]> git.ipfire.org Git - people/amarx/ipfire-2.x.git/blame - html/cgi-bin/ovpnmain.cgi
projects / people / amarx / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
CCD Extension 0.1
[people/amarx/ipfire-2.x.git] / html / cgi-bin / ovpnmain.cgi
CommitLineData
6e13d0a5 1#!/usr/bin/perl
70df8302
MT		 2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
cd0c0a0d 5# Copyright (C) 2007-2011 IPFire Team <info@ipfire.org> #
70df8302
MT		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
54fd0535
MT		 21###
22# Based on IPFireCore 55
23###
6e13d0a5
MT		 24use CGI;
25use CGI qw/:standard/;
26use Net::DNS;
ce9abb66 27use Net::Ping;
54fd0535 28use Net::Telnet;
6e13d0a5
MT		 29use File::Copy;
30use File::Temp qw/ tempfile tempdir /;
31use strict;
32use Archive::Zip qw(:ERROR_CODES :CONSTANTS);
6e13d0a5 33require '/var/ipfire/general-functions.pl';
6e13d0a5
MT		 34require "${General::swroot}/lang.pl";
35require "${General::swroot}/header.pl";
36require "${General::swroot}/countries.pl";
37
38# enable only the following on debugging purpose
54fd0535
MT		 39use warnings;
40use CGI::Carp 'fatalsToBrowser';
6e13d0a5
MT		 41#workaround to suppress a warning when a variable is used only once
42my @dummy = ( ${Header::colourgreen} );
43undef (@dummy);
44
f2fdd0c1
CS		 45my %color = ();
46my %mainsettings = ();
47&General::readhash("${General::swroot}/main/settings", \%mainsettings);
48&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
6e13d0a5
MT		 49
50###
51### Initialize variables
52###
53my %netsettings=();
54my %cgiparams=();
55my %vpnsettings=();
56my %checked=();
57my %confighash=();
58my %cahash=();
59my %selected=();
60my $warnmessage = '';
61my $errormessage = '';
62my %settings=();
54fd0535 63my $routes_push_file = '';
6e13d0a5
MT		 64&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
65$cgiparams{'ENABLED'} = 'off';
66$cgiparams{'ENABLED_BLUE'} = 'off';
67$cgiparams{'ENABLED_ORANGE'} = 'off';
68$cgiparams{'EDIT_ADVANCED'} = 'off';
69$cgiparams{'NAT'} = 'off';
70$cgiparams{'COMPRESSION'} = 'off';
71$cgiparams{'ONLY_PROPOSED'} = 'off';
72$cgiparams{'ACTION'} = '';
73$cgiparams{'CA_NAME'} = '';
74$cgiparams{'DHCP_DOMAIN'} = '';
75$cgiparams{'DHCP_DNS'} = '';
76$cgiparams{'DHCP_WINS'} = '';
54fd0535 77$cgiparams{'ROUTES_PUSH'} = '';
6e13d0a5 78$cgiparams{'DCOMPLZO'} = 'off';
a79fa1d6 79$cgiparams{'MSSFIX'} = '';
2cdd0a43 80$cgiparams{'number'} = '';
54fd0535
MT		 81$routes_push_file = "${General::swroot}/ovpn/routes_push";
82unless (-e $routes_push_file) { system("touch $routes_push_file"); }
2cdd0a43
AM		 83unless (-e "${General::swroot}/ovpn/ccd.conf") { system("touch ${General::swroot}/ovpn/ccd.conf"); }
84unless (-e "${General::swroot}/ovpn/ccdroute") { system("touch ${General::swroot}/ovpn/ccdroute"); }
85unless (-e "${General::swroot}/ovpn/ccdroute2") { system("touch ${General::swroot}/ovpn/ccdroute2"); }
ce9abb66 86
6e13d0a5
MT		 87&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
88
89# prepare openvpn config file
90###
91### Useful functions
92###
c6c9630e
MT		 93sub haveOrangeNet
94{
13211b21
CS		 95 if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;}
96 if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
c6c9630e
MT		 97 return 0;
98}
99
100sub haveBlueNet
101{
13211b21 102 if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;}
c6c9630e 103 if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
c6c9630e
MT		 104 return 0;
105}
106
107sub sizeformat{
108 my $bytesize = shift;
109 my $i = 0;
110
111 while(abs($bytesize) >= 1024){
112 $bytesize=$bytesize/1024;
113 $i++;
114 last if($i==6);
115 }
116
117 my @units = ("Bytes","KB","MB","GB","TB","PB","EB");
118 my $newsize=(int($bytesize*100 +0.5))/100;
119 return("$newsize $units[$i]");
120}
121
122sub valid_dns_host {
123 my $hostname = $_[0];
124 unless ($hostname) { return "No hostname"};
125 my $res = new Net::DNS::Resolver;
126 my $query = $res->search("$hostname");
127 if ($query) {
128 foreach my $rr ($query->answer) {
129 ## Potential bug - we are only looking at A records:
130 return 0 if $rr->type eq "A";
131 }
132 } else {
133 return $res->errorstring;
134 }
135}
136
137sub cleanssldatabase
138{
139 if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
140 print FILE "01";
141 close FILE;
142 }
143 if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt")) {
144 print FILE "";
145 close FILE;
146 }
147 unlink ("${General::swroot}/ovpn/certs/index.txt.old");
148 unlink ("${General::swroot}/ovpn/certs/serial.old");
149 unlink ("${General::swroot}/ovpn/certs/01.pem");
150}
151
152sub newcleanssldatabase
153{
154 if (! -s "${General::swroot}/ovpn/certs/serial" ) {
155 open(FILE, ">${General::swroot}(ovpn/certs/serial");
156 print FILE "01";
157 close FILE;
158 }
159 if (! -s ">${General::swroot}/ovpn/certs/index.txt") {
160 system ("touch ${General::swroot}/ovpn/certs/index.txt");
161 }
162 unlink ("${General::swroot}/ovpn/certs/index.txt.old");
163 unlink ("${General::swroot}/ovpn/certs/serial.old");
164}
165
166sub deletebackupcert
167{
168 if (open(FILE, "${General::swroot}/ovpn/certs/serial.old")) {
169 my $hexvalue = <FILE>;
170 chomp $hexvalue;
171 close FILE;
172 unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem");
173 }
174}
175
176sub checkportfw {
177 my $KEY2 = $_[0]; # key2
178 my $SRC_PORT = $_[1]; # src_port
179 my $PROTOCOL = $_[2]; # protocol
180 my $SRC_IP = $_[3]; # sourceip
181
182 my $pfwfilename = "${General::swroot}/portfw/config";
183 open(FILE, $pfwfilename) or die 'Unable to open config file.';
184 my @pfwcurrent = <FILE>;
185 close(FILE);
186 my $pfwkey1 = 0; # used for finding last sequence number used
187 foreach my $pfwline (@pfwcurrent)
188 {
189 my @pfwtemp = split(/\,/,$pfwline);
190
191 chomp ($pfwtemp[8]);
192 if ($KEY2 eq "0"){ # if key2 is 0 then it is a portfw addition
193 if ( $SRC_PORT eq $pfwtemp[3] &&
194 $PROTOCOL eq $pfwtemp[2] &&
195 $SRC_IP eq $pfwtemp[7])
196 {
197 $errormessage = "$Lang::tr{'source port in use'} $SRC_PORT";
198 }
199 # Check if key2 = 0, if it is then it is a port forward entry and we want the sequence number
200 if ( $pfwtemp[1] eq "0") {
201 $pfwkey1=$pfwtemp[0];
202 }
203 # Darren Critchley - Duplicate or overlapping Port range check
204 if ($pfwtemp[1] eq "0" &&
205 $PROTOCOL eq $pfwtemp[2] &&
206 $SRC_IP eq $pfwtemp[7] &&
207 $errormessage eq '')
208 {
209 &portchecks($SRC_PORT, $pfwtemp[5]);
210# &portchecks($pfwtemp[3], $pfwtemp[5]);
211# &portchecks($pfwtemp[3], $SRC_IP);
212 }
213 }
214 }
215# $errormessage="$KEY2 $SRC_PORT $PROTOCOL $SRC_IP";
216
217 return;
218}
219
220sub checkportoverlap
221{
222 my $portrange1 = $_[0]; # New port range
223 my $portrange2 = $_[1]; # existing port range
224 my @tempr1 = split(/\:/,$portrange1);
225 my @tempr2 = split(/\:/,$portrange2);
226
227 unless (&checkportinc($tempr1[0], $portrange2)){ return 0;}
228 unless (&checkportinc($tempr1[1], $portrange2)){ return 0;}
229
230 unless (&checkportinc($tempr2[0], $portrange1)){ return 0;}
231 unless (&checkportinc($tempr2[1], $portrange1)){ return 0;}
232
233 return 1; # Everything checks out!
234}
235
236# Darren Critchley - we want to make sure that a port entry is not within an already existing range
237sub checkportinc
238{
239 my $port1 = $_[0]; # Port
240 my $portrange2 = $_[1]; # Port range
241 my @tempr1 = split(/\:/,$portrange2);
242
243 if ($port1 < $tempr1[0] || $port1 > $tempr1[1]) {
244 return 1;
245 } else {
246 return 0;
247 }
248}
249# Darren Critchley - Duplicate or overlapping Port range check
250sub portchecks
251{
252 my $p1 = $_[0]; # New port range
253 my $p2 = $_[1]; # existing port range
254# $_ = $_[0];
255 our ($prtrange1, $prtrange2);
256 $prtrange1 = 0;
257# if (m/:/ && $prtrange1 == 1) { # comparing two port ranges
258# unless (&checkportoverlap($p1,$p2)) {
259# $errormessage = "$Lang::tr{'source port overlaps'} $p1";
260# }
261# }
262 if (m/:/ && $prtrange1 == 0 && $errormessage eq '') { # compare one port to a range
263 unless (&checkportinc($p2,$p1)) {
264 $errormessage = "$Lang::tr{'srcprt within existing'} $p1";
265 }
266 }
267 $prtrange1 = 1;
268 if (! m/:/ && $prtrange1 == 1 && $errormessage eq '') { # compare one port to a range
269 unless (&checkportinc($p1,$p2)) {
270 $errormessage = "$Lang::tr{'srcprt range overlaps'} $p2";
271 }
272 }
273 return;
274}
275
276# Darren Critchley - certain ports are reserved for IPFire
277# TCP 67,68,81,222,445
278# UDP 67,68
279# Params passed in -> port, rangeyn, protocol
280sub disallowreserved
281{
282 # port 67 and 68 same for tcp and udp, don't bother putting in an array
283 my $msg = "";
284 my @tcp_reserved = (81,222,445);
285 my $prt = $_[0]; # the port or range
286 my $ryn = $_[1]; # tells us whether or not it is a port range
287 my $prot = $_[2]; # protocol
288 my $srcdst = $_[3]; # source or destination
289 if ($ryn) { # disect port range
290 if ($srcdst eq "src") {
291 $msg = "$Lang::tr{'rsvd src port overlap'}";
292 } else {
293 $msg = "$Lang::tr{'rsvd dst port overlap'}";
294 }
295 my @tmprng = split(/\:/,$prt);
296 unless (67 < $tmprng[0] || 67 > $tmprng[1]) { $errormessage="$msg 67"; return; }
297 unless (68 < $tmprng[0] || 68 > $tmprng[1]) { $errormessage="$msg 68"; return; }
298 if ($prot eq "tcp") {
299 foreach my $prange (@tcp_reserved) {
300 unless ($prange < $tmprng[0] || $prange > $tmprng[1]) { $errormessage="$msg $prange"; return; }
301 }
302 }
303 } else {
304 if ($srcdst eq "src") {
305 $msg = "$Lang::tr{'reserved src port'}";
306 } else {
307 $msg = "$Lang::tr{'reserved dst port'}";
308 }
309 if ($prt == 67) { $errormessage="$msg 67"; return; }
310 if ($prt == 68) { $errormessage="$msg 68"; return; }
311 if ($prot eq "tcp") {
312 foreach my $prange (@tcp_reserved) {
313 if ($prange == $prt) { $errormessage="$msg $prange"; return; }
314 }
315 }
316 }
317 return;
318}
319
54fd0535 320
c6c9630e 321sub writeserverconf {
54fd0535
MT		 322 my %sovpnsettings = ();
323 my @temp = ();
c6c9630e 324 &General::readhash("${General::swroot}/ovpn/settings", \%sovpnsettings);
54fd0535
MT		 325 &read_routepushfile;
326
c6c9630e
MT		 327 open(CONF, ">${General::swroot}/ovpn/server.conf") or die "Unable to open ${General::swroot}/ovpn/server.conf: $!";
328 flock CONF, 2;
329 print CONF "#OpenVPN Server conf\n";
330 print CONF "\n";
331 print CONF "daemon openvpnserver\n";
332 print CONF "writepid /var/run/openvpn.pid\n";
afabe9f7 333 print CONF "#DAN prepare OpenVPN for listening on blue and orange\n";
c6c9630e
MT		 334 print CONF ";local $sovpnsettings{'VPN_IP'}\n";
335 print CONF "dev $sovpnsettings{'DDEVICE'}\n";
336 print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n";
337 print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
338 print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
2b29c22e 339 print CONF "script-security 3 system\n";
07675dc3 340 print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n";
6140e7e0 341 print CONF "client-config-dir /var/ipfire/ovpn/ccd\n";
c6c9630e
MT		 342 print CONF "tls-server\n";
343 print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n";
344 print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n";
345 print CONF "key /var/ipfire/ovpn/certs/serverkey.pem\n";
346 print CONF "dh /var/ipfire/ovpn/ca/dh1024.pem\n";
347 my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'});
348 print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n";
349 print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
54fd0535
MT		 350
351 if ($vpnsettings{'ROUTES_PUSH'} ne '') {
2cdd0a43
AM		 352 @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'});
353 foreach (@temp)
354 {
355 @tempovpnsubnet = split("\/",&General::ipcidr2msk($_));
356 print CONF "push \"route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . "\"\n";
357 }
54fd0535 358 }
2cdd0a43
AM		 359###########
360#A.Marx CCD---add route into server.conf
361###########
362 my %ccdconfhash=();
363 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
364 foreach my $key (keys %ccdconfhash) {
365 my $a=$ccdconfhash{$key}[1];
366 my ($b,$c) = split (/\//, $a);
367 print CONF "route $b ".&General::cidrtosub($c)."\n";
368 }
369 my %ccdroutehash=();
370 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
371 foreach my $key (keys %ccdroutehash) {
372 foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
373 my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]);
374 print CONF "route $a $b\n";
375 }
376 }
377###########
378#CCD END
379###########
380 if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
c6c9630e
MT		 381 print CONF "client-to-client\n";
382 }
1de5c945
EK		 383 if ($sovpnsettings{MSSFIX} eq 'on') {
384 print CONF "mssfix\n";
385 }
386 if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') {
387 print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
a79fa1d6 388 }
c6c9630e
MT		 389 if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {
390 print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
391 }
392 print CONF "status-version 1\n";
4e17adad 393 print CONF "status /var/log/ovpnserver.log 30\n";
c6c9630e
MT		 394 print CONF "cipher $sovpnsettings{DCIPHER}\n";
395 if ($sovpnsettings{DCOMPLZO} eq 'on') {
396 print CONF "comp-lzo\n";
397 }
398 if ($sovpnsettings{REDIRECT_GW_DEF1} eq 'on') {
399 print CONF "push \"redirect-gateway def1\"\n";
400 }
401 if ($sovpnsettings{DHCP_DOMAIN} ne '') {
402 print CONF "push \"dhcp-option DOMAIN $sovpnsettings{DHCP_DOMAIN}\"\n";
403 }
404
405 if ($sovpnsettings{DHCP_DNS} ne '') {
406 print CONF "push \"dhcp-option DNS $sovpnsettings{DHCP_DNS}\"\n";
407 }
408
409 if ($sovpnsettings{DHCP_WINS} ne '') {
410 print CONF "push \"dhcp-option WINS $sovpnsettings{DHCP_WINS}\"\n";
411 }
412
413 if ($sovpnsettings{DHCP_WINS} eq '') {
414 print CONF "max-clients 100\n";
a79fa1d6 415 }
c6c9630e
MT		 416 if ($sovpnsettings{DHCP_WINS} ne '') {
417 print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n";
418 }
419 print CONF "tls-verify /var/ipfire/ovpn/verify\n";
420 print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n";
421 print CONF "user nobody\n";
422 print CONF "group nobody\n";
423 print CONF "persist-key\n";
424 print CONF "persist-tun\n";
425 if ($sovpnsettings{LOG_VERB} ne '') {
426 print CONF "verb $sovpnsettings{LOG_VERB}\n";
427 } else {
428 print CONF "verb 3\n";
429 }
430 print CONF "\n";
431
432 close(CONF);
433}
434#
435sub emptyserverlog{
4e17adad 436 if (open(FILE, ">/var/log/ovpnserver.log")) {
c6c9630e
MT		 437 flock FILE, 2;
438 print FILE "";
439 close FILE;
440 }
441
442}
443
2cdd0a43
AM		 444#####################
445#A.Marx CCD functions
446#####################
447sub delccdnet
448{
449 my %ccdconfhash = ();
450 my %ccdhash = ();
451 my $ccdnetname=$_[0];
452 if (-f "${General::swroot}/ovpn/ovpnconfig"){
453 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
454 foreach my $key (keys %ccdhash) {
455 if ($ccdhash{$key}[32] eq $ccdnetname) {
456 $errormessage=$Lang::tr{'ccd err hostinnet'};
457 return;
458 }
459 }
460 }
461 if (!open(CCDCONF,'<',"${General::swroot}/ovpn/ccd.conf")){
462 $errormessage="Unable to open /var/ipfire/ovpn/ccd.conf! for READING";
463 }else{
464
465 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
466 foreach my $key (keys %ccdconfhash) {
467 if ($ccdconfhash{$key}[0] eq $ccdnetname){
468 delete $ccdconfhash{$key};
469 }
470 }
471 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
472 }
473 &writeserverconf;
474 return 0;
475}
476
477sub addccdnet
478{
479 my %ccdconfhash=();
480 my @ccdconf=();
481 my $ccdname=$_[0];
482 my $ccdnet=$_[1];
483 my $ovpnsubnet=$_[2];
484 my $subcidr;
485 my @ip2=();
486 my $checkup;
487 my $ccdip;
488 if (&General::validip2($ccdnet)){
489 $ccdnet=&General::iporsubtocidr($ccdnet);
490 }else{
491 $errormessage="Address invalid!";
492 return;
493 }
494 ($ccdip,$subcidr) = split (/\//,$ccdnet);
495 if ($ccdname eq '') {
496 $errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>";
497 }
498 if (&General::iporsubtocidr($ccdnet) eq &General::iporsubtocidr($ovpnsubnet)) {
499 $errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."<br>";
500 }
501 my $baseaddress=&General::getnetworkip($ccdip,$subcidr);
502 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
503 foreach my $key (keys %ccdconfhash) {
504 @ccdconf=split(/\//,$ccdconfhash{$key}[1]);
505 if ($ccdname eq $ccdconfhash{$key}[0]) {$errormessage=$errormessage.$Lang::tr{'ccd err nameexist'}."<br>";}
506 if ($ccdnet eq $ccdconfhash{$key}[1]) {$errormessage=$errormessage.$Lang::tr{'ccd err netadrexist'}."<br>";}
507 }
508 if (!$errormessage) {
509 my %ccdconfhash=();
510 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
511 my $key = &General::findhasharraykey (\%ccdconfhash);
512 foreach my $i (0 .. 1) { $ccdconfhash{$key}[$i] = "";}
513 $ccdconfhash{$key}[0] = $ccdname;
514 $ccdconfhash{$key}[1] = $baseaddress."/".$subcidr;
515 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
516 &writeserverconf;
517 return 0;
518 }
519}
520
521sub modccdnet
522{
523
524 my $newname=$_[0];
525 my $oldname=$_[1];
526 my %ccdconfhash=();
527 my %ccdhash=();
528 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
529 foreach my $key (keys %ccdconfhash) {
530 if ($ccdconfhash{$key}[0] eq $oldname) {
531 foreach my $key1 (keys %ccdconfhash) {
532 if ($ccdconfhash{$key1}[0] eq $newname){
533 $errormessage=$errormessage.$Lang::tr{'ccd err netadrexist'};
534 return;
535 }else{
536 $ccdconfhash{$key}[0]= $newname;
537 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
538 last;
539 }
540 }
541 }
542 }
543
544 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
545 foreach my $key (keys %ccdhash) {
546 if ($ccdhash{$key}[32] eq $oldname) {
547 $ccdhash{$key}[32]=$newname;
548 last;
549 }
550 }
551 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
552 return 0;
553}
554sub ccdmaxclients
555{
556 my $ccdnetwork=$_[0];
557 my @octets=();
558 my @subnet=();
559 @octets=split("\/",$ccdnetwork);
560 @subnet= split /\./, &General::cidrtosub($octets[1]);
561 my ($a,$b,$c,$d,$e);
562 $a=256-$subnet[0];
563 $b=256-$subnet[1];
564 $c=256-$subnet[2];
565 $d=256-$subnet[3];
566 $e=($a*$b*$c*$d)/4;
567 return $e;
568}
569
570sub getccdadresses
571{
572 my $ipin=$_[0];
573 my ($ip1,$ip2,$ip3,$ip4)=split /\./, $ipin;
574 my $cidr=$_[1];
575 chomp($cidr);
576 my $count=$_[2];
577 my $hasip=$_[3];
578 chomp($hasip);
579 my @iprange=();
580 my %ccdhash=();
581 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
582 $iprange[0]=$ip1.".".$ip2.".".$ip3.".".2;
583 for (my $i=0;$i<=$count-1;$i++) {
584 my $tmpip=$iprange[$i-1];
585 my $stepper=$i*4;
586 $iprange[$i]= &General::getnextip($tmpip,4);
587 }
588 my $r=0;
589 foreach my $key (keys %ccdhash) {
590 $r=0;
591 foreach my $tmp (@iprange){
592 my ($net,$sub) = split (/\//,$ccdhash{$key}[33]);
593 if ($net eq $tmp) {
594 if ( $hasip ne $ccdhash{$key}[33] ){
595 splice (@iprange,$r,1);
596 }
597 }
598 $r++;
599 }
600 #goto VPNCONF_ERROR;
601 }
602 return @iprange;
603}
604
605sub fillselectbox
606{
607 my $boxname=$_[1];
608 my ($ccdip,$subcidr) = split("/",$_[0]);
609 my $tz=$_[2];
610 my @allccdips=&getccdadresses($ccdip,$subcidr,&ccdmaxclients($ccdip."/".$subcidr),$tz);
611 print"<select name='$boxname' STYLE='font-family : arial; font-size : 9pt; width:120px;' >";
612 foreach (@allccdips) {
613 my $ip=$_."/30";
614 chomp($ip);
615 print "<option value='$ip' ";
616 if ( $ip eq $cgiparams{$boxname} ){
617 print"selected";
618 }
619 print ">$ip</option>";
620 }
621 print "</select>";
622}
623
624sub hostsinnet
625{
626 my $name=$_[0];
627 my %ccdhash=();
628 my $i=0;
629 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
630 foreach my $key (keys %ccdhash) {
631 if ($ccdhash{$key}[32] eq $name){ $i++;}
632 }
633 return $i;
634}
635
636sub check_routes_push
637{
638 my $val=$_[0];
639 my ($ip,$cidr) = split (/\//, $val);
640 ##check for existing routes in routes_push
641 if (-e "${General::swroot}/ovpn/routes_push") {
642 open(FILE,"${General::swroot}/ovpn/routes_push");
643 while (<FILE>) {
644 $_=~s/\s*$//g;
645 my $val2=&General::iporsubtodec($_);
646 my ($ip2,$cidr2) = split (/\//,$val2);
647 if($val eq $val2){
648 return 0;
649 }
650 #subnetcheck
651 if (&General::IpInSubnet ($ip,$ip2,$cidr2)){
652 return 0;
653 }
654 };
655 close(FILE);
656 }
657 return 1;
658}
659
660sub check_ccdroute
661{
662 my %ccdroutehash=();
663 my $val=$_[0];
664 my ($ip,$cidr) = split (/\//, $val);
665 #check for existing routes in ccdroute
666 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
667 foreach my $key (keys %ccdroutehash) {
668 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
669 if (&General::iporsubtodec($val) eq $ccdroutehash{$key}[$i] && $ccdroutehash{$key}[0] ne $cgiparams{'NAME'}){
670 return 0;
671 }
672 my ($ip2,$cidr2) = split (/\//,$ccdroutehash{$key}[$i]);
673 #subnetcheck
674 if (&General::IpInSubnet ($ip,$ip2,$cidr2)&& $ccdroutehash{$key}[0] ne $cgiparams{'NAME'} ){
675 return 0;
676 }
677 }
678 }
679 return 1;
680}
681sub check_ccdconf
682{
683 my %ccdconfhash=();
684 my $val=$_[0];
685 my ($ip,$cidr) = split (/\//, $val);
686 #check for existing routes in ccdroute
687 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
688 foreach my $key (keys %ccdconfhash) {
689 if (&General::iporsubtocidr($val) eq $ccdconfhash{$key}[1]){
690 return 0;
691 }
692 my ($ip2,$cidr2) = split (/\//,$ccdconfhash{$key}[1]);
693 #subnetcheck
694 if (&General::IpInSubnet ($ip,$ip2,&General::cidrtosub($cidr2))){
695 return 0;
696 }
697
698 }
699 return 1;
700}
701#A.Marx CCD functions end
702#########################
703
7c1d9faf
AH		 704###
705# m.a.d net2net
706###
707
708sub validdotmask
709{
710 my $ipdotmask = $_[0];
711 if (&General::validip($ipdotmask)) { return 0; }
712 if (!($ipdotmask =~ /^(.*?)\/(.*?)$/)) { }
713 my $mask = $2;
714 if (($mask =~ /\./ )) { return 0; }
715 return 1;
716}
54fd0535
MT		 717
718# -------------------------------------------------------------------
719
720sub write_routepushfile
721{
722 open(FILE, ">$routes_push_file");
723 flock(FILE, 2);
724 if ($vpnsettings{'ROUTES_PUSH'} ne '') {
725 print FILE $vpnsettings{'ROUTES_PUSH'};
726 }
727 close(FILE);
728}
729
730sub read_routepushfile
731{
732 if (-e "$routes_push_file") {
733 open(FILE,"$routes_push_file");
734 delete $vpnsettings{'ROUTES_PUSH'};
735 while (<FILE>) { $vpnsettings{'ROUTES_PUSH'} .= $_ };
736 close(FILE);
737 $cgiparams{'ROUTES_PUSH'} = $vpnsettings{'ROUTES_PUSH'};
2cdd0a43 738
54fd0535
MT		 739 }
740}
7c1d9faf
AH		 741
742
c6c9630e
MT		 743#hier die refresh page
744if ( -e "${General::swroot}/ovpn/gencanow") {
745 my $refresh = '';
746 $refresh = "<meta http-equiv='refresh' content='15;' />";
747 &Header::showhttpheaders();
748 &Header::openpage($Lang::tr{'OVPN'}, 1, $refresh);
749 &Header::openbigbox('100%', 'center');
750 &Header::openbox('100%', 'left', "$Lang::tr{'generate root/host certificates'}:");
751 print "<tr>\n<td align='center'><img src='/images/clock.gif' alt='' /></td>\n";
752 print "<td colspan='2'><font color='red'>Please be patient this realy can take some time on older hardware...</font></td></tr>\n";
753 &Header::closebox();
754 &Header::closebigbox();
755 &Header::closepage();
756 exit (0);
757}
758##hier die refresh page
759
6e13d0a5
MT		 760
761###
762### OpenVPN Server Control
763###
764if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'} ||
765 $cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'} ||
766 $cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}) {
6e13d0a5
MT		 767 #start openvpn server
768 if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'}){
c6c9630e 769 &emptyserverlog();
6e13d0a5
MT		 770 system('/usr/local/bin/openvpnctrl', '-s');
771 }
772 #stop openvpn server
773 if ($cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'}){
6e13d0a5 774 system('/usr/local/bin/openvpnctrl', '-k');
c6c9630e 775 &emptyserverlog();
6e13d0a5
MT		 776 }
777# #restart openvpn server
2cdd0a43 778# if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){
6e13d0a5 779#workarund, till SIGHUP also works when running as nobody
2cdd0a43
AM		 780# system('/usr/local/bin/openvpnctrl', '-r');
781# &emptyserverlog();
782# }
6e13d0a5
MT		 783}
784
785###
786### Save Advanced options
787###
788
789if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
790 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
791 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
792 #DAN this value has to leave.
