Rx3/network_tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 7 Wiki Activity

Compare commits

base: Rx3:network_tools-1.1.0
Branches Tags
Rx3:master
Rx3:network_tools-1.2.0 Rx3:network_tools-1.1.4 Rx3:network_tools-1.1.3 Rx3:network_tools-1.1.2 Rx3:network_tools-1.1.1 Rx3:network_tools-1.1.0 Rx3:network_tools-1.0.0
...
compare: Rx3:network_tools-1.2.0
Branches Tags
Rx3:master
Rx3:network_tools-1.2.0 Rx3:network_tools-1.1.4 Rx3:network_tools-1.1.3 Rx3:network_tools-1.1.2 Rx3:network_tools-1.1.1 Rx3:network_tools-1.1.0 Rx3:network_tools-1.0.0

16 Commits
network_to ... network_to

Author SHA1 Message Date
Arnaud G. GIBERT
bcf1c09fa0 - Add sudoers config file, 
- Bug fixies,
- Change rx3-base to rx3-base-libs dependency.
 2026-05-03 13:30:57 +02:00
Arnaud G. GIBERT
4ed3d26dad - Add ip library, 
- Move ip low level functions to ip library,
- Add libs RPM package.
 2026-04-23 11:41:10 +02:00
Arnaud G. GIBERT
ad3862a5e0 - Complete migration, 
- Move usr/lib, usr/sbin & var/www to lib, sbin & www,
- Add dns_host_update() to dns library,
- Add RPM Spec & bash completion files.
 2026-04-20 18:27:56 +02:00
Arnaud G. GIBERT
f58ffedef9 - Migrate rx3_net_adm and add coresponding completion script. 2026-04-15 18:06:36 +02:00
Arnaud G. GIBERT
360db73a09 - First commit after repository split! 2026-04-14 15:45:32 +02:00
Arnaud G. GIBERT
6d2fd44dba - Start migration of dns, network & vpn lib, 
- Start migration of rx3_net_adm.
 2026-04-13 16:35:39 +02:00
Arnaud G. GIBERT
0c05cfd6c0 - Fix ReleaseNotes file. 2026-04-13 12:08:50 +02:00
Arnaud G. GIBERT
540bd1ce03 - Add rx3-network.minotaur config file, 
- Add missing etc/sudoers.d/rx3-network config file.
 2025-10-19 20:13:09 +02:00
Arnaud G. GIBERT
5e3d8ed47b - Minor config files update. 2025-09-19 11:43:49 +02:00
Arnaud G. GIBERT
ce66dba7a6 - Fix uptime for gateway destinations, 
- Add status filtering in the VPN Admin page.
 2025-09-19 11:02:09 +02:00
Arnaud G. GIBERT
2083444bc1 - Minor fixes in config files and openvpn-status. 2025-09-12 18:43:25 +02:00
Arnaud G. GIBERT
8cd1bcce64 - Fix sysconfig files, 
- Fix openvpn-status.
 2025-09-07 23:26:55 +02:00
Arnaud G. GIBERT
e5a41ec931 - Update changelog for release. 2025-09-03 14:51:05 +02:00
Arnaud G. GIBERT
a0d8a55ca8 - Fix stupid -x on the shebang line of vpn lib! 2025-09-01 19:33:27 +02:00
Arnaud G. GIBERT
fc549dfea0 - Add network reinit() function, 
- Add reinit at each supervisor end loop,
- Fix address refresh algorithm,
- Fix log function parameter passing bug.
 2025-09-01 19:22:40 +02:00
Arnaud G. GIBERT
b1c51d6cfd - Improve device up api events, 
- Improve openvpn stats reporting,
- Add a new conection state for gateways device up with no gateway client conected.
 2025-09-01 01:09:29 +02:00
39 changed files with 4619 additions and 2541 deletions
Expand all files Collapse all files

45
ReleaseNotes.txt
View File

@@ -1,3 +1,48 @@
------------------------------------------------------------------------------------------------------------------------------------
Network Tools V 1.2.0 - A. GIBERT - 2026/05/03
------------------------------------------------------------------------------------------------------------------------------------
- Split repository to remove the Rx3 configuration part and push it to rx3-config repo,
- Switch this repository to public,
- Migrate Network Tools to the new Rx3 Base Bash library,
- Add ip library,
- Move usr/lib, usr/sbin & var/www to lib, sbin & www,
- Add dns_host_update() to dns library,
- Add RPM Spec & bash completion files,
- Move install dir form /usr/local to usr,
- Support now rx3-base 1.1.2.
------------------------------------------------------------------------------------------------------------------------------------
Network Tools V 1.1.3 - A. GIBERT - 2025/09/19
------------------------------------------------------------------------------------------------------------------------------------
- Fix uptime for gateway destinations,
- Add status filtering in the VPN Admin page.
------------------------------------------------------------------------------------------------------------------------------------
Network Tools V 1.1.2 - A. GIBERT - 2025/09/12
------------------------------------------------------------------------------------------------------------------------------------
- Minor fixes in config files and openvpn-status.
------------------------------------------------------------------------------------------------------------------------------------
Network Tools V 1.1.1 - A. GIBERT - 2025/09/03
------------------------------------------------------------------------------------------------------------------------------------
- Add a new conection state for gateways device up with no gateway client connected,
- Improve openvpn stats reporting,
- Improve device up api events,
- Add network reinit() function,
- Add reinit at each supervisor end loop.
------------------------------------------------------------------------------------------------------------------------------------
Network Tools V 1.1.0 - A. GIBERT - 2025/08/26
------------------------------------------------------------------------------------------------------------------------------------

217
SPECS/network_tools.spec Normal file
View File

@@ -0,0 +1,217 @@
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Network Tools
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------
%define name network_tools
%define version 1.2.0
%define release %mkrel 1rx3
%global debug_package %{nil}
%global _webdir %{_localstatedir}/www
%global _webcgi %{_webdir}/cgi-bin
%global _webhtml %{_webdir}/html
#-----------------------------------------------------------------------------------------------------------------------------------
# Package
#-----------------------------------------------------------------------------------------------------------------------------------
Name: %{name}
Version: %{version}
Release: %{release}
Summary: Rx3 Network Tools
License: GPL
URL: https://git.rx3.org/gitea/rx3/%{name}
Group: System
Distribution: Rx3 Free Software
Vendor: Rx3
Packager: Arnaud G. GIBERT <arnaud@rx3.net>
BuildArch: noarch
Requires: %{name}-libs
Source0: https://git.rx3.org/gitea/rx3/%{name}/archive/%{name}-%{version}.tar.gz
%description
These tools aims to manage network operation on Rx3 systems. This include:
- Boot time network setup,
- Comand line management tools,
- Web interface tools.
The following topics are tageted:
- Virtual network interface,
- VPN,
- Proxy,
- Port forwarding,
- Dynamic DNS.
This release support IPTables and OpenVPN.
%package libs
Summary: Rx3 Network Tools Libraries
Requires: rx3-base-libs
Requires: bind-utils
%description libs
These tools aims to manage network operation on Rx3 systems.
This is the bash libraires.
#-----------------------------------------------------------------------------------------------------------------------------------
# Prep
#-----------------------------------------------------------------------------------------------------------------------------------
%prep
%setup -q -n %{name}
#-----------------------------------------------------------------------------------------------------------------------------------
# Build
#-----------------------------------------------------------------------------------------------------------------------------------
%build
#-----------------------------------------------------------------------------------------------------------------------------------
# Install
#-----------------------------------------------------------------------------------------------------------------------------------
%install
# Config
%{__mkdir_p} %{buildroot}%{_sysconfdir}/sysconfig
cp etc/sysconfig/* %{buildroot}%{_sysconfdir}/sysconfig
%{__mkdir_p} %{buildroot}%{_sysconfdir}/sudoers.d
cp etc/sudoers.d/* %{buildroot}%{_sysconfdir}/sudoers.d
# SystemD
%{__mkdir_p} %{buildroot}%{_unitdir}
cp etc/systemd/system/* %{buildroot}%{_unitdir}
# Bash completion
%{__mkdir_p} %{buildroot}%{_sysconfdir}/bash_completion.d
cp etc/bash_completion.d/* %{buildroot}%{_sysconfdir}/bash_completion.d
# Lib
%{__mkdir_p} %{buildroot}%{_prefix}/lib/rx3
cp lib/rx3/*.bash %{buildroot}%{_prefix}/lib/rx3
# Bin
%{__mkdir_p} %{buildroot}%{_sbindir}
cp sbin/* %{buildroot}%{_sbindir}
# WWW
%{__mkdir_p} %{buildroot}%{_webcgi}
cp www/cgi-bin/*.cgi %{buildroot}%{_webcgi}
#-----------------------------------------------------------------------------------------------------------------------------------
# Check
#-----------------------------------------------------------------------------------------------------------------------------------
%check
#-----------------------------------------------------------------------------------------------------------------------------------
# Post
#-----------------------------------------------------------------------------------------------------------------------------------
%post
%_post_service rx3-network
%_post_service rx3-vpn
#-----------------------------------------------------------------------------------------------------------------------------------
# Preun
#-----------------------------------------------------------------------------------------------------------------------------------
%preun
%_preun_service rx3-vpn
%_preun_service rx3-network
#-----------------------------------------------------------------------------------------------------------------------------------
# Files
#-----------------------------------------------------------------------------------------------------------------------------------
%files
%doc ReadMe.txt ReleaseNotes.txt ToDo.txt
%license COPYING COPYING.LESSER GNU_GPL-3.0.txt GNU_LGPL-3.0.txt GNU_FDL-1.3.txt
%config(noreplace) %{_sysconfdir}/sysconfig/*
%config(noreplace) %{_sysconfdir}/sudoers.d/*
%defattr(644,root,root)
%{_sysconfdir}/bash_completion.d/*
%{_unitdir}/*.service
%defattr(0755,root,root)
%{_sbindir}/*
%{_webcgi}/*.cgi
%files libs
%doc ReadMe.txt ReleaseNotes.txt ToDo.txt
%license COPYING COPYING.LESSER GNU_GPL-3.0.txt GNU_LGPL-3.0.txt GNU_FDL-1.3.txt
%defattr(644,root,root)
%{_prefix}/lib/rx3/*
#-----------------------------------------------------------------------------------------------------------------------------------
# ChangeLog
#-----------------------------------------------------------------------------------------------------------------------------------
%changelog
* Sun May 3 2026 Arnaud G. GIBERT <arnaud@rx3.net> - 1.2.0-1rx3.mga9
- Create initial SPEC file for 1.2.0 on Mageia 9

1
ToDo.txt Normal file
View File

@@ -0,0 +1 @@
- ...

90
etc/bash_completion.d/cert_dump Normal file
View File

@@ -0,0 +1,90 @@
#!/bin/bash
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Rx3 Cert Dump Bash Completion
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------------------
# Cert Dump Completion
#-----------------------------------------------------------------------------------------------------------------------------------
_cert_dump_completion()
{
local cur="${COMP_WORDS[COMP_CWORD]}"
local prev="${COMP_WORDS[COMP_CWORD-1]}"
local opts="-h --help -V --version -v --verbose"
local pos=0
local i
COMPREPLY=()
# Count non-option positional arguments already provided
for (( i=1; i<COMP_CWORD; i++ ))
do
case "${COMP_WORDS[i]}" in
-h|--help|-V|--version|-v|--verbose)
;;
--)
;;
-*)
;;
*)
pos=$(( pos + 1 ))
;;
esac
done
# Complete options if current word starts with '-'
if [[ "${cur}" == -* ]]
then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
# Complete positional arguments
case "${pos}" in
0)
COMPREPLY=( $(compgen -W "ca tc key csr crt" -- "${cur}") )
;;
1)
case "${prev}" in
key|csr|crt)
COMPREPLY=( $(compgen -W "$(ls /etc/openvpn/tls/certs/*.crt 2>/dev/null | sed 's|.*/||; s|\.crt$||; s|^ca$||')" -- "${cur}") )
;;
*)
COMPREPLY=()
;;
esac
;;
*)
COMPREPLY=()
;;
esac
return 0
}
complete -o filenames -F _cert_dump_completion cert_dump

89
etc/bash_completion.d/ip_host_update Normal file
View File

@@ -0,0 +1,89 @@
#!/bin/bash
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Rx3 IP Host Update Bash Completion
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------------------
# IP Host Update Completion
#-----------------------------------------------------------------------------------------------------------------------------------
_ip_host_update_completion()
{
local cur="${COMP_WORDS[COMP_CWORD]}"
local prev="${COMP_WORDS[COMP_CWORD-1]}"
local opts="-h --help -V --version -v --verbose"
local pos=0
local i
COMPREPLY=()
# Count non-option positional arguments already provided
for (( i=1; i<COMP_CWORD; i++ ))
do
case "${COMP_WORDS[i]}" in
-h|--help|-V|--version|-v|--verbose)
;;
--)
;;
-*)
;;
*)
pos=$(( pos + 1 ))
;;
esac
done
# Complete options if current word starts with '-'
if [[ "${cur}" == -* ]]
then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
# Complete positional arguments
case "${pos}" in
0)
COMPREPLY=( $(compgen -W "$(getent hosts | awk '{print $3}' | grep -v '^$')" -- "${cur}") )
;;
1)
COMPREPLY=( $(compgen -W "$(named-checkconf -p 2>/dev/null | grep -oP 'zone\s+\"\K[^\"]+' | sort -u)" -- "${cur}") )
;;
2)
COMPREPLY=()
;;
3)
COMPREPLY=( $(compgen -W "60 300 600 3600 86400" -- "${cur}") )
;;
*)
COMPREPLY=()
;;
esac
return 0
}
complete -o filenames -F _ip_host_update_completion ip_host_update

80
etc/bash_completion.d/openvpn-status Normal file
View File

@@ -0,0 +1,80 @@
#!/bin/bash
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Rx3 OpenVPN Status Bash Completion
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------------------
# OpenVPN Status Completion
#-----------------------------------------------------------------------------------------------------------------------------------
_openvpn_status_completion()
{
local cur="${COMP_WORDS[COMP_CWORD]}"
local prev="${COMP_WORDS[COMP_CWORD-1]}"
local opts="-h --help -V --version -v --verbose"
local pos=0
local i
COMPREPLY=()
# Count non-option positional arguments already provided
for (( i=1; i<COMP_CWORD; i++ ))
do
case "${COMP_WORDS[i]}" in
-h|--help|-V|--version|-v|--verbose)
;;
--)
;;
-*)
;;
*)
pos=$(( pos + 1 ))
;;
esac
done
# Complete options if current word starts with '-'
if [[ "${cur}" == -* ]]
then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
# Complete positional arguments
case "${pos}" in
0)
COMPREPLY=( $(compgen -W "$(ls /var/lib/openvpn/*.status 2>/dev/null | sed 's|.*/||; s|\.status$||')" -- "${cur}") )
;;
*)
COMPREPLY=()
;;
esac
return 0
}
complete -o filenames -F _openvpn_status_completion openvpn-status

93
etc/bash_completion.d/rx3_net_adm Normal file
View File

@@ -0,0 +1,93 @@
#!/bin/bash
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Rx3 Net Adm Bash Completion
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------------------
# Rx3 Net Adm Completion
#-----------------------------------------------------------------------------------------------------------------------------------
_rx3_net_adm_completion()
{
local cur="${COMP_WORDS[COMP_CWORD]}"
local prev="${COMP_WORDS[COMP_CWORD-1]}"
local opts="-h --help -V --version -v --verbose"
local pos=0
local i
COMPREPLY=()
# Count non-option positional arguments already provided
for (( i=1; i<COMP_CWORD; i++ ))
do
case "${COMP_WORDS[i]}" in
-h|--help|-V|--version|-v|--verbose)
;;
--)
;;
-*)
;;
*)
pos=$(( pos + 1 ))
;;
esac
done
# Complete options if current word starts with '-'
if [[ "${cur}" == -* ]]
then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
# Complete positional arguments
case "${pos}" in
0)
COMPREPLY=( $(compgen -W "start stop restart status dump table_set refresh_address" -- "${cur}") )
;;
1)
case "${prev}" in
table_set)
COMPREPLY=( $(compgen -W "$(network_dst_tab_dump | grep -oP 'Name.*: \[\K[^\]]+')" -- "${cur}") )
;;
refresh_address)
COMPREPLY=( $(compgen -W "$(network_dst_tab_dump | grep -oP 'Name.*: \[\K[^\]]+')" -- "${cur}") )
;;
*)
COMPREPLY=()
;;
esac
;;
*)
COMPREPLY=()
;;
esac
return 0
}
complete -o filenames -F _rx3_net_adm_completion rx3_net_adm

80
etc/bash_completion.d/rx3_vpn_admin Normal file
View File

@@ -0,0 +1,80 @@
#!/bin/bash
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Rx3 Vpn Adm Bash Completion
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------------------
# Rx3 Vpn Adm Completion
#-----------------------------------------------------------------------------------------------------------------------------------
_rx3_vpn_adm_completion()
{
local cur="${COMP_WORDS[COMP_CWORD]}"
local prev="${COMP_WORDS[COMP_CWORD-1]}"
local opts="-h --help -V --version -v --verbose"
local pos=0
local i
COMPREPLY=()
# Count non-option positional arguments already provided
for (( i=1; i<COMP_CWORD; i++ ))
do
case "${COMP_WORDS[i]}" in
-h|--help|-V|--version|-v|--verbose)
;;
--)
;;
-*)
;;
*)
pos=$(( pos + 1 ))
;;
esac
done
# Complete options if current word starts with '-'
if [[ "${cur}" == -* ]]
then
COMPREPLY=( $(compgen -W "${opts}" -- "${cur}") )
return 0
fi
# Complete positional arguments
case "${pos}" in
0)
COMPREPLY=( $(compgen -W "start stop restart status dump" -- "${cur}") )
;;
*)
COMPREPLY=()
;;
esac
return 0
}
complete -o filenames -F _rx3_vpn_adm_completion rx3_vpn_adm

2
etc/sudoers.d/rx3-network Normal file
View File

@@ -0,0 +1,2 @@
# Rx3 VPN Admin Board
apache ALL= NOPASSWD: /usr/sbin/rx3_net_adm, /usr/sbin/iptables_list, /usr/sbin/cert_dump, /usr/sbin/ns-launch, /usr/sbin/openvpn-status

