X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fovpnmain.cgi;h=038adb13895c0e172d50e41421ae6ac78d553154;hp=9ab06fe334b507eb6fe6585b8ba99b8f24b0d013;hb=52d08bcbd2b5da9fbd3f002c6b686a0202e6fffe;hpb=83920cfcd52b40f718170f524287dc42b41d10ed diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 9ab06fe33..038adb138 100755 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -321,7 +321,6 @@ sub disallowreserved return; } - sub writeserverconf { my %sovpnsettings = (); my @temp = (); @@ -2221,7 +2220,7 @@ else } } &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); - + &writeserverconf; # CCD end @@ -2486,7 +2485,21 @@ if ( -e "/var/run/openvpn.pid"){ print"
$Lang::tr{'attention'}:
$Lang::tr{'server restart'}

"; -} + print< + +   + + +   + + + +END +; + + +}else{ print< @@ -2500,7 +2513,7 @@ print< END ; - +} &Header::closebox(); # print "
$Lang::tr{'back'}
"; &Header::closebigbox(); @@ -3218,7 +3231,7 @@ if ($confighash{$cgiparams{'KEY'}}) { $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0]; $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1]; $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3]; - $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; + $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5]; $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6]; $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8]; @@ -3226,27 +3239,27 @@ if ($confighash{$cgiparams{'KEY'}}) { $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11]; $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22]; $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23]; - $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24]; + $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24]; $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; - $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26]; + $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26]; $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27]; $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28]; - $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29]; + $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29]; $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30]; $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31]; - $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32]; + $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32]; my $name=$cgiparams{'CHECK1'} ; $cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33]; $cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34]; $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35]; $cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36]; $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37]; - $cgiparams{'PMTU_DISCOVERY'} = $confighash{$cgiparams{'KEY'}}[38]; + $cgiparams{'PMTU_DISCOVERY'} = $confighash{$cgiparams{'KEY'}}[38]; } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); #A.Marx CCD check iroute field and convert it to decimal - +if ($cgiparams{'TYPE'} eq 'host') { my @temp=(); my %ccdroutehash=(); my $keypoint=0; @@ -3269,6 +3282,7 @@ if ($confighash{$cgiparams{'KEY'}}) { chomp($val); $val=~s/\s*$//g; my($ip,$cidr) = split(/\//,$val); + $ip=&General::getnetworkip($ip,&General::iporsubtocidr($cidr)); $cidr=&General::iporsubtodec($cidr); #check if iroute exists in ccdroute @@ -3282,16 +3296,24 @@ if ($confighash{$cgiparams{'KEY'}}) { } #check for existing network IP's - if ((&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0')|| - (&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0')|| - (&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '')|| - (&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' )){ - $errormessage="$ip USED FOR SYSTEM!"; + if (&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0') + { + $errormessage=$Lang::tr{'ccd err green'}; + goto VPNCONF_ERROR; + }elsif(&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0') + { + $errormessage=$Lang::tr{'ccd err red'}; + goto VPNCONF_ERROR; + }elsif(&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '') + { + $errormessage=$Lang::tr{'ccd err blue'}; + goto VPNCONF_ERROR; + }elsif(&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' ) + { + $errormessage=$Lang::tr{'ccd err orange'}; goto VPNCONF_ERROR; } - - - + if (&General::validipandmask($val)){ $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr; }else{ @@ -3314,51 +3336,44 @@ if ($confighash{$cgiparams{'KEY'}}) { } undef @temp; #check route field and convert it to decimal - my $val=0; my $i=1; - &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); - if($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} || $cgiparams{'IFROUTE'} eq '') { - undef $cgiparams{'IFROUTE'}; - foreach my $key (keys %ccdroute2hash){ - if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) { - delete $ccdroute2hash{$key}; - } - } - &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); - }else{ - #find key to use - foreach my $key (keys %ccdroute2hash) { - if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) { - $keypoint=$key; - delete $ccdroute2hash{$key}; - }else{ - $keypoint = &General::findhasharraykey (\%ccdroute2hash); - &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); - &writeserverconf; - } + #find key to use + foreach my $key (keys %ccdroute2hash) { + if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) { + $keypoint=$key; + delete $ccdroute2hash{$key}; + }else{ + $keypoint = &General::findhasharraykey (\%ccdroute2hash); + &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + &writeserverconf; } - $ccdroute2hash{$keypoint}[0]=$cgiparams{'NAME'}; - @temp = split(/\|/,$cgiparams{'IFROUTE'}); - my %ownnet=(); - &General::readhash("${General::swroot}/ethernet/settings", \%ownnet); - foreach $val (@temp){ - chomp($val); - $val=~s/\s*$//g; - if ($val eq $Lang::tr{'green'}) - { - $val=$ownnet{GREEN_NETADDRESS}."/".$ownnet{GREEN_NETMASK}; - } - if ($val eq $Lang::tr{'blue'}) - { - $val=$ownnet{BLUE_NETADDRESS}."/".$ownnet{BLUE_NETMASK}; - } - if ($val eq $Lang::tr{'orange'}) - { - $val=$ownnet{ORANGE_NETADDRESS}."/".$ownnet{ORANGE_NETMASK}; - } - my ($ip,$cidr) = split (/\//, $val); + } + $ccdroute2hash{$keypoint}[0]=$cgiparams{'NAME'}; + if ($cgiparams{'IFROUTE'} eq ''){$cgiparams{'IFROUTE'} = $Lang::tr{'ccd none'};} + @temp = split(/\|/,$cgiparams{'IFROUTE'}); + my %ownnet=(); + &General::readhash("${General::swroot}/ethernet/settings", \%ownnet); + foreach $val (@temp){ + chomp($val); + $val=~s/\s*$//g; + if ($val eq $Lang::tr{'green'}) + { + $val=$ownnet{GREEN_NETADDRESS}."/".$ownnet{GREEN_NETMASK}; + } + if ($val eq $Lang::tr{'blue'}) + { + $val=$ownnet{BLUE_NETADDRESS}."/".$ownnet{BLUE_NETMASK}; + } + if ($val eq $Lang::tr{'orange'}) + { + $val=$ownnet{ORANGE_NETADDRESS}."/".$ownnet{ORANGE_NETMASK}; + } + my ($ip,$cidr) = split (/\//, $val); + + if ($val ne $Lang::tr{'ccd none'}) + { if (! &check_routes_push($val)){$errormessage=$errormessage."Route $val ".$Lang::tr{'ccd err routeovpn2'}." ($val)";goto VPNCONF_ERROR;} if (! &check_ccdroute($val)){$errormessage=$errormessage."
