---bigsnip-------
Ok, I have attached a more polished version of the patch, if anyone is interested in trying it out I can provide an iso.
Patch applies cleanly to ipcop-dev-v131-20030722 with cat <file> | patch -p1
Have fun
Mattia
PS:
On the contrary, if you think that this is not useful at all and/or a waste of bandwidth just give me a hint ........
Changes:
- Unique diff file against ipcop-dev-v131-20030722
- Added initial support for cipe connections
- Fixed logic on the web interface to handle better dhcp on BLUE and IPSEC on BLUE
- Polished rc.firewall script
- Now using network settings to generate the interface= line in ipsec.conf
- Added more detail in the errors for dhcp web page
- Tested on a clean install
----- ipcop-1.3.1alpha4wireless.diff
diff -uNrb ipcop-1.3.1-2003-07-22/html/cgi-bin/dhcp.cgi ipcop-1.3.1a4/html/cgi-bin/dhcp.cgi
--- ipcop-1.3.1-2003-07-22/html/cgi-bin/dhcp.cgi Fri May 16 21:16:33 2003
+++ ipcop-1.3.1a4/html/cgi-bin/dhcp.cgi Wed Jul 23 15:17:33 2003
@@ -12,7 +12,7 @@
# $Id: dhcp.cgi,v 1.2.2.17 2003/05/16 19:16:33 eoberlander Exp $
#
-require 'CONFIG_ROOT/header.pl';
+require '/var/ipcop/header.pl';
my %dhcpsettings;
my %netsettings;
@@ -26,9 +26,14 @@
$netsettings{'GREEN_NETMASK'} = '';
&readhash("${swroot}/ethernet/settings", \%netsettings);
+&readhash("${swroot}/wireless/settings", \%wirelesssettings);
+
$dhcpsettings{'ACTION'} = '';
$dhcpsettings{'VALID'} = '';
+$dhcpsettings{'ACTION_BLUE'} = '';
+$dhcpsettings{'VALID_BLUE'} = '';
+
$dhcpsettings{'ENABLE'} = 'off';
$dhcpsettings{'START_ADDR'} = '';
$dhcpsettings{'END_ADDR'} = '';
@@ -42,6 +47,18 @@
$dhcpsettings{'FIX_ENABLED'} = '';
$dhcpsettings{'WINS'} = '';
+$dhcpsettings{'ENABLE_BLUE'} = 'off';
+$dhcpsettings{'START_ADDR_BLUE'} = '';
+$dhcpsettings{'END_ADDR_BLUE'} = '';
+$dhcpsettings{'DOMAIN_NAME_BLUE'} = '';
+$dhcpsettings{'DEFAULT_LEASE_TIME_BLUE'} = '';
+$dhcpsettings{'MAX_LEASE_TIME_BLUE'} = '';
+$dhcpsettings{'FIX_MAC_BLUE'} = '';
+$dhcpsettings{'FIX_ADDR_BLUE'} = '';
+$dhcpsettings{'FIX_ENABLED_BLUE'} = '';
+$dhcpsettings{'WINS_BLUE'} = '';
+$dhcpsettings{'DNS1_BLUE'} = '';
+$dhcpsettings{'DNS2_BLUE'} = '';
&getcgihash(\%dhcpsettings);
if ($dhcpsettings{'ACTION'} eq $tr{'add'})
@@ -134,19 +151,19 @@
{
if (!(&validip($dhcpsettings{'START_ADDR'})))
{
- $errormessage = $tr{'invalid start address'};
+ $errormessage = "DHCP on Green: " . $tr{'invalid start address'};
goto ERROR;
}
if (!(&validip($dhcpsettings{'END_ADDR'})))
{
- $errormessage = $tr{'invalid end address'};
+ $errormessage = "DHCP on Green: " . $tr{'invalid end address'};
goto ERROR;
}
if ($dhcpsettings{'DNS1'})
{
if (!(&validip($dhcpsettings{'DNS1'})))
{
- $errormessage = $tr{'invalid primary dns'};
+ $errormessage = "DHCP on Green: " . $tr{'invalid primary dns'};
goto ERROR;
}
}
@@ -154,38 +171,94 @@
{
if (!(&validip($dhcpsettings{'DNS2'})))
{
- $errormessage = $tr{'invalid secondary dns'};
+ $errormessage = "DHCP on Green: " . $tr{'invalid secondary dns'};
goto ERROR;
}
