Merge branch 'master' into next

Conflicts: lfs/monit
2026-04-22 17:02:58 +02:00 · 2015-04-11 21:58:09 +02:00
parent 1164cb0d0b c63e97bbaf
commit 0fbba54e82
20 changed files with 240 additions and 116 deletions
--- a/config/backup/include
+++ b/config/backup/include
@@ -4,6 +4,7 @@
 /var/ipfire/*/config
 /var/ipfire/*/enable
 /var/ipfire/*/*enable*
+/var/ipfire/ovpn/collectd.vpn
 /etc/passwd
 /etc/shadow
 /etc/group
--- a/config/cfgroot/graphs.pl
+++ b/config/cfgroot/graphs.pl
@@ -664,32 +664,32 @@ sub updatevpnn2ngraph {
 		"COMMENT:".sprintf("%15s",$Lang::tr{'average'}),
 		"COMMENT:".sprintf("%15s",$Lang::tr{'minimal'}),
 		"COMMENT:".sprintf("%15s",$Lang::tr{'current'})."\\j",
-		"AREA:incoming#00dd00:".sprintf("%-20s",$Lang::tr{'incoming traffic in bytes per second'}),
+		"AREA:incoming#00dd00:".sprintf("%-23s",$Lang::tr{'incoming traffic in bytes per second'}),
 		"GPRINT:incoming:MAX:%8.1lf %sBps",
 		"GPRINT:incoming:AVERAGE:%8.1lf %sBps",
 		"GPRINT:incoming:MIN:%8.1lf %sBps",
 		"GPRINT:incoming:LAST:%8.1lf %sBps\\j",
-		"STACK:overhead_in#116B11:".sprintf("%-20s",$Lang::tr{'incoming overhead in bytes per second'}),
+		"STACK:overhead_in#116B11:".sprintf("%-23s",$Lang::tr{'incoming overhead in bytes per second'}),
 		"GPRINT:overhead_in:MAX:%8.1lf %sBps",
 		"GPRINT:overhead_in:AVERAGE:%8.1lf %sBps",
 		"GPRINT:overhead_in:MIN:%8.1lf %sBps",
 		"GPRINT:overhead_in:LAST:%8.1lf %sBps\\j",
-		"LINE1:compression_in#ff00ff:".sprintf("%-20s",$Lang::tr{'incoming compression in bytes per second'}),
+		"LINE1:compression_in#ff00ff:".sprintf("%-23s",$Lang::tr{'incoming compression in bytes per second'}),
 		"GPRINT:compression_in:MAX:%8.1lf %sBps",
 		"GPRINT:compression_in:AVERAGE:%8.1lf %sBps",
 		"GPRINT:compression_in:MIN:%8.1lf %sBps",
 		"GPRINT:compression_in:LAST:%8.1lf %sBps\\j",
-		"AREA:outgoingn#dd0000:".sprintf("%-20s",$Lang::tr{'outgoing traffic in bytes per second'}),
+		"AREA:outgoingn#dd0000:".sprintf("%-23s",$Lang::tr{'outgoing traffic in bytes per second'}),
 		"GPRINT:outgoing:MAX:%8.1lf %sBps",
 		"GPRINT:outgoing:AVERAGE:%8.1lf %sBps",
 		"GPRINT:outgoing:MIN:%8.1lf %sBps",
 		"GPRINT:outgoing:LAST:%8.1lf %sBps\\j",
-		"STACK:overhead_outn#870C0C:".sprintf("%-20s",$Lang::tr{'outgoing overhead in bytes per second'}),
+		"STACK:overhead_outn#870C0C:".sprintf("%-23s",$Lang::tr{'outgoing overhead in bytes per second'}),
 		"GPRINT:overhead_out:MAX:%8.1lf %sBps",
 		"GPRINT:overhead_out:AVERAGE:%8.1lf %sBps",
 		"GPRINT:overhead_out:MIN:%8.1lf %sBps",
 		"GPRINT:overhead_out:LAST:%8.1lf %sBps\\j",
-		"LINE1:compression_outn#000000:".sprintf("%-20s",$Lang::tr{'outgoing compression in bytes per second'}),
+		"LINE1:compression_outn#000000:".sprintf("%-23s",$Lang::tr{'outgoing compression in bytes per second'}),
 		"GPRINT:compression_out:MAX:%8.1lf %sBps",
 		"GPRINT:compression_out:AVERAGE:%8.1lf %sBps",
 		"GPRINT:compression_out:MIN:%8.1lf %sBps",
--- a/config/rootfiles/common/collectd
+++ b/config/rootfiles/common/collectd
@@ -243,3 +243,4 @@ usr/share/collectd/types.db
 #usr/share/man/man5/collectd.conf.5
 #usr/share/man/man5/types.db.5
 #var/lib/collectd
+var/ipfire/ovpn/collectd.vpn
--- a/config/rootfiles/common/misc-progs
+++ b/config/rootfiles/common/misc-progs
@@ -2,6 +2,7 @@ usr/local/bin/addonctrl
 #usr/local/bin/applejuicectrl
 usr/local/bin/backupctrl
 #usr/local/bin/clamavctrl
+usr/local/bin/collectdctrl
 usr/local/bin/dhcpctrl
 usr/local/bin/dnsmasqctrl
 usr/local/bin/extrahdctrl
--- a/config/rootfiles/common/stage2
+++ b/config/rootfiles/common/stage2
@@ -124,6 +124,7 @@ usr/local/bin/update-lang-cache
 #usr/local/src
 #usr/sbin
 usr/sbin/ovpn-ccd-convert
+usr/sbin/ovpn-collectd-convert
 #usr/share
 #usr/share/doc
 #usr/share/doc/licenses
--- a/config/rootfiles/core/89/filelists/files
+++ b/config/rootfiles/core/89/filelists/files
@@ -11,6 +11,10 @@ srv/web/ipfire/cgi-bin/netovpnrw.cgi
 srv/web/ipfire/cgi-bin/netovpnsrv.cgi
 srv/web/ipfire/cgi-bin/ovpnmain.cgi
 srv/web/ipfire/cgi-bin/vpnmain.cgi
+usr/local/bin/collectdctrl
+usr/local/bin/openvpnctrl
+usr/sbin/ovpn-collectd-convert
+usr/sbin/setup
 var/ipfire/backup/bin/backup.pl
 var/ipfire/graphs.pl
 var/ipfire/langs
--- a/config/rootfiles/core/89/update.sh
+++ b/config/rootfiles/core/89/update.sh
@@ -35,10 +35,20 @@ done
 /etc/init.d/ipsec stop

