]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - html/cgi-bin/ovpnmain.cgi
projects / people / pmueller / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Ajax Speedmeter ist ueber Guioptions deaktivierbar -> friss gut CPU
[people/pmueller/ipfire-2.x.git] / html / cgi-bin / ovpnmain.cgi
1 #!/usr/bin/perl
2 # based on SmoothWall and IPCop CGIs
3 #
4 # This code is distributed under the terms of the GPL
5 # Main idea from zeroconcept
6 # ZERNINA-VERSION:0.9.4i
7 # (c) 2007 Ufuk Altinkaynak
8 #
9
10 use CGI;
11 use CGI qw/:standard/;
12 use Net::DNS;
13 use File::Copy;
14 use File::Temp qw/ tempfile tempdir /;
15 use strict;
16 use Archive::Zip qw(:ERROR_CODES :CONSTANTS);
17 require '/var/ipfire/general-functions.pl';
18 require "${General::swroot}/lang.pl";
19 require "${General::swroot}/header.pl";
20 require "${General::swroot}/countries.pl";
21
22 # enable only the following on debugging purpose
23 #use warnings;
24 #use CGI::Carp 'fatalsToBrowser';
25 #workaround to suppress a warning when a variable is used only once
26 my @dummy = ( ${Header::colourgreen} );
27 undef (@dummy);
28
29 my %color = ();
30 my %mainsettings = ();
31 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
32 &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
33
34 ###
35 ### Initialize variables
36 ###
37 my %netsettings=();
38 my %cgiparams=();
39 my %vpnsettings=();
40 my %checked=();
41 my %confighash=();
42 my %cahash=();
43 my %selected=();
44 my $warnmessage = '';
45 my $errormessage = '';
46 my %settings=();
47 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
48 $cgiparams{'ENABLED'} = 'off';
49 $cgiparams{'ENABLED_BLUE'} = 'off';
50 $cgiparams{'ENABLED_ORANGE'} = 'off';
51 $cgiparams{'EDIT_ADVANCED'} = 'off';
52 $cgiparams{'NAT'} = 'off';
53 $cgiparams{'COMPRESSION'} = 'off';
54 $cgiparams{'ONLY_PROPOSED'} = 'off';
55 $cgiparams{'ACTION'} = '';
56 $cgiparams{'CA_NAME'} = '';
57 $cgiparams{'DHCP_DOMAIN'} = '';
58 $cgiparams{'DHCP_DNS'} = '';
59 $cgiparams{'DHCP_WINS'} = '';
60 $cgiparams{'DCOMPLZO'} = 'off';
61 &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
62
63 # prepare openvpn config file
64 ###
65 ### Useful functions
66 ###
67 sub haveOrangeNet
68 {
69 if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;}
70 if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
71 return 0;
72 }
73
74 sub haveBlueNet
75 {
76 if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;}
77 if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
78 return 0;
79 }
80
81 sub sizeformat{
82 my $bytesize = shift;
83 my $i = 0;
84
85 while(abs($bytesize) >= 1024){
86 $bytesize=$bytesize/1024;
87 $i++;
88 last if($i==6);
89 }
90
91 my @units = ("Bytes","KB","MB","GB","TB","PB","EB");
92 my $newsize=(int($bytesize*100 +0.5))/100;
93 return("$newsize $units[$i]");
94 }
95
96 sub valid_dns_host {
97 my $hostname = $_[0];
98 unless ($hostname) { return "No hostname"};
99 my $res = new Net::DNS::Resolver;
100 my $query = $res->search("$hostname");
101 if ($query) {
102 foreach my $rr ($query->answer) {
103 ## Potential bug - we are only looking at A records:
104 return 0 if $rr->type eq "A";
105 }
106 } else {
107 return $res->errorstring;
108 }
109 }
110
111 sub cleanssldatabase
112 {
113 if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
114 print FILE "01";
115 close FILE;
116 }
117 if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt")) {
118 print FILE "";
119 close FILE;
120 }
121 unlink ("${General::swroot}/ovpn/certs/index.txt.old");
122 unlink ("${General::swroot}/ovpn/certs/serial.old");
123 unlink ("${General::swroot}/ovpn/certs/01.pem");
124 }
125
126 sub newcleanssldatabase
127 {
128 if (! -s "${General::swroot}/ovpn/certs/serial" ) {
129 open(FILE, ">${General::swroot}(ovpn/certs/serial");
130 print FILE "01";
131 close FILE;
132 }
133 if (! -s ">${General::swroot}/ovpn/certs/index.txt") {
134 system ("touch ${General::swroot}/ovpn/certs/index.txt");
135 }
136 unlink ("${General::swroot}/ovpn/certs/index.txt.old");
137 unlink ("${General::swroot}/ovpn/certs/serial.old");
138 }
139
140 sub deletebackupcert
141 {
142 if (open(FILE, "${General::swroot}/ovpn/certs/serial.old")) {
143 my $hexvalue = <FILE>;
144 chomp $hexvalue;
145 close FILE;
146 unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem");
147 }
148 }
149
150 sub checkportfw {
151 my $KEY2 = $_[0]; # key2
152 my $SRC_PORT = $_[1]; # src_port
153 my $PROTOCOL = $_[2]; # protocol
154 my $SRC_IP = $_[3]; # sourceip
155
156 my $pfwfilename = "${General::swroot}/portfw/config";
157 open(FILE, $pfwfilename) or die 'Unable to open config file.';
158 my @pfwcurrent = <FILE>;
159 close(FILE);
160 my $pfwkey1 = 0; # used for finding last sequence number used
161 foreach my $pfwline (@pfwcurrent)
162 {
163 my @pfwtemp = split(/\,/,$pfwline);
164
165 chomp ($pfwtemp[8]);
166 if ($KEY2 eq "0"){ # if key2 is 0 then it is a portfw addition
167 if ( $SRC_PORT eq $pfwtemp[3] &&
168 $PROTOCOL eq $pfwtemp[2] &&
169 $SRC_IP eq $pfwtemp[7])
170 {
171 $errormessage = "$Lang::tr{'source port in use'} $SRC_PORT";
172 }
173 # Check if key2 = 0, if it is then it is a port forward entry and we want the sequence number
174 if ( $pfwtemp[1] eq "0") {
175 $pfwkey1=$pfwtemp[0];
176 }
177 # Darren Critchley - Duplicate or overlapping Port range check
178 if ($pfwtemp[1] eq "0" &&
179 $PROTOCOL eq $pfwtemp[2] &&
180 $SRC_IP eq $pfwtemp[7] &&
181 $errormessage eq '')
182 {
183 &portchecks($SRC_PORT, $pfwtemp[5]);
184 # &portchecks($pfwtemp[3], $pfwtemp[5]);
185 # &portchecks($pfwtemp[3], $SRC_IP);
186 }
187 }
188 }
189 # $errormessage="$KEY2 $SRC_PORT $PROTOCOL $SRC_IP";
190
191 return;
192 }
193
194 sub checkportoverlap
195 {
196 my $portrange1 = $_[0]; # New port range
197 my $portrange2 = $_[1]; # existing port range
198 my @tempr1 = split(/\:/,$portrange1);
199 my @tempr2 = split(/\:/,$portrange2);
200
201 unless (&checkportinc($tempr1[0], $portrange2)){ return 0;}
202 unless (&checkportinc($tempr1[1], $portrange2)){ return 0;}
203
204 unless (&checkportinc($tempr2[0], $portrange1)){ return 0;}
205 unless (&checkportinc($tempr2[1], $portrange1)){ return 0;}
206
207 return 1; # Everything checks out!
208 }
209
210 # Darren Critchley - we want to make sure that a port entry is not within an already existing range
211 sub checkportinc
212 {
213 my $port1 = $_[0]; # Port
214 my $portrange2 = $_[1]; # Port range
215 my @tempr1 = split(/\:/,$portrange2);
216
217 if ($port1 < $tempr1[0] || $port1 > $tempr1[1]) {
218 return 1;
219 } else {
220 return 0;
221 }
222 }
223 # Darren Critchley - Duplicate or overlapping Port range check
224 sub portchecks
225 {
226 my $p1 = $_[0]; # New port range
227 my $p2 = $_[1]; # existing port range
228 # $_ = $_[0];
229 our ($prtrange1, $prtrange2);
230 $prtrange1 = 0;
231 # if (m/:/ && $prtrange1 == 1) { # comparing two port ranges
232 # unless (&checkportoverlap($p1,$p2)) {
233 # $errormessage = "$Lang::tr{'source port overlaps'} $p1";
234 # }
235 # }
236 if (m/:/ && $prtrange1 == 0 && $errormessage eq '') { # compare one port to a range
237 unless (&checkportinc($p2,$p1)) {
238 $errormessage = "$Lang::tr{'srcprt within existing'} $p1";
239 }
240 }
241 $prtrange1 = 1;
242 if (! m/:/ && $prtrange1 == 1 && $errormessage eq '') { # compare one port to a range
243 unless (&checkportinc($p1,$p2)) {
244 $errormessage = "$Lang::tr{'srcprt range overlaps'} $p2";
245 }
246 }
247 return;
248 }
249
250 # Darren Critchley - certain ports are reserved for IPFire
251 # TCP 67,68,81,222,445
252 # UDP 67,68
253 # Params passed in -> port, rangeyn, protocol
254 sub disallowreserved
255 {
256 # port 67 and 68 same for tcp and udp, don't bother putting in an array
257 my $msg = "";
258 my @tcp_reserved = (81,222,445);
259 my $prt = $_[0]; # the port or range
260 my $ryn = $_[1]; # tells us whether or not it is a port range
261 my $prot = $_[2]; # protocol
262 my $srcdst = $_[3]; # source or destination
263 if ($ryn) { # disect port range
264 if ($srcdst eq "src") {
265 $msg = "$Lang::tr{'rsvd src port overlap'}";
266 } else {
267 $msg = "$Lang::tr{'rsvd dst port overlap'}";
268 }
269 my @tmprng = split(/\:/,$prt);
270 unless (67 < $tmprng[0] || 67 > $tmprng[1]) { $errormessage="$msg 67"; return; }
271 unless (68 < $tmprng[0] || 68 > $tmprng[1]) { $errormessage="$msg 68"; return; }
272 if ($prot eq "tcp") {
273 foreach my $prange (@tcp_reserved) {
274 unless ($prange < $tmprng[0] || $prange > $tmprng[1]) { $errormessage="$msg $prange"; return; }
275 }
276 }
277 } else {
278 if ($srcdst eq "src") {
279 $msg = "$Lang::tr{'reserved src port'}";
280 } else {
281 $msg = "$Lang::tr{'reserved dst port'}";
282 }
283 if ($prt == 67) { $errormessage="$msg 67"; return; }
284 if ($prt == 68) { $errormessage="$msg 68"; return; }
285 if ($prot eq "tcp") {
286 foreach my $prange (@tcp_reserved) {
287 if ($prange == $prt) { $errormessage="$msg $prange"; return; }
288 }
289 }
290 }
291 return;
292 }
293
294 sub writeserverconf {
295 my %sovpnsettings = ();
296 &General::readhash("${General::swroot}/ovpn/settings", \%sovpnsettings);
297
298 open(CONF, ">${General::swroot}/ovpn/server.conf") or die "Unable to open ${General::swroot}/ovpn/server.conf: $!";
299 flock CONF, 2;
300 print CONF "#OpenVPN Server conf\n";
301 print CONF "\n";
302 print CONF "daemon openvpnserver\n";
303 print CONF "writepid /var/run/openvpn.pid\n";
304 print CONF "#DAN prepare ZERINA for listening on blue and orange\n";
305 print CONF ";local $sovpnsettings{'VPN_IP'}\n";
306 print CONF "dev $sovpnsettings{'DDEVICE'}\n";
307 print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n";
308 print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
309 print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
310 print CONF "tls-server\n";
311 print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n";
312 print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n";
313 print CONF "key /var/ipfire/ovpn/certs/serverkey.pem\n";
314 print CONF "dh /var/ipfire/ovpn/ca/dh1024.pem\n";
315 my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'});
316 print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n";
317 print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
318 if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
319 print CONF "client-to-client\n";
320 }
321 if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {
322 print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
323 }
324 print CONF "status-version 1\n";
325 print CONF "status /var/log/ovpnserver.log 30\n";
326 print CONF "cipher $sovpnsettings{DCIPHER}\n";
327 if ($sovpnsettings{DCOMPLZO} eq 'on') {
328 print CONF "comp-lzo\n";
329 }
330 if ($sovpnsettings{REDIRECT_GW_DEF1} eq 'on') {
331 print CONF "push \"redirect-gateway def1\"\n";
332 }
333 if ($sovpnsettings{DHCP_DOMAIN} ne '') {
334 print CONF "push \"dhcp-option DOMAIN $sovpnsettings{DHCP_DOMAIN}\"\n";
335 }
336
337 if ($sovpnsettings{DHCP_DNS} ne '') {
338 print CONF "push \"dhcp-option DNS $sovpnsettings{DHCP_DNS}\"\n";
339 }
340
341 if ($sovpnsettings{DHCP_WINS} ne '') {
342 print CONF "push \"dhcp-option WINS $sovpnsettings{DHCP_WINS}\"\n";
343 }
344
345 if ($sovpnsettings{DHCP_WINS} eq '') {
346 print CONF "max-clients 100\n";
347 }
348
349 if ($sovpnsettings{DHCP_WINS} ne '') {
350 print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n";
351 }
352 print CONF "tls-verify /var/ipfire/ovpn/verify\n";
353 print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n";
354 print CONF "user nobody\n";
355 print CONF "group nobody\n";
356 print CONF "persist-key\n";
357 print CONF "persist-tun\n";
358 if ($sovpnsettings{LOG_VERB} ne '') {
359 print CONF "verb $sovpnsettings{LOG_VERB}\n";
360 } else {
361 print CONF "verb 3\n";
362 }
363 print CONF "\n";
364
365 close(CONF);
366 }
367 #
368 sub emptyserverlog{
369 if (open(FILE, ">/var/log/ovpnserver.log")) {
370 flock FILE, 2;
371 print FILE "";
372 close FILE;
373 }
374
375 }
376
377 #hier die refresh page
378 if ( -e "${General::swroot}/ovpn/gencanow") {
379 my $refresh = '';
380 $refresh = "<meta http-equiv='refresh' content='15;' />";
381 &Header::showhttpheaders();
382 &Header::openpage($Lang::tr{'OVPN'}, 1, $refresh);
383 &Header::openbigbox('100%', 'center');
384 &Header::openbox('100%', 'left', "$Lang::tr{'generate root/host certificates'}:");
385 print "<tr>\n<td align='center'><img src='/images/clock.gif' alt='' /></td>\n";
386 print "<td colspan='2'><font color='red'>Please be patient this realy can take some time on older hardware...</font></td></tr>\n";
387 &Header::closebox();
388 &Header::closebigbox();
389 &Header::closepage();
390 exit (0);
391 }
392 ##hier die refresh page
393
394
395 ###
396 ### OpenVPN Server Control
397 ###
398 if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'} ||
399 $cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'} ||
400 $cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}) {
401 #start openvpn server
402 if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'}){
403 &emptyserverlog();
404 system('/usr/local/bin/openvpnctrl', '-s');
405 }
406 #stop openvpn server
407 if ($cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'}){
408 system('/usr/local/bin/openvpnctrl', '-k');
409 &emptyserverlog();
410 }
411 # #restart openvpn server
412 if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){
413 #workarund, till SIGHUP also works when running as nobody
414 system('/usr/local/bin/openvpnctrl', '-r');
415 &emptyserverlog();
416 }
417 }
418
419 ###
420 ### Save Advanced options
421 ###
422
423 if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
424 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
425 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
426 #DAN this value has to leave.
