initial deploy

This commit is contained in:
Darryl Quinn 2015-04-01 10:42:53 -05:00
parent a73e459263
commit 32600d5467
9 changed files with 1620 additions and 1 deletions

View File

@ -0,0 +1,21 @@
#!/bin/sh
# Handles setting up rules for tunnel interfaces
#echo "Interface is $INTERFACE $ACTION" >> /tmp/vtundscript.log
ISVPN=false
case "$INTERFACE" in
vpn*)
ISVPN=true;
;;
esac
if [ "$ISVPN" = true ]; then
INTF=tun${INTERFACE:3}
if [ $ACTION = "ifup" ] ; then
/usr/local/bin/vtun_up $INTF up
# echo "$INTF up" >> /tmp/vtundscript.log
elif [ $ACTION = "ifdown" ] ; then
/usr/local/bin/vtun_up $INTF down
# echo "$INTF down" >> /tmp/vtundscript.log
fi
fi

138
files/etc/init.d/vtund Executable file
View File

@ -0,0 +1,138 @@
#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2011 OpenWrt.org
START=84
STOP=85
CLIENT_CONF=/etc/vtund.conf
# Starting tun interface is tun50
TUNNUM=60
MAXTUNNUM=69
######### UTILITY FUNCTIONS ###########
# return the number of "type" sections
uci_type_count() {
local t="$1"
local rc="$2"
local count=`uci show vtun|egrep "@$t\[.\]=$t"|wc -l`
eval "$rc=$count"
}
######### UTILITY FUNCTIONS END ###########
options_config() {
local cfg="$1"
local new_file="$2"
local port timeout syslog ppp ifconfig route firewall ip
config_get port "$cfg" port "5525"
config_get timeout "$cfg" timeout "60"
config_get syslog "$cfg" syslog "daemon"
config_get ppp "$cfg" ppp "/usr/sbin/pppd"
config_get ifconfig "$cfg" ifconfig "/sbin/ifconfig"
config_get route "$cfg" route "/sbin/route"
config_get firewall "$cfg" firewall "/usr/sbin/iptables"
config_get ip "$cfg" ip "/sbin/ip"
echo "options {" >> $new_file
echo " port $port;" >> $new_file
echo " timeout $timeout;" >> $new_file
echo " syslog $syslog;" >> $new_file
echo " ppp $ppp;" >> $new_file
echo " ifconfig $ifconfig;" >> $new_file
echo " route $route;" >> $new_file
echo " firewall $firewall;" >> $new_file
echo " ip $ip;" >> $new_file
echo "}" >> $new_file
echo " " >> $new_file
}
# CONNECT THIS CLIENT TO A SERVER
to_server_config() {
local cfg="$1"
local new_file="$2"
local enabled host pwd net node netip clientip serverip
if [ $TUNNUM -lt $MAXTUNNUM ]
then
config_get_bool enabled "$cfg" enabled
config_get node "$cfg" node
config_get host "$cfg" host
config_get passwd "$cfg" passwd
config_get netip "$cfg" netip
config_get clientip "$cfg" clientip
config_get serverip "$cfg" serverip
if [ $enabled -eq 1 ]
then
echo "$node {" >> $new_file
echo " passwd $passwd;" >> $new_file
echo " device tun${TUNNUM};" >> $new_file
echo " up {" >> $new_file
echo -e " ifconfig \"%% ${clientip} netmask 255.255.255.252 pointopoint ${serverip} mtu 1450\";" >> $new_file
echo -e " route \"add -net ${netip}/30 gw ${serverip}\";" >> $new_file
echo " };" >> $new_file
echo " down {" >> $new_file
echo " };" >> $new_file
echo "}" >> $new_file
echo " " >> $new_file
TUNNUM=$(( TUNNUM + 1 ))
fi
else
echo "## TOO MANY TUNNEL CONNECTIONS (${TUNNUM}) ##" >> $new_file
fi
}
start_clients() {
local cfg="$1"
local new_file="$2"
local enabled host pwd net node netip clientip serverip
config_get_bool enabled "$cfg" enabled
if [ $enabled -eq 1 ]
then
config_get node "$cfg" node
config_get host "$cfg" host
/usr/sbin/vtund -p -f $CLIENT_CONF ${node} $host
fi
}
apply_uci_config() {
sh -c '. /lib/functions.sh; include /lib/config; uci_apply_defaults'
}
start() {
# only if vtun is installed
if [[ -x "/usr/sbin/vtund" ]]
then
apply_uci_config
config_load vtun
# Remove the current vtun config file
rm -f $CLIENT_CONF
# config_foreach network_config network
config_foreach options_config options "$CLIENT_CONF"
config_foreach to_server_config server "$CLIENT_CONF"
# STARTUP CLIENT TO SERVER CONNECTIONS
config_foreach start_clients server "$CLIENT_CONF"
fi
}
stop() {
# only if vtun is installed
if [[ -x "/usr/sbin/vtund" ]]
then
# find all the vtund CLIENT processess...
#for x in `ps -w|grep -F 'vtund[c]:'|grep -v grep|tr -s ' '|cut -d' ' -f2`
#do
# s=`echo $s $x`
#done
#kill $s
killall vtund
fi
}

