X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fovpnmain.cgi;h=038adb13895c0e172d50e41421ae6ac78d553154;hp=e427fb2907e1744d30c86a7f3f172b2b84a69850;hb=52d08bcbd2b5da9fbd3f002c6b686a0202e6fffe;hpb=4e17adadcd3c3942e7c2222485fbf88608a4477f diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi old mode 100644 new mode 100755 index e427fb290..038adb138 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -1,15 +1,31 @@ #!/usr/bin/perl -# based on SmoothWall and IPCop CGIs -# -# This code is distributed under the terms of the GPL -# Main idea from zeroconcept -# ZERNINA-VERSION:0.9.4i -# (c) 2007 Ufuk Altinkaynak -# - +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2011 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### +### +# Based on IPFireCore 55 +### use CGI; use CGI qw/:standard/; use Net::DNS; +use Net::Ping; +use Net::Telnet; use File::Copy; use File::Temp qw/ tempfile tempdir /; use strict; @@ -23,7 +39,7 @@ require "${General::swroot}/countries.pl"; #use warnings; #use CGI::Carp 'fatalsToBrowser'; #workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::colourgreen} ); +my @dummy = ( ${Header::colourgreen}, ${Header::colourblue} ); undef (@dummy); my %color = (); @@ -31,11 +47,12 @@ my %mainsettings = (); &General::readhash("${General::swroot}/main/settings", \%mainsettings); &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); - - ### ### Initialize variables ### +my %ccdconfhash=(); +my %ccdroutehash=(); +my %ccdroute2hash=(); my %netsettings=(); my %cgiparams=(); my %vpnsettings=(); @@ -46,6 +63,7 @@ my %selected=(); my $warnmessage = ''; my $errormessage = ''; my %settings=(); +my $routes_push_file = ''; &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); $cgiparams{'ENABLED'} = 'off'; $cgiparams{'ENABLED_BLUE'} = 'off'; @@ -59,7 +77,17 @@ $cgiparams{'CA_NAME'} = ''; $cgiparams{'DHCP_DOMAIN'} = ''; $cgiparams{'DHCP_DNS'} = ''; $cgiparams{'DHCP_WINS'} = ''; +$cgiparams{'ROUTES_PUSH'} = ''; $cgiparams{'DCOMPLZO'} = 'off'; +$cgiparams{'MSSFIX'} = ''; +$cgiparams{'number'} = ''; +$cgiparams{'PMTU_DISCOVERY'} = ''; +$routes_push_file = "${General::swroot}/ovpn/routes_push"; +unless (-e $routes_push_file) { system("touch $routes_push_file"); } +unless (-e "${General::swroot}/ovpn/ccd.conf") { system("touch ${General::swroot}/ovpn/ccd.conf"); } +unless (-e "${General::swroot}/ovpn/ccdroute") { system("touch ${General::swroot}/ovpn/ccdroute"); } +unless (-e "${General::swroot}/ovpn/ccdroute2") { system("touch ${General::swroot}/ovpn/ccdroute2"); } + &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'}); # prepare openvpn config file @@ -294,21 +322,25 @@ sub disallowreserved } sub writeserverconf { - my %sovpnsettings = (); + my %sovpnsettings = (); + my @temp = (); &General::readhash("${General::swroot}/ovpn/settings", \%sovpnsettings); - + &read_routepushfile; + open(CONF, ">${General::swroot}/ovpn/server.conf") or die "Unable to open ${General::swroot}/ovpn/server.conf: $!"; flock CONF, 2; print CONF "#OpenVPN Server conf\n"; print CONF "\n"; print CONF "daemon openvpnserver\n"; print CONF "writepid /var/run/openvpn.pid\n"; - print CONF "#DAN prepare ZERINA for listening on blue and orange\n"; + print CONF "#DAN prepare OpenVPN for listening on blue and orange\n"; print CONF ";local $sovpnsettings{'VPN_IP'}\n"; print CONF "dev $sovpnsettings{'DDEVICE'}\n"; - print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; print CONF "proto $sovpnsettings{'DPROTOCOL'}\n"; print CONF "port $sovpnsettings{'DDEST_PORT'}\n"; + print CONF "script-security 3 system\n"; + print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n"; + print CONF "client-config-dir /var/ipfire/ovpn/ccd\n"; print CONF "tls-server\n"; print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n"; print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n"; @@ -316,10 +348,59 @@ sub writeserverconf { print CONF "dh /var/ipfire/ovpn/ca/dh1024.pem\n"; my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'}); print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n"; - print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n"; - if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { + #print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n"; + + # Check if we are using mssfix, fragment or mtu-disc and set the corretct mtu of 1500. + # If we doesn't use one of them, we can use the configured mtu value. + if ($sovpnsettings{'MSSFIX'} eq 'on') + { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } + elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') + { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } + elsif (($sovpnsettings{'PMTU_DISCOVERY'} ne 'off') || ($sovpnsettings{'PMTU_DISCOVERY'} ne '')) + { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } + else + { print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; } + + if ($vpnsettings{'ROUTES_PUSH'} ne '') { + @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'}); + foreach (@temp) + { + @tempovpnsubnet = split("\/",&General::ipcidr2msk($_)); + print CONF "push \"route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . "\"\n"; + } + } +# a.marx ccd + my %ccdconfhash=(); + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + foreach my $key (keys %ccdconfhash) { + my $a=$ccdconfhash{$key}[1]; + my ($b,$c) = split (/\//, $a); + print CONF "route $b ".&General::cidrtosub($c)."\n"; + } + my %ccdroutehash=(); + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + foreach my $key (keys %ccdroutehash) { + foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){ + my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]); + print CONF "route $a $b\n"; + } + } +# ccd end + + if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { print CONF "client-to-client\n"; } + if ($sovpnsettings{MSSFIX} eq 'on') { + print CONF "mssfix\n"; + } + if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') { + print CONF "fragment $sovpnsettings{'FRAGMENT'}\n"; + } + + if (($sovpnsettings{PMTU_DISCOVERY} ne 'off') || ($sovpnsettings{'PMTU_DISCOVERY'} ne '')) { + print CONF "mtu-disc $sovpnsettings{'PMTU_DISCOVERY'}\n"; + } + if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) { print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n"; } @@ -346,8 +427,7 @@ sub writeserverconf { if ($sovpnsettings{DHCP_WINS} eq '') { print CONF "max-clients 100\n"; - } - + } if ($sovpnsettings{DHCP_WINS} ne '') { print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n"; } @@ -366,7 +446,7 @@ sub writeserverconf { close(CONF); } -# + sub emptyserverlog{ if (open(FILE, ">/var/log/ovpnserver.log")) { flock FILE, 2; @@ -376,6 +456,320 @@ sub emptyserverlog{ } +sub delccdnet +{ + my %ccdconfhash = (); + my %ccdhash = (); + my $ccdnetname=$_[0]; + if (-f "${General::swroot}/ovpn/ovpnconfig"){ + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); + foreach my $key (keys %ccdhash) { + if ($ccdhash{$key}[32] eq $ccdnetname) { + $errormessage=$Lang::tr{'ccd err hostinnet'}; + return; + } + } + } + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + foreach my $key (keys %ccdconfhash) { + if ($ccdconfhash{$key}[0] eq $ccdnetname){ + delete $ccdconfhash{$key}; + } + } + &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + + &writeserverconf; + return 0; +} + +sub addccdnet +{ + my %ccdconfhash=(); + my @ccdconf=(); + my $ccdname=$_[0]; + my $ccdnet=$_[1]; + my $ovpnsubnet=$_[2]; + my $subcidr; + my @ip2=(); + my $checkup; + my $ccdip; + my $baseaddress; + if(!&General::validhostname($ccdname)){ + $errormessage=$Lang::tr{'ccd err invalidname'}; + return; + } + #check ip + if (&General::validipandmask($ccdnet)){ + $ccdnet=&General::iporsubtocidr($ccdnet); + }else{ + $errormessage=$Lang::tr{'ccd err invalidnet'}; + return; + } + ($ccdip,$subcidr) = split (/\//,$ccdnet); + if ($ccdname eq '') { + $errormessage=$errormessage.$Lang::tr{'ccd err name'}."
"; + } + #check if we try to use same network as ovpn server + if (&General::iporsubtocidr($ccdnet) eq &General::iporsubtocidr($ovpnsubnet)) { + $errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."
"; + } + + #check if we use a name/subnet that already exists + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + foreach my $key (keys %ccdconfhash) { + @ccdconf=split(/\//,$ccdconfhash{$key}[1]); + if ($ccdname eq $ccdconfhash{$key}[0]) {$errormessage=$errormessage.$Lang::tr{'ccd err nameexist'}."
";} + my ($newip,$newsub) = split(/\//,$ccdnet); + if (&General::IpInSubnet($newip,$ccdconf[0],&General::iporsubtodec($ccdconf[1]))) {$errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."
