]> git.ipfire.org Git - people/teissler/ipfire-2.x.git/blame - html/cgi-bin/ovpnmain.cgi
projects / people / teissler / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
ovpnmain.cgi: Don't fail if files are not existant.
[people/teissler/ipfire-2.x.git] / html / cgi-bin / ovpnmain.cgi
CommitLineData
6e13d0a5 1#!/usr/bin/perl
70df8302
MT		 2###############################################################################
3# #
4# IPFire.org - A linux based firewall #
ab4cf06c 5# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
70df8302
MT		 6# #
7# This program is free software: you can redistribute it and/or modify #
8# it under the terms of the GNU General Public License as published by #
9# the Free Software Foundation, either version 3 of the License, or #
10# (at your option) any later version. #
11# #
12# This program is distributed in the hope that it will be useful, #
13# but WITHOUT ANY WARRANTY; without even the implied warranty of #
14# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15# GNU General Public License for more details. #
16# #
17# You should have received a copy of the GNU General Public License #
18# along with this program. If not, see <http://www.gnu.org/licenses/>. #
19# #
20###############################################################################
54fd0535
MT		 21###
22# Based on IPFireCore 55
23###
6e13d0a5
MT		 24use CGI;
25use CGI qw/:standard/;
26use Net::DNS;
ce9abb66 27use Net::Ping;
54fd0535 28use Net::Telnet;
6e13d0a5
MT		 29use File::Copy;
30use File::Temp qw/ tempfile tempdir /;
31use strict;
32use Archive::Zip qw(:ERROR_CODES :CONSTANTS);
6e13d0a5 33require '/var/ipfire/general-functions.pl';
6e13d0a5
MT		 34require "${General::swroot}/lang.pl";
35require "${General::swroot}/header.pl";
36require "${General::swroot}/countries.pl";
37
38# enable only the following on debugging purpose
8c877a82
AM		 39#use warnings;
40#use CGI::Carp 'fatalsToBrowser';
6e13d0a5 41#workaround to suppress a warning when a variable is used only once
8c877a82 42my @dummy = ( ${Header::colourgreen}, ${Header::colourblue} );
6e13d0a5
MT		 43undef (@dummy);
44
f2fdd0c1
CS		 45my %color = ();
46my %mainsettings = ();
47&General::readhash("${General::swroot}/main/settings", \%mainsettings);
48&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
6e13d0a5
MT		 49
50###
51### Initialize variables
52###
e81be1e1
AM		 53my %ccdconfhash=();
54my %ccdroutehash=();
55my %ccdroute2hash=();
6e13d0a5
MT		 56my %netsettings=();
57my %cgiparams=();
58my %vpnsettings=();
59my %checked=();
60my %confighash=();
61my %cahash=();
62my %selected=();
63my $warnmessage = '';
64my $errormessage = '';
65my %settings=();
54fd0535 66my $routes_push_file = '';
df9b48b7
AM		 67my $confighost="${General::swroot}/fwhosts/customhosts";
68my $configgrp="${General::swroot}/fwhosts/customgroups";
69my $customnet="${General::swroot}/fwhosts/customnetworks";
70my $name;
6e13d0a5
MT		 71&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
72$cgiparams{'ENABLED'} = 'off';
73$cgiparams{'ENABLED_BLUE'} = 'off';
74$cgiparams{'ENABLED_ORANGE'} = 'off';
75$cgiparams{'EDIT_ADVANCED'} = 'off';
76$cgiparams{'NAT'} = 'off';
77$cgiparams{'COMPRESSION'} = 'off';
78$cgiparams{'ONLY_PROPOSED'} = 'off';
79$cgiparams{'ACTION'} = '';
80$cgiparams{'CA_NAME'} = '';
81$cgiparams{'DHCP_DOMAIN'} = '';
82$cgiparams{'DHCP_DNS'} = '';
83$cgiparams{'DHCP_WINS'} = '';
54fd0535 84$cgiparams{'ROUTES_PUSH'} = '';
6e13d0a5 85$cgiparams{'DCOMPLZO'} = 'off';
a79fa1d6 86$cgiparams{'MSSFIX'} = '';
8c877a82 87$cgiparams{'number'} = '';
2ee746be 88$cgiparams{'PMTU_DISCOVERY'} = '';
54fd0535
MT		 89$routes_push_file = "${General::swroot}/ovpn/routes_push";
90unless (-e $routes_push_file) { system("touch $routes_push_file"); }
8c877a82
AM		 91unless (-e "${General::swroot}/ovpn/ccd.conf") { system("touch ${General::swroot}/ovpn/ccd.conf"); }
92unless (-e "${General::swroot}/ovpn/ccdroute") { system("touch ${General::swroot}/ovpn/ccdroute"); }
93unless (-e "${General::swroot}/ovpn/ccdroute2") { system("touch ${General::swroot}/ovpn/ccdroute2"); }
ce9abb66 94
6e13d0a5
MT		 95&Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
96
97# prepare openvpn config file
98###
99### Useful functions
100###
c6c9630e
MT		 101sub haveOrangeNet
102{
13211b21
CS		 103 if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;}
104 if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
c6c9630e
MT		 105 return 0;
106}
107
108sub haveBlueNet
109{
13211b21 110 if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;}
c6c9630e 111 if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
c6c9630e
MT		 112 return 0;
113}
114
115sub sizeformat{
116 my $bytesize = shift;
117 my $i = 0;
118
119 while(abs($bytesize) >= 1024){
120 $bytesize=$bytesize/1024;
121 $i++;
122 last if($i==6);
123 }
124
125 my @units = ("Bytes","KB","MB","GB","TB","PB","EB");
126 my $newsize=(int($bytesize*100 +0.5))/100;
127 return("$newsize $units[$i]");
128}
129
c6c9630e
MT		 130sub cleanssldatabase
131{
132 if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
133 print FILE "01";
134 close FILE;
135 }
136 if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt")) {
137 print FILE "";
138 close FILE;
139 }
140 unlink ("${General::swroot}/ovpn/certs/index.txt.old");
141 unlink ("${General::swroot}/ovpn/certs/serial.old");
142 unlink ("${General::swroot}/ovpn/certs/01.pem");
143}
144
145sub newcleanssldatabase
146{
147 if (! -s "${General::swroot}/ovpn/certs/serial" ) {
148 open(FILE, ">${General::swroot}(ovpn/certs/serial");
149 print FILE "01";
150 close FILE;
151 }
152 if (! -s ">${General::swroot}/ovpn/certs/index.txt") {
153 system ("touch ${General::swroot}/ovpn/certs/index.txt");
154 }
155 unlink ("${General::swroot}/ovpn/certs/index.txt.old");
156 unlink ("${General::swroot}/ovpn/certs/serial.old");
157}
158
159sub deletebackupcert
160{
161 if (open(FILE, "${General::swroot}/ovpn/certs/serial.old")) {
162 my $hexvalue = <FILE>;
163 chomp $hexvalue;
164 close FILE;
165 unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem");
166 }
167}
168
169sub checkportfw {
170 my $KEY2 = $_[0]; # key2
171 my $SRC_PORT = $_[1]; # src_port
172 my $PROTOCOL = $_[2]; # protocol
173 my $SRC_IP = $_[3]; # sourceip
174
175 my $pfwfilename = "${General::swroot}/portfw/config";
176 open(FILE, $pfwfilename) or die 'Unable to open config file.';
177 my @pfwcurrent = <FILE>;
178 close(FILE);
179 my $pfwkey1 = 0; # used for finding last sequence number used
180 foreach my $pfwline (@pfwcurrent)
181 {
182 my @pfwtemp = split(/\,/,$pfwline);
183
184 chomp ($pfwtemp[8]);
185 if ($KEY2 eq "0"){ # if key2 is 0 then it is a portfw addition
186 if ( $SRC_PORT eq $pfwtemp[3] &&
187 $PROTOCOL eq $pfwtemp[2] &&
188 $SRC_IP eq $pfwtemp[7])
189 {
190 $errormessage = "$Lang::tr{'source port in use'} $SRC_PORT";
191 }
192 # Check if key2 = 0, if it is then it is a port forward entry and we want the sequence number
193 if ( $pfwtemp[1] eq "0") {
194 $pfwkey1=$pfwtemp[0];
195 }
196 # Darren Critchley - Duplicate or overlapping Port range check
197 if ($pfwtemp[1] eq "0" &&
198 $PROTOCOL eq $pfwtemp[2] &&
199 $SRC_IP eq $pfwtemp[7] &&
200 $errormessage eq '')
201 {
202 &portchecks($SRC_PORT, $pfwtemp[5]);
203# &portchecks($pfwtemp[3], $pfwtemp[5]);
204# &portchecks($pfwtemp[3], $SRC_IP);
205 }
206 }
207 }
208# $errormessage="$KEY2 $SRC_PORT $PROTOCOL $SRC_IP";
209
210 return;
211}
212
213sub checkportoverlap
214{
215 my $portrange1 = $_[0]; # New port range
216 my $portrange2 = $_[1]; # existing port range
217 my @tempr1 = split(/\:/,$portrange1);
218 my @tempr2 = split(/\:/,$portrange2);
219
220 unless (&checkportinc($tempr1[0], $portrange2)){ return 0;}
221 unless (&checkportinc($tempr1[1], $portrange2)){ return 0;}
222
223 unless (&checkportinc($tempr2[0], $portrange1)){ return 0;}
224 unless (&checkportinc($tempr2[1], $portrange1)){ return 0;}
225
226 return 1; # Everything checks out!
227}
228
229# Darren Critchley - we want to make sure that a port entry is not within an already existing range
230sub checkportinc
231{
232 my $port1 = $_[0]; # Port
233 my $portrange2 = $_[1]; # Port range
234 my @tempr1 = split(/\:/,$portrange2);
235
236 if ($port1 < $tempr1[0] || $port1 > $tempr1[1]) {
237 return 1;
238 } else {
239 return 0;
240 }
241}
242# Darren Critchley - Duplicate or overlapping Port range check
243sub portchecks
244{
245 my $p1 = $_[0]; # New port range
246 my $p2 = $_[1]; # existing port range
247# $_ = $_[0];
248 our ($prtrange1, $prtrange2);
249 $prtrange1 = 0;
250# if (m/:/ && $prtrange1 == 1) { # comparing two port ranges
251# unless (&checkportoverlap($p1,$p2)) {
252# $errormessage = "$Lang::tr{'source port overlaps'} $p1";
253# }
254# }
255 if (m/:/ && $prtrange1 == 0 && $errormessage eq '') { # compare one port to a range
256 unless (&checkportinc($p2,$p1)) {
257 $errormessage = "$Lang::tr{'srcprt within existing'} $p1";
258 }
259 }
260 $prtrange1 = 1;
261 if (! m/:/ && $prtrange1 == 1 && $errormessage eq '') { # compare one port to a range
262 unless (&checkportinc($p1,$p2)) {
263 $errormessage = "$Lang::tr{'srcprt range overlaps'} $p2";
264 }
265 }
266 return;
267}
268
269# Darren Critchley - certain ports are reserved for IPFire
270# TCP 67,68,81,222,445
271# UDP 67,68
272# Params passed in -> port, rangeyn, protocol
273sub disallowreserved
274{
275 # port 67 and 68 same for tcp and udp, don't bother putting in an array
276 my $msg = "";
277 my @tcp_reserved = (81,222,445);
278 my $prt = $_[0]; # the port or range
279 my $ryn = $_[1]; # tells us whether or not it is a port range
280 my $prot = $_[2]; # protocol
281 my $srcdst = $_[3]; # source or destination
282 if ($ryn) { # disect port range
283 if ($srcdst eq "src") {
284 $msg = "$Lang::tr{'rsvd src port overlap'}";
285 } else {
286 $msg = "$Lang::tr{'rsvd dst port overlap'}";
287 }
288 my @tmprng = split(/\:/,$prt);
289 unless (67 < $tmprng[0] || 67 > $tmprng[1]) { $errormessage="$msg 67"; return; }
290 unless (68 < $tmprng[0] || 68 > $tmprng[1]) { $errormessage="$msg 68"; return; }
291 if ($prot eq "tcp") {
292 foreach my $prange (@tcp_reserved) {
293 unless ($prange < $tmprng[0] || $prange > $tmprng[1]) { $errormessage="$msg $prange"; return; }
294 }
295 }
296 } else {
297 if ($srcdst eq "src") {
298 $msg = "$Lang::tr{'reserved src port'}";
299 } else {
300 $msg = "$Lang::tr{'reserved dst port'}";
301 }
302 if ($prt == 67) { $errormessage="$msg 67"; return; }
303 if ($prt == 68) { $errormessage="$msg 68"; return; }
304 if ($prot eq "tcp") {
305 foreach my $prange (@tcp_reserved) {
306 if ($prange == $prt) { $errormessage="$msg $prange"; return; }
307 }
308 }
309 }
310 return;
311}
312
313sub writeserverconf {
54fd0535
MT		 314 my %sovpnsettings = ();
315 my @temp = ();
c6c9630e 316 &General::readhash("${General::swroot}/ovpn/settings", \%sovpnsettings);
54fd0535
MT		 317 &read_routepushfile;
318
c6c9630e
MT		 319 open(CONF, ">${General::swroot}/ovpn/server.conf") or die "Unable to open ${General::swroot}/ovpn/server.conf: $!";
320 flock CONF, 2;
321 print CONF "#OpenVPN Server conf\n";
322 print CONF "\n";
323 print CONF "daemon openvpnserver\n";
324 print CONF "writepid /var/run/openvpn.pid\n";
afabe9f7 325 print CONF "#DAN prepare OpenVPN for listening on blue and orange\n";
c6c9630e
MT		 326 print CONF ";local $sovpnsettings{'VPN_IP'}\n";
327 print CONF "dev $sovpnsettings{'DDEVICE'}\n";
c6c9630e
MT		 328 print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
329 print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
2b29c22e 330 print CONF "script-security 3 system\n";
07675dc3 331 print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n";
6140e7e0 332 print CONF "client-config-dir /var/ipfire/ovpn/ccd\n";
c6c9630e
MT		 333 print CONF "tls-server\n";
334 print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n";
335 print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n";
336 print CONF "key /var/ipfire/ovpn/certs/serverkey.pem\n";
337 print CONF "dh /var/ipfire/ovpn/ca/dh1024.pem\n";
338 my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'});
339 print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n";
8c877a82 340 #print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
2ee746be
SS		 341
342 # Check if we are using mssfix, fragment or mtu-disc and set the corretct mtu of 1500.
343 # If we doesn't use one of them, we can use the configured mtu value.
344 if ($sovpnsettings{'MSSFIX'} eq 'on')
345 { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
346 elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp')
347 { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
1647059d
SS		 348 elsif (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
349 ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
350 ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
2ee746be
SS		 351 { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
352 else
353 { print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; }
354
54fd0535 355 if ($vpnsettings{'ROUTES_PUSH'} ne '') {
8c877a82
AM		 356 @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'});
357 foreach (@temp)
358 {
359 @tempovpnsubnet = split("\/",&General::ipcidr2msk($_));
360 print CONF "push \"route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . "\"\n";
361 }
54fd0535 362 }
8c877a82
AM		 363# a.marx ccd
364 my %ccdconfhash=();
365 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
366 foreach my $key (keys %ccdconfhash) {
367 my $a=$ccdconfhash{$key}[1];
368 my ($b,$c) = split (/\//, $a);
369 print CONF "route $b ".&General::cidrtosub($c)."\n";
370 }
371 my %ccdroutehash=();
372 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
373 foreach my $key (keys %ccdroutehash) {
374 foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
375 my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]);
376 print CONF "route $a $b\n";
377 }
378 }
379# ccd end
54fd0535 380
8c877a82 381 if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
c6c9630e
MT		 382 print CONF "client-to-client\n";
383 }
1de5c945
EK		 384 if ($sovpnsettings{MSSFIX} eq 'on') {
385 print CONF "mssfix\n";
386 }
387 if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') {
388 print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
a79fa1d6 389 }
2ee746be 390
1647059d
SS		 391 # Check if a valid operating mode has been choosen and use it.
392 if (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
393 ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
394 ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' )) {
395 print CONF "mtu-disc $sovpnsettings{'PMTU_DISCOVERY'}\n";
2ee746be
SS		 396 }
397
c6c9630e
MT		 398 if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {
399 print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
400 }
401 print CONF "status-version 1\n";
4e17adad 402 print CONF "status /var/log/ovpnserver.log 30\n";
c6c9630e
MT		 403 print CONF "cipher $sovpnsettings{DCIPHER}\n";
404 if ($sovpnsettings{DCOMPLZO} eq 'on') {
405 print CONF "comp-lzo\n";
406 }
407 if ($sovpnsettings{REDIRECT_GW_DEF1} eq 'on') {
408 print CONF "push \"redirect-gateway def1\"\n";
409 }
410 if ($sovpnsettings{DHCP_DOMAIN} ne '') {
411 print CONF "push \"dhcp-option DOMAIN $sovpnsettings{DHCP_DOMAIN}\"\n";
412 }
413
414 if ($sovpnsettings{DHCP_DNS} ne '') {
415 print CONF "push \"dhcp-option DNS $sovpnsettings{DHCP_DNS}\"\n";
416 }
417
418 if ($sovpnsettings{DHCP_WINS} ne '') {
419 print CONF "push \"dhcp-option WINS $sovpnsettings{DHCP_WINS}\"\n";
420 }
421
422 if ($sovpnsettings{DHCP_WINS} eq '') {
423 print CONF "max-clients 100\n";
a79fa1d6 424 }
c6c9630e
MT		 425 if ($sovpnsettings{DHCP_WINS} ne '') {
426 print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n";
427 }
428 print CONF "tls-verify /var/ipfire/ovpn/verify\n";
429 print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n";
430 print CONF "user nobody\n";
431 print CONF "group nobody\n";
432 print CONF "persist-key\n";
433 print CONF "persist-tun\n";
434 if ($sovpnsettings{LOG_VERB} ne '') {
435 print CONF "verb $sovpnsettings{LOG_VERB}\n";
436 } else {
437 print CONF "verb 3\n";
438 }
439 print CONF "\n";
440
441 close(CONF);
442}
8c877a82 443
c6c9630e 444sub emptyserverlog{
4e17adad 445 if (open(FILE, ">/var/log/ovpnserver.log")) {
c6c9630e
MT		 446 flock FILE, 2;
447 print FILE "";
448 close FILE;
449 }
450
451}
452
8c877a82
AM		 453sub delccdnet
454{
455 my %ccdconfhash = ();
456 my %ccdhash = ();
457 my $ccdnetname=$_[0];
458 if (-f "${General::swroot}/ovpn/ovpnconfig"){
459 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
460 foreach my $key (keys %ccdhash) {
461 if ($ccdhash{$key}[32] eq $ccdnetname) {
462 $errormessage=$Lang::tr{'ccd err hostinnet'};
463 return;
464 }
465 }
466 }
467 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
468 foreach my $key (keys %ccdconfhash) {
469 if ($ccdconfhash{$key}[0] eq $ccdnetname){
470 delete $ccdconfhash{$key};
471 }
472 }
473 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
474
475 &writeserverconf;
476 return 0;
477}
478
479sub addccdnet
480{
481 my %ccdconfhash=();
482 my @ccdconf=();
483 my $ccdname=$_[0];
484 my $ccdnet=$_[1];
8c877a82
AM		 485 my $subcidr;
486 my @ip2=();
487 my $checkup;
488 my $ccdip;
489 my $baseaddress;
290007b3
AM		 490
491
492 #check name
493 if ($ccdname eq '')
494 {
495 $errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>";
496 return
497 }
498
499 if(!&General::validhostname($ccdname))
500 {
8c877a82
AM		 501 $errormessage=$Lang::tr{'ccd err invalidname'};
502 return;
503 }
290007b3
AM		 504
505 ($ccdip,$subcidr) = split (/\//,$ccdnet);
506 $subcidr=&General::iporsubtocidr($subcidr);
507 #check subnet
508 if ($subcidr > 30)
509 {
8c877a82
AM		 510 $errormessage=$Lang::tr{'ccd err invalidnet'};
511 return;
512 }
290007b3
AM		 513 #check ip
514 if (!&General::validipandmask($ccdnet)){
515 $errormessage=$Lang::tr{'ccd err invalidnet'};
516 return;
8c877a82 517 }
290007b3 518
e2429e8d 519 $errormessage=&General::checksubnets($ccdname,$ccdnet);
290007b3 520
8c877a82
AM		 521
522 if (!$errormessage) {
523 my %ccdconfhash=();
524 $baseaddress=&General::getnetworkip($ccdip,$subcidr);
525 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
526 my $key = &General::findhasharraykey (\%ccdconfhash);
527 foreach my $i (0 .. 1) { $ccdconfhash{$key}[$i] = "";}
528 $ccdconfhash{$key}[0] = $ccdname;
529 $ccdconfhash{$key}[1] = $baseaddress."/".$subcidr;
530 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
531 &writeserverconf;
532 $cgiparams{'ccdname'}='';
533 $cgiparams{'ccdsubnet'}='';
534 return 1;
535 }
536}
537
538sub modccdnet
539{
540
541 my $newname=$_[0];
542 my $oldname=$_[1];
543 my %ccdconfhash=();
544 my %ccdhash=();
545 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
546 foreach my $key (keys %ccdconfhash) {
547 if ($ccdconfhash{$key}[0] eq $oldname) {
548 foreach my $key1 (keys %ccdconfhash) {
549 if ($ccdconfhash{$key1}[0] eq $newname){
550 $errormessage=$errormessage.$Lang::tr{'ccd err netadrexist'};
551 return;
552 }else{
553 $ccdconfhash{$key}[0]= $newname;
554 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
555 last;
556 }
557 }
558 }
559 }
560
561 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
562 foreach my $key (keys %ccdhash) {
563 if ($ccdhash{$key}[32] eq $oldname) {
564 $ccdhash{$key}[32]=$newname;
565 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
566 last;
567 }
568 }
569
570 return 0;
571}
572sub ccdmaxclients
573{
574 my $ccdnetwork=$_[0];
575 my @octets=();
576 my @subnet=();
577 @octets=split("\/",$ccdnetwork);
578 @subnet= split /\./, &General::cidrtosub($octets[1]);
579 my ($a,$b,$c,$d,$e);
580 $a=256-$subnet[0];
581 $b=256-$subnet[1];
582 $c=256-$subnet[2];
583 $d=256-$subnet[3];
584 $e=($a*$b*$c*$d)/4;
585 return $e-1;
586}
587
588sub getccdadresses
589{
590 my $ipin=$_[0];
591 my ($ip1,$ip2,$ip3,$ip4)=split /\./, $ipin;
592 my $cidr=$_[1];
593 chomp($cidr);
594 my $count=$_[2];
595 my $hasip=$_[3];
596 chomp($hasip);
597 my @iprange=();
598 my %ccdhash=();
599 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
600 $iprange[0]=$ip1.".".$ip2.".".$ip3.".".2;
ac87f371 601 for (my $i=1;$i<=$count;$i++) {
8c877a82
AM		 602 my $tmpip=$iprange[$i-1];
603 my $stepper=$i*4;
604 $iprange[$i]= &General::getnextip($tmpip,4);
605 }
606 my $r=0;
607 foreach my $key (keys %ccdhash) {
608 $r=0;
609 foreach my $tmp (@iprange){
610 my ($net,$sub) = split (/\//,$ccdhash{$key}[33]);
611 if ($net eq $tmp) {
612 if ( $hasip ne $ccdhash{$key}[33] ){
613 splice (@iprange,$r,1);
614 }
615 }
616 $r++;
617 }
618 }
619 return @iprange;
620}
621
622sub fillselectbox
623{
624 my $boxname=$_[1];
625 my ($ccdip,$subcidr) = split("/",$_[0]);
626 my $tz=$_[2];
627 my @allccdips=&getccdadresses($ccdip,$subcidr,&ccdmaxclients($ccdip."/".$subcidr),$tz);
628 print"<select name='$boxname' STYLE='font-family : arial; font-size : 9pt; width:130px;' >";
629 foreach (@allccdips) {
630 my $ip=$_."/30";
631 chomp($ip);
632 print "<option value='$ip' ";
633 if ( $ip eq $cgiparams{$boxname} ){
634 print"selected";
635 }
636 print ">$ip</option>";
637 }
638 print "</select>";
639}
640
641sub hostsinnet
642{
643 my $name=$_[0];
644 my %ccdhash=();
645 my $i=0;
646 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
647 foreach my $key (keys %ccdhash) {
648 if ($ccdhash{$key}[32] eq $name){ $i++;}
649 }
650 return $i;
651}
652
653sub check_routes_push
654{
655 my $val=$_[0];
656 my ($ip,$cidr) = split (/\//, $val);
657 ##check for existing routes in routes_push
658 if (-e "${General::swroot}/ovpn/routes_push") {
659 open(FILE,"${General::swroot}/ovpn/routes_push");
660 while (<FILE>) {
661 $_=~s/\s*$//g;
662
663 my ($ip2,$cidr2) = split (/\//,"$_");
664 my $val2=$ip2."/".&General::iporsubtodec($cidr2);
665
666 if($val eq $val2){
667 return 0;
668 }
669 #subnetcheck
670 if (&General::IpInSubnet ($ip,$ip2,&General::iporsubtodec($cidr2))){
671 return 0;
672 }
673 };
674 close(FILE);
675 }
676 return 1;
677}
678
679sub check_ccdroute
680{
681 my %ccdroutehash=();
682 my $val=$_[0];
683 my ($ip,$cidr) = split (/\//, $val);
684 #check for existing routes in ccdroute
685 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
686 foreach my $key (keys %ccdroutehash) {
687 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
688 if (&General::iporsubtodec($val) eq $ccdroutehash{$key}[$i] && $ccdroutehash{$key}[0] ne $cgiparams{'NAME'}){
689 return 0;
690 }
691 my ($ip2,$cidr2) = split (/\//,$ccdroutehash{$key}[$i]);
692 #subnetcheck
693 if (&General::IpInSubnet ($ip,$ip2,$cidr2)&& $ccdroutehash{$key}[0] ne $cgiparams{'NAME'} ){
694 return 0;
695 }
696 }
697 }
698 return 1;
699}
700sub check_ccdconf
701{
702 my %ccdconfhash=();
703 my $val=$_[0];
704 my ($ip,$cidr) = split (/\//, $val);
705 #check for existing routes in ccdroute
706 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
707 foreach my $key (keys %ccdconfhash) {
708 if (&General::iporsubtocidr($val) eq $ccdconfhash{$key}[1]){
709 return 0;
710 }
711 my ($ip2,$cidr2) = split (/\//,$ccdconfhash{$key}[1]);
712 #subnetcheck
713 if (&General::IpInSubnet ($ip,$ip2,&General::cidrtosub($cidr2))){
714 return 0;
715 }
716
717 }
718 return 1;
719}
720
7c1d9faf
AH		 721###
722# m.a.d net2net
723###
724
725sub validdotmask
726{
727 my $ipdotmask = $_[0];
728 if (&General::validip($ipdotmask)) { return 0; }
729 if (!($ipdotmask =~ /^(.*?)\/(.*?)$/)) { }
730 my $mask = $2;
731 if (($mask =~ /\./ )) { return 0; }
732 return 1;
733}
54fd0535
MT		 734
735# -------------------------------------------------------------------
736
737sub write_routepushfile
738{
739 open(FILE, ">$routes_push_file");
740 flock(FILE, 2);
741 if ($vpnsettings{'ROUTES_PUSH'} ne '') {
742 print FILE $vpnsettings{'ROUTES_PUSH'};
743 }
744 close(FILE);
745}
746
747sub read_routepushfile
748{
749 if (-e "$routes_push_file") {
750 open(FILE,"$routes_push_file");
751 delete $vpnsettings{'ROUTES_PUSH'};
752 while (<FILE>) { $vpnsettings{'ROUTES_PUSH'} .= $_ };
753 close(FILE);
754 $cgiparams{'ROUTES_PUSH'} = $vpnsettings{'ROUTES_PUSH'};
8c877a82 755
54fd0535
MT		 756 }
757}
7c1d9faf
AH		 758
759
c6c9630e
MT		 760#hier die refresh page
761if ( -e "${General::swroot}/ovpn/gencanow") {
762 my $refresh = '';
763 $refresh = "<meta http-equiv='refresh' content='15;' />";
764 &Header::showhttpheaders();
765 &Header::openpage($Lang::tr{'OVPN'}, 1, $refresh);
766 &Header::openbigbox('100%', 'center');
767 &Header::openbox('100%', 'left', "$Lang::tr{'generate root/host certificates'}:");
768 print "<tr>\n<td align='center'><img src='/images/clock.gif' alt='' /></td>\n";
769 print "<td colspan='2'><font color='red'>Please be patient this realy can take some time on older hardware...</font></td></tr>\n";
770 &Header::closebox();
771 &Header::closebigbox();
772 &Header::closepage();
773 exit (0);
774}
775##hier die refresh page
776
6e13d0a5
MT		 777
778###
779### OpenVPN Server Control
780###
781if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'} ||
782 $cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'} ||
783 $cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}) {
6e13d0a5
MT		 784 #start openvpn server
785 if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'}){
c6c9630e 786 &emptyserverlog();
6e13d0a5
MT		 787 system('/usr/local/bin/openvpnctrl', '-s');
788 }
789 #stop openvpn server
790 if ($cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'}){
6e13d0a5 791 system('/usr/local/bin/openvpnctrl', '-k');
c6c9630e 792 &emptyserverlog();
6e13d0a5
MT		 793 }
794# #restart openvpn server
8c877a82 795# if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){
6e13d0a5 796#workarund, till SIGHUP also works when running as nobody
8c877a82
AM		 797# system('/usr/local/bin/openvpnctrl', '-r');
798# &emptyserverlog();
799# }
6e13d0a5
MT		 800}
801
802###
803### Save Advanced options
804###
805
806if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
807 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
808 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
809 #DAN this value has to leave.
