This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, kernel-update has been updated via deddfbd445426c80f0b2e765786cc1bdc3849e12 (commit) via e18c5b3a42479db27f17ce603750e4acf0ab8c4b (commit) via b7be421741d5349253340976e1238978c86c7c91 (commit) via b21c471b731194c8cb43a1dec775685b5446e2c1 (commit) via 54fd05358b874a2bbb5c0f58f4a04f010c196388 (commit) via 650a4d8097023cc6e8f54d86db377e756a29c07c (commit) via 9e7e1c143d874e713725c77444cadd734b131047 (commit) via 25057c911bfd2972df3d12d6e0d6f1c8f2af0294 (commit) via eb12fca108f40e1b66f05c2291565530050a7724 (commit) via 968d4ea400651b48672390956ae856a9f62deba0 (commit) via a5bc82a447a25aea3a4f6de3db962a2122244556 (commit) via aba19c3022093d3e3f187707cd810a1b417a1cc6 (commit) from 9b95d689d522622fc8b1b9173cd3002de6c366f8 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit deddfbd445426c80f0b2e765786cc1bdc3849e12 Merge: e18c5b3 9b95d68 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Mar 10 18:21:44 2012 +0100
Merge branch 'kernel-update' of ssh://arne_f@git.ipfire.org/pub/git/ipfire-2.x into kernel-update
commit e18c5b3a42479db27f17ce603750e4acf0ab8c4b Merge: d5c0c77 b7be421 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sat Mar 10 17:47:01 2012 +0100
Merge branch 'next' into kernel-update
-----------------------------------------------------------------------
Summary of changes: config/cfgroot/general-functions.pl | 8 + config/rootfiles/common/Net-Telnet | 4 + config/rootfiles/common/libpng | 4 +- config/rootfiles/common/openvpn | 6 +- config/rootfiles/common/strongswan | 21 +- config/rootfiles/common/usb_modeswitch | 2 +- config/rootfiles/core/57/update.sh | 5 +- config/rootfiles/core/{55 => 58}/exclude | 0 config/rootfiles/core/58/filelists/Net-Telnet | 1 + config/rootfiles/core/{55 => 58}/filelists/files | 1 + .../{oldcore/39 => core/58}/filelists/libpng | 0 config/rootfiles/core/{53 => 58}/filelists/openvpn | 0 .../rootfiles/core/{53 => 58}/filelists/strongswan | 0 .../core/{53 => 58}/filelists/usb_modeswitch | 0 config/rootfiles/core/{52 => 58}/meta | 0 config/rootfiles/core/{57 => 58}/update.sh | 13 +- html/cgi-bin/index.cgi | 46 +++ html/cgi-bin/ovpnmain.cgi | 304 ++++++++++++++++---- langs/de/cgi-bin/de.pl | 4 + lfs/{Crypt-PasswdMD5 => Net-Telnet} | 6 +- lfs/libpng | 8 +- lfs/openvpn | 18 +- lfs/strongswan | 4 +- lfs/usb_modeswitch | 4 +- lfs/vim | 3 +- make.sh | 3 +- 26 files changed, 361 insertions(+), 104 deletions(-) create mode 100644 config/rootfiles/common/Net-Telnet copy config/rootfiles/core/{55 => 58}/exclude (100%) create mode 120000 config/rootfiles/core/58/filelists/Net-Telnet copy config/rootfiles/core/{55 => 58}/filelists/files (74%) copy config/rootfiles/{oldcore/39 => core/58}/filelists/libpng (100%) copy config/rootfiles/core/{53 => 58}/filelists/openvpn (100%) copy config/rootfiles/core/{53 => 58}/filelists/strongswan (100%) copy config/rootfiles/core/{53 => 58}/filelists/usb_modeswitch (100%) copy config/rootfiles/core/{52 => 58}/meta (100%) copy config/rootfiles/core/{57 => 58}/update.sh (93%) copy lfs/{Crypt-PasswdMD5 => Net-Telnet} (96%)
Difference in files: diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index cd4bfd5..567f2e1 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -414,6 +414,14 @@ sub ipcidr return "$ip/$cidr"; }
+sub ipcidr2msk +{ + my ($ip,$cidr) = &Net::IPv4Addr::ipv4_parse(shift); + my $netmask = &Net::IPv4Addr::ipv4_cidr2msk($cidr); + return "$ip/$netmask"; +} + + sub validemail { my $mail = shift; return 0 if ( $mail !~ /^[0-9a-zA-Z.-_]+@[0-9a-zA-Z.-]+$/ ); diff --git a/config/rootfiles/common/Net-Telnet b/config/rootfiles/common/Net-Telnet new file mode 100644 index 0000000..8769517 --- /dev/null +++ b/config/rootfiles/common/Net-Telnet @@ -0,0 +1,4 @@ +usr/lib/perl5/site_perl/5.12.3/Net/Telnet.pm +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Net/Telnet +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Net/Telnet/.packlist +#usr/share/man/man3/Net::Telnet.3 diff --git a/config/rootfiles/common/libpng b/config/rootfiles/common/libpng index 2b2ab10..c29eaa7 100644 --- a/config/rootfiles/common/libpng +++ b/config/rootfiles/common/libpng @@ -9,12 +9,12 @@ #usr/lib/libpng.la usr/lib/libpng.so usr/lib/libpng.so.3 -usr/lib/libpng.so.3.44.0 +usr/lib/libpng.so.3.46.0 #usr/lib/libpng12.a #usr/lib/libpng12.la usr/lib/libpng12.so usr/lib/libpng12.so.0 -usr/lib/libpng12.so.0.44.0 +usr/lib/libpng12.so.0.46.0 #usr/lib/pkgconfig/libpng.pc #usr/lib/pkgconfig/libpng12.pc #usr/share/man/man3/libpng.3 diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/openvpn index 0f2aa47..18f4d31 100644 --- a/config/rootfiles/common/openvpn +++ b/config/rootfiles/common/openvpn @@ -1,5 +1,6 @@ -lib/openvpn-auth-pam.so -lib/openvpn-down-root.so +usr/lib/openvpn +usr/lib/openvpn/openvpn-auth-pam.so +usr/lib/openvpn/openvpn-down-root.so usr/sbin/openvpn #usr/share/doc/openvpn #usr/share/doc/openvpn/management-notes.txt @@ -16,5 +17,6 @@ var/ipfire/ovpn/n2nconf var/ipfire/ovpn/openssl/ovpn.cnf var/ipfire/ovpn/ovpn-leases.db var/ipfire/ovpn/ovpnconfig +var/ipfire/ovpn/scripts var/ipfire/ovpn/settings var/ipfire/ovpn/verify diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan index c7d4bbd..9b02c0b 100644 --- a/config/rootfiles/common/strongswan +++ b/config/rootfiles/common/strongswan @@ -10,6 +10,7 @@ etc/ipsec.d/private etc/ipsec.d/reqs etc/ipsec.secrets etc/strongswan.conf +#usr/lib/ipsec #usr/lib/ipsec/libcharon.a #usr/lib/ipsec/libcharon.la usr/lib/ipsec/libcharon.so @@ -25,15 +26,6 @@ usr/lib/ipsec/libhydra.so.0.0.0 usr/lib/ipsec/libstrongswan.so