[IPFire-SCM] [git.ipfire.org] IPFire 2.x development tree branch, openvpn-n2n, updated. ce9abb6627a085706077c1a11da1569fc3c7f244
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, openvpn-n2n has been updated via ce9abb6627a085706077c1a11da1569fc3c7f244 (commit) from c894a342345ca6b55edc75f0ced6ab7ffa7b7a42 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit ce9abb6627a085706077c1a11da1569fc3c7f244 Author: Alfred Haas alfred.haas@ipfire.org Date: Mon Jul 18 12:28:33 2011 +0200
Import ovpnmain.cgi with N2N support.
This is currently in development!
-----------------------------------------------------------------------
Summary of changes: html/cgi-bin/ovpnmain.cgi | 872 ++++++++++++++++++++++++++++++++++++++++---- 1 files changed, 792 insertions(+), 80 deletions(-)
Difference in files: diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index c99e7be..850555c 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -22,6 +22,7 @@ use CGI; use CGI qw/:standard/; use Net::DNS; +use Net::Ping; use File::Copy; use File::Temp qw/ tempfile tempdir /; use strict; @@ -32,8 +33,8 @@ require "${General::swroot}/header.pl"; require "${General::swroot}/countries.pl";
# enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; +use warnings; +use CGI::Carp 'fatalsToBrowser'; #workaround to suppress a warning when a variable is used only once my @dummy = ( ${Header::colourgreen} ); undef (@dummy); @@ -72,6 +73,7 @@ $cgiparams{'DHCP_WINS'} = ''; $cgiparams{'DCOMPLZO'} = 'off'; $cgiparams{'MSSFIX'} = '';
+ &Header::getcgihash(%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
# prepare openvpn config file @@ -514,12 +516,166 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { &writeserverconf();#hier ok }
+### +# m.a.d Save net2net server config +### + +if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'server') +{
+my @remsubnet = split(///,$cgiparams{'REMOTE_SUBNET'}); +my @ovsubnettemp = split(/./,$cgiparams{'OVPN_SUBNET'}); +my $ovsubnet = "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]"; +my $tunmtu = $cgiparams{'MTU'}; +if ($tunmtu eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}}; + + if ( !-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") { + mkdir("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770); } + + open(SERVERCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!"; + + flock SERVERCONF, 2; + print SERVERCONF "# n2n Open VPN Server Config by ummeegge und m.a.d\n"; + print SERVERCONF "\n"; + print SERVERCONF "# User Sicherheit\n"; + print SERVERCONF "user nobody\n"; + print SERVERCONF "group nobody\n"; + print SERVERCONF "persist-tun\n"; + print SERVERCONF "persist-key\n"; + print SERVERCONF "\n"; + print SERVERCONF "# IP/DNS fuer das Server Gateway - g2g Mode\n"; + print SERVERCONF "remote $cgiparams{'REMOTE'}\n"; + print SERVERCONF "\n"; + print SERVERCONF "# IP Adressen des VPN Tunnels\n"; + print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; + print SERVERCONF "\n"; + print SERVERCONF "# Netzwerk auf dem Client Gateway\n"; + print SERVERCONF "route @remsubnet[0] @remsubnet[1]\n"; + print SERVERCONF "# Device fuer den Tunnel\n"; + print SERVERCONF "dev tun\n"; + print SERVERCONF "\n"; + print SERVERCONF "#Port und Protokoll\n"; + print SERVERCONF "port $cgiparams{'DEST_PORT'}\n"; + print SERVERCONF "proto $cgiparams{'PROTOCOL'}\n"; + print SERVERCONF "\n"; + print SERVERCONF "# Paketgroessen\n"; + print SERVERCONF "tun-mtu $tunmtu\n"; + print SERVERCONF "fragment 1300\n"; + print SERVERCONF "mssfix\n"; + print SERVERCONF "\n"; + print SERVERCONF "# Auth Server\n"; + print SERVERCONF "tls-server\n"; + print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; + print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n"; + print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n"; + print SERVERCONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n"; + print SERVERCONF "\n"; + print SERVERCONF "# Verschluesselung\n"; + print SERVERCONF "cipher AES-256-CBC\n"; + if ($cgiparams{'COMPLZO'} eq 'on') { + print SERVERCONF "# Kompression einschalten\n"; + print SERVERCONF "comp-lzo\r\n"; + print SERVERCONF "#\n"; + } + print SERVERCONF "# Debug Level setzen\n"; + print SERVERCONF "verb 3\n"; + print SERVERCONF "\n"; + print SERVERCONF "# Tunnel Ueberwachung\n"; + print SERVERCONF "keepalive 10 60\n"; + print SERVERCONF "\n"; + print SERVERCONF "# Als Daemon starten mit Namen ovpnn2n\n"; + print SERVERCONF "daemon $cgiparams{'NAME'}n2n\n"; + print SERVERCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n"; + print SERVERCONF "\n"; + print SERVERCONF "# Management Interface aktivieren\n"; + print SERVERCONF "#management localhost 4711\n"; + close(SERVERCONF); + +} + +### +# m.a.d Save net2net client config +### +if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client') +{ + my @ovsubnettemp = split(/./,$cgiparams{'OVPN_SUBNET'}); + my $ovsubnet = "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]"; + my @remsubnet = split(///,$cgiparams{'REMOTE_SUBNET'}); + my $tunmtu = $cgiparams{'MTU'}; + if ($tunmtu eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}}; + + if ( !