810#new settings for daemon
811 $vpnsettings{'LOG_VERB'} = $cgiparams{'LOG_VERB'};
812 $vpnsettings{'KEEPALIVE_1'} = $cgiparams{'KEEPALIVE_1'};
813 $vpnsettings{'KEEPALIVE_2'} = $cgiparams{'KEEPALIVE_2'};
814 $vpnsettings{'MAX_CLIENTS'} = $cgiparams{'MAX_CLIENTS'};
815 $vpnsettings{'REDIRECT_GW_DEF1'} = $cgiparams{'REDIRECT_GW_DEF1'};
816 $vpnsettings{'CLIENT2CLIENT'} = $cgiparams{'CLIENT2CLIENT'};
817 $vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'};
818 $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
819 $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
54fd0535 820 $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
2ee746be 821 $vpnsettings{'PMTU_DISCOVERY'} = $cgiparams{'PMTU_DISCOVERY'};
54fd0535 822 my @temp=();
6e13d0a5 823
a79fa1d6
JPT		 824 if ($cgiparams{'FRAGMENT'} eq '') {
825 delete $vpnsettings{'FRAGMENT'};
826 } else {
827 if ($cgiparams{'FRAGMENT'} !~ /^[0-9]+$/) {
828 $errormessage = "Incorrect value, please insert only numbers.";
829 goto ADV_ERROR;
830 } else {
831 $vpnsettings{'FRAGMENT'} = $cgiparams{'FRAGMENT'};
832 }
833 }
834 if ($cgiparams{'MSSFIX'} ne 'on') {
1de5c945 835 delete $vpnsettings{'MSSFIX'};
a79fa1d6
JPT		 836 } else {
837 $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
838 }
2ee746be 839
1647059d
SS		 840 if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
841 ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
842 ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
843
2ee746be
SS		 844 if (($cgiparams{'MSSFIX'} eq 'on') || ($cgiparams{'FRAGMENT'} ne '')) {
845 $errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'};
846 goto ADV_ERROR;
847 }
848 }
849
6e13d0a5 850 if ($cgiparams{'DHCP_DOMAIN'} ne ''){
81da1b01 851 unless (&General::validdomainname($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
6e13d0a5
MT		 852 $errormessage = $Lang::tr{'invalid input for dhcp domain'};
853 goto ADV_ERROR;
854 }
855 }
856 if ($cgiparams{'DHCP_DNS'} ne ''){
857 unless (&General::validfqdn($cgiparams{'DHCP_DNS'}) || &General::validip($cgiparams{'DHCP_DNS'})) {
858 $errormessage = $Lang::tr{'invalid input for dhcp dns'};
859 goto ADV_ERROR;
860 }
861 }
862 if ($cgiparams{'DHCP_WINS'} ne ''){
863 unless (&General::validfqdn($cgiparams{'DHCP_WINS'}) || &General::validip($cgiparams{'DHCP_WINS'})) {
864 $errormessage = $Lang::tr{'invalid input for dhcp wins'};
54fd0535
MT		 865 goto ADV_ERROR;
866 }
867 }
868 if ($cgiparams{'ROUTES_PUSH'} ne ''){
869 @temp = split(/\n/,$cgiparams{'ROUTES_PUSH'});
870 undef $vpnsettings{'ROUTES_PUSH'};
8c877a82
AM		 871
872 foreach my $tmpip (@temp)
54fd0535
MT		 873 {
874 s/^\s+//g; s/\s+$//g;
8c877a82
AM		 875
876 if ($tmpip)
54fd0535 877 {
8c877a82
AM		 878 $tmpip=~s/\s*$//g;
879 unless (&General::validipandmask($tmpip)) {
880 $errormessage = "$tmpip ".$Lang::tr{'ovpn errmsg invalid ip or mask'};
881 goto ADV_ERROR;
54fd0535 882 }
8c877a82
AM		 883 my ($ip, $cidr) = split("\/",&General::ipcidr2msk($tmpip));
884
54fd0535
MT		 885 if ($ip eq $netsettings{'GREEN_NETADDRESS'} && $cidr eq $netsettings{'GREEN_NETMASK'}) {
886 $errormessage = $Lang::tr{'ovpn errmsg green already pushed'};
8c877a82
AM		 887 goto ADV_ERROR;
888 }
889# a.marx ccd
890 my %ccdroutehash=();
891 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
892 foreach my $key (keys %ccdroutehash) {
893 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
894 if ( $ip."/".$cidr eq $ccdroutehash{$key}[$i] ){
895 $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ;
896 goto ADV_ERROR;
897 }
898 my ($ip2,$cidr2) = split(/\//,$ccdroutehash{$key}[$i]);
899 if (&General::IpInSubnet ($ip,$ip2,$cidr2)){
900 $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ;
901 goto ADV_ERROR;
902 }
903 }
54fd0535 904 }
8c877a82
AM		 905
906# ccd end
907
908 $vpnsettings{'ROUTES_PUSH'} .= $tmpip."\n";
54fd0535 909 }
8c877a82
AM		 910 }
911 &write_routepushfile;
54fd0535 912 undef $vpnsettings{'ROUTES_PUSH'};
8e148dc3
NP		 913 }
914 else {
915 undef $vpnsettings{'ROUTES_PUSH'};
916 &write_routepushfile;
6e13d0a5 917 }
6e13d0a5
MT		 918 if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 255 )) {
919 $errormessage = $Lang::tr{'invalid input for max clients'};
920 goto ADV_ERROR;
921 }
922 if ($cgiparams{'KEEPALIVE_1'} ne '') {
923 if ($cgiparams{'KEEPALIVE_1'} !~ /^[0-9]+$/) {
924 $errormessage = $Lang::tr{'invalid input for keepalive 1'};
925 goto ADV_ERROR;
926 }
927 }
928 if ($cgiparams{'KEEPALIVE_2'} ne ''){
929 if ($cgiparams{'KEEPALIVE_2'} !~ /^[0-9]+$/) {
930 $errormessage = $Lang::tr{'invalid input for keepalive 2'};
931 goto ADV_ERROR;
932 }
933 }
934 if ($cgiparams{'KEEPALIVE_2'} < ($cgiparams{'KEEPALIVE_1'} * 2)){
935 $errormessage = $Lang::tr{'invalid input for keepalive 1:2'};
936 goto ADV_ERROR;
937 }
938
939 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
c6c9630e 940 &writeserverconf();#hier ok
6e13d0a5
MT		 941}
942
ce9abb66 943###
7c1d9faf 944# m.a.d net2net
ce9abb66
AH		 945###
946
947if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'server')
948{
c6c9630e 949
ce9abb66
AH		 950my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
951my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'});
54fd0535 952my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
d96c89eb 953my $tunmtu = '';
531f0835
AH		 954
955unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
956unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
ce9abb66
AH		 957
958 open(SERVERCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
959
960 flock SERVERCONF, 2;
7c1d9faf 961 print SERVERCONF "# IPFire n2n Open VPN Server Config by ummeegge und m.a.d\n";
ce9abb66 962 print SERVERCONF "\n";
b278daf3 963 print SERVERCONF "# User Security\n";
ce9abb66
AH		 964 print SERVERCONF "user nobody\n";
965 print SERVERCONF "group nobody\n";
966 print SERVERCONF "persist-tun\n";
967 print SERVERCONF "persist-key\n";
7c1d9faf 968 print SERVERCONF "script-security 2\n";
60f396d7 969 print SERVERCONF "# IP/DNS for remote Server Gateway\n";
c125d8a2
SS		 970
971 if ($cgiparams{'REMOTE'} ne '') {
ce9abb66 972 print SERVERCONF "remote $cgiparams{'REMOTE'}\n";
c125d8a2
SS		 973 }
974
b278daf3 975 print SERVERCONF "float\n";
60f396d7 976 print SERVERCONF "# IP adresses of the VPN Subnet\n";
ce9abb66 977 print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n";
60f396d7 978 print SERVERCONF "# Client Gateway Network\n";
54fd0535 979 print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n";
60f396d7 980 print SERVERCONF "# tun Device\n";
ce9abb66 981 print SERVERCONF "dev tun\n";
60f396d7 982 print SERVERCONF "# Port and Protokol\n";
ce9abb66 983 print SERVERCONF "port $cgiparams{'DEST_PORT'}\n";
60f396d7
AH		 984
985 if ($cgiparams{'PROTOCOL'} eq 'tcp') {
986 print SERVERCONF "proto tcp-server\n";
987 print SERVERCONF "# Packet size\n";
d96c89eb 988 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
60f396d7 989 print SERVERCONF "tun-mtu $tunmtu\n";
d96c89eb 990 }
60f396d7
AH		 991
992 if ($cgiparams{'PROTOCOL'} eq 'udp') {
993 print SERVERCONF "proto udp\n";
994 print SERVERCONF "# Paketsize\n";
995 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
996 print SERVERCONF "tun-mtu $tunmtu\n";
54fd0535
MT		 997 if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";}
998 if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; };
d96c89eb 999 }
1647059d
SS		 1000
1001 # Check if a valid operating mode has been choosen and use it.
1002 if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
1003 ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
1004 ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
2ee746be
SS		 1005 if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) {
1006 if($cgiparams{'MTU'} eq '1500') {
1007 print SERVERCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n";
1008 }
1009 }
1010 }
60f396d7 1011 print SERVERCONF "# Auth. Server\n";
ce9abb66
AH		 1012 print SERVERCONF "tls-server\n";
1013 print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
1014 print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
1015 print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
1016 print SERVERCONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n";
b278daf3 1017 print SERVERCONF "# Cipher\n";
ce9abb66
AH		 1018 print SERVERCONF "cipher AES-256-CBC\n";
1019 if ($cgiparams{'COMPLZO'} eq 'on') {
60f396d7 1020 print SERVERCONF "# Enable Compression\n";
ce9abb66 1021 print SERVERCONF "comp-lzo\r\n";
b278daf3 1022 }
60f396d7 1023 print SERVERCONF "# Debug Level\n";
ce9abb66 1024 print SERVERCONF "verb 3\n";
b278daf3 1025 print SERVERCONF "# Tunnel check\n";
ce9abb66 1026 print SERVERCONF "keepalive 10 60\n";
60f396d7 1027 print SERVERCONF "# Start as daemon\n";
ce9abb66
AH		 1028 print SERVERCONF "daemon $cgiparams{'NAME'}n2n\n";
1029 print SERVERCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n";
60f396d7 1030 print SERVERCONF "# Activate Management Interface and Port\n";
54fd0535
MT		 1031 if ($cgiparams{'OVPN_MGMT'} eq '') {print SERVERCONF "management localhost $cgiparams{'DEST_PORT'}\n"}
1032 else {print SERVERCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"};
ce9abb66
AH		 1033 close(SERVERCONF);
1034
1035}
1036
1037###
7c1d9faf 1038# m.a.d net2net
ce9abb66 1039###
7c1d9faf 1040
ce9abb66
AH		 1041if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client')
1042{
1043 my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'});
54fd0535 1044 my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
ce9abb66 1045 my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
d96c89eb 1046 my $tunmtu = '';
54fd0535 1047
531f0835
AH		 1048unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
1049unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
ce9abb66
AH		 1050
1051 open(CLIENTCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
1052
1053 flock CLIENTCONF, 2;
7c1d9faf 1054 print CLIENTCONF "# IPFire rewritten n2n Open VPN Client Config by ummeegge und m.a.d\n";
ce9abb66 1055 print CLIENTCONF "#\n";
b278daf3 1056 print CLIENTCONF "# User Security\n";
ce9abb66
AH		 1057 print CLIENTCONF "user nobody\n";
1058 print CLIENTCONF "group nobody\n";
1059 print CLIENTCONF "persist-tun\n";
1060 print CLIENTCONF "persist-key\n";
7c1d9faf 1061 print CLIENTCONF "script-security 2\n";
60f396d7 1062 print CLIENTCONF "# IP/DNS for remote Server Gateway\n";
ce9abb66 1063 print CLIENTCONF "remote $cgiparams{'REMOTE'}\n";
b278daf3 1064 print CLIENTCONF "float\n";
60f396d7 1065 print CLIENTCONF "# IP adresses of the VPN Subnet\n";
ce9abb66 1066 print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n";
60f396d7 1067 print CLIENTCONF "# Server Gateway Network\n";
54fd0535 1068 print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";
60f396d7 1069 print CLIENTCONF "# tun Device\n";
ce9abb66 1070 print CLIENTCONF "dev tun\n";
60f396d7 1071 print CLIENTCONF "# Port and Protokol\n";
ce9abb66 1072 print CLIENTCONF "port $cgiparams{'DEST_PORT'}\n";
60f396d7
AH		 1073
1074 if ($cgiparams{'PROTOCOL'} eq 'tcp') {
1075 print CLIENTCONF "proto tcp-client\n";
1076 print CLIENTCONF "# Packet size\n";
d96c89eb 1077 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
60f396d7 1078 print CLIENTCONF "tun-mtu $tunmtu\n";
d96c89eb 1079 }
60f396d7
AH		 1080
1081 if ($cgiparams{'PROTOCOL'} eq 'udp') {
1082 print CLIENTCONF "proto udp\n";
1083 print CLIENTCONF "# Paketsize\n";
1084 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
1085 print CLIENTCONF "tun-mtu $tunmtu\n";
54fd0535
MT		 1086 if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";}
1087 if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; };
d96c89eb 1088 }
1647059d
SS		 1089
1090 # Check if a valid operating mode has been choosen and use it.
1091 if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
1092 ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
1093 ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
2ee746be
SS		 1094 if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) {
1095 if ($cgiparams{'MTU'} eq '1500') {
1096 print CLIENTCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n";
1097 }
1098 }
1647059d
SS		 1099 }
1100
54fd0535 1101 print CLIENTCONF "ns-cert-type server\n";
ce9abb66
AH		 1102 print CLIENTCONF "# Auth. Client\n";
1103 print CLIENTCONF "tls-client\n";
b278daf3 1104 print CLIENTCONF "# Cipher\n";
ce9abb66
AH		 1105 print CLIENTCONF "cipher AES-256-CBC\n";
1106 print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n";
ce9abb66 1107 if ($cgiparams{'COMPLZO'} eq 'on') {
60f396d7 1108 print CLIENTCONF "# Enable Compression\n";
ce9abb66 1109 print CLIENTCONF "comp-lzo\r\n";
b278daf3 1110 }
ce9abb66
AH		 1111 print CLIENTCONF "# Debug Level\n";
1112 print CLIENTCONF "verb 3\n";
b278daf3 1113 print CLIENTCONF "# Tunnel check\n";
ce9abb66 1114 print CLIENTCONF "keepalive 10 60\n";
60f396d7 1115 print CLIENTCONF "# Start as daemon\n";
ce9abb66
AH		 1116 print CLIENTCONF "daemon $cgiparams{'NAME'}n2n\n";
1117 print CLIENTCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n";
60f396d7 1118 print CLIENTCONF "# Activate Management Interface and Port\n";
54fd0535
MT		 1119 if ($cgiparams{'OVPN_MGMT'} eq '') {print CLIENTCONF "management localhost $cgiparams{'DEST_PORT'}\n"}
1120 else {print CLIENTCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"};
ce9abb66 1121 close(CLIENTCONF);
c6c9630e 1122
ce9abb66
AH		 1123}
1124
6e13d0a5
MT		 1125###
1126### Save main settings
1127###
ce9abb66
AH		 1128
1129
6e13d0a5
MT		 1130if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') {
1131 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
6e13d0a5
MT		 1132 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
1133 #DAN this value has to leave.
1134 if ($cgiparams{'ENABLED'} eq 'on'){
1135 unless (&General::validfqdn($cgiparams{'VPN_IP'}) || &General::validip($cgiparams{'VPN_IP'})) {
1136 $errormessage = $Lang::tr{'invalid input for hostname'};
c6c9630e 1137 goto SETTINGS_ERROR;
6e13d0a5
MT		 1138 }
1139 }
1140 if ($cgiparams{'ENABLED'} eq 'on'){
c6c9630e 1141 &disallowreserved($cgiparams{'DDEST_PORT'},0,$cgiparams{'DPROTOCOL'},"dest");
6e13d0a5
MT		 1142 }
1143 if ($errormessage) { goto SETTINGS_ERROR; }
1144
1145
1146 if ($cgiparams{'ENABLED'} eq 'on'){
c6c9630e 1147 &checkportfw(0,$cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'},'0.0.0.0');
6e13d0a5
MT		 1148 }
1149
1150 if ($errormessage) { goto SETTINGS_ERROR; }
1151
1152 if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) {
c6c9630e
MT		 1153 $errormessage = $Lang::tr{'ovpn subnet is invalid'};
1154 goto SETTINGS_ERROR;
1155 }
1156 my @tmpovpnsubnet = split("\/",$cgiparams{'DOVPN_SUBNET'});
1157
1158 if (&General::IpInSubnet ( $netsettings{'RED_ADDRESS'},
1159 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1160 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire RED Network $netsettings{'RED_ADDRESS'}";
1161 goto SETTINGS_ERROR;
1162 }
1163
1164 if (&General::IpInSubnet ( $netsettings{'GREEN_ADDRESS'},
1165 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1166 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Green Network $netsettings{'GREEN_ADDRESS'}";
1167 goto SETTINGS_ERROR;
1168 }
1169
1170 if (&General::IpInSubnet ( $netsettings{'BLUE_ADDRESS'},
1171 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1172 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Blue Network $netsettings{'BLUE_ADDRESS'}";
1173 goto SETTINGS_ERROR;
1174 }
1175
1176 if (&General::IpInSubnet ( $netsettings{'ORANGE_ADDRESS'},
1177 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1178 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Orange Network $netsettings{'ORANGE_ADDRESS'}";
1179 goto SETTINGS_ERROR;
1180 }
1181 open(ALIASES, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.';
1182 while (<ALIASES>)
1183 {
1184 chomp($_);
1185 my @tempalias = split(/\,/,$_);
1186 if ($tempalias[1] eq 'on') {
1187 if (&General::IpInSubnet ($tempalias[0] ,
1188 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1189 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire alias entry $tempalias[0]";
1190 }
1191 }
1192 }
1193 close(ALIASES);
6e13d0a5 1194 if ($errormessage ne ''){
c6c9630e 1195 goto SETTINGS_ERROR;
6e13d0a5
MT		 1196 }
1197 if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
1198 $errormessage = $Lang::tr{'invalid input'};
1199 goto SETTINGS_ERROR;
1200 }
1201 if ((length($cgiparams{'DMTU'})==0) || (($cgiparams{'DMTU'}) < 1000 )) {
1202 $errormessage = $Lang::tr{'invalid mtu input'};
1203 goto SETTINGS_ERROR;
1204 }
1205
1206 unless (&General::validport($cgiparams{'DDEST_PORT'})) {
c6c9630e
MT		 1207 $errormessage = $Lang::tr{'invalid port'};
1208 goto SETTINGS_ERROR;
6e13d0a5 1209 }
6e13d0a5
MT		 1210 $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
1211 $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
1212 $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
1213 $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
1214#new settings for daemon
1215 $vpnsettings{'DOVPN_SUBNET'} = $cgiparams{'DOVPN_SUBNET'};
1216 $vpnsettings{'DDEVICE'} = $cgiparams{'DDEVICE'};
1217 $vpnsettings{'DPROTOCOL'} = $cgiparams{'DPROTOCOL'};
1218 $vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'};
1219 $vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
1220 $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
1221 $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
3ffee04b
CS		 1222#wrtie enable
1223
1224 if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");}
1225 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_orange 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_orange 2>/dev/null");}
1226 if ( $vpnsettings{'ENABLED'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable 2>/dev/null");}
6e13d0a5
MT		 1227#new settings for daemon
1228 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
c6c9630e 1229 &writeserverconf();#hier ok
6e13d0a5
MT		 1230SETTINGS_ERROR:
1231###
1232### Reset all step 2
1233###
1234}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reset'} && $cgiparams{'AREUSURE'} eq 'yes') {
1235 my $file = '';
1236 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1237
1238 foreach my $key (keys %confighash) {
c6c9630e
MT		 1239 if ($confighash{$key}[4] eq 'cert') {
1240 delete $confighash{$cgiparams{'$key'}};
1241 }
6e13d0a5
MT		 1242 }
1243 while ($file = glob("${General::swroot}/ovpn/ca/*")) {
c6c9630e 1244 unlink $file
6e13d0a5
MT		 1245 }
1246 while ($file = glob("${General::swroot}/ovpn/certs/*")) {
c6c9630e 1247 unlink $file
6e13d0a5
MT		 1248 }
1249 while ($file = glob("${General::swroot}/ovpn/crls/*")) {
c6c9630e 1250 unlink $file
6e13d0a5 1251 }
c6c9630e 1252 &cleanssldatabase();
6e13d0a5
MT		 1253 if (open(FILE, ">${General::swroot}/ovpn/caconfig")) {
1254 print FILE "";
1255 close FILE;
1256 }
1257 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 1258 #&writeserverconf();
6e13d0a5
MT		 1259###
1260### Reset all step 1
1261###
1262}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reset'}) {
1263 &Header::showhttpheaders();
1264 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
1265 &Header::openbigbox('100%', 'LEFT', '', '');
1266 &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'});
1267 print <<END
1268 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
1269 <tr><td align='center'>
1270 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
1271 $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}
1272 <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' />
1273 <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td></tr>
1274 </form></table>
1275END
1276 ;
1277 &Header::closebox();
1278 &Header::closebigbox();
1279 &Header::closepage();
1280 exit (0);
1281
1282###
1283### Upload CA Certificate
1284###
1285} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload ca certificate'}) {
1286 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1287
1288 if ($cgiparams{'CA_NAME'} !~ /^[a-zA-Z0-9]+$/) {
1289 $errormessage = $Lang::tr{'name must only contain characters'};
1290 goto UPLOADCA_ERROR;
1291 }
1292
1293 if (length($cgiparams{'CA_NAME'}) >60) {
1294 $errormessage = $Lang::tr{'name too long'};
1295 goto VPNCONF_ERROR;
1296 }
1297
1298 if ($cgiparams{'CA_NAME'} eq 'ca') {
1299 $errormessage = $Lang::tr{'name is invalid'};
1300 goto UPLOAD_CA_ERROR;
1301 }
1302
1303 # Check if there is no other entry with this name
1304 foreach my $key (keys %cahash) {
c6c9630e
MT		 1305 if ($cahash{$key}[0] eq $cgiparams{'CA_NAME'}) {
1306 $errormessage = $Lang::tr{'a ca certificate with this name already exists'};
1307 goto UPLOADCA_ERROR;
1308 }
6e13d0a5
MT		 1309 }
1310
1311 if (ref ($cgiparams{'FH'}) ne 'Fh') {
c6c9630e
MT		 1312 $errormessage = $Lang::tr{'there was no file upload'};
1313 goto UPLOADCA_ERROR;
6e13d0a5
MT		 1314 }
1315 # Move uploaded ca to a temporary file
1316 (my $fh, my $filename) = tempfile( );
1317 if (copy ($cgiparams{'FH'}, $fh) != 1) {
c6c9630e
MT		 1318 $errormessage = $!;
1319 goto UPLOADCA_ERROR;
6e13d0a5
MT		 1320 }
1321 my $temp = `/usr/bin/openssl x509 -text -in $filename`;
c6c9630e
MT		 1322 if ($temp !~ /CA:TRUE/i) {
1323 $errormessage = $Lang::tr{'not a valid ca certificate'};
1324 unlink ($filename);
1325 goto UPLOADCA_ERROR;
6e13d0a5 1326 } else {
c6c9630e
MT		 1327 move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem");
1328 if ($? ne 0) {
1329 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1330 unlink ($filename);
1331 goto UPLOADCA_ERROR;
1332 }
6e13d0a5
MT		 1333 }
1334
1335 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem`;
1336 $casubject =~ /Subject: (.*)[\n]/;
1337 $casubject = $1;
1338 $casubject =~ s+/Email+, E+;
1339 $casubject =~ s/ ST=/ S=/;
1340 $casubject = &Header::cleanhtml($casubject);
1341
1342 my $key = &General::findhasharraykey (\%cahash);
1343 $cahash{$key}[0] = $cgiparams{'CA_NAME'};
1344 $cahash{$key}[1] = $casubject;
1345 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
c6c9630e
MT		 1346# system('/usr/local/bin/ipsecctrl', 'R');
1347
6e13d0a5
MT		 1348 UPLOADCA_ERROR:
1349
1350###
1351### Display ca certificate
1352###
1353} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show ca certificate'}) {
c6c9630e
MT		 1354 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1355
1356 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem") {
1357 &Header::showhttpheaders();
1358 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
1359 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
1360 &Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:");
1361 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
1362 $output = &Header::cleanhtml($output,"y");
1363 print "<pre>$output</pre>\n";
1364 &Header::closebox();
1365 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1366 &Header::closebigbox();
1367 &Header::closepage();
1368 exit(0);
1369 } else {
1370 $errormessage = $Lang::tr{'invalid key'};
1371 }
1372
6e13d0a5
MT		 1373###
1374### Download ca certificate
1375###
1376} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download ca certificate'}) {
1377 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1378
1379 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1380 print "Content-Type: application/octet-stream\r\n";
1381 print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
1382 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
1383 exit(0);
1384 } else {
1385 $errormessage = $Lang::tr{'invalid key'};
1386 }
1387
1388###
1389### Remove ca certificate (step 2)
1390###
1391} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'} && $cgiparams{'AREUSURE'} eq 'yes') {
1392 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1393 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1394
1395 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1396 foreach my $key (keys %confighash) {
1397 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
1398 if ($test =~ /: OK/) {
c6c9630e
MT		 1399 # Delete connection
1400# if ($vpnsettings{'ENABLED'} eq 'on' ||
1401# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
1402# system('/usr/local/bin/ipsecctrl', 'D', $key);
1403# }
6e13d0a5
MT		 1404 unlink ("${General::swroot}/ovpn//certs/$confighash{$key}[1]cert.pem");
1405 unlink ("${General::swroot}/ovpn/certs/$confighash{$key}[1].p12");
1406 delete $confighash{$key};
1407 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 1408# &writeipsecfiles();
6e13d0a5
MT		 1409 }
1410 }
1411 unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
1412 delete $cahash{$cgiparams{'KEY'}};
1413 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
c6c9630e 1414# system('/usr/local/bin/ipsecctrl', 'R');
6e13d0a5
MT		 1415 } else {
1416 $errormessage = $Lang::tr{'invalid key'};
1417 }
1418###
1419### Remove ca certificate (step 1)
1420###
1421} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'}) {
1422 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1423 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1424
1425 my $assignedcerts = 0;
1426 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1427 foreach my $key (keys %confighash) {
1428 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
1429 if ($test =~ /: OK/) {
1430 $assignedcerts++;
1431 }
1432 }
1433 if ($assignedcerts) {
1434 &Header::showhttpheaders();
1435 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
1436 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
1437 &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'});
1438 print <<END
1439 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
1440 <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
1441 <tr><td align='center'>
1442 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>: $assignedcerts
1443 $Lang::tr{'connections are associated with this ca. deleting the ca will delete these connections as well.'}
1444 <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
1445 <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td></tr>
1446 </form></table>
1447END
1448 ;
1449 &Header::closebox();
1450 &Header::closebigbox();
1451 &Header::closepage();
1452 exit (0);
1453 } else {
1454 unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
1455 delete $cahash{$cgiparams{'KEY'}};
1456 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1457# system('/usr/local/bin/ipsecctrl', 'R');
1458 }
1459 } else {
1460 $errormessage = $Lang::tr{'invalid key'};
1461 }
1462
1463###
1464### Display root certificate
1465###
c6c9630e
MT		 1466}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} ||