";} + + } + #check if we use one of ipfire's networks (green,orange,blue) + my %ownnet=(); + &General::readhash("${General::swroot}/ethernet/settings", \%ownnet); + if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err green'};} + if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err orange'};} + if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err blue'};} + if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'RED_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err red'};} + + + if (!$errormessage) { + my %ccdconfhash=(); + $baseaddress=&General::getnetworkip($ccdip,$subcidr); + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + my $key = &General::findhasharraykey (\%ccdconfhash); + foreach my $i (0 .. 1) { $ccdconfhash{$key}[$i] = "";} + $ccdconfhash{$key}[0] = $ccdname; + $ccdconfhash{$key}[1] = $baseaddress."/".$subcidr; + &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + &writeserverconf; + $cgiparams{'ccdname'}=''; + $cgiparams{'ccdsubnet'}=''; + return 1; + } +} + +sub modccdnet +{ + + my $newname=$_[0]; + my $oldname=$_[1]; + my %ccdconfhash=(); + my %ccdhash=(); + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + foreach my $key (keys %ccdconfhash) { + if ($ccdconfhash{$key}[0] eq $oldname) { + foreach my $key1 (keys %ccdconfhash) { + if ($ccdconfhash{$key1}[0] eq $newname){ + $errormessage=$errormessage.$Lang::tr{'ccd err netadrexist'}; + return; + }else{ + $ccdconfhash{$key}[0]= $newname; + &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + last; + } + } + } + } + + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); + foreach my $key (keys %ccdhash) { + if ($ccdhash{$key}[32] eq $oldname) { + $ccdhash{$key}[32]=$newname; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); + last; + } + } + + return 0; +} +sub ccdmaxclients +{ + my $ccdnetwork=$_[0]; + my @octets=(); + my @subnet=(); + @octets=split("\/",$ccdnetwork); + @subnet= split /\./, &General::cidrtosub($octets[1]); + my ($a,$b,$c,$d,$e); + $a=256-$subnet[0]; + $b=256-$subnet[1]; + $c=256-$subnet[2]; + $d=256-$subnet[3]; + $e=($a*$b*$c*$d)/4; + return $e-1; +} + +sub getccdadresses +{ + my $ipin=$_[0]; + my ($ip1,$ip2,$ip3,$ip4)=split /\./, $ipin; + my $cidr=$_[1]; + chomp($cidr); + my $count=$_[2]; + my $hasip=$_[3]; + chomp($hasip); + my @iprange=(); + my %ccdhash=(); + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); + $iprange[0]=$ip1.".".$ip2.".".$ip3.".".2; + for (my $i=0;$i<=$count-1;$i++) { + my $tmpip=$iprange[$i-1]; + my $stepper=$i*4; + $iprange[$i]= &General::getnextip($tmpip,4); + } + my $r=0; + foreach my $key (keys %ccdhash) { + $r=0; + foreach my $tmp (@iprange){ + my ($net,$sub) = split (/\//,$ccdhash{$key}[33]); + if ($net eq $tmp) { + if ( $hasip ne $ccdhash{$key}[33] ){ + splice (@iprange,$r,1); + } + } + $r++; + } + } + return @iprange; +} + +sub fillselectbox +{ + my $boxname=$_[1]; + my ($ccdip,$subcidr) = split("/",$_[0]); + my $tz=$_[2]; + my @allccdips=&getccdadresses($ccdip,$subcidr,&ccdmaxclients($ccdip."/".$subcidr),$tz); + print""; +} + +sub hostsinnet +{ + my $name=$_[0]; + my %ccdhash=(); + my $i=0; + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); + foreach my $key (keys %ccdhash) { + if ($ccdhash{$key}[32] eq $name){ $i++;} + } + return $i; +} + +sub check_routes_push +{ + my $val=$_[0]; + my ($ip,$cidr) = split (/\//, $val); + ##check for existing routes in routes_push + if (-e "${General::swroot}/ovpn/routes_push") { + open(FILE,"${General::swroot}/ovpn/routes_push"); + while () { + $_=~s/\s*$//g; + + my ($ip2,$cidr2) = split (/\//,"$_"); + my $val2=$ip2."/".&General::iporsubtodec($cidr2); + + if($val eq $val2){ + return 0; + } + #subnetcheck + if (&General::IpInSubnet ($ip,$ip2,&General::iporsubtodec($cidr2))){ + return 0; + } + }; + close(FILE); + } + return 1; +} + +sub check_ccdroute +{ + my %ccdroutehash=(); + my $val=$_[0]; + my ($ip,$cidr) = split (/\//, $val); + #check for existing routes in ccdroute + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + foreach my $key (keys %ccdroutehash) { + foreach my $i (1 .. $#{$ccdroutehash{$key}}) { + if (&General::iporsubtodec($val) eq $ccdroutehash{$key}[$i] && $ccdroutehash{$key}[0] ne $cgiparams{'NAME'}){ + return 0; + } + my ($ip2,$cidr2) = split (/\//,$ccdroutehash{$key}[$i]); + #subnetcheck + if (&General::IpInSubnet ($ip,$ip2,$cidr2)&& $ccdroutehash{$key}[0] ne $cgiparams{'NAME'} ){ + return 0; + } + } + } + return 1; +} +sub check_ccdconf +{ + my %ccdconfhash=(); + my $val=$_[0]; + my ($ip,$cidr) = split (/\//, $val); + #check for existing routes in ccdroute + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + foreach my $key (keys %ccdconfhash) { + if (&General::iporsubtocidr($val) eq $ccdconfhash{$key}[1]){ + return 0; + } + my ($ip2,$cidr2) = split (/\//,$ccdconfhash{$key}[1]); + #subnetcheck + if (&General::IpInSubnet ($ip,$ip2,&General::cidrtosub($cidr2))){ + return 0; + } + + } + return 1; +} + +### +# m.a.d net2net +### + +sub validdotmask +{ + my $ipdotmask = $_[0]; + if (&General::validip($ipdotmask)) { return 0; } + if (!($ipdotmask =~ /^(.*?)\/(.*?)$/)) { } + my $mask = $2; + if (($mask =~ /\./ )) { return 0; } + return 1; +} + +# ------------------------------------------------------------------- + +sub write_routepushfile +{ + open(FILE, ">$routes_push_file"); + flock(FILE, 2); + if ($vpnsettings{'ROUTES_PUSH'} ne '') { + print FILE $vpnsettings{'ROUTES_PUSH'}; + } + close(FILE); +} + +sub read_routepushfile +{ + if (-e "$routes_push_file") { + open(FILE,"$routes_push_file"); + delete $vpnsettings{'ROUTES_PUSH'}; + while () { $vpnsettings{'ROUTES_PUSH'} .= $_ }; + close(FILE); + $cgiparams{'ROUTES_PUSH'} = $vpnsettings{'ROUTES_PUSH'}; + + } +} + + #hier die refresh page if ( -e "${General::swroot}/ovpn/gencanow") { my $refresh = ''; @@ -411,11 +805,11 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'} || &emptyserverlog(); } # #restart openvpn server - if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){ +# if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){ #workarund, till SIGHUP also works when running as nobody - system('/usr/local/bin/openvpnctrl', '-r'); - &emptyserverlog(); - } +# system('/usr/local/bin/openvpnctrl', '-r'); +# &emptyserverlog(); +# } } ### @@ -436,7 +830,33 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { $vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'}; $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'}; $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'}; + $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'}; + $vpnsettings{'PMTU_DISCOVERY'} = $cgiparams{'PMTU_DISCOVERY'}; + my @temp=(); + if ($cgiparams{'FRAGMENT'} eq '') { + delete $vpnsettings{'FRAGMENT'}; + } else { + if ($cgiparams{'FRAGMENT'} !~ /^[0-9]+$/) { + $errormessage = "Incorrect value, please insert only numbers."; + goto ADV_ERROR; + } else { + $vpnsettings{'FRAGMENT'} = $cgiparams{'FRAGMENT'}; + } + } + if ($cgiparams{'MSSFIX'} ne 'on') { + delete $vpnsettings{'MSSFIX'}; + } else { + $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'}; + } + + if ($cgiparams{'PMTU_DISCOVERY'} ne 'off') { + if (($cgiparams{'MSSFIX'} eq 'on') || ($cgiparams{'FRAGMENT'} ne '')) { + $errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'}; + goto ADV_ERROR; + } + } + if ($cgiparams{'DHCP_DOMAIN'} ne ''){ unless (&General::validfqdn($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) { $errormessage = $Lang::tr{'invalid input for dhcp domain'}; @@ -452,9 +872,59 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { if ($cgiparams{'DHCP_WINS'} ne ''){ unless (&General::validfqdn($cgiparams{'DHCP_WINS'}) || &General::validip($cgiparams{'DHCP_WINS'})) { $errormessage = $Lang::tr{'invalid input for dhcp wins'}; - goto ADV_ERROR; + goto ADV_ERROR; } } + if ($cgiparams{'ROUTES_PUSH'} ne ''){ + @temp = split(/\n/,$cgiparams{'ROUTES_PUSH'}); + undef $vpnsettings{'ROUTES_PUSH'}; + + foreach my $tmpip (@temp) + { + s/^\s+//g; s/\s+$//g; + + if ($tmpip) + { + $tmpip=~s/\s*$//g; + unless (&General::validipandmask($tmpip)) { + $errormessage = "$tmpip ".$Lang::tr{'ovpn errmsg invalid ip or mask'}; + goto ADV_ERROR; + } + my ($ip, $cidr) = split("\/",&General::ipcidr2msk($tmpip)); + + if ($ip eq $netsettings{'GREEN_NETADDRESS'} && $cidr eq $netsettings{'GREEN_NETMASK'}) { + $errormessage = $Lang::tr{'ovpn errmsg green already pushed'}; + goto ADV_ERROR; + } +# a.marx ccd + my %ccdroutehash=(); + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + foreach my $key (keys %ccdroutehash) { + foreach my $i (1 .. $#{$ccdroutehash{$key}}) { + if ( $ip."/".$cidr eq $ccdroutehash{$key}[$i] ){ + $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ; + goto ADV_ERROR; + } + my ($ip2,$cidr2) = split(/\//,$ccdroutehash{$key}[$i]); + if (&General::IpInSubnet ($ip,$ip2,$cidr2)){ + $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ; + goto ADV_ERROR; + } + } + } + +# ccd end + + $vpnsettings{'ROUTES_PUSH'} .= $tmpip."\n"; + } + } + &write_routepushfile; + undef $vpnsettings{'ROUTES_PUSH'}; + } + else { + undef $vpnsettings{'ROUTES_PUSH'}; + &write_routepushfile; + } if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 255 )) { $errormessage = $Lang::tr{'invalid input for max clients'}; goto ADV_ERROR; @@ -480,12 +950,180 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { &writeserverconf();#hier ok } +### +# m.a.d net2net +### + +if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'server') +{ + +my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'}); +my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'}); +my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]"; +my $tunmtu = ''; + +unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";} +unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";} + + open(SERVERCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!"; + + flock SERVERCONF, 2; + print SERVERCONF "# IPFire n2n Open VPN Server Config by ummeegge und m.a.d\n"; + print SERVERCONF "\n"; + print SERVERCONF "# User Security\n"; + print SERVERCONF "user nobody\n"; + print SERVERCONF "group nobody\n"; + print SERVERCONF "persist-tun\n"; + print SERVERCONF "persist-key\n"; + print SERVERCONF "script-security 2\n"; + print SERVERCONF "# IP/DNS for remote Server Gateway\n"; + print SERVERCONF "remote $cgiparams{'REMOTE'}\n"; + print SERVERCONF "float\n"; + print SERVERCONF "# IP adresses of the VPN Subnet\n"; + print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; + print SERVERCONF "# Client Gateway Network\n"; + print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n"; + print SERVERCONF "# tun Device\n"; + print SERVERCONF "dev tun\n"; + print SERVERCONF "# Port and Protokol\n"; + print SERVERCONF "port $cgiparams{'DEST_PORT'}\n"; + + if ($cgiparams{'PROTOCOL'} eq 'tcp') { + print SERVERCONF "proto tcp-server\n"; + print SERVERCONF "# Packet size\n"; + if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}}; + print SERVERCONF "tun-mtu $tunmtu\n"; + } + + if ($cgiparams{'PROTOCOL'} eq 'udp') { + print SERVERCONF "proto udp\n"; + print SERVERCONF "# Paketsize\n"; + if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}}; + print SERVERCONF "tun-mtu $tunmtu\n"; + if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";} + if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; }; + } + if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') || ($cgiparams{'PMTU_DISCOVERY'} ne '')) { + if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) { + if($cgiparams{'MTU'} eq '1500') { + print SERVERCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n"; + } + } + } + print SERVERCONF "# Auth. Server\n"; + print SERVERCONF "tls-server\n"; + print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; + print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n"; + print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n"; + print SERVERCONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n"; + print SERVERCONF "# Cipher\n"; + print SERVERCONF "cipher AES-256-CBC\n"; + if ($cgiparams{'COMPLZO'} eq 'on') { + print SERVERCONF "# Enable Compression\n"; + print SERVERCONF "comp-lzo\r\n"; + } + print SERVERCONF "# Debug Level\n"; + print SERVERCONF "verb 3\n"; + print SERVERCONF "# Tunnel check\n"; + print SERVERCONF "keepalive 10 60\n"; + print SERVERCONF "# Start as daemon\n"; + print SERVERCONF "daemon $cgiparams{'NAME'}n2n\n"; + print SERVERCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n"; + print SERVERCONF "# Activate Management Interface and Port\n"; + if ($cgiparams{'OVPN_MGMT'} eq '') {print SERVERCONF "management localhost $cgiparams{'DEST_PORT'}\n"} + else {print SERVERCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"}; + close(SERVERCONF); + +} +### +# m.a.d net2net +### +if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client') +{ + my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'}); + my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]"; + my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'}); + my $tunmtu = ''; + +unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";} +unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";} + + open(CLIENTCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!"; + + flock CLIENTCONF, 2; + print CLIENTCONF "# IPFire rewritten n2n Open VPN Client Config by ummeegge und m.a.d\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# User Security\n"; + print CLIENTCONF "user nobody\n"; + print CLIENTCONF "group nobody\n"; + print CLIENTCONF "persist-tun\n"; + print CLIENTCONF "persist-key\n"; + print CLIENTCONF "script-security 2\n"; + print CLIENTCONF "# IP/DNS for remote Server Gateway\n"; + print CLIENTCONF "remote $cgiparams{'REMOTE'}\n"; + print CLIENTCONF "float\n"; + print CLIENTCONF "# IP adresses of the VPN Subnet\n"; + print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; + print CLIENTCONF "# Server Gateway Network\n"; + print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n"; + print CLIENTCONF "# tun Device\n"; + print CLIENTCONF "dev tun\n"; + print CLIENTCONF "# Port and Protokol\n"; + print CLIENTCONF "port $cgiparams{'DEST_PORT'}\n"; + + if ($cgiparams{'PROTOCOL'} eq 'tcp') { + print CLIENTCONF "proto tcp-client\n"; + print CLIENTCONF "# Packet size\n"; + if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}}; + print CLIENTCONF "tun-mtu $tunmtu\n"; + } + + if ($cgiparams{'PROTOCOL'} eq 'udp') { + print CLIENTCONF "proto udp\n"; + print CLIENTCONF "# Paketsize\n"; + if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}}; + print CLIENTCONF "tun-mtu $tunmtu\n"; + if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";} + if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; }; + } + if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') || ($cgiparams{'PMTU_DISCOVERY'} ne '')) { + if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) { + if ($cgiparams{'MTU'} eq '1500') { + print CLIENTCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n"; + } + } + } + print CLIENTCONF "ns-cert-type server\n"; + print CLIENTCONF "# Auth. Client\n"; + print CLIENTCONF "tls-client\n"; + print CLIENTCONF "# Cipher\n"; + print CLIENTCONF "cipher AES-256-CBC\n"; + print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n"; + if ($cgiparams{'COMPLZO'} eq 'on') { + print CLIENTCONF "# Enable Compression\n"; + print CLIENTCONF "comp-lzo\r\n"; + } + print CLIENTCONF "# Debug Level\n"; + print CLIENTCONF "verb 3\n"; + print CLIENTCONF "# Tunnel check\n"; + print CLIENTCONF "keepalive 10 60\n"; + print CLIENTCONF "# Start as daemon\n"; + print CLIENTCONF "daemon $cgiparams{'NAME'}n2n\n"; + print CLIENTCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n"; + print CLIENTCONF "# Activate Management Interface and Port\n"; + if ($cgiparams{'OVPN_MGMT'} eq '') {print CLIENTCONF "management localhost $cgiparams{'DEST_PORT'}\n"} + else {print CLIENTCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"}; + close(CLIENTCONF); +} + ### ### Save main settings ### + + if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') { &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too, @@ -578,6 +1216,11 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg $vpnsettings{'DMTU'} = $cgiparams{'DMTU'}; $vpnsettings{'DCOMPLZO'} = $cgiparams{'DCOMPLZO'}; $vpnsettings{'DCIPHER'} = $cgiparams{'DCIPHER'}; +#wrtie enable + + if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_blue 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_blue 2>/dev/null");} + if ( $vpnsettings{'ENABLED_ORANGE'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable_orange 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable_orange 2>/dev/null");} + if ( $vpnsettings{'ENABLED'} eq 'on' ) {system("touch ${General::swroot}/ovpn/enable 2>/dev/null");}else{system("unlink ${General::swroot}/ovpn/enable 2>/dev/null");} #new settings for daemon &General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings); &writeserverconf();#hier ok @@ -1275,36 +1918,47 @@ END ### ### Enable/Disable connection ### + +### +# m.a.d net2net +### + }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - +# my $n2nactive = ''; + my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk \'{print \$1}\'`; + if ($confighash{$cgiparams{'KEY'}}) { - if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { - $confighash{$cgiparams{'KEY'}}[0] = 'on'; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - #&writeserverconf(); -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLED_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}); -# } - } else { - $confighash{$cgiparams{'KEY'}}[0] = 'off'; -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLED_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}); -# } - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - #&writeserverconf(); - } - } else { - $errormessage = $Lang::tr{'invalid key'}; - } + if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { + $confighash{$cgiparams{'KEY'}}[0] = 'on'; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ + system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]); + } + } else { + + $confighash{$cgiparams{'KEY'}}[0] = 'off'; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ + if ($n2nactive ne ''){ + system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]); + } + + } else { + $errormessage = $Lang::tr{'invalid key'}; + } + } + } ### ### Download OpenVPN client package ### + + } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'dl client arch'}) { &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); @@ -1313,20 +1967,139 @@ END my @fileholder; my $tempdir = tempdir( CLEANUP => 1 ); my $zippath = "$tempdir/"; - my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip"; - my $zippathname = "$zippath$zipname"; - $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn"; + +### +# m.a.d net2net +### + +if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ + + my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-Client.zip"; + my $zippathname = "$zippath$zipname"; + $clientovpn = "$confighash{$cgiparams{'KEY'}}[1].conf"; + my @ovsubnettemp = split(/\./,$confighash{$cgiparams{'KEY'}}[27]); + my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]"; + my $tunmtu = ''; + my @remsubnet = split(/\//,$confighash{$cgiparams{'KEY'}}[8]); + my $n2nfragment = ''; + + open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!"; + flock CLIENTCONF, 2; + + my $zip = Archive::Zip->new(); + print CLIENTCONF "# IPFire n2n Open VPN Client Config by ummeegge und m.a.d\n"; + print CLIENTCONF "# \n"; + print CLIENTCONF "# User Security\n"; + print CLIENTCONF "user nobody\n"; + print CLIENTCONF "group nobody\n"; + print CLIENTCONF "persist-tun\n"; + print CLIENTCONF "persist-key\n"; + print CLIENTCONF "script-security 2\n"; + print CLIENTCONF "# IP/DNS for remote Server Gateway\n"; + print CLIENTCONF "remote $vpnsettings{'VPN_IP'}\n"; + print CLIENTCONF "float\n"; + print CLIENTCONF "# IP adresses of the VPN Subnet\n"; + print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; + print CLIENTCONF "# Server Gateway Network\n"; + print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n"; + print CLIENTCONF "# tun Device\n"; + print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\n"; + print CLIENTCONF "# Port and Protokoll\n"; + print CLIENTCONF "port $confighash{$cgiparams{'KEY'}}[29]\n"; + + if ($confighash{$cgiparams{'KEY'}}[28] eq 'tcp') { + print CLIENTCONF "proto tcp-client\n"; + print CLIENTCONF "# Packet size\n"; + if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1400'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]}; + print CLIENTCONF "tun-mtu $tunmtu\n"; + } + + if ($confighash{$cgiparams{'KEY'}}[28] eq 'udp') { + print CLIENTCONF "proto udp\n"; + print CLIENTCONF "# Paketsize\n"; + if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1500'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]}; + print CLIENTCONF "tun-mtu $tunmtu\n"; + if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";} + if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";} + } + if ($confighash{$cgiparams{'KEY'}}[38] ne 'off') { + if (($confighash{$cgiparams{'KEY'}}[23] ne 'on') || ($confighash{$cgiparams{'KEY'}}[24] eq '')) { + if ($tunmtu eq '1500' ) { + print CLIENTCONF "mtu-disc $confighash{$cgiparams{'KEY'}}[38]\n"; + } + } + } + print CLIENTCONF "ns-cert-type server\n"; + print CLIENTCONF "# Auth. Client\n"; + print CLIENTCONF "tls-client\n"; + print CLIENTCONF "# Cipher\n"; + print CLIENTCONF "cipher AES-256-CBC\n"; + if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") { + print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n"; + $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n"; + } + if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') { + print CLIENTCONF "# Enable Compression\n"; + print CLIENTCONF "comp-lzo\r\n"; + } + print CLIENTCONF "# Debug Level\n"; + print CLIENTCONF "verb 3\n"; + print CLIENTCONF "# Tunnel check\n"; + print CLIENTCONF "keepalive 10 60\n"; + print CLIENTCONF "# Start as daemon\n"; + print CLIENTCONF "daemon $confighash{$cgiparams{'KEY'}}[1]n2n\n"; + print CLIENTCONF "writepid /var/run/$confighash{$cgiparams{'KEY'}}[1]n2n.pid\n"; + print CLIENTCONF "# Activate Management Interface and Port\n"; + if ($confighash{$cgiparams{'KEY'}}[22] eq '') {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[29]\n"} + else {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[22]\n"}; + print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n"; + + + close(CLIENTCONF); + + $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n"; + my $status = $zip->writeToFileNamed($zippathname); + + open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!"; + @fileholder = ; + print "Content-Type:application/x-download\n"; + print "Content-Disposition:attachment;filename=$zipname\n\n"; + print @fileholder; + exit (0); +} +else +{ + my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip"; + my $zippathname = "$zippath$zipname"; + $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn"; + +### +# m.a.d net2net +### + open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!"; flock CLIENTCONF, 2; my $zip = Archive::Zip->new(); - print CLIENTCONF "#OpenVPN Server conf\r\n"; + print CLIENTCONF "#OpenVPN Client conf\r\n"; print CLIENTCONF "tls-client\r\n"; print CLIENTCONF "client\r\n"; + print CLIENTCONF "nobind\n"; print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n"; print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n"; - print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; + + # Check if we are using fragment, mssfix or mtu-disc and set MTU to 1500 + # or use configured value. + if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) + { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; } + elsif ($vpnsettings{MSSFIX} eq 'on') + { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; } + elsif (($vpnsettings{PMTU_DISCOVERY} ne 'off') || ($cgiparams{'PMTU_DISCOVERY'} ne '')) + { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; } + else + { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; } + if ( $vpnsettings{'ENABLED'} eq 'on'){ print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n"; if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){ @@ -1363,7 +2136,20 @@ END } print CLIENTCONF "verb 3\r\n"; print CLIENTCONF "ns-cert-type server\r\n"; + print CLIENTCONF "tls-remote $vpnsettings{ROOTCERT_HOSTNAME}\r\n"; + if ($vpnsettings{MSSFIX} eq 'on') { + print CLIENTCONF "mssfix\r\n"; + } + if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) { + print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n"; + } + if (($vpnsettings{PMTU_DISCOVERY} ne 'off') || ($cgiparams{'PMTU_DISCOVERY'} ne '')) { + if(($vpnsettings{MSSFIX} ne 'on') || ($vpnsettings{FRAGMENT} eq '')) { + print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\n"; + } + } close(CLIENTCONF); + $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n"; my $status = $zip->writeToFileNamed($zippathname); @@ -1373,10 +2159,15 @@ END print "Content-Disposition:attachment;filename=$zipname\n\n"; print @fileholder; exit (0); - + } + + + ### ### Remove connection ### + + } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) { &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); @@ -1388,15 +2179,63 @@ END # } # my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + +### +# m.a.d net2net +### + + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { + + my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf"); + my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + unlink ($certfile) or die "Removing $certfile fail: $!"; + unlink ($conffile) or die "Removing $conffile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!"; + +} + + unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); + unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + +# A.Marx CCD delete ccd files and routes + + + if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]") + { + unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]"; + } + + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + foreach my $key (keys %ccdroutehash) { + if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){ + delete $ccdroutehash{$key}; + } + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + + &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); + foreach my $key (keys %ccdroute2hash) { + if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){ + delete $ccdroute2hash{$key}; + } + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); + &writeserverconf; + + +# CCD end + + delete $confighash{$cgiparams{'KEY'}}; my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + #&writeserverconf(); } else { $errormessage = $Lang::tr{'invalid key'}; } + + ### ### Download PKCS12 file ### @@ -1457,8 +2296,11 @@ END %cgiparams = (); %cahash = (); %confighash = (); + my $disabled; &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams); - + read_routepushfile; + + # if ($cgiparams{'CLIENT2CLIENT'} eq '') { # $cgiparams{'CLIENT2CLIENT'} = 'on'; # } @@ -1466,7 +2308,6 @@ ADV_ERROR: if ($cgiparams{'MAX_CLIENTS'} eq '') { $cgiparams{'MAX_CLIENTS'} = '100'; } - if ($cgiparams{'KEEPALIVE_1'} eq '') { $cgiparams{'KEEPALIVE_1'} = '10'; } @@ -1474,7 +2315,7 @@ ADV_ERROR: $cgiparams{'KEEPALIVE_2'} = '60'; } if ($cgiparams{'LOG_VERB'} eq '') { - $cgiparams{'LOG_VERB'} = '3'; + $cgiparams{'LOG_VERB'} = '3'; } $checked{'CLIENT2CLIENT'}{'off'} = ''; $checked{'CLIENT2CLIENT'}{'on'} = ''; @@ -1482,6 +2323,11 @@ ADV_ERROR: $checked{'REDIRECT_GW_DEF1'}{'off'} = ''; $checked{'REDIRECT_GW_DEF1'}{'on'} = ''; $checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED'; + $selected{'ENGINES'}{$cgiparams{'ENGINES'}} = 'SELECTED'; + $checked{'MSSFIX'}{'off'} = ''; + $checked{'MSSFIX'}{'on'} = ''; + $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED'; + $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\''; $selected{'LOG_VERB'}{'1'} = ''; $selected{'LOG_VERB'}{'2'} = ''; $selected{'LOG_VERB'}{'3'} = ''; @@ -1495,7 +2341,7 @@ ADV_ERROR: $selected{'LOG_VERB'}{'11'} = ''; $selected{'LOG_VERB'}{'0'} = ''; $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED'; - + &Header::showhttpheaders(); &Header::openpage($Lang::tr{'status ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', $errormessage); @@ -1507,8 +2353,8 @@ ADV_ERROR: } &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'}); print < - + +
@@ -1517,7 +2363,7 @@ ADV_ERROR: - + @@ -1526,6 +2372,25 @@ ADV_ERROR: + + + + + + + +
$Lang::tr{'dhcp-options'}
Domain
DNS
WINS
$Lang::tr{'ovpn routes push options'}
$Lang::tr{'ovpn routes push'} +
@@ -1534,7 +2399,7 @@ ADV_ERROR: $Lang::tr{'misc-options'} - + Client-To-Client @@ -1546,20 +2411,58 @@ ADV_ERROR: Max-Clients - + - Keppalive (ping/ping-restart) - - + + Keppalive
+ (ping/ping-restart) + + + + + fragment
+ + Default: 1300 + + + mssfix + + Default: on + + + + $Lang::tr{'ovpn mtu-disc'} + $Lang::tr{'ovpn mtu-disc yes'} + $Lang::tr{'ovpn mtu-disc maybe'} + $Lang::tr{'ovpn mtu-disc no'} + $Lang::tr{'ovpn mtu-disc off'} + + + +
- + @@ -1575,8 +2478,30 @@ ADV_ERROR: -
$Lang::tr{'log-options'}
VERB
-
+
+END + +if ( -e "/var/run/openvpn.pid"){ +print"
$Lang::tr{'attention'}:
+ $Lang::tr{'server restart'}

+
"; + print< + +   + + +   + + + +END +; + + +}else{ + +print<   @@ -1588,13 +2513,128 @@ ADV_ERROR: END ; - +} &Header::closebox(); # print ""; &Header::closebigbox(); &Header::closepage(); exit(0); + +# A.Marx CCD Add,delete or edit CCD net + +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ccd net'} || + $cgiparams{'ACTION'} eq $Lang::tr{'ccd add'} || + $cgiparams{'ACTION'} eq "kill" || + $cgiparams{'ACTION'} eq "edit" || + $cgiparams{'ACTION'} eq 'editsave'){ + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'ccd net'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + + if ($cgiparams{'ACTION'} eq "kill"){ + &delccdnet($cgiparams{'net'}); + } + + if ($cgiparams{'ACTION'} eq 'editsave'){ + my ($a,$b) =split (/\|/,$cgiparams{'ccdname'}); + if ( $a ne $b){ &modccdnet($a,$b);} + } + + if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) { + &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'},$cgiparams{'DOVPN_SUBNET'}); + } + if ($errormessage) { + &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); + print "$errormessage"; + print " "; + &Header::closebox(); + } +if ($cgiparams{'ACTION'} eq "edit"){ + + &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'}); + + print < +
+ $Lang::tr{'ccd name'}: + $Lang::tr{'ccd subnet'}: +
+ + +
+END +; + &Header::closebox(); + + &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} ); + print < + + $Lang::tr{'ccd name'}$Lang::tr{'network'}$Lang::tr{'ccd used'} +END +; +} +else{ + if (! -e "/var/run/openvpn.pid"){ + &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd add'}); + print < +
+ $Lang::tr{'ccd hint'}

+ + $Lang::tr{'ccd name'}: + $Lang::tr{'ccd subnet'}: +
+ +
+END + + &Header::closebox(); +} + &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} ); + print < + + $Lang::tr{'ccd name'}$Lang::tr{'network'}$Lang::tr{'ccd used'} +END +; +} + my %ccdconfhash=(); + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + my @ccdconf=(); + my $count=0; + foreach my $key (keys %ccdconfhash) { + @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]); + $count++; + my $ccdhosts = &hostsinnet($ccdconf[0]); + if ($count % 2){ print" ";} + else{ print" ";} + print"$ccdconf[0]$ccdconf[1]$ccdhosts/".(&ccdmaxclients($ccdconf[1])+1).""; +print < + + + + + +
+ + + +
+END +; + } + print ""; + &Header::closebox(); + print ""; + &Header::closebigbox(); + &Header::closepage(); + exit(0); + +#END CCD + ### ### Openvpn Connections Statistics ### @@ -1717,13 +2757,14 @@ END ### ### Enable/Disable connection ### + } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); if ($confighash{$cgiparams{'KEY'}}) { - if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { + if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { $confighash{$cgiparams{'KEY'}}[0] = 'on'; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); #&writeserverconf(); @@ -1785,85 +2826,712 @@ END ### ### Choose between adding a host-net or net-net connection ### + +### +# m.a.d net2net +### + } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') { &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); &Header::showhttpheaders(); &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', ''); &Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'}); + +if ( -s "${General::swroot}/ovpn/settings") { + print <$Lang::tr{'connection type'}:
- +
- + - + + + + + + + +
$Lang::tr{'host to net vpn'}
$Lang::tr{'net to net vpn'}
$Lang::tr{'net to net vpn'} (Upload Client Package)
 
 Import Connection Name
 Default : Client Packagename
* $Lang::tr{'this field may be blank'}
END ; + + +} else { + print <$Lang::tr{'connection type'}:
+ + + +
$Lang::tr{'host to net vpn'}
+END + ; + +} + &Header::closebox(); &Header::closebigbox(); &Header::closepage(); exit (0); + +### +# m.a.d net2net +### + +} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2net')){ + + my @firen2nconf; + my @confdetails; + my $uplconffilename =''; + my $uplconffilename2 =''; + my $uplp12name = ''; + my $uplp12name2 = ''; + my @rem_subnet; + my @rem_subnet2; + my @tmposupnet3; + my $key; + my @n2nname; + + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + +# Check if a file is uploaded + + if (ref ($cgiparams{'FH'}) ne 'Fh') { + $errormessage = $Lang::tr{'there was no file upload'}; + goto N2N_ERROR; + } + +# Move uploaded IPfire n2n package to temporary file + + (my $fh, my $filename) = tempfile( ); + if (copy ($cgiparams{'FH'}, $fh) != 1) { + $errormessage = $!; + goto N2N_ERROR; + } + + my $zip = Archive::Zip->new(); + my $zipName = $filename; + my $status = $zip->read( $zipName ); + if ($status != AZ_OK) { + $errormessage = "Read of $zipName failed\n"; + goto N2N_ERROR; + } + + my $tempdir = tempdir( CLEANUP => 1 ); + my @files = $zip->memberNames(); + for(@files) { + $zip->extractMemberWithoutPaths($_,"$tempdir/$_"); + } + my $countfiles = @files; + +# Check if we have not more then 2 files + + if ( $countfiles == 2){ + foreach (@files){ + if ( $_ =~ /.conf$/){ + $uplconffilename = $_; + } + if ( $_ =~ /.p12$/){ + $uplp12name = $_; + } + } + if (($uplconffilename eq '') || ($uplp12name eq '')){ + $errormessage = "Either no *.conf or no *.p12 file found\n"; + goto N2N_ERROR; + } + + open(FILE, "$tempdir/$uplconffilename") or die 'Unable to open*.conf file'; + @firen2nconf = ; + close (FILE); + chomp(@firen2nconf); + + } else { + + $errormessage = "Filecount does not match only 2 files are allowed\n"; + goto N2N_ERROR; + } + +### +# m.a.d net2net +### + + if ($cgiparams{'n2nname'} ne ''){ + + $uplconffilename2 = "$cgiparams{'n2nname'}.conf"; + $uplp12name2 = "$cgiparams{'n2nname'}.p12"; + $n2nname[0] = $cgiparams{'n2nname'}; + my @n2nname2 = split(/\./,$uplconffilename); + $n2nname2[0] =~ s/\n|\r//g; + my $input1 = "${General::swroot}/ovpn/certs/$uplp12name"; + my $output1 = "${General::swroot}/ovpn/certs/$uplp12name2"; + my $input2 = "$n2nname2[0]n2n"; + my $output2 = "$n2nname[0]n2n"; + my $filename = "$tempdir/$uplconffilename"; + open(FILE, "< $filename") or die 'Unable to open config file.'; + my @current = ; + close(FILE); + foreach (@current) {s/$input1/$output1/g;} + foreach (@current) {s/$input2/$output2/g;} + open (OUT, "> $filename") || die 'Unable to open config file.'; + print OUT @current; + close OUT; + + }else{ + $uplconffilename2 = $uplconffilename; + $uplp12name2 = $uplp12name; + @n2nname = split(/\./,$uplconffilename); + $n2nname[0] =~ s/\n|\r//g; + } + unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";} + unless(-d "${General::swroot}/ovpn/n2nconf/$n2nname[0]"){mkdir "${General::swroot}/ovpn/n2nconf/$n2nname[0]", 0770 or die "Unable to create dir $!";} + + move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2"); + + if ($? ne 0) { + $errormessage = "*.conf move failed: $!"; + unlink ($filename); + goto N2N_ERROR; + } + + move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name2"); + chmod 0600, "${General::swroot}/ovpn/certs/$uplp12name"; + + if ($? ne 0) { + $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; + unlink ($filename); + goto N2N_ERROR; + } + +my $complzoactive; +my $mssfixactive; +my $n2nfragment; +my @n2nmtudisc = split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]);; +my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]); +my @n2nproto = split(/-/, $n2nproto2[1]); +my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]); +my @n2ntunmtu = split(/ /, (grep { /^tun-mtu/ } @firen2nconf)[0]); +my @n2ncomplzo = grep { /^comp-lzo/ } @firen2nconf; +if ($n2ncomplzo[0] =~ /comp-lzo/){$complzoactive = "on";} else {$complzoactive = "off";} +my @n2nmssfix = grep { /^mssfix/ } @firen2nconf; +if ($n2nmssfix[0] =~ /mssfix/){$mssfixactive = "on";} else {$mssfixactive = "off";} +#my @n2nmssfix = split(/ /, (grep { /^mssfix/ } @firen2nconf)[0]); +my @n2nfragment = split(/ /, (grep { /^fragment/ } @firen2nconf)[0]); +my @n2nremote = split(/ /, (grep { /^remote/ } @firen2nconf)[0]); +my @n2novpnsuball = split(/ /, (grep { /^ifconfig/ } @firen2nconf)[0]); +my @n2novpnsub = split(/\./,$n2novpnsuball[1]); +my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]); +my @n2nmgmt = split(/ /, (grep { /^management/ } @firen2nconf)[0]); +my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]); + + +### +# m.a.d delete CR and LF from arrays for this chomp doesnt work +### + +$n2nremote[1] =~ s/\n|\r//g; +$n2novpnsub[0] =~ s/\n|\r//g; +$n2novpnsub[1] =~ s/\n|\r//g; +$n2novpnsub[2] =~ s/\n|\r//g; +$n2nproto[0] =~ s/\n|\r//g; +$n2nport[1] =~ s/\n|\r//g; +$n2ntunmtu[1] =~ s/\n|\r//g; +$n2nremsub[1] =~ s/\n|\r//g; +$n2nremsub[2] =~ s/\n|\r//g; +$n2nlocalsub[2] =~ s/\n|\r//g; +$n2nfragment[1] =~ s/\n|\r//g; +$n2nmgmt[2] =~ s/\n|\r//g; +$n2nmtudisc[1] =~ s/\n|\r//g; +chomp ($complzoactive); +chomp ($mssfixactive); + +### +# m.a.d net2net +### + +### +# Check if there is no other entry with this name +### + + foreach my $dkey (keys %confighash) { + if ($confighash{$dkey}[1] eq $n2nname[0]) { + $errormessage = $Lang::tr{'a connection with this name already exists'}; + unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!"; + unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!"; + goto N2N_ERROR; + } + } + +### +# Check if OpenVPN Subnet is valid +### + +foreach my $dkey (keys %confighash) { + if ($confighash{$dkey}[27] eq "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0") { + $errormessage = 'The OpenVPN Subnet is already in use'; + unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!"; + unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!"; + goto N2N_ERROR; + } + } + +### +# Check im Dest Port is vaild +### + +foreach my $dkey (keys %confighash) { + if ($confighash{$dkey}[29] eq $n2nport[1] ) { + $errormessage = 'The OpenVPN Port is already in use'; + unlink ("${General::swroot}/ovpn/n2nconf/$n2nname[0]/$n2nname[0].conf") or die "Removing Configfile fail: $!"; + unlink ("${General::swroot}/ovpn/certs/$n2nname[0].p12") or die "Removing Certfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$n2nname[0]") || die "Removing Directory fail: $!"; + goto N2N_ERROR; + } + } + + + + $key = &General::findhasharraykey (\%confighash); + + foreach my $i (0 .. 39) { $confighash{$key}[$i] = "";} + + $confighash{$key}[0] = 'off'; + $confighash{$key}[1] = $n2nname[0]; + $confighash{$key}[2] = $n2nname[0]; + $confighash{$key}[3] = 'net'; + $confighash{$key}[4] = 'cert'; + $confighash{$key}[6] = 'client'; + $confighash{$key}[8] = $n2nlocalsub[2]; + $confighash{$key}[10] = $n2nremote[1]; + $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]"; + $confighash{$key}[22] = $n2nmgmt[2]; + $confighash{$key}[23] = $mssfixactive; + $confighash{$key}[24] = $n2nfragment[1]; + $confighash{$key}[25] = 'IPFire n2n Client'; + $confighash{$key}[26] = 'red'; + $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0"; + $confighash{$key}[28] = $n2nproto[0]; + $confighash{$key}[29] = $n2nport[1]; + $confighash{$key}[30] = $complzoactive; + $confighash{$key}[31] = $n2ntunmtu[1]; + $confighash{$key}[38] = $n2nmtudisc[1]; + + + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + + N2N_ERROR: + + &Header::showhttpheaders(); + &Header::openpage('Validate imported configuration', 1, ''); + &Header::openbigbox('100%', 'LEFT', '', $errormessage); + if ($errormessage) { + &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); + print "$errormessage"; + print " "; + &Header::closebox(); + + } else + { + &Header::openbox('100%', 'LEFT', 'import ipfire net2net config'); + } + if ($errormessage eq ''){ + print < + + + + + + + + + + + + + + + + + + +
  
$Lang::tr{'name'}:$n2nname[0]
  
$Lang::tr{'Act as'}$confighash{$key}[6]
Remote Host $confighash{$key}[10]
$Lang::tr{'local subnet'}$confighash{$key}[8]
$Lang::tr{'remote subnet'}$confighash{$key}[11]
$Lang::tr{'ovpn subnet'}$confighash{$key}[27]
$Lang::tr{'protocol'}$confighash{$key}[28]
$Lang::tr{'destination port'}:$confighash{$key}[29]
$Lang::tr{'comp-lzo'}$confighash{$key}[30]
MSSFIX $confighash{$key}[23]
Fragment $confighash{$key}[24]
$Lang::tr{'MTU'}$confighash{$key}[31]
$Lang::tr{'ovpn mtu-disc'}$confighash{$key}[38]
Management Port $confighash{$key}[22]
  
+END +; + &Header::closebox(); + } + + if ($errormessage) { + print ""; + } else { + print "
"; + print ""; + print ""; + print "
"; + } + &Header::closebigbox(); + &Header::closepage(); + exit(0); + + +## +### Accept IPFire n2n Package Settings +### + + } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){ + +### +### Discard and Rollback IPFire n2n Package Settings +### + + } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'cancel'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){ + + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + +if ($confighash{$cgiparams{'KEY'}}) { + + my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf"); + my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + unlink ($certfile) or die "Removing $certfile fail: $!"; + unlink ($conffile) or die "Removing $conffile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!"; + delete $confighash{$cgiparams{'KEY'}}; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + + } else { + $errormessage = $Lang::tr{'invalid key'}; + } + + +### +# m.a.d net2net +### + + ### ### Adding a new connection ### } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) || ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) || ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) { - + &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { - if (! $confighash{$cgiparams{'KEY'}}[0]) { - $errormessage = $Lang::tr{'invalid key'}; - goto VPNCONF_END; - } - $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0]; - $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1]; - $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3]; - $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; - $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5]; - $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6]; - $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8]; - $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10]; - $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11]; - $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; - $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26]; -#new fields - $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27]; - $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28]; - $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29]; - $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30]; - $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31]; -#new fields -#ab hiere error uebernehmen - } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { + if (! $confighash{$cgiparams{'KEY'}}[0]) { + $errormessage = $Lang::tr{'invalid key'}; + goto VPNCONF_END; + } + $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0]; + $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1]; + $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3]; + $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; + $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5]; + $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6]; + $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8]; + $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10]; + $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11]; + $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22]; + $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23]; + $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24]; + $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; + $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26]; + $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27]; + $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28]; + $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29]; + $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30]; + $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31]; + $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32]; + my $name=$cgiparams{'CHECK1'} ; + $cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33]; + $cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34]; + $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35]; + $cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36]; + $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37]; + $cgiparams{'PMTU_DISCOVERY'} = $confighash{$cgiparams{'KEY'}}[38]; + } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); - if ($cgiparams{'TYPE'} !~ /^(host|net)$/) { + +#A.Marx CCD check iroute field and convert it to decimal +if ($cgiparams{'TYPE'} eq 'host') { + my @temp=(); + my %ccdroutehash=(); + my $keypoint=0; + if ($cgiparams{'IR'} ne ''){ + @temp = split("\n",$cgiparams{'IR'}); + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + #find key to use + foreach my $key (keys %ccdroutehash) { + if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) { + $keypoint=$key; + delete $ccdroutehash{$key}; + }else{ + $keypoint = &General::findhasharraykey (\%ccdroutehash); + } + } + $ccdroutehash{$keypoint}[0]=$cgiparams{'NAME'}; + my $i=1; + my $val=0; + foreach $val (@temp){ + chomp($val); + $val=~s/\s*$//g; + my($ip,$cidr) = split(/\//,$val); + $ip=&General::getnetworkip($ip,&General::iporsubtocidr($cidr)); + $cidr=&General::iporsubtodec($cidr); + + #check if iroute exists in ccdroute + foreach my $key (keys %ccdroutehash) { + foreach my $oldiroute ( 1 .. $#{$ccdroutehash{$key}}){ + if ($ccdroutehash{$key}[$oldiroute] eq "$ip/$cidr") { + $errormessage=$Lang::tr{'ccd err irouteexist'}; + goto VPNCONF_ERROR; + } + } + } + + #check for existing network IP's + if (&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0') + { + $errormessage=$Lang::tr{'ccd err green'}; + goto VPNCONF_ERROR; + }elsif(&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0') + { + $errormessage=$Lang::tr{'ccd err red'}; + goto VPNCONF_ERROR; + }elsif(&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '') + { + $errormessage=$Lang::tr{'ccd err blue'}; + goto VPNCONF_ERROR; + }elsif(&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' ) + { + $errormessage=$Lang::tr{'ccd err orange'}; + goto VPNCONF_ERROR; + } + + if (&General::validipandmask($val)){ + $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr; + }else{ + $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($ip/$cidr)"; + goto VPNCONF_ERROR; + } + $i++; + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + &writeserverconf; + }else{ + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + foreach my $key (keys %ccdroutehash) { + if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) { + delete $ccdroutehash{$key}; + &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + &writeserverconf; + } + } + } + undef @temp; + #check route field and convert it to decimal + my $val=0; + my $i=1; + &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); + #find key to use + foreach my $key (keys %ccdroute2hash) { + if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) { + $keypoint=$key; + delete $ccdroute2hash{$key}; + }else{ + $keypoint = &General::findhasharraykey (\%ccdroute2hash); + &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + &writeserverconf; + } + } + $ccdroute2hash{$keypoint}[0]=$cgiparams{'NAME'}; + if ($cgiparams{'IFROUTE'} eq ''){$cgiparams{'IFROUTE'} = $Lang::tr{'ccd none'};} + @temp = split(/\|/,$cgiparams{'IFROUTE'}); + my %ownnet=(); + &General::readhash("${General::swroot}/ethernet/settings", \%ownnet); + foreach $val (@temp){ + chomp($val); + $val=~s/\s*$//g; + if ($val eq $Lang::tr{'green'}) + { + $val=$ownnet{GREEN_NETADDRESS}."/".$ownnet{GREEN_NETMASK}; + } + if ($val eq $Lang::tr{'blue'}) + { + $val=$ownnet{BLUE_NETADDRESS}."/".$ownnet{BLUE_NETMASK}; + } + if ($val eq $Lang::tr{'orange'}) + { + $val=$ownnet{ORANGE_NETADDRESS}."/".$ownnet{ORANGE_NETMASK}; + } + my ($ip,$cidr) = split (/\//, $val); + + if ($val ne $Lang::tr{'ccd none'}) + { + if (! &check_routes_push($val)){$errormessage=$errormessage."Route $val ".$Lang::tr{'ccd err routeovpn2'}." ($val)";goto VPNCONF_ERROR;} + if (! &check_ccdroute($val)){$errormessage=$errormessage."
Route $val ".$Lang::tr{'ccd err inuse'}." ($val)" ;goto VPNCONF_ERROR;} + if (! &check_ccdconf($val)){$errormessage=$errormessage."
Route $val ".$Lang::tr{'ccd err routeovpn'}." ($val)";goto VPNCONF_ERROR;} + if (&General::validipandmask($val)){ + $val=$ip."/".&General::iporsubtodec($cidr); + $ccdroute2hash{$keypoint}[$i] = $val; + }else{ + $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)"; + goto VPNCONF_ERROR; + } + }else{ + $ccdroute2hash{$keypoint}[$i]=''; + } + $i++; + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); + + #check dns1 ip + if ($cgiparams{'CCD_DNS1'} ne '' && ! &General::validip($cgiparams{'CCD_DNS1'})) { + $errormessage=$errormessage."
".$Lang::tr{'invalid input for dhcp dns'}." 1"; + goto VPNCONF_ERROR; + } + #check dns2 ip + if ($cgiparams{'CCD_DNS2'} ne '' && ! &General::validip($cgiparams{'CCD_DNS2'})) { + $errormessage=$errormessage."
".$Lang::tr{'invalid input for dhcp dns'}." 2"; + goto VPNCONF_ERROR; + } + #check wins ip + if ($cgiparams{'CCD_WINS'} ne '' && ! &General::validip($cgiparams{'CCD_WINS'})) { + $errormessage=$errormessage."
".$Lang::tr{'invalid input for dhcp wins'}; + goto VPNCONF_ERROR; + } +} + +#CCD End + + + if ($cgiparams{'TYPE'} !~ /^(host|net)$/) { $errormessage = $Lang::tr{'connection type is invalid'}; + if ($cgiparams{'TYPE'} eq 'net') { + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + } goto VPNCONF_ERROR; } if ($cgiparams{'NAME'} !~ /^[a-zA-Z0-9]+$/) { $errormessage = $Lang::tr{'name must only contain characters'}; - goto VPNCONF_ERROR; - } + if ($cgiparams{'TYPE'} eq 'net') { + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + } + goto VPNCONF_ERROR; + } if ($cgiparams{'NAME'} =~ /^(host|01|block|private|clear|packetdefault)$/) { $errormessage = $Lang::tr{'name is invalid'}; + if ($cgiparams{'TYPE'} eq 'net') { + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + } goto VPNCONF_ERROR; } if (length($cgiparams{'NAME'}) >60) { $errormessage = $Lang::tr{'name too long'}; + if ($cgiparams{'TYPE'} eq 'net') { + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + } goto VPNCONF_ERROR; } +### +# m.a.d net2net +### + +if ($cgiparams{'TYPE'} eq 'net') { + + if ($cgiparams{'DEST_PORT'} eq $vpnsettings{'DDEST_PORT'}) { + $errormessage = $Lang::tr{'openvpn destination port used'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } + + if ($cgiparams{'DEST_PORT'} eq '') { + $errormessage = $Lang::tr{'openvpn destination port used'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } + + if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) { + $errormessage = $Lang::tr{'openvpn subnet is used'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } + + if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'MSSFIX'} eq 'on')) { + $errormessage = $Lang::tr{'openvpn mssfix allowed with udp'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } + + if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'FRAGMENT'} ne '')) { + $errormessage = $Lang::tr{'openvpn fragment allowed with udp'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } + + if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') && ($cgiparams{'MTU'} ne '1500')) { + $errormessage = $Lang::tr{'ovpn mtu-disc and mtu not 1500'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } + + if ($cgiparams{'PMTU_DISCOVERY'} ne 'off') { + if (($cgiparams{'FRAGMENT'} ne '') || ($cgiparams{'MSSFIX'} eq 'on')) { + $errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } + } + + if ( &validdotmask ($cgiparams{'LOCAL_SUBNET'})) { + $errormessage = $Lang::tr{'openvpn prefix local subnet'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } + + if ( &validdotmask ($cgiparams{'OVPN_SUBNET'})) { + $errormessage = $Lang::tr{'openvpn prefix openvpn subnet'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } + + if ( &validdotmask ($cgiparams{'REMOTE_SUBNET'})) { + $errormessage = $Lang::tr{'openvpn prefix remote subnet'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } + + if ($cgiparams{'OVPN_MGMT'} eq '') { + $cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'}; + } + +} + # if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) { # $errormessage = $Lang::tr{'ipfire side is invalid'}; # goto VPNCONF_ERROR; @@ -1874,6 +3542,10 @@ END foreach my $key (keys %confighash) { if ($confighash{$key}[1] eq $cgiparams{'NAME'}) { $errormessage = $Lang::tr{'a connection with this name already exists'}; + if ($cgiparams{'TYPE'} eq 'net') { + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + } goto VPNCONF_ERROR; } } @@ -1881,6 +3553,10 @@ END if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) { $errormessage = $Lang::tr{'invalid input for remote host/ip'}; + if ($cgiparams{'TYPE'} eq 'net') { + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + } goto VPNCONF_ERROR; } @@ -1888,10 +3564,17 @@ END if (! &General::validip($cgiparams{'REMOTE'})) { if (! &General::validfqdn ($cgiparams{'REMOTE'})) { $errormessage = $Lang::tr{'invalid input for remote host/ip'}; + if ($cgiparams{'TYPE'} eq 'net') { + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + } goto VPNCONF_ERROR; } else { if (&valid_dns_host($cgiparams{'REMOTE'})) { $warnmessage = "$Lang::tr{'check vpn lr'} $cgiparams{'REMOTE'}. $Lang::tr{'dns check failed'}"; + if ($cgiparams{'TYPE'} eq 'net') { + + } } } } @@ -1899,6 +3582,10 @@ END if ($cgiparams{'TYPE'} ne 'host') { unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) { $errormessage = $Lang::tr{'local subnet is invalid'}; + if ($cgiparams{'TYPE'} eq 'net') { + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + } goto VPNCONF_ERROR;} } # Check if there is no other entry without IP-address and PSK @@ -1914,7 +3601,9 @@ END } if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) { $errormessage = $Lang::tr{'remote subnet is invalid'}; - goto VPNCONF_ERROR; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; } if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) { @@ -1955,7 +3644,7 @@ END # Sign the certificate request and move it # Sign the host certificate request - system('/usr/bin/openssl', 'ca', '-days', '999999', + system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}", '-batch', '-notext', '-in', $filename, '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem", @@ -2134,7 +3823,7 @@ END } # Sign the host certificate request - system('/usr/bin/openssl', 'ca', '-days', '999999', + system('/usr/bin/openssl', 'ca', '-days', "$cgiparams{'DAYS_VALID'}", '-batch', '-notext', '-in', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}req.pem", '-out', "${General::swroot}/ovpn/certs/$cgiparams{'NAME'}cert.pem", @@ -2188,38 +3877,149 @@ END # Save the config my $key = $cgiparams{'KEY'}; + if (! $key) { $key = &General::findhasharraykey (\%confighash); - foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";} + foreach my $i (0 .. 38) { $confighash{$key}[$i] = "";} } - $confighash{$key}[0] = $cgiparams{'ENABLED'}; - $confighash{$key}[1] = $cgiparams{'NAME'}; + $confighash{$key}[0] = $cgiparams{'ENABLED'}; + $confighash{$key}[1] = $cgiparams{'NAME'}; if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') { - $confighash{$key}[2] = $cgiparams{'CERT_NAME'}; + $confighash{$key}[2] = $cgiparams{'CERT_NAME'}; } - $confighash{$key}[3] = $cgiparams{'TYPE'}; + + $confighash{$key}[3] = $cgiparams{'TYPE'}; if ($cgiparams{'AUTH'} eq 'psk') { - $confighash{$key}[4] = 'psk'; - $confighash{$key}[5] = $cgiparams{'PSK'}; + $confighash{$key}[4] = 'psk'; + $confighash{$key}[5] = $cgiparams{'PSK'}; } else { - $confighash{$key}[4] = 'cert'; + $confighash{$key}[4] = 'cert'; } if ($cgiparams{'TYPE'} eq 'net') { - $confighash{$key}[6] = $cgiparams{'SIDE'}; - $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; + $confighash{$key}[6] = $cgiparams{'SIDE'}; + $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; } - $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; - $confighash{$key}[10] = $cgiparams{'REMOTE'}; - $confighash{$key}[25] = $cgiparams{'REMARK'}; - $confighash{$key}[26] = $cgiparams{'INTERFACE'}; + $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; + $confighash{$key}[10] = $cgiparams{'REMOTE'}; + if ($cgiparams{'OVPN_MGMT'} eq '') { + $confighash{$key}[22] = $confighash{$key}[29]; + } else { + $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'}; + } + $confighash{$key}[23] = $cgiparams{'MSSFIX'}; + $confighash{$key}[24] = $cgiparams{'FRAGMENT'}; + $confighash{$key}[25] = $cgiparams{'REMARK'}; + $confighash{$key}[26] = $cgiparams{'INTERFACE'}; # new fields - $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'}; - $confighash{$key}[28] = $cgiparams{'PROTOCOL'}; - $confighash{$key}[29] = $cgiparams{'DEST_PORT'}; - $confighash{$key}[30] = $cgiparams{'COMPLZO'}; - $confighash{$key}[31] = $cgiparams{'MTU'}; -# new