From: Michael Tremer Date: Sat, 29 Mar 2014 23:21:33 +0000 (+0100) Subject: Merge branch 'beyond-next' into next X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=ae6ae33f847ea063331b8ce205148334925385fd;hp=8089b78d9d955cc7b4c4a6284b2499c9e234a799 Merge branch 'beyond-next' into next --- diff --git a/config/menu/70-log.menu b/config/menu/70-log.menu index 25ba090fc..08973de5a 100644 --- a/config/menu/70-log.menu +++ b/config/menu/70-log.menu @@ -33,6 +33,11 @@ 'title' => "$Lang::tr{'firewall logs port'}", 'enabled' => 1 }; + $sublogs->{'43.firewallcountry'} = {'caption' => $Lang::tr{'firewall logs country'}, + 'uri' => '/cgi-bin/logs.cgi/firewalllogcountry.dat', + 'title' => "$Lang::tr{'firewall logs country'}", + 'enabled' => 1 + }; $sublogs->{'50.ids'} = {'caption' => $Lang::tr{'ids logs'}, 'uri' => '/cgi-bin/logs.cgi/ids.dat', 'title' => "$Lang::tr{'ids logs'}", diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp index 60e6f5b08..709e0d0e0 100644 --- a/config/rootfiles/common/ppp +++ b/config/rootfiles/common/ppp @@ -14,8 +14,10 @@ etc/ppp/standardloginscript #usr/include/pppd/chap_ms.h #usr/include/pppd/eap.h #usr/include/pppd/ecp.h +#usr/include/pppd/eui64.h #usr/include/pppd/fsm.h #usr/include/pppd/ipcp.h +#usr/include/pppd/ipv6cp.h #usr/include/pppd/ipxcp.h #usr/include/pppd/lcp.h #usr/include/pppd/magic.h @@ -31,18 +33,18 @@ etc/ppp/standardloginscript #usr/include/pppd/tdb.h #usr/include/pppd/upap.h usr/lib/pppd -usr/lib/pppd/2.4.5 -usr/lib/pppd/2.4.5/minconn.so -usr/lib/pppd/2.4.5/openl2tp.so -usr/lib/pppd/2.4.5/passprompt.so -usr/lib/pppd/2.4.5/passwordfd.so -usr/lib/pppd/2.4.5/pppoatm.so -usr/lib/pppd/2.4.5/pppol2tp.so -usr/lib/pppd/2.4.5/radattr.so -usr/lib/pppd/2.4.5/radius.so -usr/lib/pppd/2.4.5/radrealms.so -usr/lib/pppd/2.4.5/rp-pppoe.so -usr/lib/pppd/2.4.5/winbind.so +usr/lib/pppd/2.4.6 +usr/lib/pppd/2.4.6/minconn.so +usr/lib/pppd/2.4.6/openl2tp.so +usr/lib/pppd/2.4.6/passprompt.so +usr/lib/pppd/2.4.6/passwordfd.so +usr/lib/pppd/2.4.6/pppoatm.so +usr/lib/pppd/2.4.6/pppol2tp.so +usr/lib/pppd/2.4.6/radattr.so +usr/lib/pppd/2.4.6/radius.so +usr/lib/pppd/2.4.6/radrealms.so +usr/lib/pppd/2.4.6/rp-pppoe.so +usr/lib/pppd/2.4.6/winbind.so usr/sbin/chat usr/sbin/pppd usr/sbin/pppdump diff --git a/config/rootfiles/common/squid b/config/rootfiles/common/squid index 9515dc3a0..76abbe851 100644 --- a/config/rootfiles/common/squid +++ b/config/rootfiles/common/squid @@ -34,7 +34,7 @@ usr/lib/squid/basic_smb_auth usr/lib/squid/basic_smb_auth.sh #usr/lib/squid/cachemgr.cgi usr/lib/squid/cert_tool -usr/lib/squid/digest_edirectory_auth +usr/lib/squid/cert_valid.pl usr/lib/squid/digest_file_auth usr/lib/squid/digest_ldap_auth usr/lib/squid/diskd @@ -1374,6 +1374,7 @@ usr/lib/squid/errors/pl/error-details.txt #usr/lib/squid/errors/pt-br/ERR_WRITE_ERROR #usr/lib/squid/errors/pt-br/ERR_ZERO_SIZE_OBJECT #usr/lib/squid/errors/pt-br/error-details.txt +#usr/lib/squid/errors/pt-bz #usr/lib/squid/errors/pt-pt #usr/lib/squid/errors/pt/ERR_ACCESS_DENIED #usr/lib/squid/errors/pt/ERR_ACL_TIME_QUOTA_EXCEEDED @@ -2148,6 +2149,7 @@ usr/lib/squid/mib.txt usr/lib/squid/negotiate_wrapper_auth usr/lib/squid/ntlm_fake_auth usr/lib/squid/ntlm_smb_lm_auth +usr/lib/squid/storeid_file_rewrite usr/lib/squid/unlinkd usr/lib/squid/url_fake_rewrite usr/lib/squid/url_fake_rewrite.sh @@ -2173,6 +2175,7 @@ usr/sbin/updxlrator #usr/share/man/man8/ext_wbinfo_group_acl.8 #usr/share/man/man8/log_db_daemon.8 #usr/share/man/man8/squid.8 +#usr/share/man/man8/storeid_file_rewrite.8 #var/cache/squid var/ipfire/proxy/errorpage-ipfire.css var/ipfire/proxy/errorpage-squid.css @@ -2190,4 +2193,3 @@ var/log/cache var/log/squid/access.log var/log/updatexlrator #var/logs -#var/run/squid diff --git a/config/rootfiles/common/vnstat b/config/rootfiles/common/vnstat index 57c54dbef..faabf47e8 100644 --- a/config/rootfiles/common/vnstat +++ b/config/rootfiles/common/vnstat @@ -2,5 +2,10 @@ #etc/cron.d/vnstat etc/vnstat.conf usr/bin/vnstat +usr/bin/vnstati +#usr/sbin/vnstatd +#usr/share/man/man5/vnstat.conf.5 +#usr/share/man/man1/vnstatd.1 +#usr/share/man/man1/vnstati.1 #usr/share/man/man1/vnstat.1 #var/lib/vnstat diff --git a/config/rootfiles/common/vnstati b/config/rootfiles/common/vnstati deleted file mode 100644 index a40fc8cb2..000000000 --- a/config/rootfiles/common/vnstati +++ /dev/null @@ -1,2 +0,0 @@ -usr/bin/vnstati -#usr/share/man/man1/vnstati.1.gz diff --git a/doc/language_issues.de b/doc/language_issues.de index a7d894055..8bf36d695 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -1,4 +1,3 @@ -WARNING: translation string unused: Client status and controlc WARNING: translation string unused: ConnSched scheduler WARNING: translation string unused: ConnSched select profile WARNING: translation string unused: HDD temperature @@ -355,6 +354,7 @@ WARNING: translation string unused: network time WARNING: translation string unused: network traffic graphs WARNING: translation string unused: network updated WARNING: translation string unused: networks settings +WARNING: translation string unused: never WARNING: translation string unused: new optionsfw must boot WARNING: translation string unused: no alcatelusb firmware WARNING: translation string unused: no cfg upload @@ -399,10 +399,11 @@ WARNING: translation string unused: outgoing firewall reset WARNING: translation string unused: outgoing firewall view group WARNING: translation string unused: outgoing firewall warning WARNING: translation string unused: override mtu -WARNING: translation string unused: ovpn WARNING: translation string unused: ovpn config WARNING: translation string unused: ovpn dl +WARNING: translation string unused: ovpn engines WARNING: translation string unused: ovpn log +WARNING: translation string unused: ovpn reneg sec WARNING: translation string unused: ovpn_fastio WARNING: translation string unused: ovpn_fragment WARNING: translation string unused: ovpn_mssfix @@ -449,16 +450,12 @@ WARNING: translation string unused: released WARNING: translation string unused: removable device advice WARNING: translation string unused: reportfile WARNING: translation string unused: requested data -WARNING: translation string unused: reserved dst port -WARNING: translation string unused: reserved src port WARNING: translation string unused: restore hardware settings WARNING: translation string unused: root WARNING: translation string unused: root path WARNING: translation string unused: root user password WARNING: translation string unused: route subnet is invalid WARNING: translation string unused: router ip -WARNING: translation string unused: rsvd dst port overlap -WARNING: translation string unused: rsvd src port overlap WARNING: translation string unused: rules already up to date WARNING: translation string unused: safe removal of umounted device WARNING: translation string unused: save error @@ -609,10 +606,15 @@ WARNING: untranslated string: addons WARNING: untranslated string: bytes WARNING: untranslated string: community rules WARNING: untranslated string: dead peer detection +WARNING: untranslated string: dns servers +WARNING: untranslated string: downlink WARNING: untranslated string: emerging rules +WARNING: untranslated string: first WARNING: untranslated string: fwhost err hostip +WARNING: untranslated string: last WARNING: untranslated string: qos add subclass WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: uplink diff --git a/doc/language_issues.en b/doc/language_issues.en index 26c8d3280..7cf69532a 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -1,4 +1,3 @@ -WARNING: translation string unused: Client status and controlc WARNING: translation string unused: ConnSched scheduler WARNING: translation string unused: ConnSched select profile WARNING: translation string unused: HDD temperature @@ -380,6 +379,7 @@ WARNING: translation string unused: network time WARNING: translation string unused: network traffic graphs WARNING: translation string unused: network updated WARNING: translation string unused: networks settings +WARNING: translation string unused: never WARNING: translation string unused: new optionsfw must boot WARNING: translation string unused: no alcatelusb firmware WARNING: translation string unused: no cfg upload @@ -425,10 +425,11 @@ WARNING: translation string unused: outgoing firewall reset WARNING: translation string unused: outgoing firewall view group WARNING: translation string unused: outgoing firewall warning WARNING: translation string unused: override mtu -WARNING: translation string unused: ovpn WARNING: translation string unused: ovpn config WARNING: translation string unused: ovpn dl +WARNING: translation string unused: ovpn engines WARNING: translation string unused: ovpn log +WARNING: translation string unused: ovpn reneg sec WARNING: translation string unused: ovpn_fastio WARNING: translation string unused: ovpn_fragment WARNING: translation string unused: ovpn_mssfix @@ -476,16 +477,12 @@ WARNING: translation string unused: released WARNING: translation string unused: removable device advice WARNING: translation string unused: reportfile WARNING: translation string unused: requested data -WARNING: translation string unused: reserved dst port -WARNING: translation string unused: reserved src port WARNING: translation string unused: restore hardware settings WARNING: translation string unused: root WARNING: translation string unused: root path WARNING: translation string unused: root user password WARNING: translation string unused: route subnet is invalid WARNING: translation string unused: router ip -WARNING: translation string unused: rsvd dst port overlap -WARNING: translation string unused: rsvd src port overlap WARNING: translation string unused: rules already up to date WARNING: translation string unused: safe removal of umounted device WARNING: translation string unused: save error @@ -640,8 +637,13 @@ WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: Scan for Songs WARNING: untranslated string: bytes +WARNING: untranslated string: dns servers +WARNING: untranslated string: downlink +WARNING: untranslated string: first WARNING: untranslated string: fwhost err hostip +WARNING: untranslated string: last WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: uplink diff --git a/doc/language_issues.es b/doc/language_issues.es index ab8dea730..e32468403 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -369,7 +369,6 @@ WARNING: translation string unused: outgoing firewall p2p description WARNING: translation string unused: outgoing firewall reset WARNING: translation string unused: outgoing firewall warning WARNING: translation string unused: override mtu -WARNING: translation string unused: ovpn WARNING: translation string unused: ovpn config WARNING: translation string unused: ovpn dl WARNING: translation string unused: ovpn log @@ -420,16 +419,12 @@ WARNING: translation string unused: released WARNING: translation string unused: removable device advice WARNING: translation string unused: reportfile WARNING: translation string unused: requested data -WARNING: translation string unused: reserved dst port -WARNING: translation string unused: reserved src port WARNING: translation string unused: restore hardware settings WARNING: translation string unused: root WARNING: translation string unused: root path WARNING: translation string unused: root user password WARNING: translation string unused: route subnet is invalid WARNING: translation string unused: router ip -WARNING: translation string unused: rsvd dst port overlap -WARNING: translation string unused: rsvd src port overlap WARNING: translation string unused: rules already up to date WARNING: translation string unused: safe removal of umounted device WARNING: translation string unused: save error @@ -556,6 +551,7 @@ WARNING: translation string unused: use dov WARNING: translation string unused: use ibod WARNING: translation string unused: view log WARNING: translation string unused: vpn aggrmode +WARNING: translation string unused: vpn configuration main WARNING: translation string unused: vpn incompatible use of defaultroute WARNING: translation string unused: vpn mtu invalid WARNING: translation string unused: vpn on blue @@ -628,6 +624,9 @@ WARNING: untranslated string: countrycode WARNING: untranslated string: dead peer detection WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: details +WARNING: untranslated string: dh +WARNING: untranslated string: dh key warn +WARNING: untranslated string: dh name is invalid WARNING: untranslated string: dnat address WARNING: untranslated string: dns servers WARNING: untranslated string: dnsforward @@ -812,6 +811,8 @@ WARNING: untranslated string: fwhost stdnet WARNING: untranslated string: fwhost type WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome +WARNING: untranslated string: gen dh +WARNING: untranslated string: generate dh key WARNING: untranslated string: grouptype WARNING: untranslated string: hardware support WARNING: untranslated string: integrity @@ -828,6 +829,7 @@ WARNING: untranslated string: minimum WARNING: untranslated string: minute WARNING: untranslated string: most preferred WARNING: untranslated string: no hardware random number generator +WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice WARNING: untranslated string: openvpn default WARNING: untranslated string: openvpn destination port used @@ -841,8 +843,14 @@ WARNING: untranslated string: openvpn subnet is used WARNING: untranslated string: other WARNING: untranslated string: outgoing firewall p2p allow WARNING: untranslated string: outgoing firewall p2p deny +WARNING: untranslated string: ovpn crypt options +WARNING: untranslated string: ovpn dh +WARNING: untranslated string: ovpn dh name WARNING: untranslated string: ovpn errmsg green already pushed WARNING: untranslated string: ovpn errmsg invalid ip or mask +WARNING: untranslated string: ovpn generating the root and host certificates +WARNING: untranslated string: ovpn ha +WARNING: untranslated string: ovpn hmac WARNING: untranslated string: ovpn mgmt in root range WARNING: untranslated string: ovpn mtu-disc WARNING: untranslated string: ovpn mtu-disc and mtu not 1500 @@ -870,6 +878,7 @@ WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table WARNING: untranslated string: server restart +WARNING: untranslated string: show dh WARNING: untranslated string: snat new source ip address WARNING: untranslated string: ssh WARNING: untranslated string: static routes @@ -926,6 +935,7 @@ WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes WARNING: untranslated string: uplink +WARNING: untranslated string: upload dh key WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: visit us at diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 7085978c7..c62c6fb74 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -380,7 +380,6 @@ WARNING: translation string unused: outgoing firewall reset WARNING: translation string unused: outgoing firewall view group WARNING: translation string unused: outgoing firewall warning WARNING: translation string unused: override mtu -WARNING: translation string unused: ovpn WARNING: translation string unused: ovpn config WARNING: translation string unused: ovpn dl WARNING: translation string unused: ovpn log @@ -431,16 +430,12 @@ WARNING: translation string unused: released WARNING: translation string unused: removable device advice WARNING: translation string unused: reportfile WARNING: translation string unused: requested data -WARNING: translation string unused: reserved dst port -WARNING: translation string unused: reserved src port WARNING: translation string unused: restore hardware settings WARNING: translation string unused: root WARNING: translation string unused: root path WARNING: translation string unused: root user password WARNING: translation string unused: route subnet is invalid WARNING: translation string unused: router ip -WARNING: translation string unused: rsvd dst port overlap -WARNING: translation string unused: rsvd src port overlap WARNING: translation string unused: rules already up to date WARNING: translation string unused: safe removal of umounted device WARNING: translation string unused: save error @@ -569,6 +564,7 @@ WARNING: translation string unused: use dov WARNING: translation string unused: use ibod WARNING: translation string unused: view log WARNING: translation string unused: vpn aggrmode +WARNING: translation string unused: vpn configuration main WARNING: translation string unused: vpn incompatible use of defaultroute WARNING: translation string unused: vpn mtu invalid WARNING: translation string unused: vpn on blue @@ -638,6 +634,9 @@ WARNING: untranslated string: countrycode WARNING: untranslated string: dead peer detection WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: details +WARNING: untranslated string: dh +WARNING: untranslated string: dh key warn +WARNING: untranslated string: dh name is invalid WARNING: untranslated string: dnat address WARNING: untranslated string: dns address deleted txt WARNING: untranslated string: dns servers @@ -823,6 +822,8 @@ WARNING: untranslated string: fwhost stdnet WARNING: untranslated string: fwhost type WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome +WARNING: untranslated string: gen dh +WARNING: untranslated string: generate dh key WARNING: untranslated string: grouptype WARNING: untranslated string: hardware support WARNING: untranslated string: integrity @@ -839,6 +840,7 @@ WARNING: untranslated string: minimum WARNING: untranslated string: minute WARNING: untranslated string: most preferred WARNING: untranslated string: no hardware random number generator +WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice WARNING: untranslated string: ntp common settings WARNING: untranslated string: ntp sync @@ -852,6 +854,12 @@ WARNING: untranslated string: openvpn prefix openvpn subnet WARNING: untranslated string: openvpn prefix remote subnet WARNING: untranslated string: openvpn subnet is used WARNING: untranslated string: other +WARNING: untranslated string: ovpn crypt options +WARNING: untranslated string: ovpn dh +WARNING: untranslated string: ovpn dh name +WARNING: untranslated string: ovpn generating the root and host certificates +WARNING: untranslated string: ovpn ha +WARNING: untranslated string: ovpn hmac WARNING: untranslated string: ovpn mgmt in root range WARNING: untranslated string: ovpn mtu-disc WARNING: untranslated string: ovpn mtu-disc and mtu not 1500 @@ -877,6 +885,7 @@ WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table WARNING: untranslated string: server restart +WARNING: untranslated string: show dh WARNING: untranslated string: snat new source ip address WARNING: untranslated string: snort working WARNING: untranslated string: ssh @@ -934,6 +943,7 @@ WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes WARNING: untranslated string: uplink +WARNING: untranslated string: upload dh key WARNING: untranslated string: upload new ruleset WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter file ext block diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 695bcc01f..4061147c0 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -385,7 +385,6 @@ WARNING: translation string unused: outgoing firewall reset WARNING: translation string unused: outgoing firewall view group WARNING: translation string unused: outgoing firewall warning WARNING: translation string unused: override mtu -WARNING: translation string unused: ovpn WARNING: translation string unused: ovpn config WARNING: translation string unused: ovpn dl WARNING: translation string unused: ovpn log @@ -436,16 +435,12 @@ WARNING: translation string unused: released WARNING: translation string unused: removable device advice WARNING: translation string unused: reportfile WARNING: translation string unused: requested data -WARNING: translation string unused: reserved dst port -WARNING: translation string unused: reserved src port WARNING: translation string unused: restore hardware settings WARNING: translation string unused: root WARNING: translation string unused: root path WARNING: translation string unused: root user password WARNING: translation string unused: route subnet is invalid WARNING: translation string unused: router ip -WARNING: translation string unused: rsvd dst port overlap -WARNING: translation string unused: rsvd src port overlap WARNING: translation string unused: rules already up to date WARNING: translation string unused: safe removal of umounted device WARNING: translation string unused: save error @@ -572,6 +567,7 @@ WARNING: translation string unused: use dov WARNING: translation string unused: use ibod WARNING: translation string unused: view log WARNING: translation string unused: vpn aggrmode +WARNING: translation string unused: vpn configuration main WARNING: translation string unused: vpn incompatible use of defaultroute WARNING: translation string unused: vpn mtu invalid WARNING: translation string unused: vpn on blue @@ -604,6 +600,9 @@ WARNING: untranslated string: country codes and flags WARNING: untranslated string: countrycode WARNING: untranslated string: dead peer detection WARNING: untranslated string: details +WARNING: untranslated string: dh +WARNING: untranslated string: dh key warn +WARNING: untranslated string: dh name is invalid WARNING: untranslated string: dnat address WARNING: untranslated string: dns servers WARNING: untranslated string: dnsforward @@ -770,6 +769,8 @@ WARNING: untranslated string: fwhost stdnet WARNING: untranslated string: fwhost type WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome +WARNING: untranslated string: gen dh +WARNING: untranslated string: generate dh key WARNING: untranslated string: grouptype WARNING: untranslated string: hardware support WARNING: untranslated string: integrity @@ -785,8 +786,15 @@ WARNING: untranslated string: maximum WARNING: untranslated string: minimum WARNING: untranslated string: most preferred WARNING: untranslated string: no hardware random number generator +WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice WARNING: untranslated string: openvpn network +WARNING: untranslated string: ovpn crypt options +WARNING: untranslated string: ovpn dh +WARNING: untranslated string: ovpn dh name +WARNING: untranslated string: ovpn generating the root and host certificates +WARNING: untranslated string: ovpn ha +WARNING: untranslated string: ovpn hmac WARNING: untranslated string: ovpn mgmt in root range WARNING: untranslated string: ovpn no connections WARNING: untranslated string: ovpn port in root range @@ -798,6 +806,7 @@ WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: show dh WARNING: untranslated string: snat new source ip address WARNING: untranslated string: ssh WARNING: untranslated string: support donation @@ -852,6 +861,7 @@ WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes WARNING: untranslated string: uplink +WARNING: untranslated string: upload dh key WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: wlan client diff --git a/doc/language_issues.pl b/doc/language_issues.pl index ab8dea730..e32468403 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -369,7 +369,6 @@ WARNING: translation string unused: outgoing firewall p2p description WARNING: translation string unused: outgoing firewall reset WARNING: translation string unused: outgoing firewall warning WARNING: translation string unused: override mtu -WARNING: translation string unused: ovpn WARNING: translation string unused: ovpn config WARNING: translation string unused: ovpn dl WARNING: translation string unused: ovpn log @@ -420,16 +419,12 @@ WARNING: translation string unused: released WARNING: translation string unused: removable device advice WARNING: translation string unused: reportfile WARNING: translation string unused: requested data -WARNING: translation string unused: reserved dst port -WARNING: translation string unused: reserved src port WARNING: translation string unused: restore hardware settings WARNING: translation string unused: root WARNING: translation string unused: root path WARNING: translation string unused: root user password WARNING: translation string unused: route subnet is invalid WARNING: translation string unused: router ip -WARNING: translation string unused: rsvd dst port overlap -WARNING: translation string unused: rsvd src port overlap WARNING: translation string unused: rules already up to date WARNING: translation string unused: safe removal of umounted device WARNING: translation string unused: save error @@ -556,6 +551,7 @@ WARNING: translation string unused: use dov WARNING: translation string unused: use ibod WARNING: translation string unused: view log WARNING: translation string unused: vpn aggrmode +WARNING: translation string unused: vpn configuration main WARNING: translation string unused: vpn incompatible use of defaultroute WARNING: translation string unused: vpn mtu invalid WARNING: translation string unused: vpn on blue @@ -628,6 +624,9 @@ WARNING: untranslated string: countrycode WARNING: untranslated string: dead peer detection WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: details +WARNING: untranslated string: dh +WARNING: untranslated string: dh key warn +WARNING: untranslated string: dh name is invalid WARNING: untranslated string: dnat address WARNING: untranslated string: dns servers WARNING: untranslated string: dnsforward @@ -812,6 +811,8 @@ WARNING: untranslated string: fwhost stdnet WARNING: untranslated string: fwhost type WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome +WARNING: untranslated string: gen dh +WARNING: untranslated string: generate dh key WARNING: untranslated string: grouptype WARNING: untranslated string: hardware support WARNING: untranslated string: integrity @@ -828,6 +829,7 @@ WARNING: untranslated string: minimum WARNING: untranslated string: minute WARNING: untranslated string: most preferred WARNING: untranslated string: no hardware random number generator +WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice WARNING: untranslated string: openvpn default WARNING: untranslated string: openvpn destination port used @@ -841,8 +843,14 @@ WARNING: untranslated string: openvpn subnet is used WARNING: untranslated string: other WARNING: untranslated string: outgoing firewall p2p allow WARNING: untranslated string: outgoing firewall p2p deny +WARNING: untranslated string: ovpn crypt options +WARNING: untranslated string: ovpn dh +WARNING: untranslated string: ovpn dh name WARNING: untranslated string: ovpn errmsg green already pushed WARNING: untranslated string: ovpn errmsg invalid ip or mask +WARNING: untranslated string: ovpn generating the root and host certificates +WARNING: untranslated string: ovpn ha +WARNING: untranslated string: ovpn hmac WARNING: untranslated string: ovpn mgmt in root range WARNING: untranslated string: ovpn mtu-disc WARNING: untranslated string: ovpn mtu-disc and mtu not 1500 @@ -870,6 +878,7 @@ WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table WARNING: untranslated string: server restart +WARNING: untranslated string: show dh WARNING: untranslated string: snat new source ip address WARNING: untranslated string: ssh WARNING: untranslated string: static routes @@ -926,6 +935,7 @@ WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes WARNING: untranslated string: uplink +WARNING: untranslated string: upload dh key WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: visit us at diff --git a/doc/language_issues.ru b/doc/language_issues.ru index f7ee8449c..bf6f61f09 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -374,7 +374,6 @@ WARNING: translation string unused: outgoing firewall reset WARNING: translation string unused: outgoing firewall view group WARNING: translation string unused: outgoing firewall warning WARNING: translation string unused: override mtu -WARNING: translation string unused: ovpn WARNING: translation string unused: ovpn config WARNING: translation string unused: ovpn dl WARNING: translation string unused: ovpn log @@ -425,16 +424,12 @@ WARNING: translation string unused: released WARNING: translation string unused: removable device advice WARNING: translation string unused: reportfile WARNING: translation string unused: requested data -WARNING: translation string unused: reserved dst port -WARNING: translation string unused: reserved src port WARNING: translation string unused: restore hardware settings WARNING: translation string unused: root WARNING: translation string unused: root path WARNING: translation string unused: root user password WARNING: translation string unused: route subnet is invalid WARNING: translation string unused: router ip -WARNING: translation string unused: rsvd dst port overlap -WARNING: translation string unused: rsvd src port overlap WARNING: translation string unused: rules already up to date WARNING: translation string unused: safe removal of umounted device WARNING: translation string unused: save error @@ -561,6 +556,7 @@ WARNING: translation string unused: use dov WARNING: translation string unused: use ibod WARNING: translation string unused: view log WARNING: translation string unused: vpn aggrmode +WARNING: translation string unused: vpn configuration main WARNING: translation string unused: vpn incompatible use of defaultroute WARNING: translation string unused: vpn mtu invalid WARNING: translation string unused: vpn on blue @@ -632,6 +628,9 @@ WARNING: untranslated string: countrycode WARNING: untranslated string: dead peer detection WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: details +WARNING: untranslated string: dh +WARNING: untranslated string: dh key warn +WARNING: untranslated string: dh name is invalid WARNING: untranslated string: disk access per WARNING: untranslated string: dnat address WARNING: untranslated string: dns servers @@ -807,6 +806,8 @@ WARNING: untranslated string: fwhost stdnet WARNING: untranslated string: fwhost type WARNING: untranslated string: fwhost used WARNING: untranslated string: fwhost welcome +WARNING: untranslated string: gen dh +WARNING: untranslated string: generate dh key WARNING: untranslated string: grouptype WARNING: untranslated string: hardware support WARNING: untranslated string: incoming traffic in bytes per second @@ -824,6 +825,7 @@ WARNING: untranslated string: minimum WARNING: untranslated string: minute WARNING: untranslated string: most preferred WARNING: untranslated string: no hardware random number generator +WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice WARNING: untranslated string: openvpn