This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 97af8b2b85abaa381b668ff20ddd6b41fc8f1827 (commit) via 3906cf7e852872556728191a234152acf213db05 (commit) via 87fe47e9d9502276284340475e9c5208ae406571 (commit) via c9ac8b8052842049694565bedeffc26d651ef093 (commit) via 0d0ee70f3b6f4559885b91fa03c6e77f5cffe1b0 (commit) via 59c2888bae4638153fbe5092608468a21788fb55 (commit) via 5795fc1b5536b6506c26a976c3024114e88cbcb8 (commit) from e62b6718b919e7b5072ebf11294ae7d3adc9560e (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 97af8b2b85abaa381b668ff20ddd6b41fc8f1827 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 13 17:37:41 2015 +0100
Update translations
commit 3906cf7e852872556728191a234152acf213db05 Merge: e62b671 87fe47e Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jan 13 17:37:18 2015 +0100
Merge remote-tracking branch 'amarx/vpn-statistic1' into next
commit 87fe47e9d9502276284340475e9c5208ae406571 Author: Alexander Marx alexander.marx@ipfire.org Date: Tue Dec 23 12:43:49 2014 +0100
vpn-statistic: Move logfiles to /var/run because of flash writes
commit c9ac8b8052842049694565bedeffc26d651ef093 Author: Alexander Marx amarx@ipfire.org Date: Fri Sep 26 13:18:45 2014 +0200
vpn-statistics: change graphs and datatypes of rrd
commit 0d0ee70f3b6f4559885b91fa03c6e77f5cffe1b0 Merge: 59c2888 7a35d10 Author: Alexander Marx amarx@ipfire.org Date: Fri Sep 26 12:53:05 2014 +0200
Merge branch 'next' of ssh://git.ipfire.org/pub/git/ipfire-2.x into vpn-statistic1
commit 59c2888bae4638153fbe5092608468a21788fb55 Author: Alexander Marx amarx@ipfire.org Date: Fri Sep 19 08:11:24 2014 +0200
BUG10617: Allow rules from local networks to firewall itself
commit 5795fc1b5536b6506c26a976c3024114e88cbcb8 Author: Alexander Marx amarx@ipfire.org Date: Wed Sep 3 07:58:15 2014 +0200
vpn-statistic: added new statistic page for OpenVPN Roadwarrior
-----------------------------------------------------------------------
Summary of changes: config/cfgroot/graphs.pl | 112 ++++++++++++++++++++++++++++ config/collectd/collectd.conf | 1 + config/collectd/collectd.vpn | 5 ++ config/menu/20-status.menu | 12 +++ config/rootfiles/common/apache2 | 2 + config/rootfiles/common/collectd | 1 + doc/language_issues.de | 1 + doc/language_issues.en | 1 + doc/language_issues.es | 5 ++ doc/language_issues.fr | 5 ++ doc/language_issues.nl | 5 ++ doc/language_issues.pl | 5 ++ doc/language_issues.ru | 5 ++ doc/language_issues.tr | 5 ++ doc/language_missings | 16 ++++ html/cgi-bin/firewall.cgi | 2 +- html/cgi-bin/{system.cgi => netovpnrw.cgi} | 47 ++++++------ html/cgi-bin/{system.cgi => netovpnsrv.cgi} | 47 ++++++------ html/cgi-bin/ovpnmain.cgi | 26 +++++-- langs/de/cgi-bin/de.pl | 4 + langs/en/cgi-bin/en.pl | 4 + lfs/openvpn | 1 + src/misc-progs/openvpnctrl.c | 29 +++++++ 23 files changed, 284 insertions(+), 57 deletions(-) create mode 100644 config/collectd/collectd.vpn copy html/cgi-bin/{system.cgi => netovpnrw.cgi} (69%) mode change 100644 => 100755 copy html/cgi-bin/{system.cgi => netovpnsrv.cgi} (69%) mode change 100644 => 100755
Difference in files: diff --git a/config/cfgroot/graphs.pl b/config/cfgroot/graphs.pl index 487a4dd..5e6fddb 100644 --- a/config/cfgroot/graphs.pl +++ b/config/cfgroot/graphs.pl @@ -587,6 +587,118 @@ sub updateifgraph { print "Error in RRD::graph for ".$interface.": ".$ERROR."\n" if $ERROR; }
+sub updatevpngraph { + my $interface = $_[0]; + my $period = $_[1]; + RRDs::graph( + "-", + "--start", + "-1".$period, + "-aPNG", + "-i", + "-z", + "-W www.ipfire.org", + "--alt-y-grid", + "-w 600", + "-h 125", + "-r", + "-t ".$Lang::tr{'traffic on'}." ".$interface." ".$Lang::tr{'graph per'}." ".$Lang::tr{$period."-graph"}, + "-v ".$Lang::tr{'bytes per second'}, + "--color=SHADEA".$color{"color19"}, + "--color=SHADEB".$color{"color19"}, + "--color=BACK".$color{"color21"}, + "DEF:incoming=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive.rrd:rx:AVERAGE", + "DEF:outgoing=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive.rrd:tx:AVERAGE", + "CDEF:outgoingn=outgoing,-1,*", + "COMMENT:".sprintf("%-20s",$Lang::tr{'caption'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'average'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'minimal'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\j", + "AREA:incoming#00dd00:".sprintf("%-20s",$Lang::tr{'incoming traffic in bytes per second'}), + "GPRINT:incoming:MAX:%8.1lf %sBps", + "GPRINT:incoming:AVERAGE:%8.1lf %sBps", + "GPRINT:incoming:MIN:%8.1lf %sBps", + "GPRINT:incoming:LAST:%8.1lf %sBps\j", + "AREA:outgoingn#dd0000:".sprintf("%-20s",$Lang::tr{'outgoing traffic in bytes per second'}), + "GPRINT:outgoing:MAX:%8.1lf %sBps", + "GPRINT:outgoing:AVERAGE:%8.1lf %sBps", + "GPRINT:outgoing:MIN:%8.1lf %sBps", + "GPRINT:outgoing:LAST:%8.1lf %sBps\j", + ); + $ERROR = RRDs::error; + print "Error in RRD::graph for ".$interface.": ".$ERROR."\n" if $ERROR; +} + +sub updatevpnn2ngraph { + my $interface = $_[0]; + my $period = $_[1]; + RRDs::graph( + "-", + "--start", + "-1".$period, + "-aPNG", + "-i", + "-z", + "-W www.ipfire.org", + "--alt-y-grid", + "-w 600", + "-h 125", + "-r", + "-t ".$Lang::tr{'traffic on'}." ".$interface." ".$Lang::tr{'graph per'}." ".$Lang::tr{$period."-graph"}, + "-v ".$Lang::tr{'bytes per second'}, + "--color=SHADEA".$color{"color19"}, + "--color=SHADEB".$color{"color19"}, + "--color=BACK".$color{"color21"}, + "DEF:incoming=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive-traffic.rrd:rx:AVERAGE", + "DEF:outgoing=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive-traffic.rrd:tx:AVERAGE", + "DEF:overhead_in=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive-overhead.rrd:rx:AVERAGE", + "DEF:overhead_out=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/if_octets_derive-overhead.rrd:tx:AVERAGE", + "DEF:compression_in=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/compression_derive-data_in.rrd:uncompressed:AVERAGE", + "DEF:compression_out=".$mainsettings{'RRDLOG'}."/collectd/localhost/openvpn-$interface/compression_derive-data_out.rrd:uncompressed:AVERAGE", + "CDEF:outgoingn=outgoing,-1,*", + "CDEF:overhead_outn=overhead_out,-1,*", + "CDEF:compression_outn=compression_out,-1,*", + "COMMENT:".sprintf("%-20s",$Lang::tr{'caption'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'maximal'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'average'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'minimal'}), + "COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\j", + "AREA:incoming#00dd00:".sprintf("%-20s",$Lang::tr{'incoming traffic in bytes per second'}), + "GPRINT:incoming:MAX:%8.1lf %sBps", + "GPRINT:incoming:AVERAGE:%8.1lf %sBps", + "GPRINT:incoming:MIN:%8.1lf %sBps", + "GPRINT:incoming:LAST:%8.1lf %sBps\j", + "STACK:overhead_in#116B11:".sprintf("%-20s",$Lang::tr{'incoming overhead in bytes per second'}), + "GPRINT:overhead_in:MAX:%8.1lf %sBps", + "GPRINT:overhead_in:AVERAGE:%8.1lf %sBps", + "GPRINT:overhead_in:MIN:%8.1lf %sBps", + "GPRINT:overhead_in:LAST:%8.1lf %sBps\j", + "LINE1:compression_in#ff00ff:".sprintf("%-20s",$Lang::tr{'incoming compression in bytes per second'}), + "GPRINT:compression_in:MAX:%8.1lf %sBps", + "GPRINT:compression_in:AVERAGE:%8.1lf %sBps", + "GPRINT:compression_in:MIN:%8.1lf %sBps", + "GPRINT:compression_in:LAST:%8.1lf %sBps\j", + "AREA:outgoingn#dd0000:".sprintf("%-20s",$Lang::tr{'outgoing traffic in bytes per second'}), + "GPRINT:outgoing:MAX:%8.1lf %sBps", + "GPRINT:outgoing:AVERAGE:%8.1lf %sBps", + "GPRINT:outgoing:MIN:%8.1lf %sBps", + "GPRINT:outgoing:LAST:%8.1lf %sBps\j", + "STACK:overhead_outn#870C0C:".sprintf("%-20s",$Lang::tr{'outgoing overhead in bytes per second'}), + "GPRINT:overhead_out:MAX:%8.1lf %sBps", + "GPRINT:overhead_out:AVERAGE:%8.1lf %sBps", + "GPRINT:overhead_out:MIN:%8.1lf %sBps", + "GPRINT:overhead_out:LAST:%8.1lf %sBps\j", + "LINE1:compression_outn#000000:".sprintf("%-20s",$Lang::tr{'outgoing compression in bytes per second'}), + "GPRINT:compression_out:MAX:%8.1lf %sBps", + "GPRINT:compression_out:AVERAGE:%8.1lf %sBps", + "GPRINT:compression_out:MIN:%8.1lf %sBps", + "GPRINT:compression_out:LAST:%8.1lf %sBps\j", + ); + $ERROR = RRDs::error; + print "Error in RRD::graph for ".$interface.": ".$ERROR."\n" if $ERROR; +} + # Generate the Firewall Graph for the current period of time for values given by collecd
