[prev in list] [next in list] [prev in thread] [next in thread]
List: ipcop-svn
Subject: [Ipcop-svn] SF.net SVN: ipcop:[4034] ipcop/trunk
From: owes () users ! sourceforge ! net
Date: 2009-12-22 11:57:17
Message-ID: E1NN3Mb-0000XD-5T () 74yxhf1 ! ch3 ! sourceforge ! com
[Download RAW message or body]
Revision: 4034
http://ipcop.svn.sourceforge.net/ipcop/?rev=4034&view=rev
Author: owes
Date: 2009-12-22 11:57:16 +0000 (Tue, 22 Dec 2009)
Log Message:
-----------
Drop IPsec and OpenVPN access for Orange.
Modified Paths:
--------------
ipcop/trunk/html/cgi-bin/ipsec.cgi
ipcop/trunk/html/cgi-bin/openvpn.cgi
ipcop/trunk/src/libs/vpn-functions.pl
ipcop/trunk/src/misc-progs/ipsecctrl.c
ipcop/trunk/src/scripts/puzzleFwRules.pl
ipcop/trunk/updates/1.9.11/ROOTFILES.i486-1.9.11
Modified: ipcop/trunk/html/cgi-bin/ipsec.cgi
===================================================================
--- ipcop/trunk/html/cgi-bin/ipsec.cgi 2009-12-22 11:48:11 UTC (rev 4033)
+++ ipcop/trunk/html/cgi-bin/ipsec.cgi 2009-12-22 11:57:16 UTC (rev 4034)
@@ -74,7 +74,6 @@
$cgiparams{'ENABLED'} = 'off';
$cgiparams{'ENABLED_RED_1'} = 'off';
$cgiparams{'ENABLED_BLUE_1'} = 'off';
-$cgiparams{'ENABLED_ORANGE_1'} = 'off';
$cgiparams{'EDIT_ADVANCED'} = 'off';
$cgiparams{'ACTION'} = '';
$cgiparams{'CA_NAME'} = '';
@@ -167,7 +166,7 @@
}
map ($vpnsettings{$_} = $cgiparams{$_},
- ('ENABLED_BLUE_1','ENABLED_ORANGE_1','ENABLED_RED_1',
+ ('ENABLED_BLUE_1','ENABLED_RED_1',
'DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL',
'DBG_KLIPS','DBG_DNS'));
@@ -1033,7 +1032,6 @@
$checked{'AUTH'}{$cgiparams{'AUTH'}} = "checked='checked'";
$selected{'INTERFACE'}{'RED'} = '';
- $selected{'INTERFACE'}{'ORANGE'} = '';
$selected{'INTERFACE'}{'BLUE'} = '';
$selected{'INTERFACE'}{$cgiparams{'INTERFACE'}} = "selected='selected'";
@@ -1103,7 +1101,6 @@
print "<td><select name='INTERFACE'>";
print "<option value='RED' $selected{'INTERFACE'}{'RED'}>RED \
($vpnsettings{'VPN_IP'})</option>";
print "<option value='BLUE' $selected{'INTERFACE'}{'BLUE'}>BLUE \
($netsettings{'BLUE_1_ADDRESS'})</option>" if \
($netsettings{'BLUE_COUNT'} > 0);
- print "<option value='ORANGE' $selected{'INTERFACE'}{'ORANGE'}>ORANGE \
($netsettings{'ORANGE_1_ADDRESS'})</option>" if ($netsettings{'ORANGE_COUNT'} > 0); \
print "</select></td>"; print <<END
<td class='base'>$Lang::tr{'remote host/ip'}: $blob</td>
@@ -1684,9 +1681,6 @@
$checked{'ENABLED_BLUE_1'}{'off'} = '';
$checked{'ENABLED_BLUE_1'}{'on'} = '';
$checked{'ENABLED_BLUE_1'}{$cgiparams{'ENABLED_BLUE_1'}} = "checked='checked'";
-$checked{'ENABLED_ORANGE_1'}{'off'} = '';
-$checked{'ENABLED_ORANGE_1'}{'on'} = '';
-$checked{'ENABLED_ORANGE_1'}{$cgiparams{'ENABLED_ORANGE_1'}} = "checked='checked'";
$checked{'ENABLED_RED_1'}{'off'} = '';
$checked{'ENABLED_RED_1'}{'on'} = '';
$checked{'ENABLED_RED_1'}{$cgiparams{'ENABLED_RED_1'}} = "checked='checked'";
@@ -1726,10 +1720,6 @@
print "<tr><td class='base'>$Lang::tr{'ipsec on blue'}:</td>";
print "<td colspan='3'><input type='checkbox' name='ENABLED_BLUE_1' \
