[git.ipfire.org] IPFire 2.x development tree branch, next, updated. a66e24bbfd09b2ab2345ece2079d7143348a3980

19 Nov 2012

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
       via  a66e24bbfd09b2ab2345ece2079d7143348a3980 (commit)
       via  07cdb8f659667b4e03a2014febca940165e723f0 (commit)
       via  350f298025cf2f46ad9c25e4936e9aa9682ee452 (commit)
       via  7db34105f9ef59b269730e137f224e2848181ccf (commit)
       via  2ee746be048e2667c3fd6537873eb1763aa8b7b7 (commit)
      from  8c877a82f6a63e07e2dde8d55c6e0db4893bf73d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a66e24bbfd09b2ab2345ece2079d7143348a3980
Author: Stefan Schantl stefan.schantl@ipfire.org
Date:   Mon Nov 19 21:07:55 2012 +0100
openvpn.cgi: Respect if mtu-disc hasn't been configured yet.
If mtu-disc has not been configured, the script anyway has write mtu-disc to the configuration files,
    which has brocken them.
commit 07cdb8f659667b4e03a2014febca940165e723f0
Author: Stefan Schantl stefan.schantl@ipfire.org
Date:   Sat Nov 17 16:35:38 2012 +0100
Add ovpn-ccd-convert script.
This script is required, to convert existing OpenVPN roadwarrior configurations to
    work with the new CCD extension.
commit 350f298025cf2f46ad9c25e4936e9aa9682ee452
Merge: 7db3410 2ee746b
Author: Stefan Schantl stefan.schantl@ipfire.org
Date:   Sat Nov 17 13:04:53 2012 +0100
Merge branch 'ovpn-mtu-disc' into next
Conflicts:
    	html/cgi-bin/ovpnmain.cgi
commit 7db34105f9ef59b269730e137f224e2848181ccf
Author: Stefan Schantl stefan.schantl@ipfire.org
Date:   Fri Nov 16 21:06:47 2012 +0100
Add update-lang-cache script.
This script can be used, to update the language cache if any strings will be added
    or modified.
commit 2ee746be048e2667c3fd6537873eb1763aa8b7b7
Author: Stefan Schantl stefan.schantl@ipfire.org
Date:   Sun Nov 11 17:53:53 2012 +0100
Add support for mtu-disc to openvpn.
OpenVPN now have support for an automaticaly mtu path discovery.
    This feature can be enabled on roadwarrior or net-to-net connections.
    It can be fully configured by using the webinterface.
-----------------------------------------------------------------------
Summary of changes:
 config/rootfiles/common/stage2 |   2 +
 html/cgi-bin/ovpnmain.cgi      | 145 +++++++++++++++++++++++++++++++++++------
 langs/de/cgi-bin/de.pl         |   7 ++
 langs/en/cgi-bin/en.pl         |   7 ++
 lfs/stage2                     |   3 +
 src/scripts/ovpn-ccd-convert   |  45 +++++++++++++
 src/scripts/update-lang-cache  |   3 +
 7 files changed, 192 insertions(+), 20 deletions(-)
 create mode 100644 src/scripts/ovpn-ccd-convert
 create mode 100644 src/scripts/update-lang-cache
Difference in files:

diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2
index 796e0f3..6871cc9 100644
--- a/config/rootfiles/common/stage2
+++ b/config/rootfiles/common/stage2
@@ -75,6 +75,7 @@ usr/local/bin/setddns.pl
 usr/local/bin/settime
 usr/local/bin/timecheck
 #usr/local/bin/uname
+usr/local/bin/update-lang-cache
 usr/local/bin/vpn-watch
 #usr/local/include
 #usr/local/lib
@@ -94,6 +95,7 @@ usr/local/bin/vpn-watch
 #usr/local/share/zoneinfo
 #usr/local/src
 #usr/sbin
+usr/sbin/ovpn-ccd-convert
 #usr/share
 #usr/share/doc
 #usr/share/doc/licenses
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index baabe8b..9dd8272 100755
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -78,6 +78,7 @@ $cgiparams{'ROUTES_PUSH'} = '';
 $cgiparams{'DCOMPLZO'} = 'off';
 $cgiparams{'MSSFIX'} = '';
 $cgiparams{'number'} = '';
+$cgiparams{'PMTU_DISCOVERY'} = '';
 $routes_push_file = "${General::swroot}/ovpn/routes_push";
 unless (-e $routes_push_file)    { system("touch $routes_push_file"); }
 unless (-e "${General::swroot}/ovpn/ccd.conf")    { system("touch ${General::swroot}/ovpn/ccd.conf"); }
@@ -333,7 +334,6 @@ sub writeserverconf {
     print CONF "#DAN prepare OpenVPN for listening on blue and orange\n";
     print CONF ";local $sovpnsettings{'VPN_IP'}\n";
     print CONF "dev $sovpnsettings{'DDEVICE'}\n";
-    print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n";
     print CONF "proto $sovpnsettings{'DPROTOCOL'}\n";
     print CONF "port $sovpnsettings{'DDEST_PORT'}\n";
     print CONF "script-security 3 system\n";
@@ -347,7 +347,18 @@ sub writeserverconf {
     my @tempovpnsubnet = split("/",$sovpnsettings{'DOVPN_SUBNET'});
     print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n";
     #print CONF "push "route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}"\n";
-    
+   
+    # Check if we are using mssfix, fragment or mtu-disc and set the corretct mtu of 1500.
