From 6925b8ef5815cab2d1ea290c8413fd42d0c55b7b Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Sat, 14 May 2011 19:24:47 +0200
Subject: [PATCH 01/18] openvpn: Add control options to openvpnctrl binary for
 n2n.

---
 src/misc-progs/openvpnctrl.c | 117 ++++++++++++++++++++++++++++++++++-
 1 file changed, 114 insertions(+), 3 deletions(-)

diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index 93aff3e05..e6a8d3f1a 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -24,7 +24,16 @@ char enableorange[STRING_SIZE] = "off";
 char OVPNRED[STRING_SIZE] = "OVPN";
 char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_";
 char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_";
-char WRAPPERVERSION[STRING_SIZE] = "2.0.1.6";
+char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.1.0";
+
+struct connection_struct {
+	char name[STRING_SIZE];
+	char proto[STRING_SIZE];
+	int port;
+	struct connection_struct *next;
+};
+
+typedef struct connection_struct connection;
 
 void exithandler(void)
 {
@@ -62,6 +71,56 @@ void usage(void)
 	exit(1);
 }
 
+connection *getConnections() {
+	FILE *fp = NULL;
+
+	if (!(fp = fopen(CONFIG_ROOT "/ovpn/ovpnconfig", "r"))) {
+		fprintf(stderr, "Could not open openvpn n2n configuration file.\n");
+		exit(1);
+	}
+
+	char line[STRING_SIZE] = "";
+	char *result;
+	int count;
+	connection *conn_first = NULL;
+	connection *conn_last = NULL;
+	connection *conn_curr;
+
+	while ((fgets(line, STRING_SIZE, fp) != NULL)) {
+		if (line[strlen(line) - 1] == '\n')
+			line[strlen(line) - 1] = '\0';
+
+		conn_curr = (connection *)malloc(sizeof(connection));
+		memset(conn_curr, 0, sizeof(connection));
+
+		if (conn_first == NULL) {
+			conn_first = conn_curr;
+		} else {
+			conn_last->next = conn_curr;
+		}
+		conn_last = conn_curr;
+
+		count = 0;
+		result = strtok(line, ",");
+		while (result) {
+			if (count == 2) {
+				strcpy(conn_curr->name, result);
+			} else if (count == 12) {
+				strcpy(conn_curr->proto, result);
+			} else if (count == 13) {
+				conn_curr->port = atoi(result);
+			}
+
+			result = strtok(NULL, ",");
+			count++;
+		}
+	}
+
+	fclose(fp);
+
+	return conn_first;
+}
+
 void ovpnInit(void) {
 	
 	// Read OpenVPN configuration
@@ -280,6 +339,9 @@ void setFirewallRules(void) {
 	}
 	freekeyvalues(kv);
 
+	// read connection configuration
+	connection *conn = getConnections();
+
 	// set firewall rules
 	if (!strcmp(enablered, "on") && strlen(redif))
 		setChainRules(OVPNRED, redif, protocol, dport);
@@ -287,6 +349,14 @@ void setFirewallRules(void) {
 		setChainRules(OVPNBLUE, blueif, protocol, dport);
 	if (!strcmp(enableorange, "on") && strlen(orangeif))
 		setChainRules(OVPNORANGE, orangeif, protocol, dport);
+
+	// set firewall rules for n2n connections
+	char port[STRING_SIZE];
+	while (conn) {
+		sprintf(port, "%d", conn->port);
+		setChainRules(OVPNRED, redif, &conn->proto, &port);
+		conn = conn->next;
+	}
 }
 
 void stopDaemon(void) {
@@ -314,6 +384,34 @@ void startDaemon(void) {
 	}
 }
 
+void startNet2Net(char *name) {
+	connection *conn = NULL;
+	connection *conn_iter;
+
+	conn_iter = getConnections();
+
+	while (conn_iter) {
+		if (strcmp(conn_iter->name, name) == 0) {
+			conn = conn_iter;
+			break;
+		}
+		conn_iter = conn_iter->next;
+	}
+
+	if (conn == NULL) {
+		fprintf(stderr, "Connection not found.\n");
+		exit(1);
+	}
+
+	char command[STRING_SIZE];
+	sprintf(command, "/usr/sbin/openvpn --config " CONFIG_ROOT "/ovpn/n2nconf/%s/%s.conf", conn->name, conn->name);
+	executeCommand(command);
+}
+
+void killNet2Net(char *conn) {
+	printf("TO BE DONE %s\n", conn);
+}
+
 void displayopenvpn(void) {
 	char command[STRING_SIZE];
 
@@ -326,8 +424,21 @@ int main(int argc, char *argv[]) {
 	    exit(1);
 	if(argc < 2)
 	    usage();
-	
-	if(argc == 2) {
+
+	if(argc == 3) {
+		if( (strcmp(argv[1], "-sn2n") == 0) || (strcmp(argv[1], "--start-net-2-net") == 0) ) {
+			startNet2Net(argv[2]);
+			return 0;
+		}
+		else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) {
+			killNet2Net(argv[2]);
+			return 0;
+		} else {
+			usage();
+			return 1;
+		}
+	}
+	else if(argc == 2) {
 		if( (strcmp(argv[1], "-k") == 0) || (strcmp(argv[1], "--kill") == 0) ) {
 			stopDaemon();
 			return 0;

From 86ec950263487aeebbb73c77f3840738904f419f Mon Sep 17 00:00:00 2001
From: Arne Fitzenreiter <arne_f@ipfire.org>
Date: Thu, 26 May 2011 07:30:58 +0200
Subject: [PATCH 02/18] openvpn: build down-root plugin.

---
 config/rootfiles/common/openvpn | 1 +
 lfs/openvpn                     | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/config/rootfiles/common/openvpn b/config/rootfiles/common/openvpn
index 23742b3d8..1ecaff83b 100644
--- a/config/rootfiles/common/openvpn
+++ b/config/rootfiles/common/openvpn
@@ -1,4 +1,5 @@
 lib/openvpn-auth-pam.so
+lib/openvpn-down-root.so
 usr/sbin/openvpn
 #usr/share/doc/openvpn
 #usr/share/man/man8/openvpn.8
diff --git a/lfs/openvpn b/lfs/openvpn
index 792de60da..925c2ad96 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+# Copyright (C) 2007-2011  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -77,6 +77,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	cd $(DIR_APP) && cp -Rvf $(DIR_SRC)/config/ovpn /var/ipfire
 	cd $(DIR_APP)/plugin/auth-pam && make
 	cp -pvf $(DIR_APP)/plugin/auth-pam/openvpn-auth-pam.so /lib/
+	cd $(DIR_APP)/plugin/down-root && make
+	cp -pvf $(DIR_APP)/plugin/down-root/openvpn-down-root.so /lib/
 	-mkdir -vp /var/ipfire/ovpn/ca
 	-mkdir -vp /var/ipfire/ovpn/crls
 	touch /var/ipfire/ovpn/ovpn-leases.db

From 0708113765903d21a5479e5462c6383e0812caf3 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 25 Jun 2011 10:59:47 +0200
Subject: [PATCH 03/18] openvpnctrl: Update firewall rules when starting a n2n
 connection.

This makes sure, that all rules (esp. for new connections) are up
and running.
---
 src/misc-progs/openvpnctrl.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index e6a8d3f1a..5167d0541 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -24,7 +24,7 @@ char enableorange[STRING_SIZE] = "off";
 char OVPNRED[STRING_SIZE] = "OVPN";
 char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_";
 char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_";
-char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.1.0";
+char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.1.1";
 
 struct connection_struct {
 	char name[STRING_SIZE];
@@ -46,9 +46,9 @@ void exithandler(void)
 void usage(void)
 {
 #ifdef ovpndebug
-	printf("Wrapper for OpenVPN v%s-debug\n", WRAPPERVERSION);
+	printf("Wrapper for OpenVPN %s-debug\n", WRAPPERVERSION);
 #else
-	printf("Wrapper for OpenVPN v%s\n", WRAPPERVERSION);
+	printf("Wrapper for OpenVPN %s\n", WRAPPERVERSION);
 #endif
 	printf("openvpnctrl <option>\n");
 	printf(" Valid options are:\n");
@@ -198,7 +198,7 @@ void executeCommand(char *command) {
 void setChainRules(char *chain, char *interface, char *protocol, char *port)
 {
 	char str[STRING_SIZE];
-	
+
 	sprintf(str, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %s -j ACCEPT", chain, interface, protocol, port);
 	executeCommand(str);
 	sprintf(str, "/sbin/iptables -A %sINPUT -i tun+ -j ACCEPT", chain);
@@ -342,6 +342,11 @@ void setFirewallRules(void) {
 	// read connection configuration
 	connection *conn = getConnections();
 
+	// Flush all chains.
+	flushChain(OVPNRED);
+	flushChain(OVPNBLUE);
+	flushChain(OVPNORANGE);
+
 	// set firewall rules
 	if (!strcmp(enablered, "on") && strlen(redif))
 		setChainRules(OVPNRED, redif, protocol, dport);
@@ -351,10 +356,10 @@ void setFirewallRules(void) {
 		setChainRules(OVPNORANGE, orangeif, protocol, dport);
 
 	// set firewall rules for n2n connections
-	char port[STRING_SIZE];
+	char *port;
 	while (conn) {
 		sprintf(port, "%d", conn->port);
-		setChainRules(OVPNRED, redif, &conn->proto, &port);
+		setChainRules(OVPNRED, redif, conn->proto, port);
 		conn = conn->next;
 	}
 }
@@ -403,6 +408,9 @@ void startNet2Net(char *name) {
 		exit(1);
 	}
 
+	// Make sure all firewall rules are up to date.
+	setFirewallRules();
+
 	char command[STRING_SIZE];
 	sprintf(command, "/usr/sbin/openvpn --config " CONFIG_ROOT "/ovpn/n2nconf/%s/%s.conf", conn->name, conn->name);
 	executeCommand(command);

From 39877197d6f99832c9732edcf72a11fbddf43a30 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 25 Jun 2011 11:47:42 +0200
Subject: [PATCH 04/18] openvpnctrl: Implement support to kill connections.

---
 src/misc-progs/openvpnctrl.c | 56 +++++++++++++++++++++++++++++++++---
 1 file changed, 52 insertions(+), 4 deletions(-)

diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index 5167d0541..847a3e2a6 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -1,3 +1,4 @@
+#include <signal.h>
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
@@ -24,7 +25,7 @@ char enableorange[STRING_SIZE] = "off";
 char OVPNRED[STRING_SIZE] = "OVPN";
 char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_";
 char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_";
-char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.1.1";
+char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.1.2";
 
 struct connection_struct {
 	char name[STRING_SIZE];
@@ -408,16 +409,63 @@ void startNet2Net(char *name) {
 		exit(1);
 	}
 
+	char configfile[STRING_SIZE];
+	snprintf(configfile, STRING_SIZE - 1, CONFIG_ROOT "/ovpn/n2nconf/%s/%s.conf",
+		conn->name, conn->name);
+
+	FILE *fp = fopen(configfile, "r");
+	if (fp == NULL) {
+		fprintf(stderr, "Could not find configuration file for connection '%s' at '%s'.\n",
+			conn->name, configfile);
+		exit(2);
+	}
+	fclose(fp);
+
 	// Make sure all firewall rules are up to date.
 	setFirewallRules();
 
 	char command[STRING_SIZE];
-	sprintf(command, "/usr/sbin/openvpn --config " CONFIG_ROOT "/ovpn/n2nconf/%s/%s.conf", conn->name, conn->name);
+	sprintf(command, "/usr/sbin/openvpn --config %s", configfile);
 	executeCommand(command);
 }
 
-void killNet2Net(char *conn) {
-	printf("TO BE DONE %s\n", conn);
+void killNet2Net(char *name) {
+	connection *conn = NULL;
+	connection *conn_iter;
+
+	conn_iter = getConnections();
+
+	while (conn_iter) {
+		if (strcmp(conn_iter->name, name) == 0) {
+			conn = conn_iter;
+			break;
+		}
+		conn_iter = conn_iter->next;
+	}
+
+	if (conn == NULL) {
+		fprintf(stderr, "Connection not found.\n");
+		exit(1);
+	}
+
+	char pidfile[STRING_SIZE];
+	snprintf(&pidfile, STRING_SIZE - 1, "/var/run/%sn2n.pid", conn->name);
+
+	FILE *fp = fopen(pidfile, "r");
+	if (fp == NULL) {
+		fprintf(stderr, "Could not determine PID for connection '%s'.\n", conn->name);
+		fprintf(stderr, "PID file not found: '%s'\n", pidfile);
+		exit(1);
+	}
+
+	int pid;
+	fscanf(fp, "%d", &pid);
+	fclose(fp);
+
+	fprintf(stderr, "Killing PID %d.\n", pid);
+	kill(pid, SIGTERM);
+
+	exit(0);
 }
 
 void displayopenvpn(void) {

From 2bcff894ac444f5b8d5d6ab7d8c243974526d332 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 25 Jun 2011 17:57:57 +0200
Subject: [PATCH 05/18] openvpnctrl: Support killing only the roadwarrior
 server.

