]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blame - html/cgi-bin/ovpnmain.cgi
projects / people / pmueller / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
firewall.cgi: Use new system commands
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / ovpnmain.cgi
CommitLineData
6e13d0a5 1#!/usr/bin/perl
70df8302
MT		 2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
49abe7af 5# Copyright (C) 2007-2014 IPFire Team <info@ipfire.org> #
70df8302
MT		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
54fd0535 21###
f527e53f 22# Based on IPFireCore 77
54fd0535 23###
6e13d0a5
MT		 24use CGI;
25use CGI qw/:standard/;
26use Net::DNS;
ce9abb66 27use Net::Ping;
54fd0535 28use Net::Telnet;
6e13d0a5
MT		 29use File::Copy;
30use File::Temp qw/ tempfile tempdir /;
31use strict;
32use Archive::Zip qw(:ERROR_CODES :CONSTANTS);
eff2dbf8 33use Sort::Naturally;
6e13d0a5 34require '/var/ipfire/general-functions.pl';
6e13d0a5
MT		 35require "${General::swroot}/lang.pl";
36require "${General::swroot}/header.pl";
37require "${General::swroot}/countries.pl";
e2e270e1 38require "${General::swroot}/location-functions.pl";
6e13d0a5
MT		 39
40# enable only the following on debugging purpose
8c877a82
AM		 41#use warnings;
42#use CGI::Carp 'fatalsToBrowser';
6e13d0a5 43#workaround to suppress a warning when a variable is used only once
8c877a82 44my @dummy = ( ${Header::colourgreen}, ${Header::colourblue} );
6e13d0a5
MT		 45undef (@dummy);
46
f2fdd0c1
CS		 47my %color = ();
48my %mainsettings = ();
49&General::readhash("${General::swroot}/main/settings", \%mainsettings);
8186b372 50&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
6e13d0a5
MT		 51
52###
53### Initialize variables
54###
e81be1e1
AM		 55my %ccdconfhash=();
56my %ccdroutehash=();
57my %ccdroute2hash=();
6e13d0a5
MT		 58my %netsettings=();
59my %cgiparams=();
60my %vpnsettings=();
61my %checked=();
62my %confighash=();
63my %cahash=();
64my %selected=();
65my $warnmessage = '';
66my $errormessage = '';
400c8afd
EK		 67my $cryptoerror = '';
68my $cryptowarning = '';
6e13d0a5 69my %settings=();
54fd0535 70my $routes_push_file = '';
df9b48b7
AM		 71my $confighost="${General::swroot}/fwhosts/customhosts";
72my $configgrp="${General::swroot}/fwhosts/customgroups";
73my $customnet="${General::swroot}/fwhosts/customnetworks";
74my $name;
99bfa85c 75my $col="";
ffbe77c8
EK		 76my $local_serverconf = "${General::swroot}/ovpn/scripts/server.conf.local";
77my $local_clientconf = "${General::swroot}/ovpn/scripts/client.conf.local";
78
6e13d0a5
MT		 79&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
80$cgiparams{'ENABLED'} = 'off';
81$cgiparams{'ENABLED_BLUE'} = 'off';
82$cgiparams{'ENABLED_ORANGE'} = 'off';
83$cgiparams{'EDIT_ADVANCED'} = 'off';
84$cgiparams{'NAT'} = 'off';
85$cgiparams{'COMPRESSION'} = 'off';
86$cgiparams{'ONLY_PROPOSED'} = 'off';
87$cgiparams{'ACTION'} = '';
88$cgiparams{'CA_NAME'} = '';
4c962356
EK		 89$cgiparams{'DH_NAME'} = 'dh1024.pem';
90$cgiparams{'DHLENGHT'} = '';
6e13d0a5
MT		 91$cgiparams{'DHCP_DOMAIN'} = '';
92$cgiparams{'DHCP_DNS'} = '';
93$cgiparams{'DHCP_WINS'} = '';
54fd0535 94$cgiparams{'ROUTES_PUSH'} = '';
6e13d0a5 95$cgiparams{'DCOMPLZO'} = 'off';
a79fa1d6 96$cgiparams{'MSSFIX'} = '';
8c877a82 97$cgiparams{'number'} = '';
4c962356 98$cgiparams{'DCIPHER'} = '';
49abe7af
EK		 99$cgiparams{'DAUTH'} = '';
100$cgiparams{'TLSAUTH'} = '';
54fd0535 101$routes_push_file = "${General::swroot}/ovpn/routes_push";
400c8afd
EK		 102# Perform crypto and configration test
103&pkiconfigcheck;
ffbe77c8
EK		 104
105# Add CCD files if not already presant
106unless (-e $routes_push_file) {
107 open(RPF, ">$routes_push_file");
108 close(RPF);
109}
110unless (-e "${General::swroot}/ovpn/ccd.conf") {
111 open(CCDC, ">${General::swroot}/ovpn/ccd.conf");
112 close (CCDC);
113}
114unless (-e "${General::swroot}/ovpn/ccdroute") {
115 open(CCDR, ">${General::swroot}/ovpn/ccdroute");
116 close (CCDR);
117}
118unless (-e "${General::swroot}/ovpn/ccdroute2") {
119 open(CCDRT, ">${General::swroot}/ovpn/ccdroute2");
120 close (CCDRT);
121}
122# Add additional configs if not already presant
123unless (-e "$local_serverconf") {
124 open(LSC, ">$local_serverconf");
125 close (LSC);
126}
127unless (-e "$local_clientconf") {
128 open(LCC, ">$local_clientconf");
129 close (LCC);
130}
ce9abb66 131
6e13d0a5
MT		 132&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
133
134# prepare openvpn config file
135###
136### Useful functions
137###
c6c9630e
MT		 138sub haveOrangeNet
139{
13211b21
CS		 140 if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;}
141 if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
c6c9630e
MT		 142 return 0;
143}
144
145sub haveBlueNet
146{
13211b21 147 if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;}
c6c9630e 148 if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
c6c9630e
MT		 149 return 0;
150}
151
152sub sizeformat{
153 my $bytesize = shift;
154 my $i = 0;
155
156 while(abs($bytesize) >= 1024){
157 $bytesize=$bytesize/1024;
158 $i++;
159 last if($i==6);
160 }
161
162 my @units = ("Bytes","KB","MB","GB","TB","PB","EB");
163 my $newsize=(int($bytesize*100 +0.5))/100;
164 return("$newsize $units[$i]");
165}
166
c6c9630e
MT		 167sub cleanssldatabase
168{
169 if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
170 print FILE "01";
171 close FILE;
172 }
173 if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt")) {
174 print FILE "";
175 close FILE;
176 }
e6f7f8e7
EK		 177 if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt.attr")) {
178 print FILE "";
179 close FILE;
180 }
c6c9630e 181 unlink ("${General::swroot}/ovpn/certs/index.txt.old");
e6f7f8e7 182 unlink ("${General::swroot}/ovpn/certs/index.txt.attr.old");
c6c9630e
MT		 183 unlink ("${General::swroot}/ovpn/certs/serial.old");
184 unlink ("${General::swroot}/ovpn/certs/01.pem");
185}
186
187sub newcleanssldatabase
188{
189 if (! -s "${General::swroot}/ovpn/certs/serial" ) {
190 open(FILE, ">${General::swroot}(ovpn/certs/serial");
191 print FILE "01";
192 close FILE;
193 }
194 if (! -s ">${General::swroot}/ovpn/certs/index.txt") {
195 system ("touch ${General::swroot}/ovpn/certs/index.txt");
196 }
e6f7f8e7
EK		 197 if (! -s ">${General::swroot}/ovpn/certs/index.txt.attr") {
198 system ("touch ${General::swroot}/ovpn/certs/index.txt.attr");
199 }
c6c9630e 200 unlink ("${General::swroot}/ovpn/certs/index.txt.old");
e6f7f8e7 201 unlink ("${General::swroot}/ovpn/certs/index.txt.attr.old");
c6c9630e
MT		 202 unlink ("${General::swroot}/ovpn/certs/serial.old");
203}
204
205sub deletebackupcert
206{
207 if (open(FILE, "${General::swroot}/ovpn/certs/serial.old")) {
208 my $hexvalue = <FILE>;
209 chomp $hexvalue;
210 close FILE;
211 unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem");
212 }
213}
4c962356 214
400c8afd
EK		 215###
216### Check for PKI and configure problems
217###
218
219sub pkiconfigcheck
220{
221 # Warning if DH parameter is 1024 bit
222 if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
223 my $dhparameter = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}`;
224 my @dhbit = ($dhparameter =~ /(\d+)/);
225 if ($1 < 2048) {
226 $cryptoerror = "$Lang::tr{'ovpn error dh'}";
227 goto CRYPTO_ERROR;
228 }
229 }
230
231 # Warning if md5 is in usage
232 if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
233 my $signature = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
234 if ($signature =~ /md5WithRSAEncryption/) {
235 $cryptoerror = "$Lang::tr{'ovpn error md5'}";
236 goto CRYPTO_ERROR;
237 }
238 }
239
240 CRYPTO_ERROR:
241
242 # Warning if certificate is not compliant to RFC3280 TLS rules
243 if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
244 my $extendkeyusage = `/usr/bin/openssl x509 -noout -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
245 if ($extendkeyusage !~ /TLS Web Server Authentication/) {
246 $cryptowarning = "$Lang::tr{'ovpn warning rfc3280'}";
247 goto CRYPTO_WARNING;
248 }
249 }
250
251 CRYPTO_WARNING:
252}
253
c6c9630e 254sub writeserverconf {
54fd0535
MT		 255 my %sovpnsettings = ();
256 my @temp = ();
c6c9630e 257 &General::readhash("${General::swroot}/ovpn/settings", \%sovpnsettings);
54fd0535
MT		 258 &read_routepushfile;
259
c6c9630e
MT		 260 open(CONF, ">${General::swroot}/ovpn/server.conf") or die "Unable to open ${General::swroot}/ovpn/server.conf: $!";
261 flock CONF, 2;
262 print CONF "#OpenVPN Server conf\n";
263 print CONF "\n";
264 print CONF "daemon openvpnserver\n";
265 print CONF "writepid /var/run/openvpn.pid\n";
afabe9f7 266 print CONF "#DAN prepare OpenVPN for listening on blue and orange\n";
c6c9630e 267 print CONF ";local $sovpnsettings{'VPN_IP'}\n";
79e7688b 268 print CONF "dev tun\n";
c6c9630e
MT		 269 print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
270 print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
a4fd2325 271 print CONF "script-security 3\n";
07675dc3 272 print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n";
6140e7e0 273 print CONF "client-config-dir /var/ipfire/ovpn/ccd\n";
c6c9630e 274 print CONF "tls-server\n";
4c962356
EK		 275 print CONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
276 print CONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
277 print CONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
49abe7af 278 print CONF "dh ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}\n";
c6c9630e
MT		 279 my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'});
280 print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n";
8c877a82 281 #print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
4c962356 282
d6989b4b 283 print CONF "tun-mtu $sovpnsettings{'DMTU'}\n";
2ee746be 284
54fd0535 285 if ($vpnsettings{'ROUTES_PUSH'} ne '') {
8c877a82
AM		 286 @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'});
287 foreach (@temp)
288 {
289 @tempovpnsubnet = split("\/",&General::ipcidr2msk($_));
290 print CONF "push \"route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . "\"\n";
291 }
54fd0535 292 }
8c877a82
AM		 293# a.marx ccd
294 my %ccdconfhash=();
295 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
296 foreach my $key (keys %ccdconfhash) {
297 my $a=$ccdconfhash{$key}[1];
298 my ($b,$c) = split (/\//, $a);
299 print CONF "route $b ".&General::cidrtosub($c)."\n";
300 }
301 my %ccdroutehash=();
302 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
303 foreach my $key (keys %ccdroutehash) {
304 foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
305 my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]);
306 print CONF "route $a $b\n";
307 }
308 }
309# ccd end
54fd0535 310
8c877a82 311 if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
c6c9630e
MT		 312 print CONF "client-to-client\n";
313 }
1de5c945 314 if ($sovpnsettings{MSSFIX} eq 'on') {
4c962356 315 print CONF "mssfix\n";
d6989b4b
MT		 316 } else {
317 print CONF "mssfix 0\n";
1de5c945
EK		 318 }
319 if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') {
4c962356 320 print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
a79fa1d6 321 }
2ee746be 322
c6c9630e
MT		 323 if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {
324 print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
325 }
326 print CONF "status-version 1\n";
87fe47e9 327 print CONF "status /var/run/ovpnserver.log 30\n";
a4fd2325 328 print CONF "ncp-disable\n";
c6c9630e 329 print CONF "cipher $sovpnsettings{DCIPHER}\n";
49abe7af 330 print CONF "auth $sovpnsettings{'DAUTH'}\n";
942446b5
EK		 331 # Set TLSv2 as minimum
332 print CONF "tls-version-min 1.2\n";
86308adb 333
49abe7af 334 if ($sovpnsettings{'TLSAUTH'} eq 'on') {
4be45949 335 print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n";
49abe7af 336 }
c6c9630e
MT		 337 if ($sovpnsettings{DCOMPLZO} eq 'on') {
338 print CONF "comp-lzo\n";
339 }
340 if ($sovpnsettings{REDIRECT_GW_DEF1} eq 'on') {
341 print CONF "push \"redirect-gateway def1\"\n";
342 }
343 if ($sovpnsettings{DHCP_DOMAIN} ne '') {
344 print CONF "push \"dhcp-option DOMAIN $sovpnsettings{DHCP_DOMAIN}\"\n";
345 }
346
347 if ($sovpnsettings{DHCP_DNS} ne '') {
348 print CONF "push \"dhcp-option DNS $sovpnsettings{DHCP_DNS}\"\n";
349 }
350
351 if ($sovpnsettings{DHCP_WINS} ne '') {
352 print CONF "push \"dhcp-option WINS $sovpnsettings{DHCP_WINS}\"\n";
353 }
354
fa527476 355 if ($sovpnsettings{MAX_CLIENTS} eq '') {
c6c9630e 356 print CONF "max-clients 100\n";
a79fa1d6 357 }
fa527476 358 if ($sovpnsettings{MAX_CLIENTS} ne '') {
c6c9630e
MT		 359 print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n";
360 }
1d0a260a 361 print CONF "tls-verify /usr/lib/openvpn/verify\n";
c6c9630e
MT		 362 print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n";
363 print CONF "user nobody\n";
364 print CONF "group nobody\n";
365 print CONF "persist-key\n";
366 print CONF "persist-tun\n";
367 if ($sovpnsettings{LOG_VERB} ne '') {
368 print CONF "verb $sovpnsettings{LOG_VERB}\n";
369 } else {
370 print CONF "verb 3\n";
ffbe77c8 371 }
708f2b73
MT		 372
373 print CONF "# Log clients connecting/disconnecting\n";
374 print CONF "client-connect \"/usr/sbin/openvpn-metrics client-connect\"\n";
375 print CONF "client-disconnect \"/usr/sbin/openvpn-metrics client-disconnect\"\n";
376
ffbe77c8
EK		 377 # Print server.conf.local if entries exist to server.conf
378 if ( !-z $local_serverconf && $sovpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') {
379 open (LSC, "$local_serverconf");
380 print CONF "\n#---------------------------\n";
381 print CONF "# Start of custom directives\n";
382 print CONF "# from server.conf.local\n";
383 print CONF "#---------------------------\n\n";
384 while (<LSC>) {
385 print CONF $_;
386 }
387 print CONF "\n#-----------------------------\n";
388 print CONF "# End of custom directives\n";
389 print CONF "#-----------------------------\n";
390 close (LSC);
391 }
c6c9630e
MT		 392 print CONF "\n";
393
394 close(CONF);
395}
8c877a82 396
c6c9630e 397sub emptyserverlog{
87fe47e9 398 if (open(FILE, ">/var/run/ovpnserver.log")) {
c6c9630e
MT		 399 flock FILE, 2;
400 print FILE "";
401 close FILE;
402 }
403
404}
405
8c877a82
AM		 406sub delccdnet
407{
408 my %ccdconfhash = ();
409 my %ccdhash = ();
410 my $ccdnetname=$_[0];
411 if (-f "${General::swroot}/ovpn/ovpnconfig"){
412 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
413 foreach my $key (keys %ccdhash) {
414 if ($ccdhash{$key}[32] eq $ccdnetname) {
415 $errormessage=$Lang::tr{'ccd err hostinnet'};
416 return;
417 }
418 }
419 }
420 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
421 foreach my $key (keys %ccdconfhash) {
422 if ($ccdconfhash{$key}[0] eq $ccdnetname){
423 delete $ccdconfhash{$key};
424 }
425 }
426 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
427
428 &writeserverconf;
429 return 0;
430}
431
432sub addccdnet
433{
434 my %ccdconfhash=();
435 my @ccdconf=();
436 my $ccdname=$_[0];
437 my $ccdnet=$_[1];
8c877a82
AM		 438 my $subcidr;
439 my @ip2=();
440 my $checkup;
441 my $ccdip;
442 my $baseaddress;
290007b3
AM		 443
444
445 #check name
446 if ($ccdname eq '')
447 {
448 $errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>";
449 return
450 }
451
452 if(!&General::validhostname($ccdname))
453 {
8c877a82
AM		 454 $errormessage=$Lang::tr{'ccd err invalidname'};
455 return;
456 }
290007b3
AM		 457
458 ($ccdip,$subcidr) = split (/\//,$ccdnet);
459 $subcidr=&General::iporsubtocidr($subcidr);
460 #check subnet
461 if ($subcidr > 30)
462 {
8c877a82
AM		 463 $errormessage=$Lang::tr{'ccd err invalidnet'};
464 return;
465 }
290007b3
AM		 466 #check ip
467 if (!&General::validipandmask($ccdnet)){
468 $errormessage=$Lang::tr{'ccd err invalidnet'};
469 return;
8c877a82 470 }
b6c60092 471
8c877a82
AM		 472 if (!$errormessage) {
473 my %ccdconfhash=();
474 $baseaddress=&General::getnetworkip($ccdip,$subcidr);
475 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
476 my $key = &General::findhasharraykey (\%ccdconfhash);
477 foreach my $i (0 .. 1) { $ccdconfhash{$key}[$i] = "";}
478 $ccdconfhash{$key}[0] = $ccdname;
479 $ccdconfhash{$key}[1] = $baseaddress."/".$subcidr;
480 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
481 &writeserverconf;
482 $cgiparams{'ccdname'}='';
483 $cgiparams{'ccdsubnet'}='';
484 return 1;
485 }
486}
487
488sub modccdnet
489{
490
491 my $newname=$_[0];
492 my $oldname=$_[1];
493 my %ccdconfhash=();
494 my %ccdhash=();
7ad653cc
SS		 495
496 # Check if the new name is valid.
497 if(!&General::validhostname($newname)) {
498 $errormessage=$Lang::tr{'ccd err invalidname'};
499 return;
500 }
501
8c877a82
AM		 502 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
503 foreach my $key (keys %ccdconfhash) {
504 if ($ccdconfhash{$key}[0] eq $oldname) {
505 foreach my $key1 (keys %ccdconfhash) {
506 if ($ccdconfhash{$key1}[0] eq $newname){
507 $errormessage=$errormessage.$Lang::tr{'ccd err netadrexist'};
508 return;
509 }else{
510 $ccdconfhash{$key}[0]= $newname;
511 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
512 last;
513 }
514 }
515 }
516 }
517
518 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
519 foreach my $key (keys %ccdhash) {
520 if ($ccdhash{$key}[32] eq $oldname) {
521 $ccdhash{$key}[32]=$newname;
522 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
523 last;
524 }
525 }
526
527 return 0;
528}
529sub ccdmaxclients
530{
531 my $ccdnetwork=$_[0];
532 my @octets=();
533 my @subnet=();
534 @octets=split("\/",$ccdnetwork);
535 @subnet= split /\./, &General::cidrtosub($octets[1]);
536 my ($a,$b,$c,$d,$e);
537 $a=256-$subnet[0];
538 $b=256-$subnet[1];
539 $c=256-$subnet[2];
540 $d=256-$subnet[3];
541 $e=($a*$b*$c*$d)/4;
542 return $e-1;
543}
544
545sub getccdadresses
546{
547 my $ipin=$_[0];
548 my ($ip1,$ip2,$ip3,$ip4)=split /\./, $ipin;
549 my $cidr=$_[1];
550 chomp($cidr);
551 my $count=$_[2];
552 my $hasip=$_[3];
553 chomp($hasip);
554 my @iprange=();
555 my %ccdhash=();
556 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
d9fe5693 557 $iprange[0]=$ip1.".".$ip2.".".$ip3.".".($ip4+2);
ac87f371 558 for (my $i=1;$i<=$count;$i++) {
8c877a82
AM		 559 my $tmpip=$iprange[$i-1];
560 my $stepper=$i*4;
561 $iprange[$i]= &General::getnextip($tmpip,4);
562 }
563 my $r=0;
564 foreach my $key (keys %ccdhash) {
565 $r=0;
566 foreach my $tmp (@iprange){
567 my ($net,$sub) = split (/\//,$ccdhash{$key}[33]);
568 if ($net eq $tmp) {
569 if ( $hasip ne $ccdhash{$key}[33] ){
570 splice (@iprange,$r,1);
571 }
572 }
573 $r++;
574 }
575 }
576 return @iprange;
577}
578
579sub fillselectbox
580{
581 my $boxname=$_[1];
582 my ($ccdip,$subcidr) = split("/",$_[0]);
583 my $tz=$_[2];
584 my @allccdips=&getccdadresses($ccdip,$subcidr,&ccdmaxclients($ccdip."/".$subcidr),$tz);
585 print"<select name='$boxname' STYLE='font-family : arial; font-size : 9pt; width:130px;' >";
586 foreach (@allccdips) {
587 my $ip=$_."/30";
588 chomp($ip);
589 print "<option value='$ip' ";
590 if ( $ip eq $cgiparams{$boxname} ){
591 print"selected";
592 }
593 print ">$ip</option>";
594 }
595 print "</select>";
596}
597
598sub hostsinnet
599{
600 my $name=$_[0];
601 my %ccdhash=();
602 my $i=0;
603 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
604 foreach my $key (keys %ccdhash) {
605 if ($ccdhash{$key}[32] eq $name){ $i++;}
606 }
607 return $i;
608}
609
610sub check_routes_push
611{
612 my $val=$_[0];
613 my ($ip,$cidr) = split (/\//, $val);
614 ##check for existing routes in routes_push
615 if (-e "${General::swroot}/ovpn/routes_push") {
616 open(FILE,"${General::swroot}/ovpn/routes_push");
617 while (<FILE>) {
618 $_=~s/\s*$//g;
619
620 my ($ip2,$cidr2) = split (/\//,"$_");
621 my $val2=$ip2."/".&General::iporsubtodec($cidr2);
622
623 if($val eq $val2){
624 return 0;
625 }
626 #subnetcheck
627 if (&General::IpInSubnet ($ip,$ip2,&General::iporsubtodec($cidr2))){
628 return 0;
629 }
630 };
631 close(FILE);
632 }
633 return 1;
634}
635
636sub check_ccdroute
637{
638 my %ccdroutehash=();
639 my $val=$_[0];
640 my ($ip,$cidr) = split (/\//, $val);
641 #check for existing routes in ccdroute
642 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
643 foreach my $key (keys %ccdroutehash) {
644 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
645 if (&General::iporsubtodec($val) eq $ccdroutehash{$key}[$i] && $ccdroutehash{$key}[0] ne $cgiparams{'NAME'}){
646 return 0;
647 }
648 my ($ip2,$cidr2) = split (/\//,$ccdroutehash{$key}[$i]);
649 #subnetcheck
650 if (&General::IpInSubnet ($ip,$ip2,$cidr2)&& $ccdroutehash{$key}[0] ne $cgiparams{'NAME'} ){
651 return 0;
652 }
653 }
654 }
655 return 1;
656}
657sub check_ccdconf
658{
659 my %ccdconfhash=();
660 my $val=$_[0];
661 my ($ip,$cidr) = split (/\//, $val);
662 #check for existing routes in ccdroute
663 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
664 foreach my $key (keys %ccdconfhash) {
665 if (&General::iporsubtocidr($val) eq $ccdconfhash{$key}[1]){
666 return 0;
667 }
668 my ($ip2,$cidr2) = split (/\//,$ccdconfhash{$key}[1]);
669 #subnetcheck
670 if (&General::IpInSubnet ($ip,$ip2,&General::cidrtosub($cidr2))){
671 return 0;
672 }
673
674 }
675 return 1;
676}
677
7c1d9faf
AH		 678###
679# m.a.d net2net
680###
681
682sub validdotmask
683{
684 my $ipdotmask = $_[0];
685 if (&General::validip($ipdotmask)) { return 0; }
686 if (!($ipdotmask =~ /^(.*?)\/(.*?)$/)) { }
687 my $mask = $2;
688 if (($mask =~ /\./ )) { return 0; }
689 return 1;
690}
54fd0535
MT		 691
692# -------------------------------------------------------------------
693
694sub write_routepushfile
695{
696 open(FILE, ">$routes_push_file");
697 flock(FILE, 2);
698 if ($vpnsettings{'ROUTES_PUSH'} ne '') {
699 print FILE $vpnsettings{'ROUTES_PUSH'};
700 }
701 close(FILE);
702}
703
704sub read_routepushfile
705{
706 if (-e "$routes_push_file") {
707 open(FILE,"$routes_push_file");
708 delete $vpnsettings{'ROUTES_PUSH'};
709 while (<FILE>) { $vpnsettings{'ROUTES_PUSH'} .= $_ };
710 close(FILE);
711 $cgiparams{'ROUTES_PUSH'} = $vpnsettings{'ROUTES_PUSH'};
8c877a82 712
54fd0535
MT		 713 }
714}
7c1d9faf 715
775b4494
AM		 716sub writecollectdconf {
717 my $vpncollectd;
718 my %ccdhash=();
719
720 open(COLLECTDVPN, ">${General::swroot}/ovpn/collectd.vpn") or die "Unable to open collectd.vpn: $!";
721 print COLLECTDVPN "Loadplugin openvpn\n";
722 print COLLECTDVPN "\n";
723 print COLLECTDVPN "<Plugin openvpn>\n";
724 print COLLECTDVPN "Statusfile \"/var/run/ovpnserver.log\"\n";
725
726 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
727 foreach my $key (keys %ccdhash) {
728 if ($ccdhash{$key}[0] eq 'on' && $ccdhash{$key}[3] eq 'net') {
729 print COLLECTDVPN "Statusfile \"/var/run/openvpn/$ccdhash{$key}[1]-n2n\"\n";
730 }
731 }
732
733 print COLLECTDVPN "</Plugin>\n";
734 close(COLLECTDVPN);
735
736 # Reload collectd afterwards
737 system("/usr/local/bin/collectdctrl restart &>/dev/null");
738}
7c1d9faf 739
c6c9630e
MT		 740#hier die refresh page
741if ( -e "${General::swroot}/ovpn/gencanow") {
742 my $refresh = '';
743 $refresh = "<meta http-equiv='refresh' content='15;' />";
744 &Header::showhttpheaders();
745 &Header::openpage($Lang::tr{'OVPN'}, 1, $refresh);
746 &Header::openbigbox('100%', 'center');
747 &Header::openbox('100%', 'left', "$Lang::tr{'generate root/host certificates'}:");
748 print "<tr>\n<td align='center'><img src='/images/clock.gif' alt='' /></td>\n";
749 print "<td colspan='2'><font color='red'>Please be patient this realy can take some time on older hardware...</font></td></tr>\n";
750 &Header::closebox();
751 &Header::closebigbox();
752 &Header::closepage();
753 exit (0);
754}
755##hier die refresh page
756
6e13d0a5
MT		 757
758###
759### OpenVPN Server Control
760###
761if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'} ||
762 $cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'} ||
763 $cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}) {
6e13d0a5
MT		 764 #start openvpn server
765 if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'}){
c6c9630e 766 &emptyserverlog();
6e13d0a5
MT		 767 system('/usr/local/bin/openvpnctrl', '-s');
768 }
769 #stop openvpn server
770 if ($cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'}){
6e13d0a5 771 system('/usr/local/bin/openvpnctrl', '-k');
c6c9630e 772 &emptyserverlog();
6e13d0a5
MT		 773 }
774# #restart openvpn server
8c877a82 775# if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){
6e13d0a5 776#workarund, till SIGHUP also works when running as nobody
8c877a82
AM		 777# system('/usr/local/bin/openvpnctrl', '-r');
778# &emptyserverlog();
779# }
6e13d0a5
MT		 780}
781
782###
783### Save Advanced options
784###
785
786if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
787 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
788 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
789 #DAN this value has to leave.
