This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 0fbba54e825ad4d21762e0deb788ec6614d0e744 (commit)
via c63e97bbaf668813ed221d4bcad9019429705a31 (commit)
via 462056ad86e97384b48705a0655aa701147c5167 (commit)
via 5c3b3bd8e19fbcecfc7beb629a9c23b454c3a09e (commit)
via 1e499e90d76743efe0c9cf71c75636559f980fe3 (commit)
via 187590f791bc7b96da5d70469783dae4a5bd00df (commit)
via 831a5ef6ad5bbdc158a5fb40a4db78a7d419f082 (commit)
via 82e454712bc7510c0b03ad87bae1143a3c361274 (commit)
via 323be7c44f30b762655aa621bf5f97d5f19ecb29 (commit)
via 2f3e47a042ced0b90c448840765c22d3fb1f44a6 (commit)
via 679ac9f163b1d4b3f321c0773510fba0bb9cad78 (commit)
via d72de3da144ea4edff4d1c30ff555e8cd43d8b18 (commit)
via 2f36a7b43aa859500994d9bc13f98c17f992c5e4 (commit)
via 775b44943135f15dc9b242ceacf708ecc9653e4a (commit)
via e1297cbb7659618c526fdc1ab07e97f57f55fd78 (commit)
via 6b7cbc8f335106a0d8e8860f343a51bda8e14dbb (commit)
via 91c2eaec9a4528d9c94ae18bf1ac12077faa1f07 (commit)
via b98757a13970bebef354849be7704d5932a28353 (commit)
via 842e2132e84d68046576106356c7ed13ea19bfbd (commit)
via 7ca64c9f0b702864e9c84a85c742712759b85290 (commit)
via d2dabe5eba89eafbade352ad25a3742f790ac7ef (commit)
via b525629a465a12ac737f547871f1f9d495ba711b (commit)
via 263d0a71a9064cf646f87cfbddb55013729dfd93 (commit)
via 979c8463434c6deddd7b61f3e665983ba3b04308 (commit)
via eb3c6c47ca5d8dcbb5fa1a1fbf3d0d6d7799b2e8 (commit)
via 29268dee3b61bde26b8ea3183e4bf13a50b3920c (commit)
from 1164cb0d0b56006d228ac3a9ec2b20ca1f2a7167 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0fbba54e825ad4d21762e0deb788ec6614d0e744
Merge: 1164cb0 c63e97b
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Sat Apr 11 21:58:09 2015 +0200
Merge branch 'master' into next
Conflicts:
lfs/monit
-----------------------------------------------------------------------
Summary of changes:
config/backup/include | 1 +
config/cfgroot/graphs.pl | 12 +-
config/rootfiles/common/collectd | 1 +
config/rootfiles/common/misc-progs | 1 +
config/rootfiles/common/stage2 | 1 +
config/rootfiles/core/89/filelists/files | 4 +
config/rootfiles/core/89/update.sh | 13 ++
html/cgi-bin/netovpnrw.cgi | 4 +-
html/cgi-bin/netovpnsrv.cgi | 4 +-
html/cgi-bin/ovpnmain.cgi | 176 ++++++++++-----------
langs/de/cgi-bin/de.pl | 2 +
langs/en/cgi-bin/en.pl | 2 +
lfs/collectd | 3 +
lfs/stage2 | 3 +-
src/initscripts/sysconfig/createfiles | 3 +
src/misc-progs/Makefile | 2 +-
src/misc-progs/{torctrl.c => collectdctrl.c} | 11 +-
src/misc-progs/openvpnctrl.c | 51 ++++--
...n-Change-data-type-from-COUNTER-to-DERIVE.patch | 2 +-
src/scripts/ovpn-collectd-convert | 26 +++
20 files changed, 205 insertions(+), 117 deletions(-)
copy src/misc-progs/{torctrl.c => collectdctrl.c} (58%)
create mode 100644 src/scripts/ovpn-collectd-convert
Difference in files:
diff --git a/config/backup/include b/config/backup/include
index cc9546f..d7a1d3a 100644
--- a/config/backup/include
+++ b/config/backup/include
@@ -4,6 +4,7 @@
/var/ipfire/*/config
/var/ipfire/*/enable
/var/ipfire/*/*enable*
+/var/ipfire/ovpn/collectd.vpn
/etc/passwd
/etc/shadow
/etc/group
diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl
index 5e6fddb..40c1bc8 100644
--- a/config/cfgroot/graphs.pl
+++ b/config/cfgroot/graphs.pl
@@ -664,32 +664,32 @@ sub updatevpnn2ngraph {
"COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
"COMMENT:".sprintf("%15s",$Lang::tr{'minimal'}),
"COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
- "AREA:incoming#00dd00:".sprintf("%-20s",$Lang::tr{'incoming traffic in bytes per second'}),
+ "AREA:incoming#00dd00:".sprintf("%-23s",$Lang::tr{'incoming traffic in bytes per second'}),
"GPRINT:incoming:MAX:%8.1lf %sBps",
"GPRINT:incoming:AVERAGE:%8.1lf %sBps",
"GPRINT:incoming:MIN:%8.1lf %sBps",
"GPRINT:incoming:LAST:%8.1lf %sBps\\j",
- "STACK:overhead_in#116B11:".sprintf("%-20s",$Lang::tr{'incoming overhead in bytes per second'}),
