From: Stefan Schantl Date: Sat, 17 Nov 2012 12:04:53 +0000 (+0100) Subject: Merge branch 'ovpn-mtu-disc' into next X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=350f298025cf2f46ad9c25e4936e9aa9682ee452 Merge branch 'ovpn-mtu-disc' into next Conflicts: html/cgi-bin/ovpnmain.cgi --- 350f298025cf2f46ad9c25e4936e9aa9682ee452 diff --cc html/cgi-bin/ovpnmain.cgi index baabe8b38,5fc5dd4ad..d302cf524 mode 100755,100644..100755 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@@ -77,12 -77,9 +77,13 @@@ $cgiparams{'DHCP_WINS'} = '' $cgiparams{'ROUTES_PUSH'} = ''; $cgiparams{'DCOMPLZO'} = 'off'; $cgiparams{'MSSFIX'} = ''; +$cgiparams{'number'} = ''; + $cgiparams{'PMTU_DISCOVERY'} = ''; $routes_push_file = "${General::swroot}/ovpn/routes_push"; unless (-e $routes_push_file) { system("touch $routes_push_file"); } +unless (-e "${General::swroot}/ovpn/ccd.conf") { system("touch ${General::swroot}/ovpn/ccd.conf"); } +unless (-e "${General::swroot}/ovpn/ccdroute") { system("touch ${General::swroot}/ovpn/ccdroute"); } +unless (-e "${General::swroot}/ovpn/ccdroute2") { system("touch ${General::swroot}/ovpn/ccdroute2"); } &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'}); @@@ -346,35 -342,29 +346,46 @@@ sub writeserverconf print CONF "dh /var/ipfire/ovpn/ca/dh1024.pem\n"; my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'}); print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n"; - print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n"; + #print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n"; - + + # Check if we are using mssfix, fragment or mtu-disc and set the corretct mtu of 1500. + # If we doesn't use one of them, we can use the configured mtu value. + if ($sovpnsettings{'MSSFIX'} eq 'on') + { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } + elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') + { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } + elsif ($sovpnsettings{'PMTU_DISCOVERY'} ne 'off') + { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } + else + { print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; } + if ($vpnsettings{'ROUTES_PUSH'} ne '') { - @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'}); - foreach (@temp) - { - @tempovpnsubnet = split("\/",&General::ipcidr2msk($_)); - print CONF "push \"route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . "\"\n"; + @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'}); + foreach (@temp) + { + @tempovpnsubnet = split("\/",&General::ipcidr2msk($_)); + print CONF "push \"route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . "\"\n"; + } } - } +# a.marx ccd + my %ccdconfhash=(); + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + foreach my $key (keys %ccdconfhash) { + my $a=$ccdconfhash{$key}[1]; + my ($b,$c) = split (/\//, $a); + print CONF "route $b ".&General::cidrtosub($c)."\n"; + } + my %ccdroutehash=(); + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + foreach my $key (keys %ccdroutehash) { + foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){ + my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]); + print CONF "route $a $b\n"; + } + } +# ccd end - if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { + if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { print CONF "client-to-client\n"; } if ($sovpnsettings{MSSFIX} eq 'on') { @@@ -1982,6 -1703,13 +2020,13 @@@ if ($confighash{$cgiparams{'KEY'}}[3] e if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";} if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";} } - if ($confighash{$cgiparams{'KEY'}}[32] ne 'off') { ++ if ($confighash{$cgiparams{'KEY'}}[38] ne 'off') { + if (($confighash{$cgiparams{'KEY'}}[23] ne 'on') || ($confighash{$cgiparams{'KEY'}}[24] eq '')) { + if ($tunmtu eq '1500' ) { - print CLIENTCONF "mtu-disc $confighash{$cgiparams{'KEY'}}[32]\n"; ++ print CLIENTCONF "mtu-disc $confighash{$cgiparams{'KEY'}}[38]\n"; + } + } + } print CLIENTCONF "ns-cert-type server\n"; print CLIENTCONF "# Auth. Client\n"; print CLIENTCONF "tls-client\n"; @@@ -2035,13 -1763,23 +2080,24 @@@ els my $zip = Archive::Zip->new(); - print CLIENTCONF "#OpenVPN Server conf\r\n"; + print CLIENTCONF "#OpenVPN Client conf\r\n"; print CLIENTCONF "tls-client\r\n"; print CLIENTCONF "client\r\n"; + print CLIENTCONF "nobind\n"; print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n"; print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n"; - print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; + + # Check if we are using fragment, mssfix or mtu-disc and set MTU to 1500 + # or use configured value. + if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) + { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; } + elsif ($vpnsettings{MSSFIX} eq 'on') + { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; } + elsif ($vpnsettings{PMTU_DISCOVERY} ne 'off') + { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; } + else + { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; } + if ( $vpnsettings{'ENABLED'} eq 'on'){ print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n"; if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){ @@@ -3009,26 -2609,27 +3081,28 @@@ foreach my $dkey (keys %confighash) $key = &General::findhasharraykey (\%confighash); - foreach my $i (0 .. 38) { $confighash{$key}[$i] = "";} - foreach my $i (0 .. 32) { $confighash{$key}[$i] = "";} ++ foreach my $i (0 .. 39) { $confighash{$key}[$i] = "";} ++ $confighash{$key}[0] = 'off'; $confighash{$key}[1] = $n2nname[0]; - $confighash{$key}[2] = $n2nname[0]; - $confighash{$key}[2] = $n2nname[0]; ++ $confighash{$key}[2] = $n2nname[0]; $confighash{$key}[3] = 'net'; $confighash{$key}[4] = 'cert'; $confighash{$key}[6] = 'client'; $confighash{$key}[8] = $n2nlocalsub[2]; - $confighash{$key}[10] = $n2nremote[1]; - $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]"; - $confighash{$key}[10] = $n2nremote[1]; - $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]"; ++ $confighash{$key}[10] = $n2nremote[1]; ++ $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]"; $confighash{$key}[22] = $n2nmgmt[2]; - $confighash{$key}[23] = $mssfixactive; - $confighash{$key}[23] = $mssfixactive; ++ $confighash{$key}[23] = $mssfixactive; $confighash{$key}[24] = $n2nfragment[1]; - $confighash{$key}[25] = 'IPFire n2n Client'; - $confighash{$key}[25] = 'IPFire n2n Client'; ++ $confighash{$key}[25] = 'IPFire n2n Client'; $confighash{$key}[26] = 'red'; - $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0"; - $confighash{$key}[28] = $n2nproto[0]; - $confighash{$key}[29] = $n2nport[1]; - $confighash{$key}[30] = $complzoactive; - $confighash{$key}[31] = $n2ntunmtu[1]; - $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0"; - $confighash{$key}[28] = $n2nproto[0]; - $confighash{$key}[29] = $n2nport[1]; - $confighash{$key}[30] = $complzoactive; - $confighash{$key}[31] = $n2ntunmtu[1]; - $confighash{$key}[32] = $n2nmtudisc[1]; ++ $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0"; ++ $confighash{$key}[28] = $n2nproto[0]; ++ $confighash{$key}[29] = $n2nport[1]; ++ $confighash{$key}[30] = $complzoactive; ++ $confighash{$key}[31] = $n2ntunmtu[1]; ++ $confighash{$key}[38] = $n2nmtudisc[1]; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); @@@ -3066,6 -2667,7 +3140,7 @@@ MSSFIX $confighash{$key}[23] Fragment $confighash{$key}[24] $Lang::tr{'MTU'}$confighash{$key}[31] - $Lang::tr{'ovpn mtu-disc'}$confighash{$key}[32] ++ $Lang::tr{'ovpn mtu-disc'}$confighash{$key}[38] Management Port $confighash{$key}[22]    @@@ -3133,188 -2735,40 +3208,189 @@@ if ($confighash{$cgiparams{'KEY'}}) &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { - if (! $confighash{$cgiparams{'KEY'}}[0]) { - $errormessage = $Lang::tr{'invalid key'}; - goto VPNCONF_END; - } - $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0]; - $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1]; - $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3]; - $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; - $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5]; - $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6]; - $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8]; - $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10]; - $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11]; -# n2n m.a.d new fields - $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22]; - $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23]; - $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24]; - $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; - $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26]; -#new fields - $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27]; - $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28]; - $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29]; - $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30]; - $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31]; - $cgiparams{'PMTU_DISCOVERY'} = $confighash{$cgiparams{'KEY'}}[32]; - -#new fields -#ab hiere error uebernehmen - - } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { + if (! $confighash{$cgiparams{'KEY'}}[0]) { + $errormessage = $Lang::tr{'invalid key'}; + goto VPNCONF_END; + } + $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0]; + $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1]; + $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3]; + $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; + $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5]; + $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6]; + $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8]; + $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10]; + $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11]; + $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22]; + $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23]; + $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24]; + $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; + $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26]; + $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27]; + $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28]; + $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29]; + $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30]; + $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31]; + $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32]; + my $name=$cgiparams{'CHECK1'} ; + $cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33]; + $cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34]; + $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35]; + $cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36]; + $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37]; ++ $cgiparams{'PMTU_DISCOVERY'} = $confighash{$cgiparams{'KEY'}}[38]; + } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); - if ($cgiparams{'TYPE'} !~ /^(host|net)$/) { +#A.Marx CCD check iroute field and convert it to decimal + + my @temp=(); + my %ccdroutehash=(); + my $keypoint=0; + if ($cgiparams{'IR'} ne ''){ + @temp = split("\n",$cgiparams{'IR'}); + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + #find key to use + foreach my $key (keys %ccdroutehash) { + if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) { + $keypoint=$key; + delete $ccdroutehash{$key}; + }else{ + $keypoint = &General::findhasharraykey (\%ccdroutehash); + } + } + $ccdroutehash{$keypoint}[0]=$cgiparams{'NAME'}; + my $i=1; + my $val=0; + foreach $val (@temp){ + chomp($val); + $val=~s/\s*$//g; + my($ip,$cidr) = split(/\//,$val); + $cidr=&General::iporsubtodec($cidr); + + #check if iroute exists in ccdroute + foreach my $key (keys %ccdroutehash) { + foreach my $oldiroute ( 1 .. $#{$ccdroutehash{$key}}){ + if ($ccdroutehash{$key}[$oldiroute] eq "$ip/$cidr") { + $errormessage=$Lang::tr{'ccd err irouteexist'}; + goto VPNCONF_ERROR; + } + } + } + + #check for existing network IP's + if ((&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0')|| + (&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0')|| + (&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '')|| + (&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' )){ + $errormessage="$ip USED FOR SYSTEM!"; + goto VPNCONF_ERROR; + } + + + + if (&General::validipandmask($val)){ + $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr; + }else{ + $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($ip/$cidr)"; + goto VPNCONF_ERROR; + } + $i++; + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + &writeserverconf; + }else{ + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + foreach my $key (keys %ccdroutehash) { + if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) { + delete $ccdroutehash{$key}; + &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + &writeserverconf; + } + } + } + undef @temp; + #check route field and convert it to decimal + my %ccdroute2hash=(); + my $val=0; + my $i=1; + + &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); + if($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} || $cgiparams{'IFROUTE'} eq '') { + undef $cgiparams{'IFROUTE'}; + foreach my $key (keys %ccdroute2hash){ + if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) { + delete $ccdroute2hash{$key}; + } + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); + }else{ + #find key to use + foreach my $key (keys %ccdroute2hash) { + if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) { + $keypoint=$key; + delete $ccdroute2hash{$key}; + }else{ + $keypoint = &General::findhasharraykey (\%ccdroute2hash); + &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + &writeserverconf; + } + } + $ccdroute2hash{$keypoint}[0]=$cgiparams{'NAME'}; + @temp = split(/\|/,$cgiparams{'IFROUTE'}); + my %ownnet=(); + &General::readhash("${General::swroot}/ethernet/settings", \%ownnet); + foreach $val (@temp){ + chomp($val); + $val=~s/\s*$//g; + if ($val eq $Lang::tr{'green'}) + { + $val=$ownnet{GREEN_NETADDRESS}."/".$ownnet{GREEN_NETMASK}; + } + if ($val eq $Lang::tr{'blue'}) + { + $val=$ownnet{BLUE_NETADDRESS}."/".$ownnet{BLUE_NETMASK}; + } + if ($val eq $Lang::tr{'orange'}) + { + $val=$ownnet{ORANGE_NETADDRESS}."/".$ownnet{ORANGE_NETMASK}; + } + my ($ip,$cidr) = split (/\//, $val); + if (! &check_routes_push($val)){$errormessage=$errormessage."Route $val ".$Lang::tr{'ccd err routeovpn2'}." ($val)";goto VPNCONF_ERROR;} + if (! &check_ccdroute($val)){$errormessage=$errormessage."