790#new settings for daemon
791 $vpnsettings{'LOG_VERB'} = $cgiparams{'LOG_VERB'};
792 $vpnsettings{'KEEPALIVE_1'} = $cgiparams{'KEEPALIVE_1'};
793 $vpnsettings{'KEEPALIVE_2'} = $cgiparams{'KEEPALIVE_2'};
794 $vpnsettings{'MAX_CLIENTS'} = $cgiparams{'MAX_CLIENTS'};
795 $vpnsettings{'REDIRECT_GW_DEF1'} = $cgiparams{'REDIRECT_GW_DEF1'};
796 $vpnsettings{'CLIENT2CLIENT'} = $cgiparams{'CLIENT2CLIENT'};
6a9d9ff4 797 $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
ffbe77c8 798 $vpnsettings{'ADDITIONAL_CONFIGS'} = $cgiparams{'ADDITIONAL_CONFIGS'};
6e13d0a5
MT		 799 $vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'};
800 $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
801 $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
54fd0535
MT		 802 $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
803 my @temp=();
6e13d0a5 804
a79fa1d6
JPT		 805 if ($cgiparams{'FRAGMENT'} eq '') {
806 delete $vpnsettings{'FRAGMENT'};
807 } else {
808 if ($cgiparams{'FRAGMENT'} !~ /^[0-9]+$/) {
809 $errormessage = "Incorrect value, please insert only numbers.";
810 goto ADV_ERROR;
811 } else {
812 $vpnsettings{'FRAGMENT'} = $cgiparams{'FRAGMENT'};
813 }
814 }
49abe7af 815
a79fa1d6 816 if ($cgiparams{'MSSFIX'} ne 'on') {
1de5c945 817 delete $vpnsettings{'MSSFIX'};
a79fa1d6
JPT		 818 } else {
819 $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
820 }
2ee746be 821
6e13d0a5 822 if ($cgiparams{'DHCP_DOMAIN'} ne ''){
81da1b01 823 unless (&General::validdomainname($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
6e13d0a5
MT		 824 $errormessage = $Lang::tr{'invalid input for dhcp domain'};
825 goto ADV_ERROR;
826 }
827 }
828 if ($cgiparams{'DHCP_DNS'} ne ''){
829 unless (&General::validfqdn($cgiparams{'DHCP_DNS'}) || &General::validip($cgiparams{'DHCP_DNS'})) {
830 $errormessage = $Lang::tr{'invalid input for dhcp dns'};
831 goto ADV_ERROR;
832 }
833 }
834 if ($cgiparams{'DHCP_WINS'} ne ''){
835 unless (&General::validfqdn($cgiparams{'DHCP_WINS'}) || &General::validip($cgiparams{'DHCP_WINS'})) {
836 $errormessage = $Lang::tr{'invalid input for dhcp wins'};
54fd0535
MT		 837 goto ADV_ERROR;
838 }
839 }
840 if ($cgiparams{'ROUTES_PUSH'} ne ''){
841 @temp = split(/\n/,$cgiparams{'ROUTES_PUSH'});
842 undef $vpnsettings{'ROUTES_PUSH'};
8c877a82
AM		 843
844 foreach my $tmpip (@temp)
54fd0535
MT		 845 {
846 s/^\s+//g; s/\s+$//g;
8c877a82
AM		 847
848 if ($tmpip)
54fd0535 849 {
8c877a82
AM		 850 $tmpip=~s/\s*$//g;
851 unless (&General::validipandmask($tmpip)) {
852 $errormessage = "$tmpip ".$Lang::tr{'ovpn errmsg invalid ip or mask'};
853 goto ADV_ERROR;
54fd0535 854 }
8c877a82
AM		 855 my ($ip, $cidr) = split("\/",&General::ipcidr2msk($tmpip));
856
54fd0535
MT		 857 if ($ip eq $netsettings{'GREEN_NETADDRESS'} && $cidr eq $netsettings{'GREEN_NETMASK'}) {
858 $errormessage = $Lang::tr{'ovpn errmsg green already pushed'};
8c877a82
AM		 859 goto ADV_ERROR;
860 }
861# a.marx ccd
862 my %ccdroutehash=();
863 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
864 foreach my $key (keys %ccdroutehash) {
865 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
866 if ( $ip."/".$cidr eq $ccdroutehash{$key}[$i] ){
867 $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ;
868 goto ADV_ERROR;
869 }
870 my ($ip2,$cidr2) = split(/\//,$ccdroutehash{$key}[$i]);
871 if (&General::IpInSubnet ($ip,$ip2,$cidr2)){
872 $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ;
873 goto ADV_ERROR;
874 }
875 }
54fd0535 876 }
8c877a82
AM		 877
878# ccd end
879
880 $vpnsettings{'ROUTES_PUSH'} .= $tmpip."\n";
54fd0535 881 }
8c877a82
AM		 882 }
883 &write_routepushfile;
54fd0535 884 undef $vpnsettings{'ROUTES_PUSH'};
8e148dc3
NP		 885 }
886 else {
887 undef $vpnsettings{'ROUTES_PUSH'};
888 &write_routepushfile;
6e13d0a5 889 }
ba50f66d 890 if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 1024 )) {
6e13d0a5
MT		 891 $errormessage = $Lang::tr{'invalid input for max clients'};
892 goto ADV_ERROR;
893 }
894 if ($cgiparams{'KEEPALIVE_1'} ne '') {
895 if ($cgiparams{'KEEPALIVE_1'} !~ /^[0-9]+$/) {
896 $errormessage = $Lang::tr{'invalid input for keepalive 1'};
897 goto ADV_ERROR;
898 }
899 }
900 if ($cgiparams{'KEEPALIVE_2'} ne ''){
901 if ($cgiparams{'KEEPALIVE_2'} !~ /^[0-9]+$/) {
902 $errormessage = $Lang::tr{'invalid input for keepalive 2'};
903 goto ADV_ERROR;
904 }
905 }
906 if ($cgiparams{'KEEPALIVE_2'} < ($cgiparams{'KEEPALIVE_1'} * 2)){
907 $errormessage = $Lang::tr{'invalid input for keepalive 1:2'};
908 goto ADV_ERROR;
909 }
6e13d0a5 910 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
c6c9630e 911 &writeserverconf();#hier ok
6e13d0a5
MT		 912}
913
ce9abb66 914###
7c1d9faf 915# m.a.d net2net
ce9abb66
AH		 916###
917
918if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'server')
919{
c6c9630e 920
ce9abb66
AH		 921my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
922my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'});
54fd0535 923my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
d96c89eb 924my $tunmtu = '';
531f0835
AH		 925
926unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
927unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
ce9abb66
AH		 928
929 open(SERVERCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
930
931 flock SERVERCONF, 2;
7c1d9faf 932 print SERVERCONF "# IPFire n2n Open VPN Server Config by ummeegge und m.a.d\n";
ce9abb66 933 print SERVERCONF "\n";
b278daf3 934 print SERVERCONF "# User Security\n";
ce9abb66
AH		 935 print SERVERCONF "user nobody\n";
936 print SERVERCONF "group nobody\n";
937 print SERVERCONF "persist-tun\n";
938 print SERVERCONF "persist-key\n";
7c1d9faf 939 print SERVERCONF "script-security 2\n";
60f396d7 940 print SERVERCONF "# IP/DNS for remote Server Gateway\n";
c125d8a2
SS		 941
942 if ($cgiparams{'REMOTE'} ne '') {
ce9abb66 943 print SERVERCONF "remote $cgiparams{'REMOTE'}\n";
c125d8a2
SS		 944 }
945
b278daf3 946 print SERVERCONF "float\n";
60f396d7 947 print SERVERCONF "# IP adresses of the VPN Subnet\n";
ce9abb66 948 print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n";
60f396d7 949 print SERVERCONF "# Client Gateway Network\n";
54fd0535 950 print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n";
2913185a 951 print SERVERCONF "up \"/etc/init.d/static-routes start\"\n";
60f396d7 952 print SERVERCONF "# tun Device\n";
ce9abb66 953 print SERVERCONF "dev tun\n";
5795fc1b
AM		 954 print SERVERCONF "#Logfile for statistics\n";
955 print SERVERCONF "status-version 1\n";
87fe47e9 956 print SERVERCONF "status /var/run/openvpn/$cgiparams{'NAME'}-n2n 10\n";
60f396d7 957 print SERVERCONF "# Port and Protokol\n";
ce9abb66 958 print SERVERCONF "port $cgiparams{'DEST_PORT'}\n";
5795fc1b 959
60f396d7
AH		 960 if ($cgiparams{'PROTOCOL'} eq 'tcp') {
961 print SERVERCONF "proto tcp-server\n";
962 print SERVERCONF "# Packet size\n";
d96c89eb 963 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
60f396d7 964 print SERVERCONF "tun-mtu $tunmtu\n";
d96c89eb 965 }
60f396d7
AH		 966
967 if ($cgiparams{'PROTOCOL'} eq 'udp') {
968 print SERVERCONF "proto udp\n";
969 print SERVERCONF "# Paketsize\n";
970 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
971 print SERVERCONF "tun-mtu $tunmtu\n";
54fd0535 972 if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";}
d6989b4b 973 if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; } else { print SERVERCONF "mssfix 0\n" };
d96c89eb 974 }
1647059d 975
60f396d7 976 print SERVERCONF "# Auth. Server\n";
ce9abb66
AH		 977 print SERVERCONF "tls-server\n";
978 print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
979 print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
980 print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
49abe7af 981 print SERVERCONF "dh ${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}\n";
b278daf3 982 print SERVERCONF "# Cipher\n";
4c962356 983 print SERVERCONF "cipher $cgiparams{'DCIPHER'}\n";
52f61e49
EKD		 984
985 # If GCM cipher is used, do not use --auth
986 if (($cgiparams{'DCIPHER'} eq 'AES-256-GCM') ||
987 ($cgiparams{'DCIPHER'} eq 'AES-192-GCM') ||
988 ($cgiparams{'DCIPHER'} eq 'AES-128-GCM')) {
989 print SERVERCONF unless "# HMAC algorithm\n";
990 print SERVERCONF unless "auth $cgiparams{'DAUTH'}\n";
49abe7af 991 } else {
52f61e49
EKD		 992 print SERVERCONF "# HMAC algorithm\n";
993 print SERVERCONF "auth $cgiparams{'DAUTH'}\n";
49abe7af 994 }
52f61e49 995
942446b5
EK		 996 # Set TLSv1.2 as minimum
997 print SERVERCONF "tls-version-min 1.2\n";
998
ce9abb66 999 if ($cgiparams{'COMPLZO'} eq 'on') {
60f396d7 1000 print SERVERCONF "# Enable Compression\n";
66298ef2 1001 print SERVERCONF "comp-lzo\n";
b278daf3 1002 }
60f396d7 1003 print SERVERCONF "# Debug Level\n";
ce9abb66 1004 print SERVERCONF "verb 3\n";
b278daf3 1005 print SERVERCONF "# Tunnel check\n";
ce9abb66 1006 print SERVERCONF "keepalive 10 60\n";
60f396d7 1007 print SERVERCONF "# Start as daemon\n";
ce9abb66
AH		 1008 print SERVERCONF "daemon $cgiparams{'NAME'}n2n\n";
1009 print SERVERCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n";
60f396d7 1010 print SERVERCONF "# Activate Management Interface and Port\n";
54fd0535
MT		 1011 if ($cgiparams{'OVPN_MGMT'} eq '') {print SERVERCONF "management localhost $cgiparams{'DEST_PORT'}\n"}
1012 else {print SERVERCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"};
ce9abb66
AH		 1013 close(SERVERCONF);
1014
1015}
1016
1017###
7c1d9faf 1018# m.a.d net2net
ce9abb66 1019###
7c1d9faf 1020
ce9abb66
AH		 1021if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client')
1022{
4c962356 1023
ce9abb66 1024 my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'});
54fd0535 1025 my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
ce9abb66 1026 my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
d96c89eb 1027 my $tunmtu = '';
54fd0535 1028
531f0835
AH		 1029unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
1030unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
ce9abb66
AH		 1031
1032 open(CLIENTCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
1033
1034 flock CLIENTCONF, 2;
7c1d9faf 1035 print CLIENTCONF "# IPFire rewritten n2n Open VPN Client Config by ummeegge und m.a.d\n";
ce9abb66 1036 print CLIENTCONF "#\n";
b278daf3 1037 print CLIENTCONF "# User Security\n";
ce9abb66
AH		 1038 print CLIENTCONF "user nobody\n";
1039 print CLIENTCONF "group nobody\n";
1040 print CLIENTCONF "persist-tun\n";
1041 print CLIENTCONF "persist-key\n";
7c1d9faf 1042 print CLIENTCONF "script-security 2\n";
60f396d7 1043 print CLIENTCONF "# IP/DNS for remote Server Gateway\n";
ce9abb66 1044 print CLIENTCONF "remote $cgiparams{'REMOTE'}\n";
b278daf3 1045 print CLIENTCONF "float\n";
60f396d7 1046 print CLIENTCONF "# IP adresses of the VPN Subnet\n";
ce9abb66 1047 print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n";
60f396d7 1048 print CLIENTCONF "# Server Gateway Network\n";
54fd0535 1049 print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";
ebcecb4b 1050 print CLIENTCONF "up \"/etc/init.d/static-routes start\"\n";
60f396d7 1051 print CLIENTCONF "# tun Device\n";
ce9abb66 1052 print CLIENTCONF "dev tun\n";
35a21a25
AM		 1053 print CLIENTCONF "#Logfile for statistics\n";
1054 print CLIENTCONF "status-version 1\n";
1055 print CLIENTCONF "status /var/run/openvpn/$cgiparams{'NAME'}-n2n 10\n";
60f396d7 1056 print CLIENTCONF "# Port and Protokol\n";
ce9abb66 1057 print CLIENTCONF "port $cgiparams{'DEST_PORT'}\n";
60f396d7
AH		 1058
1059 if ($cgiparams{'PROTOCOL'} eq 'tcp') {
1060 print CLIENTCONF "proto tcp-client\n";
1061 print CLIENTCONF "# Packet size\n";
d96c89eb 1062 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
60f396d7 1063 print CLIENTCONF "tun-mtu $tunmtu\n";
d96c89eb 1064 }
60f396d7
AH		 1065
1066 if ($cgiparams{'PROTOCOL'} eq 'udp') {
1067 print CLIENTCONF "proto udp\n";
1068 print CLIENTCONF "# Paketsize\n";
1069 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
1070 print CLIENTCONF "tun-mtu $tunmtu\n";
54fd0535 1071 if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";}
d6989b4b 1072 if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; } else { print CLIENTCONF "mssfix 0\n" };
d96c89eb 1073 }
1647059d 1074
b66b02ab
EK		 1075 # Check host certificate if X509 is RFC3280 compliant.
1076 # If not, old --ns-cert-type directive will be used.
1077 # If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
1078 my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
1079 if ($hostcert !~ /TLS Web Server Authentication/) {
1080 print CLIENTCONF "ns-cert-type server\n";
1081 } else {
1082 print CLIENTCONF "remote-cert-tls server\n";
1083 }
ce9abb66
AH		 1084 print CLIENTCONF "# Auth. Client\n";
1085 print CLIENTCONF "tls-client\n";
b278daf3 1086 print CLIENTCONF "# Cipher\n";
4c962356 1087 print CLIENTCONF "cipher $cgiparams{'DCIPHER'}\n";
ce9abb66 1088 print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n";
52f61e49
EKD		 1089
1090 # If GCM cipher is used, do not use --auth
1091 if (($cgiparams{'DCIPHER'} eq 'AES-256-GCM') ||
1092 ($cgiparams{'DCIPHER'} eq 'AES-192-GCM') ||
1093 ($cgiparams{'DCIPHER'} eq 'AES-128-GCM')) {
1094 print CLIENTCONF unless "# HMAC algorithm\n";
1095 print CLIENTCONF unless "auth $cgiparams{'DAUTH'}\n";
49abe7af 1096 } else {
52f61e49
EKD		 1097 print CLIENTCONF "# HMAC algorithm\n";
1098 print CLIENTCONF "auth $cgiparams{'DAUTH'}\n";
49abe7af 1099 }
52f61e49 1100
942446b5
EK		 1101 # Set TLSv1.2 as minimum
1102 print CLIENTCONF "tls-version-min 1.2\n";
1103
ce9abb66 1104 if ($cgiparams{'COMPLZO'} eq 'on') {
60f396d7 1105 print CLIENTCONF "# Enable Compression\n";
66298ef2 1106 print CLIENTCONF "comp-lzo\n";
4c962356 1107 }
ce9abb66
AH		 1108 print CLIENTCONF "# Debug Level\n";
1109 print CLIENTCONF "verb 3\n";
b278daf3 1110 print CLIENTCONF "# Tunnel check\n";
ce9abb66 1111 print CLIENTCONF "keepalive 10 60\n";
60f396d7 1112 print CLIENTCONF "# Start as daemon\n";
ce9abb66
AH		 1113 print CLIENTCONF "daemon $cgiparams{'NAME'}n2n\n";
1114 print CLIENTCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n";
60f396d7 1115 print CLIENTCONF "# Activate Management Interface and Port\n";
54fd0535
MT		 1116 if ($cgiparams{'OVPN_MGMT'} eq '') {print CLIENTCONF "management localhost $cgiparams{'DEST_PORT'}\n"}
1117 else {print CLIENTCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"};
ce9abb66 1118 close(CLIENTCONF);
c6c9630e 1119
ce9abb66 1120}
400c8afd 1121
6e13d0a5
MT		 1122###
1123### Save main settings
1124###
ce9abb66 1125
6e13d0a5
MT		 1126if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') {
1127 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
6e13d0a5
MT		 1128 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
1129 #DAN this value has to leave.
1130 if ($cgiparams{'ENABLED'} eq 'on'){
1131 unless (&General::validfqdn($cgiparams{'VPN_IP'}) || &General::validip($cgiparams{'VPN_IP'})) {
1132 $errormessage = $Lang::tr{'invalid input for hostname'};
c6c9630e 1133 goto SETTINGS_ERROR;
6e13d0a5
MT		 1134 }
1135 }
f7fb5bc5 1136
6e13d0a5 1137 if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) {
c6c9630e 1138 $errormessage = $Lang::tr{'ovpn subnet is invalid'};
4c962356 1139 goto SETTINGS_ERROR;
c6c9630e
MT		 1140 }
1141 my @tmpovpnsubnet = split("\/",$cgiparams{'DOVPN_SUBNET'});
1142
1143 if (&General::IpInSubnet ( $netsettings{'RED_ADDRESS'},
1144 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1145 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire RED Network $netsettings{'RED_ADDRESS'}";
1146 goto SETTINGS_ERROR;
1147 }
1148
1149 if (&General::IpInSubnet ( $netsettings{'GREEN_ADDRESS'},
1150 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1151 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Green Network $netsettings{'GREEN_ADDRESS'}";
1152 goto SETTINGS_ERROR;
1153 }
1154
1155 if (&General::IpInSubnet ( $netsettings{'BLUE_ADDRESS'},
1156 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1157 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Blue Network $netsettings{'BLUE_ADDRESS'}";
1158 goto SETTINGS_ERROR;
1159 }
1160
1161 if (&General::IpInSubnet ( $netsettings{'ORANGE_ADDRESS'},
1162 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1163 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Orange Network $netsettings{'ORANGE_ADDRESS'}";
1164 goto SETTINGS_ERROR;
1165 }
1166 open(ALIASES, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.';
1167 while (<ALIASES>)
1168 {
1169 chomp($_);
1170 my @tempalias = split(/\,/,$_);
1171 if ($tempalias[1] eq 'on') {
1172 if (&General::IpInSubnet ($tempalias[0] ,
1173 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1174 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire alias entry $tempalias[0]";
1175 }
1176 }
1177 }
1178 close(ALIASES);
6e13d0a5 1179 if ($errormessage ne ''){
c6c9630e 1180 goto SETTINGS_ERROR;
6e13d0a5
MT		 1181 }
1182 if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
1183 $errormessage = $Lang::tr{'invalid input'};
1184 goto SETTINGS_ERROR;
1185 }
1186 if ((length($cgiparams{'DMTU'})==0) || (($cgiparams{'DMTU'}) < 1000 )) {
1187 $errormessage = $Lang::tr{'invalid mtu input'};
1188 goto SETTINGS_ERROR;
1189 }
1190
1191 unless (&General::validport($cgiparams{'DDEST_PORT'})) {
c6c9630e
MT		 1192 $errormessage = $Lang::tr{'invalid port'};
1193 goto SETTINGS_ERROR;
6e13d0a5 1194 }
8c252e6a 1195
b21a6319
EK		 1196 # Create ta.key for tls-auth if not presant
1197 if ($cgiparams{'TLSAUTH'} eq 'on') {
1198 if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
1199 system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
1200 if ($?) {
1201 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1202 goto SETTINGS_ERROR;
1203 }
1204 }
1205 }
1206
6e13d0a5
MT		 1207 $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
1208 $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
1209 $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
1210 $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
1211#new settings for daemon
1212 $vpnsettings{'DOVPN_SUBNET'} = $cgiparams{'DOVPN_SUBNET'};
6e13d0a5
MT		 1213 $vpnsettings{'DPROTOCOL'} = $cgiparams{'DPROTOCOL'};
1214 $vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'};
1215 $vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
1216 $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
1217 $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
86308adb 1218 $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
0c4ffc69 1219 $vpnsettings{'TLSAUTH'} = $cgiparams{'TLSAUTH'};
3ffee04b
CS		 1220#wrtie enable
1221
1222 if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");}
1223 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_orange 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_orange 2>/dev/null");}
1224 if ( $vpnsettings{'ENABLED'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable 2>/dev/null");}
6e13d0a5
MT		 1225#new settings for daemon
1226 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
c6c9630e 1227 &writeserverconf();#hier ok
6e13d0a5
MT		 1228SETTINGS_ERROR:
1229###
1230### Reset all step 2
1231###
4c962356 1232}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'} && $cgiparams{'AREUSURE'} eq 'yes') {
6e13d0a5
MT		 1233 my $file = '';
1234 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1235
1e499e90
MT		 1236 # Kill all N2N connections
1237 system("/usr/local/bin/openvpnctrl -kn2n &>/dev/null");
1238
6e13d0a5 1239 foreach my $key (keys %confighash) {
2f36a7b4
MT		 1240 my $name = $confighash{$cgiparams{'$key'}}[1];
1241
c6c9630e
MT		 1242 if ($confighash{$key}[4] eq 'cert') {
1243 delete $confighash{$cgiparams{'$key'}};
1244 }
2f36a7b4 1245
8ae4010b 1246 system ("/usr/local/bin/openvpnctrl -drrd $name &>/dev/null");
6e13d0a5
MT		 1247 }
1248 while ($file = glob("${General::swroot}/ovpn/ca/*")) {
49abe7af 1249 unlink $file;
6e13d0a5
MT		 1250 }
1251 while ($file = glob("${General::swroot}/ovpn/certs/*")) {
49abe7af 1252 unlink $file;
6e13d0a5
MT		 1253 }
1254 while ($file = glob("${General::swroot}/ovpn/crls/*")) {
49abe7af 1255 unlink $file;
6e13d0a5 1256 }
4c962356 1257 &cleanssldatabase();
6e13d0a5
MT		 1258 if (open(FILE, ">${General::swroot}/ovpn/caconfig")) {
1259 print FILE "";
1260 close FILE;
1261 }
49abe7af
EK		 1262 if (open(FILE, ">${General::swroot}/ovpn/ccdroute")) {
1263 print FILE "";
1264 close FILE;
1265 }
1266 if (open(FILE, ">${General::swroot}/ovpn/ccdroute2")) {
1267 print FILE "";
1268 close FILE;
1269 }
1270 while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
1271 unlink $file
1272 }
5795fc1b
AM		 1273 while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
1274 unlink $file
1275 }
49abe7af
EK		 1276 if (open(FILE, ">${General::swroot}/ovpn/ovpn-leases.db")) {
1277 print FILE "";
1278 close FILE;
1279 }
1280 if (open(FILE, ">${General::swroot}/ovpn/ovpnconfig")) {
1281 print FILE "";
1282 close FILE;
1283 }
1284 while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) {
1285 system ("rm -rf $file");
1286 }
1287
2f36a7b4
MT		 1288 # Remove everything from the collectd configuration
1289 &writecollectdconf();
1290
c6c9630e 1291 #&writeserverconf();
6e13d0a5
MT		 1292###
1293### Reset all step 1
1294###
4c962356 1295}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'}) {
6e13d0a5 1296 &Header::showhttpheaders();
4c962356
EK		 1297 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
1298 &Header::openbigbox('100%', 'left', '', '');
1299 &Header::openbox('100%', 'left', $Lang::tr{'are you sure'});
1300 print <<END;
1301 <form method='post'>
1302 <table width='100%'>
1303 <tr>
1304 <td align='center'>
1305 <input type='hidden' name='AREUSURE' value='yes' />
49abe7af 1306 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
4c962356
EK		 1307 $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}</td>
1308 </tr>
1309 <tr>
1310 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' />
1311 <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td>
1312 </tr>
1313 </table>
1314 </form>
6e13d0a5
MT		 1315END
1316 ;
1317 &Header::closebox();
1318 &Header::closebigbox();
1319 &Header::closepage();
1320 exit (0);
1321
4c962356
EK		 1322###
1323### Generate DH key step 2
1324###
1325} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'} && $cgiparams{'AREUSURE'} eq 'yes') {
49abe7af 1326 # Delete if old key exists
4c962356
EK		 1327 if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
1328 unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
1329 }
1330 # Create Diffie Hellmann Parameter
badd8c1c 1331 system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
4c962356
EK		 1332 if ($?) {
1333 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1334 unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
1335 }
1336
1337###
1338### Generate DH key step 1
1339###
1340} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'}) {
1341 &Header::showhttpheaders();
1342 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
1343 &Header::openbigbox('100%', 'LEFT', '', '');
1344 &Header::openbox('100%', 'LEFT', "$Lang::tr{'gen dh'}:");
1345 print <<END;
1346 <table width='100%'>
1347 <tr>
f527e53f 1348 <td width='20%'> </td> <td width='15%'></td> <td width='65%'></td>
49abe7af 1349 </tr>
4c962356
EK		 1350 <tr>
1351 <td class='base'>$Lang::tr{'ovpn dh'}:</td>
1352 <td align='center'>
1353 <form method='post'><input type='hidden' name='AREUSURE' value='yes' />
1354 <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
1355 <select name='DHLENGHT'>
4c962356
EK		 1356 <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
1357 <option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
1358 <option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
1359 </select>
1360 </td>
1361 </tr>
1362 <tr><td colspan='4'><br></td></tr>
1363 </table>
1364 <table width='100%'>
1365 <tr>
49abe7af 1366 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}: </font></b>$Lang::tr{'dh key warn'}
4c962356 1367 </tr>
49abe7af
EK		 1368 <tr>
1369 <td class='base'>$Lang::tr{'dh key warn1'}</td>
1370 </tr>
1371 <tr><td colspan='2'><br></td></tr>
4c962356
EK		 1372 <tr>
1373 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
1374 </form>
1375 </tr>
1376 </table>
1377
1378END
1379 ;
1380 &Header::closebox();
1381 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1382 &Header::closebigbox();
1383 &Header::closepage();
1384 exit (0);
1385
1386###
1387### Upload DH key
1388###
1389} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload dh key'}) {
2ad1b18b 1390 unless (ref ($cgiparams{'FH'})) {
4c962356
EK		 1391 $errormessage = $Lang::tr{'there was no file upload'};
1392 goto UPLOADCA_ERROR;
1393 }
49abe7af 1394 # Move uploaded dh key to a temporary file
4c962356
EK		 1395 (my $fh, my $filename) = tempfile( );
1396 if (copy ($cgiparams{'FH'}, $fh) != 1) {
1397 $errormessage = $!;
49abe7af 1398 goto UPLOADCA_ERROR;
4c962356 1399 }
49abe7af 1400 my $temp = `/usr/bin/openssl dhparam -text -in $filename`;
400c8afd 1401 if ($temp !~ /DH Parameters: \((2048|3072|4096) bit\)/) {
4c962356
EK		 1402 $errormessage = $Lang::tr{'not a valid dh key'};
1403 unlink ($filename);
1404 goto UPLOADCA_ERROR;
1405 } else {
1406 # Delete if old key exists
1407 if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
1408 unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
1409 }
1410 move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
49abe7af
EK		 1411 if ($? ne 0) {
1412 $errormessage = "$Lang::tr{'dh key move failed'}: $!";
1413 unlink ($filename);
1414 goto UPLOADCA_ERROR;
1415 }
4c962356
EK		 1416 }
1417
6e13d0a5
MT		 1418###
1419### Upload CA Certificate
1420###
1421} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload ca certificate'}) {
1422 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1423
1424 if ($cgiparams{'CA_NAME'} !~ /^[a-zA-Z0-9]+$/) {
1425 $errormessage = $Lang::tr{'name must only contain characters'};
1426 goto UPLOADCA_ERROR;
1427 }
1428
1429 if (length($cgiparams{'CA_NAME'}) >60) {
1430 $errormessage = $Lang::tr{'name too long'};
1431 goto VPNCONF_ERROR;
1432 }
1433
1434 if ($cgiparams{'CA_NAME'} eq 'ca') {
1435 $errormessage = $Lang::tr{'name is invalid'};
4c962356 1436 goto UPLOADCA_ERROR;
6e13d0a5
MT		 1437 }
1438
1439 # Check if there is no other entry with this name
1440 foreach my $key (keys %cahash) {
c6c9630e
MT		 1441 if ($cahash{$key}[0] eq $cgiparams{'CA_NAME'}) {
1442 $errormessage = $Lang::tr{'a ca certificate with this name already exists'};
1443 goto UPLOADCA_ERROR;
1444 }
6e13d0a5
MT		 1445 }
1446
2ad1b18b 1447 unless (ref ($cgiparams{'FH'})) {
c6c9630e
MT		 1448 $errormessage = $Lang::tr{'there was no file upload'};
1449 goto UPLOADCA_ERROR;
6e13d0a5
MT		 1450 }
1451 # Move uploaded ca to a temporary file
1452 (my $fh, my $filename) = tempfile( );
1453 if (copy ($cgiparams{'FH'}, $fh) != 1) {
c6c9630e
MT		 1454 $errormessage = $!;
1455 goto UPLOADCA_ERROR;
6e13d0a5
MT		 1456 }
1457 my $temp = `/usr/bin/openssl x509 -text -in $filename`;
c6c9630e
MT		 1458 if ($temp !~ /CA:TRUE/i) {
1459 $errormessage = $Lang::tr{'not a valid ca certificate'};
1460 unlink ($filename);
1461 goto UPLOADCA_ERROR;
6e13d0a5 1462 } else {
c6c9630e
MT		 1463 move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem");
1464 if ($? ne 0) {
1465 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1466 unlink ($filename);
1467 goto UPLOADCA_ERROR;
1468 }
6e13d0a5
MT		 1469 }
1470
1471 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem`;
1472 $casubject =~ /Subject: (.*)[\n]/;
1473 $casubject = $1;
1474 $casubject =~ s+/Email+, E+;
1475 $casubject =~ s/ ST=/ S=/;
1476 $casubject = &Header::cleanhtml($casubject);
1477
1478 my $key = &General::findhasharraykey (\%cahash);
1479 $cahash{$key}[0] = $cgiparams{'CA_NAME'};
1480 $cahash{$key}[1] = $casubject;
1481 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
c6c9630e
MT		 1482# system('/usr/local/bin/ipsecctrl', 'R');
1483
6e13d0a5
MT		 1484 UPLOADCA_ERROR:
1485
1486###
1487### Display ca certificate
1488###
1489} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show ca certificate'}) {
c6c9630e
MT		 1490 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1491
1492 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem") {
1493 &Header::showhttpheaders();
4c962356 1494 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
c6c9630e
MT		 1495 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
1496 &Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:");
1497 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
1498 $output = &Header::cleanhtml($output,"y");
1499 print "<pre>$output</pre>\n";
1500 &Header::closebox();
1501 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1502 &Header::closebigbox();
1503 &Header::closepage();
1504 exit(0);
1505 } else {
1506 $errormessage = $Lang::tr{'invalid key'};
1507 }
1508
6e13d0a5
MT		 1509###
1510### Download ca certificate
1511###
1512} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download ca certificate'}) {
1513 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1514
1515 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1516 print "Content-Type: application/octet-stream\r\n";
1517 print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
1518 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
1519 exit(0);
1520 } else {
1521 $errormessage = $Lang::tr{'invalid key'};
1522 }
1523
1524###
1525### Remove ca certificate (step 2)
1526###
1527} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'} && $cgiparams{'AREUSURE'} eq 'yes') {
1528 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1529 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1530
1531 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1532 foreach my $key (keys %confighash) {
1533 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
1534 if ($test =~ /: OK/) {
c6c9630e
MT		 1535 # Delete connection
1536# if ($vpnsettings{'ENABLED'} eq 'on' ||
1537# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
1538# system('/usr/local/bin/ipsecctrl', 'D', $key);
1539# }
6e13d0a5
MT		 1540 unlink ("${General::swroot}/ovpn//certs/$confighash{$key}[1]cert.pem");
1541 unlink ("${General::swroot}/ovpn/certs/$confighash{$key}[1].p12");
1542 delete $confighash{$key};
1543 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 1544# &writeipsecfiles();
6e13d0a5
MT		 1545 }
1546 }
1547 unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
1548 delete $cahash{$cgiparams{'KEY'}};
1549 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
c6c9630e 1550# system('/usr/local/bin/ipsecctrl', 'R');
6e13d0a5
MT		 1551 } else {
1552 $errormessage = $Lang::tr{'invalid key'};
1553 }
1554###
1555### Remove ca certificate (step 1)
1556###
1557} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'}) {
1558 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1559 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1560
1561 my $assignedcerts = 0;
1562 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1563 foreach my $key (keys %confighash) {
1564 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
1565 if ($test =~ /: OK/) {
1566 $assignedcerts++;
1567 }
1568 }
1569 if ($assignedcerts) {
1570 &Header::showhttpheaders();
4c962356 1571 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
6e13d0a5
MT		 1572 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
1573 &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'});
4c962356 1574 print <<END;
6e13d0a5
MT		 1575 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
1576 <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
1577 <tr><td align='center'>
1578 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>: $assignedcerts
1579 $Lang::tr{'connections are associated with this ca. deleting the ca will delete these connections as well.'}
1580 <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
1581 <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td></tr>
1582 </form></table>
1583END
1584 ;
1585 &Header::closebox();
1586 &Header::closebigbox();
1587 &Header::closepage();
1588 exit (0);
1589 } else {
1590 unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
1591 delete $cahash{$cgiparams{'KEY'}};
1592 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1593# system('/usr/local/bin/ipsecctrl', 'R');
1594 }
1595 } else {
1596 $errormessage = $Lang::tr{'invalid key'};
1597 }
1598
1599###
1600### Display root certificate
1601###
c6c9630e
MT		 1602}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} ||
1603 $cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
1604 my $output;
1605 &Header::showhttpheaders();
