upnp.cgi und status.cgi von Maniac eingebaut
authorms <ms@ea5c0bd1-69bd-2848-81d8-4f18e57aeed8>
Sat, 24 Mar 2007 13:30:47 +0000 (13:30 +0000)
committerms <ms@ea5c0bd1-69bd-2848-81d8-4f18e57aeed8>
Sat, 24 Mar 2007 13:30:47 +0000 (13:30 +0000)
IPSec aktualisiert

git-svn-id: http://svn.ipfire.org/svn/ipfire/trunk@453 ea5c0bd1-69bd-2848-81d8-4f18e57aeed8

14 files changed:
config/kernel/kernel.config.i586
config/kernel/kernel.config.i586.smp
doc/packages-list.txt
html/cgi-bin/status.cgi
html/cgi-bin/upnp.cgi
html/cgi-bin/vpnmain.cgi
lfs/iptables
lfs/linux
src/initscripts/init.d/firewall
src/install+setup/install/main.c
src/misc-progs/Makefile
src/misc-progs/ipsecctrl.c
src/misc-progs/sambactrl.c
src/misc-progs/upnpctrl.c [new file with mode: 0644]

index 2313c8a..b588bad 100644 (file)
@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
 # Linux kernel version: 2.6.16.42-ipfire
-# Mon Mar 19 13:34:52 2007
+# Sat Mar 24 12:58:07 2007
 #
 CONFIG_X86_32=y
 CONFIG_SEMAPHORE_SLEEPERS=y
@@ -66,7 +66,7 @@ CONFIG_MODULE_UNLOAD=y
 CONFIG_OBSOLETE_MODPARM=y
 CONFIG_MODVERSIONS=y
 # CONFIG_MODULE_SRCVERSION_ALL is not set
-# CONFIG_KMOD is not set
+CONFIG_KMOD=y
 
 #
 # Block layer
@@ -217,7 +217,7 @@ CONFIG_ACPI_FAN=m
 CONFIG_ACPI_PROCESSOR=m
 CONFIG_ACPI_THERMAL=m
 # CONFIG_ACPI_ASUS is not set
-CONFIG_ACPI_IBM=m
+# CONFIG_ACPI_IBM is not set
 # CONFIG_ACPI_TOSHIBA is not set
 # CONFIG_ACPI_CUSTOM_DSDT is not set
 CONFIG_ACPI_BLACKLIST_YEAR=0
@@ -611,10 +611,11 @@ CONFIG_KLIPS=m
 # KLIPS options
 #
 CONFIG_KLIPS_ESP=y
-# CONFIG_KLIPS_AH is not set
+CONFIG_KLIPS_AH=y
 CONFIG_KLIPS_AUTH_HMAC_MD5=y
 CONFIG_KLIPS_AUTH_HMAC_SHA1=y
-# CONFIG_KLIPS_ENC_CRYPTOAPI is not set
+CONFIG_KLIPS_ENC_CRYPTOAPI=y
+CONFIG_KLIPS_ENC_1DES=y
 CONFIG_KLIPS_ENC_3DES=y
 CONFIG_KLIPS_ENC_AES=y
 CONFIG_KLIPS_ENC_NULL=y
@@ -1731,14 +1732,18 @@ CONFIG_REISERFS_PROC_INFO=y
 CONFIG_REISERFS_FS_XATTR=y
 CONFIG_REISERFS_FS_POSIX_ACL=y
 CONFIG_REISERFS_FS_SECURITY=y
-# CONFIG_JFS_FS is not set
+CONFIG_JFS_FS=m
+CONFIG_JFS_POSIX_ACL=y
+CONFIG_JFS_SECURITY=y
+# CONFIG_JFS_DEBUG is not set
+CONFIG_JFS_STATISTICS=y
 CONFIG_FS_POSIX_ACL=y
 CONFIG_XFS_FS=m
 CONFIG_XFS_EXPORT=y
 CONFIG_XFS_QUOTA=y
 CONFIG_XFS_SECURITY=y
 CONFIG_XFS_POSIX_ACL=y
-CONFIG_XFS_RT=y
+# CONFIG_XFS_RT is not set
 # CONFIG_OCFS2_FS is not set
 CONFIG_MINIX_FS=y
 # CONFIG_ROMFS_FS is not set
@@ -1748,7 +1753,7 @@ CONFIG_QUOTACTL=y
 CONFIG_DNOTIFY=y
 # CONFIG_AUTOFS_FS is not set
 # CONFIG_AUTOFS4_FS is not set
-CONFIG_FUSE_FS=m
+# CONFIG_FUSE_FS is not set
 
 #
 # CD-ROM/DVD Filesystems
@@ -1843,7 +1848,7 @@ CONFIG_NLS_DEFAULT="cp437"
 # CONFIG_NLS_CODEPAGE_437 is not set
 # CONFIG_NLS_CODEPAGE_737 is not set
 # CONFIG_NLS_CODEPAGE_775 is not set
-# CONFIG_NLS_CODEPAGE_850 is not set
+CONFIG_NLS_CODEPAGE_850=y
 # CONFIG_NLS_CODEPAGE_852 is not set
 # CONFIG_NLS_CODEPAGE_855 is not set
 # CONFIG_NLS_CODEPAGE_857 is not set
@@ -1864,7 +1869,7 @@ CONFIG_NLS_DEFAULT="cp437"
 # CONFIG_NLS_CODEPAGE_1250 is not set
 # CONFIG_NLS_CODEPAGE_1251 is not set
 # CONFIG_NLS_ASCII is not set
-# CONFIG_NLS_ISO8859_1 is not set
+CONFIG_NLS_ISO8859_1=y
 # CONFIG_NLS_ISO8859_2 is not set
 # CONFIG_NLS_ISO8859_3 is not set
 # CONFIG_NLS_ISO8859_4 is not set
@@ -1877,7 +1882,7 @@ CONFIG_NLS_DEFAULT="cp437"
 # CONFIG_NLS_ISO8859_15 is not set
 # CONFIG_NLS_KOI8_R is not set
 # CONFIG_NLS_KOI8_U is not set
-# CONFIG_NLS_UTF8 is not set
+CONFIG_NLS_UTF8=y
 
 #
 # Instrumentation Support
index f520f00..d6dbceb 100644 (file)
@@ -1,7 +1,7 @@
 #
 # Automatically generated make config: don't edit
 # Linux kernel version: 2.6.16.42-ipfire
-# Fri Mar 16 12:03:27 2007
+# Sat Mar 24 12:58:22 2007
 #
 CONFIG_X86_32=y
 CONFIG_SEMAPHORE_SLEEPERS=y
@@ -67,7 +67,7 @@ CONFIG_MODULE_UNLOAD=y
 CONFIG_OBSOLETE_MODPARM=y
 CONFIG_MODVERSIONS=y
 # CONFIG_MODULE_SRCVERSION_ALL is not set
-# CONFIG_KMOD is not set
+CONFIG_KMOD=y
 CONFIG_STOP_MACHINE=y
 
 #
@@ -222,7 +222,7 @@ CONFIG_ACPI_FAN=m
 CONFIG_ACPI_PROCESSOR=m
 CONFIG_ACPI_THERMAL=m
 # CONFIG_ACPI_ASUS is not set
-CONFIG_ACPI_IBM=m
+# CONFIG_ACPI_IBM is not set
 # CONFIG_ACPI_TOSHIBA is not set
 # CONFIG_ACPI_CUSTOM_DSDT is not set
 CONFIG_ACPI_BLACKLIST_YEAR=0
@@ -617,10 +617,11 @@ CONFIG_KLIPS=m
 # KLIPS options
 #
 CONFIG_KLIPS_ESP=y
-# CONFIG_KLIPS_AH is not set
+CONFIG_KLIPS_AH=y
 CONFIG_KLIPS_AUTH_HMAC_MD5=y
 CONFIG_KLIPS_AUTH_HMAC_SHA1=y
-# CONFIG_KLIPS_ENC_CRYPTOAPI is not set
+CONFIG_KLIPS_ENC_CRYPTOAPI=y
+CONFIG_KLIPS_ENC_1DES=y
 CONFIG_KLIPS_ENC_3DES=y
 CONFIG_KLIPS_ENC_AES=y
 CONFIG_KLIPS_ENC_NULL=y
@@ -1734,14 +1735,18 @@ CONFIG_REISERFS_PROC_INFO=y
 CONFIG_REISERFS_FS_XATTR=y
 CONFIG_REISERFS_FS_POSIX_ACL=y
 CONFIG_REISERFS_FS_SECURITY=y
-# CONFIG_JFS_FS is not set
+CONFIG_JFS_FS=m
+CONFIG_JFS_POSIX_ACL=y
+CONFIG_JFS_SECURITY=y
+# CONFIG_JFS_DEBUG is not set
+CONFIG_JFS_STATISTICS=y
 CONFIG_FS_POSIX_ACL=y
 CONFIG_XFS_FS=m
 CONFIG_XFS_EXPORT=y
 CONFIG_XFS_QUOTA=y
 CONFIG_XFS_SECURITY=y
 CONFIG_XFS_POSIX_ACL=y
-CONFIG_XFS_RT=y
+# CONFIG_XFS_RT is not set
 # CONFIG_OCFS2_FS is not set
 CONFIG_MINIX_FS=y
 # CONFIG_ROMFS_FS is not set
@@ -1751,7 +1756,7 @@ CONFIG_QUOTACTL=y
 CONFIG_DNOTIFY=y
 # CONFIG_AUTOFS_FS is not set
 # CONFIG_AUTOFS4_FS is not set
-CONFIG_FUSE_FS=m
+# CONFIG_FUSE_FS is not set
 
 #
 # CD-ROM/DVD Filesystems
@@ -1846,7 +1851,7 @@ CONFIG_NLS_DEFAULT="cp437"
 # CONFIG_NLS_CODEPAGE_437 is not set
 # CONFIG_NLS_CODEPAGE_737 is not set
 # CONFIG_NLS_CODEPAGE_775 is not set
-# CONFIG_NLS_CODEPAGE_850 is not set
+CONFIG_NLS_CODEPAGE_850=y
 # CONFIG_NLS_CODEPAGE_852 is not set
 # CONFIG_NLS_CODEPAGE_855 is not set
 # CONFIG_NLS_CODEPAGE_857 is not set
@@ -1867,7 +1872,7 @@ CONFIG_NLS_DEFAULT="cp437"
 # CONFIG_NLS_CODEPAGE_1250 is not set
 # CONFIG_NLS_CODEPAGE_1251 is not set
 # CONFIG_NLS_ASCII is not set
-# CONFIG_NLS_ISO8859_1 is not set
+CONFIG_NLS_ISO8859_1=y
 # CONFIG_NLS_ISO8859_2 is not set
 # CONFIG_NLS_ISO8859_3 is not set
 # CONFIG_NLS_ISO8859_4 is not set
@@ -1880,7 +1885,7 @@ CONFIG_NLS_DEFAULT="cp437"
 # CONFIG_NLS_ISO8859_15 is not set
 # CONFIG_NLS_KOI8_R is not set
 # CONFIG_NLS_KOI8_U is not set
-# CONFIG_NLS_UTF8 is not set
+CONFIG_NLS_UTF8=y
 
 #
 # Instrumentation Support
index 11a128c..4ef3fc0 100644 (file)
 * ipp2p-0.8.2
 * ipp2p-0.8.2-iptables
 * iproute2-2.6.16-060323
+* iptables-1.3.5
 * iptables-1.3.7
 * iptraf-3.0.0
 * iptstate-2.1
index 51cdc5f..a0acdda 100644 (file)
@@ -6,14 +6,13 @@
 #
 # (c) The SmoothWall Team
 #
-# $Id: status.cgi,v 1.6.2.7 2005/02/24 07:44:35 gespinasse Exp $
 #
 
 use strict;
 
 # enable only the following on debugging purpose
-#use warnings;
-#use CGI::Carp 'fatalsToBrowser';
+use warnings;
+use CGI::Carp 'fatalsToBrowser';
 
 require '/var/ipfire/general-functions.pl';
 require "${General::swroot}/lang.pl";
@@ -31,35 +30,45 @@ my %cgiparams=();
 # is also the name of the program
 my %servicenames =
 (
-       $Lang::tr{'dhcp server'} => 'dhcpd',
-       $Lang::tr{'web server'} => 'httpd',
-       $Lang::tr{'cron server'} => 'fcron',
-       $Lang::tr{'dns proxy server'} => 'dnsmasq',
-       $Lang::tr{'logging server'} => 'syslogd',
-       $Lang::tr{'kernel logging server'} => 'klogd',
-       $Lang::tr{'ntp server'} => 'ntpd',
-       $Lang::tr{'secure shell server'} => 'sshd',
-       $Lang::tr{'vpn'} => 'pluto',
-       $Lang::tr{'web proxy'} => 'squid',
-       'OpenVPN' => 'openvpn'
+        $Lang::tr{'dhcp server'} => 'dhcpd',
+        $Lang::tr{'web server'} => 'httpd',
+        $Lang::tr{'cron server'} => 'fcron',
+        $Lang::tr{'dns proxy server'} => 'dnsmasq',
+        $Lang::tr{'logging server'} => 'syslogd',
+        $Lang::tr{'kernel logging server'} => 'klogd',
+        $Lang::tr{'ntp server'} => 'ntpd',
+        $Lang::tr{'secure shell server'} => 'sshd',
+        $Lang::tr{'vpn'} => 'pluto',
+        $Lang::tr{'web proxy'} => 'squid',
+        'OpenVPN' => 'openvpn'
 );
 
 my $iface = '';
 if (open(FILE, "${General::swroot}/red/iface"))
 {
-       $iface = <FILE>;
-       close FILE;
-       chomp $iface;
+        $iface = <FILE>;
+        close FILE;
+        chomp $iface;
 }
 $servicenames{"$Lang::tr{'intrusion detection system'} (RED)"}   = "snort_${iface}";
 $servicenames{"$Lang::tr{'intrusion detection system'} (GREEN)"} = "snort_$netsettings{'GREEN_DEV'}";
 if ($netsettings{'ORANGE_DEV'} ne '') {
-       $servicenames{"$Lang::tr{'intrusion detection system'} (ORANGE)"} = "snort_$netsettings{'ORANGE_DEV'}";
+        $servicenames{"$Lang::tr{'intrusion detection system'} (ORANGE)"} = "snort_$netsettings{'ORANGE_DEV'}";
 }
 if ($netsettings{'BLUE_DEV'} ne '') {
-       $servicenames{"$Lang::tr{'intrusion detection system'} (BLUE)"} = "snort_$netsettings{'BLUE_DEV'}";
+        $servicenames{"$Lang::tr{'intrusion detection system'} (BLUE)"} = "snort_$netsettings{'BLUE_DEV'}";
 }
 