usr/lib/ipsec/libstrongswan.so.0 usr/lib/ipsec/libstrongswan.so.0.0.0 -#usr/libexec/ipsec -usr/libexec/ipsec/_copyright -usr/libexec/ipsec/_pluto_adns -usr/libexec/ipsec/_updown -usr/libexec/ipsec/_updown_espmark -usr/libexec/ipsec/charon -usr/libexec/ipsec/openac -usr/libexec/ipsec/pki -#usr/lib/ipsec #usr/lib/ipsec/plugins #usr/lib/ipsec/plugins/libstrongswan-aes.a #usr/lib/ipsec/plugins/libstrongswan-aes.la @@ -77,6 +69,9 @@ usr/lib/ipsec/plugins/libstrongswan-pgp.so #usr/lib/ipsec/plugins/libstrongswan-pkcs1.a #usr/lib/ipsec/plugins/libstrongswan-pkcs1.la usr/lib/ipsec/plugins/libstrongswan-pkcs1.so +#usr/lib/ipsec/plugins/libstrongswan-pkcs8.a +#usr/lib/ipsec/plugins/libstrongswan-pkcs8.la +usr/lib/ipsec/plugins/libstrongswan-pkcs8.so #usr/lib/ipsec/plugins/libstrongswan-pubkey.a #usr/lib/ipsec/plugins/libstrongswan-pubkey.la usr/lib/ipsec/plugins/libstrongswan-pubkey.so @@ -113,6 +108,14 @@ usr/lib/ipsec/plugins/libstrongswan-xauth.so #usr/lib/ipsec/plugins/libstrongswan-xcbc.a #usr/lib/ipsec/plugins/libstrongswan-xcbc.la usr/lib/ipsec/plugins/libstrongswan-xcbc.so +#usr/libexec/ipsec +usr/libexec/ipsec/_copyright +usr/libexec/ipsec/_pluto_adns +usr/libexec/ipsec/_updown +usr/libexec/ipsec/_updown_espmark +usr/libexec/ipsec/charon +usr/libexec/ipsec/openac +usr/libexec/ipsec/pki usr/libexec/ipsec/pluto usr/libexec/ipsec/scepclient usr/libexec/ipsec/starter diff --git a/config/rootfiles/common/usb_modeswitch b/config/rootfiles/common/usb_modeswitch index fe60c05..ab46c4d 100644 --- a/config/rootfiles/common/usb_modeswitch +++ b/config/rootfiles/common/usb_modeswitch @@ -1,5 +1,5 @@ etc/usb_modeswitch.conf -#lib/udev/usb_modeswitch +lib/udev/usb_modeswitch usr/sbin/usb_modeswitch usr/sbin/usb_modeswitch_dispatcher #usr/share/man/man1/usb_modeswitch.1 diff --git a/config/rootfiles/core/57/update.sh b/config/rootfiles/core/57/update.sh index 6668c8f..177bf72 100644 --- a/config/rootfiles/core/57/update.sh +++ b/config/rootfiles/core/57/update.sh @@ -36,16 +36,19 @@ done #Stop services /etc/init.d/squid stop /etc/init.d/apache stop +/etc/init.d/ipsec stop
# #Extract files extract_files
- # #Start services /etc/init.d/squid start /etc/init.d/apache start +if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then + /etc/init.d/ipsec start +fi
# #Update Language cache diff --git a/config/rootfiles/core/58/exclude b/config/rootfiles/core/58/exclude new file mode 100644 index 0000000..7360266 --- /dev/null +++ b/config/rootfiles/core/58/exclude @@ -0,0 +1,12 @@ +srv/web/ipfire/html/proxy.pac +etc/udev/rules.d/30-persistent-network.rules +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +var/updatecache +etc/localtime +var/ipfire/ovpn +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf diff --git a/config/rootfiles/core/58/filelists/Net-Telnet b/config/rootfiles/core/58/filelists/Net-Telnet new file mode 120000 index 0000000..66ca926 --- /dev/null +++ b/config/rootfiles/core/58/filelists/Net-Telnet @@ -0,0 +1 @@ +../../../common/Net-Telnet \ No newline at end of file diff --git a/config/rootfiles/core/58/filelists/files b/config/rootfiles/core/58/filelists/files new file mode 100644 index 0000000..afb3d99 --- /dev/null +++ b/config/rootfiles/core/58/filelists/files @@ -0,0 +1,3 @@ +etc/system-release +etc/issue +etc/vimrc diff --git a/config/rootfiles/core/58/filelists/libpng b/config/rootfiles/core/58/filelists/libpng new file mode 120000 index 0000000..8ef96e2 --- /dev/null +++ b/config/rootfiles/core/58/filelists/libpng @@ -0,0 +1 @@ +../../../common/libpng \ No newline at end of file diff --git a/config/rootfiles/core/58/filelists/openvpn b/config/rootfiles/core/58/filelists/openvpn new file mode 120000 index 0000000..493f3f7 --- /dev/null +++ b/config/rootfiles/core/58/filelists/openvpn @@ -0,0 +1 @@ +../../../common/openvpn \ No newline at end of file diff --git a/config/rootfiles/core/58/filelists/strongswan b/config/rootfiles/core/58/filelists/strongswan new file mode 120000 index 0000000..90c727e --- /dev/null +++ b/config/rootfiles/core/58/filelists/strongswan @@ -0,0 +1 @@ +../../../common/strongswan \ No newline at end of file diff --git a/config/rootfiles/core/58/filelists/usb_modeswitch b/config/rootfiles/core/58/filelists/usb_modeswitch new file mode 120000 index 0000000..acbab6f --- /dev/null +++ b/config/rootfiles/core/58/filelists/usb_modeswitch @@ -0,0 +1 @@ +../../../common/usb_modeswitch \ No newline at end of file diff --git a/config/rootfiles/core/58/meta b/config/rootfiles/core/58/meta new file mode 100644 index 0000000..d547fa8 --- /dev/null +++ b/config/rootfiles/core/58/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/58/update.sh b/config/rootfiles/core/58/update.sh new file mode 100644 index 0000000..d05fb84 --- /dev/null +++ b/config/rootfiles/core/58/update.sh @@ -0,0 +1,77 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2012 IPFire-Team info@ipfire.org. # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +# +# Remove old core updates from pakfire cache to save space... +core=58 +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# +#Stop services +/etc/init.d/ipsec stop + +# +#Extract files +extract_files + +# +#Start services +if [ `grep "ENABLED=on" /var/ipfire/vpn/settings` ]; then + /etc/init.d/ipsec start +fi + +# +#Update Language cache +perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" + +#Rebuild module dep's +#depmod -a 2.6.32.45-ipfire >/dev/null 2>&1 +#depmod -a 2.6.32.45-ipfire-pae >/dev/null 2>&1 +#depmod -a 2.6.32.45-ipfire-xen >/dev/null 2>&1 + +#Rebuild initrd's because some compat-wireless modules are inside +#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45.img 2.6.32.45-ipfire +#if [ -e /boot/ipfirerd-2.6.32.45-pae.img ]; then +#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45-pae.img 2.6.32.45-ipfire-pae +#fi +#if [ -e /boot/ipfirerd-2.6.32.45-xen.img ]; then +#/sbin/dracut --force --verbose /boot/ipfirerd-2.6.32.45-xen.img 2.6.32.45-ipfire-xen +#fi + +sync + +# This update need a reboot... +#touch /var/run/need_reboot + +# +#Finish +/etc/init.d/fireinfo start +sendprofile +#Don't report the exitcode last command +exit 0 diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi index b325250..0023523 100644 --- a/html/cgi-bin/index.cgi +++ b/html/cgi-bin/index.cgi @@ -20,6 +20,7 @@ ###############################################################################
use strict; +use Net::Telnet;
