This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via e57d2133a3581a78b80412852dfaf68ebcffadc7 (commit) via 4e9d6128997f2b9431b8e5d0543554589029f482 (commit) via 80337f489444572abcc300aaab6c9bfbf721c19d (commit) via 44f8687ba29b06b012a01c36abe51ffdba27287d (commit) via d96c89eb0619c4f4b10ec7724e55f10f84defd2a (commit) via 64f0c3543d8419a708a2a6c2c50620d147213bfe (commit) via 531f08359c015e39fa51dd9b15ed6abedbc408e6 (commit) via 81a789d9315219cca58160ea2dbd005287ae4bd3 (commit) via cdc2be25f1b63a906f2209ae9d7ac4bdd4b14feb (commit) via ce9abb6627a085706077c1a11da1569fc3c7f244 (commit) via c894a342345ca6b55edc75f0ced6ab7ffa7b7a42 (commit) via 91a0a2217ac1591584c27eb8ce056e977f2b6a80 (commit) via 1129c37a95009f8f4ee3222a09c12c3f9d374d9d (commit) via 7d653d51f8ed7aa6198aa724d6e68750642b588f (commit) via d4c8b6bec26d2b45112e129f99921558058c4b18 (commit) via 80ca8bd0f52b61accecc4d66296ec7d7648ee990 (commit) via 858d8d9092dae3839e9129448d8a51937aebc909 (commit) via 2bcff894ac444f5b8d5d6ab7d8c243974526d332 (commit) via 39877197d6f99832c9732edcf72a11fbddf43a30 (commit) via 0708113765903d21a5479e5462c6383e0812caf3 (commit) via 86ec950263487aeebbb73c77f3840738904f419f (commit) via 6925b8ef5815cab2d1ea290c8413fd42d0c55b7b (commit) from 035f1702efd0626ec0bb2c6e165600c0bb98ef0c (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit e57d2133a3581a78b80412852dfaf68ebcffadc7 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Sep 4 14:30:19 2011 +0200
core-next: remove now unsupported "EU" wireless regdomain.
commit 4e9d6128997f2b9431b8e5d0543554589029f482 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Sep 4 14:25:07 2011 +0200
core-next: add changed files to updater.
commit 80337f489444572abcc300aaab6c9bfbf721c19d Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Sep 4 12:14:08 2011 +0200
core-next: add compat-wireless modules to update.
commit 44f8687ba29b06b012a01c36abe51ffdba27287d Merge: 035f170 d96c89e Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Sep 4 12:12:45 2011 +0200
Merge commit 'ms/openvpn-n2n' into next
commit d96c89eb0619c4f4b10ec7724e55f10f84defd2a Author: Alfred Haas alfred.haas@ipfire.org Date: Thu Aug 18 14:29:51 2011 +0200
Update of openvpn CGI scripts.
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/openvpn | 4 +- .../rootfiles/core/next/filelists/compat-wireless | 359 +++++++ config/rootfiles/core/next/filelists/files | 8 + config/rootfiles/core/next/update.sh | 11 +- html/cgi-bin/index.cgi | 19 + html/cgi-bin/ovpnmain.cgi | 993 ++++++++++++++++++-- lfs/openvpn | 8 +- src/misc-progs/openvpnctrl.c | 313 ++++++- 8 files changed, 1578 insertions(+), 137 deletions(-) create mode 100644 config/rootfiles/core/next/filelists/compat-wireless
Difference in files: diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/openvpn index 23742b3..8791523 100644 --- a/config/rootfiles/common/openvpn +++ b/config/rootfiles/common/openvpn @@ -1,6 +1,8 @@ lib/openvpn-auth-pam.so +lib/openvpn-down-root.so usr/sbin/openvpn #usr/share/doc/openvpn +#usr/share/doc/openvpn/management-notes.txt #usr/share/man/man8/openvpn.8 var/ipfire/ovpn var/ipfire/ovpn/ca @@ -11,7 +13,7 @@ var/ipfire/ovpn/certs/serial var/ipfire/ovpn/crls #var/ipfire/ovpn/openssl var/ipfire/ovpn/openssl/ovpn.cnf +var/ipfire/ovpn/ovpn-leases.db var/ipfire/ovpn/ovpnconfig var/ipfire/ovpn/settings var/ipfire/ovpn/verify -var/ipfire/ovpn/ovpn-leases.db diff --git a/config/rootfiles/core/next/filelists/compat-wireless b/config/rootfiles/core/next/filelists/compat-wireless new file mode 100644 index 0000000..5d899bf --- /dev/null +++ b/config/rootfiles/core/next/filelists/compat-wireless @@ -0,0 +1,359 @@ +lib/modules/2.6.32.45-ipfire-xen/kernel/compat/compat.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/compat/compat_firmware_class.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/bluetooth/ath3k.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/bluetooth/bcm203x.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/bluetooth/bfusb.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/bluetooth/bluecard_cs.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/bluetooth/bpa10x.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/bluetooth/bt3c_cs.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/bluetooth/btmrvl.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/bluetooth/btmrvl_sdio.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/bluetooth/btsdio.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/bluetooth/btuart_cs.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/bluetooth/btusb.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/bluetooth/dtl1_cs.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/bluetooth/hci_uart.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/bluetooth/hci_vhci.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/misc/eeprom/eeprom_93cx6.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/atl1c/atl1c.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/atl1e/atl1e.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/atlx/atl1.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/atlx/atl2.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/b44.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/usb/asix.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/usb/catc.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/usb/cdc_eem.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/usb/cdc_ether.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/usb/cdc_subset.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/usb/dm9601.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/usb/gl620a.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/usb/hso.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/usb/int51x1.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/usb/kaweth.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/usb/mcs7830.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/usb/net1080.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/usb/pegasus.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/usb/plusb.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/usb/rndis_host.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/usb/rtl8150.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/usb/smsc95xx.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/usb/usbnet.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/usb/zaurus.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/adm8211.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/at76c50x-usb.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/ath/ath.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/ath/ath5k/ath5k.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/ath/ath9k/ath9k.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/ath/ath9k/ath9k_common.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/ath/ath9k/ath9k_htc.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/ath/ath9k/ath9k_hw.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/ath/carl9170/carl9170.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/b43/b43.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/b43legacy/b43legacy.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/ipw2x00/ipw2100.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/ipw2x00/ipw2200.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/ipw2x00/libipw.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/iwlegacy/iwl-legacy.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/iwlegacy/iwl3945.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/iwlegacy/iwl4965.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/iwlwifi/iwlagn.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/iwmc3200wifi/iwmc3200wifi.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/libertas/libertas.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/libertas/libertas_cs.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/libertas/libertas_sdio.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/libertas/usb8xxx.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/libertas_tf/libertas_tf.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/libertas_tf/libertas_tf_usb.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/mac80211_hwsim.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/mwifiex/mwifiex.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/mwifiex/mwifiex_sdio.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/mwl8k.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/orinoco/orinoco.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/orinoco/orinoco_cs.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/orinoco/orinoco_nortel.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/orinoco/orinoco_pci.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/orinoco/orinoco_plx.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/orinoco/orinoco_tmd.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/orinoco/orinoco_usb.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/orinoco/spectrum_cs.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/p54/p54common.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/p54/p54pci.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/p54/p54usb.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/rndis_wlan.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/rt2x00/rt2400pci.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/rt2x00/rt2500pci.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/rt2x00/rt2500usb.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/rt2x00/rt2800lib.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/rt2x00/rt2800pci.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/rt2x00/rt2800usb.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/rt2x00/rt2x00lib.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/rt2x00/rt2x00pci.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/rt2x00/rt2x00usb.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/rt2x00/rt61pci.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/rt2x00/rt73usb.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/rtl818x/rtl8180/rtl8180.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/rtl818x/rtl8187/rtl8187.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/rtlwifi/rtl8192c/rtl8192c-common.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/rtlwifi/rtl8192ce/rtl8192ce.