+ "STACK:overhead_in#116B11:".sprintf("%-23s",$Lang::tr{'incoming overhead in bytes per second'}),
"GPRINT:overhead_in:MAX:%8.1lf %sBps",
"GPRINT:overhead_in:AVERAGE:%8.1lf %sBps",
"GPRINT:overhead_in:MIN:%8.1lf %sBps",
"GPRINT:overhead_in:LAST:%8.1lf %sBps\\j",
- "LINE1:compression_in#ff00ff:".sprintf("%-20s",$Lang::tr{'incoming compression in bytes per second'}),
+ "LINE1:compression_in#ff00ff:".sprintf("%-23s",$Lang::tr{'incoming compression in bytes per second'}),
"GPRINT:compression_in:MAX:%8.1lf %sBps",
"GPRINT:compression_in:AVERAGE:%8.1lf %sBps",
"GPRINT:compression_in:MIN:%8.1lf %sBps",
"GPRINT:compression_in:LAST:%8.1lf %sBps\\j",
- "AREA:outgoingn#dd0000:".sprintf("%-20s",$Lang::tr{'outgoing traffic in bytes per second'}),
+ "AREA:outgoingn#dd0000:".sprintf("%-23s",$Lang::tr{'outgoing traffic in bytes per second'}),
"GPRINT:outgoing:MAX:%8.1lf %sBps",
"GPRINT:outgoing:AVERAGE:%8.1lf %sBps",
"GPRINT:outgoing:MIN:%8.1lf %sBps",
"GPRINT:outgoing:LAST:%8.1lf %sBps\\j",
- "STACK:overhead_outn#870C0C:".sprintf("%-20s",$Lang::tr{'outgoing overhead in bytes per second'}),
+ "STACK:overhead_outn#870C0C:".sprintf("%-23s",$Lang::tr{'outgoing overhead in bytes per second'}),
"GPRINT:overhead_out:MAX:%8.1lf %sBps",
"GPRINT:overhead_out:AVERAGE:%8.1lf %sBps",
"GPRINT:overhead_out:MIN:%8.1lf %sBps",
"GPRINT:overhead_out:LAST:%8.1lf %sBps\\j",
- "LINE1:compression_outn#000000:".sprintf("%-20s",$Lang::tr{'outgoing compression in bytes per second'}),
+ "LINE1:compression_outn#000000:".sprintf("%-23s",$Lang::tr{'outgoing compression in bytes per second'}),
"GPRINT:compression_out:MAX:%8.1lf %sBps",
"GPRINT:compression_out:AVERAGE:%8.1lf %sBps",
"GPRINT:compression_out:MIN:%8.1lf %sBps",
diff --git a/config/rootfiles/common/collectd b/config/rootfiles/common/collectd
index 72b2dee..2732494 100644
--- a/config/rootfiles/common/collectd
+++ b/config/rootfiles/common/collectd
@@ -243,3 +243,4 @@ usr/share/collectd/types.db
#usr/share/man/man5/collectd.conf.5
#usr/share/man/man5/types.db.5
#var/lib/collectd
+var/ipfire/ovpn/collectd.vpn
diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs
index 1ab4dec..f33d08c 100644
--- a/config/rootfiles/common/misc-progs
+++ b/config/rootfiles/common/misc-progs
@@ -2,6 +2,7 @@ usr/local/bin/addonctrl
#usr/local/bin/applejuicectrl
usr/local/bin/backupctrl
#usr/local/bin/clamavctrl
+usr/local/bin/collectdctrl
usr/local/bin/dhcpctrl
usr/local/bin/dnsmasqctrl
usr/local/bin/extrahdctrl
diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2
index 44f24b4..f506daf 100644
--- a/config/rootfiles/common/stage2
+++ b/config/rootfiles/common/stage2
@@ -124,6 +124,7 @@ usr/local/bin/update-lang-cache
#usr/local/src
#usr/sbin
usr/sbin/ovpn-ccd-convert
+usr/sbin/ovpn-collectd-convert
#usr/share
#usr/share/doc
#usr/share/doc/licenses
diff --git a/config/rootfiles/core/89/filelists/files b/config/rootfiles/core/89/filelists/files
index 5ed7194..70c5f3d 100644
--- a/config/rootfiles/core/89/filelists/files
+++ b/config/rootfiles/core/89/filelists/files
@@ -11,6 +11,10 @@ srv/web/ipfire/cgi-bin/netovpnrw.cgi
srv/web/ipfire/cgi-bin/netovpnsrv.cgi
srv/web/ipfire/cgi-bin/ovpnmain.cgi
srv/web/ipfire/cgi-bin/vpnmain.cgi
+usr/local/bin/collectdctrl
+usr/local/bin/openvpnctrl
+usr/sbin/ovpn-collectd-convert
+usr/sbin/setup
var/ipfire/backup/bin/backup.pl
var/ipfire/graphs.pl
var/ipfire/langs
diff --git a/config/rootfiles/core/89/update.sh b/config/rootfiles/core/89/update.sh
index f3de863..e15f937 100644
--- a/config/rootfiles/core/89/update.sh
+++ b/config/rootfiles/core/89/update.sh
@@ -35,10 +35,20 @@ done
/etc/init.d/ipsec stop
# Remove old files
+rm -f /usr/local/sbin/setup
# Extract files
extract_files
+# Update /etc/sysconfig/createfiles
+cat <<EOF >> /etc/sysconfig/createfiles
+/var/run/ovpnserver.log file 644 nobody nobody
