From 8c877a82f6a63e07e2dde8d55c6e0db4893bf73d Mon Sep 17 00:00:00 2001 From: Alexander Marx Date: Fri, 16 Nov 2012 17:02:15 +0100 Subject: [PATCH] OpenVPN: Add CCD configuration GUI. --- config/cfgroot/general-functions.pl | 204 ++++- doc/language_issues.de | 3 + doc/language_issues.en | 2 + doc/language_issues.es | 39 + doc/language_issues.fr | 35 + doc/language_issues.pl | 39 + doc/language_issues.ru | 35 + doc/language_missings | 161 ++++ html/cgi-bin/ovpnmain.cgi | 1219 ++++++++++++++++++++++----- langs/de/cgi-bin/de.pl | 38 + langs/en/cgi-bin/en.pl | 39 +- 11 files changed, 1585 insertions(+), 229 deletions(-) mode change 100644 => 100755 html/cgi-bin/ovpnmain.cgi diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 567f2e104..c6a6a7c1b 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -18,8 +18,7 @@ use strict; use Socket; use IO::Socket; use Net::SSLeay; -use Net::IPv4Addr; - +use Net::IPv4Addr qw(:all); $|=1; # line buffering $General::version = 'VERSION'; @@ -212,19 +211,175 @@ sub validipormask return &validmask($mask); } -sub validipandmask +sub subtocidr { - my $ipandmask = $_[0]; + #gets: Subnet in decimal (255.255.255.0) + #Gives: 24 (The cidr of network) + my ($byte1, $byte2, $byte3, $byte4) = split(/\./, $_[0].".0.0.0.0"); + my $num = ($byte1 * 16777216) + ($byte2 * 65536) + ($byte3 * 256) + $byte4; + my $bin = unpack("B*", pack("N", $num)); + my $count = ($bin =~ tr/1/1/); + return $count; +} - # split it into number and mask. - if (!($ipandmask =~ /^(.*?)\/(.*?)$/)) { - return 0; } - my $ip = $1; - my $mask = $2; - # first part not a ip? - if (!(&validip($ip))) { - return 0; } - return &validmask($mask); +sub cidrtosub +{ + #gets: Cidr of network (20-30 for ccd) + #Konverts 30 to 255.255.255.252 e.g + my $cidr=$_[0]; + my $netmask = &Net::IPv4Addr::ipv4_cidr2msk($cidr); + return "$netmask"; +} + +sub iporsubtodec +{ + #Gets: Ip address or subnetmask in decimal oder CIDR + #Gives: What it gets only in CIDR format + my $subnet=$_[0]; + my $net; + my $mask; + my $full=0; + if ($subnet =~ /^(.*?)\/(.*?)$/) { + ($net,$mask) = split (/\//,$subnet); + $full=1; + return "$subnet"; + }else{ + $mask=$subnet; + } + #Subnet already in decimal and valid? + if ($mask=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ &&(($1<=255 && $2<=$1 && $3<=$2 && $4<=$3 ))) { + for (my $i=8;$i<=32;$i++){ + if (&General::cidrtosub($i) eq $mask){ + if ($full == 0){return $mask;}else{ + return $net."/".$mask; + } + } + } + } + #Subnet in binary format? + if ($mask=~/^(\d{1,2})$/ && (($1<=32 && $1>=8))){ + if($full == 0){ return &General::cidrtosub($mask);}else{ + return $net."/".&General::cidrtosub($mask); + } + }else{ + return 3; + } + return 3; +} + + +sub iporsubtocidr +{ + #gets: Ip Address or subnetmask in decimal oder CIDR + #Gives: What it gets only in CIDR format + my $subnet=$_[0]; + my $net; + my $mask; + my $full=0; + if ($subnet =~ /^(.*?)\/(.*?)$/) { + ($net,$mask) = split (/\//,$subnet); + $full=1; + }else{ + $mask=$subnet; + } + #Subnet in decimal and valid? + if ($mask=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ &&(($1<=255 && $2<=$1 && $3<=$2 && $4<=$3 ))) { + for (my $i=8;$i<=32;$i++){ + if (&General::cidrtosub($i) eq $mask){ + if ($full == 0){return &General::subtocidr($mask);}else{ + return $net."/".&General::subtocidr($mask); + } + } + } + } + #Subnet already in binary format? + if ($mask=~/^(\d{1,2})$/ && (($1<=32 && $1>=8))){ + if($full == 0){ return $mask;}else{ + return $net."/".$mask; + } + }else{ + return 3; + } + return 3; +} + +sub getnetworkip +{ + #Gets: IP, CIDR (10.10.10.0-255, 24) + #Gives: 10.10.10.0 + my ($ccdip,$ccdsubnet) = @_; + my $ip_address_binary = inet_aton( $ccdip ); + my $netmask_binary = ~pack("N", (2**(32-$ccdsubnet))-1); + my $network_address = inet_ntoa( $ip_address_binary & $netmask_binary ); + return $network_address; +} + +sub getccdbc +{ + #Gets: IP in Form ("192.168.0.0/24") + #Gives: Broadcastaddress of network + my $ccdnet=$_; + my ($ccdip,$ccdsubnet) = split "/",$ccdnet; + my $ip_address_binary = inet_aton( $ccdip ); + my $netmask_binary = ~pack("N", (2**(32-$ccdsubnet))-1); + my $broadcast_address = inet_ntoa( $ip_address_binary | ~$netmask_binary ); + return $broadcast_address; +} +sub getnextip +{ + my ($byte1,$byte2,$byte3,$byte4) = split (/\./,$_[0]); + my $step=$_[1]; + for (my $x=1;$x<=$step;$x++){ + $byte4++; + if($byte4==255){ $byte4=0;$byte3++;} + if($byte3==255){$byte3=0;$byte2++;} + if ($byte2==255){$byte2=0;$byte1++} + + } + return "$byte1.$byte2.$byte3.$byte4"; +} +sub getlastip +{ + my ($byte1,$byte2,$byte3,$byte4) = split (/\./,$_[0]); + my $step=$_[1]; + for (my $x=$step;$x>=1;$x--){ + $byte4--; + if($byte4==0){ $byte4=255;$byte3--;} + if($byte3==0){$byte3=255;$byte2--;} + if ($byte2==0){$byte2=255;$byte1--} + } + return "$byte1.$byte2.$byte3.$byte4"; +} + +sub validipandmask +{ + #Gets: Ip address in 192.168.0.0/24 or 192.168.0.0/255.255.255.0 and checks if subnet valid + #Gives: True bzw 0 if success or false + my $ccdnet=$_[0]; + my $subcidr; + + if (!($ccdnet =~ /^(.*?)\/(.*?)$/)) { + return 0; + } + my ($ccdip,$ccdsubnet)=split (/\//, $ccdnet); + #IP valid? + if ($ccdip=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ &&(($1>0 && $1<=255 && $2>=0 && $2<=255 && $3>=0 && $3<=255 && $4<=255 ))) { + #Subnet in decimal and valid? + if ($ccdsubnet=~/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ &&(($1<=255 && $2<=$1 && $3<=$2 && $4<=$3 ))) { + for (my $i=8;$i<=30;$i++){ + if (&General::cidrtosub($i) eq $ccdsubnet){ + return 1; + } + } + #Subnet already in binary format? + }elsif ($ccdsubnet=~/^(\d{1,2})$/ && (($1<=30 && $1>=8))){ + return 1; + }else{ + return 0; + } + + } + return 0; } sub validport @@ -276,7 +431,7 @@ sub validhostname if (length ($hostname) < 1 || length ($hostname) > 63) { return 0;} # Only valid characters are a-z, A-Z, 0-9 and - - if ($hostname !~ /^[a-zA-Z0-9-]*$/) { + if ($hostname !~ /^[a-zA-Z0-9-\s]*$/) { return 0;} # First character can only be a letter or a digit if (substr ($hostname, 0, 1) !~ /^[a-zA-Z0-9]*$/) { @@ -407,7 +562,12 @@ sub NextIP ) ); } - +sub NextIP2 +{ + return &Socket::inet_ntoa( pack("N", 4 + unpack('N', &Socket::inet_aton(shift)) + ) + ); +} sub ipcidr { my ($ip,$cidr) = &Net::IPv4Addr::ipv4_parse(shift); @@ -465,13 +625,13 @@ sub writehasharray { open(FILE, ">$filename") or die "Unable to write to file $filename"; foreach $key (keys %$hash) { - if ($key =~ /^[0-9]+$/) { - print FILE "$key"; - foreach $i (0 .. $#{$hash->{$key}}) { - print FILE ",$hash->{$key}[$i]"; - } - print FILE "\n"; - } + if ($key =~ /^[0-9]+$/) { + print FILE "$key"; + foreach $i (0 .. $#{$hash->{$key}}) { + print FILE ",$hash->{$key}[$i]"; + } + print FILE "\n"; + } } close FILE; return; diff --git a/doc/language_issues.de b/doc/language_issues.de index 5a42ae50e..137217c99 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -68,6 +68,9 @@ WARNING: translation string unused: cache size WARNING: translation string unused: calamaris report interval (in minutes) WARNING: translation string unused: calc traffic all x minutes WARNING: translation string unused: capsinactive +WARNING: translation string unused: ccd err iroute +WARNING: translation string unused: ccd err netadr +WARNING: translation string unused: ccd maxclients WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config diff --git a/doc/language_issues.en b/doc/language_issues.en index 6d6a2a66d..68fef77be 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -87,6 +87,8 @@ WARNING: translation string unused: cache size WARNING: translation string unused: calamaris report interval (in minutes) WARNING: translation string unused: calc traffic all x minutes WARNING: translation string unused: capsinactive +WARNING: translation string unused: ccd err iroute +WARNING: translation string unused: ccd err netadr WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config diff --git a/doc/language_issues.es b/doc/language_issues.es index 6bcbf8621..968e32179 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -500,7 +500,41 @@ WARNING: untranslated string: Async logging enabled WARNING: untranslated string: Scan for Songs WARNING: untranslated string: Set time on boot WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: attention WARNING: untranslated string: bytes +WARNING: untranslated string: ccd add +WARNING: untranslated string: ccd choose net +WARNING: untranslated string: ccd client options +WARNING: untranslated string: ccd clientip +WARNING: untranslated string: ccd dynrange +WARNING: untranslated string: ccd err blue +WARNING: untranslated string: ccd err green +WARNING: untranslated string: ccd err hostinnet +WARNING: untranslated string: ccd err inuse +WARNING: untranslated string: ccd err invalidname +WARNING: untranslated string: ccd err invalidnet +WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isovpnnet +WARNING: untranslated string: ccd err issubnet +WARNING: untranslated string: ccd err name +WARNING: untranslated string: ccd err nameexist +WARNING: untranslated string: ccd err netadrexist +WARNING: untranslated string: ccd err orange +WARNING: untranslated string: ccd err red +WARNING: untranslated string: ccd err routeovpn +WARNING: untranslated string: ccd err routeovpn2 +WARNING: untranslated string: ccd hint +WARNING: untranslated string: ccd invalid +WARNING: untranslated string: ccd iroute +WARNING: untranslated string: ccd iroute2 +WARNING: untranslated string: ccd iroutehint +WARNING: untranslated string: ccd modify +WARNING: untranslated string: ccd name +WARNING: untranslated string: ccd net +WARNING: untranslated string: ccd none +WARNING: untranslated string: ccd routes +WARNING: untranslated string: ccd subnet +WARNING: untranslated string: ccd used WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: fireinfo ipfire version WARNING: untranslated string: fireinfo is disabled @@ -546,11 +580,16 @@ WARNING: untranslated string: outgoing firewall p2p description 2 WARNING: untranslated string: outgoing firewall p2p description 3 WARNING: untranslated string: outgoing firewall reserved groupname WARNING: untranslated string: outgoing firewall view group +WARNING: untranslated string: ovpn errmsg green already pushed +WARNING: untranslated string: ovpn errmsg invalid ip or mask +WARNING: untranslated string: ovpn routes push +WARNING: untranslated string: ovpn routes push options WARNING: untranslated string: pakfire ago WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: server restart WARNING: untranslated string: static routes WARNING: untranslated string: system information WARNING: untranslated string: visit us at diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 189932fab..1c37b1731 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -499,7 +499,41 @@ WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: Scan for Songs WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: attention WARNING: untranslated string: bytes +WARNING: untranslated string: ccd add +WARNING: untranslated string: ccd choose net +WARNING: untranslated string: ccd client options +WARNING: untranslated string: ccd clientip +WARNING: untranslated string: ccd dynrange +WARNING: untranslated string: ccd err blue +WARNING: untranslated string: ccd err green +WARNING: untranslated string: ccd err hostinnet +WARNING: untranslated string: ccd err inuse +WARNING: untranslated string: ccd err invalidname +WARNING: untranslated string: ccd err invalidnet +WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isovpnnet +WARNING: untranslated string: ccd err issubnet +WARNING: untranslated string: ccd err name +WARNING: untranslated string: ccd err nameexist +WARNING: untranslated string: ccd err netadrexist +WARNING: untranslated string: ccd err orange +WARNING: untranslated string: ccd err red +WARNING: untranslated string: ccd err routeovpn +WARNING: untranslated string: ccd err routeovpn2 +WARNING: untranslated string: ccd hint +WARNING: untranslated string: ccd invalid +WARNING: untranslated string: ccd iroute +WARNING: untranslated string: ccd iroute2 +WARNING: untranslated string: ccd iroutehint +WARNING: untranslated string: ccd modify +WARNING: untranslated string: ccd name +WARNING: untranslated string: ccd net +WARNING: untranslated string: ccd none +WARNING: untranslated string: ccd routes +WARNING: untranslated string: ccd subnet +WARNING: untranslated string: ccd used WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: dns address deleted txt WARNING: untranslated string: fireinfo ipfire version @@ -539,6 +573,7 @@ WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: server restart WARNING: untranslated string: snort working WARNING: untranslated string: static routes WARNING: untranslated string: system information diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 6bcbf8621..968e32179 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -500,7 +500,41 @@ WARNING: untranslated string: Async logging enabled WARNING: untranslated string: Scan for Songs WARNING: untranslated string: Set time on boot WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: attention WARNING: untranslated string: bytes +WARNING: untranslated string: ccd add +WARNING: untranslated string: ccd choose net +WARNING: untranslated string: ccd client options +WARNING: untranslated string: ccd clientip +WARNING: untranslated string: ccd dynrange +WARNING: untranslated string: ccd err blue +WARNING: untranslated string: ccd err green +WARNING: untranslated string: ccd err hostinnet +WARNING: untranslated string: ccd err inuse +WARNING: untranslated string: ccd err invalidname +WARNING: untranslated string: ccd err invalidnet +WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isovpnnet +WARNING: untranslated string: ccd err issubnet +WARNING: untranslated string: ccd err name +WARNING: untranslated string: ccd err nameexist +WARNING: untranslated string: ccd err netadrexist +WARNING: untranslated string: ccd err orange +WARNING: untranslated string: ccd err red +WARNING: untranslated string: ccd err routeovpn +WARNING: untranslated string: ccd err routeovpn2 +WARNING: untranslated string: ccd hint +WARNING: untranslated string: ccd invalid +WARNING: untranslated string: ccd iroute +WARNING: untranslated string: ccd iroute2 +WARNING: untranslated string: ccd iroutehint +WARNING: untranslated string: ccd modify +WARNING: untranslated string: ccd name +WARNING: untranslated string: ccd net +WARNING: untranslated string: ccd none +WARNING: untranslated string: ccd routes +WARNING: untranslated string: ccd subnet +WARNING: untranslated string: ccd used WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: fireinfo ipfire version WARNING: untranslated string: fireinfo is disabled @@ -546,11 +580,16 @@ WARNING: untranslated string: outgoing firewall p2p description 2 WARNING: untranslated string: outgoing firewall p2p description 3 WARNING: untranslated string: outgoing firewall reserved groupname WARNING: untranslated string: outgoing firewall view group +WARNING: untranslated string: ovpn errmsg green already pushed +WARNING: untranslated string: ovpn errmsg invalid ip or mask +WARNING: untranslated string: ovpn routes push +WARNING: untranslated string: ovpn routes push options WARNING: untranslated string: pakfire ago WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: server restart WARNING: untranslated string: static routes WARNING: untranslated string: system information WARNING: untranslated string: visit us at diff --git a/doc/language_issues.ru b/doc/language_issues.ru index e25d81de4..c1c87ee97 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -491,7 +491,41 @@ WARNING: untranslated string: Add a route WARNING: untranslated string: Edit an existing route WARNING: untranslated string: Scan for Songs WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: attention WARNING: untranslated string: bytes +WARNING: untranslated string: ccd add +WARNING: untranslated string: ccd choose net +WARNING: untranslated string: ccd client options +WARNING: untranslated string: ccd clientip +WARNING: untranslated string: ccd dynrange +WARNING: untranslated string: ccd err blue +WARNING: untranslated string: ccd err green +WARNING: untranslated string: ccd err hostinnet +WARNING: untranslated string: ccd err inuse +WARNING: untranslated string: ccd err invalidname +WARNING: untranslated string: ccd err invalidnet +WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isovpnnet +WARNING: untranslated string: ccd err issubnet +WARNING: untranslated string: ccd err name +WARNING: untranslated string: ccd err nameexist +WARNING: untranslated string: ccd err netadrexist +WARNING: untranslated string: ccd err orange +WARNING: untranslated string: ccd err red +WARNING: untranslated string: ccd err routeovpn +WARNING: untranslated string: ccd err routeovpn2 +WARNING: untranslated string: ccd hint +WARNING: untranslated string: ccd invalid +WARNING: untranslated string: ccd iroute +WARNING: untranslated string: ccd iroute2 +WARNING: untranslated string: ccd iroutehint +WARNING: untranslated string: ccd modify +WARNING: untranslated string: ccd name +WARNING: untranslated string: ccd net +WARNING: untranslated string: ccd none +WARNING: untranslated string: ccd routes +WARNING: untranslated string: ccd subnet +WARNING: untranslated string: ccd used WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: disk access per WARNING: untranslated string: extrahd because there is already a device mounted @@ -520,6 +554,7 @@ WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: server restart WARNING: untranslated string: static routes WARNING: untranslated string: visit us at WARNING: untranslated string: vpn keyexchange diff --git a/doc/language_missings b/doc/language_missings index 55e0e407b..a6a29fbe2 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -4,6 +4,7 @@ ############################################################################ # Checking cgi-bin translations for language: en # ############################################################################ +< ccd maxclients ############################################################################ # Checking install/setup translations for language: fr # ############################################################################ @@ -11,6 +12,43 @@ # Checking cgi-bin translations for language: fr # ############################################################################ < advproxy errmsg invalid upstream proxy +< attention +< ccd add +< ccd choose net +< ccd clientip +< ccd client options +< ccd dynrange +< ccd err blue +< ccd err green +< ccd err hostinnet +< ccd err inuse +< ccd err invalidname +< ccd err invalidnet +< ccd err iroute +< ccd err irouteexist +< ccd err isovpnnet +< ccd err issubnet +< ccd err name +< ccd err nameexist +< ccd err netadr +< ccd err netadrexist +< ccd err orange +< ccd err red +< ccd err routeovpn +< ccd err routeovpn2 +< ccd hint +< ccd invalid +< ccd iroute +< ccd iroute2 +< ccd iroutehint +< ccd maxclients +< ccd modify +< ccd name +< ccd net +< ccd none +< ccd routes +< ccd subnet +< ccd used < deprecated fs warn < dns address deleted txt < fireinfo ipfire version @@ -45,6 +83,7 @@ < openvpn subnet is used < other < our donors +< server restart < snort working < static routes < system information @@ -81,6 +120,43 @@ ############################################################################ < advproxy errmsg invalid upstream proxy < Async logging enabled +< attention +< ccd add +< ccd choose net +< ccd clientip +< ccd client options +< ccd dynrange +< ccd err blue +< ccd err green +< ccd err hostinnet +< ccd err inuse +< ccd err invalidname +< ccd err invalidnet +< ccd err iroute +< ccd err irouteexist +< ccd err isovpnnet +< ccd err issubnet +< ccd err name +< ccd err nameexist +< ccd err netadr +< ccd err netadrexist +< ccd err orange +< ccd err red +< ccd err routeovpn +< ccd err routeovpn2 +< ccd hint +< ccd invalid +< ccd iroute +< ccd iroute2 +< ccd iroutehint +< ccd maxclients +< ccd modify +< ccd name +< ccd net +< ccd none +< ccd routes +< ccd subnet +< ccd used < deprecated fs warn < fireinfo ipfire version < fireinfo is disabled @@ -126,6 +202,11 @@ < outgoing firewall p2p description 2 < outgoing firewall p2p description 3 < outgoing firewall view group +< ovpn errmsg green already pushed +< ovpn errmsg invalid ip or mask +< ovpn routes push +< ovpn routes push options +< server restart < Set time on boot < static routes < system information @@ -138,6 +219,43 @@ # Checking cgi-bin translations for language: pl # ############################################################################ < advproxy errmsg invalid upstream proxy +< attention +< ccd add +< ccd choose net +< ccd clientip +< ccd client options +< ccd dynrange +< ccd err blue +< ccd err green +< ccd err hostinnet +< ccd err inuse +< ccd err invalidname +< ccd err invalidnet +< ccd err iroute +< ccd err irouteexist +< ccd err isovpnnet +< ccd err issubnet +< ccd err name +< ccd err nameexist +< ccd err netadr +< ccd err netadrexist +< ccd err orange +< ccd err red +< ccd err routeovpn +< ccd err routeovpn2 +< ccd hint +< ccd invalid +< ccd iroute +< ccd iroute2 +< ccd iroutehint +< ccd maxclients +< ccd modify +< ccd name +< ccd net +< ccd none +< ccd routes +< ccd subnet +< ccd used < deprecated fs warn < extrahd because there is already a device mounted < extrahd cant umount @@ -161,6 +279,11 @@ < openvpn subnet is used < other < our donors +< ovpn errmsg green already pushed +< ovpn errmsg invalid ip or mask +< ovpn routes push +< ovpn routes push options +< server restart < static routes < visit us at < vpn keyexchange @@ -172,6 +295,43 @@ ############################################################################ < Add a route < advproxy errmsg invalid upstream proxy +< attention +< ccd add +< ccd choose net +< ccd clientip +< ccd client options +< ccd dynrange +< ccd err blue +< ccd err green +< ccd err hostinnet +< ccd err inuse +< ccd err invalidname +< ccd err invalidnet +< ccd err iroute +< ccd err irouteexist +< ccd err isovpnnet +< ccd err issubnet +< ccd err name +< ccd err nameexist +< ccd err netadr +< ccd err netadrexist +< ccd err orange +< ccd err red +< ccd err routeovpn +< ccd err routeovpn2 +< ccd hint +< ccd invalid +< ccd iroute +< ccd iroute2 +< ccd iroutehint +< ccd maxclients +< ccd modify +< ccd name +< ccd net +< ccd none +< ccd routes +< ccd subnet +< ccd used < day-graph < deprecated fs warn < disk access per @@ -203,6 +363,7 @@ < other < our donors < outgoing traffic in bytes per second +< server restart < static routes < visit us at < vpn keyexchange diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi old mode 100644 new mode 100755 index 990fe6600..baabe8b38 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -36,10 +36,10 @@ require "${General::swroot}/header.pl"; require "${General::swroot}/countries.pl"; # enable only the following on debugging purpose -use warnings; -use CGI::Carp 'fatalsToBrowser'; +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; #workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::colourgreen} ); +my @dummy = ( ${Header::colourgreen}, ${Header::colourblue} ); undef (@dummy); my %color = (); @@ -77,8 +77,12 @@ $cgiparams{'DHCP_WINS'} = ''; $cgiparams{'ROUTES_PUSH'} = ''; $cgiparams{'DCOMPLZO'} = 'off'; $cgiparams{'MSSFIX'} = ''; +$cgiparams{'number'} = ''; $routes_push_file = "${General::swroot}/ovpn/routes_push"; unless (-e $routes_push_file) { system("touch $routes_push_file"); } +unless (-e "${General::swroot}/ovpn/ccd.conf") { system("touch ${General::swroot}/ovpn/ccd.conf"); } +unless (-e "${General::swroot}/ovpn/ccdroute") { system("touch ${General::swroot}/ovpn/ccdroute"); } +unless (-e "${General::swroot}/ovpn/ccdroute2") { system("touch ${General::swroot}/ovpn/ccdroute2"); } &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'}); @@ -342,18 +346,35 @@ sub writeserverconf { print CONF "dh /var/ipfire/ovpn/ca/dh1024.pem\n"; my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'}); print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n"; - print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n"; + #print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n"; if ($vpnsettings{'ROUTES_PUSH'} ne '') { - @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'}); - foreach (@temp) - { - @tempovpnsubnet = split("\/",&General::ipcidr2msk($_)); - print CONF "push \"route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . "\"\n"; + @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'}); + foreach (@temp) + { + @tempovpnsubnet = split("\/",&General::ipcidr2msk($_)); + print CONF "push \"route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . "\"\n"; + } } - } +# a.marx ccd + my %ccdconfhash=(); + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + foreach my $key (keys %ccdconfhash) { + my $a=$ccdconfhash{$key}[1]; + my ($b,$c) = split (/\//, $a); + print CONF "route $b ".&General::cidrtosub($c)."\n"; + } + my %ccdroutehash=(); + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + foreach my $key (keys %ccdroutehash) { + foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){ + my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]); + print CONF "route $a $b\n"; + } + } +# ccd end - if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { + if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { print CONF "client-to-client\n"; } if ($sovpnsettings{MSSFIX} eq 'on') { @@ -407,7 +428,7 @@ sub writeserverconf { close(CONF); } -# + sub emptyserverlog{ if (open(FILE, ">/var/log/ovpnserver.log")) { flock FILE, 2; @@ -417,6 +438,281 @@ sub emptyserverlog{ } +sub delccdnet +{ + my %ccdconfhash = (); + my %ccdhash = (); + my $ccdnetname=$_[0]; + if (-f "${General::swroot}/ovpn/ovpnconfig"){ + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); + foreach my $key (keys %ccdhash) { + if ($ccdhash{$key}[32] eq $ccdnetname) { + $errormessage=$Lang::tr{'ccd err hostinnet'}; + return; + } + } + } + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + foreach my $key (keys %ccdconfhash) { + if ($ccdconfhash{$key}[0] eq $ccdnetname){ + delete $ccdconfhash{$key}; + } + } + &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + + &writeserverconf; + return 0; +} + +sub addccdnet +{ + my %ccdconfhash=(); + my @ccdconf=(); + my $ccdname=$_[0]; + my $ccdnet=$_[1]; + my $ovpnsubnet=$_[2]; + my $subcidr; + my @ip2=(); + my $checkup; + my $ccdip; + my $baseaddress; + if(!&General::validhostname($ccdname)){ + $errormessage=$Lang::tr{'ccd err invalidname'}; + return; + } + #check ip + if (&General::validipandmask($ccdnet)){ + $ccdnet=&General::iporsubtocidr($ccdnet); + }else{ + $errormessage=$Lang::tr{'ccd err invalidnet'}; + return; + } + ($ccdip,$subcidr) = split (/\//,$ccdnet); + if ($ccdname eq '') { + $errormessage=$errormessage.$Lang::tr{'ccd err name'}."
