${1}
+
+ if [ "${idx}" = "0" ] && [ -e "${SQUID_LOG}" ]; then
+ echo "${SQUID_LOG}"
+ return 0
+ fi
+
+ local algo
+ for algo in gz xz; do
+ file="${SQUID_LOG}.${idx}.${algo}"
+
+ if [ -e "${file}" ]; then
+ echo "${file}"
+ return 0
+ fi
+ done
+
+ return 1
+}
+
+# Main.
+
+case "${1}" in
+ today|daily|weekly|monthly)
+ compile_report ${1}
+ ;;
+ *)
+ echo "${0} - Squid proxy reports creation tool"
+ echo
+ echo "Usage: ${0} [interval]"
+ echo " interval: today, daily, weekly, monthly"
+ echo
+ exit 0
+ ;;
+esac
+
+exit 0
WARNING: translation string unused: calamaris report interval (in minutes)
WARNING: translation string unused: calc traffic all x minutes
WARNING: translation string unused: capsinactive
+WARNING: translation string unused: ccd err iroute
+WARNING: translation string unused: ccd err netadr
+WARNING: translation string unused: ccd maxclients
WARNING: translation string unused: cfg restart
WARNING: translation string unused: check for net traffic update
WARNING: translation string unused: choose config
WARNING: translation string unused: calamaris report interval (in minutes)
WARNING: translation string unused: calc traffic all x minutes
WARNING: translation string unused: capsinactive
+WARNING: translation string unused: ccd err iroute
+WARNING: translation string unused: ccd err netadr
WARNING: translation string unused: cfg restart
WARNING: translation string unused: check for net traffic update
WARNING: translation string unused: choose config
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: Set time on boot
WARNING: untranslated string: advproxy errmsg invalid upstream proxy
+WARNING: untranslated string: attention
WARNING: untranslated string: bytes
+WARNING: untranslated string: ccd add
+WARNING: untranslated string: ccd choose net
+WARNING: untranslated string: ccd client options
+WARNING: untranslated string: ccd clientip
+WARNING: untranslated string: ccd dynrange
+WARNING: untranslated string: ccd err blue
+WARNING: untranslated string: ccd err green
+WARNING: untranslated string: ccd err hostinnet
+WARNING: untranslated string: ccd err inuse
+WARNING: untranslated string: ccd err invalidname
+WARNING: untranslated string: ccd err invalidnet
+WARNING: untranslated string: ccd err irouteexist
+WARNING: untranslated string: ccd err isipsecnet
+WARNING: untranslated string: ccd err isovpnnet
+WARNING: untranslated string: ccd err issubnet
+WARNING: untranslated string: ccd err name
+WARNING: untranslated string: ccd err nameexist
+WARNING: untranslated string: ccd err netadrexist
+WARNING: untranslated string: ccd err orange
+WARNING: untranslated string: ccd err red
+WARNING: untranslated string: ccd err routeovpn
+WARNING: untranslated string: ccd err routeovpn2
+WARNING: untranslated string: ccd hint
+WARNING: untranslated string: ccd invalid
+WARNING: untranslated string: ccd iroute
+WARNING: untranslated string: ccd iroute2
+WARNING: untranslated string: ccd iroutehint
+WARNING: untranslated string: ccd modify
+WARNING: untranslated string: ccd name
+WARNING: untranslated string: ccd net
+WARNING: untranslated string: ccd noaddnet
+WARNING: untranslated string: ccd none
+WARNING: untranslated string: ccd routes
+WARNING: untranslated string: ccd subnet
+WARNING: untranslated string: ccd used
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: fireinfo is disabled
WARNING: untranslated string: outgoing firewall p2p description 3
WARNING: untranslated string: outgoing firewall reserved groupname
WARNING: untranslated string: outgoing firewall view group
+WARNING: untranslated string: ovpn errmsg green already pushed
+WARNING: untranslated string: ovpn errmsg invalid ip or mask
+WARNING: untranslated string: ovpn mtu-disc
+WARNING: untranslated string: ovpn mtu-disc and mtu not 1500
+WARNING: untranslated string: ovpn mtu-disc maybe
+WARNING: untranslated string: ovpn mtu-disc no
+WARNING: untranslated string: ovpn mtu-disc off
+WARNING: untranslated string: ovpn mtu-disc with mssfix or fragment
+WARNING: untranslated string: ovpn mtu-disc yes
+WARNING: untranslated string: ovpn routes push
+WARNING: untranslated string: ovpn routes push options
WARNING: untranslated string: pakfire ago
+WARNING: untranslated string: proxy reports
+WARNING: untranslated string: proxy reports daily
+WARNING: untranslated string: proxy reports monthly
+WARNING: untranslated string: proxy reports today
+WARNING: untranslated string: proxy reports weekly
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
+WARNING: untranslated string: server restart
WARNING: untranslated string: static routes
WARNING: untranslated string: system information
WARNING: untranslated string: visit us at
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: advproxy errmsg invalid upstream proxy
+WARNING: untranslated string: attention
WARNING: untranslated string: bytes
+WARNING: untranslated string: ccd add
+WARNING: untranslated string: ccd choose net
+WARNING: untranslated string: ccd client options
+WARNING: untranslated string: ccd clientip
+WARNING: untranslated string: ccd dynrange
+WARNING: untranslated string: ccd err blue
+WARNING: untranslated string: ccd err green
+WARNING: untranslated string: ccd err hostinnet
+WARNING: untranslated string: ccd err inuse
+WARNING: untranslated string: ccd err invalidname
+WARNING: untranslated string: ccd err invalidnet
+WARNING: untranslated string: ccd err irouteexist
+WARNING: untranslated string: ccd err isipsecnet
+WARNING: untranslated string: ccd err isovpnnet
+WARNING: untranslated string: ccd err issubnet
+WARNING: untranslated string: ccd err name
+WARNING: untranslated string: ccd err nameexist
+WARNING: untranslated string: ccd err netadrexist
+WARNING: untranslated string: ccd err orange
+WARNING: untranslated string: ccd err red
+WARNING: untranslated string: ccd err routeovpn
+WARNING: untranslated string: ccd err routeovpn2
+WARNING: untranslated string: ccd hint
+WARNING: untranslated string: ccd invalid
+WARNING: untranslated string: ccd iroute
+WARNING: untranslated string: ccd iroute2
+WARNING: untranslated string: ccd iroutehint
+WARNING: untranslated string: ccd modify
+WARNING: untranslated string: ccd name
+WARNING: untranslated string: ccd net
+WARNING: untranslated string: ccd noaddnet
+WARNING: untranslated string: ccd none
+WARNING: untranslated string: ccd routes
+WARNING: untranslated string: ccd subnet
+WARNING: untranslated string: ccd used
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: dns address deleted txt
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: other
WARNING: untranslated string: our donors
WARNING: untranslated string: outgoing firewall reserved groupname
+WARNING: untranslated string: ovpn mtu-disc
+WARNING: untranslated string: ovpn mtu-disc and mtu not 1500
+WARNING: untranslated string: ovpn mtu-disc maybe
+WARNING: untranslated string: ovpn mtu-disc no
+WARNING: untranslated string: ovpn mtu-disc off
+WARNING: untranslated string: ovpn mtu-disc with mssfix or fragment
+WARNING: untranslated string: ovpn mtu-disc yes
WARNING: untranslated string: pakfire ago
+WARNING: untranslated string: proxy reports
+WARNING: untranslated string: proxy reports daily
+WARNING: untranslated string: proxy reports monthly
+WARNING: untranslated string: proxy reports today
+WARNING: untranslated string: proxy reports weekly
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
+WARNING: untranslated string: server restart
WARNING: untranslated string: snort working
WARNING: untranslated string: static routes
WARNING: untranslated string: system information
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: Set time on boot
WARNING: untranslated string: advproxy errmsg invalid upstream proxy
+WARNING: untranslated string: attention
WARNING: untranslated string: bytes
+WARNING: untranslated string: ccd add
+WARNING: untranslated string: ccd choose net
+WARNING: untranslated string: ccd client options
+WARNING: untranslated string: ccd clientip
+WARNING: untranslated string: ccd dynrange
+WARNING: untranslated string: ccd err blue
+WARNING: untranslated string: ccd err green
+WARNING: untranslated string: ccd err hostinnet
+WARNING: untranslated string: ccd err inuse
+WARNING: untranslated string: ccd err invalidname
+WARNING: untranslated string: ccd err invalidnet
+WARNING: untranslated string: ccd err irouteexist
+WARNING: untranslated string: ccd err isipsecnet
+WARNING: untranslated string: ccd err isovpnnet
+WARNING: untranslated string: ccd err issubnet
+WARNING: untranslated string: ccd err name
+WARNING: untranslated string: ccd err nameexist
+WARNING: untranslated string: ccd err netadrexist
+WARNING: untranslated string: ccd err orange
+WARNING: untranslated string: ccd err red
+WARNING: untranslated string: ccd err routeovpn
+WARNING: untranslated string: ccd err routeovpn2
+WARNING: untranslated string: ccd hint
+WARNING: untranslated string: ccd invalid
+WARNING: untranslated string: ccd iroute
+WARNING: untranslated string: ccd iroute2
+WARNING: untranslated string: ccd iroutehint
+WARNING: untranslated string: ccd modify
+WARNING: untranslated string: ccd name
+WARNING: untranslated string: ccd net
+WARNING: untranslated string: ccd noaddnet
+WARNING: untranslated string: ccd none
+WARNING: untranslated string: ccd routes
+WARNING: untranslated string: ccd subnet
+WARNING: untranslated string: ccd used
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: fireinfo ipfire version
WARNING: untranslated string: fireinfo is disabled
WARNING: untranslated string: outgoing firewall p2p description 3
WARNING: untranslated string: outgoing firewall reserved groupname
WARNING: untranslated string: outgoing firewall view group
+WARNING: untranslated string: ovpn errmsg green already pushed
+WARNING: untranslated string: ovpn errmsg invalid ip or mask
+WARNING: untranslated string: ovpn mtu-disc
+WARNING: untranslated string: ovpn mtu-disc and mtu not 1500
+WARNING: untranslated string: ovpn mtu-disc maybe
+WARNING: untranslated string: ovpn mtu-disc no
+WARNING: untranslated string: ovpn mtu-disc off
+WARNING: untranslated string: ovpn mtu-disc with mssfix or fragment
+WARNING: untranslated string: ovpn mtu-disc yes
+WARNING: untranslated string: ovpn routes push
+WARNING: untranslated string: ovpn routes push options
WARNING: untranslated string: pakfire ago
+WARNING: untranslated string: proxy reports
+WARNING: untranslated string: proxy reports daily
+WARNING: untranslated string: proxy reports monthly
+WARNING: untranslated string: proxy reports today
+WARNING: untranslated string: proxy reports weekly
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
+WARNING: untranslated string: server restart
WARNING: untranslated string: static routes
WARNING: untranslated string: system information
WARNING: untranslated string: visit us at
WARNING: untranslated string: Edit an existing route
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: advproxy errmsg invalid upstream proxy
+WARNING: untranslated string: attention
WARNING: untranslated string: bytes
+WARNING: untranslated string: ccd add
+WARNING: untranslated string: ccd choose net
+WARNING: untranslated string: ccd client options
+WARNING: untranslated string: ccd clientip
+WARNING: untranslated string: ccd dynrange
+WARNING: untranslated string: ccd err blue
+WARNING: untranslated string: ccd err green
+WARNING: untranslated string: ccd err hostinnet
+WARNING: untranslated string: ccd err inuse
+WARNING: untranslated string: ccd err invalidname
+WARNING: untranslated string: ccd err invalidnet
+WARNING: untranslated string: ccd err irouteexist
+WARNING: untranslated string: ccd err isipsecnet
+WARNING: untranslated string: ccd err isovpnnet
+WARNING: untranslated string: ccd err issubnet
+WARNING: untranslated string: ccd err name
+WARNING: untranslated string: ccd err nameexist
+WARNING: untranslated string: ccd err netadrexist
+WARNING: untranslated string: ccd err orange
+WARNING: untranslated string: ccd err red
+WARNING: untranslated string: ccd err routeovpn
+WARNING: untranslated string: ccd err routeovpn2
+WARNING: untranslated string: ccd hint
+WARNING: untranslated string: ccd invalid
+WARNING: untranslated string: ccd iroute
+WARNING: untranslated string: ccd iroute2
+WARNING: untranslated string: ccd iroutehint
+WARNING: untranslated string: ccd modify
+WARNING: untranslated string: ccd name
+WARNING: untranslated string: ccd net
+WARNING: untranslated string: ccd noaddnet
+WARNING: untranslated string: ccd none
+WARNING: untranslated string: ccd routes
+WARNING: untranslated string: ccd subnet
+WARNING: untranslated string: ccd used
WARNING: untranslated string: deprecated fs warn
WARNING: untranslated string: disk access per
WARNING: untranslated string: extrahd because there is already a device mounted
WARNING: untranslated string: our donors
WARNING: untranslated string: outgoing firewall reserved groupname
WARNING: untranslated string: outgoing traffic in bytes per second
+WARNING: untranslated string: ovpn mtu-disc
+WARNING: untranslated string: ovpn mtu-disc and mtu not 1500
+WARNING: untranslated string: ovpn mtu-disc maybe
+WARNING: untranslated string: ovpn mtu-disc no
+WARNING: untranslated string: ovpn mtu-disc off
+WARNING: untranslated string: ovpn mtu-disc with mssfix or fragment
+WARNING: untranslated string: ovpn mtu-disc yes
+WARNING: untranslated string: proxy reports
+WARNING: untranslated string: proxy reports daily
+WARNING: untranslated string: proxy reports monthly
+WARNING: untranslated string: proxy reports today
+WARNING: untranslated string: proxy reports weekly
WARNING: untranslated string: route config changed
WARNING: untranslated string: routing config added
WARNING: untranslated string: routing config changed
WARNING: untranslated string: routing table
+WARNING: untranslated string: server restart
WARNING: untranslated string: static routes
WARNING: untranslated string: visit us at
WARNING: untranslated string: vpn keyexchange
############################################################################
# Checking cgi-bin translations for language: en #
############################################################################
+< ccd maxclients
############################################################################
# Checking install/setup translations for language: fr #
############################################################################
# Checking cgi-bin translations for language: fr #
############################################################################
< advproxy errmsg invalid upstream proxy
+< attention
+< ccd add
+< ccd choose net
+< ccd clientip
+< ccd client options
+< ccd dynrange
+< ccd err blue
+< ccd err green
+< ccd err hostinnet
+< ccd err inuse
+< ccd err invalidname
+< ccd err invalidnet
+< ccd err iroute
+< ccd err irouteexist
+< ccd err isipsecnet
+< ccd err isovpnnet
+< ccd err issubnet
+< ccd err name
+< ccd err nameexist
+< ccd err netadr
+< ccd err netadrexist
+< ccd err orange
+< ccd err red
+< ccd err routeovpn
+< ccd err routeovpn2
+< ccd hint
+< ccd invalid
+< ccd iroute
+< ccd iroute2
+< ccd iroutehint
+< ccd maxclients
+< ccd modify
+< ccd name
+< ccd net
+< ccd noaddnet
+< ccd none
+< ccd routes
+< ccd subnet
+< ccd used
< deprecated fs warn
< dns address deleted txt
< fireinfo ipfire version
< openvpn subnet is used
< other
< our donors
+< ovpn mtu-disc
+< ovpn mtu-disc and mtu not 1500
+< ovpn mtu-disc maybe
+< ovpn mtu-disc no
+< ovpn mtu-disc off
+< ovpn mtu-disc with mssfix or fragment
+< ovpn mtu-disc yes
+< proxy reports
+< proxy reports daily
+< proxy reports monthly
+< proxy reports today
+< proxy reports weekly
+< server restart
< snort working
< static routes
< system information
############################################################################
< advproxy errmsg invalid upstream proxy
< Async logging enabled
+< attention
+< ccd add
+< ccd choose net
+< ccd clientip
+< ccd client options
+< ccd dynrange
+< ccd err blue
+< ccd err green
+< ccd err hostinnet
+< ccd err inuse
+< ccd err invalidname
+< ccd err invalidnet
+< ccd err iroute
+< ccd err irouteexist
+< ccd err isipsecnet
+< ccd err isovpnnet
+< ccd err issubnet
+< ccd err name
+< ccd err nameexist
+< ccd err netadr
+< ccd err netadrexist
+< ccd err orange
+< ccd err red
+< ccd err routeovpn
+< ccd err routeovpn2
+< ccd hint
+< ccd invalid
+< ccd iroute
+< ccd iroute2
+< ccd iroutehint
+< ccd maxclients
+< ccd modify
+< ccd name
+< ccd net
+< ccd noaddnet
+< ccd none
+< ccd routes
+< ccd subnet
+< ccd used
< deprecated fs warn
< fireinfo ipfire version
< fireinfo is disabled
< outgoing firewall p2p description 2
< outgoing firewall p2p description 3
< outgoing firewall view group
+< ovpn errmsg green already pushed
+< ovpn errmsg invalid ip or mask
+< ovpn mtu-disc
+< ovpn mtu-disc and mtu not 1500
+< ovpn mtu-disc maybe
+< ovpn mtu-disc no
+< ovpn mtu-disc off
+< ovpn mtu-disc with mssfix or fragment
+< ovpn mtu-disc yes
+< ovpn routes push
+< ovpn routes push options
+< proxy reports
+< proxy reports daily
+< proxy reports monthly
+< proxy reports today
+< proxy reports weekly
+< server restart
< Set time on boot
< static routes
< system information
# Checking cgi-bin translations for language: pl #
############################################################################
< advproxy errmsg invalid upstream proxy
+< attention
+< ccd add
+< ccd choose net
+< ccd clientip
+< ccd client options
+< ccd dynrange
+< ccd err blue
+< ccd err green
+< ccd err hostinnet
+< ccd err inuse
+< ccd err invalidname
+< ccd err invalidnet
+< ccd err iroute
+< ccd err irouteexist
+< ccd err isipsecnet
+< ccd err isovpnnet
+< ccd err issubnet
+< ccd err name
+< ccd err nameexist
+< ccd err netadr
+< ccd err netadrexist
+< ccd err orange
+< ccd err red
+< ccd err routeovpn
+< ccd err routeovpn2
+< ccd hint
+< ccd invalid
+< ccd iroute
+< ccd iroute2
+< ccd iroutehint
+< ccd maxclients
+< ccd modify
+< ccd name
+< ccd net
+< ccd noaddnet
+< ccd none
+< ccd routes
+< ccd subnet
+< ccd used
< deprecated fs warn
< extrahd because there is already a device mounted
< extrahd cant umount
< openvpn subnet is used
< other
< our donors
+< ovpn errmsg green already pushed
+< ovpn errmsg invalid ip or mask
+< ovpn mtu-disc
+< ovpn mtu-disc and mtu not 1500
+< ovpn mtu-disc maybe
+< ovpn mtu-disc no
+< ovpn mtu-disc off
+< ovpn mtu-disc with mssfix or fragment
+< ovpn mtu-disc yes
+< ovpn routes push
+< ovpn routes push options
+< proxy reports
+< proxy reports daily
+< proxy reports monthly
+< proxy reports today
+< proxy reports weekly
+< server restart
< static routes
< visit us at
< vpn keyexchange
############################################################################
< Add a route
< advproxy errmsg invalid upstream proxy
+< attention
+< ccd add
+< ccd choose net
+< ccd clientip
+< ccd client options
+< ccd dynrange
+< ccd err blue
+< ccd err green
+< ccd err hostinnet
+< ccd err inuse
+< ccd err invalidname
+< ccd err invalidnet
+< ccd err iroute
+< ccd err irouteexist
+< ccd err isipsecnet
+< ccd err isovpnnet
+< ccd err issubnet
+< ccd err name
+< ccd err nameexist
+< ccd err netadr
+< ccd err netadrexist
+< ccd err orange
+< ccd err red
+< ccd err routeovpn
+< ccd err routeovpn2
+< ccd hint
+< ccd invalid
+< ccd iroute
+< ccd iroute2
+< ccd iroutehint
+< ccd maxclients
+< ccd modify
+< ccd name
+< ccd net
+< ccd noaddnet
+< ccd none
+< ccd routes
+< ccd subnet
+< ccd used
< day-graph
< deprecated fs warn
< disk access per
< other
< our donors
< outgoing traffic in bytes per second
+< ovpn mtu-disc
+< ovpn mtu-disc and mtu not 1500
+< ovpn mtu-disc maybe
+< ovpn mtu-disc no
+< ovpn mtu-disc off
+< ovpn mtu-disc with mssfix or fragment
+< ovpn mtu-disc yes
+< proxy reports
+< proxy reports daily
+< proxy reports monthly
+< proxy reports today
+< proxy reports weekly
+< server restart
< static routes
< visit us at
< vpn keyexchange
my $squidlogdir = "/var/log/squid";
my $reportdir = "${General::swroot}/proxy/calamaris/reports";
+my $sargdir = "/var/log/sarg";
unless (-e $reportdir) { mkdir($reportdir) }
delete $reportsettings{'DAY_END'};
delete $reportsettings{'MONTH_END'};
delete $reportsettings{'YEAR_END'};
+ delete $reportsettings{'REPORT'};
&General::writehash("${General::swroot}/proxy/calamaris/settings", \%reportsettings);
&Header::closebox();
}
+# Link sarg reports.
+if (-e $sargdir) {
+ &Header::openbox('100%', 'left', "$Lang::tr{'proxy reports'}:");
+
+ print <<END;
+ <table width="100%">
+ <tr>
+END
+
+ # Today.
+ if (-e "$sargdir/today") {
+ print <<END;
+ <td width="25%" align="center">
+ <a href="/proxy-reports/today" target="_blank">$Lang::tr{'proxy reports today'}</a>
+ </td>
+END
+ } else {
+ print <<END;
+ <td width="25%" align="center">
+ $Lang::tr{'proxy reports today'}
+ </td>
+END
+ }
+
+ # Daily.
+ if (-e "$sargdir/daily") {
+ print <<END;
+ <td width="25%" align="center">
+ <a href="/proxy-reports/daily" target="_blank">$Lang::tr{'proxy reports daily'}</a>
+ </td>
+END
+ } else {
+ print <<END;
+ <td width="25%" align="center">
+ $Lang::tr{'proxy reports daily'}
+ </td>
+END
+ }
+
+ # Weekly.
+ if (-e "$sargdir/weekly") {
+ print <<END;
+ <td width="25%" align="center">
+ <a href="/proxy-reports/weekly" target="_blank">$Lang::tr{'proxy reports weekly'}</a>
+ </td>
+END
+ } else {
+ print <<END;
+ <td width="25%" align="center">
+ $Lang::tr{'proxy reports weekly'}
+ </td>
+END
+ }
+
+ # Monthly.
+ if (-e "$sargdir/monthly") {
+ print <<END;
+ <td width="25%" align="center">
+ <a href="/proxy-reports/monthly" target="_blank">$Lang::tr{'proxy reports monthly'}</a>
+ </td>
+END
+ } else {
+ print <<END;
+ <td width="25%" align="center">
+ $Lang::tr{'proxy reports monthly'}
+ </td>
+END
+ }
+
+ print <<END;
+ </tr>
+ </table>
+
+ <br><br>
+END
+
+ &Header::closebox();
+}
+
+
&Header::openbox('100%', 'left', "$Lang::tr{'settings'}:");
print <<END
if (@reports)
{
print "<td><select name='REPORT' size='5'>\n";
- my $n=0;
foreach (@reports)
{
@reportdata=split(/#/);
print "\t<option ";
- if ($n eq '0') { print "selected "; $reportsettings{'REPORT'}=$reportdata[1]; $n++}
+ if ($reportsettings{'REPORT'} eq $reportdata[1]) { print "selected ";}
print "value='$reportdata[1]'>$reportdata[2] - $reportdata[3]</option>\n";
}
print "</select></td>\n";
require "${General::swroot}/countries.pl";
# enable only the following on debugging purpose
-use warnings;
-use CGI::Carp 'fatalsToBrowser';
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
#workaround to suppress a warning when a variable is used only once
-my @dummy = ( ${Header::colourgreen} );
+my @dummy = ( ${Header::colourgreen}, ${Header::colourblue} );
undef (@dummy);
my %color = ();
###
### Initialize variables
###
+my %ccdconfhash=();
+my %ccdroutehash=();
+my %ccdroute2hash=();
my %netsettings=();
my %cgiparams=();
my %vpnsettings=();
my $errormessage = '';
my %settings=();
my $routes_push_file = '';
+my $confighost="${General::swroot}/fwhosts/customhosts";
+my $configgrp="${General::swroot}/fwhosts/customgroups";
+my $customnet="${General::swroot}/fwhosts/customnetworks";
+my $name;
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
$cgiparams{'ENABLED'} = 'off';
$cgiparams{'ENABLED_BLUE'} = 'off';
$cgiparams{'ROUTES_PUSH'} = '';
$cgiparams{'DCOMPLZO'} = 'off';
$cgiparams{'MSSFIX'} = '';
+$cgiparams{'number'} = '';
+$cgiparams{'PMTU_DISCOVERY'} = '';
$routes_push_file = "${General::swroot}/ovpn/routes_push";
unless (-e $routes_push_file) { system("touch $routes_push_file"); }
+unless (-e "${General::swroot}/ovpn/ccd.conf") { system("touch ${General::swroot}/ovpn/ccd.conf"); }
+unless (-e "${General::swroot}/ovpn/ccdroute") { system("touch ${General::swroot}/ovpn/ccdroute"); }
+unless (-e "${General::swroot}/ovpn/ccdroute2") { system("touch ${General::swroot}/ovpn/ccdroute2"); }
&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
return;
}
-
sub writeserverconf {
my %sovpnsettings = ();
my @temp = ();
print CONF "#DAN prepare OpenVPN for listening on blue and orange\n";
print CONF ";local $sovpnsettings{'VPN_IP'}\n";
print CONF "dev $sovpnsettings{'DDEVICE'}\n";
- print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n";
print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
print CONF "script-security 3 system\n";
print CONF "dh /var/ipfire/ovpn/ca/dh1024.pem\n";
my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'});
print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n";
- print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
-
+ #print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
+
+ # Check if we are using mssfix, fragment or mtu-disc and set the corretct mtu of 1500.
+ # If we doesn't use one of them, we can use the configured mtu value.
+ if ($sovpnsettings{'MSSFIX'} eq 'on')
+ { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
+ elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp')
+ { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
+ elsif (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
+ { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
+ else
+ { print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; }
+
if ($vpnsettings{'ROUTES_PUSH'} ne '') {
- @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'});
- foreach (@temp)
- {
- @tempovpnsubnet = split("\/",&General::ipcidr2msk($_));
- print CONF "push \"route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . "\"\n";
+ @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'});
+ foreach (@temp)
+ {
+ @tempovpnsubnet = split("\/",&General::ipcidr2msk($_));
+ print CONF "push \"route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . "\"\n";
+ }
}
- }
+# a.marx ccd
+ my %ccdconfhash=();
+ &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+ foreach my $key (keys %ccdconfhash) {
+ my $a=$ccdconfhash{$key}[1];
+ my ($b,$c) = split (/\//, $a);
+ print CONF "route $b ".&General::cidrtosub($c)."\n";
+ }
+ my %ccdroutehash=();
+ &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+ foreach my $key (keys %ccdroutehash) {
+ foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
+ my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]);
+ print CONF "route $a $b\n";
+ }
+ }
+# ccd end
- if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
+ if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
print CONF "client-to-client\n";
}
if ($sovpnsettings{MSSFIX} eq 'on') {
if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') {
print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
}
+
+ # Check if a valid operating mode has been choosen and use it.
+ if (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' )) {
+ print CONF "mtu-disc $sovpnsettings{'PMTU_DISCOVERY'}\n";
+ }
+
if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {
print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
}
close(CONF);
}
-#
+
sub emptyserverlog{
if (open(FILE, ">/var/log/ovpnserver.log")) {
flock FILE, 2;
}
+sub delccdnet
+{
+ my %ccdconfhash = ();
+ my %ccdhash = ();
+ my $ccdnetname=$_[0];
+ if (-f "${General::swroot}/ovpn/ovpnconfig"){
+ &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
+ foreach my $key (keys %ccdhash) {
+ if ($ccdhash{$key}[32] eq $ccdnetname) {
+ $errormessage=$Lang::tr{'ccd err hostinnet'};
+ return;
+ }
+ }
+ }
+ &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+ foreach my $key (keys %ccdconfhash) {
+ if ($ccdconfhash{$key}[0] eq $ccdnetname){
+ delete $ccdconfhash{$key};
+ }
+ }
+ &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+
+ &writeserverconf;
+ return 0;
+}
+
+sub addccdnet
+{
+ my %ccdconfhash=();
+ my @ccdconf=();
+ my $ccdname=$_[0];
+ my $ccdnet=$_[1];
+ my $subcidr;
+ my @ip2=();
+ my $checkup;
+ my $ccdip;
+ my $baseaddress;
+
+
+ #check name
+ if ($ccdname eq '')
+ {
+ $errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>";
+ return
+ }
+
+ if(!&General::validhostname($ccdname))
+ {
+ $errormessage=$Lang::tr{'ccd err invalidname'};
+ return;
+ }
+
+ ($ccdip,$subcidr) = split (/\//,$ccdnet);
+ $subcidr=&General::iporsubtocidr($subcidr);
+ #check subnet
+ if ($subcidr > 30)
+ {
+ $errormessage=$Lang::tr{'ccd err invalidnet'};
+ return;
+ }
+ #check ip
+ if (!&General::validipandmask($ccdnet)){
+ $errormessage=$Lang::tr{'ccd err invalidnet'};
+ return;
+ }
+
+ $errormessage=&General::checksubnets($ccdname,$ccdnet);
+
+
+ if (!$errormessage) {
+ my %ccdconfhash=();
+ $baseaddress=&General::getnetworkip($ccdip,$subcidr);
+ &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+ my $key = &General::findhasharraykey (\%ccdconfhash);
+ foreach my $i (0 .. 1) { $ccdconfhash{$key}[$i] = "";}
+ $ccdconfhash{$key}[0] = $ccdname;
+ $ccdconfhash{$key}[1] = $baseaddress."/".$subcidr;
+ &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+ &writeserverconf;
+ $cgiparams{'ccdname'}='';
+ $cgiparams{'ccdsubnet'}='';
+ return 1;
+ }
+}
+
+sub modccdnet
+{
+
+ my $newname=$_[0];
+ my $oldname=$_[1];
+ my %ccdconfhash=();
+ my %ccdhash=();
+ &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+ foreach my $key (keys %ccdconfhash) {
+ if ($ccdconfhash{$key}[0] eq $oldname) {
+ foreach my $key1 (keys %ccdconfhash) {
+ if ($ccdconfhash{$key1}[0] eq $newname){
+ $errormessage=$errormessage.$Lang::tr{'ccd err netadrexist'};
+ return;
+ }else{
+ $ccdconfhash{$key}[0]= $newname;
+ &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+ last;
+ }
+ }
+ }
+ }
+
+ &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
+ foreach my $key (keys %ccdhash) {
+ if ($ccdhash{$key}[32] eq $oldname) {
+ $ccdhash{$key}[32]=$newname;
+ &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
+ last;
+ }
+ }
+
+ return 0;
+}
+sub ccdmaxclients
+{
+ my $ccdnetwork=$_[0];
+ my @octets=();
+ my @subnet=();
+ @octets=split("\/",$ccdnetwork);
+ @subnet= split /\./, &General::cidrtosub($octets[1]);
+ my ($a,$b,$c,$d,$e);
+ $a=256-$subnet[0];
+ $b=256-$subnet[1];
+ $c=256-$subnet[2];
+ $d=256-$subnet[3];
+ $e=($a*$b*$c*$d)/4;
+ return $e-1;
+}
+
+sub getccdadresses
+{
+ my $ipin=$_[0];
+ my ($ip1,$ip2,$ip3,$ip4)=split /\./, $ipin;
+ my $cidr=$_[1];
+ chomp($cidr);
+ my $count=$_[2];
+ my $hasip=$_[3];
+ chomp($hasip);
+ my @iprange=();
+ my %ccdhash=();
+ &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
+ $iprange[0]=$ip1.".".$ip2.".".$ip3.".".2;
+ for (my $i=1;$i<=$count;$i++) {
+ my $tmpip=$iprange[$i-1];
+ my $stepper=$i*4;
+ $iprange[$i]= &General::getnextip($tmpip,4);
+ }
+ my $r=0;
+ foreach my $key (keys %ccdhash) {
+ $r=0;
+ foreach my $tmp (@iprange){
+ my ($net,$sub) = split (/\//,$ccdhash{$key}[33]);
+ if ($net eq $tmp) {
+ if ( $hasip ne $ccdhash{$key}[33] ){
+ splice (@iprange,$r,1);
+ }
+ }
+ $r++;
+ }
+ }
+ return @iprange;
+}
+
+sub fillselectbox
+{
+ my $boxname=$_[1];
+ my ($ccdip,$subcidr) = split("/",$_[0]);
+ my $tz=$_[2];
+ my @allccdips=&getccdadresses($ccdip,$subcidr,&ccdmaxclients($ccdip."/".$subcidr),$tz);
+ print"<select name='$boxname' STYLE='font-family : arial; font-size : 9pt; width:130px;' >";
+ foreach (@allccdips) {
+ my $ip=$_."/30";
+ chomp($ip);
+ print "<option value='$ip' ";
+ if ( $ip eq $cgiparams{$boxname} ){
+ print"selected";
+ }
+ print ">$ip</option>";
+ }
+ print "</select>";
+}
+
+sub hostsinnet
+{
+ my $name=$_[0];
+ my %ccdhash=();
+ my $i=0;
+ &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
+ foreach my $key (keys %ccdhash) {
+ if ($ccdhash{$key}[32] eq $name){ $i++;}
+ }
+ return $i;
+}
+
+sub check_routes_push
+{
+ my $val=$_[0];
+ my ($ip,$cidr) = split (/\//, $val);
+ ##check for existing routes in routes_push
+ if (-e "${General::swroot}/ovpn/routes_push") {
+ open(FILE,"${General::swroot}/ovpn/routes_push");
+ while (<FILE>) {
+ $_=~s/\s*$//g;
+
+ my ($ip2,$cidr2) = split (/\//,"$_");
+ my $val2=$ip2."/".&General::iporsubtodec($cidr2);
+
+ if($val eq $val2){
+ return 0;
+ }
+ #subnetcheck
+ if (&General::IpInSubnet ($ip,$ip2,&General::iporsubtodec($cidr2))){
+ return 0;
+ }
+ };
+ close(FILE);
+ }
+ return 1;
+}
+
+sub check_ccdroute
+{
+ my %ccdroutehash=();
+ my $val=$_[0];
+ my ($ip,$cidr) = split (/\//, $val);
+ #check for existing routes in ccdroute
+ &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+ foreach my $key (keys %ccdroutehash) {
+ foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
+ if (&General::iporsubtodec($val) eq $ccdroutehash{$key}[$i] && $ccdroutehash{$key}[0] ne $cgiparams{'NAME'}){
+ return 0;
+ }
+ my ($ip2,$cidr2) = split (/\//,$ccdroutehash{$key}[$i]);
+ #subnetcheck
+ if (&General::IpInSubnet ($ip,$ip2,$cidr2)&& $ccdroutehash{$key}[0] ne $cgiparams{'NAME'} ){
+ return 0;
+ }
+ }
+ }
+ return 1;
+}
+sub check_ccdconf
+{
+ my %ccdconfhash=();
+ my $val=$_[0];
+ my ($ip,$cidr) = split (/\//, $val);
+ #check for existing routes in ccdroute
+ &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+ foreach my $key (keys %ccdconfhash) {
+ if (&General::iporsubtocidr($val) eq $ccdconfhash{$key}[1]){
+ return 0;
+ }
+ my ($ip2,$cidr2) = split (/\//,$ccdconfhash{$key}[1]);
+ #subnetcheck
+ if (&General::IpInSubnet ($ip,$ip2,&General::cidrtosub($cidr2))){
+ return 0;
+ }
+
+ }
+ return 1;
+}
+
###
# m.a.d net2net
###
while (<FILE>) { $vpnsettings{'ROUTES_PUSH'} .= $_ };
close(FILE);
$cgiparams{'ROUTES_PUSH'} = $vpnsettings{'ROUTES_PUSH'};
+
}
}
&emptyserverlog();
}
# #restart openvpn server
- if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){
+# if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){
#workarund, till SIGHUP also works when running as nobody
- system('/usr/local/bin/openvpnctrl', '-r');
- &emptyserverlog();
- }
+# system('/usr/local/bin/openvpnctrl', '-r');
+# &emptyserverlog();
+# }
}
###
$vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
$vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
$vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
+ $vpnsettings{'PMTU_DISCOVERY'} = $cgiparams{'PMTU_DISCOVERY'};
my @temp=();
if ($cgiparams{'FRAGMENT'} eq '') {
} else {
$vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
}
+
+ if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
+
+ if (($cgiparams{'MSSFIX'} eq 'on') || ($cgiparams{'FRAGMENT'} ne '')) {
+ $errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'};
+ goto ADV_ERROR;
+ }
+ }
+
if ($cgiparams{'DHCP_DOMAIN'} ne ''){
unless (&General::validfqdn($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
$errormessage = $Lang::tr{'invalid input for dhcp domain'};
if ($cgiparams{'ROUTES_PUSH'} ne ''){
@temp = split(/\n/,$cgiparams{'ROUTES_PUSH'});
undef $vpnsettings{'ROUTES_PUSH'};
- foreach (@temp)
+
+ foreach my $tmpip (@temp)
{
s/^\s+//g; s/\s+$//g;
- if ($_)
+
+ if ($tmpip)
{
- unless (&General::validipandmask($_)) {
- $errormessage = $Lang::tr{'ovpn errmsg invalid ip or mask'};
- goto ADV_ERROR;
+ $tmpip=~s/\s*$//g;
+ unless (&General::validipandmask($tmpip)) {
+ $errormessage = "$tmpip ".$Lang::tr{'ovpn errmsg invalid ip or mask'};
+ goto ADV_ERROR;
}
- my ($ip, $cidr) = split("\/",&General::ipcidr2msk($_));
+ my ($ip, $cidr) = split("\/",&General::ipcidr2msk($tmpip));
+
if ($ip eq $netsettings{'GREEN_NETADDRESS'} && $cidr eq $netsettings{'GREEN_NETMASK'}) {
$errormessage = $Lang::tr{'ovpn errmsg green already pushed'};
- goto ADV_ERROR;
+ goto ADV_ERROR;
}
- $vpnsettings{'ROUTES_PUSH'} .= $_."\n";
+# a.marx ccd
+ my %ccdroutehash=();
+ &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+ foreach my $key (keys %ccdroutehash) {
+ foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
+ if ( $ip."/".$cidr eq $ccdroutehash{$key}[$i] ){
+ $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ;
+ goto ADV_ERROR;
+ }
+ my ($ip2,$cidr2) = split(/\//,$ccdroutehash{$key}[$i]);
+ if (&General::IpInSubnet ($ip,$ip2,$cidr2)){
+ $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ;
+ goto ADV_ERROR;
+ }
+ }
+ }
+
+# ccd end
+
+ $vpnsettings{'ROUTES_PUSH'} .= $tmpip."\n";
}
- }
- &write_routepushfile;
+ }
+ &write_routepushfile;
undef $vpnsettings{'ROUTES_PUSH'};
}
else {
if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";}
if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; };
}
+
+ # Check if a valid operating mode has been choosen and use it.