+/var/run/openvpn dir 644 nobody nobody
+EOF
+
+# Update /etc/collectd.conf
+echo "include \"/etc/collectd.vpn\"" >> /etc/collectd.conf
+
# Generate ddns configuration file
sudo -u nobody /srv/web/ipfire/cgi-bin/ddns.cgi
@@ -56,6 +66,9 @@ rm -f \
/opt/pakfire/db/*/meta-sqlite \
/opt/pakfire/db/rootfiles/sqlite
+# Update OpenVPN/collectd configuration
+/usr/sbin/ovpn-collectd-convert
+
# Fix #10625
mkdir -p /etc/logrotate.d
diff --git a/html/cgi-bin/netovpnrw.cgi b/html/cgi-bin/netovpnrw.cgi
index f775b23..e0b1148 100755
--- a/html/cgi-bin/netovpnrw.cgi
+++ b/html/cgi-bin/netovpnrw.cgi
@@ -47,10 +47,10 @@ if ( $querry[0] ne "" && $querry[0] ne "UNDEF"){
&Graphs::updatevpngraph($querry[0],$querry[1]);
}else{
&Header::showhttpheaders();
- &Header::openpage($Lang::tr{'host to net vpn'}, 1, '');
+ &Header::openpage($Lang::tr{'vpn statistic rw'}, 1, '');
&Header::openbigbox('100%', 'left');
- my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*/ -not -path *openvpn-UNDEF* -not -path *openvpn-*n2n* -name *.rrd|sort`;
+ my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*/ -not -path *openvpn-UNDEF* -not -path *openvpn-*n2n* -name *.rrd 2>/dev/null|sort`;
foreach (@vpngraphs){
if($_ =~ /(.*)\/openvpn-(.*)\/if_octets_derive.rrd/){
push(@vpns,$2);
diff --git a/html/cgi-bin/netovpnsrv.cgi b/html/cgi-bin/netovpnsrv.cgi
index 0ec9c67..f843462 100755
--- a/html/cgi-bin/netovpnsrv.cgi
+++ b/html/cgi-bin/netovpnsrv.cgi
@@ -47,10 +47,10 @@ if ( $querry[0] ne ""){
&Graphs::updatevpnn2ngraph($querry[0],$querry[1]);
}else{
&Header::showhttpheaders();
- &Header::openpage($Lang::tr{'openvpn server'}, 1, '');
+ &Header::openpage($Lang::tr{'vpn statistic n2n'}, 1, '');
&Header::openbigbox('100%', 'left');
- my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*-n2n/ -not -path *openvpn-UNDEF* -name *traffic.rrd|sort`;
+ my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*-n2n/ -not -path *openvpn-UNDEF* -name *traffic.rrd 2>/dev/null|sort`;
foreach (@vpngraphs){
if($_ =~ /(.*)\/openvpn-(.*)\/if_octets_derive-traffic.rrd/){
push(@vpns,$2);
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 1e07492..9550ca6 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -668,6 +668,29 @@ sub read_routepushfile
}
}
+sub writecollectdconf {
+ my $vpncollectd;
+ my %ccdhash=();
+
+ open(COLLECTDVPN, ">${General::swroot}/ovpn/collectd.vpn") or die "Unable to open collectd.vpn: $!";
+ print COLLECTDVPN "Loadplugin openvpn\n";
+ print COLLECTDVPN "\n";
+ print COLLECTDVPN "<Plugin openvpn>\n";
+ print COLLECTDVPN "Statusfile \"/var/run/ovpnserver.log\"\n";
+
+ &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
+ foreach my $key (keys %ccdhash) {
+ if ($ccdhash{$key}[0] eq 'on' && $ccdhash{$key}[3] eq 'net') {
+ print COLLECTDVPN "Statusfile \"/var/run/openvpn/$ccdhash{$key}[1]-n2n\"\n";
+ }
+ }
+
+ print COLLECTDVPN "</Plugin>\n";
+ close(COLLECTDVPN);
+
+ # Reload collectd afterwards
+ system("/usr/local/bin/collectdctrl restart &>/dev/null");
+}
#hier die refresh page
if ( -e "${General::swroot}/ovpn/gencanow") {
@@ -1166,10 +1189,17 @@ SETTINGS_ERROR:
my $file = '';
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+ # Kill all N2N connections
+ system("/usr/local/bin/openvpnctrl -kn2n &>/dev/null");
+
foreach my $key (keys %confighash) {
+ my $name = $confighash{$cgiparams{'$key'}}[1];
+
if ($confighash{$key}[4] eq 'cert') {
delete $confighash{$cgiparams{'$key'}};
}
+
+ system ("/usr/local/bin/openvpnctrl -drrd $name");
}
while ($file = glob("${General::swroot}/ovpn/ca/*")) {
unlink $file;
@@ -1196,11 +1226,6 @@ SETTINGS_ERROR:
while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
unlink $file
}
-# Delete all RRD files for Roadwarrior connections
- chdir('/var/ipfire/ovpn/ccd');
- while ($file = glob("*")) {
- system ("/usr/local/bin/openvpnctrl -drrd $file");
- }