143
etc/sysconfig/rx3-network Normal file
View File

@@ -0,0 +1,143 @@
#-------------------------------------------------------------------------------
# Network Config File
#-------------------------------------------------------------------------------
NETWORK_LOG_FILE="/var/log/network/rx3-network"
NETWORK_LOG_LOCK="/var/lock/network/log"
#NETWORK_LOG_TRACE="DISABLED"
#NETWORK_LOG_TRACE="ENABLED"
ADMIN_USER_LIST="xxx"
NETWORK_NC_TIMEOUT=10
#-------------------------------------------------------------------------------
# DNS Config
#-------------------------------------------------------------------------------
DNS_CACHE_FILE="/var/cache/network/dns"
DNS_CACHE_LOCK="/var/lock/network/dns"
#-------------------------------------------------------------------------------
# Network IP Route
#-------------------------------------------------------------------------------
NETWORK_IP_ROUTE_CONFIG="
#-------------------------------------------------------------------------------
# IP Mask Device
#-------------------------------------------------------------------------------
# Not
10.0.0.0 24 eth1
# GW
10.0.10.1 32 tun1 # GW1
10.0.10.2 32 tun1
10.0.10.3 32 tun2 # GW2
10.0.10.4 32 tun2
# SUB1
10.10.0.0 16 tun1
# SUB2
10.11.0.0 16 tun2
# Docker
172.17.0.0 16 docker0
"
#-------------------------------------------------------------------------------
# Network Dst Config
#-------------------------------------------------------------------------------
NETWORK_DST_NAME="vpn.rx3"
NETWORK_DST_PROXY_NAME="sub0.rx3"
NETWORK_DST_TYPE=([0]="Local" [1]="Gateway" [2]="OpenVPN")
NETWORK_DST_CONFIG="
#-------------------------------------------------------------------------------
# Name Type Device Config Table
#-------------------------------------------------------------------------------
NoVPN 0 eth0 - 3
sub1 1 tun1 - 4
sub2 1 tun2 - 5
VyprVPN-aaa 2 tun10 vyprvpn-aaa 10
VyprVPN-bbb 2 tun11 vyprvpn-bbb 11
VyprVPN-ccc 2 tun12 vyprvpn-ccc 12
"
#-------------------------------------------------------------------------------
# Network Src Config
#-------------------------------------------------------------------------------
NETWORK_SRC_LOCAL_DEVICE="br-vir"
NETWORK_SRC_LOCAL_ADDRESS="10.2.0.1"
NETWORK_SRC_TYPE=([0]="Local" [1]="Routed" [2]="OpenVPN")
NETWORK_SRC_CONFIG="
#-------------------------------------------------------------------------------
# IP Type Owner Table Port Port
# Start Range
#-------------------------------------------------------------------------------
# GW.Rx3 Router
10.0.10.1 2 xxx 11 3000 10 # GW1
10.0.10.3 2 xxx 11 - 10 # GW2
# Loc Vir
10.2.1.1 0 xxx 11 3100 10
10.2.1.5 0 xxx 11 - 10
10.2.1.9 0 xxx 11 - 10
# Sub1
10.10.0.1 1 xxx 11 3200 10
10.10.0.2 1 xxx 11 - 10
10.10.0.3 1 xxx 3 - 10
# Sub2
10.11.0.43 1 xxx 11 3300 10
"
#-------------------------------------------------------------------------------
# VPN Config
#-------------------------------------------------------------------------------
VPN_CONFIG_FILE="/etc/openvpn/ext-client-DEVICE.conf"
VPN_TEMPLATE_FILE="/etc/openvpn/template/ext-client-tunx.conf"
VPN_PID_FILE="/var/lib/network/vpn.pid"
VPN_STATUS_FILE="/var/lib/network/vpn.status"
VPN_STATUS_LOCK="/var/lock/network/vpn"
# Supervisor main loop sleep delay in second
VPN_LOOP_DELAY=30

12
etc/sysconfig/rx3-ns Normal file
View File

@@ -0,0 +1,12 @@
# Domain : Host : Owner
NS_LIST=" \
vpn.rx3:vpn0:xxx \
vpn.rx3:vpn1:xxx \
vpn.rx3:vpn2:xxx \
vpn.rx3:vpn3:xxx \
vpn.rx3:vpn4:xxx \
vpn.rx3:vpn5:xxx \
vpn.rx3:vpn6:xxx \
vpn.rx3:vpn7:xxx \
vpn.rx3:vpn8:xxx \
vpn.rx3:vpn9:xxx"

126
usr/local/lib/dns.bash → lib/rx3/dns.bash
View File

@@ -1,39 +1,59 @@
#!/bin/bash
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Rx3 DNS Library
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------
if [[ "${DNS_BASH}" != "" ]]
if [[ "${RX3_DNS_LIB}" != "" ]]
then
return
else
declare -g DNS_BASH=1
declare -g RX3_DNS_LIB=1
fi
#-----------------------------------------------------------------------------------------------------------------------------------
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
if [[ -e /usr/local/lib/default.bash ]]
then
. /usr/local/lib/default.bash
else
. /usr/global/lib/default.bash
fi
: "${RX3_LIB_DIR:=/usr/lib/rx3}"
. "${RX3_LIB_DIR}/ip.bash"
#-----------------------------------------------------------------------------------------------------------------------------------
# Global Variable
#-----------------------------------------------------------------------------------------------------------------------------------
declare -Ag DNS_A_TAB
declare -g DNS_A_ID_LIST
declare -Ag DNS_A_TAB=()
declare -g DNS_A_ID_LIST=""
declare -Ag DNS_PTR_TAB
declare -g DNS_PTR_ID_LIST
declare -Ag DNS_PTR_TAB=()
declare -g DNS_PTR_ID_LIST=""
declare -g DNS_CACHE_FILE
declare -g DNS_CACHE_LOCK
declare -g DNS_CACHE_FILE=""
declare -g DNS_CACHE_LOCK=""
#declare -g DNS_CACHE_LOCK="${DNS_CACHE_FILE}"
declare -g DNS_CACHE_UPDATED=0
@@ -43,7 +63,7 @@ declare -g DNS_CACHE_UPDATED=0
#--------------------------------------------------------------------------------------------------------------------------
# dns_tab_load
# Dns Tab Load
#--------------------------------------------------------------------------------------------------------------------------
dns_tab_load()
@@ -86,7 +106,7 @@ dns_tab_load()
#--------------------------------------------------------------------------------------------------------------------------
# dns_tab_save
# Dns Tab Save
#--------------------------------------------------------------------------------------------------------------------------
dns_tab_save()
@@ -122,7 +142,7 @@ dns_tab_save()
#--------------------------------------------------------------------------------------------------------------------------
# dns_tab_get
# Dns Tab Get
#--------------------------------------------------------------------------------------------------------------------------
dns_tab_get()
@@ -164,7 +184,7 @@ dns_tab_get()
#--------------------------------------------------------------------------------------------------------------------------
# dns_tab_put
# Dns Tab Put
#--------------------------------------------------------------------------------------------------------------------------
dns_tab_put()
@@ -192,31 +212,31 @@ dns_tab_put()
#--------------------------------------------------------------------------------------------------------------------------
# dns_lookup
# Dns Lookup
#--------------------------------------------------------------------------------------------------------------------------
dns_lookup()
{
dl_type="$1"
dl_key="$2"
dl_flag="$3"
dl_flag="${3:-"CACHE"}"
if [[ "${dl_flag}" != "NOCACHE" ]]
then
dns_tab_get ${dl_type} ${dl_key}
{ dns_tab_get ${dl_type} ${dl_key}; rc=$?; } || true
else
false
rc=1
fi
if [[ "$?" != "0" ]]
if [[ "${rc}" != "0" ]]
then
log_trace "DNS" "Out of Cache: Type: [${dl_type}] Key: [${dl_key}] Flag: [${dl_flag}]"
#log_trace "DNS" "Out of Cache: Type: [${dl_type}] Key: [${dl_key}] Flag: [${dl_flag}]"
case ${dl_type}
in
"A")
dns_value="$( dig +short ${dl_key} 2>/dev/null)"
dns_value="$( dig +short ${dl_key} 2>/dev/null | ip_ip_filter)"
;;
"PTR")
@@ -237,7 +257,7 @@ dns_lookup()
#--------------------------------------------------------------------------------------------------------------------------
# dns_tab_dump
# Dns Tab Dump
#--------------------------------------------------------------------------------------------------------------------------
dns_tab_dump()
@@ -272,13 +292,49 @@ dns_tab_dump()
#--------------------------------------------------------------------------------------------------------------------------
# dns_init
# Dns Host Update
#--------------------------------------------------------------------------------------------------------------------------
dns_host_update()
{
local host="$1"
local zone="$2"
local ip="$3"
local ttl="$4"
local date
date="$(date --rfc-3339=seconds)"
log_info "DNS" "Host: [${host}] Zone: [${zone}] IP: [${ip}] TTL: [${ttl}] Date: [${date}]"
(
echo "prereq yxrrset ${host}.${zone}. A"
echo "update delete ${host}.${zone}. A"
echo "update add ${host}.${zone}. ${ttl} A ${ip}"
echo "update delete ${host}.${zone}. TXT"
echo "update add ${host}.${zone}. ${ttl} TXT ${date}"
echo ""
) | sudo nsupdate
if [[ "$?" == "0" ]]
then
dns_tab_put "A" "${host}.${zone}" "${ip}"
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# Dns Init
#--------------------------------------------------------------------------------------------------------------------------
dns_init()
{
file_dir_init ${DNS_CACHE_FILE} root apache
file_dir_init ${DNS_CACHE_LOCK} root apache
file_dir_init "${DNS_CACHE_FILE}" root apache
file_dir_init "${DNS_CACHE_LOCK}" root apache
}
@@ -286,11 +342,19 @@ dns_init()
#--------------------------------------------------------------------------------------------------------------------------
# dns_deinit
# Dns Deinit
#--------------------------------------------------------------------------------------------------------------------------
dns_deinit()
{
:;
DNS_A_TAB=()
DNS_A_ID_LIST=""
DNS_PTR_TAB=()
DNS_PTR_ID_LIST=""
DNS_CACHE_UPDATED=0
# :;
}

145
lib/rx3/ip.bash Normal file
View File

@@ -0,0 +1,145 @@
#!/bin/bash
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Rx3 IP Library
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------
if [[ "${RX3_IP_LIB}" != "" ]]
then
return
else
declare -g RX3_IP_LIB=1
fi
#-----------------------------------------------------------------------------------------------------------------------------------
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
: "${RX3_LIB_DIR:=/usr/lib/rx3}"
. "${RX3_LIB_DIR}/base.bash"
#-----------------------------------------------------------------------------------------------------------------------------------
# Global Variable
#-----------------------------------------------------------------------------------------------------------------------------------
#--------------------------------------------------------------------------------------------------------------------------
# Is Valid Ip
#--------------------------------------------------------------------------------------------------------------------------
ip_is_valid_ip()
{
local ip=$1
local regex='^([0-9]{1,3}\.){3}[0-9]{1,3}$'
if [[ $ip =~ $regex ]]
then
IFS='.' read -r o1 o2 o3 o4 <<< "$ip"
for octet in $o1 $o2 $o3 $o4
do
if (( octet < 0 || octet > 255 ))
then
return 1
fi
done
return 0
else
return 1
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# Ip To Num
#--------------------------------------------------------------------------------------------------------------------------
ip_ip_to_num()
{
local ip="$1"
local a
local b
local c
local d
IFS=. read -r a b c d <<< "${ip}"
echo $(( (a << 24) + (b << 16) + (c << 8) + d ))
}
#--------------------------------------------------------------------------------------------------------------------------
# Num To Ip
#--------------------------------------------------------------------------------------------------------------------------
ip_num_to_ip()
{
local num="$1"
# Optional safety check
if (( num < 0 || num > 4294967295 ))
then
echo_error "num_to_ip: value out of range (04294967295)"
return 1
fi
# Extract each byte by shifting and masking
local a=$(( (num >> 24) & 255 ))
local b=$(( (num >> 16) & 255 ))
local c=$(( (num >> 8) & 255 ))
local d=$(( num & 255 ))
printf '%d.%d.%d.%d\n' "$a" "$b" "$c" "$d"
}
#-----------------------------------------------------------------------------------------------------------------------------------
# IP Filter
#-----------------------------------------------------------------------------------------------------------------------------------
ip_ip_filter()
{
grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'
}

660
usr/local/lib/network.bash → lib/rx3/network.bash
View File

File diff suppressed because it is too large Load Diff

71
usr/local/lib/vpn.bash → lib/rx3/vpn.bash
View File

@@ -1,29 +1,54 @@
#!/bin/bash -x
#!/bin/bash
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Rx3 VPN Library
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------
if [[ "${VPN_BASH}" != "" ]]
if [[ "${RX3_VPN_LIB}" != "" ]]
then
return
else
declare -g VPN_BASH=1
declare -g RX3_VPN_LIB=1
fi
#-----------------------------------------------------------------------------------------------------------------------------------
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
. /usr/local/lib/network.bash
: "${RX3_LIB_DIR:=/usr/lib/rx3}"
. "${RX3_LIB_DIR}/network.bash"
#-----------------------------------------------------------------------------------------------------------------------------------
# Global Variable
#-----------------------------------------------------------------------------------------------------------------------------------
declare -Ag VPN_JOB_TAB
declare -Ag VPN_JOB_ID_LIST
declare -Ag VPN_JOB_NAME_IDX
declare -Ag VPN_JOB_TAB=()
declare -g VPN_JOB_ID_LIST=""
declare -Ag VPN_JOB_NAME_IDX=()
declare -g VPN_PID_FILE
declare -g VPN_STATUS_FILE
@@ -34,7 +59,7 @@ declare -g VPN_STATUS_LOCK
#--------------------------------------------------------------------------------------------------------------------------
# vpn_config_make
# VPN Config Make
#--------------------------------------------------------------------------------------------------------------------------
vpn_config_make()
@@ -56,7 +81,7 @@ vpn_config_make()
#--------------------------------------------------------------------------------------------------------------------------
# vpn_config_make_all
# VPN Config Make All
#--------------------------------------------------------------------------------------------------------------------------
vpn_config_make_all()
@@ -83,7 +108,7 @@ vpn_config_make_all()
#--------------------------------------------------------------------------------------------------------------------------
# vpn_job_tab_load
# VPN Job Tab Load
#--------------------------------------------------------------------------------------------------------------------------
vpn_job_tab_load()
@@ -128,7 +153,7 @@ vpn_job_tab_load()
#--------------------------------------------------------------------------------------------------------------------------
# vpn_job_tab_get
# VPN Job Tab Get
#--------------------------------------------------------------------------------------------------------------------------
vpn_job_tab_get()
@@ -147,7 +172,7 @@ vpn_job_tab_get()
#--------------------------------------------------------------------------------------------------------------------------
# vpn_job_tab_save
# VPN Job Tab Save
#--------------------------------------------------------------------------------------------------------------------------
vpn_job_tab_save()
@@ -186,7 +211,7 @@ VPN_STATUS="
#--------------------------------------------------------------------------------------------------------------------------
# vpn_job_tab_init
# VPN Job Tab Init
#--------------------------------------------------------------------------------------------------------------------------
vpn_job_tab_init()
@@ -227,7 +252,7 @@ vpn_job_tab_init()
#--------------------------------------------------------------------------------------------------------------------------
# vpn_job_tab_deinit
# VPN Job Tab Deinit
#--------------------------------------------------------------------------------------------------------------------------
vpn_job_tab_deinit()
@@ -261,7 +286,7 @@ vpn_job_tab_deinit()
#--------------------------------------------------------------------------------------------------------------------------
# vpn_job_tab_dump
# VPN Job Tab Dump
#--------------------------------------------------------------------------------------------------------------------------
vpn_job_tab_dump()
@@ -293,7 +318,7 @@ vpn_job_tab_dump()
#--------------------------------------------------------------------------------------------------------------------------
# vpn_supervisor
# VPN Supervisor
#--------------------------------------------------------------------------------------------------------------------------
vpn_supervisor()
@@ -348,6 +373,8 @@ vpn_supervisor()
log_trace "VPN" "Refreshing DNS entries..."
network_dst_address_refresh_all
network_reinit
done
}
@@ -356,7 +383,7 @@ vpn_supervisor()
#--------------------------------------------------------------------------------------------------------------------------
# vpn_kill_jobs
# VPN Kill Jobs
#--------------------------------------------------------------------------------------------------------------------------
vpn_jobs_kill()
@@ -388,7 +415,7 @@ vpn_jobs_kill()
#--------------------------------------------------------------------------------------------------------------------------
# vpn_init
# VPN Init
#--------------------------------------------------------------------------------------------------------------------------
vpn_init()
@@ -420,7 +447,7 @@ vpn_init()
#--------------------------------------------------------------------------------------------------------------------------
# vpn_deinit
# VPN Deinit
#--------------------------------------------------------------------------------------------------------------------------
vpn_deinit()
@@ -433,7 +460,7 @@ vpn_deinit()
#--------------------------------------------------------------------------------------------------------------------------
# vpn_start
# VPN Start
#--------------------------------------------------------------------------------------------------------------------------
vpn_start()
@@ -475,7 +502,7 @@ vpn_start()
#--------------------------------------------------------------------------------------------------------------------------
# vpn_stop
# VPN Stop
#--------------------------------------------------------------------------------------------------------------------------
vpn_stop()
@@ -518,7 +545,7 @@ vpn_stop()
#--------------------------------------------------------------------------------------------------------------------------
# vpn_status
# VPN Status
#--------------------------------------------------------------------------------------------------------------------------
vpn_status()

275
sbin/cert_dump Executable file
View File

@@ -0,0 +1,275 @@
#!/bin/bash
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Rx3 Cert Dump
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------------------
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
: "${RX3_LIB_DIR:=/usr/lib/rx3}"
. "${RX3_LIB_DIR}/base.bash"
#-----------------------------------------------------------------------------------------------------------------------------------
# Global Variables
#-----------------------------------------------------------------------------------------------------------------------------------
declare -g VERSION="1.2.0"
declare -g NAME="cert_dump"
declare -g HELP="usage: [-h | --help] | [-V | --version] | [-v | --verbose] {ca|tc|key|csr|crt} [host]"
declare -g MODE="DEFAULT"
declare -g VERBOSE="FALSE"
declare -g DRY_RUN="FALSE"
declare -g RETVAL=0
declare -g DEBUG=""
#declare -g DEBUG="echo"
#declare -g DEBUG=":"
declare -g LOG=""
#declare -g LOG=":"
#declare -g LOG="echo"
declare -g OPENVPN_DIR="/etc/openvpn"
declare -g TYPE=""
declare -g HOST=""
#-----------------------------------------------------------------------------------------------------------------------------------
# Version Print
#-----------------------------------------------------------------------------------------------------------------------------------
cdu_version_print()
{
version_print
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Help Print
#-----------------------------------------------------------------------------------------------------------------------------------
cdu_help_print()
{
cdu_version_print
help_print
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Arg Parse
#-----------------------------------------------------------------------------------------------------------------------------------
cdu_args_parse()
{
tmp_args=$(getopt -o hvV --long help,verbose,version -n "${NAME}" -- "$@")
if [ $? != 0 ]; then echo "Terminating..." >&2; exit 1; fi
eval set -- "${tmp_args}"
while true
do
case "$1" in
# Options
-h|--help) MODE="EXIT"; cdu_help_print; shift;;
-V|--version) MODE="EXIT"; cdu_version_print; shift;;
-v|--verbose) VERBOSE="TRUE"; shift;;
# End of options
--) shift; break;;
*) echo "args_parse internal error [$1]!"; exit 1;;
esac
done
if [[ "${MODE}" != "EXIT" ]]
then
if [[ "${#}" -lt "1" ]]
then
MODE="EXIT"
echo_error "Not enough args!"
cdu_help_print
else
case "$1" in
"ca"|"tc")
MODE="$(echo "$1" | tr '[:lower:]' '[:upper:]')"
;;
"key"|"csr"|"crt")
if [[ "${#}" -lt "2" ]]
then
MODE="EXIT"
echo_error "Missing host argument for type: [$1]"
cdu_help_print
else
MODE="$(echo "$1" | tr '[:lower:]' '[:upper:]')"
HOST="$2"
fi
;;
*)
MODE="EXIT"
echo_error "Invalid type: [$1]"
cdu_help_print
;;
esac
fi
fi
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Cert Dump Ca
#-----------------------------------------------------------------------------------------------------------------------------------
cdu_cert_dump_ca()
{
cat "${OPENVPN_DIR}/tls/certs/ca.crt"
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Cert Dump Tc
#-----------------------------------------------------------------------------------------------------------------------------------
cdu_cert_dump_tc()
{
cat "${OPENVPN_DIR}/tls/private/tc.key"
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Cert Dump Key
#-----------------------------------------------------------------------------------------------------------------------------------
cdu_cert_dump_key()
{
local host="$1"
cat "${OPENVPN_DIR}/tls/private/${host}.key"
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Cert Dump Csr
#-----------------------------------------------------------------------------------------------------------------------------------
cdu_cert_dump_csr()
{
local host="$1"
cat "${OPENVPN_DIR}/tls/certs/${host}.csr"
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Cert Dump Crt
#-----------------------------------------------------------------------------------------------------------------------------------
cdu_cert_dump_crt()
{
local host="$1"
cat "${OPENVPN_DIR}/tls/certs/${host}.crt"
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Main
#-----------------------------------------------------------------------------------------------------------------------------------
cdu_args_parse "$@"
if [[ "${MODE}" == "EXIT" ]]
then
exit 0
fi
case "${MODE}" in
"CA")
cdu_cert_dump_ca
;;
"TC")
cdu_cert_dump_tc
;;
"KEY")
cdu_cert_dump_key "${HOST}"
;;
"CSR")
cdu_cert_dump_csr "${HOST}"
;;
"CRT")
cdu_cert_dump_crt "${HOST}"
;;
*)
cdu_help_print
RETVAL=1
;;
esac
exit ${RETVAL}

