This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 30b1c1c72855e469034d9f7a6d4410367fa3069c (commit)
via 4be45949e9629cc141401957e291e1e5206adb39 (commit)
via 53ce51761fb21c630ce547660cc0b2778835d210 (commit)
via 754066e6c3c6c1185fc25f8ae25b5e90c6e11f99 (commit)
from e3b5a052ecd0eb5c53f669c5218f360b016fe128 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 30b1c1c72855e469034d9f7a6d4410367fa3069c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun May 18 13:35:02 2014 +0200
Re-add missing language string "DNS Servers".
commit 4be45949e9629cc141401957e291e1e5206adb39
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Sat May 17 21:59:45 2014 +0200
openvpn: Changed directioning and added additional generation for ta.key.
Deleted the direction parameter 0 and 1 in ta.key directive for
compatibility purposes.
Added the ta.key generation also in PKI build process.
Replaced the ta.key to /certs instead of /ca and adapted the
apropriate paths.
commit 53ce51761fb21c630ce547660cc0b2778835d210
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Sat May 17 21:48:50 2014 +0200
openvpn: Drop unused code from cgi file.
Deleted the following unused functions:
* checkportfw
* checkportoverlap
* checkportinc
* disallowreserved
commit 754066e6c3c6c1185fc25f8ae25b5e90c6e11f99
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Sat May 17 21:32:55 2014 +0200
openvpn: Deleted double entries for TLSAUTH and DAUTH.
Also drop remaining if clauses for Engines.
-----------------------------------------------------------------------
Summary of changes:
doc/language_issues.de | 1 -
doc/language_issues.en | 1 -
doc/language_missings | 4 ++
html/cgi-bin/ovpnmain.cgi | 153 +++++++---------------------------------------
langs/de/cgi-bin/de.pl | 1 +
langs/en/cgi-bin/en.pl | 1 +
6 files changed, 28 insertions(+), 133 deletions(-)
Difference in files:
diff --git a/doc/language_issues.de b/doc/language_issues.de
index 650d415..2140296 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -615,7 +615,6 @@ WARNING: untranslated string: addons
WARNING: untranslated string: bytes
WARNING: untranslated string: community rules
WARNING: untranslated string: dead peer detection
-WARNING: untranslated string: dns servers
WARNING: untranslated string: downlink
WARNING: untranslated string: emerging rules
WARNING: untranslated string: first
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 732e2aa..3a0a4c7 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -647,7 +647,6 @@ WARNING: translation string unused: year-graph
WARNING: translation string unused: yearly firewallhits
WARNING: untranslated string: Scan for Songs
WARNING: untranslated string: bytes
-WARNING: untranslated string: dns servers
WARNING: untranslated string: downlink
WARNING: untranslated string: first
WARNING: untranslated string: fwhost err hostip
diff --git a/doc/language_missings b/doc/language_missings
index 7a55460..2def481 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -92,6 +92,7 @@
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
+< dns servers
< dpd delay
< dpd timeout
< drop action
@@ -607,6 +608,7 @@
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
+< dns servers
< dpd delay
< dpd timeout
< drop action
@@ -1114,6 +1116,7 @@
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
+< dns servers
< dpd delay
< dpd timeout
< drop action
@@ -1600,6 +1603,7 @@
< dnsforward entries
< dnsforward forward_server
< dnsforward zone
+< dns servers
< dpd delay
< dpd timeout
< drop action
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 907e8c0..0e8fad8 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -172,105 +172,6 @@ sub deletebackupcert
unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem");
}
}
-sub checkportfw {
- my $DPORT = shift;
- my $DPROT = shift;
- my %natconfig =();
- my $confignat = "${General::swroot}/firewall/config";
- $DPROT= uc ($DPROT);
- &General::readhasharray($confignat, \%natconfig);
- foreach my $key (sort keys %natconfig){
- my @portarray = split (/\|/,$natconfig{$key}[30]);
- foreach my $value (@portarray){
- if ($value =~ /:/i){
- my ($a,$b) = split (":",$value);
- if ($DPROT eq $natconfig{$key}[12] && $DPORT gt $a && $DPORT lt $b){
- $errormessage= "$Lang::tr{'source port in use'} $DPORT";
- }
- }else{
- if ($DPROT eq $natconfig{$key}[12] && $DPORT eq $value){
- $errormessage= "$Lang::tr{'source port in use'} $DPORT";
- }
- }
- }
- }
- return;
-}
-
-sub checkportoverlap
-{
- my $portrange1 = $_[0]; # New port range
- my $portrange2 = $_[1]; # existing port range
- my @tempr1 = split(/\:/,$portrange1);
- my @tempr2 = split(/\:/,$portrange2);
-
- unless (&checkportinc($tempr1[0], $portrange2)){ return 0;}
- unless (&checkportinc($tempr1[1], $portrange2)){ return 0;}
-
- unless (&checkportinc($tempr2[0], $portrange1)){ return 0;}
- unless (&checkportinc($tempr2[1], $portrange1)){ return 0;}
-
- return 1; # Everything checks out!