while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
unlink $file
}
@@ -1216,6 +1241,9 @@ SETTINGS_ERROR:
system ("rm -rf $file");
}
+ # Remove everything from the collectd configuration
+ &writecollectdconf();
+
#&writeserverconf();
###
### Reset all step 1
@@ -2041,7 +2069,8 @@ END
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
- system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
+ system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
+ &writecollectdconf();
}
} else {
@@ -2049,14 +2078,15 @@ END
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
- if ($n2nactive ne ''){
- system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
- }
+ if ($n2nactive ne '') {
+ system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
+ &writecollectdconf();
+ }
} else {
- $errormessage = $Lang::tr{'invalid key'};
+ $errormessage = $Lang::tr{'invalid key'};
}
- }
+ }
}
###
@@ -2313,75 +2343,69 @@ else
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
- &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
- &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+ &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
+ &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- if ($confighash{$cgiparams{'KEY'}}) {
-# if ($vpnsettings{'ENABLED'} eq 'on' ||
-# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
-# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
-# }
-#
- my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+ if ($confighash{$cgiparams{'KEY'}}) {
+ my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
###
# m.a.d net2net
###
-if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
- my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
- my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
- unlink ($certfile);
- unlink ($conffile);
+ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
+ # Stop the N2N connection before it is removed
+ system("/usr/local/bin/openvpnctrl -kn2n $confighash{$cgiparams{'KEY'}}[1] &>/dev/null");
- if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") {
- rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
- }
-}
+ my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
+ my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+ unlink ($certfile);
+ unlink ($conffile);
- unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
- unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+ if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") {
+ rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
+ }
+ }
+
+ unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
+ unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
# A.Marx CCD delete ccd files and routes
-
- if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]")
- {
- unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]";
- }
-
- &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
- foreach my $key (keys %ccdroutehash) {
- if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
- delete $ccdroutehash{$key};
+ if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]")
+ {
+ unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]";
}
- }
- &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
- &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
- foreach my $key (keys %ccdroute2hash) {
- if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
- delete $ccdroute2hash{$key};
+ &General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+ foreach my $key (keys %ccdroutehash) {
+ if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
+ delete $ccdroutehash{$key};
+ }
}
- }
- &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
- &writeserverconf;
-
+ &General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
-# CCD end
+ &General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+ foreach my $key (keys %ccdroute2hash) {