$checked{'ENABLED_BLUE_1'}{'on'} /></td></tr>"; }
-if (&FW::haveOrangeNet()) {
- print "<tr><td class='base'>$Lang::tr{'ipsec on orange'}:</td>";
- print "<td colspan='3'><input type='checkbox' name='ENABLED_ORANGE_1' \
$checked{'ENABLED_ORANGE_1'}{'on'} /></td></tr>";
-}
# This text contains < and > characters, so use cleanhtml
my $ipsecredname = &Header::cleanhtml($Lang::tr{'vpn red name'});
Modified: ipcop/trunk/html/cgi-bin/openvpn.cgi
===================================================================
--- ipcop/trunk/html/cgi-bin/openvpn.cgi 2009-12-22 11:48:11 UTC (rev 4033)
+++ ipcop/trunk/html/cgi-bin/openvpn.cgi 2009-12-22 11:57:16 UTC (rev 4034)
@@ -52,7 +52,6 @@
$cgiparams{'ENABLED'} = 'off';
$cgiparams{'ENABLED_RED_1'} = 'off';
$cgiparams{'ENABLED_BLUE_1'} = 'off';
-$cgiparams{'ENABLED_ORANGE_1'} = 'off';
$cgiparams{'EDIT_ADVANCED'} = 'off';
$cgiparams{'NAT'} = 'off';
$cgiparams{'COMPRESSION'} = 'off';
@@ -343,8 +342,6 @@
### Save Advanced options
###
if ($cgiparams{'ACTION'} eq $Lang::tr{'save-adv-options'}) {
- #DAN do we really need (to to check) this value? Besides if we listen on blue \
and orange too,
- #DAN this value has to leave.
$vpnsettings{'LOG_VERB'} = $cgiparams{'LOG_VERB'};
$vpnsettings{'KEEPALIVE_1'} = $cgiparams{'KEEPALIVE_1'};
$vpnsettings{'KEEPALIVE_2'} = $cgiparams{'KEEPALIVE_2'};
@@ -501,8 +498,6 @@
### Save main settings
###
if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && \
$cgiparams{'KEY'} eq '') {
- #DAN do we really need (to to check) this value? Besides if we listen on blue \
and orange too,
- #DAN this value has to leave.
if ($cgiparams{'ENABLED_RED_1'} eq 'on') {
unless (&General::validfqdn($cgiparams{'VPN_IP'}) || \
&General::validip($cgiparams{'VPN_IP'})) { $errormessage = $Lang::tr{'invalid input \
for hostname'}; @@ -578,7 +573,6 @@
goto SETTINGS_ERROR;
}
$vpnsettings{'ENABLED_BLUE_1'} = $cgiparams{'ENABLED_BLUE_1'};
- $vpnsettings{'ENABLED_ORANGE_1'} =$cgiparams{'ENABLED_ORANGE_1'};
$vpnsettings{'ENABLED_RED_1'} = $cgiparams{'ENABLED_RED_1'};
$vpnsettings{'VPN_IP'} = $cgiparams{'VPN_IP'};
$vpnsettings{'DOVPN_SUBNET'} = $cgiparams{'DOVPN_SUBNET'};
@@ -650,22 +644,10 @@
print CLIENTCONF "#Comment the above line and uncomment the next line, \
if you want to connect on the Blue interface\r\n";
print CLIENTCONF ";remote $netsettings{'BLUE_1_ADDRESS'} \
$vpnsettings{'DDEST_PORT'}\r\n"; }
- if ($vpnsettings{'ENABLED_ORANGE_1'} eq 'on' && (&FW::haveOrangeNet())) {
- print CLIENTCONF "#Comment the above line and uncomment the next line, \
if you want to connect on the Orange interface\r\n";
- print CLIENTCONF ";remote $netsettings{'ORANGE_1_ADDRESS'} \
$vpnsettings{'DDEST_PORT'}\r\n";
- }
}
elsif ($vpnsettings{'ENABLED_BLUE_1'} eq 'on' && (&FW::haveBlueNet())) {
print CLIENTCONF "remote $netsettings{'BLUE_1_ADDRESS'} \
$vpnsettings{'DDEST_PORT'}\r\n";
-
- if ($vpnsettings{'ENABLED_ORANGE_1'} eq 'on' && (&FW::haveOrangeNet())) {