427 #new settings for daemon
428 $vpnsettings{'LOG_VERB'} = $cgiparams{'LOG_VERB'};
429 $vpnsettings{'KEEPALIVE_1'} = $cgiparams{'KEEPALIVE_1'};
430 $vpnsettings{'KEEPALIVE_2'} = $cgiparams{'KEEPALIVE_2'};
431 $vpnsettings{'MAX_CLIENTS'} = $cgiparams{'MAX_CLIENTS'};
432 $vpnsettings{'REDIRECT_GW_DEF1'} = $cgiparams{'REDIRECT_GW_DEF1'};
433 $vpnsettings{'CLIENT2CLIENT'} = $cgiparams{'CLIENT2CLIENT'};
434 $vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'};
435 $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
436 $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
437
438 if ($cgiparams{'DHCP_DOMAIN'} ne ''){
439 unless (&General::validfqdn($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
440 $errormessage = $Lang::tr{'invalid input for dhcp domain'};
441 goto ADV_ERROR;
442 }
443 }
444 if ($cgiparams{'DHCP_DNS'} ne ''){
445 unless (&General::validfqdn($cgiparams{'DHCP_DNS'}) || &General::validip($cgiparams{'DHCP_DNS'})) {
446 $errormessage = $Lang::tr{'invalid input for dhcp dns'};
447 goto ADV_ERROR;
448 }
449 }
450 if ($cgiparams{'DHCP_WINS'} ne ''){
451 unless (&General::validfqdn($cgiparams{'DHCP_WINS'}) || &General::validip($cgiparams{'DHCP_WINS'})) {
452 $errormessage = $Lang::tr{'invalid input for dhcp wins'};
453 goto ADV_ERROR;
454 }
455 }
456 if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 255 )) {
457 $errormessage = $Lang::tr{'invalid input for max clients'};
458 goto ADV_ERROR;
459 }
460 if ($cgiparams{'KEEPALIVE_1'} ne '') {
461 if ($cgiparams{'KEEPALIVE_1'} !~ /^[0-9]+$/) {
462 $errormessage = $Lang::tr{'invalid input for keepalive 1'};
463 goto ADV_ERROR;
464 }
465 }
466 if ($cgiparams{'KEEPALIVE_2'} ne ''){
467 if ($cgiparams{'KEEPALIVE_2'} !~ /^[0-9]+$/) {
468 $errormessage = $Lang::tr{'invalid input for keepalive 2'};
469 goto ADV_ERROR;
470 }
471 }
472 if ($cgiparams{'KEEPALIVE_2'} < ($cgiparams{'KEEPALIVE_1'} * 2)){
473 $errormessage = $Lang::tr{'invalid input for keepalive 1:2'};
474 goto ADV_ERROR;
475 }
476
477 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
478 &writeserverconf();#hier ok
479 }
480
481
482
483
484 ###
485 ### Save main settings
486 ###
487 if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') {
488 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
489 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
490 #DAN this value has to leave.
491 if ($cgiparams{'ENABLED'} eq 'on'){
492 unless (&General::validfqdn($cgiparams{'VPN_IP'}) || &General::validip($cgiparams{'VPN_IP'})) {
493 $errormessage = $Lang::tr{'invalid input for hostname'};
494 goto SETTINGS_ERROR;
495 }
496 }
497 if ($cgiparams{'ENABLED'} eq 'on'){
498 &disallowreserved($cgiparams{'DDEST_PORT'},0,$cgiparams{'DPROTOCOL'},"dest");
499 }
500 if ($errormessage) { goto SETTINGS_ERROR; }
501
502
503 if ($cgiparams{'ENABLED'} eq 'on'){
504 &checkportfw(0,$cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'},'0.0.0.0');
505 }
506
507 if ($errormessage) { goto SETTINGS_ERROR; }
508
509 if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) {
510 $errormessage = $Lang::tr{'ovpn subnet is invalid'};
511 goto SETTINGS_ERROR;
512 }
513 my @tmpovpnsubnet = split("\/",$cgiparams{'DOVPN_SUBNET'});
514
515 if (&General::IpInSubnet ( $netsettings{'RED_ADDRESS'},
516 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
517 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire RED Network $netsettings{'RED_ADDRESS'}";
518 goto SETTINGS_ERROR;
519 }
520
521 if (&General::IpInSubnet ( $netsettings{'GREEN_ADDRESS'},
522 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
523 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Green Network $netsettings{'GREEN_ADDRESS'}";
524 goto SETTINGS_ERROR;
525 }
526
527 if (&General::IpInSubnet ( $netsettings{'BLUE_ADDRESS'},
528 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
529 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Blue Network $netsettings{'BLUE_ADDRESS'}";
530 goto SETTINGS_ERROR;
531 }
532
533 if (&General::IpInSubnet ( $netsettings{'ORANGE_ADDRESS'},
534 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
535 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Orange Network $netsettings{'ORANGE_ADDRESS'}";
536 goto SETTINGS_ERROR;
537 }
538 open(ALIASES, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.';
539 while (<ALIASES>)
540 {
541 chomp($_);
542 my @tempalias = split(/\,/,$_);
543 if ($tempalias[1] eq 'on') {
544 if (&General::IpInSubnet ($tempalias[0] ,
545 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
546 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire alias entry $tempalias[0]";
547 }
548 }
549 }
550 close(ALIASES);
551 if ($errormessage ne ''){
552 goto SETTINGS_ERROR;
553 }
554 if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
555 $errormessage = $Lang::tr{'invalid input'};
556 goto SETTINGS_ERROR;
557 }
558 if ((length($cgiparams{'DMTU'})==0) || (($cgiparams{'DMTU'}) < 1000 )) {
559 $errormessage = $Lang::tr{'invalid mtu input'};
560 goto SETTINGS_ERROR;
561 }
562
563 unless (&General::validport($cgiparams{'DDEST_PORT'})) {
564 $errormessage = $Lang::tr{'invalid port'};
565 goto SETTINGS_ERROR;
566 }
567 $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
568 $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
569 $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
570 $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
571 #new settings for daemon
572 $vpnsettings{'DOVPN_SUBNET'} = $cgiparams{'DOVPN_SUBNET'};
573 $vpnsettings{'DDEVICE'} = $cgiparams{'DDEVICE'};
574 $vpnsettings{'DPROTOCOL'} = $cgiparams{'DPROTOCOL'};
575 $vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'};
576 $vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
577 $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
578 $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
579 #new settings for daemon
580 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
581 &writeserverconf();#hier ok
582 SETTINGS_ERROR:
583 ###
584 ### Reset all step 2
585 ###
586 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reset'} && $cgiparams{'AREUSURE'} eq 'yes') {
587 my $file = '';
588 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
589
590 foreach my $key (keys %confighash) {
591 if ($confighash{$key}[4] eq 'cert') {
592 delete $confighash{$cgiparams{'$key'}};
593 }
594 }
595 while ($file = glob("${General::swroot}/ovpn/ca/*")) {
596 unlink $file
597 }
598 while ($file = glob("${General::swroot}/ovpn/certs/*")) {
599 unlink $file
600 }
601 while ($file = glob("${General::swroot}/ovpn/crls/*")) {
602 unlink $file
603 }
604 &cleanssldatabase();
605 if (open(FILE, ">${General::swroot}/ovpn/caconfig")) {
606 print FILE "";
607 close FILE;
608 }
609 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
610 #&writeserverconf();
611 ###
612 ### Reset all step 1
613 ###
614 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reset'}) {
615 &Header::showhttpheaders();
616 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
617 &Header::openbigbox('100%', 'LEFT', '', '');
618 &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'});
619 print <<END
620 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
621 <tr><td align='center'>
622 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
623 $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}
624 <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' />
625 <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td></tr>
626 </form></table>
627 END
628 ;
629 &Header::closebox();
630 &Header::closebigbox();
631 &Header::closepage();
632 exit (0);
633
634 ###
635 ### Upload CA Certificate
636 ###
637 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload ca certificate'}) {
638 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
639
640 if ($cgiparams{'CA_NAME'} !~ /^[a-zA-Z0-9]+$/) {
641 $errormessage = $Lang::tr{'name must only contain characters'};
642 goto UPLOADCA_ERROR;
643 }
644
645 if (length($cgiparams{'CA_NAME'}) >60) {
646 $errormessage = $Lang::tr{'name too long'};
647 goto VPNCONF_ERROR;
648 }
649
650 if ($cgiparams{'CA_NAME'} eq 'ca') {
651 $errormessage = $Lang::tr{'name is invalid'};
652 goto UPLOAD_CA_ERROR;
653 }
654
655 # Check if there is no other entry with this name
656 foreach my $key (keys %cahash) {
657 if ($cahash{$key}[0] eq $cgiparams{'CA_NAME'}) {
658 $errormessage = $Lang::tr{'a ca certificate with this name already exists'};
659 goto UPLOADCA_ERROR;
660 }
661 }
662
663 if (ref ($cgiparams{'FH'}) ne 'Fh') {
664 $errormessage = $Lang::tr{'there was no file upload'};
665 goto UPLOADCA_ERROR;
666 }
667 # Move uploaded ca to a temporary file
668 (my $fh, my $filename) = tempfile( );
669 if (copy ($cgiparams{'FH'}, $fh) != 1) {
670 $errormessage = $!;
671 goto UPLOADCA_ERROR;
672 }
673 my $temp = `/usr/bin/openssl x509 -text -in $filename`;
674 if ($temp !~ /CA:TRUE/i) {
675 $errormessage = $Lang::tr{'not a valid ca certificate'};
676 unlink ($filename);
677 goto UPLOADCA_ERROR;
678 } else {
679 move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem");
680 if ($? ne 0) {
681 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
682 unlink ($filename);
683 goto UPLOADCA_ERROR;
684 }
685 }
686
687 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem`;
688 $casubject =~ /Subject: (.*)[\n]/;
689 $casubject = $1;
690 $casubject =~ s+/Email+, E+;
691 $casubject =~ s/ ST=/ S=/;
692 $casubject = &Header::cleanhtml($casubject);
693
694 my $key = &General::findhasharraykey (\%cahash);
695 $cahash{$key}[0] = $cgiparams{'CA_NAME'};
696 $cahash{$key}[1] = $casubject;
697 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
698 # system('/usr/local/bin/ipsecctrl', 'R');
699
700 UPLOADCA_ERROR:
701
702 ###
703 ### Display ca certificate
704 ###
705 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show ca certificate'}) {
706 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
707
708 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem") {
709 &Header::showhttpheaders();
710 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
711 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
712 &Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:");
713 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
714 $output = &Header::cleanhtml($output,"y");
715 print "<pre>$output</pre>\n";
716 &Header::closebox();
717 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
718 &Header::closebigbox();
719 &Header::closepage();
720 exit(0);
721 } else {
722 $errormessage = $Lang::tr{'invalid key'};
723 }
724
725 ###
726 ### Download ca certificate
727 ###
728 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download ca certificate'}) {
729 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
730
731 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
732 print "Content-Type: application/octet-stream\r\n";
733 print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
734 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
735 exit(0);
736 } else {
737 $errormessage = $Lang::tr{'invalid key'};
738 }
739
740 ###
741 ### Remove ca certificate (step 2)
742 ###
743 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'} && $cgiparams{'AREUSURE'} eq 'yes') {
744 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
745 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
746
747 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
748 foreach my $key (keys %confighash) {
749 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
750 if ($test =~ /: OK/) {
751 # Delete connection
752 # if ($vpnsettings{'ENABLED'} eq 'on' ||
753 # $vpnsettings{'ENABLED_BLUE'} eq 'on') {
754 # system('/usr/local/bin/ipsecctrl', 'D', $key);
755 # }
756 unlink ("${General::swroot}/ovpn//certs/$confighash{$key}[1]cert.pem");
757 unlink ("${General::swroot}/ovpn/certs/$confighash{$key}[1].p12");
758 delete $confighash{$key};
759 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
760 # &writeipsecfiles();
761 }
762 }
763 unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
764 delete $cahash{$cgiparams{'KEY'}};
765 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
766 # system('/usr/local/bin/ipsecctrl', 'R');
767 } else {
768 $errormessage = $Lang::tr{'invalid key'};
769 }
770 ###
771 ### Remove ca certificate (step 1)
772 ###
773 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'}) {
774 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
775 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
776
777 my $assignedcerts = 0;
778 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
779 foreach my $key (keys %confighash) {
780 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
781 if ($test =~ /: OK/) {
782 $assignedcerts++;
783 }
784 }
785 if ($assignedcerts) {
786 &Header::showhttpheaders();
787 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
788 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
789 &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'});
790 print <<END
791 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
792 <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
793 <tr><td align='center'>
794 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>: $assignedcerts
795 $Lang::tr{'connections are associated with this ca. deleting the ca will delete these connections as well.'}
796 <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
797 <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td></tr>
798 </form></table>
799 END
800 ;
801 &Header::closebox();
802 &Header::closebigbox();
803 &Header::closepage();
804 exit (0);
805 } else {
806 unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
807 delete $cahash{$cgiparams{'KEY'}};
808 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
809 # system('/usr/local/bin/ipsecctrl', 'R');
810 }
811 } else {
812 $errormessage = $Lang::tr{'invalid key'};
813 }
814
815 ###
816 ### Display root certificate
817 ###
818 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} ||
819 $cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
820 my $output;
821 &Header::showhttpheaders();
822 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
823 &Header::openbigbox('100%', 'LEFT', '', '');
824 if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
825 &Header::openbox('100%', 'LEFT', "$Lang::tr{'root certificate'}:");