+    # If we doesn't use one of them, we can use the configured mtu value.
+    if ($sovpnsettings{'MSSFIX'} eq 'on') 
+	{ print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
+    elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') 
+	{ print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
+    elsif (($sovpnsettings{'PMTU_DISCOVERY'} ne 'off') || ($sovpnsettings{'PMTU_DISCOVERY'} ne ''))
+	{ print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } 
+    else 
+	{ print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; }
+
     if ($vpnsettings{'ROUTES_PUSH'} ne '') {
    	@temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'});
    	foreach (@temp)
@@ -383,6 +394,11 @@ sub writeserverconf {
     if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') {
    print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";   
     }
+
+    if (($sovpnsettings{PMTU_DISCOVERY} ne 'off') || ($sovpnsettings{'PMTU_DISCOVERY'} ne '')) {
+	print CONF "mtu-disc $sovpnsettings{'PMTU_DISCOVERY'}\n";
+    }
+
     if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {	
    print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n";
     }	
@@ -813,6 +829,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
     $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'};
     $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'};
     $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'};
+    $vpnsettings{'PMTU_DISCOVERY'} = $cgiparams{'PMTU_DISCOVERY'};
     my @temp=();
if ($cgiparams{'FRAGMENT'} eq '') {
@@ -830,6 +847,14 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
     } else {
     	$vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
     }
+
+    if ($cgiparams{'PMTU_DISCOVERY'} ne 'off') {
+	if (($cgiparams{'MSSFIX'} eq 'on') || ($cgiparams{'FRAGMENT'} ne '')) {
+		$errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'};
+		goto ADV_ERROR;
+	}
+    }
+		
     if ($cgiparams{'DHCP_DOMAIN'} ne ''){
    unless (&General::validfqdn($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) {
    	$errormessage = $Lang::tr{'invalid input for dhcp domain'};
@@ -976,6 +1001,13 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
   if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";} 
   if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; }; 
   }
+  if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') || ($cgiparams{'PMTU_DISCOVERY'} ne '')) {
+	if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) {
+		if($cgiparams{'MTU'} eq '1500') {
+			print SERVERCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n";
+		}
+	}
+  }
   print SERVERCONF "# Auth. Server\n"; 
   print SERVERCONF "tls-server\n"; 
   print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; 
@@ -1054,7 +1086,13 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
   if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";}
   if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; }; 
   }
- 
+   if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') || ($cgiparams{'PMTU_DISCOVERY'} ne '')) {
+        if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) {
+		if ($cgiparams{'MTU'} eq '1500') {
+                	print CLIENTCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n";
+		}
+        }
+  } 
   print CLIENTCONF "ns-cert-type server\n";   
   print CLIENTCONF "# Auth. Client\n"; 
   print CLIENTCONF "tls-client\n"; 
@@ -1982,6 +2020,13 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
    if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";}
    if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";}
    }
+   if ($confighash{$cgiparams{'KEY'}}[38] ne 'off') {
+	if (($confighash{$cgiparams{'KEY'}}[23] ne 'on') || ($confighash{$cgiparams{'KEY'}}[24] eq '')) {
+		if ($tunmtu eq '1500' ) {
+			print CLIENTCONF "mtu-disc $confighash{$cgiparams{'KEY'}}[38]\n";
+		}
+	}
+   }
    print CLIENTCONF "ns-cert-type server\n";   
    print CLIENTCONF "# Auth. Client\n"; 
    print CLIENTCONF "tls-client\n"; 
@@ -2041,7 +2086,18 @@ else
     print CLIENTCONF "nobind\n";
     print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n";
     print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n";
-    print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n";
+
+    # Check if we are using fragment, mssfix or mtu-disc and set MTU to 1500
+    # or use configured value.