+my %dhcpsettings=();
+my %netsettings=();
+my %dhcpinfo=();
+my %pppsettings=();
+my $output='';
+
+&General::readhash("${General::swroot}/dhcp/settings", \%dhcpsettings);
+&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
+&General::readhash("${General::swroot}/ppp/settings", \%pppsettings);
+
 &Header::showhttpheaders();
 
 &Header::getcgihash(\%cgiparams);
@@ -80,16 +89,16 @@ my $lines = 0;
 my $key = '';
 foreach $key (sort keys %servicenames)
 {
-       if ($lines % 2) {
-               print "<tr bgcolor='${Header::table1colour}'>\n"; }
-       else {
-               print "<tr bgcolor='${Header::table2colour}'>\n"; }
-       print "<td align='left'>$key</td>\n";
-       my $shortname = $servicenames{$key};
-       my $status = &isrunning($shortname);
-       print "$status\n";
-       print "</tr>\n";
-       $lines++;
+        if ($lines % 2) {
+                print "<tr bgcolor='${Header::table1colour}'>\n"; }
+        else {
+                print "<tr bgcolor='${Header::table2colour}'>\n"; }
+        print "<td align='left'>$key</td>\n";
+        my $shortname = $servicenames{$key};
+        my $status = &isrunning($shortname);
+        print "$status\n";
+        print "</tr>\n";
+        $lines++;
 }
 
 
@@ -97,7 +106,7 @@ print "</table></div>\n";
 
 &Header::closebox();
 
-&Header::openbox('100%', 'left', $Lang::tr{'memory'});
+&Header::openbox('100%', 'center', $Lang::tr{'memory'});
 print "<table><tr><td><table>";
 my $ram=0;
 my $size=0;
@@ -110,8 +119,8 @@ my $cached=0;
 open(FREE,'/usr/bin/free |');
 while(<FREE>)
 {
-       if ($_ =~ m/^\s+total\s+used\s+free\s+shared\s+buffers\s+cached$/ )
-       {
+        if ($_ =~ m/^\s+total\s+used\s+free\s+shared\s+buffers\s+cached$/ )
+        {
     print <<END
 <tr>
 <td>&nbsp;</td>
@@ -179,14 +188,14 @@ END
 ;
 &Header::closebox();
 
-&Header::openbox('100%', 'left', $Lang::tr{'disk usage'});
-print "<table>\n";
+&Header::openbox('100%', 'center', $Lang::tr{'disk usage'});
+print "<table width=66%>\n";
 open(DF,'/bin/df -B M -x rootfs|');
 while(<DF>)
 {
-       if ($_ =~ m/^Filesystem/ )
-       {
-               print <<END
+        if ($_ =~ m/^Filesystem/ )
+        {
+                print <<END
 <tr>
 <td align='left' class='boldbase'><b>$Lang::tr{'device'}</b></td>
 <td align='left' class='boldbase'><b>$Lang::tr{'mounted on'}</b></td>
@@ -197,11 +206,11 @@ while(<DF>)
 </tr>
 END
 ;
-       }
-       else
-       {
-               my ($device,$size,$used,$free,$percent,$mount) = split;
-               print <<END
+        }
+        else
+        {
+                my ($device,$size,$used,$free,$percent,$mount) = split;
+                print <<END
 <tr>
 <td>$device</td>
 <td>$mount</td>
@@ -211,35 +220,217 @@ END
 <td>
 END
 ;
-               &percentbar($percent);
-               print <<END
+                &percentbar($percent);
+                print <<END
 </td>
 <td align='right'>$percent</td>
 </tr>
 END
 ;
-       }
+        }
+}
+close DF;
+print "<tr><td colspan='6'>&nbsp;\n<tr><td colspan='6'><h2>Inodes</h2>\n";
+
+open(DF,'/bin/df -i -x rootfs|');
+while(<DF>)
+{
+   if ($_ =~ m/^Filesystem/ )
+   {
+      print <<END
+<tr>
+<td align='left' class='boldbase'><b>$Lang::tr{'device'}</b></td>
+<td align='left' class='boldbase'><b>$Lang::tr{'mounted on'}</b></td>
+<td align='center' class='boldbase'><b>$Lang::tr{'size'}</b></td>
+<td align='center' class='boldbase'><b>$Lang::tr{'used'}</b></td>
+<td align='center' class='boldbase'><b>$Lang::tr{'free'}</b></td>
+<td align='left' class='boldbase' colspan='2'><b>$Lang::tr{'percentage'}</b></td>
+</tr>
+END
+;
+   }
+   else
+   {
+      my ($device,$size,$used,$free,$percent,$mount) = split;
+      print <<END
+<tr>
+<td>$device</td>
+<td>$mount</td>
+<td align='right'>$size</td>
+<td align='right'>$used</td>
+<td align='right'>$free</td>
+<td>
+END
+;
+      &percentbar($percent);
+      print <<END
+</td>
+<td align='right'>$percent</td>
+</tr>
+END
+;
+   }
 }
 close DF;
 print "</table>\n";
 &Header::closebox();
 
-&Header::openbox('100%', 'left', $Lang::tr{'uptime and users'});
-my $output = `/usr/bin/who`;
+&Header::openbox('100%', 'left', $Lang::tr{'interfaces'});
+$output = `/sbin/ifconfig`;
+$output = &Header::cleanhtml($output,"y");
+
+my @itfs = ('ORANGE','BLUE','GREEN');
+foreach my $itf (@itfs) {
+    my $ColorName='';
+    my $lc_itf=lc($itf);
+    my $dev = $netsettings{"${itf}_DEV"};
+    if ($dev){
+       $ColorName = "${lc_itf}"; #dereference variable name...
+       $output =~ s/$dev/<b><font color="$ColorName">$dev<\/font><\/b>/ ;
+    }
+}
+
+if (open(REDIFACE, "${General::swroot}/red/iface")) {
+    my $lc_itf='red';
+    my $reddev = <REDIFACE>;
+    close(REDIFACE);
+    chomp $reddev;
+    $output =~ s/$reddev/<b><font color='red'>${reddev}<\/font><\/b>/;
+}
+print "<pre>$output</pre>\n";
+&Header::closebox();
+
+
+if ( $netsettings{'CONFIG_TYPE'} =~ /^(2|3|6|7)$/  && $netsettings{'RED_TYPE'} eq "DHCP") {
+
+       print "<a name='reddhcp'/>\n";
+       &Header::openbox('100%', 'left', "RED $Lang::tr{'dhcp configuration'}");
+       if (-s "${General::swroot}/dhcpc/dhcpcd-$netsettings{'RED_DEV'}.info") {
+
+               &General::readhash("${General::swroot}/dhcpc/dhcpcd-$netsettings{'RED_DEV'}.info", \%dhcpinfo);
+
+               my $DNS1=`echo $dhcpinfo{'DNS'} | cut -f 1 -d ,`;
+               my $DNS2=`echo $dhcpinfo{'DNS'} | cut -f 2 -d ,`;
+
+               my $lsetme=0;
+               my $leasetime="";
+               if ($dhcpinfo{'LEASETIME'} ne "") {
+                       $lsetme=$dhcpinfo{'LEASETIME'};
+                       $lsetme=($lsetme/60);
+                       if ($lsetme > 59) {
+                               $lsetme=($lsetme/60); $leasetime=$lsetme." Hour";
+                       } else {
+                       $leasetime=$lsetme." Minute"; 
+                       }
+                       if ($lsetme > 1) {
+                               $leasetime=$leasetime."s";
+                       }
+               }
+               my $rentme=0;
+               my $rnwltime="";
+               if ($dhcpinfo{'RENEWALTIME'} ne "") {
+                       $rentme=$dhcpinfo{'RENEWALTIME'};
+                       $rentme=($rentme/60);
+                       if ($rentme > 59){
+                               $rentme=($rentme/60); $rnwltime=$rentme." Hour";
+                       } else {
+                               $rnwltime=$rentme." Minute";
+                       }
+                       if ($rentme > 1){
+                               $rnwltime=$rnwltime."s";
+                       }
+               }
+               my $maxtme=0;
+               my $maxtime="";
+               if ($dhcpinfo{'REBINDTIME'} ne "") {
+                       $maxtme=$dhcpinfo{'REBINDTIME'};
+                       $maxtme=($maxtme/60);
+                       if ($maxtme > 59){
+                               $maxtme=($maxtme/60); $maxtime=$maxtme." Hour";
+                       } else {
+                               $maxtime=$maxtme." Minute";
+                       }
+                       if ($maxtme > 1) {
+                               $maxtime=$maxtime."s";
+                       }
+               }
+
+               print "<table width='100%'>";
+               if ($dhcpinfo{'HOSTNAME'}) {
+                       print "<tr><td width='30%'>$Lang::tr{'hostname'}</td><td>$dhcpinfo{'HOSTNAME'}.$dhcpinfo{'DOMAIN'}</td></tr>\n";
+               } else {
+                       print "<tr><td width='30%'>$Lang::tr{'domain'}</td><td>$dhcpinfo{'DOMAIN'}</td></tr>\n";
+               }
+               print <<END
+       <tr><td>$Lang::tr{'gateway'}</td><td>$dhcpinfo{'GATEWAY'}</td></tr>
+       <tr><td>$Lang::tr{'primary dns'}</td><td>$DNS1</td></tr>
+       <tr><td>$Lang::tr{'secondary dns'}</td><td>$DNS2</td></tr>
+       <tr><td>$Lang::tr{'dhcp server'}</td><td>$dhcpinfo{'DHCPSIADDR'}</td></tr>
+       <tr><td>$Lang::tr{'def lease time'}</td><td>$leasetime</td></tr>
+       <tr><td>$Lang::tr{'default renewal time'}</td><td>$rnwltime</td></tr>
+       <tr><td>$Lang::tr{'max renewal time'}</td><td>$maxtime</td></tr>
+    </table>
+END
+    ;
+       }
+       else
+       {
+               print "$Lang::tr{'no dhcp lease'}";
+       }
+       &Header::closebox();
+}
+
+if ($dhcpsettings{'ENABLE_GREEN'} eq 'on' || $dhcpsettings{'ENABLE_BLUE'} eq 'on') {
+
+       print "<a name='leases'/>";
+       &Header::CheckSortOrder;
+       &Header::PrintActualLeases;
+}
+
+&Header::openbox('100%', 'left', $Lang::tr{'routing table entries'});
+$output = `/sbin/route -n`;
 $output = &Header::cleanhtml($output,"y");
 print "<pre>$output</pre>\n";
 &Header::closebox();
 
-&Header::openbox('100%', 'left', $Lang::tr{'loaded modules'});
-$output = qx+/bin/lsmod+;
-($output = &Header::cleanhtml($output,"y")) =~ s/\[.*\]//g;
-print "<pre>\n$output\n</pre>\n";
+&Header::openbox('100%', 'left', $Lang::tr{'arp table entries'});
+$output = `/sbin/arp -n`;
+$output = &Header::cleanhtml($output,"y");
+print "<pre>$output</pre>\n";
 &Header::closebox();
 
-&Header::openbox('100%', 'left', $Lang::tr{'kernel version'});
-print "<pre>\n";
-print `/bin/uname -a`;
-print "</pre>\n";
+&Header::openbox('100%', 'left', $Lang::tr{'loaded modules'});
+my $module = qx(/bin/lsmod | awk -F" " '{print \$1}');
+my $size = qx(/bin/lsmod | awk -F" " '{print \$2}');
+my $used = qx(/bin/lsmod | awk -F" " '{print \$3}');
+my @usedby = qx(/bin/lsmod | awk -F" " '{print \$4}');
+my @usedbyf;
+my $usedbyline;
+
+foreach $usedbyline(@usedby)
+{
+my $laenge = length($usedbyline);
+
+if ( $laenge > 30)
+ {
+ my $usedbylinef=substr($usedbyline,0,30);
+ $usedbyline="$usedbylinef ...\n";
+ push(@usedbyf,$usedbyline);
+ }
+else
+ {push(@usedbyf,$usedbyline);}
+}
+print <<END
+<table cellspacing=25><tr>
+<td><pre>$module</pre></td>
+<td><pre>$size</pre></td>
+<td><pre>$used</pre></td>
+<td><pre>@usedbyf</pre></td>
+</tr></table>
+END
+;
+
+print "";
 &Header::closebox();
 
 &Header::closebigbox();
@@ -248,35 +439,35 @@ print "</pre>\n";
 
 sub isrunning
 {
-       my $cmd = $_[0];
-       my $status = "<td bgcolor='${Header::colourred}'><font color='white'><b>$Lang::tr{'stopped'}</b></font></td>";
-       my $pid = '';
-       my $testcmd = '';
-       my $exename;
+        my $cmd = $_[0];
+        my $status = "<td bgcolor='${Header::colourred}'><font color='white'><b>$Lang::tr{'stopped'}</b></font></td>";
+        my $pid = '';
+        my $testcmd = '';
+        my $exename;
 
