]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blame - html/cgi-bin/ovpnmain.cgi
projects / people / pmueller / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Firewallhitgraphs gefixt.
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / ovpnmain.cgi
CommitLineData
6e13d0a5
MT		 1#!/usr/bin/perl
2# based on SmoothWall and IPCop CGIs
3#
4# This code is distributed under the terms of the GPL
5# Main idea from zeroconcept
bb89e92a 6# ZERNINA-VERSION:0.9.7a9
6e13d0a5
MT		 7# (c) 2005 Ufuk Altinkaynak
8#
bb89e92a 9# Ipcop and OpenVPN eas as one two three..
6e13d0a5
MT		 10#
11
12use CGI;
13use CGI qw/:standard/;
14use Net::DNS;
15use File::Copy;
16use File::Temp qw/ tempfile tempdir /;
17use strict;
18use Archive::Zip qw(:ERROR_CODES :CONSTANTS);
19use Net::Ping;
20require '/var/ipfire/general-functions.pl';
fd0763dc 21require '/srv/web/ipfire/cgi-bin/ovpnfunc.pl';
6e13d0a5
MT		 22require "${General::swroot}/lang.pl";
23require "${General::swroot}/header.pl";
24require "${General::swroot}/countries.pl";
25
26# enable only the following on debugging purpose
27#use warnings;
28#use CGI::Carp 'fatalsToBrowser';
29#workaround to suppress a warning when a variable is used only once
30my @dummy = ( ${Header::colourgreen} );
31undef (@dummy);
32
33
34
35###
36### Initialize variables
37###
38my %netsettings=();
39my %cgiparams=();
40my %vpnsettings=();
41my %checked=();
42my %confighash=();
43my %cahash=();
44my %selected=();
45my $warnmessage = '';
46my $errormessage = '';
47my %settings=();
48my $zerinaclient = '';
49&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
50$cgiparams{'ENABLED'} = 'off';
51$cgiparams{'ENABLED_BLUE'} = 'off';
52$cgiparams{'ENABLED_ORANGE'} = 'off';
53$cgiparams{'EDIT_ADVANCED'} = 'off';
54$cgiparams{'NAT'} = 'off';
55$cgiparams{'COMPRESSION'} = 'off';
56$cgiparams{'ONLY_PROPOSED'} = 'off';
57$cgiparams{'ACTION'} = '';
58$cgiparams{'CA_NAME'} = '';
59$cgiparams{'DHCP_DOMAIN'} = '';
60$cgiparams{'DHCP_DNS'} = '';
61$cgiparams{'DHCP_WINS'} = '';
62$cgiparams{'DCOMPLZO'} = 'off';
63&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
64
65# prepare openvpn config file
66###
67### Useful functions
68###
69
70###
71### OpenVPN Server Control
72###
73if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'} ||
74 $cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'} ||
75 $cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}) {
bb89e92a 76 my $serveractive = `/bin/ps ax|grep server.conf|grep -v grep|awk \'{print \$1}\'`;
6e13d0a5
MT		 77 #start openvpn server
78 if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'}){
79 &Ovpnfunc::emptyserverlog();
80 system('/usr/local/bin/openvpnctrl', '-s');
81 }
82 #stop openvpn server
83 if ($cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'}){
bb89e92a
MT		 84 if ($serveractive ne ''){
85 system('/usr/local/bin/openvpnctrl', '-kn2n', $serveractive);
86 }
6e13d0a5 87 system('/usr/local/bin/openvpnctrl', '-k');
bb89e92a 88 &Ovpnfunc::emptyserverlog();
6e13d0a5
MT		 89 }
90# #restart openvpn server
91 if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){
92#workarund, till SIGHUP also works when running as nobody
bb89e92a
MT		 93 if ($serveractive ne ''){
94 system('/usr/local/bin/openvpnctrl', '-kn2n', $serveractive);
95 }
96 system('/usr/local/bin/openvpnctrl', '-k');
97 &Ovpnfunc::emptyserverlog();
98 system('/usr/local/bin/openvpnctrl', '-s');
6e13d0a5
MT		 99 }
100}
101
102###
103### Save Advanced options
104###
105
106if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
107 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
108 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
109 #DAN this value has to leave.
110#new settings for daemon
111 $vpnsettings{'LOG_VERB'} = $cgiparams{'LOG_VERB'};
112 $vpnsettings{'KEEPALIVE_1'} = $cgiparams{'KEEPALIVE_1'};
113 $vpnsettings{'KEEPALIVE_2'} = $cgiparams{'KEEPALIVE_2'};
114 $vpnsettings{'MAX_CLIENTS'} = $cgiparams{'MAX_CLIENTS'};
115 $vpnsettings{'REDIRECT_GW_DEF1'} = $cgiparams{'REDIRECT_GW_DEF1'};
116 $vpnsettings{'CLIENT2CLIENT'} = $cgiparams{'CLIENT2CLIENT'};
117 $vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'};
118 $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
119 $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
120 #additional push route
121 $vpnsettings{'AD_ROUTE1'} = $cgiparams{'AD_ROUTE1'};
122 $vpnsettings{'AD_ROUTE2'} = $cgiparams{'AD_ROUTE2'};
123 $vpnsettings{'AD_ROUTE3'} = $cgiparams{'AD_ROUTE3'};
124 #additional push route
125
126 #################################################################################
127 # Added by Philipp Jenni #
128 # #
129 # Contact: philipp.jenni-at-gmx.ch #
130 # Date: 2006-04-22 #
131 # Description: Add the FAST-IO Parameter from OpenVPN to the Zerina Config #
132 # Add the NICE Parameter from OpenVPN to the Zerina Config #
133 # Add the MTU-DISC Parameter from OpenVPN to the Zerina Config #
134 # Add the MSSFIX Parameter from OpenVPN to the Zerina Config #
135 # Add the FRAMGMENT Parameter from OpenVPN to the Zerina Config #
136 #################################################################################
137 $vpnsettings{'EXTENDED_FASTIO'} = $cgiparams{'EXTENDED_FASTIO'};
138 $vpnsettings{'EXTENDED_NICE'} = $cgiparams{'EXTENDED_NICE'};
139 $vpnsettings{'EXTENDED_MTUDISC'} = $cgiparams{'EXTENDED_MTUDISC'};
140 $vpnsettings{'EXTENDED_MSSFIX'} = $cgiparams{'EXTENDED_MSSFIX'};
141 $vpnsettings{'EXTENDED_FRAGMENT'} = $cgiparams{'EXTENDED_FRAGMENT'};
142 #################################################################################
143 # End of Inserted Data #
144 #################################################################################
145
146
147 if ($cgiparams{'DHCP_DOMAIN'} ne ''){
148 unless (&General::validfqdn($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
149 $errormessage = $Lang::tr{'invalid input for dhcp domain'};
150 goto ADV_ERROR;
151 }
152 }
153 if ($cgiparams{'DHCP_DNS'} ne ''){
154 unless (&General::validfqdn($cgiparams{'DHCP_DNS'}) || &General::validip($cgiparams{'DHCP_DNS'})) {
155 $errormessage = $Lang::tr{'invalid input for dhcp dns'};
156 goto ADV_ERROR;
157 }
158 }
159 if ($cgiparams{'DHCP_WINS'} ne ''){
160 unless (&General::validfqdn($cgiparams{'DHCP_WINS'}) || &General::validip($cgiparams{'DHCP_WINS'})) {
161 $errormessage = $Lang::tr{'invalid input for dhcp wins'};
162 goto ADV_ERROR;
163 }
164 }
165 if ($cgiparams{'AD_ROUTE1'} ne ''){
166 if (! &General::validipandmask($cgiparams{'AD_ROUTE1'})) {
167 $errormessage = $Lang::tr{'route subnet is invalid'};
168 goto ADV_ERROR;
169 }
170 }
171 if ($cgiparams{'AD_ROUTE2'} ne ''){
172 if (! &General::validipandmask($cgiparams{'AD_ROUTE2'})) {
173 $errormessage = $Lang::tr{'route subnet is invalid'};
174 goto ADV_ERROR;
175 }
176 }
177 if ($cgiparams{'AD_ROUTE3'} ne ''){
178 if (! &General::validipandmask($cgiparams{'AD_ROUTE3'})) {
179 $errormessage = $Lang::tr{'route subnet is invalid'};
180 goto ADV_ERROR;
181 }
182 }
183
184 if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 255 )) {
185 $errormessage = $Lang::tr{'invalid input for max clients'};
186 goto ADV_ERROR;
187 }
188 if ($cgiparams{'KEEPALIVE_1'} ne '') {
189 if ($cgiparams{'KEEPALIVE_1'} !~ /^[0-9]+$/) {
190 $errormessage = $Lang::tr{'invalid input for keepalive 1'};
191 goto ADV_ERROR;
192 }
193 }
194 if ($cgiparams{'KEEPALIVE_2'} ne ''){
195 if ($cgiparams{'KEEPALIVE_2'} !~ /^[0-9]+$/) {
196 $errormessage = $Lang::tr{'invalid input for keepalive 2'};
197 goto ADV_ERROR;
198 }
199 }
200 if ($cgiparams{'KEEPALIVE_2'} < ($cgiparams{'KEEPALIVE_1'} * 2)){
201 $errormessage = $Lang::tr{'invalid input for keepalive 1:2'};
202 goto ADV_ERROR;
203 }
204
205 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
206 &Ovpnfunc::writeserverconf();#hier ok
207}
208
209###
210### Save main settings
211###
212if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') {
213 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
214 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
215 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
216 #DAN this value has to leave.
217 if ($cgiparams{'ENABLED'} eq 'on'){
218 unless (&General::validfqdn($cgiparams{'VPN_IP'}) || &General::validip($cgiparams{'VPN_IP'})) {
219 $errormessage = $Lang::tr{'invalid input for hostname'};
220 goto SETTINGS_ERROR;
221 }
222 }
223 if ($cgiparams{'ENABLED'} eq 'on'){
224 $errormessage = &Ovpnfunc::disallowreserved($cgiparams{'DDEST_PORT'},0,$cgiparams{'DPROTOCOL'},"dest");
225 }
226 if ($errormessage) { goto SETTINGS_ERROR; }
227
228
229 if ($cgiparams{'ENABLED'} eq 'on'){
230 $errormessage = &Ovpnfunc::checkportfw(0,$cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'},'0.0.0.0');
231 }
232
233 if ($errormessage) { goto SETTINGS_ERROR; }
234
235 if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) {
236 $errormessage = $Lang::tr{'ovpn subnet is invalid'};
237 goto SETTINGS_ERROR;
238 }
239 my @tmpovpnsubnet = split("\/",$cgiparams{'DOVPN_SUBNET'});
240 $tmpovpnsubnet[1] = &Ovpnfunc::cidrormask($tmpovpnsubnet[1]);
241 $cgiparams{'DOVPN_SUBNET'} = "$tmpovpnsubnet[0]/$tmpovpnsubnet[1]";#convert from cidr
242 #plausi1
243 $errormessage = &Ovpnfunc::ovelapplausi($tmpovpnsubnet[0],$tmpovpnsubnet[1]);
244 #plausi1
245 if ($errormessage ne ''){
246 goto SETTINGS_ERROR;
247 }
248 if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
249 $errormessage = $Lang::tr{'invalid input'};
250 goto SETTINGS_ERROR;
251 }
252 if ((length($cgiparams{'DMTU'})==0) || (($cgiparams{'DMTU'}) < 1000 )) {
253 $errormessage = $Lang::tr{'invalid mtu input'};
254 goto SETTINGS_ERROR;
255 }
256
257 unless (&General::validport($cgiparams{'DDEST_PORT'})) {
258 $errormessage = $Lang::tr{'invalid port'};
259 goto SETTINGS_ERROR;
260 }
261 #hhh
262 foreach my $dkey (keys %confighash) {#Check if there is no other entry with this name
263 if ($confighash{$dkey}[14] eq $cgiparams{'DPROTOCOL'} && $confighash{$dkey}[15] eq $cgiparams{'DDEST_PORT'}){
264 $errormessage = "Choosed Protocol/Port combination is already used by connection: $confighash{$dkey}[1]";
265 goto SETTINGS_ERROR;
266 }
267 }
268 #hhh
269 $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
270 $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
271 $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
272 $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
273#new settings for daemon
274 $vpnsettings{'DOVPN_SUBNET'} = $cgiparams{'DOVPN_SUBNET'};
275 $vpnsettings{'DDEVICE'} = $cgiparams{'DDEVICE'};
276 $vpnsettings{'DPROTOCOL'} = $cgiparams{'DPROTOCOL'};
277 $vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'};
278 $vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
279 $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
280 $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
281#new settings for daemon
282 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
283 &Ovpnfunc::writeserverconf();#hier ok
284SETTINGS_ERROR:
285###
286### Reset all step 2
287###
288}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reset'} && $cgiparams{'AREUSURE'} eq 'yes') {
289 my $file = '';
290 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
291
292 foreach my $key (keys %confighash) {
293 if ($confighash{$key}[4] eq 'cert') {
294 delete $confighash{$cgiparams{'$key'}};
295 }
296 }
297 while ($file = glob("${General::swroot}/ovpn/ca/*")) {
298 unlink $file
299 }
300 while ($file = glob("${General::swroot}/ovpn/certs/*")) {
301 unlink $file
302 }
303 while ($file = glob("${General::swroot}/ovpn/crls/*")) {
304 unlink $file
305 }
306 &Ovpnfunc::cleanssldatabase();
307 if (open(FILE, ">${General::swroot}/ovpn/caconfig")) {
308 print FILE "";
309 close FILE;
310 }
311 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
312###
313### Reset all step 1
314###
315}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reset'}) {
316 &Header::showhttpheaders();
317 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
318 &Header::openbigbox('100%', 'LEFT', '', '');
319 &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'});
320 print <<END
321 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
322 <tr><td align='center'>
323 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
324 $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}
325 <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' />
326 <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td></tr>
327 </form></table>
328END
329 ;
330 &Header::closebox();
331 &Header::closebigbox();
332 &Header::closepage();
333 exit (0);
334
335###
336### Upload CA Certificate
337###
338} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload ca certificate'}) {
339 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
340
341 if ($cgiparams{'CA_NAME'} !~ /^[a-zA-Z0-9]+$/) {
342 $errormessage = $Lang::tr{'name must only contain characters'};
343 goto UPLOADCA_ERROR;
344 }
345
346 if (length($cgiparams{'CA_NAME'}) >60) {
347 $errormessage = $Lang::tr{'name too long'};
348 goto VPNCONF_ERROR;
349 }
350
351 if ($cgiparams{'CA_NAME'} eq 'ca') {
352 $errormessage = $Lang::tr{'name is invalid'};
353 goto UPLOAD_CA_ERROR;
354 }
355
356 # Check if there is no other entry with this name
357 foreach my $key (keys %cahash) {
358 if ($cahash{$key}[0] eq $cgiparams{'CA_NAME'}) {
359 $errormessage = $Lang::tr{'a ca certificate with this name already exists'};
360 goto UPLOADCA_ERROR;
361 }
362 }
363
364 if (ref ($cgiparams{'FH'}) ne 'Fh') {
365 $errormessage = $Lang::tr{'there was no file upload'};
366 goto UPLOADCA_ERROR;
367 }
368 # Move uploaded ca to a temporary file
369 (my $fh, my $filename) = tempfile( );
370 if (copy ($cgiparams{'FH'}, $fh) != 1) {
371 $errormessage = $!;
372 goto UPLOADCA_ERROR;
373 }
374 my $temp = `/usr/bin/openssl x509 -text -in $filename`;
375 if ($temp !~ /CA:TRUE/i) {
376 $errormessage = $Lang::tr{'not a valid ca certificate'};
377 unlink ($filename);
378 goto UPLOADCA_ERROR;
379 } else {
380 move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem");
381 if ($? ne 0) {
382 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
383 unlink ($filename);
384 goto UPLOADCA_ERROR;
385 }
386 }
387
388 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem`;
389 $casubject =~ /Subject: (.*)[\n]/;
390 $casubject = $1;
391 $casubject =~ s+/Email+, E+;
392 $casubject =~ s/ ST=/ S=/;
393 $casubject = &Header::cleanhtml($casubject);
394
395 my $key = &General::findhasharraykey (\%cahash);
396 $cahash{$key}[0] = $cgiparams{'CA_NAME'};
397 $cahash{$key}[1] = $casubject;
398 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
399 UPLOADCA_ERROR:
400
401###
402### Display ca certificate
403###
404} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show ca certificate'}) {
405 &Ovpnfunc::displayca($cgiparams{'KEY'});
406###
407### Download ca certificate
408###
409} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download ca certificate'}) {
410 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
411
412 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
413 print "Content-Type: application/octet-stream\r\n";
414 print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
415 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
416 exit(0);
417 } else {
418 $errormessage = $Lang::tr{'invalid key'};
419 }
420
421###
422### Remove ca certificate (step 2)
423###
424} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'} && $cgiparams{'AREUSURE'} eq 'yes') {
425 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
426 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
427
428 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
429 foreach my $key (keys %confighash) {
430 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
431 if ($test =~ /: OK/) {
432 unlink ("${General::swroot}/ovpn//certs/$confighash{$key}[1]cert.pem");
433 unlink ("${General::swroot}/ovpn/certs/$confighash{$key}[1].p12");
434 delete $confighash{$key};
435 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
436 }
437 }
438 unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
439 delete $cahash{$cgiparams{'KEY'}};
440 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
441 } else {
442 $errormessage = $Lang::tr{'invalid key'};
443 }
444###
445### Remove ca certificate (step 1)
446###
447} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'}) {