# enable only the following on debugging purpose #use warnings; @@ -387,9 +388,54 @@ END <tr><td align='center' bgcolor='$Header::colourovpn' width='25%'><a href="/cgi-bin/ovpnmain.cgi"><font size='2' color='white'><b>OpenVPN</b></font></a><br> <td width='30%' align='center'>$ovpnip <td width='45%' align='center'><font color=$Header::colourgreen>Online</font> + END + }
+### +# m.a.d n2n +### + +if ( -d "${General::swroot}/ovpn/n2nconf") { +my %confighash=(); +my $display = ''; + +&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); +foreach my $dkey (keys %confighash) { +if ($confighash{$dkey}[3] eq 'net') { + + + if (-e "/var/run/$confighash{$dkey}[1]n2n.pid") { + my @output = ""; + my @tustate = ""; + my $tport = $confighash{$dkey}[22]; + my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport); + if ($tport ne '') { + $tnet->open('127.0.0.1'); + @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/'); + @tustate = split(/,/, $output[1]); + if ( $tustate[1] eq 'CONNECTED') + { $display = "<font color=$Header::colourgreen>$Lang::tr{'capsopen'}</font>"; + } else { + $display = "<font color=$Header::colourred>$tustate[1]</font>"; } + + print <<END; + <tr><td align='center' bgcolor='$Header::colourvpn' width='25%'><a href="/cgi-bin/ovpnmain.cgi"><font size='2' color='white'><b>OpenVPN n2n</b></font></a><br> + <td width='30%' align='center'> $confighash{$dkey}[10]<td width='45%' align='center'> $display + +END +; +} +} +} +} +} + +### +# m.a.d n2n end +### + # Fireinfo if ( ! -e "/var/ipfire/main/send_profile") { $warnmessage .= "<li><a style='color: white;' href='fireinfo.cgi'>$Lang::tr{'fireinfo please enable'}</a></li>"; diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index b6c5fc0..4bfb6aa 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -18,11 +18,14 @@ # along with this program. If not, see http://www.gnu.org/licenses/. # # # ############################################################################### - +### +# Based on IPFireCore 55 +### use CGI; use CGI qw/:standard/; use Net::DNS; use Net::Ping; +use Net::Telnet; use File::Copy; use File::Temp qw/ tempfile tempdir /; use strict; @@ -33,8 +36,8 @@ require "${General::swroot}/header.pl"; require "${General::swroot}/countries.pl";
# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; +use warnings; +use CGI::Carp 'fatalsToBrowser'; #workaround to suppress a warning when a variable is used only once my @dummy = ( ${Header::colourgreen} ); undef (@dummy); @@ -57,6 +60,7 @@ my %selected=(); my $warnmessage = ''; my $errormessage = ''; my %settings=(); +my $routes_push_file = ''; &General::readhash("${General::swroot}/ethernet/settings", %netsettings); $cgiparams{'ENABLED'} = 'off'; $cgiparams{'ENABLED_BLUE'} = 'off'; @@ -70,9 +74,11 @@ $cgiparams{'CA_NAME'} = ''; $cgiparams{'DHCP_DOMAIN'} = ''; $cgiparams{'DHCP_DNS'} = ''; $cgiparams{'DHCP_WINS'} = ''; +$cgiparams{'ROUTES_PUSH'} = ''; $cgiparams{'DCOMPLZO'} = 'off'; $cgiparams{'MSSFIX'} = ''; - +$routes_push_file = "${General::swroot}/ovpn/routes_push"; +unless (-e $routes_push_file) { system("touch $routes_push_file"); }
&Header::getcgihash(%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
@@ -307,10 +313,13 @@ sub disallowreserved return; }
+ sub writeserverconf { - my %sovpnsettings = (); + my %sovpnsettings = (); + my @temp = (); &General::readhash("${General::swroot}/ovpn/settings", %sovpnsettings); - + &read_routepushfile; + open(CONF, ">${General::swroot}/ovpn/server.conf") or die "Unable to open ${General::swroot}/ovpn/server.conf: $!"; flock CONF, 2; print CONF "#OpenVPN Server conf\n"; @@ -333,6 +342,16 @@ sub writeserverconf { my @tempovpnsubnet = split("/",$sovpnsettings{'DOVPN_SUBNET'}); print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n"; print CONF "push "route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}"\n"; + + if ($vpnsettings{'ROUTES_PUSH'} ne '') { + @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'}); + foreach (@temp) + { + @tempovpnsubnet = split("/",&General::ipcidr2msk($_)); + print CONF "push "route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . ""\n"; + } + } + if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { print CONF "client-to-client\n"; } @@ -410,7 +429,29 @@ sub validdotmask if (($mask =~ /./ )) { return 0; } return 1; } - + +# ------------------------------------------------------------------- + +sub write_routepushfile +{ + open(FILE, ">$routes_push_file"); + flock(FILE, 2); + if ($vpnsettings{'ROUTES_PUSH'} ne '') { + print FILE $vpnsettings{'ROUTES_PUSH'}; + } + close(FILE); +} + +sub read_routepushfile +{ + if (-e "$routes_push_file") { + open(FILE,"$routes_push_file"); + delete $vpnsettings{'ROUTES_PUSH'}; + while (<FILE>) { $vpnsettings{'ROUTES_PUSH'} .= $_ }; + close(FILE); + $cgiparams{'ROUTES_PUSH'} = $vpnsettings{'ROUTES_PUSH'}; + } +}