-       $cmd =~ /(^[a-z]+)/;
-       $exename = $1;
+        $cmd =~ /(^[a-z]+)/;
+        $exename = $1;
 
-       if (open(FILE, "/var/run/${cmd}.pid"))
-       {
-               $pid = <FILE>; chomp $pid;
-               close FILE;
-               if (open(FILE, "/proc/${pid}/status"))
-               {
-                       while (<FILE>)
-                       {
-                               if (/^Name:\W+(.*)/) {
-                                       $testcmd = $1; }
-                       }
-                       close FILE;
-                       if ($testcmd =~ /$exename/)
-                       {
-                               $status = "<td bgcolor='${Header::colourgreen}'><font color='white'><b>$Lang::tr{'running'}</b></font></td>";
-                       }
-               }
-       }
+        if (open(FILE, "/var/run/${cmd}.pid"))
+        {
+                $pid = <FILE>; chomp $pid;
+                close FILE;
+                if (open(FILE, "/proc/${pid}/status"))
+                {
+                        while (<FILE>)
+                        {
+                                if (/^Name:\W+(.*)/) {
+                                        $testcmd = $1; }
+                        }
+                        close FILE;
+                        if ($testcmd =~ /$exename/)
+                        {
+                                $status = "<td bgcolor='${Header::colourgreen}'><font color='white'><b>$Lang::tr{'running'}</b></font></td>";
+                        }
+                }
+        }
 
-       return $status;
+        return $status;
 }
 
 sub percentbar
index 3afaee2..2b7168c 100644 (file)
@@ -26,7 +26,7 @@ my %selected= () ;
 
 my %servicenames =
 (
-       'UPnP Daemon' => 'upnpd',
+        'UPnP Daemon' => 'upnpd',
 );
 
 &Header::showhttpheaders();
@@ -42,8 +42,14 @@ $upnpsettings{'UPSTREAM'} = '16000000';
 $upnpsettings{'DESCRIPTION'} = 'gatedesc.xml';
 $upnpsettings{'XML'} = '/etc/linuxigd';
 $upnpsettings{'ENABLED'} = 'off';
-$upnpsettings{'GREEN'} = 'on';
-$upnpsettings{'BLUE'} = 'off';
+$upnpsettings{'GREENi'} = 'on';
+$upnpsettings{'BLUEi'} = 'off';
+$upnpsettings{'REDi'} = 'off';
+$upnpsettings{'ORANGEi'} = 'off';
+$upnpsettings{'GREENe'} = 'off';
+$upnpsettings{'BLUEe'} = 'off';
+$upnpsettings{'REDe'} = 'on';
+$upnpsettings{'ORANGEe'} = 'off';
 ### Values that have to be initialized
 $upnpsettings{'ACTION'} = '';
 
@@ -60,9 +66,9 @@ if ($upnpsettings{'ACTION'} eq $Lang::tr{'save'})
 {
 &General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
 
-       open (FILE, ">${General::swroot}/upnp/upnpd.conf") or die "Can't save the upnp config: $!";
-       flock (FILE, 2);
-
+       open (FILE, ">${General::swroot}/upnp/upnpd.conf") or die "Can't save the upnp config: $!";
+       flock (FILE, 2);
+       
 print FILE <<END
 
 # UPnP Config by Ipfire Project
@@ -82,90 +88,144 @@ close FILE;
 }
 elsif ($upnpsettings{'ACTION'} eq 'Start')
 {
-       $upnpsettings{'ENABLED'} = 'on';
-       &General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
-       system('/usr/local/bin/upnpctrl start');
-}
+        $upnpsettings{'ENABLED'} = 'on';
+        &General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
+        system('/usr/local/bin/upnpctrl upnpdstart $netsettings{'RED_DEV'} $netsettings{'GREEN_DEV'}');
+} 
 elsif ($upnpsettings{'ACTION'} eq 'Stop')
 {
-       $upnpsettings{'ENABLED'} = 'off';
-       &General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
-       system('/usr/local/bin/upnpctrl stop');
-}
+        $upnpsettings{'ENABLED'} = 'off';
+        &General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
+        system('/usr/local/bin/upnpctrl upnpstop');
+} 
 elsif ($upnpsettings{'ACTION'} eq $Lang::tr{'restart'})
 {
-       &General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
-       system('/usr/local/bin/upnpctrl restart');
+        &General::writehash("${General::swroot}/upnp/settings", \%upnpsettings);
+        system('/usr/local/bin/upnpctrl upnpstop');
+        system('/usr/local/bin/upnpctrl upnpstart $netsettings{'RED_DEV'} $netsettings{'GREEN_DEV'}');
 }
 
 &General::readhash("${General::swroot}/upnp/settings", \%upnpsettings);
 
 if ($errormessage) {
-       &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
-       print "<class name='base'>$errormessage\n";
-       print "&nbsp;</class>\n";
-       &Header::closebox();
+        &Header::openbox('100%', 'left', $Lang::tr{'error messages'});
+        print "<class name='base'>$errormessage\n";
+        print "&nbsp;</class>\n";
+        &Header::closebox();
 }
 
-$checked{'GREEN'}{'on'} = '';
-$checked{'GREEN'}{'off'} = '';
-$checked{'GREEN'}{"$upnpsettings{'GREEN'}"} = 'checked';
-$checked{'BLUE'}{'on'} = '';
-$checked{'BLUE'}{'off'} = '';
-$checked{'BLUE'}{"$upnpsettings{'BLUE'}"} = 'checked';
+$checked{'GREENi'}{'on'} = '';
+$checked{'GREENi'}{'off'} = '';
+$checked{'GREENi'}{"$upnpsettings{'GREENi'}"} = 'checked';
+$checked{'BLUEi'}{'on'} = '';
+$checked{'BLUEi'}{'off'} = '';
+$checked{'BLUEi'}{"$upnpsettings{'BLUEi'}"} = 'checked';
+$checked{'REDi'}{'on'} = '';
+$checked{'REDi'}{'off'} = '';
+$checked{'REDi'}{"$upnpsettings{'REDi'}"} = 'checked';
+$checked{'ORANGEi'}{'on'} = '';
+$checked{'ORANGEi'}{'off'} = '';
+$checked{'ORANGEi'}{"$upnpsettings{'ORANGEi'}"} = 'checked';
+$checked{'GREENe'}{'on'} = '';
+$checked{'GREENe'}{'off'} = '';
+$checked{'GREENe'}{"$upnpsettings{'GREENe'}"} = 'checked';
+$checked{'BLUEe'}{'on'} = '';
+$checked{'BLUEe'}{'off'} = '';
+$checked{'BLUEe'}{"$upnpsettings{'BLUEe'}"} = 'checked';
+$checked{'REDe'}{'on'} = '';
+$checked{'REDe'}{'off'} = '';
+$checked{'REDe'}{"$upnpsettings{'REDe'}"} = 'checked';
+$checked{'ORANGEe'}{'on'} = '';
+$checked{'ORANGEe'}{'off'} = '';
+$checked{'ORANGEe'}{"$upnpsettings{'ORANGEe'}"} = 'checked';
 
 ############################################################################################################################
 ############################################################################################################################
 
 &Header::openbox('100%', 'center', 'UPnP');
 print <<END
-       <form method='post' action='$ENV{'SCRIPT_NAME'}'>
-       <table width='400' cellspacing='0'>
+        <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+        <table width='95%' cellspacing='0'>
 END
 ;
-       if ( $message ne "" ) {
-               print "<tr><td colspan='3' align='center'><font color='red'>$message</font>";
-       }
-
-       my $lines = 0;
-       my $key = '';
-       foreach $key (sort keys %servicenames)
-       {
-               if ($lines % 2) {
-                       print "<tr bgcolor='${Header::table1colour}'>\n"; }
-               else {
-                       print "<tr bgcolor='${Header::table2colour}'>\n"; }
-               print "<td align='left'>$key\n";
-               my $shortname = $servicenames{$key};
-               my $status = &isrunning($shortname);
-               print "$status\n";
-               $lines++;
-       }
-       print <<END
-               <tr><td><b>Alle Dienste:</b></td><td colspan='2'>
-               <input type='submit' name='ACTION' value='Start' />
-               <input type='submit' name='ACTION' value='Stop' />
-               <input type='submit' name='ACTION' value='$Lang::tr{'restart'}' />
-       </table>
-       </form>
-       <hr />
-       <form method='post' action='$ENV{'SCRIPT_NAME'}'>
-       <table width='500'>
-       <tr><td colspan='2' align='left'><b>$Lang::tr{'options'}</b>
-       <tr><td align='left'>$Lang::tr{'interfaces'}
-            <td align='left'>&nbsp;<td><input type='checkbox' name='GREEN' $checked{'GREEN'}{'on'} /> <font size='2' color='$Header::colourgreen'><b>$Lang::tr{'green'} - $netsettings{'GREEN_DEV'}</b></font>
-END
-;
-        if (&Header::blue_used()){
+        if ( $message ne "" ) {
+                print "<tr><td colspan='3' align='center'><font color='red'>$message</font>";
+        }
+
+        my $lines = 0;
+        my $key = '';
+        foreach $key (sort keys %servicenames)
+        {
+                if ($lines % 2) {
+                        print "<tr bgcolor='${Header::table1colour}'>\n"; }
+                else {
+                        print "<tr bgcolor='${Header::table2colour}'>\n"; }
+                print "<td align='left'>$key\n";
+                my $shortname = $servicenames{$key};
+                my $status = &isrunning($shortname);
+                print "$status\n";
+                $lines++;
+        }
         print <<END
-        <tr><td align='left'>&nbsp;<td><input type='checkbox' name='BLUE' $checked{'BLUE'}{'on'} /> <font size='2' color='$Header::colourblue'><b>$Lang::tr{'wireless'} - $netsettings{'BLUE_DEV'}</b></font>
+                <tr><td><b>Alle Dienste:</b></td><td colspan='2'>
+                <input type='submit' name='ACTION' value='Start' /> 
+                <input type='submit' name='ACTION' value='Stop' /> 
+                <input type='submit' name='ACTION' value='$Lang::tr{'restart'}' />
+        </table>
 END
 ;
-                                   }
-       print <<END
-       </table>
-
+#print <<END
+#        <br></br>
+#        <hr />
+#        <br></br>
+#        
+#        <table width='95%'>
+#        <tr><td colspan='2' align='left' bgcolor='${Header::table1colour}'><b>External Interface</b></td></tr>
+#        <tr><td align='left'>&nbsp;</td><td><input type='radio' name='External' value='$netsettings{'RED_DEV'}' $checked{'REDe'}{'on'}><font size='2' color='$Header::colourred'><b>RED - $netsettings{'RED_DEV'}</b></font><br></br>
+#                                            <input type='radio' name='External' value='$netsettings{'GREEN_DEV'}' $checked{'GREENe'}{'on'}><font size='2' color='$Header::colourgreen'><b>$Lang::tr{'green'} - $netsettings{'GREEN_DEV'}</b></font><br></br>
+#END
+#;
+#         if (&Header::blue_used()){
+#         print <<END
+#                                             <input type='radio' name='External' value='$netsettings{'BLUE_DEV'}' $checked{'BLUEe'}{'on'}><font size='2' color='$Header::colourblue'><b>$Lang::tr{'wireless'} - $netsettings{'BLUE_DEV'}</b></font><br></br>
+#END
+#;
+#                                    }
+#         if (&Header::orange_used()){
+#         print <<END
+#                                             <input type='radio' name='External' value='$netsettings{'ORANGE_DEV'}' $checked{'ORANGEe'}{'on'}><font size='2' color='$Header::colourorange'><b>$Lang::tr{'dmz'} - $netsettings{'ORANGE_DEV'}</b></font><br></br>
+#END
+#;
+#                                    }
+#        print <<END
+#        </td></tr>
+#        <tr><td colspan='2' align='left'><br></br></td></tr>
+#        <tr><td colspan='2' align='left' bgcolor='${Header::table1colour}'><b>Internal Interface</b></td></tr>
+#        <tr><td align='left'>&nbsp;</td><td><input type='radio' name='Internal' value='$netsettings{'RED_DEV'}' $checked{'REDi'}{'on'}><font size='2' color='$Header::colourred'><b>RED - $netsettings{'RED_DEV'}</b></font><br></br>
+#                                            <input type='radio' name='Internal' value='$netsettings{'GREEN_DEV'}' $checked{'GREENi'}{'on'}><font size='2' color='$Header::colourgreen'><b>$Lang::tr{'green'} - $netsettings{'GREEN_DEV'}</b></font><br></br>
+#END
+#;
+#         if (&Header::blue_used()){
+#         print <<END
+#                                            <input type='radio' name='Internal' value='$netsettings{'BLUE_DEV'}' $checked{'BLUEi'}{'on'}><font size='2' color='$Header::colourblue'><b>$Lang::tr{'wireless'} - $netsettings{'BLUE_DEV'}</b></font><br></br>
+#END
+#;
+#                                    }
+#         if (&Header::orange_used()){
+#         print <<END
+#                                            <input type='radio' name='Internal' value='$netsettings{'ORANGE_DEV'}' $checked{'ORANGEi'}{'on'}><font size='2' color='$Header::colourorange'><b>$Lang::tr{'dmz'} - $netsettings{'ORANGE_DEV'}</b></font><br></br>
+#END
+#;
+#                                    }
+#        print <<END
+#        </td></tr></table>
+print <<END
+</form>
+<br></br>
+<form method='post' action='$ENV{'SCRIPT_NAME'}'>
 <table width='95%' cellspacing='0'>
+<tr><td colspan='2' align='left' bgcolor='${Header::table1colour}'><b>$Lang::tr{'options'}</b></td></tr>
+<tr><td colspan='2' align='left'><br></br></td></tr>
 <tr><td align='left'>Debug Mode:</td><td><input type='text' name='DEBUGMODE' value='$upnpsettings{'DEBUGMODE'}' size="30"></input></td></tr>
 <tr><td align='left'>Forward Rules:</td><td><input type='text' name='FORWARDRULES' value='$upnpsettings{'FORWARDRULES'}' size="30"></input></td></tr>
 <tr><td align='left'>Forward Chain:</td><td><input type='text' name='FORWARDCHAIN' value='$upnpsettings{'FORWARDCHAIN'}' size="30"></input></td></tr>
@@ -174,6 +234,7 @@ END
 <tr><td align='left'>Up Strean:</td><td><input type='text' name='UPSTREAM' value='$upnpsettings{'UPSTREAM'}' size="30"></input></td></tr>
 <tr><td align='left'>Description Document:</td><td><input type='text' name='DESCRIPTION' value='$upnpsettings{'DESCRIPTION'}' size="30"></input></td></tr>
 <tr><td align='left'>XML Document:</td><td><input type='text' name='XML' value='$upnpsettings{'XML'}' size="30"></input></td></tr>
+<tr><td colspan='2' align='left'><br></br></td></tr>
 <tr><td colspan='2' align='center'><input type='submit' name='ACTION' value=$Lang::tr{'save'} />
 </table></form>
 <br></br>
@@ -190,33 +251,33 @@ END
 
