diff --git a/usr/local/lib/default.bash b/usr/local/lib/default.bash
new file mode 100644
index 0000000..3eb2ad1
--- /dev/null
+++ b/usr/local/lib/default.bash
@@ -0,0 +1,239 @@
+#!/bin/bash
+
+if [[ "${DEFAULT_BASH}" != "" ]]
+then
+ return
+else
+ declare -g DEFAULT_BASH=1
+fi
+
+
+
+# Global Variable
+#-----------------------------------------------------------------------------------------------------------------------------------
+
+
+
+
+
+
+# Default Options
+#-----------------------------------------------------------------------------------------------------------------------------------
+
+shopt -s extglob
+
+
+
+
+
+# Print Version
+#-----------------------------------------------------------------------------------------------------------------------------------
+
+version_print()
+{
+ echo "$VERSION" | sed -e 's/.*: //' -e 's/-/ /' -e 's/_/\./g' -e 's/\$$//'
+}
+
+
+
+
+
+# Prin Help
+#-----------------------------------------------------------------------------------------------------------------------------------
+
+help_print()
+{
+ echo "${NAME} ${HELP}"
+
+}
+
+
+
+
+
+# Quote Str
+#-----------------------------------------------------------------------------------------------------------------------------------
+
+quote_str()
+{
+ local quoted=${1//\'/\'\\\'\'}
+ printf "'%s'" "$quoted"
+}
+
+
+
+
+
+# Escape Str
+#-----------------------------------------------------------------------------------------------------------------------------------
+
+escape_str()
+{
+ echo "$*" | sed -e "s/\"/\\\\\"/g"
+}
+
+
+
+
+
+# Line Echo
+#-----------------------------------------------------------------------------------------------------------------------------------
+
+line_echo()
+{
+ string="$1"
+ count="$2"
+
+ echo -en "\e[2K\r"
+
+ if [[ "${count}" != "" ]]
+ then
+ printf "%05d: %s" "${count}"
+ echo -en "${string}"
+ fi
+}
+
+
+
+
+
+# Err Echo
+#-----------------------------------------------------------------------------------------------------------------------------------
+
+err_echo()
+{
+ echo "$@" 1>&2
+}
+
+
+
+
+
+# Exec CMD
+#-----------------------------------------------------------------------------------------------------------------------------------
+
+exec_cmd()
+{
+ cmd="$1"
+
+
+ if [[ "${verbose}" == "true" ]]
+ then
+ echo "${cmd}" 1>&2
+ fi
+
+ if [[ "${dry_run}" != "true" ]]
+ then
+ eval "${cmd}"
+ fi
+}
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# tab_assign
+#--------------------------------------------------------------------------------------------------------------------------
+
+tab_assign()
+{
+ declare -n ta_tab=$1
+ ta_key=$2
+ ta_value=$3
+
+
+ if [[ "${ta_value}" == "-" ]]
+ then
+ ta_value=""
+ fi
+
+ ta_tab[${ta_key}]="${ta_value}"
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# var_assign
+#--------------------------------------------------------------------------------------------------------------------------
+
+var_assign()
+{
+ declare -n va_var=$1
+ va_value=$2
+ va_mode=$3
+
+
+ if [[ "${va_value}" == "-" ]]
+ then
+ va_value=""
+ fi
+
+ if [[ "${va_mode}" == "INC" ]]
+ then
+ va_var="${va_var} ${va_value}"
+ else
+ va_var="${va_value}"
+ fi
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# file_lock
+#--------------------------------------------------------------------------------------------------------------------------
+
+file_lock()
+{
+ fl_file="$1"
+ fl_mode="$2"
+ fl_desc="$3"
+
+
+ if [[ ( "${fl_mode}" == "EXCLUSIVE" ) || ( "${fl_mode}" == "WRITE" ) ]]
+ then
+ fl_flag="-x"
+ else
+ fl_flag="-s"
+ fi
+
+ if [[ "${fl_desc}" == "" ]]
+ then
+ fl_desc="9"
+ fi
+
+
+ eval "exec ${fl_desc}<>\"\${fl_file}\""
+
+ if ! flock ${fl_flag} -w 5 ${fl_desc}
+ then
+ err_echo "Failed to acquire read lock on: [${file}]"
+ exit 1
+ fi
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# file_unlock
+#--------------------------------------------------------------------------------------------------------------------------
+
+file_unlock()
+{
+ fu_desc="$1"
+
+
+ if [[ "${fu_desc}" == "" ]]
+ then
+ fu_desc="9"
+ fi
+
+
+ eval "exec ${fl_desc}<&-"
+ eval "exec ${fl_desc}>&-"
+}
diff --git a/usr/local/lib/dns.bash b/usr/local/lib/dns.bash
new file mode 100644
index 0000000..e5d3970
--- /dev/null
+++ b/usr/local/lib/dns.bash
@@ -0,0 +1,258 @@
+#!/bin/bash
+
+if [[ "${DNS_BASH}" != "" ]]
+then
+ return
+else
+ declare -g DNS_BASH=1
+fi
+
+
+
+# Includes
+#-----------------------------------------------------------------------------------------------------------------------------------
+
+. /usr/global/lib/default.bash
+
+
+
+#[ -e /var/cache/dns.cache ] && . /var/cache/dns.cache
+
+
+
+
+
+# Global Variable
+#-----------------------------------------------------------------------------------------------------------------------------------
+
+declare -Ag DNS_A_TAB
+declare -g DNS_A_ID_LIST
+
+declare -Ag DNS_PTR_TAB
+declare -g DNS_PTR_ID_LIST
+
+declare -g DNS_CACHE_FILE="/var/cache/dns.cache"
+declare -g DNS_CACHE_LOCK="/var/lock/network/dns.lock"
+#declare -g DNS_CACHE_LOCK="${DNS_CACHE_FILE}"
+
+declare -g DNS_CACHE_UPDATED=0
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# dns_tab_load
+#--------------------------------------------------------------------------------------------------------------------------
+
+dns_tab_load()
+{
+ file_lock "${DNS_CACHE_LOCK}" READ 9
+
