dec27b722c68587c2c96552391f352de09168119
[people/teissler/ipfire-2.x.git] / html / cgi-bin / ovpnmain.cgi
1 #!/usr/bin/perl
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21 ###
22 # Based on IPFireCore 76
23 ###
24 use CGI;
25 use CGI qw/:standard/;
26 use Net::DNS;
27 use Net::Ping;
28 use Net::Telnet;
29 use File::Copy;
30 use File::Temp qw/ tempfile tempdir /;
31 use strict;
32 use Archive::Zip qw(:ERROR_CODES :CONSTANTS);
33 use Sort::Naturally;
34 require '/var/ipfire/general-functions.pl';
35 require "${General::swroot}/lang.pl";
36 require "${General::swroot}/header.pl";
37 require "${General::swroot}/countries.pl";
38
39 # enable only the following on debugging purpose
40 #use warnings;
41 #use CGI::Carp 'fatalsToBrowser';
42 #workaround to suppress a warning when a variable is used only once
43 my @dummy = ( ${Header::colourgreen}, ${Header::colourblue} );
44 undef (@dummy);
45
46 my %color = ();
47 my %mainsettings = ();
48 &General::readhash("${General::swroot}/main/settings", \%mainsettings);
49 &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
50
51 ###
52 ### Initialize variables
53 ###
54 my %ccdconfhash=();
55 my %ccdroutehash=();
56 my %ccdroute2hash=();
57 my %netsettings=();
58 my %cgiparams=();
59 my %vpnsettings=();
60 my %checked=();
61 my %confighash=();
62 my %cahash=();
63 my %selected=();
64 my $warnmessage = '';
65 my $errormessage = '';
66 my %settings=();
67 my $routes_push_file = '';
68 my $confighost="${General::swroot}/fwhosts/customhosts";
69 my $configgrp="${General::swroot}/fwhosts/customgroups";
70 my $customnet="${General::swroot}/fwhosts/customnetworks";
71 my $name;
72 my $col="";
73 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
74 $cgiparams{'ENABLED'} = 'off';
75 $cgiparams{'ENABLED_BLUE'} = 'off';
76 $cgiparams{'ENABLED_ORANGE'} = 'off';
77 $cgiparams{'EDIT_ADVANCED'} = 'off';
78 $cgiparams{'NAT'} = 'off';
79 $cgiparams{'COMPRESSION'} = 'off';
80 $cgiparams{'ONLY_PROPOSED'} = 'off';
81 $cgiparams{'ACTION'} = '';
82 $cgiparams{'CA_NAME'} = '';
83 $cgiparams{'DH_NAME'} = 'dh1024.pem';
84 $cgiparams{'DHLENGHT'} = '';
85 $cgiparams{'DHCP_DOMAIN'} = '';
86 $cgiparams{'DHCP_DNS'} = '';
87 $cgiparams{'DHCP_WINS'} = '';
88 $cgiparams{'ROUTES_PUSH'} = '';
89 $cgiparams{'DCOMPLZO'} = 'off';
90 $cgiparams{'MSSFIX'} = '';
91 $cgiparams{'number'} = '';
92 $cgiparams{'PMTU_DISCOVERY'} = '';
93 $cgiparams{'DAUTH'} = '';
94 $cgiparams{'DCIPHER'} = '';
95 $routes_push_file = "${General::swroot}/ovpn/routes_push";
96 unless (-e $routes_push_file) { system("touch $routes_push_file"); }
97 unless (-e "${General::swroot}/ovpn/ccd.conf") { system("touch ${General::swroot}/ovpn/ccd.conf"); }
98 unless (-e "${General::swroot}/ovpn/ccdroute") { system("touch ${General::swroot}/ovpn/ccdroute"); }
99 unless (-e "${General::swroot}/ovpn/ccdroute2") { system("touch ${General::swroot}/ovpn/ccdroute2"); }
100
101 &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
102
103 # prepare openvpn config file
104 ###
105 ### Useful functions
106 ###
107 sub haveOrangeNet
108 {
109 if ($netsettings{'CONFIG_TYPE'} == 2) {return 1;}
110 if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
111 return 0;
112 }
113
114 sub haveBlueNet
115 {
116 if ($netsettings{'CONFIG_TYPE'} == 3) {return 1;}
117 if ($netsettings{'CONFIG_TYPE'} == 4) {return 1;}
118 return 0;
119 }
120
121 sub sizeformat{
122 my $bytesize = shift;
123 my $i = 0;
124
125 while(abs($bytesize) >= 1024){
126 $bytesize=$bytesize/1024;
127 $i++;
128 last if($i==6);
129 }
130
131 my @units = ("Bytes","KB","MB","GB","TB","PB","EB");
132 my $newsize=(int($bytesize*100 +0.5))/100;
133 return("$newsize $units[$i]");
134 }
135
136 sub cleanssldatabase
137 {
138 if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
139 print FILE "01";
140 close FILE;
141 }
142 if (open(FILE, ">${General::swroot}/ovpn/certs/index.txt")) {
143 print FILE "";
144 close FILE;
145 }
146 unlink ("${General::swroot}/ovpn/certs/index.txt.old");
147 unlink ("${General::swroot}/ovpn/certs/serial.old");
148 unlink ("${General::swroot}/ovpn/certs/01.pem");
149 }
150
151 sub newcleanssldatabase
152 {
153 if (! -s "${General::swroot}/ovpn/certs/serial" ) {
154 open(FILE, ">${General::swroot}(ovpn/certs/serial");
155 print FILE "01";
156 close FILE;
157 }
158 if (! -s ">${General::swroot}/ovpn/certs/index.txt") {
159 system ("touch ${General::swroot}/ovpn/certs/index.txt");
160 }
161 unlink ("${General::swroot}/ovpn/certs/index.txt.old");
162 unlink ("${General::swroot}/ovpn/certs/serial.old");
163 }
164
165 sub deletebackupcert
166 {
167 if (open(FILE, "${General::swroot}/ovpn/certs/serial.old")) {
168 my $hexvalue = <FILE>;
169 chomp $hexvalue;
170 close FILE;
171 unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem");
172 }
173 }
174 sub checkportfw {
175 my $DPORT = shift;
176 my $DPROT = shift;
177 my %natconfig =();
178 my $confignat = "${General::swroot}/firewall/config";
179 $DPROT= uc ($DPROT);
180 &General::readhasharray($confignat, \%natconfig);
181 foreach my $key (sort keys %natconfig){
182 my @portarray = split (/\|/,$natconfig{$key}[30]);
183 foreach my $value (@portarray){
184 if ($value =~ /:/i){
185 my ($a,$b) = split (":",$value);
186 if ($DPROT eq $natconfig{$key}[12] && $DPORT gt $a && $DPORT lt $b){
187 $errormessage= "$Lang::tr{'source port in use'} $DPORT";
188 }
189 }else{
190 if ($DPROT eq $natconfig{$key}[12] && $DPORT eq $value){
191 $errormessage= "$Lang::tr{'source port in use'} $DPORT";
192 }
193 }
194 }
195 }
196 return;
197 }
198
199 sub checkportoverlap
200 {
201 my $portrange1 = $_[0]; # New port range
202 my $portrange2 = $_[1]; # existing port range
203 my @tempr1 = split(/\:/,$portrange1);
204 my @tempr2 = split(/\:/,$portrange2);
205
206 unless (&checkportinc($tempr1[0], $portrange2)){ return 0;}
207 unless (&checkportinc($tempr1[1], $portrange2)){ return 0;}
208
209 unless (&checkportinc($tempr2[0], $portrange1)){ return 0;}
210 unless (&checkportinc($tempr2[1], $portrange1)){ return 0;}
211
212 return 1; # Everything checks out!
213 }
214
215 # Darren Critchley - we want to make sure that a port entry is not within an already existing range
216 sub checkportinc
217 {
218 my $port1 = $_[0]; # Port
219 my $portrange2 = $_[1]; # Port range
220 my @tempr1 = split(/\:/,$portrange2);
221
222 if ($port1 < $tempr1[0] || $port1 > $tempr1[1]) {
223 return 1;
224 } else {
225 return 0;
226 }
227 }
228
229
230 sub writeserverconf {
231 my %sovpnsettings = ();
232 my @temp = ();
233 &General::readhash("${General::swroot}/ovpn/settings", \%sovpnsettings);
234 &read_routepushfile;
235
236 open(CONF, ">${General::swroot}/ovpn/server.conf") or die "Unable to open ${General::swroot}/ovpn/server.conf: $!";
237 flock CONF, 2;
238 print CONF "#OpenVPN Server conf\n";
239 print CONF "\n";
240 print CONF "daemon openvpnserver\n";
241 print CONF "writepid /var/run/openvpn.pid\n";
242 print CONF "#DAN prepare OpenVPN for listening on blue and orange\n";
243 print CONF ";local $sovpnsettings{'VPN_IP'}\n";
244 print CONF "dev $sovpnsettings{'DDEVICE'}\n";
245 print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
246 print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
247 print CONF "script-security 3 system\n";
248 print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n";
249 print CONF "client-config-dir /var/ipfire/ovpn/ccd\n";
250 print CONF "tls-server\n";
251 print CONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
252 print CONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
253 print CONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
254 print CONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n";
255 my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'});
256 print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n";
257 #print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
258
259 # Check if we are using mssfix, fragment or mtu-disc and set the corretct mtu of 1500.
260 # If we doesn't use one of them, we can use the configured mtu value.
261 if ($sovpnsettings{'MSSFIX'} eq 'on')
262 { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
263 elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp')
264 { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
265 elsif (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
266 ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
267 ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
268 { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
269 else
270 { print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; }
271
272 if ($vpnsettings{'ROUTES_PUSH'} ne '') {
273 @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'});
274 foreach (@temp)
275 {
276 @tempovpnsubnet = split("\/",&General::ipcidr2msk($_));
277 print CONF "push \"route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . "\"\n";
278 }
279 }
280 # a.marx ccd
281 my %ccdconfhash=();
282 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
283 foreach my $key (keys %ccdconfhash) {
284 my $a=$ccdconfhash{$key}[1];
285 my ($b,$c) = split (/\//, $a);
286 print CONF "route $b ".&General::cidrtosub($c)."\n";
287 }
288 my %ccdroutehash=();
289 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
290 foreach my $key (keys %ccdroutehash) {
291 foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
292 my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]);
293 print CONF "route $a $b\n";
294 }
295 }
296 # ccd end
297
298 if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
299 print CONF "client-to-client\n";
300 }
301 if ($sovpnsettings{MSSFIX} eq 'on') {
302 print CONF "mssfix\n";
303 }
304 if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') {
305 print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
306 }
307
308 # Check if a valid operating mode has been choosen and use it.