-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") { + mkdir("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770); } + + open(CLIENTCONF, ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!"; + + flock CLIENTCONF, 2; + print CLIENTCONF "# rewritten n2n Open VPN Client Config by ummeegge und m.a.d\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# User Sicherheit\n"; + print CLIENTCONF "user nobody\n"; + print CLIENTCONF "group nobody\n"; + print CLIENTCONF "persist-tun\n"; + print CLIENTCONF "persist-key\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# IP/DNS fuer das Server Gateway - g2g Mode\n"; + print CLIENTCONF "remote $cgiparams{'REMOTE'}\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# IP Adressen des VPN Tunnels\n"; + print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Netzwerk auf dem Server Gateway\n"; + print CLIENTCONF "route @remsubnet[0]/@remsubnet[1]\n"; + print CLIENTCONF "# Device fuer den Tunnel\n"; + print CLIENTCONF "dev tun\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "#Port und Protokoll\n"; + print CLIENTCONF "port $cgiparams{'DEST_PORT'}\n"; + print CLIENTCONF "proto $cgiparams{'PROTOCOL'}\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Paketgroessen\n"; + print CLIENTCONF "tun-mtu $tunmtu\n"; + print CLIENTCONF "fragment 1300\n"; + print CLIENTCONF "mssfix\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Auth. Client\n"; + print CLIENTCONF "tls-client\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Verschluesselung\n"; + print CLIENTCONF "cipher AES-256-CBC\n"; + print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n"; + print CLIENTCONF "#\n"; + if ($cgiparams{'COMPLZO'} eq 'on') { + print CLIENTCONF "# Kompression einschalten\n"; + print CLIENTCONF "comp-lzo\r\n"; + print CLIENTCONF "#\n"; + } + print CLIENTCONF "#\n"; + print CLIENTCONF "# Debug Level\n"; + print CLIENTCONF "verb 3\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Tunnel Ueberwachung\n"; + print CLIENTCONF "keepalive 10 60\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Als Daemon starten\n"; + print CLIENTCONF "daemon $cgiparams{'NAME'}n2n\n"; + print CLIENTCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Management Interface aktivieren\n"; + print CLIENTCONF "# management localhost 4711\n"; + close(CLIENTCONF);
+} + +### +# m.a.d Save net2net config end +###
### ### Save main settings ### + + if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') { &General::readhash("${General::swroot}/ovpn/settings", %vpnsettings); #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too, @@ -1314,36 +1470,50 @@ END ### ### Enable/Disable connection ### + +### +# m.a.d net2net Anpassung +### + }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
&General::readhash("${General::swroot}/ovpn/settings", %vpnsettings); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); - +# my $n2nactive = ''; + my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk '{print $1}'`; + if ($confighash{$cgiparams{'KEY'}}) { - if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { + + + if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { $confighash{$cgiparams{'KEY'}}[0] = 'on'; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); - #&writeserverconf(); -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLED_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'}); -# } - } else { + + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ + system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]); + } + + } else { + $confighash{$cgiparams{'KEY'}}[0] = 'off'; -# if ($vpnsettings{'ENABLED'} eq 'on' || -# $vpnsettings{'ENABLED_BLUE'} eq 'on') { -# system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'}); -# } - &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); - #&writeserverconf(); - } - } else { - $errormessage = $Lang::tr{'invalid key'}; - } + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); + + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ + if ($n2nactive ne ''){ + system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]); + } + + } else { + $errormessage = $Lang::tr{'invalid key'}; + } + } + }