4c962356 1606 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
c6c9630e
MT		 1607 &Header::openbigbox('100%', 'LEFT', '', '');
1608 if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
1609 &Header::openbox('100%', 'LEFT', "$Lang::tr{'root certificate'}:");
1610 $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
1611 } else {
1612 &Header::openbox('100%', 'LEFT', "$Lang::tr{'host certificate'}:");
1613 $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
1614 }
1615 $output = &Header::cleanhtml($output,"y");
1616 print "<pre>$output</pre>\n";
1617 &Header::closebox();
1618 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1619 &Header::closebigbox();
1620 &Header::closepage();
1621 exit(0);
1622
6e13d0a5
MT		 1623###
1624### Download root certificate
1625###
1626}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download root certificate'}) {
1627 if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
1628 print "Content-Type: application/octet-stream\r\n";
1629 print "Content-Disposition: filename=cacert.pem\r\n\r\n";
1630 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/cacert.pem`;
1631 exit(0);
1632 }
1633
1634###
1635### Download host certificate
1636###
1637}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download host certificate'}) {
1638 if ( -f "${General::swroot}/ovpn/certs/servercert.pem" ) {
1639 print "Content-Type: application/octet-stream\r\n";
1640 print "Content-Disposition: filename=servercert.pem\r\n\r\n";
1641 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem`;
1642 exit(0);
1643 }
f7fb5bc5 1644
fd5ccb2d
EK		 1645###
1646### Download tls-auth key
1647###
1648}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download tls-auth key'}) {
1649 if ( -f "${General::swroot}/ovpn/certs/ta.key" ) {
1650 print "Content-Type: application/octet-stream\r\n";
1651 print "Content-Disposition: filename=ta.key\r\n\r\n";
1652 print `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
1653 exit(0);
1654 }
1655
6e13d0a5
MT		 1656###
1657### Form for generating a root certificate
1658###
1659}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate root/host certificates'} ||
1660 $cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
1661
1662 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1663 if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
1664 $errormessage = $Lang::tr{'valid root certificate already exists'};
1665 $cgiparams{'ACTION'} = '';
1666 goto ROOTCERT_ERROR;
1667 }
1668
1669 if (($cgiparams{'ROOTCERT_HOSTNAME'} eq '') && -e "${General::swroot}/red/active") {
1670 if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
1671 my $ipaddr = <IPADDR>;
1672 close IPADDR;
1673 chomp ($ipaddr);
1674 $cgiparams{'ROOTCERT_HOSTNAME'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
1675 if ($cgiparams{'ROOTCERT_HOSTNAME'} eq '') {
1676 $cgiparams{'ROOTCERT_HOSTNAME'} = $ipaddr;
1677 }
1678 }
1679 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
2ad1b18b 1680 unless (ref ($cgiparams{'FH'})) {
6e13d0a5
MT		 1681 $errormessage = $Lang::tr{'there was no file upload'};
1682 goto ROOTCERT_ERROR;
1683 }
1684
1685 # Move uploaded certificate request to a temporary file
1686 (my $fh, my $filename) = tempfile( );
1687 if (copy ($cgiparams{'FH'}, $fh) != 1) {
1688 $errormessage = $!;
1689 goto ROOTCERT_ERROR;
1690 }
1691
1692 # Create a temporary dirctory
1693 my $tempdir = tempdir( CLEANUP => 1 );
1694
1695 # Extract the CA certificate from the file
1696 my $pid = open(OPENSSL, "|-");
1697 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1698 if ($pid) { # parent
1699 if ($cgiparams{'P12_PASS'} ne '') {
1700 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1701 }
1702 close (OPENSSL);
1703 if ($?) {
1704 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1705 unlink ($filename);
1706 goto ROOTCERT_ERROR;
1707 }
1708 } else { # child
1709 unless (exec ('/usr/bin/openssl', 'pkcs12', '-cacerts', '-nokeys',
1710 '-in', $filename,
1711 '-out', "$tempdir/cacert.pem")) {
1712 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1713 unlink ($filename);
1714 goto ROOTCERT_ERROR;
1715 }
1716 }
1717
1718 # Extract the Host certificate from the file
1719 $pid = open(OPENSSL, "|-");
1720 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1721 if ($pid) { # parent
1722 if ($cgiparams{'P12_PASS'} ne '') {
1723 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1724 }
1725 close (OPENSSL);
1726 if ($?) {
1727 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1728 unlink ($filename);
1729 goto ROOTCERT_ERROR;
1730 }
1731 } else { # child
1732 unless (exec ('/usr/bin/openssl', 'pkcs12', '-clcerts', '-nokeys',
1733 '-in', $filename,
1734 '-out', "$tempdir/hostcert.pem")) {
1735 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1736 unlink ($filename);
1737 goto ROOTCERT_ERROR;
1738 }
1739 }
1740
1741 # Extract the Host key from the file
1742 $pid = open(OPENSSL, "|-");
1743 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1744 if ($pid) { # parent
1745 if ($cgiparams{'P12_PASS'} ne '') {
1746 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1747 }
1748 close (OPENSSL);
1749 if ($?) {
1750 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1751 unlink ($filename);
1752 goto ROOTCERT_ERROR;
1753 }
1754 } else { # child
1755 unless (exec ('/usr/bin/openssl', 'pkcs12', '-nocerts',
1756 '-nodes',
1757 '-in', $filename,
1758 '-out', "$tempdir/serverkey.pem")) {
1759 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1760 unlink ($filename);
1761 goto ROOTCERT_ERROR;
1762 }
1763 }
1764
1765 move("$tempdir/cacert.pem", "${General::swroot}/ovpn/ca/cacert.pem");
1766 if ($? ne 0) {
1767 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1768 unlink ($filename);
1769 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1770 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1771 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1772 goto ROOTCERT_ERROR;
1773 }
1774
1775 move("$tempdir/hostcert.pem", "${General::swroot}/ovpn/certs/servercert.pem");
1776 if ($? ne 0) {
1777 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1778 unlink ($filename);
1779 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1780 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1781 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1782 goto ROOTCERT_ERROR;
1783 }
1784
1785 move("$tempdir/serverkey.pem", "${General::swroot}/ovpn/certs/serverkey.pem");
1786 if ($? ne 0) {
1787 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1788 unlink ($filename);
1789 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1790 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1791 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1792 goto ROOTCERT_ERROR;
1793 }
1794
1795 goto ROOTCERT_SUCCESS;
1796
1797 } elsif ($cgiparams{'ROOTCERT_COUNTRY'} ne '') {
1798
1799 # Validate input since the form was submitted
1800 if ($cgiparams{'ROOTCERT_ORGANIZATION'} eq ''){
1801 $errormessage = $Lang::tr{'organization cant be empty'};
1802 goto ROOTCERT_ERROR;
1803 }
1804 if (length($cgiparams{'ROOTCERT_ORGANIZATION'}) >60) {
1805 $errormessage = $Lang::tr{'organization too long'};
1806 goto ROOTCERT_ERROR;
1807 }
1808 if ($cgiparams{'ROOTCERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1809 $errormessage = $Lang::tr{'invalid input for organization'};
1810 goto ROOTCERT_ERROR;
1811 }
1812 if ($cgiparams{'ROOTCERT_HOSTNAME'} eq ''){
1813 $errormessage = $Lang::tr{'hostname cant be empty'};
1814 goto ROOTCERT_ERROR;
1815 }
1816 unless (&General::validfqdn($cgiparams{'ROOTCERT_HOSTNAME'}) || &General::validip($cgiparams{'ROOTCERT_HOSTNAME'})) {
1817 $errormessage = $Lang::tr{'invalid input for hostname'};
1818 goto ROOTCERT_ERROR;
1819 }
1820 if ($cgiparams{'ROOTCERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'ROOTCERT_EMAIL'}))) {
1821 $errormessage = $Lang::tr{'invalid input for e-mail address'};
1822 goto ROOTCERT_ERROR;
1823 }
1824 if (length($cgiparams{'ROOTCERT_EMAIL'}) > 40) {
1825 $errormessage = $Lang::tr{'e-mail address too long'};
1826 goto ROOTCERT_ERROR;
1827 }
1828 if ($cgiparams{'ROOTCERT_OU'} ne '' && $cgiparams{'ROOTCERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1829 $errormessage = $Lang::tr{'invalid input for department'};
1830 goto ROOTCERT_ERROR;
1831 }
1832 if ($cgiparams{'ROOTCERT_CITY'} ne '' && $cgiparams{'ROOTCERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1833 $errormessage = $Lang::tr{'invalid input for city'};
1834 goto ROOTCERT_ERROR;
1835 }
1836 if ($cgiparams{'ROOTCERT_STATE'} ne '' && $cgiparams{'ROOTCERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1837 $errormessage = $Lang::tr{'invalid input for state or province'};
1838 goto ROOTCERT_ERROR;
1839 }
1840 if ($cgiparams{'ROOTCERT_COUNTRY'} !~ /^[A-Z]*$/) {
1841 $errormessage = $Lang::tr{'invalid input for country'};
1842 goto ROOTCERT_ERROR;
1843 }
1844
1845 # Copy the cgisettings to vpnsettings and save the configfile
1846 $vpnsettings{'ROOTCERT_ORGANIZATION'} = $cgiparams{'ROOTCERT_ORGANIZATION'};
1847 $vpnsettings{'ROOTCERT_HOSTNAME'} = $cgiparams{'ROOTCERT_HOSTNAME'};
1848 $vpnsettings{'ROOTCERT_EMAIL'} = $cgiparams{'ROOTCERT_EMAIL'};
1849 $vpnsettings{'ROOTCERT_OU'} = $cgiparams{'ROOTCERT_OU'};
1850 $vpnsettings{'ROOTCERT_CITY'} = $cgiparams{'ROOTCERT_CITY'};
1851 $vpnsettings{'ROOTCERT_STATE'} = $cgiparams{'ROOTCERT_STATE'};
1852 $vpnsettings{'ROOTCERT_COUNTRY'} = $cgiparams{'ROOTCERT_COUNTRY'};
1853 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
1854
1855 # Replace empty strings with a .
1856 (my $ou = $cgiparams{'ROOTCERT_OU'}) =~ s/^\s*$/\./;
1857 (my $city = $cgiparams{'ROOTCERT_CITY'}) =~ s/^\s*$/\./;
1858 (my $state = $cgiparams{'ROOTCERT_STATE'}) =~ s/^\s*$/\./;
1859
1860 # refresh
c6c9630e 1861 #system ('/bin/touch', "${General::swroot}/ovpn/gencanow");
6e13d0a5
MT		 1862
1863 # Create the CA certificate
1864 my $pid = open(OPENSSL, "|-");
1865 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1866 if ($pid) { # parent
1867 print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n";
1868 print OPENSSL "$state\n";
1869 print OPENSSL "$city\n";
1870 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n";
1871 print OPENSSL "$ou\n";
1872 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'} CA\n";
1873 print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n";
1874 close (OPENSSL);
1875 if ($?) {
1876 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1877 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1878 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1879 goto ROOTCERT_ERROR;
1880 }
1881 } else { # child
badd8c1c 1882 unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes',
49abe7af 1883 '-days', '999999', '-newkey', 'rsa:4096', '-sha512',
6e13d0a5
MT		 1884 '-keyout', "${General::swroot}/ovpn/ca/cakey.pem",
1885 '-out', "${General::swroot}/ovpn/ca/cacert.pem",
1886 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
1887 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1888 goto ROOTCERT_ERROR;
1889 }
1890 }
1891
1892 # Create the Host certificate request
1893 $pid = open(OPENSSL, "|-");
1894 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1895 if ($pid) { # parent
1896 print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n";
1897 print OPENSSL "$state\n";
1898 print OPENSSL "$city\n";
1899 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n";
1900 print OPENSSL "$ou\n";
1901 print OPENSSL "$cgiparams{'ROOTCERT_HOSTNAME'}\n";
1902 print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n";
1903 print OPENSSL ".\n";
1904 print OPENSSL ".\n";
1905 close (OPENSSL);
1906 if ($?) {
1907 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1908 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1909 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1910 goto ROOTCERT_ERROR;
1911 }
1912 } else { # child
badd8c1c 1913 unless (exec ('/usr/bin/openssl', 'req', '-nodes',
4c962356 1914 '-newkey', 'rsa:2048',
6e13d0a5
MT		 1915 '-keyout', "${General::swroot}/ovpn/certs/serverkey.pem",
1916 '-out', "${General::swroot}/ovpn/certs/serverreq.pem",
1917 '-extensions', 'server',
1918 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
1919 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1920 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1921 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1922 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1923 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1924 goto ROOTCERT_ERROR;
1925 }
1926 }
1927
1928 # Sign the host certificate request
1929 system('/usr/bin/openssl', 'ca', '-days', '999999',
1930 '-batch', '-notext',
1931 '-in', "${General::swroot}/ovpn/certs/serverreq.pem",
1932 '-out', "${General::swroot}/ovpn/certs/servercert.pem",
1933 '-extensions', 'server',
1934 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf");
1935 if ($?) {
1936 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1937 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1938 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1939 unlink ("${General::swroot}/ovpn/serverkey.pem");
1940 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1941 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
c6c9630e 1942 &newcleanssldatabase();
6e13d0a5
MT		 1943 goto ROOTCERT_ERROR;
1944 } else {
1945 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
c6c9630e 1946 &deletebackupcert();
6e13d0a5
MT		 1947 }
1948
1949 # Create an empty CRL
1950 system('/usr/bin/openssl', 'ca', '-gencrl',
1951 '-out', "${General::swroot}/ovpn/crls/cacrl.pem",
1952 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" );
1953 if ($?) {
1954 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1955 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1956 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1957 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1958 unlink ("${General::swroot}/ovpn/crls/cacrl.pem");
c6c9630e 1959 &cleanssldatabase();
6e13d0a5 1960 goto ROOTCERT_ERROR;
c6c9630e
MT		 1961# } else {
1962# &cleanssldatabase();
6e13d0a5 1963 }
ae04d0a3
EK		 1964 # Create ta.key for tls-auth
1965 system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
1966 if ($?) {
1967 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1968 &cleanssldatabase();
1969 goto ROOTCERT_ERROR;
1970 }
6e13d0a5 1971 # Create Diffie Hellmann Parameter
badd8c1c 1972 system('/usr/bin/openssl', 'dhparam', '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
6e13d0a5
MT		 1973 if ($?) {
1974 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1975 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1976 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1977 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1978 unlink ("${General::swroot}/ovpn/crls/cacrl.pem");
1979 unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
c6c9630e 1980 &cleanssldatabase();
6e13d0a5 1981 goto ROOTCERT_ERROR;
c6c9630e
MT		 1982# } else {
1983# &cleanssldatabase();
4be45949 1984 }
6e13d0a5
MT		 1985 goto ROOTCERT_SUCCESS;
1986 }
1987 ROOTCERT_ERROR:
1988 if ($cgiparams{'ACTION'} ne '') {
1989 &Header::showhttpheaders();
4c962356 1990 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
6e13d0a5
MT		 1991 &Header::openbigbox('100%', 'LEFT', '', '');
1992 if ($errormessage) {
1993 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
1994 print "<class name='base'>$errormessage";
1995 print "&nbsp;</class>";
1996 &Header::closebox();
1997 }
1998 &Header::openbox('100%', 'LEFT', "$Lang::tr{'generate root/host certificates'}:");
49abe7af 1999 print <<END;
6e13d0a5
MT		 2000 <form method='post' enctype='multipart/form-data'>
2001 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
e3edceeb 2002 <tr><td width='30%' class='base'>$Lang::tr{'organization name'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
6e13d0a5
MT		 2003 <td width='35%' class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_ORGANIZATION' value='$cgiparams{'ROOTCERT_ORGANIZATION'}' size='32' /></td>
2004 <td width='35%' colspan='2'>&nbsp;</td></tr>
e3edceeb 2005 <tr><td class='base'>$Lang::tr{'ipfires hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
6e13d0a5
MT		 2006 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_HOSTNAME' value='$cgiparams{'ROOTCERT_HOSTNAME'}' size='32' /></td>
2007 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2008 <tr><td class='base'>$Lang::tr{'your e-mail'}:</td>
6e13d0a5
MT		 2009 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_EMAIL' value='$cgiparams{'ROOTCERT_EMAIL'}' size='32' /></td>
2010 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2011 <tr><td class='base'>$Lang::tr{'your department'}:</td>
6e13d0a5
MT		 2012 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_OU' value='$cgiparams{'ROOTCERT_OU'}' size='32' /></td>
2013 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2014 <tr><td class='base'>$Lang::tr{'city'}:</td>
6e13d0a5
MT		 2015 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_CITY' value='$cgiparams{'ROOTCERT_CITY'}' size='32' /></td>
2016 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2017 <tr><td class='base'>$Lang::tr{'state or province'}:</td>
6e13d0a5
MT		 2018 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_STATE' value='$cgiparams{'ROOTCERT_STATE'}' size='32' /></td>
2019 <td colspan='2'>&nbsp;</td></tr>
2020 <tr><td class='base'>$Lang::tr{'country'}:</td>
2021 <td class='base'><select name='ROOTCERT_COUNTRY'>
2022
2023END
2024 ;
2025 foreach my $country (sort keys %{Countries::countries}) {
2026 print "<option value='$Countries::countries{$country}'";
2027 if ( $Countries::countries{$country} eq $cgiparams{'ROOTCERT_COUNTRY'} ) {
2028 print " selected='selected'";
2029 }
2030 print ">$country</option>";
2031 }
49abe7af 2032 print <<END;
6e13d0a5 2033 </select></td>
4c962356
EK		 2034 <tr><td class='base'>$Lang::tr{'ovpn dh'}:</td>
2035 <td class='base'><select name='DHLENGHT'>
4c962356
EK		 2036 <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
2037 <option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
2038 <option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
2039 </select>
2040 </td>
2041 </tr>
2042
6e13d0a5
MT		 2043 <tr><td>&nbsp;</td>
2044 <td><input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' /></td>
2045 <td>&nbsp;</td><td>&nbsp;</td></tr>
2046 <tr><td class='base' colspan='4' align='left'>
e3edceeb 2047 <img src='/blob.gif' valign='top' alt='*' />&nbsp;$Lang::tr{'required field'}</td></tr>
49abe7af
EK		 2048 <tr><td colspan='2'><br></td></tr>
2049 <table width='100%'>
2050 <tr>
2051 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}: </font></b>$Lang::tr{'ovpn generating the root and host certificates'}
2052 <td class='base'>$Lang::tr{'dh key warn'}</td>
4c962356 2053 </tr>
49abe7af
EK		 2054 <tr>
2055 <td class='base'>$Lang::tr{'dh key warn1'}</td>
4c962356 2056 </tr>
49abe7af
EK		 2057 <tr><td colspan='2'><br></td></tr>
2058 <tr>
2059 </table>
4c962356 2060
49abe7af 2061 <table width='100%'>
4c962356 2062 <tr><td colspan='4'><hr></td></tr>
e3edceeb 2063 <tr><td class='base' nowrap='nowrap'>$Lang::tr{'upload p12 file'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
6e13d0a5
MT		 2064 <td nowrap='nowrap'><input type='file' name='FH' size='32'></td>
2065 <td colspan='2'>&nbsp;</td></tr>
e3edceeb 2066 <tr><td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
6e13d0a5
MT		 2067 <td class='base' nowrap='nowrap'><input type='password' name='P12_PASS' value='$cgiparams{'P12_PASS'}' size='32' /></td>
2068 <td colspan='2'>&nbsp;</td></tr>
2069 <tr><td>&nbsp;</td>
2070 <td><input type='submit' name='ACTION' value='$Lang::tr{'upload p12 file'}' /></td>
2071 <td colspan='2'>&nbsp;</td></tr>
2072 <tr><td class='base' colspan='4' align='left'>
e3edceeb 2073 <img src='/blob.gif' valign='top' alt='*' >&nbsp;$Lang::tr{'required field'}</td>
4c962356 2074 </tr>
6e13d0a5
MT		 2075 </form></table>
2076END
2077 ;
2078 &Header::closebox();
4c962356 2079 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
6e13d0a5
MT		 2080 &Header::closebigbox();
2081 &Header::closepage();
2082 exit(0)
2083 }
2084
2085 ROOTCERT_SUCCESS:
2086 system ("chmod 600 ${General::swroot}/ovpn/certs/serverkey.pem");
c6c9630e
MT		 2087# if ($vpnsettings{'ENABLED'} eq 'on' ||
2088# $vpnsettings{'ENABLE_BLUE'} eq 'on') {
2089# system('/usr/local/bin/ipsecctrl', 'S');
2090# }
6e13d0a5
MT		 2091
2092###
2093### Enable/Disable connection
2094###
ce9abb66
AH		 2095
2096###
7c1d9faf 2097# m.a.d net2net
ce9abb66
AH		 2098###
2099
6e13d0a5 2100}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
c6c9630e
MT		 2101
2102 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
6e13d0a5 2103 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66
AH		 2104# my $n2nactive = '';
2105 my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk \'{print \$1}\'`;
2106
6e13d0a5 2107 if ($confighash{$cgiparams{'KEY'}}) {
8c877a82
AM		 2108 if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
2109 $confighash{$cgiparams{'KEY'}}[0] = 'on';
2110 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66 2111
8c877a82 2112 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
775b4494
AM		 2113 system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
2114 &writecollectdconf();
8c877a82
AM		 2115 }
2116 } else {
ce9abb66 2117
8c877a82
AM		 2118 $confighash{$cgiparams{'KEY'}}[0] = 'off';
2119 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66 2120
8c877a82 2121 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
775b4494
AM		 2122 if ($n2nactive ne '') {
2123 system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
2124 &writecollectdconf();
2125 }
ce9abb66 2126
8c877a82 2127 } else {
775b4494 2128 $errormessage = $Lang::tr{'invalid key'};
8c877a82 2129 }
775b4494 2130 }
ce9abb66 2131 }
6e13d0a5
MT		 2132
2133###
2134### Download OpenVPN client package
2135###
ce9abb66
AH		 2136
2137
6e13d0a5
MT		 2138} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'dl client arch'}) {
2139 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2140 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2141 my $file = '';
2142 my $clientovpn = '';
2143 my @fileholder;
2144 my $tempdir = tempdir( CLEANUP => 1 );
2145 my $zippath = "$tempdir/";
ce9abb66
AH		 2146
2147###
7c1d9faf
AH		 2148# m.a.d net2net
2149###
ce9abb66
AH		 2150
2151if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
2152
2153 my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-Client.zip";
2154 my $zippathname = "$zippath$zipname";
2155 $clientovpn = "$confighash{$cgiparams{'KEY'}}[1].conf";
2156 my @ovsubnettemp = split(/\./,$confighash{$cgiparams{'KEY'}}[27]);
54fd0535 2157 my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
ce9abb66 2158 my $tunmtu = '';
7c1d9faf 2159 my @remsubnet = split(/\//,$confighash{$cgiparams{'KEY'}}[8]);
54fd0535 2160 my $n2nfragment = '';
ce9abb66
AH		 2161
2162 open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
2163 flock CLIENTCONF, 2;
2164
2165 my $zip = Archive::Zip->new();
7c1d9faf 2166 print CLIENTCONF "# IPFire n2n Open VPN Client Config by ummeegge und m.a.d\n";
ce9abb66 2167 print CLIENTCONF "# \n";
b278daf3 2168 print CLIENTCONF "# User Security\n";
ce9abb66
AH		 2169 print CLIENTCONF "user nobody\n";
2170 print CLIENTCONF "group nobody\n";
2171 print CLIENTCONF "persist-tun\n";
2172 print CLIENTCONF "persist-key\n";
7c1d9faf 2173 print CLIENTCONF "script-security 2\n";
60f396d7 2174 print CLIENTCONF "# IP/DNS for remote Server Gateway\n";
531f0835 2175 print CLIENTCONF "remote $vpnsettings{'VPN_IP'}\n";
b278daf3 2176 print CLIENTCONF "float\n";
60f396d7 2177 print CLIENTCONF "# IP adresses of the VPN Subnet\n";
ce9abb66 2178 print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n";
b278daf3 2179 print CLIENTCONF "# Server Gateway Network\n";
7c1d9faf 2180 print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";
b278daf3 2181 print CLIENTCONF "# tun Device\n";
79e7688b 2182 print CLIENTCONF "dev tun\n";
35a21a25
AM		 2183 print CLIENTCONF "#Logfile for statistics\n";
2184 print CLIENTCONF "status-version 1\n";
2185 print CLIENTCONF "status /var/run/openvpn/$cgiparams{'NAME'}-n2n 10\n";
60f396d7 2186 print CLIENTCONF "# Port and Protokoll\n";
ce9abb66 2187 print CLIENTCONF "port $confighash{$cgiparams{'KEY'}}[29]\n";
60f396d7
AH		 2188
2189 if ($confighash{$cgiparams{'KEY'}}[28] eq 'tcp') {
2190 print CLIENTCONF "proto tcp-client\n";
2191 print CLIENTCONF "# Packet size\n";
d96c89eb 2192 if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1400'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
60f396d7 2193 print CLIENTCONF "tun-mtu $tunmtu\n";
d96c89eb 2194 }
60f396d7
AH		 2195
2196 if ($confighash{$cgiparams{'KEY'}}[28] eq 'udp') {
2197 print CLIENTCONF "proto udp\n";
2198 print CLIENTCONF "# Paketsize\n";
2199 if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1500'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
2200 print CLIENTCONF "tun-mtu $tunmtu\n";
54fd0535 2201 if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";}
d6989b4b 2202 if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";} else { print CLIENTCONF "mssfix 0\n"; }
d96c89eb 2203 }
b66b02ab
EK		 2204 # Check host certificate if X509 is RFC3280 compliant.
2205 # If not, old --ns-cert-type directive will be used.
2206 # If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
2207 my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
2208 if ($hostcert !~ /TLS Web Server Authentication/) {
2209 print CLIENTCONF "ns-cert-type server\n";
2210 } else {
2211 print CLIENTCONF "remote-cert-tls server\n";
2212 }
ce9abb66
AH		 2213 print CLIENTCONF "# Auth. Client\n";
2214 print CLIENTCONF "tls-client\n";
49abe7af 2215 print CLIENTCONF "# Cipher\n";
4c962356 2216 print CLIENTCONF "cipher $confighash{$cgiparams{'KEY'}}[40]\n";
ce9abb66
AH		 2217 if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
2218 print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n";
2219 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
49abe7af 2220 }
52f61e49
EKD		 2221
2222 # If GCM cipher is used, do not use --auth
2223 if (($confighash{$cgiparams{'KEY'}}[40] eq 'AES-256-GCM') ||
2224 ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-192-GCM') ||
2225 ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-128-GCM')) {
2226 print CLIENTCONF unless "# HMAC algorithm\n";
2227 print CLIENTCONF unless "auth $confighash{$cgiparams{'KEY'}}[39]\n";
49abe7af 2228 } else {
52f61e49
EKD		 2229 print CLIENTCONF "# HMAC algorithm\n";
2230 print CLIENTCONF "auth $confighash{$cgiparams{'KEY'}}[39]\n";
49abe7af 2231 }
52f61e49 2232
4c962356 2233 if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') {
b278daf3 2234 print CLIENTCONF "# Enable Compression\n";
66298ef2 2235 print CLIENTCONF "comp-lzo\n";
b278daf3 2236 }
ce9abb66
AH		 2237 print CLIENTCONF "# Debug Level\n";
2238 print CLIENTCONF "verb 3\n";
b278daf3 2239 print CLIENTCONF "# Tunnel check\n";
ce9abb66 2240 print CLIENTCONF "keepalive 10 60\n";
b278daf3 2241 print CLIENTCONF "# Start as daemon\n";
ce9abb66
AH		 2242 print CLIENTCONF "daemon $confighash{$cgiparams{'KEY'}}[1]n2n\n";
2243 print CLIENTCONF "writepid /var/run/$confighash{$cgiparams{'KEY'}}[1]n2n.pid\n";
b278daf3 2244 print CLIENTCONF "# Activate Management Interface and Port\n";
54fd0535
MT		 2245 if ($confighash{$cgiparams{'KEY'}}[22] eq '') {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[29]\n"}
2246 else {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[22]\n"};
ce9abb66 2247 print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n";
531f0835 2248
ce9abb66
AH		 2249
2250 close(CLIENTCONF);
2251
2252 $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
2253 my $status = $zip->writeToFileNamed($zippathname);
2254
2255 open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!";
2256 @fileholder = <DLFILE>;
2257 print "Content-Type:application/x-download\n";
2258 print "Content-Disposition:attachment;filename=$zipname\n\n";
2259 print @fileholder;
2260 exit (0);
2261}
2262else
2263{
2264 my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip";
2265 my $zippathname = "$zippath$zipname";
2266 $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn";
2267
2268###
7c1d9faf 2269# m.a.d net2net
ce9abb66
AH		 2270###
2271
c6c9630e 2272 open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
6e13d0a5
MT		 2273 flock CLIENTCONF, 2;
2274
2275 my $zip = Archive::Zip->new();
2276
8c877a82 2277 print CLIENTCONF "#OpenVPN Client conf\r\n";
6e13d0a5
MT		 2278 print CLIENTCONF "tls-client\r\n";
2279 print CLIENTCONF "client\r\n";
4f6e3ae3 2280 print CLIENTCONF "nobind\r\n";
79e7688b 2281 print CLIENTCONF "dev tun\r\n";
c6c9630e 2282 print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n";
d6989b4b 2283 print CLIENTCONF "tun-mtu $vpnsettings{'DMTU'}\r\n";
2ee746be 2284
6e13d0a5
MT		 2285 if ( $vpnsettings{'ENABLED'} eq 'on'){
2286 print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n";
c6c9630e
MT		 2287 if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){
2288 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Blue interface\r\n";
2289 print CLIENTCONF ";remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2290 }
2291 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2292 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n";
2293 print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2294 }
2295 } elsif ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){
2296 print CLIENTCONF "remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2297 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2298 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n";
2299 print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2300 }
2301 } elsif ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2302 print CLIENTCONF "remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
6e13d0a5
MT		 2303 }
2304
71af643c
MT		 2305 my $file_crt = new File::Temp( UNLINK => 1 );
2306 my $file_key = new File::Temp( UNLINK => 1 );
b22d8aaf 2307 my $include_certs = 0;
71af643c 2308
6e13d0a5 2309 if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
71af643c 2310 if ($cgiparams{'MODE'} eq 'insecure') {
b22d8aaf
MT		 2311 $include_certs = 1;
2312
71af643c 2313 # Add the CA
b22d8aaf 2314 print CLIENTCONF ";ca cacert.pem\r\n";
71af643c
MT		 2315 $zip->addFile("${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
2316
2317 # Extract the certificate
2318 system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
2319 '-clcerts', '-nokeys', '-nodes', '-out', "$file_crt" , '-passin', 'pass:');
2320 if ($?) {
2321 die "openssl error: $?";
2322 }
2323
2324 $zip->addFile("$file_crt", "$confighash{$cgiparams{'KEY'}}[1].pem") or die;
b22d8aaf 2325 print CLIENTCONF ";cert $confighash{$cgiparams{'KEY'}}[1].pem\r\n";
71af643c
MT		 2326
2327 # Extract the key
2328 system('/usr/bin/openssl', 'pkcs12', '-in', "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12",
2329 '-nocerts', '-nodes', '-out', "$file_key", '-passin', 'pass:');
2330 if ($?) {
2331 die "openssl error: $?";
2332 }
2333
2334 $zip->addFile("$file_key", "$confighash{$cgiparams{'KEY'}}[1].key") or die;
b22d8aaf 2335 print CLIENTCONF ";key $confighash{$cgiparams{'KEY'}}[1].key\r\n";
71af643c
MT		 2336 } else {
2337 print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n";
2338 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
2339 }
6e13d0a5 2340 } else {
c6c9630e
MT		 2341 print CLIENTCONF "ca cacert.pem\r\n";
2342 print CLIENTCONF "cert $confighash{$cgiparams{'KEY'}}[1]cert.pem\r\n";
2343 print CLIENTCONF "key $confighash{$cgiparams{'KEY'}}[1].key\r\n";
2344 $zip->addFile( "${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
2345 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n";
6e13d0a5
MT		 2346 }
2347 print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
49abe7af 2348 print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n";
86308adb 2349
49abe7af 2350 if ($vpnsettings{'TLSAUTH'} eq 'on') {
b22d8aaf
MT		 2351 if ($cgiparams{'MODE'} eq 'insecure') {
2352 print CLIENTCONF ";";
2353 }
4be45949
EK		 2354 print CLIENTCONF "tls-auth ta.key\r\n";
2355 $zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key") or die "Can't add file ta.key\n";
49abe7af 2356 }
6e13d0a5
MT		 2357 if ($vpnsettings{DCOMPLZO} eq 'on') {
2358 print CLIENTCONF "comp-lzo\r\n";
2359 }
2360 print CLIENTCONF "verb 3\r\n";
b66b02ab
EK		 2361 # Check host certificate if X509 is RFC3280 compliant.