309 if (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
310 ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
311 ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' )) {
312 print CONF "mtu-disc $sovpnsettings{'PMTU_DISCOVERY'}\n";
313 }
314
315 if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {
316 print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
317 }
318 print CONF "status-version 1\n";
319 print CONF "status /var/log/ovpnserver.log 30\n";
320 print CONF "cipher $sovpnsettings{DCIPHER}\n";
321 if ($sovpnsettings{'DAUTH'} eq '') {
322 print CONF "";
323 } else {
324 print CONF "auth $sovpnsettings{'DAUTH'}\n";
325 }
326 if ($sovpnsettings{DCOMPLZO} eq 'on') {
327 print CONF "comp-lzo\n";
328 }
329 if ($sovpnsettings{REDIRECT_GW_DEF1} eq 'on') {
330 print CONF "push \"redirect-gateway def1\"\n";
331 }
332 if ($sovpnsettings{DHCP_DOMAIN} ne '') {
333 print CONF "push \"dhcp-option DOMAIN $sovpnsettings{DHCP_DOMAIN}\"\n";
334 }
335
336 if ($sovpnsettings{DHCP_DNS} ne '') {
337 print CONF "push \"dhcp-option DNS $sovpnsettings{DHCP_DNS}\"\n";
338 }
339
340 if ($sovpnsettings{DHCP_WINS} ne '') {
341 print CONF "push \"dhcp-option WINS $sovpnsettings{DHCP_WINS}\"\n";
342 }
343
344 if ($sovpnsettings{DHCP_WINS} eq '') {
345 print CONF "max-clients 100\n";
346 }
347 if ($sovpnsettings{DHCP_WINS} ne '') {
348 print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n";
349 }
350 print CONF "tls-verify /usr/lib/openvpn/verify\n";
351 print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n";
352 print CONF "user nobody\n";
353 print CONF "group nobody\n";
354 print CONF "persist-key\n";
355 print CONF "persist-tun\n";
356 if ($sovpnsettings{LOG_VERB} ne '') {
357 print CONF "verb $sovpnsettings{LOG_VERB}\n";
358 } else {
359 print CONF "verb 3\n";
360 }
361 print CONF "\n";
362
363 close(CONF);
364 }
365
366 sub emptyserverlog{
367 if (open(FILE, ">/var/log/ovpnserver.log")) {
368 flock FILE, 2;
369 print FILE "";
370 close FILE;
371 }
372
373 }
374
375 sub delccdnet
376 {
377 my %ccdconfhash = ();
378 my %ccdhash = ();
379 my $ccdnetname=$_[0];
380 if (-f "${General::swroot}/ovpn/ovpnconfig"){
381 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
382 foreach my $key (keys %ccdhash) {
383 if ($ccdhash{$key}[32] eq $ccdnetname) {
384 $errormessage=$Lang::tr{'ccd err hostinnet'};
385 return;
386 }
387 }
388 }
389 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
390 foreach my $key (keys %ccdconfhash) {
391 if ($ccdconfhash{$key}[0] eq $ccdnetname){
392 delete $ccdconfhash{$key};
393 }
394 }
395 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
396
397 &writeserverconf;
398 return 0;
399 }
400
401 sub addccdnet
402 {
403 my %ccdconfhash=();
404 my @ccdconf=();
405 my $ccdname=$_[0];
406 my $ccdnet=$_[1];
407 my $subcidr;
408 my @ip2=();
409 my $checkup;
410 my $ccdip;
411 my $baseaddress;
412
413
414 #check name
415 if ($ccdname eq '')
416 {
417 $errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>";
418 return
419 }
420
421 if(!&General::validhostname($ccdname))
422 {
423 $errormessage=$Lang::tr{'ccd err invalidname'};
424 return;
425 }
426
427 ($ccdip,$subcidr) = split (/\//,$ccdnet);
428 $subcidr=&General::iporsubtocidr($subcidr);
429 #check subnet
430 if ($subcidr > 30)
431 {
432 $errormessage=$Lang::tr{'ccd err invalidnet'};
433 return;
434 }
435 #check ip
436 if (!&General::validipandmask($ccdnet)){
437 $errormessage=$Lang::tr{'ccd err invalidnet'};
438 return;
439 }
440
441 $errormessage=&General::checksubnets($ccdname,$ccdnet);
442
443
444 if (!$errormessage) {
445 my %ccdconfhash=();
446 $baseaddress=&General::getnetworkip($ccdip,$subcidr);
447 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
448 my $key = &General::findhasharraykey (\%ccdconfhash);
449 foreach my $i (0 .. 1) { $ccdconfhash{$key}[$i] = "";}
450 $ccdconfhash{$key}[0] = $ccdname;
451 $ccdconfhash{$key}[1] = $baseaddress."/".$subcidr;
452 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
453 &writeserverconf;
454 $cgiparams{'ccdname'}='';
455 $cgiparams{'ccdsubnet'}='';
456 return 1;
457 }
458 }
459
460 sub modccdnet
461 {
462
463 my $newname=$_[0];
464 my $oldname=$_[1];
465 my %ccdconfhash=();
466 my %ccdhash=();
467 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
468 foreach my $key (keys %ccdconfhash) {
469 if ($ccdconfhash{$key}[0] eq $oldname) {
470 foreach my $key1 (keys %ccdconfhash) {
471 if ($ccdconfhash{$key1}[0] eq $newname){
472 $errormessage=$errormessage.$Lang::tr{'ccd err netadrexist'};
473 return;
474 }else{
475 $ccdconfhash{$key}[0]= $newname;
476 &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
477 last;
478 }
479 }
480 }
481 }
482
483 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
484 foreach my $key (keys %ccdhash) {
485 if ($ccdhash{$key}[32] eq $oldname) {
486 $ccdhash{$key}[32]=$newname;
487 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
488 last;
489 }
490 }
491
492 return 0;
493 }
494 sub ccdmaxclients
495 {
496 my $ccdnetwork=$_[0];
497 my @octets=();
498 my @subnet=();
499 @octets=split("\/",$ccdnetwork);
500 @subnet= split /\./, &General::cidrtosub($octets[1]);
501 my ($a,$b,$c,$d,$e);
502 $a=256-$subnet[0];
503 $b=256-$subnet[1];
504 $c=256-$subnet[2];
505 $d=256-$subnet[3];
506 $e=($a*$b*$c*$d)/4;
507 return $e-1;
508 }
509
510 sub getccdadresses
511 {
512 my $ipin=$_[0];
513 my ($ip1,$ip2,$ip3,$ip4)=split /\./, $ipin;
514 my $cidr=$_[1];
515 chomp($cidr);
516 my $count=$_[2];
517 my $hasip=$_[3];
518 chomp($hasip);
519 my @iprange=();
520 my %ccdhash=();
521 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
522 $iprange[0]=$ip1.".".$ip2.".".$ip3.".".($ip4+2);
523 for (my $i=1;$i<=$count;$i++) {
524 my $tmpip=$iprange[$i-1];
525 my $stepper=$i*4;
526 $iprange[$i]= &General::getnextip($tmpip,4);
527 }
528 my $r=0;
529 foreach my $key (keys %ccdhash) {
530 $r=0;
531 foreach my $tmp (@iprange){
532 my ($net,$sub) = split (/\//,$ccdhash{$key}[33]);
533 if ($net eq $tmp) {
534 if ( $hasip ne $ccdhash{$key}[33] ){
535 splice (@iprange,$r,1);
536 }
537 }
538 $r++;
539 }
540 }
541 return @iprange;
542 }
543
544 sub fillselectbox
545 {
546 my $boxname=$_[1];
547 my ($ccdip,$subcidr) = split("/",$_[0]);
548 my $tz=$_[2];
549 my @allccdips=&getccdadresses($ccdip,$subcidr,&ccdmaxclients($ccdip."/".$subcidr),$tz);
550 print"<select name='$boxname' STYLE='font-family : arial; font-size : 9pt; width:130px;' >";
551 foreach (@allccdips) {
552 my $ip=$_."/30";
553 chomp($ip);
554 print "<option value='$ip' ";
555 if ( $ip eq $cgiparams{$boxname} ){
556 print"selected";
557 }
558 print ">$ip</option>";
559 }
560 print "</select>";
561 }
562
563 sub hostsinnet
564 {
565 my $name=$_[0];
566 my %ccdhash=();
567 my $i=0;
568 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
569 foreach my $key (keys %ccdhash) {
570 if ($ccdhash{$key}[32] eq $name){ $i++;}
571 }
572 return $i;
573 }
574
575 sub check_routes_push
576 {
577 my $val=$_[0];
578 my ($ip,$cidr) = split (/\//, $val);
579 ##check for existing routes in routes_push
580 if (-e "${General::swroot}/ovpn/routes_push") {
581 open(FILE,"${General::swroot}/ovpn/routes_push");
582 while (<FILE>) {
583 $_=~s/\s*$//g;
584
585 my ($ip2,$cidr2) = split (/\//,"$_");
586 my $val2=$ip2."/".&General::iporsubtodec($cidr2);
587
588 if($val eq $val2){
589 return 0;
590 }
591 #subnetcheck
592 if (&General::IpInSubnet ($ip,$ip2,&General::iporsubtodec($cidr2))){
593 return 0;
594 }
595 };
596 close(FILE);
597 }
598 return 1;
599 }
600
601 sub check_ccdroute
602 {
603 my %ccdroutehash=();
604 my $val=$_[0];
605 my ($ip,$cidr) = split (/\//, $val);
606 #check for existing routes in ccdroute
607 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
608 foreach my $key (keys %ccdroutehash) {
609 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
610 if (&General::iporsubtodec($val) eq $ccdroutehash{$key}[$i] && $ccdroutehash{$key}[0] ne $cgiparams{'NAME'}){
611 return 0;
612 }
613 my ($ip2,$cidr2) = split (/\//,$ccdroutehash{$key}[$i]);
614 #subnetcheck
615 if (&General::IpInSubnet ($ip,$ip2,$cidr2)&& $ccdroutehash{$key}[0] ne $cgiparams{'NAME'} ){
616 return 0;
617 }
618 }
619 }
620 return 1;
621 }
622 sub check_ccdconf
623 {
624 my %ccdconfhash=();
625 my $val=$_[0];
626 my ($ip,$cidr) = split (/\//, $val);
627 #check for existing routes in ccdroute
628 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
629 foreach my $key (keys %ccdconfhash) {
630 if (&General::iporsubtocidr($val) eq $ccdconfhash{$key}[1]){
631 return 0;
632 }
633 my ($ip2,$cidr2) = split (/\//,$ccdconfhash{$key}[1]);
634 #subnetcheck
635 if (&General::IpInSubnet ($ip,$ip2,&General::cidrtosub($cidr2))){
636 return 0;
637 }
638
639 }
640 return 1;
641 }
642
643 ###
644 # m.a.d net2net
645 ###
646
647 sub validdotmask
648 {
649 my $ipdotmask = $_[0];
650 if (&General::validip($ipdotmask)) { return 0; }
651 if (!($ipdotmask =~ /^(.*?)\/(.*?)$/)) { }
652 my $mask = $2;
653 if (($mask =~ /\./ )) { return 0; }
654 return 1;
655 }
656
657 # -------------------------------------------------------------------
658
659 sub write_routepushfile
660 {
661 open(FILE, ">$routes_push_file");
662 flock(FILE, 2);
663 if ($vpnsettings{'ROUTES_PUSH'} ne '') {
664 print FILE $vpnsettings{'ROUTES_PUSH'};
665 }
666 close(FILE);
667 }
668
669 sub read_routepushfile
670 {
671 if (-e "$routes_push_file") {
672 open(FILE,"$routes_push_file");
673 delete $vpnsettings{'ROUTES_PUSH'};
674 while (<FILE>) { $vpnsettings{'ROUTES_PUSH'} .= $_ };
675 close(FILE);
676 $cgiparams{'ROUTES_PUSH'} = $vpnsettings{'ROUTES_PUSH'};
677
678 }
679 }
680
681
682 #hier die refresh page
683 if ( -e "${General::swroot}/ovpn/gencanow") {
684 my $refresh = '';
685 $refresh = "<meta http-equiv='refresh' content='15;' />";
686 &Header::showhttpheaders();
687 &Header::openpage($Lang::tr{'OVPN'}, 1, $refresh);
688 &Header::openbigbox('100%', 'center');
689 &Header::openbox('100%', 'left', "$Lang::tr{'generate root/host certificates'}:");
690 print "<tr>\n<td align='center'><img src='/images/clock.gif' alt='' /></td>\n";
691 print "<td colspan='2'><font color='red'>Please be patient this realy can take some time on older hardware...</font></td></tr>\n";
692 &Header::closebox();
693 &Header::closebigbox();
694 &Header::closepage();
695 exit (0);
696 }
697 ##hier die refresh page
698
699
700 ###
701 ### OpenVPN Server Control
702 ###
703 if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'} ||
704 $cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'} ||
705 $cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}) {
706 #start openvpn server
707 if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'}){
708 &emptyserverlog();
709 system('/usr/local/bin/openvpnctrl', '-s');
710 }
711 #stop openvpn server
712 if ($cgiparams{'ACTION'} eq $Lang::tr{'stop ovpn server'}){
713 system('/usr/local/bin/openvpnctrl', '-k');
714 &emptyserverlog();
715 }
716 # #restart openvpn server
717 # if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){
718 #workarund, till SIGHUP also works when running as nobody
719 # system('/usr/local/bin/openvpnctrl', '-r');
720 # &emptyserverlog();
721 # }
722 }
723
724 ###
725 ### Save Advanced options
726 ###
727
728 if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
729 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
730 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
731 #DAN this value has to leave.