---
 src/misc-progs/openvpnctrl.c | 36 ++++++++++++++++++++++++------------
 1 file changed, 24 insertions(+), 12 deletions(-)

diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index 847a3e2a6..68bbe2fff 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -368,12 +368,16 @@ void setFirewallRules(void) {
 void stopDaemon(void) {
 	char command[STRING_SIZE];
 
-	snprintf(command, STRING_SIZE - 1, "/bin/killall openvpn");
-	executeCommand(command);
+	int pid = readPidFile("/var/run/openvpn.pid");
+	if (pid == NULL) {
+		exit(1);
+	}
+
+	fprintf(stderr, "Killing PID %d.\n", pid);
+	kill(pid, SIGTERM);
+
 	snprintf(command, STRING_SIZE - 1, "/bin/rm -f /var/run/openvpn.pid");
 	executeCommand(command);
-	snprintf(command, STRING_SIZE-1, "/sbin/modprobe -r tun");
-	executeCommand(command);
 }
 
 void startDaemon(void) {
@@ -429,6 +433,20 @@ void startNet2Net(char *name) {
 	executeCommand(command);
 }
 
+int readPidFile(const char *pidfile) {
+	FILE *fp = fopen(pidfile, "r");
+	if (fp == NULL) {
+		fprintf(stderr, "PID file not found: '%s'\n", pidfile);
+		exit(1);
+	}
+
+	int pid = NULL;
+	fscanf(fp, "%d", &pid);
+	fclose(fp);
+
+	return pid;
+}
+
 void killNet2Net(char *name) {
 	connection *conn = NULL;
 	connection *conn_iter;
@@ -451,17 +469,11 @@ void killNet2Net(char *name) {
 	char pidfile[STRING_SIZE];
 	snprintf(&pidfile, STRING_SIZE - 1, "/var/run/%sn2n.pid", conn->name);
 
-	FILE *fp = fopen(pidfile, "r");
-	if (fp == NULL) {
-		fprintf(stderr, "Could not determine PID for connection '%s'.\n", conn->name);
-		fprintf(stderr, "PID file not found: '%s'\n", pidfile);
+	int pid = readPidFile(pidfile);
+	if (pid == NULL) {
 		exit(1);
 	}
 
-	int pid;
-	fscanf(fp, "%d", &pid);
-	fclose(fp);
-
 	fprintf(stderr, "Killing PID %d.\n", pid);
 	kill(pid, SIGTERM);
 

From 858d8d9092dae3839e9129448d8a51937aebc909 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 29 Jun 2011 19:51:24 +0200
Subject: [PATCH 06/18] openvpnctrl: Create firewall rules properly if
 roadwarrior server is disabled.

---
 src/misc-progs/openvpnctrl.c | 63 +++++++++++++++---------------------
 1 file changed, 26 insertions(+), 37 deletions(-)

diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index 68bbe2fff..73cfb1df9 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -268,39 +268,34 @@ void createChain(char *chain) {
 }
 
 void createAllChains(void) {
-	if (!((strcmp(enablered, "on")==0) || (strcmp(enableblue, "on")==0) || (strcmp(enableorange, "on")==0))){
-		fprintf(stderr, "OpenVPN is not enabled on any interface\n");
-		exit(1);
-	} else {
-		// create chain and chain references
-		if (!strcmp(enableorange, "on")) {
-			if (strlen(orangeif)) {
-				createChain(OVPNORANGE);
-				createChainReference(OVPNORANGE);
-			} else {
-				fprintf(stderr, "OpenVPN enabled on orange but no orange interface found\n");
-				//exit(1);
-			}
+	// create chain and chain references
+	if (!strcmp(enableorange, "on")) {
+		if (strlen(orangeif)) {
+			createChain(OVPNORANGE);
+			createChainReference(OVPNORANGE);
+		} else {
+			fprintf(stderr, "OpenVPN enabled on orange but no orange interface found\n");
+			//exit(1);
 		}
-	
-		if (!strcmp(enableblue, "on")) {
-			if (strlen(blueif)) {
-				createChain(OVPNBLUE);
-				createChainReference(OVPNBLUE);
-			} else {
-				fprintf(stderr, "OpenVPN enabled on blue but no blue interface found\n");
-				//exit(1);
-			}
+	}
+
+	if (!strcmp(enableblue, "on")) {
+		if (strlen(blueif)) {
+			createChain(OVPNBLUE);
+			createChainReference(OVPNBLUE);
+		} else {
+			fprintf(stderr, "OpenVPN enabled on blue but no blue interface found\n");
+			//exit(1);
 		}
-	
-		if (!strcmp(enablered, "on")) {
-			if (strlen(redif)) {
-				createChain(OVPNRED);
-				createChainReference(OVPNRED);
-			} else {
-				fprintf(stderr, "OpenVPN enabled on red but no red interface found\n");
-				//exit(1);
-			}
+	}
+
+	if (!strcmp(enablered, "on")) {
+		if (strlen(redif)) {
+			createChain(OVPNRED);
+			createChainReference(OVPNRED);
+		} else {
+			fprintf(stderr, "OpenVPN enabled on red but no red interface found\n");
+			//exit(1);
 		}
 	}
 }
@@ -310,12 +305,6 @@ void setFirewallRules(void) {
 	char dport[STRING_SIZE] = "";
 	char dovpnip[STRING_SIZE] = "";
 
-	/* check if it makes sence to proceed further */
-	if (!((strcmp(enablered, "on")==0) || (strcmp(enableblue, "on")==0) || (strcmp(enableorange, "on")==0))){
-		fprintf(stderr, "Config error, at least one device must be enabled\n");
-		exit(1);
-	}
-
 	kv = initkeyvalues();
 	if (!readkeyvalues(kv, CONFIG_ROOT "/ovpn/settings"))
 	{

From 80ca8bd0f52b61accecc4d66296ec7d7648ee990 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 29 Jun 2011 19:58:01 +0200
Subject: [PATCH 07/18] openvpnctrl: Fix some compiler warnings.

(Hopefully) no functional changes.
---
 src/misc-progs/openvpnctrl.c | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index 73cfb1df9..1a40c9a61 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -122,6 +122,20 @@ connection *getConnections() {
 	return conn_first;
 }
 
+int readPidFile(const char *pidfile) {
+	FILE *fp = fopen(pidfile, "r");
+	if (fp == NULL) {
+		fprintf(stderr, "PID file not found: '%s'\n", pidfile);
+		exit(1);
+	}
+
+	int pid = 0;
+	fscanf(fp, "%d", &pid);
+	fclose(fp);
+
+	return pid;
+}
+
 void ovpnInit(void) {
 	
 	// Read OpenVPN configuration
@@ -358,7 +372,7 @@ void stopDaemon(void) {
 	char command[STRING_SIZE];
 
 	int pid = readPidFile("/var/run/openvpn.pid");
-	if (pid == NULL) {
+	if (!pid > 0) {
 		exit(1);
 	}
 
@@ -422,20 +436,6 @@ void startNet2Net(char *name) {
 	executeCommand(command);
 }
 
-int readPidFile(const char *pidfile) {
-	FILE *fp = fopen(pidfile, "r");
-	if (fp == NULL) {
-		fprintf(stderr, "PID file not found: '%s'\n", pidfile);
-		exit(1);
-	}
-
-	int pid = NULL;
-	fscanf(fp, "%d", &pid);
-	fclose(fp);
-
-	return pid;
-}
-
 void killNet2Net(char *name) {
 	connection *conn = NULL;
 	connection *conn_iter;
@@ -456,10 +456,10 @@ void killNet2Net(char *name) {
 	}
 
 	char pidfile[STRING_SIZE];
-	snprintf(&pidfile, STRING_SIZE - 1, "/var/run/%sn2n.pid", conn->name);
+	snprintf(pidfile, STRING_SIZE - 1, "/var/run/%sn2n.pid", conn->name);
 
 	int pid = readPidFile(pidfile);
-	if (pid == NULL) {
+	if (!pid > 0) {
 		exit(1);
 	}
 

From d4c8b6bec26d2b45112e129f99921558058c4b18 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 29 Jun 2011 20:02:31 +0200
Subject: [PATCH 08/18] openvpnctrl: Remove PID file after an openvpn process
 was killed.

---
 src/misc-progs/openvpnctrl.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index 1a40c9a61..ddda6125d 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -466,6 +466,10 @@ void killNet2Net(char *name) {
 	fprintf(stderr, "Killing PID %d.\n", pid);
 	kill(pid, SIGTERM);
 
+	char command[STRING_SIZE];
+	snprintf(command, STRING_SIZE - 1, "/bin/rm -f %s", pidfile);
+	executeCommand(command);
+
 	exit(0);
 }
 

From 7d653d51f8ed7aa6198aa724d6e68750642b588f Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 1 Jul 2011 19:40:44 +0200
Subject: [PATCH 09/18] openvpnctrl: Fix for while loop that had no break.

---
 src/misc-progs/openvpnctrl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index ddda6125d..6191fde45 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -361,7 +361,7 @@ void setFirewallRules(void) {
 
 	// set firewall rules for n2n connections
 	char *port;
-	while (conn) {
+	while (conn != NULL) {
 		sprintf(port, "%d", conn->port);
 		setChainRules(OVPNRED, redif, conn->proto, port);
 		conn = conn->next;

From 1129c37a95009f8f4ee3222a09c12c3f9d374d9d Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 5 Jul 2011 12:45:51 +0200
Subject: [PATCH 10/18] openvpnctrl: Fix SEGV in sprintf() call.

---
 src/misc-progs/openvpnctrl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index 6191fde45..00b35e1ab 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -360,7 +360,7 @@ void setFirewallRules(void) {
 		setChainRules(OVPNORANGE, orangeif, protocol, dport);
 
 	// set firewall rules for n2n connections
-	char *port;
+	char port[STRING_SIZE];
 	while (conn != NULL) {
 		sprintf(port, "%d", conn->port);
 		setChainRules(OVPNRED, redif, conn->proto, port);

From 91a0a2217ac1591584c27eb8ce056e977f2b6a80 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 8 Jul 2011 17:40:59 +0200
Subject: [PATCH 11/18] openvpnctrl: Fix initialization of the program.

Firewall rules are now set properly and a detection for the
connection type was added.
---
 src/misc-progs/openvpnctrl.c | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index 00b35e1ab..23924d4f9 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -8,7 +8,7 @@
 #include "setuid.h"
 #include "libsmooth.h"
 
-#define noovpndebug
+#define ovpndebug
 
 // global vars
 	struct keyvalue *kv = NULL;
@@ -29,6 +29,7 @@ char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.1.2";
 
 struct connection_struct {
 	char name[STRING_SIZE];
+	char type[STRING_SIZE];
 	char proto[STRING_SIZE];
 	int port;
 	struct connection_struct *next;
@@ -106,6 +107,8 @@ connection *getConnections() {
 		while (result) {
 			if (count == 2) {
 				strcpy(conn_curr->name, result);
+			} else if (count == 4) {
+				strcpy(conn_curr->type, result);
 			} else if (count == 12) {
 				strcpy(conn_curr->proto, result);
 			} else if (count == 13) {
@@ -343,9 +346,6 @@ void setFirewallRules(void) {
 	}
 	freekeyvalues(kv);
 
-	// read connection configuration
-	connection *conn = getConnections();
-
 	// Flush all chains.
 	flushChain(OVPNRED);
 	flushChain(OVPNBLUE);
@@ -359,11 +359,18 @@ void setFirewallRules(void) {
 	if (!strcmp(enableorange, "on") && strlen(orangeif))
 		setChainRules(OVPNORANGE, orangeif, protocol, dport);
 
+	// read connection configuration
+	connection *conn = getConnections();
+
 	// set firewall rules for n2n connections
-	char port[STRING_SIZE];
+	char command[STRING_SIZE];
 	while (conn != NULL) {
-		sprintf(port, "%d", conn->port);
-		setChainRules(OVPNRED, redif, conn->proto, port);
+		if (strcmp(conn->type, "net") == 0) {
+			sprintf(command, "/sbin/iptables -A %sINPUT -i %s -p %s --dport %d -j ACCEPT",
+				OVPNRED, redif, conn->proto, conn->port);
+			executeCommand(command);
+		}
+
 		conn = conn->next;
 	}
 }
@@ -404,7 +411,7 @@ void startNet2Net(char *name) {
 	conn_iter = getConnections();
 
 	while (conn_iter) {
-		if (strcmp(conn_iter->name, name) == 0) {
+		if ((strcmp(conn_iter->type, "net") == 0) && (strcmp(conn_iter->name, name) == 0)) {
 			conn = conn_iter;
 			break;
 		}
@@ -487,6 +494,8 @@ int main(int argc, char *argv[]) {
 	    usage();
 
 	if(argc == 3) {
+		ovpnInit();
+
 		if( (strcmp(argv[1], "-sn2n") == 0) || (strcmp(argv[1], "--start-net-2-net") == 0) ) {
 			startNet2Net(argv[2]);
 			return 0;

From c894a342345ca6b55edc75f0ced6ab7ffa7b7a42 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Fri, 8 Jul 2011 18:30:41 +0200
Subject: [PATCH 12/18] openvpnctrl: Disable debug mode.