sub updatefwhitsgraph { diff --git a/config/collectd/collectd.conf b/config/collectd/collectd.conf index 61327bf..384c943 100644 --- a/config/collectd/collectd.conf +++ b/config/collectd/collectd.conf @@ -92,3 +92,4 @@ include "/etc/collectd.precache"
#include "/etc/collectd.thermal" include "/etc/collectd.custom" +include "/etc/collectd.vpn" diff --git a/config/collectd/collectd.vpn b/config/collectd/collectd.vpn new file mode 100644 index 0000000..ca92947 --- /dev/null +++ b/config/collectd/collectd.vpn @@ -0,0 +1,5 @@ +LoadPlugin openvpn + +<Plugin openvpn> +StatusFile "/var/run/ovpnserver.log" +</Plugin> diff --git a/config/menu/20-status.menu b/config/menu/20-status.menu index b159ed6..802885e 100644 --- a/config/menu/20-status.menu +++ b/config/menu/20-status.menu @@ -40,6 +40,18 @@ 'title' => "$Lang::tr{'network other'}", 'enabled' => 1, }; + $substatus->{'53.networkovpn'} = { + 'caption' => "$Lang::tr{'openvpn client'}", + 'uri' => '/cgi-bin/netovpnrw.cgi', + 'title' => "$Lang::tr{'openvpn client'}", + 'enabled' => 1, + }; + $substatus->{'54.networkovpnsrv'} = { + 'caption' => "$Lang::tr{'openvpn server'}", + 'uri' => '/cgi-bin/netovpnsrv.cgi', + 'title' => "$Lang::tr{'openvpn server'}", + 'enabled' => 1, + }; $substatus->{'60.hardwaregraphs'} = { 'caption' => "$Lang::tr{'hardware graphs'}", 'uri' => '/cgi-bin/hardwaregraphs.cgi', diff --git a/config/rootfiles/common/apache2 b/config/rootfiles/common/apache2 index 474e7a7..3eabe9f 100644 --- a/config/rootfiles/common/apache2 +++ b/config/rootfiles/common/apache2 @@ -1419,6 +1419,8 @@ srv/web/ipfire/cgi-bin/modem-status.cgi srv/web/ipfire/cgi-bin/netexternal.cgi srv/web/ipfire/cgi-bin/netinternal.cgi srv/web/ipfire/cgi-bin/netother.cgi +srv/web/ipfire/cgi-bin/netovpnrw.cgi +srv/web/ipfire/cgi-bin/netovpnsrv.cgi srv/web/ipfire/cgi-bin/optionsfw.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/p2p-block.cgi diff --git a/config/rootfiles/common/collectd b/config/rootfiles/common/collectd index 2b9fa28..5c2064d 100644 --- a/config/rootfiles/common/collectd +++ b/config/rootfiles/common/collectd @@ -2,6 +2,7 @@ etc/collectd.conf etc/collectd.custom etc/collectd.precache etc/collectd.thermal +etc/collectd.vpn etc/rc.d/init.d/collectd etc/rc.d/rc0.d/K50collectd etc/rc.d/rc3.d/S29collectd diff --git a/doc/language_issues.de b/doc/language_issues.de index 34afa73..e41f48b 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -632,6 +632,7 @@ WARNING: untranslated string: community rules WARNING: untranslated string: dead peer detection WARNING: untranslated string: emerging rules WARNING: untranslated string: fwhost err hostip +WARNING: untranslated string: no data WARNING: untranslated string: qos add subclass WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added diff --git a/doc/language_issues.en b/doc/language_issues.en index f50f01d..290da02 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -664,6 +664,7 @@ WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: Scan for Songs WARNING: untranslated string: bytes WARNING: untranslated string: fwhost err hostip +WARNING: untranslated string: no data WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed diff --git a/doc/language_issues.es b/doc/language_issues.es index 456cb08..c93d40c 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -864,7 +864,9 @@ WARNING: untranslated string: grouptype WARNING: untranslated string: hardware support WARNING: untranslated string: imei WARNING: untranslated string: imsi +WARNING: untranslated string: incoming compression in bytes per second WARNING: untranslated string: incoming firewall access +WARNING: untranslated string: incoming overhead in bytes per second WARNING: untranslated string: integrity WARNING: untranslated string: invalid input for dpd delay WARNING: untranslated string: invalid input for dpd timeout @@ -901,6 +903,7 @@ WARNING: untranslated string: modem status WARNING: untranslated string: monitor interface WARNING: untranslated string: most preferred WARNING: untranslated string: nameserver +WARNING: untranslated string: no data WARNING: untranslated string: no hardware random number generator WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice @@ -914,9 +917,11 @@ WARNING: untranslated string: openvpn prefix openvpn subnet WARNING: untranslated string: openvpn prefix remote subnet WARNING: untranslated string: openvpn subnet is used WARNING: untranslated string: other +WARNING: untranslated string: outgoing compression in bytes per second WARNING: untranslated string: outgoing firewall access WARNING: untranslated string: outgoing firewall p2p allow WARNING: untranslated string: outgoing firewall p2p deny +WARNING: untranslated string: outgoing overhead in bytes per second WARNING: untranslated string: ovpn add conf WARNING: untranslated string: ovpn crypt options WARNING: untranslated string: ovpn dh diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 205336a..c1dedc5 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -875,7 +875,9 @@ WARNING: untranslated string: grouptype WARNING: untranslated string: hardware support WARNING: untranslated string: imei WARNING: untranslated string: imsi +WARNING: untranslated string: incoming compression in bytes per second WARNING: untranslated string: incoming firewall access +WARNING: untranslated string: incoming overhead in bytes per second WARNING: untranslated string: integrity WARNING: untranslated string: invalid input for dpd delay WARNING: untranslated string: invalid input for dpd timeout @@ -912,6 +914,7 @@ WARNING: untranslated string: modem status WARNING: untranslated string: monitor interface WARNING: untranslated string: most preferred WARNING: untranslated string: nameserver +WARNING: untranslated string: no data WARNING: untranslated string: no hardware random number generator WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice @@ -927,7 +930,9 @@ WARNING: untranslated string: openvpn prefix openvpn subnet WARNING: untranslated string: openvpn prefix remote subnet WARNING: untranslated string: openvpn subnet is used WARNING: untranslated string: other +WARNING: untranslated string: outgoing compression in bytes per second WARNING: untranslated string: outgoing firewall access +WARNING: untranslated string: outgoing overhead in bytes per second WARNING: untranslated string: ovpn add conf WARNING: untranslated string: ovpn crypt options WARNING: untranslated string: ovpn dh diff --git a/doc/language_issues.nl b/doc/language_issues.nl index cda03a4..859cc1f 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -695,6 +695,8 @@ WARNING: untranslated string: gen dh WARNING: untranslated string: generate dh key WARNING: untranslated string: imei WARNING: untranslated string: imsi +WARNING: untranslated string: incoming compression in bytes per second +WARNING: untranslated string: incoming overhead in bytes per second WARNING: untranslated string: invalid input for valid till days WARNING: untranslated string: masquerade blue WARNING: untranslated string: masquerade green @@ -718,7 +720,10 @@ WARNING: untranslated string: modem sim information WARNING: untranslated string: modem status WARNING: untranslated string: monitor interface WARNING: untranslated string: nameserver +WARNING: untranslated string: no data WARNING: untranslated string: not a valid dh key +WARNING: untranslated string: outgoing compression in bytes per second +WARNING: untranslated string: outgoing overhead in bytes per second WARNING: untranslated string: ovpn add conf WARNING: untranslated string: ovpn crypt options WARNING: untranslated string: ovpn dh diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 456cb08..c93d40c 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -864,7 +864,9 @@ WARNING: untranslated string: grouptype WARNING: untranslated string: hardware support WARNING: untranslated string: imei WARNING: untranslated string: imsi +WARNING: untranslated string: incoming compression in bytes per second WARNING: untranslated string: incoming firewall access +WARNING: untranslated string: incoming overhead in bytes per second WARNING: untranslated string: integrity WARNING: untranslated string: invalid input for dpd delay WARNING: untranslated string: invalid input for dpd timeout @@ -901,6 +903,7 @@ WARNING: untranslated string: modem status WARNING: untranslated string: monitor interface WARNING: untranslated