"; + } + #check if we try to use same network as ovpn server + if (&General::iporsubtocidr($ccdnet) eq &General::iporsubtocidr($ovpnsubnet)) { + $errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."
"; + } + + #check if we use a name/subnet that already exists + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + foreach my $key (keys %ccdconfhash) { + @ccdconf=split(/\//,$ccdconfhash{$key}[1]); + if ($ccdname eq $ccdconfhash{$key}[0]) {$errormessage=$errormessage.$Lang::tr{'ccd err nameexist'}."
";} + my ($newip,$newsub) = split(/\//,$ccdnet); + if (&General::IpInSubnet($newip,$ccdconf[0],&General::iporsubtodec($ccdconf[1]))) {$errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."
";} + + } + #check if we use one of ipfire's networks (green,orange,blue) + my %ownnet=(); + &General::readhash("${General::swroot}/ethernet/settings", \%ownnet); + if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err green'};} + if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err orange'};} + if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err blue'};} + if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'RED_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err red'};} + + + if (!$errormessage) { + my %ccdconfhash=(); + $baseaddress=&General::getnetworkip($ccdip,$subcidr); + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + my $key = &General::findhasharraykey (\%ccdconfhash); + foreach my $i (0 .. 1) { $ccdconfhash{$key}[$i] = "";} + $ccdconfhash{$key}[0] = $ccdname; + $ccdconfhash{$key}[1] = $baseaddress."/".$subcidr; + &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + &writeserverconf; + $cgiparams{'ccdname'}=''; + $cgiparams{'ccdsubnet'}=''; + return 1; + } +} + +sub modccdnet +{ + + my $newname=$_[0]; + my $oldname=$_[1]; + my %ccdconfhash=(); + my %ccdhash=(); + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + foreach my $key (keys %ccdconfhash) { + if ($ccdconfhash{$key}[0] eq $oldname) { + foreach my $key1 (keys %ccdconfhash) { + if ($ccdconfhash{$key1}[0] eq $newname){ + $errormessage=$errormessage.$Lang::tr{'ccd err netadrexist'}; + return; + }else{ + $ccdconfhash{$key}[0]= $newname; + &General::writehasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + last; + } + } + } + } + + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); + foreach my $key (keys %ccdhash) { + if ($ccdhash{$key}[32] eq $oldname) { + $ccdhash{$key}[32]=$newname; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); + last; + } + } + + return 0; +} +sub ccdmaxclients +{ + my $ccdnetwork=$_[0]; + my @octets=(); + my @subnet=(); + @octets=split("\/",$ccdnetwork); + @subnet= split /\./, &General::cidrtosub($octets[1]); + my ($a,$b,$c,$d,$e); + $a=256-$subnet[0]; + $b=256-$subnet[1]; + $c=256-$subnet[2]; + $d=256-$subnet[3]; + $e=($a*$b*$c*$d)/4; + return $e-1; +} + +sub getccdadresses +{ + my $ipin=$_[0]; + my ($ip1,$ip2,$ip3,$ip4)=split /\./, $ipin; + my $cidr=$_[1]; + chomp($cidr); + my $count=$_[2]; + my $hasip=$_[3]; + chomp($hasip); + my @iprange=(); + my %ccdhash=(); + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); + $iprange[0]=$ip1.".".$ip2.".".$ip3.".".2; + for (my $i=0;$i<=$count-1;$i++) { + my $tmpip=$iprange[$i-1]; + my $stepper=$i*4; + $iprange[$i]= &General::getnextip($tmpip,4); + } + my $r=0; + foreach my $key (keys %ccdhash) { + $r=0; + foreach my $tmp (@iprange){ + my ($net,$sub) = split (/\//,$ccdhash{$key}[33]); + if ($net eq $tmp) { + if ( $hasip ne $ccdhash{$key}[33] ){ + splice (@iprange,$r,1); + } + } + $r++; + } + } + return @iprange; +} + +sub fillselectbox +{ + my $boxname=$_[1]; + my ($ccdip,$subcidr) = split("/",$_[0]); + my $tz=$_[2]; + my @allccdips=&getccdadresses($ccdip,$subcidr,&ccdmaxclients($ccdip."/".$subcidr),$tz); + print""; +} + +sub hostsinnet +{ + my $name=$_[0]; + my %ccdhash=(); + my $i=0; + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash); + foreach my $key (keys %ccdhash) { + if ($ccdhash{$key}[32] eq $name){ $i++;} + } + return $i; +} + +sub check_routes_push +{ + my $val=$_[0]; + my ($ip,$cidr) = split (/\//, $val); + ##check for existing routes in routes_push + if (-e "${General::swroot}/ovpn/routes_push") { + open(FILE,"${General::swroot}/ovpn/routes_push"); + while () { + $_=~s/\s*$//g; + + my ($ip2,$cidr2) = split (/\//,"$_"); + my $val2=$ip2."/".&General::iporsubtodec($cidr2); + + if($val eq $val2){ + return 0; + } + #subnetcheck + if (&General::IpInSubnet ($ip,$ip2,&General::iporsubtodec($cidr2))){ + return 0; + } + }; + close(FILE); + } + return 1; +} + +sub check_ccdroute +{ + my %ccdroutehash=(); + my $val=$_[0]; + my ($ip,$cidr) = split (/\//, $val); + #check for existing routes in ccdroute + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + foreach my $key (keys %ccdroutehash) { + foreach my $i (1 .. $#{$ccdroutehash{$key}}) { + if (&General::iporsubtodec($val) eq $ccdroutehash{$key}[$i] && $ccdroutehash{$key}[0] ne $cgiparams{'NAME'}){ + return 0; + } + my ($ip2,$cidr2) = split (/\//,$ccdroutehash{$key}[$i]); + #subnetcheck + if (&General::IpInSubnet ($ip,$ip2,$cidr2)&& $ccdroutehash{$key}[0] ne $cgiparams{'NAME'} ){ + return 0; + } + } + } + return 1; +} +sub check_ccdconf +{ + my %ccdconfhash=(); + my $val=$_[0]; + my ($ip,$cidr) = split (/\//, $val); + #check for existing routes in ccdroute + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + foreach my $key (keys %ccdconfhash) { + if (&General::iporsubtocidr($val) eq $ccdconfhash{$key}[1]){ + return 0; + } + my ($ip2,$cidr2) = split (/\//,$ccdconfhash{$key}[1]); + #subnetcheck + if (&General::IpInSubnet ($ip,$ip2,&General::cidrtosub($cidr2))){ + return 0; + } + + } + return 1; +} + ### # m.a.d net2net ### @@ -451,6 +747,7 @@ sub read_routepushfile while () { $vpnsettings{'ROUTES_PUSH'} .= $_ }; close(FILE); $cgiparams{'ROUTES_PUSH'} = $vpnsettings{'ROUTES_PUSH'}; + } } @@ -490,11 +787,11 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'} || &emptyserverlog(); } # #restart openvpn server - if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){ +# if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){ #workarund, till SIGHUP also works when running as nobody - system('/usr/local/bin/openvpnctrl', '-r'); - &emptyserverlog(); - } +# system('/usr/local/bin/openvpnctrl', '-r'); +# &emptyserverlog(); +# } } ### @@ -554,24 +851,47 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { if ($cgiparams{'ROUTES_PUSH'} ne ''){ @temp = split(/\n/,$cgiparams{'ROUTES_PUSH'}); undef $vpnsettings{'ROUTES_PUSH'}; - foreach (@temp) + + foreach my $tmpip (@temp) { s/^\s+//g; s/\s+$//g; - if ($_) + + if ($tmpip) { - unless (&General::validipandmask($_)) { - $errormessage = $Lang::tr{'ovpn errmsg invalid ip or mask'}; - goto ADV_ERROR; + $tmpip=~s/\s*$//g; + unless (&General::validipandmask($tmpip)) { + $errormessage = "$tmpip ".$Lang::tr{'ovpn errmsg invalid ip or mask'}; + goto ADV_ERROR; } - my ($ip, $cidr) = split("\/",&General::ipcidr2msk($_)); + my ($ip, $cidr) = split("\/",&General::ipcidr2msk($tmpip)); + if ($ip eq $netsettings{'GREEN_NETADDRESS'} && $cidr eq $netsettings{'GREEN_NETMASK'}) { $errormessage = $Lang::tr{'ovpn errmsg green already pushed'}; - goto ADV_ERROR; + goto ADV_ERROR; + } +# a.marx ccd + my %ccdroutehash=(); + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + foreach my $key (keys %ccdroutehash) { + foreach my $i (1 .. $#{$ccdroutehash{$key}}) { + if ( $ip."/".$cidr eq $ccdroutehash{$key}[$i] ){ + $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ; + goto ADV_ERROR; + } + my ($ip2,$cidr2) = split(/\//,$ccdroutehash{$key}[$i]); + if (&General::IpInSubnet ($ip,$ip2,$cidr2)){ + $errormessage="Route $ip\/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ; + goto ADV_ERROR; + } + } } - $vpnsettings{'ROUTES_PUSH'} .= $_."\n"; + +# ccd end + + $vpnsettings{'ROUTES_PUSH'} .= $tmpip."