From: Alfred Haas Date: Mon, 18 Jul 2011 10:28:33 +0000 (+0200) Subject: Import ovpnmain.cgi with N2N support. X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=ce9abb6627a085706077c1a11da1569fc3c7f244 Import ovpnmain.cgi with N2N support. This is currently in development! --- diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index c99e7beae..850555ca3 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -22,6 +22,7 @@ use CGI; use CGI qw/:standard/; use Net::DNS; +use Net::Ping; use File::Copy; use File::Temp qw/ tempfile tempdir /; use strict; @@ -32,8 +33,8 @@ require "${General::swroot}/header.pl"; require "${General::swroot}/countries.pl"; # enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; +use warnings; +use CGI::Carp 'fatalsToBrowser'; #workaround to suppress a warning when a variable is used only once my @dummy = ( ${Header::colourgreen} ); undef (@dummy); @@ -72,6 +73,7 @@ $cgiparams{'DHCP_WINS'} = ''; $cgiparams{'DCOMPLZO'} = 'off'; $cgiparams{'MSSFIX'} = ''; + &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'}); # prepare openvpn config file @@ -514,12 +516,166 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { &writeserverconf();#hier ok } +### +# m.a.d Save net2net server config +### + +if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'server') +{ +my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'}); +my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'}); +my $ovsubnet = "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]"; +my $tunmtu = $cgiparams{'MTU'}; +if ($tunmtu eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}}; + + if ( !-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") { + mkdir("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770); } + + open(SERVERCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!"; + + flock SERVERCONF, 2; + print SERVERCONF "# n2n Open VPN Server Config by ummeegge und m.a.d\n"; + print SERVERCONF "\n"; + print SERVERCONF "# User Sicherheit\n"; + print SERVERCONF "user nobody\n"; + print SERVERCONF "group nobody\n"; + print SERVERCONF "persist-tun\n"; + print SERVERCONF "persist-key\n"; + print SERVERCONF "\n"; + print SERVERCONF "# IP/DNS fuer das Server Gateway - g2g Mode\n"; + print SERVERCONF "remote $cgiparams{'REMOTE'}\n"; + print SERVERCONF "\n"; + print SERVERCONF "# IP Adressen des VPN Tunnels\n"; + print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; + print SERVERCONF "\n"; + print SERVERCONF "# Netzwerk auf dem Client Gateway\n"; + print SERVERCONF "route @remsubnet[0] @remsubnet[1]\n"; + print SERVERCONF "# Device fuer den Tunnel\n"; + print SERVERCONF "dev tun\n"; + print SERVERCONF "\n"; + print SERVERCONF "#Port und Protokoll\n"; + print SERVERCONF "port $cgiparams{'DEST_PORT'}\n"; + print SERVERCONF "proto $cgiparams{'PROTOCOL'}\n"; + print SERVERCONF "\n"; + print SERVERCONF "# Paketgroessen\n"; + print SERVERCONF "tun-mtu $tunmtu\n"; + print SERVERCONF "fragment 1300\n"; + print SERVERCONF "mssfix\n"; + print SERVERCONF "\n"; + print SERVERCONF "# Auth Server\n"; + print SERVERCONF "tls-server\n"; + print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; + print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n"; + print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n"; + print SERVERCONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n"; + print SERVERCONF "\n"; + print SERVERCONF "# Verschluesselung\n"; + print SERVERCONF "cipher AES-256-CBC\n"; + if ($cgiparams{'COMPLZO'} eq 'on') { + print SERVERCONF "# Kompression einschalten\n"; + print SERVERCONF "comp-lzo\r\n"; + print SERVERCONF "#\n"; + } + print SERVERCONF "# Debug Level setzen\n"; + print SERVERCONF "verb 3\n"; + print SERVERCONF "\n"; + print SERVERCONF "# Tunnel Ueberwachung\n"; + print SERVERCONF "keepalive 10 60\n"; + print SERVERCONF "\n"; + print SERVERCONF "# Als Daemon starten mit Namen ovpnn2n\n"; + print SERVERCONF "daemon $cgiparams{'NAME'}n2n\n"; + print SERVERCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n"; + print SERVERCONF "\n"; + print SERVERCONF "# Management Interface aktivieren\n"; + print SERVERCONF "#management localhost 4711\n"; + close(SERVERCONF); + +} + +### +# m.a.d Save net2net client config +### +if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client') +{ + my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'}); + my $ovsubnet = "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]"; + my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'}); + my $tunmtu = $cgiparams{'MTU'}; + if ($tunmtu eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}}; + + if ( !