string: most preferred WARNING: untranslated string: nameserver +WARNING: untranslated string: no data WARNING: untranslated string: no hardware random number generator WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice @@ -914,9 +917,11 @@ WARNING: untranslated string: openvpn prefix openvpn subnet WARNING: untranslated string: openvpn prefix remote subnet WARNING: untranslated string: openvpn subnet is used WARNING: untranslated string: other +WARNING: untranslated string: outgoing compression in bytes per second WARNING: untranslated string: outgoing firewall access WARNING: untranslated string: outgoing firewall p2p allow WARNING: untranslated string: outgoing firewall p2p deny +WARNING: untranslated string: outgoing overhead in bytes per second WARNING: untranslated string: ovpn add conf WARNING: untranslated string: ovpn crypt options WARNING: untranslated string: ovpn dh diff --git a/doc/language_issues.ru b/doc/language_issues.ru index f245a62..17e3199 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -859,7 +859,9 @@ WARNING: untranslated string: grouptype WARNING: untranslated string: hardware support WARNING: untranslated string: imei WARNING: untranslated string: imsi +WARNING: untranslated string: incoming compression in bytes per second WARNING: untranslated string: incoming firewall access +WARNING: untranslated string: incoming overhead in bytes per second WARNING: untranslated string: incoming traffic in bytes per second WARNING: untranslated string: integrity WARNING: untranslated string: invalid input for dpd delay @@ -897,6 +899,7 @@ WARNING: untranslated string: modem status WARNING: untranslated string: monitor interface WARNING: untranslated string: most preferred WARNING: untranslated string: nameserver +WARNING: untranslated string: no data WARNING: untranslated string: no hardware random number generator WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice @@ -910,7 +913,9 @@ WARNING: untranslated string: openvpn prefix openvpn subnet WARNING: untranslated string: openvpn prefix remote subnet WARNING: untranslated string: openvpn subnet is used WARNING: untranslated string: other +WARNING: untranslated string: outgoing compression in bytes per second WARNING: untranslated string: outgoing firewall access +WARNING: untranslated string: outgoing overhead in bytes per second WARNING: untranslated string: outgoing traffic in bytes per second WARNING: untranslated string: ovpn add conf WARNING: untranslated string: ovpn crypt options diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 6e06cd3..0ebd398 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -664,7 +664,12 @@ WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: Scan for Songs WARNING: untranslated string: bytes WARNING: untranslated string: fwhost err hostip +WARNING: untranslated string: incoming compression in bytes per second +WARNING: untranslated string: incoming overhead in bytes per second WARNING: untranslated string: invalid input for valid till days +WARNING: untranslated string: no data +WARNING: untranslated string: outgoing compression in bytes per second +WARNING: untranslated string: outgoing overhead in bytes per second WARNING: untranslated string: ovpn add conf WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added diff --git a/doc/language_missings b/doc/language_missings index 85d4f25..05798b9 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -331,7 +331,9 @@ < hardware support < imei < imsi +< incoming compression in bytes per second < incoming firewall access +< incoming overhead in bytes per second < integrity < invalid input for dpd delay < invalid input for dpd timeout @@ -392,7 +394,9 @@ < openvpn subnet is used < other < our donors +< outgoing compression in bytes per second < outgoing firewall access +< outgoing overhead in bytes per second < ovpn add conf < ovpn crypt options < ovpn dh @@ -884,7 +888,9 @@ < hardware support < imei < imsi +< incoming compression in bytes per second < incoming firewall access +< incoming overhead in bytes per second < integrity < invalid input for dpd delay < invalid input for dpd timeout @@ -943,6 +949,7 @@ < openvpn subnet is