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/rtlwifi/rtl8192cu/rtl8192cu.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/rtlwifi/rtl8192se/rtl8192se.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/rtlwifi/rtlwifi.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/wl1251/wl1251.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/wl12xx/wl12xx.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/net/wireless/zd1211rw/zd1211rw.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/ssb/ssb.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/staging/ath6kl/ath6kl.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/staging/brcm80211/brcmfmac/brcmfmac.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/staging/brcm80211/brcmsmac/brcmsmac.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/drivers/staging/brcm80211/util/brcmutil.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/net/bluetooth/bluetooth.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/net/bluetooth/bnep/bnep.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/net/bluetooth/cmtp/cmtp.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/net/bluetooth/hidp/hidp.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/net/bluetooth/rfcomm/rfcomm.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/net/mac80211/mac80211.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/net/wireless/cfg80211.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/net/wireless/lib80211.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/net/wireless/lib80211_crypt_ccmp.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/net/wireless/lib80211_crypt_tkip.ko +lib/modules/2.6.32.45-ipfire-xen/kernel/net/wireless/lib80211_crypt_wep.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/compat/compat.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/compat/compat_firmware_class.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/bluetooth/ath3k.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/bluetooth/bcm203x.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/bluetooth/bfusb.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/bluetooth/bluecard_cs.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/bluetooth/bpa10x.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/bluetooth/bt3c_cs.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/bluetooth/btmrvl.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/bluetooth/btmrvl_sdio.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/bluetooth/btsdio.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/bluetooth/btuart_cs.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/bluetooth/btusb.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/bluetooth/dtl1_cs.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/bluetooth/hci_uart.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/bluetooth/hci_vhci.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/misc/eeprom/eeprom_93cx6.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/atl1c/atl1c.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/atl1e/atl1e.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/atlx/atl1.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/atlx/atl2.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/b44.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/usb/asix.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/usb/catc.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/usb/cdc_eem.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/usb/cdc_ether.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/usb/cdc_subset.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/usb/dm9601.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/usb/gl620a.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/usb/hso.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/usb/int51x1.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/usb/kaweth.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/usb/mcs7830.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/usb/net1080.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/usb/pegasus.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/usb/plusb.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/usb/rndis_host.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/usb/rtl8150.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/usb/smsc95xx.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/usb/usbnet.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/usb/zaurus.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/adm8211.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/at76c50x-usb.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/ath/ath.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/ath/ath5k/ath5k.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/ath/ath9k/ath9k.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/ath/ath9k/ath9k_common.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/ath/ath9k/ath9k_htc.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/ath/ath9k/ath9k_hw.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/ath/carl9170/carl9170.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/b43/b43.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/b43legacy/b43legacy.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/ipw2x00/ipw2100.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/ipw2x00/ipw2200.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/ipw2x00/libipw.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/iwlegacy/iwl-legacy.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/iwlegacy/iwl3945.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/iwlegacy/iwl4965.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/iwlwifi/iwlagn.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/iwmc3200wifi/iwmc3200wifi.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/libertas/libertas.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/libertas/libertas_cs.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/libertas/libertas_sdio.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/libertas/usb8xxx.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/libertas_tf/libertas_tf.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/libertas_tf/libertas_tf_usb.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/mac80211_hwsim.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/mwifiex/mwifiex.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/mwifiex/mwifiex_sdio.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/mwl8k.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/orinoco/orinoco.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/orinoco/orinoco_cs.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/orinoco/orinoco_nortel.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/orinoco/orinoco_pci.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/orinoco/orinoco_plx.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/orinoco/orinoco_tmd.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/orinoco/orinoco_usb.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/orinoco/spectrum_cs.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/p54/p54common.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/p54/p54pci.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/p54/p54usb.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/rndis_wlan.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/rt2x00/rt2400pci.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/rt2x00/rt2500pci.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/rt2x00/rt2500usb.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/rt2x00/rt2800lib.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/rt2x00/rt2800pci.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/rt2x00/rt2800usb.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/rt2x00/rt2x00lib.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/rt2x00/rt2x00pci.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/rt2x00/rt2x00usb.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/rt2x00/rt61pci.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/rt2x00/rt73usb.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/rtl818x/rtl8180/rtl8180.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/rtl818x/rtl8187/rtl8187.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/rtlwifi/rtl8192c/rtl8192c-common.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/rtlwifi/rtl8192ce/rtl8192ce.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/rtlwifi/rtl8192cu/rtl8192cu.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/rtlwifi/rtl8192se/rtl8192se.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/rtlwifi/rtlwifi.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/wl1251/wl1251.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/wl12xx/wl12xx.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/net/wireless/zd1211rw/zd1211rw.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/ssb/ssb.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/staging/ath6kl/ath6kl.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/staging/brcm80211/brcmfmac/brcmfmac.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/staging/brcm80211/brcmsmac/brcmsmac.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/drivers/staging/brcm80211/util/brcmutil.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/net/bluetooth/bluetooth.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/net/bluetooth/bnep/bnep.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/net/bluetooth/cmtp/cmtp.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/net/bluetooth/hidp/hidp.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/net/bluetooth/rfcomm/rfcomm.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/net/mac80211/mac80211.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/net/wireless/cfg80211.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/net/wireless/lib80211.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/net/wireless/lib80211_crypt_ccmp.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/net/wireless/lib80211_crypt_tkip.ko +lib/modules/2.6.32.45-ipfire-pae/kernel/net/wireless/lib80211_crypt_wep.ko +lib/modules/2.6.32.45-ipfire/kernel/compat/compat.ko +lib/modules/2.6.32.45-ipfire/kernel/compat/compat_firmware_class.