This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via f17d112c0480e951771bdca5f5eace7592ecd2c2 (commit) via f9f13c135b2c8d86a1861aec8f80985483843f52 (commit) via 7c8301fb8a501d03e47923bf7eb321330b663736 (commit) via ff1ed674e01b7db0acd4a565dc74cca01b825f6b (commit) via 1d0fcb09edd3929dda72d23afd3a8d16f7713794 (commit) via 36e1dc20f4d763b8069a4c973ef8ff792786229e (commit) via 0965d98fe8050a4c98b1b4db1306d741d3855ad4 (commit) via 083c1258bf28023957d1b7204e4b05a5d4082998 (commit) via 82c809c7529a9cd7c9cdd6c96d5671d4e261a546 (commit) via 1075e0b5f0c08695a839462c5609e919d24b8a5c (commit) via 79d29f0082a0f97313c4cf8ec2696281785069bb (commit) via 7eb378428b21cc2dcaeee2d585da6be8950aca8a (commit) via f4819f1f76c38963382b5f9bb052a8fc366432d5 (commit) via 4cdf8b927a0e75e7046c315788bba4c3fcbc7df6 (commit) via bd54ff030eee920be813de64e8b4ffec8d57315b (commit) via e2429e8d3452e39128a8c8f2806b97314f9c9470 (commit) via ac87f37110a5cfb41ed65c1b2b83cd3d340ce125 (commit) via df9b48b753cb84e8bd5a338c593202e9aaf1d07f (commit) via 1e0419c8da24544cbadf03f7eadb320cec41e675 (commit) via 35c343da7a91824cb48b069a57594e533a2003b7 (commit) via d22cf0887658f2e0de04c24ec33f9afaa0e9f4ab (commit) via 1d8c30387e0637ac0f471e9c09d196e1d74a5de7 (commit) via 3fc50622e05bc50d9efbb72585b9e357553213da (commit) via f7fc17c38a0338a0c09e03ee34edb7823d398483 (commit) via 1870e7c50f29cae327d2db5f594a30f7b9e25d95 (commit) via 3ef99ad95a20b6cd3b99036a5f8c42dc25f763f4 (commit) via f87161948c0caad91720b4057201cf47143c6140 (commit) via 3aa175f78165640be41746b970802b5ea820ef7c (commit) via a000249ff98debdc5cd0c9a18a51beede1712d88 (commit) via fb6e700b40c070f32c68c65de5daff1c72888b8b (commit) via d46bec52993235a8b185a2f040846e9059c3f4e7 (commit) via c4e04122359ee5de775bb0f69a678b7ce28f5707 (commit) via 5068ac3822ac9afbee841ac417963b2c1343d809 (commit) via d41f9e6ee88320b8a5e0433326053e21b4b0ca49 (commit) via b368a2f84d7a99c37cf19194ffa167d30363a63d (commit) via 290007b3b07ef6bc69bc97d54825fcf96eeb9eb6 (commit) via 52d08bcbd2b5da9fbd3f002c6b686a0202e6fffe (commit) via 1647059d74d406c1b3a114b8e0578765223fd19f (commit) via 9e3b87569473bd8d63dad7175564d68707c5c881 (commit) via f2621c3190fa9f3a818a7a9b3eb1e6ff5ae6d38f (commit) via 83920cfcd52b40f718170f524287dc42b41d10ed (commit) via b228aaf09d2c769535157440430d08a0f26b0e30 (commit) via e81be1e1edb0df7e11c305938838caa6c776ae8c (commit) via a66e24bbfd09b2ab2345ece2079d7143348a3980 (commit) via 07cdb8f659667b4e03a2014febca940165e723f0 (commit) via 350f298025cf2f46ad9c25e4936e9aa9682ee452 (commit) via 7db34105f9ef59b269730e137f224e2848181ccf (commit) via 8c877a82f6a63e07e2dde8d55c6e0db4893bf73d (commit) via 2ee746be048e2667c3fd6537873eb1763aa8b7b7 (commit) via ce819132f353a4ae2103fa752ffddb3fae6f01a1 (commit) via cc8ac76307ebb11b010dd6cbc83ad14c0c0c3d83 (commit) from 6f8891ccc776e62448e1e08d3efbada21a8fd447 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit f17d112c0480e951771bdca5f5eace7592ecd2c2 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Dec 16 10:11:18 2012 +0100
Revert "snort: Update to 2.9.4."
This reverts commit 7c8301fb8a501d03e47923bf7eb321330b663736. reverted because sourcefire has not released the rules for non-paying user yet. Will readded to IPFire 2.13 soon.
-----------------------------------------------------------------------
Summary of changes: config/backup/include | 3 + config/cfgroot/general-functions.pl | 298 ++++- config/cron/crontab | 2 +- config/httpd/vhosts.d/ipfire-interface-ssl.conf | 10 + config/rootfiles/common/daq | 10 +- config/rootfiles/common/stage2 | 2 + config/rootfiles/core/{63 => 65}/exclude | 0 config/rootfiles/core/{61 => 65}/filelists/GeoIP | 0 config/rootfiles/core/{64 => 65}/filelists/daq | 0 config/rootfiles/core/65/filelists/files | 12 + config/rootfiles/core/{60 => 65}/meta | 0 config/rootfiles/core/{61 => 65}/update.sh | 18 +- config/rootfiles/packages/libstatgrab | 35 + config/rootfiles/packages/sarg | 48 + config/rootfiles/packages/stress | 3 + config/sarg/cron.daily | 5 + config/sarg/cron.hourly | 5 + config/sarg/cron.monthly | 5 + config/sarg/cron.weekly | 5 + config/sarg/sarg.conf | 696 +++++++++++ config/sarg/update-sarg-reports | 188 +++ doc/language_issues.de | 3 + doc/language_issues.en | 2 + doc/language_issues.es | 53 + doc/language_issues.fr | 49 + doc/language_issues.pl | 53 + doc/language_issues.ru | 49 + doc/language_missings | 217 ++++ html/cgi-bin/logs.cgi/calamaris.dat | 85 +- html/cgi-bin/ovpnmain.cgi | 1442 ++++++++++++++++++---- html/cgi-bin/routing.cgi | 4 +- html/cgi-bin/vpnmain.cgi | 8 + langs/de/cgi-bin/de.pl | 52 + langs/en/cgi-bin/en.pl | 53 +- lfs/GeoIP | 4 +- lfs/{iftop => libstatgrab} | 27 +- lfs/mediatomb | 4 +- lfs/{mediatomb => sarg} | 41 +- lfs/stage2 | 3 + lfs/{joe => stress} | 27 +- make.sh | 7 +- src/misc-progs/launch-ether-wake.c | 4 + src/paks/{motion => sarg}/install.sh | 9 +- src/paks/{motion => sarg}/uninstall.sh | 0 src/paks/{apcupsd => sarg}/update.sh | 0 src/scripts/ovpn-ccd-convert | 50 + src/scripts/update-lang-cache | 3 + 47 files changed, 3276 insertions(+), 318 deletions(-) copy config/rootfiles/core/{63 => 65}/exclude (100%) copy config/rootfiles/core/{61 => 65}/filelists/GeoIP (100%) copy config/rootfiles/core/{64 => 65}/filelists/daq (100%) create mode 100644 config/rootfiles/core/65/filelists/files copy config/rootfiles/core/{60 => 65}/meta (100%) copy config/rootfiles/core/{61 => 65}/update.sh (89%) create mode 100644 config/rootfiles/packages/libstatgrab create mode 100644 config/rootfiles/packages/sarg create mode 100644 config/rootfiles/packages/stress create mode 100644 config/sarg/cron.daily create mode 100644 config/sarg/cron.hourly create mode 100644 config/sarg/cron.monthly create mode 100644 config/sarg/cron.weekly create mode 100644 config/sarg/sarg.conf create mode 100644 config/sarg/update-sarg-reports mode change 100644 => 100755 html/cgi-bin/ovpnmain.cgi mode change 100644 => 100755 html/cgi-bin/vpnmain.cgi copy lfs/{iftop => libstatgrab} (54%) copy lfs/{mediatomb => sarg} (78%) copy lfs/{joe => stress} (54%) copy src/paks/{motion => sarg}/install.sh (91%) copy src/paks/{motion => sarg}/uninstall.sh (100%) copy src/paks/{apcupsd => sarg}/update.sh (100%) create mode 100644 src/scripts/ovpn-ccd-convert create mode 100644 src/scripts/update-lang-cache
Difference in files: diff --git a/config/backup/include b/config/backup/include index 8806640..a1d1fbc 100644 --- a/config/backup/include +++ b/config/backup/include @@ -16,6 +16,7 @@ /var/ipfire/dhcp/* /var/ipfire/main/* /var/ipfire/outgoing/groups +/var/ipfire/outgoing/macgroups /var/ipfire/outgoing/rules /var/ipfire/outgoing/p2protocols /var/ipfire/ovpn @@ -28,6 +29,8 @@ /var/ipfire/vpn /var/log/ip-acct/* /var/log/rrd/* +/var/log/rrd/collectd +/var/log/rrd/vnstat /etc/sysconfig/firewall.local /etc/sysconfig/rc.local /root/.gitconfig diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 567f2e1..c14f990 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -18,8 +18,7 @@ use strict; use Socket; use IO::Socket; use Net::SSLeay; -use Net::IPv4Addr; - +use Net::IPv4Addr qw(:all); $|=1; # line buffering
$General::version = 'VERSION'; @@ -212,21 +211,273 @@ sub validipormask return &validmask($mask); }
+sub subtocidr +{ + #gets: Subnet in decimal (255.255.255.0) + #Gives: 24 (The cidr of network) + my ($byte1, $byte2, $byte3, $byte4) = split(/./, $_[0].".0.0.0.0"); + my $num = ($byte1 * 16777216) + ($byte2 * 65536) + ($byte3 * 256) + $byte4; + my $bin = unpack("B*", pack("N", $num)); + my $count = ($bin =~ tr/1/1/); + return $count; +} + +sub cidrtosub +{ + #gets: Cidr of network (20-30 for ccd) + #Konverts 30 to 255.255.255.252 e.g + my $cidr=$_[0]; + my $netmask = &Net::IPv4Addr::ipv4_cidr2msk($cidr); + return "$netmask"; +} + +sub iporsubtodec +{ + #Gets: Ip address or subnetmask in decimal oder CIDR + #Gives: What it gets only in CIDR format + my $subnet=$_[0]; + my $net; + my $mask; + my $full=0; + if ($subnet =~ /^(.*?)/(.*?)$/) { + ($net,$mask) = split (///,$subnet); + $full=1; + return "$subnet"; + }else{ + $mask=$subnet; + } + #Subnet already in decimal and valid? + if ($mask=~/^(\d{1,3}).(\d{1,3}).(\d{1,3}).(\d{1,3})$/ &&(($1<=255 && $2<=$1 && $3<=$2 && $4<=$3 ))) { + for (my $i=8;$i<=32;$i++){ + if (&General::cidrtosub($i) eq $mask){ + if ($full == 0){return $mask;}else{ + return $net."/".$mask; + } + } + } + } + #Subnet in binary format? + if ($mask=~/^(\d{1,2})$/ && (($1<=32 && $1>=8))){ + if($full == 0){ return &General::cidrtosub($mask);}else{ + return $net."/".&General::cidrtosub($mask); + } + }else{ + return 3; + } + return 3; +} + + +sub iporsubtocidr +{ + #gets: Ip Address or subnetmask in decimal oder CIDR + #Gives: What it gets only in CIDR format + my $subnet=$_[0]; + my $net; + my $mask; + my $full=0; + if ($subnet =~ /^(.*?)/(.*?)$/) { + ($net,$mask) = split (///,$subnet); + $full=1; + }else{ + $mask=$subnet; + } + #Subnet in decimal and valid? + if ($mask=~/^(\d{1,3}).(\d{1,3}).(\d{1,3}).(\d{1,3})$/ &&(($1<=255 && $2<=$1 && $3<=$2 && $4<=$3 ))) { + for (my $i=8;$i<=32;$i++){ + if (&General::cidrtosub($i) eq $mask){ + if ($full == 0){return &General::subtocidr($mask);}else{ + return $net."/".&General::subtocidr($mask); + } + } + } + } + #Subnet already in binary format? + if ($mask=~/^(\d{1,2})$/ && (($1<=32 && $1>=8))){ + if($full == 0){ return $mask;}else{ + return $net."/".$mask; + } + }else{ + return 3; + } + return 3; +} + +sub getnetworkip +{ + #Gets: IP, CIDR (10.10.10.0-255, 24) + #Gives: 10.10.10.0 + my ($ccdip,$ccdsubnet) = @_; + my $ip_address_binary = inet_aton( $ccdip ); + my $netmask_binary = ~pack("N", (2**(32-$ccdsubnet))-1); + my $network_address = inet_ntoa( $ip_address_binary & $netmask_binary ); + return $network_address; +} + +sub getccdbc +{ + #Gets: IP in Form ("192.168.0.0/24") + #Gives: Broadcastaddress of network + my $ccdnet=$_; + my ($ccdip,$ccdsubnet) = split "/",$ccdnet; + my $ip_address_binary = inet_aton( $ccdip ); + my $netmask_binary = ~pack("N", (2**(32-$ccdsubnet))-1); + my $broadcast_address = inet_ntoa( $ip_address_binary | ~$netmask_binary ); + return $broadcast_address; +} + +sub ip2dec +{ + my $ip_num; + my $ip=$_[0]; + if ( $ip =~ /(\d{1,3}).(\d{1,3}).(\d{1,3}).(\d{1,3})/ ) { + $ip_num = (($1*256**3) + ($2*256**2) + ($3*256) + $4); + } else { + $ip_num = -1; + } + $ip_num = (($1*256**3) + ($2*256**2) + ($3*256) + $4); + return($ip_num); +} + +sub dec2ip +{ + my $ip; + my $ip_num=$_[0]; + my $o1=$ip_num%256; + $ip_num=int($ip_num/256); + my $o2=$ip_num%256; + $ip_num=int($ip_num/256); + my $o3=$ip_num%256; + $ip_num=int($ip_num/256); + my $o4=$ip_num%256; + $ip="$o4.$o3.$o2.$o1"; + return ($ip); +} + +sub getnextip +{ + my $decip=&ip2dec($_[0]); + $decip=$decip+4; + return &dec2ip($decip); +} + +sub getlastip +{ + my $decip=&ip2dec($_[0]); + $decip--; + return &dec2ip($decip); +} + sub validipandmask { - my $ipandmask = $_[0]; + #Gets: Ip address in 192.168.0.0/24 or 192.168.0.0/255.255.255.0 and checks if subnet valid + #Gives: True bzw 0 if success or false + my $ccdnet=$_[0]; + my $subcidr; + + if (!($ccdnet =~ /^(.*?)/(.*?)$/)) { + return 0; + } + my ($ccdip,$ccdsubnet)=split (///, $ccdnet); + #IP valid? + if ($ccdip=~/^(\d{1,3}).(\d{1,3}).(\d{1,3}).(\d{1,3})$/ &&(($1>0 && $1<=255 && $2>=0 && $2<=255 && $3>=0 && $3<=255 && $4<=255 ))) { + #Subnet in decimal and valid? + if ($ccdsubnet=~/^(\d{1,3}).(\d{1,3}).(\d{1,3}).(\d{1,3})$/ &&(($1<=255 && $2<=$1 && $3<=$2 && $4<=$3 ))) { + for (my $i=8;$i<=32;$i++){ + if (&General::cidrtosub($i) eq $ccdsubnet){ + return 1; + } + } + #Subnet already in binary format? + }elsif ($ccdsubnet=~/^(\d{1,2})$/ && (($1<=32 && $1>=8))){ + return 1; + }else{ + return 0; + } + + } + return 0; +} + +sub checksubnets +{ + + my %ccdconfhash=(); + my @ccdconf=(); + my $ccdname=$_[0]; + my $ccdnet=$_[1]; + my $errormessage; + my ($ip,$cidr)=split(///,$ccdnet); + $cidr=&iporsubtocidr($cidr); + + + #get OVPN-Subnet (dynamic range) + my %ovpnconf=(); + &readhash("${General::swroot}/ovpn/settings", %ovpnconf); + my ($ovpnip,$ovpncidr)= split (///,$ovpnconf{'DOVPN_SUBNET'}); + $ovpncidr=&iporsubtocidr($ovpncidr); + + #check if we try to use same network as ovpn server + if ("$ip/$cidr" eq "$ovpnip/$ovpncidr") { + $errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."<br>"; + return $errormessage; + } + + #check if we use a network-name/subnet that already exists + &readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + foreach my $key (keys %ccdconfhash) { + @ccdconf=split(///,$ccdconfhash{$key}[1]); + if ($ccdname eq $ccdconfhash{$key}[0]) + { + $errormessage=$errormessage.$Lang::tr{'ccd err nameexist'}."<br>"; + return $errormessage; + } + my ($newip,$newsub) = split(///,$ccdnet); + if (&IpInSubnet($newip,$ccdconf[0],&iporsubtodec($ccdconf[1]))) + { + $errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."<br>"; + return $errormessage; + } + + } + #check if we use a name which is already used by ovpn + + + + + + #check if we use a ipsec right network which is already defined + my %ipsecconf=(); + &General::readhasharray("${General::swroot}/vpn/config", %ipsecconf); + foreach my $key (keys %ipsecconf){ + if ($ipsecconf{$key}[11] ne ''){ + #$errormessage="DRIN!"; + #return $errormessage; + + my ($ipsecip,$ipsecsub) = split (///, $ipsecconf{$key}[11]); + $ipsecsub=&iporsubtodec($ipsecsub); + + if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){ + $errormessage=$Lang::tr{'ccd err isipsecnet'}." Name: $ipsecconf{$key}[2]"; + return $errormessage; + } + } + } + + + #check if we use one of ipfire's networks (green,orange,blue) + my %ownnet=(); + &readhash("${General::swroot}/ethernet/settings", %ownnet); + if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;} + if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;} + if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;} + if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'RED_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;} + +
- # split it into number and mask. - if (!($ipandmask =~ /^(.*?)/(.*?)$/)) { - return 0; } - my $ip = $1; - my $mask = $2; - # first part not a ip? - if (!(&validip($ip))) { - return 0; } - return &validmask($mask); }
+ sub validport { $_ = $_[0]; @@ -276,7 +527,7 @@ sub validhostname if (length ($hostname) < 1 || length ($hostname) > 63) { return 0;} # Only valid characters are a-z, A-Z, 0-9 and - - if ($hostname !~ /^[a-zA-Z0-9-]*$/) { + if ($hostname !~ /^[a-zA-Z0-9-\s]*$/) { return 0;} # First character can only be a letter or a digit if (substr ($hostname, 0, 1) !~ /^[a-zA-Z0-9]*$/) { @@ -407,7 +658,12 @@ sub NextIP ) ); } - +sub NextIP2 +{ + return &Socket::inet_ntoa( pack("N", 4 + unpack('N', &Socket::inet_aton(shift)) + ) + ); +} sub ipcidr { my ($ip,$cidr) = &Net::IPv4Addr::ipv4_parse(shift); @@ -465,13 +721,13 @@ sub writehasharray { open(FILE, ">$filename") or die "Unable to write to file $filename";
foreach $key (keys %$hash) { - if ($key =~ /^[0-9]+$/) { - print FILE "$key"; - foreach $i (0 .. $#{$hash->{$key}}) { - print FILE ",$hash->{$key}[$i]"; - } - print FILE "\n"; - } + if ($key =~ /^[0-9]+$/) { + print FILE "$key"; + foreach $i (0 .. $#{$hash->{$key}}) { + print FILE ",$hash->{$key}[$i]"; + } + print FILE "\n"; + } } close FILE; return; diff --git a/config/cron/crontab b/config/cron/crontab index 5cca1fa..ad90b07 100644 --- a/config/cron/crontab +++ b/config/cron/crontab @@ -11,7 +11,7 @@ HOME=/ */5 * * * * test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.cyclic 01 * * * * test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.hourly &nice(10),bootrun 25 1 * * * test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.daily -&nice(10),bootrun 47 2 * * 0 test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.weekly +&nice(10),bootrun 47 2 * * 1 test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.weekly &nice(10),bootrun 52 3 1 * * test -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.monthly
# Log rotation diff --git a/config/httpd/vhosts.d/ipfire-interface-ssl.conf b/config/httpd/vhosts.d/ipfire-interface-ssl.conf index 7b10832..cc3cb1d 100644 --- a/config/httpd/vhosts.d/ipfire-interface-ssl.conf +++ b/config/httpd/vhosts.d/ipfire-interface-ssl.conf @@ -85,4 +85,14 @@ Order deny,allow Allow from all </Directory> + + Alias /proxy-reports/ /var/log/sarg/ + <Directory /var/log/sarg> + AllowOverride None + Options None + AuthName "IPFire - Restricted" + AuthType Basic + AuthUserFile /var/ipfire/auth/users + Require user admin + </Directory> </VirtualHost> diff --git a/config/rootfiles/common/daq b/config/rootfiles/common/daq index e68cee4..b23fd19 100644 --- a/config/rootfiles/common/daq +++ b/config/rootfiles/common/daq @@ -20,8 +20,8 @@ usr/lib/daq #usr/lib/libdaq.a #usr/lib/libdaq.la #usr/lib/libdaq.so -#usr/lib/libdaq.so.1 -#usr/lib/libdaq.so.1.0.0 +usr/lib/libdaq.so.1 +usr/lib/libdaq.so.1.0.0 #usr/lib/libdaq_static.a #usr/lib/libdaq_static.la #usr/lib/libdaq_static_modules.a @@ -29,7 +29,5 @@ usr/lib/daq #usr/lib/libsfbpf.a #usr/lib/libsfbpf.la #usr/lib/libsfbpf.so -#usr/lib/libsfbpf.so.0 -#usr/lib/libsfbpf.so.0.0.1 -#usr/lib/libdaq.so.0 -#usr/lib/libdaq.so.0.0.1 +usr/lib/libsfbpf.so.0 +usr/lib/libsfbpf.so.0.0.1 diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2 index 796e0f3..6871cc9 100644 --- a/config/rootfiles/common/stage2 +++ b/config/rootfiles/common/stage2 @@ -75,6 +75,7 @@ usr/local/bin/setddns.pl usr/local/bin/settime usr/local/bin/timecheck #usr/local/bin/uname +usr/local/bin/update-lang-cache usr/local/bin/vpn-watch #usr/local/include #usr/local/lib @@ -94,6 +95,7 @@ usr/local/bin/vpn-watch #usr/local/share/zoneinfo #usr/local/src #usr/sbin +usr/sbin/ovpn-ccd-convert #usr/share #usr/share/doc #usr/share/doc/licenses diff --git a/config/rootfiles/core/65/exclude b/config/rootfiles/core/65/exclude new file mode 100644 index 0000000..b6a8d1d --- /dev/null +++ b/config/rootfiles/core/65/exclude @@ -0,0 +1,13 @@ +srv/web/ipfire/html/proxy.pac +etc/udev/rules.d/30-persistent-network.rules +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +var/updatecache +etc/localtime +var/ipfire/ovpn +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +var/state/dhcp/dhcpd.leases diff --git a/config/rootfiles/core/65/filelists/GeoIP b/config/rootfiles/core/65/filelists/GeoIP new file mode 100644 index 0000000..0258236 --- /dev/null +++ b/config/rootfiles/core/65/filelists/GeoIP @@ -0,0 +1 @@ +usr/local/share/GeoIP/GeoIP.dat diff --git a/config/rootfiles/core/65/filelists/daq b/config/rootfiles/core/65/filelists/daq new file mode 120000 index 0000000..d0e0956 --- /dev/null +++ b/config/rootfiles/core/65/filelists/daq @@ -0,0 +1 @@ +../../../common/daq \ No newline at end of file diff --git a/config/rootfiles/core/65/filelists/files b/config/rootfiles/core/65/filelists/files new file mode 100644 index 0000000..13788f1 --- /dev/null +++ b/config/rootfiles/core/65/filelists/files @@ -0,0 +1,12 @@ +etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf +etc/system-release +etc/issue +srv/web/ipfire/cgi-bin/logs.cgi/calamaris.dat +srv/web/ipfire/cgi-bin/ovpnmain.cgi +srv/web/ipfire/cgi-bin/routing.cgi +srv/web/ipfire/cgi-bin/vpnmain.cgi +usr/local/bin/launch-ether-wake +usr/sbin/ovpn-ccd-convert +var/ipfire/general-functions.pl +var/ipfire/langs +var/ipfire/backup/include diff --git a/config/rootfiles/core/65/meta b/config/rootfiles/core/65/meta new file mode 100644 index 0000000..d547fa8 --- /dev/null +++ b/config/rootfiles/core/65/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/65/update.sh b/config/rootfiles/core/65/update.sh new file mode 100644 index 0000000..88f5b36 --- /dev/null +++ b/config/rootfiles/core/65/update.sh @@ -0,0 +1,91 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2012 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +# +# Remove old core updates from pakfire cache to save space... +core=65 +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# +#Stop services + +# +#Extract files +extract_files + +# +#Start services + +# +#Update Language cache +perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" + +# Convert OpenVPN RW connections. +/usr/sbin/ovpn-ccd-convert + +# Update crontab. +sed -i /var/spool/cron/root.orig \ + -e 's@^.