]>
git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - html/cgi-bin/ovpnmain.cgi
2 # based on SmoothWall and IPCop CGIs
4 # This code is distributed under the terms of the GPL
5 # Main idea from zeroconcept
6 # ZERNINA-VERSION:0.9.7a9
7 # (c) 2005 Ufuk Altinkaynak
9 # Ipcop and OpenVPN eas as one two three..
13 use CGI qw
/:standard/ ;
16 use File
:: Temp qw
/ tempfile tempdir / ;
18 use Archive
:: Zip
qw(:ERROR_CODES :CONSTANTS) ;
20 require '/var/ipfire/general-functions.pl' ;
21 require '/srv/web/ipfire/cgi-bin/ovpnfunc.pl' ;
22 require "${General::swroot}/lang.pl" ;
23 require "${General::swroot}/header.pl" ;
24 require "${General::swroot}/countries.pl" ;
26 # enable only the following on debugging purpose
28 #use CGI::Carp 'fatalsToBrowser';
29 #workaround to suppress a warning when a variable is used only once
30 my @dummy = ( ${ Header
:: colourgreen
} );
34 my %mainsettings = ();
35 & General
:: readhash
( "${General::swroot}/main/settings" , \
%mainsettings );
36 & General
:: readhash
( "/srv/web/ipfire/html/themes/" . $mainsettings { 'THEME' }. "/include/colors.txt" , \
%color );
39 ### Initialize variables
49 my $errormessage = '' ;
51 my $zerinaclient = '' ;
52 & General
:: readhash
( "${General::swroot}/ethernet/settings" , \
%netsettings );
53 $cgiparams { 'ENABLED' } = 'off' ;
54 $cgiparams { 'ENABLED_BLUE' } = 'off' ;
55 $cgiparams { 'ENABLED_ORANGE' } = 'off' ;
56 $cgiparams { 'EDIT_ADVANCED' } = 'off' ;
57 $cgiparams { 'NAT' } = 'off' ;
58 $cgiparams { 'COMPRESSION' } = 'off' ;
59 $cgiparams { 'ONLY_PROPOSED' } = 'off' ;
60 $cgiparams { 'ACTION' } = '' ;
61 $cgiparams { 'CA_NAME' } = '' ;
62 $cgiparams { 'DHCP_DOMAIN' } = '' ;
63 $cgiparams { 'DHCP_DNS' } = '' ;
64 $cgiparams { 'DHCP_WINS' } = '' ;
65 $cgiparams { 'DCOMPLZO' } = 'off' ;
66 & Header
:: getcgihash
( \
%cgiparams , { 'wantfile' => 1 , 'filevar' => 'FH' });
68 # prepare openvpn config file
74 ### OpenVPN Server Control
76 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'start ovpn server' } ||
77 $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'stop ovpn server' } ||
78 $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'restart ovpn server' }) {
79 my $serveractive = `/bin/ps ax|grep server.conf|grep -v grep|awk \' {print \ $1 } \' ` ;
81 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'start ovpn server' }){
82 & Ovpnfunc
:: emptyserverlog
();
83 system ( '/usr/local/bin/openvpnctrl' , '-s' );
86 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'stop ovpn server' }){
87 if ( $serveractive ne '' ){
88 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $serveractive );
90 system ( '/usr/local/bin/openvpnctrl' , '-k' );
91 & Ovpnfunc
:: emptyserverlog
();
93 # #restart openvpn server
94 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'restart ovpn server' }){
95 #workarund, till SIGHUP also works when running as nobody
96 if ( $serveractive ne '' ){
97 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $serveractive );
99 system ( '/usr/local/bin/openvpnctrl' , '-k' );
100 & Ovpnfunc
:: emptyserverlog
();
101 system ( '/usr/local/bin/openvpnctrl' , '-s' );
106 ### Save Advanced options
109 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save-adv-options' }) {
110 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
111 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
112 #DAN this value has to leave.
113 #new settings for daemon
114 $vpnsettings { 'LOG_VERB' } = $cgiparams { 'LOG_VERB' };
115 $vpnsettings { 'KEEPALIVE_1' } = $cgiparams { 'KEEPALIVE_1' };
116 $vpnsettings { 'KEEPALIVE_2' } = $cgiparams { 'KEEPALIVE_2' };
117 $vpnsettings { 'MAX_CLIENTS' } = $cgiparams { 'MAX_CLIENTS' };
118 $vpnsettings { 'REDIRECT_GW_DEF1' } = $cgiparams { 'REDIRECT_GW_DEF1' };
119 $vpnsettings { 'CLIENT2CLIENT' } = $cgiparams { 'CLIENT2CLIENT' };
120 $vpnsettings { 'DHCP_DOMAIN' } = $cgiparams { 'DHCP_DOMAIN' };
121 $vpnsettings { 'DHCP_DNS' } = $cgiparams { 'DHCP_DNS' };
122 $vpnsettings { 'DHCP_WINS' } = $cgiparams { 'DHCP_WINS' };
123 #additional push route
124 $vpnsettings { 'AD_ROUTE1' } = $cgiparams { 'AD_ROUTE1' };
125 $vpnsettings { 'AD_ROUTE2' } = $cgiparams { 'AD_ROUTE2' };
126 $vpnsettings { 'AD_ROUTE3' } = $cgiparams { 'AD_ROUTE3' };
127 #additional push route
129 #################################################################################
130 # Added by Philipp Jenni #
132 # Contact: philipp.jenni-at-gmx.ch #
134 # Description: Add the FAST-IO Parameter from OpenVPN to the Zerina Config #
135 # Add the NICE Parameter from OpenVPN to the Zerina Config #
136 # Add the MTU-DISC Parameter from OpenVPN to the Zerina Config #
137 # Add the MSSFIX Parameter from OpenVPN to the Zerina Config #
138 # Add the FRAMGMENT Parameter from OpenVPN to the Zerina Config #
139 #################################################################################
140 $vpnsettings { 'EXTENDED_FASTIO' } = $cgiparams { 'EXTENDED_FASTIO' };
141 $vpnsettings { 'EXTENDED_NICE' } = $cgiparams { 'EXTENDED_NICE' };
142 $vpnsettings { 'EXTENDED_MTUDISC' } = $cgiparams { 'EXTENDED_MTUDISC' };
143 $vpnsettings { 'EXTENDED_MSSFIX' } = $cgiparams { 'EXTENDED_MSSFIX' };
144 $vpnsettings { 'EXTENDED_FRAGMENT' } = $cgiparams { 'EXTENDED_FRAGMENT' };
145 #################################################################################
146 # End of Inserted Data #
147 #################################################################################
150 if ( $cgiparams { 'DHCP_DOMAIN' } ne '' ){
151 unless (& General
:: validfqdn
( $cgiparams { 'DHCP_DOMAIN' }) || & General
:: validip
( $cgiparams { 'DHCP_DOMAIN' })) {
152 $errormessage = $Lang :: tr
{ 'invalid input for dhcp domain' };
156 if ( $cgiparams { 'DHCP_DNS' } ne '' ){
157 unless (& General
:: validfqdn
( $cgiparams { 'DHCP_DNS' }) || & General
:: validip
( $cgiparams { 'DHCP_DNS' })) {
158 $errormessage = $Lang :: tr
{ 'invalid input for dhcp dns' };
162 if ( $cgiparams { 'DHCP_WINS' } ne '' ){
163 unless (& General
:: validfqdn
( $cgiparams { 'DHCP_WINS' }) || & General
:: validip
( $cgiparams { 'DHCP_WINS' })) {
164 $errormessage = $Lang :: tr
{ 'invalid input for dhcp wins' };
168 if ( $cgiparams { 'AD_ROUTE1' } ne '' ){
169 if (! & General
:: validipandmask
( $cgiparams { 'AD_ROUTE1' })) {
170 $errormessage = $Lang :: tr
{ 'route subnet is invalid' };
174 if ( $cgiparams { 'AD_ROUTE2' } ne '' ){
175 if (! & General
:: validipandmask
( $cgiparams { 'AD_ROUTE2' })) {
176 $errormessage = $Lang :: tr
{ 'route subnet is invalid' };
180 if ( $cgiparams { 'AD_ROUTE3' } ne '' ){
181 if (! & General
:: validipandmask
( $cgiparams { 'AD_ROUTE3' })) {
182 $errormessage = $Lang :: tr
{ 'route subnet is invalid' };
187 if (( length ( $cgiparams { 'MAX_CLIENTS' }) == 0 ) || (( $cgiparams { 'MAX_CLIENTS' }) < 1 ) || (( $cgiparams { 'MAX_CLIENTS' }) > 255 )) {
188 $errormessage = $Lang :: tr
{ 'invalid input for max clients' };
191 if ( $cgiparams { 'KEEPALIVE_1' } ne '' ) {
192 if ( $cgiparams { 'KEEPALIVE_1' } !~ /^[0-9]+$/ ) {
193 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 1' };
197 if ( $cgiparams { 'KEEPALIVE_2' } ne '' ){
198 if ( $cgiparams { 'KEEPALIVE_2' } !~ /^[0-9]+$/ ) {
199 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 2' };
203 if ( $cgiparams { 'KEEPALIVE_2' } < ( $cgiparams { 'KEEPALIVE_1' } * 2 )){
204 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 1:2' };
208 & General
:: writehash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
209 & Ovpnfunc
:: writeserverconf
(); #hier ok
213 ### Save main settings
215 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' } && $cgiparams { 'TYPE' } eq '' && $cgiparams { 'KEY' } eq '' ) {
216 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
217 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
218 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
219 #DAN this value has to leave.
220 if ( $cgiparams { 'ENABLED' } eq 'on' ){
221 unless (& General
:: validfqdn
( $cgiparams { 'VPN_IP' }) || & General
:: validip
( $cgiparams { 'VPN_IP' })) {
222 $errormessage = $Lang :: tr
{ 'invalid input for hostname' };
226 if ( $cgiparams { 'ENABLED' } eq 'on' ){
227 $errormessage = & Ovpnfunc
:: disallowreserved
( $cgiparams { 'DDEST_PORT' }, 0 , $cgiparams { 'DPROTOCOL' }, "dest" );
229 if ( $errormessage ) { goto SETTINGS_ERROR
; }
232 if ( $cgiparams { 'ENABLED' } eq 'on' ){
233 $errormessage = & Ovpnfunc
:: checkportfw
( 0 , $cgiparams { 'DDEST_PORT' }, $cgiparams { 'DPROTOCOL' }, '0.0.0.0' );
236 if ( $errormessage ) { goto SETTINGS_ERROR
; }
238 if (! & General
:: validipandmask
( $cgiparams { 'DOVPN_SUBNET' })) {
239 $errormessage = $Lang :: tr
{ 'ovpn subnet is invalid' };
242 my @tmpovpnsubnet = split ( "\/" , $cgiparams { 'DOVPN_SUBNET' });
243 $tmpovpnsubnet [ 1 ] = & Ovpnfunc
:: cidrormask
( $tmpovpnsubnet [ 1 ]);
244 $cgiparams { 'DOVPN_SUBNET' } = " $tmpovpnsubnet [0]/ $tmpovpnsubnet [1]" ; #convert from cidr
246 $errormessage = & Ovpnfunc
:: ovelapplausi
( $tmpovpnsubnet [ 0 ], $tmpovpnsubnet [ 1 ]);
248 if ( $errormessage ne '' ){
251 if ( $cgiparams { 'ENABLED' } !~ /^(on|off)$/ ) {
252 $errormessage = $Lang :: tr
{ 'invalid input' };
255 if (( length ( $cgiparams { 'DMTU' })== 0 ) || (( $cgiparams { 'DMTU' }) < 1000 )) {
256 $errormessage = $Lang :: tr
{ 'invalid mtu input' };
260 unless (& General
:: validport
( $cgiparams { 'DDEST_PORT' })) {
261 $errormessage = $Lang :: tr
{ 'invalid port' };
265 foreach my $dkey ( keys %confighash ) { #Check if there is no other entry with this name
266 if ( $confighash { $dkey }[ 14 ] eq $cgiparams { 'DPROTOCOL' } && $confighash { $dkey }[ 15 ] eq $cgiparams { 'DDEST_PORT' }){
267 $errormessage = "Choosed Protocol/Port combination is already used by connection: $confighash { $dkey }[1]" ;
272 $vpnsettings { 'ENABLED_BLUE' } = $cgiparams { 'ENABLED_BLUE' };
273 $vpnsettings { 'ENABLED_ORANGE' } = $cgiparams { 'ENABLED_ORANGE' };
274 $vpnsettings { 'ENABLED' } = $cgiparams { 'ENABLED' };
275 $vpnsettings { 'VPN_IP' } = $cgiparams { 'VPN_IP' };
276 #new settings for daemon
277 $vpnsettings { 'DOVPN_SUBNET' } = $cgiparams { 'DOVPN_SUBNET' };
278 $vpnsettings { 'DDEVICE' } = $cgiparams { 'DDEVICE' };
279 $vpnsettings { 'DPROTOCOL' } = $cgiparams { 'DPROTOCOL' };
280 $vpnsettings { 'DDEST_PORT' } = $cgiparams { 'DDEST_PORT' };
281 $vpnsettings { 'DMTU' } = $cgiparams { 'DMTU' };
282 $vpnsettings { 'DCOMPLZO' } = $cgiparams { 'DCOMPLZO' };
283 $vpnsettings { 'DCIPHER' } = $cgiparams { 'DCIPHER' };
284 #new settings for daemon
285 & General
:: writehash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
286 & Ovpnfunc
:: writeserverconf
(); #hier ok
291 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'reset' } && $cgiparams { 'AREUSURE' } eq 'yes' ) {
293 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
295 foreach my $key ( keys %confighash ) {
296 if ( $confighash { $key }[ 4 ] eq 'cert' ) {
297 delete $confighash { $cgiparams { ' $key ' }};
300 while ( $file = glob ( "${General::swroot}/ovpn/ca/*" )) {
303 while ( $file = glob ( "${General::swroot}/ovpn/certs/*" )) {
306 while ( $file = glob ( "${General::swroot}/ovpn/crls/*" )) {
309 & Ovpnfunc
:: cleanssldatabase
();
310 if ( open ( FILE
, ">${General::swroot}/ovpn/caconfig" )) {
314 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
318 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'reset' }) {
319 & Header
:: showhttpheaders
();
320 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
321 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
322 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'are you sure' });
324 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
325 <tr><td align='center'>
326 <b><font color='${Header::colourred}'> $Lang ::tr{'capswarning'}</font></b>:
327 $Lang ::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}
328 <tr><td align='center'><input type='submit' name='ACTION' value=' $Lang ::tr{'reset'}' />
329 <input type='submit' name='ACTION' value=' $Lang ::tr{'cancel'}' /></td></tr>
334 & Header
:: closebigbox
();
335 & Header
:: closepage
();
339 ### Upload CA Certificate
341 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'upload ca certificate' }) {
342 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
344 if ( $cgiparams { 'CA_NAME' } !~ /^[a-zA-Z0-9]+$/ ) {
345 $errormessage = $Lang :: tr
{ 'name must only contain characters' };
349 if ( length ( $cgiparams { 'CA_NAME' }) > 60 ) {
350 $errormessage = $Lang :: tr
{ 'name too long' };
354 if ( $cgiparams { 'CA_NAME' } eq 'ca' ) {
355 $errormessage = $Lang :: tr
{ 'name is invalid' };
356 goto UPLOAD_CA_ERROR
;
359 # Check if there is no other entry with this name
360 foreach my $key ( keys %cahash ) {
361 if ( $cahash { $key }[ 0 ] eq $cgiparams { 'CA_NAME' }) {
362 $errormessage = $Lang :: tr
{ 'a ca certificate with this name already exists' };
367 if ( ref ( $cgiparams { 'FH' }) ne 'Fh' ) {
368 $errormessage = $Lang :: tr
{ 'there was no file upload' };
371 # Move uploaded ca to a temporary file
372 ( my $fh , my $filename ) = tempfile
( );
373 if ( copy
( $cgiparams { 'FH' }, $fh ) != 1 ) {
377 my $temp = `/usr/bin/openssl x509 -text -in $filename ` ;
378 if ( $temp !~ /CA:TRUE/i ) {
379 $errormessage = $Lang :: tr
{ 'not a valid ca certificate' };
383 move
( $filename , "${General::swroot}/ovpn/ca/ $cgiparams {'CA_NAME'}cert.pem" );
385 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
391 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/ $cgiparams {'CA_NAME'}cert.pem` ;
392 $casubject =~ /Subject: (.*)[\n]/ ;
394 $casubject =~ s
+/ Email
+, E
+;
395 $casubject =~ s/ ST=/ S=/ ;
396 $casubject = & Header
:: cleanhtml
( $casubject );
398 my $key = & General
:: findhasharraykey
( \
%cahash );
399 $cahash { $key }[ 0 ] = $cgiparams { 'CA_NAME' };
400 $cahash { $key }[ 1 ] = $casubject ;
401 & General
:: writehasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
405 ### Display ca certificate
407 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'show ca certificate' }) {
408 & Ovpnfunc
:: displayca
( $cgiparams { 'KEY' });
410 ### Download ca certificate
412 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'download ca certificate' }) {
413 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
415 if ( - f
"${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem" ) {
416 print "Content-Type: application/octet-stream \r\n " ;
417 print "Content-Disposition: filename= $cahash { $cgiparams {'KEY'}}[0]cert.pem \r\n\r\n " ;
418 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem` ;
421 $errormessage = $Lang :: tr
{ 'invalid key' };
425 ### Remove ca certificate (step 2)
427 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'remove ca certificate' } && $cgiparams { 'AREUSURE' } eq 'yes' ) {
428 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
429 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
431 if ( - f
"${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem" ) {
432 foreach my $key ( keys %confighash ) {
433 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/ $confighash { $key }[1]cert.pem` ;
434 if ( $test =~ /: OK/ ) {
435 unlink ( "${General::swroot}/ovpn//certs/ $confighash { $key }[1]cert.pem" );
436 unlink ( "${General::swroot}/ovpn/certs/ $confighash { $key }[1].p12" );
437 delete $confighash { $key };
438 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
441 unlink ( "${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem" );
442 delete $cahash { $cgiparams { 'KEY' }};
443 & General
:: writehasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
445 $errormessage = $Lang :: tr
{ 'invalid key' };
448 ### Remove ca certificate (step 1)
450 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'remove ca certificate' }) {
451 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