used < other < our donors +< outgoing compression in bytes per second < outgoing firewall access < outgoing firewall add ip group < outgoing firewall add mac group @@ -958,6 +965,7 @@ < outgoing firewall p2p description 2 < outgoing firewall p2p description 3 < outgoing firewall view group +< outgoing overhead in bytes per second < ovpn add conf < ovpn crypt options < ovpn dh @@ -1421,7 +1429,9 @@ < hardware support < imei < imsi +< incoming compression in bytes per second < incoming firewall access +< incoming overhead in bytes per second < integrity < invalid input for dpd delay < invalid input for dpd timeout @@ -1480,7 +1490,9 @@ < openvpn subnet is used < other < our donors +< outgoing compression in bytes per second < outgoing firewall access +< outgoing overhead in bytes per second < ovpn add conf < ovpn crypt options < ovpn dh @@ -1948,7 +1960,9 @@ < hour-graph < imei < imsi +< incoming compression in bytes per second < incoming firewall access +< incoming overhead in bytes per second < incoming traffic in bytes per second < integrity < invalid input for dpd delay @@ -2009,7 +2023,9 @@ < openvpn subnet is used < other < our donors +< outgoing compression in bytes per second < outgoing firewall access +< outgoing overhead in bytes per second < outgoing traffic in bytes per second < ovpn add conf < ovpn crypt options diff --git a/html/cgi-bin/firewall.cgi b/html/cgi-bin/firewall.cgi index badee6b..d2227a4 100644 --- a/html/cgi-bin/firewall.cgi +++ b/html/cgi-bin/firewall.cgi @@ -865,7 +865,7 @@ sub checkrule $errormessage.=$Lang::tr{'fwdfw err remark'}."<br>"; } #check if source and target identical - if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ALL'){ + if ($fwdfwsettings{$fwdfwsettings{'grp1'}} eq $fwdfwsettings{$fwdfwsettings{'grp2'}} && $fwdfwsettings{$fwdfwsettings{'grp1'}} ne 'ALL' && $fwdfwsettings{'grp2'} ne 'ipfire'){ $errormessage=$Lang::tr{'fwdfw err same'}; return $errormessage; } diff --git a/html/cgi-bin/netovpnrw.cgi b/html/cgi-bin/netovpnrw.cgi new file mode 100755 index 0000000..f775b23 --- /dev/null +++ b/html/cgi-bin/netovpnrw.cgi @@ -0,0 +1,72 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2014 Alexander Marx # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +use strict; + +# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; +require "${General::swroot}/graphs.pl"; + +my %color = (); +my %mainsettings = (); +&General::readhash("${General::swroot}/main/settings", %mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", %color); + +my @vpns=(); + +my @querry = split(/?/,$ENV{'QUERY_STRING'}); +$querry[0] = '' unless defined $querry[0]; +$querry[1] = 'week' unless defined $querry[1]; + +if ( $querry[0] ne "" && $querry[0] ne "UNDEF"){ + print "Content-type: image/png\n\n"; + binmode(STDOUT); + &Graphs::updatevpngraph($querry[0],$querry[1]); +}else{ + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'host to net vpn'}, 1, ''); + &Header::openbigbox('100%', 'left'); + + my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*/ -not -path *openvpn-UNDEF* -not -path *openvpn-*n2n* -name *.rrd|sort`; + foreach (@vpngraphs){ + if($_ =~ /(.*)/openvpn-(.*)/if_octets_derive.rrd/){ + push(@vpns,$2); + } + } + if(@vpns){ + foreach (@vpns) { + &Header::openbox('100%', 'center', "$_ $Lang::tr{'graph'}"); + &Graphs::makegraphbox("netovpnrw.cgi",$_,"week"); + &Header::closebox(); + } + }else{ + print "<center>".$Lang::tr{'no data'}."</center>"; + } + my $output = ''; + + &Header::closebigbox(); + &Header::closepage(); +} diff --git a/html/cgi-bin/netovpnsrv.cgi b/html/cgi-bin/netovpnsrv.cgi new file mode 100755 index 0000000..0ec9c67 --- /dev/null +++ b/html/cgi-bin/netovpnsrv.cgi @@ -0,0 +1,72 @@ +#!/usr/bin/perl +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2014 Alexnder Marx # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +use strict; + +# enable only the following on debugging purpose +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; + +require '/var/ipfire/general-functions.pl'; +require "${General::swroot}/lang.pl"; +require "${General::swroot}/header.pl"; +require "${General::swroot}/graphs.pl"; + +my %color = (); +my %mainsettings = (); +&General::readhash("${General::swroot}/main/settings", %mainsettings); +&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", %color); + +my @vpns=(); + +my @querry = split(/?