732 #new settings for daemon
733 $vpnsettings{'LOG_VERB'} = $cgiparams{'LOG_VERB'};
734 $vpnsettings{'KEEPALIVE_1'} = $cgiparams{'KEEPALIVE_1'};
735 $vpnsettings{'KEEPALIVE_2'} = $cgiparams{'KEEPALIVE_2'};
736 $vpnsettings{'MAX_CLIENTS'} = $cgiparams{'MAX_CLIENTS'};
737 $vpnsettings{'REDIRECT_GW_DEF1'} = $cgiparams{'REDIRECT_GW_DEF1'};
738 $vpnsettings{'CLIENT2CLIENT'} = $cgiparams{'CLIENT2CLIENT'};
739 $vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'};
740 $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
741 $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
742 $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
743 $vpnsettings{'PMTU_DISCOVERY'} = $cgiparams{'PMTU_DISCOVERY'};
744 $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'};
745 my @temp=();
746
747 if ($cgiparams{'FRAGMENT'} eq '') {
748 delete $vpnsettings{'FRAGMENT'};
749 } else {
750 if ($cgiparams{'FRAGMENT'} !~ /^[0-9]+$/) {
751 $errormessage = "Incorrect value, please insert only numbers.";
752 goto ADV_ERROR;
753 } else {
754 $vpnsettings{'FRAGMENT'} = $cgiparams{'FRAGMENT'};
755 }
756 }
757 if ($cgiparams{'MSSFIX'} ne 'on') {
758 delete $vpnsettings{'MSSFIX'};
759 } else {
760 $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
761 }
762
763 if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
764 ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
765 ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
766
767 if (($cgiparams{'MSSFIX'} eq 'on') || ($cgiparams{'FRAGMENT'} ne '')) {
768 $errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'};
769 goto ADV_ERROR;
770 }
771 }
772
773 if ($cgiparams{'DHCP_DOMAIN'} ne ''){
774 unless (&General::validdomainname($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
775 $errormessage = $Lang::tr{'invalid input for dhcp domain'};
776 goto ADV_ERROR;
777 }
778 }
779 if ($cgiparams{'DHCP_DNS'} ne ''){
780 unless (&General::validfqdn($cgiparams{'DHCP_DNS'}) || &General::validip($cgiparams{'DHCP_DNS'})) {
781 $errormessage = $Lang::tr{'invalid input for dhcp dns'};
782 goto ADV_ERROR;
783 }
784 }
785 if ($cgiparams{'DHCP_WINS'} ne ''){
786 unless (&General::validfqdn($cgiparams{'DHCP_WINS'}) || &General::validip($cgiparams{'DHCP_WINS'})) {
787 $errormessage = $Lang::tr{'invalid input for dhcp wins'};
788 goto ADV_ERROR;
789 }
790 }
791 if ($cgiparams{'ROUTES_PUSH'} ne ''){
792 @temp = split(/\n/,$cgiparams{'ROUTES_PUSH'});
793 undef $vpnsettings{'ROUTES_PUSH'};
794
795 foreach my $tmpip (@temp)
796 {
797 s/^\s+//g; s/\s+$//g;
798
799 if ($tmpip)
800 {
801 $tmpip=~s/\s*$//g;
802 unless (&General::validipandmask($tmpip)) {
803 $errormessage = "$tmpip ".$Lang::tr{'ovpn errmsg invalid ip or mask'};
804 goto ADV_ERROR;
805 }
806 my ($ip, $cidr) = split("\/",&General::ipcidr2msk($tmpip));
807
808 if ($ip eq $netsettings{'GREEN_NETADDRESS'} && $cidr eq $netsettings{'GREEN_NETMASK'}) {
809 $errormessage = $Lang::tr{'ovpn errmsg green already pushed'};
810 goto ADV_ERROR;
811 }
812 # a.marx ccd
813 my %ccdroutehash=();
814 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
815 foreach my $key (keys %ccdroutehash) {
816 foreach my $i (1 .. $#{$ccdroutehash{$key}}) {
817 if ( $ip."/".$cidr eq $ccdroutehash{$key}[$i] ){
818 $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ;
819 goto ADV_ERROR;
820 }
821 my ($ip2,$cidr2) = split(/\//,$ccdroutehash{$key}[$i]);
822 if (&General::IpInSubnet ($ip,$ip2,$cidr2)){
823 $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ;
824 goto ADV_ERROR;
825 }
826 }
827 }
828
829 # ccd end
830
831 $vpnsettings{'ROUTES_PUSH'} .= $tmpip."\n";
832 }
833 }
834 &write_routepushfile;
835 undef $vpnsettings{'ROUTES_PUSH'};
836 }
837 else {
838 undef $vpnsettings{'ROUTES_PUSH'};
839 &write_routepushfile;
840 }
841 if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 255 )) {
842 $errormessage = $Lang::tr{'invalid input for max clients'};
843 goto ADV_ERROR;
844 }
845 if ($cgiparams{'KEEPALIVE_1'} ne '') {
846 if ($cgiparams{'KEEPALIVE_1'} !~ /^[0-9]+$/) {
847 $errormessage = $Lang::tr{'invalid input for keepalive 1'};
848 goto ADV_ERROR;
849 }
850 }
851 if ($cgiparams{'KEEPALIVE_2'} ne ''){
852 if ($cgiparams{'KEEPALIVE_2'} !~ /^[0-9]+$/) {
853 $errormessage = $Lang::tr{'invalid input for keepalive 2'};
854 goto ADV_ERROR;
855 }
856 }
857 if ($cgiparams{'KEEPALIVE_2'} < ($cgiparams{'KEEPALIVE_1'} * 2)){
858 $errormessage = $Lang::tr{'invalid input for keepalive 1:2'};
859 goto ADV_ERROR;
860 }
861
862 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
863 &writeserverconf();#hier ok
864 }
865
866 ###
867 # m.a.d net2net
868 ###
869
870 if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'server')
871 {
872
873 my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
874 my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'});
875 my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
876 my $tunmtu = '';
877
878 unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
879 unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
880
881 open(SERVERCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
882
883 flock SERVERCONF, 2;
884 print SERVERCONF "# IPFire n2n Open VPN Server Config by ummeegge und m.a.d\n";
885 print SERVERCONF "\n";
886 print SERVERCONF "# User Security\n";
887 print SERVERCONF "user nobody\n";
888 print SERVERCONF "group nobody\n";
889 print SERVERCONF "persist-tun\n";
890 print SERVERCONF "persist-key\n";
891 print SERVERCONF "script-security 2\n";
892 print SERVERCONF "# IP/DNS for remote Server Gateway\n";
893
894 if ($cgiparams{'REMOTE'} ne '') {
895 print SERVERCONF "remote $cgiparams{'REMOTE'}\n";
896 }
897
898 print SERVERCONF "float\n";
899 print SERVERCONF "# IP adresses of the VPN Subnet\n";
900 print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n";
901 print SERVERCONF "# Client Gateway Network\n";
902 print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n";
903 print SERVERCONF "# tun Device\n";
904 print SERVERCONF "dev tun\n";
905 print SERVERCONF "# Port and Protokol\n";
906 print SERVERCONF "port $cgiparams{'DEST_PORT'}\n";
907
908 if ($cgiparams{'PROTOCOL'} eq 'tcp') {
909 print SERVERCONF "proto tcp-server\n";
910 print SERVERCONF "# Packet size\n";
911 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
912 print SERVERCONF "tun-mtu $tunmtu\n";
913 }
914
915 if ($cgiparams{'PROTOCOL'} eq 'udp') {
916 print SERVERCONF "proto udp\n";
917 print SERVERCONF "# Paketsize\n";
918 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
919 print SERVERCONF "tun-mtu $tunmtu\n";
920 if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";}
921 if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; };
922 }
923
924 # Check if a valid operating mode has been choosen and use it.
925 if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
926 ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
927 ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
928 if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) {
929 if($cgiparams{'MTU'} eq '1500') {
930 print SERVERCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n";
931 }
932 }
933 }
934 print SERVERCONF "# Auth. Server\n";
935 print SERVERCONF "tls-server\n";
936 print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n";
937 print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n";
938 print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n";
939 print SERVERCONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n";
940 print SERVERCONF "# Cipher\n";
941 print SERVERCONF "cipher $cgiparams{'DCIPHER'}\n";
942 print SERVERCONF "# HMAC algorithm\n";
943 print SERVERCONF "auth $cgiparams{'DAUTH'}\n";
944 if ($cgiparams{'COMPLZO'} eq 'on') {
945 print SERVERCONF "# Enable Compression\n";
946 print SERVERCONF "comp-lzo\r\n";
947 }
948 print SERVERCONF "# Debug Level\n";
949 print SERVERCONF "verb 3\n";
950 print SERVERCONF "# Tunnel check\n";
951 print SERVERCONF "keepalive 10 60\n";
952 print SERVERCONF "# Start as daemon\n";
953 print SERVERCONF "daemon $cgiparams{'NAME'}n2n\n";
954 print SERVERCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n";
955 print SERVERCONF "# Activate Management Interface and Port\n";
956 if ($cgiparams{'OVPN_MGMT'} eq '') {print SERVERCONF "management localhost $cgiparams{'DEST_PORT'}\n"}
957 else {print SERVERCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"};
958 close(SERVERCONF);
959
960 }
961
962 ###
963 # m.a.d net2net
964 ###
965
966 if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client')
967 {
968
969 my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'});
970 my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
971 my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
972 my $tunmtu = '';
973
974 unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
975 unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
976
977 open(CLIENTCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
978
979 flock CLIENTCONF, 2;
980 print CLIENTCONF "# IPFire rewritten n2n Open VPN Client Config by ummeegge und m.a.d\n";
981 print CLIENTCONF "#\n";
982 print CLIENTCONF "# User Security\n";
983 print CLIENTCONF "user nobody\n";
984 print CLIENTCONF "group nobody\n";
985 print CLIENTCONF "persist-tun\n";
986 print CLIENTCONF "persist-key\n";
987 print CLIENTCONF "script-security 2\n";
988 print CLIENTCONF "# IP/DNS for remote Server Gateway\n";
989 print CLIENTCONF "remote $cgiparams{'REMOTE'}\n";
990 print CLIENTCONF "float\n";
991 print CLIENTCONF "# IP adresses of the VPN Subnet\n";
992 print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n";
993 print CLIENTCONF "# Server Gateway Network\n";
994 print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";
995 print CLIENTCONF "# tun Device\n";
996 print CLIENTCONF "dev tun\n";
997 print CLIENTCONF "# Port and Protokol\n";
998 print CLIENTCONF "port $cgiparams{'DEST_PORT'}\n";
999
1000 if ($cgiparams{'PROTOCOL'} eq 'tcp') {
1001 print CLIENTCONF "proto tcp-client\n";
1002 print CLIENTCONF "# Packet size\n";
1003 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
1004 print CLIENTCONF "tun-mtu $tunmtu\n";
1005 }
1006
1007 if ($cgiparams{'PROTOCOL'} eq 'udp') {
1008 print CLIENTCONF "proto udp\n";
1009 print CLIENTCONF "# Paketsize\n";
1010 if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
1011 print CLIENTCONF "tun-mtu $tunmtu\n";
1012 if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";}
1013 if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; };
1014 }
1015
1016 # Check if a valid operating mode has been choosen and use it.
1017 if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
1018 ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
1019 ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
1020 if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) {
1021 if ($cgiparams{'MTU'} eq '1500') {
1022 print CLIENTCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n";
1023 }
1024 }
1025 }
1026
1027 print CLIENTCONF "ns-cert-type server\n";
1028 print CLIENTCONF "# Auth. Client\n";
1029 print CLIENTCONF "tls-client\n";
1030 print CLIENTCONF "# Cipher\n";
1031 print CLIENTCONF "cipher $cgiparams{'DCIPHER'}\n";
1032 print CLIENTCONF "# HMAC algorithm\n";
1033 print CLIENTCONF "auth $cgiparams{'DAUTH'}\n";
1034 print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n";
1035 if ($cgiparams{'COMPLZO'} eq 'on') {
1036 print CLIENTCONF "# Enable Compression\n";
1037 print CLIENTCONF "comp-lzo\r\n";
1038 }
1039 print CLIENTCONF "# Debug Level\n";
1040 print CLIENTCONF "verb 3\n";
1041 print CLIENTCONF "# Tunnel check\n";
1042 print CLIENTCONF "keepalive 10 60\n";
1043 print CLIENTCONF "# Start as daemon\n";
1044 print CLIENTCONF "daemon $cgiparams{'NAME'}n2n\n";
1045 print CLIENTCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n";
1046 print CLIENTCONF "# Activate Management Interface and Port\n";
1047 if ($cgiparams{'OVPN_MGMT'} eq '') {print CLIENTCONF "management localhost $cgiparams{'DEST_PORT'}\n"}
1048 else {print CLIENTCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"};
1049 close(CLIENTCONF);
1050
1051 }
1052
1053 ###
1054 ### Save main settings
1055 ###
1056
1057
1058 if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') {
1059 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1060 #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
1061 #DAN this value has to leave.
