X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fovpnmain.cgi;h=b075cc54d9bac8d92fc292e061a5d500024f47d2;hp=d1b268649269b8c385c46318663a3b7c95a65050;hb=e11f536252fe1f4317c47c121f5026b9a458a311;hpb=1647059d74d406c1b3a114b8e0578765223fd19f

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
old mode 100755
new mode 100644
index d1b268649..b075cc54d
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2011  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2013  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -30,6 +30,7 @@ use File::Copy;
 use File::Temp qw/ tempfile tempdir /;
 use strict;
 use Archive::Zip qw(:ERROR_CODES :CONSTANTS);
+use Sort::Naturally;
 require '/var/ipfire/general-functions.pl';
 require "${General::swroot}/lang.pl";
 require "${General::swroot}/header.pl";
@@ -64,6 +65,11 @@ my $warnmessage = '';
 my $errormessage = '';
 my %settings=();
 my $routes_push_file = '';
+my $confighost="${General::swroot}/fwhosts/customhosts";
+my $configgrp="${General::swroot}/fwhosts/customgroups";
+my $customnet="${General::swroot}/fwhosts/customnetworks";
+my $name;
+my $col="";
 &General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
 $cgiparams{'ENABLED'} = 'off';
 $cgiparams{'ENABLED_BLUE'} = 'off';
@@ -123,21 +129,6 @@ sub sizeformat{
     return("$newsize $units[$i]");
 }
 
-sub valid_dns_host {
-	my $hostname = $_[0];
-	unless ($hostname) { return "No hostname"};
-	my $res = new Net::DNS::Resolver;
-	my $query = $res->search("$hostname");
-	if ($query) {
-		foreach my $rr ($query->answer) {
-			## Potential bug - we are only looking at A records:
-			return 0 if $rr->type eq "A";
-		}
-	} else {
-		return $res->errorstring;
-	}
-}
-
 sub cleanssldatabase
 {
     if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
@@ -176,49 +167,29 @@ sub deletebackupcert
 		unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem");
 	}
 }
-
 sub checkportfw {
-    my $KEY2 = $_[0]; # key2
-    my $SRC_PORT = $_[1]; # src_port
-    my $PROTOCOL = $_[2]; # protocol
-    my $SRC_IP = $_[3]; # sourceip
-
-    my $pfwfilename = "${General::swroot}/portfw/config";
-    open(FILE, $pfwfilename) or die 'Unable to open config file.';
-    my @pfwcurrent = <FILE>;
-    close(FILE);
-    my $pfwkey1 = 0; # used for finding last sequence number used 
-    foreach my $pfwline (@pfwcurrent)
-    {
-	my @pfwtemp = split(/\,/,$pfwline);
-
-	chomp ($pfwtemp[8]);
-	if ($KEY2 eq "0"){ # if key2 is 0 then it is a portfw addition
-		if ( $SRC_PORT eq $pfwtemp[3] &&
-			$PROTOCOL eq $pfwtemp[2] &&
-			$SRC_IP eq $pfwtemp[7])
-		{
-			 $errormessage = "$Lang::tr{'source port in use'} $SRC_PORT";
-		}
-		# Check if key2 = 0, if it is then it is a port forward entry and we want the sequence number
-		if ( $pfwtemp[1] eq "0") {
-			$pfwkey1=$pfwtemp[0];
-		}
-		# Darren Critchley - Duplicate or overlapping Port range check
-		if ($pfwtemp[1] eq "0" && 
-			$PROTOCOL eq $pfwtemp[2] &&
-			$SRC_IP eq $pfwtemp[7] &&
-			$errormessage eq '') 
-		{
-			&portchecks($SRC_PORT, $pfwtemp[5]);		
-#			&portchecks($pfwtemp[3], $pfwtemp[5]);
-#			&portchecks($pfwtemp[3], $SRC_IP);
+	my $DPORT = shift;
+	my $DPROT = shift;
+	my %natconfig =();
+	my $confignat = "${General::swroot}/firewall/config";
+	$DPROT= uc ($DPROT);
+	&General::readhasharray($confignat, \%natconfig);
+	foreach my $key (sort keys %natconfig){
+		my @portarray = split (/\|/,$natconfig{$key}[30]);
+		foreach my $value (@portarray){
+			if ($value =~ /:/i){
+				my ($a,$b) = split (":",$value);
+				if ($DPROT eq $natconfig{$key}[12] && $DPORT gt $a && $DPORT lt $b){
+					$errormessage= "$Lang::tr{'source port in use'} $DPORT";
+				}
+			}else{
+				if ($DPROT eq $natconfig{$key}[12] && $DPORT eq $value){
+					$errormessage= "$Lang::tr{'source port in use'} $DPORT";
+				}
+			}
 		}
 	}
-    }
-#    $errormessage="$KEY2 $SRC_PORT $PROTOCOL $SRC_IP";
-
-    return;
+	return;
 }
 
 sub checkportoverlap
@@ -250,32 +221,6 @@ sub checkportinc
 		return 0; 
 	}
 }
-# Darren Critchley - Duplicate or overlapping Port range check
-sub portchecks
-{
-	my $p1 = $_[0]; # New port range
-	my $p2 = $_[1]; # existing port range
-#	$_ = $_[0];
-	our ($prtrange1, $prtrange2);
-	$prtrange1 = 0;
-#	if (m/:/ && $prtrange1 == 1) { # comparing two port ranges
-#		unless (&checkportoverlap($p1,$p2)) {
-#			$errormessage = "$Lang::tr{'source port overlaps'} $p1";
-#		}
-#	}
-	if (m/:/ && $prtrange1 == 0 && $errormessage eq '') { # compare one port to a range
-		unless (&checkportinc($p2,$p1)) {
-			$errormessage = "$Lang::tr{'srcprt within existing'} $p1";
-		}
-	}
-	$prtrange1 = 1;
-	if (! m/:/ && $prtrange1 == 1 && $errormessage eq '') { # compare one port to a range
-		unless (&checkportinc($p1,$p2)) {
-			$errormessage = "$Lang::tr{'srcprt range overlaps'} $p2";
-		}
-	}
-	return;
-}
 
 # Darren Critchley - certain ports are reserved for IPFire 
 # TCP 67,68,81,222,445
@@ -321,7 +266,6 @@ sub disallowreserved
 	return;
 }
 
-
 sub writeserverconf {
     my %sovpnsettings = ();  
     my @temp = ();  
@@ -437,7 +381,7 @@ sub writeserverconf {
     if ($sovpnsettings{DHCP_WINS} ne '') {
 	print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n";
     }	
-    print CONF "tls-verify /var/ipfire/ovpn/verify\n";
+    print CONF "tls-verify /usr/lib/openvpn/verify\n";
     print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n";
     print CONF "user nobody\n";
     print CONF "group nobody\n";
@@ -494,49 +438,42 @@ sub addccdnet
 	my @ccdconf=();
 	my $ccdname=$_[0];
 	my $ccdnet=$_[1];
-	my $ovpnsubnet=$_[2];
 	my $subcidr;
 	my @ip2=();
 	my $checkup;
 	my $ccdip;
 	my $baseaddress;
-	if(!&General::validhostname($ccdname)){
+	
+	
+	#check name	
+	if ($ccdname eq '') 
+	{
+		$errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>";
+		return
+	}
+	
+	if(!&General::validhostname($ccdname))
+	{
 		$errormessage=$Lang::tr{'ccd err invalidname'};
 		return;
 	}
-	#check ip
-	if (&General::validipandmask($ccdnet)){
-			$ccdnet=&General::iporsubtocidr($ccdnet);	
-	}else{
+		
+	($ccdip,$subcidr) = split (/\//,$ccdnet);
+	$subcidr=&General::iporsubtocidr($subcidr);
+	#check subnet
+	if ($subcidr > 30)
+	{
 		$errormessage=$Lang::tr{'ccd err invalidnet'};
 		return;
 	}
-	($ccdip,$subcidr) = split (/\//,$ccdnet);
-	if ($ccdname eq '') {
-		$errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>";
-	}
-	#check if we try to use same network as ovpn server
-	if (&General::iporsubtocidr($ccdnet) eq &General::iporsubtocidr($ovpnsubnet)) {
-			$errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."<br>";
-	}
-		
-	#check if we use a name/subnet that already exists
-	&General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
-	foreach my $key (keys %ccdconfhash) {
-			@ccdconf=split(/\//,$ccdconfhash{$key}[1]);
-			if ($ccdname eq $ccdconfhash{$key}[0]) {$errormessage=$errormessage.$Lang::tr{'ccd err nameexist'}."<br>";}
-			my ($newip,$newsub) = split(/\//,$ccdnet);
-			if (&General::IpInSubnet($newip,$ccdconf[0],&General::iporsubtodec($ccdconf[1]))) {$errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."<br>";}
-			
+	#check ip
+	if (!&General::validipandmask($ccdnet)){
+		$errormessage=$Lang::tr{'ccd err invalidnet'};
+		return;
 	}
-	#check if we use one of ipfire's networks (green,orange,blue)
-	my %ownnet=();
-	&General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
-	if (($ownnet{'GREEN_NETADDRESS'}  	ne '' && $ownnet{'GREEN_NETADDRESS'} 	ne '0.0.0.0') && &General::IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err green'};}
-	if (($ownnet{'ORANGE_NETADDRESS'}	ne '' && $ownnet{'ORANGE_NETADDRESS'} 	ne '0.0.0.0') && &General::IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err orange'};}
-	if (($ownnet{'BLUE_NETADDRESS'} 	ne '' && $ownnet{'BLUE_NETADDRESS'} 	ne '0.0.0.0') && &General::IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err blue'};}
-	if (($ownnet{'RED_NETADDRESS'} 	ne '' && $ownnet{'RED_NETADDRESS'} 	ne '0.0.0.0') && &General::IpInSubnet($ownnet{'RED_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err red'};}
-		
+	
+	$errormessage=&General::checksubnets($ccdname,$ccdnet);
+	
 		