*fcron.weekly.*$@&nice(10),bootrun 47 2 * * 1\ttest -x /usr/local/bin/run-parts && /usr/local/bin/run-parts /etc/fcron.weekly@' +fcrontab -z &>/dev/null + +# Reload apache configuration. +/etc/init.d/apache reload &>/dev/null + +#Rebuild module dep's +#arch=`uname -m` +#if [ ${arch::3} == "arm" ]; then +# depmod -a 2.6.32.45-ipfire-versatile >/dev/null 2>&1 +# depmod -a 2.6.32.45-ipfire-kirkwood >/dev/null 2>&1 +#else +# depmod -a 2.6.32.45-ipfire >/dev/null 2>&1 +# depmod -a 2.6.32.45-ipfire-pae >/dev/null 2>&1 +# depmod -a 2.6.32.45-ipfire-xen >/dev/null 2>&1 +#fi + + +#Rebuild initrd's because some compat-wireless modules are inside +#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45.img 2.6.32.45-ipfire +#if [ -e /boot/ipfirerd-2.6.32.45-pae.img ]; then +#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45-pae.img 2.6.32.45-ipfire-pae +#fi +#if [ -e /boot/ipfirerd-2.6.32.45-xen.img ]; then +#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45-xen.img 2.6.32.45-ipfire-xen +#fi + +sync + +# This update need a reboot... +#touch /var/run/need_reboot + +# +#Finish +/etc/init.d/fireinfo start +sendprofile +#Don't report the exitcode last command +exit 0 diff --git a/config/rootfiles/packages/libstatgrab b/config/rootfiles/packages/libstatgrab new file mode 100644 index 0000000..2c61411 --- /dev/null +++ b/config/rootfiles/packages/libstatgrab @@ -0,0 +1,35 @@ +usr/bin/saidar +usr/bin/statgrab +#usr/bin/statgrab-make-mrtg-config +#usr/bin/statgrab-make-mrtg-index +#usr/include/statgrab.h +#usr/include/statgrab_deprecated.h +#usr/lib/libstatgrab.a +#usr/lib/libstatgrab.la +#usr/lib/libstatgrab.so +usr/lib/libstatgrab.so.6 +usr/lib/libstatgrab.so.6.2.3 +#usr/lib/pkgconfig/libstatgrab.pc +#usr/share/man/man1/saidar.1 +#usr/share/man/man1/statgrab-make-mrtg-config.1 +#usr/share/man/man1/statgrab-make-mrtg-index.1 +#usr/share/man/man1/statgrab.1 +#usr/share/man/man3/sg_get_cpu_percents.3 +#usr/share/man/man3/sg_get_cpu_stats.3 +#usr/share/man/man3/sg_get_cpu_stats_diff.3 +#usr/share/man/man3/sg_get_disk_io_stats.3 +#usr/share/man/man3/sg_get_disk_io_stats_diff.3 +#usr/share/man/man3/sg_get_fs_stats.3 +#usr/share/man/man3/sg_get_host_info.3 +#usr/share/man/man3/sg_get_load_stats.3 +#usr/share/man/man3/sg_get_mem_stats.3 +#usr/share/man/man3/sg_get_network_iface_stats.3 +#usr/share/man/man3/sg_get_network_io_stats.3 +#usr/share/man/man3/sg_get_network_io_stats_diff.3 +#usr/share/man/man3/sg_get_page_stats.3 +#usr/share/man/man3/sg_get_page_stats_diff.3 +#usr/share/man/man3/sg_get_process_count.3 +#usr/share/man/man3/sg_get_process_stats.3 +#usr/share/man/man3/sg_get_swap_stats.3 +#usr/share/man/man3/sg_get_user_stats.3 +#usr/share/man/man3/statgrab.3 diff --git a/config/rootfiles/packages/sarg b/config/rootfiles/packages/sarg new file mode 100644 index 0000000..9a0672c --- /dev/null +++ b/config/rootfiles/packages/sarg @@ -0,0 +1,48 @@ +etc/fcron.daily/sarg-reports +etc/fcron.hourly/sarg-reports +etc/fcron.monthly/sarg-reports +etc/fcron.weekly/sarg-reports +etc/sarg +etc/sarg/css.tpl +etc/sarg/exclude_codes +etc/sarg/sarg.conf +#etc/sarg/sarg.conf.default +etc/sarg/user_limit_block +usr/bin/sarg +usr/sbin/update-sarg-reports +usr/share/locale/bg/LC_MESSAGES/sarg.mo +usr/share/locale/ca/LC_MESSAGES/sarg.mo +usr/share/locale/cs/LC_MESSAGES/sarg.mo +usr/share/locale/da/LC_MESSAGES/sarg.mo +usr/share/locale/de/LC_MESSAGES/sarg.mo +usr/share/locale/el/LC_MESSAGES/sarg.mo +usr/share/locale/es/LC_MESSAGES/sarg.mo +usr/share/locale/fr/LC_MESSAGES/sarg.mo +usr/share/locale/hu/LC_MESSAGES/sarg.mo +usr/share/locale/id/LC_MESSAGES/sarg.mo +usr/share/locale/it/LC_MESSAGES/sarg.mo +usr/share/locale/ja/LC_MESSAGES/sarg.mo +usr/share/locale/lv/LC_MESSAGES/sarg.mo +usr/share/locale/nl/LC_MESSAGES/sarg.mo +usr/share/locale/pl/LC_MESSAGES/sarg.mo +usr/share/locale/pt/LC_MESSAGES/sarg.mo +usr/share/locale/pt_BR/LC_MESSAGES/sarg.mo +usr/share/locale/ro/LC_MESSAGES/sarg.mo +usr/share/locale/ru/LC_MESSAGES/sarg.mo +usr/share/locale/sk/LC_MESSAGES/sarg.mo +usr/share/locale/sr/LC_MESSAGES/sarg.mo +usr/share/locale/tr/LC_MESSAGES/sarg.mo +usr/share/locale/uk/LC_MESSAGES/sarg.mo +usr/share/locale/zh_CN/LC_MESSAGES/sarg.mo +#usr/share/man/man1/sarg.1 +usr/share/sarg +usr/share/sarg/fonts +usr/share/sarg/fonts/DejaVuSans.ttf +usr/share/sarg/fonts/FreeSans.ttf +usr/share/sarg/fonts/README +usr/share/sarg/fonts/license +usr/share/sarg/images +usr/share/sarg/images/datetime.png +usr/share/sarg/images/graph.png +usr/share/sarg/images/sarg-squidguard-block.png +usr/share/sarg/images/sarg.png diff --git a/config/rootfiles/packages/stress b/config/rootfiles/packages/stress new file mode 100644 index 0000000..2b0a000 --- /dev/null +++ b/config/rootfiles/packages/stress @@ -0,0 +1,3 @@ +usr/bin/stress +#usr/share/info/stress.info +#usr/share/man/man1/stress.1 \ No newline at end of file diff --git a/config/sarg/cron.daily b/config/sarg/cron.daily new file mode 100644 index 0000000..8ae1b1b --- /dev/null +++ b/config/sarg/cron.daily @@ -0,0 +1,5 @@ +#!/bin/bash + +/usr/sbin/update-sarg-reports daily >/dev/null 2>&1 + +exit 0 diff --git a/config/sarg/cron.hourly b/config/sarg/cron.hourly new file mode 100644 index 0000000..1e7b5ff --- /dev/null +++ b/config/sarg/cron.hourly @@ -0,0 +1,5 @@ +#!/bin/bash + +/usr/sbin/update-sarg-reports today >/dev/null 2>&1 + +exit 0 diff --git a/config/sarg/cron.monthly b/config/sarg/cron.monthly new file mode 100644 index 0000000..07b9efc --- /dev/null +++ b/config/sarg/cron.monthly @@ -0,0 +1,5 @@ +#!/bin/bash + +/usr/sbin/update-sarg-reports monthly >/dev/null 2>&1 + +exit 0 diff --git a/config/sarg/cron.weekly b/config/sarg/cron.weekly new file mode 100644 index 0000000..1f8287c --- /dev/null +++ b/config/sarg/cron.weekly @@ -0,0 +1,5 @@ +#!/bin/bash + +/usr/sbin/update-sarg-reports weekly >/dev/null 2>&1 + +exit 0 diff --git a/config/sarg/sarg.conf b/config/sarg/sarg.conf new file mode 100644 index 0000000..6331aaf --- /dev/null +++ b/config/sarg/sarg.conf @@ -0,0 +1,696 @@ +# sarg.conf +# +# TAG: access_log file +# Where is the access.log file +# sarg -l file +# +access_log /var/log/squid/access.log + +# TAG: graphs yes|no +# Use graphics where is possible. +# graph_days_bytes_bar_color blue|green|yellow|orange|brown|red +# +graphs yes +graph_days_bytes_bar_color orange + +# TAG: graph_font +# The full path to the TTF font file to use to create the graphs. It is required +# if graphs is set to yes. +# +graph_font /usr/share/sarg/fonts/DejaVuSans.ttf + +# TAG: title +# Especify the title for html page. +# +title "Squid User Access Reports" + +# TAG: font_face +# Especify the font for html page. +# +font_face Tahoma,Verdana,Arial + +# TAG: header_color +# Especify the header color +# +header_color darkblue + +# TAG: header_bgcolor +# Especify the header bgcolor +# +header_bgcolor blanchedalmond + +# TAG: font_size +# Especify the text font size +# +font_size 12px + +# TAG: header_font_size +# Especify the header font size +# +header_font_size 12px + +# TAG: title_font_size +# Especify the title font size +# +title_font_size 12px + +# TAG: background_color +# TAG: background_color +# Html page background color +# +# background_color white + +# TAG: text_color +# Html page text color +# +text_color #000000 + +# TAG: text_bgcolor +# Html page text background color +# +text_bgcolor lavender + +# TAG: title_color +# Html page title color +# +#title_color green + +# TAG: logo_image +# Html page logo. +# +#logo_image none + +# TAG: logo_text +# Html page logo text. +# +#logo_text "" + +# TAG: logo_text_color +# Html page logo texti color. +# +#logo_text_color #000000 + +# TAG: logo_image_size +# Html page logo image size. +# width height +# +#image_size 80 45 + +# TAG: background_image +# Html page background image +# +#background_image none + +# TAG: password +# User password file used by Squid authentication scheme +# If used, generate reports just for that users. +# +#password none + +# TAG: temporary_dir +# Temporary directory name for work files +# sarg -w dir +# +#temporary_dir /tmp + +# TAG: output_dir +# The reports will be saved in that directory +# sarg -o dir +# +output_dir /srv/web/ipfire/html/sarg + +# TAG: output_email +# Email address to send the reports. If you use this tag, no html reports will be generated. +# sarg -e email +# +#output_email none + +# TAG: resolve_ip yes/no +# Convert ip address to dns name +# sarg -n +resolve_ip no + +# TAG: user_ip yes/no +# Use Ip Address instead userid in reports. +# sarg -p +#user_ip no + +# TAG: topuser_sort_field field normal/reverse +# Sort field for the Topuser Report. +# Allowed fields: USER CONNECT BYTES TIME +# +#topuser_sort_field BYTES reverse + +# TAG: user_sort_field field normal/reverse +# Sort field for the User Report. +# Allowed fields: SITE CONNECT BYTES TIME +# +#user_sort_field BYTES reverse + +# TAG: exclude_users file +# users within the file will be excluded from reports. +# you can use indexonly to have only index.html file. +# +#exclude_users none + +# TAG: exclude_hosts file +# Hosts, domains or subnets will be excluded from reports. +# +# Eg.: 192.168.10.10 - exclude ip address only +# 192.168.10.0/24 - exclude full C class +# s1.acme.foo - exclude hostname only +# *.acme.foo - exclude full domain name +# +#exclude_hosts none + +# TAG: useragent_log file +# useragent.log file patch to generate useragent report. +# +#useragent_log /var/log/squid/user_agent.log + +# TAG: date_format +# Date format in reports: e (European=dd/mm/yy), u (American=mm/dd/yy), w (Weekly=yy.ww) +# +date_format e + +# TAG: per_user_limit file MB +# Saves userid on file if download exceed n MB. +# This option allow you to disable user access if user exceed a download limit. +# +#per_user_limit none + +# TAG: lastlog n +# How many reports files must be keept in reports directory. +# The oldest report file will be automatically removed. +# 0 - no limit. +# +#lastlog 0 + +# TAG: remove_temp_files yes +# Remove temporary files: geral, usuarios, top, periodo from root report directory. +# +#remove_temp_files yes + +# TAG: index yes|no|only +# Generate the main index.html. +# only - generate only the main index.html +# +#index yes + +# TAG: index_tree date|file +# How to generate the index. +# +#index_tree file + +# TAG: overwrite_report yes|no +# yes - if report date already exist then will be overwrited. +# no - if report date already exist then will be renamed to filename.n, filename.n+1 +# +overwrite_report yes + +# TAG: records_without_userid ignore|ip|everybody +# What can I do with records without user id (no authentication) in access.log file ? +# +# ignore - This record will be ignored. +# ip - Use ip address instead. (default) +# everybody - Use "everybody" instead. +# +#records_without_userid ip + +# TAG: use_comma no|yes +# Use comma instead point in reports. +# Eg.: use_comma yes => 23,450,110 +# use_comma no => 23.450.110 +# +#use_comma no + +# TAG: mail_utility +# Mail command to use to send reports via SMTP. Sarg calls it like this: +# mail_utility -s "SARG report, date" "output_email" <"mail_content" +# +# Therefore, it is possible to add more arguments to the command by specifying them +# here. +# +# If you need too, you can use a shell script to process the content of /dev/stdin +# (/dev/stdin is the mail_content passed by sarg to the script) and call whatever +# command you like. It is not limited to mailing the report via SMTP. +# +# Don't forget to quote the command if necessary (i.e. if the path contains +# characters that must be quoted). +# +#mail_utility mailx + +# TAG: topsites_num n +# How many sites in topsites report. +# +#topsites_num 100 + +# TAG: topsites_sort_order CONNECT|BYTES A|D +# Sort for topsites report, where A=Ascendent, D=Descendent +# +#topsites_sort_order CONNECT D + +# TAG: index_sort_order A/D +# Sort for index.html, where A=Ascendent, D=Descendent +# +#index_sort_order D + +# TAG: exclude_codes file +# Ignore records with these codes. Eg.: NONE/400 +# Write one code per line. Lines starting with a # are ignored. +# Only codes matching exactly one of the line is rejected. The +# comparison is not case sensitive. +# +#exclude_codes /usr/local/sarg/exclude_codes + +# TAG: replace_index string +# Replace "index.html" in the main index file with this string +# If null "index.html" is used +# +#replace_index <?php echo str_replace(".", "_", $REMOTE_ADDR); echo ".html"; ?> + +# TAG: max_elapsed milliseconds +# If elapsed time is recorded in log is greater than max_elapsed use 0 for elapsed time. +# Use 0 for no checking +# +#max_elapsed 28800000 +# 8 Hours + +# TAG: report_type type +# What kind of reports to generate. +# topusers - users, sites, times, bytes, connects, links to accessed sites, etc +# topsites - site, connect and bytes report +# sites_users - users and sites report +# users_sites - accessed sites by the user report +# date_time - bytes used per day and hour report +# denied - denied sites with full URL report +# auth_failures - autentication failures report +# site_user_time_date - sites, dates, times and bytes report +# downloads - downloads per user report +# +# Eg.: report_type topsites denied +# +report_type topusers topsites sites_users users_sites date_time denied auth_failures site_user_time_date downloads + +# TAG: usertab filename +# You can change the "userid" or the "ip address" to be a real user name on the reports. +# If resolve_ip is active, the ip address is resolved before being looked up into this +# file. That is, if you want to map the ip address, be sure to set resolv_ip to no or +# the resolved name will be looked into the file instead of the ip address. Note that +# it can be used to resolve any ip address known to the dns and then map the unresolved +# ip addresses to a name found in the usertab file. +# Table syntax: +# userid name or ip address name +# Eg: +# SirIsaac Isaac Newton +# vinci Leonardo da Vinci +# 192.168.10.1 Karol Wojtyla +# +# Each line must be terminated with '\n' +# If usertab have value "ldap" (case ignoring), user names +# will be taken from LDAP server. This method as approaches for reception +# of usernames from Active Didectory +# +#usertab none + +# TAG: LDAPHost hostname +# FQDN or IP address of host with LDAP service or AD DC +# default is '127.0.0.1' +#LDAPHost 127.0.0.1 + +# TAG: LDAPPort port +# LDAP service port number +# default is '389' +#LDAPPort 389 + +# TAG: LDAPBindDN CN=username,OU=group,DC=mydomain,DC=com +# DN of LDAP user, who is authorized to read user's names from LDAP base +# default is empty line +#LDAPBindDN cn=proxy,dc=mydomain,dc=local + +# TAG: LDAPBindPW secret +# Password of DN, who is authorized to read user's names from LDAP base +# default is empty line +#LDAPBindPW secret + +# TAG: LDAPBaseSearch OU=users,DC=mydomain,DC=com +# LDAP search base +# default is empty line +#LDAPBaseSearch ou=users,dc=mydomain,dc=local + +# TAG: LDAPFilterSearch (uid=%s) +# User search filter by user's logins in LDAP +# First founded record will be used +# %s - will be changed to userlogins from access.log file +# filter string can have up to 5 '%s' tags +# default value is '(uid=%s)' +#LDAPFilterSearch (uid=%s) + +# TAG: LDAPTargetAttr attributename +# Name of the attribute containing a name of the user +# default value is 'cn' +#LDAPTargetAttr cn + +# TAG: long_url yes|no +# If yes, the full url is showed in report. +# If no, only the site will be showed +# +# YES option generate very big sort files and reports. +# +#long_url no + +# TAG: date_time_by bytes|elap +# Date/Time reports show the downloaded volume or the elapsed time or both. +# +#date_time_by bytes + +# TAG: charset name +# ISO 8859 is a full series of 10 standardized multilingual single-byte coded (8bit) +# graphic character sets for writing in alphabetic languages +# You can use the following charsets: +# Latin1 - West European +# Latin2 - East European +# Latin3 - South European +# Latin4 - North European +# Cyrillic +# Arabic +# Greek +# Hebrew +# Latin5 - Turkish +# Latin6 +# Windows-1251 +# Japan +# Koi8-r +# UTF-8 +# +#charset Latin1 + +# TAG: user_invalid_char "&/" +# Records that contain invalid characters in userid will be ignored by Sarg. +# +#user_invalid_char "&/" + +# TAG: privacy yes|no +# privacy_string "***.***.***.***" +# privacy_string_color blue +# In some countries the sysadm cannot see the visited sites by a restrictive law. +# Using privacy yes the visited url will be changes by privacy_string and the link +# will be removed from reports. +# +#privacy no +#privacy_string "***.***.***.***" +#privacy_string_color blue + +# TAG: include_users "user1:user2:...:usern" +# Reports will be generated only for listed users. +# +#include_users none + +# TAG: exclude_string "string1:string2:...:stringn" +# Records from access.log file that contain one of listed strings will be ignored. +# +#exclude_string none + +# TAG: show_successful_message yes|no +# Shows "Successful report generated on dir" at end of process. +# +#show_successful_message yes + +# TAG: show_read_statistics yes|no +# Shows some reading statistics. +# +show_read_statistics yes + +# TAG: topuser_fields +# Which fields must be in Topuser report. +# +#topuser_fields NUM DATE_TIME USERID CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE + +# TAG: user_report_fields +# Which fields must be in User report. +# +#user_report_fields CONNECT BYTES %BYTES IN-CACHE-OUT USED_TIME MILISEC %TIME TOTAL AVERAGE + +# TAG: bytes_in_sites_users_report yes|no +# Bytes field must be in Site & Users Report ? +# +#bytes_in_sites_users_report no + +# TAG: topuser_num n +# How many users in topsites report. 