#!/usr/bin/perl
-# based on SmoothWall and IPCop CGIs
-#
-# This code is distributed under the terms of the GPL
-# Main idea from zeroconcept
-# ZERNINA-VERSION:0.9.4i
-# (c) 2007 Ufuk Altinkaynak
-#
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007 Michael Tremer & Christian Schmidt #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
use CGI;
use CGI qw/:standard/;
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
-
-
###
### Initialize variables
###
$cgiparams{'DHCP_DNS'} = '';
$cgiparams{'DHCP_WINS'} = '';
$cgiparams{'DCOMPLZO'} = 'off';
+$cgiparams{'MSSFIX'} = '';
+
&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
# prepare openvpn config file
###
sub haveOrangeNet
{
- if ($netsettings{'CONFIG_TYPE'} == 1) {return 1;}
- if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;}
- if ($netsettings{'CONFIG_TYPE'} == 5) {return 1;}
- if ($netsettings{'CONFIG_TYPE'} == 7) {return 1;}
+ if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;}
+ if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
return 0;
}
sub haveBlueNet
{
+ if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;}
if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
- if ($netsettings{'CONFIG_TYPE'} == 5) {return 1;}
- if ($netsettings{'CONFIG_TYPE'} == 6) {return 1;}
- if ($netsettings{'CONFIG_TYPE'} == 7) {return 1;}
return 0;
}
print CONF "\n";
print CONF "daemon openvpnserver\n";
print CONF "writepid /var/run/openvpn.pid\n";
- print CONF "#DAN prepare ZERINA for listening on blue and orange\n";
+ print CONF "#DAN prepare OpenVPN for listening on blue and orange\n";
print CONF ";local $sovpnsettings{'VPN_IP'}\n";
print CONF "dev $sovpnsettings{'DDEVICE'}\n";
print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n";
print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
+ print CONF "script-security 3 system\n";
+ print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n";
print CONF "tls-server\n";
print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n";
print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n";
if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
print CONF "client-to-client\n";
}
+ if ($sovpnsettings{MSSFIX} eq 'on') {
+ print CONF "mssfix\n";
+ }
+ if ($sovpnsettings{FRAGMENT} ne '') {
+ print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
+ }
if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {
print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
}
print CONF "status-version 1\n";
- print CONF "status /var/ipfire/ovpn/server.log 30\n";
+ print CONF "status /var/log/ovpnserver.log 30\n";
print CONF "cipher $sovpnsettings{DCIPHER}\n";
if ($sovpnsettings{DCOMPLZO} eq 'on') {
print CONF "comp-lzo\n";
if ($sovpnsettings{DHCP_WINS} eq '') {
print CONF "max-clients 100\n";
- }
-
+ }
if ($sovpnsettings{DHCP_WINS} ne '') {
print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n";
}
}
#
sub emptyserverlog{
- if (open(FILE, ">${General::swroot}/ovpn/server.log")) {
+ if (open(FILE, ">/var/log/ovpnserver.log")) {
flock FILE, 2;
print FILE "";
close FILE;
$vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
$vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
+ if ($cgiparams{'FRAGMENT'} eq '') {
+ delete $vpnsettings{'FRAGMENT'};
+ } else {
+ if ($cgiparams{'FRAGMENT'} !~ /^[0-9]+$/) {
+ $errormessage = "Incorrect value, please insert only numbers.";
+ goto ADV_ERROR;
+ } else {
+ $vpnsettings{'FRAGMENT'} = $cgiparams{'FRAGMENT'};
+ }
+ }
+ if ($cgiparams{'MSSFIX'} ne 'on') {
+ delete $vpnsettings{'MSSFIX'};
+ } else {
+ $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
+ }
if ($cgiparams{'DHCP_DOMAIN'} ne ''){
unless (&General::validfqdn($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
$errormessage = $Lang::tr{'invalid input for dhcp domain'};
$vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
$vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
$vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
+#wrtie enable
+
+ if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");}
+ if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_orange 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_orange 2>/dev/null");}