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/bluetooth/ath3k.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/bluetooth/bcm203x.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/bluetooth/bfusb.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/bluetooth/bluecard_cs.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/bluetooth/bpa10x.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/bluetooth/bt3c_cs.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/bluetooth/btmrvl.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/bluetooth/btmrvl_sdio.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/bluetooth/btsdio.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/bluetooth/btuart_cs.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/bluetooth/btusb.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/bluetooth/dtl1_cs.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/bluetooth/hci_uart.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/bluetooth/hci_vhci.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/misc/eeprom/eeprom_93cx6.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/atl1c/atl1c.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/atl1e/atl1e.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/atlx/atl1.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/atlx/atl2.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/b44.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/usb/asix.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/usb/catc.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/usb/cdc_eem.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/usb/cdc_ether.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/usb/cdc_subset.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/usb/dm9601.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/usb/gl620a.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/usb/hso.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/usb/int51x1.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/usb/kaweth.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/usb/mcs7830.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/usb/net1080.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/usb/pegasus.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/usb/plusb.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/usb/rndis_host.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/usb/rtl8150.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/usb/smsc95xx.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/usb/usbnet.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/usb/zaurus.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/adm8211.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/at76c50x-usb.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/ath/ath.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/ath/ath5k/ath5k.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/ath/ath9k/ath9k.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/ath/ath9k/ath9k_common.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/ath/ath9k/ath9k_htc.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/ath/ath9k/ath9k_hw.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/ath/carl9170/carl9170.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/b43/b43.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/b43legacy/b43legacy.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/ipw2x00/ipw2100.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/ipw2x00/ipw2200.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/ipw2x00/libipw.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/iwlegacy/iwl-legacy.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/iwlegacy/iwl3945.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/iwlegacy/iwl4965.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/iwlwifi/iwlagn.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/iwmc3200wifi/iwmc3200wifi.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/libertas/libertas.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/libertas/libertas_cs.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/libertas/libertas_sdio.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/libertas/usb8xxx.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/libertas_tf/libertas_tf.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/libertas_tf/libertas_tf_usb.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/mac80211_hwsim.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/mwifiex/mwifiex.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/mwifiex/mwifiex_sdio.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/mwl8k.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/orinoco/orinoco.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/orinoco/orinoco_cs.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/orinoco/orinoco_nortel.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/orinoco/orinoco_pci.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/orinoco/orinoco_plx.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/orinoco/orinoco_tmd.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/orinoco/orinoco_usb.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/orinoco/spectrum_cs.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/p54/p54common.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/p54/p54pci.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/p54/p54usb.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/rndis_wlan.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/rt2x00/rt2400pci.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/rt2x00/rt2500pci.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/rt2x00/rt2500usb.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/rt2x00/rt2800lib.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/rt2x00/rt2800pci.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/rt2x00/rt2800usb.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/rt2x00/rt2x00lib.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/rt2x00/rt2x00pci.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/rt2x00/rt2x00usb.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/rt2x00/rt61pci.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/rt2x00/rt73usb.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/rtl818x/rtl8180/rtl8180.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/rtl818x/rtl8187/rtl8187.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/rtlwifi/rtl8192c/rtl8192c-common.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/rtlwifi/rtl8192ce/rtl8192ce.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/rtlwifi/rtl8192cu/rtl8192cu.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/rtlwifi/rtl8192se/rtl8192se.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/rtlwifi/rtlwifi.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/wl1251/wl1251.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/wl12xx/wl12xx.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/net/wireless/zd1211rw/zd1211rw.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/ssb/ssb.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/staging/ath6kl/ath6kl.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/staging/brcm80211/brcmfmac/brcmfmac.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/staging/brcm80211/brcmsmac/brcmsmac.ko +lib/modules/2.6.32.45-ipfire/kernel/drivers/staging/brcm80211/util/brcmutil.ko +lib/modules/2.6.32.45-ipfire/kernel/net/bluetooth/bluetooth.ko +lib/modules/2.6.32.45-ipfire/kernel/net/bluetooth/bnep/bnep.ko +lib/modules/2.6.32.45-ipfire/kernel/net/bluetooth/cmtp/cmtp.ko +lib/modules/2.6.32.45-ipfire/kernel/net/bluetooth/hidp/hidp.ko +lib/modules/2.6.32.45-ipfire/kernel/net/bluetooth/rfcomm/rfcomm.ko +lib/modules/2.6.32.45-ipfire/kernel/net/mac80211/mac80211.ko +lib/modules/2.6.32.45-ipfire/kernel/net/wireless/cfg80211.ko +lib/modules/2.6.32.45-ipfire/kernel/net/wireless/lib80211.ko +lib/modules/2.6.32.45-ipfire/kernel/net/wireless/lib80211_crypt_ccmp.ko +lib/modules/2.6.32.45-ipfire/kernel/net/wireless/lib80211_crypt_tkip.ko +lib/modules/2.6.32.45-ipfire/kernel/net/wireless/lib80211_crypt_wep.ko +etc/udev/rules.d/50-compat_firmware.rules +lib/udev/compat_firmware.sh diff --git a/config/rootfiles/core/next/filelists/files b/config/rootfiles/core/next/filelists/files index 30727a5..95cde2c 100644 --- a/config/rootfiles/core/next/filelists/files +++ b/config/rootfiles/core/next/filelists/files @@ -1,8 +1,15 @@ etc/sysctl.conf etc/system-release etc/issue +etc/iproute2/rt_tables +etc/rc.d/init.d/networking/red +etc/rc.d/init.d/static-routes srv/web/ipfire/cgi-bin/extrahd.cgi srv/web/ipfire/cgi-bin/index.cgi +srv/web/ipfire/cgi-bin/outgoinggrp.cgi +srv/web/ipfire/cgi-bin/ovpnmain.cgi +srv/web/ipfire/cgi-bin/pakfire.cgi +srv/web/ipfire/cgi-bin/routing.cgi srv/web/ipfire/cgi-bin/vpnmain.cgi var/ipfire/langs/de.pl var/ipfire/langs/en.pl @@ -10,4 +17,5 @@ var/ipfire/langs/es.pl var/ipfire/langs/fr.pl var/ipfire/langs/pl.pl usr/local/bin/ipsecctrl +usr/local/bin/openvpnctrl usr/local/bin/vpn-watch diff --git a/config/rootfiles/core/next/update.sh b/config/rootfiles/core/next/update.sh index 9a46645..ff6409b 100644 --- a/config/rootfiles/core/next/update.sh +++ b/config/rootfiles/core/next/update.sh @@ -58,6 +58,11 @@ rm -rf /etc/usb_modeswitch.d extract_files
# +#Replace now unsupported EU regdomain by a "DE" comment. +sed -i -e "s|^options cfg80211 ieee80211_regdom=EU|#options cfg80211 ieee80211_regdom=DE|g" \ + /etc/modprobe.d/cfg80211 + +# #Start services
if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then @@ -69,9 +74,9 @@ fi perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang"
#Rebuild module dep's -#depmod 2.6.32.45-ipfire >/dev/null 2>&1 -#depmod 2.6.32.45-ipfire-pae >/dev/null 2>&1 -#depmod 2.6.32.45-ipfire-xen >/dev/null 2>&1 +depmod 2.6.32.45-ipfire >/dev/null 2>&1 +depmod 2.6.32.45-ipfire-pae >/dev/null 2>&1 +depmod 2.6.32.45-ipfire-xen >/dev/null 2>&1