448 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
449 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
450
451 my $assignedcerts = 0;
452 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
453 foreach my $key (keys %confighash) {
454 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
455 if ($test =~ /: OK/) {
456 $assignedcerts++;
457 }
458 }
459 if ($assignedcerts) {
460 &Header::showhttpheaders();
461 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
462 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
463 &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'});
464 print <<END
465 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
466 <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
467 <tr><td align='center'>
468 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>: $assignedcerts
469 $Lang::tr{'connections are associated with this ca. deleting the ca will delete these connections as well.'}
470 <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
471 <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td></tr>
472 </form></table>
473END
474 ;
475 &Header::closebox();
476 &Header::closebigbox();
477 &Header::closepage();
478 exit (0);
479 } else {
480 unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
481 delete $cahash{$cgiparams{'KEY'}};
482 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
483# system('/usr/local/bin/ipsecctrl', 'R');
484 }
485 } else {
486 $errormessage = $Lang::tr{'invalid key'};
487 }
488
489###
490### Display root certificate
491###
492}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} || $cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
493 &Ovpnfunc::displayroothost($cgiparams{'ACTION'});
494###
495### Download root certificate
496###
497}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download root certificate'}) {
498 if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
499 print "Content-Type: application/octet-stream\r\n";
500 print "Content-Disposition: filename=cacert.pem\r\n\r\n";
501 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/cacert.pem`;
502 exit(0);
503 }
504
505###
506### Download host certificate
507###
508}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download host certificate'}) {
509 if ( -f "${General::swroot}/ovpn/certs/servercert.pem" ) {
510 print "Content-Type: application/octet-stream\r\n";
511 print "Content-Disposition: filename=servercert.pem\r\n\r\n";
512 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem`;
513 exit(0);
514 }
515###
516### Form for generating a root certificate
517###
518}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate root/host certificates'} ||
519 $cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
520
521 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
522 if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
523 $errormessage = $Lang::tr{'valid root certificate already exists'};
524 $cgiparams{'ACTION'} = '';
525 goto ROOTCERT_ERROR;
526 }
527
528 if (($cgiparams{'ROOTCERT_HOSTNAME'} eq '') && -e "${General::swroot}/red/active") {
529 if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
530 my $ipaddr = <IPADDR>;
531 close IPADDR;
532 chomp ($ipaddr);
533 $cgiparams{'ROOTCERT_HOSTNAME'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
534 if ($cgiparams{'ROOTCERT_HOSTNAME'} eq '') {
535 $cgiparams{'ROOTCERT_HOSTNAME'} = $ipaddr;
536 }
537 }
538 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
539
540 if (ref ($cgiparams{'FH'}) ne 'Fh') {
541 $errormessage = $Lang::tr{'there was no file upload'};
542 goto ROOTCERT_ERROR;
543 }
544
545 # Move uploaded certificate request to a temporary file
546 (my $fh, my $filename) = tempfile( );
547 if (copy ($cgiparams{'FH'}, $fh) != 1) {
548 $errormessage = $!;
549 goto ROOTCERT_ERROR;
550 }
551
552 # Create a temporary dirctory
553 my $tempdir = tempdir( CLEANUP => 1 );
554
555 # Extract the CA certificate from the file
556 my $pid = open(OPENSSL, "|-");
557 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
558 if ($pid) { # parent
559 if ($cgiparams{'P12_PASS'} ne '') {
560 print OPENSSL "$cgiparams{'P12_PASS'}\n";
561 }
562 close (OPENSSL);
563 if ($?) {
564 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
565 unlink ($filename);
566 goto ROOTCERT_ERROR;
567 }
568 } else { # child
569 unless (exec ('/usr/bin/openssl', 'pkcs12', '-cacerts', '-nokeys',
570 '-in', $filename,
571 '-out', "$tempdir/cacert.pem")) {
572 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
573 unlink ($filename);
574 goto ROOTCERT_ERROR;
575 }
576 }
577
578 # Extract the Host certificate from the file
579 $pid = open(OPENSSL, "|-");
580 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
581 if ($pid) { # parent
582 if ($cgiparams{'P12_PASS'} ne '') {
583 print OPENSSL "$cgiparams{'P12_PASS'}\n";
584 }
585 close (OPENSSL);
586 if ($?) {
587 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
588 unlink ($filename);
589 goto ROOTCERT_ERROR;
590 }
591 } else { # child
592 unless (exec ('/usr/bin/openssl', 'pkcs12', '-clcerts', '-nokeys',
593 '-in', $filename,
594 '-out', "$tempdir/hostcert.pem")) {
595 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
596 unlink ($filename);
597 goto ROOTCERT_ERROR;
598 }
599 }
600
601 # Extract the Host key from the file
602 $pid = open(OPENSSL, "|-");
603 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
604 if ($pid) { # parent
605 if ($cgiparams{'P12_PASS'} ne '') {
606 print OPENSSL "$cgiparams{'P12_PASS'}\n";
607 }
608 close (OPENSSL);
609 if ($?) {
610 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
611 unlink ($filename);
612 goto ROOTCERT_ERROR;
613 }
614 } else { # child
615 unless (exec ('/usr/bin/openssl', 'pkcs12', '-nocerts',
616 '-nodes',
617 '-in', $filename,
618 '-out', "$tempdir/serverkey.pem")) {
619 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
620 unlink ($filename);
621 goto ROOTCERT_ERROR;
622 }
623 }
624
625 move("$tempdir/cacert.pem", "${General::swroot}/ovpn/ca/cacert.pem");
626 if ($? ne 0) {
627 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
628 unlink ($filename);
629 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
630 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
631 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
632 goto ROOTCERT_ERROR;
633 }
634
635 move("$tempdir/hostcert.pem", "${General::swroot}/ovpn/certs/servercert.pem");
636 if ($? ne 0) {
637 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
638 unlink ($filename);
639 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
640 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
641 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
642 goto ROOTCERT_ERROR;
643 }
644
645 move("$tempdir/serverkey.pem", "${General::swroot}/ovpn/certs/serverkey.pem");
646 if ($? ne 0) {
647 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
648 unlink ($filename);
649 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
650 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
651 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
652 goto ROOTCERT_ERROR;
653 }
654
655 goto ROOTCERT_SUCCESS;
656
657 } elsif ($cgiparams{'ROOTCERT_COUNTRY'} ne '') {
658
659 # Validate input since the form was submitted
660 if ($cgiparams{'ROOTCERT_ORGANIZATION'} eq ''){
661 $errormessage = $Lang::tr{'organization cant be empty'};
662 goto ROOTCERT_ERROR;
663 }
664 if (length($cgiparams{'ROOTCERT_ORGANIZATION'}) >60) {
665 $errormessage = $Lang::tr{'organization too long'};
666 goto ROOTCERT_ERROR;
667 }
668 if ($cgiparams{'ROOTCERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
669 $errormessage = $Lang::tr{'invalid input for organization'};
670 goto ROOTCERT_ERROR;
671 }
672 if ($cgiparams{'ROOTCERT_HOSTNAME'} eq ''){
673 $errormessage = $Lang::tr{'hostname cant be empty'};
674 goto ROOTCERT_ERROR;
675 }
676 unless (&General::validfqdn($cgiparams{'ROOTCERT_HOSTNAME'}) || &General::validip($cgiparams{'ROOTCERT_HOSTNAME'})) {
677 $errormessage = $Lang::tr{'invalid input for hostname'};
678 goto ROOTCERT_ERROR;
679 }
680 if ($cgiparams{'ROOTCERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'ROOTCERT_EMAIL'}))) {
681 $errormessage = $Lang::tr{'invalid input for e-mail address'};
682 goto ROOTCERT_ERROR;
683 }
684 if (length($cgiparams{'ROOTCERT_EMAIL'}) > 40) {
685 $errormessage = $Lang::tr{'e-mail address too long'};
686 goto ROOTCERT_ERROR;
687 }
688 if ($cgiparams{'ROOTCERT_OU'} ne '' && $cgiparams{'ROOTCERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
689 $errormessage = $Lang::tr{'invalid input for department'};
690 goto ROOTCERT_ERROR;
691 }
692 if ($cgiparams{'ROOTCERT_CITY'} ne '' && $cgiparams{'ROOTCERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
693 $errormessage = $Lang::tr{'invalid input for city'};
694 goto ROOTCERT_ERROR;
695 }
696 if ($cgiparams{'ROOTCERT_STATE'} ne '' && $cgiparams{'ROOTCERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
697 $errormessage = $Lang::tr{'invalid input for state or province'};
698 goto ROOTCERT_ERROR;
699 }
700 if ($cgiparams{'ROOTCERT_COUNTRY'} !~ /^[A-Z]*$/) {
701 $errormessage = $Lang::tr{'invalid input for country'};
702 goto ROOTCERT_ERROR;
703 }
704
705 # Copy the cgisettings to vpnsettings and save the configfile
706 $vpnsettings{'ROOTCERT_ORGANIZATION'} = $cgiparams{'ROOTCERT_ORGANIZATION'};
707 $vpnsettings{'ROOTCERT_HOSTNAME'} = $cgiparams{'ROOTCERT_HOSTNAME'};
708 $vpnsettings{'ROOTCERT_EMAIL'} = $cgiparams{'ROOTCERT_EMAIL'};
709 $vpnsettings{'ROOTCERT_OU'} = $cgiparams{'ROOTCERT_OU'};
710 $vpnsettings{'ROOTCERT_CITY'} = $cgiparams{'ROOTCERT_CITY'};
711 $vpnsettings{'ROOTCERT_STATE'} = $cgiparams{'ROOTCERT_STATE'};
712 $vpnsettings{'ROOTCERT_COUNTRY'} = $cgiparams{'ROOTCERT_COUNTRY'};
713 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
714
715 # Replace empty strings with a .
716 (my $ou = $cgiparams{'ROOTCERT_OU'}) =~ s/^\s*$/\./;
717 (my $city = $cgiparams{'ROOTCERT_CITY'}) =~ s/^\s*$/\./;
718 (my $state = $cgiparams{'ROOTCERT_STATE'}) =~ s/^\s*$/\./;
719
720 # refresh
9833e7d8 721 #system ('/usr/bin/touch', "${General::swroot}/ovpn/gencanow");
6e13d0a5
MT		 722
723 # Create the CA certificate
724 my $pid = open(OPENSSL, "|-");
725 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
726 if ($pid) { # parent
727 print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n";
728 print OPENSSL "$state\n";
729 print OPENSSL "$city\n";
730 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n";
731 print OPENSSL "$ou\n";
732 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'} CA\n";
733 print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n";
734 close (OPENSSL);
735 if ($?) {
736 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
737 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
738 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
739 goto ROOTCERT_ERROR;
740 }
741 } else { # child
742 unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
743 '-days', '999999', '-newkey', 'rsa:2048',
744 '-keyout', "${General::swroot}/ovpn/ca/cakey.pem",
745 '-out', "${General::swroot}/ovpn/ca/cacert.pem",
746 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
747 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
748 goto ROOTCERT_ERROR;
749 }
750 }
751
752 # Create the Host certificate request
753 $pid = open(OPENSSL, "|-");
754 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
755 if ($pid) { # parent
756 print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n";
757 print OPENSSL "$state\n";
758 print OPENSSL "$city\n";
759 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n";
760 print OPENSSL "$ou\n";
761 print OPENSSL "$cgiparams{'ROOTCERT_HOSTNAME'}\n";
762 print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n";
763 print OPENSSL ".\n";
764 print OPENSSL ".\n";
765 close (OPENSSL);
766 if ($?) {
767 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
768 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
769 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
770 goto ROOTCERT_ERROR;
771 }
772 } else { # child
773 unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
774 '-newkey', 'rsa:1024',
775 '-keyout', "${General::swroot}/ovpn/certs/serverkey.pem",
776 '-out', "${General::swroot}/ovpn/certs/serverreq.pem",
777 '-extensions', 'server',
778 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
779 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
780 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
781 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
782 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
783 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
784 goto ROOTCERT_ERROR;
785 }
786 }
787
788 # Sign the host certificate request
789 system('/usr/bin/openssl', 'ca', '-days', '999999',
790 '-batch', '-notext',
791 '-in', "${General::swroot}/ovpn/certs/serverreq.pem",
792 '-out', "${General::swroot}/ovpn/certs/servercert.pem",
793 '-extensions', 'server',
794 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf");
795 if ($?) {
796 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
797 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
798 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
799 unlink ("${General::swroot}/ovpn/serverkey.pem");
800 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
801 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
802 &Ovpnfunc::newcleanssldatabase();
803 goto ROOTCERT_ERROR;
804 } else {
805 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
806 &Ovpnfunc::deletebackupcert();
807 }
808
809 # Create an empty CRL
810 system('/usr/bin/openssl', 'ca', '-gencrl',
811 '-out', "${General::swroot}/ovpn/crls/cacrl.pem",
812 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" );
813 if ($?) {
814 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
815 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
816 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
817 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
818 unlink ("${General::swroot}/ovpn/crls/cacrl.pem");
819 &Ovpnfunc::cleanssldatabase();
820 goto ROOTCERT_ERROR;
821 }
822 # Create Diffie Hellmann Parameter
823 system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache',
824 '-out', "${General::swroot}/ovpn/ca/dh1024.pem",
825 '1024' );
826 if ($?) {
827 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
828 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
829 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
830 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
831 unlink ("${General::swroot}/ovpn/crls/cacrl.pem");
832 unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
833 &Ovpnfunc::cleanssldatabase();
834 goto ROOTCERT_ERROR;
835 }
836 goto ROOTCERT_SUCCESS;
837 }
838 ROOTCERT_ERROR:
839 if ($cgiparams{'ACTION'} ne '') {
840 &Header::showhttpheaders();
841 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
842 &Header::openbigbox('100%', 'LEFT', '', '');
843 if ($errormessage) {
844 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
845 print "<class name='base'>$errormessage";
846 print "&nbsp;</class>";
847 &Header::closebox();
848 }
849 &Header::openbox('100%', 'LEFT', "$Lang::tr{'generate root/host certificates'}:");
850 print <<END
851 <form method='post' enctype='multipart/form-data'>
852 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
853 <tr><td width='30%' class='base'>$Lang::tr{'organization name'}:</td>
854 <td width='35%' class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_ORGANIZATION' value='$cgiparams{'ROOTCERT_ORGANIZATION'}' size='32' /></td>
855 <td width='35%' colspan='2'>&nbsp;</td></tr>
856 <tr><td class='base'>$Lang::tr{'ipfires hostname'}:</td>
857 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_HOSTNAME' value='$cgiparams{'ROOTCERT_HOSTNAME'}' size='32' /></td>
858 <td colspan='2'>&nbsp;</td></tr>
859 <tr><td class='base'>$Lang::tr{'your e-mail'}:&nbsp;<img src='/blob.gif' alt'*' /></td>
860 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_EMAIL' value='$cgiparams{'ROOTCERT_EMAIL'}' size='32' /></td>
861 <td colspan='2'>&nbsp;</td></tr>
862 <tr><td class='base'>$Lang::tr{'your department'}:&nbsp;<img src='/blob.gif' alt'*' /></td>
863 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_OU' value='$cgiparams{'ROOTCERT_OU'}' size='32' /></td>