118
files/etc/init.d/vtundsrv Executable file
View File

@ -0,0 +1,118 @@
#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2011 OpenWrt.org
START=82
STOP=83
SERVER_CONF=/var/etc/vtundsrv.conf
# Starting tun interface is tun50
TUNNUM=50
MAXTUNNUM=59
network_config() {
local cfg="$1"
local start def_net
# generate the default net
def_net='172.31.1.1'
config_get start "$cfg" start $def_net
echo "NETWORK: $start" >> /tmp/vtuntest.log
}
options_config() {
local cfg="$1"
local new_file="$2"
local port timeout syslog ppp ifconfig route firewall ip
config_get port "$cfg" port "5525"
config_get timeout "$cfg" timeout "60"
config_get syslog "$cfg" syslog "daemon"
config_get ppp "$cfg" ppp "/usr/sbin/pppd"
config_get ifconfig "$cfg" ifconfig "/sbin/ifconfig"
config_get route "$cfg" route "/sbin/route"
config_get firewall "$cfg" firewall "/usr/sbin/iptables"
config_get ip "$cfg" ip "/sbin/ip"
echo "options {" >> $new_file
echo " port $port;" >> $new_file
echo " timeout $timeout;" >> $new_file
echo " syslog $syslog;" >> $new_file
echo " ppp $ppp;" >> $new_file
echo " ifconfig $ifconfig;" >> $new_file
echo " route $route;" >> $new_file
echo " firewall $firewall;" >> $new_file
echo " ip $ip;" >> $new_file
echo "}" >> $new_file
echo " " >> $new_file
}
# ALLOW THESE CLIENTS TO CONNECT TO THIS SERVER vtundsrv.conf
allowed_client_config() {
local cfg="$1"
local new_file="$2"
local enabled node pwd netip clientip serverip persist compress keepalive proto
if [ $TUNNUM -lt $MAXTUNNUM ]
then
config_get_bool enabled "$cfg" enabled
config_get node "$cfg" node
config_get passwd "$cfg" passwd
config_get netip "$cfg" netip
config_get clientip "$cfg" clientip
config_get serverip "$cfg" serverip
config_get persist "$cfg" persist "yes"
config_get compress "$cfg" compress "lzo:9"
config_get keepalive "$cfg" keepalive "yes"
config_get proto "$cfg" proto "tcp"
if [ $enabled -eq 1 ]
then
echo "node $node {" >> $new_file
echo " passwd $passwd;" >> $new_file
echo " type tun;" >> $new_file
echo " proto $proto;" >> $new_file
echo " device tun${TUNNUM};" >> $new_file
echo " persist $persist;" >> $new_file
echo " compress $compress;" >> $new_file
echo " keepalive $keepalive;" >> $new_file
echo " up {" >> $new_file
echo -e " ifconfig \"%% ${serverip} netmask 255.255.255.252 pointopoint ${clientip} mtu 1450\";" >> $new_file
echo -e " route \"add -net ${netip}/30 gw ${clientip}\";" >> $new_file
echo " };" >> $new_file
echo " down {" >> $new_file
echo " };" >> $new_file
echo "}" >> $new_file
echo " " >> $new_file
TUNNUM=$(( TUNNUM + 1 ))
fi
else
echo "## TOO MANY TUNNEL CONNECTIONS (${TUNNUM}) ##" >> $new_file
fi
}
apply_uci_config() {
sh -c '. /lib/functions.sh; include /lib/config; uci_apply_defaults'
}
start() {
apply_uci_config
config_load vtun
# Remove the current config files
rm -f $SERVER_CONF
config_foreach network_config network
config_foreach options_config options "$SERVER_CONF"
config_foreach allowed_client_config client "$SERVER_CONF"
# START SERVER LISTENER
/usr/sbin/vtund -s -f $SERVER_CONF
}
stop() {
# find the vtund SERVER process... --- FIX THIS
for x in `ps -w|grep -F 'vtund[s]:'|grep -v grep|tr -s ' '|cut -d' ' -f2`
do
s=`echo $s $x`
done
kill $s
}

View File

@ -1 +1 @@
0.10.x
3.1.1TUNNEL

128
files/usr/local/bin/vtun_up Normal file
View File

@ -0,0 +1,128 @@
#!/bin/sh
# AE6XE 2014-12-08
# This script assumes a pre-existing OpenWRT-UCI netfilter table structure
# $1 = tun0 | tun1 | ... | tun9
# $2 = up | down
interface=$1
action=$2
is_olsrgw=`cat /etc/config.mesh/_setup|grep -i olsrd_gw|cut -d ' ' -f 3`
configmode=`uci -q -c /etc/local/uci/ get hsmmmesh.settings.config`
inf_count=`ifconfig | egrep "^tun[0-9]" | wc -l`
echo "Firewall rules for $interface $action"
# Do nothing if node is not in mesh mode
if [ "$configmode" != "mesh" ] ; then exit 0; fi
# Test for pre-existing firewall rules which use a wildcard and only need setup 1 time for multiple tunnel connections
if ( `iptables -L forwarding_vpn | egrep "^Chain forwarding_vpn \(.+ references\)" > /dev/null` ) then
rules_exist=1
else
rules_exist=0
fi
# Do nothing on firewall if tunnels already (or still) exist--set up once for first and remove on last down
if [ $rules_exist -eq 0 -a "$action" = "up" ] ; then
echo "Adding vtun firewall rules..."
iptables -N forwarding_vpn
iptables -N input_vpn
iptables -N zone_vpn
iptables -N zone_vpn_ACCEPT
iptables -N zone_vpn_DROP
iptables -N zone_vpn_REJECT
iptables -N zone_vpn_forward
iptables -A forward -i tun+ -j zone_vpn_forward
iptables -A input -i tun+ -j zone_vpn
iptables -A output -j zone_vpn_ACCEPT
iptables -A zone_vpn -p icmp -m icmp --icmp-type 8 -j ACCEPT
iptables -A zone_vpn -p tcp -m tcp --dport 2222 -j ACCEPT
iptables -A zone_vpn -p tcp -m tcp --dport 8080 -j ACCEPT
iptables -A zone_vpn -p udp -m udp --dport 698 -j ACCEPT
iptables -A zone_vpn -p tcp -m tcp --dport 1978 -j ACCEPT
iptables -A zone_vpn -p tcp -m tcp --dport 23 -j ACCEPT
iptables -I zone_dtdlink_forward 1 -j zone_vpn_ACCEPT
if [ ! $is_olsrgw -eq 1 ] ; then
iptables -I zone_dtdlink_forward 1 -j zone_wan_REJECT
fi
iptables -I zone_lan_forward 1 -j zone_vpn_ACCEPT
iptables -I zone_wifi_forward 1 -j zone_vpn_ACCEPT
if [ ! $is_olsrgw -eq 1 ] ; then
iptables -I zone_wifi_forward 1 -j zone_wan_REJECT
fi
iptables -I zone_vpn_forward 1 -j zone_vpn_ACCEPT
iptables -I zone_vpn_forward -j zone_wan_REJECT
iptables -A zone_vpn -j input_vpn
iptables -A zone_vpn -j zone_vpn_ACCEPT
iptables -A zone_vpn_ACCEPT -o tun+ -j ACCEPT
iptables -A zone_vpn_ACCEPT -i tun+ -j ACCEPT
iptables -A zone_vpn_DROP -o tun+ -j DROP
iptables -A zone_vpn_DROP -i tun+ -j DROP
iptables -A zone_vpn_REJECT -o tun+ -j reject
iptables -A zone_vpn_REJECT -i tun+ -j reject
iptables -A zone_vpn_forward -j zone_dtdlink_ACCEPT
iptables -A zone_vpn_forward -j zone_lan_ACCEPT
iptables -A zone_vpn_forward -j zone_wifi_ACCEPT
iptables -A zone_vpn_forward -j forwarding_vpn
fi
if [ $inf_count -eq 0 -a "$action" = "down" ] ; then
echo "Removing vtun firewall rules..."
iptables -D zone_vpn_forward -j forwarding_vpn
iptables -D zone_vpn_forward -j zone_wifi_ACCEPT
iptables -D zone_vpn_forward -j zone_lan_ACCEPT
iptables -D zone_vpn_forward -j zone_dtdlink_ACCEPT
iptables -D zone_vpn_REJECT -i tun+ -j reject
iptables -D zone_vpn_REJECT -o tun+ -j reject
iptables -D zone_vpn_DROP -i tun+ -j DROP
iptables -D zone_vpn_DROP -o tun+ -j DROP
iptables -D zone_vpn_ACCEPT -i tun+ -j ACCEPT
iptables -D zone_vpn_ACCEPT -o tun+ -j ACCEPT
iptables -D zone_vpn -j zone_vpn_ACCEPT
iptables -D zone_vpn -j input_vpn
iptables -D zone_vpn_forward -j zone_wan_REJECT
iptables -D zone_vpn_forward -j zone_vpn_ACCEPT
iptables -D zone_wifi_forward -j zone_vpn_ACCEPT
iptables -D zone_wifi_forward -j zone_wan_REJECT
iptables -D zone_lan_forward -j zone_vpn_ACCEPT
iptables -D zone_dtdlink_forward -j zone_vpn_ACCEPT
iptables -D zone_dtdlink_forward -j zone_wan_REJECT
iptables -D zone_vpn -p tcp -m tcp --dport 23 -j ACCEPT
iptables -D zone_vpn -p tcp -m tcp --dport 1978 -j ACCEPT
iptables -D zone_vpn -p udp -m udp --dport 698 -j ACCEPT
iptables -D zone_vpn -p tcp -m tcp --dport 8080 -j ACCEPT
iptables -D zone_vpn -p tcp -m tcp --dport 2222 -j ACCEPT
iptables -D zone_vpn -p icmp -m icmp --icmp-type 8 -j ACCEPT
iptables -D output -j zone_vpn_ACCEPT
iptables -D input -i tun+ -j zone_vpn
iptables -D forward -i tun+ -j zone_vpn_forward
iptables -X zone_vpn_REJECT
iptables -X zone_vpn_DROP
iptables -X zone_vpn_ACCEPT
iptables -X zone_vpn
iptables -X zone_vpn_forward
iptables -X input_vpn
iptables -X forwarding_vpn
fi
if [ "$action" = "up" ] ; then
# Adding route policies for tunnel interface
if ( ! `ip rule list | egrep "^20020:.*$interface.*30" > /dev/null`) then
if [ -e /etc/config/dmz-mode ] ; then
ip rule add pref 20010 iif $interface lookup 29 # local interfaces
fi
ip rule add pref 20020 iif $interface lookup 30 # mesh
# ensure routing to internet is the local interface on this
# node and not forwarded to another gateway on the local mesh
# firewall rules above will always REJECT wan access comming across the tunnel
ip rule add pref 20090 iif $interface lookup main # local routes including wan
ip rule add pref 20099 iif $interface unreachable
fi
else
# Remove route policies for tunnel interface
ip rule del pref 20010 iif $interface lookup 29
ip rule del pref 20020 iif $interface lookup 30
ip rule del pref 20090 iif $interface lookup main
ip rule del pref 20099 iif $interface unreachable
fi
exit 0;

