From: Arne Fitzenreiter Date: Sat, 11 Apr 2015 19:58:09 +0000 (+0200) Subject: Merge branch 'master' into next X-Git-Tag: v2.17-core91~145 X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=0fbba54e825ad4d21762e0deb788ec6614d0e744;hp=1164cb0d0b56006d228ac3a9ec2b20ca1f2a7167 Merge branch 'master' into next Conflicts: lfs/monit --- diff --git a/config/backup/include b/config/backup/include index cc9546f8ef..d7a1d3a329 100644 --- a/config/backup/include +++ b/config/backup/include @@ -4,6 +4,7 @@ /var/ipfire/*/config /var/ipfire/*/enable /var/ipfire/*/*enable* +/var/ipfire/ovpn/collectd.vpn /etc/passwd /etc/shadow /etc/group diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl index 5e6fddbf6e..40c1bc87eb 100644 --- a/config/cfgroot/graphs.pl +++ b/config/cfgroot/graphs.pl @@ -664,32 +664,32 @@ sub updatevpnn2ngraph { "COMMENT:".sprintf("%15s",$Lang::tr{'average'}), "COMMENT:".sprintf("%15s",$Lang::tr{'minimal'}), "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j", - "AREA:incoming#00dd00:".sprintf("%-20s",$Lang::tr{'incoming traffic in bytes per second'}), + "AREA:incoming#00dd00:".sprintf("%-23s",$Lang::tr{'incoming traffic in bytes per second'}), "GPRINT:incoming:MAX:%8.1lf %sBps", "GPRINT:incoming:AVERAGE:%8.1lf %sBps", "GPRINT:incoming:MIN:%8.1lf %sBps", "GPRINT:incoming:LAST:%8.1lf %sBps\\j", - "STACK:overhead_in#116B11:".sprintf("%-20s",$Lang::tr{'incoming overhead in bytes per second'}), + "STACK:overhead_in#116B11:".sprintf("%-23s",$Lang::tr{'incoming overhead in bytes per second'}), "GPRINT:overhead_in:MAX:%8.1lf %sBps", "GPRINT:overhead_in:AVERAGE:%8.1lf %sBps", "GPRINT:overhead_in:MIN:%8.1lf %sBps", "GPRINT:overhead_in:LAST:%8.1lf %sBps\\j", - "LINE1:compression_in#ff00ff:".sprintf("%-20s",$Lang::tr{'incoming compression in bytes per second'}), + "LINE1:compression_in#ff00ff:".sprintf("%-23s",$Lang::tr{'incoming compression in bytes per second'}), "GPRINT:compression_in:MAX:%8.1lf %sBps", "GPRINT:compression_in:AVERAGE:%8.1lf %sBps", "GPRINT:compression_in:MIN:%8.1lf %sBps", "GPRINT:compression_in:LAST:%8.1lf %sBps\\j", - "AREA:outgoingn#dd0000:".sprintf("%-20s",$Lang::tr{'outgoing traffic in bytes per second'}), + "AREA:outgoingn#dd0000:".sprintf("%-23s",$Lang::tr{'outgoing traffic in bytes per second'}), "GPRINT:outgoing:MAX:%8.1lf %sBps", "GPRINT:outgoing:AVERAGE:%8.1lf %sBps", "GPRINT:outgoing:MIN:%8.1lf %sBps", "GPRINT:outgoing:LAST:%8.1lf %sBps\\j", - "STACK:overhead_outn#870C0C:".sprintf("%-20s",$Lang::tr{'outgoing overhead in bytes per second'}), + "STACK:overhead_outn#870C0C:".sprintf("%-23s",$Lang::tr{'outgoing overhead in bytes per second'}), "GPRINT:overhead_out:MAX:%8.1lf %sBps", "GPRINT:overhead_out:AVERAGE:%8.1lf %sBps", "GPRINT:overhead_out:MIN:%8.1lf %sBps", "GPRINT:overhead_out:LAST:%8.1lf %sBps\\j", - "LINE1:compression_outn#000000:".sprintf("%-20s",$Lang::tr{'outgoing compression in bytes per second'}), + "LINE1:compression_outn#000000:".sprintf("%-23s",$Lang::tr{'outgoing compression in bytes per second'}), "GPRINT:compression_out:MAX:%8.1lf %sBps", "GPRINT:compression_out:AVERAGE:%8.1lf %sBps", "GPRINT:compression_out:MIN:%8.1lf %sBps", diff --git a/config/rootfiles/common/collectd b/config/rootfiles/common/collectd index 72b2dee033..273249434d 100644 --- a/config/rootfiles/common/collectd +++ b/config/rootfiles/common/collectd @@ -243,3 +243,4 @@ usr/share/collectd/types.db #usr/share/man/man5/collectd.conf.5 #usr/share/man/man5/types.db.5 #var/lib/collectd +var/ipfire/ovpn/collectd.vpn diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs index 1ab4dec5f1..f33d08c61a 100644 --- a/config/rootfiles/common/misc-progs +++ b/config/rootfiles/common/misc-progs @@ -2,6 +2,7 @@ usr/local/bin/addonctrl #usr/local/bin/applejuicectrl usr/local/bin/backupctrl #usr/local/bin/clamavctrl +usr/local/bin/collectdctrl usr/local/bin/dhcpctrl usr/local/bin/dnsmasqctrl usr/local/bin/extrahdctrl diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2 index 44f24b4369..f506dafac8 100644 --- a/config/rootfiles/common/stage2 +++ b/config/rootfiles/common/stage2 @@ -124,6 +124,7 @@ usr/local/bin/update-lang-cache #usr/local/src #usr/sbin usr/sbin/ovpn-ccd-convert +usr/sbin/ovpn-collectd-convert #usr/share #usr/share/doc #usr/share/doc/licenses diff --git a/config/rootfiles/core/89/filelists/files b/config/rootfiles/core/89/filelists/files index 5ed7194495..70c5f3d9b1 100644 --- a/config/rootfiles/core/89/filelists/files +++ b/config/rootfiles/core/89/filelists/files @@ -11,6 +11,10 @@ srv/web/ipfire/cgi-bin/netovpnrw.cgi srv/web/ipfire/cgi-bin/netovpnsrv.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/vpnmain.cgi +usr/local/bin/collectdctrl +usr/local/bin/openvpnctrl +usr/sbin/ovpn-collectd-convert +usr/sbin/setup var/ipfire/backup/bin/backup.pl var/ipfire/graphs.pl var/ipfire/langs diff --git a/config/rootfiles/core/89/update.sh b/config/rootfiles/core/89/update.sh index f3de863ec5..e15f9378b0 100644 --- a/config/rootfiles/core/89/update.sh +++ b/config/rootfiles/core/89/update.sh @@ -35,10 +35,20 @@ done /etc/init.d/ipsec stop # Remove old files +rm -f /usr/local/sbin/setup # Extract files extract_files +# Update /etc/sysconfig/createfiles +cat <> /etc/sysconfig/createfiles +/var/run/ovpnserver.log file 644 nobody nobody +/var/run/openvpn dir 644 nobody nobody +EOF + +# Update /etc/collectd.conf +echo "include \"/etc/collectd.vpn\"" >> /etc/collectd.conf + # Generate ddns configuration file sudo -u nobody /srv/web/ipfire/cgi-bin/ddns.cgi @@ -56,6 +66,9 @@ rm -f \ /opt/pakfire/db/*/meta-sqlite \ /opt/pakfire/db/rootfiles/sqlite +# Update OpenVPN/collectd configuration +/usr/sbin/ovpn-collectd-convert + # Fix #10625 mkdir -p /etc/logrotate.d diff --git a/html/cgi-bin/netovpnrw.cgi b/html/cgi-bin/netovpnrw.cgi index f775b23dcc..e0b114884a 100755 --- a/html/cgi-bin/netovpnrw.cgi +++ b/html/cgi-bin/netovpnrw.cgi @@ -47,10 +47,10 @@ if ( $querry[0] ne "" && $querry[0] ne "UNDEF"){ &Graphs::updatevpngraph($querry[0],$querry[1]); }else{ &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'host to net vpn'}, 1, ''); + &Header::openpage($Lang::tr{'vpn statistic rw'}, 1, ''); &Header::openbigbox('100%', 'left'); - my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*/ -not -path *openvpn-UNDEF* -not -path *openvpn-*n2n* -name *.rrd|sort`; + my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*/ -not -path *openvpn-UNDEF* -not -path *openvpn-*n2n* -name *.rrd 2>/dev/null|sort`; foreach (@vpngraphs){ if($_ =~ /(.*)\/openvpn-(.*)\/if_octets_derive.rrd/){ push(@vpns,$2); diff --git a/html/cgi-bin/netovpnsrv.cgi b/html/cgi-bin/netovpnsrv.cgi index 0ec9c679d5..f843462db7 100755 --- a/html/cgi-bin/netovpnsrv.cgi +++ b/html/cgi-bin/netovpnsrv.cgi @@ -47,10 +47,10 @@ if ( $querry[0] ne ""){ &Graphs::updatevpnn2ngraph($querry[0],$querry[1]); }else{ &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'openvpn server'}, 1, ''); + &Header::openpage($Lang::tr{'vpn statistic n2n'}, 1, ''); &Header::openbigbox('100%', 'left'); - my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*-n2n/ -not -path *openvpn-UNDEF* -name *traffic.rrd|sort`; + my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*-n2n/ -not -path *openvpn-UNDEF* -name *traffic.rrd 2>/dev/null|sort`; foreach (@vpngraphs){ if($_ =~ /(.*)\/openvpn-(.