- print CLIENTCONF "#Comment the above line and uncomment the next line, \
if you want to connect on the Orange interface\r\n";
- print CLIENTCONF ";remote $netsettings{'ORANGE_1_ADDRESS'} \
$vpnsettings{'DDEST_PORT'}\r\n";
- }
}
- elsif ($vpnsettings{'ENABLED_ORANGE_1'} eq 'on' && (&FW::haveOrangeNet())) {
- print CLIENTCONF "remote $netsettings{'ORANGE_1_ADDRESS'} \
$vpnsettings{'DDEST_PORT'}\r\n";
- }
if ($confighash{$cgiparams{'KEY'}}[4] eq 'cert' && -f \
"/var/ipcop/openvpn/certs/$confighash{$cgiparams{'KEY'}}[1].p12") {
print CLIENTCONF "pkcs12 $confighash{$cgiparams{'KEY'}}[1].p12\r\n";
@@ -1785,7 +1767,6 @@
%cgiparams = ();
$cgiparams{'ENABLED_RED_1'} = 'off';
$cgiparams{'ENABLED_BLUE_1'} = 'off';
-$cgiparams{'ENABLED_ORANGE_1'} = 'off';
$cgiparams{'DDEVICE'} = 'tun';
%cahash = ();
&General::readhash('/var/ipcop/openvpn/settings', \%cgiparams);
@@ -1828,9 +1809,6 @@
$checked{'ENABLED_BLUE_1'}{'off'} = '';
$checked{'ENABLED_BLUE_1'}{'on'} = '';
$checked{'ENABLED_BLUE_1'}{$cgiparams{'ENABLED_BLUE_1'}} = "checked='checked'";
-$checked{'ENABLED_ORANGE_1'}{'off'} = '';
-$checked{'ENABLED_ORANGE_1'}{'on'} = '';
-$checked{'ENABLED_ORANGE_1'}{$cgiparams{'ENABLED_ORANGE_1'}} = "checked='checked'";
$selected{'DDEVICE'}{'tun'} = '';
$selected{'DDEVICE'}{'tap'} = '';
$selected{'DDEVICE'}{$cgiparams{'DDEVICE'}} = "selected='selected'";
@@ -1906,10 +1884,6 @@
print "<tr><td class='base'>$Lang::tr{'openvpn on blue'}:</td>";
print "<td colspan='3'><input type='checkbox' name='ENABLED_BLUE_1' \
$checked{'ENABLED_BLUE_1'}{'on'} /></td></tr>"; }
-if (&FW::haveOrangeNet()) {
- print "<tr><td class='base'>$Lang::tr{'openvpn on orange'}:</td>";
- print "<td colspan='3'><input type='checkbox' name='ENABLED_ORANGE_1' \
$checked{'ENABLED_ORANGE_1'}{'on'} /></td></tr>";
-}
print <<END
<tr>
@@ -1969,7 +1943,7 @@
-e '/var/ipcop/private/dh1024.pem' &&
-e '/var/ipcop/certs/hostcert.pem' &&
-e '/var/ipcop/certs/hostkey.pem') &&
- ( ($cgiparams{'ENABLED_RED_1'} eq 'on') || ($cgiparams{'ENABLED_BLUE_1'} eq \
'on') || ($cgiparams{'ENABLED_ORANGE_1'} eq 'on'))) { + ( \
($cgiparams{'ENABLED_RED_1'} eq 'on') || \
($cgiparams{'ENABLED_BLUE_1'} eq 'on'))) {
print "<td width='25%'><input type='submit' name='ACTION' \
value='$Lang::tr{'start openvpn server'}' /></td>";
print "<td width='20%'><input type='submit' name='ACTION' \
value='$Lang::tr{'restart openvpn server'}' /></td>"; } else {
Modified: ipcop/trunk/src/libs/vpn-functions.pl
===================================================================
--- ipcop/trunk/src/libs/vpn-functions.pl 2009-12-22 11:48:11 UTC (rev 4033)
+++ ipcop/trunk/src/libs/vpn-functions.pl 2009-12-22 11:57:16 UTC (rev 4034)
@@ -133,12 +133,12 @@
if (defined($_[0])) {
$settings = shift;
- return (($settings->{'ENABLED_RED_1'} eq 'on') || \
($settings->{'ENABLED_BLUE_1'} eq 'on') || ($settings->{'ENABLED_ORANGE_1'} eq \
'on')); + return (($settings->{'ENABLED_RED_1'} eq 'on') || \
($settings->{'ENABLED_BLUE_1'} eq 'on')); }
else {
my %vpnsettings = ();