864 <td colspan='2'>&nbsp;</td></tr>
865 <tr><td class='base'>$Lang::tr{'city'}:&nbsp;<img src='/blob.gif' alt'*' /></td>
866 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_CITY' value='$cgiparams{'ROOTCERT_CITY'}' size='32' /></td>
867 <td colspan='2'>&nbsp;</td></tr>
868 <tr><td class='base'>$Lang::tr{'state or province'}:&nbsp;<img src='/blob.gif' alt'*' /></td>
869 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_STATE' value='$cgiparams{'ROOTCERT_STATE'}' size='32' /></td>
870 <td colspan='2'>&nbsp;</td></tr>
871 <tr><td class='base'>$Lang::tr{'country'}:</td>
872 <td class='base'><select name='ROOTCERT_COUNTRY'>
873
874END
875 ;
876 foreach my $country (sort keys %{Countries::countries}) {
877 print "<option value='$Countries::countries{$country}'";
878 if ( $Countries::countries{$country} eq $cgiparams{'ROOTCERT_COUNTRY'} ) {
879 print " selected='selected'";
880 }
881 print ">$country</option>";
882 }
883 print <<END
884 </select></td>
885 <td colspan='2'>&nbsp;</td></tr>
886 <tr><td>&nbsp;</td>
887 <td><input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' /></td>
888 <td>&nbsp;</td><td>&nbsp;</td></tr>
889 <tr><td class='base' colspan='4' align='left'>
890 <img src='/blob.gif' valign='top' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
891 <tr><td class='base' colspan='4' align='left'>
892 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
893 $Lang::tr{'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient'}
894 </td></tr>
895 <tr><td colspan='4' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr>
896 <tr><td class='base' nowrap='nowrap'>$Lang::tr{'upload p12 file'}:</td>
897 <td nowrap='nowrap'><input type='file' name='FH' size='32'></td>
898 <td colspan='2'>&nbsp;</td></tr>
899 <tr><td class='base'>$Lang::tr{'pkcs12 file password'}:&nbsp;<img src='/blob.gif' alt='*' ></td>
900 <td class='base' nowrap='nowrap'><input type='password' name='P12_PASS' value='$cgiparams{'P12_PASS'}' size='32' /></td>
901 <td colspan='2'>&nbsp;</td></tr>
902 <tr><td>&nbsp;</td>
903 <td><input type='submit' name='ACTION' value='$Lang::tr{'upload p12 file'}' /></td>
904 <td colspan='2'>&nbsp;</td></tr>
905 <tr><td class='base' colspan='4' align='left'>
906 <img src='/blob.gif' valign='top' al='*' >&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
907 </form></table>
908END
909 ;
910 &Header::closebox();
911
912 &Header::closebigbox();
913 &Header::closepage();
914 exit(0)
915 }
916
917 ROOTCERT_SUCCESS:
918 system ("chmod 600 ${General::swroot}/ovpn/certs/serverkey.pem");
919
920###
921### Enable/Disable connection
922###
923}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
924 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
925 if ($confighash{$cgiparams{'KEY'}}) {
926 my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1].conf|grep -v grep|awk \'{print \$1}\'`;
927 if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
928 $confighash{$cgiparams{'KEY'}}[0] = 'on';
929 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
930 if ($n2nactive eq ''){
931 system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
932 } else {
933 system('/usr/local/bin/openvpnctrl', '-kn2n', $n2nactive);
934 system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
935 }
936 } else {
937 $confighash{$cgiparams{'KEY'}}[0] = 'off';
938 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
939 if ($n2nactive ne ''){
940 system('/usr/local/bin/openvpnctrl', '-kn2n', $n2nactive);
941 }
942 }
943 } else {
944 $errormessage = $Lang::tr{'invalid key'};
945 }
946
947###
948### Download OpenVPN client package
949###
950} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'dl client arch'}) {
951 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
952 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
953 my $file = '';
954 my $clientovpn = '';
955 my @fileholder;
bb89e92a
MT		 956 my $uhost3 = '';
957 my $uhost = `/bin/uname -n`;
958 if ($uhost ne '') {
959 my @uhost2 = split /\./, $uhost;
960 $uhost3 = $uhost2[0];
961 } else {
962 $uhost3 = "IPFire";
963 }
6e13d0a5
MT		 964 my $tempdir = tempdir( CLEANUP => 1 );
965 my $zippath = "$tempdir/";
bb89e92a 966 my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-$uhost3.zip";
6e13d0a5
MT		 967 my $zippathname = "$zippath$zipname";
968 #anna
969 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
970 $zerinaclient = 'true';
971 &Ovpnfunc::writenet2netconf($cgiparams{'KEY'},$zerinaclient);
972 exit(0);
973 }
bb89e92a
MT		 974 $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-$uhost3.ovpn";
975 open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $clientovpn $!";
6e13d0a5
MT		 976 flock CLIENTCONF, 2;
977
978 my $zip = Archive::Zip->new();
979
bb89e92a 980 print CLIENTCONF "#OpenVPN Client conf\r\n";
6e13d0a5
MT		 981 print CLIENTCONF "tls-client\r\n";
982 print CLIENTCONF "client\r\n";
983 print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n";
bb89e92a
MT		 984 if ($vpnsettings{'DPROTOCOL'} eq 'tcp') {
985 print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}-client\r\n";
986 } else {
987 print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n";
988 }
6e13d0a5
MT		 989 print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n";
990 if ( $vpnsettings{'ENABLED'} eq 'on'){
991 print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n";
992 if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&Ovpnfunc::haveBlueNet())){
993 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Blue interface\r\n";
994 print CLIENTCONF ";remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
995 }
996 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&Ovpnfunc::haveOrangeNet())){
997 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n";
998 print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
999 }
1000 } elsif ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&Ovpnfunc::haveBlueNet())){
1001 print CLIENTCONF "remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
1002 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&Ovpnfunc::haveOrangeNet())){
1003 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n";
1004 print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
1005 }
1006 } elsif ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&Ovpnfunc::haveOrangeNet())){
1007 print CLIENTCONF "remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
1008 }
1009
1010 if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
1011 print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n";
1012 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
1013 } else {
1014 print CLIENTCONF "ca cacert.pem\r\n";
1015 print CLIENTCONF "cert $confighash{$cgiparams{'KEY'}}[1]cert.pem\r\n";
1016 print CLIENTCONF "key $confighash{$cgiparams{'KEY'}}[1].key\r\n";
1017 $zip->addFile( "${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
1018 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n";
1019 }
1020 print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
1021 if ($vpnsettings{DCOMPLZO} eq 'on') {
1022 print CLIENTCONF "comp-lzo\r\n";
1023 }
1024 print CLIENTCONF "verb 3\r\n";
1025 print CLIENTCONF "ns-cert-type server\r\n";
1026 close(CLIENTCONF);
1027 $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
1028 my $status = $zip->writeToFileNamed($zippathname);
1029
1030 open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!";
1031 @fileholder = <DLFILE>;
1032 print "Content-Type:application/x-download\n";
1033 print "Content-Disposition:attachment;filename=$zipname\n\n";
1034 print @fileholder;
1035 exit (0);
1036
1037###
1038### Remove connection
1039###
1040} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
1041 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1042 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1043 if ($confighash{$cgiparams{'KEY'}}) {
1044 if ($confighash{$cgiparams{'KEY'}}[19] eq 'yes') {
1045 &Ovpnfunc::killconnection($cgiparams{'KEY'});
1046 &Ovpnfunc::removenet2netconf($cgiparams{'KEY'});
1047 delete $confighash{$cgiparams{'KEY'}};
1048 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1049 } else {
1050 my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
1051 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
1052 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
1053 &Ovpnfunc::killconnection($cgiparams{'KEY'});
1054 &Ovpnfunc::removenet2netconf($cgiparams{'KEY'});
1055 delete $confighash{$cgiparams{'KEY'}};
1056 my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
1057 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1058 }
1059 } else {
1060 $errormessage = $Lang::tr{'invalid key'};
1061 }
1062###
1063### Download PKCS12 file
1064###
1065} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download pkcs12 file'}) {
1066 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1067
1068 print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . ".p12\r\n";
1069 print "Content-Type: application/octet-stream\r\n\r\n";
1070 print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12`;
1071 exit (0);
1072
1073###
1074### Display certificate
1075###
1076} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show certificate'}) {
1077 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1078
1079 if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
1080 &Header::showhttpheaders();
1081 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
1082 &Header::openbigbox('100%', 'LEFT', '', '');
1083 &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:");
1084 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
1085 $output = &Header::cleanhtml($output,"y");
1086 print "<pre>$output</pre>\n";
1087 &Header::closebox();
1088 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1089 &Header::closebigbox();
1090 &Header::closepage();
1091 exit(0);
1092 }
1093###
1094### Display Certificate Revoke List
1095###
1096} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show crl'}) {
1097 if ( -f "${General::swroot}/ovpn/crls/cacrl.pem") {
1098 &Header::showhttpheaders();
1099 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
1100 &Header::openbigbox('100%', 'LEFT', '', '');
1101 &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
1102 my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`;
1103 $output = &Header::cleanhtml($output,"y");
1104 print "<pre>$output</pre>\n";
1105 &Header::closebox();
1106 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1107 &Header::closebigbox();
1108 &Header::closepage();
1109 exit(0);
1110 }
1111
1112###
1113### Advanced Server Settings
1114###
1115
1116} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'advanced server'}) {
1117 %cgiparams = ();
1118 %cahash = ();
1119 %confighash = ();
1120 &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
1121
1122ADV_ERROR:
1123 if ($cgiparams{'MAX_CLIENTS'} eq '') {
1124 $cgiparams{'MAX_CLIENTS'} = '100';
1125 }
1126
1127 if ($cgiparams{'KEEPALIVE_1'} eq '') {
1128 $cgiparams{'KEEPALIVE_1'} = '10';
1129 }
1130 if ($cgiparams{'KEEPALIVE_2'} eq '') {
1131 $cgiparams{'KEEPALIVE_2'} = '60';
1132 }
1133 if ($cgiparams{'LOG_VERB'} eq '') {
1134 $cgiparams{'LOG_VERB'} = '3';
1135 }
1136 if ($cgiparams{'EXTENDED_NICE'} eq '') {
1137 $cgiparams{'EXTENDED_NICE'} = '0';
1138 }
1139 $checked{'CLIENT2CLIENT'}{'off'} = '';
1140 $checked{'CLIENT2CLIENT'}{'on'} = '';
1141 $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
1142 $checked{'REDIRECT_GW_DEF1'}{'off'} = '';
1143 $checked{'REDIRECT_GW_DEF1'}{'on'} = '';
1144 $checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED';
1145 $selected{'LOG_VERB'}{'1'} = '';
1146 $selected{'LOG_VERB'}{'2'} = '';
1147 $selected{'LOG_VERB'}{'3'} = '';
1148 $selected{'LOG_VERB'}{'4'} = '';
1149 $selected{'LOG_VERB'}{'5'} = '';
1150 $selected{'LOG_VERB'}{'6'} = '';
1151 $selected{'LOG_VERB'}{'7'} = '';
1152 $selected{'LOG_VERB'}{'8'} = '';
1153 $selected{'LOG_VERB'}{'9'} = '';
1154 $selected{'LOG_VERB'}{'10'} = '';
1155 $selected{'LOG_VERB'}{'11'} = '';
1156 $selected{'LOG_VERB'}{'0'} = '';
1157 $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
1158
1159 #################################################################################
1160 # Added by Philipp Jenni #
1161 # #
1162 # Contact: philipp.jenni-at-gmx.ch #
1163 # Date: 2006-04-22 #
1164 # Description: Definitions to set the FASTIO Checkbox #
1165 # Definitions to set the MTUDISC Checkbox #
1166 # Definitions to set the NICE Selectionbox #
1167 #################################################################################
1168 $checked{'EXTENDED_FASTIO'}{'off'} = '';
1169 $checked{'EXTENDED_FASTIO'}{'on'} = '';
1170 $checked{'EXTENDED_FASTIO'}{$cgiparams{'EXTENDED_FASTIO'}} = 'CHECKED';
1171 $checked{'EXTENDED_MTUDISC'}{'off'} = '';
1172 $checked{'EXTENDED_MTUDISC'}{'on'} = '';
1173 $checked{'EXTENDED_MTUDISC'}{$cgiparams{'EXTENDED_MTUDISC'}} = 'CHECKED';
1174 $selected{'EXTENDED_NICE'}{'-13'} = '';
1175 $selected{'EXTENDED_NICE'}{'-10'} = '';
1176 $selected{'EXTENDED_NICE'}{'-7'} = '';
1177 $selected{'EXTENDED_NICE'}{'-3'} = '';
1178 $selected{'EXTENDED_NICE'}{'0'} = '';
1179 $selected{'EXTENDED_NICE'}{'3'} = '';
1180 $selected{'EXTENDED_NICE'}{'7'} = '';
1181 $selected{'EXTENDED_NICE'}{'10'} = '';
1182 $selected{'EXTENDED_NICE'}{'13'} = '';
1183 $selected{'EXTENDED_NICE'}{$cgiparams{'EXTENDED_NICE'}} = 'SELECTED';
1184 #################################################################################
1185 # End of inserted Data #
1186 #################################################################################
1187
1188 &Header::showhttpheaders();
1189 &Header::openpage($Lang::tr{'status ovpn'}, 1, '');
1190 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
1191 if ($errormessage) {
1192 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
1193 print "<class name='base'>$errormessage\n";
1194 print "&nbsp;</class>\n";
1195 &Header::closebox();
1196 }
1197 &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'});
1198 print <<END
1199 <form method='post' enctype='multipart/form-data'>
1200 <table width='100%'>
1201 <tr>
1202 <td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
1203 </tr>
1204 <tr>
1205 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1206 </tr>
1207 <tr>
1208 <td class='base'>Domain</td>
1209 <td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30' /></td>
1210 </tr>
1211 <tr>
1212 <td class='base'>DNS</td>
1213 <td><input type='TEXT' name='DHCP_DNS' value='$cgiparams{'DHCP_DNS'}' size='30' /></td>
1214 </tr>
1215 <tr>
1216 <td class='base'>WINS</td>
1217 <td><input type='TEXT' name='DHCP_WINS' value='$cgiparams{'DHCP_WINS'}' size='30' /></td>
1218 </tr>
1219</table>
1220<hr size='1'>
1221<!-- Additional push route START-->
1222 <table width='100%'>
1223 <tr>
1224 <td colspan='4'><b>$Lang::tr{'add-route'}</b></td>
1225 </tr>
1226 <tr>
1227 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1228 </tr>
1229 <tr>
1230 <td class='base'>$Lang::tr{'subnet'} 1</td>
1231 <td><input type='TEXT' name='AD_ROUTE1' value='$cgiparams{'AD_ROUTE1'}' size='30' /></td>
1232 </tr>
1233 <tr>
1234 <td class='base'>$Lang::tr{'subnet'} 2</td>
1235 <td><input type='TEXT' name='AD_ROUTE2' value='$cgiparams{'AD_ROUTE2'}' size='30' /></td>
1236 </tr>
1237 <tr>
1238 <td class='base'>$Lang::tr{'subnet'} 3</td>
1239 <td><input type='TEXT' name='AD_ROUTE3' value='$cgiparams{'AD_ROUTE3'}' size='30' /></td>
1240 </tr>
1241</table>
1242<hr size='1'>
1243<!-- Additional push route END-->
1244 <table width='100%'>
1245 <tr>
1246 <td class'base'><b>$Lang::tr{'misc-options'}</b></td>
1247 </tr>
1248 <tr>
1249 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1250 </tr>
1251 <tr>
1252 <td class='base'>Client-To-Client</td>
1253 <td><input type='checkbox' name='CLIENT2CLIENT' $checked{'CLIENT2CLIENT'}{'on'} /></td>
1254 </tr>
1255 <tr>
1256 <td class='base'>Redirect-Gateway def1</td>
1257 <td><input type='checkbox' name='REDIRECT_GW_DEF1' $checked{'REDIRECT_GW_DEF1'}{'on'} /></td>
1258 </tr>
1259 <tr>
1260 <td class='base'>Max-Clients</td>
1261 <td><input type='text' name='MAX_CLIENTS' value='$cgiparams{'MAX_CLIENTS'}' size='30' /></td>
1262 </tr>
1263 <td class='base'>Keppalive (ping/ping-restart)</td>
1264 <td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='30' /></td>
1265 <td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='30' /></td>
1266 </tr>
1267
1268<!--
1269 #################################################################################
1270 # Added by Philipp Jenni #
1271 # #
1272 # Contact: philipp.jenni-at-gmx.ch #
1273 # Date: 2006-04-22 #
1274 # Description: Add the FAST-IO Checkbox to the HTML Form #
1275 # Add the NICE Selectionbox to the HTML Form #
1276 # Add the MTU-DISC Checkbox to the HTML Form #
1277 # Add the MSSFIX Textbox to the HTML Form #
1278 # Add the FRAMGMENT Textbox to the HTML Form #
1279 # Updates: #
1280 # 2006-04-27 Include Multilanguage-Support #
1281 #################################################################################
1282-->
1283 </tr>
1284 <tr>
1285 <td class='base'>$Lang::tr{'ovpn_processprio'}</td>
1286 <td>
1287 <select name='EXTENDED_NICE'>
1288 <option value='-13' $selected{'EXTENDED_NICE'}{'-13'}>$Lang::tr{'ovpn_processprioEH'}</option>
1289 <option value='-10' $selected{'EXTENDED_NICE'}{'-10'}>$Lang::tr{'ovpn_processprioVH'}</option>
1290 <option value='-7' $selected{'EXTENDED_NICE'}{'-7'}>$Lang::tr{'ovpn_processprioH'}</option>
1291 <option value='-3' $selected{'EXTENDED_NICE'}{'-3'}>$Lang::tr{'ovpn_processprioEN'}</option>
1292 <option value='0' $selected{'EXTENDED_NICE'}{'0'}>$Lang::tr{'ovpn_processprioN'}</option>
1293 <option value='3' $selected{'EXTENDED_NICE'}{'3'}>$Lang::tr{'ovpn_processprioLN'}</option>
1294 <option value='7' $selected{'EXTENDED_NICE'}{'7'}>$Lang::tr{'ovpn_processprioD'}</option>
1295 <option value='10' $selected{'EXTENDED_NICE'}{'10'}>$Lang::tr{'ovpn_processprioVD'}</option>
1296 <option value='13' $selected{'EXTENDED_NICE'}{'13'}>$Lang::tr{'ovpn_processprioED'}</option>
1297 </select>
1298 </td>
1299 </tr>
1300 <tr>
1301 <td class='base'>$Lang::tr{'ovpn_fastio'}</td>
1302 <td>
1303 <input type='checkbox' name='EXTENDED_FASTIO' $checked{'EXTENDED_FASTIO'}{'on'} />
1304 </td>
1305 </tr>
1306 <tr>
1307 <td class='base'>$Lang::tr{'ovpn_mtudisc'}</td>
1308 <td>
1309 <input type='checkbox' name='EXTENDED_MTUDISC' $checked{'EXTENDED_MTUDISC'}{'on'} />
1310 </td>
1311 </tr>
1312 <tr>
1313 <td class='base'>$Lang::tr{'ovpn_mssfix'}</td>
1314 <td>
1315 <input type='TEXT' name='EXTENDED_MSSFIX' value='$cgiparams{'EXTENDED_MSSFIX'}' size='30'/>
1316 </td>
1317 </tr>
1318 <tr>
1319 <td class='base'>$Lang::tr{'ovpn_fragment'}</td>
1320 <td>
1321 <input type='TEXT' name='EXTENDED_FRAGMENT' value='$cgiparams{'EXTENDED_FRAGMENT'}' size='30'/>
1322 </td>
1323 </tr>
1324
1325<!--
1326 #################################################################################
1327 # End of Inserted Data #
1328 #################################################################################
1329-->
1330
1331
1332</table>
1333<hr size='1'>
1334 <table width='100%'>
1335 <tr>
1336 <td class'base'><b>$Lang::tr{'log-options'}</b></td>
1337 </tr>
1338 <tr>
1339 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1340 </tr>
1341
1342 <tr><td class='base'>VERB</td>
1343 <td><select name='LOG_VERB'><option value='1' $selected{'LOG_VERB'}{'1'}>1</option>
1344 <option value='2' $selected{'LOG_VERB'}{'2'}>2</option>
1345 <option value='3' $selected{'LOG_VERB'}{'3'}>3</option>
1346 <option value='4' $selected{'LOG_VERB'}{'4'}>4</option>
1347 <option value='5' $selected{'LOG_VERB'}{'5'}>5</option>
1348 <option value='6' $selected{'LOG_VERB'}{'6'}>6</option>
1349 <option value='7' $selected{'LOG_VERB'}{'7'}>7</option>
1350 <option value='8' $selected{'LOG_VERB'}{'8'}>8</option>
1351 <option value='9' $selected{'LOG_VERB'}{'9'}>9</option>
1352 <option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
1353 <option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
1354 <option value='0' $selected{'LOG_VERB'}{'0'}>0</option></select></td>
1355<!--
1356 #################################################################################
1357 # Added by Philipp Jenni #
1358 # #
1359 # Contact: philipp.jenni-at-gmx.ch #
1360 # Date: 2006-04-22 #
1361 # Description: Required </TR> Command from this Table #
1362 #################################################################################
1363-->
1364 </tr>
1365<!--
1366 #################################################################################
1367 # End of Inserted Data #
1368 #################################################################################
1369-->
1370
1371</table>
1372<hr size='1'>
1373<table width='100%'>
1374<tr>
1375 <td>&nbsp;</td>
1376 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' /></td>
1377 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
1378 <td>&nbsp;</td>
1379</tr>
1380</table>
1381</form>
1382END
1383;
1384
1385 &Header::closebox();
1386 &Header::closebigbox();
1387 &Header::closepage();
1388 exit(0);
1389
1390###
1391### Openvpn Connections Statistics
1392###
1393} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ovpn con stat'}) {
1394 &Header::showhttpheaders();
1395 &Header::openpage($Lang::tr{'ovpn con stat'}, 1, '');
1396 &Header::openbigbox('100%', 'LEFT', '', '');
1397 &Header::openbox('100%', 'LEFT', $Lang::tr{'ovpn con stat'});
1398
1399#
1400# <td><b>$Lang::tr{'protocol'}</b></td>
1401# protocol temp removed
1402 print <<END
1403 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
1404 <tr>
1405 <td><b>$Lang::tr{'common name'}</b></td>
1406 <td><b>$Lang::tr{'real address'}</b></td>
1407 <td><b>$Lang::tr{'virtual address'}</b></td>
1408 <td><b>$Lang::tr{'loged in at'}</b></td>
1409 <td><b>$Lang::tr{'bytes sent'}</b></td>
1410 <td><b>$Lang::tr{'bytes received'}</b></td>
1411 <td><b>$Lang::tr{'last activity'}</b></td>
1412 </tr>
1413END
1414;
1415 my $filename = "/var/log/ovpnserver.log";
1416 open(FILE, $filename) or die 'Unable to open config file.';
1417 my @current = <FILE>;
1418 close(FILE);
1419 my @users =();
1420 my $status;
1421 my $uid = 0;
1422 my $cn;
1423 my @match = ();
1424 my $proto = "udp";
1425 my $address;
1426 my %userlookup = ();
1427 foreach my $line (@current)
1428 {
1429 chomp($line);
1430 if ( $line =~ /^Updated,(.+)/){
1431 @match = split( /^Updated,(.+)/, $line);
1432 $status = $match[1];
1433 }
1434 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
1435 @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
1436 if ($match[1] ne "Common Name") {
1437 $cn = $match[1];
1438 $userlookup{$match[2]} = $uid;
1439 $users[$uid]{'CommonName'} = $match[1];
1440 $users[$uid]{'RealAddress'} = $match[2];
1441 $users[$uid]{'BytesReceived'} = &Ovpnfunc::sizeformat($match[3]);
1442 $users[$uid]{'BytesSent'} = &Ovpnfunc::sizeformat($match[4]);
1443 $users[$uid]{'Since'} = $match[5];
1444 $users[$uid]{'Proto'} = $proto;
1445 $uid++;
1446 }
1447 }
1448 if ( $line =~ /^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/) {
1449 @match = split(m/^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/, $line);
1450 if ($match[1] ne "Virtual Address") {
1451 $address = $match[3];
1452 #find the uid in the lookup table
1453 $uid = $userlookup{$address};
1454 $users[$uid]{'VirtualAddress'} = $match[1];
1455 $users[$uid]{'LastRef'} = $match[4];
1456 }
1457 }
1458 }
1459 my $user2 = @users;
1460 if ($user2 >= 1){
1461 for (my $idx = 1; $idx <= $user2; $idx++){
1462 if ($idx % 2) {
1463 print "<tr bgcolor='${Header::table1colour}'>\n";
1464 } else {
1465 print "<tr bgcolor='${Header::table2colour}'>\n";
1466 }
1467 print "<td align='left'>$users[$idx-1]{'CommonName'}</td>";
1468 print "<td align='left'>$users[$idx-1]{'RealAddress'}</td>";
1469 print "<td align='left'>$users[$idx-1]{'VirtualAddress'}</td>";
1470 print "<td align='left'>$users[$idx-1]{'Since'}</td>";
1471 print "<td align='left'>$users[$idx-1]{'BytesSent'}</td>";
1472 print "<td align='left'>$users[$idx-1]{'BytesReceived'}</td>";
1473 print "<td align='left'>$users[$idx-1]{'LastRef'}</td>";
1474# print "<td align='left'>$users[$idx-1]{'Proto'}</td>";
1475 }
1476 }
1477
1478 print "</table>";
1479 print <<END
1480 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
1481 <tr><td></td></tr>
1482 <tr><td></td></tr>
1483 <tr><td></td></tr>
1484 <tr><td></td></tr>
1485 <tr><td align='center' >$Lang::tr{'the statistics were last updated at'} <b>$status</b></td></tr>
1486 </table>
1487END
1488;
1489 &Header::closebox();
1490 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1491 &Header::closebigbox();
1492 &Header::closepage();
1493 exit(0);
1494
1495###
1496### Download Certificate
1497###
1498} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download certificate'}) {
1499 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1500 if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
1501 print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\r\n";
1502 print "Content-Type: application/octet-stream\r\n\r\n";
1503 print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
1504 exit (0);
1505 }
1506
1507###
1508### Restart connection
1509###
1510} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'restart'}) {
1511 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1512 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1513
1514 if ($confighash{$cgiparams{'KEY'}}) {
1515 } else {
1516 $errormessage = $Lang::tr{'invalid key'};
1517 }
1518
1519###
1520### Choose between adding a host-net or net-net connection
1521###
1522} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') {
1523 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1524 &Header::showhttpheaders();
1525 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
1526 &Header::openbigbox('100%', 'LEFT', '', '');
bb89e92a 1527 &Header::openbox('100%', 'LEFT', "Net to Net $Lang::tr{'connection type'}");
6e13d0a5
MT		 1528 print <<END
1529 <b>$Lang::tr{'connection type'}:</b><br />
1530 <table><form method='post' enctype='multipart/form-data'>
bb89e92a 1531 <tr><td><input type='radio' name='TYPE' value='net' checked /></td>
6e13d0a5
MT		 1532 <td class='base'>$Lang::tr{'net to net vpn'}</td></tr>
1533 <tr><td><input type='radio' name='TYPE' value='zerinan2n' /></td>
1534 <td class='base'>upload a ZERINA Net-to-Net package</td>
1535 <td class='base'><input type='file' name='FH' size='30'></td></tr>
1536 <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
1537 </form></table>
1538END
1539 ;
1540 &Header::closebox();
1541 &Header::closebigbox();
1542 &Header::closepage();
1543 exit (0);
1544
1545###
1546### uploading a ZERINA n2n connection package
1547###
1548} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'zerinan2n')){
1549 my @zerinaconf;
1550 my @confdetails;
1551 my $uplconffilename ='';
1552 my $uplp12name = '';
1553 my $complzoactive ='';
1554 my @rem_subnet;
1555 my @rem_subnet2;
1556 my @tmposupnet3;
1557 my $key;
1558 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1559# Move uploaded ZERINA n2n package to a temporary file
1560 if (ref ($cgiparams{'FH'}) ne 'Fh') {
1561 $errormessage = $Lang::tr{'there was no file upload'};
1562 goto ZERINA_ERROR;
1563 }
1564 # Move uploaded ca to a temporary file
1565 (my $fh, my $filename) = tempfile( );
1566 if (copy ($cgiparams{'FH'}, $fh) != 1) {
1567 $errormessage = $!;
1568 goto ZERINA_ERROR;
1569 }
1570
1571 my $zip = Archive::Zip->new();
1572 my $zipName = $filename;
1573 my $status = $zip->read( $zipName );
1574 if ($status != AZ_OK) {
1575 $errormessage = "Read of $zipName failed\n";
1576 goto ZERINA_ERROR;
1577 }
1578 #my $tempdir = tempdir( CLEANUP => 1 );
1579 my $tempdir = tempdir();
1580 my @files = $zip->memberNames();
1581 for(@files) {
1582 $zip->extractMemberWithoutPaths($_,"$tempdir/$_");
1583 }
1584 my $countfiles = @files;
1585 # see if we have 2 files
1586 if ( $countfiles == 2){
1587 foreach (@files){
1588 if ( $_ =~ /.conf$/){
1589 $uplconffilename = $_;
1590 }
1591 if ( $_ =~ /.p12$/){
1592 $uplp12name = $_;
1593 }
1594 }
1595 if (($uplconffilename eq '') || ($uplp12name eq '')){
1596 $errormessage = "Either no *.conf or no *.p12 file found\n";
1597 goto ZERINA_ERROR;
1598 }
1599 open(FILE, "$tempdir/$uplconffilename") or die 'Unable to open*.conf file';
1600 @zerinaconf = <FILE>;
1601 close (FILE);
1602 chomp(@zerinaconf);
1603 } else {
1604 # only 2 files are allowed
1605 $errormessage = "Filecount does not match only 2 files are allowed\n";
1606 goto ZERINA_ERROR;
1607 }
1608 #prepare imported data not elegant, will be changed later
1609 my $ufuk = (@zerinaconf);
1610 push(@confdetails, substr($zerinaconf[0],4));#dev tun 0
1611 push(@confdetails, substr($zerinaconf[1],8));#mtu value 1
1612 push(@confdetails, substr($zerinaconf[2],6));#protocol 2
bb89e92a
MT		 1613 if ($confdetails[2] eq 'tcp-client' || $confdetails[2] eq 'tcp-server') {
1614 $confdetails[2] = 'tcp';
1615 }
6e13d0a5
MT		 1616 push(@confdetails, substr($zerinaconf[3],5));#port 3
1617 push(@confdetails, substr($zerinaconf[4],9));#ovpn subnet 4
1618 push(@confdetails, substr($zerinaconf[5],7));#remote ip 5
1619 push(@confdetails, $zerinaconf[6]); #tls-server/tls-client 6
1620 push(@confdetails, substr($zerinaconf[7],7));#pkcs12 name 7
1621 push(@confdetails, substr($zerinaconf[$ufuk-1],1));#remote subnet 8
1622 push(@confdetails, substr($zerinaconf[9],10));#keepalive 9
1623 push(@confdetails, substr($zerinaconf[10],7));#cipher 10
1624 if ($ufuk == 14) {
1625 push(@confdetails, $zerinaconf[$ufuk-3]);#complzo 11
1626 $complzoactive = "on";
1627 } else {
1628 $complzoactive = "off";
1629 }
1630 push(@confdetails, substr($zerinaconf[$ufuk-2],5));#verb 12
1631 push(@confdetails, substr($zerinaconf[8],6));#localsubnet 13
1632 #push(@confdetails, substr($uplconffilename,0,-5));#connection Name 14
1633 push(@confdetails, substr($uplp12name,0,-4));#connection Name 14
1634 #chomp(@confdetails);
1635 foreach my $dkey (keys %confighash) {#Check if there is no other entry with this name
1636 if ($confighash{$dkey}[1] eq $confdetails[$ufuk]) {
1637 $errormessage = $Lang::tr{'a connection with this name already exists'};
1638 goto ZERINA_ERROR;
1639 }
1640 }
1641 if ($confdetails[$ufuk] eq 'server') {
1642 $errormessage = $Lang::tr{'server reserved'};
1643 goto ZERINA_ERROR;
1644 }
1645 @rem_subnet2 = split(/ /,$confdetails[4]);
1646 @tmposupnet3 = split /\./,$rem_subnet2[0];
1647 $errormessage = &Ovpnfunc::ovelapplausi("$tmposupnet3[0].$tmposupnet3[1].$tmposupnet3[2].0","255.255.255.0");
1648 if ($errormessage ne ''){
1649 goto ZERINA_ERROR;
1650 }
1651
1652 $key = &General::findhasharraykey (\%confighash);
1653 foreach my $i (0 .. 42) { $confighash{$key}[$i] = "";}
1654 $confighash{$key}[0] = 'off';
1655 $confighash{$key}[1] = $confdetails[$ufuk];
1656 #$confighash{$key}[2] = $confdetails[7];
1657 $confighash{$key}[2] = $confdetails[$ufuk];
1658 $confighash{$key}[3] = 'net';
1659 $confighash{$key}[4] = 'cert';
1660 $confighash{$key}[6] = 'client';
1661 $confighash{$key}[8] = $confdetails[8];
1662 @rem_subnet = split(/ /,$confdetails[$ufuk-1]);
1663 $confighash{$key}[11] = "$rem_subnet[0]/$rem_subnet[1]";
1664 $confighash{$key}[10] = $confdetails[5];
1665 $confighash{$key}[25] = 'imported';
1666 $confighash{$key}[12] = 'red';
1667 my @tmposupnet = split(/ /,$confdetails[4]);
1668 my @tmposupnet2 = split /\./,$tmposupnet[0];
1669 $confighash{$key}[13] = "$tmposupnet2[0].$tmposupnet2[1].$tmposupnet2[2].0/255.255.255.0";
1670 $confighash{$key}[14] = $confdetails[2];
1671 $confighash{$key}[15] = $confdetails[3];
1672 $confighash{$key}[16] = $complzoactive;
1673 $confighash{$key}[17] = $confdetails[1];
1674 $confighash{$key}[18] = '';# nn2nvpn_ip
bb89e92a
MT		 1675 $confighash{$key}[19] = 'yes';# nn2nvpn_ip
1676 $confighash{$key}[20] = $confdetails[10];
6e13d0a5
MT		 1677 $cgiparams{'KEY'} = $key;
1678 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
bb89e92a
MT		 1679 mkdir("${General::swroot}/ovpn/n2nconf/$confdetails[$ufuk]", 0770);
1680 move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$confdetails[$ufuk]/$uplconffilename");
6e13d0a5
MT		 1681 if ($? ne 0) {
1682 $errormessage = "*.conf move failed: $!";
1683 unlink ($filename);
1684 goto ZERINA_ERROR;
1685 }
bb89e92a 1686 move("$tempdir/$uplp12name", "${General::swroot}/ovpn/n2nconf/$confdetails[$ufuk]/$uplp12name");
6e13d0a5
MT		 1687 if ($? ne 0) {
1688 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1689 unlink ($filename);
1690 goto ZERINA_ERROR;
1691 }
1692 ZERINA_ERROR:
1693
1694 &Header::showhttpheaders();
1695 &Header::openpage('Validate imported configuration', 1, '');
1696 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
