]>
git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blob - html/cgi-bin/ovpnmain.cgi
2 # based on SmoothWall and IPCop CGIs
4 # This code is distributed under the terms of the GPL
5 # Main idea from zeroconcept
6 # ZERNINA-VERSION:0.9.7a7
7 # (c) 2005 Ufuk Altinkaynak
9 # Ipcop and OpenVPN eas as one two three..
13 use CGI qw
/:standard/ ;
16 use File
:: Temp qw
/ tempfile tempdir / ;
18 use Archive
:: Zip
qw(:ERROR_CODES :CONSTANTS) ;
20 require '/var/ipfire/general-functions.pl' ;
21 require '/home/httpd/cgi-bin/ovpnfunc.pl' ;
22 require "${General::swroot}/lang.pl" ;
23 require "${General::swroot}/header.pl" ;
24 require "${General::swroot}/countries.pl" ;
26 # enable only the following on debugging purpose
28 #use CGI::Carp 'fatalsToBrowser';
29 #workaround to suppress a warning when a variable is used only once
30 my @dummy = ( ${ Header
:: colourgreen
} );
36 ### Initialize variables
46 my $errormessage = '' ;
48 my $zerinaclient = '' ;
49 & General
:: readhash
( "${General::swroot}/ethernet/settings" , \
%netsettings );
50 $cgiparams { 'ENABLED' } = 'off' ;
51 $cgiparams { 'ENABLED_BLUE' } = 'off' ;
52 $cgiparams { 'ENABLED_ORANGE' } = 'off' ;
53 $cgiparams { 'EDIT_ADVANCED' } = 'off' ;
54 $cgiparams { 'NAT' } = 'off' ;
55 $cgiparams { 'COMPRESSION' } = 'off' ;
56 $cgiparams { 'ONLY_PROPOSED' } = 'off' ;
57 $cgiparams { 'ACTION' } = '' ;
58 $cgiparams { 'CA_NAME' } = '' ;
59 $cgiparams { 'DHCP_DOMAIN' } = '' ;
60 $cgiparams { 'DHCP_DNS' } = '' ;
61 $cgiparams { 'DHCP_WINS' } = '' ;
62 $cgiparams { 'DCOMPLZO' } = 'off' ;
63 & Header
:: getcgihash
( \
%cgiparams , { 'wantfile' => 1 , 'filevar' => 'FH' });
65 # prepare openvpn config file
71 ### OpenVPN Server Control
73 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'start ovpn server' } ||
74 $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'stop ovpn server' } ||
75 $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'restart ovpn server' }) {
76 my $serveractive = `/bin/ps ax|grep server.conf|grep -v grep|awk \' {print \ $1 } \' ` ;
78 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'start ovpn server' }){
79 & Ovpnfunc
:: emptyserverlog
();
80 system ( '/usr/local/bin/openvpnctrl' , '-s' );
83 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'stop ovpn server' }){
84 if ( $serveractive ne '' ){
85 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $serveractive );
87 system ( '/usr/local/bin/openvpnctrl' , '-k' );
88 & Ovpnfunc
:: emptyserverlog
();
90 # #restart openvpn server
91 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'restart ovpn server' }){
92 #workarund, till SIGHUP also works when running as nobody
93 if ( $serveractive ne '' ){
94 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $serveractive );
96 system ( '/usr/local/bin/openvpnctrl' , '-k' );
97 & Ovpnfunc
:: emptyserverlog
();
98 system ( '/usr/local/bin/openvpnctrl' , '-s' );
103 ### Save Advanced options
106 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save-adv-options' }) {
107 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
108 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
109 #DAN this value has to leave.
110 #new settings for daemon
111 $vpnsettings { 'LOG_VERB' } = $cgiparams { 'LOG_VERB' };
112 $vpnsettings { 'KEEPALIVE_1' } = $cgiparams { 'KEEPALIVE_1' };
113 $vpnsettings { 'KEEPALIVE_2' } = $cgiparams { 'KEEPALIVE_2' };
114 $vpnsettings { 'MAX_CLIENTS' } = $cgiparams { 'MAX_CLIENTS' };
115 $vpnsettings { 'REDIRECT_GW_DEF1' } = $cgiparams { 'REDIRECT_GW_DEF1' };
116 $vpnsettings { 'CLIENT2CLIENT' } = $cgiparams { 'CLIENT2CLIENT' };
117 $vpnsettings { 'DHCP_DOMAIN' } = $cgiparams { 'DHCP_DOMAIN' };
118 $vpnsettings { 'DHCP_DNS' } = $cgiparams { 'DHCP_DNS' };
119 $vpnsettings { 'DHCP_WINS' } = $cgiparams { 'DHCP_WINS' };
120 #additional push route
121 $vpnsettings { 'AD_ROUTE1' } = $cgiparams { 'AD_ROUTE1' };
122 $vpnsettings { 'AD_ROUTE2' } = $cgiparams { 'AD_ROUTE2' };
123 $vpnsettings { 'AD_ROUTE3' } = $cgiparams { 'AD_ROUTE3' };
124 #additional push route
126 #################################################################################
127 # Added by Philipp Jenni #
129 # Contact: philipp.jenni-at-gmx.ch #
131 # Description: Add the FAST-IO Parameter from OpenVPN to the Zerina Config #
132 # Add the NICE Parameter from OpenVPN to the Zerina Config #
133 # Add the MTU-DISC Parameter from OpenVPN to the Zerina Config #
134 # Add the MSSFIX Parameter from OpenVPN to the Zerina Config #
135 # Add the FRAMGMENT Parameter from OpenVPN to the Zerina Config #
136 #################################################################################
137 $vpnsettings { 'EXTENDED_FASTIO' } = $cgiparams { 'EXTENDED_FASTIO' };
138 $vpnsettings { 'EXTENDED_NICE' } = $cgiparams { 'EXTENDED_NICE' };
139 $vpnsettings { 'EXTENDED_MTUDISC' } = $cgiparams { 'EXTENDED_MTUDISC' };
140 $vpnsettings { 'EXTENDED_MSSFIX' } = $cgiparams { 'EXTENDED_MSSFIX' };
141 $vpnsettings { 'EXTENDED_FRAGMENT' } = $cgiparams { 'EXTENDED_FRAGMENT' };
142 #################################################################################
143 # End of Inserted Data #
144 #################################################################################
147 if ( $cgiparams { 'DHCP_DOMAIN' } ne '' ){
148 unless (& General
:: validfqdn
( $cgiparams { 'DHCP_DOMAIN' }) || & General
:: validip
( $cgiparams { 'DHCP_DOMAIN' })) {
149 $errormessage = $Lang :: tr
{ 'invalid input for dhcp domain' };
153 if ( $cgiparams { 'DHCP_DNS' } ne '' ){
154 unless (& General
:: validfqdn
( $cgiparams { 'DHCP_DNS' }) || & General
:: validip
( $cgiparams { 'DHCP_DNS' })) {
155 $errormessage = $Lang :: tr
{ 'invalid input for dhcp dns' };
159 if ( $cgiparams { 'DHCP_WINS' } ne '' ){
160 unless (& General
:: validfqdn
( $cgiparams { 'DHCP_WINS' }) || & General
:: validip
( $cgiparams { 'DHCP_WINS' })) {
161 $errormessage = $Lang :: tr
{ 'invalid input for dhcp wins' };
165 if ( $cgiparams { 'AD_ROUTE1' } ne '' ){
166 if (! & General
:: validipandmask
( $cgiparams { 'AD_ROUTE1' })) {
167 $errormessage = $Lang :: tr
{ 'route subnet is invalid' };
171 if ( $cgiparams { 'AD_ROUTE2' } ne '' ){
172 if (! & General
:: validipandmask
( $cgiparams { 'AD_ROUTE2' })) {
173 $errormessage = $Lang :: tr
{ 'route subnet is invalid' };
177 if ( $cgiparams { 'AD_ROUTE3' } ne '' ){
178 if (! & General
:: validipandmask
( $cgiparams { 'AD_ROUTE3' })) {
179 $errormessage = $Lang :: tr
{ 'route subnet is invalid' };
184 if (( length ( $cgiparams { 'MAX_CLIENTS' }) == 0 ) || (( $cgiparams { 'MAX_CLIENTS' }) < 1 ) || (( $cgiparams { 'MAX_CLIENTS' }) > 255 )) {
185 $errormessage = $Lang :: tr
{ 'invalid input for max clients' };
188 if ( $cgiparams { 'KEEPALIVE_1' } ne '' ) {
189 if ( $cgiparams { 'KEEPALIVE_1' } !~ /^[0-9]+$/ ) {
190 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 1' };
194 if ( $cgiparams { 'KEEPALIVE_2' } ne '' ){
195 if ( $cgiparams { 'KEEPALIVE_2' } !~ /^[0-9]+$/ ) {
196 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 2' };
200 if ( $cgiparams { 'KEEPALIVE_2' } < ( $cgiparams { 'KEEPALIVE_1' } * 2 )){
201 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 1:2' };
205 & General
:: writehash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
206 & Ovpnfunc
:: writeserverconf
(); #hier ok
210 ### Save main settings
212 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' } && $cgiparams { 'TYPE' } eq '' && $cgiparams { 'KEY' } eq '' ) {
213 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
214 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
215 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
216 #DAN this value has to leave.
217 if ( $cgiparams { 'ENABLED' } eq 'on' ){
218 unless (& General
:: validfqdn
( $cgiparams { 'VPN_IP' }) || & General
:: validip
( $cgiparams { 'VPN_IP' })) {
219 $errormessage = $Lang :: tr
{ 'invalid input for hostname' };
223 if ( $cgiparams { 'ENABLED' } eq 'on' ){
224 $errormessage = & Ovpnfunc
:: disallowreserved
( $cgiparams { 'DDEST_PORT' }, 0 , $cgiparams { 'DPROTOCOL' }, "dest" );
226 if ( $errormessage ) { goto SETTINGS_ERROR
; }
229 if ( $cgiparams { 'ENABLED' } eq 'on' ){
230 $errormessage = & Ovpnfunc
:: checkportfw
( 0 , $cgiparams { 'DDEST_PORT' }, $cgiparams { 'DPROTOCOL' }, '0.0.0.0' );
233 if ( $errormessage ) { goto SETTINGS_ERROR
; }
235 if (! & General
:: validipandmask
( $cgiparams { 'DOVPN_SUBNET' })) {
236 $errormessage = $Lang :: tr
{ 'ovpn subnet is invalid' };
239 my @tmpovpnsubnet = split ( "\/" , $cgiparams { 'DOVPN_SUBNET' });
240 $tmpovpnsubnet [ 1 ] = & Ovpnfunc
:: cidrormask
( $tmpovpnsubnet [ 1 ]);
241 $cgiparams { 'DOVPN_SUBNET' } = " $tmpovpnsubnet [0]/ $tmpovpnsubnet [1]" ; #convert from cidr
243 $errormessage = & Ovpnfunc
:: ovelapplausi
( $tmpovpnsubnet [ 0 ], $tmpovpnsubnet [ 1 ]);
245 if ( $errormessage ne '' ){
248 if ( $cgiparams { 'ENABLED' } !~ /^(on|off)$/ ) {
249 $errormessage = $Lang :: tr
{ 'invalid input' };
252 if (( length ( $cgiparams { 'DMTU' })== 0 ) || (( $cgiparams { 'DMTU' }) < 1000 )) {
253 $errormessage = $Lang :: tr
{ 'invalid mtu input' };
257 unless (& General
:: validport
( $cgiparams { 'DDEST_PORT' })) {
258 $errormessage = $Lang :: tr
{ 'invalid port' };
262 foreach my $dkey ( keys %confighash ) { #Check if there is no other entry with this name
263 if ( $confighash { $dkey }[ 14 ] eq $cgiparams { 'DPROTOCOL' } && $confighash { $dkey }[ 15 ] eq $cgiparams { 'DDEST_PORT' }){
264 $errormessage = "Choosed Protocol/Port combination is already used by connection: $confighash { $dkey }[1]" ;
269 $vpnsettings { 'ENABLED_BLUE' } = $cgiparams { 'ENABLED_BLUE' };
270 $vpnsettings { 'ENABLED_ORANGE' } = $cgiparams { 'ENABLED_ORANGE' };
271 $vpnsettings { 'ENABLED' } = $cgiparams { 'ENABLED' };
272 $vpnsettings { 'VPN_IP' } = $cgiparams { 'VPN_IP' };
273 #new settings for daemon
274 $vpnsettings { 'DOVPN_SUBNET' } = $cgiparams { 'DOVPN_SUBNET' };
275 $vpnsettings { 'DDEVICE' } = $cgiparams { 'DDEVICE' };
276 $vpnsettings { 'DPROTOCOL' } = $cgiparams { 'DPROTOCOL' };
277 $vpnsettings { 'DDEST_PORT' } = $cgiparams { 'DDEST_PORT' };
278 $vpnsettings { 'DMTU' } = $cgiparams { 'DMTU' };
279 $vpnsettings { 'DCOMPLZO' } = $cgiparams { 'DCOMPLZO' };
280 $vpnsettings { 'DCIPHER' } = $cgiparams { 'DCIPHER' };
281 #new settings for daemon
282 & General
:: writehash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
283 & Ovpnfunc
:: writeserverconf
(); #hier ok
288 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'reset' } && $cgiparams { 'AREUSURE' } eq 'yes' ) {
290 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
292 foreach my $key ( keys %confighash ) {
293 if ( $confighash { $key }[ 4 ] eq 'cert' ) {
294 delete $confighash { $cgiparams { ' $key ' }};
297 while ( $file = glob ( "${General::swroot}/ovpn/ca/*" )) {
300 while ( $file = glob ( "${General::swroot}/ovpn/certs/*" )) {
303 while ( $file = glob ( "${General::swroot}/ovpn/crls/*" )) {
306 & Ovpnfunc
:: cleanssldatabase
();
307 if ( open ( FILE
, ">${General::swroot}/ovpn/caconfig" )) {
311 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
315 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'reset' }) {
316 & Header
:: showhttpheaders
();
317 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
318 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
319 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'are you sure' });
321 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
322 <tr><td align='center'>
323 <b><font color='${Header::colourred}'> $Lang ::tr{'capswarning'}</font></b>:
324 $Lang ::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}
325 <tr><td align='center'><input type='submit' name='ACTION' value=' $Lang ::tr{'reset'}' />
326 <input type='submit' name='ACTION' value=' $Lang ::tr{'cancel'}' /></td></tr>
331 & Header
:: closebigbox
();
332 & Header
:: closepage
();
336 ### Upload CA Certificate
338 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'upload ca certificate' }) {
339 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
341 if ( $cgiparams { 'CA_NAME' } !~ /^[a-zA-Z0-9]+$/ ) {
342 $errormessage = $Lang :: tr
{ 'name must only contain characters' };
346 if ( length ( $cgiparams { 'CA_NAME' }) > 60 ) {
347 $errormessage = $Lang :: tr
{ 'name too long' };
351 if ( $cgiparams { 'CA_NAME' } eq 'ca' ) {
352 $errormessage = $Lang :: tr
{ 'name is invalid' };
353 goto UPLOAD_CA_ERROR
;
356 # Check if there is no other entry with this name
357 foreach my $key ( keys %cahash ) {
358 if ( $cahash { $key }[ 0 ] eq $cgiparams { 'CA_NAME' }) {
359 $errormessage = $Lang :: tr
{ 'a ca certificate with this name already exists' };
364 if ( ref ( $cgiparams { 'FH' }) ne 'Fh' ) {
365 $errormessage = $Lang :: tr
{ 'there was no file upload' };
368 # Move uploaded ca to a temporary file
369 ( my $fh , my $filename ) = tempfile
( );
370 if ( copy
( $cgiparams { 'FH' }, $fh ) != 1 ) {
374 my $temp = `/usr/bin/openssl x509 -text -in $filename ` ;
375 if ( $temp !~ /CA:TRUE/i ) {
376 $errormessage = $Lang :: tr
{ 'not a valid ca certificate' };
380 move
( $filename , "${General::swroot}/ovpn/ca/ $cgiparams {'CA_NAME'}cert.pem" );
382 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
388 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/ $cgiparams {'CA_NAME'}cert.pem` ;
389 $casubject =~ /Subject: (.*)[\n]/ ;
391 $casubject =~ s
+/ Email
+, E
+;
392 $casubject =~ s/ ST=/ S=/ ;
393 $casubject = & Header
:: cleanhtml
( $casubject );
395 my $key = & General
:: findhasharraykey
( \
%cahash );
396 $cahash { $key }[ 0 ] = $cgiparams { 'CA_NAME' };
397 $cahash { $key }[ 1 ] = $casubject ;
398 & General
:: writehasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
402 ### Display ca certificate
404 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'show ca certificate' }) {
405 & Ovpnfunc
:: displayca
( $cgiparams { 'KEY' });
407 ### Download ca certificate
409 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'download ca certificate' }) {
410 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
412 if ( - f
"${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem" ) {
413 print "Content-Type: application/octet-stream \r\n " ;
414 print "Content-Disposition: filename= $cahash { $cgiparams {'KEY'}}[0]cert.pem \r\n\r\n " ;
415 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem` ;
418 $errormessage = $Lang :: tr
{ 'invalid key' };
422 ### Remove ca certificate (step 2)
424 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'remove ca certificate' } && $cgiparams { 'AREUSURE' } eq 'yes' ) {
425 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
426 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
428 if ( - f
"${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem" ) {
429 foreach my $key ( keys %confighash ) {
430 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/ $confighash { $key }[1]cert.pem` ;
431 if ( $test =~ /: OK/ ) {
432 unlink ( "${General::swroot}/ovpn//certs/ $confighash { $key }[1]cert.pem" );
433 unlink ( "${General::swroot}/ovpn/certs/ $confighash { $key }[1].p12" );
434 delete $confighash { $key };
435 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
438 unlink ( "${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem" );
439 delete $cahash { $cgiparams { 'KEY' }};
440 & General
:: writehasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
442 $errormessage = $Lang :: tr
{ 'invalid key' };
445 ### Remove ca certificate (step 1)
447 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'remove ca certificate' }) {
448 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
449 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
451 my $assignedcerts = 0 ;
452 if ( - f
"${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem" ) {
453 foreach my $key ( keys %confighash ) {
454 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/ $confighash { $key }[1]cert.pem` ;
455 if ( $test =~ /: OK/ ) {
459 if ( $assignedcerts ) {
460 & Header
:: showhttpheaders
();
461 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
462 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
463 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'are you sure' });
465 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
466 <input type='hidden' name='KEY' value=' $cgiparams {'KEY'}' />
467 <tr><td align='center'>
468 <b><font color='${Header::colourred}'> $Lang ::tr{'capswarning'}</font></b>: $assignedcerts
469 $Lang ::tr{'connections are associated with this ca. deleting the ca will delete these connections as well.'}
470 <tr><td align='center'><input type='submit' name='ACTION' value=' $Lang ::tr{'remove ca certificate'}' />
471 <input type='submit' name='ACTION' value=' $Lang ::tr{'cancel'}' /></td></tr>
476 & Header
:: closebigbox
();
477 & Header
:: closepage
();
480 unlink ( "${General::swroot}/ovpn/ca/ $cahash { $cgiparams {'KEY'}}[0]cert.pem" );
481 delete $cahash { $cgiparams { 'KEY' }};
482 & General
:: writehasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
483 # system('/usr/local/bin/ipsecctrl', 'R');
486 $errormessage = $Lang :: tr
{ 'invalid key' };
490 ### Display root certificate
492 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'show root certificate' } || $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'show host certificate' }) {
493 & Ovpnfunc
:: displayroothost
( $cgiparams { 'ACTION' });
495 ### Download root certificate
497 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'download root certificate' }) {
498 if ( - f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
499 print "Content-Type: application/octet-stream \r\n " ;
500 print "Content-Disposition: filename=cacert.pem \r\n\r\n " ;
501 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/cacert.pem` ;
506 ### Download host certificate
508 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'download host certificate' }) {
509 if ( - f
"${General::swroot}/ovpn/certs/servercert.pem" ) {
510 print "Content-Type: application/octet-stream \r\n " ;
511 print "Content-Disposition: filename=servercert.pem \r\n\r\n " ;
512 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem` ;
516 ### Form for generating a root certificate
518 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'generate root/host certificates' } ||
519 $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'upload p12 file' }) {
521 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
522 if (- f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
523 $errormessage = $Lang :: tr
{ 'valid root certificate already exists' };
524 $cgiparams { 'ACTION' } = '' ;
528 if (( $cgiparams { 'ROOTCERT_HOSTNAME' } eq '' ) && - e
"${General::swroot}/red/active" ) {
529 if ( open ( IPADDR
, "${General::swroot}/red/local-ipaddress" )) {
530 my $ipaddr = < IPADDR
>;
533 $cgiparams { 'ROOTCERT_HOSTNAME' } = ( gethostbyaddr ( pack ( "C4" , split ( /\./ , $ipaddr )), 2 ))[ 0 ];
534 if ( $cgiparams { 'ROOTCERT_HOSTNAME' } eq '' ) {
535 $cgiparams { 'ROOTCERT_HOSTNAME' } = $ipaddr ;
538 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'upload p12 file' }) {
540 if ( ref ( $cgiparams { 'FH' }) ne 'Fh' ) {
541 $errormessage = $Lang :: tr
{ 'there was no file upload' };
545 # Move uploaded certificate request to a temporary file
546 ( my $fh , my $filename ) = tempfile
( );
547 if ( copy
( $cgiparams { 'FH' }, $fh ) != 1 ) {
552 # Create a temporary dirctory
553 my $tempdir = tempdir
( CLEANUP
=> 1 );
555 # Extract the CA certificate from the file
556 my $pid = open ( OPENSSL
, "|-" );
557 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto ROOTCERT_ERROR
;};
559 if ( $cgiparams { 'P12_PASS' } ne '' ) {
560 print OPENSSL
" $cgiparams {'P12_PASS'} \n " ;
564 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
569 unless ( exec ( '/usr/bin/openssl' , 'pkcs12' , '-cacerts' , '-nokeys' ,
571 '-out' , " $tempdir /cacert.pem" )) {
572 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
578 # Extract the Host certificate from the file
579 $pid = open ( OPENSSL
, "|-" );
580 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto ROOTCERT_ERROR
;};
582 if ( $cgiparams { 'P12_PASS' } ne '' ) {
583 print OPENSSL
" $cgiparams {'P12_PASS'} \n " ;
587 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
592 unless ( exec ( '/usr/bin/openssl' , 'pkcs12' , '-clcerts' , '-nokeys' ,
594 '-out' , " $tempdir /hostcert.pem" )) {
595 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
601 # Extract the Host key from the file
602 $pid = open ( OPENSSL
, "|-" );
603 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto ROOTCERT_ERROR
;};
605 if ( $cgiparams { 'P12_PASS' } ne '' ) {
606 print OPENSSL
" $cgiparams {'P12_PASS'} \n " ;
610 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
615 unless ( exec ( '/usr/bin/openssl' , 'pkcs12' , '-nocerts' ,
618 '-out' , " $tempdir /serverkey.pem" )) {
619 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
625 move
( " $tempdir /cacert.pem" , "${General::swroot}/ovpn/ca/cacert.pem" );
627 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
629 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
630 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
631 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
635 move
( " $tempdir /hostcert.pem" , "${General::swroot}/ovpn/certs/servercert.pem" );
637 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
639 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
640 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
641 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
645 move
( " $tempdir /serverkey.pem" , "${General::swroot}/ovpn/certs/serverkey.pem" );
647 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
649 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
650 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
651 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
655 goto ROOTCERT_SUCCESS
;
657 } elsif ( $cgiparams { 'ROOTCERT_COUNTRY' } ne '' ) {
659 # Validate input since the form was submitted
660 if ( $cgiparams { 'ROOTCERT_ORGANIZATION' } eq '' ){
661 $errormessage = $Lang :: tr
{ 'organization cant be empty' };
664 if ( length ( $cgiparams { 'ROOTCERT_ORGANIZATION' }) > 60 ) {
665 $errormessage = $Lang :: tr
{ 'organization too long' };
668 if ( $cgiparams { 'ROOTCERT_ORGANIZATION' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
669 $errormessage = $Lang :: tr
{ 'invalid input for organization' };
672 if ( $cgiparams { 'ROOTCERT_HOSTNAME' } eq '' ){
673 $errormessage = $Lang :: tr
{ 'hostname cant be empty' };
676 unless (& General
:: validfqdn
( $cgiparams { 'ROOTCERT_HOSTNAME' }) || & General
:: validip
( $cgiparams { 'ROOTCERT_HOSTNAME' })) {
677 $errormessage = $Lang :: tr
{ 'invalid input for hostname' };
680 if ( $cgiparams { 'ROOTCERT_EMAIL' } ne '' && (! & General
:: validemail
( $cgiparams { 'ROOTCERT_EMAIL' }))) {
681 $errormessage = $Lang :: tr
{ 'invalid input for e-mail address' };
684 if ( length ( $cgiparams { 'ROOTCERT_EMAIL' }) > 40 ) {
685 $errormessage = $Lang :: tr
{ 'e-mail address too long' };
688 if ( $cgiparams { 'ROOTCERT_OU' } ne '' && $cgiparams { 'ROOTCERT_OU' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
689 $errormessage = $Lang :: tr
{ 'invalid input for department' };
692 if ( $cgiparams { 'ROOTCERT_CITY' } ne '' && $cgiparams { 'ROOTCERT_CITY' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
693 $errormessage = $Lang :: tr
{ 'invalid input for city' };
696 if ( $cgiparams { 'ROOTCERT_STATE' } ne '' && $cgiparams { 'ROOTCERT_STATE' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
697 $errormessage = $Lang :: tr
{ 'invalid input for state or province' };
700 if ( $cgiparams { 'ROOTCERT_COUNTRY' } !~ /^[A-Z]*$/ ) {
701 $errormessage = $Lang :: tr
{ 'invalid input for country' };
705 # Copy the cgisettings to vpnsettings and save the configfile
706 $vpnsettings { 'ROOTCERT_ORGANIZATION' } = $cgiparams { 'ROOTCERT_ORGANIZATION' };
707 $vpnsettings { 'ROOTCERT_HOSTNAME' } = $cgiparams { 'ROOTCERT_HOSTNAME' };
708 $vpnsettings { 'ROOTCERT_EMAIL' } = $cgiparams { 'ROOTCERT_EMAIL' };
709 $vpnsettings { 'ROOTCERT_OU' } = $cgiparams { 'ROOTCERT_OU' };
710 $vpnsettings { 'ROOTCERT_CITY' } = $cgiparams { 'ROOTCERT_CITY' };
711 $vpnsettings { 'ROOTCERT_STATE' } = $cgiparams { 'ROOTCERT_STATE' };
712 $vpnsettings { 'ROOTCERT_COUNTRY' } = $cgiparams { 'ROOTCERT_COUNTRY' };
713 & General
:: writehash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
715 # Replace empty strings with a .
716 ( my $ou = $cgiparams { 'ROOTCERT_OU' }) =~ s/^\s*$/\./ ;
717 ( my $city = $cgiparams { 'ROOTCERT_CITY' }) =~ s/^\s*$/\./ ;
718 ( my $state = $cgiparams { 'ROOTCERT_STATE' }) =~ s/^\s*$/\./ ;
721 #system ('/bin/touch', "${General::swroot}/ovpn/gencanow");
723 # Create the CA certificate
724 my $pid = open ( OPENSSL
, "|-" );
725 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto ROOTCERT_ERROR
;};
727 print OPENSSL
" $cgiparams {'ROOTCERT_COUNTRY'} \n " ;
728 print OPENSSL
" $state \n " ;
729 print OPENSSL
" $city \n " ;
730 print OPENSSL
" $cgiparams {'ROOTCERT_ORGANIZATION'} \n " ;
731 print OPENSSL
" $ou \n " ;
732 print OPENSSL
" $cgiparams {'ROOTCERT_ORGANIZATION'} CA \n " ;
733 print OPENSSL
" $cgiparams {'ROOTCERT_EMAIL'} \n " ;
736 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
737 unlink ( "${General::swroot}/ovpn/ca/cakey.pem" );
738 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
742 unless ( exec ( '/usr/bin/openssl' , 'req' , '-x509' , '-nodes' , '-rand' , '/proc/interrupts:/proc/net/rt_cache' ,
743 '-days' , '999999' , '-newkey' , 'rsa:2048' ,
744 '-keyout' , "${General::swroot}/ovpn/ca/cakey.pem" ,
745 '-out' , "${General::swroot}/ovpn/ca/cacert.pem" ,
746 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
747 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
752 # Create the Host certificate request
753 $pid = open ( OPENSSL
, "|-" );
754 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto ROOTCERT_ERROR
;};
756 print OPENSSL
" $cgiparams {'ROOTCERT_COUNTRY'} \n " ;
757 print OPENSSL
" $state \n " ;
758 print OPENSSL
" $city \n " ;
759 print OPENSSL
" $cgiparams {'ROOTCERT_ORGANIZATION'} \n " ;
760 print OPENSSL
" $ou \n " ;
761 print OPENSSL
" $cgiparams {'ROOTCERT_HOSTNAME'} \n " ;
762 print OPENSSL
" $cgiparams {'ROOTCERT_EMAIL'} \n " ;
767 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
768 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
769 unlink ( "${General::swroot}/ovpn/certs/serverreq.pem" );
773 unless ( exec ( '/usr/bin/openssl' , 'req' , '-nodes' , '-rand' , '/proc/interrupts:/proc/net/rt_cache' ,
774 '-newkey' , 'rsa:1024' ,
775 '-keyout' , "${General::swroot}/ovpn/certs/serverkey.pem" ,
776 '-out' , "${General::swroot}/ovpn/certs/serverreq.pem" ,
777 '-extensions' , 'server' ,
778 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
779 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
780 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
781 unlink ( "${General::swroot}/ovpn/certs/serverreq.pem" );
782 unlink ( "${General::swroot}/ovpn/ca/cakey.pem" );
783 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
788 # Sign the host certificate request
789 system ( '/usr/bin/openssl' , 'ca' , '-days' , '999999' ,
791 '-in' , "${General::swroot}/ovpn/certs/serverreq.pem" ,
792 '-out' , "${General::swroot}/ovpn/certs/servercert.pem" ,
793 '-extensions' , 'server' ,
794 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" );
796 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
797 unlink ( "${General::swroot}/ovpn/ca/cakey.pem" );
798 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
799 unlink ( "${General::swroot}/ovpn/serverkey.pem" );
800 unlink ( "${General::swroot}/ovpn/certs/serverreq.pem" );
801 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
802 & Ovpnfunc
:: newcleanssldatabase
();
805 unlink ( "${General::swroot}/ovpn/certs/serverreq.pem" );
806 & Ovpnfunc
:: deletebackupcert
();
809 # Create an empty CRL
810 system ( '/usr/bin/openssl' , 'ca' , '-gencrl' ,
811 '-out' , "${General::swroot}/ovpn/crls/cacrl.pem" ,
812 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" );
814 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
815 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
816 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
817 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
818 unlink ( "${General::swroot}/ovpn/crls/cacrl.pem" );
819 & Ovpnfunc
:: cleanssldatabase
();
822 # Create Diffie Hellmann Parameter
823 system ( '/usr/bin/openssl' , 'dhparam' , '-rand' , '/proc/interrupts:/proc/net/rt_cache' ,
824 '-out' , "${General::swroot}/ovpn/ca/dh1024.pem" ,
827 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
828 unlink ( "${General::swroot}/ovpn/certs/serverkey.pem" );
829 unlink ( "${General::swroot}/ovpn/certs/servercert.pem" );
830 unlink ( "${General::swroot}/ovpn/ca/cacert.pem" );
831 unlink ( "${General::swroot}/ovpn/crls/cacrl.pem" );
832 unlink ( "${General::swroot}/ovpn/ca/dh1024.pem" );
833 & Ovpnfunc
:: cleanssldatabase
();
836 goto ROOTCERT_SUCCESS
;
839 if ( $cgiparams { 'ACTION' } ne '' ) {
840 & Header
:: showhttpheaders
();
841 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
842 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
844 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
845 print "<class name='base'> $errormessage " ;
846 print " </class>" ;
849 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'generate root/host certificates'}:" );
851 <form method='post' enctype='multipart/form-data'>
852 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
853 <tr><td width='30%' class='base'> $Lang ::tr{'organization name'}:</td>
854 <td width='35%' class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_ORGANIZATION' value=' $cgiparams {'ROOTCERT_ORGANIZATION'}' size='32' /></td>
855 <td width='35%' colspan='2'> </td></tr>
856 <tr><td class='base'> $Lang ::tr{'ipfires hostname'}:</td>
857 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_HOSTNAME' value=' $cgiparams {'ROOTCERT_HOSTNAME'}' size='32' /></td>
858 <td colspan='2'> </td></tr>
859 <tr><td class='base'> $Lang ::tr{'your e-mail'}: <img src='/blob.gif' alt'*' /></td>
860 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_EMAIL' value=' $cgiparams {'ROOTCERT_EMAIL'}' size='32' /></td>
861 <td colspan='2'> </td></tr>
862 <tr><td class='base'> $Lang ::tr{'your department'}: <img src='/blob.gif' alt'*' /></td>
863 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_OU' value=' $cgiparams {'ROOTCERT_OU'}' size='32' /></td>
864 <td colspan='2'> </td></tr>
865 <tr><td class='base'> $Lang ::tr{'city'}: <img src='/blob.gif' alt'*' /></td>
866 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_CITY' value=' $cgiparams {'ROOTCERT_CITY'}' size='32' /></td>
867 <td colspan='2'> </td></tr>
868 <tr><td class='base'> $Lang ::tr{'state or province'}: <img src='/blob.gif' alt'*' /></td>
869 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_STATE' value=' $cgiparams {'ROOTCERT_STATE'}' size='32' /></td>
870 <td colspan='2'> </td></tr>
871 <tr><td class='base'> $Lang ::tr{'country'}:</td>
872 <td class='base'><select name='ROOTCERT_COUNTRY'>
876 foreach my $country ( sort keys %{ Countries
:: countries
}) {
877 print "<option value=' $Countries ::countries{ $country }'" ;
878 if ( $Countries :: countries
{ $country } eq $cgiparams { 'ROOTCERT_COUNTRY' } ) {
879 print " selected='selected'" ;
881 print "> $country </option>" ;
885 <td colspan='2'> </td></tr>
887 <td><input type='submit' name='ACTION' value=' $Lang ::tr{'generate root/host certificates'}' /></td>
888 <td> </td><td> </td></tr>
889 <tr><td class='base' colspan='4' align='left'>
890 <img src='/blob.gif' valign='top' alt='*' /> $Lang ::tr{'this field may be blank'}</td></tr>
891 <tr><td class='base' colspan='4' align='left'>
892 <b><font color='${Header::colourred}'> $Lang ::tr{'capswarning'}</font></b>:
893 $Lang ::tr{'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient'}
895 <tr><td colspan='4' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr>
896 <tr><td class='base' nowrap='nowrap'> $Lang ::tr{'upload p12 file'}:</td>
897 <td nowrap='nowrap'><input type='file' name='FH' size='32'></td>
898 <td colspan='2'> </td></tr>
899 <tr><td class='base'> $Lang ::tr{'pkcs12 file password'}: <img src='/blob.gif' alt='*' ></td>
900 <td class='base' nowrap='nowrap'><input type='password' name='P12_PASS' value=' $cgiparams {'P12_PASS'}' size='32' /></td>
901 <td colspan='2'> </td></tr>
903 <td><input type='submit' name='ACTION' value=' $Lang ::tr{'upload p12 file'}' /></td>
904 <td colspan='2'> </td></tr>
905 <tr><td class='base' colspan='4' align='left'>
906 <img src='/blob.gif' valign='top' al='*' > $Lang ::tr{'this field may be blank'}</td></tr>
912 & Header
:: closebigbox
();
913 & Header
:: closepage
();
918 system ( "chmod 600 ${General::swroot}/ovpn/certs/serverkey.pem" );
921 ### Enable/Disable connection
923 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'toggle enable disable' }) {
924 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
925 if ( $confighash { $cgiparams { 'KEY' }}) {
926 my $n2nactive = `/bin/ps ax|grep $confighash { $cgiparams {'KEY'}}[1].conf|grep -v grep|awk \' {print \ $1 } \' ` ;
927 if ( $confighash { $cgiparams { 'KEY' }}[ 0 ] eq 'off' ) {
928 $confighash { $cgiparams { 'KEY' }}[ 0 ] = 'on' ;
929 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
930 if ( $n2nactive eq '' ){
931 system ( '/usr/local/bin/openvpnctrl' , '-sn2n' , $confighash { $cgiparams { 'KEY' }}[ 1 ]);
933 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $n2nactive );
934 system ( '/usr/local/bin/openvpnctrl' , '-sn2n' , $confighash { $cgiparams { 'KEY' }}[ 1 ]);
937 $confighash { $cgiparams { 'KEY' }}[ 0 ] = 'off' ;
938 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
939 if ( $n2nactive ne '' ){
940 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $n2nactive );
