From 54fd05358b874a2bbb5c0f58f4a04f010c196388 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Tue, 6 Mar 2012 22:53:07 +0100 Subject: [PATCH] Import VPN changes by the Special Interest Group. See here for more details: http://lists.ipfire.org/pipermail/sig-vpn/2012-March/000031.html --- config/cfgroot/general-functions.pl | 8 + config/rootfiles/common/Net-Telnet | 4 + config/rootfiles/core/58/filelists/Net-Telnet | 1 + html/cgi-bin/index.cgi | 46 +++ html/cgi-bin/ovpnmain.cgi | 304 ++++++++++++++---- langs/de/cgi-bin/de.pl | 4 + lfs/Net-Telnet | 77 +++++ make.sh | 1 + 8 files changed, 382 insertions(+), 63 deletions(-) create mode 100644 config/rootfiles/common/Net-Telnet create mode 120000 config/rootfiles/core/58/filelists/Net-Telnet create mode 100644 lfs/Net-Telnet diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index cd4bfd5661..567f2e104e 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -414,6 +414,14 @@ sub ipcidr return "$ip\/$cidr"; } +sub ipcidr2msk +{ + my ($ip,$cidr) = &Net::IPv4Addr::ipv4_parse(shift); + my $netmask = &Net::IPv4Addr::ipv4_cidr2msk($cidr); + return "$ip\/$netmask"; +} + + sub validemail { my $mail = shift; return 0 if ( $mail !~ /^[0-9a-zA-Z\.\-\_]+\@[0-9a-zA-Z\.\-]+$/ ); diff --git a/config/rootfiles/common/Net-Telnet b/config/rootfiles/common/Net-Telnet new file mode 100644 index 0000000000..8769517877 --- /dev/null +++ b/config/rootfiles/common/Net-Telnet @@ -0,0 +1,4 @@ +usr/lib/perl5/site_perl/5.12.3/Net/Telnet.pm +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Net/Telnet +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Net/Telnet/.packlist +#usr/share/man/man3/Net::Telnet.3 diff --git a/config/rootfiles/core/58/filelists/Net-Telnet b/config/rootfiles/core/58/filelists/Net-Telnet new file mode 120000 index 0000000000..66ca926ff3 --- /dev/null +++ b/config/rootfiles/core/58/filelists/Net-Telnet @@ -0,0 +1 @@ +../../../common/Net-Telnet \ No newline at end of file diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi index b325250a58..002352354a 100644 --- a/html/cgi-bin/index.cgi +++ b/html/cgi-bin/index.cgi @@ -20,6 +20,7 @@ ############################################################################### use strict; +use Net::Telnet; # enable only the following on debugging purpose #use warnings; @@ -387,9 +388,54 @@ END OpenVPN
$ovpnip Online + END + } +### +# m.a.d n2n +### + +if ( -d "${General::swroot}/ovpn/n2nconf") { +my %confighash=(); +my $display = ''; + +&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); +foreach my $dkey (keys %confighash) { +if ($confighash{$dkey}[3] eq 'net') { + + + if (-e "/var/run/$confighash{$dkey}[1]n2n.pid") { + my @output = ""; + my @tustate = ""; + my $tport = $confighash{$dkey}[22]; + my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport); + if ($tport ne '') { + $tnet->open('127.0.0.1'); + @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/'); + @tustate = split(/\,/, $output[1]); + if ( $tustate[1] eq 'CONNECTED') + { $display = "$Lang::tr{'capsopen'}"; + } else { + $display = "$tustate[1]"; } + + print <OpenVPN n2n
+ $confighash{$dkey}[10] $display + +END +; +} +} +} +} +} + +### +# m.a.d n2n end +### + # Fireinfo if ( ! -e "/var/ipfire/main/send_profile") { $warnmessage .= "
  • $Lang::tr{'fireinfo please enable'}
    • "; diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index b6c5fc0ade..4bfb6aa2c6 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -18,11 +18,14 @@ # along with this program. If not, see . # # # ############################################################################### - +### +# Based on IPFireCore 55 +### use CGI; use CGI qw/:standard/; use Net::DNS; use Net::Ping; +use Net::Telnet; use File::Copy; use File::Temp qw/ tempfile tempdir /; use strict; @@ -33,8 +36,8 @@ require "${General::swroot}/header.pl"; require "${General::swroot}/countries.pl"; # enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; +use warnings; +use CGI::Carp 'fatalsToBrowser'; #workaround to suppress a warning when a variable is used only once my @dummy = ( ${Header::colourgreen} ); undef (@dummy); @@ -57,6 +60,7 @@ my %selected=(); my $warnmessage = ''; my $errormessage = ''; my %settings=(); +my $routes_push_file = ''; &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); $cgiparams{'ENABLED'} = 'off'; $cgiparams{'ENABLED_BLUE'} = 'off'; @@ -70,9 +74,11 @@ $cgiparams{'CA_NAME'} = ''; $cgiparams{'DHCP_DOMAIN'} = ''; $cgiparams{'DHCP_DNS'} = ''; $cgiparams{'DHCP_WINS'} = ''; +$cgiparams{'ROUTES_PUSH'} = ''; $cgiparams{'DCOMPLZO'} = 'off'; $cgiparams{'MSSFIX'} = ''; - +$routes_push_file = "${General::swroot}/ovpn/routes_push"; +unless (-e $routes_push_file) { system("touch $routes_push_file"); } &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'}); @@ -307,10 +313,13 @@ sub disallowreserved return; } + sub writeserverconf { - my %sovpnsettings = (); + my %sovpnsettings = (); + my @temp = (); &General::readhash("${General::swroot}/ovpn/settings", \%sovpnsettings); - + &read_routepushfile; + open(CONF, ">${General::swroot}/ovpn/server.conf") or die "Unable to open ${General::swroot}/ovpn/server.conf: $!"; flock CONF, 2; print CONF "#OpenVPN Server conf\n"; @@ -333,6 +342,16 @@ sub writeserverconf { my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'}); print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n"; print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n"; + + if ($vpnsettings{'ROUTES_PUSH'} ne '') { + @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'}); + foreach (@temp) + { + @tempovpnsubnet = split("\/",&General::ipcidr2msk($_)); + print CONF "push \"route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . "\"\n"; + } + } + if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { print CONF "client-to-client\n"; } @@ -410,7 +429,29 @@ sub validdotmask if (($mask =~ /\./ )) { return 0; } return 1; } - + +# ------------------------------------------------------------------- + +sub write_routepushfile +{ + open(FILE, ">$routes_push_file"); + flock(FILE, 2); + if ($vpnsettings{'ROUTES_PUSH'} ne '') { + print FILE $vpnsettings{'ROUTES_PUSH'}; + } + close(FILE); +} + +sub read_routepushfile +{ + if (-e "$routes_push_file") { + open(FILE,"$routes_push_file"); + delete $vpnsettings{'ROUTES_PUSH'}; + while () { $vpnsettings{'ROUTES_PUSH'} .= $_ }; + close(FILE); + $cgiparams{'ROUTES_PUSH'} = $vpnsettings{'ROUTES_PUSH'}; + } +} #hier die refresh page @@ -473,6 +514,8 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { $vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'}; $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'}; $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'}; + $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'}; + my @temp=(); if ($cgiparams{'FRAGMENT'} eq '') { delete $vpnsettings{'FRAGMENT'}; @@ -504,8 +547,31 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { if ($cgiparams{'DHCP_WINS'} ne ''){ unless (&General::validfqdn($cgiparams{'DHCP_WINS'}) || &General::validip($cgiparams{'DHCP_WINS'})) { $errormessage = $Lang::tr{'invalid input for dhcp wins'}; - goto ADV_ERROR; + goto ADV_ERROR; + } + } + if ($cgiparams{'ROUTES_PUSH'} ne ''){ + @temp = split(/\n/,$cgiparams{'ROUTES_PUSH'}); + undef $vpnsettings{'ROUTES_PUSH'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) + { + unless (&General::validipandmask($_)) { + $errormessage = $Lang::tr{'ovpn errmsg invalid ip or mask'}; + goto ADV_ERROR; + } + my ($ip, $cidr) = split("\/",&General::ipcidr2msk($_)); + if ($ip eq $netsettings{'GREEN_NETADDRESS'} && $cidr eq $netsettings{'GREEN_NETMASK'}) { + $errormessage = $Lang::tr{'ovpn errmsg green already pushed'}; + goto ADV_ERROR; + } + $vpnsettings{'ROUTES_PUSH'} .= $_."\n"; + } } + &write_routepushfile; + undef $vpnsettings{'ROUTES_PUSH'}; } if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 255 )) { $errormessage = $Lang::tr{'invalid input for max clients'}; @@ -541,7 +607,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'}); my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'}); -my $ovsubnet = "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]"; +my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]"; my $tunmtu = ''; unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";} @@ -564,7 +630,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "# IP adresses of the VPN Subnet\n"; print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; print SERVERCONF "# Client Gateway Network\n"; - print SERVERCONF "route @remsubnet[0] @remsubnet[1]\n"; + print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n"; print SERVERCONF "# tun Device\n"; print SERVERCONF "dev tun\n"; print SERVERCONF "# Port and Protokol\n"; @@ -582,10 +648,9 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "# Paketsize\n"; if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}}; print SERVERCONF "tun-mtu $tunmtu\n"; - if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";} - if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n";} + if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";} + if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; }; } - print SERVERCONF "# Auth. Server\n"; print SERVERCONF "tls-server\n"; print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; @@ -606,7 +671,8 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "daemon $cgiparams{'NAME'}n2n\n"; print SERVERCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n"; print SERVERCONF "# Activate Management Interface and Port\n"; - print SERVERCONF "#management localhost 4711\n"; + if ($cgiparams{'OVPN_MGMT'} eq '') {print SERVERCONF "management localhost $cgiparams{'DEST_PORT'}\n"} + else {print SERVERCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"}; close(SERVERCONF); } @@ -618,10 +684,10 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client') { my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'}); - my $ovsubnet = "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]"; + my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]"; my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'}); my $tunmtu = ''; - + unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";} unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";} @@ -642,7 +708,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "# IP adresses of the VPN Subnet\n"; print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; print CLIENTCONF "# Server Gateway Network\n"; - print CLIENTCONF "route @remsubnet[0] @remsubnet[1]\n"; + print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n"; print CLIENTCONF "# tun Device\n"; print CLIENTCONF "dev tun\n"; print CLIENTCONF "# Port and Protokol\n"; @@ -653,7 +719,6 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "# Packet size\n"; if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}}; print CLIENTCONF "tun-mtu $tunmtu\n"; - print CLIENTCONF "ns-cert-type server\n"; } if ($cgiparams{'PROTOCOL'} eq 'udp') { @@ -661,10 +726,11 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "# Paketsize\n"; if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}}; print CLIENTCONF "tun-mtu $tunmtu\n"; - if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";} - if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n";} + if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";} + if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; }; } - + + print CLIENTCONF "ns-cert-type server\n"; print CLIENTCONF "# Auth. Client\n"; print CLIENTCONF "tls-client\n"; print CLIENTCONF "# Cipher\n"; @@ -682,7 +748,8 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "daemon $cgiparams{'NAME'}n2n\n"; print CLIENTCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n"; print CLIENTCONF "# Activate Management Interface and Port\n"; - print CLIENTCONF "# management localhost 4711\n"; + if ($cgiparams{'OVPN_MGMT'} eq '') {print CLIENTCONF "management localhost $cgiparams{'DEST_PORT'}\n"} + else {print CLIENTCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"}; close(CLIENTCONF); } @@ -1549,9 +1616,10 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ my $zippathname = "$zippath$zipname"; $clientovpn = "$confighash{$cgiparams{'KEY'}}[1].conf"; my @ovsubnettemp = split(/\./,$confighash{$cgiparams{'KEY'}}[27]); - my $ovsubnet = "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]"; + my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]"; my $tunmtu = ''; my @remsubnet = split(/\//,$confighash{$cgiparams{'KEY'}}[8]); + my $n2nfragment = ''; open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!"; flock CLIENTCONF, 2; @@ -1582,7 +1650,6 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ print CLIENTCONF "# Packet size\n"; if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1400'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]}; print CLIENTCONF "tun-mtu $tunmtu\n"; - print CLIENTCONF "ns-cert-type server\n"; } if ($confighash{$cgiparams{'KEY'}}[28] eq 'udp') { @@ -1590,10 +1657,10 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ print CLIENTCONF "# Paketsize\n"; if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1500'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]}; print CLIENTCONF "tun-mtu $tunmtu\n"; - if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";} + if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";} if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";} } - + print CLIENTCONF "ns-cert-type server\n"; print CLIENTCONF "# Auth. Client\n"; print CLIENTCONF "tls-client\n"; print CLIENTCONF "# Cipher\n"; @@ -1614,7 +1681,8 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ print CLIENTCONF "daemon $confighash{$cgiparams{'KEY'}}[1]n2n\n"; print CLIENTCONF "writepid /var/run/$confighash{$cgiparams{'KEY'}}[1]n2n.pid\n"; print CLIENTCONF "# Activate Management Interface and Port\n"; - print CLIENTCONF "# management localhost 4711\n"; + if ($confighash{$cgiparams{'KEY'}}[22] eq '') {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[29]\n"} + else {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[22]\n"}; print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n"; @@ -1812,6 +1880,7 @@ else %cahash = (); %confighash = (); &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams); + read_routepushfile; # if ($cgiparams{'CLIENT2CLIENT'} eq '') { # $cgiparams{'CLIENT2CLIENT'} = 'on'; @@ -1886,6 +1955,25 @@ ADV_ERROR: WINS + + + $Lang::tr{'ovpn routes push options'} + + + $Lang::tr{'ovpn routes push'} + + +
    @@ -2200,7 +2288,12 @@ if ( -s "${General::swroot}/ovpn/settings") { $Lang::tr{'net to net vpn'} (Upload Client Package)   - +  Import Connection Name +  Default : Client Packagename +
    + +   + * $Lang::tr{'this field may be blank'} END ; @@ -2231,11 +2324,14 @@ END my @firen2nconf; my @confdetails; my $uplconffilename =''; + my $uplconffilename2 =''; my $uplp12name = ''; + my $uplp12name2 = ''; my @rem_subnet; my @rem_subnet2; my @tmposupnet3; my $key; + my @n2nname; &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); @@ -2299,14 +2395,38 @@ END ### # m.a.d net2net ### + + if ($cgiparams{'n2nname'} ne ''){ + + $uplconffilename2 = "$cgiparams{'n2nname'}.conf"; + $uplp12name2 = "$cgiparams{'n2nname'}.p12"; + $n2nname[0] = $cgiparams{'n2nname'}; + my @n2nname2 = split(/\./,$uplconffilename); + $n2nname2[0] =~ s/\n|\r//g; + my $input1 = "${General::swroot}/ovpn/certs/$uplp12name"; + my $output1 = "${General::swroot}/ovpn/certs/$uplp12name2"; + my $input2 = "$n2nname2[0]n2n"; + my $output2 = "$n2nname[0]n2n"; + my $filename = "$tempdir/$uplconffilename"; + open(FILE, "< $filename") or die 'Unable to open config file.'; + my @current = ; + close(FILE); + foreach (@current) {s/$input1/$output1/g;} + foreach (@current) {s/$input2/$output2/g;} + open (OUT, "> $filename") || die 'Unable to open config file.'; + print OUT @current; + close OUT; - my @n2nname = split(/\./,$uplconffilename); + }else{ + $uplconffilename2 = $uplconffilename; + $uplp12name2 = $uplp12name; + @n2nname = split(/\./,$uplconffilename); $n2nname[0] =~ s/\n|\r//g; - + } unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";} unless(-d "${General::swroot}/ovpn/n2nconf/$n2nname[0]"){mkdir "${General::swroot}/ovpn/n2nconf/$n2nname[0]", 0770 or die "Unable to create dir $!";} - move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename"); + move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2"); if ($? ne 0) { $errormessage = "*.conf move failed: $!"; @@ -2314,7 +2434,7 @@ END goto N2N_ERROR; } - move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name"); + move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name2"); chmod 0600, "${General::swroot}/ovpn/certs/$uplp12name"; if ($? ne 0) { @@ -2327,18 +2447,20 @@ my $complzoactive; my $mssfixactive; my $n2nfragment; my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]); -my @n2nproto = split(/-/, @n2nproto2[1]); +my @n2nproto = split(/-/, $n2nproto2[1]); my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]); my @n2ntunmtu = split(/ /, (grep { /^tun-mtu/ } @firen2nconf)[0]); my @n2ncomplzo = grep { /^comp-lzo/ } @firen2nconf; if ($n2ncomplzo[0] =~ /comp-lzo/){$complzoactive = "on";} else {$complzoactive = "off";} my @n2nmssfix = grep { /^mssfix/ } @firen2nconf; if ($n2nmssfix[0] =~ /mssfix/){$mssfixactive = "on";} else {$mssfixactive = "off";} +#my @n2nmssfix = split(/ /, (grep { /^mssfix/ } @firen2nconf)[0]); my @n2nfragment = split(/ /, (grep { /^fragment/ } @firen2nconf)[0]); my @n2nremote = split(/ /, (grep { /^remote/ } @firen2nconf)[0]); my @n2novpnsuball = split(/ /, (grep { /^ifconfig/ } @firen2nconf)[0]); my @n2novpnsub = split(/\./,$n2novpnsuball[1]); my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]); +my @n2nmgmt = split(/ /, (grep { /^management/ } @firen2nconf)[0]); my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]); @@ -2357,6 +2479,7 @@ $n2nremsub[1] =~ s/\n|\r//g; $n2nremsub[2] =~ s/\n|\r//g; $n2nlocalsub[2] =~ s/\n|\r//g; $n2nfragment[1] =~ s/\n|\r//g; +$n2nmgmt[2] =~ s/\n|\r//g; chomp ($complzoactive); chomp ($mssfixactive); @@ -2420,7 +2543,8 @@ foreach my $dkey (keys %confighash) { $confighash{$key}[8] = $n2nlocalsub[2]; $confighash{$key}[10] = $n2nremote[1]; $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]"; - $confighash{$key}[23] = $mssfixactive; + $confighash{$key}[22] = $n2nmgmt[2]; + $confighash{$key}[23] = $mssfixactive; $confighash{$key}[24] = $n2nfragment[1]; $confighash{$key}[25] = 'IPFire n2n Client'; $confighash{$key}[26] = 'red'; @@ -2466,6 +2590,7 @@ foreach my $dkey (keys %confighash) { MSSFIX $confighash{$key}[23] Fragment $confighash{$key}[24] $Lang::tr{'MTU'}$confighash{$key}[31] + Management Port $confighash{$key}[22]    END @@ -2546,6 +2671,7 @@ if ($confighash{$cgiparams{'KEY'}}) { $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10]; $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11]; # n2n m.a.d new fields + $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22]; $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23]; $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24]; $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; @@ -2612,6 +2738,13 @@ if ($cgiparams{'TYPE'} eq 'net') { rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; goto VPNCONF_ERROR; } + + if ($cgiparams{'DEST_PORT'} eq '') { + $errormessage = $Lang::tr{'openvpn destination port used'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) { $errormessage = $Lang::tr{'openvpn subnet is used'}; @@ -2654,6 +2787,11 @@ if ($cgiparams{'TYPE'} eq 'net') { rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; goto VPNCONF_ERROR; } + + if ($cgiparams{'OVPN_MGMT'} eq '') { + $cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'}; + } + } # if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) { @@ -3023,6 +3161,11 @@ if ($cgiparams{'TYPE'} eq 'net') { } $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; $confighash{$key}[10] = $cgiparams{'REMOTE'}; + if ($cgiparams{'OVPN_MGMT'} eq '') { + $confighash{$key}[22] = $confighash{$key}[29]; + } else { + $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'}; + } $confighash{$key}[23] = $cgiparams{'MSSFIX'}; $confighash{$key}[24] = $cgiparams{'FRAGMENT'}; $confighash{$key}[25] = $cgiparams{'REMARK'}; @@ -3069,6 +3212,14 @@ if ($cgiparams{'TYPE'} eq 'net') { goto VPNCONF_END; } else { $cgiparams{'ENABLED'} = 'on'; +### +# m.a.d n2n begin +### + $cgiparams{'MSSFIX'} = 'on'; + $cgiparams{'FRAGMENT'} = '1300'; +### +# m.a.d n2n end +### $cgiparams{'SIDE'} = 'left'; if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cgiparams{'AUTH'} = 'psk'; @@ -3204,13 +3355,19 @@ if ($cgiparams{'TYPE'} eq 'net') { mssfix   - - fragment   + $Lang::tr{'openvpn default'}: on + + fragment   $Lang::tr{'openvpn default'}: 1300 $Lang::tr{'MTU'}  - + + $Lang::tr{'openvpn default'}: udp/tcp 1500/1400 + + Management Port  + + $Lang::tr{'openvpn default'}: $Lang::tr{'destination port'} END ; @@ -3260,10 +3417,12 @@ END print < - + $Lang::tr{'upload a certificate request'} $Lang::tr{'upload a certificate'} - +   +