-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") { + mkdir("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770); } + + open(CLIENTCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!"; + + flock CLIENTCONF, 2; + print CLIENTCONF "# rewritten n2n Open VPN Client Config by ummeegge und m.a.d\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# User Sicherheit\n"; + print CLIENTCONF "user nobody\n"; + print CLIENTCONF "group nobody\n"; + print CLIENTCONF "persist-tun\n"; + print CLIENTCONF "persist-key\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# IP/DNS fuer das Server Gateway - g2g Mode\n"; + print CLIENTCONF "remote $cgiparams{'REMOTE'}\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# IP Adressen des VPN Tunnels\n"; + print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Netzwerk auf dem Server Gateway\n"; + print CLIENTCONF "route @remsubnet[0]/@remsubnet[1]\n"; + print CLIENTCONF "# Device fuer den Tunnel\n"; + print CLIENTCONF "dev tun\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "#Port und Protokoll\n"; + print CLIENTCONF "port $cgiparams{'DEST_PORT'}\n"; + print CLIENTCONF "proto $cgiparams{'PROTOCOL'}\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Paketgroessen\n"; + print CLIENTCONF "tun-mtu $tunmtu\n"; + print CLIENTCONF "fragment 1300\n"; + print CLIENTCONF "mssfix\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Auth. Client\n"; + print CLIENTCONF "tls-client\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Verschluesselung\n"; + print CLIENTCONF "cipher AES-256-CBC\n"; + print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n"; + print CLIENTCONF "#\n"; + if ($cgiparams{'COMPLZO'} eq 'on') { + print CLIENTCONF "# Kompression einschalten\n"; + print CLIENTCONF "comp-lzo\r\n"; + print CLIENTCONF "#\n"; + } + print CLIENTCONF "#\n"; + print CLIENTCONF "# Debug Level\n"; + print CLIENTCONF "verb 3\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Tunnel Ueberwachung\n"; + print CLIENTCONF "keepalive 10 60\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Als Daemon starten\n"; + print CLIENTCONF "daemon $cgiparams{'NAME'}n2n\n"; + print CLIENTCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Management Interface aktivieren\n"; + print CLIENTCONF "# management localhost 4711\n"; + close(CLIENTCONF); +} + +### +# m.a.d Save net2net config end +### ### ### Save main settings ### + + if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') { &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too, @@ -1314,36 +1470,50 @@ END ### ### Enable/Disable connection ### + +### +# m.a.d net2net Anpassung +### + }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - +# my $n2nactive = ''; + my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk \'{print \$1}\'`; + if ($confighash{$cgiparams{'KEY'}}) { - if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { + + + if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { $confighash{$cgiparams{'KEY'}}[0] = 'on'; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - #&writeserverconf(); -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLED_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}); -# } - } else { + + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ + system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]); + } + + } else { + $confighash{$cgiparams{'KEY'}}[0] = 'off'; -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLED_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}); -# } - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - #&writeserverconf(); - } - } else { - $errormessage = $Lang::tr{'invalid key'}; - } + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ + if ($n2nactive ne ''){ + system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]); + } + + } else { + $errormessage = $Lang::tr{'invalid key'}; + } + } + } ### ### Download OpenVPN client package ### + + } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'dl client arch'}) { &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); @@ -1352,9 +1522,105 @@ END my @fileholder; my $tempdir = tempdir( CLEANUP => 1 ); my $zippath = "$tempdir/"; - my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip"; - my $zippathname = "$zippath$zipname"; - $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn"; + +### +# m.a.d net2net DL Client Package +### + +if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ + + my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-Client.zip"; + my $zippathname = "$zippath$zipname"; + $clientovpn = "$confighash{$cgiparams{'KEY'}}[1].conf"; + my @ovsubnettemp = split(/\./,$confighash{$cgiparams{'KEY'}}[27]); + my $ovsubnet = "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]"; + my $tunmtu = ''; + + open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!"; + flock CLIENTCONF, 2; + + my $zip = Archive::Zip->new(); + print CLIENTCONF "# n2n Open VPN Client Config by ummeegge und m.a.d\n"; + print CLIENTCONF "# \n"; + print CLIENTCONF "# User Sicherheit\n"; + print CLIENTCONF "user nobody\n"; + print CLIENTCONF "group nobody\n"; + print CLIENTCONF "persist-tun\n"; + print CLIENTCONF "persist-key\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# IP/DNS fuer das Server Gateway - g2g Mode\n"; + print CLIENTCONF "remote $netsettings{'RED_ADDRESS'}\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# IP Adressen des VPN Tunnels\n"; + print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Netzwerk auf dem Server Gateway\n"; + print CLIENTCONF "route $confighash{$cgiparams{'KEY'}}[8]\n"; + print CLIENTCONF "# Device fuer den Tunnel\n"; + print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "#Port und Protokoll\n"; + print CLIENTCONF "port $confighash{$cgiparams{'KEY'}}[29]\n"; + print CLIENTCONF "proto $confighash{$cgiparams{'KEY'}}[28]\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Paketgroessen\n"; + if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1500'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]}; + print CLIENTCONF "tun-mtu $tunmtu\n"; + print CLIENTCONF "fragment 1300\n"; + print CLIENTCONF "mssfix\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Auth. Client\n"; + print CLIENTCONF "tls-client\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Verschluesselung\n"; + print CLIENTCONF "cipher AES-256-CBC\n"; + if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") { + print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n"; + $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n"; + } + print CLIENTCONF "#\n"; + if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') { + print CLIENTCONF "# Kompression einschalten\n"; + print CLIENTCONF "comp-lzo\r\n"; + print CLIENTCONF "#\n"; + } + print CLIENTCONF "# Debug Level\n"; + print CLIENTCONF "verb 3\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Tunnel Ueberwachung\n"; + print CLIENTCONF "keepalive 10 60\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Als Daemon starten\n"; + print CLIENTCONF "daemon $confighash{$cgiparams{'KEY'}}[1]n2n\n"; + print CLIENTCONF "writepid /var/run/$confighash{$cgiparams{'KEY'}}[1]n2n.pid\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Management Interface aktivieren\n"; + print CLIENTCONF "# management localhost 4711\n"; + print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n"; + + + close(CLIENTCONF); + + $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n"; + my $status = $zip->writeToFileNamed($zippathname); + + open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!"; + @fileholder = ; + print "Content-Type:application/x-download\n"; + print "Content-Disposition:attachment;filename=$zipname\n\n"; + print @fileholder; + exit (0); +} +else +{ + my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip"; + my $zippathname = "$zippath$zipname"; + $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn"; + +### +# m.a.d net2net DL Client Package end +### + open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!"; flock CLIENTCONF, 2; @@ -1410,6 +1676,7 @@ END print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n"; } close(CLIENTCONF); + $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n"; my $status = $zip->writeToFileNamed($zippathname); @@ -1419,10 +1686,15 @@ END print "Content-Disposition:attachment;filename=$zipname\n\n"; print @fileholder; exit (0); - + } + + + ### ### Remove connection ### + + } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) { &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); @@ -1434,7 +1706,24 @@ END # } # my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); + +### +# m.a.d net2net Anpassung +### + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { + + my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf"); + my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + unlink ($certfile) or die "Removing $certfile fail: $!"; + unlink ($conffile) or die "Removing $conffile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!"; + +} +### +# m.a.d net2net Anpassung end +### + + unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); delete $confighash{$cgiparams{'KEY'}}; my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; @@ -1443,6 +1732,8 @@ END } else { $errormessage = $Lang::tr{'invalid key'}; } + + ### ### Download PKCS12 file ### @@ -1799,13 +2090,14 @@ END ### ### Enable/Disable connection ### + } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); if ($confighash{$cgiparams{'KEY'}}) { - if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { + if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { $confighash{$cgiparams{'KEY'}}[0] = 'on'; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); #&writeserverconf(); @@ -1862,6 +2154,303 @@ END } else { $errormessage = $Lang::tr{'invalid key'}; } +#test33 + +### +### Choose between adding a host-net or net-net connection +### + +### +# m.a.d Anpassung wegen upload n2n Package +### + +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') { + &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + &Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'}); + print <$Lang::tr{'connection type'}:
+ + + + + + + + + +
$Lang::tr{'host to net vpn'}
$Lang::tr{'net to net vpn'}
$Lang::tr{'net to net vpn'} (Upload Client Package)
 
+END + ; + + &Header::closebox(); + &Header::closebigbox(); + &Header::closepage(); + exit (0); + +### +# m.a.d uploading a IPFire n2n Client package +### + +} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2net')){ + + my @firen2nconf; + my @confdetails; + my $uplconffilename =''; + my $uplp12name = ''; + my $complzoactive =''; + my @rem_subnet; + my @rem_subnet2; + my @tmposupnet3; + my $key; + + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + +# Check if a file is uploaded + + if (ref ($cgiparams{'FH'}) ne 'Fh') { + $errormessage = $Lang::tr{'there was no file upload'}; + goto N2N_ERROR; + } + +# Move uploaded IPfire n2n package to temporary file + + (my $fh, my $filename) = tempfile( ); + if (copy ($cgiparams{'FH'}, $fh) != 1) { + $errormessage = $!; + goto N2N_ERROR; + } + + my $zip = Archive::Zip->new(); + my $zipName = $filename; + my $status = $zip->read( $zipName ); + if ($status != AZ_OK) { + $errormessage = "Read of $zipName failed\n"; + goto N2N_ERROR; + } + + my $tempdir = tempdir( CLEANUP => 1 ); + my @files = $zip->memberNames(); + for(@files) { + $zip->extractMemberWithoutPaths($_,"$tempdir/$_"); + } + my $countfiles = @files; + +# Check if we have not more then 2 files + + if ( $countfiles == 2){ + foreach (@files){ + if ( $_ =~ /.conf$/){ + $uplconffilename = $_; + } + if ( $_ =~ /.p12$/){ + $uplp12name = $_; + } + } + if (($uplconffilename eq '') || ($uplp12name eq '')){ + $errormessage = "Either no *.conf or no *.p12 file found\n"; + goto N2N_ERROR; + } + + open(FILE, "$tempdir/$uplconffilename") or die 'Unable to open*.conf file'; + @firen2nconf = ; + close (FILE); + chomp(@firen2nconf); + + } else { + + $errormessage = "Filecount does not match only 2 files are allowed\n"; + goto N2N_ERROR; + } + +### +# m.a.d prepare imported ipfire net2net data +### + + my @n2nname = split(/\./,$uplconffilename); + $n2nname[0] =~ s/\n|\r//g; + + if ( !