1467 $cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
1468 my $output;
1469 &Header::showhttpheaders();
1470 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
1471 &Header::openbigbox('100%', 'LEFT', '', '');
1472 if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
1473 &Header::openbox('100%', 'LEFT', "$Lang::tr{'root certificate'}:");
1474 $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
1475 } else {
1476 &Header::openbox('100%', 'LEFT', "$Lang::tr{'host certificate'}:");
1477 $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
1478 }
1479 $output = &Header::cleanhtml($output,"y");
1480 print "<pre>$output</pre>\n";
1481 &Header::closebox();
1482 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1483 &Header::closebigbox();
1484 &Header::closepage();
1485 exit(0);
1486
6e13d0a5
MT		 1487###
1488### Download root certificate
1489###
1490}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download root certificate'}) {
1491 if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
1492 print "Content-Type: application/octet-stream\r\n";
1493 print "Content-Disposition: filename=cacert.pem\r\n\r\n";
1494 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/cacert.pem`;
1495 exit(0);
1496 }
1497
1498###
1499### Download host certificate
1500###
1501}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download host certificate'}) {
1502 if ( -f "${General::swroot}/ovpn/certs/servercert.pem" ) {
1503 print "Content-Type: application/octet-stream\r\n";
1504 print "Content-Disposition: filename=servercert.pem\r\n\r\n";
1505 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem`;
1506 exit(0);
1507 }
1508###
1509### Form for generating a root certificate
1510###
1511}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate root/host certificates'} ||
1512 $cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
1513
1514 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1515 if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
1516 $errormessage = $Lang::tr{'valid root certificate already exists'};
1517 $cgiparams{'ACTION'} = '';
1518 goto ROOTCERT_ERROR;
1519 }
1520
1521 if (($cgiparams{'ROOTCERT_HOSTNAME'} eq '') && -e "${General::swroot}/red/active") {
1522 if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
1523 my $ipaddr = <IPADDR>;
1524 close IPADDR;
1525 chomp ($ipaddr);
1526 $cgiparams{'ROOTCERT_HOSTNAME'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
1527 if ($cgiparams{'ROOTCERT_HOSTNAME'} eq '') {
1528 $cgiparams{'ROOTCERT_HOSTNAME'} = $ipaddr;
1529 }
1530 }
1531 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
1532
1533 if (ref ($cgiparams{'FH'}) ne 'Fh') {
1534 $errormessage = $Lang::tr{'there was no file upload'};
1535 goto ROOTCERT_ERROR;
1536 }
1537
1538 # Move uploaded certificate request to a temporary file
1539 (my $fh, my $filename) = tempfile( );
1540 if (copy ($cgiparams{'FH'}, $fh) != 1) {
1541 $errormessage = $!;
1542 goto ROOTCERT_ERROR;
1543 }
1544
1545 # Create a temporary dirctory
1546 my $tempdir = tempdir( CLEANUP => 1 );
1547
1548 # Extract the CA certificate from the file
1549 my $pid = open(OPENSSL, "|-");
1550 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1551 if ($pid) { # parent
1552 if ($cgiparams{'P12_PASS'} ne '') {
1553 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1554 }
1555 close (OPENSSL);
1556 if ($?) {
1557 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1558 unlink ($filename);
1559 goto ROOTCERT_ERROR;
1560 }
1561 } else { # child
1562 unless (exec ('/usr/bin/openssl', 'pkcs12', '-cacerts', '-nokeys',
1563 '-in', $filename,
1564 '-out', "$tempdir/cacert.pem")) {
1565 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1566 unlink ($filename);
1567 goto ROOTCERT_ERROR;
1568 }
1569 }
1570
1571 # Extract the Host certificate from the file
1572 $pid = open(OPENSSL, "|-");
1573 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1574 if ($pid) { # parent
1575 if ($cgiparams{'P12_PASS'} ne '') {
1576 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1577 }
1578 close (OPENSSL);
1579 if ($?) {
1580 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1581 unlink ($filename);
1582 goto ROOTCERT_ERROR;
1583 }
1584 } else { # child
1585 unless (exec ('/usr/bin/openssl', 'pkcs12', '-clcerts', '-nokeys',
1586 '-in', $filename,
1587 '-out', "$tempdir/hostcert.pem")) {
1588 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1589 unlink ($filename);
1590 goto ROOTCERT_ERROR;
1591 }
1592 }
1593
1594 # Extract the Host key from the file
1595 $pid = open(OPENSSL, "|-");
1596 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1597 if ($pid) { # parent
1598 if ($cgiparams{'P12_PASS'} ne '') {
1599 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1600 }
1601 close (OPENSSL);
1602 if ($?) {
1603 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1604 unlink ($filename);
1605 goto ROOTCERT_ERROR;
1606 }
1607 } else { # child
1608 unless (exec ('/usr/bin/openssl', 'pkcs12', '-nocerts',
1609 '-nodes',
1610 '-in', $filename,
1611 '-out', "$tempdir/serverkey.pem")) {
1612 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1613 unlink ($filename);
1614 goto ROOTCERT_ERROR;
1615 }
1616 }
1617
1618 move("$tempdir/cacert.pem", "${General::swroot}/ovpn/ca/cacert.pem");
1619 if ($? ne 0) {
1620 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1621 unlink ($filename);
1622 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1623 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1624 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1625 goto ROOTCERT_ERROR;
1626 }
1627
1628 move("$tempdir/hostcert.pem", "${General::swroot}/ovpn/certs/servercert.pem");
1629 if ($? ne 0) {
1630 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1631 unlink ($filename);
1632 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1633 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1634 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1635 goto ROOTCERT_ERROR;
1636 }
1637
1638 move("$tempdir/serverkey.pem", "${General::swroot}/ovpn/certs/serverkey.pem");
1639 if ($? ne 0) {
1640 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1641 unlink ($filename);
1642 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1643 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1644 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1645 goto ROOTCERT_ERROR;
1646 }
1647
1648 goto ROOTCERT_SUCCESS;
1649
1650 } elsif ($cgiparams{'ROOTCERT_COUNTRY'} ne '') {
1651
1652 # Validate input since the form was submitted
1653 if ($cgiparams{'ROOTCERT_ORGANIZATION'} eq ''){
1654 $errormessage = $Lang::tr{'organization cant be empty'};
1655 goto ROOTCERT_ERROR;
1656 }
1657 if (length($cgiparams{'ROOTCERT_ORGANIZATION'}) >60) {
1658 $errormessage = $Lang::tr{'organization too long'};
1659 goto ROOTCERT_ERROR;
1660 }
1661 if ($cgiparams{'ROOTCERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1662 $errormessage = $Lang::tr{'invalid input for organization'};
1663 goto ROOTCERT_ERROR;
1664 }
1665 if ($cgiparams{'ROOTCERT_HOSTNAME'} eq ''){
1666 $errormessage = $Lang::tr{'hostname cant be empty'};
1667 goto ROOTCERT_ERROR;
1668 }
1669 unless (&General::validfqdn($cgiparams{'ROOTCERT_HOSTNAME'}) || &General::validip($cgiparams{'ROOTCERT_HOSTNAME'})) {
1670 $errormessage = $Lang::tr{'invalid input for hostname'};
1671 goto ROOTCERT_ERROR;
1672 }
1673 if ($cgiparams{'ROOTCERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'ROOTCERT_EMAIL'}))) {
1674 $errormessage = $Lang::tr{'invalid input for e-mail address'};
1675 goto ROOTCERT_ERROR;
1676 }
1677 if (length($cgiparams{'ROOTCERT_EMAIL'}) > 40) {
1678 $errormessage = $Lang::tr{'e-mail address too long'};
1679 goto ROOTCERT_ERROR;
1680 }
1681 if ($cgiparams{'ROOTCERT_OU'} ne '' && $cgiparams{'ROOTCERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1682 $errormessage = $Lang::tr{'invalid input for department'};
1683 goto ROOTCERT_ERROR;
1684 }
1685 if ($cgiparams{'ROOTCERT_CITY'} ne '' && $cgiparams{'ROOTCERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1686 $errormessage = $Lang::tr{'invalid input for city'};
1687 goto ROOTCERT_ERROR;
1688 }
1689 if ($cgiparams{'ROOTCERT_STATE'} ne '' && $cgiparams{'ROOTCERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1690 $errormessage = $Lang::tr{'invalid input for state or province'};
1691 goto ROOTCERT_ERROR;
1692 }
1693 if ($cgiparams{'ROOTCERT_COUNTRY'} !~ /^[A-Z]*$/) {
1694 $errormessage = $Lang::tr{'invalid input for country'};
1695 goto ROOTCERT_ERROR;
1696 }
1697
1698 # Copy the cgisettings to vpnsettings and save the configfile
1699 $vpnsettings{'ROOTCERT_ORGANIZATION'} = $cgiparams{'ROOTCERT_ORGANIZATION'};
1700 $vpnsettings{'ROOTCERT_HOSTNAME'} = $cgiparams{'ROOTCERT_HOSTNAME'};
1701 $vpnsettings{'ROOTCERT_EMAIL'} = $cgiparams{'ROOTCERT_EMAIL'};
1702 $vpnsettings{'ROOTCERT_OU'} = $cgiparams{'ROOTCERT_OU'};
1703 $vpnsettings{'ROOTCERT_CITY'} = $cgiparams{'ROOTCERT_CITY'};
1704 $vpnsettings{'ROOTCERT_STATE'} = $cgiparams{'ROOTCERT_STATE'};
1705 $vpnsettings{'ROOTCERT_COUNTRY'} = $cgiparams{'ROOTCERT_COUNTRY'};
1706 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
1707
1708 # Replace empty strings with a .
1709 (my $ou = $cgiparams{'ROOTCERT_OU'}) =~ s/^\s*$/\./;
1710 (my $city = $cgiparams{'ROOTCERT_CITY'}) =~ s/^\s*$/\./;
1711 (my $state = $cgiparams{'ROOTCERT_STATE'}) =~ s/^\s*$/\./;
1712
1713 # refresh
c6c9630e 1714 #system ('/bin/touch', "${General::swroot}/ovpn/gencanow");
6e13d0a5
MT		 1715
1716 # Create the CA certificate
1717 my $pid = open(OPENSSL, "|-");
1718 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1719 if ($pid) { # parent
1720 print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n";
1721 print OPENSSL "$state\n";
1722 print OPENSSL "$city\n";
1723 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n";
1724 print OPENSSL "$ou\n";
1725 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'} CA\n";
1726 print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n";
1727 close (OPENSSL);
1728 if ($?) {
1729 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1730 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1731 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1732 goto ROOTCERT_ERROR;
1733 }
1734 } else { # child
1735 unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
1736 '-days', '999999', '-newkey', 'rsa:2048',
1737 '-keyout', "${General::swroot}/ovpn/ca/cakey.pem",
1738 '-out', "${General::swroot}/ovpn/ca/cacert.pem",
1739 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
1740 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1741 goto ROOTCERT_ERROR;
1742 }
1743 }
1744
1745 # Create the Host certificate request
1746 $pid = open(OPENSSL, "|-");
1747 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1748 if ($pid) { # parent
1749 print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n";
1750 print OPENSSL "$state\n";
1751 print OPENSSL "$city\n";
1752 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n";
1753 print OPENSSL "$ou\n";
1754 print OPENSSL "$cgiparams{'ROOTCERT_HOSTNAME'}\n";
1755 print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n";
1756 print OPENSSL ".\n";
1757 print OPENSSL ".\n";
1758 close (OPENSSL);
1759 if ($?) {
1760 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1761 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1762 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1763 goto ROOTCERT_ERROR;
1764 }
1765 } else { # child
1766 unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
1767 '-newkey', 'rsa:1024',
1768 '-keyout', "${General::swroot}/ovpn/certs/serverkey.pem",
1769 '-out', "${General::swroot}/ovpn/certs/serverreq.pem",
1770 '-extensions', 'server',
1771 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
1772 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1773 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1774 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1775 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1776 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1777 goto ROOTCERT_ERROR;
1778 }
1779 }
1780
1781 # Sign the host certificate request
1782 system('/usr/bin/openssl', 'ca', '-days', '999999',
1783 '-batch', '-notext',
1784 '-in', "${General::swroot}/ovpn/certs/serverreq.pem",
1785 '-out', "${General::swroot}/ovpn/certs/servercert.pem",
1786 '-extensions', 'server',
1787 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf");
1788 if ($?) {
1789 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1790 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1791 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1792 unlink ("${General::swroot}/ovpn/serverkey.pem");
1793 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1794 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
c6c9630e 1795 &newcleanssldatabase();
6e13d0a5
MT		 1796 goto ROOTCERT_ERROR;
1797 } else {
1798 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
c6c9630e 1799 &deletebackupcert();
6e13d0a5
MT		 1800 }
1801
1802 # Create an empty CRL
1803 system('/usr/bin/openssl', 'ca', '-gencrl',
1804 '-out', "${General::swroot}/ovpn/crls/cacrl.pem",
1805 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" );
1806 if ($?) {
1807 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1808 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1809 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1810 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1811 unlink ("${General::swroot}/ovpn/crls/cacrl.pem");
c6c9630e 1812 &cleanssldatabase();
6e13d0a5 1813 goto ROOTCERT_ERROR;
c6c9630e
MT		 1814# } else {
1815# &cleanssldatabase();
6e13d0a5
MT		 1816 }
1817 # Create Diffie Hellmann Parameter
1818 system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache',
1819 '-out', "${General::swroot}/ovpn/ca/dh1024.pem",
1820 '1024' );
1821 if ($?) {
1822 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1823 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1824 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1825 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1826 unlink ("${General::swroot}/ovpn/crls/cacrl.pem");
1827 unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
c6c9630e 1828 &cleanssldatabase();
6e13d0a5 1829 goto ROOTCERT_ERROR;
c6c9630e
MT		 1830# } else {
1831# &cleanssldatabase();
6e13d0a5
MT		 1832 }
1833 goto ROOTCERT_SUCCESS;
1834 }
1835 ROOTCERT_ERROR:
1836 if ($cgiparams{'ACTION'} ne '') {
1837 &Header::showhttpheaders();
1838 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
1839 &Header::openbigbox('100%', 'LEFT', '', '');
1840 if ($errormessage) {
1841 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
1842 print "<class name='base'>$errormessage";
1843 print "&nbsp;</class>";
1844 &Header::closebox();
1845 }
1846 &Header::openbox('100%', 'LEFT', "$Lang::tr{'generate root/host certificates'}:");
1847 print <<END
1848 <form method='post' enctype='multipart/form-data'>
1849 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
1850 <tr><td width='30%' class='base'>$Lang::tr{'organization name'}:</td>
1851 <td width='35%' class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_ORGANIZATION' value='$cgiparams{'ROOTCERT_ORGANIZATION'}' size='32' /></td>
1852 <td width='35%' colspan='2'>&nbsp;</td></tr>
1853 <tr><td class='base'>$Lang::tr{'ipfires hostname'}:</td>
1854 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_HOSTNAME' value='$cgiparams{'ROOTCERT_HOSTNAME'}' size='32' /></td>
1855 <td colspan='2'>&nbsp;</td></tr>
1856 <tr><td class='base'>$Lang::tr{'your e-mail'}:&nbsp;<img src='/blob.gif' alt'*' /></td>
1857 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_EMAIL' value='$cgiparams{'ROOTCERT_EMAIL'}' size='32' /></td>
1858 <td colspan='2'>&nbsp;</td></tr>
1859 <tr><td class='base'>$Lang::tr{'your department'}:&nbsp;<img src='/blob.gif' alt'*' /></td>
1860 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_OU' value='$cgiparams{'ROOTCERT_OU'}' size='32' /></td>
1861 <td colspan='2'>&nbsp;</td></tr>
1862 <tr><td class='base'>$Lang::tr{'city'}:&nbsp;<img src='/blob.gif' alt'*' /></td>
1863 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_CITY' value='$cgiparams{'ROOTCERT_CITY'}' size='32' /></td>
1864 <td colspan='2'>&nbsp;</td></tr>
1865 <tr><td class='base'>$Lang::tr{'state or province'}:&nbsp;<img src='/blob.gif' alt'*' /></td>
1866 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_STATE' value='$cgiparams{'ROOTCERT_STATE'}' size='32' /></td>
1867 <td colspan='2'>&nbsp;</td></tr>
1868 <tr><td class='base'>$Lang::tr{'country'}:</td>
1869 <td class='base'><select name='ROOTCERT_COUNTRY'>
1870
1871END
1872 ;
1873 foreach my $country (sort keys %{Countries::countries}) {
1874 print "<option value='$Countries::countries{$country}'";
1875 if ( $Countries::countries{$country} eq $cgiparams{'ROOTCERT_COUNTRY'} ) {
1876 print " selected='selected'";
1877 }
1878 print ">$country</option>";
1879 }
1880 print <<END
1881 </select></td>
1882 <td colspan='2'>&nbsp;</td></tr>
1883 <tr><td>&nbsp;</td>
1884 <td><input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' /></td>
1885 <td>&nbsp;</td><td>&nbsp;</td></tr>
1886 <tr><td class='base' colspan='4' align='left'>
1887 <img src='/blob.gif' valign='top' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
1888 <tr><td class='base' colspan='4' align='left'>
1889 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
1890 $Lang::tr{'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient'}
1891 </td></tr>
1892 <tr><td colspan='4' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr>
1893 <tr><td class='base' nowrap='nowrap'>$Lang::tr{'upload p12 file'}:</td>
1894 <td nowrap='nowrap'><input type='file' name='FH' size='32'></td>
1895 <td colspan='2'>&nbsp;</td></tr>
1896 <tr><td class='base'>$Lang::tr{'pkcs12 file password'}:&nbsp;<img src='/blob.gif' alt='*' ></td>
1897 <td class='base' nowrap='nowrap'><input type='password' name='P12_PASS' value='$cgiparams{'P12_PASS'}' size='32' /></td>
1898 <td colspan='2'>&nbsp;</td></tr>
1899 <tr><td>&nbsp;</td>
1900 <td><input type='submit' name='ACTION' value='$Lang::tr{'upload p12 file'}' /></td>
1901 <td colspan='2'>&nbsp;</td></tr>
1902 <tr><td class='base' colspan='4' align='left'>
1903 <img src='/blob.gif' valign='top' al='*' >&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
1904 </form></table>
1905END
1906 ;
1907 &Header::closebox();
1908
1909 &Header::closebigbox();
1910 &Header::closepage();
1911 exit(0)
1912 }
1913
1914 ROOTCERT_SUCCESS:
1915 system ("chmod 600 ${General::swroot}/ovpn/certs/serverkey.pem");
c6c9630e
MT		 1916# if ($vpnsettings{'ENABLED'} eq 'on' ||
1917# $vpnsettings{'ENABLE_BLUE'} eq 'on') {
1918# system('/usr/local/bin/ipsecctrl', 'S');
1919# }
6e13d0a5
MT		 1920
1921###
1922### Enable/Disable connection
1923###
ce9abb66
AH		 1924
1925###
7c1d9faf 1926# m.a.d net2net
ce9abb66
AH		 1927###
1928
6e13d0a5 1929}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
c6c9630e
MT		 1930
1931 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
6e13d0a5 1932 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66
AH		 1933# my $n2nactive = '';
1934 my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk \'{print \$1}\'`;
1935
6e13d0a5 1936 if ($confighash{$cgiparams{'KEY'}}) {
8c877a82
AM		 1937 if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
1938 $confighash{$cgiparams{'KEY'}}[0] = 'on';
1939 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66 1940
8c877a82 1941 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
ce9abb66 1942 system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
8c877a82
AM		 1943 }
1944 } else {
ce9abb66 1945
8c877a82
AM		 1946 $confighash{$cgiparams{'KEY'}}[0] = 'off';
1947 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
ce9abb66 1948
8c877a82 1949 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
ce9abb66 1950 if ($n2nactive ne ''){
8c877a82
AM		 1951 system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
1952 }
ce9abb66 1953
8c877a82 1954 } else {
ce9abb66 1955 $errormessage = $Lang::tr{'invalid key'};
8c877a82 1956 }
ce9abb66
AH		 1957 }
1958 }
6e13d0a5
MT		 1959
1960###
1961### Download OpenVPN client package
1962###
ce9abb66
AH		 1963
1964
6e13d0a5
MT		 1965} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'dl client arch'}) {
1966 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1967 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1968 my $file = '';
1969 my $clientovpn = '';
1970 my @fileholder;
1971 my $tempdir = tempdir( CLEANUP => 1 );
1972 my $zippath = "$tempdir/";
ce9abb66
AH		 1973
1974###
7c1d9faf
AH		 1975# m.a.d net2net
1976###
ce9abb66
AH		 1977
1978if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
1979
1980 my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-Client.zip";
1981 my $zippathname = "$zippath$zipname";
1982 $clientovpn = "$confighash{$cgiparams{'KEY'}}[1].conf";
1983 my @ovsubnettemp = split(/\./,$confighash{$cgiparams{'KEY'}}[27]);
54fd0535 1984 my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
ce9abb66 1985 my $tunmtu = '';
7c1d9faf 1986 my @remsubnet = split(/\//,$confighash{$cgiparams{'KEY'}}[8]);
54fd0535 1987 my $n2nfragment = '';
ce9abb66
AH		 1988
1989 open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
1990 flock CLIENTCONF, 2;
1991
1992 my $zip = Archive::Zip->new();
7c1d9faf 1993 print CLIENTCONF "# IPFire n2n Open VPN Client Config by ummeegge und m.a.d\n";
ce9abb66 1994 print CLIENTCONF "# \n";
b278daf3 1995 print CLIENTCONF "# User Security\n";
ce9abb66
AH		 1996 print CLIENTCONF "user nobody\n";
1997 print CLIENTCONF "group nobody\n";
1998 print CLIENTCONF "persist-tun\n";
1999 print CLIENTCONF "persist-key\n";
7c1d9faf 2000 print CLIENTCONF "script-security 2\n";
60f396d7 2001 print CLIENTCONF "# IP/DNS for remote Server Gateway\n";
531f0835 2002 print CLIENTCONF "remote $vpnsettings{'VPN_IP'}\n";
b278daf3 2003 print CLIENTCONF "float\n";
60f396d7 2004 print CLIENTCONF "# IP adresses of the VPN Subnet\n";
ce9abb66 2005 print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n";
b278daf3 2006 print CLIENTCONF "# Server Gateway Network\n";
7c1d9faf 2007 print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";
b278daf3 2008 print CLIENTCONF "# tun Device\n";
ce9abb66 2009 print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\n";
60f396d7 2010 print CLIENTCONF "# Port and Protokoll\n";
ce9abb66 2011 print CLIENTCONF "port $confighash{$cgiparams{'KEY'}}[29]\n";
60f396d7
AH		 2012
2013 if ($confighash{$cgiparams{'KEY'}}[28] eq 'tcp') {
2014 print CLIENTCONF "proto tcp-client\n";
2015 print CLIENTCONF "# Packet size\n";
d96c89eb 2016 if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1400'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
60f396d7 2017 print CLIENTCONF "tun-mtu $tunmtu\n";
d96c89eb 2018 }
60f396d7
AH		 2019
2020 if ($confighash{$cgiparams{'KEY'}}[28] eq 'udp') {
2021 print CLIENTCONF "proto udp\n";
2022 print CLIENTCONF "# Paketsize\n";
2023 if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1500'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
2024 print CLIENTCONF "tun-mtu $tunmtu\n";
54fd0535 2025 if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";}
60f396d7 2026 if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";}
d96c89eb 2027 }
1647059d
SS		 2028 if (($confighash{$cgiparams{'KEY'}}[38] eq 'yes') ||
2029 ($confighash{$cgiparams{'KEY'}}[38] eq 'maybe') ||
2030 ($confighash{$cgiparams{'KEY'}}[38] eq 'no' )) {
2ee746be
SS		 2031 if (($confighash{$cgiparams{'KEY'}}[23] ne 'on') || ($confighash{$cgiparams{'KEY'}}[24] eq '')) {
2032 if ($tunmtu eq '1500' ) {
350f2980 2033 print CLIENTCONF "mtu-disc $confighash{$cgiparams{'KEY'}}[38]\n";
2ee746be
SS		 2034 }
2035 }
2036 }
54fd0535 2037 print CLIENTCONF "ns-cert-type server\n";
ce9abb66
AH		 2038 print CLIENTCONF "# Auth. Client\n";
2039 print CLIENTCONF "tls-client\n";
b278daf3 2040 print CLIENTCONF "# Cipher\n";
ce9abb66
AH		 2041 print CLIENTCONF "cipher AES-256-CBC\n";
2042 if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
2043 print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n";
2044 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
2045 }
ce9abb66 2046 if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') {
b278daf3 2047 print CLIENTCONF "# Enable Compression\n";
ce9abb66 2048 print CLIENTCONF "comp-lzo\r\n";
b278daf3 2049 }
ce9abb66
AH		 2050 print CLIENTCONF "# Debug Level\n";
2051 print CLIENTCONF "verb 3\n";
b278daf3 2052 print CLIENTCONF "# Tunnel check\n";
ce9abb66 2053 print CLIENTCONF "keepalive 10 60\n";
b278daf3 2054 print CLIENTCONF "# Start as daemon\n";
ce9abb66
AH		 2055 print CLIENTCONF "daemon $confighash{$cgiparams{'KEY'}}[1]n2n\n";
2056 print CLIENTCONF "writepid /var/run/$confighash{$cgiparams{'KEY'}}[1]n2n.pid\n";
b278daf3 2057 print CLIENTCONF "# Activate Management Interface and Port\n";
54fd0535
MT		 2058 if ($confighash{$cgiparams{'KEY'}}[22] eq '') {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[29]\n"}
2059 else {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[22]\n"};
ce9abb66 2060 print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n";
531f0835 2061
ce9abb66
AH		 2062
2063 close(CLIENTCONF);
2064
2065 $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
2066 my $status = $zip->writeToFileNamed($zippathname);
2067
2068 open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!";
2069 @fileholder = <DLFILE>;
2070 print "Content-Type:application/x-download\n";
2071 print "Content-Disposition:attachment;filename=$zipname\n\n";
2072 print @fileholder;
2073 exit (0);
2074}
2075else
2076{
2077 my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip";
2078 my $zippathname = "$zippath$zipname";
2079 $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn";
2080
2081###
7c1d9faf 2082# m.a.d net2net
ce9abb66
AH		 2083###
2084
c6c9630e 2085 open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
6e13d0a5
MT		 2086 flock CLIENTCONF, 2;
2087
2088 my $zip = Archive::Zip->new();
2089
8c877a82 2090 print CLIENTCONF "#OpenVPN Client conf\r\n";
6e13d0a5
MT		 2091 print CLIENTCONF "tls-client\r\n";
2092 print CLIENTCONF "client\r\n";
4f6e3ae3 2093 print CLIENTCONF "nobind\r\n";
6e13d0a5 2094 print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n";
c6c9630e 2095 print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n";
2ee746be
SS		 2096
2097 # Check if we are using fragment, mssfix or mtu-disc and set MTU to 1500
2098 # or use configured value.