 sub isrunning
 {
-       my $cmd = $_[0];
-       my $status = "<td bgcolor='${Header::colourred}'><font color='white'><b>$Lang::tr{'stopped'}</b></font></td>";
-       my $pid = '';
-       my $testcmd = '';
-       my $exename;
-
-       $cmd =~ /(^[a-z]+)/;
-       $exename = $1;
-
-       if (open(FILE, "/var/run/${cmd}.pid"))
-       {
-               $pid = <FILE>; chomp $pid;
-               close FILE;
-               if (open(FILE, "/proc/${pid}/status"))
-               {
-                       while (<FILE>)
-                       {
-                               if (/^Name:\W+(.*)/) {
-                                       $testcmd = $1; }
-                       }
-                       close FILE;
-                       if ($testcmd =~ /$exename/)
-                       {
-                               $status = "<td bgcolor='${Header::colourgreen}'><font color='white'><b>$Lang::tr{'running'}</b></font></td>";
-                       }
-               }
-       }
-
-       return $status;
-}
+        my $cmd = $_[0];
+        my $status = "<td bgcolor='${Header::colourred}'><font color='white'><b>$Lang::tr{'stopped'}</b></font></td>";
+        my $pid = '';
+        my $testcmd = '';
+        my $exename;
+
+        $cmd =~ /(^[a-z]+)/;
+        $exename = $1;
+
+        if (open(FILE, "/var/run/${cmd}.pid"))
+        {
+                $pid = <FILE>; chomp $pid;
+                close FILE;
+                if (open(FILE, "/proc/${pid}/status"))
+                {
+                        while (<FILE>)
+                        {
+                                if (/^Name:\W+(.*)/) {
+                                        $testcmd = $1; }
+                        }
+                        close FILE;
+                        if ($testcmd =~ /$exename/)
+                        {
+                                $status = "<td bgcolor='${Header::colourgreen}'><font color='white'><b>$Lang::tr{'running'}</b></font></td>";
+                        }
+                }
+        }
+
+        return $status;
+}
\ No newline at end of file
index 794bf7e..e764041 100644 (file)
@@ -1,25 +1,4 @@
 #!/usr/bin/perl
-#
-# This file is part of the IPCop Firewall.
-#
-# IPCop is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# IPCop is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with IPCop; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA
-#
-# Copyright (C) 2003-05-25 Mark Wormgoor <mark@wormgoor.com>
-#
-# $Id: vpnmain.cgi,v 1.10.2.104 2006/11/30 12:43:10 franck78 Exp $
-#
 
 use Net::DNS;
 use File::Copy;
@@ -56,9 +35,6 @@ my $errormessage = '';
 
 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
 $cgiparams{'ENABLED'} = 'off';
-$cgiparams{'ENABLED_GREEN'} = 'off';
-$cgiparams{'ENABLED_ORANGE'} = 'off';
-$cgiparams{'ENABLED_BLUE'} = 'off';
 $cgiparams{'EDIT_ADVANCED'} = 'off';
 $cgiparams{'ACTION'} = '';
 $cgiparams{'CA_NAME'} = '';
@@ -124,10 +100,7 @@ sub valid_dns_host {
 ### Just return true is one interface is vpn enabled
 ###
 sub vpnenabled {
-    return ($vpnsettings{'ENABLED'} eq 'on' || 
-           $vpnsettings{'ENABLED_GREEN'} eq 'on' ||
-           $vpnsettings{'ENABLED_ORANGE'} eq 'on' ||
-           $vpnsettings{'ENABLED_BLUE'} eq 'on');
+    return ($vpnsettings{'ENABLED'} eq 'on');
 }
 ###
 ### old version: maintain serial number to one, without explication. 
@@ -232,9 +205,6 @@ sub makeconnname ($) {
 ###            the side is always defined as 'left'.
 ###            configihash[14]: 'VHOST' is allowed
 ###
-###Type=Net :  GUI can choose to be left or right. This serve nothing in the conf!
-###            interface is fixed to RED only. No special reason for this also.
-###
 
 sub writeipsecfiles {
     my %lconfighash = ();
@@ -249,11 +219,15 @@ sub writeipsecfiles {
     print CONF "version 2\n\n";
     print CONF "config setup\n";
     #create an ipsec Interface for each 'enabled' ones
+    #loop trought configuration and add physical interfaces to the list
     my $interfaces = "\tinterfaces=\"";
-    $interfaces .= "%defaultroute " if ($lvpnsettings{'ENABLED'} eq 'on');
-    $interfaces .= "ipsec1=$netsettings{'GREEN_DEV'} " if ($lvpnsettings{'ENABLED_GREEN'} eq 'on');
-    $interfaces .= "ipsec2=$netsettings{'BLUE_DEV'} " if ($lvpnsettings{'ENABLED_BLUE'} eq 'on');
-    $interfaces .= "ipsec3=$netsettings{'ORANGE_DEV'} " if ($lvpnsettings{'ENABLED_ORANGE'} eq 'on');
+    foreach my $key (keys %lconfighash) {
+       next if ($lconfighash{$key}[0] ne 'on');
+        $interfaces .= "%defaultroute "                    if ($interfaces !~ /defaultroute/ && $lconfighash{$key}[26] eq 'RED');
+       $interfaces .= "ipsec1=$netsettings{'GREEN_DEV'} "  if ($interfaces !~ /ipsec1/       && $lconfighash{$key}[26] eq 'GREEN');
+       $interfaces .= "ipsec2=$netsettings{'BLUE_DEV'} "   if ($interfaces !~ /ipsec2/       && $lconfighash{$key}[26] eq 'BLUE');
+       $interfaces .= "ipsec3=$netsettings{'ORANGE_DEV'} " if ($interfaces !~ /ipsec3/       && $lconfighash{$key}[26] eq 'ORANGE');
+    }
     print CONF $interfaces . "\"\n";
 
     my $plutodebug = '';                       # build debug list
@@ -266,8 +240,6 @@ sub writeipsecfiles {
     # deprecated in ipsec.conf version 2
     #print CONF "\tplutoload=%search\n";
     #print CONF "\tplutostart=%search\n";
-    print CONF "\tplutoload=%search\n";
-    print CONF "\tplutostart=%search\n";
     print CONF "\tuniqueids=yes\n";
     print CONF "\tnat_traversal=yes\n";
     print CONF "\toverridemtu=$lvpnsettings{'VPN_OVERRIDE_MTU'}\n" if ($lvpnsettings{'VPN_OVERRIDE_MTU'} ne '');
@@ -301,47 +273,39 @@ sub writeipsecfiles {
        #remote peer is not set? => use '%any'
        $lconfighash{$key}[10] = '%any' if ($lconfighash{$key}[10] eq '');
 
-       my ($L,$R);     #Local & Remote sides
-
-       print CONF "conn $lconfighash{$key}[1]\n";
-       #always choose LEFT localside for roadwarrior
-       if ($lconfighash{$key}[3] eq 'host' || $lconfighash{$key}[6] eq 'left') {
-           $L = 'left';
-           $R = 'right';
-       } else {
-           $R = 'left';
-           $L = 'right';
-       }
-       print CONF "\t${L}=";
+       my $localside;
        if ($lconfighash{$key}[26] eq 'BLUE') {
-           print CONF "$netsettings{'BLUE_ADDRESS'}\n";
-       } elsif ($lconfighash{$key}[26] eq 'ORANGE') {
-           print CONF "$netsettings{'ORANGE_ADDRESS'}\n";
+               $localside = $netsettings{'BLUE_ADDRESS'};
        } elsif ($lconfighash{$key}[26] eq 'GREEN') {
-           print CONF "$netsettings{'GREEN_ADDRESS'}\n";
-       } elsif ($lconfighash{$key}[26] eq 'RED') {
-           print CONF "$lvpnsettings{'VPN_IP'}\n";
-           print CONF "\t${L}nexthop=%defaultroute\n" if ($lvpnsettings{'VPN_IP'} ne '%defaultroute');
+               $localside = $netsettings{'GREEN_ADDRESS'};
+       } elsif ($lconfighash{$key}[26] eq 'ORANGE') {
+               $localside = $netsettings{'ORANGE_ADDRESS'};
+       } else {        # it is RED
+               $localside = $lvpnsettings{'VPN_IP'};
        }
-       print CONF "\t${L}subnet=$lconfighash{$key}[8]\n";
-       print CONF "\t${R}=$lconfighash{$key}[10]\n";
 
+       print CONF "conn $lconfighash{$key}[1] #$lconfighash{$key}[26]\n";
+       print CONF "\tleft=$localside\n";
+       print CONF "\tleftnexthop=%defaultroute\n" if ($lconfighash{$key}[26] eq 'RED' && $lvpnsettings{'VPN_IP'} ne '%defaultroute');
+       print CONF "\tleftsubnet=$lconfighash{$key}[8]\n";
+
+       print CONF "\tright=$lconfighash{$key}[10]\n";
        if ($lconfighash{$key}[3] eq 'net') {
-           print CONF "\t${R}subnet=$lconfighash{$key}[11]\n";
-           print CONF "\t${R}nexthop=%defaultroute\n";
-       } elsif ($lconfighash{$key}[10] eq '%any' && $lconfighash{$key}[14] eq 'on') { #vhost allowed?
+           print CONF "\trightsubnet=$lconfighash{$key}[11]\n";
+           print CONF "\trightnexthop=%defaultroute\n";
+       } elsif ($lconfighash{$key}[10] eq '%any' && $lconfighash{$key}[14] eq 'on') { #vhost allowed for roadwarriors?
            print CONF "\trightsubnet=vhost:%no,%priv\n";
        }
 
        # Local Cert and Remote Cert (unless auth is DN dn-auth)
        if ($lconfighash{$key}[4] eq 'cert') {
-           print CONF "\t${L}cert=${General::swroot}/certs/hostcert.pem\n";
-           print CONF "\t${R}cert=${General::swroot}/certs/$lconfighash{$key}[1]cert.pem\n" if ($lconfighash{$key}[2] ne '%auth-dn');
+           print CONF "\tleftcert=${General::swroot}/certs/hostcert.pem\n";
+           print CONF "\trightcert=${General::swroot}/certs/$lconfighash{$key}[1]cert.pem\n" if ($lconfighash{$key}[2] ne '%auth-dn');
        }
 
        # Local and Remote IDs
-       print CONF "\t${L}id=\"$lconfighash{$key}[7]\"\n" if ($lconfighash{$key}[7]);
-       print CONF "\t${R}id=\"$lconfighash{$key}[9]\"\n" if ($lconfighash{$key}[9]);
+       print CONF "\tleftid=\"$lconfighash{$key}[7]\"\n" if ($lconfighash{$key}[7]);
+       print CONF "\trightid=\"$lconfighash{$key}[9]\"\n" if ($lconfighash{$key}[9]);
 
        # Algorithms
        if ($lconfighash{$key}[18] && $lconfighash{$key}[19] && $lconfighash{$key}[20]) {
@@ -406,16 +370,6 @@ sub writeipsecfiles {
        # Build Authentication details:  LEFTid RIGHTid : PSK psk
        my $psk_line;
        if ($lconfighash{$key}[4] eq 'psk') {
-           my $localside;
-           if ($lconfighash{$key}[26] eq 'BLUE') {
-               $localside = $netsettings{'BLUE_ADDRESS'};
-           } elsif ($lconfighash{$key}[26] eq 'GREEN') {
-               $localside = $netsettings{'GREEN_ADDRESS'};
-           } elsif ($lconfighash{$key}[26] eq 'ORANGE') {
-               $localside = $netsettings{'ORANGE_ADDRESS'};
-           } else {    # it is RED
-               $localside = $lvpnsettings{'VPN_IP'};
-           }
            $psk_line = ($lconfighash{$key}[7] ? $lconfighash{$key}[7] : $localside) . " " ;
            $psk_line .= $lconfighash{$key}[9] ? $lconfighash{$key}[9] : $lconfighash{$key}[10];  #remoteid or remote address?
            $psk_line .= " : PSK '$lconfighash{$key}[5]'\n";
@@ -472,7 +426,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
     }
 
     map ($vpnsettings{$_} = $cgiparams{$_},
-       ('ENABLED','ENABLED_GREEN','ENABLED_ORANGE','ENABLED_BLUE','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
+       ('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
         'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
 