183
sbin/ip_host_update Executable file
View File

@@ -0,0 +1,183 @@
#!/bin/bash
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Rx3 IP Host Update
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------------------
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
: "${RX3_LIB_DIR:=/usr/lib/rx3}"
. "${RX3_LIB_DIR}/dns.bash"
#-----------------------------------------------------------------------------------------------------------------------------------
# Global Variables
#-----------------------------------------------------------------------------------------------------------------------------------
declare -g VERSION="1.0.0"
declare -g NAME="ip_host_update"
declare -g HELP="usage: [-h | --help] | [-V | --version] | [-v | --verbose] <host> <zone> <ip> <ttl>"
declare -g MODE="DEFAULT"
declare -g VERBOSE="FALSE"
declare -g DRY_RUN="FALSE"
declare -g RETVAL=0
declare -g DEBUG=""
#declare -g DEBUG="echo"
#declare -g DEBUG=":"
declare -g LOG=""
#declare -g LOG=":"
#declare -g LOG="echo"
declare -g HOST=""
declare -g ZONE=""
declare -g IP=""
declare -g TTL=""
#-----------------------------------------------------------------------------------------------------------------------------------
# Version Print
#-----------------------------------------------------------------------------------------------------------------------------------
ihu_version_print()
{
version_print
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Help Print
#-----------------------------------------------------------------------------------------------------------------------------------
ihu_help_print()
{
ihu_version_print
help_print
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Arg Parse
#-----------------------------------------------------------------------------------------------------------------------------------
ihu_args_parse()
{
tmp_args=$(getopt -o hvV --long help,verbose,version -n "${NAME}" -- "$@")
if [ $? != 0 ]; then echo "Terminating..." >&2; exit 1; fi
eval set -- "${tmp_args}"
while true
do
case "$1" in
# Options
-h|--help) MODE="EXIT"; ihu_help_print; shift;;
-V|--version) MODE="EXIT"; ihu_version_print; shift;;
-v|--verbose) VERBOSE="TRUE"; shift;;
# End of options
--) shift; break;;
*) echo "args_parse internal error [$1]!"; exit 1;;
esac
done
if [[ "${MODE}" != "EXIT" ]]
then
if [[ "${#}" -lt "4" ]]
then
MODE="EXIT"
echo_error "Not enough args!"
ihu_help_print
else
MODE="UPDATE"
HOST="$1"
ZONE="$2"
IP="$3"
TTL="$4"
fi
fi
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Host Update
#-----------------------------------------------------------------------------------------------------------------------------------
ihu_host_update()
{
local host="$1"
local zone="$2"
local ip="$3"
local ttl="$4"
dns_host_update "${host}" "${zone}" "${ip}" "${ttl}"
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Main
#-----------------------------------------------------------------------------------------------------------------------------------
ihu_args_parse "$@"
if [[ "${MODE}" == "EXIT" ]]
then
exit 0
fi
case "${MODE}" in
UPDATE)
ihu_host_update "${HOST}" "${ZONE}" "${IP}" "${TTL}"
;;
*)
echo "Usage: $0 <host> <zone> <ip> <ttl>"
RETVAL=1
;;
esac
exit ${RETVAL}

0
usr/local/sbin/ns-launch → sbin/ns-launch
View File

75
sbin/openvpn-client-down Executable file
View File

@@ -0,0 +1,75 @@
#!/bin/bash
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Rx3 OpenVPN Client Down
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------------------
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
: "${RX3_LIB_DIR:=/usr/lib/rx3}"
. "${RX3_LIB_DIR}/network.bash"
#-----------------------------------------------------------------------------------------------------------------------------------
# Global Variables
#-----------------------------------------------------------------------------------------------------------------------------------
declare -g VERSION="1.2.0"
declare -g NAME="openvpn-client-down"
declare -g DEBUG=""
#declare -g DEBUG="echo"
#declare -g DEBUG=":"
declare -g LOG=""
#declare -g LOG=":"
#declare -g LOG="echo"
#-----------------------------------------------------------------------------------------------------------------------------------
# Main
#-----------------------------------------------------------------------------------------------------------------------------------
network_init
line="[${dev}]: Local_Int_Address: [${ifconfig_local}] Remote_Int_Address: [${ifconfig_pool_remote_ip}] Remote_Ext_Address: [${untrusted_ip}] Common_Name: [${common_name}] Duration: [${time_duration}]"
log_info "VPN-Client-Down" "${line}"
touch /etc/openvpn/status/${common_name}.status
log_trace "VPN-Client-Down" "[${dev}]: Done!"
network_deinit

77
sbin/openvpn-client-up Executable file
View File

@@ -0,0 +1,77 @@
#!/bin/bash
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Rx3 OpenVPN Client Up
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------------------
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
: "${RX3_LIB_DIR:=/usr/lib/rx3}"
. "${RX3_LIB_DIR}/network.bash"
#-----------------------------------------------------------------------------------------------------------------------------------
# Global Variables
#-----------------------------------------------------------------------------------------------------------------------------------
declare -g VERSION="1.0.0"
declare -g NAME="openvpn-client-up"
declare -g DEBUG=""
#declare -g DEBUG="echo"
#declare -g DEBUG=":"
declare -g LOG=""
#declare -g LOG=":"
#declare -g LOG="echo"
#-----------------------------------------------------------------------------------------------------------------------------------
# Main
#-----------------------------------------------------------------------------------------------------------------------------------
network_init
output_param_file="$1"
line="[${dev}]: Local_Int_Address: [${ifconfig_local}] Remote_Int_Address: [${ifconfig_pool_remote_ip}] Remote_Ext_Address: [${untrusted_ip}] Common_Name: [${common_name}] Output_Param_File: [${output_param_file}]"
log_info "VPN-Client-Up" "${line}"
touch /etc/openvpn/status/${common_name}.status
log_trace "VPN-Client-Up" "[${dev}]: Done!"
network_deinit

79
sbin/openvpn-down Executable file
View File

@@ -0,0 +1,79 @@
#!/bin/bash
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Rx3 OpenVPN Down
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------------------
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
: "${RX3_LIB_DIR:=/usr/lib/rx3}"
. "${RX3_LIB_DIR}/network.bash"
#-----------------------------------------------------------------------------------------------------------------------------------
# Global Variables
#-----------------------------------------------------------------------------------------------------------------------------------
declare -g VERSION="1.0.0"
declare -g NAME="openvpn-down"
declare -g DEBUG=""
#declare -g DEBUG="echo"
#declare -g DEBUG=":"
declare -g LOG=""
#declare -g LOG=":"
#declare -g LOG="echo"
#-----------------------------------------------------------------------------------------------------------------------------------
# Main
#-----------------------------------------------------------------------------------------------------------------------------------
local dev="$1"
local local_mtu="$2"
local remote_mtu="$3"
local local_address="$4"
local local_netmask="$5"
local phase="$6"
network_init
log_info "VPN-Down" "[${dev}]: Local_MTU: [${local_mtu}] Remote_MTU: [${remote_mtu}] Local_Address: [${local_address}] Local_Netmask: [${local_netmask}] Phase: [${phase}]"
network_device_deinit "" "${dev}"
log_trace "VPN-Down" "[${dev}]: Done!"
network_deinit

193
sbin/openvpn-status Executable file
View File

@@ -0,0 +1,193 @@
#!/bin/bash
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Rx3 OpenVPN Status
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------------------
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
: "${RX3_LIB_DIR:=/usr/lib/rx3}"
. "${RX3_LIB_DIR}/base.bash"
#-----------------------------------------------------------------------------------------------------------------------------------
# Global Variables
#-----------------------------------------------------------------------------------------------------------------------------------
declare -g VERSION="1.0.0"
declare -g NAME="openvpn-status"
declare -g HELP="usage: [-h | --help] | [-V | --version] | [-v | --verbose] [dev]"
declare -g MODE="DEFAULT"
declare -g VERBOSE="FALSE"
declare -g DRY_RUN="FALSE"
declare -g RETVAL=0
declare -g DEBUG=""
#declare -g DEBUG="echo"
#declare -g DEBUG=":"
declare -g LOG=""
#declare -g LOG=":"
#declare -g LOG="echo"
declare -g STATUS_DIR="/var/lib/openvpn"
declare -g DEV=""
#-----------------------------------------------------------------------------------------------------------------------------------
# Version Print
#-----------------------------------------------------------------------------------------------------------------------------------
ovs_version_print()
{
version_print
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Help Print
#-----------------------------------------------------------------------------------------------------------------------------------
ovs_help_print()
{
ovs_version_print
help_print
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Arg Parse
#-----------------------------------------------------------------------------------------------------------------------------------
ovs_args_parse()
{
tmp_args=$(getopt -o hvV --long help,verbose,version -n "${NAME}" -- "$@")
if [ $? != 0 ]; then echo "Terminating..." >&2; exit 1; fi
eval set -- "${tmp_args}"
while true
do
case "$1" in
# Options
-h|--help) MODE="EXIT"; ovs_help_print; shift;;
-V|--version) MODE="EXIT"; ovs_version_print; shift;;
-v|--verbose) VERBOSE="TRUE"; shift;;
# End of options
--) shift; break;;
*) echo "args_parse internal error [$1]!"; exit 1;;
esac
done
if [[ "${MODE}" != "EXIT" ]]
then
if [[ "${#}" -ge "1" ]]
then
MODE="DEVICE"
DEV="$1"
else
MODE="ALL"
fi
fi
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Status Device
#-----------------------------------------------------------------------------------------------------------------------------------
ovs_status_device()
{
local dev="$1"
cat "${STATUS_DIR}/${dev}.status"
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Status All
#-----------------------------------------------------------------------------------------------------------------------------------
ovs_status_all()
{
awk '{print FILENAME ": " $0}' "${STATUS_DIR}"/*.status
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Main
#-----------------------------------------------------------------------------------------------------------------------------------
ovs_args_parse "$@"
if [[ "${MODE}" == "EXIT" ]]
then
exit 0
fi
case "${MODE}" in
DEVICE)
ovs_status_device "${DEV}"
;;
ALL)
ovs_status_all
;;
*)
echo "Usage: $0 [dev]"
RETVAL=1
;;
esac
exit ${RETVAL}

78
sbin/openvpn-up Executable file
View File

@@ -0,0 +1,78 @@
#!/bin/bash
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Rx3 OpenVPN Up
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------------------
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
: "${RX3_LIB_DIR:=/usr/lib/rx3}"
. "${RX3_LIB_DIR}/network.bash"
#-----------------------------------------------------------------------------------------------------------------------------------
# Global Variables
#-----------------------------------------------------------------------------------------------------------------------------------
declare -g VERSION="1.0.0"
declare -g NAME="openvpn-up"
declare -g DEBUG=""
#declare -g DEBUG="echo"
#declare -g DEBUG=":"
declare -g LOG=""
#declare -g LOG=":"
#declare -g LOG="echo"
#-----------------------------------------------------------------------------------------------------------------------------------
# Main
#-----------------------------------------------------------------------------------------------------------------------------------
local dev="$1"
local local_mtu="$2"
local remote_mtu="$3"
local local_address="$4"
local local_netmask="$5"
local phase="$6"
network_init
log_info "VPN-Up" "[${dev}]: Local_MTU: [${local_mtu}] Remote_MTU: [${remote_mtu}] Local_Address: [${local_address}] Local_Netmask: [${local_netmask}] Phase: [${phase}]"
network_device_init "" "${dev}"
log_trace "VPN-Up" "[${dev}]: Done!"
network_deinit

320
sbin/rx3_net_adm Executable file
View File

@@ -0,0 +1,320 @@
#!/bin/bash
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Rx3 Net Adm
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------------------
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
: "${RX3_LIB_DIR:=/usr/lib/rx3}"
. "${RX3_LIB_DIR}/network.bash"
#-----------------------------------------------------------------------------------------------------------------------------------
# Global Variables
#-----------------------------------------------------------------------------------------------------------------------------------
declare -g VERSION="1.2.0"
declare -g NAME="rx3_net_adm"
declare -g HELP="usage: [-h | --help] | [-V | --version] | [-v | --verbose] {start|stop|restart|status|dump|table_set|refresh_address} [args...]"
declare -g MODE="DEFAULT"
declare -g VERBOSE="FALSE"
declare -g DRY_RUN="FALSE"
declare -g RETVAL=0
declare -g prog="rx3-net"
declare -g DEBUG="${DEBUG-}"
#declare -g DEBUG=""
#declare -g DEBUG="echo"
#declare -g DEBUG=":"
declare -g ECHO="${ECHO-}"
#declare -g ECHO="echo"
#declare -g ECHO=":"
#declare -g LOG=""
#-----------------------------------------------------------------------------------------------------------------------------------
# Version Print
#-----------------------------------------------------------------------------------------------------------------------------------
rna_version_print()
{
version_print
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Help Print
#-----------------------------------------------------------------------------------------------------------------------------------
rna_help_print()
{
rna_version_print
help_print
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Arg Parse
#-----------------------------------------------------------------------------------------------------------------------------------
rna_args_parse()
{
tmp_args=$(getopt -o hvV --long help,verbose,version -n "${NAME}" -- "$@")
if [ $? != 0 ]; then echo "Terminating..." >&2; exit 1; fi
eval set -- "${tmp_args}"
while true
do
case "$1" in
# Options
-h|--help) MODE="EXIT"; rna_help_print; shift;;
-V|--version) MODE="EXIT"; rna_version_print; shift;;
-v|--verbose) VERBOSE="TRUE"; shift;;
# End of options
--) shift; break;;
*) echo "args_parse internal error [$1]!"; exit 1;;
esac
done
if [[ "${MODE}" != "EXIT" ]]
then
if [[ "${#}" -lt "1" ]]
then
MODE="EXIT"
echo_error "Not enough args!"
rna_help_print
else
case "$1" in
start|stop|restart|status|dump|table_set|refresh_address)
MODE="$(echo "$1" | tr '[:lower:]' '[:upper:]')"
;;
*)
MODE="EXIT"
echo_error "Invalid command: [$1]"
rna_help_print
;;
esac
fi
fi
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Start
#-----------------------------------------------------------------------------------------------------------------------------------
rna_start()
{
echo "Starting..."
if [ -r /var/lock/subsys/rx3-net ]
then
echo "already started"
RETVAL=0
else
network_start
RETVAL=$?
[ "${RETVAL}" = 0 ] && touch /var/lock/subsys/rx3-net
fi
echo
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Stop
#-----------------------------------------------------------------------------------------------------------------------------------
rna_stop()
{
echo "Stopping..."
if [ -r /var/lock/subsys/rx3-net ]
then
network_stop
RETVAL=$?
else
echo "already stopped"
RETVAL=0
fi
[ "${RETVAL}" = 0 ] && rm -f /var/lock/subsys/rx3-net
echo
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Status
#-----------------------------------------------------------------------------------------------------------------------------------
rna_status()
{
network_status
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Dump
#-----------------------------------------------------------------------------------------------------------------------------------
rna_dump()
{
network_tab_dump
}
#--------------------------------------------------------------------------------------------------------------------------
# Table Set
#--------------------------------------------------------------------------------------------------------------------------
rna_table_set()
{
echo "Setting ip:$1 table:$2"
network_table_set "$1" "$2"
}
#--------------------------------------------------------------------------------------------------------------------------
# Address Refresh
#--------------------------------------------------------------------------------------------------------------------------
rna_address_refresh()
{
dst_id="$1"
if [[ "${dst_id}" != "" ]]
then
echo "Refreshing address: [${dst_id}]..."
network_dst_tab_get "${dst_id}"
network_dst_address_refresh "${dst_id}" "${dst_host_name}" "${dst_ip}"
else
echo "Refreshing all address..."
network_dst_address_refresh_all
fi
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Main
#-----------------------------------------------------------------------------------------------------------------------------------
rna_args_parse "$@"
if [[ "${MODE}" == "EXIT" ]]
then
exit 0
fi
network_init
case "${MODE}" in
START)
rna_start
;;
STOP)
rna_stop
;;
RESTART)
rna_stop
sleep 1
rna_start
;;
STATUS)
rna_status
;;
DUMP)
rna_dump
;;
TABLE_SET)
rna_table_set "$2" "$3"
;;
REFRESH_ADDRESS)
rna_address_refresh "$2"
;;
*)
echo "Usage: $0 {start|stop|restart|status|dump|table_set|refresh_address}"
RETVAL=1
;;
esac
network_deinit
exit ${RETVAL}

271
sbin/rx3_vpn_adm Executable file
View File

@@ -0,0 +1,271 @@
#!/bin/bash
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Rx3 Vpn Adm
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------------------
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
: "${RX3_LIB_DIR:=/usr/lib/rx3}"
. "${RX3_LIB_DIR}/vpn.bash"
#-----------------------------------------------------------------------------------------------------------------------------------
# Global Variables
#-----------------------------------------------------------------------------------------------------------------------------------
declare -g VERSION="1.2.0"
declare -g NAME="rx3_vpn_adm"
declare -g HELP="usage: [-h | --help] | [-V | --version] | [-v | --verbose] {start | stop | restart | status | dump} [args...]"
declare -g MODE="DEFAULT"
declare -g VERBOSE="FALSE"
declare -g DRY_RUN="FALSE"
declare -g RETVAL=0
declare -g prog="rx3-vpn"
declare -g DEBUG=""
#declare -g DEBUG="echo"
#declare -g DEBUG=":"
declare -g LOG=""
#declare -g LOG=":"
#declare -g LOG="echo"
#-----------------------------------------------------------------------------------------------------------------------------------
# Version Print
#-----------------------------------------------------------------------------------------------------------------------------------
rva_version_print()
{
version_print
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Help Print
#-----------------------------------------------------------------------------------------------------------------------------------
rva_help_print()
{
rva_version_print
help_print
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Arg Parse
#-----------------------------------------------------------------------------------------------------------------------------------
rva_args_parse()
{
tmp_args=$(getopt -o hvV --long help,verbose,version -n "${NAME}" -- "$@")
if [ $? != 0 ]; then echo "Terminating..." >&2; exit 1; fi
eval set -- "${tmp_args}"
while true
do
case "$1" in
# Options
-h|--help) MODE="EXIT"; rva_help_print; shift;;
-V|--version) MODE="EXIT"; rva_version_print; shift;;
-v|--verbose) VERBOSE="TRUE"; shift;;
# End of options
--) shift; break;;
*) echo "args_parse internal error [$1]!"; exit 1;;
esac
done
if [[ "${MODE}" != "EXIT" ]]
then
if [[ "${#}" -lt "1" ]]
then
MODE="EXIT"
echo_error "Not enough args!"
rva_help_print
else
case "$1" in
start|stop|restart|status|dump)
MODE="$(echo "$1" | tr '[:lower:]' '[:upper:]')"
;;
*)
MODE="EXIT"
echo_error "Invalid command: [$1]"
rva_help_print
;;
esac
fi
fi
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Start
#-----------------------------------------------------------------------------------------------------------------------------------
rva_start()
{
echo "Starting..."
if [ -r /var/lock/subsys/rx3-vpn ]
then
echo "already started"
RETVAL=0
else
vpn_start
RETVAL=$?
[ "${RETVAL}" = 0 ] && touch /var/lock/subsys/rx3-vpn
fi
echo
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Stop
#-----------------------------------------------------------------------------------------------------------------------------------
rva_stop()
{
echo "Stopping..."
if [ -r /var/lock/subsys/rx3-vpn ]
then
vpn_stop
RETVAL=$?
else
echo "already stopped"
RETVAL=0
fi
[ "${RETVAL}" = 0 ] && rm -f /var/lock/subsys/rx3-vpn
echo
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Status
#-----------------------------------------------------------------------------------------------------------------------------------
rva_status()
{
vpn_status
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Dump
#-----------------------------------------------------------------------------------------------------------------------------------
rva_dump()
{
vpn_job_tab_dump
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Main
#-----------------------------------------------------------------------------------------------------------------------------------
rva_args_parse "$@"
if [[ "${MODE}" == "EXIT" ]]
then
exit 0
fi
vpn_init
case "${MODE}" in
START)
rva_start
;;
STOP)
rva_stop
;;
RESTART)
rva_stop
sleep 1
rva_start
;;
STATUS)
rva_status
;;
DUMP)
rva_dump
;;
*)
echo "Usage: $0 {start|stop|restart|status|dump}"
RETVAL=1
;;
esac
vpn_deinit
exit ${RETVAL}