826 $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
827 } else {
828 &Header::openbox('100%', 'LEFT', "$Lang::tr{'host certificate'}:");
829 $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
830 }
831 $output = &Header::cleanhtml($output,"y");
832 print "<pre>$output</pre>\n";
833 &Header::closebox();
834 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
835 &Header::closebigbox();
836 &Header::closepage();
837 exit(0);
838
839 ###
840 ### Download root certificate
841 ###
842 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download root certificate'}) {
843 if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
844 print "Content-Type: application/octet-stream\r\n";
845 print "Content-Disposition: filename=cacert.pem\r\n\r\n";
846 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/cacert.pem`;
847 exit(0);
848 }
849
850 ###
851 ### Download host certificate
852 ###
853 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download host certificate'}) {
854 if ( -f "${General::swroot}/ovpn/certs/servercert.pem" ) {
855 print "Content-Type: application/octet-stream\r\n";
856 print "Content-Disposition: filename=servercert.pem\r\n\r\n";
857 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem`;
858 exit(0);
859 }
860 ###
861 ### Form for generating a root certificate
862 ###
863 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate root/host certificates'} ||
864 $cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
865
866 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
867 if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
868 $errormessage = $Lang::tr{'valid root certificate already exists'};
869 $cgiparams{'ACTION'} = '';
870 goto ROOTCERT_ERROR;
871 }
872
873 if (($cgiparams{'ROOTCERT_HOSTNAME'} eq '') && -e "${General::swroot}/red/active") {
874 if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
875 my $ipaddr = <IPADDR>;
876 close IPADDR;
877 chomp ($ipaddr);
878 $cgiparams{'ROOTCERT_HOSTNAME'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
879 if ($cgiparams{'ROOTCERT_HOSTNAME'} eq '') {
880 $cgiparams{'ROOTCERT_HOSTNAME'} = $ipaddr;
881 }
882 }
883 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
884
885 if (ref ($cgiparams{'FH'}) ne 'Fh') {
886 $errormessage = $Lang::tr{'there was no file upload'};
887 goto ROOTCERT_ERROR;
888 }
889
890 # Move uploaded certificate request to a temporary file
891 (my $fh, my $filename) = tempfile( );
892 if (copy ($cgiparams{'FH'}, $fh) != 1) {
893 $errormessage = $!;
894 goto ROOTCERT_ERROR;
895 }
896
897 # Create a temporary dirctory
898 my $tempdir = tempdir( CLEANUP => 1 );
899
900 # Extract the CA certificate from the file
901 my $pid = open(OPENSSL, "|-");
902 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
903 if ($pid) { # parent
904 if ($cgiparams{'P12_PASS'} ne '') {
905 print OPENSSL "$cgiparams{'P12_PASS'}\n";
906 }
907 close (OPENSSL);
908 if ($?) {
909 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
910 unlink ($filename);
911 goto ROOTCERT_ERROR;
912 }
913 } else { # child
914 unless (exec ('/usr/bin/openssl', 'pkcs12', '-cacerts', '-nokeys',
915 '-in', $filename,
916 '-out', "$tempdir/cacert.pem")) {
917 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
918 unlink ($filename);
919 goto ROOTCERT_ERROR;
920 }
921 }
922
923 # Extract the Host certificate from the file
924 $pid = open(OPENSSL, "|-");
925 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
926 if ($pid) { # parent
927 if ($cgiparams{'P12_PASS'} ne '') {
928 print OPENSSL "$cgiparams{'P12_PASS'}\n";
929 }
930 close (OPENSSL);
931 if ($?) {
932 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
933 unlink ($filename);
934 goto ROOTCERT_ERROR;
935 }
936 } else { # child
937 unless (exec ('/usr/bin/openssl', 'pkcs12', '-clcerts', '-nokeys',
938 '-in', $filename,
939 '-out', "$tempdir/hostcert.pem")) {
940 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
941 unlink ($filename);
942 goto ROOTCERT_ERROR;
943 }
944 }
945
946 # Extract the Host key from the file
947 $pid = open(OPENSSL, "|-");
948 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
949 if ($pid) { # parent
950 if ($cgiparams{'P12_PASS'} ne '') {
951 print OPENSSL "$cgiparams{'P12_PASS'}\n";
952 }
953 close (OPENSSL);
954 if ($?) {
955 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
956 unlink ($filename);
957 goto ROOTCERT_ERROR;
958 }
959 } else { # child
960 unless (exec ('/usr/bin/openssl', 'pkcs12', '-nocerts',
961 '-nodes',
962 '-in', $filename,
963 '-out', "$tempdir/serverkey.pem")) {
964 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
965 unlink ($filename);
966 goto ROOTCERT_ERROR;
967 }
968 }
969
970 move("$tempdir/cacert.pem", "${General::swroot}/ovpn/ca/cacert.pem");
971 if ($? ne 0) {
972 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
973 unlink ($filename);
974 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
975 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
976 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
977 goto ROOTCERT_ERROR;
978 }
979
980 move("$tempdir/hostcert.pem", "${General::swroot}/ovpn/certs/servercert.pem");
981 if ($? ne 0) {
982 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
983 unlink ($filename);
984 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
985 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
986 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
987 goto ROOTCERT_ERROR;
988 }
989
990 move("$tempdir/serverkey.pem", "${General::swroot}/ovpn/certs/serverkey.pem");
991 if ($? ne 0) {
992 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
993 unlink ($filename);
994 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
995 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
996 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
997 goto ROOTCERT_ERROR;
998 }
999
1000 goto ROOTCERT_SUCCESS;
1001
1002 } elsif ($cgiparams{'ROOTCERT_COUNTRY'} ne '') {
1003
1004 # Validate input since the form was submitted
1005 if ($cgiparams{'ROOTCERT_ORGANIZATION'} eq ''){
1006 $errormessage = $Lang::tr{'organization cant be empty'};
1007 goto ROOTCERT_ERROR;
1008 }
1009 if (length($cgiparams{'ROOTCERT_ORGANIZATION'}) >60) {
1010 $errormessage = $Lang::tr{'organization too long'};
1011 goto ROOTCERT_ERROR;
1012 }
1013 if ($cgiparams{'ROOTCERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1014 $errormessage = $Lang::tr{'invalid input for organization'};
1015 goto ROOTCERT_ERROR;
1016 }
1017 if ($cgiparams{'ROOTCERT_HOSTNAME'} eq ''){
1018 $errormessage = $Lang::tr{'hostname cant be empty'};
1019 goto ROOTCERT_ERROR;
1020 }
1021 unless (&General::validfqdn($cgiparams{'ROOTCERT_HOSTNAME'}) || &General::validip($cgiparams{'ROOTCERT_HOSTNAME'})) {
1022 $errormessage = $Lang::tr{'invalid input for hostname'};
1023 goto ROOTCERT_ERROR;
1024 }
1025 if ($cgiparams{'ROOTCERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'ROOTCERT_EMAIL'}))) {
1026 $errormessage = $Lang::tr{'invalid input for e-mail address'};
1027 goto ROOTCERT_ERROR;
1028 }
1029 if (length($cgiparams{'ROOTCERT_EMAIL'}) > 40) {
1030 $errormessage = $Lang::tr{'e-mail address too long'};
1031 goto ROOTCERT_ERROR;
1032 }
1033 if ($cgiparams{'ROOTCERT_OU'} ne '' && $cgiparams{'ROOTCERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1034 $errormessage = $Lang::tr{'invalid input for department'};
1035 goto ROOTCERT_ERROR;
1036 }
1037 if ($cgiparams{'ROOTCERT_CITY'} ne '' && $cgiparams{'ROOTCERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1038 $errormessage = $Lang::tr{'invalid input for city'};
1039 goto ROOTCERT_ERROR;
1040 }
1041 if ($cgiparams{'ROOTCERT_STATE'} ne '' && $cgiparams{'ROOTCERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1042 $errormessage = $Lang::tr{'invalid input for state or province'};
1043 goto ROOTCERT_ERROR;
1044 }
1045 if ($cgiparams{'ROOTCERT_COUNTRY'} !~ /^[A-Z]*$/) {
1046 $errormessage = $Lang::tr{'invalid input for country'};
1047 goto ROOTCERT_ERROR;
1048 }
1049
1050 # Copy the cgisettings to vpnsettings and save the configfile
1051 $vpnsettings{'ROOTCERT_ORGANIZATION'} = $cgiparams{'ROOTCERT_ORGANIZATION'};
1052 $vpnsettings{'ROOTCERT_HOSTNAME'} = $cgiparams{'ROOTCERT_HOSTNAME'};
1053 $vpnsettings{'ROOTCERT_EMAIL'} = $cgiparams{'ROOTCERT_EMAIL'};
1054 $vpnsettings{'ROOTCERT_OU'} = $cgiparams{'ROOTCERT_OU'};
1055 $vpnsettings{'ROOTCERT_CITY'} = $cgiparams{'ROOTCERT_CITY'};
1056 $vpnsettings{'ROOTCERT_STATE'} = $cgiparams{'ROOTCERT_STATE'};
1057 $vpnsettings{'ROOTCERT_COUNTRY'} = $cgiparams{'ROOTCERT_COUNTRY'};
1058 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
1059
1060 # Replace empty strings with a .
1061 (my $ou = $cgiparams{'ROOTCERT_OU'}) =~ s/^\s*$/\./;
1062 (my $city = $cgiparams{'ROOTCERT_CITY'}) =~ s/^\s*$/\./;
1063 (my $state = $cgiparams{'ROOTCERT_STATE'}) =~ s/^\s*$/\./;
1064
1065 # refresh
1066 #system ('/bin/touch', "${General::swroot}/ovpn/gencanow");
1067
1068 # Create the CA certificate
1069 my $pid = open(OPENSSL, "|-");
1070 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1071 if ($pid) { # parent
1072 print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n";
1073 print OPENSSL "$state\n";
1074 print OPENSSL "$city\n";
1075 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n";
1076 print OPENSSL "$ou\n";
1077 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'} CA\n";
1078 print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n";
1079 close (OPENSSL);
1080 if ($?) {
1081 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1082 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1083 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1084 goto ROOTCERT_ERROR;
1085 }
1086 } else { # child
1087 unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
1088 '-days', '999999', '-newkey', 'rsa:2048',
1089 '-keyout', "${General::swroot}/ovpn/ca/cakey.pem",
1090 '-out', "${General::swroot}/ovpn/ca/cacert.pem",
1091 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
1092 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1093 goto ROOTCERT_ERROR;
1094 }
1095 }
1096
1097 # Create the Host certificate request
1098 $pid = open(OPENSSL, "|-");
1099 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1100 if ($pid) { # parent
1101 print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n";
1102 print OPENSSL "$state\n";
1103 print OPENSSL "$city\n";
1104 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n";
1105 print OPENSSL "$ou\n";
1106 print OPENSSL "$cgiparams{'ROOTCERT_HOSTNAME'}\n";
1107 print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n";
1108 print OPENSSL ".\n";
1109 print OPENSSL ".\n";
1110 close (OPENSSL);
1111 if ($?) {
1112 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1113 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1114 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1115 goto ROOTCERT_ERROR;
1116 }
1117 } else { # child
1118 unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
1119 '-newkey', 'rsa:1024',
1120 '-keyout', "${General::swroot}/ovpn/certs/serverkey.pem",
1121 '-out', "${General::swroot}/ovpn/certs/serverreq.pem",
1122 '-extensions', 'server',
1123 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
1124 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1125 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1126 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1127 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1128 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1129 goto ROOTCERT_ERROR;
1130 }
1131 }
1132
1133 # Sign the host certificate request
1134 system('/usr/bin/openssl', 'ca', '-days', '999999',
1135 '-batch', '-notext',
1136 '-in', "${General::swroot}/ovpn/certs/serverreq.pem",
1137 '-out', "${General::swroot}/ovpn/certs/servercert.pem",
1138 '-extensions', 'server',
1139 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf");
1140 if ($?) {
1141 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1142 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1143 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1144 unlink ("${General::swroot}/ovpn/serverkey.pem");
1145 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1146 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1147 &newcleanssldatabase();
1148 goto ROOTCERT_ERROR;
1149 } else {
1150 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1151 &deletebackupcert();
1152 }
1153
1154 # Create an empty CRL
1155 system('/usr/bin/openssl', 'ca', '-gencrl',
1156 '-out', "${General::swroot}/ovpn/crls/cacrl.pem",
1157 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" );
1158 if ($?) {
1159 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1160 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1161 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1162 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1163 unlink ("${General::swroot}/ovpn/crls/cacrl.pem");
1164 &cleanssldatabase();
1165 goto ROOTCERT_ERROR;
1166 # } else {
1167 # &cleanssldatabase();
1168 }
1169 # Create Diffie Hellmann Parameter
1170 system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache',
1171 '-out', "${General::swroot}/ovpn/ca/dh1024.pem",
1172 '1024' );
1173 if ($?) {
1174 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1175 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1176 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1177 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1178 unlink ("${General::swroot}/ovpn/crls/cacrl.pem");
1179 unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
1180 &cleanssldatabase();
1181 goto ROOTCERT_ERROR;
1182 # } else {
1183 # &cleanssldatabase();
1184 }
1185 goto ROOTCERT_SUCCESS;
1186 }
1187 ROOTCERT_ERROR:
1188 if ($cgiparams{'ACTION'} ne '') {
1189 &Header::showhttpheaders();
1190 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
1191 &Header::openbigbox('100%', 'LEFT', '', '');
1192 if ($errormessage) {
1193 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
1194 print "<class name='base'>$errormessage";
1195 print "&nbsp;</class>";
1196 &Header::closebox();
1197 }
1198 &Header::openbox('100%', 'LEFT', "$Lang::tr{'generate root/host certificates'}:");
1199 print <<END
1200 <form method='post' enctype='multipart/form-data'>
1201 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