1062 if ($cgiparams{'ENABLED'} eq 'on'){
1063 unless (&General::validfqdn($cgiparams{'VPN_IP'}) || &General::validip($cgiparams{'VPN_IP'})) {
1064 $errormessage = $Lang::tr{'invalid input for hostname'};
1065 goto SETTINGS_ERROR;
1066 }
1067 }
1068 if ($errormessage) { goto SETTINGS_ERROR; }
1069
1070 if ($cgiparams{'ENABLED'} eq 'on'){
1071 &checkportfw($cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'});
1072 }
1073 if ($errormessage) { goto SETTINGS_ERROR; }
1074
1075 if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) {
1076 $errormessage = $Lang::tr{'ovpn subnet is invalid'};
1077 goto SETTINGS_ERROR;
1078 }
1079 my @tmpovpnsubnet = split("\/",$cgiparams{'DOVPN_SUBNET'});
1080
1081 if (&General::IpInSubnet ( $netsettings{'RED_ADDRESS'},
1082 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1083 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire RED Network $netsettings{'RED_ADDRESS'}";
1084 goto SETTINGS_ERROR;
1085 }
1086
1087 if (&General::IpInSubnet ( $netsettings{'GREEN_ADDRESS'},
1088 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1089 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Green Network $netsettings{'GREEN_ADDRESS'}";
1090 goto SETTINGS_ERROR;
1091 }
1092
1093 if (&General::IpInSubnet ( $netsettings{'BLUE_ADDRESS'},
1094 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1095 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Blue Network $netsettings{'BLUE_ADDRESS'}";
1096 goto SETTINGS_ERROR;
1097 }
1098
1099 if (&General::IpInSubnet ( $netsettings{'ORANGE_ADDRESS'},
1100 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1101 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire Orange Network $netsettings{'ORANGE_ADDRESS'}";
1102 goto SETTINGS_ERROR;
1103 }
1104 open(ALIASES, "${General::swroot}/ethernet/aliases") or die 'Unable to open aliases file.';
1105 while (<ALIASES>)
1106 {
1107 chomp($_);
1108 my @tempalias = split(/\,/,$_);
1109 if ($tempalias[1] eq 'on') {
1110 if (&General::IpInSubnet ($tempalias[0] ,
1111 $tmpovpnsubnet[0], $tmpovpnsubnet[1])) {
1112 $errormessage = "$Lang::tr{'ovpn subnet overlap'} IPFire alias entry $tempalias[0]";
1113 }
1114 }
1115 }
1116 close(ALIASES);
1117 if ($errormessage ne ''){
1118 goto SETTINGS_ERROR;
1119 }
1120 if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
1121 $errormessage = $Lang::tr{'invalid input'};
1122 goto SETTINGS_ERROR;
1123 }
1124 if ((length($cgiparams{'DMTU'})==0) || (($cgiparams{'DMTU'}) < 1000 )) {
1125 $errormessage = $Lang::tr{'invalid mtu input'};
1126 goto SETTINGS_ERROR;
1127 }
1128
1129 unless (&General::validport($cgiparams{'DDEST_PORT'})) {
1130 $errormessage = $Lang::tr{'invalid port'};
1131 goto SETTINGS_ERROR;
1132 }
1133
1134 $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
1135 $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
1136 $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
1137 $vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
1138 #new settings for daemon
1139 $vpnsettings{'DOVPN_SUBNET'} = $cgiparams{'DOVPN_SUBNET'};
1140 $vpnsettings{'DDEVICE'} = $cgiparams{'DDEVICE'};
1141 $vpnsettings{'DPROTOCOL'} = $cgiparams{'DPROTOCOL'};
1142 $vpnsettings{'DDEST_PORT'} = $cgiparams{'DDEST_PORT'};
1143 $vpnsettings{'DMTU'} = $cgiparams{'DMTU'};
1144 $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'};
1145 $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'};
1146 #wrtie enable
1147
1148 if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");}
1149 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_orange 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_orange 2>/dev/null");}
1150 if ( $vpnsettings{'ENABLED'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable 2>/dev/null");}
1151 #new settings for daemon
1152 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
1153 &writeserverconf();#hier ok
1154 SETTINGS_ERROR:
1155 ###
1156 ### Reset all step 2
1157 ###
1158 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'} && $cgiparams{'AREUSURE'} eq 'yes') {
1159 my $file = '';
1160 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1161
1162 foreach my $key (keys %confighash) {
1163 if ($confighash{$key}[4] eq 'cert') {
1164 delete $confighash{$cgiparams{'$key'}};
1165 }
1166 }
1167 while ($file = glob("${General::swroot}/ovpn/ca/*")) {
1168 unlink $file
1169 }
1170 while ($file = glob("${General::swroot}/ovpn/certs/*")) {
1171 unlink $file
1172 }
1173 while ($file = glob("${General::swroot}/ovpn/crls/*")) {
1174 unlink $file
1175 }
1176 &cleanssldatabase();
1177 if (open(FILE, ">${General::swroot}/ovpn/caconfig")) {
1178 print FILE "";
1179 close FILE;
1180 }
1181 if (open(FILE, ">${General::swroot}/ovpn/ccdroute")) {
1182 print FILE "";
1183 close FILE;
1184 }
1185 if (open(FILE, ">${General::swroot}/ovpn/ccdroute2")) {
1186 print FILE "";
1187 close FILE;
1188 }
1189 while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
1190 unlink $file
1191 }
1192 if (open(FILE, ">${General::swroot}/ovpn/ovpn-leases.db")) {
1193 print FILE "";
1194 close FILE;
1195 }
1196 if (open(FILE, ">${General::swroot}/ovpn/ovpnconfig")) {
1197 print FILE "";
1198 close FILE;
1199 }
1200 while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) {
1201 system ("rm -rf $file")
1202 }
1203 ###
1204 ### Reset all step 1
1205 ###
1206 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'}) {
1207 &Header::showhttpheaders();
1208 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
1209 &Header::openbigbox('100%', 'left', '', '');
1210 &Header::openbox('100%', 'left', $Lang::tr{'are you sure'});
1211 print <<END;
1212 <form method='post'>
1213 <table width='100%'>
1214 <tr>
1215 <td align='center'>
1216 <input type='hidden' name='AREUSURE' value='yes' />
1217 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>:
1218 $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}</td>
1219 </tr>
1220 <tr>
1221 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'remove x509'}' />
1222 <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td>
1223 </tr>
1224 </table>
1225 </form>
1226 END
1227 ;
1228 &Header::closebox();
1229 &Header::closebigbox();
1230 &Header::closepage();
1231 exit (0);
1232
1233 ###
1234 ### Generate DH key step 2
1235 ###
1236 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'} && $cgiparams{'AREUSURE'} eq 'yes') {
1237 # Delete if old key exists
1238 if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
1239 unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
1240 }
1241 # Create Diffie Hellmann Parameter
1242 system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache',
1243 '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
1244 if ($?) {
1245 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1246 unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
1247 }
1248
1249 ###
1250 ### Generate DH key step 1
1251 ###
1252 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'}) {
1253 &Header::showhttpheaders();
1254 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
1255 &Header::openbigbox('100%', 'LEFT', '', '');
1256 &Header::openbox('100%', 'LEFT', "$Lang::tr{'gen dh'}:");
1257 print <<END;
1258 <table width='100%'>
1259 <tr>
1260 <td width='15%'> </td> <td width='15%'></td> <td width='65%'></td>
1261 </tr>
1262 <tr>
1263 <td class='base'>$Lang::tr{'ovpn dh'}:</td>
1264 <td align='center'>
1265 <form method='post'><input type='hidden' name='AREUSURE' value='yes' />
1266 <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
1267 <select name='DHLENGHT'>
1268 <option value='1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit'}</option>
1269 <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
1270 <option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
1271 <option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
1272 </select>
1273 </td>
1274 </tr>
1275 <tr><td colspan='4'><br></td></tr>
1276 </table>
1277 <table width='100%'>
1278 <tr>
1279 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}:</font></b>
1280 $Lang::tr{'dh key warn'}
1281 </td>
1282 </tr>
1283 <tr>
1284 <td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'generate dh key'}' /></td>
1285 </form>
1286 </tr>
1287 </table>
1288
1289 END
1290 ;
1291 &Header::closebox();
1292 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1293 &Header::closebigbox();
1294 &Header::closepage();
1295 exit (0);
1296
1297 ###
1298 ### Upload DH key
1299 ###
1300 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload dh key'}) {
1301 if ($cgiparams{'DH_NAME'} !~ /dh1024.pem/) {
1302 $errormessage = $Lang::tr{'dh name is invalid'};
1303 goto UPLOADCA_ERROR;
1304 }
1305 if (ref ($cgiparams{'FH'}) ne 'Fh') {
1306 $errormessage = $Lang::tr{'there was no file upload'};
1307 goto UPLOADCA_ERROR;
1308 }
1309 # Move uploaded dh key to a temporary file
1310 (my $fh, my $filename) = tempfile( );
1311 if (copy ($cgiparams{'FH'}, $fh) != 1) {
1312 $errormessage = $!;
1313 goto UPLOADCA_ERROR;
1314 }
1315 my $temp = `/usr/bin/openssl dhparam -text -in $filename`;
1316 if ($temp !~ /DH Parameters: \((1024|2048|3072|4096) bit\)/) {
1317 $errormessage = $Lang::tr{'not a valid dh key'};
1318 unlink ($filename);
1319 goto UPLOADCA_ERROR;
1320 } else {
1321 # Delete if old key exists
1322 if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") {
1323 unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}";
1324 }
1325 move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}");
1326 if ($? ne 0) {
1327 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1328 unlink ($filename);
1329 goto UPLOADCA_ERROR;
1330 }
1331 }
1332
1333 ###
1334 ### Upload CA Certificate
1335 ###
1336 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload ca certificate'}) {
1337 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1338
1339 if ($cgiparams{'CA_NAME'} !~ /^[a-zA-Z0-9]+$/) {
1340 $errormessage = $Lang::tr{'name must only contain characters'};
1341 goto UPLOADCA_ERROR;
1342 }
1343
1344 if (length($cgiparams{'CA_NAME'}) >60) {
1345 $errormessage = $Lang::tr{'name too long'};
1346 goto VPNCONF_ERROR;
1347 }
1348
1349 if ($cgiparams{'CA_NAME'} eq 'ca') {
1350 $errormessage = $Lang::tr{'name is invalid'};
1351 goto UPLOADCA_ERROR;
1352 }
1353
1354 # Check if there is no other entry with this name
1355 foreach my $key (keys %cahash) {
1356 if ($cahash{$key}[0] eq $cgiparams{'CA_NAME'}) {
1357 $errormessage = $Lang::tr{'a ca certificate with this name already exists'};
1358 goto UPLOADCA_ERROR;
1359 }
1360 }
1361
1362 if (ref ($cgiparams{'FH'}) ne 'Fh') {
1363 $errormessage = $Lang::tr{'there was no file upload'};
1364 goto UPLOADCA_ERROR;
1365 }
1366 # Move uploaded ca to a temporary file
1367 (my $fh, my $filename) = tempfile( );
1368 if (copy ($cgiparams{'FH'}, $fh) != 1) {
1369 $errormessage = $!;
1370 goto UPLOADCA_ERROR;
1371 }
1372 my $temp = `/usr/bin/openssl x509 -text -in $filename`;
1373 if ($temp !~ /CA:TRUE/i) {
1374 $errormessage = $Lang::tr{'not a valid ca certificate'};
1375 unlink ($filename);
1376 goto UPLOADCA_ERROR;
1377 } else {
1378 move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem");
1379 if ($? ne 0) {
1380 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1381 unlink ($filename);
1382 goto UPLOADCA_ERROR;
1383 }
1384 }
1385
1386 my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cgiparams{'CA_NAME'}cert.pem`;
1387 $casubject =~ /Subject: (.*)[\n]/;
1388 $casubject = $1;
1389 $casubject =~ s+/Email+, E+;
1390 $casubject =~ s/ ST=/ S=/;
1391 $casubject = &Header::cleanhtml($casubject);
1392
1393 my $key = &General::findhasharraykey (\%cahash);
1394 $cahash{$key}[0] = $cgiparams{'CA_NAME'};
1395 $cahash{$key}[1] = $casubject;
1396 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1397 # system('/usr/local/bin/ipsecctrl', 'R');
1398
1399 UPLOADCA_ERROR:
1400
1401 ###
1402 ### Display ca certificate
1403 ###
1404 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show ca certificate'}) {
1405 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1406
1407 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem") {
1408 &Header::showhttpheaders();
1409 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
1410 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
1411 &Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:");
1412 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
1413 $output = &Header::cleanhtml($output,"y");
1414 print "<pre>$output</pre>\n";
1415 &Header::closebox();
1416 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1417 &Header::closebigbox();
1418 &Header::closepage();
1419 exit(0);
1420 } else {
1421 $errormessage = $Lang::tr{'invalid key'};
1422 }
1423
1424 ###
1425 ### Download ca certificate
1426 ###
1427 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download ca certificate'}) {
1428 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1429
1430 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1431 print "Content-Type: application/octet-stream\r\n";
1432 print "Content-Disposition: filename=$cahash{$cgiparams{'KEY'}}[0]cert.pem\r\n\r\n";
1433 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`;
1434 exit(0);
1435 } else {
1436 $errormessage = $Lang::tr{'invalid key'};
1437 }
1438
1439 ###
1440 ### Remove ca certificate (step 2)
1441 ###
1442 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'} && $cgiparams{'AREUSURE'} eq 'yes') {
1443 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1444 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1445
1446 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1447 foreach my $key (keys %confighash) {
1448 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
1449 if ($test =~ /: OK/) {
1450 # Delete connection
1451 # if ($vpnsettings{'ENABLED'} eq 'on' ||
1452 # $vpnsettings{'ENABLED_BLUE'} eq 'on') {
1453 # system('/usr/local/bin/ipsecctrl', 'D', $key);
1454 # }
1455 unlink ("${General::swroot}/ovpn//certs/$confighash{$key}[1]cert.pem");
1456 unlink ("${General::swroot}/ovpn/certs/$confighash{$key}[1].p12");
1457 delete $confighash{$key};
1458 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1459 # &writeipsecfiles();
1460 }
1461 }
1462 unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
1463 delete $cahash{$cgiparams{'KEY'}};