+ if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
+ if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) {
+ if($cgiparams{'MTU'} eq '1500') {
+ print SERVERCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n";
+ }
+ }
+ }
print SERVERCONF "# Auth. Server\n";
print SERVERCONF "tls-server\n";
print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";}
if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; };
}
+
+ # Check if a valid operating mode has been choosen and use it.
+ if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
+ if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) {
+ if ($cgiparams{'MTU'} eq '1500') {
+ print CLIENTCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n";
+ }
+ }
+ }
print CLIENTCONF "ns-cert-type server\n";
print CLIENTCONF "# Auth. Client\n";
my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk \'{print \$1}\'`;
if ($confighash{$cgiparams{'KEY'}}) {
+ if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
+ $confighash{$cgiparams{'KEY'}}[0] = 'on';
+ &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-
- if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
- $confighash{$cgiparams{'KEY'}}[0] = 'on';
- &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-
- if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
+ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
- }
-
- } else {
+ }
+ } else {
- $confighash{$cgiparams{'KEY'}}[0] = 'off';
- &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+ $confighash{$cgiparams{'KEY'}}[0] = 'off';
+ &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
+ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
if ($n2nactive ne ''){
- system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
- }
+ system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
+ }
- } else {
+ } else {
$errormessage = $Lang::tr{'invalid key'};
- }
+ }
}
}
if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";}
if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";}
}
+ if (($confighash{$cgiparams{'KEY'}}[38] eq 'yes') ||
+ ($confighash{$cgiparams{'KEY'}}[38] eq 'maybe') ||
+ ($confighash{$cgiparams{'KEY'}}[38] eq 'no' )) {
+ if (($confighash{$cgiparams{'KEY'}}[23] ne 'on') || ($confighash{$cgiparams{'KEY'}}[24] eq '')) {
+ if ($tunmtu eq '1500' ) {
+ print CLIENTCONF "mtu-disc $confighash{$cgiparams{'KEY'}}[38]\n";
+ }
+ }
+ }
print CLIENTCONF "ns-cert-type server\n";
print CLIENTCONF "# Auth. Client\n";
print CLIENTCONF "tls-client\n";
my $zip = Archive::Zip->new();
- print CLIENTCONF "#OpenVPN Server conf\r\n";
+ print CLIENTCONF "#OpenVPN Client conf\r\n";
print CLIENTCONF "tls-client\r\n";
print CLIENTCONF "client\r\n";
+ print CLIENTCONF "nobind\n";
print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n";
print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n";
- print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n";
+
+ # Check if we are using fragment, mssfix or mtu-disc and set MTU to 1500
+ # or use configured value.
+ if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' )
+ { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
+ elsif ($vpnsettings{MSSFIX} eq 'on')
+ { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
+ elsif (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
+ { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
+ else
+ { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; }
+
if ( $vpnsettings{'ENABLED'} eq 'on'){
print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n";
if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){
if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) {
print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
}
+
+ # Check if a valid operating mode has been choosen and use it.
+ if (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' )) {
+ if(($vpnsettings{MSSFIX} ne 'on') || ($vpnsettings{FRAGMENT} eq '')) {
+ print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\n";
+ }
+ }
close(CLIENTCONF);
$zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
}
unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
- unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+ unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+
+# A.Marx CCD delete ccd files and routes
+
+
+ if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]")
+ {
+ unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]";
+ }
+
+ &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+ foreach my $key (keys %ccdroutehash) {
+ if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
+ delete $ccdroutehash{$key};
+ }
+ }
+ &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+
+ &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+ foreach my $key (keys %ccdroute2hash) {
+ if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
+ delete $ccdroute2hash{$key};
+ }
+ }
+ &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+ &writeserverconf;
+
+
+# CCD end
+
+
delete $confighash{$cgiparams{'KEY'}};
my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+
#&writeserverconf();
} else {
$errormessage = $Lang::tr{'invalid key'};
%cgiparams = ();
%cahash = ();
%confighash = ();
+ my $disabled;
&General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
read_routepushfile;
-
+
+
# if ($cgiparams{'CLIENT2CLIENT'} eq '') {
# $cgiparams{'CLIENT2CLIENT'} = 'on';
# }
$checked{'MSSFIX'}{'off'} = '';
$checked{'MSSFIX'}{'on'} = '';
$checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
+ $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
$selected{'LOG_VERB'}{'1'} = '';
$selected{'LOG_VERB'}{'2'} = '';
$selected{'LOG_VERB'}{'3'} = '';
$selected{'LOG_VERB'}{'11'} = '';
$selected{'LOG_VERB'}{'0'} = '';
$selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
-
-
-
+
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'status ovpn'}, 1, '');
&Header::openbigbox('100%', 'LEFT', '', $errormessage);
}
&Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'});
print <<END
- <form method='post' enctype='multipart/form-data'>
- <table width='100%'>
+ <form method='post' enctype='multipart/form-data' disabled>
+ <table width='100%' border=0>
<tr>
<td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
</tr>
</tr>
<tr>
<td class='base'>Domain</td>
- <td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30' /></td>
+ <td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30' /></td>
</tr>
<tr>
<td class='base'>DNS</td>
print $cgiparams{'ROUTES_PUSH'};
}
-print <<END
+print <<END;
</textarea></td>
</tr>
</tr>
<td class'base'><b>$Lang::tr{'misc-options'}</b></td>
</tr>
<tr>
- <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='50%'></td>
+ <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td>
</tr>
<tr>
<td class='base'>Client-To-Client</td>
<td class='base'>mssfix</td>
<td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
<td>Default: on</td>
- </tr>
+ </tr>
+
+ <tr>
+ <td class='base'>$Lang::tr{'ovpn mtu-disc'}</td>
+ <td><input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}</td>
+ <td><input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}</td>
+ <td><input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'}</td>
+ <td><input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'}</td>
+ </tr>
</table>
<!--
<option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
<option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
<option value='0' $selected{'LOG_VERB'}{'0'}>0</option></select></td>
-</table>
-<hr size='1'>
+</table><hr>
+END
+
+if ( -e "/var/run/openvpn.pid"){
+print" <br><b><font color='#990000'>$Lang::tr{'attention'}:</b></font><br>
+ $Lang::tr{'server restart'}<br><br>
+ <hr>";
+ print<<END
+<table width='100%'>
+<tr>
+ <td> </td>
+ <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' disabled='disabled' /></td>
+ <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
+ <td> </td>
+</tr>
+</table>
+</form>
+END
+;
+
+
+}else{
+
+print<<END
<table width='100%'>
<tr>
<td> </td>
</form>
END
;
-
+}
&Header::closebox();
# print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
&Header::closebigbox();
&Header::closepage();
exit(0);
+
+# A.Marx CCD Add,delete or edit CCD net
+
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ccd net'} ||
+ $cgiparams{'ACTION'} eq $Lang::tr{'ccd add'} ||
+ $cgiparams{'ACTION'} eq "kill" ||
+ $cgiparams{'ACTION'} eq "edit" ||
+ $cgiparams{'ACTION'} eq 'editsave'){
+ &Header::showhttpheaders();
+ &Header::openpage($Lang::tr{'ccd net'}, 1, '');
+ &Header::openbigbox('100%', 'LEFT', '', '');
+
+ if ($cgiparams{'ACTION'} eq "kill"){
+ &delccdnet($cgiparams{'net'});
+ }
+
+ if ($cgiparams{'ACTION'} eq 'editsave'){
+ my ($a,$b) =split (/\|/,$cgiparams{'ccdname'});
+ if ( $a ne $b){ &modccdnet($a,$b);}
+ $cgiparams{'ccdname'}='';
+ $cgiparams{'ccdsubnet'}='';
+ }
+
+ if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) {
+ &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'});
+ }
+ if ($errormessage) {
+ &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
+ print "<class name='base'>$errormessage";
+ print " </class>";
+ &Header::closebox();
+ }
+if ($cgiparams{'ACTION'} eq "edit"){
+
+ &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'});
+
+ print <<END
+ <table width='100%' border=0>
+ <tr><form method='post'>
+ <td width='10%' nowrap='nowrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
+ <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' readonly /></td></tr>
+ <tr><td colspan='4' align='right'><hr><input type='submit' value='$Lang::tr{'save'}' /><input type='hidden' name='ACTION' value='editsave'/>
+ <input type='hidden' name='ccdname' value='$cgiparams{'ccdname'}'/><input type='submit' value='$Lang::tr{'cancel'}' />
+ </td></tr>
+ </table></form>
+END
+;
+ &Header::closebox();
+
+ &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
+ print <<END
+ <table width='100%' border='0' cellpadding='0' cellspacing='1'>
+ <tr>
+ <td class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' width='15%' align='center'><b>$Lang::tr{'ccd used'}</td><td width='3%'></td><td width='3%'></td></tr>
+END
+;
+}
+else{
+ if (! -e "/var/run/openvpn.pid"){
+ &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd add'});
+ print <<END;
+ <table width='100%' border='0'>
+ <tr><form method='post'>
+ <td colspan='4'>$Lang::tr{'ccd hint'}<br><br></td></tr>
+ <tr>
+ <td width='10%' nowrap='nwrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
+ <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' /></td></tr>
+ <tr><td colspan=4><hr /></td></tr><tr>
+ <td colspan='4' align='right'><input type='hidden' name='ACTION' value='$Lang::tr{'ccd add'}' /><input type='submit' value='$Lang::tr{'add'}' /><input type='hidden' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}'/></td></tr>
+ </table></form>
+END
+
+ &Header::closebox();
+}
+ &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
+ if ( -e "/var/run/openvpn.pid"){
+ print "<b>$Lang::tr{'attention'}:</b><br>";
+ print "$Lang::tr{'ccd noaddnet'}<br><hr>";
+ }
+
+ print <<END
+ <table width='100%' border='0' cellpadding='0' cellspacing='1'>
+ <tr>
+ <td class='boldbase' align='center' nowrap='nowrap' width='20%'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center' width='8%'><b>$Lang::tr{'network'}</td><td class='boldbase' width='8%' align='center' nowrap='nowrap'><b>$Lang::tr{'ccd used'}</td><td width='1%' align='center'></td><td width='1%' align='center'></td></tr>
+END
+;
+}
+ my %ccdconfhash=();
+ &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+ my @ccdconf=();
+ my $count=0;
+ foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
+ @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
+ $count++;
+ my $ccdhosts = &hostsinnet($ccdconf[0]);
+ if ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";}
+ else{ print" <tr bgcolor='$color{'color20'}'>";}
+ print"<td>$ccdconf[0]</td><td align='center'>$ccdconf[1]</td><td align='center'>$ccdhosts/".(&ccdmaxclients($ccdconf[1])+1)."</td><td>";
+print <<END
+ <form method='post' />
+ <input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} />
+ <input type='hidden' name='ACTION' value='edit'/>
+ <input type='hidden' name='ccdname' value='$ccdconf[0]' />
+ <input type='hidden' name='ccdsubnet' value='$ccdconf[1]' />
+ </form></td>
+ <form method='post' />
+ <td><input type='hidden' name='ACTION' value='kill'/>
+ <input type='hidden' name='number' value='$count' />
+ <input type='hidden' name='net' value='$ccdconf[0]' />
+ <input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'remove'} title=$Lang::tr{'remove'} /></form></td></tr>
+END
+;
+ }
+ print "</table></form>";
+ &Header::closebox();
+ print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
+ &Header::closebigbox();
+ &Header::closepage();
+ exit(0);
+
+#END CCD
+
###
### Openvpn Connections Statistics
###
print <<END
<b>$Lang::tr{'connection type'}:</b><br />
- <table><form method='post' ENCTYPE="multipart/form-data">
+ <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
<tr><td><input type='radio' name='TYPE' value='host' checked /></td>
<td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
<tr><td><input type='radio' name='TYPE' value='net' /></td>
<td class='base'>$Lang::tr{'net to net vpn'} (Upload Client Package)</td></tr>
<tr><td> </td><td class='base'><input type='file' name='FH' size='30'></td></tr>
<tr><td> </td><td>Import Connection Name <img src='/blob.gif' /></td></tr>
- <tr><td> </td><td class='base'><input type='text' name='n2nname' size='30'><td class='base'>Default : Client Packagename</td></td></tr>
+ <tr><td> </td><td class='base'><input type='text' name='n2nname' size='30'>Default : Client Packagename</td></tr>
<tr><td colspan='3'><hr /></td></tr>
- <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
- <tr><td> </td></tr>
+ <tr><td align='right' colspan='3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
<tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' /> $Lang::tr{'this field may be blank'}</td></tr>
</form></table>
END
;
+
} else {
print <<END
<b>$Lang::tr{'connection type'}:</b><br />
- <table><form method='post' ENCTYPE="multipart/form-data">
+ <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
<tr><td><input type='radio' name='TYPE' value='host' checked /></td> <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
- <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
+ <tr><td align='right' colspan'3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
</form></table>
END
;
my $complzoactive;
my $mssfixactive;
my $n2nfragment;
+my @n2nmtudisc = split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]);;
my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
my @n2nproto = split(/-/, $n2nproto2[1]);
my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]);
$n2nlocalsub[2] =~ s/\n|\r//g;
$n2nfragment[1] =~ s/\n|\r//g;
$n2nmgmt[2] =~ s/\n|\r//g;
+$n2nmtudisc[1] =~ s/\n|\r//g;
chomp ($complzoactive);
chomp ($mssfixactive);
$key = &General::findhasharraykey (\%confighash);
- foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
+ foreach my $i (0 .. 39) { $confighash{$key}[$i] = "";}
+
$confighash{$key}[0] = 'off';
$confighash{$key}[1] = $n2nname[0];
- $confighash{$key}[2] = $n2nname[0];
+ $confighash{$key}[2] = $n2nname[0];
$confighash{$key}[3] = 'net';
$confighash{$key}[4] = 'cert';
$confighash{$key}[6] = 'client';
$confighash{$key}[8] = $n2nlocalsub[2];
- $confighash{$key}[10] = $n2nremote[1];
- $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]";
+ $confighash{$key}[10] = $n2nremote[1];
+ $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]";
$confighash{$key}[22] = $n2nmgmt[2];
- $confighash{$key}[23] = $mssfixactive;
+ $confighash{$key}[23] = $mssfixactive;
$confighash{$key}[24] = $n2nfragment[1];
- $confighash{$key}[25] = 'IPFire n2n Client';
+ $confighash{$key}[25] = 'IPFire n2n Client';
$confighash{$key}[26] = 'red';
- $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0";
- $confighash{$key}[28] = $n2nproto[0];
- $confighash{$key}[29] = $n2nport[1];
- $confighash{$key}[30] = $complzoactive;
- $confighash{$key}[31] = $n2ntunmtu[1];
+ $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0";
+ $confighash{$key}[28] = $n2nproto[0];
+ $confighash{$key}[29] = $n2nport[1];
+ $confighash{$key}[30] = $complzoactive;
+ $confighash{$key}[31] = $n2ntunmtu[1];
+ $confighash{$key}[38] = $n2nmtudisc[1];
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
<tr><td class='boldbase' nowrap='nowrap'>MSSFIX </td><td><b>$confighash{$key}[23]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>Fragment </td><td><b>$confighash{$key}[24]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
+ <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td><td><b>$confighash{$key}[38]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr>
<tr><td> </td><td> </td></tr>
</table>
} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) ||
($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) ||
($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) {
-
+
&General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
&General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
- if (! $confighash{$cgiparams{'KEY'}}[0]) {
- $errormessage = $Lang::tr{'invalid key'};
- goto VPNCONF_END;
- }
- $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0];
- $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1];
- $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
- $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
- $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
- $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6];
- $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
- $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10];
- $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
-# n2n m.a.d new fields
- $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22];
- $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23];
- $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24];
- $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25];
- $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
-#new fields
- $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27];
- $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28];
- $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29];
- $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30];
- $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31];
-
-#new fields
-#ab hiere error uebernehmen
-
- } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
+ if (! $confighash{$cgiparams{'KEY'}}[0]) {
+ $errormessage = $Lang::tr{'invalid key'};
+ goto VPNCONF_END;
+ }
+ $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0];
+ $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1];
+ $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
+ $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
+ $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
+ $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6];
+ $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
+ $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10];
+ $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
+ $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22];
+ $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23];
+ $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24];
+ $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25];
+ $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
+ $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27];
+ $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28];
+ $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29];
+ $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30];
+ $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31];
+ $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32];
+ $name=$cgiparams{'CHECK1'} ;
+ $cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33];
+ $cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34];
+ $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35];
+ $cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36];
+ $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37];
+ $cgiparams{'PMTU_DISCOVERY'} = $confighash{$cgiparams{'KEY'}}[38];
+ } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
- if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
+#A.Marx CCD check iroute field and convert it to decimal
+if ($cgiparams{'TYPE'} eq 'host') {
+ my @temp=();
+ my %ccdroutehash=();
+ my $keypoint=0;
+ my $ip;
+ my $cidr;
+ if ($cgiparams{'IR'} ne ''){
+ @temp = split("\n",$cgiparams{'IR'});
+ &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+ #find key to use
+ foreach my $key (keys %ccdroutehash) {
+ if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) {
+ $keypoint=$key;
+ delete $ccdroutehash{$key};
+ }else{
+ $keypoint = &General::findhasharraykey (\%ccdroutehash);
+ }
+ }
+ $ccdroutehash{$keypoint}[0]=$cgiparams{'NAME'};
+ my $i=1;
+ my $val=0;
+ foreach $val (@temp){
+ chomp($val);
+ $val=~s/\s*$//g;
+ #check if iroute exists in ccdroute or if new iroute is part of an existing one
+ foreach my $key (keys %ccdroutehash) {
+ foreach my $oldiroute ( 1 .. $#{$ccdroutehash{$key}}){
+ if ($ccdroutehash{$key}[$oldiroute] eq "$val") {
+ $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
+ goto VPNCONF_ERROR;
+ }
+ my ($ip1,$cidr1) = split (/\//, $val);
+ $ip1 = &General::getnetworkip($ip1,&General::iporsubtocidr($cidr1));
+ my ($ip2,$cidr2) = split (/\//, $ccdroutehash{$key}[$oldiroute]);
+ if (&General::IpInSubnet ($ip1,$ip2,$cidr2)){
+ $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
+ goto VPNCONF_ERROR;
+ }
+
+ }
+ }
+ if (!&General::validipandmask($val)){
+ $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
+ goto VPNCONF_ERROR;
+ }else{
+ ($ip,$cidr) = split(/\//,$val);
+ $ip=&General::getnetworkip($ip,&General::iporsubtocidr($cidr));
+ $cidr=&General::iporsubtodec($cidr);
+ $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
+
+ }
+
+ #check for existing network IP's
+ if (&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0')
+ {
+ $errormessage=$Lang::tr{'ccd err green'};
+ goto VPNCONF_ERROR;
+ }elsif(&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0')
+ {
+ $errormessage=$Lang::tr{'ccd err red'};
+ goto VPNCONF_ERROR;
+ }elsif(&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '')
+ {
+ $errormessage=$Lang::tr{'ccd err blue'};
+ goto VPNCONF_ERROR;
+ }elsif(&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' )
+ {
+ $errormessage=$Lang::tr{'ccd err orange'};
+ goto VPNCONF_ERROR;
+ }
+
+ if (&General::validipandmask($val)){
+ $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
+ }else{
+ $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($ip/$cidr)";
+ goto VPNCONF_ERROR;
+ }
+ $i++;
+ }
+ &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+ &writeserverconf;
+ }else{
+ &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+ foreach my $key (keys %ccdroutehash) {
+ if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) {
+ delete $ccdroutehash{$key};
+ &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+ &writeserverconf;
+ }
+ }
+ }
+ undef @temp;
+ #check route field and convert it to decimal
+ my $val=0;
+ my $i=1;
+ &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+ #find key to use
+ foreach my $key (keys %ccdroute2hash) {
+ if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) {
+ $keypoint=$key;
+ delete $ccdroute2hash{$key};
+ }else{
+ $keypoint = &General::findhasharraykey (\%ccdroute2hash);
+ &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+ &writeserverconf;
+ }
+ }
+ $ccdroute2hash{$keypoint}[0]=$cgiparams{'NAME'};
+ if ($cgiparams{'IFROUTE'} eq ''){$cgiparams{'IFROUTE'} = $Lang::tr{'ccd none'};}
+ @temp = split(/\|/,$cgiparams{'IFROUTE'});
+ my %ownnet=();
+ &General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
+ foreach $val (@temp){
+ chomp($val);
+ $val=~s/\s*$//g;
+ if ($val eq $Lang::tr{'green'})
+ {
+ $val=$ownnet{GREEN_NETADDRESS}."/".$ownnet{GREEN_NETMASK};
+ }
+ if ($val eq $Lang::tr{'blue'})
+ {
+ $val=$ownnet{BLUE_NETADDRESS}."/".$ownnet{BLUE_NETMASK};
+ }
+ if ($val eq $Lang::tr{'orange'})
+ {
+ $val=$ownnet{ORANGE_NETADDRESS}."/".$ownnet{ORANGE_NETMASK};
+ }
+ my ($ip,$cidr) = split (/\//, $val);
+
+ if ($val ne $Lang::tr{'ccd none'})
+ {
+ if (! &check_routes_push($val)){$errormessage=$errormessage."Route $val ".$Lang::tr{'ccd err routeovpn2'}." ($val)";goto VPNCONF_ERROR;}
+ if (! &check_ccdroute($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err inuse'}." ($val)" ;goto VPNCONF_ERROR;}
+ if (! &check_ccdconf($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err routeovpn'}." ($val)";goto VPNCONF_ERROR;}
+ if (&General::validipandmask($val)){
+ $val=$ip."/".&General::iporsubtodec($cidr);
+ $ccdroute2hash{$keypoint}[$i] = $val;
+ }else{
+ $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
+ goto VPNCONF_ERROR;
+ }
+ }else{
+ $ccdroute2hash{$keypoint}[$i]='';
+ }
+ $i++;
+ }
+ &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+
+ #check dns1 ip
+ if ($cgiparams{'CCD_DNS1'} ne '' && ! &General::validip($cgiparams{'CCD_DNS1'})) {
+ $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 1";
+ goto VPNCONF_ERROR;
+ }
+ #check dns2 ip
+ if ($cgiparams{'CCD_DNS2'} ne '' && ! &General::validip($cgiparams{'CCD_DNS2'})) {
+ $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 2";
+ goto VPNCONF_ERROR;
+ }
+ #check wins ip
+ if ($cgiparams{'CCD_WINS'} ne '' && ! &General::validip($cgiparams{'CCD_WINS'})) {
+ $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp wins'};
+ goto VPNCONF_ERROR;
+ }
+}
+
+#CCD End
+
+
+ if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
$errormessage = $Lang::tr{'connection type is invalid'};
if ($cgiparams{'TYPE'} eq 'net') {
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
goto VPNCONF_ERROR;
}
+ if ($cgiparams{'PMTU_DISCOVERY'} ne 'off') {