 	if (!$errormessage) {
 		my %ccdconfhash=();
@@ -617,7 +554,7 @@ sub getccdadresses
 	my %ccdhash=();
 	&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
 	$iprange[0]=$ip1.".".$ip2.".".$ip3.".".2;
-	for (my $i=0;$i<=$count-1;$i++) {
+	for (my $i=1;$i<=$count;$i++) {
 		my $tmpip=$iprange[$i-1];
 		my $stepper=$i*4;
 		$iprange[$i]= &General::getnextip($tmpip,4);
@@ -867,7 +804,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
     }
 		
     if ($cgiparams{'DHCP_DOMAIN'} ne ''){
-	unless (&General::validfqdn($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
+	unless (&General::validdomainname($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
 		$errormessage = $Lang::tr{'invalid input for dhcp domain'};
 	goto ADV_ERROR;
     	}
@@ -986,7 +923,11 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
   print SERVERCONF "persist-key\n";
   print SERVERCONF "script-security 2\n";
   print SERVERCONF "# IP/DNS for remote Server Gateway\n"; 
+
+  if ($cgiparams{'REMOTE'} ne '') {
   print SERVERCONF "remote $cgiparams{'REMOTE'}\n";
+  }
+
   print SERVERCONF "float\n";
   print SERVERCONF "# IP adresses of the VPN Subnet\n"; 
   print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; 
@@ -1159,7 +1100,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
     
     
     if ($cgiparams{'ENABLED'} eq 'on'){
-	&checkportfw(0,$cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'},'0.0.0.0');
+	&checkportfw($cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'});
     }
     	
     if ($errormessage) { goto SETTINGS_ERROR; }
@@ -1222,6 +1163,12 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
 	$errormessage = $Lang::tr{'invalid port'};
 	goto SETTINGS_ERROR;
     }
+	
+	if ($cgiparams{'DDEST_PORT'} <= 1023) {
+		$errormessage = $Lang::tr{'ovpn port in root range'};
+		goto SETTINGS_ERROR;
+	}
+
     $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
     $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
     $vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
@@ -2105,20 +2052,20 @@ else
     print CLIENTCONF "#OpenVPN Client conf\r\n";
     print CLIENTCONF "tls-client\r\n";
     print CLIENTCONF "client\r\n";
-    print CLIENTCONF "nobind\n";
+    print CLIENTCONF "nobind\r\n";
     print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n";
     print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n";
 
     # Check if we are using fragment, mssfix or mtu-disc and set MTU to 1500
     # or use configured value.
     if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' )
-	{ print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
+	{ print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; }
     elsif ($vpnsettings{MSSFIX} eq 'on')
-	{ print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
+	{ print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; }
     elsif (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
            ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
            ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' )) 
-	{ print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
+	{ print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\r\n"; }
     else
 	{ print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; }
 
@@ -2171,7 +2118,7 @@ else
         ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
         ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' )) {
 	if(($vpnsettings{MSSFIX} ne 'on') || ($vpnsettings{FRAGMENT} eq '')) {
-		print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\n";
+		print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\r\n";
 	}
     }
     close(CLIENTCONF);
@@ -2210,14 +2157,15 @@ else
 # m.a.d net2net
 ###
 
- if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
-
+if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
 	my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
-  my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
-  unlink ($certfile) or die "Removing $certfile fail: $!";
-  unlink ($conffile) or die "Removing $conffile fail: $!";
-  rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
-  
+	my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+	unlink ($certfile);
+	unlink ($conffile);
+
+	if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") {
+		rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
+	}
 }
 
   unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
@@ -2246,7 +2194,7 @@ else
 		}
 	}
 	&General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
-	
+	&writeserverconf;
 	
 	
 # CCD end 
@@ -2343,6 +2291,9 @@ ADV_ERROR:
     if ($cgiparams{'LOG_VERB'} eq '') {
 	$cgiparams{'LOG_VERB'} =  '3';
     }
+    if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
+	$cgiparams{'PMTU_DISCOVERY'} = 'off';
+    }
     $checked{'CLIENT2CLIENT'}{'off'} = '';
     $checked{'CLIENT2CLIENT'}{'on'} = '';
     $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
@@ -2379,7 +2330,7 @@ ADV_ERROR:
     }
     &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'});
     print <<END
-    <form method='post' enctype='multipart/form-data' disabled>
+    <form method='post' enctype='multipart/form-data'>
     <table width='100%' border=0>
     <tr>
 	<td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td>
@@ -2440,7 +2391,7 @@ print <<END;
         <td><input type='text' name='MAX_CLIENTS' value='$cgiparams{'MAX_CLIENTS'}' size='10' /></td>
     </tr>	
      	<tr>
-     	  <td class='base'>Keppalive <br />
+     	  <td class='base'>Keepalive <br />
      	    (ping/ping-restart)</td>
      	  <td><input type='TEXT' name='KEEPALIVE_1' value='$cgiparams{'KEEPALIVE_1'}' size='10' /></td>
      	  <td><input type='TEXT' name='KEEPALIVE_2' value='$cgiparams{'KEEPALIVE_2'}' size='10' /></td>
@@ -2511,7 +2462,21 @@ if ( -e "/var/run/openvpn.pid"){
 print"	<br><b><font color='#990000'>$Lang::tr{'attention'}:</b></font><br>
 		$Lang::tr{'server restart'}<br><br>
 		<hr>";
-}
+		print<<END
+<table width='100%'>
+<tr>
+    <td>&nbsp;</td>
+    <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' disabled='disabled' /></td>
+    <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td>
+    <td>&nbsp;</td>    
+</tr>
+</table>    
+</form>
+END
+;		
+		
+		
+}else{
 
 print<<END
 <table width='100%'>
@@ -2525,7 +2490,7 @@ print<<END
 </form>
 END
 ;				   
-
+}
     &Header::closebox();
 #    print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
     &Header::closebigbox();
@@ -2551,10 +2516,12 @@ END
 	if ($cgiparams{'ACTION'} eq 'editsave'){
 		my ($a,$b) =split (/\|/,$cgiparams{'ccdname'});
 		if ( $a ne $b){ &modccdnet($a,$b);}
+		$cgiparams{'ccdname'}='';
+		$cgiparams{'ccdsubnet'}='';
 	}
 	