-}
-
-# Darren Critchley - we want to make sure that a port entry is not within an already existing range
-sub checkportinc
-{
- my $port1 = $_[0]; # Port
- my $portrange2 = $_[1]; # Port range
- my @tempr1 = split(/\:/,$portrange2);
-
- if ($port1 < $tempr1[0] || $port1 > $tempr1[1]) {
- return 1;
- } else {
- return 0;
- }
-}
-
-# Darren Critchley - certain ports are reserved for IPFire
-# TCP 67,68,81,222,444
-# UDP 67,68
-# Params passed in -> port, rangeyn, protocol
-sub disallowreserved
-{
- # port 67 and 68 same for tcp and udp, don't bother putting in an array
- my $msg = "";
- my @tcp_reserved = (81,222,444);
- my $prt = $_[0]; # the port or range
- my $ryn = $_[1]; # tells us whether or not it is a port range
- my $prot = $_[2]; # protocol
- my $srcdst = $_[3]; # source or destination
- if ($ryn) { # disect port range
- if ($srcdst eq "src") {
- $msg = "$Lang::tr{'rsvd src port overlap'}";
- } else {
- $msg = "$Lang::tr{'rsvd dst port overlap'}";
- }
- my @tmprng = split(/\:/,$prt);
- unless (67 < $tmprng[0] || 67 > $tmprng[1]) { $errormessage="$msg 67"; return; }
- unless (68 < $tmprng[0] || 68 > $tmprng[1]) { $errormessage="$msg 68"; return; }
- if ($prot eq "tcp") {
- foreach my $prange (@tcp_reserved) {
- unless ($prange < $tmprng[0] || $prange > $tmprng[1]) { $errormessage="$msg $prange"; return; }
- }
- }
- } else {
- if ($srcdst eq "src") {
- $msg = "$Lang::tr{'reserved src port'}";
- } else {
- $msg = "$Lang::tr{'reserved dst port'}";
- }
- if ($prt == 67) { $errormessage="$msg 67"; return; }
- if ($prt == 68) { $errormessage="$msg 68"; return; }
- if ($prot eq "tcp") {
- foreach my $prange (@tcp_reserved) {
- if ($prange == $prt) { $errormessage="$msg $prange"; return; }
- }
- }
- }
- return;
-}
-
sub writeserverconf {
my %sovpnsettings = ();
@@ -369,7 +270,7 @@ sub writeserverconf {
print CONF "auth $sovpnsettings{'DAUTH'}\n";
}
if ($sovpnsettings{'TLSAUTH'} eq 'on') {
- print CONF "tls-auth ${General::swroot}/ovpn/ca/ta.key 0\n";
+ print CONF "tls-auth ${General::swroot}/ovpn/certs/ta.key\n";
}
if ($sovpnsettings{DCOMPLZO} eq 'on') {
print CONF "comp-lzo\n";
@@ -810,13 +711,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
$vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
}
- # Create ta.key for tls-auth if not presant
- if ($cgiparams{'TLSAUTH'} eq 'on') {
- if ( ! -e "${General::swroot}/ovpn/ca/ta.key") {
- system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/ca/ta.key")
- }
- }
-
if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
@@ -915,6 +809,16 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
$errormessage = $Lang::tr{'invalid input for keepalive 1:2'};
goto ADV_ERROR;
}
+ # Create ta.key for tls-auth if not presant
+ if ($cgiparams{'TLSAUTH'} eq 'on') {
+ if ( ! -e "${General::swroot}/ovpn/certs/ta.key") {
+ system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
+ if ($?) {
+ $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
+ goto ADV_ERROR;
+ }
+ }
+ }
&General::writehash("${General::swroot}/ovpn/settings", \%vpnsettings);
&writeserverconf();#hier ok
@@ -1131,11 +1035,6 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg
}
}
if ($errormessage) { goto SETTINGS_ERROR; }
-
- if ($cgiparams{'ENABLED'} eq 'on'){
- &checkportfw($cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'});
- }
- if ($errormessage) { goto SETTINGS_ERROR; }
if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) {
$errormessage = $Lang::tr{'ovpn subnet is invalid'};
@@ -1944,7 +1843,14 @@ END
goto ROOTCERT_ERROR;
# } else {
# &cleanssldatabase();
- }
+ }
+ # Create ta.key for tls-auth
+ system('/usr/sbin/openvpn', '--genkey', '--secret', "${General::swroot}/ovpn/certs/ta.key");
+ if ($?) {
+ $errormessage = "$Lang::tr{'openssl produced an error'}: $?";
+ &cleanssldatabase();
+ goto ROOTCERT_ERROR;
+ }
goto ROOTCERT_SUCCESS;
}
ROOTCERT_ERROR:
@@ -2286,8 +2192,8 @@ else
print CLIENTCONF "auth $vpnsettings{'DAUTH'}\r\n";
}
if ($vpnsettings{'TLSAUTH'} eq 'on') {
- print CLIENTCONF "tls-auth ta.key 1\r\n";
- $zip->addFile( "${General::swroot}/ovpn/ca/ta.key", "ta.key") or die "Can't add file ta.key\n";
+ print CLIENTCONF "tls-auth ta.key\r\n";
+ $zip->addFile( "${General::swroot}/ovpn/certs/ta.key", "ta.key") or die "Can't add file ta.key\n";
}
if ($vpnsettings{DCOMPLZO} eq 'on') {
print CLIENTCONF "comp-lzo\r\n";
@@ -2511,20 +2417,8 @@ ADV_ERROR:
if ($cgiparams{'DAUTH'} eq '') {
$cgiparams{'DAUTH'} = 'SHA1';
}
- if ($cgiparams{'DAUTH'} eq '') {
- $cgiparams{'DAUTH'} = 'SHA1';
- }
- if ($cgiparams{'ENGINES'} eq '') {
- $cgiparams{'ENGINES'} = 'disabled';
- }
if ($cgiparams{'TLSAUTH'} eq '') {
- $cgiparams{'TLSAUTH'} = 'off';
- }
- if ($cgiparams{'DAUTH'} eq '') {
- $cgiparams{'DAUTH'} = 'SHA1';
- }
- if ($cgiparams{'TLSAUTH'} eq '') {
- $cgiparams{'TLSAUTH'} = 'off';
+ $cgiparams{'TLSAUTH'} = 'off';
}
$checked{'CLIENT2CLIENT'}{'off'} = '';
$checked{'CLIENT2CLIENT'}{'on'} = '';
@@ -4927,9 +4821,6 @@ END
if ($cgiparams{'DAUTH'} eq '') {
$cgiparams{'DAUTH'} = 'SHA1';
}
- if ($cgiparams{'ENGINES'} eq '') {
- $cgiparams{'ENGINES'} = 'disabled';
- }
if ($cgiparams{'DOVPN_SUBNET'} eq '') {
$cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0';
}
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index aee46df..6d27012 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -739,6 +739,7 @@
'dns saved' => 'Erfolgreich gespeichert!',
'dns saved txt' => 'Die beiden eingegebenen DNS-Server-Adressen wurde erfolgreich gespeichert.<br/>Um die Änderung wirksam zu machen, müssen Sie neustarten oder wiederverbinden!',
'dns server' => 'DNS Server',
+'dns servers' => 'DNS-Server',
'dns title' => 'Domain Name System',
'dnsforward' => 'DNS-Weiterleitung',
'dnsforward add a new entry' => 'Neuen Eintrag hinzufügen',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 20e9db3..f7bfcd8 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -764,6 +764,7 @@
'dns saved' => 'Successfully saved!',
'dns saved txt' => 'The two entered DNS server addresses have been saved successfully.<br />You have to reboot or reconnect that the changes have effect!',
'dns server' => 'DNS Server',
+'dns servers' => 'DNS Servers',
'dns title' => 'Domain Name System',
'dnsforward' => 'DNS Forwarding',
'dnsforward add a new entry' => 'Add a new entry',
hooks/post-receive
--
IPFire 2.x development tree