View File

@ -0,0 +1,148 @@
#################################
# get base network from config - CHANGE FOR UCI
#################################
sub get_server_network_address()
{
my @list =();
my $server_net=`uci get vtun.@network[0].start`;
if($server_net ne "")
{
# to facilitate overrides (ie. moving the server to a new node)
# read the file into $mac
@list = split('\.', $server_net);
}
else
{
# or, calc based on eth0 mac address, then store it.
$mac=get_mac("eth0");
@MACS=split(/:/, $mac);
push @list, "172";
push @list, "31";
push @list, hex @MACS[5];
# strip off the high bits
push @list, ((hex @MACS[4]) << 2) & 255;
$server_net=sprintf("%d.%d.%d.%d",@list[0],@list[1],@list[2],@list[3]);
system "uci add vtun network";
system "uci set vtun.@network[0].start='${server_net}'";
system "uci commit vtun";
}
return @list;
}
sub get_active_tun()
{
my @active_tun;
foreach(`ps -w|grep vtun|grep ' tun '`)
{
@parts = $_ =~ /.*\:.*-(172-31-.*)\stun\stun.*/g;1;
@parts[0] =~ s/\-/\./g;
push(@active_tun,@parts[0]);
}
return @active_tun;
}
# INPUT arg: Array of active tunnel IP's, IP of the tunnel network you are checking
sub is_tunnel_active()
{
my ($n, @active_tun) = @_;
my $match=0;
foreach(@active_tun){
#print "a=$_, n=$n\n";
if($n eq $_) {
$match = 1;
last;
}
}
return $match; # the return value of the do block
}
# Get hardware model/type
sub get_model()
{
$model_full=`/usr/local/bin/get_model`;
if($model_full=~ m/ubiquiti.*/i) {
$model="UBNT";
} else {
$model="LS";
}
}
##########################
# Add OLSRD interfaces - called when adding a new client connection
##########################
sub add_olsrd_interface() {
my ($tunnum) = @_;
# uci add_list olsrd.interface=vpn${tunnumber}
# uci commit vtundsrv
#config Interface
# list interface 'vpn50 vpn51 vpn52 vpn53 vpn54 vpn55 vpn56 vpn57 vpn58 vpn59'
# option Ip4Broadcast 255.255.255.255
}
##########################
# Delete OLSRD interfaces - called when deleting a new client connection
##########################
sub del_olsrd_interface() {
my ($tunnum) = @_;
# uci delete_list olsrd.interface.vpn${tunnumber}
# uci commit vtundsrv
#config Interface
# list interface 'vpn50 vpn51 vpn52 vpn53 vpn54 vpn55 vpn56 vpn57 vpn58 vpn59'
# option Ip4Broadcast 255.255.255.255
}
##########################
# Add network interfaces tun50 thru tun69 - called on install
##########################
sub add_network_interfaces() {
for ($tunnum = 50; $tunnum <= 69; $tunnum++)
{
system "uci set network.vpn${tunnum}=interface";
system "uci set network.vpn${tunnum}.ifname='tun${tunnum}";
system "uci set network.vpn${tunnum}.proto='none'";
}
system "uci commit network";
}
##########################
# Delete OLSRD interfaces - called when deleting a new client connection
##########################
sub del_olsrd_interface() {
my ($tunnum) = @_;
# uci delete_list olsrd.interface.vpn${tunnumber}
# uci commit vtundsrv
#
}
#################################
# Check Freespace on / filesystem
#################################
sub check_freespace()
{
my $fs = `df / | grep -v '^Filesystem' | awk 'NF=6{print \$4}NF==5{print \$3}{}'`;
chomp $fs;
return $fs;
}
##########################
# Config firewall to allow port 5525 on WAN interface
##########################
sub open_5525_on_wan() {
system "uci add firewall rule";
system "uci set firewall.@rule[-1].src='wan'";
system "uci set firewall.@rule[-1].dest_port='5525'";
system "uci set firewall.@rule[-1].proto='tcp'";
system "uci set firewall.@rule[-1].target='ACCEPT'";
system "uci commit firewall" ;`
}
#weird uhttpd/busybox error requires a 1 at the end of this file
1