944 $errormessage = $Lang :: tr
{ 'invalid key' };
948 ### Download OpenVPN client package
950 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'dl client arch' }) {
951 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
952 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
956 my $tempdir = tempdir
( CLEANUP
=> 1 );
957 my $zippath = " $tempdir /" ;
958 my $zipname = " $confighash { $cgiparams {'KEY'}}[1]-TO-IPFire.zip" ;
959 my $zippathname = " $zippath $zipname " ;
961 if ( $confighash { $cgiparams { 'KEY' }}[ 3 ] eq 'net' ){
962 $zerinaclient = 'true' ;
963 & Ovpnfunc
:: writenet2netconf
( $cgiparams { 'KEY' }, $zerinaclient );
966 $clientovpn = " $confighash { $cgiparams {'KEY'}}[1]-TO-IPFire.ovpn" ;
967 open ( CLIENTCONF
, "> $tempdir / $clientovpn " ) or die "Unable to open tempfile: $!" ;
970 my $zip = Archive
:: Zip
-> new ();
972 print CLIENTCONF
"#OpenVPN Server conf \r\n " ;
973 print CLIENTCONF
"tls-client \r\n " ;
974 print CLIENTCONF
"client \r\n " ;
975 print CLIENTCONF
"dev $vpnsettings {'DDEVICE'} \r\n " ;
976 print CLIENTCONF
"proto $vpnsettings {'DPROTOCOL'} \r\n " ;
977 print CLIENTCONF
" $vpnsettings {'DDEVICE'}-mtu $vpnsettings {'DMTU'} \r\n " ;
978 if ( $vpnsettings { 'ENABLED' } eq 'on' ){
979 print CLIENTCONF
"remote $vpnsettings {'VPN_IP'} $vpnsettings {'DDEST_PORT'} \r\n " ;
980 if ( $vpnsettings { 'ENABLED_BLUE' } eq 'on' && (& Ovpnfunc
:: haveBlueNet
())){
981 print CLIENTCONF
"#Coment the above line and uncoment the next line, if you want to connect on the Blue interface \r\n " ;
982 print CLIENTCONF
";remote $netsettings {'BLUE_ADDRESS'} $vpnsettings {'DDEST_PORT'} \r\n " ;
984 if ( $vpnsettings { 'ENABLED_ORANGE' } eq 'on' && (& Ovpnfunc
:: haveOrangeNet
())){
985 print CLIENTCONF
"#Coment the above line and uncoment the next line, if you want to connect on the Orange interface \r\n " ;
986 print CLIENTCONF
";remote $netsettings {'ORANGE_ADDRESS'} $vpnsettings {'DDEST_PORT'} \r\n " ;
988 } elsif ( $vpnsettings { 'ENABLED_BLUE' } eq 'on' && (& Ovpnfunc
:: haveBlueNet
())){
989 print CLIENTCONF
"remote $netsettings {'BLUE_ADDRESS'} $vpnsettings {'DDEST_PORT'} \r\n " ;
990 if ( $vpnsettings { 'ENABLED_ORANGE' } eq 'on' && (& Ovpnfunc
:: haveOrangeNet
())){
991 print CLIENTCONF
"#Coment the above line and uncoment the next line, if you want to connect on the Orange interface \r\n " ;
992 print CLIENTCONF
";remote $netsettings {'ORANGE_ADDRESS'} $vpnsettings {'DDEST_PORT'} \r\n " ;
994 } elsif ( $vpnsettings { 'ENABLED_ORANGE' } eq 'on' && (& Ovpnfunc
:: haveOrangeNet
())){
995 print CLIENTCONF
"remote $netsettings {'ORANGE_ADDRESS'} $vpnsettings {'DDEST_PORT'} \r\n " ;
998 if ( $confighash { $cgiparams { 'KEY' }}[ 4 ] eq 'cert' && - f
"${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1].p12" ) {
999 print CLIENTCONF
"pkcs12 $confighash { $cgiparams {'KEY'}}[1].p12 \r\n " ;
1000 $zip -> addFile ( "${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1].p12" , " $confighash { $cgiparams {'KEY'}}[1].p12" ) or die "Can't add file $confighash { $cgiparams {'KEY'}}[1].p12 \n " ;
1002 print CLIENTCONF
"ca cacert.pem \r\n " ;
1003 print CLIENTCONF
"cert $confighash { $cgiparams {'KEY'}}[1]cert.pem \r\n " ;
1004 print CLIENTCONF
"key $confighash { $cgiparams {'KEY'}}[1].key \r\n " ;
1005 $zip -> addFile ( "${General::swroot}/ovpn/ca/cacert.pem" , "cacert.pem" ) or die "Can't add file cacert.pem \n " ;
1006 $zip -> addFile ( "${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem" , " $confighash { $cgiparams {'KEY'}}[1]cert.pem" ) or die "Can't add file $confighash { $cgiparams {'KEY'}}[1]cert.pem \n " ;
1008 print CLIENTCONF
"cipher $vpnsettings {DCIPHER} \r\n " ;
1009 if ( $vpnsettings { DCOMPLZO
} eq 'on' ) {
1010 print CLIENTCONF
"comp-lzo \r\n " ;
1012 print CLIENTCONF
"verb 3 \r\n " ;
1013 print CLIENTCONF
"ns-cert-type server \r\n " ;
1015 $zip -> addFile ( " $tempdir / $clientovpn " , $clientovpn ) or die "Can't add file $clientovpn \n " ;
1016 my $status = $zip -> writeToFileNamed ( $zippathname );
1018 open ( DLFILE
, "< $zippathname " ) or die "Unable to open $zippathname : $!" ;
1019 @fileholder = < DLFILE
>;
1020 print "Content-Type:application/x-download \n " ;
1021 print "Content-Disposition:attachment;filename= $zipname \n\n " ;
1026 ### Remove connection
1028 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'remove' }) {
1029 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
1030 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1031 if ( $confighash { $cgiparams { 'KEY' }}) {
1032 if ( $confighash { $cgiparams { 'KEY' }}[ 19 ] eq 'yes' ) {
1033 & Ovpnfunc
:: killconnection
( $cgiparams { 'KEY' });
1034 & Ovpnfunc
:: removenet2netconf
( $cgiparams { 'KEY' });
1035 delete $confighash { $cgiparams { 'KEY' }};
1036 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1038 my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf` ;
1039 unlink ( "${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem" );
1040 unlink ( "${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1].p12" );
1041 & Ovpnfunc
:: killconnection
( $cgiparams { 'KEY' });
1042 & Ovpnfunc
:: removenet2netconf
( $cgiparams { 'KEY' });
1043 delete $confighash { $cgiparams { 'KEY' }};
1044 my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf` ;
1045 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1048 $errormessage = $Lang :: tr
{ 'invalid key' };
1051 ### Download PKCS12 file
1053 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'download pkcs12 file' }) {
1054 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1056 print "Content-Disposition: filename=" . $confighash { $cgiparams { 'KEY' }}[ 1 ] . ".p12 \r\n " ;
1057 print "Content-Type: application/octet-stream \r\n\r\n " ;
1058 print `/bin/cat ${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1].p12` ;
1062 ### Display certificate
1064 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'show certificate' }) {
1065 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1067 if ( - f
"${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem" ) {
1068 & Header
:: showhttpheaders
();
1069 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
1070 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
1071 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'certificate'}:" );
1072 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem` ;
1073 $output = & Header
:: cleanhtml
( $output , "y" );
1074 print "<pre> $output </pre> \n " ;
1075 & Header
:: closebox
();
1076 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'> $Lang ::tr{'back'}</a></div>" ;
1077 & Header
:: closebigbox
();
1078 & Header
:: closepage
();
1082 ### Display Certificate Revoke List
1084 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'show crl' }) {
1085 if ( - f
"${General::swroot}/ovpn/crls/cacrl.pem" ) {
1086 & Header
:: showhttpheaders
();
1087 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
1088 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
1089 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'crl'}:" );
1090 my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem` ;
1091 $output = & Header
:: cleanhtml
( $output , "y" );
1092 print "<pre> $output </pre> \n " ;
1093 & Header
:: closebox
();
1094 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'> $Lang ::tr{'back'}</a></div>" ;
1095 & Header
:: closebigbox
();
1096 & Header
:: closepage
();
1101 ### Advanced Server Settings
1104 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'advanced server' }) {
1108 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%cgiparams );
1111 if ( $cgiparams { 'MAX_CLIENTS' } eq '' ) {
1112 $cgiparams { 'MAX_CLIENTS' } = '100' ;
1115 if ( $cgiparams { 'KEEPALIVE_1' } eq '' ) {
1116 $cgiparams { 'KEEPALIVE_1' } = '10' ;
1118 if ( $cgiparams { 'KEEPALIVE_2' } eq '' ) {
1119 $cgiparams { 'KEEPALIVE_2' } = '60' ;
1121 if ( $cgiparams { 'LOG_VERB' } eq '' ) {
1122 $cgiparams { 'LOG_VERB' } = '3' ;
1124 if ( $cgiparams { 'EXTENDED_NICE' } eq '' ) {
1125 $cgiparams { 'EXTENDED_NICE' } = '0' ;
1127 $checked { 'CLIENT2CLIENT' }{ 'off' } = '' ;
1128 $checked { 'CLIENT2CLIENT' }{ 'on' } = '' ;
1129 $checked { 'CLIENT2CLIENT' }{ $cgiparams { 'CLIENT2CLIENT' }} = 'CHECKED' ;
1130 $checked { 'REDIRECT_GW_DEF1' }{ 'off' } = '' ;
1131 $checked { 'REDIRECT_GW_DEF1' }{ 'on' } = '' ;
1132 $checked { 'REDIRECT_GW_DEF1' }{ $cgiparams { 'REDIRECT_GW_DEF1' }} = 'CHECKED' ;
1133 $selected { 'LOG_VERB' }{ '1' } = '' ;
1134 $selected { 'LOG_VERB' }{ '2' } = '' ;
1135 $selected { 'LOG_VERB' }{ '3' } = '' ;
1136 $selected { 'LOG_VERB' }{ '4' } = '' ;
1137 $selected { 'LOG_VERB' }{ '5' } = '' ;
1138 $selected { 'LOG_VERB' }{ '6' } = '' ;
1139 $selected { 'LOG_VERB' }{ '7' } = '' ;
1140 $selected { 'LOG_VERB' }{ '8' } = '' ;
1141 $selected { 'LOG_VERB' }{ '9' } = '' ;
1142 $selected { 'LOG_VERB' }{ '10' } = '' ;
1143 $selected { 'LOG_VERB' }{ '11' } = '' ;
1144 $selected { 'LOG_VERB' }{ '0' } = '' ;
1145 $selected { 'LOG_VERB' }{ $cgiparams { 'LOG_VERB' }} = 'SELECTED' ;
1147 #################################################################################
1148 # Added by Philipp Jenni #
1150 # Contact: philipp.jenni-at-gmx.ch #
1151 # Date: 2006-04-22 #
1152 # Description: Definitions to set the FASTIO Checkbox #
1153 # Definitions to set the MTUDISC Checkbox #
1154 # Definitions to set the NICE Selectionbox #
1155 #################################################################################
1156 $checked { 'EXTENDED_FASTIO' }{ 'off' } = '' ;
1157 $checked { 'EXTENDED_FASTIO' }{ 'on' } = '' ;
1158 $checked { 'EXTENDED_FASTIO' }{ $cgiparams { 'EXTENDED_FASTIO' }} = 'CHECKED' ;
1159 $checked { 'EXTENDED_MTUDISC' }{ 'off' } = '' ;
1160 $checked { 'EXTENDED_MTUDISC' }{ 'on' } = '' ;
1161 $checked { 'EXTENDED_MTUDISC' }{ $cgiparams { 'EXTENDED_MTUDISC' }} = 'CHECKED' ;
1162 $selected { 'EXTENDED_NICE' }{ '-13' } = '' ;
1163 $selected { 'EXTENDED_NICE' }{ '-10' } = '' ;
1164 $selected { 'EXTENDED_NICE' }{ '-7' } = '' ;
1165 $selected { 'EXTENDED_NICE' }{ '-3' } = '' ;
1166 $selected { 'EXTENDED_NICE' }{ '0' } = '' ;
1167 $selected { 'EXTENDED_NICE' }{ '3' } = '' ;
1168 $selected { 'EXTENDED_NICE' }{ '7' } = '' ;
1169 $selected { 'EXTENDED_NICE' }{ '10' } = '' ;
1170 $selected { 'EXTENDED_NICE' }{ '13' } = '' ;
1171 $selected { 'EXTENDED_NICE' }{ $cgiparams { 'EXTENDED_NICE' }} = 'SELECTED' ;
1172 #################################################################################
1173 # End of inserted Data #
1174 #################################################################################
1176 & Header
:: showhttpheaders
();
1177 & Header
:: openpage
( $Lang :: tr
{ 'status ovpn' }, 1 , '' );
1178 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
1179 if ( $errormessage ) {
1180 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
1181 print "<class name='base'> $errormessage \n " ;
1182 print " </class> \n " ;
1183 & Header
:: closebox
();
1185 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'advanced server' });
1187 <form method='post' enctype='multipart/form-data'>
1188 <table width='100%'>
1190 <td colspan='4'><b> $Lang ::tr{'dhcp-options'}</b></td>
1193 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1196 <td class='base'>Domain</td>
1197 <td><input type='TEXT' name='DHCP_DOMAIN' value=' $cgiparams {'DHCP_DOMAIN'}' size='30' /></td>
1200 <td class='base'>DNS</td>
1201 <td><input type='TEXT' name='DHCP_DNS' value=' $cgiparams {'DHCP_DNS'}' size='30' /></td>
1204 <td class='base'>WINS</td>
1205 <td><input type='TEXT' name='DHCP_WINS' value=' $cgiparams {'DHCP_WINS'}' size='30' /></td>
1209 <!-- Additional push route START-->
1210 <table width='100%'>
1212 <td colspan='4'><b> $Lang ::tr{'add-route'}</b></td>
1215 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
1218 <td class='base'> $Lang ::tr{'subnet'} 1</td>
1219 <td><input type='TEXT' name='AD_ROUTE1' value=' $cgiparams {'AD_ROUTE1'}' size='30' /></td>
1222 <td class='base'> $Lang ::tr{'subnet'} 2</td>
1223 <td><input type='TEXT' name='AD_ROUTE2' value=' $cgiparams {'AD_ROUTE2'}' size='30' /></td>
1226 <td class='base'> $Lang ::tr{'subnet'} 3</td>
1227 <td><input type='TEXT' name='AD_ROUTE3' value=' $cgiparams {'AD_ROUTE3'}' size='30' /></td>
1231 <!-- Additional push route END -->
1232 < table width
= '100%' >
1234 < td
class 'base' >< b
> $Lang :: tr
{ 'misc-options' }< /b></ td
>
1237 < td width
= '25%' >< /td> <td width='20%'> </ td
>< td width
= '25%' > < /td><td width='30%'></ td
>
1240 < td
class = 'base' > Client
- To
- Client
</ td
>
1241 < td
>< input type
= 'checkbox' name
= 'CLIENT2CLIENT' $checked { 'CLIENT2CLIENT' }{ 'on' } /></ td
>
1244 < td
class = 'base' > Redirect
- Gateway def1
</ td
>
1245 < td
>< input type
= 'checkbox' name
= 'REDIRECT_GW_DEF1' $checked { 'REDIRECT_GW_DEF1' }{ 'on' } /></ td
>
1248 < td
class = 'base' > Max
- Clients
</ td
>
1249 < td
>< input type
= 'text' name
= 'MAX_CLIENTS' value
= ' $cgiparams {' MAX_CLIENTS
'}' size
= '30' /></ td
>
1251 < td
class = 'base' > Keppalive
( ping
/ping-restart)</ td
>
1252 < td
>< input type
= 'TEXT' name
= 'KEEPALIVE_1' value
= ' $cgiparams {' KEEPALIVE_1
'}' size
= '30' /></ td
>
1253 < td
>< input type
= 'TEXT' name
= 'KEEPALIVE_2' value
= ' $cgiparams {' KEEPALIVE_2
'}' size
= '30' /></ td
>
1257 #################################################################################
1258 # Added by Philipp Jenni #
1260 # Contact: philipp.jenni-at-gmx.ch #
1261 # Date: 2006-04-22 #
1262 # Description: Add the FAST-IO Checkbox to the HTML Form #
1263 # Add the NICE Selectionbox to the HTML Form #
1264 # Add the MTU-DISC Checkbox to the HTML Form #
1265 # Add the MSSFIX Textbox to the HTML Form #
1266 # Add the FRAMGMENT Textbox to the HTML Form #
1268 # 2006-04-27 Include Multilanguage-Support #
1269 #################################################################################
1273 < td
class = 'base' > $Lang :: tr
{ 'ovpn_processprio' }</ td
>
1275 < select name
= 'EXTENDED_NICE' >
1276 < option value
= '-13' $selected { 'EXTENDED_NICE' }{ '-13' }> $Lang :: tr
{ 'ovpn_processprioEH' }</ option
>
1277 < option value
= '-10' $selected { 'EXTENDED_NICE' }{ '-10' }> $Lang :: tr
{ 'ovpn_processprioVH' }</ option
>
1278 < option value
= '-7' $selected { 'EXTENDED_NICE' }{ '-7' }> $Lang :: tr
{ 'ovpn_processprioH' }</ option
>
1279 < option value
= '-3' $selected { 'EXTENDED_NICE' }{ '-3' }> $Lang :: tr
{ 'ovpn_processprioEN' }</ option
>
1280 < option value
= '0' $selected { 'EXTENDED_NICE' }{ '0' }> $Lang :: tr
{ 'ovpn_processprioN' }</ option
>
1281 < option value
= '3' $selected { 'EXTENDED_NICE' }{ '3' }> $Lang :: tr
{ 'ovpn_processprioLN' }</ option
>
1282 < option value
= '7' $selected { 'EXTENDED_NICE' }{ '7' }> $Lang :: tr
{ 'ovpn_processprioD' }</ option
>
1283 < option value
= '10' $selected { 'EXTENDED_NICE' }{ '10' }> $Lang :: tr
{ 'ovpn_processprioVD' }</ option
>
1284 < option value
= '13' $selected { 'EXTENDED_NICE' }{ '13' }> $Lang :: tr
{ 'ovpn_processprioED' }</ option
>
1289 < td
class = 'base' > $Lang :: tr
{ 'ovpn_fastio' }</ td
>
1291 < input type
= 'checkbox' name
= 'EXTENDED_FASTIO' $checked { 'EXTENDED_FASTIO' }{ 'on' } />
1295 < td
class = 'base' > $Lang :: tr
{ 'ovpn_mtudisc' }</ td
>
1297 < input type
= 'checkbox' name
= 'EXTENDED_MTUDISC' $checked { 'EXTENDED_MTUDISC' }{ 'on' } />
1301 < td
class = 'base' > $Lang :: tr
{ 'ovpn_mssfix' }</ td
>
1303 < input type
= 'TEXT' name
= 'EXTENDED_MSSFIX' value
= ' $cgiparams {' EXTENDED_MSSFIX
'}' size
= '30' />
1307 < td
class = 'base' > $Lang :: tr
{ 'ovpn_fragment' }</ td
>
1309 < input type
= 'TEXT' name
= 'EXTENDED_FRAGMENT' value
= ' $cgiparams {' EXTENDED_FRAGMENT
'}' size
= '30' />
1314 #################################################################################
1315 # End of Inserted Data #
1316 #################################################################################
1322 < table width
= '100%' >
1324 < td
class 'base' >< b
> $Lang :: tr
{ 'log-options' }< /b></ td
>
1327 < td width
= '25%' >< /td> <td width='20%'> </ td
>< td width
= '25%' > < /td><td width='30%'></ td
>
1330 < tr
>< td
class = 'base' > VERB
</ td
>
1331 < td
>< select name
= 'LOG_VERB' >< option value
= '1' $selected { 'LOG_VERB' }{ '1' }> 1 </ option
>
1332 < option value
= '2' $selected { 'LOG_VERB' }{ '2' }> 2 </ option
>
1333 < option value
= '3' $selected { 'LOG_VERB' }{ '3' }> 3 </ option
>
1334 < option value
= '4' $selected { 'LOG_VERB' }{ '4' }> 4 </ option
>
1335 < option value
= '5' $selected { 'LOG_VERB' }{ '5' }> 5 </ option
>
1336 < option value
= '6' $selected { 'LOG_VERB' }{ '6' }> 6 </ option
>
1337 < option value
= '7' $selected { 'LOG_VERB' }{ '7' }> 7 </ option
>
1338 < option value
= '8' $selected { 'LOG_VERB' }{ '8' }> 8 </ option
>
1339 < option value
= '9' $selected { 'LOG_VERB' }{ '9' }> 9 </ option
>
1340 < option value
= '10' $selected { 'LOG_VERB' }{ '10' }> 10 </ option
>
1341 < option value