0 = no limit +# +#topuser_num 0 + +# TAG: datafile file +# Save the report results in a file to populate some database +# +#datafile none + +# TAG: datafile_delimiter ";" +# ascii character to use as a field separator in datafile +# +#datafile_delimiter ";" + +# TAG: datafile_fields all +# Which data fields must be in datafile +# user;date;time;url;connect;bytes;in_cache;out_cache;elapsed +# +#datafile_fields user;date;time;url;connect;bytes;in_cache;out_cache;elapsed + +# TAG: datafile_url ip|name +# Saves the URL as ip or name in datafile +# +#datafile_url ip + +# TAG: weekdays +# The weekdays to take into account ( Sunday->0, Saturday->6 ) +# Example: +#weekdays 1-3,5 +# Default: +#weekdays 0-6 + +# TAG: hours +# The hours to take into account +# Example: +#hours 7-12,14,16,18-20 +# Default: +#hours 0-23 + +# TAG: dansguardian_conf file +# DansGuardian.conf file path +# Generate reports from DansGuardian logs. +# Use 'none' to disable it. +# dansguardian_conf /usr/dansguardian/dansguardian.conf +# +#dansguardian_conf none + +# TAG: dansguardian_filter_out_date on|off +# This option replaces dansguardian_ignore_date whose name was not appropriate with respect to its action. +# Note the change of parameter value compared with the old option. +# 'off' use the record even if its date is outside of the range found in the input log file. +# 'on' use the record only if its date is in the range found in the input log file. +# +#dansguardian_filter_out_date on + +# TAG: squidguard_conf file +# path to squidGuard.conf file +# Generate reports from SquidGuard logs. +# Use 'none' to disable. +# You can use sarg -L filename to use an alternate squidGuard log. +# squidguard_conf /usr/local/squidGuard/squidGuard.conf +# +#squidguard_conf none + +# TAG: redirector_log file +# the location of the web proxy redirector log such as one created by squidGuard or Rejik. The option +# may be repeated up to 64 times to read multiple files. +# If this option is specified, it takes precedence over squidguard_conf. +# The command line option -L override this option. +# +#redirector_log /usr/local/squidGuard/var/logs/urls.log + +# TAG: redirector_filter_out_date on|off +# This option replaces squidguard_ignore_date and redirector_ignore_date whose names were not +# appropriate with respect to their action. +# Note the change of parameter value compared with the old options. +# 'off' use the record even if its date is outside of the range found in the input log file. +# 'on' use the record only if its date is in the range found in the input log file. +# +#redirector_filter_out_date on + +# TAG: redirector_log_format +# Format string for web proxy redirector logs. +# This option was named squidguard_log_format before sarg 2.3. +# REJIK #year#-#mon#-#day# #hour# #list#:#tmp# #ip# #user# #tmp#/#tmp#/#url#/#end# +# SQUIDGUARD #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end# +#redirector_log_format #year#-#mon#-#day# #hour# #tmp#/#list#/#tmp#/#tmp#/#url#/#tmp# #ip#/#tmp# #user# #end# + +# TAG: show_sarg_info yes|no +# shows sarg information and site path on each report bottom +# +#show_sarg_info yes + +# TAG: show_sarg_logo yes|no +# shows sarg logo +# +#show_sarg_logo yes + +# TAG: parsed_output_log directory +# Saves the processed log in a sarg format after parsing the squid log file. +# This is a way to dump all of the data structures out, after parsing from +# the logs (presumably this data will be much smaller than the log files themselves), +# and pull them back in for later processing and merging with data from previous logs. +# +#parsed_output_log none + +# TAG: parsed_output_log_compress /bin/gzip|/usr/bin/bzip2|nocompress +# Command to run to compress sarg parsed output log. It may contain +# options (such as -f to overwrite existing target file). The name of +# the file to compresse is provided at the end of this +# command line. Don't forget to quote things appropriately. +# +#parsed_output_log_compress /bin/gzip + +# TAG: displayed_values bytes|abbreviation +# how the values will be displayed in reports. +# eg. bytes - 209.526 +# abbreviation - 210K +# +#displayed_values bytes + +# Report limits +# TAG: authfail_report_limit n +# TAG: denied_report_limit n +# TAG: siteusers_report_limit n +# TAG: squidguard_report_limit n +# TAG: user_report_limit n +# TAG: dansguardian_report_limit n +# TAG: download_report_limit n +# report limits (lines). +# '0' no limit +# +#authfail_report_limit 10 +#denied_report_limit 10 +#siteusers_report_limit 0 +#squidguard_report_limit 10 +#dansguardian_report_limit 10 +#user_report_limit 10 +#user_report_limit 50 + +# TAG: www_document_root dir +# Where is your Web DocumentRoot +# Sarg will create sarg-php directory with some PHP modules: +# - sarg-squidguard-block.php - add urls from user reports to squidGuard DB +# +#www_document_root /var/www/html + +# TAG: block_it module_url +# This tag allow you to pass urls from user reports to a cgi or php module, +# to be blocked by some Squid acl +# +# Eg.: block_it /sarg-php/sarg-block-it.php +# sarg-block-it is a php that will append a url to a flat file. +# You must change /var/www/html/sarg-php/sarg-block-it to point to your file +# in $filename variable, and chown to a httpd owner. +# +# sarg will pass http://module_url?url=url +# +#block_it none + +# TAG: external_css_file path +# Provide the path to an external css file to link into the HTML reports instead of +# the inline css written by sarg when this option is not set. +# +# In versions prior to 2.3, this used to be an absolute file name to +# a file to include verbatim in each HTML page but, as it takes a lot of +# space, version 2.3 switched to a link to an external css file. +# Therefore, this option must contain the HTTP server path on which a client +# browser may find the css file. +# +# Sarg use theses style classes: +# .logo logo class +# .info sarg information class, align=center +# .title_c title class, align=center +# .header_c header class, align:center +# .header_l header class, align:left +# .header_r header class, align:right +# .text text class, align:right +# .data table text class, align:right +# .data2 table text class, align:left +# .data3 table text class, align:center +# .link link class +# +# Sarg can be instructed to output the internal css it inline +# into the reports with this command: +# +# sarg --css +# +# You can redirect the output to a file of your choice and edit +# it to your liking. +# +#external_css_file none + +# TAG: user_authentication yes|no +# Allow user authentication in User Reports using .htaccess +# Parameters: +# AuthUserTemplateFile - The template to use to create the +# .htaccess file. In the template, %u is replaced by the +# user's ID for which the report is generated. The path of the +# template is relative to the directory containing sarg +# configuration file. +# +# user_authentication no +# AuthUserTemplateFile sarg_htaccess + +# TAG: download_suffix "suffix,suffix,...,suffix" +# file suffix to be considered as "download" in Download report. +# Use 'none' to disable. +# +download_suffix "zip,arj,bzip,gz,ace,doc,iso,adt,bin,cab,com,dot,drv$,lha,lzh,mdb,mso,ppt,rtf,src,shs,sys,exe,dll,mp3,avi,mpg,mpeg" + +# TAG: ulimit n +# The maximum number of open file descriptors to avoid "Too many open files" error message. +# You need to run sarg as root to use ulimit tag. +# If you run sarg with a low privilege user, set to 'none' to disable ulimit +# +#ulimit 20000 + +# TAG: ntlm_user_format username|domainname+username +# NTLM users format. +# +#ntlm_user_format domainname+username + +# TAG: realtime_refresh_time num sec +# How many time to auto refresh the realtime report +# 0 = disable +# +# realtime_refresh_time 3 + +# TAG: realtime_access_log_lines num +# How many last lines to get from access.log file +# +# realtime_access_log_lines 1000 + +# TAG: realtime_types: GET,PUT,CONNECT,ICP_QUERY,POST +# Which records must be in realtime report. +# +# realtime_types GET,PUT,CONNECT + +# TAG: realtime_unauthenticated_records: ignore|show +# What to do with unauthenticated records in realtime report. +# +# realtime_unauthenticated_records: show + +# TAG: byte_cost value no_cost_limit +# Cost per byte. +# Eg. byte_cost 0.01 100000000 +# per byte cost = 0.01 +# bytes with no cost = 100 Mb +# 0 = disable +# +# byte_cost 0.01 50000000 + +# TAG: squid24 on|off +# Compatilibity with squid version <= 2.4 when using emulate_http_log on +# +# squid24 off diff --git a/config/sarg/update-sarg-reports b/config/sarg/update-sarg-reports new file mode 100644 index 0000000..9f2ab4c --- /dev/null +++ b/config/sarg/update-sarg-reports @@ -0,0 +1,188 @@ +#!/bin/bash +############################################################################### +# # +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) 2012 Michael Tremer # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +export LC_ALL=C + +SARG_CONFIG="/etc/sarg/sarg.conf" +SQUID_LOG="/var/log/squid/access.log" +REPORTS_PATH="/var/log/sarg" + +function date_calc() { + local when + local range="false" + + case "${1}" in + month) + when="1 month ago" + range="true" + ;; + week) + when="1 week ago" + ;; + yesterday) + when="1 day ago" + ;; + today) + when="today" + ;; + *) + return 1 + ;; + esac + + if [ "${range}" = "true" ]; then + echo "$(date --date "${when}" +01/%m/%Y)-$(date --date "${when}" +31/%m/%Y)" + else + date --date "${when}" +%d/%m/%Y + fi + + return 0 +} + +function compile_report() { + local interval=${1} + + local date + case "${interval}" in + today) + date=$(date_calc today) + ;; + daily) + date=$(date_calc yesterday) + ;; + weekly) + date="$(date_calc week)-$(date_calc yesterday)" + ;; + monthly) + date="$(date_calc month)" + ;; + esac + [ -n "${date}" ] || return 1 + + # Determine max. number of archived log files to search. + local max_logs + case "${interval}" in + today|daily) + max_logs=3 + ;; + weekly) + max_logs=14 + ;; + monthly) + max_logs=40 + ;; + esac + + # Create reports_path, if not exists. + local reports_path="${REPORTS_PATH}/${interval}" + mkdir -p ${reports_path} + + # Remove already existant data on today's reports. + case "${interval}" in + today) + rm -rf ${reports_path}/* + ;; + esac + + # Run SARG. + get_logs ${max_logs} | sarg -f ${SARG_CONFIG} -l - -d ${date} -o ${reports_path} +} + +function get_logs() { + local max=${1} + + if [ -z "${max}" ]; then + max=10000 + fi + + local idx=0 + while [ ${idx} -le ${max} ]; do + file=$(search_log_file ${idx}) + + # If no log file could be opened, we are done. + [ -z "${file}" ] && break + + case "${file}" in + # Logs in plain text. + *.log) + cat ${file} + ;; + + # GZip compressed log files. + *.gz) + gzip -d < ${file} + ;; + + # XZ compressed log files. + *.xz) + xz -d < ${file} + ;; + + # Unhandled stuff. + *) + echo "Unhandled file type: ${file}" >&2 + ;; + esac + + idx=$(( ${idx} + 1 )) + done + + return 0 +} + +function search_log_file() { + local idx=${1} + + if [ "${idx}" = "0" ] && [ -e "${SQUID_LOG}" ]; then + echo "${SQUID_LOG}" + return 0 + fi + + local algo + for algo in gz xz; do + file="${SQUID_LOG}.${idx}.${algo}" + + if [ -e "${file}" ]; then + echo "${file}" + return 0 + fi + done + + return 1 +} + +# Main. + +case "${1}" in + today|daily|weekly|monthly) + compile_report ${1} + ;; + *) + echo "${0} - Squid proxy reports creation tool" + echo + echo "Usage: ${0} [interval]" + echo " interval: today, daily, weekly, monthly" + echo + exit 0 + ;; +esac + +exit 0 diff --git a/doc/language_issues.de b/doc/language_issues.de index 5a42ae5..137217c 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -68,6 +68,9 @@ WARNING: translation string unused: cache size WARNING: translation string unused: calamaris report interval (in minutes) WARNING: translation string unused: calc traffic all x minutes WARNING: translation string unused: capsinactive +WARNING: translation string unused: ccd err iroute +WARNING: translation string unused: ccd err netadr +WARNING: translation string unused: ccd maxclients WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config diff --git a/doc/language_issues.en b/doc/language_issues.en index 6d6a2a6..68fef77 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -87,6 +87,8 @@ WARNING: translation string unused: cache size WARNING: translation string unused: calamaris report interval (in minutes) WARNING: translation string unused: calc traffic all x minutes WARNING: translation string unused: capsinactive +WARNING: translation string unused: ccd err iroute +WARNING: translation string unused: ccd err netadr WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config diff --git a/doc/language_issues.es b/doc/language_issues.es index 6bcbf86..eca067d 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -500,7 +500,43 @@ WARNING: untranslated string: Async logging enabled WARNING: untranslated string: Scan for Songs WARNING: untranslated string: Set time on boot WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: attention WARNING: untranslated string: bytes +WARNING: untranslated string: ccd add +WARNING: untranslated string: ccd choose net +WARNING: untranslated string: ccd client options +WARNING: untranslated string: ccd clientip +WARNING: untranslated string: ccd dynrange +WARNING: untranslated string: ccd err blue +WARNING: untranslated string: ccd err green +WARNING: untranslated string: ccd err hostinnet +WARNING: untranslated string: ccd err inuse +WARNING: untranslated string: ccd err invalidname +WARNING: untranslated string: ccd err invalidnet +WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isipsecnet +WARNING: untranslated string: ccd err isovpnnet +WARNING: untranslated string: ccd err issubnet +WARNING: untranslated string: ccd err name +WARNING: untranslated string: ccd err nameexist +WARNING: untranslated string: ccd err netadrexist +WARNING: untranslated string: ccd err orange +WARNING: untranslated string: ccd err red +WARNING: untranslated string: ccd err routeovpn +WARNING: untranslated string: ccd err routeovpn2 +WARNING: untranslated string: ccd hint +WARNING: untranslated string: ccd invalid +WARNING: untranslated string: ccd iroute +WARNING: untranslated string: ccd iroute2 +WARNING: untranslated string: ccd iroutehint +WARNING: untranslated string: ccd modify +WARNING: untranslated string: ccd name +WARNING: untranslated string: ccd net +WARNING: untranslated string: ccd noaddnet +WARNING: untranslated string: ccd none +WARNING: untranslated string: ccd routes +WARNING: untranslated string: ccd subnet +WARNING: untranslated string: ccd used WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: fireinfo ipfire version WARNING: untranslated string: fireinfo is disabled @@ -546,11 +582,28 @@ WARNING: untranslated string: outgoing firewall p2p description 2 WARNING: untranslated string: outgoing firewall p2p description 3 WARNING: untranslated string: outgoing firewall reserved groupname WARNING: untranslated string: outgoing firewall view group +WARNING: untranslated string: ovpn errmsg green already pushed +WARNING: untranslated string: ovpn errmsg invalid ip or mask +WARNING: untranslated string: ovpn mtu-disc +WARNING: untranslated string: ovpn mtu-disc and mtu not 1500 +WARNING: untranslated string: ovpn mtu-disc maybe +WARNING: untranslated string: ovpn mtu-disc no +WARNING: untranslated string: ovpn mtu-disc off +WARNING: untranslated string: ovpn mtu-disc with mssfix or fragment +WARNING: untranslated string: ovpn mtu-disc yes +WARNING: untranslated string: ovpn routes push +WARNING: untranslated string: ovpn routes push options WARNING: untranslated string: pakfire ago +WARNING: untranslated string: proxy reports +WARNING: untranslated string: proxy reports daily +WARNING: untranslated string: proxy reports monthly +WARNING: untranslated string: proxy reports today +WARNING: untranslated string: proxy reports weekly WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: server restart WARNING: untranslated string: static routes WARNING: untranslated string: system information WARNING: untranslated string: visit us at diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 189932f..91beb6f 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -499,7 +499,43 @@ WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: Scan for Songs WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: attention WARNING: untranslated string: bytes +WARNING: untranslated string: ccd add +WARNING: untranslated string: ccd choose net +WARNING: untranslated string: ccd client options +WARNING: untranslated string: ccd clientip +WARNING: untranslated string: ccd dynrange +WARNING: untranslated string: ccd err blue +WARNING: untranslated string: ccd err green +WARNING: untranslated string: ccd err hostinnet +WARNING: untranslated string: ccd err inuse +WARNING: untranslated string: ccd err invalidname +WARNING: untranslated string: ccd err invalidnet +WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isipsecnet +WARNING: untranslated string: ccd err isovpnnet +WARNING: untranslated string: ccd err issubnet +WARNING: untranslated string: ccd err name +WARNING: untranslated string: ccd err nameexist +WARNING: untranslated string: ccd err netadrexist +WARNING: untranslated string: ccd err orange +WARNING: untranslated string: ccd err red +WARNING: untranslated string: ccd err routeovpn +WARNING: untranslated string: ccd err routeovpn2 +WARNING: untranslated string: ccd hint +WARNING: untranslated string: ccd invalid +WARNING: untranslated string: ccd iroute +WARNING: untranslated string: ccd iroute2 +WARNING: untranslated string: ccd iroutehint +WARNING: untranslated string: ccd modify +WARNING: untranslated string: ccd name +WARNING: untranslated string: ccd net +WARNING: untranslated string: ccd noaddnet +WARNING: untranslated string: ccd none +WARNING: untranslated string: ccd routes +WARNING: untranslated string: ccd subnet +WARNING: untranslated string: ccd used WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: dns address deleted txt WARNING: untranslated string: fireinfo ipfire version @@ -534,11 +570,24 @@ WARNING: untranslated string: openvpn subnet is used WARNING: untranslated string: other WARNING: untranslated string: our donors WARNING: untranslated string: outgoing firewall reserved groupname +WARNING: untranslated string: ovpn mtu-disc +WARNING: untranslated string: ovpn mtu-disc and mtu not 1500 +WARNING: untranslated string: ovpn mtu-disc maybe +WARNING: untranslated string: ovpn mtu-disc no +WARNING: untranslated string: ovpn mtu-disc off +WARNING: untranslated string: ovpn mtu-disc with mssfix or fragment +WARNING: untranslated string: ovpn mtu-disc yes WARNING: untranslated string: pakfire ago +WARNING: untranslated string: proxy reports +WARNING: untranslated string: proxy reports daily +WARNING: untranslated string: proxy reports monthly +WARNING: untranslated string: proxy reports today +WARNING: untranslated string: proxy reports weekly WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: server restart WARNING: untranslated string: snort working WARNING: untranslated string: static routes WARNING: untranslated string: system information diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 6bcbf86..eca067d 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -500,7 +500,43 @@ WARNING: untranslated string: Async logging enabled WARNING: untranslated string: Scan for Songs WARNING: untranslated string: Set time on boot WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: attention WARNING: untranslated string: bytes +WARNING: untranslated string: ccd add +WARNING: untranslated string: ccd choose net +WARNING: untranslated string: ccd client options +WARNING: untranslated string: ccd clientip +WARNING: untranslated string: ccd dynrange +WARNING: untranslated string: ccd err blue +WARNING: untranslated string: ccd err green +WARNING: untranslated string: ccd err hostinnet +WARNING: untranslated string: ccd err inuse +WARNING: untranslated string: ccd err invalidname +WARNING: untranslated string: ccd err invalidnet +WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isipsecnet +WARNING: untranslated string: ccd err isovpnnet +WARNING: untranslated string: ccd err issubnet +WARNING: untranslated string: ccd err name +WARNING: untranslated string: ccd err nameexist +WARNING: untranslated string: ccd err netadrexist +WARNING: untranslated string: ccd err orange +WARNING: untranslated string: ccd err red +WARNING: untranslated string: ccd err routeovpn +WARNING: untranslated string: ccd err routeovpn2 +WARNING: untranslated string: ccd hint +WARNING: untranslated string: ccd invalid +WARNING: untranslated string: ccd iroute +WARNING: untranslated string: ccd iroute2 +WARNING: untranslated string: ccd iroutehint +WARNING: untranslated string: ccd modify +WARNING: untranslated string: ccd name +WARNING: untranslated string: ccd net +WARNING: untranslated string: ccd noaddnet +WARNING: untranslated string: ccd none +WARNING: untranslated string: ccd routes +WARNING: untranslated string: ccd subnet +WARNING: untranslated string: ccd used WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: fireinfo ipfire version WARNING: untranslated string: fireinfo is disabled @@ -546,11 +582,28 @@ WARNING: untranslated string: outgoing firewall p2p description 2 WARNING: untranslated string: outgoing firewall p2p description 3 WARNING: untranslated string: outgoing firewall reserved groupname WARNING: untranslated string: outgoing firewall view group +WARNING: untranslated string: ovpn errmsg green already pushed +WARNING: untranslated string: ovpn errmsg invalid ip or mask +WARNING: untranslated string: ovpn mtu-disc +WARNING: untranslated string: ovpn mtu-disc and mtu not 1500 +WARNING: untranslated string: ovpn mtu-disc maybe +WARNING: untranslated string: ovpn mtu-disc no +WARNING: untranslated string: ovpn mtu-disc off +WARNING: untranslated string: ovpn mtu-disc with mssfix or fragment +WARNING: untranslated string: ovpn mtu-disc yes +WARNING: untranslated string: ovpn routes push +WARNING: untranslated string: ovpn routes push options WARNING: untranslated string: pakfire ago +WARNING: untranslated string: proxy reports +WARNING: untranslated string: proxy reports daily +WARNING: untranslated string: proxy reports monthly +WARNING: untranslated string: proxy reports today +WARNING: untranslated string: proxy reports weekly WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: server restart WARNING: untranslated string: static routes WARNING: untranslated string: system information WARNING: untranslated string: visit us at diff --git a/doc/language_issues.ru b/doc/language_issues.ru index e25d81d..e36449a 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -491,7 +491,43 @@ WARNING: untranslated string: Add a route WARNING: untranslated string: Edit an existing route WARNING: untranslated string: Scan for Songs WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: attention WARNING: untranslated string: bytes +WARNING: untranslated string: ccd add +WARNING: untranslated string: ccd choose net +WARNING: untranslated string: ccd client options +WARNING: untranslated string: ccd clientip +WARNING: untranslated string: ccd dynrange +WARNING: untranslated string: ccd err blue +WARNING: untranslated string: ccd err green +WARNING: untranslated string: ccd err hostinnet +WARNING: untranslated string: ccd err inuse +WARNING: untranslated string: ccd err invalidname +WARNING: untranslated string: ccd err invalidnet +WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isipsecnet +WARNING: untranslated string: ccd err isovpnnet +WARNING: untranslated string: ccd err issubnet +WARNING: untranslated string: ccd err name +WARNING: untranslated string: ccd err nameexist +WARNING: untranslated string: ccd err netadrexist +WARNING: untranslated string: ccd err orange +WARNING: untranslated string: ccd err red +WARNING: untranslated string: ccd err routeovpn +WARNING: untranslated string: ccd err routeovpn2 +WARNING: untranslated string: ccd hint +WARNING: untranslated string: ccd invalid +WARNING: untranslated string: ccd iroute +WARNING: untranslated string: ccd iroute2 +WARNING: untranslated string: ccd iroutehint +WARNING: untranslated string: ccd modify +WARNING: untranslated string: ccd name +WARNING: untranslated string: ccd net +WARNING: untranslated string: ccd noaddnet +WARNING: untranslated string: ccd none +WARNING: untranslated string: ccd routes +WARNING: untranslated string: ccd subnet +WARNING: untranslated string: ccd used WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: disk access per WARNING: untranslated string: extrahd because there is already a device mounted @@ -516,10 +552,23 @@ WARNING: untranslated string: other WARNING: untranslated string: our donors WARNING: untranslated string: outgoing firewall reserved groupname WARNING: untranslated string: outgoing traffic in bytes per second +WARNING: untranslated string: ovpn mtu-disc +WARNING: untranslated string: ovpn mtu-disc and mtu not 1500 +WARNING: untranslated string: ovpn mtu-disc maybe +WARNING: untranslated string: ovpn mtu-disc no +WARNING: untranslated string: ovpn mtu-disc off +WARNING: untranslated string: ovpn mtu-disc with mssfix or fragment +WARNING: untranslated string: ovpn mtu-disc yes +WARNING: untranslated string: proxy reports +WARNING: untranslated string: proxy reports daily +WARNING: untranslated string: proxy reports monthly +WARNING: untranslated string: proxy reports today +WARNING: untranslated string: proxy reports weekly WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: server restart WARNING: untranslated string: static routes WARNING: untranslated string: visit us at WARNING: untranslated string: vpn keyexchange diff --git a/doc/language_missings b/doc/language_missings index 55e0e40..83fbf90 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -4,6 +4,7 @@ ############################################################################ # Checking cgi-bin translations for language: en # ############################################################################ +< ccd maxclients ############################################################################ # Checking install/setup translations for language: fr # ############################################################################ @@ -11,6 +12,45 @@ # Checking cgi-bin translations for language: fr # ############################################################################ < advproxy errmsg invalid upstream proxy +< attention +< ccd add +< ccd choose net +< ccd clientip +< ccd client options +< ccd dynrange +< ccd err blue +< ccd err green +< ccd err hostinnet +< ccd err inuse +< ccd err invalidname +< ccd err invalidnet +< ccd err iroute +< ccd err irouteexist +< ccd err isipsecnet +< ccd err isovpnnet +< ccd err issubnet +< ccd err name +< ccd err nameexist +< ccd err netadr +< ccd err netadrexist +< ccd err orange +< ccd err red +< ccd err routeovpn +< ccd err routeovpn2 +< ccd hint +< ccd invalid +< ccd iroute +< ccd iroute2 +< ccd iroutehint +< ccd maxclients +< ccd modify +< ccd name +< ccd net +< ccd noaddnet +< ccd none +< ccd routes +< ccd subnet +< ccd used < deprecated fs warn < dns address deleted txt < fireinfo ipfire version @@ -45,6 +85,19 @@ < openvpn subnet is used < other < our donors +< ovpn mtu-disc +< ovpn mtu-disc and mtu not 1500 +< ovpn mtu-disc maybe +< ovpn mtu-disc no +< ovpn mtu-disc off +< ovpn mtu-disc with mssfix or fragment +< ovpn mtu-disc yes +< proxy reports +< proxy reports daily +< proxy reports monthly +< proxy reports today +< proxy reports weekly +< server restart < snort working < static routes < system information @@ -81,6 +134,45 @@ ############################################################################ < advproxy errmsg invalid upstream proxy < Async logging enabled +< attention +< ccd add +< ccd choose net +< ccd clientip +< ccd client options +< ccd dynrange +< ccd err blue +< ccd err green +< ccd err hostinnet +< ccd err inuse +< ccd err invalidname +< ccd err invalidnet +< ccd err iroute +< ccd err irouteexist +< ccd err isipsecnet +< ccd err isovpnnet +< ccd err issubnet +< ccd err name +< ccd err nameexist +< ccd err netadr +< ccd err netadrexist +< ccd err orange +< ccd err red +< ccd err routeovpn +< ccd err routeovpn2 +< ccd hint +< ccd invalid +< ccd iroute +< ccd iroute2 +< ccd iroutehint +< ccd maxclients +< ccd modify +< ccd name +< ccd net +< ccd noaddnet +< ccd none +< ccd routes +< ccd subnet +< ccd used < deprecated fs warn < fireinfo ipfire version < fireinfo is disabled @@ -126,6 +218,23 @@ < outgoing firewall p2p description 2 < outgoing firewall p2p description 3 < outgoing firewall view group +< ovpn errmsg green already pushed +< ovpn errmsg invalid ip or mask +< ovpn mtu-disc +< ovpn mtu-disc and mtu not 1500 +< ovpn mtu-disc maybe +< ovpn mtu-disc no +< ovpn mtu-disc off +< ovpn mtu-disc with mssfix or fragment +< ovpn mtu-disc yes +< ovpn routes push +< ovpn routes push options +< proxy reports +< proxy reports daily +< proxy reports monthly +< proxy reports today +< proxy reports weekly +< server restart < Set time on boot < static routes < system information @@ -138,6 +247,45 @@ # Checking cgi-bin translations for language: pl # ############################################################################ < advproxy errmsg invalid upstream proxy +< attention +< ccd add +< ccd choose net +< ccd clientip +< ccd client options +< ccd dynrange +< ccd err blue +< ccd err green +< ccd err hostinnet +< ccd err inuse +< ccd err invalidname +< ccd err invalidnet +< ccd err iroute +< ccd err irouteexist +< ccd err isipsecnet +< ccd err isovpnnet +< ccd err issubnet +< ccd err name +< ccd err nameexist +< ccd err netadr +< ccd err netadrexist +< ccd err orange +< ccd err red +< ccd err routeovpn +< ccd err routeovpn2 +< ccd hint +< ccd invalid +< ccd iroute +< ccd iroute2 +< ccd iroutehint +< ccd maxclients +< ccd modify +< ccd name +< ccd net +< ccd noaddnet +< ccd none +< ccd routes +< ccd subnet +< ccd used < deprecated fs warn < extrahd because there is already a device mounted < extrahd cant umount @@ -161,6 +309,23 @@ < openvpn subnet is used < other < our donors +< ovpn errmsg green already pushed +< ovpn errmsg invalid ip or mask +< ovpn mtu-disc +< ovpn mtu-disc and mtu not 1500 +< ovpn mtu-disc maybe +< ovpn mtu-disc no +< ovpn mtu-disc off +< ovpn mtu-disc with mssfix or fragment +< ovpn mtu-disc yes +< ovpn routes push +< ovpn routes push options +< proxy reports +< proxy reports daily +< proxy reports monthly +< proxy reports today +< proxy reports weekly +< server restart < static routes < visit us at < vpn keyexchange @@ -172,6 +337,45 @@ ############################################################################ < Add a route < advproxy errmsg invalid upstream proxy +< attention +< ccd add +< ccd choose net +< ccd clientip +< ccd client options +< ccd dynrange +< ccd err blue +< ccd err green +< ccd err hostinnet +< ccd err inuse +< ccd err invalidname +< ccd err invalidnet +< ccd err iroute +< ccd err irouteexist +< ccd err isipsecnet +< ccd err isovpnnet +< ccd err issubnet +< ccd err name +< ccd err nameexist +< ccd err netadr +< ccd err netadrexist +< ccd err orange +< ccd err red +< ccd err routeovpn +< ccd err routeovpn2 +< ccd hint +< ccd invalid +< ccd iroute +< ccd iroute2 +< ccd iroutehint +< ccd maxclients +< ccd modify +< ccd name +< ccd net +< ccd noaddnet +< ccd none +< ccd routes +< ccd subnet +< ccd used < day-graph < deprecated fs warn < disk access per @@ -203,6 +407,19 @@ < other < our donors < outgoing traffic in bytes per second +< ovpn mtu-disc +< ovpn mtu-disc and mtu not 1500 +< ovpn mtu-disc maybe +< ovpn mtu-disc no +< ovpn mtu-disc off +< ovpn mtu-disc with mssfix or fragment +< ovpn mtu-disc yes +< proxy reports +< proxy reports daily +< proxy reports monthly +< proxy reports today +< proxy reports weekly +< server restart < static routes < visit us at < vpn keyexchange diff --git a/html/cgi-bin/logs.cgi/calamaris.dat b/html/cgi-bin/logs.cgi/calamaris.dat index 19a3693..07fdf8a 100644 --- a/html/cgi-bin/logs.cgi/calamaris.dat +++ b/html/cgi-bin/logs.cgi/calamaris.dat @@ -24,6 +24,7 @@ my $unique=time;
my $squidlogdir = "/var/log/squid"; my $reportdir = "${General::swroot}/proxy/calamaris/reports"; +my $sargdir = "/var/log/sarg";
unless (-e $reportdir) { mkdir($reportdir) }
@@ -98,6 +99,7 @@ if ($reportsettings{'ACTION'} eq $Lang::tr{'calamaris create report'}) delete $reportsettings{'DAY_END'}; delete $reportsettings{'MONTH_END'}; delete $reportsettings{'YEAR_END'}; + delete $reportsettings{'REPORT'};
&General::writehash("${General::swroot}/proxy/calamaris/settings", %reportsettings);
@@ -240,6 +242,86 @@ if ($errormessage) { &Header::closebox(); }
+# Link sarg reports. +if (-e $sargdir) { + &Header::openbox('100%', 'left', "$Lang::tr{'proxy reports'}:"); + + print <<END; + <table width="100%"> + <tr> +END + + # Today. + if (-e "$sargdir/today") { + print <<END; + <td width="25%" align="center"> + <a href="/proxy-reports/today" target="_blank">$Lang::tr{'proxy reports today'}</a> + </td> +END + } else { + print <<END; + <td width="25%" align="center"> + $Lang::tr{'proxy reports today'} + </td> +END + } + + # Daily. + if (-e "$sargdir/daily") { + print <<END; + <td width="25%" align="center"> + <a href="/proxy-reports/daily" target="_blank">$Lang::tr{'proxy reports daily'}</a> + </td> +END + } else { + print <<END; + <td width="25%" align="center"> + $Lang::tr{'proxy reports daily'} + </td> +END + } + + # Weekly. + if (-e "$sargdir/weekly") { + print <<END; + <td width="25%" align="center"> + <a href="/proxy-reports/weekly" target="_blank">$Lang::tr{'proxy reports weekly'}</a> + </td> +END + } else { + print <<END; + <td width="25%" align="center"> + $Lang::tr{'proxy reports weekly'} + </td> +END + } + + # Monthly. + if (-e "$sargdir/monthly") { + print <<END; + <td width="25%" align="center"> + <a href="/proxy-reports/monthly" target="_blank">$Lang::tr{'proxy reports monthly'}</a> + </td> +END + } else { + print <<END; + <td width="25%" align="center"> + $Lang::tr{'proxy reports monthly'} + </td> +END + } + + print <<END; + </tr> + </table> + + <br><br> +END + + &Header::closebox(); +} + + &Header::openbox('100%', 'left', "$Lang::tr{'settings'}:");
print <<END @@ -493,12 +575,11 @@ END if (@reports) { print "<td><select name='REPORT' size='5'>\n"; - my $n=0; foreach (@reports) { @reportdata=split(/#/); print "\t<option "; - if ($n eq '0') { print "selected "; $reportsettings{'REPORT'}=$reportdata[1]; $n++} + if ($reportsettings{'REPORT'} eq $reportdata[1]) { print "selected ";} print "value='$reportdata[1]'>$reportdata[2] - $reportdata[3]</option>\n"; } print "</select></td>\n"; diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi old mode 100644 new mode 100755 index 990fe66..2b0c4ba --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -36,10 +36,10 @@ require "${General::swroot}/header.pl"; require "${General::swroot}/countries.pl";
# enable only the following on debugging purpose -use warnings; -use CGI::Carp 'fatalsToBrowser'; +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; #workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::colourgreen} ); +my @dummy = ( ${Header::colourgreen}, ${Header::colourblue} ); undef (@dummy);
my %color = (); @@ -50,6 +50,9 @@ my %mainsettings = (); ### ### Initialize variables ### +my %ccdconfhash=(); +my %ccdroutehash=(); +my %ccdroute2hash=(); my %netsettings=(); my %cgiparams=(); my %vpnsettings=(); @@ -61,6 +64,10 @@ my $warnmessage = ''; my $errormessage = ''; my %settings=(); my $routes_push_file = ''; +my $confighost="${General::swroot}/fwhosts/customhosts"; +my $configgrp="${General::swroot}/fwhosts/customgroups"; +my $customnet="${General::swroot}/fwhosts/customnetworks"; +my $name; &General::readhash("${General::swroot}/ethernet/settings", %netsettings); $cgiparams{'ENABLED'} = 'off'; $cgiparams{'ENABLED_BLUE'} = 'off'; @@ -77,8 +84,13 @@ $cgiparams{'DHCP_WINS'} = ''; $cgiparams{'ROUTES_PUSH'} = ''; $cgiparams{'DCOMPLZO'} = 'off'; $cgiparams{'MSSFIX'} = ''; +$cgiparams{'number'} = ''; +$cgiparams{'PMTU_DISCOVERY'} = ''; $routes_push_file = "${General::swroot}/ovpn/routes_push"; unless (-e $routes_push_file) { system("touch $routes_push_file"); } +unless (-e "${General::swroot}/ovpn/ccd.conf") { system("touch ${General::swroot}/ovpn/ccd.conf"); } +unless (-e "${General::swroot}/ovpn/ccdroute") { system("touch ${General::swroot}/ovpn/ccdroute"); } +unless (-e "${General::swroot}/ovpn/ccdroute2") { system("touch ${General::swroot}/ovpn/ccdroute2"); }
&Header::getcgihash(%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
@@ -313,7 +325,6 @@ sub disallowreserved return; }
- sub writeserverconf { my %sovpnsettings = (); my @temp = (); @@ -329,7 +340,6 @@ sub writeserverconf { print CONF "#DAN prepare OpenVPN for listening on blue and orange\n"; print CONF ";local $sovpnsettings{'VPN_IP'}\n"; print CONF "dev $sovpnsettings{'DDEVICE'}\n"; - print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; print CONF "proto $sovpnsettings{'DPROTOCOL'}\n"; print CONF "port $sovpnsettings{'DDEST_PORT'}\n"; print CONF "script-security 3 system\n"; @@ -342,18 +352,48 @@ sub writeserverconf { print CONF "dh /var/ipfire/ovpn/ca/dh1024.pem\n"; my @tempovpnsubnet = split("/",$sovpnsettings{'DOVPN_SUBNET'}); print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n"; - print CONF "push "route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}"\n"; - + #print CONF "push "route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}"\n"; + + # Check if we are using mssfix, fragment or mtu-disc and set the corretct mtu of 1500. + # If we doesn't use one of them, we can use the configured mtu value. + if ($sovpnsettings{'MSSFIX'} eq 'on') + { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } + elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') + { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } + elsif (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') || + ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') || + ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' )) + { print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; } + else + { print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; } + if ($vpnsettings{'ROUTES_PUSH'} ne '') { - @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'}); - foreach (@temp) - { - @tempovpnsubnet = split("/",&General::ipcidr2msk($_)); - print CONF "push "route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . ""\n"; + @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'}); + foreach (@temp) + { + @tempovpnsubnet = split("/",&General::ipcidr2msk($_)); + print CONF "push "route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . ""\n"; + } } - } +# a.marx ccd + my %ccdconfhash=(); + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + foreach my $key (keys %ccdconfhash) { + my $a=$ccdconfhash{$key}[1]; + my ($b,$c) = split (///, $a); + print CONF "route $b ".&General::cidrtosub($c)."\n"; + } + my %ccdroutehash=(); + &General::readhasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + foreach my $key (keys %ccdroutehash) { + foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){ + my ($a,$b)=split (///,$ccdroutehash{$key}[$i]); + print CONF "route $a $b\n"; + } + } +# ccd end
- if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { + if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { print CONF "client-to-client\n"; } if ($sovpnsettings{MSSFIX} eq 'on') { @@ -362,6 +402,14 @@ sub writeserverconf { if ($sovpnsettings{FRAGMENT} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp') { print CONF "fragment $sovpnsettings{'FRAGMENT'}\n"; } + + # Check if a valid operating mode has been choosen and use it. + if (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') || + ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') || + ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' )) { + print CONF "mtu-disc $sovpnsettings{'PMTU_DISCOVERY'}\n"; + } + if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) { print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n"; } @@ -407,7 +455,7 @@ sub writeserverconf {
close(CONF); } -# + sub emptyserverlog{ if (open(FILE, ">/var/log/ovpnserver.log")) { flock FILE, 2; @@ -417,6 +465,274 @@ sub emptyserverlog{
}