---
 src/misc-progs/openvpnctrl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index 23924d4f9..9112f1f9e 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -8,7 +8,7 @@
 #include "setuid.h"
 #include "libsmooth.h"
 
-#define ovpndebug
+#define noovpndebug
 
 // global vars
 	struct keyvalue *kv = NULL;

From ce9abb6627a085706077c1a11da1569fc3c7f244 Mon Sep 17 00:00:00 2001
From: Alfred Haas <alfred.haas@ipfire.org>
Date: Mon, 18 Jul 2011 12:28:33 +0200
Subject: [PATCH 13/18] Import ovpnmain.cgi with N2N support.

This is currently in development!
---
 html/cgi-bin/ovpnmain.cgi | 872 ++++++++++++++++++++++++++++++++++----
 1 file changed, 792 insertions(+), 80 deletions(-)

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index c99e7beae..850555ca3 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -22,6 +22,7 @@
 use CGI;
 use CGI qw/:standard/;
 use Net::DNS;
+use Net::Ping;
 use File::Copy;
 use File::Temp qw/ tempfile tempdir /;
 use strict;
@@ -32,8 +33,8 @@ require "${General::swroot}/header.pl";
 require "${General::swroot}/countries.pl";
 
 # enable only the following on debugging purpose
-#use warnings;
-#use CGI::Carp 'fatalsToBrowser';
+use warnings;
+use CGI::Carp 'fatalsToBrowser';
 #workaround to suppress a warning when a variable is used only once
 my @dummy = ( ${Header::colourgreen} );
 undef (@dummy);
@@ -72,6 +73,7 @@ $cgiparams{'DHCP_WINS'} = '';
 $cgiparams{'DCOMPLZO'} = 'off';
 $cgiparams{'MSSFIX'} = '';
 
+
 &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'});
 
 # prepare openvpn config file
@@ -514,12 +516,166 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
     &writeserverconf();#hier ok
 }
 
+###
+# m.a.d Save net2net server config
+###
 
+if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'server')
+{
 
+my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
+my @ovsubnettemp =  split(/\./,$cgiparams{'OVPN_SUBNET'});
+my $ovsubnet =  "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]";
+my $tunmtu =  $cgiparams{'MTU'};
+if ($tunmtu eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
+  
+  if ( !-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") { 
+    mkdir("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770); }
+
+  open(SERVERCONF,    ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
+  
+  flock SERVERCONF, 2;
+  print SERVERCONF "# n2n Open VPN Server Config by ummeegge und m.a.d\n"; 
+  print SERVERCONF "\n"; 
+  print SERVERCONF "# User Sicherheit\n";
+  print SERVERCONF "user nobody\n";
+  print SERVERCONF "group nobody\n";
+  print SERVERCONF "persist-tun\n";
+  print SERVERCONF "persist-key\n";
+  print SERVERCONF "\n";
+  print SERVERCONF "# IP/DNS fuer das Server Gateway - g2g Mode\n"; 
+  print SERVERCONF "remote $cgiparams{'REMOTE'}\n";
+  print SERVERCONF "\n"; 
+  print SERVERCONF "# IP Adressen des VPN Tunnels\n"; 
+  print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; 
+  print SERVERCONF "\n"; 
+  print SERVERCONF "# Netzwerk auf dem Client Gateway\n"; 
+  print SERVERCONF "route @remsubnet[0] @remsubnet[1]\n";
+  print SERVERCONF "# Device fuer den Tunnel\n"; 
+  print SERVERCONF "dev tun\n"; 
+  print SERVERCONF "\n"; 
+  print SERVERCONF "#Port und Protokoll\n"; 
+  print SERVERCONF "port $cgiparams{'DEST_PORT'}\n"; 
+  print SERVERCONF "proto $cgiparams{'PROTOCOL'}\n"; 
+  print SERVERCONF "\n"; 
+  print SERVERCONF "# Paketgroessen\n"; 
+  print SERVERCONF "tun-mtu $tunmtu\n"; 
+  print SERVERCONF "fragment 1300\n"; 
+  print SERVERCONF "mssfix\n"; 
+  print SERVERCONF "\n"; 
+  print SERVERCONF "# Auth Server\n"; 
+  print SERVERCONF "tls-server\n"; 
+  print SERVERCONF "ca ${General::swroot}/ovpn/ca/cacert.pem\n"; 
+  print SERVERCONF "cert ${General::swroot}/ovpn/certs/servercert.pem\n"; 
+  print SERVERCONF "key ${General::swroot}/ovpn/certs/serverkey.pem\n"; 
+  print SERVERCONF "dh ${General::swroot}/ovpn/ca/dh1024.pem\n"; 
+  print SERVERCONF "\n"; 
+  print SERVERCONF "# Verschluesselung\n"; 
+  print SERVERCONF "cipher AES-256-CBC\n"; 
+  if ($cgiparams{'COMPLZO'} eq 'on') {
+   print SERVERCONF "# Kompression einschalten\n";
+   print SERVERCONF "comp-lzo\r\n";
+   print SERVERCONF "#\n";
+   }
+  print SERVERCONF "# Debug Level setzen\n"; 
+  print SERVERCONF "verb 3\n"; 
+  print SERVERCONF "\n"; 
+  print SERVERCONF "# Tunnel Ueberwachung\n"; 
+  print SERVERCONF "keepalive 10 60\n"; 
+  print SERVERCONF "\n"; 
+  print SERVERCONF "# Als Daemon starten mit Namen ovpnn2n\n"; 
+  print SERVERCONF "daemon $cgiparams{'NAME'}n2n\n"; 
+  print SERVERCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n"; 
+  print SERVERCONF "\n"; 
+  print SERVERCONF "# Management Interface aktivieren\n"; 
+  print SERVERCONF "#management localhost 4711\n";
+  close(SERVERCONF);
+
+}
+
+###
+# m.a.d Save net2net client config
+###
+if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' && $cgiparams{'SIDE'} eq 'client')
+{
+        my @ovsubnettemp =  split(/\./,$cgiparams{'OVPN_SUBNET'});
+        my $ovsubnet =  "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]";
+        my @remsubnet =  split(/\//,$cgiparams{'REMOTE_SUBNET'});
+        my $tunmtu =  $cgiparams{'MTU'};
+        if ($tunmtu eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
+   
+   if ( !-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") { 
+        mkdir("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770); }  
+  
+  open(CLIENTCONF,    ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
+  
+  flock CLIENTCONF, 2;
+  print CLIENTCONF "# rewritten n2n Open VPN Client Config by ummeegge und m.a.d\n";
+  print CLIENTCONF "#\n"; 
+  print CLIENTCONF "# User Sicherheit\n";
+  print CLIENTCONF "user nobody\n";
+  print CLIENTCONF "group nobody\n";
+  print CLIENTCONF "persist-tun\n";
+  print CLIENTCONF "persist-key\n";
+  print CLIENTCONF "#\n";
+  print CLIENTCONF "# IP/DNS fuer das Server Gateway - g2g Mode\n"; 
+  print CLIENTCONF "remote $cgiparams{'REMOTE'}\n";
+  print CLIENTCONF "#\n"; 
+  print CLIENTCONF "# IP Adressen des VPN Tunnels\n"; 
+  print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; 
+  print CLIENTCONF "#\n"; 
+  print CLIENTCONF "# Netzwerk auf dem Server Gateway\n"; 
+  print CLIENTCONF "route @remsubnet[0]/@remsubnet[1]\n"; 
+  print CLIENTCONF "# Device fuer den Tunnel\n"; 
+  print CLIENTCONF "dev tun\n"; 
+  print CLIENTCONF "#\n"; 
+  print CLIENTCONF "#Port und Protokoll\n"; 
+  print CLIENTCONF "port $cgiparams{'DEST_PORT'}\n"; 
+  print CLIENTCONF "proto $cgiparams{'PROTOCOL'}\n"; 
+  print CLIENTCONF "#\n"; 
+  print CLIENTCONF "# Paketgroessen\n"; 
+  print CLIENTCONF "tun-mtu $tunmtu\n"; 
+  print CLIENTCONF "fragment 1300\n"; 
+  print CLIENTCONF "mssfix\n"; 
+  print CLIENTCONF "#\n"; 
+  print CLIENTCONF "# Auth. Client\n"; 
+  print CLIENTCONF "tls-client\n"; 
+  print CLIENTCONF "#\n"; 
+  print CLIENTCONF "# Verschluesselung\n"; 
+  print CLIENTCONF "cipher AES-256-CBC\n"; 
+  print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$cgiparams{'NAME'}.p12\r\n";
+  print CLIENTCONF "#\n"; 
+  if ($cgiparams{'COMPLZO'} eq 'on') {
+   print CLIENTCONF "# Kompression einschalten\n";
+   print CLIENTCONF "comp-lzo\r\n";
+   print CLIENTCONF "#\n";
+   }
+  print CLIENTCONF "#\n"; 
+  print CLIENTCONF "# Debug Level\n"; 
+  print CLIENTCONF "verb 3\n"; 
+  print CLIENTCONF "#\n"; 
+  print CLIENTCONF "# Tunnel Ueberwachung\n"; 
+  print CLIENTCONF "keepalive 10 60\n"; 
+  print CLIENTCONF "#\n";
+  print CLIENTCONF "# Als Daemon starten\n"; 
+  print CLIENTCONF "daemon $cgiparams{'NAME'}n2n\n";
+  print CLIENTCONF "writepid /var/run/$cgiparams{'NAME'}n2n.pid\n"; 
+  print CLIENTCONF "#\n";
+  print CLIENTCONF "# Management Interface aktivieren\n"; 
+  print CLIENTCONF "# management localhost 4711\n";
+  close(CLIENTCONF);
+
+}
+  
+###
+# m.a.d Save net2net config  end
+###
 
 ###
 ### Save main settings
 ###
+
+
 if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cgiparams{'KEY'} eq '') {
     &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
     #DAN do we really need (to to check) this value? Besides if we listen on blue and orange too,
@@ -1314,36 +1470,50 @@ END
 ###
 ### Enable/Disable connection
 ###
+
+###
+# m.a.d net2net Anpassung
+###
+
 }elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
     
     &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
     &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-
+#    my $n2nactive = '';
+    my $n2nactive = `/bin/ps ax|grep $confighash{$cgiparams{'KEY'}}[1]|grep -v grep|awk \'{print \$1}\'`;
+    
     if ($confighash{$cgiparams{'KEY'}}) {
-	if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
+
+
+  	if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
 	    $confighash{$cgiparams{'KEY'}}[0] = 'on';
 	    &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-	    #&writeserverconf();
-#	    if ($vpnsettings{'ENABLED'} eq 'on' ||
-#		$vpnsettings{'ENABLED_BLUE'} eq 'on') {
-#	 	system('/usr/local/bin/ipsecctrl', 'S', $cgiparams{'KEY'});
-#	    }
-	} else {
+
+     if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
+                 system('/usr/local/bin/openvpnctrl', '-sn2n', $confighash{$cgiparams{'KEY'}}[1]);
+          }
+ 
+  } else {
+
 	    $confighash{$cgiparams{'KEY'}}[0] = 'off';
-#	    if ($vpnsettings{'ENABLED'} eq 'on' ||
-#		$vpnsettings{'ENABLED_BLUE'} eq 'on') {
-#		system('/usr/local/bin/ipsecctrl', 'D', $cgiparams{'KEY'});
-#	    }
-	    &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
-	    #&writeserverconf();
-	}
-    } else {
-	$errormessage = $Lang::tr{'invalid key'};
-    }
+      &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+
+          if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
+                    if ($n2nactive ne ''){				
+                    system('/usr/local/bin/openvpnctrl', '-kn2n', $confighash{$cgiparams{'KEY'}}[1]);
+           }
+ 
+          } else {
+   	          $errormessage = $Lang::tr{'invalid key'};
+          }
+      }
+  }
 
 ###
 ### Download OpenVPN client package
 ###
+
+
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'dl client arch'}) {
     &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
     &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
@@ -1352,9 +1522,105 @@ END
     my @fileholder;
     my $tempdir = tempdir( CLEANUP => 1 );
     my $zippath = "$tempdir/";
-    my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip";
-    my $zippathname = "$zippath$zipname";
-    $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn";
+
+###
+# m.a.d net2net DL Client Package
+###  
+
+if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
+        
+        my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-Client.zip";
+        my $zippathname = "$zippath$zipname";
+        $clientovpn = "$confighash{$cgiparams{'KEY'}}[1].conf";  
+        my @ovsubnettemp =  split(/\./,$confighash{$cgiparams{'KEY'}}[27]);
+        my $ovsubnet =  "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]";
+        my $tunmtu = ''; 
+        
+    open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
+    flock CLIENTCONF, 2;
+    
+    my $zip = Archive::Zip->new();
+   print CLIENTCONF "# n2n Open VPN Client Config by ummeegge und m.a.d\n";
+   print CLIENTCONF "# \n";
+   print CLIENTCONF "# User Sicherheit\n";
+   print CLIENTCONF "user nobody\n";
+   print CLIENTCONF "group nobody\n";
+   print CLIENTCONF "persist-tun\n";
+   print CLIENTCONF "persist-key\n";
+   print CLIENTCONF "#\n";
+   print CLIENTCONF "# IP/DNS fuer das Server Gateway - g2g Mode\n"; 
+   print CLIENTCONF "remote $netsettings{'RED_ADDRESS'}\n";
+   print CLIENTCONF "#\n"; 
+   print CLIENTCONF "# IP Adressen des VPN Tunnels\n"; 
+   print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; 
+   print CLIENTCONF "#\n"; 
+   print CLIENTCONF "# Netzwerk auf dem Server Gateway\n"; 
+   print CLIENTCONF "route $confighash{$cgiparams{'KEY'}}[8]\n";
+   print CLIENTCONF "# Device fuer den Tunnel\n"; 
+   print CLIENTCONF "dev $vpnsettings{'DDEVICE'}\n"; 
+   print CLIENTCONF "#\n"; 
+   print CLIENTCONF "#Port und Protokoll\n"; 
+   print CLIENTCONF "port $confighash{$cgiparams{'KEY'}}[29]\n"; 
+   print CLIENTCONF "proto $confighash{$cgiparams{'KEY'}}[28]\n"; 
+   print CLIENTCONF "#\n"; 
+   print CLIENTCONF "# Paketgroessen\n"; 
+   if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1500'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
+   print CLIENTCONF "tun-mtu $tunmtu\n"; 
+   print CLIENTCONF "fragment 1300\n"; 
+   print CLIENTCONF "mssfix\n"; 
+   print CLIENTCONF "#\n"; 
+   print CLIENTCONF "# Auth. Client\n"; 
+   print CLIENTCONF "tls-client\n"; 
+   print CLIENTCONF "#\n"; 
+   print CLIENTCONF "# Verschluesselung\n"; 
+   print CLIENTCONF "cipher AES-256-CBC\n"; 
+    if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") { 
+	 print CLIENTCONF "pkcs12 ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12\r\n";
+     $zip->addFile( "${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12", "$confighash{$cgiparams{'KEY'}}[1].p12") or die "Can't add file $confighash{$cgiparams{'KEY'}}[1].p12\n";
+   } 
+   print CLIENTCONF "#\n"; 
+    if ($confighash{$cgiparams{'KEY'}}[30] eq 'on') {
+   print CLIENTCONF "# Kompression einschalten\n";
+   print CLIENTCONF "comp-lzo\r\n";
+   print CLIENTCONF "#\n";
+   }
+   print CLIENTCONF "# Debug Level\n"; 
+   print CLIENTCONF "verb 3\n"; 
+   print CLIENTCONF "#\n"; 
+   print CLIENTCONF "# Tunnel Ueberwachung\n"; 
+   print CLIENTCONF "keepalive 10 60\n"; 
+   print CLIENTCONF "#\n";
+   print CLIENTCONF "# Als Daemon starten\n"; 
+   print CLIENTCONF "daemon $confighash{$cgiparams{'KEY'}}[1]n2n\n"; 
+   print CLIENTCONF "writepid /var/run/$confighash{$cgiparams{'KEY'}}[1]n2n.pid\n"; 
+   print CLIENTCONF "#\n";
+   print CLIENTCONF "# Management Interface aktivieren\n"; 
+   print CLIENTCONF "# management localhost 4711\n";
+   print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n";
+
+
+    close(CLIENTCONF);
+        
+    $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
+    my $status = $zip->writeToFileNamed($zippathname);
+
+    open(DLFILE, "<$zippathname") or die "Unable to open $zippathname: $!";
+    @fileholder = <DLFILE>;
+    print "Content-Type:application/x-download\n";
+    print "Content-Disposition:attachment;filename=$zipname\n\n";
+    print @fileholder;
+    exit (0);
+}
+else
+{
+        my $zipname = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.zip";
+        my $zippathname = "$zippath$zipname";
+        $clientovpn = "$confighash{$cgiparams{'KEY'}}[1]-TO-IPFire.ovpn";
+
+###
+# m.a.d net2net DL Client Package end
+###
+  
     open(CLIENTCONF, ">$tempdir/$clientovpn") or die "Unable to open tempfile: $!";
     flock CLIENTCONF, 2;
     
@@ -1410,6 +1676,7 @@ END
 	print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
     }
     close(CLIENTCONF);
+        
     $zip->addFile( "$tempdir/$clientovpn", $clientovpn) or die "Can't add file $clientovpn\n";
     my $status = $zip->writeToFileNamed($zippathname);
 
@@ -1419,10 +1686,15 @@ END
     print "Content-Disposition:attachment;filename=$zipname\n\n";
     print @fileholder;
     exit (0);
-
+   }
+   
+   
+   
 ###
 ### Remove connection
 ###
+
+
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'remove'}) {
     &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
     &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
@@ -1434,7 +1706,24 @@ END
 #	}
 #
 	my $temp = `/usr/bin/openssl ca -revoke ${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
-	unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
+
+###
+# m.a.d net2net Anpassung
+###
+ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
+
+	my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
+  my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+  unlink ($certfile) or die "Removing $certfile fail: $!";
+  unlink ($conffile) or die "Removing $conffile fail: $!";
+  rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
+  
+}
+###
+# m.a.d net2net Anpassung end
+###
+
+  unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1]cert.pem");
 	unlink ("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
 	delete $confighash{$cgiparams{'KEY'}};
 	my $temp2 = `/usr/bin/openssl ca -gencrl -out ${General::swroot}/ovpn/crls/cacrl.pem -config ${General::swroot}/ovpn/openssl/ovpn.cnf`;
@@ -1443,6 +1732,8 @@ END
     } else {
 	$errormessage = $Lang::tr{'invalid key'};
     }
+
+
 ###
 ### Download PKCS12 file
 ###
@@ -1799,13 +2090,14 @@ END
 ###
 ### Enable/Disable connection
 ###
+
 } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'toggle enable disable'}) {
     