}
if (!($dhcpsettings{'DNS1'}) && $dhcpsettings{'DNS2'})
{
- $errormessage = $tr{'cannot specify secondary dns without specifying primary'};
+ $errormessage = "DHCP on Green: " . $tr{'cannot specify secondary dns without specifying primary'};
goto ERROR;
}
if (!($dhcpsettings{'DEFAULT_LEASE_TIME'} =~ /^\d+$/))
{
- $errormessage = $tr{'invalid default lease time'};
+ $errormessage = "DHCP on Green: " . $tr{'invalid default lease time'};
goto ERROR;
}
if (!($dhcpsettings{'MAX_LEASE_TIME'} =~ /^\d+$/))
{
- $errormessage = $tr{'invalid max lease time'};
+ $errormessage = "DHCP on Green: " . $tr{'invalid max lease time'};
goto ERROR;
}
if ($dhcpsettings{'WINS'})
{
if (!(&validip($dhcpsettings{'WINS'})))
{
- $errormessage = $tr{'invalid wins address'};
+ $errormessage = "DHCP on Green: " . $tr{'invalid wins address'};
+ goto ERROR;
+ }
+ }
+ if ($netsettings{'BLUE_DEV'} ne ''){
+ if (!(&validip($dhcpsettings{'START_ADDR_BLUE'})))
+ {
+ $errormessage = "DHCP on Blue: " . $tr{'invalid start address'};
+ goto ERROR;
+ }
+ if (!(&validip($dhcpsettings{'END_ADDR_BLUE'})))
+ {
+ $errormessage = "DHCP on Blue: " . $tr{'invalid end address'};
+ goto ERROR;
+ }
+ if ($dhcpsettings{'DNS1_BLUE'})
+ {
+ if (!(&validip($dhcpsettings{'DNS1_BLUE'})))
+ {
+ $errormessage ="DHCP on Blue: " . $tr{'invalid primary dns'};
goto ERROR;
}
}
+ if ($dhcpsettings{'DNS2_BLUE'})
+ {
+ if (!(&validip($dhcpsettings{'DNS2_BLUE'})))
+ {
+ $errormessage = "DHCP on Blue: " . $tr{'invalid secondary dns'};
+ goto ERROR;
+ }
+ }
+ if (!($dhcpsettings{'DNS1_BLUE'}) && $dhcpsettings{'DNS2_BLUE'})
+ {
+ $errormessage = "DHCP on Blue: " . $tr{'cannot specify secondary dns without specifying primary'};
+ goto ERROR;
+ }
+ if (!($dhcpsettings{'DEFAULT_LEASE_TIME_BLUE'} =~ /^\d+$/))
+ {
+ $errormessage = "DHCP on Blue: " . $tr{'invalid default lease time'};
+ goto ERROR;
+ }
+ if (!($dhcpsettings{'MAX_LEASE_TIME_BLUE'} =~ /^\d+$/))
+ {
+ $errormessage = "DHCP on Blue: " . $tr{'invalid max lease time'};
+ goto ERROR;
+ }
+ if ($dhcpsettings{'WINS_BLUE'})
+ {
+ if (!(&validip($dhcpsettings{'WINS_BLUE'})))
+ {
+ $errormessage = "DHCP on Blue: " . $tr{'invalid wins address'};
+ goto ERROR;
+ }
+ }
+ }
ERROR:
if ($errormessage) {
- $dhcpsettings{'VALID'} = 'no'; }
+ $dhcpsettings{'VALID'} = 'no';
+ $dhcpsettings{'VALID_BLUE'} = 'no';
+ }
else {
$dhcpsettings{'VALID'} = 'yes';
+ if ($netsettings{'BLUE_DEV'} ne ''){
+ $dhcpsettings{'VALID_BLUE'} = 'yes';
+ }
&writehash("${swroot}/dhcp/settings", \%dhcpsettings);
open(FILE, ">/${swroot}/dhcp/dhcpd.conf") or die "Unable to write dhcpd.conf file";
@@ -207,13 +280,40 @@
{
print FILE "\toption netbios-name-servers $dhcpsettings{'WINS'};\n";
}
- my $defaultleasetime = $dhcpsettings{'DEFAULT_LEASE_TIME'} * 60;
- my $maxleasetime = $dhcpsettings{'MAX_LEASE_TIME'} * 60;
+ $defaultleasetime = $dhcpsettings{'DEFAULT_LEASE_TIME'} * 60;
+ $maxleasetime = $dhcpsettings{'MAX_LEASE_TIME'} * 60;
print FILE "\trange dynamic-bootp $dhcpsettings{'START_ADDR'} $dhcpsettings{'END_ADDR'};\n";
