print "Error in RRD::graph for ".$interface.": ".$ERROR."\n" if $ERROR;
}
+sub updatevpngraph {
+ my $interface = $_[0];
+ my $period = $_[1];
+ RRDs::graph(
+ "-",
+ "--start",
+ "-1".$period,
+ "-aPNG",
+ "-i",
+ "-z",
+ "-W www.ipfire.org",
+ "--alt-y-grid",
+ "-w 600",
+ "-h 125",
+ "-r",
+ "-t ".$Lang::tr{'traffic on'}." ".$interface." ".$Lang::tr{'graph per'}." ".$Lang::tr{$period."-graph"},
+ "-v ".$Lang::tr{'bytes per second'},
+ "--color=SHADEA".$color{"color19"},
+ "--color=SHADEB".$color{"color19"},
+ "--color=BACK".$color{"color21"},
+ "DEF:incoming=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive.rrd:rx:AVERAGE",
+ "DEF:outgoing=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive.rrd:tx:AVERAGE",
+ "CDEF:outgoingn=outgoing,-1,*",
+ "COMMENT:".sprintf("%-20s",$Lang::tr{'caption'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'minimal'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
+ "AREA:incoming#00dd00:".sprintf("%-20s",$Lang::tr{'incoming traffic in bytes per second'}),
+ "GPRINT:incoming:MAX:%8.1lf %sBps",
+ "GPRINT:incoming:AVERAGE:%8.1lf %sBps",
+ "GPRINT:incoming:MIN:%8.1lf %sBps",
+ "GPRINT:incoming:LAST:%8.1lf %sBps\\j",
+ "AREA:outgoingn#dd0000:".sprintf("%-20s",$Lang::tr{'outgoing traffic in bytes per second'}),
+ "GPRINT:outgoing:MAX:%8.1lf %sBps",
+ "GPRINT:outgoing:AVERAGE:%8.1lf %sBps",
+ "GPRINT:outgoing:MIN:%8.1lf %sBps",
+ "GPRINT:outgoing:LAST:%8.1lf %sBps\\j",
+ );
+ $ERROR = RRDs::error;
+ print "Error in RRD::graph for ".$interface.": ".$ERROR."\n" if $ERROR;
+}
+
+sub updatevpnn2ngraph {
+ my $interface = $_[0];
+ my $period = $_[1];
+ RRDs::graph(
+ "-",
+ "--start",
+ "-1".$period,
+ "-aPNG",
+ "-i",
+ "-z",
+ "-W www.ipfire.org",
+ "--alt-y-grid",
+ "-w 600",
+ "-h 125",
+ "-r",
+ "-t ".$Lang::tr{'traffic on'}." ".$interface." ".$Lang::tr{'graph per'}." ".$Lang::tr{$period."-graph"},
+ "-v ".$Lang::tr{'bytes per second'},
+ "--color=SHADEA".$color{"color19"},
+ "--color=SHADEB".$color{"color19"},
+ "--color=BACK".$color{"color21"},
+ "DEF:incoming=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive-traffic.rrd:rx:AVERAGE",
+ "DEF:outgoing=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive-traffic.rrd:tx:AVERAGE",
+ "DEF:overhead_in=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive-overhead.rrd:rx:AVERAGE",
+ "DEF:overhead_out=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive-overhead.rrd:tx:AVERAGE",
+ "DEF:compression_in=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/compression_derive-data_in.rrd:uncompressed:AVERAGE",
+ "DEF:compression_out=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/compression_derive-data_out.rrd:uncompressed:AVERAGE",
+ "CDEF:outgoingn=outgoing,-1,*",
+ "CDEF:overhead_outn=overhead_out,-1,*",
+ "CDEF:compression_outn=compression_out,-1,*",
+ "COMMENT:".sprintf("%-20s",$Lang::tr{'caption'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'minimal'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
+ "AREA:incoming#00dd00:".sprintf("%-20s",$Lang::tr{'incoming traffic in bytes per second'}),
+ "GPRINT:incoming:MAX:%8.1lf %sBps",
+ "GPRINT:incoming:AVERAGE:%8.1lf %sBps",
+ "GPRINT:incoming:MIN:%8.1lf %sBps",
+ "GPRINT:incoming:LAST:%8.1lf %sBps\\j",
+ "STACK:overhead_in#116B11:".sprintf("%-20s",$Lang::tr{'incoming overhead in bytes per second'}),
+ "GPRINT:overhead_in:MAX:%8.1lf %sBps",
+ "GPRINT:overhead_in:AVERAGE:%8.1lf %sBps",
+ "GPRINT:overhead_in:MIN:%8.1lf %sBps",
+ "GPRINT:overhead_in:LAST:%8.1lf %sBps\\j",
+ "LINE1:compression_in#ff00ff:".sprintf("%-20s",$Lang::tr{'incoming compression in bytes per second'}),