793#new settings for daemon
794 $vpnsettings{'LOG_VERB'} = $cgiparams{'LOG_VERB'};
795 $vpnsettings{'KEEPALIVE_1'} = $cgiparams{'KEEPALIVE_1'};
796 $vpnsettings{'KEEPALIVE_2'} = $cgiparams{'KEEPALIVE_2'};
797 $vpnsettings{'MAX_CLIENTS'} = $cgiparams{'MAX_CLIENTS'};
798 $vpnsettings{'REDIRECT_GW_DEF1'} = $cgiparams{'REDIRECT_GW_DEF1'};
799 $vpnsettings{'CLIENT2CLIENT'} = $cgiparams{'CLIENT2CLIENT'};
800 $vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'};
801 $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
802 $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
54fd0535
MT		 803 $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
804 my @temp=();
6e13d0a5 805
a79fa1d6
JPT		 806 if ($cgiparams{'FRAGMENT'} eq '') {
807 delete $vpnsettings{'FRAGMENT'};
808 } else {
809 if ($cgiparams{'FRAGMENT'} !~ /^[0-9]+$/) {
810 $errormessage = "Incorrect value, please insert only numbers.";
811 goto ADV_ERROR;
812 } else {
813 $vpnsettings{'FRAGMENT'} = $cgiparams{'FRAGMENT'};
814 }
815 }
816 if ($cgiparams{'MSSFIX'} ne 'on') {
1de5c945 817 delete $vpnsettings{'MSSFIX'};
a79fa1d6
JPT		 818 } else {
819 $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
820 }
6e13d0a5
MT		 821 if ($cgiparams{'DHCP_DOMAIN'} ne ''){
822 unless (&General::validfqdn($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
823 $errormessage = $Lang::tr{'invalid input for dhcp domain'};
824 goto ADV_ERROR;
825 }
826 }
827 if ($cgiparams{'DHCP_DNS'} ne ''){
828 unless (&General::validfqdn($cgiparams{'DHCP_DNS'}) || &General::validip($cgiparams{'DHCP_DNS'})) {
829 $errormessage = $Lang::tr{'invalid input for dhcp dns'};
830 goto ADV_ERROR;
831 }
832 }
833 if ($cgiparams{'DHCP_WINS'} ne ''){
834 unless (&General::validfqdn($cgiparams{'DHCP_WINS'}) || &General::validip($cgiparams{'DHCP_WINS'})) {
835 $errormessage = $Lang::tr{'invalid input for dhcp wins'};
54fd0535
MT		 836 goto ADV_ERROR;
837 }
838 }
839 if ($cgiparams{'ROUTES_PUSH'} ne ''){
840 @temp = split(/\n/,$cgiparams{'ROUTES_PUSH'});
841 undef $vpnsettings{'ROUTES_PUSH'};
2cdd0a43
AM		 842
843 foreach my $tmpip (@temp)
54fd0535
MT		 844 {
845 s/^\s+//g; s/\s+$//g;
2cdd0a43
AM		 846
847 if ($tmpip)
54fd0535 848 {
2cdd0a43
AM		 849 $tmpip=~s/\s*$//g;
850 unless (&General::validipandmask($tmpip)) {
851 $errormessage = "$tmpip ".$Lang::tr{'ovpn errmsg invalid ip or mask'};
852 goto ADV_ERROR;
54fd0535 853 }
2cdd0a43
AM		 854 my ($ip, $cidr) = split("\/",&General::ipcidr2msk($tmpip));
855
54fd0535
MT		 856 if ($ip eq $netsettings{'GREEN_NETADDRESS'} && $cidr eq $netsettings{'GREEN_NETMASK'}) {
857 $errormessage = $Lang::tr{'ovpn errmsg green already pushed'};
2cdd0a43
AM		 858 goto ADV_ERROR;
859 }
860#########
861#A.Marx CCD
862#########
863 my %ccdroutehash=();
864 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
865 foreach my $key (keys %ccdroutehash) {
866 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
867 if ( $ip."/".$cidr eq $ccdroutehash{$key}[$i] ){
868 $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ;
869 goto ADV_ERROR;
870 }
871 my ($ip2,$cidr2) = split(/\//,$ccdroutehash{$key}[$i]);
872 if (&General::IpInSubnet ($ip,$ip2,$cidr2)){
873 $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ;
874 goto ADV_ERROR;
875 }
876 }
54fd0535 877 }
2cdd0a43
AM		 878
879##########
880#CCD End
881##########
882
883 $vpnsettings{'ROUTES_PUSH'} .= $tmpip."\n";
54fd0535 884 }
2cdd0a43
AM		 885 }
886 &write_routepushfile;
54fd0535 887 undef $vpnsettings{'ROUTES_PUSH'};
8e148dc3
NP		 888 }
889 else {
890 undef $vpnsettings{'ROUTES_PUSH'};
891 &write_routepushfile;
6e13d0a5 892 }
6e13d0a5
MT		 893 if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 255 )) {
894 $errormessage = $Lang::tr{'invalid input for max clients'};
895 goto ADV_ERROR;
896 }
897 if ($cgiparams{'KEEPALIVE_1'} ne '') {
898 if ($cgiparams{'KEEPALIVE_1'} !~ /^[0-9]+$/) {
899 $errormessage = $Lang::tr{'invalid input for keepalive 1'};
900 goto ADV_ERROR;
901 }
902 }
903 if ($cgiparams{'KEEPALIVE_2'} ne ''){
904 if ($cgiparams{'KEEPALIVE_2'} !~ /^[0-9]+$/) {
905 $errormessage = $Lang::tr{'invalid input for keepalive 2'};
906 goto ADV_ERROR;
907 }
908 }
909 if ($cgiparams{'KEEPALIVE_2'} < ($cgiparams{'KEEPALIVE_1'} * 2)){
910 $errormessage = $Lang::tr{'invalid input for keepalive 1:2'};
911 goto ADV_ERROR;
912 }
913
914 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
c6c9630e 915 &writeserverconf();#hier ok
6e13d0a5
MT		 916}
917
ce9abb66 918###
7c1d9faf 919# m.a.d net2net
ce9abb66
AH		 920###
921
922if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'server')
923{
c6c9630e 924
ce9abb66
AH		 925my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
926my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'});
54fd0535 927my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
d96c89eb 928my $tunmtu = '';
531f0835
AH		 929
930unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
931unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
ce9abb66
AH		 932
933 open(SERVERCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
934
935 flock SERVERCONF, 2;
7c1d9faf 936 print SERVERCONF "# IPFire n2n Open VPN Server Config by ummeegge und m.a.d\n";
ce9abb66 937 print SERVERCONF "\n";
b278daf3 938 print SERVERCONF "# User Security\n";
ce9abb66
AH		 939 print SERVERCONF "user nobody\n";
940 print SERVERCONF "group nobody\n";
941 print SERVERCONF "persist-tun\n";
942 print SERVERCONF "persist-key\n";
7c1d9faf 943 print SERVERCONF "script-security 2\n";
60f396d7 944 print SERVERCONF "# IP/DNS for remote Server Gateway\n";
ce9abb66 945 print SERVERCONF "remote $cgiparams{'REMOTE'}\n";
b278daf3 946 print SERVERCONF "float\n";
60f396d7 947 print SERVERCONF "# IP adresses of the VPN Subnet\n";
ce9abb66 948 print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n";
60f396d7 949 print SERVERCONF "# Client Gateway Network\n";
54fd0535 950 print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n";
60f396d7 951 print SERVERCONF "# tun Device\n";
ce9abb66 952 print SERVERCONF "dev tun\n";
60f396d7 953 print SERVERCONF "# Port and Protokol\n";
ce9abb66 954 print SERVERCONF "port $cgiparams{'DEST_PORT'}\n";
60f396d7
AH		 955
956 if ($cgiparams{'PROTOCOL'} eq 'tcp') {
957 print SERVERCONF "proto tcp-server\n";
958 print SERVERCONF "# Packet size\n";
d96c89eb 959 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
60f396d7 960 print SERVERCONF "tun-mtu $tunmtu\n";
d96c89eb 961 }
60f396d7
AH		 962
963 if ($cgiparams{'PROTOCOL'} eq 'udp') {
964 print SERVERCONF "proto udp\n";
965 print SERVERCONF "# Paketsize\n";
966 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
967 print SERVERCONF "tun-mtu $tunmtu\n";
54fd0535
MT		 968 if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";}
969 if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; };
d96c89eb 970 }
60f396d7 971 print SERVERCONF "# Auth. Server\n";
ce9abb66
AH		 972 print SERVERCONF "tls-server\n";
973 print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
974 print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
975 print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
976 print SERVERCONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n";
b278daf3 977 print SERVERCONF "# Cipher\n";
ce9abb66
AH		 978 print SERVERCONF "cipher AES-256-CBC\n";
979 if ($cgiparams{'COMPLZO'} eq 'on') {
60f396d7 980 print SERVERCONF "# Enable Compression\n";
ce9abb66 981 print SERVERCONF "comp-lzo\r\n";
b278daf3 982 }
60f396d7 983 print SERVERCONF "# Debug Level\n";
ce9abb66 984 print SERVERCONF "verb 3\n";
b278daf3 985 print SERVERCONF "# Tunnel check\n";
ce9abb66 986 print SERVERCONF "keepalive 10 60\n";
60f396d7 987 print SERVERCONF "# Start as daemon\n";
ce9abb66
AH		 988 print SERVERCONF "daemon $cgiparams{'NAME'}n2n\n";
989 print SERVERCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n";
60f396d7 990 print SERVERCONF "# Activate Management Interface and Port\n";
54fd0535
MT		 991 if ($cgiparams{'OVPN_MGMT'} eq '') {print SERVERCONF "management localhost $cgiparams{'DEST_PORT'}\n"}
992 else {print SERVERCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"};
ce9abb66
AH		 993 close(SERVERCONF);
994
995}
996
997###
7c1d9faf 998# m.a.d net2net
ce9abb66 999###
7c1d9faf 1000
ce9abb66
AH		 1001if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client')
1002{
1003 my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'});
54fd0535 1004 my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
ce9abb66 1005 my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
d96c89eb 1006 my $tunmtu = '';
54fd0535 1007
531f0835
AH		 1008unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
1009unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
ce9abb66
AH		 1010
1011 open(CLIENTCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
1012
1013 flock CLIENTCONF, 2;
7c1d9faf 1014 print CLIENTCONF "# IPFire rewritten n2n Open VPN Client Config by ummeegge und m.a.d\n";
ce9abb66 1015 print CLIENTCONF "#\n";
b278daf3 1016 print CLIENTCONF "# User Security\n";
ce9abb66
AH		 1017 print CLIENTCONF "user nobody\n";
1018 print CLIENTCONF "group nobody\n";
1019 print CLIENTCONF "persist-tun\n";
1020 print CLIENTCONF "persist-key\n";
7c1d9faf 1021 print CLIENTCONF "script-security 2\n";
60f396d7 1022 print CLIENTCONF "# IP/DNS for remote Server Gateway\n";
ce9abb66 1023 print CLIENTCONF "remote $cgiparams{'REMOTE'}\n";
b278daf3 1024 print CLIENTCONF "float\n";
60f396d7 1025 print CLIENTCONF "# IP adresses of the VPN Subnet\n";
ce9abb66 1026 print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n";
60f396d7 1027 print CLIENTCONF "# Server Gateway Network\n";
54fd0535 1028 print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";
60f396d7 1029 print CLIENTCONF "# tun Device\n";
ce9abb66 1030 print CLIENTCONF "dev tun\n";
60f396d7 1031 print CLIENTCONF "# Port and Protokol\n";
ce9abb66 1032 print CLIENTCONF "port $cgiparams{'DEST_PORT'}\n";
60f396d7
AH		 1033
1034 if ($cgiparams{'PROTOCOL'} eq 'tcp') {
1035 print CLIENTCONF "proto tcp-client\n";
1036 print CLIENTCONF "# Packet size\n";
d96c89eb 1037 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
60f396d7 1038 print CLIENTCONF "tun-mtu $tunmtu\n";
d96c89eb 1039 }
60f396d7
AH		 1040
1041 if ($cgiparams{'PROTOCOL'} eq 'udp') {
1042 print CLIENTCONF "proto udp\n";
1043 print CLIENTCONF "# Paketsize\n";
1044 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
1045 print CLIENTCONF "tun-mtu $tunmtu\n";
54fd0535
MT		 1046 if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";}
1047 if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; };
d96c89eb 1048 }
54fd0535
MT		 1049
1050 print CLIENTCONF "ns-cert-type server\n";
ce9abb66
AH		 1051 print CLIENTCONF "# Auth. Client\n";
1052 print CLIENTCONF "tls-client\n";
b278daf3 1053 print CLIENTCONF "# Cipher\n";
ce9abb66
AH		 1054 print CLIENTCONF "cipher AES-256-CBC\n";
1055 print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n";
ce9abb66 1056 if ($cgiparams{'COMPLZO'} eq 'on') {
60f396d7 1057 print CLIENTCONF "# Enable Compression\n";
ce9abb66 1058 print CLIENTCONF "comp-lzo\r\n";
b278daf3 1059 }
ce9abb66
AH		 1060 print CLIENTCONF "# Debug Level\n";
1061 print CLIENTCONF "verb 3\n";
b278daf3 1062 print CLIENTCONF "# Tunnel check\n";
ce9abb66 1063 print CLIENTCONF "keepalive 10 60\n";
60f396d7 1064 print CLIENTCONF "# Start as daemon\n";
ce9abb66
AH		 1065 print CLIENTCONF "daemon $cgiparams{'NAME'}n2n\n";
1066 print CLIENTCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n";
60f396d7 1067 print CLIENTCONF "# Activate Management Interface and Port\n";
54fd0535
MT		 1068 if ($cgiparams{'OVPN_MGMT'} eq '') {print CLIENTCONF "management localhost $cgiparams{'DEST_PORT'}\n"}
1069 else {print CLIENTCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"};
ce9abb66 1070 close(CLIENTCONF);
c6c9630e 1071
ce9abb66
AH		 1072}
1073
6e13d0a5
MT		 1074###
1075### Save main settings
1076###
ce9abb66
AH		 1077
1078
6e13d0a5
MT		 1079if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') {
1080 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
6e13d0a5
MT		 1081 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
1082 #DAN this value has to leave.
1083 if ($cgiparams{'ENABLED'} eq 'on'){
1084 unless (&General::validfqdn($cgiparams{'VPN_IP'}) || &General::validip($cgiparams{'VPN_IP'})) {
1085 $errormessage = $Lang::tr{'invalid input for hostname'};
c6c9630e 1086 goto SETTINGS_ERROR;
6e13d0a5
MT		 1087 }
1088 }
1089 if ($cgiparams{'ENABLED'} eq 'on'){
c6c9630e 1090 &disallowreserved($cgiparams{'DDEST_PORT'},0,$cgiparams{'DPROTOCOL'},"dest");
6e13d0a5
MT		 1091 }
1092 if ($errormessage) { goto SETTINGS_ERROR; }
1093
1094
1095 if ($cgiparams{'ENABLED'} eq 'on'){
c6c9630e 1096 &checkportfw(0,$cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'},'0.0.0.0');
6e13d0a5
MT		 1097 }
1098
1099 if ($errormessage) { goto SETTINGS_ERROR; }
1100
1101 if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) {
c6c9630e
MT		 1102 $errormessage = $Lang::tr{'ovpn subnet is invalid'};
1103 goto SETTINGS_ERROR;
1104 }
1105 my @tmpovpnsubnet = split("\/",$cgiparams{'DOVPN_SUBNET'});
1106
1107 if (&General::IpInSubnet ( $netsettings{'RED_ADDRESS'},
1108 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1109 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire RED Network $netsettings{'RED_ADDRESS'}";
1110 goto SETTINGS_ERROR;
1111 }
1112
1113 if (&General::IpInSubnet ( $netsettings{'GREEN_ADDRESS'},
1114 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1115 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Green Network $netsettings{'GREEN_ADDRESS'}";
1116 goto SETTINGS_ERROR;
1117 }
1118
1119 if (&General::IpInSubnet ( $netsettings{'BLUE_ADDRESS'},
1120 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1121 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Blue Network $netsettings{'BLUE_ADDRESS'}";
1122 goto SETTINGS_ERROR;
1123 }
1124
1125 if (&General::IpInSubnet ( $netsettings{'ORANGE_ADDRESS'},
1126 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1127 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Orange Network $netsettings{'ORANGE_ADDRESS'}";
1128 goto SETTINGS_ERROR;
1129 }
1130 open(ALIASES, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.';
1131 while (<ALIASES>)
1132 {
1133 chomp($_);
1134 my @tempalias = split(/\,/,$_);
1135 if ($tempalias[1] eq 'on') {
1136 if (&General::IpInSubnet ($tempalias[0] ,
1137 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1138 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire alias entry $tempalias[0]";
1139 }
1140 }
1141 }
1142 close(ALIASES);
6e13d0a5 1143 if ($errormessage ne ''){
c6c9630e 1144 goto SETTINGS_ERROR;
6e13d0a5
MT		 1145 }
1146 if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
1147 $errormessage = $Lang::tr{'invalid input'};
1148 goto SETTINGS_ERROR;
1149 }
1150 if ((length($cgiparams{'DMTU'})==0) || (($cgiparams{'DMTU'}) < 1000 )) {
1151 $errormessage = $Lang::tr{'invalid mtu input'};
1152 goto SETTINGS_ERROR;
1153 }
1154
1155 unless (&General::validport($cgiparams{'DDEST_PORT'})) {
c6c9630e
MT		 1156 $errormessage = $Lang::tr{'invalid port'};
1157 goto SETTINGS_ERROR;
6e13d0a5 1158 }
6e13d0a5
MT		 1159 $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
1160 $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
1161 $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
1162 $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
1163#new settings for daemon
1164 $vpnsettings{'DOVPN_SUBNET'} = $cgiparams{'DOVPN_SUBNET'};
1165 $vpnsettings{'DDEVICE'} = $cgiparams{'DDEVICE'};
1166 $vpnsettings{'DPROTOCOL'} = $cgiparams{'DPROTOCOL'};
1167 $vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'};
1168 $vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
1169 $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
1170 $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
3ffee04b
CS		 1171#wrtie enable
1172
1173 if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");}
1174 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_orange 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_orange 2>/dev/null");}
1175 if ( $vpnsettings{'ENABLED'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable 2>/dev/null");}
6e13d0a5
MT		 1176#new settings for daemon
1177 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
c6c9630e 1178 &writeserverconf();#hier ok
6e13d0a5
MT		 1179SETTINGS_ERROR:
1180###
1181### Reset all step 2
1182###
1183}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reset'} && $cgiparams{'AREUSURE'} eq 'yes') {
1184 my $file = '';
1185 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1186
1187 foreach my $key (keys %confighash) {
c6c9630e
MT		 1188 if ($confighash{$key}[4] eq 'cert') {
1189 delete $confighash{$cgiparams{'$key'}};
1190 }
6e13d0a5
MT		 1191 }
1192 while ($file = glob("${General::swroot}/ovpn/ca/*")) {
c6c9630e 1193 unlink $file
6e13d0a5
MT		 1194 }
1195 while ($file = glob("${General::swroot}/ovpn/certs/*")) {
c6c9630e 1196 unlink $file
6e13d0a5
MT		 1197 }
1198 while ($file = glob("${General::swroot}/ovpn/crls/*")) {
c6c9630e 1199 unlink $file
6e13d0a5 1200 }
c6c9630e 1201 &cleanssldatabase();
6e13d0a5
MT		 1202 if (open(FILE, ">${General::swroot}/ovpn/caconfig")) {
1203 print FILE "";
1204 close FILE;
1205 }
1206 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 1207 #&writeserverconf();
6e13d0a5
MT		 1208###
1209### Reset all step 1
1210###
1211}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reset'}) {
1212 &Header::showhttpheaders();
1213 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
1214 &Header::openbigbox('100%', 'LEFT', '', '');
1215 &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'});
1216 print <<END
1217 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
1218 <tr><td align='center'>
1219 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
1220 $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}
1221 <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' />
1222 <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td></tr>
1223 </form></table>
1224END
1225 ;
1226 &Header::closebox();
1227 &Header::closebigbox();
1228 &Header::closepage();
1229 exit (0);
1230
1231###
1232### Upload CA Certificate
1233###
1234} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload ca certificate'}) {
1235 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1236
1237 if ($cgiparams{'CA_NAME'} !~ /^[a-zA-Z0-9]+$/) {
1238 $errormessage = $Lang::tr{'name must only contain characters'};
1239 goto UPLOADCA_ERROR;
1240 }
1241
1242 if (length($cgiparams{'CA_NAME'}) >60) {
1243 $errormessage = $Lang::tr{'name too long'};
1244 goto VPNCONF_ERROR;
1245 }
1246
1247 if ($cgiparams{'CA_NAME'} eq 'ca') {
1248 $errormessage = $Lang::tr{'name is invalid'};
1249 goto UPLOAD_CA_ERROR;
1250 }
1251
1252 # Check if there is no other entry with this name
1253 foreach my $key (keys %cahash) {
c6c9630e
MT		 1254 if ($cahash{$key}[0] eq $cgiparams{'CA_NAME'}) {
1255 $errormessage = $Lang::tr{'a ca certificate with this name already exists'};
1256 goto UPLOADCA_ERROR;
1257 }
6e13d0a5
MT		 1258 }
1259
1260 if (ref ($cgiparams{'FH'}) ne 'Fh') {
c6c9630e
MT		 1261 $errormessage = $Lang::tr{'there was no file upload'};
1262 goto UPLOADCA_ERROR;
6e13d0a5
MT		 1263 }
1264 # Move uploaded ca to a temporary file
1265 (my $fh, my $filename) = tempfile( );
1266 if (copy ($cgiparams{'FH'}, $fh) != 1) {
c6c9630e
MT		 1267 $errormessage = $!;
1268 goto UPLOADCA_ERROR;
6e13d0a5
MT		 1269 }
1270 my $temp = `/usr/bin/openssl x509 -text -in $filename`;
c6c9630e
MT		 1271 if ($temp !~ /CA:TRUE/i) {
1272 $errormessage = $Lang::tr{'not a valid ca certificate'};
1273 unlink ($filename);
1274 goto UPLOADCA_ERROR;
6e13d0a5 1275 } else {
c6c9630e
MT		 1276 move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem");
1277 if ($? ne 0) {
1278 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1279 unlink ($filename);
1280 goto UPLOADCA_ERROR;
1281 }
6e13d0a5
MT		 1282 }
1283
1284 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem`;
1285 $casubject =~ /Subject: (.*)[\n]/;
1286 $casubject = $1;
1287 $casubject =~ s+/Email+, E+;
1288 $casubject =~ s/ ST=/ S=/;
1289 $casubject = &Header::cleanhtml($casubject);
1290
1291 my $key = &General::findhasharraykey (\%cahash);
1292 $cahash{$key}[0] = $cgiparams{'CA_NAME'};
1293 $cahash{$key}[1] = $casubject;
1294 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
c6c9630e
MT		 1295# system('/usr/local/bin/ipsecctrl', 'R');
1296
6e13d0a5
MT		 1297 UPLOADCA_ERROR:
1298
1299###
1300### Display ca certificate
1301###
1302} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show ca certificate'}) {
c6c9630e
MT		 1303 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1304
1305 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem") {
1306 &Header::showhttpheaders();
1307 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
1308 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
1309 &Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:");
1310 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
1311 $output = &Header::cleanhtml($output,"y");
1312 print "<pre>$output</pre>\n";
1313 &Header::closebox();
1314 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1315 &Header::closebigbox();
1316 &Header::closepage();
1317 exit(0);
1318 } else {
1319 $errormessage = $Lang::tr{'invalid key'};
1320 }
1321
6e13d0a5
MT		 1322###
1323### Download ca certificate
1324###
1325} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download ca certificate'}) {
1326 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1327
1328 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1329 print "Content-Type: application/octet-stream\r\n";
1330 print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
1331 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
1332 exit(0);
1333 } else {
1334 $errormessage = $Lang::tr{'invalid key'};
1335 }
1336
1337###
1338### Remove ca certificate (step 2)
1339###
1340} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'} && $cgiparams{'AREUSURE'} eq 'yes') {
1341 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1342 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1343
1344 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1345 foreach my $key (keys %confighash) {
1346 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
1347 if ($test =~ /: OK/) {
c6c9630e
MT		 1348 # Delete connection
1349# if ($vpnsettings{'ENABLED'} eq 'on' ||
1350# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
1351# system('/usr/local/bin/ipsecctrl', 'D', $key);
1352# }
6e13d0a5
MT		 1353 unlink ("${General::swroot}/ovpn//certs/$confighash{$key}[1]cert.pem");
1354 unlink ("${General::swroot}/ovpn/certs/$confighash{$key}[1].p12");
1355 delete $confighash{$key};
1356 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 1357# &writeipsecfiles();
6e13d0a5
MT		 1358 }
1359 }
1360 unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
1361 delete $cahash{$cgiparams{'KEY'}};
1362 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
c6c9630e 1363# system('/usr/local/bin/ipsecctrl', 'R');
6e13d0a5
MT		 1364 } else {
1365 $errormessage = $Lang::tr{'invalid key'};
1366 }
1367###
1368### Remove ca certificate (step 1)
1369###
1370} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'}) {
1371 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1372 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1373
1374 my $assignedcerts = 0;
1375 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1376 foreach my $key (keys %confighash) {
1377 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
1378 if ($test =~ /: OK/) {
1379 $assignedcerts++;
1380 }
1381 }
1382 if ($assignedcerts) {