 	if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) {
-		&addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'},$cgiparams{'DOVPN_SUBNET'});
+		&addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'});
 	}
 	if ($errormessage) {
 	    &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
@@ -2605,8 +2572,13 @@ END
 	&Header::closebox();
 }
 	&Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
+	if ( -e "/var/run/openvpn.pid"){
+		print "<b>$Lang::tr{'attention'}:</b><br>";
+		print "$Lang::tr{'ccd noaddnet'}<br><hr>";
+	}
+	
 	print <<END
-    <table width='100%' border='0'  cellpadding='0' cellspacing='1'>
+    <table width='100%' cellpadding='0' cellspacing='1'>
     <tr>
 	<td class='boldbase' align='center' nowrap='nowrap' width='20%'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center' width='8%'><b>$Lang::tr{'network'}</td><td class='boldbase' width='8%' align='center' nowrap='nowrap'><b>$Lang::tr{'ccd used'}</td><td width='1%' align='center'></td><td width='1%' align='center'></td></tr>
 END
@@ -2616,7 +2588,7 @@ END
 	&General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);	
 	my @ccdconf=();
 	my $count=0;
-	foreach my $key (keys %ccdconfhash) {
+	foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
 		@ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
 		$count++;
 		my $ccdhosts = &hostsinnet($ccdconf[0]);
@@ -2660,15 +2632,15 @@ END
 #	<td><b>$Lang::tr{'protocol'}</b></td>
 # protocol temp removed 
     print <<END
-    <table width='100%' border='0' cellpadding='2' cellspacing='0'>
+    <table width='100%' cellpadding='2' cellspacing='0' class='tbl'>
     <tr>
-	<td><b>$Lang::tr{'common name'}</b></td>
-	<td><b>$Lang::tr{'real address'}</b></td>
-	<td><b>$Lang::tr{'virtual address'}</b></td>
-	<td><b>$Lang::tr{'loged in at'}</b></td>
-	<td><b>$Lang::tr{'bytes sent'}</b></td>
-	<td><b>$Lang::tr{'bytes received'}</b></td>
-	<td><b>$Lang::tr{'last activity'}</b></td>
+	<th><b>$Lang::tr{'common name'}</b></th>
+	<th><b>$Lang::tr{'real address'}</b></th>
+	<th><b>$Lang::tr{'virtual address'}</b></th>
+	<th><b>$Lang::tr{'loged in at'}</b></th>
+	<th><b>$Lang::tr{'bytes sent'}</b></th>
+	<th><b>$Lang::tr{'bytes received'}</b></th>
+	<th><b>$Lang::tr{'last activity'}</b></th>
     </tr>
 END
 ;
@@ -2719,22 +2691,23 @@ END
 	}
 	my $user2 = @users;
 	if ($user2 >= 1){
-    	    for (my $idx = 1; $idx <= $user2; $idx++){
+		for (my $idx = 1; $idx <= $user2; $idx++){
 						if ($idx % 2) {
-		    			print "<tr bgcolor='$color{'color20'}'>\n";
-	    			} else {
-		    			print "<tr bgcolor='$color{'color22'}'>\n";
+							print "<tr>";
+							$col="bgcolor='$color{'color22'}'";
+						} else {
+							print "<tr>";
+							$col="bgcolor='$color{'color20'}'";
 						}
-						print "<td align='left'>$users[$idx-1]{'CommonName'}</td>";
-						print "<td align='left'>$users[$idx-1]{'RealAddress'}</td>";
-						print "<td align='left'>$users[$idx-1]{'VirtualAddress'}</td>";
-						print "<td align='left'>$users[$idx-1]{'Since'}</td>";
-						print "<td align='left'>$users[$idx-1]{'BytesSent'}</td>";
-						print "<td align='left'>$users[$idx-1]{'BytesReceived'}</td>";
-						print "<td align='left'>$users[$idx-1]{'LastRef'}</td>";
-#		        print "<td align='left'>$users[$idx-1]{'Proto'}</td>";
-	    }
-	}        
+						print "<td align='left' $col>$users[$idx-1]{'CommonName'}</td>";
+						print "<td align='left' $col>$users[$idx-1]{'RealAddress'}</td>";
+						print "<td align='left' $col>$users[$idx-1]{'VirtualAddress'}</td>";
+						print "<td align='left' $col>$users[$idx-1]{'Since'}</td>";
+						print "<td align='left' $col>$users[$idx-1]{'BytesSent'}</td>";
+						print "<td align='left' $col>$users[$idx-1]{'BytesReceived'}</td>";
+						print "<td align='left' $col>$users[$idx-1]{'LastRef'}</td>";
+			}
+	}
 	
 	print "</table>";
 	print <<END
@@ -3243,7 +3216,7 @@ if ($confighash{$cgiparams{'KEY'}}) {
 		$cgiparams{'ENABLED'}			= $confighash{$cgiparams{'KEY'}}[0];
 		$cgiparams{'NAME'}				= $confighash{$cgiparams{'KEY'}}[1];
 		$cgiparams{'TYPE'}				= $confighash{$cgiparams{'KEY'}}[3];
-		$cgiparams{'AUTH'} 			= $confighash{$cgiparams{'KEY'}}[4];
+		$cgiparams{'AUTH'} 				= $confighash{$cgiparams{'KEY'}}[4];
 		$cgiparams{'PSK'}				= $confighash{$cgiparams{'KEY'}}[5];
 		$cgiparams{'SIDE'}				= $confighash{$cgiparams{'KEY'}}[6];
 		$cgiparams{'LOCAL_SUBNET'}		= $confighash{$cgiparams{'KEY'}}[8];
@@ -3251,30 +3224,32 @@ if ($confighash{$cgiparams{'KEY'}}) {
 		$cgiparams{'REMOTE_SUBNET'} 	= $confighash{$cgiparams{'KEY'}}[11];
 		$cgiparams{'OVPN_MGMT'} 		= $confighash{$cgiparams{'KEY'}}[22];
 		$cgiparams{'MSSFIX'} 			= $confighash{$cgiparams{'KEY'}}[23];
-		$cgiparams{'FRAGMENT'} 		= $confighash{$cgiparams{'KEY'}}[24];
+		$cgiparams{'FRAGMENT'} 			= $confighash{$cgiparams{'KEY'}}[24];
 		$cgiparams{'REMARK'}			= $confighash{$cgiparams{'KEY'}}[25];
-		$cgiparams{'INTERFACE'}		= $confighash{$cgiparams{'KEY'}}[26];
+		$cgiparams{'INTERFACE'}			= $confighash{$cgiparams{'KEY'}}[26];
 		$cgiparams{'OVPN_SUBNET'} 		= $confighash{$cgiparams{'KEY'}}[27];
 		$cgiparams{'PROTOCOL'}	  		= $confighash{$cgiparams{'KEY'}}[28];
-		$cgiparams{'DEST_PORT'}	  	= $confighash{$cgiparams{'KEY'}}[29];
+		$cgiparams{'DEST_PORT'}	  		= $confighash{$cgiparams{'KEY'}}[29];
 		$cgiparams{'COMPLZO'}	  		= $confighash{$cgiparams{'KEY'}}[30];
 		$cgiparams{'MTU'}	  			= $confighash{$cgiparams{'KEY'}}[31];
-		$cgiparams{'CHECK1'}   		= $confighash{$cgiparams{'KEY'}}[32];
-		my $name=$cgiparams{'CHECK1'}	;
+		$cgiparams{'CHECK1'}   			= $confighash{$cgiparams{'KEY'}}[32];
+		$name=$cgiparams{'CHECK1'}	;
 		$cgiparams{$name}				= $confighash{$cgiparams{'KEY'}}[33];
 		$cgiparams{'RG'}				= $confighash{$cgiparams{'KEY'}}[34];
 		$cgiparams{'CCD_DNS1'}			= $confighash{$cgiparams{'KEY'}}[35];
 		$cgiparams{'CCD_DNS2'}			= $confighash{$cgiparams{'KEY'}}[36];
 		$cgiparams{'CCD_WINS'}			= $confighash{$cgiparams{'KEY'}}[37];
-		$cgiparams{'PMTU_DISCOVERY'} = $confighash{$cgiparams{'KEY'}}[38];
+		$cgiparams{'PMTU_DISCOVERY'} 	= $confighash{$cgiparams{'KEY'}}[38];
 	} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
 	$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
 	
 #A.Marx CCD check iroute field and convert it to decimal
-
+if ($cgiparams{'TYPE'} eq 'host') {
 	my @temp=();
 	my %ccdroutehash=();
 	my $keypoint=0;
+	my $ip;
+	my $cidr;
 	if ($cgiparams{'IR'} ne ''){
 		@temp = split("\n",$cgiparams{'IR'});
 		&General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
@@ -3293,30 +3268,53 @@ if ($confighash{$cgiparams{'KEY'}}) {
 		foreach $val (@temp){
 			chomp($val);
 			$val=~s/\s*$//g; 
-			my($ip,$cidr) = split(/\//,$val);
-			$cidr=&General::iporsubtodec($cidr);
-			
-			#check if iroute exists in ccdroute
+			#check if iroute exists in ccdroute or if new iroute is part of an existing one
 			foreach my $key (keys %ccdroutehash) {
 				foreach my $oldiroute ( 1 .. $#{$ccdroutehash{$key}}){
-					if ($ccdroutehash{$key}[$oldiroute] eq "$ip/$cidr") {
-						$errormessage=$Lang::tr{'ccd err irouteexist'};
-						goto VPNCONF_ERROR;
-					}
+						if ($ccdroutehash{$key}[$oldiroute] eq "$val") {
+							$errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
+							goto VPNCONF_ERROR;
+						}
+						my ($ip1,$cidr1) = split (/\//, $val);
+						$ip1 = &General::getnetworkip($ip1,&General::iporsubtocidr($cidr1));
+						my ($ip2,$cidr2) = split (/\//, $ccdroutehash{$key}[$oldiroute]);
+						if (&General::IpInSubnet ($ip1,$ip2,$cidr2)){
+							$errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
+							goto VPNCONF_ERROR;
+						} 
+									
 				}
 			}
+			if (!&General::validipandmask($val)){
+				$errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
+				goto VPNCONF_ERROR;
+			}else{
+				($ip,$cidr) = split(/\//,$val);
+				$ip=&General::getnetworkip($ip,&General::iporsubtocidr($cidr));
+				$cidr=&General::iporsubtodec($cidr);
+				$ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
+			
+			}
 																	