+ "GPRINT:compression_in:MAX:%8.1lf %sBps",
+ "GPRINT:compression_in:AVERAGE:%8.1lf %sBps",
+ "GPRINT:compression_in:MIN:%8.1lf %sBps",
+ "GPRINT:compression_in:LAST:%8.1lf %sBps\\j",
+ "AREA:outgoingn#dd0000:".sprintf("%-20s",$Lang::tr{'outgoing traffic in bytes per second'}),
+ "GPRINT:outgoing:MAX:%8.1lf %sBps",
+ "GPRINT:outgoing:AVERAGE:%8.1lf %sBps",
+ "GPRINT:outgoing:MIN:%8.1lf %sBps",
+ "GPRINT:outgoing:LAST:%8.1lf %sBps\\j",
+ "STACK:overhead_outn#870C0C:".sprintf("%-20s",$Lang::tr{'outgoing overhead in bytes per second'}),
+ "GPRINT:overhead_out:MAX:%8.1lf %sBps",
+ "GPRINT:overhead_out:AVERAGE:%8.1lf %sBps",
+ "GPRINT:overhead_out:MIN:%8.1lf %sBps",
+ "GPRINT:overhead_out:LAST:%8.1lf %sBps\\j",
+ "LINE1:compression_outn#000000:".sprintf("%-20s",$Lang::tr{'outgoing compression in bytes per second'}),
+ "GPRINT:compression_out:MAX:%8.1lf %sBps",
+ "GPRINT:compression_out:AVERAGE:%8.1lf %sBps",
+ "GPRINT:compression_out:MIN:%8.1lf %sBps",
+ "GPRINT:compression_out:LAST:%8.1lf %sBps\\j",
+ );
+ $ERROR = RRDs::error;
+ print "Error in RRD::graph for ".$interface.": ".$ERROR."\n" if $ERROR;
+}
+
# Generate the Firewall Graph for the current period of time for values given by collecd
sub updatefwhitsgraph {
#include "/etc/collectd.thermal"
include "/etc/collectd.custom"
+include "/etc/collectd.vpn"
--- /dev/null
+LoadPlugin openvpn
+
+<Plugin openvpn>
+StatusFile "/var/run/ovpnserver.log"
+</Plugin>
'title' => "$Lang::tr{'network other'}",
'enabled' => 1,
};
+ $substatus->{'53.networkovpn'} = {
+ 'caption' => "$Lang::tr{'openvpn client'}",
+ 'uri' => '/cgi-bin/netovpnrw.cgi',
+ 'title' => "$Lang::tr{'openvpn client'}",
+ 'enabled' => 1,
+ };
+ $substatus->{'54.networkovpnsrv'} = {
+ 'caption' => "$Lang::tr{'openvpn server'}",
+ 'uri' => '/cgi-bin/netovpnsrv.cgi',
+ 'title' => "$Lang::tr{'openvpn server'}",
+ 'enabled' => 1,
+ };
$substatus->{'60.hardwaregraphs'} = {
'caption' => "$Lang::tr{'hardware graphs'}",
'uri' => '/cgi-bin/hardwaregraphs.cgi',
srv/web/ipfire/cgi-bin/netexternal.cgi
srv/web/ipfire/cgi-bin/netinternal.cgi
srv/web/ipfire/cgi-bin/netother.cgi
+srv/web/ipfire/cgi-bin/netovpnrw.cgi
+srv/web/ipfire/cgi-bin/netovpnsrv.cgi
srv/web/ipfire/cgi-bin/optionsfw.cgi
srv/web/ipfire/cgi-bin/ovpnmain.cgi
srv/web/ipfire/cgi-bin/p2p-block.cgi
etc/collectd.custom
etc/collectd.precache
etc/collectd.thermal
+etc/collectd.vpn
etc/rc.d/init.d/collectd
etc/rc.d/rc0.d/K50collectd
etc/rc.d/rc3.d/S29collectd
$errormessage.=$Lang::tr{'fwdfw err remark'}."<br>";
}
#check if source and target identical
- if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ALL'){
+ if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ALL' && $fwdfwsettings{'grp2'} ne 'ipfire'){
$errormessage=$Lang::tr{'fwdfw err same'};
return $errormessage;
}
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2014 Alexander Marx #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use strict;
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+require "${General::swroot}/graphs.pl";
+
+my %color = ();
+my %mainsettings = ();
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+my @vpns=();
+
+my @querry = split(/\?/,$ENV{'QUERY_STRING'});
+$querry[0] = '' unless defined $querry[0];
+$querry[1] = 'week' unless defined $querry[1];
+
+if ( $querry[0] ne "" && $querry[0] ne "UNDEF"){
+ print "Content-type: image/png\n\n";
+ binmode(STDOUT);
+ &Graphs::updatevpngraph($querry[0],$querry[1]);
+}else{
+ &Header::showhttpheaders();
+ &Header::openpage($Lang::tr{'host to net vpn'}, 1, '');
+ &Header::openbigbox('100%', 'left');
+