1464 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1465 # system('/usr/local/bin/ipsecctrl', 'R');
1466 } else {
1467 $errormessage = $Lang::tr{'invalid key'};
1468 }
1469 ###
1470 ### Remove ca certificate (step 1)
1471 ###
1472 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove ca certificate'}) {
1473 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
1474 &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1475
1476 my $assignedcerts = 0;
1477 if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem" ) {
1478 foreach my $key (keys %confighash) {
1479 my $test = `/usr/bin/openssl verify -CAfile ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`;
1480 if ($test =~ /: OK/) {
1481 $assignedcerts++;
1482 }
1483 }
1484 if ($assignedcerts) {
1485 &Header::showhttpheaders();
1486 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
1487 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
1488 &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'});
1489 print <<END;
1490 <table><form method='post'><input type='hidden' name='AREUSURE' value='yes' />
1491 <input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />
1492 <tr><td align='center'>
1493 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}</font></b>: $assignedcerts
1494 $Lang::tr{'connections are associated with this ca. deleting the ca will delete these connections as well.'}
1495 <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'remove ca certificate'}' />
1496 <input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></td></tr>
1497 </form></table>
1498 END
1499 ;
1500 &Header::closebox();
1501 &Header::closebigbox();
1502 &Header::closepage();
1503 exit (0);
1504 } else {
1505 unlink ("${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem");
1506 delete $cahash{$cgiparams{'KEY'}};
1507 &General::writehasharray("${General::swroot}/ovpn/caconfig", \%cahash);
1508 # system('/usr/local/bin/ipsecctrl', 'R');
1509 }
1510 } else {
1511 $errormessage = $Lang::tr{'invalid key'};
1512 }
1513
1514 ###
1515 ### Display root certificate
1516 ###
1517 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'} ||
1518 $cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) {
1519 my $output;
1520 &Header::showhttpheaders();
1521 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
1522 &Header::openbigbox('100%', 'LEFT', '', '');
1523 if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) {
1524 &Header::openbox('100%', 'LEFT', "$Lang::tr{'root certificate'}:");
1525 $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
1526 } else {
1527 &Header::openbox('100%', 'LEFT', "$Lang::tr{'host certificate'}:");
1528 $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/servercert.pem`;
1529 }
1530 $output = &Header::cleanhtml($output,"y");
1531 print "<pre>$output</pre>\n";
1532 &Header::closebox();
1533 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1534 &Header::closebigbox();
1535 &Header::closepage();
1536 exit(0);
1537
1538 ###
1539 ### Download root certificate
1540 ###
1541 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download root certificate'}) {
1542 if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
1543 print "Content-Type: application/octet-stream\r\n";
1544 print "Content-Disposition: filename=cacert.pem\r\n\r\n";
1545 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/ca/cacert.pem`;
1546 exit(0);
1547 }
1548
1549 ###
1550 ### Download host certificate
1551 ###
1552 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download host certificate'}) {
1553 if ( -f "${General::swroot}/ovpn/certs/servercert.pem" ) {
1554 print "Content-Type: application/octet-stream\r\n";
1555 print "Content-Disposition: filename=servercert.pem\r\n\r\n";
1556 print `/usr/bin/openssl x509 -in ${General::swroot}/ovpn/certs/servercert.pem`;
1557 exit(0);
1558 }
1559 ###
1560 ### Form for generating a root certificate
1561 ###
1562 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate root/host certificates'} ||
1563 $cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
1564
1565 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1566 if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
1567 $errormessage = $Lang::tr{'valid root certificate already exists'};
1568 $cgiparams{'ACTION'} = '';
1569 goto ROOTCERT_ERROR;
1570 }
1571
1572 if (($cgiparams{'ROOTCERT_HOSTNAME'} eq '') && -e "${General::swroot}/red/active") {
1573 if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) {
1574 my $ipaddr = <IPADDR>;
1575 close IPADDR;
1576 chomp ($ipaddr);
1577 $cgiparams{'ROOTCERT_HOSTNAME'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0];
1578 if ($cgiparams{'ROOTCERT_HOSTNAME'} eq '') {
1579 $cgiparams{'ROOTCERT_HOSTNAME'} = $ipaddr;
1580 }
1581 }
1582 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload p12 file'}) {
1583
1584 if (ref ($cgiparams{'FH'}) ne 'Fh') {
1585 $errormessage = $Lang::tr{'there was no file upload'};
1586 goto ROOTCERT_ERROR;
1587 }
1588
1589 # Move uploaded certificate request to a temporary file
1590 (my $fh, my $filename) = tempfile( );
1591 if (copy ($cgiparams{'FH'}, $fh) != 1) {
1592 $errormessage = $!;
1593 goto ROOTCERT_ERROR;
1594 }
1595
1596 # Create a temporary dirctory
1597 my $tempdir = tempdir( CLEANUP => 1 );
1598
1599 # Extract the CA certificate from the file
1600 my $pid = open(OPENSSL, "|-");
1601 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1602 if ($pid) { # parent
1603 if ($cgiparams{'P12_PASS'} ne '') {
1604 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1605 }
1606 close (OPENSSL);
1607 if ($?) {
1608 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1609 unlink ($filename);
1610 goto ROOTCERT_ERROR;
1611 }
1612 } else { # child
1613 unless (exec ('/usr/bin/openssl', 'pkcs12', '-cacerts', '-nokeys',
1614 '-in', $filename,
1615 '-out', "$tempdir/cacert.pem")) {
1616 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1617 unlink ($filename);
1618 goto ROOTCERT_ERROR;
1619 }
1620 }
1621
1622 # Extract the Host certificate from the file
1623 $pid = open(OPENSSL, "|-");
1624 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1625 if ($pid) { # parent
1626 if ($cgiparams{'P12_PASS'} ne '') {
1627 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1628 }
1629 close (OPENSSL);
1630 if ($?) {
1631 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1632 unlink ($filename);
1633 goto ROOTCERT_ERROR;
1634 }
1635 } else { # child
1636 unless (exec ('/usr/bin/openssl', 'pkcs12', '-clcerts', '-nokeys',
1637 '-in', $filename,
1638 '-out', "$tempdir/hostcert.pem")) {
1639 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1640 unlink ($filename);
1641 goto ROOTCERT_ERROR;
1642 }
1643 }
1644
1645 # Extract the Host key from the file
1646 $pid = open(OPENSSL, "|-");
1647 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1648 if ($pid) { # parent
1649 if ($cgiparams{'P12_PASS'} ne '') {
1650 print OPENSSL "$cgiparams{'P12_PASS'}\n";
1651 }
1652 close (OPENSSL);
1653 if ($?) {
1654 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1655 unlink ($filename);
1656 goto ROOTCERT_ERROR;
1657 }
1658 } else { # child
1659 unless (exec ('/usr/bin/openssl', 'pkcs12', '-nocerts',
1660 '-nodes',
1661 '-in', $filename,
1662 '-out', "$tempdir/serverkey.pem")) {
1663 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1664 unlink ($filename);
1665 goto ROOTCERT_ERROR;
1666 }
1667 }
1668
1669 move("$tempdir/cacert.pem", "${General::swroot}/ovpn/ca/cacert.pem");
1670 if ($? ne 0) {
1671 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1672 unlink ($filename);
1673 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1674 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1675 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1676 goto ROOTCERT_ERROR;
1677 }
1678
1679 move("$tempdir/hostcert.pem", "${General::swroot}/ovpn/certs/servercert.pem");
1680 if ($? ne 0) {
1681 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1682 unlink ($filename);
1683 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1684 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1685 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1686 goto ROOTCERT_ERROR;
1687 }
1688
1689 move("$tempdir/serverkey.pem", "${General::swroot}/ovpn/certs/serverkey.pem");
1690 if ($? ne 0) {
1691 $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
1692 unlink ($filename);
1693 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1694 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1695 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1696 goto ROOTCERT_ERROR;
1697 }
1698
1699 goto ROOTCERT_SUCCESS;
1700
1701 } elsif ($cgiparams{'ROOTCERT_COUNTRY'} ne '') {
1702
1703 # Validate input since the form was submitted
1704 if ($cgiparams{'ROOTCERT_ORGANIZATION'} eq ''){
1705 $errormessage = $Lang::tr{'organization cant be empty'};
1706 goto ROOTCERT_ERROR;
1707 }
1708 if (length($cgiparams{'ROOTCERT_ORGANIZATION'}) >60) {
1709 $errormessage = $Lang::tr{'organization too long'};
1710 goto ROOTCERT_ERROR;
1711 }
1712 if ($cgiparams{'ROOTCERT_ORGANIZATION'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1713 $errormessage = $Lang::tr{'invalid input for organization'};
1714 goto ROOTCERT_ERROR;
1715 }
1716 if ($cgiparams{'ROOTCERT_HOSTNAME'} eq ''){
1717 $errormessage = $Lang::tr{'hostname cant be empty'};
1718 goto ROOTCERT_ERROR;
1719 }
1720 unless (&General::validfqdn($cgiparams{'ROOTCERT_HOSTNAME'}) || &General::validip($cgiparams{'ROOTCERT_HOSTNAME'})) {
1721 $errormessage = $Lang::tr{'invalid input for hostname'};
1722 goto ROOTCERT_ERROR;
1723 }
1724 if ($cgiparams{'ROOTCERT_EMAIL'} ne '' && (! &General::validemail($cgiparams{'ROOTCERT_EMAIL'}))) {
1725 $errormessage = $Lang::tr{'invalid input for e-mail address'};
1726 goto ROOTCERT_ERROR;
1727 }
1728 if (length($cgiparams{'ROOTCERT_EMAIL'}) > 40) {
1729 $errormessage = $Lang::tr{'e-mail address too long'};
1730 goto ROOTCERT_ERROR;
1731 }
1732 if ($cgiparams{'ROOTCERT_OU'} ne '' && $cgiparams{'ROOTCERT_OU'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1733 $errormessage = $Lang::tr{'invalid input for department'};
1734 goto ROOTCERT_ERROR;
1735 }
1736 if ($cgiparams{'ROOTCERT_CITY'} ne '' && $cgiparams{'ROOTCERT_CITY'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1737 $errormessage = $Lang::tr{'invalid input for city'};
1738 goto ROOTCERT_ERROR;
1739 }
1740 if ($cgiparams{'ROOTCERT_STATE'} ne '' && $cgiparams{'ROOTCERT_STATE'} !~ /^[a-zA-Z0-9 ,\.\-_]*$/) {
1741 $errormessage = $Lang::tr{'invalid input for state or province'};
1742 goto ROOTCERT_ERROR;
1743 }
1744 if ($cgiparams{'ROOTCERT_COUNTRY'} !~ /^[A-Z]*$/) {
1745 $errormessage = $Lang::tr{'invalid input for country'};
1746 goto ROOTCERT_ERROR;
1747 }
1748
1749 # Copy the cgisettings to vpnsettings and save the configfile
1750 $vpnsettings{'ROOTCERT_ORGANIZATION'} = $cgiparams{'ROOTCERT_ORGANIZATION'};
1751 $vpnsettings{'ROOTCERT_HOSTNAME'} = $cgiparams{'ROOTCERT_HOSTNAME'};
1752 $vpnsettings{'ROOTCERT_EMAIL'} = $cgiparams{'ROOTCERT_EMAIL'};
1753 $vpnsettings{'ROOTCERT_OU'} = $cgiparams{'ROOTCERT_OU'};
1754 $vpnsettings{'ROOTCERT_CITY'} = $cgiparams{'ROOTCERT_CITY'};
1755 $vpnsettings{'ROOTCERT_STATE'} = $cgiparams{'ROOTCERT_STATE'};
1756 $vpnsettings{'ROOTCERT_COUNTRY'} = $cgiparams{'ROOTCERT_COUNTRY'};
1757 &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
1758
1759 # Replace empty strings with a .
1760 (my $ou = $cgiparams{'ROOTCERT_OU'}) =~ s/^\s*$/\./;
1761 (my $city = $cgiparams{'ROOTCERT_CITY'}) =~ s/^\s*$/\./;
1762 (my $state = $cgiparams{'ROOTCERT_STATE'}) =~ s/^\s*$/\./;
1763
1764 # refresh
1765 #system ('/bin/touch', "${General::swroot}/ovpn/gencanow");
1766
1767 # Create the CA certificate
1768 my $pid = open(OPENSSL, "|-");
1769 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1770 if ($pid) { # parent
1771 print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n";
1772 print OPENSSL "$state\n";
1773 print OPENSSL "$city\n";
1774 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n";
1775 print OPENSSL "$ou\n";
1776 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'} CA\n";
1777 print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n";
1778 close (OPENSSL);
1779 if ($?) {
1780 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1781 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1782 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1783 goto ROOTCERT_ERROR;
1784 }
1785 } else { # child
1786 unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
1787 '-days', '999999', '-newkey', 'rsa:4096',
1788 '-keyout', "${General::swroot}/ovpn/ca/cakey.pem",
1789 '-out', "${General::swroot}/ovpn/ca/cacert.pem",
1790 '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) {
1791 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1792 goto ROOTCERT_ERROR;
1793 }
1794 }
1795
1796 # Create the Host certificate request
1797 $pid = open(OPENSSL, "|-");
1798 $SIG{ALRM} = sub { $errormessage = $Lang::tr{'broken pipe'}; goto ROOTCERT_ERROR;};
1799 if ($pid) { # parent
1800 print OPENSSL "$cgiparams{'ROOTCERT_COUNTRY'}\n";
1801 print OPENSSL "$state\n";
1802 print OPENSSL "$city\n";
1803 print OPENSSL "$cgiparams{'ROOTCERT_ORGANIZATION'}\n";
1804 print OPENSSL "$ou\n";
1805 print OPENSSL "$cgiparams{'ROOTCERT_HOSTNAME'}\n";
1806 print OPENSSL "$cgiparams{'ROOTCERT_EMAIL'}\n";
1807 print OPENSSL ".\n";
1808 print OPENSSL ".\n";
1809 close (OPENSSL);
1810 if ($?) {
1811 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1812 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1813 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1814 goto ROOTCERT_ERROR;
1815 }
1816 } else { # child
1817 unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache',
1818 '-newkey', 'rsa:2048',
1819 '-keyout', "${General::swroot}/ovpn/certs/serverkey.pem",
1820 '-out', "${General::swroot}/ovpn/certs/serverreq.pem",
1821 '-extensions', 'server',
1822 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" )) {
1823 $errormessage = "$Lang::tr{'cant start openssl'}: $!";
1824 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1825 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1826 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1827 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1828 goto ROOTCERT_ERROR;