 			#check for existing network IP's
-			if ((&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0')|| 
-				(&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0')||
-				(&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '')||
-				(&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' )){
-				$errormessage="$ip USED FOR SYSTEM!";
+			if (&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0')
+			{
+				$errormessage=$Lang::tr{'ccd err green'};
+				goto VPNCONF_ERROR;
+			}elsif(&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0')
+			{
+				$errormessage=$Lang::tr{'ccd err red'};
+				goto VPNCONF_ERROR;
+			}elsif(&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '')
+			{
+				$errormessage=$Lang::tr{'ccd err blue'};
+				goto VPNCONF_ERROR;
+			}elsif(&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' )
+			{
+				$errormessage=$Lang::tr{'ccd err orange'};
 				goto VPNCONF_ERROR;
 			}
-			
-			
-			
+						
 			if (&General::validipandmask($val)){
 				$ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
 			}else{
@@ -3339,51 +3337,44 @@ if ($confighash{$cgiparams{'KEY'}}) {
 	}
 	undef @temp;
 	#check route field and convert it to decimal
-	
 	my $val=0;
 	my $i=1;
-	
 	&General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
-	if($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} || $cgiparams{'IFROUTE'} eq '') { 
-			undef $cgiparams{'IFROUTE'};
-			foreach my $key (keys %ccdroute2hash){
-				if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) {
-					delete $ccdroute2hash{$key};
-				}
-			}
-			&General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
-	}else{
-		#find key to use
-		foreach my $key (keys %ccdroute2hash) {
-			if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) {
-				$keypoint=$key;
-				delete $ccdroute2hash{$key};
-			}else{
-				$keypoint = &General::findhasharraykey (\%ccdroute2hash);
-				&General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
-				&writeserverconf;
-			}
+	#find key to use
+	foreach my $key (keys %ccdroute2hash) {
+		if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) {
+			$keypoint=$key;
+			delete $ccdroute2hash{$key};
+		}else{
+			$keypoint = &General::findhasharraykey (\%ccdroute2hash);
+			&General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+			&writeserverconf;
 		}
-		$ccdroute2hash{$keypoint}[0]=$cgiparams{'NAME'};
-		@temp = split(/\|/,$cgiparams{'IFROUTE'});
-		my %ownnet=();
-		&General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
-		foreach $val (@temp){
-			chomp($val);
-			$val=~s/\s*$//g; 
-			if ($val eq $Lang::tr{'green'})
-			{
-				$val=$ownnet{GREEN_NETADDRESS}."/".$ownnet{GREEN_NETMASK};
-			}
-			if ($val eq $Lang::tr{'blue'})
-			{
-				$val=$ownnet{BLUE_NETADDRESS}."/".$ownnet{BLUE_NETMASK};
-			}
-			if ($val eq $Lang::tr{'orange'})
-			{
-				$val=$ownnet{ORANGE_NETADDRESS}."/".$ownnet{ORANGE_NETMASK};
-			}
-			my ($ip,$cidr) = split (/\//, $val);
+	}
+	$ccdroute2hash{$keypoint}[0]=$cgiparams{'NAME'};
+	if ($cgiparams{'IFROUTE'} eq ''){$cgiparams{'IFROUTE'} = $Lang::tr{'ccd none'};}
+	@temp = split(/\|/,$cgiparams{'IFROUTE'});
+	my %ownnet=();
+	&General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
+	foreach $val (@temp){
+		chomp($val);
+		$val=~s/\s*$//g; 
+		if ($val eq $Lang::tr{'green'})
+		{
+			$val=$ownnet{GREEN_NETADDRESS}."/".$ownnet{GREEN_NETMASK};
+		}
+		if ($val eq $Lang::tr{'blue'})
+		{
+			$val=$ownnet{BLUE_NETADDRESS}."/".$ownnet{BLUE_NETMASK};
+		}
+		if ($val eq $Lang::tr{'orange'})
+		{
+			$val=$ownnet{ORANGE_NETADDRESS}."/".$ownnet{ORANGE_NETMASK};
+		}
+		my ($ip,$cidr) = split (/\//, $val);
+		
+		if ($val ne $Lang::tr{'ccd none'})
+		{	
 			if (! &check_routes_push($val)){$errormessage=$errormessage."Route $val ".$Lang::tr{'ccd err routeovpn2'}." ($val)";goto VPNCONF_ERROR;}
 			if (! &check_ccdroute($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err inuse'}." ($val)" ;goto VPNCONF_ERROR;}
 			if (! &check_ccdconf($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err routeovpn'}." ($val)";goto VPNCONF_ERROR;}
@@ -3394,10 +3385,13 @@ if ($confighash{$cgiparams{'KEY'}}) {
 				$errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
 				goto VPNCONF_ERROR;
 			}
-			$i++;
-		}	
-		&General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
-	}
+		}else{
+			$ccdroute2hash{$keypoint}[$i]='';
+		}
+		$i++;
+	}	
+	&General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+
 	#check dns1 ip
 	if ($cgiparams{'CCD_DNS1'} ne '' &&  ! &General::validip($cgiparams{'CCD_DNS1'})) {
 			$errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 1";
@@ -3413,10 +3407,10 @@ if ($confighash{$cgiparams{'KEY'}}) {
 			$errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp wins'};
 			goto VPNCONF_ERROR;
 	}
-	
+}
 
 #CCD End
-	
+
 	
  if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
 	    $errormessage = $Lang::tr{'connection type is invalid'};
@@ -3460,21 +3454,36 @@ if ($confighash{$cgiparams{'KEY'}}) {
 ###
 
 if ($cgiparams{'TYPE'} eq 'net') {
-		
-    if ($cgiparams{'DEST_PORT'} eq  $vpnsettings{'DDEST_PORT'}) {
+	if ($cgiparams{'DEST_PORT'} eq  $vpnsettings{'DDEST_PORT'}) {
 			$errormessage = $Lang::tr{'openvpn destination port used'};
 			unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
 	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
       goto VPNCONF_ERROR;			
 		}
-    
-    if ($cgiparams{'DEST_PORT'} eq  '') {
+    #Bugfix 10357
+    foreach my $key (sort keys %confighash){
+		if ( ($confighash{$key}[22] eq $cgiparams{'DEST_PORT'} && $cgiparams{'NAME'} ne $confighash{$key}[1]) || ($confighash{$key}[29] eq $cgiparams{'DEST_PORT'} && $cgiparams{'NAME'} ne $confighash{$key}[1])){
 			$errormessage = $Lang::tr{'openvpn destination port used'};
 			unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
 	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+      goto VPNCONF_ERROR;	
+		}
+	}
+    if ($cgiparams{'DEST_PORT'} eq  '') {
+			$errormessage = $Lang::tr{'invalid port'};
+			unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
       goto VPNCONF_ERROR;			
 		}
 
+    # Check if the input for the transfer net is valid.
+    if (!&General::validipandmask($cgiparams{'OVPN_SUBNET'})){
+			$errormessage = $Lang::tr{'ccd err invalidnet'};
+			unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+			goto VPNCONF_ERROR;
+		}
+
     if ($cgiparams{'OVPN_SUBNET'} eq  $vpnsettings{'DOVPN_SUBNET'}) {
 			$errormessage = $Lang::tr{'openvpn subnet is used'};
 			unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
@@ -3496,13 +3505,6 @@ if ($cgiparams{'TYPE'} eq 'net') {
 	    goto VPNCONF_ERROR;
     }
 
-    if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') && ($cgiparams{'MTU'} ne '1500')) {
-	$errormessage = $Lang::tr{'ovpn mtu-disc and mtu not 1500'};
-	unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
-	rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
-	goto VPNCONF_ERROR;
-    }
-
     if ($cgiparams{'PMTU_DISCOVERY'} ne 'off') {
 	if (($cgiparams{'FRAGMENT'} ne '') || ($cgiparams{'MSSFIX'} eq 'on')) {
 		$errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'};
@@ -3512,6 +3514,13 @@ if ($cgiparams{'TYPE'} eq 'net') {
 	}
     }
 
+    if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') && ($cgiparams{'MTU'} ne '1500')) {
+	$errormessage = $Lang::tr{'ovpn mtu-disc and mtu not 1500'};
+	unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+	goto VPNCONF_ERROR;
+    }
+
     if ( &validdotmask ($cgiparams{'LOCAL_SUBNET'}))  {
 		  $errormessage = $Lang::tr{'openvpn prefix local subnet'};
 		  unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
@@ -3531,10 +3540,24 @@ if ($cgiparams{'TYPE'} eq 'net') {
 		  unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
 	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
 		  goto VPNCONF_ERROR;
-		} 
+		}
+	
+	if ($cgiparams{'DEST_PORT'} <= 1023) {
+		$errormessage = $Lang::tr{'ovpn port in root range'};
+		  unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+		  goto VPNCONF_ERROR;
+		}
 
