$ERROR = RRDs::error;
print "Error in RRD::graph for ".$interface.": ".$ERROR."\n" if $ERROR;
}
+sub updatevpngraph {
+ my $interface = $_[0];
+ my $period = $_[1];
+ RRDs::graph(
+ "-",
+ "--start",
+ "-1".$period,
+ "-aPNG",
+ "-i",
+ "-z",
+ "-W www.ipfire.org",
+ "--alt-y-grid",
+ "-w 600",
+ "-h 125",
+ "-r",
+ "-t ".$Lang::tr{'traffic on'}." ".$interface." ".$Lang::tr{'graph per'}." ".$Lang::tr{$period."-graph"},
+ "-v ".$Lang::tr{'bytes per second'},
+ "--color=SHADEA".$color{"color19"},
+ "--color=SHADEB".$color{"color19"},
+ "--color=BACK".$color{"color21"},
+ "DEF:incoming=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets.rrd:rx:AVERAGE",
+ "DEF:outgoing=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets.rrd:tx:AVERAGE",
+ "CDEF:outgoingn=outgoing,-1,*",
+ "COMMENT:".sprintf("%-20s",$Lang::tr{'caption'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'minimal'}),
+ "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
+ "AREA:incoming".$color{"color12"}."A0:".sprintf("%-20s",$Lang::tr{'incoming traffic in bytes per second'}),
+ "GPRINT:incoming:MAX:%8.1lf %sBps",
+ "GPRINT:incoming:AVERAGE:%8.1lf %sBps",
+ "GPRINT:incoming:MIN:%8.1lf %sBps",
+ "GPRINT:incoming:LAST:%8.1lf %sBps\\j",
+ "AREA:outgoingn".$color{"color13"}."A0:".sprintf("%-20s",$Lang::tr{'outgoing traffic in bytes per second'}),
+ "GPRINT:outgoing:MAX:%8.1lf %sBps",
+ "GPRINT:outgoing:AVERAGE:%8.1lf %sBps",
+ "GPRINT:outgoing:MIN:%8.1lf %sBps",
+ "GPRINT:outgoing:LAST:%8.1lf %sBps\\j",
+ );
+ $ERROR = RRDs::error;
+ print "Error in RRD::graph for ".$interface.": ".$ERROR."\n" if $ERROR;
+}
# Generate the Firewall Graph for the current period of time for values given by collecd
#include "/etc/collectd.thermal"
include "/etc/collectd.custom"
+include "/etc/collectd.vpn"
--- /dev/null
+LoadPlugin openvpn
+
+<Plugin openvpn>
+StatusFile "/var/log/ovpnserver.log"
+</Plugin>
'title' => "$Lang::tr{'network other'}",
'enabled' => 1,
};
+ $substatus->{'53.networkovpn'} = {
+ 'caption' => "$Lang::tr{'openvpn client'}",
+ 'uri' => '/cgi-bin/netovpnrw.cgi',
+ 'title' => "$Lang::tr{'openvpn client'}",
+ 'enabled' => 1,
+ };
+ $substatus->{'54.networkovpnsrv'} = {
+ 'caption' => "$Lang::tr{'openvpn server'}",
+ 'uri' => '/cgi-bin/netovpnsrv.cgi',
+ 'title' => "$Lang::tr{'openvpn server'}",
+ 'enabled' => 1,
+ };
$substatus->{'60.hardwaregraphs'} = {
'caption' => "$Lang::tr{'hardware graphs'}",
'uri' => '/cgi-bin/hardwaregraphs.cgi',
srv/web/ipfire/cgi-bin/netexternal.cgi
srv/web/ipfire/cgi-bin/netinternal.cgi
srv/web/ipfire/cgi-bin/netother.cgi
+srv/web/ipfire/cgi-bin/netovpnrw.cgi
+srv/web/ipfire/cgi-bin/netovpnsrv.cgi
srv/web/ipfire/cgi-bin/optionsfw.cgi
srv/web/ipfire/cgi-bin/ovpnmain.cgi
srv/web/ipfire/cgi-bin/p2p-block.cgi
etc/collectd.custom
etc/collectd.precache
etc/collectd.thermal
+etc/collectd.vpn
etc/rc.d/init.d/collectd
etc/rc.d/rc0.d/K50collectd
etc/rc.d/rc3.d/S29collectd
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2014 Alexander Marx #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use strict;
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+require "${General::swroot}/graphs.pl";
+
+my %color = ();
+my %mainsettings = ();
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+my @vpns=();
+
+my @querry = split(/\?/,$ENV{'QUERY_STRING'});
+$querry[0] = '' unless defined $querry[0];
+$querry[1] = 'week' unless defined $querry[1];
+
+if ( $querry[0] ne "" && $querry[0] ne "UNDEF"){
+ print "Content-type: image/png\n\n";
+ binmode(STDOUT);
+ &Graphs::updatevpngraph($querry[0],$querry[1]);
+}else{
+ &Header::showhttpheaders();
+ &Header::openpage($Lang::tr{'host to net vpn'}, 1, '');
+ &Header::openbigbox('100%', 'left');
+
+ my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*/ -not -path *openvpn-UNDEF* -name *.rrd|sort`;
+ foreach (@vpngraphs){
+ $_ =~ /(.*)\/openvpn-(.*)\/if_octets.rrd/;
+ push(@vpns,$2);
+ }
+ foreach (@vpns) {
+ &Header::openbox('100%', 'center', "$_ $Lang::tr{'graph'}");
+ &Graphs::makegraphbox("netovpnrw.cgi",$_,"week");
+ &Header::closebox();
+ }
+
+ my $output = '';
+
+ &Header::closebigbox();
+ &Header::closepage();
+}
--- /dev/null
+#!/usr/bin/perl