+ if [[ ( -e "${DNS_CACHE_FILE}" ) && ( "${NETWORK_CONFIG_FILE}" -ot "${DNS_CACHE_FILE}" ) ]]
+ then
+ ${LOG} 1>&2 "DNS: Read CacheFile"
+
+ while IFS= read -r line
+ do
+ line=${line%%#*}
+ if [[ ! -z "$line" ]]
+ then
+ set ${line}
+
+ dtl_type="$1"
+ dtl_key="$2"
+ dtl_value="$3"
+
+ dns_tab_put ${dtl_type} "${dtl_key}" "${dtl_value}"
+ fi
+ done < ${DNS_CACHE_FILE}
+ else
+ ${LOG} 1>&2 "DNS: Init CacheFile"
+
+ >${DNS_CACHE_FILE}
+ fi
+
+ file_unlock 9
+
+ DNS_CACHE_UPDATED=0
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# dns_tab_save
+#--------------------------------------------------------------------------------------------------------------------------
+
+dns_tab_save()
+{
+ if [[ "${DNS_CACHE_UPDATED}" != "0" ]]
+ then
+ file_lock "${DNS_CACHE_LOCK}" WRITE 9
+
+ ${LOG} 1>&2 "DNS: Write CacheFile"
+
+ (
+ for key in "${!DNS_A_TAB[@]}"
+ do
+ echo "A ${key} ${DNS_A_TAB[${key}]}"
+ done
+
+ for key in "${!DNS_PTR_TAB[@]}"
+ do
+ echo "PTR ${key} ${DNS_PTR_TAB[${key}]}"
+ done
+ ) | sort -n >${DNS_CACHE_FILE}
+
+ file_unlock 9
+
+ DNS_CACHE_UPDATED=0
+ fi
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# dns_tab_get
+#--------------------------------------------------------------------------------------------------------------------------
+
+dns_tab_get()
+{
+ dns_type="$1"
+ dns_key="$2"
+
+
+ case ${dns_type}
+ in
+ "A")
+ if [[ -v DNS_A_TAB["${dns_key}"] ]]
+ then
+ dns_value="${DNS_A_TAB["${dns_key}"]}"
+ else
+ ${LOG} "DNS: Lookup failed: Type: [${dns_type}] Key: [${dns_key}]"
+ return 1
+ fi
+ ;;
+
+ "PTR")
+ if [[ -v DNS_PTR_TAB["${dns_key}"] ]]
+ then
+ dns_value="${DNS_PTR_TAB["${dns_key}"]}"
+ else
+ ${LOG} "DNS: Lookup failed: Type: [${dns_type}] Key: [${dns_key}]"
+ return 1
+ fi
+ ;;
+ esac
+
+ ${LOG} "DNS: Lookup succeed: Type: [${dns_type}] Key: [${dns_key}] Value: [${dns_value}]"
+
+ return 0
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# dns_tab_put
+#--------------------------------------------------------------------------------------------------------------------------
+
+dns_tab_put()
+{
+ dtp_type="$1"
+ dtp_key="$2"
+ dtp_value="$3"
+
+
+ ${LOG} 1>&2 "DNS: Update cache entry: Type: [${dtp_type}] Key: [${dtp_key}] Value: [${dtp_value}]"
+
+ var_assign DNS_${dtp_type}_ID_LIST "${dtp_key}" INC
+ tab_assign DNS_${dtp_type}_TAB "${dtp_key}" "${dtp_value}"
+
+ DNS_CACHE_UPDATED=1
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# dns_lookup
+#--------------------------------------------------------------------------------------------------------------------------
+
+dns_lookup()
+{
+ dl_type="$1"
+ dl_key="$2"
+ dl_flag="$3"
+
+
+ if [[ "${dl_flag}" != "NOCACHE" ]]
+ then
+ dns_tab_get ${dl_type} ${dl_key}
+ else
+ false
+ fi
+
+ if [[ "$?" != "0" ]]
+ then
+ ${LOG} "DNS: Out of Cache: Type: [${dl_type}] Key: [${dl_key}] Flag: [${dl_flag}]"
+
+ case ${dl_type}
+ in
+ "A")
+ dns_value="$( dig +short ${dl_key} 2>/dev/null)"
+ ;;
+
+ "PTR")
+ dns_value="$( dig +short -x ${dl_key} 2>/dev/null)"
+ dns_value="${dns_value%.}"
+ ;;
+ esac
+
+ if [[ "${dl_flag}" != "NOCACHE" ]]
+ then
+ dns_tab_put "${dl_type}" "${dl_key}" "${dns_value}"
+ fi
+ fi
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# dns_tab_dump
+#--------------------------------------------------------------------------------------------------------------------------
+
+dns_tab_dump()
+{
+ echo "DNS_A_ID_LIST: [${DNS_A_ID_LIST}]"
+ echo
+
+ echo "DNS_A_TAB:"
+
+ for key in "${!DNS_A_TAB[@]}"
+ do
+ echo "[${key}]: [${DNS_A_TAB[${key}]}]"
+ done | sort -n
+
+ echo
+
+ echo "DNS_PTR_ID_LIST: [${DNS_PTR_ID_LIST}]"
+ echo
+
+ echo "DNS_PTR_TAB:"
+
+ for key in "${!DNS_PTR_TAB[@]}"
+ do
+ echo "[${key}]: [${DNS_PTR_TAB[${key}]}]"
+ done | sort -n
+
+ echo
+}
diff --git a/usr/local/lib/network.bash b/usr/local/lib/network.bash
new file mode 100644
index 0000000..de1d697
--- /dev/null
+++ b/usr/local/lib/network.bash
@@ -0,0 +1,692 @@
+#!/bin/bash
+
+if [[ "${NETWORK_BASH}" != "" ]]
+then
+ return
+fi
+
+
+
+# Includes
+#-----------------------------------------------------------------------------------------------------------------------------------
+
+. /usr/global/lib/default.bash
+. /usr/global/lib/dns.bash
+
+
+
+
+
+# Global Variable
+#-----------------------------------------------------------------------------------------------------------------------------------
+
+declare -g NETWORK_BASH=1
+
+declare -g NETWORK_OPENVPN_STATUS
+
+declare -g NETWORK_SRC_TYPE
+declare -Ag NETWORK_SRC_TAB
+declare -g NETWORK_SRC_ID_LIST
+declare -Ag NETWORK_SRC_IP_IDX
+
+declare -g NETWORK_DST_TYPE
+declare -Ag NETWORK_DST_TAB
+declare -g NETWORK_DST_ID_LIST
+
+declare -g NETWORK_CONFIG_FILE="/etc/sysconfig/rx3-network"
+declare -g NETWORK_CONFIG_LOCK="/var/lock/network/rx3-network"
+#declare -g NETWORK_CONFIG_LOCK="${NETWORK_CONFIG_FILE}"
+
+
+
+
+file_lock ${NETWORK_CONFIG_LOCK} READ 9
+
+[ -e "${NETWORK_CONFIG_FILE}" ] && . "${NETWORK_CONFIG_FILE}"
+
+file_unlock 9
+
+
+if [ ! -v LOG ]
+then
+ LOG=":"
+fi
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# network_common_load
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_common_load()
+{
+ NETWORK_OPENVPN_STATUS="$( sudo /usr/local/sbin/openvpn-status)"
+ NETWORK_TABLE_LIST=""
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# network_common_dump
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_common_dump()
+{