## Change version of Pakfire.conf ## diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi index b325250..0ef95ba 100644 --- a/html/cgi-bin/index.cgi +++ b/html/cgi-bin/index.cgi @@ -390,6 +390,25 @@ END END }
+### +# m.a.d n2n +### + +if ( -d "${General::swroot}/ovpn/n2nconf") { +my %confighash=(); +&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); +foreach my $dkey (keys %confighash) { +if ($confighash{$dkey}[0] eq 'on' && $confighash{$dkey}[3] eq 'net') { +my @n2novpnet = split(///,$confighash{$dkey}[27]); + print <<END; + <tr><td align='center' bgcolor='$Header::colourvpn' width='25%'><a href="/cgi-bin/ovpnmain.cgi"><font size='2' color='white'><b>OpenVPN n2n</b></font></a><br> + <td width='30%' align='center'> $n2novpnet[0] + <td width='45%' align='center'><font color=$Header::colourblue>$confighash{$dkey}[6]</font> +END +} +} + } + # Fireinfo if ( ! -e "/var/ipfire/main/send_profile") { $warnmessage .= "<li><a style='color: white;' href='fireinfo.cgi'>$Lang::tr{'fireinfo please enable'}</a></li>"; diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index c99e7be..95eb67a 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -22,6 +22,7 @@ use CGI; use CGI qw/:standard/; use Net::DNS; +use Net::Ping; use File::Copy; use File::Temp qw/ tempfile tempdir /; use strict; @@ -32,8 +33,8 @@ require "${General::swroot}/header.pl"; require "${General::swroot}/countries.pl";
# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; +use warnings; +use CGI::Carp 'fatalsToBrowser'; #workaround to suppress a warning when a variable is used only once my @dummy = ( ${Header::colourgreen} ); undef (@dummy); @@ -72,6 +73,7 @@ $cgiparams{'DHCP_WINS'} = ''; $cgiparams{'DCOMPLZO'} = 'off'; $cgiparams{'MSSFIX'} = '';
+ &Header::getcgihash(%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
# prepare openvpn config file @@ -514,12 +516,182 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { &writeserverconf();#hier ok }
+### +# m.a.d Save net2net server config +### + +if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'server') +{
+my @remsubnet = split(///,$cgiparams{'REMOTE_SUBNET'}); +my @ovsubnettemp = split(/./,$cgiparams{'OVPN_SUBNET'}); +my $ovsubnet = "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]"; +my $tunmtu = ''; + +unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";} +unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";} + + open(SERVERCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!"; + + flock SERVERCONF, 2; + print SERVERCONF "# n2n Open VPN Server Config by ummeegge und m.a.d\n"; + print SERVERCONF "\n"; + print SERVERCONF "# User Sicherheit\n"; + print SERVERCONF "user nobody\n"; + print SERVERCONF "group nobody\n"; + print SERVERCONF "persist-tun\n"; + print SERVERCONF "persist-key\n"; + print SERVERCONF "\n"; + print SERVERCONF "# IP/DNS fuer das Server Gateway - g2g Mode\n"; + print SERVERCONF "remote $cgiparams{'REMOTE'}\n"; + print SERVERCONF "\n"; + print SERVERCONF "# IP Adressen des VPN Tunnels\n"; + print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; + print SERVERCONF "\n"; + print SERVERCONF "# Netzwerk auf dem Client Gateway\n"; + print SERVERCONF "route @remsubnet[0] @remsubnet[1]\n"; + print SERVERCONF "# Device fuer den Tunnel\n"; + print SERVERCONF "dev tun\n"; + print SERVERCONF "\n"; + print SERVERCONF "#Port und Protokoll\n"; + print SERVERCONF "port $cgiparams{'DEST_PORT'}\n"; + print SERVERCONF "proto $cgiparams{'PROTOCOL'}\n"; + print SERVERCONF "\n"; + print SERVERCONF "# Paketgroessen\n"; + if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}}; + print SERVERCONF "tun-mtu $tunmtu\n"; + if ($cgiparams{'PROTOCOL'} eq 'udp') { + if ($cgiparams{'FRAGMENT'} eq '') { + print SERVERCONF "fragment 1300\r\n"; + } else { + print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n" + } + if ($cgiparams{'MSSFIX'} eq 'on') { + print SERVERCONF "mssfix\n"; + } + } + print SERVERCONF "\n"; + print SERVERCONF "# Auth Server\n"; + print SERVERCONF "tls-server\n"; + print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; + print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n"; + print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n"; + print SERVERCONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n"; + print SERVERCONF "\n"; + print SERVERCONF "# Verschluesselung\n"; + print SERVERCONF "cipher AES-256-CBC\n"; + if ($cgiparams{'COMPLZO'} eq 'on') { + print SERVERCONF "# Kompression einschalten\n"; + print SERVERCONF "comp-lzo\r\n"; + print SERVERCONF "#\n"; + } + print SERVERCONF "# Debug Level setzen\n"; + print SERVERCONF "verb 3\n"; + print SERVERCONF "\n"; + print SERVERCONF "# Tunnel Ueberwachung\n"; + print SERVERCONF "keepalive 10 60\n"; + print SERVERCONF "\n"; + print SERVERCONF "# Als Daemon starten mit Namen ovpnn2n\n"; + print SERVERCONF "daemon $cgiparams{'NAME'}n2n\n"; + print SERVERCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n"; + print SERVERCONF "\n"; + print SERVERCONF "# Management Interface aktivieren\n"; + print SERVERCONF "#management localhost 4711\n"; + close(SERVERCONF);
+} + +### +# m.a.d Save net2net client config +### +if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client') +{ + my @ovsubnettemp = split(/./,$cgiparams{'OVPN_SUBNET'}); + my $ovsubnet = "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]"; + my @remsubnet = split(///,$cgiparams{'REMOTE_SUBNET'}); + my $tunmtu = ''; + +unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";} +unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";} + + open(CLIENTCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!"; + + flock CLIENTCONF, 2; + print CLIENTCONF "# rewritten n2n Open VPN Client Config by ummeegge und m.a.d\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# User Sicherheit\n"; + print CLIENTCONF "user nobody\n"; + print CLIENTCONF "group nobody\n"; + print CLIENTCONF "persist-tun\n"; + print CLIENTCONF "persist-key\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# IP/DNS fuer das Server Gateway - g2g Mode\n"; + print CLIENTCONF "remote $cgiparams{'REMOTE'}\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# IP Adressen des VPN Tunnels\n"; + print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Netzwerk auf dem Server Gateway\n"; + print CLIENTCONF "route @remsubnet[0]/@remsubnet[1]\n"; + print CLIENTCONF "# Device fuer den Tunnel\n"; + print CLIENTCONF "dev tun\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "#Port und Protokoll\n"; + print CLIENTCONF "port $cgiparams{'DEST_PORT'}\n"; + print CLIENTCONF "proto $cgiparams{'PROTOCOL'}\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Paketgroessen\n"; + if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}}; + print CLIENTCONF "tun-mtu $tunmtu\n"; + if ($cgiparams{'PROTOCOL'} eq 'udp') { + if ($cgiparams{'FRAGMENT'} eq '') { + print CLIENTCONF "fragment 1300\r\n"; + } else { + print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n" + } + if ($cgiparams{'MSSFIX'} eq 'on') { + print CLIENTCONF "mssfix\n"; + } + } + print CLIENTCONF "#\n"; + print CLIENTCONF "# Auth. Client\n"; + print CLIENTCONF "tls-client\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Verschluesselung\n"; + print CLIENTCONF "cipher AES-256-CBC\n"; + print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n"; + print CLIENTCONF "#\n"; + if ($cgiparams{'COMPLZO'} eq 'on') { + print CLIENTCONF "# Kompression einschalten\n"; + print CLIENTCONF "comp-lzo\r\n"; + print CLIENTCONF "#\n"; + } + print CLIENTCONF "#\n"; + print CLIENTCONF "# Debug Level\n"; + print CLIENTCONF "verb 3\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Tunnel Ueberwachung\n"; + print CLIENTCONF "keepalive 10 60\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Als Daemon starten\n"; + print CLIENTCONF "daemon $cgiparams{'NAME'}n2n\n"; + print CLIENTCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Management Interface aktivieren\n"; + print CLIENTCONF "# management localhost 4711\n"; + close(CLIENTCONF); + +} + +### +# m.a.d Save net2net config end +###
### ### Save main settings ### + + if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') { &General::readhash("${General::swroot}/ovpn/settings", %vpnsettings); #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too, @@ -1314,36 +1486,50 @@ END ### ### Enable/Disable connection ### + +### +# m.a.d net2net Anpassung +### + }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
&General::readhash("${General::swroot}/ovpn/settings", %vpnsettings); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); - +# my $n2nactive = ''; + my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk '{print $1}'`; + if ($confighash{$cgiparams{'KEY'}}) { - if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { + + + if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { $confighash{$cgiparams{'KEY'}}[0] = 'on'; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); - #&writeserverconf(); -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLED_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}); -# } - } else { + + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ + system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]); + } + + } else { + $confighash{$cgiparams{'KEY'}}[0] = 'off'; -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLED_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}); -# } - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); - #&writeserverconf(); - } - } else { - $errormessage = $Lang::tr{'invalid key'}; - } + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); + + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ + if ($n2nactive ne ''){ + system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]); + } + + } else { + $errormessage = $Lang::tr{'invalid key'}; + } + } + }