2362 # If not, old --ns-cert-type directive will be used.
2363 # If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
2364 my $hostcert = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
2365 if ($hostcert !~ /TLS Web Server Authentication/) {
2366 print CLIENTCONF "ns-cert-type server\r\n";
2367 } else {
2368 print CLIENTCONF "remote-cert-tls server\r\n";
2369 }
964700d4 2370 print CLIENTCONF "verify-x509-name $vpnsettings{ROOTCERT_HOSTNAME} name\r\n";
a79fa1d6
JPT		 2371 if ($vpnsettings{MSSFIX} eq 'on') {
2372 print CLIENTCONF "mssfix\r\n";
d6989b4b
MT		 2373 } else {
2374 print CLIENTCONF "mssfix 0\r\n";
a79fa1d6 2375 }
74225cce 2376 if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) {
a79fa1d6
JPT		 2377 print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
2378 }
1647059d 2379
b22d8aaf
MT		 2380 if ($include_certs) {
2381 print CLIENTCONF "\r\n";
2382
2383 # CA
2384 open(FILE, "<${General::swroot}/ovpn/ca/cacert.pem");
2385 print CLIENTCONF "<ca>\r\n";
2386 while (<FILE>) {
2387 chomp($_);
2388 print CLIENTCONF "$_\r\n";
2389 }
2390 print CLIENTCONF "</ca>\r\n\r\n";
2391 close(FILE);
2392
2393 # Cert
2394 open(FILE, "<$file_crt");
2395 print CLIENTCONF "<cert>\r\n";
2396 while (<FILE>) {
2397 chomp($_);
2398 print CLIENTCONF "$_\r\n";
2399 }
2400 print CLIENTCONF "</cert>\r\n\r\n";
2401 close(FILE);
2402
2403 # Key
2404 open(FILE, "<$file_key");
2405 print CLIENTCONF "<key>\r\n";
2406 while (<FILE>) {
2407 chomp($_);
2408 print CLIENTCONF "$_\r\n";
2409 }
2410 print CLIENTCONF "</key>\r\n\r\n";
2411 close(FILE);
2412
2413 # TLS auth
2414 if ($vpnsettings{'TLSAUTH'} eq 'on') {
2415 open(FILE, "<${General::swroot}/ovpn/certs/ta.key");
2416 print CLIENTCONF "<tls-auth>\r\n";
2417 while (<FILE>) {
2418 chomp($_);
2419 print CLIENTCONF "$_\r\n";
2420 }
2421 print CLIENTCONF "</tls-auth>\r\n\r\n";
2422 close(FILE);
2423 }
2424 }
2425
ffbe77c8
EK		 2426 # Print client.conf.local if entries exist to client.ovpn
2427 if (!-z $local_clientconf && $vpnsettings{'ADDITIONAL_CONFIGS'} eq 'on') {
2428 open (LCC, "$local_clientconf");
2429 print CLIENTCONF "\n#---------------------------\n";
2430 print CLIENTCONF "# Start of custom directives\n";
2431 print CLIENTCONF "# from client.conf.local\n";
2432 print CLIENTCONF "#---------------------------\n\n";
2433 while (<LCC>) {
2434 print CLIENTCONF $_;
2435 }
2436 print CLIENTCONF "\n#---------------------------\n";
2437 print CLIENTCONF "# End of custom directives\n";
2438 print CLIENTCONF "#---------------------------\n\n";
2439 close (LCC);
2440 }
6e13d0a5 2441 close(CLIENTCONF);
ce9abb66 2442
6e13d0a5
MT		 2443 $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
2444 my $status = $zip->writeToFileNamed($zippathname);
2445
2446 open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!";
2447 @fileholder = <DLFILE>;
2448 print "Content-Type:application/x-download\n";
2449 print "Content-Disposition:attachment;filename=$zipname\n\n";
2450 print @fileholder;
2451 exit (0);
ce9abb66
AH		 2452 }
2453
2454
2455
6e13d0a5
MT		 2456###
2457### Remove connection
2458###
ce9abb66
AH		 2459
2460
6e13d0a5 2461} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
323be7c4
AM		 2462 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2463 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 2464
323be7c4 2465 if ($confighash{$cgiparams{'KEY'}}) {
fde9c9dd 2466 # Revoke certificate if certificate was deleted and rewrite the CRL
323be7c4 2467 my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
fde9c9dd 2468 my $tempA = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
ce9abb66
AH		 2469
2470###
7c1d9faf 2471# m.a.d net2net
ce9abb66 2472###
7c1d9faf 2473
323be7c4 2474 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
1e499e90 2475 # Stop the N2N connection before it is removed
6ad43b0f 2476 system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
1e499e90 2477
323be7c4
AM		 2478 my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
2479 my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
2480 unlink ($certfile);
2481 unlink ($conffile);
8e6a8fd5 2482
323be7c4
AM		 2483 if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") {
2484 rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
2485 }
323be7c4 2486 }
ce9abb66 2487
323be7c4
AM		 2488 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
2489 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
8c877a82
AM		 2490
2491# A.Marx CCD delete ccd files and routes
2492
323be7c4
AM		 2493 if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]")
2494 {
2495 unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]";
8c877a82 2496 }
e81be1e1 2497
323be7c4
AM		 2498 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
2499 foreach my $key (keys %ccdroutehash) {
2500 if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
2501 delete $ccdroutehash{$key};
2502 }
8c877a82 2503 }
323be7c4 2504 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
8c877a82 2505
323be7c4
AM		 2506 &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
2507 foreach my $key (keys %ccdroute2hash) {
2508 if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
2509 delete $ccdroute2hash{$key};
2510 }
2511 }
2512 &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
2513 &writeserverconf;
8c877a82 2514
323be7c4
AM		 2515# CCD end
2516 # Update collectd configuration and delete all RRD files of the removed connection
2517 &writecollectdconf();
fa4dbe27 2518 system ('/usr/local/bin/openvpnctrl', '-drrd', $confighash{$cgiparams{'KEY'}}[1]);
8c877a82 2519
323be7c4
AM		 2520 delete $confighash{$cgiparams{'KEY'}};
2521 my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
2522 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2523
2524 } else {
2525 $errormessage = $Lang::tr{'invalid key'};
2526 }
b2e75449 2527 &General::firewall_reload();
ce9abb66 2528
6e13d0a5
MT		 2529###
2530### Download PKCS12 file
2531###
2532} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download pkcs12 file'}) {
2533 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2534
2535 print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . ".p12\r\n";
2536 print "Content-Type: application/octet-stream\r\n\r\n";
2537 print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12`;
2538 exit (0);
2539
2540###
2541### Display certificate
2542###
2543} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show certificate'}) {
2544 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2545
2546 if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
c6c9630e 2547 &Header::showhttpheaders();
4c962356 2548 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
c6c9630e
MT		 2549 &Header::openbigbox('100%', 'LEFT', '', '');
2550 &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:");
2551 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
2552 $output = &Header::cleanhtml($output,"y");
2553 print "<pre>$output</pre>\n";
2554 &Header::closebox();
2555 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2556 &Header::closebigbox();
2557 &Header::closepage();
2558 exit(0);
6e13d0a5 2559 }
4c962356
EK		 2560
2561###
2562### Display Diffie-Hellman key
2563###
2564} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show dh'}) {
2565
2566 if (! -e "${General::swroot}/ovpn/ca/dh1024.pem") {
49abe7af 2567 $errormessage = $Lang::tr{'not present'};
4c962356
EK		 2568 } else {
2569 &Header::showhttpheaders();
2570 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
2571 &Header::openbigbox('100%', 'LEFT', '', '');
2572 &Header::openbox('100%', 'LEFT', "$Lang::tr{'dh'}:");
2573 my $output = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
2574 $output = &Header::cleanhtml($output,"y");
2575 print "<pre>$output</pre>\n";
2576 &Header::closebox();
2577 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2578 &Header::closebigbox();
2579 &Header::closepage();
2580 exit(0);
2581 }
2582
fd5ccb2d
EK		 2583###
2584### Display tls-auth key
2585###
2586} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show tls-auth key'}) {
2587
2588 if (! -e "${General::swroot}/ovpn/certs/ta.key") {
2589 $errormessage = $Lang::tr{'not present'};
2590 } else {
2591 &Header::showhttpheaders();
2592 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
2593 &Header::openbigbox('100%', 'LEFT', '', '');
2594 &Header::openbox('100%', 'LEFT', "$Lang::tr{'ta key'}:");
2595 my $output = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
2596 $output = &Header::cleanhtml($output,"y");
2597 print "<pre>$output</pre>\n";
2598 &Header::closebox();
2599 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2600 &Header::closebigbox();
2601 &Header::closepage();
2602 exit(0);
2603 }
2604
6e13d0a5
MT		 2605###
2606### Display Certificate Revoke List
2607###
2608} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show crl'}) {
c6c9630e
MT		 2609# &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2610
49abe7af
EK		 2611 if (! -e "${General::swroot}/ovpn/crls/cacrl.pem") {
2612 $errormessage = $Lang::tr{'not present'};
2613 } else {
b2e75449
MT		 2614 &Header::showhttpheaders();
2615 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
2616 &Header::openbigbox('100%', 'LEFT', '', '');
2617 &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
2618 my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`;
2619 $output = &Header::cleanhtml($output,"y");
2620 print "<pre>$output</pre>\n";
2621 &Header::closebox();
2622 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2623 &Header::closebigbox();
2624 &Header::closepage();
2625 exit(0);
6e13d0a5
MT		 2626 }
2627
2628###
2629### Advanced Server Settings
2630###
2631
2632} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'advanced server'}) {
2633 %cgiparams = ();
2634 %cahash = ();
2635 %confighash = ();
8c877a82 2636 my $disabled;
6e13d0a5 2637 &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
54fd0535 2638 read_routepushfile;
8c877a82
AM		 2639
2640
c6c9630e
MT		 2641# if ($cgiparams{'CLIENT2CLIENT'} eq '') {
2642# $cgiparams{'CLIENT2CLIENT'} = 'on';
2643# }
6e13d0a5
MT		 2644ADV_ERROR:
2645 if ($cgiparams{'MAX_CLIENTS'} eq '') {
4c962356 2646 $cgiparams{'MAX_CLIENTS'} = '100';
6e13d0a5 2647 }
6e13d0a5 2648 if ($cgiparams{'KEEPALIVE_1'} eq '') {
4c962356 2649 $cgiparams{'KEEPALIVE_1'} = '10';
6e13d0a5
MT		 2650 }
2651 if ($cgiparams{'KEEPALIVE_2'} eq '') {
4c962356 2652 $cgiparams{'KEEPALIVE_2'} = '60';
6e13d0a5
MT		 2653 }
2654 if ($cgiparams{'LOG_VERB'} eq '') {
4c962356 2655 $cgiparams{'LOG_VERB'} = '3';
ae9f6139 2656 }
f527e53f 2657 if ($cgiparams{'TLSAUTH'} eq '') {
754066e6 2658 $cgiparams{'TLSAUTH'} = 'off';
f527e53f 2659 }
6e13d0a5
MT		 2660 $checked{'CLIENT2CLIENT'}{'off'} = '';
2661 $checked{'CLIENT2CLIENT'}{'on'} = '';
2662 $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
2663 $checked{'REDIRECT_GW_DEF1'}{'off'} = '';
2664 $checked{'REDIRECT_GW_DEF1'}{'on'} = '';
2665 $checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED';
13389777
EK		 2666 $checked{'DCOMPLZO'}{'off'} = '';
2667 $checked{'DCOMPLZO'}{'on'} = '';
2668 $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
ffbe77c8
EK		 2669 $checked{'ADDITIONAL_CONFIGS'}{'off'} = '';
2670 $checked{'ADDITIONAL_CONFIGS'}{'on'} = '';
2671 $checked{'ADDITIONAL_CONFIGS'}{$cgiparams{'ADDITIONAL_CONFIGS'}} = 'CHECKED';
a79fa1d6
JPT		 2672 $checked{'MSSFIX'}{'off'} = '';
2673 $checked{'MSSFIX'}{'on'} = '';
2674 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
49abe7af 2675 $selected{'LOG_VERB'}{'0'} = '';
6e13d0a5
MT		 2676 $selected{'LOG_VERB'}{'1'} = '';
2677 $selected{'LOG_VERB'}{'2'} = '';
2678 $selected{'LOG_VERB'}{'3'} = '';
2679 $selected{'LOG_VERB'}{'4'} = '';
2680 $selected{'LOG_VERB'}{'5'} = '';
2681 $selected{'LOG_VERB'}{'6'} = '';
2682 $selected{'LOG_VERB'}{'7'} = '';
2683 $selected{'LOG_VERB'}{'8'} = '';
2684 $selected{'LOG_VERB'}{'9'} = '';
2685 $selected{'LOG_VERB'}{'10'} = '';
2686 $selected{'LOG_VERB'}{'11'} = '';
6e13d0a5 2687 $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
f527e53f 2688
6e13d0a5
MT		 2689 &Header::showhttpheaders();
2690 &Header::openpage($Lang::tr{'status ovpn'}, 1, '');
2691 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
2692 if ($errormessage) {
c6c9630e
MT		 2693 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2694 print "<class name='base'>$errormessage\n";
2695 print "&nbsp;</class>\n";
2696 &Header::closebox();
6e13d0a5
MT		 2697 }
2698 &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'});
4c962356 2699 print <<END;
b376fae4 2700 <form method='post' enctype='multipart/form-data'>
b2e75449 2701<table width='100%' border=0>
4c962356
EK		 2702 <tr>
2703 <td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
6e13d0a5
MT		 2704 </tr>
2705 <tr>
4c962356 2706 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
6e13d0a5
MT		 2707 </tr>
2708 <tr>
4c962356 2709 <td class='base'>Domain</td>
8c877a82 2710 <td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30' /></td>
6e13d0a5
MT		 2711 </tr>
2712 <tr>
4c962356
EK		 2713 <td class='base'>DNS</td>
2714 <td><input type='TEXT' name='DHCP_DNS' value='$cgiparams{'DHCP_DNS'}' size='30' /></td>
6e13d0a5
MT		 2715 </tr>
2716 <tr>
4c962356
EK		 2717 <td class='base'>WINS</td>
2718 <td><input type='TEXT' name='DHCP_WINS' value='$cgiparams{'DHCP_WINS'}' size='30' /></td>
2719 </tr>
54fd0535 2720 <tr>
4c962356 2721 <td colspan='4'><b>$Lang::tr{'ovpn routes push options'}</b></td>
54fd0535
MT		 2722 </tr>
2723 <tr>
4c962356
EK		 2724 <td class='base'>$Lang::tr{'ovpn routes push'}</td>
2725 <td colspan='2'>
2726 <textarea name='ROUTES_PUSH' cols='26' rows='6' wrap='off'>
54fd0535
MT		 2727END
2728;
2729
2730if ($cgiparams{'ROUTES_PUSH'} ne '')
2731{
2732 print $cgiparams{'ROUTES_PUSH'};
2733}
2734
8c877a82 2735print <<END;
54fd0535
MT		 2736</textarea></td>
2737</tr>
6e13d0a5
MT		 2738 </tr>
2739</table>
2740<hr size='1'>
4c962356 2741<table width='100%'>
ffbe77c8 2742 <tr>
4c962356 2743 <td class'base'><b>$Lang::tr{'misc-options'}</b></td>
ffbe77c8
EK		 2744 </tr>
2745
2746 <tr>
d2de0a00 2747 <td width='20%'></td> <td width='15%'> </td><td width='35%'> </td><td width='20%'></td><td width='35%'></td>
ffbe77c8
EK		 2748 </tr>
2749
2750 <tr>
4c962356
EK		 2751 <td class='base'>Client-To-Client</td>
2752 <td><input type='checkbox' name='CLIENT2CLIENT' $checked{'CLIENT2CLIENT'}{'on'} /></td>
ffbe77c8
EK		 2753 </tr>
2754
2755 <tr>
4c962356
EK		 2756 <td class='base'>Redirect-Gateway def1</td>
2757 <td><input type='checkbox' name='REDIRECT_GW_DEF1' $checked{'REDIRECT_GW_DEF1'}{'on'} /></td>
ffbe77c8
EK		 2758 </tr>
2759
13389777
EK		 2760 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
2761 <td><input type='checkbox' name='DCOMPLZO' $checked{'DCOMPLZO'}{'on'} /></td>
2762 <td>$Lang::tr{'openvpn default'}: off <font color='red'>($Lang::tr{'attention'} exploitable via Voracle)</font></td>
2763 </tr>
2764
4c962356 2765 <tr>
ffbe77c8
EK		 2766 <td class='base'>$Lang::tr{'ovpn add conf'}</td>
2767 <td><input type='checkbox' name='ADDITIONAL_CONFIGS' $checked{'ADDITIONAL_CONFIGS'}{'on'} /></td>
2768 <td>$Lang::tr{'openvpn default'}: off</td>
2769 </tr>
2770
2771 <tr>
2772 <td class='base'>mssfix</td>
2773 <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
2774 <td>$Lang::tr{'openvpn default'}: off</td>
2775 </tr>
2776
4c962356 2777 <tr>
ffbe77c8
EK		 2778 <td class='base'>fragment <br></td>
2779 <td><input type='TEXT' name='FRAGMENT' value='$cgiparams{'FRAGMENT'}' size='10' /></td>
2780 </tr>
2781
2782
2783 <tr>
2784 <td class='base'>Max-Clients</td>
2785 <td><input type='text' name='MAX_CLIENTS' value='$cgiparams{'MAX_CLIENTS'}' size='10' /></td>
2786 </tr>
2787 <tr>
2788 <td class='base'>Keepalive <br />
2789 (ping/ping-restart)</td>
2790 <td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='10' /></td>
2791 <td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='10' /></td>
2792 </tr>
a79fa1d6
JPT		 2793</table>
2794
a79fa1d6 2795<hr size='1'>
4c962356 2796<table width='100%'>
a79fa1d6 2797 <tr>
49abe7af 2798 <td class'base'><b>$Lang::tr{'log-options'}</b></td>
a79fa1d6
JPT		 2799 </tr>
2800 <tr>
49abe7af 2801 <td width='20%'></td> <td width='30%'> </td><td width='25%'> </td><td width='25%'></td>
4c962356
EK		 2802 </tr>
2803
2804 <tr><td class='base'>VERB</td>
2805 <td><select name='LOG_VERB'>
49abe7af
EK		 2806 <option value='0' $selected{'LOG_VERB'}{'0'}>0</option>
2807 <option value='1' $selected{'LOG_VERB'}{'1'}>1</option>
2808 <option value='2' $selected{'LOG_VERB'}{'2'}>2</option>
2809 <option value='3' $selected{'LOG_VERB'}{'3'}>3</option>
2810 <option value='4' $selected{'LOG_VERB'}{'4'}>4</option>
2811 <option value='5' $selected{'LOG_VERB'}{'5'}>5</option>
2812 <option value='6' $selected{'LOG_VERB'}{'6'}>6</option>
2813 <option value='7' $selected{'LOG_VERB'}{'7'}>7</option>
2814 <option value='8' $selected{'LOG_VERB'}{'8'}>8</option>
2815 <option value='9' $selected{'LOG_VERB'}{'9'}>9</option>
2816 <option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
2817 <option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
2818 </td></select>
2819 </table>
4c962356 2820
6e13d0a5 2821<hr size='1'>
8c877a82
AM		 2822END
2823
2824if ( -e "/var/run/openvpn.pid"){
2825print" <br><b><font color='#990000'>$Lang::tr{'attention'}:</b></font><br>
2826 $Lang::tr{'server restart'}<br><br>
2827 <hr>";
49abe7af 2828 print<<END;
52d08bcb
AM		 2829<table width='100%'>
2830<tr>
2831 <td>&nbsp;</td>
2832 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' disabled='disabled' /></td>
2833 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
2834 <td>&nbsp;</td>
2835</tr>
2836</table>
2837</form>
2838END
2839;
2840
2841
2842}else{
8c877a82 2843
49abe7af 2844 print<<END;
6e13d0a5
MT		 2845<table width='100%'>
2846<tr>
2847 <td>&nbsp;</td>
2848 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' /></td>
2849 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
2850 <td>&nbsp;</td>
2851</tr>
2852</table>
2853</form>
2854END
2855;
52d08bcb 2856}
6e13d0a5 2857 &Header::closebox();
c6c9630e 2858# print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
6e13d0a5
MT		 2859 &Header::closebigbox();
2860 &Header::closepage();
2861 exit(0);
2862
8c877a82
AM		 2863
2864# A.Marx CCD Add,delete or edit CCD net
2865
2866} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ccd net'} ||
2867 $cgiparams{'ACTION'} eq $Lang::tr{'ccd add'} ||
2868 $cgiparams{'ACTION'} eq "kill" ||
2869 $cgiparams{'ACTION'} eq "edit" ||
2870 $cgiparams{'ACTION'} eq 'editsave'){
2871 &Header::showhttpheaders();
2872 &Header::openpage($Lang::tr{'ccd net'}, 1, '');
2873 &Header::openbigbox('100%', 'LEFT', '', '');
2874
2875 if ($cgiparams{'ACTION'} eq "kill"){
2876 &delccdnet($cgiparams{'net'});
2877 }
2878
2879 if ($cgiparams{'ACTION'} eq 'editsave'){
2880 my ($a,$b) =split (/\|/,$cgiparams{'ccdname'});
2881 if ( $a ne $b){ &modccdnet($a,$b);}
5068ac38
AM		 2882 $cgiparams{'ccdname'}='';
2883 $cgiparams{'ccdsubnet'}='';
8c877a82
AM		 2884 }
2885
2886 if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) {
e2429e8d 2887 &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'});
8c877a82
AM		 2888 }
2889 if ($errormessage) {
2890 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2891 print "<class name='base'>$errormessage";
2892 print "&nbsp;</class>";
2893 &Header::closebox();
2894 }
2895if ($cgiparams{'ACTION'} eq "edit"){
2896
2897 &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'});
2898
49abe7af 2899 print <<END;
631b67b7 2900 <table width='100%' border='0'>
8c877a82
AM		 2901 <tr><form method='post'>
2902 <td width='10%' nowrap='nowrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
a9fb14d0 2903 <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' readonly='readonly' /></td></tr>
8c877a82
AM		 2904 <tr><td colspan='4' align='right'><hr><input type='submit' value='$Lang::tr{'save'}' /><input type='hidden' name='ACTION' value='editsave'/>
2905 <input type='hidden' name='ccdname' value='$cgiparams{'ccdname'}'/><input type='submit' value='$Lang::tr{'cancel'}' />
2906 </td></tr>
2907 </table></form>
2908END
2909;
2910 &Header::closebox();
2911
2912 &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
49abe7af 2913 print <<END;
8c877a82
AM		 2914 <table width='100%' border='0' cellpadding='0' cellspacing='1'>
2915 <tr>
2916 <td class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' width='15%' align='center'><b>$Lang::tr{'ccd used'}</td><td width='3%'></td><td width='3%'></td></tr>
2917END
2918;
2919}
2920else{
2921 if (! -e "/var/run/openvpn.pid"){
2922 &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd add'});
49abe7af 2923 print <<END;
8c877a82
AM		 2924 <table width='100%' border='0'>
2925 <tr><form method='post'>
2926 <td colspan='4'>$Lang::tr{'ccd hint'}<br><br></td></tr>
2927 <tr>
2928 <td width='10%' nowrap='nwrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
2929 <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' /></td></tr>
2930 <tr><td colspan=4><hr /></td></tr><tr>
2931 <td colspan='4' align='right'><input type='hidden' name='ACTION' value='$Lang::tr{'ccd add'}' /><input type='submit' value='$Lang::tr{'add'}' /><input type='hidden' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}'/></td></tr>
2932 </table></form>
2933END
2934
2935 &Header::closebox();
2936}
2937 &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
5068ac38
AM		 2938 if ( -e "/var/run/openvpn.pid"){
2939 print "<b>$Lang::tr{'attention'}:</b><br>";
2940 print "$Lang::tr{'ccd noaddnet'}<br><hr>";
2941 }
2942
4c962356 2943 print <<END;
99bfa85c 2944 <table width='100%' cellpadding='0' cellspacing='1'>
8c877a82
AM		 2945 <tr>
2946 <td class='boldbase' align='center' nowrap='nowrap' width='20%'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center' width='8%'><b>$Lang::tr{'network'}</td><td class='boldbase' width='8%' align='center' nowrap='nowrap'><b>$Lang::tr{'ccd used'}</td><td width='1%' align='center'></td><td width='1%' align='center'></td></tr>
2947END
2948;
2949}
2950 my %ccdconfhash=();
2951 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
2952 my @ccdconf=();
2953 my $count=0;
df9b48b7 2954 foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
8c877a82
AM		 2955 @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
2956 $count++;
2957 my $ccdhosts = &hostsinnet($ccdconf[0]);
2958 if ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";}
2959 else{ print" <tr bgcolor='$color{'color20'}'>";}
2960 print"<td>$ccdconf[0]</td><td align='center'>$ccdconf[1]</td><td align='center'>$ccdhosts/".(&ccdmaxclients($ccdconf[1])+1)."</td><td>";
4c962356 2961 print <<END;
8c877a82 2962 <form method='post' />
1638682b 2963 <input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
8c877a82
AM		 2964 <input type='hidden' name='ACTION' value='edit'/>
2965 <input type='hidden' name='ccdname' value='$ccdconf[0]' />
2966 <input type='hidden' name='ccdsubnet' value='$ccdconf[1]' />
2967 </form></td>
2968 <form method='post' />
2969 <td><input type='hidden' name='ACTION' value='kill'/>
2970 <input type='hidden' name='number' value='$count' />
2971 <input type='hidden' name='net' value='$ccdconf[0]' />
1638682b 2972 <input type='image' src='/images/delete.gif' align='middle' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' /></form></td></tr>
8c877a82
AM		 2973END
2974;
2975 }
2976 print "</table></form>";
2977 &Header::closebox();
2978 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2979 &Header::closebigbox();
2980 &Header::closepage();
2981 exit(0);
2982
2983#END CCD
2984
6e13d0a5
MT		 2985###
2986### Openvpn Connections Statistics
2987###
2988} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ovpn con stat'}) {
2989 &Header::showhttpheaders();
2990 &Header::openpage($Lang::tr{'ovpn con stat'}, 1, '');
2991 &Header::openbigbox('100%', 'LEFT', '', '');
2992 &Header::openbox('100%', 'LEFT', $Lang::tr{'ovpn con stat'});
2993
2994#
2995# <td><b>$Lang::tr{'protocol'}</b></td>
2996# protocol temp removed
4c962356 2997 print <<END;
99bfa85c 2998 <table width='100%' cellpadding='2' cellspacing='0' class='tbl'>
6e13d0a5 2999 <tr>
99bfa85c
AM		 3000 <th><b>$Lang::tr{'common name'}</b></th>
3001 <th><b>$Lang::tr{'real address'}</b></th>
d8ef6a95 3002 <th><b>$Lang::tr{'country'}</b></th>
99bfa85c
AM		 3003 <th><b>$Lang::tr{'virtual address'}</b></th>
3004 <th><b>$Lang::tr{'loged in at'}</b></th>
3005 <th><b>$Lang::tr{'bytes sent'}</b></th>
3006 <th><b>$Lang::tr{'bytes received'}</b></th>
3007 <th><b>$Lang::tr{'last activity'}</b></th>
6e13d0a5
MT		 3008 </tr>
3009END
3010;
87fe47e9 3011 my $filename = "/var/run/ovpnserver.log";
6e13d0a5
MT		 3012 open(FILE, $filename) or die 'Unable to open config file.';
3013 my @current = <FILE>;
3014 close(FILE);
3015 my @users =();
3016 my $status;
3017 my $uid = 0;
3018 my $cn;
3019 my @match = ();
3020 my $proto = "udp";
3021 my $address;
3022 my %userlookup = ();
3023 foreach my $line (@current)
3024 {
3025 chomp($line);
3026 if ( $line =~ /^Updated,(.+)/){
3027 @match = split( /^Updated,(.+)/, $line);
3028 $status = $match[1];
3029 }
c6c9630e 3030#gian
6e13d0a5
MT		 3031 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
3032 @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
3033 if ($match[1] ne "Common Name") {
3034 $cn = $match[1];
3035 $userlookup{$match[2]} = $uid;
3036 $users[$uid]{'CommonName'} = $match[1];
3037 $users[$uid]{'RealAddress'} = $match[2];
c6c9630e
MT		 3038 $users[$uid]{'BytesReceived'} = &sizeformat($match[3]);
3039 $users[$uid]{'BytesSent'} = &sizeformat($match[4]);
6e13d0a5
MT		 3040 $users[$uid]{'Since'} = $match[5];
3041 $users[$uid]{'Proto'} = $proto;
d8ef6a95
PM		 3042
3043 # get country code for "RealAddress"...