View File

@ -0,0 +1,42 @@
### UCI Helpers START ###
sub uci_get_type_count()
{
my ($config, $stype)=@_;
my $cmd=sprintf('uci show %s|egrep vtun\.\@%s.*=%s|wc -l',$config,$stype,$stype);
my $rc=`$cmd`;
chomp($rc);
return $rc;
}
sub uci_get_indexed_item()
{
my ($config,$stype,$index,$key)=@_;
my $cmd=sprintf('uci get %s.@%s[%s].%s',$config,$stype,$index,$key);
$e=`$cmd`;
chomp($e);
return $e;
}
sub uci_set_indexed_option()
{
my ($config,$stype,$index,$option,$val)=@_;
my $cmd=sprintf('uci set %s.@%s[%s].%s=%s',$config,$stype,$index,$option,$val);
$e=`$cmd`;
#return $cmd;
return $?;
}
sub uci_delete_indexed_type()
{
my ($config,$stype,$index)=@_;
my $cmd=sprintf('uci delete %s.@%s[%s]',$config,$stype,$index);
$e=`$cmd`;
print $?;
return $?;
}
### UCI Helpers END ###
#weird uhttpd/busybox error requires a 1 at the end of this file
1

575
files/www/cgi-bin/vpn Executable file
View File

@ -0,0 +1,575 @@
#!/usr/bin/perl
$debug = 0;
BEGIN {push @INC, '/www/cgi-bin'};
use perlfunc;
use ucifunc;
use tunfunc;
$VPNVER="1.0";
$config = nvram_get("config");
$node = nvram_get("node");
$node = "NOCALL" if $node eq "";
$unode = uc $node; # UPPER CASE NODENAME
$vpncfile = "/etc/vpnclients";
$tmpdir = "/tmp/web/vpn";
$tmpvtundsconf = "${tmpdir}/vtundsrv.conf.tmp";
$tmpconnfile = "${tmpdir}/vpnclients";
$tsfile = "/etc/tunnel.server";
$tmptsfile = "${tmpdir}/tunnel.server.tmp";
read_postdata();
#################
# page checks
#################
if($parms{button_reboot})
{
system "/sbin/reboot";
}
if($parms{button_install})
{
&install_vtun();
}
&reboot_required() if($config eq "" or -e "/tmp/reboot-required");
&vpn_setup_required() unless(-e "/usr/sbin/vtund" );
&get_model();
&get_active_tun();
#################
# If RESET or FIRST TIME, load clients/servers from file into parms --- CHANGE not needed?
#################
system "rm -rf $tmpdir" unless $parms{reload};
system "mkdir -p $tmpdir" unless $parms{reload};
# if RESET, delete the tunnel.server network number file --- CHANGE UCI
if($parms{button_reset})
{
system "rm -rf $tsfile";
}
#################
# get vtun network address
#################
@netw = ();
@netw = &get_server_network_address();
#&DEBUGEXIT(@netw[2]);
#################
# If RESET or FIRST TIME, load clients/servers from file into parms
#################
if($parms{button_reset} or not $parms{reload})
{
# load clients from CONFIG FILE
&get_client_info();
$parms{server_net1}=@netw[2];
$parms{server_net2}=@netw[3];
# initialize the "add" entries to clear them
foreach $var (qw(client_add_enable client_add_name client_add_pass))
{
$parms{$var} = "";
$parms{$var} = "0" if($var eq 'client_add_enable');
}
}
else
{
#&DEBUGEXIT($parms{client1_enable});
}
#################
# load clients from FORM and validate
#################
for($i =1 , @list = (); $i <= $parms{client_num}; ++$i) { push @list, $i }
push @list, "_add";
$client_num = 0;
foreach $val (@list)
{
foreach $var (qw(enable name pass))
{
$varname = "client${val}_$var";
$parms{$varname} = "0" if($val eq "enable" and $parms{$varname} eq "");
$parms{$varname} = "" unless $parms{$varname};
$parms{$varname} =~ s/^\s+//;
$parms{$varname} =~ s/\s+$//;
if($val ne "_add")
{
if($parms{$varname} eq "" and ($var eq "enable"))
{
$parms{$varname} = "0";
}
}
eval sprintf("\$%s = \$parms{%s}", $var, $varname);
}
# Validate ADDed values
if($val eq "_add")
{
# skip any null values on add or save
next unless ($enable or $name or $pass) and ($parms{client_add} or $parms{button_save});
} # no delete capabilities as net renumbering is not allowed
if($val eq "_add" and $parm{button_save})
{
push @cli_err, "$val this client must be added or cleared out before saving changes";
next;
}
push @cli_err, "A client name is required" if($name eq "");
push @cli_err, "A client password is required" if($pass eq "");
next if $val eq "_add" and @cli_err and $cli_err[-1] =~ /^$val /;
# Commit the data for this client
++$client_num;
$parms{"client${client_num}_enable"} = $enable;
$parms{"client${client_num}_name"} = uc $name;
$parms{"client${client_num}_pass"} = $pass;
# Clear out the ADD values
if($val eq "_add")
{
foreach $var (qw(net enable name pass))
{
$parms{"client_add_${var}"} = "";
}
}
}
#################
# SAVE the clients into the TMP file --- CHANGE TO UCI
#################
system "rm -f $tmpconnfile";
open(FILE, ">$tmpconnfile");
for($i = 1; $i <= $client_num; $i++)
{
printf FILE "%d|%s|%s\n",
$parms{"client${i}_enable"},
$parms{"client${i}_name"},
$parms{"client${i}_pass"}
}
close(FILE);
#################
# SAVE the server network numbers into the TMP file --- CHANGE UCI
#################
#if(($parms{server_net1} ~~ [0..252]) and ($parms{server_net2} ~~ [0..252]))
#{
system "rm -f $tmptsfile";
open(FILE, ">$tmptsfile");
printf FILE "%d.%d.%d.%d",172,31,$parms{server_net1},$parms{server_net2};
close(FILE);
$netw[2]=$parms{server_net1};
$netw[3]=$parms{server_net2};
#}
#else
#{
# push @cli_err, "The server net values must be between 0-254!";
# $parms{server_net1}=$netw[2];
# $parms{server_net2}=$netw[3];
#}
$parms{client_num} = $client_num;
#################
# save configuration --- CHANGE UCI
#################
if($parms{button_save} and not (@cli_err or @serv_err))
{
# save the tunnel.server ip address to file
system "cp -f $tmptsfile $tsfile";
system "cp -f $tmpconnfile $vpncfile";