2099 if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' )
4f6e3ae3 2100 { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; }
2ee746be 2101 elsif ($vpnsettings{MSSFIX} eq 'on')
4f6e3ae3 2102 { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; }
1647059d
SS		 2103 elsif (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
2104 ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
2105 ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
4f6e3ae3 2106 { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; }
2ee746be
SS		 2107 else
2108 { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; }
2109
6e13d0a5
MT		 2110 if ( $vpnsettings{'ENABLED'} eq 'on'){
2111 print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n";
c6c9630e
MT		 2112 if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){
2113 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Blue interface\r\n";
2114 print CLIENTCONF ";remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2115 }
2116 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2117 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n";
2118 print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2119 }
2120 } elsif ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){
2121 print CLIENTCONF "remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2122 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2123 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n";
2124 print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2125 }
2126 } elsif ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2127 print CLIENTCONF "remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
6e13d0a5
MT		 2128 }
2129
2130 if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
c6c9630e
MT		 2131 print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n";
2132 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
6e13d0a5 2133 } else {
c6c9630e
MT		 2134 print CLIENTCONF "ca cacert.pem\r\n";
2135 print CLIENTCONF "cert $confighash{$cgiparams{'KEY'}}[1]cert.pem\r\n";
2136 print CLIENTCONF "key $confighash{$cgiparams{'KEY'}}[1].key\r\n";
2137 $zip->addFile( "${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
2138 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n";
6e13d0a5
MT		 2139 }
2140 print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
2141 if ($vpnsettings{DCOMPLZO} eq 'on') {
2142 print CLIENTCONF "comp-lzo\r\n";
2143 }
2144 print CLIENTCONF "verb 3\r\n";
2145 print CLIENTCONF "ns-cert-type server\r\n";
a79fa1d6
JPT		 2146 print CLIENTCONF "tls-remote $vpnsettings{ROOTCERT_HOSTNAME}\r\n";
2147 if ($vpnsettings{MSSFIX} eq 'on') {
2148 print CLIENTCONF "mssfix\r\n";
2149 }
74225cce 2150 if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) {
a79fa1d6
JPT		 2151 print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
2152 }
1647059d
SS		 2153
2154 # Check if a valid operating mode has been choosen and use it.
2155 if (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
2156 ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
2157 ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' )) {
2ee746be 2158 if(($vpnsettings{MSSFIX} ne 'on') || ($vpnsettings{FRAGMENT} eq '')) {
4f6e3ae3 2159 print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\r\n";
2ee746be
SS		 2160 }
2161 }
6e13d0a5 2162 close(CLIENTCONF);
ce9abb66 2163
6e13d0a5
MT		 2164 $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
2165 my $status = $zip->writeToFileNamed($zippathname);
2166
2167 open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!";
2168 @fileholder = <DLFILE>;
2169 print "Content-Type:application/x-download\n";
2170 print "Content-Disposition:attachment;filename=$zipname\n\n";
2171 print @fileholder;
2172 exit (0);
ce9abb66
AH		 2173 }
2174
2175
2176
6e13d0a5
MT		 2177###
2178### Remove connection
2179###
ce9abb66
AH		 2180
2181
6e13d0a5
MT		 2182} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
2183 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2184 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e
MT		 2185
2186 if ($confighash{$cgiparams{'KEY'}}) {
2187# if ($vpnsettings{'ENABLED'} eq 'on' ||
2188# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
2189# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
2190# }
2191#
2192 my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
ce9abb66
AH		 2193
2194###
7c1d9faf 2195# m.a.d net2net
ce9abb66 2196###
7c1d9faf 2197
67df3c3f 2198if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
ce9abb66 2199 my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
67df3c3f
MT		 2200 my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
2201 unlink ($certfile);
2202 unlink ($conffile);
2203
2204 if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") {
2205 rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
2206 }
ce9abb66 2207}
ce9abb66
AH		 2208
2209 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
8c877a82
AM		 2210 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
2211
2212# A.Marx CCD delete ccd files and routes
2213
2214
2215 if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]")
2216 {
2217 unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]";
2218 }
e81be1e1 2219
8c877a82
AM		 2220 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
2221 foreach my $key (keys %ccdroutehash) {
2222 if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
2223 delete $ccdroutehash{$key};
2224 }
2225 }
2226 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
e81be1e1 2227
8c877a82
AM		 2228 &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
2229 foreach my $key (keys %ccdroute2hash) {
2230 if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
2231 delete $ccdroute2hash{$key};
2232 }
2233 }
2234 &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
52d08bcb 2235 &writeserverconf;
8c877a82
AM		 2236
2237
2238# CCD end
2239
2240
c6c9630e
MT		 2241 delete $confighash{$cgiparams{'KEY'}};
2242 my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
2243 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
8c877a82 2244
c6c9630e 2245 #&writeserverconf();
6e13d0a5 2246 } else {
c6c9630e 2247 $errormessage = $Lang::tr{'invalid key'};
6e13d0a5 2248 }
ce9abb66
AH		 2249
2250
6e13d0a5
MT		 2251###
2252### Download PKCS12 file
2253###
2254} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download pkcs12 file'}) {
2255 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2256
2257 print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . ".p12\r\n";
2258 print "Content-Type: application/octet-stream\r\n\r\n";
2259 print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12`;
2260 exit (0);
2261
2262###
2263### Display certificate
2264###
2265} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show certificate'}) {
2266 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2267
2268 if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
c6c9630e
MT		 2269 &Header::showhttpheaders();
2270 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
2271 &Header::openbigbox('100%', 'LEFT', '', '');
2272 &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:");
2273 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
2274 $output = &Header::cleanhtml($output,"y");
2275 print "<pre>$output</pre>\n";
2276 &Header::closebox();
2277 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2278 &Header::closebigbox();
2279 &Header::closepage();
2280 exit(0);
6e13d0a5
MT		 2281 }
2282###
2283### Display Certificate Revoke List
2284###
2285} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show crl'}) {
c6c9630e
MT		 2286# &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2287
6e13d0a5 2288 if ( -f "${General::swroot}/ovpn/crls/cacrl.pem") {
c6c9630e
MT		 2289 &Header::showhttpheaders();
2290 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
2291 &Header::openbigbox('100%', 'LEFT', '', '');
2292 &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
2293 my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`;
2294 $output = &Header::cleanhtml($output,"y");
2295 print "<pre>$output</pre>\n";
2296 &Header::closebox();
2297 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2298 &Header::closebigbox();
2299 &Header::closepage();
2300 exit(0);
6e13d0a5
MT		 2301 }
2302
2303###
2304### Advanced Server Settings
2305###
2306
2307} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'advanced server'}) {
2308 %cgiparams = ();
2309 %cahash = ();
2310 %confighash = ();
8c877a82 2311 my $disabled;
6e13d0a5 2312 &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
54fd0535 2313 read_routepushfile;
8c877a82
AM		 2314
2315
c6c9630e
MT		 2316# if ($cgiparams{'CLIENT2CLIENT'} eq '') {
2317# $cgiparams{'CLIENT2CLIENT'} = 'on';
2318# }
6e13d0a5
MT		 2319ADV_ERROR:
2320 if ($cgiparams{'MAX_CLIENTS'} eq '') {
c6c9630e 2321 $cgiparams{'MAX_CLIENTS'} = '100';
6e13d0a5 2322 }
6e13d0a5 2323 if ($cgiparams{'KEEPALIVE_1'} eq '') {
c6c9630e 2324 $cgiparams{'KEEPALIVE_1'} = '10';
6e13d0a5
MT		 2325 }
2326 if ($cgiparams{'KEEPALIVE_2'} eq '') {
c6c9630e 2327 $cgiparams{'KEEPALIVE_2'} = '60';
6e13d0a5
MT		 2328 }
2329 if ($cgiparams{'LOG_VERB'} eq '') {
ae9f6139
MT		 2330 $cgiparams{'LOG_VERB'} = '3';
2331 }
92b87e17
SS		 2332 if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
2333 $cgiparams{'PMTU_DISCOVERY'} = 'off';
2334 }
6e13d0a5
MT		 2335 $checked{'CLIENT2CLIENT'}{'off'} = '';
2336 $checked{'CLIENT2CLIENT'}{'on'} = '';
2337 $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
2338 $checked{'REDIRECT_GW_DEF1'}{'off'} = '';
2339 $checked{'REDIRECT_GW_DEF1'}{'on'} = '';
2340 $checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED';
a79fa1d6
JPT		 2341 $selected{'ENGINES'}{$cgiparams{'ENGINES'}} = 'SELECTED';
2342 $checked{'MSSFIX'}{'off'} = '';
2343 $checked{'MSSFIX'}{'on'} = '';
2344 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
2ee746be 2345 $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
6e13d0a5
MT		 2346 $selected{'LOG_VERB'}{'1'} = '';
2347 $selected{'LOG_VERB'}{'2'} = '';
2348 $selected{'LOG_VERB'}{'3'} = '';
2349 $selected{'LOG_VERB'}{'4'} = '';
2350 $selected{'LOG_VERB'}{'5'} = '';
2351 $selected{'LOG_VERB'}{'6'} = '';
2352 $selected{'LOG_VERB'}{'7'} = '';
2353 $selected{'LOG_VERB'}{'8'} = '';
2354 $selected{'LOG_VERB'}{'9'} = '';
2355 $selected{'LOG_VERB'}{'10'} = '';
2356 $selected{'LOG_VERB'}{'11'} = '';
2357 $selected{'LOG_VERB'}{'0'} = '';
2358 $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
8c877a82 2359
6e13d0a5
MT		 2360 &Header::showhttpheaders();
2361 &Header::openpage($Lang::tr{'status ovpn'}, 1, '');
2362 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
2363 if ($errormessage) {
c6c9630e
MT		 2364 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2365 print "<class name='base'>$errormessage\n";
2366 print "&nbsp;</class>\n";
2367 &Header::closebox();
6e13d0a5
MT		 2368 }
2369 &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'});
2370 print <<END
b376fae4 2371 <form method='post' enctype='multipart/form-data'>
8c877a82 2372 <table width='100%' border=0>
6e13d0a5
MT		 2373 <tr>
2374 <td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
2375 </tr>
2376 <tr>
2377 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
2378 </tr>
2379 <tr>
2380 <td class='base'>Domain</td>
8c877a82 2381 <td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30' /></td>
6e13d0a5
MT		 2382 </tr>
2383 <tr>
2384 <td class='base'>DNS</td>
2385 <td><input type='TEXT' name='DHCP_DNS' value='$cgiparams{'DHCP_DNS'}' size='30' /></td>
2386 </tr>
2387 <tr>
2388 <td class='base'>WINS</td>
2389 <td><input type='TEXT' name='DHCP_WINS' value='$cgiparams{'DHCP_WINS'}' size='30' /></td>
54fd0535
MT		 2390 </tr>
2391 <tr>
2392 <td colspan='4'><b>$Lang::tr{'ovpn routes push options'}</b></td>
2393 </tr>
2394 <tr>
2395 <td class='base'>$Lang::tr{'ovpn routes push'}</td>
2396 <td colspan='2'>
2397 <textarea name='ROUTES_PUSH' cols='26' rows='6' wrap='off'>
2398END
2399;
2400
2401if ($cgiparams{'ROUTES_PUSH'} ne '')
2402{
2403 print $cgiparams{'ROUTES_PUSH'};
2404}
2405
8c877a82 2406print <<END;
54fd0535
MT		 2407</textarea></td>
2408</tr>
6e13d0a5
MT		 2409 </tr>
2410</table>
2411<hr size='1'>
6e13d0a5
MT		 2412 <table width='100%'>
2413 <tr>
2414 <td class'base'><b>$Lang::tr{'misc-options'}</b></td>
2415 </tr>
2416 <tr>
2ee746be 2417 <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td>
6e13d0a5
MT		 2418 </tr>
2419 <tr>
2420 <td class='base'>Client-To-Client</td>
2421 <td><input type='checkbox' name='CLIENT2CLIENT' $checked{'CLIENT2CLIENT'}{'on'} /></td>
2422 </tr>
2423 <tr>
2424 <td class='base'>Redirect-Gateway def1</td>
2425 <td><input type='checkbox' name='REDIRECT_GW_DEF1' $checked{'REDIRECT_GW_DEF1'}{'on'} /></td>
2426 </tr>
2427 <tr>
2428 <td class='base'>Max-Clients</td>
a79fa1d6 2429 <td><input type='text' name='MAX_CLIENTS' value='$cgiparams{'MAX_CLIENTS'}' size='10' /></td>
6e13d0a5 2430 </tr>
a79fa1d6 2431 <tr>
f0ccae18 2432 <td class='base'>Keepalive <br />
a79fa1d6
JPT		 2433 (ping/ping-restart)</td>
2434 <td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='10' /></td>
2435 <td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='10' /></td>
2436 </tr>
2437 <tr>
2438 <td class='base'>fragment <br></td>
2439 <td><input type='TEXT' name='FRAGMENT' value='$cgiparams{'FRAGMENT'}' size='10' /></td>
60f396d7
AH		 2440 <td>Default: <span class="base">1300</span></td>
2441 </tr>
a79fa1d6
JPT		 2442 <tr>
2443 <td class='base'>mssfix</td>
2444 <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
2445 <td>Default: on</td>
2ee746be
SS		 2446 </tr>
2447
2448 <tr>
2449 <td class='base'>$Lang::tr{'ovpn mtu-disc'}</td>
2450 <td><input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}</td>
2451 <td><input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}</td>
2452 <td><input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'}</td>
2453 <td><input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'}</td>
2454 </tr>
a79fa1d6
JPT		 2455</table>
2456
2457<!--
2458<hr size='1'>
2459 <table width='100%'>
2460 <tr>
2461 <td class'base'><b>Crypto-Engines</b></td>
2462 </tr>
2463 <tr>
2464 <td width='15%'></td> <td width='30%'> </td><td width='25%'> </td><td width='30%'></td>
6e13d0a5 2465 </tr>
a79fa1d6
JPT		 2466 <tr><td class='base'>Engines:</td>
2467 <td><select name='ENGINES'><option value="none" $selected{'ENGINES'}{'none'}>none</option>
2468 <option value="cryptodev" $selected{'ENGINES'}{'cryptodev'}>cryptodev</option>
2469 <option value="padlock" $selected{'ENGINES'}{'padlock'}>padlock</option>
2470 </select>
2471 </td>
6e13d0a5 2472</table>
a79fa1d6 2473-->
6e13d0a5
MT		 2474<hr size='1'>
2475 <table width='100%'>
2476 <tr>
2477 <td class'base'><b>$Lang::tr{'log-options'}</b></td>
2478 </tr>
2479 <tr>
a79fa1d6 2480 <td width='15%'></td> <td width='30%'> </td><td width='25%'> </td><td width='30%'></td>
6e13d0a5
MT		 2481 </tr>
2482
2483 <tr><td class='base'>VERB</td>
2484 <td><select name='LOG_VERB'><option value='1' $selected{'LOG_VERB'}{'1'}>1</option>
2485 <option value='2' $selected{'LOG_VERB'}{'2'}>2</option>
2486 <option value='3' $selected{'LOG_VERB'}{'3'}>3</option>
2487 <option value='4' $selected{'LOG_VERB'}{'4'}>4</option>
2488 <option value='5' $selected{'LOG_VERB'}{'5'}>5</option>
2489 <option value='6' $selected{'LOG_VERB'}{'6'}>6</option>
2490 <option value='7' $selected{'LOG_VERB'}{'7'}>7</option>
2491 <option value='8' $selected{'LOG_VERB'}{'8'}>8</option>
2492 <option value='9' $selected{'LOG_VERB'}{'9'}>9</option>
2493 <option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
2494 <option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
c6c9630e 2495 <option value='0' $selected{'LOG_VERB'}{'0'}>0</option></select></td>
8c877a82
AM		 2496</table><hr>
2497END
2498
2499if ( -e "/var/run/openvpn.pid"){
2500print" <br><b><font color='#990000'>$Lang::tr{'attention'}:</b></font><br>
2501 $Lang::tr{'server restart'}<br><br>
2502 <hr>";
52d08bcb
AM		 2503 print<<END
2504<table width='100%'>
2505<tr>
2506 <td>&nbsp;</td>
2507 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' disabled='disabled' /></td>
2508 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
2509 <td>&nbsp;</td>
2510</tr>
2511</table>
2512</form>
2513END
2514;
2515
2516
2517}else{
8c877a82
AM		 2518
2519print<<END
6e13d0a5
MT		 2520<table width='100%'>
2521<tr>
2522 <td>&nbsp;</td>
2523 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' /></td>
2524 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
2525 <td>&nbsp;</td>
2526</tr>
2527</table>
2528</form>
2529END
2530;
52d08bcb 2531}
6e13d0a5 2532 &Header::closebox();
c6c9630e 2533# print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
6e13d0a5
MT		 2534 &Header::closebigbox();
2535 &Header::closepage();
2536 exit(0);
2537
8c877a82
AM		 2538
2539# A.Marx CCD Add,delete or edit CCD net
2540
2541} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ccd net'} ||
2542 $cgiparams{'ACTION'} eq $Lang::tr{'ccd add'} ||
2543 $cgiparams{'ACTION'} eq "kill" ||
2544 $cgiparams{'ACTION'} eq "edit" ||
2545 $cgiparams{'ACTION'} eq 'editsave'){
2546 &Header::showhttpheaders();
2547 &Header::openpage($Lang::tr{'ccd net'}, 1, '');
2548 &Header::openbigbox('100%', 'LEFT', '', '');
2549
2550 if ($cgiparams{'ACTION'} eq "kill"){
2551 &delccdnet($cgiparams{'net'});
2552 }
2553
2554 if ($cgiparams{'ACTION'} eq 'editsave'){
2555 my ($a,$b) =split (/\|/,$cgiparams{'ccdname'});
2556 if ( $a ne $b){ &modccdnet($a,$b);}
5068ac38
AM		 2557 $cgiparams{'ccdname'}='';
2558 $cgiparams{'ccdsubnet'}='';
8c877a82
AM		 2559 }
2560
2561 if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) {
e2429e8d 2562 &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'});
8c877a82
AM		 2563 }
2564 if ($errormessage) {
2565 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2566 print "<class name='base'>$errormessage";
2567 print "&nbsp;</class>";
2568 &Header::closebox();
2569 }
2570if ($cgiparams{'ACTION'} eq "edit"){
2571
2572 &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'});
2573
2574 print <<END
2575 <table width='100%' border=0>
2576 <tr><form method='post'>
2577 <td width='10%' nowrap='nowrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
2578 <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' readonly /></td></tr>
2579 <tr><td colspan='4' align='right'><hr><input type='submit' value='$Lang::tr{'save'}' /><input type='hidden' name='ACTION' value='editsave'/>
2580 <input type='hidden' name='ccdname' value='$cgiparams{'ccdname'}'/><input type='submit' value='$Lang::tr{'cancel'}' />
2581 </td></tr>
2582 </table></form>
2583END
2584;
2585 &Header::closebox();
2586
2587 &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
2588 print <<END
2589 <table width='100%' border='0' cellpadding='0' cellspacing='1'>
2590 <tr>
2591 <td class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' width='15%' align='center'><b>$Lang::tr{'ccd used'}</td><td width='3%'></td><td width='3%'></td></tr>
2592END
2593;
2594}
2595else{
2596 if (! -e "/var/run/openvpn.pid"){
2597 &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd add'});
2598 print <<END;
2599 <table width='100%' border='0'>
2600 <tr><form method='post'>
2601 <td colspan='4'>$Lang::tr{'ccd hint'}<br><br></td></tr>
2602 <tr>
2603 <td width='10%' nowrap='nwrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
2604 <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' /></td></tr>
2605 <tr><td colspan=4><hr /></td></tr><tr>
2606 <td colspan='4' align='right'><input type='hidden' name='ACTION' value='$Lang::tr{'ccd add'}' /><input type='submit' value='$Lang::tr{'add'}' /><input type='hidden' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}'/></td></tr>
2607 </table></form>
2608END
2609
2610 &Header::closebox();
2611}
2612 &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
5068ac38
AM		 2613 if ( -e "/var/run/openvpn.pid"){
2614 print "<b>$Lang::tr{'attention'}:</b><br>";
2615 print "$Lang::tr{'ccd noaddnet'}<br><hr>";
2616 }
2617
8c877a82
AM		 2618 print <<END
2619 <table width='100%' border='0' cellpadding='0' cellspacing='1'>
2620 <tr>
2621 <td class='boldbase' align='center' nowrap='nowrap' width='20%'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center' width='8%'><b>$Lang::tr{'network'}</td><td class='boldbase' width='8%' align='center' nowrap='nowrap'><b>$Lang::tr{'ccd used'}</td><td width='1%' align='center'></td><td width='1%' align='center'></td></tr>
2622END
2623;
2624}
2625 my %ccdconfhash=();
2626 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
2627 my @ccdconf=();
2628 my $count=0;
df9b48b7 2629 foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
8c877a82
AM		 2630 @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
2631 $count++;
2632 my $ccdhosts = &hostsinnet($ccdconf[0]);
2633 if ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";}
2634 else{ print" <tr bgcolor='$color{'color20'}'>";}
2635 print"<td>$ccdconf[0]</td><td align='center'>$ccdconf[1]</td><td align='center'>$ccdhosts/".(&ccdmaxclients($ccdconf[1])+1)."</td><td>";
2636print <<END
2637 <form method='post' />
2638 <input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} />
2639 <input type='hidden' name='ACTION' value='edit'/>
2640 <input type='hidden' name='ccdname' value='$ccdconf[0]' />
2641 <input type='hidden' name='ccdsubnet' value='$ccdconf[1]' />
2642 </form></td>
2643 <form method='post' />
2644 <td><input type='hidden' name='ACTION' value='kill'/>
2645 <input type='hidden' name='number' value='$count' />
2646 <input type='hidden' name='net' value='$ccdconf[0]' />
2647 <input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'remove'} title=$Lang::tr{'remove'} /></form></td></tr>
2648END
2649;
2650 }
2651 print "</table></form>";
2652 &Header::closebox();
2653 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2654 &Header::closebigbox();
2655 &Header::closepage();
2656 exit(0);
2657
2658#END CCD
2659
6e13d0a5
MT		 2660###
2661### Openvpn Connections Statistics
2662###
2663} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ovpn con stat'}) {
2664 &Header::showhttpheaders();
2665 &Header::openpage($Lang::tr{'ovpn con stat'}, 1, '');
2666 &Header::openbigbox('100%', 'LEFT', '', '');
2667 &Header::openbox('100%', 'LEFT', $Lang::tr{'ovpn con stat'});
2668
2669#
2670# <td><b>$Lang::tr{'protocol'}</b></td>
2671# protocol temp removed
2672 print <<END
2673 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
2674 <tr>
2675 <td><b>$Lang::tr{'common name'}</b></td>
2676 <td><b>$Lang::tr{'real address'}</b></td>
2677 <td><b>$Lang::tr{'virtual address'}</b></td>
2678 <td><b>$Lang::tr{'loged in at'}</b></td>
2679 <td><b>$Lang::tr{'bytes sent'}</b></td>
2680 <td><b>$Lang::tr{'bytes received'}</b></td>
2681 <td><b>$Lang::tr{'last activity'}</b></td>
2682 </tr>
2683END
2684;
4e17adad 2685 my $filename = "/var/log/ovpnserver.log";
6e13d0a5
MT		 2686 open(FILE, $filename) or die 'Unable to open config file.';
2687 my @current = <FILE>;
2688 close(FILE);
2689 my @users =();
2690 my $status;
2691 my $uid = 0;
2692 my $cn;
2693 my @match = ();
2694 my $proto = "udp";
2695 my $address;
2696 my %userlookup = ();
2697 foreach my $line (@current)
2698 {
2699 chomp($line);
2700 if ( $line =~ /^Updated,(.+)/){
2701 @match = split( /^Updated,(.+)/, $line);
2702 $status = $match[1];
2703 }
c6c9630e 2704#gian
6e13d0a5
MT		 2705 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
2706 @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
2707 if ($match[1] ne "Common Name") {
2708 $cn = $match[1];
2709 $userlookup{$match[2]} = $uid;
2710 $users[$uid]{'CommonName'} = $match[1];
2711 $users[$uid]{'RealAddress'} = $match[2];
c6c9630e
MT		 2712 $users[$uid]{'BytesReceived'} = &sizeformat($match[3]);
2713 $users[$uid]{'BytesSent'} = &sizeformat($match[4]);
6e13d0a5
MT		 2714 $users[$uid]{'Since'} = $match[5];
2715 $users[$uid]{'Proto'} = $proto;
2716 $uid++;
2717 }
2718 }
2719 if ( $line =~ /^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/) {
2720 @match = split(m/^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/, $line);
2721 if ($match[1] ne "Virtual Address") {
2722 $address = $match[3];
2723 #find the uid in the lookup table
2724 $uid = $userlookup{$address};
2725 $users[$uid]{'VirtualAddress'} = $match[1];
2726 $users[$uid]{'LastRef'} = $match[4];
2727 }
2728 }
2729 }
2730 my $user2 = @users;
2731 if ($user2 >= 1){
2732 for (my $idx = 1; $idx <= $user2; $idx++){
2733 if ($idx % 2) {
4e17adad 2734 print "<tr bgcolor='$color{'color20'}'>\n";
6e13d0a5 2735 } else {
4e17adad 2736 print "<tr bgcolor='$color{'color22'}'>\n";
6e13d0a5
MT		 2737 }
2738 print "<td align='left'>$users[$idx-1]{'CommonName'}</td>";
2739 print "<td align='left'>$users[$idx-1]{'RealAddress'}</td>";
2740 print "<td align='left'>$users[$idx-1]{'VirtualAddress'}</td>";
2741 print "<td align='left'>$users[$idx-1]{'Since'}</td>";
2742 print "<td align='left'>$users[$idx-1]{'BytesSent'}</td>";
2743 print "<td align='left'>$users[$idx-1]{'BytesReceived'}</td>";
2744 print "<td align='left'>$users[$idx-1]{'LastRef'}</td>";
2745# print "<td align='left'>$users[$idx-1]{'Proto'}</td>";
2746 }
2747 }
2748
2749 print "</table>";
2750 print <<END
2751 <table width='100%' border='0' cellpadding='2' cellspacing='0'>
2752 <tr><td></td></tr>
2753 <tr><td></td></tr>
2754 <tr><td></td></tr>
2755 <tr><td></td></tr>
2756 <tr><td align='center' >$Lang::tr{'the statistics were last updated at'} <b>$status</b></td></tr>
2757 </table>
2758END
2759;
2760 &Header::closebox();
2761 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2762 &Header::closebigbox();
2763 &Header::closepage();
2764 exit(0);
2765
2766###
2767### Download Certificate
2768###
2769} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download certificate'}) {
2770 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
c6c9630e 2771
6e13d0a5 2772 if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
c6c9630e
MT		 2773 print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . "cert.pem\r\n";
2774 print "Content-Type: application/octet-stream\r\n\r\n";
2775 print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
2776 exit (0);
2777 }
2778
2779###
2780### Enable/Disable connection
2781###
ce9abb66 2782
c6c9630e
MT		 2783} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
2784
2785 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2786 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2787
2788 if ($confighash{$cgiparams{'KEY'}}) {
ce9abb66 2789 if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
c6c9630e
MT		 2790 $confighash{$cgiparams{'KEY'}}[0] = 'on';
2791 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2792 #&writeserverconf();
2793# if ($vpnsettings{'ENABLED'} eq 'on' ||
2794# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
2795# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
2796# }
2797 } else {
2798 $confighash{$cgiparams{'KEY'}}[0] = 'off';
2799# if ($vpnsettings{'ENABLED'} eq 'on' ||
2800# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
2801# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
2802# }
2803 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2804 #&writeserverconf();
2805 }
2806 } else {
2807 $errormessage = $Lang::tr{'invalid key'};
6e13d0a5
MT		 2808 }
2809
2810###
2811### Restart connection
2812###
2813} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'restart'}) {
2814 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2815 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2816
2817 if ($confighash{$cgiparams{'KEY'}}) {