1383 &Header::showhttpheaders();
1384 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
1385 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
1386 &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'});
1387 print <<END
1388 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
1389 <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
1390 <tr><td align='center'>
1391 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>: $assignedcerts
1392 $Lang::tr{'connections are associated with this ca. deleting the ca will delete these connections as well.'}
1393 <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
1394 <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td></tr>
1395 </form></table>
1396END
1397 ;
1398 &Header::closebox();
1399 &Header::closebigbox();
1400 &Header::closepage();
1401 exit (0);
1402 } else {
1403 unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
1404 delete $cahash{$cgiparams{'KEY'}};
1405 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1406# system('/usr/local/bin/ipsecctrl', 'R');
1407 }
1408 } else {
1409 $errormessage = $Lang::tr{'invalid key'};
1410 }
1411
1412###
1413### Display root certificate
1414###
c6c9630e
MT		 1415}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} ||
1416 $cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
1417 my $output;
1418 &Header::showhttpheaders();
1419 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
1420 &Header::openbigbox('100%', 'LEFT', '', '');
1421 if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
1422 &Header::openbox('100%', 'LEFT', "$Lang::tr{'root certificate'}:");
1423 $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
1424 } else {
1425 &Header::openbox('100%', 'LEFT', "$Lang::tr{'host certificate'}:");
1426 $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
1427 }
1428 $output = &Header::cleanhtml($output,"y");
1429 print "<pre>$output</pre>\n";
1430 &Header::closebox();
1431 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1432 &Header::closebigbox();
1433 &Header::closepage();
1434 exit(0);
1435
6e13d0a5
MT		 1436###
1437### Download root certificate
1438###
1439}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download root certificate'}) {
1440 if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
1441 print "Content-Type: application/octet-stream\r\n";
1442 print "Content-Disposition: filename=cacert.pem\r\n\r\n";
1443 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/cacert.pem`;
1444 exit(0);
1445 }
1446
1447###
1448### Download host certificate
1449###
1450}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download host certificate'}) {
1451 if ( -f "${General::swroot}/ovpn/certs/servercert.pem" ) {
1452 print "Content-Type: application/octet-stream\r\n";
1453 print "Content-Disposition: filename=servercert.pem\r\n\r\n";
1454 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem`;
1455 exit(0);
1456 }
1457###
1458### Form for generating a root certificate
1459###
1460}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate root/host certificates'} ||
1461 $cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
1462
1463 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1464 if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
1465 $errormessage = $Lang::tr{'valid root certificate already exists'};
1466 $cgiparams{'ACTION'} = '';
1467 goto ROOTCERT_ERROR;
1468 }
1469
1470 if (($cgiparams{'ROOTCERT_HOSTNAME'} eq '') && -e "${General::swroot}/red/active") {
1471 if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
1472 my $ipaddr = <IPADDR>;
1473 close IPADDR;
1474 chomp ($ipaddr);
1475 $cgiparams{'ROOTCERT_HOSTNAME'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
1476 if ($cgiparams{'ROOTCERT_HOSTNAME'} eq '') {
1477 $cgiparams{'ROOTCERT_HOSTNAME'} = $ipaddr;
1478 }
1479 }
1480 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
1481
1482 if (ref ($cgiparams{'FH'}) ne 'Fh') {
1483 $errormessage = $Lang::tr{'there was no file upload'};
1484 goto ROOTCERT_ERROR;
1485 }
1486
1487 # Move uploaded certificate request to a temporary file
1488 (my $fh, my $filename) = tempfile( );
1489 if (copy ($cgiparams{'FH'}, $fh) != 1) {
1490 $errormessage = $!;
1491 goto ROOTCERT_ERROR;
1492 }
1493
1494 # Create a temporary dirctory
1495 my $tempdir = tempdir( CLEANUP => 1 );
1496
1497 # Extract the CA certificate from the file
1498 my $pid = open(OPENSSL, "|-");
1499 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1500 if ($pid) { # parent
1501 if ($cgiparams{'P12_PASS'} ne '') {
1502 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1503 }
1504 close (OPENSSL);
1505 if ($?) {
1506 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1507 unlink ($filename);
1508 goto ROOTCERT_ERROR;
1509 }
1510 } else { # child
1511 unless (exec ('/usr/bin/openssl', 'pkcs12', '-cacerts', '-nokeys',
1512 '-in', $filename,
1513 '-out', "$tempdir/cacert.pem")) {
1514 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1515 unlink ($filename);
1516 goto ROOTCERT_ERROR;
1517 }
1518 }
1519
1520 # Extract the Host certificate from the file
1521 $pid = open(OPENSSL, "|-");
1522 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1523 if ($pid) { # parent
1524 if ($cgiparams{'P12_PASS'} ne '') {
1525 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1526 }
1527 close (OPENSSL);
1528 if ($?) {
1529 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1530 unlink ($filename);
1531 goto ROOTCERT_ERROR;
1532 }
1533 } else { # child
1534 unless (exec ('/usr/bin/openssl', 'pkcs12', '-clcerts', '-nokeys',
1535 '-in', $filename,
1536 '-out', "$tempdir/hostcert.pem")) {
1537 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1538 unlink ($filename);
1539 goto ROOTCERT_ERROR;
1540 }
1541 }
1542
1543 # Extract the Host key from the file
1544 $pid = open(OPENSSL, "|-");
1545 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1546 if ($pid) { # parent
1547 if ($cgiparams{'P12_PASS'} ne '') {
1548 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1549 }
1550 close (OPENSSL);
1551 if ($?) {
1552 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1553 unlink ($filename);
1554 goto ROOTCERT_ERROR;
1555 }
1556 } else { # child
1557 unless (exec ('/usr/bin/openssl', 'pkcs12', '-nocerts',
1558 '-nodes',
1559 '-in', $filename,
1560 '-out', "$tempdir/serverkey.pem")) {
1561 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1562 unlink ($filename);
1563 goto ROOTCERT_ERROR;
1564 }
1565 }
1566
1567 move("$tempdir/cacert.pem", "${General::swroot}/ovpn/ca/cacert.pem");
1568 if ($? ne 0) {
1569 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1570 unlink ($filename);
1571 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1572 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1573 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1574 goto ROOTCERT_ERROR;
1575 }
1576
1577 move("$tempdir/hostcert.pem", "${General::swroot}/ovpn/certs/servercert.pem");
1578 if ($? ne 0) {
1579 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1580 unlink ($filename);
1581 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1582 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1583 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1584 goto ROOTCERT_ERROR;
1585 }
1586
1587 move("$tempdir/serverkey.pem", "${General::swroot}/ovpn/certs/serverkey.pem");
1588 if ($? ne 0) {
1589 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1590 unlink ($filename);
1591 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1592 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1593 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1594 goto ROOTCERT_ERROR;
1595 }
1596
1597 goto ROOTCERT_SUCCESS;
1598
1599 } elsif ($cgiparams{'ROOTCERT_COUNTRY'} ne '') {
1600
1601 # Validate input since the form was submitted
1602 if ($cgiparams{'ROOTCERT_ORGANIZATION'} eq ''){
1603 $errormessage = $Lang::tr{'organization cant be empty'};
1604 goto ROOTCERT_ERROR;
1605 }
1606 if (length($cgiparams{'ROOTCERT_ORGANIZATION'}) >60) {
1607 $errormessage = $Lang::tr{'organization too long'};
1608 goto ROOTCERT_ERROR;
1609 }
1610 if ($cgiparams{'ROOTCERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1611 $errormessage = $Lang::tr{'invalid input for organization'};
1612 goto ROOTCERT_ERROR;
1613 }
1614 if ($cgiparams{'ROOTCERT_HOSTNAME'} eq ''){
1615 $errormessage = $Lang::tr{'hostname cant be empty'};
1616 goto ROOTCERT_ERROR;
1617 }
1618 unless (&General::validfqdn($cgiparams{'ROOTCERT_HOSTNAME'}) || &General::validip($cgiparams{'ROOTCERT_HOSTNAME'})) {
1619 $errormessage = $Lang::tr{'invalid input for hostname'};
1620 goto ROOTCERT_ERROR;
1621 }
1622 if ($cgiparams{'ROOTCERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'ROOTCERT_EMAIL'}))) {
1623 $errormessage = $Lang::tr{'invalid input for e-mail address'};
1624 goto ROOTCERT_ERROR;
1625 }
1626 if (length($cgiparams{'ROOTCERT_EMAIL'}) > 40) {
1627 $errormessage = $Lang::tr{'e-mail address too long'};
1628 goto ROOTCERT_ERROR;
1629 }
1630 if ($cgiparams{'ROOTCERT_OU'} ne '' && $cgiparams{'ROOTCERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1631 $errormessage = $Lang::tr{'invalid input for department'};
1632 goto ROOTCERT_ERROR;
1633 }
1634 if ($cgiparams{'ROOTCERT_CITY'} ne '' && $cgiparams{'ROOTCERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1635 $errormessage = $Lang::tr{'invalid input for city'};
1636 goto ROOTCERT_ERROR;
1637 }
1638 if ($cgiparams{'ROOTCERT_STATE'} ne '' && $cgiparams{'ROOTCERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1639 $errormessage = $Lang::tr{'invalid input for state or province'};
1640 goto ROOTCERT_ERROR;
1641 }
1642 if ($cgiparams{'ROOTCERT_COUNTRY'} !~ /^[A-Z]*$/) {
1643 $errormessage = $Lang::tr{'invalid input for country'};
1644 goto ROOTCERT_ERROR;
1645 }
1646
1647 # Copy the cgisettings to vpnsettings and save the configfile
1648 $vpnsettings{'ROOTCERT_ORGANIZATION'} = $cgiparams{'ROOTCERT_ORGANIZATION'};
1649 $vpnsettings{'ROOTCERT_HOSTNAME'} = $cgiparams{'ROOTCERT_HOSTNAME'};
1650 $vpnsettings{'ROOTCERT_EMAIL'} = $cgiparams{'ROOTCERT_EMAIL'};
1651 $vpnsettings{'ROOTCERT_OU'} = $cgiparams{'ROOTCERT_OU'};
1652 $vpnsettings{'ROOTCERT_CITY'} = $cgiparams{'ROOTCERT_CITY'};
1653 $vpnsettings{'ROOTCERT_STATE'} = $cgiparams{'ROOTCERT_STATE'};
1654 $vpnsettings{'ROOTCERT_COUNTRY'} = $cgiparams{'ROOTCERT_COUNTRY'};
1655 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
1656
1657 # Replace empty strings with a .
1658 (my $ou = $cgiparams{'ROOTCERT_OU'}) =~ s/^\s*$/\./;
1659 (my $city = $cgiparams{'ROOTCERT_CITY'}) =~ s/^\s*$/\./;
1660 (my $state = $cgiparams{'ROOTCERT_STATE'}) =~ s/^\s*$/\./;
1661
1662 # refresh
c6c9630e 1663 #system ('/bin/touch', "${General::swroot}/ovpn/gencanow");
6e13d0a5
MT		 1664
1665 # Create the CA certificate
1666 my $pid = open(OPENSSL, "|-");
1667 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1668 if ($pid) { # parent
1669 print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n";
1670 print OPENSSL "$state\n";
1671 print OPENSSL "$city\n";
1672 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n";
1673 print OPENSSL "$ou\n";
1674 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'} CA\n";
1675 print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n";
1676 close (OPENSSL);
1677 if ($?) {
1678 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1679 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1680 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1681 goto ROOTCERT_ERROR;
1682 }
1683 } else { # child
1684 unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
1685 '-days', '999999', '-newkey', 'rsa:2048',
1686 '-keyout', "${General::swroot}/ovpn/ca/cakey.pem",
1687 '-out', "${General::swroot}/ovpn/ca/cacert.pem",
1688 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
1689 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1690 goto ROOTCERT_ERROR;
1691 }
1692 }
1693
1694 # Create the Host certificate request
1695 $pid = open(OPENSSL, "|-");
1696 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1697 if ($pid) { # parent
1698 print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n";
1699 print OPENSSL "$state\n";
1700 print OPENSSL "$city\n";
1701 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n";
1702 print OPENSSL "$ou\n";
1703 print OPENSSL "$cgiparams{'ROOTCERT_HOSTNAME'}\n";
1704 print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n";
1705 print OPENSSL ".\n";
1706 print OPENSSL ".\n";
1707 close (OPENSSL);
1708 if ($?) {
1709 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1710 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1711 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1712 goto ROOTCERT_ERROR;
1713 }
1714 } else { # child
1715 unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
1716 '-newkey', 'rsa:1024',
1717 '-keyout', "${General::swroot}/ovpn/certs/serverkey.pem",
1718 '-out', "${General::swroot}/ovpn/certs/serverreq.pem",
1719 '-extensions', 'server',
1720 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
1721 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1722 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1723 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1724 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1725 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1726 goto ROOTCERT_ERROR;
1727 }
1728 }
1729
1730 # Sign the host certificate request
1731 system('/usr/bin/openssl', 'ca', '-days', '999999',
1732 '-batch', '-notext',
1733 '-in', "${General::swroot}/ovpn/certs/serverreq.pem",
1734 '-out', "${General::swroot}/ovpn/certs/servercert.pem",
1735 '-extensions', 'server',
1736 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf");
1737 if ($?) {
1738 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1739 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1740 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1741 unlink ("${General::swroot}/ovpn/serverkey.pem");
1742 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1743 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
c6c9630e 1744 &newcleanssldatabase();
6e13d0a5
MT		 1745 goto ROOTCERT_ERROR;
1746 } else {
1747 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
c6c9630e 1748 &deletebackupcert();
6e13d0a5
MT		 1749 }
1750
1751 # Create an empty CRL
1752 system('/usr/bin/openssl', 'ca', '-gencrl',
1753 '-out', "${General::swroot}/ovpn/crls/cacrl.pem",
1754 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" );
1755 if ($?) {
1756 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1757 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1758 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1759 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1760 unlink ("${General::swroot}/ovpn/crls/cacrl.pem");
c6c9630e 1761 &cleanssldatabase();
6e13d0a5 1762 goto ROOTCERT_ERROR;
c6c9630e
MT		 1763# } else {
1764# &cleanssldatabase();
6e13d0a5
MT		 1765 }
1766 # Create Diffie Hellmann Parameter
1767 system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache',
1768 '-out', "${General::swroot}/ovpn/ca/dh1024.pem",
1769 '1024' );
1770 if ($?) {
1771 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1772 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1773 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1774 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1775 unlink ("${General::swroot}/ovpn/crls/cacrl.pem");
1776 unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
c6c9630e 1777 &cleanssldatabase();
6e13d0a5 1778 goto ROOTCERT_ERROR;
c6c9630e
MT		 1779# } else {
1780# &cleanssldatabase();
6e13d0a5
MT		 1781 }
1782 goto ROOTCERT_SUCCESS;
1783 }
1784 ROOTCERT_ERROR:
1785 if ($cgiparams{'ACTION'} ne '') {
1786 &Header::showhttpheaders();
1787 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
1788 &Header::openbigbox('100%', 'LEFT', '', '');
1789 if ($errormessage) {
1790 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
1791 print "<class name='base'>$errormessage";
1792 print "&nbsp;</class>";
1793 &Header::closebox();
1794 }
1795 &Header::openbox('100%', 'LEFT', "$Lang::tr{'generate root/host certificates'}:");
1796 print <<END
1797 <form method='post' enctype='multipart/form-data'>
1798 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
1799 <tr><td width='30%' class='base'>$Lang::tr{'organization name'}:</td>
1800 <td width='35%' class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_ORGANIZATION' value='$cgiparams{'ROOTCERT_ORGANIZATION'}' size='32' /></td>
1801 <td width='35%' colspan='2'>&nbsp;</td></tr>
1802 <tr><td class='base'>$Lang::tr{'ipfires hostname'}:</td>
1803 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_HOSTNAME' value='$cgiparams{'ROOTCERT_HOSTNAME'}' size='32' /></td>
1804 <td colspan='2'>&nbsp;</td></tr>
1805 <tr><td class='base'>$Lang::tr{'your e-mail'}:&nbsp;<img src='/blob.gif' alt'*' /></td>
1806 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_EMAIL' value='$cgiparams{'ROOTCERT_EMAIL'}' size='32' /></td>
1807 <td colspan='2'>&nbsp;</td></tr>
1808 <tr><td class='base'>$Lang::tr{'your department'}:&nbsp;<img src='/blob.gif' alt'*' /></td>
1809 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_OU' value='$cgiparams{'ROOTCERT_OU'}' size='32' /></td>
1810 <td colspan='2'>&nbsp;</td></tr>
1811 <tr><td class='base'>$Lang::tr{'city'}:&nbsp;<img src='/blob.gif' alt'*' /></td>
1812 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_CITY' value='$cgiparams{'ROOTCERT_CITY'}' size='32' /></td>
1813 <td colspan='2'>&nbsp;</td></tr>
1814 <tr><td class='base'>$Lang::tr{'state or province'}:&nbsp;<img src='/blob.gif' alt'*' /></td>
1815 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_STATE' value='$cgiparams{'ROOTCERT_STATE'}' size='32' /></td>
1816 <td colspan='2'>&nbsp;</td></tr>
1817 <tr><td class='base'>$Lang::tr{'country'}:</td>
1818 <td class='base'><select name='ROOTCERT_COUNTRY'>
1819
1820END
1821 ;
1822 foreach my $country (sort keys %{Countries::countries}) {
1823 print "<option value='$Countries::countries{$country}'";
1824 if ( $Countries::countries{$country} eq $cgiparams{'ROOTCERT_COUNTRY'} ) {
1825 print " selected='selected'";
1826 }
1827 print ">$country</option>";
1828 }
1829 print <<END
1830 </select></td>
1831 <td colspan='2'>&nbsp;</td></tr>
1832 <tr><td>&nbsp;</td>
1833 <td><input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' /></td>
1834 <td>&nbsp;</td><td>&nbsp;</td></tr>
1835 <tr><td class='base' colspan='4' align='left'>
1836 <img src='/blob.gif' valign='top' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
1837 <tr><td class='base' colspan='4' align='left'>
1838 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
1839 $Lang::tr{'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient'}
1840 </td></tr>
1841 <tr><td colspan='4' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr>
1842 <tr><td class='base' nowrap='nowrap'>$Lang::tr{'upload p12 file'}:</td>
1843 <td nowrap='nowrap'><input type='file' name='FH' size='32'></td>
1844 <td colspan='2'>&nbsp;</td></tr>
1845 <tr><td class='base'>$Lang::tr{'pkcs12 file password'}:&nbsp;<img src='/blob.gif' alt='*' ></td>
1846 <td class='base' nowrap='nowrap'><input type='password' name='P12_PASS' value='$cgiparams{'P12_PASS'}' size='32' /></td>
1847 <td colspan='2'>&nbsp;</td></tr>
1848 <tr><td>&nbsp;</td>
1849 <td><input type='submit' name='ACTION' value='$Lang::tr{'upload p12 file'}' /></td>
1850 <td colspan='2'>&nbsp;</td></tr>
1851 <tr><td class='base' colspan='4' align='left'>
1852 <img src='/blob.gif' valign='top' al='*' >&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
1853 </form></table>
1854END
1855 ;
1856 &Header::closebox();
1857
1858 &Header::closebigbox();
1859 &Header::closepage();
1860 exit(0)
1861 }
1862
1863 ROOTCERT_SUCCESS:
1864 system ("chmod 600 ${General::swroot}/ovpn/certs/serverkey.pem");
c6c9630e
MT		 1865# if ($vpnsettings{'ENABLED'} eq 'on' ||
1866# $vpnsettings{'ENABLE_BLUE'} eq 'on') {
1867# system('/usr/local/bin/ipsecctrl', 'S');
1868# }
6e13d0a5
MT		 1869
1870###
1871### Enable/Disable connection
1872###
ce9abb66
AH		 1873
1874###
7c1d9faf 1875# m.a.d net2net
ce9abb66
AH		 1876###
1877
6e13d0a5 1878}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
c6c9630e
MT		 1879
1880 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
6e13d0a5 1881 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66
AH		 1882# my $n2nactive = '';
1883 my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk \'{print \$1}\'`;
1884
6e13d0a5 1885 if ($confighash{$cgiparams{'KEY'}}) {
2cdd0a43
AM		 1886 if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
1887 $confighash{$cgiparams{'KEY'}}[0] = 'on';
1888 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66 1889
2cdd0a43 1890 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
ce9abb66 1891 system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
2cdd0a43
AM		 1892 }
1893 } else {
ce9abb66 1894
2cdd0a43
AM		 1895 $confighash{$cgiparams{'KEY'}}[0] = 'off';
1896 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66 1897
2cdd0a43 1898 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
ce9abb66 1899 if ($n2nactive ne ''){
2cdd0a43
AM		 1900 system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
1901 }
ce9abb66 1902
2cdd0a43 1903 } else {
ce9abb66 1904 $errormessage = $Lang::tr{'invalid key'};
2cdd0a43 1905 }
ce9abb66
AH		 1906 }
1907 }
6e13d0a5
MT		 1908
1909###
1910### Download OpenVPN client package
1911###
ce9abb66
AH		 1912
1913
6e13d0a5
MT		 1914} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'dl client arch'}) {
1915 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1916 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1917 my $file = '';
1918 my $clientovpn = '';
1919 my @fileholder;
1920 my $tempdir = tempdir( CLEANUP => 1 );
1921 my $zippath = "$tempdir/";
ce9abb66
AH		 1922
1923###
7c1d9faf
AH		 1924# m.a.d net2net
1925###
ce9abb66
AH		 1926
1927if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
1928
1929 my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-Client.zip";
1930 my $zippathname = "$zippath$zipname";
1931 $clientovpn = "$confighash{$cgiparams{'KEY'}}[1].conf";
1932 my @ovsubnettemp = split(/\./,$confighash{$cgiparams{'KEY'}}[27]);
54fd0535 1933 my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
ce9abb66 1934 my $tunmtu = '';
7c1d9faf 1935 my @remsubnet = split(/\//,$confighash{$cgiparams{'KEY'}}[8]);
54fd0535 1936 my $n2nfragment = '';
ce9abb66
AH		 1937
1938 open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
1939 flock CLIENTCONF, 2;
1940
1941 my $zip = Archive::Zip->new();
7c1d9faf 1942 print CLIENTCONF "# IPFire n2n Open VPN Client Config by ummeegge und m.a.d\n";
ce9abb66 1943 print CLIENTCONF "# \n";
b278daf3 1944 print CLIENTCONF "# User Security\n";
ce9abb66
AH		 1945 print CLIENTCONF "user nobody\n";
1946 print CLIENTCONF "group nobody\n";
1947 print CLIENTCONF "persist-tun\n";
1948 print CLIENTCONF "persist-key\n";
7c1d9faf 1949 print CLIENTCONF "script-security 2\n";
60f396d7 1950 print CLIENTCONF "# IP/DNS for remote Server Gateway\n";
531f0835 1951 print CLIENTCONF "remote $vpnsettings{'VPN_IP'}\n";
b278daf3 1952 print CLIENTCONF "float\n";
60f396d7 1953 print CLIENTCONF "# IP adresses of the VPN Subnet\n";
ce9abb66 1954 print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n";
b278daf3 1955 print CLIENTCONF "# Server Gateway Network\n";
7c1d9faf 1956 print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";
b278daf3 1957 print CLIENTCONF "# tun Device\n";
ce9abb66 1958 print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\n";
60f396d7 1959 print CLIENTCONF "# Port and Protokoll\n";
ce9abb66 1960 print CLIENTCONF "port $confighash{$cgiparams{'KEY'}}[29]\n";