#hier die refresh page @@ -473,6 +514,8 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { $vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'}; $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'}; $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'}; + $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'}; + my @temp=();
if ($cgiparams{'FRAGMENT'} eq '') { delete $vpnsettings{'FRAGMENT'}; @@ -504,8 +547,31 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { if ($cgiparams{'DHCP_WINS'} ne ''){ unless (&General::validfqdn($cgiparams{'DHCP_WINS'}) || &General::validip($cgiparams{'DHCP_WINS'})) { $errormessage = $Lang::tr{'invalid input for dhcp wins'}; - goto ADV_ERROR; + goto ADV_ERROR; + } + } + if ($cgiparams{'ROUTES_PUSH'} ne ''){ + @temp = split(/\n/,$cgiparams{'ROUTES_PUSH'}); + undef $vpnsettings{'ROUTES_PUSH'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) + { + unless (&General::validipandmask($_)) { + $errormessage = $Lang::tr{'ovpn errmsg invalid ip or mask'}; + goto ADV_ERROR; + } + my ($ip, $cidr) = split("/",&General::ipcidr2msk($_)); + if ($ip eq $netsettings{'GREEN_NETADDRESS'} && $cidr eq $netsettings{'GREEN_NETMASK'}) { + $errormessage = $Lang::tr{'ovpn errmsg green already pushed'}; + goto ADV_ERROR; + } + $vpnsettings{'ROUTES_PUSH'} .= $_."\n"; + } } + &write_routepushfile; + undef $vpnsettings{'ROUTES_PUSH'}; } if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 255 )) { $errormessage = $Lang::tr{'invalid input for max clients'}; @@ -541,7 +607,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' &&
my @remsubnet = split(///,$cgiparams{'REMOTE_SUBNET'}); my @ovsubnettemp = split(/./,$cgiparams{'OVPN_SUBNET'}); -my $ovsubnet = "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]"; +my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]"; my $tunmtu = '';
unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";} @@ -564,7 +630,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "# IP adresses of the VPN Subnet\n"; print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; print SERVERCONF "# Client Gateway Network\n"; - print SERVERCONF "route @remsubnet[0] @remsubnet[1]\n"; + print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n"; print SERVERCONF "# tun Device\n"; print SERVERCONF "dev tun\n"; print SERVERCONF "# Port and Protokol\n"; @@ -582,10 +648,9 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "# Paketsize\n"; if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}}; print SERVERCONF "tun-mtu $tunmtu\n"; - if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";} - if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n";} + if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";} + if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; }; } - print SERVERCONF "# Auth. Server\n"; print SERVERCONF "tls-server\n"; print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; @@ -606,7 +671,8 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "daemon $cgiparams{'NAME'}n2n\n"; print SERVERCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n"; print SERVERCONF "# Activate Management Interface and Port\n"; - print SERVERCONF "#management localhost 4711\n"; + if ($cgiparams{'OVPN_MGMT'} eq '') {print SERVERCONF "management localhost $cgiparams{'DEST_PORT'}\n"} + else {print SERVERCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"}; close(SERVERCONF);
} @@ -618,10 +684,10 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client') { my @ovsubnettemp = split(/./,$cgiparams{'OVPN_SUBNET'}); - my $ovsubnet = "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]"; + my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]"; my @remsubnet = split(///,$cgiparams{'REMOTE_SUBNET'}); my $tunmtu = ''; - + unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";} unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
@@ -642,7 +708,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "# IP adresses of the VPN Subnet\n"; print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; print CLIENTCONF "# Server Gateway Network\n"; - print CLIENTCONF "route @remsubnet[0] @remsubnet[1]\n"; + print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n"; print CLIENTCONF "# tun Device\n"; print CLIENTCONF "dev tun\n"; print CLIENTCONF "# Port and Protokol\n"; @@ -653,7 +719,6 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "# Packet size\n"; if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}}; print CLIENTCONF "tun-mtu $tunmtu\n"; - print CLIENTCONF "ns-cert-type server\n"; }
if ($cgiparams{'PROTOCOL'} eq 'udp') { @@ -661,10 +726,11 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "# Paketsize\n"; if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}}; print CLIENTCONF "tun-mtu $tunmtu\n"; - if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";} - if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n";} + if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";} + if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; }; } - + + print CLIENTCONF "ns-cert-type server\n"; print CLIENTCONF "# Auth. Client\n"; print CLIENTCONF "tls-client\n"; print CLIENTCONF "# Cipher\n"; @@ -682,7 +748,8 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "daemon $cgiparams{'NAME'}n2n\n"; print CLIENTCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n"; print CLIENTCONF "# Activate Management Interface and Port\n"; - print CLIENTCONF "# management localhost 4711\n"; + if ($cgiparams{'OVPN_MGMT'} eq '') {print CLIENTCONF "management localhost $cgiparams{'DEST_PORT'}\n"} + else {print CLIENTCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"}; close(CLIENTCONF);