c6c9630e
MT		 2818# if ($vpnsettings{'ENABLED'} eq 'on' ||
2819# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
2820# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
2821# }
6e13d0a5 2822 } else {
c6c9630e 2823 $errormessage = $Lang::tr{'invalid key'};
6e13d0a5
MT		 2824 }
2825
2826###
c6c9630e 2827### Remove connection
6e13d0a5 2828###
c6c9630e
MT		 2829} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
2830 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2831 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2832
2833 if ($confighash{$cgiparams{'KEY'}}) {
2834# if ($vpnsettings{'ENABLED'} eq 'on' ||
2835# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
2836# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
2837# }
2838 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
2839 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
2840 delete $confighash{$cgiparams{'KEY'}};
2841 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2842 #&writeserverconf();
2843 } else {
2844 $errormessage = $Lang::tr{'invalid key'};
2845 }
ce9abb66
AH		 2846#test33
2847
2848###
2849### Choose between adding a host-net or net-net connection
2850###
2851
2852###
7c1d9faf 2853# m.a.d net2net
ce9abb66
AH		 2854###
2855
2856} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') {
2857 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2858 &Header::showhttpheaders();
2859 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
2860 &Header::openbigbox('100%', 'LEFT', '', '');
2861 &Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'});
b278daf3
AH		 2862
2863if ( -s "${General::swroot}/ovpn/settings") {
2864
ce9abb66
AH		 2865 print <<END
2866 <b>$Lang::tr{'connection type'}:</b><br />
8c877a82 2867 <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
ce9abb66
AH		 2868 <tr><td><input type='radio' name='TYPE' value='host' checked /></td>
2869 <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
2870 <tr><td><input type='radio' name='TYPE' value='net' /></td>
2871 <td class='base'>$Lang::tr{'net to net vpn'}</td></tr>
2872 <tr><td><input type='radio' name='TYPE' value='net2net' /></td>
2873 <td class='base'>$Lang::tr{'net to net vpn'} (Upload Client Package)</td></tr>
2874 <tr><td>&nbsp;</td><td class='base'><input type='file' name='FH' size='30'></td></tr>
54fd0535 2875 <tr><td>&nbsp;</td><td>Import Connection Name <img src='/blob.gif' /></td></tr>
8c877a82 2876 <tr><td>&nbsp;</td><td class='base'><input type='text' name='n2nname' size='30'>Default : Client Packagename</td></tr>
54fd0535 2877 <tr><td colspan='3'><hr /></td></tr>
8c877a82 2878 <tr><td align='right' colspan='3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
54fd0535 2879 <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
ce9abb66
AH		 2880 </form></table>
2881END
2882 ;
8c877a82 2883
ce9abb66 2884
b278daf3
AH		 2885} else {
2886 print <<END
2887 <b>$Lang::tr{'connection type'}:</b><br />
8c877a82 2888 <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data">
b278daf3 2889 <tr><td><input type='radio' name='TYPE' value='host' checked /></td> <td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
8c877a82 2890 <tr><td align='right' colspan'3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
b278daf3
AH		 2891 </form></table>
2892END
2893 ;
2894
2895}
2896
ce9abb66
AH		 2897 &Header::closebox();
2898 &Header::closebigbox();
2899 &Header::closepage();
2900 exit (0);
2901
2902###
7c1d9faf 2903# m.a.d net2net
ce9abb66
AH		 2904###
2905
2906} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2net')){
2907
2908 my @firen2nconf;
2909 my @confdetails;
2910 my $uplconffilename ='';
54fd0535 2911 my $uplconffilename2 ='';
ce9abb66 2912 my $uplp12name = '';
54fd0535 2913 my $uplp12name2 = '';
ce9abb66
AH		 2914 my @rem_subnet;
2915 my @rem_subnet2;
2916 my @tmposupnet3;
2917 my $key;
54fd0535 2918 my @n2nname;
ce9abb66
AH		 2919
2920 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2921
2922# Check if a file is uploaded
2923
2924 if (ref ($cgiparams{'FH'}) ne 'Fh') {
2925 $errormessage = $Lang::tr{'there was no file upload'};
2926 goto N2N_ERROR;
2927 }
2928
2929# Move uploaded IPfire n2n package to temporary file
2930
2931 (my $fh, my $filename) = tempfile( );
2932 if (copy ($cgiparams{'FH'}, $fh) != 1) {
2933 $errormessage = $!;
2934 goto N2N_ERROR;
2935 }
2936
2937 my $zip = Archive::Zip->new();
2938 my $zipName = $filename;
2939 my $status = $zip->read( $zipName );
2940 if ($status != AZ_OK) {
2941 $errormessage = "Read of $zipName failed\n";
2942 goto N2N_ERROR;
2943 }
2944
2945 my $tempdir = tempdir( CLEANUP => 1 );
2946 my @files = $zip->memberNames();
2947 for(@files) {
2948 $zip->extractMemberWithoutPaths($_,"$tempdir/$_");
2949 }
2950 my $countfiles = @files;
2951
2952# Check if we have not more then 2 files
2953
2954 if ( $countfiles == 2){
2955 foreach (@files){
2956 if ( $_ =~ /.conf$/){
2957 $uplconffilename = $_;
2958 }
2959 if ( $_ =~ /.p12$/){
2960 $uplp12name = $_;
2961 }
2962 }
2963 if (($uplconffilename eq '') || ($uplp12name eq '')){
2964 $errormessage = "Either no *.conf or no *.p12 file found\n";
2965 goto N2N_ERROR;
2966 }
2967
2968 open(FILE, "$tempdir/$uplconffilename") or die 'Unable to open*.conf file';
2969 @firen2nconf = <FILE>;
2970 close (FILE);
2971 chomp(@firen2nconf);
2972
2973 } else {
2974
2975 $errormessage = "Filecount does not match only 2 files are allowed\n";
2976 goto N2N_ERROR;
2977 }
2978
7c1d9faf
AH		 2979###
2980# m.a.d net2net
ce9abb66 2981###
54fd0535
MT		 2982
2983 if ($cgiparams{'n2nname'} ne ''){
2984
2985 $uplconffilename2 = "$cgiparams{'n2nname'}.conf";
2986 $uplp12name2 = "$cgiparams{'n2nname'}.p12";
2987 $n2nname[0] = $cgiparams{'n2nname'};
2988 my @n2nname2 = split(/\./,$uplconffilename);
2989 $n2nname2[0] =~ s/\n|\r//g;
2990 my $input1 = "${General::swroot}/ovpn/certs/$uplp12name";
2991 my $output1 = "${General::swroot}/ovpn/certs/$uplp12name2";
2992 my $input2 = "$n2nname2[0]n2n";
2993 my $output2 = "$n2nname[0]n2n";
2994 my $filename = "$tempdir/$uplconffilename";
2995 open(FILE, "< $filename") or die 'Unable to open config file.';
2996 my @current = <FILE>;
2997 close(FILE);
2998 foreach (@current) {s/$input1/$output1/g;}
2999 foreach (@current) {s/$input2/$output2/g;}
3000 open (OUT, "> $filename") || die 'Unable to open config file.';
3001 print OUT @current;
3002 close OUT;
ce9abb66 3003
54fd0535
MT		 3004 }else{
3005 $uplconffilename2 = $uplconffilename;
3006 $uplp12name2 = $uplp12name;
3007 @n2nname = split(/\./,$uplconffilename);
ce9abb66 3008 $n2nname[0] =~ s/\n|\r//g;
54fd0535 3009 }
7c1d9faf
AH		 3010 unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
3011 unless(-d "${General::swroot}/ovpn/n2nconf/$n2nname[0]"){mkdir "${General::swroot}/ovpn/n2nconf/$n2nname[0]", 0770 or die "Unable to create dir $!";}
ce9abb66 3012
54fd0535 3013 move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2");
ce9abb66
AH		 3014
3015 if ($? ne 0) {
3016 $errormessage = "*.conf move failed: $!";
3017 unlink ($filename);
3018 goto N2N_ERROR;
3019 }
3020
54fd0535 3021 move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name2");
b278daf3
AH		 3022 chmod 0600, "${General::swroot}/ovpn/certs/$uplp12name";
3023
ce9abb66
AH		 3024 if ($? ne 0) {
3025 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
3026 unlink ($filename);
3027 goto N2N_ERROR;
3028 }
3029
3030my $complzoactive;
d96c89eb
AH		 3031my $mssfixactive;
3032my $n2nfragment;
2ee746be 3033my @n2nmtudisc = split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]);;
60f396d7 3034my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
54fd0535 3035my @n2nproto = split(/-/, $n2nproto2[1]);
ce9abb66
AH		 3036my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]);
3037my @n2ntunmtu = split(/ /, (grep { /^tun-mtu/ } @firen2nconf)[0]);
3038my @n2ncomplzo = grep { /^comp-lzo/ } @firen2nconf;
3039if ($n2ncomplzo[0] =~ /comp-lzo/){$complzoactive = "on";} else {$complzoactive = "off";}
d96c89eb
AH		 3040my @n2nmssfix = grep { /^mssfix/ } @firen2nconf;
3041if ($n2nmssfix[0] =~ /mssfix/){$mssfixactive = "on";} else {$mssfixactive = "off";}
54fd0535 3042#my @n2nmssfix = split(/ /, (grep { /^mssfix/ } @firen2nconf)[0]);
d96c89eb 3043my @n2nfragment = split(/ /, (grep { /^fragment/ } @firen2nconf)[0]);
ce9abb66
AH		 3044my @n2nremote = split(/ /, (grep { /^remote/ } @firen2nconf)[0]);
3045my @n2novpnsuball = split(/ /, (grep { /^ifconfig/ } @firen2nconf)[0]);
3046my @n2novpnsub = split(/\./,$n2novpnsuball[1]);
3047my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]);
54fd0535 3048my @n2nmgmt = split(/ /, (grep { /^management/ } @firen2nconf)[0]);
ce9abb66
AH		 3049my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]);
3050
60f396d7 3051
ce9abb66
AH		 3052###
3053# m.a.d delete CR and LF from arrays for this chomp doesnt work
3054###
3055
ce9abb66 3056$n2nremote[1] =~ s/\n|\r//g;
ce9abb66
AH		 3057$n2novpnsub[0] =~ s/\n|\r//g;
3058$n2novpnsub[1] =~ s/\n|\r//g;
3059$n2novpnsub[2] =~ s/\n|\r//g;
60f396d7 3060$n2nproto[0] =~ s/\n|\r//g;
ce9abb66
AH		 3061$n2nport[1] =~ s/\n|\r//g;
3062$n2ntunmtu[1] =~ s/\n|\r//g;
3063$n2nremsub[1] =~ s/\n|\r//g;
b278daf3 3064$n2nremsub[2] =~ s/\n|\r//g;
ce9abb66 3065$n2nlocalsub[2] =~ s/\n|\r//g;
d96c89eb 3066$n2nfragment[1] =~ s/\n|\r//g;
54fd0535 3067$n2nmgmt[2] =~ s/\n|\r//g;
2ee746be 3068$n2nmtudisc[1] =~ s/\n|\r//g;
ce9abb66 3069chomp ($complzoactive);
d96c89eb 3070chomp ($mssfixactive);
ce9abb66
AH		 3071
3072###
7c1d9faf 3073# m.a.d net2net
ce9abb66
AH		 3074###
3075
3076###
3077# Check if there is no other entry with this name
3078###
3079
3080 foreach my $dkey (keys %confighash) {
3081 if ($confighash{$dkey}[1] eq $n2nname[0]) {
3082 $errormessage = $Lang::tr{'a connection with this name already exists'};
b278daf3
AH		 3083 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
3084 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
3085 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
ce9abb66
AH		 3086 goto N2N_ERROR;
3087 }
3088 }
3089
d96c89eb
AH		 3090###
3091# Check if OpenVPN Subnet is valid
3092###
3093
3094foreach my $dkey (keys %confighash) {
3095 if ($confighash{$dkey}[27] eq "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0") {
3096 $errormessage = 'The OpenVPN Subnet is already in use';
b278daf3
AH		 3097 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
3098 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
3099 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
d96c89eb
AH		 3100 goto N2N_ERROR;
3101 }
3102 }
3103
3104###
3105# Check im Dest Port is vaild
3106###
3107
3108foreach my $dkey (keys %confighash) {
3109 if ($confighash{$dkey}[29] eq $n2nport[1] ) {
3110 $errormessage = 'The OpenVPN Port is already in use';
b278daf3
AH		 3111 unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!";
3112 unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!";
3113 rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!";
d96c89eb
AH		 3114 goto N2N_ERROR;
3115 }
3116 }
3117
3118
3119
ce9abb66
AH		 3120 $key = &General::findhasharraykey (\%confighash);
3121
350f2980
SS		 3122 foreach my $i (0 .. 39) { $confighash{$key}[$i] = "";}
3123
ce9abb66
AH		 3124 $confighash{$key}[0] = 'off';
3125 $confighash{$key}[1] = $n2nname[0];
350f2980 3126 $confighash{$key}[2] = $n2nname[0];
ce9abb66
AH		 3127 $confighash{$key}[3] = 'net';
3128 $confighash{$key}[4] = 'cert';
3129 $confighash{$key}[6] = 'client';
3130 $confighash{$key}[8] = $n2nlocalsub[2];
350f2980
SS		 3131 $confighash{$key}[10] = $n2nremote[1];
3132 $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]";
54fd0535 3133 $confighash{$key}[22] = $n2nmgmt[2];
350f2980 3134 $confighash{$key}[23] = $mssfixactive;
d96c89eb 3135 $confighash{$key}[24] = $n2nfragment[1];
350f2980 3136 $confighash{$key}[25] = 'IPFire n2n Client';
ce9abb66 3137 $confighash{$key}[26] = 'red';
350f2980
SS		 3138 $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0";
3139 $confighash{$key}[28] = $n2nproto[0];
3140 $confighash{$key}[29] = $n2nport[1];
3141 $confighash{$key}[30] = $complzoactive;
3142 $confighash{$key}[31] = $n2ntunmtu[1];
3143 $confighash{$key}[38] = $n2nmtudisc[1];
ce9abb66
AH		 3144
3145
3146 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
d96c89eb 3147
ce9abb66
AH		 3148 N2N_ERROR:
3149
3150 &Header::showhttpheaders();
3151 &Header::openpage('Validate imported configuration', 1, '');
3152 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
3153 if ($errormessage) {
3154 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
3155 print "<class name='base'>$errormessage";
3156 print "&nbsp;</class>";
3157 &Header::closebox();
3158
3159 } else
3160 {
3161 &Header::openbox('100%', 'LEFT', 'import ipfire net2net config');
3162 }
3163 if ($errormessage eq ''){
3164 print <<END
3165 <!-- ipfire net2net config gui -->
3166 <table width='100%'>
3167 <tr><td width='25%'>&nbsp;</td><td width='25%'>&nbsp;</td></tr>
3168 <tr><td class='boldbase'>$Lang::tr{'name'}:</td><td><b>$n2nname[0]</b></td></tr>
3169 <tr><td>&nbsp;</td><td>&nbsp;</td></tr>
3170 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td><td><b>$confighash{$key}[6]</b></td></tr>
3171 <tr><td class='boldbase' nowrap='nowrap'>Remote Host </td><td><b>$confighash{$key}[10]</b></td></tr>
3172 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td><td><b>$confighash{$key}[8]</b></td></tr>
3173 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td><td><b>$confighash{$key}[11]</b></td></tr>
3174 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td><td><b>$confighash{$key}[27]</b></td></tr>
3175 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td><td><b>$confighash{$key}[28]</b></td></tr>
3176 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'destination port'}:</td><td><b>$confighash{$key}[29]</b></td></tr>
3177 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td><td><b>$confighash{$key}[30]</b></td></tr>
7c1d9faf
AH		 3178 <tr><td class='boldbase' nowrap='nowrap'>MSSFIX </td><td><b>$confighash{$key}[23]</b></td></tr>
3179 <tr><td class='boldbase' nowrap='nowrap'>Fragment </td><td><b>$confighash{$key}[24]</b></td></tr>
ce9abb66 3180 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
350f2980 3181 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td><td><b>$confighash{$key}[38]</b></td></tr>
54fd0535 3182 <tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr>
ce9abb66
AH		 3183 <tr><td>&nbsp;</td><td>&nbsp;</td></tr>
3184 </table>
3185END
3186;
3187 &Header::closebox();
3188 }
3189
3190 if ($errormessage) {
3191 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
3192 } else {
3193 print "<div align='center'><form method='post' ENCTYPE='multipart/form-data'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' />";
3194 print "<input type='hidden' name='TYPE' value='net2netakn' />";
3195 print "<input type='hidden' name='KEY' value='$key' />";
3196 print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>";
3197 }
3198 &Header::closebigbox();
3199 &Header::closepage();
3200 exit(0);
3201
3202
3203##
3204### Accept IPFire n2n Package Settings
3205###
3206
3207 } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){
3208
3209###
3210### Discard and Rollback IPFire n2n Package Settings
3211###
3212
3213 } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'cancel'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){
3214
3215 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3216
3217if ($confighash{$cgiparams{'KEY'}}) {
3218
3219 my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
3220 my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
3221 unlink ($certfile) or die "Removing $certfile fail: $!";
3222 unlink ($conffile) or die "Removing $conffile fail: $!";
3223 rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
3224 delete $confighash{$cgiparams{'KEY'}};
3225 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3226
3227 } else {
3228 $errormessage = $Lang::tr{'invalid key'};
3229 }
3230
3231
3232###
7c1d9faf 3233# m.a.d net2net
ce9abb66
AH		 3234###
3235
3236
3237###
3238### Adding a new connection
3239###
6e13d0a5
MT		 3240} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) ||
3241 ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) ||
3242 ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) {
8c877a82 3243
6e13d0a5
MT		 3244 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
3245 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
3246 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
3247
3248 if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) {
8c877a82
AM		 3249 if (! $confighash{$cgiparams{'KEY'}}[0]) {
3250 $errormessage = $Lang::tr{'invalid key'};
3251 goto VPNCONF_END;
3252 }
3253 $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0];
3254 $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1];
3255 $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3];
52d08bcb 3256 $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4];
8c877a82
AM		 3257 $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5];
3258 $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6];
3259 $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
3260 $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10];
3261 $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
3262 $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22];
3263 $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23];
52d08bcb 3264 $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24];
8c877a82 3265 $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25];
52d08bcb 3266 $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26];
8c877a82
AM		 3267 $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27];
3268 $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28];
52d08bcb 3269 $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29];
8c877a82
AM		 3270 $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30];
3271 $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31];
52d08bcb 3272 $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32];
df9b48b7 3273 $name=$cgiparams{'CHECK1'} ;
8c877a82
AM		 3274 $cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33];
3275 $cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34];
3276 $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35];
3277 $cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36];
3278 $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37];
52d08bcb 3279 $cgiparams{'PMTU_DISCOVERY'} = $confighash{$cgiparams{'KEY'}}[38];
8c877a82 3280 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
c6c9630e 3281 $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
18837a6a 3282
8c877a82 3283#A.Marx CCD check iroute field and convert it to decimal
52d08bcb 3284if ($cgiparams{'TYPE'} eq 'host') {
8c877a82
AM		 3285 my @temp=();
3286 my %ccdroutehash=();
3287 my $keypoint=0;
5068ac38
AM		 3288 my $ip;
3289 my $cidr;
8c877a82
AM		 3290 if ($cgiparams{'IR'} ne ''){
3291 @temp = split("\n",$cgiparams{'IR'});
3292 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3293 #find key to use
3294 foreach my $key (keys %ccdroutehash) {
3295 if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) {
3296 $keypoint=$key;
3297 delete $ccdroutehash{$key};
3298 }else{
3299 $keypoint = &General::findhasharraykey (\%ccdroutehash);
3300 }
3301 }
3302 $ccdroutehash{$keypoint}[0]=$cgiparams{'NAME'};
3303 my $i=1;
3304 my $val=0;
3305 foreach $val (@temp){
3306 chomp($val);
3307 $val=~s/\s*$//g;
5068ac38 3308 #check if iroute exists in ccdroute or if new iroute is part of an existing one
8c877a82
AM		 3309 foreach my $key (keys %ccdroutehash) {
3310 foreach my $oldiroute ( 1 .. $#{$ccdroutehash{$key}}){
5068ac38
AM		 3311 if ($ccdroutehash{$key}[$oldiroute] eq "$val") {
3312 $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
3313 goto VPNCONF_ERROR;
3314 }
3315 my ($ip1,$cidr1) = split (/\//, $val);
82c809c7 3316 $ip1 = &General::getnetworkip($ip1,&General::iporsubtocidr($cidr1));
5068ac38
AM		 3317 my ($ip2,$cidr2) = split (/\//, $ccdroutehash{$key}[$oldiroute]);
3318 if (&General::IpInSubnet ($ip1,$ip2,$cidr2)){
3319 $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
3320 goto VPNCONF_ERROR;
3321 }
3322
8c877a82
AM		 3323 }
3324 }
5068ac38
AM		 3325 if (!&General::validipandmask($val)){
3326 $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
3327 goto VPNCONF_ERROR;
3328 }else{
3329 ($ip,$cidr) = split(/\//,$val);
3330 $ip=&General::getnetworkip($ip,&General::iporsubtocidr($cidr));
3331 $cidr=&General::iporsubtodec($cidr);
3332 $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
3333
3334 }
8c877a82
AM		 3335
3336 #check for existing network IP's
52d08bcb
AM		 3337 if (&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0')
3338 {
3339 $errormessage=$Lang::tr{'ccd err green'};
3340 goto VPNCONF_ERROR;
3341 }elsif(&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0')
3342 {
3343 $errormessage=$Lang::tr{'ccd err red'};
3344 goto VPNCONF_ERROR;
3345 }elsif(&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '')
3346 {
3347 $errormessage=$Lang::tr{'ccd err blue'};
3348 goto VPNCONF_ERROR;
3349 }elsif(&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' )
3350 {
3351 $errormessage=$Lang::tr{'ccd err orange'};
8c877a82
AM		 3352 goto VPNCONF_ERROR;
3353 }
52d08bcb 3354
8c877a82
AM		 3355 if (&General::validipandmask($val)){
3356 $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
3357 }else{
3358 $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($ip/$cidr)";
3359 goto VPNCONF_ERROR;
3360 }
3361 $i++;
3362 }
3363 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3364 &writeserverconf;
3365 }else{
3366 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3367 foreach my $key (keys %ccdroutehash) {
3368 if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) {
3369 delete $ccdroutehash{$key};
3370 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3371 &writeserverconf;
3372 }
3373 }
3374 }
3375 undef @temp;
3376 #check route field and convert it to decimal
8c877a82
AM		 3377 my $val=0;
3378 my $i=1;
8c877a82 3379 &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
52d08bcb
AM		 3380 #find key to use
3381 foreach my $key (keys %ccdroute2hash) {
3382 if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) {
3383 $keypoint=$key;
3384 delete $ccdroute2hash{$key};
3385 }else{
3386 $keypoint = &General::findhasharraykey (\%ccdroute2hash);
3387 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
3388 &writeserverconf;
8c877a82 3389 }
52d08bcb
AM		 3390 }
3391 $ccdroute2hash{$keypoint}[0]=$cgiparams{'NAME'};
3392 if ($cgiparams{'IFROUTE'} eq ''){$cgiparams{'IFROUTE'} = $Lang::tr{'ccd none'};}
3393 @temp = split(/\|/,$cgiparams{'IFROUTE'});
3394 my %ownnet=();
3395 &General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
3396 foreach $val (@temp){
3397 chomp($val);
3398 $val=~s/\s*$//g;
3399 if ($val eq $Lang::tr{'green'})
3400 {
3401 $val=$ownnet{GREEN_NETADDRESS}."/".$ownnet{GREEN_NETMASK};
3402 }
3403 if ($val eq $Lang::tr{'blue'})
3404 {
3405 $val=$ownnet{BLUE_NETADDRESS}."/".$ownnet{BLUE_NETMASK};
3406 }
3407 if ($val eq $Lang::tr{'orange'})
3408 {
3409 $val=$ownnet{ORANGE_NETADDRESS}."/".$ownnet{ORANGE_NETMASK};
3410 }
3411 my ($ip,$cidr) = split (/\//, $val);
3412
3413 if ($val ne $Lang::tr{'ccd none'})
3414 {
8c877a82
AM		 3415 if (! &check_routes_push($val)){$errormessage=$errormessage."Route $val ".$Lang::tr{'ccd err routeovpn2'}." ($val)";goto VPNCONF_ERROR;}
3416 if (! &check_ccdroute($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err inuse'}." ($val)" ;goto VPNCONF_ERROR;}
3417 if (! &check_ccdconf($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err routeovpn'}." ($val)";goto VPNCONF_ERROR;}
3418 if (&General::validipandmask($val)){
3419 $val=$ip."/".&General::iporsubtodec($cidr);
3420 $ccdroute2hash{$keypoint}[$i] = $val;
3421 }else{
3422 $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
3423 goto VPNCONF_ERROR;
3424 }
52d08bcb
AM		 3425 }else{
3426 $ccdroute2hash{$keypoint}[$i]='';
3427 }
3428 $i++;
3429 }
3430 &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
3431
8c877a82
AM		 3432 #check dns1 ip
3433 if ($cgiparams{'CCD_DNS1'} ne '' && ! &General::validip($cgiparams{'CCD_DNS1'})) {
3434 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 1";
3435 goto VPNCONF_ERROR;
3436 }
3437 #check dns2 ip
3438 if ($cgiparams{'CCD_DNS2'} ne '' && ! &General::validip($cgiparams{'CCD_DNS2'})) {
3439 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 2";
3440 goto VPNCONF_ERROR;
3441 }
3442 #check wins ip
3443 if ($cgiparams{'CCD_WINS'} ne '' && ! &General::validip($cgiparams{'CCD_WINS'})) {
3444 $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp wins'};
3445 goto VPNCONF_ERROR;
3446 }
52d08bcb 3447}
8c877a82
AM		 3448
3449#CCD End
52d08bcb 3450
8c877a82
AM		 3451
3452 if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
c6c9630e 3453 $errormessage = $Lang::tr{'connection type is invalid'};
b278daf3
AH		 3454 if ($cgiparams{'TYPE'} eq 'net') {
3455 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3456 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3457 }
c6c9630e
MT		 3458 goto VPNCONF_ERROR;
3459 }
3460
3461
3462 if ($cgiparams{'NAME'} !~ /^[a-zA-Z0-9]+$/) {
3463 $errormessage = $Lang::tr{'name must only contain characters'};
b278daf3
AH		 3464 if ($cgiparams{'TYPE'} eq 'net') {
3465 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3466 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3467 }
3468 goto VPNCONF_ERROR;
3469 }
c6c9630e
MT		 3470
3471 if ($cgiparams{'NAME'} =~ /^(host|01|block|private|clear|packetdefault)$/) {
3472 $errormessage = $Lang::tr{'name is invalid'};
b278daf3
AH		 3473 if ($cgiparams{'TYPE'} eq 'net') {
3474 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3475 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3476 }
c6c9630e
MT		 3477 goto VPNCONF_ERROR;
3478 }
3479
3480 if (length($cgiparams{'NAME'}) >60) {
3481 $errormessage = $Lang::tr{'name too long'};
b278daf3
AH		 3482 if ($cgiparams{'TYPE'} eq 'net') {
3483 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3484 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3485 }
c6c9630e
MT		 3486 goto VPNCONF_ERROR;
3487 }
3488
d96c89eb 3489###
7c1d9faf 3490# m.a.d net2net
d96c89eb
AH		 3491###
3492
7c1d9faf 3493if ($cgiparams{'TYPE'} eq 'net') {
ab4cf06c 3494 if ($cgiparams{'DEST_PORT'} eq $vpnsettings{'DDEST_PORT'}) {
cd0c0a0d 3495 $errormessage = $Lang::tr{'openvpn destination port used'};
b278daf3
AH		 3496 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3497 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3498 goto VPNCONF_ERROR;
d96c89eb 3499 }
ab4cf06c
AM		 3500 #Bugfix 10357
3501 foreach my $key (sort keys %confighash){
3502 if ( ($confighash{$key}[22] eq $cgiparams{'DEST_PORT'} && $cgiparams{'NAME'} ne $confighash{$key}[1]) || ($confighash{$key}[29] eq $cgiparams{'DEST_PORT'} && $cgiparams{'NAME'} ne $confighash{$key}[1])){
54fd0535
MT		 3503 $errormessage = $Lang::tr{'openvpn destination port used'};
3504 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3505 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
ab4cf06c
AM		 3506 goto VPNCONF_ERROR;
3507 }
3508 }
3509 if ($cgiparams{'DEST_PORT'} eq '') {
3510 $errormessage = $Lang::tr{'invalid port'};
3511 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3512 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
54fd0535
MT		 3513 goto VPNCONF_ERROR;
3514 }
d96c89eb 3515
f48074ba
SS		 3516 # Check if the input for the transfer net is valid.