     &General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
     &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 
     if ($confighash{$cgiparams{'KEY'}}) {
-	if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
+	   if ($confighash{$cgiparams{'KEY'}}[0] eq 'off') {
 	    $confighash{$cgiparams{'KEY'}}[0] = 'on';
 	    &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
 	    #&writeserverconf();
@@ -1862,6 +2154,303 @@ END
     } else {
 	$errormessage = $Lang::tr{'invalid key'};
     }
+#test33
+
+###
+### Choose between adding a host-net or net-net connection
+###
+
+###
+# m.a.d Anpassung wegen upload n2n Package
+###
+
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'add'} && $cgiparams{'TYPE'} eq '') {
+	&General::readhash("${General::swroot}/ovpn/settings", \%vpnsettings);
+	&Header::showhttpheaders();
+	&Header::openpage($Lang::tr{'vpn configuration main'}, 1, '');
+	&Header::openbigbox('100%', 'LEFT', '', '');
+	&Header::openbox('100%', 'LEFT', $Lang::tr{'connection type'});
+	print <<END
+	    <b>$Lang::tr{'connection type'}:</b><br />
+	    <table><form method='post' ENCTYPE="multipart/form-data">
+	    <tr><td><input type='radio' name='TYPE' value='host' checked /></td>
+		<td class='base'>$Lang::tr{'host to net vpn'}</td></tr>
+	    <tr><td><input type='radio' name='TYPE' value='net' /></td>
+		<td class='base'>$Lang::tr{'net to net vpn'}</td></tr>
+  		<tr><td><input type='radio' name='TYPE' value='net2net' /></td>		
+		<td class='base'>$Lang::tr{'net to net vpn'} (Upload Client Package)</td></tr>
+	  <tr><td>&nbsp;</td><td class='base'><input type='file' name='FH' size='30'></td></tr>
+	  <tr><td align='center'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' /></td></tr>
+	    </form></table>
+END
+	;
+
+	&Header::closebox();
+	&Header::closebigbox();
+	&Header::closepage();
+	exit (0);
+
+###
+# m.a.d uploading a IPFire n2n Client package
+###
+
+}  elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2net')){
+
+	my @firen2nconf;
+	my @confdetails;
+	my $uplconffilename ='';
+	my $uplp12name = '';
+	my $complzoactive ='';
+	my @rem_subnet;
+	my @rem_subnet2;
+	my @tmposupnet3;	
+	my $key;
+
+	&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);	
+
+# Check if a file is uploaded
+
+	if (ref ($cgiparams{'FH'}) ne 'Fh') {
+		$errormessage = $Lang::tr{'there was no file upload'};
+		goto N2N_ERROR;
+    }
+
+# Move uploaded IPfire n2n package to temporary file
+
+    (my $fh, my $filename) = tempfile( );
+    if (copy ($cgiparams{'FH'}, $fh) != 1) {
+		$errormessage = $!;
+		goto N2N_ERROR;
+    }
+
+	my $zip = Archive::Zip->new();
+	my $zipName = $filename;
+	my $status = $zip->read( $zipName );
+	if ($status != AZ_OK) {   
+		$errormessage = "Read of $zipName failed\n";
+		goto N2N_ERROR;
+	}
+
+	my $tempdir = tempdir( CLEANUP => 1 );
+	my @files = $zip->memberNames();
+	for(@files) {
+	$zip->extractMemberWithoutPaths($_,"$tempdir/$_");
+	}
+	my $countfiles = @files;
+
+# Check if we have not more then 2 files
+
+	if ( $countfiles == 2){
+		foreach (@files){
+			if ( $_ =~ /.conf$/){
+				$uplconffilename = $_;
+			}
+			if ( $_ =~ /.p12$/){
+				$uplp12name = $_;
+			}			
+		}
+		if (($uplconffilename eq '') || ($uplp12name eq '')){
+			$errormessage = "Either no *.conf or no *.p12 file found\n";
+			goto N2N_ERROR;
+		}
+
+		open(FILE, "$tempdir/$uplconffilename") or die 'Unable to open*.conf file';
+		@firen2nconf = <FILE>;
+		close (FILE);
+		chomp(@firen2nconf);
+
+	} else {
+
+		$errormessage = "Filecount does not match only 2 files are allowed\n";
+		goto N2N_ERROR;
+	}
+
+###	
+# m.a.d prepare imported ipfire net2net data
+###
+
+ my @n2nname = split(/\./,$uplconffilename);
+    $n2nname[0] =~ s/\n|\r//g;
+
+    if ( !-d "${General::swroot}/ovpn/n2nconf/$n2nname[0]") { 
+      mkdir("${General::swroot}/ovpn/n2nconf/$n2nname[0]", 0770); } 
+
+	move("$tempdir/$uplconffilename", "${General::swroot}/ovpn/n2nconf/$n2nname[0]/$uplconffilename");
+
+	if ($? ne 0) {
+	    $errormessage = "*.conf move failed: $!";
+	    unlink ($filename);
+	    goto N2N_ERROR;
+	}
+	
+	move("$tempdir/$uplp12name", "${General::swroot}/ovpn/certs/$uplp12name");
+	if ($? ne 0) {
+	    $errormessage = "$Lang::tr{'certificate file move failed'}: $!";
+	    unlink ($filename);
+	    goto N2N_ERROR;
+	}	
+	
+my $complzoactive;
+#my @n2nroute = split(/ /, (grep { /^route/ } @firen2nconf)[0]);
+my @n2nproto = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
+my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]);
+my @n2ntunmtu = split(/ /, (grep { /^tun-mtu/ } @firen2nconf)[0]);
+my @n2ncomplzo = grep { /^comp-lzo/ } @firen2nconf;
+if ($n2ncomplzo[0] =~ /comp-lzo/){$complzoactive = "on";} else {$complzoactive = "off";}	
+my @n2nremote = split(/ /, (grep { /^remote/ } @firen2nconf)[0]);
+my @n2novpnsuball = split(/ /, (grep { /^ifconfig/ } @firen2nconf)[0]);
+my @n2novpnsub =  split(/\./,$n2novpnsuball[1]);
+my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]);
+my @n2nlocalsub  = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]);
+
+#	$errormessage = &Ovpnfunc::ovelapplausi("$tmposupnet3[0].$tmposupnet3[1].$tmposupnet3[2].0","255.255.255.0");
+#	if ($errormessage ne ''){
+#		goto N2N_ERROR;
+#	}
+
+###
+# m.a.d delete CR and LF from arrays for this chomp doesnt work
+###
+
+#$n2nroute[1] =~ s/\n|\r//g;
+$n2nremote[1] =~ s/\n|\r//g;
+#$n2nroute[1] =~ s/\n|\r//g;
+#$n2nroute[2] =~ s/\n|\r//g;
+$n2novpnsub[0] =~ s/\n|\r//g;
+$n2novpnsub[1] =~ s/\n|\r//g;
+$n2novpnsub[2] =~ s/\n|\r//g;
+$n2nproto[1] =~ s/\n|\r//g;
+$n2nport[1] =~ s/\n|\r//g;
+$n2ntunmtu[1] =~ s/\n|\r//g;
+$n2nremsub[1] =~ s/\n|\r//g;
+$n2nlocalsub[2] =~ s/\n|\r//g;
+chomp ($complzoactive);
+
+###
+# m.a.d Write n2n config
+###
+
+###
+# Check if there is no other entry with this name
+###
+
+	foreach my $dkey (keys %confighash) {
+		if ($confighash{$dkey}[1] eq $n2nname[0]) {
+			$errormessage = $Lang::tr{'a connection with this name already exists'};
+			goto N2N_ERROR;			
+		}
+	}
+
+  $key = &General::findhasharraykey (\%confighash);
+
+	foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
+	$confighash{$key}[0] = 'off';
+	$confighash{$key}[1] = $n2nname[0];
+  $confighash{$key}[2] = $n2nname[0];	
+	$confighash{$key}[3] = 'net';
+	$confighash{$key}[4] = 'cert';	
+	$confighash{$key}[6] = 'client';		
+	$confighash{$key}[8] =  $n2nlocalsub[2];
+  $confighash{$key}[10] = $n2nremote[1];
+  $confighash{$key}[11] = $n2nremsub[1];		
+	$confighash{$key}[25] = 'IPFire n2n Client';
+	$confighash{$key}[26] = 'red';
+  $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0";
+  $confighash{$key}[28] = $n2nproto[1];
+  $confighash{$key}[29] = $n2nport[1];
+  $confighash{$key}[30] = $complzoactive;
+  $confighash{$key}[31] = $n2ntunmtu[1];
+
+
+  &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+  N2N_ERROR:
+		
+	&Header::showhttpheaders();
+	&Header::openpage('Validate imported configuration', 1, '');
+	&Header::openbigbox('100%', 'LEFT', '', $errormessage);
+	if ($errormessage) {
+	    &Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
+	    print "<class name='base'>$errormessage";
+	    print "&nbsp;</class>";
+	    &Header::closebox();		
+
+	} else 
+  {		
+		&Header::openbox('100%', 'LEFT', 'import ipfire net2net config');
+	}
+	if ($errormessage eq ''){
+		print <<END		
+		<!-- ipfire net2net config gui -->
+		<table width='100%'>
+		<tr><td width='25%'>&nbsp;</td><td width='25%'>&nbsp;</td></tr>
+    <tr><td class='boldbase'>$Lang::tr{'name'}:</td><td><b>$n2nname[0]</b></td></tr>
+    <tr><td>&nbsp;</td><td>&nbsp;</td></tr>	
+		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td><td><b>$confighash{$key}[6]</b></td></tr>								
+		<tr><td class='boldbase' nowrap='nowrap'>Remote Host </td><td><b>$confighash{$key}[10]</b></td></tr>
+		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td><td><b>$confighash{$key}[8]</b></td></tr>
+		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td><td><b>$confighash{$key}[11]</b></td></tr>
+		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td><td><b>$confighash{$key}[27]</b></td></tr>
+		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td><td><b>$confighash{$key}[28]</b></td></tr>
+		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'destination port'}:</td><td><b>$confighash{$key}[29]</b></td></tr>
+		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td><td><b>$confighash{$key}[30]</b></td></tr>
+		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
+		<tr><td>&nbsp;</td><td>&nbsp;</td></tr>	
+    </table>
+END
+;	
+		&Header::closebox();
+	}
+
+	if ($errormessage) {
+		print "<div align='center'><a href='/cgi-bin/ovpnmain.cgi'>$Lang::tr{'back'}</a></div>";
+	} else {	
+		print "<div align='center'><form method='post' ENCTYPE='multipart/form-data'><input type='submit' name='ACTION' value='$Lang::tr{'add'}' />";		
+		print "<input type='hidden' name='TYPE' value='net2netakn' />";
+		print "<input type='hidden' name='KEY' value='$key' />";			
+		print "<input type='submit' name='ACTION' value='$Lang::tr{'cancel'}' /></div></form>";
+	}	
+	&Header::closebigbox();
+	&Header::closepage();
+	exit(0);	
+
+
+##
+### Accept IPFire n2n Package Settings
+###
+
+  }  elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){
+
+###
+### Discard and Rollback IPFire n2n Package Settings
+###
+
+  }  elsif (($cgiparams{'ACTION'} eq $Lang::tr{'cancel'}) && ($cgiparams{'TYPE'} eq 'net2netakn')){
+     
+     &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+
+if ($confighash{$cgiparams{'KEY'}}) {
+
+     my $conffile = glob("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]/$confighash{$cgiparams{'KEY'}}[1].conf");
+     my $certfile = glob("${General::swroot}/ovpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12");
+     unlink ($certfile) or die "Removing $certfile fail: $!";
+     unlink ($conffile) or die "Removing $conffile fail: $!";
+     rmdir ("${General::swroot}/ovpn/n2nconf/$confighash{$cgiparams{'KEY'}}[1]") || die "Kann Verzeichnis nicht loeschen: $!";
+     delete $confighash{$cgiparams{'KEY'}};
+    &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);	
+
+     } else {
+		$errormessage = $Lang::tr{'invalid key'};
+   }	
+    
+
+###
+# m.a.d end uploading a IPFire n2n Client package
+###
+
+
+###
+### Adding a new connection
+###
 } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) ||
 	 ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) ||
 	 ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'ADVANCED'} eq '')) {
@@ -1875,10 +2464,9 @@ END
 	    $errormessage = $Lang::tr{'invalid key'};
 	    goto VPNCONF_END;
 	}
-
 	$cgiparams{'ENABLED'}	= $confighash{$cgiparams{'KEY'}}[0];
 	$cgiparams{'NAME'}	= $confighash{$cgiparams{'KEY'}}[1];
-	$cgiparams{'TYPE'}	= 'host';
+	$cgiparams{'TYPE'}	= $confighash{$cgiparams{'KEY'}}[3];
 	$cgiparams{'AUTH'} 	= $confighash{$cgiparams{'KEY'}}[4];
 	$cgiparams{'PSK'}	= $confighash{$cgiparams{'KEY'}}[5];
 	$cgiparams{'SIDE'}	= $confighash{$cgiparams{'KEY'}}[6];
@@ -1918,6 +2506,11 @@ END
 	    goto VPNCONF_ERROR;
 	}
 
+#	if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
+#	    $errormessage = $Lang::tr{'ipfire side is invalid'};
+#	    goto VPNCONF_ERROR;
+#	}
+
 	# Check if there is no other entry with this name
 	if (! $cgiparams{'KEY'}) {
 	    foreach my $key (keys %confighash) {
@@ -1928,6 +2521,11 @@ END
 	    }
 	}
 
+	if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) {
+	    $errormessage = $Lang::tr{'invalid input for remote host/ip'};
+	    goto VPNCONF_ERROR;
+	}
+
 	if ($cgiparams{'REMOTE'}) {
 	    if (! &General::validip($cgiparams{'REMOTE'})) {
 		if (! &General::validfqdn ($cgiparams{'REMOTE'}))  {
@@ -1956,6 +2554,10 @@ END
 		}
 	    }
 	}
+	if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) {
+                $errormessage = $Lang::tr{'remote subnet is invalid'};
+		goto VPNCONF_ERROR;
+	}
 
 	if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
 	    $errormessage = $Lang::tr{'invalid input'};
@@ -2079,9 +2681,6 @@ END
 		goto VPNCONF_ERROR;
 	    }
 	} elsif ($cgiparams{'AUTH'} eq 'certgen') {
-	
-	    $cgiparams{'CERT_NAME'} =~ s/ //g;
-	
 	    if ($cgiparams{'KEY'}) {
 		$errormessage = $Lang::tr{'cant change certificates'};
 		goto VPNCONF_ERROR;
@@ -2240,13 +2839,17 @@ END
 	if ((! $cgiparams{'KEY'}) && $cgiparams{'AUTH'} ne 'psk') {
 	    $confighash{$key}[2] = $cgiparams{'CERT_NAME'};
 	}
-	$confighash{$key}[3] = 'host';
+	$confighash{$key}[3] = $cgiparams{'TYPE'};
 	if ($cgiparams{'AUTH'} eq 'psk') {
 	    $confighash{$key}[4] = 'psk';
 	    $confighash{$key}[5] = $cgiparams{'PSK'};
 	} else {
 	    $confighash{$key}[4] = 'cert';
 	}
+	if ($cgiparams{'TYPE'} eq 'net') {
+	    $confighash{$key}[6] = $cgiparams{'SIDE'};
+	    $confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
+	}
 	$confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
 	$confighash{$key}[10] = $cgiparams{'REMOTE'};
 	$confighash{$key}[25] = $cgiparams{'REMARK'};
@@ -2333,7 +2936,7 @@ END
 	}
 
 	print "<form method='post' enctype='multipart/form-data'>";
-	print "<input type='hidden' name='TYPE' value='host' />";
+	print "<input type='hidden' name='TYPE' value='$cgiparams{'TYPE'}' />";
 
 	if ($cgiparams{'KEY'}) {
 	    print "<input type='hidden' name='KEY' value='$cgiparams{'KEY'}' />";
@@ -2343,6 +2946,7 @@ END
 	&Header::openbox('100%', 'LEFT', "$Lang::tr{'connection'}:");
 	print "<table width='100%'>\n";
 	print "<tr><td width='25%' class='boldbase'>$Lang::tr{'name'}:</td>";
+	if ($cgiparams{'TYPE'} eq 'host') {
 	    if ($cgiparams{'KEY'}) {
 		print "<td width='35%' class='base'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>\n";
 	    } else {
@@ -2358,12 +2962,49 @@ END
 #	    print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE</option>";
 #	    print "</select></td></tr>";
 #	    print <<END
+	} else {
+	    print "<input type='hidden' name='INTERFACE' value='red' />";
+	    if ($cgiparams{'KEY'}) {
+		print "<td width='25%' class='base' nowrap='nowrap'><input type='hidden' name='NAME' value='$cgiparams{'NAME'}' />$cgiparams{'NAME'}</td>";
+	    } else {
+		print "<td width='25%'><input type='text' name='NAME' value='$cgiparams{'NAME'}' maxlength='20' /></td>";
+	    }
+	    print <<END
+		    <td width='25%'>&nbsp;</td>
+		    <td width='25%'>&nbsp;</td></tr>
+		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'Act as'}</td>
+		    <td><select name='SIDE'><option value='server' $selected{'SIDE'}{'server'}>OpenVPN Server</option>
+					    <option value='client' $selected{'SIDE'}{'client'}>OpenVPN Client</option></select></td>
+ 		    <td class='boldbase'>$Lang::tr{'remote host/ip'}:</td>
+		    <td><input type='TEXT' name='REMOTE' value='$cgiparams{'REMOTE'}' /></td></tr>
+		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'local subnet'}</td>
+		    <td><input type='TEXT' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' /></td>
+		    <td class='boldbase' nowrap='nowrap'>$Lang::tr{'remote subnet'}</td>
+		    <td><input type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' /></td></tr>
+		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td>
+		    <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td></tr>
+		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
+		    <td><select name='PROTOCOL'><option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
+                        			<option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>
+		    <td class='boldbase'>$Lang::tr{'destination port'}:</td>
+		    <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td></tr>
+	        <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
+		    <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>
+	        <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;<img src='/blob.gif' /></td>
+		    <td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></TD>
+		    		    
+
+END
+	    ;
+	}
 	print "<tr><td class='boldbase'>$Lang::tr{'remark title'}&nbsp;<img src='/blob.gif' /></td>";
 	print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr>";
 	