+ if ( $vpnsettings{'ENABLED'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable 2>/dev/null");}
#new settings for daemon
&General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
&writeserverconf();#hier ok
}
print CLIENTCONF "verb 3\r\n";
print CLIENTCONF "ns-cert-type server\r\n";
+ print CLIENTCONF "tls-remote $vpnsettings{ROOTCERT_HOSTNAME}\r\n";
+ if ($vpnsettings{MSSFIX} eq 'on') {
+ print CLIENTCONF "mssfix\r\n";
+ }
+ if ($vpnsettings{FRAGMENT} ne '') {
+ print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
+ }
close(CLIENTCONF);
$zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
my $status = $zip->writeToFileNamed($zippathname);
$checked{'REDIRECT_GW_DEF1'}{'off'} = '';
$checked{'REDIRECT_GW_DEF1'}{'on'} = '';
$checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED';
+ $selected{'ENGINES'}{$cgiparams{'ENGINES'}} = 'SELECTED';
+ $checked{'MSSFIX'}{'off'} = '';
+ $checked{'MSSFIX'}{'on'} = '';
+ $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
$selected{'LOG_VERB'}{'1'} = '';
$selected{'LOG_VERB'}{'2'} = '';
$selected{'LOG_VERB'}{'3'} = '';
$selected{'LOG_VERB'}{'11'} = '';
$selected{'LOG_VERB'}{'0'} = '';
$selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
+
+
&Header::showhttpheaders();
&Header::openpage($Lang::tr{'status ovpn'}, 1, '');
<td class'base'><b>$Lang::tr{'misc-options'}</b></td>
</tr>
<tr>
- <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
+ <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='50%'></td>
</tr>
<tr>
<td class='base'>Client-To-Client</td>
</tr>
<tr>
<td class='base'>Max-Clients</td>
- <td><input type='text' name='MAX_CLIENTS' value='$cgiparams{'MAX_CLIENTS'}' size='30' /></td>
+ <td><input type='text' name='MAX_CLIENTS' value='$cgiparams{'MAX_CLIENTS'}' size='10' /></td>
</tr>
- <td class='base'>Keppalive (ping/ping-restart)</td>
- <td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='30' /></td>
- <td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='30' /></td>
+ <tr>
+ <td class='base'>Keppalive <br />
+ (ping/ping-restart)</td>
+ <td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='10' /></td>
+ <td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='10' /></td>
+ </tr>
+ <tr>
+ <td class='base'>fragment <br></td>
+ <td><input type='TEXT' name='FRAGMENT' value='$cgiparams{'FRAGMENT'}' size='10' /></td>
+ <td>Default: <span class="base">1300</span></td>
+ </tr>
+ <tr>
+ <td class='base'>mssfix</td>
+ <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
+ <td>Default: on</td>
+ </tr>
+</table>
+
+<!--
+<hr size='1'>
+ <table width='100%'>
+ <tr>
+ <td class'base'><b>Crypto-Engines</b></td>
+ </tr>
+ <tr>
+ <td width='15%'></td> <td width='30%'> </td><td width='25%'> </td><td width='30%'></td>
</tr>
+ <tr><td class='base'>Engines:</td>
+ <td><select name='ENGINES'><option value="none" $selected{'ENGINES'}{'none'}>none</option>
+ <option value="cryptodev" $selected{'ENGINES'}{'cryptodev'}>cryptodev</option>
+ <option value="padlock" $selected{'ENGINES'}{'padlock'}>padlock</option>
+ </select>
+ </td>
</table>
+-->
<hr size='1'>
<table width='100%'>
<tr>
<td class'base'><b>$Lang::tr{'log-options'}</b></td>
</tr>
<tr>
- <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
+ <td width='15%'></td> <td width='30%'> </td><td width='25%'> </td><td width='30%'></td>
</tr>
<tr><td class='base'>VERB</td>
</tr>
END
;
- my $filename = "${General::swroot}/ovpn/server.log";
+ my $filename = "/var/log/ovpnserver.log";
open(FILE, $filename) or die 'Unable to open config file.';
my @current = <FILE>;
close(FILE);
if ($user2 >= 1){
for (my $idx = 1; $idx <= $user2; $idx++){
if ($idx % 2) {
- print "<tr bgcolor='${Header::table1colour}'>\n";
+ print "<tr bgcolor='$color{'color20'}'>\n";
} else {
- print "<tr bgcolor='${Header::table2colour}'>\n";
+ print "<tr bgcolor='$color{'color22'}'>\n";
}
print "<td align='left'>$users[$idx-1]{'CommonName'}</td>";
print "<td align='left'>$users[$idx-1]{'RealAddress'}</td>";
&General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- my @status = `/bin/cat /var/ipfire/ovpn/server.log`;
+ my @status = `/bin/cat /var/log/ovpnserver.log`;
if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
} else {
$activeonrun = "disabled='disabled'";
}