### ### Download OpenVPN client package ### + + } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'dl client arch'}) { &General::readhash("${General::swroot}/ovpn/settings", %vpnsettings); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); @@ -1352,9 +1538,113 @@ END my @fileholder; my $tempdir = tempdir( CLEANUP => 1 ); my $zippath = "$tempdir/"; - my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip"; - my $zippathname = "$zippath$zipname"; - $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn"; + +### +# m.a.d net2net DL Client Package +### + +if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ + + my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-Client.zip"; + my $zippathname = "$zippath$zipname"; + $clientovpn = "$confighash{$cgiparams{'KEY'}}[1].conf"; + my @ovsubnettemp = split(/./,$confighash{$cgiparams{'KEY'}}[27]); + my $ovsubnet = "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]"; + my $tunmtu = ''; + + open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!"; + flock CLIENTCONF, 2; + + my $zip = Archive::Zip->new(); + print CLIENTCONF "# n2n Open VPN Client Config by ummeegge und m.a.d\n"; + print CLIENTCONF "# \n"; + print CLIENTCONF "# User Sicherheit\n"; + print CLIENTCONF "user nobody\n"; + print CLIENTCONF "group nobody\n"; + print CLIENTCONF "persist-tun\n"; + print CLIENTCONF "persist-key\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# IP/DNS fuer das Server Gateway - g2g Mode\n"; + print CLIENTCONF "remote $vpnsettings{'VPN_IP'}\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# IP Adressen des VPN Tunnels\n"; + print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Netzwerk auf dem Server Gateway\n"; + print CLIENTCONF "route $confighash{$cgiparams{'KEY'}}[8]\n"; + print CLIENTCONF "# Device fuer den Tunnel\n"; + print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "#Port und Protokoll\n"; + print CLIENTCONF "port $confighash{$cgiparams{'KEY'}}[29]\n"; + print CLIENTCONF "proto $confighash{$cgiparams{'KEY'}}[28]\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Paketgroessen\n"; + if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1400'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]}; + print CLIENTCONF "tun-mtu $tunmtu\n"; + if ($confighash{$cgiparams{'KEY'}}[28] eq 'udp') { + if ($cgiparams{'FRAGMENT'} eq '') { + print CLIENTCONF "fragment 1300\r\n"; + } else { + print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n" + } + if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') { + print CLIENTCONF "mssfix\n"; + } + } + print CLIENTCONF "#\n"; + print CLIENTCONF "# Auth. Client\n"; + print CLIENTCONF "tls-client\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Verschluesselung\n"; + print CLIENTCONF "cipher AES-256-CBC\n"; + if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") { + print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n"; + $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n"; + } + print CLIENTCONF "#\n"; + if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') { + print CLIENTCONF "# Kompression einschalten\n"; + print CLIENTCONF "comp-lzo\r\n"; + print CLIENTCONF "#\n"; + } + print CLIENTCONF "# Debug Level\n"; + print CLIENTCONF "verb 3\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Tunnel Ueberwachung\n"; + print CLIENTCONF "keepalive 10 60\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Als Daemon starten\n"; + print CLIENTCONF "daemon $confighash{$cgiparams{'KEY'}}[1]n2n\n"; + print CLIENTCONF "writepid /var/run/$confighash{$cgiparams{'KEY'}}[1]n2n.pid\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Management Interface aktivieren\n"; + print CLIENTCONF "# management localhost 4711\n"; + print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n"; + + + close(CLIENTCONF); + + $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n"; + my $status = $zip->writeToFileNamed($zippathname); + + open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!"; + @fileholder = <DLFILE>; + print "Content-Type:application/x-download\n"; + print "Content-Disposition:attachment;filename=$zipname\n\n"; + print @fileholder; + exit (0); +} +else +{ + my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip"; + my $zippathname = "$zippath$zipname"; + $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn"; + +### +# m.a.d net2net DL Client Package end +### + open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!"; flock CLIENTCONF, 2;
@@ -1410,6 +1700,7 @@ END print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n"; } close(CLIENTCONF); + $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n"; my $status = $zip->writeToFileNamed($zippathname);
@@ -1419,10 +1710,15 @@ END print "Content-Disposition:attachment;filename=$zipname\n\n"; print @fileholder; exit (0); - + } + + + ### ### Remove connection ### + + } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) { &General::readhash("${General::swroot}/ovpn/settings", %vpnsettings); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); @@ -1434,7 +1730,24 @@ END # } # my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); + +### +# m.a.d net2net Anpassung +### + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { + + my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf"); + my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + unlink ($certfile) or die "Removing $certfile fail: $!"; + unlink ($conffile) or die "Removing $conffile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!"; + +} +### +# m.a.d net2net Anpassung end +### + + unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); delete $confighash{$cgiparams{'KEY'}}; my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; @@ -1443,6 +1756,8 @@ END } else { $errormessage = $Lang::tr{'invalid key'}; } + + ### ### Download PKCS12 file ### @@ -1799,13 +2114,14 @@ END ### ### Enable/Disable connection ### + } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
&General::readhash("${General::swroot}/ovpn/settings", %vpnsettings); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
if ($confighash{$cgiparams{'KEY'}}) { - if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { + if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { $confighash{$cgiparams{'KEY'}}[0] = 'on'; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); #&writeserverconf(); @@ -1862,6 +2178,332 @@ END } else { $errormessage = $Lang::tr{'invalid key'}; } +#test33 + +### +### Choose between adding a host-net or net-net connection +### + +### +# m.a.d Anpassung wegen upload n2n Package +### + +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') { + &General::readhash("${General::swroot}/ovpn/settings", %vpnsettings); + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + &Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'}); + print <<END + <b>$Lang::tr{'connection type'}:</b><br /> + <table><form method='post' ENCTYPE="multipart/form-data"> + <tr><td><input type='radio' name='TYPE' value='host' checked /></td> + <td class='base'>$Lang::tr{'host to net vpn'}</td></tr> + <tr><td><input type='radio' name='TYPE' value='net' /></td> + <td class='base'>$Lang::tr{'net to net vpn'}</td></tr> + <tr><td><input type='radio' name='TYPE' value='net2net' /></td> + <td class='base'>$Lang::tr{'net to net vpn'} (Upload Client Package)</td></tr> + <tr><td> </td><td class='base'><input type='file' name='FH' size='30'></td></tr> + <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr> + </form></table> +END + ; + + &Header::closebox(); + &Header::closebigbox(); + &Header::closepage(); + exit (0); + +### +# m.a.d uploading a IPFire n2n Client package +### + +} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2net')){ + + my @firen2nconf; + my @confdetails; + my $uplconffilename =''; + my $uplp12name = ''; + my @rem_subnet; + my @rem_subnet2; + my @tmposupnet3; + my $key; + + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); + +# Check if a file is uploaded + + if (ref ($cgiparams{'FH'}) ne 'Fh') { + $errormessage = $Lang::tr{'there was no file upload'}; + goto N2N_ERROR; + } + +# Move uploaded IPfire n2n package to temporary file + + (my $fh, my $filename) = tempfile( ); + if (copy ($cgiparams{'FH'}, $fh) != 1) { + $errormessage = $!; + goto N2N_ERROR; + } + + my $zip = Archive::Zip->new(); + my $zipName = $filename; + my $status = $zip->read( $zipName ); + if ($status != AZ_OK) { + $errormessage = "Read of $zipName failed\n"; + goto N2N_ERROR; + } + + my $tempdir = tempdir( CLEANUP => 1 ); + my @files = $zip->memberNames(); + for(@files) { + $zip->extractMemberWithoutPaths($_,"$tempdir/$_"); + } + my $countfiles = @files; + +# Check if we have not more then 2 files + + if ( $countfiles == 2){ + foreach (@files){ + if ( $_ =~ /.conf$/){ + $uplconffilename = $_; + } + if ( $_ =~ /.p12$/){ + $uplp12name = $_; + } + } + if (($uplconffilename eq '') || ($uplp12name eq '')){ + $errormessage = "Either no *.conf or no *.p12 file found\n"; + goto N2N_ERROR; + } + + open(FILE, "$tempdir/$uplconffilename") or die 'Unable to open*.conf file'; + @firen2nconf = <FILE>; + close (FILE); + chomp(@firen2nconf); + + } else { + + $errormessage = "Filecount does not match only 2 files are allowed\n"; + goto N2N_ERROR; + } + +### +# m.a.d prepare imported ipfire net2net data +### + + my @n2nname = split(/./,$uplconffilename); + $n2nname[0] =~ s/\n|\r//g; + + if ( !-d "${General::swroot}/ovpn/n2nconf/$n2nname[0]") { + mkdir("${General::swroot}/ovpn/n2nconf/$n2nname[0]", 0770); } + + move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename"); + + if ($? ne 0) { + $errormessage = "*.conf move failed: $!"; + unlink ($filename); + goto N2N_ERROR; + } + + move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name"); + if ($? ne 0) { + $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; + unlink ($filename); + goto N2N_ERROR; + } + +my $complzoactive; +my $mssfixactive; +my $n2nfragment; +my @n2nproto = split(/ /, (grep { /^proto/ } @firen2nconf)[0]); +my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]); +my @n2ntunmtu = split(/ /, (grep { /^tun-mtu/ } @firen2nconf)[0]); +my @n2ncomplzo = grep { /^comp-lzo/ } @firen2nconf; +if ($n2ncomplzo[0] =~ /comp-lzo/){$complzoactive = "on";} else {$complzoactive = "off";} +my @n2nmssfix = grep { /^mssfix/ } @firen2nconf; +if ($n2nmssfix[0] =~ /mssfix/){$mssfixactive = "on";} else {$mssfixactive = "off";} +my @n2nfragment = split(/ /, (grep { /^fragment/ } @firen2nconf)[0]); +my @n2nremote = split(/ /, (grep { /^remote/ } @firen2nconf)[0]); +my @n2novpnsuball = split(/ /, (grep { /^ifconfig/ } @firen2nconf)[0]); +my @n2novpnsub = split(/./,$n2novpnsuball[1]); +my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]); +my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]); + +### +# m.a.d delete CR and LF from arrays for this chomp doesnt work +### + +$n2nremote[1] =~ s/\n|\r//g; +$n2novpnsub[0] =~ s/\n|\r//g; +$n2novpnsub[1] =~ s/\n|\r//g; +$n2novpnsub[2] =~ s/\n|\r//g; +$n2nproto[1] =~ s/\n|\r//g; +$n2nport[1] =~ s/\n|\r//g; +$n2ntunmtu[1] =~ s/\n|\r//g; +$n2nremsub[1] =~ s/\n|\r//g; +$n2nlocalsub[2] =~ s/\n|\r//g; +$n2nfragment[1] =~ s/\n|\r//g; +chomp ($complzoactive); +chomp ($mssfixactive); + +### +# m.a.d Write n2n config +### + +### +# Check if there is no other entry with this name +### + + foreach my $dkey (keys %confighash) { + if ($confighash{$dkey}[1] eq $n2nname[0]) { + $errormessage = $Lang::tr{'a connection with this name already exists'}; + goto