07e42be9 3044 my $ccode = &Location::Functions::lookup_country_code((split ':', $users[$uid]{'RealAddress'})[0]);
e2e270e1 3045 my $flag_icon = &Location::Functions::get_flag_icon($ccode);
d8ef6a95 3046 $users[$uid]{'Country'} = "<a href='country.cgi#$ccode'><img src='$flag_icon' border='0' align='absmiddle' alt='$ccode' title='$ccode' /></a>";
6e13d0a5
MT		 3047 $uid++;
3048 }
3049 }
3050 if ( $line =~ /^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/) {
3051 @match = split(m/^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/, $line);
3052 if ($match[1] ne "Virtual Address") {
3053 $address = $match[3];
3054 #find the uid in the lookup table
3055 $uid = $userlookup{$address};
3056 $users[$uid]{'VirtualAddress'} = $match[1];
3057 $users[$uid]{'LastRef'} = $match[4];
3058 }
3059 }
3060 }
3061 my $user2 = @users;
3062 if ($user2 >= 1){
99bfa85c 3063 for (my $idx = 1; $idx <= $user2; $idx++){
6e13d0a5 3064 if ($idx % 2) {
99bfa85c
AM		 3065 print "<tr>";
3066 $col="bgcolor='$color{'color22'}'";
3067 } else {
3068 print "<tr>";
3069 $col="bgcolor='$color{'color20'}'";
6e13d0a5 3070 }
99bfa85c
AM		 3071 print "<td align='left' $col>$users[$idx-1]{'CommonName'}</td>";
3072 print "<td align='left' $col>$users[$idx-1]{'RealAddress'}</td>";
d8ef6a95
PM		 3073 print "<td align='center' $col>$users[$idx-1]{'Country'}</td>";
3074 print "<td align='center' $col>$users[$idx-1]{'VirtualAddress'}</td>";
99bfa85c
AM		 3075 print "<td align='left' $col>$users[$idx-1]{'Since'}</td>";
3076 print "<td align='left' $col>$users[$idx-1]{'BytesSent'}</td>";
3077 print "<td align='left' $col>$users[$idx-1]{'BytesReceived'}</td>";
3078 print "<td align='left' $col>$users[$idx-1]{'LastRef'}</td>";
3079 }
3080 }
6e13d0a5
MT		 3081
3082 print "</table>";
49abe7af 3083 print <<END;
6e13d0a5
MT		 3084 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
3085 <tr><td></td></tr>
3086 <tr><td></td></tr>
3087 <tr><td></td></tr>
3088 <tr><td></td></tr>
3089 <tr><td align='center' >$Lang::tr{'the statistics were last updated at'} <b>$status</b></td></tr>
3090 </table>
3091END
3092;
3093 &Header::closebox();
3094 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
3095 &Header::closebigbox();
3096 &Header::closepage();
3097 exit(0);
3098
3099###
3100### Download Certificate
3101###
3102} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download certificate'}) {
3103 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 3104
6e13d0a5 3105 if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
c6c9630e
MT		 3106 print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\r\n";
3107 print "Content-Type: application/octet-stream\r\n\r\n";
3108 print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
3109 exit (0);
3110 }
3111
3112###
3113### Enable/Disable connection
3114###
ce9abb66 3115
c6c9630e
MT		 3116} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
3117
3118 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3119 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3120
3121 if ($confighash{$cgiparams{'KEY'}}) {
ce9abb66 3122 if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
c6c9630e
MT		 3123 $confighash{$cgiparams{'KEY'}}[0] = 'on';
3124 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3125 #&writeserverconf();
3126# if ($vpnsettings{'ENABLED'} eq 'on' ||
3127# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
3128# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
3129# }
3130 } else {
3131 $confighash{$cgiparams{'KEY'}}[0] = 'off';
3132# if ($vpnsettings{'ENABLED'} eq 'on' ||
3133# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
3134# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
3135# }
3136 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3137 #&writeserverconf();
3138 }
3139 } else {
3140 $errormessage = $Lang::tr{'invalid key'};
6e13d0a5
MT		 3141 }
3142
3143###
3144### Restart connection
3145###
3146} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'restart'}) {
3147 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3148 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3149
3150 if ($confighash{$cgiparams{'KEY'}}) {
c6c9630e
MT		 3151# if ($vpnsettings{'ENABLED'} eq 'on' ||
3152# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
3153# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
3154# }
6e13d0a5 3155 } else {
c6c9630e 3156 $errormessage = $Lang::tr{'invalid key'};
6e13d0a5
MT		 3157 }
3158
ce9abb66 3159###
7c1d9faf 3160# m.a.d net2net
ce9abb66
AH		 3161###
3162
3163} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') {
3164 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3165 &Header::showhttpheaders();
4c962356 3166 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
ce9abb66
AH		 3167 &Header::openbigbox('100%', 'LEFT', '', '');
3168 &Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'});
b278daf3
AH		 3169
3170if ( -s "${General::swroot}/ovpn/settings") {
3171
49abe7af 3172 print <<END;
ce9abb66 3173 <b>$Lang::tr{'connection type'}:</b><br />
8c877a82 3174 <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
ce9abb66
AH		 3175 <tr><td><input type='radio' name='TYPE' value='host' checked /></td>
3176 <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
3177 <tr><td><input type='radio' name='TYPE' value='net' /></td>
3178 <td class='base'>$Lang::tr{'net to net vpn'}</td></tr>
3179 <tr><td><input type='radio' name='TYPE' value='net2net' /></td>
3180 <td class='base'>$Lang::tr{'net to net vpn'} (Upload Client Package)</td></tr>
3181 <tr><td>&nbsp;</td><td class='base'><input type='file' name='FH' size='30'></td></tr>
e3edceeb 3182 <tr><td>&nbsp;</td><td>Import Connection Name</td></tr>
040b8b0c 3183 <tr><td>&nbsp;</td><td class='base'><input type='text' name='n2nname' size='30'>$Lang::tr{'openvpn default'}: Client Packagename</td></tr>
54fd0535 3184 <tr><td colspan='3'><hr /></td></tr>
8c877a82 3185 <tr><td align='right' colspan='3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
ce9abb66
AH		 3186 </form></table>
3187END
3188 ;
8c877a82 3189
ce9abb66 3190
b278daf3 3191} else {
49abe7af 3192 print <<END;
b278daf3 3193 <b>$Lang::tr{'connection type'}:</b><br />
8c877a82 3194 <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
b278daf3 3195 <tr><td><input type='radio' name='TYPE' value='host' checked /></td> <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
8c877a82 3196 <tr><td align='right' colspan'3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
b278daf3
AH		 3197 </form></table>
3198END
3199 ;
3200
3201}
3202
ce9abb66 3203 &Header::closebox();
4c962356 3204 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
ce9abb66
AH		 3205 &Header::closebigbox();
3206 &Header::closepage();
3207 exit (0);
3208
3209###
7c1d9faf 3210# m.a.d net2net
ce9abb66
AH		 3211###
3212
3213} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2net')){
3214
3215 my @firen2nconf;
3216 my @confdetails;
3217 my $uplconffilename ='';
54fd0535 3218 my $uplconffilename2 ='';
ce9abb66 3219 my $uplp12name = '';
54fd0535 3220 my $uplp12name2 = '';
ce9abb66
AH		 3221 my @rem_subnet;
3222 my @rem_subnet2;
3223 my @tmposupnet3;
3224 my $key;
54fd0535 3225 my @n2nname;
ce9abb66
AH		 3226
3227 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3228
2ad1b18b
MT		 3229 # Check if a file is uploaded
3230 unless (ref ($cgiparams{'FH'})) {
ce9abb66
AH		 3231 $errormessage = $Lang::tr{'there was no file upload'};
3232 goto N2N_ERROR;
3233 }
3234
3235# Move uploaded IPfire n2n package to temporary file
3236
3237 (my $fh, my $filename) = tempfile( );
3238 if (copy ($cgiparams{'FH'}, $fh) != 1) {
3239 $errormessage = $!;
3240 goto N2N_ERROR;
3241 }
3242
3243 my $zip = Archive::Zip->new();
3244 my $zipName = $filename;
3245 my $status = $zip->read( $zipName );
3246 if ($status != AZ_OK) {
3247 $errormessage = "Read of $zipName failed\n";
3248 goto N2N_ERROR;
3249 }
3250
3251 my $tempdir = tempdir( CLEANUP => 1 );
3252 my @files = $zip->memberNames();
3253 for(@files) {
3254 $zip->extractMemberWithoutPaths($_,"$tempdir/$_");
3255 }
3256 my $countfiles = @files;
3257
3258# Check if we have not more then 2 files
3259
3260 if ( $countfiles == 2){
3261 foreach (@files){
3262 if ( $_ =~ /.conf$/){
3263 $uplconffilename = $_;
3264 }
3265 if ( $_ =~ /.p12$/){
3266 $uplp12name = $_;
3267 }
3268 }
3269 if (($uplconffilename eq '') || ($uplp12name eq '')){
3270 $errormessage = "Either no *.conf or no *.p12 file found\n";
3271 goto N2N_ERROR;
3272 }
3273
3274 open(FILE, "$tempdir/$uplconffilename") or die 'Unable to open*.conf file';
3275 @firen2nconf = <FILE>;
3276 close (FILE);
3277 chomp(@firen2nconf);
ce9abb66
AH		 3278 } else {
3279
3280 $errormessage = "Filecount does not match only 2 files are allowed\n";
3281 goto N2N_ERROR;
3282 }
3283
7c1d9faf
AH		 3284###
3285# m.a.d net2net
ce9abb66 3286###
54fd0535
MT		 3287
3288 if ($cgiparams{'n2nname'} ne ''){
3289
3290 $uplconffilename2 = "$cgiparams{'n2nname'}.conf";
3291 $uplp12name2 = "$cgiparams{'n2nname'}.p12";
3292 $n2nname[0] = $cgiparams{'n2nname'};
3293 my @n2nname2 = split(/\./,$uplconffilename);
3294 $n2nname2[0] =~ s/\n|\r//g;
3295 my $input1 = "${General::swroot}/ovpn/certs/$uplp12name";
3296 my $output1 = "${General::swroot}/ovpn/certs/$uplp12name2";
3297 my $input2 = "$n2nname2[0]n2n";
3298 my $output2 = "$n2nname[0]n2n";
3299 my $filename = "$tempdir/$uplconffilename";
3300 open(FILE, "< $filename") or die 'Unable to open config file.';
3301 my @current = <FILE>;
3302 close(FILE);
3303 foreach (@current) {s/$input1/$output1/g;}
3304 foreach (@current) {s/$input2/$output2/g;}
3305 open (OUT, "> $filename") || die 'Unable to open config file.';
3306 print OUT @current;
3307 close OUT;
ce9abb66 3308
54fd0535
MT		 3309 }else{
3310 $uplconffilename2 = $uplconffilename;
3311 $uplp12name2 = $uplp12name;
3312 @n2nname = split(/\./,$uplconffilename);
ce9abb66 3313 $n2nname[0] =~ s/\n|\r//g;
54fd0535 3314 }
7c1d9faf
AH		 3315 unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
3316 unless(-d "${General::swroot}/ovpn/n2nconf/$n2nname[0]"){mkdir "${General::swroot}/ovpn/n2nconf/$n2nname[0]", 0770 or die "Unable to create dir $!";}
ce9abb66 3317
7dfcaef0
AM		 3318 #Add collectd settings to configfile
3319 open(FILE, ">> $tempdir/$uplconffilename") or die 'Unable to open config file.';
3320 print FILE "# Logfile\n";
3321 print FILE "status-version 1\n";
3322 print FILE "status /var/run/openvpn/$n2nname[0]-n2n 10\n";
3323 close FILE;
3324
54fd0535 3325 move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2");
ce9abb66
AH		 3326
3327 if ($? ne 0) {
3328 $errormessage = "*.conf move failed: $!";
3329 unlink ($filename);
3330 goto N2N_ERROR;
3331 }
3332
54fd0535 3333 move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name2");
b278daf3
AH		 3334 chmod 0600, "${General::swroot}/ovpn/certs/$uplp12name";
3335
ce9abb66
AH		 3336 if ($? ne 0) {
3337 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
3338 unlink ($filename);
3339 goto N2N_ERROR;
3340 }
3341
3342my $complzoactive;
d96c89eb 3343my $mssfixactive;
4c962356 3344my $authactive;
d96c89eb 3345my $n2nfragment;
60f396d7 3346my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
54fd0535 3347my @n2nproto = split(/-/, $n2nproto2[1]);
ce9abb66
AH		 3348my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]);
3349my @n2ntunmtu = split(/ /, (grep { /^tun-mtu/ } @firen2nconf)[0]);
3350my @n2ncomplzo = grep { /^comp-lzo/ } @firen2nconf;
3351if ($n2ncomplzo[0] =~ /comp-lzo/){$complzoactive = "on";} else {$complzoactive = "off";}
d96c89eb
AH		 3352my @n2nmssfix = grep { /^mssfix/ } @firen2nconf;
3353if ($n2nmssfix[0] =~ /mssfix/){$mssfixactive = "on";} else {$mssfixactive = "off";}
54fd0535 3354#my @n2nmssfix = split(/ /, (grep { /^mssfix/ } @firen2nconf)[0]);
d96c89eb 3355my @n2nfragment = split(/ /, (grep { /^fragment/ } @firen2nconf)[0]);
ce9abb66
AH		 3356my @n2nremote = split(/ /, (grep { /^remote/ } @firen2nconf)[0]);
3357my @n2novpnsuball = split(/ /, (grep { /^ifconfig/ } @firen2nconf)[0]);
3358my @n2novpnsub = split(/\./,$n2novpnsuball[1]);
3359my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]);
54fd0535 3360my @n2nmgmt = split(/ /, (grep { /^management/ } @firen2nconf)[0]);
ce9abb66 3361my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]);
4c962356 3362my @n2ncipher = split(/ /, (grep { /^cipher/ } @firen2nconf)[0]);
f527e53f 3363my @n2nauth = split(/ /, (grep { /^auth/ } @firen2nconf)[0]);;
60f396d7 3364
ce9abb66
AH		 3365###
3366# m.a.d delete CR and LF from arrays for this chomp doesnt work
3367###
3368
ce9abb66 3369$n2nremote[1] =~ s/\n|\r//g;
ce9abb66
AH		 3370$n2novpnsub[0] =~ s/\n|\r//g;
3371$n2novpnsub[1] =~ s/\n|\r//g;
3372$n2novpnsub[2] =~ s/\n|\r//g;
60f396d7 3373$n2nproto[0] =~ s/\n|\r//g;
ce9abb66
AH		 3374$n2nport[1] =~ s/\n|\r//g;
3375$n2ntunmtu[1] =~ s/\n|\r//g;
3376$n2nremsub[1] =~ s/\n|\r//g;
b278daf3 3377$n2nremsub[2] =~ s/\n|\r//g;
ce9abb66 3378$n2nlocalsub[2] =~ s/\n|\r//g;
d96c89eb 3379$n2nfragment[1] =~ s/\n|\r//g;
54fd0535 3380$n2nmgmt[2] =~ s/\n|\r//g;
4c962356
EK		 3381$n2ncipher[1] =~ s/\n|\r//g;
3382$n2nauth[1] =~ s/\n|\r//g;
ce9abb66 3383chomp ($complzoactive);
d96c89eb 3384chomp ($mssfixactive);
ce9abb66
AH		 3385
3386###
7c1d9faf 3387# m.a.d net2net
ce9abb66
AH		 3388###
3389
3390###
3391# Check if there is no other entry with this name
3392###
3393
3394 foreach my $dkey (keys %confighash) {
3395 if ($confighash{$dkey}[1] eq $n2nname[0]) {
3396 $errormessage = $Lang::tr{'a connection with this name already exists'};
b278daf3
AH		 3397 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
3398 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
3399 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
ce9abb66
AH		 3400 goto N2N_ERROR;
3401 }
3402 }
3403
d96c89eb
AH		 3404###
3405# Check if OpenVPN Subnet is valid
3406###
3407
3408foreach my $dkey (keys %confighash) {
3409 if ($confighash{$dkey}[27] eq "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0") {
3410 $errormessage = 'The OpenVPN Subnet is already in use';
b278daf3
AH		 3411 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
3412 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
3413 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
d96c89eb
AH		 3414 goto N2N_ERROR;
3415 }
3416 }
3417
3418###
4c962356 3419# Check if Dest Port is vaild
d96c89eb
AH		 3420###
3421
3422foreach my $dkey (keys %confighash) {
3423 if ($confighash{$dkey}[29] eq $n2nport[1] ) {
3424 $errormessage = 'The OpenVPN Port is already in use';
b278daf3
AH		 3425 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
3426 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
3427 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
d96c89eb
AH		 3428 goto N2N_ERROR;
3429 }
3430 }
3431
3432
3433
ce9abb66
AH		 3434 $key = &General::findhasharraykey (\%confighash);
3435
49abe7af 3436 foreach my $i (0 .. 42) { $confighash{$key}[$i] = "";}
350f2980 3437
ce9abb66
AH		 3438 $confighash{$key}[0] = 'off';
3439 $confighash{$key}[1] = $n2nname[0];
350f2980 3440 $confighash{$key}[2] = $n2nname[0];
ce9abb66
AH		 3441 $confighash{$key}[3] = 'net';
3442 $confighash{$key}[4] = 'cert';
3443 $confighash{$key}[6] = 'client';
3444 $confighash{$key}[8] = $n2nlocalsub[2];
350f2980
SS		 3445 $confighash{$key}[10] = $n2nremote[1];
3446 $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]";
54fd0535 3447 $confighash{$key}[22] = $n2nmgmt[2];
350f2980 3448 $confighash{$key}[23] = $mssfixactive;
d96c89eb 3449 $confighash{$key}[24] = $n2nfragment[1];
350f2980 3450 $confighash{$key}[25] = 'IPFire n2n Client';
ce9abb66 3451 $confighash{$key}[26] = 'red';
350f2980
SS		 3452 $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0";
3453 $confighash{$key}[28] = $n2nproto[0];
3454 $confighash{$key}[29] = $n2nport[1];
3455 $confighash{$key}[30] = $complzoactive;
3456 $confighash{$key}[31] = $n2ntunmtu[1];
4c962356
EK		 3457 $confighash{$key}[39] = $n2nauth[1];
3458 $confighash{$key}[40] = $n2ncipher[1];
49abe7af 3459 $confighash{$key}[41] = 'disabled';
ce9abb66
AH		 3460
3461 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
d96c89eb 3462
ce9abb66
AH		 3463 N2N_ERROR:
3464
3465 &Header::showhttpheaders();
3466 &Header::openpage('Validate imported configuration', 1, '');
3467 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
3468 if ($errormessage) {
3469 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
3470 print "<class name='base'>$errormessage";
3471 print "&nbsp;</class>";
3472 &Header::closebox();
3473
3474 } else
3475 {
3476 &Header::openbox('100%', 'LEFT', 'import ipfire net2net config');
3477 }
3478 if ($errormessage eq ''){
49abe7af 3479 print <<END;
ce9abb66
AH		 3480 <!-- ipfire net2net config gui -->
3481 <table width='100%'>
3482 <tr><td width='25%'>&nbsp;</td><td width='25%'>&nbsp;</td></tr>
3483 <tr><td class='boldbase'>$Lang::tr{'name'}:</td><td><b>$n2nname[0]</b></td></tr>
3484 <tr><td>&nbsp;</td><td>&nbsp;</td></tr>
3485 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td><td><b>$confighash{$key}[6]</b></td></tr>
3486 <tr><td class='boldbase' nowrap='nowrap'>Remote Host </td><td><b>$confighash{$key}[10]</b></td></tr>
3487 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td><td><b>$confighash{$key}[8]</b></td></tr>
4c962356 3488 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}:</td><td><b>$confighash{$key}[11]</b></td></tr>
ce9abb66
AH		 3489 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td><td><b>$confighash{$key}[27]</b></td></tr>
3490 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td><td><b>$confighash{$key}[28]</b></td></tr>
3491 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'destination port'}:</td><td><b>$confighash{$key}[29]</b></td></tr>
3492 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td><td><b>$confighash{$key}[30]</b></td></tr>
4c962356
EK		 3493 <tr><td class='boldbase' nowrap='nowrap'>MSSFIX:</td><td><b>$confighash{$key}[23]</b></td></tr>
3494 <tr><td class='boldbase' nowrap='nowrap'>Fragment:</td><td><b>$confighash{$key}[24]</b></td></tr>
ce9abb66 3495 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
54fd0535 3496 <tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr>
0c4ffc69 3497 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn tls auth'}:</td><td><b>$confighash{$key}[39]</b></td></tr>
4c962356 3498 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td><td><b>$confighash{$key}[40]</b></td></tr>
ce9abb66
AH		 3499 <tr><td>&nbsp;</td><td>&nbsp;</td></tr>
3500 </table>
3501END
3502;
3503 &Header::closebox();
3504 }
3505
3506 if ($errormessage) {
3507 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
3508 } else {
3509 print "<div align='center'><form method='post' ENCTYPE='multipart/form-data'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' />";
3510 print "<input type='hidden' name='TYPE' value='net2netakn' />";
3511 print "<input type='hidden' name='KEY' value='$key' />";
3512 print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>";
3513 }
3514 &Header::closebigbox();
3515 &Header::closepage();
4c962356 3516 exit(0);
ce9abb66
AH		 3517
3518
3519##
3520### Accept IPFire n2n Package Settings
3521###
3522
3523 } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){
3524
3525###
3526### Discard and Rollback IPFire n2n Package Settings
3527###
3528
3529 } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'cancel'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){
3530
3531 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3532
3533if ($confighash{$cgiparams{'KEY'}}) {
3534
3535 my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
3536 my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
3537 unlink ($certfile) or die "Removing $certfile fail: $!";
3538 unlink ($conffile) or die "Removing $conffile fail: $!";
3539 rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
3540 delete $confighash{$cgiparams{'KEY'}};
3541 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3542
3543 } else {
3544 $errormessage = $Lang::tr{'invalid key'};
3545 }
3546
3547
3548###
7c1d9faf 3549# m.a.d net2net
ce9abb66
AH		 3550###
3551
3552
3553###
3554### Adding a new connection
3555###
6e13d0a5
MT		 3556} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) ||
3557 ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) ||
3558 ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) {
8c877a82 3559
6e13d0a5
MT		 3560 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3561 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
3562 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3563
3564 if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
8c877a82
AM		 3565 if (! $confighash{$cgiparams{'KEY'}}[0]) {
3566 $errormessage = $Lang::tr{'invalid key'};
3567 goto VPNCONF_END;
3568 }
4c962356
EK		 3569 $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0];
3570 $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1];
3571 $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
3572 $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
3573 $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
3574 $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6];
3575 $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
3576 $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10];
8c877a82 3577 $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
4c962356
EK		 3578 $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22];
3579 $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23];
3580 $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24];
3581 $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25];
3582 $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
3583 $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27];
3584 $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28];
3585 $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29];
3586 $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30];
3587 $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31];
3588 $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32];
df9b48b7 3589 $name=$cgiparams{'CHECK1'} ;
4c962356
EK		 3590 $cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33];
3591 $cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34];
3592 $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35];
3593 $cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36];
3594 $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37];
4c962356
EK		 3595 $cgiparams{'DAUTH'} = $confighash{$cgiparams{'KEY'}}[39];
3596 $cgiparams{'DCIPHER'} = $confighash{$cgiparams{'KEY'}}[40];
49abe7af 3597 $cgiparams{'TLSAUTH'} = $confighash{$cgiparams{'KEY'}}[41];
8c877a82 3598 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
c6c9630e 3599 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
18837a6a 3600
8c877a82 3601#A.Marx CCD check iroute field and convert it to decimal
52d08bcb 3602if ($cgiparams{'TYPE'} eq 'host') {
8c877a82
AM		 3603 my @temp=();
3604 my %ccdroutehash=();
3605 my $keypoint=0;
5068ac38
AM		 3606 my $ip;
3607 my $cidr;
8c877a82
AM		 3608 if ($cgiparams{'IR'} ne ''){
3609 @temp = split("\n",$cgiparams{'IR'});
3610 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3611 #find key to use
3612 foreach my $key (keys %ccdroutehash) {
3613 if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) {
3614 $keypoint=$key;
3615 delete $ccdroutehash{$key};
3616 }else{
3617 $keypoint = &General::findhasharraykey (\%ccdroutehash);
3618 }
3619 }
3620 $ccdroutehash{$keypoint}[0]=$cgiparams{'NAME'};
3621 my $i=1;
3622 my $val=0;
3623 foreach $val (@temp){
3624 chomp($val);
3625 $val=~s/\s*$//g;
5068ac38 3626 #check if iroute exists in ccdroute or if new iroute is part of an existing one
8c877a82
AM		 3627 foreach my $key (keys %ccdroutehash) {
3628 foreach my $oldiroute ( 1 .. $#{$ccdroutehash{$key}}){
5068ac38
AM		 3629 if ($ccdroutehash{$key}[$oldiroute] eq "$val") {
3630 $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
3631 goto VPNCONF_ERROR;
3632 }
3633 my ($ip1,$cidr1) = split (/\//, $val);
82c809c7 3634 $ip1 = &General::getnetworkip($ip1,&General::iporsubtocidr($cidr1));
5068ac38
AM		 3635 my ($ip2,$cidr2) = split (/\//, $ccdroutehash{$key}[$oldiroute]);
3636 if (&General::IpInSubnet ($ip1,$ip2,$cidr2)){
3637 $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
3638 goto VPNCONF_ERROR;
3639 }
3640
8c877a82
AM		 3641 }
3642 }
5068ac38
AM		 3643 if (!&General::validipandmask($val)){
3644 $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
3645 goto VPNCONF_ERROR;
3646 }else{
3647 ($ip,$cidr) = split(/\//,$val);
3648 $ip=&General::getnetworkip($ip,&General::iporsubtocidr($cidr));
3649 $cidr=&General::iporsubtodec($cidr);
3650 $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
3651
3652 }
8c877a82
AM		 3653
3654 #check for existing network IP's
52d08bcb
AM		 3655 if (&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0')
3656 {
3657 $errormessage=$Lang::tr{'ccd err green'};
3658 goto VPNCONF_ERROR;
3659 }elsif(&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0')
3660 {
3661 $errormessage=$Lang::tr{'ccd err red'};
3662 goto VPNCONF_ERROR;
3663 }elsif(&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '')
3664 {
3665 $errormessage=$Lang::tr{'ccd err blue'};
3666 goto VPNCONF_ERROR;
3667 }elsif(&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' )
3668 {
3669 $errormessage=$Lang::tr{'ccd err orange'};
8c877a82
AM		 3670 goto VPNCONF_ERROR;
3671 }
52d08bcb 3672
8c877a82
AM		 3673 if (&General::validipandmask($val)){
3674 $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
3675 }else{
3676 $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($ip/$cidr)";
3677 goto VPNCONF_ERROR;
3678 }
3679 $i++;
3680 }
3681 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3682 &writeserverconf;
3683 }else{
3684 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3685 foreach my $key (keys %ccdroutehash) {
3686 if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) {
3687 delete $ccdroutehash{$key};
3688 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3689 &writeserverconf;
3690 }
3691 }
3692 }
3693 undef @temp;
3694 #check route field and convert it to decimal
8c877a82
AM		 3695 my $val=0;
3696 my $i=1;
8c877a82 3697 &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
52d08bcb
AM		 3698 #find key to use
3699 foreach my $key (keys %ccdroute2hash) {
3700 if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) {
3701 $keypoint=$key;
3702 delete $ccdroute2hash{$key};
3703 }else{
3704 $keypoint = &General::findhasharraykey (\%ccdroute2hash);
3705 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3706 &writeserverconf;
8c877a82 3707 }
52d08bcb
AM		 3708 }
3709 $ccdroute2hash{$keypoint}[0]=$cgiparams{'NAME'};
3710 if ($cgiparams{'IFROUTE'} eq ''){$cgiparams{'IFROUTE'} = $Lang::tr{'ccd none'};}
3711 @temp = split(/\|/,$cgiparams{'IFROUTE'});
3712 my %ownnet=();
3713 &General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
3714 foreach $val (@temp){
3715 chomp($val);
3716 $val=~s/\s*$//g;
3717 if ($val eq $Lang::tr{'green'})
3718 {
3719 $val=$ownnet{GREEN_NETADDRESS}."/".$ownnet{GREEN_NETMASK};
3720 }
3721 if ($val eq $Lang::tr{'blue'})
3722 {
3723 $val=$ownnet{BLUE_NETADDRESS}."/".$ownnet{BLUE_NETMASK};
3724 }
3725 if ($val eq $Lang::tr{'orange'})
3726 {
3727 $val=$ownnet{ORANGE_NETADDRESS}."/".$ownnet{ORANGE_NETMASK};
3728 }
3729 my ($ip,$cidr) = split (/\//, $val);
3730
3731 if ($val ne $Lang::tr{'ccd none'})
3732 {
8c877a82
AM		 3733 if (! &check_routes_push($val)){$errormessage=$errormessage."Route $val ".$Lang::tr{'ccd err routeovpn2'}." ($val)";goto VPNCONF_ERROR;}
3734 if (! &check_ccdroute($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err inuse'}." ($val)" ;goto VPNCONF_ERROR;}
3735 if (! &check_ccdconf($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err routeovpn'}." ($val)";goto VPNCONF_ERROR;}
3736 if (&General::validipandmask($val)){
3737 $val=$ip."/".&General::iporsubtodec($cidr);
3738 $ccdroute2hash{$keypoint}[$i] = $val;
3739 }else{
3740 $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
3741 goto VPNCONF_ERROR;
3742 }
52d08bcb
AM		 3743 }else{
3744 $ccdroute2hash{$keypoint}[$i]='';
3745 }
3746 $i++;
3747 }
3748 &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
3749
8c877a82
AM		 3750 #check dns1 ip
3751 if ($cgiparams{'CCD_DNS1'} ne '' && ! &General::validip($cgiparams{'CCD_DNS1'})) {
3752 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 1";
3753 goto VPNCONF_ERROR;
3754 }
3755 #check dns2 ip
3756 if ($cgiparams{'CCD_DNS2'} ne '' && ! &General::validip($cgiparams{'CCD_DNS2'})) {
3757 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 2";
3758 goto VPNCONF_ERROR;
3759 }
3760 #check wins ip
3761 if ($cgiparams{'CCD_WINS'} ne '' && ! &General::validip($cgiparams{'CCD_WINS'})) {
3762 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp wins'};
3763 goto VPNCONF_ERROR;
3764 }
52d08bcb 3765}
8c877a82
AM		 3766
3767#CCD End
52d08bcb 3768
8c877a82 3769
73735ad9
EK		 3770 if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
3771 $errormessage = $Lang::tr{'connection type is invalid'};
3772 if ($cgiparams{'TYPE'} eq 'net') {
3773 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3774 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3775 goto VPNCONF_ERROR;
3776 }
3777 goto VPNCONF_ERROR;
c6c9630e
MT		 3778 }
3779
c6c9630e 3780 if ($cgiparams{'NAME'} !~ /^[a-zA-Z0-9]+$/) {
73735ad9
EK		 3781 $errormessage = $Lang::tr{'name must only contain characters'};
3782 if ($cgiparams{'TYPE'} eq 'net') {
3783 goto VPNCONF_ERROR;
3784 }
3785 goto VPNCONF_ERROR;
3786 }
c6c9630e
MT		 3787
3788 if ($cgiparams{'NAME'} =~ /^(host|01|block|private|clear|packetdefault)$/) {
73735ad9
EK		 3789 $errormessage = $Lang::tr{'name is invalid'};
3790 if ($cgiparams{'TYPE'} eq 'net') {
3791 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3792 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3793 goto VPNCONF_ERROR;
3794 }
3795 goto VPNCONF_ERROR;
c6c9630e
MT		 3796 }
3797
3798 if (length($cgiparams{'NAME'}) >60) {
73735ad9
EK		 3799 $errormessage = $Lang::tr{'name too long'};
3800 if ($cgiparams{'TYPE'} eq 'net') {
3801 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3802 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3803 goto VPNCONF_ERROR;
3804 }
3805 goto VPNCONF_ERROR;
c6c9630e
MT		 3806 }
3807
d96c89eb 3808###
7c1d9faf 3809# m.a.d net2net
d96c89eb
AH		 3810###
3811
7c1d9faf 3812if ($cgiparams{'TYPE'} eq 'net') {
ab4cf06c 3813 if ($cgiparams{'DEST_PORT'} eq $vpnsettings{'DDEST_PORT'}) {
cd0c0a0d 3814 $errormessage = $Lang::tr{'openvpn destination port used'};
b278daf3
AH		 3815 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3816 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3817 goto VPNCONF_ERROR;
d96c89eb 3818 }
ab4cf06c
AM		 3819 #Bugfix 10357
3820 foreach my $key (sort keys %confighash){
3821 if ( ($confighash{$key}[22] eq $cgiparams{'DEST_PORT'} && $cgiparams{'NAME'} ne $confighash{$key}[1]) || ($confighash{$key}[29] eq $cgiparams{'DEST_PORT'} && $cgiparams{'NAME'} ne $confighash{$key}[1])){
54fd0535
MT		 3822 $errormessage = $Lang::tr{'openvpn destination port used'};
3823 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3824 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
ab4cf06c
AM		 3825 goto VPNCONF_ERROR;
3826 }
3827 }
3828 if ($cgiparams{'DEST_PORT'} eq '') {
3829 $errormessage = $Lang::tr{'invalid port'};
3830 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3831 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
54fd0535
MT		 3832 goto VPNCONF_ERROR;
3833 }
d96c89eb 3834
f48074ba
SS		 3835 # Check if the input for the transfer net is valid.