+    if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' )
+	{ print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
+    elsif ($vpnsettings{MSSFIX} eq 'on')
+	{ print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
+    elsif (($vpnsettings{PMTU_DISCOVERY} ne 'off') || ($cgiparams{'PMTU_DISCOVERY'} ne ''))
+	{ print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
+    else
+	{ print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; }
+
     if ( $vpnsettings{'ENABLED'} eq 'on'){
     	print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n";
    if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){	
@@ -2085,6 +2141,11 @@ else
     if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) {
    print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
     }
+    if (($vpnsettings{PMTU_DISCOVERY} ne 'off') || ($cgiparams{'PMTU_DISCOVERY'} ne '')) {
+	if(($vpnsettings{MSSFIX} ne 'on') || ($vpnsettings{FRAGMENT} eq '')) {
+		print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\n";
+	}
+    }
     close(CLIENTCONF);
$zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
@@ -2264,6 +2325,7 @@ ADV_ERROR:
     $checked{'MSSFIX'}{'off'} = '';
     $checked{'MSSFIX'}{'on'} = '';
     $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
+    $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked='checked'';
     $selected{'LOG_VERB'}{'1'} = '';
     $selected{'LOG_VERB'}{'2'} = '';
     $selected{'LOG_VERB'}{'3'} = '';
@@ -2335,7 +2397,7 @@ print <<END;
    <td class'base'><b>$Lang::tr{'misc-options'}</b></td>
     </tr>
     <tr>
-	<td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='50%'></td>
+	<td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td>
     </tr>
     <tr>
    <td class='base'>Client-To-Client</td>
@@ -2364,7 +2426,15 @@ print <<END;
      	  <td class='base'>mssfix</td>
      	  <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
      	  <td>Default: on</td>
-   	  </tr>	
+   	  </tr>
+
+	<tr>
+		<td class='base'>$Lang::tr{'ovpn mtu-disc'}</td>
+		<td><input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}</td>
+		<td><input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}</td>
+		<td><input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'}</td>
+		<td><input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'}</td>
+	</tr>
 </table>
<!--
@@ -2922,6 +2992,7 @@ END
 my $complzoactive;
 my $mssfixactive;
 my $n2nfragment;
+my @n2nmtudisc = split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]);;
 my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
 my @n2nproto = split(/-/, $n2nproto2[1]);
 my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]);
@@ -2956,6 +3027,7 @@ $n2nremsub[2] =~ s/\n|\r//g;
 $n2nlocalsub[2] =~ s/\n|\r//g;
 $n2nfragment[1] =~ s/\n|\r//g;
 $n2nmgmt[2] =~ s/\n|\r//g;
+$n2nmtudisc[1] =~ s/\n|\r//g;
 chomp ($complzoactive);
 chomp ($mssfixactive);
@@ -3009,26 +3081,28 @@ foreach my $dkey (keys %confighash) {
    
   $key = &General::findhasharraykey (%confighash);
-	foreach my $i (0 .. 38) { $confighash{$key}[$i] = "";}
+	foreach my $i (0 .. 39) { $confighash{$key}[$i] = "";}
+
    $confighash{$key}[0] = 'off';
    $confighash{$key}[1] = $n2nname[0];
-    $confighash{$key}[2] = $n2nname[0];	
+	$confighash{$key}[2] = $n2nname[0];	
    $confighash{$key}[3] = 'net';
    $confighash{$key}[4] = 'cert';	
    $confighash{$key}[6] = 'client';		
    $confighash{$key}[8] =  $n2nlocalsub[2];
-    $confighash{$key}[10] = $n2nremote[1];
-    $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]";		
+	$confighash{$key}[10] = $n2nremote[1];
+	$confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]";		
    $confighash{$key}[22] = $n2nmgmt[2];
-    $confighash{$key}[23] = $mssfixactive;
+	$confighash{$key}[23] = $mssfixactive;
    $confighash{$key}[24] = $n2nfragment[1];
-    $confighash{$key}[25] = 'IPFire n2n Client';
+	$confighash{$key}[25] = 'IPFire n2n Client';
    $confighash{$key}[26] = 'red';
-    $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0";