404
usr/local/lib/default.bash
View File

@@ -1,404 +0,0 @@
#!/bin/bash
if [[ "${DEFAULT_BASH}" != "" ]]
then
return
else
declare -g DEFAULT_BASH=1
fi
# Global Variable
#-----------------------------------------------------------------------------------------------------------------------------------
declare -g LOG_FILE=""
declare -g LOG_LOCK=""
declare -g LOG_ECHO=""
declare -g LOG_TRACE="DISABLED"
# Default Options
#-----------------------------------------------------------------------------------------------------------------------------------
shopt -s extglob
# Print Version
#-----------------------------------------------------------------------------------------------------------------------------------
version_print()
{
echo "$VERSION" | sed -e 's/.*: //' -e 's/-/ /' -e 's/_/\./g' -e 's/\$$//'
}
# Prin Help
#-----------------------------------------------------------------------------------------------------------------------------------
help_print()
{
echo "${NAME} ${HELP}"
}
# Quote Str
#-----------------------------------------------------------------------------------------------------------------------------------
quote_str()
{
local quoted=${1//\'/\'\\\'\'}
printf "'%s'" "$quoted"
}
# Escape Str
#-----------------------------------------------------------------------------------------------------------------------------------
escape_str()
{
echo "$*" | sed -e "s/\"/\\\\\"/g"
}
# Line Echo
#-----------------------------------------------------------------------------------------------------------------------------------
line_echo()
{
string="$1"
count="$2"
echo -en "\e[2K\r"
if [[ "${count}" != "" ]]
then
printf "%05d: %s" "${count}"
echo -en "${string}"
fi
}
# Err Echo
#-----------------------------------------------------------------------------------------------------------------------------------
err_echo()
{
echo "$@" 1>&2
}
# Exec CMD
#-----------------------------------------------------------------------------------------------------------------------------------
exec_cmd()
{
cmd="$1"
if [[ "${verbose}" == "true" ]]
then
echo "${cmd}" 1>&2
fi
if [[ "${dry_run}" != "true" ]]
then
eval "${cmd}"
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# tab_assign
#--------------------------------------------------------------------------------------------------------------------------
tab_assign()
{
declare -n ta_tab=$1
ta_key=$2
ta_value=$3
if [[ "${ta_value}" == "-" ]]
then
ta_value=""
fi
ta_tab[${ta_key}]="${ta_value}"
}
#--------------------------------------------------------------------------------------------------------------------------
# var_assign
#--------------------------------------------------------------------------------------------------------------------------
var_assign()
{
declare -n va_var=$1
va_value=$2
va_mode=$3
if [[ "${va_value}" == "-" ]]
then
va_value=""
fi
if [[ "${va_mode}" == "INC" ]]
then
va_var="${va_var} ${va_value}"
else
va_var="${va_value}"
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# file_dir_init
#--------------------------------------------------------------------------------------------------------------------------
file_dir_init()
{
local File="$1"
local Owner="$2"
local Group="$3"
local dir
if [ ! -f ${File} ]
then
if [[ "$( id -u)" != "0" ]]
then
${ECHO} "Can't perform file init of: [${File}] as non root user!"
else
dir="$( dirname ${File})"
if [ ! -d ${dir} ]
then
${ECHO} "Initializing directory: [${dir}]"
mkdir ${dir}
chmod ug+rwx ${dir}
chown ${Owner}:${Group} ${dir}
fi
${ECHO} "Initializing file: [${File}]"
>${File}
chmod ug+rw ${File}
chown ${Owner}:${Group} ${File}
fi
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# file_lock
#--------------------------------------------------------------------------------------------------------------------------
file_lock()
{
local file="$1"
local mode="$2"
local desc="$3"
if [[ ( "${mode}" == "EXCLUSIVE" ) || ( "${mode}" == "WRITE" ) ]]
then
flag="-x"
else
flag="-s"
fi
if [[ "${desc}" == "" ]]
then
desc="9"
fi
eval "exec ${desc}<>\"\${file}\""
if ! flock ${flag} -w 5 ${desc}
then
err_echo "Failed to acquire [${mode}] lock on: [${file}]"
exit 1
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# file_unlock
#--------------------------------------------------------------------------------------------------------------------------
file_unlock()
{
local desc="$1"
if [[ "${desc}" == "" ]]
then
desc="9"
fi
eval "exec ${desc}<&-"
eval "exec ${desc}>&-"
}
#--------------------------------------------------------------------------------------------------------------------------
# log_set
#--------------------------------------------------------------------------------------------------------------------------
log_set()
{
local log_file="$1"
local lock_file="$2"
local echo_function="$3"
local log_trace="$4"
LOG_FILE="${log_file}"
LOG_LOCK="${lock_file}"
LOG_ECHO="${echo_function}"
if [[ ${log_trace} != "" ]]
then
LOG_TRACE="${log_trace}"
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# log_print
#--------------------------------------------------------------------------------------------------------------------------
log_print()
{
local log_file="$1"
local lock_file="$2"
local echo_function="$3"
local log_type="$4"
local log_prefix="$5"
shift; shift; shift; shift; shift
if [[ "${log_type}" != "TRA" ]] || [[ "${LOG_TRACE}" != "DISABLED" ]]
then
${echo_function} "($BASHPID):" "$*"
if [[ "${log_file}" != "" ]]
then
if [[ "${lock_file}" != "" ]]
then
file_lock "${lock_file}" WRITE 8
fi
printf >> "${log_file}" "%s %9s %3s %16s %s\n" "$(date --rfc-3339=seconds -u)" "($BASHPID)" "${log_type}" "${log_prefix}:" "$*"
if [[ "${lock_file}" != "" ]]
then
file_unlock 8
fi
fi
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# log_trace
#--------------------------------------------------------------------------------------------------------------------------
log_trace()
{
log_print "${LOG_FILE}" "${LOG_LOCK}" "${LOG_ECHO}" "TRA" $*
}
#--------------------------------------------------------------------------------------------------------------------------
# log_info
#--------------------------------------------------------------------------------------------------------------------------
log_info()
{
log_print "${LOG_FILE}" "${LOG_LOCK}" "${LOG_ECHO}" "INF" $*
}
#--------------------------------------------------------------------------------------------------------------------------
# log_warning
#--------------------------------------------------------------------------------------------------------------------------
log_warning()
{
log_print "${LOG_FILE}" "${LOG_LOCK}" "${LOG_ECHO}" "WRN" $*
}
#--------------------------------------------------------------------------------------------------------------------------
# log_error
#--------------------------------------------------------------------------------------------------------------------------
log_error()
{
log_print "${LOG_FILE}" "${LOG_LOCK}" "${LOG_ECHO}" "ERR" $*
}

29
usr/local/sbin/cert_dump
View File

@@ -1,29 +0,0 @@
#!/bin/bash
OPENVPN_DIR=/etc/openvpn
type=$1
host=$2
case "${type}"
in
"ca")
cat ${OPENVPN_DIR}/tls/certs/ca.crt
;;
"tc")
cat ${OPENVPN_DIR}/tls/private/tc.key
;;
"key")
cat ${OPENVPN_DIR}/tls/private/${host}.key
;;
"csr")
cat ${OPENVPN_DIR}/tls/certs/${host}.csr
;;
"crt")
cat ${OPENVPN_DIR}/tls/certs/${host}.crt
;;
esac

19
usr/local/sbin/ip_host_update
View File

@@ -1,19 +0,0 @@
#!/bin/bash
host=$1
zone=$2
ip=$3
ttl=$4
date="$(date --rfc-3339 seconds)"
(
echo "prereq yxrrset ${host}.${zone}. A"
echo "update delete ${host}.${zone}. A"
echo "update add ${host}.${zone}. ${ttl} A ${ip}"
echo "update delete ${host}.${zone}. TXT"
echo "update add ${host}.${zone}. ${ttl} TXT ${date}"
echo ""
) | nsupdate

42
usr/local/sbin/openvpn-client-down
View File

@@ -1,42 +0,0 @@
#!/bin/bash
#DEBUG=""
#DEBUG="echo"
#DEBUG=":"
#LOG=":"
#LOG="echo"
#LOG=""
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
. /usr/local/lib/network.bash
# Global Variables
#-----------------------------------------------------------------------------------------------------------------------------------
#LOG_FILE=/var/log/openvpn/up-down.log
# Main
#-----------------------------------------------------------------------------------------------------------------------------------
network_init
line="[${dev}]: Local_Int_Address: [${ifconfig_local}] Remote_Int_Address: [${ifconfig_pool_remote_ip}] Remote_Ext_Addres: [${untrusted_ip}] Common_Name: [${common_name}] Duration: [${time_duration}]"
log_info "VPN-Client-Down" "$line" " Status: [OK]"
touch /etc/openvpn/status/${common_name}.status
log_trace "VPN-Client-Down" "[${dev}]: Done!"

45
usr/local/sbin/openvpn-client-up
View File

@@ -1,45 +0,0 @@
#!/bin/bash
#DEBUG=""
#DEBUG="echo"
#DEBUG=":"
#LOG=":"
#LOG="echo"
#LOG=""
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
. /usr/local/lib/network.bash
# Global Variables
#-----------------------------------------------------------------------------------------------------------------------------------
#LOG_FILE=/var/log/openvpn/up-down.log
# Main
#-----------------------------------------------------------------------------------------------------------------------------------
Output_Param_File="$1"
network_init
line="[${dev}]: Local_Int_Address: [${ifconfig_local}] Remote_Int_Address: [${ifconfig_pool_remote_ip}] Remote_Ext_Addres: [${untrusted_ip}] Common_Name: [${common_name}] Output_Param_File: [${Output_Param_File}]"
log_info "VPN-Client-Up" "$line" " Status: [OK]"
touch /etc/openvpn/status/${common_name}.status
log_trace "VPN-Client-Up" "[${dev}]: Done!"

61
usr/local/sbin/openvpn-down
View File

@@ -1,61 +0,0 @@
#!/bin/bash
#DEBUG=""
#DEBUG="echo"
#DEBUG=":"
#LOG=":"
#LOG="echo"
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
. /usr/local/lib/network.bash
# Global Variables
#-----------------------------------------------------------------------------------------------------------------------------------
#LOG_FILE=/var/log/openvpn/up-down.log
# Main
#-----------------------------------------------------------------------------------------------------------------------------------
Dev="$1"
Local_MTU="$2"
Remote_MTU="$3"
Local_Address="$4"
Local_Netmask="$5"
Phase="$6"
network_init
network_dst_tab_dev_lookup "${Dev}"
network_dst_tab_get "${dst_id}"
line="[${Dev}]: Local_MTU: [${Local_MTU}] Remote_MTU: [${Remote_MTU}] Local_Address: [${Local_Address}] Local_Netmask: [${Local_Netmask}] Dst_Table: [${dst_table}] Phase: [${Phase}]"
if [[ "${dst_table}" != "" ]]
then
log_info "VPN-Down" "$line" " Status: [OK]"
remote_address=0.0.0.0
log_trace "VPN-Down" "[${Dev}]: set ${remote_address} to vpn${id}.vpn.rx3"
${DEBUG} ip_host_update vpn${id} vpn.rx3 ${remote_address} 60
else
log_error "VPN-Down" "$line" " Status: [ERROR]!"
fi
log_trace "VPN-Down" "[${Dev}]: Done!"

10
usr/local/sbin/openvpn-status
View File

@@ -1,10 +0,0 @@
#!/bin/bash
dev=$1
if [[ "$1" != "" ]]
then
cat /etc/openvpn/openvpn-status-$dev.log
else
awk '{print FILENAME ": " $0}' /etc/openvpn/openvpn-status-*.log
fi

59
usr/local/sbin/openvpn-up
View File

@@ -1,59 +0,0 @@
#!/bin/bash
#DEBUG=""
#DEBUG="echo"
#DEBUG=":"
#LOG=":"
#LOG="echo"
#LOG=""
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
. /usr/local/lib/network.bash
# Global Variables
#-----------------------------------------------------------------------------------------------------------------------------------
#LOG_FILE=/var/log/openvpn/up-down.log
# Main
#-----------------------------------------------------------------------------------------------------------------------------------
Dev="$1"
Local_MTU="$2"
Remote_MTU="$3"
Local_Address="$4"
Local_Netmask="$5"
Phase="$6"
network_init
network_dst_tab_dev_lookup "${Dev}"
network_dst_tab_get "${dst_id}"
line="[${Dev}]: Local_MTU: [${Local_MTU}] Remote_MTU: [${Remote_MTU}] Local_Address: [${Local_Address}] Local_Netmask: [${Local_Netmask}] Dst_Table: [${dst_table}] Dst_Id: [${dst_id}] Phase: [${Phase}]"
if [[ "${dst_table}" != "" ]]
then
log_info "VPN-Up" "$line" " Status: [OK]"
log_trace "VPN-Up" "[${Dev}]: ip route add table: [${dst_table}] default dev: [${Dev}]"
network_route_dst_init ${dst_id}
else
log_error "VPN-Up" "$line" " Status: [ERROR]!"
fi
log_trace "VPN-Up" "[${Dev}]: Done!"

185
usr/local/sbin/rx3_net_adm
View File

@@ -1,185 +0,0 @@
#!/bin/bash
RETVAL=0
prog="rx3-net"
#DEBUG=""
#DEBUG="echo"
#DEBUG=":"
#LOG=":"
#LOG="echo"
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
. /usr/local/lib/network.bash
#--------------------------------------------------------------------------------------------------------------------------
# Start
#--------------------------------------------------------------------------------------------------------------------------
start()
{
echo "Starting..."
if [ -r /var/lock/subsys/rx3-net ]
then
echo "already started"
RETVAL=0
else
network_start
RETVAL=$?
[ "$RETVAL" = 0 ] && touch /var/lock/subsys/rx3-net
fi
echo
}
#--------------------------------------------------------------------------------------------------------------------------
# Stop
#--------------------------------------------------------------------------------------------------------------------------
stop()
{
echo "Stopping..."
if [ -r /var/lock/subsys/rx3-net ]
then
network_stop
RETVAL=$?
else
echo "already stopped"
RETVAL=0
fi
[ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/rx3-net
echo
}
#--------------------------------------------------------------------------------------------------------------------------
# Status
#--------------------------------------------------------------------------------------------------------------------------
status()
{
network_status
}
#--------------------------------------------------------------------------------------------------------------------------
# Dump
#--------------------------------------------------------------------------------------------------------------------------
dump()
{
network_tab_dump
}
#--------------------------------------------------------------------------------------------------------------------------
# Table_Set
#--------------------------------------------------------------------------------------------------------------------------
table_set()
{
echo "Setting ip:$1 table:$2"
network_table_set $1 $2
}
#--------------------------------------------------------------------------------------------------------------------------
# Address_Refresh
#--------------------------------------------------------------------------------------------------------------------------
address_refresh()
{
dst_id="$1"
if [[ "${dst_id}" != "" ]]
then
echo "Refreshing address: [${dst_id}]..."
network_dst_tab_get ${dst_id}
network_dst_address_refresh ${dst_id} ${dst_host_name} ${dst_ip}
else
echo "Refreshing all address..."
network_dst_address_refresh_all
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# Main
#--------------------------------------------------------------------------------------------------------------------------
network_init
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
sleep 1
start
;;
status)
status
;;
dump)
dump
;;
table_set)
table_set $2 $3
;;
refresh_address)
address_refresh $2
;;
*)
echo "Usage: $0 {start|stop|restart|status|dump|table_set|refresh_address}"
RETVAL=1
;;
esac
network_deinit
exit $RETVAL

137
usr/local/sbin/rx3_vpn_adm
View File

@@ -1,137 +0,0 @@
#!/bin/bash
RETVAL=0
#DEBUG=""
#DEBUG="echo"
#DEBUG=":"
#LOG=":"
#LOG="echo"
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
. /usr/local/lib/vpn.bash
#--------------------------------------------------------------------------------------------------------------------------
# Start
#--------------------------------------------------------------------------------------------------------------------------
start()
{
echo "Starting..."
if [ -r /var/lock/subsys/rx3-vpn ]
then
echo "already started"
RETVAL=0
else
vpn_start
RETVAL=$?
[ "$RETVAL" = 0 ] && touch /var/lock/subsys/rx3-vpn
fi
echo
}
#--------------------------------------------------------------------------------------------------------------------------
# Stop
#--------------------------------------------------------------------------------------------------------------------------
stop()
{
echo "Stopping..."
if [ -r /var/lock/subsys/rx3-vpn ]
then
vpn_stop
RETVAL=$?
else
echo "already stopped"
RETVAL=0
fi
[ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/rx3-vpn
echo
}
#--------------------------------------------------------------------------------------------------------------------------
# Status
#--------------------------------------------------------------------------------------------------------------------------
status()
{
vpn_status
}
#--------------------------------------------------------------------------------------------------------------------------
# Dump
#--------------------------------------------------------------------------------------------------------------------------
dump()
{
vpn_job_tab_dump
}
#--------------------------------------------------------------------------------------------------------------------------
# Main
#--------------------------------------------------------------------------------------------------------------------------
vpn_init
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
sleep 1
start
;;
status)
status
;;
dump)
dump
;;
*)
echo "Usage: $0 {start|stop|restart|status|dump}"
RETVAL=1
;;
esac
vpn_deinit
exit $RETVAL