3836 if (!&General::validipandmask($cgiparams{'OVPN_SUBNET'})){
3837 $errormessage = $Lang::tr{'ccd err invalidnet'};
3838 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3839 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3840 goto VPNCONF_ERROR;
3841 }
3842
d96c89eb 3843 if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) {
cd0c0a0d 3844 $errormessage = $Lang::tr{'openvpn subnet is used'};
b278daf3
AH		 3845 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3846 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
d96c89eb
AH		 3847 goto VPNCONF_ERROR;
3848 }
3849
3850 if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'MSSFIX'} eq 'on')) {
cd0c0a0d 3851 $errormessage = $Lang::tr{'openvpn mssfix allowed with udp'};
b278daf3
AH		 3852 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3853 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
d96c89eb
AH		 3854 goto VPNCONF_ERROR;
3855 }
3856
3857 if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'FRAGMENT'} ne '')) {
cd0c0a0d 3858 $errormessage = $Lang::tr{'openvpn fragment allowed with udp'};
b278daf3
AH		 3859 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3860 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
d96c89eb
AH		 3861 goto VPNCONF_ERROR;
3862 }
d96c89eb 3863
7c1d9faf 3864 if ( &validdotmask ($cgiparams{'LOCAL_SUBNET'})) {
cd0c0a0d 3865 $errormessage = $Lang::tr{'openvpn prefix local subnet'};
b278daf3
AH		 3866 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3867 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3868 goto VPNCONF_ERROR;
7c1d9faf
AH		 3869 }
3870
3871 if ( &validdotmask ($cgiparams{'OVPN_SUBNET'})) {
cd0c0a0d 3872 $errormessage = $Lang::tr{'openvpn prefix openvpn subnet'};
b278daf3
AH		 3873 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3874 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3875 goto VPNCONF_ERROR;
7c1d9faf
AH		 3876 }
3877
3878 if ( &validdotmask ($cgiparams{'REMOTE_SUBNET'})) {
cd0c0a0d 3879 $errormessage = $Lang::tr{'openvpn prefix remote subnet'};
b278daf3
AH		 3880 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3881 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3882 goto VPNCONF_ERROR;
8c252e6a
EK		 3883 }
3884
3885 if ($cgiparams{'DEST_PORT'} <= 1023) {
3886 $errormessage = $Lang::tr{'ovpn port in root range'};
3887 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3888 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3889 goto VPNCONF_ERROR;
3890 }
54fd0535 3891
4c962356 3892 if ($cgiparams{'OVPN_MGMT'} eq '') {
8c252e6a
EK		 3893 $cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'};
3894 }
3895
3896 if ($cgiparams{'OVPN_MGMT'} <= 1023) {
3897 $errormessage = $Lang::tr{'ovpn mgmt in root range'};
3898 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3899 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3900 goto VPNCONF_ERROR;
b2e75449
MT		 3901 }
3902 #Check if remote subnet is used elsewhere
3903 my ($n2nip,$n2nsub)=split("/",$cgiparams{'REMOTE_SUBNET'});
3904 $warnmessage=&General::checksubnets('',$n2nip,'ovpn');
3905 if ($warnmessage){
3906 $warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage;
3907 }
7c1d9faf 3908}
d96c89eb 3909
ce9abb66
AH		 3910# if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
3911# $errormessage = $Lang::tr{'ipfire side is invalid'};
3912# goto VPNCONF_ERROR;
3913# }
3914
c6c9630e
MT		 3915 # Check if there is no other entry with this name
3916 if (! $cgiparams{'KEY'}) {
3917 foreach my $key (keys %confighash) {
3918 if ($confighash{$key}[1] eq $cgiparams{'NAME'}) {
3919 $errormessage = $Lang::tr{'a connection with this name already exists'};
b278daf3
AH		 3920 if ($cgiparams{'TYPE'} eq 'net') {
3921 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3922 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3923 }
c6c9630e 3924 goto VPNCONF_ERROR;
6e13d0a5 3925 }
c6c9630e
MT		 3926 }
3927 }
3928
c125d8a2 3929 # Check if a remote host/IP has been set for the client.
86228a56
MT		 3930 if ($cgiparams{'TYPE'} eq 'net') {
3931 if ($cgiparams{'SIDE'} ne 'server' && $cgiparams{'REMOTE'} eq '') {
3932 $errormessage = $Lang::tr{'invalid input for remote host/ip'};
c125d8a2 3933
86228a56
MT		 3934 # Check if this is a N2N connection and drop temporary config.
3935 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3936 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
ce9abb66 3937
86228a56
MT		 3938 goto VPNCONF_ERROR;
3939 }
c125d8a2 3940
86228a56
MT		 3941 # Check if a remote host/IP has been configured - the field can be empty on the server side.
3942 if ($cgiparams{'REMOTE'} ne '') {
3943 # Check if the given IP is valid - otherwise check if it is a valid domain.
3944 if (! &General::validip($cgiparams{'REMOTE'})) {
3945 # Check for a valid domain.
3946 if (! &General::validfqdn ($cgiparams{'REMOTE'})) {
3947 $errormessage = $Lang::tr{'invalid input for remote host/ip'};
c125d8a2 3948
86228a56
MT		 3949 # Check if this is a N2N connection and drop temporary config.
3950 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3951 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
c125d8a2 3952
86228a56
MT		 3953 goto VPNCONF_ERROR;
3954 }
3955 }
6e13d0a5 3956 }
c6c9630e 3957 }
c125d8a2 3958
c6c9630e
MT		 3959 if ($cgiparams{'TYPE'} ne 'host') {
3960 unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) {
3961 $errormessage = $Lang::tr{'local subnet is invalid'};
b278daf3
AH		 3962 if ($cgiparams{'TYPE'} eq 'net') {
3963 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3964 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3965 }
c6c9630e
MT		 3966 goto VPNCONF_ERROR;}
3967 }
3968 # Check if there is no other entry without IP-address and PSK
3969 if ($cgiparams{'REMOTE'} eq '') {
3970 foreach my $key (keys %confighash) {
3971 if(($cgiparams{'KEY'} ne $key) &&
3972 ($confighash{$key}[4] eq 'psk' || $cgiparams{'AUTH'} eq 'psk') &&
3973 $confighash{$key}[10] eq '') {
3974 $errormessage = $Lang::tr{'you can only define one roadwarrior connection when using pre-shared key authentication'};
3975 goto VPNCONF_ERROR;
6e13d0a5 3976 }
c6c9630e
MT		 3977 }
3978 }
ce9abb66
AH		 3979 if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) {
3980 $errormessage = $Lang::tr{'remote subnet is invalid'};
b278daf3
AH		 3981 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3982 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3983 goto VPNCONF_ERROR;
ce9abb66 3984 }
c6c9630e 3985
425465ed
EK		 3986 # Check for N2N that OpenSSL maximum of valid days will not be exceeded
3987 if ($cgiparams{'TYPE'} eq 'net') {
3988 if ($cgiparams{'DAYS_VALID'} >= '999999') {
3989 $errormessage = $Lang::tr{'invalid input for valid till days'};
3990 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3991 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3992 goto VPNCONF_ERROR;
3993 }
3994 }
3995
c6c9630e
MT		 3996 if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
3997 $errormessage = $Lang::tr{'invalid input'};
3998 goto VPNCONF_ERROR;
3999 }
4000 if ($cgiparams{'EDIT_ADVANCED'} !~ /^(on|off)$/) {
4001 $errormessage = $Lang::tr{'invalid input'};
4002 goto VPNCONF_ERROR;
4003 }
4004
4005#fixplausi
4006 if ($cgiparams{'AUTH'} eq 'psk') {
4007# if (! length($cgiparams{'PSK'}) ) {
4008# $errormessage = $Lang::tr{'pre-shared key is too short'};
4009# goto VPNCONF_ERROR;
4010# }
4011# if ($cgiparams{'PSK'} =~ /['",&]/) {
4012# $errormessage = $Lang::tr{'invalid characters found in pre-shared key'};
4013# goto VPNCONF_ERROR;
4014# }
4015 } elsif ($cgiparams{'AUTH'} eq 'certreq') {
4016 if ($cgiparams{'KEY'}) {
4017 $errormessage = $Lang::tr{'cant change certificates'};
4018 goto VPNCONF_ERROR;
4019 }
2ad1b18b 4020 unless (ref ($cgiparams{'FH'})) {
c6c9630e
MT		 4021 $errormessage = $Lang::tr{'there was no file upload'};
4022 goto VPNCONF_ERROR;
4023 }
4024
4025 # Move uploaded certificate request to a temporary file
4026 (my $fh, my $filename) = tempfile( );
4027 if (copy ($cgiparams{'FH'}, $fh) != 1) {
4028 $errormessage = $!;
4029 goto VPNCONF_ERROR;
4030 }
6e13d0a5 4031
c6c9630e
MT		 4032 # Sign the certificate request and move it
4033 # Sign the host certificate request
f6e12093 4034 system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
c6c9630e
MT		 4035 '-batch', '-notext',
4036 '-in', $filename,
4037 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
4038 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf");
4039 if ($?) {
4040 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
4041 unlink ($filename);
4042 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4043 &newcleanssldatabase();
4044 goto VPNCONF_ERROR;
4045 } else {
4046 unlink ($filename);
4047 &deletebackupcert();
4048 }
4049
4050 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
87ea30ff 4051 $temp =~ /Subject:.*CN\s?=\s?(.*)[\n]/;
c6c9630e
MT		 4052 $temp = $1;
4053 $temp =~ s+/Email+, E+;
4054 $temp =~ s/ ST=/ S=/;
4055 $cgiparams{'CERT_NAME'} = $temp;
4056 $cgiparams{'CERT_NAME'} =~ s/,//g;
4057 $cgiparams{'CERT_NAME'} =~ s/\'//g;
4058 if ($cgiparams{'CERT_NAME'} eq '') {
4059 $errormessage = $Lang::tr{'could not retrieve common name from certificate'};
4060 goto VPNCONF_ERROR;
4061 }
4062 } elsif ($cgiparams{'AUTH'} eq 'certfile') {
4063 if ($cgiparams{'KEY'}) {
4064 $errormessage = $Lang::tr{'cant change certificates'};
4065 goto VPNCONF_ERROR;
4066 }
2ad1b18b 4067 unless (ref ($cgiparams{'FH'})) {
c6c9630e
MT		 4068 $errormessage = $Lang::tr{'there was no file upload'};
4069 goto VPNCONF_ERROR;
4070 }
4071 # Move uploaded certificate to a temporary file
4072 (my $fh, my $filename) = tempfile( );
4073 if (copy ($cgiparams{'FH'}, $fh) != 1) {
4074 $errormessage = $!;
4075 goto VPNCONF_ERROR;
4076 }
4077
4078 # Verify the certificate has a valid CA and move it
4079 my $validca = 0;
4080 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/cacert.pem $filename`;
4081 if ($test =~ /: OK/) {
4082 $validca = 1;
4083 } else {
4084 foreach my $key (keys %cahash) {
4085 $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem $filename`;
4086 if ($test =~ /: OK/) {
4087 $validca = 1;
4088 }
6e13d0a5 4089 }
c6c9630e
MT		 4090 }
4091 if (! $validca) {
4092 $errormessage = $Lang::tr{'certificate does not have a valid ca associated with it'};
4093 unlink ($filename);
4094 goto VPNCONF_ERROR;
4095 } else {
4096 move($filename, "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4097 if ($? ne 0) {
4098 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
4099 unlink ($filename);
4100 goto VPNCONF_ERROR;
6e13d0a5 4101 }
c6c9630e
MT		 4102 }
4103
4104 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
87ea30ff 4105 $temp =~ /Subject:.*CN\s?=\s?(.*)[\n]/;
c6c9630e
MT		 4106 $temp = $1;
4107 $temp =~ s+/Email+, E+;
4108 $temp =~ s/ ST=/ S=/;
4109 $cgiparams{'CERT_NAME'} = $temp;
4110 $cgiparams{'CERT_NAME'} =~ s/,//g;
4111 $cgiparams{'CERT_NAME'} =~ s/\'//g;
4112 if ($cgiparams{'CERT_NAME'} eq '') {
4113 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4114 $errormessage = $Lang::tr{'could not retrieve common name from certificate'};
4115 goto VPNCONF_ERROR;
4116 }
4117 } elsif ($cgiparams{'AUTH'} eq 'certgen') {
4118 if ($cgiparams{'KEY'}) {
4119 $errormessage = $Lang::tr{'cant change certificates'};
4120 goto VPNCONF_ERROR;
4121 }
4122 # Validate input since the form was submitted
4123 if (length($cgiparams{'CERT_NAME'}) >60) {
4124 $errormessage = $Lang::tr{'name too long'};
4125 goto VPNCONF_ERROR;
4126 }
194314b2 4127 if ($cgiparams{'CERT_NAME'} eq '' || $cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
c6c9630e
MT		 4128 $errormessage = $Lang::tr{'invalid input for name'};
4129 goto VPNCONF_ERROR;
4130 }
4131 if ($cgiparams{'CERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'CERT_EMAIL'}))) {
4132 $errormessage = $Lang::tr{'invalid input for e-mail address'};
4133 goto VPNCONF_ERROR;
4134 }
4135 if (length($cgiparams{'CERT_EMAIL'}) > 40) {
4136 $errormessage = $Lang::tr{'e-mail address too long'};
4137 goto VPNCONF_ERROR;
4138 }
4139 if ($cgiparams{'CERT_OU'} ne '' && $cgiparams{'CERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
4140 $errormessage = $Lang::tr{'invalid input for department'};
4141 goto VPNCONF_ERROR;
4142 }
4143 if (length($cgiparams{'CERT_ORGANIZATION'}) >60) {
4144 $errormessage = $Lang::tr{'organization too long'};
4145 goto VPNCONF_ERROR;
4146 }
4147 if ($cgiparams{'CERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
4148 $errormessage = $Lang::tr{'invalid input for organization'};
4149 goto VPNCONF_ERROR;
4150 }
4151 if ($cgiparams{'CERT_CITY'} ne '' && $cgiparams{'CERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
4152 $errormessage = $Lang::tr{'invalid input for city'};
4153 goto VPNCONF_ERROR;
4154 }
4155 if ($cgiparams{'CERT_STATE'} ne '' && $cgiparams{'CERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
4156 $errormessage = $Lang::tr{'invalid input for state or province'};
4157 goto VPNCONF_ERROR;
4158 }
4159 if ($cgiparams{'CERT_COUNTRY'} !~ /^[A-Z]*$/) {
4160 $errormessage = $Lang::tr{'invalid input for country'};
4161 goto VPNCONF_ERROR;
4162 }
4163 if ($cgiparams{'CERT_PASS1'} ne '' && $cgiparams{'CERT_PASS2'} ne ''){
4164 if (length($cgiparams{'CERT_PASS1'}) < 5) {
4165 $errormessage = $Lang::tr{'password too short'};
4166 goto VPNCONF_ERROR;
6e13d0a5 4167 }
c6c9630e
MT		 4168 }
4169 if ($cgiparams{'CERT_PASS1'} ne $cgiparams{'CERT_PASS2'}) {
4170 $errormessage = $Lang::tr{'passwords do not match'};
4171 goto VPNCONF_ERROR;
4172 }
425465ed 4173 if ($cgiparams{'DAYS_VALID'} eq '' && $cgiparams{'DAYS_VALID'} !~ /^[0-9]+$/) {
f4fbb935
EK		 4174 $errormessage = $Lang::tr{'invalid input for valid till days'};
4175 goto VPNCONF_ERROR;
4176 }
c6c9630e 4177
425465ed
EK		 4178 # Check for RW that OpenSSL maximum of valid days will not be exceeded
4179 if ($cgiparams{'TYPE'} eq 'host') {
4180 if ($cgiparams{'DAYS_VALID'} >= '999999') {
4181 $errormessage = $Lang::tr{'invalid input for valid till days'};
4182 goto VPNCONF_ERROR;
4183 }
4184 }
4185
beac479f
EK		 4186 # Check for RW if client name is already set
4187 if ($cgiparams{'TYPE'} eq 'host') {
4188 foreach my $key (keys %confighash) {
4189 if ($confighash{$key}[1] eq $cgiparams{'NAME'}) {
4190 $errormessage = $Lang::tr{'a connection with this name already exists'};
4191 goto VPNCONF_ERROR;
4192 }
4193 }
4194 }
4195
c6c9630e
MT		 4196 # Replace empty strings with a .
4197 (my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./;
4198 (my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./;
4199 (my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/\./;
4200
4201 # Create the Host certificate request client
4202 my $pid = open(OPENSSL, "|-");
4203 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto VPNCONF_ERROR;};
4204 if ($pid) { # parent
4205 print OPENSSL "$cgiparams{'CERT_COUNTRY'}\n";
4206 print OPENSSL "$state\n";
4207 print OPENSSL "$city\n";
4208 print OPENSSL "$cgiparams{'CERT_ORGANIZATION'}\n";
4209 print OPENSSL "$ou\n";
4210 print OPENSSL "$cgiparams{'CERT_NAME'}\n";
4211 print OPENSSL "$cgiparams{'CERT_EMAIL'}\n";
4212 print OPENSSL ".\n";
4213 print OPENSSL ".\n";
4214 close (OPENSSL);
4215 if ($?) {
4216 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
4217 unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}key.pem");
4218 unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}req.pem");
4219 goto VPNCONF_ERROR;
6e13d0a5 4220 }
c6c9630e 4221 } else { # child
badd8c1c 4222 unless (exec ('/usr/bin/openssl', 'req', '-nodes',
4c962356 4223 '-newkey', 'rsa:2048',
c6c9630e
MT		 4224 '-keyout', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
4225 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
4226 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
4227 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
4228 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
4229 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
4230 goto VPNCONF_ERROR;
6e13d0a5 4231 }
c6c9630e
MT		 4232 }
4233
4234 # Sign the host certificate request
f6e12093 4235 system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
c6c9630e
MT		 4236 '-batch', '-notext',
4237 '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
4238 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
4239 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf");
4240 if ($?) {
4241 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
4242 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
4243 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
4244 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4245 &newcleanssldatabase();
4246 goto VPNCONF_ERROR;
4247 } else {
4248 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
4249 &deletebackupcert();
4250 }
4251
4252 # Create the pkcs12 file
4253 system('/usr/bin/openssl', 'pkcs12', '-export',
4254 '-inkey', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
4255 '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
4256 '-name', $cgiparams{'NAME'},
4257 '-passout', "pass:$cgiparams{'CERT_PASS1'}",
4258 '-certfile', "${General::swroot}/ovpn/ca/cacert.pem",
4259 '-caname', "$vpnsettings{'ROOTCERT_ORGANIZATION'} CA",
4260 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12");
4261 if ($?) {
4262 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
4263 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
4264 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
4265 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12");
4266 goto VPNCONF_ERROR;
4267 } else {
4268 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
4269 }
4270 } elsif ($cgiparams{'AUTH'} eq 'cert') {
4271 ;# Nothing, just editing
4272 } else {
4273 $errormessage = $Lang::tr{'invalid input for authentication method'};
4274 goto VPNCONF_ERROR;
4275 }
4276
4277 # Check if there is no other entry with this common name
4278 if ((! $cgiparams{'KEY'}) && ($cgiparams{'AUTH'} ne 'psk')) {
4279 foreach my $key (keys %confighash) {
4280 if ($confighash{$key}[2] eq $cgiparams{'CERT_NAME'}) {
4281 $errormessage = $Lang::tr{'a connection with this common name already exists'};
4282 goto VPNCONF_ERROR;
6e13d0a5 4283 }
c6c9630e
MT		 4284 }
4285 }
4286
ab4cf06c 4287 # Save the config
c6c9630e 4288 my $key = $cgiparams{'KEY'};
8c877a82 4289
c6c9630e
MT		 4290 if (! $key) {
4291 $key = &General::findhasharraykey (\%confighash);
49abe7af 4292 foreach my $i (0 .. 43) { $confighash{$key}[$i] = "";}
c6c9630e 4293 }
8c877a82
AM		 4294 $confighash{$key}[0] = $cgiparams{'ENABLED'};
4295 $confighash{$key}[1] = $cgiparams{'NAME'};
c6c9630e 4296 if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') {
8c877a82 4297 $confighash{$key}[2] = $cgiparams{'CERT_NAME'};
c6c9630e 4298 }
8c877a82
AM		 4299
4300 $confighash{$key}[3] = $cgiparams{'TYPE'};
c6c9630e 4301 if ($cgiparams{'AUTH'} eq 'psk') {
8c877a82
AM		 4302 $confighash{$key}[4] = 'psk';
4303 $confighash{$key}[5] = $cgiparams{'PSK'};
c6c9630e 4304 } else {
8c877a82 4305 $confighash{$key}[4] = 'cert';
c6c9630e 4306 }
ce9abb66 4307 if ($cgiparams{'TYPE'} eq 'net') {
8c877a82
AM		 4308 $confighash{$key}[6] = $cgiparams{'SIDE'};
4309 $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
ce9abb66 4310 }
4c962356 4311 $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
8c877a82 4312 $confighash{$key}[10] = $cgiparams{'REMOTE'};
4c962356 4313 if ($cgiparams{'OVPN_MGMT'} eq '') {
8c877a82 4314 $confighash{$key}[22] = $confighash{$key}[29];
4c962356 4315 } else {
8c877a82 4316 $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'};
4c962356 4317 }
8c877a82
AM		 4318 $confighash{$key}[23] = $cgiparams{'MSSFIX'};
4319 $confighash{$key}[24] = $cgiparams{'FRAGMENT'};
4320 $confighash{$key}[25] = $cgiparams{'REMARK'};
4321 $confighash{$key}[26] = $cgiparams{'INTERFACE'};
c6c9630e 4322# new fields
8c877a82
AM		 4323 $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'};
4324 $confighash{$key}[28] = $cgiparams{'PROTOCOL'};
4325 $confighash{$key}[29] = $cgiparams{'DEST_PORT'};
4326 $confighash{$key}[30] = $cgiparams{'COMPLZO'};
4327 $confighash{$key}[31] = $cgiparams{'MTU'};
4328 $confighash{$key}[32] = $cgiparams{'CHECK1'};
df9b48b7 4329 $name=$cgiparams{'CHECK1'};
8c877a82
AM		 4330 $confighash{$key}[33] = $cgiparams{$name};
4331 $confighash{$key}[34] = $cgiparams{'RG'};
4332 $confighash{$key}[35] = $cgiparams{'CCD_DNS1'};
4333 $confighash{$key}[36] = $cgiparams{'CCD_DNS2'};
4334 $confighash{$key}[37] = $cgiparams{'CCD_WINS'};
4c962356
EK		 4335 $confighash{$key}[39] = $cgiparams{'DAUTH'};
4336 $confighash{$key}[40] = $cgiparams{'DCIPHER'};
350f2980 4337
71af643c
MT		 4338 if (($cgiparams{'TYPE'} eq 'host') && ($cgiparams{'CERT_PASS1'} eq "")) {
4339 $confighash{$key}[41] = "no-pass";
4340 }
4341
c6c9630e 4342 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
8c877a82
AM		 4343
4344 if ($cgiparams{'CHECK1'} ){
4345
4346 my ($ccdip,$ccdsub)=split "/",$cgiparams{$name};
4347 my ($a,$b,$c,$d) = split (/\./,$ccdip);
df9b48b7
AM		 4348 if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){
4349 unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";
4350 }
8c877a82 4351 open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!";
82c809c7 4352 print CCDRWCONF "# OpenVPN clientconfig from ccd extension by Copymaster#\n\n";
8c877a82
AM		 4353 if($cgiparams{'CHECK1'} eq 'dynamic'){
4354 print CCDRWCONF "#This client uses the dynamic pool\n";
4355 }else{
82c809c7 4356 print CCDRWCONF "#Ip address client and server\n";
8c877a82
AM		 4357 print CCDRWCONF "ifconfig-push $ccdip ".&General::getlastip($ccdip,1)."\n";
4358 }
4359 if ($confighash{$key}[34] eq 'on'){
4360 print CCDRWCONF "\n#Redirect Gateway: \n#All IP traffic is redirected through the vpn \n";
4361 print CCDRWCONF "push redirect-gateway\n";
4362 }
52d08bcb 4363 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
8c877a82 4364 if ($cgiparams{'IR'} ne ''){
82c809c7 4365 print CCDRWCONF "\n#Client routes these networks (behind Client)\n";
8c877a82
AM		 4366 foreach my $key (keys %ccdroutehash){
4367 if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}){
4368 foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
4369 my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]);
4370 print CCDRWCONF "iroute $a $b\n";
4371 }
4372 }
4373 }
4374 }
52d08bcb 4375 if ($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} ){$cgiparams{'IFROUTE'}='';}
8c877a82 4376 if ($cgiparams{'IFROUTE'} ne ''){
82c809c7 4377 print CCDRWCONF "\n#Client gets routes to these networks (behind IPFire)\n";
8c877a82
AM		 4378 foreach my $key (keys %ccdroute2hash){
4379 if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
4380 foreach my $i ( 1 .. $#{$ccdroute2hash{$key}}){
4381 if($ccdroute2hash{$key}[$i] eq $Lang::tr{'blue'}){
4382 my %blue=();
4383 &General::readhash("${General::swroot}/ethernet/settings", \%blue);
52d08bcb 4384 print CCDRWCONF "push \"route $blue{BLUE_ADDRESS} $blue{BLUE_NETMASK}\n";
8c877a82
AM		 4385 }elsif($ccdroute2hash{$key}[$i] eq $Lang::tr{'orange'}){
4386 my %orange=();
4387 &General::readhash("${General::swroot}/ethernet/settings", \%orange);
4388 print CCDRWCONF "push \"route $orange{ORANGE_ADDRESS} $orange{ORANGE_NETMASK}\n";
4389 }else{
4390 my ($a,$b)=split (/\//,$ccdroute2hash{$key}[$i]);
4391 print CCDRWCONF "push \"route $a $b\"\n";
4392 }
4393 }
4394 }
4395 }
4396 }
4397 if(($cgiparams{'CCD_DNS1'} eq '') && ($cgiparams{'CCD_DNS1'} ne '')){ $cgiparams{'CCD_DNS1'} = $cgiparams{'CCD_DNS2'};$cgiparams{'CCD_DNS2'}='';}
4398 if($cgiparams{'CCD_DNS1'} ne ''){
82c809c7 4399 print CCDRWCONF "\n#Client gets these nameservers\n";
8c877a82
AM		 4400 print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS1'}\" \n";
4401 }
4402 if($cgiparams{'CCD_DNS2'} ne ''){
4403 print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS2'}\" \n";
4404 }
4405 if($cgiparams{'CCD_WINS'} ne ''){
4406 print CCDRWCONF "\n#Client gets this WINS server\n";
4407 print CCDRWCONF "push \"dhcp-option WINS $cgiparams{'CCD_WINS'}\" \n";
4408 }
4409 close CCDRWCONF;
4410 }
18837a6a
AH		 4411
4412###
4413# m.a.d n2n begin
4414###
4415
4416 if ($cgiparams{'TYPE'} eq 'net') {
4417
4418 if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
4419 system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
4420
4421 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
4422 my $key = $cgiparams{'KEY'};
4423 if (! $key) {
4424 $key = &General::findhasharraykey (\%confighash);
4425 foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
4426 }
4427 $confighash{$key}[0] = 'on';
4428 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
4429
4430 system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
4431 }
4432 }
4433
4434###
4435# m.a.d n2n end
4436###
4437
c6c9630e
MT		 4438 if ($cgiparams{'EDIT_ADVANCED'} eq 'on') {
4439 $cgiparams{'KEY'} = $key;
4440 $cgiparams{'ACTION'} = $Lang::tr{'advanced'};
4441 }
4442 goto VPNCONF_END;
6e13d0a5 4443 } else {
c6c9630e 4444 $cgiparams{'ENABLED'} = 'on';
54fd0535
MT		 4445###
4446# m.a.d n2n begin
4447###
4448 $cgiparams{'MSSFIX'} = 'on';
4449 $cgiparams{'FRAGMENT'} = '1300';
70900745 4450 $cgiparams{'DAUTH'} = 'SHA512';
54fd0535
MT		 4451###
4452# m.a.d n2n end
4453###
4c962356 4454 $cgiparams{'SIDE'} = 'left';
c6c9630e
MT		 4455 if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) {
4456 $cgiparams{'AUTH'} = 'psk';
4457 } elsif ( ! -f "${General::swroot}/ovpn/ca/cacert.pem") {
4458 $cgiparams{'AUTH'} = 'certfile';
4459 } else {
6e13d0a5 4460 $cgiparams{'AUTH'} = 'certgen';
c6c9630e
MT		 4461 }
4462 $cgiparams{'LOCAL_SUBNET'} ="$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
4463 $cgiparams{'CERT_ORGANIZATION'} = $vpnsettings{'ROOTCERT_ORGANIZATION'};
4464 $cgiparams{'CERT_CITY'} = $vpnsettings{'ROOTCERT_CITY'};
4465 $cgiparams{'CERT_STATE'} = $vpnsettings{'ROOTCERT_STATE'};
4466 $cgiparams{'CERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'};
c0a7c9b2 4467 $cgiparams{'DAYS_VALID'} = $vpnsettings{'DAYS_VALID'} = '730';
6e13d0a5 4468 }
c6c9630e 4469
6e13d0a5 4470 VPNCONF_ERROR:
6e13d0a5
MT		 4471 $checked{'ENABLED'}{'off'} = '';
4472 $checked{'ENABLED'}{'on'} = '';
4473 $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
4474 $checked{'ENABLED_BLUE'}{'off'} = '';
4475 $checked{'ENABLED_BLUE'}{'on'} = '';
4476 $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED';
4477 $checked{'ENABLED_ORANGE'}{'off'} = '';
4478 $checked{'ENABLED_ORANGE'}{'on'} = '';
4479 $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
c6c9630e
MT		 4480
4481
6e13d0a5
MT		 4482 $checked{'EDIT_ADVANCED'}{'off'} = '';
4483 $checked{'EDIT_ADVANCED'}{'on'} = '';
4484 $checked{'EDIT_ADVANCED'}{$cgiparams{'EDIT_ADVANCED'}} = 'CHECKED';
c6c9630e 4485
6e13d0a5
MT		 4486 $selected{'SIDE'}{'server'} = '';
4487 $selected{'SIDE'}{'client'} = '';
4488 $selected{'SIDE'}{$cgiparams{'SIDE'}} = 'SELECTED';
d96c89eb
AH		 4489
4490 $selected{'PROTOCOL'}{'udp'} = '';
4491 $selected{'PROTOCOL'}{'tcp'} = '';
4492 $selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = 'SELECTED';
4493
c6c9630e 4494
6e13d0a5
MT		 4495 $checked{'AUTH'}{'psk'} = '';
4496 $checked{'AUTH'}{'certreq'} = '';
4497 $checked{'AUTH'}{'certgen'} = '';
4498 $checked{'AUTH'}{'certfile'} = '';
4499 $checked{'AUTH'}{$cgiparams{'AUTH'}} = 'CHECKED';
c6c9630e 4500
6e13d0a5 4501 $selected{'INTERFACE'}{$cgiparams{'INTERFACE'}} = 'SELECTED';
c6c9630e 4502
6e13d0a5
MT		 4503 $checked{'COMPLZO'}{'off'} = '';
4504 $checked{'COMPLZO'}{'on'} = '';
4505 $checked{'COMPLZO'}{$cgiparams{'COMPLZO'}} = 'CHECKED';
c6c9630e 4506
d96c89eb
AH		 4507 $checked{'MSSFIX'}{'off'} = '';
4508 $checked{'MSSFIX'}{'on'} = '';
4509 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
4510
52f61e49
EKD		 4511 $selected{'DCIPHER'}{'AES-256-GCM'} = '';
4512 $selected{'DCIPHER'}{'AES-192-GCM'} = '';
4513 $selected{'DCIPHER'}{'AES-128-GCM'} = '';
4c962356
EK		 4514 $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
4515 $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
4516 $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
4517 $selected{'DCIPHER'}{'AES-256-CBC'} = '';
4518 $selected{'DCIPHER'}{'AES-192-CBC'} = '';
4519 $selected{'DCIPHER'}{'AES-128-CBC'} = '';
4520 $selected{'DCIPHER'}{'DESX-CBC'} = '';
4521 $selected{'DCIPHER'}{'SEED-CBC'} = '';
4522 $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
4523 $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
4524 $selected{'DCIPHER'}{'CAST5-CBC'} = '';
4525 $selected{'DCIPHER'}{'BF-CBC'} = '';
4c962356 4526 $selected{'DCIPHER'}{'DES-CBC'} = '';
49abe7af
EK		 4527 # If no cipher has been chossen yet, select
4528 # the old default (AES-256-CBC) for compatiblity reasons.
