From f48074bacbf1e3835ca8975d82e5dd2dc514bcb1 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Wed, 17 Jul 2013 19:58:20 +0200 Subject: [PATCH 1/5] ovpnmain.cgi: Add check for a valid N2N network. Fixes #10390. --- html/cgi-bin/ovpnmain.cgi | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index a4953ffe4..38dad1ded 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -3520,6 +3520,14 @@ if ($cgiparams{'TYPE'} eq 'net') { goto VPNCONF_ERROR; } + # Check if the input for the transfer net is valid. + if (!&General::validipandmask($cgiparams{'OVPN_SUBNET'})){ + $errormessage = $Lang::tr{'ccd err invalidnet'}; + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + goto VPNCONF_ERROR; + } + if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) { $errormessage = $Lang::tr{'openvpn subnet is used'}; unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; From 92b87e17f1497be27cc61038b4852b00e84f5d15 Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Wed, 17 Jul 2013 21:01:14 +0200 Subject: [PATCH 2/5] ovpnmain.cgi: Set mtu-disc to off if not configured. Fixes #10391. --- html/cgi-bin/ovpnmain.cgi | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 38dad1ded..8622f6d63 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -2339,6 +2339,9 @@ ADV_ERROR: if ($cgiparams{'LOG_VERB'} eq '') { $cgiparams{'LOG_VERB'} = '3'; } + if ($cgiparams{'PMTU_DISCOVERY'} eq '') { + $cgiparams{'PMTU_DISCOVERY'} = 'off'; + } $checked{'CLIENT2CLIENT'}{'off'} = ''; $checked{'CLIENT2CLIENT'}{'on'} = ''; $checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED'; @@ -4155,6 +4158,9 @@ if ($cgiparams{'TYPE'} eq 'net') { $checked{'MSSFIX'}{'on'} = ''; $checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED'; + if ($cgiparams{'PMTU_DISCOVERY'} eq '') { + $cgiparams{'PMTU_DISCOVERY'} = 'off'; + } $checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\''; From c92602f1615b9d1073de93e8653a743bc2d5bf81 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Fri, 19 Jul 2013 10:03:22 +0200 Subject: [PATCH 3/5] start core72. --- config/rootfiles/core/72/exclude | 17 +++++++ config/rootfiles/core/72/filelists/files | 3 ++ config/rootfiles/core/72/meta | 1 + config/rootfiles/core/72/update.sh | 62 ++++++++++++++++++++++++ make.sh | 2 +- 5 files changed, 84 insertions(+), 1 deletion(-) create mode 100644 config/rootfiles/core/72/exclude create mode 100644 config/rootfiles/core/72/filelists/files create mode 100644 config/rootfiles/core/72/meta create mode 100644 config/rootfiles/core/72/update.sh diff --git a/config/rootfiles/core/72/exclude b/config/rootfiles/core/72/exclude new file mode 100644 index 000000000..321a931ca --- /dev/null +++ b/config/rootfiles/core/72/exclude @@ -0,0 +1,17 @@ +srv/web/ipfire/html/proxy.pac +boot/config.txt +etc/udev/rules.d/30-persistent-network.rules +etc/collectd.custom +etc/shadow +etc/ipsec.conf +etc/ipsec.secrets +etc/ipsec.user.conf +etc/ipsec.user.secrets +var/log/cache +var/updatecache +etc/localtime +var/ipfire/ovpn +etc/ssh/ssh_config +etc/ssh/sshd_config +etc/ssl/openssl.cnf +var/state/dhcp/dhcpd.leases diff --git a/config/rootfiles/core/72/filelists/files b/config/rootfiles/core/72/filelists/files new file mode 100644 index 000000000..efa475945 --- /dev/null +++ b/config/rootfiles/core/72/filelists/files @@ -0,0 +1,3 @@ +etc/system-release +etc/issue +usr/local/bin/openvpnctrl diff --git a/config/rootfiles/core/72/meta b/config/rootfiles/core/72/meta new file mode 100644 index 000000000..d547fa86f --- /dev/null +++ b/config/rootfiles/core/72/meta @@ -0,0 +1 @@ +DEPS="" diff --git a/config/rootfiles/core/72/update.sh b/config/rootfiles/core/72/update.sh new file mode 100644 index 000000000..f365abb0e --- /dev/null +++ b/config/rootfiles/core/72/update.sh @@ -0,0 +1,62 @@ +#!/bin/bash +############################################################################ +# # +# This file is part of the IPFire Firewall. # +# # +# IPFire is free software; you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation; either version 3 of the License, or # +# (at your option) any later version. # +# # +# IPFire is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with IPFire; if not, write to the Free Software # +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # +# # +# Copyright (C) 2013 IPFire-Team . # +# # +############################################################################ +# +. /opt/pakfire/lib/functions.sh +/usr/local/bin/backupctrl exclude >/dev/null 2>&1 + +# +# Remove old core updates from pakfire cache to save space... +core=72 +for (( i=1; i<=$core; i++ )) +do + rm -f /var/cache/pakfire/core-upgrade-*-$i.ipfire +done + +# +#Stop services + + +# +#Extract files +extract_files + + +# +#Start services + +# +#Update Language cache +#perl -e "require '/var/ipfire/lang.pl'; &Lang::BuildCacheLang" + +sync + +# This update need a reboot... +#touch /var/run/need_reboot + +# +#Finish +/etc/init.d/fireinfo start +sendprofile +#Don't report the exitcode last command +exit 0 + diff --git a/make.sh b/make.sh index 88af89876..8ca36bf9c 100755 --- a/make.sh +++ b/make.sh @@ -25,7 +25,7 @@ NAME="IPFire" # Software name SNAME="ipfire" # Short name VERSION="2.13" # Version number -CORE="71" # Core Level (Filename) +CORE="72" # Core Level (Filename) PAKFIRE_CORE="71" # Core Level (PAKFIRE) GIT_BRANCH=`git status | head -n1 | cut -d" " -f4` # Git Branch SLOGAN="www.ipfire.org" # Software slogan From 6666897c5c4f6e328e56e66e53750a906ef04ee6 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Fri, 19 Jul 2013 18:19:40 +0200 Subject: [PATCH 4/5] transmission: update to 2.81. --- lfs/transmission | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lfs/transmission b/lfs/transmission index b20ae8852..9d5dfa578 100644 --- a/lfs/transmission +++ b/lfs/transmission @@ -24,7 +24,7 @@ include Config -VER = 2.80 +VER = 2.81 THISAPP = transmission-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = transmission -PAK_VER = 7 +PAK_VER = 8 DEPS = "libevent2" @@ -44,7 +44,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 2bde600d4b0a75d0bd3784550d59a8af +$(DL_FILE)_MD5 = db1ad10ecff07150486dab2365ccb3a8 install : $(TARGET) From c125d8a2b4770e3cd63ef18ae720dd6e5fb8576c Mon Sep 17 00:00:00 2001 From: Stefan Schantl Date: Wed, 17 Jul 2013 22:30:29 +0200 Subject: [PATCH 5/5] ovpnmain.cgi: Allow to keep the Remote field empty for N2N connections. * It's now possible to keep the Remote Host/IP field empty. * Cleaned up code. Fixes #10392. --- html/cgi-bin/ovpnmain.cgi | 55 +++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 31 deletions(-) diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 8622f6d63..5e18d3cb5 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -127,21 +127,6 @@ sub sizeformat{ return("$newsize $units[$i]"); } -sub valid_dns_host { - my $hostname = $_[0]; - unless ($hostname) { return "No hostname"}; - my $res = new Net::DNS::Resolver; - my $query = $res->search("$hostname"); - if ($query) { - foreach my $rr ($query->answer) { - ## Potential bug - we are only looking at A records: - return 0 if $rr->type eq "A"; - } - } else { - return $res->errorstring; - } -} - sub cleanssldatabase { if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) { @@ -982,7 +967,11 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "persist-key\n"; print SERVERCONF "script-security 2\n"; print SERVERCONF "# IP/DNS for remote Server Gateway\n"; + + if ($cgiparams{'REMOTE'} ne '') { print SERVERCONF "remote $cgiparams{'REMOTE'}\n"; + } + print SERVERCONF "float\n"; print SERVERCONF "# IP adresses of the VPN Subnet\n"; print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; @@ -3614,34 +3603,38 @@ if ($cgiparams{'TYPE'} eq 'net') { } } - if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) { + # Check if a remote host/IP has been set for the client. + if ($cgiparams{'REMOTE'} eq '' && $cgiparams{'SIDE'} ne 'server') { $errormessage = $Lang::tr{'invalid input for remote host/ip'}; + + # Check if this is a N2N connection and drop temporary config. if ($cgiparams{'TYPE'} eq 'net') { - unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; - rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; - } + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + } goto VPNCONF_ERROR; } - if ($cgiparams{'REMOTE'}) { + # Check if a remote host/IP has been configured - the field can be empty on the server side. + if ($cgiparams{'REMOTE'} ne '') { + + # Check if the given IP is valid - otherwise check if it is a valid domain. if (! &General::validip($cgiparams{'REMOTE'})) { + + # Check for a valid domain. if (! &General::validfqdn ($cgiparams{'REMOTE'})) { $errormessage = $Lang::tr{'invalid input for remote host/ip'}; - if ($cgiparams{'TYPE'} eq 'net') { - unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; - rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; - } - goto VPNCONF_ERROR; - } else { - if (&valid_dns_host($cgiparams{'REMOTE'})) { - $warnmessage = "$Lang::tr{'check vpn lr'} $cgiparams{'REMOTE'}. $Lang::tr{'dns check failed'}"; - if ($cgiparams{'TYPE'} eq 'net') { - } - } + # Check if this is a N2N connection and drop temporary config. + if ($cgiparams{'TYPE'} eq 'net') { + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + } + goto VPNCONF_ERROR; } } } + if ($cgiparams{'TYPE'} ne 'host') { unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) { $errormessage = $Lang::tr{'local subnet is invalid'};