N2N_ERROR; + } + } + +### +# Check if RemSubnet is green orange blue +### + + +### +# Check if OpenVPN Subnet is valid +### + +foreach my $dkey (keys %confighash) { + if ($confighash{$dkey}[27] eq "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0") { + $errormessage = 'The OpenVPN Subnet is already in use'; + goto N2N_ERROR; + } + } + +### +# Check im Dest Port is vaild +### + +foreach my $dkey (keys %confighash) { + if ($confighash{$dkey}[29] eq $n2nport[1] ) { + $errormessage = 'The OpenVPN Port is already in use'; + goto N2N_ERROR; + } + } + + + + $key = &General::findhasharraykey (%confighash); + + foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";} + $confighash{$key}[0] = 'off'; + $confighash{$key}[1] = $n2nname[0]; + $confighash{$key}[2] = $n2nname[0]; + $confighash{$key}[3] = 'net'; + $confighash{$key}[4] = 'cert'; + $confighash{$key}[6] = 'client'; + $confighash{$key}[8] = $n2nlocalsub[2]; + $confighash{$key}[10] = $n2nremote[1]; + $confighash{$key}[11] = $n2nremsub[1]; + $confighash{$key}[23] = $mssfixactive; + $confighash{$key}[24] = $n2nfragment[1]; + $confighash{$key}[25] = 'IPFire n2n Client'; + $confighash{$key}[26] = 'red'; + $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0"; + $confighash{$key}[28] = $n2nproto[1]; + $confighash{$key}[29] = $n2nport[1]; + $confighash{$key}[30] = $complzoactive; + $confighash{$key}[31] = $n2ntunmtu[1]; + + + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); + + N2N_ERROR: + + &Header::showhttpheaders(); + &Header::openpage('Validate imported configuration', 1, ''); + &Header::openbigbox('100%', 'LEFT', '', $errormessage); + if ($errormessage) { + &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); + print "<class name='base'>$errormessage"; + print " </class>"; + &Header::closebox(); + + } else + { + &Header::openbox('100%', 'LEFT', 'import ipfire net2net config'); + } + if ($errormessage eq ''){ + print <<END + <!-- ipfire net2net config gui --> + <table width='100%'> + <tr><td width='25%'> </td><td width='25%'> </td></tr> + <tr><td class='boldbase'>$Lang::tr{'name'}:</td><td><b>$n2nname[0]</b></td></tr> + <tr><td> </td><td> </td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td><td><b>$confighash{$key}[6]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>Remote Host </td><td><b>$confighash{$key}[10]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td><td><b>$confighash{$key}[8]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td><td><b>$confighash{$key}[11]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td><td><b>$confighash{$key}[27]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td><td><b>$confighash{$key}[28]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'destination port'}:</td><td><b>$confighash{$key}[29]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td><td><b>$confighash{$key}[30]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr> + <tr><td> </td><td> </td></tr> + </table> +END +; + &Header::closebox(); + } + + if ($errormessage) { + print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>"; + } else { + print "<div align='center'><form method='post' ENCTYPE='multipart/form-data'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' />"; + print "<input type='hidden' name='TYPE' value='net2netakn' />"; + print "<input type='hidden' name='KEY' value='$key' />"; + print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>"; + } + &Header::closebigbox(); + &Header::closepage(); + exit(0); + + +## +### Accept IPFire n2n Package Settings +### + + } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){ + +### +### Discard and Rollback IPFire n2n Package Settings +### + + } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'cancel'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){ + + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); + +if ($confighash{$cgiparams{'KEY'}}) { + + my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf"); + my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + unlink ($certfile) or die "Removing $certfile fail: $!"; + unlink ($conffile) or die "Removing $conffile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!"; + delete $confighash{$cgiparams{'KEY'}}; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); + + } else { + $errormessage = $Lang::tr{'invalid key'}; + } + + +### +# m.a.d end uploading a IPFire n2n Client package +### + + +### +### Adding a new connection +### } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) || ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) || ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) { @@ -1875,16 +2517,18 @@ END $errormessage = $Lang::tr{'invalid key'}; goto VPNCONF_END; } - $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0]; $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1]; - $cgiparams{'TYPE'} = 'host'; + $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3]; $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5]; $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6]; $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8]; - $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10]; - $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11]; + $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10]; + $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11]; +# n2n m.a.d new fields + $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23]; + $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24]; $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26]; #new fields @@ -1893,8 +2537,10 @@ END $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29]; $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30]; $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31]; + #new fields #ab hiere error uebernehmen + } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); if ($cgiparams{'TYPE'} !~ /^(host|net)$/) { @@ -1918,6 +2564,40 @@ END goto VPNCONF_ERROR; }
+### +# n2n Plausi m.a.d +### + + if ($cgiparams{'DEST_PORT'} eq $vpnsettings{'DDEST_PORT'}) { + $errormessage = 'The Destination Port is used by the OpenVPN Server please change'; + goto VPNCONF_ERROR; + } + + if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) { + $errormessage = 'The OpenVPN Subnet is used by the OpenVPN Server please change'; + goto VPNCONF_ERROR; + } + + if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'MSSFIX'} eq 'on')) { + $errormessage = 'mssfix only allowed with udp'; + goto VPNCONF_ERROR; + } + + if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'FRAGMENT'} ne '')) { + $errormessage = 'fragment only allowed with udp'; + goto VPNCONF_ERROR; + } + + +### +# n2n Plausi m.a.d +### + +# if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) { +# $errormessage = $Lang::tr{'ipfire side is invalid'}; +# goto VPNCONF_ERROR; +# } + # Check if there is no other entry with this name if (! $cgiparams{'KEY'}) { foreach my $key (keys %confighash) { @@ -1928,6 +2608,11 @@ END } }
+ if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) { + $errormessage = $Lang::tr{'invalid input for remote host/ip'}; + goto VPNCONF_ERROR; + } + if ($cgiparams{'REMOTE'}) { if (! &General::validip($cgiparams{'REMOTE'})) { if (! &General::validfqdn ($cgiparams{'REMOTE'})) { @@ -1956,6 +2641,10 @@ END } } } + if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) { + $errormessage = $Lang::tr{'remote subnet is invalid'}; + goto VPNCONF_ERROR; + }
if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) { $errormessage = $Lang::tr{'invalid input'}; @@ -2079,9 +2768,6 @@ END goto VPNCONF_ERROR; } } elsif ($cgiparams{'AUTH'} eq 'certgen') { - - $cgiparams{'CERT_NAME'} =~ s/ //g; - if ($cgiparams{'KEY'}) { $errormessage = $Lang::tr{'cant change certificates'}; goto VPNCONF_ERROR; @@ -2240,15 +2926,25 @@ END if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') { $confighash{$key}[2] = $cgiparams{'CERT_NAME'}; } - $confighash{$key}[3] = 'host'; + $confighash{$key}[3] = $cgiparams{'TYPE'}; if ($cgiparams{'AUTH'} eq 'psk') { $confighash{$key}[4] = 'psk'; $confighash{$key}[5] = $cgiparams{'PSK'}; } else { $confighash{$key}[4] = 'cert'; } + if ($cgiparams{'TYPE'} eq 'net') { + $confighash{$key}[6] = $cgiparams{'SIDE'}; + $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; + } $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; $confighash{$key}[10] = $cgiparams{'REMOTE'}; + $confighash{$key}[23] = $cgiparams{'MSSFIX'}; + if ($cgiparams{'FRAGMENT'} eq '') { + $confighash{$key}[24] = '1300'; + } else { + $confighash{$key}[24] = $cgiparams{'FRAGMENT'}; + } $confighash{$key}[25] = $cgiparams{'REMARK'}; $confighash{$key}[26] = $cgiparams{'INTERFACE'}; # new fields @@ -2300,6 +2996,11 @@ END $selected{'SIDE'}{'server'} = ''; $selected{'SIDE'}{'client'} = ''; $selected{'SIDE'}{$cgiparams{'SIDE'}} = 'SELECTED'; + + $selected{'PROTOCOL'}{'udp'} = ''; + $selected{'PROTOCOL'}{'tcp'} = ''; + $selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = 'SELECTED'; +
$checked{'AUTH'}{'psk'} = ''; $checked{'AUTH'}{'certreq'} = ''; @@ -2313,6 +3014,10 @@ END $checked{'COMPLZO'}{'on'} = ''; $checked{'COMPLZO'}{$cgiparams{'COMPLZO'}} = 'CHECKED';
+ $checked{'MSSFIX'}{'off'} = ''; + $checked{'MSSFIX'}{'on'} = ''; + $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED'; +
if (1) { &Header::showhttpheaders(); @@ -2333,7 +3038,7 @@ END }
print "<form method='post' enctype='multipart/form-data'>"; - print "<input type='hidden' name='TYPE' value='host' />"; + print "<input type='hidden' name='TYPE' value='$cgiparams{'TYPE'}' />";