4529 if ($cgiparams{'DCIPHER'} eq '') {
4530 $cgiparams{'DCIPHER'} = 'AES-256-CBC';
4531 }
4c962356 4532 $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
49abe7af
EK		 4533 $selected{'DAUTH'}{'whirlpool'} = '';
4534 $selected{'DAUTH'}{'SHA512'} = '';
4535 $selected{'DAUTH'}{'SHA384'} = '';
4536 $selected{'DAUTH'}{'SHA256'} = '';
4537 $selected{'DAUTH'}{'SHA1'} = '';
49abe7af 4538 $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
0c4ffc69
EK		 4539 $checked{'TLSAUTH'}{'off'} = '';
4540 $checked{'TLSAUTH'}{'on'} = '';
4541 $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
49abe7af 4542
6e13d0a5
MT		 4543 if (1) {
4544 &Header::showhttpheaders();
4c962356 4545 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
6e13d0a5
MT		 4546 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
4547 if ($errormessage) {
4548 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
4549 print "<class name='base'>$errormessage";
4550 print "&nbsp;</class>";
4551 &Header::closebox();
4552 }
c6c9630e 4553
6e13d0a5
MT		 4554 if ($warnmessage) {
4555 &Header::openbox('100%', 'LEFT', "$Lang::tr{'warning messages'}:");
4556 print "<class name='base'>$warnmessage";
4557 print "&nbsp;</class>";
4558 &Header::closebox();
4559 }
c6c9630e 4560
6e13d0a5 4561 print "<form method='post' enctype='multipart/form-data'>";
ce9abb66 4562 print "<input type='hidden' name='TYPE' value='$cgiparams{'TYPE'}' />";
c6c9630e 4563
6e13d0a5
MT		 4564 if ($cgiparams{'KEY'}) {
4565 print "<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />";
4566 print "<input type='hidden' name='AUTH' value='$cgiparams{'AUTH'}' />";
6e13d0a5 4567 }
c6c9630e 4568
6e13d0a5 4569 &Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:");
8c877a82 4570 print "<table width='100%' border='0'>\n";
4c962356 4571
e3edceeb 4572 print "<tr><td width='14%' class='boldbase'>$Lang::tr{'name'}:&nbsp;<img src='/blob.gif' alt='*' /></td>";
8c877a82 4573
ce9abb66 4574 if ($cgiparams{'TYPE'} eq 'host') {
6e13d0a5 4575 if ($cgiparams{'KEY'}) {
8c877a82 4576 print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
6e13d0a5
MT		 4577 } else {
4578 print "<td width='35%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' size='30' /></td>";
4579 }
c6c9630e
MT		 4580# print "<tr><td>$Lang::tr{'interface'}</td>";
4581# print "<td><select name='INTERFACE'>";
4582# print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED</option>";
4c962356
EK		 4583# if ($netsettings{'BLUE_DEV'} ne '') {
4584# print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE</option>";
4585# }
4586# print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN</option>";
4587# print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>";
4588# print "</select></td></tr>";
4589# print <<END;
ce9abb66
AH		 4590 } else {
4591 print "<input type='hidden' name='INTERFACE' value='red' />";
4592 if ($cgiparams{'KEY'}) {
4593 print "<td width='25%' class='base' nowrap='nowrap'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
4594 } else {
4595 print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>";
4596 }
52f61e49
EKD		 4597
4598 # If GCM ciphers are in usage, HMAC menu is disabled
4599 my $hmacdisabled;
4600 if (($confighash{$cgiparams{'KEY'}}[40] eq 'AES-256-GCM') ||
4601 ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-192-GCM') ||
4602 ($confighash{$cgiparams{'KEY'}}[40] eq 'AES-128-GCM')) {
4603 $hmacdisabled = "disabled='disabled'";
4604 };
4605
4c962356 4606 print <<END;
ce9abb66 4607 <td width='25%'>&nbsp;</td>
f527e53f
EK		 4608 <td width='25%'>&nbsp;</td></tr>
4609 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td>
4610 <td><select name='SIDE'>
4611 <option value='server' $selected{'SIDE'}{'server'}>$Lang::tr{'openvpn server'}</option>
4612 <option value='client' $selected{'SIDE'}{'client'}>$Lang::tr{'openvpn client'}</option>
4613 </select>
4614 </td>
4c962356 4615
f527e53f
EK		 4616 <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
4617 <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td>
4618 </tr>
4c962356 4619
e3edceeb 4620 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}&nbsp;<img src='/blob.gif' alt='*' /></td>
f527e53f 4621 <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td>
4c962356 4622
e3edceeb 4623 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}&nbsp;<img src='/blob.gif' alt='*' /></td>
f527e53f
EK		 4624 <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td>
4625 </tr>
4c962356 4626
e3edceeb 4627 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}&nbsp;<img src='/blob.gif' alt='*' /></td>
f527e53f 4628 <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td>
49abe7af 4629
f527e53f
EK		 4630 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
4631 <td><select name='PROTOCOL'>
4632 <option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
4633 <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>
4634 </tr>
4635
4636 <tr>
e3edceeb 4637 <td class='boldbase'>$Lang::tr{'destination port'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
f527e53f 4638 <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td>
4c962356 4639
e3edceeb 4640 <td class='boldbase' nowrap='nowrap'>Management Port ($Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}):</td>
f527e53f
EK		 4641 <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td>
4642 </tr>
49abe7af 4643
f527e53f
EK		 4644 <tr><td colspan=4><hr /></td></tr><tr>
4645
4646 <tr>
4647 <td class'base'><b>$Lang::tr{'MTU settings'}</b></td>
4648 </tr>
49abe7af 4649
e3edceeb 4650 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td>
f527e53f
EK		 4651 <td><input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td>
4652 <td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td>
4653 </tr>
4c962356 4654
e3edceeb 4655 <tr><td class='boldbase' nowrap='nowrap'>fragment:</td>
f527e53f
EK		 4656 <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td>
4657 <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td>
4658 </tr>
4c962356 4659
e3edceeb 4660 <tr><td class='boldbase' nowrap='nowrap'>mssfix:</td>
f527e53f
EK		 4661 <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
4662 <td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td>
4663 </tr>
4c962356 4664
e3edceeb 4665 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
f527e53f
EK		 4666 <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>
4667 </tr>
2ee746be 4668
f527e53f
EK		 4669<tr><td colspan=4><hr /></td></tr><tr>
4670 <tr>
4671 <td class'base'><b>$Lang::tr{'ovpn crypt options'}:</b></td>
4672 </tr>
4673
4674 <tr><td class='boldbase'>$Lang::tr{'cipher'}</td>
52f61e49
EKD		 4675 <td><select name='DCIPHER' id="n2ncipher" required>
4676 <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option>
4677 <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option>
4678 <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option>
f527e53f
EK		 4679 <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
4680 <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
4681 <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
f7fb5bc5 4682 <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'}, $Lang::tr{'default'})</option>
f527e53f
EK		 4683 <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
4684 <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
ea6dd5b0
EK		 4685 <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
4686 <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4687 <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4688 <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4689 <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4690 <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
f527e53f
EK		 4691 </select>
4692 </td>
4693
4694 <td class='boldbase'>$Lang::tr{'ovpn ha'}:</td>
52f61e49 4695 <td><select name='DAUTH' id="n2nhmac" $hmacdisabled>
f527e53f
EK		 4696 <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
4697 <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
4698 <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
4699 <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
f3dfb261 4700 <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
f527e53f
EK		 4701 </select>
4702 </td>
4703 </tr>
4704 <tr><td colspan=4><hr /></td></tr><tr>
4705
ce9abb66 4706END
8c877a82 4707;
ce9abb66 4708 }
52f61e49
EKD		 4709
4710#### JAVA SCRIPT ####
4711# Validate N2N cipher. If GCM will be used, HMAC menu will be disabled onchange
4712print<<END;
4713 <script>
4714 var disable_options = false;
4715 document.getElementById('n2ncipher').onchange = function () {
4716 if((this.value == "AES-256-GCM"||this.value == "AES-192-GCM"||this.value == "AES-128-GCM")) {
4717 document.getElementById('n2nhmac').setAttribute('disabled', true);
4718 } else {
4719 document.getElementById('n2nhmac').removeAttribute('disabled');
4720 }
4721 }
4722 </script>
4723END
4724
2ee746be 4725#jumper
e3edceeb 4726 print "<tr><td class='boldbase'>$Lang::tr{'remark title'}</td>";
8c877a82 4727 print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr></table>";
c6c9630e 4728
ce9abb66 4729 if ($cgiparams{'TYPE'} eq 'host') {
8c877a82
AM		 4730 print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>";
4731 }
ce9abb66 4732
8c877a82
AM		 4733 print"</tr></table><br><br>";
4734#A.Marx CCD new client
e81be1e1 4735if ($cgiparams{'TYPE'} eq 'host') {
8c877a82 4736 print "<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td colspan='3'><hr><br><b>$Lang::tr{'ccd choose net'}</td></tr><tr><td height='20' colspan='3'></td></tr>";
8c877a82
AM		 4737 my %vpnnet=();
4738 my $vpnip;
4739 &General::readhash("${General::swroot}/ovpn/settings", \%vpnnet);
4740 $vpnip=$vpnnet{'DOVPN_SUBNET'};
4741 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
4742 my @ccdconf=();
4743 my $count=0;
4744 my $checked;
4745 $checked{'check1'}{'off'} = '';
4746 $checked{'check1'}{'on'} = '';
4747 $checked{'check1'}{$cgiparams{'CHECK1'}} = 'CHECKED';
4748 print"<tr><td align='center' width='1%' valign='top'><input type='radio' name='CHECK1' value='dynamic' checked /></td><td align='left' valign='top' width='35%'>$Lang::tr{'ccd dynrange'} ($vpnip)</td><td width='30%'>";
4749 print"</td></tr></table><br><br>";
4750 my $name=$cgiparams{'CHECK1'};
4751 $checked{'RG'}{$cgiparams{'RG'}} = 'CHECKED';
4752
4753 if (! -z "${General::swroot}/ovpn/ccd.conf"){
4754 print"<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td width='1%'></td><td width='30%' class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td width='15%' class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' align='center' width='18%'><b>$Lang::tr{'ccd clientip'}</td></tr>";
df9b48b7 4755 foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
8c877a82
AM		 4756 $count++;
4757 @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
4758 if ($count % 2){print"<tr bgcolor='$color{'color22'}'>";}else{print"<tr bgcolor='$color{'color20'}'>";}
4759 print"<td align='center' width='1%'><input type='radio' name='CHECK1' value='$ccdconf[0]' $checked{'check1'}{$ccdconf[0]}/></td><td>$ccdconf[0]</td><td width='40%' align='center'>$ccdconf[1]</td><td align='left' width='10%'>";
4760 &fillselectbox($ccdconf[1],$ccdconf[0],$cgiparams{$name});
4761 print"</td></tr>";
4762 }
4763 print "</table><br><br><hr><br><br>";
4764 }
e81be1e1 4765}
8c877a82 4766# ccd end
6e13d0a5
MT		 4767 &Header::closebox();
4768 if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') {
8c877a82
AM		 4769
4770 } elsif (! $cgiparams{'KEY'}) {
4771
4772
6e13d0a5
MT		 4773 my $disabled='';
4774 my $cakeydisabled='';
4775 my $cacrtdisabled='';
4776 if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" };
4777 if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" };
8c877a82 4778
6e13d0a5 4779 &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'});
ce9abb66
AH		 4780
4781
4782 if ($cgiparams{'TYPE'} eq 'host') {
4783
49abe7af 4784 print <<END;
6e13d0a5 4785 <table width='100%' cellpadding='0' cellspacing='5' border='0'>
54fd0535 4786
ce9abb66
AH		 4787 <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td><td class='base'>$Lang::tr{'upload a certificate request'}</td><td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr>
4788 <tr><td><input type='radio' name='AUTH' value='certfile' $checked{'AUTH'}{'certfile'} $cacrtdisabled /></td><td class='base'>$Lang::tr{'upload a certificate'}</td></tr>
54fd0535
MT		 4789 <tr><td colspan='3'>&nbsp;</td></tr>
4790 <tr><td colspan='3'><hr /></td></tr>
4791 <tr><td colspan='3'>&nbsp;</td></tr>
ce9abb66 4792 <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
e3edceeb
LS		 4793 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users fullname or system hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
4794 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users email'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
4795 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users department'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
4796 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'organization name'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
4797 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'city'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
4798 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'state or province'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
ce9abb66 4799 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
6e13d0a5 4800END
ce9abb66
AH		 4801;
4802
4803###
7c1d9faf 4804# m.a.d net2net
ce9abb66
AH		 4805###
4806
4807} else {
4808
49abe7af 4809 print <<END;
ce9abb66
AH		 4810 <table width='100%' cellpadding='0' cellspacing='5' border='0'>
4811
4812 <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
e3edceeb
LS		 4813 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users fullname or system hostname'}:&nbsp;<img src='/blob.gif' alt='*' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
4814 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users email'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
4815 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users department'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
4816 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'organization name'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
4817 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'city'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
4818 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'state or province'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
ce9abb66 4819 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
54fd0535
MT		 4820
4821
ce9abb66
AH		 4822END
4823;
4824
4825}
4826
4827###
7c1d9faf 4828# m.a.d net2net
ce9abb66 4829###
c6c9630e 4830
6e13d0a5
MT		 4831 foreach my $country (sort keys %{Countries::countries}) {
4832 print "<option value='$Countries::countries{$country}'";
4833 if ( $Countries::countries{$country} eq $cgiparams{'CERT_COUNTRY'} ) {
4834 print " selected='selected'";
4835 }
4836 print ">$country</option>";
4837 }
ce9abb66 4838###
7c1d9faf 4839# m.a.d net2net
ce9abb66
AH		 4840###
4841
4842if ($cgiparams{'TYPE'} eq 'host') {
49abe7af 4843 print <<END;
f4fbb935 4844 </select></td></tr>
425465ed 4845 <td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):&nbsp;<img src='/blob.gif' alt='*' /</td>
f4fbb935
EK		 4846 <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
4847 <tr><td>&nbsp;</td>
6e13d0a5
MT		 4848 <td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
4849 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value='$cgiparams{'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr>
f4fbb935 4850 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'pkcs12 file password'}:<br>($Lang::tr{'confirmation'})</td>
6e13d0a5 4851 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr>
f4fbb935
EK		 4852 <tr><td colspan='3'>&nbsp;</td></tr>
4853 <tr><td colspan='3'><hr /></td></tr>
e3edceeb 4854 <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'required field'}</td></tr>
f4fbb935 4855 </table>
ce9abb66
AH		 4856END
4857}else{
49abe7af 4858 print <<END;
f4fbb935 4859 </select></td></tr>
425465ed 4860 <td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):&nbsp;<img src='/blob.gif' alt='*' /</td>
f4fbb935
EK		 4861 <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
4862 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
4863 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
4864 <tr><td colspan='3'><hr /></td></tr>
e3edceeb 4865 <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'required field'}</td></tr>
ce9abb66
AH		 4866 </table>
4867
c6c9630e 4868END
ce9abb66
AH		 4869}
4870
4871###
7c1d9faf 4872# m.a.d net2net
ce9abb66 4873###
c6c9630e
MT		 4874 ;
4875 &Header::closebox();
8c877a82
AM		 4876
4877 }
e81be1e1
AM		 4878
4879#A.Marx CCD new client
4880if ($cgiparams{'TYPE'} eq 'host') {
8c877a82
AM		 4881 print"<br><br>";
4882 &Header::openbox('100%', 'LEFT', "$Lang::tr{'ccd client options'}:");
4883
8c877a82
AM		 4884
4885 print <<END;
4886 <table border='0' width='100%'>
4887 <tr><td width='20%'>Redirect Gateway:</td><td colspan='3'><input type='checkbox' name='RG' $checked{'RG'}{'on'} /></td></tr>
4888 <tr><td colspan='4'><b><br>$Lang::tr{'ccd routes'}</b></td></tr>
4889 <tr><td colspan='4'>&nbsp</td></tr>
4890 <tr><td valign='top'>$Lang::tr{'ccd iroute'}</td><td align='left' width='30%'><textarea name='IR' cols='26' rows='6' wrap='off'>
4891END
4892
4893 if ($cgiparams{'IR'} ne ''){
4894 print $cgiparams{'IR'};
4895 }else{
4896 &General::readhasharray ("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
4897 foreach my $key (keys %ccdroutehash) {
4898 if( $cgiparams{'NAME'} eq $ccdroutehash{$key}[0]){
4899 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
4900 if ($ccdroutehash{$key}[$i] ne ''){
4901 print $ccdroutehash{$key}[$i]."\n";
4902 }
4903 $cgiparams{'IR'} .= $ccdroutehash{$key}[$i];
4904 }
4905 }
4906 }
c6c9630e 4907 }
8c877a82
AM		 4908
4909 print <<END;
4910</textarea></td><td valign='top' colspan='2'>$Lang::tr{'ccd iroutehint'}</td></tr>
4911 <tr><td colspan='4'><br></td></tr>
4912 <tr><td valign='top' rowspan='3'>$Lang::tr{'ccd iroute2'}</td><td align='left' valign='top' rowspan='3'><select name='IFROUTE' style="width: 205px"; size='6' multiple>
4913END
52d08bcb
AM		 4914
4915 my $set=0;
4916 my $selorange=0;
4917 my $selblue=0;
4918 my $selgreen=0;
4919 my $helpblue=0;
4920 my $helporange=0;
4921 my $other=0;
df9b48b7 4922 my $none=0;
52d08bcb
AM		 4923 my @temp=();
4924
8c877a82 4925 our @current = ();
52d08bcb
AM		 4926 open(FILE, "${General::swroot}/main/routing") ;
4927 @current = <FILE>;
4928 close (FILE);
4929 &General::readhasharray ("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
df9b48b7
AM		 4930 #check for "none"
4931 foreach my $key (keys %ccdroute2hash) {
4932 if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
4933 if ($ccdroute2hash{$key}[1] eq ''){
4934 $none=1;
4935 last;
4936 }
4937 }
4938 }
4939 if ($none ne '1'){
4940 print"<option>$Lang::tr{'ccd none'}</option>";
4941 }else{
4942 print"<option selected>$Lang::tr{'ccd none'}</option>";
4943 }
52d08bcb
AM		 4944 #check if static routes are defined for client
4945 foreach my $line (@current) {
4946 chomp($line);
4947 $line=~s/\s*$//g; # remove newline
4948 @temp=split(/\,/,$line);
4949 $temp[1] = '' unless defined $temp[1]; # not always populated
4950 my ($a,$b) = split(/\//,$temp[1]);
4951 $temp[1] = $a."/".&General::iporsubtocidr($b);
4952 foreach my $key (keys %ccdroute2hash) {
4953 if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
4954 foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
4955 if($ccdroute2hash{$key}[$i] eq $a."/".&General::iporsubtodec($b)){
4956 $set=1;
8c877a82
AM		 4957 }
4958 }
8c877a82 4959 }
52d08bcb
AM		 4960 }
4961 if ($set == '1' && $#temp != -1){ print"<option selected>$temp[1]</option>";$set=0;}elsif($set == '0' && $#temp != -1){print"<option>$temp[1]</option>";}
4962 }
3a445974
MT		 4963
4964 my %vpnconfig = ();
4965 &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig);
4966 foreach my $vpn (keys %vpnconfig) {
4967 # Skip all disabled VPN connections
4968 my $enabled = $vpnconfig{$vpn}[0];
4969 next unless ($enabled eq "on");
4970
4971 my $name = $vpnconfig{$vpn}[1];
4972
4973 # Remote subnets
4974 my @networks = split(/\|/, $vpnconfig{$vpn}[11]);
4975 foreach my $network (@networks) {
4976 my $selected = "";
4977
4978 foreach my $key (keys %ccdroute2hash) {
4979 if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) {
4980 foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
4981 if ($ccdroute2hash{$key}[$i] eq $network) {
4982 $selected = "selected";
4983 }
4984 }
4985 }
4986 }
4987
4988 print "<option value=\"$network\" $selected>$name ($network)</option>\n";
4989 }
4990 }
4991
52d08bcb
AM		 4992 #check if green,blue,orange are defined for client
4993 foreach my $key (keys %ccdroute2hash) {
4994 if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
4995 $other=1;
4996 foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
4997 if ($ccdroute2hash{$key}[$i] eq $netsettings{'GREEN_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'GREEN_NETMASK'})){
4998 $selgreen=1;
4999 }
5000 if (&haveBlueNet()){
5001 if( $ccdroute2hash{$key}[$i] eq $netsettings{'BLUE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'BLUE_NETMASK'})) {
5002 $selblue=1;
5003 }
5004 }
5005 if (&haveOrangeNet()){
5006 if( $ccdroute2hash{$key}[$i] eq $netsettings{'ORANGE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'ORANGE_NETMASK'}) ) {
5007 $selorange=1;
5008 }
5009 }
5010 }
5011 }
5012 }
5013 if (&haveBlueNet() && $selblue == '1'){ print"<option selected>$Lang::tr{'blue'}</option>";$selblue=0;}elsif(&haveBlueNet() && $selblue == '0'){print"<option>$Lang::tr{'blue'}</option>";}
5014 if (&haveOrangeNet() && $selorange == '1'){ print"<option selected>$Lang::tr{'orange'}</option>";$selorange=0;}elsif(&haveOrangeNet() && $selorange == '0'){print"<option>$Lang::tr{'orange'}</option>";}
5015 if ($selgreen == '1' || $other == '0'){ print"<option selected>$Lang::tr{'green'}</option>";$set=0;}else{print"<option>$Lang::tr{'green'}</option>";};
5016
49abe7af 5017 print<<END;
8c877a82
AM		 5018 </select></td><td valign='top'>DNS1:</td><td valign='top'><input type='TEXT' name='CCD_DNS1' value='$cgiparams{'CCD_DNS1'}' size='30' /></td></tr>
5019 <tr valign='top'><td>DNS2:</td><td><input type='TEXT' name='CCD_DNS2' value='$cgiparams{'CCD_DNS2'}' size='30' /></td></tr>
5020 <tr valign='top'><td valign='top'>WINS:</td><td><input type='TEXT' name='CCD_WINS' value='$cgiparams{'CCD_WINS'}' size='30' /></td></tr></table><br><hr>
5021
5022END
5023;
5024 &Header::closebox();
e81be1e1 5025}
c6c9630e
MT		 5026 print "<div align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
5027 if ($cgiparams{'KEY'}) {
5028# print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced'}' />";
5029 }
5030 print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>";
5031 &Header::closebigbox();
5032 &Header::closepage();
5033 exit (0);
6e13d0a5 5034 }
c6c9630e 5035 VPNCONF_END:
6e13d0a5 5036}
c6c9630e
MT		 5037
5038# SETTINGS_ERROR:
6e13d0a5
MT		 5039###
5040### Default status page
5041###
c6c9630e
MT		 5042 %cgiparams = ();
5043 %cahash = ();
5044 %confighash = ();
5045 &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
5046 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
5047 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
5048
87fe47e9 5049 my @status = `/bin/cat /var/run/ovpnserver.log`;
c6c9630e
MT		 5050
5051 if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
8c877a82
AM		 5052 if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
5053 my $ipaddr = <IPADDR>;
5054 close IPADDR;
5055 chomp ($ipaddr);
5056 $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
5057 if ($cgiparams{'VPN_IP'} eq '') {
5058 $cgiparams{'VPN_IP'} = $ipaddr;
5059 }
5060 }
c6c9630e
MT		 5061 }
5062
6e13d0a5 5063#default setzen
c6c9630e 5064 if ($cgiparams{'DCIPHER'} eq '') {
4c962356 5065 $cgiparams{'DCIPHER'} = 'AES-256-CBC';
c6c9630e 5066 }
c6c9630e 5067 if ($cgiparams{'DDEST_PORT'} eq '') {
4c962356 5068 $cgiparams{'DDEST_PORT'} = '1194';
c6c9630e
MT		 5069 }
5070 if ($cgiparams{'DMTU'} eq '') {
4c962356
EK		 5071 $cgiparams{'DMTU'} = '1400';
5072 }
5073 if ($cgiparams{'MSSFIX'} eq '') {
5074 $cgiparams{'MSSFIX'} = 'off';
5075 }
5076 if ($cgiparams{'DAUTH'} eq '') {
86308adb
EK		 5077 if (-z "${General::swroot}/ovpn/ovpnconfig") {
5078 $cgiparams{'DAUTH'} = 'SHA512';
5079 }
5080 foreach my $key (keys %confighash) {
5081 if ($confighash{$key}[3] ne 'host') {
5082 $cgiparams{'DAUTH'} = 'SHA512';
5083 } else {
5084 $cgiparams{'DAUTH'} = 'SHA1';
5085 }
5086 }
5087 }
0c4ffc69
EK		 5088 if ($cgiparams{'TLSAUTH'} eq '') {
5089 $cgiparams{'TLSAUTH'} = 'off';
5090 }
c6c9630e 5091 if ($cgiparams{'DOVPN_SUBNET'} eq '') {
4c962356 5092 $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
c6c9630e 5093 }
4c962356 5094 $checked{'ENABLED'}{'off'} = '';
c6c9630e
MT		 5095 $checked{'ENABLED'}{'on'} = '';
5096 $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
5097 $checked{'ENABLED_BLUE'}{'off'} = '';
5098 $checked{'ENABLED_BLUE'}{'on'} = '';
5099 $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED';
5100 $checked{'ENABLED_ORANGE'}{'off'} = '';
5101 $checked{'ENABLED_ORANGE'}{'on'} = '';
5102 $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
c6c9630e
MT		 5103
5104 $selected{'DPROTOCOL'}{'udp'} = '';
5105 $selected{'DPROTOCOL'}{'tcp'} = '';
5106 $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
4c962356 5107
52f61e49
EKD		 5108 $selected{'DCIPHER'}{'AES-256-GCM'} = '';
5109 $selected{'DCIPHER'}{'AES-192-GCM'} = '';
5110 $selected{'DCIPHER'}{'AES-128-GCM'} = '';
4c962356
EK		 5111 $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
5112 $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
5113 $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
5114 $selected{'DCIPHER'}{'AES-256-CBC'} = '';
5115 $selected{'DCIPHER'}{'AES-192-CBC'} = '';
5116 $selected{'DCIPHER'}{'AES-128-CBC'} = '';
c6c9630e
MT		 5117 $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
5118 $selected{'DCIPHER'}{'DESX-CBC'} = '';
4c962356
EK		 5119 $selected{'DCIPHER'}{'SEED-CBC'} = '';
5120 $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
5121 $selected{'DCIPHER'}{'CAST5-CBC'} = '';
5122 $selected{'DCIPHER'}{'BF-CBC'} = '';
4c962356 5123 $selected{'DCIPHER'}{'DES-CBC'} = '';
c6c9630e 5124 $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
4c962356
EK		 5125
5126 $selected{'DAUTH'}{'whirlpool'} = '';
5127 $selected{'DAUTH'}{'SHA512'} = '';
5128 $selected{'DAUTH'}{'SHA384'} = '';
5129 $selected{'DAUTH'}{'SHA256'} = '';
4c962356
EK		 5130 $selected{'DAUTH'}{'SHA1'} = '';
5131 $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
5132
0c4ffc69
EK		 5133 $checked{'TLSAUTH'}{'off'} = '';
5134 $checked{'TLSAUTH'}{'on'} = '';
5135 $checked{'TLSAUTH'}{$cgiparams{'TLSAUTH'}} = 'CHECKED';
5136
c6c9630e
MT		 5137 $checked{'DCOMPLZO'}{'off'} = '';
5138 $checked{'DCOMPLZO'}{'on'} = '';
5139 $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
4c962356 5140
d96c89eb
AH		 5141# m.a.d
5142 $checked{'MSSFIX'}{'off'} = '';
5143 $checked{'MSSFIX'}{'on'} = '';
5144 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
6e13d0a5 5145#new settings
c6c9630e
MT		 5146 &Header::showhttpheaders();
5147 &Header::openpage($Lang::tr{'status ovpn'}, 1, '');
5148 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
6e13d0a5 5149
c6c9630e 5150 if ($errormessage) {
6e13d0a5
MT		 5151 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
5152 print "<class name='base'>$errormessage\n";
5153 print "&nbsp;</class>\n";
5154 &Header::closebox();
c6c9630e 5155 }
6e13d0a5 5156
400c8afd
EK		 5157 if ($cryptoerror) {
5158 &Header::openbox('100%', 'LEFT', $Lang::tr{'crypto error'});
5159 print "<class name='base'>$cryptoerror";
5160 print "&nbsp;</class>";
5161 &Header::closebox();
5162 }
5163
5164 if ($cryptowarning) {
5165 &Header::openbox('100%', 'LEFT', $Lang::tr{'crypto warning'});
5166 print "<class name='base'>$cryptowarning";
5167 print "&nbsp;</class>";
5168 &Header::closebox();
5169 }
5170
b2e75449
MT		 5171 if ($warnmessage) {
5172 &Header::openbox('100%', 'LEFT', $Lang::tr{'warning messages'});