= '11' $selected { 'LOG_VERB' }{ '11' }> 11 </ option
>
1342 < option value
= '0' $selected { 'LOG_VERB' }{ '0' }> 0 < /option></s elect
></ td
>
1344 #################################################################################
1345 # Added by Philipp Jenni #
1347 # Contact: philipp.jenni-at-gmx.ch #
1348 # Date: 2006-04-22 #
1349 # Description: Required </TR> Command from this Table #
1350 #################################################################################
1354 #################################################################################
1355 # End of Inserted Data #
1356 #################################################################################
1361 < table width
= '100%' >
1364 < td allign
= 'center' >< input type
= 'submit' name
= 'ACTION' value
= ' $Lang ::tr{' save
- adv
- options
'}' /></ td
>
1365 < td allign
= 'center' >< input type
= 'submit' name
= 'ACTION' value
= ' $Lang ::tr{' cancel
- adv
- options
'}' /></ td
>
1373 & Header
:: closebox
();
1374 & Header
:: closebigbox
();
1375 & Header
:: closepage
();
1379 ### Openvpn Connections Statistics
1381 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'ovpn con stat' }) {
1382 & Header
:: showhttpheaders
();
1383 & Header
:: openpage
( $Lang :: tr
{ 'ovpn con stat' }, 1 , '' );
1384 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
1385 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'ovpn con stat' });
1388 # <td><b>$Lang::tr{'protocol'}</b></td>
1389 # protocol temp removed
1391 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
1393 <td><b> $Lang ::tr{'common name'}</b></td>
1394 <td><b> $Lang ::tr{'real address'}</b></td>
1395 <td><b> $Lang ::tr{'virtual address'}</b></td>
1396 <td><b> $Lang ::tr{'loged in at'}</b></td>
1397 <td><b> $Lang ::tr{'bytes sent'}</b></td>
1398 <td><b> $Lang ::tr{'bytes received'}</b></td>
1399 <td><b> $Lang ::tr{'last activity'}</b></td>
1403 my $filename = "/var/log/ovpnserver.log" ;
1404 open ( FILE
, $filename ) or die 'Unable to open config file.' ;
1405 my @current = < FILE
>;
1414 my %userlookup = ();
1415 foreach my $line ( @current )
1418 if ( $line =~ /^Updated,(.+)/ ){
1419 @match = split ( /^Updated,(.+)/ , $line );
1420 $status = $match [ 1 ];
1422 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/ ) {
1423 @match = split ( m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/ , $line );
1424 if ( $match [ 1 ] ne "Common Name" ) {
1426 $userlookup { $match [ 2 ]} = $uid ;
1427 $users [ $uid ]{ 'CommonName' } = $match [ 1 ];
1428 $users [ $uid ]{ 'RealAddress' } = $match [ 2 ];
1429 $users [ $uid ]{ 'BytesReceived' } = & Ovpnfunc
:: sizeformat
( $match [ 3 ]);
1430 $users [ $uid ]{ 'BytesSent' } = & Ovpnfunc
:: sizeformat
( $match [ 4 ]);
1431 $users [ $uid ]{ 'Since' } = $match [ 5 ];
1432 $users [ $uid ]{ 'Proto' } = $proto ;
1436 if ( $line =~ /^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/ ) {
1437 @match = split ( m/^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/ , $line );
1438 if ( $match [ 1 ] ne "Virtual Address" ) {
1439 $address = $match [ 3 ];
1440 #find the uid in the lookup table
1441 $uid = $userlookup { $address };
1442 $users [ $uid ]{ 'VirtualAddress' } = $match [ 1 ];
1443 $users [ $uid ]{ 'LastRef' } = $match [ 4 ];
1449 for ( my $idx = 1 ; $idx <= $user2 ; $idx ++){
1451 print "<tr bgcolor='${Header::table1colour}'> \n " ;
1453 print "<tr bgcolor='${Header::table2colour}'> \n " ;
1455 print "<td align='left'> $users [ $idx -1]{'CommonName'}</td>" ;
1456 print "<td align='left'> $users [ $idx -1]{'RealAddress'}</td>" ;
1457 print "<td align='left'> $users [ $idx -1]{'VirtualAddress'}</td>" ;
1458 print "<td align='left'> $users [ $idx -1]{'Since'}</td>" ;
1459 print "<td align='left'> $users [ $idx -1]{'BytesSent'}</td>" ;
1460 print "<td align='left'> $users [ $idx -1]{'BytesReceived'}</td>" ;
1461 print "<td align='left'> $users [ $idx -1]{'LastRef'}</td>" ;
1462 # print "<td align='left'>$users[$idx-1]{'Proto'}</td>";
1468 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
1473 <tr><td align='center' > $Lang ::tr{'the statistics were last updated at'} <b> $status </b></td></tr>
1477 & Header
:: closebox
();
1478 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'> $Lang ::tr{'back'}</a></div>" ;
1479 & Header
:: closebigbox
();
1480 & Header
:: closepage
();
1484 ### Download Certificate
1486 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'download certificate' }) {
1487 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1488 if ( - f
"${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem" ) {
1489 print "Content-Disposition: filename=" . $confighash { $cgiparams { 'KEY' }}[ 1 ] . "cert.pem \r\n " ;
1490 print "Content-Type: application/octet-stream \r\n\r\n " ;
1491 print `/bin/cat ${General::swroot}/ovpn/certs/ $confighash { $cgiparams {'KEY'}}[1]cert.pem` ;
1496 ### Restart connection
1498 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'restart' }) {
1499 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
1500 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1502 if ( $confighash { $cgiparams { 'KEY' }}) {
1504 $errormessage = $Lang :: tr
{ 'invalid key' };
1508 ### Choose between adding a host-net or net-net connection
1510 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'add' } && $cgiparams { 'TYPE' } eq '' ) {
1511 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
1512 & Header
:: showhttpheaders
();
1513 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
1514 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , '' );
1515 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'connection type' });
1517 <b> $Lang ::tr{'connection type'}:</b><br />
1518 <table><form method='post' enctype='multipart/form-data'>
1519 <tr><td><input type='radio' name='TYPE' value='host' checked /></td>
1520 <td class='base'> $Lang ::tr{'host to net vpn'}</td></tr>
1521 <tr><td><input type='radio' name='TYPE' value='net' /></td>
1522 <td class='base'> $Lang ::tr{'net to net vpn'}</td></tr>
1523 <tr><td><input type='radio' name='TYPE' value='zerinan2n' /></td>
1524 <td class='base'>upload a ZERINA Net-to-Net package</td>
1525 <td class='base'><input type='file' name='FH' size='30'></td></tr>
1526 <tr><td align='center'><input type='submit' name='ACTION' value=' $Lang ::tr{'add'}' /></td></tr>
1530 & Header
:: closebox
();
1531 & Header
:: closebigbox
();
1532 & Header
:: closepage
();
1536 ### uploading a ZERINA n2n connection package
1538 } elsif (( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'add' }) && ( $cgiparams { 'TYPE' } eq 'zerinan2n' )){
1541 my $uplconffilename = '' ;
1542 my $uplp12name = '' ;
1543 my $complzoactive = '' ;
1548 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1549 # Move uploaded ZERINA n2n package to a temporary file
1550 if ( ref ( $cgiparams { 'FH' }) ne 'Fh' ) {
1551 $errormessage = $Lang :: tr
{ 'there was no file upload' };
1554 # Move uploaded ca to a temporary file
1555 ( my $fh , my $filename ) = tempfile
( );
1556 if ( copy
( $cgiparams { 'FH' }, $fh ) != 1 ) {
1561 my $zip = Archive
:: Zip
-> new ();
1562 my $zipName = $filename ;
1563 my $status = $zip -> read ( $zipName );
1564 if ( $status != AZ_OK
) {
1565 $errormessage = "Read of $zipName failed \n " ;
1568 #my $tempdir = tempdir( CLEANUP => 1 );
1569 my $tempdir = tempdir
();
1570 my @files = $zip -> memberNames ();
1572 $zip -> extractMemberWithoutPaths ( $_ , " $tempdir / $_ " );
1574 my $countfiles = @files ;
1575 # see if we have 2 files
1576 if ( $countfiles == 2 ){
1578 if ( $_ =~ /.conf$/ ){
1579 $uplconffilename = $_ ;
1581 if ( $_ =~ /.p12$/ ){
1585 if (( $uplconffilename eq '' ) || ( $uplp12name eq '' )){
1586 $errormessage = "Either no *.conf or no *.p12 file found \n " ;
1589 open ( FILE
, " $tempdir / $uplconffilename " ) or die 'Unable to open*.conf file' ;
1590 @zerinaconf = < FILE
>;
1594 # only 2 files are allowed
1595 $errormessage = "Filecount does not match only 2 files are allowed \n " ;
1598 #prepare imported data not elegant, will be changed later
1599 my $ufuk = ( @zerinaconf );
1600 push ( @confdetails , substr ( $zerinaconf [ 0 ], 4 )); #dev tun 0
1601 push ( @confdetails , substr ( $zerinaconf [ 1 ], 8 )); #mtu value 1
1602 push ( @confdetails , substr ( $zerinaconf [ 2 ], 6 )); #protocol 2
1603 push ( @confdetails , substr ( $zerinaconf [ 3 ], 5 )); #port 3
1604 push ( @confdetails , substr ( $zerinaconf [ 4 ], 9 )); #ovpn subnet 4
1605 push ( @confdetails , substr ( $zerinaconf [ 5 ], 7 )); #remote ip 5
1606 push ( @confdetails , $zerinaconf [ 6 ]); #tls-server/tls-client 6
1607 push ( @confdetails , substr ( $zerinaconf [ 7 ], 7 )); #pkcs12 name 7
1608 push ( @confdetails , substr ( $zerinaconf [ $ufuk - 1 ], 1 )); #remote subnet 8
1609 push ( @confdetails , substr ( $zerinaconf [ 9 ], 10 )); #keepalive 9
1610 push ( @confdetails , substr ( $zerinaconf [ 10 ], 7 )); #cipher 10
1612 push ( @confdetails , $zerinaconf [ $ufuk - 3 ]); #complzo 11
1613 $complzoactive = "on" ;
1615 $complzoactive = "off" ;
1617 push ( @confdetails , substr ( $zerinaconf [ $ufuk - 2 ], 5 )); #verb 12
1618 push ( @confdetails , substr ( $zerinaconf [ 8 ], 6 )); #localsubnet 13
1619 #push(@confdetails, substr($uplconffilename,0,-5));#connection Name 14
1620 push ( @confdetails , substr ( $uplp12name , 0 ,- 4 )); #connection Name 14
1621 #chomp(@confdetails);
1622 foreach my $dkey ( keys %confighash ) { #Check if there is no other entry with this name
1623 if ( $confighash { $dkey }[ 1 ] eq $confdetails [ $ufuk ]) {
1624 $errormessage = $Lang :: tr
{ 'a connection with this name already exists' };
1628 if ( $confdetails [ $ufuk ] eq 'server' ) {
1629 $errormessage = $Lang :: tr
{ 'server reserved' };
1632 @rem_subnet2 = split ( / / , $confdetails [ 4 ]);
1633 @tmposupnet3 = split /\./ , $rem_subnet2 [ 0 ];
1634 $errormessage = & Ovpnfunc
:: ovelapplausi
( " $tmposupnet3 [0]. $tmposupnet3 [1]. $tmposupnet3 [2].0" , "255.255.255.0" );
1635 if ( $errormessage ne '' ){
1639 $key = & General
:: findhasharraykey
( \
%confighash );
1640 foreach my $i ( 0 .. 42 ) { $confighash { $key }[ $i ] = "" ;}
1641 $confighash { $key }[ 0 ] = 'off' ;
1642 $confighash { $key }[ 1 ] = $confdetails [ $ufuk ];
1643 #$confighash{$key}[2] = $confdetails[7];
1644 $confighash { $key }[ 2 ] = $confdetails [ $ufuk ];
1645 $confighash { $key }[ 3 ] = 'net' ;
1646 $confighash { $key }[ 4 ] = 'cert' ;
1647 $confighash { $key }[ 6 ] = 'client' ;
1648 $confighash { $key }[ 8 ] = $confdetails [ 8 ];
1649 @rem_subnet = split ( / / , $confdetails [ $ufuk - 1 ]);
1650 $confighash { $key }[ 11 ] = " $rem_subnet [0]/ $rem_subnet [1]" ;
1651 $confighash { $key }[ 10 ] = $confdetails [ 5 ];
1652 $confighash { $key }[ 25 ] = 'imported' ;
1653 $confighash { $key }[ 12 ] = 'red' ;
1654 my @tmposupnet = split ( / / , $confdetails [ 4 ]);
1655 my @tmposupnet2 = split /\./ , $tmposupnet [ 0 ];
1656 $confighash { $key }[ 13 ] = " $tmposupnet2 [0]. $tmposupnet2 [1]. $tmposupnet2 [2].0/255.255.255.0" ;
1657 $confighash { $key }[ 14 ] = $confdetails [ 2 ];
1658 $confighash { $key }[ 15 ] = $confdetails [ 3 ];
1659 $confighash { $key }[ 16 ] = $complzoactive ;
1660 $confighash { $key }[ 17 ] = $confdetails [ 1 ];
1661 $confighash { $key }[ 18 ] = '' ; # nn2nvpn_ip
1662 $confighash { $key }[ 19 ] = 'yes' ; # nn2nvpn_ip
1663 $cgiparams { 'KEY' } = $key ;
1664 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1665 mkdir ( "${General::swroot}/ovpn/n2nconf/ $confdetails [14]" , 0770 );
1666 move
( " $tempdir / $uplconffilename " , "${General::swroot}/ovpn/n2nconf/ $confdetails [14]/ $uplconffilename " );
1668 $errormessage = "*.conf move failed: $!" ;
1672 move
( " $tempdir / $uplp12name " , "${General::swroot}/ovpn/n2nconf/ $confdetails [14]/ $uplp12name " );
1674 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
1680 & Header
:: showhttpheaders
();
1681 & Header
:: openpage
( 'Validate imported configuration' , 1 , '' );
1682 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
1683 if ( $errormessage ) {
1684 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
1685 print "<class name='base'> $errormessage " ;
1686 print " </class>" ;
1687 & Header
:: closebox
();
1689 & Header
:: openbox
( '100%' , 'LEFT' , 'Validate imported configuration' );
1691 if ( $errormessage eq '' ){
1693 <!-- net2net config gui -->
1694 <tr><td width='25%'> </td>
1695 <td width='25%'> </td></tr>
1696 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'name'}:</td>
1697 <td><b> $confdetails [ $ufuk ]</b></td></tr>
1698 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'Act as'}</td>
1699 <td><b> $confdetails [6]</b></td>
1700 <td class='boldbase'> $Lang ::tr{'remote host/ip'}:</td>
1701 <td><b> $confdetails [5]</b></td></tr>
1702 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'local subnet'}</td>
1703 <td><b> $confighash { $key }[8]</b></td>
1704 <td class='boldbase' nowrap='nowrap'> $Lang ::tr{'remote subnet'}</td>
1705 <td><b> $confighash { $key }[11]</b></td></tr>
1706 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'ovpn subnet'}</td>
1707 <td><b> $confighash { $key }[ $ufuk -1]</b></td></tr>
1708 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'protocol'}</td>
1709 <td><b> $confdetails [2]</b></td>
1710 <td class='boldbase'> $Lang ::tr{'destination port'}:</td>
1711 <td><b> $confdetails [3]</b></td></tr>
1712 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'comp-lzo'}</td>
1713 <td><b> $complzoactive </b></td>
1714 <td class='boldbase'> $Lang ::tr{'cipher'}</td>
1715 <td><b> $confdetails [10]</b></td></tr>
1716 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'MTU'} <img src='/blob.gif' /></td>
1717 <td><b> $confdetails [1]</b></td></tr>
1721 & Header
:: closebox
();
1723 if ( $errormessage ) {
1724 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'> $Lang ::tr{'back'}</a></div>" ;
1726 print "<div align='center'><form method='post' enctype='multipart/form-data'><input type='submit' name='ACTION' value='Approved' />" ;
1727 print "<input type='hidden' name='TYPE' value='zerinan2n' />" ;
1728 print "<input type='hidden' name='KEY' value=' $cgiparams {'KEY'}' />" ;
1729 print "<input type='submit' name='ACTION' value='Discard' /></div></form>" ;
1731 & Header
:: closebigbox
();
1732 & Header
:: closepage
();
1736 ### Approve Zerina n2n
1738 } elsif (( $cgiparams { 'ACTION' } eq 'Approved' ) && ( $cgiparams { 'TYPE' } eq 'zerinan2n' )){
1739 & Ovpnfunc
:: writenet2netconf
( $cgiparams { 'KEY' }, $zerinaclient );
1741 ### Discard Zerina n2n
1743 } elsif (( $cgiparams { 'ACTION' } eq 'Discard' ) && ( $cgiparams { 'TYPE' } eq 'zerinan2n' )){
1744 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
1745 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1747 if ( $confighash { $cgiparams { 'KEY' }}) {
1748 & Ovpnfunc
:: removenet2netconf
();
1749 delete $confighash { $cgiparams { 'KEY' }};
1750 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1752 $errormessage = $Lang :: tr
{ 'invalid key' };
1755 ### Adding a new connection
1757 } elsif (( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'add' }) ||
1758 ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'edit' }) ||
1759 ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' } && $cgiparams { 'ADVANCED' } eq '' )) {
1761 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
1762 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
1763 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
1765 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'edit' }) {
1766 if (! $confighash { $cgiparams { 'KEY' }}[ 0 ]) {
1767 $errormessage = $Lang :: tr
{ 'invalid key' };
1770 $cgiparams { 'ENABLED' } = $confighash { $cgiparams { 'KEY' }}[ 0 ];
1771 $cgiparams { 'NAME' } = $confighash { $cgiparams { 'KEY' }}[ 1 ];
1772 $cgiparams { 'TYPE' } = $confighash { $cgiparams { 'KEY' }}[ 3 ];
1773 $cgiparams { 'AUTH' } = $confighash { $cgiparams { 'KEY' }}[ 4 ];
1774 $cgiparams { 'PSK' } = $confighash { $cgiparams { 'KEY' }}[ 5 ];
1775 $cgiparams { 'SIDE' } = $confighash { $cgiparams { 'KEY' }}[ 6 ];
1776 $cgiparams { 'LOCAL_SUBNET' } = $confighash { $cgiparams { 'KEY' }}[ 8 ];
1777 $cgiparams { 'REMOTE' } = $confighash { $cgiparams { 'KEY' }}[ 10 ];
1778 $cgiparams { 'REMOTE_SUBNET' } = $confighash { $cgiparams { 'KEY' }}[ 11 ];
1779 $cgiparams { 'REMARK' } = $confighash { $cgiparams { 'KEY' }}[ 25 ];
1780 $cgiparams { 'INTERFACE' } = $confighash { $cgiparams { 'KEY' }}[ 12 ];
1781 $cgiparams { 'OVPN_SUBNET' } = $confighash { $cgiparams { 'KEY' }}[ 13 ]; #new fields
1782 $cgiparams { 'PROTOCOL' } = $confighash { $cgiparams { 'KEY' }}[ 14 ];
1783 $cgiparams { 'DEST_PORT' } = $confighash { $cgiparams { 'KEY' }}[ 15 ];
1784 $cgiparams { 'COMPLZO' } = $confighash { $cgiparams { 'KEY' }}[ 16 ];
1785 $cgiparams { 'MTU' } = $confighash { $cgiparams { 'KEY' }}[ 17 ];
1786 $cgiparams { 'N2NVPN_IP' } = $confighash { $cgiparams { 'KEY' }}[ 18 ]; #new fields
1787 $cgiparams { 'ZERINA_CLIENT' } = $confighash { $cgiparams { 'KEY' }}[ 19 ]; #new fields