if ($cgiparams{'KEY'}) { print "<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />"; @@ -2343,6 +3048,7 @@ END &Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:"); print "<table width='100%'>\n"; print "<tr><td width='25%' class='boldbase'>$Lang::tr{'name'}:</td>"; + if ($cgiparams{'TYPE'} eq 'host') { if ($cgiparams{'KEY'}) { print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>\n"; } else { @@ -2358,12 +3064,59 @@ END # print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>"; # print "</select></td></tr>"; # print <<END + } else { + print "<input type='hidden' name='INTERFACE' value='red' />"; + if ($cgiparams{'KEY'}) { + print "<td width='25%' class='base' nowrap='nowrap'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>"; + } else { + print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>"; + } + print <<END + <td width='25%'> </td> + <td width='25%'> </td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td> + <td><select name='SIDE'><option value='server' $selected{'SIDE'}{'server'}>OpenVPN Server</option> + <option value='client' $selected{'SIDE'}{'client'}>OpenVPN Client</option></select></td> + <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td> + <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td> + <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td> + <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td> + <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td> + <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td> + + <td><select name='PROTOCOL'><option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option> + <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td> + + <td class='boldbase'>$Lang::tr{'destination port'}:</td> + <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'} <img src='/blob.gif'</td> + <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td> + + <tr><td class='boldbase' nowrap='nowrap'>mssfix <img src='/blob.gif' /></td> + <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td> + + <tr><td class='boldbase' nowrap='nowrap'>Fragment <img src='/blob.gif' /></td> + <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td> + <td>Default: <span class="base">1300</span></td> + + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'} <img src='/blob.gif' /></td> + <td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></TD> + +END + ; + } + print "<tr><td class='boldbase'>$Lang::tr{'remark title'} <img src='/blob.gif' /></td>"; print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr>"; -# if ($cgiparams{'TYPE'} eq 'net') { - print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>\n"; - + if ($cgiparams{'TYPE'} eq 'host') { + + print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>\n"; + } + # if ($cgiparams{'KEY'}) { # print "<td colspan='3'> </td></tr></table>"; # } else { @@ -2394,41 +3147,54 @@ END if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" }; if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" }; &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'}); - print <<END + + + if ($cgiparams{'TYPE'} eq 'host') { + +print <<END <table width='100%' cellpadding='0' cellspacing='5' border='0'> <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr> - <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td> - <td class='base'>$Lang::tr{'upload a certificate request'}</td> - <td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr> - <tr><td><input type='radio' name='AUTH' value='certfile' $checked{'AUTH'}{'certfile'} $cacrtdisabled /></td> - <td class='base'>$Lang::tr{'upload a certificate'}</td></tr> + <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td><td class='base'>$Lang::tr{'upload a certificate request'}</td><td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr> + <tr><td><input type='radio' name='AUTH' value='certfile' $checked{'AUTH'}{'certfile'} $cacrtdisabled /></td><td class='base'>$Lang::tr{'upload a certificate'}</td></tr> <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' BORDER='0' /></td></tr> - <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td> - <td class='base'>$Lang::tr{'generate a certificate'}</td><td> </td></tr> - <tr><td> </td> - <td class='base'>$Lang::tr{'users fullname or system hostname'}:</td> - <td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr> - <tr><td> </td> - <td class='base'>$Lang::tr{'users email'}: <img src='/blob.gif' /></td> - <td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr> - <tr><td> </td> - <td class='base'>$Lang::tr{'users department'}: <img src='/blob.gif' /></td> - <td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr> - <tr><td> </td> - <td class='base'>$Lang::tr{'organization name'}: <img src='/blob.gif' /></td> - <td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr> - <tr><td> </td> - <td class='base'>$Lang::tr{'city'}: <img src='/blob.gif'></td> - <td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr> - <tr><td> </td> - <td class='base'>$Lang::tr{'state or province'}: <img src='/blob.gif' /></td> - <td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr> - <tr><td> </td> - <td class='base'>$Lang::tr{'country'}:</td> - <td class='base'><select name='CERT_COUNTRY' $cakeydisabled> + <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td> </td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'users fullname or system hostname'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'users email'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'users department'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'organization name'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'city'}: <img src='/blob.gif'></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'state or province'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled> END +; + +### +# m.a.d Disbale upload cert for n2n connections +### + +} else { + +print <<END + <table width='100%' cellpadding='0' cellspacing='5' border='0'> + + <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td> </td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'users fullname or system hostname'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'users email'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'users department'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'organization name'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'city'}: <img src='/blob.gif'></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'state or province'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled> + +END +; + +} + +### +# m.a.d Disbale upload cert for n2n connections end +###
- ; foreach my $country (sort keys %{Countries::countries}) { print "<option value='$Countries::countries{$country}'"; if ( $Countries::countries{$country} eq $cgiparams{'CERT_COUNTRY'} ) { @@ -2436,20 +3202,36 @@ END } print ">$country</option>"; } +### +# m.a.d Disbale pkcs-password for n2n connections +### + +if ($cgiparams{'TYPE'} eq 'host') { print <<END </select></td></tr> - <tr><td> </td> - - <td class='base'>$Lang::tr{'valid till'} (days):</td> - <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr> - - <tr><td> </td> + + <td class='base'>$Lang::tr{'valid till'} (days):</td> + <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr> + <tr><td> </td> <td class='base'>$Lang::tr{'pkcs12 file password'}:</td> <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value='$cgiparams{'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr> <tr><td> </td><td class='base'>$Lang::tr{'pkcs12 file password'}:<BR>($Lang::tr{'confirmation'})</td> <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr> - </table> + </table> +END +}else{ + print <<END + </select></td></tr> + <tr><td> </td><td> </td><td> </td></tr> + <tr><td> </td><td> </td><td> </td></tr> + </table> + END +} + +### +# m.a.d Disbale pkcs-password for n2n connections end +### ; &Header::closebox(); } @@ -2517,9 +3299,6 @@ END $checked{'ENABLED_ORANGE'}{'off'} = ''; $checked{'ENABLED_ORANGE'}{'on'} = ''; $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED'; - - -#new settings $selected{'DDEVICE'}{'tun'} = ''; $selected{'DDEVICE'}{'tap'} = ''; $selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED'; @@ -2544,7 +3323,10 @@ END $checked{'DCOMPLZO'}{'off'} = ''; $checked{'DCOMPLZO'}{'on'} = ''; $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED'; - +# m.a.d + $checked{'MSSFIX'}{'off'} = ''; + $checked{'MSSFIX'}{'on'} = ''; + $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED'; #new settings &Header::showhttpheaders(); &Header::openpage($Lang::tr{'status ovpn'}, 1, ''); @@ -2791,8 +3573,15 @@ END print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' /></div></form>\n"; } if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) { + +### +# m.a.d Client Status Table +### + &Header::openbox('100%', 'LEFT', $Lang::tr{'Client status and controlc' }); print <<END + + <table width='100%' border='0' cellspacing='1' cellpadding='0'> <tr> <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td> @@ -2827,13 +3616,23 @@ END $cavalid = $1; print "<td align='center'>$cavalid</td>"; print "<td align='center'>$confighash{$key}[25]</td>"; + my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>"; + if ($confighash{$key}[0] eq 'off') { $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>"; } else { + +### +# m.a.d net2net Status +### + + if ($confighash{$cgiparams{'KEY'}}[3] eq 'host'){ + my $cn; - my @match = (); + my @match = (); foreach my $line (@status) { + chomp($line); if ( $line =~ /^(.+),(\d+.\d+.\d+.\d+:\d+),(\d+),(\d+),(.+)/) { @match = split(m/^(.+),(\d+.\d+.\d+.\d+:\d+),(\d+),(\d+),(.+)/, $line); @@ -2842,11 +3641,36 @@ END } $cn =~ s/[_]/ /g; if ($cn eq "$confighash{$key}[2]") { - $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>"; + $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>"; } - } - } + } + } + } else { + my @tempovpnsubnet = split("/",$confighash{$key}[27]); + my @ovpnip = split /./,$tempovpnsubnet[0]; + my $pingip = ""; + + if ($confighash{$key}[6] eq 'server') { + $pingip = "$ovpnip[0].$ovpnip[1].$ovpnip[2].2"; + } else { + $pingip = "$ovpnip[0].$ovpnip[1].$ovpnip[2].1"; + } + + my $p = Net::Ping->new("udp",1); + + if ($p->ping($pingip)) { + $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>"; + } + $p->close(); + + } } + +### +# m.a.d net2net Status end +### + + my $disable_clientdl = "disabled='disabled'"; if (( $cgiparams{'ENABLED'} eq 'on') || ( $cgiparams{'ENABLED_BLUE'} eq 'on') || @@ -2958,3 +3782,6 @@ END &Header::closebox(); } &Header::closepage(); + + + diff --git a/lfs/openvpn b/lfs/openvpn index 792de60..0937930 100644 --- a/lfs/openvpn +++ b/lfs/openvpn @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# Copyright (C) 2007-2011 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 2.1.2 +VER = 2.2.1
THISAPP = openvpn-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 543a30dafcdefe1d67c0e47b80741755 +$(DL_FILE)_MD5 = 500bee5449b29906150569aaf2eb2730
install : $(TARGET)
@@ -77,6 +77,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && cp -Rvf $(DIR_SRC)/config/ovpn /var/ipfire cd $(DIR_APP)/plugin/auth-pam && make cp -pvf $(DIR_APP)/plugin/auth-pam/openvpn-auth-pam.so /lib/ + cd $(DIR_APP)/plugin/down-root && make + cp -pvf $(DIR_APP)/plugin/down-root/openvpn-down-root.so /lib/ -mkdir -vp /var/ipfire/ovpn/ca -mkdir -vp /var/ipfire/ovpn/crls touch /var/ipfire/ovpn/ovpn-leases.db diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c index 93aff3e..163386b 100644 --- a/src/misc-progs/openvpnctrl.c +++ b/src/misc-progs/openvpnctrl.c @@ -1,3 +1,4 @@ +#include <signal.h> #include <stdio.h> #include <string.h> #include <unistd.h> @@ -24,7 +25,17 @@ char enableorange[STRING_SIZE] = "off"; char OVPNRED[STRING_SIZE] = "OVPN"; char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_"; char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_"; -char WRAPPERVERSION[STRING_SIZE] = "2.0.1.6"; +char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.2.0"; + +struct connection_struct { + char name[STRING_SIZE]; + char type[STRING_SIZE]; + char proto[STRING_SIZE]; + int port; + struct connection_struct *next; +}; + +typedef struct connection_struct connection;
void exithandler(void) { @@ -37,9 +48,9 @@ void exithandler(void) void usage(void) { #ifdef ovpndebug - printf("Wrapper for OpenVPN v%s-debug\n", WRAPPERVERSION); + printf("Wrapper for OpenVPN %s-debug\n", WRAPPERVERSION); #else - printf("Wrapper for OpenVPN v%s\n", WRAPPERVERSION); + printf("Wrapper for OpenVPN %s\n", WRAPPERVERSION); #endif printf("openvpnctrl <option>\n"); printf(" Valid options are:\n"); @@ -49,6 +60,12 @@ void usage(void) printf(" kills/stops OpenVPN\n"); printf(" -r --restart\n"); printf(" restarts OpenVPN (implicitly creates chains and firewall rules)\n"); + printf(" -sn2n --start-net-2-net\n"); + printf(" starts all net2net connections\n"); + printf(" you may pass a connection name to the switch to only start a specific one\n"); + printf(" -kn2n --kill-net-2-net\n"); + printf(" kills all net2net connections\n"); + printf(" you may pass a connection name to the switch to only start a specific one\n"); printf(" -d --display\n"); printf(" displays OpenVPN status to syslog\n"); printf(" -fwr --firewall-rules\n"); @@ -62,6 +79,72 @@ void usage(void) exit(1); }
+connection *getConnections() { + FILE *fp = NULL; + + if (!(fp = fopen(CONFIG_ROOT "/ovpn/ovpnconfig", "r"))) { + fprintf(stderr, "Could not open openvpn n2n configuration file.\n"); + exit(1); + } + + char line[STRING_SIZE] = ""; + char *result; + int count; + connection *conn_first = NULL; + connection *conn_last = NULL; + connection *conn_curr; + + while ((fgets(line, STRING_SIZE, fp) != NULL)) { + if (line[strlen(line) - 1] == '\n') + line[strlen(line) - 1] = '\0'; + + conn_curr = (connection *)malloc(sizeof(connection)); + memset(conn_curr, 0, sizeof(connection)); + + if (conn_first == NULL) { + conn_first = conn_curr; + } else { + conn_last->next = conn_curr; + } + conn_last = conn_curr; + + count = 0; + result = strtok(line, ","); + while (result) { + if (count == 2) { + strcpy(conn_curr->name, result); + } else if (count == 4) { + strcpy(conn_curr->type, result); + } else if (count == 12) { + strcpy(conn_curr->proto, result); + } else if (count == 13) { + conn_curr->port = atoi(result); + } + + result = strtok(NULL, ","); + count++; + } + } + + fclose(fp); + + return conn_first; +} + +int readPidFile(const char *pidfile) { + FILE *fp = fopen(pidfile, "r"); + if (fp == NULL) { + fprintf(stderr, "PID file not found: '%s'\n", pidfile); + exit(1); + } + + int pid = 0; + fscanf(fp, "%d", &pid); + fclose(fp); + + return pid; +} + void ovpnInit(void) { // Read OpenVPN configuration @@ -139,7 +222,7 @@ void executeCommand(char *command) { void setChainRules(char *chain, char *interface, char *protocol, char *port) { char str[STRING_SIZE]; - + sprintf(str, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %s -j ACCEPT", chain, interface, protocol, port); executeCommand(str); sprintf(str, "/sbin/iptables -A %sINPUT -i tun+ -j ACCEPT", chain); @@ -208,39 +291,34 @@ void createChain(char *chain) { }
void createAllChains(void) { - if (!((strcmp(enablered, "on")==0) || (strcmp(enableblue, "on")==0) || (strcmp(enableorange, "on")==0))){ - fprintf(stderr, "OpenVPN is not enabled on any interface\n"); - exit(1); - } else { - // create chain and chain references - if (!strcmp(enableorange, "on")) { - if (strlen(orangeif)) { - createChain(OVPNORANGE); - createChainReference(OVPNORANGE); - } else { - fprintf(stderr, "OpenVPN enabled on orange but no orange interface found\n"); - //exit(1); - } + // create chain and chain references + if (!strcmp(enableorange, "on")) { + if (strlen(orangeif)) { + createChain(OVPNORANGE); + createChainReference(OVPNORANGE); + } else { + fprintf(stderr, "OpenVPN enabled on orange but no orange interface found\n"); + //exit(1); } - - if (!strcmp(enableblue, "on")) { - if (strlen(blueif)) { - createChain(OVPNBLUE); - createChainReference(OVPNBLUE); - } else { - fprintf(stderr, "OpenVPN enabled on blue but no blue interface found\n"); - //exit(1); - } + } + + if (!strcmp(enableblue, "on")) { + if (strlen(blueif)) { + createChain(OVPNBLUE); + createChainReference(OVPNBLUE); + } else { + fprintf(stderr, "OpenVPN enabled on blue but no blue interface found\n"); + //exit(1); } - - if (!strcmp(enablered, "on")) { - if (strlen(redif)) { - createChain(OVPNRED); - createChainReference(OVPNRED); - } else { - fprintf(stderr, "OpenVPN enabled on red but no red interface found\n"); - //exit(1); - } + } + + if (!strcmp(enablered, "on")) { + if (strlen(redif)) { + createChain(OVPNRED); + createChainReference(OVPNRED); + } else { + fprintf(stderr, "OpenVPN enabled on red but no red interface found\n"); + //exit(1); } } } @@ -250,12 +328,6 @@ void setFirewallRules(void) { char dport[STRING_SIZE] = ""; char dovpnip[STRING_SIZE] = "";
- /* check if it makes sence to proceed further */ - if (!((strcmp(enablered, "on")==0) || (strcmp(enableblue, "on")==0) || (strcmp(enableorange, "on")==0))){ - fprintf(stderr, "Config error, at least one device must be enabled\n"); - exit(1); - } - kv = initkeyvalues(); if (!readkeyvalues(kv, CONFIG_ROOT "/ovpn/settings")) { @@ -280,6 +352,11 @@ void setFirewallRules(void) { } freekeyvalues(kv);
+ // Flush all chains. + flushChain(OVPNRED); + flushChain(OVPNBLUE); + flushChain(OVPNORANGE); + // set firewall rules if (!strcmp(enablered, "on") && strlen(redif)) setChainRules(OVPNRED, redif, protocol, dport); @@ -287,17 +364,36 @@ void setFirewallRules(void) { setChainRules(OVPNBLUE, blueif, protocol, dport); if (!strcmp(enableorange, "on") && strlen(orangeif)) setChainRules(OVPNORANGE, orangeif, protocol, dport); + + // read connection configuration + connection *conn = getConnections(); + + // set firewall rules for n2n connections + char command[STRING_SIZE]; + while (conn != NULL) { + if (strcmp(conn->type, "net") == 0) { + sprintf(command, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %d -j ACCEPT", + OVPNRED, redif, conn->proto, conn->port); + executeCommand(command); + } + + conn = conn->next; + } }
void stopDaemon(void) { char command[STRING_SIZE];
- snprintf(command, STRING_SIZE - 1, "/bin/killall openvpn"); - executeCommand(command); + int pid = readPidFile("/var/run/openvpn.pid"); + if (!pid > 0) { + exit(1); + } + + fprintf(stderr, "Killing PID %d.\n", pid); + kill(pid, SIGTERM); + snprintf(command, STRING_SIZE - 1, "/bin/rm -f /var/run/openvpn.pid"); executeCommand(command); - snprintf(command, STRING_SIZE-1, "/sbin/modprobe -r tun"); - executeCommand(command); }
void startDaemon(void) { @@ -314,6 +410,106 @@ void startDaemon(void) { } }
+void startNet2Net(char *name) { + connection *conn = NULL; + connection *conn_iter; + + conn_iter = getConnections(); + + while (conn_iter) { + if ((strcmp(conn_iter->type, "net") == 0) && (strcmp(conn_iter->name, name) == 0)) { + conn = conn_iter; + break; + } + conn_iter = conn_iter->next; + } + + if (conn == NULL) { + fprintf(stderr, "Connection not found.\n"); + exit(1); + } + + char configfile[STRING_SIZE]; + snprintf(configfile, STRING_SIZE - 1, CONFIG_ROOT "/ovpn/n2nconf/%s/%s.conf", + conn->name, conn->name); + + FILE *fp = fopen(configfile, "r"); + if (fp == NULL) { + fprintf(stderr, "Could not find configuration file for connection '%s' at '%s'.\n", + conn->name, configfile); + exit(2); + } + fclose(fp); + + // Make sure all firewall rules are up to date. + setFirewallRules(); + + char command[STRING_SIZE]; + snprintf(command, STRING_SIZE-1, "/sbin/modprobe tun"); + executeCommand(command); + snprintf(command, STRING_SIZE-1, "/usr/sbin/openvpn --config %s", configfile); + executeCommand(command); +} + +void killNet2Net(char *name) { + connection *conn = NULL; + connection *conn_iter; + + conn_iter = getConnections(); + + while (conn_iter) { + if (strcmp(conn_iter->name, name) == 0) { + conn = conn_iter; + break; + } + conn_iter = conn_iter->next; + } + + if (conn == NULL) { + fprintf(stderr, "Connection not found.\n"); + exit(1); + } + + char pidfile[STRING_SIZE]; + snprintf(pidfile, STRING_SIZE - 1, "/var/run/%sn2n.pid", conn->name); + + int pid = readPidFile(pidfile); + if (!pid > 0) { + exit(1); + } + + fprintf(stderr, "Killing PID %d.\n", pid); + kill(pid, SIGTERM); + + char command[STRING_SIZE]; + snprintf(command, STRING_SIZE - 1, "/bin/rm -f %s", pidfile); + executeCommand(command); + + exit(0); +} + +void startAllNet2Net() { + connection *conn = getConnections(); + + while(conn) { + startNet2Net(conn->name); + conn = conn->next; + } + + exit(0); +} + +void killAllNet2Net() { + connection *conn = getConnections(); + + while(conn) { + killNet2Net(conn->name); + conn = conn->next; + } + + exit(0); +} + void displayopenvpn(void) { char command[STRING_SIZE];
@@ -326,8 +522,23 @@ int main(int argc, char *argv[]) { exit(1); if(argc < 2) usage(); - - if(argc == 2) { + + if(argc == 3) { + ovpnInit(); + + if( (strcmp(argv[1], "-sn2n") == 0) || (strcmp(argv[1], "--start-net-2-net") == 0) ) { + startNet2Net(argv[2]); + return 0; + } + else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) { + killNet2Net(argv[2]); + return 0; + } else { + usage(); + return 1; + } + } + else if(argc == 2) { if( (strcmp(argv[1], "-k") == 0) || (strcmp(argv[1], "--kill") == 0) ) { stopDaemon(); return 0; @@ -350,6 +561,14 @@ int main(int argc, char *argv[]) { startDaemon(); return 0; } + else if( (strcmp(argv[1], "-sn2n") == 0) || (strcmp(argv[1], "--start-net-2-net") == 0) ) { + startAllNet2Net(); + return 0; + } + else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) { + killAllNet2Net(); + return 0; + } else if( (strcmp(argv[1], "-sdo") == 0) || (strcmp(argv[1], "--start-daemon-only") == 0) ) { startDaemon(); return 0;
hooks/post-receive -- IPFire 2.x development tree