60f396d7
AH		 1961
1962 if ($confighash{$cgiparams{'KEY'}}[28] eq 'tcp') {
1963 print CLIENTCONF "proto tcp-client\n";
1964 print CLIENTCONF "# Packet size\n";
d96c89eb 1965 if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1400'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
60f396d7 1966 print CLIENTCONF "tun-mtu $tunmtu\n";
d96c89eb 1967 }
60f396d7
AH		 1968
1969 if ($confighash{$cgiparams{'KEY'}}[28] eq 'udp') {
1970 print CLIENTCONF "proto udp\n";
1971 print CLIENTCONF "# Paketsize\n";
1972 if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1500'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
1973 print CLIENTCONF "tun-mtu $tunmtu\n";
54fd0535 1974 if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";}
60f396d7 1975 if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";}
d96c89eb 1976 }
54fd0535 1977 print CLIENTCONF "ns-cert-type server\n";
ce9abb66
AH		 1978 print CLIENTCONF "# Auth. Client\n";
1979 print CLIENTCONF "tls-client\n";
b278daf3 1980 print CLIENTCONF "# Cipher\n";
ce9abb66
AH		 1981 print CLIENTCONF "cipher AES-256-CBC\n";
1982 if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
1983 print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n";
1984 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
1985 }
ce9abb66 1986 if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') {
b278daf3 1987 print CLIENTCONF "# Enable Compression\n";
ce9abb66 1988 print CLIENTCONF "comp-lzo\r\n";
b278daf3 1989 }
ce9abb66
AH		 1990 print CLIENTCONF "# Debug Level\n";
1991 print CLIENTCONF "verb 3\n";
b278daf3 1992 print CLIENTCONF "# Tunnel check\n";
ce9abb66 1993 print CLIENTCONF "keepalive 10 60\n";
b278daf3 1994 print CLIENTCONF "# Start as daemon\n";
ce9abb66
AH		 1995 print CLIENTCONF "daemon $confighash{$cgiparams{'KEY'}}[1]n2n\n";
1996 print CLIENTCONF "writepid /var/run/$confighash{$cgiparams{'KEY'}}[1]n2n.pid\n";
b278daf3 1997 print CLIENTCONF "# Activate Management Interface and Port\n";
54fd0535
MT		 1998 if ($confighash{$cgiparams{'KEY'}}[22] eq '') {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[29]\n"}
1999 else {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[22]\n"};
ce9abb66 2000 print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n";
531f0835 2001
ce9abb66
AH		 2002
2003 close(CLIENTCONF);
2004
2005 $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
2006 my $status = $zip->writeToFileNamed($zippathname);
2007
2008 open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!";
2009 @fileholder = <DLFILE>;
2010 print "Content-Type:application/x-download\n";
2011 print "Content-Disposition:attachment;filename=$zipname\n\n";
2012 print @fileholder;
2013 exit (0);
2014}
2015else
2016{
2017 my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip";
2018 my $zippathname = "$zippath$zipname";
2019 $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn";
2020
2021###
7c1d9faf 2022# m.a.d net2net
ce9abb66
AH		 2023###
2024
c6c9630e 2025 open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
6e13d0a5
MT		 2026 flock CLIENTCONF, 2;
2027
2028 my $zip = Archive::Zip->new();
2029
2cdd0a43 2030 print CLIENTCONF "#OpenVPN Client conf\r\n";
6e13d0a5
MT		 2031 print CLIENTCONF "tls-client\r\n";
2032 print CLIENTCONF "client\r\n";
2cdd0a43 2033 print CLIENTCONF "nobind\n";
6e13d0a5 2034 print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n";
c6c9630e 2035 print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n";
6e13d0a5
MT		 2036 print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n";
2037 if ( $vpnsettings{'ENABLED'} eq 'on'){
2038 print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n";
c6c9630e
MT		 2039 if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){
2040 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Blue interface\r\n";
2041 print CLIENTCONF ";remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2042 }
2043 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2044 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n";
2045 print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2046 }
2047 } elsif ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){
2048 print CLIENTCONF "remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2049 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2050 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n";
2051 print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2052 }
2053 } elsif ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2054 print CLIENTCONF "remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
6e13d0a5
MT		 2055 }
2056
2057 if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
c6c9630e
MT		 2058 print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n";
2059 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
6e13d0a5 2060 } else {
c6c9630e
MT		 2061 print CLIENTCONF "ca cacert.pem\r\n";
2062 print CLIENTCONF "cert $confighash{$cgiparams{'KEY'}}[1]cert.pem\r\n";
2063 print CLIENTCONF "key $confighash{$cgiparams{'KEY'}}[1].key\r\n";
2064 $zip->addFile( "${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
2065 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n";
6e13d0a5
MT		 2066 }
2067 print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
2068 if ($vpnsettings{DCOMPLZO} eq 'on') {
2069 print CLIENTCONF "comp-lzo\r\n";
2070 }
2071 print CLIENTCONF "verb 3\r\n";
2072 print CLIENTCONF "ns-cert-type server\r\n";
a79fa1d6
JPT		 2073 print CLIENTCONF "tls-remote $vpnsettings{ROOTCERT_HOSTNAME}\r\n";
2074 if ($vpnsettings{MSSFIX} eq 'on') {
2075 print CLIENTCONF "mssfix\r\n";
2076 }
74225cce 2077 if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) {
a79fa1d6
JPT		 2078 print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
2079 }
6e13d0a5 2080 close(CLIENTCONF);
ce9abb66 2081
6e13d0a5
MT		 2082 $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
2083 my $status = $zip->writeToFileNamed($zippathname);
2084
2085 open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!";
2086 @fileholder = <DLFILE>;
2087 print "Content-Type:application/x-download\n";
2088 print "Content-Disposition:attachment;filename=$zipname\n\n";
2089 print @fileholder;
2090 exit (0);
ce9abb66
AH		 2091 }
2092
2093
2094
6e13d0a5
MT		 2095###
2096### Remove connection
2097###
ce9abb66
AH		 2098
2099
6e13d0a5
MT		 2100} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
2101 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2102 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e
MT		 2103
2104 if ($confighash{$cgiparams{'KEY'}}) {
2105# if ($vpnsettings{'ENABLED'} eq 'on' ||
2106# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
2107# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
2108# }
2109#
2110 my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
ce9abb66
AH		 2111
2112###
7c1d9faf 2113# m.a.d net2net
ce9abb66 2114###
7c1d9faf 2115
ce9abb66
AH		 2116 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
2117
2118 my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
2119 my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
2120 unlink ($certfile) or die "Removing $certfile fail: $!";
2121 unlink ($conffile) or die "Removing $conffile fail: $!";
2122 rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
2123
2124}
ce9abb66
AH		 2125
2126 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
2cdd0a43
AM		 2127 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
2128############
2129#A.Marx CCD# delete ccd files and routes
2130############
2131
2132 if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]")
2133 {
2134 unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]";
2135 }
2136 my %ccdroutehash=();
2137 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
2138 foreach my $key (keys %ccdroutehash) {
2139 if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
2140 delete $ccdroutehash{$key};
2141 }
2142 }
2143 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
2144 my %ccdroute2hash=();
2145 &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
2146 foreach my $key (keys %ccdroute2hash) {
2147 if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
2148 delete $ccdroute2hash{$key};
2149 }
2150 }
2151 &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
2152
2153
2154
2155#CCD END
2156###########
2157
c6c9630e
MT		 2158 delete $confighash{$cgiparams{'KEY'}};
2159 my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
2160 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2cdd0a43 2161
c6c9630e 2162 #&writeserverconf();
6e13d0a5 2163 } else {
c6c9630e 2164 $errormessage = $Lang::tr{'invalid key'};
6e13d0a5 2165 }
ce9abb66
AH		 2166
2167
6e13d0a5
MT		 2168###
2169### Download PKCS12 file
2170###
2171} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download pkcs12 file'}) {
2172 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2173
2174 print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . ".p12\r\n";
2175 print "Content-Type: application/octet-stream\r\n\r\n";
2176 print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12`;
2177 exit (0);
2178
2179###
2180### Display certificate
2181###
2182} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show certificate'}) {
2183 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2184
2185 if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
c6c9630e
MT		 2186 &Header::showhttpheaders();
2187 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
2188 &Header::openbigbox('100%', 'LEFT', '', '');
2189 &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:");
2190 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
2191 $output = &Header::cleanhtml($output,"y");
2192 print "<pre>$output</pre>\n";
2193 &Header::closebox();
2194 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2195 &Header::closebigbox();
2196 &Header::closepage();
2197 exit(0);
6e13d0a5
MT		 2198 }
2199###
2200### Display Certificate Revoke List
2201###
2202} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show crl'}) {
c6c9630e
MT		 2203# &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2204
6e13d0a5 2205 if ( -f "${General::swroot}/ovpn/crls/cacrl.pem") {
c6c9630e
MT		 2206 &Header::showhttpheaders();
2207 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
2208 &Header::openbigbox('100%', 'LEFT', '', '');
2209 &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
2210 my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`;
2211 $output = &Header::cleanhtml($output,"y");
2212 print "<pre>$output</pre>\n";
2213 &Header::closebox();
2214 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2215 &Header::closebigbox();
2216 &Header::closepage();
2217 exit(0);
6e13d0a5
MT		 2218 }
2219
2220###
2221### Advanced Server Settings
2222###
2223
2224} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'advanced server'}) {
2225 %cgiparams = ();
2226 %cahash = ();
2227 %confighash = ();
2228 &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
54fd0535 2229 read_routepushfile;
6e13d0a5 2230
c6c9630e
MT		 2231# if ($cgiparams{'CLIENT2CLIENT'} eq '') {
2232# $cgiparams{'CLIENT2CLIENT'} = 'on';
2233# }
6e13d0a5
MT		 2234ADV_ERROR:
2235 if ($cgiparams{'MAX_CLIENTS'} eq '') {
c6c9630e 2236 $cgiparams{'MAX_CLIENTS'} = '100';
6e13d0a5 2237 }
6e13d0a5 2238 if ($cgiparams{'KEEPALIVE_1'} eq '') {
c6c9630e 2239 $cgiparams{'KEEPALIVE_1'} = '10';
6e13d0a5
MT		 2240 }
2241 if ($cgiparams{'KEEPALIVE_2'} eq '') {
c6c9630e 2242 $cgiparams{'KEEPALIVE_2'} = '60';
6e13d0a5
MT		 2243 }
2244 if ($cgiparams{'LOG_VERB'} eq '') {
ae9f6139
MT		 2245 $cgiparams{'LOG_VERB'} = '3';
2246 }
6e13d0a5
MT		 2247 $checked{'CLIENT2CLIENT'}{'off'} = '';
2248 $checked{'CLIENT2CLIENT'}{'on'} = '';
2249 $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
2250 $checked{'REDIRECT_GW_DEF1'}{'off'} = '';
2251 $checked{'REDIRECT_GW_DEF1'}{'on'} = '';
2252 $checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED';
a79fa1d6
JPT		 2253 $selected{'ENGINES'}{$cgiparams{'ENGINES'}} = 'SELECTED';
2254 $checked{'MSSFIX'}{'off'} = '';
2255 $checked{'MSSFIX'}{'on'} = '';
2256 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
6e13d0a5
MT		 2257 $selected{'LOG_VERB'}{'1'} = '';
2258 $selected{'LOG_VERB'}{'2'} = '';
2259 $selected{'LOG_VERB'}{'3'} = '';
2260 $selected{'LOG_VERB'}{'4'} = '';
2261 $selected{'LOG_VERB'}{'5'} = '';
2262 $selected{'LOG_VERB'}{'6'} = '';
2263 $selected{'LOG_VERB'}{'7'} = '';
2264 $selected{'LOG_VERB'}{'8'} = '';
2265 $selected{'LOG_VERB'}{'9'} = '';
2266 $selected{'LOG_VERB'}{'10'} = '';
2267 $selected{'LOG_VERB'}{'11'} = '';
2268 $selected{'LOG_VERB'}{'0'} = '';
2269 $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
a79fa1d6
JPT		 2270
2271
6e13d0a5
MT		 2272
2273 &Header::showhttpheaders();
2274 &Header::openpage($Lang::tr{'status ovpn'}, 1, '');
2275 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
2276 if ($errormessage) {
c6c9630e
MT		 2277 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2278 print "<class name='base'>$errormessage\n";
2279 print "&nbsp;</class>\n";
2280 &Header::closebox();
6e13d0a5
MT		 2281 }
2282 &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'});
2283 print <<END
2284 <form method='post' enctype='multipart/form-data'>
2cdd0a43 2285 <table width='100%' border=0>
6e13d0a5
MT		 2286 <tr>
2287 <td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
2288 </tr>
2289 <tr>
2290 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
2291 </tr>
2292 <tr>
2293 <td class='base'>Domain</td>
2294 <td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30' /></td>
2295 </tr>
2296 <tr>
2297 <td class='base'>DNS</td>
2298 <td><input type='TEXT' name='DHCP_DNS' value='$cgiparams{'DHCP_DNS'}' size='30' /></td>
2299 </tr>
2300 <tr>
2301 <td class='base'>WINS</td>
2302 <td><input type='TEXT' name='DHCP_WINS' value='$cgiparams{'DHCP_WINS'}' size='30' /></td>
54fd0535
MT		 2303 </tr>
2304 <tr>
2305 <td colspan='4'><b>$Lang::tr{'ovpn routes push options'}</b></td>
2306 </tr>
2307 <tr>
2308 <td class='base'>$Lang::tr{'ovpn routes push'}</td>
2309 <td colspan='2'>
2310 <textarea name='ROUTES_PUSH' cols='26' rows='6' wrap='off'>
2311END
2312;
2313
2314if ($cgiparams{'ROUTES_PUSH'} ne '')
2315{
2316 print $cgiparams{'ROUTES_PUSH'};
2317}
2318
2319print <<END
2320</textarea></td>
2321</tr>
6e13d0a5
MT		 2322 </tr>
2323</table>
2324<hr size='1'>
6e13d0a5
MT		 2325 <table width='100%'>
2326 <tr>
2327 <td class'base'><b>$Lang::tr{'misc-options'}</b></td>
2328 </tr>
2329 <tr>
a79fa1d6 2330 <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='50%'></td>
6e13d0a5
MT		 2331 </tr>
2332 <tr>
2333 <td class='base'>Client-To-Client</td>
2334 <td><input type='checkbox' name='CLIENT2CLIENT' $checked{'CLIENT2CLIENT'}{'on'} /></td>
2335 </tr>
2336 <tr>
2337 <td class='base'>Redirect-Gateway def1</td>
2338 <td><input type='checkbox' name='REDIRECT_GW_DEF1' $checked{'REDIRECT_GW_DEF1'}{'on'} /></td>
2339 </tr>
2340 <tr>
2341 <td class='base'>Max-Clients</td>
a79fa1d6 2342 <td><input type='text' name='MAX_CLIENTS' value='$cgiparams{'MAX_CLIENTS'}' size='10' /></td>
6e13d0a5 2343 </tr>
a79fa1d6
JPT		 2344 <tr>
2345 <td class='base'>Keppalive <br />
2346 (ping/ping-restart)</td>
2347 <td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='10' /></td>
2348 <td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='10' /></td>
2349 </tr>
2350 <tr>
2351 <td class='base'>fragment <br></td>
2352 <td><input type='TEXT' name='FRAGMENT' value='$cgiparams{'FRAGMENT'}' size='10' /></td>
60f396d7
AH		 2353 <td>Default: <span class="base">1300</span></td>
2354 </tr>
a79fa1d6
JPT		 2355 <tr>
2356 <td class='base'>mssfix</td>
2357 <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
2358 <td>Default: on</td>
2359 </tr>
2360</table>
2361
2362<!--
2363<hr size='1'>
2364 <table width='100%'>
2365 <tr>
2366 <td class'base'><b>Crypto-Engines</b></td>
2367 </tr>
2368 <tr>
2369 <td width='15%'></td> <td width='30%'> </td><td width='25%'> </td><td width='30%'></td>
6e13d0a5 2370 </tr>
a79fa1d6
JPT		 2371 <tr><td class='base'>Engines:</td>
2372 <td><select name='ENGINES'><option value="none" $selected{'ENGINES'}{'none'}>none</option>
2373 <option value="cryptodev" $selected{'ENGINES'}{'cryptodev'}>cryptodev</option>
2374 <option value="padlock" $selected{'ENGINES'}{'padlock'}>padlock</option>
2375 </select>
2376 </td>
6e13d0a5 2377</table>
a79fa1d6 2378-->
6e13d0a5
MT		 2379<hr size='1'>
2380 <table width='100%'>
2381 <tr>
2382 <td class'base'><b>$Lang::tr{'log-options'}</b></td>
2383 </tr>
2384 <tr>
a79fa1d6 2385 <td width='15%'></td> <td width='30%'> </td><td width='25%'> </td><td width='30%'></td>
6e13d0a5
MT		 2386 </tr>
2387
2388 <tr><td class='base'>VERB</td>
2389 <td><select name='LOG_VERB'><option value='1' $selected{'LOG_VERB'}{'1'}>1</option>
2390 <option value='2' $selected{'LOG_VERB'}{'2'}>2</option>
2391 <option value='3' $selected{'LOG_VERB'}{'3'}>3</option>
2392 <option value='4' $selected{'LOG_VERB'}{'4'}>4</option>
2393 <option value='5' $selected{'LOG_VERB'}{'5'}>5</option>
2394 <option value='6' $selected{'LOG_VERB'}{'6'}>6</option>
2395 <option value='7' $selected{'LOG_VERB'}{'7'}>7</option>
2396 <option value='8' $selected{'LOG_VERB'}{'8'}>8</option>
2397 <option value='9' $selected{'LOG_VERB'}{'9'}>9</option>
2398 <option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
2399 <option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
c6c9630e 2400 <option value='0' $selected{'LOG_VERB'}{'0'}>0</option></select></td>
6e13d0a5
MT		 2401</table>
2402<hr size='1'>
2403<table width='100%'>
2404<tr>
2405 <td>&nbsp;</td>
2406 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' /></td>
2407 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
2408 <td>&nbsp;</td>
2409</tr>
2410</table>
2411</form>
2412END
2413;
2414
2415 &Header::closebox();
c6c9630e 2416# print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
6e13d0a5
MT		 2417 &Header::closebigbox();
2418 &Header::closepage();
2419 exit(0);
2420
2cdd0a43
AM		 2421###########
2422#A.Marx CCD Add,delete CCD net
2423###########
2424} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ccd net'} ||
2425 $cgiparams{'ACTION'} eq $Lang::tr{'ccd add'} ||
2426 $cgiparams{'ACTION'} eq "kill" ||
2427 $cgiparams{'ACTION'} eq "edit" ||
2428 $cgiparams{'ACTION'} eq $Lang::tr{'ccd modify'}){
2429 &Header::showhttpheaders();
2430 &Header::openpage($Lang::tr{'ccd net'}, 1, '');
2431 &Header::openbigbox('100%', 'LEFT', '', '');
2432
2433 if ($cgiparams{'ACTION'} eq "kill"){
2434 &delccdnet($cgiparams{'net'});
2435 }
2436
2437 if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd modify'}){
2438 my ($a,$b) =split (/\|/,$cgiparams{'ccdname'});
2439 if ( $a ne $b){ &modccdnet($a,$b);}
2440 }
2441
2442 if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) {
2443 &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'},$cgiparams{'DOVPN_SUBNET'});
2444 }
2445 if ($errormessage) {
2446 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2447 print "<class name='base'>$errormessage";
2448 print "&nbsp;</class>";
2449 &Header::closebox();
2450 }
2451if ($cgiparams{'ACTION'} eq "edit"){
2452 &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'});
2453 print <<END
2454 <table width='100%' border=0>
2455 <tr><form method='post'>
2456 <td width='10%'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
2457 <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' readonly /></td></tr>
2458
2459 <tr><td colspan='4' align='right'><hr><input type='submit' name='ACTION' value='$Lang::tr{'ccd modify'}' />
2460 <input type='hidden' name='ccdname' value='$cgiparams{'ccdname'}'/>
2461 </td></tr>
2462 </table></form>
2463END
2464;
2465 &Header::closebox();
2466 &Header::openbox('100%', 'LEFT', );
2467 print <<END
2468 <table width='100%' border='0' cellpadding='0' cellspacing='1'>
2469 <tr>
2470 <td class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td></td><td class='boldbase' align='center'><b>$Lang::tr{'ccd net'}</td><td class='boldbase' width='15%' align='center'><b>$Lang::tr{'ccd maxclients'}</td><td class='boldbase' width='15%' align='center'><b>$Lang::tr{'ccd used'}</td><td width='3%'></td><td width='3%'></td></tr>
2471END
2472;
2473}
2474else{
2475 $cgiparams{'ccdname'}='';
2476 $cgiparams{'ccdsubnet'}='';
2477 &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd add'});
2478 print <<END
2479 <table width='100%' border='0'>
2480 <tr><form method='post'>
2481 <td colspan='4'>$Lang::tr{'ccd hint'}<br><br></td></tr>
2482 <tr>
2483 <td width='10%'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
2484 <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' /></td></tr>
2485 <tr><td colspan=4><hr /></td></tr><tr>
2486 <td colspan='4' align='right'><input type='hidden' name='ACTION' value='$Lang::tr{'ccd add'}' /><input type='submit' value='$Lang::tr{'add'}' /><input type='hidden' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}'/></td></tr>
2487 </table></form>
2488END
2489;
2490 &Header::closebox();
2491 &Header::openbox('100%', 'LEFT', );
2492 print <<END
2493 <table width='100%' border='0' cellpadding='0' cellspacing='1'>
2494 <tr>
2495 <td class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td></td><td class='boldbase' align='center'><b>$Lang::tr{'ccd net'}</td><td class='boldbase' width='15%' align='center'><b>$Lang::tr{'ccd maxclients'}</td><td class='boldbase' width='15%' align='center'><b>$Lang::tr{'ccd used'}</td><td width='3%'></td><td width='3%'></td></tr>
2496END
2497;
2498}
2499 my %ccdconfhash=();
2500 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
2501 my @ccdconf=();
2502 my $count=0;
2503 foreach my $key (keys %ccdconfhash) {
2504 @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
2505 $count++;
2506 my $ccdhosts = &hostsinnet($ccdconf[0]);
2507 if ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";}
2508 else{ print" <tr bgcolor='$color{'color20'}'>";}
2509 print"<td>$ccdconf[0]</td><td></td><td>$ccdconf[1]</td><td align='center'>".&ccdmaxclients($ccdconf[1])."</td><td align='center'>$ccdhosts</td><td>";
2510print <<END
2511 <form method='post' />
2512 <input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} />
2513 <input type='hidden' name='ACTION' value='edit'/>
2514 <input type='hidden' name='ccdname' value='$ccdconf[0]' />
2515 <input type='hidden' name='ccdsubnet' value='$ccdconf[1]' />
2516 </form></td>
2517 <form method='post' />
2518 <td><input type='hidden' name='ACTION' value='kill'/>
2519 <input type='hidden' name='number' value='$count' />
2520 <input type='hidden' name='net' value='$ccdconf[0]' />
2521 <input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'remove'} title=$Lang::tr{'remove'} /></form></td></tr>
2522END
2523;
2524 }
2525 print "</table></form>";
2526 &Header::closebox();
2527 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2528 &Header::closebigbox();
2529 &Header::closepage();
2530 exit(0);
2531
2532#END CCD----------------------------------------------------------------
2533
6e13d0a5
MT		 2534###
2535### Openvpn Connections Statistics
2536###
2537} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ovpn con stat'}) {
2538 &Header::showhttpheaders();
2539 &Header::openpage($Lang::tr{'ovpn con stat'}, 1, '');
2540 &Header::openbigbox('100%', 'LEFT', '', '');
2541 &Header::openbox('100%', 'LEFT', $Lang::tr{'ovpn con stat'});
2542
2543#
2544# <td><b>$Lang::tr{'protocol'}</b></td>
2545# protocol temp removed
2546 print <<END
2547 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
2548 <tr>
2549 <td><b>$Lang::tr{'common name'}</b></td>
2550 <td><b>$Lang::tr{'real address'}</b></td>
2551 <td><b>$Lang::tr{'virtual address'}</b></td>
2552 <td><b>$Lang::tr{'loged in at'}</b></td>
2553 <td><b>$Lang::tr{'bytes sent'}</b></td>
2554 <td><b>$Lang::tr{'bytes received'}</b></td>
2555 <td><b>$Lang::tr{'last activity'}</b></td>
2556 </tr>
2557END
2558;
4e17adad 2559 my $filename = "/var/log/ovpnserver.log";
6e13d0a5
MT		 2560 open(FILE, $filename) or die 'Unable to open config file.';
2561 my @current = <FILE>;
2562 close(FILE);
2563 my @users =();
2564 my $status;
2565 my $uid = 0;
2566 my $cn;
2567 my @match = ();
2568 my $proto = "udp";
2569 my $address;
2570 my %userlookup = ();
2571 foreach my $line (@current)
2572 {
2573 chomp($line);
2574 if ( $line =~ /^Updated,(.+)/){
2575 @match = split( /^Updated,(.+)/, $line);
2576 $status = $match[1];
2577 }
c6c9630e 2578#gian
6e13d0a5
MT		 2579 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
2580 @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
2581 if ($match[1] ne "Common Name") {
2582 $cn = $match[1];
2583 $userlookup{$match[2]} = $uid;
2584 $users[$uid]{'CommonName'} = $match[1];
2585 $users[$uid]{'RealAddress'} = $match[2];
c6c9630e
MT		 2586 $users[$uid]{'BytesReceived'} = &sizeformat($match[3]);
2587 $users[$uid]{'BytesSent'} = &sizeformat($match[4]);
6e13d0a5
MT		 2588 $users[$uid]{'Since'} = $match[5];
2589 $users[$uid]{'Proto'} = $proto;
2590 $uid++;
2591 }
2592 }
2593 if ( $line =~ /^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/) {
2594 @match = split(m/^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/, $line);
2595 if ($match[1] ne "Virtual Address") {
2596 $address = $match[3];
2597 #find the uid in the lookup table
2598 $uid = $userlookup{$address};
2599 $users[$uid]{'VirtualAddress'} = $match[1];
2600 $users[$uid]{'LastRef'} = $match[4];
2601 }
2602 }
2603 }
2604 my $user2 = @users;
2605 if ($user2 >= 1){
2606 for (my $idx = 1; $idx <= $user2; $idx++){
2607 if ($idx % 2) {
4e17adad 2608 print "<tr bgcolor='$color{'color20'}'>\n";
6e13d0a5 2609 } else {
4e17adad 2610 print "<tr bgcolor='$color{'color22'}'>\n";
6e13d0a5
MT		 2611 }
2612 print "<td align='left'>$users[$idx-1]{'CommonName'}</td>";
2613 print "<td align='left'>$users[$idx-1]{'RealAddress'}</td>";
2614 print "<td align='left'>$users[$idx-1]{'VirtualAddress'}</td>";
2615 print "<td align='left'>$users[$idx-1]{'Since'}</td>";
2616 print "<td align='left'>$users[$idx-1]{'BytesSent'}</td>";
2617 print "<td align='left'>$users[$idx-1]{'BytesReceived'}</td>";
2618 print "<td align='left'>$users[$idx-1]{'LastRef'}</td>";
2619# print "<td align='left'>$users[$idx-1]{'Proto'}</td>";
2620 }
2621 }
2622
2623 print "</table>";
2624 print <<END
2625 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
2626 <tr><td></td></tr>
2627 <tr><td></td></tr>
2628 <tr><td></td></tr>
2629 <tr><td></td></tr>
2630 <tr><td align='center' >$Lang::tr{'the statistics were last updated at'} <b>$status</b></td></tr>
2631 </table>
2632END
2633;
2634 &Header::closebox();
2635 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2636 &Header::closebigbox();
2637 &Header::closepage();
2638 exit(0);
2639
2640###
2641### Download Certificate
2642###
2643} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download certificate'}) {
2644 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 2645
6e13d0a5 2646 if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
c6c9630e
MT		 2647 print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\r\n";
2648 print "Content-Type: application/octet-stream\r\n\r\n";
2649 print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
2650 exit (0);
2651 }
2652
2653###
2654### Enable/Disable connection
2655###
ce9abb66 2656
c6c9630e
MT		 2657} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
2658
2659 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2660 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2661
2662 if ($confighash{$cgiparams{'KEY'}}) {
ce9abb66 2663 if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
c6c9630e
MT		 2664 $confighash{$cgiparams{'KEY'}}[0] = 'on';
2665 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2666 #&writeserverconf();
2667# if ($vpnsettings{'ENABLED'} eq 'on' ||
2668# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
2669# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
2670# }
2671 } else {
2672 $confighash{$cgiparams{'KEY'}}[0] = 'off';
2673# if ($vpnsettings{'ENABLED'} eq 'on' ||
2674# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
2675# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
2676# }
2677 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2678 #&writeserverconf();
2679 }
2680 } else {
2681 $errormessage = $Lang::tr{'invalid key'};
6e13d0a5
MT		 2682 }
2683
2684###
2685### Restart connection
2686###
2687} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'restart'}) {
2688 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2689 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2690
2691 if ($confighash{$cgiparams{'KEY'}}) {
c6c9630e
MT		 2692# if ($vpnsettings{'ENABLED'} eq 'on' ||
2693# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
2694# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
2695# }
6e13d0a5 2696 } else {
c6c9630e 2697 $errormessage = $Lang::tr{'invalid key'};
6e13d0a5
MT		 2698 }
2699
2700###
c6c9630e 2701### Remove connection
6e13d0a5 2702###
c6c9630e
MT		 2703} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
2704 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2705 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2706
2707 if ($confighash{$cgiparams{'KEY'}}) {
2708# if ($vpnsettings{'ENABLED'} eq 'on' ||
2709# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
2710# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
2711# }
2712 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
2713 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
2714 delete $confighash{$cgiparams{'KEY'}};
2715 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2716 #&writeserverconf();
2717 } else {
2718 $errormessage = $Lang::tr{'invalid key'};
2719 }
ce9abb66
AH		 2720#test33
2721
2722###
2723### Choose between adding a host-net or net-net connection
2724###
2725
2726###
7c1d9faf 2727# m.a.d net2net
ce9abb66
AH		 2728###
2729
2730} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') {
2731 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2732 &Header::showhttpheaders();
2733 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
2734 &Header::openbigbox('100%', 'LEFT', '', '');
2735 &Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'});
b278daf3
AH		 2736
2737if ( -s "${General::swroot}/ovpn/settings") {
2738
ce9abb66
AH		 2739 print <<END
2740 <b>$Lang::tr{'connection type'}:</b><br />
2cdd0a43 2741 <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
ce9abb66
AH		 2742 <tr><td><input type='radio' name='TYPE' value='host' checked /></td>
2743 <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
2744 <tr><td><input type='radio' name='TYPE' value='net' /></td>
2745 <td class='base'>$Lang::tr{'net to net vpn'}</td></tr>
2746 <tr><td><input type='radio' name='TYPE' value='net2net' /></td>
2747 <td class='base'>$Lang::tr{'net to net vpn'} (Upload Client Package)</td></tr>
2748 <tr><td>&nbsp;</td><td class='base'><input type='file' name='FH' size='30'></td></tr>
54fd0535 2749 <tr><td>&nbsp;</td><td>Import Connection Name <img src='/blob.gif' /></td></tr>
2cdd0a43 2750 <tr><td>&nbsp;</td><td class='base'><input type='text' name='n2nname' size='30'>Default : Client Packagename</td></tr>
54fd0535 2751 <tr><td colspan='3'><hr /></td></tr>
2cdd0a43 2752 <tr><td align='right' colspan='3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
54fd0535 2753 <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
ce9abb66
AH		 2754 </form></table>
2755END
2756 ;
2cdd0a43 2757
ce9abb66 2758
b278daf3
AH		 2759} else {
2760 print <<END
2761 <b>$Lang::tr{'connection type'}:</b><br />
2cdd0a43 2762 <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
b278daf3 2763 <tr><td><input type='radio' name='TYPE' value='host' checked /></td> <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
2cdd0a43 2764 <tr><td align='right' colspan'3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
b278daf3
AH		 2765 </form></table>
2766END
2767 ;
2768
2769}
2770
ce9abb66
AH		 2771 &Header::closebox();
2772 &Header::closebigbox();
2773 &Header::closepage();
2774 exit (0);
2775
2776###
7c1d9faf 2777# m.a.d net2net
ce9abb66
AH		 2778###
2779
2780} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2net')){
2781
2782 my @firen2nconf;
2783 my @confdetails;
2784 my $uplconffilename ='';
54fd0535 2785 my $uplconffilename2 ='';
ce9abb66 2786 my $uplp12name = '';
54fd0535 2787 my $uplp12name2 = '';
ce9abb66
AH		 2788 my @rem_subnet;
2789 my @rem_subnet2;
2790 my @tmposupnet3;
2791 my $key;
54fd0535 2792 my @n2nname;
ce9abb66
AH		 2793
2794 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2795
2796# Check if a file is uploaded
2797
2798 if (ref ($cgiparams{'FH'}) ne 'Fh') {
2799 $errormessage = $Lang::tr{'there was no file upload'};
2800 goto N2N_ERROR;
2801 }
2802
2803# Move uploaded IPfire n2n package to temporary file
2804
2805 (my $fh, my $filename) = tempfile( );
2806 if (copy ($cgiparams{'FH'}, $fh) != 1) {
2807 $errormessage = $!;
2808 goto N2N_ERROR;
2809 }
2810
2811 my $zip = Archive::Zip->new();
2812 my $zipName = $filename;
2813 my $status = $zip->read( $zipName );
2814 if ($status != AZ_OK) {
2815 $errormessage = "Read of $zipName failed\n";
2816 goto N2N_ERROR;
2817 }
2818
2819 my $tempdir = tempdir( CLEANUP => 1 );
2820 my @files = $zip->memberNames();
2821 for(@files) {
2822 $zip->extractMemberWithoutPaths($_,"$tempdir/$_");
2823 }
2824 my $countfiles = @files;
2825
2826# Check if we have not more then 2 files
2827
2828 if ( $countfiles == 2){
2829 foreach (@files){
2830 if ( $_ =~ /.conf$/){
2831 $uplconffilename = $_;
2832 }
2833 if ( $_ =~ /.p12$/){
2834 $uplp12name = $_;
2835 }
2836 }
2837 if (($uplconffilename eq '') || ($uplp12name eq '')){
2838 $errormessage = "Either no *.conf or no *.p12 file found\n";
2839 goto N2N_ERROR;
2840 }
2841
2842 open(FILE, "$tempdir/$uplconffilename") or die 'Unable to open*.conf file';
2843 @firen2nconf = <FILE>;
2844 close (FILE);
2845 chomp(@firen2nconf);
2846
2847 } else {
2848
2849 $errormessage = "Filecount does not match only 2 files are allowed\n";
2850 goto N2N_ERROR;
2851 }
2852
7c1d9faf
AH		 2853###
2854# m.a.d net2net
ce9abb66 2855###
54fd0535
MT		 2856
2857 if ($cgiparams{'n2nname'} ne ''){
2858
2859 $uplconffilename2 = "$cgiparams{'n2nname'}.conf";
2860 $uplp12name2 = "$cgiparams{'n2nname'}.p12";
2861 $n2nname[0] = $cgiparams{'n2nname'};
2862 my @n2nname2 = split(/\./,$uplconffilename);
2863 $n2nname2[0] =~ s/\n|\r//g;
2864 my $input1 = "${General::swroot}/ovpn/certs/$uplp12name";
2865 my $output1 = "${General::swroot}/ovpn/certs/$uplp12name2";
2866 my $input2 = "$n2nname2[0]n2n";
2867 my $output2 = "$n2nname[0]n2n";
2868 my $filename = "$tempdir/$uplconffilename";
2869 open(FILE, "< $filename") or die 'Unable to open config file.';
2870 my @current = <FILE>;
2871 close(FILE);
2872 foreach (@current) {s/$input1/$output1/g;}
2873 foreach (@current) {s/$input2/$output2/g;}
2874 open (OUT, "> $filename") || die 'Unable to open config file.';
2875 print OUT @current;
2876 close OUT;
ce9abb66 2877
54fd0535
MT		 2878 }else{
2879 $uplconffilename2 = $uplconffilename;
2880 $uplp12name2 = $uplp12name;
2881 @n2nname = split(/\./,$uplconffilename);
ce9abb66 2882 $n2nname[0] =~ s/\n|\r//g;
54fd0535 2883 }
7c1d9faf
AH		 2884 unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
2885 unless(-d "${General::swroot}/ovpn/n2nconf/$n2nname[0]"){mkdir "${General::swroot}/ovpn/n2nconf/$n2nname[0]", 0770 or die "Unable to create dir $!";}
ce9abb66 2886
54fd0535 2887 move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2");
ce9abb66
AH		 2888
2889 if ($? ne 0) {
2890 $errormessage = "*.conf move failed: $!";
2891 unlink ($filename);
2892 goto N2N_ERROR;
2893 }
2894
54fd0535 2895 move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name2");
b278daf3
AH		 2896 chmod 0600, "${General::swroot}/ovpn/certs/$uplp12name";
2897
ce9abb66
AH		 2898 if ($? ne 0) {
2899 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
2900 unlink ($filename);
2901 goto N2N_ERROR;
2902 }
2903
2904my $complzoactive;
d96c89eb
AH		 2905my $mssfixactive;
2906my $n2nfragment;
60f396d7 2907my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
54fd0535 2908my @n2nproto = split(/-/, $n2nproto2[1]);
ce9abb66
AH		 2909my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]);
2910my @n2ntunmtu = split(/ /, (grep { /^tun-mtu/ } @firen2nconf)[0]);
2911my @n2ncomplzo = grep { /^comp-lzo/ } @firen2nconf;
2912if ($n2ncomplzo[0] =~ /comp-lzo/){$complzoactive = "on";} else {$complzoactive = "off";}
d96c89eb
AH		 2913my @n2nmssfix = grep { /^mssfix/ } @firen2nconf;
2914if ($n2nmssfix[0] =~ /mssfix/){$mssfixactive = "on";} else {$mssfixactive = "off";}
54fd0535 2915#my @n2nmssfix = split(/ /, (grep { /^mssfix/ } @firen2nconf)[0]);
d96c89eb 2916my @n2nfragment = split(/ /, (grep { /^fragment/ } @firen2nconf)[0]);
ce9abb66
AH		 2917my @n2nremote = split(/ /, (grep { /^remote/ } @firen2nconf)[0]);
2918my @n2novpnsuball = split(/ /, (grep { /^ifconfig/ } @firen2nconf)[0]);
2919my @n2novpnsub = split(/\./,$n2novpnsuball[1]);
2920my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]);
54fd0535 2921my @n2nmgmt = split(/ /, (grep { /^management/ } @firen2nconf)[0]);
ce9abb66
AH		 2922my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]);
2923
60f396d7 2924
ce9abb66
AH		 2925###
2926# m.a.d delete CR and LF from arrays for this chomp doesnt work
2927###
2928
ce9abb66 2929$n2nremote[1] =~ s/\n|\r//g;
ce9abb66
AH		 2930$n2novpnsub[0] =~ s/\n|\r//g;
2931$n2novpnsub[1] =~ s/\n|\r//g;
2932$n2novpnsub[2] =~ s/\n|\r//g;
60f396d7 2933$n2nproto[0] =~ s/\n|\r//g;
ce9abb66
AH		 2934$n2nport[1] =~ s/\n|\r//g;
2935$n2ntunmtu[1] =~ s/\n|\r//g;
2936$n2nremsub[1] =~ s/\n|\r//g;
b278daf3 2937$n2nremsub[2] =~ s/\n|\r//g;
ce9abb66 2938$n2nlocalsub[2] =~ s/\n|\r//g;
d96c89eb 2939$n2nfragment[1] =~ s/\n|\r//g;
54fd0535 2940$n2nmgmt[2] =~ s/\n|\r//g;
ce9abb66 2941chomp ($complzoactive);
d96c89eb 2942chomp ($mssfixactive);
ce9abb66
AH		 2943
2944###
7c1d9faf 2945# m.a.d net2net
ce9abb66
AH		 2946###
2947
2948###
2949# Check if there is no other entry with this name
2950###
2951
2952 foreach my $dkey (keys %confighash) {
2953 if ($confighash{$dkey}[1] eq $n2nname[0]) {
2954 $errormessage = $Lang::tr{'a connection with this name already exists'};
b278daf3
AH		 2955 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
2956 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
2957 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
ce9abb66
AH		 2958 goto N2N_ERROR;
2959 }
2960 }
2961
d96c89eb
AH		 2962###
2963# Check if OpenVPN Subnet is valid
2964###
2965
2966foreach my $dkey (keys %confighash) {
2967 if ($confighash{$dkey}[27] eq "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0") {
2968 $errormessage = 'The OpenVPN Subnet is already in use';
b278daf3
AH		 2969 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
2970 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
2971 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
d96c89eb
AH		 2972 goto N2N_ERROR;
2973 }
2974 }
2975
2976###
2977# Check im Dest Port is vaild
2978###
2979
2980foreach my $dkey (keys %confighash) {
2981 if ($confighash{$dkey}[29] eq $n2nport[1] ) {
2982 $errormessage = 'The OpenVPN Port is already in use';
b278daf3
AH		 2983 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
2984 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
2985 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
d96c89eb
AH		 2986 goto N2N_ERROR;
2987 }
2988 }
2989
2990
2991
ce9abb66
AH		 2992 $key = &General::findhasharraykey (\%confighash);
2993
2994 foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
2995 $confighash{$key}[0] = 'off';
2996 $confighash{$key}[1] = $n2nname[0];
2cdd0a43 2997 $confighash{$key}[2] = $n2nname[0];
ce9abb66
AH		 2998 $confighash{$key}[3] = 'net';
2999 $confighash{$key}[4] = 'cert';
3000 $confighash{$key}[6] = 'client';
3001 $confighash{$key}[8] = $n2nlocalsub[2];
2cdd0a43
AM		 3002 $confighash{$key}[10] = $n2nremote[1];
3003 $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]";
54fd0535 3004 $confighash{$key}[22] = $n2nmgmt[2];
2cdd0a43 3005 $confighash{$key}[23] = $mssfixactive;
d96c89eb 3006 $confighash{$key}[24] = $n2nfragment[1];
2cdd0a43 3007 $confighash{$key}[25] = 'IPFire n2n Client';
ce9abb66 3008 $confighash{$key}[26] = 'red';
2cdd0a43
AM		 3009 $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0";
3010 $confighash{$key}[28] = $n2nproto[0];
3011 $confighash{$key}[29] = $n2nport[1];
3012 $confighash{$key}[30] = $complzoactive;
3013 $confighash{$key}[31] = $n2ntunmtu[1];
ce9abb66
AH		 3014
3015
3016 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
d96c89eb 3017
ce9abb66
AH		 3018 N2N_ERROR:
3019
3020 &Header::showhttpheaders();
3021 &Header::openpage('Validate imported configuration', 1, '');
3022 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
3023 if ($errormessage) {
3024 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
3025 print "<class name='base'>$errormessage";
3026 print "&nbsp;</class>";
3027 &Header::closebox();
3028
3029 } else
3030 {
3031 &Header::openbox('100%', 'LEFT', 'import ipfire net2net config');
3032 }
3033 if ($errormessage eq ''){
3034 print <<END
3035 <!-- ipfire net2net config gui -->
3036 <table width='100%'>
3037 <tr><td width='25%'>&nbsp;</td><td width='25%'>&nbsp;</td></tr>
3038 <tr><td class='boldbase'>$Lang::tr{'name'}:</td><td><b>$n2nname[0]</b></td></tr>
3039 <tr><td>&nbsp;</td><td>&nbsp;</td></tr>
3040 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td><td><b>$confighash{$key}[6]</b></td></tr>
3041 <tr><td class='boldbase' nowrap='nowrap'>Remote Host </td><td><b>$confighash{$key}[10]</b></td></tr>
3042 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td><td><b>$confighash{$key}[8]</b></td></tr>
3043 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td><td><b>$confighash{$key}[11]</b></td></tr>
3044 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td><td><b>$confighash{$key}[27]</b></td></tr>
3045 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td><td><b>$confighash{$key}[28]</b></td></tr>
3046 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'destination port'}:</td><td><b>$confighash{$key}[29]</b></td></tr>
3047 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td><td><b>$confighash{$key}[30]</b></td></tr>
7c1d9faf
AH		 3048 <tr><td class='boldbase' nowrap='nowrap'>MSSFIX </td><td><b>$confighash{$key}[23]</b></td></tr>
3049 <tr><td class='boldbase' nowrap='nowrap'>Fragment </td><td><b>$confighash{$key}[24]</b></td></tr>
ce9abb66 3050 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
54fd0535 3051 <tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr>
ce9abb66
AH		 3052 <tr><td>&nbsp;</td><td>&nbsp;</td></tr>
3053 </table>
3054END
3055;
3056 &Header::closebox();
3057 }
3058
3059 if ($errormessage) {
3060 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
3061 } else {
3062 print "<div align='center'><form method='post' ENCTYPE='multipart/form-data'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' />";
3063 print "<input type='hidden' name='TYPE' value='net2netakn' />";
3064 print "<input type='hidden' name='KEY' value='$key' />";
3065 print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>";
3066 }
3067 &Header::closebigbox();
3068 &Header::closepage();
3069 exit(0);
3070
3071
3072##
3073### Accept IPFire n2n Package Settings
3074###
3075
3076 } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){
3077
3078###
3079### Discard and Rollback IPFire n2n Package Settings
3080###
3081
3082 } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'cancel'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){
3083
3084 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3085
3086if ($confighash{$cgiparams{'KEY'}}) {
3087
3088 my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
3089 my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
3090 unlink ($certfile) or die "Removing $certfile fail: $!";
3091 unlink ($conffile) or die "Removing $conffile fail: $!";
3092 rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
3093 delete $confighash{$cgiparams{'KEY'}};
3094 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3095
3096 } else {
3097 $errormessage = $Lang::tr{'invalid key'};
3098 }
3099
3100
3101###
7c1d9faf 3102# m.a.d net2net
ce9abb66
AH		 3103###
3104
3105
3106###
3107### Adding a new connection
3108###
6e13d0a5
MT		 3109} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) ||
3110 ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) ||
3111 ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) {
2cdd0a43 3112
6e13d0a5
MT		 3113 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3114 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
3115 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3116
3117 if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
c6c9630e
MT		 3118 if (! $confighash{$cgiparams{'KEY'}}[0]) {
3119 $errormessage = $Lang::tr{'invalid key'};
3120 goto VPNCONF_END;
3121 }
2cdd0a43
AM		 3122 $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0];
3123 $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1];
3124 $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
3125 $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
3126 $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
3127 $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6];
3128 $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
3129 $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10];
3130 $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
d96c89eb 3131# n2n m.a.d new fields
2cdd0a43
AM		 3132 $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22];
3133 $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23];
3134 $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24];
3135 $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25];
3136 $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
c6c9630e 3137#new fields
2cdd0a43
AM		 3138 $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27];
3139 $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28];
3140 $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29];
3141 $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30];
3142 $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31];
3143############
3144#A.Marx CCD
3145############
3146 $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32];
3147 my $name=$cgiparams{'CHECK1'} ;
3148 $cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33];
3149 $cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34];
3150 $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35];
3151 $cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36];
3152 $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37];
3153#########
3154#CCD End
3155#########
3156
3157 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
c6c9630e 3158 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
18837a6a 3159
2cdd0a43
AM		 3160
3161###########
3162#A.Marx CCD--check iroute field and convert it to decimal
3163###########
3164
3165 my @temp=();
3166 my %ccdroutehash=();
3167 my $keypoint=0;
3168 if ($cgiparams{'IR'} ne ''){
3169 @temp = split("\n",$cgiparams{'IR'});
3170 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3171 #find key to use
3172 foreach my $key (keys %ccdroutehash) {
3173 if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) {
3174 $keypoint=$key;
3175 delete $ccdroutehash{$key};
3176 }else{
3177 $keypoint = &General::findhasharraykey (\%ccdroutehash);
3178 }
3179 }