+ echo "NETWORK_OPENVPN_STATUS: [${NETWORK_OPENVPN_STATUS}]"
+ echo
+ echo "NETWORK_TABLE_LIST: [${NETWORK_TABLE_LIST}]"
+ echo
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# network_dst_tab_load
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_dst_tab_load()
+{
+ ndtl_id=0
+
+
+ while IFS= read -r line
+ do
+ line=${line%%#*}
+ if [[ ! -z "$line" ]]
+ then
+ set ${line}
+
+ ndtl_name="$1"
+ ndtl_type="$2"
+ ndtl_device="$3"
+ ndtl_config="$4"
+ ndtl_table="$5"
+
+ var_assign NETWORK_DST_ID_LIST "${ndtl_id}" INC
+
+ tab_assign NETWORK_DST_TAB "${ndtl_id},Name" "${ndtl_name}"
+ tab_assign NETWORK_DST_TAB "${ndtl_id},Type" "${ndtl_type}"
+ tab_assign NETWORK_DST_TAB "${ndtl_id},Device" "${ndtl_device}"
+ tab_assign NETWORK_DST_TAB "${ndtl_id},Config" "${ndtl_config}"
+ tab_assign NETWORK_DST_TAB "${ndtl_id},Table" "${ndtl_table}"
+
+ var_assign NETWORK_TABLE_LIST "${ndtl_table}" INC
+
+ tab_assign NETWORK_DST_TAB "${ndtl_id},Status" "$( ip link show dev ${ndtl_device} 2>/dev/null | grep -q ",UP," && echo 1 || echo 0)"
+
+ dns_lookup A vpn${ndtl_id}.vpn.rx3 "NOCACHE"
+ tab_assign NETWORK_DST_TAB "${ndtl_id},IP" "${dns_value}"
+
+ case "${ndtl_type}"
+ in
+ "0")
+ set $(ip -s link show ${ndtl_device} 2>/dev/null ) &>/dev/null
+
+ ndtl_bytes_received="$( echo ${27} | numfmt --to=iec-i --suffix=B)"
+ ndtl_bytes_sent="$( echo ${40} | numfmt --to=iec-i --suffix=B)"
+ ndtl_uptime=""
+ ;;
+
+ "1")
+ set $( echo "${NETWORK_OPENVPN_STATUS}" | grep ${ndtl_device}) &>/dev/null
+
+# i=1; while [[ $i -lt 50 ]]; do eval "val=\${$i}"; echo "($i):[${val}]" 1>&2; i=$(( $i + 1)); done
+
+ ndtl_bytes_received="$( echo ${18/bytes,} | numfmt --to=iec-i --suffix=B)"
+ ndtl_bytes_sent="$( echo ${22/bytes,} | numfmt --to=iec-i --suffix=B)"
+ ndtl_start_date="$( grep "ext-client-${ndtl_device}.conf" /var/log/rx3-vpn.status 2>/dev/null | sed -e "s/.*Date: \[//" -e "s/\].*//")"
+
+ if [[ "${ndtl_start_date}" == "" ]]
+ then
+ ndtl_uptime=""
+ else
+ ndtl_uptime=$( echo "$(($(date +%s) - $(date -d "${ndtl_start_date}" +%s)))" | awk '{days = int($1/86400); print days " day" (( days > 1 ) ? "s" : "") strftime(" %H:%M:%S", $1,1)}')
+ fi
+ ;;
+ esac
+
+ tab_assign NETWORK_DST_TAB "${ndtl_id},Bytes_Received" "${ndtl_bytes_received}"
+ tab_assign NETWORK_DST_TAB "${ndtl_id},Bytes_Sent" "${ndtl_bytes_sent}"
+ tab_assign NETWORK_DST_TAB "${ndtl_id},Uptime" "${ndtl_uptime}"
+
+ ndtl_id=$(( ${ndtl_id} + 1))
+ fi
+ done <<< ${NETWORK_DST_CONFIG}
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# network_dst_tab_get
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_dst_tab_get()
+{
+ dst_id="$1"
+
+ dst_name=${NETWORK_DST_TAB["${dst_id},Name"]}
+ dst_type=${NETWORK_DST_TAB["${dst_id},Type"]}
+ dst_device=${NETWORK_DST_TAB["${dst_id},Device"]}
+ dst_config=${NETWORK_DST_TAB["${dst_id},Config"]}
+ dst_table=${NETWORK_DST_TAB["${dst_id},Table"]}
+
+ dst_status=${NETWORK_DST_TAB["${dst_id},Status"]}
+ dst_ip=${NETWORK_DST_TAB["${dst_id},IP"]}
+ dst_bytes_received=${NETWORK_DST_TAB["${dst_id},Bytes_Received"]}
+ dst_bytes_sent=${NETWORK_DST_TAB["${dst_id},Bytes_Sent"]}
+ dst_start_date=${NETWORK_DST_TAB["${dst_id},Start_Date"]}
+ dst_uptime=${NETWORK_DST_TAB["${dst_id},Uptime"]}
+
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# network_dst_tab_dump
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_dst_tab_dump()
+{
+ echo "NETWORK_DST_ID_LIST: [${NETWORK_DST_ID_LIST}]"
+ echo
+
+ echo "NETWORK_DST_TAB:"
+
+ for key in "${!NETWORK_DST_TAB[@]}"
+ do
+ echo "[${key}]: [${NETWORK_DST_TAB[${key}]}]"
+ done | sort -n
+
+ echo
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# network_src_tab_load
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_src_tab_load()
+{
+ nstl_id=0
+ nstl_port_default=3000
+
+
+ while IFS= read -r line
+ do
+ line=${line%%#*}
+ if [[ ! -z "$line" ]]
+ then
+ set ${line}
+
+ nstl_ip="$1"
+ nstl_type="$2"
+ nstl_owner="$3"
+ nstl_table="$4"
+ nstl_port_start="$5"
+ nstl_port_range="$6"
+
+ if [[ "${nstl_port_start}" == "-" ]]
+ then
+ nstl_port_start=${nstl_port_default}
+ fi
+
+ dns_lookup PTR ${nstl_ip}
+ nstl_name="${dns_value}"
+
+ case "${nstl_type}"
+ in
+ "0")
+ nstl_device=""
+ nstl_status="2"
+
+ nstl_bytes_received=""
+ nstl_bytes_sent=""
+ nstl_uptime=""
+ nstl_last_seen=""
+ ;;
+
+ "1")
+ nstl_device="tun0"
+ nstl_status_line="$( echo "${NETWORK_OPENVPN_STATUS}" | grep "${nstl_device}.log: CLIENT_LIST.*${nstl_ip},")"
+
+ if [[ "${nstl_status_line}" == "" ]]
+ then
+ nstl_status="0"
+ nstl_bytes_received=""
+ nstl_bytes_sent=""
+ nstl_start_date=""
+ nstl_uptime=""
+ nstl_last_seen="$( stat -c "%x" /etc/openvpn/status/${nstl_name}.status 2>/dev/null | sed -e 's/\..*//')"
+
+ else
+ nstl_status="1"
+
+ IFS=,
+ set ${nstl_status_line} &>/dev/null
+ unset IFS
+
+ nstl_bytes_received=$( echo ${6} | numfmt --to=iec-i --suffix=B)
+ nstl_bytes_sent=$( echo ${7} | numfmt --to=iec-i --suffix=B)
+ nstl_start_date=${8}
+ nstl_uptime=$( echo "$(($(date +%s) - $(date -d "${nstl_start_date}" +%s)))" | awk '{days = int($1/86400); print days " day" (( days > 1 ) ? "s" : "") strftime(" %H:%M:%S", $1,1)}')
+ nstl_last_seen="$(stat -c "%x" /etc/openvpn/status/${nstl_name}.status 2>/dev/null | sed -e 's/\..*//')"
+ fi
+ ;;
+ esac
+
+ if [[ " ${NETWORK_TABLE_LIST} " != *" ${nstl_table} "* ]]
+ then
+ err_echo "Invalid table number: [${nstl_table}] in network src entry: [${nstl_id}]!"