### ### Download OpenVPN client package ### + + } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'dl client arch'}) { &General::readhash("${General::swroot}/ovpn/settings", %vpnsettings); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); @@ -1352,9 +1522,105 @@ END my @fileholder; my $tempdir = tempdir( CLEANUP => 1 ); my $zippath = "$tempdir/"; - my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip"; - my $zippathname = "$zippath$zipname"; - $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn"; + +### +# m.a.d net2net DL Client Package +### + +if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ + + my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-Client.zip"; + my $zippathname = "$zippath$zipname"; + $clientovpn = "$confighash{$cgiparams{'KEY'}}[1].conf"; + my @ovsubnettemp = split(/./,$confighash{$cgiparams{'KEY'}}[27]); + my $ovsubnet = "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]"; + my $tunmtu = ''; + + open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!"; + flock CLIENTCONF, 2; + + my $zip = Archive::Zip->new(); + print CLIENTCONF "# n2n Open VPN Client Config by ummeegge und m.a.d\n"; + print CLIENTCONF "# \n"; + print CLIENTCONF "# User Sicherheit\n"; + print CLIENTCONF "user nobody\n"; + print CLIENTCONF "group nobody\n"; + print CLIENTCONF "persist-tun\n"; + print CLIENTCONF "persist-key\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# IP/DNS fuer das Server Gateway - g2g Mode\n"; + print CLIENTCONF "remote $netsettings{'RED_ADDRESS'}\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# IP Adressen des VPN Tunnels\n"; + print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Netzwerk auf dem Server Gateway\n"; + print CLIENTCONF "route $confighash{$cgiparams{'KEY'}}[8]\n"; + print CLIENTCONF "# Device fuer den Tunnel\n"; + print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "#Port und Protokoll\n"; + print CLIENTCONF "port $confighash{$cgiparams{'KEY'}}[29]\n"; + print CLIENTCONF "proto $confighash{$cgiparams{'KEY'}}[28]\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Paketgroessen\n"; + if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1500'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]}; + print CLIENTCONF "tun-mtu $tunmtu\n"; + print CLIENTCONF "fragment 1300\n"; + print CLIENTCONF "mssfix\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Auth. Client\n"; + print CLIENTCONF "tls-client\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Verschluesselung\n"; + print CLIENTCONF "cipher AES-256-CBC\n"; + if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") { + print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n"; + $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n"; + } + print CLIENTCONF "#\n"; + if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') { + print CLIENTCONF "# Kompression einschalten\n"; + print CLIENTCONF "comp-lzo\r\n"; + print CLIENTCONF "#\n"; + } + print CLIENTCONF "# Debug Level\n"; + print CLIENTCONF "verb 3\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Tunnel Ueberwachung\n"; + print CLIENTCONF "keepalive 10 60\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Als Daemon starten\n"; + print CLIENTCONF "daemon $confighash{$cgiparams{'KEY'}}[1]n2n\n"; + print CLIENTCONF "writepid /var/run/$confighash{$cgiparams{'KEY'}}[1]n2n.pid\n"; + print CLIENTCONF "#\n"; + print CLIENTCONF "# Management Interface aktivieren\n"; + print CLIENTCONF "# management localhost 4711\n"; + print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n"; + + + close(CLIENTCONF); + + $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n"; + my $status = $zip->writeToFileNamed($zippathname); + + open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!"; + @fileholder = <DLFILE>; + print "Content-Type:application/x-download\n"; + print "Content-Disposition:attachment;filename=$zipname\n\n"; + print @fileholder; + exit (0); +} +else +{ + my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip"; + my $zippathname = "$zippath$zipname"; + $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn"; + +### +# m.a.d net2net DL Client Package end +### + open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!"; flock CLIENTCONF, 2;
@@ -1410,6 +1676,7 @@ END print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n"; } close(CLIENTCONF); + $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n"; my $status = $zip->writeToFileNamed($zippathname);