*)\/if_octets_derive-traffic.rrd/){ push(@vpns,$2); diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 1e074928f2..9550ca6736 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -668,6 +668,29 @@ sub read_routepushfile } } +sub writecollectdconf { + my $vpncollectd; + my %ccdhash=(); + + open(COLLECTDVPN, ">${General::swroot}/ovpn/collectd.vpn") or die "Unable to open collectd.vpn: $!"; + print COLLECTDVPN "Loadplugin openvpn\n"; + print COLLECTDVPN "\n"; + print COLLECTDVPN "\n"; + print COLLECTDVPN "Statusfile \"/var/run/ovpnserver.log\"\n"; + + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); + foreach my $key (keys %ccdhash) { + if ($ccdhash{$key}[0] eq 'on' && $ccdhash{$key}[3] eq 'net') { + print COLLECTDVPN "Statusfile \"/var/run/openvpn/$ccdhash{$key}[1]-n2n\"\n"; + } + } + + print COLLECTDVPN "\n"; + close(COLLECTDVPN); + + # Reload collectd afterwards + system("/usr/local/bin/collectdctrl restart &>/dev/null"); +} #hier die refresh page if ( -e "${General::swroot}/ovpn/gencanow") { @@ -1166,10 +1189,17 @@ SETTINGS_ERROR: my $file = ''; &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + # Kill all N2N connections + system("/usr/local/bin/openvpnctrl -kn2n &>/dev/null"); + foreach my $key (keys %confighash) { + my $name = $confighash{$cgiparams{'$key'}}[1]; + if ($confighash{$key}[4] eq 'cert') { delete $confighash{$cgiparams{'$key'}}; } + + system ("/usr/local/bin/openvpnctrl -drrd $name"); } while ($file = glob("${General::swroot}/ovpn/ca/*")) { unlink $file; @@ -1196,11 +1226,6 @@ SETTINGS_ERROR: while ($file = glob("${General::swroot}/ovpn/ccd/*")) { unlink $file } -# Delete all RRD files for Roadwarrior connections - chdir('/var/ipfire/ovpn/ccd'); - while ($file = glob("*")) { - system ("/usr/local/bin/openvpnctrl -drrd $file"); - } while ($file = glob("${General::swroot}/ovpn/ccd/*")) { unlink $file } @@ -1216,6 +1241,9 @@ SETTINGS_ERROR: system ("rm -rf $file"); } + # Remove everything from the collectd configuration + &writecollectdconf(); + #&writeserverconf(); ### ### Reset all step 1 @@ -2041,7 +2069,8 @@ END &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ - system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]); + system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]); + &writecollectdconf(); } } else { @@ -2049,14 +2078,15 @@ END &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ - if ($n2nactive ne ''){ - system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]); - } + if ($n2nactive ne '') { + system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]); + &writecollectdconf(); + } } else { - $errormessage = $Lang::tr{'invalid key'}; + $errormessage = $Lang::tr{'invalid key'}; } - } + } } ### @@ -2313,75 +2343,69 @@ else } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) { - &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - if ($confighash{$cgiparams{'KEY'}}) { -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLED_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}); -# } -# - my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; + if ($confighash{$cgiparams{'KEY'}}) { + my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; ### # m.a.d net2net ### -if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { - my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf"); - my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); - unlink ($certfile); - unlink ($conffile); + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { + # Stop the N2N connection before it is removed + system("/usr/local/bin/openvpnctrl -kn2n $confighash{$cgiparams{'KEY'}}[1] &>/dev/null"); - if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") { - rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!"; - } -} + my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf"); + my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + unlink ($certfile); + unlink ($conffile); - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") { + rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!"; + } + } + + unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); + unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); # A.Marx