460
var/www/cgi-bin/ns-admin_board.cgi
View File

@@ -1,460 +0,0 @@
#!/bin/bash
. /etc/sysconfig/rx3-ns
#--------------------------------------------------------------------------------------------------------------------------
# Lookup Domain Owner ()
#--------------------------------------------------------------------------------------------------------------------------
Lookup_Domain_Owner ()
{
for ldo_blk in ${NS_LIST}
do
OIFS=${IFS}
IFS=:
set ${ldo_blk}
ldo_domain=$1
ldo_host=$2
ldo_owner=$3
IFS=${OIFS}
if [[ "${host}.${domain}" == "${ldo_host}.${ldo_domain}" ]]
then
echo ${ldo_owner}
fi
done
}
#--------------------------------------------------------------------------------------------------------------------------
# Header Print
#--------------------------------------------------------------------------------------------------------------------------
Header_Print ()
{
case "${format}"
in
"html")
echo "Content-type: text/html"
echo ""
echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\">"
echo "<HTML>"
echo " <HEAD>"
echo " <META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=iso-8859-1\">"
if [[ "${refresh}" == "yes" ]]
then
echo " <META http-equiv=\"Refresh\" content=\"300\">"
fi
echo " <META http-equiv=\"Pragma\" content=\"no-cache\">"
echo " <LINK REL=\"shortcut icon\" HREF=\"/favicon.ico\" TYPE=\"image/x-icon\">"
echo " <LINK REL=\"stylesheet\" TYPE=\"text/css\" HREF=\"/tdsots/default.css\">"
echo " <TITLE>Rx3 NS Admin: ${cmd_status}</Title>"
echo " </HEAD>"
echo " <BODY>"
;;
"txt")
echo "Content-disposition: attachment; filename=${file_name}"
echo "Content-type: text/plain"
echo ""
;;
esac
}
#--------------------------------------------------------------------------------------------------------------------------
# Tailer
#--------------------------------------------------------------------------------------------------------------------------
Footer_Print ()
{
case "${format}"
in
"html")
echo " </BODY>"
echo ""
echo "</HTML>"
;;
esac
}
#--------------------------------------------------------------------------------------------------------------------------
# Main
#--------------------------------------------------------------------------------------------------------------------------
#--------------------------------------------------------------------------------------------------------------------------
# Args
#--------------------------------------------------------------------------------------------------------------------------
cmd=""
format=""
ip=""
host=""
domain=""
redirect=""
remote_ip="${REMOTE_ADDR}"
if [[ "${QUERY_STRING}" != "" ]]
then
OIFS=${IFS}
IFS="\&"
set ${QUERY_STRING}
IFS=${OIFS}
i=$#
while [[ "${i}" != 0 ]]
do
var=${1/=*/}
arg=${1/*=/}
case "${var}"
in
"format")
format=${arg}
;;
"cmd")
cmd=${arg}
;;
"host")
host=${arg}
;;
"domain")
domain=${arg}
;;
"ip")
ip=${arg}
;;
"ttl")
ttl=${arg}
;;
esac
shift
i=$((i - 1))
done
fi
if [[ "${format}" == "" ]]
then
format="html"
fi
#--------------------------------------------------------------------------------------------------------------------------
# Usage_Print
#--------------------------------------------------------------------------------------------------------------------------
Usage_Print ()
{
if [[ "${format}" == "html" ]]
then
echo " <P>"
echo " <BR>"
echo " </P>"
echo ""
echo " <H2>Rx3 NS Admin Service Usage</H2>"
echo ""
echo " <table border="1" cols=1 width="95%" nosave align=\"CENTER\">"
echo " <tr>"
echo " <td>"
echo " <table border="0" cols=1 width="95%" nosave align=\"CENTER\">"
echo " <tr>"
echo " <td>"
echo " <pre>"
echo " <BR>"
echo " - cmd=address_get: Get the host IP address<br>"
echo " + [format=html|txt]: Output request format (Default to "html")<br>"
echo " + host=&lt;Host Name&gt;: Host name to show<br>"
echo " + domain=&lt;Domaine Name&gt;: Domain name of the host name<br>"
echo "<br>"
echo " - cmd=address_set: Set the host IP address<br>"
echo " + [format=html|txt]: Output request format (Default to "html")<br>"
echo " + host=&lt;Host Name&gt;: Host name to set<br>"
echo " + domain=&lt;Domaine Name&gt;: Domain name of the host name<br>"
echo " + [ip=&lt;IP Address&gt;]: IP address to be set (Default to requestor address)<br>"
echo " + [ttl=&lt;TTL&gt;]: TTL to be set (Default to 600)<br>"
echo "<br>"
echo " - Example: https://www.rx3.net/cgi-bin-private/ns-admin_board.cgi?cmd=address_get&amp;host=vpn0&amp;domain=vpn.rx3<br>"
echo " </pre>"
echo " </td>"
echo " </tr>"
echo " </table>"
echo " </td>"
echo " </tr>"
echo " </table>"
else
echo "Rx3 NS Service Usage:"
echo " - cmd=address_get: Get the host IP address"
echo " + [format=html|txt]: Output request format (Default to "html")"
echo " + host=<Host Name>: Host name to show"
echo " + domain=<Domaine Name>: Domain name of the host name"
echo ""
echo " - cmd=address_set: Set the host IP address"
echo " + [format=html|txt]: Output request format (Default to "html")"
echo " + host=<Host Name>: Host name to set"
echo " + domain=<Domaine Name>: Domain name of the host name"
echo " + [ip=<IP Address>]: IP address to be set (Default to requestor address)"
echo " + [ttl=<TTL>]: TTL to be set (Default to 600)<br>"
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# Main Board Print
#--------------------------------------------------------------------------------------------------------------------------
Main_Board_Print ()
{
if [[ "${format}" == "html" ]]
then
echo ""
echo " <H1>Rx3 NS Admin Board</H1>"
echo " <P>"
echo " <BR>"
echo ""
echo " <b>Date: $(/bin/date)</b><br>"
echo " </P>"
echo " <HR>"
echo ""
fi
if [[ "${format}" == "html" ]]
then
echo " <P>"
echo " <BR>"
echo " </P>"
echo ""
echo " <H2>Rx3 NS Status Board</H2>"
echo ""
echo " <TABLE BORDER=\"1\" WIDTH=\"100%\">"
echo " <TR class=\"header\"><TD class=\"header\">#</TD><TD>Domain</TD><TD>Host</TD><TD>Address</TD><TD>Owner</TD><TD>TTL</TD><TD>Date</TD></TR>"
else
echo "TABLE: RX3-NS_Status_Board"
echo "#;Domain;Host;Address;Owner;TTL;Date"
fi
idx=0
for blk in ${NS_LIST}
do
OIFS=${IFS}
IFS=:
set ${blk}
domain=$1
host=$2
owner=$3
IFS=${OIFS}
address=$(dig -t A ${host}.${domain}. | grep "^${host}.${domain}" | awk '{print $5}')
ttl=$(dig -t A ${host}.${domain}. | grep "^${host}.${domain}" | awk '{print $2}')
date=$(dig -t TXT ${host}.${domain}. | grep "^${host}.${domain}" | awk '{print $5 " " $6}' | sed -e "s/\"//g")
if [[ "${REMOTE_USER}" == "${owner}" ]]
then
class="default"
else
class="dark"
fi
if [[ "${format}" == "html" ]]
then
echo "<TR class="${class}"><TD class=header>${idx}</TD><TD>${domain}</TD><TD>${host}</TD><TD>${address}</TD><TD>${owner}</TD><TD>${ttl}</TD><TD>${date}</TD></TR>"
else
echo "${domain};${host};${address};${owner};${ttl};${date}"
fi
idx=$((${idx}+1))
done
if [[ "${format}" == "html" ]]
then
echo " </TABLE>"
echo " <P>"
echo " <BR>"
echo " </P>"
else
echo ""
fi
Usage_Print
}
#--------------------------------------------------------------------------------------------------------------------------
# Command Handler
#--------------------------------------------------------------------------------------------------------------------------
case "${cmd}"
in
"")
cmd_status="OK"
refresh="yes"
Header_Print
Main_Board_Print
Footer_Print
;;
"address_set")
owner=$(Lookup_Domain_Owner)
if [[ "${owner}" != "" ]]
then
if [[ "${REMOTE_USER}" == "${owner}" ]]
then
if [[ "${ip}" == "" ]]
then
ip="${remote_ip}"
fi
if [[ "${ttl}" == "" ]]
then
ttl="600"
fi
sudo /usr/local/sbin/ip_host_update ${host} ${domain} ${ip} ${ttl}
if [[ "$?" == 0 ]]
then
status="OK"
else
status="KO"
fi
else
status="KO - Not Authorized"
fi
else
status="KO - Domain not found"
fi
cmd_status="${cmd}: ${status}"
refresh="no"
Header_Print
if [[ "${format}" == "html" ]]
then
echo " <table border="1" cols=1 width="95%" nosave align=\"CENTER\">"
echo " <tr>"
echo " <td>"
echo " <table border="0" cols=1 width="95%" nosave align=\"CENTER\">"
echo " <tr>"
echo " <td>"
echo " <pre>"
fi
echo "Set $host.$domain. to ${ip} with TTL ${ttl}: ${status}"
if [[ "${format}" == "html" ]]
then
echo " </pre>"
echo " </td>"
echo " </tr>"
echo " </table>"
echo " </td>"
echo " </tr>"
echo " </table>"
fi
Footer_Print
;;
"address_get")
owner=$(Lookup_Domain_Owner)
if [[ "${owner}" != "" ]]
then
# if [[ "${REMOTE_USER}" == "${owner}" ]]
# then
# host_info="$(host ${host}.${domain})"
host_info="$(dig -t ANY ${host}.${domain}.)"
if [[ "$?" == 0 ]]
then
status="OK"
else
status="KO"
fi
# else
# status="KO - Not Authorized"
# fi
else
status="KO - Domain not found"
fi
cmd_status="${cmd}: ${status}"
refresh="no"
Header_Print
if [[ "${format}" == "html" ]]
then
echo " <table border="1" cols=1 width="95%" nosave align=\"CENTER\">"
echo " <tr>"
echo " <td>"
echo " <table border="0" cols=1 width="95%" nosave align=\"CENTER\">"
echo " <tr>"
echo " <td>"
echo " <pre>"
echo "$host.$domain.: ${status}"
echo "<br>"
else
echo "$host.$domain.:"
echo ""
fi
echo "${host_info}"
if [[ "${format}" == "html" ]]
then
echo " </pre>"
echo " </td>"
echo " </tr>"
echo " </table>"
echo " </td>"
echo " </tr>"
echo " </table>"
fi
Footer_Print
;;
*)
cmd_status="${cmd}: UNKNOWN_CMD"
Header_Print
Footer_Print
;;
esac