-d "${General::swroot}/ovpn/n2nconf/$n2nname[0]") { + mkdir("${General::swroot}/ovpn/n2nconf/$n2nname[0]", 0770); } + + move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename"); + + if ($? ne 0) { + $errormessage = "*.conf move failed: $!"; + unlink ($filename); + goto N2N_ERROR; + } + + move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name"); + if ($? ne 0) { + $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; + unlink ($filename); + goto N2N_ERROR; + } + +my $complzoactive; +#my @n2nroute = split(/ /, (grep { /^route/ } @firen2nconf)[0]); +my @n2nproto = split(/ /, (grep { /^proto/ } @firen2nconf)[0]); +my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]); +my @n2ntunmtu = split(/ /, (grep { /^tun-mtu/ } @firen2nconf)[0]); +my @n2ncomplzo = grep { /^comp-lzo/ } @firen2nconf; +if ($n2ncomplzo[0] =~ /comp-lzo/){$complzoactive = "on";} else {$complzoactive = "off";} +my @n2nremote = split(/ /, (grep { /^remote/ } @firen2nconf)[0]); +my @n2novpnsuball = split(/ /, (grep { /^ifconfig/ } @firen2nconf)[0]); +my @n2novpnsub = split(/\./,$n2novpnsuball[1]); +my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]); +my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]); + +# $errormessage = &Ovpnfunc::ovelapplausi("$tmposupnet3[0].$tmposupnet3[1].$tmposupnet3[2].0","255.255.255.0"); +# if ($errormessage ne ''){ +# goto N2N_ERROR; +# } + +### +# m.a.d delete CR and LF from arrays for this chomp doesnt work +### + +#$n2nroute[1] =~ s/\n|\r//g; +$n2nremote[1] =~ s/\n|\r//g; +#$n2nroute[1] =~ s/\n|\r//g; +#$n2nroute[2] =~ s/\n|\r//g; +$n2novpnsub[0] =~ s/\n|\r//g; +$n2novpnsub[1] =~ s/\n|\r//g; +$n2novpnsub[2] =~ s/\n|\r//g; +$n2nproto[1] =~ s/\n|\r//g; +$n2nport[1] =~ s/\n|\r//g; +$n2ntunmtu[1] =~ s/\n|\r//g; +$n2nremsub[1] =~ s/\n|\r//g; +$n2nlocalsub[2] =~ s/\n|\r//g; +chomp ($complzoactive); + +### +# m.a.d Write n2n config +### + +### +# Check if there is no other entry with this name +### + + foreach my $dkey (keys %confighash) { + if ($confighash{$dkey}[1] eq $n2nname[0]) { + $errormessage = $Lang::tr{'a connection with this name already exists'}; + goto N2N_ERROR; + } + } + + $key = &General::findhasharraykey (\%confighash); + + foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";} + $confighash{$key}[0] = 'off'; + $confighash{$key}[1] = $n2nname[0]; + $confighash{$key}[2] = $n2nname[0]; + $confighash{$key}[3] = 'net'; + $confighash{$key}[4] = 'cert'; + $confighash{$key}[6] = 'client'; + $confighash{$key}[8] = $n2nlocalsub[2]; + $confighash{$key}[10] = $n2nremote[1]; + $confighash{$key}[11] = $n2nremsub[1]; + $confighash{$key}[25] = 'IPFire n2n Client'; + $confighash{$key}[26] = 'red'; + $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0"; + $confighash{$key}[28] = $n2nproto[1]; + $confighash{$key}[29] = $n2nport[1]; + $confighash{$key}[30] = $complzoactive; + $confighash{$key}[31] = $n2ntunmtu[1]; + + + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + N2N_ERROR: + + &Header::showhttpheaders(); + &Header::openpage('Validate imported configuration', 1, ''); + &Header::openbigbox('100%', 'LEFT', '', $errormessage); + if ($errormessage) { + &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); + print "$errormessage"; + print " "; + &Header::closebox(); + + } else + { + &Header::openbox('100%', 'LEFT', 'import ipfire net2net config'); + } + if ($errormessage eq ''){ + print < + + + + + + + + + + + + + + +
  
$Lang::tr{'name'}:$n2nname[0]
  
$Lang::tr{'Act as'}$confighash{$key}[6]
Remote Host $confighash{$key}[10]
$Lang::tr{'local subnet'}$confighash{$key}[8]
$Lang::tr{'remote subnet'}$confighash{$key}[11]
$Lang::tr{'ovpn subnet'}$confighash{$key}[27]