+ if (($cgiparams{'FRAGMENT'} ne '') || ($cgiparams{'MSSFIX'} eq 'on')) {
+ $errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'};
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ goto VPNCONF_ERROR;
+ }
+ }
+
+ if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') && ($cgiparams{'MTU'} ne '1500')) {
+ $errormessage = $Lang::tr{'ovpn mtu-disc and mtu not 1500'};
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ goto VPNCONF_ERROR;
+ }
+
if ( &validdotmask ($cgiparams{'LOCAL_SUBNET'})) {
$errormessage = $Lang::tr{'openvpn prefix local subnet'};
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
# Save the config
my $key = $cgiparams{'KEY'};
+
if (! $key) {
$key = &General::findhasharraykey (\%confighash);
- foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
+ foreach my $i (0 .. 38) { $confighash{$key}[$i] = "";}
}
- $confighash{$key}[0] = $cgiparams{'ENABLED'};
- $confighash{$key}[1] = $cgiparams{'NAME'};
+ $confighash{$key}[0] = $cgiparams{'ENABLED'};
+ $confighash{$key}[1] = $cgiparams{'NAME'};
if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') {
- $confighash{$key}[2] = $cgiparams{'CERT_NAME'};
+ $confighash{$key}[2] = $cgiparams{'CERT_NAME'};
}
- $confighash{$key}[3] = $cgiparams{'TYPE'};
+
+ $confighash{$key}[3] = $cgiparams{'TYPE'};
if ($cgiparams{'AUTH'} eq 'psk') {
- $confighash{$key}[4] = 'psk';
- $confighash{$key}[5] = $cgiparams{'PSK'};
+ $confighash{$key}[4] = 'psk';
+ $confighash{$key}[5] = $cgiparams{'PSK'};
} else {
- $confighash{$key}[4] = 'cert';
+ $confighash{$key}[4] = 'cert';
}
if ($cgiparams{'TYPE'} eq 'net') {
- $confighash{$key}[6] = $cgiparams{'SIDE'};
- $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
+ $confighash{$key}[6] = $cgiparams{'SIDE'};
+ $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
}
- $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
- $confighash{$key}[10] = $cgiparams{'REMOTE'};
+ $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
+ $confighash{$key}[10] = $cgiparams{'REMOTE'};
if ($cgiparams{'OVPN_MGMT'} eq '') {
- $confighash{$key}[22] = $confighash{$key}[29];
+ $confighash{$key}[22] = $confighash{$key}[29];
} else {
- $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'};
+ $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'};
}
- $confighash{$key}[23] = $cgiparams{'MSSFIX'};
- $confighash{$key}[24] = $cgiparams{'FRAGMENT'};
- $confighash{$key}[25] = $cgiparams{'REMARK'};
- $confighash{$key}[26] = $cgiparams{'INTERFACE'};
+ $confighash{$key}[23] = $cgiparams{'MSSFIX'};
+ $confighash{$key}[24] = $cgiparams{'FRAGMENT'};
+ $confighash{$key}[25] = $cgiparams{'REMARK'};
+ $confighash{$key}[26] = $cgiparams{'INTERFACE'};
# new fields
- $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'};
- $confighash{$key}[28] = $cgiparams{'PROTOCOL'};
- $confighash{$key}[29] = $cgiparams{'DEST_PORT'};
- $confighash{$key}[30] = $cgiparams{'COMPLZO'};
- $confighash{$key}[31] = $cgiparams{'MTU'};
-# new fileds
+ $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'};
+ $confighash{$key}[28] = $cgiparams{'PROTOCOL'};
+ $confighash{$key}[29] = $cgiparams{'DEST_PORT'};
+ $confighash{$key}[30] = $cgiparams{'COMPLZO'};
+ $confighash{$key}[31] = $cgiparams{'MTU'};
+ $confighash{$key}[32] = $cgiparams{'CHECK1'};
+ $name=$cgiparams{'CHECK1'};
+ $confighash{$key}[33] = $cgiparams{$name};
+ $confighash{$key}[34] = $cgiparams{'RG'};
+ $confighash{$key}[35] = $cgiparams{'CCD_DNS1'};
+ $confighash{$key}[36] = $cgiparams{'CCD_DNS2'};
+ $confighash{$key}[37] = $cgiparams{'CCD_WINS'};
+ $confighash{$key}[38] = $cgiparams{'PMTU_DISCOVERY'};
+
+
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+
+ if ($cgiparams{'CHECK1'} ){
+
+ my ($ccdip,$ccdsub)=split "/",$cgiparams{$name};
+ my ($a,$b,$c,$d) = split (/\./,$ccdip);
+ if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){
+ unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";
+ }
+ open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!";
+ print CCDRWCONF "# OpenVPN clientconfig from ccd extension by Copymaster#\n\n";
+ if($cgiparams{'CHECK1'} eq 'dynamic'){
+ print CCDRWCONF "#This client uses the dynamic pool\n";
+ }else{
+ print CCDRWCONF "#Ip address client and server\n";
+ print CCDRWCONF "ifconfig-push $ccdip ".&General::getlastip($ccdip,1)."\n";
+ }
+ if ($confighash{$key}[34] eq 'on'){
+ print CCDRWCONF "\n#Redirect Gateway: \n#All IP traffic is redirected through the vpn \n";
+ print CCDRWCONF "push redirect-gateway\n";
+ }
+ &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+ if ($cgiparams{'IR'} ne ''){
+ print CCDRWCONF "\n#Client routes these networks (behind Client)\n";
+ foreach my $key (keys %ccdroutehash){
+ if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}){
+ foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
+ my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]);
+ print CCDRWCONF "iroute $a $b\n";
+ }
+ }
+ }
+ }
+ if ($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} ){$cgiparams{'IFROUTE'}='';}
+ if ($cgiparams{'IFROUTE'} ne ''){
+ print CCDRWCONF "\n#Client gets routes to these networks (behind IPFire)\n";
+ foreach my $key (keys %ccdroute2hash){
+ if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
+ foreach my $i ( 1 .. $#{$ccdroute2hash{$key}}){
+ if($ccdroute2hash{$key}[$i] eq $Lang::tr{'blue'}){
+ my %blue=();
+ &General::readhash("${General::swroot}/ethernet/settings", \%blue);
+ print CCDRWCONF "push \"route $blue{BLUE_ADDRESS} $blue{BLUE_NETMASK}\n";
+ }elsif($ccdroute2hash{$key}[$i] eq $Lang::tr{'orange'}){
+ my %orange=();
+ &General::readhash("${General::swroot}/ethernet/settings", \%orange);
+ print CCDRWCONF "push \"route $orange{ORANGE_ADDRESS} $orange{ORANGE_NETMASK}\n";
+ }else{
+ my ($a,$b)=split (/\//,$ccdroute2hash{$key}[$i]);
+ print CCDRWCONF "push \"route $a $b\"\n";
+ }
+ }
+ }
+ }
+ }
+ if(($cgiparams{'CCD_DNS1'} eq '') && ($cgiparams{'CCD_DNS1'} ne '')){ $cgiparams{'CCD_DNS1'} = $cgiparams{'CCD_DNS2'};$cgiparams{'CCD_DNS2'}='';}
+ if($cgiparams{'CCD_DNS1'} ne ''){
+ print CCDRWCONF "\n#Client gets these nameservers\n";
+ print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS1'}\" \n";
+ }
+ if($cgiparams{'CCD_DNS2'} ne ''){
+ print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS2'}\" \n";
+ }
+ if($cgiparams{'CCD_WINS'} ne ''){
+ print CCDRWCONF "\n#Client gets this WINS server\n";
+ print CCDRWCONF "push \"dhcp-option WINS $cgiparams{'CCD_WINS'}\" \n";
+ }
+ close CCDRWCONF;
+ }
###
# m.a.d n2n begin
###
$cgiparams{'MSSFIX'} = 'on';
$cgiparams{'FRAGMENT'} = '1300';
+ $cgiparams{'PMTU_DISCOVERY'} = 'off';
###
# m.a.d n2n end
###
$checked{'MSSFIX'}{'on'} = '';
$checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
+ $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
+
if (1) {
&Header::showhttpheaders();
}
&Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:");
- print "<table width='100%'>\n";
- print "<tr><td width='25%' class='boldbase'>$Lang::tr{'name'}:</td>";
+ print "<table width='100%' border='0'>\n";
+
+
+
+ print "<tr><td width='14%' class='boldbase'>$Lang::tr{'name'}: </td>";
+
if ($cgiparams{'TYPE'} eq 'host') {
if ($cgiparams{'KEY'}) {
- print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>\n";
+ print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
} else {
+
print "<td width='35%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' size='30' /></td>";
}
# print "<tr><td>$Lang::tr{'interface'}</td>";
} else {
print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>";
}
+
+
+
print <<END
<td width='25%'> </td>
<td width='25%'> </td></tr>
<td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td>
<td colspan='2'>$Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}</span></td>
+ <tr>
+ <td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td>
+ <td colspan='3'>
+ <input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}
+ <input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}
+ <input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'}
+ <input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'}
+ </td>
+ </tr>
+
END
- ;
+;
}
-
+#jumper
print "<tr><td class='boldbase'>$Lang::tr{'remark title'} <img src='/blob.gif' /></td>";
- print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr>";
+ print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr></table>";
if ($cgiparams{'TYPE'} eq 'host') {
+ print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>";
+ }
- print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>\n";
- }
-
-# if ($cgiparams{'KEY'}) {
-# print "<td colspan='3'> </td></tr></table>";
-# } else {
-# print "<td colspan='3'><input type='checkbox' name='EDIT_ADVANCED' $checked{'EDIT_ADVANCED'}{'on'} /> $Lang::tr{'edit advanced settings when done'}</tr></table>";
-# }
-# }else{
- print "<td colspan='3'> </td></tr></table>";
-# }
-
-
-
+ print"</tr></table><br><br>";
+#A.Marx CCD new client
+if ($cgiparams{'TYPE'} eq 'host') {
+ print "<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td colspan='3'><hr><br><b>$Lang::tr{'ccd choose net'}</td></tr><tr><td height='20' colspan='3'></td></tr>";
+ my %vpnnet=();
+ my $vpnip;
+ &General::readhash("${General::swroot}/ovpn/settings", \%vpnnet);
+ $vpnip=$vpnnet{'DOVPN_SUBNET'};
+ &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+ my @ccdconf=();
+ my $count=0;
+ my $checked;
+ $checked{'check1'}{'off'} = '';
+ $checked{'check1'}{'on'} = '';
+ $checked{'check1'}{$cgiparams{'CHECK1'}} = 'CHECKED';
+ print"<tr><td align='center' width='1%' valign='top'><input type='radio' name='CHECK1' value='dynamic' checked /></td><td align='left' valign='top' width='35%'>$Lang::tr{'ccd dynrange'} ($vpnip)</td><td width='30%'>";
+ print"</td></tr></table><br><br>";
+ my $name=$cgiparams{'CHECK1'};
+ $checked{'RG'}{$cgiparams{'RG'}} = 'CHECKED';
+
+ if (! -z "${General::swroot}/ovpn/ccd.conf"){
+ print"<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td width='1%'></td><td width='30%' class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td width='15%' class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' align='center' width='18%'><b>$Lang::tr{'ccd clientip'}</td></tr>";
+ foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
+ $count++;
+ @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
+ if ($count % 2){print"<tr bgcolor='$color{'color22'}'>";}else{print"<tr bgcolor='$color{'color20'}'>";}
+ print"<td align='center' width='1%'><input type='radio' name='CHECK1' value='$ccdconf[0]' $checked{'check1'}{$ccdconf[0]}/></td><td>$ccdconf[0]</td><td width='40%' align='center'>$ccdconf[1]</td><td align='left' width='10%'>";
+ &fillselectbox($ccdconf[1],$ccdconf[0],$cgiparams{$name});
+ print"</td></tr>";
+ }
+ print "</table><br><br><hr><br><br>";
+ }
+}
+# ccd end
&Header::closebox();
-
if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') {
- # &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'});
- # print <<END
- # <table width='100%' cellpadding='0' cellspacing='5' border='0'>
- # <tr><td class='base' width='50%'>$Lang::tr{'use a pre-shared key'}</td>
- # <td class='base' width='50%'><input type='text' name='PSK' size='30' value='$cgiparams{'PSK'}' /></td></tr>
- # </table>
-END
- # ;
- # &Header::closebox();
- } elsif (! $cgiparams{'KEY'}) {
+
+ } elsif (! $cgiparams{'KEY'}) {
+
+
my $disabled='';
my $cakeydisabled='';
my $cacrtdisabled='';
if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" };
if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" };
+
&Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'});
###
;
&Header::closebox();
+
}
+#A.Marx CCD new client
+if ($cgiparams{'TYPE'} eq 'host') {
+ print"<br><br>";
+ &Header::openbox('100%', 'LEFT', "$Lang::tr{'ccd client options'}:");
+
+
+ print <<END;
+ <table border='0' width='100%'>
+ <tr><td width='20%'>Redirect Gateway:</td><td colspan='3'><input type='checkbox' name='RG' $checked{'RG'}{'on'} /></td></tr>
+ <tr><td colspan='4'><b><br>$Lang::tr{'ccd routes'}</b></td></tr>
+ <tr><td colspan='4'> </td></tr>
+ <tr><td valign='top'>$Lang::tr{'ccd iroute'}</td><td align='left' width='30%'><textarea name='IR' cols='26' rows='6' wrap='off'>
+END
+
+ if ($cgiparams{'IR'} ne ''){
+ print $cgiparams{'IR'};
+ }else{
+ &General::readhasharray ("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+ foreach my $key (keys %ccdroutehash) {
+ if( $cgiparams{'NAME'} eq $ccdroutehash{$key}[0]){
+ foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
+ if ($ccdroutehash{$key}[$i] ne ''){
+ print $ccdroutehash{$key}[$i]."\n";
+ }
+ $cgiparams{'IR'} .= $ccdroutehash{$key}[$i];
+ }
+ }
+ }
+ }
+
+ print <<END;
+</textarea></td><td valign='top' colspan='2'>$Lang::tr{'ccd iroutehint'}</td></tr>
+ <tr><td colspan='4'><br></td></tr>
+ <tr><td valign='top' rowspan='3'>$Lang::tr{'ccd iroute2'}</td><td align='left' valign='top' rowspan='3'><select name='IFROUTE' style="width: 205px"; size='6' multiple>
+END
+
+ my $set=0;
+ my $selorange=0;
+ my $selblue=0;
+ my $selgreen=0;