 # Remove old files
+rm -f /usr/local/sbin/setup

 # Extract files
 extract_files

+# Update /etc/sysconfig/createfiles
+cat <<EOF >> /etc/sysconfig/createfiles
+/var/run/ovpnserver.log file    644     nobody  nobody
+/var/run/openvpn        dir     644     nobody  nobody
+EOF
+
+# Update /etc/collectd.conf
+echo "include \"/etc/collectd.vpn\"" >> /etc/collectd.conf
+
 # Generate ddns configuration file
 sudo -u nobody /srv/web/ipfire/cgi-bin/ddns.cgi

@@ -56,6 +66,9 @@ rm -f \
 	/opt/pakfire/db/*/meta-sqlite \
 	/opt/pakfire/db/rootfiles/sqlite

+# Update OpenVPN/collectd configuration
+/usr/sbin/ovpn-collectd-convert
+
 # Fix #10625
 mkdir -p /etc/logrotate.d

--- a/html/cgi-bin/netovpnrw.cgi
+++ b/html/cgi-bin/netovpnrw.cgi
@@ -47,10 +47,10 @@ if ( $querry[0] ne "" && $querry[0] ne "UNDEF"){
 	&Graphs::updatevpngraph($querry[0],$querry[1]);
 }else{
 	&Header::showhttpheaders();
-	&Header::openpage($Lang::tr{'host to net vpn'}, 1, '');
+	&Header::openpage($Lang::tr{'vpn statistic rw'}, 1, '');
 	&Header::openbigbox('100%', 'left');

-	my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*/ -not  -path *openvpn-UNDEF*  -not -path *openvpn-*n2n* -name *.rrd|sort`;
+	my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*/ -not  -path *openvpn-UNDEF*  -not -path *openvpn-*n2n* -name *.rrd 2>/dev/null|sort`;
 	foreach (@vpngraphs){
 		if($_ =~ /(.*)\/openvpn-(.*)\/if_octets_derive.rrd/){
 			push(@vpns,$2);
--- a/html/cgi-bin/netovpnsrv.cgi
+++ b/html/cgi-bin/netovpnsrv.cgi
@@ -47,10 +47,10 @@ if ( $querry[0] ne ""){
 	&Graphs::updatevpnn2ngraph($querry[0],$querry[1]);
 }else{
 	&Header::showhttpheaders();
-	&Header::openpage($Lang::tr{'openvpn server'}, 1, '');
+	&Header::openpage($Lang::tr{'vpn statistic n2n'}, 1, '');
 	&Header::openbigbox('100%', 'left');

-	my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*-n2n/ -not  -path *openvpn-UNDEF* -name *traffic.rrd|sort`;
+	my @vpngraphs = `find /var/log/rrd/collectd/localhost/openvpn-*-n2n/ -not  -path *openvpn-UNDEF* -name *traffic.rrd 2>/dev/null|sort`;
 	foreach (@vpngraphs){
 		if($_ =~ /(.*)\/openvpn-(.*)\/if_octets_derive-traffic.rrd/){
 			push(@vpns,$2);
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -668,6 +668,29 @@ sub read_routepushfile
 	}
 }

+sub writecollectdconf {
+	my $vpncollectd;
+	my %ccdhash=();
+
+	open(COLLECTDVPN, ">${General::swroot}/ovpn/collectd.vpn") or die "Unable to open collectd.vpn: $!";
+	print COLLECTDVPN "Loadplugin openvpn\n";
+	print COLLECTDVPN "\n";
+	print COLLECTDVPN "<Plugin openvpn>\n";
+	print COLLECTDVPN "Statusfile \"/var/run/ovpnserver.log\"\n";
+
+	&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
+	foreach my $key (keys %ccdhash) {
+		if ($ccdhash{$key}[0] eq 'on' && $ccdhash{$key}[3] eq 'net') {
+			print COLLECTDVPN "Statusfile \"/var/run/openvpn/$ccdhash{$key}[1]-n2n\"\n";
+		}
+	}
+
+	print COLLECTDVPN "</Plugin>\n";
+	close(COLLECTDVPN);
+
+	# Reload collectd afterwards
+	system("/usr/local/bin/collectdctrl restart &>/dev/null");
+}

 #hier die refresh page
 if ( -e "${General::swroot}/ovpn/gencanow") {
@@ -1166,10 +1189,17 @@ SETTINGS_ERROR:
    my $file = '';
    &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);

+    # Kill all N2N connections
+    system("/usr/local/bin/openvpnctrl -kn2n &>/dev/null");
+
    foreach my $key (keys %confighash) {
+	my $name = $confighash{$cgiparams{'$key'}}[1];
+
 	if ($confighash{$key}[4] eq 'cert') {
 	    delete $confighash{$cgiparams{'$key'}};
 	}
+
+	system ("/usr/local/bin/openvpnctrl -drrd $name");
    }
    while ($file = glob("${General::swroot}/ovpn/ca/*")) {
 	unlink $file;
@@ -1196,11 +1226,6 @@ SETTINGS_ERROR:
    while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
 	unlink $file
    }
-# Delete all RRD files for Roadwarrior connections
-    chdir('/var/ipfire/ovpn/ccd');
-	while ($file = glob("*")) {
-	system ("/usr/local/bin/openvpnctrl -drrd $file");
-	}
    while ($file = glob("${General::swroot}/ovpn/ccd/*")) {
 	unlink $file
    }
@@ -1216,6 +1241,9 @@ SETTINGS_ERROR:
 	system ("rm -rf $file");
    }

+    # Remove everything from the collectd configuration
+    &writecollectdconf();
+
    #&writeserverconf();
 ###
 ### Reset all step 1
@@ -2041,7 +2069,8 @@ END
 			&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);

 			if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
-                 system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
+				system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
+				&writecollectdconf();
 			}
 		} else {

@@ -2049,14 +2078,15 @@ END
 			&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);

 			if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
-                    if ($n2nactive ne ''){				
-						system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
-					}
+				if ($n2nactive ne '') {
+					system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
+					&writecollectdconf();
+				}
 
 			} else {
-   	          $errormessage = $Lang::tr{'invalid key'};
+				$errormessage = $Lang::tr{'invalid key'};
 			}
-      }
+		}
  }

 ###
@@ -2313,75 +2343,69 @@ else


 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
-    &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
-    &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+	&General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
+	&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);

-    if ($confighash{$cgiparams{'KEY'}}) {
-#	if ($vpnsettings{'ENABLED'} eq 'on' ||
-#	    $vpnsettings{'ENABLED_BLUE'} eq 'on') {
-#	    system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
-#	}
-#
-	my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+	if ($confighash{$cgiparams{'KEY'}}) {
+		my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;

 ###
 # m.a.d net2net
 ###

-if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
-	my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
-	my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
-	unlink ($certfile);
-	unlink ($conffile);
+		if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
+			# Stop the N2N connection before it is removed
+			system("/usr/local/bin/openvpnctrl -kn2n $confighash{$cgiparams{'KEY'}}[1] &>/dev/null");

-	if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") {
-		rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
-	}
-}
+			my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
+			my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+			unlink ($certfile);
+			unlink ($conffile);

-  unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
-  unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+			if (-e "${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") {
+				rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
+			}
+		}
+
+		unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
+		unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");

 # A.Marx CCD delete ccd files and routes

-	
-	if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]")
-	{
-		unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]";
-	}
-	
-	&General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
-	foreach my $key (keys %ccdroutehash) {
-		if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
-			delete $ccdroutehash{$key};
+		if (-f "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]")
+		{
+			unlink "${General::swroot}/ovpn/ccd/$confighash{$cgiparams{'KEY'}}[2]";
 		}
-	}
-	&General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
 	
-	&General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
-	foreach my $key (keys %ccdroute2hash) {
-		if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
-			delete $ccdroute2hash{$key};
+		&General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+		foreach my $key (keys %ccdroutehash) {
+			if ($ccdroutehash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
+				delete $ccdroutehash{$key};
+			}
 		}
+		&General::writehasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
+	
+		&General::readhasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+		foreach my $key (keys %ccdroute2hash) {
+			if ($ccdroute2hash{$key}[0] eq $confighash{$cgiparams{'KEY'}}[1]){
+				delete $ccdroute2hash{$key};
+			}
+		}
+		&General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
+		&writeserverconf;
+
+# CCD end
+		# Update collectd configuration and delete all RRD files of the removed connection
+		&writecollectdconf();
+		system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]");
+
+		delete $confighash{$cgiparams{'KEY'}};
+		my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
+		&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+
+	} else {
+		$errormessage = $Lang::tr{'invalid key'};
 	}
-	&General::writehasharray("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
-	&writeserverconf;
-	
-	
-# CCD end 
-
-###
-###  Delete all RRD's for client
-###
-	system ("/usr/local/bin/openvpnctrl -drrd $confighash{$cgiparams{'KEY'}}[1]");
-	delete $confighash{$cgiparams{'KEY'}};
-	my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
-	&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-
-	#&writeserverconf();
-    } else {
-	$errormessage = $Lang::tr{'invalid key'};
-    }
 	&General::firewall_reload();

 ###
@@ -3053,32 +3077,6 @@ END
 	$errormessage = $Lang::tr{'invalid key'};
    }

-###
-### Remove connection
-###
-} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
-    &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
-    &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-
-    if ($confighash{$cgiparams{'KEY'}}) {
-#	if ($vpnsettings{'ENABLED'} eq 'on' ||
-#	    $vpnsettings{'ENABLED_BLUE'} eq 'on') {
-#	    system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
-#	}
-	unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
-	unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
-	delete $confighash{$cgiparams{'KEY'}};
-	&General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-	#&writeserverconf();
-    } else {
-	$errormessage = $Lang::tr{'invalid key'};
-    }
-#test33
-
-###
-### Choose between adding a host-net or net-net connection
-###
-
 ###
 # m.a.d net2net
 ###
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -2574,6 +2574,8 @@
 'vpn red name' => 'Öffentliche IP oder FQDN für das rote Interface oder <%defaultroute>',
 'vpn remote id' => 'Remote ID',
 'vpn subjectaltname' => 'Subjekt Alternativer Name',
+'vpn statistic rw' => 'OpenVPN-Roadwarrior-Statistik',
+'vpn statistic n2n' => 'OpenVPN-Netz-zu-Netz-Statistik',
 'vpn vhost' => 'Roadwarrior virtuelle IP (manchmal auch Inner-IP genannt)',
 'vpn watch' => 'Netz-zu-Netz VPN neu starten, wenn sich Remote-IP ändert (DynDNS).',
 'waiting to synchronize clock' => 'Bitte warten, die Uhr wird synchronisiert',
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -2615,6 +2615,8 @@
 'vpn payload compression' => 'Negotiate payload compression',
 'vpn red name' => 'Public IP or FQDN for RED interface or <%defaultroute>',
 'vpn remote id' => 'Remote ID',
+'vpn statistic rw' => 'OpenVPN Roadwarrior Statistics',
+'vpn statistic n2n' => 'OpenVPN Net-to-Net Statistics',
 'vpn subjectaltname' => 'Subject Alt Name',
 'vpn vhost' => 'Roadwarrior virtual IP (sometimes called Inner-IP)',
 'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes (dyndns).',
--- a/lfs/collectd
+++ b/lfs/collectd
@@ -112,6 +112,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		--with-librrd=/usr/share/rrdtool-1.2.30
 	cd $(DIR_APP) && make install
 	cp -vf $(DIR_SRC)/config/collectd/collectd.* /etc/
+	mv /etc/collectd.vpn /var/ipfire/ovpn/collectd.vpn
+	chown nobody.nobody /var/ipfire/ovpn/collectd.vpn
+	ln -f -s ../var/ipfire/ovpn/collectd.vpn /etc/collectd.vpn
 	ln -f -s ../init.d/collectd /etc/rc.d/rc0.d/K50collectd 
 	ln -f -s ../init.d/collectd /etc/rc.d/rc3.d/S29collectd
 	ln -f -s ../init.d/collectd /etc/rc.d/rc6.d/K50collectd 
--- a/lfs/stage2
+++ b/lfs/stage2
@@ -101,7 +101,8 @@ $(TARGET) :