+ exit 1
+ fi
+
+
+ var_assign NETWORK_SRC_ID_LIST "${nstl_id}" INC
+
+ tab_assign NETWORK_SRC_TAB "${nstl_id},IP" "${nstl_ip}"
+ tab_assign NETWORK_SRC_TAB "${nstl_id},Name" "${nstl_name}"
+ tab_assign NETWORK_SRC_TAB "${nstl_id},Type" "${nstl_type}"
+ tab_assign NETWORK_SRC_TAB "${nstl_id},Owner" "${nstl_owner}"
+ tab_assign NETWORK_SRC_TAB "${nstl_id},Table" "${nstl_table}"
+ tab_assign NETWORK_SRC_TAB "${nstl_id},Port_Start" "${nstl_port_start}"
+ tab_assign NETWORK_SRC_TAB "${nstl_id},Port_Range" "${nstl_port_range}"
+
+ tab_assign NETWORK_SRC_TAB "${nstl_id},Status" "${nstl_status}"
+ tab_assign NETWORK_SRC_TAB "${nstl_id},Bytes_Received" "${nstl_bytes_received}"
+ tab_assign NETWORK_SRC_TAB "${nstl_id},Bytes_Sent" "${nstl_bytes_sent}"
+ tab_assign NETWORK_SRC_TAB "${nstl_id},Uptime" "${nstl_uptime}"
+ tab_assign NETWORK_SRC_TAB "${nstl_id},Last_Seen" "${nstl_last_seen}"
+
+ tab_assign NETWORK_SRC_IP_IDX "${nstl_ip}" "${nstl_id}"
+
+ nstl_id=$(( ${nstl_id} + 1))
+ nstl_port_default=$(( ${nstl_port_start} + ${nstl_port_range}))
+ fi
+ done <<< ${NETWORK_SRC_CONFIG}
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# network_src_tab_get
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_src_tab_get()
+{
+ src_id="$1"
+
+ src_ip=${NETWORK_SRC_TAB["${src_id},IP"]}
+ src_name=${NETWORK_SRC_TAB["${src_id},Name"]}
+ src_type=${NETWORK_SRC_TAB["${src_id},Type"]}
+ src_owner=${NETWORK_SRC_TAB["${src_id},Owner"]}
+ src_table=${NETWORK_SRC_TAB["${src_id},Table"]}
+ src_port_start=${NETWORK_SRC_TAB["${src_id},Port_Start"]}
+ src_port_range=${NETWORK_SRC_TAB["${src_id},Port_Range"]}
+
+ if [[ "${src_port_range}" != "0" ]]
+ then
+ src_port_end=$(( ${src_port_start} + ${src_port_range} - 1))
+ else
+ src_port_start=""
+ src_port_end=""
+ fi
+
+ src_status=${NETWORK_SRC_TAB["${src_id},Status"]}
+ src_bytes_received=${NETWORK_SRC_TAB["${src_id},Bytes_Received"]}
+ src_bytes_sent=${NETWORK_SRC_TAB["${src_id},Bytes_Sent"]}
+ src_start_date=${NETWORK_SRC_TAB["${src_id},Start_Date"]}
+ src_uptime=${NETWORK_SRC_TAB["${src_id},Uptime"]}
+ src_last_seen=${NETWORK_SRC_TAB["${src_id},Last_Seen"]}
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# network_src_tab_dump
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_src_tab_dump()
+{
+ echo "NETWORK_SRC_ID_LIST: [${NETWORK_SRC_ID_LIST}]"
+ echo
+
+ echo "NETWORK_SRC_IP_IDX:"
+
+ for key in "${!NETWORK_SRC_IP_IDX[@]}"
+ do
+ echo "[${key}]: [${NETWORK_SRC_IP_IDX[${key}]}]"
+ done | sort -n
+
+ echo
+
+ echo "NETWORK_SRC_TAB:"
+
+ for key in "${!NETWORK_SRC_TAB[@]}"
+ do
+ echo "[${key}]: [${NETWORK_SRC_TAB[${key}]}]"
+ done | sort -n
+
+ echo
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# network_src_tab_ip_lookup
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_src_tab_ip_lookup()
+{
+ src_ip="$1"
+
+ src_id=${NETWORK_SRC_IP_IDX["${src_ip}"]}
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# network_tab_load
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_tab_load()
+{
+ dns_tab_load
+
+ network_common_load
+
+ network_dst_tab_load
+ network_src_tab_load
+
+ dns_tab_save
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# network_tab_dump
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_tab_dump()
+{
+ dns_tab_dump
+
+ network_common_dump
+
+ network_dst_tab_dump
+ network_src_tab_dump
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# network_table_init
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_table_init()
+{
+ ${LOG} "Add Rx3 routes in VPN tables"
+
+ for table in ${TABLE_LIST}
+ do
+ for route in ${IP_ROUTE}
+ do
+ ${DEBUG} ip route add ${route/:*/} table ${table} dev ${route/*:/}
+ done
+ done
+
+
+ ${LOG} "Copy main default rule into table 3 (VPN Local routing table)"
+
+ if [[ "$(ip route list match 0.0.0.0 table main)" != "" ]]
+ then
+ ${DEBUG} ip route add $(ip route list match 0.0.0.0 table main) table 3
+ fi
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# network_table_deinit
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_table_deinit()
+{
+ ${LOG} "Remove default route in table 3"
+
+ ${DEBUG} ip route del default table 3
+
+
+ ${LOG} "Remove Rx3 routes in VPN tables"
+
+ for table in ${TABLE_LIST}
+ do
+ for route in ${IP_ROUTE}
+ do
+ ${DEBUG} ip route del ${route/:*/} table ${table} dev ${route/*:/} 2>/dev/null
+ done
+ done
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# network_table_set
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_table_set()
+{
+ nts_ip=$1
+ nts_table=$2
+
+ network_src_tab_ip_lookup "${nts_ip}"
+
+ if [[ "${src_id}" == "" ]]
+ then
+ err_echo "IP not found: [${nts_ip}]!"
+ return 1
+ fi
+
+ if [[ " ${NETWORK_TABLE_LIST} " != *" ${nts_table} "* ]]
+ then
+ err_echo "Table not found: [${nts_table}]!"
+ return 1
+ fi
+
+
+ tab_assign NETWORK_SRC_TAB "${src_id},Table" "${ts_table}"
+
+
+ ${DEBUG} sed "/^NETWORK_SRC_CONFIG=\"/,/^\"/ { s/^\(${nts_ip//./\\.}[[:space:]]\+\([^\t ]\+[[:space:]]\+\)\{2\}\)[^[:space:]]\+/\1${nts_table}/ }" -i ${NETWORK_CONFIG_FILE}
+
+ ${DEBUG} ip rule del from ${nts_ip} 2>/dev/null
+ ${DEBUG} ip rule add from ${nts_ip} table ${nts_table}
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# network_forward_add
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_forward_add()
+{
+ nfa_ip=$1
+ nfa_port_start=$2
+ nfa_port_end=$3
+
+
+ ${DEBUG} iptables -t nat -A PREROUTING-VPN -p tcp -m tcp --dport ${nfa_port_start}:${nfa_port_end} -j DNAT --to ${nfa_ip}
+ ${DEBUG} iptables -t nat -A PREROUTING-VPN -p udp -m udp --dport ${nfa_port_start}:${nfa_port_end} -j DNAT --to ${nfa_ip}
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# network_forward_remove
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_forward_remove()
+{
+ nfr_ip=$1
+ nfr_port_start=$2
+ nfr_port_end=$3
+