809
var/www/cgi-bin/vpn-admin_board.cgi
View File

@@ -1,809 +0,0 @@
#!/bin/bash
time_in=$(date +%s%N)
# No Log please
export LOG=""
. /usr/local/lib/network.bash
#--------------------------------------------------------------------------------------------------------------------------
# Header Print
#--------------------------------------------------------------------------------------------------------------------------
Header_Print()
{
case "${format}"
in
"html")
echo "Content-type: text/html"
echo ""
echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\">"
echo "<HTML>"
echo " <HEAD>"
echo " <META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=iso-8859-1\">"
echo " <META http-equiv=\"Refresh\" content=\"300\">"
echo " <META http-equiv=\"Pragma\" content=\"no-cache\">"
echo " <LINK REL=\"shortcut icon\" HREF=\"/favicon.ico\" TYPE=\"image/x-icon\">"
echo " <LINK REL=\"stylesheet\" TYPE=\"text/css\" HREF=\"/tdsots/default.css\">"
if [[ "${cmd_status}" == "" ]]
then
echo " <TITLE>Rx3 VPN Admin Board</Title>"
else
echo " <TITLE>Rx3 VPN Admin Board: ${cmd_status}</Title>"
fi
if [[ "${redirect}" != "" ]]
then
echo " <meta http-equiv=\"REFRESH\" content=\"1; URL=${redirect}\">"
fi
echo " </HEAD>"
echo " <BODY>"
;;
"csv")
echo "Content-type: text/csv"
echo ""
echo "SOF"
if [[ "${redirect}" != "" ]]
then
echo "CMD: ${cmd_status}"
fi
;;
"txt")
echo "Content-disposition: attachment; filename=${file_name}"
echo "Content-type: text/plain"
echo ""
;;
esac
}
#--------------------------------------------------------------------------------------------------------------------------
# Tailer
#--------------------------------------------------------------------------------------------------------------------------
Footer_Print()
{
case "${format}"
in
"html")
echo " </BODY>"
echo ""
echo "</HTML>"
;;
"csv")
echo ""
echo "EOF"
;;
esac
}
#--------------------------------------------------------------------------------------------------------------------------
# Destination Status Board
#--------------------------------------------------------------------------------------------------------------------------
Destination_Status_Board()
{
if [[ "${format}" == "html" ]]
then
echo " <P>"
echo " <BR>"
echo " </P>"
echo ""
echo " <H2>Destination Status Board</H2>"
echo ""
echo " <TABLE BORDER=\"1\" WIDTH=\"100%\">"
echo " <TR class=\"header\"><TD class=\"header\">#</TD><TD>Name</TD><TD>Type</TD><TD>Device</TD><TD>Status</TD><TD>IP</TD><TD>Host Name</TD><TD>Config</TD><TD>Table</TD><TD>Bytes In</TD><TD>Bytes Out</TD><TD>UpTime</TD></TR>"
else
echo "TABLE: Destination_Status_Board"
echo "#;Name;Type;Device;Status;IP;Host Name;Config;Table;Bytes In;Bytes Out;UpTime"
fi
for dst_id in ${NETWORK_DST_ID_LIST}
do
network_dst_tab_get ${dst_id}
if [[ ${dst_status} == 0 ]]
then
dst_ip="-"
fi
if [[ "${format}" == "html" ]]
then
echo -n "<TR><TD class="header">${dst_id}</TD><TD>${dst_name}</TD><TD>${NETWORK_DST_TYPE[${dst_type}]}</TD><TD>${dst_device}</TD>"
if [[ "${dst_status}" == 1 ]]
then
echo -n "<TD><IMG SRC=\"/icons/user-online.png\" TITLE=\"Up\" ALT=\"Up\"></TD>"
else
echo -n "<TD><IMG SRC=\"/icons/user-busy.png\" TITLE=\"Down\" ALT=\"Down\"></TD>"
fi
echo "<TD>${dst_ip:--}</TD><TD>${dst_host_name:--}</TD><TD>${dst_config:--}</TD><TD>${dst_table}</TD><TD>${dst_bytes_received:--}</TD><TD>${dst_bytes_sent:--}</TD><TD>${dst_uptime:--}</TD>"
else
echo "${dst_id};${dst_name};${NETWORK_DST_TYPE[${dst_type}]};${dst_device};${dst_status};${dst_ip};${dst_host_name};${dst_config};${dst_table};${dst_bytes_received};${dst_bytes_sent};${dst_uptime}"
fi
done
if [[ "${format}" == "html" ]]
then
echo " </TABLE>"
echo " <P>"
echo " <BR>"
echo " </P>"
echo ""
else
echo ""
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# Source Routing Board Line
#--------------------------------------------------------------------------------------------------------------------------
Source_Routing_Board_Line()
{
src_id=$1
network_src_tab_get ${src_id}
if [[ ( "${filter}" == "") || ( "${filter}" == "owner") || ( "${filter}" == "${src_owner}") ]]
then
if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
then
class="default"
else
if [[ "${filter}" == "owner" ]]
then
class="skip"
else
class="dark"
fi
fi
else
# filter == user not owner of this line
class="skip"
fi
if [[ "${class}" != "skip" ]]
then
if [[ "${format}" == "html" ]]
then
echo -n "<TR class="${class}"><TD class="header">${src_id}</TD>"
echo -n "<TD>${NETWORK_SRC_TYPE[${src_type}]}</TD><TD>${src_ip}</TD><TD>${src_host_name:--}</TD>"
echo -n "<TD>${src_device:--}</TD>"
case "${src_status}"
in
"0")
echo -n "<TD><IMG SRC=\"/icons/user-busy.png\" TITLE=\"Down\" ALT=\"Down\"></TD>"
;;
"1")
echo -n "<TD><IMG SRC=\"/icons/user-online.png\" TITLE=\"Up\" ALT=\"Up\"></TD>"
;;
"2")
echo -n "<TD>-</TD>"
;;
esac
else
echo -n "${src_id};${NETWORK_SRC_TYPE[${src_type}]};${src_ip};${src_host_name};${src_device};${status};"
fi
for dst_id in ${NETWORK_DST_ID_LIST}
do
network_dst_tab_get ${dst_id}
if [[ ( "${admin}" == "true") || ( "${dst_type}" != 1) ]]
then
if [[ "${format}" == "html" ]]
then
echo -n "<TD><TABLE class=\"${class}\" BORDER=\"0\" WIDTH=\"100%\"><TR><TD class=\"half\">"
if [[ "${dst_table}" == "${src_table}" ]]
then
echo -n "<IMG SRC=\"/icons/user-online.png\" TITLE=\"Up\" ALT=\"Up\"></TD><TD>&nbsp;"
else
echo -n "<IMG SRC=\"/icons/user-busy.png\" TITLE=\"Down\" ALT=\"Down\"></TD><TD>"
if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
then
echo -n "<A HREF=\"?cmd=route_set&amp;admin=${admin}&amp;filter=${filter}&amp;ip=${src_ip}&amp;vpn=${dst_id}\"><IMG SRC=\"/icons/user-invisible.png\" TITLE=\"Activate\" ALT=\"Activate\"></A>"
else
echo -n "&nbsp;"
fi
fi
echo -n "</TD></TR></TABLE></TD>"
else
if [[ "${dst_table}" == "${src_table}" ]]
then
echo -n "1;"
else
echo -n "0;"
fi
fi
fi
done
if [[ "${format}" == "html" ]]
then
if [[ "${port_range}" != "0" ]]
then
echo -n "<TD>${src_port_range}</TD><TD>${src_port_start:--}</TD><TD>${src_port_end:--}</TD>"
else
echo -n "<TD>${src_port_range}</TD><TD>-</TD><TD>-</TD>"
fi
echo "<TD><A HREF=\"?admin=${admin}&amp;filter=${src_owner}\">${src_owner}</A></TD><TD>${src_bytes_received:--}</TD><TD>${src_bytes_sent:--}</TD><TD>${src_uptime:--}</TD><TD>${src_last_seen:--}</TD></TR>"
else
echo "${src_port_range};${src_port_start};${src_port_end};${src_owner};${src_bytes_received};${src_bytes_sent};${src_uptime};${src_last_seen}"
fi
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# Source Routing Board
#--------------------------------------------------------------------------------------------------------------------------
Source_Routing_Board()
{
if [[ "${format}" == "html" ]]
then
echo " <P>"
echo " <BR>"
echo " </P>"
echo ""
echo " <H2>Source Routing Board</H2>"
echo ""
echo " <TABLE BORDER=\"1\" WIDTH=\"100%\">"
echo -n " <TR class="header"><TD class="header">#</TD><TD>Type</TD><TD>IP</TD><TD>Host Name</TD><TD>Device</TD><TD>Status</TD>"
else
echo "TABLE: Source_Routing_Board"
echo -n "#;Type;IP;Host Name;Status;Device;"
fi
for dst_id in ${NETWORK_DST_ID_LIST}
do
network_dst_tab_get ${dst_id}
if [[ ( "${admin}" == "true") || ( "${dst_type}" != 1) ]]
then
if [[ "${format}" == "html" ]]
then
echo -n "<TD>${dst_name}</TD>"
else
echo -n "${dst_name};"
fi
fi
done
if [[ "${format}" == "html" ]]
then
echo "<TD>Port Range</TD><TD>From Port</TD><TD>To Port</TD><TD>Owner</TD><TD>Bytes In</TD><TD>Bytes Out</TD><TD>UpTime</TD><TD>Last Seen</TD></TR>"
else
echo "Port Range;From Port;To Port;Owner;Bytes In;Bytes Out;UpTime;Last Seen"
fi
for src_id in ${NETWORK_SRC_ID_LIST}
do
Source_Routing_Board_Line ${src_id}
done
if [[ "${format}" == "html" ]]
then
echo " </TABLE>"
echo " <P>"
echo " <BR>"
echo " </P>"
else
echo ""
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# OpenVPN Board
#--------------------------------------------------------------------------------------------------------------------------
VPN_OpenVPN_Board()
{
if [[ "${format}" == "html" ]]
then
echo " <P>"
echo " <BR>"
echo " </P>"
echo ""
echo " <H2>OpenVPN Board</H2>"
echo ""
echo " <TABLE BORDER=\"1\" WIDTH=\"100%\">"
echo " <TR class="header"><TD class="header" ROWSPAN=3>#</TD><TD ROWSPAN=3>IP</TD><TD ROWSPAN=3>Host Name</TD><TD COLSPAN=4>Configuration</TD><TD COLSPAN=5>Certificates</TD></TR><TR class=\"header\"><TD COLSPAN=2>Default Route VPN</TD><TD COLSPAN=2>No Default Route VPN</TD><TD ROWSPAN=2>CA Certificate (.crt)</TD><TD ROWSPAN=2>TC Certificate (.key)</TD><TD ROWSPAN=2>Private Key (.key)</TD><TD ROWSPAN=2>Cerificate Signing Request (.csr)</TD><TD ROWSPAN=2>Public Certificate (.crt)</TD></TR><TR class=\"header\"><TD>External Crt</TD><TD>Inline Crt</TD><TD>External Crt</TD><TD>Inline Crt</TD></TR>"
else
echo "TABLE: OpenVPN_Board"
echo "#;IP;Host Name;Certificate"
fi
idx=0
for src_id in ${NETWORK_SRC_ID_LIST}
do
network_src_tab_get ${src_id}
if [[ "${src_type}" == 2 ]]
then
if [[ ( "${filter}" == "") || ( "${filter}" == "owner") || ( "${filter}" == "${src_owner}") ]]
then
if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
then
class="default"
else
if [[ "${filter}" == "owner" ]]
then
class="skip"
else
class="dark"
fi
fi
else
# filter == user not owner of this line
class="skip"
fi
if [[ "${class}" != "skip" ]]
then
if [[ "${format}" == "html" ]]
then
echo -n " <TR class=\"${class}\"><TD class=\"header\">${idx}</TD><TD>${src_ip}</TD><TD>${src_host_name}</TD>"
echo -n "<TD><A HREF=\"?cmd=config_download&amp;admin=${admin}&amp;filter=${filter}&amp;ip=${src_ip}&amp;defroute=true&amp;type=ext\" ><IMG SRC=\"/icons/user-online.png\" TITLE=\"Configuration Default Route External Certificates\" ALT=\"Configuration External Certificates\"></A></TD>"
if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
then
echo -n "<TD><A HREF=\"?cmd=config_download&amp;admin=${admin}&amp;filter=${filter}&amp;ip=${src_ip}&amp;defroute=true&amp;type=inline\" ><IMG SRC=\"/icons/user-online.png\" TITLE=\"Configuration Default Route Inline Certificates\" ALT=\"Configuration Inline Certificates\"></A></TD>"
else
echo -n "<TD><IMG SRC=\"/icons/user-online.png\" TITLE=\"Configuration Inline Certificates\" ALT=\"Configuration Inline Certificates\"></TD>"
fi
echo -n "<TD><A HREF=\"?cmd=config_download&amp;admin=${admin}&amp;filter=${filter}&amp;ip=${src_ip}&amp;defroute=false&amp;type=ext\" ><IMG SRC=\"/icons/user-online.png\" TITLE=\"Configuration NoDefault Route External Certificates\" ALT=\"Configuration External Certificates\"></A></TD>"
if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
then
echo -n "<TD><A HREF=\"?cmd=config_download&amp;admin=${admin}&amp;filter=${filter}&amp;ip=${src_ip}&amp;defroute=false&amp;type=inline\" ><IMG SRC=\"/icons/user-online.png\" TITLE=\"Configuration NoDefault Route Inline Certificates\" ALT=\"Configuration Inline Certificates\"></A></TD>"
else
echo -n "<TD><IMG SRC=\"/icons/user-online.png\" TITLE=\"Configuration Inline Certificates\" ALT=\"Configuration Inline Certificates\"></TD>"
fi
else
echo -n "${idx};${src_ip};${src_host_name}"
fi
if [[ "${format}" == "html" ]]
then
echo -n "<TD><A HREF=\"?cmd=cert_download&amp;admin=${admin}&amp;filter=${filter}&amp;ip=${src_ip}&amp;type=ca\" ><IMG SRC=\"/icons/user-online.png\" TITLE=\"CA Certificate\" ALT=\"CA Certificate\"></A></TD>"
if [[ ( "${admin}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
then
echo -n "<TD><A HREF=\"?cmd=cert_download&amp;admin=${admin}&amp;filter=${filter}&amp;ip=${src_ip}&amp;type=tc\" ><IMG SRC=\"/icons/user-online.png\" TITLE=\"TC Certificate\" ALT=\"TC Certificate\"></A></TD>"
if [[ -f /etc/openvpn/tls/certs/${src_host_name}.crt ]]
then
echo -n "<TD><A HREF=\"?cmd=cert_download&amp;admin=${admin}&amp;filter=${filter}&amp;ip=${src_ip}&amp;type=key\"><IMG SRC=\"/icons/user-online.png\" TITLE=\"Private Key\" ALT=\"Private Key\"></A></TD>"
echo -n "<TD><A HREF=\"?cmd=cert_download&amp;admin=${admin}&amp;filter=${filter}&amp;ip=${src_ip}&amp;type=csr\"><IMG SRC=\"/icons/user-online.png\" TITLE=\"Certificate Signing Request\" ALT=\"Certificat Signing Request\"></A></TD>"
echo "<TD><A HREF=\"?cmd=cert_download&amp;admin=${admin}&amp;filter=${filter}&amp;ip=${src_ip}&amp;type=crt\"><IMG SRC=\"/icons/user-online.png\" TITLE=\"Public Certificate\" ALT=\"Public Certificate\"></A></TD></TR>"
else
echo -n "<TD><IMG SRC=\"/icons/user-busy.png\" TITLE=\"Private Key\" ALT=\"Private Key\"></TD>"
echo -n "<TD><IMG SRC=\"/icons/user-busy.png\" TITLE=\"Certificat Signing Request\" ALT=\"Certificat Signing Request\"></TD>"
echo "<TD><IMG SRC=\"/icons/user-busy.png\" TITLE=\"Public Certificate\" ALT=\"Public Certificate\"></TD></TR>"
fi
else
echo -n "<TD><IMG SRC=\"/icons/user-online.png\" TITLE=\"TC Certificate\" ALT=\"TC Certificate\"></TD>"
if [[ -f /etc/openvpn/tls/certs/${src_host_name}.crt ]]
then
echo -n "<TD><IMG SRC=\"/icons/user-online.png\" TITLE=\"Private Key\" ALT=\"Private Key\"></TD>"
echo -n "<TD><IMG SRC=\"/icons/user-online.png\" TITLE=\"Certificat Signing Request\" ALT=\"Certificat Signing Request\"></TD>"
echo "<TD><IMG SRC=\"/icons/user-online.png\" TITLE=\"Public Certificate\" ALT=\"Public Certificate\"></TD></TR>"
else
echo -n "<TD><IMG SRC=\"/icons/user-busy.png\" TITLE=\"Private Key\" ALT=\"Private Key\"></TD>"
echo -n "<TD><IMG SRC=\"/icons/user-busy.png\" TITLE=\"Certificat Signing Request\" ALT=\"Certificat Signing Request\"></TD>"
echo "<TD><IMG SRC=\"/icons/user-busy.png\" TITLE=\"Public Certificate\" ALT=\"Public Certificate\"></TD></TR>"
fi
fi
else
if [[ -f /etc/openvpn/tls/certs/${src_host_name}.crt ]]
then
echo ";1"
else
echo ";0"
fi
fi
idx=$(( ${idx} + 1))
fi
fi
done
if [[ "${format}" == "html" ]]
then
echo " </TABLE>"
echo " <P>"
echo " <BR>"
echo " </P>"
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# Main Board Print
#--------------------------------------------------------------------------------------------------------------------------
Main_Board_Print()
{
if [[ "${format}" == "html" ]]
then
echo ""
if [[ "${admin}" == "true" ]]
then
admin_mode=" - Admin Mode"
else
admin_mode=""
fi
case "${filter}"
in
"owner")
filter_mode="My VPN"
;;
"")
filter_mode="All VPN"
;;
*)
filter_mode="${filter} VPN"
;;
esac
echo " <H1>VPN Admin Board: ${filter_mode}${admin_mode}</H1>"
echo " <P>"
echo " <BR>"
echo ""
echo " <b>Date: $(/bin/date)</b><br>"
echo " </P>"
echo " <HR>"
echo ""
fi
Destination_Status_Board
Source_Routing_Board
VPN_OpenVPN_Board
if [[ "${format}" == "html" ]]
then
echo " <P>"
echo " <BR>"
echo " <BR>"
echo -n " "
if [[ " ${ADMIN_USER_LIST} " == *" ${REMOTE_USER} "* ]]
then
if [[ "${admin}" == "true" ]]
then
echo -n "<A HREF=\"?filter=${filter}\">Non Admin Mode</A>"
else
echo -n "<A HREF=\"?admin=true&amp;filter=${filter}\">Admin Mode</A>"
fi
echo -n "&nbsp;&nbsp;&nbsp;"
fi
if [[ "${filter}" != "" ]]
then
echo -n "<A HREF=\"?admin=${admin}\">All VPN</A>"
fi
echo ""
echo " </P>"
time_out=$(date +%s%N)
elaps=$((${time_out} - ${time_in}))
elaps_sec=$((${elaps} / 1000000000))
elaps_mili=$(( ( ${elaps} / 1000000) - ( ${elaps_sec} * 1000)))
echo " <P>"
echo " <BR>"
echo " <BR>"
printf "Page generated in %d.%03d seconds" ${elaps_sec} ${elaps_mili}
echo " </P>"
echo ""
echo " <HR>"
echo ""
echo " <P>"
echo " <A HREF=\"/tdsots/admin/\">Rx3 Admin</A>"
echo " </P>"
echo ""
echo " <HR>"
echo ""
echo " <P>"
echo " <A HREF=\"http://www.hertgen.com/anybrowser/\"> <IMG SRC=\"/images/anyb09.png\" ALT=\"Best Viewed With Any Browser\"></A>"
echo " <A HREF=\"http://validator.w3.org/check?uri=referer\"><IMG SRC=\"/images/valid-html401.png\" ALT=\"Valid HTML 4.01!\"></A>"
echo " <A HREF=\"http://jigsaw.w3.org/css-validator/\"> <IMG SRC=\"/images/valid-css.png\" ALT=\"Valid CSS!\"></A>"
echo " </P>"
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# Main
#--------------------------------------------------------------------------------------------------------------------------
#--------------------------------------------------------------------------------------------------------------------------
# Args
#--------------------------------------------------------------------------------------------------------------------------
cmd=""
format=""
filter=""
ip=""
vpn=""
type=""
redirect=""
cmd_status=""
admin=""
if [[ "${QUERY_STRING}" != "" ]]
then
OIFS=${IFS}
IFS="\&"
set ${QUERY_STRING}
IFS=${OIFS}
i=$#
while [[ "${i}" != 0 ]]
do
var=${1/=*/}
arg=${1/*=/}
case "${var}"
in
"cmd")
cmd=${arg}
;;
"format")
format=${arg}
;;
"admin")
admin=${arg}
;;
"filter")
filter=${arg}
;;
"ip")
ip=${arg}
;;
"vpn")
vpn=${arg}
;;
"type")
type=${arg}
;;
"filename")
filename=${arg}
;;
"defroute")
defroute=${arg}
;;
esac
shift
i=$((i - 1))
done
fi
if [[ "${format}" == "" ]]
then
format="html"
fi
#--------------------------------------------------------------------------------------------------------------------------
# Command Handler
#--------------------------------------------------------------------------------------------------------------------------
network_init
#network_tab_dump
if [[ ( ${admin} == "true") && ( " ${ADMIN_USER_LIST} " != *" ${REMOTE_USER} "*) ]]
then
cmd_status="${cmd}: Admin NOT_AUTHORIZED"
redirect="?filter=${filter}"
Header_Print
Footer_Print
else
case "${cmd}"
in
"")
Header_Print
Main_Board_Print
Footer_Print
;;
"route_set")
network_src_tab_ip_lookup "${ip}"
network_src_tab_get "${src_id}"
network_dst_tab_get "${vpn}"
if [[ ( ${admin} == "true") || ( ( "${REMOTE_USER}" == "${src_owner}") && ( "${dst_type}" != 1)) ]]
then
sudo /usr/local/sbin/rx3_net_adm table_set ${ip} ${dst_table} 1>&2
if [[ "$?" == 0 ]]
then
cmd_status="route_set: OK"
else
cmd_status="route_set: KO"
fi
else
cmd_status="route_set: NOT_AUTHORIZED [${REMOTE_USER}]/[${src_owner}]/[${dst_type}]"
fi
redirect="?admin=${admin}&amp;filter=${filter}"
Header_Print
Footer_Print
;;
"cert_download")
network_src_tab_ip_lookup "${ip}"
network_src_tab_get "${src_id}"
if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") || ( "${type}" == "ca") || ( "${type}" == "crt") ]]
then
cmd_status="cert_download: OK"
format="txt"
case "${type}"
in
"ca")
file_name="ca.crt"
host_name=""
;;
"tc")
file_name="tc.key"
host_name=""
;;
*)
host_name=$(host ${ip} | sed -e 's/.*domain name pointer //' -e 's/.$//')
file_name="${host_name}.${type}"
;;
esac
Header_Print
sudo /usr/local/sbin/cert_dump ${type} ${host_name}
else
cmd_status="cert_download: NOT_AUTHORIZED"
redirect="?admin=${admin}&amp;filter=${filter}"
format="html"
Header_Print
Footer_Print
fi
;;
"config_download")
network_src_tab_ip_lookup "${ip}"
network_src_tab_get "${src_id}"
if [[ ( ${admin} == "true") || ( "${REMOTE_USER}" == "${src_owner}") || ( "${type}" == "ext") ]]
then
cmd_status="config_download: OK"
host_name=$(host ${ip} | sed -e 's/.*domain name pointer //' -e 's/.$//')
template_name="rx3-client.ovpn"
if [[ "${defroute}" == "false" ]]
then
defroute_pipe="sed s/#pull-filter/pull-filter/"
route_type="nodefroute"
else
defroute_pipe="cat"
route_type="defroute"
fi
format="txt"
if [[ "${type}" == "ext" ]]
then
file_name="${host_name}-${route_type}-external.ovpn"
Header_Print
sed </etc/openvpn/template/${template_name} -e "s/CLIENT_FQDN/${host_name}/g" | ${defroute_pipe}
else
file_name="${host_name}-${route_type}-inline.ovpn"
Header_Print
eval "echo \"$( sed </etc/openvpn/template/${template_name} -e "s/ca tls\/certs\/ca.crt/\$(echo \"<ca>\"; sudo \/usr\/local\/sbin\/cert_dump ca; echo \"<\/ca>\")/" -e "s/cert tls\/certs\/CLIENT_FQDN.crt/\$(echo \"<cert>\"; sudo \/usr\/local\/sbin\/cert_dump crt CLIENT_FQDN; echo \"<\/cert>\")/" -e "s/key tls\/private\/CLIENT_FQDN.key/\$(echo \"<key>\"; sudo \/usr\/local\/sbin\/cert_dump key CLIENT_FQDN; echo \"<\/key>\")/" -e "s/tls-crypt tls\/private\/tc.key/\$(echo \"<tls-crypt>\"; sudo \/usr\/local\/sbin\/cert_dump tc; echo \"<\/tls-crypt>\")/" -e "s/CLIENT_FQDN/${host_name}/g")\"" | ${defroute_pipe}
fi
else
cmd_status="config_download: NOT_AUTHORIZED"
redirect="?admin=${admin}&amp;filter=${filter}"
format="html"
Header_Print
Footer_Print
fi
;;
*)
cmd_status="${cmd}: UNKNOWN_CMD"
Header_Print
Footer_Print
;;
esac
fi
network_deinit

534
www/cgi-bin/ns-admin_board.cgi Executable file
View File

@@ -0,0 +1,534 @@
#!/bin/bash
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Rx3 NS Admin Board CGI
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------------------
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
: "${RX3_LIB_DIR:=/usr/lib/rx3}"
. "${RX3_LIB_DIR}/dns.bash"
. /etc/sysconfig/rx3-ns # To be removed?
#-----------------------------------------------------------------------------------------------------------------------------------
# Global Variables
#-----------------------------------------------------------------------------------------------------------------------------------
declare -g VERSION="1.2.0"
declare -g NAME="ns-admin_board.cgi"
declare -g DEBUG=""
#declare -g DEBUG="echo"
#declare -g DEBUG=":"
# No Log please
export LOG=""
declare -g CMD=""
declare -g FORMAT=""
declare -g IP=""
declare -g HOST=""
declare -g DOMAIN=""
declare -g REDIRECT=""
declare -g CMD_STATUS=""
declare -g REFRESH=""
declare -g TTL=""
declare -g STATUS=""
declare -g FILE_NAME=""
declare -g REMOTE_IP="${REMOTE_ADDR}"
declare -g HOST_INFO=""
#-----------------------------------------------------------------------------------------------------------------------------------
# Lookup Domain Owner
#-----------------------------------------------------------------------------------------------------------------------------------
nab_lookup_domain_owner()
{
local ldo_blk
local ldo_domain
local ldo_host
local ldo_owner
local OIFS
for ldo_blk in ${NS_LIST}
do
OIFS="${IFS}"
IFS=":"
set ${ldo_blk}
ldo_domain="$1"
ldo_host="$2"
ldo_owner="$3"
IFS="${OIFS}"
if [[ "${HOST}.${DOMAIN}" == "${ldo_host}.${ldo_domain}" ]]
then
echo "${ldo_owner}"
fi
done
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Header Print
#-----------------------------------------------------------------------------------------------------------------------------------
nab_header_print()
{
case "${FORMAT}"
in
"html")
echo "Content-type: text/html"
echo ""
echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\">"
echo "<HTML>"
echo " <HEAD>"
echo " <META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=iso-8859-1\">"
if [[ "${REFRESH}" == "yes" ]]
then
echo " <META http-equiv=\"Refresh\" content=\"300\">"
fi
echo " <META http-equiv=\"Pragma\" content=\"no-cache\">"
echo " <LINK REL=\"shortcut icon\" HREF=\"/favicon.ico\" TYPE=\"image/x-icon\">"
echo " <LINK REL=\"stylesheet\" TYPE=\"text/css\" HREF=\"/tdsots/default.css\">"
echo " <TITLE>Rx3 NS Admin: ${CMD_STATUS}</Title>"
echo " </HEAD>"
echo " <BODY>"
;;
"txt")
echo "Content-disposition: attachment; filename=${FILE_NAME}"
echo "Content-type: text/plain"
echo ""
;;
esac
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Footer Print
#-----------------------------------------------------------------------------------------------------------------------------------
nab_footer_print()
{
case "${FORMAT}"
in
"html")
echo " </BODY>"
echo ""
echo "</HTML>"
;;
esac
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Usage Print
#-----------------------------------------------------------------------------------------------------------------------------------
nab_usage_print()
{
if [[ "${FORMAT}" == "html" ]]
then
echo " <P>"
echo " <BR>"
echo " </P>"
echo ""
echo " <H2>Rx3 NS Admin Service Usage</H2>"
echo ""
echo " <TABLE BORDER=\"1\" WIDTH=\"95%\" ALIGN=\"CENTER\">"
echo " <TR><TD>"
echo " <TABLE BORDER=\"0\" WIDTH=\"95%\" ALIGN=\"CENTER\">"
echo " <TR><TD>"
echo " <PRE>"
echo " - cmd=address_get: Get the host IP address"
echo " + [format=html|txt]: Output request format (Default to html)"
echo " + host=&lt;Host Name&gt;: Host name to show"
echo " + domain=&lt;Domain Name&gt;: Domain name of the host name"
echo ""
echo " - cmd=address_set: Set the host IP address"
echo " + [format=html|txt]: Output request format (Default to html)"
echo " + host=&lt;Host Name&gt;: Host name to set"
echo " + domain=&lt;Domain Name&gt;: Domain name of the host name"
echo " + [ip=&lt;IP Address&gt;]: IP address to be set (Default to requestor address)"
echo " + [ttl=&lt;TTL&gt;]: TTL to be set (Default to 600)"
echo ""
echo " - Example: https://www.rx3.net/cgi-bin-private/ns-admin_board.cgi?cmd=address_get&amp;host=vpn0&amp;domain=vpn.rx3"
echo " </PRE>"
echo " </TD></TR>"
echo " </TABLE>"
echo " </TD></TR>"
echo " </TABLE>"
else
echo "Rx3 NS Service Usage:"
echo " - cmd=address_get: Get the host IP address"
echo " + [format=html|txt]: Output request format (Default to html)"
echo " + host=<Host Name>: Host name to show"
echo " + domain=<Domain Name>: Domain name of the host name"
echo ""
echo " - cmd=address_set: Set the host IP address"
echo " + [format=html|txt]: Output request format (Default to html)"
echo " + host=<Host Name>: Host name to set"
echo " + domain=<Domain Name>: Domain name of the host name"
echo " + [ip=<IP Address>]: IP address to be set (Default to requestor address)"
echo " + [ttl=<TTL>]: TTL to be set (Default to 600)"
fi
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Result Print
#-----------------------------------------------------------------------------------------------------------------------------------
nab_result_print()
{
local message="$1"
if [[ "${FORMAT}" == "html" ]]
then
echo " <TABLE BORDER=\"1\" WIDTH=\"95%\" ALIGN=\"CENTER\">"
echo " <TR><TD>"
echo " <TABLE BORDER=\"0\" WIDTH=\"95%\" ALIGN=\"CENTER\">"
echo " <TR><TD>"
echo " <PRE>"
echo "${message}"
echo " </PRE>"
echo " </TD></TR>"
echo " </TABLE>"
echo " </TD></TR>"
echo " </TABLE>"
else
echo "${message}"
fi
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Main Board Print
#-----------------------------------------------------------------------------------------------------------------------------------
nab_main_board_print()
{
local blk
local domain
local host
local owner
local address
local ttl
local date
local class
local idx=0
local OIFS
if [[ "${FORMAT}" == "html" ]]
then
echo ""
echo " <H1>Rx3 NS Admin Board</H1>"
echo " <P>"
echo " <BR>"
echo ""
echo " <b>Date: $(/bin/date)</b><br>"
echo " </P>"
echo " <HR>"
echo ""
echo " <P>"
echo " <BR>"
echo " </P>"
echo ""
echo " <H2>Rx3 NS Status Board</H2>"
echo ""
echo " <TABLE BORDER=\"1\" WIDTH=\"100%\">"
echo " <TR class=\"header\"><TD class=\"header\">#</TD><TD>Domain</TD><TD>Host</TD><TD>Address</TD><TD>Owner</TD><TD>TTL</TD><TD>Date</TD></TR>"
else
echo "TABLE: RX3-NS_Status_Board"
echo "#;Domain;Host;Address;Owner;TTL;Date"
fi
for blk in ${NS_LIST}
do
OIFS="${IFS}"
IFS=":"
set ${blk}
domain="$1"
host="$2"
owner="$3"
IFS="${OIFS}"
address="$( dig -t A "${host}.${domain}." | grep "^${host}.${domain}" | awk '{print $5}')"
ttl="$( dig -t A "${host}.${domain}." | grep "^${host}.${domain}" | awk '{print $2}')"
date="$( dig -t TXT "${host}.${domain}." | grep "^${host}.${domain}" | awk '{print $5 " " $6}' | sed -e 's/\"//g')"
if [[ "${REMOTE_USER}" == "${owner}" ]]
then
class="default"
else
class="dark"
fi
if [[ "${FORMAT}" == "html" ]]
then
echo " <TR class=\"${class}\"><TD class=\"header\">${idx}</TD><TD>${domain}</TD><TD>${host}</TD><TD>${address}</TD><TD>${owner}</TD><TD>${ttl}</TD><TD>${date}</TD></TR>"
else
echo "${domain};${host};${address};${owner};${ttl};${date}"
fi
idx=$(( idx + 1 ))
done
if [[ "${FORMAT}" == "html" ]]
then
echo " </TABLE>"
echo " <P>"
echo " <BR>"
echo " </P>"
else
echo ""
fi
nab_usage_print
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Query String Parse
#-----------------------------------------------------------------------------------------------------------------------------------
nab_query_string_parse()
{
local var
local arg
local i
CMD=""
FORMAT=""
IP=""
HOST=""
DOMAIN=""
TTL=""
if [[ "${QUERY_STRING}" != "" ]]
then
local OIFS="${IFS}"
IFS="&"
set ${QUERY_STRING}
IFS="${OIFS}"
i=$#
while [[ "${i}" != "0" ]]
do
var="${1/=*/}"
arg="${1/*=/}"
case "${var}"
in
"cmd")
CMD="${arg}"
;;
"format")
FORMAT="${arg}"
;;
"host")
HOST="${arg}"
;;
"domain")
DOMAIN="${arg}"
;;
"ip")
IP="${arg}"
;;
"ttl")
TTL="${arg}"
;;
esac
shift
i=$(( i - 1 ))
done
fi
if [[ "${FORMAT}" == "" ]]
then
FORMAT="html"
fi
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Command Handler
#-----------------------------------------------------------------------------------------------------------------------------------
nab_command_handler()
{
local owner
local status
case "${CMD}"
in
"")
CMD_STATUS="OK"
REFRESH="yes"
nab_header_print
nab_main_board_print
nab_footer_print
;;
"address_set")
owner="$( nab_lookup_domain_owner)"
if [[ "${owner}" != "" ]]
then
if [[ "${REMOTE_USER}" == "${owner}" ]]
then
if [[ "${IP}" == "" ]]
then
IP="${REMOTE_IP}"
fi
if [[ "${TTL}" == "" ]]
then
TTL="600"
fi
dns_host_update "${HOST}" "${DOMAIN}" "${IP}" "${TTL}"
if [[ "$?" == "0" ]]
then
status="OK"
else
status="KO"
fi
else
status="KO - Not Authorized"
fi
else
status="KO - Domain not found"
fi
CMD_STATUS="${CMD}: ${status}"
REFRESH="no"
nab_header_print
nab_result_print "Set ${HOST}.${DOMAIN}. to ${IP} with TTL ${TTL}: ${status}"
nab_footer_print
;;
"address_get")
owner="$( nab_lookup_domain_owner)"
if [[ "${owner}" != "" ]]
then
HOST_INFO="$( dig -t ANY "${HOST}.${DOMAIN}.")"
if [[ "$?" == "0" ]]
then
status="OK"
else
status="KO"
fi
else
status="KO - Domain not found"
fi
CMD_STATUS="${CMD}: ${status}"
REFRESH="no"
nab_header_print
if [[ "${FORMAT}" == "html" ]]
then
nab_result_print "${HOST}.${DOMAIN}.: ${status}<br>
${HOST_INFO}"
else
echo "${HOST}.${DOMAIN}.:"
echo ""
echo "${HOST_INFO}"
fi
nab_footer_print
;;
*)
CMD_STATUS="${CMD}: UNKNOWN_CMD"
nab_header_print
nab_footer_print
;;
esac
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Main
#-----------------------------------------------------------------------------------------------------------------------------------
nab_query_string_parse
dns_init
nab_command_handler
dns_deinit