$Lang::tr{'protocol'}$confighash{$key}[28]
$Lang::tr{'destination port'}:$confighash{$key}[29]
$Lang::tr{'comp-lzo'}$confighash{$key}[30]
$Lang::tr{'MTU'}$confighash{$key}[31]
  
+END +; + &Header::closebox(); + } + + if ($errormessage) { + print ""; + } else { + print "
"; + print ""; + print ""; + print "
"; + } + &Header::closebigbox(); + &Header::closepage(); + exit(0); + + +## +### Accept IPFire n2n Package Settings +### + + } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){ + +### +### Discard and Rollback IPFire n2n Package Settings +### + + } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'cancel'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){ + + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + +if ($confighash{$cgiparams{'KEY'}}) { + + my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf"); + my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + unlink ($certfile) or die "Removing $certfile fail: $!"; + unlink ($conffile) or die "Removing $conffile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!"; + delete $confighash{$cgiparams{'KEY'}}; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + + } else { + $errormessage = $Lang::tr{'invalid key'}; + } + + +### +# m.a.d end uploading a IPFire n2n Client package +### + + +### +### Adding a new connection +### } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) || ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) || ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) { @@ -1875,10 +2464,9 @@ END $errormessage = $Lang::tr{'invalid key'}; goto VPNCONF_END; } - $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0]; $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1]; - $cgiparams{'TYPE'} = 'host'; + $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3]; $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5]; $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6]; @@ -1918,6 +2506,11 @@ END goto VPNCONF_ERROR; } +# if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) { +# $errormessage = $Lang::tr{'ipfire side is invalid'}; +# goto VPNCONF_ERROR; +# } + # Check if there is no other entry with this name if (! $cgiparams{'KEY'}) { foreach my $key (keys %confighash) { @@ -1928,6 +2521,11 @@ END } } + if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) { + $errormessage = $Lang::tr{'invalid input for remote host/ip'}; + goto VPNCONF_ERROR; + } + if ($cgiparams{'REMOTE'}) { if (! &General::validip($cgiparams{'REMOTE'})) { if (! &General::validfqdn ($cgiparams{'REMOTE'})) { @@ -1956,6 +2554,10 @@ END } } } + if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) { + $errormessage = $Lang::tr{'remote subnet is invalid'}; + goto VPNCONF_ERROR; + } if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) { $errormessage = $Lang::tr{'invalid input'}; @@ -2079,9 +2681,6 @@ END goto VPNCONF_ERROR; } } elsif ($cgiparams{'AUTH'} eq 'certgen') { - - $cgiparams{'CERT_NAME'} =~ s/ //g; - if ($cgiparams{'KEY'}) { $errormessage = $Lang::tr{'cant change certificates'}; goto VPNCONF_ERROR; @@ -2240,13 +2839,17 @@ END if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') { $confighash{$key}[2] = $cgiparams{'CERT_NAME'}; } - $confighash{$key}[3] = 'host'; + $confighash{$key}[3] = $cgiparams{'TYPE'}; if ($cgiparams{'AUTH'} eq 'psk') { $confighash{$key}[4] = 'psk'; $confighash{$key}[5] = $cgiparams{'PSK'}; } else { $confighash{$key}[4] = 'cert'; } + if ($cgiparams{'TYPE'} eq 'net') { + $confighash{$key}[6] = $cgiparams{'SIDE'}; + $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; + } $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; $confighash{$key}[10] = $cgiparams{'REMOTE'}; $confighash{$key}[25] = $cgiparams{'REMARK'}; @@ -2333,7 +2936,7 @@ END } print "
"; - print ""; + print ""; if ($cgiparams{'KEY'}) { print ""; @@ -2343,6 +2946,7 @@ END &Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:"); print "\n"; print ""; + if ($cgiparams{'TYPE'} eq 'host') { if ($cgiparams{'KEY'}) { print "\n"; } else { @@ -2358,12 +2962,49 @@ END # print ""; # print ""; # print <"; + if ($cgiparams{'KEY'}) { + print ""; + } else { + print ""; + } + print <  + + + + + + + + + + + + + + + + + + + + + +END + ; + } print ""; print ""; -# if ($cgiparams{'TYPE'} eq 'net') { - print "\n"; - + if ($cgiparams{'TYPE'} eq 'host') { + + print "\n"; + } + # if ($cgiparams{'KEY'}) { # print "