- &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'});
- print "<div align='center'><strong>ZERINA-0.9.4i</strong></div>";
+ &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'});
print <<END
<table width='100%'>
<form method='post'>
print "<td><input type='checkbox' name='ENABLED_ORANGE' $checked{'ENABLED_ORANGE'}{'on'} /></td>";
}
print <<END
- <tr><td class='base' nowrap='nowrap'>$Lang::tr{'local vpn hostname/ip'}:</td>
- <td><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' size='30' /></td>
- <td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td>
- <td><input type='TEXT' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}' size='30' /></td></tr>
+ <tr><td class='base' nowrap='nowrap' colspan='2'>$Lang::tr{'local vpn hostname/ip'}:<br /><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' size='30' /></td>
+ <td class='boldbase' nowrap='nowrap' colspan='2'>$Lang::tr{'ovpn subnet'}<br /><input type='TEXT' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}' size='30' /></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn device'}</td>
<td><select name='DDEVICE' ><option value='tun' $selected{'DDEVICE'}{'tun'}>TUN</option>
<option value='tap' $selected{'DDEVICE'}{'tap'}>TAP</option></select></td>
$casubject =~ s/ ST=/ S=/;
print <<END
- <tr bgcolor='${Header::table2colour}'>
+ <tr bgcolor='$color{'color22'}'>
<td class='base'>$Lang::tr{'root certificate'}</td>
<td class='base'>$casubject</td>
<form method='post' name='frmrootcrta'><td width='3%' align='center'>
<input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show root certificate'}' title='$Lang::tr{'show root certificate'}' width='20' height='20' border='0' />
</td></form>
<form method='post' name='frmrootcrtb'><td width='3%' align='center'>
- <input type='image' name='$Lang::tr{'download root certificate'}' src='/images/floppy.gif' alt='$Lang::tr{'download root certificate'}' title='$Lang::tr{'download root certificate'}' border='0' />
+ <input type='image' name='$Lang::tr{'download root certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download root certificate'}' title='$Lang::tr{'download root certificate'}' border='0' />
<input type='hidden' name='ACTION' value='$Lang::tr{'download root certificate'}' />
</td></form>
<td width='4%'> </td></tr>
} else {
# display rootcert generation buttons
print <<END
- <tr bgcolor='${Header::table2colour}'>
+ <tr bgcolor='$color{'color22'}'>
<td class='base'>$Lang::tr{'root certificate'}:</td>
<td class='base'>$Lang::tr{'not present'}</td>
<td colspan='3'> </td></tr>
$hostsubject =~ s/ ST=/ S=/;
print <<END
- <tr bgcolor='${Header::table1colour}'>
+ <tr bgcolor='$color{'color20'}'>
<td class='base'>$Lang::tr{'host certificate'}</td>
<td class='base'>$hostsubject</td>
<form method='post' name='frmhostcrta'><td width='3%' align='center'>
<input type='image' name='$Lang::tr{'show host certificate'}' src='/images/info.gif' alt='$Lang::tr{'show host certificate'}' title='$Lang::tr{'show host certificate'}' width='20' height='20' border='0' />
</td></form>
<form method='post' name='frmhostcrtb'><td width='3%' align='center'>
- <input type='image' name='$Lang::tr{'download host certificate'}' src='/images/floppy.gif' alt='$Lang::tr{'download host certificate'}' title='$Lang::tr{'download host certificate'}' border='0' />
+ <input type='image' name='$Lang::tr{'download host certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download host certificate'}' title='$Lang::tr{'download host certificate'}' border='0' />
<input type='hidden' name='ACTION' value='$Lang::tr{'download host certificate'}' />
</td></form>
<td width='4%'> </td></tr>
} else {
# Nothing
print <<END
- <tr bgcolor='${Header::table1colour}'>
+ <tr bgcolor='$color{'color20'}'>
<td width='25%' class='base'>$Lang::tr{'host certificate'}:</td>
<td class='base'>$Lang::tr{'not present'}</td>
</td><td colspan='3'> </td></tr>
if (keys %cahash > 0) {
foreach my $key (keys %cahash) {
if (($key + 1) % 2) {
- print "<tr bgcolor='${Header::table1colour}'>\n";
+ print "<tr bgcolor='$color{'color20'}'>\n";
} else {
- print "<tr bgcolor='${Header::table2colour}'>\n";
+ print "<tr bgcolor='$color{'color22'}'>\n";
}
print "<td class='base'>$cahash{$key}[0]</td>\n";
print "<td class='base'>$cahash{$key}[1]</td>\n";
<input type='hidden' name='KEY' value='$key' />
</td></form>
<form method='post' name='cafrm${key}b'><td align='center'>
- <input type='image' name='$Lang::tr{'download ca certificate'}' src='/images/floppy.gif' alt='$Lang::tr{'download ca certificate'}' title='$Lang::tr{'download ca certificate'}' border='0' />
+ <input type='image' name='$Lang::tr{'download ca certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download ca certificate'}' title='$Lang::tr{'download ca certificate'}' border='0' />
<input type='hidden' name='ACTION' value='$Lang::tr{'download ca certificate'}' />
<input type='hidden' name='KEY' value='$key' />
</td></form>
<td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td>
<td> <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
<td class='base'>$Lang::tr{'show certificate'}</td>
- <td> <img src='/images/floppy.gif' alt='$Lang::tr{'download certificate'}' /></td>
+ <td> <img src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' /></td>
<td class='base'>$Lang::tr{'download certificate'}</td>
</tr>
</table>
<tr><td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td>
<td nowrap='nowrap'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' />
<td nowrap='nowrap'><input type='file' name='FH' size='30' /></td>
- <td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /></td>
- <td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td>
+ <td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /><br /><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td>
</tr></table></form>
END
;
if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
if ($id % 2) {
- print "<tr bgcolor='${Header::table1colour}'>\n";
+ print "<tr bgcolor='$color{'color20'}'>\n";
} else {
- print "<tr bgcolor='${Header::table2colour}'>\n";
+ print "<tr bgcolor='$color{'color22'}'>\n";
}
print "<td align='center' nowrap='nowrap'>$confighash{$key}[1]</td>";
print "<td align='center' nowrap='nowrap'>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>";
if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") {
print <<END
<form method='post' name='frm${key}c'><td align='center'>
- <input type='image' name='$Lang::tr{'download pkcs12 file'}' src='/images/floppy.gif' alt='$Lang::tr{'download pkcs12 file'}' title='$Lang::tr{'download pkcs12 file'}' border='0' />
+ <input type='image' name='$Lang::tr{'download pkcs12 file'}' src='/images/media-floppy.png' alt='$Lang::tr{'download pkcs12 file'}' title='$Lang::tr{'download pkcs12 file'}' border='0' />
<input type='hidden' name='ACTION' value='$Lang::tr{'download pkcs12 file'}' />
<input type='hidden' name='KEY' value='$key' />
</td></form>
; } elsif ($confighash{$key}[4] eq 'cert') {
print <<END
<form method='post' name='frm${key}c'><td align='center'>
- <input type='image' name='$Lang::tr{'download certificate'}' src='/images/floppy.gif' alt='$Lang::tr{'download certificate'}' title='$Lang::tr{'download certificate'}' border='0' />
+ <input type='image' name='$Lang::tr{'download certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' title='$Lang::tr{'download certificate'}' border='0' />
<input type='hidden' name='ACTION' value='$Lang::tr{'download certificate'}' />
<input type='hidden' name='KEY' value='$key' />
</td></form>
<td> </td>
<td> <img src='/images/off.gif' alt='?OFF' /></td>
<td class='base'>$Lang::tr{'click to enable'}</td>
- <td> <img src='/images/floppy.gif' alt='?FLOPPY' /></td>
+ <td> <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
<td class='base'>$Lang::tr{'download certificate'}</td>
- <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td>
+ <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td>
<td class='base'>$Lang::tr{'dl client arch'}</td>
</tr>
</table>
;
&Header::closebox();
}
- print "$Lang::tr{'this feature has been sponsored by'} : ";
- print "<a href='http://www.stareventsgroup.com/' target='_blank'>Star Events Group Ltd</a>.\n";
- print "<a href='http://www.ibdozing.com/' target='_blank'>IBDOZING</a>.\n";
- print "<a href='http://www.xencon.net/' target='_blank'>Xen by x|encon</a>.\n";
- print "<a href='http://www.savatec.de/' target='_blank'>SAVATEC e.K.</a>.\n";
&Header::closepage();