@@ -1419,10 +1686,15 @@ END print "Content-Disposition:attachment;filename=$zipname\n\n"; print @fileholder; exit (0); - + } + + + ### ### Remove connection ### + + } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) { &General::readhash("${General::swroot}/ovpn/settings", %vpnsettings); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); @@ -1434,7 +1706,24 @@ END # } # my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; - unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); + +### +# m.a.d net2net Anpassung +### + if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { + + my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf"); + my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + unlink ($certfile) or die "Removing $certfile fail: $!"; + unlink ($conffile) or die "Removing $conffile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!"; + +} +### +# m.a.d net2net Anpassung end +### + + unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem"); unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); delete $confighash{$cgiparams{'KEY'}}; my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`; @@ -1443,6 +1732,8 @@ END } else { $errormessage = $Lang::tr{'invalid key'}; } + + ### ### Download PKCS12 file ### @@ -1799,13 +2090,14 @@ END ### ### Enable/Disable connection ### + } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
&General::readhash("${General::swroot}/ovpn/settings", %vpnsettings); &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash);
if ($confighash{$cgiparams{'KEY'}}) { - if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { + if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') { $confighash{$cgiparams{'KEY'}}[0] = 'on'; &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); #&writeserverconf(); @@ -1862,6 +2154,303 @@ END } else { $errormessage = $Lang::tr{'invalid key'}; } +#test33 + +### +### Choose between adding a host-net or net-net connection +### + +### +# m.a.d Anpassung wegen upload n2n Package +### + +} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') { + &General::readhash("${General::swroot}/ovpn/settings", %vpnsettings); + &Header::showhttpheaders(); + &Header::openpage($Lang::tr{'vpn configuration main'}, 1, ''); + &Header::openbigbox('100%', 'LEFT', '', ''); + &Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'}); + print <<END + <b>$Lang::tr{'connection type'}:</b><br /> + <table><form method='post' ENCTYPE="multipart/form-data"> + <tr><td><input type='radio' name='TYPE' value='host' checked /></td> + <td class='base'>$Lang::tr{'host to net vpn'}</td></tr> + <tr><td><input type='radio' name='TYPE' value='net' /></td> + <td class='base'>$Lang::tr{'net to net vpn'}</td></tr> + <tr><td><input type='radio' name='TYPE' value='net2net' /></td> + <td class='base'>$Lang::tr{'net to net vpn'} (Upload Client Package)</td></tr> + <tr><td> </td><td class='base'><input type='file' name='FH' size='30'></td></tr> + <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr> + </form></table> +END + ; + + &Header::closebox(); + &Header::closebigbox(); + &Header::closepage(); + exit (0); + +### +# m.a.d uploading a IPFire n2n Client package +### + +} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2net')){ + + my @firen2nconf; + my @confdetails; + my $uplconffilename =''; + my $uplp12name = ''; + my $complzoactive =''; + my @rem_subnet; + my @rem_subnet2; + my @tmposupnet3; + my $key; + + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); + +# Check if a file is uploaded + + if (ref ($cgiparams{'FH'}) ne 'Fh') { + $errormessage = $Lang::tr{'there was no file upload'}; + goto N2N_ERROR; + } + +# Move uploaded IPfire n2n package to temporary file + + (my $fh, my $filename) = tempfile( ); + if (copy ($cgiparams{'FH'}, $fh) != 1) { + $errormessage = $!; + goto N2N_ERROR; + } + + my $zip = Archive::Zip->new(); + my $zipName = $filename; + my $status = $zip->read( $zipName ); + if ($status != AZ_OK) { + $errormessage = "Read of $zipName failed\n"; + goto N2N_ERROR; + } + + my $tempdir = tempdir( CLEANUP => 1 ); + my @files = $zip->memberNames(); + for(@files) { + $zip->extractMemberWithoutPaths($_,"$tempdir/$_"); + } + my $countfiles = @files; + +# Check if we have not more then 2 files + + if ( $countfiles == 2){ + foreach (@files){ + if ( $_ =~ /.conf$/){ + $uplconffilename = $_; + } + if ( $_ =~ /.p12$/){ + $uplp12name = $_; + } + } + if (($uplconffilename eq '') || ($uplp12name eq '')){ + $errormessage = "Either no *.conf or no *.p12 file found\n"; + goto N2N_ERROR; + } + + open(FILE, "$tempdir/$uplconffilename") or die 'Unable to open*.conf file'; + @firen2nconf = <FILE>; + close (FILE); + chomp(@firen2nconf); + + } else { + + $errormessage = "Filecount does not match only 2 files are allowed\n"; + goto N2N_ERROR; + } + +### +# m.a.d prepare imported ipfire net2net data +### + + my @n2nname = split(/./,$uplconffilename); + $n2nname[0] =~ s/\n|\r//g; + + if ( !