-    if ($cgiparams{'OVPN_MGMT'} eq  '') {
-			$cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'};		
+	if ($cgiparams{'OVPN_MGMT'} eq  '') {
+		$cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'};		
+		}
+	
+	if ($cgiparams{'OVPN_MGMT'} <= 1023) {
+		$errormessage = $Lang::tr{'ovpn mgmt in root range'};
+		  unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+		  goto VPNCONF_ERROR;
 		}
    
 }
@@ -3558,34 +3581,36 @@ if ($cgiparams{'TYPE'} eq 'net') {
 	    }
 	}
 
-	if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) {
-	    $errormessage = $Lang::tr{'invalid input for remote host/ip'};
-	    if ($cgiparams{'TYPE'} eq 'net') {
-      unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
-	    rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
-      }
-	    goto VPNCONF_ERROR;
-	}
+	# Check if a remote host/IP has been set for the client.
+	if ($cgiparams{'TYPE'} eq 'net') {
+		if ($cgiparams{'SIDE'} ne 'server' && $cgiparams{'REMOTE'} eq '') {
+			$errormessage = $Lang::tr{'invalid input for remote host/ip'};
 
-	if ($cgiparams{'REMOTE'}) {
-	    if (! &General::validip($cgiparams{'REMOTE'})) {
-		if (! &General::validfqdn ($cgiparams{'REMOTE'}))  {
-		    $errormessage = $Lang::tr{'invalid input for remote host/ip'};
-		    if ($cgiparams{'TYPE'} eq 'net') {
-        unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
-	      rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
-        }
-		    goto VPNCONF_ERROR;
-		} else {
-		    if (&valid_dns_host($cgiparams{'REMOTE'})) {
-			$warnmessage = "$Lang::tr{'check vpn lr'} $cgiparams{'REMOTE'}. $Lang::tr{'dns check failed'}";
-			if ($cgiparams{'TYPE'} eq 'net') {
+			# Check if this is a N2N connection and drop temporary config.
+			unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+			rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
 
-      }
-		    }
+			goto VPNCONF_ERROR;
+		}
+
+		# Check if a remote host/IP has been configured - the field can be empty on the server side.
+		if ($cgiparams{'REMOTE'} ne '') {
+			# Check if the given IP is valid - otherwise check if it is a valid domain.
+			if (! &General::validip($cgiparams{'REMOTE'})) {
+				# Check for a valid domain.
+				if (! &General::validfqdn ($cgiparams{'REMOTE'}))  {
+					$errormessage = $Lang::tr{'invalid input for remote host/ip'};
+
+					# Check if this is a N2N connection and drop temporary config.
+					unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+					rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+
+					goto VPNCONF_ERROR;
+				}
+			}
 		}
-	    }
 	}
+
 	if ($cgiparams{'TYPE'} ne 'host') {
             unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) {
 	            $errormessage = $Lang::tr{'local subnet is invalid'}; 
@@ -3882,7 +3907,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
 	    }
 	}
 
-        # Save the config
+    # Save the config
 	my $key = $cgiparams{'KEY'};
 	
 	if (! $key) {
@@ -3906,7 +3931,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
 	    $confighash{$key}[6] 	= $cgiparams{'SIDE'};
 	    $confighash{$key}[11] 	= $cgiparams{'REMOTE_SUBNET'};
 	}
-	$confighash{$key}[8] 		= $cgiparams{'LOCAL_SUBNET'};
+	$confighash{$key}[8] 			= $cgiparams{'LOCAL_SUBNET'};
 	$confighash{$key}[10] 		= $cgiparams{'REMOTE'};
   if ($cgiparams{'OVPN_MGMT'} eq '') {
 	$confighash{$key}[22] 		= $confighash{$key}[29];
@@ -3924,13 +3949,13 @@ if ($cgiparams{'TYPE'} eq 'net') {
 	$confighash{$key}[30] 		= $cgiparams{'COMPLZO'};
 	$confighash{$key}[31] 		= $cgiparams{'MTU'};
 	$confighash{$key}[32] 		= $cgiparams{'CHECK1'};
-	my $name=$cgiparams{'CHECK1'};
+	$name=$cgiparams{'CHECK1'};
 	$confighash{$key}[33] 		= $cgiparams{$name};
 	$confighash{$key}[34] 		= $cgiparams{'RG'};
 	$confighash{$key}[35] 		= $cgiparams{'CCD_DNS1'};
 	$confighash{$key}[36] 		= $cgiparams{'CCD_DNS2'};
 	$confighash{$key}[37] 		= $cgiparams{'CCD_WINS'};
-	$confighash{$key}[38]		= $cgiparams{'PMTU_DISCOVERY'};
+	$confighash{$key}[38]			= $cgiparams{'PMTU_DISCOVERY'};
 
 
 	&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
@@ -3939,21 +3964,24 @@ if ($cgiparams{'TYPE'} eq 'net') {
 		
 		my ($ccdip,$ccdsub)=split "/",$cgiparams{$name};
 		my ($a,$b,$c,$d) = split (/\./,$ccdip);
-			if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";}
+			if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){
+				unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";
+			}
 			open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!";
-			print CCDRWCONF "# OpenVPN Clientconfig from CCD extension by Copymaster#\n\n";
+			print CCDRWCONF "# OpenVPN clientconfig from ccd extension by Copymaster#\n\n";
 			if($cgiparams{'CHECK1'} eq 'dynamic'){
 				print CCDRWCONF "#This client uses the dynamic pool\n";
 			}else{
-				print CCDRWCONF "#Ip address client and Server\n";
+				print CCDRWCONF "#Ip address client and server\n";
 				print CCDRWCONF "ifconfig-push $ccdip ".&General::getlastip($ccdip,1)."\n";
 			}
 			if ($confighash{$key}[34] eq 'on'){
 				print CCDRWCONF "\n#Redirect Gateway: \n#All IP traffic is redirected through the vpn \n";
 				print CCDRWCONF "push redirect-gateway\n";
 			}
+			&General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
 			if ($cgiparams{'IR'} ne ''){
-				print CCDRWCONF "\n#Client routes these Networks (behind Client)\n";
+				print CCDRWCONF "\n#Client routes these networks (behind Client)\n";
 				foreach my $key (keys %ccdroutehash){
 					if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}){
 						foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){
@@ -3963,15 +3991,16 @@ if ($cgiparams{'TYPE'} eq 'net') {
 					}
 				}
 			}
+			if ($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} ){$cgiparams{'IFROUTE'}='';}
 			if ($cgiparams{'IFROUTE'} ne ''){
-				print CCDRWCONF "\n#Client gets routes to these Networks (behind IPFIRE)\n";
+				print CCDRWCONF "\n#Client gets routes to these networks (behind IPFire)\n";
 				foreach my $key (keys %ccdroute2hash){
 					if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
 						foreach my $i ( 1 .. $#{$ccdroute2hash{$key}}){
 							if($ccdroute2hash{$key}[$i] eq $Lang::tr{'blue'}){
 								my %blue=();
 								&General::readhash("${General::swroot}/ethernet/settings", \%blue);
-								print CCDRWCONF "push \"route $blue{BLUE_ADDRESS}  $blue{BLUE_NETMASK}\n";
+								print CCDRWCONF "push \"route $blue{BLUE_ADDRESS} $blue{BLUE_NETMASK}\n";
 							}elsif($ccdroute2hash{$key}[$i] eq $Lang::tr{'orange'}){
 								my %orange=();
 								&General::readhash("${General::swroot}/ethernet/settings", \%orange);
@@ -3986,7 +4015,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
 			}
 			if(($cgiparams{'CCD_DNS1'} eq '') && ($cgiparams{'CCD_DNS1'} ne '')){ $cgiparams{'CCD_DNS1'} = $cgiparams{'CCD_DNS2'};$cgiparams{'CCD_DNS2'}='';}
 			if($cgiparams{'CCD_DNS1'} ne ''){
-				print CCDRWCONF "\n#Client gets these Nameservers\n";
+				print CCDRWCONF "\n#Client gets these nameservers\n";
 				print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS1'}\" \n";
 			}
 			if($cgiparams{'CCD_DNS2'} ne ''){
@@ -4097,6 +4126,9 @@ if ($cgiparams{'TYPE'} eq 'net') {
     $checked{'MSSFIX'}{'on'} = '';
     $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
 
+    if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
+	$cgiparams{'PMTU_DISCOVERY'} = 'off';
+    }
     $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
 
 
@@ -4202,7 +4234,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
 
 	<tr>
 		<td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td>
-		<td colspan='2'>
+		<td colspan='3'>
 			<input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}
 			<input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}
         		<input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'}
@@ -4243,7 +4275,7 @@ if ($cgiparams{'TYPE'} eq 'host') {
 		
 	if (! -z "${General::swroot}/ovpn/ccd.conf"){	
 		print"<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td width='1%'></td><td width='30%' class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td width='15%' class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' align='center' width='18%'><b>$Lang::tr{'ccd clientip'}</td></tr>";
-		foreach my $key (keys %ccdconfhash) {
+		foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
 			$count++;
 			@ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
 			if ($count % 2){print"<tr bgcolor='$color{'color22'}'>";}else{print"<tr bgcolor='$color{'color20'}'>";}
@@ -4401,51 +4433,80 @@ END
 	<tr><td colspan='4'><br></td></tr>
 	<tr><td valign='top' rowspan='3'>$Lang::tr{'ccd iroute2'}</td><td align='left' valign='top' rowspan='3'><select name='IFROUTE' style="width: 205px"; size='6' multiple>
 END
-
+	
+	my $set=0;
+	my $selorange=0;
+	my $selblue=0;
+	my $selgreen=0;
+	my $helpblue=0;
+	my $helporange=0;
+	my $other=0;
+	my $none=0;
+	my @temp=();
+	
 	our @current = ();
-		open(FILE, "${General::swroot}/main/routing") ;
-	    @current = <FILE>;
-	    close (FILE);
-		&General::readhasharray ("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
-		my $set=0;
-		my $selorange=0;
-		my $selblue=0;
-		my $helpblue=0;
-		my $helporange=0;
+	open(FILE, "${General::swroot}/main/routing") ;
+	@current = <FILE>;
+	close (FILE);
+	&General::readhasharray ("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);		
+	#check for "none"
+	foreach my $key (keys %ccdroute2hash) {
+		if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
+			if ($ccdroute2hash{$key}[1] eq ''){
+				$none=1;
+				last;
+			}
+		}
+	}
+	if ($none ne '1'){
 		print"<option>$Lang::tr{'ccd none'}</option>";
-		print"<option selected>$Lang::tr{'green'}</option>";
-				
-		foreach my $line (@current) {
-			chomp($line);				# remove newline
-			my @temp=split(/\,/,$line);
-			$temp[1] = '' unless defined $temp[1]; # not always populated
-			my ($a,$b) = split(/\//,$temp[1]);
-			$temp[1] = $a."/".&General::iporsubtocidr($b);
-			foreach my $key (keys %ccdroute2hash) {
-				if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
-					foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
-											
-							if($ccdroute2hash{$key}[$i] eq $a."/".&General::iporsubtodec($b)){
-								$set=1;
-							}
-							if (&haveBlueNet()){
-								if($netsettings{'BLUE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'BLUE_NETMASK'}) eq $ccdroute2hash{$key}[$i]) {
-								$selblue=1;
-								
-								}
-							}
-							if (&haveOrangeNet()){
-								if($netsettings{'ORANGE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'ORANGE_NETMASK'}) eq $ccdroute2hash{$key}[$i]) {
-									$selorange=1;
-								}
-							}
-						}
+	}else{
+		print"<option selected>$Lang::tr{'ccd none'}</option>";
+	}
+	#check if static routes are defined for client
+	foreach my $line (@current) {
+		chomp($line);	
+		$line=~s/\s*$//g; 			# remove newline
+		@temp=split(/\,/,$line);
+		$temp[1] = '' unless defined $temp[1]; # not always populated
+		my ($a,$b) = split(/\//,$temp[1]);
+		$temp[1] = $a."/".&General::iporsubtocidr($b);
+		foreach my $key (keys %ccdroute2hash) {
+			if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
+				foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
+					if($ccdroute2hash{$key}[$i] eq $a."/".&General::iporsubtodec($b)){
+						$set=1;
 					}
 				}
-				if ($set == '1'){ print"<option selected>$temp[1]</option>";$set=0;}else{print"<option>$temp[1]</option>";}
-				if (&haveBlueNet() && $selblue == '1'){ print"<option selected>$Lang::tr{'blue'}</option>";$selblue=0;}elsif(&haveBlueNet() && $selblue == '0'){print"<option>$Lang::tr{'blue'}</option>";}
-				if (&haveOrangeNet() && $selorange == '1'){ print"<option selected>$Lang::tr{'orange'}</option>";$selorange=0;}elsif(&haveOrangeNet() && $selorange == '0'){print"<option>$Lang::tr{'orange'}</option>";}
 			}
+		}
+		if ($set == '1' && $#temp != -1){ print"<option selected>$temp[1]</option>";$set=0;}elsif($set == '0' && $#temp != -1){print"<option>$temp[1]</option>";}
+	}	
+	#check if green,blue,orange are defined for client
+	foreach my $key (keys %ccdroute2hash) {
+		if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
+			$other=1;
+			foreach my $i (1 .. $#{$ccdroute2hash{$key}}) {
+				if ($ccdroute2hash{$key}[$i] eq $netsettings{'GREEN_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'GREEN_NETMASK'})){
+					$selgreen=1;
+				}
+				if (&haveBlueNet()){
+					if( $ccdroute2hash{$key}[$i] eq $netsettings{'BLUE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'BLUE_NETMASK'})) {
+						$selblue=1;
+					}
+				}
+				if (&haveOrangeNet()){
+					if( $ccdroute2hash{$key}[$i] eq $netsettings{'ORANGE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'ORANGE_NETMASK'}) ) {
+						$selorange=1;
+					}
+				}
+			}
+		}
+	}
+	if (&haveBlueNet() && $selblue == '1'){ print"<option selected>$Lang::tr{'blue'}</option>";$selblue=0;}elsif(&haveBlueNet() && $selblue == '0'){print"<option>$Lang::tr{'blue'}</option>";}
+	if (&haveOrangeNet() && $selorange == '1'){ print"<option selected>$Lang::tr{'orange'}</option>";$selorange=0;}elsif(&haveOrangeNet() && $selorange == '0'){print"<option>$Lang::tr{'orange'}</option>";}			
+	if ($selgreen == '1' || $other == '0'){ print"<option selected>$Lang::tr{'green'}</option>";$set=0;}else{print"<option>$Lang::tr{'green'}</option>";};
+	
 	print<<END
 	</select></td><td valign='top'>DNS1:</td><td valign='top'><input type='TEXT' name='CCD_DNS1' value='$cgiparams{'CCD_DNS1'}' size='30' /></td></tr>
 	<tr valign='top'><td>DNS2:</td><td><input type='TEXT' name='CCD_DNS2' value='$cgiparams{'CCD_DNS2'}' size='30' /></td></tr>
@@ -4494,7 +4555,7 @@ END
     
 #default setzen
     if ($cgiparams{'DCIPHER'} eq '') {
-	$cgiparams{'DCIPHER'} =  'BF-CBC';     
+	$cgiparams{'DCIPHER'} =  'AES-256-CBC';
     }
     if ($cgiparams{'DDEST_PORT'} eq '') {
 	$cgiparams{'DDEST_PORT'} =  '1194';     
@@ -4534,6 +4595,9 @@ END
     $selected{'DCIPHER'}{'AES-128-CBC'} = '';
     $selected{'DCIPHER'}{'AES-192-CBC'} = '';
     $selected{'DCIPHER'}{'AES-256-CBC'} = '';
+    $selected{'DCIPHER'}{'CAMELLIA-128-CBC'} = '';
+    $selected{'DCIPHER'}{'CAMELLIA-192-CBC'} = '';
+    $selected{'DCIPHER'}{'CAMELLIA-256-CBC'} = '';
     $selected{'DCIPHER'}{$cgiparams{'DCIPHER'}} = 'SELECTED';
     $checked{'DCOMPLZO'}{'off'} = '';
     $checked{'DCOMPLZO'}{'on'} = '';
@@ -4602,19 +4666,24 @@ END
     <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
         <td><input type='checkbox' name='DCOMPLZO' $checked{'DCOMPLZO'}{'on'} /></td>
         <td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td>
-        <td><select name='DCIPHER'><option value='DES-CBC' $selected{'DCIPHER'}{'DES-CBC'}>DES-CBC</option>
-				   <option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC</option>
-				   <option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC</option>
-				   <option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC</option>
-				   <option value='RC2-CBC' $selected{'DCIPHER'}{'RC2-CBC'}>RC2-CBC</option>				  				    
-				   <option value='RC2-40-CBC' $selected{'DCIPHER'}{'RC2-40-CBC'}>RC2-40-CBC</option>
-				   <option value='RC2-64-CBC' $selected{'DCIPHER'}{'RC2-64-CBC'}>RC2-64-CBC</option>
-				   <option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC</option>
-				   <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>
-				   <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>
-				   <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>
-				   <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td></tr>
-				   <tr><td colspan='4'><hr /></td></tr>
+        <td><select name='DCIPHER'>
+		<option value='CAMELLIA-256-CBC' $selected{'DCIPHER'}{'CAMELLIA-256-CBC'}>CAMELLIA-256-CBC</option>
+		<option value='CAMELLIA-192-CBC' $selected{'DCIPHER'}{'CAMELLIA-192-CBC'}>CAMELLIA-192-CBC</option>
+		<option value='CAMELLIA-128-CBC' $selected{'DCIPHER'}{'CAMELLIA-128-CBC'}>CAMELLIA-128-CBC</option>
+		<option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option>
+		<option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-192-CBC</option>
+		<option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-128-CBC</option>
+		<option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC</option>
+		<option value='RC2-64-CBC' $selected{'DCIPHER'}{'RC2-64-CBC'}>RC2-64-CBC</option>
+		<option value='RC2-40-CBC' $selected{'DCIPHER'}{'RC2-40-CBC'}>RC2-40-CBC</option>
+		<option value='RC2-CBC' $selected{'DCIPHER'}{'RC2-CBC'}>RC2-CBC</option>
+		<option value='BF-CBC' $selected{'DCIPHER'}{'BF-CBC'}>BF-CBC</option>
+		<option value='DES-CBC' $selected{'DCIPHER'}{'DES-CBC'}>DES-CBC</option>
+		<option value='DES-EDE-CBC' $selected{'DCIPHER'}{'DES-EDE-CBC'}>DES-EDE-CBC</option>
+		<option value='DES-EDE3-CBC' $selected{'DCIPHER'}{'DES-EDE3-CBC'}>DES-EDE3-CBC</option>
+		<option value='DESX-CBC' $selected{'DCIPHER'}{'DESX-CBC'}>DESX-CBC</option>
+	</select></td></tr>
+    <tr><td colspan='4'><br><br></td></tr>
 END
 ;				   
     
@@ -4641,45 +4710,46 @@ END
     }
     print "</form></table>";
     &Header::closebox();
-    &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}:");
+    &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate authorities'}");
     print <<EOF#'
-    <table width='100%' border='0' cellspacing='1' cellpadding='0'>
+    <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
     <tr>
-	<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td>
-	<td width='65%' class='boldbase' align='center'><b>$Lang::tr{'subject'}</b></td>
-	<td width='10%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></td>
+	<th width='25%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
+	<th width='65%' class='boldbase' align='center'><b>$Lang::tr{'subject'}</b></th>
+	<th width='10%' class='boldbase' colspan='3' align='center'><b>$Lang::tr{'action'}</b></th>
     </tr>
 EOF
     ;
+    my $col1="bgcolor='$color{'color22'}'";
+	my $col2="bgcolor='$color{'color20'}'";
     if (-f "${General::swroot}/ovpn/ca/cacert.pem") {
 	my $casubject = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/cacert.pem`;
 	$casubject    =~ /Subject: (.*)[\n]/;
 	$casubject    = $1;
 	$casubject    =~ s+/Email+, E+;
 	$casubject    =~ s/ ST=/ S=/;
-
 	print <<END
-	<tr bgcolor='$color{'color22'}'>
-	<td class='base'>$Lang::tr{'root certificate'}</td>
-	<td class='base'>$casubject</td>
-	<form method='post' name='frmrootcrta'><td width='3%' align='center'>
+	<tr>
+	<td class='base' $col1>$Lang::tr{'root certificate'}</td>
+	<td class='base' $col1>$casubject</td>
+	<form method='post' name='frmrootcrta'><td width='3%' align='center' $col1>
 	    <input type='hidden' name='ACTION' value='$Lang::tr{'show root certificate'}' />
 	    <input type='image' name='$Lang::tr{'edit'}' src='/images/info.gif' alt='$Lang::tr{'show root certificate'}' title='$Lang::tr{'show root certificate'}' width='20' height='20' border='0' />
 	</td></form>
-	<form method='post' name='frmrootcrtb'><td width='3%' align='center'>
+	<form method='post' name='frmrootcrtb'><td width='3%' align='center' $col1>
 	    <input type='image' name='$Lang::tr{'download root certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download root certificate'}' title='$Lang::tr{'download root certificate'}' border='0' />
 	    <input type='hidden' name='ACTION' value='$Lang::tr{'download root certificate'}' />
 	</td></form>
-	<td width='4%'>&nbsp;</td></tr>
+	<td width='4%' $col1>&nbsp;</td></tr>
 END
 	;
     } else {
 	# display rootcert generation buttons
 	print <<END
-	<tr bgcolor='$color{'color22'}'>
-	<td class='base'>$Lang::tr{'root certificate'}:</td>
-	<td class='base'>$Lang::tr{'not present'}</td>
-	<td colspan='3'>&nbsp;</td></tr>
+	<tr>
+	<td class='base' $col1>$Lang::tr{'root certificate'}:</td>
+	<td class='base' $col1>$Lang::tr{'not present'}</td>
+	<td colspan='3' $col1>&nbsp;</td></tr>
 END
 	;
     }
@@ -4692,27 +4762,27 @@ END
 	$hostsubject    =~ s/ ST=/ S=/;
 
 	print <<END
-	<tr bgcolor='$color{'color20'}'>
-	<td class='base'>$Lang::tr{'host certificate'}</td>
-	<td class='base'>$hostsubject</td>
-	<form method='post' name='frmhostcrta'><td width='3%' align='center'>
+	<tr>
+	<td class='base' $col2>$Lang::tr{'host certificate'}</td>
+	<td class='base' $col2>$hostsubject</td>
+	<form method='post' name='frmhostcrta'><td width='3%' align='center' $col2>
 	    <input type='hidden' name='ACTION' value='$Lang::tr{'show host certificate'}' />
 	    <input type='image' name='$Lang::tr{'show host certificate'}' src='/images/info.gif' alt='$Lang::tr{'show host certificate'}' title='$Lang::tr{'show host certificate'}' width='20' height='20' border='0' />
 	</td></form>
-	<form method='post' name='frmhostcrtb'><td width='3%' align='center'>
-	    <input type='image' name='$Lang::tr{'download host certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download host certificate'}' title='$Lang::tr{'download host certificate'}' border='0' />
-	    <input type='hidden' name='ACTION' value='$Lang::tr{'download host certificate'}' />
+	<form method='post' name='frmhostcrtb'><td width='3%' align='center' $col2>
+	    <input type='image' name="$Lang::tr{'download host certificate'}" src='/images/media-floppy.png' alt="$Lang::tr{'download host certificate'}" title="$Lang::tr{'download host certificate'}" border='0' />
+	    <input type='hidden' name='ACTION' value="$Lang::tr{'download host certificate'}" />
 	</td></form>
-	<td width='4%'>&nbsp;</td></tr>
+	<td width='4%' $col2>&nbsp;</td></tr>
 END
 	;
     } else {
 	# Nothing
 	print <<END
-	<tr bgcolor='$color{'color20'}'>
-	<td width='25%' class='base'>$Lang::tr{'host certificate'}:</td>
-	<td class='base'>$Lang::tr{'not present'}</td>
-	</td><td colspan='3'>&nbsp;</td></tr>
+	<tr>
+	<td width='25%' class='base' $col2>$Lang::tr{'host certificate'}:</td>
+	<td class='base' $col2>$Lang::tr{'not present'}</td>
+	</td><td colspan='3' $col2>&nbsp;</td></tr>
 END
 	;
     }
@@ -4775,7 +4845,7 @@ print <<END
 <form method='post' enctype='multipart/form-data'>
 <table width='100%' border='0'>
 <tr><td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td><td nowrap='nowrap' width='8%'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'/></td><td nowrap='nowrap' align='right'><input type='file' name='FH' size='25' /><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /></td></tr>
-<tr><td colspan='4'><hr /></td></tr>
+<tr><td colspan='4'><br></td></tr>
 <tr align='right'><td colspan='4' align='right' width='80%'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td></tr>
 </table>
 END
@@ -4799,29 +4869,31 @@ END
     print <<END
 