+ my $helpblue=0;
+ my $helporange=0;
+ my $other=0;
+ my $none=0;
+ my @temp=();
+
+ our @current = ();
+ open(FILE, "${General::swroot}/main/routing") ;
+ @current = <FILE>;
+ close (FILE);
+ &General::readhasharray ("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+ #check for "none"
+ foreach my $key (keys %ccdroute2hash) {
+ if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
+ if ($ccdroute2hash{$key}[1] eq ''){
+ $none=1;
+ last;
+ }
+ }
+ }
+ if ($none ne '1'){
+ print"<option>$Lang::tr{'ccd none'}</option>";
+ }else{
+ print"<option selected>$Lang::tr{'ccd none'}</option>";
+ }
+ #check if static routes are defined for client
+ foreach my $line (@current) {
+ chomp($line);
+ $line=~s/\s*$//g; # remove newline
+ @temp=split(/\,/,$line);
+ $temp[1] = '' unless defined $temp[1]; # not always populated
+ my ($a,$b) = split(/\//,$temp[1]);
+ $temp[1] = $a."/".&General::iporsubtocidr($b);
+ foreach my $key (keys %ccdroute2hash) {
+ if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
+ foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
+ if($ccdroute2hash{$key}[$i] eq $a."/".&General::iporsubtodec($b)){
+ $set=1;
+ }
+ }
+ }
+ }
+ if ($set == '1' && $#temp != -1){ print"<option selected>$temp[1]</option>";$set=0;}elsif($set == '0' && $#temp != -1){print"<option>$temp[1]</option>";}
+ }
+ #check if green,blue,orange are defined for client
+ foreach my $key (keys %ccdroute2hash) {
+ if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
+ $other=1;
+ foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
+ if ($ccdroute2hash{$key}[$i] eq $netsettings{'GREEN_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'GREEN_NETMASK'})){
+ $selgreen=1;
+ }
+ if (&haveBlueNet()){
+ if( $ccdroute2hash{$key}[$i] eq $netsettings{'BLUE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'BLUE_NETMASK'})) {
+ $selblue=1;
+ }
+ }
+ if (&haveOrangeNet()){
+ if( $ccdroute2hash{$key}[$i] eq $netsettings{'ORANGE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'ORANGE_NETMASK'}) ) {
+ $selorange=1;
+ }
+ }
+ }
+ }
+ }
+ if (&haveBlueNet() && $selblue == '1'){ print"<option selected>$Lang::tr{'blue'}</option>";$selblue=0;}elsif(&haveBlueNet() && $selblue == '0'){print"<option>$Lang::tr{'blue'}</option>";}
+ if (&haveOrangeNet() && $selorange == '1'){ print"<option selected>$Lang::tr{'orange'}</option>";$selorange=0;}elsif(&haveOrangeNet() && $selorange == '0'){print"<option>$Lang::tr{'orange'}</option>";}
+ if ($selgreen == '1' || $other == '0'){ print"<option selected>$Lang::tr{'green'}</option>";$set=0;}else{print"<option>$Lang::tr{'green'}</option>";};
+
+ print<<END
+ </select></td><td valign='top'>DNS1:</td><td valign='top'><input type='TEXT' name='CCD_DNS1' value='$cgiparams{'CCD_DNS1'}' size='30' /></td></tr>
+ <tr valign='top'><td>DNS2:</td><td><input type='TEXT' name='CCD_DNS2' value='$cgiparams{'CCD_DNS2'}' size='30' /></td></tr>
+ <tr valign='top'><td valign='top'>WINS:</td><td><input type='TEXT' name='CCD_WINS' value='$cgiparams{'CCD_WINS'}' size='30' /></td></tr></table><br><hr>
+
+END
+;
+ &Header::closebox();
+}
print "<div align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
if ($cgiparams{'KEY'}) {
# print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced'}' />";
my @status = `/bin/cat /var/log/ovpnserver.log`;
if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
- if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
- my $ipaddr = <IPADDR>;
- close IPADDR;
- chomp ($ipaddr);
- $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
- if ($cgiparams{'VPN_IP'} eq '') {
- $cgiparams{'VPN_IP'} = $ipaddr;
- }
- }
+ if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
+ my $ipaddr = <IPADDR>;
+ close IPADDR;
+ chomp ($ipaddr);
+ $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
+ if ($cgiparams{'VPN_IP'} eq '') {
+ $cgiparams{'VPN_IP'} = $ipaddr;
+ }
+ }
}
#default setzen
if ($cgiparams{'DCIPHER'} eq '') {
$cgiparams{'DCIPHER'} = 'BF-CBC';
}
-# if ($cgiparams{'DCOMPLZO'} eq '') {
-# $cgiparams{'DCOMPLZO'} = 'on';
-# }
if ($cgiparams{'DDEST_PORT'} eq '') {
$cgiparams{'DDEST_PORT'} = '1194';
}
if ($cgiparams{'DOVPN_SUBNET'} eq '') {
$cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
}
-
- $checked{'ENABLED'}{'off'} = '';
+ $checked{'ENABLED'}{'off'} = '';
$checked{'ENABLED'}{'on'} = '';
$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
$checked{'ENABLED_BLUE'}{'off'} = '';
$activeonrun = "disabled='disabled'";
}
&Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'});
- print <<END
- <table width='100%'>
+ print <<END
+ <table width='100%' border=0>
<form method='post'>
<td width='25%'> </td>
<td width='25%'> </td>
<tr><td class='boldbase'>$Lang::tr{'ovpn server status'}</td>
<td align='left'>$sactive</td>
<tr><td class='boldbase'>$Lang::tr{'ovpn on red'}</td>
- <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
+ <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
END
;
if (&haveBlueNet()) {
<option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>
<option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>
<option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>
- <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td>
+ <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td></tr>
+ <tr><td colspan='4'><hr /></td></tr>
END
;
if ( $srunning eq "yes" ) {
- print "<tr><td align='left'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' disabled='disabled' /></td>";
- print "<td><input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' disabled='disabled'/></td>";
- print "<td><input type='submit' name='ACTION' value='$Lang::tr{'stop ovpn server'}' /></td>";
- print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' /></td></tr>";
+ print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' disabled='disabled' />";
+ print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />";
+ print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />";
+ print "<input type='submit' name='ACTION' value='$Lang::tr{'stop ovpn server'}' /></td></tr>";
} else{
- print "<tr><td align='left'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>";
- print "<td><input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' /></td>";
+ print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
+ print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />";
+ print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />";
if (( -e "${General::swroot}/ovpn/ca/cacert.pem" &&
-e "${General::swroot}/ovpn/ca/dh1024.pem" &&
-e "${General::swroot}/ovpn/certs/servercert.pem" &&
(( $cgiparams{'ENABLED'} eq 'on') ||
( $cgiparams{'ENABLED_BLUE'} eq 'on') ||
( $cgiparams{'ENABLED_ORANGE'} eq 'on'))){
- print "<td><input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' /></td>";
- print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' /></td></tr>";
+ print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' /></td></tr>";
} else {
- print "<td><input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' disabled='disabled' /></td>";
- print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' disabled='disabled' /></td></tr>";
+ print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' disabled='disabled' /></td></tr>";
}
}
print "</form></table>";
</tr>
</table>
END
- ;
+;
}
- print <<END
- <form method='post' enctype='multipart/form-data'>
- <table width='100%' border='0' cellspacing='1' cellpadding='0'>
- <tr><td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td>
- <td nowrap='nowrap'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' />
- <td nowrap='nowrap'><input type='file' name='FH' size='30' /></td>
- <td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /><br /><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td>
- </tr></table></form>
+
+print <<END
+<form method='post' enctype='multipart/form-data'>
+<table width='100%' border='0'>
+<tr><td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td><td nowrap='nowrap' width='8%'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'/></td><td nowrap='nowrap' align='right'><input type='file' name='FH' size='25' /><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /></td></tr>
+<tr><td colspan='4'><hr /></td></tr>
+<tr align='right'><td colspan='4' align='right' width='80%'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td></tr>
+</table>
END
- ;
+;
+
&Header::closebox();
if ( $srunning eq "yes" ) {
<tr>
<td width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td>
<td width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></td>
- <td width='18%' class='boldbase' align='center'><b>$Lang::tr{'common name'}</b></td>
- <td width='22%' class='boldbase' align='center'><b>$Lang::tr{'valid till'}</b></td>
+ <td width='22%' class='boldbase' align='center'><b>$Lang::tr{'network'}</b></td>
<td width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td>
<td width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></td>
<td width='5%' class='boldbase' colspan='6' align='center'><b>$Lang::tr{'action'}</b></td>
}
print "<td align='center' nowrap='nowrap'>$confighash{$key}[1]</td>";
print "<td align='center' nowrap='nowrap'>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>";
- if ($confighash{$key}[4] eq 'cert') {
- print "<td align='left' nowrap='nowrap'>$confighash{$key}[2]</td>";
- } else {
- print "<td align='left'> </td>";
- }
+ #if ($confighash{$key}[4] eq 'cert') {
+ #print "<td align='left' nowrap='nowrap'>$confighash{$key}[2]</td>";
+ #} else {
+ #print "<td align='left'> </td>";
+ #}
my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
$cavalid =~ /Not After : (.*)[\n]/;
$cavalid = $1;
- print "<td align='center'>$cavalid</td>";
+ if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]="net-2-net";}
+ if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'host' ){$confighash{$key}[32]="dynamic";}
+ print "<td align='center'>$confighash{$key}[32]</td>";
print "<td align='center'>$confighash{$key}[25]</td>";
my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
# If the config file contains entries, print Key to action icons
if ( $id ) {
print <<END
- <table>
+ <table border='0'>
<tr>
<td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td>
<td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
<td> <img src='/images/openvpn.png' alt='?RELOAD'/></td>
<td class='base'>$Lang::tr{'dl client arch'}</td>
</tr>
- </table>
+ </table><hr>
END
;
}
print <<END
<table width='100%'>
<form method='post'>
- <tr><td width='50%' ><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td>
- <td width='50%' ><input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td></tr>
+ <tr><td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' />
+ <input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td></tr>
</form>
</table>
END
goto VPNCONF_ERROR;
}
+
+ if ($cgiparams{'TYPE'} eq 'net'){
+ $errormessage=&General::checksubnets($cgiparams{'NAME'},$cgiparams{'REMOTE_SUBNET'});
+ if ($errormessage ne ''){
+ goto VPNCONF_ERROR;
+ }
+
+ }
if ($cgiparams{'AUTH'} eq 'psk') {
if (! length($cgiparams{'PSK'}) ) {
$errormessage = $Lang::tr{'pre-shared key is too short'};
'arp table entries' => 'Einträge der ARP-Tabelle:',
'artist' => 'Künstler',
'attemps' => 'Versuche',
+'attention' => 'ACHTUNG',
'august' => 'August',
'authentication' => 'Authentifizierung:',
'automatic' => 'Automatisch',
'capsopen' => 'VERBUNDEN',
'capswarning' => 'WARNUNG',
'caption' => 'Legende',
+'ccd add' => 'Netzwerk hinzufügen',
+'ccd choose net' => 'Netzwerk auswählen',
+'ccd client options' => 'Erweiterte Client-Optionen',
+'ccd clientip' => 'Hostadresse',
+'ccd dynrange' => 'Dynamischer OpenVPN IP-Addressen-Pool',
+'ccd err blue' => 'Das ist das BLAUE Subnetz.',
+'ccd err green' => 'Das ist das GRÃœNE Subnetz.',
+'ccd err hostinnet' => 'Das Netzwerk kann nicht gelöscht werden, da sich in ihm noch Clients befinden.',
+'ccd err inuse' => 'Wird bereits von einem anderen Client genutzt.',
+'ccd err invalidname' => 'Ungültiger Name. Erlaubte Zeichen: A-Z, a-z, Bindestrich und Leerzeichen.',
+'ccd err invalidnet' => 'Ungültige IP-Addresse. Format: 192.168.0.0/24 oder 192.168.0.0/255.255.255.0.',
+'ccd err iroute' => 'Netzadresse für Route ungültig.',
+'ccd err irouteexist' => 'Diese Route wird bereits verwendet.',
+'ccd err isipsecnet' => 'Diese Subnetzadresse wird bereits für ein IPsec-Netzwerk verwendet.',
+'ccd err isovpnnet' => 'Subnetzadresse wird für bereits für den OpenVPN-Server verwendet!',
+'ccd err issubnet' => 'Subnetzadresse wird bereits verwendet.',
+'ccd err name' => 'Es muss ein Name angegeben werden.',
+'ccd err nameexist' => 'Name existiert bereits.',
+'ccd err netadr' => 'Subnetzadresse ist ungültig oder Bereich zu groß.',
+'ccd err netadrexist' => 'Netwerk existiert bereits.',
+'ccd err orange' => 'Das ist das ORANGE Subnetz.',
+'ccd err red' => 'Das ist das ROTE Subnetz.',
+'ccd err routeovpn' => 'Wird vom OpenVPN-Server genutzt.',
+'ccd err routeovpn2' => 'Wird bereits vom OpenVPN-Server verteilt.',