default WARNING: untranslated string: openvpn destination port used @@ -836,6 +838,12 @@ WARNING: untranslated string: openvpn prefix remote subnet WARNING: untranslated string: openvpn subnet is used WARNING: untranslated string: other WARNING: untranslated string: outgoing traffic in bytes per second +WARNING: untranslated string: ovpn crypt options +WARNING: untranslated string: ovpn dh +WARNING: untranslated string: ovpn dh name +WARNING: untranslated string: ovpn generating the root and host certificates +WARNING: untranslated string: ovpn ha +WARNING: untranslated string: ovpn hmac WARNING: untranslated string: ovpn mgmt in root range WARNING: untranslated string: ovpn mtu-disc WARNING: untranslated string: ovpn mtu-disc and mtu not 1500 @@ -860,6 +868,7 @@ WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table WARNING: untranslated string: server restart +WARNING: untranslated string: show dh WARNING: untranslated string: snat new source ip address WARNING: untranslated string: ssh WARNING: untranslated string: static routes @@ -915,6 +924,7 @@ WARNING: untranslated string: tor traffic limit soft WARNING: untranslated string: tor traffic read written WARNING: untranslated string: tor use exit nodes WARNING: untranslated string: uplink +WARNING: untranslated string: upload dh key WARNING: untranslated string: uptime load average WARNING: untranslated string: urlfilter redirect template WARNING: untranslated string: visit us at diff --git a/doc/language_issues.tr b/doc/language_issues.tr index f7c94029d..c897378a7 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -425,7 +425,6 @@ WARNING: translation string unused: outgoing firewall reset WARNING: translation string unused: outgoing firewall view group WARNING: translation string unused: outgoing firewall warning WARNING: translation string unused: override mtu -WARNING: translation string unused: ovpn WARNING: translation string unused: ovpn config WARNING: translation string unused: ovpn dl WARNING: translation string unused: ovpn log @@ -476,16 +475,12 @@ WARNING: translation string unused: released WARNING: translation string unused: removable device advice WARNING: translation string unused: reportfile WARNING: translation string unused: requested data -WARNING: translation string unused: reserved dst port -WARNING: translation string unused: reserved src port WARNING: translation string unused: restore hardware settings WARNING: translation string unused: root WARNING: translation string unused: root path WARNING: translation string unused: root user password WARNING: translation string unused: route subnet is invalid WARNING: translation string unused: router ip -WARNING: translation string unused: rsvd dst port overlap -WARNING: translation string unused: rsvd src port overlap WARNING: translation string unused: rules already up to date WARNING: translation string unused: safe removal of umounted device WARNING: translation string unused: save error @@ -622,6 +617,7 @@ WARNING: translation string unused: use dov WARNING: translation string unused: use ibod WARNING: translation string unused: view log WARNING: translation string unused: vpn aggrmode +WARNING: translation string unused: vpn configuration main WARNING: translation string unused: vpn incompatible use of defaultroute WARNING: translation string unused: vpn mtu invalid WARNING: translation string unused: vpn on blue @@ -647,17 +643,31 @@ WARNING: untranslated string: countries WARNING: untranslated string: country codes and flags WARNING: untranslated string: countrycode WARNING: untranslated string: details +WARNING: untranslated string: dh +WARNING: untranslated string: dh key warn +WARNING: untranslated string: dh name is invalid WARNING: untranslated string: drop outgoing WARNING: untranslated string: entropy graphs WARNING: untranslated string: flag WARNING: untranslated string: fwdfw warn1 WARNING: untranslated string: fwhost err hostip +WARNING: untranslated string: gen dh +WARNING: untranslated string: generate dh key WARNING: untranslated string: hardware support WARNING: untranslated string: last WARNING: untranslated string: no hardware random number generator +WARNING: untranslated string: not a valid dh key +WARNING: untranslated string: ovpn crypt options +WARNING: untranslated string: ovpn dh +WARNING: untranslated string: ovpn dh name +WARNING: untranslated string: ovpn generating the root and host certificates +WARNING: untranslated string: ovpn ha +WARNING: untranslated string: ovpn hmac WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: show dh WARNING: untranslated string: system has hwrng WARNING: untranslated string: system has rdrand +WARNING: untranslated string: upload dh key diff --git a/doc/language_missings b/doc/language_missings index 5530615ba..6d71db20c 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -72,6 +72,9 @@ < default ip < deprecated fs warn < details +< dh +< dh key warn +< dh name is invalid < dnat address < dns address deleted txt < dnsforward @@ -81,8 +84,6 @@ < dnsforward entries < dnsforward forward_server < dnsforward zone -< dns servers -< downlink < dpd delay < dpd timeout < drop action @@ -111,7 +112,6 @@ < fireinfo why read more < fireinfo your profile id < firewall rules -< first < flag < forward firewall < fw default drop @@ -288,6 +288,8 @@ < fw settings dropdown < fw settings remark < fw settings ruletable +< gen dh +< generate dh key < grouptype < hardware support < integrity @@ -296,7 +298,6 @@ < ipsec < ipsec network < ipsec no connections -< last < least preferred < lifetime < mac filter @@ -306,7 +307,9 @@ < minimum < minute < most preferred +< never < no hardware random number generator +< not a valid dh key < notice < ntp common settings < ntp sync @@ -323,6 +326,13 @@ < openvpn subnet is used < other < our donors +< ovpn crypt options +< ovpn dh +< ovpn dh name +< ovpn engines +< ovpn generating the root and host certificates +< ovpn ha +< ovpn hmac < ovpn mgmt in root range < ovpn mtu-disc < ovpn mtu-disc and mtu not 1500 @@ -333,6 +343,7 @@ < ovpn mtu-disc yes < ovpn no connections < ovpn port in root range +< ovpn reneg sec < p2p block < p2p block save notice < proxy reports @@ -343,6 +354,7 @@ < qos enter bandwidths < red1 < server restart +< show dh < snat new source ip address < snort working < ssh @@ -406,7 +418,7 @@ < tor use exit nodes < updxlrtr sources < updxlrtr standard view -< uplink +< upload dh key < upload new ruleset < uptime < uptime load average @@ -534,6 +546,9 @@ < default ip < deprecated fs warn < details +< dh +< dh key warn +< dh name is invalid < dnat address < dnsforward < dnsforward add a new entry @@ -542,8 +557,6 @@ < dnsforward entries < dnsforward forward_server < dnsforward zone -< dns servers -< downlink < dpd delay < dpd timeout < drop action @@ -572,7 +585,6 @@ < fireinfo why read more < fireinfo your profile id < firewall rules -< first < flag < forward firewall < fw default drop @@ -749,6 +761,8 @@ < fw settings dropdown < fw settings remark < fw settings ruletable +< gen dh +< generate dh key < grouptype < hardware support < integrity @@ -757,7 +771,6 @@ < ipsec < ipsec network < ipsec no connections -< last < least preferred < lifetime < mac filter @@ -767,7 +780,9 @@ < minimum < minute < most preferred +< never < no hardware random number generator +< not a valid dh key < notice < openvpn default < openvpn destination port used @@ -796,8 +811,15 @@ < outgoing firewall p2p description 2 < outgoing firewall p2p description 3 < outgoing firewall view group +< ovpn crypt options +< ovpn dh +< ovpn dh name +< ovpn engines < ovpn errmsg green already pushed < ovpn errmsg invalid ip or mask +< ovpn generating the root and host certificates +< ovpn ha +< ovpn hmac < ovpn mgmt in root range < ovpn mtu-disc < ovpn mtu-disc and mtu not 1500 @@ -808,6 +830,7 @@ < ovpn mtu-disc yes < ovpn no connections < ovpn port in root range +< ovpn reneg sec < ovpn routes push < ovpn routes push options < p2p block @@ -821,6 +844,7 @@ < red1 < server restart < Set time on boot +< show dh < snat new source ip address < ssh < static routes @@ -883,7 +907,7 @@ < tor use exit nodes < updxlrtr sources < updxlrtr standard view -< uplink +< upload dh key < uptime < uptime load average < urlfilter redirect template @@ -987,6 +1011,9 @@ < default ip < deprecated fs warn < details +< dh +< dh key warn +< dh name is invalid < dnat address < dnsforward < dnsforward add a new entry @@ -995,8 +1022,6 @@ < dnsforward entries < dnsforward forward_server < dnsforward zone -< dns servers -< downlink < dpd delay < dpd timeout < drop action @@ -1017,7 +1042,6 @@ < extrahd unable to write < extrahd you cant mount < firewall rules -< first < flag < forward firewall < fw default drop @@ -1194,6 +1218,8 @@ < fw settings dropdown < fw settings remark < fw settings ruletable +< gen dh +< generate dh key < grouptype < hardware support < integrity @@ -1202,7 +1228,6 @@ < ipsec < ipsec network < ipsec no connections -< last < least preferred < lifetime < mac filter @@ -1212,7 +1237,9 @@ < minimum < minute < most preferred +< never < no hardware random number generator +< not a valid dh key < notice < openvpn default < openvpn destination port used @@ -1227,8 +1254,15 @@ < openvpn subnet is used < other < our donors +< ovpn crypt options +< ovpn dh +< ovpn dh name +< ovpn engines < ovpn errmsg green already pushed < ovpn errmsg invalid ip or mask +< ovpn generating the root and host certificates +< ovpn ha +< ovpn hmac < ovpn mgmt in root range < ovpn mtu-disc < ovpn mtu-disc and mtu not 1500 @@ -1239,6 +1273,7 @@ < ovpn mtu-disc yes < ovpn no connections < ovpn port in root range +< ovpn reneg sec < ovpn routes push < ovpn routes push options < p2p block @@ -1251,6 +1286,7 @@ < qos enter bandwidths < red1 < server restart +< show dh < snat new source ip address < ssh < static routes @@ -1312,7 +1348,7 @@ < tor use exit nodes < updxlrtr sources < updxlrtr standard view -< uplink +< upload dh key < uptime < uptime load average < urlfilter redirect template @@ -1418,6 +1454,9 @@ < default ip < deprecated fs warn < details +< dh +< dh key warn +< dh name is invalid < disk access per < dnat address < dnsforward @@ -1427,8 +1466,6 @@ < dnsforward entries < dnsforward forward_server < dnsforward zone -< dns servers -< downlink < dpd delay < dpd timeout < drop action @@ -1450,7 +1487,6 @@ < extrahd unable to write < extrahd you cant mount < firewall rules -< first < flag < forward firewall < frequency @@ -1628,6 +1664,8 @@ < fw settings dropdown < fw settings remark < fw settings ruletable +< gen dh +< generate dh key < grouptype < hardware support < hour-graph @@ -1638,7 +1676,6 @@ < ipsec < ipsec network < ipsec no connections -< last < least preferred < lifetime < mac filter @@ -1649,7 +1686,9 @@ < minute < month-graph < most preferred +< never < no hardware random number generator +< not a valid dh key < notice < openvpn default < openvpn destination port used @@ -1665,6 +1704,13 @@ < other < our donors < outgoing traffic in bytes per second +< ovpn crypt options +< ovpn dh +< ovpn dh name +< ovpn engines +< ovpn generating the root and host certificates +< ovpn ha +< ovpn hmac < ovpn mgmt in root range < ovpn mtu-disc < ovpn mtu-disc and mtu not 1500 @@ -1675,6 +1721,7 @@ < ovpn mtu-disc yes < ovpn no connections < ovpn port in root range +< ovpn reneg sec < p2p block < p2p block save notice < proxy reports @@ -1685,6 +1732,7 @@ < qos enter bandwidths < red1 < server restart +< show dh < snat new source ip address < ssh < static routes @@ -1746,7 +1794,7 @@ < tor use exit nodes < updxlrtr sources < updxlrtr standard view -< uplink +< upload dh key < uptime < uptime load average < urlfilter redirect template diff --git a/html/cgi-bin/logs.cgi/firewalllogcountry.dat b/html/cgi-bin/logs.cgi/firewalllogcountry.dat new file mode 100644 index 000000000..af1427908 --- /dev/null +++ b/html/cgi-bin/logs.cgi/firewalllogcountry.dat @@ -0,0 +1,523 @@ +#!/usr/bin/perl +# +# SmoothWall CGIs +# +# This code is distributed under the terms of the GPL +# +# JC HERITIER +# page inspired from the initial firewalllog.dat +# +# Modified for IPFire by Christian Schmidt +# and Michael Tremer (www.ipfire.org) + +use strict; +use Geo::IP::PurePerl; +use Getopt::Std; + +# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +use POSIX(); + +my %cgiparams=(); +my %settings=(); +my $pienumber; +my $otherspie; +my $showpie; +my $sortcolumn; +my $errormessage = ''; + +$cgiparams{'pienumber'} = 10; +$cgiparams{'otherspie'} = 1; +$cgiparams{'showpie'} = 1; +$cgiparams{'sortcolumn'} = 1; + +my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', + 'Sep', 'Oct', 'Nov', 'Dec' ); +my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, + $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, + $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, + $Lang::tr{'december'} ); + +my @now = localtime(); +my $dow = $now[6]; +my $doy = $now[7]; +my $tdoy = $now[7]; +my $year = $now[5]+1900; + +$cgiparams{'DAY'} = $now[3]; +$cgiparams{'MONTH'} = $now[4]; +$cgiparams{'ACTION'} = ''; + +&General::readhash("${General::swroot}/fwlogs/ipsettings", \%settings); +if ($settings{'pienumber'} != 0) { $cgiparams{'pienumber'} = $settings{'pienumber'} }; +if ($settings{'otherspie'} != 0) { $cgiparams{'otherspie'} = $settings{'otherspie'} }; +if ($settings{'showpie'} != 0) { $cgiparams{'showpie'} = $settings{'showpie'} }; +if ($settings{'sortcolumn'} != 0) { $cgiparams{'sortcolumn'} = $settings{'sortcolumn'} }; + +&Header::getcgihash(\%cgiparams); +if ($cgiparams{'pienumber'} != 0) { $settings{'pienumber'} = $cgiparams{'pienumber'} }; +if ($cgiparams{'otherspie'} != 0) { $settings{'otherspie'} = $cgiparams{'otherspie'} }; +if ($cgiparams{'showpie'} != 0) { $settings{'showpie'} = $cgiparams{'showpie'} }; +if ($cgiparams{'sortcolumn'} != 0) { $settings{'sortcolumn'} = $cgiparams{'sortcolumn'} }; + +if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) +{ + &General::writehash("${General::swroot}/fwlogs/ipsettings", \%settings); +} + +my $start = -1; +if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) +{ + my @temp = split(',',$ENV{'QUERY_STRING'}); + $start = $temp[0]; + $cgiparams{'MONTH'} = $temp[1]; + $cgiparams{'DAY'} = $temp[2]; +} + +if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || + !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) +{ + $cgiparams{'DAY'} = $now[3]; + $cgiparams{'MONTH'} = $now[4]; +} +elsif($cgiparams{'ACTION'} eq '>>') +{ + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); + ## Retrieve the same time on the next day - + ## 86400 seconds in a day + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; +} +elsif($cgiparams{'ACTION'} eq '<<') +{ + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); + ## Retrieve the same time on the previous day - + ## 86400 seconds in a day + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; +} + +if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4])) +{ + my @then = (); + if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || + ( $cgiparams{'MONTH'} > $now[4] ) ) { + @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); + } else { + @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); + } + $tdoy = $then[7]; + my $lastleap=($year-1)%4; + if ($tdoy>$doy) { + if ($lastleap == 0 && $tdoy < 60) { + $doy=$tdoy+366; + } else { + $doy=$doy+365; + } + } +} + +my $datediff=0; +my $dowd=0; +my $multifile=0; +if ($tdoy ne $doy) { + $datediff=int(($doy-$tdoy)/7); + $dowd=($doy-$tdoy)%7; + if (($dow-$dowd)<1) { + $datediff=$datediff+1; + } + if (($dow-$dowd)==0) { + $multifile=1; + } +} + +my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; +my $longmonthstr = $longmonths[$cgiparams{'MONTH'}]; +my $day = $cgiparams{'DAY'}; +my $daystr=''; +if ($day <= 9) { + $daystr = " $day"; } +else { + $daystr = $day; +} + +my $skip=0; +my $filestr=''; +if ($datediff==0) { + $filestr="/var/log/messages"; +} else { + $filestr="/var/log/messages.$datediff"; + $filestr = "$filestr.gz" if -f "$filestr.gz"; +} + +if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { + $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; + $skip=1; + # Note: This is in case the log does not exist for that date +} +my $lines = 0; +my @log=(); + +if (!$skip) +{ + while () + { + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { + $log[$lines] = $_; + $lines++; + } + } + close (FILE); +} + +$skip=0; +if ($multifile) { + $datediff=$datediff-1; + if ($datediff==0) { + $filestr="/var/log/messages"; + } else { + $filestr="/var/log/messages.$datediff"; + $filestr = "$filestr.gz" if -f "$filestr.gz"; + } + if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { + $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; + $skip=1; + } + if (!$skip) { + while () { + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { + $log[$lines] = $_; + $lines++; + } + } + close (FILE); + } +} + +my $MODNAME="fwlogs"; + +&Header::showhttpheaders(); +&Header::openpage($Lang::tr{'firewall log'}, 1, ''); +&Header::openbigbox('100%', 'left', '', $errormessage); + + +if ($errormessage) { + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "$errormessage \n"; + &Header::closebox(); +} + +&Header::openbox('100%', 'left', "$Lang::tr{'settings'}"); + +print < + + + + + + + + + + + + + + + +
$Lang::tr{'month'}:  +  $Lang::tr{'day'}:  +
$Lang::tr{'Number of Countries for the pie chart'}:
+ +END +; + +&Header::closebox(); + +&Header::openbox('100%', 'left', 'Firewall Logs'); +print "

$Lang::tr{'firewall hits'} $longmonthstr $daystr: $lines

"; + +my $linesjc = 0; +my %tabjc; +my $gi = Geo::IP::PurePerl->new(); + +if ($pienumber == -1 || $pienumber > $lines || $sortcolumn == 2) { $pienumber = $lines; }; +$lines = 0; +foreach $_ (@log) +{ + /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; + my $packet = $4; + $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";} + $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1; + + if($iface eq 'red0') { + if($srcaddr ne '') { + my $ccode = $gi->country_code_by_name($srcaddr); + if( $ccode eq '') { + $ccode = 'unknown'; + } + $tabjc{$ccode} = $tabjc{$ccode} + 1 ; + if(($tabjc{$ccode} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } + $linesjc++; + } + } + else { + if($iface ne '') { + $tabjc{$iface} = $tabjc{$iface} + 1 ; + if(($tabjc{$iface} == 1) && ($lines < $pienumber)) { $lines = $lines + 1; } + $linesjc++; + } + } +} + +$pienumber = $lines; + +my @keytabjc = keys %tabjc; + +my @slice; +my $go; +my $nblinejc; + +if( $cgiparams{'linejc'} eq 'all' ){ $nblinejc = $linesjc; $go=1; } +if( ($cgiparams{'linejc'} != 0) && ($cgiparams{'linejc'} ne 'all') ){ $nblinejc = $cgiparams{'linejc'}; $go=1;} +if( $go != 1){ $nblinejc = 1000; } + +my @key; +my @value; +my $indice=0; +my @tabjc2; + +if ($sortcolumn == 1) +{ + @tabjc2 = sort { $b <=> $a } values (%tabjc); +} +else +{ + @tabjc2 = sort { $a <=> $b } keys (%tabjc); +} + +my $colour=1; + +############################################## +#pie chart generation +use GD::Graph::pie; +use GD::Graph::colour; +#ips sort by hits number +my $v; + +if ($sortcolumn == 1) +{ + for ($v=0;$v<$pienumber;$v++){ + findkey($tabjc2[$v]); + } +} +else +{ + foreach $v (@tabjc2) { + $key[$indice] = $v; + $value[$indice] = $tabjc{$v}; + $indice++; + } +} + +my @ips; +my @numb; + +@ips = @key; +@numb = @value; + +my $o; + +if($cgiparams{'otherspie'} == 2 ){} +else{ + my $numothers; + for($o=0;$o<$pienumber;$o++){ + $numothers = $numothers + $numb[$o]; + } + $numothers = $linesjc - $numothers; + if ($numothers > 0) { + $ips[$pienumber]="$Lang::tr{'otherip'}"; + $numb[$pienumber] = $numothers; + } +} + +my @data = (\@ips,\@numb); +use GD::Graph::colour qw( :files ); + +my $color=0; +my %color = (); +my %mainsettings = (); +&General::readhash("${General::swroot}/main/settings", \%mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color); + +if ($showpie != 2 && $pienumber <= 50 && $pienumber != 0) { + my $mygraph = GD::Graph::pie->new(500, 350); + $mygraph->set( + 'title' => '', + 'pie_height' => 50, + 'start_angle' => 89 + ) or warn $mygraph->error; + + $mygraph->set_value_font(GD::gdMediumBoldFont); + $mygraph->set( dclrs => [ "$color{'color1'}" , "$color{'color2'}" , "$color{'color3'}" , "$color{'color4'}" , "$color{'color5'}" , "$color{'color6'}" , "$color{'color7'}" , "$color{'color8'}" , "$color{'color9'}" , "$color{'color10'}" ] ); + my $myimage = $mygraph->plot(\@data) or die $mygraph->error; + + my @filenames = glob("/srv/web/ipfire/html/graphs/fwlog-country*.png"); + unlink(@filenames); + my $imagerandom = rand(1000000); + my $imagename = "/srv/web/ipfire/html/graphs/fwlog-country$imagerandom.png"; + open(FILE,">$imagename"); + print FILE $myimage->png; + close(FILE); + ##################################################### + print "