     $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
@@ -881,7 +835,7 @@ END
 
        # Create empty CRL cannot be done because we don't have
        # the private key for this CAROOT
-       # Ipcop can only import certificates
+       # IPFire can only import certificates
 
        &General::log("ipsec", "p12 import completed!");
        &cleanssldatabase();
@@ -1072,7 +1026,7 @@ END
     <table width='100%' border='0' cellspacing='1' cellpadding='0'>
     <tr><td width='40%' class='base'>$Lang::tr{'organization name'}:</td>
         <td width='60%' class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_ORGANIZATION' value='$cgiparams{'ROOTCERT_ORGANIZATION'}' size='32' /></td></tr>
-    <tr><td class='base'>$Lang::tr{'ipcops hostname'}:</td>
+    <tr><td class='base'>$Lang::tr{'IPFires hostname'}:</td>
         <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_HOSTNAME' value='$cgiparams{'ROOTCERT_HOSTNAME'}' size='32' /></td></tr>
     <tr><td class='base'>$Lang::tr{'your e-mail'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
         <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_EMAIL' value='$cgiparams{'ROOTCERT_EMAIL'}' size='32' /></td></tr>
@@ -1186,10 +1140,10 @@ END
            &writeipsecfiles();
            system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}) if (&vpnenabled);
        } else {
+           system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
            $confighash{$cgiparams{'KEY'}}[0] = 'off';
            &General::writehasharray("${General::swroot}/vpn/config", \%confighash);
            &writeipsecfiles();
-           system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}) if (&vpnenabled);
        }
        sleep $sleepDelay;
     } else {
@@ -1278,7 +1232,7 @@ END
        $cgiparams{'TYPE'}              = $confighash{$cgiparams{'KEY'}}[3];
        $cgiparams{'AUTH'}              = $confighash{$cgiparams{'KEY'}}[4];
        $cgiparams{'PSK'}               = $confighash{$cgiparams{'KEY'}}[5];
-       $cgiparams{'SIDE'}              = $confighash{$cgiparams{'KEY'}}[6];
+       #$cgiparams{'free'}             = $confighash{$cgiparams{'KEY'}}[6];
        $cgiparams{'LOCAL_ID'}          = $confighash{$cgiparams{'KEY'}}[7];
        $cgiparams{'LOCAL_SUBNET'}      = $confighash{$cgiparams{'KEY'}}[8];
        $cgiparams{'REMOTE_ID'}         = $confighash{$cgiparams{'KEY'}}[9];
@@ -1323,11 +1277,6 @@ END
            goto VPNCONF_ERROR;
        }
 
-       if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
-           $errormessage = $Lang::tr{'ipcop side is invalid'};
-           goto VPNCONF_ERROR;
-       }
-
        # Check if there is no other entry with this name
        if (! $cgiparams{'KEY'}) {  #only for add
            foreach my $key (keys %confighash) {
@@ -1394,8 +1343,8 @@ END
           ) {
            $errormessage = $Lang::tr{'invalid local-remote id'} . '<br />' .
            'DER_ASN1_DN: @c=FR/ou=Paris/ou=Home/cn=*<br />' .
-           'FQDN: @ipcop.org<br />' .
-           'USER_FQDN: franck@ipcop.org<br />' .
+           'FQDN: @ipfire.org<br />' .
+           'USER_FQDN: info@ipfire.org<br />' .
            'IPV4_ADDR: @123.123.123.123';
            goto VPNCONF_ERROR;
        }
@@ -1786,7 +1735,6 @@ END
            $confighash{$key}[4] = 'cert';
        }
        if ($cgiparams{'TYPE'} eq 'net') {
-           $confighash{$key}[6] = $cgiparams{'SIDE'};
            $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
        }
        $confighash{$key}[7] = $cgiparams{'LOCAL_ID'};
@@ -1813,6 +1761,7 @@ END
        $confighash{$key}[14] = $cgiparams{'VHOST'};
 
        #free unused fields!
+       $confighash{$key}[6] = 'off';
        $confighash{$key}[15] = 'off';
 
        &General::writehasharray("${General::swroot}/vpn/config", \%confighash);
@@ -1828,7 +1777,6 @@ END
        goto VPNCONF_END;
     } else { # add new connection
         $cgiparams{'ENABLED'} = 'on';
-       $cgiparams{'SIDE'} = 'left';
        if ( ! -f "${General::swroot}/private/cakey.pem" ) {
            $cgiparams{'AUTH'} = 'psk';
        } elsif ( ! -f "${General::swroot}/ca/cacert.pem") {
@@ -1878,24 +1826,11 @@ END
     $checked{'ENABLED'}{'off'} = '';
     $checked{'ENABLED'}{'on'} = '';
     $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = "checked='checked'";
-    $checked{'ENABLED_GREEN'}{'off'} = '';
-    $checked{'ENABLED_GREEN'}{'on'} = '';
-    $checked{'ENABLED_GREEN'}{$cgiparams{'ENABLED_GREEN'}} = "checked='checked'";
-    $checked{'ENABLED_ORANGE'}{'off'} = '';
-    $checked{'ENABLED_ORANGE'}{'on'} = '';
-    $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = "checked='checked'";
-    $checked{'ENABLED_BLUE'}{'off'} = '';
-    $checked{'ENABLED_BLUE'}{'on'} = '';
-    $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = "checked='checked'";
 
     $checked{'EDIT_ADVANCED'}{'off'} = '';
     $checked{'EDIT_ADVANCED'}{'on'} = '';
     $checked{'EDIT_ADVANCED'}{$cgiparams{'EDIT_ADVANCED'}} = "checked='checked'";
 
-    $selected{'SIDE'}{'left'} = '';
-    $selected{'SIDE'}{'right'} = '';
-    $selected{'SIDE'}{$cgiparams{'SIDE'}} = "selected='selected'";
-
     $checked{'AUTH'}{'psk'} = '';
     $checked{'AUTH'}{'certreq'} = '';
     $checked{'AUTH'}{'certgen'} = '';
@@ -1964,69 +1899,53 @@ END
        print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' size='30' /></td>";
     }
     print "<td>$Lang::tr{'enabled'}</td><td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td></tr>";
+    print '</tr><td><br /></td><tr>';
 
+    my $disabled;
+    my $blob;
     if ($cgiparams{'TYPE'} eq 'host') {
-
-       print "<tr><td>$Lang::tr{'interface'}</td>";
-       print "<td><select name='INTERFACE'>";
-       print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED</option>";
-       print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE</option>" if ($netsettings{'BLUE_DEV'} ne '');
-       print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN</option>";
-#      print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>";
-       print "</select></td></tr>";
-       print <<END
-        <tr><td class='boldbase'>$Lang::tr{'local subnet'}</td>
-           <td><input type='text' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' size='30' /></td>
-           <td colspan='2'>&nbsp;</td>
-       </tr><tr>
-           <td class='boldbase'>$Lang::tr{'remote host/ip'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+       $disabled = "disabled='disabled'";
+       $blob = "<img src='/blob.gif' alt='*' />";
+    };
+
+    print "<tr><td>$Lang::tr{'host ip'}:</td>";
+    print "<td><select name='INTERFACE'>";
+    print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED ($vpnsettings{'VPN_IP'})</option>";
+    print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN ($netsettings{'GREEN_ADDRESS'})</option>";
+    print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE ($netsettings{'BLUE_ADDRESS'})</option>" if ($netsettings{'BLUE_DEV'} ne '');
+    print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE ($netsettings{'ORANGE_ADDRESS'})</option>" if ($netsettings{'ORANGE_DEV'} ne '');
+    print "</select></td>";
+    print <<END
+           <td class='boldbase'>$Lang::tr{'remote host/ip'}:&nbsp;$blob</td>
            <td><input type='text' name='REMOTE' value='$cgiparams{'REMOTE'}' size='30' /></td>
-           <td colspan='2'>&nbsp;</td>
-       </tr>
-END
-           ;
-    } else {
-        print <<END
-       <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ipcop side'}
-               <input type='hidden' name='INTERFACE' value='RED' /></td>
-           <td><select name='SIDE'><option value='left' $selected{'SIDE'}{'left'}>left</option>
-                                   <option value='right' $selected{'SIDE'}{'right'}>right</option></select></td>
-           <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
-           <td><input type='text' name='REMOTE' value='$cgiparams{'REMOTE'}' size ='30' /></td>
        </tr><tr>
            <td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
            <td><input type='text' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' size='30' /></td>
            <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td>
-           <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' size='30' /></td>
-       </tr>
-END
-       ;
-    }
-    print <<END
-    <tr>
-       <td>$Lang::tr{'dpd action'}:</td>
-       <td><select name='DPD_ACTION'>
-           <option value='clear' $selected{'DPD_ACTION'}{'clear'}>clear</option>
-           <option value='hold' $selected{'DPD_ACTION'}{'hold'}>hold</option>
-           <option value='restart' $selected{'DPD_ACTION'}{'restart'}>restart</option>
-           </select>&nbsp; <a href='http://www.openswan.com/docs/local/README.DPD'>?</a>
-       </td>
-    </tr><tr>
+           <td><input $disabled type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' size='30' /></td>
+       </tr><tr>
+           <td class='boldbase'>$Lang::tr{'vpn local id'}:&nbsp;<img src='/blob.gif' alt='*' />
+           <br />($Lang::tr{'eg'} <tt>&#64;xy.example.com</tt>)</td>
+           <td><input type='text' name='LOCAL_ID' value='$cgiparams{'LOCAL_ID'}' /></td>
+           <td class='boldbase'>$Lang::tr{'vpn remote id'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
+           <td><input type='text' name='REMOTE_ID' value='$cgiparams{'REMOTE_ID'}' /></td>
+       </tr><tr>
+       </tr><td><br /></td><tr>
+           <td>$Lang::tr{'dpd action'}:</td>
+           <td><select name='DPD_ACTION'>
+               <option value='clear' $selected{'DPD_ACTION'}{'clear'}>clear</option>
+               <option value='hold' $selected{'DPD_ACTION'}{'hold'}>hold</option>
+               <option value='restart' $selected{'DPD_ACTION'}{'restart'}>restart</option>
+               </select>&nbsp; <a href='http://www.openswan.com/docs/local/README.DPD'>?</a>
+           </td>
+       </tr><tr>
 <!--http://www.openswan.com/docs/local/README.DPD
     http://bugs.xelerance.com/view.php?id=156
     restart = clear + reinitiate connection
 -->
-       <td><b>$Lang::tr{'options'}</b></td>
-    </tr><tr>
-       <td class='boldbase'>$Lang::tr{'vpn local id'}:&nbsp;<img src='/blob.gif' alt='*' />
-           <br />($Lang::tr{'eg'} <tt>&#64;xy.example.com</tt>)</td>
-       <td><input type='text' name='LOCAL_ID' value='$cgiparams{'LOCAL_ID'}' /></td>
-       <td class='boldbase'>$Lang::tr{'vpn remote id'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
-       <td><input type='text' name='REMOTE_ID' value='$cgiparams{'REMOTE_ID'}' /></td>
-    </tr><tr>
-       <td class='boldbase'>$Lang::tr{'remark title'}&nbsp;<img src='/blob.gif' alt='*' /></td>
-       <td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td>
-    </tr>
+           <td class='boldbase'>$Lang::tr{'remark title'}&nbsp;<img src='/blob.gif' alt='*' /></td>
+           <td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td>
+       </tr>
 END
     ;
     if (!$cgiparams{'KEY'}) {
@@ -2502,7 +2421,7 @@ EOF
     $cgiparams{'VPN_DELAYED_START'} = 0 if (! defined ($cgiparams{'VPN_DELAYED_START'}));
     $checked{'VPN_WATCH'} = $cgiparams{'VPN_WATCH'} eq 'on' ? "checked='checked'" : '' ;
     map ($checked{$_} = $cgiparams{$_} eq 'on' ? "checked='checked'" : '',
-       ('ENABLED','ENABLED_GREEN','ENABLED_ORANGE','ENABLED_BLUE','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
+       ('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
         'DBG_KLIPS','DBG_DNS','DBG_NAT_T'));
 
 
@@ -2518,47 +2437,27 @@ EOF
     }
 
     &Header::openbox('100%', 'left', $Lang::tr{'global settings'});
-    my $checkbox="";
     print <<END
     <form method='post' action='$ENV{'SCRIPT_NAME'}'>
     <table width='100%'>
     <tr>
-       <td width='20%' class='base' nowrap='nowrap'>$Lang::tr{'local vpn hostname/ip'}:</td>
+       <td width='20%' class='base' nowrap='nowrap'>$Lang::tr{'vpn red name'}:</td>
        <td width='20%'><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' /></td>
        <td width='20%' class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED' $checked{'ENABLED'} /></td>
-       <td width='20%' class='base' nowrap='nowrap'>$Lang::tr{'vpn on green'}:</td>
-       <td width='20%' class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED_GREEN' $checked{'ENABLED_GREEN'} /></td>
     </tr>
 END
     ;
-    if ($netsettings{'ORANGE_DEV'} ne '') {
-       $checkbox=<<END
-       <td class='base' nowrap='nowrap'>$Lang::tr{'vpn on orange'}:</td>
-       <td class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED_ORANGE' $checked{'ENABLED_ORANGE'} /></td>
-END
-    ;}
-
     print <<END
     <tr>
        <td class='base' nowrap='nowrap'>$Lang::tr{'override mtu'}:&nbsp;<img src='/blob.gif' alt='*' /></td>
        <td ><input type='text' name='VPN_OVERRIDE_MTU' value='$cgiparams{'VPN_OVERRIDE_MTU'}' /></td>
-       <td></td>
-       $checkbox
     </tr>
 END
     ;
-    if ($netsettings{'BLUE_DEV'} ne '') {
-       $checkbox=<<END
-       <td class='base' nowrap='nowrap'>$Lang::tr{'vpn on blue'}:</td>
-       <td class='base'>$Lang::tr{'enabled'}<input type='checkbox' name='ENABLED_BLUE' $checked{'ENABLED_BLUE'} /></td>
-END
-    ;}
 print <<END
     <tr>
        <td  class='base' nowrap='nowrap'>$Lang::tr{'vpn delayed start'}:&nbsp;<img src='/blob.gif' alt='*' /><img src='/blob.gif' alt='*' /></td>
        <td ><input type='text' name='VPN_DELAYED_START' value='$cgiparams{'VPN_DELAYED_START'}' /></td>
-       <td></td>
-       $checkbox
     </tr>
  </table>
 <p>$Lang::tr{'vpn watch'}:<input type='checkbox' name='VPN_WATCH' $checked{'VPN_WATCH'} /></p>
@@ -2587,7 +2486,6 @@ END
 ;              
     print "</form>";
     &Header::closebox();
-    undef ($checkbox);
 