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2014 Alexnder Marx #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+use strict;
+
+# enable only the following on debugging purpose
+#use warnings;
+#use CGI::Carp 'fatalsToBrowser';
+
+require '/var/ipfire/general-functions.pl';
+require "${General::swroot}/lang.pl";
+require "${General::swroot}/header.pl";
+require "${General::swroot}/graphs.pl";
+
+my %color = ();
+my %mainsettings = ();
+&General::readhash("${General::swroot}/main/settings", \%mainsettings);
+&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+
+my @vpns=();
+
+my @querry = split(/\?/,$ENV{'QUERY_STRING'});
+$querry[0] = '' unless defined $querry[0];
+$querry[1] = 'week' unless defined $querry[1];
+
+if ( $querry[0] ne ""){
+ print "Content-type: image/png\n\n";
+ binmode(STDOUT);
+ &Graphs::updatevpnn2ngraph($querry[0],$querry[1]);
+}else{
+ &Header::showhttpheaders();
+ &Header::openpage($Lang::tr{'openvpn server'}, 1, '');
+ &Header::openbigbox('100%', 'left');
+
+ my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*-n2n/ -not -path *openvpn-UNDEF* -name *traffic.rrd|sort`;
+ foreach (@vpngraphs){
+ $_ =~ /(.*)\/openvpn-(.*)\/if_octets-traffic.rrd/;
+ push(@vpns,$2);
+ }
+ foreach (@vpns) {
+ &Header::openbox('100%', 'center', "$_ $Lang::tr{'graph'}");
+ &Graphs::makegraphbox("netovpnsrv.cgi",$_,"week");
+ &Header::closebox();
+ }
+
+ my $output = '';
+
+ &Header::closebigbox();
+ &Header::closepage();
+}
print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n";
print SERVERCONF "# tun Device\n";
print SERVERCONF "dev tun\n";
+ print SERVERCONF "#Logfile for statistics\n";
+ print SERVERCONF "status-version 1\n";
+ print SERVERCONF "status /var/log/openvpn/$cgiparams{'NAME'}-n2n 10\n";
print SERVERCONF "# Port and Protokol\n";
print SERVERCONF "port $cgiparams{'DEST_PORT'}\n";
-
+
if ($cgiparams{'PROTOCOL'} eq 'tcp') {
print SERVERCONF "proto tcp-server\n";
print SERVERCONF "# Packet size\n";
while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
unlink $file
}
+# Delete all RRD files for Roadwarrior connections
+ chdir('/var/ipfire/ovpn/ccd');
+ while ($file = glob("*")) {
+ system ("/usr/local/bin/openvpnctrl -drrd $file");
+ }
+ while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
+ unlink $file
+ }
if (open(FILE, ">${General::swroot}/ovpn/ovpn-leases.db")) {
print FILE "";
close FILE;
# CCD end
-
+###
+### Delete all RRD's for client
+###
+ system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]");
delete $confighash{$cgiparams{'KEY'}};
my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
cd $(DIR_APP) && make install
cd $(DIR_APP) && cp -Rvf $(DIR_SRC)/config/ovpn /var/ipfire
-mkdir -vp /usr/lib/openvpn/plugins
+ -mkdir -vp /var/log/openvpn
-mkdir -vp /var/ipfire/ovpn/ca
-mkdir -vp /var/ipfire/ovpn/ccd
-mkdir -vp /var/ipfire/ovpn/crls
printf(" -kn2n --kill-net-2-net\n");
printf(" kills all net2net connections\n");
printf(" you may pass a connection name to the switch to only start a specific one\n");
+ printf(" -drrd --delete-rrd\n");
+ printf(" Deletes the RRD data for a specific client\n");
+ printf(" you need to pass a connection name (RW) to the switch to delete the directory (case sensitive)\n");
printf(" -d --display\n");
printf(" displays OpenVPN status to syslog\n");
printf(" -fwr --firewall-rules\n");
return 0;
}
+int deleterrd(char *name) {
+ connection *conn = getConnections();
+
+ char rrd_file[STRING_SIZE];
+ snprintf(rrd_file, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s/if_octets.rrd", name);
+
+ char rrd_dir[STRING_SIZE];
+ snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s", name);
+
+ while(conn) {
+ /* Find only RW-Connections with the given name. */
+ if (((strcmp(conn->type, "host") == 0) && (strcmp(conn->name, name) == 0))) {
+ remove(rrd_file);
+ remove(rrd_dir);
+ return 0;
+ }
+ conn = conn->next;
+ }
+
+ return 1;
+}
+
void startAllNet2Net() {
int exitcode = 0, _exitcode = 0;
else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) {
killNet2Net(argv[2]);
return 0;
+ }
+ else if( (strcmp(argv[1], "-drrd") == 0) || (strcmp(argv[1], "--delete-rrd") == 0) ) {
+ deleterrd(argv[2]);
+ return 0;
} else {
usage();
return 1;