1829 }
1830 }
1831
1832 # Sign the host certificate request
1833 system('/usr/bin/openssl', 'ca', '-days', '999999',
1834 '-batch', '-notext',
1835 '-in', "${General::swroot}/ovpn/certs/serverreq.pem",
1836 '-out', "${General::swroot}/ovpn/certs/servercert.pem",
1837 '-extensions', 'server',
1838 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf");
1839 if ($?) {
1840 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1841 unlink ("${General::swroot}/ovpn/ca/cakey.pem");
1842 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1843 unlink ("${General::swroot}/ovpn/serverkey.pem");
1844 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1845 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1846 &newcleanssldatabase();
1847 goto ROOTCERT_ERROR;
1848 } else {
1849 unlink ("${General::swroot}/ovpn/certs/serverreq.pem");
1850 &deletebackupcert();
1851 }
1852
1853 # Create an empty CRL
1854 system('/usr/bin/openssl', 'ca', '-gencrl',
1855 '-out', "${General::swroot}/ovpn/crls/cacrl.pem",
1856 '-config', "${General::swroot}/ovpn/openssl/ovpn.cnf" );
1857 if ($?) {
1858 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1859 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1860 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1861 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1862 unlink ("${General::swroot}/ovpn/crls/cacrl.pem");
1863 &cleanssldatabase();
1864 goto ROOTCERT_ERROR;
1865 # } else {
1866 # &cleanssldatabase();
1867 }
1868 # Create Diffie Hellmann Parameter
1869 system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache',
1870 '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}");
1871 if ($?) {
1872 $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
1873 unlink ("${General::swroot}/ovpn/certs/serverkey.pem");
1874 unlink ("${General::swroot}/ovpn/certs/servercert.pem");
1875 unlink ("${General::swroot}/ovpn/ca/cacert.pem");
1876 unlink ("${General::swroot}/ovpn/crls/cacrl.pem");
1877 unlink ("${General::swroot}/ovpn/ca/dh1024.pem");
1878 &cleanssldatabase();
1879 goto ROOTCERT_ERROR;
1880 # } else {
1881 # &cleanssldatabase();
1882 }
1883 goto ROOTCERT_SUCCESS;
1884 }
1885 ROOTCERT_ERROR:
1886 if ($cgiparams{'ACTION'} ne '') {
1887 &Header::showhttpheaders();
1888 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
1889 &Header::openbigbox('100%', 'LEFT', '', '');
1890 if ($errormessage) {
1891 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
1892 print "<class name='base'>$errormessage";
1893 print "&nbsp;</class>";
1894 &Header::closebox();
1895 }
1896 &Header::openbox('100%', 'LEFT', "$Lang::tr{'generate root/host certificates'}:");
1897 print <<END;
1898 <form method='post' enctype='multipart/form-data'>
1899 <table width='100%' border='0' cellspacing='1' cellpadding='0'>
1900 <tr><td width='30%' class='base'>$Lang::tr{'organization name'}:</td>
1901 <td width='35%' class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_ORGANIZATION' value='$cgiparams{'ROOTCERT_ORGANIZATION'}' size='32' /></td>
1902 <td width='35%' colspan='2'>&nbsp;</td></tr>
1903 <tr><td class='base'>$Lang::tr{'ipfires hostname'}:</td>
1904 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_HOSTNAME' value='$cgiparams{'ROOTCERT_HOSTNAME'}' size='32' /></td>
1905 <td colspan='2'>&nbsp;</td></tr>
1906 <tr><td class='base'>$Lang::tr{'your e-mail'}:&nbsp;<img src='/blob.gif' alt'*' /></td>
1907 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_EMAIL' value='$cgiparams{'ROOTCERT_EMAIL'}' size='32' /></td>
1908 <td colspan='2'>&nbsp;</td></tr>
1909 <tr><td class='base'>$Lang::tr{'your department'}:&nbsp;<img src='/blob.gif' alt'*' /></td>
1910 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_OU' value='$cgiparams{'ROOTCERT_OU'}' size='32' /></td>
1911 <td colspan='2'>&nbsp;</td></tr>
1912 <tr><td class='base'>$Lang::tr{'city'}:&nbsp;<img src='/blob.gif' alt'*' /></td>
1913 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_CITY' value='$cgiparams{'ROOTCERT_CITY'}' size='32' /></td>
1914 <td colspan='2'>&nbsp;</td></tr>
1915 <tr><td class='base'>$Lang::tr{'state or province'}:&nbsp;<img src='/blob.gif' alt'*' /></td>
1916 <td class='base' nowrap='nowrap'><input type='text' name='ROOTCERT_STATE' value='$cgiparams{'ROOTCERT_STATE'}' size='32' /></td>
1917 <td colspan='2'>&nbsp;</td></tr>
1918 <tr><td class='base'>$Lang::tr{'country'}:</td>
1919 <td class='base'><select name='ROOTCERT_COUNTRY'>
1920
1921 END
1922 ;
1923 foreach my $country (sort keys %{Countries::countries}) {
1924 print "<option value='$Countries::countries{$country}'";
1925 if ( $Countries::countries{$country} eq $cgiparams{'ROOTCERT_COUNTRY'} ) {
1926 print " selected='selected'";
1927 }
1928 print ">$country</option>";
1929 }
1930 print <<END;
1931 </select></td>
1932 <tr><td class='base'>$Lang::tr{'ovpn dh'}:</td>
1933 <td class='base'><select name='DHLENGHT'>
1934 <option value='1024' $selected{'DHLENGHT'}{'1024'}>1024 $Lang::tr{'bit'}</option>
1935 <option value='2048' $selected{'DHLENGHT'}{'2048'}>2048 $Lang::tr{'bit'}</option>
1936 <option value='3072' $selected{'DHLENGHT'}{'3072'}>3072 $Lang::tr{'bit'}</option>
1937 <option value='4096' $selected{'DHLENGHT'}{'4096'}>4096 $Lang::tr{'bit'}</option>
1938 </select>
1939 </td>
1940 </tr>
1941
1942 <tr><td>&nbsp;</td>
1943 <td><input type='submit' name='ACTION' value='$Lang::tr{'generate root/host certificates'}' /></td>
1944 <td>&nbsp;</td><td>&nbsp;</td></tr>
1945 <tr><td class='base' colspan='4' align='left'>
1946 <img src='/blob.gif' valign='top' alt='*' />&nbsp;$Lang::tr{'this field may be blank'}</td></tr>
1947 <tr><td colspan='4'><br><br></td></tr>
1948 <tr><td class='base' colspan='4' align='center'>
1949 <b><font color='${Header::colourred}'>$Lang::tr{'capswarning'}:</font></b>
1950 $Lang::tr{'ovpn generating the root and host certificates'}
1951 </td>
1952 </tr>
1953 <tr><td class='base' colspan='4' align='center'>
1954 $Lang::tr{'dh key warn'}
1955 </td>
1956 </tr>
1957
1958 <tr><td colspan='4'><hr></td></tr>
1959 <tr><td class='base' nowrap='nowrap'>$Lang::tr{'upload p12 file'}:</td>
1960 <td nowrap='nowrap'><input type='file' name='FH' size='32'></td>
1961 <td colspan='2'>&nbsp;</td></tr>
1962 <tr><td class='base'>$Lang::tr{'pkcs12 file password'}:&nbsp;<img src='/blob.gif' alt='*' ></td>
1963 <td class='base' nowrap='nowrap'><input type='password' name='P12_PASS' value='$cgiparams{'P12_PASS'}' size='32' /></td>
1964 <td colspan='2'>&nbsp;</td></tr>
1965 <tr><td>&nbsp;</td>
1966 <td><input type='submit' name='ACTION' value='$Lang::tr{'upload p12 file'}' /></td>
1967 <td colspan='2'>&nbsp;</td></tr>
1968 <tr><td class='base' colspan='4' align='left'>
1969 <img src='/blob.gif' valign='top' al='*' >&nbsp;$Lang::tr{'this field may be blank'}</td>
1970 </tr>
1971 </form></table>
1972 END
1973 ;
1974 &Header::closebox();
1975 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
1976 &Header::closebigbox();
1977 &Header::closepage();
1978 exit(0)
1979 }
1980
1981 ROOTCERT_SUCCESS:
1982 system ("chmod 600 ${General::swroot}/ovpn/certs/serverkey.pem");
1983 # if ($vpnsettings{'ENABLED'} eq 'on' ||
1984 # $vpnsettings{'ENABLE_BLUE'} eq 'on') {
1985 # system('/usr/local/bin/ipsecctrl', 'S');
1986 # }
1987
1988 ###
1989 ### Enable/Disable connection
1990 ###
1991
1992 ###
1993 # m.a.d net2net
1994 ###
1995
1996 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
1997
1998 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
1999 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2000 # my $n2nactive = '';
2001 my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk \'{print \$1}\'`;
2002
2003 if ($confighash{$cgiparams{'KEY'}}) {
2004 if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
2005 $confighash{$cgiparams{'KEY'}}[0] = 'on';
2006 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2007
2008 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
2009 system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
2010 }
2011 } else {
2012
2013 $confighash{$cgiparams{'KEY'}}[0] = 'off';
2014 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2015
2016 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
2017 if ($n2nactive ne ''){
2018 system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
2019 }
2020
2021 } else {
2022 $errormessage = $Lang::tr{'invalid key'};
2023 }
2024 }
2025 }
2026
2027 ###
2028 ### Download OpenVPN client package
2029 ###
2030
2031
2032 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'dl client arch'}) {
2033 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2034 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2035 my $file = '';
2036 my $clientovpn = '';
2037 my @fileholder;
2038 my $tempdir = tempdir( CLEANUP => 1 );
2039 my $zippath = "$tempdir/";
2040
2041 ###
2042 # m.a.d net2net
2043 ###
2044
2045 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
2046
2047 my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-Client.zip";
2048 my $zippathname = "$zippath$zipname";
2049 $clientovpn = "$confighash{$cgiparams{'KEY'}}[1].conf";
2050 my @ovsubnettemp = split(/\./,$confighash{$cgiparams{'KEY'}}[27]);
2051 my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]";
2052 my $tunmtu = '';
2053 my @remsubnet = split(/\//,$confighash{$cgiparams{'KEY'}}[8]);
2054 my $n2nfragment = '';
2055
2056 open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
2057 flock CLIENTCONF, 2;
2058
2059 my $zip = Archive::Zip->new();
2060 print CLIENTCONF "# IPFire n2n Open VPN Client Config by ummeegge und m.a.d\n";
2061 print CLIENTCONF "# \n";
2062 print CLIENTCONF "# User Security\n";
2063 print CLIENTCONF "user nobody\n";
2064 print CLIENTCONF "group nobody\n";
2065 print CLIENTCONF "persist-tun\n";
2066 print CLIENTCONF "persist-key\n";
2067 print CLIENTCONF "script-security 2\n";
2068 print CLIENTCONF "# IP/DNS for remote Server Gateway\n";
2069 print CLIENTCONF "remote $vpnsettings{'VPN_IP'}\n";
2070 print CLIENTCONF "float\n";
2071 print CLIENTCONF "# IP adresses of the VPN Subnet\n";
2072 print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n";
2073 print CLIENTCONF "# Server Gateway Network\n";
2074 print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n";
2075 print CLIENTCONF "# tun Device\n";
2076 print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\n";
2077 print CLIENTCONF "# Port and Protokoll\n";
2078 print CLIENTCONF "port $confighash{$cgiparams{'KEY'}}[29]\n";
2079
2080 if ($confighash{$cgiparams{'KEY'}}[28] eq 'tcp') {
2081 print CLIENTCONF "proto tcp-client\n";
2082 print CLIENTCONF "# Packet size\n";
2083 if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1400'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
2084 print CLIENTCONF "tun-mtu $tunmtu\n";
2085 }
2086
2087 if ($confighash{$cgiparams{'KEY'}}[28] eq 'udp') {
2088 print CLIENTCONF "proto udp\n";
2089 print CLIENTCONF "# Paketsize\n";
2090 if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1500'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
2091 print CLIENTCONF "tun-mtu $tunmtu\n";
2092 if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";}
2093 if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";}
2094 }
2095 if (($confighash{$cgiparams{'KEY'}}[38] eq 'yes') ||
2096 ($confighash{$cgiparams{'KEY'}}[38] eq 'maybe') ||
2097 ($confighash{$cgiparams{'KEY'}}[38] eq 'no' )) {
2098 if (($confighash{$cgiparams{'KEY'}}[23] ne 'on') || ($confighash{$cgiparams{'KEY'}}[24] eq '')) {
2099 if ($tunmtu eq '1500' ) {
2100 print CLIENTCONF "mtu-disc $confighash{$cgiparams{'KEY'}}[38]\n";
2101 }
2102 }
2103 }
2104 print CLIENTCONF "ns-cert-type server\n";
2105 print CLIENTCONF "# Auth. Client\n";
2106 print CLIENTCONF "tls-client\n";
2107 print CLIENTCONF "# Cipher\n";
2108 print CLIENTCONF "cipher $confighash{$cgiparams{'KEY'}}[40]\n";
2109 print CLIENTCONF "# HMAC algorithm\n";
2110 print CLIENTCONF "auth $confighash{$cgiparams{'KEY'}}[39]\n";
2111 if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
2112 print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n";
2113 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
2114 }
2115 if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') {
2116 print CLIENTCONF "# Enable Compression\n";
2117 print CLIENTCONF "comp-lzo\r\n";
2118 }
2119 print CLIENTCONF "# Debug Level\n";
2120 print CLIENTCONF "verb 3\n";
2121 print CLIENTCONF "# Tunnel check\n";
2122 print CLIENTCONF "keepalive 10 60\n";
2123 print CLIENTCONF "# Start as daemon\n";
2124 print CLIENTCONF "daemon $confighash{$cgiparams{'KEY'}}[1]n2n\n";
2125 print CLIENTCONF "writepid /var/run/$confighash{$cgiparams{'KEY'}}[1]n2n.pid\n";
2126 print CLIENTCONF "# Activate Management Interface and Port\n";
2127 if ($confighash{$cgiparams{'KEY'}}[22] eq '') {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[29]\n"}
2128 else {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[22]\n"};
2129 print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n";
2130
2131
2132 close(CLIENTCONF);
2133
2134 $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
2135 my $status = $zip->writeToFileNamed($zippathname);
2136
2137 open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!";
2138 @fileholder = <DLFILE>;
2139 print "Content-Type:application/x-download\n";
2140 print "Content-Disposition:attachment;filename=$zipname\n\n";
2141 print @fileholder;
2142 exit (0);
2143 }
2144 else
2145 {
2146 my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip";
2147 my $zippathname = "$zippath$zipname";
2148 $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn";
2149
2150 ###
2151 # m.a.d net2net
2152 ###
2153
2154 open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
2155 flock CLIENTCONF, 2;
2156
2157 my $zip = Archive::Zip->new();
2158
2159 print CLIENTCONF "#OpenVPN Client conf\r\n";
2160 print CLIENTCONF "tls-client\r\n";
2161 print CLIENTCONF "client\r\n";
2162 print CLIENTCONF "nobind\r\n";
2163 print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n";
2164 print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n";
2165
2166 # Check if we are using fragment, mssfix or mtu-disc and set MTU to 1500
2167 # or use configured value.