     &Header::openbox('100%', 'left', $Lang::tr{'connection status and controlc'});
     print <<END
@@ -2622,16 +2520,17 @@ END
            print "<td align='left'>&nbsp;</td>";
        }
        print "<td align='center'>$confighash{$key}[25]</td>";
+       # get real state
        my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
-       if ($confighash{$key}[0] eq 'off') {
-           $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
-       } else {
-           foreach my $line (@status) {
-               if ($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) {
-                   $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>";
-               }
+       foreach my $line (@status) {
+           if ($line =~ /\"$confighash{$key}[1]\".*IPsec SA established/) {
+               $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>";
            }
        }
+       # move to blueif really down
+       if ($confighash{$key}[0] eq 'off' && $active =~ /${Header::colourred}/ ) {
+           $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
+       }
        print <<END
        <td align='center'>$active</td>
        <td align='center'>
@@ -2825,14 +2724,15 @@ END
 END
        ;
     }
-
+    my $rowcolor = 0;
     if (keys %cahash > 0) {
-       foreach my $key (keys %cahash) {
-           if (($key + 1) % 2) {
-               print "<tr bgcolor='${Header::table1colour}'>\n";
-           } else {
-               print "<tr bgcolor='${Header::table2colour}'>\n";
-           }
+   foreach my $key (keys %cahash) {
+       if ($rowcolor++ % 2) {
+      print "<tr bgcolor='${Header::table1colour}'>\n";
+       } else {
+      print "<tr bgcolor='${Header::table2colour}'>\n";
+       }
            print "<td class='base'>$cahash{$key}[0]</td>\n";
            print "<td class='base'>$cahash{$key}[1]</td>\n";
            print <<END
@@ -2898,9 +2798,5 @@ END
 END
     ;
     &Header::closebox();
-
-    print "$Lang::tr{'this feature has been sponsored by'} : ";
-    print "<a href='http://www.seminolegas.com/' target='_blank'>Seminole Canada Gas Company</a>.\n";
-
     &Header::closebigbox();
     &Header::closepage();
index 52e2c13..1584575 100644 (file)
@@ -26,7 +26,7 @@
 
 include Config
 
-VER        = 1.3.7
+VER        = 1.3.5
 
 THISAPP    = iptables-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -47,7 +47,7 @@ netfilter-layer7-v2.9.tar.gz  = $(URL_IPFIRE)/netfilter-layer7-v2.9.tar.gz
 libnfnetlink-0.0.25.tar.bz2            = $(URL_IPFIRE)/libnfnetlink-0.0.25.tar.bz2
 libnetfilter_queue-0.0.13.tar.bz2      = $(URL_IPFIRE)/libnetfilter_queue-0.0.13.tar.bz2
 
-$(DL_FILE)_MD5 = dd965bdacbb86ce2a6498829fddda6b7
+$(DL_FILE)_MD5 = 00fb916fa8040ca992a5ace56d905ea5
 netfilter-layer7-v2.9.tar.gz_MD5 = ebf9043a5352ebe6dbd721989ef83dee
 libnfnetlink-0.0.25.tar.bz2_MD5 = fc915a2e66d282e524af6ef939042d7d
 libnetfilter_queue-0.0.13.tar.bz2_MD5 = 660cbfd3dc8c10bf9b1803cd2b688256
index 31a43c6..616241c 100644 (file)
--- a/lfs/linux
+++ b/lfs/linux
@@ -50,14 +50,14 @@ endif
 objects =$(DL_FILE) \
        mISDN-CVS-2007-01-26.tar.bz2 \
        squashfs3.2-r2.tar.gz \
-       iptables-1.3.7.tar.bz2 \
+       iptables-1.3.5.tar.bz2 \
        patch-o-matic-ng-20061210.tar.bz2 \
        netfilter-layer7-v2.9.tar.gz \
        patch-2.6.16-nath323-1.3.bz2
 
 $(DL_FILE)                                     = $(DL_FROM)/$(DL_FILE)
 patch-o-matic-ng-20061210.tar.bz2      = $(URL_IPFIRE)/patch-o-matic-ng-20061210.tar.bz2
-iptables-1.3.7.tar.bz2                 = $(URL_IPFIRE)/iptables-1.3.7.tar.bz2
+iptables-1.3.5.tar.bz2                 = $(URL_IPFIRE)/iptables-1.3.5.tar.bz2
 netfilter-layer7-v2.9.tar.gz           = $(URL_IPFIRE)/netfilter-layer7-v2.9.tar.gz
 patch-2.6.16-nath323-1.3.bz2           = $(URL_IPFIRE)/patch-2.6.16-nath323-1.3.bz2
 squashfs3.2-r2.tar.gz                  = $(URL_IPFIRE)/squashfs3.2-r2.tar.gz
@@ -65,7 +65,7 @@ mISDN-CVS-2007-01-26.tar.bz2          = $(URL_IPFIRE)/mISDN-CVS-2007-01-26.tar.bz2
 
 $(DL_FILE)_MD5                         = 87e998bb87839b962702815dd5aecc73
 patch-o-matic-ng-20061210.tar.bz2_MD5  = 76edac76301b45f89e467b41c8cf4393
-iptables-1.3.7.tar.bz2_MD5                     = dd965bdacbb86ce2a6498829fddda6b7
+iptables-1.3.5.tar.bz2_MD5                     = 00fb916fa8040ca992a5ace56d905ea5
 netfilter-layer7-v2.9.tar.gz_MD5               = ebf9043a5352ebe6dbd721989ef83dee
 patch-2.6.16-nath323-1.3.bz2_MD5               = f926409ff703a307baf54b57ab75d138
 squashfs3.2-r2.tar.gz_MD5                      = bf360b92eba9e6d5610196ce2e02fcd1
@@ -124,8 +124,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 
        # Patch-o-matic
        cd $(DIR_SRC) && rm -rf iptables-* patch-o-matic*
-       cd $(DIR_SRC) && tar xfj $(DIR_DL)/iptables-1.3.7.tar.bz2
-       cd $(DIR_SRC) && ln -sf iptables-1.3.7 iptables
+       cd $(DIR_SRC) && tar xfj $(DIR_DL)/iptables-1.3.5.tar.bz2
+       cd $(DIR_SRC) && ln -sf iptables-1.3.5 iptables
        cd $(DIR_SRC) && tar xfj $(DIR_DL)/patch-o-matic-ng-20061210.tar.bz2
        cd $(DIR_SRC)/patch-o-matic-ng* && \
                ./runme --batch --kernel-path=$(ROOT)/usr/src/$(THISAPP)/ \
@@ -151,7 +151,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 
 ifeq "$(SMP)" ""
        # Only do this once on the non-SMP pass
-       cd $(DIR_SRC) && tar czf $(DIR_DL)/iptables-fixed.tar.gz iptables-1.3.7
+       cd $(DIR_SRC) && tar czf $(DIR_DL)/iptables-fixed.tar.gz iptables-1.3.5
 endif
 
        # Bootsplash
index e27ae6e..aca8357 100644 (file)
@@ -151,6 +151,14 @@ case "$1" in
        # Accept everything connected
        /sbin/iptables -A INPUT   -m state --state ESTABLISHED,RELATED -j ACCEPT
        /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
+       
+       # trafic from ipsecX/TUN/TAP interfaces, before "-i GREEN_DEV" accept everything
+       /sbin/iptables -N IPSECVIRTUAL
+       /sbin/iptables -N OPENSSLVIRTUAL
+       /sbin/iptables -A INPUT -j IPSECVIRTUAL
+       /sbin/iptables -A INPUT -j OPENSSLVIRTUAL
+       /sbin/iptables -A FORWARD -j IPSECVIRTUAL
+       /sbin/iptables -A FORWARD -j OPENSSLVIRTUAL
 
        # localhost and ethernet.
        /sbin/iptables -A INPUT   -i lo          -m state --state NEW -j ACCEPT
@@ -167,19 +175,17 @@ case "$1" in
        # we end up with orange -> orange traffic passing through IPFire
        [ "$ORANGE_DEV" != "" ] && /sbin/iptables -A FORWARD -i $ORANGE_DEV -o $ORANGE_DEV -m state --state NEW -j ACCEPT
 
-       # accept all traffic from ipsec interfaces
-       /sbin/iptables -A INPUT   -i ipsec+ -j ACCEPT
-       /sbin/iptables -A FORWARD -i ipsec+ -j ACCEPT
-
        # allow DHCP on BLUE to be turned on/off
        /sbin/iptables -N DHCPBLUEINPUT 
        /sbin/iptables -A INPUT -j DHCPBLUEINPUT
 
-       # IPSec chains
-       /sbin/iptables -N IPSECRED
-       /sbin/iptables -A INPUT -j IPSECRED
-       /sbin/iptables -N IPSECBLUE
-       /sbin/iptables -A INPUT -j IPSECBLUE
+       # IPSec
+       /sbin/iptables -N IPSECPHYSICAL
+       /sbin/iptables -A INPUT -j IPSECPHYSICAL
+
+       # OPenSSL
+       /sbin/iptables -N OPENSSLPHYSICAL
+       /sbin/iptables -A INPUT -j OPENSSLPHYSICAL
 
        # WIRELESS chains
        /sbin/iptables -N WIRELESSINPUT
index 3288a16..9bd629d 100644 (file)
@@ -547,9 +547,9 @@ int main(int argc, char *argv[])
                if (strlen(driver) > 1) {
                        fprintf(flog, "Fixing up ipfirerd.img\n");
                        mkdir("/harddisk/initrd", S_IRWXU|S_IRWXG|S_IRWXO);
-                       snprintf(commandstring, STRING_SIZE, "/sbin/chroot /harddisk /sbin/mkinitrd -v --with=scsi_mod %s --with=sd_mod --with=sr_mod /boot/ipfirerd.img %s-ipfire", driver, KERNEL_VERSION);
+                       snprintf(commandstring, STRING_SIZE, "/sbin/chroot /harddisk /sbin/mkinitrd --with=scsi_mod %s --with=sd_mod --with=sr_mod /boot/ipfirerd.img %s-ipfire", driver, KERNEL_VERSION);
                        runcommandwithstatus(commandstring, ctr[TR_BUILDING_INITRD]);
-                       snprintf(commandstring, STRING_SIZE, "/sbin/chroot /harddisk /sbin/mkinitrd -v --with=scsi_mod %s --with=sd_mod --with=sr_mod /boot/ipfirerd-smp.img %s-ipfire-smp", driver, KERNEL_VERSION);
+                       snprintf(commandstring, STRING_SIZE, "/sbin/chroot /harddisk /sbin/mkinitrd --with=scsi_mod %s --with=sd_mod --with=sr_mod /boot/ipfirerd-smp.img %s-ipfire-smp", driver, KERNEL_VERSION);
                        runcommandwithstatus(commandstring, ctr[TR_BUILDING_INITRD]);
                        mysystem("/sbin/chroot /harddisk /bin/mv /boot/grub/scsigrub.conf /boot/grub/grub.conf");
                }
index 7abaa3e..bd2c082 100644 (file)
@@ -11,7 +11,7 @@ SUID_PROGS = setdmzholes setportfw setfilters setxtaccess restartdhcp restartsno
        restartapplejuice setdate rebuildhosts \
        restartsyslogd logwatch openvpnctrl timecheckctrl \
        restartwireless getipstat qosctrl launch-ether-wake \
-       redctrl extrahdctrl sambactrl
+       redctrl extrahdctrl sambactrl upnpctrl
 
 install : all
        install -m 755  $(PROGS) /usr/local/bin
@@ -48,6 +48,9 @@ redctrl: redctrl.c setuid.o ../install+setup/libsmooth/varval.o
 
 extrahdctrl: extrahdctrl.c setuid.o ../install+setup/libsmooth/varval.o
        $(COMPILE) -I../install+setup/libsmooth/ extrahdctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
+       
+upnpctrl: upnpctrl.c setuid.o ../install+setup/libsmooth/varval.o
+       $(COMPILE) -I../install+setup/libsmooth/ upnpctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
 
 sambactrl: sambactrl.c setuid.o ../install+setup/libsmooth/varval.o
        $(COMPILE) -I../install+setup/libsmooth/ sambactrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
index 408dfad..63e042a 100644 (file)
@@ -3,8 +3,6 @@
  * File originally from the Smoothwall project
  * (c) 2001 Smoothwall Team
  *
- * $Id: ipsecctrl.c,v 1.5.2.14 2005/05/15 12:58:28 rkerr Exp $
- *
  */
 
 #include "libsmooth.h"
 #include <signal.h>
 #include "setuid.h"
 