print FILE "\tdefault-lease-time $defaultleasetime;\n";
print FILE "\tmax-lease-time $maxleasetime;\n";
print FILE "}\n";
+ #Write Blue settings iff blue interface is enabled
+
+ if ($dhcpsettings{'ENABLED_BLUE'} eq 'on'){
+ print FILE "subnet $netsettings{'BLUE_NETADDRESS'} netmask $netsettings{'BLUE_NETMASK'}\n";
+ print FILE "{\n";
+ print FILE "\toption subnet-mask $netsettings{'BLUE_NETMASK'};\n";
+ print FILE "\toption domain-name \"$dhcpsettings{'DOMAIN_NAME_BLUE'}\";\n";
+ print FILE "\toption routers $netsettings{'BLUE_ADDRESS'};\n";
+ if ($dhcpsettings{'DNS1_BLUE'})
+ {
+ print FILE "\toption domain-name-servers ";
+ print FILE "$dhcpsettings{'DNS1_BLUE'}";
+ if ($dhcpsettings{'DNS2_BLUE'}) {
+ print FILE ", $dhcpsettings{'DNS2_BLUE'}"; }
+ print FILE ";\n";
+ }
+ if ($dhcpsettings{'WINS_BLUE'})
+ {
+ print FILE "\toption netbios-name-servers $dhcpsettings{'WINS_BLUE'};\n";
+ }
+ my $defaultleasetime = $dhcpsettings{'DEFAULT_LEASE_TIME_BLUE'} * 60;
+ my $maxleasetime = $dhcpsettings{'MAX_LEASE_TIME_BLUE'} * 60;
+ print FILE "\trange dynamic-bootp $dhcpsettings{'START_ADDR_BLUE'} $dhcpsettings{'END_ADDR_BLUE'};\n";
+ print FILE "\tdefault-lease-time $defaultleasetime;\n";
+ print FILE "\tmax-lease-time $maxleasetime;\n";
+ print FILE "}\n";
+ }
#write fixed leases if any
open(LEASES, "$filename") or die 'Unable to open fixed leases file.';
my @current = <LEASES>;
@@ -248,6 +348,16 @@
unlink "${swroot}/dhcp/enable";
&log($tr{'dhcp server disabled'})
}
+ if ($dhcpsettings{'ENABLE_BLUE'} eq 'on' && $dhcpsettings{'VALID_BLUE'} eq 'yes')
+ {
+ system ('/bin/touch', "${swroot}/dhcp/enable_blue");
+ &log($tr{'dhcp server enabled on BLUE interface'})
+ }
+ else
+ {
+ unlink "${swroot}/dhcp/enable_blue";
+ &log($tr{'dhcp server disabled on BLUE interface'})
+ }
}
system '/usr/local/bin/restartdhcp';
}
@@ -267,10 +377,20 @@
$dhcpsettings{'DEFAULT_LEASE_TIME'} = '60';
$dhcpsettings{'MAX_LEASE_TIME'} = '120';
}
+if ($dhcpsettings{'VALID_BLUE'} eq '')
+{
+ $dhcpsettings{'ENABLE_BLUE'} = 'off';
+ $dhcpsettings{'DNS1_BLUE'} = $netsettings{'GREEN_ADDRESS'};
+ $dhcpsettings{'DEFAULT_LEASE_TIME_BLUE'} = '60';
+ $dhcpsettings{'MAX_LEASE_TIME_BLUE'} = '120';
+}
my %checked;
$checked{'ENABLE'}{'off'} = '';
$checked{'ENABLE'}{'on'} = '';
$checked{'ENABLE'}{$dhcpsettings{'ENABLE'}} = 'CHECKED';
+$checked{'ENABLE_BLUE'}{'off'} = '';
+$checked{'ENABLE_BLUE'}{'on'} = '';
+$checked{'ENABLE_BLUE'}{$dhcpsettings{'ENABLE_BLUE'}} = 'CHECKED';
my %fixchecked;
$fixchecked{'FIX_ENABLED'}{'off'} = '';
@@ -292,10 +412,13 @@
print "<FORM METHOD='POST'>\n";
-&openbox('100%', 'LEFT', $tr{'dhcp'});
+&openbox('100%', 'LEFT', 'DHCP');
print <<END
<TABLE WIDTH='100%'>
<TR>
+ <TD WIDTH='25%' CLASS='boldbase'><B>Green Interface</B></TD>
+</TR>
+<TR>
<TD WIDTH='25%' CLASS='base'>$tr{'start address'}</TD>
<TD WIDTH='25%'><INPUT TYPE='text' NAME='START_ADDR' VALUE='$dhcpsettings{'START_ADDR'}'></TD>
<TD WIDTH='25%' CLASS='base'>$tr{'end address'}</TD>
@@ -326,6 +449,51 @@
<TD><INPUT TYPE='checkbox' NAME='ENABLE' $checked{'ENABLE'}{'on'}></TD>
</TR>
</TABLE>
+END
+;
+if ($wirelesssettings{'ENABLE'} eq 'on'){
+print <<END
+<BR>
+<TABLE WIDTH='100%'>
+<TR>
+ <TD WIDTH='25%' CLASS='boldbase'><B>Blue Interface</B></TD>
+</TR>
+<TR>
+ <TD WIDTH='25%' CLASS='base'>$tr{'start address'}</TD>
+ <TD WIDTH='25%'><INPUT TYPE='text' NAME='START_ADDR_BLUE' VALUE='$dhcpsettings{'START_ADDR_BLUE'}'></TD>
+ <TD WIDTH='25%' CLASS='base'>$tr{'end address'}</TD>
+ <TD WIDTH='25%'><INPUT TYPE='text' NAME='END_ADDR_BLUE' VALUE='$dhcpsettings{'END_ADDR_BLUE'}'></TD>
+</TR>
+<TR>
+ <TD CLASS='base'>$tr{'primary dns'}</TD>
+ <TD><INPUT TYPE='text' NAME='DNS1_BLUE' VALUE='$dhcpsettings{'DNS1_BLUE'}'></TD>
+ <TD CLASS='base'>$tr{'secondary dns'}</TD>
+ <TD><INPUT TYPE='text' NAME='DNS2_BLUE' VALUE='$dhcpsettings{'DNS2_BLUE'}'></TD>
+</TR>
+<TR>
+ <TD CLASS='base'>$tr{'default lease time'}</TD>
+ <TD><INPUT TYPE='text' NAME='DEFAULT_LEASE_TIME_BLUE' VALUE='$dhcpsettings{'DEFAULT_LEASE_TIME_BLUE'}'></TD>
+ <TD CLASS='base'>$tr{'max lease time'}</TD>
+ <TD><INPUT TYPE='text' NAME='MAX_LEASE_TIME_BLUE' VALUE='$dhcpsettings{'MAX_LEASE_TIME_BLUE'}'></TD>
+</TR>
+<TR>
+ <TD CLASS='base'>$tr{'domain name suffix'} <IMG SRC='/blob.gif'></TD>
+ <TD><INPUT TYPE='text' NAME='DOMAIN_NAME_BLUE' VALUE='$dhcpsettings{'DOMAIN_NAME_BLUE'}'></TD>
+ <TD CLASS='base'>$tr{'wins server address'} <IMG SRC='/blob.gif'></TD></TD>
+ <TD><INPUT TYPE='text' NAME='WINS_BLUE' VALUE='$dhcpsettings{'WINS_BLUE'}'></TD>
+</TR>
+<TR>
+ <TD> </TD>
+ <TD> </TD>
+ <TD CLASS='base'>$tr{'enabled'}</TD>
+ <TD><INPUT TYPE='checkbox' NAME='ENABLE_BLUE' $checked{'ENABLE_BLUE'}{'on'}></TD>
+</TR>
+</TABLE>
+END
+;
+}
+
+print <<END
<BR>
<TABLE WIDTH='100%'>
<TR>
diff -uNrb ipcop-1.3.1-2003-07-22/html/cgi-bin/vpn.cgi/vpnconfig.dat ipcop-1.3.1a4/html/cgi-bin/vpn.cgi/vpnconfig.dat
--- ipcop-1.3.1-2003-07-22/html/cgi-bin/vpn.cgi/vpnconfig.dat Sun Mar 9 15:27:47 2003
+++ ipcop-1.3.1a4/html/cgi-bin/vpn.cgi/vpnconfig.dat Wed Jul 23 15:18:24 2003
@@ -15,15 +15,32 @@
# $Id: vpnconfig.dat,v 1.3.2.9 2003/03/09 14:27:47 riddles Exp $
#
-require 'CONFIG_ROOT/header.pl';
+require '/var/ipcop/header.pl';
use File::Copy;
use Net::DNS;
my %cgiparams;
my $filename = "${swroot}/vpn/config";
+my %netsettings, %wirelesssettings,%vpnparams;
+
+$netsettings{'BLUE_ADDRESS'} = '';
+&readhash("${swroot}/ethernet/settings", \%netsettings);
+
+$wirelesssettings{'ENABLE'} = '';
+&readhash("${swroot}/wireless/settings", \%wirelesssettings);
+
+&readhash("${swroot}/vpn/settings", \%vpnparams);
$cgiparams{'ENABLED'} = 'off';
$cgiparams{'COMPRESSION'} = 'off';
+
+$checked{'ENABLED_BLUE'}{'off'} = '';
+$checked{'ENABLED_BLUE'}{'on'} = '';
+$checked{'ENABLED_BLUE'}{$vpnparams{'ENABLED_BLUE'}} = 'CHECKED';
+$checked{'COMPRESSION_BLUE'}{'off'} = '';
+$checked{'COMPRESSION_BLUE'}{'on'} = '';
+$checked{'COMPRESSION_BLUE'}{$vpnparams{'COMPRESSION_BLUE'}} = 'CHECKED';