\n"; } - } - &write_routepushfile; + } + &write_routepushfile; undef $vpnsettings{'ROUTES_PUSH'}; } else { @@ -1571,29 +1891,26 @@ END my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk \'{print \$1}\'`; if ($confighash{$cgiparams{'KEY'}}) { + if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { + $confighash{$cgiparams{'KEY'}}[0] = 'on'; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - - if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { - $confighash{$cgiparams{'KEY'}}[0] = 'on'; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - - if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]); - } - - } else { + } + } else { - $confighash{$cgiparams{'KEY'}}[0] = 'off'; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + $confighash{$cgiparams{'KEY'}}[0] = 'off'; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); - if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ if ($n2nactive ne ''){ - system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]); - } + system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]); + } - } else { + } else { $errormessage = $Lang::tr{'invalid key'}; - } + } } } @@ -1718,9 +2035,10 @@ else my $zip = Archive::Zip->new(); - print CLIENTCONF "#OpenVPN Server conf\r\n"; + print CLIENTCONF "#OpenVPN Client conf\r\n"; print CLIENTCONF "tls-client\r\n"; print CLIENTCONF "client\r\n"; + print CLIENTCONF "nobind\n"; print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n"; print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n"; print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; @@ -1814,10 +2132,41 @@ else } unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + +# A.Marx CCD delete ccd files and routes + + + if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]") + { + unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]"; + } + my %ccdroutehash=(); + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + foreach my $key (keys %ccdroutehash) { + if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){ + delete $ccdroutehash{$key}; + } + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + my %ccdroute2hash=(); + &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); + foreach my $key (keys %ccdroute2hash) { + if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){ + delete $ccdroute2hash{$key}; + } + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); + + + +# CCD end + + delete $confighash{$cgiparams{'KEY'}}; my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + #&writeserverconf(); } else { $errormessage = $Lang::tr{'invalid key'}; @@ -1884,9 +2233,11 @@ else %cgiparams = (); %cahash = (); %confighash = (); + my $disabled; &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams); read_routepushfile; - + + # if ($cgiparams{'CLIENT2CLIENT'} eq '') { # $cgiparams{'CLIENT2CLIENT'} = 'on'; # } @@ -1926,9 +2277,7 @@ ADV_ERROR: $selected{'LOG_VERB'}{'11'} = ''; $selected{'LOG_VERB'}{'0'} = ''; $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED'; - - - + &Header::showhttpheaders(); &Header::openpage($Lang::tr{'status ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', $errormessage); @@ -1940,8 +2289,8 @@ ADV_ERROR: } &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'}); print < - + +
@@ -1950,7 +2299,7 @@ ADV_ERROR: - + @@ -1975,7 +2324,7 @@ if ($cgiparams{'ROUTES_PUSH'} ne '') print $cgiparams{'ROUTES_PUSH'}; } -print < @@ -2057,8 +2406,16 @@ print <10 -
$Lang::tr{'dhcp-options'}
Domain
DNS
-
+
+END + +if ( -e "/var/run/openvpn.pid"){ +print"
$Lang::tr{'attention'}:
+ $Lang::tr{'server restart'}

+
"; +} + +print<   @@ -2077,6 +2434,121 @@ END &Header::closepage(); exit(0); + +# A.Marx CCD Add,delete or edit CCD net + +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ccd net'} || + $cgiparams{'ACTION'} eq $Lang::tr{'ccd add'} || + $cgiparams{'ACTION'} eq "kill" || + $cgiparams{'ACTION'} eq "edit" || + $cgiparams{'ACTION'} eq 'editsave'){ + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'ccd net'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + + if ($cgiparams{'ACTION'} eq "kill"){ + &delccdnet($cgiparams{'net'}); + } + + if ($cgiparams{'ACTION'} eq 'editsave'){ + my ($a,$b) =split (/\|/,$cgiparams{'ccdname'}); + if ( $a ne $b){ &modccdnet($a,$b);} + } + + if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) { + &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'},$cgiparams{'DOVPN_SUBNET'}); + } + if ($errormessage) { + &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); + print "$errormessage"; + print " "; + &Header::closebox(); + } +if ($cgiparams{'ACTION'} eq "edit"){ + + &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'}); + + print < + + $Lang::tr{'ccd name'}: + $Lang::tr{'ccd subnet'}: +
+ + + +END +; + &Header::closebox(); + + &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} ); + print < + + $Lang::tr{'ccd name'}$Lang::tr{'network'}$Lang::tr{'ccd used'} +END +; +} +else{ + if (! -e "/var/run/openvpn.pid"){ + &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd add'}); + print < +
+ $Lang::tr{'ccd hint'}

+ + $Lang::tr{'ccd name'}: + $Lang::tr{'ccd subnet'}: +
+ +
+END + + &Header::closebox(); +} + &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} ); + print < + + $Lang::tr{'ccd name'}$Lang::tr{'network'}$Lang::tr{'ccd used'} +END +; +} + my %ccdconfhash=(); + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + my @ccdconf=(); + my $count=0; + foreach my $key (keys %ccdconfhash) { + @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]); + $count++; + my $ccdhosts = &hostsinnet($ccdconf[0]); + if ($count % 2){ print" ";} + else{ print" ";} + print"$ccdconf[0]$ccdconf[1]$ccdhosts/".(&ccdmaxclients($ccdconf[1])+1).""; +print < + + + + + +
+ + + +
+END +; + } + print ""; + &Header::closebox(); + print ""; + &Header::closebigbox(); + &Header::closepage(); + exit(0); + +#END CCD + ### ### Openvpn Connections Statistics ### @@ -2284,7 +2756,7 @@ if ( -s "${General::swroot}/ovpn/settings") { print <$Lang::tr{'connection type'}:
- +
@@ -2293,21 +2765,21 @@ if ( -s "${General::swroot}/ovpn/settings") { - + - - +
$Lang::tr{'host to net vpn'}
$Lang::tr{'net to net vpn'} (Upload Client Package)
 
 Import Connection Name
 Default : Client Packagename
 Default : Client Packagename
 
* $Lang::tr{'this field may be blank'}
END ; + } else { print <$Lang::tr{'connection type'}:
- +
- +
$Lang::tr{'host to net vpn'}
END ; @@ -2537,26 +3009,26 @@ foreach my $dkey (keys %confighash) { $key = &General::findhasharraykey (\%confighash); - foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";} + foreach my $i (0 .. 38) { $confighash{$key}[$i] = "";} $confighash{$key}[0] = 'off'; $confighash{$key}[1] = $n2nname[0]; - $confighash{$key}[2] = $n2nname[0]; + $confighash{$key}[2] = $n2nname[0]; $confighash{$key}[3] = 'net'; $confighash{$key}[4] = 'cert'; $confighash{$key}[6] = 'client'; $confighash{$key}[8] = $n2nlocalsub[2]; - $confighash{$key}[10] = $n2nremote[1]; - $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]"; + $confighash{$key}[10] = $n2nremote[1]; + $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]"; $confighash{$key}[22] = $n2nmgmt[2]; - $confighash{$key}[23] = $mssfixactive; + $confighash{$key}[23] = $mssfixactive; $confighash{$key}[24] = $n2nfragment[1]; - $confighash{$key}[25] = 'IPFire n2n Client'; + $confighash{$key}[25] = 'IPFire n2n Client'; $confighash{$key}[26] = 'red'; - $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0"; - $confighash{$key}[28] = $n2nproto[0]; - $confighash{$key}[29] = $n2nport[1]; - $confighash{$key}[30] = $complzoactive; - $confighash{$key}[31] = $n2ntunmtu[1]; + $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0"; + $confighash{$key}[28] = $n2nproto[0]; + $confighash{$key}[29] = $n2nport[1]; + $confighash{$key}[30] = $complzoactive; + $confighash{$key}[31] = $n2ntunmtu[1]; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); @@ -2655,45 +3127,194 @@ if ($confighash{$cgiparams{'KEY'}}) { } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) || ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) || ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) { - + &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings); &General::readhasharray("${General::swroot}/ovpn/caconfig", \%cahash); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { - if (! $confighash{$cgiparams{'KEY'}}[0]) { - $errormessage = $Lang::tr{'invalid key'}; - goto VPNCONF_END; - } - $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0]; - $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1]; - $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3]; - $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; - $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5]; - $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6]; - $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8]; - $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10]; - $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11]; -# n2n m.a.d new fields - $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22]; - $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23]; - $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24]; - $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; - $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26]; -#new fields - $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27]; - $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28]; - $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29]; - $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30]; - $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31]; - -#new fields -#ab hiere error uebernehmen - - } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { + if (! $confighash{$cgiparams{'KEY'}}[0]) { + $errormessage = $Lang::tr{'invalid key'}; + goto VPNCONF_END; + } + $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0]; + $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1]; + $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3]; + $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; + $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5]; + $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6]; + $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8]; + $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10]; + $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11]; + $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22]; + $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23]; + $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24]; + $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; + $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26]; + $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27]; + $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28]; + $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29]; + $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30]; + $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31]; + $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32]; + my $name=$cgiparams{'CHECK1'} ; + $cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33]; + $cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34]; + $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35]; + $cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36]; + $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37]; + } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); - if ($cgiparams{'TYPE'} !~ /^(host|net)$/) { +#A.Marx CCD check iroute field and convert it to decimal + + my @temp=(); + my %ccdroutehash=(); + my $keypoint=0; + if ($cgiparams{'IR'} ne ''){ + @temp = split("\n",$cgiparams{'IR'}); + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + #find key to use + foreach my $key (keys %ccdroutehash) { + if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) { + $keypoint=$key; + delete $ccdroutehash{$key}; + }else{ + $keypoint = &General::findhasharraykey (\%ccdroutehash); + } + } + $ccdroutehash{$keypoint}[0]=$cgiparams{'NAME'}; + my $i=1; + my $val=0; + foreach $val (@temp){ + chomp($val); + $val=~s/\s*$//g; + my($ip,$cidr) = split(/\//,$val); + $cidr=&General::iporsubtodec($cidr); + + #check if iroute exists in ccdroute + foreach my $key (keys %ccdroutehash) { + foreach my $oldiroute ( 1 .. $#{$ccdroutehash{$key}}){ + if ($ccdroutehash{$key}[$oldiroute] eq "$ip/$cidr") { + $errormessage=$Lang::tr{'ccd err irouteexist'}; + goto VPNCONF_ERROR; + } + } + } + + #check for existing network IP's + if ((&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0')|| + (&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0')|| + (&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '')|| + (&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' )){ + $errormessage="$ip USED FOR SYSTEM!"; + goto VPNCONF_ERROR; + } + + + + if (&General::validipandmask($val)){ + $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr; + }else{ + $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($ip/$cidr)"; + goto VPNCONF_ERROR; + } + $i++; + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + &writeserverconf; + }else{ + &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + foreach my $key (keys %ccdroutehash) { + if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) { + delete $ccdroutehash{$key}; + &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + &writeserverconf; + } + } + } + undef @temp; + #check route field and convert it to decimal + my %ccdroute2hash=(); + my $val=0; + my $i=1; + + &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); + if($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} || $cgiparams{'IFROUTE'} eq '') { + undef $cgiparams{'IFROUTE'}; + foreach my $key (keys %ccdroute2hash){ + if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) { + delete $ccdroute2hash{$key}; + } + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); + }else{ + #find key to use + foreach my $key (keys %ccdroute2hash) { + if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) { + $keypoint=$key; + delete $ccdroute2hash{$key}; + }else{ + $keypoint = &General::findhasharraykey (\%ccdroute2hash); + &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash); + &writeserverconf; + } + } + $ccdroute2hash{$keypoint}[0]=$cgiparams{'NAME'}; + @temp = split(/\|/,$cgiparams{'IFROUTE'}); + my %ownnet=(); + &General::readhash("${General::swroot}/ethernet/settings", \%ownnet); + foreach $val (@temp){ + chomp($val); + $val=~s/\s*$//g; + if ($val eq $Lang::tr{'green'}) + { + $val=$ownnet{GREEN_NETADDRESS}."/".$ownnet{GREEN_NETMASK}; + } + if ($val eq $Lang::tr{'blue'}) + { + $val=$ownnet{BLUE_NETADDRESS}."/".$ownnet{BLUE_NETMASK}; + } + if ($val eq $Lang::tr{'orange'}) + { + $val=$ownnet{ORANGE_NETADDRESS}."/".$ownnet{ORANGE_NETMASK}; + } + my ($ip,$cidr) = split (/\//, $val); + if (! &check_routes_push($val)){$errormessage=$errormessage."Route $val ".$Lang::tr{'ccd err routeovpn2'}." ($val)";goto VPNCONF_ERROR;} + if (! &check_ccdroute($val)){$errormessage=$errormessage."
Route $val ".$Lang::tr{'ccd err inuse'}." ($val)" ;goto VPNCONF_ERROR;} + if (! &check_ccdconf($val)){$errormessage=$errormessage."
Route $val ".$Lang::tr{'ccd err routeovpn'}." ($val)";goto VPNCONF_ERROR;} + if (&General::validipandmask($val)){ + $val=$ip."/".&General::iporsubtodec($cidr); + $ccdroute2hash{$keypoint}[$i] = $val; + }else{ + $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)"; + goto VPNCONF_ERROR; + } + $i++; + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash); + } + #check dns1 ip + if ($cgiparams{'CCD_DNS1'} ne '' && ! &General::validip($cgiparams{'CCD_DNS1'})) { + $errormessage=$errormessage."
".$Lang::tr{'invalid input for dhcp dns'}." 1"; + goto VPNCONF_ERROR; + } + #check dns2 ip + if ($cgiparams{'CCD_DNS2'} ne '' && ! &General::validip($cgiparams{'CCD_DNS2'})) { + $errormessage=$errormessage."
".$Lang::tr{'invalid input for dhcp dns'}." 2"; + goto VPNCONF_ERROR; + } + #check wins ip + if ($cgiparams{'CCD_WINS'} ne '' && ! &General::validip($cgiparams{'CCD_WINS'})) { + $errormessage=$errormessage."
".$Lang::tr{'invalid input for dhcp wins'}; + goto VPNCONF_ERROR; + } + + +#CCD End + + + if ($cgiparams{'TYPE'} !~ /^(host|net)$/) { $errormessage = $Lang::tr{'connection type is invalid'}; if ($cgiparams{'TYPE'} eq 'net') { unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; @@ -3143,45 +3764,119 @@ if ($cgiparams{'TYPE'} eq 'net') { # Save the config my $key = $cgiparams{'KEY'}; + if (! $key) { $key = &General::findhasharraykey (\%confighash); - foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";} + foreach my $i (0 .. 38) { $confighash{$key}[$i] = "";} } - $confighash{$key}[0] = $cgiparams{'ENABLED'}; - $confighash{$key}[1] = $cgiparams{'NAME'}; + $confighash{$key}[0] = $cgiparams{'ENABLED'}; + $confighash{$key}[1] = $cgiparams{'NAME'}; if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') { - $confighash{$key}[2] = $cgiparams{'CERT_NAME'}; + $confighash{$key}[2] = $cgiparams{'CERT_NAME'}; } - $confighash{$key}[3] = $cgiparams{'TYPE'}; + + $confighash{$key}[3] = $cgiparams{'TYPE'}; if ($cgiparams{'AUTH'} eq 'psk') { - $confighash{$key}[4] = 'psk'; - $confighash{$key}[5] = $cgiparams{'PSK'}; + $confighash{$key}[4] = 'psk'; + $confighash{$key}[5] = $cgiparams{'PSK'}; } else { - $confighash{$key}[4] = 'cert'; + $confighash{$key}[4] = 'cert'; } if ($cgiparams{'TYPE'} eq 'net') { - $confighash{$key}[6] = $cgiparams{'SIDE'}; - $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; + $confighash{$key}[6] = $cgiparams{'SIDE'}; + $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; } - $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; - $confighash{$key}[10] = $cgiparams{'REMOTE'}; + $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; + $confighash{$key}[10] = $cgiparams{'REMOTE'}; if ($cgiparams{'OVPN_MGMT'} eq '') { - $confighash{$key}[22] = $confighash{$key}[29]; + $confighash{$key}[22] = $confighash{$key}[29]; } else { - $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'}; + $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'}; } - $confighash{$key}[23] = $cgiparams{'MSSFIX'}; - $confighash{$key}[24] = $cgiparams{'FRAGMENT'}; - $confighash{$key}[25] = $cgiparams{'REMARK'}; - $confighash{$key}[26] = $cgiparams{'INTERFACE'}; + $confighash{$key}[23] = $cgiparams{'MSSFIX'}; + $confighash{$key}[24] = $cgiparams{'FRAGMENT'}; + $confighash{$key}[25] = $cgiparams{'REMARK'}; + $confighash{$key}[26] = $cgiparams{'INTERFACE'}; # new fields - $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'}; - $confighash{$key}[28] = $cgiparams{'PROTOCOL'}; - $confighash{$key}[29] = $cgiparams{'DEST_PORT'}; - $confighash{$key}[30] = $cgiparams{'COMPLZO'}; - $confighash{$key}[31] = $cgiparams{'MTU'}; -# new fileds + $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'}; + $confighash{$key}[28] = $cgiparams{'PROTOCOL'}; + $confighash{$key}[29] = $cgiparams{'DEST_PORT'}; + $confighash{$key}[30] = $cgiparams{'COMPLZO'}; + $confighash{$key}[31] = $cgiparams{'MTU'}; + $confighash{$key}[32] = $cgiparams{'CHECK1'}; + my $name=$cgiparams{'CHECK1'}; + $confighash{$key}[33] = $cgiparams{$name}; + $confighash{$key}[34] = $cgiparams{'RG'}; + $confighash{$key}[35] = $cgiparams{'CCD_DNS1'}; + $confighash{$key}[36] = $cgiparams{'CCD_DNS2'}; + $confighash{$key}[37] = $cgiparams{'CCD_WINS'}; + + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); + + if ($cgiparams{'CHECK1'} ){ + + my ($ccdip,$ccdsub)=split "/",$cgiparams{$name}; + my ($a,$b,$c,$d) = split (/\./,$ccdip); + if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";} + open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!"; + print CCDRWCONF "# OpenVPN Clientconfig from CCD extension by Copymaster#\n\n"; + if($cgiparams{'CHECK1'} eq 'dynamic'){ + print CCDRWCONF "#This client uses the dynamic pool\n"; + }else{ + print CCDRWCONF "#Ip address client and Server\n"; + print CCDRWCONF "ifconfig-push $ccdip ".&General::getlastip($ccdip,1)."\n"; + } + if ($confighash{$key}[34] eq 'on'){ + print CCDRWCONF "\n#Redirect Gateway: \n#All IP traffic is redirected through the vpn \n"; + print CCDRWCONF "push redirect-gateway\n"; + } + if ($cgiparams{'IR'} ne ''){ + print CCDRWCONF "\n#Client routes these Networks (behind Client)\n"; + foreach my $key (keys %ccdroutehash){ + if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}){ + foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){ + my ($a,$b)=split (/\//,$ccdroutehash{$key}[$i]); + print CCDRWCONF "iroute $a $b\n"; + } + } + } + } + if ($cgiparams{'IFROUTE'} ne ''){ + print CCDRWCONF "\n#Client gets routes to these Networks (behind IPFIRE)\n"; + foreach my $key (keys %ccdroute2hash){ + if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){ + foreach my $i ( 1 .. $#{$ccdroute2hash{$key}}){ + if($ccdroute2hash{$key}[$i] eq $Lang::tr{'blue'}){ + my %blue=(); + &General::readhash("${General::swroot}/ethernet/settings", \%blue); + print CCDRWCONF "push \"route $blue{BLUE_ADDRESS} $blue{BLUE_NETMASK}\n"; + }elsif($ccdroute2hash{$key}[$i] eq $Lang::tr{'orange'}){ + my %orange=(); + &General::readhash("${General::swroot}/ethernet/settings", \%orange); + print CCDRWCONF "push \"route $orange{ORANGE_ADDRESS} $orange{ORANGE_NETMASK}\n"; + }else{ + my ($a,$b)=split (/\//,$ccdroute2hash{$key}[$i]); + print CCDRWCONF "push \"route $a $b\"\n"; + } + } + } + } + } + if(($cgiparams{'CCD_DNS1'} eq '') && ($cgiparams{'CCD_DNS1'} ne '')){ $cgiparams{'CCD_DNS1'} = $cgiparams{'CCD_DNS2'};$cgiparams{'CCD_DNS2'}='';} + if($cgiparams{'CCD_DNS1'} ne ''){ + print CCDRWCONF "\n#Client gets these Nameservers\n"; + print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS1'}\" \n"; + } + if($cgiparams{'CCD_DNS2'} ne ''){ + print CCDRWCONF "push \"dhcp-option DNS $cgiparams{'CCD_DNS2'}\" \n"; + } + if($cgiparams{'CCD_WINS'} ne ''){ + print CCDRWCONF "\n#Client gets this WINS server\n"; + print CCDRWCONF "push \"dhcp-option WINS $cgiparams{'CCD_WINS'}\" \n"; + } + close CCDRWCONF; + } ### # m.a.d n2n begin @@ -3308,12 +4003,17 @@ if ($cgiparams{'TYPE'} eq 'net') { } &Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:"); - print "\n"; - print ""; + print "
$Lang::tr{'name'}:
\n"; + + + + print ""; + if ($cgiparams{'TYPE'} eq 'host') { if ($cgiparams{'KEY'}) { - print "\n"; + print ""; } else { + print ""; } # print ""; @@ -3333,6 +4033,9 @@ if ($cgiparams{'TYPE'} eq 'net') { } else { print ""; } + + + print <  @@ -3374,46 +4077,64 @@ if ($cgiparams{'TYPE'} eq 'net') { END - ; +; } print ""; - print ""; + print "
$Lang::tr{'name'}: $cgiparams{'NAME'}$cgiparams{'NAME'}
$Lang::tr{'interface'} 
$Lang::tr{'openvpn default'}: $Lang::tr{'destination port'}
$Lang::tr{'remark title'} 
"; if ($cgiparams{'TYPE'} eq 'host') { + print "$Lang::tr{'enabled'} "; + } - print "$Lang::tr{'enabled'} \n"; - } - -# if ($cgiparams{'KEY'}) { -# print " "; -# } else { -# print " $Lang::tr{'edit advanced settings when done'}"; -# } -# }else{ - print " "; -# } - + print"

"; +#A.Marx CCD new client - + print ""; + my %ccdconfhash=(); + my %ccdroutehash=(); + my %ccdroute2hash=(); + my %vpnnet=(); + my $vpnip; + &General::readhash("${General::swroot}/ovpn/settings", \%vpnnet); + $vpnip=$vpnnet{'DOVPN_SUBNET'}; + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash); + my @ccdconf=(); + my $count=0; + my $checked; + $checked{'check1'}{'off'} = ''; + $checked{'check1'}{'on'} = ''; + $checked{'check1'}{$cgiparams{'CHECK1'}} = 'CHECKED'; + print"

$Lang::tr{'ccd choose net'}
$Lang::tr{'ccd dynrange'} ($vpnip)"; + print"


"; + my $name=$cgiparams{'CHECK1'}; + $checked{'RG'}{$cgiparams{'RG'}} = 'CHECKED'; + + if (! -z "${General::swroot}/ovpn/ccd.conf"){ + print""; + foreach my $key (keys %ccdconfhash) { + $count++; + @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]); + if ($count % 2){print"";}else{print"";} + print""; + } + print "
$Lang::tr{'ccd name'}$Lang::tr{'network'}$Lang::tr{'ccd clientip'}
$ccdconf[0]$ccdconf[1]"; + &fillselectbox($ccdconf[1],$ccdconf[0],$cgiparams{$name}); + print"




"; + } +# ccd end &Header::closebox(); - if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') { - # &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'}); - # print < - # $Lang::tr{'use a pre-shared key'} - # - # -END - # ; - # &Header::closebox(); - } elsif (! $cgiparams{'KEY'}) { + + } elsif (! $cgiparams{'KEY'}) { + + my $disabled=''; my $cakeydisabled=''; my $cacrtdisabled=''; if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" }; if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" }; + &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'}); @@ -3510,8 +4231,96 @@ END ### ; &Header::closebox(); + + } + print"

"; + &Header::openbox('100%', 'LEFT', "$Lang::tr{'ccd client options'}:"); + +#A.Marx CCD new client + + print < + Redirect Gateway: +
$Lang::tr{'ccd routes'} +   + $Lang::tr{'ccd iroute'}$Lang::tr{'ccd iroutehint'} +
+ $Lang::tr{'ccd iroute2'} + DNS2: + WINS:
+ +END +; + &Header::closebox(); + print "
"; if ($cgiparams{'KEY'}) { # print ""; @@ -3538,24 +4347,21 @@ END my @status = `/bin/cat /var/log/ovpnserver.log`; if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") { - if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) { - my $ipaddr = ; - close IPADDR; - chomp ($ipaddr); - $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0]; - if ($cgiparams{'VPN_IP'} eq '') { - $cgiparams{'VPN_IP'} = $ipaddr; - } - } + if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) { + my $ipaddr = ; + close IPADDR; + chomp ($ipaddr); + $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/\./, $ipaddr)), 2))[0]; + if ($cgiparams{'VPN_IP'} eq '') { + $cgiparams{'VPN_IP'} = $ipaddr; + } + } } #default setzen if ($cgiparams{'DCIPHER'} eq '') { $cgiparams{'DCIPHER'} = 'BF-CBC'; } -# if ($cgiparams{'DCOMPLZO'} eq '') { -# $cgiparams{'DCOMPLZO'} = 'on'; -# } if ($cgiparams{'DDEST_PORT'} eq '') { $cgiparams{'DDEST_PORT'} = '1194'; } @@ -3565,8 +4371,7 @@ END if ($cgiparams{'DOVPN_SUBNET'} eq '') { $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0'; } - - $checked{'ENABLED'}{'off'} = ''; + $checked{'ENABLED'}{'off'} = ''; $checked{'ENABLED'}{'on'} = ''; $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED'; $checked{'ENABLED_BLUE'}{'off'} = ''; @@ -3626,8 +4431,8 @@ END $activeonrun = "disabled='disabled'"; } &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'}); - print < + print <
    @@ -3635,7 +4440,7 @@ END $Lang::tr{'ovpn server status'} $sactive $Lang::tr{'ovpn on red'} - + END ; if (&haveBlueNet()) { @@ -3674,18 +4479,20 @@ END - + +