1202 <tr><td width='30%' class='base'>$Lang::tr{'organization name'}:</td>
1203 <td width='35%' class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_ORGANIZATION' value='$cgiparams{'ROOTCERT_ORGANIZATION'}' size='32' /></td>
1204 <td width='35%' colspan='2'>&nbsp;</td></tr>
1205 <tr><td class='base'>$Lang::tr{'ipfires hostname'}:</td>
1206 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_HOSTNAME' value='$cgiparams{'ROOTCERT_HOSTNAME'}' size='32' /></td>
1207 <td colspan='2'>&nbsp;</td></tr>
1208 <tr><td class='base'>$Lang::tr{'your e-mail'}:&nbsp;<img src='/blob.gif' alt'*' /></td>
1209 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_EMAIL' value='$cgiparams{'ROOTCERT_EMAIL'}' size='32' /></td>
1210 <td colspan='2'>&nbsp;</td></tr>
1211 <tr><td class='base'>$Lang::tr{'your department'}:&nbsp;<img src='/blob.gif' alt'*' /></td>
1212 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_OU' value='$cgiparams{'ROOTCERT_OU'}' size='32' /></td>
1213 <td colspan='2'>&nbsp;</td></tr>
1214 <tr><td class='base'>$Lang::tr{'city'}:&nbsp;<img src='/blob.gif' alt'*' /></td>
1215 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_CITY' value='$cgiparams{'ROOTCERT_CITY'}' size='32' /></td>
1216 <td colspan='2'>&nbsp;</td></tr>
1217 <tr><td class='base'>$Lang::tr{'state or province'}:&nbsp;<img src='/blob.gif' alt'*' /></td>
1218 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_STATE' value='$cgiparams{'ROOTCERT_STATE'}' size='32' /></td>
1219 <td colspan='2'>&nbsp;</td></tr>
1220 <tr><td class='base'>$Lang::tr{'country'}:</td>
1221 <td class='base'><select name='ROOTCERT_COUNTRY'>
1222
1223 END
1224 ;
1225 foreach my $country (sort keys %{Countries::countries}) {
1226 print "<option value='$Countries::countries{$country}'";
1227 if ( $Countries::countries{$country} eq $cgiparams{'ROOTCERT_COUNTRY'} ) {
1228 print " selected='selected'";
1229 }
1230 print ">$country</option>";
1231 }
1232 print <<END
1233 </select></td>
1234 <td colspan='2'>&nbsp;</td></tr>
1235 <tr><td>&nbsp;</td>
1236 <td><input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' /></td>
1237 <td>&nbsp;</td><td>&nbsp;</td></tr>
1238 <tr><td class='base' colspan='4' align='left'>
1239 <img src='/blob.gif' valign='top' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
1240 <tr><td class='base' colspan='4' align='left'>
1241 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
1242 $Lang::tr{'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient'}
1243 </td></tr>
1244 <tr><td colspan='4' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr>
1245 <tr><td class='base' nowrap='nowrap'>$Lang::tr{'upload p12 file'}:</td>
1246 <td nowrap='nowrap'><input type='file' name='FH' size='32'></td>
1247 <td colspan='2'>&nbsp;</td></tr>
1248 <tr><td class='base'>$Lang::tr{'pkcs12 file password'}:&nbsp;<img src='/blob.gif' alt='*' ></td>
1249 <td class='base' nowrap='nowrap'><input type='password' name='P12_PASS' value='$cgiparams{'P12_PASS'}' size='32' /></td>
1250 <td colspan='2'>&nbsp;</td></tr>
1251 <tr><td>&nbsp;</td>
1252 <td><input type='submit' name='ACTION' value='$Lang::tr{'upload p12 file'}' /></td>
1253 <td colspan='2'>&nbsp;</td></tr>
1254 <tr><td class='base' colspan='4' align='left'>
1255 <img src='/blob.gif' valign='top' al='*' >&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
1256 </form></table>
1257 END
1258 ;
1259 &Header::closebox();
1260
1261 &Header::closebigbox();
1262 &Header::closepage();
1263 exit(0)
1264 }
1265
1266 ROOTCERT_SUCCESS:
1267 system ("chmod 600 ${General::swroot}/ovpn/certs/serverkey.pem");
1268 # if ($vpnsettings{'ENABLED'} eq 'on' ||
1269 # $vpnsettings{'ENABLE_BLUE'} eq 'on') {
1270 # system('/usr/local/bin/ipsecctrl', 'S');
1271 # }
1272
1273 ###
1274 ### Enable/Disable connection
1275 ###
1276 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
1277
1278 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1279 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1280
1281 if ($confighash{$cgiparams{'KEY'}}) {
1282 if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
1283 $confighash{$cgiparams{'KEY'}}[0] = 'on';
1284 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1285 #&writeserverconf();
1286 # if ($vpnsettings{'ENABLED'} eq 'on' ||
1287 # $vpnsettings{'ENABLED_BLUE'} eq 'on') {
1288 # system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
1289 # }
1290 } else {
1291 $confighash{$cgiparams{'KEY'}}[0] = 'off';
1292 # if ($vpnsettings{'ENABLED'} eq 'on' ||
1293 # $vpnsettings{'ENABLED_BLUE'} eq 'on') {
1294 # system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
1295 # }
1296 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1297 #&writeserverconf();
1298 }
1299 } else {
1300 $errormessage = $Lang::tr{'invalid key'};
1301 }
1302
1303 ###
1304 ### Download OpenVPN client package
1305 ###
1306 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'dl client arch'}) {
1307 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1308 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1309 my $file = '';
1310 my $clientovpn = '';
1311 my @fileholder;
1312 my $tempdir = tempdir( CLEANUP => 1 );
1313 my $zippath = "$tempdir/";
1314 my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip";
1315 my $zippathname = "$zippath$zipname";
1316 $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn";
1317 open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
1318 flock CLIENTCONF, 2;
1319
1320 my $zip = Archive::Zip->new();
1321
1322 print CLIENTCONF "#OpenVPN Server conf\r\n";
1323 print CLIENTCONF "tls-client\r\n";
1324 print CLIENTCONF "client\r\n";
1325 print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n";
1326 print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n";
1327 print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n";
1328 if ( $vpnsettings{'ENABLED'} eq 'on'){
1329 print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n";
1330 if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){
1331 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Blue interface\r\n";
1332 print CLIENTCONF ";remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
1333 }
1334 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
1335 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n";
1336 print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
1337 }
1338 } elsif ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){
1339 print CLIENTCONF "remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
1340 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
1341 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n";
1342 print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
1343 }
1344 } elsif ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
1345 print CLIENTCONF "remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
1346 }
1347
1348 if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
1349 print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n";
1350 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
1351 } else {
1352 print CLIENTCONF "ca cacert.pem\r\n";
1353 print CLIENTCONF "cert $confighash{$cgiparams{'KEY'}}[1]cert.pem\r\n";
1354 print CLIENTCONF "key $confighash{$cgiparams{'KEY'}}[1].key\r\n";
1355 $zip->addFile( "${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
1356 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n";
1357 }
1358 print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
1359 if ($vpnsettings{DCOMPLZO} eq 'on') {
1360 print CLIENTCONF "comp-lzo\r\n";
1361 }
1362 print CLIENTCONF "verb 3\r\n";
1363 print CLIENTCONF "ns-cert-type server\r\n";
1364 close(CLIENTCONF);
1365 $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
1366 my $status = $zip->writeToFileNamed($zippathname);
1367
1368 open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!";
1369 @fileholder = <DLFILE>;
1370 print "Content-Type:application/x-download\n";
1371 print "Content-Disposition:attachment;filename=$zipname\n\n";
1372 print @fileholder;
1373 exit (0);
1374
1375 ###
1376 ### Remove connection
1377 ###
1378 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
1379 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1380 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1381
1382 if ($confighash{$cgiparams{'KEY'}}) {
1383 # if ($vpnsettings{'ENABLED'} eq 'on' ||
1384 # $vpnsettings{'ENABLED_BLUE'} eq 'on') {
1385 # system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
1386 # }
1387 #
1388 my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
1389 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
1390 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
1391 delete $confighash{$cgiparams{'KEY'}};
1392 my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
1393 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1394 #&writeserverconf();
1395 } else {
1396 $errormessage = $Lang::tr{'invalid key'};
1397 }
1398 ###
1399 ### Download PKCS12 file
1400 ###
1401 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download pkcs12 file'}) {
1402 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1403
1404 print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . ".p12\r\n";
1405 print "Content-Type: application/octet-stream\r\n\r\n";
1406 print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12`;
1407 exit (0);
1408
1409 ###
1410 ### Display certificate
1411 ###
1412 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show certificate'}) {
1413 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1414
1415 if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
1416 &Header::showhttpheaders();
1417 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
1418 &Header::openbigbox('100%', 'LEFT', '', '');
1419 &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:");
1420 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
1421 $output = &Header::cleanhtml($output,"y");
1422 print "<pre>$output</pre>\n";
1423 &Header::closebox();
1424 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1425 &Header::closebigbox();
1426 &Header::closepage();
1427 exit(0);
1428 }
1429 ###
1430 ### Display Certificate Revoke List
1431 ###
1432 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show crl'}) {
1433 # &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1434
1435 if ( -f "${General::swroot}/ovpn/crls/cacrl.pem") {
1436 &Header::showhttpheaders();
1437 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
1438 &Header::openbigbox('100%', 'LEFT', '', '');
1439 &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
1440 my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`;
1441 $output = &Header::cleanhtml($output,"y");
1442 print "<pre>$output</pre>\n";
1443 &Header::closebox();
1444 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1445 &Header::closebigbox();
1446 &Header::closepage();
1447 exit(0);
1448 }
1449
1450 ###
1451 ### Advanced Server Settings
1452 ###
1453
1454 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'advanced server'}) {
1455 %cgiparams = ();
1456 %cahash = ();
1457 %confighash = ();
1458 &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
1459
1460 # if ($cgiparams{'CLIENT2CLIENT'} eq '') {
1461 # $cgiparams{'CLIENT2CLIENT'} = 'on';
1462 # }
1463 ADV_ERROR:
1464 if ($cgiparams{'MAX_CLIENTS'} eq '') {
1465 $cgiparams{'MAX_CLIENTS'} = '100';
1466 }
1467
1468 if ($cgiparams{'KEEPALIVE_1'} eq '') {
1469 $cgiparams{'KEEPALIVE_1'} = '10';
1470 }
1471 if ($cgiparams{'KEEPALIVE_2'} eq '') {
1472 $cgiparams{'KEEPALIVE_2'} = '60';
1473 }
1474 if ($cgiparams{'LOG_VERB'} eq '') {
1475 $cgiparams{'LOG_VERB'} = '3';
1476 }
1477 $checked{'CLIENT2CLIENT'}{'off'} = '';
1478 $checked{'CLIENT2CLIENT'}{'on'} = '';
1479 $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
1480 $checked{'REDIRECT_GW_DEF1'}{'off'} = '';
1481 $checked{'REDIRECT_GW_DEF1'}{'on'} = '';
1482 $checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED';
1483 $selected{'LOG_VERB'}{'1'} = '';
1484 $selected{'LOG_VERB'}{'2'} = '';
1485 $selected{'LOG_VERB'}{'3'} = '';
1486 $selected{'LOG_VERB'}{'4'} = '';
1487 $selected{'LOG_VERB'}{'5'} = '';
1488 $selected{'LOG_VERB'}{'6'} = '';
1489 $selected{'LOG_VERB'}{'7'} = '';
1490 $selected{'LOG_VERB'}{'8'} = '';
1491 $selected{'LOG_VERB'}{'9'} = '';
1492 $selected{'LOG_VERB'}{'10'} = '';
1493 $selected{'LOG_VERB'}{'11'} = '';
1494 $selected{'LOG_VERB'}{'0'} = '';
1495 $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
1496
1497 &Header::showhttpheaders();
1498 &Header::openpage($Lang::tr{'status ovpn'}, 1, '');
1499 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
1500 if ($errormessage) {
1501 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
1502 print "<class name='base'>$errormessage\n";
1503 print "&nbsp;</class>\n";
1504 &Header::closebox();
1505 }
1506 &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'});
1507 print <<END
1508 <form method='post' enctype='multipart/form-data'>
1509 <table width='100%'>
1510 <tr>
1511 <td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
1512 </tr>
1513 <tr>
1514 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1515 </tr>
1516 <tr>
1517 <td class='base'>Domain</td>
1518 <td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30' /></td>
1519 </tr>
1520 <tr>
1521 <td class='base'>DNS</td>
1522 <td><input type='TEXT' name='DHCP_DNS' value='$cgiparams{'DHCP_DNS'}' size='30' /></td>
1523 </tr>
1524 <tr>
1525 <td class='base'>WINS</td>
1526 <td><input type='TEXT' name='DHCP_WINS' value='$cgiparams{'DHCP_WINS'}' size='30' /></td>
1527 </tr>
1528 </table>
1529 <hr size='1'>
1530 <table width='100%'>
1531 <tr>
1532 <td class'base'><b>$Lang::tr{'misc-options'}</b></td>
1533 </tr>
1534 <tr>
1535 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1536 </tr>
1537 <tr>
1538 <td class='base'>Client-To-Client</td>
1539 <td><input type='checkbox' name='CLIENT2CLIENT' $checked{'CLIENT2CLIENT'}{'on'} /></td>
1540 </tr>
1541 <tr>
1542 <td class='base'>Redirect-Gateway def1</td>
1543 <td><input type='checkbox' name='REDIRECT_GW_DEF1' $checked{'REDIRECT_GW_DEF1'}{'on'} /></td>
1544 </tr>
1545 <tr>
1546 <td class='base'>Max-Clients</td>
1547 <td><input type='text' name='MAX_CLIENTS' value='$cgiparams{'MAX_CLIENTS'}' size='30' /></td>
1548 </tr>
1549 <td class='base'>Keppalive (ping/ping-restart)</td>