CCD delete ccd files and routes - - if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]") - { - unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]"; - } - - &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); - foreach my $key (keys %ccdroutehash) { - if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){ - delete $ccdroutehash{$key}; + if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]") + { + unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]"; } - } - &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); - &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); - foreach my $key (keys %ccdroute2hash) { - if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){ - delete $ccdroute2hash{$key}; + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + foreach my $key (keys %ccdroutehash) { + if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){ + delete $ccdroutehash{$key}; + } } - } - &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); - &writeserverconf; - + &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); -# CCD end + &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); + foreach my $key (keys %ccdroute2hash) { + if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){ + delete $ccdroute2hash{$key}; + } + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); + &writeserverconf; -### -### Delete all RRD's for client -### - system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]"); - delete $confighash{$cgiparams{'KEY'}}; - my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); +# CCD end + # Update collectd configuration and delete all RRD files of the removed connection + &writecollectdconf(); + system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]"); - #&writeserverconf(); - } else { - $errormessage = $Lang::tr{'invalid key'}; - } + delete $confighash{$cgiparams{'KEY'}}; + my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + + } else { + $errormessage = $Lang::tr{'invalid key'}; + } &General::firewall_reload(); ### @@ -3053,32 +3077,6 @@ END $errormessage = $Lang::tr{'invalid key'}; } -### -### Remove connection -### -} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) { - &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); - &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - - if ($confighash{$cgiparams{'KEY'}}) { -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLED_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}); -# } - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); - delete $confighash{$cgiparams{'KEY'}}; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - #&writeserverconf(); - } else { - $errormessage = $Lang::tr{'invalid key'}; - } -#test33 - -### -### Choose between adding a host-net or net-net connection -### - ### # m.a.d net2net ### diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index eb29b5fbf2..859c8d3085 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -2574,6 +2574,8 @@ 'vpn red name' => 'Öffentliche IP oder FQDN für das rote Interface oder <%defaultroute>', 'vpn remote id' => 'Remote ID', 'vpn subjectaltname' => 'Subjekt Alternativer Name', +'vpn statistic rw' => 'OpenVPN-Roadwarrior-Statistik', +'vpn statistic n2n' => 'OpenVPN-Netz-zu-Netz-Statistik', 'vpn vhost' => 'Roadwarrior virtuelle IP (manchmal auch Inner-IP genannt)', 'vpn watch' => 'Netz-zu-Netz VPN neu starten, wenn sich Remote-IP ändert (DynDNS).', 'waiting to synchronize clock' => 'Bitte warten, die Uhr wird synchronisiert', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 8c049fffa9..6a9a983bf9 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -2615,6 +2615,8 @@ 'vpn payload compression' => 'Negotiate payload compression', 'vpn red name' => 'Public IP or FQDN for RED interface or <%defaultroute>', 