}
}
-# Darren Critchley - certain ports are reserved for IPFire
-# TCP 67,68,81,222,445
-# UDP 67,68
-# Params passed in -> port, rangeyn, protocol
-sub disallowreserved
-{
- # port 67 and 68 same for tcp and udp, don't bother putting in an array
- my $msg = "";
- my @tcp_reserved = (81,222,445);
- my $prt = $_[0]; # the port or range
- my $ryn = $_[1]; # tells us whether or not it is a port range
- my $prot = $_[2]; # protocol
- my $srcdst = $_[3]; # source or destination
- if ($ryn) { # disect port range
- if ($srcdst eq "src") {
- $msg = "$Lang::tr{'rsvd src port overlap'}";
- } else {
- $msg = "$Lang::tr{'rsvd dst port overlap'}";
- }
- my @tmprng = split(/\:/,$prt);
- unless (67 < $tmprng[0] || 67 > $tmprng[1]) { $errormessage="$msg 67"; return; }
- unless (68 < $tmprng[0] || 68 > $tmprng[1]) { $errormessage="$msg 68"; return; }
- if ($prot eq "tcp") {
- foreach my $prange (@tcp_reserved) {
- unless ($prange < $tmprng[0] || $prange > $tmprng[1]) { $errormessage="$msg $prange"; return; }
- }
- }
- } else {
- if ($srcdst eq "src") {
- $msg = "$Lang::tr{'reserved src port'}";
- } else {
- $msg = "$Lang::tr{'reserved dst port'}";
- }
- if ($prt == 67) { $errormessage="$msg 67"; return; }
- if ($prt == 68) { $errormessage="$msg 68"; return; }
- if ($prot eq "tcp") {
- foreach my $prange (@tcp_reserved) {
- if ($prange == $prt) { $errormessage="$msg $prange"; return; }
- }
- }
- }
- return;
-}
-
sub writeserverconf {
my %sovpnsettings = ();
my @temp = ();
my @iprange=();
my %ccdhash=();
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
- $iprange[0]=$ip1.".".$ip2.".".$ip3.".".2;
+ $iprange[0]=$ip1.".".$ip2.".".$ip3.".".($ip4+2);
for (my $i=1;$i<=$count;$i++) {
my $tmpip=$iprange[$i-1];
my $stepper=$i*4;
goto SETTINGS_ERROR;
}
}
- if ($cgiparams{'ENABLED'} eq 'on'){
- &disallowreserved($cgiparams{'DDEST_PORT'},0,$cgiparams{'DPROTOCOL'},"dest");
- }
if ($errormessage) { goto SETTINGS_ERROR; }
-
-
+
if ($cgiparams{'ENABLED'} eq 'on'){
&checkportfw($cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'});
}
-
if ($errormessage) { goto SETTINGS_ERROR; }
if (! &General::validipandmask($cgiparams{'DOVPN_SUBNET'})) {
$errormessage = $Lang::tr{'invalid port'};
goto SETTINGS_ERROR;
}
+
+ if ($cgiparams{'DDEST_PORT'} <= 1023) {
+ $errormessage = $Lang::tr{'ovpn port in root range'};
+ goto SETTINGS_ERROR;
+ }
+
$vpnsettings{'ENABLED_BLUE'} = $cgiparams{'ENABLED_BLUE'};
$vpnsettings{'ENABLED_ORANGE'} =$cgiparams{'ENABLED_ORANGE'};
$vpnsettings{'ENABLED'} = $cgiparams{'ENABLED'};
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
goto VPNCONF_ERROR;
- }
+ }
+
+ if ($cgiparams{'DEST_PORT'} <= 1023) {
+ $errormessage = $Lang::tr{'ovpn port in root range'};
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ goto VPNCONF_ERROR;
+ }
- if ($cgiparams{'OVPN_MGMT'} eq '') {
- $cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'};
+ if ($cgiparams{'OVPN_MGMT'} eq '') {
+ $cgiparams{'OVPN_MGMT'} = $cgiparams{'DEST_PORT'};
+ }
+
+ if ($cgiparams{'OVPN_MGMT'} <= 1023) {
+ $errormessage = $Lang::tr{'ovpn mgmt in root range'};
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ goto VPNCONF_ERROR;
}
}
#EXITING -- A graceful exit is in progress.
####
- if ( $tustate[1] eq 'CONNECTED') {
+ if (($tustate[1] eq 'CONNECTED') || ($tustate[1] eq 'WAIT')) {
$col1="bgcolor='${Header::colourgreen}'";
$active = "<b><font color='#FFFFFF'>$Lang::tr{'capsopen'}</font></b>";
}else {
projects / people / teissler / ipfire-2.x.git / blobdiff