3517 if (!&General::validipandmask($cgiparams{'OVPN_SUBNET'})){
3518 $errormessage = $Lang::tr{'ccd err invalidnet'};
3519 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3520 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3521 goto VPNCONF_ERROR;
3522 }
3523
d96c89eb 3524 if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) {
cd0c0a0d 3525 $errormessage = $Lang::tr{'openvpn subnet is used'};
b278daf3
AH		 3526 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3527 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
d96c89eb
AH		 3528 goto VPNCONF_ERROR;
3529 }
3530
3531 if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'MSSFIX'} eq 'on')) {
cd0c0a0d 3532 $errormessage = $Lang::tr{'openvpn mssfix allowed with udp'};
b278daf3
AH		 3533 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3534 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
d96c89eb
AH		 3535 goto VPNCONF_ERROR;
3536 }
3537
3538 if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'FRAGMENT'} ne '')) {
cd0c0a0d 3539 $errormessage = $Lang::tr{'openvpn fragment allowed with udp'};
b278daf3
AH		 3540 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3541 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
d96c89eb
AH		 3542 goto VPNCONF_ERROR;
3543 }
d96c89eb 3544
2ee746be
SS		 3545 if ($cgiparams{'PMTU_DISCOVERY'} ne 'off') {
3546 if (($cgiparams{'FRAGMENT'} ne '') || ($cgiparams{'MSSFIX'} eq 'on')) {
3547 $errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'};
3548 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3549 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3550 goto VPNCONF_ERROR;
3551 }
3552 }
3553
4cdf8b92
SS		 3554 if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') && ($cgiparams{'MTU'} ne '1500')) {
3555 $errormessage = $Lang::tr{'ovpn mtu-disc and mtu not 1500'};
3556 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3557 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3558 goto VPNCONF_ERROR;
3559 }
3560
7c1d9faf 3561 if ( &validdotmask ($cgiparams{'LOCAL_SUBNET'})) {
cd0c0a0d 3562 $errormessage = $Lang::tr{'openvpn prefix local subnet'};
b278daf3
AH		 3563 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3564 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3565 goto VPNCONF_ERROR;
7c1d9faf
AH		 3566 }
3567
3568 if ( &validdotmask ($cgiparams{'OVPN_SUBNET'})) {
cd0c0a0d 3569 $errormessage = $Lang::tr{'openvpn prefix openvpn subnet'};
b278daf3
AH		 3570 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3571 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3572 goto VPNCONF_ERROR;
7c1d9faf
AH		 3573 }
3574
3575 if ( &validdotmask ($cgiparams{'REMOTE_SUBNET'})) {
cd0c0a0d 3576 $errormessage = $Lang::tr{'openvpn prefix remote subnet'};
b278daf3
AH		 3577 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3578 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3579 goto VPNCONF_ERROR;
7c1d9faf 3580 }
54fd0535
MT		 3581
3582 if ($cgiparams{'OVPN_MGMT'} eq '') {
3583 $cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'};
3584 }
3585
7c1d9faf 3586}
d96c89eb 3587
ce9abb66
AH		 3588# if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
3589# $errormessage = $Lang::tr{'ipfire side is invalid'};
3590# goto VPNCONF_ERROR;
3591# }
3592
c6c9630e
MT		 3593 # Check if there is no other entry with this name
3594 if (! $cgiparams{'KEY'}) {
3595 foreach my $key (keys %confighash) {
3596 if ($confighash{$key}[1] eq $cgiparams{'NAME'}) {
3597 $errormessage = $Lang::tr{'a connection with this name already exists'};
b278daf3
AH		 3598 if ($cgiparams{'TYPE'} eq 'net') {
3599 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3600 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3601 }
c6c9630e 3602 goto VPNCONF_ERROR;
6e13d0a5 3603 }
c6c9630e
MT		 3604 }
3605 }
3606
c125d8a2 3607 # Check if a remote host/IP has been set for the client.
c83e7d5f
MT		 3608 if ($cgiparams{'TYPE'} eq 'net') {
3609 if ($cgiparams{'SIDE'} ne 'server' && $cgiparams{'REMOTE'} eq '') {
3610 $errormessage = $Lang::tr{'invalid input for remote host/ip'};
c125d8a2 3611
c83e7d5f
MT		 3612 # Check if this is a N2N connection and drop temporary config.
3613 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3614 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
ce9abb66 3615
c83e7d5f
MT		 3616 goto VPNCONF_ERROR;
3617 }
c125d8a2 3618
c83e7d5f
MT		 3619 # Check if a remote host/IP has been configured - the field can be empty on the server side.
3620 if ($cgiparams{'REMOTE'} ne '') {
3621 # Check if the given IP is valid - otherwise check if it is a valid domain.
3622 if (! &General::validip($cgiparams{'REMOTE'})) {
3623 # Check for a valid domain.
3624 if (! &General::validfqdn ($cgiparams{'REMOTE'})) {
3625 $errormessage = $Lang::tr{'invalid input for remote host/ip'};
c125d8a2 3626
c83e7d5f
MT		 3627 # Check if this is a N2N connection and drop temporary config.
3628 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3629 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
c125d8a2 3630
c83e7d5f
MT		 3631 goto VPNCONF_ERROR;
3632 }
3633 }
6e13d0a5 3634 }
c6c9630e 3635 }
c125d8a2 3636
c6c9630e
MT		 3637 if ($cgiparams{'TYPE'} ne 'host') {
3638 unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) {
3639 $errormessage = $Lang::tr{'local subnet is invalid'};
b278daf3
AH		 3640 if ($cgiparams{'TYPE'} eq 'net') {
3641 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3642 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3643 }
c6c9630e
MT		 3644 goto VPNCONF_ERROR;}
3645 }
3646 # Check if there is no other entry without IP-address and PSK
3647 if ($cgiparams{'REMOTE'} eq '') {
3648 foreach my $key (keys %confighash) {
3649 if(($cgiparams{'KEY'} ne $key) &&
3650 ($confighash{$key}[4] eq 'psk' || $cgiparams{'AUTH'} eq 'psk') &&
3651 $confighash{$key}[10] eq '') {
3652 $errormessage = $Lang::tr{'you can only define one roadwarrior connection when using pre-shared key authentication'};
3653 goto VPNCONF_ERROR;
6e13d0a5 3654 }
c6c9630e
MT		 3655 }
3656 }
ce9abb66
AH		 3657 if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) {
3658 $errormessage = $Lang::tr{'remote subnet is invalid'};
b278daf3
AH		 3659 unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
3660 rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
3661 goto VPNCONF_ERROR;
ce9abb66 3662 }
c6c9630e
MT		 3663
3664 if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
3665 $errormessage = $Lang::tr{'invalid input'};
3666 goto VPNCONF_ERROR;
3667 }
3668 if ($cgiparams{'EDIT_ADVANCED'} !~ /^(on|off)$/) {
3669 $errormessage = $Lang::tr{'invalid input'};
3670 goto VPNCONF_ERROR;
3671 }
3672
3673#fixplausi
3674 if ($cgiparams{'AUTH'} eq 'psk') {
3675# if (! length($cgiparams{'PSK'}) ) {
3676# $errormessage = $Lang::tr{'pre-shared key is too short'};
3677# goto VPNCONF_ERROR;
3678# }
3679# if ($cgiparams{'PSK'} =~ /['",&]/) {
3680# $errormessage = $Lang::tr{'invalid characters found in pre-shared key'};
3681# goto VPNCONF_ERROR;
3682# }
3683 } elsif ($cgiparams{'AUTH'} eq 'certreq') {
3684 if ($cgiparams{'KEY'}) {
3685 $errormessage = $Lang::tr{'cant change certificates'};
3686 goto VPNCONF_ERROR;
3687 }
3688 if (ref ($cgiparams{'FH'}) ne 'Fh') {
3689 $errormessage = $Lang::tr{'there was no file upload'};
3690 goto VPNCONF_ERROR;
3691 }
3692
3693 # Move uploaded certificate request to a temporary file
3694 (my $fh, my $filename) = tempfile( );
3695 if (copy ($cgiparams{'FH'}, $fh) != 1) {
3696 $errormessage = $!;
3697 goto VPNCONF_ERROR;
3698 }
6e13d0a5 3699
c6c9630e
MT		 3700 # Sign the certificate request and move it
3701 # Sign the host certificate request
f6e12093 3702 system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
c6c9630e
MT		 3703 '-batch', '-notext',
3704 '-in', $filename,
3705 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
3706 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf");
3707 if ($?) {
3708 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
3709 unlink ($filename);
3710 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
3711 &newcleanssldatabase();
3712 goto VPNCONF_ERROR;
3713 } else {
3714 unlink ($filename);
3715 &deletebackupcert();
3716 }
3717
3718 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
3719 $temp =~ /Subject:.*CN=(.*)[\n]/;
3720 $temp = $1;
3721 $temp =~ s+/Email+, E+;
3722 $temp =~ s/ ST=/ S=/;
3723 $cgiparams{'CERT_NAME'} = $temp;
3724 $cgiparams{'CERT_NAME'} =~ s/,//g;
3725 $cgiparams{'CERT_NAME'} =~ s/\'//g;
3726 if ($cgiparams{'CERT_NAME'} eq '') {
3727 $errormessage = $Lang::tr{'could not retrieve common name from certificate'};
3728 goto VPNCONF_ERROR;
3729 }
3730 } elsif ($cgiparams{'AUTH'} eq 'certfile') {
3731 if ($cgiparams{'KEY'}) {
3732 $errormessage = $Lang::tr{'cant change certificates'};
3733 goto VPNCONF_ERROR;
3734 }
3735 if (ref ($cgiparams{'FH'}) ne 'Fh') {
3736 $errormessage = $Lang::tr{'there was no file upload'};
3737 goto VPNCONF_ERROR;
3738 }
3739 # Move uploaded certificate to a temporary file
3740 (my $fh, my $filename) = tempfile( );
3741 if (copy ($cgiparams{'FH'}, $fh) != 1) {
3742 $errormessage = $!;
3743 goto VPNCONF_ERROR;
3744 }
3745
3746 # Verify the certificate has a valid CA and move it
3747 my $validca = 0;
3748 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/cacert.pem $filename`;
3749 if ($test =~ /: OK/) {
3750 $validca = 1;
3751 } else {
3752 foreach my $key (keys %cahash) {
3753 $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$key}[0]cert.pem $filename`;
3754 if ($test =~ /: OK/) {
3755 $validca = 1;
3756 }
6e13d0a5 3757 }
c6c9630e
MT		 3758 }
3759 if (! $validca) {
3760 $errormessage = $Lang::tr{'certificate does not have a valid ca associated with it'};
3761 unlink ($filename);
3762 goto VPNCONF_ERROR;
3763 } else {
3764 move($filename, "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
3765 if ($? ne 0) {
3766 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
3767 unlink ($filename);
3768 goto VPNCONF_ERROR;
6e13d0a5 3769 }
c6c9630e
MT		 3770 }
3771
3772 my $temp = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem`;
3773 $temp =~ /Subject:.*CN=(.*)[\n]/;
3774 $temp = $1;
3775 $temp =~ s+/Email+, E+;
3776 $temp =~ s/ ST=/ S=/;
3777 $cgiparams{'CERT_NAME'} = $temp;
3778 $cgiparams{'CERT_NAME'} =~ s/,//g;
3779 $cgiparams{'CERT_NAME'} =~ s/\'//g;
3780 if ($cgiparams{'CERT_NAME'} eq '') {
3781 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
3782 $errormessage = $Lang::tr{'could not retrieve common name from certificate'};
3783 goto VPNCONF_ERROR;
3784 }
3785 } elsif ($cgiparams{'AUTH'} eq 'certgen') {
3786 if ($cgiparams{'KEY'}) {
3787 $errormessage = $Lang::tr{'cant change certificates'};
3788 goto VPNCONF_ERROR;
3789 }
3790 # Validate input since the form was submitted
3791 if (length($cgiparams{'CERT_NAME'}) >60) {
3792 $errormessage = $Lang::tr{'name too long'};
3793 goto VPNCONF_ERROR;
3794 }
3795 if ($cgiparams{'CERT_NAME'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
3796 $errormessage = $Lang::tr{'invalid input for name'};
3797 goto VPNCONF_ERROR;
3798 }
3799 if ($cgiparams{'CERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'CERT_EMAIL'}))) {
3800 $errormessage = $Lang::tr{'invalid input for e-mail address'};
3801 goto VPNCONF_ERROR;
3802 }
3803 if (length($cgiparams{'CERT_EMAIL'}) > 40) {
3804 $errormessage = $Lang::tr{'e-mail address too long'};
3805 goto VPNCONF_ERROR;
3806 }
3807 if ($cgiparams{'CERT_OU'} ne '' && $cgiparams{'CERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
3808 $errormessage = $Lang::tr{'invalid input for department'};
3809 goto VPNCONF_ERROR;
3810 }
3811 if (length($cgiparams{'CERT_ORGANIZATION'}) >60) {
3812 $errormessage = $Lang::tr{'organization too long'};
3813 goto VPNCONF_ERROR;
3814 }
3815 if ($cgiparams{'CERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]+$/) {
3816 $errormessage = $Lang::tr{'invalid input for organization'};
3817 goto VPNCONF_ERROR;
3818 }
3819 if ($cgiparams{'CERT_CITY'} ne '' && $cgiparams{'CERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
3820 $errormessage = $Lang::tr{'invalid input for city'};
3821 goto VPNCONF_ERROR;
3822 }
3823 if ($cgiparams{'CERT_STATE'} ne '' && $cgiparams{'CERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
3824 $errormessage = $Lang::tr{'invalid input for state or province'};
3825 goto VPNCONF_ERROR;
3826 }
3827 if ($cgiparams{'CERT_COUNTRY'} !~ /^[A-Z]*$/) {
3828 $errormessage = $Lang::tr{'invalid input for country'};
3829 goto VPNCONF_ERROR;
3830 }
3831 if ($cgiparams{'CERT_PASS1'} ne '' && $cgiparams{'CERT_PASS2'} ne ''){
3832 if (length($cgiparams{'CERT_PASS1'}) < 5) {
3833 $errormessage = $Lang::tr{'password too short'};
3834 goto VPNCONF_ERROR;
6e13d0a5 3835 }
c6c9630e
MT		 3836 }
3837 if ($cgiparams{'CERT_PASS1'} ne $cgiparams{'CERT_PASS2'}) {
3838 $errormessage = $Lang::tr{'passwords do not match'};
3839 goto VPNCONF_ERROR;
3840 }
3841
3842 # Replace empty strings with a .
3843 (my $ou = $cgiparams{'CERT_OU'}) =~ s/^\s*$/\./;
3844 (my $city = $cgiparams{'CERT_CITY'}) =~ s/^\s*$/\./;
3845 (my $state = $cgiparams{'CERT_STATE'}) =~ s/^\s*$/\./;
3846
3847 # Create the Host certificate request client
3848 my $pid = open(OPENSSL, "|-");
3849 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto VPNCONF_ERROR;};
3850 if ($pid) { # parent
3851 print OPENSSL "$cgiparams{'CERT_COUNTRY'}\n";
3852 print OPENSSL "$state\n";
3853 print OPENSSL "$city\n";
3854 print OPENSSL "$cgiparams{'CERT_ORGANIZATION'}\n";
3855 print OPENSSL "$ou\n";
3856 print OPENSSL "$cgiparams{'CERT_NAME'}\n";
3857 print OPENSSL "$cgiparams{'CERT_EMAIL'}\n";
3858 print OPENSSL ".\n";
3859 print OPENSSL ".\n";
3860 close (OPENSSL);
3861 if ($?) {
3862 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
3863 unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}key.pem");
3864 unlink ("${General::swroot}ovpn/certs/$cgiparams{'NAME'}req.pem");
3865 goto VPNCONF_ERROR;
6e13d0a5 3866 }
c6c9630e
MT		 3867 } else { # child
3868 unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
3869 '-newkey', 'rsa:1024',
3870 '-keyout', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
3871 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
3872 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
3873 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
3874 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
3875 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
3876 goto VPNCONF_ERROR;
6e13d0a5 3877 }
c6c9630e
MT		 3878 }
3879
3880 # Sign the host certificate request
f6e12093 3881 system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}",
c6c9630e
MT		 3882 '-batch', '-notext',
3883 '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem",
3884 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
3885 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf");
3886 if ($?) {
3887 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
3888 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
3889 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
3890 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
3891 &newcleanssldatabase();
3892 goto VPNCONF_ERROR;
3893 } else {
3894 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem");
3895 &deletebackupcert();
3896 }
3897
3898 # Create the pkcs12 file
3899 system('/usr/bin/openssl', 'pkcs12', '-export',
3900 '-inkey', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem",
3901 '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem",
3902 '-name', $cgiparams{'NAME'},
3903 '-passout', "pass:$cgiparams{'CERT_PASS1'}",
3904 '-certfile', "${General::swroot}/ovpn/ca/cacert.pem",
3905 '-caname', "$vpnsettings{'ROOTCERT_ORGANIZATION'} CA",
3906 '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12");
3907 if ($?) {
3908 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
3909 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
3910 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem");
3911 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12");
3912 goto VPNCONF_ERROR;
3913 } else {
3914 unlink ("${General::swroot}/ovpn/certs/$cgiparams{'NAME'}key.pem");
3915 }
3916 } elsif ($cgiparams{'AUTH'} eq 'cert') {
3917 ;# Nothing, just editing
3918 } else {
3919 $errormessage = $Lang::tr{'invalid input for authentication method'};
3920 goto VPNCONF_ERROR;
3921 }
3922
3923 # Check if there is no other entry with this common name
3924 if ((! $cgiparams{'KEY'}) && ($cgiparams{'AUTH'} ne 'psk')) {
3925 foreach my $key (keys %confighash) {
3926 if ($confighash{$key}[2] eq $cgiparams{'CERT_NAME'}) {
3927 $errormessage = $Lang::tr{'a connection with this common name already exists'};
3928 goto VPNCONF_ERROR;
6e13d0a5 3929 }
c6c9630e
MT		 3930 }
3931 }
3932
ab4cf06c 3933 # Save the config
c6c9630e 3934 my $key = $cgiparams{'KEY'};
8c877a82 3935
c6c9630e
MT		 3936 if (! $key) {
3937 $key = &General::findhasharraykey (\%confighash);
8c877a82 3938 foreach my $i (0 .. 38) { $confighash{$key}[$i] = "";}
c6c9630e 3939 }
8c877a82
AM		 3940 $confighash{$key}[0] = $cgiparams{'ENABLED'};
3941 $confighash{$key}[1] = $cgiparams{'NAME'};
c6c9630e 3942 if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') {
8c877a82 3943 $confighash{$key}[2] = $cgiparams{'CERT_NAME'};
c6c9630e 3944 }
8c877a82
AM		 3945
3946 $confighash{$key}[3] = $cgiparams{'TYPE'};
c6c9630e 3947 if ($cgiparams{'AUTH'} eq 'psk') {
8c877a82
AM		 3948 $confighash{$key}[4] = 'psk';
3949 $confighash{$key}[5] = $cgiparams{'PSK'};
c6c9630e 3950 } else {
8c877a82 3951 $confighash{$key}[4] = 'cert';
c6c9630e 3952 }
ce9abb66 3953 if ($cgiparams{'TYPE'} eq 'net') {
8c877a82
AM		 3954 $confighash{$key}[6] = $cgiparams{'SIDE'};
3955 $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
ce9abb66 3956 }
52d08bcb 3957 $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
8c877a82 3958 $confighash{$key}[10] = $cgiparams{'REMOTE'};
54fd0535 3959 if ($cgiparams{'OVPN_MGMT'} eq '') {
8c877a82 3960 $confighash{$key}[22] = $confighash{$key}[29];
54fd0535 3961 } else {
8c877a82 3962 $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'};
54fd0535 3963 }
8c877a82
AM		 3964 $confighash{$key}[23] = $cgiparams{'MSSFIX'};
3965 $confighash{$key}[24] = $cgiparams{'FRAGMENT'};
3966 $confighash{$key}[25] = $cgiparams{'REMARK'};
3967 $confighash{$key}[26] = $cgiparams{'INTERFACE'};
c6c9630e 3968# new fields
8c877a82
AM		 3969 $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'};
3970 $confighash{$key}[28] = $cgiparams{'PROTOCOL'};
3971 $confighash{$key}[29] = $cgiparams{'DEST_PORT'};
3972 $confighash{$key}[30] = $cgiparams{'COMPLZO'};
3973 $confighash{$key}[31] = $cgiparams{'MTU'};
3974 $confighash{$key}[32] = $cgiparams{'CHECK1'};
df9b48b7 3975 $name=$cgiparams{'CHECK1'};
8c877a82
AM		 3976 $confighash{$key}[33] = $cgiparams{$name};
3977 $confighash{$key}[34] = $cgiparams{'RG'};
3978 $confighash{$key}[35] = $cgiparams{'CCD_DNS1'};
3979 $confighash{$key}[36] = $cgiparams{'CCD_DNS2'};
3980 $confighash{$key}[37] = $cgiparams{'CCD_WINS'};
52d08bcb 3981 $confighash{$key}[38] = $cgiparams{'PMTU_DISCOVERY'};
350f2980
SS		 3982
3983
c6c9630e 3984 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
8c877a82
AM		 3985
3986 if ($cgiparams{'CHECK1'} ){
3987
3988 my ($ccdip,$ccdsub)=split "/",$cgiparams{$name};
3989 my ($a,$b,$c,$d) = split (/\./,$ccdip);
df9b48b7
AM		 3990 if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){
3991 unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";
3992 }
b643120c 3993 $confighash{$key}[2] =~ s/ /_/gi;
8c877a82 3994 open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!";
82c809c7 3995 print CCDRWCONF "# OpenVPN clientconfig from ccd extension by Copymaster#\n\n";
8c877a82
AM		 3996 if($cgiparams{'CHECK1'} eq 'dynamic'){
3997 print CCDRWCONF "#This client uses the dynamic pool\n";
3998 }else{
82c809c7 3999 print CCDRWCONF "#Ip address client and server\n";
8c877a82
AM		 4000 print CCDRWCONF "ifconfig-push $ccdip ".&General::getlastip($ccdip,1)."\n";
4001 }
4002 if ($confighash{$key}[34] eq 'on'){
4003 print CCDRWCONF "\n#Redirect Gateway: \n#All IP traffic is redirected through the vpn \n";
4004 print CCDRWCONF "push redirect-gateway\n";
4005 }
52d08bcb 4006 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
8c877a82 4007 if ($cgiparams{'IR'} ne ''){
82c809c7 4008 print CCDRWCONF "\n#Client routes these networks (behind Client)\n";
8c877a82
AM		 4009 foreach my $key (keys %ccdroutehash){
4010 if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}){
4011 foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
4012 my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]);
4013 print CCDRWCONF "iroute $a $b\n";
4014 }
4015 }
4016 }
4017 }
52d08bcb 4018 if ($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} ){$cgiparams{'IFROUTE'}='';}
8c877a82 4019 if ($cgiparams{'IFROUTE'} ne ''){
82c809c7 4020 print CCDRWCONF "\n#Client gets routes to these networks (behind IPFire)\n";
8c877a82
AM		 4021 foreach my $key (keys %ccdroute2hash){
4022 if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
4023 foreach my $i ( 1 .. $#{$ccdroute2hash{$key}}){
4024 if($ccdroute2hash{$key}[$i] eq $Lang::tr{'blue'}){
4025 my %blue=();
4026 &General::readhash("${General::swroot}/ethernet/settings", \%blue);
52d08bcb 4027 print CCDRWCONF "push \"route $blue{BLUE_ADDRESS} $blue{BLUE_NETMASK}\n";
8c877a82
AM		 4028 }elsif($ccdroute2hash{$key}[$i] eq $Lang::tr{'orange'}){
4029 my %orange=();
4030 &General::readhash("${General::swroot}/ethernet/settings", \%orange);
4031 print CCDRWCONF "push \"route $orange{ORANGE_ADDRESS} $orange{ORANGE_NETMASK}\n";
4032 }else{
4033 my ($a,$b)=split (/\//,$ccdroute2hash{$key}[$i]);
4034 print CCDRWCONF "push \"route $a $b\"\n";
4035 }
4036 }
4037 }
4038 }
4039 }
4040 if(($cgiparams{'CCD_DNS1'} eq '') && ($cgiparams{'CCD_DNS1'} ne '')){ $cgiparams{'CCD_DNS1'} = $cgiparams{'CCD_DNS2'};$cgiparams{'CCD_DNS2'}='';}
4041 if($cgiparams{'CCD_DNS1'} ne ''){
82c809c7 4042 print CCDRWCONF "\n#Client gets these nameservers\n";
8c877a82
AM		 4043 print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS1'}\" \n";
4044 }
4045 if($cgiparams{'CCD_DNS2'} ne ''){
4046 print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS2'}\" \n";
4047 }
4048 if($cgiparams{'CCD_WINS'} ne ''){
4049 print CCDRWCONF "\n#Client gets this WINS server\n";
4050 print CCDRWCONF "push \"dhcp-option WINS $cgiparams{'CCD_WINS'}\" \n";
4051 }
4052 close CCDRWCONF;
4053 }
18837a6a
AH		 4054
4055###
4056# m.a.d n2n begin
4057###
4058
4059 if ($cgiparams{'TYPE'} eq 'net') {
4060
4061 if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
4062 system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
4063
4064 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
4065 my $key = $cgiparams{'KEY'};
4066 if (! $key) {
4067 $key = &General::findhasharraykey (\%confighash);
4068 foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
4069 }
4070 $confighash{$key}[0] = 'on';
4071 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
4072
4073 system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
4074 }
4075 }
4076
4077###
4078# m.a.d n2n end
4079###
4080
c6c9630e
MT		 4081 if ($cgiparams{'EDIT_ADVANCED'} eq 'on') {
4082 $cgiparams{'KEY'} = $key;
4083 $cgiparams{'ACTION'} = $Lang::tr{'advanced'};
4084 }
4085 goto VPNCONF_END;
6e13d0a5 4086 } else {
c6c9630e 4087 $cgiparams{'ENABLED'} = 'on';
54fd0535
MT		 4088###
4089# m.a.d n2n begin
4090###
4091 $cgiparams{'MSSFIX'} = 'on';
4092 $cgiparams{'FRAGMENT'} = '1300';
b228aaf0 4093 $cgiparams{'PMTU_DISCOVERY'} = 'off';
54fd0535
MT		 4094###
4095# m.a.d n2n end
4096###
c6c9630e
MT		 4097 $cgiparams{'SIDE'} = 'left';
4098 if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) {
4099 $cgiparams{'AUTH'} = 'psk';
4100 } elsif ( ! -f "${General::swroot}/ovpn/ca/cacert.pem") {
4101 $cgiparams{'AUTH'} = 'certfile';
4102 } else {
6e13d0a5 4103 $cgiparams{'AUTH'} = 'certgen';
c6c9630e
MT		 4104 }
4105 $cgiparams{'LOCAL_SUBNET'} ="$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}";
4106 $cgiparams{'CERT_ORGANIZATION'} = $vpnsettings{'ROOTCERT_ORGANIZATION'};
4107 $cgiparams{'CERT_CITY'} = $vpnsettings{'ROOTCERT_CITY'};
4108 $cgiparams{'CERT_STATE'} = $vpnsettings{'ROOTCERT_STATE'};
4109 $cgiparams{'CERT_COUNTRY'} = $vpnsettings{'ROOTCERT_COUNTRY'};
6e13d0a5 4110 }
c6c9630e 4111
6e13d0a5 4112 VPNCONF_ERROR:
6e13d0a5
MT		 4113 $checked{'ENABLED'}{'off'} = '';
4114 $checked{'ENABLED'}{'on'} = '';
4115 $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
4116 $checked{'ENABLED_BLUE'}{'off'} = '';
4117 $checked{'ENABLED_BLUE'}{'on'} = '';
4118 $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED';
4119 $checked{'ENABLED_ORANGE'}{'off'} = '';
4120 $checked{'ENABLED_ORANGE'}{'on'} = '';
4121 $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
c6c9630e
MT		 4122
4123
6e13d0a5
MT		 4124 $checked{'EDIT_ADVANCED'}{'off'} = '';
4125 $checked{'EDIT_ADVANCED'}{'on'} = '';
4126 $checked{'EDIT_ADVANCED'}{$cgiparams{'EDIT_ADVANCED'}} = 'CHECKED';
c6c9630e 4127
6e13d0a5
MT		 4128 $selected{'SIDE'}{'server'} = '';
4129 $selected{'SIDE'}{'client'} = '';
4130 $selected{'SIDE'}{$cgiparams{'SIDE'}} = 'SELECTED';
d96c89eb
AH		 4131
4132 $selected{'PROTOCOL'}{'udp'} = '';
4133 $selected{'PROTOCOL'}{'tcp'} = '';
4134 $selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = 'SELECTED';
4135
c6c9630e 4136
6e13d0a5
MT		 4137 $checked{'AUTH'}{'psk'} = '';
4138 $checked{'AUTH'}{'certreq'} = '';
4139 $checked{'AUTH'}{'certgen'} = '';
4140 $checked{'AUTH'}{'certfile'} = '';
4141 $checked{'AUTH'}{$cgiparams{'AUTH'}} = 'CHECKED';
c6c9630e 4142
6e13d0a5 4143 $selected{'INTERFACE'}{$cgiparams{'INTERFACE'}} = 'SELECTED';
c6c9630e 4144
6e13d0a5
MT		 4145 $checked{'COMPLZO'}{'off'} = '';
4146 $checked{'COMPLZO'}{'on'} = '';
4147 $checked{'COMPLZO'}{$cgiparams{'COMPLZO'}} = 'CHECKED';
c6c9630e 4148
d96c89eb
AH		 4149 $checked{'MSSFIX'}{'off'} = '';
4150 $checked{'MSSFIX'}{'on'} = '';
4151 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
4152
92b87e17
SS		 4153 if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
4154 $cgiparams{'PMTU_DISCOVERY'} = 'off';
4155 }
2ee746be
SS		 4156 $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
4157
6e13d0a5
MT		 4158
4159 if (1) {
4160 &Header::showhttpheaders();
4161 &Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
4162 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
4163 if ($errormessage) {
4164 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
4165 print "<class name='base'>$errormessage";
4166 print "&nbsp;</class>";
4167 &Header::closebox();
4168 }
c6c9630e 4169
6e13d0a5
MT		 4170 if ($warnmessage) {
4171 &Header::openbox('100%', 'LEFT', "$Lang::tr{'warning messages'}:");
4172 print "<class name='base'>$warnmessage";
4173 print "&nbsp;</class>";
4174 &Header::closebox();
4175 }
c6c9630e 4176
6e13d0a5 4177 print "<form method='post' enctype='multipart/form-data'>";
ce9abb66 4178 print "<input type='hidden' name='TYPE' value='$cgiparams{'TYPE'}' />";
c6c9630e 4179
6e13d0a5
MT		 4180 if ($cgiparams{'KEY'}) {
4181 print "<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />";
4182 print "<input type='hidden' name='AUTH' value='$cgiparams{'AUTH'}' />";
6e13d0a5 4183 }
c6c9630e 4184
6e13d0a5 4185 &Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:");
8c877a82
AM		 4186 print "<table width='100%' border='0'>\n";
4187
4188
4189
4190 print "<tr><td width='14%' class='boldbase'>$Lang::tr{'name'}: </td>";
4191
ce9abb66 4192 if ($cgiparams{'TYPE'} eq 'host') {
6e13d0a5 4193 if ($cgiparams{'KEY'}) {
8c877a82 4194 print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
6e13d0a5 4195 } else {
8c877a82 4196
6e13d0a5
MT		 4197 print "<td width='35%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' size='30' /></td>";
4198 }
c6c9630e
MT		 4199# print "<tr><td>$Lang::tr{'interface'}</td>";
4200# print "<td><select name='INTERFACE'>";
4201# print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED</option>";
4202# if ($netsettings{'BLUE_DEV'} ne '') {
4203# print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE</option>";
4204# }
4205# print "<option value='GREEN' $selected{'INTERFACE'}{'GREEN'}>GREEN</option>";
4206# print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>";
4207# print "</select></td></tr>";
4208# print <<END
ce9abb66
AH		 4209 } else {
4210 print "<input type='hidden' name='INTERFACE' value='red' />";
4211 if ($cgiparams{'KEY'}) {
4212 print "<td width='25%' class='base' nowrap='nowrap'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
4213 } else {
4214 print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>";
4215 }
8c877a82
AM		 4216
4217
4218
ce9abb66
AH		 4219 print <<END
4220 <td width='25%'>&nbsp;</td>
4221 <td width='25%'>&nbsp;</td></tr>
4222 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td>
cd0c0a0d
MT		 4223 <td><select name='SIDE'><option value='server' $selected{'SIDE'}{'server'}>$Lang::tr{'openvpn server'}</option>
4224 <option value='client' $selected{'SIDE'}{'client'}>$Lang::tr{'openvpn client'}</option></select></td>
ce9abb66
AH		 4225 <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
4226 <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td></tr>
4227 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
4228 <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td>
4229 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td>
4230 <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td></tr>
4231 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td>
4232 <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td></tr>
4233 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
d96c89eb
AH		 4234
4235 <td><select name='PROTOCOL'><option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
4236 <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>
4237
4238 <td class='boldbase'>$Lang::tr{'destination port'}:</td>
ce9abb66 4239 <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td></tr>
d96c89eb 4240 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'} &nbsp;<img src='/blob.gif'</td>
ce9abb66 4241 <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>
d96c89eb
AH		 4242
4243 <tr><td class='boldbase' nowrap='nowrap'>mssfix &nbsp;<img src='/blob.gif' /></td>
4244 <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
54fd0535
MT		 4245 <td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td>
4246
4247 <tr><td class='boldbase' nowrap='nowrap'>fragment &nbsp;<img src='/blob.gif' /></td>
d96c89eb 4248 <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td>
cd0c0a0d 4249 <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td>
d96c89eb 4250
ce9abb66 4251 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;<img src='/blob.gif' /></td>
54fd0535
MT		 4252 <td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td>
4253 <td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td>
4254
4255 <tr><td class='boldbase' nowrap='nowrap'>Management Port&nbsp;<img src='/blob.gif' /></td>
4256 <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td>
4257 <td colspan='2'>$Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}</span></td>
ce9abb66 4258
2ee746be
SS		 4259 <tr>
4260 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td>
4cdf8b92 4261 <td colspan='3'>
2ee746be
SS		 4262 <input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}
4263 <input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}
4264 <input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'}
4265 <input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'}
4266 </td>
4267 </tr>
4268
ce9abb66 4269END
8c877a82 4270;
ce9abb66 4271 }
2ee746be 4272#jumper
6e13d0a5 4273 print "<tr><td class='boldbase'>$Lang::tr{'remark title'}&nbsp;<img src='/blob.gif' /></td>";
8c877a82 4274 print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr></table>";
c6c9630e 4275
ce9abb66 4276 if ($cgiparams{'TYPE'} eq 'host') {
8c877a82
AM		 4277 print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>";
4278 }
ce9abb66 4279
8c877a82
AM		 4280 print"</tr></table><br><br>";
4281#A.Marx CCD new client
e81be1e1 4282if ($cgiparams{'TYPE'} eq 'host') {
8c877a82 4283 print "<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td colspan='3'><hr><br><b>$Lang::tr{'ccd choose net'}</td></tr><tr><td height='20' colspan='3'></td></tr>";
8c877a82
AM		 4284 my %vpnnet=();
4285 my $vpnip;
4286 &General::readhash("${General::swroot}/ovpn/settings", \%vpnnet);
4287 $vpnip=$vpnnet{'DOVPN_SUBNET'};
4288 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
4289 my @ccdconf=();
4290 my $count=0;
4291 my $checked;
4292 $checked{'check1'}{'off'} = '';
4293 $checked{'check1'}{'on'} = '';
4294 $checked{'check1'}{$cgiparams{'CHECK1'}} = 'CHECKED';
4295 print"<tr><td align='center' width='1%' valign='top'><input type='radio' name='CHECK1' value='dynamic' checked /></td><td align='left' valign='top' width='35%'>$Lang::tr{'ccd dynrange'} ($vpnip)</td><td width='30%'>";
4296 print"</td></tr></table><br><br>";
4297 my $name=$cgiparams{'CHECK1'};
4298 $checked{'RG'}{$cgiparams{'RG'}} = 'CHECKED';
4299
4300 if (! -z "${General::swroot}/ovpn/ccd.conf"){
4301 print"<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td width='1%'></td><td width='30%' class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td width='15%' class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' align='center' width='18%'><b>$Lang::tr{'ccd clientip'}</td></tr>";
df9b48b7 4302 foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
8c877a82
AM		 4303 $count++;
4304 @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
4305 if ($count % 2){print"<tr bgcolor='$color{'color22'}'>";}else{print"<tr bgcolor='$color{'color20'}'>";}
4306 print"<td align='center' width='1%'><input type='radio' name='CHECK1' value='$ccdconf[0]' $checked{'check1'}{$ccdconf[0]}/></td><td>$ccdconf[0]</td><td width='40%' align='center'>$ccdconf[1]</td><td align='left' width='10%'>";
4307 &fillselectbox($ccdconf[1],$ccdconf[0],$cgiparams{$name});
4308 print"</td></tr>";
4309 }
4310 print "</table><br><br><hr><br><br>";
4311 }
e81be1e1 4312}
8c877a82 4313# ccd end
6e13d0a5
MT		 4314 &Header::closebox();
4315 if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') {
8c877a82
AM		 4316
4317 } elsif (! $cgiparams{'KEY'}) {
4318
4319
6e13d0a5
MT		 4320 my $disabled='';
4321 my $cakeydisabled='';
4322 my $cacrtdisabled='';
4323 if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" };
4324 if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" };
8c877a82 4325
6e13d0a5 4326 &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'});
ce9abb66
AH		 4327
4328
4329 if ($cgiparams{'TYPE'} eq 'host') {
4330
4331print <<END
6e13d0a5 4332 <table width='100%' cellpadding='0' cellspacing='5' border='0'>
54fd0535 4333
ce9abb66
AH		 4334 <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td><td class='base'>$Lang::tr{'upload a certificate request'}</td><td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr>
4335 <tr><td><input type='radio' name='AUTH' value='certfile' $checked{'AUTH'}{'certfile'} $cacrtdisabled /></td><td class='base'>$Lang::tr{'upload a certificate'}</td></tr>
54fd0535
MT		 4336 <tr><td colspan='3'>&nbsp;</td></tr>
4337 <tr><td colspan='3'><hr /></td></tr>
4338 <tr><td colspan='3'>&nbsp;</td></tr>
ce9abb66
AH		 4339 <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
4340 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users fullname or system hostname'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
4341 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users email'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
4342 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users department'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
4343 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'organization name'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
4344 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'city'}:&nbsp;<img src='/blob.gif'></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
4345 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'state or province'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
4346 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
6e13d0a5 4347END
ce9abb66
AH		 4348;
4349
4350###
7c1d9faf 4351# m.a.d net2net
ce9abb66
AH		 4352###
4353
4354} else {
4355
4356print <<END
4357 <table width='100%' cellpadding='0' cellspacing='5' border='0'>
4358
4359 <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
4360 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users fullname or system hostname'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
4361 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users email'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
4362 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users department'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
4363 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'organization name'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
4364 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'city'}:&nbsp;<img src='/blob.gif'></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
4365 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'state or province'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
4366 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
54fd0535
MT		 4367
4368
ce9abb66
AH		 4369END
4370;
4371
4372}
4373
4374###
7c1d9faf 4375# m.a.d net2net
ce9abb66 4376###
c6c9630e 4377
6e13d0a5
MT		 4378 foreach my $country (sort keys %{Countries::countries}) {
4379 print "<option value='$Countries::countries{$country}'";
4380 if ( $Countries::countries{$country} eq $cgiparams{'CERT_COUNTRY'} ) {
4381 print " selected='selected'";
4382 }
4383 print ">$country</option>";
4384 }
ce9abb66 4385###
7c1d9faf 4386# m.a.d net2net
ce9abb66
AH		 4387###
4388
4389if ($cgiparams{'TYPE'} eq 'host') {
6e13d0a5
MT		 4390 print <<END
4391 </select></td></tr>
ce9abb66 4392
54fd0535 4393 <td>&nbsp;</td><td class='base'>$Lang::tr{'valid till'} (days):</td>
ce9abb66
AH		 4394 <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
4395 <tr><td>&nbsp;</td>
6e13d0a5
MT		 4396 <td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
4397 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value='$cgiparams{'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr>
4398 <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'pkcs12 file password'}:<BR>($Lang::tr{'confirmation'})</td>
4399 <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr>
54fd0535
MT		 4400 <tr><td colspan='3'>&nbsp;</td></tr>
4401 <tr><td colspan='3'><hr /></td></tr>
4402 <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
ce9abb66
AH		 4403 </table>
4404END
4405}else{
4406 print <<END
4407 </select></td></tr>
4408 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
4409 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
54fd0535
MT		 4410 <tr><td colspan='3'><hr /></td></tr>
4411 <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
ce9abb66
AH		 4412 </table>
4413
c6c9630e 4414END
ce9abb66
AH		 4415}
4416
4417###
7c1d9faf 4418# m.a.d net2net
ce9abb66 4419###
c6c9630e
MT		 4420 ;
4421 &Header::closebox();
8c877a82
AM		 4422
4423 }
e81be1e1
AM		 4424
4425#A.Marx CCD new client
4426if ($cgiparams{'TYPE'} eq 'host') {
8c877a82
AM		 4427 print"<br><br>";
4428 &Header::openbox('100%', 'LEFT', "$Lang::tr{'ccd client options'}:");
4429
8c877a82
AM		 4430
4431 print <<END;
4432 <table border='0' width='100%'>
4433 <tr><td width='20%'>Redirect Gateway:</td><td colspan='3'><input type='checkbox' name='RG' $checked{'RG'}{'on'} /></td></tr>
4434 <tr><td colspan='4'><b><br>$Lang::tr{'ccd routes'}</b></td></tr>
4435 <tr><td colspan='4'>&nbsp</td></tr>
4436 <tr><td valign='top'>$Lang::tr{'ccd iroute'}</td><td align='left' width='30%'><textarea name='IR' cols='26' rows='6' wrap='off'>
4437END
4438
4439 if ($cgiparams{'IR'} ne ''){
4440 print $cgiparams{'IR'};
4441 }else{
4442 &General::readhasharray ("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
4443 foreach my $key (keys %ccdroutehash) {
4444 if( $cgiparams{'NAME'} eq $ccdroutehash{$key}[0]){
4445 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
4446 if ($ccdroutehash{$key}[$i] ne ''){
4447 print $ccdroutehash{$key}[$i]."\n";
4448 }
4449 $cgiparams{'IR'} .= $ccdroutehash{$key}[$i];
4450 }
4451 }
4452 }
c6c9630e 4453 }
8c877a82
AM		 4454
4455 print <<END;
4456</textarea></td><td valign='top' colspan='2'>$Lang::tr{'ccd iroutehint'}</td></tr>
4457 <tr><td colspan='4'><br></td></tr>
4458 <tr><td valign='top' rowspan='3'>$Lang::tr{'ccd iroute2'}</td><td align='left' valign='top' rowspan='3'><select name='IFROUTE' style="width: 205px"; size='6' multiple>
4459END
52d08bcb
AM		 4460
4461 my $set=0;
4462 my $selorange=0;
4463 my $selblue=0;
4464 my $selgreen=0;
4465 my $helpblue=0;
4466 my $helporange=0;
4467 my $other=0;
df9b48b7 4468 my $none=0;
52d08bcb
AM		 4469 my @temp=();
4470
8c877a82 4471 our @current = ();
52d08bcb
AM		 4472 open(FILE, "${General::swroot}/main/routing") ;
4473 @current = <FILE>;
4474 close (FILE);
4475 &General::readhasharray ("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
df9b48b7
AM		 4476 #check for "none"
4477 foreach my $key (keys %ccdroute2hash) {
4478 if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
4479 if ($ccdroute2hash{$key}[1] eq ''){
4480 $none=1;
4481 last;
4482 }
4483 }
4484 }
4485 if ($none ne '1'){
4486 print"<option>$Lang::tr{'ccd none'}</option>";
4487 }else{