2168 if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' )
2169 { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; }
2170 elsif ($vpnsettings{MSSFIX} eq 'on')
2171 { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; }
2172 elsif (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
2173 ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
2174 ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
2175 { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; }
2176 else
2177 { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; }
2178
2179 if ( $vpnsettings{'ENABLED'} eq 'on'){
2180 print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n";
2181 if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){
2182 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Blue interface\r\n";
2183 print CLIENTCONF ";remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2184 }
2185 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2186 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n";
2187 print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2188 }
2189 } elsif ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){
2190 print CLIENTCONF "remote $netsettings{'BLUE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2191 if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2192 print CLIENTCONF "#Coment the above line and uncoment the next line, if you want to connect on the Orange interface\r\n";
2193 print CLIENTCONF ";remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2194 }
2195 } elsif ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' && (&haveOrangeNet())){
2196 print CLIENTCONF "remote $netsettings{'ORANGE_ADDRESS'} $vpnsettings{'DDEST_PORT'}\r\n";
2197 }
2198
2199 if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
2200 print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n";
2201 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
2202 } else {
2203 print CLIENTCONF "ca cacert.pem\r\n";
2204 print CLIENTCONF "cert $confighash{$cgiparams{'KEY'}}[1]cert.pem\r\n";
2205 print CLIENTCONF "key $confighash{$cgiparams{'KEY'}}[1].key\r\n";
2206 $zip->addFile( "${General::swroot}/ovpn/ca/cacert.pem", "cacert.pem") or die "Can't add file cacert.pem\n";
2207 $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n";
2208 }
2209 print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n";
2210 if ($vpnsettings{'DAUTH'} eq '') {
2211 print CLIENTCONF "";
2212 } else {
2213 print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n";
2214 }
2215 if ($vpnsettings{DCOMPLZO} eq 'on') {
2216 print CLIENTCONF "comp-lzo\r\n";
2217 }
2218 print CLIENTCONF "verb 3\r\n";
2219 print CLIENTCONF "ns-cert-type server\r\n";
2220 print CLIENTCONF "tls-remote $vpnsettings{ROOTCERT_HOSTNAME}\r\n";
2221 if ($vpnsettings{MSSFIX} eq 'on') {
2222 print CLIENTCONF "mssfix\r\n";
2223 }
2224 if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) {
2225 print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
2226 }
2227
2228 # Check if a valid operating mode has been choosen and use it.
2229 if (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
2230 ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
2231 ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' )) {
2232 if(($vpnsettings{MSSFIX} ne 'on') || ($vpnsettings{FRAGMENT} eq '')) {
2233 print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\r\n";
2234 }
2235 }
2236 close(CLIENTCONF);
2237
2238 $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
2239 my $status = $zip->writeToFileNamed($zippathname);
2240
2241 open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!";
2242 @fileholder = <DLFILE>;
2243 print "Content-Type:application/x-download\n";
2244 print "Content-Disposition:attachment;filename=$zipname\n\n";
2245 print @fileholder;
2246 exit (0);
2247 }
2248
2249
2250
2251 ###
2252 ### Remove connection
2253 ###
2254
2255
2256 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
2257 &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
2258 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2259
2260 if ($confighash{$cgiparams{'KEY'}}) {
2261 # if ($vpnsettings{'ENABLED'} eq 'on' ||
2262 # $vpnsettings{'ENABLED_BLUE'} eq 'on') {
2263 # system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
2264 # }
2265 #
2266 my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
2267
2268 ###
2269 # m.a.d net2net
2270 ###
2271
2272 if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
2273 my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
2274 my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
2275 unlink ($certfile);
2276 unlink ($conffile);
2277
2278 if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") {
2279 rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
2280 }
2281 }
2282
2283 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
2284 unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
2285
2286 # A.Marx CCD delete ccd files and routes
2287
2288
2289 if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]")
2290 {
2291 unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]";
2292 }
2293
2294 &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
2295 foreach my $key (keys %ccdroutehash) {
2296 if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
2297 delete $ccdroutehash{$key};
2298 }
2299 }
2300 &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
2301
2302 &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
2303 foreach my $key (keys %ccdroute2hash) {
2304 if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
2305 delete $ccdroute2hash{$key};
2306 }
2307 }
2308 &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
2309 &writeserverconf;
2310
2311
2312 # CCD end
2313
2314
2315 delete $confighash{$cgiparams{'KEY'}};
2316 my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
2317 &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2318
2319 #&writeserverconf();
2320 } else {
2321 $errormessage = $Lang::tr{'invalid key'};
2322 }
2323
2324 &General::firewall_reload();
2325
2326 ###
2327 ### Download PKCS12 file
2328 ###
2329 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'download pkcs12 file'}) {
2330 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2331
2332 print "Content-Disposition: filename=" . $confighash{$cgiparams{'KEY'}}[1] . ".p12\r\n";
2333 print "Content-Type: application/octet-stream\r\n\r\n";
2334 print `/bin/cat ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12`;
2335 exit (0);
2336
2337 ###
2338 ### Display certificate
2339 ###
2340 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show certificate'}) {
2341 &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2342
2343 if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") {
2344 &Header::showhttpheaders();
2345 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
2346 &Header::openbigbox('100%', 'LEFT', '', '');
2347 &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:");
2348 my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`;
2349 $output = &Header::cleanhtml($output,"y");
2350 print "<pre>$output</pre>\n";
2351 &Header::closebox();
2352 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2353 &Header::closebigbox();
2354 &Header::closepage();
2355 exit(0);
2356 }
2357
2358 ###
2359 ### Display Diffie-Hellman key
2360 ###
2361 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show dh'}) {
2362
2363 if (! -e "${General::swroot}/ovpn/ca/dh1024.pem") {
2364 $errormessage = $Lang::tr{'not present'};
2365 } else {
2366 &Header::showhttpheaders();
2367 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
2368 &Header::openbigbox('100%', 'LEFT', '', '');
2369 &Header::openbox('100%', 'LEFT', "$Lang::tr{'dh'}:");
2370 my $output = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`;
2371 $output = &Header::cleanhtml($output,"y");
2372 print "<pre>$output</pre>\n";
2373 &Header::closebox();
2374 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2375 &Header::closebigbox();
2376 &Header::closepage();
2377 exit(0);
2378 }
2379
2380 ###
2381 ### Display Certificate Revoke List
2382 ###
2383 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show crl'}) {
2384 # &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
2385
2386 if (! -e "${General::swroot}/ovpn/crls/cacrl.pem") {
2387 $errormessage = $Lang::tr{'not present'};
2388 } else {
2389 &Header::showhttpheaders();
2390 &Header::openpage($Lang::tr{'ovpn'}, 1, '');
2391 &Header::openbigbox('100%', 'LEFT', '', '');
2392 &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:");
2393 my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`;
2394 $output = &Header::cleanhtml($output,"y");
2395 print "<pre>$output</pre>\n";
2396 &Header::closebox();
2397 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2398 &Header::closebigbox();
2399 &Header::closepage();
2400 exit(0);
2401 }
2402
2403 ###
2404 ### Advanced Server Settings
2405 ###
2406
2407 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'advanced server'}) {
2408 %cgiparams = ();
2409 %cahash = ();
2410 %confighash = ();
2411 my $disabled;
2412 &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams);
2413 read_routepushfile;
2414
2415
2416 # if ($cgiparams{'CLIENT2CLIENT'} eq '') {
2417 # $cgiparams{'CLIENT2CLIENT'} = 'on';
2418 # }
2419 ADV_ERROR:
2420 if ($cgiparams{'MAX_CLIENTS'} eq '') {
2421 $cgiparams{'MAX_CLIENTS'} = '100';
2422 }
2423 if ($cgiparams{'KEEPALIVE_1'} eq '') {
2424 $cgiparams{'KEEPALIVE_1'} = '10';
2425 }
2426 if ($cgiparams{'KEEPALIVE_2'} eq '') {
2427 $cgiparams{'KEEPALIVE_2'} = '60';
2428 }
2429 if ($cgiparams{'LOG_VERB'} eq '') {
2430 $cgiparams{'LOG_VERB'} = '3';
2431 }
2432 if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
2433 $cgiparams{'PMTU_DISCOVERY'} = 'off';
2434 }
2435 if ($cgiparams{'DAUTH'} eq '') {
2436 $cgiparams{'DAUTH'} = 'SHA1';
2437 }
2438 $checked{'CLIENT2CLIENT'}{'off'} = '';
2439 $checked{'CLIENT2CLIENT'}{'on'} = '';
2440 $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
2441 $checked{'REDIRECT_GW_DEF1'}{'off'} = '';
2442 $checked{'REDIRECT_GW_DEF1'}{'on'} = '';
2443 $checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED';
2444 $checked{'MSSFIX'}{'off'} = '';
2445 $checked{'MSSFIX'}{'on'} = '';
2446 $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
2447 $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
2448 $selected{'LOG_VERB'}{'1'} = '';
2449 $selected{'LOG_VERB'}{'2'} = '';
2450 $selected{'LOG_VERB'}{'3'} = '';
2451 $selected{'LOG_VERB'}{'4'} = '';
2452 $selected{'LOG_VERB'}{'5'} = '';
2453 $selected{'LOG_VERB'}{'6'} = '';
2454 $selected{'LOG_VERB'}{'7'} = '';
2455 $selected{'LOG_VERB'}{'8'} = '';
2456 $selected{'LOG_VERB'}{'9'} = '';
2457 $selected{'LOG_VERB'}{'10'} = '';
2458 $selected{'LOG_VERB'}{'11'} = '';
2459 $selected{'LOG_VERB'}{'0'} = '';
2460 $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED';
2461 $selected{'DAUTH'}{'whirlpool'} = '';
2462 $selected{'DAUTH'}{'SHA512'} = '';
2463 $selected{'DAUTH'}{'SHA384'} = '';
2464 $selected{'DAUTH'}{'SHA256'} = '';
2465 $selected{'DAUTH'}{'ecdsa-with-SHA1'} = '';
2466 $selected{'DAUTH'}{'SHA1'} = '';
2467 $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED';
2468
2469 &Header::showhttpheaders();
2470 &Header::openpage($Lang::tr{'status ovpn'}, 1, '');
2471 &Header::openbigbox('100%', 'LEFT', '', $errormessage);
2472 if ($errormessage) {
2473 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2474 print "<class name='base'>$errormessage\n";
2475 print "&nbsp;</class>\n";
2476 &Header::closebox();
2477 }
2478 &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'});
2479 print <<END;
2480 <form method='post' enctype='multipart/form-data'>
2481 <table width='100%' border='0'>
2482 <tr>
2483 <td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
2484 </tr>
2485 <tr>
2486 <td width='25%'></td> <td width='20%'> </td><td width='25%'> </td><td width='30%'></td>
2487 </tr>
2488 <tr>
2489 <td class='base'>Domain</td>
2490 <td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30' /></td>
2491 </tr>
2492 <tr>
2493 <td class='base'>DNS</td>
2494 <td><input type='TEXT' name='DHCP_DNS' value='$cgiparams{'DHCP_DNS'}' size='30' /></td>
2495 </tr>
2496 <tr>
2497 <td class='base'>WINS</td>
2498 <td><input type='TEXT' name='DHCP_WINS' value='$cgiparams{'DHCP_WINS'}' size='30' /></td>
2499 </tr>
2500 <tr>
2501 <td colspan='4'><b>$Lang::tr{'ovpn routes push options'}</b></td>
2502 </tr>
2503 <tr>
2504 <td class='base'>$Lang::tr{'ovpn routes push'}</td>
2505 <td colspan='2'>
2506 <textarea name='ROUTES_PUSH' cols='26' rows='6' wrap='off'>
2507 END
2508 ;
2509
2510 if ($cgiparams{'ROUTES_PUSH'} ne '')
2511 {
2512 print $cgiparams{'ROUTES_PUSH'};
2513 }
2514
2515 print <<END;
2516 </textarea></td>
2517 </tr>
2518 </tr>
2519 </table>
2520 <hr size='1'>
2521 <table width='100%'>
2522 <tr>