$Lang::tr{'name'}:$cgiparams{'NAME'}
$cgiparams{'NAME'} 
$Lang::tr{'Act as'}$Lang::tr{'remote host/ip'}:
$Lang::tr{'local subnet'}$Lang::tr{'remote subnet'}
$Lang::tr{'ovpn subnet'}
$Lang::tr{'protocol'}$Lang::tr{'destination port'}:
$Lang::tr{'comp-lzo'}
$Lang::tr{'MTU'} 
$Lang::tr{'remark title'} 
$Lang::tr{'enabled'}
$Lang::tr{'enabled'}  
"; # } else { @@ -2394,41 +3035,54 @@ END if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" }; if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" }; &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'}); - print < - - $Lang::tr{'upload a certificate request'} - - - $Lang::tr{'upload a certificate'} + $Lang::tr{'upload a certificate request'} + $Lang::tr{'upload a certificate'} - - $Lang::tr{'generate a certificate'}  -   - $Lang::tr{'users fullname or system hostname'}: - -   - $Lang::tr{'users email'}:  - -   - $Lang::tr{'users department'}:  - -   - $Lang::tr{'organization name'}:  - -   - $Lang::tr{'city'}:  - -   - $Lang::tr{'state or province'}:  - -   - $Lang::tr{'country'}: - $Lang::tr{'generate a certificate'}  +  $Lang::tr{'users fullname or system hostname'}: +  $Lang::tr{'users email'}:  +  $Lang::tr{'users department'}:  +  $Lang::tr{'organization name'}:  +  $Lang::tr{'city'}:  +  $Lang::tr{'state or province'}:  +  $Lang::tr{'country'}:$Lang::tr{'generate a certificate'}  +  $Lang::tr{'users fullname or system hostname'}: +  $Lang::tr{'users email'}:  +  $Lang::tr{'users department'}:  +  $Lang::tr{'organization name'}:  +  $Lang::tr{'city'}:  +  $Lang::tr{'state or province'}:  +  $Lang::tr{'country'}: - -   + + $Lang::tr{'valid till'} (days): + +   $Lang::tr{'pkcs12 file password'}:  $Lang::tr{'pkcs12 file password'}:
($Lang::tr{'confirmation'}) - + +END +}else{ + print < +     +     + + END +} + +### +# m.a.d Disbale pkcs-password for n2n connections end +### ; &Header::closebox(); } @@ -2517,9 +3187,6 @@ END $checked{'ENABLED_ORANGE'}{'off'} = ''; $checked{'ENABLED_ORANGE'}{'on'} = ''; $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED'; - - -#new settings $selected{'DDEVICE'}{'tun'} = ''; $selected{'DDEVICE'}{'tap'} = ''; $selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED'; @@ -2791,8 +3458,15 @@ END print "
\n"; } if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) { + +### +# m.a.d Client Status Table +### + &Header::openbox('100%', 'LEFT', $Lang::tr{'Client status and controlc' }); print < $Lang::tr{'name'} @@ -2827,13 +3501,23 @@ END $cavalid = $1; print "$cavalid"; print "$confighash{$key}[25]"; + my $active = "
$Lang::tr{'capsclosed'}
"; + if ($confighash{$key}[0] eq 'off') { $active = "
$Lang::tr{'capsclosed'}
"; } else { + +### +# m.a.d net2net Status +### + + if ($confighash{$cgiparams{'KEY'}}[3] eq 'host'){ + my $cn; - my @match = (); + my @match = (); foreach my $line (@status) { + chomp($line); if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) { @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line); @@ -2842,11 +3526,36 @@ END } $cn =~ s/[_]/ /g; if ($cn eq "$confighash{$key}[2]") { - $active = "
$Lang::tr{'capsopen'}
"; + $active = "
$Lang::tr{'capsclosed'}
"; } - } - } + } + } + } else { + my @tempovpnsubnet = split("\/",$confighash{$key}[27]); + my @ovpnip = split /\./,$tempovpnsubnet[0]; + my $pingip = ""; + + if ($confighash{$key}[6] eq 'server') { + $pingip = "$ovpnip[0].$ovpnip[1].$ovpnip[2].2"; + } else { + $pingip = "$ovpnip[0].$ovpnip[1].$ovpnip[2].1"; + } + + my $p = Net::Ping->new("udp",1); + + if ($p->ping($pingip)) { + $active = "
$Lang::tr{'capsopen'}
"; + } + $p->close(); + + } } + +### +# m.a.d net2net Status end +### + + my $disable_clientdl = "disabled='disabled'"; if (( $cgiparams{'ENABLED'} eq 'on') || ( $cgiparams{'ENABLED_BLUE'} eq 'on') || @@ -2958,3 +3667,6 @@ END &Header::closebox(); } &Header::closepage(); + + +