This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 8c877a82f6a63e07e2dde8d55c6e0db4893bf73d (commit) from ce819132f353a4ae2103fa752ffddb3fae6f01a1 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 8c877a82f6a63e07e2dde8d55c6e0db4893bf73d Author: Alexander Marx amarx@ipfire.org Date: Fri Nov 16 17:02:15 2012 +0100
OpenVPN: Add CCD configuration GUI.
-----------------------------------------------------------------------
Summary of changes: config/cfgroot/general-functions.pl | 204 +++++- doc/language_issues.de | 3 + doc/language_issues.en | 2 + doc/language_issues.es | 39 ++ doc/language_issues.fr | 35 + doc/language_issues.pl | 39 ++ doc/language_issues.ru | 35 + doc/language_missings | 161 +++++ html/cgi-bin/ovpnmain.cgi | 1219 +++++++++++++++++++++++++++++------ langs/de/cgi-bin/de.pl | 38 ++ langs/en/cgi-bin/en.pl | 39 +- 11 files changed, 1585 insertions(+), 229 deletions(-) mode change 100644 => 100755 html/cgi-bin/ovpnmain.cgi
Difference in files: diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 567f2e1..c6a6a7c 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -18,8 +18,7 @@ use strict; use Socket; use IO::Socket; use Net::SSLeay; -use Net::IPv4Addr; - +use Net::IPv4Addr qw(:all); $|=1; # line buffering
$General::version = 'VERSION'; @@ -212,19 +211,175 @@ sub validipormask return &validmask($mask); }
-sub validipandmask +sub subtocidr { - my $ipandmask = $_[0]; + #gets: Subnet in decimal (255.255.255.0) + #Gives: 24 (The cidr of network) + my ($byte1, $byte2, $byte3, $byte4) = split(/./, $_[0].".0.0.0.0"); + my $num = ($byte1 * 16777216) + ($byte2 * 65536) + ($byte3 * 256) + $byte4; + my $bin = unpack("B*", pack("N", $num)); + my $count = ($bin =~ tr/1/1/); + return $count; +}
- # split it into number and mask. - if (!($ipandmask =~ /^(.*?)/(.*?)$/)) { - return 0; } - my $ip = $1; - my $mask = $2; - # first part not a ip? - if (!(&validip($ip))) { - return 0; } - return &validmask($mask); +sub cidrtosub +{ + #gets: Cidr of network (20-30 for ccd) + #Konverts 30 to 255.255.255.252 e.g + my $cidr=$_[0]; + my $netmask = &Net::IPv4Addr::ipv4_cidr2msk($cidr); + return "$netmask"; +} + +sub iporsubtodec +{ + #Gets: Ip address or subnetmask in decimal oder CIDR + #Gives: What it gets only in CIDR format + my $subnet=$_[0]; + my $net; + my $mask; + my $full=0; + if ($subnet =~ /^(.*?)/(.*?)$/) { + ($net,$mask) = split (///,$subnet); + $full=1; + return "$subnet"; + }else{ + $mask=$subnet; + } + #Subnet already in decimal and valid? + if ($mask=~/^(\d{1,3}).(\d{1,3}).(\d{1,3}).(\d{1,3})$/ &&(($1<=255 && $2<=$1 && $3<=$2 && $4<=$3 ))) { + for (my $i=8;$i<=32;$i++){ + if (&General::cidrtosub($i) eq $mask){ + if ($full == 0){return $mask;}else{ + return $net."/".$mask; + } + } + } + } + #Subnet in binary format? + if ($mask=~/^(\d{1,2})$/ && (($1<=32 && $1>=8))){ + if($full == 0){ return &General::cidrtosub($mask);}else{ + return $net."/".&General::cidrtosub($mask); + } + }else{ + return 3; + } + return 3; +} + + +sub iporsubtocidr +{ + #gets: Ip Address or subnetmask in decimal oder CIDR + #Gives: What it gets only in CIDR format + my $subnet=$_[0]; + my $net; + my $mask; + my $full=0; + if ($subnet =~ /^(.*?)/(.*?)$/) { + ($net,$mask) = split (///,$subnet); + $full=1; + }else{ + $mask=$subnet; + } + #Subnet in decimal and valid? + if ($mask=~/^(\d{1,3}).(\d{1,3}).(\d{1,3}).(\d{1,3})$/ &&(($1<=255 && $2<=$1 && $3<=$2 && $4<=$3 ))) { + for (my $i=8;$i<=32;$i++){ + if (&General::cidrtosub($i) eq $mask){ + if ($full == 0){return &General::subtocidr($mask);}else{ + return $net."/".&General::subtocidr($mask); + } + } + } + } + #Subnet already in binary format? + if ($mask=~/^(\d{1,2})$/ && (($1<=32 && $1>=8))){ + if($full == 0){ return $mask;}else{ + return $net."/".$mask; + } + }else{ + return 3; + } + return 3; +} + +sub getnetworkip +{ + #Gets: IP, CIDR (10.10.10.0-255, 24) + #Gives: 10.10.10.0 + my ($ccdip,$ccdsubnet) = @_; + my $ip_address_binary = inet_aton( $ccdip ); + my $netmask_binary = ~pack("N", (2**(32-$ccdsubnet))-1); + my $network_address = inet_ntoa( $ip_address_binary & $netmask_binary ); + return $network_address; +} + +sub getccdbc +{ + #Gets: IP in Form ("192.168.0.0/24") + #Gives: Broadcastaddress of network + my $ccdnet=$_; + my ($ccdip,$ccdsubnet) = split "/",$ccdnet; + my $ip_address_binary = inet_aton( $ccdip ); + my $netmask_binary = ~pack("N", (2**(32-$ccdsubnet))-1); + my $broadcast_address = inet_ntoa( $ip_address_binary | ~$netmask_binary ); + return $broadcast_address; +} +sub getnextip +{ + my ($byte1,$byte2,$byte3,$byte4) = split (/./,$_[0]); + my $step=$_[1]; + for (my $x=1;$x<=$step;$x++){ + $byte4++; + if($byte4==255){ $byte4=0;$byte3++;} + if($byte3==255){$byte3=0;$byte2++;} + if ($byte2==255){$byte2=0;$byte1++} + + } + return "$byte1.$byte2.$byte3.$byte4"; +} +sub getlastip +{ + my ($byte1,$byte2,$byte3,$byte4) = split (/./,$_[0]); + my $step=$_[1]; + for (my $x=$step;$x>=1;$x--){ + $byte4--; + if($byte4==0){ $byte4=255;$byte3--;} + if($byte3==0){$byte3=255;$byte2--;} + if ($byte2==0){$byte2=255;$byte1--} + } + return "$byte1.$byte2.$byte3.$byte4"; +} + +sub validipandmask +{ + #Gets: Ip address in 192.168.0.0/24 or 192.168.0.0/255.255.255.0 and checks if subnet valid + #Gives: True bzw 0 if success or false + my $ccdnet=$_[0]; + my $subcidr; + + if (!($ccdnet =~ /^(.*?)/(.*?)$/)) { + return 0; + } + my ($ccdip,$ccdsubnet)=split (///, $ccdnet); + #IP valid? + if ($ccdip=~/^(\d{1,3}).(\d{1,3}).(\d{1,3}).(\d{1,3})$/ &&(($1>0 && $1<=255 && $2>=0 && $2<=255 && $3>=0 && $3<=255 && $4<=255 ))) { + #Subnet in decimal and valid? + if ($ccdsubnet=~/^(\d{1,3}).(\d{1,3}).(\d{1,3}).(\d{1,3})$/ &&(($1<=255 && $2<=$1 && $3<=$2 && $4<=$3 ))) { + for (my $i=8;$i<=30;$i++){ + if (&General::cidrtosub($i) eq $ccdsubnet){ + return 1; + } + } + #Subnet already in binary format? + }elsif ($ccdsubnet=~/^(\d{1,2})$/ && (($1<=30 && $1>=8))){ + return 1; + }else{ + return 0; + } + + } + return 0; }
sub validport @@ -276,7 +431,7 @@ sub validhostname if (length ($hostname) < 1 || length ($hostname) > 63) { return 0;} # Only valid characters are a-z, A-Z, 0-9 and - - if ($hostname !~ /^[a-zA-Z0-9-]*$/) { + if ($hostname !~ /^[a-zA-Z0-9-\s]*$/) { return 0;} # First character can only be a letter or a digit if (substr ($hostname, 0, 1) !~ /^[a-zA-Z0-9]*$/) { @@ -407,7 +562,12 @@ sub NextIP ) ); } - +sub NextIP2 +{ + return &Socket::inet_ntoa( pack("N", 4 + unpack('N', &Socket::inet_aton(shift)) + ) + ); +} sub ipcidr { my ($ip,$cidr) = &Net::IPv4Addr::ipv4_parse(shift); @@ -465,13 +625,13 @@ sub writehasharray { open(FILE, ">$filename") or die "Unable to write to file $filename";
foreach $key (keys %$hash) { - if ($key =~ /^[0-9]+$/) { - print FILE "$key"; - foreach $i (0 .. $#{$hash->{$key}}) { - print FILE ",$hash->{$key}[$i]"; - } - print FILE "\n"; - } + if ($key =~ /^[0-9]+$/) { + print FILE "$key"; + foreach $i (0 .. $#{$hash->{$key}}) { + print FILE ",$hash->{$key}[$i]"; + } + print FILE "\n"; + } } close FILE; return; diff --git a/doc/language_issues.de b/doc/language_issues.de index 5a42ae5..137217c 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -68,6 +68,9 @@ WARNING: translation string unused: cache size WARNING: translation string unused: calamaris report interval (in minutes) WARNING: translation string unused: calc traffic all x minutes WARNING: translation string unused: capsinactive +WARNING: translation string unused: ccd err iroute +WARNING: translation string unused: ccd err netadr +WARNING: translation string unused: ccd maxclients WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config diff --git a/doc/language_issues.en b/doc/language_issues.en index 6d6a2a6..68fef77 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -87,6 +87,8 @@ WARNING: translation string unused: cache size WARNING: translation string unused: calamaris report interval (in minutes) WARNING: translation string unused: calc traffic all x minutes WARNING: translation string unused: capsinactive +WARNING: translation string unused: ccd err iroute +WARNING: translation string unused: ccd err netadr WARNING: translation string unused: cfg restart WARNING: translation string unused: check for net traffic update WARNING: translation string unused: choose config diff --git a/doc/language_issues.es b/doc/language_issues.es index 6bcbf86..968e321 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -500,7 +500,41 @@ WARNING: untranslated string: Async logging enabled WARNING: untranslated string: Scan for Songs WARNING: untranslated string: Set time on boot WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: attention WARNING: untranslated string: bytes +WARNING: untranslated string: ccd add +WARNING: untranslated string: ccd choose net +WARNING: untranslated string: ccd client options +WARNING: untranslated string: ccd clientip +WARNING: untranslated string: ccd dynrange +WARNING: untranslated string: ccd err blue +WARNING: untranslated string: ccd err green +WARNING: untranslated string: ccd err hostinnet +WARNING: untranslated string: ccd err inuse +WARNING: untranslated string: ccd err invalidname +WARNING: untranslated string: ccd err invalidnet +WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isovpnnet +WARNING: untranslated string: ccd err issubnet +WARNING: untranslated string: ccd err name +WARNING: untranslated string: ccd err nameexist +WARNING: untranslated string: ccd err netadrexist +WARNING: untranslated string: ccd err orange +WARNING: untranslated string: ccd err red +WARNING: untranslated string: ccd err routeovpn +WARNING: untranslated string: ccd err routeovpn2 +WARNING: untranslated string: ccd hint +WARNING: untranslated string: ccd invalid +WARNING: untranslated string: ccd iroute +WARNING: untranslated string: ccd iroute2 +WARNING: untranslated string: ccd iroutehint +WARNING: untranslated string: ccd modify +WARNING: untranslated string: ccd name +WARNING: untranslated string: ccd net +WARNING: untranslated string: ccd none +WARNING: untranslated string: ccd routes +WARNING: untranslated string: ccd subnet +WARNING: untranslated string: ccd used WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: fireinfo ipfire version WARNING: untranslated string: fireinfo is disabled @@ -546,11 +580,16 @@ WARNING: untranslated string: outgoing firewall p2p description 2 WARNING: untranslated string: outgoing firewall p2p description 3 WARNING: untranslated string: outgoing firewall reserved groupname WARNING: untranslated string: outgoing firewall view group +WARNING: untranslated string: ovpn errmsg green already pushed +WARNING: untranslated string: ovpn errmsg invalid ip or mask +WARNING: untranslated string: ovpn routes push +WARNING: untranslated string: ovpn routes push options WARNING: untranslated string: pakfire ago WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: server restart WARNING: untranslated string: static routes WARNING: untranslated string: system information WARNING: untranslated string: visit us at diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 189932f..1c37b17 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -499,7 +499,41 @@ WARNING: translation string unused: year-graph WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: Scan for Songs WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: attention WARNING: untranslated string: bytes +WARNING: untranslated string: ccd add +WARNING: untranslated string: ccd choose net +WARNING: untranslated string: ccd client options +WARNING: untranslated string: ccd clientip +WARNING: untranslated string: ccd dynrange +WARNING: untranslated string: ccd err blue +WARNING: untranslated string: ccd err green +WARNING: untranslated string: ccd err hostinnet +WARNING: untranslated string: ccd err inuse +WARNING: untranslated string: ccd err invalidname +WARNING: untranslated string: ccd err invalidnet +WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isovpnnet +WARNING: untranslated string: ccd err issubnet +WARNING: untranslated string: ccd err name +WARNING: untranslated string: ccd err nameexist +WARNING: untranslated string: ccd err netadrexist +WARNING: untranslated string: ccd err orange +WARNING: untranslated string: ccd err red +WARNING: untranslated string: ccd err routeovpn +WARNING: untranslated string: ccd err routeovpn2 +WARNING: untranslated string: ccd hint +WARNING: untranslated string: ccd invalid +WARNING: untranslated string: ccd iroute +WARNING: untranslated string: ccd iroute2 +WARNING: untranslated string: ccd iroutehint +WARNING: untranslated string: ccd modify +WARNING: untranslated string: ccd name +WARNING: untranslated string: ccd net +WARNING: untranslated string: ccd none +WARNING: untranslated string: ccd routes +WARNING: untranslated string: ccd subnet +WARNING: untranslated string: ccd used WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: dns address deleted txt WARNING: untranslated string: fireinfo ipfire version @@ -539,6 +573,7 @@ WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: server restart WARNING: untranslated string: snort working WARNING: untranslated string: static routes WARNING: untranslated string: system information diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 6bcbf86..968e321 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -500,7 +500,41 @@ WARNING: untranslated string: Async logging enabled WARNING: untranslated string: Scan for Songs WARNING: untranslated string: Set time on boot WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: attention WARNING: untranslated string: bytes +WARNING: untranslated string: ccd add +WARNING: untranslated string: ccd choose net +WARNING: untranslated string: ccd client options +WARNING: untranslated string: ccd clientip +WARNING: untranslated string: ccd dynrange +WARNING: untranslated string: ccd err blue +WARNING: untranslated string: ccd err green +WARNING: untranslated string: ccd err hostinnet +WARNING: untranslated string: ccd err inuse +WARNING: untranslated string: ccd err invalidname +WARNING: untranslated string: ccd err invalidnet +WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isovpnnet +WARNING: untranslated string: ccd err issubnet +WARNING: untranslated string: ccd err name +WARNING: untranslated string: ccd err nameexist +WARNING: untranslated string: ccd err netadrexist +WARNING: untranslated string: ccd err orange +WARNING: untranslated string: ccd err red +WARNING: untranslated string: ccd err routeovpn +WARNING: untranslated string: ccd err routeovpn2 +WARNING: untranslated string: ccd hint +WARNING: untranslated string: ccd invalid +WARNING: untranslated string: ccd iroute +WARNING: untranslated string: ccd iroute2 +WARNING: untranslated string: ccd iroutehint +WARNING: untranslated string: ccd modify +WARNING: untranslated string: ccd name +WARNING: untranslated string: ccd net +WARNING: untranslated string: ccd none +WARNING: untranslated string: ccd routes +WARNING: untranslated string: ccd subnet +WARNING: untranslated string: ccd used WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: fireinfo ipfire version WARNING: untranslated string: fireinfo is disabled @@ -546,11 +580,16 @@ WARNING: untranslated string: outgoing firewall p2p description 2 WARNING: untranslated string: outgoing firewall p2p description 3 WARNING: untranslated string: outgoing firewall reserved groupname WARNING: untranslated string: outgoing firewall view group +WARNING: untranslated string: ovpn errmsg green already pushed +WARNING: untranslated string: ovpn errmsg invalid ip or mask +WARNING: untranslated string: ovpn routes push +WARNING: untranslated string: ovpn routes push options WARNING: untranslated string: pakfire ago WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: server restart WARNING: untranslated string: static routes WARNING: untranslated string: system information WARNING: untranslated string: visit us at diff --git a/doc/language_issues.ru b/doc/language_issues.ru index e25d81d..c1c87ee 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -491,7 +491,41 @@ WARNING: untranslated string: Add a route WARNING: untranslated string: Edit an existing route WARNING: untranslated string: Scan for Songs WARNING: untranslated string: advproxy errmsg invalid upstream proxy +WARNING: untranslated string: attention WARNING: untranslated string: bytes +WARNING: untranslated string: ccd add +WARNING: untranslated string: ccd choose net +WARNING: untranslated string: ccd client options +WARNING: untranslated string: ccd clientip +WARNING: untranslated string: ccd dynrange +WARNING: untranslated string: ccd err blue +WARNING: untranslated string: ccd err green +WARNING: untranslated string: ccd err hostinnet +WARNING: untranslated string: ccd err inuse +WARNING: untranslated string: ccd err invalidname +WARNING: untranslated string: ccd err invalidnet +WARNING: untranslated string: ccd err irouteexist +WARNING: untranslated string: ccd err isovpnnet +WARNING: untranslated string: ccd err issubnet +WARNING: untranslated string: ccd err name +WARNING: untranslated string: ccd err nameexist +WARNING: untranslated string: ccd err netadrexist +WARNING: untranslated string: ccd err orange +WARNING: untranslated string: ccd err red +WARNING: untranslated string: ccd err routeovpn +WARNING: untranslated string: ccd err routeovpn2 +WARNING: untranslated string: ccd hint +WARNING: untranslated string: ccd invalid +WARNING: untranslated string: ccd iroute +WARNING: untranslated string: ccd iroute2 +WARNING: untranslated string: ccd iroutehint +WARNING: untranslated string: ccd modify +WARNING: untranslated string: ccd name +WARNING: untranslated string: ccd net +WARNING: untranslated string: ccd none +WARNING: untranslated string: ccd routes +WARNING: untranslated string: ccd subnet +WARNING: untranslated string: ccd used WARNING: untranslated string: deprecated fs warn WARNING: untranslated string: disk access per WARNING: untranslated string: extrahd because there is already a device mounted @@ -520,6 +554,7 @@ WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: server restart WARNING: untranslated string: static routes WARNING: untranslated string: visit us at WARNING: untranslated string: vpn keyexchange diff --git a/doc/language_missings b/doc/language_missings index 55e0e40..a6a29fb 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -4,6 +4,7 @@ ############################################################################ # Checking cgi-bin translations for language: en # ############################################################################ +< ccd maxclients ############################################################################ # Checking install/setup translations for language: fr # ############################################################################ @@ -11,6 +12,43 @@ # Checking cgi-bin translations for language: fr # ############################################################################ < advproxy errmsg invalid upstream proxy +< attention +< ccd add +< ccd choose net +< ccd clientip +< ccd client options +< ccd dynrange +< ccd err blue +< ccd err green +< ccd err hostinnet +< ccd err inuse +< ccd err invalidname +< ccd err invalidnet +< ccd err iroute +< ccd err irouteexist +< ccd err isovpnnet +< ccd err issubnet +< ccd err name +< ccd err nameexist +< ccd err netadr +< ccd err netadrexist +< ccd err orange +< ccd err red +< ccd err routeovpn +< ccd err routeovpn2 +< ccd hint +< ccd invalid +< ccd iroute +< ccd iroute2 +< ccd iroutehint +< ccd maxclients +< ccd modify +< ccd name +< ccd net +< ccd none +< ccd routes +< ccd subnet +< ccd used < deprecated fs warn < dns address deleted txt < fireinfo ipfire version @@ -45,6 +83,7 @@ < openvpn subnet is used < other < our donors +< server restart < snort working < static routes < system information @@ -81,6 +120,43 @@ ############################################################################ < advproxy errmsg invalid upstream proxy < Async logging enabled +< attention +< ccd add +< ccd choose net +< ccd clientip +< ccd client options +< ccd dynrange +< ccd err blue +< ccd err green +< ccd err hostinnet +< ccd err inuse +< ccd err invalidname +< ccd err invalidnet +< ccd err iroute +< ccd err irouteexist +< ccd err isovpnnet +< ccd err issubnet +< ccd err name +< ccd err nameexist +< ccd err netadr +< ccd err netadrexist +< ccd err orange +< ccd err red +< ccd err routeovpn +< ccd err routeovpn2 +< ccd hint +< ccd invalid +< ccd iroute +< ccd iroute2 +< ccd iroutehint +< ccd maxclients +< ccd modify +< ccd name +< ccd net +< ccd none +< ccd routes +< ccd subnet +< ccd used < deprecated fs warn < fireinfo ipfire version < fireinfo is disabled @@ -126,6 +202,11 @@ < outgoing firewall p2p description 2 < outgoing firewall p2p description 3 < outgoing firewall view group +< ovpn errmsg green already pushed +< ovpn errmsg invalid ip or mask +< ovpn routes push +< ovpn routes push options +< server restart < Set time on boot < static routes < system information @@ -138,6 +219,43 @@ # Checking cgi-bin translations for language: pl # ############################################################################ < advproxy errmsg invalid upstream proxy +< attention +< ccd add +< ccd choose net +< ccd clientip +< ccd client options +< ccd dynrange +< ccd err blue +< ccd err green +< ccd err hostinnet +< ccd err inuse +< ccd err invalidname +< ccd err invalidnet +< ccd err iroute +< ccd err irouteexist +< ccd err isovpnnet +< ccd err issubnet +< ccd err name +< ccd err nameexist +< ccd err netadr +< ccd err netadrexist +< ccd err orange +< ccd err red +< ccd err routeovpn +< ccd err routeovpn2 +< ccd hint +< ccd invalid +< ccd iroute +< ccd iroute2 +< ccd iroutehint +< ccd maxclients +< ccd modify +< ccd name +< ccd net +< ccd none +< ccd routes +< ccd subnet +< ccd used < deprecated fs warn < extrahd because there is already a device mounted < extrahd cant umount @@ -161,6 +279,11 @@ < openvpn subnet is used < other < our donors +< ovpn errmsg green already pushed +< ovpn errmsg invalid ip or mask +< ovpn routes push +< ovpn routes push options +< server restart < static routes < visit us at < vpn keyexchange @@ -172,6 +295,43 @@ ############################################################################ < Add a route < advproxy errmsg invalid upstream proxy +< attention +< ccd add +< ccd choose net +< ccd clientip +< ccd client options +< ccd dynrange +< ccd err blue +< ccd err green +< ccd err hostinnet +< ccd err inuse +< ccd err invalidname +< ccd err invalidnet +< ccd err iroute +< ccd err irouteexist +< ccd err isovpnnet +< ccd err issubnet +< ccd err name +< ccd err nameexist +< ccd err netadr +< ccd err netadrexist +< ccd err orange +< ccd err red +< ccd err routeovpn +< ccd err routeovpn2 +< ccd hint +< ccd invalid +< ccd iroute +< ccd iroute2 +< ccd iroutehint +< ccd maxclients +< ccd modify +< ccd name +< ccd net +< ccd none +< ccd routes +< ccd subnet +< ccd used < day-graph < deprecated fs warn < disk access per @@ -203,6 +363,7 @@ < other < our donors < outgoing traffic in bytes per second +< server restart < static routes < visit us at < vpn keyexchange diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi old mode 100644 new mode 100755 index 990fe66..baabe8b --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -36,10 +36,10 @@ require "${General::swroot}/header.pl"; require "${General::swroot}/countries.pl";
# enable only the following on debugging purpose -use warnings; -use CGI::Carp 'fatalsToBrowser'; +#use warnings; +#use CGI::Carp 'fatalsToBrowser'; #workaround to suppress a warning when a variable is used only once -my @dummy = ( ${Header::colourgreen} ); +my @dummy = ( ${Header::colourgreen}, ${Header::colourblue} ); undef (@dummy);
my %color = (); @@ -77,8 +77,12 @@ $cgiparams{'DHCP_WINS'} = ''; $cgiparams{'ROUTES_PUSH'} = ''; $cgiparams{'DCOMPLZO'} = 'off'; $cgiparams{'MSSFIX'} = ''; +$cgiparams{'number'} = ''; $routes_push_file = "${General::swroot}/ovpn/routes_push"; unless (-e $routes_push_file) { system("touch $routes_push_file"); } +unless (-e "${General::swroot}/ovpn/ccd.conf") { system("touch ${General::swroot}/ovpn/ccd.conf"); } +unless (-e "${General::swroot}/ovpn/ccdroute") { system("touch ${General::swroot}/ovpn/ccdroute"); } +unless (-e "${General::swroot}/ovpn/ccdroute2") { system("touch ${General::swroot}/ovpn/ccdroute2"); }
&Header::getcgihash(%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
@@ -342,18 +346,35 @@ sub writeserverconf { print CONF "dh /var/ipfire/ovpn/ca/dh1024.pem\n"; my @tempovpnsubnet = split("/",$sovpnsettings{'DOVPN_SUBNET'}); print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n"; - print CONF "push "route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}"\n"; + #print CONF "push "route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}"\n";
if ($vpnsettings{'ROUTES_PUSH'} ne '') { - @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'}); - foreach (@temp) - { - @tempovpnsubnet = split("/",&General::ipcidr2msk($_)); - print CONF "push "route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . ""\n"; + @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'}); + foreach (@temp) + { + @tempovpnsubnet = split("/",&General::ipcidr2msk($_)); + print CONF "push "route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . ""\n"; + } } - } +# a.marx ccd + my %ccdconfhash=(); + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + foreach my $key (keys %ccdconfhash) { + my $a=$ccdconfhash{$key}[1]; + my ($b,$c) = split (///, $a); + print CONF "route $b ".&General::cidrtosub($c)."\n"; + } + my %ccdroutehash=(); + &General::readhasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + foreach my $key (keys %ccdroutehash) { + foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){ + my ($a,$b)=split (///,$ccdroutehash{$key}[$i]); + print CONF "route $a $b\n"; + } + } +# ccd end
- if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { + if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { print CONF "client-to-client\n"; } if ($sovpnsettings{MSSFIX} eq 'on') { @@ -407,7 +428,7 @@ sub writeserverconf {
close(CONF); } -# + sub emptyserverlog{ if (open(FILE, ">/var/log/ovpnserver.log")) { flock FILE, 2; @@ -417,6 +438,281 @@ sub emptyserverlog{
}
+sub delccdnet +{ + my %ccdconfhash = (); + my %ccdhash = (); + my $ccdnetname=$_[0]; + if (-f "${General::swroot}/ovpn/ovpnconfig"){ + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %ccdhash); + foreach my $key (keys %ccdhash) { + if ($ccdhash{$key}[32] eq $ccdnetname) { + $errormessage=$Lang::tr{'ccd err hostinnet'}; + return; + } + } + } + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + foreach my $key (keys %ccdconfhash) { + if ($ccdconfhash{$key}[0] eq $ccdnetname){ + delete $ccdconfhash{$key}; + } + } + &General::writehasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + + &writeserverconf; + return 0; +} + +sub addccdnet +{ + my %ccdconfhash=(); + my @ccdconf=(); + my $ccdname=$_[0]; + my $ccdnet=$_[1]; + my $ovpnsubnet=$_[2]; + my $subcidr; + my @ip2=(); + my $checkup; + my $ccdip; + my $baseaddress; + if(!&General::validhostname($ccdname)){ + $errormessage=$Lang::tr{'ccd err invalidname'}; + return; + } + #check ip + if (&General::validipandmask($ccdnet)){ + $ccdnet=&General::iporsubtocidr($ccdnet); + }else{ + $errormessage=$Lang::tr{'ccd err invalidnet'}; + return; + } + ($ccdip,$subcidr) = split (///,$ccdnet); + if ($ccdname eq '') { + $errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>"; + } + #check if we try to use same network as ovpn server + if (&General::iporsubtocidr($ccdnet) eq &General::iporsubtocidr($ovpnsubnet)) { + $errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."<br>"; + } + + #check if we use a name/subnet that already exists + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + foreach my $key (keys %ccdconfhash) { + @ccdconf=split(///,$ccdconfhash{$key}[1]); + if ($ccdname eq $ccdconfhash{$key}[0]) {$errormessage=$errormessage.$Lang::tr{'ccd err nameexist'}."<br>";} + my ($newip,$newsub) = split(///,$ccdnet); + if (&General::IpInSubnet($newip,$ccdconf[0],&General::iporsubtodec($ccdconf[1]))) {$errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."<br>";} + + } + #check if we use one of ipfire's networks (green,orange,blue) + my %ownnet=(); + &General::readhash("${General::swroot}/ethernet/settings", %ownnet); + if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err green'};} + if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err orange'};} + if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err blue'};} + if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'RED_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err red'};} + + + if (!$errormessage) { + my %ccdconfhash=(); + $baseaddress=&General::getnetworkip($ccdip,$subcidr); + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + my $key = &General::findhasharraykey (%ccdconfhash); + foreach my $i (0 .. 1) { $ccdconfhash{$key}[$i] = "";} + $ccdconfhash{$key}[0] = $ccdname; + $ccdconfhash{$key}[1] = $baseaddress."/".$subcidr; + &General::writehasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + &writeserverconf; + $cgiparams{'ccdname'}=''; + $cgiparams{'ccdsubnet'}=''; + return 1; + } +} + +sub modccdnet +{ + + my $newname=$_[0]; + my $oldname=$_[1]; + my %ccdconfhash=(); + my %ccdhash=(); + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + foreach my $key (keys %ccdconfhash) { + if ($ccdconfhash{$key}[0] eq $oldname) { + foreach my $key1 (keys %ccdconfhash) { + if ($ccdconfhash{$key1}[0] eq $newname){ + $errormessage=$errormessage.$Lang::tr{'ccd err netadrexist'}; + return; + }else{ + $ccdconfhash{$key}[0]= $newname; + &General::writehasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + last; + } + } + } + } + + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %ccdhash); + foreach my $key (keys %ccdhash) { + if ($ccdhash{$key}[32] eq $oldname) { + $ccdhash{$key}[32]=$newname; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %ccdhash); + last; + } + } + + return 0; +} +sub ccdmaxclients +{ + my $ccdnetwork=$_[0]; + my @octets=(); + my @subnet=(); + @octets=split("/",$ccdnetwork); + @subnet= split /./, &General::cidrtosub($octets[1]); + my ($a,$b,$c,$d,$e); + $a=256-$subnet[0]; + $b=256-$subnet[1]; + $c=256-$subnet[2]; + $d=256-$subnet[3]; + $e=($a*$b*$c*$d)/4; + return $e-1; +} + +sub getccdadresses +{ + my $ipin=$_[0]; + my ($ip1,$ip2,$ip3,$ip4)=split /./, $ipin; + my $cidr=$_[1]; + chomp($cidr); + my $count=$_[2]; + my $hasip=$_[3]; + chomp($hasip); + my @iprange=(); + my %ccdhash=(); + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %ccdhash); + $iprange[0]=$ip1.".".$ip2.".".$ip3.".".2; + for (my $i=0;$i<=$count-1;$i++) { + my $tmpip=$iprange[$i-1]; + my $stepper=$i*4; + $iprange[$i]= &General::getnextip($tmpip,4); + } + my $r=0; + foreach my $key (keys %ccdhash) { + $r=0; + foreach my $tmp (@iprange){ + my ($net,$sub) = split (///,$ccdhash{$key}[33]); + if ($net eq $tmp) { + if ( $hasip ne $ccdhash{$key}[33] ){ + splice (@iprange,$r,1); + } + } + $r++; + } + } + return @iprange; +} + +sub fillselectbox +{ + my $boxname=$_[1]; + my ($ccdip,$subcidr) = split("/",$_[0]); + my $tz=$_[2]; + my @allccdips=&getccdadresses($ccdip,$subcidr,&ccdmaxclients($ccdip."/".$subcidr),$tz); + print"<select name='$boxname' STYLE='font-family : arial; font-size : 9pt; width:130px;' >"; + foreach (@allccdips) { + my $ip=$_."/30"; + chomp($ip); + print "<option value='$ip' "; + if ( $ip eq $cgiparams{$boxname} ){ + print"selected"; + } + print ">$ip</option>"; + } + print "</select>"; +} + +sub hostsinnet +{ + my $name=$_[0]; + my %ccdhash=(); + my $i=0; + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %ccdhash); + foreach my $key (keys %ccdhash) { + if ($ccdhash{$key}[32] eq $name){ $i++;} + } + return $i; +} + +sub check_routes_push +{ + my $val=$_[0]; + my ($ip,$cidr) = split (///, $val); + ##check for existing routes in routes_push + if (-e "${General::swroot}/ovpn/routes_push") { + open(FILE,"${General::swroot}/ovpn/routes_push"); + while (<FILE>) { + $_=~s/\s*$//g; + + my ($ip2,$cidr2) = split (///,"$_"); + my $val2=$ip2."/".&General::iporsubtodec($cidr2); + + if($val eq $val2){ + return 0; + } + #subnetcheck + if (&General::IpInSubnet ($ip,$ip2,&General::iporsubtodec($cidr2))){ + return 0; + } + }; + close(FILE); + } + return 1; +} + +sub check_ccdroute +{ + my %ccdroutehash=(); + my $val=$_[0]; + my ($ip,$cidr) = split (///, $val); + #check for existing routes in ccdroute + &General::readhasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + foreach my $key (keys %ccdroutehash) { + foreach my $i (1 .. $#{$ccdroutehash{$key}}) { + if (&General::iporsubtodec($val) eq $ccdroutehash{$key}[$i] && $ccdroutehash{$key}[0] ne $cgiparams{'NAME'}){ + return 0; + } + my ($ip2,$cidr2) = split (///,$ccdroutehash{$key}[$i]); + #subnetcheck + if (&General::IpInSubnet ($ip,$ip2,$cidr2)&& $ccdroutehash{$key}[0] ne $cgiparams{'NAME'} ){ + return 0; + } + } + } + return 1; +} +sub check_ccdconf +{ + my %ccdconfhash=(); + my $val=$_[0]; + my ($ip,$cidr) = split (///, $val); + #check for existing routes in ccdroute + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + foreach my $key (keys %ccdconfhash) { + if (&General::iporsubtocidr($val) eq $ccdconfhash{$key}[1]){ + return 0; + } + my ($ip2,$cidr2) = split (///,$ccdconfhash{$key}[1]); + #subnetcheck + if (&General::IpInSubnet ($ip,$ip2,&General::cidrtosub($cidr2))){ + return 0; + } + + } + return 1; +} + ### # m.a.d net2net ### @@ -451,6 +747,7 @@ sub read_routepushfile while (<FILE>) { $vpnsettings{'ROUTES_PUSH'} .= $_ }; close(FILE); $cgiparams{'ROUTES_PUSH'} = $vpnsettings{'ROUTES_PUSH'}; + } }