} @@ -1549,9 +1616,10 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ my $zippathname = "$zippath$zipname"; $clientovpn = "$confighash{$cgiparams{'KEY'}}[1].conf"; my @ovsubnettemp = split(/./,$confighash{$cgiparams{'KEY'}}[27]); - my $ovsubnet = "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]"; + my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]"; my $tunmtu = ''; my @remsubnet = split(///,$confighash{$cgiparams{'KEY'}}[8]); + my $n2nfragment = '';
open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!"; flock CLIENTCONF, 2; @@ -1582,7 +1650,6 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ print CLIENTCONF "# Packet size\n"; if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1400'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]}; print CLIENTCONF "tun-mtu $tunmtu\n"; - print CLIENTCONF "ns-cert-type server\n"; }
if ($confighash{$cgiparams{'KEY'}}[28] eq 'udp') { @@ -1590,10 +1657,10 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ print CLIENTCONF "# Paketsize\n"; if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1500'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]}; print CLIENTCONF "tun-mtu $tunmtu\n"; - if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";} + if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";} if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";} } - + print CLIENTCONF "ns-cert-type server\n"; print CLIENTCONF "# Auth. Client\n"; print CLIENTCONF "tls-client\n"; print CLIENTCONF "# Cipher\n"; @@ -1614,7 +1681,8 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ print CLIENTCONF "daemon $confighash{$cgiparams{'KEY'}}[1]n2n\n"; print CLIENTCONF "writepid /var/run/$confighash{$cgiparams{'KEY'}}[1]n2n.pid\n"; print CLIENTCONF "# Activate Management Interface and Port\n"; - print CLIENTCONF "# management localhost 4711\n"; + if ($confighash{$cgiparams{'KEY'}}[22] eq '') {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[29]\n"} + else {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[22]\n"}; print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n";
@@ -1812,6 +1880,7 @@ else %cahash = (); %confighash = (); &General::readhash("${General::swroot}/ovpn/settings", %cgiparams); + read_routepushfile;
# if ($cgiparams{'CLIENT2CLIENT'} eq '') { # $cgiparams{'CLIENT2CLIENT'} = 'on'; @@ -1886,6 +1955,25 @@ ADV_ERROR: <tr> <td class='base'>WINS</td> <td><input type='TEXT' name='DHCP_WINS' value='$cgiparams{'DHCP_WINS'}' size='30' /></td> + </tr> + <tr> + <td colspan='4'><b>$Lang::tr{'ovpn routes push options'}</b></td> + </tr> + <tr> + <td class='base'>$Lang::tr{'ovpn routes push'}</td> + <td colspan='2'> + <textarea name='ROUTES_PUSH' cols='26' rows='6' wrap='off'> +END +; + +if ($cgiparams{'ROUTES_PUSH'} ne '') +{ + print $cgiparams{'ROUTES_PUSH'}; +} + +print <<END +</textarea></td> +</tr> </tr> </table> <hr size='1'> @@ -2200,7 +2288,12 @@ if ( -s "${General::swroot}/ovpn/settings") { <tr><td><input type='radio' name='TYPE' value='net2net' /></td> <td class='base'>$Lang::tr{'net to net vpn'} (Upload Client Package)</td></tr> <tr><td> </td><td class='base'><input type='file' name='FH' size='30'></td></tr> - <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr> + <tr><td> </td><td>Import Connection Name <img src='/blob.gif' /></td></tr> + <tr><td> </td><td class='base'><input type='text' name='n2nname' size='30'><td class='base'>Default : Client Packagename</td></td></tr> + <tr><td colspan='3'><hr /></td></tr> + <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr> + <tr><td> </td></tr> + <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' /> $Lang::tr{'this field may be blank'}</td></tr> </form></table> END ; @@ -2231,11 +2324,14 @@ END my @firen2nconf; my @confdetails; my $uplconffilename =''; + my $uplconffilename2 =''; my $uplp12name = ''; + my $uplp12name2 = ''; my @rem_subnet; my @rem_subnet2; my @tmposupnet3; my $key; + my @n2nname;
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
@@ -2299,14 +2395,38 @@ END ### # m.a.d net2net ### + + if ($cgiparams{'n2nname'} ne ''){ + + $uplconffilename2 = "$cgiparams{'n2nname'}.conf"; + $uplp12name2 = "$cgiparams{'n2nname'}.p12"; + $n2nname[0] = $cgiparams{'n2nname'}; + my @n2nname2 = split(/./,$uplconffilename); + $n2nname2[0] =~ s/\n|\r//g; + my $input1 = "${General::swroot}/ovpn/certs/$uplp12name"; + my $output1 = "${General::swroot}/ovpn/certs/$uplp12name2"; + my $input2 = "$n2nname2[0]n2n"; + my $output2 = "$n2nname[0]n2n"; + my $filename = "$tempdir/$uplconffilename"; + open(FILE, "< $filename") or die 'Unable to open config file.'; + my @current = <FILE>; + close(FILE); + foreach (@current) {s/$input1/$output1/g;} + foreach (@current) {s/$input2/$output2/g;} + open (OUT, "> $filename") || die 'Unable to open config file.'; + print OUT @current; + close OUT;
- my @n2nname = split(/./,$uplconffilename); + }else{ + $uplconffilename2 = $uplconffilename; + $uplp12name2 = $uplp12name; + @n2nname = split(/./,$uplconffilename); $n2nname[0] =~ s/\n|\r//g; - + } unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";} unless(-d "${General::swroot}/ovpn/n2nconf/$n2nname[0]"){mkdir "${General::swroot}/ovpn/n2nconf/$n2nname[0]", 0770 or die "Unable to create dir $!";}
- move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename"); + move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2");