+ ${DEBUG} iptables -t nat -D PREROUTING-VPN -p tcp -m tcp --dport ${nfr_port_start}:${nfr_port_end} -j DNAT --to ${nfr_ip}
+ ${DEBUG} iptables -t nat -D PREROUTING-VPN -p udp -m udp --dport ${nfr_port_start}:${nfr_port_end} -j DNAT --to ${nfr_ip}
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# network_forward_start
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_forward_start()
+{
+ ${LOG} "Create VPN forward chain"
+
+ ${DEBUG} iptables -t nat -N PREROUTING-VPN
+
+
+ ${LOG} "Add jump rule for VPN"
+
+ for dst_id in ${NETWORK_DST_ID_LIST}
+ do
+ network_dst_tab_get ${dst_id}
+
+ if [[ "${dst_type}" != "0" ]]
+ then
+ ${DEBUG} iptables -t nat -A PREROUTING -i ${dst_device} -j PREROUTING-VPN
+ fi
+ done
+
+
+ ${LOG} "Add VPN client addresse rules"
+
+ for src_id in ${NETWORK_SRC_ID_LIST}
+ do
+ network_src_tab_get ${src_id}
+
+ ${DEBUG} ip rule add from ${src_ip} table ${src_table}
+
+ if [[ "${src_port_range}" != "0" ]]
+ then
+ network_forward_add "${src_ip}" "${src_port_start}" "${src_port_end}"
+ fi
+ done
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# network_forward_stop
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_forward_stop()
+{
+ ${LOG} "Remove VPN client addresse rules"
+
+ for src_id in ${NETWORK_SRC_ID_LIST}
+ do
+ network_src_tab_get ${src_id}
+
+ ${DEBUG} ip rule del from ${src_ip} 2>/dev/null
+
+ if [[ "${src_port_range}" != "0" ]]
+ then
+ network_forward_remove "${src_ip}" "${src_port_start}" "${src_port_end}"
+ fi
+ done
+
+
+ ${LOG} "Remove Jump rule for VPN"
+
+ for dst_id in ${NETWORK_DST_ID_LIST}
+ do
+ network_dst_tab_get ${dst_id}
+
+ if [[ "${dst_type}" != "0" ]]
+ then
+ ${DEBUG} iptables -t nat -D PREROUTING -i ${dst_device} -j PREROUTING-VPN
+ fi
+ done
+
+
+ ${LOG} "Delete VPN forward chain"
+
+ ${DEBUG} iptables -t nat -X PREROUTING-VPN
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# network_status
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_status()
+{
+ echo "Rules:"
+
+ ip rule show
+ echo
+
+ if [[ "${NETWORK_TABLE_LIST}" == "" ]]
+ then
+ echo "Network table list empty"
+ echo
+ else
+ for table in ${NETWORK_TABLE_LIST}
+ do
+ echo "Table ${table}:"
+
+ ip route list table ${table}
+ echo
+ done
+ fi
+
+ echo "Forward:"
+
+ iptables -t nat -L PREROUTING -v -n
+ echo
+
+ iptables -t nat -L PREROUTING-VPN -v -n
+}
diff --git a/usr/local/sbin/rx3_net_adm b/usr/local/sbin/rx3_net_adm
new file mode 100755
index 0000000..1a50f17
--- /dev/null
+++ b/usr/local/sbin/rx3_net_adm
@@ -0,0 +1,181 @@
+#!/bin/bash
+
+RETVAL=0
+prog="rx3-net"
+
+#DEBUG=""
+DEBUG="echo"
+#DEBUG=":"
+
+LOG=":"
+#LOG="echo"
+
+
+
+# Includes
+#-----------------------------------------------------------------------------------------------------------------------------------
+
+. /usr/local/lib/network.bash
+
+
+
+# Some functions to make the below more readable
+
+#--------------------------------------------------------------------------------------------------------------------------
+# Rx3-Start
+#--------------------------------------------------------------------------------------------------------------------------
+
+rx3-start()
+{
+ network_table_init
+
+ network_forward_start
+}
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# Rx3-Stop
+#--------------------------------------------------------------------------------------------------------------------------
+
+rx3-stop()
+{
+ network_forward_stop
+
+ network_table_deinit
+
+ return 0
+}
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# Start
+#--------------------------------------------------------------------------------------------------------------------------
+
+start()
+{
+ echo "Starting..."
+
+ if [ -r /var/lock/subsys/rx3-net ]
+ then
+ echo "already started"
+ RETVAL=0
+ else
+ rx3-start
+
+ RETVAL=$?
+ [ "$RETVAL" = 0 ] && touch /var/lock/subsys/rx3-net
+ fi
+
+ echo
+}
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# Stop
+#--------------------------------------------------------------------------------------------------------------------------
+
+stop()
+{
+ echo "Stopping..."
+
+ if [ -r /var/lock/subsys/rx3-net ]
+ then
+ rx3-stop
+
+ RETVAL=$?
+ else
+ echo "already stopped"
+ RETVAL=0
+ fi
+
+ [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/rx3-net
+
+ echo
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# Status
+#--------------------------------------------------------------------------------------------------------------------------
+
+status()
+{
+ network_status
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# Dump
+#--------------------------------------------------------------------------------------------------------------------------
+
+dump()
+{
+ network_tab_dump
+}
+
+
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# Table-Set ()
+#--------------------------------------------------------------------------------------------------------------------------
+
+table_set()
+{
+ echo "Setting ip:$1 table:$2"
+
+ network_table_set $1 $2
+}
+
+
+
+#--------------------------------------------------------------------------------------------------------------------------
+# Main
+#--------------------------------------------------------------------------------------------------------------------------
+
+network_tab_load
+
+case "$1" in
+ start)
+ start
+ ;;
+
+ stop)
+ stop
+ ;;
+
+ restart)
+ stop
+ sleep 1
+ start
+ ;;
+
+ status)
+ status
+ ;;
+
+ dump)
+ dump
+ ;;
+
+ table_set)
+ table_set $2 $3
+ ;;
+
+ *)
+ echo "Usage: $0 {start|stop|restart|status|dump|table_set}"
+ RETVAL=1
+ ;;
+esac
+
+exit $RETVAL
diff --git a/var/www/cgi-bin/vpn-admin_board.cgi b/var/www/cgi-bin/vpn-admin_board.cgi
index 45f3ed7..f7a4186 100755
--- a/var/www/cgi-bin/vpn-admin_board.cgi
+++ b/var/www/cgi-bin/vpn-admin_board.cgi
@@ -2,90 +2,10 @@
time_in=$(date +%s%N)
-. /etc/sysconfig/rx3-net
-. /etc/sysconfig/rx3-vpn
+. /usr/local/lib/network.bash
-CGI_NAME="vpn-admin_board.cgi"
-VPN_TYPE[0]="IPSec"
-VPN_TYPE[1]="OpenVPN"
-VPN_TYPE[2]="L2TP"
-VPN_TYPE[3]="PPTP"
-VPN_TYPE[4]="NoVPN"
-
-
-
-
-
-#--------------------------------------------------------------------------------------------------------------------------
-# Lookup Source IP ()
-#--------------------------------------------------------------------------------------------------------------------------
-
-Lookup_Src_IP ()
-{
- lo_id=0
-
- for lo_blk in ${IP_SRC_SN}
- do
- OIFS=${IFS}
- IFS=:
- set ${lo_blk}
- lo_ip=$1
- lo_table=$2
- lo_owner=$3
- lo_type=$4
- IFS=${OIFS}
-
- echo "${lo_ip}:${lo_table}:${lo_owner}:${lo_type}:${lo_type}:sn:${lo_id}"
-
- lo_id=$((${lo_id}+1))
- done
-
- for lo_blk in ${IP_SRC_PTP}
- do
- OIFS=${IFS}
- IFS=:
- set ${lo_blk}
- lo_id=$1
- lo_table=$2
- lo_owner=$3
- lo_forward=$4
- IFS=${OIFS}
-
- for lo_type in 1 2 3
- do
- echo "${IP_PREFIX}.${lo_type}.${lo_id}:${lo_table}:${lo_owner}:${lo_type}:${lo_forward}:ptp:${lo_id}"
- done
- done
-}
-
-
-
-#--------------------------------------------------------------------------------------------------------------------------
-# Lookup Owner ()
-#--------------------------------------------------------------------------------------------------------------------------
-
-Lookup_Owner ()
-{
- for lo_blk in $(Lookup_Src_IP)
- do
- OIFS=${IFS}
- IFS=:
- set ${lo_blk}
- lo_ip=$1
- lo_table=$2
- lo_owner=$3
- lo_type=$4
- IFS=${OIFS}
-
- if [[ "${ip}" == "${lo_ip}" ]]
- then
- echo ${lo_owner}
- fi
- done
-}
-
#--------------------------------------------------------------------------------------------------------------------------
@@ -96,52 +16,52 @@ Header_Print ()
{
case "${format}"
in
- "html")
+ "html")
echo "Content-type: text/html"
- echo ""
+ echo ""
- echo ""
- echo ""
- echo " "
- echo " Rx3 VPN Admin Board "
- else
- echo " Rx3 VPN Admin Board: ${cmd_status} "
- fi
-
- if [[ "${redirect}" != "" ]]
- then
- echo " Rx3 VPN Admin Board "
+ else
+ echo " Rx3 VPN Admin Board: ${cmd_status} "
+ fi
+
+ if [[ "${redirect}" != "" ]]
+ then
+ echo " "
- echo "
"
- echo ""
- echo " External VPN Status Board "
- echo ""
- echo " "
+ echo " "
+ echo "
"
+ echo ""
else
- echo ""
+ echo ""
fi
}
#--------------------------------------------------------------------------------------------------------------------------
-# VPN Routing Board Line
+# Source Routing Board Line
#--------------------------------------------------------------------------------------------------------------------------
-VPN_Routing_Board_Line()
+Source_Routing_Board_Line()
{
- if [[ ( "${filter}" == "") || ( "${filter}" == "owner") || ( "${filter}" == "${owner}") ]]
+ src_id=$1
+
+ network_src_tab_get ${src_id}
+
+ if [[ ( "${filter}" == "") || ( "${filter}" == "owner") || ( "${filter}" == "${src_owner}") ]]
then
- if [[ "${REMOTE_USER}" == "${owner}" ]]
- then
- class="default"
- else
- if [[ "${filter}" == "owner" ]]
- then
- class="skip"
- else
- class="dark"
- fi
- fi
+ if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
+ then
+ class="default"
+ else
+ if [[ "${filter}" == "owner" ]]
+ then
+ class="skip"
+ else
+ class="dark"
+ fi
+ fi
else
- class="skip"
+ # filter == user not owner of this line
+
+ class="skip"
fi
+
if [[ "${class}" != "skip" ]]
then
- host_name=$(host ${ip} | sed -e 's/.*domain name pointer //' -e 's/.$//')
-
- case "${vpn_type}"
- in
- "0")
- /sbin/ifconfig ipsec0 2>/dev/null | grep UP >/dev/null
+ host_name=${src_name}
- if [[ "$?" == 0 ]]
- then
- dev=ipsec0
- status=1
- else
- dev="-"
- status=0
- fi
- ;;
+ if [[ "${format}" == "html" ]]
+ then
+ echo -n ""
- "1")
- dev="tun0"
+ echo -n "${NETWORK_SRC_TYPE[${src_type}]} ${src_ip} ${host_name} "
- status_line="$(sudo /usr/local/sbin/openvpn-status ${dev} | grep "CLIENT_LIST.*${ip},")"
+ case "${src_status}"
+ in
+ "0")
+ echo -n "- "
+ ;;
+ esac
- bytes_received="$(echo ${v_bytes_received} | numfmt --to=iec-i --suffix=B)"
- bytes_sent="$(echo ${v_bytes_sent} | numfmt --to=iec-i --suffix=B)"
- uptime=$(echo "$(($(date +%s) - $(date -d "${v_date}" +%s)))" | awk '{days = int($1/86400); print days " day" (( days > 1 ) ? "s" : "") strftime(" %H:%M:%S", $1,1)}')
- last_seen="$(date +"%Y/%m/%d %H:%M:%S")"
- fi
- ;;
-
- "2" | "3")
- /sbin/ifconfig 2>/dev/null | grep "P-t-P:${ip} " >/dev/null
-
- if [[ "$?" == 0 ]]
- then
- dev=$(/sbin/route -n 2>/dev/null | grep "^${ip}" | awk '{print $8}')
- bytes_received="-"
- bytes_sent="-"
- uptime="-"
- lastseen="-"
- status=1
- else
- dev="-"
- bytes_received="-"
- bytes_sent="-"
- uptime="-"
- last_seen="-"
- status=0
- fi
- ;;
-
- *)
- dev="-"
- bytes_received="-"
- bytes_sent="-"
- uptime="-"
- last_seen="-"
- status=2
- ;;
- esac
-
- if [[ "${forward}" == "${vpn_type}" ]]
- then
- if [[ "${net_type}" == "sn" ]]
- then
- port_start=$((3000+${vpn_id}*100))
- else
- port_start=$((33000+${vpn_id}*100))
- fi
-
- port_end=$((${port_start}+99))
- else
- port_start=""
- port_end=""
- fi
-
- if [[ "${format}" == "html" ]]
- then
- echo -n " "
-
- echo "${VPN_TYPE[${vpn_type}]} ${ip} ${host_name} "
-
- case "${status}"
- in
- "0")
- echo -n "- "
- ;;
- esac
-
- echo -n "${dev} "
- else
- echo -n "${idx};${VPN_TYPE[${vpn_type}]};${ip};${host_name};${status};${dev};"
- fi
+ echo -n "${src_device} "
+ else
+ echo -n "${src_id};${NETWORK_SRC_TYPE[${src_type}]};${src_ip};${host_name};${status};${src_device};"
+ fi
- i=0
+ for dst_id in ${NETWORK_DST_ID_LIST}
+ do
+ network_dst_tab_get ${dst_id}
- for blk in ${VPN_EXT_LIST}
- do
- if [[ "${format}" == "html" ]]
- then
- echo -n ""
-
- if [[ $i == $id ]]
- then
- echo -n " "
- else
- echo -n " "
+ if [[ "${format}" == "html" ]]
+ then
+ echo -n " "
+
+ if [[ "${dst_table}" == "${src_table}" ]]
+ then
+ echo -n " "
+ else
+ echo -n " "
- if [[ "${REMOTE_USER}" == "${owner}" ]]
- then
- echo -n "
"
- else
+ echo -n "
${src_port_range} ${src_port_start:--} ${src_port_end:--} "
+ else
+ echo -n "${src_port_range} - - "
+ fi
- i=$((i + 1))
- done
-
- if [[ "${format}" == "html" ]]
- then
- if [[ "${forward}" == "${vpn_type}" ]]
- then
- echo -n "${port_start} ${port_end} "
- else
-
- if [[ "${REMOTE_USER}" == "${owner}" ]]
- then
- echo -n " "
- fi
-
- echo -n " "
- fi
-
- echo "${owner} ${bytes_received} ${bytes_sent} ${uptime} ${last_seen} "
- else
-
- if [[ "${forward}" == "${vpn_type}" ]]
- then
- echo -n "1;"
- else
- echo -n "0;"
- fi
-
- echo "${port_start};${port_end};${owner};${bytes_received};${bytes_sent};${uptime};${last_seen}"
- fi
+ echo "${src_owner} ${src_bytes_received:--} ${src_bytes_sent:--} ${src_uptime:--} ${src_last_seen:--} "
+ else
+ echo "${src_port_range};${src_port_start};${src_port_end};${src_owner};${src_bytes_received};${src_bytes_sent};${src_uptime};${src_last_seen}"
+ fi
fi
}
@@ -531,82 +267,62 @@ VPN_Routing_Board_Line()
#--------------------------------------------------------------------------------------------------------------------------
-# VPN Routing Board
+# Source Routing Board
#--------------------------------------------------------------------------------------------------------------------------
-VPN_Routing_Board()
+Source_Routing_Board()
{
if [[ "${format}" == "html" ]]
then
- echo " "
- echo "
"
- echo ""
- echo " VPN Routing Board "
- echo ""
- echo " "
+ echo " "
+ echo "
"
else
- echo ""
+ echo ""
fi
}
@@ -620,131 +336,121 @@ VPN_OpenVPN_Board()
{
if [[ "${format}" == "html" ]]
then
- echo " "
- echo "
"
- echo ""
- echo " OpenVPN Board "
- echo ""
- echo " "
+ echo " "
+ echo "
"
fi
}
@@ -758,54 +464,97 @@ Main_Board_Print ()
{
if [[ "${format}" == "html" ]]
then
- echo ""
+ echo ""
- if [[ "${filter}" == "owner" ]]
- then
- echo " VPN Admin Board - My VPN "
- else
- echo " VPN Admin Board - All VPN "
- fi
+ if [[ "${admin}" == "true" ]]
+ then
+ admin_mode=" - Admin Mode"
+ else
+ admin_mode=""
+ fi
+
+ case "${filter}"
+ in
+ "owner")
+ filter_mode="My VPN"
+ ;;
+
+ "")
+ filter_mode="All VPN"
+ ;;
+
+ *)
+ filter_mode="${filter} VPN"
+ ;;
+ esac
- echo " "
- echo " Date: $(/bin/date)
"
- echo " VPN Admin Board: ${filter_mode}${admin_mode} "
+
+
+ echo " "
+ echo " Date: $(/bin/date)
"
+ echo " "
+ echo " Non Admin Mode "
+ else
+ echo -n "Admin Mode "
+ fi
- echo "
"
- echo "
"
- echo ""
- echo " "
- echo " Rx3 Admin "
- echo "
"
- echo ""
- echo " "
- echo " "
- echo " "
- echo "
"
+ echo -n " "
+ fi
+
+ if [[ "${filter}" != "" ]]
+ then
+ echo -n "All VPN "
+ fi
+
+ echo ""
+ echo " "
+
+ time_out=$(date +%s%N)
+ elaps=$((${time_out} - ${time_in}))
+ elaps_sec=$((${elaps} / 1000000000))
+ elaps_mili=$(( ( ${elaps} / 1000000) - ( ${elaps_sec} * 1000)))
+
+ echo " "
+ echo "
"
+ echo ""
+ echo " "
+ echo " Rx3 Admin "
+ echo "
"
+ echo ""
+ echo " "
+ echo " "
+ echo " "
+ echo "
"
fi
}
@@ -831,6 +580,7 @@ vpn=""
type=""
redirect=""
cmd_status=""
+admin=""
if [[ "${QUERY_STRING}" != "" ]]
then
@@ -848,37 +598,41 @@ then
case "${var}"
in
- "cmd")
- cmd=${arg}
- ;;
+ "cmd")
+ cmd=${arg}
+ ;;
- "format")
- format=${arg}
- ;;
+ "format")
+ format=${arg}
+ ;;
- "filter")
- filter=${arg}
- ;;
+ "admin")
+ admin=${arg}
+ ;;
- "ip")
- ip=${arg}
- ;;
+ "filter")
+ filter=${arg}
+ ;;
- "vpn")
- vpn=${arg}
- ;;
+ "ip")
+ ip=${arg}
+ ;;
- "type")
- type=${arg}
- ;;
+ "vpn")
+ vpn=${arg}
+ ;;
- "filename")
- filename=${arg}
- ;;
+ "type")
+ type=${arg}
+ ;;
- "defroute")
- defroute=${arg}
- ;;
+ "filename")
+ filename=${arg}
+ ;;
+
+ "defroute")
+ defroute=${arg}
+ ;;
esac
shift
@@ -893,150 +647,148 @@ fi
+
+
#--------------------------------------------------------------------------------------------------------------------------
# Command Handler
#--------------------------------------------------------------------------------------------------------------------------
-case "${cmd}"
-in
- "")
- Header_Print
- Main_Board_Print
- Footer_Print
- ;;
+network_tab_load
- "route_set")
- owner=$(Lookup_Owner)
+#network_tab_dump
- if [[ "${REMOTE_USER}" == "${owner}" ]]
- then
- sudo /etc/init.d/rx3-net table_set $ip $((${vpn} + 3)) 2>&1 >/dev/null
+if [[ ( ${admin} == "true") && ( " ${ADMIN_USER_LIST} " != *" ${REMOTE_USER} "*) ]]
+then
+ cmd_status="${cmd}: Admin NOT_AUTHORIZED"
- if [[ "$?" == 0 ]]
- then
- cmd_status="route_set: OK"
- else
- cmd_status="route_set: KO"
- fi
- else
- cmd_status="route_set: NOT_AUTHORIZED"
- fi
-
- redirect="${CGI_NAME}?filter=${filter}"
-
- Header_Print
- Footer_Print
- ;;
-
- "forward_set")
- owner=$(Lookup_Owner)
-
- if [[ "${REMOTE_USER}" == "${owner}" ]]
- then
- sudo /etc/init.d/rx3-net forward_set $ip 2>&1 >/dev/null
- if [[ "$?" == 0 ]]
- then
- cmd_status="forward_set: OK "
- else
- cmd_status="forward_set: KO"
- fi
- else
- cmd_status="forward_set: NOT_AUTHORIZED"
- fi
-
- redirect="${CGI_NAME}?filter=${filter}"
-
- Header_Print
- Footer_Print
- ;;
-
- "cert_download")
- owner=$(Lookup_Owner)
-
- if [[ "${type}" == "ca" ]] || [[ "${type}" == "crt" ]] || [[ "${REMOTE_USER}" == "${owner}" ]]
- then
- cmd_status="cert_download: OK"
- format="txt"
-
- case "${type}"
- in
- "ca")
- file_name="ca.crt"
- host_name=""
- ;;
-
- "tc")
- file_name="tc.key"
- host_name=""
- ;;
-
- *)
- host_name=$(host ${ip} | sed -e 's/.*domain name pointer //' -e 's/.$//')
- file_name="${host_name}.${type}"
- ;;
- esac
-
- Header_Print
- sudo /usr/local/sbin/cert_dump ${type} ${host_name}
- else
- cmd_status="cert_download: NOT_AUTHORIZED"
-
- redirect="${CGI_NAME}?filter=${filter}"
-
- format="html"
- Header_Print
- Footer_Print
- fi
- ;;
-
- "config_download")
- owner=$(Lookup_Owner)
-
- if [[ ( "${type}" == "ext") || ( ( "${type}" == "inline") && ( "${REMOTE_USER}" == "${owner}")) ]]