@@ -490,11 +787,11 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'start ovpn server'} || &emptyserverlog(); } # #restart openvpn server - if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){ +# if ($cgiparams{'ACTION'} eq $Lang::tr{'restart ovpn server'}){ #workarund, till SIGHUP also works when running as nobody - system('/usr/local/bin/openvpnctrl', '-r'); - &emptyserverlog(); - } +# system('/usr/local/bin/openvpnctrl', '-r'); +# &emptyserverlog(); +# } }
### @@ -554,24 +851,47 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { if ($cgiparams{'ROUTES_PUSH'} ne ''){ @temp = split(/\n/,$cgiparams{'ROUTES_PUSH'}); undef $vpnsettings{'ROUTES_PUSH'}; - foreach (@temp) + + foreach my $tmpip (@temp) { s/^\s+//g; s/\s+$//g; - if ($_) + + if ($tmpip) { - unless (&General::validipandmask($_)) { - $errormessage = $Lang::tr{'ovpn errmsg invalid ip or mask'}; - goto ADV_ERROR; + $tmpip=~s/\s*$//g; + unless (&General::validipandmask($tmpip)) { + $errormessage = "$tmpip ".$Lang::tr{'ovpn errmsg invalid ip or mask'}; + goto ADV_ERROR; } - my ($ip, $cidr) = split("/",&General::ipcidr2msk($_)); + my ($ip, $cidr) = split("/",&General::ipcidr2msk($tmpip)); + if ($ip eq $netsettings{'GREEN_NETADDRESS'} && $cidr eq $netsettings{'GREEN_NETMASK'}) { $errormessage = $Lang::tr{'ovpn errmsg green already pushed'}; - goto ADV_ERROR; + goto ADV_ERROR; + } +# a.marx ccd + my %ccdroutehash=(); + &General::readhasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + foreach my $key (keys %ccdroutehash) { + foreach my $i (1 .. $#{$ccdroutehash{$key}}) { + if ( $ip."/".$cidr eq $ccdroutehash{$key}[$i] ){ + $errormessage="Route $ip/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ; + goto ADV_ERROR; + } + my ($ip2,$cidr2) = split(///,$ccdroutehash{$key}[$i]); + if (&General::IpInSubnet ($ip,$ip2,$cidr2)){ + $errormessage="Route $ip/$cidr ".$Lang::tr{'ccd err inuse'}." $ccdroutehash{$key}[0]" ; + goto ADV_ERROR; + } + } } - $vpnsettings{'ROUTES_PUSH'} .= $_."\n"; + +# ccd end + + $vpnsettings{'ROUTES_PUSH'} .= $tmpip."\n"; } - } - &write_routepushfile; + } + &write_routepushfile; undef $vpnsettings{'ROUTES_PUSH'}; } else { @@ -1571,29 +1891,26 @@ END my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk '{print $1}'`;
if ($confighash{$cgiparams{'KEY'}}) { + if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { + $confighash{$cgiparams{'KEY'}}[0] = 'on'; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
- - if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { - $confighash{$cgiparams{'KEY'}}[0] = 'on'; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); - - if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]); - } - - } else { + } + } else {
- $confighash{$cgiparams{'KEY'}}[0] = 'off'; - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); + $confighash{$cgiparams{'KEY'}}[0] = 'off'; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
- if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ if ($n2nactive ne ''){ - system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]); - } + system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]); + }
- } else { + } else { $errormessage = $Lang::tr{'invalid key'}; - } + } } }
@@ -1718,9 +2035,10 @@ else
my $zip = Archive::Zip->new();
- print CLIENTCONF "#OpenVPN Server conf\r\n"; + print CLIENTCONF "#OpenVPN Client conf\r\n"; print CLIENTCONF "tls-client\r\n"; print CLIENTCONF "client\r\n"; + print CLIENTCONF "nobind\n"; print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\r\n"; print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n"; print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; @@ -1814,10 +2132,41 @@ else }
unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + +# A.Marx CCD delete ccd files and routes + + + if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]") + { + unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]"; + } + my %ccdroutehash=(); + &General::readhasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + foreach my $key (keys %ccdroutehash) { + if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){ + delete $ccdroutehash{$key}; + } + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + my %ccdroute2hash=(); + &General::readhasharray("${General::swroot}/ovpn/ccdroute2", %ccdroute2hash); + foreach my $key (keys %ccdroute2hash) { + if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){ + delete $ccdroute2hash{$key}; + } + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute2", %ccdroute2hash); + + + +# CCD end + + delete $confighash{$cgiparams{'KEY'}}; my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); + #&writeserverconf(); } else { $errormessage = $Lang::tr{'invalid key'}; @@ -1884,9 +2233,11 @@ else %cgiparams = (); %cahash = (); %confighash = (); + my $disabled; &General::readhash("${General::swroot}/ovpn/settings", %cgiparams); read_routepushfile; - + + # if ($cgiparams{'CLIENT2CLIENT'} eq '') { # $cgiparams{'CLIENT2CLIENT'} = 'on'; # } @@ -1926,9 +2277,7 @@ ADV_ERROR: $selected{'LOG_VERB'}{'11'} = ''; $selected{'LOG_VERB'}{'0'} = ''; $selected{'LOG_VERB'}{$cgiparams{'LOG_VERB'}} = 'SELECTED'; - - - + &Header::showhttpheaders(); &Header::openpage($Lang::tr{'status ovpn'}, 1, ''); &Header::openbigbox('100%', 'LEFT', '', $errormessage); @@ -1940,8 +2289,8 @@ ADV_ERROR: } &Header::openbox('100%', 'LEFT', $Lang::tr{'advanced server'}); print <<END - <form method='post' enctype='multipart/form-data'> - <table width='100%'> + <form method='post' enctype='multipart/form-data' disabled> + <table width='100%' border=0> <tr> <td colspan='4'><b>$Lang::tr{'dhcp-options'}</b></td> </tr> @@ -1950,7 +2299,7 @@ ADV_ERROR: </tr> <tr> <td class='base'>Domain</td> - <td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30' /></td> + <td><input type='TEXT' name='DHCP_DOMAIN' value='$cgiparams{'DHCP_DOMAIN'}' size='30' /></td> </tr> <tr> <td class='base'>DNS</td> @@ -1975,7 +2324,7 @@ if ($cgiparams{'ROUTES_PUSH'} ne '') print $cgiparams{'ROUTES_PUSH'}; }
-print <<END +print <<END; </textarea></td> </tr> </tr> @@ -2057,8 +2406,16 @@ print <<END <option value='10' $selected{'LOG_VERB'}{'10'}>10</option> <option value='11' $selected{'LOG_VERB'}{'11'}>11</option> <option value='0' $selected{'LOG_VERB'}{'0'}>0</option></select></td> -</table> -<hr size='1'> +</table><hr> +END + +if ( -e "/var/run/openvpn.pid"){ +print" <br><b><font color='#990000'>$Lang::tr{'attention'}:</b></font><br> + $Lang::tr{'server restart'}<br><br> + <hr>"; +} + +print<<END <table width='100%'> <tr> <td> </td> @@ -2077,6 +2434,121 @@ END &Header::closepage(); exit(0); + +# A.Marx CCD Add,delete or edit CCD net + +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'ccd net'} || + $cgiparams{'ACTION'} eq $Lang::tr{'ccd add'} || + $cgiparams{'ACTION'} eq "kill" || + $cgiparams{'ACTION'} eq "edit" || + $cgiparams{'ACTION'} eq 'editsave'){ + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'ccd net'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + + if ($cgiparams{'ACTION'} eq "kill"){ + &delccdnet($cgiparams{'net'}); + } + + if ($cgiparams{'ACTION'} eq 'editsave'){ + my ($a,$b) =split (/|/,$cgiparams{'ccdname'}); + if ( $a ne $b){ &modccdnet($a,$b);} + } + + if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) { + &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'},$cgiparams{'DOVPN_SUBNET'}); + } + if ($errormessage) { + &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); + print "<class name='base'>$errormessage"; + print " </class>"; + &Header::closebox(); + } +if ($cgiparams{'ACTION'} eq "edit"){ + + &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd modify'}); + + print <<END + <table width='100%' border=0> + <tr><form method='post'> + <td width='10%' nowrap='nowrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td> + <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' readonly /></td></tr> + <tr><td colspan='4' align='right'><hr><input type='submit' value='$Lang::tr{'save'}' /><input type='hidden' name='ACTION' value='editsave'/> + <input type='hidden' name='ccdname' value='$cgiparams{'ccdname'}'/><input type='submit' value='$Lang::tr{'cancel'}' /> + </td></tr> + </table></form> +END +; + &Header::closebox(); + + &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} ); + print <<END + <table width='100%' border='0' cellpadding='0' cellspacing='1'> + <tr> + <td class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' width='15%' align='center'><b>$Lang::tr{'ccd used'}</td><td width='3%'></td><td width='3%'></td></tr> +END +; +} +else{ + if (! -e "/var/run/openvpn.pid"){ + &Header::openbox('100%', 'LEFT', $Lang::tr{'ccd add'}); + print <<END; + <table width='100%' border='0'> + <tr><form method='post'> + <td colspan='4'>$Lang::tr{'ccd hint'}<br><br></td></tr> + <tr> + <td width='10%' nowrap='nwrap'>$Lang::tr{'ccd name'}:</td><td><input type='TEXT' name='ccdname' value='$cgiparams{'ccdname'}' /></td> + <td width='8%'>$Lang::tr{'ccd subnet'}:</td><td><input type='TEXT' name='ccdsubnet' value='$cgiparams{'ccdsubnet'}' /></td></tr> + <tr><td colspan=4><hr /></td></tr><tr> + <td colspan='4' align='right'><input type='hidden' name='ACTION' value='$Lang::tr{'ccd add'}' /><input type='submit' value='$Lang::tr{'add'}' /><input type='hidden' name='DOVPN_SUBNET' value='$cgiparams{'DOVPN_SUBNET'}'/></td></tr> + </table></form> +END + + &Header::closebox(); +} + &Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} ); + print <<END + <table width='100%' border='0' cellpadding='0' cellspacing='1'> + <tr> + <td class='boldbase' align='center' nowrap='nowrap' width='20%'><b>$Lang::tr{'ccd name'}</td><td class='boldbase' align='center' width='8%'><b>$Lang::tr{'network'}</td><td class='boldbase' width='8%' align='center' nowrap='nowrap'><b>$Lang::tr{'ccd used'}</td><td width='1%' align='center'></td><td width='1%' align='center'></td></tr> +END +; +} + my %ccdconfhash=(); + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + my @ccdconf=(); + my $count=0; + foreach my $key (keys %ccdconfhash) { + @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]); + $count++; + my $ccdhosts = &hostsinnet($ccdconf[0]); + if ($count % 2){ print" <tr bgcolor='$color{'color22'}'>";} + else{ print" <tr bgcolor='$color{'color20'}'>";} + print"<td>$ccdconf[0]</td><td align='center'>$ccdconf[1]</td><td align='center'>$ccdhosts/".