#&generate_vtundsrv_conf();
# uci commit vtundsrv
# ./vtundsrv stop
# ./vtundsrv start
# RESTART VTUNDSRV /etc/init.d/vtundsrv restart
unless($debug == 3)
{
push(@errors,"problem with vtundsrv") if system "/etc/init.d/vtundsrv restart > /dev/null 2>&1";
}
}
######################################################################################
# generate the page
######################################################################################
http_header() unless $debug == 2;
html_header("$node setup", 1);
print "<body><center>\n";
print "<form method=post action=/cgi-bin/vpn enctype='multipart/form-data'>\n" unless $debug == 2;
print "<form method=post action=test>\n" if $debug == 2;
print "<table width=790>\n";
#################
# Navigation bar
#################
print "<tr><td>\n";
navbar("vpn");
print "</td></tr>\n";
#################
# control buttons
#################
print "<tr><td align=center>";
print "<a href='/help.html#vpn' target='_blank'>Help</a>";
print "&nbsp;&nbsp;&nbsp;\n";
print "<input type=submit name=button_save value='Save Changes' title='Save and use these settings now (takes about 20 seconds)'>&nbsp;\n";
print "<input type=submit name=button_reset value='Reset Values' title='Revert to the last saved settings'>&nbsp;\n";
print "<input type=submit name=button_refresh value='Refresh' title='Refresh this page'>&nbsp;\n";
print "<tr><td>&nbsp;</td></tr>\n";
push @hidden, "<input type=hidden name=reload value=1></td></tr>";
#################
# messages
#################
if(@cli_err)
{
print "<tr><td align=center><b>ERROR:<br>";
foreach(@cli_err) { print "$_<br>" }
print "</b></td></tr>\n";
}
if($parms{button_save})
{
if(@cli_err)
{
print "<tr><td align=center><b>Configuration NOT saved!</b></td></tr>\n";
}
elsif(@errors)
{
print "<tr><td align=center><b>Configuration saved, however:<br>";
foreach(@errors) { print "$_<br>" }
print "</b></td></tr>\n";
}
else
{
print "<tr><td align=center><b>Configuration saved and is now active.</b></td></tr>\n";
}
print "<tr><td>&nbsp;</td></tr>\n";
}
#################
# everything else
#################
if($config eq "mesh")
{
#print "<tr><th>** THIS PAGE IS NON-FUNCTIONAL AT THE MOMENT **</th></tr>\n";
#print "<tr><td align=center valign=top>\n";
#print "</td></tr>\n";
#print "<tr><td><hr></td></tr>\n";
print "<tr><td align=center valign=top>\n";
&print_vpn_clients();
print "</td></tr>\n";
print "<tr><td><hr></td></tr>\n";
}
print "</table>\n";
print "<p style='font-size:8px'>VPN v${VPNVER}</p>";
push @hidden, "<input type=hidden name=client_num value=$parms{client_num}>";
#################
# add hidden form fields
#################
foreach(@hidden) { print "$_\n" }
#################
# close the form
#################
print "</form></center>\n";
show_debug_info();
#################
# close the html
#################
print "</body></html>\n";
exit;
##################
# page subsections
##################
######################################################
# List the clients allowed to connect to this server #
######################################################
sub print_vpn_clients()
{
print "<table id=client_section cellpadding=0 cellspacing=0>";
#print "<tr><td colspan=5 align=center valign=top>Virtual Tunnel Server Enabled? <input type=checkbox name=server_enabled checked /></td></tr>";
print "<br /><tr><td colspan=6 align=center valign=top>Virtual Tunnel Server Network: ";
printf("%d.%d.",@netw[0],@netw[1]);
print "<input type='text' name='server_net1' size='3' maxlen='3' value='@netw[2]' onChange='form.submit()' >";
print ".";
print "<input type='text' name='server_net2' size='3' maxlen='3' value='@netw[3]' onChange='form.submit()'>";
print " (must be between 0 and 254)</td></tr>";
print "<tr><th colspan=6><hr></th></tr>\n";
print "<tr><th colspan=6>Allow the following clients to connect to this server:</th></tr>\n";
print "<tr><th>Enabled?</th><th>Client</th><th>Pwd</th><th>Net</th><th>Active&nbsp;</td><th>Action</th></tr>\n";
for($i = 1, @list = (); $i <= $parms{client_num}; ++$i) { push @list, $i };
push @list, "_add" unless($parms{client_num} > 9);
$cnum=0;
foreach $val (@list)
{
foreach $var (qw(enable name pass))
{
eval sprintf("\$%s = \$parms{client%s_%s}", $var, $val, $var);
}
print "<tr><td height=10></td></tr>\n" if $val eq "_add" and scalar(@list) > 1;
print "<tr>";
print "<td>";
# Required to be first, so, if the checkbox is cleared, a value will still POST
print "<input type='hidden' name='client${val}_enable' value='0'>" unless($val eq "_add");
print "<input type='checkbox' name='client${val}_enable' value='1'";
print " onChange='form.submit()'" unless $val eq "_add";
print " checked='checked'" if $enable;
#print " disabled" unless $val eq "_add";
print " title='enable this client'></td>";
print "<td><input type=text size=25 name=client${val}_name value='$name'";
print " onChange='form.submit()'" unless $val eq "_add";
# print " disabled" unless $val eq "_add";
print " title='client name'></td>";
print "<td>&nbsp;&nbsp;<input type=text size=20 name=client${val}_pass value='$pass' ";
print " onChange='form.submit()'" unless $val eq "_add";
print " title='client password'";
#print " disabled" unless $val eq "_add";
print "></td>";
# handle rollover of netw[3]
if(@netw[3]+($cnum * 4) > 252) {
@netw[2]++;
$netw[3] = 0;
$net=0;
$cnum=0;