-d "${General::swroot}/ovpn/n2nconf/$n2nname[0]") { + mkdir("${General::swroot}/ovpn/n2nconf/$n2nname[0]", 0770); } + + move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename"); + + if ($? ne 0) { + $errormessage = "*.conf move failed: $!"; + unlink ($filename); + goto N2N_ERROR; + } + + move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name"); + if ($? ne 0) { + $errormessage = "$Lang::tr{'certificate file move failed'}: $!"; + unlink ($filename); + goto N2N_ERROR; + } + +my $complzoactive; +#my @n2nroute = split(/ /, (grep { /^route/ } @firen2nconf)[0]); +my @n2nproto = split(/ /, (grep { /^proto/ } @firen2nconf)[0]); +my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]); +my @n2ntunmtu = split(/ /, (grep { /^tun-mtu/ } @firen2nconf)[0]); +my @n2ncomplzo = grep { /^comp-lzo/ } @firen2nconf; +if ($n2ncomplzo[0] =~ /comp-lzo/){$complzoactive = "on";} else {$complzoactive = "off";} +my @n2nremote = split(/ /, (grep { /^remote/ } @firen2nconf)[0]); +my @n2novpnsuball = split(/ /, (grep { /^ifconfig/ } @firen2nconf)[0]); +my @n2novpnsub = split(/./,$n2novpnsuball[1]); +my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]); +my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]); + +# $errormessage = &Ovpnfunc::ovelapplausi("$tmposupnet3[0].$tmposupnet3[1].$tmposupnet3[2].0","255.255.255.0"); +# if ($errormessage ne ''){ +# goto N2N_ERROR; +# } + +### +# m.a.d delete CR and LF from arrays for this chomp doesnt work +### + +#$n2nroute[1] =~ s/\n|\r//g; +$n2nremote[1] =~ s/\n|\r//g; +#$n2nroute[1] =~ s/\n|\r//g; +#$n2nroute[2] =~ s/\n|\r//g; +$n2novpnsub[0] =~ s/\n|\r//g; +$n2novpnsub[1] =~ s/\n|\r//g; +$n2novpnsub[2] =~ s/\n|\r//g; +$n2nproto[1] =~ s/\n|\r//g; +$n2nport[1] =~ s/\n|\r//g; +$n2ntunmtu[1] =~ s/\n|\r//g; +$n2nremsub[1] =~ s/\n|\r//g; +$n2nlocalsub[2] =~ s/\n|\r//g; +chomp ($complzoactive); + +### +# m.a.d Write n2n config +### + +### +# Check if there is no other entry with this name +### + + foreach my $dkey (keys %confighash) { + if ($confighash{$dkey}[1] eq $n2nname[0]) { + $errormessage = $Lang::tr{'a connection with this name already exists'}; + goto N2N_ERROR; + } + } + + $key = &General::findhasharraykey (%confighash); + + foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";} + $confighash{$key}[0] = 'off'; + $confighash{$key}[1] = $n2nname[0]; + $confighash{$key}[2] = $n2nname[0]; + $confighash{$key}[3] = 'net'; + $confighash{$key}[4] = 'cert'; + $confighash{$key}[6] = 'client'; + $confighash{$key}[8] = $n2nlocalsub[2]; + $confighash{$key}[10] = $n2nremote[1]; + $confighash{$key}[11] = $n2nremsub[1]; + $confighash{$key}[25] = 'IPFire n2n Client'; + $confighash{$key}[26] = 'red'; + $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0"; + $confighash{$key}[28] = $n2nproto[1]; + $confighash{$key}[29] = $n2nport[1]; + $confighash{$key}[30] = $complzoactive; + $confighash{$key}[31] = $n2ntunmtu[1]; + + + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); + N2N_ERROR: + + &Header::showhttpheaders(); + &Header::openpage('Validate imported configuration', 1, ''); + &Header::openbigbox('100%', 'LEFT', '', $errormessage); + if ($errormessage) { + &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'}); + print "<class name='base'>$errormessage"; + print " </class>"; + &Header::closebox(); + + } else + { + &Header::openbox('100%', 'LEFT', 'import ipfire net2net config'); + } + if ($errormessage eq ''){ + print <<END + <!-- ipfire net2net config gui --> + <table width='100%'> + <tr><td width='25%'> </td><td width='25%'> </td></tr> + <tr><td class='boldbase'>$Lang::tr{'name'}:</td><td><b>$n2nname[0]</b></td></tr> + <tr><td> </td><td> </td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td><td><b>$confighash{$key}[6]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>Remote Host </td><td><b>$confighash{$key}[10]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td><td><b>$confighash{$key}[8]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td><td><b>$confighash{$key}[11]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td><td><b>$confighash{$key}[27]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td><td><b>$confighash{$key}[28]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'destination port'}:</td><td><b>$confighash{$key}[29]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td><td><b>$confighash{$key}[30]</b></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr> + <tr><td> </td><td> </td></tr> + </table> +END +; + &Header::closebox(); + } + + if ($errormessage) { + print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>"; + } else { + print "<div align='center'><form