+
# wantfile required for import, sadly it can only be enabled globally...
&getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
@@ -68,6 +85,10 @@
&writeipsecfiles();
}
}
+if ($cgiparams{'ACTION'} eq 'Save')
+{
+ &writeipsecfiles();
+}
if ($cgiparams{'ACTION'} eq $tr{'remove'} || $cgiparams{'ACTION'} eq $tr{'edit'})
{
open(FILE, "$filename") or die 'Unable to open config file.';
@@ -151,6 +172,13 @@
$checked{'COMPRESSION'}{'off'} = '';
$checked{'COMPRESSION'}{'on'} = '';
$checked{'COMPRESSION'}{$cgiparams{'COMPRESSION'}} = 'CHECKED';
+$checked{'ENABLED_BLUE'}{'off'} = '';
+$checked{'ENABLED_BLUE'}{'on'} = '';
+$checked{'ENABLED_BLUE'}{$vpnparams{'ENABLED_BLUE'}} = 'CHECKED';
+$checked{'COMPRESSION_BLUE'}{'off'} = '';
+$checked{'COMPRESSION_BLUE'}{'on'} = '';
+$checked{'COMPRESSION_BLUE'}{$vpnparams{'COMPRESSION_BLUE'}} = 'CHECKED';
+
if ($cgiparams{'LEFTNEXTHOP'} eq '') {$cgiparams{'LEFTNEXTHOP'} = '%defaultroute';}
if ($cgiparams{'RIGHTNEXTHOP'} eq '') {$cgiparams{'RIGHTNEXTHOP'} = '%defaultroute';}
@@ -170,7 +198,28 @@
}
print "<FORM METHOD='POST'>\n";
-
+if ($vpnparams{'ENABLED_BLUE'} eq 'on' and $wirelesssettings{'ENABLE'} eq 'on') {
+&openbox('100%', 'LEFT', 'VPN over Wireless link');
+print <<END
+<TABLE WIDTH='100%'>
+<TR>
+<TD CLASS='base'>$tr{'secretc'}</TD>
+<TD COLSPAN='3'>
+<INPUT TYPE='PASSWORD' NAME='SECRET_BLUE' VALUE='$vpnparams{'SECRET_BLUE'}' SIZE='40'></TD>
+<TD CLASS='base'>$tr{'compression'}</TD>
+<TD><INPUT TYPE='CHECKBOX' NAME='COMPRESSION_BLUE' $checked{'COMPRESSION_BLUE'}{'on'}></TD>
+</TR>
+</TABLE>
+<TABLE WIDTH='100%'>
+<TR>
+<TD WIDTH='50%' ALIGN='CENTER'>$tr{'enabled'}<INPUT TYPE='CHECKBOX' NAME='ENABLED_BLUE' $checked{'ENABLED_BLUE'}{'on'}></TD>
+<TD WIDTH='50%' ALIGN='CENTER'><INPUT TYPE='SUBMIT' NAME='ACTION' VALUE='Save'></TD>
+</TR>
+</TABLE>
+END
+;
+&closebox();
+}
&openbox('100%', 'LEFT', $tr{'add a new connection'});
print <<END
<TABLE WIDTH='100%'>
@@ -315,11 +364,16 @@
close(FILE);
open(CONF, ">${swroot}/vpn/ipsec.conf") or die 'unable to open conf file';
- open(SECRETS, ">${swroot}/vpn/ipsec.secrets") or die 'unabe to open secrets file.';
+ open(SECRETS, ">${swroot}/vpn/ipsec.secrets") or die 'unable to open secrets file.';
flock CONF, 2;
flock SECRETS, 2;
print CONF "config setup\n";
- print CONF "\tinterfaces=%defaultroute\n";
+# print CONF "\tinterfaces=\"ipsec0=ppp0 ipsec1=eth0 ipsec2=eth2 ipsec3=eth1\"\n";
+ if ($cgiparams{'ENABLED_BLUE'} eq 'on' and $wirelesssettings{'ENABLE'} eq 'on') {
+ print CONF "\tinterfaces=\"ipsec0=$netsettings{'RED_DEV'} ipsec2=$netsettings{'BLUE_DEV'}\"\n";
+ }else{
+# print CONF "\tinterfaces=%default\n";
+ }
print CONF "\tklipsdebug=none\n";
print CONF "\tplutodebug=none\n";
print CONF "\tplutoload=%search\n";
@@ -367,9 +421,28 @@
}
$id++;
}
+ if ($cgiparams{'ENABLED_BLUE'} eq 'on' and $wirelesssettings{'ENABLE'} eq 'on') {
+ print CONF "conn wireless\n";
+ if ($checked{'COMPRESSION_BLUE'} eq 'on') {
+ print CONF "\tcompress=yes\n";
+ } else {
+ print CONF "\tcompress=no\n";