if ($? ne 0) { $errormessage = "*.conf move failed: $!"; @@ -2314,7 +2434,7 @@ END goto N2N_ERROR; } - move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name"); + move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name2"); chmod 0600, "${General::swroot}/ovpn/certs/$uplp12name"; if ($? ne 0) { @@ -2327,18 +2447,20 @@ my $complzoactive; my $mssfixactive; my $n2nfragment; my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]); -my @n2nproto = split(/-/, @n2nproto2[1]); +my @n2nproto = split(/-/, $n2nproto2[1]); my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]); my @n2ntunmtu = split(/ /, (grep { /^tun-mtu/ } @firen2nconf)[0]); my @n2ncomplzo = grep { /^comp-lzo/ } @firen2nconf; if ($n2ncomplzo[0] =~ /comp-lzo/){$complzoactive = "on";} else {$complzoactive = "off";} my @n2nmssfix = grep { /^mssfix/ } @firen2nconf; if ($n2nmssfix[0] =~ /mssfix/){$mssfixactive = "on";} else {$mssfixactive = "off";} +#my @n2nmssfix = split(/ /, (grep { /^mssfix/ } @firen2nconf)[0]); my @n2nfragment = split(/ /, (grep { /^fragment/ } @firen2nconf)[0]); my @n2nremote = split(/ /, (grep { /^remote/ } @firen2nconf)[0]); my @n2novpnsuball = split(/ /, (grep { /^ifconfig/ } @firen2nconf)[0]); my @n2novpnsub = split(/./,$n2novpnsuball[1]); my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]); +my @n2nmgmt = split(/ /, (grep { /^management/ } @firen2nconf)[0]); my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]);
@@ -2357,6 +2479,7 @@ $n2nremsub[1] =~ s/\n|\r//g; $n2nremsub[2] =~ s/\n|\r//g; $n2nlocalsub[2] =~ s/\n|\r//g; $n2nfragment[1] =~ s/\n|\r//g; +$n2nmgmt[2] =~ s/\n|\r//g; chomp ($complzoactive); chomp ($mssfixactive);
@@ -2420,7 +2543,8 @@ foreach my $dkey (keys %confighash) { $confighash{$key}[8] = $n2nlocalsub[2]; $confighash{$key}[10] = $n2nremote[1]; $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]"; - $confighash{$key}[23] = $mssfixactive; + $confighash{$key}[22] = $n2nmgmt[2]; + $confighash{$key}[23] = $mssfixactive; $confighash{$key}[24] = $n2nfragment[1]; $confighash{$key}[25] = 'IPFire n2n Client'; $confighash{$key}[26] = 'red'; @@ -2466,6 +2590,7 @@ foreach my $dkey (keys %confighash) { <tr><td class='boldbase' nowrap='nowrap'>MSSFIX </td><td><b>$confighash{$key}[23]</b></td></tr> <tr><td class='boldbase' nowrap='nowrap'>Fragment </td><td><b>$confighash{$key}[24]</b></td></tr> <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr> <tr><td> </td><td> </td></tr> </table> END @@ -2546,6 +2671,7 @@ if ($confighash{$cgiparams{'KEY'}}) { $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10]; $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11]; # n2n m.a.d new fields + $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22]; $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23]; $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24]; $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; @@ -2612,6 +2738,13 @@ if ($cgiparams{'TYPE'} eq 'net') { rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; goto VPNCONF_ERROR; } + + if ($cgiparams{'DEST_PORT'} eq '') { + $errormessage = $Lang::tr{'openvpn destination port used'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + }
if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) { $errormessage = $Lang::tr{'openvpn subnet is used'}; @@ -2654,6 +2787,11 @@ if ($cgiparams{'TYPE'} eq 'net') { rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; goto VPNCONF_ERROR; } + + if ($cgiparams{'OVPN_MGMT'} eq '') { + $cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'}; + } + }
# if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) { @@ -3023,6 +3161,11 @@ if ($cgiparams{'TYPE'} eq 'net') { } $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; $confighash{$key}[10] = $cgiparams{'REMOTE'}; + if ($cgiparams{'OVPN_MGMT'} eq '') { + $confighash{$key}[22] = $confighash{$key}[29]; + } else { + $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'}; + } $confighash{$key}[23] = $cgiparams{'MSSFIX'}; $confighash{$key}[24] = $cgiparams{'FRAGMENT'}; $confighash{$key}[25] = $cgiparams{'REMARK'}; @@ -3069,6 +3212,14 @@ if ($cgiparams{'TYPE'} eq 'net') { goto VPNCONF_END; } else { $cgiparams{'ENABLED'} = 'on'; +### +# m.a.d n2n begin +### + $cgiparams{'MSSFIX'} = 'on'; + $cgiparams{'FRAGMENT'} = '1300'; +### +# m.a.d n2n end +### $cgiparams{'SIDE'} = 'left'; if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cgiparams{'AUTH'} = 'psk'; @@ -3204,13 +3355,19 @@ if ($cgiparams{'TYPE'} eq 'net') { <tr><td class='boldbase' nowrap='nowrap'>mssfix <img src='/blob.gif' /></td> <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td> - - <tr><td class='boldbase' nowrap='nowrap'>fragment <img src='/blob.gif' /></td> + <td>$Lang::tr{'openvpn default'}: <span class="base">on</span></td> + + <tr><td class='boldbase' nowrap='nowrap'>fragment <img src='/blob.gif' /></td> <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td> <td>$Lang::tr{'openvpn default'}: <span class="base">1300</span></td> <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'} <img src='/blob.gif' /></td> - <td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></TD> + <td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></td> + <td colspan='2'>$Lang::tr{'openvpn default'}: udp/tcp <span class="base">1500/1400</span></td> + + <tr><td class='boldbase' nowrap='nowrap'>Management Port <img src='/blob.gif' /></td> + <td> <input type='TEXT' name='OVPN_MGMT' VALUE='$cgiparams{'OVPN_MGMT'}'size='5' /></td> + <td colspan='2'>$Lang::tr{'openvpn default'}: <span class="base">$Lang::tr{'destination port'}</span></td>
END ; @@ -3260,10 +3417,12 @@ END