5173 print "$warnmessage<br>";
5174 print "$Lang::tr{'fwdfw warn1'}<br>";
5175 &Header::closebox();
5176 print"<center><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'ok'}' style='width: 5em;'></form>";
5177 &Header::closepage();
5178 exit 0;
5179 }
4d81e0f3 5180
c6c9630e
MT		 5181 my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
5182 my $srunning = "no";
5183 my $activeonrun = "";
5184 if ( -e "/var/run/openvpn.pid"){
6e13d0a5
MT		 5185 $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'running'}</font></b></td></tr></table>";
5186 $srunning ="yes";
5187 $activeonrun = "";
c6c9630e 5188 } else {
6e13d0a5 5189 $activeonrun = "disabled='disabled'";
c6c9630e 5190 }
afabe9f7 5191 &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'});
4c962356 5192 print <<END;
631b67b7 5193 <table width='100%' border='0'>
c6c9630e
MT		 5194 <form method='post'>
5195 <td width='25%'>&nbsp;</td>
5196 <td width='25%'>&nbsp;</td>
5197 <td width='25%'>&nbsp;</td></tr>
5198 <tr><td class='boldbase'>$Lang::tr{'ovpn server status'}</td>
5199 <td align='left'>$sactive</td>
5200 <tr><td class='boldbase'>$Lang::tr{'ovpn on red'}</td>
8c877a82 5201 <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
c6c9630e
MT		 5202END
5203;
5204 if (&haveBlueNet()) {
5205 print "<tr><td class='boldbase'>$Lang::tr{'ovpn on blue'}</td>";
5206 print "<td><input type='checkbox' name='ENABLED_BLUE' $checked{'ENABLED_BLUE'}{'on'} /></td>";
5207 }
5208 if (&haveOrangeNet()) {
5209 print "<tr><td class='boldbase'>$Lang::tr{'ovpn on orange'}</td>";
5210 print "<td><input type='checkbox' name='ENABLED_ORANGE' $checked{'ENABLED_ORANGE'}{'on'} /></td>";
86308adb
EK		 5211 }
5212
5213 print <<END;
5214
5215 <tr><td colspan='4'><br></td></tr>
5216 <tr>
5217 <td class'base'><b>$Lang::tr{'net config'}:</b></td>
5218 </tr>
5219 <tr><td colspan='1'><br></td></tr>
5220
4e17adad
CS		 5221 <tr><td class='base' nowrap='nowrap' colspan='2'>$Lang::tr{'local vpn hostname/ip'}:<br /><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' size='30' /></td>
5222 <td class='boldbase' nowrap='nowrap' colspan='2'>$Lang::tr{'ovpn subnet'}<br /><input type='TEXT' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}' size='30' /></td></tr>
c6c9630e
MT		 5223 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
5224 <td><select name='DPROTOCOL'><option value='udp' $selected{'DPROTOCOL'}{'udp'}>UDP</option>
5225 <option value='tcp' $selected{'DPROTOCOL'}{'tcp'}>TCP</option></select></td>
5226 <td class='boldbase'>$Lang::tr{'destination port'}:</td>
5227 <td><input type='TEXT' name='DDEST_PORT' value='$cgiparams{'DDEST_PORT'}' size='5' /></td></tr>
5228 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;</td>
bc2b3e94 5229 <td> <input type='TEXT' name='DMTU' VALUE='$cgiparams{'DMTU'}' size='5' /></td>
86308adb
EK		 5230 </tr>
5231
5232 <tr><td colspan='4'><br></td></tr>
5233 <tr>
5234 <td class'base'><b>$Lang::tr{'ovpn crypt options'}:</b></td>
5235 </tr>
5236 <tr><td colspan='1'><br></td></tr>
5237
5238 <tr>
5239 <td class='base'>$Lang::tr{'ovpn ha'}</td>
5240 <td><select name='DAUTH'>
5241 <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
5242 <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
5243 <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
5244 <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
5245 <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5246 </select>
5247 </td>
f527e53f 5248
4c962356
EK		 5249 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>
5250 <td><select name='DCIPHER'>
52f61e49
EKD		 5251 <option value='AES-256-GCM' $selected{'DCIPHER'}{'AES-256-GCM'}>AES-GCM (256 $Lang::tr{'bit'})</option>
5252 <option value='AES-192-GCM' $selected{'DCIPHER'}{'AES-192-GCM'}>AES-GCM (192 $Lang::tr{'bit'})</option>
5253 <option value='AES-128-GCM' $selected{'DCIPHER'}{'AES-128-GCM'}>AES-GCM (128 $Lang::tr{'bit'})</option>
4c962356 5254 <option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-CBC (256 $Lang::tr{'bit'})</option>
f527e53f 5255 <option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-CBC (192 $Lang::tr{'bit'})</option>
4c962356
EK		 5256 <option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-CBC (128 $Lang::tr{'bit'})</option>
5257 <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-CBC (256 $Lang::tr{'bit'})</option>
5258 <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-CBC (192 $Lang::tr{'bit'})</option>
5259 <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-CBC (128 $Lang::tr{'bit'})</option>
4c962356 5260 <option value='SEED-CBC' $selected{'DCIPHER'}{'SEED-CBC'}>SEED-CBC (128 $Lang::tr{'bit'})</option>
ea6dd5b0
EK		 5261 <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5262 <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC (192 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5263 <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5264 <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
5265 <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC (128 $Lang::tr{'bit'}, $Lang::tr{'vpn weak'})</option>
4c962356
EK		 5266 </select>
5267 </td>
4c962356 5268 </tr>
0c4ffc69
EK		 5269
5270 <tr><td colspan='4'><br></td></tr>
5271 <tr>
5272 <td class='base'>$Lang::tr{'ovpn tls auth'}</td>
5273 <td><input type='checkbox' name='TLSAUTH' $checked{'TLSAUTH'}{'on'} /></td>
5274 </tr>
5275
f7edf97a 5276 <tr><td colspan='4'><br><br></td></tr>
c6c9630e
MT		 5277END
5278;
5279
5280 if ( $srunning eq "yes" ) {
8c877a82
AM		 5281 print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' disabled='disabled' />";
5282 print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />";
5283 print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />";
5284 print "<input type='submit' name='ACTION' value='$Lang::tr{'stop ovpn server'}' /></td></tr>";
c6c9630e 5285 } else{
8c877a82
AM		 5286 print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
5287 print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />";
5288 print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />";
c6c9630e
MT		 5289 if (( -e "${General::swroot}/ovpn/ca/cacert.pem" &&
5290 -e "${General::swroot}/ovpn/ca/dh1024.pem" &&
5291 -e "${General::swroot}/ovpn/certs/servercert.pem" &&
5292 -e "${General::swroot}/ovpn/certs/serverkey.pem") &&
5293 (( $cgiparams{'ENABLED'} eq 'on') ||
5294 ( $cgiparams{'ENABLED_BLUE'} eq 'on') ||
5295 ( $cgiparams{'ENABLED_ORANGE'} eq 'on'))){
8c877a82 5296 print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' /></td></tr>";
c6c9630e 5297 } else {
8c877a82 5298 print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' disabled='disabled' /></td></tr>";
c6c9630e
MT		 5299 }
5300 }
5301 print "</form></table>";
5302 &Header::closebox();
6e13d0a5 5303
c6c9630e 5304 if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
ce9abb66 5305###
7c1d9faf 5306# m.a.d net2net
54fd0535 5307#<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b><br /><img src='/images/null.gif' width='125' height='1' border='0' alt='L2089' /></td>
ce9abb66
AH		 5308###
5309
4c962356 5310 &Header::openbox('100%', 'LEFT', $Lang::tr{'connection status and controlc' });
c6c9630e 5311 ;
99bfa85c
AM		 5312 my $id = 0;
5313 my $gif;
f7edf97a 5314 my $col1="";
5b942f7f 5315 my $lastnet;
c8b51e28 5316 foreach my $key (sort { ncmp ($confighash{$a}[32],$confighash{$b}[32]) } sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) {
5b942f7f
AM		 5317 if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]=$Lang::tr{'fwhost OpenVPN N-2-N'};}
5318 if ($confighash{$key}[32] eq "dynamic"){$confighash{$key}[32]=$Lang::tr{'ccd dynrange'};}
5319 if($id == 0){
5320 print"<b>$confighash{$key}[32]</b>";
5321 print <<END;
5322 <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
5323<tr>
5324 <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
5325 <th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th>
5326 <th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
5327 <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
71af643c 5328 <th width='5%' class='boldbase' colspan='7' align='center'><b>$Lang::tr{'action'}</b></th>
5b942f7f
AM		 5329</tr>
5330END
5331 }
5332 if ($id > 0 && $lastnet ne $confighash{$key}[32]){
5333 print "</table><br>";
5334 print"<b>$confighash{$key}[32]</b>";
5335 print <<END;
5336 <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
5337<tr>
5338 <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
5339 <th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th>
5340 <th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
5341 <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
71af643c 5342 <th width='5%' class='boldbase' colspan='7' align='center'><b>$Lang::tr{'action'}</b></th>
5b942f7f
AM		 5343</tr>
5344END
5345 }
eff2dbf8 5346 if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
c6c9630e 5347 if ($id % 2) {
99bfa85c
AM		 5348 print "<tr>";
5349 $col="bgcolor='$color{'color20'}'";
bb89e92a 5350 } else {
99bfa85c
AM		 5351 print "<tr>";
5352 $col="bgcolor='$color{'color22'}'";
c6c9630e 5353 }
99bfa85c
AM		 5354 print "<td align='center' nowrap='nowrap' $col>$confighash{$key}[1]</td>";
5355 print "<td align='center' nowrap='nowrap' $col>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>";
8c877a82
AM		 5356 #if ($confighash{$key}[4] eq 'cert') {
5357 #print "<td align='left' nowrap='nowrap'>$confighash{$key}[2]</td>";
5358 #} else {
5359 #print "<td align='left'>&nbsp;</td>";
5360 #}
c6c9630e
MT		 5361 my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
5362 $cavalid =~ /Not After : (.*)[\n]/;
5363 $cavalid = $1;
99bfa85c 5364 print "<td align='center' $col>$confighash{$key}[25]</td>";
f7edf97a
AM		 5365 $col1="bgcolor='${Header::colourred}'";
5366 my $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>";
ce9abb66 5367
c6c9630e 5368 if ($confighash{$key}[0] eq 'off') {
f7edf97a
AM		 5369 $col1="bgcolor='${Header::colourblue}'";
5370 $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>";
c6c9630e 5371 } else {
ce9abb66
AH		 5372
5373###
7c1d9faf 5374# m.a.d net2net
f7edf97a
AM		 5375###
5376
b278daf3 5377 if ($confighash{$key}[3] eq 'net') {
54fd0535
MT		 5378
5379 if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
5380 my @output = "";
5381 my @tustate = "";
5382 my $tport = $confighash{$key}[22];
5383 my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport);
5384 if ($tport ne '') {
5385 $tnet->open('127.0.0.1');
5386 @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/');
5387 @tustate = split(/\,/, $output[1]);
5388###
5389#CONNECTING -- OpenVPN's initial state.
5390#WAIT -- (Client only) Waiting for initial response from server.
5391#AUTH -- (Client only) Authenticating with server.
5392#GET_CONFIG -- (Client only) Downloading configuration options from server.
5393#ASSIGN_IP -- Assigning IP address to virtual network interface.
5394#ADD_ROUTES -- Adding routes to system.
5395#CONNECTED -- Initialization Sequence Completed.
5396#RECONNECTING -- A restart has occurred.
5397#EXITING -- A graceful exit is in progress.
5398####
5399
ed4b4c19 5400 if (($tustate[1] eq 'CONNECTED') || ($tustate[1] eq 'WAIT')) {
f7edf97a
AM		 5401 $col1="bgcolor='${Header::colourgreen}'";
5402 $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b>";
5403 }else {
5404 $col1="bgcolor='${Header::colourred}'";
5405 $active = "<b><font color='#FFFFFF'>$tustate[1]</font></b>";
5406 }
54fd0535 5407 }
54fd0535 5408 }
f7edf97a
AM		 5409 }else {
5410
5411 my $cn;
5412 my @match = ();
5413 foreach my $line (@status) {
5414 chomp($line);
5415 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
5416 @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
5417 if ($match[1] ne "Common Name") {
5418 $cn = $match[1];
5419 }
5420 $cn =~ s/[_]/ /g;
5421 if ($cn eq "$confighash{$key}[2]") {
5422 $col1="bgcolor='${Header::colourgreen}'";
5423 $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b>";
5424 }
5425 }
5426 }
c6c9630e 5427 }
7c1d9faf 5428}
ce9abb66
AH		 5429
5430
4c962356 5431 print <<END;
f7edf97a 5432 <td align='center' $col1>$active</td>
c6c9630e 5433
99bfa85c 5434 <form method='post' name='frm${key}a'><td align='center' $col>
96096995
AM		 5435 <input type='image' name='$Lang::tr{'dl client arch'}' src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
5436 <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
5437 <input type='hidden' name='KEY' value='$key' />
c6c9630e
MT		 5438 </td></form>
5439END
5440 ;
71af643c
MT		 5441
5442 if ($confighash{$key}[41] eq "no-pass") {
5443 print <<END;
5444 <form method='post' name='frm${key}g'><td align='center' $col>
5445 <input type='image' name='$Lang::tr{'dl client arch insecure'}' src='/images/openvpn.png'
5446 alt='$Lang::tr{'dl client arch insecure'}' title='$Lang::tr{'dl client arch insecure'}' border='0' />
5447 <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
5448 <input type='hidden' name='MODE' value='insecure' />
5449 <input type='hidden' name='KEY' value='$key' />
5450 </td></form>
5451END
5452 } else {
5453 print "<td $col>&nbsp;</td>";
5454 }
5455
c6c9630e 5456 if ($confighash{$key}[4] eq 'cert') {
4c962356 5457 print <<END;
99bfa85c 5458 <form method='post' name='frm${key}b'><td align='center' $col>
c6c9630e
MT		 5459 <input type='image' name='$Lang::tr{'show certificate'}' src='/images/info.gif' alt='$Lang::tr{'show certificate'}' title='$Lang::tr{'show certificate'}' border='0' />
5460 <input type='hidden' name='ACTION' value='$Lang::tr{'show certificate'}' />
5461 <input type='hidden' name='KEY' value='$key' />
5462 </td></form>
5463END
5464 ; } else {
5465 print "<td>&nbsp;</td>";
5466 }
5467 if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") {
4c962356 5468 print <<END;
99bfa85c 5469 <form method='post' name='frm${key}c'><td align='center' $col>
438dd0cc 5470 <input type='image' name='$Lang::tr{'download pkcs12 file'}' src='/images/media-floppy.png' alt='$Lang::tr{'download pkcs12 file'}' title='$Lang::tr{'download pkcs12 file'}' border='0' />
c6c9630e
MT		 5471 <input type='hidden' name='ACTION' value='$Lang::tr{'download pkcs12 file'}' />
5472 <input type='hidden' name='KEY' value='$key' />
5473 </td></form>
5474END
5475 ; } elsif ($confighash{$key}[4] eq 'cert') {
4c962356 5476 print <<END;
99bfa85c 5477 <form method='post' name='frm${key}c'><td align='center' $col>
438dd0cc 5478 <input type='image' name='$Lang::tr{'download certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' title='$Lang::tr{'download certificate'}' border='0' />
c6c9630e
MT		 5479 <input type='hidden' name='ACTION' value='$Lang::tr{'download certificate'}' />
5480 <input type='hidden' name='KEY' value='$key' />
5481 </td></form>
5482END
5483 ; } else {
5484 print "<td>&nbsp;</td>";
5485 }
5486 print <<END
99bfa85c 5487 <form method='post' name='frm${key}d'><td align='center' $col>
c6c9630e
MT		 5488 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$Lang::tr{'toggle enable disable'}' title='$Lang::tr{'toggle enable disable'}' border='0' />
5489 <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
5490 <input type='hidden' name='KEY' value='$key' />
5491 </td></form>
5492
99bfa85c 5493 <form method='post' name='frm${key}e'><td align='center' $col>
c6c9630e
MT		 5494 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
5495 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' width='20' height='20' border='0'/>
5496 <input type='hidden' name='KEY' value='$key' />
5497 </td></form>
99bfa85c 5498 <form method='post' name='frm${key}f'><td align='center' $col>
c6c9630e
MT		 5499 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
5500 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' width='20' height='20' border='0' />
5501 <input type='hidden' name='KEY' value='$key' />
5502 </td></form>
5503 </tr>
5504END
5505 ;
5506 $id++;
5b942f7f 5507 $lastnet = $confighash{$key}[32];
c6c9630e 5508 }
5b942f7f 5509 print"</table>";
c6c9630e
MT		 5510 ;
5511
5512 # If the config file contains entries, print Key to action icons
5513 if ( $id ) {
4c962356 5514 print <<END;
8c877a82 5515 <table border='0'>
c6c9630e 5516 <tr>
4c962356
EK		 5517 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
5518 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
5519 <td class='base'>$Lang::tr{'click to disable'}</td>
5520 <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
5521 <td class='base'>$Lang::tr{'show certificate'}</td>
5522 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
5523 <td class='base'>$Lang::tr{'edit'}</td>
5524 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
5525 <td class='base'>$Lang::tr{'remove'}</td>
c6c9630e
MT		 5526 </tr>
5527 <tr>
4c962356
EK		 5528 <td>&nbsp; </td>
5529 <td>&nbsp; <img src='/images/off.gif' alt='?OFF' /></td>
5530 <td class='base'>$Lang::tr{'click to enable'}</td>
5531 <td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
5532 <td class='base'>$Lang::tr{'download certificate'}</td>
5533 <td>&nbsp; &nbsp; <img src='/images/openvpn.png' alt='?RELOAD'/></td>
5534 <td class='base'>$Lang::tr{'dl client arch'}</td>
5535 </tr>
f7edf97a 5536 </table><br>
c6c9630e
MT		 5537END
5538 ;
5539 }
5540
4c962356 5541 print <<END;
c6c9630e
MT		 5542 <table width='100%'>
5543 <form method='post'>
4c962356
EK		 5544 <tr><td align='right'>
5545 <input type='submit' name='ACTION' value='$Lang::tr{'add'}' />
5546 <input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td>
5547 </tr>
c6c9630e
MT		 5548 </form>
5549 </table>
5550END
4c962356
EK		 5551 ;
5552 &Header::closebox();
5553 }
fd5ccb2d
EK		 5554
5555 # CA/key listing
4c962356
EK		 5556 &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}");
5557 print <<END;
5558 <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
5559 <tr>
5560 <th width='25%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
5561 <th width='65%' class='boldbase' align='center'><b>$Lang::tr{'subject'}</b></th>
5562 <th width='10%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></th>
5563 </tr>
5564END
5565 ;
5566 my $col1="bgcolor='$color{'color22'}'";
f7fb5bc5 5567 my $col2="bgcolor='$color{'color20'}'";
c8f50356 5568 # DH parameter line
f7fb5bc5 5569 my $col3="bgcolor='$color{'color22'}'";
fd5ccb2d
EK		 5570 # ta.key line
5571 my $col4="bgcolor='$color{'color20'}'";
f7fb5bc5 5572
4c962356
EK		 5573 if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
5574 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
5575 $casubject =~ /Subject: (.*)[\n]/;
5576 $casubject = $1;
5577 $casubject =~ s+/Email+, E+;
5578 $casubject =~ s/ ST=/ S=/;
5579 print <<END;
5580 <tr>
5581 <td class='base' $col1>$Lang::tr{'root certificate'}</td>
5582 <td class='base' $col1>$casubject</td>
c8f50356 5583 <form method='post' name='frmrootcrta'><td width='3%' align='center' $col1>
4c962356
EK		 5584 <input type='hidden' name='ACTION' value='$Lang::tr{'show root certificate'}' />
5585 <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show root certificate'}' title='$Lang::tr{'show root certificate'}' width='20' height='20' border='0' />
c8f50356
EK		 5586 </form>
5587 <form method='post' name='frmrootcrtb'><td width='3%' align='center' $col1>
4c962356
EK		 5588 <input type='image' name='$Lang::tr{'download root certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download root certificate'}' title='$Lang::tr{'download root certificate'}' border='0' />
5589 <input type='hidden' name='ACTION' value='$Lang::tr{'download root certificate'}' />
c8f50356
EK		 5590 </form>
5591 <td width='4%' $col1>&nbsp;</td>
5592 </tr>
4c962356
EK		 5593END
5594 ;
5595 } else {
5596 # display rootcert generation buttons
5597 print <<END;
5598 <tr>
5599 <td class='base' $col1>$Lang::tr{'root certificate'}:</td>
5600 <td class='base' $col1>$Lang::tr{'not present'}</td>
c8f50356
EK		 5601 <td colspan='3' $col1>&nbsp;</td>
5602 </tr>
4c962356
EK		 5603END
5604 ;
5605 }
5606
5607 if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
5608 my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
5609 $hostsubject =~ /Subject: (.*)[\n]/;
5610 $hostsubject = $1;
5611 $hostsubject =~ s+/Email+, E+;
5612 $hostsubject =~ s/ ST=/ S=/;
5613
5614 print <<END;
5615 <tr>
5616 <td class='base' $col2>$Lang::tr{'host certificate'}</td>
5617 <td class='base' $col2>$hostsubject</td>
c8f50356 5618 <form method='post' name='frmhostcrta'><td width='3%' align='center' $col2>
4c962356
EK		 5619 <input type='hidden' name='ACTION' value='$Lang::tr{'show host certificate'}' />
5620 <input type='image' name='$Lang::tr{'show host certificate'}' src='/images/info.gif' alt='$Lang::tr{'show host certificate'}' title='$Lang::tr{'show host certificate'}' width='20' height='20' border='0' />
c8f50356
EK		 5621 </form>
5622 <form method='post' name='frmhostcrtb'><td width='3%' align='center' $col2>
4c962356
EK		 5623 <input type='image' name="$Lang::tr{'download host certificate'}" src='/images/media-floppy.png' alt="$Lang::tr{'download host certificate'}" title="$Lang::tr{'download host certificate'}" border='0' />
5624 <input type='hidden' name='ACTION' value="$Lang::tr{'download host certificate'}" />
c8f50356
EK		 5625 </td></form>
5626 <td width='4%' $col2>&nbsp;</td>
5627 </tr>
4c962356
EK		 5628END
5629 ;
5630 } else {
5631 # Nothing
5632 print <<END;
5633 <tr>
5634 <td width='25%' class='base' $col2>$Lang::tr{'host certificate'}:</td>
5635 <td class='base' $col2>$Lang::tr{'not present'}</td>
c8f50356
EK		 5636 </td><td colspan='3' $col2>&nbsp;</td>
5637 </tr>
4c962356
EK		 5638END
5639 ;
5640 }
ce9abb66 5641
f7fb5bc5
EK		 5642 # Adding DH parameter to chart
5643 if (-f "${General::swroot}/ovpn/ca/dh1024.pem") {
5644 my $dhsubject = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
c8f50356 5645 $dhsubject =~ / (.*)[\n]/;
f7fb5bc5
EK		 5646 $dhsubject = $1;
5647
5648
5649 print <<END;
5650 <tr>
5651 <td class='base' $col3>$Lang::tr{'dh parameter'}</td>
5652 <td class='base' $col3>$dhsubject</td>
c8f50356 5653 <form method='post' name='frmdhparam'><td width='3%' align='center' $col3>
f7fb5bc5
EK		 5654 <input type='hidden' name='ACTION' value='$Lang::tr{'show dh'}' />
5655 <input type='image' name='$Lang::tr{'show dh'}' src='/images/info.gif' alt='$Lang::tr{'show dh'}' title='$Lang::tr{'show dh'}' width='20' height='20' border='0' />
c8f50356
EK		 5656 </form>
5657 <form method='post' name='frmdhparam'><td width='3%' align='center' $col3>
c8f50356
EK		 5658 </form>
5659 <td width='4%' $col3>&nbsp;</td>
5660 </tr>
f7fb5bc5
EK		 5661END
5662 ;
5663 } else {
5664 # Nothing
5665 print <<END;
5666 <tr>
5667 <td width='25%' class='base' $col3>$Lang::tr{'dh parameter'}:</td>
5668 <td class='base' $col3>$Lang::tr{'not present'}</td>
c8f50356
EK		 5669 </td><td colspan='3' $col3>&nbsp;</td>
5670 </tr>
f7fb5bc5
EK		 5671END
5672 ;
5673 }
5674
fd5ccb2d
EK		 5675 # Adding ta.key to chart
5676 if (-f "${General::swroot}/ovpn/certs/ta.key") {
5677 my $tasubject = `/bin/cat ${General::swroot}/ovpn/certs/ta.key`;
5678 $tasubject =~ /# (.*)[\n]/;
5679 $tasubject = $1;
5680 print <<END;
5681
5682 <tr>
5683 <td class='base' $col4>$Lang::tr{'ta key'}</td>
5684 <td class='base' $col4>$tasubject</td>
5685 <form method='post' name='frmtakey'><td width='3%' align='center' $col4>
5686 <input type='hidden' name='ACTION' value='$Lang::tr{'show tls-auth key'}' />
5687 <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show tls-auth key'}' title='$Lang::tr{'show tls-auth key'}' width='20' height='20' border='0' />
5688 </form>
5689 <form method='post' name='frmtakey'><td width='3%' align='center' $col4>
5690 <input type='image' name='$Lang::tr{'download tls-auth key'}' src='/images/media-floppy.png' alt='$Lang::tr{'download tls-auth key'}' title='$Lang::tr{'download tls-auth key'}' border='0' />
5691 <input type='hidden' name='ACTION' value='$Lang::tr{'download tls-auth key'}' />
5692 </form>
5693 <td width='4%' $col4>&nbsp;</td>
5694 </tr>
5695END
5696 ;
5697 } else {
5698 # Nothing
5699 print <<END;
5700 <tr>
5701 <td width='25%' class='base' $col4>$Lang::tr{'ta key'}:</td>
5702 <td class='base' $col4>$Lang::tr{'not present'}</td>
5703 <td colspan='3' $col4>&nbsp;</td>
5704 </tr>
5705END
5706 ;
5707 }
5708
4c962356
EK		 5709 if (! -f "${General::swroot}/ovpn/ca/cacert.pem") {
5710 print "<tr><td colspan='5' align='center'><form method='post'>";
5711 print "<input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' />";
5712 print "</form></td></tr>\n";
5713 }
5714
5715 if (keys %cahash > 0) {
5716 foreach my $key (keys %cahash) {
5717 if (($key + 1) % 2) {
5718 print "<tr bgcolor='$color{'color20'}'>\n";
5719 } else {
5720 print "<tr bgcolor='$color{'color22'}'>\n";
5721 }
5722 print "<td class='base'>$cahash{$key}[0]</td>\n";
5723 print "<td class='base'>$cahash{$key}[1]</td>\n";
5724 print <<END;
5725 <form method='post' name='cafrm${key}a'><td align='center'>
5726 <input type='image' name='$Lang::tr{'show ca certificate'}' src='/images/info.gif' alt='$Lang::tr{'show ca certificate'}' title='$Lang::tr{'show ca certificate'}' border='0' />
5727 <input type='hidden' name='ACTION' value='$Lang::tr{'show ca certificate'}' />
5728 <input type='hidden' name='KEY' value='$key' />
5729 </td></form>
5730 <form method='post' name='cafrm${key}b'><td align='center'>
5731 <input type='image' name='$Lang::tr{'download ca certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download ca certificate'}' title='$Lang::tr{'download ca certificate'}' border='0' />
5732 <input type='hidden' name='ACTION' value='$Lang::tr{'download ca certificate'}' />
5733 <input type='hidden' name='KEY' value='$key' />
5734 </td></form>
5735 <form method='post' name='cafrm${key}c'><td align='center'>
5736 <input type='hidden' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
5737 <input type='image' name='$Lang::tr{'remove ca certificate'}' src='/images/delete.gif' alt='$Lang::tr{'remove ca certificate'}' title='$Lang::tr{'remove ca certificate'}' width='20' height='20' border='0' />
5738 <input type='hidden' name='KEY' value='$key' />
5739 </td></form></tr>
5740END
5741 ;
5742 }
5743 }
5744
5745 print "</table>";
5746
5747 # If the file contains entries, print Key to action icons
5748 if ( -f "${General::swroot}/ovpn/ca/cacert.pem") {
5749 print <<END;
5750 <table>
5751 <tr>
5752 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
5753 <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
5754 <td class='base'>$Lang::tr{'show certificate'}</td>
5755 <td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' /></td>
5756 <td class='base'>$Lang::tr{'download certificate'}</td>
5757 </tr>
5758 </table>
5759END
5760 ;
5761 }
ce9abb66 5762
4c962356 5763 print <<END
578f23c8
SS		 5764
5765 <br><hr><br>
5766
4c962356 5767 <form method='post' enctype='multipart/form-data'>
578f23c8
SS		 5768 <table border='0' width='100%'>
5769 <tr>
5770 <td colspan='4'><b>$Lang::tr{'upload ca certificate'}</b></td>
5771 </tr>
4c962356 5772
578f23c8
SS		 5773 <tr>
5774 <td width='10%'>$Lang::tr{'ca name'}:</td>
5775 <td width='30%'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'></td>
5776 <td width='30%'><input type='file' name='FH' size='25'>
5777 <td width='30%'align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}'></td>
5778 </tr>
f527e53f 5779
578f23c8
SS		 5780 <tr>
5781 <td colspan='3'>&nbsp;</td>
5782 <td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td>
5783 </tr>
5784 </table>
f527e53f 5785
578f23c8
SS		 5786 <br>
5787
5788 <table border='0' width='100%'>
5789 <tr>
5790 <td colspan='4'><b>$Lang::tr{'ovpn dh parameters'}</b></td>
5791 </tr>
5792
5793 <tr>
5794 <td width='40%'>$Lang::tr{'ovpn dh upload'}:</td>
5795 <td width='30%'><input type='file' name='FH' size='25'>
5796 <td width='30%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'upload dh key'}'></td>
5797 </tr>
5798
5799 <tr>
5800 <td width='40%'>$Lang::tr{'ovpn dh new key'}:</td>
5801 <td colspan='2' width='60%' align='right'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
5802 </tr>
5803 </table>
5804 </form>
f527e53f 5805
578f23c8 5806 <br><hr>
4c962356
EK		 5807END
5808 ;
5809
5810 if ( $srunning eq "yes" ) {
5811 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' disabled='disabled' /></div></form>\n";
5812 } else {
5813 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' /></div></form>\n";
5814 }
5815 &Header::closebox();
5816END
5817 ;
5818
5819&Header::closepage();
ce9abb66 5820
Peter's tree of IPFire 2.x