"; + print ""; + print "
"; +} + +print < + + +$Lang::tr{'country'} +Count +$Lang::tr{'percentage'} + +END +; + +my $total=0; +my $show=0; + +my $s; +my $percent; +my $col=""; + +for($s=0;$s<$lines;$s++) +{ + $show++; + $percent = $value[$s] * 100 / $linesjc; + $percent = sprintf("%.f", $percent); + $total = $total + $value[$s]; + my $colorIndex = $color % 10; + if($colorIndex == 0) { + $colorIndex = 10; + } + $col="bgcolor='$color{\"color$colorIndex\"}'"; + $color++; + print ""; + + print "
"; + if($key[$s] eq 'blue0' || $key[$s] eq 'green0' || $key[$s] eq 'orange0') { + print "$key[$s]"; + } + else { + if($key[$s] ne 'unknown' ) { + my $fcode = lc($key[$s]); + print "$key[$s]";} + else { + print "$key[$s]"; + } + } + print "$value[$s]"; + print "$percent"; + print ""; +} + +if($cgiparams{'otherspie'} == 2 ){} +else{ + my $colorIndex = $color % 10; + if($colorIndex == 0) { + $colorIndex = 10; + } + $col="bgcolor='$color{\"color$colorIndex\"}'"; + print ""; + +if ( $linesjc ne "0") +{ +my $dif; +$dif = $linesjc - $total; +$percent = $dif * 100 / $linesjc; +$percent = sprintf("%.f", $percent); +print < +$Lang::tr{'other countries'} +$dif +$percent + +END +; +} +} +print < +END +; + +&Header::closebox(); +&Header::closebigbox(); +&Header::closepage(); + +sub findkey { + my $v; + foreach $v (@keytabjc) { + if ($tabjc{$v} eq $_[0]) { + delete $tabjc{$v}; + $key[$indice] = "$v"; + $value[$indice] = $_[0]; + $indice++; + last; + } + } +} +sub checkversion { + #Automatic Updates is disabled + return "0","0"; +} + diff --git a/html/cgi-bin/logs.cgi/showrequestfromcountry.dat b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat new file mode 100644 index 000000000..5283c426b --- /dev/null +++ b/html/cgi-bin/logs.cgi/showrequestfromcountry.dat @@ -0,0 +1,412 @@ +#!/usr/bin/perl +# SmoothWall CGIs +# +# This code is distributed under the terms of the GPL +# +# JC HERITIER +# page inspired from the initial firewalllog.dat +# +# Modified for IPFire by Christian Schmidt (www.ipfire.org) + +# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +#use strict; +use Geo::IP::PurePerl; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; + +use POSIX(); + +#workaround to suppress a warning when a variable is used only once +my @dummy = ( ${Header::table2colour} ); +undef (@dummy); + +my %cgiparams=(); +my %logsettings=(); +my $errormessage = ''; + +my @shortmonths = ( 'Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', + 'Sep', 'Oct', 'Nov', 'Dec' ); +my @longmonths = ( $Lang::tr{'january'}, $Lang::tr{'february'}, $Lang::tr{'march'}, + $Lang::tr{'april'}, $Lang::tr{'may'}, $Lang::tr{'june'}, $Lang::tr{'july'}, $Lang::tr{'august'}, + $Lang::tr{'september'}, $Lang::tr{'october'}, $Lang::tr{'november'}, + $Lang::tr{'december'} ); + +my @now = localtime(); +my $dow = $now[6]; +my $doy = $now[7]; +my $tdoy = $now[7]; +my $year = $now[5]+1900; + +$cgiparams{'DAY'} = $now[3]; +$cgiparams{'MONTH'} = $now[4]; +$cgiparams{'ACTION'} = ''; + +&Header::getcgihash(\%cgiparams); + +$logsettings{'LOGVIEW_REVERSE'} = 'off'; +&General::readhash("${General::swroot}/logging/settings", \%logsettings); + +my $start = -1; +if ($ENV{'QUERY_STRING'} && $cgiparams{'ACTION'} ne $Lang::tr{'update'}) +{ + my @temp = split(',',$ENV{'QUERY_STRING'}); + $start = $temp[0]; + $cgiparams{'MONTH'} = $temp[1]; + $cgiparams{'DAY'} = $temp[2]; + $cgiparams{country} = $temp[3]; +} + +if (!($cgiparams{'MONTH'} =~ /^(0|1|2|3|4|5|6|7|8|9|10|11)$/) || + !($cgiparams{'DAY'} =~ /^(1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31)$/)) +{ + $cgiparams{'DAY'} = $now[3]; + $cgiparams{'MONTH'} = $now[4]; +} +elsif($cgiparams{'ACTION'} eq '>>') +{ + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + @temp_then = localtime(POSIX::mktime(@temp_now) + 86400); + ## Retrieve the same time on the next day - + ## 86400 seconds in a day + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; +} +elsif($cgiparams{'ACTION'} eq '<<') +{ + my @temp_then=(); + my @temp_now = localtime(time); + $temp_now[4] = $cgiparams{'MONTH'}; + $temp_now[3] = $cgiparams{'DAY'}; + @temp_then = localtime(POSIX::mktime(@temp_now) - 86400); + ## Retrieve the same time on the previous day - + ## 86400 seconds in a day + $cgiparams{'MONTH'} = $temp_then[4]; + $cgiparams{'DAY'} = $temp_then[3]; +} + +if (($cgiparams{'DAY'} ne $now[3]) || ($cgiparams{'MONTH'} ne $now[4])) +{ + my @then = (); + if ( ( $cgiparams{'MONTH'} eq $now[4]) && ($cgiparams{'DAY'} > $now[3]) || + ( $cgiparams{'MONTH'} > $now[4] ) ) { + @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1901 )); + } else { + @then = localtime(POSIX::mktime( 0, 0, 0, $cgiparams{'DAY'}, $cgiparams{'MONTH'}, $year - 1900 )); + } + $tdoy = $then[7]; + my $lastleap=($year-1)%4; + if ($tdoy>$doy) { + if ($lastleap == 0 && $tdoy < 60) { + $doy=$tdoy+366; + } else { + $doy=$doy+365; + } + } +} +my $datediff=0; +my $dowd=0; +my $multifile=0; +if ($tdoy ne $doy) { + $datediff=int(($doy-$tdoy)/7); + $dowd=($doy-$tdoy)%7; + if (($dow-$dowd)<1) { + $datediff=$datediff+1; + } + if (($dow-$dowd)==0) { + $multifile=1; + } +} + +my $monthstr = $shortmonths[$cgiparams{'MONTH'}]; +my $longmonthstr = $longmonths[$cgiparams{'MONTH'}]; +my $day = $cgiparams{'DAY'}; +my $daystr=''; +if ($day <= 9) { + $daystr = " $day"; } +else { + $daystr = $day; +} + +my $skip=0; +my $filestr=''; +if ($datediff==0) { + $filestr="/var/log/messages"; +} else { + $filestr="/var/log/messages.$datediff"; + $filestr = "$filestr.gz" if -f "$filestr.gz"; +} + +if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { + $errormessage = "$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; + $skip=1; + # Note: This is in case the log does not exist for that date +} +my $lines = 0; +my @log=(); +my $country = $cgiparams{country}; +my $gi = Geo::IP::PurePerl->new(); + +if (!$skip) +{ + while () + { + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { + my $packet = $2; + $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";} + $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1; + + if($iface eq $country) { + $log[$lines] = $_; + $lines++; + } + elsif($srcaddr ne '') { + my $ccode = $gi->country_code_by_name($srcaddr); + if($ccode eq $country){ + $log[$lines] = $_; + $lines++; + } + } + } + } + close (FILE); +} + +$skip=0; +if ($multifile) { + $datediff=$datediff-1; + if ($datediff==0) { + $filestr="/var/log/messages"; + } else { + $filestr="/var/log/messages.$datediff"; + $filestr = "$filestr.gz" if -f "$filestr.gz"; + } + if (!(open (FILE,($filestr =~ /.gz$/ ? "gzip -dc $filestr |" : $filestr)))) { + $errormessage="$Lang::tr{'date not in logs'}: $filestr $Lang::tr{'could not be opened'}"; + $skip=1; + } + if (!$skip) { + while () { + if (/(^${monthstr} ${daystr} ..:..:..) [\w\-]+ kernel:.*(IN=.*)$/) { + if($_ =~ /SRC\=([\d\.]+)/){ + my $srcaddr=$1; + my $ccode = $gi->country_code_by_name($srcaddr); + if($ccode eq $country){ + $log[$lines] = $_; + $lines++; + } + } + } + } + close (FILE); + } +} + +&Header::showhttpheaders(); +&Header::openpage($Lang::tr{'firewall log'}, 1, ''); +&Header::openbigbox('100%', 'left', '', $errormessage); + +if ($errormessage) { + &Header::openbox('100%', 'left', $Lang::tr{'error messages'}); + print "$errormessage \n"; + &Header::closebox(); +} + +&Header::openbox('100%', 'left', "$Lang::tr{'settings'}:"); + +print < + + + + + + + + + + + +
$Lang::tr{'month'}:  +  $Lang::tr{'day'}:  +
$Lang::tr{'source ip country'}
+ +END +; + +&Header::closebox(); + +&Header::openbox('100%', 'left', $Lang::tr{'firewall log'}); +print "

$Lang::tr{'firewall hits'} $longmonthstr $daystr: $lines

"; + +if ($start == -1) { + $start = $lines - ${Header::viewsize}; } +if ($start >= $lines - ${Header::viewsize}) { $start = $lines - ${Header::viewsize}; }; +if ($start < 0) { $start = 0; } + +my $prev = $start - ${Header::viewsize}; +my $next = $start + ${Header::viewsize}; + +if ($prev < 0) { $prev = 0; } +if ($next >= $lines) { $next = -1 } +if ($start == 0) { $prev = -1; } + +if ($lines != 0) { &oldernewer(); } + +print < + +$Lang::tr{'time'} +$Lang::tr{'chain'} +$Lang::tr{'iface'} +$Lang::tr{'proto'} +$Lang::tr{'source'} +$Lang::tr{'src port'} +$Lang::tr{'destination'} +$Lang::tr{'dst port'} + +END +; + +my @slice = splice(@log, $start, ${Header::viewsize}); + +if ($logsettings{'LOGVIEW_REVERSE'} eq 'on') { @slice = reverse @slice; } + +$lines = 0; +foreach $_ (@slice) +{ + $a = $_; + /^... (..) (..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; + my $packet = $4; + $packet =~ /IN=(\w+)/; my $iface=$1; if ( $1 =~ /2./ ){ $iface="";} + $packet =~ /SRC=([\d\.]+)/; my $srcaddr=$1; + + if($iface eq $country || $srcaddr ne '') { + my $ccode; + if($iface ne $country) { + $ccode = $gi->country_code_by_name($srcaddr); + } + if($iface eq $country || $ccode eq $country) { + my $chain = ''; + my $in = '-'; my $out = '-'; + my $srcaddr = ''; my $dstaddr = ''; + my $protostr = ''; + my $srcport = ''; my $dstport = ''; + + $_ =~ /(^.* ..:..:..) [\w\-]+ kernel:(.*)(IN=.*)$/; + my $timestamp = $1; my $chain = $2; my $packet = $3; + $timestamp =~ /(...) (..) (..:..:..)/; + my $month = $1; my $day = $2; my $time = $3; + + if ($a =~ /IN\=(\w+)/) { $iface = $1; } + if ($a =~ /OUT\=(\w+)/) { $out = $1; } + if ($a =~ /SRC\=([\d\.]+)/) { $srcaddr = $1; } + if ($a =~ /DST\=([\d\.]+)/) { $dstaddr = $1; } + if ($a =~ /PROTO\=(\w+)/) { $protostr = $1; } + my $protostrlc = lc($protostr); + if ($a =~ /SPT\=([\d\.]+)/){ $srcport = $1; } + if ($a =~ /DPT\=([\d\.]+)/){ $dstport = $1; } + + if ($lines % 2) { + print "\n"; } + else { + print "\n"; } + print <$time + $chain + $iface + $protostr + + + +
$srcaddr
+ + $srcport + + + +
$dstaddr