+ if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
+ delete $ccdroute2hash{$key};
+ }
+ }
+ &General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+ &writeserverconf;
-###
-### Delete all RRD's for client
-###
- system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]");
- delete $confighash{$cgiparams{'KEY'}};
- my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
- &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+# CCD end
+ # Update collectd configuration and delete all RRD files of the removed connection
+ &writecollectdconf();
+ system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]");
- #&writeserverconf();
- } else {
- $errormessage = $Lang::tr{'invalid key'};
- }
+ delete $confighash{$cgiparams{'KEY'}};
+ my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+ &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+
+ } else {
+ $errormessage = $Lang::tr{'invalid key'};
+ }
&General::firewall_reload();
###
@@ -3054,32 +3078,6 @@ END
}
###
-### Remove connection
-###
-} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
- &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
- &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-
- if ($confighash{$cgiparams{'KEY'}}) {
-# if ($vpnsettings{'ENABLED'} eq 'on' ||
-# $vpnsettings{'ENABLED_BLUE'} eq 'on') {
-# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
-# }
- unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
- unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
- delete $confighash{$cgiparams{'KEY'}};
- &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
- #&writeserverconf();
- } else {
- $errormessage = $Lang::tr{'invalid key'};
- }
-#test33
-
-###
-### Choose between adding a host-net or net-net connection
-###
-
-###
# m.a.d net2net
###
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index eb29b5f..859c8d3 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -2574,6 +2574,8 @@
'vpn red name' => 'Öffentliche IP oder FQDN für das rote Interface oder <%defaultroute>',
'vpn remote id' => 'Remote ID',
'vpn subjectaltname' => 'Subjekt Alternativer Name',
+'vpn statistic rw' => 'OpenVPN-Roadwarrior-Statistik',
+'vpn statistic n2n' => 'OpenVPN-Netz-zu-Netz-Statistik',
'vpn vhost' => 'Roadwarrior virtuelle IP (manchmal auch Inner-IP genannt)',
'vpn watch' => 'Netz-zu-Netz VPN neu starten, wenn sich Remote-IP ändert (DynDNS).',
'waiting to synchronize clock' => 'Bitte warten, die Uhr wird synchronisiert',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 8c049ff..6a9a983 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -2615,6 +2615,8 @@
'vpn payload compression' => 'Negotiate payload compression',
'vpn red name' => 'Public IP or FQDN for RED interface or <%defaultroute>',
'vpn remote id' => 'Remote ID',
+'vpn statistic rw' => 'OpenVPN Roadwarrior Statistics',
+'vpn statistic n2n' => 'OpenVPN Net-to-Net Statistics',
'vpn subjectaltname' => 'Subject Alt Name',
'vpn vhost' => 'Roadwarrior virtual IP (sometimes called Inner-IP)',
'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes (dyndns).',
diff --git a/lfs/collectd b/lfs/collectd
index f01c92a..6f9c0e5 100644
--- a/lfs/collectd
+++ b/lfs/collectd
@@ -112,6 +112,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
--with-librrd=/usr/share/rrdtool-1.2.30
cd $(DIR_APP) && make install
cp -vf $(DIR_SRC)/config/collectd/collectd.* /etc/
+ mv /etc/collectd.vpn /var/ipfire/ovpn/collectd.vpn
+ chown nobody.nobody /var/ipfire/ovpn/collectd.vpn
+ ln -f -s ../var/ipfire/ovpn/collectd.vpn /etc/collectd.vpn
ln -f -s ../init.d/collectd /etc/rc.d/rc0.d/K50collectd
ln -f -s ../init.d/collectd /etc/rc.d/rc3.d/S29collectd
ln -f -s ../init.d/collectd /etc/rc.d/rc6.d/K50collectd
diff --git a/lfs/stage2 b/lfs/stage2
index 895ee15..53f81d1 100644
--- a/lfs/stage2
+++ b/lfs/stage2
@@ -101,7 +101,8 @@ $(TARGET) :