1697 if ($errormessage) {
1698 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
1699 print "<class name='base'>$errormessage";
1700 print "&nbsp;</class>";
1701 &Header::closebox();
1702 } else {
1703 &Header::openbox('100%', 'LEFT', 'Validate imported configuration');
1704 }
1705 if ($errormessage eq ''){
1706 print <<END
1707 <!-- net2net config gui -->
1708 <tr><td width='25%'>&nbsp;</td>
1709 <td width='25%'>&nbsp;</td></tr>
1710 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'name'}:</td>
1711 <td><b>$confdetails[$ufuk]</b></td></tr>
1712 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td>
1713 <td><b>$confdetails[6]</b></td>
1714 <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
1715 <td><b>$confdetails[5]</b></td></tr>
1716 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
1717 <td><b>$confighash{$key}[8]</b></td>
1718 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td>
1719 <td><b>$confighash{$key}[11]</b></td></tr>
1720 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td>
1721 <td><b>$confighash{$key}[$ufuk-1]</b></td></tr>
1722 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
1723 <td><b>$confdetails[2]</b></td>
1724 <td class='boldbase'>$Lang::tr{'destination port'}:</td>
1725 <td><b>$confdetails[3]</b></td></tr>
1726 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
1727 <td><b>$complzoactive</b></td>
1728 <td class='boldbase'>$Lang::tr{'cipher'}</td>
1729 <td><b>$confdetails[10]</b></td></tr>
1730 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;<img src='/blob.gif' /></td>
1731 <td><b>$confdetails[1]</b></td></tr>
1732END
1733;
1734
1735 &Header::closebox();
1736 }
1737 if ($errormessage) {
1738 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1739 } else {
1740 print "<div align='center'><form method='post' enctype='multipart/form-data'><input type='submit' name='ACTION' value='Approved' />";
1741 print "<input type='hidden' name='TYPE' value='zerinan2n' />";
1742 print "<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />";
1743 print "<input type='submit' name='ACTION' value='Discard' /></div></form>";
1744 }
1745 &Header::closebigbox();
1746 &Header::closepage();
1747 exit(0);
1748
1749###
1750### Approve Zerina n2n
1751###
1752} elsif (($cgiparams{'ACTION'} eq 'Approved') && ($cgiparams{'TYPE'} eq 'zerinan2n')){
1753 &Ovpnfunc::writenet2netconf($cgiparams{'KEY'},$zerinaclient);
1754###
1755### Discard Zerina n2n
1756###
1757} elsif (($cgiparams{'ACTION'} eq 'Discard') && ($cgiparams{'TYPE'} eq 'zerinan2n')){
1758 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1759 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1760
1761 if ($confighash{$cgiparams{'KEY'}}) {
1762 &Ovpnfunc::removenet2netconf();
1763 delete $confighash{$cgiparams{'KEY'}};
1764 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1765 } else {
1766 $errormessage = $Lang::tr{'invalid key'};
1767 }
1768###
1769### Adding a new connection
1770###
1771} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) ||
1772 ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) ||
1773 ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) {
1774
1775 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1776 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1777 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1778
1779 if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
1780 if (! $confighash{$cgiparams{'KEY'}}[0]) {
1781 $errormessage = $Lang::tr{'invalid key'};
1782 goto VPNCONF_END;
1783 }
1784 $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0];
1785 $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1];
1786 $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
1787 $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
1788 $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
1789 $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6];
1790 $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
1791 $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10];
1792 $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
1793 $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25];
1794 $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[12];
1795 $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[13];#new fields
1796 $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[14];
1797 $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[15];
1798 $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[16];
1799 $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[17];
1800 $cgiparams{'N2NVPN_IP'} = $confighash{$cgiparams{'KEY'}}[18];#new fields
1801 $cgiparams{'ZERINA_CLIENT'} = $confighash{$cgiparams{'KEY'}}[19];#new fields
1802 $cgiparams{'CIPHER'} = $confighash{$cgiparams{'KEY'}}[20];#new fields
1803 if ($cgiparams{'ZERINA_CLIENT'} eq ''){
1804 $cgiparams{'ZERINA_CLIENT'} = 'no';
1805 }
bb89e92a 1806 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {#ab hiere error uebernehmen
6e13d0a5
MT		 1807 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
1808 # n2n error
1809 if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
1810 $errormessage = $Lang::tr{'connection type is invalid'};
1811 goto VPNCONF_ERROR;
1812 }
1813 if ($cgiparams{'NAME'} !~ /^[a-zA-Z0-9]+$/) {
1814 $errormessage = $Lang::tr{'name must only contain characters'};
1815 goto VPNCONF_ERROR;
1816 }
1817 if ($cgiparams{'NAME'} =~ /^(host|01|block|private|clear|packetdefault|server)$/) {
1818 $errormessage = $Lang::tr{'name is invalid'};
1819 goto VPNCONF_ERROR;
1820 }
1821 if (length($cgiparams{'NAME'}) >60) {
1822 $errormessage = $Lang::tr{'name too long'};
1823 goto VPNCONF_ERROR;
1824 }
1825 if (! $cgiparams{'KEY'}) {# Check if there is no other entry with this name
1826 foreach my $key (keys %confighash) {
1827 if ($confighash{$key}[1] eq $cgiparams{'NAME'}) {
1828 $errormessage = $Lang::tr{'a connection with this name already exists'};
1829 goto VPNCONF_ERROR;
1830 }
1831 }
1832 }
1833 if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) {
1834 $errormessage = $Lang::tr{'invalid input for remote host/ip'};
1835 goto VPNCONF_ERROR;
1836 }
1837 if ($cgiparams{'REMOTE'}) {
1838 if (! &General::validip($cgiparams{'REMOTE'})) {
1839 if (! &General::validfqdn ($cgiparams{'REMOTE'})) {
1840 $errormessage = $Lang::tr{'invalid input for remote host/ip'};
1841 goto VPNCONF_ERROR;
1842 } else {
1843 if (&Ovpnfunc::valid_dns_host($cgiparams{'REMOTE'})) {
1844 $warnmessage = "$Lang::tr{'check vpn lr'} $cgiparams{'REMOTE'}. $Lang::tr{'dns check failed'}";
1845 }
1846 }
1847 }
1848 }
1849 if ($cgiparams{'TYPE'} ne 'host') {
1850 unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) {
1851 $errormessage = $Lang::tr{'local subnet is invalid'};
1852 goto VPNCONF_ERROR;
1853 }
1854 }
1855 #hier1
1856 my @tmpovpnsubnet = split("\/",$cgiparams{'LOCAL_SUBNET'});
1857 $tmpovpnsubnet[1] = &Ovpnfunc::cidrormask($tmpovpnsubnet[1]);
1858 $cgiparams{'LOCAL_SUBNET'} = "$tmpovpnsubnet[0]/$tmpovpnsubnet[1]";#convert from cidr
1859 #hier1
1860 if ($cgiparams{'REMOTE'} eq '') {# Check if there is no other entry without IP-address and PSK
1861 foreach my $key (keys %confighash) {
1862 if(($cgiparams{'KEY'} ne $key) && ($confighash{$key}[4] eq 'psk' || $cgiparams{'AUTH'} eq 'psk') && $confighash{$key}[10] eq '') {
1863 $errormessage = $Lang::tr{'you can only define one roadwarrior connection when using pre-shared key authentication'};
1864 goto VPNCONF_ERROR;
1865 }
1866 }
1867 }
1868 if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) {
1869 $errormessage = $Lang::tr{'remote subnet is invalid'};
1870 goto VPNCONF_ERROR;
1871 }
1872 #hier2
1873 my @tmpovpnsubnet = split("\/",$cgiparams{'REMOTE_SUBNET'});
1874 $tmpovpnsubnet[1] = &Ovpnfunc::cidrormask($tmpovpnsubnet[1]);
1875 $cgiparams{'REMOTE_SUBNET'} = "$tmpovpnsubnet[0]/$tmpovpnsubnet[1]";#convert from cidr
1876 #hier2
1877 if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
1878 $errormessage = $Lang::tr{'invalid input'};
1879 goto VPNCONF_ERROR;
1880 }
1881 if ($cgiparams{'EDIT_ADVANCED'} !~ /^(on|off)$/) {
1882 $errormessage = $Lang::tr{'invalid input'};
1883 goto VPNCONF_ERROR;
1884 }
1885 if ($cgiparams{'ENABLED'} eq 'on'){
1886 $errormessage = &Ovpnfunc::disallowreserved($cgiparams{'DEST_PORT'},0,$cgiparams{'PROTOCOL'},"dest");
1887 }
1888 if ($errormessage) { goto VPNCONF_ERROR; }
1889
1890 if ($cgiparams{'ENABLED'} eq 'on'){
1891 $errormessage = &Ovpnfunc::checkportfw(0,$cgiparams{'DEST_PORT'},$cgiparams{'PROTOCOL'},'0.0.0.0');
1892 }
1893 if ($errormessage) { goto VPNCONF_ERROR; }
1894#raul
1895 if ($cgiparams{'TYPE'} eq 'net') {
1896 if (! &General::validipandmask($cgiparams{'OVPN_SUBNET'})) {
1897 $errormessage = $Lang::tr{'ovpn subnet is invalid'};
1898 goto VPNCONF_ERROR;
1899 }
1900 #hier3
1901 my @tmpovpnsubnet = split("\/",$cgiparams{'OVPN_SUBNET'});
1902 $tmpovpnsubnet[1] = &Ovpnfunc::cidrormask($tmpovpnsubnet[1]);
1903 $cgiparams{'OVPN_SUBNET'} = "$tmpovpnsubnet[0]/$tmpovpnsubnet[1]";#convert from cidr
1904 #hier3
1905 #plausi2
1906 $errormessage = &Ovpnfunc::ovelapplausi($tmpovpnsubnet[0],$tmpovpnsubnet[1]);
1907 #plausi2
1908 if ($errormessage ne ''){
1909 goto VPNCONF_ERROR;
1910 }
1911 if ((length($cgiparams{'MTU'})==0) || (($cgiparams{'MTU'}) < 1000 )) {
1912 $errormessage = $Lang::tr{'invalid mtu input'};
1913 goto VPNCONF_ERROR;
1914 }
1915 unless (&General::validport($cgiparams{'DEST_PORT'})) {
1916 $errormessage = $Lang::tr{'invalid port'};
1917 goto VPNCONF_ERROR;
1918 }
1919 # check protcol/port overlap against existing connections gian
1920 foreach my $dkey (keys %confighash) {#Check if there is no other entry with this name
1921 if ($dkey ne $cgiparams{'KEY'}) {
1922 if ($confighash{$dkey}[14] eq $cgiparams{'PROTOCOL'} && $confighash{$dkey}[15] eq $cgiparams{'DEST_PORT'}){
1923 #if ($confighash{$dkey}[14] eq 'on') {
1924 $errormessage = "Choosed Protocol/Port combination is already used by connection: $confighash{$dkey}[1]";
1925 goto VPNCONF_ERROR;
1926 #} else {
1927 # $warnmessage = "Choosed Protcol/Port combination is used by inactive connection: $confighash{$dkey}[1]";
1928 #}
1929 }
1930 }
1931 }
1932 #check protcol/port overlap against RWserver gian
1933 if ($vpnsettings{'ENABLED'} eq 'on') {
1934 if ($vpnsettings{'DPROTOCOL'} eq $cgiparams{'PROTOCOL'} && $vpnsettings{'DDEST_PORT'} eq $cgiparams{'DEST_PORT'}){
1935 $errormessage = "Choosed Protocol/Port combination is already used OpenVPN Roadwarrior Server";
1936 goto VPNCONF_ERROR;
1937 }
1938 }
1939 }
1940 if ($cgiparams{'AUTH'} eq 'psk') {
1941 #removed
1942 } elsif ($cgiparams{'AUTH'} eq 'certreq') {
1943 # {
1944 if ($cgiparams{'KEY'}) {
1945 $errormessage = $Lang::tr{'cant change certificates'};
1946 goto VPNCONF_ERROR;
1947 }
1948 if (ref ($cgiparams{'FH'}) ne 'Fh') {
1949 $errormessage = $Lang::tr{'there was no file upload'};
1950 goto VPNCONF_ERROR;
1951 }
1952 (my $fh, my $filename) = tempfile( );# Move uploaded certificate request to a temporary file
1953 if (copy ($cgiparams{'FH'}, $fh) != 1) {
1954 $errormessage = $!;
1955 goto VPNCONF_ERROR;
1956 }
1957 # Sign the certificate request and move it
1958 # Sign the host certificate request
1959 system('/usr/bin/openssl', 'ca', '-days', '999999',
1960 '-batch', '-notext',
1961 '-in', $filename,
1962 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
1963 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf");
1964 if ($?) {
1965 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1966 unlink ($filename);
1967 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
1968 &Ovpnfunc::newcleanssldatabase();
1969 goto VPNCONF_ERROR;
1970 } else {
1971 unlink ($filename);
1972 &Ovpnfunc::deletebackupcert();
1973 }
1974 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
1975 $temp =~ /Subject:.*CN=(.*)[\n]/;
1976 $temp = $1;
1977 $temp =~ s+/Email+, E+;
1978 $temp =~ s/ ST=/ S=/;
1979 $cgiparams{'CERT_NAME'} = $temp;
1980 $cgiparams{'CERT_NAME'} =~ s/,//g;
1981 $cgiparams{'CERT_NAME'} =~ s/\'//g;
1982 if ($cgiparams{'CERT_NAME'} eq '') {
1983 $errormessage = $Lang::tr{'could not retrieve common name from certificate'};
1984 goto VPNCONF_ERROR;
1985 }
1986 } elsif ($cgiparams{'AUTH'} eq 'certfile') {
1987 if ($cgiparams{'KEY'}) {
1988 $errormessage = $Lang::tr{'cant change certificates'};
1989 goto VPNCONF_ERROR;
1990 }
1991 if (ref ($cgiparams{'FH'}) ne 'Fh') {
1992 $errormessage = $Lang::tr{'there was no file upload'};
1993 goto VPNCONF_ERROR;
1994 }
1995 (my $fh, my $filename) = tempfile( );# Move uploaded certificate to a temporary file
1996 if (copy ($cgiparams{'FH'}, $fh) != 1) {
1997 $errormessage = $!;
1998 goto VPNCONF_ERROR;
1999 }
2000 my $validca = 0;# Verify the certificate has a valid CA and move it
2001 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/cacert.pem $filename`;
2002 if ($test =~ /: OK/) {
2003 $validca = 1;
2004 } else {
2005 foreach my $key (keys %cahash) {
2006 $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem $filename`;
2007 if ($test =~ /: OK/) {
2008 $validca = 1;
2009 }
2010 }
2011 }
2012 if (! $validca) {
2013 $errormessage = $Lang::tr{'certificate does not have a valid ca associated with it'};
2014 unlink ($filename);
2015 goto VPNCONF_ERROR;
2016 } else {
2017 move($filename, "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
2018 if ($? ne 0) {
2019 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
2020 unlink ($filename);
2021 goto VPNCONF_ERROR;
2022 }
2023 }
2024 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
2025 $temp =~ /Subject:.*CN=(.*)[\n]/;
2026 $temp = $1;
2027 $temp =~ s+/Email+, E+;
2028 $temp =~ s/ ST=/ S=/;
2029 $cgiparams{'CERT_NAME'} = $temp;
2030 $cgiparams{'CERT_NAME'} =~ s/,//g;
2031 $cgiparams{'CERT_NAME'} =~ s/\'//g;
2032 if ($cgiparams{'CERT_NAME'} eq '') {
2033 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
2034 $errormessage = $Lang::tr{'could not retrieve common name from certificate'};
2035 goto VPNCONF_ERROR;
2036 }
2037 } elsif ($cgiparams{'AUTH'} eq 'certgen'){
2038 if ($cgiparams{'KEY'}) {
2039 $errormessage = $Lang::tr{'cant change certificates'};
2040 goto VPNCONF_ERROR;
2041 }
2042 if (length($cgiparams{'CERT_NAME'}) >60) {# Validate input since the form was submitted
2043 $errormessage = $Lang::tr{'name too long'};
2044 goto VPNCONF_ERROR;
2045 }
2046 if ($cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
2047 $errormessage = $Lang::tr{'invalid input for name'};
2048 goto VPNCONF_ERROR;
2049 }
2050 if ($cgiparams{'CERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'CERT_EMAIL'}))) {
2051 $errormessage = $Lang::tr{'invalid input for e-mail address'};
2052 goto VPNCONF_ERROR;
2053 }
2054 if (length($cgiparams{'CERT_EMAIL'}) > 40) {
2055 $errormessage = $Lang::tr{'e-mail address too long'};
2056 goto VPNCONF_ERROR;
2057 }
2058 if ($cgiparams{'CERT_OU'} ne '' && $cgiparams{'CERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
2059 $errormessage = $Lang::tr{'invalid input for department'};
2060 goto VPNCONF_ERROR;
2061 }
2062 if (length($cgiparams{'CERT_ORGANIZATION'}) >60) {
2063 $errormessage = $Lang::tr{'organization too long'};
2064 goto VPNCONF_ERROR;
2065 }
2066 if ($cgiparams{'CERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
2067 $errormessage = $Lang::tr{'invalid input for organization'};
2068 goto VPNCONF_ERROR;
2069 }
2070 if ($cgiparams{'CERT_CITY'} ne '' && $cgiparams{'CERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
2071 $errormessage = $Lang::tr{'invalid input for city'};
2072 goto VPNCONF_ERROR;
2073 }
2074 if ($cgiparams{'CERT_STATE'} ne '' && $cgiparams{'CERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
2075 $errormessage = $Lang::tr{'invalid input for state or province'};
2076 goto VPNCONF_ERROR;
2077 }
2078 if ($cgiparams{'CERT_COUNTRY'} !~ /^[A-Z]*$/) {
2079 $errormessage = $Lang::tr{'invalid input for country'};
2080 goto VPNCONF_ERROR;
2081 }
2082 if ($cgiparams{'CERT_PASS1'} ne '' && $cgiparams{'CERT_PASS2'} ne ''){
2083 if (length($cgiparams{'CERT_PASS1'}) < 5) {
2084 $errormessage = $Lang::tr{'password too short'};
2085 goto VPNCONF_ERROR;
2086 }
2087 }
2088 if ($cgiparams{'CERT_PASS1'} ne $cgiparams{'CERT_PASS2'}) {
2089 $errormessage = $Lang::tr{'passwords do not match'};
2090 goto VPNCONF_ERROR;
2091 }
2092 (my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./;# Replace empty strings with a .