1550 <td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='30' /></td>
1551 <td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='30' /></td>
1552 </tr>
1553 </table>
1554 <hr size='1'>
1555 <table width='100%'>
1556 <tr>
1557 <td class'base'><b>$Lang::tr{'log-options'}</b></td>
1558 </tr>
1559 <tr>
1560 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1561 </tr>
1562
1563 <tr><td class='base'>VERB</td>
1564 <td><select name='LOG_VERB'><option value='1' $selected{'LOG_VERB'}{'1'}>1</option>
1565 <option value='2' $selected{'LOG_VERB'}{'2'}>2</option>
1566 <option value='3' $selected{'LOG_VERB'}{'3'}>3</option>
1567 <option value='4' $selected{'LOG_VERB'}{'4'}>4</option>
1568 <option value='5' $selected{'LOG_VERB'}{'5'}>5</option>
1569 <option value='6' $selected{'LOG_VERB'}{'6'}>6</option>
1570 <option value='7' $selected{'LOG_VERB'}{'7'}>7</option>
1571 <option value='8' $selected{'LOG_VERB'}{'8'}>8</option>
1572 <option value='9' $selected{'LOG_VERB'}{'9'}>9</option>
1573 <option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
1574 <option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
1575 <option value='0' $selected{'LOG_VERB'}{'0'}>0</option></select></td>
1576 </table>
1577 <hr size='1'>
1578 <table width='100%'>
1579 <tr>
1580 <td>&nbsp;</td>
1581 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' /></td>
1582 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
1583 <td>&nbsp;</td>
1584 </tr>
1585 </table>
1586 </form>
1587 END
1588 ;
1589
1590 &Header::closebox();
1591 # print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1592 &Header::closebigbox();
1593 &Header::closepage();
1594 exit(0);
1595
1596 ###
1597 ### Openvpn Connections Statistics
1598 ###
1599 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ovpn con stat'}) {
1600 &Header::showhttpheaders();
1601 &Header::openpage($Lang::tr{'ovpn con stat'}, 1, '');
1602 &Header::openbigbox('100%', 'LEFT', '', '');
1603 &Header::openbox('100%', 'LEFT', $Lang::tr{'ovpn con stat'});
1604
1605 #
1606 # <td><b>$Lang::tr{'protocol'}</b></td>
1607 # protocol temp removed
1608 print <<END
1609 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
1610 <tr>
1611 <td><b>$Lang::tr{'common name'}</b></td>
1612 <td><b>$Lang::tr{'real address'}</b></td>
1613 <td><b>$Lang::tr{'virtual address'}</b></td>
1614 <td><b>$Lang::tr{'loged in at'}</b></td>
1615 <td><b>$Lang::tr{'bytes sent'}</b></td>
1616 <td><b>$Lang::tr{'bytes received'}</b></td>
1617 <td><b>$Lang::tr{'last activity'}</b></td>
1618 </tr>
1619 END
1620 ;
1621 my $filename = "/var/log/ovpnserver.log";
1622 open(FILE, $filename) or die 'Unable to open config file.';
1623 my @current = <FILE>;
1624 close(FILE);
1625 my @users =();
1626 my $status;
1627 my $uid = 0;
1628 my $cn;
1629 my @match = ();
1630 my $proto = "udp";
1631 my $address;
1632 my %userlookup = ();
1633 foreach my $line (@current)
1634 {
1635 chomp($line);
1636 if ( $line =~ /^Updated,(.+)/){
1637 @match = split( /^Updated,(.+)/, $line);
1638 $status = $match[1];
1639 }
1640 #gian
1641 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
1642 @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
1643 if ($match[1] ne "Common Name") {
1644 $cn = $match[1];
1645 $userlookup{$match[2]} = $uid;
1646 $users[$uid]{'CommonName'} = $match[1];
1647 $users[$uid]{'RealAddress'} = $match[2];
1648 $users[$uid]{'BytesReceived'} = &sizeformat($match[3]);
1649 $users[$uid]{'BytesSent'} = &sizeformat($match[4]);
1650 $users[$uid]{'Since'} = $match[5];
1651 $users[$uid]{'Proto'} = $proto;
1652 $uid++;
1653 }
1654 }
1655 if ( $line =~ /^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/) {
1656 @match = split(m/^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/, $line);
1657 if ($match[1] ne "Virtual Address") {
1658 $address = $match[3];
1659 #find the uid in the lookup table
1660 $uid = $userlookup{$address};
1661 $users[$uid]{'VirtualAddress'} = $match[1];
1662 $users[$uid]{'LastRef'} = $match[4];
1663 }
1664 }
1665 }
1666 my $user2 = @users;
1667 if ($user2 >= 1){
1668 for (my $idx = 1; $idx <= $user2; $idx++){
1669 if ($idx % 2) {
1670 print "<tr bgcolor='$color{'color20'}'>\n";
1671 } else {
1672 print "<tr bgcolor='$color{'color22'}'>\n";
1673 }
1674 print "<td align='left'>$users[$idx-1]{'CommonName'}</td>";
1675 print "<td align='left'>$users[$idx-1]{'RealAddress'}</td>";
1676 print "<td align='left'>$users[$idx-1]{'VirtualAddress'}</td>";
1677 print "<td align='left'>$users[$idx-1]{'Since'}</td>";
1678 print "<td align='left'>$users[$idx-1]{'BytesSent'}</td>";
1679 print "<td align='left'>$users[$idx-1]{'BytesReceived'}</td>";
1680 print "<td align='left'>$users[$idx-1]{'LastRef'}</td>";
1681 # print "<td align='left'>$users[$idx-1]{'Proto'}</td>";
1682 }
1683 }
1684
1685 print "</table>";
1686 print <<END
1687 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
1688 <tr><td></td></tr>
1689 <tr><td></td></tr>
1690 <tr><td></td></tr>
1691 <tr><td></td></tr>
1692 <tr><td align='center' >$Lang::tr{'the statistics were last updated at'} <b>$status</b></td></tr>
1693 </table>
1694 END
1695 ;
1696 &Header::closebox();
1697 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1698 &Header::closebigbox();
1699 &Header::closepage();
1700 exit(0);
1701
1702 ###
1703 ### Download Certificate
1704 ###
1705 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download certificate'}) {
1706 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1707
1708 if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
1709 print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\r\n";
1710 print "Content-Type: application/octet-stream\r\n\r\n";
1711 print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
1712 exit (0);
1713 }
1714
1715 ###
1716 ### Enable/Disable connection
1717 ###
1718 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
1719
1720 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1721 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1722
1723 if ($confighash{$cgiparams{'KEY'}}) {
1724 if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
1725 $confighash{$cgiparams{'KEY'}}[0] = 'on';
1726 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1727 #&writeserverconf();
1728 # if ($vpnsettings{'ENABLED'} eq 'on' ||
1729 # $vpnsettings{'ENABLED_BLUE'} eq 'on') {
1730 # system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
1731 # }
1732 } else {
1733 $confighash{$cgiparams{'KEY'}}[0] = 'off';
1734 # if ($vpnsettings{'ENABLED'} eq 'on' ||
1735 # $vpnsettings{'ENABLED_BLUE'} eq 'on') {
1736 # system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
1737 # }
1738 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1739 #&writeserverconf();
1740 }
1741 } else {
1742 $errormessage = $Lang::tr{'invalid key'};
1743 }
1744
1745 ###
1746 ### Restart connection
1747 ###
1748 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'restart'}) {
1749 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1750 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1751
1752 if ($confighash{$cgiparams{'KEY'}}) {
1753 # if ($vpnsettings{'ENABLED'} eq 'on' ||
1754 # $vpnsettings{'ENABLED_BLUE'} eq 'on') {
1755 # system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
1756 # }
1757 } else {
1758 $errormessage = $Lang::tr{'invalid key'};
1759 }
1760
1761 ###
1762 ### Remove connection
1763 ###
1764 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
1765 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1766 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1767
1768 if ($confighash{$cgiparams{'KEY'}}) {
1769 # if ($vpnsettings{'ENABLED'} eq 'on' ||
1770 # $vpnsettings{'ENABLED_BLUE'} eq 'on') {
1771 # system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
1772 # }
1773 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
1774 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
1775 delete $confighash{$cgiparams{'KEY'}};
1776 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1777 #&writeserverconf();
1778 } else {
1779 $errormessage = $Lang::tr{'invalid key'};
1780 }
1781 #test33
1782
1783 ###
1784 ### Choose between adding a host-net or net-net connection
1785 ###
1786 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') {
1787 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1788 &Header::showhttpheaders();
1789 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
1790 &Header::openbigbox('100%', 'LEFT', '', '');
1791 &Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'});
1792 print <<END
1793 <b>$Lang::tr{'connection type'}:</b><br />
1794 <table><form method='post'>
1795 <tr><td><input type='radio' name='TYPE' value='host' checked /></td>
1796 <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
1797 <tr><td><input type='radio' name='TYPE' value='net' disabled='disabled' /></td>
1798 <td class='base'>$Lang::tr{'net to net vpn'}</td></tr>
1799 <tr><td align='center' colspan='2'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
1800 </form></table>
1801 END
1802 ;
1803 &Header::closebox();
1804 &Header::closebigbox();
1805 &Header::closepage();
1806 exit (0);
1807 ###
1808 ### Adding a new connection
1809 ###
1810 } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) ||
1811 ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) ||
1812 ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) {
1813
1814 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1815 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1816 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1817
1818 if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
1819 if (! $confighash{$cgiparams{'KEY'}}[0]) {
1820 $errormessage = $Lang::tr{'invalid key'};
1821 goto VPNCONF_END;
1822 }
1823 $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0];
1824 $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1];
1825 $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
1826 $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
1827 $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
1828 $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6];
1829 $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
1830 $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10];
1831 $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
1832 $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25];
1833 $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
1834 #new fields
1835 $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27];
1836 $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28];
1837 $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29];
1838 $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30];
1839 $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31];
1840 #new fields
1841 #ab hiere error uebernehmen
1842 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
1843 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
1844 if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
1845 $errormessage = $Lang::tr{'connection type is invalid'};
1846 goto VPNCONF_ERROR;
1847 }
1848
1849
1850 if ($cgiparams{'NAME'} !~ /^[a-zA-Z0-9]+$/) {
1851 $errormessage = $Lang::tr{'name must only contain characters'};
1852 goto VPNCONF_ERROR;
1853 }
1854
1855 if ($cgiparams{'NAME'} =~ /^(host|01|block|private|clear|packetdefault)$/) {
1856 $errormessage = $Lang::tr{'name is invalid'};
1857 goto VPNCONF_ERROR;
1858 }
1859
1860 if (length($cgiparams{'NAME'}) >60) {
1861 $errormessage = $Lang::tr{'name too long'};
1862 goto VPNCONF_ERROR;
1863 }
1864
1865 # if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
1866 # $errormessage = $Lang::tr{'ipfire side is invalid'};
1867 # goto VPNCONF_ERROR;
1868 # }
1869
1870 # Check if there is no other entry with this name
1871 if (! $cgiparams{'KEY'}) {
1872 foreach my $key (keys %confighash) {
1873 if ($confighash{$key}[1] eq $cgiparams{'NAME'}) {
1874 $errormessage = $Lang::tr{'a connection with this name already exists'};
1875 goto VPNCONF_ERROR;
1876 }
1877 }
1878 }
1879
1880 if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) {
1881 $errormessage = $Lang::tr{'invalid input for remote host/ip'};
1882 goto VPNCONF_ERROR;
1883 }
1884
1885 if ($cgiparams{'REMOTE'}) {
1886 if (! &General::validip($cgiparams{'REMOTE'})) {
1887 if (! &General::validfqdn ($cgiparams{'REMOTE'})) {
1888 $errormessage = $Lang::tr{'invalid input for remote host/ip'};
1889 goto VPNCONF_ERROR;
1890 } else {
1891 if (&valid_dns_host($cgiparams{'REMOTE'})) {
1892 $warnmessage = "$Lang::tr{'check vpn lr'} $cgiparams{'REMOTE'}. $Lang::tr{'dns check failed'}";
1893 }
1894 }
1895 }
1896 }
1897 if ($cgiparams{'TYPE'} ne 'host') {
1898 unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) {
1899 $errormessage = $Lang::tr{'local subnet is invalid'};
1900 goto VPNCONF_ERROR;}
1901 }
1902 # Check if there is no other entry without IP-address and PSK
1903 if ($cgiparams{'REMOTE'} eq '') {
1904 foreach my $key (keys %confighash) {
1905 if(($cgiparams{'KEY'} ne $key) &&
1906 ($confighash{$key}[4] eq 'psk' || $cgiparams{'AUTH'} eq 'psk') &&
1907 $confighash{$key}[10] eq '') {
1908 $errormessage = $Lang::tr{'you can only define one roadwarrior connection when using pre-shared key authentication'};
1909 goto VPNCONF_ERROR;
1910 }
1911 }
1912 }
1913 if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) {
1914 $errormessage = $Lang::tr{'remote subnet is invalid'};
1915 goto VPNCONF_ERROR;
1916 }
1917
1918 if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
1919 $errormessage = $Lang::tr{'invalid input'};
1920 goto VPNCONF_ERROR;
1921 }
1922 if ($cgiparams{'EDIT_ADVANCED'} !~ /^(on|off)$/) {
1923 $errormessage = $Lang::tr{'invalid input'};
1924 goto VPNCONF_ERROR;
1925 }
1926
1927 #fixplausi
1928 if ($cgiparams{'AUTH'} eq 'psk') {
1929 # if (! length($cgiparams{'PSK'}) ) {
1930 # $errormessage = $Lang::tr{'pre-shared key is too short'};
1931 # goto VPNCONF_ERROR;
1932 # }
1933 # if ($cgiparams{'PSK'} =~ /['",&]/) {
1934 # $errormessage = $Lang::tr{'invalid characters found in pre-shared key'};
1935 # goto VPNCONF_ERROR;
1936 # }
1937 } elsif ($cgiparams{'AUTH'} eq 'certreq') {
1938 if ($cgiparams{'KEY'}) {
1939 $errormessage = $Lang::tr{'cant change certificates'};
1940 goto VPNCONF_ERROR;
1941 }
1942 if (ref ($cgiparams{'FH'}) ne 'Fh') {