-    $confighash{$key}[28] = $n2nproto[0];
-    $confighash{$key}[29] = $n2nport[1];
-    $confighash{$key}[30] = $complzoactive;
-    $confighash{$key}[31] = $n2ntunmtu[1];
+	$confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0";
+	$confighash{$key}[28] = $n2nproto[0];
+	$confighash{$key}[29] = $n2nport[1];
+	$confighash{$key}[30] = $complzoactive;
+	$confighash{$key}[31] = $n2ntunmtu[1];
+	$confighash{$key}[38] = $n2nmtudisc[1];
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
@@ -3066,6 +3140,7 @@ foreach my $dkey (keys %confighash) {
    	<tr><td class='boldbase' nowrap='nowrap'>MSSFIX </td><td><b>$confighash{$key}[23]</b></td></tr>
    	<tr><td class='boldbase' nowrap='nowrap'>Fragment </td><td><b>$confighash{$key}[24]</b></td></tr>
    	<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
+		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td><td><b>$confighash{$key}[38]</b></td></tr>
    	<tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr>
    	<tr><td>&nbsp;</td><td>&nbsp;</td></tr>	
     </table>
@@ -3163,6 +3238,7 @@ if ($confighash{$cgiparams{'KEY'}}) {
    	$cgiparams{'CCD_DNS1'}			= $confighash{$cgiparams{'KEY'}}[35];
    	$cgiparams{'CCD_DNS2'}			= $confighash{$cgiparams{'KEY'}}[36];
    	$cgiparams{'CCD_WINS'}			= $confighash{$cgiparams{'KEY'}}[37];
+		$cgiparams{'PMTU_DISCOVERY'} = $confighash{$cgiparams{'KEY'}}[38];
    } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
    $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
    
@@ -3392,6 +3468,22 @@ if ($cgiparams{'TYPE'} eq 'net') {
        goto VPNCONF_ERROR;
     }
+    if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') && ($cgiparams{'MTU'} ne '1500')) {
+	$errormessage = $Lang::tr{'ovpn mtu-disc and mtu not 1500'};
+	unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+	rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+	goto VPNCONF_ERROR;
+    }
+
+    if ($cgiparams{'PMTU_DISCOVERY'} ne 'off') {
+	if (($cgiparams{'FRAGMENT'} ne '') || ($cgiparams{'MSSFIX'} eq 'on')) {
+		$errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'};
+		unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+		rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+		goto VPNCONF_ERROR;
+	}
+    }
+
     if ( &validdotmask ($cgiparams{'LOCAL_SUBNET'}))  {
    	  $errormessage = $Lang::tr{'openvpn prefix local subnet'};
    	  unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
@@ -3810,8 +3902,9 @@ if ($cgiparams{'TYPE'} eq 'net') {
    $confighash{$key}[35] 		= $cgiparams{'CCD_DNS1'};
    $confighash{$key}[36] 		= $cgiparams{'CCD_DNS2'};
    $confighash{$key}[37] 		= $cgiparams{'CCD_WINS'};
-		
-		
+	$confighash{$key}[38]		= $cgiparams{'PMTU_DISCOVERY'};
+
+
    &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
    
    if ($cgiparams{'CHECK1'} ){
@@ -3975,6 +4068,8 @@ if ($cgiparams{'TYPE'} eq 'net') {
     $checked{'MSSFIX'}{'on'} = '';
     $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
+    $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked='checked'';
+
if (1) {
    &Header::showhttpheaders();
@@ -4076,10 +4171,20 @@ if ($cgiparams{'TYPE'} eq 'net') {
    	    <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td>
         <td colspan='2'>$Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}</span></td>
+	<tr>
+		<td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td>
+		<td colspan='2'>
+			<input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}
+			<input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}
+        		<input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'}
+	        	<input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'}
+		</td>
+	</tr>
+
 END
 ;
    }
-
+#jumper
    print "<tr><td class='boldbase'>$Lang::tr{'remark title'}&nbsp;<img src='/blob.gif' /></td>";
    print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr></table>";
    
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index cb29cf1..186e99e 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1387,6 +1387,13 @@
 'ovpn errmsg green already pushed' => 'Route für grünes Netzwerk wird immer gesetzt',
 'ovpn errmsg invalid ip or mask' => 'Ungültige Netzwerk-Adresse oder Subnetzmaske',
 'ovpn log' => 'OVPN-Log',
+'ovpn mtu-disc' => 'Path MTU Discovery',
+'ovpn mtu-disc maybe' => 'Optional',
+'ovpn mtu-disc no' => 'Niemals',
+'ovpn mtu-disc off' => 'Deaktiviert',
+'ovpn mtu-disc yes' => 'Forciert',
+'ovpn mtu-disc and mtu not 1500' => 'Path MTU Discovery benötigt eine MTU von 1500.',
+'ovpn mtu-disc with mssfix or fragment' => 'Path MTU Discovery kann nicht gemeinsam mit mssfix oder fragment verwendet werden.',
 'ovpn on blue' => 'OpenVPN auf BLAU',
 'ovpn on orange' => 'OpenVPN auf ORANGE',
 'ovpn on red' => 'OpenVPN auf ROT',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index d92fadc..739dffa 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1414,6 +1414,13 @@
 'ovpn errmsg green already pushed' => 'Route for green network is always set',
 'ovpn errmsg invalid ip or mask' => 'Invalid network-address or subnetmask',
 'ovpn log' => 'OVPN-Log',
+'ovpn mtu-disc' => 'Path MTU Discovery',
+'ovpn mtu-disc maybe' => 'Optionally',
+'ovpn mtu-disc no' => 'Never',
+'ovpn mtu-disc off' => 'Disabled',
+'ovpn mtu-disc yes' => 'Forced',
+'ovpn mtu-disc and mtu not 1500' => 'Path MTU Discovery requires a MTU of 1500.',
+'ovpn mtu-disc with mssfix or fragment' => 'Path MTU Discovery cannot be used with mssfix or fragment.',
 'ovpn on blue' => 'OpenVPN on BLUE',
 'ovpn on orange' => 'OpenVPN on ORANGE',
 'ovpn on red' => 'OpenVPN on RED',
diff --git a/lfs/stage2 b/lfs/stage2
index 5f038c3..5059923 100644
--- a/lfs/stage2
+++ b/lfs/stage2
@@ -89,6 +89,9 @@ $(TARGET) :
        chmod 755 /usr/local/bin/`basename $$i`; \
    done
+	# Move script to correct place.
+	mv -vf /usr/local/bin/ovpn-ccd-convert /usr/sbin/
+
    # Nobody user
    -mkdir -p /home/nobody
    chown -R nobody:nobody /home/nobody
diff --git a/src/scripts/ovpn-ccd-convert b/src/scripts/ovpn-ccd-convert
new file mode 100644
index 0000000..18c298c
--- /dev/null
+++ b/src/scripts/ovpn-ccd-convert
@@ -0,0 +1,45 @@
+#!/usr/bin/perl
+
+my %net=();
+my %ovpnconfig=();
+my @serverconf=();
+my $greennet;
+my $greensubnet;
+
+require '/var/ipfire/general-functions.pl';
+
+if ( -e "/var/run/openvpn.pid"){
+	system('/usr/local/bin/openvpnctrl', '-k');
+}
+
+&General::readhash("/var/ipfire/ethernet/settings", %net);
+	$greennet=$net{'GREEN_NETADDRESS'};
+	$greensubnet=$net{'GREEN_NETMASK'};
+open(FILE,"/var/ipfire/ovpn/server.conf");
+				while (<FILE>) {
+					$_=~s/\s*$//g;
+					if ($_ ne "route $greennet $greensubnet"){
+						push (@serverconf,$_."\n");
+					}else{
+						print"\nFound ROUTE >>route $greennet $greensubnet<< in server.conf.. Deleted!";
+					}
+				}
+
+&General::readhasharray("/var/ipfire/ovpn/ovpnconfig", %ovpnconfig);
+foreach my $key (keys %ovpnconfig){
+	if($ovpnconfig{$key}[32] eq ''){
+		open ( CCDRWCONF,'>',"/var/ipfire/ovpn/ccd/$ovpnconfig{$key}[2]") or die "Unable to create clientconfigfile $!";
+		print CCDRWCONF "# OpenVPN Clientconfig from CCD extension by Copymaster#\n\n";
+		print CCDRWCONF "#This client uses the dynamic pool\n\n";
+		print CCDRWCONF "\n#Client gets routes to these Networks (behind IPFIRE)\n";
+		print CCDRWCONF "push "route $greennet $greensubnet"\n";
+		close CCDRWCONF;
+		print"Client $ovpnconfig{$key}[2] converted! \n";
+	}else{
+		print "Client $ovpnconfig{$key}[2] NOT converted!\n";
+	}
+	$ovpnconfig{$key}[32] = 'dynamic';
+}
+&General::writehasharray("/var/ipfire/ovpn/ovpnconfig", %ovpnconfig);
+system('/usr/local/bin/openvpnctrl', '-s');
+
diff --git a/src/scripts/update-lang-cache b/src/scripts/update-lang-cache
new file mode 100644
index 0000000..971664e
--- /dev/null
+++ b/src/scripts/update-lang-cache
@@ -0,0 +1,3 @@
+#!/bin/sh
+perl -e "require '//var/ipfire/lang.pl'; &Lang::BuildCacheLang"
+
hooks/post-receive
--
IPFire 2.x development tree

    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. a66e24bbfd09b2ab2345ece2079d7143348a3980