-#	if ($cgiparams{'TYPE'} eq 'net') {
-	    print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>\n";
-	
+	if ($cgiparams{'TYPE'} eq 'host') {
+
+      print "<tr><td>$Lang::tr{'enabled'} <input type='checkbox' name='ENABLED' $checked{'ENABLED'}{'on'} /></td>\n";
+         }	
+
 #	    if ($cgiparams{'KEY'}) {
 #		print "<td colspan='3'>&nbsp;</td></tr></table>";
 #    	    } else {
@@ -2394,41 +3035,54 @@ END
 	    if ( ! -f "${General::swroot}/ovpn/ca/cakey.pem" ) { $cakeydisabled = "disabled='disabled'" } else { $cakeydisabled = "" };
 	    if ( ! -f "${General::swroot}/ovpn/ca/cacert.pem" ) { $cacrtdisabled = "disabled='disabled'" } else { $cacrtdisabled = "" };
 	    &Header::openbox('100%', 'LEFT', $Lang::tr{'authentication'});
-	    print <<END
+ 
+ 
+ if ($cgiparams{'TYPE'} eq 'host') {
+
+print <<END
 	    <table width='100%' cellpadding='0' cellspacing='5' border='0'>
 	    <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' border='0' /></td></tr>
-	    <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td>
-		<td class='base'>$Lang::tr{'upload a certificate request'}</td>
-		<td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr>
-	    <tr><td><input type='radio' name='AUTH' value='certfile' $checked{'AUTH'}{'certfile'} $cacrtdisabled /></td>
-		<td class='base'>$Lang::tr{'upload a certificate'}</td></tr>
+	    <tr><td><input type='radio' name='AUTH' value='certreq' $checked{'AUTH'}{'certreq'} $cakeydisabled /></td><td class='base'>$Lang::tr{'upload a certificate request'}</td><td class='base' rowspan='2'><input type='file' name='FH' size='30' $cacrtdisabled></td></tr>
+	    <tr><td><input type='radio' name='AUTH' value='certfile' $checked{'AUTH'}{'certfile'} $cacrtdisabled /></td><td class='base'>$Lang::tr{'upload a certificate'}</td></tr>
 	    <tr><td colspan='3' bgcolor='#000000'><img src='/images/null.gif' width='1' height='1' BORDER='0' /></td></tr>
-	    <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td>
-		<td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
-	    <tr><td>&nbsp;</td>
-		<td class='base'>$Lang::tr{'users fullname or system hostname'}:</td>
-		<td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
-	    <tr><td>&nbsp;</td>
-		<td class='base'>$Lang::tr{'users email'}:&nbsp;<img src='/blob.gif' /></td>
-		<td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
-	    <tr><td>&nbsp;</td>
-		<td class='base'>$Lang::tr{'users department'}:&nbsp;<img src='/blob.gif' /></td>
-		<td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
-	    <tr><td>&nbsp;</td>
-		<td class='base'>$Lang::tr{'organization name'}:&nbsp;<img src='/blob.gif' /></td>
-	        <td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
-	    <tr><td>&nbsp;</td>
-		<td class='base'>$Lang::tr{'city'}:&nbsp;<img src='/blob.gif'></td>
-		<td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
-	    <tr><td>&nbsp;</td>
-		<td class='base'>$Lang::tr{'state or province'}:&nbsp;<img src='/blob.gif' /></td>
-		<td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
-	    <tr><td>&nbsp;</td>
-		<td class='base'>$Lang::tr{'country'}:</td>
-		<td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
+	    <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
+	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users fullname or system hostname'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
+	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users email'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
+	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users department'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
+	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'organization name'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
+	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'city'}:&nbsp;<img src='/blob.gif'></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
+	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'state or province'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
+	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
 END
+;
+
+###
+# m.a.d  Disbale upload cert for n2n connections
+###
+
+} else {
+
+print <<END
+	    <table width='100%' cellpadding='0' cellspacing='5' border='0'>
+      
+	    <tr><td><input type='radio' name='AUTH' value='certgen' $checked{'AUTH'}{'certgen'} $cakeydisabled /></td><td class='base'>$Lang::tr{'generate a certificate'}</td><td>&nbsp;</td></tr>
+	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users fullname or system hostname'}:</td><td class='base' nowrap='nowrap'><input type='text' name='CERT_NAME' value='$cgiparams{'CERT_NAME'}' SIZE='32' $cakeydisabled /></td></tr>
+	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users email'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_EMAIL' value='$cgiparams{'CERT_EMAIL'}' SIZE='32' $cakeydisabled /></td></tr>
+	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'users department'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_OU' value='$cgiparams{'CERT_OU'}' SIZE='32' $cakeydisabled /></td></tr>
+	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'organization name'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_ORGANIZATION' value='$cgiparams{'CERT_ORGANIZATION'}' SIZE='32' $cakeydisabled /></td></tr>
+	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'city'}:&nbsp;<img src='/blob.gif'></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_CITY' value='$cgiparams{'CERT_CITY'}' SIZE='32' $cakeydisabled /></td></tr>
+	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'state or province'}:&nbsp;<img src='/blob.gif' /></td><td class='base' nowrap='nowrap'><input type='text' name='CERT_STATE' value='$cgiparams{'CERT_STATE'}' SIZE='32' $cakeydisabled /></td></tr>
+	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'country'}:</td><td class='base'><select name='CERT_COUNTRY' $cakeydisabled>
+
+END
+;
+
+}
+
+###
+# m.a.d  Disbale upload cert for n2n connections end
+###
 
-	    ;
 	    foreach my $country (sort keys %{Countries::countries}) {
 		print "<option value='$Countries::countries{$country}'";
 		if ( $Countries::countries{$country} eq $cgiparams{'CERT_COUNTRY'} ) {
@@ -2436,20 +3090,36 @@ END
 		}
 		print ">$country</option>";
 	    }
+###
+# m.a.d  Disbale pkcs-password for n2n connections
+###
+
+if ($cgiparams{'TYPE'} eq 'host') {
 	    print <<END
 	    </select></td></tr>
-	    <tr><td>&nbsp;</td>
-		
-		<td class='base'>$Lang::tr{'valid till'} (days):</td>
-		<td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>		
-		
-		<tr><td>&nbsp;</td>
+
+	<td class='base'>$Lang::tr{'valid till'} (days):</td>
+	<td class='base' nowrap='nowrap'><input type='text' name='DAYS_VALID' value='$cgiparams{'DAYS_VALID'}' size='32' $cakeydisabled /></td></tr>
+   <tr><td>&nbsp;</td>
 		<td class='base'>$Lang::tr{'pkcs12 file password'}:</td>
 		<td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS1' value='$cgiparams{'CERT_PASS1'}' size='32' $cakeydisabled /></td></tr>
 	    <tr><td>&nbsp;</td><td class='base'>$Lang::tr{'pkcs12 file password'}:<BR>($Lang::tr{'confirmation'})</td>
 		<td class='base' nowrap='nowrap'><input type='password' name='CERT_PASS2' value='$cgiparams{'CERT_PASS2'}' size='32' $cakeydisabled /></td></tr>
-	    </table>
+     </table>
 END
+}else{
+	    print <<END
+	    </select></td></tr>
+   <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+	 <tr><td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>
+       </table>
+ 
+END
+}
+
+###
+# m.a.d  Disbale pkcs-password for n2n connections end
+###
 	    ;
 	    &Header::closebox();
 	}
@@ -2517,9 +3187,6 @@ END
     $checked{'ENABLED_ORANGE'}{'off'} = '';
     $checked{'ENABLED_ORANGE'}{'on'} = '';
     $checked{'ENABLED_ORANGE'}{$cgiparams{'ENABLED_ORANGE'}} = 'CHECKED';
-    
-
-#new settings
     $selected{'DDEVICE'}{'tun'} = '';
     $selected{'DDEVICE'}{'tap'} = '';
     $selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = 'SELECTED';
@@ -2791,8 +3458,15 @@ END
     	print "<div align='center'><form method='post'><input type='submit' name='ACTION' value='$Lang::tr{'reset'}' /></div></form>\n";
     }	    
     if ( -f "${General::swroot}/ovpn/ca/cacert.pem" ) {
+
+###
+# m.a.d Client Status Table
+###
+
     &Header::openbox('100%', 'LEFT', $Lang::tr{'Client status and controlc' });
     print <<END
+
+
     <table width='100%' border='0' cellspacing='1' cellpadding='0'>
 <tr>
     <td width='10%' class='boldbase' align='center'><b>$Lang::tr{'name'}</b></td>
@@ -2827,13 +3501,23 @@ END
 	$cavalid    = $1;
 	print "<td align='center'>$cavalid</td>";
 	print "<td align='center'>$confighash{$key}[25]</td>";
+
 	my $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourred}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
+
 	if ($confighash{$key}[0] eq 'off') {
 	    $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
 	} else {
+
+###
+# m.a.d net2net Status
+###		    
+
+  if ($confighash{$cgiparams{'KEY'}}[3] eq 'host'){
+
 	    my $cn;
-    	    my @match = ();	
+    	my @match = ();	
 	    foreach my $line (@status) {
+
 		chomp($line);
 		if ( $line =~ /^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/) {
 		    @match = split(m/^(.+),(\d+\.\d+\.\d+\.\d+\:\d+),(\d+),(\d+),(.+)/, $line);
@@ -2842,11 +3526,36 @@ END
 		    }	    
 	    	$cn =~ s/[_]/ /g;
 		    if ($cn eq "$confighash{$key}[2]") {
-			$active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>";
+			$active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourblue}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsclosed'}</font></b></td></tr></table>";
 		    }
-		}    
-	    }
+		 }   
+    }
+     } else {
+       my @tempovpnsubnet = split("\/",$confighash{$key}[27]);
+			 my @ovpnip = split /\./,$tempovpnsubnet[0];
+			 my $pingip = "";
+			
+      		if ($confighash{$key}[6] eq 'server') {
+						$pingip = "$ovpnip[0].$ovpnip[1].$ovpnip[2].2";
+					} else {
+						$pingip = "$ovpnip[0].$ovpnip[1].$ovpnip[2].1";
+					}
+				
+         my $p = Net::Ping->new("udp",1);
+				
+         if ($p->ping($pingip)) {
+			   $active = "<table cellpadding='2' cellspacing='0' bgcolor='${Header::colourgreen}' width='100%'><tr><td align='center'><b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b></td></tr></table>";
+			   }	
+			   $p->close();	
+      
+       }	
 	}
+
+###
+# m.a.d net2net Status end
+###	
+
+
 	my $disable_clientdl = "disabled='disabled'";
 	if (( $cgiparams{'ENABLED'} eq 'on') || 
 	    ( $cgiparams{'ENABLED_BLUE'} eq 'on') ||
@@ -2958,3 +3667,6 @@ END
     &Header::closebox();
 }
 &Header::closepage();
+
+
+

From cdc2be25f1b63a906f2209ae9d7ac4bdd4b14feb Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 18 Jul 2011 17:35:24 +0200
Subject: [PATCH 14/18] openvpn: Update to 2.2.1.

---
 lfs/openvpn | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lfs/openvpn b/lfs/openvpn
index 925c2ad96..09379308e 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 2.1.2
+VER        = 2.2.1
 
 THISAPP    = openvpn-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 543a30dafcdefe1d67c0e47b80741755
+$(DL_FILE)_MD5 = 500bee5449b29906150569aaf2eb2730
 
 install : $(TARGET)
 

From 81a789d9315219cca58160ea2dbd005287ae4bd3 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 19 Jul 2011 11:42:53 +0200
Subject: [PATCH 15/18] openvpnctrl: Force 'modprobe tun' before starting the
 openvpn daemon.

---
 src/misc-progs/openvpnctrl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index 9112f1f9e..758800da1 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -439,7 +439,9 @@ void startNet2Net(char *name) {
 	setFirewallRules();
 
 	char command[STRING_SIZE];
-	sprintf(command, "/usr/sbin/openvpn --config %s", configfile);
+	snprintf(command, STRING_SIZE-1, "/sbin/modprobe tun");
+	executeCommand(command);
+	snprintf(command, STRING_SIZE-1, "/usr/sbin/openvpn --config %s", configfile);
 	executeCommand(command);
 }
 

From 531f08359c015e39fa51dd9b15ed6abedbc408e6 Mon Sep 17 00:00:00 2001
From: Alfred Haas <alfred.haas@ipfire.org>
Date: Tue, 26 Jul 2011 11:53:32 +0200
Subject: [PATCH 16/18] Import new version of ovpnmain.cgi.

This fixes the import of the client package and creates
all necessary directories on its own.
---
 html/cgi-bin/ovpnmain.cgi | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 850555ca3..2a9da019a 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -528,9 +528,9 @@ my @ovsubnettemp =  split(/\./,$cgiparams{'OVPN_SUBNET'});
 my $ovsubnet =  "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]";
 my $tunmtu =  $cgiparams{'MTU'};
 if ($tunmtu eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
-  
-  if ( !-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") { 
-    mkdir("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770); }
+
+unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
+unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}   
 
   open(SERVERCONF,    ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
   
@@ -604,8 +604,8 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' &&
         my $tunmtu =  $cgiparams{'MTU'};
         if ($tunmtu eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
    
-   if ( !-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") { 
-        mkdir("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770); }  
+unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
+unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
   
   open(CLIENTCONF,    ">${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Unable to open ${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf: $!";
   
@@ -1549,7 +1549,7 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
    print CLIENTCONF "persist-key\n";
    print CLIENTCONF "#\n";
    print CLIENTCONF "# IP/DNS fuer das Server Gateway - g2g Mode\n"; 
-   print CLIENTCONF "remote $netsettings{'RED_ADDRESS'}\n";
+   print CLIENTCONF "remote $vpnsettings{'VPN_IP'}\n";
    print CLIENTCONF "#\n"; 
    print CLIENTCONF "# IP Adressen des VPN Tunnels\n"; 
    print CLIENTCONF "ifconfig $ovsubnet.2 $ovsubnet.1\n"; 
@@ -1597,7 +1597,7 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
    print CLIENTCONF "# Management Interface aktivieren\n"; 
    print CLIENTCONF "# management localhost 4711\n";
    print CLIENTCONF "# remsub $confighash{$cgiparams{'KEY'}}[11]\n";
-
+  
 
     close(CLIENTCONF);
         
@@ -2471,8 +2471,8 @@ if ($confighash{$cgiparams{'KEY'}}) {
 	$cgiparams{'PSK'}	= $confighash{$cgiparams{'KEY'}}[5];
 	$cgiparams{'SIDE'}	= $confighash{$cgiparams{'KEY'}}[6];
 	$cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
-	$cgiparams{'REMOTE'}	= $confighash{$cgiparams{'KEY'}}[10];
-	$cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
+  $cgiparams{'REMOTE'}	= $confighash{$cgiparams{'KEY'}}[10];
+  $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
 	$cgiparams{'REMARK'}	= $confighash{$cgiparams{'KEY'}}[25];
 	$cgiparams{'INTERFACE'}	= $confighash{$cgiparams{'KEY'}}[26];
 #new fields	

From 64f0c3543d8419a708a2a6c2c50620d147213bfe Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 27 Jul 2011 18:40:12 +0200
Subject: [PATCH 17/18] openvpnctrl: Add option to start all n2n connections at
 once.

---
 src/misc-progs/openvpnctrl.c | 38 +++++++++++++++++++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index 758800da1..163386b43 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -25,7 +25,7 @@ char enableorange[STRING_SIZE] = "off";
 char OVPNRED[STRING_SIZE] = "OVPN";
 char OVPNBLUE[STRING_SIZE] = "OVPN_BLUE_";
 char OVPNORANGE[STRING_SIZE] = "OVPN_ORANGE_";
-char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.1.2";
+char WRAPPERVERSION[STRING_SIZE] = "ipfire-2.2.0";
 
 struct connection_struct {
 	char name[STRING_SIZE];
@@ -60,6 +60,12 @@ void usage(void)
 	printf("      kills/stops OpenVPN\n");
 	printf(" -r   --restart\n");
 	printf("      restarts OpenVPN (implicitly creates chains and firewall rules)\n");
+	printf(" -sn2n --start-net-2-net\n");
+	printf("      starts all net2net connections\n");
+	printf("      you may pass a connection name to the switch to only start a specific one\n");
+	printf(" -kn2n --kill-net-2-net\n");
+	printf("      kills all net2net connections\n");
+	printf("      you may pass a connection name to the switch to only start a specific one\n");
 	printf(" -d   --display\n");
 	printf("      displays OpenVPN status to syslog\n");
 	printf(" -fwr --firewall-rules\n");
@@ -482,6 +488,28 @@ void killNet2Net(char *name) {
 	exit(0);
 }
 
+void startAllNet2Net() {
+	connection *conn = getConnections();
+
+	while(conn) {
+		startNet2Net(conn->name);
+		conn = conn->next;
+	}
+
+	exit(0);
+}
+
+void killAllNet2Net() {
+	connection *conn = getConnections();
+
+	while(conn) {
+		killNet2Net(conn->name);
+		conn = conn->next;
+	}
+
+	exit(0);
+}
+
 void displayopenvpn(void) {
 	char command[STRING_SIZE];
 
@@ -533,6 +561,14 @@ int main(int argc, char *argv[]) {
 				startDaemon();
 				return 0;
 			}
+			else if( (strcmp(argv[1], "-sn2n") == 0) || (strcmp(argv[1], "--start-net-2-net") == 0) ) {
+				startAllNet2Net();
+				return 0;
+			}
+			else if( (strcmp(argv[1], "-kn2n") == 0) || (strcmp(argv[1], "--kill-net-2-net") == 0) ) {
+				killAllNet2Net();
+				return 0;
+			}
 			else if( (strcmp(argv[1], "-sdo") == 0) || (strcmp(argv[1], "--start-daemon-only") == 0) ) {
 				startDaemon();
 				return 0;

From d96c89eb0619c4f4b10ec7724e55f10f84defd2a Mon Sep 17 00:00:00 2001
From: Alfred Haas <alfred.haas@ipfire.org>
Date: Thu, 18 Aug 2011 14:29:51 +0200
Subject: [PATCH 18/18] Update of openvpn CGI scripts.

---
 html/cgi-bin/index.cgi    |  19 +++++
 html/cgi-bin/ovpnmain.cgi | 167 ++++++++++++++++++++++++++++++++------
 2 files changed, 160 insertions(+), 26 deletions(-)

diff --git a/html/cgi-bin/index.cgi b/html/cgi-bin/index.cgi
index 0dcadb0b2..d372d5255 100644
--- a/html/cgi-bin/index.cgi
+++ b/html/cgi-bin/index.cgi
@@ -388,6 +388,25 @@ END
 END
 	}
 
+###
+# m.a.d n2n
+###
+
+if ( -d "${General::swroot}/ovpn/n2nconf") {
+my %confighash=();
+&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+foreach my $dkey (keys %confighash) {
+if ($confighash{$dkey}[0] eq 'on' && $confighash{$dkey}[3] eq 'net') {
+my @n2novpnet =  split(/\//,$confighash{$dkey}[27]);
+    print <<END;
+		<tr><td align='center' bgcolor='$Header::colourvpn' width='25%'><a href="/cgi-bin/ovpnmain.cgi"><font size='2' color='white'><b>OpenVPN n2n</b></font></a><br>
+  	<td width='30%' align='center'> $n2novpnet[0]
+ 		<td width='45%' align='center'><font color=$Header::colourblue>$confighash{$dkey}[6]</font>
+END
+}
+}
+  }
+
 # Fireinfo
 if ( ! -e "/var/ipfire/main/send_profile") {
 	$warnmessage .= "<li><a style='color: white;' href='fireinfo.cgi'>$Lang::tr{'fireinfo please enable'}</a></li>";
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 2a9da019a..95eb67a1e 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -526,8 +526,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' &&
 my @remsubnet = split(/\//,$cgiparams{'REMOTE_SUBNET'});
 my @ovsubnettemp =  split(/\./,$cgiparams{'OVPN_SUBNET'});
 my $ovsubnet =  "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]";
-my $tunmtu =  $cgiparams{'MTU'};
-if ($tunmtu eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
+my $tunmtu =  '';
 
 unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
 unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}   
@@ -559,9 +558,18 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
   print SERVERCONF "proto $cgiparams{'PROTOCOL'}\n"; 
   print SERVERCONF "\n"; 
   print SERVERCONF "# Paketgroessen\n"; 
+  if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
   print SERVERCONF "tun-mtu $tunmtu\n"; 
-  print SERVERCONF "fragment 1300\n"; 
+  if ($cgiparams{'PROTOCOL'} eq 'udp') {
+  if ($cgiparams{'FRAGMENT'} eq '') {
+  print SERVERCONF "fragment 1300\r\n";
+  } else {
+  print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n"
+  }
+  if ($cgiparams{'MSSFIX'} eq 'on') {
   print SERVERCONF "mssfix\n"; 
+  }
+  }
   print SERVERCONF "\n"; 
   print SERVERCONF "# Auth Server\n"; 
   print SERVERCONF "tls-server\n"; 
@@ -601,9 +609,8 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq 'net' &&
         my @ovsubnettemp =  split(/\./,$cgiparams{'OVPN_SUBNET'});
         my $ovsubnet =  "@ovsubnettemp[0].@ovsubnettemp[1].@ovsubnettemp[2]";
         my @remsubnet =  split(/\//,$cgiparams{'REMOTE_SUBNET'});
-        my $tunmtu =  $cgiparams{'MTU'};
-        if ($tunmtu eq '') {$tunmtu = '1500'} else {$tunmtu = $cgiparams{'MTU'}};
-   
+        my $tunmtu =  '';
+           
 unless(-d "${General::swroot}/ovpn/n2nconf/"){mkdir "${General::swroot}/ovpn/n2nconf", 0755 or die "Unable to create dir $!";}
 unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}", 0770 or die "Unable to create dir $!";}
   
@@ -634,9 +641,18 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
   print CLIENTCONF "proto $cgiparams{'PROTOCOL'}\n"; 
   print CLIENTCONF "#\n"; 
   print CLIENTCONF "# Paketgroessen\n"; 
+  if ($cgiparams{'MTU'} eq '') {$tunmtu = '1400'} else {$tunmtu = $cgiparams{'MTU'}};
   print CLIENTCONF "tun-mtu $tunmtu\n"; 
-  print CLIENTCONF "fragment 1300\n"; 
+  if ($cgiparams{'PROTOCOL'} eq 'udp') {
+  if ($cgiparams{'FRAGMENT'} eq '') {
+  print CLIENTCONF "fragment 1300\r\n";
+  } else {
+  print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n"
+  }
+  if ($cgiparams{'MSSFIX'} eq 'on') {
   print CLIENTCONF "mssfix\n"; 
+  }
+  }
   print CLIENTCONF "#\n"; 
   print CLIENTCONF "# Auth. Client\n"; 
   print CLIENTCONF "tls-client\n"; 
@@ -1564,10 +1580,18 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
    print CLIENTCONF "proto $confighash{$cgiparams{'KEY'}}[28]\n"; 
    print CLIENTCONF "#\n"; 
    print CLIENTCONF "# Paketgroessen\n"; 
-   if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1500'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
+   if ($confighash{$cgiparams{'KEY'}}[31] eq '') {$tunmtu = '1400'} else {$tunmtu = $confighash{$cgiparams{'KEY'}}[31]};
    print CLIENTCONF "tun-mtu $tunmtu\n"; 
-   print CLIENTCONF "fragment 1300\n"; 
+   if ($confighash{$cgiparams{'KEY'}}[28] eq 'udp') {
+   if ($cgiparams{'FRAGMENT'} eq '') {
+   print CLIENTCONF "fragment 1300\r\n";
+   } else {
+   print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n"
+   }
+   if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {
    print CLIENTCONF "mssfix\n"; 
+   }
+   }
    print CLIENTCONF "#\n"; 
    print CLIENTCONF "# Auth. Client\n"; 
    print CLIENTCONF "tls-client\n"; 
@@ -2200,7 +2224,6 @@ END
 	my @confdetails;
 	my $uplconffilename ='';
 	my $uplp12name = '';
-	my $complzoactive ='';
 	my @rem_subnet;
 	my @rem_subnet2;
 	my @tmposupnet3;	
@@ -2291,31 +2314,27 @@ END
 	}	
 	
 my $complzoactive;
-#my @n2nroute = split(/ /, (grep { /^route/ } @firen2nconf)[0]);
+my $mssfixactive;
+my $n2nfragment;
 my @n2nproto = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
 my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]);
 my @n2ntunmtu = split(/ /, (grep { /^tun-mtu/ } @firen2nconf)[0]);
 my @n2ncomplzo = grep { /^comp-lzo/ } @firen2nconf;
 if ($n2ncomplzo[0] =~ /comp-lzo/){$complzoactive = "on";} else {$complzoactive = "off";}	
+my @n2nmssfix  = grep { /^mssfix/ } @firen2nconf;
+if ($n2nmssfix[0] =~ /mssfix/){$mssfixactive = "on";} else {$mssfixactive = "off";}
+my @n2nfragment = split(/ /, (grep { /^fragment/ } @firen2nconf)[0]);
 my @n2nremote = split(/ /, (grep { /^remote/ } @firen2nconf)[0]);
 my @n2novpnsuball = split(/ /, (grep { /^ifconfig/ } @firen2nconf)[0]);
 my @n2novpnsub =  split(/\./,$n2novpnsuball[1]);
 my @n2nremsub = split(/ /, (grep { /^route/ } @firen2nconf)[0]);
 my @n2nlocalsub  = split(/ /, (grep { /^# remsub/ } @firen2nconf)[0]);
 
-#	$errormessage = &Ovpnfunc::ovelapplausi("$tmposupnet3[0].$tmposupnet3[1].$tmposupnet3[2].0","255.255.255.0");
-#	if ($errormessage ne ''){
-#		goto N2N_ERROR;
-#	}
-
 ###
 # m.a.d delete CR and LF from arrays for this chomp doesnt work
 ###
 
-#$n2nroute[1] =~ s/\n|\r//g;
 $n2nremote[1] =~ s/\n|\r//g;
-#$n2nroute[1] =~ s/\n|\r//g;
-#$n2nroute[2] =~ s/\n|\r//g;
 $n2novpnsub[0] =~ s/\n|\r//g;
 $n2novpnsub[1] =~ s/\n|\r//g;
 $n2novpnsub[2] =~ s/\n|\r//g;
@@ -2324,7 +2343,9 @@ $n2nport[1] =~ s/\n|\r//g;
 $n2ntunmtu[1] =~ s/\n|\r//g;
 $n2nremsub[1] =~ s/\n|\r//g;
 $n2nlocalsub[2] =~ s/\n|\r//g;
+$n2nfragment[1] =~ s/\n|\r//g;
 chomp ($complzoactive);
+chomp ($mssfixactive);
 
 ###
 # m.a.d Write n2n config
@@ -2341,6 +2362,35 @@ chomp ($complzoactive);
 		}
 	}
 
+###
+# Check if RemSubnet is green orange blue
+###
+
+
+###
+# Check if OpenVPN Subnet is valid
+###
+
+foreach my $dkey (keys %confighash) {
+		if ($confighash{$dkey}[27] eq "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0") {
+			$errormessage = 'The OpenVPN Subnet is already in use';
+			goto N2N_ERROR;			
+		}
+	}
+
+###
+# Check im Dest Port is vaild
+###
+
+foreach my $dkey (keys %confighash) {
+		if ($confighash{$dkey}[29] eq $n2nport[1] ) {
+			$errormessage = 'The OpenVPN Port is already in use';
+			goto N2N_ERROR;			
+		}
+	}
+	
+	
+	
   $key = &General::findhasharraykey (\%confighash);
 
 	foreach my $i (0 .. 31) { $confighash{$key}[$i] = "";}
@@ -2353,7 +2403,9 @@ chomp ($complzoactive);
 	$confighash{$key}[8] =  $n2nlocalsub[2];
   $confighash{$key}[10] = $n2nremote[1];
   $confighash{$key}[11] = $n2nremsub[1];		
-	$confighash{$key}[25] = 'IPFire n2n Client';
+	$confighash{$key}[23] = $mssfixactive;
+	$confighash{$key}[24] = $n2nfragment[1];
+  $confighash{$key}[25] = 'IPFire n2n Client';
 	$confighash{$key}[26] = 'red';
   $confighash{$key}[27] = "$n2novpnsub[0].$n2novpnsub[1].$n2novpnsub[2].0/255.255.255.0";
   $confighash{$key}[28] = $n2nproto[1];
@@ -2363,6 +2415,7 @@ chomp ($complzoactive);
 
 
   &General::writehasharray("${General::swroot}/ovpn/ovpnconfig", \%confighash);
+ 
   N2N_ERROR:
 		
 	&Header::showhttpheaders();
@@ -2473,6 +2526,9 @@ if ($confighash{$cgiparams{'KEY'}}) {
 	$cgiparams{'LOCAL_SUBNET'} = $confighash{$cgiparams{'KEY'}}[8];
   $cgiparams{'REMOTE'}	= $confighash{$cgiparams{'KEY'}}[10];
   $cgiparams{'REMOTE_SUBNET'} = $confighash{$cgiparams{'KEY'}}[11];
+# n2n m.a.d new fields
+  $cgiparams{'MSSFIX'} = $confighash{$cgiparams{'KEY'}}[23];
+  $cgiparams{'FRAGMENT'} = $confighash{$cgiparams{'KEY'}}[24];
 	$cgiparams{'REMARK'}	= $confighash{$cgiparams{'KEY'}}[25];
 	$cgiparams{'INTERFACE'}	= $confighash{$cgiparams{'KEY'}}[26];
 #new fields	
@@ -2481,8 +2537,10 @@ if ($confighash{$cgiparams{'KEY'}}) {
 	$cgiparams{'DEST_PORT'}	  = $confighash{$cgiparams{'KEY'}}[29];
 	$cgiparams{'COMPLZO'}	  = $confighash{$cgiparams{'KEY'}}[30];
 	$cgiparams{'MTU'}	  = $confighash{$cgiparams{'KEY'}}[31];
+
 #new fields
 #ab hiere error uebernehmen
+
     } elsif ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
 	$cgiparams{'REMARK'} = &Header::cleanhtml($cgiparams{'REMARK'});
 	if ($cgiparams{'TYPE'} !~ /^(host|net)$/) {
@@ -2506,6 +2564,35 @@ if ($confighash{$cgiparams{'KEY'}}) {
 	    goto VPNCONF_ERROR;
 	}
 
+###
+# n2n Plausi m.a.d
+###
+
+		if ($cgiparams{'DEST_PORT'} eq  $vpnsettings{'DDEST_PORT'}) {
+			$errormessage = 'The Destination Port is used by the OpenVPN Server please change';
+			goto VPNCONF_ERROR;			
+		}
+
+    if ($cgiparams{'OVPN_SUBNET'} eq  $vpnsettings{'DOVPN_SUBNET'}) {
+			$errormessage = 'The OpenVPN Subnet is used by the OpenVPN Server please change';
+			goto VPNCONF_ERROR;			
+		}
+
+	  if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'MSSFIX'} eq 'on')) {
+	    $errormessage = 'mssfix only allowed with udp';
+	    goto VPNCONF_ERROR;
+    }
+     
+    if (($cgiparams{'PROTOCOL'} eq 'tcp') && ($cgiparams{'FRAGMENT'} ne '')) {
+	    $errormessage = 'fragment only allowed with udp';
+	    goto VPNCONF_ERROR;
+    }
+    
+
+###
+# n2n Plausi m.a.d
+###
+
 #	if (($cgiparams{'TYPE'} eq 'net') && ($cgiparams{'SIDE'} !~ /^(left|right)$/)) {
 #	    $errormessage = $Lang::tr{'ipfire side is invalid'};
 #	    goto VPNCONF_ERROR;
@@ -2852,6 +2939,12 @@ if ($confighash{$cgiparams{'KEY'}}) {
 	}
 	$confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
 	$confighash{$key}[10] = $cgiparams{'REMOTE'};
+  $confighash{$key}[23] = $cgiparams{'MSSFIX'};
+  if ($cgiparams{'FRAGMENT'} eq '') {
+  $confighash{$key}[24] = '1300';
+  } else {
+  $confighash{$key}[24] = $cgiparams{'FRAGMENT'};
+  }
 	$confighash{$key}[25] = $cgiparams{'REMARK'};
 	$confighash{$key}[26] = $cgiparams{'INTERFACE'};
 # new fields	
@@ -2903,6 +2996,11 @@ if ($confighash{$cgiparams{'KEY'}}) {
     $selected{'SIDE'}{'server'} = '';
     $selected{'SIDE'}{'client'} = '';
     $selected{'SIDE'}{$cgiparams{'SIDE'}} = 'SELECTED';
+    
+    $selected{'PROTOCOL'}{'udp'} = '';
+    $selected{'PROTOCOL'}{'tcp'} = '';
+    $selected{'PROTOCOL'}{$cgiparams{'PROTOCOL'}} = 'SELECTED';
+
 
     $checked{'AUTH'}{'psk'} = '';
     $checked{'AUTH'}{'certreq'} = '';
@@ -2916,6 +3014,10 @@ if ($confighash{$cgiparams{'KEY'}}) {
     $checked{'COMPLZO'}{'on'} = '';
     $checked{'COMPLZO'}{$cgiparams{'COMPLZO'}} = 'CHECKED';
 
+    $checked{'MSSFIX'}{'off'} = '';
+    $checked{'MSSFIX'}{'on'} = '';
+    $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
+
 
     if (1) {
 	&Header::showhttpheaders();
@@ -2984,19 +3086,29 @@ if ($confighash{$cgiparams{'KEY'}}) {
 		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn subnet'}</td>
 		    <td><input type='TEXT' name='OVPN_SUBNET' value='$cgiparams{'OVPN_SUBNET'}' /></td></tr>
 		<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'protocol'}</td>
-		    <td><select name='PROTOCOL'><option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
-                        			<option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>
-		    <td class='boldbase'>$Lang::tr{'destination port'}:</td>
+		 
+     <td><select name='PROTOCOL'><option value='udp' $selected{'PROTOCOL'}{'udp'}>UDP</option>
+                        			<option value='tcp' $selected{'PROTOCOL'}{'tcp'}>TCP</option></select></td>   
+		    
+        <td class='boldbase'>$Lang::tr{'destination port'}:</td>
 		    <td><input type='TEXT' name='DEST_PORT' value='$cgiparams{'DEST_PORT'}' size='5' /></td></tr>
-	        <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'}</td>
+	        <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'comp-lzo'} &nbsp;<img src='/blob.gif'</td>
 		    <td><input type='checkbox' name='COMPLZO' $checked{'COMPLZO'}{'on'} /></td>
+		    
+		      <tr><td class='boldbase' nowrap='nowrap'>mssfix &nbsp;<img src='/blob.gif' /></td>
+		    <td><input type='checkbox' name='MSSFIX' $checked{'MSSFIX'}{'on'} /></td>
+		    
+		      <tr><td class='boldbase' nowrap='nowrap'>Fragment &nbsp;<img src='/blob.gif' /></td>
+		    <td><input type='TEXT' name='FRAGMENT' VALUE='$cgiparams{'FRAGMENT'}'size='5' /></td>
+		    <td>Default: <span class="base">1300</span></td>
+		    
 	        <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}&nbsp;<img src='/blob.gif' /></td>
 		    <td> <input type='TEXT' name='MTU' VALUE='$cgiparams{'MTU'}'size='5' /></TD>
-		    		    
 
 END
 	    ;
 	}
+
 	print "<tr><td class='boldbase'>$Lang::tr{'remark title'}&nbsp;<img src='/blob.gif' /></td>";
 	print "<td colspan='3'><input type='text' name='REMARK' value='$cgiparams{'REMARK'}' size='55' maxlength='50' /></td></tr>";
 	
@@ -3211,7 +3323,10 @@ END
     $checked{'DCOMPLZO'}{'off'} = '';
     $checked{'DCOMPLZO'}{'on'} = '';
     $checked{'DCOMPLZO'}{$cgiparams{'DCOMPLZO'}} = 'CHECKED';
-
+# m.a.d
+    $checked{'MSSFIX'}{'off'} = '';
+    $checked{'MSSFIX'}{'on'} = '';
+    $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
 #new settings
     &Header::showhttpheaders();
     &Header::openpage($Lang::tr{'status ovpn'}, 1, '');