} else {
$net=$cnum;
}
if($val eq "_add") { $lastnet=@netw[3]+(($net) * 4); }
else { $lastnet=@netw[3]+($net * 4); }
$fullnet=sprintf("%d.%d.%d.%d",@netw[0],@netw[1],@netw[2],$lastnet);
print "<td>&nbsp;$fullnet</td>";
print "<td>&nbsp;";
#print "<img src='/dot.png'/>" if(@active_tun[$cnum]);
print "<img src='/dot.png'/>" if((&is_tunnel_active($name)) && ($val ne "_add"));
print "</td>";
print "<td><input type=submit name=client_add value=Add title='Add this client'>" if($val eq "_add");
print "</td>";
print "<td><a href='mailto:?subject=BBHN%20VPN%20Connection&body=Your%20connection%20details:%0D%0AName:%20$name%0D%0APassword:%20$pass%0D%0ANetwork:%20$fullnet%0D%0AServer%20address:%20<your%20server%20dns%20name>'>Email</a></td>" unless($val eq "_add");
print "</tr>\n";
# display any errors
while(@cli_err and $cli_err[0] =~ /^$val /)
{
$err = shift @cli_err;
$err =~ s/^\S+ //;
print "<tr><th colspan=4>$err</th></tr>\n";
}
#push @hidden, "<input type='hidden' name='client${val}_enable' value='0'>" unless($val eq "_add");
print "<tr><td colspan=4 height=4></td></tr>\n";
$cnum++;
}
print "</table>\n";
}
#################################
# generate the vtundsrv server file --- CHANGE FOR UCI
#################################
sub generate_vtundsrv_conf()
{
# Start with the header
open MYFILE, ">${tmpvtundsconf }";
print MYFILE &vtundsrv_conf_head;
# loop over $vpncfile
$cnum=0;
foreach(`cat $vpncfile 2>/dev/null`)
{
next if /^\s*#/; ## ignore lines that start with '#'
next if /^\s*$/; ## ignore lines that start with '$'
chomp;
@parts = split /\|/, $_;
next unless scalar(@parts) == 3;
$enable = @parts[0];
$name = @parts[1];
$pass = @parts[2];
unless($enable)
{
$cnum++; ## to make sure the tun and ip addresses remain constant
next;
}
$net3=@netw[2];
$net4=@netw[3]+($cnum*4);
$netnet=sprintf("%d.%d.%d.%d",@netw[0],@netw[1],$net3,$net4);
$netcli=sprintf("%d.%d.%d.%d",@netw[0],@netw[1],$net3,$net4+1);
$netserv=sprintf("%d.%d.%d.%d",@netw[0],@netw[1],$net3,$net4+2);
$clientname=sprintf("%s-%d-%d-%d-%d",$name,@netw[0],@netw[1],$net3,$net4);
$tmpConnectionString=&vtundsrv_conf_client;
$tmpConnectionString =~ s/%CLIENTNAME%/$clientname/g;
$tmpConnectionString =~ s/%CLIENTPASS%/$pass/g;
$tmpConnectionString =~ s/%CLIENTNUMBER%/$cnum/g;
$tmpConnectionString =~ s/%NETNET%/$netnet/g;
$tmpConnectionString =~ s/%NETCLIENT%/$netcli/g;
$tmpConnectionString =~ s/%NETSERVER%/$netserv/g;
if($model eq "UBNT") { $tmpConnectionString =~ s/encrypt..yes/encrypt oldblowfish128ecb/g; }
print MYFILE $tmpConnectionString;
$cnum++;
}
close MYFILE;
# backup the original file
system "cp -f /etc/vtundsrv.conf /etc/vtundsrv.conf.bak> /dev/null 2>&1";
system "cp -f $tmpvtundsconf /etc/vtundsrv.conf> /dev/null 2>&1";
}
#################################
# load client info from config file - CHANGE FOR UCI
#################################
sub get_client_info()
{
$i=0;
foreach(`cat $vpncfile 2>/dev/null`)
{
next if /^\s*#/; ## ignore lines that start with '#'
next if /^\s*$/; ## ignore lines that start with '$'
chomp;
@parts = split /\|/, $_;
next unless scalar(@parts) == 3;
++$i;
foreach $var (qw(enable name pass))
{
$parms{"client${i}_$var"} = shift @parts;
$parms{"client${i}_$var"} = "0" if($parms{"client${i}_$var"} eq "");
}
}
$parms{client_num} = $i;
}
sub vpn_setup_required()
{
http_header();
html_header("$node setup", 1);
print "<body><center><table width=790>";
print "<tr><td>\n";
navbar("vpn");
print "</td></tr>";
#################
# messages
#################
if(@cli_err)
{
print "<tr><td align=center><b>ERROR:<br>";
foreach(@cli_err) { print "$_<br>" }
print "</b></td></tr>\n";
}
print "<tr><td align=center><br><b>";
print "VPN software needs to be installed.<br/>";
print "<form method='post' action='/cgi-bin/vpn' enctype='multipart/form-data'>\n";
print "<input type=submit name=button_install value='Click to install' />";
print "</form>";
print "</b></td></tr>\n";
print "</table></center></body></html>\n";
exit;
}
sub reboot_required()
{
http_header();
html_header("$node setup", 1);
print "<body><center><table width=790><tr><td>\n";
navbar("vpn");
print "</td></tr><tr><td align=center><br>";
if($config eq "")
{
print "<b>This page is not available until the configuration has been set.</b>";
}
else
{
print "<b>The configuration has been changed.<br>This page will not be available until the node is rebooted.\n</b>";
print "<form method='post' action='/cgi-bin/vpn' enctype='multipart/form-data'>\n";
print "<input type=submit name=button_reboot value='Click to REBOOT' />";
print "</form>";
}
print "</td></tr>\n";
print "</table></center></body></html>\n";
exit;
}
#################################
# Install VTUN Server Components/config
#################################
sub install_vtun()
{
# check free disk space - get real values
$freespace=&check_freespace();
if($freespace < 600)
{
push @cli_err, "Insuffient free disk space!";
}
else
{
# Update/Install VTUN
system "opkg update";
system "opkg install kmod-tun zlib libopenssl liblzo vtun > /tmp/tunnel_install.log";
# Prep firewall
&open_5525_on_wan();
# add network interfaces
&add_network_interfaces();
# Reboot required
system "touch /tmp/reboot-required";
}
}
sub DEBUGEXIT()
{
my ($text) = @_;
http_header();
html_header("$node setup", 1);
print "DEBUG-";
print $text;
print "</body>";
exit;
}