(&ccdmaxclients($ccdconf[1])+1)."</td><td>"; +print <<END + <form method='post' /> + <input type='image' src='/images/edit.gif' align='middle' alt=$Lang::tr{'edit'} title=$Lang::tr{'edit'} /> + <input type='hidden' name='ACTION' value='edit'/> + <input type='hidden' name='ccdname' value='$ccdconf[0]' /> + <input type='hidden' name='ccdsubnet' value='$ccdconf[1]' /> + </form></td> + <form method='post' /> + <td><input type='hidden' name='ACTION' value='kill'/> + <input type='hidden' name='number' value='$count' /> + <input type='hidden' name='net' value='$ccdconf[0]' /> + <input type='image' src='/images/delete.gif' align='middle' alt=$Lang::tr{'remove'} title=$Lang::tr{'remove'} /></form></td></tr> +END +; + } + print "</table></form>"; + &Header::closebox(); + print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>"; + &Header::closebigbox(); + &Header::closepage(); + exit(0); + +#END CCD + ### ### Openvpn Connections Statistics ### @@ -2284,7 +2756,7 @@ if ( -s "${General::swroot}/ovpn/settings") {
print <<END <b>$Lang::tr{'connection type'}:</b><br /> - <table><form method='post' ENCTYPE="multipart/form-data"> + <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data"> <tr><td><input type='radio' name='TYPE' value='host' checked /></td> <td class='base'>$Lang::tr{'host to net vpn'}</td></tr> <tr><td><input type='radio' name='TYPE' value='net' /></td> @@ -2293,21 +2765,21 @@ if ( -s "${General::swroot}/ovpn/settings") { <td class='base'>$Lang::tr{'net to net vpn'} (Upload Client Package)</td></tr> <tr><td> </td><td class='base'><input type='file' name='FH' size='30'></td></tr> <tr><td> </td><td>Import Connection Name <img src='/blob.gif' /></td></tr> - <tr><td> </td><td class='base'><input type='text' name='n2nname' size='30'><td class='base'>Default : Client Packagename</td></td></tr> + <tr><td> </td><td class='base'><input type='text' name='n2nname' size='30'>Default : Client Packagename</td></tr> <tr><td colspan='3'><hr /></td></tr> - <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr> - <tr><td> </td></tr> + <tr><td align='right' colspan='3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr> <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' /> $Lang::tr{'this field may be blank'}</td></tr> </form></table> END ; +
} else { print <<END <b>$Lang::tr{'connection type'}:</b><br /> - <table><form method='post' ENCTYPE="multipart/form-data"> + <table border='0' width='100%'><form method='post' ENCTYPE="multipart/form-data"> <tr><td><input type='radio' name='TYPE' value='host' checked /></td> <td class='base'>$Lang::tr{'host to net vpn'}</td></tr> - <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr> + <tr><td align='right' colspan'3'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr> </form></table> END ; @@ -2537,26 +3009,26 @@ foreach my $dkey (keys %confighash) { $key = &General::findhasharraykey (%confighash);
- foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";} + foreach my $i (0 .. 38) { $confighash{$key}[$i] = "";} $confighash{$key}[0] = 'off'; $confighash{$key}[1] = $n2nname[0]; - $confighash{$key}[2] = $n2nname[0]; + $confighash{$key}[2] = $n2nname[0]; $confighash{$key}[3] = 'net'; $confighash{$key}[4] = 'cert'; $confighash{$key}[6] = 'client'; $confighash{$key}[8] = $n2nlocalsub[2]; - $confighash{$key}[10] = $n2nremote[1]; - $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]"; + $confighash{$key}[10] = $n2nremote[1]; + $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]"; $confighash{$key}[22] = $n2nmgmt[2]; - $confighash{$key}[23] = $mssfixactive; + $confighash{$key}[23] = $mssfixactive; $confighash{$key}[24] = $n2nfragment[1]; - $confighash{$key}[25] = 'IPFire n2n Client'; + $confighash{$key}[25] = 'IPFire n2n Client'; $confighash{$key}[26] = 'red'; - $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0"; - $confighash{$key}[28] = $n2nproto[0]; - $confighash{$key}[29] = $n2nport[1]; - $confighash{$key}[30] = $complzoactive; - $confighash{$key}[31] = $n2ntunmtu[1]; + $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0"; + $confighash{$key}[28] = $n2nproto[0]; + $confighash{$key}[29] = $n2nport[1]; + $confighash{$key}[30] = $complzoactive; + $confighash{$key}[31] = $n2ntunmtu[1];
&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); @@ -2655,45 +3127,194 @@ if ($confighash{$cgiparams{'KEY'}}) { } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) || ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) || ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) { - + &General::readhash("${General::swroot}/ovpn/settings", %vpnsettings); &General::readhasharray("${General::swroot}/ovpn/caconfig", %cahash); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
if ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) { - if (! $confighash{$cgiparams{'KEY'}}[0]) { - $errormessage = $Lang::tr{'invalid key'}; - goto VPNCONF_END; - } - $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0]; - $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1]; - $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3]; - $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; - $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5]; - $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6]; - $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8]; - $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10]; - $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11]; -# n2n m.a.d new fields - $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22]; - $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23]; - $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24]; - $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; - $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26]; -#new fields - $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27]; - $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28]; - $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29]; - $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30]; - $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31]; - -#new fields -#ab hiere error uebernehmen - - } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { + if (! $confighash{$cgiparams{'KEY'}}[0]) { + $errormessage = $Lang::tr{'invalid key'}; + goto VPNCONF_END; + } + $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0]; + $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1]; + $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3]; + $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; + $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5]; + $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6]; + $cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8]; + $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10]; + $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11]; + $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22]; + $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23]; + $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24]; + $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; + $cgiparams{'INTERFACE'} = $confighash{$cgiparams{'KEY'}}[26]; + $cgiparams{'OVPN_SUBNET'} = $confighash{$cgiparams{'KEY'}}[27]; + $cgiparams{'PROTOCOL'} = $confighash{$cgiparams{'KEY'}}[28]; + $cgiparams{'DEST_PORT'} = $confighash{$cgiparams{'KEY'}}[29]; + $cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30]; + $cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31]; + $cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32]; + my $name=$cgiparams{'CHECK1'} ; + $cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33]; + $cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34]; + $cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35]; + $cgiparams{'CCD_DNS2'} = $confighash{$cgiparams{'KEY'}}[36]; + $cgiparams{'CCD_WINS'} = $confighash{$cgiparams{'KEY'}}[37]; + } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { $cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'}); - if ($cgiparams{'TYPE'} !~ /^(host|net)$/) { +#A.Marx CCD check iroute field and convert it to decimal + + my @temp=(); + my %ccdroutehash=(); + my $keypoint=0; + if ($cgiparams{'IR'} ne ''){ + @temp = split("\n",$cgiparams{'IR'}); + &General::readhasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + #find key to use + foreach my $key (keys %ccdroutehash) { + if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) { + $keypoint=$key; + delete $ccdroutehash{$key}; + }else{ + $keypoint = &General::findhasharraykey (%ccdroutehash); + } + } + $ccdroutehash{$keypoint}[0]=$cgiparams{'NAME'}; + my $i=1; + my $val=0; + foreach $val (@temp){ + chomp($val); + $val=~s/\s*$//g; + my($ip,$cidr) = split(///,$val); + $cidr=&General::iporsubtodec($cidr); + + #check if iroute exists in ccdroute + foreach my $key (keys %ccdroutehash) { + foreach my $oldiroute ( 1 .. $#{$ccdroutehash{$key}}){ + if ($ccdroutehash{$key}[$oldiroute] eq "$ip/$cidr") { + $errormessage=$Lang::tr{'ccd err irouteexist'}; + goto VPNCONF_ERROR; + } + } + } + + #check for existing network IP's + if ((&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0')|| + (&General::IpInSubnet ($ip,$netsettings{RED_NETADDRESS},$netsettings{RED_NETMASK}) && $netsettings{RED_NETADDRESS} ne '0.0.0.0')|| + (&General::IpInSubnet ($ip,$netsettings{BLUE_NETADDRESS},$netsettings{BLUE_NETMASK}) && $netsettings{BLUE_NETADDRESS} ne '0.0.0.0' && $netsettings{BLUE_NETADDRESS} gt '')|| + (&General::IpInSubnet ($ip,$netsettings{ORANGE_NETADDRESS},$netsettings{ORANGE_NETMASK}) && $netsettings{ORANGE_NETADDRESS} ne '0.0.0.0' && $netsettings{ORANGE_NETADDRESS} gt '' )){ + $errormessage="$ip USED FOR SYSTEM!"; + goto VPNCONF_ERROR; + } + + + + if (&General::validipandmask($val)){ + $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr; + }else{ + $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($ip/$cidr)"; + goto VPNCONF_ERROR; + } + $i++; + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + &writeserverconf; + }else{ + &General::readhasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + foreach my $key (keys %ccdroutehash) { + if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}) { + delete $ccdroutehash{$key}; + &General::writehasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + &writeserverconf; + } + } + } + undef @temp; + #check route field and convert it to decimal + my %ccdroute2hash=(); + my $val=0; + my $i=1; + + &General::readhasharray("${General::swroot}/ovpn/ccdroute2", %ccdroute2hash); + if($cgiparams{'IFROUTE'} eq $Lang::tr{'ccd none'} || $cgiparams{'IFROUTE'} eq '') { + undef $cgiparams{'IFROUTE'}; + foreach my $key (keys %ccdroute2hash){ + if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) { + delete $ccdroute2hash{$key}; + } + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute2", %ccdroute2hash); + }else{ + #find key to use + foreach my $key (keys %ccdroute2hash) { + if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}) { + $keypoint=$key; + delete $ccdroute2hash{$key}; + }else{ + $keypoint = &General::findhasharraykey (%ccdroute2hash); + &General::writehasharray("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + &writeserverconf; + } + } + $ccdroute2hash{$keypoint}[0]=$cgiparams{'NAME'}; + @temp = split(/|/,$cgiparams{'IFROUTE'}); + my %ownnet=(); + &General::readhash("${General::swroot}/ethernet/settings", %ownnet); + foreach $val (@temp){ + chomp($val); + $val=~s/\s*$//g; + if ($val eq $Lang::tr{'green'}) + { + $val=$ownnet{GREEN_NETADDRESS}."/".$ownnet{GREEN_NETMASK}; + } + if ($val eq $Lang::tr{'blue'}) + { + $val=$ownnet{BLUE_NETADDRESS}."/".$ownnet{BLUE_NETMASK}; + } + if ($val eq $Lang::tr{'orange'}) + { + $val=$ownnet{ORANGE_NETADDRESS}."/".$ownnet{ORANGE_NETMASK}; + } + my ($ip,$cidr) = split (///, $val); + if (! &check_routes_push($val)){$errormessage=$errormessage."Route $val ".$Lang::tr{'ccd err routeovpn2'}." ($val)";goto VPNCONF_ERROR;} + if (! &check_ccdroute($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err inuse'}." ($val)" ;goto VPNCONF_ERROR;} + if (! &check_ccdconf($val)){$errormessage=$errormessage."<br>Route $val ".$Lang::tr{'ccd err routeovpn'}." ($val)";goto VPNCONF_ERROR;} + if (&General::validipandmask($val)){ + $val=$ip."/".&General::iporsubtodec($cidr); + $ccdroute2hash{$keypoint}[$i] = $val; + }else{ + $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)"; + goto VPNCONF_ERROR; + } + $i++; + } + &General::writehasharray("${General::swroot}/ovpn/ccdroute2", %ccdroute2hash); + } + #check dns1 ip + if ($cgiparams{'CCD_DNS1'} ne '' && ! &General::validip($cgiparams{'CCD_DNS1'})) { + $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 1"; + goto VPNCONF_ERROR; + } + #check dns2 ip + if ($cgiparams{'CCD_DNS2'} ne '' && ! &General::validip($cgiparams{'CCD_DNS2'})) { + $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp dns'}." 2"; + goto VPNCONF_ERROR; + } + #check wins ip + if ($cgiparams{'CCD_WINS'} ne '' && ! &General::validip($cgiparams{'CCD_WINS'})) { + $errormessage=$errormessage."<br>".$Lang::tr{'invalid input for dhcp wins'}; + goto VPNCONF_ERROR; + } + + +#CCD End + + + if ($cgiparams{'TYPE'} !~ /^(host|net)$/) { $errormessage = $Lang::tr{'connection type is invalid'}; if ($cgiparams{'TYPE'} eq 'net') { unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; @@ -3143,45 +3764,119 @@ if ($cgiparams{'TYPE'} eq 'net') {
# Save the config my $key = $cgiparams{'KEY'}; + if (! $key) { $key = &General::findhasharraykey (%confighash); - foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";} + foreach my $i (0 .. 38) { $confighash{$key}[$i] = "";} } - $confighash{$key}[0] = $cgiparams{'ENABLED'}; - $confighash{$key}[1] = $cgiparams{'NAME'}; + $confighash{$key}[0] = $cgiparams{'ENABLED'}; + $confighash{$key}[1] = $cgiparams{'NAME'}; if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') { - $confighash{$key}[2] = $cgiparams{'CERT_NAME'}; + $confighash{$key}[2] = $cgiparams{'CERT_NAME'}; } - $confighash{$key}[3] = $cgiparams{'TYPE'}; + + $confighash{$key}[3] = $cgiparams{'TYPE'}; if ($cgiparams{'AUTH'} eq 'psk') { - $confighash{$key}[4] = 'psk'; - $confighash{$key}[5] = $cgiparams{'PSK'}; + $confighash{$key}[4] = 'psk'; + $confighash{$key}[5] = $cgiparams{'PSK'}; } else { - $confighash{$key}[4] = 'cert'; + $confighash{$key}[4] = 'cert'; } if ($cgiparams{'TYPE'} eq 'net') { - $confighash{$key}[6] = $cgiparams{'SIDE'}; - $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; + $confighash{$key}[6] = $cgiparams{'SIDE'}; + $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; } - $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; - $confighash{$key}[10] = $cgiparams{'REMOTE'}; + $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; + $confighash{$key}[10] = $cgiparams{'REMOTE'}; if ($cgiparams{'OVPN_MGMT'} eq '') { - $confighash{$key}[22] = $confighash{$key}[29]; + $confighash{$key}[22] = $confighash{$key}[29]; } else { - $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'}; + $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'}; } - $confighash{$key}[23] = $cgiparams{'MSSFIX'}; - $confighash{$key}[24] = $cgiparams{'FRAGMENT'}; - $confighash{$key}[25] = $cgiparams{'REMARK'}; - $confighash{$key}[26] = $cgiparams{'INTERFACE'}; + $confighash{$key}[23] = $cgiparams{'MSSFIX'}; + $confighash{$key}[24] = $cgiparams{'FRAGMENT'}; + $confighash{$key}[25] = $cgiparams{'REMARK'}; + $confighash{$key}[26] = $cgiparams{'INTERFACE'}; # new fields - $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'}; - $confighash{$key}[28] = $cgiparams{'PROTOCOL'}; - $confighash{$key}[29] = $cgiparams{'DEST_PORT'}; - $confighash{$key}[30] = $cgiparams{'COMPLZO'}; - $confighash{$key}[31] = $cgiparams{'MTU'}; -# new fileds + $confighash{$key}[27] = $cgiparams{'OVPN_SUBNET'}; + $confighash{$key}[28] = $cgiparams{'PROTOCOL'}; + $confighash{$key}[29] = $cgiparams{'DEST_PORT'}; + $confighash{$key}[30] = $cgiparams{'COMPLZO'}; + $confighash{$key}[31] = $cgiparams{'MTU'}; + $confighash{$key}[32] = $cgiparams{'CHECK1'}; + my $name=$cgiparams{'CHECK1'}; + $confighash{$key}[33] = $cgiparams{$name}; + $confighash{$key}[34] = $cgiparams{'RG'}; + $confighash{$key}[35] = $cgiparams{'CCD_DNS1'}; + $confighash{$key}[36] = $cgiparams{'CCD_DNS2'}; + $confighash{$key}[37] = $cgiparams{'CCD_WINS'}; + + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); + + if ($cgiparams{'CHECK1'} ){ + + my ($ccdip,$ccdsub)=split "/",$cgiparams{$name}; + my ($a,$b,$c,$d) = split (/./,$ccdip); + if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";} + open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!"; + print CCDRWCONF "# OpenVPN Clientconfig from CCD extension by Copymaster#\n\n"; + if($cgiparams{'CHECK1'} eq 'dynamic'){ + print CCDRWCONF "#This client uses the dynamic pool\n"; + }else{ + print CCDRWCONF "#Ip address client and Server\n"; + print CCDRWCONF "ifconfig-push $ccdip ".&General::getlastip($ccdip,1)."\n"; + } + if ($confighash{$key}[34] eq 'on'){ + print CCDRWCONF "\n#Redirect Gateway: \n#All IP traffic is redirected through the vpn \n"; + print CCDRWCONF "push redirect-gateway\n"; + } + if ($cgiparams{'IR'} ne ''){ + print CCDRWCONF "\n#Client routes these Networks (behind Client)\n"; + foreach my $key (keys %ccdroutehash){ + if ($ccdroutehash{$key}[0] eq $cgiparams{'NAME'}){ + foreach my $i ( 1 .. $#{$ccdroutehash{$key}}){ + my ($a,$b)=split (///,$ccdroutehash{$key}[$i]); + print CCDRWCONF "iroute $a $b\n"; + } + } + } + } + if ($cgiparams{'IFROUTE'} ne ''){ + print CCDRWCONF "\n#Client gets routes to these Networks (behind IPFIRE)\n"; + foreach my $key (keys %ccdroute2hash){ + if ($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){ + foreach my $i ( 1 .. $#{$ccdroute2hash{$key}}){ + if($ccdroute2hash{$key}[$i] eq $Lang::tr{'blue'}){ + my %blue=(); + &General::readhash("${General::swroot}/ethernet/settings", %blue); + print CCDRWCONF "push "route $blue{BLUE_ADDRESS} $blue{BLUE_NETMASK}\n"; + }elsif($ccdroute2hash{$key}[$i] eq $Lang::tr{'orange'}){ + my %orange=(); + &General::readhash("${General::swroot}/ethernet/settings", %orange); + print CCDRWCONF "push "route $orange{ORANGE_ADDRESS} $orange{ORANGE_NETMASK}\n"; + }else{ + my ($a,$b)=split (///,$ccdroute2hash{$key}[$i]); + print CCDRWCONF "push "route $a $b"\n"; + } + } + } + } + } + if(($cgiparams{'CCD_DNS1'} eq '') && ($cgiparams{'CCD_DNS1'} ne '')){ $cgiparams{'CCD_DNS1'} = $cgiparams{'CCD_DNS2'};$cgiparams{'CCD_DNS2'}='';} + if($cgiparams{'CCD_DNS1'} ne ''){ + print CCDRWCONF "\n#Client gets these Nameservers\n"; + print CCDRWCONF "push "dhcp-option DNS $cgiparams{'CCD_DNS1'}" \n"; + } + if($cgiparams{'CCD_DNS2'} ne ''){ + print CCDRWCONF "push "dhcp-option DNS $cgiparams{'CCD_DNS2'}" \n"; + } + if($cgiparams{'CCD_WINS'} ne ''){ + print CCDRWCONF "\n#Client gets this WINS server\n"; + print CCDRWCONF "push "dhcp-option WINS $cgiparams{'CCD_WINS'}" \n"; + } + close CCDRWCONF; + }
### # m.a.d n2n begin @@ -3308,12 +4003,17 @@ if ($cgiparams{'TYPE'} eq 'net') { }
&Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:"); - print "<table width='100%'>\n"; - print "<tr><td width='25%' class='boldbase'>$Lang::tr{'name'}:</td>"; + print "<table width='100%' border='0'>\n"; + + + + print "<tr><td width='14%' class='boldbase'>$Lang::tr{'name'}: </td>"; + if ($cgiparams{'TYPE'} eq 'host') { if ($cgiparams{'KEY'}) { - print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>\n"; + print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>"; } else { + print "<td width='35%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' size='30' /></td>"; } # print "<tr><td>$Lang::tr{'interface'}</td>"; @@ -3333,6 +4033,9 @@ if ($cgiparams{'TYPE'} eq 'net') { } else { print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>"; } + + + print <<END <td width='25%'> </td> <td width='25%'> </td></tr> @@ -3374,46 +4077,64 @@ if ($cgiparams{'TYPE'} eq 'net') { <td colspan='2'>$Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}</span></td>
END - ; +; }
print "<tr><td class='boldbase'>$Lang::tr{'remark title'} <img src='/blob.gif' /></td>"; - print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr>"; + print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr></table>"; if ($cgiparams{'TYPE'} eq 'host') { + print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>"; + }