print <<END <table width='100%' cellpadding='0' cellspacing='5' border='0'> - <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr> + <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td><td class='base'>$Lang::tr{'upload a certificate request'}</td><td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr> <tr><td><input type='radio' name='AUTH' value='certfile' $checked{'AUTH'}{'certfile'} $cacrtdisabled /></td><td class='base'>$Lang::tr{'upload a certificate'}</td></tr> - <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' BORDER='0' /></td></tr> + <tr><td colspan='3'> </td></tr> + <tr><td colspan='3'><hr /></td></tr> + <tr><td colspan='3'> </td></tr> <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td> </td></tr> <tr><td> </td><td class='base'>$Lang::tr{'users fullname or system hostname'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr> <tr><td> </td><td class='base'>$Lang::tr{'users email'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr> @@ -3292,7 +3451,8 @@ print <<END <tr><td> </td><td class='base'>$Lang::tr{'city'}: <img src='/blob.gif'></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr> <tr><td> </td><td class='base'>$Lang::tr{'state or province'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr> <tr><td> </td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled> - + + END ;
@@ -3317,13 +3477,16 @@ if ($cgiparams{'TYPE'} eq 'host') { print <<END </select></td></tr>
- <td class='base'>$Lang::tr{'valid till'} (days):</td> + <td> </td><td class='base'>$Lang::tr{'valid till'} (days):</td> <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr> <tr><td> </td> <td class='base'>$Lang::tr{'pkcs12 file password'}:</td> <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value='$cgiparams{'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr> <tr><td> </td><td class='base'>$Lang::tr{'pkcs12 file password'}:<BR>($Lang::tr{'confirmation'})</td> <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr> + <tr><td colspan='3'> </td></tr> + <tr><td colspan='3'><hr /></td></tr> + <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' /> $Lang::tr{'this field may be blank'}</td></tr> </table> END }else{ @@ -3331,6 +3494,8 @@ END </select></td></tr> <tr><td> </td><td> </td><td> </td></tr> <tr><td> </td><td> </td><td> </td></tr> + <tr><td colspan='3'><hr /></td></tr> + <tr><td class='base' colspan='3' align='left'><img src='/blob.gif' alt='*' /> $Lang::tr{'this field may be blank'}</td></tr> </table>
END @@ -3683,6 +3848,7 @@ END
### # m.a.d net2net +#<td width='25%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b><br /><img src='/images/null.gif' width='125' height='1' border='0' alt='L2089' /></td> ###
&Header::openbox('100%', 'LEFT', $Lang::tr{'Client status and controlc' }); @@ -3694,8 +3860,8 @@ END <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td> <td width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></td> <td width='18%' class='boldbase' align='center'><b>$Lang::tr{'common name'}</b></td> - <td width='17%' class='boldbase' align='center'><b>$Lang::tr{'valid till'}</b></td> - <td width='25%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b><br /><img src='/images/null.gif' width='125' height='1' border='0' alt='L2089' /></td> + <td width='22%' class='boldbase' align='center'><b>$Lang::tr{'valid till'}</b></td> + <td width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></td> <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></td> <td width='5%' class='boldbase' colspan='6' align='center'><b>$Lang::tr{'action'}</b></td> </tr> @@ -3727,7 +3893,7 @@ END my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
if ($confighash{$key}[0] eq 'off') { - $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'openvpn disabled'}</font></b></td></tr></table>"; + $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>"; } else {
### @@ -3735,24 +3901,36 @@ END ###
if ($confighash{$key}[3] eq 'net') { -# my @tempovpnsubnet = split("/",$confighash{$key}[27]); -# my @ovpnip = split /./,$tempovpnsubnet[0]; -# my $pingip = ""; -# if ($confighash{$key}[6] eq 'server') { -# $pingip = "$ovpnip[0].$ovpnip[1].$ovpnip[2].2"; -# } else { -# $pingip = "$ovpnip[0].$ovpnip[1].$ovpnip[2].1"; -# } -# my $p = Net::Ping->new("udp",1); -# if ($p->ping($pingip)) { -# $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>"; -# } -# $p->close(); - - if (-e "/var/run/$confighash{$key}[1]n2n.pid") { - $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'openvpn enabled'}</font></b></td></tr></table>"; - } - } + + if (-e "/var/run/$confighash{$key}[1]n2n.pid") { + my @output = ""; + my @tustate = ""; + my $tport = $confighash{$key}[22]; + my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport); + if ($tport ne '') { + $tnet->open('127.0.0.1'); + @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/'); + @tustate = split(/,/, $output[1]); +### +#CONNECTING -- OpenVPN's initial state. +#WAIT -- (Client only) Waiting for initial response from server. +#AUTH -- (Client only) Authenticating with server. +#GET_CONFIG -- (Client only) Downloading configuration options from server. +#ASSIGN_IP -- Assigning IP address to virtual network interface. +#ADD_ROUTES -- Adding routes to system. +#CONNECTED -- Initialization Sequence Completed. +#RECONNECTING -- A restart has occurred. +#EXITING -- A graceful exit is in progress. +#### + + if ( $tustate[1] eq 'CONNECTED') { + $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></tr></td></table>"; + } else { + $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$tustate[1]</font></b></td></tr></table>"; + } + } + } + } else {