1788 $cgiparams { 'CIPHER' } = $confighash { $cgiparams { 'KEY' }}[ 20 ]; #new fields
1789 if ( $cgiparams { 'ZERINA_CLIENT' } eq '' ){
1790 $cgiparams { 'ZERINA_CLIENT' } = 'no' ;
1792 } elsif ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' }) { #ab hiere error uebernehmen
1793 $cgiparams { 'REMARK' } = & Header
:: cleanhtml
( $cgiparams { 'REMARK' });
1795 if ( $cgiparams { 'TYPE' } !~ /^(host|net)$/ ) {
1796 $errormessage = $Lang :: tr
{ 'connection type is invalid' };
1799 if ( $cgiparams { 'NAME' } !~ /^[a-zA-Z0-9]+$/ ) {
1800 $errormessage = $Lang :: tr
{ 'name must only contain characters' };
1803 if ( $cgiparams { 'NAME' } =~ /^(host|01|block|private|clear|packetdefault|server)$/ ) {
1804 $errormessage = $Lang :: tr
{ 'name is invalid' };
1807 if ( length ( $cgiparams { 'NAME' }) > 60 ) {
1808 $errormessage = $Lang :: tr
{ 'name too long' };
1811 if (! $cgiparams { 'KEY' }) { # Check if there is no other entry with this name
1812 foreach my $key ( keys %confighash ) {
1813 if ( $confighash { $key }[ 1 ] eq $cgiparams { 'NAME' }) {
1814 $errormessage = $Lang :: tr
{ 'a connection with this name already exists' };
1819 if (( $cgiparams { 'TYPE' } eq 'net' ) && (! $cgiparams { 'REMOTE' })) {
1820 $errormessage = $Lang :: tr
{ 'invalid input for remote host/ip' };
1823 if ( $cgiparams { 'REMOTE' }) {
1824 if (! & General
:: validip
( $cgiparams { 'REMOTE' })) {
1825 if (! & General
:: validfqdn
( $cgiparams { 'REMOTE' })) {
1826 $errormessage = $Lang :: tr
{ 'invalid input for remote host/ip' };
1829 if (& Ovpnfunc
:: valid_dns_host
( $cgiparams { 'REMOTE' })) {
1830 $warnmessage = " $Lang ::tr{'check vpn lr'} $cgiparams {'REMOTE'}. $Lang ::tr{'dns check failed'}" ;
1835 if ( $cgiparams { 'TYPE' } ne 'host' ) {
1836 unless (& General
:: validipandmask
( $cgiparams { 'LOCAL_SUBNET' })) {
1837 $errormessage = $Lang :: tr
{ 'local subnet is invalid' };
1842 my @tmpovpnsubnet = split ( "\/" , $cgiparams { 'LOCAL_SUBNET' });
1843 $tmpovpnsubnet [ 1 ] = & Ovpnfunc
:: cidrormask
( $tmpovpnsubnet [ 1 ]);
1844 $cgiparams { 'LOCAL_SUBNET' } = " $tmpovpnsubnet [0]/ $tmpovpnsubnet [1]" ; #convert from cidr
1846 if ( $cgiparams { 'REMOTE' } eq '' ) { # Check if there is no other entry without IP-address and PSK
1847 foreach my $key ( keys %confighash ) {
1848 if (( $cgiparams { 'KEY' } ne $key ) && ( $confighash { $key }[ 4 ] eq 'psk' || $cgiparams { 'AUTH' } eq 'psk' ) && $confighash { $key }[ 10 ] eq '' ) {
1849 $errormessage = $Lang :: tr
{ 'you can only define one roadwarrior connection when using pre-shared key authentication' };
1854 if (( $cgiparams { 'TYPE' } eq 'net' ) && (! & General
:: validipandmask
( $cgiparams { 'REMOTE_SUBNET' }))) {
1855 $errormessage = $Lang :: tr
{ 'remote subnet is invalid' };
1859 my @tmpovpnsubnet = split ( "\/" , $cgiparams { 'REMOTE_SUBNET' });
1860 $tmpovpnsubnet [ 1 ] = & Ovpnfunc
:: cidrormask
( $tmpovpnsubnet [ 1 ]);
1861 $cgiparams { 'REMOTE_SUBNET' } = " $tmpovpnsubnet [0]/ $tmpovpnsubnet [1]" ; #convert from cidr
1863 if ( $cgiparams { 'ENABLED' } !~ /^(on|off)$/ ) {
1864 $errormessage = $Lang :: tr
{ 'invalid input' };
1867 if ( $cgiparams { 'EDIT_ADVANCED' } !~ /^(on|off)$/ ) {
1868 $errormessage = $Lang :: tr
{ 'invalid input' };
1871 if ( $cgiparams { 'ENABLED' } eq 'on' ){
1872 $errormessage = & Ovpnfunc
:: disallowreserved
( $cgiparams { 'DEST_PORT' }, 0 , $cgiparams { 'PROTOCOL' }, "dest" );
1874 if ( $errormessage ) { goto VPNCONF_ERROR
; }
1876 if ( $cgiparams { 'ENABLED' } eq 'on' ){
1877 $errormessage = & Ovpnfunc
:: checkportfw
( 0 , $cgiparams { 'DEST_PORT' }, $cgiparams { 'PROTOCOL' }, '0.0.0.0' );
1879 if ( $errormessage ) { goto VPNCONF_ERROR
; }
1881 if ( $cgiparams { 'TYPE' } eq 'net' ) {
1882 if (! & General
:: validipandmask
( $cgiparams { 'OVPN_SUBNET' })) {
1883 $errormessage = $Lang :: tr
{ 'ovpn subnet is invalid' };
1887 my @tmpovpnsubnet = split ( "\/" , $cgiparams { 'OVPN_SUBNET' });
1888 $tmpovpnsubnet [ 1 ] = & Ovpnfunc
:: cidrormask
( $tmpovpnsubnet [ 1 ]);
1889 $cgiparams { 'OVPN_SUBNET' } = " $tmpovpnsubnet [0]/ $tmpovpnsubnet [1]" ; #convert from cidr
1892 $errormessage = & Ovpnfunc
:: ovelapplausi
( $tmpovpnsubnet [ 0 ], $tmpovpnsubnet [ 1 ]);
1894 if ( $errormessage ne '' ){
1897 if (( length ( $cgiparams { 'MTU' })== 0 ) || (( $cgiparams { 'MTU' }) < 1000 )) {
1898 $errormessage = $Lang :: tr
{ 'invalid mtu input' };
1901 unless (& General
:: validport
( $cgiparams { 'DEST_PORT' })) {
1902 $errormessage = $Lang :: tr
{ 'invalid port' };
1905 # check protcol/port overlap against existing connections gian
1906 foreach my $dkey ( keys %confighash ) { #Check if there is no other entry with this name
1907 if ( $dkey ne $cgiparams { 'KEY' }) {
1908 if ( $confighash { $dkey }[ 14 ] eq $cgiparams { 'PROTOCOL' } && $confighash { $dkey }[ 15 ] eq $cgiparams { 'DEST_PORT' }){
1909 #if ($confighash{$dkey}[14] eq 'on') {
1910 $errormessage = "Choosed Protocol/Port combination is already used by connection: $confighash { $dkey }[1]" ;
1913 # $warnmessage = "Choosed Protcol/Port combination is used by inactive connection: $confighash{$dkey}[1]";
1918 #check protcol/port overlap against RWserver gian
1919 if ( $vpnsettings { 'ENABLED' } eq 'on' ) {
1920 if ( $vpnsettings { 'DPROTOCOL' } eq $cgiparams { 'PROTOCOL' } && $vpnsettings { 'DDEST_PORT' } eq $cgiparams { 'DEST_PORT' }){
1921 $errormessage = "Choosed Protocol/Port combination is already used OpenVPN Roadwarrior Server" ;
1926 if ( $cgiparams { 'AUTH' } eq 'psk' ) {
1928 } elsif ( $cgiparams { 'AUTH' } eq 'certreq' ) {
1930 if ( $cgiparams { 'KEY' }) {
1931 $errormessage = $Lang :: tr
{ 'cant change certificates' };
1934 if ( ref ( $cgiparams { 'FH' }) ne 'Fh' ) {
1935 $errormessage = $Lang :: tr
{ 'there was no file upload' };
1938 ( my $fh , my $filename ) = tempfile
( ); # Move uploaded certificate request to a temporary file
1939 if ( copy
( $cgiparams { 'FH' }, $fh ) != 1 ) {
1943 # Sign the certificate request and move it
1944 # Sign the host certificate request
1945 system ( '/usr/bin/openssl' , 'ca' , '-days' , '999999' ,
1946 '-batch' , '-notext' ,
1948 '-out' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" ,
1949 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" );
1951 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
1953 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" );
1954 & Ovpnfunc
:: newcleanssldatabase
();
1958 & Ovpnfunc
:: deletebackupcert
();
1960 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem` ;
1961 $temp =~ /Subject:.*CN=(.*)[\n]/ ;
1963 $temp =~ s
+/ Email
+, E
+;
1964 $temp =~ s/ ST=/ S=/ ;
1965 $cgiparams { 'CERT_NAME' } = $temp ;
1966 $cgiparams { 'CERT_NAME' } =~ s/,//g ;
1967 $cgiparams { 'CERT_NAME' } =~ s/\'//g ;
1968 if ( $cgiparams { 'CERT_NAME' } eq '' ) {
1969 $errormessage = $Lang :: tr
{ 'could not retrieve common name from certificate' };
1972 } elsif ( $cgiparams { 'AUTH' } eq 'certfile' ) {
1973 if ( $cgiparams { 'KEY' }) {
1974 $errormessage = $Lang :: tr
{ 'cant change certificates' };
1977 if ( ref ( $cgiparams { 'FH' }) ne 'Fh' ) {
1978 $errormessage = $Lang :: tr
{ 'there was no file upload' };
1981 ( my $fh , my $filename ) = tempfile
( ); # Move uploaded certificate to a temporary file
1982 if ( copy
( $cgiparams { 'FH' }, $fh ) != 1 ) {
1986 my $validca = 0 ; # Verify the certificate has a valid CA and move it
1987 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/cacert.pem $filename ` ;
1988 if ( $test =~ /: OK/ ) {
1991 foreach my $key ( keys %cahash ) {
1992 $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/ $cahash { $key }[0]cert.pem $filename ` ;
1993 if ( $test =~ /: OK/ ) {
1999 $errormessage = $Lang :: tr
{ 'certificate does not have a valid ca associated with it' };
2003 move
( $filename , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" );
2005 $errormessage = " $Lang ::tr{'certificate file move failed'}: $!" ;
2010 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem` ;
2011 $temp =~ /Subject:.*CN=(.*)[\n]/ ;
2013 $temp =~ s
+/ Email
+, E
+;
2014 $temp =~ s/ ST=/ S=/ ;
2015 $cgiparams { 'CERT_NAME' } = $temp ;
2016 $cgiparams { 'CERT_NAME' } =~ s/,//g ;
2017 $cgiparams { 'CERT_NAME' } =~ s/\'//g ;
2018 if ( $cgiparams { 'CERT_NAME' } eq '' ) {
2019 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" );
2020 $errormessage = $Lang :: tr
{ 'could not retrieve common name from certificate' };
2023 } elsif ( $cgiparams { 'AUTH' } eq 'certgen' ){
2024 if ( $cgiparams { 'KEY' }) {
2025 $errormessage = $Lang :: tr
{ 'cant change certificates' };
2028 if ( length ( $cgiparams { 'CERT_NAME' }) > 60 ) { # Validate input since the form was submitted
2029 $errormessage = $Lang :: tr
{ 'name too long' };
2032 if ( $cgiparams { 'CERT_NAME' } !~ /^[a-zA-Z0-9 ,\.\-_]+$/ ) {
2033 $errormessage = $Lang :: tr
{ 'invalid input for name' };
2036 if ( $cgiparams { 'CERT_EMAIL' } ne '' && (! & General
:: validemail
( $cgiparams { 'CERT_EMAIL' }))) {
2037 $errormessage = $Lang :: tr
{ 'invalid input for e-mail address' };
2040 if ( length ( $cgiparams { 'CERT_EMAIL' }) > 40 ) {
2041 $errormessage = $Lang :: tr
{ 'e-mail address too long' };
2044 if ( $cgiparams { 'CERT_OU' } ne '' && $cgiparams { 'CERT_OU' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
2045 $errormessage = $Lang :: tr
{ 'invalid input for department' };
2048 if ( length ( $cgiparams { 'CERT_ORGANIZATION' }) > 60 ) {
2049 $errormessage = $Lang :: tr
{ 'organization too long' };
2052 if ( $cgiparams { 'CERT_ORGANIZATION' } !~ /^[a-zA-Z0-9 ,\.\-_]+$/ ) {
2053 $errormessage = $Lang :: tr
{ 'invalid input for organization' };
2056 if ( $cgiparams { 'CERT_CITY' } ne '' && $cgiparams { 'CERT_CITY' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
2057 $errormessage = $Lang :: tr
{ 'invalid input for city' };
2060 if ( $cgiparams { 'CERT_STATE' } ne '' && $cgiparams { 'CERT_STATE' } !~ /^[a-zA-Z0-9 ,\.\-_]*$/ ) {
2061 $errormessage = $Lang :: tr
{ 'invalid input for state or province' };
2064 if ( $cgiparams { 'CERT_COUNTRY' } !~ /^[A-Z]*$/ ) {
2065 $errormessage = $Lang :: tr
{ 'invalid input for country' };
2068 if ( $cgiparams { 'CERT_PASS1' } ne '' && $cgiparams { 'CERT_PASS2' } ne '' ){
2069 if ( length ( $cgiparams { 'CERT_PASS1' }) < 5 ) {
2070 $errormessage = $Lang :: tr
{ 'password too short' };
2074 if ( $cgiparams { 'CERT_PASS1' } ne $cgiparams { 'CERT_PASS2' }) {
2075 $errormessage = $Lang :: tr
{ 'passwords do not match' };
2078 ( my $ou = $cgiparams { 'CERT_OU' }) =~ s/^\s*$/\./ ; # Replace empty strings with a .
2079 ( my $city = $cgiparams { 'CERT_CITY' }) =~ s/^\s*$/\./ ;
2080 ( my $state = $cgiparams { 'CERT_STATE' }) =~ s/^\s*$/\./ ;
2081 my $pid = open ( OPENSSL
, "|-" ); # Create the Host certificate request client
2082 $SIG { ALRM
} = sub { $errormessage = $Lang :: tr
{ 'broken pipe' }; goto VPNCONF_ERROR
;};
2083 if ( $pid ) { # parent
2084 print OPENSSL
" $cgiparams {'CERT_COUNTRY'} \n " ;
2085 print OPENSSL
" $state \n " ;
2086 print OPENSSL
" $city \n " ;
2087 print OPENSSL
" $cgiparams {'CERT_ORGANIZATION'} \n " ;
2088 print OPENSSL
" $ou \n " ;
2089 print OPENSSL
" $cgiparams {'CERT_NAME'} \n " ;
2090 print OPENSSL
" $cgiparams {'CERT_EMAIL'} \n " ;
2091 print OPENSSL
". \n " ;
2092 print OPENSSL
". \n " ;
2095 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
2096 unlink ( "${General::swroot}ovpn/certs/ $cgiparams {'NAME'}key.pem" );
2097 unlink ( "${General::swroot}ovpn/certs/ $cgiparams {'NAME'}req.pem" );
2101 unless ( exec ( '/usr/bin/openssl' , 'req' , '-nodes' , '-rand' , '/proc/interrupts:/proc/net/rt_cache' ,
2102 '-newkey' , 'rsa:1024' ,
2103 '-keyout' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" ,
2104 '-out' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}req.pem" ,
2105 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
2106 $errormessage = " $Lang ::tr{'cant start openssl'}: $!" ;
2107 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" );
2108 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}req.pem" );
2112 # Sign the host certificate request
2113 system ( '/usr/bin/openssl' , 'ca' , '-days' , '999999' ,
2114 '-batch' , '-notext' ,
2115 '-in' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}req.pem" ,
2116 '-out' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" ,
2117 '-config' , "${General::swroot}/ovpn/openssl/ovpn.cnf" );
2119 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
2120 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" );
2121 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}req.pem" );
2122 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" );
2123 & Ovpnfunc
:: newcleanssldatabase
();
2126 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}req.pem" );
2127 & Ovpnfunc
:: deletebackupcert
();
2129 # Create the pkcs12 file
2130 system ( '/usr/bin/openssl' , 'pkcs12' , '-export' ,
2131 '-inkey' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" ,
2132 '-in' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" ,
2133 '-name' , $cgiparams { 'NAME' },
2134 '-passout' , "pass: $cgiparams {'CERT_PASS1'}" ,
2135 '-certfile' , "${General::swroot}/ovpn/ca/cacert.pem" ,
2136 '-caname' , " $vpnsettings {'ROOTCERT_ORGANIZATION'} CA" ,
2137 '-out' , "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}.p12" );
2139 $errormessage = " $Lang ::tr{'openssl produced an error'}: $?" ;
2140 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" );
2141 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}cert.pem" );
2142 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}.p12" );
2145 unlink ( "${General::swroot}/ovpn/certs/ $cgiparams {'NAME'}key.pem" );
2147 } elsif ( $cgiparams { 'AUTH' } eq 'cert' ) {
2148 ; # Nothing, just editing
2150 $errormessage = $Lang :: tr
{ 'invalid input for authentication method' };
2153 if ((! $cgiparams { 'KEY' }) && ( $cgiparams { 'AUTH' } ne 'psk' )) { # Check if there is no other entry with this common name
2154 foreach my $key ( keys %confighash ) {
2155 if ( $confighash { $key }[ 2 ] eq $cgiparams { 'CERT_NAME' }) {
2156 $errormessage = $Lang :: tr
{ 'a connection with this common name already exists' };
2162 my $key = $cgiparams { 'KEY' }; # Save the config
2164 $key = & General
:: findhasharraykey
( \
%confighash );
2165 foreach my $i ( 0 .. 42 ) { $confighash { $key }[ $i ] = "" ;}
2167 $confighash { $key }[ 0 ] = $cgiparams { 'ENABLED' };
2168 $confighash { $key }[ 1 ] = $cgiparams { 'NAME' };
2169 if ((! $cgiparams { 'KEY' }) && $cgiparams { 'AUTH' } ne 'psk' ) {
2170 $confighash { $key }[ 2 ] = $cgiparams { 'CERT_NAME' };
2172 $confighash { $key }[ 3 ] = $cgiparams { 'TYPE' };
2173 if ( $cgiparams { 'AUTH' } eq 'psk' ) {
2174 $confighash { $key }[ 4 ] = 'psk' ;
2175 $confighash { $key }[ 5 ] = $cgiparams { 'PSK' };
2177 $confighash { $key }[ 4 ] = 'cert' ;
2179 if ( $cgiparams { 'TYPE' } eq 'net' ) {
2180 $confighash { $key }[ 6 ] = $cgiparams { 'SIDE' };
2181 $confighash { $key }[ 11 ] = $cgiparams { 'REMOTE_SUBNET' };
2182 if ( $cgiparams { 'SIDE' } eq 'client' ) {
2183 $confighash { $key }[ 19 ] = 'yes' ;
2185 $confighash { $key }[ 19 ] = 'no' ;
2188 $confighash { $key }[ 8 ] = $cgiparams { 'LOCAL_SUBNET' };
2189 $confighash { $key }[ 10 ] = $cgiparams { 'REMOTE' };
2190 $confighash { $key }[ 25 ] = $cgiparams { 'REMARK' };
2191 $confighash { $key }[ 12 ] = $cgiparams { 'INTERFACE' };
2192 $confighash { $key }[ 13 ] = $cgiparams { 'OVPN_SUBNET' }; # new fields
2193 $confighash { $key }[ 14 ] = $cgiparams { 'PROTOCOL' };
2194 $confighash { $key }[ 15 ] = $cgiparams { 'DEST_PORT' };
2195 $confighash { $key }[ 16 ] = $cgiparams { 'COMPLZO' };
2196 $confighash { $key }[ 17 ] = $cgiparams { 'MTU' };
2197 $confighash { $key }[ 18 ] = $cgiparams { 'N2NVPN_IP' }; # new fileds
2198 $confighash { $key }[ 19 ] = $cgiparams { 'ZERINA_CLIENT' }; # new fileds
2199 $confighash { $key }[ 20 ] = $cgiparams { 'CIPHER' };
2201 #default n2n advanced
2202 $confighash { $key }[ 26 ] = '10' ; #keepalive ping
2203 $confighash { $key }[ 27 ] = '60' ; #keepalive restart
2204 $confighash { $key }[ 28 ] = '0' ; #nice
2205 $confighash { $key }[ 42 ] = '3' ; #verb
2206 #default n2n advanced
2207 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
2208 & Ovpnfunc
:: writenet2netconf
( $key , $zerinaclient );
2210 my $n2nactive = `/bin/ps ax|grep $cgiparams {'NAME'}.conf|grep -v grep|awk \' {print \ $1 } \' ` ;
2211 if ( $cgiparams { 'ENABLED' }) {
2212 if ( $n2nactive eq '' ){
2213 system ( '/usr/local/bin/openvpnctrl' , '-sn2n' , $cgiparams { 'NAME' });
2215 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $n2nactive );
2216 system ( '/usr/local/bin/openvpnctrl' , '-sn2n' , $cgiparams { 'NAME' });
2219 if ( $n2nactive ne '' ){
2220 system ( '/usr/local/bin/openvpnctrl' , '-kn2n' , $cgiparams { 'NAME' });
2223 if ( $cgiparams { 'EDIT_ADVANCED' } eq 'on' ) {
2224 $cgiparams { 'KEY' } = $key ;
2225 $cgiparams { 'ACTION' } = $Lang :: tr
{ 'advanced' };