2093 (my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./;
2094 (my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/\./;
2095 my $pid = open(OPENSSL, "|-");# Create the Host certificate request client
2096 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto VPNCONF_ERROR;};
2097 if ($pid) { # parent
2098 print OPENSSL "$cgiparams{'CERT_COUNTRY'}\n";
2099 print OPENSSL "$state\n";
2100 print OPENSSL "$city\n";
2101 print OPENSSL "$cgiparams{'CERT_ORGANIZATION'}\n";
2102 print OPENSSL "$ou\n";
2103 print OPENSSL "$cgiparams{'CERT_NAME'}\n";
2104 print OPENSSL "$cgiparams{'CERT_EMAIL'}\n";
2105 print OPENSSL ".\n";
2106 print OPENSSL ".\n";
2107 close (OPENSSL);
2108 if ($?) {
2109 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
2110 unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}key.pem");
2111 unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}req.pem");
2112 goto VPNCONF_ERROR;
2113 }
2114 } else { # child
2115 unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
2116 '-newkey', 'rsa:1024',
2117 '-keyout', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
2118 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
2119 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
2120 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
2121 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
2122 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
2123 goto VPNCONF_ERROR;
2124 }
2125 }
2126 # Sign the host certificate request
2127 system('/usr/bin/openssl', 'ca', '-days', '999999',
2128 '-batch', '-notext',
2129 '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
2130 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
2131 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf");
2132 if ($?) {
2133 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
2134 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
2135 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
2136 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
2137 &Ovpnfunc::newcleanssldatabase();
2138 goto VPNCONF_ERROR;
2139 } else {
2140 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
2141 &Ovpnfunc::deletebackupcert();
2142 }
2143 # Create the pkcs12 file
2144 system('/usr/bin/openssl', 'pkcs12', '-export',
2145 '-inkey', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
2146 '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
2147 '-name', $cgiparams{'NAME'},
2148 '-passout', "pass:$cgiparams{'CERT_PASS1'}",
2149 '-certfile', "${General::swroot}/ovpn/ca/cacert.pem",
2150 '-caname', "$vpnsettings{'ROOTCERT_ORGANIZATION'} CA",
2151 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12");
2152 if ($?) {
2153 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
2154 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
2155 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
2156 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12");
2157 goto VPNCONF_ERROR;
2158 } else {
2159 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
2160 }
2161 } elsif ($cgiparams{'AUTH'} eq 'cert') {
2162 ;# Nothing, just editing
2163 } else {
2164 $errormessage = $Lang::tr{'invalid input for authentication method'};
2165 goto VPNCONF_ERROR;
2166 }
2167 if ((! $cgiparams{'KEY'}) && ($cgiparams{'AUTH'} ne 'psk')) {# Check if there is no other entry with this common name
2168 foreach my $key (keys %confighash) {
2169 if ($confighash{$key}[2] eq $cgiparams{'CERT_NAME'}) {
2170 $errormessage = $Lang::tr{'a connection with this common name already exists'};
2171 goto VPNCONF_ERROR;
2172 }
2173 }
2174 }
2175
2176 my $key = $cgiparams{'KEY'};# Save the config
2177 if (! $key) {
2178 $key = &General::findhasharraykey (\%confighash);
2179 foreach my $i (0 .. 42) { $confighash{$key}[$i] = "";}
2180 }
2181 $confighash{$key}[0] = $cgiparams{'ENABLED'};
2182 $confighash{$key}[1] = $cgiparams{'NAME'};
2183 if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') {
2184 $confighash{$key}[2] = $cgiparams{'CERT_NAME'};
2185 }
2186 $confighash{$key}[3] = $cgiparams{'TYPE'};
2187 if ($cgiparams{'AUTH'} eq 'psk') {
2188 $confighash{$key}[4] = 'psk';
2189 $confighash{$key}[5] = $cgiparams{'PSK'};
2190 } else {
2191 $confighash{$key}[4] = 'cert';
2192 }
2193 if ($cgiparams{'TYPE'} eq 'net') {
2194 $confighash{$key}[6] = $cgiparams{'SIDE'};
2195 $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
2196 if ( $cgiparams{'SIDE'} eq 'client') {
2197 $confighash{$key}[19] = 'yes';
2198 } else{
2199 $confighash{$key}[19] = 'no';
2200 }
2201 }
2202 $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
2203 $confighash{$key}[10] = $cgiparams{'REMOTE'};
2204 $confighash{$key}[25] = $cgiparams{'REMARK'};
2205 $confighash{$key}[12] = $cgiparams{'INTERFACE'};
2206 $confighash{$key}[13] = $cgiparams{'OVPN_SUBNET'};# new fields
2207 $confighash{$key}[14] = $cgiparams{'PROTOCOL'};
2208 $confighash{$key}[15] = $cgiparams{'DEST_PORT'};
2209 $confighash{$key}[16] = $cgiparams{'COMPLZO'};
2210 $confighash{$key}[17] = $cgiparams{'MTU'};
2211 $confighash{$key}[18] = $cgiparams{'N2NVPN_IP'};# new fileds
2212 $confighash{$key}[19] = $cgiparams{'ZERINA_CLIENT'};# new fileds
2213 $confighash{$key}[20] = $cgiparams{'CIPHER'};
2214
2215 #default n2n advanced
2216 $confighash{$key}[26] = '10';#keepalive ping
2217 $confighash{$key}[27] = '60';#keepalive restart
2218 $confighash{$key}[28] = '0';#nice
2219 $confighash{$key}[42] = '3';#verb
2220 #default n2n advanced
2221 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2222 &Ovpnfunc::writenet2netconf($key,$zerinaclient);
2223 #ppp
2224 my $n2nactive = `/bin/ps ax|grep $cgiparams{'NAME'}.conf|grep -v grep|awk \'{print \$1}\'`;
2225 if ($cgiparams{'ENABLED'}) {
2226 if ($n2nactive eq ''){
2227 system('/usr/local/bin/openvpnctrl', '-sn2n', $cgiparams{'NAME'});
2228 } else {
2229 system('/usr/local/bin/openvpnctrl', '-kn2n', $n2nactive);
2230 system('/usr/local/bin/openvpnctrl', '-sn2n', $cgiparams{'NAME'});
2231 }
2232 } else {
2233 if ($n2nactive ne ''){
2234 system('/usr/local/bin/openvpnctrl', '-kn2n', $cgiparams{'NAME'});
2235 }
2236 }
2237 if ($cgiparams{'EDIT_ADVANCED'} eq 'on') {
2238 $cgiparams{'KEY'} = $key;
2239 $cgiparams{'ACTION'} = $Lang::tr{'advanced'};
2240 }
2241 goto VPNCONF_END;
2242 } else {
2243 $cgiparams{'ENABLED'} = 'on';
2244 if ($cgiparams{'ZERINA_CLIENT'} eq ''){
2245 $cgiparams{'ZERINA_CLIENT'} = 'no';
2246 }
2247 if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) {
2248 $cgiparams{'AUTH'} = 'psk';
2249 } elsif ( ! -f "${General::swroot}/ovpn/ca/cacert.pem") {
2250 $cgiparams{'AUTH'} = 'certfile';
2251 } else {
2252 $cgiparams{'AUTH'} = 'certgen';
2253 }
2254 $cgiparams{'LOCAL_SUBNET'} ="$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
2255 $cgiparams{'CERT_ORGANIZATION'} = $vpnsettings{'ROOTCERT_ORGANIZATION'};
2256 $cgiparams{'CERT_CITY'} = $vpnsettings{'ROOTCERT_CITY'};
2257 $cgiparams{'CERT_STATE'} = $vpnsettings{'ROOTCERT_STATE'};
2258 $cgiparams{'CERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'};
2259 }
2260 VPNCONF_ERROR:
2261 # n2n default settings
2262 if ($cgiparams{'CIPHER'} eq '') {
2263 $cgiparams{'CIPHER'} = 'BF-CBC';
2264 }
2265 if ($cgiparams{'MTU'} eq '') {
2266 $cgiparams{'MTU'} = '1400';
2267 }
2268 if ($cgiparams{'OVPN_SUBNET'} eq '') {
2269 $cgiparams{'OVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
2270 }
2271 #n2n default settings
2272 $checked{'ENABLED'}{'off'} = '';
2273 $checked{'ENABLED'}{'on'} = '';
2274 $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
2275 $checked{'ENABLED_BLUE'}{'off'} = '';
2276 $checked{'ENABLED_BLUE'}{'on'} = '';
2277 $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED';
2278 $checked{'ENABLED_ORANGE'}{'off'} = '';
2279 $checked{'ENABLED_ORANGE'}{'on'} = '';
2280 $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
2281 $checked{'EDIT_ADVANCED'}{'off'} = '';
2282 $checked{'EDIT_ADVANCED'}{'on'} = '';
2283 $checked{'EDIT_ADVANCED'}{$cgiparams{'EDIT_ADVANCED'}} = 'CHECKED';
2284 $selected{'SIDE'}{'server'} = '';
2285 $selected{'SIDE'}{'client'} = '';
2286 $selected{'SIDE'}{$cgiparams{'SIDE'}} = 'SELECTED';
2287
2288# $selected{'DDEVICE'}{'tun'} = '';
2289# $selected{'DDEVICE'}{'tap'} = '';
2290# $selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED';
2291
2292 $selected{'PROTOCOL'}{'udp'} = '';
2293 $selected{'PROTOCOL'}{'tcp'} = '';
2294 $selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = 'SELECTED';
2295
2296 $checked{'AUTH'}{'psk'} = '';
2297 $checked{'AUTH'}{'certreq'} = '';
2298 $checked{'AUTH'}{'certgen'} = '';
2299 $checked{'AUTH'}{'certfile'} = '';
2300 $checked{'AUTH'}{$cgiparams{'AUTH'}} = 'CHECKED';
2301 $selected{'INTERFACE'}{$cgiparams{'INTERFACE'}} = 'SELECTED';
2302 $checked{'COMPLZO'}{'off'} = '';
2303 $checked{'COMPLZO'}{'on'} = '';
2304 $checked{'COMPLZO'}{$cgiparams{'COMPLZO'}} = 'CHECKED';
2305 $selected{'CIPHER'}{'DES-CBC'} = '';
2306 $selected{'CIPHER'}{'DES-EDE-CBC'} = '';
2307 $selected{'CIPHER'}{'DES-EDE3-CBC'} = '';
2308 $selected{'CIPHER'}{'DESX-CBC'} = '';
2309 $selected{'CIPHER'}{'RC2-CBC'} = '';
2310 $selected{'CIPHER'}{'RC2-40-CBC'} = '';
2311 $selected{'CIPHER'}{'RC2-64-CBC'} = '';
2312 $selected{'CIPHER'}{'BF-CBC'} = '';
2313 $selected{'CIPHER'}{'CAST5-CBC'} = '';
2314 $selected{'CIPHER'}{'AES-128-CBC'} = '';
2315 $selected{'CIPHER'}{'AES-192-CBC'} = '';
2316 $selected{'CIPHER'}{'AES-256-CBC'} = '';
2317 $selected{'CIPHER'}{$cgiparams{'CIPHER'}} = 'SELECTED';
2318
2319 if (1) {
2320 &Header::showhttpheaders();
2321 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
2322 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
2323 if ($errormessage) {
2324 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2325 print "<class name='base'>$errormessage";
2326 print "&nbsp;</class>";
2327 &Header::closebox();
2328 }
2329 if ($warnmessage) {
2330 &Header::openbox('100%', 'LEFT', "$Lang::tr{'warning messages'}:");
2331 print "<class name='base'>$warnmessage";
2332 print "&nbsp;</class>";
2333 &Header::closebox();
2334 }
2335 print "<form method='post' enctype='multipart/form-data'>";
2336 print "<input type='hidden' name='TYPE' value='$cgiparams{'TYPE'}' />";
2337 print "<input type='hidden' name='ZERINA_CLIENT' value='$cgiparams{'ZERINA_CLIENT'}' />";
2338 if ($cgiparams{'KEY'}) {
2339 print "<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />";
2340 print "<input type='hidden' name='AUTH' value='$cgiparams{'AUTH'}' />";
6e13d0a5
MT		 2341 }
2342 &Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:");
2343 print "<table width='100%'>\n";
2344 print "<tr><td width='25%' class='boldbase'>$Lang::tr{'name'}:</td>";
2345 if ($cgiparams{'TYPE'} eq 'host') {
2346 if ($cgiparams{'KEY'}) {
2347 print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>\n";
2348 } else {
2349 print "<td width='35%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' size='30' /></td>";
2350 }
2351 } else {
2352 print "<input type='hidden' name='INTERFACE' value='red' />";
2353 if ($cgiparams{'KEY'}) {
2354 print "<td width='25%' class='base' nowrap='nowrap'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
2355 } else {
2356 print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>";
2357 }
2358 print "<!-- net2net config gui -->";
2359 print "<td width='25%'>&nbsp;</td>";
2360 print "<td width='25%'>&nbsp;</td></tr>";
2361 if ((($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) && ($cgiparams{'ZERINA_CLIENT'} eq 'no')) ||
2362 (($cgiparams{'ACTION'} eq $Lang::tr{'save'}) && ($cgiparams{'ZERINA_CLIENT'} eq 'no')) ||
2363 (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'ZERINA_CLIENT'} eq 'no'))) {
2364 print "<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td>";
2365 print "<td><select name='SIDE'><option value='server' $selected{'SIDE'}{'server'}>OpenVPN Server</option>";
2366 print "<option value='client' $selected{'SIDE'}{'client'}>OpenVPN Client</option></select></td>";
2367 print "<tr><td class='base' nowrap='nowrap'>$Lang::tr{'local vpn hostname/ip'}:</td>";
2368 print "<td><input type='text' name='N2NVPN_IP' value='$cgiparams{'N2NVPN_IP'}' size='30' /></td>";
2369 print "<td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>";
2370 } else {
2371 print "<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td>";
2372 print "<td>$cgiparams{'SIDE'}</td><input type='hidden' name='SIDE' value='$cgiparams{'SIDE'}' />";
2373 print "<td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>";
2374 }
2375 print "<td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td></tr>";
2376 print "<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>";
2377 print "<td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td>";
2378 print "<td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td>";
2379 print "<td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td></tr>";
2380 print "<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td>";
2381 print "<td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td></tr>";
2382 print "<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>";
2383 print "<td><select name='PROTOCOL'><option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>";
2384 print "<option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>";
2385 print "<td class='boldbase'>$Lang::tr{'destination port'}:</td>";
2386 print "<td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td></tr>";
2387 print "<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>";
2388 print "<td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>";
2389 print "<td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>";
2390 print "<td><select name='CIPHER'><option value='DES-CBC' $selected{'CIPHER'}{'DES-CBC'}>DES-CBC</option>";
2391 print "<option value='DES-EDE-CBC' $selected{'CIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC</option>";
2392 print "<option value='DES-EDE3-CBC' $selected{'CIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC</option>";
2393 print "<option value='DESX-CBC' $selected{'CIPHER'}{'DESX-CBC'}>DESX-CBC</option>";
2394 print "<option value='RC2-CBC' $selected{'CIPHER'}{'RC2-CBC'}>RC2-CBC</option>";
2395 print "<option value='RC2-40-CBC' $selected{'CIPHER'}{'RC2-40-CBC'}>RC2-40-CBC</option>";
2396 print "<option value='RC2-64-CBC' $selected{'CIPHER'}{'RC2-64-CBC'}>RC2-64-CBC</option>";
2397 print "<option value='BF-CBC' $selected{'CIPHER'}{'BF-CBC'}>BF-CBC</option>";
2398 print "<option value='CAST5-CBC' $selected{'CIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>";
2399 print "<option value='AES-128-CBC' $selected{'CIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>";
2400 print "<option value='AES-192-CBC' $selected{'CIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>";
2401 print "<option value='AES-256-CBC' $selected{'CIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td>";
2402 print "<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;</td>";
2403 print "<td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></TD>";
2404 }
2405 print "<tr><td class='boldbase'>$Lang::tr{'remark title'}&nbsp;<img src='/blob.gif' /></td>";
2406 print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr>";
2407# if ($cgiparams{'TYPE'} eq 'net') {
2408 print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>\n";
2409
2410 if ($cgiparams{'TYPE'} eq 'host') {
2411 print "<td colspan='3'>&nbsp;</td></tr></table>";
2412 } elsif ($cgiparams{'ACTION'} ne $Lang::tr{'edit'}){
2413 print "<td colspan='3'><input type='checkbox' name='EDIT_ADVANCED' $checked{'EDIT_ADVANCED'}{'on'}/> $Lang::tr{'edit advanced settings when done'}</tr></table>";