'vpn remote id' => 'Remote ID', +'vpn statistic rw' => 'OpenVPN Roadwarrior Statistics', +'vpn statistic n2n' => 'OpenVPN Net-to-Net Statistics', 'vpn subjectaltname' => 'Subject Alt Name', 'vpn vhost' => 'Roadwarrior virtual IP (sometimes called Inner-IP)', 'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes (dyndns).', diff --git a/lfs/collectd b/lfs/collectd index f01c92a8a9..6f9c0e5153 100644 --- a/lfs/collectd +++ b/lfs/collectd @@ -112,6 +112,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --with-librrd=/usr/share/rrdtool-1.2.30 cd $(DIR_APP) && make install cp -vf $(DIR_SRC)/config/collectd/collectd.* /etc/ + mv /etc/collectd.vpn /var/ipfire/ovpn/collectd.vpn + chown nobody.nobody /var/ipfire/ovpn/collectd.vpn + ln -f -s ../var/ipfire/ovpn/collectd.vpn /etc/collectd.vpn ln -f -s ../init.d/collectd /etc/rc.d/rc0.d/K50collectd ln -f -s ../init.d/collectd /etc/rc.d/rc3.d/S29collectd ln -f -s ../init.d/collectd /etc/rc.d/rc6.d/K50collectd diff --git a/lfs/stage2 b/lfs/stage2 index 895ee153bc..53f81d1b46 100644 --- a/lfs/stage2 +++ b/lfs/stage2 @@ -101,7 +101,8 @@ $(TARGET) : # Move script to correct place. mv -vf /usr/local/bin/ovpn-ccd-convert /usr/sbin/ - + mv -vf /usr/local/bin/ovpn-collectd-convert /usr/sbin/ + # Install firewall scripts. mkdir -pv /usr/lib/firewall install -m 755 $(DIR_SRC)/config/firewall/rules.pl \ diff --git a/src/initscripts/sysconfig/createfiles b/src/initscripts/sysconfig/createfiles index 8d1f89dc65..cf7d6e1469 100644 --- a/src/initscripts/sysconfig/createfiles +++ b/src/initscripts/sysconfig/createfiles @@ -25,4 +25,7 @@ # and are the major and minor numbers used for the device. ######################################################################## +/var/run/ovpnserver.log file 644 nobody nobody +/var/run/openvpn dir 644 nobody nobody + # End /etc/sysconfig/createfiles diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile index f5802d26ac..43e6a9081e 100644 --- a/src/misc-progs/Makefile +++ b/src/misc-progs/Makefile @@ -25,7 +25,7 @@ LIBS = -lsmooth -lnewt PROGS = iowrap SUID_PROGS = squidctrl sshctrl ipfirereboot \ ipsecctrl timectrl dhcpctrl snortctrl \ - applejuicectrl rebuildhosts backupctrl \ + applejuicectrl rebuildhosts backupctrl collectdctrl \ logwatch openvpnctrl firewallctrl \ wirelessctrl getipstat qosctrl launch-ether-wake \ redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \ diff --git a/src/misc-progs/collectdctrl.c b/src/misc-progs/collectdctrl.c new file mode 100644 index 0000000000..86e4b2a99b --- /dev/null +++ b/src/misc-progs/collectdctrl.c @@ -0,0 +1,39 @@ +/* This file is part of the IPFire Firewall. + * + * This program is distributed under the terms of the GNU General Public + * Licence. See the file COPYING for details. + * + */ + +#include +#include +#include +#include +#include +#include "setuid.h" + +int main(int argc, char *argv[]) { + if (!(initsetuid())) + exit(1); + + if (argc < 2) { + fprintf(stderr, "\nNo argument given.\n\ncollectdctrl (start|stop|restart)\n\n"); + exit(1); + } + + if (strcmp(argv[1], "restart") == 0) { + safe_system("/etc/rc.d/init.d/collectd restart"); + + } else if (strcmp(argv[1], "stop") == 0) { + safe_system("/etc/rc.d/init.d/collectd stop"); + + } else if (strcmp(argv[1], "start") == 0) { + safe_system("/etc/rc.d/init.d/collectd start"); + + } else { + fprintf(stderr, "\nBad argument given.