449
files/www/cgi-bin/vpnc Executable file
View File

@ -0,0 +1,449 @@
#!/usr/bin/perl
$debug = 1;
BEGIN {push @INC, '/www/cgi-bin'};
use perlfunc;
use ucifunc;
use tunfunc;
$VPNVER="1.0";
$config = nvram_get("config");
$node = nvram_get("node");
$node = "NOCALL" if $node eq "";
$unode = uc $node; # UPPER CASE NODENAME
#$vpnconnfile = "/etc/vtun.connections";
#$tmpdir = "/tmp/web/vpn";
#$tmpvtundconf = "${tmpdir}/vtund.conf.tmp";
#$tmpvtundservice = "${tmpdir}/vtund.service.tmp"; # contains connection rows
#$tmpvtund = "${tmpdir}/vtund.tmp";
#$tmpconnfile = "${tmpdir}/vpnconnections";
&get_model();
read_postdata();
@active_tun=&get_active_tun();
#################
# page checks
#################
&reboot_required() if($config eq "" or -e "/tmp/reboot-required");
&vpn_setup_required() unless(-e "/usr/sbin/vtund" );
#################
# If RESET or FIRST TIME, load servers from file into parms
#################
if($parms{button_reset} or not $parms{reload})
{
# load connections from UCI
&get_connection_info();
# initialize the "add" entries to clear them
foreach $var (qw(conn_add_enabled conn_add_host conn_add_passwd conn_add_netip))
{
$parms{$var} = "";
$parms{$var} = "0" if($var eq 'conn_add_enabled');
}
}
else
{
#&DEBUGEXIT($parms{client1_enable});
}
#################
# load connections from FORM and validate
#################
for($i =1 , @list = (); $i <= $parms{conn_num}; ++$i) { push @list, $i }
push @list, "_add";
$conn_num = 0;
foreach $val (@list)
{
foreach $var (qw(enabled host passwd netip))
{
$varname = "conn${val}_$var";
$parms{$varname} = "0" if($val eq "enabled" and $parms{$varname} eq "");
$parms{$varname} = "" unless $parms{$varname};
$parms{$varname} =~ s/^\s+//;
$parms{$varname} =~ s/\s+$//;
if($val ne "_add")
{
if($parms{$varname} eq "" and ($var eq "enabled"))
{
$parms{$varname} = "0";
}
}
eval sprintf("\$%s = \$parms{%s}", $var, $varname);
}
# Validate ADDed values
if($val eq "_add") { next unless ($enabled or $host or $passwd or $netip) and ($parms{conn_add} or $parms{button_save}) }
else { next if $parms{"conn${val}_del"} }
if($val eq "_add" and $parm{button_save})
{
push @conn_err, "$val this connection must be added or cleared out before saving changes";
next;
}
push @conn_err, "A connection server is required" if($host eq "");
push @conn_err, "A connection password is required" if($passwd eq "");
next if $val eq "_add" and @cli_err and $cli_err[-1] =~ /^$val /;
# Commit the data for this connection
++$conn_num;
$parms{"conn${conn_num}_enabled"} = $enabled;
$parms{"conn${conn_num}_host"} = $host;
$parms{"conn${conn_num}_passwd"} = $passwd;
$parms{"conn${conn_num}_netip"} = $netip;
# Clear out the ADD values
if($val eq "_add")
{
foreach $var (qw(enabled host passwd netip))
{
$parms{"conn_add_${var}"} = "";
}
}
}
#################
# SAVE the clients the UCI vtun file
#################
$parms{conn_num} = $conn_num;
if($parms{button_save} and not (@conn_err or @serv_err))
{
# ADD/SET all server type entries
for($i=1; $i<=$conn_num; $i++)
{
foreach $var (qw(enabled host passwd netip))
{
eval sprintf("\$val = \$parms{conn%s_%s}",$i,$var);
$idx=$i*(-1);
push(@errors,"Problem adding server entry into config file") if &uci_set_indexed_option("vtun","server",$idx,$var,$val);
}
# TODO: calculate clientip and serverip
#
# TODO: uci_set_indexed_option("vtun","server",-1,"clientip",$clientip);
# TODO: uci_set_indexed_option("vtun","server",-1,"clientip",$serverip);
# TODO: uci_set_indexed_option("vtun","server",-1,"node",$nodename)
}
push(@errors,"Problem committing server entry into config file") if system "uci commit vtun > /dev/null 2>&1";
# COPY /etc/config/vtun to /etc/config.mesh/vtun (to workaround node-setup script issues)
system "cp /etc/config/vtun /etc/config.mesh/vtun";
# STOP vtun clients
system "/etc/init.d/vtund stop > /dev/null 2>&1";
# START VTUND /etc/init.d/vtund start
unless($debug == 3)
{
push(@errors,"Problem starting vtund") if system "/etc/init.d/vtund start > /dev/null 2>&1";
}
}
######################################################################################
# generate the page
######################################################################################
http_header() unless $debug == 2;
html_header("$node setup", 1);
print "<body><center>\n";
print "<form method=post action=/cgi-bin/vpnc enctype='multipart/form-data'>\n" unless $debug == 2;
print "<form method=post action=test>\n" if $debug == 2;
print "<table width=790>\n";
#################
# Navigation bar
#################
print "<tr><td>\n";
navbar("vpnc");
print "</td></tr>\n";
#################
# control buttons
#################
print "<tr><td align=center>";
print "<a href='/help.html#vpn' target='_blank'>Help</a>";
print "&nbsp;&nbsp;&nbsp;\n";
print "<input type=submit name=button_save value='Save Changes' title='Save and use these settings now (takes about 20 seconds)'>&nbsp;\n";
print "<input type=submit name=button_reset value='Reset Values' title='Revert to the last saved settings'>&nbsp;\n";
print "<input type=submit name=button_refresh value='Refresh' title='Refresh this page'>&nbsp;\n";
print "<tr><td>&nbsp;</td></tr>\n";
push @hidden, "<input type=hidden name=reload value=1></td></tr>";
#################
# messages
#################
if(@cli_err)
{
print "<tr><td align=center><b>ERROR:<br>";
foreach(@conn_err) { print "$_<br>" }
print "</b></td></tr>\n";
}
if($parms{button_save})
{
if(@cli_err)
{
print "<tr><td align=center><b>Configuration NOT saved!</b></td></tr>\n";
}
elsif(@errors)
{
print "<tr><td align=center><b>Configuration saved, however:<br>";
foreach(@errors) { print "$_<br>" }
print "</b></td></tr>\n";
}
else
{
print "<tr><td align=center><b>Configuration saved and is now active.</b></td></tr>\n";
}
print "<tr><td>&nbsp;</td></tr>\n";
}
#################
# everything else
#################
if($config eq "mesh")
{
print "<tr><td align=center valign=top>\n";
&print_vpn_connections();
print "</td></tr>\n";