2229 $cgiparams { 'ENABLED' } = 'on' ;
2230 if ( $cgiparams { 'ZERINA_CLIENT' } eq '' ){
2231 $cgiparams { 'ZERINA_CLIENT' } = 'no' ;
2233 if ( ! - f
"${General::swroot}/ovpn/ca/cakey.pem" ) {
2234 $cgiparams { 'AUTH' } = 'psk' ;
2235 } elsif ( ! - f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
2236 $cgiparams { 'AUTH' } = 'certfile' ;
2238 $cgiparams { 'AUTH' } = 'certgen' ;
2240 $cgiparams { 'LOCAL_SUBNET' } = " $netsettings {'GREEN_NETADDRESS'}/ $netsettings {'GREEN_NETMASK'}" ;
2241 $cgiparams { 'CERT_ORGANIZATION' } = $vpnsettings { 'ROOTCERT_ORGANIZATION' };
2242 $cgiparams { 'CERT_CITY' } = $vpnsettings { 'ROOTCERT_CITY' };
2243 $cgiparams { 'CERT_STATE' } = $vpnsettings { 'ROOTCERT_STATE' };
2244 $cgiparams { 'CERT_COUNTRY' } = $vpnsettings { 'ROOTCERT_COUNTRY' };
2247 # n2n default settings
2248 if ( $cgiparams { 'CIPHER' } eq '' ) {
2249 $cgiparams { 'CIPHER' } = 'BF-CBC' ;
2251 if ( $cgiparams { 'MTU' } eq '' ) {
2252 $cgiparams { 'MTU' } = '1400' ;
2254 if ( $cgiparams { 'OVPN_SUBNET' } eq '' ) {
2255 $cgiparams { 'OVPN_SUBNET' } = '10.' . int ( rand ( 256 )) . '.' . int ( rand ( 256 )) . '.0/255.255.255.0' ;
2257 #n2n default settings
2258 $checked { 'ENABLED' }{ 'off' } = '' ;
2259 $checked { 'ENABLED' }{ 'on' } = '' ;
2260 $checked { 'ENABLED' }{ $cgiparams { 'ENABLED' }} = 'CHECKED' ;
2261 $checked { 'ENABLED_BLUE' }{ 'off' } = '' ;
2262 $checked { 'ENABLED_BLUE' }{ 'on' } = '' ;
2263 $checked { 'ENABLED_BLUE' }{ $cgiparams { 'ENABLED_BLUE' }} = 'CHECKED' ;
2264 $checked { 'ENABLED_ORANGE' }{ 'off' } = '' ;
2265 $checked { 'ENABLED_ORANGE' }{ 'on' } = '' ;
2266 $checked { 'ENABLED_ORANGE' }{ $cgiparams { 'ENABLED_ORANGE' }} = 'CHECKED' ;
2267 $checked { 'EDIT_ADVANCED' }{ 'off' } = '' ;
2268 $checked { 'EDIT_ADVANCED' }{ 'on' } = '' ;
2269 $checked { 'EDIT_ADVANCED' }{ $cgiparams { 'EDIT_ADVANCED' }} = 'CHECKED' ;
2270 $selected { 'SIDE' }{ 'server' } = '' ;
2271 $selected { 'SIDE' }{ 'client' } = '' ;
2272 $selected { 'SIDE' }{ $cgiparams { 'SIDE' }} = 'SELECTED' ;
2274 # $selected{'DDEVICE'}{'tun'} = '';
2275 # $selected{'DDEVICE'}{'tap'} = '';
2276 # $selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED';
2278 $selected { 'PROTOCOL' }{ 'udp' } = '' ;
2279 $selected { 'PROTOCOL' }{ 'tcp' } = '' ;
2280 $selected { 'PROTOCOL' }{ $cgiparams { 'PROTOCOL' }} = 'SELECTED' ;
2282 $checked { 'AUTH' }{ 'psk' } = '' ;
2283 $checked { 'AUTH' }{ 'certreq' } = '' ;
2284 $checked { 'AUTH' }{ 'certgen' } = '' ;
2285 $checked { 'AUTH' }{ 'certfile' } = '' ;
2286 $checked { 'AUTH' }{ $cgiparams { 'AUTH' }} = 'CHECKED' ;
2287 $selected { 'INTERFACE' }{ $cgiparams { 'INTERFACE' }} = 'SELECTED' ;
2288 $checked { 'COMPLZO' }{ 'off' } = '' ;
2289 $checked { 'COMPLZO' }{ 'on' } = '' ;
2290 $checked { 'COMPLZO' }{ $cgiparams { 'COMPLZO' }} = 'CHECKED' ;
2291 $selected { 'CIPHER' }{ 'DES-CBC' } = '' ;
2292 $selected { 'CIPHER' }{ 'DES-EDE-CBC' } = '' ;
2293 $selected { 'CIPHER' }{ 'DES-EDE3-CBC' } = '' ;
2294 $selected { 'CIPHER' }{ 'DESX-CBC' } = '' ;
2295 $selected { 'CIPHER' }{ 'RC2-CBC' } = '' ;
2296 $selected { 'CIPHER' }{ 'RC2-40-CBC' } = '' ;
2297 $selected { 'CIPHER' }{ 'RC2-64-CBC' } = '' ;
2298 $selected { 'CIPHER' }{ 'BF-CBC' } = '' ;
2299 $selected { 'CIPHER' }{ 'CAST5-CBC' } = '' ;
2300 $selected { 'CIPHER' }{ 'AES-128-CBC' } = '' ;
2301 $selected { 'CIPHER' }{ 'AES-192-CBC' } = '' ;
2302 $selected { 'CIPHER' }{ 'AES-256-CBC' } = '' ;
2303 $selected { 'CIPHER' }{ $cgiparams { 'CIPHER' }} = 'SELECTED' ;
2306 & Header
:: showhttpheaders
();
2307 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
2308 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
2309 if ( $errormessage ) {
2310 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
2311 print "<class name='base'> $errormessage " ;
2312 print " </class>" ;
2313 & Header
:: closebox
();
2316 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'warning messages'}:" );
2317 print "<class name='base'> $warnmessage " ;
2318 print " </class>" ;
2319 & Header
:: closebox
();
2321 print "<form method='post' enctype='multipart/form-data'>" ;
2322 print "<input type='hidden' name='TYPE' value=' $cgiparams {'TYPE'}' />" ;
2323 print "<input type='hidden' name='ZERINA_CLIENT' value=' $cgiparams {'ZERINA_CLIENT'}' />" ;
2324 if ( $cgiparams { 'KEY' }) {
2325 print "<input type='hidden' name='KEY' value=' $cgiparams {'KEY'}' />" ;
2326 print "<input type='hidden' name='AUTH' value=' $cgiparams {'AUTH'}' />" ;
2327 print "<input type='hidden' name='ZERINA_CLIENT' value=' $cgiparams {'ZERINA_CLIENT'}' />" ;
2329 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'connection'}:" );
2330 print "<table width='100%'> \n " ;
2331 print "<tr><td width='25%' class='boldbase'> $Lang ::tr{'name'}:</td>" ;
2332 if ( $cgiparams { 'TYPE' } eq 'host' ) {
2333 if ( $cgiparams { 'KEY' }) {
2334 print "<td width='35%' class='base'><input type='hidden' name='NAME' value=' $cgiparams {'NAME'}' /> $cgiparams {'NAME'}</td> \n " ;
2336 print "<td width='35%'><input type='text' name='NAME' value=' $cgiparams {'NAME'}' maxlength='20' size='30' /></td>" ;
2339 print "<input type='hidden' name='INTERFACE' value='red' />" ;
2340 if ( $cgiparams { 'KEY' }) {
2341 print "<td width='25%' class='base' nowrap='nowrap'><input type='hidden' name='NAME' value=' $cgiparams {'NAME'}' /> $cgiparams {'NAME'}</td>" ;
2343 print "<td width='25%'><input type='text' name='NAME' value=' $cgiparams {'NAME'}' maxlength='20' /></td>" ;
2345 print "<!-- net2net config gui -->" ;
2346 print "<td width='25%'> </td>" ;
2347 print "<td width='25%'> </td></tr>" ;
2348 if ((( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'edit' }) && ( $cgiparams { 'ZERINA_CLIENT' } eq 'no' )) ||
2349 (( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' }) && ( $cgiparams { 'ZERINA_CLIENT' } eq 'no' )) ||
2350 (( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'add' }) && ( $cgiparams { 'ZERINA_CLIENT' } eq 'no' ))) {
2351 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'Act as'}</td>" ;
2352 print "<td><select name='SIDE'><option value='server' $selected {'SIDE'}{'server'}>OpenVPN Server</option>" ;
2353 print "<option value='client' $selected {'SIDE'}{'client'}>OpenVPN Client</option></select></td>" ;
2354 print "<tr><td class='base' nowrap='nowrap'> $Lang ::tr{'local vpn hostname/ip'}:</td>" ;
2355 print "<td><input type='text' name='N2NVPN_IP' value=' $cgiparams {'N2NVPN_IP'}' size='30' /></td>" ;
2356 print "<td class='boldbase'> $Lang ::tr{'remote host/ip'}:</td>" ;
2358 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'Act as'}</td>" ;
2359 print "<td> $cgiparams {'SIDE'}</td><input type='hidden' name='SIDE' value=' $cgiparams {'SIDE'}' />" ;
2360 print "<td class='boldbase'> $Lang ::tr{'remote host/ip'}:</td>" ;
2362 print "<td><input type='TEXT' name='REMOTE' value=' $cgiparams {'REMOTE'}' /></td></tr>" ;
2363 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'local subnet'}</td>" ;
2364 print "<td><input type='TEXT' name='LOCAL_SUBNET' value=' $cgiparams {'LOCAL_SUBNET'}' /></td>" ;
2365 print "<td class='boldbase' nowrap='nowrap'> $Lang ::tr{'remote subnet'}</td>" ;
2366 print "<td><input type='text' name='REMOTE_SUBNET' value=' $cgiparams {'REMOTE_SUBNET'}' /></td></tr>" ;
2367 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'ovpn subnet'}</td>" ;
2368 print "<td><input type='TEXT' name='OVPN_SUBNET' value=' $cgiparams {'OVPN_SUBNET'}' /></td></tr>" ;
2369 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'protocol'}</td>" ;
2370 print "<td><select name='PROTOCOL'><option value='udp' $selected {'PROTOCOL'}{'udp'}>UDP</option>" ;
2371 print "<option value='tcp' $selected {'PROTOCOL'}{'tcp'}>TCP</option></select></td>" ;
2372 print "<td class='boldbase'> $Lang ::tr{'destination port'}:</td>" ;
2373 print "<td><input type='TEXT' name='DEST_PORT' value=' $cgiparams {'DEST_PORT'}' size='5' /></td></tr>" ;
2374 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'comp-lzo'}</td>" ;
2375 print "<td><input type='checkbox' name='COMPLZO' $checked {'COMPLZO'}{'on'} /></td>" ;
2376 print "<td class='boldbase' nowrap='nowrap'> $Lang ::tr{'cipher'}</td>" ;
2377 print "<td><select name='CIPHER'><option value='DES-CBC' $selected {'CIPHER'}{'DES-CBC'}>DES-CBC</option>" ;
2378 print "<option value='DES-EDE-CBC' $selected {'CIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC</option>" ;
2379 print "<option value='DES-EDE3-CBC' $selected {'CIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC</option>" ;
2380 print "<option value='DESX-CBC' $selected {'CIPHER'}{'DESX-CBC'}>DESX-CBC</option>" ;
2381 print "<option value='RC2-CBC' $selected {'CIPHER'}{'RC2-CBC'}>RC2-CBC</option>" ;
2382 print "<option value='RC2-40-CBC' $selected {'CIPHER'}{'RC2-40-CBC'}>RC2-40-CBC</option>" ;
2383 print "<option value='RC2-64-CBC' $selected {'CIPHER'}{'RC2-64-CBC'}>RC2-64-CBC</option>" ;
2384 print "<option value='BF-CBC' $selected {'CIPHER'}{'BF-CBC'}>BF-CBC</option>" ;
2385 print "<option value='CAST5-CBC' $selected {'CIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>" ;
2386 print "<option value='AES-128-CBC' $selected {'CIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>" ;
2387 print "<option value='AES-192-CBC' $selected {'CIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>" ;
2388 print "<option value='AES-256-CBC' $selected {'CIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td>" ;
2389 print "<tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'MTU'} </td>" ;
2390 print "<td> <input type='TEXT' name='MTU' VALUE=' $cgiparams {'MTU'}'size='5' /></TD>" ;
2392 print "<tr><td class='boldbase'> $Lang ::tr{'remark title'} <img src='/blob.gif' /></td>" ;
2393 print "<td colspan='3'><input type='text' name='REMARK' value=' $cgiparams {'REMARK'}' size='55' maxlength='50' /></td></tr>" ;
2394 # if ($cgiparams{'TYPE'} eq 'net') {
2395 print "<tr><td> $Lang ::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td> \n " ;
2397 if ( $cgiparams { 'TYPE' } eq 'host' ) {
2398 print "<td colspan='3'> </td></tr></table>" ;
2399 } elsif ( $cgiparams { 'ACTION' } ne $Lang :: tr
{ 'edit' }){
2400 print "<td colspan='3'><input type='checkbox' name='EDIT_ADVANCED' $checked {'EDIT_ADVANCED'}{'on'}/> $Lang ::tr{'edit advanced settings when done'}</tr></table>" ;
2402 print "<td colspan='3'></tr></table>" ;
2406 & Header
:: closebox
();
2407 if ( $cgiparams { 'KEY' } && $cgiparams { 'AUTH' } eq 'psk' ) {
2409 } elsif (! $cgiparams { 'KEY' }) {
2411 my $cakeydisabled = '' ;
2412 my $cacrtdisabled = '' ;
2413 if ( ! - f
"${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" };
2414 if ( ! - f
"${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" };
2415 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'authentication' });
2417 <table width='100%' cellpadding='0' cellspacing='5' border='0'>
2418 <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr>
2419 <tr><td><input type='radio' name='AUTH' value='certreq' $checked {'AUTH'}{'certreq'} $cakeydisabled /></td>
2420 <td class='base'> $Lang ::tr{'upload a certificate request'}</td>
2421 <td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled ></td></tr>
2422 <tr><td><input type='radio' name='AUTH' value='certfile' $checked {'AUTH'}{'certfile'} $cacrtdisabled /></td>
2423 <td class='base'> $Lang ::tr{'upload a certificate'}</td></tr>
2424 <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' BORDER='0' /></td></tr>
2425 <tr><td><input type='radio' name='AUTH' value='certgen' $checked {'AUTH'}{'certgen'} $cakeydisabled /></td>
2426 <td class='base'> $Lang ::tr{'generate a certificate'}</td><td> </td></tr>
2428 <td class='base'> $Lang ::tr{'users fullname or system hostname'}:</td>
2429 <td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value=' $cgiparams {'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
2431 <td class='base'> $Lang ::tr{'users email'}: <img src='/blob.gif' /></td>
2432 <td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value=' $cgiparams {'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
2434 <td class='base'> $Lang ::tr{'users department'}: <img src='/blob.gif' /></td>
2435 <td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value=' $cgiparams {'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
2437 <td class='base'> $Lang ::tr{'organization name'}: <img src='/blob.gif' /></td>
2438 <td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value=' $cgiparams {'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
2440 <td class='base'> $Lang ::tr{'city'}: <img src='/blob.gif'></td>
2441 <td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value=' $cgiparams {'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
2443 <td class='base'> $Lang ::tr{'state or province'}: <img src='/blob.gif' /></td>
2444 <td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value=' $cgiparams {'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
2446 <td class='base'> $Lang ::tr{'country'}:</td>
2447 <td class='base'><select name='CERT_COUNTRY' $cakeydisabled >
2450 foreach my $country ( sort keys %{ Countries
:: countries
}) {
2451 print "<option value=' $Countries ::countries{ $country }'" ;
2452 if ( $Countries :: countries
{ $country } eq $cgiparams { 'CERT_COUNTRY' } ) {
2453 print " selected='selected'" ;
2455 print "> $country </option>" ;
2460 <td class='base'> $Lang ::tr{'pkcs12 file password'}:</td>
2461 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value=' $cgiparams {'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr>
2462 <tr><td> </td><td class='base'> $Lang ::tr{'pkcs12 file password'}:<BR>( $Lang ::tr{'confirmation'})</td>
2463 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value=' $cgiparams {'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr>
2467 & Header
:: closebox
();
2469 print "<div align='center'><input type='submit' name='ACTION' value=' $Lang ::tr{'save'}' />" ;
2470 if ( $cgiparams { 'KEY' }) {
2471 print "<input type='submit' name='ACTION' value=' $Lang ::tr{'advanced'}' />" ;
2473 print "<input type='submit' name='ACTION' value=' $Lang ::tr{'cancel'}' /></div></form>" ;
2474 & Header
:: closebigbox
();
2475 & Header
:: closepage
();
2481 ### Advanced settings
2483 if (( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'advanced' }) ||
2484 ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' } && $cgiparams { 'ADVANCED' } eq 'yes' )) {
2485 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%vpnsettings );
2486 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
2488 if (! $confighash { $cgiparams { 'KEY' }}) {
2489 $errormessage = $Lang :: tr
{ 'invalid key' };
2493 if ( $cgiparams { 'KEEPALIVE_1' } ne '' ) {
2494 if ( $cgiparams { 'KEEPALIVE_1' } !~ /^[0-9]+$/ ) {
2495 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 1' };
2496 goto ADVANCED_ERROR
;
2499 if ( $cgiparams { 'KEEPALIVE_2' } ne '' ){
2500 if ( $cgiparams { 'KEEPALIVE_2' } !~ /^[0-9]+$/ ) {
2501 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 2' };
2502 goto ADVANCED_ERROR
;
2505 if ( $cgiparams { 'KEEPALIVE_2' } < ( $cgiparams { 'KEEPALIVE_1' } * 2 )){
2506 $errormessage = $Lang :: tr
{ 'invalid input for keepalive 1:2' };
2507 goto ADVANCED_ERROR
;
2509 if ( $cgiparams { 'ACTION' } eq $Lang :: tr
{ 'save' }) {
2510 # if ($cgiparams{'NAT'} !~ /^(on|off)$/) {
2511 # $errormessage = $Lang::tr{'invalid input'};
2512 # goto ADVANCED_ERROR;
2516 $confighash { $cgiparams { 'KEY' }}[ 26 ] = $cgiparams { 'KEEPALIVE_1' };
2517 $confighash { $cgiparams { 'KEY' }}[ 27 ] = $cgiparams { 'KEEPALIVE_2' };
2518 $confighash { $cgiparams { 'KEY' }}[ 28 ] = $cgiparams { 'EXTENDED_NICE' };
2519 $confighash { $cgiparams { 'KEY' }}[ 29 ] = $cgiparams { 'EXTENDED_FASTIO' };
2520 $confighash { $cgiparams { 'KEY' }}[ 30 ] = $cgiparams { 'EXTENDED_MTUDISC' };
2521 $confighash { $cgiparams { 'KEY' }}[ 31 ] = $cgiparams { 'EXTENDED_MSSFIX' };
2522 $confighash { $cgiparams { 'KEY' }}[ 32 ] = $cgiparams { 'EXTENDED_FRAGMENT' };
2523 $confighash { $cgiparams { 'KEY' }}[ 33 ] = $cgiparams { 'PROXY_HOST' };
2524 $confighash { $cgiparams { 'KEY' }}[ 34 ] = $cgiparams { 'PROXY_PORT' };
2525 $confighash { $cgiparams { 'KEY' }}[ 35 ] = $cgiparams { 'PROXY_USERNAME' };
2526 $confighash { $cgiparams { 'KEY' }}[ 36 ] = $cgiparams { 'PROXY_PASS' };
2527 $confighash { $cgiparams { 'KEY' }}[ 37 ] = $cgiparams { 'PROXY_AUTH_METHOD' };
2528 $confighash { $cgiparams { 'KEY' }}[ 38 ] = $cgiparams { 'http-proxy-retry' };
2529 $confighash { $cgiparams { 'KEY' }}[ 39 ] = $cgiparams { 'PROXY_TIMEOUT' };
2530 $confighash { $cgiparams { 'KEY' }}[ 40 ] = $cgiparams { 'PROXY_OPT_VERSION' };
2531 $confighash { $cgiparams { 'KEY' }}[ 41 ] = $cgiparams { 'PROXY_OPT_AGENT' };
2532 $confighash { $cgiparams { 'KEY' }}[ 42 ] = $cgiparams { 'LOG_VERB' };
2533 & General
:: writehasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
2534 & Ovpnfunc
:: writenet2netconf
( $cgiparams { 'KEY' }, $zerinaclient );
2535 # restart n2n after advanced save ?