+'ccd hint' => 'Auf dieser Seite können statische Netzwerke definiert werden, von denen Roadwarrior-Clients feste Adressen zugewiesen bekommen können.',
+'ccd invalid' => 'ist ungültig.',
+'ccd iroute' => 'IPFire hat Zugriff auf diese Netzwerke auf Clientseite: ',
+'ccd iroute2' => 'Client hat Zugriff auf diese Netzwerke auf IPFire-Seite: ',
+'ccd iroutehint' => 'Achtung! Wenn Sie diese Einstellungen ändern, muss der OpenVPN Server neu gestartet werden!',
+'ccd maxclients' => 'Mögliche Adressen',
+'ccd modify' => 'Netzwerk ändern',
+'ccd name' => 'Name',
+'ccd net' => 'Statische IP-Adressen-Pools',
+'ccd noaddnet' => 'Neue statische Netze können erst erstellt werden, wenn der openVPN Server gestoppt wurde.',
+'ccd none' => 'Keine',
+'ccd routes' => 'Routen:',
+'ccd subnet' => 'Subnetz',
+'ccd used' => 'Genutzte Adressen',
'cert' => 'Zertifikat',
'certificate' => 'Zertifikat',
'certificate authorities' => 'Zertifizierungsstellen (CAs)',
'ovpn errmsg green already pushed' => 'Route für grünes Netzwerk wird immer gesetzt',
'ovpn errmsg invalid ip or mask' => 'Ungültige Netzwerk-Adresse oder Subnetzmaske',
'ovpn log' => 'OVPN-Log',
+'ovpn mtu-disc' => 'Path MTU Discovery',
+'ovpn mtu-disc and mtu not 1500' => 'Path MTU Discovery benötigt eine MTU von 1500.',
+'ovpn mtu-disc maybe' => 'Optional',
+'ovpn mtu-disc no' => 'Niemals',
+'ovpn mtu-disc off' => 'Deaktiviert',
+'ovpn mtu-disc with mssfix or fragment' => 'Path MTU Discovery kann nicht gemeinsam mit mssfix oder fragment verwendet werden.',
+'ovpn mtu-disc yes' => 'Forciert',
'ovpn on blue' => 'OpenVPN auf BLAU',
'ovpn on orange' => 'OpenVPN auf ORANGE',
'ovpn on red' => 'OpenVPN auf ROT',
'proxy no proxy local' => 'Lokalen Proxy auf blauen/grünen Netzwerken verhindern',
'proxy port' => 'Proxy-Port',
'proxy reconfigure' => 'Speichern und Laden',
+'proxy reports' => 'Proxyberichte',
+'proxy reports daily' => 'Tägliche Berichte',
+'proxy reports monthly' => 'Monatliche Berichte',
+'proxy reports today' => 'Heute',
+'proxy reports weekly' => 'Wöchentliche Berichte',
'psk' => 'PSK',
'pulse' => 'Puls',
'pulse dial' => 'Pulswahl:',
'september' => 'September',
'serial' => 'serielle',
'server reserved' => 'The connection name server is reserved and not allowed',
+'server restart' => 'Änderungen können nicht gespeichert werden, solange der OpenVPN-Server läuft.',
'server string' => 'Server String',
'service' => 'Dienst',
'service added' => 'Benutzerdefinierter Netzwerkdienst wurde hinzugefügt',
'arp table entries' => 'ARP Table Entries:',
'artist' => 'Artist',
'attemps' => 'Attempts',
+'attention' => 'ATTENTION',
'august' => 'August',
'authentication' => 'Authentication:',
'automatic' => 'Automatic',
'capsopen' => 'CONNECTED',
'capswarning' => 'WARNING',
'caption' => 'Caption',
+'ccd add' => 'Add network',
+'ccd choose net' => 'Choose network',
+'ccd client options' => 'Advanced client options',
+'ccd clientip' => 'Host address',
+'ccd dynrange' => 'Dynamic OpenVPN IP address pool',
+'ccd err blue' => 'This is the BLUE subnet.',
+'ccd err green' => 'This is the GREEN subnet.',
+'ccd err hostinnet' => 'You are not able to delete this network, while it still contains clients.',
+'ccd err inuse' => 'Already used by another client.',
+'ccd err invalidname' => 'Invalid name. Allowed characters are A-Z, a-z, dash and space.',
+'ccd err invalidnet' => 'Invalid IP address. Format: 192.168.0.0/24 or 192.168.0.0/255.255.255.0.',
+'ccd err iroute' => 'Network address for route is invalid.',
+'ccd err irouteexist' => 'This route is already in use.',
+'ccd err isipsecnet' => 'The given subnet address already used by an IPsec network.',
+'ccd err isovpnnet' => 'Subnet address already in use for OpenVPN Server.',
+'ccd err issubnet' => 'Subnet address already in use.',
+'ccd err name' => 'Please choose a name.',
+'ccd err nameexist' => 'Name already exists.',
+'ccd err netadr' => 'Subnet address is invalid or range is too large.',
+'ccd err netadrexist' => 'Network already exists.',
+'ccd err orange' => 'This is the ORANGE subnet.',
+'ccd err red' => 'This is the RED subnet.',
+'ccd err routeovpn' => 'Already used by OpenVPN server.',
+'ccd err routeovpn2' => 'Already pushed from OpenVPN server.',
+'ccd hint' => 'On this page you are able to define static networks from which the roadwarrior clients can get fixed IP address assignments.',
+'ccd invalid' => 'Invalid.',
+'ccd iroute' => 'IPFire has access to these networks on the client\'s site',
+'ccd iroute2' => 'Client has access to these networks on IPFire\'s site',
+'ccd iroutehint' => 'Attention! If you change these settings, you have to restart the OpenVPN server that the changes take effect!',
+'ccd modify' => 'Change network',
+'ccd name' => 'Name',
+'ccd net' => 'Static IP address pools',
+'ccd noaddnet' => 'You can only add new static networks when OpenVPN server is stopped.',
+'ccd none' => 'None',
+'ccd routes' => 'Routing:',
+'ccd subnet' => 'Subnet',
+'ccd used' => 'Used addresses',
'cert' => 'Certificate',
'certificate' => 'Certificate',
'certificate authorities' => 'Certificate Authorities',
'gpl unofficial translation of the general public license v3' => 'Unofficial translation of the General Public License v3',
'graph' => 'Graph',
'graph per' => 'per',
-'green' => 'Green',
+'green' => 'GREEN',
'green interface' => 'Green Interface',
'guaranteed bandwith' => 'Guaranteed bandwith',
'guardian alertfile' => 'Alertfile',
'ovpn errmsg green already pushed' => 'Route for green network is always set',
'ovpn errmsg invalid ip or mask' => 'Invalid network-address or subnetmask',
'ovpn log' => 'OVPN-Log',
+'ovpn mtu-disc' => 'Path MTU Discovery',
+'ovpn mtu-disc and mtu not 1500' => 'Path MTU Discovery requires a MTU of 1500.',
+'ovpn mtu-disc maybe' => 'Optionally',
+'ovpn mtu-disc no' => 'Never',
+'ovpn mtu-disc off' => 'Disabled',
+'ovpn mtu-disc with mssfix or fragment' => 'Path MTU Discovery cannot be used with mssfix or fragment.',
+'ovpn mtu-disc yes' => 'Forced',
'ovpn on blue' => 'OpenVPN on BLUE',
'ovpn on orange' => 'OpenVPN on ORANGE',
'ovpn on red' => 'OpenVPN on RED',
'proxy no proxy local' => 'Disallow local proxying on BLUE/GREEN networks',
'proxy port' => 'Proxy Port',
'proxy reconfigure' => 'Save and Reload',
+'proxy reports' => 'Proxy Reports',
+'proxy reports daily' => 'Daily reports',
+'proxy reports monthly' => 'Monthly reports',
+'proxy reports today' => 'Today',
+'proxy reports weekly' => 'Weekly reports',
'psk' => 'PSK',
'pulse' => 'Pulse',
'pulse dial' => 'Pulse dial:',
'september' => 'September',
'serial' => 'Serial',
'server reserved' => 'The connection name server is reserved and not allowed',
+'server restart' => 'You are not able to save any changes while the OpenVPN server is running.',
'server string' => 'Server String',
'service' => 'Service',
'service added' => 'Custom network service added',
include Config
VER = 1.17
-DATVER = 06112012
+DATVER = 05122012
THISAPP = Geo-IP-PurePerl-$(VER)
DL_FILE = $(THISAPP).tar.gz
GeoIP.dat-$(DATVER).gz = $(DL_FROM)/GeoIP.dat-$(DATVER).gz
$(DL_FILE)_MD5 = 42a6b9d4dd2563a20c8998556216e1de
-GeoIP.dat-$(DATVER).gz_MD5 = a8677695b0abecb69707ebe2444e64f9
+GeoIP.dat-$(DATVER).gz_MD5 = ab0f52a35128d1aced906ac4cbfbed9c
install : $(TARGET)
--- /dev/null
+###############################################################################
+# IPFire.org - An Open Source Firewall Solution #
+# Copyright (C) - IPFire Development Team <info@ipfire.org> #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 0.17
+
+THISAPP = libstatgrab-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = libstatgrab
+PAK_VER = 1
+
+DEPS = ""
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 58385c9392898be3b09ffc5e3ebe8717
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
\ No newline at end of file
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# Copyright (C) 2007-2012 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
PROG = mediatomb
PAK_VER = 4
-DEPS = "sqlite taglib ffmpeg-libs"
+DEPS = "ffmpeg-libs libexif sqlite taglib "
###############################################################################
# Top-level Rules
--- /dev/null
+###############################################################################
+# #
+# IPFire.org - An Open Source Firewall Solution #
+# Copyright (C) 2012 Michael Tremer #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 2.3.3
+
+THISAPP = sarg-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = sarg
+PAK_VER = 1
+
+DEPS = ""
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = 09dba9a960d500acd7f17802de62512c
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc/sarg
+ cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
+ cd $(DIR_APP) && make $(EXTRA_INSTALL) install
+
+ # Install configuration file.
+ cp -v $(DIR_SRC)/config/sarg/sarg.conf /etc/sarg/sarg.conf
+
+ # Install helper script.
+ install -m 755 $(DIR_SRC)/config/sarg/update-sarg-reports \
+ /usr/sbin/update-sarg-reports
+
+ # Install cron job.
+ for i in hourly daily weekly monthly; do \
+ install -m 754 -v $(DIR_SRC)/config/sarg/cron.$${i} \
+ /etc/fcron.$${i}/sarg-reports; \
+ done
+
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
chmod 755 /usr/local/bin/`basename $$i`; \
done
+ # Move script to correct place.
+ mv -vf /usr/local/bin/ovpn-ccd-convert /usr/sbin/
+
# Nobody user
-mkdir -p /home/nobody
chown -R nobody:nobody /home/nobody
--- /dev/null
+###############################################################################
+# IPFire.org - An Open Source Firewall Solution #
+# Copyright (C) - IPFire Development Team <info@ipfire.org> #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 1.0.4
+
+THISAPP = stress-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+PROG = stress
+PAK_VER = 1
+
+DEPS = ""
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = a607afa695a511765b40993a64c6e2f4
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+dist:
+ @$(PAK)
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./configure --prefix=/usr
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.13" # Version number
-CORE="64" # Core Level (Filename)
-PAKFIRE_CORE="64" # Core Level (PAKFIRE)
+CORE="65" # Core Level (Filename)
+PAKFIRE_CORE="65" # Core Level (PAKFIRE)
GIT_BRANCH=`git status | head -n1 | cut -d" " -f4` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir
ipfiremake gpgme
ipfiremake pygpgme
ipfiremake pakfire3
+ ipfiremake stress
+ ipfiremake libstatgrab
+ ipfiremake sarg
echo Build on $HOSTNAME > $BASEDIR/build/var/ipfire/firebuild
cat /proc/version >> $BASEDIR/build/var/ipfire/firebuild
echo >> $BASEDIR/build/var/ipfire/firebuild
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+extract_files
+restore_backup ${NAME}
+
+# Create data directory.
+[ -d "/var/log/sarg" ] || mkdir /var/log/sarg
+
+# Create initial report.
+/usr/sbin/update-sarg-reports today >/dev/null 2>&1
+
+exit 0
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+make_backup ${NAME}
+remove_files
--- /dev/null
+#!/bin/bash
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2007 IPFire-Team <info@ipfire.org>. #
+# #
+############################################################################
+#
+. /opt/pakfire/lib/functions.sh
+./uninstall.sh
+./install.sh
--- /dev/null
+#!/usr/bin/perl
+
+my %net=();
+my %ovpnconfig=();
+my @serverconf=();
+my $greennet;
+my $greensubnet;
+my $running='off';
+require '/var/ipfire/general-functions.pl';
+
+if ( -e "/var/run/openvpn.pid"){
+ $running='on';
+ system('/usr/local/bin/openvpnctrl', '-k');
+}
+
+&General::readhash("/var/ipfire/ethernet/settings", \%net);
+ $greennet=$net{'GREEN_NETADDRESS'};
+ $greensubnet=$net{'GREEN_NETMASK'};
+open(FILE,"/var/ipfire/ovpn/server.conf");
+ while (<FILE>) {
+ $_=~s/\s*$//g;
+ if ($_ ne "route $greennet $greensubnet"){
+ push (@serverconf,$_."\n");
+ }else{
+ print"\nFound ROUTE >>route $greennet $greensubnet<< in server.conf.. Deleted!";
+ }
+ }
+
+&General::readhasharray("/var/ipfire/ovpn/ovpnconfig", \%ovpnconfig);
+foreach my $key (keys %ovpnconfig){
+ if($ovpnconfig{$key}[32] eq '' && $ovpnconfig{$key}[3] eq 'host'){
+ open ( CCDRWCONF,'>',"/var/ipfire/ovpn/ccd/$ovpnconfig{$key}[2]") or die "Unable to create clientconfigfile $!";
+ print CCDRWCONF "# OpenVPN Clientconfig from CCD extension by Copymaster#\n\n";
+ print CCDRWCONF "#This client uses the dynamic pool\n\n";
+ print CCDRWCONF "\n#Client gets routes to these Networks (behind IPFIRE)\n";
+ print CCDRWCONF "push \"route $greennet $greensubnet\"\n";
+ close CCDRWCONF;
+ print"Client $ovpnconfig{$key}[2] converted! \n";
+ }else{
+ print "Client $ovpnconfig{$key}[2] NOT converted!\n";
+ }
+ $ovpnconfig{$key}[32] = 'dynamic';
+}
+&General::writehasharray("/var/ipfire/ovpn/ovpnconfig", \%ovpnconfig);
+if ($running eq 'on')
+{
+ system('/usr/local/bin/openvpnctrl', '-s');
+}
--- /dev/null
+#!/bin/sh
+perl -e "require '//var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+