# Move script to correct place.
mv -vf /usr/local/bin/ovpn-ccd-convert /usr/sbin/
-
+ mv -vf /usr/local/bin/ovpn-collectd-convert /usr/sbin/
+
# Install firewall scripts.
mkdir -pv /usr/lib/firewall
install -m 755 $(DIR_SRC)/config/firewall/rules.pl \
diff --git a/src/initscripts/sysconfig/createfiles b/src/initscripts/sysconfig/createfiles
index 8d1f89d..cf7d6e1 100644
--- a/src/initscripts/sysconfig/createfiles
+++ b/src/initscripts/sysconfig/createfiles
@@ -25,4 +25,7 @@
# <major> and <minor> are the major and minor numbers used for the device.
########################################################################
+/var/run/ovpnserver.log file 644 nobody nobody
+/var/run/openvpn dir 644 nobody nobody
+
# End /etc/sysconfig/createfiles
diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile
index f5802d2..43e6a90 100644
--- a/src/misc-progs/Makefile
+++ b/src/misc-progs/Makefile
@@ -25,7 +25,7 @@ LIBS = -lsmooth -lnewt
PROGS = iowrap
SUID_PROGS = squidctrl sshctrl ipfirereboot \
ipsecctrl timectrl dhcpctrl snortctrl \
- applejuicectrl rebuildhosts backupctrl \
+ applejuicectrl rebuildhosts backupctrl collectdctrl \
logwatch openvpnctrl firewallctrl \
wirelessctrl getipstat qosctrl launch-ether-wake \
redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \
diff --git a/src/misc-progs/collectdctrl.c b/src/misc-progs/collectdctrl.c
new file mode 100644
index 0000000..86e4b2a
--- /dev/null
+++ b/src/misc-progs/collectdctrl.c
@@ -0,0 +1,39 @@
+/* This file is part of the IPFire Firewall.
+ *
+ * This program is distributed under the terms of the GNU General Public
+ * Licence. See the file COPYING for details.
+ *
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include "setuid.h"
+
+int main(int argc, char *argv[]) {
+ if (!(initsetuid()))
+ exit(1);
+
+ if (argc < 2) {
+ fprintf(stderr, "\nNo argument given.\n\ncollectdctrl (start|stop|restart)\n\n");
+ exit(1);
+ }
+
+ if (strcmp(argv[1], "restart") == 0) {
+ safe_system("/etc/rc.d/init.d/collectd restart");
+
+ } else if (strcmp(argv[1], "stop") == 0) {
+ safe_system("/etc/rc.d/init.d/collectd stop");
+
+ } else if (strcmp(argv[1], "start") == 0) {
+ safe_system("/etc/rc.d/init.d/collectd start");
+
+ } else {
+ fprintf(stderr, "\nBad argument given.\n\ncollectdctrl (start|stop|restart)\n\n");
+ exit(1);
+ }
+
+ return 0;
+}
diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index d20cced..20967e4 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -1,3 +1,4 @@
+#define _XOPEN_SOURCE 500
#include <signal.h>
#include <stdio.h>
#include <string.h>
@@ -7,6 +8,7 @@
#include <arpa/inet.h>
#include <netinet/in.h>
#include <fcntl.h>
+#include <ftw.h>
#include "setuid.h"
#include "netutil.h"
#include "libsmooth.h"
@@ -44,6 +46,18 @@ struct connection_struct {
typedef struct connection_struct connection;
+static int recursive_remove_callback(const char* fpath, const struct stat* sb, int typeflag, struct FTW* ftwbuf) {
+ int rv = remove(fpath);
+ if (rv)
+ perror(fpath);
+
+ return rv;
+}
+
+static int recursive_remove(const char* path) {
+ return nftw(path, recursive_remove_callback, 64, FTW_DEPTH | FTW_PHYS);
+}
+
void exithandler(void)
{
if(kv)
@@ -537,6 +551,7 @@ int startNet2Net(char *name) {
int killNet2Net(char *name) {
connection *conn = NULL;
connection *conn_iter;