&General::readhash("/var/ipcop/ipsec/settings", \%vpnsettings);
- return (($vpnsettings{'ENABLED_RED_1'} eq 'on') || \
($vpnsettings{'ENABLED_BLUE_1'} eq 'on') || ($vpnsettings{'ENABLED_ORANGE_1'} eq \
'on')); + return (($vpnsettings{'ENABLED_RED_1'} eq 'on') || \
($vpnsettings{'ENABLED_BLUE_1'} eq 'on')); }
}
@@ -183,7 +183,7 @@
$interfaces .= "%defaultroute ";
$ipsec_counter++;
}
- for my $iface ('BLUE', 'ORANGE') {
+ for my $iface ('BLUE') {
if ($lvpnsettings{"ENABLED_${iface}_1"} eq 'on') {
$interfaces .= "ipsec$ipsec_counter=".$netsettings{"${iface}_1_DEV"}." \
"; $ipsec_counter++;
@@ -240,12 +240,6 @@
if ($lconfighash{$key}[26] eq 'BLUE') {
$localside = $netsettings{'BLUE_1_ADDRESS'};
}
- elsif ($lconfighash{$key}[26] eq 'GREEN') {
- $localside = $netsettings{'GREEN_1_ADDRESS'};
- }
- elsif ($lconfighash{$key}[26] eq 'ORANGE') {
- $localside = $netsettings{'ORANGE_1_ADDRESS'};
- }
else { # it is RED
$localside = $lvpnsettings{'VPN_IP'};
}
Modified: ipcop/trunk/src/misc-progs/ipsecctrl.c
===================================================================
--- ipcop/trunk/src/misc-progs/ipsecctrl.c 2009-12-22 11:48:11 UTC (rev 4033)
+++ ipcop/trunk/src/misc-progs/ipsecctrl.c 2009-12-22 11:57:16 UTC (rev 4034)
@@ -70,7 +70,7 @@
}
/*
- reserve room for ipsec0=red, ipsec1=green, ipsec2=orange, ipsec3=blue
+ reserve room for ipsec0=red, ipsec1=blue
*/
void add_alias_interfaces(int offset)
{
@@ -179,8 +179,7 @@
return 0;
}
- if (!(strcmp(*interface, "RED") == 0 || strcmp(*interface, "GREEN") == 0 ||
- strcmp(*interface, "ORANGE") == 0 || strcmp(*interface, "BLUE") == 0)) {
+ if (!((strcmp(*interface, "RED") == 0) || (strcmp(*interface, "BLUE") == 0))) {
fprintf(stderr, "Bad interface name: %s\n", *interface);
return 0;
}
@@ -378,9 +377,8 @@
/* Loop through the config file to find physical interface that will accept \
IPSEC */ int enable_red = 0; // states 0: not used
- int enable_green = 0; // 1: error condition
- int enable_orange = 0; // 2: good
- int enable_blue = 0;
+ int enable_blue = 0; // 1: error condition
+ // 2: good
size_t s_size = STRING_SIZE;
char *ptr;
FILE *file = NULL;
@@ -415,24 +413,6 @@
enable_red += 2;
}
- if (!enable_green && strcmp(interface, "GREEN") == 0) {
- enable_green = 1;
-
- if (ipcop_ethernet.count[GREEN])
- enable_green++;
- else
- fprintf(stderr, "IPsec enabled on green but green interface is \
invalid or not found\n");
- }
-
- if (!enable_orange && strcmp(interface, "ORANGE") == 0) {
- enable_orange = 1;
-
- if (ipcop_ethernet.count[ORANGE])
- enable_orange++;
- else
- fprintf(stderr, "IPsec enabled on orange but orange interface is \
invalid or not found\n");
- }
-
if (!enable_blue && strcmp(interface, "BLUE") == 0) {
enable_blue++;
@@ -446,7 +426,7 @@
fclose(file);
// do nothing if something is in error condition
- if ((enable_red == 1) || (enable_green == 1) || (enable_orange == 1) || \
(enable_blue == 1)) { + if ((enable_red == 1) || (enable_blue == 1)) {
verbose_printf(1, "Interface with error\n");
exit(1);
}