+sub delccdnet +{ + my %ccdconfhash = (); + my %ccdhash = (); + my $ccdnetname=$_[0]; + if (-f "${General::swroot}/ovpn/ovpnconfig"){ + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %ccdhash); + foreach my $key (keys %ccdhash) { + if ($ccdhash{$key}[32] eq $ccdnetname) { + $errormessage=$Lang::tr{'ccd err hostinnet'}; + return; + } + } + } + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + foreach my $key (keys %ccdconfhash) { + if ($ccdconfhash{$key}[0] eq $ccdnetname){ + delete $ccdconfhash{$key}; + } + } + &General::writehasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + + &writeserverconf; + return 0; +} + +sub addccdnet +{ + my %ccdconfhash=(); + my @ccdconf=(); + my $ccdname=$_[0]; + my $ccdnet=$_[1]; + my $subcidr; + my @ip2=(); + my $checkup; + my $ccdip; + my $baseaddress; + + + #check name + if ($ccdname eq '') + { + $errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>"; + return + } + + if(!&General::validhostname($ccdname)) + { + $errormessage=$Lang::tr{'ccd err invalidname'}; + return; + } + + ($ccdip,$subcidr) = split (///,$ccdnet); + $subcidr=&General::iporsubtocidr($subcidr); + #check subnet + if ($subcidr > 30) + { + $errormessage=$Lang::tr{'ccd err invalidnet'}; + return; + } + #check ip + if (!&General::validipandmask($ccdnet)){ + $errormessage=$Lang::tr{'ccd err invalidnet'}; + return; + } + + $errormessage=&General::checksubnets($ccdname,$ccdnet); + + + if (!$errormessage) { + my %ccdconfhash=(); + $baseaddress=&General::getnetworkip($ccdip,$subcidr); + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + my $key = &General::findhasharraykey (%ccdconfhash); + foreach my $i (0 .. 1) { $ccdconfhash{$key}[$i] = "";} + $ccdconfhash{$key}[0] = $ccdname; + $ccdconfhash{$key}[1] = $baseaddress."/".$subcidr; + &General::writehasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + &writeserverconf; + $cgiparams{'ccdname'}=''; + $cgiparams{'ccdsubnet'}=''; + return 1; + } +} + +sub modccdnet +{ + + my $newname=$_[0]; + my $oldname=$_[1]; + my %ccdconfhash=(); + my %ccdhash=(); + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + foreach my $key (keys %ccdconfhash) { + if ($ccdconfhash{$key}[0] eq $oldname) { + foreach my $key1 (keys %ccdconfhash) { + if ($ccdconfhash{$key1}[0] eq $newname){ + $errormessage=$errormessage.$Lang::tr{'ccd err netadrexist'}; + return; + }else{ + $ccdconfhash{$key}[0]= $newname; + &General::writehasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + last; + } + } + } + } + + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %ccdhash); + foreach my $key (keys %ccdhash) { + if ($ccdhash{$key}[32] eq $oldname) { + $ccdhash{$key}[32]=$newname; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %ccdhash); + last; + } + } + + return 0; +} +sub ccdmaxclients +{ + my $ccdnetwork=$_[0]; + my @octets=(); + my @subnet=(); + @octets=split("/",$ccdnetwork); + @subnet= split /./, &General::cidrtosub($octets[1]); + my ($a,$b,$c,$d,$e); + $a=256-$subnet[0]; + $b=256-$subnet[1]; + $c=256-$subnet[2]; + $d=256-$subnet[3]; + $e=($a*$b*$c*$d)/4; + return $e-1; +} + +sub getccdadresses +{ + my $ipin=$_[0]; + my ($ip1,$ip2,$ip3,$ip4)=split /./, $ipin; + my $cidr=$_[1]; + chomp($cidr); + my $count=$_[2]; + my $hasip=$_[3]; + chomp($hasip); + my @iprange=(); + my %ccdhash=(); + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %ccdhash); + $iprange[0]=$ip1.".".$ip2.".".$ip3.".".2; + for (my $i=1;$i<=$count;$i++) { + my $tmpip=$iprange[$i-1]; + my $stepper=$i*4; + $iprange[$i]= &General::getnextip($tmpip,4); + } + my $r=0; + foreach my $key (keys %ccdhash) { + $r=0; + foreach my $tmp (@iprange){ + my ($net,$sub) = split (///,$ccdhash{$key}[33]); + if ($net eq $tmp) { + if ( $hasip ne $ccdhash{$key}[33] ){ + splice (@iprange,$r,1); + } + } + $r++; + } + } + return @iprange; +} + +sub fillselectbox +{ + my $boxname=$_[1]; + my ($ccdip,$subcidr) = split("/",$_[0]); + my $tz=$_[2]; + my @allccdips=&getccdadresses($ccdip,$subcidr,&ccdmaxclients($ccdip."/".$subcidr),$tz); + print"<select name='$boxname' STYLE='font-family : arial; font-size : 9pt; width:130px;' >"; + foreach (@allccdips) { + my $ip=$_."/30"; + chomp($ip); + print "<option value='$ip' "; + if ( $ip eq $cgiparams{$boxname} ){ + print"selected"; + } + print ">$ip</option>"; + } + print "</select>"; +} + +sub hostsinnet +{ + my $name=$_[0]; + my %ccdhash=(); + my $i=0; + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %ccdhash); + foreach my $key (keys %ccdhash) { + if ($ccdhash{$key}[32] eq $name){ $i++;} + } + return $i; +} + +sub check_routes_push +{ + my $val=$_[0]; + my ($ip,$cidr) = split (///, $val); + ##check for existing routes in routes_push + if (-e "${General::swroot}/ovpn/routes_push") { + open(FILE,"${General::swroot}/ovpn/routes_push"); + while (<FILE>) { + $_=~s/\s*$//g; + + my ($ip2,$cidr2) = split (///,"$_"); + my $val2=$ip2."/".&General::iporsubtodec($cidr2); + + if($val eq $val2){ + return 0; + } + #subnetcheck + if (&General::IpInSubnet ($ip,$ip2,&General::iporsubtodec($cidr2))){ + return 0; + } + }; + close(FILE); + } + return 1; +} + +sub check_ccdroute +{ + my %ccdroutehash=(); + my $val=$_[0]; + my ($ip,$cidr) = split (///, $val); + #check for existing routes in ccdroute + &General::readhasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + foreach my $key (keys %ccdroutehash) { + foreach my $i (1 .. $#{$ccdroutehash{$key}}) { + if (&General::iporsubtodec($val) eq $ccdroutehash{$key}[$i] && $ccdroutehash{$key}[0] ne $cgiparams{'NAME'}){ + return 0; + } + my ($ip2,$cidr2) = split (///,$ccdroutehash{$key}[$i]); + #subnetcheck + if (&General::IpInSubnet ($ip,$ip2,$cidr2)&& $ccdroutehash{$key}[0] ne $cgiparams{'NAME'} ){ + return 0; + } + } + } + return 1; +} +sub check_ccdconf +{ + my %ccdconfhash=(); + my $val=$_[0]; + my ($ip,$cidr) = split (///, $val); + #check for existing routes in ccdroute + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + foreach my $key (keys %ccdconfhash) { + if (&General::iporsubtocidr($val) eq $ccdconfhash{$key}[1]){ + return 0; + } + my ($ip2,$cidr2) = split (///,$ccdconfhash{$key}[1]); + #subnetcheck + if (&General::IpInSubnet ($ip,$ip2,&General::cidrtosub($cidr2))){ + return 0; + } + + } + return 1; +} + ### # m.a.d net2net ### @@ -451,6 +767,7 @@ sub read_routepushfile while (<FILE>) { $vpnsettings{'ROUTES_PUSH'} .= $_ }; close(FILE); $cgiparams{'ROUTES_PUSH'} = $vpnsettings{'ROUTES_PUSH'}; + } }
@@ -490,11 +807,11 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'} || &emptyserverlog(); } # #restart openvpn server - if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){ +# if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){ #workarund, till SIGHUP also works when running as nobody - system('/usr/local/bin/openvpnctrl', '-r'); - &emptyserverlog(); - } +# system('/usr/local/bin/openvpnctrl', '-r'); +# &emptyserverlog(); +# } }
### @@ -516,6 +833,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'}; $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'}; $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'}; + $vpnsettings{'PMTU_DISCOVERY'} = $cgiparams{'PMTU_DISCOVERY'}; my @temp=();
if ($cgiparams{'FRAGMENT'} eq '') { @@ -533,6 +851,17 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { } else { $vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'}; } + + if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') || + ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') || + ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) { + + if (($cgiparams{'MSSFIX'} eq 'on') || ($cgiparams{'FRAGMENT'} ne '')) { + $errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'}; + goto ADV_ERROR; + } + } + if ($cgiparams{'DHCP_DOMAIN'} ne ''){ unless (&General::validfqdn($cgiparams{'DHCP_DOMAIN'}) || &General::validip($cgiparams{'DHCP_DOMAIN'})) { $errormessage = $Lang::tr{'invalid input for dhcp domain'}; @@ -554,24 +883,47 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { if ($cgiparams{'ROUTES_PUSH'} ne ''){ @temp = split(/\n/,$cgiparams{'ROUTES_PUSH'}); undef $vpnsettings{'ROUTES_PUSH'}; - foreach (@temp) + + foreach my $tmpip (@temp) { s/^\s+//g; s/\s+$//g; - if ($_) + + if ($tmpip) { - unless (&General::validipandmask($_)) { - $errormessage = $Lang::tr{'ovpn errmsg invalid ip or mask'}; - goto ADV_ERROR; + $tmpip=~s/\s*$//g; + unless (&General::validipandmask($tmpip)) { + $errormessage = "$tmpip ".$Lang::tr{'ovpn errmsg invalid ip or mask'}; + goto ADV_ERROR; } - my ($ip, $cidr) = split("/",&General::ipcidr2msk($_)); + my ($ip, $cidr) = split("/",&General::ipcidr2msk($tmpip)); + if ($ip eq $netsettings{'GREEN_NETADDRESS'} && $cidr eq $netsettings{'GREEN_NETMASK'}) { $errormessage = $Lang::tr{'ovpn errmsg green already pushed'}; - goto ADV_ERROR; + goto ADV_ERROR; } - $vpnsettings{'ROUTES_PUSH'} .= $_."\n"; +# a.marx ccd + my %ccdroutehash=(); + &General::readhasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + foreach my $key (keys %ccdroutehash) { + foreach my $i (1 .. $#{$ccdroutehash{$key}}) { + if ( $ip."/".$cidr eq $ccdroutehash{$key}[$i] ){ + $errormessage="Route $ip/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ; + goto ADV_ERROR; + } + my ($ip2,$cidr2) = split(///,$ccdroutehash{$key}[$i]); + if (&General::IpInSubnet ($ip,$ip2,$cidr2)){ + $errormessage="Route $ip/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ; + goto ADV_ERROR; + } + } + } + +# ccd end + + $vpnsettings{'ROUTES_PUSH'} .= $tmpip."\n"; } - } - &write_routepushfile; + } + &write_routepushfile; undef $vpnsettings{'ROUTES_PUSH'}; } else { @@ -656,6 +1008,17 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";} if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; }; } + + # Check if a valid operating mode has been choosen and use it. + if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') || + ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') || + ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) { + if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) { + if($cgiparams{'MTU'} eq '1500') { + print SERVERCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n"; + } + } + } print SERVERCONF "# Auth. Server\n"; print SERVERCONF "tls-server\n"; print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; @@ -734,6 +1097,17 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";} if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; }; } + + # Check if a valid operating mode has been choosen and use it. + if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') || + ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') || + ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) { + if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) { + if ($cgiparams{'MTU'} eq '1500') { + print CLIENTCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n"; + } + } + }
print CLIENTCONF "ns-cert-type server\n"; print CLIENTCONF "# Auth. Client\n"; @@ -1571,29 +1945,26 @@ END my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk '{print $1}'`;
if ($confighash{$cgiparams{'KEY'}}) { + if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { + $confighash{$cgiparams{'KEY'}}[0] = 'on'; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
- - if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { - $confighash{$cgiparams{'KEY'}}[0] = 'on'; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); - - if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]); - } - - } else { + } + } else {
- $confighash{$cgiparams{'KEY'}}[0] = 'off'; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); + $confighash{$cgiparams{'KEY'}}[0] = 'off'; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
- if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ if ($n2nactive ne ''){ - system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]); - } + system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]); + }
- } else { + } else { $errormessage = $Lang::tr{'invalid key'}; - } + } } }
@@ -1665,6 +2036,15 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";} if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";} } + if (($confighash{$cgiparams{'KEY'}}[38] eq 'yes') || + ($confighash{$cgiparams{'KEY'}}[38] eq 'maybe') || + ($confighash{$cgiparams{'KEY'}}[38] eq 'no' )) { + if (($confighash{$cgiparams{'KEY'}}[23] ne 'on') || ($confighash{$cgiparams{'KEY'}}[24] eq '')) { + if ($tunmtu eq '1500' ) { + print CLIENTCONF "mtu-disc $confighash{$cgiparams{'KEY'}}[38]\n"; + } + } + } print CLIENTCONF "ns-cert-type server\n"; print CLIENTCONF "# Auth. Client\n"; print CLIENTCONF "tls-client\n"; @@ -1718,12 +2098,26 @@ else
my $zip = Archive::Zip->new();
- print CLIENTCONF "#OpenVPN Server conf\r\n"; + print CLIENTCONF "#OpenVPN Client conf\r\n"; print CLIENTCONF "tls-client\r\n"; print CLIENTCONF "client\r\n"; + print CLIENTCONF "nobind\n"; print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n"; print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n"; - print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; + + # Check if we are using fragment, mssfix or mtu-disc and set MTU to 1500 + # or use configured value. + if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) + { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; } + elsif ($vpnsettings{MSSFIX} eq 'on') + { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; } + elsif (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') || + ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') || + ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' )) + { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; } + else + { print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; } + if ( $vpnsettings{'ENABLED'} eq 'on'){ print CLIENTCONF "remote $vpnsettings{'VPN_IP'} $vpnsettings{'DDEST_PORT'}\r\n"; if ( $vpnsettings{'ENABLED_BLUE'} eq 'on' && (&haveBlueNet())){ @@ -1767,6 +2161,15 @@ else if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) { print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n"; } + + # Check if a valid operating mode has been choosen and use it. + if (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') || + ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') || + ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' )) { + if(($vpnsettings{MSSFIX} ne 'on') || ($vpnsettings{FRAGMENT} eq '')) { + print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\n"; + } + } close(CLIENTCONF);
$zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n"; @@ -1814,10 +2217,41 @@ else }
unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + +# A.Marx CCD delete ccd files and routes + + + if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]") + { + unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]"; + } + + &General::readhasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + foreach my $key (keys %ccdroutehash) { + if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){ + delete $ccdroutehash{$key}; + } + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + + &General::readhasharray("${General::swroot}/ovpn/ccdroute2", %ccdroute2hash); + foreach my $key (keys %ccdroute2hash) { + if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){ + delete $ccdroute2hash{$key}; + } + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute2", %ccdroute2hash); + &writeserverconf; + + +# CCD end + + delete $confighash{$cgiparams{'KEY'}}; my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); + #&writeserverconf(); } else { $errormessage = $Lang::tr{'invalid key'}; @@ -1884,9 +2318,11 @@ else %cgiparams = (); %cahash = (); %confighash = (); + my $disabled; &General::readhash("${General::swroot}/ovpn/settings", %cgiparams); read_routepushfile; - + + # if ($cgiparams{'CLIENT2CLIENT'} eq '') { # $cgiparams{'CLIENT2CLIENT'} = 'on'; # } @@ -1913,6 +2349,7 @@ ADV_ERROR: $checked{'MSSFIX'}{'off'} = ''; $checked{'MSSFIX'}{'on'} = ''; $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED'; + $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked='checked''; $selected{'LOG_VERB'}{'1'} = ''; $selected{'LOG_VERB'}{'2'} = ''; $selected{'LOG_VERB'}{'3'} = ''; @@ -1926,9 +2363,7 @@ ADV_ERROR: $selected{'LOG_VERB'}{'11'} = ''; $selected{'LOG_VERB'}{'0'} = ''; $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED'; - - - + &Header::showhttpheaders(); &Header::openpage($Lang::tr{'status ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', $errormessage); @@ -1940,8 +2375,8 @@ ADV_ERROR: } &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'}); print <<END - <form method='post' enctype='multipart/form-data'> - <table width='100%'> + <form method='post' enctype='multipart/form-data' disabled> + <table width='100%' border=0> <tr> <td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td> </tr> @@ -1950,7 +2385,7 @@ ADV_ERROR: </tr> <tr> <td class='base'>Domain</td> - <td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30' /></td> + <td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30' /></td> </tr> <tr> <td class='base'>DNS</td> @@ -1975,7 +2410,7 @@ if ($cgiparams{'ROUTES_PUSH'} ne '') print $cgiparams{'ROUTES_PUSH'}; }
-print <<END +print <<END; </textarea></td> </tr> </tr> @@ -1986,7 +2421,7 @@ print <<END <td class'base'><b>$Lang::tr{'misc-options'}</b></td> </tr> <tr> - <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='50%'></td> + <td width='20%'></td> <td width='15%'> </td><td width='15%'> </td><td width='15%'></td><td width='35%'></td> </tr> <tr> <td class='base'>Client-To-Client</td> @@ -2015,7 +2450,15 @@ print <<END <td class='base'>mssfix</td> <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td> <td>Default: on</td> - </tr> + </tr> + + <tr> + <td class='base'>$Lang::tr{'ovpn mtu-disc'}</td> + <td><input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'}</td> + <td><input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'}</td> + <td><input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'}</td> + <td><input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'}</td> + </tr> </table>
<!-- @@ -2057,8 +2500,30 @@ print <<END <option value='10' $selected{'LOG_VERB'}{'10'}>10</option> <option value='11' $selected{'LOG_VERB'}{'11'}>11</option> <option value='0' $selected{'LOG_VERB'}{'0'}>0</option></select></td> -</table> -<hr size='1'> +</table><hr> +END + +if ( -e "/var/run/openvpn.pid"){ +print" <br><b><font color='#990000'>$Lang::tr{'attention'}:</b></font><br> + $Lang::tr{'server restart'}<br><br> + <hr>"; + print<<END +<table width='100%'> +<tr> + <td> </td> + <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'save-adv-options'}' disabled='disabled' /></td> + <td allign='center'><input type='submit' name='ACTION' value='$Lang::tr{'cancel-adv-options'}' /></td> + <td> </td> +</tr> +</table> +</form> +END +; + + +}else{ + +print<<END <table width='100%'> <tr> <td> </td> @@ -2070,13 +2535,135 @@ print <<END </form> END ; - +} &Header::closebox(); # print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>"; &Header::closebigbox(); &Header::closepage(); exit(0); + +# A.Marx CCD Add,delete or edit CCD net + +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ccd net'} || + $cgiparams{'ACTION'} eq $Lang::tr{'ccd add'} || + $cgiparams{'ACTION'} eq "kill" || + $cgiparams{'ACTION'} eq "edit" || + $cgiparams{'ACTION'} eq 'editsave'){ + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'ccd net'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + + if ($cgiparams{'ACTION'} eq "kill"){ + &delccdnet($cgiparams{'net'}); + } + + if ($cgiparams{'ACTION'} eq 'editsave'){ + my ($a,$b) =split (/|/,$cgiparams{'ccdname'}); + if ( $a ne $b){ &modccdnet($a,$b);} + $cgiparams{'ccdname'}=''; + $cgiparams{'ccdsubnet'}=''; + } + + if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) { + &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'}); + } + if ($errormessage) { + &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); + print "<class name='base'>$errormessage"; + print " </class>"; + &Header::closebox(); + } +if ($cgiparams{'ACTION'} eq "edit"){ + + &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'}); + + print <<END + <table width='100%' border=0> + <tr><form method='post'> + <td width='10%' nowrap='nowrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td> + <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' readonly /></td></tr> + <tr><td colspan='4' align='right'><hr><input type='submit' value='$Lang::tr{'save'}' /><input type='hidden' name='ACTION' value='editsave'/> + <input type='hidden' name='ccdname' value='$cgiparams{'ccdname'}'/><input type='submit' value='$Lang::tr{'cancel'}' /> + </td></tr> + </table></form> +END +; + &Header::closebox(); + + &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} ); + print <<END + <table width='100%' border='0' cellpadding='0' cellspacing='1'> + <tr> + <td class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' width='15%' align='center'><b>$Lang::tr{'ccd used'}</td><td width='3%'></td><td width='3%'></td></tr> +END +; +} +else{ + if (! -e "/var/run/openvpn.pid"){ + &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd add'}); + print <<END; + <table width='100%' border='0'> + <tr><form method='post'> + <td colspan='4'>$Lang::tr{'ccd hint'}<br><br></td></tr> + <tr> + <td width='10%' nowrap='nwrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td> + <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' /></td></tr> + <tr><td colspan=4><hr /></td></tr><tr> + <td colspan='4' align='right'><input type='hidden' name='ACTION' value='$Lang::tr{'ccd add'}' /><input type='submit' value='$Lang::tr{'add'}' /><input type='hidden' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}'/></td></tr> + </table></form> +END + + &Header::closebox(); +} + &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} ); + if ( -e "/var/run/openvpn.pid"){ + print "<b>$Lang::tr{'attention'}:</b><br>"; + print "$Lang::tr{'ccd noaddnet'}<br><hr>"; + } + + print <<END + <table width='100%' border='0' cellpadding='0' cellspacing='1'> + <tr> + <td class='boldbase' align='center' nowrap='nowrap' width='20%'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center' width='8%'><b>$Lang::tr{'network'}</td><td class='boldbase' width='8%' align='center' nowrap='nowrap'><b>$Lang::tr{'ccd used'}</td><td width='1%' align='center'></td><td width='1%' align='center'></td></tr> +END +; +} + my %ccdconfhash=(); + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + my @ccdconf=(); + my $count=0; + foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) { + @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]); + $count++; + my $ccdhosts = &hostsinnet($ccdconf[0]); + if ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";} + else{ print" <tr bgcolor='$color{'color20'}'>";} + print"<td>$ccdconf[0]</td><td align='center'>$ccdconf[1]</td><td align='center'>$ccdhosts/".(&ccdmaxclients($ccdconf[1])+1)."</td><td>"; +print <<END + <form method='post' /> + <input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} /> + <input type='hidden' name='ACTION' value='edit'/> + <input type='hidden' name='ccdname' value='$ccdconf[0]' /> + <input type='hidden' name='ccdsubnet' value='$ccdconf[1]' /> + </form></td> + <form method='post' /> + <td><input type='hidden' name='ACTION' value='kill'/> + <input type='hidden' name='number' value='$count' /> + <input type='hidden' name='net' value='$ccdconf[0]' /> + <input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'remove'} title=$Lang::tr{'remove'} /></form></td></tr> +END +; + } + print "</table></form>"; + &Header::closebox(); + print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>"; + &Header::closebigbox(); + &Header::closepage(); + exit(0); + +#END CCD + ### ### Openvpn Connections Statistics ### @@ -2284,7 +2871,7 @@ if ( -s "${General::swroot}/ovpn/settings") {