my $cn; my @match = (); @@ -3767,7 +3945,7 @@ END if ($cn eq "$confighash{$key}[2]") { $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>"; } - + }
} } diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 727470f..a47c9f7 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1367,6 +1367,10 @@ 'ovpn_processprioVH' => 'Sehr Hoch', 'ovpnstatus log' => 'OVPN-Status-Log', 'ovpnsys log' => 'OVPN-System-Log', +'ovpn routes push options' => 'Route push Optionen', +'ovpn routes push' => 'Routen', +'ovpn errmsg invalid ip or mask' => 'Ungültige Netzwerk-Adresse oder Subnetzmaske', +'ovpn errmsg green already pushed' => 'Route für grünes Netzwerk wird immer gesetzt', 'package failed to install' => 'Programmpaket konnte nicht installiert werden.', 'pagerefresh' => 'Seite wird aktualisiert. Bitte warten.', 'pakfire accept all' => 'Möchten Sie der Installation aller Pakete zustimmen?', diff --git a/lfs/Net-Telnet b/lfs/Net-Telnet new file mode 100644 index 0000000..8d911f8 --- /dev/null +++ b/lfs/Net-Telnet @@ -0,0 +1,77 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2012 IPFire Team info@ipfire.org # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see http://www.gnu.org/licenses/. # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 3.03 + +THISAPP = Net-Telnet-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 2f7d34b09d6117baefe89d44cff9d5fc + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/libpng b/lfs/libpng index 60b25a0..7075118 100644 --- a/lfs/libpng +++ b/lfs/libpng @@ -24,10 +24,10 @@
include Config
-VER = 1.2.44 +VER = 1.2.46
THISAPP = libpng-$(VER) -DL_FILE = $(THISAPP).tar.xz +DL_FILE = $(THISAPP).tar.gz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 098ab673ab74015978db98667febc4a9 +$(DL_FILE)_MD5 = 03ddfc17ad321db93f984581e9415d22
install : $(TARGET)
@@ -69,7 +69,7 @@ $(subst %,%_MD5,$(objects)) :
$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar Jxf $(DIR_DL)/$(DL_FILE) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP) && ./configure --prefix=/usr cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install diff --git a/lfs/openvpn b/lfs/openvpn index 41594b7..4f10e7a 100644 --- a/lfs/openvpn +++ b/lfs/openvpn @@ -24,7 +24,7 @@
include Config
-VER = 2.2.1 +VER = 2.2.2
THISAPP = openvpn-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 500bee5449b29906150569aaf2eb2730 +$(DL_FILE)_MD5 = c5181e27b7945fa6276d21873329c5c7
install : $(TARGET)
@@ -70,20 +70,26 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && ./configure --prefix=/usr --sysconfdir=/var/ipfire/ovpn \ - --enable-pthread + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --sysconfdir=/var/ipfire/ovpn \ + --enable-password-save \ + --enable-pthread cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install cd $(DIR_APP) && cp -Rvf $(DIR_SRC)/config/ovpn /var/ipfire + -mkdir -pv /usr/lib/openvpn cd $(DIR_APP)/plugin/auth-pam && make - cp -pvf $(DIR_APP)/plugin/auth-pam/openvpn-auth-pam.so /lib/ + cp -pvf $(DIR_APP)/plugin/auth-pam/openvpn-auth-pam.so /usr/lib/openvpn cd $(DIR_APP)/plugin/down-root && make - cp -pvf $(DIR_APP)/plugin/down-root/openvpn-down-root.so /lib/ + cp -pvf $(DIR_APP)/plugin/down-root/openvpn-down-root.so /usr/lib/openvpn -mkdir -vp /var/ipfire/ovpn/ca -mkdir -vp /var/ipfire/ovpn/crls -mkdir -vp /var/ipfire/ovpn/n2nconf + -mkdir -vp /var/ipfire/ovpn/scripts touch /var/ipfire/ovpn/ovpn-leases.db chmod 700 /var/ipfire/ovpn/ovpn-leases.db + chown -R root:root /var/ipfire/ovpn/scripts chown -R nobody:nobody /var/ipfire/ovpn chown root.nobody /var/log/ovpnserver.log chmod 755 /var/ipfire/ovpn/verify diff --git a/lfs/strongswan b/lfs/strongswan index 7370be9..964f2ed 100644 --- a/lfs/strongswan +++ b/lfs/strongswan @@ -24,7 +24,7 @@
include Config
-VER = 4.6.1 +VER = 4.6.2
THISAPP = strongswan-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 85a28a12ed6f286a5bc9117e3a9386bb +$(DL_FILE)_MD5 = ed64e6746011930a70f3a271dc0e3c9e
install : $(TARGET)
diff --git a/lfs/usb_modeswitch b/lfs/usb_modeswitch index db9ca3a..09a0b68 100644 --- a/lfs/usb_modeswitch +++ b/lfs/usb_modeswitch @@ -24,7 +24,7 @@
include Config
-VER = 1.2.2 +VER = 1.2.3
THISAPP = usb-modeswitch-$(VER) DL_FILE = $(THISAPP).tar.bz2 @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 4f3d3b9342b59b488089a8a81abda3ae +$(DL_FILE)_MD5 = 9b29e8b0d93d7604a9e5efc4696d37a3
install : $(TARGET)
diff --git a/lfs/vim b/lfs/vim index a018dc1..3935d33 100644 --- a/lfs/vim +++ b/lfs/vim @@ -79,9 +79,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) ln -sv vim /usr/bin/vi echo "set nocompatible" > /etc/vimrc echo "set backspace=2" >> /etc/vimrc + echo "set ruler" >> /etc/vimrc echo "syntax on" >> /etc/vimrc echo -e "if (&term == "iterm") || (&term == "putty")" >> /etc/vimrc - echo "set background=dark" >> /etc/vimrc + echo " set background=dark" >> /etc/vimrc echo "endif" >> /etc/vimrc @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/make.sh b/make.sh index c5f0828..da98e28 100755 --- a/make.sh +++ b/make.sh @@ -25,7 +25,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.11" # Version number -CORE="57" # Core Level (Filename) +CORE="58" # Core Level (Filename) PAKFIRE_CORE="57" # Core Level (PAKFIRE) GIT_BRANCH=`git status | head -n1 | cut -d" " -f4` # Git Branch SLOGAN="www.ipfire.org" # Software slogan @@ -575,6 +575,7 @@ buildipfire() { ipfiremake Locale-Country ipfiremake XML-Parser ipfiremake Crypt-PasswdMD5 + ipfiremake Net-Telnet ipfiremake python-setuptools ipfiremake python-clientform ipfiremake python-mechanize
hooks/post-receive -- IPFire 2.x development tree