Route $val ".$Lang::tr{'ccd err inuse'}." ($val)" ;goto VPNCONF_ERROR;} if (! &check_ccdconf($val)){$errormessage=$errormessage."
Route $val ".$Lang::tr{'ccd err routeovpn'}." ($val)";goto VPNCONF_ERROR;} @@ -3369,10 +3384,13 @@ if ($confighash{$cgiparams{'KEY'}}) { $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)"; goto VPNCONF_ERROR; } - $i++; - } - &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); - } + }else{ + $ccdroute2hash{$keypoint}[$i]=''; + } + $i++; + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); + #check dns1 ip if ($cgiparams{'CCD_DNS1'} ne '' && ! &General::validip($cgiparams{'CCD_DNS1'})) { $errormessage=$errormessage."
".$Lang::tr{'invalid input for dhcp dns'}." 1"; @@ -3388,10 +3406,10 @@ if ($confighash{$cgiparams{'KEY'}}) { $errormessage=$errormessage."
".$Lang::tr{'invalid input for dhcp wins'}; goto VPNCONF_ERROR; } - +} #CCD End - + if ($cgiparams{'TYPE'} !~ /^(host|net)$/) { $errormessage = $Lang::tr{'connection type is invalid'}; @@ -3881,7 +3899,7 @@ if ($cgiparams{'TYPE'} eq 'net') { $confighash{$key}[6] = $cgiparams{'SIDE'}; $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; } - $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; + $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; $confighash{$key}[10] = $cgiparams{'REMOTE'}; if ($cgiparams{'OVPN_MGMT'} eq '') { $confighash{$key}[22] = $confighash{$key}[29]; @@ -3905,7 +3923,7 @@ if ($cgiparams{'TYPE'} eq 'net') { $confighash{$key}[35] = $cgiparams{'CCD_DNS1'}; $confighash{$key}[36] = $cgiparams{'CCD_DNS2'}; $confighash{$key}[37] = $cgiparams{'CCD_WINS'}; - $confighash{$key}[38] = $cgiparams{'PMTU_DISCOVERY'}; + $confighash{$key}[38] = $cgiparams{'PMTU_DISCOVERY'}; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); @@ -3927,6 +3945,7 @@ if ($cgiparams{'TYPE'} eq 'net') { print CCDRWCONF "\n#Redirect Gateway: \n#All IP traffic is redirected through the vpn \n"; print CCDRWCONF "push redirect-gateway\n"; } + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); if ($cgiparams{'IR'} ne ''){ print CCDRWCONF "\n#Client routes these Networks (behind Client)\n"; foreach my $key (keys %ccdroutehash){ @@ -3938,6 +3957,7 @@ if ($cgiparams{'TYPE'} eq 'net') { } } } + if ($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} ){$cgiparams{'IFROUTE'}='';} if ($cgiparams{'IFROUTE'} ne ''){ print CCDRWCONF "\n#Client gets routes to these Networks (behind IPFIRE)\n"; foreach my $key (keys %ccdroute2hash){ @@ -3946,7 +3966,7 @@ if ($cgiparams{'TYPE'} eq 'net') { if($ccdroute2hash{$key}[$i] eq $Lang::tr{'blue'}){ my %blue=(); &General::readhash("${General::swroot}/ethernet/settings", \%blue); - print CCDRWCONF "push \"route $blue{BLUE_ADDRESS} $blue{BLUE_NETMASK}\n"; + print CCDRWCONF "push \"route $blue{BLUE_ADDRESS} $blue{BLUE_NETMASK}\n"; }elsif($ccdroute2hash{$key}[$i] eq $Lang::tr{'orange'}){ my %orange=(); &General::readhash("${General::swroot}/ethernet/settings", \%orange); @@ -4376,51 +4396,66 @@ END
$Lang::tr{'ccd iroute2'} DNS2: