X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fovpnmain.cgi;h=7b1654fb937cfc0c211f753f3934784c4a14577a;hp=d302cf52407adeec7d62da555b266b53eebb3023;hb=3932f02ba33e0f0b7686db4bd6f4609ae7e3d370;hpb=350f298025cf2f46ad9c25e4936e9aa9682ee452 diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi old mode 100755 new mode 100644 index d302cf524..7b1654fb9 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2011 IPFire Team # +# Copyright (C) 2007-2013 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -30,6 +30,7 @@ use File::Copy; use File::Temp qw/ tempfile tempdir /; use strict; use Archive::Zip qw(:ERROR_CODES :CONSTANTS); +use Sort::Naturally; require '/var/ipfire/general-functions.pl'; require "${General::swroot}/lang.pl"; require "${General::swroot}/header.pl"; @@ -50,6 +51,9 @@ my %mainsettings = (); ### ### Initialize variables ### +my %ccdconfhash=(); +my %ccdroutehash=(); +my %ccdroute2hash=(); my %netsettings=(); my %cgiparams=(); my %vpnsettings=(); @@ -61,6 +65,11 @@ my $warnmessage = ''; my $errormessage = ''; my %settings=(); my $routes_push_file = ''; +my $confighost="${General::swroot}/fwhosts/customhosts"; +my $configgrp="${General::swroot}/fwhosts/customgroups"; +my $customnet="${General::swroot}/fwhosts/customnetworks"; +my $name; +my $col=""; &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); $cgiparams{'ENABLED'} = 'off'; $cgiparams{'ENABLED_BLUE'} = 'off'; @@ -120,21 +129,6 @@ sub sizeformat{ return("$newsize $units[$i]"); } -sub valid_dns_host { - my $hostname = $_[0]; - unless ($hostname) { return "No hostname"}; - my $res = new Net::DNS::Resolver; - my $query = $res->search("$hostname"); - if ($query) { - foreach my $rr ($query->answer) { - ## Potential bug - we are only looking at A records: - return 0 if $rr->type eq "A"; - } - } else { - return $res->errorstring; - } -} - sub cleanssldatabase { if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) { @@ -173,49 +167,29 @@ sub deletebackupcert unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem"); } } - sub checkportfw { - my $KEY2 = $_[0]; # key2 - my $SRC_PORT = $_[1]; # src_port - my $PROTOCOL = $_[2]; # protocol - my $SRC_IP = $_[3]; # sourceip - - my $pfwfilename = "${General::swroot}/portfw/config"; - open(FILE, $pfwfilename) or die 'Unable to open config file.'; - my @pfwcurrent = ; - close(FILE); - my $pfwkey1 = 0; # used for finding last sequence number used - foreach my $pfwline (@pfwcurrent) - { - my @pfwtemp = split(/\,/,$pfwline); - - chomp ($pfwtemp[8]); - if ($KEY2 eq "0"){ # if key2 is 0 then it is a portfw addition - if ( $SRC_PORT eq $pfwtemp[3] && - $PROTOCOL eq $pfwtemp[2] && - $SRC_IP eq $pfwtemp[7]) - { - $errormessage = "$Lang::tr{'source port in use'} $SRC_PORT"; - } - # Check if key2 = 0, if it is then it is a port forward entry and we want the sequence number - if ( $pfwtemp[1] eq "0") { - $pfwkey1=$pfwtemp[0]; - } - # Darren Critchley - Duplicate or overlapping Port range check - if ($pfwtemp[1] eq "0" && - $PROTOCOL eq $pfwtemp[2] && - $SRC_IP eq $pfwtemp[7] && - $errormessage eq '') - { - &portchecks($SRC_PORT, $pfwtemp[5]); -# &portchecks($pfwtemp[3], $pfwtemp[5]); -# &portchecks($pfwtemp[3], $SRC_IP); + my $DPORT = shift; + my $DPROT = shift; + my %natconfig =(); + my $confignat = "${General::swroot}/firewall/config"; + $DPROT= uc ($DPROT); + &General::readhasharray($confignat, \%natconfig); + foreach my $key (sort keys %natconfig){ + my @portarray = split (/\|/,$natconfig{$key}[30]); + foreach my $value (@portarray){ + if ($value =~ /:/i){ + my ($a,$b) = split (":",$value); + if ($DPROT eq $natconfig{$key}[12] && $DPORT gt $a && $DPORT lt $b){ + $errormessage= "$Lang::tr{'source port in use'} $DPORT"; + } + }else{ + if ($DPROT eq $natconfig{$key}[12] && $DPORT eq $value){ + $errormessage= "$Lang::tr{'source port in use'} $DPORT"; + } + } } } - } -# $errormessage="$KEY2 $SRC_PORT $PROTOCOL $SRC_IP"; - - return; + return; } sub checkportoverlap @@ -247,32 +221,6 @@ sub checkportinc return 