print <<END <b>$Lang::tr{'connection type'}:</b><br /> - <table><form method='post' ENCTYPE="multipart/form-data"> + <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data"> <tr><td><input type='radio' name='TYPE' value='host' checked /></td> <td class='base'>$Lang::tr{'host to net vpn'}</td></tr> <tr><td><input type='radio' name='TYPE' value='net' /></td> @@ -2293,21 +2880,21 @@ if ( -s "${General::swroot}/ovpn/settings") { <td class='base'>$Lang::tr{'net to net vpn'} (Upload Client Package)</td></tr> <tr><td> </td><td class='base'><input type='file' name='FH' size='30'></td></tr> <tr><td> </td><td>Import Connection Name <img src='/blob.gif' /></td></tr> - <tr><td> </td><td class='base'><input type='text' name='n2nname' size='30'><td class='base'>Default : Client Packagename</td></td></tr> + <tr><td> </td><td class='base'><input type='text' name='n2nname' size='30'>Default : Client Packagename</td></tr> <tr><td colspan='3'><hr /></td></tr> - <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr> - <tr><td> </td></tr> + <tr><td align='right' colspan='3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr> <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' /> $Lang::tr{'this field may be blank'}</td></tr> </form></table> END ; +
} else { print <<END <b>$Lang::tr{'connection type'}:</b><br /> - <table><form method='post' ENCTYPE="multipart/form-data"> + <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data"> <tr><td><input type='radio' name='TYPE' value='host' checked /></td> <td class='base'>$Lang::tr{'host to net vpn'}</td></tr> - <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr> + <tr><td align='right' colspan'3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr> </form></table> END ; @@ -2450,6 +3037,7 @@ END my $complzoactive; my $mssfixactive; my $n2nfragment; +my @n2nmtudisc = split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]);; my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]); my @n2nproto = split(/-/, $n2nproto2[1]); my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]); @@ -2484,6 +3072,7 @@ $n2nremsub[2] =~ s/\n|\r//g; $n2nlocalsub[2] =~ s/\n|\r//g; $n2nfragment[1] =~ s/\n|\r//g; $n2nmgmt[2] =~ s/\n|\r//g; +$n2nmtudisc[1] =~ s/\n|\r//g; chomp ($complzoactive); chomp ($mssfixactive);
@@ -2537,26 +3126,28 @@ foreach my $dkey (keys %confighash) { $key = &General::findhasharraykey (%confighash);
- foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";} + foreach my $i (0 .. 39) { $confighash{$key}[$i] = "";} + $confighash{$key}[0] = 'off'; $confighash{$key}[1] = $n2nname[0]; - $confighash{$key}[2] = $n2nname[0]; + $confighash{$key}[2] = $n2nname[0]; $confighash{$key}[3] = 'net'; $confighash{$key}[4] = 'cert'; $confighash{$key}[6] = 'client'; $confighash{$key}[8] = $n2nlocalsub[2]; - $confighash{$key}[10] = $n2nremote[1]; - $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]"; + $confighash{$key}[10] = $n2nremote[1]; + $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]"; $confighash{$key}[22] = $n2nmgmt[2]; - $confighash{$key}[23] = $mssfixactive; + $confighash{$key}[23] = $mssfixactive; $confighash{$key}[24] = $n2nfragment[1]; - $confighash{$key}[25] = 'IPFire n2n Client'; + $confighash{$key}[25] = 'IPFire n2n Client'; $confighash{$key}[26] = 'red'; - $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0"; - $confighash{$key}[28] = $n2nproto[0]; - $confighash{$key}[29] = $n2nport[1]; - $confighash{$key}[30] = $complzoactive; - $confighash{$key}[31] = $n2ntunmtu[1]; + $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0"; + $confighash{$key}[28] = $n2nproto[0]; + $confighash{$key}[29] = $n2nport[1]; + $confighash{$key}[30] = $complzoactive; + $confighash{$key}[31] = $n2ntunmtu[1]; + $confighash{$key}[38] = $n2nmtudisc[1];
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); @@ -2594,6 +3185,7 @@ foreach my $dkey (keys %confighash) { <tr><td class='boldbase' nowrap='nowrap'>MSSFIX </td><td><b>$confighash{$key}[23]</b></td></tr> <tr><td class='boldbase' nowrap='nowrap'>Fragment </td><td><b>$confighash{$key}[24]</b></td></tr> <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td><td><b>$confighash{$key}[38]</b></td></tr> <tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr> <tr><td> </td><td> </td></tr> </table> @@ -2655,45 +3247,216 @@ if ($confighash{$cgiparams{'KEY'}}) { } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) || ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) || ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) { - + &General::readhash("${General::swroot}/ovpn/settings", %vpnsettings); &General::readhasharray("${General::swroot}/ovpn/caconfig", %cahash); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { - if (! $confighash{$cgiparams{'KEY'}}[0]) { - $errormessage = $Lang::tr{'invalid key'}; - goto VPNCONF_END; - } - $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0]; - $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1]; - $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3]; - $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; - $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5]; - $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6]; - $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8]; - $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10]; - $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11]; -# n2n m.a.d new fields - $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22]; - $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23]; - $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24]; - $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; - $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26]; -#new fields - $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27]; - $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28]; - $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29]; - $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30]; - $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31]; - -#new fields -#ab hiere error uebernehmen - - } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { + if (! $confighash{$cgiparams{'KEY'}}[0]) { + $errormessage = $Lang::tr{'invalid key'}; + goto VPNCONF_END; + } + $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0]; + $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1]; + $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3]; + $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; + $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5]; + $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6]; + $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8]; + $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10]; + $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11]; + $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22]; + $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23]; + $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24]; + $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; + $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26]; + $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27]; + $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28]; + $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29]; + $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30]; + $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31]; + $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32]; + $name=$cgiparams{'CHECK1'} ; + $cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33]; + $cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34]; + $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35]; + $cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36]; + $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37]; + $cgiparams{'PMTU_DISCOVERY'} = $confighash{$cgiparams{'KEY'}}[38]; + } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); - if ($cgiparams{'TYPE'} !~ /^(host|net)$/) { +#A.Marx CCD check iroute field and convert it to decimal +if ($cgiparams{'TYPE'} eq 'host') { + my @temp=(); + my %ccdroutehash=(); + my $keypoint=0; + my $ip; + my $cidr; + if ($cgiparams{'IR'} ne ''){ + @temp = split("\n",$cgiparams{'IR'}); + &General::readhasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + #find key to use + foreach my $key (keys %ccdroutehash) { + if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) { + $keypoint=$key; + delete $ccdroutehash{$key}; + }else{ + $keypoint = &General::findhasharraykey (%ccdroutehash); + } + } + $ccdroutehash{$keypoint}[0]=$cgiparams{'NAME'}; + my $i=1; + my $val=0; + foreach $val (@temp){ + chomp($val); + $val=~s/\s*$//g; + #check if iroute exists in ccdroute or if new iroute is part of an existing one + foreach my $key (keys %ccdroutehash) { + foreach my $oldiroute ( 1 .. $#{$ccdroutehash{$key}}){ + if ($ccdroutehash{$key}[$oldiroute] eq "$val") { + $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'}; + goto VPNCONF_ERROR; + } + my ($ip1,$cidr1) = split (///, $val); + $ip1 = &General::getnetworkip($ip1,&General::iporsubtocidr($cidr1)); + my ($ip2,$cidr2) = split (///, $ccdroutehash{$key}[$oldiroute]); + if (&General::IpInSubnet ($ip1,$ip2,$cidr2)){ + $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'}; + goto VPNCONF_ERROR; + } + + } + } + if (!&General::validipandmask($val)){ + $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)"; + goto VPNCONF_ERROR; + }else{ + ($ip,$cidr) = split(///,$val); + $ip=&General::getnetworkip($ip,&General::iporsubtocidr($cidr)); + $cidr=&General::iporsubtodec($cidr); + $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr; + + } + + #check for existing network IP's + if (&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0') + { + $errormessage=$Lang::tr{'ccd err green'}; + goto VPNCONF_ERROR; + }elsif(&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0') + { + $errormessage=$Lang::tr{'ccd err red'}; + goto VPNCONF_ERROR; + }elsif(&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '') + { + $errormessage=$Lang::tr{'ccd err blue'}; + goto VPNCONF_ERROR; + }elsif(&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' ) + { + $errormessage=$Lang::tr{'ccd err orange'}; + goto VPNCONF_ERROR; + } + + if (&General::validipandmask($val)){ + $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr; + }else{ + $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($ip/$cidr)"; + goto VPNCONF_ERROR; + } + $i++; + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + &writeserverconf; + }else{ + &General::readhasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + foreach my $key (keys %ccdroutehash) { + if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) { + delete $ccdroutehash{$key}; + &General::writehasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + &writeserverconf; + } + } + } + undef @temp; + #check route field and convert it to decimal + my $val=0; + my $i=1; + &General::readhasharray("${General::swroot}/ovpn/ccdroute2", %ccdroute2hash); + #find key to use + foreach my $key (keys %ccdroute2hash) { + if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) { + $keypoint=$key; + delete $ccdroute2hash{$key}; + }else{ + $keypoint = &General::findhasharraykey (%ccdroute2hash); + &General::writehasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + &writeserverconf; + } + } + $ccdroute2hash{$keypoint}[0]=$cgiparams{'NAME'}; + if ($cgiparams{'IFROUTE'} eq ''){$cgiparams{'IFROUTE'} = $Lang::tr{'ccd none'};} + @temp = split(/|/,$cgiparams{'IFROUTE'}); + my %ownnet=(); + &General::readhash("${General::swroot}/ethernet/settings", %ownnet); + foreach $val (@temp){ + chomp($val); + $val=~s/\s*$//g; + if ($val eq $Lang::tr{'green'}) + { + $val=$ownnet{GREEN_NETADDRESS}."/".$ownnet{GREEN_NETMASK}; + } + if ($val eq $Lang::tr{'blue'}) + { + $val=$ownnet{BLUE_NETADDRESS}."/".$ownnet{BLUE_NETMASK}; + } + if ($val eq $Lang::tr{'orange'}) + { + $val=$ownnet{ORANGE_NETADDRESS}."/".$ownnet{ORANGE_NETMASK}; + } + my ($ip,$cidr) = split (///, $val); + + if ($val ne $Lang::tr{'ccd none'}) + { + if (! &check_routes_push($val)){$errormessage=$errormessage."Route $val ".$Lang::tr{'ccd err routeovpn2'}." ($val)";goto VPNCONF_ERROR;} + if (! &check_ccdroute($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err inuse'}." ($val)" ;goto VPNCONF_ERROR;} + if (! &check_ccdconf($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err routeovpn'}." ($val)";goto VPNCONF_ERROR;} + if (&General::validipandmask($val)){ + $val=$ip."/".&General::iporsubtodec($cidr); + $ccdroute2hash{$keypoint}[$i] = $val; + }else{ + $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)"; + goto VPNCONF_ERROR; + } + }else{ + $ccdroute2hash{$keypoint}[$i]=''; + } + $i++; + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute2", %ccdroute2hash); + + #check dns1 ip + if ($cgiparams{'CCD_DNS1'} ne '' && ! &General::validip($cgiparams{'CCD_DNS1'})) { + $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 1"; + goto VPNCONF_ERROR; + } + #check dns2 ip + if ($cgiparams{'CCD_DNS2'} ne '' && ! &General::validip($cgiparams{'CCD_DNS2'})) { + $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 2"; + goto VPNCONF_ERROR; + } + #check wins ip + if ($cgiparams{'CCD_WINS'} ne '' && ! &General::validip($cgiparams{'CCD_WINS'})) { + $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp wins'}; + goto VPNCONF_ERROR; + } +} + +#CCD End + + + if ($cgiparams{'TYPE'} !~ /^(host|net)$/) { $errormessage = $Lang::tr{'connection type is invalid'}; if ($cgiparams{'TYPE'} eq 'net') { unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; @@ -2771,6 +3534,22 @@ if ($cgiparams{'TYPE'} eq 'net') { goto VPNCONF_ERROR; }
+ if ($cgiparams{'PMTU_DISCOVERY'} ne 'off') { + if (($cgiparams{'FRAGMENT'} ne '') || ($cgiparams{'MSSFIX'} eq 'on')) { + $errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } + } + + if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') && ($cgiparams{'MTU'} ne '1500')) { + $errormessage = $Lang::tr{'ovpn mtu-disc and mtu not 1500'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } + if ( &validdotmask ($cgiparams{'LOCAL_SUBNET'})) { $errormessage = $Lang::tr{'openvpn prefix local subnet'}; unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; @@ -3143,45 +3922,124 @@ if ($cgiparams{'TYPE'} eq 'net') {
# Save the config my $key = $cgiparams{'KEY'}; + if (! $key) { $key = &General::findhasharraykey (%confighash); - foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";} + foreach my $i (0 .. 38) { $confighash{$key}[$i] = "";} } - $confighash{$key}[0] = $cgiparams{'ENABLED'}; - $confighash{$key}[1] = $cgiparams{'NAME'}; + $confighash{$key}[0] = $cgiparams{'ENABLED'}; + $confighash{$key}[1] = $cgiparams{'NAME'}; if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') { - $confighash{$key}[2] = $cgiparams{'CERT_NAME'}; + $confighash{$key}[2] = $cgiparams{'CERT_NAME'}; } - $confighash{$key}[3] = $cgiparams{'TYPE'}; + + $confighash{$key}[3] = $cgiparams{'TYPE'}; if ($cgiparams{'AUTH'} eq 'psk') { - $confighash{$key}[4] = 'psk'; - $confighash{$key}[5] = $cgiparams{'PSK'}; + $confighash{$key}[4] = 'psk'; + $confighash{$key}[5] = $cgiparams{'PSK'}; } else { - $confighash{$key}[4] = 'cert'; + $confighash{$key}[4] = 'cert'; } if ($cgiparams{'TYPE'} eq 'net') { - $confighash{$key}[6] = $cgiparams{'SIDE'}; - $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; + $confighash{$key}[6] = $cgiparams{'SIDE'}; + $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; } - $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; - $confighash{$key}[10] = $cgiparams{'REMOTE'}; + $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; + $confighash{$key}[10] = $cgiparams{'REMOTE'}; if ($cgiparams{'OVPN_MGMT'} eq '') { - $confighash{$key}[22] = $confighash{$key}[29]; + $confighash{$key}[22] = $confighash{$key}[29]; } else { - $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'}; + $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'}; } - $confighash{$key}[23] = $cgiparams{'MSSFIX'}; - $confighash{$key}[24] = $cgiparams{'FRAGMENT'}; - $confighash{$key}[25] = $cgiparams{'REMARK'}; - $confighash{$key}[26] = $cgiparams{'INTERFACE'}; + $confighash{$key}[23] = $cgiparams{'MSSFIX'}; + $confighash{$key}[24] = $cgiparams{'FRAGMENT'}; + $confighash{$key}[25] = $cgiparams{'REMARK'}; + $confighash{$key}[26] = $cgiparams{'INTERFACE'}; # new fields - $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'}; - $confighash{$key}[28] = $cgiparams{'PROTOCOL'}; - $confighash{$key}[29] = $cgiparams{'DEST_PORT'}; - $confighash{$key}[30] = $cgiparams{'COMPLZO'}; - $confighash{$key}[31] = $cgiparams{'MTU'}; -# new fileds + $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'}; + $confighash{$key}[28] = $cgiparams{'PROTOCOL'}; + $confighash{$key}[29] = $cgiparams{'DEST_PORT'}; + $confighash{$key}[30] = $cgiparams{'COMPLZO'}; + $confighash{$key}[31] = $cgiparams{'MTU'}; + $confighash{$key}[32] = $cgiparams{'CHECK1'}; + $name=$cgiparams{'CHECK1'}; + $confighash{$key}[33] = $cgiparams{$name}; + $confighash{$key}[34] = $cgiparams{'RG'}; + $confighash{$key}[35] = $cgiparams{'CCD_DNS1'}; + $confighash{$key}[36] = $cgiparams{'CCD_DNS2'}; + $confighash{$key}[37] = $cgiparams{'CCD_WINS'}; + $confighash{$key}[38] = $cgiparams{'PMTU_DISCOVERY'}; + + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); + + if ($cgiparams{'CHECK1'} ){ + + my ($ccdip,$ccdsub)=split "/",$cgiparams{$name}; + my ($a,$b,$c,$d) = split (/./,$ccdip); + if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){ + unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}"; + } + open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!"; + print CCDRWCONF "# OpenVPN clientconfig from ccd extension by Copymaster#\n\n"; + if($cgiparams{'CHECK1'} eq 'dynamic'){ + print CCDRWCONF "#This client uses the dynamic pool\n"; + }else{ + print CCDRWCONF "#Ip address client and server\n"; + print CCDRWCONF "ifconfig-push $ccdip ".