The tls-remote directive is deprecated and will be removed with
OpenVPN version 2.4 . Added instead --verify-x509-name HOST name
into ovpnmain.cgi.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When editing existing static routes and clicking on apply button, there
was an errormessage saying that this route is already in use.
Now the errormessage is only displayed if a new route has the same ip
than an existing one.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When entring wrong values in the fields and saving the site, there comes
an errormessage and all fields except mailserver and port are blanked.
Now the fileds are preserved and all data is displayed even after an
errormessage
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
in firewallgroups (hosts) an error was created when using ip adresses
like 192.168.000.008. Now all leading zeros are deleted in
firewallgroups and in the firewall itself when using single ip addresses
as source or target.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
auth.conf was always written, even if no username/password provided.
In this case only the ip or Hostname of the mailserver was written into
auth.conf. Now the file is only filled if username/password are filled.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Tested-by: Timo Eissler <timo.eissler@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This will allow to import just the configuration file
into iOS and establish the VPN connection. Also works
with many other OpenVPN clients.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch adds the option to download a client package
that comes with a regular PEM and key file instead of a
PKCS12 file which is easier to use with clients that
don't support PKCS12 (like iOS) opposed to converting
the file manually.
This requires that the connection is created without
using a password for the certificate. Then the certificate
is already stored in an insecure way.
This patch also adds this to the Core Update 95 updater.
Fixes: #10966
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
CC: Alexander Marx <alexander.marx@ipfire.org>
Promotes Alexander Marx to the group of Core Developers.
Also lots of reformatting of old HTML code.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Some functions when adding a new route where senseless.
Now the ip address is checked and in case of a missing / wrong
subnetmask an errormessage is raised. The ip address is preserved.
ELSE
we convert the subnetmask to cidr notation and calculate the network ip
correctly.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The function to check for valid hostgroup entries not only
checked the target hostgroup but also the source hostgroup if any.
This lead to the error.
Now the check only affects target hostgroups because it does not matter if a sourcegroup contains mac addresses.
Signed-off-by: Alexander Marx <alexander.marx@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The CGI offers the posibility to get more details for a certain locations
by clicking on a button.
This feature cannot be used for the category "unknown". To prevent users
from beeing confused about non show-able details, I added some code to hide
this button for this category.
Fixes#10726.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
There was an issue with false generated HTML code, in case
of an empty or unset $pppsettings{'TYPE'} variable which results
in a missplaced website footer.
This patch moves the code for closeing the table and the call of the
closebox() function to the correct place to prevent this display issue.
Fixes#10565.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The CGI now is using the GeoIP::get_flag_icon function provided by the
geoip-functions.pl, which takes care of the changed flag icons shipped
by core update 90.
Fixes#10919.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Tested-by: Jan Paul Tuecking <jan.paul.tuecking@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Mark required input fields with a star as nowadays this is
the de-facto default. Before, it was the other way around and
optional fields were marked.
Signed-off-by: Lars Schumacher <larsen007@web.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Some peers that are behind a NAT router that fails
to properly forward IKE packets on UDP port 500 cannot
establish an IPsec connection. MOBIKE tries to solve that
by sending these packets to UDP port 4500 instead.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This caused a bug that when the user wanted to edit one
of the static leases and clicked on the edit icon that
an other entry opened up for editing.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Some strings for PPTP were hardcoded instead of using i18n features.
Signed-off-by: Lars Schuhmacher <larsen007@web.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Fix bug 10869 as the code has been removed by mistake by the
previous commit dfea4f86c2.
It also includes ipsec.user.conf only when it exists.
Signed-off-by: Lars Schuhmacher <larsen007@web.de>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
After a lease has been added from the list of leases it is often
desirable to edit it right away. It appeared that the system
was in edit mode after the lease has been added because the form
had the values of the recently added lease, but hitting the
"Add" button cause an error message that stated that this is
a duplicate entry.
This patch will switch to edit more where the user can change
the values and hit "Update". If he or she chooses to ignore
that the entry is still saved.