@@ -455,7 +435,7 @@
safe_system("/usr/local/bin/setfwrules --ipcop");
// exit if nothing to do
- if ((enable_red + enable_green + enable_orange + enable_blue) == 0) {
+ if ((enable_red + enable_blue) == 0) {
verbose_printf(1, "Nothing to do\n");
exit(0);
}
@@ -473,7 +453,7 @@
safe_system("/usr/sbin/ipsec tncfg --clear >/dev/null");
safe_system("/etc/rc.d/ipsec restart >/dev/null");
}
- add_alias_interfaces((enable_red + enable_green + enable_orange + \
enable_blue) >> 1); + add_alias_interfaces((enable_red + enable_blue) >> 1);
if (connection == NULL) {
safe_system("/usr/local/bin/vpn-watch --start");
exit(0);
Modified: ipcop/trunk/src/scripts/puzzleFwRules.pl
===================================================================
--- ipcop/trunk/src/scripts/puzzleFwRules.pl 2009-12-22 11:48:11 UTC (rev 4033)
+++ ipcop/trunk/src/scripts/puzzleFwRules.pl 2009-12-22 11:57:16 UTC (rev 4034)
@@ -922,10 +922,8 @@
# Avoid some "Use of initialized value in string eq at line xxx" messages
$ipsecSettings{'ENABLED_RED_1'} = 'off' if \
(!exists($ipsecSettings{'ENABLED_RED_1'}));
$ipsecSettings{'ENABLED_BLUE_1'} = 'off' if \
(!exists($ipsecSettings{'ENABLED_BLUE_1'}));
- $ipsecSettings{'ENABLED_ORANGE_1'} = 'off' if \
(!exists($ipsecSettings{'ENABLED_ORANGE_1'}));
$ovpnSettings{'ENABLED_RED_1'} = 'off' if \
(!exists($ovpnSettings{'ENABLED_RED_1'}));
$ovpnSettings{'ENABLED_BLUE_1'} = 'off' if \
(!exists($ovpnSettings{'ENABLED_BLUE_1'}));
- $ovpnSettings{'ENABLED_ORANGE_1'} = 'off' if \
(!exists($ovpnSettings{'ENABLED_ORANGE_1'}));
# Deny only those traffic which is open in vanila IPCop.
# Other traffic blocked by IPCop rules. So it is possible by using related, \
established connections @@ -1024,15 +1022,6 @@
if ($FW::interfaces{$inIface}{'COLOR'} =~ /^BLUE_COLOR$/) {
@ipcopServices = ('IPCop dns', 'IPCop ntp', 'IPCop proxy', 'Ping');
}
- # Some IPCop services for Orange
- if ($FW::interfaces{$inIface}{'COLOR'} =~ /^ORANGE_COLOR$/) {
- if ($ipsecSettings{'ENABLED_ORANGE_1'} eq 'on') {
- push(@ipcopServices, 'IPCop IPsec');
- }
- if ($ovpnSettings{'ENABLED_ORANGE_1'} eq 'on') {
- push(@ipcopServices, 'IPCop OpenVPN');
- }
- }
# Some IPCop services for IPsec and OpenVPN (no DHCP needed for VPN)
if ($FW::interfaces{$inIface}{'COLOR'} =~ /^IPSEC_COLOR|OVPN_COLOR$/) {
@ipcopServices = ('IPCop dns', 'IPCop ntp', 'IPCop proxy', 'Ping');
Modified: ipcop/trunk/updates/1.9.11/ROOTFILES.i486-1.9.11
===================================================================
--- ipcop/trunk/updates/1.9.11/ROOTFILES.i486-1.9.11 2009-12-22 11:48:11 UTC (rev \
4033)
+++ ipcop/trunk/updates/1.9.11/ROOTFILES.i486-1.9.11 2009-12-22 11:57:16 UTC (rev \
4034) @@ -17,6 +17,7 @@
/usr/lib/ipcop/scheduler-lib.pl
/usr/lib/ipcop/vpn-functions.pl
/usr/local/bin/installpackage
+/usr/local/bin/ipsecctrl
/usr/local/bin/red
/usr/local/bin/restartntpd
/usr/local/bin/puzzleFwRules.pl
This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.
------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic