This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 54fd05358b874a2bbb5c0f58f4a04f010c196388 (commit) from 650a4d8097023cc6e8f54d86db377e756a29c07c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 54fd05358b874a2bbb5c0f58f4a04f010c196388 Author: Michael Tremer Date: Tue Mar 6 22:53:07 2012 +0100 Import VPN changes by the Special Interest Group. See here for more details: http://lists.ipfire.org/pipermail/sig-vpn/2012-March/000031.html ----------------------------------------------------------------------- Summary of changes: config/cfgroot/general-functions.pl | 8 + config/rootfiles/common/Net-Telnet | 4 + config/rootfiles/core/58/filelists/Net-Telnet | 1 + html/cgi-bin/index.cgi | 46 ++++ html/cgi-bin/ovpnmain.cgi | 304 ++++++++++++++++++++----- langs/de/cgi-bin/de.pl | 4 + lfs/{Crypt-PasswdMD5 => Net-Telnet} | 6 +- make.sh | 1 + 8 files changed, 308 insertions(+), 66 deletions(-) create mode 100644 config/rootfiles/common/Net-Telnet create mode 120000 config/rootfiles/core/58/filelists/Net-Telnet copy lfs/{Crypt-PasswdMD5 => Net-Telnet} (96%) Difference in files: diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index cd4bfd5..567f2e1 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -414,6 +414,14 @@ sub ipcidr return "$ip\/$cidr"; } +sub ipcidr2msk +{ + my ($ip,$cidr) = &Net::IPv4Addr::ipv4_parse(shift); + my $netmask = &Net::IPv4Addr::ipv4_cidr2msk($cidr); + return "$ip\/$netmask"; +} + + sub validemail { my $mail = shift; return 0 if ( $mail !~ /^[0-9a-zA-Z\.\-\_]+\@[0-9a-zA-Z\.\-]+$/ ); diff --git a/config/rootfiles/common/Net-Telnet b/config/rootfiles/common/Net-Telnet new file mode 100644 index 0000000..8769517 --- /dev/null +++ b/config/rootfiles/common/Net-Telnet @@ -0,0 +1,4 @@ +usr/lib/perl5/site_perl/5.12.3/Net/Telnet.pm +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Net/Telnet +#usr/lib/perl5/site_perl/5.12.3/MACHINE-linux-thread-multi/auto/Net/Telnet/.packlist +#usr/share/man/man3/Net::Telnet.3 diff --git a/config/rootfiles/core/58/filelists/Net-Telnet b/config/rootfiles/core/58/filelists/Net-Telnet new file mode 120000 index 0000000..66ca926 --- /dev/null +++ b/config/rootfiles/core/58/filelists/Net-Telnet @@ -0,0 +1 @@ +../../../common/Net-Telnet \ No newline at end of file diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi index b325250..0023523 100644 --- a/html/cgi-bin/index.cgi +++ b/html/cgi-bin/index.cgi @@ -20,6 +20,7 @@ ############################################################################### use strict; +use Net::Telnet; # enable only the following on debugging purpose #use warnings; @@ -387,9 +388,54 @@ END OpenVPN
$ovpnip Online + END + } +### +# m.a.d n2n +### + +if ( -d "${General::swroot}/ovpn/n2nconf") { +my %confighash=(); +my $display = ''; + +&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); +foreach my $dkey (keys %confighash) { +if ($confighash{$dkey}[3] eq 'net') { + + + if (-e "/var/run/$confighash{$dkey}[1]n2n.pid") { + my @output = ""; + my @tustate = ""; + my $tport = $confighash{$dkey}[22]; + my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport); + if ($tport ne '') { + $tnet->open('127.0.0.1'); + @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/'); + @tustate = split(/\,/, $output[1]); + if ( $tustate[1] eq 'CONNECTED') + { $display = "$Lang::tr{'capsopen'}"; + } else { + $display = "$tustate[1]"; } + + print <OpenVPN n2n
+ $confighash{$dkey}[10] $display + +END +; +} +} +} +} +} + +### +# m.a.d n2n end +### + # Fireinfo if ( ! -e "/var/ipfire/main/send_profile") { $warnmessage .= "
  • $Lang::tr{'fireinfo please enable'}
    • "; diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index b6c5fc0..4bfb6aa 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -18,11 +18,14 @@ # along with this program. If not, see . # # # ############################################################################### - +### +# Based on IPFireCore 55 +### use CGI; use CGI qw/:standard/; use Net::DNS; use Net::Ping; +use Net::Telnet; use File::Copy; use File::Temp qw/ tempfile tempdir /; use strict; @@ -33,8 +36,8 @@ require "${General::swroot}/header.pl"; require "${General::swroot}/countries.pl"; # enable only the following on debugging purpose -#use warnings; -#use CGI::Carp 'fatalsToBrowser'; +use warnings; +use CGI::Carp 'fatalsToBrowser'; #workaround to suppress a warning when a variable is used only once my @dummy = ( ${Header::colourgreen} ); undef (@dummy); @@ -57,6 +60,7 @@ my %selected=(); my $warnmessage = ''; my $errormessage = ''; my %settings=(); +my $routes_push_file = ''; &General::readhash("${General::swroot}/ethernet/settings", \%netsettings); $cgiparams{'ENABLED'} = 'off'; $cgiparams{'ENABLED_BLUE'} = 'off'; @@ -70,9 +74,11 @@ $cgiparams{'CA_NAME'} = ''; $cgiparams{'DHCP_DOMAIN'} = ''; $cgiparams{'DHCP_DNS'} = ''; $cgiparams{'DHCP_WINS'} = ''; +$cgiparams{'ROUTES_PUSH'} = ''; $cgiparams{'DCOMPLZO'} = 'off'; $cgiparams{'MSSFIX'} = ''; - +$routes_push_file = "${General::swroot}/ovpn/routes_push"; +unless (-e $routes_push_file) { system("touch $routes_push_file"); } &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'}); @@ -307,10 +313,13 @@ sub disallowreserved return; } + sub writeserverconf { - my %sovpnsettings = (); + my %sovpnsettings = (); + my @temp = (); &General::readhash("${General::swroot}/ovpn/settings", \%sovpnsettings); - + &read_routepushfile; + open(CONF, ">${General::swroot}/ovpn/server.conf") or die "Unable to open ${General::swroot}/ovpn/server.conf: $!"; flock CONF, 2; print CONF "#OpenVPN Server conf\n"; @@ -333,6 +342,16 @@ sub writeserverconf { my @tempovpnsubnet = split("\/",$sovpnsettings{'DOVPN_SUBNET'}); print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n"; print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n"; + + if ($vpnsettings{'ROUTES_PUSH'} ne '') { + @temp = split(/\n/,$vpnsettings{'ROUTES_PUSH'}); + foreach (@temp) + { + @tempovpnsubnet = split("\/",&General::ipcidr2msk($_)); + print CONF "push \"route " . $tempovpnsubnet[0]. " " . $tempovpnsubnet[1] . "\"\n"; + } + } + if ($sovpnsettings{CLIENT2CLIENT} eq 'on') { print CONF "client-to-client\n"; } @@ -410,7 +429,29 @@ sub validdotmask if (($mask =~ /\./ )) { return 0; } return 1; } - + +# ------------------------------------------------------------------- + +sub write_routepushfile +{ + open(FILE, ">$routes_push_file"); + flock(FILE, 2); + if ($vpnsettings{'ROUTES_PUSH'} ne '') { + print FILE $vpnsettings{'ROUTES_PUSH'}; + } + close(FILE); +} + +sub read_routepushfile +{ + if (-e "$routes_push_file") { + open(FILE,"$routes_push_file"); + delete $vpnsettings{'ROUTES_PUSH'}; + while () { $vpnsettings{'ROUTES_PUSH'} .= $_ }; + close(FILE); + $cgiparams{'ROUTES_PUSH'} = $vpnsettings{'ROUTES_PUSH'}; + } +} #hier die refresh page @@ -473,6 +514,8 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { $vpnsettings{'DHCP_DOMAIN'} = $cgiparams{'DHCP_DOMAIN'}; $vpnsettings{'DHCP_DNS'} = $cgiparams{'DHCP_DNS'}; $vpnsettings{'DHCP_WINS'} = $cgiparams{'DHCP_WINS'}; + $vpnsettings{'ROUTES_PUSH'} = $cgiparams{'ROUTES_PUSH'}; + my @temp=(); if ($cgiparams{'FRAGMENT'} eq '') { delete $vpnsettings{'FRAGMENT'}; @@ -504,8 +547,31 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) { if ($cgiparams{'DHCP_WINS'} ne ''){ unless (&General::validfqdn($cgiparams{'DHCP_WINS'}) || &General::validip($cgiparams{'DHCP_WINS'})) { $errormessage = $Lang::tr{'invalid input for dhcp wins'}; - goto ADV_ERROR; + goto ADV_ERROR; + } + } + if ($cgiparams{'ROUTES_PUSH'} ne ''){ + @temp = split(/\n/,$cgiparams{'ROUTES_PUSH'}); + undef $vpnsettings{'ROUTES_PUSH'}; + foreach (@temp) + { + s/^\s+//g; s/\s+$//g; + if ($_) + { + unless (&General::validipandmask($_)) { + $errormessage = $Lang::tr{'ovpn errmsg invalid ip or mask'}; + goto ADV_ERROR; + } + my ($ip, $cidr) = split("\/",&General::ipcidr2msk($_)); + if ($ip eq $netsettings{'GREEN_NETADDRESS'} && $cidr eq $netsettings{'GREEN_NETMASK'}) { + $errormessage = $Lang::tr{'ovpn errmsg green already pushed'}; + goto ADV_ERROR; + } + $vpnsettings{'ROUTES_PUSH'} .= $_."\n"; + } } + &write_routepushfile; + undef $vpnsettings{'ROUTES_PUSH'}; } if ((length($cgiparams{'MAX_CLIENTS'}) == 0) || (($cgiparams{'MAX_CLIENTS'}) < 1 ) || (($cgiparams{'MAX_CLIENTS'}) > 255 )) { $errormessage = $Lang::tr{'invalid input for max clients'}; @@ -541,7 +607,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'}); my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'}); -my $ovsubnet = "@ovsubnettemp[0].(a)ovsubnettemp[1].(a)ovsubnettemp[2]"; +my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]"; my $tunmtu = ''; unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";} @@ -564,7 +630,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "# IP adresses of the VPN Subnet\n"; print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; print SERVERCONF "# Client Gateway Network\n"; - print SERVERCONF "route @remsubnet[0] @remsubnet[1]\n"; + print SERVERCONF "route $remsubnet[0] $remsubnet[1]\n"; print SERVERCONF "# tun Device\n"; print SERVERCONF "dev tun\n"; print SERVERCONF "# Port and Protokol\n"; @@ -582,10 +648,9 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "# Paketsize\n"; if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}}; print SERVERCONF "tun-mtu $tunmtu\n"; - if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";} - if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n";} + if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";} + if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; }; } - print SERVERCONF "# Auth. Server\n"; print SERVERCONF "tls-server\n"; print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; @@ -606,7 +671,8 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "daemon $cgiparams{'NAME'}n2n\n"; print SERVERCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n"; print SERVERCONF "# Activate Management Interface and Port\n"; - print SERVERCONF "#management localhost 4711\n"; + if ($cgiparams{'OVPN_MGMT'} eq '') {print SERVERCONF "management localhost $cgiparams{'DEST_PORT'}\n"} + else {print SERVERCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"}; close(SERVERCONF); } @@ -618,10 +684,10 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client') { my @ovsubnettemp = split(/\./,$cgiparams{'OVPN_SUBNET'}); - my $ovsubnet = "@ovsubnettemp[0].(a)ovsubnettemp[1].(a)ovsubnettemp[2]"; + my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]"; my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'}); my $tunmtu = ''; - + unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";} unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";} @@ -642,7 +708,7 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "# IP adresses of the VPN Subnet\n"; print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; print CLIENTCONF "# Server Gateway Network\n"; - print CLIENTCONF "route @remsubnet[0] @remsubnet[1]\n"; + print CLIENTCONF "route $remsubnet[0] $remsubnet[1]\n"; print CLIENTCONF "# tun Device\n"; print CLIENTCONF "dev tun\n"; print CLIENTCONF "# Port and Protokol\n"; @@ -653,7 +719,6 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "# Packet size\n"; if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}}; print CLIENTCONF "tun-mtu $tunmtu\n"; - print CLIENTCONF "ns-cert-type server\n"; } if ($cgiparams{'PROTOCOL'} eq 'udp') { @@ -661,10 +726,11 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "# Paketsize\n"; if ($cgiparams{'MTU'} eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}}; print CLIENTCONF "tun-mtu $tunmtu\n"; - if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";} - if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n";} + if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";} + if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; }; } - + + print CLIENTCONF "ns-cert-type server\n"; print CLIENTCONF "# Auth. Client\n"; print CLIENTCONF "tls-client\n"; print CLIENTCONF "# Cipher\n"; @@ -682,7 +748,8 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print CLIENTCONF "daemon $cgiparams{'NAME'}n2n\n"; print CLIENTCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n"; print CLIENTCONF "# Activate Management Interface and Port\n"; - print CLIENTCONF "# management localhost 4711\n"; + if ($cgiparams{'OVPN_MGMT'} eq '') {print CLIENTCONF "management localhost $cgiparams{'DEST_PORT'}\n"} + else {print CLIENTCONF "management localhost $cgiparams{'OVPN_MGMT'}\n"}; close(CLIENTCONF); } @@ -1549,9 +1616,10 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ my $zippathname = "$zippath$zipname"; $clientovpn = "$confighash{$cgiparams{'KEY'}}[1].conf"; my @ovsubnettemp = split(/\./,$confighash{$cgiparams{'KEY'}}[27]); - my $ovsubnet = "@ovsubnettemp[0].(a)ovsubnettemp[1].(a)ovsubnettemp[2]"; + my $ovsubnet = "$ovsubnettemp[0].$ovsubnettemp[1].$ovsubnettemp[2]"; my $tunmtu = ''; my @remsubnet = split(/\//,$confighash{$cgiparams{'KEY'}}[8]); + my $n2nfragment = ''; open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!"; flock CLIENTCONF, 2; @@ -1582,7 +1650,6 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ print CLIENTCONF "# Packet size\n"; if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1400'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]}; print CLIENTCONF "tun-mtu $tunmtu\n"; - print CLIENTCONF "ns-cert-type server\n"; } if ($confighash{$cgiparams{'KEY'}}[28] eq 'udp') { @@ -1590,10 +1657,10 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ print CLIENTCONF "# Paketsize\n"; if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1500'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]}; print CLIENTCONF "tun-mtu $tunmtu\n"; - if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";} + if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";} if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";} } - + print CLIENTCONF "ns-cert-type server\n"; print CLIENTCONF "# Auth. Client\n"; print CLIENTCONF "tls-client\n"; print CLIENTCONF "# Cipher\n"; @@ -1614,7 +1681,8 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ print CLIENTCONF "daemon $confighash{$cgiparams{'KEY'}}[1]n2n\n"; print CLIENTCONF "writepid /var/run/$confighash{$cgiparams{'KEY'}}[1]n2n.pid\n"; print CLIENTCONF "# Activate Management Interface and Port\n"; - print CLIENTCONF "# management localhost 4711\n"; + if ($confighash{$cgiparams{'KEY'}}[22] eq '') {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[29]\n"} + else {print CLIENTCONF "management localhost $confighash{$cgiparams{'KEY'}}[22]\n"}; print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n"; @@ -1812,6 +1880,7 @@ else %cahash = (); %confighash = (); &General::readhash("${General::swroot}/ovpn/settings", \%cgiparams); + read_routepushfile; # if ($cgiparams{'CLIENT2CLIENT'} eq '') { # $cgiparams{'CLIENT2CLIENT'} = 'on'; @@ -1886,6 +1955,25 @@ ADV_ERROR: WINS + + + $Lang::tr{'ovpn routes push options'} + + + $Lang::tr{'ovpn routes push'} + + +
    @@ -2200,7 +2288,12 @@ if ( -s "${General::swroot}/ovpn/settings") { $Lang::tr{'net to net vpn'} (Upload Client Package)   - +  Import Connection Name +  Default : Client Packagename +
    + +   + * $Lang::tr{'this field may be blank'} END ; @@ -2231,11 +2324,14 @@ END my @firen2nconf; my @confdetails; my $uplconffilename =''; + my $uplconffilename2 =''; my $uplp12name = ''; + my $uplp12name2 = ''; my @rem_subnet; my @rem_subnet2; my @tmposupnet3; my $key; + my @n2nname; &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash); @@ -2299,14 +2395,38 @@ END ### # m.a.d net2net ### + + if ($cgiparams{'n2nname'} ne ''){ + + $uplconffilename2 = "$cgiparams{'n2nname'}.conf"; + $uplp12name2 = "$cgiparams{'n2nname'}.p12"; + $n2nname[0] = $cgiparams{'n2nname'}; + my @n2nname2 = split(/\./,$uplconffilename); + $n2nname2[0] =~ s/\n|\r//g; + my $input1 = "${General::swroot}/ovpn/certs/$uplp12name"; + my $output1 = "${General::swroot}/ovpn/certs/$uplp12name2"; + my $input2 = "$n2nname2[0]n2n"; + my $output2 = "$n2nname[0]n2n"; + my $filename = "$tempdir/$uplconffilename"; + open(FILE, "< $filename") or die 'Unable to open config file.'; + my @current = ; + close(FILE); + foreach (@current) {s/$input1/$output1/g;} + foreach (@current) {s/$input2/$output2/g;} + open (OUT, "> $filename") || die 'Unable to open config file.'; + print OUT @current; + close OUT; - my @n2nname = split(/\./,$uplconffilename); + }else{ + $uplconffilename2 = $uplconffilename; + $uplp12name2 = $uplp12name; + @n2nname = split(/\./,$uplconffilename); $n2nname[0] =~ s/\n|\r//g; - + } unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";} unless(-d "${General::swroot}/ovpn/n2nconf/$n2nname[0]"){mkdir "${General::swroot}/ovpn/n2nconf/$n2nname[0]", 0770 or die "Unable to create dir $!";} - move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename"); + move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename2"); if ($? ne 0) { $errormessage = "*.conf move failed: $!"; @@ -2314,7 +2434,7 @@ END goto N2N_ERROR; } - move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name"); + move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name2"); chmod 0600, "${General::swroot}/ovpn/certs/$uplp12name"; if ($? ne 0) { @@ -2327,18 +2447,20 @@ my $complzoactive; my $mssfixactive; my $n2nfragment; my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]); -my @n2nproto = split(/-/, @n2nproto2[1]); +my @n2nproto = split(/-/, $n2nproto2[1]); my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]); my @n2ntunmtu = split(/ /, (grep { /^tun-mtu/ } @firen2nconf)[0]); my @n2ncomplzo = grep { /^comp-lzo/ } @firen2nconf; if ($n2ncomplzo[0] =~ /comp-lzo/){$complzoactive = "on";} else {$complzoactive = "off";} my @n2nmssfix = grep { /^mssfix/ } @firen2nconf; if ($n2nmssfix[0] =~ /mssfix/){$mssfixactive = "on";} else {$mssfixactive = "off";} +#my @n2nmssfix = split(/ /, (grep { /^mssfix/ } @firen2nconf)[0]); my @n2nfragment = split(/ /, (grep { /^fragment/ } @firen2nconf)[0]); my @n2nremote = split(/ /, (grep { /^remote/ } @firen2nconf)[0]); my @n2novpnsuball = split(/ /, (grep { /^ifconfig/ } @firen2nconf)[0]); my @n2novpnsub = split(/\./,$n2novpnsuball[1]); my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]); +my @n2nmgmt = split(/ /, (grep { /^management/ } @firen2nconf)[0]); my @n2nlocalsub = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]); @@ -2357,6 +2479,7 @@ $n2nremsub[1] =~ s/\n|\r//g; $n2nremsub[2] =~ s/\n|\r//g; $n2nlocalsub[2] =~ s/\n|\r//g; $n2nfragment[1] =~ s/\n|\r//g; +$n2nmgmt[2] =~ s/\n|\r//g; chomp ($complzoactive); chomp ($mssfixactive); @@ -2420,7 +2543,8 @@ foreach my $dkey (keys %confighash) { $confighash{$key}[8] = $n2nlocalsub[2]; $confighash{$key}[10] = $n2nremote[1]; $confighash{$key}[11] = "$n2nremsub[1]/$n2nremsub[2]"; - $confighash{$key}[23] = $mssfixactive; + $confighash{$key}[22] = $n2nmgmt[2]; + $confighash{$key}[23] = $mssfixactive; $confighash{$key}[24] = $n2nfragment[1]; $confighash{$key}[25] = 'IPFire n2n Client'; $confighash{$key}[26] = 'red'; @@ -2466,6 +2590,7 @@ foreach my $dkey (keys %confighash) { MSSFIX $confighash{$key}[23] Fragment $confighash{$key}[24] $Lang::tr{'MTU'}$confighash{$key}[31] + Management Port $confighash{$key}[22]    END @@ -2546,6 +2671,7 @@ if ($confighash{$cgiparams{'KEY'}}) { $cgiparams{'REMOTE'} = $confighash{$cgiparams{'KEY'}}[10]; $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11]; # n2n m.a.d new fields + $cgiparams{'OVPN_MGMT'} = $confighash{$cgiparams{'KEY'}}[22]; $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23]; $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24]; $cgiparams{'REMARK'} = $confighash{$cgiparams{'KEY'}}[25]; @@ -2612,6 +2738,13 @@ if ($cgiparams{'TYPE'} eq 'net') { rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; goto VPNCONF_ERROR; } + + if ($cgiparams{'DEST_PORT'} eq '') { + $errormessage = $Lang::tr{'openvpn destination port used'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) { $errormessage = $Lang::tr{'openvpn subnet is used'}; @@ -2654,6 +2787,11 @@ if ($cgiparams{'TYPE'} eq 'net') { rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; goto VPNCONF_ERROR; } + + if ($cgiparams{'OVPN_MGMT'} eq '') { + $cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'}; + } + } # if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) { @@ -3023,6 +3161,11 @@ if ($cgiparams{'TYPE'} eq 'net') { } $confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'}; $confighash{$key}[10] = $cgiparams{'REMOTE'}; + if ($cgiparams{'OVPN_MGMT'} eq '') { + $confighash{$key}[22] = $confighash{$key}[29]; + } else { + $confighash{$key}[22] = $cgiparams{'OVPN_MGMT'}; + } $confighash{$key}[23] = $cgiparams{'MSSFIX'}; $confighash{$key}[24] = $cgiparams{'FRAGMENT'}; $confighash{$key}[25] = $cgiparams{'REMARK'}; @@ -3069,6 +3212,14 @@ if ($cgiparams{'TYPE'} eq 'net') { goto VPNCONF_END; } else { $cgiparams{'ENABLED'} = 'on'; +### +# m.a.d n2n begin +### + $cgiparams{'MSSFIX'} = 'on'; + $cgiparams{'FRAGMENT'} = '1300'; +### +# m.a.d n2n end +### $cgiparams{'SIDE'} = 'left'; if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cgiparams{'AUTH'} = 'psk'; @@ -3204,13 +3355,19 @@ if ($cgiparams{'TYPE'} eq 'net') { mssfix   - - fragment   + $Lang::tr{'openvpn default'}: on + + fragment   $Lang::tr{'openvpn default'}: 1300 $Lang::tr{'MTU'}  - + + $Lang::tr{'openvpn default'}: udp/tcp 1500/1400 + + Management Port  + + $Lang::tr{'openvpn default'}: $Lang::tr{'destination port'} END ; @@ -3260,10 +3417,12 @@ END print < - + $Lang::tr{'upload a certificate request'} $Lang::tr{'upload a certificate'} - +   +
    +   $Lang::tr{'generate a certificate'}   $Lang::tr{'users fullname or system hostname'}:  $Lang::tr{'users email'}:  @@ -3292,7 +3451,8 @@ print < $Lang::tr{'city'}:   $Lang::tr{'state or province'}:   $Lang::tr{'country'}:   $Lang::tr{'pkcs12 file password'}:  $Lang::tr{'pkcs12 file password'}:
    ($Lang::tr{'confirmation'}) +   +
    + * $Lang::tr{'this field may be blank'} END }else{ @@ -3331,6 +3494,8 @@ END         +
    + * $Lang::tr{'this field may be blank'} END @@ -3683,6 +3848,7 @@ END ### # m.a.d net2net +#$Lang::tr{'remark'}
    L2089 ### &Header::openbox('100%', 'LEFT', $Lang::tr{'Client status and controlc' }); @@ -3694,8 +3860,8 @@ END $Lang::tr{'name'} $Lang::tr{'type'} $Lang::tr{'common name'} - $Lang::tr{'valid till'} - $Lang::tr{'remark'}
    L2089 + $Lang::tr{'valid till'} + $Lang::tr{'remark'} $Lang::tr{'status'} $Lang::tr{'action'} @@ -3727,7 +3893,7 @@ END my $active = "
    $Lang::tr{'capsclosed'}
    "; if ($confighash{$key}[0] eq 'off') { - $active = "
    $Lang::tr{'openvpn disabled'}
    "; + $active = "
    $Lang::tr{'capsclosed'}
    "; } else { ### @@ -3735,24 +3901,36 @@ END ### if ($confighash{$key}[3] eq 'net') { -# my @tempovpnsubnet = split("\/",$confighash{$key}[27]); -# my @ovpnip = split /\./,$tempovpnsubnet[0]; -# my $pingip = ""; -# if ($confighash{$key}[6] eq 'server') { -# $pingip = "$ovpnip[0].$ovpnip[1].$ovpnip[2].2"; -# } else { -# $pingip = "$ovpnip[0].$ovpnip[1].$ovpnip[2].1"; -# } -# my $p = Net::Ping->new("udp",1); -# if ($p->ping($pingip)) { -# $active = "
    $Lang::tr{'capsopen'}
    "; -# } -# $p->close(); - - if (-e "/var/run/$confighash{$key}[1]n2n.pid") { - $active = "
    $Lang::tr{'openvpn enabled'}
    "; - } - } + + if (-e "/var/run/$confighash{$key}[1]n2n.pid") { + my @output = ""; + my @tustate = ""; + my $tport = $confighash{$key}[22]; + my $tnet = new Net::Telnet ( Timeout=>5, Errmode=>'return', Port=>$tport); + if ($tport ne '') { + $tnet->open('127.0.0.1'); + @output = $tnet->cmd(String => 'state', Prompt => '/(END.*\n|ERROR:.*\n)/'); + @tustate = split(/\,/, $output[1]); +### +#CONNECTING -- OpenVPN's initial state. +#WAIT -- (Client only) Waiting for initial response from server. +#AUTH -- (Client only) Authenticating with server. +#GET_CONFIG -- (Client only) Downloading configuration options from server. +#ASSIGN_IP -- Assigning IP address to virtual network interface. +#ADD_ROUTES -- Adding routes to system. +#CONNECTED -- Initialization Sequence Completed. +#RECONNECTING -- A restart has occurred. +#EXITING -- A graceful exit is in progress. +#### + + if ( $tustate[1] eq 'CONNECTED') { + $active = "
    $Lang::tr{'capsopen'}
    "; + } else { + $active = "
    $tustate[1]
    "; + } + } + } + } else { my $cn; my @match = (); @@ -3767,7 +3945,7 @@ END if ($cn eq "$confighash{$key}[2]") { $active = "
    $Lang::tr{'capsopen'}
    "; } - + } } } diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 727470f..a47c9f7 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -1367,6 +1367,10 @@ 'ovpn_processprioVH' => 'Sehr Hoch', 'ovpnstatus log' => 'OVPN-Status-Log', 'ovpnsys log' => 'OVPN-System-Log', +'ovpn routes push options' => 'Route push Optionen', +'ovpn routes push' => 'Routen', +'ovpn errmsg invalid ip or mask' => 'Ungültige Netzwerk-Adresse oder Subnetzmaske', +'ovpn errmsg green already pushed' => 'Route für grünes Netzwerk wird immer gesetzt', 'package failed to install' => 'Programmpaket konnte nicht installiert werden.', 'pagerefresh' => 'Seite wird aktualisiert. Bitte warten.', 'pakfire accept all' => 'Möchten Sie der Installation aller Pakete zustimmen?', diff --git a/lfs/Net-Telnet b/lfs/Net-Telnet new file mode 100644 index 0000000..8d911f8 --- /dev/null +++ b/lfs/Net-Telnet @@ -0,0 +1,77 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007-2012 IPFire Team # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 3.03 + +THISAPP = Net-Telnet-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP) +TARGET = $(DIR_INFO)/$(THISAPP) + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 2f7d34b09d6117baefe89d44cff9d5fc + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && perl Makefile.PL + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make install + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/make.sh b/make.sh index 18b986e..a720b62 100755 --- a/make.sh +++ b/make.sh @@ -572,6 +572,7 @@ buildipfire() { ipfiremake Locale-Country ipfiremake XML-Parser ipfiremake Crypt-PasswdMD5 + ipfiremake Net-Telnet ipfiremake python-setuptools ipfiremake python-clientform ipfiremake python-mechanize hooks/post-receive -- IPFire 2.x development tree