+ my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*/ -not -path *openvpn-UNDEF* -not -path *openvpn-*n2n* -name *.rrd|sort`;
+ foreach (@vpngraphs){
+ if($_ =~ /(.*)\/openvpn-(.*)\/if_octets_derive.rrd/){
+ push(@vpns,$2);
+ }
+ }
+ if(@vpns){
+ foreach (@vpns) {
+ &Header::openbox('100%', 'center', "$_ $Lang::tr{'graph'}");
+ &Graphs::makegraphbox("netovpnrw.cgi",$_,"week");
+ &Header::closebox();
+ }
+ }else{
+ print "<center>".$Lang::tr{'no data'}."</center>";
+ }
+ my $output = '';
+
+ &Header::closebigbox();
+ &Header::closepage();
+}
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2014 Alexnder Marx #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use strict;
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+require "${General::swroot}/graphs.pl";
+
+my %color = ();
+my %mainsettings = ();
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+my @vpns=();
+
+my @querry = split(/\?/,$ENV{'QUERY_STRING'});
+$querry[0] = '' unless defined $querry[0];
+$querry[1] = 'week' unless defined $querry[1];
+
+if ( $querry[0] ne ""){
+ print "Content-type: image/png\n\n";
+ binmode(STDOUT);
+ &Graphs::updatevpnn2ngraph($querry[0],$querry[1]);
+}else{
+ &Header::showhttpheaders();
+ &Header::openpage($Lang::tr{'openvpn server'}, 1, '');
+ &Header::openbigbox('100%', 'left');
+
+ my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*-n2n/ -not -path *openvpn-UNDEF* -name *traffic.rrd|sort`;
+ foreach (@vpngraphs){
+ if($_ =~ /(.*)\/openvpn-(.*)\/if_octets_derive-traffic.rrd/){
+ push(@vpns,$2);
+ }
+ }
+ if (@vpns){
+ foreach (@vpns) {
+ &Header::openbox('100%', 'center', "$_ $Lang::tr{'graph'}");
+ &Graphs::makegraphbox("netovpnsrv.cgi",$_,"week");
+ &Header::closebox();
+ }
+ }else{
+ print "<center>".$Lang::tr{'no data'}."</center>";
+ }
+ my $output = '';
+
+ &Header::closebigbox();
+ &Header::closepage();
+}
print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
}
print CONF "status-version 1\n";
- print CONF "status /var/log/ovpnserver.log 30\n";
+ print CONF "status /var/run/ovpnserver.log 30\n";
print CONF "cipher $sovpnsettings{DCIPHER}\n";
if ($sovpnsettings{'DAUTH'} eq '') {
print CONF "";
}
sub emptyserverlog{
- if (open(FILE, ">/var/log/ovpnserver.log")) {
+ if (open(FILE, ">/var/run/ovpnserver.log")) {
flock FILE, 2;
print FILE "";
close FILE;
print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n";
print SERVERCONF "# tun Device\n";
print SERVERCONF "dev tun\n";
+ print SERVERCONF "#Logfile for statistics\n";
+ print SERVERCONF "status-version 1\n";
+ print SERVERCONF "status /var/run/openvpn/$cgiparams{'NAME'}-n2n 10\n";
print SERVERCONF "# Port and Protokol\n";
print SERVERCONF "port $cgiparams{'DEST_PORT'}\n";
-
+
if ($cgiparams{'PROTOCOL'} eq 'tcp') {
print SERVERCONF "proto tcp-server\n";
print SERVERCONF "# Packet size\n";
while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
unlink $file
}
+# Delete all RRD files for Roadwarrior connections
+ chdir('/var/ipfire/ovpn/ccd');
+ while ($file = glob("*")) {
+ system ("/usr/local/bin/openvpnctrl -drrd $file");
+ }
+ while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
+ unlink $file
+ }
if (open(FILE, ">${General::swroot}/ovpn/ovpn-leases.db")) {
print FILE "";
close FILE;
# CCD end
-
+###
+### Delete all RRD's for client
+###
+ system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]");
delete $confighash{$cgiparams{'KEY'}};
my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
</tr>
END
;
- my $filename = "/var/log/ovpnserver.log";
+ my $filename = "/var/run/ovpnserver.log";
open(FILE, $filename) or die 'Unable to open config file.';