+ }
+ print CONF "\tleft=$netsettings{'BLUE_ADDRESS'}\n";
+ print CONF "\tleftsubnet=0.0.0.0/0\n";
+ print CONF "\ttype=tunnel\n";
+ print CONF "\tauthby=secret\n";
+ print CONF "\tpfs=yes\n";
+ print CONF "\tright=%any\n";
+ print CONF "\tauto=add\n";
+ print CONF "\n";
+ print SECRETS "$netsettings{'BLUE_ADDRESS'} %any : PSK \"$cgiparams{'SECRET_BLUE'}\"\n";
+ }
close(CONF);
close(SECRETS);
+ $vpnparams{'SECRET_BLUE'} = $cgiparams{'SECRET_BLUE'};
+ &writehash("${swroot}/vpn/settings", \%vpnparams);
}
sub valid_dns_host()
diff -uNrb ipcop-1.3.1-2003-07-22/html/cgi-bin/vpnmain.cgi ipcop-1.3.1a4/html/cgi-bin/vpnmain.cgi
--- ipcop-1.3.1-2003-07-22/html/cgi-bin/vpnmain.cgi Mon May 12 16:18:49 2003
+++ ipcop-1.3.1a4/html/cgi-bin/vpnmain.cgi Wed Jul 23 12:57:47 2003
@@ -9,12 +9,20 @@
# $Id: vpnmain.cgi,v 1.3.2.9 2003/05/12 14:18:49 riddles Exp $
#
-require 'CONFIG_ROOT/header.pl';
+require '/var/ipcop/header.pl';
my (%cgiparams,%checked);
my $filename = "${swroot}/vpn/config";
+my %netsettings, %wirelesssettings;
+
+$netsettings{'BLUE_DEV'} = '';
+&readhash("${swroot}/ethernet/settings", \%netsettings);
+
+$wirelesssettings{'ENABLE'} = '';
+&readhash("${swroot}/wireless/settings", \%wirelesssettings);
$cgiparams{'ENABLED'} = 'off';
+$cgiparams{'ENABLED_BLUE'} = 'off';
&getcgihash(\%cgiparams);
if ($cgiparams{'ACTION'} eq $tr{'save'})
@@ -50,12 +58,16 @@
if ($cgiparams{'VALID'} eq '')
{
$cgiparams{'ENABLE'} = 'off';
+ $cgiparams{'ENABLE_BLUE'} = 'off';
}
$checked{'ENABLED'}{'off'} = '';
$checked{'ENABLED'}{'on'} = '';
$checked{'ENABLED'}{$cgiparams{'ENABLED'}} = 'CHECKED';
+$checked{'ENABLED_BLUE'}{'off'} = '';
+$checked{'ENABLED_BLUE'}{'on'} = '';
+$checked{'ENABLED_BLUE'}{$cgiparams{'ENABLED_BLUE'}} = 'CHECKED';
&showhttpheaders();
&openpage($tr{'vpn configuration main'}, 1, '');
@@ -80,9 +92,28 @@
<TD WIDTH='25%' CLASS='base'>$tr{'local vpn ip'} <IMG SRC='/blob.gif'></TD>
<TD WIDTH='25%' ><INPUT TYPE='TEXT' NAME='VPN_IP' VALUE='$cgiparams{'VPN_IP'}' SIZE='15'></TD>
<TD WIDTH='25%' CLASS='base'>$tr{'enabled'}<INPUT TYPE='CHECKBOX' NAME='ENABLED' $checked{'ENABLED'}{'on'}></TD>
-<TD WIDTH='25%' ALIGN='CENTER'><INPUT TYPE='SUBMIT' NAME='ACTION' VALUE='$tr{'save'}'></TD>
+<TD WIDTH='25%' ALIGN='CENTER'> </TD>
+</TR>
+END
+;
+if ($wirelesssettings{'ENABLE'} eq 'on'){
+
+print <<END
+<TR>
+<TD WIDTH='25%' CLASS='base'>VPN on Blue ;</TD>
+<TD WIDTH='25%' CLASS='base'> </TD>
+<TD WIDTH='25%' CLASS='base'>$tr{'enabled'}<INPUT TYPE='CHECKBOX' NAME='ENABLED_BLUE' $checked{'ENABLED_BLUE'}{'on'}></TD>
+<TD WIDTH='25%' ALIGN='CENTER'> </TD>
</TR>
+END
+;
+}
+print <<END
+<TD WIDTH='25%' CLASS='base'> </TD>
+<TD WIDTH='25%' CLASS='base'> </TD>
+<TD WIDTH='25%' CLASS='base'> </TD>
+<TD WIDTH='25%' ALIGN='CENTER'><INPUT TYPE='SUBMIT' NAME='ACTION' VALUE='$tr{'save'}'></TD>
</TABLE>
<BR>
<IMG SRC='/blob.gif' VALIGN='top'>
diff -uNrb ipcop-1.3.1-2003-07-22/make.sh ipcop-1.3.1a4/make.sh
--- ipcop-1.3.1-2003-07-22/make.sh Thu Jul 17 19:54:35 2003
+++ ipcop-1.3.1a4/make.sh Wed Jul 23 09:40:18 2003
@@ -1278,7 +1278,7 @@
MISC_BIN="iowrap installpackage ipsecctrl restartdhcp\
restartsnort restartsquid restartssh setportfw setxtaccess \
setdmzholes ipcopdeath ipcoprebirth restartshaping\
- setaliases ipcopbackup"
+ setaliases ipcopbackup cipectrl"
for i in $MISC_BIN ; do
mv -f $i $TMPDIR/build/usr/local/bin
@@ -1538,8 +1538,6 @@
cd cipe*
./configure --prefix=/usr --with-linux=$TMPDIR/linux >> $LOGFILE 2>&1
make >> $LOGFILE 2>&1
- mv Makefile Makefile.bak
- sed "s/BUILD_PKCIPE:=1/BUILD_PKCIPE:=/" Makefile.bak > Makefile
make install BINDIR=$TMPDIR/build/usr/sbin INFODIR=$TMPDIR/build/usr/info \
MODDIR=$TMPDIR/build/lib/modules/$KERNEL_VERSION/misc \
sbindir=$TMPDIR/build/usr/sbin bindir=$TMPDIR/build/usr/bin >>$LOGFILE 2>&1
diff -uNrb ipcop-1.3.1-2003-07-22/src/misc-progs/Makefile ipcop-1.3.1a4/src/misc-progs/Makefile
--- ipcop-1.3.1-2003-07-22/src/misc-progs/Makefile Mon Jul 14 21:13:34 2003
+++ ipcop-1.3.1a4/src/misc-progs/Makefile Wed Jul 23 10:47:31 2003
@@ -10,7 +10,7 @@
PROGS=setdmzholes setportfw setxtaccess restartdhcp restartsnort \
restartsquid restartssh ipcopdeath ipcoprebirth \
installpackage ipsecctrl iowrap setaliases ipcopbackup \
- restartshaping
+ restartshaping cipectrl
all : $(PROGS)
diff -uNrb ipcop-1.3.1-2003-07-22/src/misc-progs/cipectrl.c ipcop-1.3.1a4/src/misc-progs/cipectrl.c
--- ipcop-1.3.1-2003-07-22/src/misc-progs/cipectrl.c Thu Jan 1 01:00:00 1970
+++ ipcop-1.3.1a4/src/misc-progs/cipectrl.c Wed Jul 23 10:22:47 2003
@@ -0,0 +1,37 @@
+/*
+ *
+ * File originally from the Smoothwall project
+ * (c) 2001 Smoothwall Team
+ *
+ * $Id: ipsecctrl.c,v 1.3.2.4 2003/05/02 14:12:17 riddles Exp $
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "setuid.h"
+
+int main(int argc, char *argv[])
+{
+ if (!(initsetuid()))
+ exit(1);
+
+ if (argc < 2) {
+ fprintf(stderr, "Missing arg\n");
+ exit(1);
+ }
+
+ if (strcmp(argv[1], "S") == 0) {
+ safe_system("/etc/rc.d/cipe stop >/dev/null");
+ exit(0);
+ } else if (strcmp(argv[1], "R") == 0) {
+ safe_system("/etc/rc.d/cipe restart >/dev/null");
+ exit(0);
+ } else {
+ fprintf(stderr, "Bad arg\n");
+ exit(1);
+ }
+
+ return 0;
+}
diff -uNrb ipcop-1.3.1-2003-07-22/src/misc-progs/restartdhcp.c ipcop-1.3.1a4/src/misc-progs/restartdhcp.c
--- ipcop-1.3.1-2003-07-22/src/misc-progs/restartdhcp.c Wed Jun 4 11:23:59 2003
+++ ipcop-1.3.1a4/src/misc-progs/restartdhcp.c Wed Jul 23 09:47:26 2003
@@ -62,6 +62,9 @@
RESTART:
if ((fd = open(CONFIG_ROOT "/dhcp/enable", O_RDONLY)) != -1)
{
+ if ((fd = open(CONFIG_ROOT "/dhcp/enable_blue", O_RDONLY)) != -1)
+ safe_system("/usr/sbin/dhcpd eth0 eth2");
+ else
safe_system("/usr/sbin/dhcpd eth0");
close(fd);
diff -uNrb ipcop-1.3.1-2003-07-22/src/rc.d/cipe ipcop-1.3.1a4/src/rc.d/cipe
--- ipcop-1.3.1-2003-07-22/src/rc.d/cipe Thu Jan 1 01:00:00 1970
+++ ipcop-1.3.1a4/src/rc.d/cipe Wed Jul 23 09:35:22 2003
@@ -0,0 +1,92 @@
+#!/bin/sh
+#
+# Startup script for the CIPE VPN
+#
+# chkconfig: 345 11 89
+# description: CIPE is used to create encrypted IP-IP.