1943 $errormessage = $Lang::tr{'there was no file upload'};
1944 goto VPNCONF_ERROR;
1945 }
1946
1947 # Move uploaded certificate request to a temporary file
1948 (my $fh, my $filename) = tempfile( );
1949 if (copy ($cgiparams{'FH'}, $fh) != 1) {
1950 $errormessage = $!;
1951 goto VPNCONF_ERROR;
1952 }
1953
1954 # Sign the certificate request and move it
1955 # Sign the host certificate request
1956 system('/usr/bin/openssl', 'ca', '-days', '999999',
1957 '-batch', '-notext',
1958 '-in', $filename,
1959 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
1960 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf");
1961 if ($?) {
1962 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1963 unlink ($filename);
1964 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
1965 &newcleanssldatabase();
1966 goto VPNCONF_ERROR;
1967 } else {
1968 unlink ($filename);
1969 &deletebackupcert();
1970 }
1971
1972 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
1973 $temp =~ /Subject:.*CN=(.*)[\n]/;
1974 $temp = $1;
1975 $temp =~ s+/Email+, E+;
1976 $temp =~ s/ ST=/ S=/;
1977 $cgiparams{'CERT_NAME'} = $temp;
1978 $cgiparams{'CERT_NAME'} =~ s/,//g;
1979 $cgiparams{'CERT_NAME'} =~ s/\'//g;
1980 if ($cgiparams{'CERT_NAME'} eq '') {
1981 $errormessage = $Lang::tr{'could not retrieve common name from certificate'};
1982 goto VPNCONF_ERROR;
1983 }
1984 } elsif ($cgiparams{'AUTH'} eq 'certfile') {
1985 if ($cgiparams{'KEY'}) {
1986 $errormessage = $Lang::tr{'cant change certificates'};
1987 goto VPNCONF_ERROR;
1988 }
1989 if (ref ($cgiparams{'FH'}) ne 'Fh') {
1990 $errormessage = $Lang::tr{'there was no file upload'};
1991 goto VPNCONF_ERROR;
1992 }
1993 # Move uploaded certificate to a temporary file
1994 (my $fh, my $filename) = tempfile( );
1995 if (copy ($cgiparams{'FH'}, $fh) != 1) {
1996 $errormessage = $!;
1997 goto VPNCONF_ERROR;
1998 }
1999
2000 # Verify the certificate has a valid CA and move it
2001 my $validca = 0;
2002 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/cacert.pem $filename`;
2003 if ($test =~ /: OK/) {
2004 $validca = 1;
2005 } else {
2006 foreach my $key (keys %cahash) {
2007 $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem $filename`;
2008 if ($test =~ /: OK/) {
2009 $validca = 1;
2010 }
2011 }
2012 }
2013 if (! $validca) {
2014 $errormessage = $Lang::tr{'certificate does not have a valid ca associated with it'};
2015 unlink ($filename);
2016 goto VPNCONF_ERROR;
2017 } else {
2018 move($filename, "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
2019 if ($? ne 0) {
2020 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
2021 unlink ($filename);
2022 goto VPNCONF_ERROR;
2023 }
2024 }
2025
2026 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
2027 $temp =~ /Subject:.*CN=(.*)[\n]/;
2028 $temp = $1;
2029 $temp =~ s+/Email+, E+;
2030 $temp =~ s/ ST=/ S=/;
2031 $cgiparams{'CERT_NAME'} = $temp;
2032 $cgiparams{'CERT_NAME'} =~ s/,//g;
2033 $cgiparams{'CERT_NAME'} =~ s/\'//g;
2034 if ($cgiparams{'CERT_NAME'} eq '') {
2035 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
2036 $errormessage = $Lang::tr{'could not retrieve common name from certificate'};
2037 goto VPNCONF_ERROR;
2038 }
2039 } elsif ($cgiparams{'AUTH'} eq 'certgen') {
2040 if ($cgiparams{'KEY'}) {
2041 $errormessage = $Lang::tr{'cant change certificates'};
2042 goto VPNCONF_ERROR;
2043 }
2044 # Validate input since the form was submitted
2045 if (length($cgiparams{'CERT_NAME'}) >60) {
2046 $errormessage = $Lang::tr{'name too long'};
2047 goto VPNCONF_ERROR;
2048 }
2049 if ($cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
2050 $errormessage = $Lang::tr{'invalid input for name'};
2051 goto VPNCONF_ERROR;
2052 }
2053 if ($cgiparams{'CERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'CERT_EMAIL'}))) {
2054 $errormessage = $Lang::tr{'invalid input for e-mail address'};
2055 goto VPNCONF_ERROR;
2056 }
2057 if (length($cgiparams{'CERT_EMAIL'}) > 40) {
2058 $errormessage = $Lang::tr{'e-mail address too long'};
2059 goto VPNCONF_ERROR;
2060 }
2061 if ($cgiparams{'CERT_OU'} ne '' && $cgiparams{'CERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
2062 $errormessage = $Lang::tr{'invalid input for department'};
2063 goto VPNCONF_ERROR;
2064 }
2065 if (length($cgiparams{'CERT_ORGANIZATION'}) >60) {
2066 $errormessage = $Lang::tr{'organization too long'};
2067 goto VPNCONF_ERROR;
2068 }
2069 if ($cgiparams{'CERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
2070 $errormessage = $Lang::tr{'invalid input for organization'};
2071 goto VPNCONF_ERROR;
2072 }
2073 if ($cgiparams{'CERT_CITY'} ne '' && $cgiparams{'CERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
2074 $errormessage = $Lang::tr{'invalid input for city'};
2075 goto VPNCONF_ERROR;
2076 }
2077 if ($cgiparams{'CERT_STATE'} ne '' && $cgiparams{'CERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
2078 $errormessage = $Lang::tr{'invalid input for state or province'};
2079 goto VPNCONF_ERROR;
2080 }
2081 if ($cgiparams{'CERT_COUNTRY'} !~ /^[A-Z]*$/) {
2082 $errormessage = $Lang::tr{'invalid input for country'};
2083 goto VPNCONF_ERROR;
2084 }
2085 if ($cgiparams{'CERT_PASS1'} ne '' && $cgiparams{'CERT_PASS2'} ne ''){
2086 if (length($cgiparams{'CERT_PASS1'}) < 5) {
2087 $errormessage = $Lang::tr{'password too short'};
2088 goto VPNCONF_ERROR;
2089 }
2090 }
2091 if ($cgiparams{'CERT_PASS1'} ne $cgiparams{'CERT_PASS2'}) {
2092 $errormessage = $Lang::tr{'passwords do not match'};
2093 goto VPNCONF_ERROR;
2094 }
2095
2096 # Replace empty strings with a .
2097 (my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./;
2098 (my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./;
2099 (my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/\./;
2100
2101 # Create the Host certificate request client
2102 my $pid = open(OPENSSL, "|-");
2103 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto VPNCONF_ERROR;};
2104 if ($pid) { # parent
2105 print OPENSSL "$cgiparams{'CERT_COUNTRY'}\n";
2106 print OPENSSL "$state\n";
2107 print OPENSSL "$city\n";
2108 print OPENSSL "$cgiparams{'CERT_ORGANIZATION'}\n";
2109 print OPENSSL "$ou\n";
2110 print OPENSSL "$cgiparams{'CERT_NAME'}\n";
2111 print OPENSSL "$cgiparams{'CERT_EMAIL'}\n";
2112 print OPENSSL ".\n";
2113 print OPENSSL ".\n";
2114 close (OPENSSL);
2115 if ($?) {
2116 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
2117 unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}key.pem");
2118 unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}req.pem");
2119 goto VPNCONF_ERROR;
2120 }
2121 } else { # child
2122 unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
2123 '-newkey', 'rsa:1024',
2124 '-keyout', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
2125 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
2126 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
2127 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
2128 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
2129 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
2130 goto VPNCONF_ERROR;
2131 }
2132 }
2133
2134 # Sign the host certificate request
2135 system('/usr/bin/openssl', 'ca', '-days', '999999',
2136 '-batch', '-notext',
2137 '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
2138 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
2139 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf");
2140 if ($?) {
2141 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
2142 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
2143 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
2144 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
2145 &newcleanssldatabase();
2146 goto VPNCONF_ERROR;
2147 } else {
2148 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
2149 &deletebackupcert();
2150 }
2151
2152 # Create the pkcs12 file
2153 system('/usr/bin/openssl', 'pkcs12', '-export',
2154 '-inkey', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
2155 '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
2156 '-name', $cgiparams{'NAME'},
2157 '-passout', "pass:$cgiparams{'CERT_PASS1'}",
2158 '-certfile', "${General::swroot}/ovpn/ca/cacert.pem",
2159 '-caname', "$vpnsettings{'ROOTCERT_ORGANIZATION'} CA",
2160 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12");
2161 if ($?) {
2162 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
2163 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
2164 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
2165 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12");
2166 goto VPNCONF_ERROR;
2167 } else {
2168 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
2169 }
2170 } elsif ($cgiparams{'AUTH'} eq 'cert') {
2171 ;# Nothing, just editing
2172 } else {
2173 $errormessage = $Lang::tr{'invalid input for authentication method'};
2174 goto VPNCONF_ERROR;
2175 }
2176
2177 # Check if there is no other entry with this common name
2178 if ((! $cgiparams{'KEY'}) && ($cgiparams{'AUTH'} ne 'psk')) {
2179 foreach my $key (keys %confighash) {
2180 if ($confighash{$key}[2] eq $cgiparams{'CERT_NAME'}) {
2181 $errormessage = $Lang::tr{'a connection with this common name already exists'};
2182 goto VPNCONF_ERROR;
2183 }
2184 }
2185 }
2186
2187 # Save the config
2188 my $key = $cgiparams{'KEY'};
2189 if (! $key) {
2190 $key = &General::findhasharraykey (\%confighash);
2191 foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
2192 }
2193 $confighash{$key}[0] = $cgiparams{'ENABLED'};
2194 $confighash{$key}[1] = $cgiparams{'NAME'};
2195 if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') {
2196 $confighash{$key}[2] = $cgiparams{'CERT_NAME'};
2197 }
2198 $confighash{$key}[3] = $cgiparams{'TYPE'};
2199 if ($cgiparams{'AUTH'} eq 'psk') {
2200 $confighash{$key}[4] = 'psk';
2201 $confighash{$key}[5] = $cgiparams{'PSK'};
2202 } else {
2203 $confighash{$key}[4] = 'cert';
2204 }
2205 if ($cgiparams{'TYPE'} eq 'net') {
2206 $confighash{$key}[6] = $cgiparams{'SIDE'};
2207 $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
2208 }
2209 $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
2210 $confighash{$key}[10] = $cgiparams{'REMOTE'};
2211 $confighash{$key}[25] = $cgiparams{'REMARK'};
2212 $confighash{$key}[26] = $cgiparams{'INTERFACE'};
2213 # new fields
2214 $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'};
2215 $confighash{$key}[28] = $cgiparams{'PROTOCOL'};
2216 $confighash{$key}[29] = $cgiparams{'DEST_PORT'};
2217 $confighash{$key}[30] = $cgiparams{'COMPLZO'};
2218 $confighash{$key}[31] = $cgiparams{'MTU'};
2219 # new fileds
2220 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2221 if ($cgiparams{'EDIT_ADVANCED'} eq 'on') {
2222 $cgiparams{'KEY'} = $key;
2223 $cgiparams{'ACTION'} = $Lang::tr{'advanced'};
2224 }
2225 goto VPNCONF_END;
2226 } else {
2227 $cgiparams{'ENABLED'} = 'on';
2228 $cgiparams{'SIDE'} = 'left';
2229 if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) {
2230 $cgiparams{'AUTH'} = 'psk';
2231 } elsif ( ! -f "${General::swroot}/ovpn/ca/cacert.pem") {
2232 $cgiparams{'AUTH'} = 'certfile';
2233 } else {
2234 $cgiparams{'AUTH'} = 'certgen';
2235 }
2236 $cgiparams{'LOCAL_SUBNET'} ="$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
2237 $cgiparams{'CERT_ORGANIZATION'} = $vpnsettings{'ROOTCERT_ORGANIZATION'};
2238 $cgiparams{'CERT_CITY'} = $vpnsettings{'ROOTCERT_CITY'};
2239 $cgiparams{'CERT_STATE'} = $vpnsettings{'ROOTCERT_STATE'};
2240 $cgiparams{'CERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'};
2241 }
2242
2243 VPNCONF_ERROR:
2244 $checked{'ENABLED'}{'off'} = '';
2245 $checked{'ENABLED'}{'on'} = '';
2246 $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
2247 $checked{'ENABLED_BLUE'}{'off'} = '';
2248 $checked{'ENABLED_BLUE'}{'on'} = '';
2249 $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED';
2250 $checked{'ENABLED_ORANGE'}{'off'} = '';
2251 $checked{'ENABLED_ORANGE'}{'on'} = '';
2252 $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
2253
2254
2255 $checked{'EDIT_ADVANCED'}{'off'} = '';
2256 $checked{'EDIT_ADVANCED'}{'on'} = '';
2257 $checked{'EDIT_ADVANCED'}{$cgiparams{'EDIT_ADVANCED'}} = 'CHECKED';
2258
2259 $selected{'SIDE'}{'server'} = '';
2260 $selected{'SIDE'}{'client'} = '';
2261 $selected{'SIDE'}{$cgiparams{'SIDE'}} = 'SELECTED';
2262
2263 $checked{'AUTH'}{'psk'} = '';
2264 $checked{'AUTH'}{'certreq'} = '';
2265 $checked{'AUTH'}{'certgen'} = '';
2266 $checked{'AUTH'}{'certfile'} = '';
2267 $checked{'AUTH'}{$cgiparams{'AUTH'}} = 'CHECKED';
2268
2269 $selected{'INTERFACE'}{$cgiparams{'INTERFACE'}} = 'SELECTED';
2270
2271 $checked{'COMPLZO'}{'off'} = '';
2272 $checked{'COMPLZO'}{'on'} = '';
2273 $checked{'COMPLZO'}{$cgiparams{'COMPLZO'}} = 'CHECKED';
2274
2275
2276 if (1) {
2277 &Header::showhttpheaders();
2278 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
2279 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
2280 if ($errormessage) {
2281 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2282 print "<class name='base'>$errormessage";
2283 print "&nbsp;</class>";
2284 &Header::closebox();
2285 }
2286
2287 if ($warnmessage) {
2288 &Header::openbox('100%', 'LEFT', "$Lang::tr{'warning messages'}:");
2289 print "<class name='base'>$warnmessage";
2290 print "&nbsp;</class>";
2291 &Header::closebox();
2292 }
2293
2294 print "<form method='post' enctype='multipart/form-data'>";
2295 print "<input type='hidden' name='TYPE' value='$cgiparams{'TYPE'}' />";
2296
2297 if ($cgiparams{'KEY'}) {
2298 print "<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />";
2299 print "<input type='hidden' name='AUTH' value='$cgiparams{'AUTH'}' />";
2300 }
2301
2302 &Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:");
2303 print "<table width='100%'>\n";
2304 print "<tr><td width='25%' class='boldbase'>$Lang::tr{'name'}:</td>";
2305 if ($cgiparams{'TYPE'} eq 'host') {
2306 if ($cgiparams{'KEY'}) {
2307 print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>\n";
2308 } else {
2309 print "<td width='35%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' size='30' /></td>";
2310 }
2311 # print "<tr><td>$Lang::tr{'interface'}</td>";
2312 # print "<td><select name='INTERFACE'>";
2313 # print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED</option>";
2314 # if ($netsettings{'BLUE_DEV'} ne '') {