- print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>\n"; - } - -# if ($cgiparams{'KEY'}) { -# print "<td colspan='3'> </td></tr></table>"; -# } else { -# print "<td colspan='3'><input type='checkbox' name='EDIT_ADVANCED' $checked{'EDIT_ADVANCED'}{'on'} /> $Lang::tr{'edit advanced settings when done'}</tr></table>"; -# } -# }else{ - print "<td colspan='3'> </td></tr></table>"; -# } - + print"</tr></table><br><br>"; +#A.Marx CCD new client - + print "<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td colspan='3'><hr><br><b>$Lang::tr{'ccd choose net'}</td></tr><tr><td height='20' colspan='3'></td></tr>"; + my %ccdconfhash=(); + my %ccdroutehash=(); + my %ccdroute2hash=(); + my %vpnnet=(); + my $vpnip; + &General::readhash("${General::swroot}/ovpn/settings", %vpnnet); + $vpnip=$vpnnet{'DOVPN_SUBNET'}; + &General::readhasharray("${General::swroot}/ovpn/ccd.conf", %ccdconfhash); + my @ccdconf=(); + my $count=0; + my $checked; + $checked{'check1'}{'off'} = ''; + $checked{'check1'}{'on'} = ''; + $checked{'check1'}{$cgiparams{'CHECK1'}} = 'CHECKED'; + print"<tr><td align='center' width='1%' valign='top'><input type='radio' name='CHECK1' value='dynamic' checked /></td><td align='left' valign='top' width='35%'>$Lang::tr{'ccd dynrange'} ($vpnip)</td><td width='30%'>"; + print"</td></tr></table><br><br>"; + my $name=$cgiparams{'CHECK1'}; + $checked{'RG'}{$cgiparams{'RG'}} = 'CHECKED'; + + if (! -z "${General::swroot}/ovpn/ccd.conf"){ + print"<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td width='1%'></td><td width='30%' class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td width='15%' class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' align='center' width='18%'><b>$Lang::tr{'ccd clientip'}</td></tr>"; + foreach my $key (keys %ccdconfhash) { + $count++; + @ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]); + if ($count % 2){print"<tr bgcolor='$color{'color22'}'>";}else{print"<tr bgcolor='$color{'color20'}'>";} + print"<td align='center' width='1%'><input type='radio' name='CHECK1' value='$ccdconf[0]' $checked{'check1'}{$ccdconf[0]}/></td><td>$ccdconf[0]</td><td width='40%' align='center'>$ccdconf[1]</td><td align='left' width='10%'>"; + &fillselectbox($ccdconf[1],$ccdconf[0],$cgiparams{$name}); + print"</td></tr>"; + } + print "</table><br><br><hr><br><br>"; + } +# ccd end &Header::closebox(); - if ($cgiparams{'KEY'} && $cgiparams{'AUTH'} eq 'psk') { - # &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'}); - # print <<END - # <table width='100%' cellpadding='0' cellspacing='5' border='0'> - # <tr><td class='base' width='50%'>$Lang::tr{'use a pre-shared key'}</td> - # <td class='base' width='50%'><input type='text' name='PSK' size='30' value='$cgiparams{'PSK'}' /></td></tr> - # </table> -END - # ; - # &Header::closebox(); - } elsif (! $cgiparams{'KEY'}) { + + } elsif (! $cgiparams{'KEY'}) { + + my $disabled=''; my $cakeydisabled=''; my $cacrtdisabled=''; if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" }; if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" }; + &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'});
@@ -3510,8 +4231,96 @@ END ### ; &Header::closebox(); + + } + print"<br><br>"; + &Header::openbox('100%', 'LEFT', "$Lang::tr{'ccd client options'}:"); + +#A.Marx CCD new client + + print <<END; + <table border='0' width='100%'> + <tr><td width='20%'>Redirect Gateway:</td><td colspan='3'><input type='checkbox' name='RG' $checked{'RG'}{'on'} /></td></tr> + <tr><td colspan='4'><b><br>$Lang::tr{'ccd routes'}</b></td></tr> + <tr><td colspan='4'> </td></tr> + <tr><td valign='top'>$Lang::tr{'ccd iroute'}</td><td align='left' width='30%'><textarea name='IR' cols='26' rows='6' wrap='off'> +END + + if ($cgiparams{'IR'} ne ''){ + print $cgiparams{'IR'}; + }else{ + &General::readhasharray ("${General::swroot}/ovpn/ccdroute", %ccdroutehash); + foreach my $key (keys %ccdroutehash) { + if( $cgiparams{'NAME'} eq $ccdroutehash{$key}[0]){ + foreach my $i (1 .. $#{$ccdroutehash{$key}}) { + if ($ccdroutehash{$key}[$i] ne ''){ + print $ccdroutehash{$key}[$i]."\n"; + } + $cgiparams{'IR'} .= $ccdroutehash{$key}[$i]; + } + } + } } + + print <<END; +</textarea></td><td valign='top' colspan='2'>$Lang::tr{'ccd iroutehint'}</td></tr> + <tr><td colspan='4'><br></td></tr> + <tr><td valign='top' rowspan='3'>$Lang::tr{'ccd iroute2'}</td><td align='left' valign='top' rowspan='3'><select name='IFROUTE' style="width: 205px"; size='6' multiple> +END
+ our @current = (); + open(FILE, "${General::swroot}/main/routing") ; + @current = <FILE>; + close (FILE); + &General::readhasharray ("${General::swroot}/ovpn/ccdroute2", %ccdroute2hash); + my $set=0; + my $selorange=0; + my $selblue=0; + my $helpblue=0; + my $helporange=0; + print"<option>$Lang::tr{'ccd none'}</option>"; + print"<option selected>$Lang::tr{'green'}</option>"; + + foreach my $line (@current) { + chomp($line); # remove newline + my @temp=split(/,/,$line); + $temp[1] = '' unless defined $temp[1]; # not always populated + my ($a,$b) = split(///,$temp[1]); + $temp[1] = $a."/".&General::iporsubtocidr($b); + foreach my $key (keys %ccdroute2hash) { + if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){ + foreach my $i (1 .. $#{$ccdroute2hash{$key}}) { + + if($ccdroute2hash{$key}[$i] eq $a."/".&General::iporsubtodec($b)){ + $set=1; + } + if (&haveBlueNet()){ + if($netsettings{'BLUE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'BLUE_NETMASK'} eq $ccdroute2hash{$key}[$i])) { + $selblue=1; + + } + } + if (&haveOrangeNet()){ + if($netsettings{'ORANGE_NETADDRESS'}."/".&General::iporsubtodec($netsettings{'ORANGE_NETMASK'}) eq $ccdroute2hash{$key}[$i]) { + $selorange=1; + } + } + } + } + } + if ($set == '1'){ print"<option selected>$temp[1]</option>";$set=0;}else{print"<option>$temp[1]</option>";} + if (&haveBlueNet() && $selblue == '1'){ print"<option selected>$Lang::tr{'blue'}</option>";$selblue=0;}elsif(&haveBlueNet() && $selblue == '0'){print"<option>$Lang::tr{'blue'}</option>";} + if (&haveOrangeNet() && $selorange == '1'){ print"<option selected>$Lang::tr{'orange'}</option>";$selorange=0;}elsif(&haveOrangeNet() && $selorange == '0'){print"<option>$Lang::tr{'orange'}</option>";} + } + print<<END + </select></td><td valign='top'>DNS1:</td><td valign='top'><input type='TEXT' name='CCD_DNS1' value='$cgiparams{'CCD_DNS1'}' size='30' /></td></tr> + <tr valign='top'><td>DNS2:</td><td><input type='TEXT' name='CCD_DNS2' value='$cgiparams{'CCD_DNS2'}' size='30' /></td></tr> + <tr valign='top'><td valign='top'>WINS:</td><td><input type='TEXT' name='CCD_WINS' value='$cgiparams{'CCD_WINS'}' size='30' /></td></tr></table><br><hr> + +END +; + &Header::closebox(); + print "<div align='center'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />"; if ($cgiparams{'KEY'}) { # print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced'}' />"; @@ -3538,24 +4347,21 @@ END my @status = `/bin/cat /var/log/ovpnserver.log`;
if ($cgiparams{'VPN_IP'} eq '' && -e "${General::swroot}/red/active") { - if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) { - my $ipaddr = <IPADDR>; - close IPADDR; - chomp ($ipaddr); - $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/./, $ipaddr)), 2))[0]; - if ($cgiparams{'VPN_IP'} eq '') { - $cgiparams{'VPN_IP'} = $ipaddr; - } - } + if (open(IPADDR, "${General::swroot}/red/local-ipaddress")) { + my $ipaddr = <IPADDR>; + close IPADDR; + chomp ($ipaddr); + $cgiparams{'VPN_IP'} = (gethostbyaddr(pack("C4", split(/./, $ipaddr)), 2))[0]; + if ($cgiparams{'VPN_IP'} eq '') { + $cgiparams{'VPN_IP'} = $ipaddr; + } + } }
#default setzen if ($cgiparams{'DCIPHER'} eq '') { $cgiparams{'DCIPHER'} = 'BF-CBC'; } -# if ($cgiparams{'DCOMPLZO'} eq '') { -# $cgiparams{'DCOMPLZO'} = 'on'; -# } if ($cgiparams{'DDEST_PORT'} eq '') { $cgiparams{'DDEST_PORT'} = '1194'; } @@ -3565,8 +4371,7 @@ END if ($cgiparams{'DOVPN_SUBNET'} eq '') { $cgiparams{'DOVPN_SUBNET'} = '10.' . int(rand(256)) . '.' . int(rand(256)) . '.0/255.255.255.0'; } - - $checked{'ENABLED'}{'off'} = ''; + $checked{'ENABLED'}{'off'} = ''; $checked{'ENABLED'}{'on'} = ''; $checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED'; $checked{'ENABLED_BLUE'}{'off'} = ''; @@ -3626,8 +4431,8 @@ END $activeonrun = "disabled='disabled'"; } &Header::openbox('100%', 'LEFT', $Lang::tr{'global settings'}); - print <<END - <table width='100%'> + print <<END + <table width='100%' border=0> <form method='post'> <td width='25%'> </td> <td width='25%'> </td> @@ -3635,7 +4440,7 @@ END <tr><td class='boldbase'>$Lang::tr{'ovpn server status'}</td> <td align='left'>$sactive</td> <tr><td class='boldbase'>$Lang::tr{'ovpn on red'}</td> - <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td> + <td><input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td> END ; if (&haveBlueNet()) { @@ -3674,18 +4479,20 @@ END <option value='CAST5-CBC' $selected{'DCIPHER'}{'CAST5-CBC'}>CAST5-CBC</option> <option value='AES-128-CBC' $selected{'DCIPHER'}{'AES-128-CBC'}>AES-128-CBC</option> <option value='AES-192-CBC' $selected{'DCIPHER'}{'AES-192-CBC'}>AES-192-CBC</option> - <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td> + <option value='AES-256-CBC' $selected{'DCIPHER'}{'AES-256-CBC'}>AES-256-CBC</option></select></td></tr> + <tr><td colspan='4'><hr /></td></tr> END ;
if ( $srunning eq "yes" ) { - print "<tr><td align='left'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' disabled='disabled' /></td>"; - print "<td><input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' disabled='disabled'/></td>"; - print "<td><input type='submit' name='ACTION' value='$Lang::tr{'stop ovpn server'}' /></td>"; - print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' /></td></tr>"; + print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' disabled='disabled' />"; + print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />"; + print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />"; + print "<input type='submit' name='ACTION' value='$Lang::tr{'stop ovpn server'}' /></td></tr>"; } else{ - print "<tr><td align='left'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' /></td>"; - print "<td><input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' /></td>"; + print "<tr><td align='right' colspan='4'><input type='submit' name='ACTION' value='$Lang::tr{'save'}' />"; + print "<input type='submit' name='ACTION' value='$Lang::tr{'ccd net'}' />"; + print "<input type='submit' name='ACTION' value='$Lang::tr{'advanced server'}' />"; if (( -e "${General::swroot}/ovpn/ca/cacert.pem" && -e "${General::swroot}/ovpn/ca/dh1024.pem" && -e "${General::swroot}/ovpn/certs/servercert.pem" && @@ -3693,11 +4500,9 @@ END (( $cgiparams{'ENABLED'} eq 'on') || ( $cgiparams{'ENABLED_BLUE'} eq 'on') || ( $cgiparams{'ENABLED_ORANGE'} eq 'on'))){ - print "<td><input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' /></td>"; - print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' /></td></tr>"; + print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' /></td></tr>"; } else { - print "<td><input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' disabled='disabled' /></td>"; - print "<td><input type='submit' name='ACTION' value='$Lang::tr{'restart ovpn server'}' disabled='disabled' /></td></tr>"; + print "<input type='submit' name='ACTION' value='$Lang::tr{'start ovpn server'}' disabled='disabled' /></td></tr>"; } } print "</form></table>"; @@ -3829,18 +4634,19 @@ END </tr> </table> END - ; +; } - print <<END - <form method='post' enctype='multipart/form-data'> - <table width='100%' border='0' cellspacing='1' cellpadding='0'> - <tr><td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td> - <td nowrap='nowrap'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' /> - <td nowrap='nowrap'><input type='file' name='FH' size='30' /></td> - <td nowrap='nowrap'><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /><br /><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td> - </tr></table></form> + +print <<END +<form method='post' enctype='multipart/form-data'> +<table width='100%' border='0'> +<tr><td class='base' nowrap='nowrap'>$Lang::tr{'ca name'}:</td><td nowrap='nowrap' width='8%'><input type='text' name='CA_NAME' value='$cgiparams{'CA_NAME'}' size='15' align='left'/></td><td nowrap='nowrap' align='right'><input type='file' name='FH' size='25' /><input type='submit' name='ACTION' value='$Lang::tr{'upload ca certificate'}' /></td></tr> +<tr><td colspan='4'><hr /></td></tr> +<tr align='right'><td colspan='4' align='right' width='80%'><input type='submit' name='ACTION' value='$Lang::tr{'show crl'}' /></td></tr> +</table> END - ; +; +