&General::getlastip($ccdip,1)."\n"; + } + if ($confighash{$key}[34] eq 'on'){ + print CCDRWCONF "\n#Redirect Gateway: \n#All IP traffic is redirected through the vpn \n"; + print CCDRWCONF "push redirect-gateway\n"; + } + &General::readhasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + if ($cgiparams{'IR'} ne ''){ + print CCDRWCONF "\n#Client routes these networks (behind Client)\n"; + foreach my $key (keys %ccdroutehash){ + if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}){ + foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){ + my ($a,$b)=split (///,$ccdroutehash{$key}[$i]); + print CCDRWCONF "iroute $a $b\n"; + } + } + } + } + if ($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} ){$cgiparams{'IFROUTE'}='';} + if ($cgiparams{'IFROUTE'} ne ''){ + print CCDRWCONF "\n#Client gets routes to these networks (behind IPFire)\n"; + foreach my $key (keys %ccdroute2hash){ + if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){ + foreach my $i ( 1 .. $#{$ccdroute2hash{$key}}){ + if($ccdroute2hash{$key}[$i] eq $Lang::tr{'blue'}){ + my %blue=(); + &General::readhash("${General::swroot}/ethernet/settings", %blue); + print CCDRWCONF "push "route $blue{BLUE_ADDRESS} $blue{BLUE_NETMASK}\n"; + }elsif($ccdroute2hash{$key}[$i] eq $Lang::tr{'orange'}){ + my %orange=(); + &General::readhash("${General::swroot}/ethernet/settings", %orange); + print CCDRWCONF "push "route $orange{ORANGE_ADDRESS} $orange{ORANGE_NETMASK}\n"; + }else{ + my ($a,$b)=split (///,$ccdroute2hash{$key}[$i]); + print CCDRWCONF "push "route $a $b"\n"; + } + } + } + } + } + if(($cgiparams{'CCD_DNS1'} eq '') && ($cgiparams{'CCD_DNS1'} ne '')){ $cgiparams{'CCD_DNS1'} = $cgiparams{'CCD_DNS2'};$cgiparams{'CCD_DNS2'}='';} + if($cgiparams{'CCD_DNS1'} ne ''){ + print CCDRWCONF "\n#Client gets these nameservers\n"; + print CCDRWCONF "push "dhcp-option DNS $cgiparams{'CCD_DNS1'}" \n"; + } + if($cgiparams{'CCD_DNS2'} ne ''){ + print CCDRWCONF "push "dhcp-option DNS $cgiparams{'CCD_DNS2'}" \n"; + } + if($cgiparams{'CCD_WINS'} ne ''){ + print CCDRWCONF "\n#Client gets this WINS server\n"; + print CCDRWCONF "push "dhcp-option WINS $cgiparams{'CCD_WINS'}" \n"; + } + close CCDRWCONF; + }
### # m.a.d n2n begin @@ -3221,6 +4079,7 @@ if ($cgiparams{'TYPE'} eq 'net') { ### $cgiparams{'MSSFIX'} = 'on'; $cgiparams{'FRAGMENT'} = '1300'; + $cgiparams{'PMTU_DISCOVERY'} = 'off'; ### # m.a.d n2n end ### @@ -3280,6 +4139,8 @@ if ($cgiparams{'TYPE'} eq 'net') { $checked{'MSSFIX'}{'on'} = ''; $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
+ $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked='checked''; +
if (1) { &Header::showhttpheaders(); @@ -3308,12 +4169,17 @@ if ($cgiparams{'TYPE'} eq 'net') { }
&Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:"); - print "<table width='100%'>\n"; - print "<tr><td width='25%' class='boldbase'>$Lang::tr{'name'}:</td>"; + print "<table width='100%' border='0'>\n"; + + + + print "<tr><td width='14%' class='boldbase'>$Lang::tr{'name'}: </td>"; + if ($cgiparams{'TYPE'} eq 'host') { if ($cgiparams{'KEY'}) { - print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>\n"; + print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>"; } else { + print "<td width='35%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' size='30' /></td>"; } # print "<tr><td>$Lang::tr{'interface'}</td>"; @@ -3333,6 +4199,9 @@ if ($cgiparams{'TYPE'} eq 'net') { } else { print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>"; } + + + print <<END <td width='25%'> </td> <td width='25%'> </td></tr> @@ -3373,47 +4242,73 @@ if ($cgiparams{'TYPE'} eq 'net') { <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td> <td colspan='2'>$Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}</span></td>
+ <tr> + <td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td> + <td colspan='3'> + <input type='radio' name='PMTU_DISCOVERY' value='yes' $checked{'PMTU_DISCOVERY'}{'yes'} /> $Lang::tr{'ovpn mtu-disc yes'} + <input type='radio' name='PMTU_DISCOVERY' value='maybe' $checked{'PMTU_DISCOVERY'}{'maybe'} /> $Lang::tr{'ovpn mtu-disc maybe'} + <input type='radio' name='PMTU_DISCOVERY' value='no' $checked{'PMTU_DISCOVERY'}{'no'} /> $Lang::tr{'ovpn mtu-disc no'} + <input type='radio' name='PMTU_DISCOVERY' value='off' $checked{'PMTU_DISCOVERY'}{'off'} /> $Lang::tr{'ovpn mtu-disc off'} + </td> + </tr> + END - ; +; } - +#jumper print "<tr><td class='boldbase'>$Lang::tr{'remark title'} <img src='/blob.gif' /></td>"; - print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr>"; + print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr></table>"; if ($cgiparams{'TYPE'} eq 'host') { + print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>"; + }
- print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>\n"; - } - -# if ($cgiparams{'KEY'}) { -# print "<td colspan='3'> </td></tr></table>"; -# } else { -# print "<td colspan='3'><input type='checkbox' name='EDIT_ADVANCED' $checked{'EDIT_ADVANCED'}{'on'} /> $Lang::tr{'edit advanced settings when done'}</tr></table>"; -# } -# }else{ - print "<td colspan='3'> </td></tr></table>"; -# } - - - + print"</tr></table><br><br>"; +#A.Marx CCD new client +if ($cgiparams{'TYPE'} eq 'host') { + print "<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td colspan='3'><hr><br><b>$Lang::tr{'ccd choose net'}</td></tr><tr><td height='20' colspan='3'></td></tr>"; + my %vpnnet=(); + my $vpnip; + &General::readhash("${General::swroot}/ovpn/settings", %vpnnet); + $vpnip=$vpnnet{'DOVPN_SUBNET'}; + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + my @ccdconf=(); + my $count=0; + my $checked; + $checked{'check1'}{'off'} = ''; + $checked{'check1'}{'on'} = ''; + $checked{'check1'}{$cgiparams{'CHECK1'}} = 'CHECKED'; + print"<tr><td align='center' width='1%' valign='top'><input type='radio' name='CHECK1' value='dynamic' checked /></td><td align='left' valign='top' width='35%'>$Lang::tr{'ccd dynrange'} ($vpnip)</td><td width='30%'>"; + print"</td></tr></table><br><br>"; + my $name=$cgiparams{'CHECK1'}; + $checked{'RG'}{$cgiparams{'RG'}} = 'CHECKED'; + + if (! -z "${General::swroot}/ovpn/ccd.conf"){ + print"<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td width='1%'></td><td width='30%' class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td width='15%' class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' align='center' width='18%'><b>$Lang::tr{'ccd clientip'}</td></tr>"; + foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) { + $count++; + @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]); + if ($count % 2){print"<tr bgcolor='$color{'color22'}'>";}else{print"<tr bgcolor='$color{'color20'}'>";} + print"<td align='center' width='1%'><input type='radio' name='CHECK1' value='$ccdconf[0]' $checked{'check1'}{$ccdconf[0]}/></td><td>$ccdconf[0]</td><td width='40%' align='center'>$ccdconf[1]</td><td align='left' width='10%'>"; + &fillselectbox($ccdconf[1],$ccdconf[0],$cgiparams{$name}); + print"</td></tr>"; + } + print "</table><br><br><hr><br><br>"; + } +} +# ccd end &Header::closebox(); - if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') { - # &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'}); - # print <<END - # <table width='100%' cellpadding='0' cellspacing='5' border='0'> - # <tr><td class='base' width='50%'>$Lang::tr{'use a pre-shared key'}</td> - # <td class='base' width='50%'><input type='text' name='PSK' size='30' value='$cgiparams{'PSK'}' /></td></tr> - # </table> -END - # ; - # &Header::closebox(); - } elsif (! $cgiparams{'KEY'}) { + + } elsif (! $cgiparams{'KEY'}) { + + my $disabled=''; my $cakeydisabled=''; my $cacrtdisabled=''; if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" }; if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" }; + &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'});
@@ -3510,8 +4405,127 @@ END ### ; &Header::closebox(); + }
+#A.Marx CCD new client +if ($cgiparams{'TYPE'} eq 'host') { + print"<br><br>"; + &Header::openbox('100%', 'LEFT', "$Lang::tr{'ccd client options'}:"); + + + print <<END; + <table border='0' width='100%'> + <tr><td width='20%'>Redirect Gateway:</td><td colspan='3'><input type='checkbox' name='RG' $checked{'RG'}{'on'} /></td></tr> + <tr><td colspan='4'><b><br>$Lang::tr{'ccd routes'}</b></td></tr> + <tr><td colspan='4'> </td></tr> + <tr><td valign='top'>$Lang::tr{'ccd iroute'}</td><td align='left' width='30%'><textarea name='IR' cols='26' rows='6' wrap='off'> +END + + if ($cgiparams{'IR'} ne ''){ + print $cgiparams{'IR'}; + }else{ + &General::readhasharray ("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + foreach my $key (keys %ccdroutehash) { + if( $cgiparams{'NAME'} eq $ccdroutehash{$key}[0]){ + foreach my $i (1 .. $#{$ccdroutehash{$key}}) { + if ($ccdroutehash{$key}[$i] ne ''){ + print $ccdroutehash{$key}[$i]."\n"; + } + $cgiparams{'IR'} .= $ccdroutehash{$key}[$i]; + } + } + } + } + + print <<END; +</textarea></td><td valign='top' colspan='2'>$Lang::tr{'ccd iroutehint'}</td></tr> + <tr><td colspan='4'><br></td></tr> + <tr><td valign='top' rowspan='3'>$Lang::tr{'ccd iroute2'}</td><td align='left' valign='top' rowspan='3'><select name='IFROUTE' style="width: 205px"; size='6' multiple> +END + + my $set=0; + my $selorange=0; + my $selblue=0; + my $selgreen=0; + my $helpblue=0; + my $helporange=0; + my $other=0; + my $none=0; + my @temp=(); + + our @current = (); + open(FILE, "${General::swroot}/main/routing") ; + @current = <FILE>; + close (FILE); + &General::readhasharray ("${General::swroot}/ovpn/ccdroute2", %ccdroute2hash); + #check for "none" + foreach my $key (keys %ccdroute2hash) { + if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){ + if ($ccdroute2hash{$key}[1] eq ''){ + $none=1; + last; + } + } + } + if ($none ne '1'){ + print"<option>$Lang::tr{'ccd none'}</option>"; + }else{ + print"<option selected>$Lang::tr{'ccd none'}</option>"; + } + #check if static routes are defined for client + foreach my $line (@current) { + chomp($line); + $line=~s/\s*$//g; # remove newline + @temp=split(/,/,$line); + $temp[1] = '' unless defined $temp[1]; # not always populated + my ($a,$b) = split(///,$temp[1]); + $temp[1] = $a."/".&General::iporsubtocidr($b); + foreach my $key (keys %ccdroute2hash) { + if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){ + foreach my $i (1 .. $#{$ccdroute2hash{$key}}) { + if($ccdroute2hash{$key}[$i] eq $a."/".&General::iporsubtodec($b)){ + $set=1; + } + } + } + } + if ($set == '1' && $#temp != -1){ print"<option selected>$temp[1]</option>";$set=0;}elsif($set == '0' && $#temp != -1){print"<option>$temp[1]</option>";} + } + #check if green,blue,orange are defined for client + foreach my $key (keys %ccdroute2hash) { + if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){ + $other=1; + foreach my $i (1 .. $#{$ccdroute2hash{$key}}) { + if ($ccdroute2hash{$key}[$i] eq $netsettings{'GREEN_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'GREEN_NETMASK'})){ + $selgreen=1; + } + if (&haveBlueNet()){ + if( $ccdroute2hash{$key}[$i] eq $netsettings{'BLUE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'BLUE_NETMASK'})) { + $selblue=1; + } + } + if (&haveOrangeNet()){ + if( $ccdroute2hash{$key}[$i] eq $netsettings{'ORANGE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'ORANGE_NETMASK'}) ) { + $selorange=1; + } + } + } + } + } + if (&haveBlueNet() && $selblue == '1'){ print"<option selected>$Lang::tr{'blue'}</option>";$selblue=0;}elsif(&haveBlueNet() && $selblue == '0'){print"<option>$Lang::tr{'blue'}</option>";} + if (&haveOrangeNet() && $selorange == '1'){ print"<option selected>$Lang::tr{'orange'}</option>";$selorange=0;}elsif(&haveOrangeNet() && $selorange == '0'){print"<option>$Lang::tr{'orange'}</option>";} + if ($selgreen == '1' || $other == '0'){ print"<option selected>$Lang::tr{'green'}</option>";$set=0;}else{print"<option>$Lang::tr{'green'}</option>";}; + + print<<END + </select></td><td valign='top'>DNS1:</td><td valign='top'><input type='TEXT' name='CCD_DNS1' value='$cgiparams{'CCD_DNS1'}' size='30' /></td></tr> + <tr valign='top'><td>DNS2:</td><td><input type='TEXT' name='CCD_DNS2' value='$cgiparams{'CCD_DNS2'}' size='30' /></td></tr> + <tr valign='top'><td valign='top'>WINS:</td><td><input type='TEXT' name='CCD_WINS' value='$cgiparams{'CCD_WINS'}' size='30' /></td></tr></table><br><hr> + +END +; + &Header::closebox(); +} print "<div align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />"; if ($cgiparams{'KEY'}) { # print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced'}' />"; @@ -3538,24 +4552,21 @@ END my @status = `/bin/cat /var/log/ovpnserver.log`;
if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") { - if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) { - my $ipaddr = <IPADDR>; - close IPADDR; - chomp ($ipaddr); - $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/./, $ipaddr)), 2))[0]; - if ($cgiparams{'VPN_IP'} eq '') { - $cgiparams{'VPN_IP'} = $ipaddr; - } - } + if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) { + my $ipaddr = <IPADDR>; + close IPADDR; + chomp ($ipaddr); + $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/./, $ipaddr)), 2))[0]; + if ($cgiparams{'VPN_IP'} eq '') { + $cgiparams{'VPN_IP'} = $ipaddr; + } + } }
#default setzen if ($cgiparams{'DCIPHER'} eq '') { $cgiparams{'DCIPHER'} = 'BF-CBC'; } -# if ($cgiparams{'DCOMPLZO'} eq '') { -# $cgiparams{'DCOMPLZO'} = 'on'; -# } if ($cgiparams{'DDEST_PORT'} eq '') { $cgiparams{'DDEST_PORT'} = '1194'; } @@ -3565,8 +4576,7 @@ END if ($cgiparams{'DOVPN_SUBNET'} eq '') { $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0'; } - - $checked{'ENABLED'}{'off'} = ''; + $checked{'ENABLED'}{'off'} = ''; $checked{'ENABLED'}{'on'} = ''; $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED'; $checked{'ENABLED_BLUE'}{'off'} = ''; @@ -3626,8 +4636,8 @@ END $activeonrun = "disabled='disabled'"; } &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'}); - print <<END - <table width='100%'> + print <<END + <table width='100%' border=0> <form method='post'> <td width='25%'> </td> <td width='25%'> </td> @@ -3635,7 +4645,7 @@ END <tr><td class='boldbase'>$Lang::tr{'ovpn server status'}</td> <td align='left'>$sactive</td> <tr><td class='boldbase'>$Lang::tr{'ovpn on red'}</td> - <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td> + <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td> END ; if (&haveBlueNet()) { @@ -3674,18 +4684,20 @@ END <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC</option> <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-128-CBC</option> <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-192-CBC</option> - <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td> + <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td></tr> + <tr><td colspan='4'><hr /></td></tr> END ;
if ( $srunning eq "yes" ) { - print "<tr><td align='left'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' disabled='disabled' /></td>"; - print "<td><input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' disabled='disabled'/></td>"; - print "<td><input type='submit' name='ACTION' value='$Lang::tr{'stop ovpn server'}' /></td>"; - print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' /></td></tr>"; + print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' disabled='disabled' />"; + print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />"; + print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />"; + print "<input type='submit' name='ACTION' value='$Lang::tr{'stop ovpn server'}' /></td></tr>"; } else{ - print "<tr><td align='left'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>"; - print "<td><input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' /></td>"; + print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />"; + print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />"; + print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />"; if (( -e "${General::swroot}/ovpn/ca/cacert.pem" && -e "${General::swroot}/ovpn/ca/dh1024.pem" && -e "${General::swroot}/ovpn/certs/servercert.pem" && @@ -3693,11 +4705,9 @@ END (( $cgiparams{'ENABLED'} eq 'on') || ( $cgiparams{'ENABLED_BLUE'} eq 'on') || ( $cgiparams{'ENABLED_ORANGE'} eq 'on'))){ - print "<td><input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' /></td>"; - print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' /></td></tr>"; + print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' /></td></tr>"; } else { - print "<td><input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' disabled='disabled' /></td>"; - print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' disabled='disabled' /></td></tr>"; + print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' disabled='disabled' /></td></tr>"; } } print "</form></table>"; @@ -3829,18 +4839,19 @@ END </tr> </table> END - ; +; } - print <<END - <form method='post' enctype='multipart/form-data'> - <table width='100%' border='0' cellspacing='1' cellpadding='0'> - <tr><td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td> - <td nowrap='nowrap'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' /> - <td nowrap='nowrap'><input type='file' name='FH' size='30' /></td> - <td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /><br /><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td> - </tr></table></form> + +print <<END +<form method='post' enctype='multipart/form-data'> +<table width='100%' border='0'> +<tr><td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td><td nowrap='nowrap' width='8%'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'/></td><td nowrap='nowrap' align='right'><input type='file' name='FH' size='25' /><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /></td></tr> +<tr><td colspan='4'><hr /></td></tr> +<tr align='right'><td colspan='4' align='right' width='80%'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td></tr> +</table> END - ; +; +
&Header::closebox(); if ( $srunning eq "yes" ) { @@ -3863,8 +4874,7 @@ END <tr> <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td> <td width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></td> - <td width='18%' class='boldbase' align='center'><b>$Lang::tr{'common name'}</b></td> - <td width='22%' class='boldbase' align='center'><b>$Lang::tr{'valid till'}</b></td> + <td width='22%' class='boldbase' align='center'><b>$Lang::tr{'network'}</b></td> <td width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td> <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></td> <td width='5%' class='boldbase' colspan='6' align='center'><b>$Lang::tr{'action'}</b></td> @@ -3883,15 +4893,17 @@ END } print "<td align='center' nowrap='nowrap'>$confighash{$key}[1]</td>"; print "<td align='center' nowrap='nowrap'>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>"; - if ($confighash{$key}[4] eq 'cert') { - print "<td align='left' nowrap='nowrap'>$confighash{$key}[2]</td>"; - } else { - print "<td align='left'> </td>"; - } + #if ($confighash{$key}[4] eq 'cert') { + #print "<td align='left' nowrap='nowrap'>$confighash{$key}[2]</td>"; + #} else { + #print "<td align='left'> </td>"; + #} my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`; $cavalid =~ /Not After : (.*)[\n]/; $cavalid = $1; - print "<td align='center'>$cavalid</td>"; + if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]="net-2-net";} + if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'host' ){$confighash{$key}[32]="dynamic";} + print "<td align='center'>$confighash{$key}[32]</td>"; print "<td align='center'>$confighash{$key}[25]</td>";
my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>"; @@ -4029,7 +5041,7 @@ END # If the config file contains entries, print Key to action icons if ( $id ) { print <<END - <table> + <table border='0'> <tr> <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td> <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td> @@ -4050,7 +5062,7 @@ END <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td> <td class='base'>$Lang::tr{'dl client arch'}</td> </tr> - </table> + </table><hr> END ; } @@ -4058,8 +5070,8 @@ END print <<END <table width='100%'> <form method='post'> - <tr><td width='50%' ><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td> - <td width='50%' ><input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td></tr> + <tr><td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /> + <input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td></tr> </form> </table> END diff --git a/html/cgi-bin/routing.cgi b/html/cgi-bin/routing.cgi index 86e0429..afcd388 100644 --- a/html/cgi-bin/routing.cgi +++ b/html/cgi-bin/routing.cgi @@ -118,6 +118,8 @@ if ($settings{'ACTION'} eq $Lang::tr{'toggle enable disable'}) { }
if ($settings{'ACTION'} eq $Lang::tr{'add'}) { + # Convert subnet masks to CIDR notation. + $settings{'IP'} = &General::iporsubtocidr($settings{'IP'});
# Validate inputs if (( !&General::validip($settings{'IP'})) and ( !&General::validipandmask($settings{'IP'}))){ @@ -443,4 +445,4 @@ sub SortDataFile # sub BuildConfiguration { system '/usr/local/bin/rebuildroutes'; -} \ No newline at end of file +} diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi old mode 100644 new mode 100755 index 0fb7c93..24aeb6d --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -1415,6 +1415,14 @@ END goto VPNCONF_ERROR; }
+ + if ($cgiparams{'TYPE'} eq 'net'){ + $errormessage=&General::checksubnets($cgiparams{'NAME'},$cgiparams{'REMOTE_SUBNET'}); + if ($errormessage ne ''){ + goto VPNCONF_ERROR; + } + + } if ($cgiparams{'AUTH'} eq 'psk') { if (! length($cgiparams{'PSK'}) ) { $errormessage = $Lang::tr{'pre-shared key is too short'}; diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index f686c30..05e1d85 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -351,6 +351,7 @@ 'arp table entries' => 'Einträge der ARP-Tabelle:', 'artist' => 'Künstler', 'attemps' => 'Versuche', +'attention' => 'ACHTUNG', 'august' => 'August', 'authentication' => 'Authentifizierung:', 'automatic' => 'Automatisch', @@ -455,6 +456,44 @@ 'capsopen' => 'VERBUNDEN', 'capswarning' => 'WARNUNG', 'caption' => 'Legende', +'ccd add' => 'Netzwerk hinzufügen', +'ccd choose net' => 'Netzwerk auswählen', +'ccd client options' => 'Erweiterte Client-Optionen', +'ccd clientip' => 'Hostadresse', +'ccd dynrange' => 'Dynamischer OpenVPN IP-Addressen-Pool', +'ccd err blue' => 'Das ist das BLAUE Subnetz.', +'ccd err green' => 'Das ist das GRÜNE Subnetz.', +'ccd err hostinnet' => 'Das Netzwerk kann nicht gelöscht werden, da sich in ihm noch Clients befinden.', +'ccd err inuse' => 'Wird bereits von einem anderen Client genutzt.', +'ccd err invalidname' => 'Ungültiger Name. Erlaubte Zeichen: A-Z, a-z, Bindestrich und Leerzeichen.', +'ccd err invalidnet' => 'Ungültige IP-Addresse. Format: 192.168.0.0/24 oder 192.168.0.0/255.255.255.0.', +'ccd err iroute' => 'Netzadresse für Route ungültig.', +'ccd err irouteexist' => 'Diese Route wird bereits verwendet.', +'ccd err isipsecnet' => 'Diese Subnetzadresse wird bereits für ein IPsec-Netzwerk verwendet.', +'ccd err isovpnnet' => 'Subnetzadresse wird für bereits für den OpenVPN-Server verwendet!', +'ccd err issubnet' => 'Subnetzadresse wird bereits verwendet.', +'ccd err name' => 'Es muss ein Name angegeben werden.', +'ccd err nameexist' => 'Name existiert bereits.', +'ccd err netadr' => 'Subnetzadresse ist ungültig oder Bereich zu groß.', +'ccd err netadrexist' => 'Netwerk existiert bereits.', +'ccd err orange' => 'Das ist das ORANGE Subnetz.', +'ccd err red' => 'Das ist das ROTE Subnetz.', +'ccd err routeovpn' => 'Wird vom OpenVPN-Server genutzt.', +'ccd err routeovpn2' => 'Wird bereits vom OpenVPN-Server verteilt.', +'ccd hint' => 'Auf dieser Seite können statische Netzwerke definiert werden, von denen Roadwarrior-Clients feste Adressen zugewiesen bekommen können.', +'ccd invalid' => 'ist ungültig.', +'ccd iroute' => 'IPFire hat Zugriff auf diese Netzwerke auf Clientseite: ', +'ccd iroute2' => 'Client hat Zugriff auf diese Netzwerke auf IPFire-Seite: ', +'ccd iroutehint' => 'Achtung! Wenn Sie diese Einstellungen ändern, muss der OpenVPN Server neu gestartet werden!', +'ccd maxclients' => 'Mögliche Adressen', +'ccd modify' => 'Netzwerk ändern', +'ccd name' => 'Name', +'ccd net' => 'Statische IP-Adressen-Pools', +'ccd noaddnet' => 'Neue statische Netze können erst erstellt werden, wenn der openVPN Server gestoppt wurde.', +'ccd none' => 'Keine', +'ccd routes' => 'Routen:', +'ccd subnet' => 'Subnetz', +'ccd used' => 'Genutzte Adressen', 'cert' => 'Zertifikat', 'certificate' => 'Zertifikat', 'certificate authorities' => 'Zertifizierungsstellen (CAs)', @@ -1350,6 +1389,13 @@ 'ovpn errmsg green already pushed' => 'Route für grünes Netzwerk wird immer gesetzt', 'ovpn errmsg invalid ip or mask' => 'Ungültige Netzwerk-Adresse oder Subnetzmaske', 'ovpn log' => 'OVPN-Log', +'ovpn mtu-disc' => 'Path MTU Discovery', +'ovpn mtu-disc and mtu not 1500' => 'Path MTU Discovery benötigt eine MTU von 1500.', +'ovpn mtu-disc maybe' => 'Optional', +'ovpn mtu-disc no' => 'Niemals', +'ovpn mtu-disc off' => 'Deaktiviert', +'ovpn mtu-disc with mssfix or fragment' => 'Path MTU Discovery kann nicht gemeinsam mit mssfix oder fragment verwendet werden.', +'ovpn mtu-disc yes' => 'Forciert', 'ovpn on blue' => 'OpenVPN auf BLAU', 'ovpn on orange' => 'OpenVPN auf ORANGE', 'ovpn on red' => 'OpenVPN auf ROT', @@ -1468,6 +1514,11 @@ 'proxy no proxy local' => 'Lokalen Proxy auf blauen/grünen Netzwerken verhindern', 'proxy port' => 'Proxy-Port', 'proxy reconfigure' => 'Speichern und Laden', +'proxy reports' => 'Proxyberichte', +'proxy reports daily' => 'Tägliche Berichte', +'proxy reports monthly' => 'Monatliche Berichte', +'proxy reports today' => 'Heute', +'proxy reports weekly' => 'Wöchentliche Berichte', 'psk' => 'PSK', 'pulse' => 'Puls', 'pulse dial' => 'Pulswahl:', @@ -1568,6 +1619,7 @@ 'september' => 'September', 'serial' => 'serielle', 'server reserved' => 'The connection name server is reserved and not allowed', +'server restart' => 'Änderungen können nicht gespeichert werden, solange der OpenVPN-Server läuft.', 'server string' => 'Server String', 'service' => 'Dienst', 'service added' => 'Benutzerdefinierter Netzwerkdienst wurde hinzugefügt', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 5fe2391..f0fa2c2 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -353,6 +353,7 @@ 'arp table entries' => 'ARP Table Entries:', 'artist' => 'Artist', 'attemps' => 'Attempts', +'attention' => 'ATTENTION', 'august' => 'August', 'authentication' => 'Authentication:', 'automatic' => 'Automatic', @@ -474,6 +475,43 @@ 'capsopen' => 'CONNECTED', 'capswarning' => 'WARNING', 'caption' => 'Caption', +'ccd add' => 'Add network', +'ccd choose net' => 'Choose network', +'ccd client options' => 'Advanced client options', +'ccd clientip' => 'Host address', +'ccd dynrange' => 'Dynamic OpenVPN IP address pool', +'ccd err blue' => 'This is the BLUE subnet.', +'ccd err green' => 'This is the GREEN subnet.', +'ccd err hostinnet' => 'You are not able to delete this network, while it still contains clients.', +'ccd err inuse' => 'Already used by another client.', +'ccd err invalidname' => 'Invalid name. Allowed characters are A-Z, a-z, dash and space.', +'ccd err invalidnet' => 'Invalid IP address. Format: 192.168.0.0/24 or 192.168.0.0/255.255.255.0.', +'ccd err iroute' => 'Network address for route is invalid.', +'ccd err irouteexist' => 'This route is already in use.', +'ccd err isipsecnet' => 'The given subnet address already used by an IPsec network.', +'ccd err isovpnnet' => 'Subnet address already in use for OpenVPN Server.', +'ccd err issubnet' => 'Subnet address already in use.', +'ccd err name' => 'Please choose a name.', +'ccd err nameexist' => 'Name already exists.', +'ccd err netadr' => 'Subnet address is invalid or range is too large.', +'ccd err netadrexist' => 'Network already exists.', +'ccd err orange' => 'This is the ORANGE subnet.', +'ccd err red' => 'This is the RED subnet.', +'ccd err routeovpn' => 'Already used by OpenVPN server.', +'ccd err routeovpn2' => 'Already pushed from OpenVPN server.', +'ccd hint' => 'On this page you are able to define static networks from which the roadwarrior clients can get fixed IP address assignments.', +'ccd invalid' => 'Invalid.', +'ccd iroute' => 'IPFire has access to these networks on the client's site', +'ccd iroute2' => 'Client has access to these networks on IPFire's site', +'ccd iroutehint' => 'Attention! If you change these settings, you have to restart the OpenVPN server that the changes take effect!', +'ccd modify' => 'Change network', +'ccd name' => 'Name', +'ccd net' => 'Static IP address pools', +'ccd noaddnet' => 'You can only add new static networks when OpenVPN server is stopped.', +'ccd none' => 'None', +'ccd routes' => 'Routing:', +'ccd subnet' => 'Subnet', +'ccd used' => 'Used addresses', 'cert' => 'Certificate', 'certificate' => 'Certificate', 'certificate authorities' => 'Certificate Authorities', @@ -895,7 +933,7 @@ 'gpl unofficial translation of the general public license v3' => 'Unofficial translation of the General Public License v3', 'graph' => 'Graph', 'graph per' => 'per', -'green' => 'Green', +'green' => 'GREEN', 'green interface' => 'Green Interface', 'guaranteed bandwith' => 'Guaranteed bandwith', 'guardian alertfile' => 'Alertfile', @@ -1378,6 +1416,13 @@ 'ovpn errmsg green already pushed' => 'Route for green network is always set', 'ovpn errmsg invalid ip or mask' => 'Invalid network-address or subnetmask', 'ovpn log' => 'OVPN-Log', +'ovpn mtu-disc' => 'Path MTU Discovery', +'ovpn mtu-disc and mtu not 1500' => 'Path MTU Discovery requires a MTU of 1500.', +'ovpn mtu-disc maybe' => 'Optionally', +'ovpn mtu-disc no' => 'Never', +'ovpn mtu-disc off' => 'Disabled', +'ovpn mtu-disc with mssfix or fragment' => 'Path MTU Discovery cannot be used with mssfix or fragment.', +'ovpn mtu-disc yes' => 'Forced', 'ovpn on blue' => 'OpenVPN on BLUE', 'ovpn on orange' => 'OpenVPN on ORANGE', 'ovpn on red' => 'OpenVPN on RED', @@ -1496,6 +1541,11 @@ 'proxy no proxy local' => 'Disallow local proxying on BLUE/GREEN networks', 'proxy port' => 'Proxy Port', 'proxy reconfigure' => 'Save and Reload', +'proxy reports' => 'Proxy Reports', +'proxy reports daily' => 'Daily reports', +'proxy reports monthly' => 'Monthly reports', +'proxy reports today' => 'Today', +'proxy reports weekly' => 'Weekly reports', 'psk' => 'PSK', 'pulse' => 'Pulse', 'pulse dial' => 'Pulse dial:', @@ -1598,6 +1648,7 @@ 'september' => 'September', 'serial' => 'Serial', 'server reserved' => 'The connection name server is reserved and not allowed', +'server restart' => 'You are not able to save any changes while the OpenVPN server is running.', 'server string' => 'Server String', 'service' => 'Service', 'service added' => 'Custom network service added', diff --git a/lfs/GeoIP b/lfs/GeoIP index 68254a7..7e1dc9a 100644 --- a/lfs/GeoIP +++ b/lfs/GeoIP @@ -25,7 +25,7 @@ include Config
VER = 1.17 -DATVER = 06112012 +DATVER = 05122012
THISAPP = Geo-IP-PurePerl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -43,7 +43,7 @@ $(DL_FILE) = $(DL_FROM)/$(DL_FILE) GeoIP.dat-$(DATVER).gz = $(DL_FROM)/GeoIP.dat-$(DATVER).gz
$(DL_FILE)_MD5 = 42a6b9d4dd2563a20c8998556216e1de -GeoIP.dat-$(DATVER).gz_MD5 = a8677695b0abecb69707ebe2444e64f9 +GeoIP.dat-$(DATVER).gz_MD5 = ab0f52a35128d1aced906ac4cbfbed9c
install : $(TARGET)
diff --git a/lfs/libstatgrab b/lfs/libstatgrab new file mode 100644 index 0000000..8bcb133 --- /dev/null +++ b/lfs/libstatgrab @@ -0,0 +1,69 @@ +############################################################################### +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) - IPFire Development Team info@ipfire.org # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 0.17 + +THISAPP = libstatgrab-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = libstatgrab +PAK_VER = 1 + +DEPS = "" + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 58385c9392898be3b09ffc5e3ebe8717 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure --prefix=/usr + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) \ No newline at end of file diff --git a/lfs/mediatomb b/lfs/mediatomb index 2bfde66..7de579e 100644 --- a/lfs/mediatomb +++ b/lfs/mediatomb @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2012 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -34,7 +34,7 @@ TARGET = $(DIR_INFO)/$(THISAPP) PROG = mediatomb PAK_VER = 4
-DEPS = "sqlite taglib ffmpeg-libs" +DEPS = "ffmpeg-libs libexif sqlite taglib "
############################################################################### # Top-level Rules diff --git a/lfs/sarg b/lfs/sarg new file mode 100644 index 0000000..c8794fe --- /dev/null +++ b/lfs/sarg @@ -0,0 +1,100 @@ +############################################################################### +# # +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) 2012 Michael Tremer # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 2.3.3 + +THISAPP = sarg-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = sarg +PAK_VER = 1 + +DEPS = "" + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 09dba9a960d500acd7f17802de62512c + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --sysconfdir=/etc/sarg + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make $(EXTRA_INSTALL) install + + # Install configuration file. + cp -v $(DIR_SRC)/config/sarg/sarg.conf /etc/sarg/sarg.conf + + # Install helper script. + install -m 755 $(DIR_SRC)/config/sarg/update-sarg-reports \ + /usr/sbin/update-sarg-reports + + # Install cron job. + for i in hourly daily weekly monthly; do \ + install -m 754 -v $(DIR_SRC)/config/sarg/cron.$${i} \ + /etc/fcron.$${i}/sarg-reports; \ + done + + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/stage2 b/lfs/stage2 index 5f038c3..5059923 100644 --- a/lfs/stage2 +++ b/lfs/stage2 @@ -89,6 +89,9 @@ $(TARGET) : chmod 755 /usr/local/bin/`basename $$i`; \ done
+ # Move script to correct place. + mv -vf /usr/local/bin/ovpn-ccd-convert /usr/sbin/ + # Nobody user -mkdir -p /home/nobody chown -R nobody:nobody /home/nobody diff --git a/lfs/stress b/lfs/stress new file mode 100644 index 0000000..166d840 --- /dev/null +++ b/lfs/stress @@ -0,0 +1,69 @@ +############################################################################### +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) - IPFire Development Team info@ipfire.org # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.0.4 + +THISAPP = stress-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = stress +PAK_VER = 1 + +DEPS = "" + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = a607afa695a511765b40993a64c6e2f4 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && ./configure --prefix=/usr + cd $(DIR_APP) && make $(MAKETUNING) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index ea908d9..6fb2d94 100755 --- a/make.sh +++ b/make.sh @@ -25,8 +25,8 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.11" # Version number -CORE="64" # Core Level (Filename) -PAKFIRE_CORE="64" # Core Level (PAKFIRE) +CORE="65" # Core Level (Filename) +PAKFIRE_CORE="65" # Core Level (PAKFIRE) GIT_BRANCH=`git status | head -n1 | cut -d" " -f4` # Git Branch SLOGAN="www.ipfire.org" # Software slogan CONFIG_ROOT=/var/ipfire # Configuration rootdir @@ -772,6 +772,9 @@ buildipfire() { ipfiremake minidlna ipfiremake fping ipfiremake telnet + ipfiremake stress + ipfiremake libstatgrab + ipfiremake sarg echo Build on $HOSTNAME > $BASEDIR/build/var/ipfire/firebuild cat /proc/version >> $BASEDIR/build/var/ipfire/firebuild echo >> $BASEDIR/build/var/ipfire/firebuild diff --git a/src/misc-progs/launch-ether-wake.c b/src/misc-progs/launch-ether-wake.c index f487041..cac4d3c 100644 --- a/src/misc-progs/launch-ether-wake.c +++ b/src/misc-progs/launch-ether-wake.c @@ -29,5 +29,9 @@ int main(int argc, char *argv[]) snprintf(command, BUFFER_SIZE-1, "/usr/sbin/etherwake -i %s %s", argv[2], argv[1]); safe_system(command);
+ /* Send magic packet with broadcast flag set. */ + snprintf(command, BUFFER_SIZE-1, "/usr/sbin/etherwake -i %s -b %s", argv[2], argv[1]); + safe_system(command); + return(0); } diff --git a/src/paks/sarg/install.sh b/src/paks/sarg/install.sh new file mode 100644 index 0000000..d3b17a9 --- /dev/null +++ b/src/paks/sarg/install.sh @@ -0,0 +1,34 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +extract_files +restore_backup ${NAME} + +# Create data directory. +[ -d "/var/log/sarg" ] || mkdir /var/log/sarg + +# Create initial report. +/usr/sbin/update-sarg-reports today >/dev/null 2>&1 + +exit 0 diff --git a/src/paks/sarg/uninstall.sh b/src/paks/sarg/uninstall.sh new file mode 100644 index 0000000..66f4344 --- /dev/null +++ b/src/paks/sarg/uninstall.sh @@ -0,0 +1,26 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +make_backup ${NAME} +remove_files diff --git a/src/paks/sarg/update.sh b/src/paks/sarg/update.sh new file mode 100644 index 0000000..89c40d0 --- /dev/null +++ b/src/paks/sarg/update.sh @@ -0,0 +1,26 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 2 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2007 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +./uninstall.sh +./install.sh diff --git a/src/scripts/ovpn-ccd-convert b/src/scripts/ovpn-ccd-convert new file mode 100644 index 0000000..c54e256 --- /dev/null +++ b/src/scripts/ovpn-ccd-convert @@ -0,0 +1,50 @@ +#!/usr/bin/perl +# Converter script for old openvpn clients +my %net=(); +my %ovpnconfig=(); +my @serverconf=(); +my $greennet; +my $greensubnet; +my $running='off'; + +require '/var/ipfire/general-functions.pl'; +unless (-d "${General::swroot}/ovpn/ccd") { system("mkdir ${General::swroot}/ovpn/ccd"); } +system ("chown nobody.nobody ${General::swroot}/ovpn/ccd"); +if ( -e "/var/run/openvpn.pid"){ + $running='on'; + system('/usr/local/bin/openvpnctrl', '-k'); +} + +&General::readhash("/var/ipfire/ethernet/settings", %net); + $greennet=$net{'GREEN_NETADDRESS'}; + $greensubnet=$net{'GREEN_NETMASK'}; +open(FILE,"/var/ipfire/ovpn/server.conf"); + while (<FILE>) { + $_=~s/\s*$//g; + if ($_ ne "route $greennet $greensubnet"){ + push (@serverconf,$_."\n"); + }else{ + print"\nFound ROUTE >>route $greennet $greensubnet<< in server.conf.. Deleted!"; + } + } + +&General::readhasharray("/var/ipfire/ovpn/ovpnconfig", %ovpnconfig); +foreach my $key (keys %ovpnconfig){ + if($ovpnconfig{$key}[32] eq '' && $ovpnconfig{$key}[3] eq 'host'){ + open ( CCDRWCONF,'>',"/var/ipfire/ovpn/ccd/$ovpnconfig{$key}[2]") or die "Unable to create clientconfigfile $!"; + print CCDRWCONF "# OpenVPN Clientconfig from CCD extension by Copymaster#\n\n"; + print CCDRWCONF "#This client uses the dynamic pool\n\n"; + print CCDRWCONF "\n#Client gets routes to these Networks (behind IPFIRE)\n"; + print CCDRWCONF "push "route $greennet $greensubnet"\n"; + close CCDRWCONF; + print"Client $ovpnconfig{$key}[2] converted! \n"; + }else{ + print "Client $ovpnconfig{$key}[2] NOT converted!\n"; + } + $ovpnconfig{$key}[32] = 'dynamic'; +} +&General::writehasharray("/var/ipfire/ovpn/ovpnconfig", %ovpnconfig); +if ($running eq 'on') +{ + system('/usr/local/bin/openvpnctrl', '-s'); +} diff --git a/src/scripts/update-lang-cache b/src/scripts/update-lang-cache new file mode 100644 index 0000000..971664e --- /dev/null +++ b/src/scripts/update-lang-cache @@ -0,0 +1,3 @@ +#!/bin/sh +perl -e "require '//var/ipfire/lang.pl'; &Lang::BuildCacheLang" +
hooks/post-receive -- IPFire 2.x development tree