2538 $cgiparams { 'KEEPALIVE_1' } = $confighash { $cgiparams { 'KEY' }}[ 26 ];
2539 $cgiparams { 'KEEPALIVE_2' } = $confighash { $cgiparams { 'KEY' }}[ 27 ];
2540 $cgiparams { 'EXTENDED_NICE' } = $confighash { $cgiparams { 'KEY' }}[ 28 ];
2541 $cgiparams { 'EXTENDED_FASTIO' } = $confighash { $cgiparams { 'KEY' }}[ 29 ];
2542 $cgiparams { 'EXTENDED_MTUDISC' } = $confighash { $cgiparams { 'KEY' }}[ 30 ];
2543 $cgiparams { 'EXTENDED_MSSFIX' } = $confighash { $cgiparams { 'KEY' }}[ 31 ];
2544 $cgiparams { 'EXTENDED_FRAGMENT' } = $confighash { $cgiparams { 'KEY' }}[ 32 ];
2545 $cgiparams { 'PROXY_HOST' } = $confighash { $cgiparams { 'KEY' }}[ 33 ];
2546 $cgiparams { 'PROXY_PORT' } = $confighash { $cgiparams { 'KEY' }}[ 34 ];
2547 $cgiparams { 'PROXY_USERNAME' } = $confighash { $cgiparams { 'KEY' }}[ 35 ];
2548 $cgiparams { 'PROXY_PASS' } = $confighash { $cgiparams { 'KEY' }}[ 36 ];
2549 $cgiparams { 'PROXY_AUTH_METHOD' } = $confighash { $cgiparams { 'KEY' }}[ 37 ];
2550 $cgiparams { 'http-proxy-retry' } = $confighash { $cgiparams { 'KEY' }}[ 38 ];
2551 $cgiparams { 'PROXY_TIMEOUT' } = $confighash { $cgiparams { 'KEY' }}[ 39 ];
2552 $cgiparams { 'PROXY_OPT_VERSION' } = $confighash { $cgiparams { 'KEY' }}[ 40 ];
2553 $cgiparams { 'PROXY_OPT_AGENT' } = $confighash { $cgiparams { 'KEY' }}[ 41 ];
2554 $cgiparams { 'LOG_VERB' } = $confighash { $cgiparams { 'KEY' }}[ 42 ];
2559 $selected { 'EXTENDED_NICE' }{ '-13' } = '' ;
2560 $selected { 'EXTENDED_NICE' }{ '-10' } = '' ;
2561 $selected { 'EXTENDED_NICE' }{ '-7' } = '' ;
2562 $selected { 'EXTENDED_NICE' }{ '-3' } = '' ;
2563 $selected { 'EXTENDED_NICE' }{ '0' } = '' ;
2564 $selected { 'EXTENDED_NICE' }{ '3' } = '' ;
2565 $selected { 'EXTENDED_NICE' }{ '7' } = '' ;
2566 $selected { 'EXTENDED_NICE' }{ '10' } = '' ;
2567 $selected { 'EXTENDED_NICE' }{ '13' } = '' ;
2568 $selected { 'EXTENDED_NICE' }{ $cgiparams { 'EXTENDED_NICE' }} = 'SELECTED' ;
2569 $checked { 'EXTENDED_FASTIO' }{ 'off' } = '' ;
2570 $checked { 'EXTENDED_FASTIO' }{ 'on' } = '' ;
2571 $checked { 'EXTENDED_FASTIO' }{ $cgiparams { 'EXTENDED_FASTIO' }} = 'CHECKED' ;
2572 $checked { 'EXTENDED_MTUDISC' }{ 'off' } = '' ;
2573 $checked { 'EXTENDED_MTUDISC' }{ 'on' } = '' ;
2574 $checked { 'EXTENDED_MTUDISC' }{ $cgiparams { 'EXTENDED_MTUDISC' }} = 'CHECKED' ;
2575 $selected { 'LOG_VERB' }{ '1' } = '' ;
2576 $selected { 'LOG_VERB' }{ '2' } = '' ;
2577 $selected { 'LOG_VERB' }{ '3' } = '' ;
2578 $selected { 'LOG_VERB' }{ '4' } = '' ;
2579 $selected { 'LOG_VERB' }{ '5' } = '' ;
2580 $selected { 'LOG_VERB' }{ '6' } = '' ;
2581 $selected { 'LOG_VERB' }{ '7' } = '' ;
2582 $selected { 'LOG_VERB' }{ '8' } = '' ;
2583 $selected { 'LOG_VERB' }{ '9' } = '' ;
2584 $selected { 'LOG_VERB' }{ '10' } = '' ;
2585 $selected { 'LOG_VERB' }{ '11' } = '' ;
2586 $selected { 'LOG_VERB' }{ '0' } = '' ;
2587 $selected { 'LOG_VERB' }{ $cgiparams { 'LOG_VERB' }} = 'SELECTED' ;
2588 $selected { 'PROXY_AUTH_METHOD' }{ 'none' } = '' ;
2589 $selected { 'PROXY_AUTH_METHOD' }{ 'basic' } = '' ;
2590 $selected { 'PROXY_AUTH_METHOD' }{ 'ntlm' } = '' ;
2591 $selected { 'PROXY_AUTH_METHOD' }{ $cgiparams { 'PROXY_AUTH_METHOD' }} = 'SELECTED' ;
2592 $checked { 'PROXY_RETRY' }{ 'off' } = '' ;
2593 $checked { 'PROXY_RETRY' }{ 'on' } = '' ;
2594 $checked { 'PROXY_RETRY' }{ $cgiparams { 'PROXY_RETRY' }} = 'CHECKED' ;
2596 & Header
:: showhttpheaders
();
2597 & Header
:: openpage
( $Lang :: tr
{ 'vpn configuration main' }, 1 , '' );
2598 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
2600 if ( $errormessage ) {
2601 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
2602 print "<class name='base'> $errormessage " ;
2603 print " </class>" ;
2604 & Header
:: closebox
();
2608 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'warning messages' });
2609 print "<class name='base'> $warnmessage " ;
2610 print " </class>" ;
2611 & Header
:: closebox
();
2614 print "<form method='post' enctype='multipart/form-data'> \n " ;
2615 print "<input type='hidden' name='ADVANCED' value='yes' /> \n " ;
2616 print "<input type='hidden' name='KEY' value=' $cgiparams {'KEY'}' /> \n " ;
2618 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'advanced'}:" );
2620 <form method='post' enctype='multipart/form-data'>
2621 <table width='100%'>
2623 <td class'base'><b> $Lang ::tr{'misc-options'}</b></td>
2626 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
2628 <td class='base'>Keppalive (ping/ping-restart)</td>
2629 <td><input type='TEXT' name='KEEPALIVE_1' value=' $cgiparams {'KEEPALIVE_1'}' size='30' /></td>
2630 <td><input type='TEXT' name='KEEPALIVE_2' value=' $cgiparams {'KEEPALIVE_2'}' size='30' /></td>
2634 <td class='base'> $Lang ::tr{'ovpn_processprio'}</td>
2636 <select name='EXTENDED_NICE' disabled='disabled'>
2637 <option value='-13' $selected {'EXTENDED_NICE'}{'-13'}> $Lang ::tr{'ovpn_processprioEH'}</option>
2638 <option value='-10' $selected {'EXTENDED_NICE'}{'-10'}> $Lang ::tr{'ovpn_processprioVH'}</option>
2639 <option value='-7' $selected {'EXTENDED_NICE'}{'-7'}> $Lang ::tr{'ovpn_processprioH'}</option>
2640 <option value='-3' $selected {'EXTENDED_NICE'}{'-3'}> $Lang ::tr{'ovpn_processprioEN'}</option>
2641 <option value='0' $selected {'EXTENDED_NICE'}{'0'}> $Lang ::tr{'ovpn_processprioN'}</option>
2642 <option value='3' $selected {'EXTENDED_NICE'}{'3'}> $Lang ::tr{'ovpn_processprioLN'}</option>
2643 <option value='7' $selected {'EXTENDED_NICE'}{'7'}> $Lang ::tr{'ovpn_processprioD'}</option>
2644 <option value='10' $selected {'EXTENDED_NICE'}{'10'}> $Lang ::tr{'ovpn_processprioVD'}</option>
2645 <option value='13' $selected {'EXTENDED_NICE'}{'13'}> $Lang ::tr{'ovpn_processprioED'}</option>
2650 <td class='base'> $Lang ::tr{'ovpn_fastio'}</td>
2652 <input type='checkbox' name='EXTENDED_FASTIO' $checked {'EXTENDED_FASTIO'}{'on'} disabled='disabled'/>
2656 <td class='base'> $Lang ::tr{'ovpn_mtudisc'}</td>
2658 <input type='checkbox' name='EXTENDED_MTUDISC' $checked {'EXTENDED_MTUDISC'}{'on'} disabled='disabled'/>
2662 <td class='base'> $Lang ::tr{'ovpn_mssfix'}</td>
2664 <input type='TEXT' name='EXTENDED_MSSFIX' value=' $cgiparams {'EXTENDED_MSSFIX'}' size='30' disabled='disabled'/>
2668 <td class='base'> $Lang ::tr{'ovpn_fragment'}</td>
2670 <input type='TEXT' name='EXTENDED_FRAGMENT' value=' $cgiparams {'EXTENDED_FRAGMENT'}' size='30' disabled='disabled'/>
2675 <table width='100%'>
2677 <td class'base'><b> $Lang ::tr{'proxy'} $Lang ::tr{'settings'}</b></td>
2680 <td width='25%'></td> <td width='25%'> </td><td width='25%'> </td><td width='25%'></td>
2682 <td class='base'> $Lang ::tr{'proxy'} $Lang ::tr{'host'}:</td>
2683 <td><input type='TEXT' name='PROXY_HOST' value=' $cgiparams {'PROXY_HOST'}' size='30' disabled='disabled'/></td>
2684 <td class='base'> $Lang ::tr{'proxy port'}:</td>
2685 <td><input type='TEXT' name='PROXY_PORT' value=' $cgiparams {'PROXY_PORT'}' size='10' disabled='disabled'/></td>
2688 <td class='base'> $Lang ::tr{'username'}</td>
2689 <td><input type='TEXT' name='PROXY_USERNAME' value=' $cgiparams {'PROXY_USERNAME'}' size='30' disabled='disabled' /></td>
2690 <td class='base'> $Lang ::tr{'password'}</td>
2691 <td><input type='TEXT' name='PROXY_PASS' value=' $cgiparams {'PROXY_PASS'}' size='10' disabled='disabled'/></td>
2694 <td class='base'> $Lang ::tr{'authentication'} $Lang ::tr{'method'}</td>
2696 <select name='PROXY_AUTH_METHOD' disabled='disabled'>
2697 <option value='none' $selected {'PROXY_AUTH_METHOD'}{'none'}>none</option>
2698 <option value='basic' $selected {'PROXY_AUTH_METHOD'}{'basic'}>basic</option>
2699 <option value='ntlm' $selected {'PROXY_AUTH_METHOD'}{'ntlm'}>ntlm</option>
2704 <td class='base'>http-proxy-retry</td>
2705 <td><input type='checkbox' name='PROXY_RETRY' $checked {'PROXY_RETRY'}{'on'} disabled='disabled' /></td>
2706 <td class='base'>http-proxy-timeout</td>
2707 <td><input type='TEXT' name='PROXY_TIMEOUT' value=' $cgiparams {'PROXY_TIMEOUT'}' size='10' disabled='disabled'/></td>
2709 <td class='base'>http-proxy-option VERSION</td>
2710 <td><input type='TEXT' name='PROXY_OPT_VERSION' value=' $cgiparams {'PROXY_OPT_VERSION'}' size='30' disabled='disabled'/></td>
2711 <td class='base'>http-proxy-option AGENT</td>
2712 <td><input type='TEXT' name='PROXY_OPT_AGENT' value=' $cgiparams {'PROXY_OPT_AGENT'}' size='10' disabled='disabled'/></td>
2716 <table width='100%'>
2718 <td class'base'><b> $Lang ::tr{'log-options'}</b></td>
2721 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
2723 <tr><td class='base'>VERB</td>
2724 <td><select name='LOG_VERB'><option value='1' $selected {'LOG_VERB'}{'1'}>1</option>
2725 <option value='2' $selected {'LOG_VERB'}{'2'}>2</option>
2726 <option value='3' $selected {'LOG_VERB'}{'3'}>3</option>
2727 <option value='4' $selected {'LOG_VERB'}{'4'}>4</option>
2728 <option value='5' $selected {'LOG_VERB'}{'5'}>5</option>
2729 <option value='6' $selected {'LOG_VERB'}{'6'}>6</option>
2730 <option value='7' $selected {'LOG_VERB'}{'7'}>7</option>
2731 <option value='8' $selected {'LOG_VERB'}{'8'}>8</option>
2732 <option value='9' $selected {'LOG_VERB'}{'9'}>9</option>
2733 <option value='10' $selected {'LOG_VERB'}{'10'}>10</option>
2734 <option value='11' $selected {'LOG_VERB'}{'11'}>11</option>
2735 <option value='0' $selected {'LOG_VERB'}{'0'}>0</option></select></td>
2741 & Header
:: closebox
();
2742 print "<div align='center'><input type='submit' name='ACTION' value=' $Lang ::tr{'save'}' />" ;
2743 print "<input type='submit' name='ACTION' value=' $Lang ::tr{'cancel'}' /></div></form>" ;
2744 & Header
:: closebigbox
();
2745 & Header
:: closepage
();
2751 ### Default status page
2756 & General
:: readhash
( "${General::swroot}/ovpn/settings" , \
%cgiparams );
2757 & General
:: readhasharray
( "${General::swroot}/ovpn/caconfig" , \
%cahash );
2758 & General
:: readhasharray
( "${General::swroot}/ovpn/ovpnconfig" , \
%confighash );
2759 my @status = `/bin/cat /var/log/ovpnserver.log` ;
2760 if ( $cgiparams { 'VPN_IP' } eq '' && - e
"${General::swroot}/red/active" ) {
2761 if ( open ( IPADDR
, "${General::swroot}/red/local-ipaddress" )) {
2762 my $ipaddr = < IPADDR
>;
2765 $cgiparams { 'VPN_IP' } = ( gethostbyaddr ( pack ( "C4" , split ( /\./ , $ipaddr )), 2 ))[ 0 ];
2766 if ( $cgiparams { 'VPN_IP' } eq '' ) {
2767 $cgiparams { 'VPN_IP' } = $ipaddr ;
2772 if ( $cgiparams { 'DCIPHER' } eq '' ) {
2773 $cgiparams { 'DCIPHER' } = 'BF-CBC' ;
2775 # if ($cgiparams{'DCOMPLZO'} eq '') {
2776 # $cgiparams{'DCOMPLZO'} = 'on';
2778 if ( $cgiparams { 'DDEST_PORT' } eq '' ) {
2779 $cgiparams { 'DDEST_PORT' } = '1194' ;
2781 if ( $cgiparams { 'DMTU' } eq '' ) {
2782 $cgiparams { 'DMTU' } = '1400' ;
2784 if ( $cgiparams { 'DOVPN_SUBNET' } eq '' ) {
2785 $cgiparams { 'DOVPN_SUBNET' } = '10.' . int ( rand ( 256 )) . '.' . int ( rand ( 256 )) . '.0/255.255.255.0' ;
2787 $checked { 'ENABLED' }{ 'off' } = '' ;
2788 $checked { 'ENABLED' }{ 'on' } = '' ;
2789 $checked { 'ENABLED' }{ $cgiparams { 'ENABLED' }} = 'CHECKED' ;
2790 $checked { 'ENABLED_BLUE' }{ 'off' } = '' ;
2791 $checked { 'ENABLED_BLUE' }{ 'on' } = '' ;
2792 $checked { 'ENABLED_BLUE' }{ $cgiparams { 'ENABLED_BLUE' }} = 'CHECKED' ;
2793 $checked { 'ENABLED_ORANGE' }{ 'off' } = '' ;
2794 $checked { 'ENABLED_ORANGE' }{ 'on' } = '' ;
2795 $checked { 'ENABLED_ORANGE' }{ $cgiparams { 'ENABLED_ORANGE' }} = 'CHECKED' ;
2797 $selected { 'DDEVICE' }{ 'tun' } = '' ;
2798 $selected { 'DDEVICE' }{ 'tap' } = '' ;
2799 $selected { 'DDEVICE' }{ $cgiparams { 'DDEVICE' }} = 'SELECTED' ;
2800 $selected { 'DPROTOCOL' }{ 'udp' } = '' ;
2801 $selected { 'DPROTOCOL' }{ 'tcp' } = '' ;
2802 $selected { 'DPROTOCOL' }{ $cgiparams { 'DPROTOCOL' }} = 'SELECTED' ;
2803 $selected { 'DCIPHER' }{ 'DES-CBC' } = '' ;
2804 $selected { 'DCIPHER' }{ 'DES-EDE-CBC' } = '' ;
2805 $selected { 'DCIPHER' }{ 'DES-EDE3-CBC' } = '' ;
2806 $selected { 'DCIPHER' }{ 'DESX-CBC' } = '' ;
2807 $selected { 'DCIPHER' }{ 'RC2-CBC' } = '' ;
2808 $selected { 'DCIPHER' }{ 'RC2-40-CBC' } = '' ;
2809 $selected { 'DCIPHER' }{ 'RC2-64-CBC' } = '' ;
2810 $selected { 'DCIPHER' }{ 'BF-CBC' } = '' ;
2811 $selected { 'DCIPHER' }{ 'CAST5-CBC' } = '' ;
2812 $selected { 'DCIPHER' }{ 'AES-128-CBC' } = '' ;
2813 $selected { 'DCIPHER' }{ 'AES-192-CBC' } = '' ;
2814 $selected { 'DCIPHER' }{ 'AES-256-CBC' } = '' ;
2815 $selected { 'DCIPHER' }{ $cgiparams { 'DCIPHER' }} = 'SELECTED' ;
2816 $checked { 'DCOMPLZO' }{ 'off' } = '' ;
2817 $checked { 'DCOMPLZO' }{ 'on' } = '' ;
2818 $checked { 'DCOMPLZO' }{ $cgiparams { 'DCOMPLZO' }} = 'CHECKED' ;
2821 & Header
:: showhttpheaders
();
2822 & Header
:: openpage
( $Lang :: tr
{ 'status ovpn' }, 1 , '' );
2823 & Header
:: openbigbox
( '100%' , 'LEFT' , '' , $errormessage );
2825 if ( $errormessage ) {
2826 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'error messages' });
2827 print "<class name='base'> $errormessage \n " ;
2828 print " </class> \n " ;
2829 & Header
:: closebox
();
2832 my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'> $Lang ::tr{'stopped'}</font></b></td></tr></table>" ;
2833 my $srunning = "no" ;
2834 my $activeonrun = "" ;
2835 if ( - e
"/var/run/openvpn.pid" ){
2836 $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'> $Lang ::tr{'running'}</font></b></td></tr></table>" ;
2840 $activeonrun = "disabled='disabled'" ;
2842 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'global settings' });
2843 print "<div align='center'><strong>ZERINA-0.9.7a7</strong></div>" ;
2845 <table width='100%'>
2846 <form method='post'>
2847 <td width='25%'> </td>
2848 <td width='25%'> </td>
2849 <td width='25%'> </td></tr>
2850 <tr><td class='boldbase'> $Lang ::tr{'ovpn server status'}</td>
2851 <td align='left'> $sactive </td>
2852 <tr><td class='boldbase'> $Lang ::tr{'ovpn on red'}</td>
2853 <td><input type='checkbox' name='ENABLED' $checked {'ENABLED'}{'on'} /></td>
2856 if (& Ovpnfunc
:: haveBlueNet
()) {
2857 print "<tr><td class='boldbase'> $Lang ::tr{'ovpn on blue'}</td>" ;
2858 print "<td><input type='checkbox' name='ENABLED_BLUE' $checked {'ENABLED_BLUE'}{'on'} /></td>" ;
2860 if (& Ovpnfunc
:: haveOrangeNet
()) {
2861 print "<tr><td class='boldbase'> $Lang ::tr{'ovpn on orange'}</td>" ;
2862 print "<td><input type='checkbox' name='ENABLED_ORANGE' $checked {'ENABLED_ORANGE'}{'on'} /></td>" ;
2865 <tr><td class='base' nowrap='nowrap'> $Lang ::tr{'local vpn hostname/ip'}:</td>
2866 <td><input type='text' name='VPN_IP' value=' $cgiparams {'VPN_IP'}' size='30' /></td>
2867 <td class='boldbase' nowrap='nowrap'> $Lang ::tr{'ovpn subnet'}</td>
2868 <td><input type='TEXT' name='DOVPN_SUBNET' value=' $cgiparams {'DOVPN_SUBNET'}' size='30' /></td></tr>
2869 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'ovpn device'}</td>
2870 <td><select name='DDEVICE' ><option value='tun' $selected {'DDEVICE'}{'tun'}>TUN</option>
2871 <option value='tap' $selected {'DDEVICE'}{'tap'}>TAP</option></select></td>
2872 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'protocol'}</td>
2873 <td><select name='DPROTOCOL'><option value='udp' $selected {'DPROTOCOL'}{'udp'}>UDP</option>
2874 <option value='tcp' $selected {'DPROTOCOL'}{'tcp'}>TCP</option></select></td>
2875 <td class='boldbase'> $Lang ::tr{'destination port'}:</td>
2876 <td><input type='TEXT' name='DDEST_PORT' value=' $cgiparams {'DDEST_PORT'}' size='5' /></td></tr>
2877 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'MTU'} </td>
2878 <td> <input type='TEXT' name='DMTU' VALUE=' $cgiparams {'DMTU'}'size='5' /></TD>
2879 <tr><td class='boldbase' nowrap='nowrap'> $Lang ::tr{'comp-lzo'}</td>
2880 <td><input type='checkbox' name='DCOMPLZO' $checked {'DCOMPLZO'}{'on'} /></td>
2881 <td class='boldbase' nowrap='nowrap'> $Lang ::tr{'cipher'}</td>
2882 <td><select name='DCIPHER'><option value='DES-CBC' $selected {'DCIPHER'}{'DES-CBC'}>DES-CBC</option>
2883 <option value='DES-EDE-CBC' $selected {'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC</option>
2884 <option value='DES-EDE3-CBC' $selected {'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC</option>
2885 <option value='DESX-CBC' $selected {'DCIPHER'}{'DESX-CBC'}>DESX-CBC</option>
2886 <option value='RC2-CBC' $selected {'DCIPHER'}{'RC2-CBC'}>RC2-CBC</option>
2887 <option value='RC2-40-CBC' $selected {'DCIPHER'}{'RC2-40-CBC'}>RC2-40-CBC</option>
2888 <option value='RC2-64-CBC' $selected {'DCIPHER'}{'RC2-64-CBC'}>RC2-64-CBC</option>
2889 <option value='BF-CBC' $selected {'DCIPHER'}{'BF-CBC'}>BF-CBC</option>