/,$ENV{'QUERY_STRING'}); +$querry[0] = '' unless defined $querry[0]; +$querry[1] = 'week' unless defined $querry[1]; + +if ( $querry[0] ne ""){ + print "Content-type: image/png\n\n"; + binmode(STDOUT); + &Graphs::updatevpnn2ngraph($querry[0],$querry[1]); +}else{ + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'openvpn server'}, 1, ''); + &Header::openbigbox('100%', 'left'); + + my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*-n2n/ -not -path *openvpn-UNDEF* -name *traffic.rrd|sort`; + foreach (@vpngraphs){ + if($_ =~ /(.*)/openvpn-(.*)/if_octets_derive-traffic.rrd/){ + push(@vpns,$2); + } + } + if (@vpns){ + foreach (@vpns) { + &Header::openbox('100%', 'center', "$_ $Lang::tr{'graph'}"); + &Graphs::makegraphbox("netovpnsrv.cgi",$_,"week"); + &Header::closebox(); + } + }else{ + print "<center>".$Lang::tr{'no data'}."</center>"; + } + my $output = ''; + + &Header::closebigbox(); + &Header::closepage(); +} diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 235ece5..1e07492 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -288,7 +288,7 @@ sub writeserverconf { print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'} $sovpnsettings{'KEEPALIVE_2'}\n"; } print CONF "status-version 1\n"; - print CONF "status /var/log/ovpnserver.log 30\n"; + print CONF "status /var/run/ovpnserver.log 30\n"; print CONF "cipher $sovpnsettings{DCIPHER}\n"; if ($sovpnsettings{'DAUTH'} eq '') { print CONF ""; @@ -354,7 +354,7 @@ sub writeserverconf { }
sub emptyserverlog{ - if (open(FILE, ">/var/log/ovpnserver.log")) { + if (open(FILE, ">/var/run/ovpnserver.log")) { flock FILE, 2; print FILE ""; close FILE; @@ -905,9 +905,12 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n"; print SERVERCONF "# tun Device\n"; print SERVERCONF "dev tun\n"; + print SERVERCONF "#Logfile for statistics\n"; + print SERVERCONF "status-version 1\n"; + print SERVERCONF "status /var/run/openvpn/$cgiparams{'NAME'}-n2n 10\n"; print SERVERCONF "# Port and Protokol\n"; print SERVERCONF "port $cgiparams{'DEST_PORT'}\n"; - + if ($cgiparams{'PROTOCOL'} eq 'tcp') { print SERVERCONF "proto tcp-server\n"; print SERVERCONF "# Packet size\n"; @@ -1193,6 +1196,14 @@ SETTINGS_ERROR: while ($file = glob("${General::swroot}/ovpn/ccd/*")) { unlink $file } +# Delete all RRD files for Roadwarrior connections + chdir('/var/ipfire/ovpn/ccd'); + while ($file = glob("*")) { + system ("/usr/local/bin/openvpnctrl -drrd $file"); + } + while ($file = glob("${General::swroot}/ovpn/ccd/*")) { + unlink $file + } if (open(FILE, ">${General::swroot}/ovpn/ovpn-leases.db")) { print FILE ""; close FILE; @@ -2359,7 +2370,10 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { # CCD end
- +### +### Delete all RRD's for client +### + system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]"); delete $confighash{$cgiparams{'KEY'}}; my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); @@ -2897,7 +2911,7 @@ END </tr> END ; - my $filename = "/var/log/ovpnserver.log"; + my $filename = "/var/run/ovpnserver.log"; open(FILE, $filename) or die 'Unable to open config file.'; my @current = <FILE>; close(FILE); @@ -4897,7 +4911,7 @@ END &General::readhasharray("${General::swroot}/ovpn/caconfig", %cahash); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
- my @status = `/bin/cat /var/log/ovpnserver.log`; + my @status = `/bin/cat /var/run/ovpnserver.log`;
if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") { if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) { diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 3f96a60..7ad94f5 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1241,7 +1241,9 @@ 'inactive' => 'inaktiv', 'include logfiles' => 'mit Logdateien', 'incoming' => 'eingehend', +'incoming compression in bytes per second' => 'Eingehende Kompression', 'incoming firewall access' => 'Eingehender Firewallzugang', +'incoming overhead in bytes per second' => 'Eingehender Overhead', 'incoming traffic in bytes per second' => 'Eingehender Verkehr', 'incorrect password' => 