2414 } else {
2415 print "<td colspan='3'></tr></table>";
2416 }
2417
2418
2419 &Header::closebox();
2420 if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') {
2421 ;#we dont have psk
2422 } elsif (! $cgiparams{'KEY'}) {
2423 my $disabled='';
2424 my $cakeydisabled='';
2425 my $cacrtdisabled='';
2426 if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" };
2427 if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" };
2428 &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'});
2429 print <<END
2430 <table width='100%' cellpadding='0' cellspacing='5' border='0'>
2431 <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr>
2432 <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td>
2433 <td class='base'>$Lang::tr{'upload a certificate request'}</td>
2434 <td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr>
2435 <tr><td><input type='radio' name='AUTH' value='certfile' $checked{'AUTH'}{'certfile'} $cacrtdisabled /></td>
2436 <td class='base'>$Lang::tr{'upload a certificate'}</td></tr>
2437 <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' BORDER='0' /></td></tr>
2438 <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td>
2439 <td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
2440 <tr><td>&nbsp;</td>
2441 <td class='base'>$Lang::tr{'users fullname or system hostname'}:</td>
2442 <td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
2443 <tr><td>&nbsp;</td>
2444 <td class='base'>$Lang::tr{'users email'}:&nbsp;<img src='/blob.gif' /></td>
2445 <td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
2446 <tr><td>&nbsp;</td>
2447 <td class='base'>$Lang::tr{'users department'}:&nbsp;<img src='/blob.gif' /></td>
2448 <td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
2449 <tr><td>&nbsp;</td>
2450 <td class='base'>$Lang::tr{'organization name'}:&nbsp;<img src='/blob.gif' /></td>
2451 <td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
2452 <tr><td>&nbsp;</td>
2453 <td class='base'>$Lang::tr{'city'}:&nbsp;<img src='/blob.gif'></td>
2454 <td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
2455 <tr><td>&nbsp;</td>
2456 <td class='base'>$Lang::tr{'state or province'}:&nbsp;<img src='/blob.gif' /></td>
2457 <td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
2458 <tr><td>&nbsp;</td>
2459 <td class='base'>$Lang::tr{'country'}:</td>
2460 <td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
2461END
2462 ;
2463 foreach my $country (sort keys %{Countries::countries}) {
2464 print "<option value='$Countries::countries{$country}'";
2465 if ( $Countries::countries{$country} eq $cgiparams{'CERT_COUNTRY'} ) {
2466 print " selected='selected'";
2467 }
2468 print ">$country</option>";
2469 }
2470 print <<END
2471 </select></td></tr>
2472 <tr><td>&nbsp;</td>
2473 <td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
2474 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value='$cgiparams{'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr>
2475 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'pkcs12 file password'}:<BR>($Lang::tr{'confirmation'})</td>
2476 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr>
2477 </table>
2478END
2479 ;
2480 &Header::closebox();
2481 }
2482 print "<div align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
2483 if ($cgiparams{'KEY'}) {
bb89e92a
MT		 2484 if ($cgiparams{'TYPE'} ne 'host') {
2485 print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced'}' />";
2486 }
6e13d0a5
MT		 2487 }
2488 print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>";
2489 &Header::closebigbox();
2490 &Header::closepage();
2491 exit (0);
2492 }
2493 VPNCONF_END:
2494}
2495###
2496### Advanced settings
2497###
2498if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
2499 ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq 'yes')) {
2500 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2501 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2502
2503 if (! $confighash{$cgiparams{'KEY'}}) {
2504 $errormessage = $Lang::tr{'invalid key'};
2505 goto ADVANCED_END;
2506 }
2507 #n2n advanced error
2508 if ($cgiparams{'KEEPALIVE_1'} ne '') {
2509 if ($cgiparams{'KEEPALIVE_1'} !~ /^[0-9]+$/) {
2510 $errormessage = $Lang::tr{'invalid input for keepalive 1'};
2511 goto ADVANCED_ERROR;
2512 }
2513 }
2514 if ($cgiparams{'KEEPALIVE_2'} ne ''){
2515 if ($cgiparams{'KEEPALIVE_2'} !~ /^[0-9]+$/) {
2516 $errormessage = $Lang::tr{'invalid input for keepalive 2'};
2517 goto ADVANCED_ERROR;
2518 }
2519 }
2520 if ($cgiparams{'KEEPALIVE_2'} < ($cgiparams{'KEEPALIVE_1'} * 2)){
2521 $errormessage = $Lang::tr{'invalid input for keepalive 1:2'};
2522 goto ADVANCED_ERROR;
2523 }
2524 if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
2525# if ($cgiparams{'NAT'} !~ /^(on|off)$/) {
2526# $errormessage = $Lang::tr{'invalid input'};
2527# goto ADVANCED_ERROR;
2528# }
2529 #n2n advanced error
2530 #cgi an config
2531 $confighash{$cgiparams{'KEY'}}[26] = $cgiparams{'KEEPALIVE_1'};
2532 $confighash{$cgiparams{'KEY'}}[27] = $cgiparams{'KEEPALIVE_2'};
2533 $confighash{$cgiparams{'KEY'}}[28] = $cgiparams{'EXTENDED_NICE'};
2534 $confighash{$cgiparams{'KEY'}}[29] = $cgiparams{'EXTENDED_FASTIO'};
2535 $confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'EXTENDED_MTUDISC'};
2536 $confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'EXTENDED_MSSFIX'};
2537 $confighash{$cgiparams{'KEY'}}[32] = $cgiparams{'EXTENDED_FRAGMENT'};
2538 $confighash{$cgiparams{'KEY'}}[33] = $cgiparams{'PROXY_HOST'};
2539 $confighash{$cgiparams{'KEY'}}[34] = $cgiparams{'PROXY_PORT'};
2540 $confighash{$cgiparams{'KEY'}}[35] = $cgiparams{'PROXY_USERNAME'};
2541 $confighash{$cgiparams{'KEY'}}[36] = $cgiparams{'PROXY_PASS'};
2542 $confighash{$cgiparams{'KEY'}}[37] = $cgiparams{'PROXY_AUTH_METHOD'};
2543 $confighash{$cgiparams{'KEY'}}[38] = $cgiparams{'http-proxy-retry'};
2544 $confighash{$cgiparams{'KEY'}}[39] = $cgiparams{'PROXY_TIMEOUT'};
2545 $confighash{$cgiparams{'KEY'}}[40] = $cgiparams{'PROXY_OPT_VERSION'};
2546 $confighash{$cgiparams{'KEY'}}[41] = $cgiparams{'PROXY_OPT_AGENT'};
2547 $confighash{$cgiparams{'KEY'}}[42] = $cgiparams{'LOG_VERB'};
2548 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2549 &Ovpnfunc::writenet2netconf($cgiparams{'KEY'},$zerinaclient);
2550 # restart n2n after advanced save ?
2551 goto ADVANCED_END;
2552 } else {
2553 $cgiparams{'KEEPALIVE_1'} = $confighash{$cgiparams{'KEY'}}[26];
2554 $cgiparams{'KEEPALIVE_2'} = $confighash{$cgiparams{'KEY'}}[27];
2555 $cgiparams{'EXTENDED_NICE'} = $confighash{$cgiparams{'KEY'}}[28];
2556 $cgiparams{'EXTENDED_FASTIO'} = $confighash{$cgiparams{'KEY'}}[29];
2557 $cgiparams{'EXTENDED_MTUDISC'} = $confighash{$cgiparams{'KEY'}}[30];
2558 $cgiparams{'EXTENDED_MSSFIX'} = $confighash{$cgiparams{'KEY'}}[31];
2559 $cgiparams{'EXTENDED_FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[32];
2560 $cgiparams{'PROXY_HOST'} = $confighash{$cgiparams{'KEY'}}[33];
2561 $cgiparams{'PROXY_PORT'} = $confighash{$cgiparams{'KEY'}}[34];
2562 $cgiparams{'PROXY_USERNAME'} = $confighash{$cgiparams{'KEY'}}[35];
2563 $cgiparams{'PROXY_PASS'} = $confighash{$cgiparams{'KEY'}}[36];
2564 $cgiparams{'PROXY_AUTH_METHOD'} = $confighash{$cgiparams{'KEY'}}[37];
2565 $cgiparams{'http-proxy-retry'} = $confighash{$cgiparams{'KEY'}}[38];
2566 $cgiparams{'PROXY_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[39];
2567 $cgiparams{'PROXY_OPT_VERSION'} = $confighash{$cgiparams{'KEY'}}[40];
2568 $cgiparams{'PROXY_OPT_AGENT'} = $confighash{$cgiparams{'KEY'}}[41];
2569 $cgiparams{'LOG_VERB'} = $confighash{$cgiparams{'KEY'}}[42];
2570 #cgi an config
2571 }
2572 ADVANCED_ERROR:
2573 #Schalter setzen
2574 $selected{'EXTENDED_NICE'}{'-13'} = '';
2575 $selected{'EXTENDED_NICE'}{'-10'} = '';
2576 $selected{'EXTENDED_NICE'}{'-7'} = '';
2577 $selected{'EXTENDED_NICE'}{'-3'} = '';
2578 $selected{'EXTENDED_NICE'}{'0'} = '';
2579 $selected{'EXTENDED_NICE'}{'3'} = '';
2580 $selected{'EXTENDED_NICE'}{'7'} = '';
2581 $selected{'EXTENDED_NICE'}{'10'} = '';
2582 $selected{'EXTENDED_NICE'}{'13'} = '';
2583 $selected{'EXTENDED_NICE'}{$cgiparams{'EXTENDED_NICE'}} = 'SELECTED';
2584 $checked{'EXTENDED_FASTIO'}{'off'} = '';
2585 $checked{'EXTENDED_FASTIO'}{'on'} = '';
2586 $checked{'EXTENDED_FASTIO'}{$cgiparams{'EXTENDED_FASTIO'}} = 'CHECKED';
2587 $checked{'EXTENDED_MTUDISC'}{'off'} = '';
2588 $checked{'EXTENDED_MTUDISC'}{'on'} = '';
2589 $checked{'EXTENDED_MTUDISC'}{$cgiparams{'EXTENDED_MTUDISC'}} = 'CHECKED';
2590 $selected{'LOG_VERB'}{'1'} = '';
2591 $selected{'LOG_VERB'}{'2'} = '';
2592 $selected{'LOG_VERB'}{'3'} = '';
2593 $selected{'LOG_VERB'}{'4'} = '';
2594 $selected{'LOG_VERB'}{'5'} = '';
2595 $selected{'LOG_VERB'}{'6'} = '';
2596 $selected{'LOG_VERB'}{'7'} = '';
2597 $selected{'LOG_VERB'}{'8'} = '';
2598 $selected{'LOG_VERB'}{'9'} = '';
2599 $selected{'LOG_VERB'}{'10'} = '';
2600 $selected{'LOG_VERB'}{'11'} = '';
2601 $selected{'LOG_VERB'}{'0'} = '';
2602 $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
2603 $selected{'PROXY_AUTH_METHOD'}{'none'} = '';
2604 $selected{'PROXY_AUTH_METHOD'}{'basic'} = '';
2605 $selected{'PROXY_AUTH_METHOD'}{'ntlm'} = '';
2606 $selected{'PROXY_AUTH_METHOD'}{$cgiparams{'PROXY_AUTH_METHOD'}} = 'SELECTED';
2607 $checked{'PROXY_RETRY'}{'off'} = '';
2608 $checked{'PROXY_RETRY'}{'on'} = '';
2609 $checked{'PROXY_RETRY'}{$cgiparams{'PROXY_RETRY'}} = 'CHECKED';
2610 #Schalter setzen
2611 &Header::showhttpheaders();
2612 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
2613 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
2614
2615 if ($errormessage) {
2616 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2617 print "<class name='base'>$errormessage";
2618 print "&nbsp;</class>";
2619 &Header::closebox();
2620 }
2621
2622 if ($warnmessage) {
2623 &Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'});
2624 print "<class name='base'>$warnmessage";
2625 print "&nbsp;</class>";
2626 &Header::closebox();
2627 }
2628
2629 print "<form method='post' enctype='multipart/form-data'>\n";
2630 print "<input type='hidden' name='ADVANCED' value='yes' />\n";
2631 print "<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />\n";
2632
2633 &Header::openbox('100%', 'LEFT', "$Lang::tr{'advanced'}:");
2634 print <<EOF
2635 <form method='post' enctype='multipart/form-data'>
2636 <table width='100%'>
2637 <tr>
2638 <td class'base'><b>$Lang::tr{'misc-options'}</b></td>
2639 </tr>
2640 <tr>
2641 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
2642 </tr>
2643 <td class='base'>Keppalive (ping/ping-restart)</td>
2644 <td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='30' /></td>
2645 <td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='30' /></td>
2646 </tr>
2647 </tr>
2648 <tr>
2649 <td class='base'>$Lang::tr{'ovpn_processprio'}</td>
2650 <td>
2651 <select name='EXTENDED_NICE' disabled='disabled'>
2652 <option value='-13' $selected{'EXTENDED_NICE'}{'-13'}>$Lang::tr{'ovpn_processprioEH'}</option>
2653 <option value='-10' $selected{'EXTENDED_NICE'}{'-10'}>$Lang::tr{'ovpn_processprioVH'}</option>
2654 <option value='-7' $selected{'EXTENDED_NICE'}{'-7'}>$Lang::tr{'ovpn_processprioH'}</option>
2655 <option value='-3' $selected{'EXTENDED_NICE'}{'-3'}>$Lang::tr{'ovpn_processprioEN'}</option>
2656 <option value='0' $selected{'EXTENDED_NICE'}{'0'}>$Lang::tr{'ovpn_processprioN'}</option>
2657 <option value='3' $selected{'EXTENDED_NICE'}{'3'}>$Lang::tr{'ovpn_processprioLN'}</option>
2658 <option value='7' $selected{'EXTENDED_NICE'}{'7'}>$Lang::tr{'ovpn_processprioD'}</option>
2659 <option value='10' $selected{'EXTENDED_NICE'}{'10'}>$Lang::tr{'ovpn_processprioVD'}</option>
2660 <option value='13' $selected{'EXTENDED_NICE'}{'13'}>$Lang::tr{'ovpn_processprioED'}</option>
2661 </select>
2662 </td>
2663 </tr>
2664 <tr>
2665 <td class='base'>$Lang::tr{'ovpn_fastio'}</td>
2666 <td>
2667 <input type='checkbox' name='EXTENDED_FASTIO' $checked{'EXTENDED_FASTIO'}{'on'} disabled='disabled'/>
2668 </td>
2669 </tr>
2670 <tr>
2671 <td class='base'>$Lang::tr{'ovpn_mtudisc'}</td>
2672 <td>
2673 <input type='checkbox' name='EXTENDED_MTUDISC' $checked{'EXTENDED_MTUDISC'}{'on'} disabled='disabled'/>
2674 </td>
2675 </tr>
2676 <tr>
2677 <td class='base'>$Lang::tr{'ovpn_mssfix'}</td>
2678 <td>
2679 <input type='TEXT' name='EXTENDED_MSSFIX' value='$cgiparams{'EXTENDED_MSSFIX'}' size='30' disabled='disabled'/>
2680 </td>
2681 </tr>
2682 <tr>
2683 <td class='base'>$Lang::tr{'ovpn_fragment'}</td>
2684 <td>
2685 <input type='TEXT' name='EXTENDED_FRAGMENT' value='$cgiparams{'EXTENDED_FRAGMENT'}' size='30' disabled='disabled'/>
2686 </td>
2687 </tr>
2688</table>
2689<hr size='1'>
2690 <table width='100%'>
2691 <tr>
2692 <td class'base'><b>$Lang::tr{'proxy'} $Lang::tr{'settings'}</b></td>
2693 </tr>
2694 <tr>
2695 <td width='25%'></td> <td width='25%'> </td><td width='25%'> </td><td width='25%'></td>
2696 </tr>
2697 <td class='base'>$Lang::tr{'proxy'} $Lang::tr{'host'}:</td>
2698 <td><input type='TEXT' name='PROXY_HOST' value='$cgiparams{'PROXY_HOST'}' size='30' disabled='disabled'/></td>
2699 <td class='base'>$Lang::tr{'proxy port'}:</td>
2700 <td><input type='TEXT' name='PROXY_PORT' value='$cgiparams{'PROXY_PORT'}' size='10' disabled='disabled'/></td>
2701 </tr>
2702 <tr>
2703 <td class='base'>$Lang::tr{'username'}</td>
2704 <td><input type='TEXT' name='PROXY_USERNAME' value='$cgiparams{'PROXY_USERNAME'}' size='30' disabled='disabled' /></td>
2705 <td class='base'>$Lang::tr{'password'}</td>
2706 <td><input type='TEXT' name='PROXY_PASS' value='$cgiparams{'PROXY_PASS'}' size='10' disabled='disabled'/></td>
2707 </tr>
2708 <tr>
2709 <td class='base'>$Lang::tr{'authentication'} $Lang::tr{'method'}</td>
2710 <td>
2711 <select name='PROXY_AUTH_METHOD' disabled='disabled'>
2712 <option value='none' $selected{'PROXY_AUTH_METHOD'}{'none'}>none</option>
2713 <option value='basic' $selected{'PROXY_AUTH_METHOD'}{'basic'}>basic</option>
2714 <option value='ntlm' $selected{'PROXY_AUTH_METHOD'}{'ntlm'}>ntlm</option>
2715 </select>
2716 </td>
2717 </tr>
2718 <tr>
2719 <td class='base'>http-proxy-retry</td>
2720 <td><input type='checkbox' name='PROXY_RETRY' $checked{'PROXY_RETRY'}{'on'} disabled='disabled' /></td>
2721 <td class='base'>http-proxy-timeout</td>
2722 <td><input type='TEXT' name='PROXY_TIMEOUT' value='$cgiparams{'PROXY_TIMEOUT'}' size='10' disabled='disabled'/></td>
2723 </tr>
2724 <td class='base'>http-proxy-option VERSION</td>
2725 <td><input type='TEXT' name='PROXY_OPT_VERSION' value='$cgiparams{'PROXY_OPT_VERSION'}' size='30' disabled='disabled'/></td>
2726 <td class='base'>http-proxy-option AGENT</td>
2727 <td><input type='TEXT' name='PROXY_OPT_AGENT' value='$cgiparams{'PROXY_OPT_AGENT'}' size='10' disabled='disabled'/></td>
2728 </tr>
2729</table>
2730<hr size='1'>
2731 <table width='100%'>
2732 <tr>
2733 <td class'base'><b>$Lang::tr{'log-options'}</b></td>
2734 </tr>
2735 <tr>
2736 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
2737 </tr>
2738 <tr><td class='base'>VERB</td>
2739 <td><select name='LOG_VERB'><option value='1' $selected{'LOG_VERB'}{'1'}>1</option>
2740 <option value='2' $selected{'LOG_VERB'}{'2'}>2</option>
2741 <option value='3' $selected{'LOG_VERB'}{'3'}>3</option>
2742 <option value='4' $selected{'LOG_VERB'}{'4'}>4</option>
2743 <option value='5' $selected{'LOG_VERB'}{'5'}>5</option>
2744 <option value='6' $selected{'LOG_VERB'}{'6'}>6</option>
2745 <option value='7' $selected{'LOG_VERB'}{'7'}>7</option>
2746 <option value='8' $selected{'LOG_VERB'}{'8'}>8</option>
2747 <option value='9' $selected{'LOG_VERB'}{'9'}>9</option>
2748 <option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