fileds + $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'}; + $confighash{$key}[28] = $cgiparams{'PROTOCOL'}; + $confighash{$key}[29] = $cgiparams{'DEST_PORT'}; + $confighash{$key}[30] = $cgiparams{'COMPLZO'}; + $confighash{$key}[31] = $cgiparams{'MTU'}; + $confighash{$key}[32] = $cgiparams{'CHECK1'}; + my $name=$cgiparams{'CHECK1'}; + $confighash{$key}[33] = $cgiparams{$name}; + $confighash{$key}[34] = $cgiparams{'RG'}; + $confighash{$key}[35] = $cgiparams{'CCD_DNS1'}; + $confighash{$key}[36] = $cgiparams{'CCD_DNS2'}; + $confighash{$key}[37] = $cgiparams{'CCD_WINS'}; + $confighash{$key}[38] = $cgiparams{'PMTU_DISCOVERY'}; + + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + + if ($cgiparams{'CHECK1'} ){ + + my ($ccdip,$ccdsub)=split "/",$cgiparams{$name}; + my ($a,$b,$c,$d) = split (/\./,$ccdip); + if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";} + open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!"; + print CCDRWCONF "# OpenVPN Clientconfig from CCD extension by Copymaster#\n\n"; + if($cgiparams{'CHECK1'} eq 'dynamic'){ + print CCDRWCONF "#This client uses the dynamic pool\n"; + }else{ + print CCDRWCONF "#Ip address client and Server\n"; + print CCDRWCONF "ifconfig-push $ccdip ".&General::getlastip($ccdip,1)."\n"; + } + if ($confighash{$key}[34] eq 'on'){ + print CCDRWCONF "\n#Redirect Gateway: \n#All IP traffic is redirected through the vpn \n"; + print CCDRWCONF "push redirect-gateway\n"; + } + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + if ($cgiparams{'IR'} ne ''){ + print CCDRWCONF "\n#Client routes these Networks (behind Client)\n"; + foreach my $key (keys %ccdroutehash){ + if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}){ + foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){ + my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]); + print CCDRWCONF "iroute $a $b\n"; + } + } + } + } + if ($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} ){$cgiparams{'IFROUTE'}='';} + if ($cgiparams{'IFROUTE'} ne ''){ + print CCDRWCONF "\n#Client gets routes to these Networks (behind IPFIRE)\n"; + foreach my $key (keys %ccdroute2hash){ + if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){ + foreach my $i ( 1 .. $#{$ccdroute2hash{$key}}){ + if($ccdroute2hash{$key}[$i] eq $Lang::tr{'blue'}){ + my %blue=(); + &General::readhash("${General::swroot}/ethernet/settings", \%blue); + print CCDRWCONF "push \"route $blue{BLUE_ADDRESS} $blue{BLUE_NETMASK}\n"; + }elsif($ccdroute2hash{$key}[$i] eq $Lang::tr{'orange'}){ + my %orange=(); + &General::readhash("${General::swroot}/ethernet/settings", \%orange); + print CCDRWCONF "push \"route $orange{ORANGE_ADDRESS} $orange{ORANGE_NETMASK}\n"; + }else{ + my ($a,$b)=split (/\//,$ccdroute2hash{$key}[$i]); + print CCDRWCONF "push \"route $a $b\"\n"; + } + } + } + } + } + if(($cgiparams{'CCD_DNS1'} eq '') && ($cgiparams{'CCD_DNS1'} ne '')){ $cgiparams{'CCD_DNS1'} = $cgiparams{'CCD_DNS2'};$cgiparams{'CCD_DNS2'}='';} + if($cgiparams{'CCD_DNS1'} ne ''){ + print CCDRWCONF "\n#Client gets these Nameservers\n"; + print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS1'}\" \n"; + } + if($cgiparams{'CCD_DNS2'} ne ''){ + print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS2'}\" \n"; + } + if($cgiparams{'CCD_WINS'} ne ''){ + print CCDRWCONF "\n#Client gets this WINS server\n"; + print CCDRWCONF "push \"dhcp-option WINS $cgiparams{'CCD_WINS'}\" \n"; + } + close CCDRWCONF; + } + +### +# m.a.d n2n begin +### + + if ($cgiparams{'TYPE'} eq 'net') { + + if (-e "/var/run/$confighash{$key}[1]n2n.pid") { + system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]); + + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + my $key = $cgiparams{'KEY'}; + if (! $key) { + $key = &General::findhasharraykey (\%confighash); + foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";} + } + $confighash{$key}[0] = 'on'; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + + system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]); + } + } + +### +# m.a.d n2n end +### + if ($cgiparams{'EDIT_ADVANCED'} eq 'on') { $cgiparams{'KEY'} = $key; $cgiparams{'ACTION'} = $Lang::tr{'advanced'}; @@ -2227,6 +4027,15 @@ END goto VPNCONF_END; } else { $cgiparams{'ENABLED'} = 'on'; +### +# m.a.d n2n begin +### + $cgiparams{'MSSFIX'} = 'on'; + $cgiparams{'FRAGMENT'} = '1300'; + $cgiparams{'PMTU_DISCOVERY'} = 'off'; +### +# m.a.d n2n end +### $cgiparams{'SIDE'} = 'left'; if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cgiparams{'AUTH'} = 'psk'; @@ -2261,6 +4070,11 @@ END $selected{'SIDE'}{'server'} = ''; $selected{'SIDE'}{'client'} = ''; $selected{'SIDE'}{$cgiparams{'SIDE'}} = 'SELECTED'; + + $selected{'PROTOCOL'}{'udp'} = ''; + $selected{'PROTOCOL'}{'tcp'} = ''; + $selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = 'SELECTED'; + $checked{'AUTH'}{'psk'} = ''; $checked{'AUTH'}{'certreq'} = ''; @@ -2274,6 +4088,12 @@ END $checked{'COMPLZO'}{'on'} = ''; $checked{'COMPLZO'}{$cgiparams{'COMPLZO'}} = 'CHECKED'; + $checked{'MSSFIX'}{'off'} = ''; + $checked{'MSSFIX'}{'on'} = ''; + $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED'; + + $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\''; + if (1) { &Header::showhttpheaders(); @@ -2302,12 +4122,17 @@ END } &Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:"); - print "\n"; - print ""; + print "
$Lang::tr{'name'}:
\n"; + + + + print ""; + if ($cgiparams{'TYPE'} eq 'host') { if ($cgiparams{'KEY'}) { - print "\n"; + print ""; } else { + print ""; } # print ""; @@ -2327,106 +4152,168 @@ END } else { print ""; } + + + print <  - + -ttt - - + + + + - + + + + + + + + + + - - + + + + + + + + + + + END - ; +; } +#jumper print ""; - print ""; - -# if ($cgiparams{'TYPE'} eq 'net') { - print "\n"; - -# if ($cgiparams{'KEY'}) { -# print "
$Lang::tr{'name'}: $cgiparams{'NAME'}$cgiparams{'NAME'}
$Lang::tr{'interface'} 
$Lang::tr{'Act as'} $Lang::tr{'remote host/ip'}:
$Lang::tr{'local subnet'} $Lang::tr{'remote subnet'}
$Lang::tr{'ovpn subnet'}
$Lang::tr{'protocol'}$Lang::tr{'destination port'}:$Lang::tr{'destination port'}:
$Lang::tr{'comp-lzo'}
$Lang::tr{'comp-lzo'}  
mssfix  $Lang::tr{'openvpn default'}: on
fragment  $Lang::tr{'openvpn default'}: 1300
$Lang::tr{'MTU'}  $Lang::tr{'openvpn default'}: udp/tcp 1500/1400
Management Port  $Lang::tr{'openvpn default'}: $Lang::tr{'destination port'}
$Lang::tr{'ovpn mtu-disc'} + $Lang::tr{'ovpn mtu-disc yes'} + $Lang::tr{'ovpn mtu-disc maybe'} + $Lang::tr{'ovpn mtu-disc no'} + $Lang::tr{'ovpn mtu-disc off'} +
$Lang::tr{'remark title'} 
$Lang::tr{'enabled'}  
"; -# } else { -# print " $Lang::tr{'edit advanced settings when done'}"; -# } -# }else{ - print " "; -# } - + print ""; + if ($cgiparams{'TYPE'} eq 'host') { + print "$Lang::tr{'enabled'} "; + } + print"

"; +#A.Marx CCD new client +if ($cgiparams{'TYPE'} eq 'host') { + print ""; + my %vpnnet=(); + my $vpnip; + &General::readhash("${General::swroot}/ovpn/settings", \%vpnnet); + $vpnip=$vpnnet{'DOVPN_SUBNET'}; + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + my @ccdconf=(); + my $count=0; + my $checked; + $checked{'check1'}{'off'} = ''; + $checked{'check1'}{'on'} = ''; + $checked{'check1'}{$cgiparams{'CHECK1'}} = 'CHECKED'; + print"

$Lang::tr{'ccd choose net'}
$Lang::tr{'ccd dynrange'} ($vpnip)"; + print"


"; + my $name=$cgiparams{'CHECK1'}; + $checked{'RG'}{$cgiparams{'RG'}} = 'CHECKED'; + + if (! -z "${General::swroot}/ovpn/ccd.conf"){ + print""; + foreach my $key (keys %ccdconfhash) { + $count++; + @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]); + if ($count % 2){print"";}else{print"";} + print""; + } + print "
$Lang::tr{'ccd name'}$Lang::tr{'network'}$Lang::tr{'ccd clientip'}
$ccdconf[0]$ccdconf[1]"; + &fillselectbox($ccdconf[1],$ccdconf[0],$cgiparams{$name}); + print"




"; + } +} +# ccd end &Header::closebox(); - if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') { - # &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'}); - # print < - # $Lang::tr{'use a pre-shared key'} - # - # -END - # ; - # &Header::closebox(); - } elsif (! $cgiparams{'KEY'}) { + + } elsif (! $cgiparams{'KEY'}) { + + my $disabled=''; my $cakeydisabled=''; my $cacrtdisabled=''; if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" }; if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" }; + &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'}); - print < + + $Lang::tr{'upload a certificate request'} + $Lang::tr{'upload a certificate'} +   +