'Fehlerhaftes Passwort', 'info' => 'Info', @@ -1665,6 +1667,7 @@ 'our donors' => 'Unsere Unterstützer', 'out' => 'Aus', 'outgoing' => 'ausgehend', +'outgoing compression in bytes per second' => 'Abgehende Kompression', 'outgoing firewall' => 'Ausgehende Firewall', 'outgoing firewall access' => 'Ausgehender Firewallzugang', 'outgoing firewall add ip group' => 'IP Adressgruppen hinzufügen', @@ -1687,6 +1690,7 @@ 'outgoing firewall reset' => 'Alle Regeln löschen', 'outgoing firewall view group' => 'Gruppe anzeigen', 'outgoing firewall warning' => 'Nur die Auswahl Quell IP / MAC aktiviert diese', +'outgoing overhead in bytes per second' => 'Abgehender Overhead', 'outgoing traffic in bytes per second' => 'Abgehender Verkehr', 'override mtu' => 'Überschreibe Standard MTU', 'ovpn' => 'OpenVPN', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index ad331b2..d34e6c7 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -1270,7 +1270,9 @@ 'inactive' => 'inactive', 'include logfiles' => 'Include logfiles', 'incoming' => 'incoming', +'incoming compression in bytes per second' => 'Incoming Compression', 'incoming firewall access' => 'Incoming Firewall Access', +'incoming overhead in bytes per second' => 'Incoming Overhead', 'incoming traffic in bytes per second' => 'Incoming Traffic', 'incorrect password' => 'Incorrect password', 'info' => 'Info', @@ -1696,6 +1698,7 @@ 'our donors' => 'Our donors', 'out' => 'Out', 'outgoing' => 'outgoing', +'outgoing compression in bytes per second' => 'Outgoing compression', 'outgoing firewall' => 'Outgoing Firewall', 'outgoing firewall access' => 'Outgoing Firewall Access', 'outgoing firewall add ip group' => 'Add IP Address Group', @@ -1718,6 +1721,7 @@ 'outgoing firewall reset' => 'Reset all', 'outgoing firewall view group' => 'View group', 'outgoing firewall warning' => 'Not selecting source ip or mac ignores them', +'outgoing overhead in bytes per second' => 'Outgoing Overhead', 'outgoing traffic in bytes per second' => 'Outgoing Traffic', 'override mtu' => 'Override default MTU', 'ovpn' => 'OpenVPN', diff --git a/lfs/openvpn b/lfs/openvpn index 44a8b46..487b6ca 100644 --- a/lfs/openvpn +++ b/lfs/openvpn @@ -83,6 +83,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make install cd $(DIR_APP) && cp -Rvf $(DIR_SRC)/config/ovpn /var/ipfire -mkdir -vp /usr/lib/openvpn/plugins + -mkdir -vp /var/log/openvpn -mkdir -vp /var/ipfire/ovpn/ca -mkdir -vp /var/ipfire/ovpn/ccd -mkdir -vp /var/ipfire/ovpn/crls diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c index 462ce77..da5ee23 100644 --- a/src/misc-progs/openvpnctrl.c +++ b/src/misc-progs/openvpnctrl.c @@ -73,6 +73,9 @@ void usage(void) printf(" -kn2n --kill-net-2-net\n"); printf(" kills all net2net connections\n"); printf(" you may pass a connection name to the switch to only start a specific one\n"); + printf(" -drrd --delete-rrd\n"); + printf(" Deletes the RRD data for a specific client\n"); + printf(" you need to pass a connection name (RW) to the switch to delete the directory (case sensitive)\n"); printf(" -d --display\n"); printf(" displays OpenVPN status to syslog\n"); printf(" -fwr --firewall-rules\n"); @@ -565,6 +568,28 @@ int killNet2Net(char *name) { return 0; }
+int deleterrd(char *name) { + connection *conn = getConnections(); + + char rrd_file[STRING_SIZE]; + snprintf(rrd_file, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s/if_octets.rrd", name); + + char rrd_dir[STRING_SIZE]; + snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s", name); + + while(conn) { + /* Find only RW-Connections with the given name. */ + if (((strcmp(conn->type, "host") == 0) && (strcmp(conn->name, name) == 0))) { + remove(rrd_file); + remove(rrd_dir); + return 0; + } + conn = conn->next; + } + + return 1; +} + void startAllNet2Net() { int exitcode = 0, _exitcode = 0;
@@ -634,6 +659,10 @@ int main(int argc, char *argv[]) { else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) { killNet2Net(argv[2]); return 0; + } + else if( (strcmp(argv[1], "-drrd") == 0) || (strcmp(argv[1], "--delete-rrd") == 0) ) { + deleterrd(argv[2]); + return 0; } else { usage(); return 1;
hooks/post-receive -- IPFire 2.x development tree