+/*
+    This module is responsible for start stop of the vpn system.
+    
+    1) it allows AH & ESP to get in from interface where a vpn is mounted
+       The NAT traversal is used on the udp 4500 port.
+
+    2) it starts the ipsec daemon
+       The RED interface is a problem because it can be up or down a startup.
+       Then, the state change and it must not affect other VPN mounted on 
+       other interface.
+       Unfortunatly, openswan 1 cannot do that correctly. It cannot use an
+       interface without restarting everything.
+
+    IPCop should control vpn this way:
+
+    rc.netaddrsesup.up
+           call ipsecctrl once to start vpns on all interface
+           RED based vpn won't start because "auto=ignore" instead off "auto=start"
+
+    rc.updatered
+           call ipsectrl to turn on or off vpn based on RED
+
+    but now it is only:
+
+    rc.updatered
+           call ipsectrl S at every event on RED. 
+           Consequence: BLUE vpn is not started until RED goes up.
+
+
+*/
+
+#define phystable      "IPSECPHYSICAL"
+#define virtualtable   "IPSECVIRTUAL"
+
 void usage() {
        fprintf (stderr, "Usage:\n");
        fprintf (stderr, "\tipsecctrl S [connectionkey]\n");
@@ -27,43 +59,66 @@ void usage() {
        fprintf (stderr, "\t\tR : Reload Certificates and Secrets\n");
 }
 
-void loadalgmodules() {
+void load_modules() {
        safe_system("/sbin/modprobe ipsec");
 }
 
-void ipsecrules(char *chain, char *interface)
-{
+/*
+       ACCEPT the ipsec protocol ah, esp & udp (for nat traversal) on the specified interface
+*/
+void open_physical (char *interface, int nat_traversal_port) {
        char str[STRING_SIZE];
 
-       sprintf(str, "/sbin/iptables -A %s -p 47  -i %s -j ACCEPT", chain, interface);
+       // GRE ???
+       sprintf(str, "/sbin/iptables -A " phystable " -p 47  -i %s -j ACCEPT", interface);
        safe_system(str);
-       sprintf(str, "/sbin/iptables -A %s -p 50  -i %s -j ACCEPT", chain, interface);
+       // ESP
+       sprintf(str, "/sbin/iptables -A " phystable " -p 50  -i %s -j ACCEPT", interface);
        safe_system(str);
-       sprintf(str, "/sbin/iptables -A %s -p 51  -i %s -j ACCEPT", chain, interface);
+       // AH
+       sprintf(str, "/sbin/iptables -A " phystable " -p 51  -i %s -j ACCEPT", interface);
        safe_system(str);
-       sprintf(str, "/sbin/iptables -A %s -p udp -i %s --sport 500 --dport 500 -j ACCEPT", chain, interface);
+       // IKE
+       sprintf(str, "/sbin/iptables -A " phystable " -p udp -i %s --sport 500 --dport 500 -j ACCEPT", interface);
        safe_system(str);
-       sprintf(str, "/sbin/iptables -A %s -p udp -i %s --dport 4500 -j ACCEPT", chain, interface);
+
+       if (! nat_traversal_port) 
+           return;
+
+       sprintf(str, "/sbin/iptables -A " phystable " -p udp -i %s --dport %i -j ACCEPT", interface, nat_traversal_port);
        safe_system(str);
 }
 
-void addaliasinterfaces(char *configtype, char *redtype, char *redif, char *enablered, char*enableblue)
+/*
+    Basic control for what can flow from/to ipsecX interfaces.
+
+    rc.firewall call this chain just before ACCEPTing everything
+    from green (-i DEV_GREEN -j ACCEPT).
+*/
+void open_virtual (void) {
+       // allow anything from any ipsec to go on all interface, including other ipsec
+       safe_system("/sbin/iptables -A " virtualtable " -i ipsec+ -j ACCEPT");
+       //todo: BOT extension?; allowing ipsec0<<==port-list-filter==>>GREEN ?
+}
+
+void ipsec_norules() {
+       /* clear input rules */
+       safe_system("/sbin/iptables -F " phystable);
+       safe_system("/sbin/iptables -F " virtualtable);
+
+       // unmap red alias ????
+}
+
+
+void add_alias_interfaces(char *configtype,
+                         char *redtype,
+                         char *redif,
+                         int offset)           //reserve room for ipsec0=red, ipsec1=green, ipsec2=orange,ipsec3=blue
 {
        FILE *file = NULL;
        char s[STRING_SIZE];
-       char *sptr;
-       char *aliasip=NULL;
-       char *enabled=NULL;
-       char *comment=NULL;
-       int count=0;
        int alias=0;
-       int add=0;
 
-       if ( strcmp(enablered, "on") == 0 ) 
-               add += 1;
-       if ( strcmp(enableblue, "on") == 0 )
-               add += 1;
-       
        /* Check for CONFIG_TYPE=2 or 3 i.e. RED ethernet present. If not,
        * exit gracefully.  This is not an error... */
        if (!((strcmp(configtype, "2")==0) || (strcmp(configtype, "3")==0) || (strcmp(configtype, "6")==0) || (strcmp(configtype, "7")==0)))
@@ -79,16 +134,15 @@ void addaliasinterfaces(char *configtype, char *redtype, char *redif, char *enab
                fprintf(stderr, "Unable to open aliases configuration file\n");
                return;
        }
-
-       while (fgets(s, STRING_SIZE, file) != NULL && (add+alias) < 16)
+       while (fgets(s, STRING_SIZE, file) != NULL && (offset+alias) < 16 )
        {
                if (s[strlen(s) - 1] == '\n')
                        s[strlen(s) - 1] = '\0';
-               sptr = strtok(s, ",");
-               count = 0;
-               aliasip = NULL;
-               enabled = NULL;
-               comment = NULL;
+               int count = 0;
+               char *aliasip=NULL;
+               char *enabled=NULL;
+               char *comment=NULL;
+               char *sptr = strtok(s, ",");
                while (sptr)
                {
                        if (count == 0)
@@ -113,213 +167,333 @@ void addaliasinterfaces(char *configtype, char *redtype, char *redif, char *enab
                if (strcmp(enabled, "on") == 0)
                {
                        memset(s, 0, STRING_SIZE);
-                       snprintf(s, STRING_SIZE-1, "/usr/sbin/ipsec tncfg --attach --virtual ipsec%d --physical %s:%d >/dev/null", alias+add, redif, alias);
+                       snprintf(s, STRING_SIZE-1, "/usr/sbin/ipsec tncfg --attach --virtual ipsec%d --physical %s:%d >/dev/null", offset+alias, redif, alias);
                        safe_system(s);
                        alias++;
                }
        }
 }
 
+/*
+ return values from the vpn config file or false if not 'on'
+*/
+int decode_line (char *s, 
+               char **key,
+               char **name,
+               char **type,
+               char **interface
+               ) {
+       int count = 0;
+       *key = NULL;
+       *name = NULL;
+       *type = NULL;
+
+       if (s[strlen(s) - 1] == '\n')
+               s[strlen(s) - 1] = '\0';
+
+       char *result = strsep(&s, ",");
+       while (result) {
+               if (count == 0)
+                       *key = result;
+               if ((count == 1) && strcmp(result, "on") != 0)
+                       return 0;       // a disabled line
+               if (count == 2)
+                       *name = result;
+               if (count == 4)
+                       *type = result;
+               if (count == 27)
+                       *interface = result;
+               count++;
+               result = strsep(&s, ",");
+       }
+
+       // check other syntax
+       if (! *name)
+           return 0;
+                       
+       if (strspn(*name, LETTERS_NUMBERS) != strlen(*name)) {
+               fprintf(stderr, "Bad connection name: %s\n", *name);
+               return 0;
+       }
+
+       if (! (strcmp(*type, "host") == 0 || strcmp(*type, "net") == 0)) {
+               fprintf(stderr, "Bad connection type: %s\n", *type);
+               return 0;
+       }
+
+       if (! (strcmp(*interface, "RED") == 0 || strcmp(*interface, "GREEN") == 0 ||
+               strcmp(*interface, "ORANGE") == 0 || strcmp(*interface, "BLUE") == 0)) {
+               fprintf(stderr, "Bad interface name: %s\n", *interface);
+               return 0;
+       }
+       //it's a valid & active line
+       return 1;
+}
+
+/*
+    issue ipsec commmands to turn on connection 'name'
+*/
+void turn_connection_on (char *name, char *type) {
+       char command[STRING_SIZE];
+
+       safe_system("/usr/sbin/ipsec auto --rereadsecrets >/dev/null");
+       memset(command, 0, STRING_SIZE);
+       snprintf(command, STRING_SIZE - 1, 
+               "/usr/sbin/ipsec auto --replace %s >/dev/null", name);
+       safe_system(command);
+       if (strcmp(type, "net") == 0) {
+               memset(command, 0, STRING_SIZE);
+               snprintf(command, STRING_SIZE - 1, 
+               "/usr/sbin/ipsec auto --asynchronous --up %s >/dev/null", name);
+               safe_system(command);
+       }
+}
+/*
+    issue ipsec commmands to turn off connection 'name'
+*/
+void turn_connection_off (char *name) {
+       char command[STRING_SIZE];
+
+       memset(command, 0, STRING_SIZE);
+       snprintf(command, STRING_SIZE - 1, 
+               "/usr/sbin/ipsec auto --down %s >/dev/null", name);
+       safe_system(command);
+       memset(command, 0, STRING_SIZE);
+       snprintf(command, STRING_SIZE - 1, 
+               "/usr/sbin/ipsec auto --delete %s >/dev/null", name);
+       safe_system(command);
+       safe_system("/usr/sbin/ipsec auto --rereadsecrets >/dev/null");
+}
+
+
 int main(int argc, char *argv[]) {
-       int count;
-       char s[STRING_SIZE];
+
        char configtype[STRING_SIZE];
        char redtype[STRING_SIZE] = "";
-       char command[STRING_SIZE];
-       char *result;
-       char *key;
-       char *enabled;
-       char *name;
-       char *type;
-       char *running;
-       FILE *file = NULL;
        struct keyvalue *kv = NULL;
-       char enablered[STRING_SIZE] = "off";
-       char enableblue[STRING_SIZE] = "off";
-       char redif[STRING_SIZE] = "";;
-       char blueif[STRING_SIZE] = "";
-       FILE *ifacefile = NULL;
                        
-       if (!(initsetuid()))
-               exit(1);
-       
        if (argc < 2) {
                usage();
                exit(1);
        }
+       if (!(initsetuid()))
+               exit(1);
 
        /* FIXME: workaround for pclose() issue - still no real idea why
         * this is happening */
        signal(SIGCHLD, SIG_DFL);
 
-       /* Init the keyvalue structure */
-       kv=initkeyvalues();
+       /* handle operations that doesn't need start the ipsec system */
+       if (argc == 2) {
+               if (strcmp(argv[1], "D") == 0) {
+                       safe_system("/usr/local/bin/vpn-watch --stop");
+                       ipsec_norules();
+                       /* Only shutdown pluto if it really is running */
+                       int fd;
+                       /* Get pluto pid */
+                       if ((fd = open("/var/run/pluto.pid", O_RDONLY)) != -1) {
+                               safe_system("/etc/rc.d/ipsec stop 2> /dev/null >/dev/null");
+                               close(fd);
+                       }
+                       exit(0);
+               }
 
-       /* Read in the current values */
+               if (strcmp(argv[1], "R") == 0) {
+                       safe_system("/usr/sbin/ipsec auto --rereadall");
+                       exit(0);
+               }
+       }
+
+       /* stop the watch script as soon as possible */
+       safe_system("/usr/local/bin/vpn-watch --stop");
+
+       /* clear iptables vpn rules */
+       ipsec_norules();
+
+       /* read vpn config */
+       kv=initkeyvalues();
        if (!readkeyvalues(kv, CONFIG_ROOT "/vpn/settings"))
        {
                fprintf(stderr, "Cannot read vpn settings\n");
                exit(1);
        }
 
-       findkey(kv, "ENABLED", enablered);
-       findkey(kv, "ENABLED_BLUE", enableblue);
+       /* check is the vpn system is enabled */
+       {
+           char s[STRING_SIZE];
+           findkey(kv, "ENABLED", s);
+           freekeyvalues(kv);
+           if (strcmp (s, "on") != 0)
+               exit(0);
+       }
 
-       freekeyvalues(kv);
+       /* read interface settings */
        kv=initkeyvalues();
-
        if (!readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings"))
        {
                fprintf(stderr, "Cannot read ethernet settings\n");
                exit(1);
        }
-
        if (!findkey(kv, "CONFIG_TYPE", configtype))
        {
                fprintf(stderr, "Cannot read CONFIG_TYPE\n");
                exit(1);
        }
-
        findkey(kv, "RED_TYPE", redtype);
-       findkey(kv, "BLUE_DEV", blueif);
-       freekeyvalues(kv);
-       memset(redif, 0, STRING_SIZE);
-
-       if ((ifacefile = fopen(CONFIG_ROOT "/red/iface", "r")))
-       {
-               if (fgets(redif, STRING_SIZE, ifacefile))
-               {
-                       if (redif[strlen(redif) - 1] == '\n')
-                               redif[strlen(redif) - 1] = '\0';
-               }
-               fclose (ifacefile);
-               ifacefile = NULL;
 
-               if (!VALID_DEVICE(redif))
-               {
-                       memset(redif, 0, STRING_SIZE);
-               }
-       }
 
-       safe_system("/sbin/iptables -F IPSECRED");
-       if (!strcmp(enablered, "on") && strlen(redif)) {
-               ipsecrules("IPSECRED", redif);
-       }
+       /* Loop through the config file to find physical interface that will accept IPSEC */
+       int enable_red=0;       // states 0: not used
+       int enable_green=0;     //        1: error condition
+       int enable_orange=0;    //        2: good
+       int enable_blue=0;
+       char if_red[STRING_SIZE] = "";
+       char if_green[STRING_SIZE] = "";
+       char if_orange[STRING_SIZE] = "";
+       char if_blue[STRING_SIZE] = "";
+       char s[STRING_SIZE];
+       FILE *file = NULL;
 