+   + $Lang::tr{'generate a certificate'}  +  $Lang::tr{'users fullname or system hostname'}: +  $Lang::tr{'users email'}:  +  $Lang::tr{'users department'}:  +  $Lang::tr{'organization name'}:  +  $Lang::tr{'city'}:  +  $Lang::tr{'state or province'}:  +  $Lang::tr{'country'}: - $Lang::tr{'upload a certificate request'} - - - $Lang::tr{'upload a certificate'} - - - $Lang::tr{'generate a certificate'}  -   - $Lang::tr{'users fullname or system hostname'}: - -   - $Lang::tr{'users email'}:  - -   - $Lang::tr{'users department'}:  - -   - $Lang::tr{'organization name'}:  - -   - $Lang::tr{'city'}:  - -   - $Lang::tr{'state or province'}:  - -   - $Lang::tr{'country'}: - $Lang::tr{'generate a certificate'}  +  $Lang::tr{'users fullname or system hostname'}: +  $Lang::tr{'users email'}:  +  $Lang::tr{'users department'}:  +  $Lang::tr{'organization name'}:  +  $Lang::tr{'city'}:  +  $Lang::tr{'state or province'}:  +  $Lang::tr{'country'}: +   $Lang::tr{'pkcs12 file password'}:  $Lang::tr{'pkcs12 file password'}:
($Lang::tr{'confirmation'}) - +   +
+ * $Lang::tr{'this field may be blank'} + +END +}else{ + print < +     +     +
+ * $Lang::tr{'this field may be blank'} + + END +} + +### +# m.a.d net2net +### ; &Header::closebox(); + } +#A.Marx CCD new client +if ($cgiparams{'TYPE'} eq 'host') { + print"

"; + &Header::openbox('100%', 'LEFT', "$Lang::tr{'ccd client options'}:"); + + + print < + Redirect Gateway: +
$Lang::tr{'ccd routes'} +   + $Lang::tr{'ccd iroute'}$Lang::tr{'ccd iroutehint'} +
+ $Lang::tr{'ccd iroute2'} + DNS2: + WINS:
+ +END +; + &Header::closebox(); +} print "
"; if ($cgiparams{'KEY'}) { # print ""; @@ -2473,24 +4491,21 @@ END my @status = `/bin/cat /var/log/ovpnserver.log`; if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") { - if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) { - my $ipaddr = ; - close IPADDR; - chomp ($ipaddr); - $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0]; - if ($cgiparams{'VPN_IP'} eq '') { - $cgiparams{'VPN_IP'} = $ipaddr; - } - } + if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) { + my $ipaddr = ; + close IPADDR; + chomp ($ipaddr); + $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0]; + if ($cgiparams{'VPN_IP'} eq '') { + $cgiparams{'VPN_IP'} = $ipaddr; + } + } } #default setzen if ($cgiparams{'DCIPHER'} eq '') { $cgiparams{'DCIPHER'} = 'BF-CBC'; } -# if ($cgiparams{'DCOMPLZO'} eq '') { -# $cgiparams{'DCOMPLZO'} = 'on'; -# } if ($cgiparams{'DDEST_PORT'} eq '') { $cgiparams{'DDEST_PORT'} = '1194'; } @@ -2500,8 +4515,7 @@ END if ($cgiparams{'DOVPN_SUBNET'} eq '') { $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0'; } - - $checked{'ENABLED'}{'off'} = ''; + $checked{'ENABLED'}{'off'} = ''; $checked{'ENABLED'}{'on'} = ''; $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED'; $checked{'ENABLED_BLUE'}{'off'} = ''; @@ -2510,9 +4524,6 @@ END $checked{'ENABLED_ORANGE'}{'off'} = ''; $checked{'ENABLED_ORANGE'}{'on'} = ''; $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED'; - - -#new settings $selected{'DDEVICE'}{'tun'} = ''; $selected{'DDEVICE'}{'tap'} = ''; $selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED'; @@ -2537,7 +4548,10 @@ END $checked{'DCOMPLZO'}{'off'} = ''; $checked{'DCOMPLZO'}{'on'} = ''; $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED'; - +# m.a.d + $checked{'MSSFIX'}{'off'} = ''; + $checked{'MSSFIX'}{'on'} = ''; + $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED'; #new settings &Header::showhttpheaders(); &Header::openpage($Lang::tr{'status ovpn'}, 1, ''); @@ -2560,10 +4574,9 @@ END } else { $activeonrun = "disabled='disabled'"; } - &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'}); - print "
ZERINA-0.9.4i
"; - print < + &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'}); + print <
    @@ -2571,7 +4584,7 @@ END $Lang::tr{'ovpn server status'} $sactive $Lang::tr{'ovpn on red'} - + END ; if (&haveBlueNet()) { @@ -2587,7 +4600,8 @@ END $Lang::tr{'ovpn subnet'}
$Lang::tr{'ovpn device'} + $Lang::tr{'protocol'} @@ -2609,18 +4623,20 @@ END - + +
END ; if ( $srunning eq "yes" ) { - print ""; - print ""; - print ""; - print ""; + print ""; + print ""; + print ""; + print ""; } else{ - print ""; - print ""; + print ""; + print ""; + print ""; if (( -e "${General::swroot}/ovpn/ca/cacert.pem" && -e "${General::swroot}/ovpn/ca/dh1024.pem" && -e "${General::swroot}/ovpn/certs/servercert.pem" && @@ -2628,11 +4644,9 @@ END (( $cgiparams{'ENABLED'} eq 'on') || ( $cgiparams{'ENABLED_BLUE'} eq 'on') || ( $cgiparams{'ENABLED_ORANGE'} eq 'on'))){ - print ""; - print ""; + print ""; } else { - print ""; - print ""; + print ""; } } print "
"; @@ -2663,7 +4677,7 @@ EOF
- +
  @@ -2696,7 +4710,7 @@ END
- +
  @@ -2735,7 +4749,7 @@ END
- +
@@ -2759,23 +4773,24 @@ END   $Lang::tr{'legend'}:     $Lang::tr{ $Lang::tr{'show certificate'} -     $Lang::tr{ +     $Lang::tr{ $Lang::tr{'download certificate'} END - ; +; } - print < - - - - -
$Lang::tr{'ca name'}: -
+ +print < + + + + +
$Lang::tr{'ca name'}:
END - ; +; + &Header::closebox(); if ( $srunning eq "yes" ) { @@ -2784,15 +4799,22 @@ END print "
\n"; } if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) { + +### +# m.a.d net2net +#$Lang::tr{'remark'}
L2089 +### + &Header::openbox('100%', 'LEFT', $Lang::tr{'Client status and controlc' }); print < $Lang::tr{'name'} $Lang::tr{'type'} - $Lang::tr{'common name'} - $Lang::tr{'valid till'} - $Lang::tr{'remark'}
L2089 + $Lang::tr{'network'} + $Lang::tr{'remark'} $Lang::tr{'status'} $Lang::tr{'action'} @@ -2800,7 +4822,7 @@ END ; my $id = 0; my $gif; - foreach my $key (keys %confighash) { + foreach my $key (sort { uc($confighash{$a}[1]) cmp uc($confighash{$b}[1]) } keys %confighash) { if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; } if ($id % 2) { @@ -2810,23 +4832,64 @@ END } print "$confighash{$key}[1]"; print "" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")"; - if ($confighash{$key}[4] eq 'cert') { - print "$confighash{$key}[2]"; - } else { - print " "; - } + #if ($confighash{$key}[4] eq 'cert') { + #print "$confighash{$key}[2]"; + #} else { + #print " "; + #} my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`; $cavalid =~ /Not After : (.*)[\n]/; $cavalid = $1; - print "$cavalid"; + if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]="net-2-net";} + if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'host' ){$confighash{$key}[32]="dynamic";} + print "$confighash{$key}[32]"; print "$confighash{$key}[25]"; + my $active = "
$Lang::tr{'capsclosed'}
"; + if ($confighash{$key}[0] eq 'off') { - $active = "
$Lang::tr{'capsclosed'}
"; + $active = "
$Lang::tr{'capsclosed'}
"; } else { - my $cn; + +### +# m.a.d net2net +### + + if ($confighash{$key}[3] eq 'net') { + + if (-e "/var/run/$confighash{$key}[1]n2n.pid") { + my @output = ""; + my @tustate = ""; + my $tport = $confighash{$key}[22]; + my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport); + if ($tport ne '') { + $tnet->open('127.0.0.1'); + @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/'); + @tustate = split(/\,/, $output[1]); +### +#CONNECTING -- OpenVPN's initial state. +#WAIT -- (Client only) Waiting for initial response from server. +#AUTH -- (Client only) Authenticating with server. +#GET_CONFIG -- (Client only) Downloading configuration options from server. +#ASSIGN_IP -- Assigning IP address to virtual network interface. +#ADD_ROUTES -- Adding routes to system. +#CONNECTED -- Initialization Sequence Completed. +#RECONNECTING -- A restart has occurred. +#EXITING -- A graceful exit is in progress. +#### + + if ( $tustate[1] eq 'CONNECTED') { + $active = "
$Lang::tr{'capsopen'}
"; + } else { + $active = "
$tustate[1]
"; + } + } + } + } else { + + my $cn; my @match = (); - foreach my $line (@status) { + foreach my $line (@status) { chomp($line); if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) { @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line); @@ -2837,9 +4900,13 @@ END if ($cn eq "$confighash{$key}[2]") { $active = "
$Lang::tr{'capsopen'}
"; } - } - } + } + } +} +} + + my $disable_clientdl = "disabled='disabled'"; if (( $cgiparams{'ENABLED'} eq 'on') || ( $cgiparams{'ENABLED_BLUE'} eq 'on') || @@ -2870,7 +4937,7 @@ END if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") { print < - + @@ -2878,7 +4945,7 @@ END ; } elsif ($confighash{$key}[4] eq 'cert') { print < - + @@ -2913,7 +4980,7 @@ END # If the config file contains entries, print Key to action icons if ( $id ) { print < + @@ -2929,12 +4996,12 @@ END - + - + -
  $Lang::tr{'legend'}:   $Lang::tr{    ?OFF $Lang::tr{'click to enable'}    ?FLOPPY ?FLOPPY $Lang::tr{'download certificate'}    ?RELOAD ?RELOAD $Lang::tr{'dl client arch'}
+
END ; } @@ -2942,8 +5009,8 @@ END print <
- - + +
END @@ -2951,3 +5018,6 @@ END &Header::closebox(); } &Header::closepage(); + + +