961
www/cgi-bin/vpn-admin_board.cgi Executable file
View File

@@ -0,0 +1,961 @@
#!/bin/bash
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Rx3 VPN Admin Board CGI
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------------------
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------
: "${RX3_LIB_DIR:=/usr/lib/rx3}"
. "${RX3_LIB_DIR}/network.bash"
#-----------------------------------------------------------------------------------------------------------------------------------
# Global Variables
#-----------------------------------------------------------------------------------------------------------------------------------
declare -g VERSION="1.0.0"
declare -g NAME="vpn-admin_board.cgi"
declare -g DEBUG=""
#declare -g DEBUG="echo"
#declare -g DEBUG=":"
# No Log please
export LOG=""
declare -g TIME_IN=$(date +%s%N)
declare -g CMD=""
declare -g FORMAT=""
declare -g USER=""
declare -g STATUS=""
declare -g IP=""
declare -g VPN=""
declare -g TYPE=""
declare -g REDIRECT=""
declare -g CMD_STATUS=""
declare -g ADMIN=""
declare -g FILTER=""
declare -g DEFROUTE=""
declare -g FILENAME=""
declare -g FILE_NAME=""
declare -g HOST_NAME=""
declare -g ADMIN_MODE=""
declare -g USER_MODE=""
declare -g STATUS_MODE=""
#-----------------------------------------------------------------------------------------------------------------------------------
# Header Print
#-----------------------------------------------------------------------------------------------------------------------------------
vab_header_print()
{
case "${FORMAT}"
in
"html")
echo "Content-type: text/html"
echo ""
echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\" \"http://www.w3.org/TR/html4/strict.dtd\">"
echo "<HTML>"
echo " <HEAD>"
echo " <META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html; charset=iso-8859-1\">"
echo " <META http-equiv=\"Refresh\" content=\"300\">"
echo " <META http-equiv=\"Pragma\" content=\"no-cache\">"
echo " <LINK REL=\"shortcut icon\" HREF=\"/favicon.ico\" TYPE=\"image/x-icon\">"
echo " <LINK REL=\"stylesheet\" TYPE=\"text/css\" HREF=\"/tdsots/default.css\">"
if [[ "${CMD_STATUS}" == "" ]]
then
echo " <TITLE>Rx3 VPN Admin Board</Title>"
else
echo " <TITLE>Rx3 VPN Admin Board: ${CMD_STATUS}</Title>"
fi
if [[ "${REDIRECT}" != "" ]]
then
echo " <meta http-equiv=\"REFRESH\" content=\"1; URL=${REDIRECT}\">"
fi
echo " </HEAD>"
echo " <BODY>"
;;
"csv")
echo "Content-type: text/csv"
echo ""
echo "SOF"
if [[ "${REDIRECT}" != "" ]]
then
echo "CMD: ${CMD_STATUS}"
fi
;;
"txt")
echo "Content-disposition: attachment; filename=${FILE_NAME}"
echo "Content-type: text/plain"
echo ""
;;
esac
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Footer Print
#-----------------------------------------------------------------------------------------------------------------------------------
vab_footer_print()
{
case "${FORMAT}"
in
"html")
echo " </BODY>"
echo ""
echo "</HTML>"
;;
"csv")
echo ""
echo "EOF"
;;
esac
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Destination Status Board
#-----------------------------------------------------------------------------------------------------------------------------------
vab_destination_status_board()
{
local dst_id
if [[ "${FORMAT}" == "html" ]]
then
echo " <P>"
echo " <BR>"
echo " </P>"
echo ""
echo " <H2>Destination Status Board</H2>"
echo ""
echo " <TABLE BORDER=\"1\" WIDTH=\"100%\">"
echo " <TR class=\"header\"><TD class=\"header\">#</TD><TD>Name</TD><TD>Type</TD><TD>Device</TD><TD>Status</TD><TD>IP</TD><TD>Host Name</TD><TD>Config</TD><TD>Table</TD><TD>Bytes In</TD><TD>Bytes Out</TD><TD>UpTime</TD></TR>"
else
echo "TABLE: Destination_Status_Board"
echo "#;Name;Type;Device;Status;IP;Host Name;Config;Table;Bytes In;Bytes Out;UpTime"
fi
for dst_id in ${NETWORK_DST_ID_LIST}
do
network_dst_tab_get "${dst_id}"
if [[ "${dst_status}" == "0" ]]
then
dst_ip="-"
fi
if [[ ( "${STATUS}" == "" ) || ( "${STATUS}" == "${dst_status}") ]]
then
if [[ "${FORMAT}" == "html" ]]
then
echo -n " <TR><TD class=\"header\">${dst_id}</TD><TD>${dst_name}</TD><TD>${NETWORK_DST_TYPE[${dst_type}]}</TD><TD>${dst_device}</TD>"
case "${dst_status}"
in
"0")
echo -n "<TD><A HREF=\"?admin=${ADMIN}&amp;user=${USER}&amp;status=${dst_status}\"><IMG SRC=\"/icons/user-busy.png\" TITLE=\"Down\" ALT=\"Down\"></A></TD>"
;;
"1")
echo -n "<TD><A HREF=\"?admin=${ADMIN}&amp;user=${USER}&amp;status=${dst_status}\"><IMG SRC=\"/icons/user-online.png\" TITLE=\"Up\" ALT=\"Up\"></A></TD>"
;;
"2")
echo -n "<TD><A HREF=\"?admin=${ADMIN}&amp;user=${USER}&amp;status=${dst_status}\"><IMG SRC=\"/icons/user-unready.png\" TITLE=\"Unready\" ALT=\"Unready\"></A></TD>"
;;
*)
echo -n "<TD><IMG SRC=\"\" TITLE=\"Unknown\" ALT=\"Unknown\"></TD>"
;;
esac
echo "<TD>${dst_ip:--}</TD><TD>${dst_host_name:--}</TD><TD>${dst_config:--}</TD><TD>${dst_table}</TD><TD>${dst_bytes_received:--}</TD><TD>${dst_bytes_sent:--}</TD><TD>${dst_uptime:--}</TD></TR>"
else
echo "${dst_id};${dst_name};${NETWORK_DST_TYPE[${dst_type}]};${dst_device};${dst_status};${dst_ip};${dst_host_name};${dst_config};${dst_table};${dst_bytes_received};${dst_bytes_sent};${dst_uptime}"
fi
fi
done
if [[ "${FORMAT}" == "html" ]]
then
echo " </TABLE>"
echo " <P>"
echo " <BR>"
echo " </P>"
echo ""
else
echo ""
fi
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Source Routing Board Line
#-----------------------------------------------------------------------------------------------------------------------------------
vab_source_routing_board_line()
{
local src_id="$1"
local class
local dst_id
network_src_tab_get "${src_id}"
if [[ ( "${USER}" == "" ) || ( "${USER}" == "owner") || ( "${USER}" == "${src_owner}") ]]
then
if [[ ( "${ADMIN}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
then
class="default"
else
if [[ "${USER}" == "owner" ]]
then
class="skip"
else
class="dark"
fi
fi
else
class="skip"
fi
if [[ ( "${STATUS}" != "" ) && ( "${STATUS}" != "${src_status}") ]]
then
class="skip"
fi
if [[ "${class}" != "skip" ]]
then
if [[ "${FORMAT}" == "html" ]]
then
echo -n " <TR class=\"${class}\"><TD class=\"header\">${src_id}</TD>"
echo -n "<TD>${NETWORK_SRC_TYPE[${src_type}]}</TD><TD>${src_ip}</TD><TD>${src_host_name:--}</TD>"
echo -n "<TD>${src_device:--}</TD>"
case "${src_status}"
in
"0")
echo -n "<TD><A HREF=\"?admin=${ADMIN}&amp;user=${USER}&amp;status=${src_status}\"><IMG SRC=\"/icons/user-busy.png\" TITLE=\"Down\" ALT=\"Down\"></A></TD>"
;;
"1")
echo -n "<TD><A HREF=\"?admin=${ADMIN}&amp;user=${USER}&amp;status=${src_status}\"><IMG SRC=\"/icons/user-online.png\" TITLE=\"Up\" ALT=\"Up\"></A></TD>"
;;
"2")
echo -n "<TD><A HREF=\"?admin=${ADMIN}&amp;user=${USER}&amp;status=${src_status}\">-</A></TD>"
;;
esac
else
echo -n "${src_id};${NETWORK_SRC_TYPE[${src_type}]};${src_ip};${src_host_name};${src_device};${src_status};"
fi
for dst_id in ${NETWORK_DST_ID_LIST}
do
network_dst_tab_get "${dst_id}"
if [[ ( "${ADMIN}" == "true") || ( "${dst_type}" != "1") ]]
then
if [[ "${FORMAT}" == "html" ]]
then
echo -n "<TD><TABLE class=\"${class}\" BORDER=\"0\" WIDTH=\"100%\"><TR><TD class=\"half\">"
if [[ "${dst_table}" == "${src_table}" ]]
then
echo -n "<IMG SRC=\"/icons/user-online.png\" TITLE=\"Up\" ALT=\"Up\"></TD><TD>&nbsp;"
else
echo -n "<IMG SRC=\"/icons/user-busy.png\" TITLE=\"Down\" ALT=\"Down\"></TD><TD>"
if [[ ( "${ADMIN}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
then
echo -n "<A HREF=\"?cmd=route_set&amp;admin=${ADMIN}&amp;user=${USER}&amp;status=${STATUS}&amp;ip=${src_ip}&amp;vpn=${dst_id}\"><IMG SRC=\"/icons/user-invisible.png\" TITLE=\"Activate\" ALT=\"Activate\"></A>"
else
echo -n "&nbsp;"
fi
fi
echo -n "</TD></TR></TABLE></TD>"
else
if [[ "${dst_table}" == "${src_table}" ]]
then
echo -n "1;"
else
echo -n "0;"
fi
fi
fi
done
if [[ "${FORMAT}" == "html" ]]
then
if [[ "${src_port_range}" != "0" ]]
then
echo -n "<TD>${src_port_range}</TD><TD>${src_port_start:--}</TD><TD>${src_port_end:--}</TD>"
else
echo -n "<TD>${src_port_range}</TD><TD>-</TD><TD>-</TD>"
fi
echo "<TD><A HREF=\"?admin=${ADMIN}&amp;user=${src_owner}&amp;status=${STATUS}\">${src_owner}</A></TD><TD>${src_bytes_received:--}</TD><TD>${src_bytes_sent:--}</TD><TD>${src_uptime:--}</TD><TD>${src_last_seen:--}</TD></TR>"
else
echo "${src_port_range};${src_port_start};${src_port_end};${src_owner};${src_bytes_received};${src_bytes_sent};${src_uptime};${src_last_seen}"
fi
fi
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Source Routing Board
#-----------------------------------------------------------------------------------------------------------------------------------
vab_source_routing_board()
{
local src_id
local dst_id
if [[ "${FORMAT}" == "html" ]]
then
echo " <P>"
echo " <BR>"
echo " </P>"
echo ""
echo " <H2>Source Routing Board</H2>"
echo ""
echo " <TABLE BORDER=\"1\" WIDTH=\"100%\">"
echo -n " <TR class=\"header\"><TD class=\"header\">#</TD><TD>Type</TD><TD>IP</TD><TD>Host Name</TD><TD>Device</TD><TD>Status</TD>"
else
echo "TABLE: Source_Routing_Board"
echo -n "#;Type;IP;Host Name;Status;Device;"
fi
for dst_id in ${NETWORK_DST_ID_LIST}
do
network_dst_tab_get "${dst_id}"
if [[ ( "${ADMIN}" == "true") || ( "${dst_type}" != "1") ]]
then
if [[ "${FORMAT}" == "html" ]]
then
echo -n "<TD>${dst_name}</TD>"
else
echo -n "${dst_name};"
fi
fi
done
if [[ "${FORMAT}" == "html" ]]
then
echo "<TD>Port Range</TD><TD>From Port</TD><TD>To Port</TD><TD>Owner</TD><TD>Bytes In</TD><TD>Bytes Out</TD><TD>UpTime</TD><TD>Last Seen</TD></TR>"
else
echo "Port Range;From Port;To Port;Owner;Bytes In;Bytes Out;UpTime;Last Seen"
fi
for src_id in ${NETWORK_SRC_ID_LIST}
do
vab_source_routing_board_line "${src_id}"
done
if [[ "${FORMAT}" == "html" ]]
then
echo " </TABLE>"
echo " <P>"
echo " <BR>"
echo " </P>"
else
echo ""
fi
}
#-----------------------------------------------------------------------------------------------------------------------------------
# VPN OpenVPN Board
#-----------------------------------------------------------------------------------------------------------------------------------
vab_vpn_openvpn_board()
{
local src_id
local class
local idx=0
if [[ "${FORMAT}" == "html" ]]
then
echo " <P>"
echo " <BR>"
echo " </P>"
echo ""
echo " <H2>OpenVPN Board</H2>"
echo ""
echo " <TABLE BORDER=\"1\" WIDTH=\"100%\">"
echo " <TR class=\"header\"><TD class=\"header\" ROWSPAN=3>#</TD><TD ROWSPAN=3>IP</TD><TD ROWSPAN=3>Host Name</TD><TD COLSPAN=4>Configuration</TD><TD COLSPAN=5>Certificates</TD></TR><TR class=\"header\"><TD COLSPAN=2>Default Route VPN</TD><TD COLSPAN=2>No Default Route VPN</TD><TD ROWSPAN=2>CA Certificate (.crt)</TD><TD ROWSPAN=2>TC Certificate (.key)</TD><TD ROWSPAN=2>Private Key (.key)</TD><TD ROWSPAN=2>Cerificate Signing Request (.csr)</TD><TD ROWSPAN=2>Public Certificate (.crt)</TD></TR><TR class=\"header\"><TD>External Crt</TD><TD>Inline Crt</TD><TD>External Crt</TD><TD>Inline Crt</TD></TR>"
else
echo "TABLE: OpenVPN_Board"
echo "#;IP;Host Name;Certificate"
fi
for src_id in ${NETWORK_SRC_ID_LIST}
do
network_src_tab_get "${src_id}"
if [[ "${src_type}" == "2" ]]
then
if [[ ( "${USER}" == "" ) || ( "${USER}" == "owner") || ( "${USER}" == "${src_owner}") ]]
then
if [[ ( "${ADMIN}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
then
class="default"
else
if [[ "${USER}" == "owner" ]]
then
class="skip"
else
class="dark"
fi
fi
else
class="skip"
fi
if [[ ( "${STATUS}" != "" ) && ( "${STATUS}" != "${src_status}") ]]
then
class="skip"
fi
if [[ "${class}" != "skip" ]]
then
if [[ "${FORMAT}" == "html" ]]
then
echo -n " <TR class=\"${class}\"><TD class=\"header\">${idx}</TD><TD>${src_ip}</TD><TD>${src_host_name}</TD>"
echo -n "<TD><A HREF=\"?cmd=config_download&amp;admin=${ADMIN}&amp;user=${USER}&amp;status=${STATUS}&amp;ip=${src_ip}&amp;defroute=true&amp;type=ext\" ><IMG SRC=\"/icons/user-online.png\" TITLE=\"Configuration Default Route External Certificates\" ALT=\"Configuration External Certificates\"></A></TD>"
if [[ ( "${ADMIN}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
then
echo -n "<TD><A HREF=\"?cmd=config_download&amp;admin=${ADMIN}&amp;user=${USER}&amp;status=${STATUS}&amp;ip=${src_ip}&amp;defroute=true&amp;type=inline\" ><IMG SRC=\"/icons/user-online.png\" TITLE=\"Configuration Default Route Inline Certificates\" ALT=\"Configuration Inline Certificates\"></A></TD>"
else
echo -n "<TD><IMG SRC=\"/icons/user-online.png\" TITLE=\"Configuration Inline Certificates\" ALT=\"Configuration Inline Certificates\"></TD>"
fi
echo -n "<TD><A HREF=\"?cmd=config_download&amp;admin=${ADMIN}&amp;user=${USER}&amp;status=${STATUS}&amp;ip=${src_ip}&amp;defroute=false&amp;type=ext\" ><IMG SRC=\"/icons/user-online.png\" TITLE=\"Configuration NoDefault Route External Certificates\" ALT=\"Configuration External Certificates\"></A></TD>"
if [[ ( "${ADMIN}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
then
echo -n "<TD><A HREF=\"?cmd=config_download&amp;admin=${ADMIN}&amp;user=${USER}&amp;status=${STATUS}&amp;ip=${src_ip}&amp;defroute=false&amp;type=inline\" ><IMG SRC=\"/icons/user-online.png\" TITLE=\"Configuration NoDefault Route Inline Certificates\" ALT=\"Configuration Inline Certificates\"></A></TD>"
else
echo -n "<TD><IMG SRC=\"/icons/user-online.png\" TITLE=\"Configuration Inline Certificates\" ALT=\"Configuration Inline Certificates\"></TD>"
fi
echo -n "<TD><A HREF=\"?cmd=cert_download&amp;admin=${ADMIN}&amp;user=${USER}&amp;status=${STATUS}&amp;ip=${src_ip}&amp;type=ca\" ><IMG SRC=\"/icons/user-online.png\" TITLE=\"CA Certificate\" ALT=\"CA Certificate\"></A></TD>"
if [[ ( "${ADMIN}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") ]]
then
echo -n "<TD><A HREF=\"?cmd=cert_download&amp;admin=${ADMIN}&amp;user=${USER}&amp;status=${STATUS}&amp;ip=${src_ip}&amp;type=tc\" ><IMG SRC=\"/icons/user-online.png\" TITLE=\"TC Certificate\" ALT=\"TC Certificate\"></A></TD>"
if [[ -f "/etc/openvpn/tls/certs/${src_host_name}.crt" ]]
then
echo -n "<TD><A HREF=\"?cmd=cert_download&amp;admin=${ADMIN}&amp;user=${USER}&amp;status=${STATUS}&amp;ip=${src_ip}&amp;type=key\"><IMG SRC=\"/icons/user-online.png\" TITLE=\"Private Key\" ALT=\"Private Key\"></A></TD>"
echo -n "<TD><A HREF=\"?cmd=cert_download&amp;admin=${ADMIN}&amp;user=${USER}&amp;status=${STATUS}&amp;ip=${src_ip}&amp;type=csr\"><IMG SRC=\"/icons/user-online.png\" TITLE=\"Certificate Signing Request\" ALT=\"Certificate Signing Request\"></A></TD>"
echo "<TD><A HREF=\"?cmd=cert_download&amp;admin=${ADMIN}&amp;user=${USER}&amp;status=${STATUS}&amp;ip=${src_ip}&amp;type=crt\"><IMG SRC=\"/icons/user-online.png\" TITLE=\"Public Certificate\" ALT=\"Public Certificate\"></A></TD></TR>"
else
echo -n "<TD><IMG SRC=\"/icons/user-busy.png\" TITLE=\"Private Key\" ALT=\"Private Key\"></TD>"
echo -n "<TD><IMG SRC=\"/icons/user-busy.png\" TITLE=\"Certificate Signing Request\" ALT=\"Certificate Signing Request\"></TD>"
echo "<TD><IMG SRC=\"/icons/user-busy.png\" TITLE=\"Public Certificate\" ALT=\"Public Certificate\"></TD></TR>"
fi
else
echo -n "<TD><IMG SRC=\"/icons/user-online.png\" TITLE=\"TC Certificate\" ALT=\"TC Certificate\"></TD>"
if [[ -f "/etc/openvpn/tls/certs/${src_host_name}.crt" ]]
then
echo -n "<TD><IMG SRC=\"/icons/user-online.png\" TITLE=\"Private Key\" ALT=\"Private Key\"></TD>"
echo -n "<TD><IMG SRC=\"/icons/user-online.png\" TITLE=\"Certificate Signing Request\" ALT=\"Certificate Signing Request\"></TD>"
echo "<TD><IMG SRC=\"/icons/user-online.png\" TITLE=\"Public Certificate\" ALT=\"Public Certificate\"></TD></TR>"
else
echo -n "<TD><IMG SRC=\"/icons/user-busy.png\" TITLE=\"Private Key\" ALT=\"Private Key\"></TD>"
echo -n "<TD><IMG SRC=\"/icons/user-busy.png\" TITLE=\"Certificate Signing Request\" ALT=\"Certificate Signing Request\"></TD>"
echo "<TD><IMG SRC=\"/icons/user-busy.png\" TITLE=\"Public Certificate\" ALT=\"Public Certificate\"></TD></TR>"
fi
fi
else
echo -n "${idx};${src_ip};${src_host_name}"
if [[ -f "/etc/openvpn/tls/certs/${src_host_name}.crt" ]]
then
echo ";1"
else
echo ";0"
fi
fi
idx=$(( idx + 1 ))
fi
fi
done
if [[ "${FORMAT}" == "html" ]]
then
echo " </TABLE>"
echo " <P>"
echo " <BR>"
echo " </P>"
fi
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Main Board Print
#-----------------------------------------------------------------------------------------------------------------------------------
vab_main_board_print()
{
if [[ "${FORMAT}" == "html" ]]
then
echo ""
if [[ "${ADMIN}" == "true" ]]
then
ADMIN_MODE=" - Admin Mode"
else
ADMIN_MODE=""
fi
case "${USER}"
in
"")
USER_MODE="All"
;;
"owner")
USER_MODE="My"
;;
*)
USER_MODE="${USER}"
;;
esac
case "${STATUS}"
in
"")
STATUS_MODE="All"
;;
"0")
STATUS_MODE="Down"
;;
"1")
STATUS_MODE="Up"
;;
"2")
STATUS_MODE="Not Connected"
;;
*)
STATUS_MODE="Unknown"
;;
esac
echo " <H1>VPN Admin Board: ${USER_MODE} VPN - ${STATUS_MODE} Status${ADMIN_MODE}</H1>"
echo " <P>"
echo " <BR>"
echo ""
echo " <b>Date: $(/bin/date)</b><br>"
echo " </P>"
echo " <HR>"
echo ""
fi
vab_destination_status_board
vab_source_routing_board
vab_vpn_openvpn_board
if [[ "${FORMAT}" == "html" ]]
then
local time_out
local elaps
local elaps_sec
local elaps_mili
echo " <P>"
echo " <BR>"
echo " <BR>"
echo -n " "
if [[ " ${ADMIN_USER_LIST} " == *" ${REMOTE_USER} "* ]]
then
if [[ "${ADMIN}" == "true" ]]
then
echo -n "<A HREF=\"?user=${USER}&amp;status=${STATUS}\">Non Admin Mode</A>"
else
echo -n "<A HREF=\"?admin=true&amp;user=${USER}&amp;status=${STATUS}\">Admin Mode</A>"
fi
echo -n "&nbsp;&nbsp;&nbsp;"
fi
if [[ "${USER}" != "" ]]
then
echo -n "<A HREF=\"?admin=${ADMIN}&amp;status=${STATUS}\">All VPN</A>"
echo -n "&nbsp;&nbsp;&nbsp;"
fi
if [[ "${STATUS}" != "" ]]
then
echo -n "<A HREF=\"?admin=${ADMIN}&amp;user=${USER}\">All Status</A>"
fi
echo ""
echo " </P>"
time_out=$(date +%s%N)
elaps=$(( TIME_IN - time_out ))
elaps_sec=$(( elaps / 1000000000 ))
elaps_mili=$(( ( elaps / 1000000) - ( elaps_sec * 1000) ))
echo " <P>"
echo " <BR>"
echo " <BR>"
printf " Page generated in %d.%03d seconds\n" "${elaps_sec}" "${elaps_mili}"
echo " </P>"
echo ""
echo " <HR>"
echo ""
echo " <P>"
echo " <A HREF=\"/tdsots/admin/\">Rx3 Admin</A>"
echo " </P>"
echo ""
echo " <HR>"
echo ""
echo " <P>"
echo " <A HREF=\"http://www.hertgen.com/anybrowser/\"> <IMG SRC=\"/images/anyb09.png\" ALT=\"Best Viewed With Any Browser\"></A>"
echo " <A HREF=\"http://validator.w3.org/check?uri=referer\"><IMG SRC=\"/images/valid-html401.png\" ALT=\"Valid HTML 4.01!\"></A>"
echo " <A HREF=\"http://jigsaw.w3.org/css-validator/\"> <IMG SRC=\"/images/valid-css.png\" ALT=\"Valid CSS!\"></A>"
echo " </P>"
fi
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Query String Parse
#-----------------------------------------------------------------------------------------------------------------------------------
vab_query_string_parse()
{
local var
local arg
local i
CMD=""
FORMAT=""
USER=""
STATUS=""
IP=""
VPN=""
TYPE=""
REDIRECT=""
CMD_STATUS=""
ADMIN=""
FILTER=""
DEFROUTE=""
FILENAME=""
if [[ "${QUERY_STRING}" != "" ]]
then
local OIFS="${IFS}"
IFS="&"
set ${QUERY_STRING}
IFS="${OIFS}"
i=$#
while [[ "${i}" != "0" ]]
do
var="${1/=*/}"
arg="${1/*=/}"
case "${var}"
in
"cmd")
CMD="${arg}"
;;
"format")
FORMAT="${arg}"
;;
"admin")
ADMIN="${arg}"
;;
"filter")
FILTER="${arg}"
;;
"user")
USER="${arg}"
;;
"status")
STATUS="${arg}"
;;
"ip")
IP="${arg}"
;;
"vpn")
VPN="${arg}"
;;
"type")
TYPE="${arg}"
;;
"filename")
FILENAME="${arg}"
;;
"defroute")
DEFROUTE="${arg}"
;;
esac
shift
i=$(( i - 1 ))
done
fi
if [[ "${FORMAT}" == "" ]]
then
FORMAT="html"
fi
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Command Handler
#-----------------------------------------------------------------------------------------------------------------------------------
vab_command_handler()
{
if [[ ( "${ADMIN}" == "true") && ( " ${ADMIN_USER_LIST} " != *" ${REMOTE_USER} "*) ]]
then
CMD_STATUS="${CMD}: Admin NOT_AUTHORIZED"
REDIRECT="?user=${USER}&amp;up=${up}"
vab_header_print
vab_footer_print
else
case "${CMD}"
in
"")
vab_header_print
vab_main_board_print
vab_footer_print
;;
"route_set")
network_src_tab_ip_lookup "${IP}"
network_src_tab_get "${src_id}"
network_dst_tab_get "${VPN}"
if [[ ( "${ADMIN}" == "true") || ( ( "${REMOTE_USER}" == "${src_owner}") && ( "${dst_type}" != "1")) ]]
then
sudo rx3_net_adm table_set "${IP}" "${dst_table}" 1>&2
if [[ "$?" == "0" ]]
then
CMD_STATUS="route_set: OK"
else
CMD_STATUS="route_set: KO"
fi
else
CMD_STATUS="route_set: NOT_AUTHORIZED [${REMOTE_USER}]/[${src_owner}]/[${dst_type}]"
fi
REDIRECT="?admin=${ADMIN}&amp;filter=${FILTER}"
vab_header_print
vab_footer_print
;;
"cert_download")
network_src_tab_ip_lookup "${IP}"
network_src_tab_get "${src_id}"
if [[ ( "${ADMIN}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") || ( "${TYPE}" == "ca") || ( "${TYPE}" == "crt") ]]
then
CMD_STATUS="cert_download: OK"
FORMAT="txt"
case "${TYPE}"
in
"ca")
FILE_NAME="ca.crt"
HOST_NAME=""
;;
"tc")
FILE_NAME="tc.key"
HOST_NAME=""
;;
*)
HOST_NAME="$( host "${IP}" | sed -e 's/.*domain name pointer //' -e 's/.$//')"
FILE_NAME="${HOST_NAME}.${TYPE}"
;;
esac
vab_header_print
sudo cert_dump "${TYPE}" "${HOST_NAME}"
else
CMD_STATUS="cert_download: NOT_AUTHORIZED"
REDIRECT="?admin=${ADMIN}&amp;filter=${FILTER}"
FORMAT="html"
vab_header_print
vab_footer_print
fi
;;
"config_download")
network_src_tab_ip_lookup "${IP}"
network_src_tab_get "${src_id}"
if [[ ( "${ADMIN}" == "true") || ( "${REMOTE_USER}" == "${src_owner}") || ( "${TYPE}" == "ext") ]]
then
local defroute_pipe
local template_name
local route_type
CMD_STATUS="config_download: OK"
HOST_NAME="$( host "${IP}" | sed -e 's/.*domain name pointer //' -e 's/.$//')"
template_name="rx3-client.ovpn"
if [[ "${DEFROUTE}" == "false" ]]
then
defroute_pipe="sed s/#pull-filter/pull-filter/"
route_type="nodefroute"
else
defroute_pipe="cat"
route_type="defroute"
fi
FORMAT="txt"
if [[ "${TYPE}" == "ext" ]]
then
FILE_NAME="${HOST_NAME}-${route_type}-external.ovpn"
vab_header_print
sed </etc/openvpn/template/${template_name} -e "s/CLIENT_FQDN/${HOST_NAME}/g" | ${defroute_pipe}
else
FILE_NAME="${HOST_NAME}-${route_type}-inline.ovpn"
vab_header_print
eval "echo \"$( sed </etc/openvpn/template/${template_name} \
-e "s/ca tls\/certs\/ca.crt/\$(echo \"<ca>\"; sudo cert_dump ca; echo \"<\/ca>\")/" \
-e "s/cert tls\/certs\/CLIENT_FQDN.crt/\$(echo \"<cert>\"; sudo cert_dump crt CLIENT_FQDN; echo \"<\/cert>\")/" \
-e "s/key tls\/private\/CLIENT_FQDN.key/\$(echo \"<key>\"; sudo cert_dump key CLIENT_FQDN; echo \"<\/key>\")/" \
-e "s/tls-crypt tls\/private\/tc.key/\$(echo \"<tls-crypt>\"; sudo cert_dump tc; echo \"<\/tls-crypt>\")/" \
-e "s/CLIENT_FQDN/${HOST_NAME}/g")\"" | ${defroute_pipe}
fi
else
CMD_STATUS="config_download: NOT_AUTHORIZED"
REDIRECT="?admin=${ADMIN}&amp;filter=${FILTER}"
FORMAT="html"
vab_header_print
vab_footer_print
fi
;;
*)
CMD_STATUS="${CMD}: UNKNOWN_CMD"
vab_header_print
vab_footer_print
;;
esac
fi
}
#-----------------------------------------------------------------------------------------------------------------------------------
# Main
#-----------------------------------------------------------------------------------------------------------------------------------
vab_query_string_parse
network_init
vab_command_handler
network_deinit