 	# Move script to correct place.
 	mv -vf /usr/local/bin/ovpn-ccd-convert /usr/sbin/
-
+	mv -vf /usr/local/bin/ovpn-collectd-convert /usr/sbin/
+	
 	# Install firewall scripts.
 	mkdir -pv /usr/lib/firewall
 	install -m 755 $(DIR_SRC)/config/firewall/rules.pl \
--- a/src/initscripts/sysconfig/createfiles
+++ b/src/initscripts/sysconfig/createfiles
@@ -25,4 +25,7 @@
 # 		<major> and <minor> are the major and minor numbers used for the device.
 ########################################################################

+/var/run/ovpnserver.log	file	644	nobody	nobody
+/var/run/openvpn	dir	644	nobody	nobody
+
 # End /etc/sysconfig/createfiles
--- a/src/misc-progs/Makefile
+++ b/src/misc-progs/Makefile
@@ -25,7 +25,7 @@ LIBS    = -lsmooth -lnewt
 PROGS = iowrap
 SUID_PROGS = squidctrl sshctrl ipfirereboot \
 	ipsecctrl timectrl dhcpctrl snortctrl \
-	applejuicectrl rebuildhosts backupctrl \
+	applejuicectrl rebuildhosts backupctrl collectdctrl \
 	logwatch openvpnctrl firewallctrl \
 	wirelessctrl getipstat qosctrl launch-ether-wake \
 	redctrl syslogdctrl extrahdctrl sambactrl upnpctrl tripwirectrl \
--- a/src/misc-progs/collectdctrl.c
+++ b/src/misc-progs/collectdctrl.c
@@ -0,0 +1,39 @@
+/* This file is part of the IPFire Firewall.
+ *
+ * This program is distributed under the terms of the GNU General Public
+ * Licence.  See the file COPYING for details.
+ *
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include "setuid.h"
+
+int main(int argc, char *argv[]) {
+	if (!(initsetuid()))
+		exit(1);
+
+	if (argc < 2) {
+		fprintf(stderr, "\nNo argument given.\n\ncollectdctrl (start|stop|restart)\n\n");
+		exit(1);
+	}
+
+	if (strcmp(argv[1], "restart") == 0) {
+		safe_system("/etc/rc.d/init.d/collectd restart");
+
+	} else if (strcmp(argv[1], "stop") == 0) {
+		safe_system("/etc/rc.d/init.d/collectd stop");
+
+	} else if (strcmp(argv[1], "start") == 0) {
+		safe_system("/etc/rc.d/init.d/collectd start");
+
+	} else {
+		fprintf(stderr, "\nBad argument given.\n\ncollectdctrl (start|stop|restart)\n\n");
+		exit(1);
+	}
+
+	return 0;
+}
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -1,3 +1,4 @@
+#define _XOPEN_SOURCE 500
 #include <signal.h>
 #include <stdio.h>
 #include <string.h>
@@ -7,6 +8,7 @@
 #include <arpa/inet.h>
 #include <netinet/in.h>
 #include <fcntl.h>
+#include <ftw.h>
 #include "setuid.h"
 #include "netutil.h"
 #include "libsmooth.h"
@@ -44,6 +46,18 @@ struct connection_struct {

 typedef struct connection_struct connection;