452 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
454 my $assignedcerts = 0 ;
455 if ( - f
"${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem" ) {
456 foreach my $key ( keys %confighash ) {
457 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/ $confighash { $key }[1]cert.pem` ;
458 if ( $test =~ /: OK/ ) {
462 if ( $assignedcerts ) {
463 & Header
:: showhttpheaders
();
464 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
465 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
466 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'are you sure' });
468 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
469 <input type='hidden' name='KEY' value=' $cgiparams {'KEY'}' />
470 <tr><td align='center'>
471 <b><font color='${Header::colourred}'> $Lang ::tr{'capswarning'}</font></b>: $assignedcerts
472 $Lang ::tr{'connections are associated with this ca. deleting the ca will delete these connections as well.'}
473 <tr><td align='center'><input type='submit' name='ACTION' value=' $Lang ::tr{'remove ca certificate'}' />
474 <input type='submit' name='ACTION' value=' $Lang ::tr{'cancel'}' /></td></tr>
479 & Header
:: closebigbox
();
480 & Header
:: closepage
();
483 unlink ( "${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem" );
484 delete $cahash { $cgiparams { 'KEY' }};
485 & General
:: writehasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
486 # system('/usr/local/bin/ipsecctrl', 'R');
489 $errormessage = $Lang :: tr
{ 'invalid key' };
493 ### Display root certificate
495 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'show root certificate' } || $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'show host certificate' }) {
496 & Ovpnfunc
:: displayroothost
( $cgiparams { 'ACTION' });
498 ### Download root certificate
500 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'download root certificate' }) {
501 if ( - f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
502 print "Content-Type: application/octet-stream \r\n " ;
503 print "Content-Disposition: filename=cacert.pem \r\n\r\n " ;
504 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/cacert.pem` ;
509 ### Download host certificate
511 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'download host certificate' }) {
512 if ( - f
"${General::swroot}/ovpn/certs/servercert.pem" ) {
513 print "Content-Type: application/octet-stream \r\n " ;
514 print "Content-Disposition: filename=servercert.pem \r\n\r\n " ;
515 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem` ;
519 ### Form for generating a root certificate
521 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'generate root/host certificates' } ||
522 $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'upload p12 file' }) {
524 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
525 if (- f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
526 $errormessage = $Lang :: tr
{ 'valid root certificate already exists' };
527 $cgiparams { 'ACTION' } = '' ;
531 if (( $cgiparams { 'ROOTCERT_HOSTNAME' } eq '' ) && - e
"${General::swroot}/red/active" ) {
532 if ( open ( IPADDR
, "${General::swroot}/red/local-ipaddress" )) {
533 my $ipaddr = < IPADDR
>;
536 $cgiparams { 'ROOTCERT_HOSTNAME' } = ( gethostbyaddr ( pack ( "C4" , split ( /\./ , $ipaddr )), 2 ))[ 0 ];
537 if ( $cgiparams { 'ROOTCERT_HOSTNAME' } eq '' ) {
538 $cgiparams { 'ROOTCERT_HOSTNAME' } = $ipaddr ;
541 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'upload p12 file' }) {
543 if ( ref ( $cgiparams { 'FH' }) ne 'Fh' ) {
544 $errormessage = $Lang :: tr
{ 'there was no file upload' };
548 # Move uploaded certificate request to a temporary file
549 ( my $fh , my $filename ) = tempfile
( );
550 if ( copy
( $cgiparams { 'FH' }, $fh ) != 1 ) {
555 # Create a temporary dirctory
556 my $tempdir = tempdir
( CLEANUP
=> 1 );
558 # Extract the CA certificate from the file
559 my $pid = open ( OPENSSL
, "|-" );
560 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto ROOTCERT_ERROR
;};
562 if ( $cgiparams { 'P12_PASS' } ne '' ) {
563 print OPENSSL
" $cgiparams {'P12_PASS'} \n " ;
567 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
572 unless ( exec ( '/usr/bin/openssl' , 'pkcs12' , '-cacerts' , '-nokeys' ,
574 '-out' , " $tempdir /cacert.pem" )) {
575 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
581 # Extract the Host certificate from the file
582 $pid = open ( OPENSSL
, "|-" );
583 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto ROOTCERT_ERROR
;};
585 if ( $cgiparams { 'P12_PASS' } ne '' ) {
586 print OPENSSL
" $cgiparams {'P12_PASS'} \n " ;
590 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
595 unless ( exec ( '/usr/bin/openssl' , 'pkcs12' , '-clcerts' , '-nokeys' ,
597 '-out' , " $tempdir /hostcert.pem" )) {
598 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
604 # Extract the Host key from the file
605 $pid = open ( OPENSSL
, "|-" );
606 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto ROOTCERT_ERROR
;};
608 if ( $cgiparams { 'P12_PASS' } ne '' ) {
609 print OPENSSL
" $cgiparams {'P12_PASS'} \n " ;
613 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
618 unless ( exec ( '/usr/bin/openssl' , 'pkcs12' , '-nocerts' ,
621 '-out' , " $tempdir /serverkey.pem" )) {
622 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
628 move
( " $tempdir /cacert.pem" , "${General::swroot}/ovpn/ca/cacert.pem" );
630 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
632 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
633 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
634 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
638 move
( " $tempdir /hostcert.pem" , "${General::swroot}/ovpn/certs/servercert.pem" );
640 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
642 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
643 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
644 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
648 move
( " $tempdir /serverkey.pem" , "${General::swroot}/ovpn/certs/serverkey.pem" );
650 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
652 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
653 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
654 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
658 goto ROOTCERT_SUCCESS
;
660 } elsif ( $cgiparams { 'ROOTCERT_COUNTRY' } ne '' ) {
662 # Validate input since the form was submitted
663 if ( $cgiparams { 'ROOTCERT_ORGANIZATION' } eq '' ){
664 $errormessage = $Lang :: tr
{ 'organization cant be empty' };
667 if ( length ( $cgiparams { 'ROOTCERT_ORGANIZATION' }) > 60 ) {
668 $errormessage = $Lang :: tr
{ 'organization too long' };
671 if ( $cgiparams { 'ROOTCERT_ORGANIZATION' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
672 $errormessage = $Lang :: tr
{ 'invalid input for organization' };
675 if ( $cgiparams { 'ROOTCERT_HOSTNAME' } eq '' ){
676 $errormessage = $Lang :: tr
{ 'hostname cant be empty' };
679 unless (& General
:: validfqdn
( $cgiparams { 'ROOTCERT_HOSTNAME' }) || & General
:: validip
( $cgiparams { 'ROOTCERT_HOSTNAME' })) {
680 $errormessage = $Lang :: tr
{ 'invalid input for hostname' };
683 if ( $cgiparams { 'ROOTCERT_EMAIL' } ne '' && (! & General
:: validemail
( $cgiparams { 'ROOTCERT_EMAIL' }))) {
684 $errormessage = $Lang :: tr
{ 'invalid input for e-mail address' };
687 if ( length ( $cgiparams { 'ROOTCERT_EMAIL' }) > 40 ) {
688 $errormessage = $Lang :: tr
{ 'e-mail address too long' };
691 if ( $cgiparams { 'ROOTCERT_OU' } ne '' && $cgiparams { 'ROOTCERT_OU' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
692 $errormessage = $Lang :: tr
{ 'invalid input for department' };
695 if ( $cgiparams { 'ROOTCERT_CITY' } ne '' && $cgiparams { 'ROOTCERT_CITY' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
696 $errormessage = $Lang :: tr
{ 'invalid input for city' };
699 if ( $cgiparams { 'ROOTCERT_STATE' } ne '' && $cgiparams { 'ROOTCERT_STATE' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
700 $errormessage = $Lang :: tr
{ 'invalid input for state or province' };
703 if ( $cgiparams { 'ROOTCERT_COUNTRY' } !~ /^[A-Z]*$/ ) {
704 $errormessage = $Lang :: tr
{ 'invalid input for country' };
708 # Copy the cgisettings to vpnsettings and save the configfile
709 $vpnsettings { 'ROOTCERT_ORGANIZATION' } = $cgiparams { 'ROOTCERT_ORGANIZATION' };
710 $vpnsettings { 'ROOTCERT_HOSTNAME' } = $cgiparams { 'ROOTCERT_HOSTNAME' };
711 $vpnsettings { 'ROOTCERT_EMAIL' } = $cgiparams { 'ROOTCERT_EMAIL' };
712 $vpnsettings { 'ROOTCERT_OU' } = $cgiparams { 'ROOTCERT_OU' };
713 $vpnsettings { 'ROOTCERT_CITY' } = $cgiparams { 'ROOTCERT_CITY' };
714 $vpnsettings { 'ROOTCERT_STATE' } = $cgiparams { 'ROOTCERT_STATE' };
715 $vpnsettings { 'ROOTCERT_COUNTRY' } = $cgiparams { 'ROOTCERT_COUNTRY' };
716 & General
:: writehash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
718 # Replace empty strings with a .
719 ( my $ou = $cgiparams { 'ROOTCERT_OU' }) =~ s/^\s*$/\./ ;
720 ( my $city = $cgiparams { 'ROOTCERT_CITY' }) =~ s/^\s*$/\./ ;
721 ( my $state = $cgiparams { 'ROOTCERT_STATE' }) =~ s/^\s*$/\./ ;
724 #system ('/usr/bin/touch', "${General::swroot}/ovpn/gencanow");
726 # Create the CA certificate
727 my $pid = open ( OPENSSL
, "|-" );
728 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto ROOTCERT_ERROR
;};
730 print OPENSSL
" $cgiparams {'ROOTCERT_COUNTRY'} \n " ;
731 print OPENSSL
" $state \n " ;
732 print OPENSSL
" $city \n " ;
733 print OPENSSL
" $cgiparams {'ROOTCERT_ORGANIZATION'} \n " ;
734 print OPENSSL
" $ou \n " ;
735 print OPENSSL
" $cgiparams {'ROOTCERT_ORGANIZATION'} CA \n " ;
736 print OPENSSL
" $cgiparams {'ROOTCERT_EMAIL'} \n " ;
739 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
740 unlink ( "${General::swroot}/ovpn/ca/cakey.pem" );
741 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
745 unless ( exec ( '/usr/bin/openssl' , 'req' , '-x509' , '-nodes' , '-rand' , '/proc/interrupts:/proc/net/rt_cache' ,
746 '-days' , '999999' , '-newkey' , 'rsa:2048' ,
747 '-keyout' , "${General::swroot}/ovpn/ca/cakey.pem" ,
748 '-out' , "${General::swroot}/ovpn/ca/cacert.pem" ,
749 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
750 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
755 # Create the Host certificate request
756 $pid = open ( OPENSSL
, "|-" );
757 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto ROOTCERT_ERROR
;};
759 print OPENSSL
" $cgiparams {'ROOTCERT_COUNTRY'} \n " ;
760 print OPENSSL
" $state \n " ;
761 print OPENSSL
" $city \n " ;
762 print OPENSSL
" $cgiparams {'ROOTCERT_ORGANIZATION'} \n " ;
763 print OPENSSL
" $ou \n " ;
764 print OPENSSL
" $cgiparams {'ROOTCERT_HOSTNAME'} \n " ;
765 print OPENSSL
" $cgiparams {'ROOTCERT_EMAIL'} \n " ;
770 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
771 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
772 unlink ( "${General::swroot}/ovpn/certs/serverreq.pem" );
776 unless ( exec ( '/usr/bin/openssl' , 'req' , '-nodes' , '-rand' , '/proc/interrupts:/proc/net/rt_cache' ,
777 '-newkey' , 'rsa:1024' ,
778 '-keyout' , "${General::swroot}/ovpn/certs/serverkey.pem" ,
779 '-out' , "${General::swroot}/ovpn/certs/serverreq.pem" ,
780 '-extensions' , 'server' ,
781 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
782 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
783 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
784 unlink ( "${General::swroot}/ovpn/certs/serverreq.pem" );
785 unlink ( "${General::swroot}/ovpn/ca/cakey.pem" );
786 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
791 # Sign the host certificate request
792 system ( '/usr/bin/openssl' , 'ca' , '-days' , '999999' ,
794 '-in' , "${General::swroot}/ovpn/certs/serverreq.pem" ,
795 '-out' , "${General::swroot}/ovpn/certs/servercert.pem" ,
796 '-extensions' , 'server' ,
797 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" );
799 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
800 unlink ( "${General::swroot}/ovpn/ca/cakey.pem" );
801 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
802 unlink ( "${General::swroot}/ovpn/serverkey.pem" );
803 unlink ( "${General::swroot}/ovpn/certs/serverreq.pem" );
804 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
805 & Ovpnfunc
:: newcleanssldatabase
();
808 unlink ( "${General::swroot}/ovpn/certs/serverreq.pem" );
809 & Ovpnfunc
:: deletebackupcert
();
812 # Create an empty CRL
813 system ( '/usr/bin/openssl' , 'ca' , '-gencrl' ,
814 '-out' , "${General::swroot}/ovpn/crls/cacrl.pem" ,
815 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" );
817 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
818 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
819 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
820 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
821 unlink ( "${General::swroot}/ovpn/crls/cacrl.pem" );
822 & Ovpnfunc
:: cleanssldatabase
();
825 # Create Diffie Hellmann Parameter
826 system ( '/usr/bin/openssl' , 'dhparam' , '-rand' , '/proc/interrupts:/proc/net/rt_cache' ,
827 '-out' , "${General::swroot}/ovpn/ca/dh1024.pem" ,
830 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
831 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
832 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
833 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
834 unlink ( "${General::swroot}/ovpn/crls/cacrl.pem" );
835 unlink ( "${General::swroot}/ovpn/ca/dh1024.pem" );
836 & Ovpnfunc
:: cleanssldatabase
();
839 goto ROOTCERT_SUCCESS
;
842 if ( $cgiparams { 'ACTION' } ne '' ) {
843 & Header
:: showhttpheaders
();
844 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
845 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
847 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
848 print "<class name='base'> $errormessage " ;
849 print " </class>" ;
852 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'generate root/host certificates'}:" );
854 <form method='post' enctype='multipart/form-data'>
855 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
856 <tr><td width='30%' class='base'> $Lang ::tr{'organization name'}:</td>
857 <td width='35%' class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_ORGANIZATION' value=' $cgiparams {'ROOTCERT_ORGANIZATION'}' size='32' /></td>
858 <td width='35%' colspan='2'> </td></tr>
859 <tr><td class='base'> $Lang ::tr{'ipfires hostname'}:</td>
860 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_HOSTNAME' value=' $cgiparams {'ROOTCERT_HOSTNAME'}' size='32' /></td>
861 <td colspan='2'> </td></tr>
862 <tr><td class='base'> $Lang ::tr{'your e-mail'}: <img src='/blob.gif' alt'*' /></td>
863 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_EMAIL' value=' $cgiparams {'ROOTCERT_EMAIL'}' size='32' /></td>
864 <td colspan='2'> </td></tr>
865 <tr><td class='base'> $Lang ::tr{'your department'}: <img src='/blob.gif' alt'*' /></td>
866 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_OU' value=' $cgiparams {'ROOTCERT_OU'}' size='32' /></td>
867 <td colspan='2'> </td></tr>
868 <tr><td class='base'> $Lang ::tr{'city'}: <img src='/blob.gif' alt'*' /></td>
869 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_CITY' value=' $cgiparams {'ROOTCERT_CITY'}' size='32' /></td>
870 <td colspan='2'> </td></tr>
871 <tr><td class='base'> $Lang ::tr{'state or province'}: <img src='/blob.gif' alt'*' /></td>
872 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_STATE' value=' $cgiparams {'ROOTCERT_STATE'}' size='32' /></td>
873 <td colspan='2'> </td></tr>
874 <tr><td class='base'> $Lang ::tr{'country'}:</td>
875 <td class='base'><select name='ROOTCERT_COUNTRY'>
879 foreach my $country ( sort keys %{ Countries
:: countries
}) {
880 print "<option value=' $Countries ::countries{ $country }'" ;
881 if ( $Countries :: countries