2315 # print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE</option>";
2316 # }
2317 # print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN</option>";
2318 # print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>";
2319 # print "</select></td></tr>";
2320 # print <<END
2321 } else {
2322 print "<input type='hidden' name='INTERFACE' value='red' />";
2323 if ($cgiparams{'KEY'}) {
2324 print "<td width='25%' class='base' nowrap='nowrap'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
2325 } else {
2326 print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>";
2327 }
2328 print <<END
2329 <td width='25%'>&nbsp;</td>
2330 <td width='25%'>&nbsp;</td></tr>
2331 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td>
2332 <td><select name='SIDE'><option value='server' $selected{'SIDE'}{'server'}>OpenVPN Server</option>
2333 <option value='client' $selected{'SIDE'}{'client'}>OpenVPN Client</option></select></td>
2334 <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
2335 <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td></tr>
2336 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
2337 <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td>
2338 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td>
2339 <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td></tr>
2340 ttt
2341 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td>
2342 <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td></tr>
2343 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
2344 <td><select name='PROTOCOL'><option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
2345 <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>
2346 <td class='boldbase'>$Lang::tr{'destination port'}:</td>
2347 <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td></tr>
2348 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
2349 <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>
2350 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;<img src='/blob.gif' /></td>
2351 <td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></TD>
2352
2353
2354 END
2355 ;
2356 }
2357 print "<tr><td class='boldbase'>$Lang::tr{'remark title'}&nbsp;<img src='/blob.gif' /></td>";
2358 print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr>";
2359
2360 # if ($cgiparams{'TYPE'} eq 'net') {
2361 print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>\n";
2362
2363 # if ($cgiparams{'KEY'}) {
2364 # print "<td colspan='3'>&nbsp;</td></tr></table>";
2365 # } else {
2366 # print "<td colspan='3'><input type='checkbox' name='EDIT_ADVANCED' $checked{'EDIT_ADVANCED'}{'on'} /> $Lang::tr{'edit advanced settings when done'}</tr></table>";
2367 # }
2368 # }else{
2369 print "<td colspan='3'>&nbsp;</td></tr></table>";
2370 # }
2371
2372
2373
2374 &Header::closebox();
2375
2376 if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') {
2377 # &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'});
2378 # print <<END
2379 # <table width='100%' cellpadding='0' cellspacing='5' border='0'>
2380 # <tr><td class='base' width='50%'>$Lang::tr{'use a pre-shared key'}</td>
2381 # <td class='base' width='50%'><input type='text' name='PSK' size='30' value='$cgiparams{'PSK'}' /></td></tr>
2382 # </table>
2383 END
2384 # ;
2385 # &Header::closebox();
2386 } elsif (! $cgiparams{'KEY'}) {
2387 my $disabled='';
2388 my $cakeydisabled='';
2389 my $cacrtdisabled='';
2390 if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" };
2391 if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" };
2392 &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'});
2393 print <<END
2394 <table width='100%' cellpadding='0' cellspacing='5' border='0'>
2395 <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr>
2396 <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td>
2397 <td class='base'>$Lang::tr{'upload a certificate request'}</td>
2398 <td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr>
2399 <tr><td><input type='radio' name='AUTH' value='certfile' $checked{'AUTH'}{'certfile'} $cacrtdisabled /></td>
2400 <td class='base'>$Lang::tr{'upload a certificate'}</td></tr>
2401 <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' BORDER='0' /></td></tr>
2402 <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td>
2403 <td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
2404 <tr><td>&nbsp;</td>
2405 <td class='base'>$Lang::tr{'users fullname or system hostname'}:</td>
2406 <td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
2407 <tr><td>&nbsp;</td>
2408 <td class='base'>$Lang::tr{'users email'}:&nbsp;<img src='/blob.gif' /></td>
2409 <td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
2410 <tr><td>&nbsp;</td>
2411 <td class='base'>$Lang::tr{'users department'}:&nbsp;<img src='/blob.gif' /></td>
2412 <td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
2413 <tr><td>&nbsp;</td>
2414 <td class='base'>$Lang::tr{'organization name'}:&nbsp;<img src='/blob.gif' /></td>
2415 <td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
2416 <tr><td>&nbsp;</td>
2417 <td class='base'>$Lang::tr{'city'}:&nbsp;<img src='/blob.gif'></td>
2418 <td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
2419 <tr><td>&nbsp;</td>
2420 <td class='base'>$Lang::tr{'state or province'}:&nbsp;<img src='/blob.gif' /></td>
2421 <td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
2422 <tr><td>&nbsp;</td>
2423 <td class='base'>$Lang::tr{'country'}:</td>
2424 <td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
2425 END
2426
2427 ;
2428 foreach my $country (sort keys %{Countries::countries}) {
2429 print "<option value='$Countries::countries{$country}'";
2430 if ( $Countries::countries{$country} eq $cgiparams{'CERT_COUNTRY'} ) {
2431 print " selected='selected'";
2432 }
2433 print ">$country</option>";
2434 }
2435 print <<END
2436 </select></td></tr>
2437 <tr><td>&nbsp;</td>
2438 <td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
2439 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value='$cgiparams{'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr>
2440 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'pkcs12 file password'}:<BR>($Lang::tr{'confirmation'})</td>
2441 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr>
2442 </table>
2443 END
2444 ;
2445 &Header::closebox();
2446 }
2447
2448 print "<div align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
2449 if ($cgiparams{'KEY'}) {
2450 # print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced'}' />";
2451 }
2452 print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>";
2453 &Header::closebigbox();
2454 &Header::closepage();
2455 exit (0);
2456 }
2457 VPNCONF_END:
2458 }
2459
2460 # SETTINGS_ERROR:
2461 ###
2462 ### Default status page
2463 ###
2464 %cgiparams = ();
2465 %cahash = ();
2466 %confighash = ();
2467 &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
2468 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
2469 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2470
2471 my @status = `/bin/cat /var/log/ovpnserver.log`;
2472
2473 if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
2474 if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
2475 my $ipaddr = <IPADDR>;
2476 close IPADDR;
2477 chomp ($ipaddr);
2478 $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
2479 if ($cgiparams{'VPN_IP'} eq '') {
2480 $cgiparams{'VPN_IP'} = $ipaddr;
2481 }
2482 }
2483 }
2484
2485 #default setzen
2486 if ($cgiparams{'DCIPHER'} eq '') {
2487 $cgiparams{'DCIPHER'} = 'BF-CBC';
2488 }
2489 # if ($cgiparams{'DCOMPLZO'} eq '') {
2490 # $cgiparams{'DCOMPLZO'} = 'on';
2491 # }
2492 if ($cgiparams{'DDEST_PORT'} eq '') {
2493 $cgiparams{'DDEST_PORT'} = '1194';
2494 }
2495 if ($cgiparams{'DMTU'} eq '') {
2496 $cgiparams{'DMTU'} = '1400';
2497 }
2498 if ($cgiparams{'DOVPN_SUBNET'} eq '') {
2499 $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
2500 }
2501
2502 $checked{'ENABLED'}{'off'} = '';
2503 $checked{'ENABLED'}{'on'} = '';
2504 $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
2505 $checked{'ENABLED_BLUE'}{'off'} = '';
2506 $checked{'ENABLED_BLUE'}{'on'} = '';
2507 $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED';
2508 $checked{'ENABLED_ORANGE'}{'off'} = '';
2509 $checked{'ENABLED_ORANGE'}{'on'} = '';
2510 $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
2511
2512
2513 #new settings
2514 $selected{'DDEVICE'}{'tun'} = '';
2515 $selected{'DDEVICE'}{'tap'} = '';
2516 $selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED';
2517
2518 $selected{'DPROTOCOL'}{'udp'} = '';
2519 $selected{'DPROTOCOL'}{'tcp'} = '';
2520 $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
2521
2522 $selected{'DCIPHER'}{'DES-CBC'} = '';
2523 $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
2524 $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
2525 $selected{'DCIPHER'}{'DESX-CBC'} = '';
2526 $selected{'DCIPHER'}{'RC2-CBC'} = '';
2527 $selected{'DCIPHER'}{'RC2-40-CBC'} = '';
2528 $selected{'DCIPHER'}{'RC2-64-CBC'} = '';
2529 $selected{'DCIPHER'}{'BF-CBC'} = '';
2530 $selected{'DCIPHER'}{'CAST5-CBC'} = '';
2531 $selected{'DCIPHER'}{'AES-128-CBC'} = '';
2532 $selected{'DCIPHER'}{'AES-192-CBC'} = '';
2533 $selected{'DCIPHER'}{'AES-256-CBC'} = '';
2534 $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
2535 $checked{'DCOMPLZO'}{'off'} = '';
2536 $checked{'DCOMPLZO'}{'on'} = '';
2537 $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
2538
2539 #new settings
2540 &Header::showhttpheaders();
2541 &Header::openpage($Lang::tr{'status ovpn'}, 1, '');
2542 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
2543
2544 if ($errormessage) {
2545 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2546 print "<class name='base'>$errormessage\n";
2547 print "&nbsp;</class>\n";
2548 &Header::closebox();
2549 }
2550
2551 my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
2552 my $srunning = "no";
2553 my $activeonrun = "";
2554 if ( -e "/var/run/openvpn.pid"){
2555 $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'running'}</font></b></td></tr></table>";
2556 $srunning ="yes";
2557 $activeonrun = "";
2558 } else {
2559 $activeonrun = "disabled='disabled'";
2560 }
2561 &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'});
2562 print "<div align='center'><strong>ZERINA-0.9.4i</strong></div>";
2563 print <<END
2564 <table width='100%'>
2565 <form method='post'>
2566 <td width='25%'>&nbsp;</td>
2567 <td width='25%'>&nbsp;</td>
2568 <td width='25%'>&nbsp;</td></tr>
2569 <tr><td class='boldbase'>$Lang::tr{'ovpn server status'}</td>
2570 <td align='left'>$sactive</td>
2571 <tr><td class='boldbase'>$Lang::tr{'ovpn on red'}</td>
2572 <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
2573 END
2574 ;
2575 if (&haveBlueNet()) {
2576 print "<tr><td class='boldbase'>$Lang::tr{'ovpn on blue'}</td>";
2577 print "<td><input type='checkbox' name='ENABLED_BLUE' $checked{'ENABLED_BLUE'}{'on'} /></td>";
2578 }
2579 if (&haveOrangeNet()) {
2580 print "<tr><td class='boldbase'>$Lang::tr{'ovpn on orange'}</td>";
2581 print "<td><input type='checkbox' name='ENABLED_ORANGE' $checked{'ENABLED_ORANGE'}{'on'} /></td>";
2582 }
2583 print <<END
2584 <tr><td class='base' nowrap='nowrap' colspan='2'>$Lang::tr{'local vpn hostname/ip'}:<br /><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' size='30' /></td>
2585 <td class='boldbase' nowrap='nowrap' colspan='2'>$Lang::tr{'ovpn subnet'}<br /><input type='TEXT' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}' size='30' /></td></tr>
2586 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn device'}</td>
2587 <td><select name='DDEVICE' ><option value='tun' $selected{'DDEVICE'}{'tun'}>TUN</option>
2588 <option value='tap' $selected{'DDEVICE'}{'tap'}>TAP</option></select></td>
2589 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
2590 <td><select name='DPROTOCOL'><option value='udp' $selected{'DPROTOCOL'}{'udp'}>UDP</option>
2591 <option value='tcp' $selected{'DPROTOCOL'}{'tcp'}>TCP</option></select></td>
2592 <td class='boldbase'>$Lang::tr{'destination port'}:</td>
2593 <td><input type='TEXT' name='DDEST_PORT' value='$cgiparams{'DDEST_PORT'}' size='5' /></td></tr>
2594 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;</td>
2595 <td> <input type='TEXT' name='DMTU' VALUE='$cgiparams{'DMTU'}'size='5' /></TD>
2596 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
2597 <td><input type='checkbox' name='DCOMPLZO' $checked{'DCOMPLZO'}{'on'} /></td>
2598 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>
2599 <td><select name='DCIPHER'><option value='DES-CBC' $selected{'DCIPHER'}{'DES-CBC'}>DES-CBC</option>
2600 <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC</option>
2601 <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC</option>
2602 <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC</option>
2603 <option value='RC2-CBC' $selected{'DCIPHER'}{'RC2-CBC'}>RC2-CBC</option>
2604 <option value='RC2-40-CBC' $selected{'DCIPHER'}{'RC2-40-CBC'}>RC2-40-CBC</option>
2605 <option value='RC2-64-CBC' $selected{'DCIPHER'}{'RC2-64-CBC'}>RC2-64-CBC</option>
2606 <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC</option>
2607 <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>
2608 <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>
2609 <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>
2610 <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td>
2611 END
2612 ;
2613
2614 if ( $srunning eq "yes" ) {
2615 print "<tr><td align='left'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' disabled='disabled' /></td>";
2616 print "<td><input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' disabled='disabled'/></td>";
2617 print "<td><input type='submit' name='ACTION' value='$Lang::tr{'stop ovpn server'}' /></td>";
2618 print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' /></td></tr>";
2619 } else{
2620 print "<tr><td align='left'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>";
2621 print "<td><input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' /></td>";
2622 if (( -e "${General::swroot}/ovpn/ca/cacert.pem" &&
2623 -e "${General::swroot}/ovpn/ca/dh1024.pem" &&
2624 -e "${General::swroot}/ovpn/certs/servercert.pem" &&
2625 -e "${General::swroot}/ovpn/certs/serverkey.pem") &&
2626 (( $cgiparams{'ENABLED'} eq 'on') ||