2890 <option value='CAST5-CBC' $selected {'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>
2891 <option value='AES-128-CBC' $selected {'DCIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>
2892 <option value='AES-192-CBC' $selected {'DCIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>
2893 <option value='AES-256-CBC' $selected {'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td>
2897 if ( $srunning eq "yes" ) {
2898 print "<tr><td align='left'><input type='submit' name='ACTION' value=' $Lang ::tr{'save'}' disabled='disabled' /></td>" ;
2899 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'advanced server'}' disabled='disabled'/></td>" ;
2900 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'stop ovpn server'}' /></td>" ;
2901 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'restart ovpn server'}' /></td></tr>" ;
2903 print "<tr><td align='left'><input type='submit' name='ACTION' value=' $Lang ::tr{'save'}' /></td>" ;
2904 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'advanced server'}' /></td>" ;
2905 if (( - e
"${General::swroot}/ovpn/ca/cacert.pem" &&
2906 - e
"${General::swroot}/ovpn/ca/dh1024.pem" &&
2907 - e
"${General::swroot}/ovpn/certs/servercert.pem" &&
2908 - e
"${General::swroot}/ovpn/certs/serverkey.pem" ) &&
2909 (( $cgiparams { 'ENABLED' } eq 'on' ) ||
2910 ( $cgiparams { 'ENABLED_BLUE' } eq 'on' ) ||
2911 ( $cgiparams { 'ENABLED_ORANGE' } eq 'on' ))){
2912 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'start ovpn server'}' /></td>" ;
2913 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'restart ovpn server'}' /></td></tr>" ;
2915 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'start ovpn server'}' disabled='disabled' /></td>" ;
2916 print "<td><input type='submit' name='ACTION' value=' $Lang ::tr{'restart ovpn server'}' disabled='disabled' /></td></tr>" ;
2919 print "</form></table>" ;
2920 & Header
:: closebox
();
2921 & Header
:: openbox
( '100%' , 'LEFT' , " $Lang ::tr{'certificate authorities'}:" );
2923 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
2925 <td width='25%' class='boldbase' align='center'><b> $Lang ::tr{'name'}</b></td>
2926 <td width='65%' class='boldbase' align='center'><b> $Lang ::tr{'subject'}</b></td>
2927 <td width='10%' class='boldbase' colspan='3' align='center'><b> $Lang ::tr{'action'}</b></td>
2931 if (- f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
2932 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem` ;
2933 $casubject =~ /Subject: (.*)[\n]/ ;
2935 $casubject =~ s
+/ Email
+, E
+;
2936 $casubject =~ s/ ST=/ S=/ ;
2938 <tr bgcolor='${Header::table2colour}'>
2939 <td class='base'> $Lang ::tr{'root certificate'}</td>
2940 <td class='base'> $casubject </td>
2941 <form method='post' name='frmrootcrta'><td width='3%' align='center'>
2942 <input type='hidden' name='ACTION' value=' $Lang ::tr{'show root certificate'}' />
2943 <input type='image' name=' $Lang ::tr{'edit'}' src='/images/info.gif' alt=' $Lang ::tr{'show root certificate'}' title=' $Lang ::tr{'show root certificate'}' width='20' height='20' border='0' />
2945 <form method='post' name='frmrootcrtb'><td width='3%' align='center'>
2946 <input type='image' name=' $Lang ::tr{'download root certificate'}' src='/images/floppy.gif' alt=' $Lang ::tr{'download root certificate'}' title=' $Lang ::tr{'download root certificate'}' border='0' />
2947 <input type='hidden' name='ACTION' value=' $Lang ::tr{'download root certificate'}' />
2949 <td width='4%'> </td></tr>
2953 # display rootcert generation buttons
2955 <tr bgcolor='${Header::table2colour}'>
2956 <td class='base'> $Lang ::tr{'root certificate'}:</td>
2957 <td class='base'> $Lang ::tr{'not present'}</td>
2958 <td colspan='3'> </td></tr>
2963 if (- f
"${General::swroot}/ovpn/certs/servercert.pem" ) {
2964 my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem` ;
2965 $hostsubject =~ /Subject: (.*)[\n]/ ;
2967 $hostsubject =~ s
+/ Email
+, E
+;
2968 $hostsubject =~ s/ ST=/ S=/ ;
2970 <tr bgcolor='${Header::table1colour}'>
2971 <td class='base'> $Lang ::tr{'host certificate'}</td>
2972 <td class='base'> $hostsubject </td>
2973 <form method='post' name='frmhostcrta'><td width='3%' align='center'>
2974 <input type='hidden' name='ACTION' value=' $Lang ::tr{'show host certificate'}' />
2975 <input type='image' name=' $Lang ::tr{'show host certificate'}' src='/images/info.gif' alt=' $Lang ::tr{'show host certificate'}' title=' $Lang ::tr{'show host certificate'}' width='20' height='20' border='0' />
2977 <form method='post' name='frmhostcrtb'><td width='3%' align='center'>
2978 <input type='image' name=' $Lang ::tr{'download host certificate'}' src='/images/floppy.gif' alt=' $Lang ::tr{'download host certificate'}' title=' $Lang ::tr{'download host certificate'}' border='0' />
2979 <input type='hidden' name='ACTION' value=' $Lang ::tr{'download host certificate'}' />
2981 <td width='4%'> </td></tr>
2987 <tr bgcolor='${Header::table1colour}'>
2988 <td width='25%' class='base'> $Lang ::tr{'host certificate'}:</td>
2989 <td class='base'> $Lang ::tr{'not present'}</td>
2990 </td><td colspan='3'> </td></tr>
2995 if (! - f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
2996 print "<tr><td colspan='5' align='center'><form method='post'>" ;
2997 print "<input type='submit' name='ACTION' value=' $Lang ::tr{'generate root/host certificates'}' />" ;
2998 print "</form></td></tr> \n " ;
3001 if ( keys %cahash > 0 ) {
3002 foreach my $key ( keys %cahash ) {
3003 if (( $key + 1 ) % 2 ) {
3004 print "<tr bgcolor='${Header::table1colour}'> \n " ;
3006 print "<tr bgcolor='${Header::table2colour}'> \n " ;
3008 print "<td class='base'> $cahash { $key }[0]</td> \n " ;
3009 print "<td class='base'> $cahash { $key }[1]</td> \n " ;
3011 <form method='post' name='cafrm${key}a'><td align='center'>
3012 <input type='image' name=' $Lang ::tr{'show ca certificate'}' src='/images/info.gif' alt=' $Lang ::tr{'show ca certificate'}' title=' $Lang ::tr{'show ca certificate'}' border='0' />
3013 <input type='hidden' name='ACTION' value=' $Lang ::tr{'show ca certificate'}' />
3014 <input type='hidden' name='KEY' value=' $key ' />
3016 <form method='post' name='cafrm${key}b'><td align='center'>
3017 <input type='image' name=' $Lang ::tr{'download ca certificate'}' src='/images/floppy.gif' alt=' $Lang ::tr{'download ca certificate'}' title=' $Lang ::tr{'download ca certificate'}' border='0' />
3018 <input type='hidden' name='ACTION' value=' $Lang ::tr{'download ca certificate'}' />
3019 <input type='hidden' name='KEY' value=' $key ' />
3021 <form method='post' name='cafrm${key}c'><td align='center'>
3022 <input type='hidden' name='ACTION' value=' $Lang ::tr{'remove ca certificate'}' />
3023 <input type='image' name=' $Lang ::tr{'remove ca certificate'}' src='/images/delete.gif' alt=' $Lang ::tr{'remove ca certificate'}' title=' $Lang ::tr{'remove ca certificate'}' width='20' height='20' border='0' />
3024 <input type='hidden' name='KEY' value=' $key ' />
3031 if ( - f
"${General::swroot}/ovpn/ca/cacert.pem" ) { # If the file contains entries, print Key to action icons
3035 <td class='boldbase'> <b> $Lang ::tr{'legend'}:</b></td>
3036 <td> <img src='/images/info.gif' alt=' $Lang ::tr{'show certificate'}' /></td>
3037 <td class='base'> $Lang ::tr{'show certificate'}</td>
3038 <td> <img src='/images/floppy.gif' alt=' $Lang ::tr{'download certificate'}' /></td>
3039 <td class='base'> $Lang ::tr{'download certificate'}</td>
3046 <form method='post' enctype='multipart/form-data'>
3047 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
3048 <tr><td class='base' nowrap='nowrap'> $Lang ::tr{'ca name'}:</td>
3049 <td nowrap='nowrap'><input type='text' name='CA_NAME' value=' $cgiparams {'CA_NAME'}' size='15' />
3050 <td nowrap='nowrap'><input type='file' name='FH' size='30' /></td>
3051 <td nowrap='nowrap'><input type='submit' name='ACTION' value=' $Lang ::tr{'upload ca certificate'}' /></td>
3052 <td nowrap='nowrap'><input type='submit' name='ACTION' value=' $Lang ::tr{'show crl'}' /></td>
3053 </tr></table></form>
3056 & Header
:: closebox
();
3057 if ( $srunning eq "yes" ) {
3058 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value=' $Lang ::tr{'reset'}' disabled='disabled' /></div></form> \n " ;
3060 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value=' $Lang ::tr{'reset'}' /></div></form> \n " ;
3062 if ( - f
"${General::swroot}/ovpn/ca/cacert.pem" ) {
3063 & Header
:: openbox
( '100%' , 'LEFT' , $Lang :: tr
{ 'Client status and controlc' });
3065 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
3067 <td width='10%' class='boldbase' align='center'><b> $Lang ::tr{'name'}</b></td>
3068 <td width='15%' class='boldbase' align='center'><b> $Lang ::tr{'type'}</b></td>
3069 <td width='18%' class='boldbase' align='center'><b> $Lang ::tr{'common name'}</b></td>
3070 <td width='17%' class='boldbase' align='center'><b> $Lang ::tr{'valid till'}</b></td>
3071 <td width='25%' class='boldbase' align='center'><b> $Lang ::tr{'remark'}</b><br /><img src='/images/null.gif' width='125' height='1' border='0' alt='L2089' /></td>
3072 <td width='10%' class='boldbase' align='center'><b> $Lang ::tr{'status'}</b></td>
3073 <td width='5%' class='boldbase' colspan='6' align='center'><b> $Lang ::tr{'action'}</b></td>
3079 foreach my $key ( keys %confighash ) {
3080 if ( $confighash { $key }[ 0 ] eq 'on' ) { $gif = 'on.gif' ; } else { $gif = 'off.gif' ; }
3082 print "<tr bgcolor='${Header::table1colour}'> \n " ;
3084 print "<tr bgcolor='${Header::table2colour}'> \n " ;
3086 print "<td align='center' nowrap='nowrap'> $confighash { $key }[1]</td>" ;
3087 if ( $confighash { $key }[ 3 ] ne 'host' ) {
3088 print "<td align='center' nowrap='nowrap'>" . $confighash { $key }[ 6 ] . "-" . $Lang :: tr
{ " $confighash { $key }[3]" } . " (" . $Lang :: tr
{ " $confighash { $key }[4]" } . ")</td>" ;
3090 print "<td align='center' nowrap='nowrap'>" . $Lang :: tr
{ " $confighash { $key }[3]" } . " (" . $Lang :: tr
{ " $confighash { $key }[4]" } . ")</td>" ;
3092 if ( $confighash { $key }[ 4 ] eq 'cert' ) {
3093 print "<td align='left' nowrap='nowrap'> $confighash { $key }[2]</td>" ;
3095 print "<td align='left'> </td>" ;
3097 if ( $confighash { $key }[ 19 ] ne 'yes' ) {
3098 my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/ $confighash { $key }[1]cert.pem` ;
3099 $cavalid =~ /Not After : (.*)[\n]/ ;
3101 print "<td align='center'> $cavalid </td>" ;
3103 print "<td> </td>" ;
3105 print "<td align='center'> $confighash { $key }[25]</td>" ;
3106 my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'> $Lang ::tr{'capsclosed'}</font></b></td></tr></table>" ;
3107 if ( $confighash { $key }[ 0 ] eq 'off' ) {
3108 $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'> $Lang ::tr{'capsclosed'}</font></b></td></tr></table>" ;
3110 if ( $confighash { $key }[ 3 ] eq 'host' ) {
3113 foreach my $line ( @status ) {
3115 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/ ) {
3116 @match = split ( m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/ , $line );
3117 if ( $match [ 1 ] ne "Common Name" ) {
3121 if ( $cn eq " $confighash { $key }[2]" ) {
3122 $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'> $Lang ::tr{'capsopen'}</font></b></td></tr></table>" ;
3127 my @tempovpnsubnet = split ( "\/" , $confighash { $key }[ 13 ]);
3128 my @ovpnip = split /\./ , $tempovpnsubnet [ 0 ];
3130 if ( $confighash { $key }[ 6 ] eq 'server' ) {
3131 $pingip = " $ovpnip [0]. $ovpnip [1]. $ovpnip [2].2" ;
3133 $pingip = " $ovpnip [0]. $ovpnip [1]. $ovpnip [2].1" ;
3135 my $p = Net
:: Ping
-> new ( "udp" , 1 );
3136 if ( $p -> ping ( $pingip )) {
3137 $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'> $Lang ::tr{'capsopen'}</font></b></td></tr></table>" ;
3142 print "<td align='center'> $active </td>" ;
3143 my $disable_clientdl = "" ;
3144 if ( $confighash { $key }[ 6 ] ne 'client' ) {
3146 <form method='post' name='frm${key}a'><td align='center'>
3147 <input type='image' name=' $Lang ::tr{'dl client arch'}' $disable_clientdl src='/images/openvpn.gif' alt=' $Lang ::tr{'dl client arch'}' title=' $Lang ::tr{'dl client arch'}' border='0' />
3148 <input type='hidden' name='ACTION' value=' $Lang ::tr{'dl client arch'}' $disable_clientdl />
3149 <input type='hidden' name='KEY' value=' $key ' $disable_clientdl />
3153 print "<td> </td>" ;
3155 if ( $confighash { $key }[ 4 ] eq 'cert' && $confighash { $key }[ 19 ] ne 'yes' ) {
3157 <form method='post' name='frm${key}b'><td align='center'>
3158 <input type='image' name=' $Lang ::tr{'show certificate'}' src='/images/info.gif' alt=' $Lang ::tr{'show certificate'}' title=' $Lang ::tr{'show certificate'}' border='0' />
3159 <input type='hidden' name='ACTION' value=' $Lang ::tr{'show certificate'}' />
3160 <input type='hidden' name='KEY' value=' $key ' />
3164 print "<td> </td>" ;
3166 if ( $confighash { $key }[ 4 ] eq 'cert' && - f
"${General::swroot}/ovpn/certs/ $confighash { $key }[1].p12" ) {
3168 <form method='post' name='frm${key}c'><td align='center'>
3169 <input type='image' name=' $Lang ::tr{'download pkcs12 file'}' src='/images/floppy.gif' alt=' $Lang ::tr{'download pkcs12 file'}' title=' $Lang ::tr{'download pkcs12 file'}' border='0' />
3170 <input type='hidden' name='ACTION' value=' $Lang ::tr{'download pkcs12 file'}' />
3171 <input type='hidden' name='KEY' value=' $key ' />
3174 ; } elsif ( $confighash { $key }[ 4 ] eq 'cert' && $confighash { $key }[ 19 ] ne 'yes' ) {
3176 <form method='post' name='frm${key}c'><td align='center'>
3177 <input type='image' name=' $Lang ::tr{'download certificate'}' src='/images/floppy.gif' alt=' $Lang ::tr{'download certificate'}' title=' $Lang ::tr{'download certificate'}' border='0' />
3178 <input type='hidden' name='ACTION' value=' $Lang ::tr{'download certificate'}' />
3179 <input type='hidden' name='KEY' value=' $key ' />
3183 print "<td> </td>" ;
3186 <form method='post' name='frm${key}d'><td align='center'>
3187 <input type='image' name=' $Lang ::tr{'toggle enable disable'}' src='/images/ $gif ' alt=' $Lang ::tr{'toggle enable disable'}' title=' $Lang ::tr{'toggle enable disable'}' border='0' />
3188 <input type='hidden' name='ACTION' value=' $Lang ::tr{'toggle enable disable'}' />
3189 <input type='hidden' name='KEY' value=' $key ' />
3191 <form method='post' name='frm${key}e'><td align='center'>
3192 <input type='hidden' name='ACTION' value=' $Lang ::tr{'edit'}' />
3193 <input type='image' name=' $Lang ::tr{'edit'}' src='/images/edit.gif' alt=' $Lang ::tr{'edit'}' title=' $Lang ::tr{'edit'}' width='20' height='20' border='0'/>
3194 <input type='hidden' name='KEY' value=' $key ' />
3196 <form method='post' name='frm${key}f'><td align='center'>
3197 <input type='hidden' name='ACTION' value=' $Lang ::tr{'remove'}' />
3198 <input type='image' name=' $Lang ::tr{'remove'}' src='/images/delete.gif' alt=' $Lang ::tr{'remove'}' title=' $Lang ::tr{'remove'}' width='20' height='20' border='0' />
3199 <input type='hidden' name='KEY' value=' $key ' />
3208 # If the config file contains entries, print Key to action icons
3213 <td class='boldbase'> <b> $Lang ::tr{'legend'}:</b></td>
3214 <td> <img src='/images/on.gif' alt=' $Lang ::tr{'click to disable'}' /></td>
3215 <td class='base'> $Lang ::tr{'click to disable'}</td>
3216 <td> <img src='/images/info.gif' alt=' $Lang ::tr{'show certificate'}' /></td>
3217 <td class='base'> $Lang ::tr{'show certificate'}</td>
3218 <td> <img src='/images/edit.gif' alt=' $Lang ::tr{'edit'}' /></td>
3219 <td class='base'> $Lang ::tr{'edit'}</td>
3220 <td> <img src='/images/delete.gif' alt=' $Lang ::tr{'remove'}' /></td>
3221 <td class='base'> $Lang ::tr{'remove'}</td>
3225 <td> <img src='/images/off.gif' alt='?OFF' /></td>
3226 <td class='base'> $Lang ::tr{'click to enable'}</td>
3227 <td> <img src='/images/floppy.gif' alt='?FLOPPY' /></td>
3228 <td class='base'> $Lang ::tr{'download certificate'}</td>
3229 <td> <img src='/images/openvpn.gif' alt='?RELOAD'/></td>
3230 <td class='base'> $Lang ::tr{'dl client arch'}</td>
3237 <table width='100%'>
3238 <form method='post'>
3239 <tr><td width='50%' ><input type='submit' name='ACTION' value=' $Lang ::tr{'add'}' /></td>
3240 <td width='50%' ><input type='submit' name='ACTION' value=' $Lang ::tr{'ovpn con stat'}' $activeonrun /></td></tr>
3245 & Header
:: closebox
();
3247 & Header
:: closepage
();