END ; if ( $srunning eq "yes" ) { - print ""; - print ""; - print ""; - print ""; + print ""; + print ""; + print ""; + print ""; } else{ - print ""; - print ""; + print ""; + print ""; + print ""; if (( -e "${General::swroot}/ovpn/ca/cacert.pem" && -e "${General::swroot}/ovpn/ca/dh1024.pem" && -e "${General::swroot}/ovpn/certs/servercert.pem" && @@ -3693,11 +4500,9 @@ END (( $cgiparams{'ENABLED'} eq 'on') || ( $cgiparams{'ENABLED_BLUE'} eq 'on') || ( $cgiparams{'ENABLED_ORANGE'} eq 'on'))){ - print ""; - print ""; + print ""; } else { - print ""; - print ""; + print ""; } } print "
"; @@ -3829,18 +4634,19 @@ END END - ; +; } - print < - - - - -
$Lang::tr{'ca name'}: -
+ +print < + + + + +
$Lang::tr{'ca name'}:
END - ; +; + &Header::closebox(); if ( $srunning eq "yes" ) { @@ -3863,8 +4669,7 @@ END $Lang::tr{'name'} $Lang::tr{'type'} - $Lang::tr{'common name'} - $Lang::tr{'valid till'} + $Lang::tr{'network'} $Lang::tr{'remark'} $Lang::tr{'status'} $Lang::tr{'action'} @@ -3883,15 +4688,17 @@ END } print "$confighash{$key}[1]"; print "" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")"; - if ($confighash{$key}[4] eq 'cert') { - print "$confighash{$key}[2]"; - } else { - print " "; - } + #if ($confighash{$key}[4] eq 'cert') { + #print "$confighash{$key}[2]"; + #} else { + #print " "; + #} my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`; $cavalid =~ /Not After : (.*)[\n]/; $cavalid = $1; - print "$cavalid"; + if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]="net-2-net";} + if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'host' ){$confighash{$key}[32]="dynamic";} + print "$confighash{$key}[32]"; print "$confighash{$key}[25]"; my $active = "
$Lang::tr{'capsclosed'}
"; @@ -4029,7 +4836,7 @@ END # If the config file contains entries, print Key to action icons if ( $id ) { print < + @@ -4050,7 +4857,7 @@ END -
  $Lang::tr{'legend'}:   $Lang::tr{ ?RELOAD $Lang::tr{'dl client arch'}
+
END ; } @@ -4058,8 +4865,8 @@ END print <
- - + +
END diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index f686c3058..cb29cf122 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -351,6 +351,7 @@ 'arp table entries' => 'Einträge der ARP-Tabelle:', 'artist' => 'Künstler', 'attemps' => 'Versuche', +'attention' => 'ACHTUNG', 'august' => 'August', 'authentication' => 'Authentifizierung:', 'automatic' => 'Automatisch', @@ -455,6 +456,42 @@ 'capsopen' => 'VERBUNDEN', 'capswarning' => 'WARNUNG', 'caption' => 'Legende', +'ccd add' => 'Netzwerk hinzufügen', +'ccd choose net' => 'Netzwerk auswählen', +'ccd client options' => 'Erweiterte Client-Optionen', +'ccd clientip' => 'Hostadresse', +'ccd dynrange' => 'Dynamischer OpenVPN IP-Addressen-Pool', +'ccd err blue' => 'Das ist das BLAUE Subnetz.', +'ccd err green' => 'Das ist das GRÜNE Subnetz.', +'ccd err hostinnet' => 'Das Netzwerk kann nicht gelöscht werden, da sich in ihm noch Clients befinden.', +'ccd err inuse' => 'Wird bereits von einem anderen Client genutzt.', +'ccd err invalidname' => 'Ungültiger Name. Erlaubte Zeichen: A-Z, a-z, Bindestrich und Leerzeichen.', +'ccd err invalidnet' => 'Ungültige IP-Addresse. Format: 192.168.0.0/24 oder 192.168.0.0/255.255.255.0.', +'ccd err iroute' => 'Netzadresse für Route ungültig.', +'ccd err irouteexist' => 'Diese Route wird bereits verwendet.', +'ccd err isovpnnet' => 'Subnetzadresse wird für bereits für den OpenVPN-Server verwendet!', +'ccd err issubnet' => 'Subnetzadresse wird bereits verwendet.', +'ccd err name' => 'Es muss ein Name angegeben werden.', +'ccd err nameexist' => 'Name existiert bereits.', +'ccd err netadr' => 'Subnetzadresse ist ungültig oder Bereich zu groß.', +'ccd err netadrexist' => 'Netwerk existiert bereits.', +'ccd err orange' => 'Das ist das ORANGE Subnetz.', +'ccd err red' => 'Das ist das ROTE Subnetz.', +'ccd err routeovpn' => 'Wird vom OpenVPN-Server genutzt.', +'ccd err routeovpn2' => 'Wird bereits vom OpenVPN-Server verteilt.', +'ccd hint' => 'Auf dieser Seite können statische Netzwerke definiert werden, von denen Roadwarrior-Clients feste Adressen zugewiesen bekommen können.', +'ccd invalid' => 'ist ungültig.', +'ccd iroute' => 'IPFire hat Zugriff auf diese Netzwerke auf Clientseite: ', +'ccd iroute2' => 'Client hat Zugriff auf diese Netzwerke auf IPFire-Seite: ', +'ccd iroutehint' => 'Achtung! Wenn Sie diese Einstellungen ändern, muss der OpenVPN Server neu gestartet werden!', +'ccd maxclients' => 'Mögliche Adressen', +'ccd modify' => 'Netzwerk ändern', +'ccd name' => 'Name', +'ccd net' => 'Statische IP-Adressen-Pools', +'ccd none' => 'Keine', +'ccd routes' => 'Routen:', +'ccd subnet' => 'Subnetz', +'ccd used' => 'Genutzte Adressen', 'cert' => 'Zertifikat', 'certificate' => 'Zertifikat', 'certificate authorities' => 'Zertifizierungsstellen (CAs)', @@ -1568,6 +1605,7 @@ 'september' => 'September', 'serial' => 'serielle', 'server reserved' => 'The connection name server is reserved and not allowed', +'server restart' => 'Wenn hier etwas geändert wird, muss der openVPN Server neu gestartet werden, damit die Einstellungen übernommen werden!', 'server string' => 'Server String', 'service' => 'Dienst', 'service added' => 'Benutzerdefinierter Netzwerkdienst wurde hinzugefügt', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 5fe239123..d92fadcd3 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -353,6 +353,7 @@ 'arp table entries' => 'ARP Table Entries:', 'artist' => 'Artist', 'attemps' => 'Attempts', +'attention' => 'ATTENTION', 'august' => 'August', 'authentication' => 'Authentication:', 'automatic' => 'Automatic', @@ -474,6 +475,41 @@ 'capsopen' => 'CONNECTED', 'capswarning' => 'WARNING', 'caption' => 'Caption', +'ccd add' => 'Add network', +'ccd choose net' => 'Choose network', +'ccd client options' => 'Advanced client options', +'ccd clientip' => 'Host address', +'ccd dynrange' => 'Dynamic OpenVPN IP address pool', +'ccd err blue' => 'This is the BLUE subnet.', +'ccd err green' => 'This is the GREEN subnet.', +'ccd err hostinnet' => 'You are not able to delete this network, while it still contains clients.', +'ccd err inuse' => 'Already used by another client.', +'ccd err invalidname' => 'Invalid name. Allowed characters are A-Z, a-z, dash and space.', +'ccd err invalidnet' => 'Invalid IP address. Format: 192.168.0.0/24 or 192.168.0.0/255.255.255.0.', +'ccd err iroute' => 'Network address for route is invalid.', +'ccd err irouteexist' => 'This route is already in use.', +'ccd err isovpnnet' => 'Subnet address already in use for OpenVPN Server.', +'ccd err issubnet' => 'Subnet address already in use.', +'ccd err name' => 'Please choose a name.', +'ccd err nameexist' => 'Name already exists.', +'ccd err netadr' => 'Subnet address is invalid or range is too large.', +'ccd err netadrexist' => 'Network already exists.', +'ccd err orange' => 'This is the ORANGE subnet.', +'ccd err red' => 'This is the RED subnet.', +'ccd err routeovpn' => 'Already used by OpenVPN server.', +'ccd err routeovpn2' => 'Already pushed from OpenVPN server.', +'ccd hint' => 'On this page you are able to define static networks from which the roadwarrior clients can get fixed IP address assignments.', +'ccd invalid' => 'Invalid.', +'ccd iroute' => 'IPFire has access to these networks on the client\'s site', +'ccd iroute2' => 'Client has access to these networks on IPFire\'s site', +'ccd iroutehint' => 'Attention! If you change these settings, you have to restart the OpenVPN server that the changes take effect!', +'ccd modify' => 'Change network', +'ccd name' => 'Name', +'ccd net' => 'Static IP address pools', +'ccd none' => 'None', +'ccd routes' => 'Routing:', +'ccd subnet' => 'Subnet', +'ccd used' => 'Used addresses', 'cert' => 'Certificate', 'certificate' => 'Certificate', 'certificate authorities' => 'Certificate Authorities', @@ -895,7 +931,7 @@ 'gpl unofficial translation of the general public license v3' => 'Unofficial translation of the General Public License v3', 'graph' => 'Graph', 'graph per' => 'per', -'green' => 'Green', +'green' => 'GREEN', 'green interface' => 'Green Interface', 'guaranteed bandwith' => 'Guaranteed bandwith', 'guardian alertfile' => 'Alertfile', @@ -1598,6 +1634,7 @@ 'september' => 'September', 'serial' => 'Serial', 'server reserved' => 'The connection name server is reserved and not allowed', +'server restart' => 'If you change these settings you have to restart the OpenVPN server for the changes to take effect!', 'server string' => 'Server String', 'service' => 'Service', 'service added' => 'Custom network service added', -- 2.39.2