###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2011 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2013 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
}
if ($cgiparams{'DHCP_DOMAIN'} ne ''){
- unless (&General::validfqdn($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
+ unless (&General::validdomainname($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
$errormessage = $Lang::tr{'invalid input for dhcp domain'};
goto ADV_ERROR;
}
print CLIENTCONF "#OpenVPN Client conf\r\n";
print CLIENTCONF "tls-client\r\n";
print CLIENTCONF "client\r\n";
- print CLIENTCONF "nobind\n";
+ print CLIENTCONF "nobind\r\n";
print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n";
print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n";
# Check if we are using fragment, mssfix or mtu-disc and set MTU to 1500
# or use configured value.
if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' )
- { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
+ { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; }
elsif ($vpnsettings{MSSFIX} eq 'on')
- { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
+ { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; }
elsif (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
($vpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
- { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
+ { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; }
else
{ print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; }
($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
($vpnsettings{'PMTU_DISCOVERY'} eq 'no' )) {
if(($vpnsettings{MSSFIX} ne 'on') || ($vpnsettings{FRAGMENT} eq '')) {
- print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\n";
+ print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\r\n";
}
}
close(CLIENTCONF);
if ($cgiparams{'LOG_VERB'} eq '') {
$cgiparams{'LOG_VERB'} = '3';
}
+ if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
+ $cgiparams{'PMTU_DISCOVERY'} = 'off';
+ }
$checked{'CLIENT2CLIENT'}{'off'} = '';
$checked{'CLIENT2CLIENT'}{'on'} = '';
$checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
}
&Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'});
print <<END
- <form method='post' enctype='multipart/form-data' disabled>
+ <form method='post' enctype='multipart/form-data'>
<table width='100%' border=0>
<tr>
<td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
<td><input type='text' name='MAX_CLIENTS' value='$cgiparams{'MAX_CLIENTS'}' size='10' /></td>
</tr>
<tr>
- <td class='base'>Keppalive <br />
+ <td class='base'>Keepalive <br />
(ping/ping-restart)</td>
<td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='10' /></td>
<td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='10' /></td>
goto VPNCONF_ERROR;
}
my ($ip1,$cidr1) = split (/\//, $val);
+ $ip1 = &General::getnetworkip($ip1,&General::iporsubtocidr($cidr1));
my ($ip2,$cidr2) = split (/\//, $ccdroutehash{$key}[$oldiroute]);
if (&General::IpInSubnet ($ip1,$ip2,$cidr2)){
$errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
###
if ($cgiparams{'TYPE'} eq 'net') {
-
- if ($cgiparams{'DEST_PORT'} eq $vpnsettings{'DDEST_PORT'}) {
+ if ($cgiparams{'DEST_PORT'} eq $vpnsettings{'DDEST_PORT'}) {
$errormessage = $Lang::tr{'openvpn destination port used'};
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
goto VPNCONF_ERROR;
}
-
- if ($cgiparams{'DEST_PORT'} eq '') {
+ #Bugfix 10357
+ foreach my $key (sort keys %confighash){
+ if ( ($confighash{$key}[22] eq $cgiparams{'DEST_PORT'} && $cgiparams{'NAME'} ne $confighash{$key}[1]) || ($confighash{$key}[29] eq $cgiparams{'DEST_PORT'} && $cgiparams{'NAME'} ne $confighash{$key}[1])){
$errormessage = $Lang::tr{'openvpn destination port used'};
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ goto VPNCONF_ERROR;
+ }
+ }
+ if ($cgiparams{'DEST_PORT'} eq '') {
+ $errormessage = $Lang::tr{'invalid port'};
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
goto VPNCONF_ERROR;
}
+ # Check if the input for the transfer net is valid.