print "<tr><td><hr></td></tr>\n";
}
print "</table>\n";
print "<p style='font-size:8px'>VPN v${VPNVER}</p>";
push @hidden, "<input type=hidden name=conn_num value=$parms{conn_num}>";
#################
# add hidden form fields
#################
foreach(@hidden) { print "$_\n" }
#################
# close the form
#################
print "</form></center>\n";
show_debug_info();
#################
# close the html
#################
print "</body></html>\n";
exit;
##################
# page subsections
##################
######################################################
# List the connections to be made from this client
######################################################
sub print_vpn_connections()
{
print "<table id=connection_section cellpadding=0 cellspacing=0>";
print "<tr><th colspan=6>Connect this node to the following servers:</th></tr>";
print "<tr><th colspan=6><hr></th></tr>\n";
print "<tr><th>Enabled?</th><th>Server</th><th>Pwd</th><th>Network</th><th>Active&nbsp;</th><th>Action</th></tr>\n";
for($i = 1, @list = (); $i <= $parms{conn_num}; ++$i) { push @list, $i };
push @list, "_add" unless($parms{conn_num} > 9);
$cnum=0;
foreach $val (@list)
{
foreach $var (qw(enabled host passwd netip))
{
eval sprintf("\$%s = \$parms{conn%s_%s}", $var, $val, $var);
}
print "<tr><td height=10></td></tr>\n" if $val eq "_add" and scalar(@list) > 1;
print "<tr>";
print "<td>";
# Required to be first, so, if the checkbox is cleared, a value will still POST
print "<input type='hidden' name='conn${val}_enabled' value='0'>" unless($val eq "_add");
print "<input type='checkbox' name='conn${val}_enabled' value='1'";
print " onChange='form.submit()'" unless $val eq "_add";
print " checked='checked'" if $enabled;
#print " disabled" unless $val eq "_add";
print " title='enable this connection'></td>";
print "<td><input type=text size=25 name=conn${val}_host value='$host'";
print " onChange='form.submit()'" unless $val eq "_add";
# print " disabled" unless $val eq "_add";
print " title='connection name'></td>";
print "<td>&nbsp;&nbsp;<input type=text size=20 name=conn${val}_passwd value='$passwd' ";
print " onChange='form.submit()'" unless $val eq "_add";
print " title='connection password'";
#print " disabled" unless $val eq "_add";
print "></td>";
print "<td>&nbsp;&nbsp;<input type=text size=14 name=conn${val}_netip value='$netip'";
print " onChange='form.submit()'" unless $val eq "_add";
# print " disabled" unless $val eq "_add";
print " title='connection network'></td>";
#if($val eq "_add") { print @netw[3]+(($net) * 4); }
#else { print @netw[3]+($net * 4); }
#print @netw[3]+($net * 4) unless $val eq "_add";
print "</td>";
print "<td>&nbsp;";
#print "<img src='/dot.png'/>" if(@active_tun[$cnum]);
print "<img src='/dot.png'/>" if((&is_tunnel_active($netip, @active_tun)) && ($val ne "_add"));
print "</td>";
print "<td>&nbsp;";
print "<input type=submit name=";
if($val eq "_add") { print "conn_add value=Add title='Add this connection'" }
else { print "conn${val}_del value=Del title='Delete this connection'" }
print "></td></tr>\n";
# display any errors
while(@conn_err and $conn_err[0] =~ /^$val /)
{
$err = shift @conn_err;
$err =~ s/^\S+ //;
print "<tr><th colspan=4>$err</th></tr>\n";
}
#push @hidden, "<input type='hidden' name='client${val}_enable' value='0'>" unless($val eq "_add");
print "<tr><td colspan=6 height=4></td></tr>\n";
$cnum++;
}
print "</table>\n";
}
#################################
# generate the UCI file
#################################
sub build_uci()
{
# loop over each connection
#$cnum=0;
foreach(`cat $vpnconnfile 2>/dev/null`)
{
next if /^\s*#/; ## ignore lines that start with '#'
next if /^\s*$/; ## ignore lines that start with '$'
chomp;
@parts = split /\|/, $_;
next unless scalar(@parts) == 4;
$enable = @parts[0];
$server = @parts[1];
$pass = @parts[2];
$net = @parts[3];
@netw=split /\./, $net;
unless($enable)
{
# $cnum++; ## to make sure the tun and ip addresses remain constant
next;
}
$clientname=sprintf("%s-%d-%d-%d-%d",$unode,@netw[0],@netw[1],@netw[2],@netw[3]);
$net3=@netw[2];
#$net4=@netw[3]+($cnum*4);
$net4=@netw[3];
$netnet=sprintf("%d.%d.%d.%d",@netw[0],@netw[1],$net3,$net4);
$netcli=sprintf("%d.%d.%d.%d",@netw[0],@netw[1],$net3,$net4+1);
$netserv=sprintf("%d.%d.%d.%d",@netw[0],@netw[1],$net3,$net4+2);
# uci set vtun.@server[-1].host
# uci set vtun.@server[-1].node
# uci set vtun.@server[-1].passwd
# uci set vtun.@server[-1].netip
# uci commit vtun
$cnum++;
}
}
#################################
# load info from UCI
#################################
sub get_connection_info()
{
my $x;
# how many connections
my $connection_count=&uci_get_type_count("vtun","server");
for (my $i=1; $i<=$connection_count; $i++) {
foreach $var (qw(enabled host passwd netip))
{
$x=&uci_get_indexed_item("vtun","server",$i-1,$var);
$parms{"conn${i}_${var}"}=$x;
#eval sprintf("\$%s = \$parms{conn%s_%s}", $var, $val, $var);
}
}
$parms{conn_num} = $connection_count;
}
# VPN software is not installed
sub vpn_setup_required()
{
http_header();
html_header("$node setup", 1);
print "<body><center><table width=790><tr><td>\n";
navbar("vpn");
print "</td></tr><tr><td align=center><br><b>";
print "VPN software needs to be installed.";
#print "<input type=button name=install_vpn>";
print "</b></td></tr>\n";
print "</table></center></body></html>\n";
exit;
}
# A reboot is required
sub reboot_required()
{
http_header();
html_header("$node setup", 1);
print "<body><center><table width=790><tr><td>\n";
navbar("vpn");
print "</td></tr><tr><td align=center><br><b>";
if($config eq "")
{
print "This page is not available until the configuration has been set.";
}
else
{
print "The configuration has been changed.<br>This page will not be available until the node is rebooted.\n";
}
print "</b></td></tr>\n";
print "</table></center></body></html>\n";
exit;
}
sub DEBUGEXIT()
{
my ($text) = @_;
http_header();
html_header("$node setup", 1);
print "DEBUG[";
print $text;
print "]</body>";
exit;
}