+ + $dstport + +END + ; + $lines++; + } + } +} + +print < +END +; + +&oldernewer(); + +&Header::closebox(); + +&Header::closebigbox(); + +&Header::closepage(); + +sub oldernewer +{ + print < + +END +; + + print ""; + if ($prev != -1) { + print "$Lang::tr{'older'}"; } + else { + print "$Lang::tr{'older'}"; } + print "\n"; + + print ""; + if ($next != -1) { + print "$Lang::tr{'newer'}"; } + else { + print "$Lang::tr{'newer'}"; } + print "\n"; + +print < + +END +; +} + diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 877e09cb1..ceb63d456 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -19,7 +19,7 @@ # # ############################################################################### ### -# Based on IPFireCore 55 +# Based on IPFireCore 76 ### use CGI; use CGI qw/:standard/; @@ -80,6 +80,8 @@ $cgiparams{'COMPRESSION'} = 'off'; $cgiparams{'ONLY_PROPOSED'} = 'off'; $cgiparams{'ACTION'} = ''; $cgiparams{'CA_NAME'} = ''; +$cgiparams{'DH_NAME'} = 'dh1024.pem'; +$cgiparams{'DHLENGHT'} = ''; $cgiparams{'DHCP_DOMAIN'} = ''; $cgiparams{'DHCP_DNS'} = ''; $cgiparams{'DHCP_WINS'} = ''; @@ -88,6 +90,8 @@ $cgiparams{'DCOMPLZO'} = 'off'; $cgiparams{'MSSFIX'} = ''; $cgiparams{'number'} = ''; $cgiparams{'PMTU_DISCOVERY'} = ''; +$cgiparams{'DAUTH'} = ''; +$cgiparams{'DCIPHER'} = ''; $routes_push_file = "${General::swroot}/ovpn/routes_push"; unless (-e $routes_push_file) { system("touch $routes_push_file"); } unless (-e "${General::swroot}/ovpn/ccd.conf") { system("touch ${General::swroot}/ovpn/ccd.conf"); } @@ -222,6 +226,51 @@ sub checkportinc } } +# Darren Critchley - certain ports are reserved for IPFire +# TCP 67,68,81,222,444 +# UDP 67,68 +# Params passed in -> port, rangeyn, protocol +sub disallowreserved +{ + # port 67 and 68 same for tcp and udp, don't bother putting in an array + my $msg = ""; + my @tcp_reserved = (81,222,444); + my $prt = $_[0]; # the port or range + my $ryn = $_[1]; # tells us whether or not it is a port range + my $prot = $_[2]; # protocol + my $srcdst = $_[3]; # source or destination + if ($ryn) { # disect port range + if ($srcdst eq "src") { + $msg = "$Lang::tr{'rsvd src port overlap'}"; + } else { + $msg = "$Lang::tr{'rsvd dst port overlap'}"; + } + my @tmprng = split(/\:/,$prt); + unless (67 < $tmprng[0] || 67 > $tmprng[1]) { $errormessage="$msg 67"; return; } + unless (68 < $tmprng[0] || 68 > $tmprng[1]) { $errormessage="$msg 68"; return; } + if ($prot eq "tcp") { + foreach my $prange (@tcp_reserved) { + unless ($prange < $tmprng[0] || $prange > $tmprng[1]) { $errormessage="$msg $prange"; return; } + } + } + } else { + if ($srcdst eq "src") { + $msg = "$Lang::tr{'reserved src port'}"; + } else { + $msg = "$Lang::tr{'reserved dst port'}"; + } + if ($prt == 67) { $errormessage="$msg 67"; return; } + if ($prt == 68) { $errormessage="$msg 68"; return; } + if ($prot eq "tcp") { + foreach my $prange (@tcp_reserved) { + if ($prange == $prt) { $errormessage="$msg $prange"; return; } + } + } + } + return; +} + + sub writeserverconf { my %sovpnsettings = (); my @temp = (); @@ -243,14 +292,14 @@ sub writeserverconf { print CONF "ifconfig-pool-persist /var/ipfire/ovpn/ovpn-leases.db 3600\n"; print CONF "client-config-dir /var/ipfire/ovpn/ccd\n"; print CONF "tls-server\n"; - print CONF "ca /var/ipfire/ovpn/ca/cacert.pem\n"; - print CONF "cert /var/ipfire/ovpn/certs/servercert.pem\n"; - print CONF "key /var/ipfire/ovpn/certs/serverkey.pem\n"; - print CONF "dh /var/ipfire/ovpn/ca/dh1024.pem\n"; + print CONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; + print CONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n"; + print CONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n"; + print CONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n"; my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'}); print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n"; #print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n"; - + # Check if we are using mssfix, fragment or mtu-disc and set the corretct mtu of 1500. # If we doesn't use one of them, we can use the configured mtu value. if ($sovpnsettings{'MSSFIX'} eq 'on') @@ -258,8 +307,8 @@ sub writeserverconf { elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } elsif (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') || - ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') || - ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' )) + ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') || + ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' )) { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } else { print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; } @@ -294,10 +343,10 @@ sub writeserverconf { print CONF "client-to-client\n"; } if ($sovpnsettings{MSSFIX} eq 'on') { - print CONF "mssfix\n"; + print CONF "mssfix\n"; } if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') { - print CONF "fragment $sovpnsettings{'FRAGMENT'}\n"; + print CONF "fragment $sovpnsettings{'FRAGMENT'}\n"; } # Check if a valid operating mode has been choosen and use it. @@ -313,6 +362,7 @@ sub writeserverconf { print CONF "status-version 1\n"; print CONF "status /var/log/ovpnserver.log 30\n"; print CONF "cipher $sovpnsettings{DCIPHER}\n"; + print CONF "auth $sovpnsettings{DAUTH}\n"; if ($sovpnsettings{DCOMPLZO} eq 'on') { print CONF "comp-lzo\n"; } @@ -509,7 +559,7 @@ sub getccdadresses my @iprange=(); my %ccdhash=(); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); - $iprange[0]=$ip1.".".$ip2.".".$ip3.".".($ip4+2); + $iprange[0]=$ip1.".".$ip2.".".$ip3.".".2; for (my $i=1;$i<=$count;$i++) { my $tmpip=$iprange[$i-1]; my $stepper=$i*4; @@ -731,6 +781,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'}; $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'}; $vpnsettings{'PMTU_DISCOVERY'} = $cgiparams{'PMTU_DISCOVERY'}; + $vpnsettings{'DAUTH'} = $cgiparams{'DAUTH'}; my @temp=(); if ($cgiparams{'FRAGMENT'} eq '') { @@ -925,9 +976,11 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n"; print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n"; - print SERVERCONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n"; + print SERVERCONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n"; print SERVERCONF "# Cipher\n"; - print SERVERCONF "cipher AES-256-CBC\n"; + print SERVERCONF "cipher $cgiparams{'DCIPHER'}\n"; + print SERVERCONF "# HMAC algorithm\n"; + print SERVERCONF "auth $cgiparams{'DAUTH'}\n"; if ($cgiparams{'COMPLZO'} eq 'on') { print SERVERCONF "# Enable Compression\n"; print SERVERCONF "comp-lzo\r\n"; @@ -952,6 +1005,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client') { + my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'}); my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]"; my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'}); @@ -1014,12 +1068,14 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "# Auth. Client\n"; print CLIENTCONF "tls-client\n"; print CLIENTCONF "# Cipher\n"; - print CLIENTCONF "cipher AES-256-CBC\n"; + print CLIENTCONF "cipher $cgiparams{'DCIPHER'}\n"; + print CLIENTCONF "# HMAC algorithm\n"; + print CLIENTCONF "auth $cgiparams{'DAUTH'}\n"; print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n"; if ($cgiparams{'COMPLZO'} eq 'on') { print CLIENTCONF "# Enable Compression\n"; print CLIENTCONF "comp-lzo\r\n"; - } + } print CLIENTCONF "# Debug Level\n"; print CLIENTCONF "verb 3\n"; print CLIENTCONF "# Tunnel check\n"; @@ -1058,7 +1114,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) { $errormessage = $Lang::tr{'ovpn subnet is invalid'}; - goto SETTINGS_ERROR; + goto SETTINGS_ERROR; } my @tmpovpnsubnet = split("\/",$cgiparams{'DOVPN_SUBNET'}); @@ -1114,11 +1170,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg $errormessage = $Lang::tr{'invalid port'}; goto SETTINGS_ERROR; } - - if ($cgiparams{'DDEST_PORT'} <= 1023) { - $errormessage = $Lang::tr{'ovpn port in root range'}; - goto SETTINGS_ERROR; - } $vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'}; $vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'}; @@ -1144,7 +1195,7 @@ SETTINGS_ERROR: ### ### Reset all step 2 ### -}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reset'} && $cgiparams{'AREUSURE'} eq 'yes') { +}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'} && $cgiparams{'AREUSURE'} eq 'yes') { my $file = ''; &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); @@ -1154,37 +1205,64 @@ SETTINGS_ERROR: } } while ($file = glob("${General::swroot}/ovpn/ca/*")) { - unlink $file + unlink $file } while ($file = glob("${General::swroot}/ovpn/certs/*")) { - unlink $file + unlink $file } while ($file = glob("${General::swroot}/ovpn/crls/*")) { - unlink $file + unlink $file } - &cleanssldatabase(); + &cleanssldatabase(); if (open(FILE, ">${General::swroot}/ovpn/caconfig")) { print FILE ""; close FILE; } - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - #&writeserverconf(); + if (open(FILE, ">${General::swroot}/ovpn/ccdroute")) { + print FILE ""; + close FILE; + } + if (open(FILE, ">${General::swroot}/ovpn/ccdroute2")) { + print FILE ""; + close FILE; + } + while ($file = glob("${General::swroot}/ovpn/ccd/*")) { + unlink $file + } + if (open(FILE, ">${General::swroot}/ovpn/ovpn-leases.db")) { + print FILE ""; + close FILE; + } + if (open(FILE, ">${General::swroot}/ovpn/ovpnconfig")) { + print FILE ""; + close FILE; + } + while ($file = glob("${General::swroot}/ovpn/n2nconf/*")) { + system ("rm -rf $file") + } ### ### Reset all step 1 ### -}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'reset'}) { +}elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove x509'}) { &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); - &Header::openbigbox('100%', 'LEFT', '', ''); - &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'}); - print <
- - $Lang::tr{'capswarning'}: - $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'} - - -
+ &Header::openpage($Lang::tr{'ovpn'}, 1, ''); + &Header::openbigbox('100%', 'left', '', ''); + &Header::openbox('100%', 'left', $Lang::tr{'are you sure'}); + print < + + + + + + + +
+ + $Lang::tr{'capswarning'}: + $Lang::tr{'resetting the vpn configuration will remove the root ca, the host certificate and all certificate based connections'}
+