- then
- cmd_status="config_download: OK"
-
- host_name=$(host ${ip} | sed -e 's/.*domain name pointer //' -e 's/.$//')
- template_name="rx3-client.ovpn"
-
- if [[ "${defroute}" == "false" ]]
- then
- defroute_pipe="sed s/#pull-filter/pull-filter/"
- route_type="nodefroute"
- else
- defroute_pipe="cat"
- route_type="defroute"
- fi
-
- format="txt"
-
- if [[ "${type}" == "ext" ]]
- then
- file_name="${host_name}-${route_type}-external.ovpn"
- Header_Print
-
- sed \"; sudo \/usr\/local\/sbin\/cert_dump ca; echo \"<\/ca>\")/" -e "s/cert tls\/certs\/CLIENT_FQDN.crt/\$(echo \"\"; sudo \/usr\/local\/sbin\/cert_dump crt CLIENT_FQDN; echo \"<\/cert>\")/" -e "s/key tls\/private\/CLIENT_FQDN.key/\$(echo \"\"; sudo \/usr\/local\/sbin\/cert_dump key CLIENT_FQDN; echo \"<\/key>\")/" -e "s/tls-crypt tls\/private\/tc.key/\$(echo \"\"; sudo \/usr\/local\/sbin\/cert_dump tc; echo \"<\/tls-crypt>\")/" -e "s/CLIENT_FQDN/${host_name}/g")\"" | ${defroute_pipe}
- fi
- else
- cmd_status="config_download: NOT_AUTHORIZED"
-
- redirect="${CGI_NAME}?filter=${filter}"
-
- format="html"
- Header_Print
- Footer_Print
- fi
- ;;
-
- *)
- cmd_status="${cmd}: UNKNOWN_CMD"
-
- Header_Print
- Footer_Print
- ;;
-esac
+ redirect="?filter=${filter}"
+
+ Header_Print
+ Footer_Print
+else
+
+ case "${cmd}"
+ in
+ "")
+ Header_Print
+ Main_Board_Print
+ Footer_Print
+ ;;
+
+ "route_set")
+ network_src_tab_ip_lookup "${ip}"
+ network_src_tab_get "${src_id}"
+
+ if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
+ then
+ sudo /usr/local/sbin/rx3_net_adm table_set ${ip} $((${vpn} + 3)) 1>&2
+
+ if [[ "$?" == 0 ]]
+ then
+ cmd_status="route_set: OK"
+ else
+ cmd_status="route_set: KO"
+ fi
+ else
+ cmd_status="route_set: NOT_AUTHORIZED [${REMOTE_USER}]/[${src_owner}]"
+ fi
+
+ redirect="?admin=${admin}&filter=${filter}"
+
+ Header_Print
+ Footer_Print
+ ;;
+
+ "cert_download")
+ network_src_tab_ip_lookup "${ip}"
+ network_src_tab_get "${src_id}"
+
+ if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") || ( "${type}" == "ca") || ( "${type}" == "crt") ]]
+ then
+ cmd_status="cert_download: OK"
+ format="txt"
+
+ case "${type}"
+ in
+ "ca")
+ file_name="ca.crt"
+ host_name=""
+ ;;
+
+ "tc")
+ file_name="tc.key"
+ host_name=""
+ ;;
+
+ *)
+ host_name=$(host ${ip} | sed -e 's/.*domain name pointer //' -e 's/.$//')
+ file_name="${host_name}.${type}"
+ ;;
+ esac
+
+ Header_Print
+ sudo /usr/local/sbin/cert_dump ${type} ${host_name}
+ else
+ cmd_status="cert_download: NOT_AUTHORIZED"
+
+ redirect="?admin=${admin}&filter=${filter}"
+
+ format="html"
+ Header_Print
+ Footer_Print
+ fi
+ ;;
+
+ "config_download")
+ network_src_tab_ip_lookup "${ip}"
+ network_src_tab_get "${src_id}"
+
+ if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") || ( "${type}" == "ext") ]]
+ then
+ cmd_status="config_download: OK"
+
+ host_name=$(host ${ip} | sed -e 's/.*domain name pointer //' -e 's/.$//')
+ template_name="rx3-client.ovpn"
+
+ if [[ "${defroute}" == "false" ]]
+ then
+ defroute_pipe="sed s/#pull-filter/pull-filter/"
+ route_type="nodefroute"
+ else
+ defroute_pipe="cat"
+ route_type="defroute"
+ fi
+
+ format="txt"
+
+ if [[ "${type}" == "ext" ]]
+ then
+ file_name="${host_name}-${route_type}-external.ovpn"
+ Header_Print
+
+ sed \"; sudo \/usr\/local\/sbin\/cert_dump ca; echo \"<\/ca>\")/" -e "s/cert tls\/certs\/CLIENT_FQDN.crt/\$(echo \"\"; sudo \/usr\/local\/sbin\/cert_dump crt CLIENT_FQDN; echo \"<\/cert>\")/" -e "s/key tls\/private\/CLIENT_FQDN.key/\$(echo \"\"; sudo \/usr\/local\/sbin\/cert_dump key CLIENT_FQDN; echo \"<\/key>\")/" -e "s/tls-crypt tls\/private\/tc.key/\$(echo \"\"; sudo \/usr\/local\/sbin\/cert_dump tc; echo \"<\/tls-crypt>\")/" -e "s/CLIENT_FQDN/${host_name}/g")\"" | ${defroute_pipe}
+ fi
+ else
+ cmd_status="config_download: NOT_AUTHORIZED"
+
+ redirect="?admin=${admin}&filter=${filter}"
+
+ format="html"
+ Header_Print
+ Footer_Print
+ fi
+ ;;
+
+ *)
+ cmd_status="${cmd}: UNKNOWN_CMD"
+
+ Header_Print
+ Footer_Print
+ ;;
+ esac
+fi
![\"Up\"](\"../icons/user-online.png\" "\\"Up\\""){kind=icon}
![\"Down\"](\"../icons/user-busy.png\" "\\"Down\\""){kind=icon}
"
+ fi
- /sbin/ifconfig ${dev} 2>/dev/null | grep UP >/dev/null
-
- if [[ "$?" == 0 ]]
- then
- status=1
- else
- status=0
- fi
-
- if [[ ${status} == 0 ]]
- then
- address="-"
- else
- case "${type}" in
- "Local"|"PPTP")
- address="$(ip addr show dev ${dev} | grep "inet " | grep -v "${dev}:" | awk '{print $2;}' | sed -e 's/\/.*//')"
- ;;
-
- "OpenVPN")
-# address="$(sudo /usr/local/sbin/ns-launch 3 ${table} /usr/local/bin/my_address_get)"
- address="$(host vpn${idx}.vpn.rx3 | sed -e 's/.*address //')"
- ;;
- esac
- fi
-
- if [[ "${conf}" == "" ]]
- then
- conf="-"
- bytes_received="-"
- bytes_sent="-"
- uptime="-"
- else
- if [[ "${status}" == "1" ]]
- then
- if [[ "$type" == "OpenVPN" ]]
- then
- bytes_received=$(sudo /usr/local/sbin/openvpn-status ${dev} | grep -e "TCP/UDP read bytes" | sed -e "s/.*,//" | numfmt --to=iec-i --suffix=B)
- bytes_sent=$(sudo /usr/local/sbin/openvpn-status ${dev} | grep -e "TCP/UDP write bytes" | sed -e "s/.*,//" | numfmt --to=iec-i --suffix=B)
- start_date=$(grep "ext-client-${dev}.conf" /var/log/rx3-vpn.status 2>/dev/null | sed -e "s/.*Date: \[//" -e "s/\].*//")
- uptime=$(echo "$(($(date +%s) - $(date -d "${start_date}" +%s)))" | awk '{days = int($1/86400); print days " day" (( days > 1 ) ? "s" : "") strftime(" %H:%M:%S", $1,1)}')
- else
- bytes_received="-"
- bytes_sent="-"
- start_date="-"
- uptime="-"
- fi
-
- else
- bytes_received="-"
- bytes_sent="-"
- uptime="-"
- fi
- fi
-
- if [[ "${format}" == "html" ]]
- then
- echo -n "![\"Activate\"](\"../icons/user-invisible.png\" "\\"Activate\\""){kind=icon}
![\"Best](\"/images/anyb09.png\")
![\"Valid](\"/images/valid-html401.png\")
![\"Valid](\"/images/valid-css.png\")