Route $val ".$Lang::tr{'ccd err inuse'}." ($val)" ;goto VPNCONF_ERROR;} + if (! &check_ccdconf($val)){$errormessage=$errormessage."
Route $val ".$Lang::tr{'ccd err routeovpn'}." ($val)";goto VPNCONF_ERROR;} + if (&General::validipandmask($val)){ + $val=$ip."/".&General::iporsubtodec($cidr); + $ccdroute2hash{$keypoint}[$i] = $val; + }else{ + $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)"; + goto VPNCONF_ERROR; + } + $i++; + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); + } + #check dns1 ip + if ($cgiparams{'CCD_DNS1'} ne '' && ! &General::validip($cgiparams{'CCD_DNS1'})) { + $errormessage=$errormessage."
".$Lang::tr{'invalid input for dhcp dns'}." 1"; + goto VPNCONF_ERROR; + } + #check dns2 ip + if ($cgiparams{'CCD_DNS2'} ne '' && ! &General::validip($cgiparams{'CCD_DNS2'})) { + $errormessage=$errormessage."
".$Lang::tr{'invalid input for dhcp dns'}." 2"; + goto VPNCONF_ERROR; + } + #check wins ip + if ($cgiparams{'CCD_WINS'} ne '' && ! &General::validip($cgiparams{'CCD_WINS'})) { + $errormessage=$errormessage."
".$Lang::tr{'invalid input for dhcp wins'}; + goto VPNCONF_ERROR; + } + + +#CCD End + + + if ($cgiparams{'TYPE'} !~ /^(host|net)$/) { $errormessage = $Lang::tr{'connection type is invalid'}; if ($cgiparams{'TYPE'} eq 'net') { unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; @@@ -3764,119 -3234,46 +3856,120 @@@ if ($cgiparams{'TYPE'} eq 'net') # Save the config my $key = $cgiparams{'KEY'}; + if (! $key) { $key = &General::findhasharraykey (\%confighash); - foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";} + foreach my $i (0 .. 38) { $confighash{$key}[$i] = "";} } - $confighash{$key}[0] = $cgiparams{'ENABLED'}; - $confighash{$key}[1] = $cgiparams{'NAME'}; + $confighash{$key}[0] = $cgiparams{'ENABLED'}; + $confighash{$key}[1] = $cgiparams{'NAME'}; if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') { - $confighash{$key}[2] = $cgiparams{'CERT_NAME'}; + $confighash{$key}[2] = $cgiparams{'CERT_NAME'}; } - $confighash{$key}[3] = $cgiparams{'TYPE'}; + + $confighash{$key}[3] = $cgiparams{'TYPE'}; if ($cgiparams{'AUTH'} eq 'psk') { - $confighash{$key}[4] = 'psk'; - $confighash{$key}[5] = $cgiparams{'PSK'}; + $confighash{$key}[4] = 'psk'; + $confighash{$key}[5] = $cgiparams{'PSK'}; } else { - $confighash{$key}[4] = 'cert'; + $confighash{$key}[4] = 'cert'; } if ($cgiparams{'TYPE'} eq 'net') { - $confighash{$key}[6] = $cgiparams{'SIDE'}; - $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; + $confighash{$key}[6] = $cgiparams{'SIDE'}; + $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; } - $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; - $confighash{$key}[10] = $cgiparams{'REMOTE'}; + $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; + $confighash{$key}[10] = $cgiparams{'REMOTE'}; if ($cgiparams{'OVPN_MGMT'} eq '') { - $confighash{$key}[22] = $confighash{$key}[29]; + $confighash{$key}[22] = $confighash{$key}[29]; } else { - $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'}; + $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'}; } - $confighash{$key}[23] = $cgiparams{'MSSFIX'}; - $confighash{$key}[24] = $cgiparams{'FRAGMENT'}; - $confighash{$key}[25] = $cgiparams{'REMARK'}; - $confighash{$key}[26] = $cgiparams{'INTERFACE'}; + $confighash{$key}[23] = $cgiparams{'MSSFIX'}; + $confighash{$key}[24] = $cgiparams{'FRAGMENT'}; + $confighash{$key}[25] = $cgiparams{'REMARK'}; + $confighash{$key}[26] = $cgiparams{'INTERFACE'}; # new fields - $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'}; - $confighash{$key}[28] = $cgiparams{'PROTOCOL'}; - $confighash{$key}[29] = $cgiparams{'DEST_PORT'}; - $confighash{$key}[30] = $cgiparams{'COMPLZO'}; - $confighash{$key}[31] = $cgiparams{'MTU'}; - $confighash{$key}[32] = $cgiparams{'PMTU_DISCOVERY'}; -# new fileds + $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'}; + $confighash{$key}[28] = $cgiparams{'PROTOCOL'}; + $confighash{$key}[29] = $cgiparams{'DEST_PORT'}; + $confighash{$key}[30] = $cgiparams{'COMPLZO'}; + $confighash{$key}[31] = $cgiparams{'MTU'}; + $confighash{$key}[32] = $cgiparams{'CHECK1'}; + my $name=$cgiparams{'CHECK1'}; + $confighash{$key}[33] = $cgiparams{$name}; + $confighash{$key}[34] = $cgiparams{'RG'}; + $confighash{$key}[35] = $cgiparams{'CCD_DNS1'}; + $confighash{$key}[36] = $cgiparams{'CCD_DNS2'}; + $confighash{$key}[37] = $cgiparams{'CCD_WINS'}; - - ++ $confighash{$key}[38] = $cgiparams{'PMTU_DISCOVERY'}; ++ ++ &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + + if ($cgiparams{'CHECK1'} ){ + + my ($ccdip,$ccdsub)=split "/",$cgiparams{$name}; + my ($a,$b,$c,$d) = split (/\./,$ccdip); + if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";} + open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!"; + print CCDRWCONF "# OpenVPN Clientconfig from CCD extension by Copymaster#\n\n"; + if($cgiparams{'CHECK1'} eq 'dynamic'){ + print CCDRWCONF "#This client uses the dynamic pool\n"; + }else{ + print CCDRWCONF "#Ip address client and Server\n"; + print CCDRWCONF "ifconfig-push $ccdip ".&General::getlastip($ccdip,1)."\n"; + } + if ($confighash{$key}[34] eq 'on'){ + print CCDRWCONF "\n#Redirect Gateway: \n#All IP traffic is redirected through the vpn \n"; + print CCDRWCONF "push redirect-gateway\n"; + } + if ($cgiparams{'IR'} ne ''){ + print CCDRWCONF "\n#Client routes these Networks (behind Client)\n"; + foreach my $key (keys %ccdroutehash){ + if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}){ + foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){ + my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]); + print CCDRWCONF "iroute $a $b\n"; + } + } + } + } + if ($cgiparams{'IFROUTE'} ne ''){ + print CCDRWCONF "\n#Client gets routes to these Networks (behind IPFIRE)\n"; + foreach my $key (keys %ccdroute2hash){ + if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){ + foreach my $i ( 1 .. $#{$ccdroute2hash{$key}}){ + if($ccdroute2hash{$key}[$i] eq $Lang::tr{'blue'}){ + my %blue=(); + &General::readhash("${General::swroot}/ethernet/settings", \%blue); + print CCDRWCONF "push \"route $blue{BLUE_ADDRESS} $blue{BLUE_NETMASK}\n"; + }elsif($ccdroute2hash{$key}[$i] eq $Lang::tr{'orange'}){ + my %orange=(); + &General::readhash("${General::swroot}/ethernet/settings", \%orange); + print CCDRWCONF "push \"route $orange{ORANGE_ADDRESS} $orange{ORANGE_NETMASK}\n"; + }else{ + my ($a,$b)=split (/\//,$ccdroute2hash{$key}[$i]); + print CCDRWCONF "push \"route $a $b\"\n"; + } + } + } + } + } + if(($cgiparams{'CCD_DNS1'} eq '') && ($cgiparams{'CCD_DNS1'} ne '')){ $cgiparams{'CCD_DNS1'} = $cgiparams{'CCD_DNS2'};$cgiparams{'CCD_DNS2'}='';} + if($cgiparams{'CCD_DNS1'} ne ''){ + print CCDRWCONF "\n#Client gets these Nameservers\n"; + print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS1'}\" \n"; + } + if($cgiparams{'CCD_DNS2'} ne ''){ + print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS2'}\" \n"; + } + if($cgiparams{'CCD_WINS'} ne ''){ + print CCDRWCONF "\n#Client gets this WINS server\n"; + print CCDRWCONF "push \"dhcp-option WINS $cgiparams{'CCD_WINS'}\" \n"; + } + close CCDRWCONF; + } ### # m.a.d n2n begin @@@ -4076,59 -3467,52 +4171,69 @@@ $Lang::tr{'openvpn default'}: $Lang::tr{'destination port'} + + $Lang::tr{'ovpn mtu-disc'} + + $Lang::tr{'ovpn mtu-disc yes'} + $Lang::tr{'ovpn mtu-disc maybe'} + $Lang::tr{'ovpn mtu-disc no'} + $Lang::tr{'ovpn mtu-disc off'} + + + END - ; +; } - + #jumper print "$Lang::tr{'remark title'} "; - print ""; + print ""; if ($cgiparams{'TYPE'} eq 'host') { + print "$Lang::tr{'enabled'} "; + } - print "$Lang::tr{'enabled'} \n"; - } - -# if ($cgiparams{'KEY'}) { -# print " "; -# } else { -# print " $Lang::tr{'edit advanced settings when done'}"; -# } -# }else{ - print " "; -# } - + print"

"; +#A.Marx CCD new client - + print ""; + my %ccdconfhash=(); + my %ccdroutehash=(); + my %ccdroute2hash=(); + my %vpnnet=(); + my $vpnip; + &General::readhash("${General::swroot}/ovpn/settings", \%vpnnet); + $vpnip=$vpnnet{'DOVPN_SUBNET'}; + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + my @ccdconf=(); + my $count=0; + my $checked; + $checked{'check1'}{'off'} = ''; + $checked{'check1'}{'on'} = ''; + $checked{'check1'}{$cgiparams{'CHECK1'}} = 'CHECKED'; + print"

$Lang::tr{'ccd choose net'}
$Lang::tr{'ccd dynrange'} ($vpnip)"; + print"


"; + my $name=$cgiparams{'CHECK1'}; + $checked{'RG'}{$cgiparams{'RG'}} = 'CHECKED'; + + if (! -z "${General::swroot}/ovpn/ccd.conf"){ + print""; + foreach my $key (keys %ccdconfhash) { + $count++; + @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]); + if ($count % 2){print"";}else{print"";} + print""; + } + print "
$Lang::tr{'ccd name'}$Lang::tr{'network'}$Lang::tr{'ccd clientip'}
$ccdconf[0]$ccdconf[1]"; + &fillselectbox($ccdconf[1],$ccdconf[0],$cgiparams{$name}); + print"




"; + } +# ccd end &Header::closebox(); - if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') { - # &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'}); - # print < - # $Lang::tr{'use a pre-shared key'} - # - # -END - # ; - # &Header::closebox(); - } elsif (! $cgiparams{'KEY'}) { + + } elsif (! $cgiparams{'KEY'}) { + + my $disabled=''; my $cakeydisabled=''; my $cacrtdisabled='';