\n\ncollectdctrl (start|stop|restart)\n\n"); + exit(1); + } + + return 0; +} diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c index d20cced774..20967e471c 100644 --- a/src/misc-progs/openvpnctrl.c +++ b/src/misc-progs/openvpnctrl.c @@ -1,3 +1,4 @@ +#define _XOPEN_SOURCE 500 #include #include #include @@ -7,6 +8,7 @@ #include #include #include +#include #include "setuid.h" #include "netutil.h" #include "libsmooth.h" @@ -44,6 +46,18 @@ struct connection_struct { typedef struct connection_struct connection; +static int recursive_remove_callback(const char* fpath, const struct stat* sb, int typeflag, struct FTW* ftwbuf) { + int rv = remove(fpath); + if (rv) + perror(fpath); + + return rv; +} + +static int recursive_remove(const char* path) { + return nftw(path, recursive_remove_callback, 64, FTW_DEPTH | FTW_PHYS); +} + void exithandler(void) { if(kv) @@ -537,6 +551,7 @@ int startNet2Net(char *name) { int killNet2Net(char *name) { connection *conn = NULL; connection *conn_iter; + int rc = 0; conn_iter = getConnections(); @@ -569,26 +584,40 @@ int killNet2Net(char *name) { snprintf(command, STRING_SIZE - 1, "/bin/rm -f %s", pidfile); executeCommand(command); + char runfile[STRING_SIZE]; + snprintf(runfile, STRING_SIZE - 1, "/var/run/openvpn/%s-n2n", conn->name); + rc = recursive_remove(runfile); + if (rc) + perror(runfile); + return 0; } int deleterrd(char *name) { + char rrd_dir[STRING_SIZE]; + connection *conn = getConnections(); + while(conn) { + if (strcmp(conn->name, name) != 0) { + conn = conn->next; + continue; + } - char rrd_file[STRING_SIZE]; - snprintf(rrd_file, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s/if_octets.rrd", name); + // Handle RW connections + if (strcmp(conn->type, "host") == 0) { + snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s/", name); - char rrd_dir[STRING_SIZE]; - snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s", name); + // Handle N2N connections + } else if (strcmp(conn->type, "net") == 0) { + snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s-n2n/", name); - while(conn) { - /* Find only RW-Connections with the given name. */ - if (((strcmp(conn->type, "host") == 0) && (strcmp(conn->name, name) == 0))) { - remove(rrd_file); - remove(rrd_dir); - return 0; + // Unhandled connection type + } else { + conn = conn->next; + continue; } - conn = conn->next; + + return recursive_remove(rrd_dir); } return 1; diff --git a/src/patches/collectd/0022-openvpn-Change-data-type-from-COUNTER-to-DERIVE.patch b/src/patches/collectd/0022-openvpn-Change-data-type-from-COUNTER-to-DERIVE.patch index ec6819c9fa..0704a6b7f0 100644 --- a/src/patches/collectd/0022-openvpn-Change-data-type-from-COUNTER-to-DERIVE.patch +++ b/src/patches/collectd/0022-openvpn-Change-data-type-from-COUNTER-to-DERIVE.patch @@ -61,7 +61,7 @@ index 2db3677..d446e99 100644 sstrncpy (vl.plugin_instance, pinst, sizeof (vl.plugin_instance)); - sstrncpy (vl.type, "compression", sizeof (vl.type)); -+ sstrncpy (vl.type, "compression_dervice", sizeof (vl.type)); ++ sstrncpy (vl.type, "compression_derive", sizeof (vl.type)); if (tinst != NULL) sstrncpy (vl.type_instance, tinst, sizeof (vl.type_instance)); diff --git a/src/scripts/ovpn-collectd-convert b/src/scripts/ovpn-collectd-convert new file mode 100644 index 0000000000..59d67b9b0a --- /dev/null +++ b/src/scripts/ovpn-collectd-convert @@ -0,0 +1,26 @@ +#!/usr/bin/perl +# Converter script for adding existing OpenVPN N2N connections to collectd +# Used for core update 89 + +my %ovpnconfig=(); + +require '/var/ipfire/general-functions.pl'; + +open(COLLECTDVPN, ">${General::swroot}/ovpn/collectd.vpn") or die "Unable to open collectd.vpn: $!"; +print COLLECTDVPN "Loadplugin openvpn\n"; +print COLLECTDVPN "\n"; +print COLLECTDVPN "\n"; +print COLLECTDVPN "Statusfile \"/var/run/ovpnserver.log\"\n"; + +&General::readhasharray("/var/ipfire/ovpn/ovpnconfig", \%ovpnconfig); +foreach my $key (keys %ovpnconfig) { + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] eq 'net') { + print COLLECTDVPN "Statusfile \"/var/run/openvpn/$ovpnconfig{$key}[1]-n2n\"\n"; + } +} + +print COLLECTDVPN "\n"; +close(COLLECTDVPN); + +# Reload collectd afterwards +system("/usr/local/bin/collectdctrl restart &>/dev/null");