0; } } -# Darren Critchley - Duplicate or overlapping Port range check -sub portchecks -{ - my $p1 = $_[0]; # New port range - my $p2 = $_[1]; # existing port range -# $_ = $_[0]; - our ($prtrange1, $prtrange2); - $prtrange1 = 0; -# if (m/:/ && $prtrange1 == 1) { # comparing two port ranges -# unless (&checkportoverlap($p1,$p2)) { -# $errormessage = "$Lang::tr{'source port overlaps'} $p1"; -# } -# } - if (m/:/ && $prtrange1 == 0 && $errormessage eq '') { # compare one port to a range - unless (&checkportinc($p2,$p1)) { - $errormessage = "$Lang::tr{'srcprt within existing'} $p1"; - } - } - $prtrange1 = 1; - if (! m/:/ && $prtrange1 == 1 && $errormessage eq '') { # compare one port to a range - unless (&checkportinc($p1,$p2)) { - $errormessage = "$Lang::tr{'srcprt range overlaps'} $p2"; - } - } - return; -} # Darren Critchley - certain ports are reserved for IPFire # TCP 67,68,81,222,445 @@ -318,7 +266,6 @@ sub disallowreserved return; } - sub writeserverconf { my %sovpnsettings = (); my @temp = (); @@ -354,7 +301,9 @@ sub writeserverconf { { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } - elsif ($sovpnsettings{'PMTU_DISCOVERY'} ne 'off') + elsif (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') || + ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') || + ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' )) { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } else { print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; } @@ -395,8 +344,11 @@ sub writeserverconf { print CONF "fragment $sovpnsettings{'FRAGMENT'}\n"; } - if ($sovpnsettings{PMTU_DISCOVERY} ne 'off') { - print CONF "mtu-disc $sovpnsettings{'PMTU_DISCOVERY'}\n"; + # Check if a valid operating mode has been choosen and use it. + if (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') || + ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') || + ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' )) { + print CONF "mtu-disc $sovpnsettings{'PMTU_DISCOVERY'}\n"; } if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) { @@ -429,7 +381,7 @@ sub writeserverconf { if ($sovpnsettings{DHCP_WINS} ne '') { print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n"; } - print CONF "tls-verify /var/ipfire/ovpn/verify\n"; + print CONF "tls-verify /usr/lib/openvpn/verify\n"; print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n"; print CONF "user nobody\n"; print CONF "group nobody\n"; @@ -486,49 +438,42 @@ sub addccdnet my @ccdconf=(); my $ccdname=$_[0]; my $ccdnet=$_[1]; - my $ovpnsubnet=$_[2]; my $subcidr; my @ip2=(); my $checkup; my $ccdip; my $baseaddress; - if(!&General::validhostname($ccdname)){ + + + #check name + if ($ccdname eq '') + { + $errormessage=$errormessage.$Lang::tr{'ccd err name'}."
"; + return + } + + if(!&General::validhostname($ccdname)) + { $errormessage=$Lang::tr{'ccd err invalidname'}; return; } - #check ip - if (&General::validipandmask($ccdnet)){ - $ccdnet=&General::iporsubtocidr($ccdnet); - }else{ + + ($ccdip,$subcidr) = split (/\//,$ccdnet); + $subcidr=&General::iporsubtocidr($subcidr); + #check subnet + if ($subcidr > 30) + { $errormessage=$Lang::tr{'ccd err invalidnet'}; return; } - ($ccdip,$subcidr) = split (/\//,$ccdnet); - if ($ccdname eq '') { - $errormessage=$errormessage.$Lang::tr{'ccd err name'}."
"; - } - #check if we try to use same network as ovpn server - if (&General::iporsubtocidr($ccdnet) eq &General::iporsubtocidr($ovpnsubnet)) { - $errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."
"; - } - - #check if we use a name/subnet that already exists - &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); - foreach my $key (keys %ccdconfhash) { - @ccdconf=split(/\//,$ccdconfhash{$key}[1]); - if ($ccdname eq $ccdconfhash{$key}[0]) {$errormessage=$errormessage.$Lang::tr{'ccd err nameexist'}."
";} - my ($newip,$newsub) = split(/\//,$ccdnet); - if (&General::IpInSubnet($newip,$ccdconf[0],&General::iporsubtodec($ccdconf[1]))) {$errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."