method='post' ENCTYPE='multipart/form-data'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' />"; + print "<input type='hidden' name='TYPE' value='net2netakn' />"; + print "<input type='hidden' name='KEY' value='$key' />"; + print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>"; + } + &Header::closebigbox(); + &Header::closepage(); + exit(0); + + +## +### Accept IPFire n2n Package Settings +### + + } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){ + +### +### Discard and Rollback IPFire n2n Package Settings +### + + } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'cancel'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){ + + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); + +if ($confighash{$cgiparams{'KEY'}}) { + + my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf"); + my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12"); + unlink ($certfile) or die "Removing $certfile fail: $!"; + unlink ($conffile) or die "Removing $conffile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!"; + delete $confighash{$cgiparams{'KEY'}}; + &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", %confighash); + + } else { + $errormessage = $Lang::tr{'invalid key'}; + } + + +### +# m.a.d end uploading a IPFire n2n Client package +### + + +### +### Adding a new connection +### } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) || ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) || ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) { @@ -1875,10 +2464,9 @@ END $errormessage = $Lang::tr{'invalid key'}; goto VPNCONF_END; } - $cgiparams{'ENABLED'} = $confighash{$cgiparams{'KEY'}}[0]; $cgiparams{'NAME'} = $confighash{$cgiparams{'KEY'}}[1]; - $cgiparams{'TYPE'} = 'host'; + $cgiparams{'TYPE'} = $confighash{$cgiparams{'KEY'}}[3]; $cgiparams{'AUTH'} = $confighash{$cgiparams{'KEY'}}[4]; $cgiparams{'PSK'} = $confighash{$cgiparams{'KEY'}}[5]; $cgiparams{'SIDE'} = $confighash{$cgiparams{'KEY'}}[6]; @@ -1918,6 +2506,11 @@ END goto VPNCONF_ERROR; }
+# if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) { +# $errormessage = $Lang::tr{'ipfire side is invalid'}; +# goto VPNCONF_ERROR; +# } + # Check if there is no other entry with this name if (! $cgiparams{'KEY'}) { foreach my $key (keys %confighash) { @@ -1928,6 +2521,11 @@ END } }
+ if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) { + $errormessage = $Lang::tr{'invalid input for remote host/ip'}; + goto VPNCONF_ERROR; + } + if ($cgiparams{'REMOTE'}) { if (! &General::validip($cgiparams{'REMOTE'})) { if (! &General::validfqdn ($cgiparams{'REMOTE'})) { @@ -1956,6 +2554,10 @@ END } } } + if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) { + $errormessage = $Lang::tr{'remote subnet is invalid'}; + goto VPNCONF_ERROR; + }
if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) { $errormessage = $Lang::tr{'invalid input'}; @@ -2079,9 +2681,6 @@ END goto VPNCONF_ERROR; } } elsif ($cgiparams{'AUTH'} eq 'certgen') { - - $cgiparams{'CERT_NAME'} =~ s/ //g; - if ($cgiparams{'KEY'}) { $errormessage = $Lang::tr{'cant change certificates'}; goto VPNCONF_ERROR; @@ -2240,13 +2839,17 @@ END if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') { $confighash{$key}[2] = $cgiparams{'CERT_NAME'}; } - $confighash{$key}[3] = 'host'; + $confighash{$key}[3] = $cgiparams{'TYPE'}; if ($cgiparams{'AUTH'} eq 'psk') { $confighash{$key}[4] = 'psk'; $confighash{$key}[5] = $cgiparams{'PSK'}; } else { $confighash{$key}[4] = 'cert'; } + if ($cgiparams{'TYPE'} eq 'net') { + $confighash{$key}[6] = $cgiparams{'SIDE'}; + $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'}; + } $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; $confighash{$key}[10] = $cgiparams{'REMOTE'}; $confighash{$key}[25] = $cgiparams{'REMARK'}; @@ -2333,7 +2936,7 @@ END }
print "<form method='post' enctype='multipart/form-data'>"; - print "<input type='hidden' name='TYPE' value='host' />"; + print "<input type='hidden' name='TYPE' value='$cgiparams{'TYPE'}' />";
