Revision: 7882
http://sourceforge.net/p/ipcop/svn/7882
Author: owes
Date: 2015-02-09 14:59:05 +0000 (Mon, 09 Feb 2015)
Log Message:
-----------
Move function to write OpenVPN server.conf into vpn-functions lib, same as
IPsec.
Modified Paths:
--------------
ipcop/trunk/html/cgi-bin/openvpn.cgi
ipcop/trunk/src/libs/vpn-functions.pl
ipcop/trunk/updates/2.2.0/ROOTFILES.i486-2.2.0
Modified: ipcop/trunk/html/cgi-bin/openvpn.cgi
===================================================================
--- ipcop/trunk/html/cgi-bin/openvpn.cgi 2015-02-09 14:57:21 UTC (rev
7881)
+++ ipcop/trunk/html/cgi-bin/openvpn.cgi 2015-02-09 14:59:05 UTC (rev
7882)
@@ -21,7 +21,7 @@
#
# Ipcop and OpenVPN eas as one two three..
#
-# (c) 2007-2014 The IPCop Team
+# (c) 2007-2015 The IPCop Team
#
# $Id$
#
@@ -144,117 +144,6 @@
}
}
-sub writeserverconf {
- my %sovpnsettings = ();
- &General::readhash('/var/ipcop/openvpn/settings', \%sovpnsettings);
-
- open(CONF, ">/var/ipcop/openvpn/server.conf") or die "Unable to open
/var/ipcop/openvpn/server.conf: $!";
- flock CONF, 2;
- print CONF <<END
-# OpenVPN server configuration
-# Do not modify '/var/ipcop/openvpn/server.conf' directly since any changes
-# you make will be overwritten whenever you resave openvpn settings using the
-# web interface!
-
-daemon openvpnserver
-writepid /var/run/openvpn.pid
-dev $sovpnsettings{'DDEVICE'}
-$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}
-proto $sovpnsettings{'DPROTOCOL'}
-port $sovpnsettings{'DDEST_PORT'}
-tls-server
-ca /var/ipcop/ca/cacert.pem
-cert /var/ipcop/certs/hostcert.pem
-key /var/ipcop/certs/hostkey.pem
-dh /var/ipcop/private/dh1024.pem
-script-security 2
-END
- ;
- if ($sovpnsettings{RADIUS_ENABLED} eq 'on') {
- print CONF "plugin /usr/lib/radiusplugin.so
/var/ipcop/openvpn/radiusplugin.cnf\n";
- }
- # Make sure server IP settings are written as: server 10.0.10.0
255.255.255.0
- my $tmpnetaddr = NetAddr::IP->new($sovpnsettings{'DOVPN_SUBNET'});
- printf CONF sprintf("server %s
%s\n",$tmpnetaddr->network()->addr(),$tmpnetaddr->mask());
- print CONF "push \"route $netsettings{'GREEN_1_NETADDRESS'}
$netsettings{'GREEN_1_NETMASK'}\"\n" if ($sovpnsettings{'PUSH_GREEN_1'} eq
'on');
- print CONF "push \"route $netsettings{'BLUE_1_NETADDRESS'}
$netsettings{'BLUE_1_NETMASK'}\"\n" if ($sovpnsettings{'PUSH_BLUE_1'} eq 'on');
- print CONF "push \"route $netsettings{'ORANGE_1_NETADDRESS'}
$netsettings{'ORANGE_1_NETMASK'}\"\n" if ($sovpnsettings{'PUSH_ORANGE_1'} eq
'on');
- if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
- print CONF "client-to-client\n";
- }
- if (($sovpnsettings{'FASTIO'} eq 'on') && ($sovpnsettings{'DPROTOCOL'} eq
'udp')) {
- print CONF "fast-io\n";
- }
- if ($sovpnsettings{'MTUDISC'} eq 'on') {
- print CONF "mtu-disc yes\n";
- }
- if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {
- print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'}
$sovpnsettings{'KEEPALIVE_2'}\n";
- }
- if ($sovpnsettings{'STATICIP'} eq 'on') {
- print CONF "client-config-dir /var/ipcop/openvpn/ccd\n";
- print CONF "ccd-exclusive\n";
- }
- print CONF "client-connect /usr/local/bin/openvpn.sh\n";
- print CONF "client-disconnect /usr/local/bin/openvpn.sh\n";
- print CONF "status-version 1\n";
- print CONF "status /var/log/openvpnserver.log 30\n";
- print CONF "cipher $sovpnsettings{DCIPHER}\n";
- if ($sovpnsettings{DCOMPLZO} eq 'on') {
- print CONF "comp-lzo\n";
- }
- if ($sovpnsettings{REDIRECT_GW_DEF1} eq 'on') {
- print CONF "push \"redirect-gateway def1\"\n";
- }
- if ($sovpnsettings{DHCP_DOMAIN} ne '') {
- print CONF "push \"dhcp-option DOMAIN $sovpnsettings{DHCP_DOMAIN}\"\n";
- }
- if ($sovpnsettings{DHCP_DNS1} ne '') {
- print CONF "push \"dhcp-option DNS $sovpnsettings{DHCP_DNS1}\"\n";
- }
- if ($sovpnsettings{DHCP_DNS2} ne '') {
- print CONF "push \"dhcp-option DNS $sovpnsettings{DHCP_DNS2}\"\n";
- }
- if ($sovpnsettings{DHCP_NTP1} ne '') {
- print CONF "push \"dhcp-option NTP $sovpnsettings{DHCP_NTP1}\"\n";
- }
- if ($sovpnsettings{DHCP_NTP2} ne '') {
- print CONF "push \"dhcp-option NTP $sovpnsettings{DHCP_NTP2}\"\n";
- }
- if ($sovpnsettings{DHCP_WINS1} ne '') {
- print CONF "push \"dhcp-option WINS $sovpnsettings{DHCP_WINS1}\"\n";
- }
- if ($sovpnsettings{DHCP_WINS2} ne '') {
- print CONF "push \"dhcp-option WINS $sovpnsettings{DHCP_WINS2}\"\n";
- }
-
- if ($sovpnsettings{MAX_CLIENTS} eq '') {
- print CONF "max-clients 100\n";
- }
- else {
- print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n";
- }
- print CONF "tls-verify /usr/local/bin/openvpnverify\n";
- print CONF "crl-verify /var/ipcop/crls/cacrl.pem\n";
- print CONF "user nobody\n";
- print CONF "group nobody\n";
- print CONF "persist-key\n";
- print CONF "persist-tun\n";
- if ($sovpnsettings{LOG_VERB} ne '') {
- print CONF "verb $sovpnsettings{LOG_VERB}\n";
- }
- else {
- print CONF "verb 3\n";
- }
- print CONF "\n";
-
- close(CONF);
-
- # Reread settings since they may have changed
- %vpnsettings = ();
- &General::readhash('/var/ipcop/openvpn/settings', \%vpnsettings);
-}
-#
sub emptyserverlog{
if (open(FILE, ">/var/log/openvpnserver.log")) {
flock FILE, 2;
@@ -263,39 +152,6 @@
}
}
-sub writeradiusconf {
- my %radiussettings = ();
- my %netsettings=();
- &General::readhash('/var/ipcop/openvpn/settings', \%radiussettings);
- open(CONF, ">/var/ipcop/openvpn/radiusplugin.cnf") or die "Unable to open
/var/ipcop/openvpn/radiusplugin.cnf: $!";
- flock CONF, 2;
- print CONF "NAS-Identifier=OpenVPN\n";
- print CONF "\n";
- print CONF "Service-Type=5\n";
- print CONF "\n";
- print CONF "Framed-Protocol=1\n";
- print CONF "\n";
- print CONF "NAS-Port-Type=5\n";
- print CONF "\n";
- print CONF "NAS-IP-Address=$netsettings{'GREEN_1_ADDRESS'}\n";
- print CONF "\n";
- print CONF "OpenVPNConfig=/var/ipcop/openvpn/server.conf\n";
- print CONF "\n";
- print CONF "overwriteccfiles=false\n";
- print CONF "\n";
- print CONF "server\n";
- print CONF "{\n";
- print CONF " acctport=$radiussettings{RADIUS_ACCTPORT}\n";
- print CONF " authport=$radiussettings{RADIUS_AUTHPORT}\n";
- print CONF " name=$radiussettings{RADIUS_HOST}\n";
- print CONF " retry=$radiussettings{RADIUS_RETRY}\n";
- print CONF " wait=$radiussettings{RADIUS_TIMEOUT}\n";
- print CONF " sharedsecret=$radiussettings{RADIUS_PASS1}\n";
- print CONF "}\n";
- print CONF "\n";
- close(CONF);
-}
-
sub writeclientconf {
my $key = shift;
@@ -489,10 +345,7 @@
# }
}
&General::writehash('/var/ipcop/openvpn/settings', \%vpnsettings);
- &writeserverconf();#hier ok
- if ($cgiparams{'RADIUS_ENABLED'} eq 'on') {
- &writeradiusconf();
- }
+ &VPN::writeovpnserverconf();
}
@@ -578,7 +431,7 @@
map($vpnsettings{$_} = $cgiparams{$_},
('ENABLED_BLUE_1', 'ENABLED_RED_1', 'VPN_IP', 'DOVPN_SUBNET',
'DDEVICE', 'DPROTOCOL', 'DDEST_PORT', 'DMTU', 'DCOMPLZO', 'DCIPHER'));
&General::writehash('/var/ipcop/openvpn/settings', \%vpnsettings);
- &writeserverconf();
+ &VPN::writeovpnserverconf();
SETTINGS_ERROR:
###
Modified: ipcop/trunk/src/libs/vpn-functions.pl
===================================================================
--- ipcop/trunk/src/libs/vpn-functions.pl 2015-02-09 14:57:21 UTC (rev
7881)
+++ ipcop/trunk/src/libs/vpn-functions.pl 2015-02-09 14:59:05 UTC (rev
7882)
@@ -13,7 +13,7 @@
# You should have received a copy of the GNU General Public License
# along with IPCop. If not, see <http://www.gnu.org/licenses/>.
#
-# (c) 2009-2012 The IPCop Team
+# (c) 2009-2015 The IPCop Team
#
# $Id$
#
@@ -25,6 +25,11 @@
require '/usr/lib/ipcop/header.pl';
+# netsettings required in several places, read once here for all functions
+my %netsettings = ();
+&General::readhash("/var/ipcop/ethernet/settings", \%netsettings);
+
+
###
### old version: maintain serial number to one, without explication.
### this : let the counter go, so that each cert is numbered.
@@ -153,7 +158,6 @@
sub writeipsecfiles {
my %lconfighash = ();
my %lvpnsettings = ();
- my %netsettings=();
# klips or netkey
my $protostack = (system('/sbin/modinfo ipsec 2>/dev/null')) ? 'netkey' :
'klips';
@@ -375,4 +379,154 @@
close(SECRETS);
}
+
+sub writeovpnradiusconf {
+ my %radiussettings = ();
+ &General::readhash('/var/ipcop/openvpn/settings', \%radiussettings);
+
+ open(CONF, ">/var/ipcop/openvpn/radiusplugin.cnf") or die "Unable to open
/var/ipcop/openvpn/radiusplugin.cnf: $!";
+ flock CONF, 2;
+ print CONF "NAS-Identifier=OpenVPN\n";
+ print CONF "\n";
+ print CONF "Service-Type=5\n";
+ print CONF "\n";
+ print CONF "Framed-Protocol=1\n";
+ print CONF "\n";
+ print CONF "NAS-Port-Type=5\n";
+ print CONF "\n";
+ print CONF "NAS-IP-Address=$netsettings{'GREEN_1_ADDRESS'}\n";
+ print CONF "\n";
+ print CONF "OpenVPNConfig=/var/ipcop/openvpn/server.conf\n";
+ print CONF "\n";
+ print CONF "overwriteccfiles=false\n";
+ print CONF "\n";
+ print CONF "server\n";
+ print CONF "{\n";
+ print CONF " acctport=$radiussettings{RADIUS_ACCTPORT}\n";
+ print CONF " authport=$radiussettings{RADIUS_AUTHPORT}\n";
+ print CONF " name=$radiussettings{RADIUS_HOST}\n";
+ print CONF " retry=$radiussettings{RADIUS_RETRY}\n";
+ print CONF " wait=$radiussettings{RADIUS_TIMEOUT}\n";
+ print CONF " sharedsecret=$radiussettings{RADIUS_PASS1}\n";
+ print CONF "}\n";
+ print CONF "\n";
+ close(CONF);
+}
+
+
+###
+### Write OpenVPN server config
+###
+sub writeovpnserverconf {
+ my %sovpnsettings = ();
+ &General::readhash('/var/ipcop/openvpn/settings', \%sovpnsettings);
+
+ open(CONF, ">/var/ipcop/openvpn/server.conf") or die "Unable to open
/var/ipcop/openvpn/server.conf: $!";
+ flock CONF, 2;
+ print CONF <<END
+# OpenVPN server configuration
+# Do not modify '/var/ipcop/openvpn/server.conf' directly since any changes
+# you make will be overwritten whenever you resave openvpn settings using the
+# web interface!
+
+daemon openvpnserver
+writepid /var/run/openvpn.pid
+dev $sovpnsettings{'DDEVICE'}
+$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}
+proto $sovpnsettings{'DPROTOCOL'}
+port $sovpnsettings{'DDEST_PORT'}
+tls-server
+ca /var/ipcop/ca/cacert.pem
+cert /var/ipcop/certs/hostcert.pem
+key /var/ipcop/certs/hostkey.pem
+dh /var/ipcop/private/dh1024.pem
+script-security 2
+END
+ ;
+ if ($sovpnsettings{RADIUS_ENABLED} eq 'on') {
+ print CONF "plugin /usr/lib/radiusplugin.so
/var/ipcop/openvpn/radiusplugin.cnf\n";
+ }
+ # Make sure server IP settings are written as: server 10.0.10.0
255.255.255.0
+ my $tmpnetaddr = NetAddr::IP->new($sovpnsettings{'DOVPN_SUBNET'});
+ printf CONF sprintf("server %s
%s\n",$tmpnetaddr->network()->addr(),$tmpnetaddr->mask());
+ print CONF "push \"route $netsettings{'GREEN_1_NETADDRESS'}
$netsettings{'GREEN_1_NETMASK'}\"\n" if ($sovpnsettings{'PUSH_GREEN_1'} eq
'on');
+ print CONF "push \"route $netsettings{'BLUE_1_NETADDRESS'}
$netsettings{'BLUE_1_NETMASK'}\"\n" if ($sovpnsettings{'PUSH_BLUE_1'} eq 'on');
+ print CONF "push \"route $netsettings{'ORANGE_1_NETADDRESS'}
$netsettings{'ORANGE_1_NETMASK'}\"\n" if ($sovpnsettings{'PUSH_ORANGE_1'} eq
'on');
+ if ($sovpnsettings{CLIENT2CLIENT} eq 'on') {
+ print CONF "client-to-client\n";
+ }
+ if (($sovpnsettings{'FASTIO'} eq 'on') && ($sovpnsettings{'DPROTOCOL'} eq
'udp')) {
+ print CONF "fast-io\n";
+ }
+ if ($sovpnsettings{'MTUDISC'} eq 'on') {
+ print CONF "mtu-disc yes\n";
+ }
+ if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {
+ print CONF "keepalive $sovpnsettings{'KEEPALIVE_1'}
$sovpnsettings{'KEEPALIVE_2'}\n";
+ }
+ if ($sovpnsettings{'STATICIP'} eq 'on') {
+ print CONF "client-config-dir /var/ipcop/openvpn/ccd\n";
+ print CONF "ccd-exclusive\n";
+ }
+ print CONF "client-connect /usr/local/bin/openvpn.sh\n";
+ print CONF "client-disconnect /usr/local/bin/openvpn.sh\n";
+ print CONF "status-version 1\n";
+ print CONF "status /var/log/openvpnserver.log 30\n";
+ print CONF "cipher $sovpnsettings{DCIPHER}\n";
+ if ($sovpnsettings{DCOMPLZO} eq 'on') {
+ print CONF "comp-lzo\n";
+ }
+ if ($sovpnsettings{REDIRECT_GW_DEF1} eq 'on') {
+ print CONF "push \"redirect-gateway def1\"\n";
+ }
+ if ($sovpnsettings{DHCP_DOMAIN} ne '') {
+ print CONF "push \"dhcp-option DOMAIN $sovpnsettings{DHCP_DOMAIN}\"\n";
+ }
+ if ($sovpnsettings{DHCP_DNS1} ne '') {
+ print CONF "push \"dhcp-option DNS $sovpnsettings{DHCP_DNS1}\"\n";
+ }
+ if ($sovpnsettings{DHCP_DNS2} ne '') {
+ print CONF "push \"dhcp-option DNS $sovpnsettings{DHCP_DNS2}\"\n";
+ }
+ if ($sovpnsettings{DHCP_NTP1} ne '') {
+ print CONF "push \"dhcp-option NTP $sovpnsettings{DHCP_NTP1}\"\n";
+ }
+ if ($sovpnsettings{DHCP_NTP2} ne '') {
+ print CONF "push \"dhcp-option NTP $sovpnsettings{DHCP_NTP2}\"\n";
+ }
+ if ($sovpnsettings{DHCP_WINS1} ne '') {
+ print CONF "push \"dhcp-option WINS $sovpnsettings{DHCP_WINS1}\"\n";
+ }
+ if ($sovpnsettings{DHCP_WINS2} ne '') {
+ print CONF "push \"dhcp-option WINS $sovpnsettings{DHCP_WINS2}\"\n";
+ }
+
+ if ($sovpnsettings{MAX_CLIENTS} eq '') {
+ print CONF "max-clients 100\n";
+ }
+ else {
+ print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n";
+ }
+ print CONF "tls-verify /usr/local/bin/openvpnverify\n";
+ print CONF "crl-verify /var/ipcop/crls/cacrl.pem\n";
+ print CONF "user nobody\n";
+ print CONF "group nobody\n";
+ print CONF "persist-key\n";
+ print CONF "persist-tun\n";
+ if ($sovpnsettings{LOG_VERB} ne '') {
+ print CONF "verb $sovpnsettings{LOG_VERB}\n";
+ }
+ else {
+ print CONF "verb 3\n";
+ }
+ print CONF "\n";
+
+ close(CONF);
+
+ if ($sovpnsettings{'RADIUS_ENABLED'} eq 'on') {
+ &VPN::writeovpnradiusconf();
+ }
+}
+
+
1;
Modified: ipcop/trunk/updates/2.2.0/ROOTFILES.i486-2.2.0
===================================================================
--- ipcop/trunk/updates/2.2.0/ROOTFILES.i486-2.2.0 2015-02-09 14:57:21 UTC
(rev 7881)
+++ ipcop/trunk/updates/2.2.0/ROOTFILES.i486-2.2.0 2015-02-09 14:59:05 UTC
(rev 7882)
@@ -3,7 +3,9 @@
/etc/rc.d/rc.red
/etc/rc.d/rc.sysinit
/home/httpd/cgi-bin/logsystem.cgi
+/home/httpd/cgi-bin/openvpn.cgi
/home/httpd/cgi-bin/updates.cgi
+/usr/lib/ipcop/vpn-functions.pl
/usr/local/bin/accountingctrl
/usr/local/bin/conntrack_helper
/usr/local/bin/emailhelper
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