2627 ( $cgiparams{'ENABLED_BLUE'} eq 'on') ||
2628 ( $cgiparams{'ENABLED_ORANGE'} eq 'on'))){
2629 print "<td><input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' /></td>";
2630 print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' /></td></tr>";
2631 } else {
2632 print "<td><input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' disabled='disabled' /></td>";
2633 print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' disabled='disabled' /></td></tr>";
2634 }
2635 }
2636 print "</form></table>";
2637 &Header::closebox();
2638 &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}:");
2639 print <<EOF#'
2640 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
2641 <tr>
2642 <td width='25%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td>
2643 <td width='65%' class='boldbase' align='center'><b>$Lang::tr{'subject'}</b></td>
2644 <td width='10%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></td>
2645 </tr>
2646 EOF
2647 ;
2648 if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
2649 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
2650 $casubject =~ /Subject: (.*)[\n]/;
2651 $casubject = $1;
2652 $casubject =~ s+/Email+, E+;
2653 $casubject =~ s/ ST=/ S=/;
2654
2655 print <<END
2656 <tr bgcolor='$color{'color22'}'>
2657 <td class='base'>$Lang::tr{'root certificate'}</td>
2658 <td class='base'>$casubject</td>
2659 <form method='post' name='frmrootcrta'><td width='3%' align='center'>
2660 <input type='hidden' name='ACTION' value='$Lang::tr{'show root certificate'}' />
2661 <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show root certificate'}' title='$Lang::tr{'show root certificate'}' width='20' height='20' border='0' />
2662 </td></form>
2663 <form method='post' name='frmrootcrtb'><td width='3%' align='center'>
2664 <input type='image' name='$Lang::tr{'download root certificate'}' src='/images/floppy.gif' alt='$Lang::tr{'download root certificate'}' title='$Lang::tr{'download root certificate'}' border='0' />
2665 <input type='hidden' name='ACTION' value='$Lang::tr{'download root certificate'}' />
2666 </td></form>
2667 <td width='4%'>&nbsp;</td></tr>
2668 END
2669 ;
2670 } else {
2671 # display rootcert generation buttons
2672 print <<END
2673 <tr bgcolor='$color{'color22'}'>
2674 <td class='base'>$Lang::tr{'root certificate'}:</td>
2675 <td class='base'>$Lang::tr{'not present'}</td>
2676 <td colspan='3'>&nbsp;</td></tr>
2677 END
2678 ;
2679 }
2680
2681 if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
2682 my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
2683 $hostsubject =~ /Subject: (.*)[\n]/;
2684 $hostsubject = $1;
2685 $hostsubject =~ s+/Email+, E+;
2686 $hostsubject =~ s/ ST=/ S=/;
2687
2688 print <<END
2689 <tr bgcolor='$color{'color20'}'>
2690 <td class='base'>$Lang::tr{'host certificate'}</td>
2691 <td class='base'>$hostsubject</td>
2692 <form method='post' name='frmhostcrta'><td width='3%' align='center'>
2693 <input type='hidden' name='ACTION' value='$Lang::tr{'show host certificate'}' />
2694 <input type='image' name='$Lang::tr{'show host certificate'}' src='/images/info.gif' alt='$Lang::tr{'show host certificate'}' title='$Lang::tr{'show host certificate'}' width='20' height='20' border='0' />
2695 </td></form>
2696 <form method='post' name='frmhostcrtb'><td width='3%' align='center'>
2697 <input type='image' name='$Lang::tr{'download host certificate'}' src='/images/floppy.gif' alt='$Lang::tr{'download host certificate'}' title='$Lang::tr{'download host certificate'}' border='0' />
2698 <input type='hidden' name='ACTION' value='$Lang::tr{'download host certificate'}' />
2699 </td></form>
2700 <td width='4%'>&nbsp;</td></tr>
2701 END
2702 ;
2703 } else {
2704 # Nothing
2705 print <<END
2706 <tr bgcolor='$color{'color20'}'>
2707 <td width='25%' class='base'>$Lang::tr{'host certificate'}:</td>
2708 <td class='base'>$Lang::tr{'not present'}</td>
2709 </td><td colspan='3'>&nbsp;</td></tr>
2710 END
2711 ;
2712 }
2713
2714 if (! -f "${General::swroot}/ovpn/ca/cacert.pem") {
2715 print "<tr><td colspan='5' align='center'><form method='post'>";
2716 print "<input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' />";
2717 print "</form></td></tr>\n";
2718 }
2719
2720 if (keys %cahash > 0) {
2721 foreach my $key (keys %cahash) {
2722 if (($key + 1) % 2) {
2723 print "<tr bgcolor='$color{'color20'}'>\n";
2724 } else {
2725 print "<tr bgcolor='$color{'color22'}'>\n";
2726 }
2727 print "<td class='base'>$cahash{$key}[0]</td>\n";
2728 print "<td class='base'>$cahash{$key}[1]</td>\n";
2729 print <<END
2730 <form method='post' name='cafrm${key}a'><td align='center'>
2731 <input type='image' name='$Lang::tr{'show ca certificate'}' src='/images/info.gif' alt='$Lang::tr{'show ca certificate'}' title='$Lang::tr{'show ca certificate'}' border='0' />
2732 <input type='hidden' name='ACTION' value='$Lang::tr{'show ca certificate'}' />
2733 <input type='hidden' name='KEY' value='$key' />
2734 </td></form>
2735 <form method='post' name='cafrm${key}b'><td align='center'>
2736 <input type='image' name='$Lang::tr{'download ca certificate'}' src='/images/floppy.gif' alt='$Lang::tr{'download ca certificate'}' title='$Lang::tr{'download ca certificate'}' border='0' />
2737 <input type='hidden' name='ACTION' value='$Lang::tr{'download ca certificate'}' />
2738 <input type='hidden' name='KEY' value='$key' />
2739 </td></form>
2740 <form method='post' name='cafrm${key}c'><td align='center'>
2741 <input type='hidden' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
2742 <input type='image' name='$Lang::tr{'remove ca certificate'}' src='/images/delete.gif' alt='$Lang::tr{'remove ca certificate'}' title='$Lang::tr{'remove ca certificate'}' width='20' height='20' border='0' />
2743 <input type='hidden' name='KEY' value='$key' />
2744 </td></form></tr>
2745 END
2746 ;
2747 }
2748 }
2749
2750 print "</table>";
2751
2752 # If the file contains entries, print Key to action icons
2753 if ( -f "${General::swroot}/ovpn/ca/cacert.pem") {
2754 print <<END
2755 <table>
2756 <tr>
2757 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
2758 <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
2759 <td class='base'>$Lang::tr{'show certificate'}</td>
2760 <td>&nbsp; &nbsp; <img src='/images/floppy.gif' alt='$Lang::tr{'download certificate'}' /></td>
2761 <td class='base'>$Lang::tr{'download certificate'}</td>
2762 </tr>
2763 </table>
2764 END
2765 ;
2766 }
2767 print <<END
2768 <form method='post' enctype='multipart/form-data'>
2769 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
2770 <tr><td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td>
2771 <td nowrap='nowrap'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' />
2772 <td nowrap='nowrap'><input type='file' name='FH' size='30' /></td>
2773 <td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /><br /><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td>
2774 </tr></table></form>
2775 END
2776 ;
2777
2778 &Header::closebox();
2779 if ( $srunning eq "yes" ) {
2780 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' disabled='disabled' /></div></form>\n";
2781 }else{
2782 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' /></div></form>\n";
2783 }
2784 if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
2785 &Header::openbox('100%', 'LEFT', $Lang::tr{'Client status and controlc' });
2786 print <<END
2787 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
2788 <tr>
2789 <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td>
2790 <td width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></td>
2791 <td width='18%' class='boldbase' align='center'><b>$Lang::tr{'common name'}</b></td>
2792 <td width='17%' class='boldbase' align='center'><b>$Lang::tr{'valid till'}</b></td>
2793 <td width='25%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b><br /><img src='/images/null.gif' width='125' height='1' border='0' alt='L2089' /></td>
2794 <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></td>
2795 <td width='5%' class='boldbase' colspan='6' align='center'><b>$Lang::tr{'action'}</b></td>
2796 </tr>
2797 END
2798 ;
2799 my $id = 0;
2800 my $gif;
2801 foreach my $key (keys %confighash) {
2802 if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
2803
2804 if ($id % 2) {
2805 print "<tr bgcolor='$color{'color20'}'>\n";
2806 } else {
2807 print "<tr bgcolor='$color{'color22'}'>\n";
2808 }
2809 print "<td align='center' nowrap='nowrap'>$confighash{$key}[1]</td>";
2810 print "<td align='center' nowrap='nowrap'>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>";
2811 if ($confighash{$key}[4] eq 'cert') {
2812 print "<td align='left' nowrap='nowrap'>$confighash{$key}[2]</td>";
2813 } else {
2814 print "<td align='left'>&nbsp;</td>";
2815 }
2816 my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
2817 $cavalid =~ /Not After : (.*)[\n]/;
2818 $cavalid = $1;
2819 print "<td align='center'>$cavalid</td>";
2820 print "<td align='center'>$confighash{$key}[25]</td>";
2821 my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
2822 if ($confighash{$key}[0] eq 'off') {
2823 $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
2824 } else {
2825 my $cn;
2826 my @match = ();
2827 foreach my $line (@status) {
2828 chomp($line);
2829 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
2830 @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
2831 if ($match[1] ne "Common Name") {
2832 $cn = $match[1];
2833 }
2834 $cn =~ s/[_]/ /g;
2835 if ($cn eq "$confighash{$key}[2]") {
2836 $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>";
2837 }
2838 }
2839 }
2840 }
2841 my $disable_clientdl = "disabled='disabled'";
2842 if (( $cgiparams{'ENABLED'} eq 'on') ||
2843 ( $cgiparams{'ENABLED_BLUE'} eq 'on') ||
2844 ( $cgiparams{'ENABLED_ORANGE'} eq 'on')){
2845 $disable_clientdl = "";
2846 }
2847 print <<END
2848 <td align='center'>$active</td>
2849
2850 <form method='post' name='frm${key}a'><td align='center'>
2851 <input type='image' name='$Lang::tr{'dl client arch'}' $disable_clientdl src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
2852 <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' $disable_clientdl />
2853 <input type='hidden' name='KEY' value='$key' $disable_clientdl />
2854 </td></form>
2855 END
2856 ;
2857 if ($confighash{$key}[4] eq 'cert') {
2858 print <<END
2859 <form method='post' name='frm${key}b'><td align='center'>
2860 <input type='image' name='$Lang::tr{'show certificate'}' src='/images/info.gif' alt='$Lang::tr{'show certificate'}' title='$Lang::tr{'show certificate'}' border='0' />
2861 <input type='hidden' name='ACTION' value='$Lang::tr{'show certificate'}' />
2862 <input type='hidden' name='KEY' value='$key' />
2863 </td></form>
2864 END
2865 ; } else {
2866 print "<td>&nbsp;</td>";
2867 }
2868 if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") {
2869 print <<END
2870 <form method='post' name='frm${key}c'><td align='center'>
2871 <input type='image' name='$Lang::tr{'download pkcs12 file'}' src='/images/floppy.gif' alt='$Lang::tr{'download pkcs12 file'}' title='$Lang::tr{'download pkcs12 file'}' border='0' />
2872 <input type='hidden' name='ACTION' value='$Lang::tr{'download pkcs12 file'}' />
2873 <input type='hidden' name='KEY' value='$key' />
2874 </td></form>
2875 END
2876 ; } elsif ($confighash{$key}[4] eq 'cert') {
2877 print <<END
2878 <form method='post' name='frm${key}c'><td align='center'>
2879 <input type='image' name='$Lang::tr{'download certificate'}' src='/images/floppy.gif' alt='$Lang::tr{'download certificate'}' title='$Lang::tr{'download certificate'}' border='0' />
2880 <input type='hidden' name='ACTION' value='$Lang::tr{'download certificate'}' />
2881 <input type='hidden' name='KEY' value='$key' />
2882 </td></form>
2883 END
2884 ; } else {
2885 print "<td>&nbsp;</td>";
2886 }
2887 print <<END
2888 <form method='post' name='frm${key}d'><td align='center'>
2889 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$Lang::tr{'toggle enable disable'}' title='$Lang::tr{'toggle enable disable'}' border='0' />
2890 <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
2891 <input type='hidden' name='KEY' value='$key' />
2892 </td></form>
2893
2894 <form method='post' name='frm${key}e'><td align='center'>
2895 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
2896 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' width='20' height='20' border='0'/>
2897 <input type='hidden' name='KEY' value='$key' />
2898 </td></form>
2899 <form method='post' name='frm${key}f'><td align='center'>
2900 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
2901 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' width='20' height='20' border='0' />
2902 <input type='hidden' name='KEY' value='$key' />
2903 </td></form>
2904 </tr>
2905 END
2906 ;
2907 $id++;
2908 }
2909 ;
2910
2911 # If the config file contains entries, print Key to action icons
2912 if ( $id ) {
2913 print <<END
2914 <table>
2915 <tr>
2916 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
2917 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
2918 <td class='base'>$Lang::tr{'click to disable'}</td>
2919 <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
2920 <td class='base'>$Lang::tr{'show certificate'}</td>
2921 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
2922 <td class='base'>$Lang::tr{'edit'}</td>
2923 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
2924 <td class='base'>$Lang::tr{'remove'}</td>
2925 </tr>
2926 <tr>
2927 <td>&nbsp; </td>
2928 <td>&nbsp; <img src='/images/off.gif' alt='?OFF' /></td>
2929 <td class='base'>$Lang::tr{'click to enable'}</td>
2930 <td>&nbsp; &nbsp; <img src='/images/floppy.gif' alt='?FLOPPY' /></td>
2931 <td class='base'>$Lang::tr{'download certificate'}</td>
2932 <td>&nbsp; &nbsp; <img src='/images/openvpn.png' alt='?RELOAD'/></td>
2933 <td class='base'>$Lang::tr{'dl client arch'}</td>
2934 </tr>
2935 </table>
2936 END
2937 ;
2938 }
2939
2940 print <<END
2941 <table width='100%'>
2942 <form method='post'>
2943 <tr><td width='50%' ><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td>
2944 <td width='50%' ><input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td></tr>
2945 </form>
2946 </table>
2947 END
2948 ;
2949 &Header::closebox();
2950 }
2951 &Header::closepage();
Peter's tree of IPFire 2.x