This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".

The branch, master has been updated via a78470dc17d2f3bfb563ff58ebec1299f5a408cb (commit) via ff5e4ef87194735870012f73ff998a7b4d8da4a9 (commit) via 5b942f7f3b3fd5277ca990c22530ea5f0aa33876 (commit) via c8b51e28bff7d3a5196a22e52de9e245d249807b (commit) from e351c1e0905deea4fc65646952b7c621ebdb1c14 (commit)

Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.

- Log ----------------------------------------------------------------- commit a78470dc17d2f3bfb563ff58ebec1299f5a408cb Merge: ff5e4ef 5b942f7 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jul 14 14:02:57 2014 +0200

Merge remote-tracking branch 'amarx/openvpn'

commit ff5e4ef87194735870012f73ff998a7b4d8da4a9 Author: Michael Tremer michael.tremer@ipfire.org Date: Mon Jul 14 13:42:24 2014 +0200

netexternal.cgi: Show DNSSEC status

The netexternal.cgi has been extended to show what type of DNSSEC support the upstream nameservers offer.

commit 5b942f7f3b3fd5277ca990c22530ea5f0aa33876 Author: Alexander Marx alexander.marx@ipfire.org Date: Mon Jul 14 10:29:24 2014 +0200

OpenVPN: change sortorder of client status and control. Now every network is sorted and displayed in a group

commit c8b51e28bff7d3a5196a22e52de9e245d249807b Author: Alexander Marx alexander.marx@ipfire.org Date: Thu Jul 10 08:08:01 2014 +0200

Openvpn: Change sortorder of client status and control

Now every NET is sorted and second instance is the NAME of the VPN.

-----------------------------------------------------------------------

Summary of changes: config/rootfiles/core/80/filelists/files | 1 + doc/language_issues.es | 5 ++ doc/language_issues.fr | 5 ++ doc/language_issues.nl | 5 ++ doc/language_issues.pl | 5 ++ doc/language_issues.ru | 5 ++ doc/language_issues.tr | 5 ++ doc/language_missings | 20 ++++++ html/cgi-bin/netexternal.cgi | 107 ++++++++++++++++++++++++++++++- html/cgi-bin/ovpnmain.cgi | 50 ++++++++++----- langs/de/cgi-bin/de.pl | 5 ++ langs/en/cgi-bin/en.pl | 5 ++ 12 files changed, 200 insertions(+), 18 deletions(-)

Difference in files: diff --git a/config/rootfiles/core/80/filelists/files b/config/rootfiles/core/80/filelists/files index 8ece4f8..91d3b62 100644 --- a/config/rootfiles/core/80/filelists/files +++ b/config/rootfiles/core/80/filelists/files @@ -6,6 +6,7 @@ etc/rc.d/init.d/dnsmasq etc/rc.d/init.d/networking/red.up/30-ddns srv/web/ipfire/cgi-bin/ddns.cgi srv/web/ipfire/cgi-bin/logs.cgi/firewalllogcountry.dat +srv/web/ipfire/cgi-bin/netexternal.cgi srv/web/ipfire/cgi-bin/ovpnmain.cgi srv/web/ipfire/cgi-bin/routing.cgi usr/sbin/dhcrelay diff --git a/doc/language_issues.es b/doc/language_issues.es index 11e11d1..1176883 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -663,6 +663,10 @@ WARNING: untranslated string: dnsforward edit an entry WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone +WARNING: untranslated string: dnssec aware +WARNING: untranslated string: dnssec information +WARNING: untranslated string: dnssec not supported +WARNING: untranslated string: dnssec validating WARNING: untranslated string: downlink WARNING: untranslated string: download tls-auth key WARNING: untranslated string: dpd delay @@ -874,6 +878,7 @@ WARNING: untranslated string: modem sim information WARNING: untranslated string: modem status WARNING: untranslated string: monitor interface WARNING: untranslated string: most preferred +WARNING: untranslated string: nameserver WARNING: untranslated string: no hardware random number generator WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice diff --git a/doc/language_issues.fr b/doc/language_issues.fr index e93eeb0..beca008 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -674,6 +674,10 @@ WARNING: untranslated string: dnsforward edit an entry WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone +WARNING: untranslated string: dnssec aware +WARNING: untranslated string: dnssec information +WARNING: untranslated string: dnssec not supported +WARNING: untranslated string: dnssec validating WARNING: untranslated string: downlink WARNING: untranslated string: download tls-auth key WARNING: untranslated string: dpd delay @@ -885,6 +889,7 @@ WARNING: untranslated string: modem sim information WARNING: untranslated string: modem status WARNING: untranslated string: monitor interface WARNING: untranslated string: most preferred +WARNING: untranslated string: nameserver WARNING: untranslated string: no hardware random number generator WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice diff --git a/doc/language_issues.nl b/doc/language_issues.nl index ce44d14..6162636 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -671,6 +671,10 @@ WARNING: untranslated string: dh key warn WARNING: untranslated string: dh key warn1 WARNING: untranslated string: dh parameter WARNING: untranslated string: dns servers +WARNING: untranslated string: dnssec aware +WARNING: untranslated string: dnssec information +WARNING: untranslated string: dnssec not supported +WARNING: untranslated string: dnssec validating WARNING: untranslated string: download tls-auth key WARNING: untranslated string: drop outgoing WARNING: untranslated string: firewall logs country @@ -693,6 +697,7 @@ WARNING: untranslated string: modem no connection message WARNING: untranslated string: modem sim information WARNING: untranslated string: modem status WARNING: untranslated string: monitor interface +WARNING: untranslated string: nameserver WARNING: untranslated string: not a valid dh key WARNING: untranslated string: ovpn crypt options WARNING: untranslated string: ovpn dh diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 11e11d1..1176883 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -663,6 +663,10 @@ WARNING: untranslated string: dnsforward edit an entry WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone +WARNING: untranslated string: dnssec aware +WARNING: untranslated string: dnssec information +WARNING: untranslated string: dnssec not supported +WARNING: untranslated string: dnssec validating WARNING: untranslated string: downlink WARNING: untranslated string: download tls-auth key WARNING: untranslated string: dpd delay @@ -874,6 +878,7 @@ WARNING: untranslated string: modem sim information WARNING: untranslated string: modem status WARNING: untranslated string: monitor interface WARNING: untranslated string: most preferred +WARNING: untranslated string: nameserver WARNING: untranslated string: no hardware random number generator WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 1cea7f3..547e1d4 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -668,6 +668,10 @@ WARNING: untranslated string: dnsforward edit an entry WARNING: untranslated string: dnsforward entries WARNING: untranslated string: dnsforward forward_server WARNING: untranslated string: dnsforward zone +WARNING: untranslated string: dnssec aware +WARNING: untranslated string: dnssec information +WARNING: untranslated string: dnssec not supported +WARNING: untranslated string: dnssec validating WARNING: untranslated string: downlink WARNING: untranslated string: download tls-auth key WARNING: untranslated string: dpd delay @@ -870,6 +874,7 @@ WARNING: untranslated string: modem sim information WARNING: untranslated string: modem status WARNING: untranslated string: monitor interface WARNING: untranslated string: most preferred +WARNING: untranslated string: nameserver WARNING: untranslated string: no hardware random number generator WARNING: untranslated string: not a valid dh key WARNING: untranslated string: notice diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 2843d53..cc40178 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -672,6 +672,10 @@ WARNING: untranslated string: dh key move failed WARNING: untranslated string: dh key warn WARNING: untranslated string: dh key warn1 WARNING: untranslated string: dh parameter +WARNING: untranslated string: dnssec aware +WARNING: untranslated string: dnssec information +WARNING: untranslated string: dnssec not supported +WARNING: untranslated string: dnssec validating WARNING: untranslated string: download tls-auth key WARNING: untranslated string: firewall logs country WARNING: untranslated string: fwhost err hostip @@ -693,6 +697,7 @@ WARNING: untranslated string: modem no connection message WARNING: untranslated string: modem sim information WARNING: untranslated string: modem status WARNING: untranslated string: monitor interface +WARNING: untranslated string: nameserver WARNING: untranslated string: not a valid dh key WARNING: untranslated string: ovpn crypt options WARNING: untranslated string: ovpn dh diff --git a/doc/language_missings b/doc/language_missings index 69cd218..4699f12 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -94,6 +94,10 @@ < dnsforward entries < dnsforward forward_server < dnsforward zone +< dnssec aware +< dnssec information +< dnssec not supported +< dnssec validating < dns servers < downlink < download dh parameter @@ -351,6 +355,7 @@ < monitor interface < most preferred < MTU settings +< nameserver < never < no hardware random number generator < not a valid dh key @@ -620,6 +625,10 @@ < dnsforward entries < dnsforward forward_server < dnsforward zone +< dnssec aware +< dnssec information +< dnssec not supported +< dnssec validating < dns servers < downlink < download dh parameter @@ -877,6 +886,7 @@ < monitor interface < most preferred < MTU settings +< nameserver < never < no hardware random number generator < not a valid dh key @@ -1138,6 +1148,10 @@ < dnsforward entries < dnsforward forward_server < dnsforward zone +< dnssec aware +< dnssec information +< dnssec not supported +< dnssec validating < dns servers < downlink < download dh parameter @@ -1387,6 +1401,7 @@ < monitor interface < most preferred < MTU settings +< nameserver < never < no hardware random number generator < not a valid dh key @@ -1635,6 +1650,10 @@ < dnsforward entries < dnsforward forward_server < dnsforward zone +< dnssec aware +< dnssec information +< dnssec not supported +< dnssec validating < dns servers < downlink < download dh parameter @@ -1889,6 +1908,7 @@ < month-graph < most preferred < MTU settings +< nameserver < never < no hardware random number generator < not a valid dh key diff --git a/html/cgi-bin/netexternal.cgi b/html/cgi-bin/netexternal.cgi index 156ef24..39c50e1 100644 --- a/html/cgi-bin/netexternal.cgi +++ b/html/cgi-bin/netexternal.cgi @@ -76,6 +76,82 @@ if ( $querry[0] ne~ ""){ &Header::closebox(); }

+ ## DNSSEC + my @nameservers = (); + foreach my $f ("${General::swroot}/red/dns1", "${General::swroot}/red/dns2") { + open(DNS, "<$f"); + my $nameserver = <DNS>; + close(DNS); + + chomp($nameserver); + if ($nameserver) { + push(@nameservers, $nameserver); + } + } + + &Header::openbox('100%', 'center', $Lang::tr{'dnssec information'}); + + print <<END; + <table class="tbl" width='66%'> + <thead> + <tr> + <th align="center"> + <strong>$Lang::tr{'nameserver'}</strong> + </th> + <th align="center"> + <strong>$Lang::tr{'status'}</strong> + </th> + </tr> + </thead> + <tbody> +END + + my $id = 0; + for my $nameserver (@nameservers) { + my $status = &check_dnssec($nameserver, "ping.ipfire.org"); + + my $colour = ""; + my $message = ""; + + # DNSSEC Not supported + if ($status == 0) { + $message = $Lang::tr{'dnssec not supported'}; + $colour = ${Header::colourred}; + + # DNSSEC Aware + } elsif ($status == 1) { + $message = $Lang::tr{'dnssec aware'}; + $colour = ${Header::colouryellow}; + + # DNSSEC Validating + } elsif ($status == 2) { + $message = $Lang::tr{'dnssec validating'}; + $colour = ${Header::colourgreen}; + + # Error + } else { + $colour = ${Header::colourred}; + } + + my $table_colour = ($id++ % 2) ? $color{'color22'} : $color{'color20'}; + + print <<END; + <tr bgcolor="$table_colour"> + <td>$nameserver</td> + <td bgcolor="$colour" align="center"> + <font color='white'><strong>$message</strong></font> + </td> + </tr> +END + } + + print <<END; + </tbody> + </table> +END + + &Header::closebox(); + if ( $netsettings{'CONFIG_TYPE'} =~ /^(1|2|3|4)$/ && $netsettings{'RED_TYPE'} eq "DHCP"){

&Header::openbox('100%', 'left', "RED $Lang::tr{'dhcp configuration'}"); @@ -161,4 +237,33 @@ END

&Header::closebigbox(); &Header::closepage(); -} +} + +sub check_dnssec($$) { + my $nameserver = shift; + my $record = shift; + + my @command = ("dig", "+dnssec", $record, "@$nameserver"); + + my @output = qx(@command); + my $output = join("", @output); + + my $status = 0; + if ($output =~ m/status: (\w+)/) { + $status = ($1 eq "NOERROR"); + + if (!$status) { + return -1; + } + } + + my @flags = (); + if ($output =~ m/flags: (.*);/) { + @flags = split(/ /, $1); + } + + my $aware = ($output =~ m/RRSIG/); + my $validating = ("ad" ~~ @flags); + + return $aware + $validating; +} diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 0cb4169..927616a 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -5024,24 +5024,41 @@ END ###

&Header::openbox('100%', 'LEFT', $Lang::tr{'connection status and controlc' }); - print <<END; - - - <table width='100%' cellspacing='1' cellpadding='0' class='tbl'> -<tr> - <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th> - <th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th> - <th width='22%' class='boldbase' align='center'><b>$Lang::tr{'network'}</b></th> - <th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th> - <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th> - <th width='5%' class='boldbase' colspan='6' align='center'><b>$Lang::tr{'action'}</b></th> -</tr> -END ; my $id = 0; my $gif; my $col1=""; - foreach my $key (sort { ncmp ($confighash{$a}[3],$confighash{$b}[3]) } sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) { + my $lastnet; + foreach my $key (sort { ncmp ($confighash{$a}[32],$confighash{$b}[32]) } sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) { + if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]=$Lang::tr{'fwhost OpenVPN N-2-N'};} + if ($confighash{$key}[32] eq "dynamic"){$confighash{$key}[32]=$Lang::tr{'ccd dynrange'};} + if($id == 0){ + print"<b>$confighash{$key}[32]</b>"; + print <<END; + <table width='100%' cellspacing='1' cellpadding='0' class='tbl'> +<tr> + <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th> + <th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th> + <th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th> + <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th> + <th width='5%' class='boldbase' colspan='6' align='center'><b>$Lang::tr{'action'}</b></th> +</tr> +END + } + if ($id > 0 && $lastnet ne $confighash{$key}[32]){ + print "</table><br>"; + print"<b>$confighash{$key}[32]</b>"; + print <<END; + <table width='100%' cellspacing='1' cellpadding='0' class='tbl'> +<tr> + <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></th> + <th width='15%' class='boldbase' align='center'><b>$Lang::tr{'type'}</b></th> + <th width='20%' class='boldbase' align='center'><b>$Lang::tr{'remark'}</b></th> + <th width='10%' class='boldbase' align='center'><b>$Lang::tr{'status'}</b></th> + <th width='5%' class='boldbase' colspan='6' align='center'><b>$Lang::tr{'action'}</b></th> +</tr> +END + } if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; } if ($id % 2) { print "<tr>"; @@ -5060,9 +5077,6 @@ END my $cavalid = `/usr/bin/openssl x509 -text -in ${General::swroot}/ovpn/certs/$confighash{$key}[1]cert.pem`; $cavalid =~ /Not After : (.*)[\n]/; $cavalid = $1; - if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'net' ){$confighash{$key}[32]="net-2-net";} - if ($confighash{$key}[32] eq "" && $confighash{$key}[3] eq 'host' ){$confighash{$key}[32]="dynamic";} - print "<td align='center' $col>$confighash{$key}[32]</td>"; print "<td align='center' $col>$confighash{$key}[25]</td>"; $col1="bgcolor='${Header::colourred}'"; my $active = "<b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b>"; @@ -5191,7 +5205,9 @@ END END ; $id++; + $lastnet = $confighash{$key}[32]; } + print"</table>"; ;

# If the config file contains entries, print Key to action icons diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 86d365f..556e65c 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -750,6 +750,10 @@ 'dnsforward entries' => 'Aktuelle Einträge', 'dnsforward forward_server' => 'DNS-Server', 'dnsforward zone' => 'Zone', +'dnssec aware' => 'DNSSEC-aware', +'dnssec information' => 'DNSSEC-Informationen', +'dnssec not supported' => 'DNSSEC wird nicht unterstützt', +'dnssec validating' => 'DNSSEC-validierend', 'do not log this port list' => 'Verwerfe diese Port-Liste kurz bevor sie protokolliert werden (reduziert Protokollgröße)', 'dod' => 'Dial-on-Demand-Modus', 'dod for dns' => 'Dial-on-Demand für DNS:', @@ -1523,6 +1527,7 @@ 'name is invalid' => 'Name ist ungültig', 'name must only contain characters' => 'Name darf nur Buchstaben enthalten.', 'name too long' => 'Der volle Benutzername oder der System Hostname ist zu lang', +'nameserver' => 'Nameserver', 'nat-traversal' => 'Nat Traversal:', 'needreboot' => 'Ein Update benötigt einen Neustart', 'net' => 'Netz', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 085dd3f..f4fafca 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -775,6 +775,10 @@ 'dnsforward entries' => 'Current entries', 'dnsforward forward_server' => 'Nameserver', 'dnsforward zone' => 'Zone', +'dnssec aware' => 'DNSSEC Aware', +'dnssec information' => 'DNSSEC Information', +'dnssec not supported' => 'DNSSEC Not supported', +'dnssec validating' => 'DNSSEC Validating', 'do not log this port list' => 'Drop this port list just before they are logged (reduces log size)', 'dod' => 'Dial on Demand', 'dod for dns' => 'Dial on Demand for DNS:', @@ -1553,6 +1557,7 @@ 'name is invalid' => 'Name is invalid', 'name must only contain characters' => 'Name must only contain characters.', 'name too long' => 'User's full name or system hostname is too long', +'nameserver' => 'Nameserver', 'nat-traversal' => 'Nat Traversal:', 'needreboot' => 'An update requires a restart', 'net' => 'Net',

hooks/post-receive -- IPFire 2.x development tree