+ END ; &Header::closebox(); @@ -1192,6 +1270,107 @@ END &Header::closepage(); exit (0); +### +### Generate DH key step 2 +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'} && $cgiparams{'AREUSURE'} eq 'yes') { + # Delete if old key exists + if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") { + unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}"; + } + # Create Diffie Hellmann Parameter + system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache', + '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}"); + if ($?) { + $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; + unlink ("${General::swroot}/ovpn/ca/dh1024.pem"); + } + +### +### Generate DH key step 1 +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate dh key'}) { + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + &Header::openbox('100%', 'LEFT', "$Lang::tr{'gen dh'}:"); + print < + + + + + $Lang::tr{'ovpn dh'}: + +
+ + + + +
+ + + + $Lang::tr{'capswarning'}: + $Lang::tr{'dh key warn'} + + + + + + +
+ +END + ; + &Header::closebox(); + print ""; + &Header::closebigbox(); + &Header::closepage(); + exit (0); + +### +### Upload DH key +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'upload dh key'}) { + if ($cgiparams{'DH_NAME'} !~ /dh1024.pem/) { + $errormessage = $Lang::tr{'dh name is invalid'}; + goto UPLOADCA_ERROR; + } + if (ref ($cgiparams{'FH'}) ne 'Fh') { + $errormessage = $Lang::tr{'there was no file upload'}; + goto UPLOADCA_ERROR; + } + # Move uploaded dh key to a temporary file + (my $fh, my $filename) = tempfile( ); + if (copy ($cgiparams{'FH'}, $fh) != 1) { + $errormessage = $!; + goto UPLOADCA_ERROR; + } + my $temp = `/usr/bin/openssl dhparam -text -in $filename`; + if ($temp !~ /DH Parameters: \((1024|2048|3072|4096) bit\)/) { + $errormessage = $Lang::tr{'not a valid dh key'}; + unlink ($filename); + goto UPLOADCA_ERROR; + } else { + # Delete if old key exists + if (-f "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}") { + unlink "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}"; + } + move($filename, "${General::swroot}/ovpn/ca/$cgiparams{'DH_NAME'}"); + if ($? ne 0) { + $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; + unlink ($filename); + goto UPLOADCA_ERROR; + } + } + + ### ### Upload CA Certificate ### @@ -1210,7 +1389,7 @@ END if ($cgiparams{'CA_NAME'} eq 'ca') { $errormessage = $Lang::tr{'name is invalid'}; - goto UPLOAD_CA_ERROR; + goto UPLOADCA_ERROR; } # Check if there is no other entry with this name @@ -1268,7 +1447,7 @@ END if ( -f "${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem") { &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', $errormessage); &Header::openbox('100%', 'LEFT', "$Lang::tr{'ca certificate'}:"); my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/ca/$cahash{$cgiparams{'KEY'}}[0]cert.pem`; @@ -1345,10 +1524,10 @@ END } if ($assignedcerts) { &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', $errormessage); &Header::openbox('100%', 'LEFT', $Lang::tr{'are you sure'}); - print <
@@ -1380,7 +1559,7 @@ END $cgiparams{'ACTION'} eq $Lang::tr{'show host certificate'}) { my $output; &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', ''); if ($cgiparams{'ACTION'} eq $Lang::tr{'show root certificate'}) { &Header::openbox('100%', 'LEFT', "$Lang::tr{'root certificate'}:"); @@ -1646,7 +1825,7 @@ END } } else { # child unless (exec ('/usr/bin/openssl', 'req', '-x509', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache', - '-days', '999999', '-newkey', 'rsa:2048', + '-days', '999999', '-newkey', 'rsa:4096', '-keyout', "${General::swroot}/ovpn/ca/cakey.pem", '-out', "${General::swroot}/ovpn/ca/cacert.pem", '-config',"${General::swroot}/ovpn/openssl/ovpn.cnf")) { @@ -1677,7 +1856,7 @@ END } } else { # child unless (exec ('/usr/bin/openssl', 'req', '-nodes', '-rand', '/proc/interrupts:/proc/net/rt_cache', - '-newkey', 'rsa:1024', + '-newkey', 'rsa:2048', '-keyout', "${General::swroot}/ovpn/certs/serverkey.pem", '-out', "${General::swroot}/ovpn/certs/serverreq.pem", '-extensions', 'server', @@ -1729,8 +1908,7 @@ END } # Create Diffie Hellmann Parameter system('/usr/bin/openssl', 'dhparam', '-rand', '/proc/interrupts:/proc/net/rt_cache', - '-out', "${General::swroot}/ovpn/ca/dh1024.pem", - '1024' ); + '-out', "${General::swroot}/ovpn/ca/dh1024.pem", "$cgiparams{'DHLENGHT'}"); if ($?) { $errormessage = "$Lang::tr{'openssl produced an error'}: $?"; unlink ("${General::swroot}/ovpn/certs/serverkey.pem"); @@ -1748,7 +1926,7 @@ END ROOTCERT_ERROR: if ($cgiparams{'ACTION'} ne '') { &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', ''); if ($errormessage) { &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); @@ -1757,7 +1935,7 @@ END &Header::closebox(); } &Header::openbox('100%', 'LEFT', "$Lang::tr{'generate root/host certificates'}:"); - print < @@ -1790,19 +1968,35 @@ END } print ">$country"; } - print < - + print < + + + + - - + + + + + + + @@ -1813,12 +2007,13 @@ END +  $Lang::tr{'this field may be blank'} +
$Lang::tr{'organization name'}: 
$Lang::tr{'ovpn dh'}: +
    
* $Lang::tr{'this field may be blank'}
- $Lang::tr{'capswarning'}: - $Lang::tr{'generating the root and host certificates may take a long time. it can take up to several minutes on older hardware. please be patient'} -


+ $Lang::tr{'capswarning'}: + $Lang::tr{'ovpn generating the root and host certificates'} +
+ $Lang::tr{'dh key warn'} +
$Lang::tr{'upload p12 file'}:  
 
-  $Lang::tr{'this field may be blank'}
END ; &Header::closebox(); - + print ""; &Header::closebigbox(); &Header::closepage(); exit(0) @@ -1951,12 +2146,14 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ print CLIENTCONF "# Auth. Client\n"; print CLIENTCONF "tls-client\n"; print CLIENTCONF "# Cipher\n"; - print CLIENTCONF "cipher AES-256-CBC\n"; + print CLIENTCONF "cipher $confighash{$cgiparams{'KEY'}}[40]\n"; + print CLIENTCONF "# HMAC algorithm\n"; + print CLIENTCONF "auth $confighash{$cgiparams{'KEY'}}[39]\n"; if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") { print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n"; $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n"; } - if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') { + if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') { print CLIENTCONF "# Enable Compression\n"; print CLIENTCONF "comp-lzo\r\n"; } @@ -2051,6 +2248,7 @@ else $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem", "$confighash{$cgiparams{'KEY'}}[1]cert.pem") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1]cert.pem\n"; } print CLIENTCONF "cipher $vpnsettings{DCIPHER}\r\n"; + print CLIENTCONF "auth $vpnsettings{DAUTH}\r\n"; if ($vpnsettings{DCOMPLZO} eq 'on') { print CLIENTCONF "comp-lzo\r\n"; } @@ -2180,7 +2378,7 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { if ( -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem") { &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', ''); &Header::openbox('100%', 'LEFT', "$Lang::tr{'certificate'}:"); my $output = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem`; @@ -2192,6 +2390,29 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { &Header::closepage(); exit(0); } + +### +### Display Diffie-Hellman key +### +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'show dh'}) { + + if (! -e "${General::swroot}/ovpn/ca/dh1024.pem") { + $errormessage = $Lang::tr{'not present'}; + } else { + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + &Header::openbox('100%', 'LEFT', "$Lang::tr{'dh'}:"); + my $output = `/usr/bin/openssl dhparam -text -in ${General::swroot}/ovpn/ca/dh1024.pem`; + $output = &Header::cleanhtml($output,"y"); + print "
$output
\n"; + &Header::closebox(); + print ""; + &Header::closebigbox(); + &Header::closepage(); + exit(0); + } + ### ### Display Certificate Revoke List ### @@ -2200,7 +2421,7 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { if ( -f "${General::swroot}/ovpn/crls/cacrl.pem") { &Header::showhttpheaders(); - &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openpage($Lang::tr{'ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', ''); &Header::openbox('100%', 'LEFT', "$Lang::tr{'crl'}:"); my $output = `/usr/bin/openssl crl -text -noout -in ${General::swroot}/ovpn/crls/cacrl.pem`; @@ -2231,19 +2452,22 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { # } ADV_ERROR: if ($cgiparams{'MAX_CLIENTS'} eq '') { - $cgiparams{'MAX_CLIENTS'} = '100'; + $cgiparams{'MAX_CLIENTS'} = '100'; } if ($cgiparams{'KEEPALIVE_1'} eq '') { - $cgiparams{'KEEPALIVE_1'} = '10'; + $cgiparams{'KEEPALIVE_1'} = '10'; } if ($cgiparams{'KEEPALIVE_2'} eq '') { - $cgiparams{'KEEPALIVE_2'} = '60'; + $cgiparams{'KEEPALIVE_2'} = '60'; } if ($cgiparams{'LOG_VERB'} eq '') { - $cgiparams{'LOG_VERB'} = '3'; + $cgiparams{'LOG_VERB'} = '3'; } if ($cgiparams{'PMTU_DISCOVERY'} eq '') { - $cgiparams{'PMTU_DISCOVERY'} = 'off'; + $cgiparams{'PMTU_DISCOVERY'} = 'off'; + } + if ($cgiparams{'DAUTH'} eq '') { + $cgiparams{'DAUTH'} = 'SHA1'; } $checked{'CLIENT2CLIENT'}{'off'} = ''; $checked{'CLIENT2CLIENT'}{'on'} = ''; @@ -2251,7 +2475,6 @@ ADV_ERROR: $checked{'REDIRECT_GW_DEF1'}{'off'} = ''; $checked{'REDIRECT_GW_DEF1'}{'on'} = ''; $checked{'REDIRECT_GW_DEF1'}{$cgiparams{'REDIRECT_GW_DEF1'}} = 'CHECKED'; - $selected{'ENGINES'}{$cgiparams{'ENGINES'}} = 'SELECTED'; $checked{'MSSFIX'}{'off'} = ''; $checked{'MSSFIX'}{'on'} = ''; $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED'; @@ -2269,7 +2492,14 @@ ADV_ERROR: $selected{'LOG_VERB'}{'11'} = ''; $selected{'LOG_VERB'}{'0'} = ''; $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED'; - + $selected{'DAUTH'}{'whirlpool'} = ''; + $selected{'DAUTH'}{'SHA512'} = ''; + $selected{'DAUTH'}{'SHA384'} = ''; + $selected{'DAUTH'}{'SHA256'} = ''; + $selected{'DAUTH'}{'ecdsa-with-SHA1'} = ''; + $selected{'DAUTH'}{'SHA1'} = ''; + $selected{'DAUTH'}{$cgiparams{'DAUTH'}} = 'SELECTED'; + &Header::showhttpheaders(); &Header::openpage($Lang::tr{'status ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', $errormessage); @@ -2280,34 +2510,34 @@ ADV_ERROR: &Header::closebox(); } &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'}); - print < - - - +
$Lang::tr{'dhcp-options'}
+ + - + - + - - + + - - - + + + - + - -
$Lang::tr{'dhcp-options'}
DomainDomain
DNSDNS
WINS
WINS
$Lang::tr{'ovpn routes push options'}$Lang::tr{'ovpn routes push options'}
$Lang::tr{'ovpn routes push'} -