    +   $Lang::tr{'generate a certificate'}   $Lang::tr{'users fullname or system hostname'}:  $Lang::tr{'users email'}:  @@ -3292,7 +3451,8 @@ print < $Lang::tr{'city'}:   $Lang::tr{'state or province'}:   $Lang::tr{'country'}:   $Lang::tr{'pkcs12 file password'}:  $Lang::tr{'pkcs12 file password'}:
    ($Lang::tr{'confirmation'}) +   +
    + * $Lang::tr{'this field may be blank'} END }else{ @@ -3331,6 +3494,8 @@ END         +
    + * $Lang::tr{'this field may be blank'} END @@ -3683,6 +3848,7 @@ END ### # m.a.d net2net +#$Lang::tr{'remark'}
    L2089 ### &Header::openbox('100%', 'LEFT', $Lang::tr{'Client status and controlc' }); @@ -3694,8 +3860,8 @@ END $Lang::tr{'name'} $Lang::tr{'type'} $Lang::tr{'common name'} - $Lang::tr{'valid till'} - $Lang::tr{'remark'}
    L2089 + $Lang::tr{'valid till'} + $Lang::tr{'remark'} $Lang::tr{'status'} $Lang::tr{'action'} @@ -3727,7 +3893,7 @@ END my $active = "
    $Lang::tr{'capsclosed'}
    "; if ($confighash{$key}[0] eq 'off') { - $active = "
    $Lang::tr{'openvpn disabled'}
    "; + $active = "
    $Lang::tr{'capsclosed'}
    "; } else { ### @@ -3735,24 +3901,36 @@ END ### if ($confighash{$key}[3] eq 'net') { -# my @tempovpnsubnet = split("\/",$confighash{$key}[27]); -# my @ovpnip = split /\./,$tempovpnsubnet[0]; -# my $pingip = ""; -# if ($confighash{$key}[6] eq 'server') { -# $pingip = "$ovpnip[0].$ovpnip[1].$ovpnip[2].2"; -# } else { -# $pingip = "$ovpnip[0].$ovpnip[1].$ovpnip[2].1"; -# } -# my $p = Net::Ping->new("udp",1); -# if ($p->ping($pingip)) { -# $active = "
    $Lang::tr{'capsopen'}
    "; -# } -# $p->close(); - - if (-e "/var/run/$confighash{$key}[1]n2n.pid") { - $active = "
    $Lang::tr{'openvpn enabled'}
    "; - } - } + + if (-e "/var/run/$confighash{$key}[1]n2n.pid") { + my @output = ""; + my @tustate = ""; + my $tport = $confighash{$key}[22]; + my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport); + if ($tport ne '') { + $tnet->open('127.0.0.1'); + @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/'); + @tustate = split(/\,/, $output[1]); +### +#CONNECTING -- OpenVPN's initial state. +#WAIT -- (Client only) Waiting for initial response from server. +#AUTH -- (Client only) Authenticating with server. +#GET_CONFIG -- (Client only) Downloading configuration options from server. +#ASSIGN_IP -- Assigning IP address to virtual network interface. +#ADD_ROUTES -- Adding routes to system. +#CONNECTED -- Initialization Sequence Completed. +#RECONNECTING -- A restart has occurred. +#EXITING -- A graceful exit is in progress. +#### + + if ( $tustate[1] eq 'CONNECTED') { + $active = "
    $Lang::tr{'capsopen'}
    "; + } else { + $active = "
    $tustate[1]
    "; + } + } + } + } else { my $cn; my @match = (); @@ -3767,7 +3945,7 @@ END if ($cn eq "$confighash{$key}[2]") { $active = "
    $Lang::tr{'capsopen'}
    "; } - + } } } diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 727470fba9..a47c9f7bc8 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1367,6 +1367,10 @@ 'ovpn_processprioVH' => 'Sehr Hoch', 'ovpnstatus log' => 'OVPN-Status-Log', 'ovpnsys log' => 'OVPN-System-Log', +'ovpn routes push options' => 'Route push Optionen', +'ovpn routes push' => 'Routen', +'ovpn errmsg invalid ip or mask' => 'Ungültige Netzwerk-Adresse oder Subnetzmaske', +'ovpn errmsg green already pushed' => 'Route für grünes Netzwerk wird immer gesetzt', 'package failed to install' => 'Programmpaket konnte nicht installiert werden.', 'pagerefresh' => 'Seite wird aktualisiert. Bitte warten.', 'pakfire accept all' => 'Möchten Sie der Installation aller Pakete zustimmen?', diff --git a/lfs/Net-Telnet b/lfs/Net-Telnet new file mode 100644 index 0000000000..8d911f80bf --- /dev/null +++ b/lfs/Net-Telnet @@ -0,0 +1,77 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2012 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 3.03 + +THISAPP = Net-Telnet-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 2f7d34b09d6117baefe89d44cff9d5fc + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 18b986ec55..a720b627b0 100755 --- a/make.sh +++ b/make.sh @@ -572,6 +572,7 @@ buildipfire() { ipfiremake Locale-Country ipfiremake XML-Parser ipfiremake Crypt-PasswdMD5 + ipfiremake Net-Telnet ipfiremake python-setuptools ipfiremake python-clientform ipfiremake python-mechanize -- 2.39.2