2749 <option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
2750 <option value='0' $selected{'LOG_VERB'}{'0'}>0</option></select></td>
2751 </tr>
2752</table>
2753</form>
2754EOF
2755 ;
2756 &Header::closebox();
2757 print "<div align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
2758 print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>";
2759 &Header::closebigbox();
2760 &Header::closepage();
2761 exit(0);
2762
2763 ADVANCED_END:
2764}
2765###
2766### Default status page
2767###
2768%cgiparams = ();
2769%cahash = ();
2770%confighash = ();
2771&General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
2772&General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
2773&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2774my @status = `/bin/cat /var/log/ovpnserver.log`;
2775if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
2776 if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
2777 my $ipaddr = <IPADDR>;
2778 close IPADDR;
2779 chomp ($ipaddr);
2780 $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
2781 if ($cgiparams{'VPN_IP'} eq '') {
2782 $cgiparams{'VPN_IP'} = $ipaddr;
2783 }
2784 }
2785}
2786#default setzen
2787if ($cgiparams{'DCIPHER'} eq '') {
2788 $cgiparams{'DCIPHER'} = 'BF-CBC';
2789}
2790# if ($cgiparams{'DCOMPLZO'} eq '') {
2791# $cgiparams{'DCOMPLZO'} = 'on';
2792# }
2793if ($cgiparams{'DDEST_PORT'} eq '') {
2794 $cgiparams{'DDEST_PORT'} = '1194';
2795}
2796if ($cgiparams{'DMTU'} eq '') {
2797 $cgiparams{'DMTU'} = '1400';
2798}
2799if ($cgiparams{'DOVPN_SUBNET'} eq '') {
2800 $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
2801}
2802$checked{'ENABLED'}{'off'} = '';
2803$checked{'ENABLED'}{'on'} = '';
2804$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
2805$checked{'ENABLED_BLUE'}{'off'} = '';
2806$checked{'ENABLED_BLUE'}{'on'} = '';
2807$checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED';
2808$checked{'ENABLED_ORANGE'}{'off'} = '';
2809$checked{'ENABLED_ORANGE'}{'on'} = '';
2810$checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
2811#new settings
2812$selected{'DDEVICE'}{'tun'} = '';
2813$selected{'DDEVICE'}{'tap'} = '';
2814$selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED';
2815$selected{'DPROTOCOL'}{'udp'} = '';
2816$selected{'DPROTOCOL'}{'tcp'} = '';
2817$selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
2818$selected{'DCIPHER'}{'DES-CBC'} = '';
2819$selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
2820$selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
2821$selected{'DCIPHER'}{'DESX-CBC'} = '';
2822$selected{'DCIPHER'}{'RC2-CBC'} = '';
2823$selected{'DCIPHER'}{'RC2-40-CBC'} = '';
2824$selected{'DCIPHER'}{'RC2-64-CBC'} = '';
2825$selected{'DCIPHER'}{'BF-CBC'} = '';
2826$selected{'DCIPHER'}{'CAST5-CBC'} = '';
2827$selected{'DCIPHER'}{'AES-128-CBC'} = '';
2828$selected{'DCIPHER'}{'AES-192-CBC'} = '';
2829$selected{'DCIPHER'}{'AES-256-CBC'} = '';
2830$selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
2831$checked{'DCOMPLZO'}{'off'} = '';
2832$checked{'DCOMPLZO'}{'on'} = '';
2833$checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
2834
2835#new settings
2836&Header::showhttpheaders();
2837&Header::openpage($Lang::tr{'status ovpn'}, 1, '');
2838&Header::openbigbox('100%', 'LEFT', '', $errormessage);
2839
2840if ($errormessage) {
2841 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2842 print "<class name='base'>$errormessage\n";
2843 print "&nbsp;</class>\n";
2844 &Header::closebox();
2845}
2846
2847my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
2848my $srunning = "no";
2849my $activeonrun = "";
2850if ( -e "/var/run/openvpn.pid"){
2851 $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'running'}</font></b></td></tr></table>";
2852 $srunning ="yes";
2853 $activeonrun = "";
2854} else {
2855 $activeonrun = "disabled='disabled'";
2856}
bb89e92a
MT		 2857#ufuk
2858#CERT
6e13d0a5 2859&Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}:");
bb89e92a
MT		 2860print "<div align='center'><strong>ZERINA-0.9.7a9</strong></div>";
2861print "&nbsp";
2862print <<EOF
6e13d0a5
MT		 2863<table width='100%' border='0' cellspacing='1' cellpadding='0'>
2864<tr>
2865 <td width='25%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td>
2866 <td width='65%' class='boldbase' align='center'><b>$Lang::tr{'subject'}</b></td>
2867 <td width='10%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></td>
2868</tr>
2869EOF
2870 ;
2871if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
2872 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
2873 $casubject =~ /Subject: (.*)[\n]/;
2874 $casubject = $1;
2875 $casubject =~ s+/Email+, E+;
2876 $casubject =~ s/ ST=/ S=/;
2877 print <<END
2878 <tr bgcolor='${Header::table2colour}'>
2879 <td class='base'>$Lang::tr{'root certificate'}</td>
2880 <td class='base'>$casubject</td>
2881 <form method='post' name='frmrootcrta'><td width='3%' align='center'>
2882 <input type='hidden' name='ACTION' value='$Lang::tr{'show root certificate'}' />
2883 <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show root certificate'}' title='$Lang::tr{'show root certificate'}' width='20' height='20' border='0' />
2884 </td></form>
2885 <form method='post' name='frmrootcrtb'><td width='3%' align='center'>
2886 <input type='image' name='$Lang::tr{'download root certificate'}' src='/images/floppy.gif' alt='$Lang::tr{'download root certificate'}' title='$Lang::tr{'download root certificate'}' border='0' />
2887 <input type='hidden' name='ACTION' value='$Lang::tr{'download root certificate'}' />
2888 </td></form>
2889 <td width='4%'>&nbsp;</td></tr>
2890END
2891 ;
2892} else {
2893 # display rootcert generation buttons
2894 print <<END
2895 <tr bgcolor='${Header::table2colour}'>
2896 <td class='base'>$Lang::tr{'root certificate'}:</td>
2897 <td class='base'>$Lang::tr{'not present'}</td>
2898 <td colspan='3'>&nbsp;</td></tr>
2899END
2900 ;
2901}
2902
2903if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
2904 my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
2905 $hostsubject =~ /Subject: (.*)[\n]/;
2906 $hostsubject = $1;
2907 $hostsubject =~ s+/Email+, E+;
2908 $hostsubject =~ s/ ST=/ S=/;
2909 print <<END
2910 <tr bgcolor='${Header::table1colour}'>
2911 <td class='base'>$Lang::tr{'host certificate'}</td>
2912 <td class='base'>$hostsubject</td>
2913 <form method='post' name='frmhostcrta'><td width='3%' align='center'>
2914 <input type='hidden' name='ACTION' value='$Lang::tr{'show host certificate'}' />
2915 <input type='image' name='$Lang::tr{'show host certificate'}' src='/images/info.gif' alt='$Lang::tr{'show host certificate'}' title='$Lang::tr{'show host certificate'}' width='20' height='20' border='0' />
2916 </td></form>
2917 <form method='post' name='frmhostcrtb'><td width='3%' align='center'>
2918 <input type='image' name='$Lang::tr{'download host certificate'}' src='/images/floppy.gif' alt='$Lang::tr{'download host certificate'}' title='$Lang::tr{'download host certificate'}' border='0' />
2919 <input type='hidden' name='ACTION' value='$Lang::tr{'download host certificate'}' />
2920 </td></form>
2921 <td width='4%'>&nbsp;</td></tr>
2922END
2923 ;
2924} else {
2925 # Nothing
2926 print <<END
2927 <tr bgcolor='${Header::table1colour}'>
2928 <td width='25%' class='base'>$Lang::tr{'host certificate'}:</td>
2929 <td class='base'>$Lang::tr{'not present'}</td>
2930 </td><td colspan='3'>&nbsp;</td></tr>
2931END
2932 ;
2933}
2934
2935if (! -f "${General::swroot}/ovpn/ca/cacert.pem") {
2936 print "<tr><td colspan='5' align='center'><form method='post'>";
2937 print "<input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' />";
2938 print "</form></td></tr>\n";
2939}
2940
2941if (keys %cahash > 0) {
2942 foreach my $key (keys %cahash) {
2943 if (($key + 1) % 2) {
2944 print "<tr bgcolor='${Header::table1colour}'>\n";
2945 } else {
2946 print "<tr bgcolor='${Header::table2colour}'>\n";
2947 }
2948 print "<td class='base'>$cahash{$key}[0]</td>\n";
2949 print "<td class='base'>$cahash{$key}[1]</td>\n";
2950 print <<END
2951 <form method='post' name='cafrm${key}a'><td align='center'>
2952 <input type='image' name='$Lang::tr{'show ca certificate'}' src='/images/info.gif' alt='$Lang::tr{'show ca certificate'}' title='$Lang::tr{'show ca certificate'}' border='0' />
2953 <input type='hidden' name='ACTION' value='$Lang::tr{'show ca certificate'}' />
2954 <input type='hidden' name='KEY' value='$key' />
2955 </td></form>
2956 <form method='post' name='cafrm${key}b'><td align='center'>
2957 <input type='image' name='$Lang::tr{'download ca certificate'}' src='/images/floppy.gif' alt='$Lang::tr{'download ca certificate'}' title='$Lang::tr{'download ca certificate'}' border='0' />
2958 <input type='hidden' name='ACTION' value='$Lang::tr{'download ca certificate'}' />
2959 <input type='hidden' name='KEY' value='$key' />
2960 </td></form>
2961 <form method='post' name='cafrm${key}c'><td align='center'>
2962 <input type='hidden' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
2963 <input type='image' name='$Lang::tr{'remove ca certificate'}' src='/images/delete.gif' alt='$Lang::tr{'remove ca certificate'}' title='$Lang::tr{'remove ca certificate'}' width='20' height='20' border='0' />
2964 <input type='hidden' name='KEY' value='$key' />
2965 </td></form></tr>
2966END
2967 ;
2968 }
2969}
2970print "</table>";
2971if ( -f "${General::swroot}/ovpn/ca/cacert.pem") {# If the file contains entries, print Key to action icons
2972 print <<END
2973 <table>
2974 <tr>
2975 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
2976 <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
2977 <td class='base'>$Lang::tr{'show certificate'}</td>
2978 <td>&nbsp; &nbsp; <img src='/images/floppy.gif' alt='$Lang::tr{'download certificate'}' /></td>
2979 <td class='base'>$Lang::tr{'download certificate'}</td>
2980 </tr>
2981 </table>
2982END
2983 ;
2984}
2985print <<END
2986<form method='post' enctype='multipart/form-data'>
2987<table width='100%' border='0' cellspacing='1' cellpadding='0'>
2988<tr><td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td>
2989<td nowrap='nowrap'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' />
2990<td nowrap='nowrap'><input type='file' name='FH' size='30' /></td>
2991<td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /></td>
2992<td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td>
2993</tr></table></form>
2994END
2995 ;
2996&Header::closebox();
2997if ( $srunning eq "yes" ) {
2998 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' disabled='disabled' /></div></form>\n";
2999}else{
3000 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' /></div></form>\n";
3001}
bb89e92a
MT		 3002#CERT
3003#RWSERVER
3004#&Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'});
3005&Header::openbox('100%', 'LEFT', 'Roadwarrior Server');
3006print <<END
3007<table width='100%'>
3008<form method='post'>
3009<td width='25%'>&nbsp;</td>
3010<td width='25%'>&nbsp;</td>
3011<td width='25%'>&nbsp;</td></tr>
3012<tr><td class='boldbase'>$Lang::tr{'ovpn server status'}</td>
3013<td align='left'>$sactive</td>
3014<tr><td class='boldbase'>$Lang::tr{'ovpn on red'}</td>
3015 <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
6e13d0a5 3016END
bb89e92a
MT		 3017;
3018if (&Ovpnfunc::haveBlueNet()) {
3019 print "<tr><td class='boldbase'>$Lang::tr{'ovpn on blue'}</td>";
3020 print "<td><input type='checkbox' name='ENABLED_BLUE' $checked{'ENABLED_BLUE'}{'on'} /></td>";
3021}
3022if (&Ovpnfunc::haveOrangeNet()) {
3023 print "<tr><td class='boldbase'>$Lang::tr{'ovpn on orange'}</td>";
3024 print "<td><input type='checkbox' name='ENABLED_ORANGE' $checked{'ENABLED_ORANGE'}{'on'} /></td>";
3025}
3026print <<END
3027<tr><td class='base' nowrap='nowrap'>$Lang::tr{'local vpn hostname/ip'}:</td>
3028 <td><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' size='30' /></td>
3029 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td>
3030 <td><input type='TEXT' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}' size='30' /></td></tr>
3031<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn device'}</td>
3032 <td><select name='DDEVICE' ><option value='tun' $selected{'DDEVICE'}{'tun'}>TUN</option>
3033 <option value='tap' $selected{'DDEVICE'}{'tap'}>TAP</option></select></td>
3034<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
3035 <td><select name='DPROTOCOL'><option value='udp' $selected{'DPROTOCOL'}{'udp'}>UDP</option>
3036 <option value='tcp' $selected{'DPROTOCOL'}{'tcp'}>TCP</option></select></td>
3037 <td class='boldbase'>$Lang::tr{'destination port'}:</td>
3038 <td><input type='TEXT' name='DDEST_PORT' value='$cgiparams{'DDEST_PORT'}' size='5' /></td></tr>
3039<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;</td>
3040 <td> <input type='TEXT' name='DMTU' VALUE='$cgiparams{'DMTU'}'size='5' /></TD>
3041<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
3042 <td><input type='checkbox' name='DCOMPLZO' $checked{'DCOMPLZO'}{'on'} /></td>
3043 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>
3044 <td><select name='DCIPHER'><option value='DES-CBC' $selected{'DCIPHER'}{'DES-CBC'}>DES-CBC</option>
3045 <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC</option>
3046 <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC</option>
3047 <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC</option>
3048 <option value='RC2-CBC' $selected{'DCIPHER'}{'RC2-CBC'}>RC2-CBC</option>
3049 <option value='RC2-40-CBC' $selected{'DCIPHER'}{'RC2-40-CBC'}>RC2-40-CBC</option>
3050 <option value='RC2-64-CBC' $selected{'DCIPHER'}{'RC2-64-CBC'}>RC2-64-CBC</option>
3051 <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC</option>
3052 <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>
3053 <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>
3054 <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>
3055 <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td>
6e13d0a5 3056END
bb89e92a
MT		 3057;
3058
3059if ( $srunning eq "yes" ) {
3060 print "<tr><td align='left'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' disabled='disabled' /></td>";
3061 print "<td><input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' disabled='disabled'/></td>";
3062 print "<td><input type='submit' name='ACTION' value='$Lang::tr{'stop ovpn server'}' /></td>";
3063 print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' /></td></tr>";
3064} else{
3065 print "<tr><td align='left'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>";
3066 print "<td><input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' /></td>";
3067 if (( -e "${General::swroot}/ovpn/ca/cacert.pem" &&
3068 -e "${General::swroot}/ovpn/ca/dh1024.pem" &&
3069 -e "${General::swroot}/ovpn/certs/servercert.pem" &&
3070 -e "${General::swroot}/ovpn/certs/serverkey.pem") &&
3071 (( $cgiparams{'ENABLED'} eq 'on') ||
3072 ( $cgiparams{'ENABLED_BLUE'} eq 'on') ||
3073 ( $cgiparams{'ENABLED_ORANGE'} eq 'on'))){
3074 print "<td><input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' /></td>";
3075 print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' /></td></tr>";
3076 } else {
3077 print "<td><input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' disabled='disabled' /></td>";
3078 print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' disabled='disabled' /></td></tr>";
3079 }
3080}
3081print "</form></table>";
3082&Header::closebox();
3083#RWSERVER
3084&Ovpnfunc::rwclientstatus($activeonrun);
3085&Ovpnfunc::net2netstatus($activeonrun);
6e13d0a5 3086&Header::closepage();
Peter's tree of IPFire 2.x