-       safe_system("/sbin/iptables -F IPSECBLUE");
-       if (!strcmp(enableblue, "on")) {
-               if (VALID_DEVICE(blueif))
-                       ipsecrules("IPSECBLUE", blueif);
-               else
-               {
-                       fprintf(stderr, "IPSec enabled on blue but blue interface is invalid or not found\n");
-                       exit(1);
-               }
+       if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) {
+               fprintf(stderr, "Couldn't open vpn settings file");
+               exit(1);
        }
+       while (fgets(s, STRING_SIZE, file) != NULL) {
+               char *key;
+               char *name;
+               char *type;
+               char *interface;
+               if (!decode_line(s,&key,&name,&type,&interface))
+                   continue;
+               /* search interface */
+               if (!enable_red && strcmp (interface, "RED") == 0) {
+                       // when RED is up, find interface name in special file
+                       FILE *ifacefile = NULL;
+                       if ((ifacefile = fopen(CONFIG_ROOT "/red/iface", "r"))) {
+                           if (fgets(if_red, STRING_SIZE, ifacefile)) {
+                               if (if_red[strlen(if_red) - 1] == '\n')
+                                       if_red[strlen(if_red) - 1] = '\0';
+                           }
+                           fclose (ifacefile);
 
-       /* Only shutdown pluto if it really is running */
-       if (argc == 2) {
-               if (strcmp(argv[1], "D") == 0) {
-                       int fd;
-                       /* Get pluto pid */
-                       if ((fd = open("/var/run/pluto.pid", O_RDONLY)) != -1) {
-                               safe_system("/etc/rc.d/init.d/ipsec stop 2> /dev/null >/dev/null");
-                               close(fd);
+                           if (VALID_DEVICE(if_red))
+                               enable_red+=2;                  // present and running
                        }
                }
-       }
-
-       if ((strcmp(enablered, "on") || !strlen(redif)) && strcmp(enableblue, "on"))
-               exit(0);
 
-       if (argc == 2) {
-               if (strcmp(argv[1], "S") == 0) {
-                       loadalgmodules();
-                       safe_system("/usr/sbin/ipsec tncfg --clear >/dev/null");
-                       safe_system("/etc/rc.d/init.d/ipsec restart >/dev/null");
-                       addaliasinterfaces(configtype, redtype, redif, enablered, enableblue);
-               } else if (strcmp(argv[1], "R") == 0) {
-                       safe_system("/usr/sbin/ipsec auto --rereadall");
-               } else {
-                       fprintf(stderr, "Bad arg\n");
-                       usage();
-                       exit(1);
+               if (!enable_green && strcmp (interface, "GREEN") == 0) {
+                       enable_green = 1;
+                       findkey(kv, "GREEN_DEV", if_green);
+                       if (VALID_DEVICE(if_green))
+                           enable_green++;
+                       else
+                           fprintf(stderr, "IPSec enabled on green but green interface is invalid or not found\n");
                }
-       } else if (strspn(argv[2], NUMBERS) == strlen(argv[2])) {
-               if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) {
-                       fprintf(stderr, "Couldn't open vpn settings file");
-                       exit(1);
+
+               if (!enable_orange && strcmp (interface, "ORANGE") == 0) {
+                       enable_orange = 1;
+                       findkey(kv, "ORANGE_DEV", if_orange);
+                       if (VALID_DEVICE(if_orange))
+                           enable_orange++;
+                       else
+                           fprintf(stderr, "IPSec enabled on orange but orange interface is invalid or not found\n");
                }
-               while (fgets(s, STRING_SIZE, file) != NULL) {
-                       if (s[strlen(s) - 1] == '\n')
-                               s[strlen(s) - 1] = '\0';
-                       running = strdup (s);
-                       result = strsep(&running, ",");
-                       count = 0;
-                       key = NULL;
-                       name = NULL;
-                       enabled = NULL;
-                       type = NULL;
-                       while (result) {
-                               if (count == 0)
-                                       key = result;
-                               if (count == 1)
-                                       enabled = result;       
-                               if (count == 2)
-                                       name = result;
-                               if (count == 4)
-                                       type = result;
-                               count++;
-                               result = strsep(&running, ",");
-                       }
-                       if (strcmp(key, argv[2]) != 0)
-                               continue;
-                       
-                       if (!(name && enabled))
-                               continue;
-                       
-                       if (strspn(name, LETTERS_NUMBERS) != strlen(name)) {
-                               fprintf(stderr, "Bad connection name: %s\n", name);
-                               goto EXIT;
-                       }
 
-                       if (! (strcmp(type, "host") == 0 || strcmp(type, "net") == 0)) {
-                               fprintf(stderr, "Bad connection type: %s\n", type);
-                               goto EXIT;
-                       }
-                       
-                       if (strcmp(argv[1], "S") == 0 && strcmp(enabled, "on") == 0) {
-                               safe_system("/usr/sbin/ipsec auto --rereadsecrets >/dev/null");
-                               memset(command, 0, STRING_SIZE);
-                               snprintf(command, STRING_SIZE - 1, 
-                                       "/usr/sbin/ipsec auto --replace %s >/dev/null", name);
-                               safe_system(command);
-                               if (strcmp(type, "net") == 0) {
-                                       memset(command, 0, STRING_SIZE);
-                                       snprintf(command, STRING_SIZE - 1, 
-                                               "/usr/sbin/ipsec auto --asynchronous --up %s >/dev/null", name);
-                                       safe_system(command);
-                               }
-                       } else if (strcmp(argv[1], "D") == 0) {
-                               safe_system("/usr/sbin/ipsec auto --rereadsecrets >/dev/null");
-                               memset(command, 0, STRING_SIZE);
-                               snprintf(command, STRING_SIZE - 1, 
-                                       "/usr/sbin/ipsec auto --down %s >/dev/null", name);
-                               safe_system(command);
-                               memset(command, 0, STRING_SIZE);
-                               snprintf(command, STRING_SIZE - 1, 
-                                       "/usr/sbin/ipsec auto --delete %s >/dev/null", name);
-                               safe_system(command);
-                       }
+               if (!enable_blue && strcmp (interface, "BLUE") == 0) {
+                       enable_blue++;
+                       findkey(kv, "BLUE_DEV", if_blue);
+                       if (VALID_DEVICE(if_blue))
+                           enable_blue++;
+                       else
+                           fprintf(stderr, "IPSec enabled on blue but blue interface is invalid or not found\n");
+
                }
-       } else {
+       }
+       fclose(file);
+       freekeyvalues(kv);
+
+       // do nothing if something is in error condition
+       if ((enable_red==1) || (enable_green==1) || (enable_orange==1) || (enable_blue==1) )
+           exit(1);
+
+       // exit if nothing to do
+       if ( (enable_red+enable_green+enable_orange+enable_blue) == 0 )
+           exit(0);
+
+       // open needed ports
+       // todo: read a nat_t indicator to allow or not openning UDP/4500
+       if (enable_red==2)
+               open_physical(if_red, 4500);
+
+       if (enable_green==2)
+               open_physical(if_green, 4500);
+
+       if (enable_orange==2)
+               open_physical(if_orange, 4500);
+
+       if (enable_blue==2)
+               open_physical(if_blue, 4500);
+
+       // then open the ipsecX
+       open_virtual();
+
+       // start the system
+       if ((argc == 2) && strcmp(argv[1], "S") == 0) {
+               load_modules();
+               safe_system("/usr/sbin/ipsec tncfg --clear >/dev/null");
+               safe_system("/etc/rc.d/ipsec restart >/dev/null");
+               add_alias_interfaces(configtype, redtype, if_red, (enable_red+enable_green+enable_orange+enable_blue) >>1 );
+               safe_system("/usr/local/bin/vpn-watch --start");
+               exit(0);
+       }
+
+       // it is a selective start or stop
+       // second param is only a number 'key'
+       if ((argc == 2) || strspn(argv[2], NUMBERS) != strlen(argv[2])) {
+               ipsec_norules();
                fprintf(stderr, "Bad arg\n");
                usage();
                exit(1);
        }
 
-EXIT:
-       if (file)
-               fclose(file);
+       // search the vpn pointed by 'key'
+       if (!(file = fopen(CONFIG_ROOT "/vpn/config", "r"))) {
+               ipsec_norules();
+               fprintf(stderr, "Couldn't open vpn settings file");
+               exit(1);
+       }
+       while (fgets(s, STRING_SIZE, file) != NULL) {
+               char *key;
+               char *name;
+               char *type;
+               char *interface;
+               if (!decode_line(s,&key,&name,&type,&interface))
+                       continue;
+
+               // start/stop a vpn if belonging to specified interface
+               if (strcmp(argv[1], interface) == 0 ) {
+                           if (strcmp(argv[2], "0")==0)
+                               turn_connection_off (name);
+                           else
+                               turn_connection_on (name, type);
+                       continue;
+               }
+               // is it the 'key' requested ?
+               if (strcmp(argv[2], key) != 0)
+                       continue;
+               // Start or Delete this Connection
+               if (strcmp(argv[1], "S") == 0)
+                       turn_connection_on (name, type);
+               else
+               if (strcmp(argv[1], "D") == 0)
+                       turn_connection_off (name);
+               else {
+                       ipsec_norules();
+                       fprintf(stderr, "Bad command\n");
+                       exit(1);
+               }
+       }
+       fclose(file);
+       safe_system("/usr/local/bin/vpn-watch --start");
        return 0;
 }
index 568af05..463f915 100644 (file)
@@ -27,7 +27,6 @@ int main(int argc, char *argv[])
         {
             snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -d %s", argv[2]);
             safe_system(command);
-            printf(command);
             return 0;
         }
 
@@ -35,7 +34,6 @@ int main(int argc, char *argv[])
         {
             snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -e %s", argv[2]);
             safe_system(command);
-            printf(command);
             return 0;
         }
 
@@ -43,10 +41,8 @@ int main(int argc, char *argv[])
         {
             snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -x %s", argv[2]);
             safe_system(command);
-            printf(command);
             snprintf(command, BUFFER_SIZE-1, "/usr/sbin/userdel %s", argv[2]);
             safe_system(command);
-            printf(command);
             return 0;
         }
 
@@ -56,10 +52,17 @@ int main(int argc, char *argv[])
             return 0;
         }
 
+        if (strcmp(argv[1], "smbsafeconfpdc")==0)
+        {
+            safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/pdc /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf");
+            return 0;
+        }
+
         if (strcmp(argv[1], "smbglobalreset")==0)
         {
             safe_system("/bin/cat /var/ipfire/samba/default.global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf");
             safe_system("/bin/cat /var/ipfire/samba/default.settings > /var/ipfire/samba/settings");
+            safe_system("/bin/cat /var/ipfire/samba/default.global > /var/ipfire/samba/global");
             return 0;
         }
 
@@ -85,9 +88,19 @@ int main(int argc, char *argv[])
             return 0;
         }
 
+        if (strcmp(argv[1], "smbstatus")==0)
+        {
+            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/smbstatus");
+            safe_system(command);
+            printf(command);
+            return 0;
+        }
+
         if (strcmp(argv[1], "smbuseradd")==0)
         {
-            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba User' -d /opt/samba -g 2110 -p %s -s /bin/false %s", argv[3], argv[2]);
+            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambauser");
+            safe_system(command);
+            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba User' -m -g %s -p %s -s %s %s", argv[4], argv[3], argv[5], argv[2]);
             safe_system(command);
             printf(command);
             snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s", argv[3], argv[3], argv[2]);
@@ -96,6 +109,19 @@ int main(int argc, char *argv[])
             return 0;
         }
 
+        if (strcmp(argv[1], "smbpcadd")==0)
+        {
+            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambawks");
+            safe_system(command);
+            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba Workstation' -g %s -s %s %s", argv[3], argv[4], argv[2]);
+            safe_system(command);
+            printf(command);
+            snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -a -m %s", argv[2]);
+            safe_system(command);
+            printf(command);
+            return 0;
+        }
+
         if (strcmp(argv[1], "smbchangepw")==0)
         {
             snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s", argv[3], argv[3], argv[2]);
diff --git a/src/misc-progs/upnpctrl.c b/src/misc-progs/upnpctrl.c
new file mode 100644 (file)
index 0000000..d133c16
--- /dev/null
@@ -0,0 +1,47 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include "setuid.h"
+
+#define BUFFER_SIZE 1024
+
+char command[BUFFER_SIZE]; 
+
+int main(int argc, char *argv[])
+{
+
+        if (!(initsetuid()))
+                exit(1);
+
+        // Check what command is asked
+        if (argc==1)
+        {
+            fprintf (stderr, "Missing upnpctrl command!\n");
+            return 1;
+        }
+
+        if (strcmp(argv[1], "start")==0)
+        {
+            snprintf(command, BUFFER_SIZE-1, "route add -net 239.0.0.0 netmask 255.0.0.0 %s", argv[2]);
+            safe_system(command);
+            printf(command);
+            snprintf(command, BUFFER_SIZE-1, "/usr/sbin/upnpd %s %s", argv[2], argv[3] );
+            safe_system(command);
+            printf(command);
+            return 0;
+        }
+
+        if (strcmp(argv[1], "stop")==0)
+        {
+            snprintf(command, BUFFER_SIZE-1, "killall upnpd");
+            safe_system(command);
+            printf(command);
+            snprintf(command, BUFFER_SIZE-1, "route del -net 239.0.0.0 netmask 255.0.0.0 %s", argv[2]);
+            safe_system(command);
+            printf(command);
+            return 0;
+        }
+}