├── openvpn ├── VERSION ├── AUTHORS ├── lang │ ├── de │ └── it ├── images │ ├── icon.gif │ ├── listca.gif │ ├── listvpn.gif │ ├── openvpn.gif │ ├── openvpn1.gif │ └── listactiveconnect.gif ├── help │ ├── ca.it.html │ ├── monitor.it.html │ ├── static.it.html │ ├── openvpn.it.html │ ├── intro.en.html │ ├── intro.html │ ├── intro.it.html │ └── structure.it.html ├── module.info ├── config-*-linux ├── config ├── config-freebsd ├── config-netbsd ├── config-openbsd ├── CONTRIBUTORS ├── config.info ├── verify_ca.cgi ├── view_key.cgi ├── config.info.it ├── verify_key.cgi ├── config.info.it.UTF-8 ├── remove_ca.cgi ├── remove_static_vpn.cgi ├── remove_client.cgi ├── action_vpn.cgi ├── actions.cgi ├── remove_client_connected.cgi ├── view_ca.cgi ├── remove_vpn.cgi ├── remove_key.cgi ├── create_ca.cgi ├── create_key.cgi ├── export_key.cgi ├── log_vpn.cgi ├── clientlist_vpn.cgi ├── listca.cgi ├── br_scripts │ ├── bridge_end │ └── bridge_start ├── index.cgi ├── export_client.cgi ├── new_client.cgi ├── HISTORY.IT ├── keyslist_ca.cgi ├── HISTORY.EN ├── modify_client.cgi ├── listactiveconnect.cgi ├── new_vpn.cgi ├── modify_vpn.cgi ├── new_static_vpn.cgi ├── openvpn-ssl.cnf ├── listvpn.cgi ├── modify_static_vpn.cgi ├── ChangeLog └── create_client.cgi ├── openvpn.wbm.gz └── README /openvpn/VERSION: -------------------------------------------------------------------------------- 1 | 3.3 -------------------------------------------------------------------------------- /openvpn/AUTHORS: -------------------------------------------------------------------------------- 1 | Open IT Sr.l. 2 | -------------------------------------------------------------------------------- /openvpn.wbm.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/a-schild/webmin-openvpn-debian-jessie/HEAD/openvpn.wbm.gz -------------------------------------------------------------------------------- /openvpn/lang/de: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/a-schild/webmin-openvpn-debian-jessie/HEAD/openvpn/lang/de -------------------------------------------------------------------------------- /openvpn/lang/it: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/a-schild/webmin-openvpn-debian-jessie/HEAD/openvpn/lang/it -------------------------------------------------------------------------------- /openvpn/images/icon.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/a-schild/webmin-openvpn-debian-jessie/HEAD/openvpn/images/icon.gif -------------------------------------------------------------------------------- /openvpn/images/listca.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/a-schild/webmin-openvpn-debian-jessie/HEAD/openvpn/images/listca.gif -------------------------------------------------------------------------------- /openvpn/images/listvpn.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/a-schild/webmin-openvpn-debian-jessie/HEAD/openvpn/images/listvpn.gif -------------------------------------------------------------------------------- /openvpn/images/openvpn.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/a-schild/webmin-openvpn-debian-jessie/HEAD/openvpn/images/openvpn.gif -------------------------------------------------------------------------------- /openvpn/images/openvpn1.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/a-schild/webmin-openvpn-debian-jessie/HEAD/openvpn/images/openvpn1.gif -------------------------------------------------------------------------------- /openvpn/images/listactiveconnect.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/a-schild/webmin-openvpn-debian-jessie/HEAD/openvpn/images/listactiveconnect.gif -------------------------------------------------------------------------------- /openvpn/help/ca.it.html: -------------------------------------------------------------------------------- 1 |
CA Key
2 | 3 | 4 |
5 | Creato da OPENIT S.r.l. 6 |

7 | Indice 8 | -------------------------------------------------------------------------------- /openvpn/help/monitor.it.html: -------------------------------------------------------------------------------- 1 |

Monitor
2 | 3 | 4 |
5 | Creato da OPENIT S.r.l. 6 |

7 | Indice 8 | 9 | -------------------------------------------------------------------------------- /openvpn/help/static.it.html: -------------------------------------------------------------------------------- 1 |

Static Key
2 | 3 | 4 |
5 | Creato da OPENIT S.r.l. 6 |

7 | Indice 8 | 9 | -------------------------------------------------------------------------------- /openvpn/module.info: -------------------------------------------------------------------------------- 1 | name=OpenVPN 2 | category=servers 3 | os_support=*-linux freebsd openbsd netbsd 4 | desc=OpenVPN + CA 5 | desc_it=OpenVPN + CA 6 | depends=1.250 7 | version=1.250 8 | readonly=1 9 | -------------------------------------------------------------------------------- /openvpn/help/openvpn.it.html: -------------------------------------------------------------------------------- 1 |

OpenVPN
2 | 3 |

4 | Puoi trovare documentazione esaustiva su
5 | OpenVPN site
6 | o varie interfaccie grafiche per vasi S.O. sul sito di
7 | OpenVPN
8 |
9 |
10 |
11 | Creato da OPENIT S.r.l. 12 |

13 | Indice 14 | 15 | -------------------------------------------------------------------------------- /openvpn/config-*-linux: -------------------------------------------------------------------------------- 1 | openvpn_home=/etc/openvpn 2 | openvpn_clients_subdir=clients 3 | openvpn_servers_subdir=servers 4 | openvpn_path=/usr/sbin/openvpn 5 | openvpn_keys_subdir=keys 6 | openvpn_pid_path=/var/run 7 | openvpn_pid_prefix=openvpn/ 8 | openvpn_version=2.0_rc16 9 | openssl_home=/etc/openvpn/openvpn-ssl.cnf 10 | openssl_path=/usr/bin/openssl 11 | openssl_version=0.9.7e 12 | start_cmd=systemctl start openvpn@%s 13 | stop_cmd=systemctl stop openvpn@%s 14 | status_cmd=systemctl status openvpn@%s 15 | br_start_cmd=/opt/webmin/openvpn/br_scripts/bridge_start 16 | br_end_cmd=/opt/webmin/openvpn/br_scripts/bridge_end 17 | down_root_plugin=/opt/webmin/openvpn/ovpn_plugin/openvpn-plugin-down-root.so 18 | zip_cmd=/usr/bin/zip 19 | log_lines=200 20 | -------------------------------------------------------------------------------- /openvpn/config: -------------------------------------------------------------------------------- 1 | openvpn_home=/etc/openvpn 2 | openvpn_clients_subdir=clients 3 | openvpn_servers_subdir=servers 4 | openvpn_path=/usr/sbin/openvpn 5 | openvpn_keys_subdir=keys 6 | openvpn_pid_path=/var/run 7 | openvpn_pid_prefix=openvpn/ 8 | openvpn_version=2.4.0 9 | openssl_home=/etc/openvpn/openvpn-ssl.cnf 10 | openssl_path=/usr/bin/openssl 11 | openssl_version=1.0.1 12 | start_cmd=systemctl start openvpn@%s 13 | stop_cmd=systemctl stop openvpn@%s 14 | status_cmd=systemctl status openvpn@%s 15 | br_start_cmd=/usr/share/webmin/openvpn/br_scripts/bridge_start 16 | br_end_cmd=/usr/share/webmin/openvpn/br_scripts/bridge_end 17 | down_root_plugin=/usr/share/webmin/openvpn/ovpn_plugin/openvpn-plugin-down-root.so 18 | zip_cmd=/usr/bin/zip 19 | log_lines=200 20 | -------------------------------------------------------------------------------- /openvpn/config-freebsd: -------------------------------------------------------------------------------- 1 | openvpn_home=/usr/local/etc/openvpn 2 | openvpn_clients_subdir=clients 3 | openvpn_servers_subdir=servers 4 | openvpn_path=/usr/local/sbin/openvpn 5 | openvpn_keys_subdir=keys 6 | openvpn_pid_path=/var/run 7 | openvpn_pid_prefix= 8 | openssl_home=/usr/local/etc/openvpn/openvpn-ssl.cnf 9 | openssl_path=/usr/local/bin/openssl 10 | start_cmd=/usr/local/etc/rc.d/openvpn start %s 11 | stop_cmd=/usr/local/etc/rc.d/openvpn stop %s 12 | status_cmd=test -s /var/run/openvpn.pid/openvpn.%s.pid 13 | br_start_cmd=/usr/share/webmin/openvpn/br_scripts/bridge_start 14 | br_end_cmd=/usr/share/webmin/openvpn/br_scripts/bridge_end 15 | down_root_plugin=/usr/share/webmin/openvpn/ovpn_plugin/openvpn-plugin-down-root.so 16 | zip_cmd=/usr/local/bin/zip 17 | log_lines=200 18 | -------------------------------------------------------------------------------- /openvpn/config-netbsd: -------------------------------------------------------------------------------- 1 | openvpn_home=/usr/local/etc/openvpn 2 | openvpn_clients_subdir=clients 3 | openvpn_servers_subdir=servers 4 | openvpn_path=/usr/local/sbin/openvpn 5 | openvpn_keys_subdir=keys 6 | openvpn_pid_path=/var/run 7 | openvpn_pid_prefix= 8 | openssl_home=/usr/local/etc/openvpn/openvpn-ssl.cnf 9 | openssl_path=/usr/local/bin/openssl 10 | start_cmd=/usr/local/etc/rc.d/openvpn start %s 11 | stop_cmd=/usr/local/etc/rc.d/openvpn stop %s 12 | status_cmd=test -s /var/run/openvpn.pid/openvpn.%s.pid 13 | br_start_cmd=/usr/share/webmin/openvpn/br_scripts/bridge_start 14 | br_end_cmd=/usr/share/webmin/openvpn/br_scripts/bridge_end 15 | down_root_plugin=/usr/share/webmin/openvpn/ovpn_plugin/openvpn-plugin-down-root.so 16 | zip_cmd=/usr/local/bin/zip 17 | log_lines=200 18 | -------------------------------------------------------------------------------- /openvpn/config-openbsd: -------------------------------------------------------------------------------- 1 | openvpn_home=/usr/local/etc/openvpn 2 | openvpn_clients_subdir=clients 3 | openvpn_servers_subdir=servers 4 | openvpn_path=/usr/local/sbin/openvpn 5 | openvpn_keys_subdir=keys 6 | openvpn_pid_path=/var/run 7 | openvpn_pid_prefix= 8 | openssl_home=/usr/local/etc/openvpn/openvpn-ssl.cnf 9 | openssl_path=/usr/local/bin/openssl 10 | start_cmd=/usr/local/etc/rc.d/openvpn start %s 11 | stop_cmd=/usr/local/etc/rc.d/openvpn stop %s 12 | status_cmd=test -s /var/run/openvpn.pid/openvpn.%s.pid 13 | br_start_cmd=/usr/share/webmin/openvpn/br_scripts/bridge_start 14 | br_end_cmd=/usr/share/webmin/openvpn/br_scripts/bridge_end 15 | down_root_plugin=/usr/share/webmin/openvpn/ovpn_plugin/openvpn-plugin-down-root.so 16 | zip_cmd=/usr/local/bin/zip 17 | log_lines=200 18 | -------------------------------------------------------------------------------- /openvpn/CONTRIBUTORS: -------------------------------------------------------------------------------- 1 | Gustavo Fukao :=> configuration for freebsd 2 | H.Spaethe (Ivan Dolvich) :=> implementation server bridge and translation in german and english 3 | Olivier Beaudet :=> implementation textarea static key in Static VPN 4 | Alexander Predeschly :=> Resolved configuration proto TCP 5 | Pierpaolo Palazzo "Pierpaolo Palazzo" :=> use on CentOS 6 | Percivaldi Daniele :=> configuration the prefix of pid 7 | Florian Lagg | IT-Valentin.at :=> year date of expired ca in 4 digit 8 | Fulvio Fusco :=> suggestion for VPN bridge server 9 | Stefano Buelow :=> suggestion for VPN cipher server 10 | Falco Vennedey (Heidelberg IT) :=> suggestion for start/stop/status cmd 11 | Andre Schild (Aarboard AG) :=> Update with new features -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | This is the 3.3 version of the OpenVPN plugin for webmin. 2 | Since the original development does not use a VCS i try to import new versions once in a while into this repository. 3 | 4 | # Dev & Build 5 | 6 | After doing changes, build module package by simply using tar 7 | 8 | $ git clone https://github.com/a-schild/webmin-openvpn-debian-jessie.git . 9 | $ ... apply your changes in openvpn/* 10 | $ tar -cvzf openvpn.wbm.gz openvpn/ 11 | 12 | # Install 13 | 14 | If you have a previous version running, remove it first: 15 | 16 | - Login to Webmin interface 17 | - Webmin > Webmin Configuration > Webmin Modules > Delete > OpenVPN + CA 18 | - Remove the module configuration from /etc/webmin/openvpn/config 19 | 20 | Now install the patched version: 21 | 22 | - Login to Webmin interface. 23 | - Webmin > Webmin Configuration > Webmin Modules > Install 24 | - Click "From ftp or http URL" 25 | - https://github.com/a-schild/webmin-openvpn-debian-jessie/raw/master/openvpn.wbm.gz 26 | - Click "Install Module" 27 | -------------------------------------------------------------------------------- /openvpn/help/intro.en.html: -------------------------------------------------------------------------------- 1 |

OpenVPN Administration Panel
2 | 3 | Da questa interfaccia puoi configurare OpenVPN 2.0 in due 4 | differenti maniere: 5 | 12 | 13 | Il documento descrive come il modulo sia implementato 14 | e tutte le configurazioni per poterlo utilizzare al 15 |

16 | 17 | Da quest'interfaccia potete scaricare i client con le configurazioni 18 | creare e revocare e rimuovere sia le CA che le keys 19 |

20 | Ed ovviamente creare, rimuovere, stoppare o attivare qualsiasi OpenVPN 21 | server come lo fareste tramite la command line cosiccome creare 22 | e rimuovere i clients, ma con la facilita' di un interfaccia 23 | grafica semplice. 24 |

25 | Potete inoltre monitorare le connessioni attive sulle VPN di tipo 26 | Client-Server e dallo stesso posto escludere un client. 27 |

28 |
29 |

30 | Creato da OPENIT S.r.l. 31 | 32 | -------------------------------------------------------------------------------- /openvpn/help/intro.html: -------------------------------------------------------------------------------- 1 |
OpenVPN Administration Panel
2 | 3 | Da questa interfaccia puoi configurare OpenVPN 2.0 in due 4 | differenti maniere: 5 | 12 | 13 | Il documento descrive come il modulo sia implementato 14 | e tutte le configurazioni per poterlo utilizzare al 15 |

16 | 17 | Da quest'interfaccia potete scaricare i client con le configurazioni 18 | creare e revocare e rimuovere sia le CA che le keys 19 |

20 | Ed ovviamente creare, rimuovere, stoppare o attivare qualsiasi OpenVPN 21 | server come lo fareste tramite la command line cosiccome creare 22 | e rimuovere i clients, ma con la facilita' di un interfaccia 23 | grafica semplice. 24 |

25 | Potete inoltre monitorare le connessioni attive sulle VPN di tipo 26 | Client-Server e dallo stesso posto escludere un client. 27 |

28 |
29 |

30 | Creato da OPENIT S.r.l. 31 | 32 | -------------------------------------------------------------------------------- /openvpn/help/intro.it.html: -------------------------------------------------------------------------------- 1 |
OpenVPN Administration Panel
2 | 3 | Da questa interfaccia puoi configurare OpenVPN 2.0 in due 4 | differenti maniere: 5 | 12 | 13 | Il documento descrive come il modulo sia implementato 14 | e tutte le configurazioni per poterlo utilizzare al 15 |

16 | 17 | Da quest'interfaccia potete scaricare i client con le configurazioni 18 | creare e revocare e rimuovere sia le CA che le keys 19 |

20 | Ed ovviamente creare, rimuovere, stoppare o attivare qualsiasi OpenVPN 21 | server come lo fareste tramite la command line cosiccome creare 22 | e rimuovere i clients, ma con la facilita' di un interfaccia 23 | grafica semplice. 24 |

25 | Potete inoltre monitorare le connessioni attive sulle VPN di tipo 26 | Client-Server e dallo stesso posto escludere un client. 27 |

28 |
29 |

30 | Creato da OPENIT S.r.l. 31 | 32 | -------------------------------------------------------------------------------- /openvpn/config.info: -------------------------------------------------------------------------------- 1 | line1=System options,11 2 | openvpn_home=OpenVPN Home (*),0 3 | default_server=Server Hint for Clients (*),0 4 | openvpn_clients_subdir=Clients Subdir (relative to OpenVPN Home) (*),0 5 | openvpn_servers_subdir=Servers Subdir (relative to OpenVPN Home) (*),0 6 | openvpn_path=Full path to openvpn (*),0 7 | openvpn_keys_subdir=Keys Subdir (*),0 8 | openvpn_pid_path=PID file path of running OpenVPN processes (*),0 9 | openvpn_pid_prefix=PID file prefix of OpenVPN processes,0 10 | openvpn_version=OpenVPN version,0 11 | openssl_home=OpenSSL cnf batch file (*),0 12 | openssl_path=Full path to ssl (*),0 13 | openssl_version=SSL version,0 14 | start_cmd=Command to start OpenVPN (*),0 15 | stop_cmd=Command to stop OpenVPN (*),0 16 | status_cmd=Command to get status OpenVPN (*),0 17 | zip_cmd=Zip Command,0 18 | log_lines=Number of lines of log file to display,0,6 19 | log_refresh=Seconds between log view refreshes,3,Never 20 | tail_cmd=Tail command and arguments (LINES parameter required),3,Default (tail -n LINES) 21 | line2=If you use bridge device,11 22 | br_start_cmd=Command to start Bridge,0 23 | br_end_cmd=Command to stop Bridge,0 24 | down_root_plugin=Path to DOWN-ROOT-PLUGIN,0 25 | line3=(*) Required fields,11 26 | -------------------------------------------------------------------------------- /openvpn/verify_ca.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | # intestazione pagina 18 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 19 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 20 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 21 | 22 | &verify_CA($in{'file_name'}); 23 | 24 | print "

"; 25 | 26 | #footer della pagina 27 | &footer("listca.cgi", $text{'listca_title'}); 28 | -------------------------------------------------------------------------------- /openvpn/view_key.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | # intestazione pagina 18 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 19 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 20 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 21 | 22 | &view_key(\%in); 23 | 24 | print "

"; 25 | 26 | #footer della pagina 27 | &footer("keyslist_ca.cgi?file_name=".$in{'ca_name'}, $text{'keyslistca'}.' '.$in{'ca_name'}); 28 | -------------------------------------------------------------------------------- /openvpn/config.info.it: -------------------------------------------------------------------------------- 1 | line1=Opzioni di sistema,11 2 | openvpn_home=Home di OpenVPN (*),0 3 | default_server=Server di default per i Clients (*),0 4 | openvpn_clients_subdir=Clients Subdir (relativo alla Home di OpenVPN) (*),0 5 | openvpn_servers_subdir=Servers Subdir (relativo alla Home di OpenVPN) (*),0 6 | openvpn_path=Path completo di openvpn (*),0 7 | openvpn_keys_subdir=Sottocartella chiavi (*),0 8 | openvpn_pid_path=Path dei PID files dei processi OpenVPN attivi (*),0 9 | openvpn_pid_prefix=Prefisso dei PID files dei processi OpenVPN,0 10 | openvpn_version=Versione di OpenVPN,0 11 | openssl_home=File cnf batch di OpenSSL (*),0 12 | openssl_path=Path completo di ssl (*),0 13 | openssl_version=Versione di SSL,0 14 | start_cmd=Comando per inizializzare OpenVPN (*),0 15 | stop_cmd=Comando per stoppare OpenVPN (*),0 16 | zip_cmd=Comando zip,0 17 | log_lines=Numero righe da visualizzare nei Log,0,6 18 | log_refresh=Refresh nella visualizzazione dei Log (sec),3,Mai 19 | tail_cmd=Comando Tail per lettura Log (parametro LINES obbligatorio),3,Default (tail -n LINES) 20 | line2=Se vuoi utilizare i bridge device,11 21 | br_start_cmd=Comando per lo start Bridge,0 22 | br_end_cmd=Comando per lo stop Bridge,0 23 | down_root_plugin=Path per DOWN-ROOT-PLUGIN,0 24 | line3=(*) Informazioni obbligatorie,11 25 | -------------------------------------------------------------------------------- /openvpn/verify_key.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | # intestazione pagina 18 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 19 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 20 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 21 | 22 | &verify_key(\%in); 23 | 24 | print "

"; 25 | 26 | #footer della pagina 27 | &footer("keyslist_ca.cgi?file_name=".$in{'ca_name'}, $text{'keyslistca'}.' '.$in{'ca_name'}); 28 | -------------------------------------------------------------------------------- /openvpn/config.info.it.UTF-8: -------------------------------------------------------------------------------- 1 | line1=Opzioni di sistema,11 2 | openvpn_home=Home di OpenVPN (*),0 3 | default_server=Server di default per i Clients (*),0 4 | openvpn_clients_subdir=Clients Subdir (relativo alla Home di OpenVPN) (*),0 5 | openvpn_servers_subdir=Servers Subdir (relativo alla Home di OpenVPN) (*),0 6 | openvpn_path=Path completo di openvpn (*),0 7 | openvpn_keys_subdir=Sottocartella chiavi (*),0 8 | openvpn_pid_path=Path dei PID files dei processi OpenVPN attivi (*),0 9 | openvpn_pid_prefix=Prefisso dei PID files dei processi OpenVPN,0 10 | openvpn_version=Versione di OpenVPN,0 11 | openssl_home=File cnf batch di OpenSSL (*),0 12 | openssl_path=Path completo di ssl (*),0 13 | openssl_version=Versione di SSL,0 14 | start_cmd=Comando per inizializzare OpenVPN (*),0 15 | stop_cmd=Comando per stoppare OpenVPN (*),0 16 | zip_cmd=Comando zip,0 17 | log_lines=Numero righe da visualizzare nei Log,0,6 18 | log_refresh=Refresh nella visualizzazione dei Log (sec),3,Mai 19 | tail_cmd=Comando Tail per lettura Log (parametro LINES obbligatorio),3,Default (tail -n LINES) 20 | line2=Se vuoi utilizare i bridge device,11 21 | br_start_cmd=Comando per lo start Bridge,0 22 | br_end_cmd=Comando per lo stop Bridge,0 23 | down_root_plugin=Path per DOWN-ROOT-PLUGIN,0 24 | line3=(*) Informazioni obbligatorie,11 25 | -------------------------------------------------------------------------------- /openvpn/remove_ca.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | &remove_CA($in{'file_name'}); 18 | 19 | # intestazione pagina 20 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 21 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 22 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 23 | 24 | print "
"; 25 | # start tabella 26 | print "\n"; 27 | print "\n"; 28 | print "\n"; 29 | # stop tabella 30 | print "
".$text{'ca_removed'}."
\n"; 31 | print "

"; 32 | 33 | #footer della pagina 34 | &footer("listca.cgi", $text{'listca_title'}); 35 | -------------------------------------------------------------------------------- /openvpn/remove_static_vpn.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | # intestazione pagina 18 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 19 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 20 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 21 | 22 | print "
"; 23 | 24 | &remove_static_vpn($in{'vpn'}); 25 | 26 | print "\n"; 27 | print "\n"; 28 | print "
".$in{'vpn'}.': '.$text{'vpn_static_removed'}."
\n"; 29 | 30 | print "

"; 31 | 32 | #footer della pagina 33 | &footer("listvpn.cgi", $text{'listserver_title'}); 34 | -------------------------------------------------------------------------------- /openvpn/remove_client.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | &ReadVPNConf(); 18 | &ReadClientConf(); 19 | $in{'CLIENT_NAME'} = $in{'client'}; 20 | &ReadFieldsCA($in{'CA_NAME'}); 21 | $in{'ca_name'} = $in{'CA_NAME'}; 22 | $in{'key_name'} = $in{'CLIENT_NAME'}; 23 | 24 | # intestazione pagina 25 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 26 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 27 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 28 | 29 | print "
"; 30 | 31 | &remove_client($in{'client'},$in{'vpn'}); 32 | 33 | print "\n"; 34 | print "\n"; 35 | print "
".$in{'CLIENT_NAME'}.': '.$text{'client_removed'}."
\n"; 36 | 37 | print "

"; 38 | 39 | #footer della pagina 40 | &footer("clientlist_vpn.cgi?vpn=".$in{'vpn'}, $text{'list_client_vpn'}." ".$in{'vpn'}); 41 | -------------------------------------------------------------------------------- /openvpn/action_vpn.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | if ($in{'action'} eq "start" and $config{'start_cmd'}) { 18 | $rv = &system_logged(sprintf($config{'start_cmd'},$in{'vpn'}).">/dev/null 2>&1 /dev/null 2>&1 /dev/null 2>&1 /dev/null 2>&1 /dev/null 2>&1 /dev/null 2>&1 /dev/null 2>&1 $wgettmpfile 2>&1"); # check the online file 35 | # $rv = &system_logged("grep 'ERROR [4][0-9][0-9]' $wgettmpfile"); # any errors during download? 36 | # if ( ! $rv ) { 37 | # &error("HTTP error ", $rv); # show the error to the user 38 | # } 39 | } else { 40 | &error(&text('cmdabsent')); 41 | } 42 | 43 | &redirect("index.cgi"); -------------------------------------------------------------------------------- /openvpn/remove_client_connected.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | &ReadVPNConf(); 18 | &ReadClientConf(); 19 | $in{'CLIENT_NAME'} = $in{'client'}; 20 | &ReadFieldsCA($in{'CA_NAME'}); 21 | $in{'ca_name'} = $in{'CA_NAME'}; 22 | $in{'key_name'} = $in{'CLIENT_NAME'}; 23 | 24 | # intestazione pagina 25 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 26 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 27 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 28 | 29 | print "
"; 30 | 31 | unlink($config{'openvpn_home'}.'/'.$config{'openvpn_servers_subdir'}.'/'.$in{'vpn'}.'/ccd/'.$in{'client'}); 32 | 33 | print "\n"; 34 | print "\n"; 35 | print "
".$in{'CLIENT_NAME'}.': '.$text{'client_ccd_removed'}."
\n"; 36 | 37 | &disconnect_client(\%in); 38 | 39 | if ($ok == 0) { 40 | print "\n"; 41 | print "\n"; 42 | print "
".$in{'CLIENT_NAME'}.': '.$text{'client_disconnected'}."
\n"; 43 | } else { 44 | print "\n"; 45 | print "\n"; 46 | print "
".$in{'CLIENT_NAME'}.': '.$text{'client_not_disconnected'}.': '.$ok."
\n"; 47 | } 48 | 49 | print "

"; 50 | 51 | if ($in{'all'} == 1) { 52 | &footer("listactiveconnect.cgi",$text{'listactiveconnect_title'}); 53 | } else { 54 | #footer della pagina 55 | &footer("clientlist_vpn.cgi?vpn=".$in{'vpn'}, $text{'list_client_vpn'}." ".$in{'vpn'}); 56 | } -------------------------------------------------------------------------------- /openvpn/view_ca.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | &ReadFieldsCA($in{'file_name'}); 18 | 19 | # intestazione pagina 20 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 21 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 22 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 23 | 24 | print "
"; 25 | if (keys %{$info_ca}) { 26 | print &ui_table_start($text{'viewca_title'},'',2); 27 | print &ui_table_row($text{'ca_ca_name'}, $$info_ca{'CA_NAME'},'',[ 'nowrap',1 ]); 28 | print &ui_table_row($text{'ca_key_config'}, $$info_ca{'KEY_CONFIG'},'',[ 'nowrap',1 ]); 29 | print &ui_table_row($text{'ca_key_dir'}, $$info_ca{'KEY_DIR'},'',[ 'nowrap',1 ]); 30 | print &ui_table_row($text{'ca_key_size'}, $$info_ca{'KEY_SIZE'},'',[ 'nowrap',1 ]); 31 | print &ui_table_row($text{'ca_ca_expire'}, $$info_ca{'CA_EXPIRE'},'',[ 'nowrap',1 ]); 32 | print &ui_table_row($text{'country'}, $$info_ca{'KEY_COUNTRY'},'',[ 'nowrap',1 ]); 33 | print &ui_table_row($text{'province'}, $$info_ca{'KEY_PROVINCE'},'',[ 'nowrap',1 ]); 34 | print &ui_table_row($text{'city'}, $$info_ca{'KEY_CITY'},'',[ 'nowrap',1 ]); 35 | print &ui_table_row($text{'org'}, $$info_ca{'KEY_ORG'},'',[ 'nowrap',1 ]); 36 | print &ui_table_row($text{'email'}, $$info_ca{'KEY_EMAIL'},'',[ 'nowrap',1 ])."\n"; 37 | print &ui_table_end(); 38 | } else { 39 | # start tabella 40 | print "\n"; 41 | # th row 42 | print ""; 43 | print "\n"; 44 | print "\n"; 45 | # stop tabella 46 | print "
".$text{'no_data_ca'}."
\n"; 47 | } 48 | print "

"; 49 | 50 | #footer della pagina 51 | &footer("listca.cgi", $text{'listca_title'}); 52 | -------------------------------------------------------------------------------- /openvpn/remove_vpn.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | &ReadVPNConf(); 18 | &ReadFieldsCA($in{'ca'}); 19 | 20 | # intestazione pagina 21 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 22 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 23 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 24 | 25 | print "
"; 26 | 27 | opendir D,$config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'; 28 | @clients = readdir D; 29 | closedir D; 30 | 31 | foreach $key (@clients) { 32 | if (-d $config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$key and $key =~ /\w/) { 33 | $in{'client'} = $key; 34 | $in{'CLIENT_NAME'} = $in{'client'}; 35 | 36 | &ReadClientConf(); 37 | 38 | &ReadFieldsCA($in{'CA_NAME'}); 39 | $in{'ca_name'} = $in{'CA_NAME'}; 40 | $in{'key_name'} = $in{'CLIENT_NAME'}; 41 | 42 | &remove_client($in{'client'},$in{'vpn'}); 43 | 44 | print "\n"; 45 | print "\n"; 46 | print "
".$in{'client'}.': '.$text{'client_removed'}."
\n"; 47 | 48 | &revoke_key(\%in); 49 | 50 | print "\n"; 51 | print "\n"; 52 | print "
".$in{'key_name'}.': '.$text{'key_revoked'}."
\n"; 53 | } 54 | } 55 | 56 | print "

"; 57 | 58 | &remove_vpn($in{'vpn'}); 59 | 60 | print "\n"; 61 | print "\n"; 62 | print "
".$in{'vpn'}.': '.$text{'vpn_removed'}."
\n"; 63 | 64 | print "

"; 65 | 66 | #footer della pagina 67 | &footer("listvpn.cgi", $text{'listserver_title'}); 68 | -------------------------------------------------------------------------------- /openvpn/remove_key.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | &ReadFieldsCA($in{'ca_name'}); 18 | 19 | # intestazione pagina 20 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 21 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 22 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 23 | 24 | # chiave server 25 | if (-f $config{'openvpn_home'}.'/'.$config{'openvpn_keys_subdir'}.'/'.$in{'ca_name'}.'/'.$in{'key_name'}.'.server') { 26 | ($listvpn,$list_static_vpn) = &ReadVPN(); 27 | foreach $key (keys %{$listvpn}) { 28 | if ($$listvpn{$key}{VPN_ACTION} == 1 and $$listvpn{$key}{'key'} =~ /^$config{'openvpn_keys_subdir'}\/$$listvpn{$key}{'CA_NAME'}\/$in{'key_name'}\.key$/) { 29 | #stoppo il server 30 | $rv = &system_logged("$config{'stop_cmd'} $$listvpn{$key}{'VPN_NAME'} >/dev/null 2>&1 '; } 33 | } 34 | } 35 | # chiave client 36 | } else { 37 | opendir D,$config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}; 38 | @servers = readdir D; 39 | closedir D; 40 | foreach $vpn (@servers) { 41 | if (-d $config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$vpn and $vpn =~ /\w/) { 42 | opendir D,$config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$vpn; 43 | @clients = readdir D; 44 | closedir D; 45 | foreach $client (@clients) { 46 | if ($client eq $in{'key_name'}) { 47 | #cancello il client 48 | &remove_client($client,$vpn); 49 | } 50 | } 51 | } 52 | } 53 | } 54 | 55 | &remove_key(\%in); 56 | 57 | print "\n"; 58 | print "\n"; 59 | print "
".$in{'key_name'}.': '.$text{'key_removed'}."
\n"; 60 | 61 | print "

"; 62 | 63 | #footer della pagina 64 | &footer("keyslist_ca.cgi?file_name=".$in{'ca_name'}, $text{'keyslistca'}.' '.$in{'ca_name'}); 65 | -------------------------------------------------------------------------------- /openvpn/create_ca.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | @fields = ('CA_NAME','CA_EXPIRE','KEY_SIZE','KEY_CONFIG','KEY_DIR','KEY_COUNTRY','KEY_PROVINCE','KEY_CITY','KEY_ORG','KEY_EMAIL'); 18 | 19 | # Controlli parametri form 20 | $in{'CA_NAME'} = lc($in{'CA_NAME'}); 21 | if (($in{'CA_NAME'} !~ /^[a-zA-Z0-9_\-\.]{4,}$/) or ($in{'CA_NAME'} =~ /\.{2,}/) or ($in{'CA_NAME'} =~ /\.$/)){ 22 | &error($text{'error_ca_name_1'}." $&"); 23 | } 24 | 25 | if ($in{'KEY_CONFIG'} !~ /\S/) { 26 | &error($text{'error_key_config_1'}); 27 | } elsif (!-s $in{'KEY_CONFIG'}) { 28 | &error($text{'error_key_config_2'}); 29 | } 30 | 31 | if ($in{'CA_EXPIRE'} =~ /\D/) { 32 | &error($text{'error_ca_expire'}); 33 | } 34 | 35 | if ($in{'KEY_COUNTRY'} !~ /\S/) { 36 | &error($text{'error_key_country'}); 37 | } 38 | 39 | if ($in{'KEY_PROVINCE'} !~ /\S/) { 40 | &error($text{'error_key_province'}); 41 | } 42 | 43 | if ($in{'KEY_CITY'} !~ /\S/) { 44 | &error($text{'error_key_city'}); 45 | } 46 | 47 | if ($in{'KEY_ORG'} !~ /\S/) { 48 | &error($text{'error_key_org'}); 49 | } 50 | 51 | if ($in{'KEY_EMAIL'} !~ /\S/) { 52 | &error($text{'error_key_email_1'}); 53 | } elsif ($in{'KEY_EMAIL'} !~ /^\S+@\S+$/) { 54 | &error($text{'error_key_email_2'}); 55 | } 56 | 57 | $in{'KEY_DIR'} = $config{'openvpn_home'}.'/'.$config{'openvpn_keys_subdir'}; 58 | 59 | if (-d $in{'KEY_DIR'}.'/'.$in{'CA_NAME'}) { &error($text{'error_ca_name_2'}); } 60 | 61 | # intestazione pagina 62 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 63 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 64 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 65 | 66 | &create_CA(\%in); 67 | 68 | open CONFIG,">".$in{'KEY_DIR'}."/".$in{'CA_NAME'}."/ca.config"; 69 | print CONFIG "\$info_ca = {\n"; 70 | foreach $key (@fields) { 71 | if ($in{$key} =~ /'/) { $in{$key} =~ s/'/\\'/g; }; #' 72 | print CONFIG $key."=>'".$in{$key}."',\n"; 73 | } 74 | print CONFIG "}\n"; 75 | close CONFIG; 76 | 77 | print "

"; 78 | 79 | #footer della pagina 80 | &footer("", $text{'title_opnvpn'}); 81 | -------------------------------------------------------------------------------- /openvpn/create_key.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | # Controlli parametri form 18 | $in{'KEY_NAME'} = lc($in{'KEY_NAME'}); 19 | if (($in{'KEY_NAME'} !~ /^[a-zA-Z0-9_\-\.]{4,}$/) or ($in{'KEY_NAME'} =~ /\.{2,}/) or ($in{'KEY_NAME'} =~ /\.$/)){ 20 | &error($text{'error_key_name_1'}.": $&"); 21 | } 22 | 23 | if ($in{'KEY_PASSWD'} and $in{'KEY_PASSWD'} !~ /\w{4}/ and $in{'KEY_SERVER'} != 1) { 24 | &error($text{'error_key_password'}); 25 | } 26 | 27 | if ($in{'KEY_PKCS12'} == 2 and ($in{'KEY_PKCS12_PASSWD'} !~ /\w{4}/ or !$in{'KEY_PASSWD'})) { 28 | &error($text{'error_key_pkcs12_password'}); 29 | } 30 | 31 | if ($in{'KEY_EXPIRE'} =~ /\D/) { 32 | &error($text{'error_key_expire'}); 33 | } 34 | 35 | if ($in{'KEY_COUNTRY'} !~ /\S/) { 36 | &error($text{'error_key_country'}); 37 | } 38 | 39 | if ($in{'KEY_PROVINCE'} !~ /\S/) { 40 | &error($text{'error_key_province'}); 41 | } 42 | 43 | if ($in{'KEY_CITY'} !~ /\S/) { 44 | &error($text{'error_key_city'}); 45 | } 46 | 47 | if ($in{'KEY_ORG'} !~ /\S/) { 48 | &error($text{'error_key_org'}); 49 | } 50 | 51 | if ($in{'KEY_EMAIL'} !~ /\S/) { 52 | &error($text{'error_key_email_1'}); 53 | } elsif ($in{'KEY_EMAIL'} !~ /^\S+@\S+$/) { 54 | &error($text{'error_key_email_2'}); 55 | } 56 | 57 | $in{'KEY_CN'} = $in{'KEY_NAME'}; 58 | 59 | if (-s $in{'KEY_DIR'}.'/'.$in{'KEY_NAME'}.".key" or -s $in{'KEY_DIR'}.'/'.$in{'KEY_NAME'}.".csr") { &error($text{'error_key_name_2'}); } 60 | 61 | # intestazione pagina 62 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 63 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 64 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 65 | 66 | &create_key(\%in); 67 | 68 | if ($in{'KEY_SERVER'} == 1) { 69 | open S,">".$in{'KEY_DIR'}."/".$in{'KEY_NAME'}.".server"; 70 | print S "Do not remove this file. It will be used from webmin OpenVPN Administration interface."; 71 | close S; 72 | } 73 | 74 | print "

"; 75 | 76 | #footer della pagina 77 | &footer("keyslist_ca.cgi?file_name=".$in{'ca_name'}, $text{'list_keys_of_ca'}." ".$in{'ca_name'}); 78 | -------------------------------------------------------------------------------- /openvpn/export_key.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | &ReadFieldsCA($in{'ca_name'}); 18 | 19 | $dir = $config{'openvpn_home'}.'/'.$config{'openvpn_keys_subdir'}.'/'.$in{'ca_name'}.'/'; 20 | 21 | $stream = ""; 22 | 23 | $wadir = POSIX::getcwd(); 24 | chdir($dir); 25 | 26 | if (-x $config{'zip_cmd'}) { $est = ".zip"; } else { $est = ".tgz"; } 27 | 28 | 29 | if ($in{'type_key'} == 2 and -s $dir.$in{'key_name'}.".p12" and -s $dir."dh".$$info_ca{'KEY_SIZE'}.".pem") { 30 | $namefileout = $in{'key_name'}."-p12".$est; 31 | $fileout = $dir.$namefileout; 32 | $list_file = $in{'key_name'}.".p12 dh".$$info_ca{'KEY_SIZE'}.".pem"; 33 | if (-s $dir."ta.key") { $list_file .= " ta.key"; } 34 | if (-x $config{'zip_cmd'}) { 35 | $cmd = $config{'zip_cmd'}; 36 | $cmd .= " ".$fileout." ".$list_file; 37 | } else { 38 | $cmd = `which tar`; 39 | chomp($cmd); 40 | $cmd .= " -cvzf ".$fileout." ".$list_file; 41 | } 42 | if (-f $fileout) { unlink($fileout); } 43 | 44 | $failedpk2 = &system_logged($cmd." >/dev/null 2>&1 /dev/null 2>&1 ) { $stream .= $row; } 71 | close S; 72 | unlink($fileout); 73 | 74 | print "Content-type: application/octet-stream\n"; 75 | print "Content-Disposition: attachment; filename=".$namefileout."\n\n"; 76 | print $stream; 77 | -------------------------------------------------------------------------------- /openvpn/log_vpn.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | &foreign_require("proc", "proc-lib.pl"); 15 | 16 | # legge parametri da form o da url e li inserisce in hash $in 17 | &ReadParse(); 18 | 19 | # Viewing a log file 20 | $log = $config{'openvpn_home'}.'/'.$config{'openvpn_servers_subdir'}.'/'.$in{'vpn'}.'/logs/openvpn.log'; 21 | 22 | # azzera il file di log e ritorna alla lista 23 | if ($in{'remove'} == 1) { open F,">$log"; close F; &redirect("listvpn.cgi"); } 24 | 25 | if (int($in{'lines'}) > 0) { $lines = int($in{'lines'}); } else { $lines = $config{'log_lines'}; } 26 | if ($in{'filter'}) { $filter = quotemeta($in{'filter'}); } else { $filter = ""; } 27 | 28 | if ($config{'log_refresh'}) { print "Refresh: $config{'log_refresh'}\r\n" } 29 | 30 | # intestazione pagina 31 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 32 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 33 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 34 | 35 | print "
"; 36 | 37 | # start tabella 38 | print "\n"; 39 | # title row 40 | print ""; 41 | print "\n"; 42 | print "\n"; 43 | 44 | print ""; 45 | print "\n"; 48 | print "\n"; 49 | 50 | print "
".$text{'title_log_server_vpn'}.' '.$in{'vpn'}."
\n"; 46 | &filter_form(); 47 | print "
"; 51 | 52 | print "
"; 53 | 54 | $| = 1; 55 | print "
";
 56 | local $tailcmd = $config{'tail_cmd'} || "tail -n LINES";
 57 | $tailcmd =~ s/LINES/$lines/g;
 58 | 
 59 | if (-s $log) {
 60 |     if ($filter ne "") {
 61 | 	$got = &foreign_call("proc", "safe_process_exec","grep -i $filter $log | $tailcmd",0, 0, STDOUT, undef, 1);
 62 |     } else {
 63 | 	$got = &foreign_call("proc", "safe_process_exec","$tailcmd $log", 0, 0, STDOUT, undef, 1);
 64 |     }
 65 | } else { $got = ""; }
 66 | 
 67 | if (!$got) { print "$text{'view_log_empty'}\n"; }
 68 | print "
\n"; 69 | 70 | print "
"; 71 | 72 | # start tabella 73 | print "\n"; 74 | print ""; 75 | print "\n"; 78 | print "\n"; 79 | print "
\n"; 76 | &filter_form(); 77 | print "
"; 80 | 81 | print "
"; 82 | 83 | print "
\n"; 84 | 85 | print &ui_buttons_start(); 86 | 87 | print &ui_buttons_row("log_vpn.cgi",$text{'empty_log'},$text{'empty_logmsg'},&ui_hidden("vpn", $in{'vpn'}).&ui_hidden("remove", "1")); 88 | 89 | print &ui_buttons_end(); 90 | 91 | print "
\n"; 92 | 93 | print "
"; 94 | &ui_print_footer("listvpn.cgi",$text{'list_server_vpn'}); 95 | 96 | ##############################################################################33 97 | 98 | sub filter_form { 99 | print &ui_form_start("log_vpn.cgi", "POST"); 100 | print &ui_hidden('vpn',$in{'vpn'}); 101 | 102 | print &ui_table_start(); 103 | print &ui_table_row($text{'view_header'}, &ui_textbox('lines',$lines,3),&html_escape($in{'vpn'}))."\n"; 104 | print &ui_table_row($text{'view_filter'}, &ui_textbox('filter',$in{'filter'},15))."\n"; 105 | print &ui_table_end(); 106 | print &ui_form_end([ [ undef, $text{'view_refresh'} ] ]); 107 | 108 | } 109 | -------------------------------------------------------------------------------- /openvpn/clientlist_vpn.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | &ReadVPNConf(); 18 | 19 | &ReadFieldsCA($in{'ca'}); 20 | 21 | $listvpn = &ReadClient(); 22 | 23 | # intestazione pagina 24 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 25 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 26 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 27 | 28 | print "
"; 29 | 30 | # start tabella 31 | print "\n"; 32 | # title row 33 | print ""; 34 | print "\n"; 35 | print "\n"; 36 | 37 | # th row 38 | print ""; 39 | if (keys %{$listvpn}) { 40 | print "\n"; 41 | print "\n"; 42 | print "\n"; 43 | print "\n"; 44 | print "\n"; 45 | print "\n"; 46 | print "\n"; 47 | } else { 48 | print "\n"; 49 | } 50 | print "\n"; 51 | # rows 52 | foreach $key (sort keys %{$listvpn}) { 53 | print "\n"; 54 | print "\n"; 55 | foreach $k (qw/CA_NAME proto port/) { 56 | if ($$listvpn{$key}{$k}) { 57 | print "\n"; 58 | } else { 59 | print "\n"; 60 | } 61 | } 62 | print "\n"; 65 | print "\n"; 68 | print "\n"; 69 | print "\n"; 70 | } 71 | # stop tabella 72 | print "
".$text{'list_client_vpn'}." ".$in{'vpn'}.":
".$text{'name'}."".$text{'h_ca'}."".$text{'h_protocol'}."".$text{'h_port'}."".$text{'export'}."".$text{'export'}."".$text{'remove'}."".$text{'list_client_empty'}."
".$$listvpn{$key}{CLIENT_NAME}."".$$listvpn{$key}{$k}." "; 63 | print "".$text{'export_client_archive'}.""; 64 | print ""; 66 | print "".$text{'export_client_single'}.""; 67 | print "".$text{'remove'}."
\n"; 73 | print "
"; 74 | print "
\n"; 75 | 76 | print &ui_buttons_start(); 77 | print &ui_buttons_row("new_client.cgi",$text{'new_client_title'},$text{'new_clientmsg'}." ".$in{'vpn'},&ui_hidden("vpn", $in{'vpn'})); 78 | print &ui_buttons_end(); 79 | 80 | print "
\n"; 81 | print "
"; 82 | 83 | print "
\n"; 84 | 85 | print "\n"; 86 | print "\n"; 87 | print "
".$text{'gui_openvpn'}." OPENVPN Clients
\n"; 88 | 89 | print "
\n"; 90 | print "
"; 91 | 92 | #footer della pagina 93 | &footer("listvpn.cgi", $text{'list_server_vpn'}); 94 | -------------------------------------------------------------------------------- /openvpn/listca.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | $listca = &ReadCA(); 15 | 16 | # intestazione pagina 17 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 18 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 19 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 20 | 21 | print "
"; 22 | 23 | # start tabella 24 | print "\n"; 25 | # title row 26 | print ""; 27 | print "\n"; 28 | print "\n"; 29 | # th row 30 | print ""; 31 | if (keys %{$listca}) { 32 | print "\n"; 33 | print "\n"; 34 | print "\n"; 35 | print "\n"; 36 | print "\n"; 37 | } else { 38 | print "\n"; 39 | } 40 | print "\n"; 41 | # rows 42 | foreach $key (sort keys %{$listca}) { 43 | print "\n"; 44 | print "\n"; 45 | print "\n"; 46 | print "\n"; 47 | print "\n"; 48 | print "\n"; 49 | print "\n"; 50 | } 51 | # stop tabella 52 | print "
".$text{'listca_title'}."
".$text{'name'}."".$text{'notes'}."".$text{'info'}."".$text{'keyslist'}."".$text{'remove'}."".$text{'list_ca_empty'}."
".$$listca{$key}{ca_name}."".$$listca{$key}{ca_error}."".$text{'infoca'}."".$text{'keyslist'}."".$text{'remove'}."
\n"; 53 | print "
"; 54 | print "
\n"; 55 | print "
"; 56 | 57 | # form per nuova CA 58 | print &ui_form_start("create_ca.cgi", "POST"); 59 | print &ui_table_start($text{'newca_title'},'',2); 60 | print &ui_table_row($text{'ca_ca_name'}, &ui_textbox('CA_NAME','changeme',50),'',[ 'nowrap',1 ]); 61 | print &ui_table_row($text{'ca_key_config'}, &ui_textbox('KEY_CONFIG',$config{'openssl_home'},50),'',[ 'nowrap',1 ]); 62 | print &ui_table_row($text{'ca_key_dir'}, $config{'openvpn_home'}.'/'.$config{'openvpn_keys_subdir'},'',[ 'nowrap',1 ]); 63 | print &ui_table_row($text{'ca_key_size'}, &ui_select('KEY_SIZE', 2048, [ [2048,2048], [4096,4096] ]),'',[ 'nowrap',1 ]); 64 | print &ui_table_row($text{'ca_ca_expire'}, &ui_textbox('CA_EXPIRE', '3650',50),'',[ 'nowrap',1 ]); 65 | print &ui_table_row($text{'country'}, &ui_textbox('KEY_COUNTRY', 'US',50),'',[ 'nowrap',1 ]); 66 | print &ui_table_row($text{'province'}, &ui_textbox('KEY_PROVINCE', 'NY',50),'',[ 'nowrap',1 ]); 67 | print &ui_table_row($text{'city'}, &ui_textbox('KEY_CITY', 'New York',50),'',[ 'nowrap',1 ]); 68 | print &ui_table_row($text{'org'}, &ui_textbox('KEY_ORG', 'My Org',50),'',[ 'nowrap',1 ]); 69 | print &ui_table_row($text{'email'}, &ui_textbox('KEY_EMAIL', 'me@my.org',50),'',[ 'nowrap',1 ]); 70 | print &ui_table_end(); 71 | print &ui_form_end([ [ "save", $text{'save'} ] ]); 72 | print "
"; 73 | print "
\n"; 74 | print "
"; 75 | 76 | #footer della pagina 77 | &footer("", $text{'title_opnvpn'}); 78 | -------------------------------------------------------------------------------- /openvpn/br_scripts/bridge_end: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #---------------------------------------------------------------------- 4 | # Description: bridge-end script to terminate a network bridge with the help of bridge-uils 5 | # reset the eth-device to the $ip $netmask given 6 | # tries to set the default gateway (if given) and nameserver 7 | # Author: H. Spaethe 8 | # Created at: Aug 2006 9 | # System: Linux 2.6.15-26-686 on i686 10 | # 11 | #---------------------------------------------------------------------- 12 | # maybe usfull functions 13 | #---------------------------------------------------------------------- 14 | echo_usage(){ 15 | echo "" 16 | echo usage bridge_end --killbridge br=\"Bridge Device\" 17 | echo other possible values 18 | echo -e "\t \t eth=\"Network Device to release\"" 19 | echo -e "\t \t tap=\"TAP Device to release\" " 20 | echo "" 21 | echo values need to do \'ifconfig\' for eth 22 | echo -e "\t \t --seteth" 23 | echo -e "\t \t ip=\"IP for eth\"" 24 | echo -e "\t \t netmask=\"NETMASK for eth\"" 25 | echo "" 26 | echo if given, default gateway and nameserver are set 27 | echo -e "\t \t gw=\"Gateway of eth\"" 28 | echo -e "\t \t namesrv=\"nameserver\"" 29 | echo "" 30 | echo "e.g. bridge_end --seteth br=br0 eth=eth0 ip=192.168.0.1 netmask=255.255.255.0" 31 | echo releases \"eth0\" from bridge \"br0\" and sets up \"eth0\" with \"ip\" and \"netmask\" 32 | echo "" 33 | echo "e.g. bridge_end --killbridge --seteth br=br0 eth=eth0 ip=192.168.0.1 netmask=255.255.255.0" 34 | echo "delete the bridge \"br0\" and sets up \"eth0\" with \"ip\" and \"netmask\"" 35 | echo "" 36 | echo " --help | -h | /? prints this help" 37 | echo "" 38 | exit 1 39 | } 40 | 41 | #---------------------------------------------------------------------- 42 | killbr=false 43 | seteth=false 44 | isbr=false 45 | iseth=false 46 | istap=false 47 | isip=false 48 | isnetmask=false 49 | isgw=false 50 | isnamesrv=false 51 | 52 | for ARG in $*; do 53 | case $ARG in 54 | --killbridge) 55 | killbr=true 56 | ;; 57 | --seteth) 58 | seteth=true 59 | ;; 60 | 61 | br*) 62 | br=`echo $ARG|sed 's/^br=//'` 63 | isbr=true 64 | ;; 65 | eth*) 66 | eth=`echo $ARG|sed 's/^eth=//'` 67 | iseth=true 68 | ;; 69 | tap*) 70 | tap=`echo $ARG|sed 's/^tap=//'` 71 | istap=true 72 | ;; 73 | ip*) 74 | ip=`echo $ARG|sed 's/^ip=//'` 75 | isip=true 76 | ;; 77 | netmask*) 78 | netmask=`echo $ARG|sed 's/^netmask=//'` 79 | isnetmask=true 80 | ;; 81 | gw*) 82 | gw=`echo $ARG|sed 's/^gw=//'` 83 | isgw=true 84 | ;; 85 | namesrv*) 86 | namesrv=`echo $ARG|sed 's/^namesrv=//'` 87 | isnamesrv=true 88 | ;; 89 | --help|-h|/?) 90 | echo_usage 91 | ;; 92 | *) 93 | echo_usage 94 | ;; 95 | esac 96 | done 97 | 98 | 99 | if $killbr && $isbr; then 100 | 101 | `ifconfig $br down` 102 | if [ $? -ne 0 ]; then 103 | exit 1 104 | fi 105 | 106 | `brctl delbr $br` 107 | if [ $? -ne 0 ]; then 108 | exit 1 109 | fi 110 | 111 | elif $iseth && $isbr; then 112 | brctl delif $br $eth 113 | if [ $? -ne 0 ] ; then 114 | exit 1 115 | else 116 | ifconfig $eth -promisc down 117 | fi 118 | 119 | elif $istap && $isbr; then 120 | brctl delif $br $tap 121 | if [ $? -ne 0 ]; then 122 | exit 1 123 | fi 124 | 125 | else 126 | echo_usage 127 | fi 128 | 129 | if $seteth && $isip && $isnetmask; then 130 | if $isgw && $isnamesrv; then 131 | ifconfig $eth $ip netmask $netmask up 132 | route add -net 0.0.0.0 gw $gw $eth 133 | if [ `cat /etc/resolv.conf|grep -c $namesrv` -eq 0 ]; then 134 | echo $namesrv >> /etc/resolv.conf 135 | else 136 | echo Nameserver exists! 137 | fi 138 | exit 0 139 | 140 | elif $isgw; then 141 | ifconfig $eth $ip netmask $netmask up 142 | route add -net 0.0.0.0 gw $gw $eth 143 | exit 0 144 | 145 | else 146 | ifconfig $eth $ip netmask $netmask up 147 | exit 0 148 | fi 149 | else 150 | echo_usage 151 | fi 152 | 153 | exit 0 154 | -------------------------------------------------------------------------------- /openvpn/br_scripts/bridge_start: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #---------------------------------------------------------------------- 4 | # Description: bridge-start script to create a network bridge with the help of bridge-uils 5 | # add the eth-device to the bridge given 6 | # add the tap-device to the bridge given 7 | # tries to set the default gateway (if given) and nameserver 8 | # Author: H. Spaethe 9 | # Created at: Aug 2006 10 | # System: Linux 2.6.15-26-686 on i686 11 | # Verion: 1.01 12 | # Changelog: 13 | # 1.01 Minor changes to prevend bridge-start failure 14 | # if bridge names are simaler (br1 br11) 15 | # 16 | # 1.00 Creation of the script because i wanted a easy way 17 | # to setup a network-bridge 18 | # 19 | #---------------------------------------------------------------------- 20 | 21 | setbr=false 22 | isbr=false 23 | brexists=false 24 | iseth=false 25 | istap=false 26 | isip=false 27 | isnetmask=false 28 | isgw=false 29 | isnamesrv=false 30 | 31 | for ARG in $*; do 32 | case $ARG in 33 | --setbr) 34 | setbr=true 35 | ;; 36 | 37 | br*) 38 | br=`echo $ARG|sed 's/^br=//'` 39 | brctl show |grep -E "^$br " > /dev/null 40 | if [ $? -eq 0 ]; then 41 | brexists=true 42 | fi 43 | isbr=true 44 | ;; 45 | eth*) 46 | eth=`echo $ARG|sed 's/^eth=//'` 47 | iseth=true 48 | ;; 49 | tap*) 50 | tap=`echo $ARG|sed 's/^tap=//'` 51 | istap=true 52 | ;; 53 | ip*) 54 | ip=`echo $ARG|sed 's/^ip=//'` 55 | isip=true 56 | ;; 57 | netmask*) 58 | netmask=`echo $ARG|sed 's/^netmask=//'` 59 | isnetmask=true 60 | ;; 61 | gw*) 62 | gw=`echo $ARG|sed 's/^gw=//'` 63 | isgw=true 64 | ;; 65 | namesrv*) 66 | namesrv=`echo $ARG|sed 's/^namesrv=//'` 67 | isnamesrv=true 68 | ;; 69 | --help|-h|/?) 70 | echo_usage 71 | ;; 72 | esac 73 | done 74 | 75 | echo_usage(){ 76 | echo "" 77 | echo usage bridge_start br=\"Bridge Device\" eth=\"Network Device to attach\" tap=\"TAP Device to attach\" 78 | echo "" 79 | echo values need to do \'ifconfig\' for bridge 80 | echo -e "\t \t --setbr" 81 | echo -e "\t \t ip=\"IP for br\"" 82 | echo -e "\t \t netmask=\"NETMASK for br\"" 83 | echo "" 84 | echo if given, default gateway and nameserver are set 85 | echo -e "\t \t gw=\"Gateway of br\"" 86 | echo -e "\t \t namesrv=\"nameserver\"" 87 | echo "" 88 | echo "e.g. bridge_start --setbr br=br0 eth=eth0 ip=192.168.0.1 netmask=255.255.255.0" 89 | echo attach \"eth0\" to bridge \"br0\" and sets up \"br0\" with \"ip\" and \"netmask\" 90 | echo "" 91 | echo "" 92 | echo " --help | -h | /? prints this help" 93 | echo "" 94 | exit 1 95 | } 96 | 97 | if ! $brexists && $isbr; then 98 | echo $brexists und $isbr 99 | brctl addbr $br 100 | if [ $? -ne 0 ]; then 101 | exit 1 102 | else 103 | brexists=true 104 | fi 105 | fi 106 | 107 | 108 | if $brexists && $isbr && $iseth && $istap; then 109 | brctl addif $br $eth 110 | if [ $? -eq 0 ] ; then 111 | ifconfig $eth 0.0.0.0 promisc up 112 | fi 113 | 114 | brctl addif $br $tap 115 | if [ $? -eq 0 ]; then 116 | ifconfig $tap 0.0.0.0 promisc up 117 | fi 118 | 119 | elif $brexists && $isbr && $iseth; then 120 | brctl addif $br $eth 121 | if [ $? -eq 0 ] ; then 122 | ifconfig $eth 0.0.0.0 promisc up 123 | fi 124 | elif $brexists && $isbr && $istap; then 125 | brctl addif $br $tap 126 | if [ $? -eq 0 ]; then 127 | ifconfig $tap 0.0.0.0 promisc up 128 | fi 129 | else 130 | echo_usage 131 | fi 132 | 133 | if $brexists && $setbr && $isip && $isnetmask; then 134 | if $isgw -a $isnamesrv; then 135 | ifconfig $br $ip netmask $netmask up 136 | route add -net 0.0.0.0 gw $gw $br 137 | if [ `cat /etc/resolv.conf|grep -c $namesrv` -eq 0 ]; then 138 | echo $namesrv >> /etc/resolv.conf 139 | else 140 | echo Nameserver exists! 141 | fi 142 | exit 0 143 | 144 | elif $isgw; then 145 | ifconfig $br $ip netmask $netmask up 146 | route add -net 0.0.0.0 gw $gw $br 147 | exit 0 148 | 149 | else 150 | ifconfig $br $ip netmask $netmask up 151 | exit 0 152 | 153 | fi 154 | else 155 | echo_usage 156 | fi 157 | 158 | exit 0 159 | -------------------------------------------------------------------------------- /openvpn/help/structure.it.html: -------------------------------------------------------------------------------- 1 |
Struttura
2 | 3 |

4 | La struttura delle sottocartelle viene creata in maniera automatica 5 | dal modulo OpenVPN Administration di Webmin per ovviare al 6 | problema di avere un database aggiuntivo e per avere una 7 | configurazione agevole senza necessariamente salvare files 8 | di configurazione aggiuntivi 9 | 10 |

11 | Directories 12 | 13 | 

 14 | 
 15 | /etc/openvpn/
 16 |             |server1.conf
 17 |             |server2.conf
 18 |             |clients/
 19 |                      |server1/
 20 |                               |client1/
 21 |                               |client2/
 22 |                      |server2/
 23 |                               |client3/
 24 |                               |client4/
 25 |             |keys/
 26 |                      |CAuno/
 27 |                      |CAdue/
 28 |             |servers/
 29 |                      |server1
 30 |                      |server2
 31 | 
 32 |
33 | 34 | 35 | 36 |

37 | In questa cartella vengono salvati tutti i files 38 | per l'avvio dei server di OpenVPN 39 |

40 | In caso di Debian troverete dei file con estensione .conf che 41 | servono sia per le VPN Peer-to-Peer che per le VPN Client-Server 42 |

43 | In caso di disabilitazione temporanea di una VPN le estensioni 44 | saranno trasformate in .disabled 45 | 46 |

47 |

48 | In questa cartella vengono create le CA come sottocartelle e nelle stesse 49 | vengono create le relative Keys comprensive di indici e di tutta la gestione 50 | di revoche tramite i crl.pem 51 |

52 | Esempio: se avete una CA di nome pippo troverete una sottocartella di keys 53 | di nome pippo. 54 |

55 | Se avete delle CA gia' configurate vi consigliamo di copiarle nella stessa 56 | cartella e di generare il file ca.config in questo modo: 57 | 

 58 | $info_ca = {
 59 | CA_NAME=>'nuovissima',
 60 | CA_EXPIRE=>'3650',
 61 | KEY_SIZE=>'1024',
 62 | KEY_CONFIG=>'/etc/ssl/openssl.cnf',
 63 | KEY_DIR=>'/etc/openvpn/keys',
 64 | KEY_COUNTRY=>'US',
 65 | KEY_PROVINCE=>'NY',
 66 | KEY_CITY=>'New York',
 67 | KEY_ORG=>'My Org',
 68 | KEY_EMAIL=>'me@my.org',
 69 | }
 70 |
71 |

72 | Attenzione a modificare i vari campi per far coincidere la CA reale con le 73 | informazioni configurate in questo file. 74 |

75 | Il nome delle chiavi della CA sono OBBLIGATORIAMENTE ca.${extension} 76 |

77 | Il nome della chiave secret é OBBLIGATORIAMENTE ta.key e viene 78 | utilizzata solo per il canale di controllo TLS. 79 |

80 |

81 | In questa cartella vengono salvati tutti i files di appoggio 82 | per l'avvio dei server di OpenVPN e per la precisione in una 83 | sottocartella che ha lo stesso nome del ${server}.conf senza l'estensione. 84 |

85 | Praticamente se avete un server che ha il file di configurazione che si chiama 86 | pippo.conf avremo nella cartella servers una sottodirectory di nome pippo. 87 | 88 |

89 |

90 | In questa cartella vengono salvati tutti i files di appoggio e di startup 91 | per l'avvio dei clients di OpenVPN e per la precisione in una 92 | sottocartella che ha lo stesso nome del ${server}.conf al quale 93 | fa' riferimento il client stesso senza l'estensione, 94 | all'interno della quale viene generata una sottocartella con il nome del client. 95 | 96 |

97 | Praticamente se avete un client che ha il file di configurazione che si chiama 98 | pluto.conf e fa' riferimento al server pippo avremo nella cartella clients 99 | una sottodirectory di nome pippo e all'interno di questa una sottodirectory di nome 100 | pluto con all'interno tutti i files da distribuire ai clients(tramite interfaccia). 101 | 102 |

103 | Per importare eventuali configurazioni gia' esistenti e' sufficiente ricreare la struttura 104 | e mettere a posto i file di configurazione. 105 | 106 | 107 |

108 | Creato da OPENIT S.r.l. 109 |

110 | Indice 111 | 112 | -------------------------------------------------------------------------------- /openvpn/index.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | # index.cgi 12 | 13 | use File::Copy; 14 | 15 | require './openvpn-lib.pl'; 16 | 17 | $mdir = &module_root_directory("openvpn"); 18 | 19 | my $version = `cat VERSION`; 20 | my $availver = `cat current`; 21 | $version =~ s/[^0-9\.]//g; 22 | $availver =~ s/[^0-9\.]//g; 23 | 24 | unless (-s $config{'openssl_home'}) { File::Copy::copy($mdir.'/openvpn-ssl.cnf',$config{'openssl_home'}); } 25 | 26 | # Check if openvpn is actually installed 27 | if (!-x $config{'openvpn_path'} or !-d $config{'openvpn_home'} or !$config{'openvpn_keys_subdir'} or !$config{'openvpn_clients_subdir'} or !$config{'openvpn_servers_subdir'}) { 28 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, 0, 29 | &help_search_link("openvpn", "man", "doc", "google").."".$text{'title_opnvpn'}.""); 30 | print &text('no_openvpn_path', "$config{'openvpn_path'}", 31 | "$gconfig{'webprefix'}/config.cgi?$module_name"),"

\n"; 32 | 33 | &foreign_require("software", "software-lib.pl"); 34 | $lnk = &software::missing_install_link( 35 | "openvpn", $text{'index_openvpn'}, 36 | "../$module_name/", $text{'title_opnvpn'}); 37 | print $lnk.$text{'index_reconfigurepath'}."

\n" if ($lnk); 38 | 39 | &ui_print_footer("/", $text{'index'}); 40 | exit; 41 | } 42 | 43 | # Check if AC is actually installed 44 | if (!-x $config{'openssl_path'} or !-s $config{'openssl_home'}) { 45 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, 0, 46 | &help_search_link("openssl", "man", "doc", "google")."".$text{'title_opnvpn'}.""); 47 | print &text('no_openssl_path', "$config{'openssl_path'}", 48 | "$gconfig{'webprefix'}/config.cgi?$module_name"),"

\n"; 49 | 50 | &foreign_require("software", "software-lib.pl"); 51 | $lnk = &software::missing_install_link( 52 | "openssl", $text{'index_openssl'}, 53 | "../$module_name/", $text{'index_header'}); 54 | print $lnk.$text{'index_reconfigurepath'}."

\n" if ($lnk); 55 | 56 | &ui_print_footer("/", $text{'index'}); 57 | exit; 58 | } 59 | 60 | if (!-d $config{'openvpn_home'}."/".$config{'openvpn_keys_subdir'}) { 61 | mkdir($config{'openvpn_home'}."/".$config{'openvpn_keys_subdir'},0755) || &error("Failed to create keys sub directory ".$config{'openvpn_home'}."/".$config{'openvpn_keys_subdir'}." : $!"); 62 | } 63 | 64 | if (!-d $config{'openvpn_home'}."/".$config{'openvpn_clients_subdir'}) { 65 | mkdir($config{'openvpn_home'}."/".$config{'openvpn_clients_subdir'},0700) || &error("Failed to create clients sub directory ".$config{'openvpn_home'}."/".$config{'openvpn_clients_subdir'}." : $!"); 66 | } 67 | 68 | if (!-d $config{'openvpn_home'}."/".$config{'openvpn_servers_subdir'}) { 69 | mkdir($config{'openvpn_home'}."/".$config{'openvpn_servers_subdir'},0755) || &error("Failed to create servers sub directory ".$config{'openvpn_home'}."/".$config{'openvpn_servers_subdir'}." : $!"); 70 | } 71 | 72 | # intestazione pagina 73 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 74 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 75 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 76 | 77 | # lista icone per pagine modulo 78 | $df_icon = { "icon" => "images/listca.gif", 79 | "name" => $text{'listca_title'}, 80 | "link" => "listca.cgi" }; 81 | $ht_icon = { "icon" => "images/listvpn.gif", 82 | "name" => $text{'listserver_title'}, 83 | "link" => "listvpn.cgi" }; 84 | $ds_icon = { "icon" => "images/listactiveconnect.gif", 85 | "name" => $text{'listactiveconnect_title'}, 86 | "link" => "listactiveconnect.cgi?all=1" }; 87 | &config_icons("global", $df_icon, $ht_icon, $ds_icon); 88 | 89 | $isrun = &is_openvpn_running(); 90 | print "

\n"; 91 | if ($isrun == 0) { 92 | print &ui_buttons_start(); 93 | 94 | print &ui_buttons_row("actions.cgi",$text{'index_start'},$text{'index_startmsg'},&ui_hidden("action", "start")); 95 | 96 | print &ui_buttons_end(); 97 | } elsif ($isrun) { 98 | print &ui_buttons_start(); 99 | 100 | print &ui_buttons_row("actions.cgi",$text{'index_restart'},$text{'index_restartmsg'},&ui_hidden("action", "restart")); 101 | print &ui_buttons_row("actions.cgi",$text{'index_stop'},$text{'index_stopmsg'},&ui_hidden("action", "stop")); 102 | 103 | print &ui_buttons_end(); 104 | 105 | } 106 | print "
\n"; 107 | 108 | &ui_print_footer("/", $text{'index'}); 109 | -------------------------------------------------------------------------------- /openvpn/export_client.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | use File::Copy; 13 | 14 | require './openvpn-lib.pl'; 15 | 16 | # legge parametri da form o da url e li inserisce in hash $in 17 | &ReadParse(); 18 | 19 | if ($in{'client'}) { 20 | &ReadVPNConf(); 21 | 22 | $in{'ca_dir'} = $config{'openvpn_keys_subdir'}.'/'.$in{'ca'}; 23 | 24 | &ReadFieldsCA($in{'ca'}); 25 | 26 | File::Copy::copy($config{'openvpn_home'}.'/'.$in{'ca_dir'}.'/ca.crt',$config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'client'}.'/'); 27 | # don't export this to the client File::Copy::copy($config{'openvpn_home'}.'/'.$in{'ca_dir'}.'/dh'.$$info_ca{'KEY_SIZE'}.'.pem',$config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'client'}.'/'); 28 | 29 | File::Copy::copy($config{'openvpn_home'}.'/'.$in{'ca_dir'}.'/'.$in{'client'}.'.crt',$config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'client'}.'/'.$in{'client'}.'.crt'); 30 | File::Copy::copy($config{'openvpn_home'}.'/'.$in{'ca_dir'}.'/'.$in{'client'}.'.key',$config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'client'}.'/'.$in{'client'}.'.key'); 31 | 32 | # crea il file ta.key per la CA, se non esiste 33 | if ($in{'tls-auth'} == 1) { 34 | $in{'tls-auth-old'} =~ s/ 0$//; 35 | File::Copy::copy($config{'openvpn_home'}.'/'.$in{'tls-auth-old'},$config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'client'}.'/ta.key'); 36 | } 37 | 38 | foreach $mf (qw/up down/) { 39 | if (-e $config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'client'}.'/'.$in{'client'}.'_'.$mf.'.bat') { 40 | unlink($config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'client'}.'/'.$in{'client'}.'_'.$mf.'.bat'); 41 | } 42 | if (-s $config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'client'}.'/'.$in{'client'}.'.'.$mf) { 43 | open L ,$config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'client'}.'/'.$in{'client'}.'.'.$mf; 44 | @rows = ; 45 | close L; 46 | open W,'>'.$config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'client'}.'/'.$in{'client'}.'_'.$mf.'.bat'; 47 | foreach $row (@rows) { 48 | $row =~ s/\n/\r\n/; 49 | print W $row; 50 | } 51 | close W; 52 | chmod(0700,$config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'client'}.'/'.$in{'client'}.'_'.$mf.'.bat'); 53 | } 54 | } 55 | 56 | $dirin = $in{'client'}; 57 | $dirout = $config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}; 58 | } else { 59 | $dirin = $in{'vpn'}; 60 | $dirout = $config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}; 61 | } 62 | $stream = ""; 63 | 64 | $wadir = POSIX::getcwd(); 65 | chdir($dirout); 66 | 67 | if ($in{'format'} =~ /single/) { 68 | $fileout= $in{'vpn'}.'_'.$in{'client'}.'.ovpn'; 69 | open( my $fh, '>', $fileout) or die "Could not open output file"; 70 | # Append client.ovpn to complete .ovpn file 71 | my $srcFile= $dirout . '/' . $dirin . '/' . $dirin . '.ovpn'; 72 | open( my $fhi, '<', $srcFile) or die "Could not open input file ".$srcFile; 73 | while (my $line = <$fhi>) { 74 | if ($line =~ /ca /) 75 | { 76 | print $fh "\n"; 77 | $caIn= $dirout . '/' . $dirin . '/ca.crt'; 78 | open( my $caInFH, '<', $caIn) or die "Could not open input file ".$caIn; 79 | while (my $caLine = <$caInFH>) { 80 | print $fh $caLine; 81 | } 82 | close $caInFH; 83 | print $fh "\n"; 84 | } 85 | elsif ($line =~ /cert /) 86 | { 87 | print $fh "\n"; 88 | $certIn= $dirout . '/' . $dirin . '/'.$dirin.'.crt'; 89 | open( my $certInFH, '<', $certIn) or die "Could not open input file ".$caIn; 90 | while (my $certLine = <$certInFH>) { 91 | print $fh $certLine; 92 | } 93 | close $certInFH; 94 | print $fh "\n"; 95 | } 96 | elsif ($line =~ /^key /) 97 | { 98 | print $fh "\n"; 99 | $keyIn= $dirout . '/' . $dirin . '/'.$dirin.'.key'; 100 | open( my $keyInFH, '<', $keyIn) or die "Could not open input file ".$keyIn; 101 | while (my $keyLine = <$keyInFH>) { 102 | print $fh $keyLine; 103 | } 104 | close $keyInFH; 105 | print $fh "\n"; 106 | } 107 | elsif ($line =~ /tls\-auth /) 108 | { 109 | print $fh "\n"; 110 | $tlsIn= $dirout . '/' . $dirin . '/ta.key'; 111 | open( my $tlsInFH, '<', $tlsIn) or die "Could not open input file ".$tlsIn; 112 | while (my $tlsLine = <$tlsInFH>) { 113 | print $fh $tlsLine; 114 | } 115 | close $tlsInFH; 116 | print $fh "\n"; 117 | print $fh "key-direction 1\n"; 118 | print $fh "remote-cert-tls server\n"; 119 | } 120 | else 121 | { 122 | print $fh $line; 123 | } 124 | } 125 | close $fhi; 126 | close $fh; 127 | } 128 | else 129 | { 130 | if (-x $config{'zip_cmd'}) { $est = ".zip"; } else { $est = ".tgz"; } 131 | 132 | $fileout = $dirin.$est; 133 | if (-x $config{'zip_cmd'}) { 134 | $cmd = $config{'zip_cmd'}." -r ".$fileout." ".$dirin; 135 | } else { 136 | $cmd = `which tar`; 137 | chomp($cmd); 138 | $cmd .= " -cvzf ".$fileout." ".$dirin; 139 | } 140 | if (-f $fileout) { unlink($fileout); } 141 | $failed = &system_logged($cmd." >/dev/null 2>&1 ) { $stream .= $row; } 148 | close S; 149 | unlink($fileout); 150 | 151 | chdir($wadir); 152 | 153 | print "Content-type: application/octet-stream\n"; 154 | print "Content-Disposition: attachment; filename=".$fileout."\n\n"; 155 | print $stream; 156 | -------------------------------------------------------------------------------- /openvpn/new_client.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | &ReadVPNConf(); 18 | 19 | &ReadFieldsCA($in{'ca'}); 20 | 21 | $a_verb = []; 22 | for ($i=1;$i<=15;$i++) { push(@$a_verb,[$i,$i]); } 23 | 24 | $a_mute = [ [ 0, $text{'unassigned'} ] ]; 25 | for ($i=10;$i<=50;$i=$i+10) { push(@$a_mute,[$i,$i]); } 26 | 27 | &foreign_require("useradmin", "user-lib.pl"); 28 | 29 | # utenti di sistema 30 | $a_user = []; 31 | @users = &useradmin::list_users(); 32 | @users = &useradmin::sort_users(\@users, 1); 33 | foreach $us (@users) { 34 | push @$a_user,[$$us{'user'},$$us{'user'}]; 35 | } 36 | 37 | # gruppi di sistema 38 | $a_group = []; 39 | @groups = &useradmin::list_groups(); 40 | @groups = &useradmin::sort_groups(\@groups, 1); 41 | foreach $us (@groups) { 42 | push @$a_group,[$$us{'group'},$$us{'group'}]; 43 | } 44 | 45 | # estrarre elenco chiavi client [della ca selezionata] 46 | $a_clients = &ReadCAKeys($in{'ca'},3,1,1,$in{'vpn'}); 47 | 48 | if ($in{'proto'} eq "tcp-server") { $in{'proto'} = "tcp-client"; } 49 | 50 | # intestazione pagina 51 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 52 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 53 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 54 | 55 | print "
"; 56 | 57 | if ($in{'dev'} =~ /\d/) { $in{'dev'} =~ s/\d+//; } 58 | 59 | if (@$a_clients) { 60 | if ($in{'dev'} =~ /^tap\d+$/) { $in{'dev'} = 'tap'; } 61 | # form per nuova VPN 62 | print &ui_form_start("create_client.cgi", "POST"); 63 | print &ui_hidden('ca_dir',$config{'openvpn_keys_subdir'}.'/'.$$info_ca{'CA_NAME'}); 64 | print &ui_hidden('ca','ca.crt'); 65 | print &ui_hidden('ca_name',$$info_ca{'CA_NAME'}); 66 | print &ui_hidden('vpn',$in{'vpn'}); 67 | print &ui_hidden('tun-mtu',$in{'tun-mtu'}); 68 | print &ui_hidden('mssfix',$in{'mssfix'}); 69 | print &ui_hidden('proto',$in{'proto'}); 70 | print &ui_hidden('dev',$in{'dev'}); 71 | print &ui_hidden('remote_port',$in{'port'}); 72 | print &ui_hidden('cipher',$in{'cipher'}); 73 | print &ui_hidden('dh','dh'.$$info_ca{'KEY_SIZE'}.'.pem'); 74 | print &ui_hidden('tls-auth',$in{'tls-auth'}); 75 | print &ui_table_start($text{'new_client_title'}.' '.$in{'vpn'},'',2); 76 | print &ui_table_row($text{'name'}, &ui_select('CLIENT_NAME', '', $a_clients)); 77 | print &ui_table_row($text{'protocol'}, $in{'proto'}); 78 | print &ui_table_row($text{'dev'}, $in{'dev'}); 79 | print &ui_table_row($text{'ca'}, $$info_ca{'CA_NAME'}); 80 | print &ui_table_row($text{'choose_client'}, $text{'automatic_name'}); 81 | print &ui_table_row($text{'cert_client'}, $text{'automatic'}); 82 | print &ui_table_row($text{'key_client'}, $text{'automatic'}); 83 | print &ui_table_row($text{'dh'}, 'dh'.$$info_ca{'KEY_SIZE'}.'.pem'); 84 | print &ui_table_row($text{'remote'}, $text{'remote_url'}.': '.&ui_textbox('remote_url',$config{'default_server'},12).' '.$text{'remote_port'}.': '.$in{'port'}); 85 | if ($in{'tls-auth'} == 1) { 86 | print &ui_table_row($text{'tls-auth'}, $text{'yes'}." ".$text{'automatic_server'}); 87 | } else { 88 | print &ui_table_row($text{'tls-auth'}, $text{'no'}." ".$text{'automatic_server'}); 89 | } 90 | print &ui_table_row($text{'cipher'}, $in{'cipher'}." ".$text{'automatic_server'}); 91 | print &ui_table_row($text{'comp-lzo'}, &ui_select('comp-lzo', '1', [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 92 | print &ui_table_row($text{'user'}, &ui_select('user', $in{'user'}, $a_user)); 93 | print &ui_table_row($text{'group'}, &ui_select('group', $in{'group'}, $a_group)); 94 | print &ui_table_row($text{'persist-key'}, &ui_select('persist-key', '1', [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 95 | print &ui_table_row($text{'persist-tun'}, &ui_select('persist-tun', '1', [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 96 | print &ui_table_row($text{'keepalive'}, $text{'keepalive_ping'}.': '.&ui_textbox('keepalive_ping','10',3)." ".$text{'keepalive_ping-restart'}.': '.&ui_textbox('keepalive_ping-restart','120',3)); 97 | print &ui_table_row($text{'verb'}, &ui_select('verb', '2', $a_verb)); 98 | print &ui_table_row($text{'mute'}, &ui_select('mute', '20', $a_mute)); 99 | print &ui_table_row($text{'tun-mtu'}, $in{'tun-mtu'}." ".$text{'automatic_server'}); 100 | print &ui_table_row($text{'fragment'}, &ui_textbox('fragment','',4)); 101 | print &ui_table_row($text{'mssfix'}, $in{'mssfix'}." ".$text{'automatic_server'}); 102 | print &ui_table_row($text{'float'}, &ui_select('float', 1, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 103 | print &ui_table_row($text{'auth-nocache'}, &ui_select('auth-nocache', $in{'auth-nocache'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 104 | print &ui_table_row($text{'adds_conf'}, &ui_textarea('adds_conf', '', 5, 45, 'off')); 105 | print &ui_table_end(); 106 | print &ui_table_start($text{'commands'},'',2); 107 | print &ui_table_row($text{'up-pre'}, &ui_textarea('up-pre', '', 3, 45, 'off')); 108 | print &ui_table_row($text{'up'}, &ui_textarea('up', '', 3, 45, 'off')); 109 | print &ui_table_row($text{'down-pre'}, &ui_textarea('down-pre', '', 3, 45, 'off')); 110 | print &ui_table_row($text{'down'}, &ui_textarea('down', '', 3, 45, 'off')); 111 | print &ui_table_end(); 112 | print &ui_table_start($text{'ccdfile'},'',2); 113 | print &ui_table_row($text{'ccdfile-content'}, &ui_textarea('ccdfile', '', 3, 45, 'off')); 114 | print &ui_table_end(); 115 | print &ui_form_end([ [ "save", $text{'save'} ] ]); 116 | } else { 117 | # start tabella 118 | print "\n"; 119 | # title row 120 | print ""; 121 | print "\n"; 122 | print "\n"; 123 | print "
".$text{'list_keys_client_empty'}."
\n"; 124 | } 125 | 126 | print "

"; 127 | 128 | #footer della pagina 129 | &footer("clientlist_vpn.cgi?vpn=".$in{'vpn'}, $text{'list_client_vpn'}." ".$in{'vpn'}); 130 | -------------------------------------------------------------------------------- /openvpn/HISTORY.IT: -------------------------------------------------------------------------------- 1 | No longer maintained, please look at the HISTORY.EN file 2 | 3 | ** Version 3.1 (2017-07-04) 4 | 5 | Changes 6 | 7 | 01. Seguito le indicazioni di Fulvio Fusco per ottimizzare il codice (attraverso la creazione di alcune subroutine). 8 | 02. Aggiunto nella configurazione di un server vpn la sezione per i comandi down-root (come suggerito da Fulvio Fusco). 9 | 03. Modificate le stringhe dei comandi start_cmd, stop_cmd e status_cmd (come suggerito da Falco Vennedey e segnalato da Bennie Sexton). 10 | 04. Aggiunto paraetro topology nella creazione del server VPN (come segnalato da Björn Gaul) 11 | 12 | Bugs 13 | 14 | 01. Modificato la stringa di ricerca relativa al comando utilizzato per ottenere la lista degli argomenti di cifratura ('openvpn --show-ciphers'), 15 | come indicato da Andy Wright, Fulvio Fusco, Brad Gass e Stefano Buelow. 16 | 17 | 18 | ** Version 3.0 (2017-02-23) 19 | 20 | Changes 21 | 22 | 01. Modifica a funzione is_openvpn_running per diverso funzionamento di find_byname da webmin 1.380 in poi (segnalazione di Roberto Resoli). 23 | 02. Implementazione textarea static key in VPN statica (patch di Olivier Beaudet). 24 | 03. Patch di Pierpaolo Palazzo: modifica ad alcune librerie per rendere utilizzabile anche su CentOS. 25 | 04. Il prefisso dei PID files dei processi OpenVPN e' configurabile (patch di Percivaldi Daniele). 26 | 05. Modifica configurazione "down_root_plugin" per openvpn 2.3.3 (come suggerito da Percivaldi Daniele). 27 | 06. Modifica lettura di parametro expired di ca in modo che funzioni sia se la data e' indicata con anno in 4 cifre 28 | (come suggerito da Florian Lagg | IT-Valentin.at e Giuseppe Setteducati) che se la data e' indicata con anno in 2 cifre (come era da noi). 29 | 07. Rimossa possibilita' di creazione chiavi e ca a 1024 bit. 30 | 08. Nuova versione del file openvpn-ssl.cnf. 31 | 09. Compatibile con debian8. 32 | 33 | Bugs 34 | 35 | 01. Correzione definizione di parametro proto in creazione file di configurazione di VPN nel caso di proto TCP (come suggerito da Alexander Predeschly). 36 | 37 | ** Version 2.6 (2013-04-04) 38 | 39 | Bugs 40 | 41 | 01. Nuovo file openvpn-ssl.cnf. 42 | 43 | ** Version 2.5 (2007-06-05) 44 | 45 | Changes 46 | 47 | 01. Introdotta assegnazione automatica e interattiva numeri dispositivi (tun0,tun1,etc). 48 | 02. Aggiunto default server in configurazione modulo per accelerare creazione clients. 49 | 03. Modificato device su client: preimposta tun o tap in funzione del server. 50 | 04. Impostate tutte le textarea come wrap=off. 51 | 05. Modificato controllo nome chiave,server,client (come suggerito da H. Spaethe). 52 | 06. Aggiunti files di configurazione per netbsd ed openbsd. 53 | 07. Migliorato skin di form di vpn server static. 54 | 08. Introdotte modifiche a dispositivo tap (patch di H. Spaethe). 55 | 09. Aggiunta traduzione us (Richard Geoffrion). 56 | 57 | Bugs 58 | 59 | 01. Risolto baco su local che non veniva letto correttamente in interfaccia di modifica. 60 | 02. Corretto baco in assegnazione reti di trasporto quando vuote. 61 | 03. Corretto baco in configurazione che non permetteva di usare freebsd. 62 | 63 | ** Version 2.01 (23-03-2007) 64 | 65 | Bugs 66 | 67 | 01. Sistemato baco su tcp-client in clients che deve inserire automaticamente a posto 68 | di tcp-server nel caso il server sia proprio tcp-server. 69 | 70 | ** Version 2.0 (01-12-2006) 71 | 72 | Changes 73 | 74 | 01. Aggiunto file di configurazione per freebsd fornito da Gustavo Fukao 75 | 02. Aggiunto link a clients di openvpn in schermata clientlist_vpn.cgi 76 | 03. Per disconnettere un utente da connessioni attive rimuovo solamente 77 | il file ccd corrispondente invece che cancellare il client stesso. 78 | 04. Sistemazione codice per la traduzione degli errori nella nuova patch di H. Spaethe. 79 | 80 | Changes da parte di H. Spaethe 81 | 82 | 01. Aggiunti elementi della form necessari per il bridge device ('bridge device name', 83 | 'network device to bridge','bridge ip','bridge netmask','bridge ip-pool-start/end') 84 | 02. Implementazione "automatica" di start/stop del bridge allo start/shutdown del server 85 | 03. Aggiunti elementi per i path degli script di start/end nella sezione configurazione del modulo 86 | 04. Aggiunto il path per down-root.so nella sezione configurazione del modulo (questo e' necessario 87 | se si vuole riconfigurare il device ethernet automatico allo stop del bridge) 88 | 89 | Bugs da parte di H. Spaethe 90 | 91 | 01. Corretto il controllo di ip/network/netmask check (did not work) 92 | 02. Modificato il codice di generazione degli script di up/down/up-pre/down-pre (aggiunta bash-shebang) 93 | 94 | Bugs 95 | 96 | 01. Rimosso controllo su nome client in creazione del client inutile perche' 97 | coincide con il nome della chiave 98 | 99 | ** Version 1.04 (21-03-2006) 100 | 101 | Changes 102 | 103 | 01. Aggiunta creazione file up e down .bat per windows (caratteri dos) 104 | all'esportazione del client. 105 | 02. Modificato i valori di proto con protocollo tcp in tcp-server. 106 | ed aggiunto tcp-client. 107 | 03. Aggiunta possibilita di creazione chiave per client senza password. 108 | 109 | ** Version 1.03 (09-03-2006) 110 | 111 | Changes 112 | 113 | 01. Aggiunta traduzione in tedesco e modificata traduzione in inglese 114 | da parte di H. Spaethe (Ivan Dolvich). 115 | 116 | ** Version 1.02 (24-02-2006) 117 | 118 | Changes 119 | 120 | 01. Effettuate modifiche per permettere di avere lo stesso client su 2 vpn 121 | diverse (ccd-exclusive): rimossa revoca chiave alla cancellazione del client; 122 | alla creazione del client permetto di utilizzare tutte le chiavi disponibili 123 | tranne quelle gia' utilizzate dai client di quel server. 124 | 02. Aggiunta possibilita' di editare il file ccd nella modifica e creazione del client. 125 | 03. Tolta creazione ed elminazione della ta.key dalla CA ed introduzione della 126 | creazione-eliminazione della stessa nella cartella del server. 127 | Modificata esportazione del client per prendere la ta.key dalla directory del server. 128 | 129 | Bugs fixed 130 | 131 | 01. Corretto baco in creazione ta.key che ricreava la ta.key anche se gia' esistente. 132 | 02. Spostato parametro mssfix dopo fragment e tun-mtu sia in interfaccia che in file di 133 | configurazione di server e client 134 | 135 | ** Version 1.01 (23-01-2006) 136 | 137 | Bugs fixed 138 | 139 | 01. Sistemazione lettura informazioni chiavi valide da file index.txt che non funzionava 140 | in assenza di alcuni campi. 141 | 142 | ** Version 1.00 (18-01-2006) 143 | 144 | Changes 145 | 146 | 01. Versione iniziale 147 | -------------------------------------------------------------------------------- /openvpn/keyslist_ca.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | use Time::Local; 13 | 14 | require './openvpn-lib.pl'; 15 | 16 | # legge parametri da form o da url e li inserisce in hash $in 17 | &ReadParse(); 18 | 19 | # legge info della CA: hash globale $info_ca 20 | &ReadFieldsCA($in{'file_name'}); 21 | 22 | # legge elenco delle chiavi presenti per quella CA 23 | $listca = &ReadCAKeys($in{'file_name'},0); 24 | 25 | # intestazione pagina 26 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 27 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 28 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 29 | 30 | print "
"; 31 | # start tabella 32 | print "\n"; 33 | # title row 34 | print ""; 35 | print "\n"; 36 | print "\n"; 37 | # th row 38 | print ""; 39 | if (keys %{$listca}) { 40 | print "\n"; 41 | print "\n"; 42 | print "\n"; 43 | print "\n"; 44 | print "\n"; 45 | print "\n"; 46 | } else { 47 | print "\n"; 48 | } 49 | print "\n"; 50 | # rows 51 | foreach $key (sort keys %{$listca}) { 52 | print "\n"; 53 | if ($$listca{$key}{key_expired} =~ /^\d{12}Z$/) { 54 | $$listca{$key}{key_expired} =~ /^(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z$/; 55 | $time = Time::Local::timegm($6,$5,$4,$3,($2-1),"20".$1); 56 | } elsif ($$listca{$key}{key_expired} =~ /^\d{14}Z$/) { 57 | $$listca{$key}{key_expired} =~ /^(\d\d\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)Z$/; 58 | $time = Time::Local::timegm($7,$5,$4,$3,($2-1),$1); 59 | } 60 | $mytime = time(); 61 | print "\n"; 62 | if (-f $$info_ca{'KEY_DIR'}.'/'.$in{'file_name'}.'/'.$$listca{$key}{key_name}.'.server') { 63 | print "\n"; 64 | } else { 65 | print "\n"; 66 | } 67 | print "\n"; 68 | if ($$listca{$key}{key_status} eq "R" or $time < $mytime) { 69 | print "\n"; 70 | print "\n"; 71 | } else { 72 | print "\n"; 73 | if (-s $$info_ca{'KEY_DIR'}.'/'.$in{'file_name'}.'/'.$$listca{$key}{key_name}.'.p12') { 74 | print "\n"; 75 | } else { 76 | print "\n"; 77 | } 78 | } 79 | if ($$listca{$key}{key_status} eq "R") { 80 | print "\n"; 81 | } elsif ($$listca{$key}{key_status} eq "V") { 82 | if ($time < $mytime) { 83 | print "\n"; 84 | } else { 85 | print "\n"; 86 | } 87 | } 88 | print "\n"; 89 | print "\n"; 90 | } 91 | # stop tabella 92 | print "
".$text{'list_keys_of_ca'}." ".$in{'file_name'}."
".$text{'name'}."".$text{'key_server'}."".$text{'verify'}."".$text{'export'}."".$text{'status'}." ".$text{'list_keys_empty'}."
".$$listca{$key}{key_name}."".$text{'server'}."".$text{'client'}."".$text{'verify'}."  ".$text{'export'}."".$text{'pkcs12'}." ".$text{'revoked'}."".$text{'expired'}."".$text{'active'}."".$text{'remove'}."
\n"; 93 | print "
"; 94 | print "
\n"; 95 | print "
"; 96 | 97 | # form per nuova Key 98 | print &ui_form_start("create_key.cgi", "POST"); 99 | print &ui_hidden('ca_name', $in{'file_name'}); 100 | print &ui_hidden('KEY_DIR', $$info_ca{'KEY_DIR'}."/".$in{'file_name'}); 101 | print &ui_hidden('KEY_CONFIG', $$info_ca{'KEY_CONFIG'}); 102 | print &ui_hidden('KEY_SIZE', $$info_ca{'KEY_SIZE'}); 103 | print &ui_table_start($text{'newkey_title'}.": ".$in{'file_name'},'',2); 104 | print &ui_table_row($text{'key_name'}, &ui_textbox('KEY_NAME','changeme',50),'',[ 'nowrap',1 ]); 105 | print &ui_table_row($text{'key_password'}, &ui_password('KEY_PASSWD','',50),'',[ 'nowrap',1 ]); 106 | print &ui_table_row('',''.$text{'warning_server_pass'}.'',[ 'align=right colspan=2 nowrap',1 ]); 107 | print &ui_table_row($text{'key_server'}, &ui_select('KEY_SERVER', 2, [ [2,$text{'client'}], [1,$text{'server'}] ]),'',[ 'nowrap',1 ]); 108 | print &ui_table_row($text{'key_pkcs12'}, &ui_select('KEY_PKCS12', 1, [ [1,$text{'no'}],[2,$text{'yes'}] ]),'',[ 'nowrap',1 ]); 109 | print &ui_table_row($text{'key_pkcs12_password'}, &ui_password('KEY_PKCS12_PASSWD','',50),'',[ 'nowrap',1 ]); 110 | print &ui_table_row($text{'key_expire'}, &ui_textbox('KEY_EXPIRE', $$info_ca{'CA_EXPIRE'},50),'',[ 'nowrap',1 ]); 111 | print &ui_table_row($text{'country'}, &ui_textbox('KEY_COUNTRY', $$info_ca{'KEY_COUNTRY'},50),'',[ 'nowrap',1 ]); 112 | print &ui_table_row($text{'province'}, &ui_textbox('KEY_PROVINCE', $$info_ca{'KEY_PROVINCE'},50),'',[ 'nowrap',1 ]); 113 | print &ui_table_row($text{'city'}, &ui_textbox('KEY_CITY', $$info_ca{'KEY_CITY'},50),'',[ 'nowrap',1 ]); 114 | print &ui_table_row($text{'org'}, &ui_textbox('KEY_ORG', $$info_ca{'KEY_ORG'},50),'',[ 'nowrap',1 ]); 115 | print &ui_table_row($text{'ou'}, &ui_textbox('KEY_OU', 'Office',50),'',[ 'nowrap',1 ]); 116 | print &ui_table_row($text{'email'}, &ui_textbox('KEY_EMAIL', $$info_ca{'KEY_EMAIL'},50),'',[ 'nowrap',1 ]); 117 | print &ui_table_end(); 118 | print &ui_form_end([ [ "save", $text{'save'} ] ]); 119 | 120 | print "
"; 121 | 122 | print "
\n"; 123 | print "
"; 124 | 125 | #footer della pagina 126 | &footer("", $text{'title_opnvpn'}); 127 | -------------------------------------------------------------------------------- /openvpn/HISTORY.EN: -------------------------------------------------------------------------------- 1 | ** Version 3.3 (2021-01-26) 2 | 3 | Changes 4 | 5 | 01. Integrated patches from https://github.com/68b32/webmin-openvpn-debian-jessie and forks 6 | 02. Added option to export single-file .ovpn including certificates 7 | 03. Added option fo noauth-cache 8 | 9 | ** Version 3.2 (2018-11-14) 10 | 11 | Changes 12 | 13 | 01. Followed by Brad Gass on the possible values of the topology parameter in the VPN server (of type tun) and its modification. 14 | Removed saving this option in case of tap server. 15 | 02. Updated WEB interface with the use of Webmin HTML visualization functions. 16 | 17 | Bugs 18 | 19 | 01. Adaptation of the interface to a new restrictive policy on the use of HTML forms by Webmin. 20 | 02. Update of the modification of the VPN Client in view and in saving so that the automatic data of the server 21 | are properly reported in the interface and saved accordingly (thanks to Brad Gass). 22 | 03. Modified the paths of the bridge scripts with the standard path of Webmin (signaling by Michele Mauro). 23 | 04. Following the indication of Michele Giorato, updated the ethernet reading through the ReadEths function for CentOS Linux 7.3. 24 | 05. Updated commands in action_vpn.cgi (eliminating sprintf) as indicated by Aslan. 25 | 06. As suggested by Francois Gendron, in the compiled fields of CA allowed the introduction of the 'without' character 26 | for this to create problems. 27 | 28 | ** Version 3.1 (2017-07-04) 29 | 30 | Changes 31 | 32 | 01. Follow the instructions of Fulvio Fusco to optimize the code (through the creation of some subroutines). 33 | 02. Added in the configuration of a vpn server the section for down-root commands (as suggested by Fulvio Fusco). 34 | 03. Modify command strings start_cmd, stop_cmd, and status_cmd (as suggested by Falco Vennedey and reported by Bennie Sexton). 35 | 04. Added topology pareter in creating the VPN server (as reported by Björn Gaul) 36 | 37 | Bugs 38 | 39 | 01. Modified the search string for the command used to get the list of encryption arguments ('openvpn --show-ciphers'), 40 | as indicated by Andy Wright, Fulvio Fusco, Brad Gass and Stefano Buelow. 41 | 42 | ** Version 3.0 (2017-02-23) 43 | 44 | Changes 45 | 46 | 01. Modfiy is_openvpn_running function for webmin 1.380 and later (as suggested by Roberto Resoli). 47 | 02. Implementation of static key textarea in static VPN (patch di Olivier Beaudet). 48 | 03. Pierpaolo Palazzo's Patch: New modifications to library for use on CentOS. 49 | 04. The PID file prefix of OpenVPN processes is configurable (patch of Percivaldi Daniele). 50 | 05. Configuration "down_root_plugin" modified for openvpn 2.3.3 (as suggested by Percivaldi Daniele). 51 | 06. Modify of reading ca option expired so that it works is if the year date is shown in 4-digit (as suggested by Florian Lagg | IT-Valentin.at and Giuseppe Setteducati) 52 | that if the year date is indicated with two-digit (as it was from us). 53 | 07. Remove option 1024 bit in creation keys and ca. 54 | 08. New file openvpn-ssl.cnf. 55 | 09. Compatible with debian8. 56 | 57 | Bugs 58 | 59 | 01. Resolved configuration proto TCP (as suggested by Alexander Predeschly). 60 | 61 | 62 | ** Version 2.6 (2013-04-04) 63 | 64 | Bugs 65 | 66 | 01. New file openvpn-ssl.cnf. 67 | 68 | 69 | ** Version 2.5 (2007-06-05) 70 | 71 | Changes 72 | 73 | 01. The device number (tun0, tun1, ...) is automatically added and interactivly modifiable. 74 | 02. In the module configuration area the default server has been added as a new 75 | item. This addition will quick up the clients creation. 76 | 03. Device setting: the module set it to tun o tap, based on the server setting. 77 | 04. Added a new textarea attribute: wrap="off" 78 | 05. Test of validity of key, server, client modified as suggested by H. Spaethe. 79 | 06. Added new config files for netbsd and openbsd. 80 | 07. Adapted server static form to the webmin skins. 81 | 08. New modifications to tap device (patch of H. Spaethe). 82 | 09. Added us translation (Richard Geoffrion). 83 | 84 | Bugs 85 | 86 | 01. Resolved bug on local. 87 | 02. Resolved loop on assignment of network/netmask when not defined. 88 | 03. Resoved anti freebsd config bug. 89 | 90 | ** Version 2.01 (23-03-2007) 91 | 92 | Bugs 93 | 94 | 01. Resolved bug on export of client in case of tcp-server. 95 | 96 | 97 | ** Version 2.0 (01-12-2006) 98 | 99 | Changes 100 | 101 | 01. Added the freebsd configuration file (thanks to Gustavo Fukao) 102 | 02. Added a link to openvpn clients inside clientlist_vpn.cgi 103 | 03. To disconnect a user with active connection remove the file ccd 104 | instead removing the client. 105 | 04. The new patch of H. Spaethe fix some code for the error translation 106 | 107 | Changes for H. Spaethe 108 | 109 | 01. Added form elements needed for bridge control ('bridge device name', 110 | 'network device to bridge','bridge ip','bridge netmask','bridge ip-pool-start/end') 111 | 02. "Automatic" start/stop of bridge on server start/shutdown 112 | 03. Added path of start/end-script to the module config section 113 | 04. Added path of down-root.so to the module config section (this is needed 114 | if you want to reconfigure the ethernet device automatic on bridge stop) 115 | 116 | Bugs fixed for H. Spaethe 117 | 118 | 01. Fixed the ip/network/netmask check (did not work) 119 | 02. Modified up/down/up-pre/down-pre - script generation code (added bash-shebang) 120 | 121 | Bugs 122 | 123 | 01. When you create the client the client name control has been removed. 124 | 125 | ** Version 1.04 (21-03-2006) 126 | 127 | Changes 128 | 129 | 01. Added the creation of the up and down MSWIN file .bat when the client is exported. 130 | 02. Modified the values of the proto variable: tcp has been changed into tcp-server, 131 | and the value tcp-client has been added. 132 | 03. Now you can create the client key without the password. 133 | 134 | ** Version 1.03 (09-03-2006) 135 | 136 | Changes 137 | 138 | 01. Added the german and the english translation realized by Ivan Dolvich. 139 | 140 | ** Version 1.02 (24-02-2006) 141 | 142 | Changes 143 | 144 | 01. Now you can have 2 vpn on the same client (ccd-exclusive): 145 | when you remove the client the key will not be revoked; 146 | when you create a new client it is possible to choose a key from all the available keys 147 | with the exception of the ones already used by an other client on the same server. 148 | 02. Now you can edit the cdd file during the creation and the modification of the client. 149 | 03. The ta.key file is moved from the CA dir to the server dir. 150 | The ta.key is not created when you create the CA but when you manage your server. 151 | The ta.key file now is exported from the server dir even when you export your client. 152 | 153 | Bugs fixed 154 | 155 | 01. Bug fixed in ta.key creation: ta.key is created only if it is not present. 156 | 157 | 02. The mssfix parameter has been set after fragment and tun-mtu parameters, even in the GUI 158 | and in server and client config file. 159 | 160 | ** Version 1.01 (23-01-2006) 161 | 162 | Bugs fixed 163 | 164 | 01. Fixed the key file read when some fields were missed. 165 | 166 | ** Version 1.00 (18-01-2006) 167 | 168 | Changes 169 | 170 | 01. Initial revision 171 | -------------------------------------------------------------------------------- /openvpn/modify_client.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | %client_info = %in; 18 | %in = ( 'vpn' => $client_info{'vpn'}); 19 | &ReadVPNConf(); 20 | 21 | $tlsauth_server = $in{'tls-auth'}; 22 | delete($in{'tls-auth'}); 23 | 24 | %server_info = %in; 25 | 26 | %in = %client_info; 27 | 28 | &ReadClientConf(); 29 | 30 | $in{'CLIENT_NAME'} = $in{'client'}; 31 | 32 | &ReadFieldsCA($in{'CA_NAME'}); 33 | 34 | $a_verb = []; 35 | for ($i=1;$i<=15;$i++) { push(@$a_verb,[$i,$i]); } 36 | 37 | $a_mute = [ [ 0, $text{'unassigned'} ] ]; 38 | for ($i=10;$i<=50;$i=$i+10) { push(@$a_mute,[$i,$i]); } 39 | 40 | &foreign_require("useradmin", "user-lib.pl"); 41 | 42 | # utenti di sistema 43 | $a_user = []; 44 | @users = &useradmin::list_users(); 45 | @users = &useradmin::sort_users(\@users, 1); 46 | foreach $us (@users) { 47 | push @$a_user,[$$us{'user'},$$us{'user'}]; 48 | } 49 | 50 | # gruppi di sistema 51 | $a_group = []; 52 | @groups = &useradmin::list_groups(); 53 | @groups = &useradmin::sort_groups(\@groups, 1); 54 | foreach $us (@groups) { 55 | push @$a_group,[$$us{'group'},$$us{'group'}]; 56 | } 57 | 58 | # estrarre elenco chiavi client [della ca selezionata] 59 | $a_clients = &ReadCAKeys($in{'CA_NAME'},3,1,1); 60 | 61 | # intestazione pagina 62 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 63 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 64 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 65 | 66 | print "
"; 67 | print '

'.$error.'

'; 68 | print "
"; 69 | 70 | # form per nuova VPN 71 | print &ui_form_start("create_client.cgi", "POST"); 72 | print &ui_hidden('ca_dir',$config{'openvpn_keys_subdir'}.'/'.$$info_ca{'CA_NAME'}); 73 | print &ui_hidden('ca','ca.crt'); 74 | print &ui_hidden('ca_name',$$info_ca{'CA_NAME'}); 75 | print &ui_hidden('vpn',$in{'vpn'}); 76 | print &ui_hidden('tun-mtu',$in{'tun-mtu'}); 77 | print &ui_hidden('mssfix',$in{'mssfix'}); 78 | print &ui_hidden('dev',$in{'dev'}); 79 | print &ui_hidden('proto',$in{'proto'}); 80 | print &ui_hidden('client',$in{'CLIENT_NAME'}); 81 | print &ui_hidden('remote_port',$in{'remote_port'}); 82 | print &ui_hidden('cipher',$in{'cipher'}); 83 | print &ui_hidden('CLIENT_NAME',$in{'CLIENT_NAME'}); 84 | print &ui_hidden('dh','dh'.$$info_ca{'KEY_SIZE'}.'.pem'); 85 | print &ui_hidden('tls-auth',$tlsauth_server); 86 | print &ui_hidden('modify',1); 87 | print &ui_table_start($text{'modifyclient_server_title'}.' '.$in{'CLIENT_NAME'},'',2); 88 | print &ui_table_row($text{'name'}, $in{'CLIENT_NAME'}); 89 | print &ui_table_row($text{'protocol'}, $in{'proto'},'width=100%'); 90 | print &ui_table_row($text{'dev'}, $in{'dev'}); 91 | print &ui_table_row($text{'ca'}, $$info_ca{'CA_NAME'},'width=100%'); 92 | print &ui_table_row($text{'choose_client'}, $text{'automatic_name'}); 93 | print &ui_table_row($text{'cert_client'}, $text{'automatic'}); 94 | print &ui_table_row($text{'key_client'}, $text{'automatic'}); 95 | print &ui_table_row($text{'dh'}, 'dh'.$$info_ca{'KEY_SIZE'}.'.pem','width=100%'); 96 | print &ui_table_row($text{'remote'}, $text{'remote_url'}.': '.&ui_textbox('remote_url',$in{'remote_url'},12).' '.$text{'remote_port'}.': '.$in{'remote_port'}); 97 | 98 | if ($tlsauth_server == $in{'tls-auth'}) { 99 | if ($in{'tls-auth'} == 1) { 100 | print &ui_table_row($text{'tls-auth'}, $text{'yes'}." ".$text{'automatic_server'}); 101 | } else { 102 | print &ui_table_row($text{'tls-auth'}, $text{'no'}." ".$text{'automatic_server'}); 103 | } 104 | } else { 105 | if ($in{'tls-auth'} == 1) { 106 | print &ui_table_row($text{'tls-auth'}, "".$text{'no'}." ".$text{'modified_server'}.""); 107 | } else { 108 | print &ui_table_row($text{'tls-auth'}, "".$text{'yes'}." ".$text{'modified_server'}.""); 109 | } 110 | } 111 | 112 | if ($server_info{'cipher'} eq $in{'cipher'}) { 113 | print &ui_table_row($text{'cipher'}, $in{'cipher'}." ".$text{'automatic_server'}); 114 | } else { 115 | print &ui_table_row($text{'cipher'}, "".$server_info{'cipher'}." ".$text{'modified_server'}.""); 116 | } 117 | 118 | print &ui_table_row($text{'comp-lzo'}, &ui_select('comp-lzo', $in{'comp-lzo'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 119 | print &ui_table_row($text{'user'}, &ui_select('user', $in{'user'}, $a_user)); 120 | print &ui_table_row($text{'group'}, &ui_select('group', $in{'group'}, $a_group)); 121 | print &ui_table_row($text{'persist-key'}, &ui_select('persist-key', $in{'persist-key'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 122 | print &ui_table_row($text{'persist-tun'}, &ui_select('persist-tun', $in{'persist-tun'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 123 | print &ui_table_row($text{'keepalive'}, $text{'keepalive_ping'}.': '.&ui_textbox('keepalive_ping',$in{'keepalive_ping'},3)." ".$text{'keepalive_ping-restart'}.': '.&ui_textbox('keepalive_ping-restart',$in{'keepalive_ping-restart'},3)); 124 | print &ui_table_row($text{'verb'}, &ui_select('verb', $in{'verb'}, $a_verb)); 125 | print &ui_table_row($text{'mute'}, &ui_select('mute', $in{'mute'}, $a_mute)); 126 | 127 | if ($server_info{'tun-mtu'} == $in{'tun-mtu'}) { 128 | print &ui_table_row($text{'tun-mtu'}, $in{'tun-mtu'}." ".$text{'automatic_server'}); 129 | } else { 130 | print &ui_table_row($text{'tun-mtu'}, "".$server_info{'tun-mtu'}." ".$text{'modified_server'}.""); 131 | } 132 | 133 | print &ui_table_row($text{'fragment'}, &ui_textbox('fragment',$in{'fragment'},4)); 134 | 135 | if ($server_info{'mssfix'} == $in{'mssfix'}) { 136 | print &ui_table_row($text{'mssfix'}, $in{'mssfix'}." ".$text{'automatic_server'}); 137 | } else { 138 | print &ui_table_row($text{'mssfix'}, "".$server_info{'mssfix'}." ".$text{'modified_server'}.""); 139 | } 140 | 141 | print &ui_table_row($text{'float'}, &ui_select('float', $in{'float'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 142 | print &ui_table_row($text{'auth-nocache'}, &ui_select('auth-nocache', $in{'auth-nocache'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 143 | print &ui_table_row($text{'adds_conf'}, &ui_textarea('adds_conf', $in{'adds_conf'}, 5, 45, 'off')); 144 | print &ui_table_end(); 145 | print &ui_table_start($text{'commands'},'',2); 146 | print &ui_table_row($text{'up-pre'}, &ui_textarea('up-pre', $in{'up-pre'}, 3, 45, 'off')); 147 | print &ui_table_row($text{'up'}, &ui_textarea('up', $in{'up'}, 3, 45, 'off')); 148 | print &ui_table_row($text{'down-pre'}, &ui_textarea('down-pre', $in{'down-pre'}, 3, 45, 'off')); 149 | print &ui_table_row($text{'down'}, &ui_textarea('down', $in{'down'}, 3, 45, 'off')); 150 | print &ui_table_end(); 151 | print &ui_table_start($text{'ccdfile'},'',2); 152 | print &ui_table_row($text{'ccdfile-content'}, &ui_textarea('ccdfile', $in{'ccdfile'}, 3, 45, 'off')); 153 | print &ui_table_end(); 154 | print &ui_form_end([ [ "save", $text{'save'} ] ]); 155 | 156 | print "

"; 157 | 158 | #footer della pagina 159 | &footer("clientlist_vpn.cgi?vpn=".$in{'vpn'}, $text{'list_client_vpn'}." ".$in{'vpn'}); 160 | -------------------------------------------------------------------------------- /openvpn/listactiveconnect.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | $vpns = {}; 18 | $vpnstatics = {}; 19 | 20 | if ($in{'vpn'}) { 21 | if ($in{'static'} == 1) { 22 | &ReadStaticVPNConf(); 23 | $$vpnstatics{$in{'vpn'}} = \%in; 24 | ($$vpnstatics{$in{'vpn'}}{'list_connections'},$$vpnstatics{$in{'vpn'}}{'error_connections'}) = &ReadStaticConnections($in{'vpn'},$in{'management_url'},$in{'management_port'}); 25 | } else { 26 | &ReadVPNConf(); 27 | $$vpns{$in{'vpn'}} = \%in; 28 | ($$vpns{$in{'vpn'}}{'list_connections'},$$vpns{$in{'vpn'}}{'error_connections'}) = &ReadConnections($in{'vpn'},$in{'management_url'},$in{'management_port'}); 29 | } 30 | } else { 31 | # solo quelle con management attivo 32 | ($vpns,$vpnstatics) = &ReadVPN(1); 33 | if (keys %{$vpns}) { 34 | foreach $vpn (keys %{$vpns}) { 35 | $$vpns{$vpn}{'management'} =~ /^(.+)\s+(\d+)$/; 36 | $$vpns{$vpn}{'management_url'} = $1; $$vpns{$vpn}{'management_port'} = $2; 37 | ($$vpns{$vpn}{'list_connections'},$$vpns{$vpn}{'error_connections'}) = &ReadConnections($vpn,$$vpns{$vpn}{'management_url'},$$vpns{$vpn}{'management_port'}); 38 | } 39 | } 40 | if (keys %{$vpnstatics}) { 41 | foreach $vpn (keys %{$vpnstatics}) { 42 | $$vpnstatics{$vpn}{'management'} =~ /^(.+)\s+(\d+)$/; 43 | $$vpnstatics{$vpn}{'management_url'} = $1; $$vpnstatics{$vpn}{'management_port'} = $2; 44 | ($$vpnstatics{$vpn}{'list_connections'},$$vpnstatics{$vpn}{'error_connections'}) = &ReadStaticConnections($vpn,$$vpnstatics{$vpn}{'management_url'},$$vpnstatics{$vpn}{'management_port'}); 45 | } 46 | } 47 | } 48 | 49 | # intestazione pagina 50 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 51 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 52 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 53 | 54 | print "
"; 55 | 56 | if (($in{'vpn'} and !$in{'static'}) or !$in{'vpn'}) { 57 | # start tabella 58 | print "\n"; 59 | # title row 60 | print ""; 61 | print "\n"; 62 | print "\n"; 63 | # th row 64 | print ""; 65 | if (keys %{$vpns}) { 66 | print "\n"; 67 | print "\n"; 68 | print "\n"; 69 | print "\n"; 70 | print "\n"; 71 | print "\n"; 72 | print "\n"; 73 | } else { 74 | print "\n"; 75 | } 76 | print "\n"; 77 | if (keys %{$vpns}) { 78 | # rows 79 | foreach $vpn (sort keys %{$vpns}) { 80 | print "\n"; 81 | print "\n"; 82 | print "\n"; 83 | if (keys %{$$vpns{$vpn}{'list_connections'}}) { 84 | foreach $client (sort keys %{$$vpns{$vpn}{'list_connections'}}) { 85 | print "\n"; 86 | print "\n"; 87 | print "\n"; 88 | print "\n"; 89 | print "\n"; 90 | print "\n"; 91 | print "\n"; 92 | print "\n"; 93 | print "\n"; 94 | } 95 | } elsif ($$vpns{$vpn}{'error_connections'}) { 96 | print "\n"; 97 | print "\n"; 98 | print "\n"; 99 | } else { 100 | print "\n"; 101 | print "\n"; 102 | print "\n"; 103 | } 104 | } 105 | } 106 | # stop tabella 107 | print "
".$text{'listactiveconnect'}."
".$text{'name'}."".$text{'virtual_address'}."".$text{'bytes_received'}."".$text{'bytes_sent'}."".$text{'real_address'}."".$text{'connected_since'}."".$text{'key_remove'}."".$text{'list_vpn_managed_empty'}."
".$text{'server_vpn'}.': '.$vpn."
".$client."".$$vpns{$vpn}{'list_connections'}{$client}{'virtual_address'}."".$$vpns{$vpn}{'list_connections'}{$client}{'bytes_received'}."".$$vpns{$vpn}{'list_connections'}{$client}{'bytes_sent'}."".$$vpns{$vpn}{'list_connections'}{$client}{'real_address'}."".$$vpns{$vpn}{'list_connections'}{$client}{'connected_since'}."".$text{'stop_remove'}."
".$text{'client_connected_failed'}." :".$$vpns{$vpn}{'error_connections'}."
".$text{'list_client_connected_empty'}."
\n"; 108 | 109 | print "

"; 110 | } 111 | 112 | if (($in{'vpn'} and $in{'static'} == 1) or !$in{'vpn'}) { 113 | # start tabella 114 | print "\n"; 115 | # title row 116 | print ""; 117 | print "\n"; 118 | print "\n"; 119 | # th row 120 | print ""; 121 | if (keys %{$vpnstatics}) { 122 | print "\n"; 123 | print "\n"; 124 | print "\n"; 125 | print "\n"; 126 | print "\n"; 127 | print "\n"; 128 | print "\n"; 129 | } else { 130 | print "\n"; 131 | } 132 | print "\n"; 133 | if (keys %{$vpnstatics}) { 134 | # rows 135 | foreach $vpn (sort keys %{$vpnstatics}) { 136 | print "\n"; 137 | print "\n"; 138 | print "\n"; 139 | if (keys %{$$vpnstatics{$vpn}{'list_connections'}}) { 140 | foreach $client (sort keys %{$$vpnstatics{$vpn}{'list_connections'}}) { 141 | print "\n"; 142 | print "\n"; 143 | print "\n"; 144 | print "\n"; 145 | print "\n"; 146 | print "\n"; 147 | print "\n"; 148 | print "\n"; 149 | print "\n"; 150 | } 151 | } elsif ($$vpnstatics{$vpn}{'error_connections'}) { 152 | print "\n"; 153 | print "\n"; 154 | print "\n"; 155 | } else { 156 | print "\n"; 157 | # print "\n"; 158 | print "\n"; 159 | print "\n"; 160 | } 161 | } 162 | } 163 | # stop tabella 164 | print "
".$text{'listactiveconnect_static'}."
".$text{'name'}."".$text{'virtual_address'}."".$text{'bytes_received'}."".$text{'bytes_sent'}."".$text{'real_address'}."".$text{'connected_since'}."".$text{'key_remove'}."".$text{'list_vpn_managed_empty'}."
".$text{'server_vpn'}.': '.$vpn."
".$client."".$$vpnstatics{$vpn}{'list_connections'}{$client}{'virtual_address'}."".$$vpnstatics{$vpn}{'list_connections'}{$client}{'bytes_received'}."".$$vpnstatics{$vpn}{'list_connections'}{$client}{'bytes_sent'}."".$$vpnstatics{$vpn}{'list_connections'}{$client}{'real_address'}."".$$vpnstatics{$vpn}{'list_connections'}{$client}{'connected_since'}."".$text{'stop_remove'}."
".$text{'client_connected_failed'}." :".$$vpnstatics{$vpn}{'error_connections'}."
".$text{'list_client_connected_empty'}."".$text{'not_info'}."
\n"; 165 | 166 | print "

"; 167 | 168 | } 169 | 170 | if ($in{'all'}) { 171 | #footer della pagina 172 | &footer("", $text{'title_opnvpn'}); 173 | } else { 174 | &footer("listvpn.cgi", $text{'listserver_title'}); 175 | } -------------------------------------------------------------------------------- /openvpn/new_vpn.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | &ReadFieldsCA($in{'ca'}); 18 | 19 | $a_verb = []; 20 | for ($i=1;$i<=15;$i++) { push(@$a_verb,[$i,$i]); } 21 | 22 | $a_mute = [ [ 0, $text{'unassigned'} ] ]; 23 | for ($i=10;$i<=50;$i=$i+10) { push(@$a_mute,[$i,$i]); } 24 | 25 | &foreign_require("useradmin", "user-lib.pl"); 26 | 27 | # utenti di sistema 28 | $a_user = []; 29 | @users = &useradmin::list_users(); 30 | @users = &useradmin::sort_users(\@users, 1); 31 | foreach $us (@users) { 32 | push @$a_user,[$$us{'user'},$$us{'user'}]; 33 | } 34 | 35 | # gruppi di sistema 36 | $a_group = []; 37 | @groups = &useradmin::list_groups(); 38 | @groups = &useradmin::sort_groups(\@groups, 1); 39 | foreach $us (@groups) { 40 | push @$a_group,[$$us{'group'},$$us{'group'}]; 41 | } 42 | 43 | # array derivante da comando 'openvpn --show-ciphers': il valore e' il primo campo ed etichetta tutto 44 | $a_cypher = &ReadCiphers(); 45 | #$a_cypher = []; 46 | #&open_execute_command(CMD, $config{'openvpn_path'} . ' --show-ciphers', 2); 47 | #while ($row=) { 48 | # $row =~ s/\r*\n//g; 49 | # if (($row =~ /bit default key/i) or ($row =~ /bit key,/i) or ($row =~ /bit key by default,/i)) { 50 | # ($key) = split(' ',$row); 51 | # push(@$a_cypher,[$key,$row]); 52 | # } 53 | #} 54 | #close(CMD); 55 | 56 | #array of aviable ethernet devices 57 | $a_eth = &ReadEths($in{'devbr'}); 58 | #$a_eth = []; 59 | #&open_execute_command(CMD, 'ifconfig|grep -i :ethernet |awk \'{print $1}\'', 2); 60 | #while ($row=) { 61 | # $row =~ s/\r*\n//g; 62 | # if (($row ne $in{'devbr'}) && (($row !~ /^tap\d/))) { 63 | # push(@$a_eth,[$row,$row]); 64 | # } 65 | #} 66 | #close(CMD); 67 | 68 | # estrarre elenco chiavi server [della ca selezionata] 69 | $a_server = &ReadCAKeys($in{'ca'},2,1); 70 | 71 | # intestazione pagina 72 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 73 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 74 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 75 | 76 | print "
"; 77 | 78 | if (@$a_server) { 79 | # form per nuova VPN 80 | print &ui_form_start("create_vpn.cgi", "POST"); 81 | print &ui_hidden('ca_dir',$config{'openvpn_keys_subdir'}.'/'.$in{'ca'}); 82 | print &ui_hidden('ca',$config{'openvpn_keys_subdir'}.'/'.$in{'ca'}.'/ca.crt'); 83 | print &ui_hidden('ca_name',$in{'ca'}); 84 | print &ui_hidden('ccd-exclusive',1); 85 | print &ui_hidden('management_url','127.0.0.1'); 86 | print &ui_hidden('dh',$config{'openvpn_keys_subdir'}.'/'.$in{'ca'}.'/dh'.$$info_ca{'KEY_SIZE'}.'.pem'); 87 | print &ui_hidden('crl-verify',$config{'openvpn_keys_subdir'}.'/'.$in{'ca'}.'/crl.pem'); 88 | print &ui_table_start($text{'newvpn_server_title'},'',2); 89 | print &ui_table_row($text{'name'}, &ui_textbox('VPN_NAME','changeme',50)); 90 | print &ui_table_row($text{'port'}, &ui_textbox('port','1194',50)); 91 | print &ui_table_row($text{'protocol'}, &ui_select('proto', 'udp', [ ['udp','udp'],['tcp-server','tcp-server'],['tcp-client','tcp-client'] ])); 92 | print &ui_table_row($text{'dev'}, &ui_select('dev', 'tun', [ ['tun','tun'],['tap','tap'] ])); 93 | ############################## 94 | ############################## 95 | print bridge_control_elements(); 96 | ############################## 97 | ############################## 98 | print &ui_table_row($text{'management'}, $text{'management_enable'}.': '.&ui_select('management', '0', [ ['0',$text{'no'}],['1',$text{'yes'} ] ]).' '.$text{'management_url'}.': 127.0.0.1 '.$text{'management_port'}.': '.&ui_textbox('management_port','',5)); 99 | print &ui_table_row($text{'ca'}, $in{'ca'}); 100 | print &ui_table_row($text{'choose_server'}, &ui_select('choose_server', '', $a_server)); 101 | print &ui_table_row($text{'cert_server'}, $text{'automatic'}); 102 | print &ui_table_row($text{'key_server'}, $text{'automatic'}); 103 | print &ui_table_row($text{'dh'}, 'dh'.$$info_ca{'KEY_SIZE'}.'.pem'); 104 | print &ui_table_row($text{'tls-server'}, &ui_select('tls-server', '0', [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 105 | print &ui_table_row($text{'local'}, &ui_textbox('local','ALL',50)); 106 | print &ui_table_row($text{'new_vpn_server'}, $text{'network'}.''.&ui_textbox('network','',15)." ".$text{'netmask'}.''.&ui_textbox('netmask','',15)); 107 | print &ui_table_row($text{'ifconfig-pool-persist'}, &ui_select('ifconfig-pool-persist', '0', [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 108 | print &ui_table_row($text{'client-to-client'}, &ui_select('client-to-client', '0', [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 109 | print &ui_table_row($text{'duplicate-cn'}, &ui_select('duplicate-cn', '0', [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 110 | print &ui_table_row($text{'tls-auth'}, &ui_select('tls-auth', '0', [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 111 | print &ui_table_row($text{'ccd-exclusive'}, $text{'yes'}); 112 | print &ui_table_row($text{'cipher'}, &ui_select('cipher', '0', $a_cypher)); 113 | print &ui_table_row($text{'comp-lzo'}, &ui_select('comp-lzo', '1', [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 114 | print &ui_table_row($text{'max-clients'}, &ui_textbox('max-clients','100',4)); 115 | print &ui_table_row($text{'user'}, &ui_select('user', 'nobody', $a_user)); 116 | print &ui_table_row($text{'group'}, &ui_select('group', 'nogroup', $a_group)); 117 | print &ui_table_row($text{'persist-key'}, &ui_select('persist-key', '1', [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 118 | print &ui_table_row($text{'persist-tun'}, &ui_select('persist-tun', '1', [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 119 | print &ui_table_row($text{'keepalive'}, $text{'keepalive_ping'}.': '.&ui_textbox('keepalive_ping','10',3)." ".$text{'keepalive_ping-restart'}.': '.&ui_textbox('keepalive_ping-restart','120',3)); 120 | print &ui_table_row($text{'verb'}, &ui_select('verb', '2', $a_verb)); 121 | print &ui_table_row($text{'mute'}, &ui_select('mute', '20', $a_mute)); 122 | print &ui_table_row($text{'status'}, 'openvpn-status.log'); 123 | print &ui_table_row($text{'log-append'}, 'openvpn.log'); 124 | print &ui_table_row($text{'tun-mtu'}, &ui_textbox('tun-mtu','',4)); 125 | print &ui_table_row($text{'fragment'}, &ui_textbox('fragment','',4)); 126 | print &ui_table_row($text{'mssfix'}, &ui_textbox('mssfix','',4)); 127 | print &ui_table_row($text{'float'}, &ui_select('float', 0, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 128 | print &ui_table_row($text{'chroot'}.' '.$config{'openvpn_home'}, &ui_select('chroot', 0, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 129 | print &ui_table_row($text{'topology'}, &ui_select('topology',0, [ ['subnet','subnet'],['net30','net30'],['p2p','p2p'] ])); 130 | print &ui_table_row($text{'adds_conf'}, &ui_textarea('adds_conf', '', 5, 45, 'off')); 131 | print &ui_table_end(); 132 | print &ui_table_start($text{'commands'},'',2); 133 | print &ui_table_row($text{'up-pre'}, &ui_textarea('up-pre', '', 3, 45, 'off')); 134 | print &ui_table_row($text{'up'}, &ui_textarea('up', '', 3, 45, 'off')); 135 | print &ui_table_row($text{'down-pre'}, &ui_textarea('down-pre', '', 3, 45, 'off')); 136 | print &ui_table_row($text{'down'}, &ui_textarea('down', '', 3, 45, 'off')); 137 | print &ui_table_row($text{'down-root'}, &ui_textarea('down-root', '', 3, 45, 'off')); 138 | print &ui_table_end(); 139 | print &ui_form_end([ [ "save", $text{'save'} ] ]); 140 | } else { 141 | # start tabella 142 | print "\n"; 143 | # title row 144 | print ""; 145 | print "\n"; 146 | print "\n"; 147 | print "
".$text{'list_keys_server_empty'}."
\n"; 148 | } 149 | print "

"; 150 | 151 | #footer della pagina 152 | &footer("listvpn.cgi", $text{'listserver_title'}); 153 | -------------------------------------------------------------------------------- /openvpn/modify_vpn.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | &ReadVPNConf(); 18 | 19 | &ReadFieldsCA($in{'ca'}); 20 | 21 | $a_verb = []; 22 | for ($i=1;$i<=15;$i++) { push(@$a_verb,[$i,$i]); } 23 | 24 | $a_mute = [ [ 0, $text{'unassigned'} ] ]; 25 | for ($i=10;$i<=50;$i=$i+10) { push(@$a_mute,[$i,$i]); } 26 | 27 | &foreign_require("useradmin", "user-lib.pl"); 28 | 29 | # utenti di sistema 30 | $a_user = []; 31 | @users = &useradmin::list_users(); 32 | @users = &useradmin::sort_users(\@users, 1); 33 | foreach $us (@users) { 34 | push @$a_user,[$$us{'user'},$$us{'user'}]; 35 | } 36 | 37 | # gruppi di sistema 38 | $a_group = []; 39 | @groups = &useradmin::list_groups(); 40 | @groups = &useradmin::sort_groups(\@groups, 1); 41 | foreach $us (@groups) { 42 | push @$a_group,[$$us{'group'},$$us{'group'}]; 43 | } 44 | 45 | # array derivante da comando 'openvpn --show-ciphers': il valore e' il primo campo ed etichetta tutto 46 | $a_cypher = &ReadCiphers(); 47 | #$a_cypher = []; 48 | #&open_execute_command(CMD, $config{'openvpn_path'} . ' --show-ciphers', 2); 49 | #while ($row=) { 50 | # $row =~ s/\r*\n//g; 51 | # if (($row =~ /bit default key/i) or ($row =~ /bit key,/i) or ($row =~ /bit key by default,/i)) { 52 | # ($key) = split(' ',$row); 53 | # push(@$a_cypher,[$key,$row]); 54 | # } 55 | #} 56 | #close(CMD); 57 | 58 | #array of aviable ethernet devices 59 | $a_eth = &ReadEths($in{'devbr'}); 60 | #$a_eth = []; 61 | #&open_execute_command(CMD, 'ifconfig|grep -i :ethernet |awk \'{print $1}\'', 2); 62 | #while ($row=) { 63 | # $row =~ s/\r*\n//g; 64 | # if (($row ne $in{'devbr'}) && (($row !~ /^tap\d/))) { 65 | # push(@$a_eth,[$row,$row]); 66 | # } 67 | #} 68 | #close(CMD); 69 | 70 | # estrarre elenco chiavi server [della ca selezionata] 71 | $a_server = &ReadCAKeys($in{'ca'},2,1); 72 | 73 | # intestazione pagina 74 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 75 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 76 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 77 | 78 | print "
"; 79 | 80 | if (!$in{'local'}) { $in{'local'} = "ALL"; } 81 | if ($in{'dev'} =~ /^tap\d/) { $in{'dev'} =~ s/^tap\d/tap/; } 82 | 83 | # form per nuova VPN 84 | print &ui_form_start("create_vpn.cgi", "POST"); 85 | print &ui_hidden('ca_dir',$config{'openvpn_keys_subdir'}.'/'.$in{'ca'}); 86 | print &ui_hidden('ca',$config{'openvpn_keys_subdir'}.'/'.$in{'ca'}.'/ca.crt'); 87 | print &ui_hidden('ca_name',$in{'ca'}); 88 | print &ui_hidden('VPN_NAME',$in{'vpn'}); 89 | if ($in{'tls-auth-old'}) { 90 | $in{'tls-auth-old'} =~ s/ 0$//; 91 | print &ui_hidden('tls-auth-old',$in{'tls-auth-old'}); 92 | } 93 | print &ui_hidden('port',$in{'port'}); 94 | print &ui_hidden('management_url','127.0.0.1'); 95 | print &ui_hidden('modify',1); 96 | print &ui_hidden('ccd-exclusive',1); 97 | print &ui_hidden('dh',$config{'openvpn_keys_subdir'}.'/'.$in{'ca'}.'/dh'.$$info_ca{'KEY_SIZE'}.'.pem'); 98 | print &ui_hidden('crl-verify',$config{'openvpn_keys_subdir'}.'/'.$in{'ca'}.'/crl.pem'); 99 | print &ui_table_start($text{'modifyvpn_server_title'},'',2); 100 | print &ui_table_row($text{'name'}, $in{'vpn'}); 101 | print &ui_table_row($text{'port'}, $in{'port'}); 102 | print &ui_table_row($text{'protocol'}, &ui_select('proto', $in{'proto'}, [ ['udp','udp'],['tcp-server','tcp-server'],['tcp-client','tcp-client'] ])); 103 | $in{'dev'} =~ /^(\D*)(\d*)$/; 104 | $dev = $1; 105 | $numberdev = $2; 106 | print &ui_table_row($text{'dev'}, &ui_hidden('dev',$in{'dev'}).$dev." ".&ui_textbox('numberdev', $numberdev, 3)); 107 | ############################## 108 | ############################## 109 | if ($dev eq 'tap') { print bridge_control_elements(); } 110 | ############################## 111 | ############################## 112 | print &ui_table_row($text{'management'}, $text{'management_enable'}.': '.&ui_select('management', $in{'management'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ]).' '.$text{'management_url'}.': 127.0.0.1 '.$text{'management_port'}.': '.&ui_textbox('management_port',$in{'management_port'},5)); 113 | print &ui_table_row($text{'ca'}, $in{'ca'}); 114 | if (@{$a_server}) { 115 | print &ui_table_row($text{'choose_server'}, &ui_select('choose_server', $in{'choose_server'}, $a_server)); 116 | } else { 117 | print &ui_table_row($text{'choose_server'}, "".$text{'list_keys_server_empty'}.""); 118 | } 119 | print &ui_table_row($text{'cert_server'}, $text{'automatic'}); 120 | print &ui_table_row($text{'key_server'}, $text{'automatic'}); 121 | print &ui_table_row($text{'dh'}, 'dh'.$$info_ca{'KEY_SIZE'}.'.pem'); 122 | print &ui_table_row($text{'tls-server'}, &ui_select('tls-server', $in{'tls-server'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 123 | print &ui_table_row($text{'local'}, &ui_textbox('local',$in{'local'},50)); 124 | print &ui_table_row($text{'new_vpn_server'}, $text{'network'}.''.&ui_textbox('network',$in{'network'},15)." ".$text{'netmask'}.''.&ui_textbox('netmask',$in{'netmask'},15)); 125 | print &ui_table_row($text{'ifconfig-pool-persist'}, &ui_select('ifconfig-pool-persist', $in{'ifconfig-pool-persist'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 126 | print &ui_table_row($text{'client-to-client'}, &ui_select('client-to-client', $in{'client-to-client'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 127 | print &ui_table_row($text{'duplicate-cn'}, &ui_select('duplicate-cn', $in{'duplicate-cn'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 128 | print &ui_table_row($text{'tls-auth'}, &ui_select('tls-auth', $in{'tls-auth'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 129 | print &ui_table_row($text{'ccd-exclusive'}, $text{'yes'}); 130 | print &ui_table_row($text{'cipher'}, &ui_select('cipher', $in{'cipher'}, $a_cypher)); 131 | print &ui_table_row($text{'comp-lzo'}, &ui_select('comp-lzo', $in{'comp-lzo'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 132 | print &ui_table_row($text{'max-clients'}, &ui_textbox('max-clients',$in{'max-clients'},4)); 133 | print &ui_table_row($text{'user'}, &ui_select('user', $in{'user'}, $a_user)); 134 | print &ui_table_row($text{'group'}, &ui_select('group', $in{'group'}, $a_group)); 135 | print &ui_table_row($text{'persist-key'}, &ui_select('persist-key', $in{'persist-key'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 136 | print &ui_table_row($text{'persist-tun'}, &ui_select('persist-tun', $in{'persist-tun'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 137 | print &ui_table_row($text{'keepalive'}, $text{'keepalive_ping'}.': '.&ui_textbox('keepalive_ping',$in{'keepalive_ping'},3)." ".$text{'keepalive_ping-restart'}.': '.&ui_textbox('keepalive_ping-restart',$in{'keepalive_ping-restart'},3)); 138 | print &ui_table_row($text{'verb'}, &ui_select('verb', $in{'verb'}, $a_verb)); 139 | print &ui_table_row($text{'mute'}, &ui_select('mute', $in{'mute'}, $a_mute)); 140 | print &ui_table_row($text{'status'}, 'openvpn-status.log'); 141 | print &ui_table_row($text{'log-append'}, 'openvpn.log'); 142 | print &ui_table_row($text{'tun-mtu'}, &ui_textbox('tun-mtu',$in{'tun-mtu'},4)); 143 | print &ui_table_row($text{'fragment'}, &ui_textbox('fragment',$in{'fragment'},4)); 144 | print &ui_table_row($text{'mssfix'}, &ui_textbox('mssfix',$in{'mssfix'},4)); 145 | print &ui_table_row($text{'float'}, &ui_select('float', $in{'float'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 146 | print &ui_table_row($text{'chroot'}.' '.$config{'openvpn_home'}, &ui_select('chroot', $in{'chroot'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 147 | print &ui_table_row($text{'topology'}, &ui_select('topology',$in{'topology'}, [ ['subnet','subnet'],['net30','net30'],['p2p','p2p'] ])); 148 | print &ui_table_row($text{'adds_conf'}, &ui_textarea('adds_conf', $in{'adds_conf'}, 5,45,'off')); 149 | print &ui_table_end(); 150 | print &ui_table_start($text{'commands'},'',2); 151 | print &ui_table_row($text{'up-pre'}, &ui_textarea('up-pre', $in{'up-pre'}, 3, 45, 'off')); 152 | print &ui_table_row($text{'up'}, &ui_textarea('up', $in{'up'}, 3, 45, 'off')); 153 | print &ui_table_row($text{'down-pre'}, &ui_textarea('down-pre', $in{'down-pre'}, 3, 45, 'off')); 154 | print &ui_table_row($text{'down'}, &ui_textarea('down', $in{'down'}, 3, 45, 'off')); 155 | print &ui_table_row($text{'down-root'}, &ui_textarea('down-root', $in{'down-root'}, 3, 45, 'off')); 156 | print &ui_table_end(); 157 | print &ui_form_end([ [ "save", $text{'save'} ] ]); 158 | 159 | print "

"; 160 | 161 | #footer della pagina 162 | &footer("listvpn.cgi", $text{'listserver_title'}); 163 | 0 164 | -------------------------------------------------------------------------------- /openvpn/new_static_vpn.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | $a_verb = []; 18 | for ($i=1;$i<=15;$i++) { push(@$a_verb,[$i,$i]); } 19 | 20 | $a_mute = [ [ 0, $text{'unassigned'} ] ]; 21 | for ($i=10;$i<=50;$i=$i+10) { push(@$a_mute,[$i,$i]); } 22 | 23 | &foreign_require("useradmin", "user-lib.pl"); 24 | 25 | # utenti di sistema 26 | $a_user = []; 27 | @users = &useradmin::list_users(); 28 | @users = &useradmin::sort_users(\@users, 1); 29 | foreach $us (@users) { 30 | push @$a_user,[$$us{'user'},$$us{'user'}]; 31 | } 32 | 33 | # gruppi di sistema 34 | $a_group = []; 35 | @groups = &useradmin::list_groups(); 36 | @groups = &useradmin::sort_groups(\@groups, 1); 37 | foreach $us (@groups) { 38 | push @$a_group,[$$us{'group'},$$us{'group'}]; 39 | } 40 | 41 | # intestazione pagina 42 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 43 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 44 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 45 | 46 | print "
"; 47 | 48 | # form per nuova VPN 49 | print &ui_form_start("create_static_vpn.cgi", "POST"); 50 | print &ui_hidden('management_url','127.0.0.1'); 51 | print &ui_table_start($text{'newvpn_static_title'}); 52 | # th row 53 | print "\n"; 54 | print &ui_table_start(); 55 | print ""; 56 | print " \n"; 57 | print "".$text{'server'}."\n"; 58 | print "".$text{'client'}."\n"; 59 | print "\n"; 60 | print ""; 61 | print "".$text{'name'}."\n"; 62 | print "".&ui_textbox('VPN_NAME','changeme',35)."\n"; 63 | print " \n"; 64 | print "\n"; 65 | print ""; 66 | print "".$text{'port'}."\n"; 67 | print "".&ui_textbox('vpn_port','1194',35)."\n"; 68 | print "".&ui_textbox('client_port','1194',35)."\n"; 69 | print "\n"; 70 | print ""; 71 | print "".$text{'protocol'}."\n"; 72 | print "".&ui_select('vpn_proto', 'udp', [ ['udp','udp'],['tcp-server','tcp-server'],['tcp-client','tcp-client'] ])."\n"; 73 | print "".$text{'automatic'}."\n"; 74 | print "\n"; 75 | print ""; 76 | print "".$text{'dev'}."\n"; 77 | print "".&ui_select('vpn_dev', 'tun', [ ['tun','tun'] ])."\n"; 78 | print "".$text{'automatic'}."\n"; 79 | print "\n"; 80 | print ""; 81 | print "".$text{'ifconfig'}."\n"; 82 | print "".$text{'from'}.':'.&ui_textbox('vpn_ifconfig_from','',15)." ".$text{'to'}.':'.&ui_textbox('vpn_ifconfig_to','',15)."\n"; 83 | print "".$text{'automatic'}."\n"; 84 | print "\n"; 85 | print ""; 86 | print "".$text{'comp-lzo'}."\n"; 87 | print "".&ui_select('vpn_comp-lzo', '1', [ ['0',$text{'no'}],['1',$text{'yes'} ] ])."\n"; 88 | print "".$text{'automatic'}."\n"; 89 | print "\n"; 90 | print ""; 91 | print "".$text{'remote'}."\n"; 92 | print "".$text{'h_url'}.' '.&ui_textbox('vpn_remote_url','',15).' '.$text{'h_port'}.': '.&ui_textbox('vpn_remote_port','1194',5)."\n"; 93 | print "".$text{'h_url'}.' '.&ui_textbox('client_remote_url','',15).' '.$text{'h_port'}.': '.&ui_textbox('client_remote_port','1194',5)."\n"; 94 | print "\n"; 95 | print ""; 96 | print "".$text{'client-nat'}."\n"; 97 | print "".&ui_select('client-nat', '0', [ ['0',$text{'no'}],['1',$text{'yes'} ] ])."\n"; 98 | print " \n"; 99 | print "\n"; 100 | print ""; 101 | print "".$text{'management'}."\n"; 102 | print "".$text{'management_enable'}.': '.&ui_select('management', '0', [ ['0',$text{'no'}],['1',$text{'yes'} ] ]).' '.$text{'management_url'}.': 127.0.0.1 '.$text{'management_port'}.': '.&ui_textbox('management_port','',5)."\n"; 103 | print " \n"; 104 | print "\n"; 105 | print ""; 106 | print "".$text{'user'}."\n"; 107 | print "".&ui_select('vpn_user', 'nobody', $a_user)."\n"; 108 | print "".$text{'automatic'}."\n"; 109 | print "\n"; 110 | print ""; 111 | print "".$text{'group'}."\n"; 112 | print "".&ui_select('vpn_group', 'nogroup', $a_group)."\n"; 113 | print "".$text{'automatic'}."\n"; 114 | print "\n"; 115 | print ""; 116 | print "".$text{'persist-key'}."\n"; 117 | print "".&ui_select('vpn_persist-key', '1', [ ['0',$text{'no'}],['1',$text{'yes'} ] ])."\n"; 118 | print "".$text{'automatic'}."\n"; 119 | print "\n"; 120 | print ""; 121 | print "".$text{'persist-tun'}."\n"; 122 | print "".&ui_select('vpn_persist-tun', '1', [ ['0',$text{'no'}],['1',$text{'yes'} ] ])."\n"; 123 | print "".$text{'automatic'}."\n"; 124 | print "\n"; 125 | print ""; 126 | print "".$text{'keepalive'}."\n"; 127 | print "".$text{'keepalive_ping'}.': '.&ui_textbox('vpn_keepalive_ping','10',3)." ".$text{'keepalive_ping-restart'}.': '.&ui_textbox('vpn_keepalive_ping-restart','120',3)."\n"; 128 | print "".$text{'automatic'}."\n"; 129 | print "\n"; 130 | print ""; 131 | print "".$text{'verb'}."\n"; 132 | print "".&ui_select('vpn_verb', '2', $a_verb)."\n"; 133 | print "".&ui_select('client_verb', '2', $a_verb)."\n"; 134 | print "\n"; 135 | print ""; 136 | print "".$text{'mute'}."\n"; 137 | print "".&ui_select('vpn_mute', '2', $a_mute)."\n"; 138 | print "".&ui_select('client_mute', '2', $a_mute)."\n"; 139 | print "\n"; 140 | print ""; 141 | print "".$text{'status'}."\n"; 142 | print "".'openvpn-status.log'."\n"; 143 | print " \n"; 144 | print "\n"; 145 | print ""; 146 | print "".$text{'log-append'}."\n"; 147 | print "".'openvpn.log'."\n"; 148 | print " \n"; 149 | print "\n"; 150 | print ""; 151 | print "".$text{'adds_conf'}."\n"; 152 | print "".&ui_textarea('vpn_adds_conf', '', 5, 35, 'off')."\n"; 153 | print "".&ui_textarea('client_adds_conf', '', 5, 35, 'off')."\n"; 154 | print "\n"; 155 | print &ui_table_end(); 156 | print &ui_table_start($text{'commands'}); 157 | print ""; 158 | print &ui_table_start(); 159 | # th row 160 | print ""; 161 | print " \n"; 162 | print "".$text{'server'}."\n"; 163 | print "".$text{'client'}."\n"; 164 | print "\n"; 165 | print ""; 166 | print "".$text{'up'}."\n"; 167 | print "".&ui_textarea('vpn_up', '', 5, 35, 'off')."\n"; 168 | print "".&ui_textarea('client_up', '', 5, 35, 'off')."\n"; 169 | print "\n"; 170 | print ""; 171 | print "".$text{'down'}."\n"; 172 | print "".&ui_textarea('vpn_down', '', 5, 35, 'off')."\n"; 173 | print "".&ui_textarea('client_down', '', 5, 35, 'off')."\n"; 174 | print "\n"; 175 | print &ui_table_end(); 176 | print &ui_form_end([ [ "save", $text{'save'} ] ]); 177 | 178 | print "

"; 179 | 180 | #footer della pagina 181 | &footer("listvpn.cgi", $text{'listserver_title'}); 182 | -------------------------------------------------------------------------------- /openvpn/openvpn-ssl.cnf: -------------------------------------------------------------------------------- 1 | # For use with easy-rsa version 2.0 and OpenSSL 1.0.0* 2 | 3 | # This definition stops the following lines choking if HOME isn't 4 | # defined. 5 | HOME = . 6 | RANDFILE = $ENV::HOME/.rnd 7 | openssl_conf = openssl_init 8 | 9 | [ openssl_init ] 10 | # Extra OBJECT IDENTIFIER info: 11 | #oid_file = $ENV::HOME/.oid 12 | oid_section = new_oids 13 | engines = engine_section 14 | 15 | # To use this configuration file with the "-extfile" option of the 16 | # "openssl x509" utility, name here the section containing the 17 | # X.509v3 extensions to use: 18 | # extensions = 19 | # (Alternatively, use a configuration file that has only 20 | # X.509v3 extensions in its main [= default] section.) 21 | 22 | [ new_oids ] 23 | 24 | # We can add new OIDs in here for use by 'ca' and 'req'. 25 | # Add a simple OID like this: 26 | # testoid1=1.2.3.4 27 | # Or use config file substitution like this: 28 | # testoid2=${testoid1}.5.6 29 | 30 | #################################################################### 31 | [ ca ] 32 | default_ca = CA_default # The default ca section 33 | 34 | #################################################################### 35 | [ CA_default ] 36 | 37 | dir = $ENV::KEY_DIR # Where everything is kept 38 | certs = $dir # Where the issued certs are kept 39 | crl_dir = $dir # Where the issued crl are kept 40 | database = $dir/index.txt # database index file. 41 | new_certs_dir = $dir # default place for new certs. 42 | 43 | certificate = $dir/ca.crt # The CA certificate 44 | serial = $dir/serial # The current serial number 45 | crl = $dir/crl.pem # The current CRL 46 | private_key = $dir/ca.key # The private key 47 | RANDFILE = $dir/.rand # private random number file 48 | 49 | x509_extensions = usr_cert # The extentions to add to the cert 50 | 51 | # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs 52 | # so this is commented out by default to leave a V1 CRL. 53 | # crl_extensions = crl_ext 54 | 55 | default_days = 3650 # how long to certify for 56 | default_crl_days= 3650 # how long before next CRL 57 | default_md = sha256 # use public key default MD 58 | preserve = no # keep passed DN ordering 59 | 60 | # A few difference way of specifying how similar the request should look 61 | # For type CA, the listed attributes must be the same, and the optional 62 | # and supplied fields are just that :-) 63 | policy = policy_anything 64 | 65 | # For the CA policy 66 | [ policy_match ] 67 | countryName = match 68 | stateOrProvinceName = match 69 | organizationName = match 70 | organizationalUnitName = optional 71 | commonName = supplied 72 | name = optional 73 | emailAddress = optional 74 | 75 | # For the 'anything' policy 76 | # At this point in time, you must list all acceptable 'object' 77 | # types. 78 | [ policy_anything ] 79 | countryName = optional 80 | stateOrProvinceName = optional 81 | localityName = optional 82 | organizationName = optional 83 | organizationalUnitName = optional 84 | commonName = supplied 85 | name = optional 86 | emailAddress = optional 87 | 88 | #################################################################### 89 | [ req ] 90 | default_bits = $ENV::KEY_SIZE 91 | default_keyfile = privkey.pem 92 | distinguished_name = req_distinguished_name 93 | attributes = req_attributes 94 | x509_extensions = v3_ca # The extentions to add to the self signed cert 95 | 96 | # Passwords for private keys if not present they will be prompted for 97 | # input_password = secret 98 | # output_password = secret 99 | 100 | # This sets a mask for permitted string types. There are several options. 101 | # default: PrintableString, T61String, BMPString. 102 | # pkix : PrintableString, BMPString (PKIX recommendation after 2004). 103 | # utf8only: only UTF8Strings (PKIX recommendation after 2004). 104 | # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). 105 | # MASK:XXXX a literal mask value. 106 | string_mask = nombstr 107 | 108 | # req_extensions = v3_req # The extensions to add to a certificate request 109 | 110 | [ req_distinguished_name ] 111 | countryName = Country Name (2 letter code) 112 | countryName_default = $ENV::KEY_COUNTRY 113 | countryName_min = 2 114 | countryName_max = 2 115 | 116 | stateOrProvinceName = State or Province Name (full name) 117 | stateOrProvinceName_default = $ENV::KEY_PROVINCE 118 | 119 | localityName = Locality Name (eg, city) 120 | localityName_default = $ENV::KEY_CITY 121 | 122 | 0.organizationName = Organization Name (eg, company) 123 | 0.organizationName_default = $ENV::KEY_ORG 124 | 125 | # we can do this but it is not needed normally :-) 126 | #1.organizationName = Second Organization Name (eg, company) 127 | #1.organizationName_default = World Wide Web Pty Ltd 128 | 129 | organizationalUnitName = Organizational Unit Name (eg, section) 130 | #organizationalUnitName_default = 131 | 132 | commonName = Common Name (eg, your name or your server\'s hostname) 133 | commonName_max = 64 134 | 135 | name = Name 136 | name_max = 64 137 | 138 | emailAddress = Email Address 139 | emailAddress_default = $ENV::KEY_EMAIL 140 | emailAddress_max = 40 141 | 142 | # JY -- added for batch mode 143 | organizationalUnitName_default = $ENV::KEY_OU 144 | commonName_default = $ENV::KEY_CN 145 | #name_default = $ENV::KEY_NAME 146 | 147 | 148 | # SET-ex3 = SET extension number 3 149 | 150 | [ req_attributes ] 151 | challengePassword = A challenge password 152 | challengePassword_min = 4 153 | challengePassword_max = 20 154 | 155 | unstructuredName = An optional company name 156 | 157 | [ usr_cert ] 158 | 159 | # These extensions are added when 'ca' signs a request. 160 | 161 | # This goes against PKIX guidelines but some CAs do it and some software 162 | # requires this to avoid interpreting an end user certificate as a CA. 163 | 164 | basicConstraints=CA:FALSE 165 | 166 | # Here are some examples of the usage of nsCertType. If it is omitted 167 | # the certificate can be used for anything *except* object signing. 168 | 169 | # This is OK for an SSL server. 170 | # nsCertType = server 171 | 172 | # For an object signing certificate this would be used. 173 | # nsCertType = objsign 174 | 175 | # For normal client use this is typical 176 | # nsCertType = client, email 177 | 178 | # and for everything including object signing: 179 | # nsCertType = client, email, objsign 180 | 181 | # This is typical in keyUsage for a client certificate. 182 | # keyUsage = nonRepudiation, digitalSignature, keyEncipherment 183 | 184 | # This will be displayed in Netscape's comment listbox. 185 | nsComment = "Easy-RSA Generated Certificate" 186 | 187 | # PKIX recommendations harmless if included in all certificates. 188 | subjectKeyIdentifier=hash 189 | authorityKeyIdentifier=keyid,issuer:always 190 | extendedKeyUsage=clientAuth 191 | keyUsage = digitalSignature 192 | 193 | 194 | # This stuff is for subjectAltName and issuerAltname. 195 | # Import the email address. 196 | # subjectAltName=email:copy 197 | 198 | # Copy subject details 199 | # issuerAltName=issuer:copy 200 | 201 | #nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem 202 | #nsBaseUrl 203 | #nsRevocationUrl 204 | #nsRenewalUrl 205 | #nsCaPolicyUrl 206 | #nsSslServerName 207 | 208 | [ server ] 209 | 210 | # JY ADDED -- Make a cert with nsCertType set to "server" 211 | basicConstraints=CA:FALSE 212 | nsCertType = server 213 | nsComment = "Easy-RSA Generated Server Certificate" 214 | subjectKeyIdentifier=hash 215 | authorityKeyIdentifier=keyid,issuer:always 216 | extendedKeyUsage=serverAuth 217 | keyUsage = digitalSignature, keyEncipherment 218 | 219 | [ v3_req ] 220 | 221 | # Extensions to add to a certificate request 222 | 223 | basicConstraints = CA:FALSE 224 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment 225 | 226 | [ v3_ca ] 227 | 228 | 229 | # Extensions for a typical CA 230 | 231 | 232 | # PKIX recommendation. 233 | 234 | subjectKeyIdentifier=hash 235 | 236 | authorityKeyIdentifier=keyid:always,issuer:always 237 | 238 | # This is what PKIX recommends but some broken software chokes on critical 239 | # extensions. 240 | #basicConstraints = critical,CA:true 241 | # So we do this instead. 242 | basicConstraints = CA:true 243 | 244 | # Key usage: this is typical for a CA certificate. However since it will 245 | # prevent it being used as an test self-signed certificate it is best 246 | # left out by default. 247 | # keyUsage = cRLSign, keyCertSign 248 | 249 | # Some might want this also 250 | # nsCertType = sslCA, emailCA 251 | 252 | # Include email address in subject alt name: another PKIX recommendation 253 | # subjectAltName=email:copy 254 | # Copy issuer details 255 | # issuerAltName=issuer:copy 256 | 257 | # DER hex encoding of an extension: beware experts only! 258 | # obj=DER:02:03 259 | # Where 'obj' is a standard or added object 260 | # You can even override a supported extension: 261 | # basicConstraints= critical, DER:30:03:01:01:FF 262 | 263 | [ crl_ext ] 264 | 265 | # CRL extensions. 266 | # Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. 267 | 268 | # issuerAltName=issuer:copy 269 | authorityKeyIdentifier=keyid:always,issuer:always 270 | 271 | [ engine_section ] 272 | # 273 | # If you are using PKCS#11 274 | # Install engine_pkcs11 of opensc (www.opensc.org) 275 | # And uncomment the following 276 | # verify that dynamic_path points to the correct location 277 | # 278 | #pkcs11 = pkcs11_section 279 | 280 | [ pkcs11_section ] 281 | engine_id = pkcs11 282 | dynamic_path = /usr/lib/engines/engine_pkcs11.so 283 | #MODULE_PATH = $ENV::PKCS11_MODULE_PATH 284 | #PIN = $ENV::PKCS11_PIN 285 | init = 0 286 | -------------------------------------------------------------------------------- /openvpn/listvpn.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | ($listvpn,$list_static_vpn) = &ReadVPN(); 15 | 16 | $listca = &ReadCAtoList(); 17 | 18 | # intestazione pagina 19 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 20 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 21 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 22 | 23 | print "
"; 24 | 25 | # start tabella 26 | print "\n"; 27 | # title row 28 | print ""; 29 | print "\n"; 30 | print "\n"; 31 | 32 | # th row 33 | print ""; 34 | if (keys %{$listvpn}) { 35 | print "\n"; 36 | print "\n"; 37 | print "\n"; 38 | print "\n"; 39 | print "\n"; 40 | print "\n"; 41 | print "\n"; 42 | print "\n"; 43 | print "\n"; 44 | print "\n"; 45 | print "\n"; 46 | } else { 47 | print "\n"; 48 | } 49 | print "\n"; 50 | # rows 51 | foreach $key (sort keys %{$listvpn}) { 52 | print "\n"; 53 | if ($$listvpn{$key}{VPN_ACTION} == 1) { 54 | print "\n"; 55 | } else { 56 | print "\n"; 57 | } 58 | if ($$listvpn{$key}{management}) { 59 | print "\n"; 60 | } else { 61 | print "\n"; 62 | } 63 | foreach $k (qw/CA_NAME proto port local/) { 64 | if ($$listvpn{$key}{$k}) { 65 | print "\n"; 66 | } else { 67 | if ($k eq "local") { 68 | print "\n"; 69 | } else { 70 | print "\n"; 71 | } 72 | } 73 | } 74 | print "\n"; 75 | print "\n"; 76 | # attivo 77 | if ($$listvpn{$key}{VPN_STATUS} == 1) { 78 | print "\n"; 79 | # inattivo 80 | } else { 81 | print "\n"; 82 | } 83 | if ($$listvpn{$key}{VPN_ACTION} == 0) { 84 | print "\n"; 85 | } else { 86 | print "\n"; 87 | } 88 | # vpn attiva 89 | if ($$listvpn{$key}{VPN_ACTION} == 1) { 90 | print "\n"; 91 | # vpn non attiva 92 | } else { 93 | if ($$listvpn{$key}{VPN_STATUS} == 0) { 94 | print "\n"; 95 | } else { 96 | print "\n"; 97 | } 98 | } 99 | print "\n"; 100 | } 101 | # stop tabella 102 | print "
".$text{'list_server_vpn'}.":
".$text{'name'}."".$text{'h_management'}."".$text{'h_ca'}."".$text{'h_protocol'}."".$text{'h_port'}."".$text{'h_local'}."".$text{'logs'}."".$text{'clientlist'}."".$text{'h_status'}."".$text{'remove'}."".$text{'action'}."".$text{'list_vpn_empty'}."
".$$listvpn{$key}{VPN_NAME}."".$$listvpn{$key}{VPN_NAME}."".$$listvpn{$key}{management}." ".$$listvpn{$key}{$k}."ALL ".$text{'log'}."".$text{'clientlist'}."".$text{'disable'}."".$text{'enable'}."".$text{'remove'}." ".$text{'stop'}." ".$text{'start'}."
\n"; 103 | print "
"; 104 | print "
\n"; 105 | 106 | if (@$listca) { 107 | print &ui_form_start("new_vpn.cgi"); 108 | print "".$text{'ca'}.': '.&ui_select('ca', '', $listca).$text{'newvpn_server_titlemsg'}; 109 | print &ui_form_end([ [ undef, $text{'newvpn_server_title'} ] ]); 110 | } else { 111 | print &ui_buttons_start(); 112 | print &ui_buttons_row("/openvpn/",$text{'newca_title'},$text{'newvpn_server_title_nocamsg'}); 113 | print &ui_buttons_end(); 114 | } 115 | 116 | print "
\n"; 117 | print "
"; 118 | 119 | # start tabella 120 | print "\n"; 121 | # title row 122 | print ""; 123 | print "\n"; 124 | print "\n"; 125 | 126 | # th row 127 | print ""; 128 | if (keys %{$list_static_vpn}) { 129 | print "\n"; 130 | print "\n"; 131 | print "\n"; 132 | print "\n"; 133 | print "\n"; 134 | print "\n"; 135 | print "\n"; 136 | print "\n"; 137 | print "\n"; 138 | print "\n"; 139 | } else { 140 | print "\n"; 141 | } 142 | print "\n"; 143 | # rows 144 | foreach $key (sort keys %{$list_static_vpn}) { 145 | print "\n"; 146 | if ($$list_static_vpn{$key}{VPN_ACTION} == 1) { 147 | print "\n"; 148 | } else { 149 | print "\n"; 150 | } 151 | if ($$list_static_vpn{$key}{management}) { 152 | print "\n"; 153 | } else { 154 | print "\n"; 155 | } 156 | foreach $k (qw/proto port ifconfig/) { 157 | if ($$list_static_vpn{$key}{$k}) { 158 | print "\n"; 159 | } else { 160 | print "\n"; 161 | } 162 | } 163 | print "\n"; 164 | print "\n"; 165 | # attivo 166 | if ($$list_static_vpn{$key}{VPN_STATUS} == 1) { 167 | print "\n"; 168 | # inattivo 169 | } else { 170 | print "\n"; 171 | } 172 | if ($$list_static_vpn{$key}{VPN_ACTION} == 0) { 173 | print "\n"; 174 | } else { 175 | print "\n"; 176 | } 177 | # vpn attiva 178 | if ($$list_static_vpn{$key}{VPN_ACTION} == 1) { 179 | print "\n"; 180 | # vpn non attiva 181 | } else { 182 | if ($$list_static_vpn{$key}{VPN_STATUS} == 0) { 183 | print "\n"; 184 | } else { 185 | print "\n"; 186 | } 187 | } 188 | print "\n"; 189 | } 190 | # stop tabella 191 | print "
".$text{'list_static_server_vpn'}."
".$text{'name'}."".$text{'h_management'}."".$text{'h_protocol'}."".$text{'h_port'}."".$text{'h_ifconfig'}."".$text{'logs'}."".$text{'h_client'}."".$text{'h_status'}."".$text{'remove'}."".$text{'action'}."".$text{'list_vpn_empty'}."
".$$list_static_vpn{$key}{VPN_NAME}."".$$list_static_vpn{$key}{VPN_NAME}."".$$list_static_vpn{$key}{management}." ".$$list_static_vpn{$key}{$k}." ".$text{'log'}."".$text{'export'}."".$text{'disable'}."".$text{'enable'}."".$text{'remove'}." ".$text{'stop'}." ".$text{'start'}."
\n"; 192 | 193 | print "
"; 194 | print "
\n"; 195 | 196 | print &ui_buttons_start(); 197 | print &ui_buttons_row("new_static_vpn.cgi",$text{'newvpn_static_server_title'},$text{'newvpn_static_servermsg'}." ".$in{'vpn'}); 198 | print &ui_buttons_end(); 199 | 200 | #print "\n"; 201 | #print "\n"; 202 | #print "\n"; 203 | #print "\n"; 204 | #print "
".$text{'newvpn_static_servermsg'}." ".$in{'vpn'}."
\n"; 205 | 206 | print "
\n"; 207 | print "
"; 208 | 209 | #footer della pagina 210 | &footer("", $text{'title_opnvpn'}); 211 | -------------------------------------------------------------------------------- /openvpn/modify_static_vpn.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | require './openvpn-lib.pl'; 13 | 14 | # legge parametri da form o da url e li inserisce in hash $in 15 | &ReadParse(); 16 | 17 | &ReadStaticVPNConf(); 18 | 19 | $a_verb = []; 20 | for ($i=1;$i<=15;$i++) { push(@$a_verb,[$i,$i]); } 21 | 22 | $a_mute = [ [ 0, $text{'unassigned'} ] ]; 23 | for ($i=10;$i<=50;$i=$i+10) { push(@$a_mute,[$i,$i]); } 24 | 25 | &foreign_require("useradmin", "user-lib.pl"); 26 | 27 | # utenti di sistema 28 | $a_user = []; 29 | @users = &useradmin::list_users(); 30 | @users = &useradmin::sort_users(\@users, 1); 31 | foreach $us (@users) { 32 | push @$a_user,[$$us{'user'},$$us{'user'}]; 33 | } 34 | 35 | # gruppi di sistema 36 | $a_group = []; 37 | @groups = &useradmin::list_groups(); 38 | @groups = &useradmin::sort_groups(\@groups, 1); 39 | foreach $us (@groups) { 40 | push @$a_group,[$$us{'group'},$$us{'group'}]; 41 | } 42 | 43 | # intestazione pagina 44 | &ui_print_header(undef, $text{'title_opnvpn'}, "", "intro", 1, 1, undef, 45 | &help_search_link("openvpn", "man", "doc", "google")."".$text{'title_opnvpn'}."", 46 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 47 | 48 | # form per nuova VPN 49 | print &ui_form_start("create_static_vpn.cgi", "POST"); 50 | print &ui_hidden('modify',1); 51 | print &ui_hidden('management_url','127.0.0.1'); 52 | print &ui_hidden('VPN_NAME',$in{'vpn'}); 53 | print &ui_hidden('vpn_port',$in{'vpn_port'}); 54 | print &ui_table_start($text{'modifyvpn_static_title'}); 55 | # th row 56 | print "\n"; 57 | print &ui_table_start(); 58 | print ""; 59 | print " \n"; 60 | print "".$text{'server'}."\n"; 61 | print "".$text{'client'}."\n"; 62 | print "\n"; 63 | print ""; 64 | print "".$text{'name'}."\n"; 65 | print "".$in{'vpn'}."\n"; 66 | print " \n"; 67 | print "\n"; 68 | print ""; 69 | print "".$text{'port'}."\n"; 70 | print "".$in{'vpn_port'}."\n"; 71 | print "".&ui_textbox('client_port',$in{'client_port'},35)."\n"; 72 | print "\n"; 73 | print ""; 74 | print "".$text{'protocol'}."\n"; 75 | print "".&ui_select('vpn_proto', $in{'vpn_proto'}, [ ['udp','udp'],['tcp-server','tcp-server'],['tcp-client','tcp-client'] ])."\n"; 76 | print "".$text{'automatic'}."\n"; 77 | print "\n"; 78 | print ""; 79 | print "".$text{'dev'}."\n"; 80 | print "".&ui_select('vpn_dev', $in{'vpn_dev'}, [ ['tun','tun'] ])."\n"; 81 | print "".$text{'automatic'}."\n"; 82 | print "\n"; 83 | print ""; 84 | print "".$text{'ifconfig'}."\n"; 85 | print "".$text{'from'}.':'.&ui_textbox('vpn_ifconfig_from',$in{'vpn_ifconfig_from'},15)." ".$text{'to'}.':'.&ui_textbox('vpn_ifconfig_to',$in{'vpn_ifconfig_to'},15)."\n"; 86 | print "".$text{'automatic'}."\n"; 87 | print "\n"; 88 | print ""; 89 | print "".$text{'comp-lzo'}."\n"; 90 | print "".&ui_select('vpn_comp-lzo', $in{'vpn_comp-lzo'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])."\n"; 91 | print "".$text{'automatic'}."\n"; 92 | print "\n"; 93 | print ""; 94 | print "".$text{'remote'}."\n"; 95 | print "".$text{'h_url'}.' '.&ui_textbox('vpn_remote_url',$in{'vpn_remote_url'},15).' '.$text{'h_port'}.': '.&ui_textbox('vpn_remote_port',$in{'vpn_remote_port'},5)."\n"; 96 | print "".$text{'h_url'}.' '.&ui_textbox('client_remote_url',$in{'client_remote_url'},15).' '.$text{'h_port'}.': '.&ui_textbox('client_remote_port',$in{'client_remote_port'},5)."\n"; 97 | print "\n"; 98 | print ""; 99 | print "".$text{'client-nat'}."\n"; 100 | print "".&ui_select('client-nat', $in{'client-nat'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])."\n"; 101 | print " \n"; 102 | print "\n"; 103 | print ""; 104 | print "".$text{'management'}."\n"; 105 | print "".$text{'management_enable'}.': '.&ui_select('management', $in{'management'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ]).' '.$text{'management_url'}.': 127.0.0.1 '.$text{'management_port'}.': '.&ui_textbox('management_port',$in{'management_port'},5)."\n"; 106 | print " \n"; 107 | print "\n"; 108 | print ""; 109 | print "".$text{'user'}."\n"; 110 | print "".&ui_select('vpn_user', $in{'vpn_user'}, $a_user)."\n"; 111 | print "".$text{'automatic'}."\n"; 112 | print "\n"; 113 | print ""; 114 | print "".$text{'group'}."\n"; 115 | print "".&ui_select('vpn_group', $in{'vpn_group'}, $a_group)."\n"; 116 | print "".$text{'automatic'}."\n"; 117 | print "\n"; 118 | print ""; 119 | print "".$text{'persist-key'}."\n"; 120 | print "".&ui_select('vpn_persist-key', $in{'vpn_persist-key'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])."\n"; 121 | print "".$text{'automatic'}."\n"; 122 | print "\n"; 123 | print ""; 124 | print "".$text{'persist-tun'}."\n"; 125 | print "".&ui_select('vpn_persist-tun', $in{'vpn_persist-tun'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])."\n"; 126 | print "".$text{'automatic'}."\n"; 127 | print "\n"; 128 | print ""; 129 | print "".$text{'keepalive'}."\n"; 130 | print "".$text{'keepalive_ping'}.': '.&ui_textbox('vpn_keepalive_ping',$in{'vpn_keepalive_ping'},3)." ".$text{'keepalive_ping-restart'}.': '.&ui_textbox('vpn_keepalive_ping-restart',$in{'vpn_keepalive_ping-restart'},3)."\n"; 131 | print "".$text{'automatic'}."\n"; 132 | print "\n"; 133 | print ""; 134 | print "".$text{'verb'}."\n"; 135 | print "".&ui_select('vpn_verb', $in{'vpn_verb'}, $a_verb)."\n"; 136 | print "".&ui_select('client_verb', $in{'client_verb'}, $a_verb)."\n"; 137 | print "\n"; 138 | print ""; 139 | print "".$text{'mute'}."\n"; 140 | print "".&ui_select('vpn_mute', $in{'vpn_mute'}, $a_mute)."\n"; 141 | print "".&ui_select('client_mute', $in{'client_mute'}, $a_mute)."\n"; 142 | print "\n"; 143 | print ""; 144 | print "".$text{'status'}."\n"; 145 | print "".'openvpn-status.log'."\n"; 146 | print " \n"; 147 | print "\n"; 148 | print ""; 149 | print "".$text{'log-append'}."\n"; 150 | print "".'openvpn.log'."\n"; 151 | print " \n"; 152 | print "\n"; 153 | print ""; 154 | print "".$text{'adds_conf'}."\n"; 155 | print "".&ui_textarea('vpn_adds_conf', $in{'vpn_adds_conf'}, 5, 35, 'off')."\n"; 156 | print "".&ui_textarea('client_adds_conf', $in{'client_adds_conf'}, 5, 35, 'off')."\n"; 157 | print "\n"; 158 | print ""; 159 | print "".$text{'topology'}."\n"; 160 | print "".&ui_select('topology', $in{'topology'}, [ ['subnet','subnet'],['net30','net30'],['p2p','p2p'] ])."\n"; 161 | print "".$text{'automatic'}."\n"; 162 | print "\n"; 163 | 164 | 165 | 166 | print &ui_table_end(); 167 | print &ui_table_start($text{'commands'}); 168 | print "\n"; 169 | print &ui_table_start(); 170 | # th row 171 | print ""; 172 | print " \n"; 173 | print "".$text{'server'}."\n"; 174 | print "".$text{'client'}."\n"; 175 | print "\n"; 176 | print ""; 177 | print "".$text{'up'}."\n"; 178 | print "".&ui_textarea('vpn_up', $in{'vpn_up'}, 5, 35, 'off')."\n"; 179 | print "".&ui_textarea('client_up', $in{'client_up'}, 5, 35, 'off')."\n"; 180 | print "\n"; 181 | print ""; 182 | print "".$text{'down'}."\n"; 183 | print "".&ui_textarea('vpn_down', $in{'vpn_down'}, 5, 35, 'off')."\n"; 184 | print "".&ui_textarea('client_down', $in{'client_down'}, 5, 35, 'off')."\n"; 185 | print "\n"; 186 | print ""; 187 | print "" . $text{'statickey'} . "\n"; 188 | print "".&ui_textarea('static_key', $in{'static_key'}, 20, 35, 'off')."\n"; 189 | print " \n"; 190 | print "\n"; 191 | print &ui_table_end(); 192 | print &ui_form_end([ [ "save", $text{'save'} ] ]); 193 | 194 | print "

"; 195 | 196 | #footer della pagina 197 | &footer("listvpn.cgi", $text{'listserver_title'}); 198 | -------------------------------------------------------------------------------- /openvpn/ChangeLog: -------------------------------------------------------------------------------- 1 | 2021-01-26 16:19 a-schild 2 | 3 | Added option to export client config to a single .ovpn including the certificates 4 | Added auth-nocache option 5 | Modified cipher detection to work with v1.0.x openssl 6 | Merged old patches 7 | Version changed to 3.2 8 | 9 | 2017-07-04 11:35:43 marco (r19) 10 | 11 | Ultimi doc per rilascio versione 3.1 12 | 13 | 2017-07-03 12:18:47 marco (r18) 14 | 15 | Aggiunto parametro topology in creazione server VPN 16 | 17 | 2017-07-03 11:54:49 marco (r17) 18 | 19 | Modificati in configurazione start_cmd, stop_cmd e status_cmd come suggerito da Falco Vennedey 20 | 21 | 2017-07-03 11:14:20 marco (r16) 22 | 23 | Modifiche per versione 3.1 24 | 25 | 2017-03-01 15:39:29 marco (r15) 26 | 27 | Modifiche per osservazioni di Fulvio Fusco 28 | 29 | 2017-02-28 15:38:26 marco (r14) 30 | 31 | Modifiche a seguito di feedback circa l'utilizzo di server VPN bridge da parte di Fulvio Fusco. 32 | 33 | 2017-02-23 16:36:57 marco (r12) 34 | 35 | Ultimi test e modifiche per versione 3.0 compatibile con debian8 36 | 37 | 2015-03-17 16:49:57 marco (r11) 38 | 39 | Sistemati files di supporto per nuova versione 2.8 40 | 41 | 2015-03-17 16:38:58 marco (r10) 42 | 43 | Nuova versione del file openvpn-ssl.cnf 44 | 45 | 2015-03-17 16:38:00 marco (r9) 46 | 47 | Rimossa possibilita' di creazione chiavi e ca a 1024 bit. 48 | 49 | 2015-03-17 16:36:18 marco (r8) 50 | 51 | Modifica lettura di parametro expired di ca in modo che funzioni sia se la data e' indicata con anno in 4 cifre (come suggerito da Florian Lagg | IT-Valentin.at) che se la data e' indicata con anno in 2 cifre (come era da noi). 52 | 53 | 2014-10-06 17:39:55 marco (r7) 54 | 55 | Correzione definizione di parametro proto in creazione file di configurazione di VPN nel caso di proto TCP (come suggerito da Alexander Predeschly). 56 | 57 | 2014-10-06 17:17:16 marco (r6) 58 | 59 | Modifica a funzione is_openvpn_running per diverso funzionamento di find_byname da webmin 1.380 in poi (segnalazione di Roberto Resoli). 60 | 61 | 2014-10-06 17:02:19 marco (r5) 62 | 63 | Implementazione textarea static key ion VPN statica (patch di Olivier Beaudet) 64 | 65 | 2014-10-06 16:41:22 marco (r4) 66 | 67 | Modifica configurazione down_root_plugin per openvpn 2.3.3 (come suggerito da Percivaldi Daniele). 68 | 69 | 2014-10-06 16:36:01 marco (r3) 70 | 71 | Patch di Percivaldi Daniele x uso su Ubuntu. 72 | 73 | 2014-10-06 16:27:06 marco (r2) 74 | 75 | Patch di Pierpaolo Palazzo x uso su CentOS 76 | 77 | 2014-10-06 16:17:34 marco (r1) 78 | 79 | importing initial version 2.6 80 | 81 | 2007-06-05 10:53 marco 82 | 83 | * ChangeLog, HISTORY.EN, HISTORY.IT, VERSION: sistemata 84 | documentazione per versione 2.5 85 | 86 | 2007-06-05 10:33 marco 87 | 88 | * ChangeLog, HISTORY.EN, HISTORY.IT, VERSION, actions.cgi, 89 | config-*-linux, config-netbsd, config-openbsd, config.info, 90 | config.info.it, create_ca.cgi, create_client.cgi, create_key.cgi, 91 | create_static_vpn.cgi, create_vpn.cgi, index.cgi, 92 | modify_client.cgi, modify_static_vpn.cgi, modify_vpn.cgi, 93 | module.info, new_client.cgi, new_static_vpn.cgi, new_vpn.cgi, 94 | openvpn-lib.pl, br_scripts/bridge_start, lang/de, lang/en, 95 | lang/it, lang/us: Modifiche per nuova versione 2.5 96 | 97 | 2007-03-23 12:41 marco 98 | 99 | * ChangeLog, create_client.cgi, new_client.cgi: Sistemato baco su 100 | tcp-client in clients. 101 | 102 | 2006-12-01 18:02 marco 103 | 104 | * ChangeLog, HISTORY.EN, HISTORY.IT: sistemata documentazione per 105 | versione 2.0 106 | 107 | 2006-12-01 17:48 marco 108 | 109 | * CONTRIBUTORS, ChangeLog, HISTORY.EN, HISTORY.IT, create_vpn.cgi, 110 | lang/de, lang/en, lang/it, ovpn_plugin/openvpn-down-root.so: 111 | Rimozione file .so dipendente da versione di openvpn e 112 | sistemazione errori con traduzione in nuova patch 113 | 114 | 2006-12-01 11:47 marco 115 | 116 | * ChangeLog, HISTORY.IT, clientlist_vpn.cgi, 117 | remove_client_connected.cgi, lang/de, lang/en, lang/it: Per 118 | disconnettere un utente da connessioni attive rimuovo solamente 119 | il file ccd corrispondente invece che cancellare il client 120 | stesso. 121 | 122 | 2006-12-01 11:31 marco 123 | 124 | * CONTRIBUTORS, HISTORY.EN, HISTORY.IT, VERSION, 125 | clientlist_vpn.cgi, lang/de, lang/en, lang/it: Aggiunto link a 126 | clients di openvpn in schermata clientlist_vpn.cgi 127 | 128 | 2006-12-01 10:43 marco 129 | 130 | * ChangeLog, config, config-*-linux, config-freebsd, config.info, 131 | config.info.it, create_client.cgi, create_vpn.cgi, 132 | modify_vpn.cgi, new_client.cgi, new_vpn.cgi, openvpn-lib.pl, 133 | br_scripts/bridge_end, br_scripts/bridge_start, lang/de, lang/en, 134 | lang/it, ovpn_plugin/openvpn-down-root.so: Importazione patch per 135 | uso di bridge device fornita da H. Spaethe 136 | 137 | 2006-06-26 15:31 marco 138 | 139 | * create_client.cgi: Eliminata riga di chiamata a files .bat dalla 140 | configurazione del client.ovpn 141 | 142 | 2006-06-26 14:54 marco 143 | 144 | * create_client.cgi: Modificato comando in client.ovpn di 145 | up,down,... per eseguire i files .bat 146 | 147 | 2006-04-19 08:39 marco 148 | 149 | * config-freebsd: aggiunto file di configurazione per freebsd 150 | fornito da Gustavo Fukao 151 | 152 | 2006-03-30 11:18 marco 153 | 154 | * create_client.cgi: Rimosso controllo su nome client in creazione 155 | del client inutile perche' coincide con il nome della chiave 156 | 157 | 2006-03-21 11:17 marco 158 | 159 | * ChangeLog, HISTORY.EN, HISTORY.IT, VERSION: Sistemazione 160 | documentazione per nuova versione 1.04 161 | 162 | 2006-03-21 10:30 marco 163 | 164 | * create_key.cgi, openvpn-lib.pl, lang/de, lang/en, lang/it: 165 | Aggiunta possibilita di creazione chiave per client senza 166 | password 167 | 168 | 2006-03-15 08:47 marco 169 | 170 | * create_static_vpn.cgi, create_vpn.cgi, modify_static_vpn.cgi, 171 | modify_vpn.cgi, new_static_vpn.cgi, new_vpn.cgi: Modificato i 172 | valori di proto con protocollo tcp in tcp-server ed aggiunto 173 | tcp-client 174 | 175 | 2006-03-13 10:35 marco 176 | 177 | * ChangeLog, export_client.cgi: Aggiunta creazione file up e down 178 | .bat per windows (caratteri dos) all'esportazione del client. 179 | 180 | 2006-03-09 14:33 marco 181 | 182 | * ChangeLog, HISTORY.EN, HISTORY.IT, VERSION: Sistemazione 183 | documentazione per nuova versione 1.03 184 | 185 | 2006-03-09 09:48 marco 186 | 187 | * lang/: de, en: Aggiunta traduzione in tedesco, modificata 188 | traduzione in inglese 189 | 190 | 2006-02-24 11:37 marco 191 | 192 | * ChangeLog, VERSION: Sistemazione documentazione per nuova 193 | versione 1.02 194 | 195 | 2006-02-18 10:06 marco 196 | 197 | * actions_ta_key.cgi, create_vpn.cgi, export_client.cgi, 198 | keyslist_ca.cgi, modify_vpn.cgi, openvpn-lib.pl: Modificata la 199 | gestione della ta.key: non piu' una ta per ogni CA ma una ta.key 200 | per ogni vpn. Tolta creazione ed elminazione della ta.key dalla 201 | CA ed introduzione della creazione-eliminazione della stessa 202 | nella cartella del server. Modificata esportazione del client per 203 | prendere la ta.key dalla directory del server. 204 | 205 | 2006-02-17 18:57 marco 206 | 207 | * create_client.cgi, modify_client.cgi, new_client.cgi, 208 | openvpn-lib.pl, lang/en, lang/it: Aggiunta possibilita' di 209 | editare il file ccd nella modifica e creazione del client. 210 | 211 | 2006-02-17 17:01 marco 212 | 213 | * new_client.cgi, openvpn-lib.pl, remove_client.cgi, 214 | remove_client_connected.cgi: Effettuate modifiche per permettere 215 | di avere lo stesso client su 2 vpn diverse (ccd-exclusive): 216 | rimossa revoca chiave alla cancellazione del client; alla 217 | creazione del client permetto di utilizzare tutte le chiavi 218 | disponibili tranne quelle gia' utilizzate dai client di quel 219 | server. 220 | 221 | 2006-02-17 15:34 marco 222 | 223 | * ChangeLog, create_client.cgi, create_vpn.cgi, modify_client.cgi, 224 | modify_vpn.cgi, new_client.cgi, new_vpn.cgi, openvpn-lib.pl: 225 | Corretto baco in creazione ta.key che ricreava la ta.key anche se 226 | gia' esistente. Spostato parametro mssfix dopo fragment e tun-mtu 227 | sia in interfaccia che in file di configurazione di server e 228 | client 229 | 230 | 2006-01-23 14:53 marco 231 | 232 | * CHANGELOG, ChangeLog, HISTORY.EN, VERSION: Aggiunta 233 | documentazione revisioni 234 | 235 | 2006-01-23 14:39 marco 236 | 237 | * openvpn-lib.pl: Sistemazione lettura informazioni chiavi valide 238 | da file index.txt che non funzionava in assenza di alcuni campi 239 | 240 | 2006-01-20 13:44 marco 241 | 242 | * create_vpn.cgi: [no log message] 243 | 244 | 2006-01-20 10:01 marco 245 | 246 | * create_client.cgi, create_static_vpn.cgi, create_vpn.cgi, 247 | index.cgi: Sistemazione permessi dei files e directory con 248 | ccd-exclusive 249 | 250 | 2006-01-20 09:30 marco 251 | 252 | * create_vpn.cgi: sistemato problema di ccd-exclusive senza chroot: 253 | vuole il percorso completo 254 | 255 | 2006-01-18 11:55 marco 256 | 257 | * export_client.cgi: Sistemazioni problemi esportazione client 258 | 259 | 2006-01-18 11:49 marco 260 | 261 | * modify_client.cgi: [no log message] 262 | 263 | 2006-01-16 11:38 marco 264 | 265 | * openvpn-lib.pl: Sistemazioni di alcuni parametri relativi a 266 | exclude-ccd 267 | 268 | 2006-01-14 10:07 marco 269 | 270 | * create_static_vpn.cgi: Sistemazioni permessi di file .key in 271 | server statico 272 | 273 | 2006-01-14 09:58 marco 274 | 275 | * actions_ta_key.cgi, create_static_vpn.cgi, create_vpn.cgi: 276 | Modifica permessi ta.key per lettura da nobody 277 | 278 | 2006-01-14 09:52 marco 279 | 280 | * config, config-*-linux, index.cgi, openssl.cnf, openvpn-ssl.cnf: 281 | sistemazione path per file .cnf 282 | 283 | 2006-01-14 09:20 marco 284 | 285 | * create_vpn.cgi, openvpn-lib.pl: Aggiunta parametro 286 | client-config-dir automatico ma legato a ccd-exclusive 287 | 288 | 2006-01-13 17:54 marco 289 | 290 | * create_client.cgi, create_vpn.cgi, modify_vpn.cgi, new_vpn.cgi, 291 | openvpn-lib.pl, lang/en, lang/it: Aggiunta parametro 292 | ccd-exclusive automaticamente nei servers: il client creato su 293 | questo server potra' accedere solo a questo server anche se altri 294 | servers hanno la stessa CA. 295 | 296 | 2006-01-13 15:12 marco 297 | 298 | * clientlist_vpn.cgi, create_ca.cgi, create_client.cgi, 299 | create_key.cgi, create_static_vpn.cgi, create_vpn.cgi, index.cgi, 300 | keyslist_ca.cgi, listactiveconnect.cgi, listca.cgi, listvpn.cgi, 301 | log_vpn.cgi, modify_client.cgi, modify_static_vpn.cgi, 302 | modify_vpn.cgi, new_client.cgi, new_static_vpn.cgi, new_vpn.cgi, 303 | remove_ca.cgi, remove_client.cgi, remove_client_connected.cgi, 304 | remove_key.cgi, remove_static_vpn.cgi, remove_vpn.cgi, 305 | verify_ca.cgi, verify_key.cgi, view_ca.cgi, view_key.cgi: 306 | Aggiunto link a pagina principale di modulo openvpn in tutte le 307 | pagine 308 | 309 | 2006-01-12 10:36 marco 310 | 311 | * create_client.cgi, create_vpn.cgi, export_client.cgi, 312 | modify_client.cgi, modify_vpn.cgi, new_client.cgi, new_vpn.cgi, 313 | openvpn-lib.pl, lang/en, lang/it: soluzione vari problemi con i 314 | clients riguardanti la ta.key ed i parametri del client stesso 315 | 316 | 2006-01-11 17:43 marco 317 | 318 | * create_client.cgi, export_client.cgi, export_key.cgi: 319 | Sistemazione parametri di esportazione client 320 | 321 | 2006-01-03 16:36 marco 322 | 323 | * config, config-*-linux, index.cgi, lang/en, lang/it: Sistemate 324 | etichette e configurazione di openssl.cnf 325 | 326 | 2005-12-27 15:58 marco 327 | 328 | * AUTHORS, CHANGELOG, COPYING, action_vpn.cgi, actions.cgi, 329 | actions_ta_key.cgi, clientlist_vpn.cgi, create_ca.cgi, 330 | create_client.cgi, create_key.cgi, create_static_vpn.cgi, 331 | create_vpn.cgi, export_client.cgi, export_key.cgi, index.cgi, 332 | keyslist_ca.cgi, listactiveconnect.cgi, listca.cgi, listvpn.cgi, 333 | log_vpn.cgi, modify_client.cgi, modify_static_vpn.cgi, 334 | modify_vpn.cgi, new_client.cgi, new_static_vpn.cgi, new_vpn.cgi, 335 | openvpn-lib.pl, remove_ca.cgi, remove_client.cgi, 336 | remove_client_connected.cgi, remove_key.cgi, 337 | remove_static_vpn.cgi, remove_vpn.cgi, verify_ca.cgi, 338 | verify_key.cgi, view_ca.cgi, view_key.cgi: Sistemazione 339 | documentazione 340 | 341 | 2005-12-23 14:47 marco 342 | 343 | * action_vpn.cgi, actions.cgi, actions_ta_key.cgi, 344 | clientlist_vpn.cgi, config, config-*-linux, config.info, 345 | config.info.it, create_ca.cgi, create_client.cgi, create_key.cgi, 346 | create_static_vpn.cgi, create_vpn.cgi, export_client.cgi, 347 | export_key.cgi, index.cgi, keyslist_ca.cgi, 348 | listactiveconnect.cgi, listca.cgi, listvpn.cgi, log_vpn.cgi, 349 | modify_client.cgi, modify_static_vpn.cgi, modify_vpn.cgi, 350 | module.info, new_client.cgi, new_static_vpn.cgi, new_vpn.cgi, 351 | openssl.cnf, openvpn-lib.pl, remove_ca.cgi, remove_client.cgi, 352 | remove_client_connected.cgi, remove_key.cgi, 353 | remove_static_vpn.cgi, remove_vpn.cgi, verify_ca.cgi, 354 | verify_key.cgi, view_ca.cgi, view_key.cgi, help/ca.it.html, 355 | help/intro.en.html, help/intro.html, help/intro.it.html, 356 | help/monitor.it.html, help/openvpn.it.html, help/static.it.html, 357 | help/structure.it.html, images/icon.gif, 358 | images/listactiveconnect.gif, images/listca.gif, 359 | images/listvpn.gif, images/openvpn.gif, images/openvpn1.gif, 360 | lang/en, lang/it: Initial revision 361 | 362 | 2005-12-23 14:47 marco 363 | 364 | * action_vpn.cgi, actions.cgi, actions_ta_key.cgi, 365 | clientlist_vpn.cgi, config, config-*-linux, config.info, 366 | config.info.it, create_ca.cgi, create_client.cgi, create_key.cgi, 367 | create_static_vpn.cgi, create_vpn.cgi, export_client.cgi, 368 | export_key.cgi, index.cgi, keyslist_ca.cgi, 369 | listactiveconnect.cgi, listca.cgi, listvpn.cgi, log_vpn.cgi, 370 | modify_client.cgi, modify_static_vpn.cgi, modify_vpn.cgi, 371 | module.info, new_client.cgi, new_static_vpn.cgi, new_vpn.cgi, 372 | openssl.cnf, openvpn-lib.pl, remove_ca.cgi, remove_client.cgi, 373 | remove_client_connected.cgi, remove_key.cgi, 374 | remove_static_vpn.cgi, remove_vpn.cgi, verify_ca.cgi, 375 | verify_key.cgi, view_ca.cgi, view_key.cgi, help/ca.it.html, 376 | help/intro.en.html, help/intro.html, help/intro.it.html, 377 | help/monitor.it.html, help/openvpn.it.html, help/static.it.html, 378 | help/structure.it.html, images/icon.gif, 379 | images/listactiveconnect.gif, images/listca.gif, 380 | images/listvpn.gif, images/openvpn.gif, images/openvpn1.gif, 381 | lang/en, lang/it: initial revision 382 | 383 | -------------------------------------------------------------------------------- /openvpn/create_client.cgi: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | 3 | ######################################################################### 4 | # Autori: Marco Colombo (marco@openit.it) 5 | # Giuliano Natali Diaolin (diaolin@openit.it) 6 | # Copyright: Open It S.r.l. 7 | # Viale Dante, 78 8 | # 38057 Pergine Valsugana (TN) ITALY 9 | # Tel: +39 0461 534800 Fax: +39 0461 538443 10 | ############################################################################## 11 | 12 | use File::Copy; 13 | 14 | require './openvpn-lib.pl'; 15 | 16 | # legge parametri da form o da url e li inserisce in hash $in 17 | &ReadParse(); 18 | 19 | $error = ""; 20 | 21 | # Controlli parametri form 22 | if (!-d $config{'openvpn_home'}.'/'.$in{'ca_dir'} or !-s $config{'openvpn_home'}.'/'.$in{'ca_dir'}.'/ca.key' or !-s $config{'openvpn_home'}.'/'.$in{'ca_dir'}.'/ca.crt' or !-s $config{'openvpn_home'}.'/'.$in{'ca_dir'}.'/'.$in{'dh'}) { 23 | $error .= $text{'error_not_ca'}.'
'; 24 | } 25 | 26 | if (($in{'CLIENT_NAME'} !~ /^[a-zA-Z0-9_\-\.]{4,}$/) or ($in{'CLIENT_NAME'} =~ /\.{2,}/) or ($in{'CLIENT_NAME'} =~ /\.$/)){ 27 | $error .= $text{'error_client_notok'}.' $&
'; 28 | } elsif (-s $config{'openvpn_home'}.'/'.$in{'VPN_NAME'}.'.conf' and $in{'modify'} != 1) { 29 | $error .= $text{'error_client_exist'}.'
'; 30 | } 31 | 32 | if ($in{'remote_url'} !~ /\S/) { 33 | $error .= $text{'error_remote_url'}.'
'; 34 | } 35 | 36 | if ($in{'keepalive_ping'} and $in{'keepalive_ping-restart'}) { 37 | if ($in{'keepalive_ping'} =~ /\D/) { 38 | $error .= $text{'error_keepalive_ping'}.'
'; 39 | } 40 | if ($in{'keepalive_ping-restart'} =~ /\D/) { 41 | $error .= $text{'error_keepalive_ping-restart'}.'
'; 42 | } 43 | } 44 | 45 | if ($in{'adds_conf'}) { $in{'adds_conf'} =~ s/\r+//g; } 46 | 47 | foreach $k (qw/fragment mssfix tun-mtu/) { 48 | if ($in{$k} and ($in{$k} < 100 or $in{$k} > 1500)) { 49 | $error .= $k.': '.$text{'error_mtu'}.'
'; 50 | } 51 | } 52 | 53 | $in{'choose_client'} = $in{'CLIENT_NAME'}; 54 | 55 | if (-s $config{'openvpn_home'}.'/'.$in{'ca_dir'}.'/'.$in{'choose_client'}.'.key' and -s $config{'openvpn_home'}.'/'.$in{'ca_dir'}.'/'.$in{'choose_client'}.'.crt') { 56 | # composti da choose_server 57 | $in{'key'} = $in{'choose_client'}.'.key'; 58 | $in{'cert'} = $in{'choose_client'}.'.crt'; 59 | } else { 60 | $error .= $text{'error_choose_client'}.'
'; 61 | } 62 | 63 | if (!-d $config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}) { 64 | mkdir($config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'},0700); 65 | } 66 | if ($in{'modify'} != 1) { 67 | # rimuovo directory se esistente 68 | if (-d $config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'CLIENT_NAME'}) { 69 | &system_logged("rm -rf ".$config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'CLIENT_NAME'}." >/dev/null 2>&1 ".$config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'CLIENT_NAME'}.'/'.$in{'CLIENT_NAME'}.'.'.$k; 83 | print U $in{$k}; 84 | close U; 85 | chmod(0700,$config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'CLIENT_NAME'}.'/'.$in{'CLIENT_NAME'}.'.'.$k); 86 | } 87 | } 88 | 89 | %client_info = %in; 90 | %in = ( 'vpn' => $client_info{'vpn'}); 91 | &ReadVPNConf(); 92 | %server_info = %in; 93 | %in = %client_info; 94 | 95 | # rieseguo la schermata di new con i campi riempiti dai valori inseriti 96 | # ed il messaggio di errore 97 | if ($error) { 98 | 99 | if ($in{'modify'} != 1) { 100 | # rimuovo directory se esistente 101 | if (-d $config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'CLIENT_NAME'}) { 102 | &system_logged("rm -rf ".$config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'CLIENT_NAME'}." >/dev/null 2>&1 ".$text{'title_opnvpn'}."", 138 | undef, undef, &text('index_openvpn')." ".&text('version')." ".$config{'openvpn_version'}.", ".&text('index_openssl')." ".&text('version')." ".$config{'openssl_version'}); 139 | 140 | print "
"; 141 | print '

'.$error.'

'; 142 | print "
"; 143 | 144 | if ($in{'proto'} eq "tcp-server") { $in{'proto'} = "tcp-client"; } 145 | 146 | # form per nuova VPN 147 | print &ui_form_start("create_client.cgi", "POST"); 148 | print &ui_hidden('ca_dir',$config{'openvpn_keys_subdir'}.'/'.$$info_ca{'CA_NAME'}); 149 | print &ui_hidden('ca','ca.crt'); 150 | print &ui_hidden('ca_name',$$info_ca{'CA_NAME'}); 151 | print &ui_hidden('vpn',$in{'vpn'}); 152 | print &ui_hidden('tun-mtu',$in{'tun-mtu'}); 153 | print &ui_hidden('dev',$in{'dev'}); 154 | print &ui_hidden('mssfix',$in{'mssfix'}); 155 | print &ui_hidden('proto',$in{'proto'}); 156 | print &ui_hidden('remote_port',$in{'remote_port'}); 157 | print &ui_hidden('cipher',$in{'cipher'}); 158 | print &ui_hidden('modify',$in{'modify'}); 159 | print &ui_hidden('tls-auth',$server_info{'tls-auth'}); 160 | #print &ui_hidden('dev',$server_info{'dev'}); 161 | if ($in{'modify'} == 1) { 162 | print &ui_hidden('CLIENT_NAME',$in{'CLIENT_NAME'}); 163 | print &ui_table_start($text{'modifyclient_server_title'}.' '.$in{'vpn'},'',2); 164 | print &ui_table_row($text{'name'}, $in{'CLIENT_NAME'}); 165 | } else { 166 | print &ui_table_start($text{'new_client_title'}.' '.$in{'vpn'},'',2); 167 | print &ui_table_row($text{'name'}, &ui_select('CLIENT_NAME', $in{'CLIENT_NAME'}, $a_clients)); 168 | } 169 | print &ui_table_row($text{'protocol'}, $in{'proto'}); 170 | print &ui_table_row($text{'dev'}, $in{'dev'}); 171 | print &ui_table_row($text{'ca'}, $$info_ca{'CA_NAME'}); 172 | print &ui_table_row($text{'choose_client'}, $text{'automatic_name'}); 173 | print &ui_table_row($text{'cert_client'}, $text{'automatic'}); 174 | print &ui_table_row($text{'key_client'}, $text{'automatic'}); 175 | print &ui_table_row($text{'remote'}, $text{'remote_url'}.': '.&ui_textbox('remote_url',$in{'remote_url'},12).' '.$text{'remote_port'}.': '.$in{'remote_port'}); 176 | if ($server_info{'tls-auth'} == 1) { 177 | print &ui_table_row($text{'tls-auth'}, $text{'yes'}." ".$text{'automatic_server'}); 178 | } else { 179 | print &ui_table_row($text{'tls-auth'}, $text{'no'}." ".$text{'automatic_server'}); 180 | } 181 | print &ui_table_row($text{'cipher'}, $in{'cipher'}." ".$text{'automatic_server'}); 182 | print &ui_table_row($text{'comp-lzo'}, &ui_select('comp-lzo', $in{'comp-lzo'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 183 | print &ui_table_row($text{'user'}, &ui_select('user', $in{'user'}, $a_user)); 184 | print &ui_table_row($text{'group'}, &ui_select('group', $in{'group'}, $a_group)); 185 | print &ui_table_row($text{'persist-key'}, &ui_select('persist-key', $in{'persist-key'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 186 | print &ui_table_row($text{'persist-tun'}, &ui_select('persist-tun', $in{'persist-tun'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 187 | print &ui_table_row($text{'keepalive'}, $text{'keepalive_ping'}.': '.&ui_textbox('keepalive_ping',$in{'keepalive_ping'},3)." ".$text{'keepalive_ping-restart'}.': '.&ui_textbox('keepalive_ping-restart',$in{'keepalive_ping-restart'},3)); 188 | print &ui_table_row($text{'verb'}, &ui_select('verb', $in{'verb'}, $a_verb)); 189 | print &ui_table_row($text{'mute'}, &ui_select('mute', $in{'mute'}, $a_mute)); 190 | print &ui_table_row($text{'tun-mtu'}, $in{'tun-mtu'}." ".$text{'automatic_server'}); 191 | print &ui_table_row($text{'fragment'}, &ui_textbox('fragment',$in{'fragment'},4)); 192 | print &ui_table_row($text{'mssfix'}, $in{'mssfix'}." ".$text{'automatic_server'}); 193 | print &ui_table_row($text{'float'}, &ui_select('float', $in{'float'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 194 | print &ui_table_row($text{'auth-nocache'}, &ui_select('auth-nocache', $in{'auth-nocache'}, [ ['0',$text{'no'}],['1',$text{'yes'} ] ])); 195 | print &ui_table_row($text{'adds_conf'}, &ui_textarea('adds_conf', $in{'adds_conf'}, 5, 45, 'off')); 196 | print &ui_table_end(); 197 | print &ui_table_start($text{'commands'},'',2); 198 | print &ui_table_row($text{'up-pre'}, &ui_textarea('up-pre', $in{'up-pre'}, 3, 45, 'off')); 199 | print &ui_table_row($text{'up'}, &ui_textarea('up', $in{'up'}, 3, 45, 'off')); 200 | print &ui_table_row($text{'down-pre'}, &ui_textarea('down-pre', $in{'down-pre'}, 3, 45, 'off')); 201 | print &ui_table_row($text{'down'}, &ui_textarea('down', $in{'down'}, 3, 45, 'off')); 202 | print &ui_table_end(); 203 | print &ui_table_start($text{'ccdfile'},'',2); 204 | print &ui_table_row($text{'ccdfile-content'}, &ui_textarea('ccdfile', '', 3, 45, 'off')); 205 | print &ui_table_end(); 206 | print &ui_form_end([ [ "save", $text{'save'} ] ]); 207 | 208 | print "

"; 209 | 210 | #footer della pagina 211 | &footer("clientlist_vpn.cgi?vpn=".$in{'vpn'}, $text{'list_client_vpn'}." ".$in{'vpn'}); 212 | 213 | } else { 214 | 215 | # crea il file ta.key per la CA, se non esiste 216 | if ($in{'tls-auth'} == 1) { 217 | $in{'tls-auth'} = 'ta.key 1'; 218 | } else { 219 | delete($in{'tls-auth'}); 220 | } 221 | 222 | $in{'remote'} = $in{'remote_url'}.' '.$in{'remote_port'}; 223 | 224 | if ($in{'modify'} == 1) { 225 | if (-s $config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'CLIENT_NAME'}.'/'.$in{'CLIENT_NAME'}.'.conf') { 226 | $namefile = $config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'CLIENT_NAME'}.'/'.$in{'CLIENT_NAME'}.'.conf'; 227 | } elsif (-s $config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'CLIENT_NAME'}.'/'.$in{'CLIENT_NAME'}.'.disabled') { 228 | $namefile = $config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'CLIENT_NAME'}.'/'.$in{'CLIENT_NAME'}.'.disabled'; 229 | } 230 | open OUT, ">".$namefile; 231 | open CCD,">".$config{'openvpn_home'}.'/'.$config{'openvpn_servers_subdir'}.'/'.$in{'vpn'}.'/ccd/'.$in{'CLIENT_NAME'}; 232 | print CCD $in{'ccdfile'}; 233 | close CCD; 234 | } else { 235 | open CCD,">".$config{'openvpn_home'}.'/'.$config{'openvpn_servers_subdir'}.'/'.$in{'vpn'}.'/ccd/'.$in{'CLIENT_NAME'}; 236 | print CCD $in{'ccdfile'}; 237 | close CCD; 238 | chmod(0644,$config{'openvpn_home'}.'/'.$config{'openvpn_servers_subdir'}.'/'.$in{'vpn'}.'/ccd/'.$in{'CLIENT_NAME'}); 239 | # scrivo file di configurazione client 240 | open OUT,">".$config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'CLIENT_NAME'}.'/'.$in{'CLIENT_NAME'}.".conf"; 241 | } 242 | open WCLI,">".$config{'openvpn_home'}.'/'.$config{'openvpn_clients_subdir'}.'/'.$in{'vpn'}.'/'.$in{'CLIENT_NAME'}.'/'.$in{'CLIENT_NAME'}.".ovpn"; 243 | 244 | print OUT "client\n"; 245 | print WCLI "client\r\n"; 246 | 247 | if($in{proto} eq "tcp-server" or $in{proto} eq "tcp-client") { 248 | print OUT "proto tcp\n"; 249 | print WCLI "proto tcp\r\n"; 250 | } else { 251 | print OUT "proto".' '.$in{proto}."\n"; 252 | print WCLI "proto".' '.$in{proto}."\r\n"; 253 | } 254 | 255 | foreach $k (qw/dev ca cert key remote/) { 256 | print OUT $k.' '.$in{$k}."\n"; 257 | print WCLI $k.' '.$in{$k}."\r\n"; 258 | } 259 | 260 | foreach $k (qw/tls-auth cipher user group verb mute/) { 261 | if (exists($in{$k})) { 262 | print OUT $k.' '.$in{$k}."\n"; 263 | if ($k ne "user" and $k ne "group") { print WCLI $k.' '.$in{$k}."\r\n"; } 264 | } 265 | } 266 | 267 | foreach $k (qw/tun-mtu fragment mssfix/) { 268 | if ($in{$k} and exists($in{$k})) { 269 | print OUT $k.' '.$in{$k}."\n"; 270 | print WCLI $k.' '.$in{$k}."\r\n"; 271 | } 272 | } 273 | 274 | if ($in{'keepalive_ping'} and $in{'keepalive_ping-restart'}) { 275 | print OUT 'keepalive '.$in{'keepalive_ping'}.' '.$in{'keepalive_ping-restart'}."\n"; 276 | print WCLI 'keepalive '.$in{'keepalive_ping'}.' '.$in{'keepalive_ping-restart'}."\r\n"; 277 | } 278 | 279 | # se 1 allora scrivo solo la chiave altrimenti non la scrivo 280 | foreach $k (qw/comp-lzo persist-key persist-tun float auth-nocache/) { 281 | if ($in{$k} == 1) { 282 | print OUT $k."\n"; 283 | print WCLI $k."\r\n"; 284 | } 285 | } 286 | 287 | 288 | print OUT "resolv-retry infinite\n"; 289 | print WCLI "resolv-retry infinite\r\n"; 290 | 291 | print OUT "nobind\n"; 292 | print WCLI "nobind\r\n"; 293 | 294 | # chiavi per comandi attivazione/disattivazione 295 | foreach $k (qw/up down up-pre down-pre/) { 296 | if ($in{$k}) { 297 | print OUT $k.' '.$in{'CLIENT_NAME'}.'.'.$k."\n"; 298 | print WCLI $k.' '.$in{'CLIENT_NAME'}.'.'.$k."\r\n"; 299 | } 300 | } 301 | 302 | if ($in{'adds_conf'}) { 303 | print OUT $in{'adds_conf'}."\n"; 304 | print WCLI $in{'adds_conf'}."\r\n"; 305 | } 306 | 307 | close OUT; 308 | close WCLI; 309 | 310 | &redirect("clientlist_vpn.cgi?vpn=".$in{'vpn'}); 311 | } 312 | --------------------------------------------------------------------------------