&Header::closebox(); if ( $srunning eq "yes" ) { @@ -3863,8 +4669,7 @@ END <tr> <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td> <td width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></td> - <td width='18%' class='boldbase' align='center'><b>$Lang::tr{'common name'}</b></td> - <td width='22%' class='boldbase' align='center'><b>$Lang::tr{'valid till'}</b></td> + <td width='22%' class='boldbase' align='center'><b>$Lang::tr{'network'}</b></td> <td width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td> <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></td> <td width='5%' class='boldbase' colspan='6' align='center'><b>$Lang::tr{'action'}</b></td> @@ -3883,15 +4688,17 @@ END } print "<td align='center' nowrap='nowrap'>$confighash{$key}[1]</td>"; print "<td align='center' nowrap='nowrap'>" . $Lang::tr{"$confighash{$key}[3]"} . " (" . $Lang::tr{"$confighash{$key}[4]"} . ")</td>"; - if ($confighash{$key}[4] eq 'cert') { - print "<td align='left' nowrap='nowrap'>$confighash{$key}[2]</td>"; - } else { - print "<td align='left'> </td>"; - } + #if ($confighash{$key}[4] eq 'cert') { + #print "<td align='left' nowrap='nowrap'>$confighash{$key}[2]</td>"; + #} else { + #print "<td align='left'> </td>"; + #} my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`; $cavalid =~ /Not After : (.*)[\n]/; $cavalid = $1; - print "<td align='center'>$cavalid</td>"; + if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]="net-2-net";} + if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'host' ){$confighash{$key}[32]="dynamic";} + print "<td align='center'>$confighash{$key}[32]</td>"; print "<td align='center'>$confighash{$key}[25]</td>";
my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>"; @@ -4029,7 +4836,7 @@ END # If the config file contains entries, print Key to action icons if ( $id ) { print <<END - <table> + <table border='0'> <tr> <td class='boldbase'> <b>$Lang::tr{'legend'}:</b></td> <td> <img src='/images/on.gif' alt='$Lang::tr{'click to disable'}' /></td> @@ -4050,7 +4857,7 @@ END <td> <img src='/images/openvpn.png' alt='?RELOAD'/></td> <td class='base'>$Lang::tr{'dl client arch'}</td> </tr> - </table> + </table><hr> END ; } @@ -4058,8 +4865,8 @@ END print <<END <table width='100%'> <form method='post'> - <tr><td width='50%' ><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td> - <td width='50%' ><input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td></tr> + <tr><td align='right'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /> + <input type='submit' name='ACTION' value='$Lang::tr{'ovpn con stat'}' $activeonrun /></td></tr> </form> </table> END diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index f686c30..cb29cf1 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -351,6 +351,7 @@ 'arp table entries' => 'Einträge der ARP-Tabelle:', 'artist' => 'Künstler', 'attemps' => 'Versuche', +'attention' => 'ACHTUNG', 'august' => 'August', 'authentication' => 'Authentifizierung:', 'automatic' => 'Automatisch', @@ -455,6 +456,42 @@ 'capsopen' => 'VERBUNDEN', 'capswarning' => 'WARNUNG', 'caption' => 'Legende', +'ccd add' => 'Netzwerk hinzufügen', +'ccd choose net' => 'Netzwerk auswählen', +'ccd client options' => 'Erweiterte Client-Optionen', +'ccd clientip' => 'Hostadresse', +'ccd dynrange' => 'Dynamischer OpenVPN IP-Addressen-Pool', +'ccd err blue' => 'Das ist das BLAUE Subnetz.', +'ccd err green' => 'Das ist das GRÜNE Subnetz.', +'ccd err hostinnet' => 'Das Netzwerk kann nicht gelöscht werden, da sich in ihm noch Clients befinden.', +'ccd err inuse' => 'Wird bereits von einem anderen Client genutzt.', +'ccd err invalidname' => 'Ungültiger Name. Erlaubte Zeichen: A-Z, a-z, Bindestrich und Leerzeichen.', +'ccd err invalidnet' => 'Ungültige IP-Addresse. Format: 192.168.0.0/24 oder 192.168.0.0/255.255.255.0.', +'ccd err iroute' => 'Netzadresse für Route ungültig.', +'ccd err irouteexist' => 'Diese Route wird bereits verwendet.', +'ccd err isovpnnet' => 'Subnetzadresse wird für bereits für den OpenVPN-Server verwendet!', +'ccd err issubnet' => 'Subnetzadresse wird bereits verwendet.', +'ccd err name' => 'Es muss ein Name angegeben werden.', +'ccd err nameexist' => 'Name existiert bereits.', +'ccd err netadr' => 'Subnetzadresse ist ungültig oder Bereich zu groß.', +'ccd err netadrexist' => 'Netwerk existiert bereits.', +'ccd err orange' => 'Das ist das ORANGE Subnetz.', +'ccd err red' => 'Das ist das ROTE Subnetz.', +'ccd err routeovpn' => 'Wird vom OpenVPN-Server genutzt.', +'ccd err routeovpn2' => 'Wird bereits vom OpenVPN-Server verteilt.', +'ccd hint' => 'Auf dieser Seite können statische Netzwerke definiert werden, von denen Roadwarrior-Clients feste Adressen zugewiesen bekommen können.', +'ccd invalid' => 'ist ungültig.', +'ccd iroute' => 'IPFire hat Zugriff auf diese Netzwerke auf Clientseite: ', +'ccd iroute2' => 'Client hat Zugriff auf diese Netzwerke auf IPFire-Seite: ', +'ccd iroutehint' => 'Achtung! Wenn Sie diese Einstellungen ändern, muss der OpenVPN Server neu gestartet werden!', +'ccd maxclients' => 'Mögliche Adressen', +'ccd modify' => 'Netzwerk ändern', +'ccd name' => 'Name', +'ccd net' => 'Statische IP-Adressen-Pools', +'ccd none' => 'Keine', +'ccd routes' => 'Routen:', +'ccd subnet' => 'Subnetz', +'ccd used' => 'Genutzte Adressen', 'cert' => 'Zertifikat', 'certificate' => 'Zertifikat', 'certificate authorities' => 'Zertifizierungsstellen (CAs)', @@ -1568,6 +1605,7 @@ 'september' => 'September', 'serial' => 'serielle', 'server reserved' => 'The connection name server is reserved and not allowed', +'server restart' => 'Wenn hier etwas geändert wird, muss der openVPN Server neu gestartet werden, damit die Einstellungen übernommen werden!', 'server string' => 'Server String', 'service' => 'Dienst', 'service added' => 'Benutzerdefinierter Netzwerkdienst wurde hinzugefügt', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 5fe2391..d92fadc 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -353,6 +353,7 @@ 'arp table entries' => 'ARP Table Entries:', 'artist' => 'Artist', 'attemps' => 'Attempts', +'attention' => 'ATTENTION', 'august' => 'August', 'authentication' => 'Authentication:', 'automatic' => 'Automatic', @@ -474,6 +475,41 @@ 'capsopen' => 'CONNECTED', 'capswarning' => 'WARNING', 'caption' => 'Caption', +'ccd add' => 'Add network', +'ccd choose net' => 'Choose network', +'ccd client options' => 'Advanced client options', +'ccd clientip' => 'Host address', +'ccd dynrange' => 'Dynamic OpenVPN IP address pool', +'ccd err blue' => 'This is the BLUE subnet.', +'ccd err green' => 'This is the GREEN subnet.', +'ccd err hostinnet' => 'You are not able to delete this network, while it still contains clients.', +'ccd err inuse' => 'Already used by another client.', +'ccd err invalidname' => 'Invalid name. Allowed characters are A-Z, a-z, dash and space.', +'ccd err invalidnet' => 'Invalid IP address. Format: 192.168.0.0/24 or 192.168.0.0/255.255.255.0.', +'ccd err iroute' => 'Network address for route is invalid.', +'ccd err irouteexist' => 'This route is already in use.', +'ccd err isovpnnet' => 'Subnet address already in use for OpenVPN Server.', +'ccd err issubnet' => 'Subnet address already in use.', +'ccd err name' => 'Please choose a name.', +'ccd err nameexist' => 'Name already exists.', +'ccd err netadr' => 'Subnet address is invalid or range is too large.', +'ccd err netadrexist' => 'Network already exists.', +'ccd err orange' => 'This is the ORANGE subnet.', +'ccd err red' => 'This is the RED subnet.', +'ccd err routeovpn' => 'Already used by OpenVPN server.', +'ccd err routeovpn2' => 'Already pushed from OpenVPN server.', +'ccd hint' => 'On this page you are able to define static networks from which the roadwarrior clients can get fixed IP address assignments.', +'ccd invalid' => 'Invalid.', +'ccd iroute' => 'IPFire has access to these networks on the client's site', +'ccd iroute2' => 'Client has access to these networks on IPFire's site', +'ccd iroutehint' => 'Attention! If you change these settings, you have to restart the OpenVPN server that the changes take effect!', +'ccd modify' => 'Change network', +'ccd name' => 'Name', +'ccd net' => 'Static IP address pools', +'ccd none' => 'None', +'ccd routes' => 'Routing:', +'ccd subnet' => 'Subnet', +'ccd used' => 'Used addresses', 'cert' => 'Certificate', 'certificate' => 'Certificate', 'certificate authorities' => 'Certificate Authorities', @@ -895,7 +931,7 @@ 'gpl unofficial translation of the general public license v3' => 'Unofficial translation of the General Public License v3', 'graph' => 'Graph', 'graph per' => 'per', -'green' => 'Green', +'green' => 'GREEN', 'green interface' => 'Green Interface', 'guaranteed bandwith' => 'Guaranteed bandwith', 'guardian alertfile' => 'Alertfile', @@ -1598,6 +1634,7 @@ 'september' => 'September', 'serial' => 'Serial', 'server reserved' => 'The connection name server is reserved and not allowed', +'server restart' => 'If you change these settings you have to restart the OpenVPN server for the changes to take effect!', 'server string' => 'Server String', 'service' => 'Service', 'service added' => 'Custom network service added',
hooks/post-receive -- IPFire 2.x development tree