";} - + #check ip + if (!&General::validipandmask($ccdnet)){ + $errormessage=$Lang::tr{'ccd err invalidnet'}; + return; } - #check if we use one of ipfire's networks (green,orange,blue) - my %ownnet=(); - &General::readhash("${General::swroot}/ethernet/settings", \%ownnet); - if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err green'};} - if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err orange'};} - if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err blue'};} - if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'RED_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err red'};} - + + $errormessage=&General::checksubnets($ccdname,$ccdnet); + if (!$errormessage) { my %ccdconfhash=(); @@ -609,7 +554,7 @@ sub getccdadresses my %ccdhash=(); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); $iprange[0]=$ip1.".".$ip2.".".$ip3.".".2; - for (my $i=0;$i<=$count-1;$i++) { + for (my $i=1;$i<=$count;$i++) { my $tmpip=$iprange[$i-1]; my $stepper=$i*4; $iprange[$i]= &General::getnextip($tmpip,4); @@ -848,7 +793,10 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'}; } - if ($cgiparams{'PMTU_DISCOVERY'} ne 'off') { + if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') || + ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') || + ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) { + if (($cgiparams{'MSSFIX'} eq 'on') || ($cgiparams{'FRAGMENT'} ne '')) { $errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'}; goto ADV_ERROR; @@ -856,7 +804,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { } if ($cgiparams{'DHCP_DOMAIN'} ne ''){ - unless (&General::validfqdn($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) { + unless (&General::validdomainname($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) { $errormessage = $Lang::tr{'invalid input for dhcp domain'}; goto ADV_ERROR; } @@ -975,7 +923,11 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "persist-key\n"; print SERVERCONF "script-security 2\n"; print SERVERCONF "# IP/DNS for remote Server Gateway\n"; + + if ($cgiparams{'REMOTE'} ne '') { print SERVERCONF "remote $cgiparams{'REMOTE'}\n"; + } + print SERVERCONF "float\n"; print SERVERCONF "# IP adresses of the VPN Subnet\n"; print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; @@ -1001,7 +953,11 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";} if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; }; } - if ($cgiparams{'PMTU_DISCOVERY'} ne 'off') { + + # Check if a valid operating mode has been choosen and use it. + if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') || + ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') || + ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) { if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) { if($cgiparams{'MTU'} eq '1500') { print SERVERCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n"; @@ -1086,13 +1042,18 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";} if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; }; } - if ($cgiparams{'PMTU_DISCOVERY'} ne 'off') { + + # Check if a valid operating mode has been choosen and use it. + if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') || + ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') || + ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) { if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) { if ($cgiparams{'MTU'} eq '1500') { print CLIENTCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n"; } } - } + } + print CLIENTCONF "ns-cert-type server\n"; print CLIENTCONF "# Auth. Client\n"; print CLIENTCONF "tls-client\n"; @@ -1139,7 +1100,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg if ($cgiparams{'ENABLED'} eq 'on'){ - &checkportfw(0,$cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'},'0.0.0.0'); + &checkportfw($cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'}); } if ($errormessage) { goto SETTINGS_ERROR; } @@ -2020,7 +1981,9 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";} if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";} } - if ($confighash{$cgiparams{'KEY'}}[38] ne 'off') { + if (($confighash{$cgiparams{'KEY'}}[38] eq 'yes') || + ($confighash{$cgiparams{'KEY'}}[38] eq 'maybe') || + ($confighash{$cgiparams{'KEY'}}[38] eq 'no' )) { if (($confighash{$cgiparams{'KEY'}}[23] ne 'on') || ($confighash{$cgiparams{'KEY'}}[24] eq '')) { if ($tunmtu eq '1500' ) { print CLIENTCONF "mtu-disc $confighash{$cgiparams{'KEY'}}[38]\n"; @@ -2083,18 +2046,20 @@ else print CLIENTCONF "#OpenVPN Client conf\r\n"; print CLIENTCONF "tls-client\r\n"; print CLIENTCONF "client\r\n"; - print CLIENTCONF "nobind\n"; + print CLIENTCONF "nobind\r\n"; print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n"; print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n"; # Check if we are using fragment, mssfix or mtu-disc and set MTU to 1500 # or use configured value. if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) - { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; } + { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; } elsif ($vpnsettings{MSSFIX} eq 'on') - { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; } - elsif ($vpnsettings{PMTU_DISCOVERY} ne 'off') - { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; } + { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; } + elsif (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') || + ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') || + ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' )) + { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; } else { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; } @@ -2141,9 +2106,13 @@ else if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) { print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n"; } - if ($vpnsettings{PMTU_DISCOVERY} ne 'off') { + + # Check if a valid operating mode has been choosen and use it. + if (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') || + ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') || + ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' )) { if(($vpnsettings{MSSFIX} ne 'on') || ($vpnsettings{FRAGMENT} eq '')) { - print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\n"; + print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\r\n"; } } close(CLIENTCONF); @@ -2182,14 +2151,15 @@ else # m.a.d net2net ### - if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { - +if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf"); - my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); - unlink ($certfile) or die "Removing $certfile fail: $!"; - unlink ($conffile) or die "Removing $conffile fail: $!"; - rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!"; - + my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + unlink ($certfile); + unlink ($conffile); + + if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") { + rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!"; + } } unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); @@ -2202,7 +2172,7 @@ else { unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]"; } - my %ccdroutehash=(); + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); foreach my $key (keys %ccdroutehash) { if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){ @@ -2210,7 +2180,7 @@ else } } &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); - my %ccdroute2hash=(); + &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); foreach my $key (keys %ccdroute2hash) { if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){ @@ -2218,7 +2188,7 @@ else } } &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); - + &writeserverconf; # CCD end @@ -2315,6 +2285,9 @@ ADV_ERROR: if ($cgiparams{'LOG_VERB'} eq '') { $cgiparams{'LOG_VERB'} = '3'; } + if ($cgiparams{'PMTU_DISCOVERY'} eq '') { + $cgiparams{'PMTU_DISCOVERY'} = 'off'; + } $checked{'CLIENT2CLIENT'}{'off'} = ''; $checked{'CLIENT2CLIENT'}{'on'} = ''; $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED'; @@ -2351,7 +2324,7 @@ ADV_ERROR: } &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'}); print < +
@@ -2412,7 +2385,7 @@ print < - @@ -2483,7 +2456,21 @@ if ( -e "/var/run/openvpn.pid"){ print"
$Lang::tr{'attention'}:
$Lang::tr{'server restart'}

"; -} + print< + + + + + + +
$Lang::tr{'dhcp-options'}
Keppalive
+ 		Keepalive
(ping/ping-restart)
  
+
+END +; + + +}else{ print< @@ -2497,7 +2484,7 @@ print< END ; - +} &Header::closebox(); # print ""; &Header::closebigbox(); @@ -2523,10 +2510,12 @@ END if ($cgiparams{'ACTION'} eq 'editsave'){ my ($a,$b) =split (/\|/,$cgiparams{'ccdname'}); if ( $a ne $b){ &modccdnet($a,$b);} + $cgiparams{'ccdname'}=''; + $cgiparams{'ccdsubnet'}=''; } if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) { - &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'},$cgiparams{'DOVPN_SUBNET'}); + &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'}); } if ($errormessage) { &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); @@ -2577,8 +2566,13 @@ END &Header::closebox(); } &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} ); + if ( -e "/var/run/openvpn.pid"){ + print "$Lang::tr{'attention'}:
"; + print "$Lang::tr{'ccd noaddnet'}
"; + } + print < + END @@ -2588,7 +2582,7 @@ END &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); my @ccdconf=(); my $count=0; - foreach my $key (keys %ccdconfhash) { + foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) { @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]); $count++; my $ccdhosts = &hostsinnet($ccdconf[0]); @@ -2632,15 +2626,15 @@ END # # protocol temp removed print < +
$Lang::tr{'ccd name'}$Lang::tr{'network'}$Lang::tr{'ccd used'}
$Lang::tr{'protocol'}
- - - - - - - + + + + + + + END ; @@ -2691,22 +2685,23 @@ END } my $user2 = @users; if ($user2 >= 1){ - for (my $idx = 1; $idx <= $user2; $idx++){ + for (my $idx = 1; $idx <= $user2; $idx++){ if ($idx % 2) { - print "\n"; - } else { - print "\n"; + print ""; + $col="bgcolor='$color{'color22'}'"; + } else { + print ""; + $col="bgcolor='$color{'color20'}'"; } - print ""; - print ""; - print ""; - print ""; - print ""; - print ""; - print ""; -# print ""; - } - } + print ""; + print ""; + print ""; + print ""; + print ""; + print ""; + print ""; + } + } print "
$Lang::tr{'common name'}$Lang::tr{'real address'}$Lang::tr{'virtual address'}$Lang::tr{'loged in at'}$Lang::tr{'bytes sent'}$Lang::tr{'bytes received'}$Lang::tr{'last activity'}$Lang::tr{'common name'}$Lang::tr{'real address'}$Lang::tr{'virtual address'}$Lang::tr{'loged in at'}$Lang::tr{'bytes sent'}$Lang::tr{'bytes received'}$Lang::tr{'last activity'}
$users[$idx-1]{'CommonName'}$users[$idx-1]{'RealAddress'}$users[$idx-1]{'VirtualAddress'}$users[$idx-1]{'Since'}$users[$idx-1]{'BytesSent'}$users[$idx-1]{'BytesReceived'}$users[$idx-1]{'LastRef'}$users[$idx-1]{'Proto'}$users[$idx-1]{'CommonName'}$users[$idx-1]{'RealAddress'}$users[$idx-1]{'VirtualAddress'}$users[$idx-1]{'Since'}$users[$idx-1]{'BytesSent'}$users[$idx-1]{'BytesReceived'}$users[$idx-1]{'LastRef'}
"; print <Route $val ".$Lang::tr{'ccd err inuse'}." ($val)" ;goto VPNCONF_ERROR;} if (! &check_ccdconf($val)){$errormessage=$errormessage."
Route $val ".$Lang::tr{'ccd err routeovpn'}." ($val)";goto VPNCONF_ERROR;} @@ -3366,10 +3379,13 @@ if ($confighash{$cgiparams{'KEY'}}) { $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)"; goto VPNCONF_ERROR; } - $i++; - } - &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); - } + }else{ + $ccdroute2hash{$keypoint}[$i]=''; + } + $i++; + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); + #check dns1 ip if ($cgiparams{'CCD_DNS1'} ne '' && ! &General::validip($cgiparams{'CCD_DNS1'})) { $errormessage=$errormessage."
".$Lang::tr{'invalid input for dhcp dns'}." 1"; @@ -3385,10 +3401,10 @@ if ($confighash{$cgiparams{'KEY'}}) { $errormessage=$errormessage."
".$Lang::tr{'invalid input for dhcp wins'}; goto VPNCONF_ERROR; } - +} #CCD End - + if ($cgiparams{'TYPE'} !~ /^(host|net)$/) { $errormessage = $Lang::tr{'connection type is invalid'}; @@ -3432,21 +3448,36 @@ if ($confighash{$cgiparams{'KEY'}}) { ### if ($cgiparams{'TYPE'} eq 'net') { - - if ($cgiparams{'DEST_PORT'} eq $vpnsettings{'DDEST_PORT'}) { + if ($cgiparams{'DEST_PORT'} eq $vpnsettings{'DDEST_PORT'}) { $errormessage = $Lang::tr{'openvpn destination port used'}; unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; goto VPNCONF_ERROR; } - - if ($cgiparams{'DEST_PORT'} eq '') { + #Bugfix 10357 + foreach my $key (sort keys %confighash){ + if ( ($confighash{$key}[22] eq $cgiparams{'DEST_PORT'} && $cgiparams{'NAME'} ne $confighash{$key}[1]) || ($confighash{$key}[29] eq $cgiparams{'DEST_PORT'} && $cgiparams{'NAME'} ne $confighash{$key}[1])){ $errormessage = $Lang::tr{'openvpn destination port used'}; unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } + } + if ($cgiparams{'DEST_PORT'} eq '') { + $errormessage = $Lang::tr{'invalid port'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; goto VPNCONF_ERROR; } + # Check if the input for the transfer net is valid. + if (!&General::validipandmask($cgiparams{'OVPN_SUBNET'})){ + $errormessage = $Lang::tr{'ccd err invalidnet'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } + if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) { $errormessage = $Lang::tr{'openvpn subnet is used'}; unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; @@ -3468,13 +3499,6 @@ if ($cgiparams{'TYPE'} eq 'net') { goto VPNCONF_ERROR; } - if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') && ($cgiparams{'MTU'} ne '1500')) { - $errormessage = $Lang::tr{'ovpn mtu-disc and mtu not 1500'}; - unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; - rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; - goto VPNCONF_ERROR; - } - if ($cgiparams{'PMTU_DISCOVERY'} ne 'off') { if (($cgiparams{'FRAGMENT'} ne '') || ($cgiparams{'MSSFIX'} eq 'on')) { $errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'}; @@ -3484,6 +3508,13 @@ if ($cgiparams{'TYPE'} eq 'net') { } } + if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') && ($cgiparams{'MTU'} ne '1500')) { + $errormessage = $Lang::tr{'ovpn mtu-disc and mtu not 1500'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } + if ( &validdotmask ($cgiparams{'LOCAL_SUBNET'})) { $errormessage = $Lang::tr{'openvpn prefix local subnet'}; unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; @@ -3530,34 +3561,36 @@ if ($cgiparams{'TYPE'} eq 'net') { } } - if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) { - $errormessage = $Lang::tr{'invalid input for remote host/ip'}; - if ($cgiparams{'TYPE'} eq 'net') { - unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; - rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; - } - goto VPNCONF_ERROR; - } + # Check if a remote host/IP has been set for the client. + if ($cgiparams{'TYPE'} eq 'net') { + if ($cgiparams{'SIDE'} ne 'server' && $cgiparams{'REMOTE'} eq '') { + $errormessage = $Lang::tr{'invalid input for remote host/ip'}; - if ($cgiparams{'REMOTE'}) { - if (! &General::validip($cgiparams{'REMOTE'})) { - if (! &General::validfqdn ($cgiparams{'REMOTE'})) { - $errormessage = $Lang::tr{'invalid input for remote host/ip'}; - if ($cgiparams{'TYPE'} eq 'net') { - unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; - rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; - } - goto VPNCONF_ERROR; - } else { - if (&valid_dns_host($cgiparams{'REMOTE'})) { - $warnmessage = "$Lang::tr{'check vpn lr'} $cgiparams{'REMOTE'}. $Lang::tr{'dns check failed'}"; - if ($cgiparams{'TYPE'} eq 'net') { + # Check if this is a N2N connection and drop temporary config. + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; - } - } + goto VPNCONF_ERROR; + } + + # Check if a remote host/IP has been configured - the field can be empty on the server side. + if ($cgiparams{'REMOTE'} ne '') { + # Check if the given IP is valid - otherwise check if it is a valid domain. + if (! &General::validip($cgiparams{'REMOTE'})) { + # Check for a valid domain. + if (! &General::validfqdn ($cgiparams{'REMOTE'})) { + $errormessage = $Lang::tr{'invalid input for remote host/ip'}; + + # Check if this is a N2N connection and drop temporary config. + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + + goto VPNCONF_ERROR; + } + } } - } } + if ($cgiparams{'TYPE'} ne 'host') { unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) { $errormessage = $Lang::tr{'local subnet is invalid'}; @@ -3854,7 +3887,7 @@ if ($cgiparams{'TYPE'} eq 'net') { } } - # Save the config + # Save the config my $key = $cgiparams{'KEY'}; if (! $key) { @@ -3878,7 +3911,7 @@ if ($cgiparams{'TYPE'} eq 'net') { $confighash{$key}[6] = $cgiparams{'SIDE'}; $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; } - $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; + $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; $confighash{$key}[10] = $cgiparams{'REMOTE'}; if ($cgiparams{'OVPN_MGMT'} eq '') { $confighash{$key}[22] = $confighash{$key}[29]; @@ -3896,13 +3929,13 @@ if ($cgiparams{'TYPE'} eq 'net') { $confighash{$key}[30] = $cgiparams{'COMPLZO'}; $confighash{$key}[31] = $cgiparams{'MTU'}; $confighash{$key}[32] = $cgiparams{'CHECK1'}; - my $name=$cgiparams{'CHECK1'}; + $name=$cgiparams{'CHECK1'}; $confighash{$key}[33] = $cgiparams{$name}; $confighash{$key}[34] = $cgiparams{'RG'}; $confighash{$key}[35] = $cgiparams{'CCD_DNS1'}; $confighash{$key}[36] = $cgiparams{'CCD_DNS2'}; $confighash{$key}[37] = $cgiparams{'CCD_WINS'}; - $confighash{$key}[38] = $cgiparams{'PMTU_DISCOVERY'}; + $confighash{$key}[38] = $cgiparams{'PMTU_DISCOVERY'}; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); @@ -3911,21 +3944,24 @@ if ($cgiparams{'TYPE'} eq 'net') { my ($ccdip,$ccdsub)=split "/",$cgiparams{$name}; my ($a,$b,$c,$d) = split (/\./,$ccdip); - if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";} + if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){ + unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}"; + } open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!"; - print CCDRWCONF "# OpenVPN Clientconfig from CCD extension by Copymaster#\n\n"; + print CCDRWCONF "# OpenVPN clientconfig from ccd extension by Copymaster#\n\n"; if($cgiparams{'CHECK1'} eq 'dynamic'){ print CCDRWCONF "#This client uses the dynamic pool\n"; }else{ - print CCDRWCONF "#Ip address client and Server\n"; + print CCDRWCONF "#Ip address client and server\n"; print CCDRWCONF "ifconfig-push $ccdip ".&General::getlastip($ccdip,1)."\n"; } if ($confighash{$key}[34] eq 'on'){ print CCDRWCONF "\n#Redirect Gateway: \n#All IP traffic is redirected through the vpn \n"; print CCDRWCONF "push redirect-gateway\n"; } + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); if ($cgiparams{'IR'} ne ''){ - print CCDRWCONF "\n#Client routes these Networks (behind Client)\n"; + print CCDRWCONF "\n#Client routes these networks (behind Client)\n"; foreach my $key (keys %ccdroutehash){ if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}){ foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){ @@ -3935,15 +3971,16 @@ if ($cgiparams{'TYPE'} eq 'net') { } } } + if ($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} ){$cgiparams{'IFROUTE'}='';} if ($cgiparams{'IFROUTE'} ne ''){ - print CCDRWCONF "\n#Client gets routes to these Networks (behind IPFIRE)\n"; + print CCDRWCONF "\n#Client gets routes to these networks (behind IPFire)\n"; foreach my $key (keys %ccdroute2hash){ if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){ foreach my $i ( 1 .. $#{$ccdroute2hash{$key}}){ if($ccdroute2hash{$key}[$i] eq $Lang::tr{'blue'}){ my %blue=(); &General::readhash("${General::swroot}/ethernet/settings", \%blue); - print CCDRWCONF "push \"route $blue{BLUE_ADDRESS} $blue{BLUE_NETMASK}\n"; + print CCDRWCONF "push \"route $blue{BLUE_ADDRESS} $blue{BLUE_NETMASK}\n"; }elsif($ccdroute2hash{$key}[$i] eq $Lang::tr{'orange'}){ my %orange=(); &General::readhash("${General::swroot}/ethernet/settings", \%orange); @@ -3958,7 +3995,7 @@ if ($cgiparams{'TYPE'} eq 'net') { } if(($cgiparams{'CCD_DNS1'} eq '') && ($cgiparams{'CCD_DNS1'} ne '')){ $cgiparams{'CCD_DNS1'} = $cgiparams{'CCD_DNS2'};$cgiparams{'CCD_DNS2'}='';} if($cgiparams{'CCD_DNS1'} ne ''){ - print CCDRWCONF "\n#Client gets these Nameservers\n"; + print CCDRWCONF "\n#Client gets these nameservers\n"; print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS1'}\" \n"; } if($cgiparams{'CCD_DNS2'} ne ''){ @@ -4009,6 +4046,7 @@ if ($cgiparams{'TYPE'} eq 'net') { ### $cgiparams{'MSSFIX'} = 'on'; $cgiparams{'FRAGMENT'} = '1300'; + $cgiparams{'PMTU_DISCOVERY'} = 'off'; ### # m.a.d n2n end ### @@ -4068,6 +4106,9 @@ if ($cgiparams{'TYPE'} eq 'net') { $checked{'MSSFIX'}{'on'} = ''; $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED'; + if ($cgiparams{'PMTU_DISCOVERY'} eq '') { + $cgiparams{'PMTU_DISCOVERY'} = 'off'; + } $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\''; @@ -4173,7 +4214,7 @@ if ($cgiparams{'TYPE'} eq 'net') { $Lang::tr{'ovpn mtu-disc'} - + $Lang::tr{'ovpn mtu-disc yes'} $Lang::tr{'ovpn mtu-disc maybe'} $Lang::tr{'ovpn mtu-disc no'} @@ -4194,11 +4235,8 @@ END print"

"; #A.Marx CCD new client - +if ($cgiparams{'TYPE'} eq 'host') { print ""; - my %ccdconfhash=(); - my %ccdroutehash=(); - my %ccdroute2hash=(); my %vpnnet=(); my $vpnip; &General::readhash("${General::swroot}/ovpn/settings", \%vpnnet); @@ -4217,7 +4255,7 @@ END if (! -z "${General::swroot}/ovpn/ccd.conf"){ print"

$Lang::tr{'ccd choose net'}
"; - foreach my $key (keys %ccdconfhash) { + foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) { $count++; @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]); if ($count % 2){print"";}else{print"";} @@ -4227,6 +4265,7 @@ END } print "
$Lang::tr{'ccd name'}$Lang::tr{'network'}$Lang::tr{'ccd clientip'}




"; } +} # ccd end &Header::closebox(); if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') { @@ -4338,10 +4377,12 @@ END &Header::closebox(); } + +#A.Marx CCD new client +if ($cgiparams{'TYPE'} eq 'host') { print"

"; &Header::openbox('100%', 'LEFT', "$Lang::tr{'ccd client options'}:"); -#A.Marx CCD new client print < @@ -4372,51 +4413,80 @@ END
$Lang::tr{'ccd iroute2'} DNS2: @@ -4425,7 +4495,7 @@ END END ; &Header::closebox(); - +} print "
"; if ($cgiparams{'KEY'}) { # print ""; @@ -4465,7 +4535,7 @@ END #default setzen if ($cgiparams{'DCIPHER'} eq '') { - $cgiparams{'DCIPHER'} = 'BF-CBC'; + $cgiparams{'DCIPHER'} = 'AES-256-CBC'; } if ($cgiparams{'DDEST_PORT'} eq '') { $cgiparams{'DDEST_PORT'} = '1194'; @@ -4505,6 +4575,9 @@ END $selected{'DCIPHER'}{'AES-128-CBC'} = ''; $selected{'DCIPHER'}{'AES-192-CBC'} = ''; $selected{'DCIPHER'}{'AES-256-CBC'} = ''; + $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = ''; + $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = ''; + $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = ''; $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED'; $checked{'DCOMPLZO'}{'off'} = ''; $checked{'DCOMPLZO'}{'on'} = ''; @@ -4573,19 +4646,24 @@ END $Lang::tr{'comp-lzo'} $Lang::tr{'cipher'} - -
+ +

END ; @@ -4612,45 +4690,46 @@ END } print ""; &Header::closebox(); - &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}:"); + &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}"); print < + - - - + + + EOF ; + my $col1="bgcolor='$color{'color22'}'"; + my $col2="bgcolor='$color{'color20'}'"; if (-f "${General::swroot}/ovpn/ca/cacert.pem") { my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`; $casubject =~ /Subject: (.*)[\n]/; $casubject = $1; $casubject =~ s+/Email+, E+; $casubject =~ s/ ST=/ S=/; - print < - - - + + + - - + END ; } else { # display rootcert generation buttons print < - - - + + + + END ; } @@ -4663,27 +4742,27 @@ END $hostsubject =~ s/ ST=/ S=/; print < - - - + + + - - + END ; } else { # Nothing print < - - - + + + + END ; } @@ -4746,7 +4825,7 @@ print <
$Lang::tr{'name'}$Lang::tr{'subject'}$Lang::tr{'action'}$Lang::tr{'name'}$Lang::tr{'subject'}$Lang::tr{'action'}
$Lang::tr{'root certificate'}$casubject
+
$Lang::tr{'root certificate'}$casubject
+  
 
$Lang::tr{'root certificate'}:$Lang::tr{'not present'} 
$Lang::tr{'root certificate'}:$Lang::tr{'not present'} 
$Lang::tr{'host certificate'}$hostsubject
+
$Lang::tr{'host certificate'}$hostsubject
- - + + +  
 
$Lang::tr{'host certificate'}:$Lang::tr{'not present'} 
$Lang::tr{'host certificate'}:$Lang::tr{'not present'} 
- +
$Lang::tr{'ca name'}:

END @@ -4770,29 +4849,31 @@ END print < + - - - - - - + + + + + + END ; - my $id = 0; - my $gif; - foreach my $key (sort { uc($confighash{$a}[1]) cmp uc($confighash{$b}[1]) } keys %confighash) { - if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; } - + my $id = 0; + my $gif; + my $col1=""; + foreach my $key (sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) { + if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; } if ($id % 2) { - print "\n"; + print ""; + $col="bgcolor='$color{'color20'}'"; } else { - print "\n"; + print ""; + $col="bgcolor='$color{'color22'}'"; } - print ""; - print ""; + print ""; + print ""; #if ($confighash{$key}[4] eq 'cert') { #print ""; #} else { @@ -4803,19 +4884,20 @@ END $cavalid = $1; if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]="net-2-net";} if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'host' ){$confighash{$key}[32]="dynamic";} - print ""; - print ""; - - my $active = "
$Lang::tr{'name'}$Lang::tr{'type'}$Lang::tr{'network'}$Lang::tr{'remark'}$Lang::tr{'status'}$Lang::tr{'action'}$Lang::tr{'name'}$Lang::tr{'type'}$Lang::tr{'network'}$Lang::tr{'remark'}$Lang::tr{'status'}$Lang::tr{'action'}
$confighash{$key}[1]" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")$confighash{$key}[1]" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")$confighash{$key}[2]$confighash{$key}[32]$confighash{$key}[25]
$Lang::tr{'capsclosed'}
"; + print "$confighash{$key}[32]"; + print "$confighash{$key}[25]"; + $col1="bgcolor='${Header::colourred}'"; + my $active = "$Lang::tr{'capsclosed'}"; if ($confighash{$key}[0] eq 'off') { - $active = "
$Lang::tr{'capsclosed'}
"; + $col1="bgcolor='${Header::colourblue}'"; + $active = "$Lang::tr{'capsclosed'}"; } else { ### # m.a.d net2net -### - +### + if ($confighash{$key}[3] eq 'net') { if (-e "/var/run/$confighash{$key}[1]n2n.pid") { @@ -4839,54 +4921,50 @@ END #EXITING -- A graceful exit is in progress. #### - if ( $tustate[1] eq 'CONNECTED') { - $active = "
$Lang::tr{'capsopen'}
"; - } else { - $active = "
$tustate[1]
"; + if ( $tustate[1] eq 'CONNECTED') { + $col1="bgcolor='${Header::colourgreen}'"; + $active = "$Lang::tr{'capsopen'}"; + }else { + $col1="bgcolor='${Header::colourred}'"; + $active = "$tustate[1]"; + } } - } } - } else { - - my $cn; - my @match = (); - foreach my $line (@status) { - chomp($line); - if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) { - @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line); - if ($match[1] ne "Common Name") { - $cn = $match[1]; - } - $cn =~ s/[_]/ /g; - if ($cn eq "$confighash{$key}[2]") { - $active = "
$Lang::tr{'capsopen'}
"; - } - } - + }else { + + my $cn; + my @match = (); + foreach my $line (@status) { + chomp($line); + if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) { + @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line); + if ($match[1] ne "Common Name") { + $cn = $match[1]; + } + $cn =~ s/[_]/ /g; + if ($cn eq "$confighash{$key}[2]") { + $col1="bgcolor='${Header::colourgreen}'"; + $active = "$Lang::tr{'capsopen'}"; + } + } + } } } -} - my $disable_clientdl = "disabled='disabled'"; - if (( $cgiparams{'ENABLED'} eq 'on') || - ( $cgiparams{'ENABLED_BLUE'} eq 'on') || - ( $cgiparams{'ENABLED_ORANGE'} eq 'on')){ - $disable_clientdl = ""; - } print <$active + $active -
- - - + + + +
END ; if ($confighash{$key}[4] eq 'cert') { print < +
@@ -4897,7 +4975,7 @@ END } if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") { print < + @@ -4905,7 +4983,7 @@ END END ; } elsif ($confighash{$key}[4] eq 'cert') { print < + @@ -4915,18 +4993,18 @@ END print " "; } print < + -
+
-
+ @@ -4962,7 +5040,7 @@ END ?RELOAD $Lang::tr{'dl client arch'} -
+
END ; }