+# processname: ciped-cb
+# pid /var/run/cipcb*.pid
+# config: /etc/cipe/options.cipcb*
+# Which connections are we handling?
+# Default is all
+if [ -z $2 ] ; then
+ CONN=`ls -1 /etc/cipe | grep -w -eoptions | sed -e s/options\.//`
+else
+ CONN=$2
+fi
+# Check that networking is up.
+start() {
+ for each in $CONN; do
+ if [ -f /var/run/$each.pid ] ; then
+ echo "CIPE interface " $each " is already running"
+ exit 1
+ fi
+# echo "Starting CIPE interface $each: " /usr/local/sbin/ciped-cb -o /etc/cipe/options.$each
+ echo "Starting CIPE interface $each: " /usr/local/sbin/startcipe start
+ /usr/local/sbin/startcipe start
+ RETVAL=$?
+ echo
+ [ $RETVAL -eq 0 ] && touch /var/lock/subsys/ciped.$each
+ echo `/sbin/pidof ciped-cb` > /var/run/ciped-cb.pid
+ done
+}
+startpkcipe(){
+ . /var/ipcop/vpn/settings
+ echo "Starting PKCIPE interface : Listening on port: " $PKCIPE_LISTEN_PORT
+ /usr/local/bin/pkcipe -s $PKCIPE_LISTEN_PORT &
+ echo `/sbin/pidof pkcipe` > /var/run/pkcipe.pid
+}
+stop() {
+ killall -9 ciped-cb
+ RETVAL=$?
+ echo
+ [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ciped.*
+ rm -f /var/run/ciped-cb.pid
+}
+stoppkcipe() {
+ killall -9 pkcipe
+ RETVAL=$?
+ echo
+}
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ startpkcipe)
+ startpkcipe
+ ;;
+ stop)pkcipe
+ stoppkcipe
+ ;;
+ status)
+ ps auwx | grep ciped-cb
+ RETVAL=$?
+ ;;
+ restart)
+ stop
+ start
+ RETVAL=$?
+ ;;
+ restartpkcipe)
+ stoppkcipe
+ startpkcipe
+ RETVAL=$?
+ ;;
+ condrestart)
+ CONN=`ls -1 /var/lock/subsys | grep -w -eciped | sed -e s/ciped\.//`
+ stop
+ start
+ ;;
+ reload)
+ stop
+ start
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|reload|status}"
+ RETVAL=1
+esac
+exit $RETVAL
diff -uNrb ipcop-1.3.1-2003-07-22/src/rc.d/rc.firewall ipcop-1.3.1a4/src/rc.d/rc.firewall
--- ipcop-1.3.1-2003-07-22/src/rc.d/rc.firewall Fri Jun 27 10:28:37 2003
+++ ipcop-1.3.1a4/src/rc.d/rc.firewall Wed Jul 23 15:22:54 2003
@@ -123,6 +123,27 @@
# accept all traffic from ipsec interfaces
/sbin/iptables -A INPUT -i ipsec+ -j ACCEPT
/sbin/iptables -A FORWARD -i ipsec+ -j ACCEPT
+ /sbin/iptables -A FORWARD -i cipcb+ -j ACCEPT
+
+ # Port forwarding for BLUE interface
+ if [ "$BLUE_DEV" != "" ]; then
+
+ # DHCP
+ /sbin/iptables -A INPUT -p tcp --source-port 68 --destination-port 67 -i $BLUE_DEV -j ACCEPT
+ /sbin/iptables -A INPUT -p udp --source-port 68 --destination-port 67 -i $BLUE_DEV -j ACCEPT
+
+ # Allow IPSec
+ /sbin/iptables -A INPUT -p 47 -i $BLUE_DEV -j ACCEPT
+ /sbin/iptables -A INPUT -p 50 -i $BLUE_DEV -j ACCEPT
+ /sbin/iptables -A INPUT -p 51 -i $BLUE_DEV -j ACCEPT
+ /sbin/iptables -A INPUT -p udp -i $BLUE_DEV --sport 500 --dport 500 -j ACCEPT
+
+ fi
+
+
+ # accept all traffic from cipe interfaces
+ /sbin/iptables -A INPUT -i cipcb+ -j ACCEPT
+ /sbin/iptables -A FORWARD -i cipcb+ -j ACCEPT
# Port forwarding
if [ "$ORANGE_DEV" != "" ]; then
|