###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2011 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
return("$newsize $units[$i]");
}
-sub valid_dns_host {
- my $hostname = $_[0];
- unless ($hostname) { return "No hostname"};
- my $res = new Net::DNS::Resolver;
- my $query = $res->search("$hostname");
- if ($query) {
- foreach my $rr ($query->answer) {
- ## Potential bug - we are only looking at A records:
- return 0 if $rr->type eq "A";
- }
- } else {
- return $res->errorstring;
- }
-}
-
sub cleanssldatabase
{
if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
}
if ($cgiparams{'DHCP_DOMAIN'} ne ''){
- unless (&General::validfqdn($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
+ unless (&General::validdomainname($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
$errormessage = $Lang::tr{'invalid input for dhcp domain'};
goto ADV_ERROR;
}
print SERVERCONF "persist-key\n";
print SERVERCONF "script-security 2\n";
print SERVERCONF "# IP/DNS for remote Server Gateway\n";
+
+ if ($cgiparams{'REMOTE'} ne '') {
print SERVERCONF "remote $cgiparams{'REMOTE'}\n";
+ }
+
print SERVERCONF "float\n";
print SERVERCONF "# IP adresses of the VPN Subnet\n";
print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n";
# m.a.d net2net
###
- if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
-
+if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
- my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
- unlink ($certfile) or die "Removing $certfile fail: $!";
- unlink ($conffile) or die "Removing $conffile fail: $!";
- rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
-
+ my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+ unlink ($certfile);
+ unlink ($conffile);
+
+ if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") {
+ rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
+ }
}
unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
if ($cgiparams{'LOG_VERB'} eq '') {
$cgiparams{'LOG_VERB'} = '3';
}
+ if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
+ $cgiparams{'PMTU_DISCOVERY'} = 'off';
+ }
$checked{'CLIENT2CLIENT'}{'off'} = '';
$checked{'CLIENT2CLIENT'}{'on'} = '';
$checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
}
&Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'});
print <<END
- <form method='post' enctype='multipart/form-data' disabled>
+ <form method='post' enctype='multipart/form-data'>
<table width='100%' border=0>
<tr>
<td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
###
if ($cgiparams{'TYPE'} eq 'net') {
-
- if ($cgiparams{'DEST_PORT'} eq $vpnsettings{'DDEST_PORT'}) {
+ if ($cgiparams{'DEST_PORT'} eq $vpnsettings{'DDEST_PORT'}) {
$errormessage = $Lang::tr{'openvpn destination port used'};
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
goto VPNCONF_ERROR;
}
-
- if ($cgiparams{'DEST_PORT'} eq '') {
+ #Bugfix 10357
+ foreach my $key (sort keys %confighash){
+ if ( ($confighash{$key}[22] eq $cgiparams{'DEST_PORT'} && $cgiparams{'NAME'} ne $confighash{$key}[1]) || ($confighash{$key}[29] eq $cgiparams{'DEST_PORT'} && $cgiparams{'NAME'} ne $confighash{$key}[1])){
$errormessage = $Lang::tr{'openvpn destination port used'};
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ goto VPNCONF_ERROR;
+ }
+ }
+ if ($cgiparams{'DEST_PORT'} eq '') {
+ $errormessage = $Lang::tr{'invalid port'};
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
goto VPNCONF_ERROR;
}
+ # Check if the input for the transfer net is valid.
+ if (!&General::validipandmask($cgiparams{'OVPN_SUBNET'})){
+ $errormessage = $Lang::tr{'ccd err invalidnet'};
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ goto VPNCONF_ERROR;
+ }
+
if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) {
$errormessage = $Lang::tr{'openvpn subnet is used'};
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
}
}
- if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) {
- $errormessage = $Lang::tr{'invalid input for remote host/ip'};
- if ($cgiparams{'TYPE'} eq 'net') {
- unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
- rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
- }
- goto VPNCONF_ERROR;
- }
+ # Check if a remote host/IP has been set for the client.
+ if ($cgiparams{'TYPE'} eq 'net') {
+ if ($cgiparams{'SIDE'} ne 'server' && $cgiparams{'REMOTE'} eq '') {
+ $errormessage = $Lang::tr{'invalid input for remote host/ip'};
- if ($cgiparams{'REMOTE'}) {
- if (! &General::validip($cgiparams{'REMOTE'})) {
- if (! &General::validfqdn ($cgiparams{'REMOTE'})) {
- $errormessage = $Lang::tr{'invalid input for remote host/ip'};
- if ($cgiparams{'TYPE'} eq 'net') {
- unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
- rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
- }
- goto VPNCONF_ERROR;
- } else {
- if (&valid_dns_host($cgiparams{'REMOTE'})) {
- $warnmessage = "$Lang::tr{'check vpn lr'} $cgiparams{'REMOTE'}. $Lang::tr{'dns check failed'}";
- if ($cgiparams{'TYPE'} eq 'net') {
+ # Check if this is a N2N connection and drop temporary config.
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
- }
- }
+ goto VPNCONF_ERROR;
+ }
+
+ # Check if a remote host/IP has been configured - the field can be empty on the server side.
+ if ($cgiparams{'REMOTE'} ne '') {
+ # Check if the given IP is valid - otherwise check if it is a valid domain.
+ if (! &General::validip($cgiparams{'REMOTE'})) {
+ # Check for a valid domain.
+ if (! &General::validfqdn ($cgiparams{'REMOTE'})) {
+ $errormessage = $Lang::tr{'invalid input for remote host/ip'};
+
+ # Check if this is a N2N connection and drop temporary config.
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+
+ goto VPNCONF_ERROR;
+ }
+ }
}
- }
}
+
if ($cgiparams{'TYPE'} ne 'host') {
unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) {
$errormessage = $Lang::tr{'local subnet is invalid'};
}
}
- # Save the config
+ # Save the config
my $key = $cgiparams{'KEY'};
if (! $key) {
$checked{'MSSFIX'}{'on'} = '';
$checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
+ if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
+ $cgiparams{'PMTU_DISCOVERY'} = 'off';
+ }
$checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
}
- my $disable_clientdl = "disabled='disabled'";
- if (( $cgiparams{'ENABLED'} eq 'on') ||
- ( $cgiparams{'ENABLED_BLUE'} eq 'on') ||
- ( $cgiparams{'ENABLED_ORANGE'} eq 'on')){
- $disable_clientdl = "";
- }
print <<END
<td align='center'>$active</td>
<form method='post' name='frm${key}a'><td align='center'>
- <input type='image' name='$Lang::tr{'dl client arch'}' $disable_clientdl src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
- <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' $disable_clientdl />
- <input type='hidden' name='KEY' value='$key' $disable_clientdl />
+ <input type='image' name='$Lang::tr{'dl client arch'}' src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
+ <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
+ <input type='hidden' name='KEY' value='$key' />
</td></form>
END
;
projects / people / teissler / ipfire-2.x.git / blobdiff