+ int rc = 0;
conn_iter = getConnections();
@@ -569,26 +584,40 @@ int killNet2Net(char *name) {
snprintf(command, STRING_SIZE - 1, "/bin/rm -f %s", pidfile);
executeCommand(command);
+ char runfile[STRING_SIZE];
+ snprintf(runfile, STRING_SIZE - 1, "/var/run/openvpn/%s-n2n", conn->name);
+ rc = recursive_remove(runfile);
+ if (rc)
+ perror(runfile);
+
return 0;
}
int deleterrd(char *name) {
+ char rrd_dir[STRING_SIZE];
+
connection *conn = getConnections();
+ while(conn) {
+ if (strcmp(conn->name, name) != 0) {
+ conn = conn->next;
+ continue;
+ }
- char rrd_file[STRING_SIZE];
- snprintf(rrd_file, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s/if_octets.rrd", name);
+ // Handle RW connections
+ if (strcmp(conn->type, "host") == 0) {
+ snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s/", name);
- char rrd_dir[STRING_SIZE];
- snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s", name);
+ // Handle N2N connections
+ } else if (strcmp(conn->type, "net") == 0) {
+ snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s-n2n/", name);
- while(conn) {
- /* Find only RW-Connections with the given name. */
- if (((strcmp(conn->type, "host") == 0) && (strcmp(conn->name, name) == 0))) {
- remove(rrd_file);
- remove(rrd_dir);
- return 0;
+ // Unhandled connection type
+ } else {
+ conn = conn->next;
+ continue;
}
- conn = conn->next;
+
+ return recursive_remove(rrd_dir);
}
return 1;
diff --git a/src/patches/collectd/0022-openvpn-Change-data-type-from-COUNTER-to-DERIVE.patch b/src/patches/collectd/0022-openvpn-Change-data-type-from-COUNTER-to-DERIVE.patch
index ec6819c..0704a6b 100644
--- a/src/patches/collectd/0022-openvpn-Change-data-type-from-COUNTER-to-DERIVE.patch
+++ b/src/patches/collectd/0022-openvpn-Change-data-type-from-COUNTER-to-DERIVE.patch
@@ -61,7 +61,7 @@ index 2db3677..d446e99 100644
sstrncpy (vl.plugin_instance, pinst,
sizeof (vl.plugin_instance));
- sstrncpy (vl.type, "compression", sizeof (vl.type));
-+ sstrncpy (vl.type, "compression_dervice", sizeof (vl.type));
++ sstrncpy (vl.type, "compression_derive", sizeof (vl.type));
if (tinst != NULL)
sstrncpy (vl.type_instance, tinst, sizeof (vl.type_instance));
diff --git a/src/scripts/ovpn-collectd-convert b/src/scripts/ovpn-collectd-convert
new file mode 100644
index 0000000..59d67b9
--- /dev/null
+++ b/src/scripts/ovpn-collectd-convert
@@ -0,0 +1,26 @@
+#!/usr/bin/perl
+# Converter script for adding existing OpenVPN N2N connections to collectd
+# Used for core update 89
+
+my %ovpnconfig=();
+
+require '/var/ipfire/general-functions.pl';
+
+open(COLLECTDVPN, ">${General::swroot}/ovpn/collectd.vpn") or die "Unable to open collectd.vpn: $!";
+print COLLECTDVPN "Loadplugin openvpn\n";
+print COLLECTDVPN "\n";
+print COLLECTDVPN "<Plugin openvpn>\n";
+print COLLECTDVPN "Statusfile \"/var/run/ovpnserver.log\"\n";
+
+&General::readhasharray("/var/ipfire/ovpn/ovpnconfig", \%ovpnconfig);
+foreach my $key (keys %ovpnconfig) {
+ if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] eq 'net') {
+ print COLLECTDVPN "Statusfile \"/var/run/openvpn/$ovpnconfig{$key}[1]-n2n\"\n";
+ }
+}
+
+print COLLECTDVPN "</Plugin>\n";
+close(COLLECTDVPN);
+
+# Reload collectd afterwards
+system("/usr/local/bin/collectdctrl restart &>/dev/null");
hooks/post-receive
--
IPFire 2.x development tree