{ $country } eq $cgiparams { 'ROOTCERT_COUNTRY' } ) {
882 print " selected='selected'" ;
884 print "> $country </option>" ;
888 <td colspan='2'> </td></tr>
890 <td><input type='submit' name='ACTION' value=' $Lang ::tr{'generate root/host certificates'}' /></td>
891 <td> </td><td> </td></tr>
892 <tr><td class='base' colspan='4' align='left'>
893 <img src='/blob.gif' valign='top' alt='*' /> $Lang ::tr{'this field may be blank'}</td></tr>
894 <tr><td class='base' colspan='4' align='left'>
895 <b><font color='${Header::colourred}'> $Lang ::tr{'capswarning'}</font></b>:
896 $Lang ::tr{'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient'}
898 <tr><td colspan='4' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr>
899 <tr><td class='base' nowrap='nowrap'> $Lang ::tr{'upload p12 file'}:</td>
900 <td nowrap='nowrap'><input type='file' name='FH' size='32'></td>
901 <td colspan='2'> </td></tr>
902 <tr><td class='base'> $Lang ::tr{'pkcs12 file password'}: <img src='/blob.gif' alt='*' ></td>
903 <td class='base' nowrap='nowrap'><input type='password' name='P12_PASS' value=' $cgiparams {'P12_PASS'}' size='32' /></td>
904 <td colspan='2'> </td></tr>
906 <td><input type='submit' name='ACTION' value=' $Lang ::tr{'upload p12 file'}' /></td>
907 <td colspan='2'> </td></tr>
908 <tr><td class='base' colspan='4' align='left'>
909 <img src='/blob.gif' valign='top' al='*' > $Lang ::tr{'this field may be blank'}</td></tr>
915 & Header
:: closebigbox
();
916 & Header
:: closepage
();
921 system ( "chmod 600 ${General::swroot}/ovpn/certs/serverkey.pem" );
924 ### Enable/Disable connection
926 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'toggle enable disable' }) {
927 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
928 if ( $confighash { $cgiparams { 'KEY' }}) {
929 my $n2nactive = `/bin/ps ax|grep $confighash { $cgiparams {'KEY'}}[1].conf|grep -v grep|awk \' {print \ $1 } \' ` ;
930 if ( $confighash { $cgiparams { 'KEY' }}[ 0 ] eq 'off' ) {
931 $confighash { $cgiparams { 'KEY' }}[ 0 ] = 'on' ;
932 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
933 if ( $n2nactive eq '' ){
934 system ( '/usr/local/bin/openvpnctrl' , '-sn2n' , $confighash { $cgiparams { 'KEY' }}[ 1 ]);
936 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $n2nactive );
937 system ( '/usr/local/bin/openvpnctrl' , '-sn2n' , $confighash { $cgiparams { 'KEY' }}[ 1 ]);
940 $confighash { $cgiparams { 'KEY' }}[ 0 ] = 'off' ;
941 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
942 if ( $n2nactive ne '' ){
943 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $n2nactive );
947 $errormessage = $Lang :: tr
{ 'invalid key' };
951 ### Download OpenVPN client package
953 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'dl client arch' }) {
954 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
955 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
960 my $uhost = `/bin/uname -n` ;
962 my @uhost2 = split /\./ , $uhost ;
963 $uhost3 = $uhost2 [ 0 ];
967 my $tempdir = tempdir
( CLEANUP
=> 1 );
968 my $zippath = " $tempdir /" ;
969 my $zipname = " $confighash { $cgiparams {'KEY'}}[1]-TO- $uhost3 .zip" ;
970 my $zippathname = " $zippath $zipname " ;
972 if ( $confighash { $cgiparams { 'KEY' }}[ 3 ] eq 'net' ){
973 $zerinaclient = 'true' ;
974 & Ovpnfunc
:: writenet2netconf
( $cgiparams { 'KEY' }, $zerinaclient );
977 $clientovpn = " $confighash { $cgiparams {'KEY'}}[1]-TO- $uhost3 .ovpn" ;
978 open ( CLIENTCONF
, "> $tempdir / $clientovpn " ) or die "Unable to open tempfile: $clientovpn $!" ;
981 my $zip = Archive
:: Zip
-> new ();
983 print CLIENTCONF
"#OpenVPN Client conf \r\n " ;
984 print CLIENTCONF
"tls-client \r\n " ;
985 print CLIENTCONF
"client \r\n " ;
986 print CLIENTCONF
"dev $vpnsettings {'DDEVICE'} \r\n " ;
987 if ( $vpnsettings { 'DPROTOCOL' } eq 'tcp' ) {
988 print CLIENTCONF
"proto $vpnsettings {'DPROTOCOL'}-client \r\n " ;
990 print CLIENTCONF
"proto $vpnsettings {'DPROTOCOL'} \r\n " ;
992 print CLIENTCONF
" $vpnsettings {'DDEVICE'}-mtu $vpnsettings {'DMTU'} \r\n " ;
993 if ( $vpnsettings { 'ENABLED' } eq 'on' ){
994 print CLIENTCONF
"remote $vpnsettings {'VPN_IP'} $vpnsettings {'DDEST_PORT'} \r\n " ;
995 if ( $vpnsettings { 'ENABLED_BLUE' } eq 'on' && (& Ovpnfunc
:: haveBlueNet
())){
996 print CLIENTCONF
"#Coment the above line and uncoment the next line, if you want to connect on the Blue interface \r\n " ;
997 print CLIENTCONF
";remote $netsettings {'BLUE_ADDRESS'} $vpnsettings {'DDEST_PORT'} \r\n " ;
999 if ( $vpnsettings { 'ENABLED_ORANGE' } eq 'on' && (& Ovpnfunc
:: haveOrangeNet
())){
1000 print CLIENTCONF
"#Coment the above line and uncoment the next line, if you want to connect on the Orange interface \r\n " ;
1001 print CLIENTCONF
";remote $netsettings {'ORANGE_ADDRESS'} $vpnsettings {'DDEST_PORT'} \r\n " ;
1003 } elsif ( $vpnsettings { 'ENABLED_BLUE' } eq 'on' && (& Ovpnfunc
:: haveBlueNet
())){
1004 print CLIENTCONF
"remote $netsettings {'BLUE_ADDRESS'} $vpnsettings {'DDEST_PORT'} \r\n " ;
1005 if ( $vpnsettings { 'ENABLED_ORANGE' } eq 'on' && (& Ovpnfunc
:: haveOrangeNet
())){
1006 print CLIENTCONF
"#Coment the above line and uncoment the next line, if you want to connect on the Orange interface \r\n " ;
1007 print CLIENTCONF
";remote $netsettings {'ORANGE_ADDRESS'} $vpnsettings {'DDEST_PORT'} \r\n " ;
1009 } elsif ( $vpnsettings { 'ENABLED_ORANGE' } eq 'on' && (& Ovpnfunc
:: haveOrangeNet
())){
1010 print CLIENTCONF
"remote $netsettings {'ORANGE_ADDRESS'} $vpnsettings {'DDEST_PORT'} \r\n " ;
1013 if ( $confighash { $cgiparams { 'KEY' }}[ 4 ] eq 'cert' && - f
"${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1].p12" ) {
1014 print CLIENTCONF
"pkcs12 $confighash { $cgiparams {'KEY'}}[1].p12 \r\n " ;
1015 $zip -> addFile ( "${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1].p12" , " $confighash { $cgiparams {'KEY'}}[1].p12" ) or die "Can't add file $confighash { $cgiparams {'KEY'}}[1].p12 \n " ;
1017 print CLIENTCONF
"ca cacert.pem \r\n " ;
1018 print CLIENTCONF
"cert $confighash { $cgiparams {'KEY'}}[1]cert.pem \r\n " ;
1019 print CLIENTCONF
"key $confighash { $cgiparams {'KEY'}}[1].key \r\n " ;
1020 $zip -> addFile ( "${General::swroot}/ovpn/ca/cacert.pem" , "cacert.pem" ) or die "Can't add file cacert.pem \n " ;
1021 $zip -> addFile ( "${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem" , " $confighash { $cgiparams {'KEY'}}[1]cert.pem" ) or die "Can't add file $confighash { $cgiparams {'KEY'}}[1]cert.pem \n " ;
1023 print CLIENTCONF
"cipher $vpnsettings {DCIPHER} \r\n " ;
1024 if ( $vpnsettings { DCOMPLZO
} eq 'on' ) {
1025 print CLIENTCONF
"comp-lzo \r\n " ;
1027 print CLIENTCONF
"verb 3 \r\n " ;
1028 print CLIENTCONF
"ns-cert-type server \r\n " ;
1030 $zip -> addFile ( " $tempdir / $clientovpn " , $clientovpn ) or die "Can't add file $clientovpn \n " ;
1031 my $status = $zip -> writeToFileNamed ( $zippathname );
1033 open ( DLFILE
, "< $zippathname " ) or die "Unable to open $zippathname : $!" ;
1034 @fileholder = < DLFILE
>;
1035 print "Content-Type:application/x-download \n " ;
1036 print "Content-Disposition:attachment;filename= $zipname \n\n " ;
1041 ### Remove connection
1043 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'remove' }) {
1044 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
1045 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1046 if ( $confighash { $cgiparams { 'KEY' }}) {
1047 if ( $confighash { $cgiparams { 'KEY' }}[ 19 ] eq 'yes' ) {
1048 & Ovpnfunc
:: killconnection
( $cgiparams { 'KEY' });
1049 & Ovpnfunc
:: removenet2netconf
( $cgiparams { 'KEY' });
1050 delete $confighash { $cgiparams { 'KEY' }};
1051 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1053 my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf` ;
1054 unlink ( "${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem" );
1055 unlink ( "${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1].p12" );
1056 & Ovpnfunc
:: killconnection
( $cgiparams { 'KEY' });
1057 & Ovpnfunc
:: removenet2netconf
( $cgiparams { 'KEY' });
1058 delete $confighash { $cgiparams { 'KEY' }};
1059 my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf` ;
1060 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1063 $errormessage = $Lang :: tr
{ 'invalid key' };
1066 ### Download PKCS12 file
1068 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'download pkcs12 file' }) {
1069 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1071 print "Content-Disposition: filename=" . $confighash { $cgiparams { 'KEY' }}[ 1 ] . ".p12 \r\n " ;
1072 print "Content-Type: application/octet-stream \r\n\r\n " ;
1073 print `/bin/cat ${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1].p12` ;
1077 ### Display certificate
1079 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'show certificate' }) {
1080 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1082 if ( - f
"${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem" ) {
1083 & Header
:: showhttpheaders
();
1084 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
1085 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
1086 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'certificate'}:" );
1087 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem` ;
1088 $output = & Header
:: cleanhtml
( $output , "y" );
1089 print "<pre> $output </pre> \n " ;
1090 & Header
:: closebox
();
1091 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'> $Lang ::tr{'back'}</a></div>" ;
1092 & Header
:: closebigbox
();
1093 & Header
:: closepage
();
1097 ### Display Certificate Revoke List
1099 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'show crl' }) {
1100 if ( - f
"${General::swroot}/ovpn/crls/cacrl.pem" ) {
1101 & Header
:: showhttpheaders
();
1102 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
1103 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
1104 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'crl'}:" );
1105 my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem` ;
1106 $output = & Header
:: cleanhtml
( $output , "y" );
1107 print "<pre> $output </pre> \n " ;
1108 & Header
:: closebox
();
1109 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'> $Lang ::tr{'back'}</a></div>" ;
1110 & Header
:: closebigbox
();
1111 & Header
:: closepage
();
1116 ### Advanced Server Settings
1119 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'advanced server' }) {
1123 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%cgiparams );
1126 if ( $cgiparams { 'MAX_CLIENTS' } eq '' ) {
1127 $cgiparams { 'MAX_CLIENTS' } = '100' ;
1130 if ( $cgiparams { 'KEEPALIVE_1' } eq '' ) {
1131 $cgiparams { 'KEEPALIVE_1' } = '10' ;
1133 if ( $cgiparams { 'KEEPALIVE_2' } eq '' ) {
1134 $cgiparams { 'KEEPALIVE_2' } = '60' ;
1136 if ( $cgiparams { 'LOG_VERB' } eq '' ) {
1137 $cgiparams { 'LOG_VERB' } = '3' ;
1139 if ( $cgiparams { 'EXTENDED_NICE' } eq '' ) {
1140 $cgiparams { 'EXTENDED_NICE' } = '0' ;
1142 $checked { 'CLIENT2CLIENT' }{ 'off' } = '' ;
1143 $checked { 'CLIENT2CLIENT' }{ 'on' } = '' ;
1144 $checked { 'CLIENT2CLIENT' }{ $cgiparams { 'CLIENT2CLIENT' }} = 'CHECKED' ;
1145 $checked { 'REDIRECT_GW_DEF1' }{ 'off' } = '' ;
1146 $checked { 'REDIRECT_GW_DEF1' }{ 'on' } = '' ;
1147 $checked { 'REDIRECT_GW_DEF1' }{ $cgiparams { 'REDIRECT_GW_DEF1' }} = 'CHECKED' ;
1148 $selected { 'LOG_VERB' }{ '1' } = '' ;
1149 $selected { 'LOG_VERB' }{ '2' } = '' ;
1150 $selected { 'LOG_VERB' }{ '3' } = '' ;
1151 $selected { 'LOG_VERB' }{ '4' } = '' ;
1152 $selected { 'LOG_VERB' }{ '5' } = '' ;
1153 $selected { 'LOG_VERB' }{ '6' } = '' ;
1154 $selected { 'LOG_VERB' }{ '7' } = '' ;
1155 $selected { 'LOG_VERB' }{ '8' } = '' ;
1156 $selected { 'LOG_VERB' }{ '9' } = '' ;
1157 $selected { 'LOG_VERB' }{ '10' } = '' ;
1158 $selected { 'LOG_VERB' }{ '11' } = '' ;
1159 $selected { 'LOG_VERB' }{ '0' } = '' ;
1160 $selected { 'LOG_VERB' }{ $cgiparams { 'LOG_VERB' }} = 'SELECTED' ;
1162 #################################################################################
1163 # Added by Philipp Jenni #
1165 # Contact: philipp.jenni-at-gmx.ch #
1166 # Date: 2006-04-22 #
1167 # Description: Definitions to set the FASTIO Checkbox #
1168 # Definitions to set the MTUDISC Checkbox #
1169 # Definitions to set the NICE Selectionbox #
1170 #################################################################################
1171 $checked { 'EXTENDED_FASTIO' }{ 'off' } = '' ;
1172 $checked { 'EXTENDED_FASTIO' }{ 'on' } = '' ;
1173 $checked { 'EXTENDED_FASTIO' }{ $cgiparams { 'EXTENDED_FASTIO' }} = 'CHECKED' ;
1174 $checked { 'EXTENDED_MTUDISC' }{ 'off' } = '' ;
1175 $checked { 'EXTENDED_MTUDISC' }{ 'on' } = '' ;
1176 $checked { 'EXTENDED_MTUDISC' }{ $cgiparams { 'EXTENDED_MTUDISC' }} = 'CHECKED' ;
1177 $selected { 'EXTENDED_NICE' }{ '-13' } = '' ;
1178 $selected { 'EXTENDED_NICE' }{ '-10' } = '' ;
1179 $selected { 'EXTENDED_NICE' }{ '-7' } = '' ;
1180 $selected { 'EXTENDED_NICE' }{ '-3' } = '' ;
1181 $selected { 'EXTENDED_NICE' }{ '0' } = '' ;
1182 $selected { 'EXTENDED_NICE' }{ '3' } = '' ;
1183 $selected { 'EXTENDED_NICE' }{ '7' } = '' ;
1184 $selected { 'EXTENDED_NICE' }{ '10' } = '' ;
1185 $selected { 'EXTENDED_NICE' }{ '13' } = '' ;
1186 $selected { 'EXTENDED_NICE' }{ $cgiparams { 'EXTENDED_NICE' }} = 'SELECTED' ;
1187 #################################################################################
1188 # End of inserted Data #
1189 #################################################################################
1191 & Header
:: showhttpheaders
();
1192 & Header
:: openpage
( $Lang :: tr
{ 'status ovpn' }, 1 , '' );
1193 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
1194 if ( $errormessage ) {
1195 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
1196 print "<class name='base'> $errormessage \n " ;
1197 print " </class> \n " ;
1198 & Header
:: closebox
();
1200 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'advanced server' });
1202 <form method='post' enctype='multipart/form-data'>
1203 <table width='100%'>
1205 <td colspan='4'><b> $Lang ::tr{'dhcp-options'}</b></td>
1208 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1211 <td class='base'>Domain</td>
1212 <td><input type='TEXT' name='DHCP_DOMAIN' value=' $cgiparams {'DHCP_DOMAIN'}' size='30' /></td>
1215 <td class='base'>DNS</td>
1216 <td><input type='TEXT' name='DHCP_DNS' value=' $cgiparams {'DHCP_DNS'}' size='30' /></td>
1219 <td class='base'>WINS</td>
1220 <td><input type='TEXT' name='DHCP_WINS' value=' $cgiparams {'DHCP_WINS'}' size='30' /></td>
1224 <!-- Additional push route START-->
1225 <table width='100%'>
1227 <td colspan='4'><b> $Lang ::tr{'add-route'}</b></td>
1230 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1233 <td class='base'> $Lang ::tr{'subnet'} 1</td>
1234 <td><input type='TEXT' name='AD_ROUTE1' value=' $cgiparams {'AD_ROUTE1'}' size='30' /></td>
1237 <td class='base'> $Lang ::tr{'subnet'} 2</td>
1238 <td><input type='TEXT' name='AD_ROUTE2' value=' $cgiparams {'AD_ROUTE2'}' size='30' /></td>
1241 <td class='base'> $Lang ::tr{'subnet'} 3</td>
1242 <td><input type='TEXT' name='AD_ROUTE3' value=' $cgiparams {'AD_ROUTE3'}' size='30' /></td>
1246 <!-- Additional push route END -->
1247 < table width
= '100%' >
1249 < td
class 'base' >< b
> $Lang :: tr
{ 'misc-options' }< /b></ td
>
1252 < td width
= '25%' >< /td> <td width='20%'> </ td
>< td width
= '25%' > < /td><td width='30%'></ td
>
1255 < td
class = 'base' > Client
- To
- Client
</ td
>
1256 < td
>< input type
= 'checkbox' name
= 'CLIENT2CLIENT' $checked { 'CLIENT2CLIENT' }{ 'on' } /></ td
>
1259 < td
class = 'base' > Redirect
- Gateway def1
</ td
>
1260 < td
>< input type
= 'checkbox' name
= 'REDIRECT_GW_DEF1' $checked { 'REDIRECT_GW_DEF1' }{ 'on' } /></ td
>
1263 < td
class = 'base' > Max
- Clients
</ td
>
1264 < td
>< input type
= 'text' name
= 'MAX_CLIENTS' value
= ' $cgiparams {' MAX_CLIENTS
'}' size
= '30' /></ td
>
1266 < td
class = 'base' > Keppalive
( ping
/ping-restart)</ td
>
1267 < td
>< input type
= 'TEXT' name
= 'KEEPALIVE_1' value
= ' $cgiparams {' KEEPALIVE_1
'}' size
= '30' /></ td
>
1268 < td
>< input type
= 'TEXT' name
= 'KEEPALIVE_2' value
= ' $cgiparams {' KEEPALIVE_2
'}' size
= '30' /></ td
>
1272 #################################################################################
1273 # Added by Philipp Jenni #
1275 # Contact: philipp.jenni-at-gmx.ch #
1276 # Date: 2006-04-22 #
1277 # Description: Add the FAST-IO Checkbox to the HTML Form #
1278 # Add the NICE Selectionbox to the HTML Form #
1279 # Add the MTU-DISC Checkbox to the HTML Form #
1280 # Add the MSSFIX Textbox to the HTML Form #
1281 # Add the FRAMGMENT Textbox to the HTML Form #
1283 # 2006-04-27 Include Multilanguage-Support #
1284 #################################################################################
1288 < td
class = 'base' > $Lang :: tr
{ 'ovpn_processprio' }</ td
>
1290 < select name
= 'EXTENDED_NICE' >
1291 < option value
= '-13' $selected { 'EXTENDED_NICE' }{ '-13' }> $Lang :: tr
{ 'ovpn_processprioEH' }</ option
>
1292 < option value
= '-10' $selected { 'EXTENDED_NICE' }{ '-10' }> $Lang :: tr
{ 'ovpn_processprioVH' }</ option
>
1293 < option value
= '-7' $selected { 'EXTENDED_NICE' }{ '-7' }> $Lang :: tr
{ 'ovpn_processprioH' }</ option
>
1294 < option value
= '-3' $selected { 'EXTENDED_NICE' }{ '-3' }> $Lang :: tr
{ 'ovpn_processprioEN' }</ option
>
1295 < option value
= '0' $selected { 'EXTENDED_NICE' }{ '0' }> $Lang :: tr
{ 'ovpn_processprioN' }</ option
>
1296 < option value
= '3' $selected { 'EXTENDED_NICE' }{ '3' }> $Lang :: tr
{ 'ovpn_processprioLN' }</ option
>
1297 < option value
= '7' $selected { 'EXTENDED_NICE' }{ '7' }> $Lang :: tr
{ 'ovpn_processprioD' }</ option
>
1298 < option value
= '10' $selected { 'EXTENDED_NICE' }{ '10' }> $Lang :: tr
{ 'ovpn_processprioVD' }</ option
>
1299 < option value
= '13' $selected { 'EXTENDED_NICE' }{ '13' }> $Lang :: tr
{ 'ovpn_processprioED' }</ option
>
1304 < td
class = 'base' > $Lang :: tr
{ 'ovpn_fastio' }</ td
>
1306 < input type
= 'checkbox' name
= 'EXTENDED_FASTIO' $checked { 'EXTENDED_FASTIO' }{ 'on' } />
1310 < td
class = 'base' > $Lang :: tr
{ 'ovpn_mtudisc' }</ td
>
1312 < input type
= 'checkbox' name
= 'EXTENDED_MTUDISC' $checked { 'EXTENDED_MTUDISC' }{ 'on' } />
1316 < td
class = 'base' > $Lang :: tr
{ 'ovpn_mssfix' }</ td
>
1318 < input type
= 'TEXT' name
= 'EXTENDED_MSSFIX' value
= ' $cgiparams {' EXTENDED_MSSFIX
'}' size
= '30' />
1322 < td
class = 'base' > $Lang :: tr
{ 'ovpn_fragment' }</ td
>
1324 < input type
= 'TEXT' name
= 'EXTENDED_FRAGMENT' value
= ' $cgiparams {' EXTENDED_FRAGMENT
'}' size
= '30' />
1329 #################################################################################
1330 # End of Inserted Data #
1331 #################################################################################
1337 < table width
= '100%' >
1339 < td
class 'base' >< b
> $Lang :: tr
{ 'log-options' }< /b></ td
>
1342 < td width
= '25%' >< /td> <td width='20%'> </ td
>< td width
= '25%' > < /td><td width='30%'></ td
>
1345 < tr
>< td
class = 'base' > VERB
</ td
>
1346 < td
>< select name
= 'LOG_VERB' >< option value
= '1' $selected { 'LOG_VERB' }{ '1' }> 1 </ option
>
1347 < option value
= '2' $selected { 'LOG_VERB' }{ '2' }> 2 </ option
>
1348 < option value
= '3' $selected { 'LOG_VERB' }{ '3' }> 3 </ option
>
1349 < option value
= '4' $selected { 'LOG_VERB' }{ '4' }> 4 </ option
>
1350 < option value
= '5' $selected { 'LOG_VERB' }{ '5' }> 5 </ option
>
1351 < option value
= '6' $selected { 'LOG_VERB' }{ '6' }> 6 </ option
>
1352 < option value
= '7' $selected { 'LOG_VERB' }{ '7' }> 7 </ option
>
1353 < option value
= '8' $selected { 'LOG_VERB' }{ '8' }> 8 </ option
>
1354 < option value
= '9' $selected { 'LOG_VERB' }{ '9' }> 9 </ option
>
1355 < option value
= '10' $selected { 'LOG_VERB' }{ '10' }> 10 </ option
>
1356 < option value
= '11' $selected { 'LOG_VERB' }{ '11' }> 11 </ option
>
1357 < option value
= '0' $selected { 'LOG_VERB' }{ '0' }> 0 < /option></s elect
></ td
>
1359 #################################################################################
1360 # Added by Philipp Jenni #
1362 # Contact: philipp.jenni-at-gmx.ch #
1363 # Date: 2006-04-22 #
1364 # Description: Required </TR> Command from this Table #
1365 #################################################################################
1369 #################################################################################
1370 # End of Inserted Data #
1371 #################################################################################
1376 < table width
= '100%' >
1379 < td allign
= 'center' >< input type
= 'submit' name
= 'ACTION' value
= ' $Lang ::tr{' save
- adv
- options
'}' /></ td
>
1380 < td allign
= 'center' >< input type
= 'submit' name
= 'ACTION' value
= ' $Lang ::tr{' cancel
- adv
- options
'}' /></ td
>
1388 & Header
:: closebox
();
1389 & Header
:: closebigbox
();
1390 & Header
:: closepage
();
1394 ### Openvpn Connections Statistics
1396 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'ovpn con stat' }) {
1397 & Header
:: showhttpheaders
();
1398 & Header
:: openpage
( $Lang :: tr
{ 'ovpn con stat' }, 1 , '' );
1399 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
1400 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'ovpn con stat' });
1403 # <td><b>$Lang::tr{'protocol'}</b></td>
1404 # protocol temp removed
1406 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
1408 <td><b> $Lang ::tr{'common name'}</b></td>
1409 <td><b> $Lang ::tr{'real address'}</b></td>
1410 <td><b> $Lang ::tr{'virtual address'}</b></td>
1411 <td><b> $Lang ::tr{'loged in at'}</b></td>
1412 <td><b> $Lang ::tr{'bytes sent'}</b></td>
1413 <td><b> $Lang ::tr{'bytes received'}</b></td>
1414 <td><b> $Lang ::tr{'last activity'}</b></td>
1418 my $filename = "/var/log/ovpnserver.log" ;
1419 open ( FILE
, $filename ) or die 'Unable to open config file.' ;
1420 my @current = < FILE
>;
1429 my %userlookup = ();
1430 foreach my $line ( @current )
1433 if ( $line =~ /^Updated,(.+)/ ){
1434 @match = split ( /^Updated,(.+)/ , $line );
1435 $status = $match [ 1 ];
1437 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/ ) {
1438 @match = split ( m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/ , $line );
1439 if ( $match [ 1 ] ne "Common Name" ) {
1441 $userlookup { $match [ 2 ]} = $uid ;
1442 $users [ $uid ]{ 'CommonName' } = $match [ 1 ];
1443 $users [ $uid ]{ 'RealAddress' } = $match [ 2 ];
1444 $users [ $uid ]{ 'BytesReceived' } = & Ovpnfunc
:: sizeformat
( $match [ 3 ]);
1445 $users [ $uid ]{ 'BytesSent' } = & Ovpnfunc
:: sizeformat
( $match [ 4 ]);
1446 $users [ $uid ]{ 'Since' } = $match [ 5 ];
1447 $users [ $uid ]{ 'Proto' } = $proto ;
1451 if ( $line =~ /^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/ ) {
1452 @match = split ( m/^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/ , $line );
1453 if ( $match [ 1 ] ne "Virtual Address" ) {
1454 $address = $match [ 3 ];
1455 #find the uid in the lookup table
1456 $uid = $userlookup { $address };
1457 $users [ $uid ]{ 'VirtualAddress' } = $match [ 1 ];
1458 $users [ $uid ]{ 'LastRef' } = $match [ 4 ];
1464 for ( my $idx = 1 ; $idx <= $user2 ; $idx ++){
1466 print "<tr bgcolor=' $color {'color20'}'> \n " ;
1468 print "<tr bgcolor=' $color {'color22'}'> \n " ;
1470 print "<td align='left'> $users [ $idx -1]{'CommonName'}</td>" ;
1471 print "<td align='left'> $users [ $idx -1]{'RealAddress'}</td>" ;
1472 print "<td align='left'> $users [ $idx -1]{'VirtualAddress'}</td>" ;
1473 print "<td align='left'> $users [ $idx -1]{'Since'}</td>" ;
1474 print "<td align='left'> $users [ $idx -1]{'BytesSent'}</td>" ;
1475 print "<td align='left'> $users [ $idx -1]{'BytesReceived'}</td>" ;
1476 print "<td align='left'> $users [ $idx -1]{'LastRef'}</td>" ;
1477 # print "<td align='left'>$users[$idx-1]{'Proto'}</td>";
1483 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
1488 <tr><td align='center' > $Lang ::tr{'the statistics were last updated at'} <b> $status </b></td></tr>
1492 & Header
:: closebox
();
1493 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'> $Lang ::tr{'back'}</a></div>" ;
1494 & Header
:: closebigbox
();
1495 & Header
:: closepage
();
1499 ### Download Certificate
1501 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'download certificate' }) {
1502 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1503 if ( - f
"${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem" ) {
1504 print "Content-Disposition: filename=" . $confighash { $cgiparams { 'KEY' }}[ 1 ] . "cert.pem \r\n " ;
1505 print "Content-Type: application/octet-stream \r\n\r\n " ;
1506 print `/bin/cat ${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem` ;
1511 ### Restart connection
1513 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'restart' }) {
1514 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
1515 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1517 if ( $confighash { $cgiparams { 'KEY' }}) {
1519 $errormessage = $Lang :: tr
{ 'invalid key' };
1523 ### Choose between adding a host-net or net-net connection
1525 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'add' } && $cgiparams { 'TYPE' } eq '' ) {
1526 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
1527 & Header
:: showhttpheaders
();
1528 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
1529 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
1530 & Header
:: openbox
( '100%' , 'LEFT' , "Net to Net $Lang ::tr{'connection type'}" );
1532 <b> $Lang ::tr{'connection type'}:</b><br />
1533 <table><form method='post' enctype='multipart/form-data'>
1534 <tr><td><input type='radio' name='TYPE' value='net' checked /></td>
1535 <td class='base'> $Lang ::tr{'net to net vpn'}</td></tr>
1536 <tr><td><input type='radio' name='TYPE' value='zerinan2n' /></td>
1537 <td class='base'>upload a ZERINA Net-to-Net package</td>
1538 <td class='base'><input type='file' name='FH' size='30'></td></tr>
1539 <tr><td align='center'><input type='submit' name='ACTION' value=' $Lang ::tr{'add'}' /></td></tr>
1543 & Header
:: closebox
();
1544 & Header
:: closebigbox
();
1545 & Header
:: closepage
();
1549 ### uploading a ZERINA n2n connection package
1551 } elsif (( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'add' }) && ( $cgiparams { 'TYPE' } eq 'zerinan2n' )){
1554 my $uplconffilename = '' ;
1555 my $uplp12name = '' ;
1556 my $complzoactive = '' ;
1561 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1562 # Move uploaded ZERINA n2n package to a temporary file
1563 if ( ref ( $cgiparams { 'FH' }) ne 'Fh' ) {
1564 $errormessage = $Lang :: tr
{ 'there was no file upload' };
1567 # Move uploaded ca to a temporary file
1568 ( my $fh , my $filename ) = tempfile
( );
1569 if ( copy
( $cgiparams { 'FH' }, $fh ) != 1 ) {
1574 my $zip = Archive
:: Zip
-> new ();
1575 my $zipName = $filename ;
1576 my $status = $zip -> read ( $zipName );
1577 if ( $status != AZ_OK
) {
1578 $errormessage = "Read of $zipName failed \n " ;
1581 #my $tempdir = tempdir( CLEANUP => 1 );
1582 my $tempdir = tempdir
();
1583 my @files = $zip -> memberNames ();
1585 $zip -> extractMemberWithoutPaths ( $_ , " $tempdir / $_ " );
1587 my $countfiles = @files ;
1588 # see if we have 2 files
1589 if ( $countfiles == 2 ){
1591 if ( $_ =~ /.conf$/ ){
1592 $uplconffilename = $_ ;
1594 if ( $_ =~ /.p12$/ ){
1598 if (( $uplconffilename eq '' ) || ( $uplp12name eq '' )){
1599 $errormessage = "Either no *.conf or no *.p12 file found \n " ;
1602 open ( FILE
, " $tempdir / $uplconffilename " ) or die 'Unable to open*.conf file' ;
1603 @zerinaconf = < FILE
>;
1607 # only 2 files are allowed
1608 $errormessage = "Filecount does not match only 2 files are allowed \n " ;
1611 #prepare imported data not elegant, will be changed later
1612 my $ufuk = ( @zerinaconf );
1613 push ( @confdetails , substr ( $zerinaconf [ 0 ], 4 )); #dev tun 0
1614 push ( @confdetails , substr ( $zerinaconf [ 1 ], 8 )); #mtu value 1
1615 push ( @confdetails , substr ( $zerinaconf [ 2 ], 6 )); #protocol 2
1616 if ( $confdetails [ 2 ] eq 'tcp-client' || $confdetails [ 2 ] eq 'tcp-server' ) {
1617 $confdetails [ 2 ] = 'tcp' ;
1619 push ( @confdetails , substr ( $zerinaconf [ 3 ], 5 )); #port 3
1620 push ( @confdetails , substr ( $zerinaconf [ 4 ], 9 )); #ovpn subnet 4
1621 push ( @confdetails , substr ( $zerinaconf [ 5 ], 7 )); #remote ip 5
1622 push ( @confdetails , $zerinaconf [ 6 ]); #tls-server/tls-client 6
1623 push ( @confdetails , substr ( $zerinaconf [ 7 ], 7 )); #pkcs12 name 7
1624 push ( @confdetails , substr ( $zerinaconf [ $ufuk - 1 ], 1 )); #remote subnet 8
1625 push ( @confdetails , substr ( $zerinaconf [ 9 ], 10 )); #keepalive 9
1626 push ( @confdetails , substr ( $zerinaconf [ 10 ], 7 )); #cipher 10
1628 push ( @confdetails , $zerinaconf [ $ufuk - 3 ]); #complzo 11
1629 $complzoactive = "on" ;
1631 $complzoactive = "off" ;
1633 push ( @confdetails , substr ( $zerinaconf [ $ufuk - 2 ], 5 )); #verb 12
1634 push ( @confdetails , substr ( $zerinaconf [ 8 ], 6 )); #localsubnet 13
1635 #push(@confdetails, substr($uplconffilename,0,-5));#connection Name 14
1636 push ( @confdetails , substr ( $uplp12name , 0 ,- 4 )); #connection Name 14
1637 #chomp(@confdetails);
1638 foreach my $dkey ( keys %confighash ) { #Check if there is no other entry with this name
1639 if ( $confighash { $dkey }[ 1 ] eq $confdetails [ $ufuk ]) {
1640 $errormessage = $Lang :: tr
{ 'a connection with this name already exists' };
1644 if ( $confdetails [ $ufuk ] eq 'server' ) {
1645 $errormessage = $Lang :: tr
{ 'server reserved' };
1648 @rem_subnet2 = split ( / / , $confdetails [ 4 ]);
1649 @tmposupnet3 = split /\./ , $rem_subnet2 [ 0 ];
1650 $errormessage = & Ovpnfunc
:: ovelapplausi
( " $tmposupnet3 [0]. $tmposupnet3 [1]. $tmposupnet3 [2].0" , "255.255.255.0" );
1651 if ( $errormessage ne '' ){
1655 $key = & General
:: findhasharraykey
( \
%confighash );
1656 foreach my $i ( 0 .. 42 ) { $confighash { $key }[ $i ] = "" ;}
1657 $confighash { $key }[ 0 ] = 'off' ;
1658 $confighash { $key }[ 1 ] = $confdetails [ $ufuk ];
1659 #$confighash{$key}[2] = $confdetails[7];
1660 $confighash { $key }[ 2 ] = $confdetails [ $ufuk ];
1661 $confighash { $key }[ 3 ] = 'net' ;
1662 $confighash { $key }[ 4 ] = 'cert' ;
1663 $confighash { $key }[ 6 ] = 'client' ;
1664 $confighash { $key }[ 8 ] = $confdetails [ 8 ];
1665 @rem_subnet = split ( / / , $confdetails [ $ufuk - 1 ]);
1666 $confighash { $key }[ 11 ] = " $rem_subnet [0]/ $rem_subnet [1]" ;
1667 $confighash { $key }[ 10 ] = $confdetails [ 5 ];
1668 $confighash { $key }[ 25 ] = 'imported' ;
1669 $confighash { $key }[ 12 ] = 'red' ;
1670 my @tmposupnet = split ( / / , $confdetails [ 4 ]);
1671 my @tmposupnet2 = split /\./ , $tmposupnet [ 0 ];
1672 $confighash { $key }[ 13 ] = " $tmposupnet2 [0]. $tmposupnet2 [1]. $tmposupnet2 [2].0/255.255.255.0" ;
1673 $confighash { $key }[ 14 ] = $confdetails [ 2 ];
1674 $confighash { $key }[ 15 ] = $confdetails [ 3 ];
1675 $confighash { $key }[ 16 ] = $complzoactive ;
1676 $confighash { $key }[ 17 ] = $confdetails [ 1 ];
1677 $confighash { $key }[ 18 ] = '' ; # nn2nvpn_ip
1678 $confighash { $key }[ 19 ] = 'yes' ; # nn2nvpn_ip
1679 $confighash { $key }[ 20 ] = $confdetails [ 10 ];
1680 $cgiparams { 'KEY' } = $key ;
1681 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1682 mkdir ( "${General::swroot}/ovpn/n2nconf/ $confdetails [ $ufuk ]" , 0770 );
1683 move
( " $tempdir / $uplconffilename " , "${General::swroot}/ovpn/n2nconf/ $confdetails [ $ufuk ]/ $uplconffilename " );
1685 $errormessage = "*.conf move failed: $!" ;
1689 move
( " $tempdir / $uplp12name " , "${General::swroot}/ovpn/n2nconf/ $confdetails [ $ufuk ]/ $uplp12name " );
1691 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
1697 & Header
:: showhttpheaders
();
1698 & Header
:: openpage
( 'Validate imported configuration' , 1 , '' );
1699 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
1700 if ( $errormessage ) {
1701 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
1702 print "<class name='base'> $errormessage " ;
1703 print " </class>" ;
1704 & Header
:: closebox
();
1706 & Header
:: openbox
( '100%' , 'LEFT' , 'Validate imported configuration' );
1708 if ( $errormessage eq '' ){
1710 <!-- net2net config gui -->
1711 <tr><td width='25%'> </td>
1712 <td width='25%'> </td></tr>
1713 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'name'}:</td>
1714 <td><b> $confdetails [ $ufuk ]</b></td></tr>
1715 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'Act as'}</td>
1716 <td><b> $confdetails [6]</b></td>
1717 <td class='boldbase'> $Lang ::tr{'remote host/ip'}:</td>
1718 <td><b> $confdetails [5]</b></td></tr>
1719 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'local subnet'}</td>
1720 <td><b> $confighash { $key }[8]</b></td>
1721 <td class='boldbase' nowrap='nowrap'> $Lang ::tr{'remote subnet'}</td>
1722 <td><b> $confighash { $key }[11]</b></td></tr>
1723 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'ovpn subnet'}</td>
1724 <td><b> $confighash { $key }[ $ufuk -1]</b></td></tr>
1725 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'protocol'}</td>
1726 <td><b> $confdetails [2]</b></td>
1727 <td class='boldbase'> $Lang ::tr{'destination port'}:</td>
1728 <td><b> $confdetails [3]</b></td></tr>
1729 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'comp-lzo'}</td>
1730 <td><b> $complzoactive </b></td>
1731 <td class='boldbase'> $Lang ::tr{'cipher'}</td>
1732 <td><b> $confdetails [10]</b></td></tr>
1733 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'MTU'} <img src='/blob.gif' /></td>
1734 <td><b> $confdetails [1]</b></td></tr>
1738 & Header
:: closebox
();
1740 if ( $errormessage ) {
1741 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'> $Lang ::tr{'back'}</a></div>" ;
1743 print "<div align='center'><form method='post' enctype='multipart/form-data'><input type='submit' name='ACTION' value='Approved' />" ;
1744 print "<input type='hidden' name='TYPE' value='zerinan2n' />" ;
1745 print "<input type='hidden' name='KEY' value=' $cgiparams {'KEY'}' />" ;
1746 print "<input type='submit' name='ACTION' value='Discard' /></div></form>" ;
1748 & Header
:: closebigbox
();
1749 & Header
:: closepage
();
1753 ### Approve Zerina n2n
1755 } elsif (( $cgiparams { 'ACTION' } eq 'Approved' ) && ( $cgiparams { 'TYPE' } eq 'zerinan2n' )){
1756 & Ovpnfunc
:: writenet2netconf
( $cgiparams { 'KEY' }, $zerinaclient );
1758 ### Discard Zerina n2n
1760 } elsif (( $cgiparams { 'ACTION' } eq 'Discard' ) && ( $cgiparams { 'TYPE' } eq 'zerinan2n' )){
1761 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
1762 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1764 if ( $confighash { $cgiparams { 'KEY' }}) {
1765 & Ovpnfunc
:: removenet2netconf
();
1766 delete $confighash { $cgiparams { 'KEY' }};
1767 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1769 $errormessage = $Lang :: tr
{ 'invalid key' };
1772 ### Adding a new connection
1774 } elsif (( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'add' }) ||
1775 ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'edit' }) ||
1776 ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' } && $cgiparams { 'ADVANCED' } eq '' )) {
1778 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
1779 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
1780 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1782 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'edit' }) {
1783 if (! $confighash { $cgiparams { 'KEY' }}[ 0 ]) {
1784 $errormessage = $Lang :: tr
{ 'invalid key' };
1787 $cgiparams { 'ENABLED' } = $confighash { $cgiparams { 'KEY' }}[ 0 ];
1788 $cgiparams { 'NAME' } = $confighash { $cgiparams { 'KEY' }}[ 1 ];
1789 $cgiparams { 'TYPE' } = $confighash { $cgiparams { 'KEY' }}[ 3 ];
1790 $cgiparams { 'AUTH' } = $confighash { $cgiparams { 'KEY' }}[ 4 ];
1791 $cgiparams { 'PSK' } = $confighash { $cgiparams { 'KEY' }}[ 5 ];
1792 $cgiparams { 'SIDE' } = $confighash { $cgiparams { 'KEY' }}[ 6 ];
1793 $cgiparams { 'LOCAL_SUBNET' } = $confighash { $cgiparams { 'KEY' }}[ 8 ];
1794 $cgiparams { 'REMOTE' } = $confighash { $cgiparams { 'KEY' }}[ 10 ];
1795 $cgiparams { 'REMOTE_SUBNET' } = $confighash { $cgiparams { 'KEY' }}[ 11 ];
1796 $cgiparams { 'REMARK' } = $confighash { $cgiparams { 'KEY' }}[ 25 ];
1797 $cgiparams { 'INTERFACE' } = $confighash { $cgiparams { 'KEY' }}[ 12 ];
1798 $cgiparams { 'OVPN_SUBNET' } = $confighash { $cgiparams { 'KEY' }}[ 13 ]; #new fields
1799 $cgiparams { 'PROTOCOL' } = $confighash { $cgiparams { 'KEY' }}[ 14 ];
1800 $cgiparams { 'DEST_PORT' } = $confighash { $cgiparams { 'KEY' }}[ 15 ];
1801 $cgiparams { 'COMPLZO' } = $confighash { $cgiparams { 'KEY' }}[ 16 ];
1802 $cgiparams { 'MTU' } = $confighash { $cgiparams { 'KEY' }}[ 17 ];
1803 $cgiparams { 'N2NVPN_IP' } = $confighash { $cgiparams { 'KEY' }}[ 18 ]; #new fields
1804 $cgiparams { 'ZERINA_CLIENT' } = $confighash { $cgiparams { 'KEY' }}[ 19 ]; #new fields
1805 $cgiparams { 'CIPHER' } = $confighash { $cgiparams { 'KEY' }}[ 20 ]; #new fields
1806 if ( $cgiparams { 'ZERINA_CLIENT' } eq '' ){
1807 $cgiparams { 'ZERINA_CLIENT' } = 'no' ;
1809 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' }) { #ab hiere error uebernehmen
1810 $cgiparams { 'REMARK' } = & Header
:: cleanhtml
( $cgiparams { 'REMARK' });
1812 if ( $cgiparams { 'TYPE' } !~ /^(host|net)$/ ) {
1813 $errormessage = $Lang :: tr
{ 'connection type is invalid' };
1816 if ( $cgiparams { 'NAME' } !~ /^[a-zA-Z0-9]+$/ ) {
1817 $errormessage = $Lang :: tr
{ 'name must only contain characters' };
1820 if ( $cgiparams { 'NAME' } =~ /^(host|01|block|private|clear|packetdefault|server)$/ ) {
1821 $errormessage = $Lang :: tr
{ 'name is invalid' };
1824 if ( length ( $cgiparams { 'NAME' }) > 60 ) {
1825 $errormessage = $Lang :: tr
{ 'name too long' };
1828 if (! $cgiparams { 'KEY' }) { # Check if there is no other entry with this name
1829 foreach my $key ( keys %confighash ) {
1830 if ( $confighash { $key }[ 1 ] eq $cgiparams { 'NAME' }) {
1831 $errormessage = $Lang :: tr
{ 'a connection with this name already exists' };
1836 if (( $cgiparams { 'TYPE' } eq 'net' ) && (! $cgiparams { 'REMOTE' })) {
1837 $errormessage = $Lang :: tr
{ 'invalid input for remote host/ip' };
1840 if ( $cgiparams { 'REMOTE' }) {
1841 if (! & General
:: validip
( $cgiparams { 'REMOTE' })) {
1842 if (! & General
:: validfqdn
( $cgiparams { 'REMOTE' })) {
1843 $errormessage = $Lang :: tr
{ 'invalid input for remote host/ip' };
1846 if (& Ovpnfunc
:: valid_dns_host
( $cgiparams { 'REMOTE' })) {
1847 $warnmessage = " $Lang ::tr{'check vpn lr'} $cgiparams {'REMOTE'}. $Lang ::tr{'dns check failed'}" ;
1852 if ( $cgiparams { 'TYPE' } ne 'host' ) {
1853 unless (& General
:: validipandmask
( $cgiparams { 'LOCAL_SUBNET' })) {
1854 $errormessage = $Lang :: tr
{ 'local subnet is invalid' };
1859 my @tmpovpnsubnet = split ( "\/" , $cgiparams { 'LOCAL_SUBNET' });
1860 $tmpovpnsubnet [ 1 ] = & Ovpnfunc
:: cidrormask
( $tmpovpnsubnet [ 1 ]);
1861 $cgiparams { 'LOCAL_SUBNET' } = " $tmpovpnsubnet [0]/ $tmpovpnsubnet [1]" ; #convert from cidr
1863 if ( $cgiparams { 'REMOTE' } eq '' ) { # Check if there is no other entry without IP-address and PSK
1864 foreach my $key ( keys %confighash ) {
1865 if (( $cgiparams { 'KEY' } ne $key ) && ( $confighash { $key }[ 4 ] eq 'psk' || $cgiparams { 'AUTH' } eq 'psk' ) && $confighash { $key }[ 10 ] eq '' ) {
1866 $errormessage = $Lang :: tr
{ 'you can only define one roadwarrior connection when using pre-shared key authentication' };
1871 if (( $cgiparams { 'TYPE' } eq 'net' ) && (! & General
:: validipandmask
( $cgiparams { 'REMOTE_SUBNET' }))) {
1872 $errormessage = $Lang :: tr
{ 'remote subnet is invalid' };
1876 my @tmpovpnsubnet = split ( "\/" , $cgiparams { 'REMOTE_SUBNET' });
1877 $tmpovpnsubnet [ 1 ] = & Ovpnfunc
:: cidrormask
( $tmpovpnsubnet [ 1 ]);
1878 $cgiparams { 'REMOTE_SUBNET' } = " $tmpovpnsubnet [0]/ $tmpovpnsubnet [1]" ; #convert from cidr
1880 if ( $cgiparams { 'ENABLED' } !~ /^(on|off)$/ ) {
1881 $errormessage = $Lang :: tr
{ 'invalid input' };
1884 if ( $cgiparams { 'EDIT_ADVANCED' } !~ /^(on|off)$/ ) {
1885 $errormessage = $Lang :: tr
{ 'invalid input' };
1888 if ( $cgiparams { 'ENABLED' } eq 'on' ){
1889 $errormessage = & Ovpnfunc
:: disallowreserved
( $cgiparams { 'DEST_PORT' }, 0 , $cgiparams { 'PROTOCOL' }, "dest" );
1891 if ( $errormessage ) { goto VPNCONF_ERROR
; }
1893 if ( $cgiparams { 'ENABLED' } eq 'on' ){
1894 $errormessage = & Ovpnfunc
:: checkportfw
( 0 , $cgiparams { 'DEST_PORT' }, $cgiparams { 'PROTOCOL' }, '0.0.0.0' );
1896 if ( $errormessage ) { goto VPNCONF_ERROR
; }
1898 if ( $cgiparams { 'TYPE' } eq 'net' ) {
1899 if (! & General
:: validipandmask
( $cgiparams { 'OVPN_SUBNET' })) {
1900 $errormessage = $Lang :: tr
{ 'ovpn subnet is invalid' };
1904 my @tmpovpnsubnet = split ( "\/" , $cgiparams { 'OVPN_SUBNET' });
1905 $tmpovpnsubnet [ 1 ] = & Ovpnfunc
:: cidrormask
( $tmpovpnsubnet [ 1 ]);
1906 $cgiparams { 'OVPN_SUBNET' } = " $tmpovpnsubnet [0]/ $tmpovpnsubnet [1]" ; #convert from cidr
1909 $errormessage = & Ovpnfunc
:: ovelapplausi
( $tmpovpnsubnet [ 0 ], $tmpovpnsubnet [ 1 ]);
1911 if ( $errormessage ne '' ){
1914 if (( length ( $cgiparams { 'MTU' })== 0 ) || (( $cgiparams { 'MTU' }) < 1000 )) {
1915 $errormessage = $Lang :: tr
{ 'invalid mtu input' };
1918 unless (& General
:: validport
( $cgiparams { 'DEST_PORT' })) {
1919 $errormessage = $Lang :: tr
{ 'invalid port' };
1922 # check protcol/port overlap against existing connections gian
1923 foreach my $dkey ( keys %confighash ) { #Check if there is no other entry with this name
1924 if ( $dkey ne $cgiparams { 'KEY' }) {
1925 if ( $confighash { $dkey }[ 14 ] eq $cgiparams { 'PROTOCOL' } && $confighash { $dkey }[ 15 ] eq $cgiparams { 'DEST_PORT' }){
1926 #if ($confighash{$dkey}[14] eq 'on') {
1927 $errormessage = "Choosed Protocol/Port combination is already used by connection: $confighash { $dkey }[1]" ;
1930 # $warnmessage = "Choosed Protcol/Port combination is used by inactive connection: $confighash{$dkey}[1]";
1935 #check protcol/port overlap against RWserver gian
1936 if ( $vpnsettings { 'ENABLED' } eq 'on' ) {
1937 if ( $vpnsettings { 'DPROTOCOL' } eq $cgiparams { 'PROTOCOL' } && $vpnsettings { 'DDEST_PORT' } eq $cgiparams { 'DEST_PORT' }){
1938 $errormessage = "Choosed Protocol/Port combination is already used OpenVPN Roadwarrior Server" ;
1943 if ( $cgiparams { 'AUTH' } eq 'psk' ) {
1945 } elsif ( $cgiparams { 'AUTH' } eq 'certreq' ) {
1947 if ( $cgiparams { 'KEY' }) {
1948 $errormessage = $Lang :: tr
{ 'cant change certificates' };
1951 if ( ref ( $cgiparams { 'FH' }) ne 'Fh' ) {
1952 $errormessage = $Lang :: tr
{ 'there was no file upload' };
1955 ( my $fh , my $filename ) = tempfile
( ); # Move uploaded certificate request to a temporary file
1956 if ( copy
( $cgiparams { 'FH' }, $fh ) != 1 ) {
1960 # Sign the certificate request and move it
1961 # Sign the host certificate request
1962 system ( '/usr/bin/openssl' , 'ca' , '-days' , '999999' ,
1963 '-batch' , '-notext' ,
1965 '-out' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" ,
1966 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" );
1968 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
1970 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" );
1971 & Ovpnfunc
:: newcleanssldatabase
();
1975 & Ovpnfunc
:: deletebackupcert
();
1977 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem` ;
1978 $temp =~ /Subject:.*CN=(.*)[\n]/ ;
1980 $temp =~ s
+/ Email
+, E
+;
1981 $temp =~ s/ ST=/ S=/ ;
1982 $cgiparams { 'CERT_NAME' } = $temp ;
1983 $cgiparams { 'CERT_NAME' } =~ s/,//g ;
1984 $cgiparams { 'CERT_NAME' } =~ s/\'//g ;
1985 if ( $cgiparams { 'CERT_NAME' } eq '' ) {
1986 $errormessage = $Lang :: tr
{ 'could not retrieve common name from certificate' };
1989 } elsif ( $cgiparams { 'AUTH' } eq 'certfile' ) {
1990 if ( $cgiparams { 'KEY' }) {
1991 $errormessage = $Lang :: tr
{ 'cant change certificates' };
1994 if ( ref ( $cgiparams { 'FH' }) ne 'Fh' ) {
1995 $errormessage = $Lang :: tr
{ 'there was no file upload' };
1998 ( my $fh , my $filename ) = tempfile
( ); # Move uploaded certificate to a temporary file
1999 if ( copy
( $cgiparams { 'FH' }, $fh ) != 1 ) {
2003 my $validca = 0 ; # Verify the certificate has a valid CA and move it
2004 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/cacert.pem $filename ` ;
2005 if ( $test =~ /: OK/ ) {
2008 foreach my $key ( keys %cahash ) {
2009 $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/ $cahash { $key }[0]cert.pem $filename ` ;
2010 if ( $test =~ /: OK/ ) {
2016 $errormessage = $Lang :: tr
{ 'certificate does not have a valid ca associated with it' };
2020 move
( $filename , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" );
2022 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
2027 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem` ;
2028 $temp =~ /Subject:.*CN=(.*)[\n]/ ;
2030 $temp =~ s
+/ Email
+, E
+;
2031 $temp =~ s/ ST=/ S=/ ;
2032 $cgiparams { 'CERT_NAME' } = $temp ;
2033 $cgiparams { 'CERT_NAME' } =~ s/,//g ;
2034 $cgiparams { 'CERT_NAME' } =~ s/\'//g ;
2035 if ( $cgiparams { 'CERT_NAME' } eq '' ) {
2036 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" );
2037 $errormessage = $Lang :: tr
{ 'could not retrieve common name from certificate' };
2040 } elsif ( $cgiparams { 'AUTH' } eq 'certgen' ){
2041 if ( $cgiparams { 'KEY' }) {
2042 $errormessage = $Lang :: tr
{ 'cant change certificates' };
2045 if ( length ( $cgiparams { 'CERT_NAME' }) > 60 ) { # Validate input since the form was submitted
2046 $errormessage = $Lang :: tr
{ 'name too long' };
2049 if ( $cgiparams { 'CERT_NAME' } !~ /^[a-zA-Z0-9 ,\.\-_]+$/ ) {
2050 $errormessage = $Lang :: tr
{ 'invalid input for name' };
2053 if ( $cgiparams { 'CERT_EMAIL' } ne '' && (! & General
:: validemail
( $cgiparams { 'CERT_EMAIL' }))) {
2054 $errormessage = $Lang :: tr
{ 'invalid input for e-mail address' };
2057 if ( length ( $cgiparams { 'CERT_EMAIL' }) > 40 ) {
2058 $errormessage = $Lang :: tr
{ 'e-mail address too long' };
2061 if ( $cgiparams { 'CERT_OU' } ne '' && $cgiparams { 'CERT_OU' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
2062 $errormessage = $Lang :: tr
{ 'invalid input for department' };
2065 if ( length ( $cgiparams { 'CERT_ORGANIZATION' }) > 60 ) {
2066 $errormessage = $Lang :: tr
{ 'organization too long' };
2069 if ( $cgiparams { 'CERT_ORGANIZATION' } !~ /^[a-zA-Z0-9 ,\.\-_]+$/ ) {
2070 $errormessage = $Lang :: tr
{ 'invalid input for organization' };
2073 if ( $cgiparams { 'CERT_CITY' } ne '' && $cgiparams { 'CERT_CITY' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
2074 $errormessage = $Lang :: tr
{ 'invalid input for city' };
2077 if ( $cgiparams { 'CERT_STATE' } ne '' && $cgiparams { 'CERT_STATE' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
2078 $errormessage = $Lang :: tr
{ 'invalid input for state or province' };
2081 if ( $cgiparams { 'CERT_COUNTRY' } !~ /^[A-Z]*$/ ) {
2082 $errormessage = $Lang :: tr
{ 'invalid input for country' };
2085 if ( $cgiparams { 'CERT_PASS1' } ne '' && $cgiparams { 'CERT_PASS2' } ne '' ){
2086 if ( length ( $cgiparams { 'CERT_PASS1' }) < 5 ) {
2087 $errormessage = $Lang :: tr
{ 'password too short' };
2091 if ( $cgiparams { 'CERT_PASS1' } ne $cgiparams { 'CERT_PASS2' }) {
2092 $errormessage = $Lang :: tr
{ 'passwords do not match' };
2095 ( my $ou = $cgiparams { 'CERT_OU' }) =~ s/^\s*$/\./ ; # Replace empty strings with a .
2096 ( my $city = $cgiparams { 'CERT_CITY' }) =~ s/^\s*$/\./ ;
2097 ( my $state = $cgiparams { 'CERT_STATE' }) =~ s/^\s*$/\./ ;
2098 my $pid = open ( OPENSSL
, "|-" ); # Create the Host certificate request client
2099 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto VPNCONF_ERROR
;};
2100 if ( $pid ) { # parent
2101 print OPENSSL
" $cgiparams {'CERT_COUNTRY'} \n " ;
2102 print OPENSSL
" $state \n " ;
2103 print OPENSSL
" $city \n " ;
2104 print OPENSSL
" $cgiparams {'CERT_ORGANIZATION'} \n " ;
2105 print OPENSSL
" $ou \n " ;
2106 print OPENSSL
" $cgiparams {'CERT_NAME'} \n " ;
2107 print OPENSSL
" $cgiparams {'CERT_EMAIL'} \n " ;
2108 print OPENSSL
". \n " ;
2109 print OPENSSL
". \n " ;
2112 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
2113 unlink ( "${General::swroot}ovpn/certs/ $cgiparams {'NAME'}key.pem" );
2114 unlink ( "${General::swroot}ovpn/certs/ $cgiparams {'NAME'}req.pem" );
2118 unless ( exec ( '/usr/bin/openssl' , 'req' , '-nodes' , '-rand' , '/proc/interrupts:/proc/net/rt_cache' ,
2119 '-newkey' , 'rsa:1024' ,
2120 '-keyout' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" ,
2121 '-out' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}req.pem" ,
2122 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
2123 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
2124 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" );
2125 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}req.pem" );
2129 # Sign the host certificate request
2130 system ( '/usr/bin/openssl' , 'ca' , '-days' , '999999' ,
2131 '-batch' , '-notext' ,
2132 '-in' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}req.pem" ,
2133 '-out' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" ,
2134 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" );
2136 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
2137 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" );
2138 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}req.pem" );
2139 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" );
2140 & Ovpnfunc
:: newcleanssldatabase
();
2143 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}req.pem" );
2144 & Ovpnfunc
:: deletebackupcert
();
2146 # Create the pkcs12 file
2147 system ( '/usr/bin/openssl' , 'pkcs12' , '-export' ,
2148 '-inkey' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" ,
2149 '-in' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" ,
2150 '-name' , $cgiparams { 'NAME' },
2151 '-passout' , "pass: $cgiparams {'CERT_PASS1'}" ,
2152 '-certfile' , "${General::swroot}/ovpn/ca/cacert.pem" ,
2153 '-caname' , " $vpnsettings {'ROOTCERT_ORGANIZATION'} CA" ,
2154 '-out' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}.p12" );
2156 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
2157 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" );
2158 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" );
2159 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}.p12" );
2162 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" );
2164 } elsif ( $cgiparams { 'AUTH' } eq 'cert' ) {
2165 ; # Nothing, just editing
2167 $errormessage = $Lang :: tr
{ 'invalid input for authentication method' };
2170 if ((! $cgiparams { 'KEY' }) && ( $cgiparams { 'AUTH' } ne 'psk' )) { # Check if there is no other entry with this common name
2171 foreach my $key ( keys %confighash ) {
2172 if ( $confighash { $key }[ 2 ] eq $cgiparams { 'CERT_NAME' }) {
2173 $errormessage = $Lang :: tr
{ 'a connection with this common name already exists' };
2179 my $key = $cgiparams { 'KEY' }; # Save the config
2181 $key = & General
:: findhasharraykey
( \
%confighash );
2182 foreach my $i ( 0 .. 42 ) { $confighash { $key }[ $i ] = "" ;}
2184 $confighash { $key }[ 0 ] = $cgiparams { 'ENABLED' };
2185 $confighash { $key }[ 1 ] = $cgiparams { 'NAME' };
2186 if ((! $cgiparams { 'KEY' }) && $cgiparams { 'AUTH' } ne 'psk' ) {
2187 $confighash { $key }[ 2 ] = $cgiparams { 'CERT_NAME' };
2189 $confighash { $key }[ 3 ] = $cgiparams { 'TYPE' };
2190 if ( $cgiparams { 'AUTH' } eq 'psk' ) {
2191 $confighash { $key }[ 4 ] = 'psk' ;
2192 $confighash { $key }[ 5 ] = $cgiparams { 'PSK' };
2194 $confighash { $key }[ 4 ] = 'cert' ;
2196 if ( $cgiparams { 'TYPE' } eq 'net' ) {
2197 $confighash { $key }[ 6 ] = $cgiparams { 'SIDE' };
2198 $confighash { $key }[ 11 ] = $cgiparams { 'REMOTE_SUBNET' };
2199 if ( $cgiparams { 'SIDE' } eq 'client' ) {
2200 $confighash { $key }[ 19 ] = 'yes' ;
2202 $confighash { $key }[ 19 ] = 'no' ;
2205 $confighash { $key }[ 8 ] = $cgiparams { 'LOCAL_SUBNET' };
2206 $confighash { $key }[ 10 ] = $cgiparams { 'REMOTE' };
2207 $confighash { $key }[ 25 ] = $cgiparams { 'REMARK' };
2208 $confighash { $key }[ 12 ] = $cgiparams { 'INTERFACE' };
2209 $confighash { $key }[ 13 ] = $cgiparams { 'OVPN_SUBNET' }; # new fields
2210 $confighash { $key }[ 14 ] = $cgiparams { 'PROTOCOL' };
2211 $confighash { $key }[ 15 ] = $cgiparams { 'DEST_PORT' };
2212 $confighash { $key }[ 16 ] = $cgiparams { 'COMPLZO' };
2213 $confighash { $key }[ 17 ] = $cgiparams { 'MTU' };
2214 $confighash { $key }[ 18 ] = $cgiparams { 'N2NVPN_IP' }; # new fileds
2215 $confighash { $key }[ 19 ] = $cgiparams { 'ZERINA_CLIENT' }; # new fileds
2216 $confighash { $key }[ 20 ] = $cgiparams { 'CIPHER' };
2218 #default n2n advanced
2219 $confighash { $key }[ 26 ] = '10' ; #keepalive ping
2220 $confighash { $key }[ 27 ] = '60' ; #keepalive restart
2221 $confighash { $key }[ 28 ] = '0' ; #nice
2222 $confighash { $key }[ 42 ] = '3' ; #verb
2223 #default n2n advanced
2224 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
2225 & Ovpnfunc
:: writenet2netconf
( $key , $zerinaclient );
2227 my $n2nactive = `/bin/ps ax|grep $cgiparams {'NAME'}.conf|grep -v grep|awk \' {print \ $1 } \' ` ;
2228 if ( $cgiparams { 'ENABLED' }) {
2229 if ( $n2nactive eq '' ){
2230 system ( '/usr/local/bin/openvpnctrl' , '-sn2n' , $cgiparams { 'NAME' });
2232 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $n2nactive );
2233 system ( '/usr/local/bin/openvpnctrl' , '-sn2n' , $cgiparams { 'NAME' });
2236 if ( $n2nactive ne '' ){
2237 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $cgiparams { 'NAME' });
2240 if ( $cgiparams { 'EDIT_ADVANCED' } eq 'on' ) {
2241 $cgiparams { 'KEY' } = $key ;
2242 $cgiparams { 'ACTION' } = $Lang :: tr
{ 'advanced' };
2246 $cgiparams { 'ENABLED' } = 'on' ;
2247 if ( $cgiparams { 'ZERINA_CLIENT' } eq '' ){
2248 $cgiparams { 'ZERINA_CLIENT' } = 'no' ;
2250 if ( ! - f
"${General::swroot}/ovpn/ca/cakey.pem" ) {
2251 $cgiparams { 'AUTH' } = 'psk' ;
2252 } elsif ( ! - f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
2253 $cgiparams { 'AUTH' } = 'certfile' ;
2255 $cgiparams { 'AUTH' } = 'certgen' ;
2257 $cgiparams { 'LOCAL_SUBNET' } = " $netsettings {'GREEN_NETADDRESS'}/ $netsettings {'GREEN_NETMASK'}" ;
2258 $cgiparams { 'CERT_ORGANIZATION' } = $vpnsettings { 'ROOTCERT_ORGANIZATION' };
2259 $cgiparams { 'CERT_CITY' } = $vpnsettings { 'ROOTCERT_CITY' };
2260 $cgiparams { 'CERT_STATE' } = $vpnsettings { 'ROOTCERT_STATE' };
2261 $cgiparams { 'CERT_COUNTRY' } = $vpnsettings { 'ROOTCERT_COUNTRY' };
2264 # n2n default settings
2265 if ( $cgiparams { 'CIPHER' } eq '' ) {
2266 $cgiparams { 'CIPHER' } = 'BF-CBC' ;
2268 if ( $cgiparams { 'MTU' } eq '' ) {
2269 $cgiparams { 'MTU' } = '1400' ;
2271 if ( $cgiparams { 'OVPN_SUBNET' } eq '' ) {
2272 $cgiparams { 'OVPN_SUBNET' } = '10.' . int ( rand ( 256 )) . '.' . int ( rand ( 256 )) . '.0/255.255.255.0' ;
2274 #n2n default settings
2275 $checked { 'ENABLED' }{ 'off' } = '' ;
2276 $checked { 'ENABLED' }{ 'on' } = '' ;
2277 $checked { 'ENABLED' }{ $cgiparams { 'ENABLED' }} = 'CHECKED' ;
2278 $checked { 'ENABLED_BLUE' }{ 'off' } = '' ;
2279 $checked { 'ENABLED_BLUE' }{ 'on' } = '' ;
2280 $checked { 'ENABLED_BLUE' }{ $cgiparams { 'ENABLED_BLUE' }} = 'CHECKED' ;
2281 $checked { 'ENABLED_ORANGE' }{ 'off' } = '' ;
2282 $checked { 'ENABLED_ORANGE' }{ 'on' } = '' ;
2283 $checked { 'ENABLED_ORANGE' }{ $cgiparams { 'ENABLED_ORANGE' }} = 'CHECKED' ;
2284 $checked { 'EDIT_ADVANCED' }{ 'off' } = '' ;
2285 $checked { 'EDIT_ADVANCED' }{ 'on' } = '' ;
2286 $checked { 'EDIT_ADVANCED' }{ $cgiparams { 'EDIT_ADVANCED' }} = 'CHECKED' ;
2287 $selected { 'SIDE' }{ 'server' } = '' ;
2288 $selected { 'SIDE' }{ 'client' } = '' ;
2289 $selected { 'SIDE' }{ $cgiparams { 'SIDE' }} = 'SELECTED' ;
2291 # $selected{'DDEVICE'}{'tun'} = '';
2292 # $selected{'DDEVICE'}{'tap'} = '';
2293 # $selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED';
2295 $selected { 'PROTOCOL' }{ 'udp' } = '' ;
2296 $selected { 'PROTOCOL' }{ 'tcp' } = '' ;
2297 $selected { 'PROTOCOL' }{ $cgiparams { 'PROTOCOL' }} = 'SELECTED' ;
2299 $checked { 'AUTH' }{ 'psk' } = '' ;
2300 $checked { 'AUTH' }{ 'certreq' } = '' ;
2301 $checked { 'AUTH' }{ 'certgen' } = '' ;
2302 $checked { 'AUTH' }{ 'certfile' } = '' ;
2303 $checked { 'AUTH' }{ $cgiparams { 'AUTH' }} = 'CHECKED' ;
2304 $selected { 'INTERFACE' }{ $cgiparams { 'INTERFACE' }} = 'SELECTED' ;
2305 $checked { 'COMPLZO' }{ 'off' } = '' ;
2306 $checked { 'COMPLZO' }{ 'on' } = '' ;
2307 $checked { 'COMPLZO' }{ $cgiparams { 'COMPLZO' }} = 'CHECKED' ;
2308 $selected { 'CIPHER' }{ 'DES-CBC' } = '' ;
2309 $selected { 'CIPHER' }{ 'DES-EDE-CBC' } = '' ;
2310 $selected { 'CIPHER' }{ 'DES-EDE3-CBC' } = '' ;
2311 $selected { 'CIPHER' }{ 'DESX-CBC' } = '' ;
2312 $selected { 'CIPHER' }{ 'RC2-CBC' } = '' ;
2313 $selected { 'CIPHER' }{ 'RC2-40-CBC' } = '' ;
2314 $selected { 'CIPHER' }{ 'RC2-64-CBC' } = '' ;
2315 $selected { 'CIPHER' }{ 'BF-CBC' } = '' ;
2316 $selected { 'CIPHER' }{ 'CAST5-CBC' } = '' ;
2317 $selected { 'CIPHER' }{ 'AES-128-CBC' } = '' ;
2318 $selected { 'CIPHER' }{ 'AES-192-CBC' } = '' ;
2319 $selected { 'CIPHER' }{ 'AES-256-CBC' } = '' ;
2320 $selected { 'CIPHER' }{ $cgiparams { 'CIPHER' }} = 'SELECTED' ;
2323 & Header
:: showhttpheaders
();
2324 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
2325 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
2326 if ( $errormessage ) {
2327 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
2328 print "<class name='base'> $errormessage " ;
2329 print " </class>" ;
2330 & Header
:: closebox
();
2333 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'warning messages'}:" );
2334 print "<class name='base'> $warnmessage " ;
2335 print " </class>" ;
2336 & Header
:: closebox
();
2338 print "<form method='post' enctype='multipart/form-data'>" ;
2339 print "<input type='hidden' name='TYPE' value=' $cgiparams {'TYPE'}' />" ;
2340 print "<input type='hidden' name='ZERINA_CLIENT' value=' $cgiparams {'ZERINA_CLIENT'}' />" ;
2341 if ( $cgiparams { 'KEY' }) {
2342 print "<input type='hidden' name='KEY' value=' $cgiparams {'KEY'}' />" ;
2343 print "<input type='hidden' name='AUTH' value=' $cgiparams {'AUTH'}' />" ;
2345 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'connection'}:" );
2346 print "<table width='100%'> \n " ;
2347 print "<tr><td width='25%' class='boldbase'> $Lang ::tr{'name'}:</td>" ;
2348 if ( $cgiparams { 'TYPE' } eq 'host' ) {
2349 if ( $cgiparams { 'KEY' }) {
2350 print "<td width='35%' class='base'><input type='hidden' name='NAME' value=' $cgiparams {'NAME'}' /> $cgiparams {'NAME'}</td> \n " ;
2352 print "<td width='35%'><input type='text' name='NAME' value=' $cgiparams {'NAME'}' maxlength='20' size='30' /></td>" ;
2355 print "<input type='hidden' name='INTERFACE' value='red' />" ;
2356 if ( $cgiparams { 'KEY' }) {
2357 print "<td width='25%' class='base' nowrap='nowrap'><input type='hidden' name='NAME' value=' $cgiparams {'NAME'}' /> $cgiparams {'NAME'}</td>" ;
2359 print "<td width='25%'><input type='text' name='NAME' value=' $cgiparams {'NAME'}' maxlength='20' /></td>" ;
2361 print "<!-- net2net config gui -->" ;
2362 print "<td width='25%'> </td>" ;
2363 print "<td width='25%'> </td></tr>" ;
2364 if ((( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'edit' }) && ( $cgiparams { 'ZERINA_CLIENT' } eq 'no' )) ||
2365 (( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' }) && ( $cgiparams { 'ZERINA_CLIENT' } eq 'no' )) ||
2366 (( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'add' }) && ( $cgiparams { 'ZERINA_CLIENT' } eq 'no' ))) {
2367 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'Act as'}</td>" ;
2368 print "<td><select name='SIDE'><option value='server' $selected {'SIDE'}{'server'}>OpenVPN Server</option>" ;
2369 print "<option value='client' $selected {'SIDE'}{'client'}>OpenVPN Client</option></select></td>" ;
2370 print "<tr><td class='base' nowrap='nowrap'> $Lang ::tr{'local vpn hostname/ip'}:</td>" ;
2371 print "<td><input type='text' name='N2NVPN_IP' value=' $cgiparams {'N2NVPN_IP'}' size='30' /></td>" ;
2372 print "<td class='boldbase'> $Lang ::tr{'remote host/ip'}:</td>" ;
2374 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'Act as'}</td>" ;
2375 print "<td> $cgiparams {'SIDE'}</td><input type='hidden' name='SIDE' value=' $cgiparams {'SIDE'}' />" ;
2376 print "<td class='boldbase'> $Lang ::tr{'remote host/ip'}:</td>" ;
2378 print "<td><input type='TEXT' name='REMOTE' value=' $cgiparams {'REMOTE'}' /></td></tr>" ;
2379 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'local subnet'}</td>" ;
2380 print "<td><input type='TEXT' name='LOCAL_SUBNET' value=' $cgiparams {'LOCAL_SUBNET'}' /></td>" ;
2381 print "<td class='boldbase' nowrap='nowrap'> $Lang ::tr{'remote subnet'}</td>" ;
2382 print "<td><input type='text' name='REMOTE_SUBNET' value=' $cgiparams {'REMOTE_SUBNET'}' /></td></tr>" ;
2383 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'ovpn subnet'}</td>" ;
2384 print "<td><input type='TEXT' name='OVPN_SUBNET' value=' $cgiparams {'OVPN_SUBNET'}' /></td></tr>" ;
2385 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'protocol'}</td>" ;
2386 print "<td><select name='PROTOCOL'><option value='udp' $selected {'PROTOCOL'}{'udp'}>UDP</option>" ;
2387 print "<option value='tcp' $selected {'PROTOCOL'}{'tcp'}>TCP</option></select></td>" ;
2388 print "<td class='boldbase'> $Lang ::tr{'destination port'}:</td>" ;
2389 print "<td><input type='TEXT' name='DEST_PORT' value=' $cgiparams {'DEST_PORT'}' size='5' /></td></tr>" ;
2390 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'comp-lzo'}</td>" ;
2391 print "<td><input type='checkbox' name='COMPLZO' $checked {'COMPLZO'}{'on'} /></td>" ;
2392 print "<td class='boldbase' nowrap='nowrap'> $Lang ::tr{'cipher'}</td>" ;
2393 print "<td><select name='CIPHER'><option value='DES-CBC' $selected {'CIPHER'}{'DES-CBC'}>DES-CBC</option>" ;
2394 print "<option value='DES-EDE-CBC' $selected {'CIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC</option>" ;
2395 print "<option value='DES-EDE3-CBC' $selected {'CIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC</option>" ;
2396 print "<option value='DESX-CBC' $selected {'CIPHER'}{'DESX-CBC'}>DESX-CBC</option>" ;
2397 print "<option value='RC2-CBC' $selected {'CIPHER'}{'RC2-CBC'}>RC2-CBC</option>" ;
2398 print "<option value='RC2-40-CBC' $selected {'CIPHER'}{'RC2-40-CBC'}>RC2-40-CBC</option>" ;
2399 print "<option value='RC2-64-CBC' $selected {'CIPHER'}{'RC2-64-CBC'}>RC2-64-CBC</option>" ;
2400 print "<option value='BF-CBC' $selected {'CIPHER'}{'BF-CBC'}>BF-CBC</option>" ;
2401 print "<option value='CAST5-CBC' $selected {'CIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>" ;
2402 print "<option value='AES-128-CBC' $selected {'CIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>" ;
2403 print "<option value='AES-192-CBC' $selected {'CIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>" ;
2404 print "<option value='AES-256-CBC' $selected {'CIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td>" ;
2405 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'MTU'} </td>" ;
2406 print "<td> <input type='TEXT' name='MTU' VALUE=' $cgiparams {'MTU'}'size='5' /></TD>" ;
2408 print "<tr><td class='boldbase'> $Lang ::tr{'remark title'} <img src='/blob.gif' /></td>" ;
2409 print "<td colspan='3'><input type='text' name='REMARK' value=' $cgiparams {'REMARK'}' size='55' maxlength='50' /></td></tr>" ;
2410 # if ($cgiparams{'TYPE'} eq 'net') {
2411 print "<tr><td> $Lang ::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td> \n " ;
2413 if ( $cgiparams { 'TYPE' } eq 'host' ) {
2414 print "<td colspan='3'> </td></tr></table>" ;
2415 } elsif ( $cgiparams { 'ACTION' } ne $Lang :: tr
{ 'edit' }){
2416 print "<td colspan='3'><input type='checkbox' name='EDIT_ADVANCED' $checked {'EDIT_ADVANCED'}{'on'}/> $Lang ::tr{'edit advanced settings when done'}</tr></table>" ;
2418 print "<td colspan='3'></tr></table>" ;
2422 & Header
:: closebox
();
2423 if ( $cgiparams { 'KEY' } && $cgiparams { 'AUTH' } eq 'psk' ) {
2425 } elsif (! $cgiparams { 'KEY' }) {
2427 my $cakeydisabled = '' ;
2428 my $cacrtdisabled = '' ;
2429 if ( ! - f
"${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" };
2430 if ( ! - f
"${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" };
2431 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'authentication' });
2433 <table width='100%' cellpadding='0' cellspacing='5' border='0'>
2434 <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr>
2435 <tr><td><input type='radio' name='AUTH' value='certreq' $checked {'AUTH'}{'certreq'} $cakeydisabled /></td>
2436 <td class='base'> $Lang ::tr{'upload a certificate request'}</td>
2437 <td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled ></td></tr>
2438 <tr><td><input type='radio' name='AUTH' value='certfile' $checked {'AUTH'}{'certfile'} $cacrtdisabled /></td>
2439 <td class='base'> $Lang ::tr{'upload a certificate'}</td></tr>
2440 <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' BORDER='0' /></td></tr>
2441 <tr><td><input type='radio' name='AUTH' value='certgen' $checked {'AUTH'}{'certgen'} $cakeydisabled /></td>
2442 <td class='base'> $Lang ::tr{'generate a certificate'}</td><td> </td></tr>
2444 <td class='base'> $Lang ::tr{'users fullname or system hostname'}:</td>
2445 <td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value=' $cgiparams {'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
2447 <td class='base'> $Lang ::tr{'users email'}: <img src='/blob.gif' /></td>
2448 <td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value=' $cgiparams {'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
2450 <td class='base'> $Lang ::tr{'users department'}: <img src='/blob.gif' /></td>
2451 <td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value=' $cgiparams {'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
2453 <td class='base'> $Lang ::tr{'organization name'}: <img src='/blob.gif' /></td>
2454 <td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value=' $cgiparams {'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
2456 <td class='base'> $Lang ::tr{'city'}: <img src='/blob.gif'></td>
2457 <td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value=' $cgiparams {'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
2459 <td class='base'> $Lang ::tr{'state or province'}: <img src='/blob.gif' /></td>
2460 <td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value=' $cgiparams {'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
2462 <td class='base'> $Lang ::tr{'country'}:</td>
2463 <td class='base'><select name='CERT_COUNTRY' $cakeydisabled >
2466 foreach my $country ( sort keys %{ Countries
:: countries
}) {
2467 print "<option value=' $Countries ::countries{ $country }'" ;
2468 if ( $Countries :: countries
{ $country } eq $cgiparams { 'CERT_COUNTRY' } ) {
2469 print " selected='selected'" ;
2471 print "> $country </option>" ;
2476 <td class='base'> $Lang ::tr{'pkcs12 file password'}:</td>
2477 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value=' $cgiparams {'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr>
2478 <tr><td> </td><td class='base'> $Lang ::tr{'pkcs12 file password'}:<BR>( $Lang ::tr{'confirmation'})</td>
2479 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value=' $cgiparams {'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr>
2483 & Header
:: closebox
();
2485 print "<div align='center'><input type='submit' name='ACTION' value=' $Lang ::tr{'save'}' />" ;
2486 if ( $cgiparams { 'KEY' }) {
2487 if ( $cgiparams { 'TYPE' } ne 'host' ) {
2488 print "<input type='submit' name='ACTION' value=' $Lang ::tr{'advanced'}' />" ;
2491 print "<input type='submit' name='ACTION' value=' $Lang ::tr{'cancel'}' /></div></form>" ;
2492 & Header
:: closebigbox
();
2493 & Header
:: closepage
();
2499 ### Advanced settings
2501 if (( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'advanced' }) ||
2502 ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' } && $cgiparams { 'ADVANCED' } eq 'yes' )) {
2503 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
2504 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
2506 if (! $confighash { $cgiparams { 'KEY' }}) {
2507 $errormessage = $Lang :: tr
{ 'invalid key' };
2511 if ( $cgiparams { 'KEEPALIVE_1' } ne '' ) {
2512 if ( $cgiparams { 'KEEPALIVE_1' } !~ /^[0-9]+$/ ) {
2513 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 1' };
2514 goto ADVANCED_ERROR
;
2517 if ( $cgiparams { 'KEEPALIVE_2' } ne '' ){
2518 if ( $cgiparams { 'KEEPALIVE_2' } !~ /^[0-9]+$/ ) {
2519 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 2' };
2520 goto ADVANCED_ERROR
;
2523 if ( $cgiparams { 'KEEPALIVE_2' } < ( $cgiparams { 'KEEPALIVE_1' } * 2 )){
2524 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 1:2' };
2525 goto ADVANCED_ERROR
;
2527 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' }) {
2528 # if ($cgiparams{'NAT'} !~ /^(on|off)$/) {
2529 # $errormessage = $Lang::tr{'invalid input'};
2530 # goto ADVANCED_ERROR;
2534 $confighash { $cgiparams { 'KEY' }}[ 26 ] = $cgiparams { 'KEEPALIVE_1' };
2535 $confighash { $cgiparams { 'KEY' }}[ 27 ] = $cgiparams { 'KEEPALIVE_2' };
2536 $confighash { $cgiparams { 'KEY' }}[ 28 ] = $cgiparams { 'EXTENDED_NICE' };
2537 $confighash { $cgiparams { 'KEY' }}[ 29 ] = $cgiparams { 'EXTENDED_FASTIO' };
2538 $confighash { $cgiparams { 'KEY' }}[ 30 ] = $cgiparams { 'EXTENDED_MTUDISC' };
2539 $confighash { $cgiparams { 'KEY' }}[ 31 ] = $cgiparams { 'EXTENDED_MSSFIX' };
2540 $confighash { $cgiparams { 'KEY' }}[ 32 ] = $cgiparams { 'EXTENDED_FRAGMENT' };
2541 $confighash { $cgiparams { 'KEY' }}[ 33 ] = $cgiparams { 'PROXY_HOST' };
2542 $confighash { $cgiparams { 'KEY' }}[ 34 ] = $cgiparams { 'PROXY_PORT' };
2543 $confighash { $cgiparams { 'KEY' }}[ 35 ] = $cgiparams { 'PROXY_USERNAME' };
2544 $confighash { $cgiparams { 'KEY' }}[ 36 ] = $cgiparams { 'PROXY_PASS' };
2545 $confighash { $cgiparams { 'KEY' }}[ 37 ] = $cgiparams { 'PROXY_AUTH_METHOD' };
2546 $confighash { $cgiparams { 'KEY' }}[ 38 ] = $cgiparams { 'http-proxy-retry' };
2547 $confighash { $cgiparams { 'KEY' }}[ 39 ] = $cgiparams { 'PROXY_TIMEOUT' };
2548 $confighash { $cgiparams { 'KEY' }}[ 40 ] = $cgiparams { 'PROXY_OPT_VERSION' };
2549 $confighash { $cgiparams { 'KEY' }}[ 41 ] = $cgiparams { 'PROXY_OPT_AGENT' };
2550 $confighash { $cgiparams { 'KEY' }}[ 42 ] = $cgiparams { 'LOG_VERB' };
2551 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
2552 & Ovpnfunc
:: writenet2netconf
( $cgiparams { 'KEY' }, $zerinaclient );
2553 # restart n2n after advanced save ?
2556 $cgiparams { 'KEEPALIVE_1' } = $confighash { $cgiparams { 'KEY' }}[ 26 ];
2557 $cgiparams { 'KEEPALIVE_2' } = $confighash { $cgiparams { 'KEY' }}[ 27 ];
2558 $cgiparams { 'EXTENDED_NICE' } = $confighash { $cgiparams { 'KEY' }}[ 28 ];
2559 $cgiparams { 'EXTENDED_FASTIO' } = $confighash { $cgiparams { 'KEY' }}[ 29 ];
2560 $cgiparams { 'EXTENDED_MTUDISC' } = $confighash { $cgiparams { 'KEY' }}[ 30 ];
2561 $cgiparams { 'EXTENDED_MSSFIX' } = $confighash { $cgiparams { 'KEY' }}[ 31 ];
2562 $cgiparams { 'EXTENDED_FRAGMENT' } = $confighash { $cgiparams { 'KEY' }}[ 32 ];
2563 $cgiparams { 'PROXY_HOST' } = $confighash { $cgiparams { 'KEY' }}[ 33 ];
2564 $cgiparams { 'PROXY_PORT' } = $confighash { $cgiparams { 'KEY' }}[ 34 ];
2565 $cgiparams { 'PROXY_USERNAME' } = $confighash { $cgiparams { 'KEY' }}[ 35 ];
2566 $cgiparams { 'PROXY_PASS' } = $confighash { $cgiparams { 'KEY' }}[ 36 ];
2567 $cgiparams { 'PROXY_AUTH_METHOD' } = $confighash { $cgiparams { 'KEY' }}[ 37 ];
2568 $cgiparams { 'http-proxy-retry' } = $confighash { $cgiparams { 'KEY' }}[ 38 ];
2569 $cgiparams { 'PROXY_TIMEOUT' } = $confighash { $cgiparams { 'KEY' }}[ 39 ];
2570 $cgiparams { 'PROXY_OPT_VERSION' } = $confighash { $cgiparams { 'KEY' }}[ 40 ];
2571 $cgiparams { 'PROXY_OPT_AGENT' } = $confighash { $cgiparams { 'KEY' }}[ 41 ];
2572 $cgiparams { 'LOG_VERB' } = $confighash { $cgiparams { 'KEY' }}[ 42 ];
2577 $selected { 'EXTENDED_NICE' }{ '-13' } = '' ;
2578 $selected { 'EXTENDED_NICE' }{ '-10' } = '' ;
2579 $selected { 'EXTENDED_NICE' }{ '-7' } = '' ;
2580 $selected { 'EXTENDED_NICE' }{ '-3' } = '' ;
2581 $selected { 'EXTENDED_NICE' }{ '0' } = '' ;
2582 $selected { 'EXTENDED_NICE' }{ '3' } = '' ;
2583 $selected { 'EXTENDED_NICE' }{ '7' } = '' ;
2584 $selected { 'EXTENDED_NICE' }{ '10' } = '' ;
2585 $selected { 'EXTENDED_NICE' }{ '13' } = '' ;
2586 $selected { 'EXTENDED_NICE' }{ $cgiparams { 'EXTENDED_NICE' }} = 'SELECTED' ;
2587 $checked { 'EXTENDED_FASTIO' }{ 'off' } = '' ;
2588 $checked { 'EXTENDED_FASTIO' }{ 'on' } = '' ;
2589 $checked { 'EXTENDED_FASTIO' }{ $cgiparams { 'EXTENDED_FASTIO' }} = 'CHECKED' ;
2590 $checked { 'EXTENDED_MTUDISC' }{ 'off' } = '' ;
2591 $checked { 'EXTENDED_MTUDISC' }{ 'on' } = '' ;
2592 $checked { 'EXTENDED_MTUDISC' }{ $cgiparams { 'EXTENDED_MTUDISC' }} = 'CHECKED' ;
2593 $selected { 'LOG_VERB' }{ '1' } = '' ;
2594 $selected { 'LOG_VERB' }{ '2' } = '' ;
2595 $selected { 'LOG_VERB' }{ '3' } = '' ;
2596 $selected { 'LOG_VERB' }{ '4' } = '' ;
2597 $selected { 'LOG_VERB' }{ '5' } = '' ;
2598 $selected { 'LOG_VERB' }{ '6' } = '' ;
2599 $selected { 'LOG_VERB' }{ '7' } = '' ;
2600 $selected { 'LOG_VERB' }{ '8' } = '' ;
2601 $selected { 'LOG_VERB' }{ '9' } = '' ;
2602 $selected { 'LOG_VERB' }{ '10' } = '' ;
2603 $selected { 'LOG_VERB' }{ '11' } = '' ;
2604 $selected { 'LOG_VERB' }{ '0' } = '' ;
2605 $selected { 'LOG_VERB' }{ $cgiparams { 'LOG_VERB' }} = 'SELECTED' ;
2606 $selected { 'PROXY_AUTH_METHOD' }{ 'none' } = '' ;
2607 $selected { 'PROXY_AUTH_METHOD' }{ 'basic' } = '' ;
2608 $selected { 'PROXY_AUTH_METHOD' }{ 'ntlm' } = '' ;
2609 $selected { 'PROXY_AUTH_METHOD' }{ $cgiparams { 'PROXY_AUTH_METHOD' }} = 'SELECTED' ;
2610 $checked { 'PROXY_RETRY' }{ 'off' } = '' ;
2611 $checked { 'PROXY_RETRY' }{ 'on' } = '' ;
2612 $checked { 'PROXY_RETRY' }{ $cgiparams { 'PROXY_RETRY' }} = 'CHECKED' ;
2614 & Header
:: showhttpheaders
();
2615 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
2616 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
2618 if ( $errormessage ) {
2619 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
2620 print "<class name='base'> $errormessage " ;
2621 print " </class>" ;
2622 & Header
:: closebox
();
2626 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'warning messages' });
2627 print "<class name='base'> $warnmessage " ;
2628 print " </class>" ;
2629 & Header
:: closebox
();
2632 print "<form method='post' enctype='multipart/form-data'> \n " ;
2633 print "<input type='hidden' name='ADVANCED' value='yes' /> \n " ;
2634 print "<input type='hidden' name='KEY' value=' $cgiparams {'KEY'}' /> \n " ;
2636 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'advanced'}:" );
2638 <form method='post' enctype='multipart/form-data'>
2639 <table width='100%'>
2641 <td class'base'><b> $Lang ::tr{'misc-options'}</b></td>
2644 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
2646 <td class='base'>Keppalive (ping/ping-restart)</td>
2647 <td><input type='TEXT' name='KEEPALIVE_1' value=' $cgiparams {'KEEPALIVE_1'}' size='30' /></td>
2648 <td><input type='TEXT' name='KEEPALIVE_2' value=' $cgiparams {'KEEPALIVE_2'}' size='30' /></td>
2652 <td class='base'> $Lang ::tr{'ovpn_processprio'}</td>
2654 <select name='EXTENDED_NICE' disabled='disabled'>
2655 <option value='-13' $selected {'EXTENDED_NICE'}{'-13'}> $Lang ::tr{'ovpn_processprioEH'}</option>
2656 <option value='-10' $selected {'EXTENDED_NICE'}{'-10'}> $Lang ::tr{'ovpn_processprioVH'}</option>
2657 <option value='-7' $selected {'EXTENDED_NICE'}{'-7'}> $Lang ::tr{'ovpn_processprioH'}</option>
2658 <option value='-3' $selected {'EXTENDED_NICE'}{'-3'}> $Lang ::tr{'ovpn_processprioEN'}</option>
2659 <option value='0' $selected {'EXTENDED_NICE'}{'0'}> $Lang ::tr{'ovpn_processprioN'}</option>
2660 <option value='3' $selected {'EXTENDED_NICE'}{'3'}> $Lang ::tr{'ovpn_processprioLN'}</option>
2661 <option value='7' $selected {'EXTENDED_NICE'}{'7'}> $Lang ::tr{'ovpn_processprioD'}</option>
2662 <option value='10' $selected {'EXTENDED_NICE'}{'10'}> $Lang ::tr{'ovpn_processprioVD'}</option>
2663 <option value='13' $selected {'EXTENDED_NICE'}{'13'}> $Lang ::tr{'ovpn_processprioED'}</option>
2668 <td class='base'> $Lang ::tr{'ovpn_fastio'}</td>
2670 <input type='checkbox' name='EXTENDED_FASTIO' $checked {'EXTENDED_FASTIO'}{'on'} disabled='disabled'/>
2674 <td class='base'> $Lang ::tr{'ovpn_mtudisc'}</td>
2676 <input type='checkbox' name='EXTENDED_MTUDISC' $checked {'EXTENDED_MTUDISC'}{'on'} disabled='disabled'/>
2680 <td class='base'> $Lang ::tr{'ovpn_mssfix'}</td>
2682 <input type='TEXT' name='EXTENDED_MSSFIX' value=' $cgiparams {'EXTENDED_MSSFIX'}' size='30' disabled='disabled'/>
2686 <td class='base'> $Lang ::tr{'ovpn_fragment'}</td>
2688 <input type='TEXT' name='EXTENDED_FRAGMENT' value=' $cgiparams {'EXTENDED_FRAGMENT'}' size='30' disabled='disabled'/>
2693 <table width='100%'>
2695 <td class'base'><b> $Lang ::tr{'proxy'} $Lang ::tr{'settings'}</b></td>
2698 <td width='25%'></td> <td width='25%'> </td><td width='25%'> </td><td width='25%'></td>
2700 <td class='base'> $Lang ::tr{'proxy'} $Lang ::tr{'host'}:</td>
2701 <td><input type='TEXT' name='PROXY_HOST' value=' $cgiparams {'PROXY_HOST'}' size='30' disabled='disabled'/></td>
2702 <td class='base'> $Lang ::tr{'proxy port'}:</td>
2703 <td><input type='TEXT' name='PROXY_PORT' value=' $cgiparams {'PROXY_PORT'}' size='10' disabled='disabled'/></td>
2706 <td class='base'> $Lang ::tr{'username'}</td>
2707 <td><input type='TEXT' name='PROXY_USERNAME' value=' $cgiparams {'PROXY_USERNAME'}' size='30' disabled='disabled' /></td>
2708 <td class='base'> $Lang ::tr{'password'}</td>
2709 <td><input type='TEXT' name='PROXY_PASS' value=' $cgiparams {'PROXY_PASS'}' size='10' disabled='disabled'/></td>
2712 <td class='base'> $Lang ::tr{'authentication'} $Lang ::tr{'method'}</td>
2714 <select name='PROXY_AUTH_METHOD' disabled='disabled'>
2715 <option value='none' $selected {'PROXY_AUTH_METHOD'}{'none'}>none</option>
2716 <option value='basic' $selected {'PROXY_AUTH_METHOD'}{'basic'}>basic</option>
2717 <option value='ntlm' $selected {'PROXY_AUTH_METHOD'}{'ntlm'}>ntlm</option>
2722 <td class='base'>http-proxy-retry</td>
2723 <td><input type='checkbox' name='PROXY_RETRY' $checked {'PROXY_RETRY'}{'on'} disabled='disabled' /></td>
2724 <td class='base'>http-proxy-timeout</td>
2725 <td><input type='TEXT' name='PROXY_TIMEOUT' value=' $cgiparams {'PROXY_TIMEOUT'}' size='10' disabled='disabled'/></td>
2727 <td class='base'>http-proxy-option VERSION</td>
2728 <td><input type='TEXT' name='PROXY_OPT_VERSION' value=' $cgiparams {'PROXY_OPT_VERSION'}' size='30' disabled='disabled'/></td>
2729 <td class='base'>http-proxy-option AGENT</td>
2730 <td><input type='TEXT' name='PROXY_OPT_AGENT' value=' $cgiparams {'PROXY_OPT_AGENT'}' size='10' disabled='disabled'/></td>
2734 <table width='100%'>
2736 <td class'base'><b> $Lang ::tr{'log-options'}</b></td>
2739 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
2741 <tr><td class='base'>VERB</td>
2742 <td><select name='LOG_VERB'><option value='1' $selected {'LOG_VERB'}{'1'}>1</option>
2743 <option value='2' $selected {'LOG_VERB'}{'2'}>2</option>
2744 <option value='3' $selected {'LOG_VERB'}{'3'}>3</option>
2745 <option value='4' $selected {'LOG_VERB'}{'4'}>4</option>
2746 <option value='5' $selected {'LOG_VERB'}{'5'}>5</option>