 
-    <table width='100%' border='0' cellspacing='1' cellpadding='0'>
+    <table width='100%' cellspacing='1' cellpadding='0' class='tbl'>
 <tr>
-    <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td>
-    <td width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></td>
-    <td width='22%' class='boldbase' align='center'><b>$Lang::tr{'network'}</b></td>
-    <td width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td>
-    <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></td>
-    <td width='5%' class='boldbase' colspan='6' align='center'><b>$Lang::tr{'action'}</b></td>
+    <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th>
+    <th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th>
+    <th width='22%' class='boldbase' align='center'><b>$Lang::tr{'network'}</b></th>
+    <th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th>
+    <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th>
+    <th width='5%' class='boldbase' colspan='6' align='center'><b>$Lang::tr{'action'}</b></th>
 </tr>
 END
 	;
-        my $id = 0;
-        my $gif;
-	 foreach my $key (sort { uc($confighash{$a}[1]) cmp uc($confighash{$b}[1]) } keys %confighash) {
-    	if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
-
+	my $id = 0;
+	my $gif;
+	my $col1="";
+	foreach my $key (sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) {
+	if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
 	if ($id % 2) {
-	    print "<tr bgcolor='$color{'color20'}'>\n";
+		print "<tr>";
+		$col="bgcolor='$color{'color20'}'";
 	} else {
-	    print "<tr bgcolor='$color{'color22'}'>\n";
+		print "<tr>";
+		$col="bgcolor='$color{'color22'}'";
 	}
-	print "<td align='center' nowrap='nowrap'>$confighash{$key}[1]</td>";
-	print "<td align='center' nowrap='nowrap'>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>";
+	print "<td align='center' nowrap='nowrap' $col>$confighash{$key}[1]</td>";
+	print "<td align='center' nowrap='nowrap' $col>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>";
 	#if ($confighash{$key}[4] eq 'cert') {
 	    #print "<td align='left' nowrap='nowrap'>$confighash{$key}[2]</td>";
 	#} else {
@@ -4832,19 +4904,20 @@ END
 	$cavalid    = $1;
 	if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]="net-2-net";}
 	if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'host' ){$confighash{$key}[32]="dynamic";}
-	print "<td align='center'>$confighash{$key}[32]</td>";
-	print "<td align='center'>$confighash{$key}[25]</td>";
-
-	my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
+	print "<td align='center' $col>$confighash{$key}[32]</td>";
+	print "<td align='center' $col>$confighash{$key}[25]</td>";
+	$col1="bgcolor='${Header::colourred}'";
+	my $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>";
 
 	if ($confighash{$key}[0] eq 'off') {
-	 $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
+		$col1="bgcolor='${Header::colourblue}'";
+		$active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>";
 	} else {
 
 ###
 # m.a.d net2net
-###       
-       
+###
+
        if ($confighash{$key}[3] eq 'net') {
 
         if (-e "/var/run/$confighash{$key}[1]n2n.pid") {
@@ -4868,54 +4941,50 @@ END
 #EXITING       -- A graceful exit is in progress.
 ####
 
-        if ( $tustate[1] eq 'CONNECTED') {
-          $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></tr></td></table>";
-                          } else {
-          $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$tustate[1]</font></b></td></tr></table>";                          
+		if (($tustate[1] eq 'CONNECTED') || ($tustate[1] eq 'WAIT')) {
+			$col1="bgcolor='${Header::colourgreen}'";
+			$active = "<b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b>";
+		}else {
+			$col1="bgcolor='${Header::colourred}'";
+			$active = "<b><font color='#FFFFFF'>$tustate[1]</font></b>";
+		}
            }
-           } 
            }
-        }	else {
-
-	        my $cn;
-    	    my @match = ();	
-	  foreach my $line (@status) {
-		chomp($line);
-		if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
-		    @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
-		    if ($match[1] ne "Common Name") {
-	    		$cn = $match[1];
-		    }	    
-	    	$cn =~ s/[_]/ /g;
-		    if ($cn eq "$confighash{$key}[2]") {
-			$active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>";
-		    }
-   }
-      
+        }else {
+
+				my $cn;
+				my @match = ();
+		foreach my $line (@status) {
+			chomp($line);
+			if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
+				@match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
+				if ($match[1] ne "Common Name") {
+					$cn = $match[1];
+				}
+				$cn =~ s/[_]/ /g;
+				if ($cn eq "$confighash{$key}[2]") {
+					$col1="bgcolor='${Header::colourgreen}'";
+					$active = "<b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b>";
+				}
+			}
+		}
 	}
 }
-}
 
 
-	my $disable_clientdl = "disabled='disabled'";
-	if (( $cgiparams{'ENABLED'} eq 'on') || 
-	    ( $cgiparams{'ENABLED_BLUE'} eq 'on') ||
-	    ( $cgiparams{'ENABLED_ORANGE'} eq 'on')){
-	    $disable_clientdl = "";
-	}
 	print <<END
-	<td align='center'>$active</td>
+	<td align='center' $col1>$active</td>
 		
-	<form method='post' name='frm${key}a'><td align='center'>
-	    <input type='image'  name='$Lang::tr{'dl client arch'}' $disable_clientdl src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
-	    <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' $disable_clientdl />
-	    <input type='hidden' name='KEY' value='$key' $disable_clientdl />
+	<form method='post' name='frm${key}a'><td align='center' $col>
+	    <input type='image'  name='$Lang::tr{'dl client arch'}' src='/images/openvpn.png' alt='$Lang::tr{'dl client arch'}' title='$Lang::tr{'dl client arch'}' border='0' />
+	    <input type='hidden' name='ACTION' value='$Lang::tr{'dl client arch'}' />
+	    <input type='hidden' name='KEY' value='$key' />
 	</td></form>
 END
 	;
 	if ($confighash{$key}[4] eq 'cert') {
 	    print <<END
-	    <form method='post' name='frm${key}b'><td align='center'>
+	    <form method='post' name='frm${key}b'><td align='center' $col>
 		<input type='image' name='$Lang::tr{'show certificate'}' src='/images/info.gif' alt='$Lang::tr{'show certificate'}' title='$Lang::tr{'show certificate'}' border='0' />
 		<input type='hidden' name='ACTION' value='$Lang::tr{'show certificate'}' />
 		<input type='hidden' name='KEY' value='$key' />
@@ -4926,7 +4995,7 @@ END
 	}
 	if ($confighash{$key}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$key}[1].p12") { 
 	    print <<END
-	    <form method='post' name='frm${key}c'><td align='center'>
+	    <form method='post' name='frm${key}c'><td align='center' $col>
 		<input type='image' name='$Lang::tr{'download pkcs12 file'}' src='/images/media-floppy.png' alt='$Lang::tr{'download pkcs12 file'}' title='$Lang::tr{'download pkcs12 file'}' border='0' />
 		<input type='hidden' name='ACTION' value='$Lang::tr{'download pkcs12 file'}' />
 		<input type='hidden' name='KEY' value='$key' />
@@ -4934,7 +5003,7 @@ END
 END
 	; } elsif ($confighash{$key}[4] eq 'cert') {
 	    print <<END
-	    <form method='post' name='frm${key}c'><td align='center'>
+	    <form method='post' name='frm${key}c'><td align='center' $col>
 		<input type='image' name='$Lang::tr{'download certificate'}' src='/images/media-floppy.png' alt='$Lang::tr{'download certificate'}' title='$Lang::tr{'download certificate'}' border='0' />
 		<input type='hidden' name='ACTION' value='$Lang::tr{'download certificate'}' />
 		<input type='hidden' name='KEY' value='$key' />
@@ -4944,18 +5013,18 @@ END
 	    print "<td>&nbsp;</td>";
 	}
 	print <<END
-	<form method='post' name='frm${key}d'><td align='center'>
+	<form method='post' name='frm${key}d'><td align='center' $col>
 	    <input type='image' name='$Lang::tr{'toggle enable disable'}' src='/images/$gif' alt='$Lang::tr{'toggle enable disable'}' title='$Lang::tr{'toggle enable disable'}' border='0' />
 	    <input type='hidden' name='ACTION' value='$Lang::tr{'toggle enable disable'}' />
 	    <input type='hidden' name='KEY' value='$key' />
 	</td></form>
 
-	<form method='post' name='frm${key}e'><td align='center'>
+	<form method='post' name='frm${key}e'><td align='center' $col>
 	    <input type='hidden' name='ACTION' value='$Lang::tr{'edit'}' />
 	    <input type='image' name='$Lang::tr{'edit'}' src='/images/edit.gif' alt='$Lang::tr{'edit'}' title='$Lang::tr{'edit'}' width='20' height='20' border='0'/>
 	    <input type='hidden' name='KEY' value='$key' />
 	</td></form>
-	<form method='post' name='frm${key}f'><td align='center'>
+	<form method='post' name='frm${key}f'><td align='center' $col>
 	    <input type='hidden' name='ACTION' value='$Lang::tr{'remove'}' />
 	    <input type='image'  name='$Lang::tr{'remove'}' src='/images/delete.gif' alt='$Lang::tr{'remove'}' title='$Lang::tr{'remove'}' width='20' height='20' border='0' />
 	    <input type='hidden' name='KEY' value='$key' />
@@ -4991,7 +5060,7 @@ END
 	<td> <img src='/images/openvpn.png' alt='?RELOAD'/></td>
 	<td class='base'>$Lang::tr{'dl client arch'}</td>
     </tr>
-    </table><hr>
+    </table><br>
 END
     ;
     }