3180 $ccdroutehash{$keypoint}[0]=$cgiparams{'NAME'};
3181 my $i=1;
3182 my $val=0;
3183 foreach $val (@temp){
3184 chomp($val);
3185 $val=~s/\s*$//g;
3186 $val=&General::iporsubtodec($val);
3187 my ($ip,$cidr) = split (/\//, $val);
3188
3189 if (! &check_routes_push($val)){$errormessage="Route $val ".$Lang::tr{'ccd err routeovpn'};goto VPNCONF_ERROR;}
3190 if (! &check_ccdroute($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err inuse'};goto VPNCONF_ERROR;}
3191
3192 #check for existing network IP's
3193 if ((&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0')||
3194 (&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0')||
3195 (&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '')||
3196 (&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' )){
3197 $errormessage="$ip USED FOR SYSTEM!";
3198 goto VPNCONF_ERROR;
3199 }
3200 #if (! &check_ccdconf($val)){$errormessage=$errormessage."<br> Route $val ".$Lang::tr{'ccd err routeovpn'};goto VPNCONF_ERROR;}
3201 if (&General::validip2($val)){
3202 $ccdroutehash{$keypoint}[$i] = &General::iporsubtodec($val);
3203 }else{
3204 $errormessage="Route ".$Lang::tr{'ccd invalid'};
3205 goto VPNCONF_ERROR;
3206 }
3207 $i++;
3208 }
3209 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3210 &writeserverconf;
3211 }
3212 undef @temp;
3213 #check route field and convert it to decimal
3214 my %ccdroute2hash=();
3215 my $val=0;
3216 my $i=1;
3217 if ($cgiparams{'IFROUTE'} ne ''){
3218 &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
3219 #find key to use
3220 foreach my $key (keys %ccdroute2hash) {
3221 if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) {
3222 $keypoint=$key;
3223 delete $ccdroute2hash{$key};
3224 }else{
3225 $keypoint = &General::findhasharraykey (\%ccdroute2hash);
3226 }
3227 }
3228 $ccdroute2hash{$keypoint}[0]=$cgiparams{'NAME'};
3229 @temp = split("\n",$cgiparams{'IFROUTE'});
3230 foreach $val (@temp){
3231 chomp($val);
3232 $val=~s/\s*$//g;
3233 my ($ip,$cidr) = split (/\//, $val);
3234 if (! &check_routes_push($val)){$errormessage="Route $val ".$Lang::tr{'ccd err routeovpn2'};goto VPNCONF_ERROR;}
3235 if (! &check_ccdroute($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err inuse'};goto VPNCONF_ERROR;}
3236 if ((&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0')||
3237 (&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0')||
3238 (&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '')||
3239 (&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' )){
3240 $errormessage="$ip ".$Lang::tr{'ccd err routeovpn2'};
3241 goto VPNCONF_ERROR;
3242 }
3243 if (! &check_ccdconf($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err routeovpn'};goto VPNCONF_ERROR;}
3244 if (&General::validip2($val)){
3245 $ccdroute2hash{$keypoint}[$i] = &General::iporsubtodec($val);
3246 }else{
3247 $errormessage="Route ".$Lang::tr{'ccd invalid'};
3248 goto VPNCONF_ERROR;
3249 }
3250 $i++;
3251 }
3252 &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
3253 }
3254
3255 if ($cgiparams{'CCD_DNS1'} ne '' && ! &General::validip($cgiparams{'CCD_DNS1'})) {
3256 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 1";
3257 goto VPNCONF_ERROR;
3258 }
3259 if ($cgiparams{'CCD_DNS1'} ne ''){
3260
3261 }
3262 if ($cgiparams{'CCD_DNS2'} ne '' && ! &General::validip($cgiparams{'CCD_DNS2'})) {
3263 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 2";
3264 goto VPNCONF_ERROR;
3265 }
3266 if ($cgiparams{'CCD_DNS2'} ne ''){
3267
3268 }
3269
3270
3271 if ($cgiparams{'CCD_WINS'} ne '' && ! &General::validip($cgiparams{'CCD_WINS'})) {
3272 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp wins'};
3273 goto VPNCONF_ERROR;
3274 }
3275
3276###########
3277#CCD End
3278###########
3279
3280 if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
c6c9630e 3281 $errormessage = $Lang::tr{'connection type is invalid'};
b278daf3
AH		 3282 if ($cgiparams{'TYPE'} eq 'net') {
3283 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3284 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3285 }
c6c9630e
MT		 3286 goto VPNCONF_ERROR;
3287 }
3288
3289
3290 if ($cgiparams{'NAME'} !~ /^[a-zA-Z0-9]+$/) {
3291 $errormessage = $Lang::tr{'name must only contain characters'};
b278daf3
AH		 3292 if ($cgiparams{'TYPE'} eq 'net') {
3293 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3294 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3295 }
3296 goto VPNCONF_ERROR;
3297 }
c6c9630e
MT		 3298
3299 if ($cgiparams{'NAME'} =~ /^(host|01|block|private|clear|packetdefault)$/) {
3300 $errormessage = $Lang::tr{'name is invalid'};
b278daf3
AH		 3301 if ($cgiparams{'TYPE'} eq 'net') {
3302 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3303 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3304 }
c6c9630e
MT		 3305 goto VPNCONF_ERROR;
3306 }
3307
3308 if (length($cgiparams{'NAME'}) >60) {
3309 $errormessage = $Lang::tr{'name too long'};
b278daf3
AH		 3310 if ($cgiparams{'TYPE'} eq 'net') {
3311 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3312 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3313 }
c6c9630e
MT		 3314 goto VPNCONF_ERROR;
3315 }
3316
d96c89eb 3317###
7c1d9faf 3318# m.a.d net2net
d96c89eb
AH		 3319###
3320
7c1d9faf
AH		 3321if ($cgiparams{'TYPE'} eq 'net') {
3322
3323 if ($cgiparams{'DEST_PORT'} eq $vpnsettings{'DDEST_PORT'}) {
cd0c0a0d 3324 $errormessage = $Lang::tr{'openvpn destination port used'};
b278daf3
AH		 3325 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3326 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3327 goto VPNCONF_ERROR;
d96c89eb 3328 }
54fd0535
MT		 3329
3330 if ($cgiparams{'DEST_PORT'} eq '') {
3331 $errormessage = $Lang::tr{'openvpn destination port used'};
3332 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3333 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3334 goto VPNCONF_ERROR;
3335 }
d96c89eb
AH		 3336
3337 if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) {
cd0c0a0d 3338 $errormessage = $Lang::tr{'openvpn subnet is used'};
b278daf3
AH		 3339 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3340 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
d96c89eb
AH		 3341 goto VPNCONF_ERROR;
3342 }
3343
3344 if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'MSSFIX'} eq 'on')) {
cd0c0a0d 3345 $errormessage = $Lang::tr{'openvpn mssfix allowed with udp'};
b278daf3
AH		 3346 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3347 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
d96c89eb
AH		 3348 goto VPNCONF_ERROR;
3349 }
3350
3351 if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'FRAGMENT'} ne '')) {
cd0c0a0d 3352 $errormessage = $Lang::tr{'openvpn fragment allowed with udp'};
b278daf3
AH		 3353 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3354 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
d96c89eb
AH		 3355 goto VPNCONF_ERROR;
3356 }
d96c89eb 3357
7c1d9faf 3358 if ( &validdotmask ($cgiparams{'LOCAL_SUBNET'})) {
cd0c0a0d 3359 $errormessage = $Lang::tr{'openvpn prefix local subnet'};
b278daf3
AH		 3360 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3361 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3362 goto VPNCONF_ERROR;
7c1d9faf
AH		 3363 }
3364
3365 if ( &validdotmask ($cgiparams{'OVPN_SUBNET'})) {
cd0c0a0d 3366 $errormessage = $Lang::tr{'openvpn prefix openvpn subnet'};
b278daf3
AH		 3367 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3368 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3369 goto VPNCONF_ERROR;
7c1d9faf
AH		 3370 }
3371
3372 if ( &validdotmask ($cgiparams{'REMOTE_SUBNET'})) {
cd0c0a0d 3373 $errormessage = $Lang::tr{'openvpn prefix remote subnet'};
b278daf3
AH		 3374 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3375 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3376 goto VPNCONF_ERROR;
7c1d9faf 3377 }
54fd0535
MT		 3378
3379 if ($cgiparams{'OVPN_MGMT'} eq '') {
3380 $cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'};
3381 }
3382
7c1d9faf 3383}
d96c89eb 3384
ce9abb66
AH		 3385# if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
3386# $errormessage = $Lang::tr{'ipfire side is invalid'};
3387# goto VPNCONF_ERROR;
3388# }
3389
c6c9630e
MT		 3390 # Check if there is no other entry with this name
3391 if (! $cgiparams{'KEY'}) {
3392 foreach my $key (keys %confighash) {
3393 if ($confighash{$key}[1] eq $cgiparams{'NAME'}) {
3394 $errormessage = $Lang::tr{'a connection with this name already exists'};
b278daf3
AH		 3395 if ($cgiparams{'TYPE'} eq 'net') {
3396 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3397 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3398 }
c6c9630e 3399 goto VPNCONF_ERROR;
6e13d0a5 3400 }
c6c9630e
MT		 3401 }
3402 }
3403
ce9abb66
AH		 3404 if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) {
3405 $errormessage = $Lang::tr{'invalid input for remote host/ip'};
b278daf3
AH		 3406 if ($cgiparams{'TYPE'} eq 'net') {
3407 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3408 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3409 }
ce9abb66
AH		 3410 goto VPNCONF_ERROR;
3411 }
3412
c6c9630e
MT		 3413 if ($cgiparams{'REMOTE'}) {
3414 if (! &General::validip($cgiparams{'REMOTE'})) {
3415 if (! &General::validfqdn ($cgiparams{'REMOTE'})) {
3416 $errormessage = $Lang::tr{'invalid input for remote host/ip'};
b278daf3
AH		 3417 if ($cgiparams{'TYPE'} eq 'net') {
3418 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3419 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3420 }
c6c9630e 3421 goto VPNCONF_ERROR;
6e13d0a5 3422 } else {
c6c9630e
MT		 3423 if (&valid_dns_host($cgiparams{'REMOTE'})) {
3424 $warnmessage = "$Lang::tr{'check vpn lr'} $cgiparams{'REMOTE'}. $Lang::tr{'dns check failed'}";
b278daf3 3425 if ($cgiparams{'TYPE'} eq 'net') {
60f396d7 3426
b278daf3 3427 }
c6c9630e 3428 }
6e13d0a5 3429 }
c6c9630e
MT		 3430 }
3431 }
3432 if ($cgiparams{'TYPE'} ne 'host') {
3433 unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) {
3434 $errormessage = $Lang::tr{'local subnet is invalid'};
b278daf3
AH		 3435 if ($cgiparams{'TYPE'} eq 'net') {
3436 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3437 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3438 }
c6c9630e
MT		 3439 goto VPNCONF_ERROR;}
3440 }
3441 # Check if there is no other entry without IP-address and PSK
3442 if ($cgiparams{'REMOTE'} eq '') {
3443 foreach my $key (keys %confighash) {
3444 if(($cgiparams{'KEY'} ne $key) &&
3445 ($confighash{$key}[4] eq 'psk' || $cgiparams{'AUTH'} eq 'psk') &&
3446 $confighash{$key}[10] eq '') {
3447 $errormessage = $Lang::tr{'you can only define one roadwarrior connection when using pre-shared key authentication'};
3448 goto VPNCONF_ERROR;
6e13d0a5 3449 }
c6c9630e
MT		 3450 }
3451 }
ce9abb66
AH		 3452 if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) {
3453 $errormessage = $Lang::tr{'remote subnet is invalid'};
b278daf3
AH		 3454 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3455 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3456 goto VPNCONF_ERROR;
ce9abb66 3457 }
c6c9630e
MT		 3458
3459 if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
3460 $errormessage = $Lang::tr{'invalid input'};
3461 goto VPNCONF_ERROR;
3462 }
3463 if ($cgiparams{'EDIT_ADVANCED'} !~ /^(on|off)$/) {
3464 $errormessage = $Lang::tr{'invalid input'};
3465 goto VPNCONF_ERROR;
3466 }
3467
3468#fixplausi
3469 if ($cgiparams{'AUTH'} eq 'psk') {
3470# if (! length($cgiparams{'PSK'}) ) {
3471# $errormessage = $Lang::tr{'pre-shared key is too short'};
3472# goto VPNCONF_ERROR;
3473# }
3474# if ($cgiparams{'PSK'} =~ /['",&]/) {
3475# $errormessage = $Lang::tr{'invalid characters found in pre-shared key'};
3476# goto VPNCONF_ERROR;
3477# }
3478 } elsif ($cgiparams{'AUTH'} eq 'certreq') {
3479 if ($cgiparams{'KEY'}) {
3480 $errormessage = $Lang::tr{'cant change certificates'};
3481 goto VPNCONF_ERROR;
3482 }
3483 if (ref ($cgiparams{'FH'}) ne 'Fh') {
3484 $errormessage = $Lang::tr{'there was no file upload'};
3485 goto VPNCONF_ERROR;
3486 }
3487
3488 # Move uploaded certificate request to a temporary file
3489 (my $fh, my $filename) = tempfile( );
3490 if (copy ($cgiparams{'FH'}, $fh) != 1) {
3491 $errormessage = $!;
3492 goto VPNCONF_ERROR;
3493 }
6e13d0a5 3494
c6c9630e
MT		 3495 # Sign the certificate request and move it
3496 # Sign the host certificate request
f6e12093 3497 system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
c6c9630e
MT		 3498 '-batch', '-notext',
3499 '-in', $filename,
3500 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
3501 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf");
3502 if ($?) {
3503 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
3504 unlink ($filename);
3505 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
3506 &newcleanssldatabase();
3507 goto VPNCONF_ERROR;
3508 } else {
3509 unlink ($filename);
3510 &deletebackupcert();
3511 }
3512
3513 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
3514 $temp =~ /Subject:.*CN=(.*)[\n]/;
3515 $temp = $1;
3516 $temp =~ s+/Email+, E+;
3517 $temp =~ s/ ST=/ S=/;
3518 $cgiparams{'CERT_NAME'} = $temp;
3519 $cgiparams{'CERT_NAME'} =~ s/,//g;
3520 $cgiparams{'CERT_NAME'} =~ s/\'//g;
3521 if ($cgiparams{'CERT_NAME'} eq '') {
3522 $errormessage = $Lang::tr{'could not retrieve common name from certificate'};
3523 goto VPNCONF_ERROR;
3524 }
3525 } elsif ($cgiparams{'AUTH'} eq 'certfile') {
3526 if ($cgiparams{'KEY'}) {
3527 $errormessage = $Lang::tr{'cant change certificates'};
3528 goto VPNCONF_ERROR;
3529 }
3530 if (ref ($cgiparams{'FH'}) ne 'Fh') {
3531 $errormessage = $Lang::tr{'there was no file upload'};
3532 goto VPNCONF_ERROR;
3533 }
3534 # Move uploaded certificate to a temporary file
3535 (my $fh, my $filename) = tempfile( );
3536 if (copy ($cgiparams{'FH'}, $fh) != 1) {
3537 $errormessage = $!;
3538 goto VPNCONF_ERROR;
3539 }
3540
3541 # Verify the certificate has a valid CA and move it
3542 my $validca = 0;
3543 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/cacert.pem $filename`;
3544 if ($test =~ /: OK/) {
3545 $validca = 1;
3546 } else {
3547 foreach my $key (keys %cahash) {
3548 $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem $filename`;
3549 if ($test =~ /: OK/) {
3550 $validca = 1;
3551 }
6e13d0a5 3552 }
c6c9630e
MT		 3553 }
3554 if (! $validca) {
3555 $errormessage = $Lang::tr{'certificate does not have a valid ca associated with it'};
3556 unlink ($filename);
3557 goto VPNCONF_ERROR;
3558 } else {
3559 move($filename, "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
3560 if ($? ne 0) {
3561 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
3562 unlink ($filename);
3563 goto VPNCONF_ERROR;
6e13d0a5 3564 }
c6c9630e
MT		 3565 }
3566
3567 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
3568 $temp =~ /Subject:.*CN=(.*)[\n]/;
3569 $temp = $1;
3570 $temp =~ s+/Email+, E+;
3571 $temp =~ s/ ST=/ S=/;
3572 $cgiparams{'CERT_NAME'} = $temp;
3573 $cgiparams{'CERT_NAME'} =~ s/,//g;
3574 $cgiparams{'CERT_NAME'} =~ s/\'//g;
3575 if ($cgiparams{'CERT_NAME'} eq '') {
3576 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
3577 $errormessage = $Lang::tr{'could not retrieve common name from certificate'};
3578 goto VPNCONF_ERROR;
3579 }
3580 } elsif ($cgiparams{'AUTH'} eq 'certgen') {
3581 if ($cgiparams{'KEY'}) {
3582 $errormessage = $Lang::tr{'cant change certificates'};
3583 goto VPNCONF_ERROR;
3584 }
3585 # Validate input since the form was submitted
3586 if (length($cgiparams{'CERT_NAME'}) >60) {
3587 $errormessage = $Lang::tr{'name too long'};
3588 goto VPNCONF_ERROR;
3589 }
3590 if ($cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
3591 $errormessage = $Lang::tr{'invalid input for name'};
3592 goto VPNCONF_ERROR;
3593 }
3594 if ($cgiparams{'CERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'CERT_EMAIL'}))) {
3595 $errormessage = $Lang::tr{'invalid input for e-mail address'};
3596 goto VPNCONF_ERROR;
3597 }
3598 if (length($cgiparams{'CERT_EMAIL'}) > 40) {
3599 $errormessage = $Lang::tr{'e-mail address too long'};
3600 goto VPNCONF_ERROR;
3601 }
3602 if ($cgiparams{'CERT_OU'} ne '' && $cgiparams{'CERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
3603 $errormessage = $Lang::tr{'invalid input for department'};
3604 goto VPNCONF_ERROR;
3605 }
3606 if (length($cgiparams{'CERT_ORGANIZATION'}) >60) {
3607 $errormessage = $Lang::tr{'organization too long'};
3608 goto VPNCONF_ERROR;
3609 }
3610 if ($cgiparams{'CERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
3611 $errormessage = $Lang::tr{'invalid input for organization'};
3612 goto VPNCONF_ERROR;
3613 }
3614 if ($cgiparams{'CERT_CITY'} ne '' && $cgiparams{'CERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
3615 $errormessage = $Lang::tr{'invalid input for city'};
3616 goto VPNCONF_ERROR;
3617 }
3618 if ($cgiparams{'CERT_STATE'} ne '' && $cgiparams{'CERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
3619 $errormessage = $Lang::tr{'invalid input for state or province'};
3620 goto VPNCONF_ERROR;
3621 }
3622 if ($cgiparams{'CERT_COUNTRY'} !~ /^[A-Z]*$/) {
3623 $errormessage = $Lang::tr{'invalid input for country'};
3624 goto VPNCONF_ERROR;
3625 }
3626 if ($cgiparams{'CERT_PASS1'} ne '' && $cgiparams{'CERT_PASS2'} ne ''){
3627 if (length($cgiparams{'CERT_PASS1'}) < 5) {
3628 $errormessage = $Lang::tr{'password too short'};
3629 goto VPNCONF_ERROR;
6e13d0a5 3630 }
c6c9630e
MT		 3631 }
3632 if ($cgiparams{'CERT_PASS1'} ne $cgiparams{'CERT_PASS2'}) {
3633 $errormessage = $Lang::tr{'passwords do not match'};
3634 goto VPNCONF_ERROR;
3635 }
3636
3637 # Replace empty strings with a .
3638 (my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./;
3639 (my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./;
3640 (my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/\./;
3641
3642 # Create the Host certificate request client
3643 my $pid = open(OPENSSL, "|-");
3644 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto VPNCONF_ERROR;};
3645 if ($pid) { # parent
3646 print OPENSSL "$cgiparams{'CERT_COUNTRY'}\n";
3647 print OPENSSL "$state\n";
3648 print OPENSSL "$city\n";
3649 print OPENSSL "$cgiparams{'CERT_ORGANIZATION'}\n";
3650 print OPENSSL "$ou\n";
3651 print OPENSSL "$cgiparams{'CERT_NAME'}\n";
3652 print OPENSSL "$cgiparams{'CERT_EMAIL'}\n";
3653 print OPENSSL ".\n";
3654 print OPENSSL ".\n";
3655 close (OPENSSL);
3656 if ($?) {
3657 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
3658 unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}key.pem");
3659 unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}req.pem");
3660 goto VPNCONF_ERROR;
6e13d0a5 3661 }
c6c9630e
MT		 3662 } else { # child
3663 unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
3664 '-newkey', 'rsa:1024',
3665 '-keyout', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
3666 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
3667 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
3668 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
3669 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
3670 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
3671 goto VPNCONF_ERROR;
6e13d0a5 3672 }
c6c9630e
MT		 3673 }
3674
3675 # Sign the host certificate request
f6e12093 3676 system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
c6c9630e
MT		 3677 '-batch', '-notext',
3678 '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
3679 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
3680 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf");
3681 if ($?) {
3682 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
3683 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
3684 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
3685 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
3686 &newcleanssldatabase();
3687 goto VPNCONF_ERROR;
3688 } else {
3689 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
3690 &deletebackupcert();
3691 }
3692
3693 # Create the pkcs12 file
3694 system('/usr/bin/openssl', 'pkcs12', '-export',
3695 '-inkey', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
3696 '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
3697 '-name', $cgiparams{'NAME'},
3698 '-passout', "pass:$cgiparams{'CERT_PASS1'}",
3699 '-certfile', "${General::swroot}/ovpn/ca/cacert.pem",
3700 '-caname', "$vpnsettings{'ROOTCERT_ORGANIZATION'} CA",
3701 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12");
3702 if ($?) {
3703 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
3704 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
3705 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
3706 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12");
3707 goto VPNCONF_ERROR;
3708 } else {
3709 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
3710 }
3711 } elsif ($cgiparams{'AUTH'} eq 'cert') {
3712 ;# Nothing, just editing
3713 } else {
3714 $errormessage = $Lang::tr{'invalid input for authentication method'};
3715 goto VPNCONF_ERROR;
3716 }
3717
3718 # Check if there is no other entry with this common name
3719 if ((! $cgiparams{'KEY'}) && ($cgiparams{'AUTH'} ne 'psk')) {
3720 foreach my $key (keys %confighash) {
3721 if ($confighash{$key}[2] eq $cgiparams{'CERT_NAME'}) {
3722 $errormessage = $Lang::tr{'a connection with this common name already exists'};
3723 goto VPNCONF_ERROR;
6e13d0a5 3724 }
c6c9630e
MT		 3725 }
3726 }
3727
3728 # Save the config
3729 my $key = $cgiparams{'KEY'};
2cdd0a43 3730
c6c9630e
MT		 3731 if (! $key) {
3732 $key = &General::findhasharraykey (\%confighash);
2cdd0a43 3733 foreach my $i (0 .. 36) { $confighash{$key}[$i] = "";}
c6c9630e 3734 }
2cdd0a43
AM		 3735 $confighash{$key}[0] = $cgiparams{'ENABLED'};
3736 $confighash{$key}[1] = $cgiparams{'NAME'};
c6c9630e 3737 if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') {
2cdd0a43 3738 $confighash{$key}[2] = $cgiparams{'CERT_NAME'};
c6c9630e 3739 }
2cdd0a43
AM		 3740
3741 $confighash{$key}[3] = $cgiparams{'TYPE'};
c6c9630e 3742 if ($cgiparams{'AUTH'} eq 'psk') {
2cdd0a43
AM		 3743 $confighash{$key}[4] = 'psk';
3744 $confighash{$key}[5] = $cgiparams{'PSK'};
c6c9630e 3745 } else {
2cdd0a43 3746 $confighash{$key}[4] = 'cert';
c6c9630e 3747 }
ce9abb66 3748 if ($cgiparams{'TYPE'} eq 'net') {
2cdd0a43
AM		 3749 $confighash{$key}[6] = $cgiparams{'SIDE'};
3750 $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
ce9abb66 3751 }
2cdd0a43
AM		 3752 $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
3753 $confighash{$key}[10] = $cgiparams{'REMOTE'};
54fd0535 3754 if ($cgiparams{'OVPN_MGMT'} eq '') {
2cdd0a43 3755 $confighash{$key}[22] = $confighash{$key}[29];
54fd0535 3756 } else {
2cdd0a43 3757 $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'};
54fd0535 3758 }
2cdd0a43
AM		 3759 $confighash{$key}[23] = $cgiparams{'MSSFIX'};
3760 $confighash{$key}[24] = $cgiparams{'FRAGMENT'};
3761 $confighash{$key}[25] = $cgiparams{'REMARK'};
3762 $confighash{$key}[26] = $cgiparams{'INTERFACE'};
c6c9630e 3763# new fields
2cdd0a43
AM		 3764 $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'};
3765 $confighash{$key}[28] = $cgiparams{'PROTOCOL'};
3766 $confighash{$key}[29] = $cgiparams{'DEST_PORT'};
3767 $confighash{$key}[30] = $cgiparams{'COMPLZO'};
3768 $confighash{$key}[31] = $cgiparams{'MTU'};
c6c9630e 3769# new fileds
2cdd0a43
AM		 3770
3771
3772###########
3773#A.Marx CCD new fields
3774###########
3775 $confighash{$key}[32] = $cgiparams{'CHECK1'};
3776 my $name=$cgiparams{'CHECK1'};
3777 $confighash{$key}[33] = $cgiparams{$name};
3778 $confighash{$key}[34] = $cgiparams{'RG'};
3779 $confighash{$key}[35] = $cgiparams{'CCD_DNS1'};
3780 $confighash{$key}[36] = $cgiparams{'CCD_DNS2'};
3781 $confighash{$key}[37] = $cgiparams{'CCD_WINS'};
3782
3783 #-----------------------------------------
3784 # Attention: Workaround for "6 comma Bug".
3785 # The last field has to contain something
3786 # to be sure that each line has a fixed
3787 # number of elements
3788 #-----------------------------------------
3789 $confighash{$key}[38] = "END";
3790
c6c9630e 3791 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2cdd0a43
AM		 3792
3793 if ($cgiparams{'CHECK1'} ){
3794
3795 my ($ccdip,$ccdsub)=split "/",$cgiparams{$name};
3796 my ($a,$b,$c,$d) = split (/\./,$ccdip);
3797 if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";}
3798 open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!";
3799 print CCDRWCONF "# OpenVPN Clientconfig from CCD extension by Copymaster#\n\n";
3800 if($cgiparams{'CHECK1'} eq 'dynamic'){
3801 print CCDRWCONF "#This client uses the dynamic pool\n";
3802 }else{
3803 print CCDRWCONF "#Ip address client and Server\n";
3804 print CCDRWCONF "ifconfig-push $ccdip ".&General::getlastip($ccdip,1)."\n";
3805 }
3806 if ($confighash{$key}[34] eq 'on'){
3807 print CCDRWCONF "\n#Redirect Gateway: \n#All IP traffic is redirected through the vpn \n";
3808 print CCDRWCONF "push redirect-gateway\n";
3809 }
3810 my %ccdroute=();
3811 if ($cgiparams{'IR'} ne ''){
3812 print CCDRWCONF "\n#Client routes these Networks (behind Client)\n";
3813 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3814 foreach my $key (keys %ccdroutehash){
3815 if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}){
3816 foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
3817 my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]);
3818 print CCDRWCONF "iroute $a $b\n";
3819 }
3820 }
3821 }
3822 }
3823 if ($cgiparams{'IFROUTE'} ne ''){
3824 print CCDRWCONF "\n#Client gets routes to these Networks (behind IPFIRE)\n";
3825 &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
3826 foreach my $key (keys %ccdroute2hash){
3827 if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
3828 foreach my $i ( 1 .. $#{$ccdroute2hash{$key}}){
3829 my ($a,$b)=split (/\//,$ccdroute2hash{$key}[$i]);
3830 print CCDRWCONF "push \"route $a $b\"\n";
3831 }
3832 }
3833 }
3834 }
3835 if(($cgiparams{'CCD_DNS1'} eq '') && ($cgiparams{'CCD_DNS1'} ne '')){ $cgiparams{'CCD_DNS1'} = $cgiparams{'CCD_DNS2'};$cgiparams{'CCD_DNS2'}='';}
3836 if($cgiparams{'CCD_DNS1'} ne ''){
3837 print CCDRWCONF "\n#Client gets these Nameservers\n";
3838 print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS1'}\" \n";
3839 }
3840 if($cgiparams{'CCD_DNS2'} ne ''){
3841 print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS2'}\" \n";
3842 }
3843 if($cgiparams{'CCD_WINS'} ne ''){
3844 print CCDRWCONF "\n#Client gets this WINS server\n";
3845 print CCDRWCONF "push \"dhcp-option WINS $cgiparams{'CCD_WINS'}\" \n";
3846 }
3847 close CCDRWCONF;
3848 }
3849########
3850#CCD End
3851########
3852
18837a6a
AH		 3853
3854###
3855# m.a.d n2n begin
3856###
3857
3858 if ($cgiparams{'TYPE'} eq 'net') {
3859
3860 if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
3861 system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
3862
3863 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3864 my $key = $cgiparams{'KEY'};
3865 if (! $key) {
3866 $key = &General::findhasharraykey (\%confighash);
3867 foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
3868 }
3869 $confighash{$key}[0] = 'on';
3870 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3871
3872 system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
3873 }
3874 }
3875
3876###
3877# m.a.d n2n end
3878###
3879
c6c9630e
MT		 3880 if ($cgiparams{'EDIT_ADVANCED'} eq 'on') {
3881 $cgiparams{'KEY'} = $key;
3882 $cgiparams{'ACTION'} = $Lang::tr{'advanced'};
3883 }
3884 goto VPNCONF_END;
6e13d0a5 3885 } else {
c6c9630e 3886 $cgiparams{'ENABLED'} = 'on';
54fd0535
MT		 3887###
3888# m.a.d n2n begin
3889###
3890 $cgiparams{'MSSFIX'} = 'on';
3891 $cgiparams{'FRAGMENT'} = '1300';
3892###
3893# m.a.d n2n end
3894###
c6c9630e
MT		 3895 $cgiparams{'SIDE'} = 'left';
3896 if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) {
3897 $cgiparams{'AUTH'} = 'psk';
3898 } elsif ( ! -f "${General::swroot}/ovpn/ca/cacert.pem") {
3899 $cgiparams{'AUTH'} = 'certfile';
3900 } else {
6e13d0a5 3901 $cgiparams{'AUTH'} = 'certgen';
c6c9630e
MT		 3902 }
3903 $cgiparams{'LOCAL_SUBNET'} ="$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
3904 $cgiparams{'CERT_ORGANIZATION'} = $vpnsettings{'ROOTCERT_ORGANIZATION'};
3905 $cgiparams{'CERT_CITY'} = $vpnsettings{'ROOTCERT_CITY'};
3906 $cgiparams{'CERT_STATE'} = $vpnsettings{'ROOTCERT_STATE'};
3907 $cgiparams{'CERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'};
6e13d0a5 3908 }
c6c9630e 3909
6e13d0a5 3910 VPNCONF_ERROR:
6e13d0a5
MT		 3911 $checked{'ENABLED'}{'off'} = '';
3912 $checked{'ENABLED'}{'on'} = '';
3913 $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
3914 $checked{'ENABLED_BLUE'}{'off'} = '';
3915 $checked{'ENABLED_BLUE'}{'on'} = '';
3916 $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED';
3917 $checked{'ENABLED_ORANGE'}{'off'} = '';
3918 $checked{'ENABLED_ORANGE'}{'on'} = '';
3919 $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
c6c9630e
MT		 3920
3921
6e13d0a5
MT		 3922 $checked{'EDIT_ADVANCED'}{'off'} = '';
3923 $checked{'EDIT_ADVANCED'}{'on'} = '';
3924 $checked{'EDIT_ADVANCED'}{$cgiparams{'EDIT_ADVANCED'}} = 'CHECKED';
c6c9630e 3925
6e13d0a5
MT		 3926 $selected{'SIDE'}{'server'} = '';
3927 $selected{'SIDE'}{'client'} = '';
3928 $selected{'SIDE'}{$cgiparams{'SIDE'}} = 'SELECTED';
d96c89eb
AH		 3929
3930 $selected{'PROTOCOL'}{'udp'} = '';
3931 $selected{'PROTOCOL'}{'tcp'} = '';
3932 $selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = 'SELECTED';
3933
c6c9630e 3934
6e13d0a5
MT		 3935 $checked{'AUTH'}{'psk'} = '';
3936 $checked{'AUTH'}{'certreq'} = '';
3937 $checked{'AUTH'}{'certgen'} = '';
3938 $checked{'AUTH'}{'certfile'} = '';
3939 $checked{'AUTH'}{$cgiparams{'AUTH'}} = 'CHECKED';
c6c9630e 3940
6e13d0a5 3941 $selected{'INTERFACE'}{$cgiparams{'INTERFACE'}} = 'SELECTED';
c6c9630e 3942
6e13d0a5
MT		 3943 $checked{'COMPLZO'}{'off'} = '';
3944 $checked{'COMPLZO'}{'on'} = '';
3945 $checked{'COMPLZO'}{$cgiparams{'COMPLZO'}} = 'CHECKED';
c6c9630e 3946
d96c89eb
AH		 3947 $checked{'MSSFIX'}{'off'} = '';
3948 $checked{'MSSFIX'}{'on'} = '';
3949 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
3950
6e13d0a5
MT		 3951
3952 if (1) {
3953 &Header::showhttpheaders();
3954 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
3955 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
3956 if ($errormessage) {
3957 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
3958 print "<class name='base'>$errormessage";
3959 print "&nbsp;</class>";
3960 &Header::closebox();
3961 }
c6c9630e 3962
6e13d0a5
MT		 3963 if ($warnmessage) {
3964 &Header::openbox('100%', 'LEFT', "$Lang::tr{'warning messages'}:");
3965 print "<class name='base'>$warnmessage";
3966 print "&nbsp;</class>";
3967 &Header::closebox();
3968 }
c6c9630e 3969
6e13d0a5 3970 print "<form method='post' enctype='multipart/form-data'>";
ce9abb66 3971 print "<input type='hidden' name='TYPE' value='$cgiparams{'TYPE'}' />";
c6c9630e 3972
6e13d0a5
MT		 3973 if ($cgiparams{'KEY'}) {
3974 print "<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />";
3975 print "<input type='hidden' name='AUTH' value='$cgiparams{'AUTH'}' />";
6e13d0a5 3976 }
c6c9630e 3977
6e13d0a5 3978 &Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:");
2cdd0a43
AM		 3979 print "<table width='100%' border='0'>\n";
3980
3981
3982
3983 print "<tr><td width='14%' class='boldbase'>$Lang::tr{'name'}: </td>";
3984
ce9abb66 3985 if ($cgiparams{'TYPE'} eq 'host') {
6e13d0a5 3986 if ($cgiparams{'KEY'}) {
2cdd0a43 3987 print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
6e13d0a5 3988 } else {
2cdd0a43 3989
6e13d0a5
MT		 3990 print "<td width='35%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' size='30' /></td>";
3991 }
c6c9630e
MT		 3992# print "<tr><td>$Lang::tr{'interface'}</td>";
3993# print "<td><select name='INTERFACE'>";
3994# print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED</option>";
3995# if ($netsettings{'BLUE_DEV'} ne '') {
3996# print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE</option>";
3997# }
3998# print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN</option>";
3999# print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>";
4000# print "</select></td></tr>";
4001# print <<END
ce9abb66
AH		 4002 } else {
4003 print "<input type='hidden' name='INTERFACE' value='red' />";
4004 if ($cgiparams{'KEY'}) {
4005 print "<td width='25%' class='base' nowrap='nowrap'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
4006 } else {
4007 print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>";
4008 }
2cdd0a43
AM		 4009
4010
4011
ce9abb66
AH		 4012 print <<END
4013 <td width='25%'>&nbsp;</td>
4014 <td width='25%'>&nbsp;</td></tr>
4015 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td>
cd0c0a0d
MT		 4016 <td><select name='SIDE'><option value='server' $selected{'SIDE'}{'server'}>$Lang::tr{'openvpn server'}</option>
4017 <option value='client' $selected{'SIDE'}{'client'}>$Lang::tr{'openvpn client'}</option></select></td>
ce9abb66
AH		 4018 <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
4019 <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td></tr>
4020 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
4021 <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td>
4022 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td>
4023 <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td></tr>
4024 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td>
4025 <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td></tr>
4026 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
d96c89eb
AH		 4027
4028 <td><select name='PROTOCOL'><option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
4029 <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>
4030
4031 <td class='boldbase'>$Lang::tr{'destination port'}:</td>
ce9abb66 4032 <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td></tr>
d96c89eb 4033 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'} &nbsp;<img src='/blob.gif'</td>
ce9abb66 4034 <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>
d96c89eb
AH		 4035
4036 <tr><td class='boldbase' nowrap='nowrap'>mssfix &nbsp;<img src='/blob.gif' /></td>
4037 <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
54fd0535
MT		 4038 <td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td>
4039
4040 <tr><td class='boldbase' nowrap='nowrap'>fragment &nbsp;<img src='/blob.gif' /></td>
d96c89eb 4041 <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td>
cd0c0a0d 4042 <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td>
d96c89eb 4043
ce9abb66 4044 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;<img src='/blob.gif' /></td>
54fd0535
MT		 4045 <td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td>
4046 <td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td>
4047
4048 <tr><td class='boldbase' nowrap='nowrap'>Management Port&nbsp;<img src='/blob.gif' /></td>
4049 <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td>
4050 <td colspan='2'>$Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}</span></td>
ce9abb66
AH		 4051
4052END
2cdd0a43 4053;
ce9abb66 4054 }
d96c89eb 4055
6e13d0a5 4056 print "<tr><td class='boldbase'>$Lang::tr{'remark title'}&nbsp;<img src='/blob.gif' /></td>";
2cdd0a43 4057 print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr></table>";
c6c9630e 4058
ce9abb66
AH		 4059 if ($cgiparams{'TYPE'} eq 'host') {
4060
2cdd0a43
AM		 4061 print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>";
4062###########
4063#A.Marx CCD---neuer client
4064###########
4065 print"</tr></table><br><br>";
4066 print "<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td colspan='3'><hr><br><b>$Lang::tr{'ccd choose net'}</td></tr><tr><td height='20' colspan='3'></td></tr>";
4067 my %ccdconfhash=();
4068 my %ccdroutehash=();
4069 my %ccdroute2hash=();
4070 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
4071 my @ccdconf=();
4072 my $count=0;
4073 my $checked;
4074 $checked{'check1'}{'off'} = '';
4075 $checked{'check1'}{'on'} = '';
4076 $checked{'check1'}{$cgiparams{'CHECK1'}} = 'CHECKED';
4077 print"<tr><td align='center' width='1%' valign='top'><input type='radio' name='CHECK1' value='dynamic' checked /></td><td align='left' valign='top' width='35%'>$Lang::tr{'ccd dynrange'}</td><td width='30%'>";
4078 print"</td></tr></table><br><br>";
4079 my $name=$cgiparams{'CHECK1'};
4080 $checked{'RG'}{$cgiparams{'RG'}} = 'CHECKED';
4081 print"<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td width='1%'></td><td width='30%' class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td width='15%' class='boldbase' align='center'><b>$Lang::tr{'ccd net'}</td><td class='boldbase' align='center' width='18%'><b>$Lang::tr{'ccd clientip'}</td></tr>";
4082 foreach my $key (keys %ccdconfhash) {
4083 $count++;
4084 @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
4085 if ($count % 2){print"<tr bgcolor='$color{'color22'}'>";}else{print"<tr bgcolor='$color{'color20'}'>";}
4086 print"<td align='center' width='1%'><input type='radio' name='CHECK1' value='$ccdconf[0]' $checked{'check1'}{$ccdconf[0]}/></td><td>$ccdconf[0]</td><td width='40%'>$ccdconf[1]</td><td align='left' width='10%'>";
4087 &fillselectbox($ccdconf[1],$ccdconf[0],$cgiparams{$name});
4088 print"</td></tr>";
4089 }
4090 print "</table><br><br>";
4091print <<END
4092<table border='0' width='100%'>
4093<tr><td colspan='4'><hr><br><b>$Lang::tr{'ccd client options'}</td></tr>
4094<tr><td colspan='4' height='20'></td></tr>
4095<tr><td width='20%'>Redirect Gateway:</td><td colspan='3'><input type='checkbox' name='RG' $checked{'RG'}{'on'} /></td></tr>
4096<tr><td colspan='4'>&nbsp</td></tr>
4097<tr><td valign='top'>$Lang::tr{'ccd iroute'}<br>$Lang::tr{'ccd iroute2'}</td><td align='left' width='30%'><textarea name='IR' cols='26' rows='6' wrap='off'>
4098END
4099;
4100
4101if ($cgiparams{'IR'} ne ''){
4102 print $cgiparams{'IR'};
4103}else{
4104 &General::readhasharray ("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
4105 foreach my $key (keys %ccdroutehash) {
4106 if( $cgiparams{'NAME'} eq $ccdroutehash{$key}[0]){
4107 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
4108 $ccdroutehash{$key}[$i].="\n";
4109 print $ccdroutehash{$key}[$i];
4110 $cgiparams{'IR'} .= $ccdroutehash{$key}[$i];
4111 }
4112 }
4113 }
4114}
4115
4116print <<END
4117</textarea></td><td valign='top' colspan='2'>$Lang::tr{'ccd iroutehint'}</td></tr>
4118<tr><td colspan='4'><br></td></tr>
4119<tr><td valign='top' rowspan='3'>$Lang::tr{'ccd iroute'}<br>$Lang::tr{'ccd iroute3'}</td><td align='left' width='30%' rowspan='3'><textarea name='IFROUTE' cols='26' rows='6' wrap='off'>
4120END
4121;
4122if ($cgiparams{'IFROUTE'} ne ''){
4123 print $cgiparams{'IFROUTE'};
4124}else{
4125 &General::readhasharray ("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
4126 foreach my $key (keys %ccdroute2hash) {
4127 if( $cgiparams{'NAME'} eq $ccdroute2hash{$key}[0]){
4128 foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
4129 $ccdroute2hash{$key}[$i].="\n";
4130 print $ccdroute2hash{$key}[$i];
4131 $cgiparams{'IFROUTE'} .= $ccdroutehash{$key}[$i];
4132 }
4133 }
4134 }
4135}
4136
4137
4138print<<END
4139</textarea></td><td valign='top'>DNS1:</td><td valign='top'><input type='TEXT' name='CCD_DNS1' value='$cgiparams{'CCD_DNS1'}' size='30' /></td></tr>
4140<tr valign='top'><td>DNS2:</td><td><input type='TEXT' name='CCD_DNS2' value='$cgiparams{'CCD_DNS2'}' size='30' /></td></tr>
4141<tr valign='top'><td valign='top'>WINS:</td><td><input type='TEXT' name='CCD_WINS' value='$cgiparams{'CCD_WINS'}' size='30' /></td></tr>
ce9abb66 4142
2cdd0a43
AM		 4143</table><br><hr>
4144
4145
4146END
4147;
4148
4149
4150#CCD End
4151#########
4152
4153
4154 }
c6c9630e
MT		 4155# if ($cgiparams{'KEY'}) {
4156# print "<td colspan='3'>&nbsp;</td></tr></table>";
4157# } else {
4158# print "<td colspan='3'><input type='checkbox' name='EDIT_ADVANCED' $checked{'EDIT_ADVANCED'}{'on'} /> $Lang::tr{'edit advanced settings when done'}</tr></table>";
4159# }
4160# }else{
2cdd0a43 4161
c6c9630e 4162# }
6e13d0a5
MT		 4163 &Header::closebox();
4164 if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') {
c6c9630e
MT		 4165 # &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'});
4166 # print <<END
4167 # <table width='100%' cellpadding='0' cellspacing='5' border='0'>
4168 # <tr><td class='base' width='50%'>$Lang::tr{'use a pre-shared key'}</td>
4169 # <td class='base' width='50%'><input type='text' name='PSK' size='30' value='$cgiparams{'PSK'}' /></td></tr>
4170 # </table>
c6c9630e
MT		 4171 # ;
4172 # &Header::closebox();
6e13d0a5 4173 } elsif (! $cgiparams{'KEY'}) {
2cdd0a43
AM		 4174
4175
6e13d0a5
MT		 4176 my $disabled='';
4177 my $cakeydisabled='';
4178 my $cacrtdisabled='';
4179 if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" };
4180 if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" };
2cdd0a43 4181
6e13d0a5 4182 &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'});
ce9abb66
AH		 4183
4184
4185 if ($cgiparams{'TYPE'} eq 'host') {
4186
4187print <<END
6e13d0a5 4188 <table width='100%' cellpadding='0' cellspacing='5' border='0'>
54fd0535 4189
ce9abb66
AH		 4190 <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td><td class='base'>$Lang::tr{'upload a certificate request'}</td><td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr>
4191 <tr><td><input type='radio' name='AUTH' value='certfile' $checked{'AUTH'}{'certfile'} $cacrtdisabled /></td><td class='base'>$Lang::tr{'upload a certificate'}</td></tr>
54fd0535
MT		 4192 <tr><td colspan='3'>&nbsp;</td></tr>
4193 <tr><td colspan='3'><hr /></td></tr>
4194 <tr><td colspan='3'>&nbsp;</td></tr>
ce9abb66
AH		 4195 <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
4196 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users fullname or system hostname'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
4197 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users email'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
4198 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users department'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
4199 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'organization name'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
4200 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'city'}:&nbsp;<img src='/blob.gif'></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
4201 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'state or province'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
4202 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
6e13d0a5 4203END
ce9abb66
AH		 4204;
4205
2cdd0a43
AM		 4206
4207
4208
4209
ce9abb66 4210###
7c1d9faf 4211# m.a.d net2net
ce9abb66
AH		 4212###
4213
4214} else {
4215
4216print <<END
4217 <table width='100%' cellpadding='0' cellspacing='5' border='0'>
4218
4219 <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
4220 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users fullname or system hostname'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
4221 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users email'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
4222 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users department'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
4223 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'organization name'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
4224 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'city'}:&nbsp;<img src='/blob.gif'></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
4225 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'state or province'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
4226 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
54fd0535
MT		 4227
4228
ce9abb66
AH		 4229END
4230;
4231
4232}
4233
4234###
7c1d9faf 4235# m.a.d net2net
ce9abb66 4236###
c6c9630e 4237
6e13d0a5
MT		 4238 foreach my $country (sort keys %{Countries::countries}) {
4239 print "<option value='$Countries::countries{$country}'";
4240 if ( $Countries::countries{$country} eq $cgiparams{'CERT_COUNTRY'} ) {
4241 print " selected='selected'";
4242 }
4243 print ">$country</option>";
4244 }
ce9abb66 4245###
7c1d9faf 4246# m.a.d net2net
ce9abb66
AH		 4247###
4248
4249if ($cgiparams{'TYPE'} eq 'host') {
6e13d0a5
MT		 4250 print <<END
4251 </select></td></tr>
ce9abb66 4252
54fd0535 4253 <td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):</td>
ce9abb66
AH		 4254 <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
4255 <tr><td>&nbsp;</td>
6e13d0a5
MT		 4256 <td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
4257 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value='$cgiparams{'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr>
4258 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'pkcs12 file password'}:<BR>($Lang::tr{'confirmation'})</td>
4259 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr>
54fd0535
MT		 4260 <tr><td colspan='3'>&nbsp;</td></tr>
4261 <tr><td colspan='3'><hr /></td></tr>
4262 <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
ce9abb66
AH		 4263 </table>
4264END
4265}else{
4266 print <<END
4267 </select></td></tr>
4268 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
4269 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
54fd0535
MT		 4270 <tr><td colspan='3'><hr /></td></tr>
4271 <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
ce9abb66
AH		 4272 </table>
4273
c6c9630e 4274END
ce9abb66
AH		 4275}
4276
4277###
7c1d9faf 4278# m.a.d net2net
ce9abb66 4279###
c6c9630e
MT		 4280 ;
4281 &Header::closebox();
4282 }
6e13d0a5 4283
c6c9630e
MT		 4284 print "<div align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
4285 if ($cgiparams{'KEY'}) {
4286# print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced'}' />";
4287 }
4288 print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>";
4289 &Header::closebigbox();
4290 &Header::closepage();
4291 exit (0);
6e13d0a5 4292 }
c6c9630e 4293 VPNCONF_END:
6e13d0a5 4294}
c6c9630e
MT		 4295
4296# SETTINGS_ERROR:
6e13d0a5
MT		 4297###
4298### Default status page
4299###
c6c9630e
MT		 4300 %cgiparams = ();
4301 %cahash = ();
4302 %confighash = ();
4303 &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
4304 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
4305 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
4306
4e17adad 4307 my @status = `/bin/cat /var/log/ovpnserver.log`;
c6c9630e
MT		 4308
4309 if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
6e13d0a5
MT		 4310 if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
4311 my $ipaddr = <IPADDR>;
4312 close IPADDR;
4313 chomp ($ipaddr);
4314 $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
4315 if ($cgiparams{'VPN_IP'} eq '') {
c6c9630e 4316 $cgiparams{'VPN_IP'} = $ipaddr;
6e13d0a5
MT		 4317 }
4318 }
c6c9630e
MT		 4319 }
4320
6e13d0a5 4321#default setzen
c6c9630e 4322 if ($cgiparams{'DCIPHER'} eq '') {
6e13d0a5 4323 $cgiparams{'DCIPHER'} = 'BF-CBC';
c6c9630e 4324 }
6e13d0a5
MT		 4325# if ($cgiparams{'DCOMPLZO'} eq '') {
4326# $cgiparams{'DCOMPLZO'} = 'on';
4327# }
c6c9630e 4328 if ($cgiparams{'DDEST_PORT'} eq '') {
6e13d0a5 4329 $cgiparams{'DDEST_PORT'} = '1194';
c6c9630e
MT		 4330 }
4331 if ($cgiparams{'DMTU'} eq '') {
6e13d0a5 4332 $cgiparams{'DMTU'} = '1400';
c6c9630e
MT		 4333 }
4334 if ($cgiparams{'DOVPN_SUBNET'} eq '') {
6e13d0a5 4335 $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
c6c9630e
MT		 4336 }
4337
4338 $checked{'ENABLED'}{'off'} = '';
4339 $checked{'ENABLED'}{'on'} = '';
4340 $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
4341 $checked{'ENABLED_BLUE'}{'off'} = '';
4342 $checked{'ENABLED_BLUE'}{'on'} = '';
4343 $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED';
4344 $checked{'ENABLED_ORANGE'}{'off'} = '';
4345 $checked{'ENABLED_ORANGE'}{'on'} = '';
4346 $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
c6c9630e
MT		 4347 $selected{'DDEVICE'}{'tun'} = '';
4348 $selected{'DDEVICE'}{'tap'} = '';
4349 $selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED';
4350
4351 $selected{'DPROTOCOL'}{'udp'} = '';
4352 $selected{'DPROTOCOL'}{'tcp'} = '';
4353 $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
4354
4355 $selected{'DCIPHER'}{'DES-CBC'} = '';
4356 $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
4357 $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
4358 $selected{'DCIPHER'}{'DESX-CBC'} = '';
4359 $selected{'DCIPHER'}{'RC2-CBC'} = '';
4360 $selected{'DCIPHER'}{'RC2-40-CBC'} = '';
4361 $selected{'DCIPHER'}{'RC2-64-CBC'} = '';
4362 $selected{'DCIPHER'}{'BF-CBC'} = '';
4363 $selected{'DCIPHER'}{'CAST5-CBC'} = '';
4364 $selected{'DCIPHER'}{'AES-128-CBC'} = '';
4365 $selected{'DCIPHER'}{'AES-192-CBC'} = '';
4366 $selected{'DCIPHER'}{'AES-256-CBC'} = '';
4367 $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
4368 $checked{'DCOMPLZO'}{'off'} = '';
4369 $checked{'DCOMPLZO'}{'on'} = '';
4370 $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
d96c89eb
AH		 4371# m.a.d
4372 $checked{'MSSFIX'}{'off'} = '';
4373 $checked{'MSSFIX'}{'on'} = '';
4374 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
6e13d0a5 4375#new settings
c6c9630e
MT		 4376 &Header::showhttpheaders();
4377 &Header::openpage($Lang::tr{'status ovpn'}, 1, '');
4378 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
6e13d0a5 4379
c6c9630e 4380 if ($errormessage) {
6e13d0a5
MT		 4381 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
4382 print "<class name='base'>$errormessage\n";
4383 print "&nbsp;</class>\n";
4384 &Header::closebox();
c6c9630e 4385 }
6e13d0a5 4386
c6c9630e
MT		 4387 my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
4388 my $srunning = "no";
4389 my $activeonrun = "";
4390 if ( -e "/var/run/openvpn.pid"){
6e13d0a5
MT		 4391 $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'running'}</font></b></td></tr></table>";
4392 $srunning ="yes";
4393 $activeonrun = "";
c6c9630e 4394 } else {
6e13d0a5 4395 $activeonrun = "disabled='disabled'";
c6c9630e 4396 }
afabe9f7 4397 &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'});
c6c9630e 4398 print <<END
2cdd0a43 4399 <table width='100%' border=0>
c6c9630e
MT		 4400 <form method='post'>
4401 <td width='25%'>&nbsp;</td>
4402 <td width='25%'>&nbsp;</td>
4403 <td width='25%'>&nbsp;</td></tr>
4404 <tr><td class='boldbase'>$Lang::tr{'ovpn server status'}</td>
4405 <td align='left'>$sactive</td>
4406 <tr><td class='boldbase'>$Lang::tr{'ovpn on red'}</td>
4407 <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
4408END
4409;
4410 if (&haveBlueNet()) {
4411 print "<tr><td class='boldbase'>$Lang::tr{'ovpn on blue'}</td>";
4412 print "<td><input type='checkbox' name='ENABLED_BLUE' $checked{'ENABLED_BLUE'}{'on'} /></td>";
4413 }
4414 if (&haveOrangeNet()) {
4415 print "<tr><td class='boldbase'>$Lang::tr{'ovpn on orange'}</td>";
4416 print "<td><input type='checkbox' name='ENABLED_ORANGE' $checked{'ENABLED_ORANGE'}{'on'} /></td>";
4417 }
4418 print <<END
4e17adad
CS		 4419 <tr><td class='base' nowrap='nowrap' colspan='2'>$Lang::tr{'local vpn hostname/ip'}:<br /><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' size='30' /></td>
4420 <td class='boldbase' nowrap='nowrap' colspan='2'>$Lang::tr{'ovpn subnet'}<br /><input type='TEXT' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}' size='30' /></td></tr>
c6c9630e
MT		 4421 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn device'}</td>
4422 <td><select name='DDEVICE' ><option value='tun' $selected{'DDEVICE'}{'tun'}>TUN</option>
ee79343e
JPT		 4423 <!-- this is still not working
4424 <option value='tap' $selected{'DDEVICE'}{'tap'}>TAP</option></select>--> </td>
c6c9630e
MT		 4425 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
4426 <td><select name='DPROTOCOL'><option value='udp' $selected{'DPROTOCOL'}{'udp'}>UDP</option>
4427 <option value='tcp' $selected{'DPROTOCOL'}{'tcp'}>TCP</option></select></td>
4428 <td class='boldbase'>$Lang::tr{'destination port'}:</td>
4429 <td><input type='TEXT' name='DDEST_PORT' value='$cgiparams{'DDEST_PORT'}' size='5' /></td></tr>
4430 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;</td>
4431 <td> <input type='TEXT' name='DMTU' VALUE='$cgiparams{'DMTU'}'size='5' /></TD>
4432 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
4433 <td><input type='checkbox' name='DCOMPLZO' $checked{'DCOMPLZO'}{'on'} /></td>
4434 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>
4435 <td><select name='DCIPHER'><option value='DES-CBC' $selected{'DCIPHER'}{'DES-CBC'}>DES-CBC</option>
4436 <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC</option>
4437 <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC</option>
4438 <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC</option>
4439 <option value='RC2-CBC' $selected{'DCIPHER'}{'RC2-CBC'}>RC2-CBC</option>
4440 <option value='RC2-40-CBC' $selected{'DCIPHER'}{'RC2-40-CBC'}>RC2-40-CBC</option>
4441 <option value='RC2-64-CBC' $selected{'DCIPHER'}{'RC2-64-CBC'}>RC2-64-CBC</option>
4442 <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC</option>
4443 <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>
4444 <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>
4445 <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>
2cdd0a43
AM		 4446 <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td></tr>
4447 <tr><td colspan='4'><hr /></td></tr>
c6c9630e
MT		 4448END
4449;
4450
4451 if ( $srunning eq "yes" ) {
2cdd0a43
AM		 4452 print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' disabled='disabled' />";
4453#A.Marx CCD
4454 print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' disabled='disabled'/>";
4455###########
4456 print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' disabled='disabled'/>";
4457 print "<input type='submit' name='ACTION' value='$Lang::tr{'stop ovpn server'}' /></td></tr>";
4458 #print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' /></td></tr>";
c6c9630e 4459 } else{
2cdd0a43
AM		 4460 print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
4461#A.Marx CCD
4462 print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />";
4463###########
4464 print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />";
c6c9630e
MT		 4465 if (( -e "${General::swroot}/ovpn/ca/cacert.pem" &&
4466 -e "${General::swroot}/ovpn/ca/dh1024.pem" &&
4467 -e "${General::swroot}/ovpn/certs/servercert.pem" &&
4468 -e "${General::swroot}/ovpn/certs/serverkey.pem") &&
4469 (( $cgiparams{'ENABLED'} eq 'on') ||
4470 ( $cgiparams{'ENABLED_BLUE'} eq 'on') ||
4471 ( $cgiparams{'ENABLED_ORANGE'} eq 'on'))){
2cdd0a43
AM		 4472 print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' /></td></tr>";
4473 #print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' /></td></tr>";
c6c9630e 4474 } else {
2cdd0a43
AM		 4475 print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' disabled='disabled' /></td></tr>";
4476 #print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' disabled='disabled' /></td></tr>";
c6c9630e
MT		 4477 }
4478 }
4479 print "</form></table>";
4480 &Header::closebox();
4481 &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}:");
4482 print <<EOF#'
4483 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
4484 <tr>
4485 <td width='25%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td>
6e13d0a5
MT		 4486 <td width='65%' class='boldbase' align='center'><b>$Lang::tr{'subject'}</b></td>
4487 <td width='10%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></td>
c6c9630e 4488 </tr>
6e13d0a5
MT		 4489EOF
4490 ;
c6c9630e 4491 if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
6e13d0a5
MT		 4492 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
4493 $casubject =~ /Subject: (.*)[\n]/;
4494 $casubject = $1;
4495 $casubject =~ s+/Email+, E+;
4496 $casubject =~ s/ ST=/ S=/;
c6c9630e 4497
6e13d0a5 4498 print <<END
4e17adad 4499 <tr bgcolor='$color{'color22'}'>
c6c9630e
MT		 4500 <td class='base'>$Lang::tr{'root certificate'}</td>
4501 <td class='base'>$casubject</td>
4502 <form method='post' name='frmrootcrta'><td width='3%' align='center'>
4503 <input type='hidden' name='ACTION' value='$Lang::tr{'show root certificate'}' />
4504 <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show root certificate'}' title='$Lang::tr{'show root certificate'}' width='20' height='20' border='0' />
4505 </td></form>
4506 <form method='post' name='frmrootcrtb'><td width='3%' align='center'>
438dd0cc 4507 <input type='image' name='$Lang::tr{'download root certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download root certificate'}' title='$Lang::tr{'download root certificate'}' border='0' />
6e13d0a5 4508 <input type='hidden' name='ACTION' value='$Lang::tr{'download root certificate'}' />
c6c9630e
MT		 4509 </td></form>
4510 <td width='4%'>&nbsp;</td></tr>
6e13d0a5
MT		 4511END
4512 ;
c6c9630e 4513 } else {
6e13d0a5
MT		 4514 # display rootcert generation buttons
4515 print <<END
4e17adad 4516 <tr bgcolor='$color{'color22'}'>
6e13d0a5
MT		 4517 <td class='base'>$Lang::tr{'root certificate'}:</td>
4518 <td class='base'>$Lang::tr{'not present'}</td>
4519 <td colspan='3'>&nbsp;</td></tr>
4520END
4521 ;
c6c9630e 4522 }
6e13d0a5 4523
c6c9630e 4524 if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
6e13d0a5
MT		 4525 my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
4526 $hostsubject =~ /Subject: (.*)[\n]/;
4527 $hostsubject = $1;
4528 $hostsubject =~ s+/Email+, E+;
4529 $hostsubject =~ s/ ST=/ S=/;
c6c9630e 4530
6e13d0a5 4531 print <<END
4e17adad 4532 <tr bgcolor='$color{'color20'}'>
6e13d0a5
MT		 4533 <td class='base'>$Lang::tr{'host certificate'}</td>
4534 <td class='base'>$hostsubject</td>
4535 <form method='post' name='frmhostcrta'><td width='3%' align='center'>
c6c9630e
MT		 4536 <input type='hidden' name='ACTION' value='$Lang::tr{'show host certificate'}' />
4537 <input type='image' name='$Lang::tr{'show host certificate'}' src='/images/info.gif' alt='$Lang::tr{'show host certificate'}' title='$Lang::tr{'show host certificate'}' width='20' height='20' border='0' />
6e13d0a5
MT		 4538 </td></form>
4539 <form method='post' name='frmhostcrtb'><td width='3%' align='center'>
438dd0cc 4540 <input type='image' name='$Lang::tr{'download host certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download host certificate'}' title='$Lang::tr{'download host certificate'}' border='0' />
c6c9630e 4541 <input type='hidden' name='ACTION' value='$Lang::tr{'download host certificate'}' />
6e13d0a5
MT		 4542 </td></form>
4543 <td width='4%'>&nbsp;</td></tr>
4544END
4545 ;
c6c9630e 4546 } else {
6e13d0a5
MT		 4547 # Nothing
4548 print <<END
4e17adad 4549 <tr bgcolor='$color{'color20'}'>
6e13d0a5
MT		 4550 <td width='25%' class='base'>$Lang::tr{'host certificate'}:</td>
4551 <td class='base'>$Lang::tr{'not present'}</td>
4552 </td><td colspan='3'>&nbsp;</td></tr>
4553END
4554 ;
c6c9630e 4555 }
6e13d0a5 4556
c6c9630e
MT		 4557 if (! -f "${General::swroot}/ovpn/ca/cacert.pem") {
4558 print "<tr><td colspan='5' align='center'><form method='post'>";
6e13d0a5 4559 print "<input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' />";
c6c9630e
MT		 4560 print "</form></td></tr>\n";
4561 }
6e13d0a5 4562
c6c9630e 4563 if (keys %cahash > 0) {
6e13d0a5 4564 foreach my $key (keys %cahash) {
c6c9630e 4565 if (($key + 1) % 2) {
4e17adad 4566 print "<tr bgcolor='$color{'color20'}'>\n";
c6c9630e 4567 } else {
4e17adad 4568 print "<tr bgcolor='$color{'color22'}'>\n";
c6c9630e
MT		 4569 }
4570 print "<td class='base'>$cahash{$key}[0]</td>\n";
4571 print "<td class='base'>$cahash{$key}[1]</td>\n";
4572 print <<END
4573 <form method='post' name='cafrm${key}a'><td align='center'>
6e13d0a5
MT		 4574 <input type='image' name='$Lang::tr{'show ca certificate'}' src='/images/info.gif' alt='$Lang::tr{'show ca certificate'}' title='$Lang::tr{'show ca certificate'}' border='0' />
4575 <input type='hidden' name='ACTION' value='$Lang::tr{'show ca certificate'}' />
4576 <input type='hidden' name='KEY' value='$key' />
c6c9630e
MT		 4577 </td></form>
4578 <form method='post' name='cafrm${key}b'><td align='center'>
438dd0cc 4579 <input type='image' name='$Lang::tr{'download ca certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download ca certificate'}' title='$Lang::tr{'download ca certificate'}' border='0' />
6e13d0a5
MT		 4580 <input type='hidden' name='ACTION' value='$Lang::tr{'download ca certificate'}' />
4581 <input type='hidden' name='KEY' value='$key' />
c6c9630e
MT		 4582 </td></form>
4583 <form method='post' name='cafrm${key}c'><td align='center'>
6e13d0a5
MT		 4584 <input type='hidden' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
4585 <input type='image' name='$Lang::tr{'remove ca certificate'}' src='/images/delete.gif' alt='$Lang::tr{'remove ca certificate'}' title='$Lang::tr{'remove ca certificate'}' width='20' height='20' border='0' />
4586 <input type='hidden' name='KEY' value='$key' />
c6c9630e 4587 </td></form></tr>
6e13d0a5
MT		 4588END
4589 ;
4590 }
c6c9630e
MT		 4591 }
4592
4593 print "</table>";
4594
4595 # If the file contains entries, print Key to action icons
4596 if ( -f "${General::swroot}/ovpn/ca/cacert.pem") {
4597 print <<END
4598 <table>
4599 <tr>
6e13d0a5
MT		 4600 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
4601 <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
4602 <td class='base'>$Lang::tr{'show certificate'}</td>
438dd0cc 4603 <td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' /></td>
6e13d0a5 4604 <td class='base'>$Lang::tr{'download certificate'}</td>
c6c9630e
MT		 4605 </tr>
4606 </table>
6e13d0a5 4607END
2cdd0a43 4608;
c6c9630e 4609 }
2cdd0a43
AM		 4610
4611print <<END
4612<form method='post' enctype='multipart/form-data'>
4613<table width='100%' border='0'>
4614<tr><td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td><td nowrap='nowrap' ><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' /></td><td nowrap='nowrap' colspan='2' align='right'><input type='file' name='FH' size='34' /></td></tr>
4615<tr><td colspan='4'><hr /></td></tr>
4616<tr align='right'><td colspan='4' align='right' width='80%'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td></tr>
4617</table>
6e13d0a5 4618END
2cdd0a43
AM		 4619;
4620
c6c9630e
MT		 4621
4622 &Header::closebox();
4623 if ( $srunning eq "yes" ) {
6e13d0a5 4624 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' disabled='disabled' /></div></form>\n";
c6c9630e
MT		 4625 }else{
4626 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' /></div></form>\n";
4627 }
4628 if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
ce9abb66
AH		 4629
4630###
7c1d9faf 4631# m.a.d net2net
54fd0535 4632#<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b><br /><img src='/images/null.gif' width='125' height='1' border='0' alt='L2089' /></td>
ce9abb66
AH		 4633###
4634
c6c9630e
MT		 4635 &Header::openbox('100%', 'LEFT', $Lang::tr{'Client status and controlc' });
4636 print <<END
ce9abb66
AH		 4637
4638
c6c9630e
MT		 4639 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
4640<tr>
4641 <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td>
4642 <td width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></td>
4643 <td width='18%' class='boldbase' align='center'><b>$Lang::tr{'common name'}</b></td>
2cdd0a43 4644 <td width='22%' class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</b></td>
54fd0535 4645 <td width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td>
c6c9630e
MT		 4646 <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></td>
4647 <td width='5%' class='boldbase' colspan='6' align='center'><b>$Lang::tr{'action'}</b></td>
4648</tr>
6e13d0a5 4649END
c6c9630e
MT		 4650 ;
4651 my $id = 0;
4652 my $gif;
542b31d6 4653 foreach my $key (sort { uc($confighash{$a}[1]) cmp uc($confighash{$b}[1]) } keys %confighash) {
c6c9630e
MT		 4654 if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
4655
4656 if ($id % 2) {
4e17adad 4657 print "<tr bgcolor='$color{'color20'}'>\n";
bb89e92a 4658 } else {
4e17adad 4659 print "<tr bgcolor='$color{'color22'}'>\n";
c6c9630e
MT		 4660 }
4661 print "<td align='center' nowrap='nowrap'>$confighash{$key}[1]</td>";
4662 print "<td align='center' nowrap='nowrap'>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>";
4663 if ($confighash{$key}[4] eq 'cert') {
4664 print "<td align='left' nowrap='nowrap'>$confighash{$key}[2]</td>";
4665 } else {
4666 print "<td align='left'>&nbsp;</td>";
4667 }
4668 my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
4669 $cavalid =~ /Not After : (.*)[\n]/;
4670 $cavalid = $1;
2cdd0a43
AM		 4671 if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]="net-2-net";}
4672 if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'host' ){$confighash{$key}[32]="dynamic";}
4673 print "<td align='center'>$confighash{$key}[32]</td>";
c6c9630e 4674 print "<td align='center'>$confighash{$key}[25]</td>";
ce9abb66 4675
c6c9630e 4676 my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
ce9abb66 4677
c6c9630e 4678 if ($confighash{$key}[0] eq 'off') {
54fd0535 4679 $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
c6c9630e 4680 } else {
ce9abb66
AH		 4681
4682###
7c1d9faf 4683# m.a.d net2net
b278daf3
AH		 4684###
4685
4686 if ($confighash{$key}[3] eq 'net') {
54fd0535
MT		 4687
4688 if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
4689 my @output = "";
4690 my @tustate = "";
4691 my $tport = $confighash{$key}[22];
4692 my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport);
4693 if ($tport ne '') {
4694 $tnet->open('127.0.0.1');
4695 @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/');
4696 @tustate = split(/\,/, $output[1]);
4697###
4698#CONNECTING -- OpenVPN's initial state.
4699#WAIT -- (Client only) Waiting for initial response from server.
4700#AUTH -- (Client only) Authenticating with server.
4701#GET_CONFIG -- (Client only) Downloading configuration options from server.
4702#ASSIGN_IP -- Assigning IP address to virtual network interface.
4703#ADD_ROUTES -- Adding routes to system.
4704#CONNECTED -- Initialization Sequence Completed.
4705#RECONNECTING -- A restart has occurred.
4706#EXITING -- A graceful exit is in progress.
4707####
4708
4709 if ( $tustate[1] eq 'CONNECTED') {
4710 $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></tr></td></table>";
4711 } else {
4712 $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$tustate[1]</font></b></td></tr></table>";
4713 }
4714 }
4715 }
4716 } else {
b278daf3
AH		 4717
4718 my $cn;
4719 my @match = ();
4720 foreach my $line (@status) {
4721 chomp($line);
4722 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
4723 @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
4724 if ($match[1] ne "Common Name") {
4725 $cn = $match[1];
4726 }
4727 $cn =~ s/[_]/ /g;
4728 if ($cn eq "$confighash{$key}[2]") {
4729 $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>";
4730 }
54fd0535 4731 }
b278daf3 4732
c6c9630e 4733 }
7c1d9faf
AH		 4734}
4735}
ce9abb66
AH		 4736
4737
c6c9630e
MT		 4738 my $disable_clientdl = "disabled='disabled'";
4739 if (( $cgiparams{'ENABLED'} eq 'on') ||
4740 ( $cgiparams{'ENABLED_BLUE'} eq 'on') ||
4741 ( $cgiparams{'ENABLED_ORANGE'} eq 'on')){
4742 $disable_clientdl = "";
4743 }
4744 print <<END
4745 <td align='center'>$active</td>
4746
4747 <form method='post' name='frm${key}a'><td align='center'>
4748 <input type='image' name='$Lang::tr{'dl client arch'}' $disable_clientdl src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
4749 <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' $disable_clientdl />
4750 <input type='hidden' name='KEY' value='$key' $disable_clientdl />
4751 </td></form>
4752END
4753 ;
4754 if ($confighash{$key}[4] eq 'cert') {
4755 print <<END
4756 <form method='post' name='frm${key}b'><td align='center'>
4757 <input type='image' name='$Lang::tr{'show certificate'}' src='/images/info.gif' alt='$Lang::tr{'show certificate'}' title='$Lang::tr{'show certificate'}' border='0' />
4758 <input type='hidden' name='ACTION' value='$Lang::tr{'show certificate'}' />
4759 <input type='hidden' name='KEY' value='$key' />
4760 </td></form>
4761END
4762 ; } else {
4763 print "<td>&nbsp;</td>";
4764 }
4765 if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") {
4766 print <<END
4767 <form method='post' name='frm${key}c'><td align='center'>
438dd0cc 4768 <input type='image' name='$Lang::tr{'download pkcs12 file'}' src='/images/media-floppy.png' alt='$Lang::tr{'download pkcs12 file'}' title='$Lang::tr{'download pkcs12 file'}' border='0' />
c6c9630e
MT		 4769 <input type='hidden' name='ACTION' value='$Lang::tr{'download pkcs12 file'}' />
4770 <input type='hidden' name='KEY' value='$key' />
4771 </td></form>
4772END
4773 ; } elsif ($confighash{$key}[4] eq 'cert') {
4774 print <<END
4775 <form method='post' name='frm${key}c'><td align='center'>
438dd0cc 4776 <input type='image' name='$Lang::tr{'download certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' title='$Lang::tr{'download certificate'}' border='0' />
c6c9630e
MT		 4777 <input type='hidden' name='ACTION' value='$Lang::tr{'download certificate'}' />
4778 <input type='hidden' name='KEY' value='$key' />
4779 </td></form>
4780END
4781 ; } else {
4782 print "<td>&nbsp;</td>";
4783 }
4784 print <<END
4785 <form method='post' name='frm${key}d'><td align='center'>
4786 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$Lang::tr{'toggle enable disable'}' title='$Lang::tr{'toggle enable disable'}' border='0' />
4787 <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
4788 <input type='hidden' name='KEY' value='$key' />
4789 </td></form>
4790
4791 <form method='post' name='frm${key}e'><td align='center'>
4792 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
4793 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' width='20' height='20' border='0'/>
4794 <input type='hidden' name='KEY' value='$key' />
4795 </td></form>
4796 <form method='post' name='frm${key}f'><td align='center'>
4797 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
4798 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' width='20' height='20' border='0' />
4799 <input type='hidden' name='KEY' value='$key' />
4800 </td></form>
4801 </tr>
4802END
4803 ;
4804 $id++;
4805 }
4806 ;
4807
4808 # If the config file contains entries, print Key to action icons
4809 if ( $id ) {
4810 print <<END
2cdd0a43 4811 <table border='0'>
c6c9630e
MT		 4812 <tr>
4813 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
4814 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
4815 <td class='base'>$Lang::tr{'click to disable'}</td>
4816 <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
4817 <td class='base'>$Lang::tr{'show certificate'}</td>
4818 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
4819 <td class='base'>$Lang::tr{'edit'}</td>
4820 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
4821 <td class='base'>$Lang::tr{'remove'}</td>
4822 </tr>
4823 <tr>
4824 <td>&nbsp; </td>
4825 <td>&nbsp; <img src='/images/off.gif' alt='?OFF' /></td>
4826 <td class='base'>$Lang::tr{'click to enable'}</td>
aa7eb426 4827 <td> <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
c6c9630e 4828 <td class='base'>$Lang::tr{'download certificate'}</td>
aa7eb426 4829 <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td>
c6c9630e
MT		 4830 <td class='base'>$Lang::tr{'dl client arch'}</td>
4831 </tr>
2cdd0a43 4832 </table><hr>
c6c9630e
MT		 4833END
4834 ;
4835 }
4836
4837 print <<END
4838 <table width='100%'>
4839 <form method='post'>
2cdd0a43
AM		 4840 <tr><td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' />
4841 <input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td></tr>
c6c9630e
MT		 4842 </form>
4843 </table>
4844END
4845 ;
4846 &Header::closebox();
bb89e92a 4847}
115340d2 4848&Header::closepage();
ce9abb66
AH		 4849
4850
4851
IPFire 2.x development tree