+ if (!&General::validipandmask($cgiparams{'OVPN_SUBNET'})){
+ $errormessage = $Lang::tr{'ccd err invalidnet'};
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ goto VPNCONF_ERROR;
+ }
+
if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) {
$errormessage = $Lang::tr{'openvpn subnet is used'};
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
goto VPNCONF_ERROR;
}
- if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') && ($cgiparams{'MTU'} ne '1500')) {
- $errormessage = $Lang::tr{'ovpn mtu-disc and mtu not 1500'};
- unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
- rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
- goto VPNCONF_ERROR;
- }
-
if ($cgiparams{'PMTU_DISCOVERY'} ne 'off') {
if (($cgiparams{'FRAGMENT'} ne '') || ($cgiparams{'MSSFIX'} eq 'on')) {
$errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'};
}
}
+ if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') && ($cgiparams{'MTU'} ne '1500')) {
+ $errormessage = $Lang::tr{'ovpn mtu-disc and mtu not 1500'};
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ goto VPNCONF_ERROR;
+ }
+
if ( &validdotmask ($cgiparams{'LOCAL_SUBNET'})) {
$errormessage = $Lang::tr{'openvpn prefix local subnet'};
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
}
}
- # Save the config
+ # Save the config
my $key = $cgiparams{'KEY'};
if (! $key) {
if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){
unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";
}
+ $confighash{$key}[2] =~ s/ /_/gi;
open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!";
- print CCDRWCONF "# OpenVPN Clientconfig from CCD extension by Copymaster#\n\n";
+ print CCDRWCONF "# OpenVPN clientconfig from ccd extension by Copymaster#\n\n";
if($cgiparams{'CHECK1'} eq 'dynamic'){
print CCDRWCONF "#This client uses the dynamic pool\n";
}else{
- print CCDRWCONF "#Ip address client and Server\n";
+ print CCDRWCONF "#Ip address client and server\n";
print CCDRWCONF "ifconfig-push $ccdip ".&General::getlastip($ccdip,1)."\n";
}
if ($confighash{$key}[34] eq 'on'){
}
&General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
if ($cgiparams{'IR'} ne ''){
- print CCDRWCONF "\n#Client routes these Networks (behind Client)\n";
+ print CCDRWCONF "\n#Client routes these networks (behind Client)\n";
foreach my $key (keys %ccdroutehash){
if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}){
foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
}
if ($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} ){$cgiparams{'IFROUTE'}='';}
if ($cgiparams{'IFROUTE'} ne ''){
- print CCDRWCONF "\n#Client gets routes to these Networks (behind IPFIRE)\n";
+ print CCDRWCONF "\n#Client gets routes to these networks (behind IPFire)\n";
foreach my $key (keys %ccdroute2hash){
if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
foreach my $i ( 1 .. $#{$ccdroute2hash{$key}}){
}
if(($cgiparams{'CCD_DNS1'} eq '') && ($cgiparams{'CCD_DNS1'} ne '')){ $cgiparams{'CCD_DNS1'} = $cgiparams{'CCD_DNS2'};$cgiparams{'CCD_DNS2'}='';}
if($cgiparams{'CCD_DNS1'} ne ''){
- print CCDRWCONF "\n#Client gets these Nameservers\n";
+ print CCDRWCONF "\n#Client gets these nameservers\n";
print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS1'}\" \n";
}
if($cgiparams{'CCD_DNS2'} ne ''){
$checked{'MSSFIX'}{'on'} = '';
$checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
+ if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
+ $cgiparams{'PMTU_DISCOVERY'} = 'off';
+ }
$checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
<tr>
<td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td>
- <td colspan='2'>
+ <td colspan='3'>
<input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}
<input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}
<input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'}
}
- my $disable_clientdl = "disabled='disabled'";
- if (( $cgiparams{'ENABLED'} eq 'on') ||
- ( $cgiparams{'ENABLED_BLUE'} eq 'on') ||
- ( $cgiparams{'ENABLED_ORANGE'} eq 'on')){
- $disable_clientdl = "";
- }
print <<END
<td align='center'>$active</td>
<form method='post' name='frm${key}a'><td align='center'>
- <input type='image' name='$Lang::tr{'dl client arch'}' $disable_clientdl src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
- <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' $disable_clientdl />
- <input type='hidden' name='KEY' value='$key' $disable_clientdl />
+ <input type='image' name='$Lang::tr{'dl client arch'}' src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
+ <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
+ <input type='hidden' name='KEY' value='$key' />
</td></form>
END
;