2523 <td class'base'><b>$Lang::tr{'misc-options'}</b></td>
2524 </tr>
2525 <tr>
2526 <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td>
2527 </tr>
2528 <tr>
2529 <td class='base'>Client-To-Client</td>
2530 <td><input type='checkbox' name='CLIENT2CLIENT' $checked{'CLIENT2CLIENT'}{'on'} /></td>
2531 </tr>
2532 <tr>
2533 <td class='base'>Redirect-Gateway def1</td>
2534 <td><input type='checkbox' name='REDIRECT_GW_DEF1' $checked{'REDIRECT_GW_DEF1'}{'on'} /></td>
2535 </tr>
2536 <tr>
2537 <td class='base'>Max-Clients</td>
2538 <td><input type='text' name='MAX_CLIENTS' value='$cgiparams{'MAX_CLIENTS'}' size='10' /></td>
2539 </tr>
2540 <tr>
2541 <td class='base'>Keepalive <br />
2542 (ping/ping-restart)</td>
2543 <td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='10' /></td>
2544 <td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='10' /></td>
2545 </tr>
2546 <tr>
2547 <td class='base'>fragment <br></td>
2548 <td><input type='TEXT' name='FRAGMENT' value='$cgiparams{'FRAGMENT'}' size='10' /></td>
2549 </tr>
2550 <tr>
2551 <td class='base'>mssfix</td>
2552 <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
2553 <td>$Lang::tr{'openvpn default'}: on</td>
2554 </tr>
2555 <tr>
2556 <td class='base'>$Lang::tr{'ovpn mtu-disc'}</td>
2557 <td><input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}</td>
2558 <td><input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}</td>
2559 <td><input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'}</td>
2560 <td><input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'}</td>
2561 </tr>
2562 </table>
2563
2564 <hr size='1'>
2565 <table width='100%'>
2566 <tr>
2567 <td class'base'><b>$Lang::tr{'log-options'}</b></td>
2568 </tr>
2569 <tr>
2570 <td width='20%'></td> <td width='30%'> </td><td width='25%'> </td><td width='25%'></td>
2571 </tr>
2572
2573 <tr><td class='base'>VERB</td>
2574 <td><select name='LOG_VERB'>
2575 <option value='0' $selected{'LOG_VERB'}{'0'}>0</option>
2576 <option value='1' $selected{'LOG_VERB'}{'1'}>1</option>
2577 <option value='2' $selected{'LOG_VERB'}{'2'}>2</option>
2578 <option value='3' $selected{'LOG_VERB'}{'3'}>3</option>
2579 <option value='4' $selected{'LOG_VERB'}{'4'}>4</option>
2580 <option value='5' $selected{'LOG_VERB'}{'5'}>5</option>
2581 <option value='6' $selected{'LOG_VERB'}{'6'}>6</option>
2582 <option value='7' $selected{'LOG_VERB'}{'7'}>7</option>
2583 <option value='8' $selected{'LOG_VERB'}{'8'}>8</option>
2584 <option value='9' $selected{'LOG_VERB'}{'9'}>9</option>
2585 <option value='10' $selected{'LOG_VERB'}{'10'}>10</option>
2586 <option value='11' $selected{'LOG_VERB'}{'11'}>11</option>
2587 </select>
2588 </td>
2589 </tr>
2590 </table>
2591
2592 <hr size='1'>
2593 <table width='100%'>
2594 <tr>
2595 <td class'base'><b>$Lang::tr{'ovpn crypt options'}</b></td>
2596 </tr>
2597 <tr>
2598 <td width='20%'></td> <td width='30%'> </td><td width='25%'> </td><td width='25%'></td>
2599 </tr>
2600 <tr><td class='base'>$Lang::tr{'ovpn ha'}</td>
2601 <td><select name='DAUTH'>
2602 <option value='whirlpool' $selected{'DAUTH'}{'whirlpool'}>Whirlpool (512 $Lang::tr{'bit'})</option>
2603 <option value='SHA512' $selected{'DAUTH'}{'SHA512'}>SHA2 (512 $Lang::tr{'bit'})</option>
2604 <option value='SHA384' $selected{'DAUTH'}{'SHA384'}>SHA2 (384 $Lang::tr{'bit'})</option>
2605 <option value='SHA256' $selected{'DAUTH'}{'SHA256'}>SHA2 (256 $Lang::tr{'bit'})</option>
2606 <option value='ecdsa-with-SHA1' $selected{'DAUTH'}{'ecdsa-with-SHA1'}>ECDSA-SHA1 (160 $Lang::tr{'bit'})</option>
2607 <option value='SHA1' $selected{'DAUTH'}{'SHA1'}>SHA1 (160 $Lang::tr{'bit'})</option>
2608 </select>
2609 </td>
2610 <td>Default: <span class="base">SHA1 (160 $Lang::tr{'bit'})</span></td>
2611 </table><hr>
2612
2613 END
2614
2615 if ( -e "/var/run/openvpn.pid"){
2616 print" <br><b><font color='#990000'>$Lang::tr{'attention'}:</b></font><br>
2617 $Lang::tr{'server restart'}<br><br>
2618 <hr>";
2619 print<<END
2620 <table width='100%'>
2621 <tr>
2622 <td>&nbsp;</td>
2623 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' disabled='disabled' /></td>
2624 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
2625 <td>&nbsp;</td>
2626 </tr>
2627 </table>
2628 </form>
2629 END
2630 ;
2631
2632
2633 }else{
2634
2635 print<<END
2636 <table width='100%'>
2637 <tr>
2638 <td>&nbsp;</td>
2639 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' /></td>
2640 <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
2641 <td>&nbsp;</td>
2642 </tr>
2643 </table>
2644 </form>
2645 END
2646 ;
2647 }
2648 &Header::closebox();
2649 # print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2650 &Header::closebigbox();
2651 &Header::closepage();
2652 exit(0);
2653
2654
2655 # A.Marx CCD Add,delete or edit CCD net
2656
2657 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ccd net'} ||
2658 $cgiparams{'ACTION'} eq $Lang::tr{'ccd add'} ||
2659 $cgiparams{'ACTION'} eq "kill" ||
2660 $cgiparams{'ACTION'} eq "edit" ||
2661 $cgiparams{'ACTION'} eq 'editsave'){
2662 &Header::showhttpheaders();
2663 &Header::openpage($Lang::tr{'ccd net'}, 1, '');
2664 &Header::openbigbox('100%', 'LEFT', '', '');
2665
2666 if ($cgiparams{'ACTION'} eq "kill"){
2667 &delccdnet($cgiparams{'net'});
2668 }
2669
2670 if ($cgiparams{'ACTION'} eq 'editsave'){
2671 my ($a,$b) =split (/\|/,$cgiparams{'ccdname'});
2672 if ( $a ne $b){ &modccdnet($a,$b);}
2673 $cgiparams{'ccdname'}='';
2674 $cgiparams{'ccdsubnet'}='';
2675 }
2676
2677 if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) {
2678 &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'});
2679 }
2680 if ($errormessage) {
2681 &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
2682 print "<class name='base'>$errormessage";
2683 print "&nbsp;</class>";
2684 &Header::closebox();
2685 }
2686 if ($cgiparams{'ACTION'} eq "edit"){
2687
2688 &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'});
2689
2690 print <<END;
2691 <table width='100%' border='0'>
2692 <tr><form method='post'>
2693 <td width='10%' nowrap='nowrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
2694 <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' readonly='readonly' /></td></tr>
2695 <tr><td colspan='4' align='right'><hr><input type='submit' value='$Lang::tr{'save'}' /><input type='hidden' name='ACTION' value='editsave'/>
2696 <input type='hidden' name='ccdname' value='$cgiparams{'ccdname'}'/><input type='submit' value='$Lang::tr{'cancel'}' />
2697 </td></tr>
2698 </table></form>
2699 END
2700 ;
2701 &Header::closebox();
2702
2703 &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
2704 print <<END;
2705 <table width='100%' border='0' cellpadding='0' cellspacing='1'>
2706 <tr>
2707 <td class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' width='15%' align='center'><b>$Lang::tr{'ccd used'}</td><td width='3%'></td><td width='3%'></td></tr>
2708 END
2709 ;
2710 }
2711 else{
2712 if (! -e "/var/run/openvpn.pid"){
2713 &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd add'});
2714 print <<END;
2715 <table width='100%' border='0'>
2716 <tr><form method='post'>
2717 <td colspan='4'>$Lang::tr{'ccd hint'}<br><br></td></tr>
2718 <tr>
2719 <td width='10%' nowrap='nwrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td>
2720 <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' /></td></tr>
2721 <tr><td colspan=4><hr /></td></tr><tr>
2722 <td colspan='4' align='right'><input type='hidden' name='ACTION' value='$Lang::tr{'ccd add'}' /><input type='submit' value='$Lang::tr{'add'}' /><input type='hidden' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}'/></td></tr>
2723 </table></form>
2724 END
2725
2726 &Header::closebox();
2727 }
2728 &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
2729 if ( -e "/var/run/openvpn.pid"){
2730 print "<b>$Lang::tr{'attention'}:</b><br>";
2731 print "$Lang::tr{'ccd noaddnet'}<br><hr>";
2732 }
2733
2734 print <<END;
2735 <table width='100%' cellpadding='0' cellspacing='1'>
2736 <tr>
2737 <td class='boldbase' align='center' nowrap='nowrap' width='20%'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center' width='8%'><b>$Lang::tr{'network'}</td><td class='boldbase' width='8%' align='center' nowrap='nowrap'><b>$Lang::tr{'ccd used'}</td><td width='1%' align='center'></td><td width='1%' align='center'></td></tr>
2738 END
2739 ;
2740 }
2741 my %ccdconfhash=();
2742 &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
2743 my @ccdconf=();
2744 my $count=0;
2745 foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
2746 @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
2747 $count++;
2748 my $ccdhosts = &hostsinnet($ccdconf[0]);
2749 if ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";}
2750 else{ print" <tr bgcolor='$color{'color20'}'>";}
2751 print"<td>$ccdconf[0]</td><td align='center'>$ccdconf[1]</td><td align='center'>$ccdhosts/".(&ccdmaxclients($ccdconf[1])+1)."</td><td>";
2752 print <<END;
2753 <form method='post' />
2754 <input type='image' src='/images/edit.gif' align='middle' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' />
2755 <input type='hidden' name='ACTION' value='edit'/>
2756 <input type='hidden' name='ccdname' value='$ccdconf[0]' />
2757 <input type='hidden' name='ccdsubnet' value='$ccdconf[1]' />
2758 </form></td>
2759 <form method='post' />
2760 <td><input type='hidden' name='ACTION' value='kill'/>
2761 <input type='hidden' name='number' value='$count' />
2762 <input type='hidden' name='net' value='$ccdconf[0]' />
2763 <input type='image' src='/images/delete.gif' align='middle' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' /></form></td></tr>
2764 END
2765 ;
2766 }
2767 print "</table></form>";
2768 &Header::closebox();
2769 print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
2770 &Header::closebigbox();
2771 &Header::closepage();
2772 exit(0);
2773
2774 #END CCD
2775
2776 ###
2777 ### Openvpn Connections Statistics
2778 ###
2779 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ovpn con stat'}) {
2780 &Header::showhttpheaders();
2781 &Header::openpage($Lang::tr{'ovpn con stat'}, 1, '');
2782 &Header::openbigbox('100%', 'LEFT', '', '');
2783 &Header::openbox('100%', 'LEFT', $Lang::tr{'ovpn con stat'});
2784
2785 #
2786 # <td><b>$Lang::tr{'protocol'}</b></td>
2787 # protocol temp removed
2788 print <<END;
2789 <table width='100%' cellpadding='2' cellspacing='0' class='tbl'>
2790 <tr>
2791 <th><b>$Lang::tr{'common name'}</b></th>
2792 <th><b>$Lang::tr{'real address'}</b></th>
2793 <th><b>$Lang::tr{'virtual address'}</b></th>
2794 <th><b>$Lang::tr{'loged in at'}</b></th>
2795 <th><b>$Lang::tr{'bytes sent'}</b></th>
2796 <th><b>$Lang::tr{'bytes received'}</b></th>
2797 <th><b>$Lang::tr{'last activity'}</b></th>
2798 </tr>
2799 END
2800 ;
2801 my $filename = "/var/log/ovpnserver.log";
2802 open(FILE, $filename) or die 'Unable to open config file.';
2803 my @current = <FILE>;
2804 close(FILE);
2805 my @users =();
2806 my $status;
2807 my $uid = 0;
2808 my $cn;
2809 my @match = ();
2810 my $proto = "udp";
2811 my $address;
2812 my %userlookup = ();
2813 foreach my $line (@current)
2814 {
2815 chomp($line);
2816 if ( $line =~ /^Updated,(.+)/){
2817 @match = split( /^Updated,(.+)/, $line);
2818 $status = $match[1];
2819 }
2820 #gian
2821 if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
2822 @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
2823 if ($match[1] ne "Common Name") {
2824 $cn = $match[1];
2825 $userlookup{$match[2]} = $uid;
2826 $users[$uid]{'CommonName'} = $match[1];
2827 $users[$uid]{'RealAddress'} = $match[2];
2828 $users[$uid]{'BytesReceived'} = &sizeformat($match[3]);
2829 $users[$uid]{'BytesSent'} = &sizeformat($match[4]);
2830 $users[$uid]{'Since'} = $match[5];
2831 $users[$uid]{'Proto'} = $proto;
2832 $uid++;
2833 }
2834 }
2835 if ( $line =~ /^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/) {
2836 @match = split(m/^(\d+\.\d+\.\d+\.\d+),(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(.+)/, $line);
2837 if ($match[1] ne "Virtual Address") {
2838 $address = $match[3];
2839 #find the uid in the lookup table
2840 $uid = $userlookup{$address};
2841 $users[$uid]{'VirtualAddress'} = $match[1];
2842 $users[$uid]{'LastRef'} = $match[4];
2843 }
2844 }
2845 }
2846 my $user2 = @users;
2847 if ($user2 >= 1){
2848 for (my $idx = 1; $idx <= $user2; $idx++){
2849 if ($idx % 2) {
2850 print "<tr>";
2851 $col="bgcolor='$color{'color22'}'";
2852 } else {
2853 print "<tr>";
2854 $col="bgcolor='$color{'color20'}'";
2855 }
2856 print "<td align='left' $col>$users[$idx-1]{'CommonName'}</td>";
2857 print "<td align='left' $col>$users[$idx-1]{'RealAddress'}</td>";
2858 print "<td align='left' $col>$users[$idx-1]{'VirtualAddress'}</td>";
2859 print "<td align='left' $col>$users[$idx-1]{'Since'}</td>";
2860 print "<td align='left' $col>$users[$idx-1]{'BytesSent'}</td>";
2861 print "<td align='left' $col>$users[$idx-1]{'BytesRecei