+static int recursive_remove_callback(const char* fpath, const struct stat* sb, int typeflag, struct FTW* ftwbuf) {
+	int rv = remove(fpath);
+	if (rv)
+		perror(fpath);
+
+	return rv;
+}
+
+static int recursive_remove(const char* path) {
+	return nftw(path, recursive_remove_callback, 64, FTW_DEPTH | FTW_PHYS);
+}
+
 void exithandler(void)
 {
 	if(kv)
@@ -537,6 +551,7 @@ int startNet2Net(char *name) {
 int killNet2Net(char *name) {
 	connection *conn = NULL;
 	connection *conn_iter;
+	int rc = 0;

 	conn_iter = getConnections();

@@ -569,26 +584,40 @@ int killNet2Net(char *name) {
 	snprintf(command, STRING_SIZE - 1, "/bin/rm -f %s", pidfile);
 	executeCommand(command);

+	char runfile[STRING_SIZE];
+	snprintf(runfile, STRING_SIZE - 1, "/var/run/openvpn/%s-n2n", conn->name);
+	rc = recursive_remove(runfile);
+	if (rc)
+		perror(runfile);
+
 	return 0;
 }

 int deleterrd(char *name) {
-	connection *conn = getConnections();
-
-	char rrd_file[STRING_SIZE];
-	snprintf(rrd_file, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s/if_octets.rrd", name);
-
 	char rrd_dir[STRING_SIZE];
-	snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s", name);

+	connection *conn = getConnections();
 	while(conn) {
-		/* Find only RW-Connections with the given name. */
-		if (((strcmp(conn->type, "host") == 0) && (strcmp(conn->name, name) == 0))) {
-			remove(rrd_file);
-			remove(rrd_dir);
-			return 0;
+		if (strcmp(conn->name, name) != 0) {
+			conn = conn->next;
+			continue;
 		}
-		conn = conn->next;
+
+		// Handle RW connections
+		if (strcmp(conn->type, "host") == 0) {
+			snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s/", name);
+
+		// Handle N2N connections
+		} else if (strcmp(conn->type, "net") == 0) {
+			snprintf(rrd_dir, STRING_SIZE - 1, "/var/log/rrd/collectd/localhost/openvpn-%s-n2n/", name);
+
+		// Unhandled connection type
+		} else {
+			conn = conn->next;
+			continue;
+		}
+
+		return recursive_remove(rrd_dir);
 	}

 	return 1;
--- a/src/patches/collectd/0022-openvpn-Change-data-type-from-COUNTER-to-DERIVE.patch
+++ b/src/patches/collectd/0022-openvpn-Change-data-type-from-COUNTER-to-DERIVE.patch
@@ -61,7 +61,7 @@ index 2db3677..d446e99 100644
 		sstrncpy (vl.plugin_instance, pinst,
 				sizeof (vl.plugin_instance));
 -	sstrncpy (vl.type, "compression", sizeof (vl.type));
-+	sstrncpy (vl.type, "compression_dervice", sizeof (vl.type));
+	sstrncpy (vl.type, "compression_derive", sizeof (vl.type));
 	if (tinst != NULL)
 		sstrncpy (vl.type_instance, tinst, sizeof (vl.type_instance));
 
--- a/src/scripts/ovpn-collectd-convert
+++ b/src/scripts/ovpn-collectd-convert
@@ -0,0 +1,26 @@
+#!/usr/bin/perl
+# Converter script for adding existing OpenVPN N2N connections to collectd
+# Used for core update 89
+
+my %ovpnconfig=();
+
+require '/var/ipfire/general-functions.pl';
+
+open(COLLECTDVPN, ">${General::swroot}/ovpn/collectd.vpn") or die "Unable to open collectd.vpn: $!";
+print COLLECTDVPN "Loadplugin openvpn\n";
+print COLLECTDVPN "\n";
+print COLLECTDVPN "<Plugin openvpn>\n";
+print COLLECTDVPN "Statusfile \"/var/run/ovpnserver.log\"\n";
+
+&General::readhasharray("/var/ipfire/ovpn/ovpnconfig", \%ovpnconfig);
+foreach my $key (keys %ovpnconfig) {
+	if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] eq 'net') {
+		print COLLECTDVPN "Statusfile \"/var/run/openvpn/$ovpnconfig{$key}[1]-n2n\"\n";
+	}
+}
+
+print COLLECTDVPN "</Plugin>\n";
+close(COLLECTDVPN);
+
+# Reload collectd afterwards
+system("/usr/local/bin/collectdctrl restart &>/dev/null");