if ($cgiparams{'KEY'}) { print "<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />"; @@ -2343,6 +2946,7 @@ END &Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:"); print "<table width='100%'>\n"; print "<tr><td width='25%' class='boldbase'>$Lang::tr{'name'}:</td>"; + if ($cgiparams{'TYPE'} eq 'host') { if ($cgiparams{'KEY'}) { print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>\n"; } else { @@ -2358,12 +2962,49 @@ END # print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>"; # print "</select></td></tr>"; # print <<END + } else { + print "<input type='hidden' name='INTERFACE' value='red' />"; + if ($cgiparams{'KEY'}) { + print "<td width='25%' class='base' nowrap='nowrap'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>"; + } else { + print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>"; + } + print <<END + <td width='25%'> </td> + <td width='25%'> </td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td> + <td><select name='SIDE'><option value='server' $selected{'SIDE'}{'server'}>OpenVPN Server</option> + <option value='client' $selected{'SIDE'}{'client'}>OpenVPN Client</option></select></td> + <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td> + <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td> + <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td> + <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td> + <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td> + <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td> + <td><select name='PROTOCOL'><option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option> + <option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td> + <td class='boldbase'>$Lang::tr{'destination port'}:</td> + <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td></tr> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td> + <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td> + <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'} <img src='/blob.gif' /></td> + <td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></TD> + + +END + ; + } print "<tr><td class='boldbase'>$Lang::tr{'remark title'} <img src='/blob.gif' /></td>"; print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr>"; -# if ($cgiparams{'TYPE'} eq 'net') { - print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>\n"; - + if ($cgiparams{'TYPE'} eq 'host') { + + print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>\n"; + } + # if ($cgiparams{'KEY'}) { # print "<td colspan='3'> </td></tr></table>"; # } else { @@ -2394,41 +3035,54 @@ END if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" }; if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" }; &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'}); - print <<END + + + if ($cgiparams{'TYPE'} eq 'host') { + +print <<END <table width='100%' cellpadding='0' cellspacing='5' border='0'> <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr> - <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td> - <td class='base'>$Lang::tr{'upload a certificate request'}</td> - <td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr> - <tr><td><input type='radio' name='AUTH' value='certfile' $checked{'AUTH'}{'certfile'} $cacrtdisabled /></td> - <td class='base'>$Lang::tr{'upload a certificate'}</td></tr> + <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td><td class='base'>$Lang::tr{'upload a certificate request'}</td><td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr> + <tr><td><input type='radio' name='AUTH' value='certfile' $checked{'AUTH'}{'certfile'} $cacrtdisabled /></td><td class='base'>$Lang::tr{'upload a certificate'}</td></tr> <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' BORDER='0' /></td></tr> - <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td> - <td class='base'>$Lang::tr{'generate a certificate'}</td><td> </td></tr> - <tr><td> </td> - <td class='base'>$Lang::tr{'users fullname or system hostname'}:</td> - <td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr> - <tr><td> </td> - <td class='base'>$Lang::tr{'users email'}: <img src='/blob.gif' /></td> - <td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr> - <tr><td> </td> - <td class='base'>$Lang::tr{'users department'}: <img src='/blob.gif' /></td> - <td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr> - <tr><td> </td> - <td class='base'>$Lang::tr{'organization name'}: <img src='/blob.gif' /></td> - <td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr> - <tr><td> </td> - <td class='base'>$Lang::tr{'city'}: <img src='/blob.gif'></td> - <td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr> - <tr><td> </td> - <td class='base'>$Lang::tr{'state or province'}: <img src='/blob.gif' /></td> - <td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr> - <tr><td> </td> - <td class='base'>$Lang::tr{'country'}:</td> - <td class='base'><select name='CERT_COUNTRY' $cakeydisabled> + <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td> </td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'users fullname or system hostname'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'users email'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'users department'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'organization name'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'city'}: <img src='/blob.gif'></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'state or province'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled> END +; + +### +# m.a.d Disbale upload cert for n2n connections +### + +} else { + +print <<END + <table width='100%' cellpadding='0' cellspacing='5' border='0'> + + <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td> </td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'users fullname or system hostname'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'users email'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'users department'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'organization name'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'city'}: <img src='/blob.gif'></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'state or province'}: <img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr> + <tr><td> </td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled> + +END +; + +} + +### +# m.a.d Disbale upload cert for n2n connections end +###
- ; foreach my $country (sort keys %{Countries::countries}) { print "<option value='$Countries::countries{$country}'"; if ( $Countries::countries{$country} eq $cgiparams{'CERT_COUNTRY'} ) { @@ -2436,20 +3090,36 @@ END } print ">$country</option>"; } +### +# m.a.d Disbale pkcs-password for n2n connections +### + +if ($cgiparams{'TYPE'} eq 'host') { print <<END </select></td></tr> - <tr><td> </td> - - <td class='base'>$Lang::tr{'valid till'} (days):</td> - <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr> - - <tr><td> </td> + + <td class='base'>$Lang::tr{'valid till'} (days):</td> + <td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr> + <tr><td> </td> <td class='base'>$Lang::tr{'pkcs12 file password'}:</td> <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value='$cgiparams{'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr> <tr><td> </td><td class='base'>$Lang::tr{'pkcs12 file password'}:<BR>($Lang::tr{'confirmation'})</td> <td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr> - </table> + </table> +END +}else{ + print <<END + </select></td></tr> + <tr><td> </td><td> </td><td> </td></tr> + <tr><td> </td><td> </td><td> </td></tr> + </table> + END +} + +### +# m.a.d Disbale pkcs-password for n2n connections end +### ; &Header::closebox(); } @@ -2517,9 +3187,6 @@ END $checked{'ENABLED_ORANGE'}{'off'} = ''; $checked{'ENABLED_ORANGE'}{'on'} = ''; $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED'; - - -#new settings $selected{'DDEVICE'}{'tun'} = ''; $selected{'DDEVICE'}{'tap'} = ''; $selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED'; @@ -2791,8 +3458,15 @@ END print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' /></div></form>\n"; } if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) { + +### +# m.a.d Client Status Table +### + &Header::openbox('100%', 'LEFT', $Lang::tr{'Client status and controlc' }); print <<END + + <table width='100%' border='0' cellspacing='1' cellpadding='0'> <tr> <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td> @@ -2827,13 +3501,23 @@ END $cavalid = $1; print "<td align='center'>$cavalid</td>"; print "<td align='center'>$confighash{$key}[25]</td>"; + my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>"; + if ($confighash{$key}[0] eq 'off') { $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>"; } else { + +### +# m.a.d net2net Status +### + + if ($confighash{$cgiparams{'KEY'}}[3] eq 'host'){ + my $cn; - my @match = (); + my @match = (); foreach my $line (@status) { + chomp($line); if ( $line =~ /^(.+),(\d+.\d+.\d+.\d+:\d+),(\d+),(\d+),(.+)/) { @match = split(m/^(.+),(\d+.\d+.\d+.\d+:\d+),(\d+),(\d+),(.+)/, $line); @@ -2842,11 +3526,36 @@ END } $cn =~ s/[_]/ /g; if ($cn eq "$confighash{$key}[2]") { - $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>"; + $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>"; } - } - } + } + } + } else { + my @tempovpnsubnet = split("/",$confighash{$key}[27]); + my @ovpnip = split /./,$tempovpnsubnet[0]; + my $pingip = ""; + + if ($confighash{$key}[6] eq 'server') { + $pingip = "$ovpnip[0].$ovpnip[1].$ovpnip[2].2"; + } else { + $pingip = "$ovpnip[0].$ovpnip[1].$ovpnip[2].1"; + } + + my $p = Net::Ping->new("udp",1); + + if ($p->ping($pingip)) { + $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>"; + } + $p->close(); + + } } + +### +# m.a.d net2net Status end +### + + my $disable_clientdl = "disabled='disabled'"; if (( $cgiparams{'ENABLED'} eq 'on') || ( $cgiparams{'ENABLED_BLUE'} eq 'on') || @@ -2958,3 +3667,6 @@ END &Header::closebox(); } &Header::closepage(); + + +
hooks/post-receive -- IPFire 2.x development tree
-
git@ipfire.org