4488 print"<option selected>$Lang::tr{'ccd none'}</option>";
4489 }
52d08bcb
AM		 4490 #check if static routes are defined for client
4491 foreach my $line (@current) {
4492 chomp($line);
4493 $line=~s/\s*$//g; # remove newline
4494 @temp=split(/\,/,$line);
4495 $temp[1] = '' unless defined $temp[1]; # not always populated
4496 my ($a,$b) = split(/\//,$temp[1]);
4497 $temp[1] = $a."/".&General::iporsubtocidr($b);
4498 foreach my $key (keys %ccdroute2hash) {
4499 if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
4500 foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
4501 if($ccdroute2hash{$key}[$i] eq $a."/".&General::iporsubtodec($b)){
4502 $set=1;
8c877a82
AM		 4503 }
4504 }
8c877a82 4505 }
52d08bcb
AM		 4506 }
4507 if ($set == '1' && $#temp != -1){ print"<option selected>$temp[1]</option>";$set=0;}elsif($set == '0' && $#temp != -1){print"<option>$temp[1]</option>";}
4508 }
4509 #check if green,blue,orange are defined for client
4510 foreach my $key (keys %ccdroute2hash) {
4511 if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
4512 $other=1;
4513 foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
4514 if ($ccdroute2hash{$key}[$i] eq $netsettings{'GREEN_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'GREEN_NETMASK'})){
4515 $selgreen=1;
4516 }
4517 if (&haveBlueNet()){
4518 if( $ccdroute2hash{$key}[$i] eq $netsettings{'BLUE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'BLUE_NETMASK'})) {
4519 $selblue=1;
4520 }
4521 }
4522 if (&haveOrangeNet()){
4523 if( $ccdroute2hash{$key}[$i] eq $netsettings{'ORANGE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'ORANGE_NETMASK'}) ) {
4524 $selorange=1;
4525 }
4526 }
4527 }
4528 }
4529 }
4530 if (&haveBlueNet() && $selblue == '1'){ print"<option selected>$Lang::tr{'blue'}</option>";$selblue=0;}elsif(&haveBlueNet() && $selblue == '0'){print"<option>$Lang::tr{'blue'}</option>";}
4531 if (&haveOrangeNet() && $selorange == '1'){ print"<option selected>$Lang::tr{'orange'}</option>";$selorange=0;}elsif(&haveOrangeNet() && $selorange == '0'){print"<option>$Lang::tr{'orange'}</option>";}
4532 if ($selgreen == '1' || $other == '0'){ print"<option selected>$Lang::tr{'green'}</option>";$set=0;}else{print"<option>$Lang::tr{'green'}</option>";};
4533
8c877a82
AM		 4534 print<<END
4535 </select></td><td valign='top'>DNS1:</td><td valign='top'><input type='TEXT' name='CCD_DNS1' value='$cgiparams{'CCD_DNS1'}' size='30' /></td></tr>
4536 <tr valign='top'><td>DNS2:</td><td><input type='TEXT' name='CCD_DNS2' value='$cgiparams{'CCD_DNS2'}' size='30' /></td></tr>
4537 <tr valign='top'><td valign='top'>WINS:</td><td><input type='TEXT' name='CCD_WINS' value='$cgiparams{'CCD_WINS'}' size='30' /></td></tr></table><br><hr>
4538
4539END
4540;
4541 &Header::closebox();
e81be1e1 4542}
c6c9630e
MT		 4543 print "<div align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
4544 if ($cgiparams{'KEY'}) {
4545# print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced'}' />";
4546 }
4547 print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>";
4548 &Header::closebigbox();
4549 &Header::closepage();
4550 exit (0);
6e13d0a5 4551 }
c6c9630e 4552 VPNCONF_END:
6e13d0a5 4553}
c6c9630e
MT		 4554
4555# SETTINGS_ERROR:
6e13d0a5
MT		 4556###
4557### Default status page
4558###
c6c9630e
MT		 4559 %cgiparams = ();
4560 %cahash = ();
4561 %confighash = ();
4562 &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
4563 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
4564 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
4565
4e17adad 4566 my @status = `/bin/cat /var/log/ovpnserver.log`;
c6c9630e
MT		 4567
4568 if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") {
8c877a82
AM		 4569 if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
4570 my $ipaddr = <IPADDR>;
4571 close IPADDR;
4572 chomp ($ipaddr);
4573 $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
4574 if ($cgiparams{'VPN_IP'} eq '') {
4575 $cgiparams{'VPN_IP'} = $ipaddr;
4576 }
4577 }
c6c9630e
MT		 4578 }
4579
6e13d0a5 4580#default setzen
c6c9630e 4581 if ($cgiparams{'DCIPHER'} eq '') {
6e13d0a5 4582 $cgiparams{'DCIPHER'} = 'BF-CBC';
c6c9630e 4583 }
c6c9630e 4584 if ($cgiparams{'DDEST_PORT'} eq '') {
6e13d0a5 4585 $cgiparams{'DDEST_PORT'} = '1194';
c6c9630e
MT		 4586 }
4587 if ($cgiparams{'DMTU'} eq '') {
6e13d0a5 4588 $cgiparams{'DMTU'} = '1400';
c6c9630e
MT		 4589 }
4590 if ($cgiparams{'DOVPN_SUBNET'} eq '') {
6e13d0a5 4591 $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
c6c9630e 4592 }
8c877a82 4593 $checked{'ENABLED'}{'off'} = '';
c6c9630e
MT		 4594 $checked{'ENABLED'}{'on'} = '';
4595 $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
4596 $checked{'ENABLED_BLUE'}{'off'} = '';
4597 $checked{'ENABLED_BLUE'}{'on'} = '';
4598 $checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED';
4599 $checked{'ENABLED_ORANGE'}{'off'} = '';
4600 $checked{'ENABLED_ORANGE'}{'on'} = '';
4601 $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
c6c9630e
MT		 4602 $selected{'DDEVICE'}{'tun'} = '';
4603 $selected{'DDEVICE'}{'tap'} = '';
4604 $selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED';
4605
4606 $selected{'DPROTOCOL'}{'udp'} = '';
4607 $selected{'DPROTOCOL'}{'tcp'} = '';
4608 $selected{'DPROTOCOL'}{$cgiparams{'DPROTOCOL'}} = 'SELECTED';
4609
4610 $selected{'DCIPHER'}{'DES-CBC'} = '';
4611 $selected{'DCIPHER'}{'DES-EDE-CBC'} = '';
4612 $selected{'DCIPHER'}{'DES-EDE3-CBC'} = '';
4613 $selected{'DCIPHER'}{'DESX-CBC'} = '';
4614 $selected{'DCIPHER'}{'RC2-CBC'} = '';
4615 $selected{'DCIPHER'}{'RC2-40-CBC'} = '';
4616 $selected{'DCIPHER'}{'RC2-64-CBC'} = '';
4617 $selected{'DCIPHER'}{'BF-CBC'} = '';
4618 $selected{'DCIPHER'}{'CAST5-CBC'} = '';
4619 $selected{'DCIPHER'}{'AES-128-CBC'} = '';
4620 $selected{'DCIPHER'}{'AES-192-CBC'} = '';
4621 $selected{'DCIPHER'}{'AES-256-CBC'} = '';
4622 $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
4623 $checked{'DCOMPLZO'}{'off'} = '';
4624 $checked{'DCOMPLZO'}{'on'} = '';
4625 $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
d96c89eb
AH		 4626# m.a.d
4627 $checked{'MSSFIX'}{'off'} = '';
4628 $checked{'MSSFIX'}{'on'} = '';
4629 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
6e13d0a5 4630#new settings
c6c9630e
MT		 4631 &Header::showhttpheaders();
4632 &Header::openpage($Lang::tr{'status ovpn'}, 1, '');
4633 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
6e13d0a5 4634
c6c9630e 4635 if ($errormessage) {
6e13d0a5
MT		 4636 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
4637 print "<class name='base'>$errormessage\n";
4638 print "&nbsp;</class>\n";
4639 &Header::closebox();
c6c9630e 4640 }
6e13d0a5 4641
c6c9630e
MT		 4642 my $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'stopped'}</font></b></td></tr></table>";
4643 my $srunning = "no";
4644 my $activeonrun = "";
4645 if ( -e "/var/run/openvpn.pid"){
6e13d0a5
MT		 4646 $sactive = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='50%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'running'}</font></b></td></tr></table>";
4647 $srunning ="yes";
4648 $activeonrun = "";
c6c9630e 4649 } else {
6e13d0a5 4650 $activeonrun = "disabled='disabled'";
c6c9630e 4651 }
afabe9f7 4652 &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'});
8c877a82
AM		 4653 print <<END
4654 <table width='100%' border=0>
c6c9630e
MT		 4655 <form method='post'>
4656 <td width='25%'>&nbsp;</td>
4657 <td width='25%'>&nbsp;</td>
4658 <td width='25%'>&nbsp;</td></tr>
4659 <tr><td class='boldbase'>$Lang::tr{'ovpn server status'}</td>
4660 <td align='left'>$sactive</td>
4661 <tr><td class='boldbase'>$Lang::tr{'ovpn on red'}</td>
8c877a82 4662 <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>
c6c9630e
MT		 4663END
4664;
4665 if (&haveBlueNet()) {
4666 print "<tr><td class='boldbase'>$Lang::tr{'ovpn on blue'}</td>";
4667 print "<td><input type='checkbox' name='ENABLED_BLUE' $checked{'ENABLED_BLUE'}{'on'} /></td>";
4668 }
4669 if (&haveOrangeNet()) {
4670 print "<tr><td class='boldbase'>$Lang::tr{'ovpn on orange'}</td>";
4671 print "<td><input type='checkbox' name='ENABLED_ORANGE' $checked{'ENABLED_ORANGE'}{'on'} /></td>";
4672 }
4673 print <<END
4e17adad
CS		 4674 <tr><td class='base' nowrap='nowrap' colspan='2'>$Lang::tr{'local vpn hostname/ip'}:<br /><input type='text' name='VPN_IP' value='$cgiparams{'VPN_IP'}' size='30' /></td>
4675 <td class='boldbase' nowrap='nowrap' colspan='2'>$Lang::tr{'ovpn subnet'}<br /><input type='TEXT' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}' size='30' /></td></tr>
c6c9630e
MT		 4676 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn device'}</td>
4677 <td><select name='DDEVICE' ><option value='tun' $selected{'DDEVICE'}{'tun'}>TUN</option>
ee79343e
JPT		 4678 <!-- this is still not working
4679 <option value='tap' $selected{'DDEVICE'}{'tap'}>TAP</option></select>--> </td>
c6c9630e
MT		 4680 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
4681 <td><select name='DPROTOCOL'><option value='udp' $selected{'DPROTOCOL'}{'udp'}>UDP</option>
4682 <option value='tcp' $selected{'DPROTOCOL'}{'tcp'}>TCP</option></select></td>
4683 <td class='boldbase'>$Lang::tr{'destination port'}:</td>
4684 <td><input type='TEXT' name='DDEST_PORT' value='$cgiparams{'DDEST_PORT'}' size='5' /></td></tr>
4685 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;</td>
4686 <td> <input type='TEXT' name='DMTU' VALUE='$cgiparams{'DMTU'}'size='5' /></TD>
4687 <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
4688 <td><input type='checkbox' name='DCOMPLZO' $checked{'DCOMPLZO'}{'on'} /></td>
4689 <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>
4690 <td><select name='DCIPHER'><option value='DES-CBC' $selected{'DCIPHER'}{'DES-CBC'}>DES-CBC</option>
4691 <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC</option>
4692 <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC</option>
4693 <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC</option>
4694 <option value='RC2-CBC' $selected{'DCIPHER'}{'RC2-CBC'}>RC2-CBC</option>
4695 <option value='RC2-40-CBC' $selected{'DCIPHER'}{'RC2-40-CBC'}>RC2-40-CBC</option>
4696 <option value='RC2-64-CBC' $selected{'DCIPHER'}{'RC2-64-CBC'}>RC2-64-CBC</option>
4697 <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC</option>
4698 <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>
4699 <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>
4700 <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>
8c877a82
AM		 4701 <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td></tr>
4702 <tr><td colspan='4'><hr /></td></tr>
c6c9630e
MT		 4703END
4704;
4705
4706 if ( $srunning eq "yes" ) {
8c877a82
AM		 4707 print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' disabled='disabled' />";
4708 print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />";
4709 print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />";
4710 print "<input type='submit' name='ACTION' value='$Lang::tr{'stop ovpn server'}' /></td></tr>";
c6c9630e 4711 } else{
8c877a82
AM		 4712 print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />";
4713 print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />";
4714 print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />";
c6c9630e
MT		 4715 if (( -e "${General::swroot}/ovpn/ca/cacert.pem" &&
4716 -e "${General::swroot}/ovpn/ca/dh1024.pem" &&
4717 -e "${General::swroot}/ovpn/certs/servercert.pem" &&
4718 -e "${General::swroot}/ovpn/certs/serverkey.pem") &&
4719 (( $cgiparams{'ENABLED'} eq 'on') ||
4720 ( $cgiparams{'ENABLED_BLUE'} eq 'on') ||
4721 ( $cgiparams{'ENABLED_ORANGE'} eq 'on'))){
8c877a82 4722 print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' /></td></tr>";
c6c9630e 4723 } else {
8c877a82 4724 print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' disabled='disabled' /></td></tr>";
c6c9630e
MT		 4725 }
4726 }
4727 print "</form></table>";
4728 &Header::closebox();
4729 &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}:");
4730 print <<EOF#'
4731 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
4732 <tr>
4733 <td width='25%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td>
6e13d0a5
MT		 4734 <td width='65%' class='boldbase' align='center'><b>$Lang::tr{'subject'}</b></td>
4735 <td width='10%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></td>
c6c9630e 4736 </tr>
6e13d0a5
MT		 4737EOF
4738 ;
c6c9630e 4739 if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
6e13d0a5
MT		 4740 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
4741 $casubject =~ /Subject: (.*)[\n]/;
4742 $casubject = $1;
4743 $casubject =~ s+/Email+, E+;
4744 $casubject =~ s/ ST=/ S=/;
c6c9630e 4745
6e13d0a5 4746 print <<END
4e17adad 4747 <tr bgcolor='$color{'color22'}'>
c6c9630e
MT		 4748 <td class='base'>$Lang::tr{'root certificate'}</td>
4749 <td class='base'>$casubject</td>
4750 <form method='post' name='frmrootcrta'><td width='3%' align='center'>
4751 <input type='hidden' name='ACTION' value='$Lang::tr{'show root certificate'}' />
4752 <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show root certificate'}' title='$Lang::tr{'show root certificate'}' width='20' height='20' border='0' />
4753 </td></form>
4754 <form method='post' name='frmrootcrtb'><td width='3%' align='center'>
438dd0cc 4755 <input type='image' name='$Lang::tr{'download root certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download root certificate'}' title='$Lang::tr{'download root certificate'}' border='0' />
6e13d0a5 4756 <input type='hidden' name='ACTION' value='$Lang::tr{'download root certificate'}' />
c6c9630e
MT		 4757 </td></form>
4758 <td width='4%'>&nbsp;</td></tr>
6e13d0a5
MT		 4759END
4760 ;
c6c9630e 4761 } else {
6e13d0a5
MT		 4762 # display rootcert generation buttons
4763 print <<END
4e17adad 4764 <tr bgcolor='$color{'color22'}'>
6e13d0a5
MT		 4765 <td class='base'>$Lang::tr{'root certificate'}:</td>
4766 <td class='base'>$Lang::tr{'not present'}</td>
4767 <td colspan='3'>&nbsp;</td></tr>
4768END
4769 ;
c6c9630e 4770 }
6e13d0a5 4771
c6c9630e 4772 if (-f "${General::swroot}/ovpn/certs/servercert.pem") {
6e13d0a5
MT		 4773 my $hostsubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
4774 $hostsubject =~ /Subject: (.*)[\n]/;
4775 $hostsubject = $1;
4776 $hostsubject =~ s+/Email+, E+;
4777 $hostsubject =~ s/ ST=/ S=/;
c6c9630e 4778
6e13d0a5 4779 print <<END
4e17adad 4780 <tr bgcolor='$color{'color20'}'>
6e13d0a5
MT		 4781 <td class='base'>$Lang::tr{'host certificate'}</td>
4782 <td class='base'>$hostsubject</td>
4783 <form method='post' name='frmhostcrta'><td width='3%' align='center'>
c6c9630e
MT		 4784 <input type='hidden' name='ACTION' value='$Lang::tr{'show host certificate'}' />
4785 <input type='image' name='$Lang::tr{'show host certificate'}' src='/images/info.gif' alt='$Lang::tr{'show host certificate'}' title='$Lang::tr{'show host certificate'}' width='20' height='20' border='0' />
6e13d0a5
MT		 4786 </td></form>
4787 <form method='post' name='frmhostcrtb'><td width='3%' align='center'>
438dd0cc 4788 <input type='image' name='$Lang::tr{'download host certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download host certificate'}' title='$Lang::tr{'download host certificate'}' border='0' />
c6c9630e 4789 <input type='hidden' name='ACTION' value='$Lang::tr{'download host certificate'}' />
6e13d0a5
MT		 4790 </td></form>
4791 <td width='4%'>&nbsp;</td></tr>
4792END
4793 ;
c6c9630e 4794 } else {
6e13d0a5
MT		 4795 # Nothing
4796 print <<END
4e17adad 4797 <tr bgcolor='$color{'color20'}'>
6e13d0a5
MT		 4798 <td width='25%' class='base'>$Lang::tr{'host certificate'}:</td>
4799 <td class='base'>$Lang::tr{'not present'}</td>
4800 </td><td colspan='3'>&nbsp;</td></tr>
4801END
4802 ;
c6c9630e 4803 }
6e13d0a5 4804
c6c9630e
MT		 4805 if (! -f "${General::swroot}/ovpn/ca/cacert.pem") {
4806 print "<tr><td colspan='5' align='center'><form method='post'>";
6e13d0a5 4807 print "<input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' />";
c6c9630e
MT		 4808 print "</form></td></tr>\n";
4809 }
6e13d0a5 4810
c6c9630e 4811 if (keys %cahash > 0) {
6e13d0a5 4812 foreach my $key (keys %cahash) {
c6c9630e 4813 if (($key + 1) % 2) {
4e17adad 4814 print "<tr bgcolor='$color{'color20'}'>\n";
c6c9630e 4815 } else {
4e17adad 4816 print "<tr bgcolor='$color{'color22'}'>\n";
c6c9630e
MT		 4817 }
4818 print "<td class='base'>$cahash{$key}[0]</td>\n";
4819 print "<td class='base'>$cahash{$key}[1]</td>\n";
4820 print <<END
4821 <form method='post' name='cafrm${key}a'><td align='center'>
6e13d0a5
MT		 4822 <input type='image' name='$Lang::tr{'show ca certificate'}' src='/images/info.gif' alt='$Lang::tr{'show ca certificate'}' title='$Lang::tr{'show ca certificate'}' border='0' />
4823 <input type='hidden' name='ACTION' value='$Lang::tr{'show ca certificate'}' />
4824 <input type='hidden' name='KEY' value='$key' />
c6c9630e
MT		 4825 </td></form>
4826 <form method='post' name='cafrm${key}b'><td align='center'>
438dd0cc 4827 <input type='image' name='$Lang::tr{'download ca certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download ca certificate'}' title='$Lang::tr{'download ca certificate'}' border='0' />
6e13d0a5
MT		 4828 <input type='hidden' name='ACTION' value='$Lang::tr{'download ca certificate'}' />
4829 <input type='hidden' name='KEY' value='$key' />
c6c9630e
MT		 4830 </td></form>
4831 <form method='post' name='cafrm${key}c'><td align='center'>
6e13d0a5
MT		 4832 <input type='hidden' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
4833 <input type='image' name='$Lang::tr{'remove ca certificate'}' src='/images/delete.gif' alt='$Lang::tr{'remove ca certificate'}' title='$Lang::tr{'remove ca certificate'}' width='20' height='20' border='0' />
4834 <input type='hidden' name='KEY' value='$key' />
c6c9630e 4835 </td></form></tr>
6e13d0a5
MT		 4836END
4837 ;
4838 }
c6c9630e
MT		 4839 }
4840
4841 print "</table>";
4842
4843 # If the file contains entries, print Key to action icons
4844 if ( -f "${General::swroot}/ovpn/ca/cacert.pem") {
4845 print <<END
4846 <table>
4847 <tr>
6e13d0a5
MT		 4848 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
4849 <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
4850 <td class='base'>$Lang::tr{'show certificate'}</td>
438dd0cc 4851 <td>&nbsp; &nbsp; <img src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' /></td>
6e13d0a5 4852 <td class='base'>$Lang::tr{'download certificate'}</td>
c6c9630e
MT		 4853 </tr>
4854 </table>
6e13d0a5 4855END
8c877a82 4856;
c6c9630e 4857 }
8c877a82
AM		 4858
4859print <<END
4860<form method='post' enctype='multipart/form-data'>
4861<table width='100%' border='0'>
4862<tr><td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td><td nowrap='nowrap' width='8%'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'/></td><td nowrap='nowrap' align='right'><input type='file' name='FH' size='25' /><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /></td></tr>
4863<tr><td colspan='4'><hr /></td></tr>
4864<tr align='right'><td colspan='4' align='right' width='80%'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td></tr>
4865</table>
6e13d0a5 4866END
8c877a82
AM		 4867;
4868
c6c9630e
MT		 4869
4870 &Header::closebox();
4871 if ( $srunning eq "yes" ) {
6e13d0a5 4872 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' disabled='disabled' /></div></form>\n";
c6c9630e
MT		 4873 }else{
4874 print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' /></div></form>\n";
4875 }
4876 if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
ce9abb66
AH		 4877
4878###
7c1d9faf 4879# m.a.d net2net
54fd0535 4880#<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b><br /><img src='/images/null.gif' width='125' height='1' border='0' alt='L2089' /></td>
ce9abb66
AH		 4881###
4882
c6c9630e
MT		 4883 &Header::openbox('100%', 'LEFT', $Lang::tr{'Client status and controlc' });
4884 print <<END
ce9abb66
AH		 4885
4886
c6c9630e
MT		 4887 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
4888<tr>
4889 <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td>
4890 <td width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></td>
8c877a82 4891 <td width='22%' class='boldbase' align='center'><b>$Lang::tr{'network'}</b></td>
54fd0535 4892 <td width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td>
c6c9630e
MT		 4893 <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></td>
4894 <td width='5%' class='boldbase' colspan='6' align='center'><b>$Lang::tr{'action'}</b></td>
4895</tr>
6e13d0a5 4896END
c6c9630e
MT		 4897 ;
4898 my $id = 0;
4899 my $gif;
542b31d6 4900 foreach my $key (sort { uc($confighash{$a}[1]) cmp uc($confighash{$b}[1]) } keys %confighash) {
c6c9630e
MT		 4901 if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
4902
4903 if ($id % 2) {
4e17adad 4904 print "<tr bgcolor='$color{'color20'}'>\n";
bb89e92a 4905 } else {
4e17adad 4906 print "<tr bgcolor='$color{'color22'}'>\n";
c6c9630e
MT		 4907 }
4908 print "<td align='center' nowrap='nowrap'>$confighash{$key}[1]</td>";
4909 print "<td align='center' nowrap='nowrap'>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>";
8c877a82
AM		 4910 #if ($confighash{$key}[4] eq 'cert') {
4911 #print "<td align='left' nowrap='nowrap'>$confighash{$key}[2]</td>";
4912 #} else {
4913 #print "<td align='left'>&nbsp;</td>";
4914 #}
c6c9630e
MT		 4915 my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
4916 $cavalid =~ /Not After : (.*)[\n]/;
4917 $cavalid = $1;
8c877a82
AM		 4918 if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]="net-2-net";}
4919 if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'host' ){$confighash{$key}[32]="dynamic";}
4920 print "<td align='center'>$confighash{$key}[32]</td>";
c6c9630e 4921 print "<td align='center'>$confighash{$key}[25]</td>";
ce9abb66 4922
c6c9630e 4923 my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
ce9abb66 4924
c6c9630e 4925 if ($confighash{$key}[0] eq 'off') {
54fd0535 4926 $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
c6c9630e 4927 } else {
ce9abb66
AH		 4928
4929###
7c1d9faf 4930# m.a.d net2net
b278daf3
AH		 4931###
4932
4933 if ($confighash{$key}[3] eq 'net') {
54fd0535
MT		 4934
4935 if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
4936 my @output = "";
4937 my @tustate = "";
4938 my $tport = $confighash{$key}[22];
4939 my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport);
4940 if ($tport ne '') {
4941 $tnet->open('127.0.0.1');
4942 @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/');
4943 @tustate = split(/\,/, $output[1]);
4944###
4945#CONNECTING -- OpenVPN's initial state.
4946#WAIT -- (Client only) Waiting for initial response from server.
4947#AUTH -- (Client only) Authenticating with server.
4948#GET_CONFIG -- (Client only) Downloading configuration options from server.
4949#ASSIGN_IP -- Assigning IP address to virtual network interface.
4950#ADD_ROUTES -- Adding routes to system.
4951#CONNECTED -- Initialization Sequence Completed.
4952#RECONNECTING -- A restart has occurred.
4953#EXITING -- A graceful exit is in progress.
4954####
4955
4956 if ( $tustate[1] eq 'CONNECTED') {
4957 $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></tr></td></table>";
4958 } else {
4959 $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$tustate[1]</font></b></td></tr></table>";
4960 }
4961 }
4962 }
4963 } else {
b278daf3
AH		 4964
4965 my $cn;
4966 my @match = ();
4967 foreach my $line (@status) {
4968 chomp($line);
4969 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
4970 @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
4971 if ($match[1] ne "Common Name") {
4972 $cn = $match[1];
4973 }
4974 $cn =~ s/[_]/ /g;
4975 if ($cn eq "$confighash{$key}[2]") {
4976 $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>";
4977 }
54fd0535 4978 }
b278daf3 4979
c6c9630e 4980 }
7c1d9faf
AH		 4981}
4982}
ce9abb66
AH		 4983
4984
c6c9630e
MT		 4985 print <<END
4986 <td align='center'>$active</td>
4987
4988 <form method='post' name='frm${key}a'><td align='center'>
96096995
AM		 4989 <input type='image' name='$Lang::tr{'dl client arch'}' src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
4990 <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
4991 <input type='hidden' name='KEY' value='$key' />
c6c9630e
MT		 4992 </td></form>
4993END
4994 ;
4995 if ($confighash{$key}[4] eq 'cert') {
4996 print <<END
4997 <form method='post' name='frm${key}b'><td align='center'>
4998 <input type='image' name='$Lang::tr{'show certificate'}' src='/images/info.gif' alt='$Lang::tr{'show certificate'}' title='$Lang::tr{'show certificate'}' border='0' />
4999 <input type='hidden' name='ACTION' value='$Lang::tr{'show certificate'}' />
5000 <input type='hidden' name='KEY' value='$key' />
5001 </td></form>
5002END
5003 ; } else {
5004 print "<td>&nbsp;</td>";
5005 }
5006 if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") {
5007 print <<END
5008 <form method='post' name='frm${key}c'><td align='center'>
438dd0cc 5009 <input type='image' name='$Lang::tr{'download pkcs12 file'}' src='/images/media-floppy.png' alt='$Lang::tr{'download pkcs12 file'}' title='$Lang::tr{'download pkcs12 file'}' border='0' />
c6c9630e
MT		 5010 <input type='hidden' name='ACTION' value='$Lang::tr{'download pkcs12 file'}' />
5011 <input type='hidden' name='KEY' value='$key' />
5012 </td></form>
5013END
5014 ; } elsif ($confighash{$key}[4] eq 'cert') {
5015 print <<END
5016 <form method='post' name='frm${key}c'><td align='center'>
438dd0cc 5017 <input type='image' name='$Lang::tr{'download certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' title='$Lang::tr{'download certificate'}' border='0' />
c6c9630e
MT		 5018 <input type='hidden' name='ACTION' value='$Lang::tr{'download certificate'}' />
5019 <input type='hidden' name='KEY' value='$key' />
5020 </td></form>
5021END
5022 ; } else {
5023 print "<td>&nbsp;</td>";
5024 }
5025 print <<END
5026 <form method='post' name='frm${key}d'><td align='center'>
5027 <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$Lang::tr{'toggle enable disable'}' title='$Lang::tr{'toggle enable disable'}' border='0' />
5028 <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
5029 <input type='hidden' name='KEY' value='$key' />
5030 </td></form>
5031
5032 <form method='post' name='frm${key}e'><td align='center'>
5033 <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
5034 <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' width='20' height='20' border='0'/>
5035 <input type='hidden' name='KEY' value='$key' />
5036 </td></form>
5037 <form method='post' name='frm${key}f'><td align='center'>
5038 <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
5039 <input type='image' name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' width='20' height='20' border='0' />
5040 <input type='hidden' name='KEY' value='$key' />
5041 </td></form>
5042 </tr>
5043END
5044 ;
5045 $id++;
5046 }
5047 ;
5048
5049 # If the config file contains entries, print Key to action icons
5050 if ( $id ) {
5051 print <<END
8c877a82 5052 <table border='0'>
c6c9630e
MT		 5053 <tr>
5054 <td class='boldbase'>&nbsp; <b>$Lang::tr{'legend'}:</b></td>
5055 <td>&nbsp; <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td>
5056 <td class='base'>$Lang::tr{'click to disable'}</td>
5057 <td>&nbsp; &nbsp; <img src='/images/info.gif' alt='$Lang::tr{'show certificate'}' /></td>
5058 <td class='base'>$Lang::tr{'show certificate'}</td>
5059 <td>&nbsp; &nbsp; <img src='/images/edit.gif' alt='$Lang::tr{'edit'}' /></td>
5060 <td class='base'>$Lang::tr{'edit'}</td>
5061 <td>&nbsp; &nbsp; <img src='/images/delete.gif' alt='$Lang::tr{'remove'}' /></td>
5062 <td class='base'>$Lang::tr{'remove'}</td>
5063 </tr>
5064 <tr>
5065 <td>&nbsp; </td>
5066 <td>&nbsp; <img src='/images/off.gif' alt='?OFF' /></td>
5067 <td class='base'>$Lang::tr{'click to enable'}</td>
aa7eb426 5068 <td> <img src='/images/media-floppy.png' alt='?FLOPPY' /></td>
c6c9630e 5069 <td class='base'>$Lang::tr{'download certificate'}</td>
aa7eb426 5070 <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td>
c6c9630e
MT		 5071 <td class='base'>$Lang::tr{'dl client arch'}</td>
5072 </tr>
8c877a82 5073 </table><hr>
c6c9630e
MT		 5074END
5075 ;
5076 }
5077
5078 print <<END
5079 <table width='100%'>
5080 <form method='post'>
8c877a82
AM		 5081 <tr><td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' />
5082 <input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td></tr>
c6c9630e
MT		 5083 </form>
5084 </table>
5085END
5086 ;
5087 &Header::closebox();
bb89e92a 5088}
115340d2 5089&Header::closepage();
ce9abb66
AH		 5090
5091
5092
Timo's tree of IPFire 2.x