2747 <option value='6' $selected {'LOG_VERB'}{'6'}>6</option>
2748 <option value='7' $selected {'LOG_VERB'}{'7'}>7</option>
2749 <option value='8' $selected {'LOG_VERB'}{'8'}>8</option>
2750 <option value='9' $selected {'LOG_VERB'}{'9'}>9</option>
2751 <option value='10' $selected {'LOG_VERB'}{'10'}>10</option>
2752 <option value='11' $selected {'LOG_VERB'}{'11'}>11</option>
2753 <option value='0' $selected {'LOG_VERB'}{'0'}>0</option></select></td>
2759 & Header
:: closebox
();
2760 print "<div align='center'><input type='submit' name='ACTION' value=' $Lang ::tr{'save'}' />" ;
2761 print "<input type='submit' name='ACTION' value=' $Lang ::tr{'cancel'}' /></div></form>" ;
2762 & Header
:: closebigbox
();
2763 & Header
:: closepage
();
2769 ### Default status page
2774 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%cgiparams );
2775 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
2776 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
2777 my @status = `/bin/cat /var/log/ovpnserver.log` ;
2778 if ( $cgiparams { 'VPN_IP' } eq '' && - e
"${General::swroot}/red/active" ) {
2779 if ( open ( IPADDR
, "${General::swroot}/red/local-ipaddress" )) {
2780 my $ipaddr = < IPADDR
>;
2783 $cgiparams { 'VPN_IP' } = ( gethostbyaddr ( pack ( "C4" , split ( /\./ , $ipaddr )), 2 ))[ 0 ];
2784 if ( $cgiparams { 'VPN_IP' } eq '' ) {
2785 $cgiparams { 'VPN_IP' } = $ipaddr ;
2790 if ( $cgiparams { 'DCIPHER' } eq '' ) {
2791 $cgiparams { 'DCIPHER' } = 'BF-CBC' ;
2793 # if ($cgiparams{'DCOMPLZO'} eq '') {
2794 # $cgiparams{'DCOMPLZO'} = 'on';
2796 if ( $cgiparams { 'DDEST_PORT' } eq '' ) {
2797 $cgiparams { 'DDEST_PORT' } = '1194' ;
2799 if ( $cgiparams { 'DMTU' } eq '' ) {
2800 $cgiparams { 'DMTU' } = '1400' ;
2802 if ( $cgiparams { 'DOVPN_SUBNET' } eq '' ) {
2803 $cgiparams { 'DOVPN_SUBNET' } = '10.' . int ( rand ( 256 )) . '.' . int ( rand ( 256 )) . '.0/255.255.255.0' ;
2805 $checked { 'ENABLED' }{ 'off' } = '' ;
2806 $checked { 'ENABLED' }{ 'on' } = '' ;
2807 $checked { 'ENABLED' }{ $cgiparams { 'ENABLED' }} = 'CHECKED' ;
2808 $checked { 'ENABLED_BLUE' }{ 'off' } = '' ;
2809 $checked { 'ENABLED_BLUE' }{ 'on' } = '' ;
2810 $checked { 'ENABLED_BLUE' }{ $cgiparams { 'ENABLED_BLUE' }} = 'CHECKED' ;
2811 $checked { 'ENABLED_ORANGE' }{ 'off' } = '' ;
2812 $checked { 'ENABLED_ORANGE' }{ 'on' } = '' ;
2813 $checked { 'ENABLED_ORANGE' }{ $cgiparams { 'ENABLED_ORANGE' }} = 'CHECKED' ;
2815 $selected { 'DDEVICE' }{ 'tun' } = '' ;
2816 $selected { 'DDEVICE' }{ 'tap' } = '' ;
2817 $selected { 'DDEVICE' }{ $cgiparams { 'DDEVICE' }} = 'SELECTED' ;
2818 $selected { 'DPROTOCOL' }{ 'udp' } = '' ;
2819 $selected { 'DPROTOCOL' }{ 'tcp' } = '' ;
2820 $selected { 'DPROTOCOL' }{ $cgiparams { 'DPROTOCOL' }} = 'SELECTED' ;
2821 $selected { 'DCIPHER' }{ 'DES-CBC' } = '' ;
2822 $selected { 'DCIPHER' }{ 'DES-EDE-CBC' } = '' ;
2823 $selected { 'DCIPHER' }{ 'DES-EDE3-CBC' } = '' ;
2824 $selected { 'DCIPHER' }{ 'DESX-CBC' } = '' ;
2825 $selected { 'DCIPHER' }{ 'RC2-CBC' } = '' ;
2826 $selected { 'DCIPHER' }{ 'RC2-40-CBC' } = '' ;
2827 $selected { 'DCIPHER' }{ 'RC2-64-CBC' } = '' ;
2828 $selected { 'DCIPHER' }{ 'BF-CBC' } = '' ;
2829 $selected { 'DCIPHER' }{ 'CAST5-CBC' } = '' ;
2830 $selected { 'DCIPHER' }{ 'AES-128-CBC' } = '' ;
2831 $selected { 'DCIPHER' }{ 'AES-192-CBC' } = '' ;
2832 $selected { 'DCIPHER' }{ 'AES-256-CBC' } = '' ;
2833 $selected { 'DCIPHER' }{ $cgiparams { 'DCIPHER' }} = 'SELECTED' ;
2834 $checked { 'DCOMPLZO' }{ 'off' } = '' ;
2835 $checked { 'DCOMPLZO' }{ 'on' } = '' ;
2836 $checked { 'DCOMPLZO' }{ $cgiparams { 'DCOMPLZO' }} = 'CHECKED' ;
2839 & Header
:: showhttpheaders
();
2840 & Header
:: openpage
( $Lang :: tr
{ 'status ovpn' }, 1 , '' );
2841 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
2843 if ( $errormessage ) {
2844 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
2845 print "<class name='base'> $errormessage \n " ;
2846 print " </class> \n " ;
2847 & Header
:: closebox
();
2850 my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'> $Lang ::tr{'stopped'}</font></b></td></tr></table>" ;
2851 my $srunning = "no" ;
2852 my $activeonrun = "" ;
2853 if ( - e
"/var/run/openvpn.pid" ){
2854 $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'> $Lang ::tr{'running'}</font></b></td></tr></table>" ;
2858 $activeonrun = "disabled='disabled'" ;
2862 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'certificate authorities'}:" );
2863 print "<div align='center'><strong>ZERINA-0.9.7a9</strong></div>" ;
2866 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
2868 <td width='25%' class='boldbase' align='center'><b> $Lang ::tr{'name'}</b></td>
2869 <td width='65%' class='boldbase' align='center'><b> $Lang ::tr{'subject'}</b></td>
2870 <td width='10%' class='boldbase' colspan='3' align='center'><b> $Lang ::tr{'action'}</b></td>
2874 if (- f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
2875 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem` ;
2876 $casubject =~ /Subject: (.*)[\n]/ ;
2878 $casubject =~ s
+/ Email
+, E
+;
2879 $casubject =~ s/ ST=/ S=/ ;
2881 <tr bgcolor=' $color {'color22'}'>
2882 <td class='base'> $Lang ::tr{'root certificate'}</td>
2883 <td class='base'> $casubject </td>
2884 <form method='post' name='frmrootcrta'><td width='3%' align='center'>
2885 <input type='hidden' name='ACTION' value=' $Lang ::tr{'show root certificate'}' />
2886 <input type='image' name=' $Lang ::tr{'edit'}' src='/images/info.gif' alt=' $Lang ::tr{'show root certificate'}' title=' $Lang ::tr{'show root certificate'}' width='20' height='20' border='0' />
2888 <form method='post' name='frmrootcrtb'><td width='3%' align='center'>
2889 <input type='image' name=' $Lang ::tr{'download root certificate'}' src='/images/floppy.gif' alt=' $Lang ::tr{'download root certificate'}' title=' $Lang ::tr{'download root certificate'}' border='0' />
2890 <input type='hidden' name='ACTION' value=' $Lang ::tr{'download root certificate'}' />
2892 <td width='4%'> </td></tr>
2896 # display rootcert generation buttons
2898 <tr bgcolor=' $color {'color22'}'>
2899 <td class='base'> $Lang ::tr{'root certificate'}:</td>
2900 <td class='base'> $Lang ::tr{'not present'}</td>
2901 <td colspan='3'> </td></tr>
2906 if (- f
"${General::swroot}/ovpn/certs/servercert.pem" ) {
2907 my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem` ;
2908 $hostsubject =~ /Subject: (.*)[\n]/ ;
2910 $hostsubject =~ s
+/ Email
+, E
+;
2911 $hostsubject =~ s/ ST=/ S=/ ;
2913 <tr bgcolor=' $color {'color20'}'>
2914 <td class='base'> $Lang ::tr{'host certificate'}</td>
2915 <td class='base'> $hostsubject </td>
2916 <form method='post' name='frmhostcrta'><td width='3%' align='center'>
2917 <input type='hidden' name='ACTION' value=' $Lang ::tr{'show host certificate'}' />
2918 <input type='image' name=' $Lang ::tr{'show host certificate'}' src='/images/info.gif' alt=' $Lang ::tr{'show host certificate'}' title=' $Lang ::tr{'show host certificate'}' width='20' height='20' border='0' />
2920 <form method='post' name='frmhostcrtb'><td width='3%' align='center'>
2921 <input type='image' name=' $Lang ::tr{'download host certificate'}' src='/images/floppy.gif' alt=' $Lang ::tr{'download host certificate'}' title=' $Lang ::tr{'download host certificate'}' border='0' />
2922 <input type='hidden' name='ACTION' value=' $Lang ::tr{'download host certificate'}' />
2924 <td width='4%'> </td></tr>
2930 <tr bgcolor=' $color {'color20'}'>
2931 <td width='25%' class='base'> $Lang ::tr{'host certificate'}:</td>
2932 <td class='base'> $Lang ::tr{'not present'}</td>
2933 </td><td colspan='3'> </td></tr>
2938 if (! - f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
2939 print "<tr><td colspan='5' align='center'><form method='post'>" ;
2940 print "<input type='submit' name='ACTION' value=' $Lang ::tr{'generate root/host certificates'}' />" ;
2941 print "</form></td></tr> \n " ;
2944 if ( keys %cahash > 0 ) {
2945 foreach my $key ( keys %cahash ) {
2946 if (( $key + 1 ) % 2 ) {
2947 print "<tr bgcolor=' $color {'color20'}'> \n " ;
2949 print "<tr bgcolor=' $color {'color22'}'> \n " ;
2951 print "<td class='base'> $cahash { $key }[0]</td> \n " ;
2952 print "<td class='base'> $cahash { $key }[1]</td> \n " ;
2954 <form method='post' name='cafrm${key}a'><td align='center'>
2955 <input type='image' name=' $Lang ::tr{'show ca certificate'}' src='/images/info.gif' alt=' $Lang ::tr{'show ca certificate'}' title=' $Lang ::tr{'show ca certificate'}' border='0' />
2956 <input type='hidden' name='ACTION' value=' $Lang ::tr{'show ca certificate'}' />
2957 <input type='hidden' name='KEY' value=' $key ' />
2959 <form method='post' name='cafrm${key}b'><td align='center'>
2960 <input type='image' name=' $Lang ::tr{'download ca certificate'}' src='/images/floppy.gif' alt=' $Lang ::tr{'download ca certificate'}' title=' $Lang ::tr{'download ca certificate'}' border='0' />
2961 <input type='hidden' name='ACTION' value=' $Lang ::tr{'download ca certificate'}' />
2962 <input type='hidden' name='KEY' value=' $key ' />
2964 <form method='post' name='cafrm${key}c'><td align='center'>
2965 <input type='hidden' name='ACTION' value=' $Lang ::tr{'remove ca certificate'}' />
2966 <input type='image' name=' $Lang ::tr{'remove ca certificate'}' src='/images/delete.gif' alt=' $Lang ::tr{'remove ca certificate'}' title=' $Lang ::tr{'remove ca certificate'}' width='20' height='20' border='0' />
2967 <input type='hidden' name='KEY' value=' $key ' />
2974 if ( - f
"${General::swroot}/ovpn/ca/cacert.pem" ) { # If the file contains entries, print Key to action icons
2978 <td class='boldbase'> <b> $Lang ::tr{'legend'}:</b></td>
2979 <td> <img src='/images/info.gif' alt=' $Lang ::tr{'show certificate'}' /></td>
2980 <td class='base'> $Lang ::tr{'show certificate'}</td>
2981 <td> <img src='/images/floppy.gif' alt=' $Lang ::tr{'download certificate'}' /></td>
2982 <td class='base'> $Lang ::tr{'download certificate'}</td>
2989 <form method='post' enctype='multipart/form-data'>
2990 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
2991 <tr><td class='base' nowrap='nowrap'> $Lang ::tr{'ca name'}:</td>
2992 <td nowrap='nowrap'><input type='text' name='CA_NAME' value=' $cgiparams {'CA_NAME'}' size='15' />
2993 <td nowrap='nowrap'><input type='file' name='FH' size='30' /></td>
2994 <td nowrap='nowrap'><input type='submit' name='ACTION' value=' $Lang ::tr{'upload ca certificate'}' /><br /><input type='submit' name='ACTION' value=' $Lang ::tr{'show crl'}' /></td>
2995 </tr></table></form>
2998 & Header
:: closebox
();
2999 if ( $srunning eq "yes" ) {
3000 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value=' $Lang ::tr{'reset'}' disabled='disabled' /></div></form> \n " ;
3002 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value=' $Lang ::tr{'reset'}' /></div></form> \n " ;
3006 #&Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'});
3007 & Header
:: openbox
( '100%' , 'LEFT' , 'Roadwarrior Server' );
3009 <table width='100%'>
3010 <form method='post'>
3011 <td width='25%'> </td>
3012 <td width='25%'> </td>
3013 <td width='25%'> </td></tr>
3014 <tr><td class='boldbase'> $Lang ::tr{'ovpn server status'}</td>
3015 <td align='left'> $sactive </td>
3016 <tr><td class='boldbase'> $Lang ::tr{'ovpn on red'}</td>
3017 <td><input type='checkbox' name='ENABLED' $checked {'ENABLED'}{'on'} /></td>
3020 if (& Ovpnfunc
:: haveBlueNet
()) {
3021 print "<tr><td class='boldbase'> $Lang ::tr{'ovpn on blue'}</td>" ;
3022 print "<td><input type='checkbox' name='ENABLED_BLUE' $checked {'ENABLED_BLUE'}{'on'} /></td>" ;
3024 if (& Ovpnfunc
:: haveOrangeNet
()) {
3025 print "<tr><td class='boldbase'> $Lang ::tr{'ovpn on orange'}</td>" ;
3026 print "<td><input type='checkbox' name='ENABLED_ORANGE' $checked {'ENABLED_ORANGE'}{'on'} /></td>" ;
3029 <tr><td class='base' nowrap='nowrap'> $Lang ::tr{'local vpn hostname/ip'}:</td>
3030 <td><input type='text' name='VPN_IP' value=' $cgiparams {'VPN_IP'}' size='30' /></td>
3031 <td class='boldbase' nowrap='nowrap'></td><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'ovpn subnet'}
3032 <br /><input type='TEXT' name='DOVPN_SUBNET' value=' $cgiparams {'DOVPN_SUBNET'}' size='30' /></td></tr>
3033 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'ovpn device'}</td>
3034 <td><select name='DDEVICE' ><option value='tun' $selected {'DDEVICE'}{'tun'}>TUN</option>
3035 <option value='tap' $selected {'DDEVICE'}{'tap'}>TAP</option></select></td>
3036 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'protocol'}</td>
3037 <td><select name='DPROTOCOL'><option value='udp' $selected {'DPROTOCOL'}{'udp'}>UDP</option>
3038 <option value='tcp' $selected {'DPROTOCOL'}{'tcp'}>TCP</option></select></td>
3039 <td class='boldbase'> $Lang ::tr{'destination port'}:</td>
3040 <td><input type='TEXT' name='DDEST_PORT' value=' $cgiparams {'DDEST_PORT'}' size='5' /></td></tr>
3041 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'MTU'} </td>
3042 <td> <input type='TEXT' name='DMTU' VALUE=' $cgiparams {'DMTU'}'size='5' /></TD>
3043 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'comp-lzo'}</td>
3044 <td><input type='checkbox' name='DCOMPLZO' $checked {'DCOMPLZO'}{'on'} /></td>
3045 <td class='boldbase' nowrap='nowrap'> $Lang ::tr{'cipher'}</td>
3046 <td><select name='DCIPHER'><option value='DES-CBC' $selected {'DCIPHER'}{'DES-CBC'}>DES-CBC</option>
3047 <option value='DES-EDE-CBC' $selected {'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC</option>
3048 <option value='DES-EDE3-CBC' $selected {'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC</option>
3049 <option value='DESX-CBC' $selected {'DCIPHER'}{'DESX-CBC'}>DESX-CBC</option>
3050 <option value='RC2-CBC' $selected {'DCIPHER'}{'RC2-CBC'}>RC2-CBC</option>
3051 <option value='RC2-40-CBC' $selected {'DCIPHER'}{'RC2-40-CBC'}>RC2-40-CBC</option>
3052 <option value='RC2-64-CBC' $selected {'DCIPHER'}{'RC2-64-CBC'}>RC2-64-CBC</option>
3053 <option value='BF-CBC' $selected {'DCIPHER'}{'BF-CBC'}>BF-CBC</option>
3054 <option value='CAST5-CBC' $selected {'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>
3055 <option value='AES-128-CBC' $selected {'DCIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>
3056 <option value='AES-192-CBC' $selected {'DCIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>
3057 <option value='AES-256-CBC' $selected {'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td>
3061 if ( $srunning eq "yes" ) {
3062 print "<tr><td align='left'><input type='submit' name='ACTION' value=' $Lang ::tr{'save'}' disabled='disabled' /></td>" ;
3063 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'advanced server'}' disabled='disabled'/></td>" ;
3064 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'stop ovpn server'}' /></td>" ;
3065 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'restart ovpn server'}' /></td></tr>" ;
3067 print "<tr><td align='left'><input type='submit' name='ACTION' value=' $Lang ::tr{'save'}' /></td>" ;
3068 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'advanced server'}' /></td>" ;
3069 if (( - e
"${General::swroot}/ovpn/ca/cacert.pem" &&
3070 - e
"${General::swroot}/ovpn/ca/dh1024.pem" &&
3071 - e
"${General::swroot}/ovpn/certs/servercert.pem" &&
3072 - e
"${General::swroot}/ovpn/certs/serverkey.pem" ) &&
3073 (( $cgiparams { 'ENABLED' } eq 'on' ) ||
3074 ( $cgiparams { 'ENABLED_BLUE' } eq 'on' ) ||
3075 ( $cgiparams { 'ENABLED_ORANGE' } eq 'on' ))){
3076 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'start ovpn server'}' /></td>" ;
3077 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'restart ovpn server'}' /></td></tr>" ;
3079 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'start ovpn server'}' disabled='disabled' /></td>" ;
3080 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'restart ovpn server'}' disabled='disabled' /></td></tr>" ;
3083 print "</form></table>" ;
3084 & Header
:: closebox
();
3086 & Ovpnfunc
:: rwclientstatus
( $activeonrun );
3087 & Ovpnfunc
:: net2netstatus
( $activeonrun );
3088 & Header
:: closepage
();