my @current = <FILE>;
close(FILE);
&General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- my @status = `/bin/cat /var/log/ovpnserver.log`;
+ my @status = `/bin/cat /var/run/ovpnserver.log`;
if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
'incoming' => 'eingehend',
'incoming firewall access' => 'Eingehender Firewallzugang',
'incoming traffic in bytes per second' => 'Eingehender Verkehr',
+'incoming overhead in bytes per second' => 'Eingehender Overhead',
+'incoming compression in bytes per second' => 'Eingehende Kompression',
'incorrect password' => 'Fehlerhaftes Passwort',
'info' => 'Info',
'init string' => 'Initialisierung:',
'outgoing firewall view group' => 'Gruppe anzeigen',
'outgoing firewall warning' => 'Nur die Auswahl Quell IP / MAC aktiviert diese',
'outgoing traffic in bytes per second' => 'Abgehender Verkehr',
+'outgoing overhead in bytes per second' => 'Abgehender Overhead',
+'outgoing compression in bytes per second' => 'Abgehende Kompression',
'override mtu' => 'Überschreibe Standard MTU',
'ovpn' => 'OpenVPN',
'ovpn add conf' => 'Erweiterte Konfiguration',
'incoming' => 'incoming',
'incoming firewall access' => 'Incoming Firewall Access',
'incoming traffic in bytes per second' => 'Incoming Traffic',
+'incoming overhead in bytes per second' => 'Incoming Overhead',
+'incoming compression in bytes per second' => 'Incoming Compression',
'incorrect password' => 'Incorrect password',
'info' => 'Info',
'init string' => 'Init:',
'outgoing firewall view group' => 'View group',
'outgoing firewall warning' => 'Not selecting source ip or mac ignores them',
'outgoing traffic in bytes per second' => 'Outgoing Traffic',
+'outgoing overhead in bytes per second' => 'Outgoing Overhead',
+'outgoing compression in bytes per second' => 'Outgoing compression',
'override mtu' => 'Override default MTU',
'ovpn' => 'OpenVPN',
'ovpn add conf' => 'Additional configuration',
cd $(DIR_APP) && make install
cd $(DIR_APP) && cp -Rvf $(DIR_SRC)/config/ovpn /var/ipfire
-mkdir -vp /usr/lib/openvpn/plugins
+ -mkdir -vp /var/log/openvpn
-mkdir -vp /var/ipfire/ovpn/ca
-mkdir -vp /var/ipfire/ovpn/ccd
-mkdir -vp /var/ipfire/ovpn/crls
printf(" -kn2n --kill-net-2-net\n");
printf(" kills all net2net connections\n");
printf(" you may pass a connection name to the switch to only start a specific one\n");
+ printf(" -drrd --delete-rrd\n");
+ printf(" Deletes the RRD data for a specific client\n");
+ printf(" you need to pass a connection name (RW) to the switch to delete the directory (case sensitive)\n");
printf(" -d --display\n");
printf(" displays OpenVPN status to syslog\n");
printf(" -fwr --firewall-rules\n");
return 0;
}
+int deleterrd(char *name) {
+ connection *conn = getConnections();
+
+ char rrd_file[STRING_SIZE];
+ snprintf(rrd_file, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s/if_octets.rrd", name);
+
+ char rrd_dir[STRING_SIZE];
+ snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s", name);
+
+ while(conn) {
+ /* Find only RW-Connections with the given name. */
+ if (((strcmp(conn->type, "host") == 0) && (strcmp(conn->name, name) == 0))) {
+ remove(rrd_file);
+ remove(rrd_dir);
+ return 0;
+ }
+ conn = conn->next;
+ }
+
+ return 1;
+}
+
void startAllNet2Net() {
int exitcode = 0, _exitcode = 0;
else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) {
killNet2Net(argv[2]);
return 0;
+ }
+ else if( (strcmp(argv[1], "-drrd") == 0) || (strcmp(argv[1], "--delete-rrd") == 0) ) {
+ deleterrd(argv[2]);
+ return 0;
} else {
usage();
return 1;
projects / people / arne_f / ipfire-2.x.git / commitdiff
