X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fovpnmain.cgi;h=d8fc8932767c0473b8a612a124ad2a87f0b434b1;hp=75b6c75f10c9cb6a8389067db9d6dc7dd889965d;hb=b3c53248d97ee083fcf43cc5ff745396be06ca1a;hpb=30491c6ac70ce55d4bfbcec5aee6096808b3c193 diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 75b6c75f1..d8fc89327 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -222,50 +222,6 @@ sub checkportinc } } -# Darren Critchley - certain ports are reserved for IPFire -# TCP 67,68,81,222,445 -# UDP 67,68 -# Params passed in -> port, rangeyn, protocol -sub disallowreserved -{ - # port 67 and 68 same for tcp and udp, don't bother putting in an array - my $msg = ""; - my @tcp_reserved = (81,222,445); - my $prt = $_[0]; # the port or range - my $ryn = $_[1]; # tells us whether or not it is a port range - my $prot = $_[2]; # protocol - my $srcdst = $_[3]; # source or destination - if ($ryn) { # disect port range - if ($srcdst eq "src") { - $msg = "$Lang::tr{'rsvd src port overlap'}"; - } else { - $msg = "$Lang::tr{'rsvd dst port overlap'}"; - } - my @tmprng = split(/\:/,$prt); - unless (67 < $tmprng[0] || 67 > $tmprng[1]) { $errormessage="$msg 67"; return; } - unless (68 < $tmprng[0] || 68 > $tmprng[1]) { $errormessage="$msg 68"; return; } - if ($prot eq "tcp") { - foreach my $prange (@tcp_reserved) { - unless ($prange < $tmprng[0] || $prange > $tmprng[1]) { $errormessage="$msg $prange"; return; } - } - } - } else { - if ($srcdst eq "src") { - $msg = "$Lang::tr{'reserved src port'}"; - } else { - $msg = "$Lang::tr{'reserved dst port'}"; - } - if ($prt == 67) { $errormessage="$msg 67"; return; } - if ($prt == 68) { $errormessage="$msg 68"; return; } - if ($prot eq "tcp") { - foreach my $prange (@tcp_reserved) { - if ($prange == $prt) { $errormessage="$msg $prange"; return; } - } - } - } - return; -} - sub writeserverconf { my %sovpnsettings = (); my @temp = (); @@ -553,7 +509,7 @@ sub getccdadresses my @iprange=(); my %ccdhash=(); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); - $iprange[0]=$ip1.".".$ip2.".".$ip3.".".2; + $iprange[0]=$ip1.".".$ip2.".".$ip3.".".($ip4+2); for (my $i=1;$i<=$count;$i++) { my $tmpip=$iprange[$i-1]; my $stepper=$i*4; @@ -1093,16 +1049,11 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg goto SETTINGS_ERROR; } } - if ($cgiparams{'ENABLED'} eq 'on'){ - &disallowreserved($cgiparams{'DDEST_PORT'},0,$cgiparams{'DPROTOCOL'},"dest"); - } if ($errormessage) { goto SETTINGS_ERROR; } - - + if ($cgiparams{'ENABLED'} eq 'on'){ &checkportfw($cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'}); } - if ($errormessage) { goto SETTINGS_ERROR; } if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) { @@ -2208,7 +2159,7 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { } else { $errormessage = $Lang::tr{'invalid key'}; } - + &General::firewall_reload(); ### ### Download PKCS12 file @@ -2331,7 +2282,7 @@ ADV_ERROR: &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'}); print < - +
@@ -2399,12 +2350,12 @@ print < - + - + @@ -2534,10 +2485,10 @@ if ($cgiparams{'ACTION'} eq "edit"){ &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'}); print < +
$Lang::tr{'dhcp-options'}
fragment
Default: 1300$Lang::tr{'openvpn default'}: 1300
mssfix Default: on$Lang::tr{'openvpn default'}: on
- + @@ -2597,7 +2548,7 @@ END print" + END ; } @@ -2836,7 +2787,7 @@ if ( -s "${General::swroot}/ovpn/settings") { - + @@ -4371,7 +4322,7 @@ if ($cgiparams{'TYPE'} eq 'host') { - + @@ -4630,7 +4581,7 @@ END } &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'}); print < +
$Lang::tr{'ccd name'}:$Lang::tr{'ccd subnet'}:
$Lang::tr{'ccd subnet'}:
$ccdconf[0]$ccdconf[1]$ccdhosts/".(&ccdmaxclients($ccdconf[1])+1).""; print < - + @@ -2606,7 +2557,7 @@ print < -
$Lang::tr{'net to net vpn'} (Upload Client Package)
 
 Import Connection Name
 Default : Client Packagename
 $Lang::tr{'openvpn default'}: Client Packagename
* $Lang::tr{'this field may be blank'}
  $Lang::tr{'pkcs12 file password'}:
 $Lang::tr{'pkcs12 file password'}:
($Lang::tr{'confirmation'})
 $Lang::tr{'pkcs12 file password'}:
($Lang::tr{'confirmation'})
 
@@ -4662,7 +4613,7 @@ END - + @@ -4941,7 +4892,7 @@ END #EXITING -- A graceful exit is in progress. #### - if ( $tustate[1] eq 'CONNECTED') { + if (($tustate[1] eq 'CONNECTED') || ($tustate[1] eq 'WAIT')) { $col1="bgcolor='${Header::colourgreen}'"; $active = "$Lang::tr{'capsopen'}"; }else {
   $Lang::tr{'destination port'}:
$Lang::tr{'MTU'} 
$Lang::tr{'comp-lzo'} $Lang::tr{'cipher'}