This setting stems from IPCop (and probably Openswan) and causes a problem.
Fixes bug #10496.
Signed-off-by: Lars Schuhmacher <larsen007@web.de>
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
###
###Type=Host : GUI can choose the interface used (RED,GREEN,BLUE) and
### the side is always defined as 'left'.
-### configihash[14]: 'VHOST' is allowed
###
sub writeipsecfiles {
if ($lconfighash{$key}[3] eq 'net') {
my $cidr_net=&General::ipcidr($lconfighash{$key}[11]);
print CONF "\trightsubnet=$cidr_net\n";
- } elsif ($lconfighash{$key}[10] eq '%any' && $lconfighash{$key}[14] eq 'on') { #vhost allowed for roadwarriors?
- print CONF "\trightsubnet=vhost:%no,%priv\n";
}
# Local Cert and Remote Cert (unless auth is DN dn-auth)
&Header::closepage();
exit (0);
###
-### Adding/Editing/Saving a connection
+### Adding/Editing/Saving a connection
###
} elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) ||
($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) ||
$cgiparams{'COMPRESSION'} = $confighash{$cgiparams{'KEY'}}[13];
$cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24];
$cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28];
- $cgiparams{'VHOST'} = $confighash{$cgiparams{'KEY'}}[14];
$cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30];
$cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31];
$cgiparams{'FORCE_MOBIKE'} = $confighash{$cgiparams{'KEY'}}[32];
$confighash{$key}[13] = $cgiparams{'COMPRESSION'};
$confighash{$key}[24] = $cgiparams{'ONLY_PROPOSED'};
$confighash{$key}[28] = $cgiparams{'PFS'};
- $confighash{$key}[14] = $cgiparams{'VHOST'};
$confighash{$key}[30] = $cgiparams{'DPD_TIMEOUT'};
$confighash{$key}[31] = $cgiparams{'DPD_DELAY'};
$confighash{$key}[32] = $cgiparams{'FORCE_MOBIKE'};
$cgiparams{'COMPRESSION'} = 'on'; #[13];
$cgiparams{'ONLY_PROPOSED'} = 'off'; #[24];
$cgiparams{'PFS'} = 'on'; #[28];
- $cgiparams{'VHOST'} = 'on'; #[14];
}
VPNCONF_ERROR:
<input type='hidden' name='COMPRESSION' value='$cgiparams{'COMPRESSION'}' />
<input type='hidden' name='ONLY_PROPOSED' value='$cgiparams{'ONLY_PROPOSED'}' />
<input type='hidden' name='PFS' value='$cgiparams{'PFS'}' />
- <input type='hidden' name='VHOST' value='$cgiparams{'VHOST'}' />
<input type='hidden' name='DPD_ACTION' value='$cgiparams{'DPD_ACTION'}' />
<input type='hidden' name='DPD_DELAY' value='$cgiparams{'DPD_DELAY'}' />
<input type='hidden' name='DPD_TIMEOUT' value='$cgiparams{'DPD_TIMEOUT'}' />
}
if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
- # I didn't read any incompatibilities here....
- #if ($cgiparams{'VHOST'} eq 'on' && $cgiparams{'COMPRESSION'} eq 'on') {
- # $errormessage = $Lang::tr{'cannot enable both nat traversal and compression'};
- # goto ADVANCED_ERROR;
- #}
my @temp = split('\|', $cgiparams{'IKE_ENCRYPTION'});
if ($#temp < 0) {
$errormessage = $Lang::tr{'invalid input'};
($cgiparams{'COMPRESSION'} !~ /^(|on|off)$/) ||
($cgiparams{'FORCE_MOBIKE'} !~ /^(|on|off)$/) ||
($cgiparams{'ONLY_PROPOSED'} !~ /^(|on|off)$/) ||
- ($cgiparams{'PFS'} !~ /^(|on|off)$/) ||
- ($cgiparams{'VHOST'} !~ /^(|on|off)$/)
+ ($cgiparams{'PFS'} !~ /^(|on|off)$/)
){
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
$confighash{$cgiparams{'KEY'}}[13] = $cgiparams{'COMPRESSION'};
$confighash{$cgiparams{'KEY'}}[24] = $cgiparams{'ONLY_PROPOSED'};
$confighash{$cgiparams{'KEY'}}[28] = $cgiparams{'PFS'};
- $confighash{$cgiparams{'KEY'}}[14] = $cgiparams{'VHOST'};
$confighash{$cgiparams{'KEY'}}[27] = $cgiparams{'DPD_ACTION'};
$confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'DPD_TIMEOUT'};
$confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'DPD_DELAY'};
$cgiparams{'COMPRESSION'} = $confighash{$cgiparams{'KEY'}}[13];
$cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24];
$cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28];
- $cgiparams{'VHOST'} = $confighash{$cgiparams{'KEY'}}[14];
$cgiparams{'DPD_ACTION'} = $confighash{$cgiparams{'KEY'}}[27];
$cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30];
$cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31];
$cgiparams{'DPD_TIMEOUT'} = 120;
}
- if ($confighash{$cgiparams{'KEY'}}[3] eq 'net' || $confighash{$cgiparams{'KEY'}}[10]) {
- $cgiparams{'VHOST'} = 'off';
- }
}
ADVANCED_ERROR:
$checked{'FORCE_MOBIKE'} = $cgiparams{'FORCE_MOBIKE'} eq 'on' ? "checked='checked'" : '' ;
$checked{'ONLY_PROPOSED'} = $cgiparams{'ONLY_PROPOSED'} eq 'on' ? "checked='checked'" : '' ;
$checked{'PFS'} = $cgiparams{'PFS'} eq 'on' ? "checked='checked'" : '' ;
- $checked{'VHOST'} = $cgiparams{'VHOST'} eq 'on' ? "checked='checked'" : '' ;
$selected{'IKE_VERSION'}{'ikev1'} = '';
$selected{'IKE_VERSION'}{'ikev2'} = '';
</tr>
EOF
;
- if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
- print "<tr><td><input type='hidden' name='VHOST' value='off' /></td></tr>";
- } elsif ($confighash{$cgiparams{'KEY'}}[10]) {
- print "<tr><td><label><input type='checkbox' name='VHOST' $checked{'VHOST'} disabled='disabled' />";
- print " $Lang::tr{'vpn vhost'}</label></td></tr>";
- } else {
- print "<tr><td><label><input type='checkbox' name='VHOST' $checked{'VHOST'} />";
- print " $Lang::tr{'vpn vhost'}</label></td></tr>";
- }
print <<EOF;
<tr>
'vpn statistic n2n' => 'OpenVPN-Netz-zu-Netz-Statistik',
'vpn statistic rw' => 'OpenVPN-Roadwarrior-Statistik',
'vpn subjectaltname' => 'Subjekt Alternativer Name',
-'vpn vhost' => 'Roadwarrior virtuelle IP (manchmal auch Inner-IP genannt)',
'vpn watch' => 'Netz-zu-Netz VPN neu starten, wenn sich Remote-IP ändert (DynDNS).',
'waiting to synchronize clock' => 'Bitte warten, die Uhr wird synchronisiert',
'warn when traffic reaches' => 'Warnen wenn Traffic x % erreicht',
'vpn statistic n2n' => 'OpenVPN Net-to-Net Statistics',
'vpn statistic rw' => 'OpenVPN Roadwarrior Statistics',
'vpn subjectaltname' => 'Subject Alt Name',
-'vpn vhost' => 'Roadwarrior virtual IP (sometimes called Inner-IP)',
'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes (dyndns).',
'waiting to synchronize clock' => 'Waiting to synchronize clock',
'warn when traffic reaches' => 'Warn when traffic reaches x %',
'vpn red name' => 'Dirección IP pública o FQDN para la interfaz RED o<%defaultroute>',
'vpn remote id' => 'ID Remoto',
'vpn subjectaltname' => 'Nombre alternativo en Asunto',
-'vpn vhost' => 'IP virtual Roadwarris (también referida como ip-interior)',
'vpn watch' => 'Reinciar vpn net-to-net cuando la ip remota cambie (dyndns)',
'waiting to synchronize clock' => 'Esperando sincronización con el reloj',
'warn when traffic reaches' => 'Advertir cuando el tráfico alcance x %',
'vpn red name' => 'IP publique ou nom de domaine complet pour l\'interface ROUGE ou <%defaultroute>',
'vpn remote id' => 'ID Distant',
'vpn subjectaltname' => 'Subject Alt Name',
-'vpn vhost' => 'IP Virtuelle Roadwarrior (parfois appelée Inner-IP)',
'vpn watch' => 'Redémarrer net-to-net VPN si IP hôte distant change (dyndns).',
'waiting to synchronize clock' => 'Attendre la synchronisation de l\'horloge',
'warn when traffic reaches' => 'Avertir lorsque le trafic atteint x %',
'vpn red name' => 'IP pubblico o il nome di dominio completo per l\'interfaccia RED o <%defaultroute>',
'vpn remote id' => 'Remote ID',
'vpn subjectaltname' => 'Subject Alt Name',
-'vpn vhost' => 'Roadwarrior virtual IP (sometimes called Inner-IP)',
'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes (dyndns).',
'waiting to synchronize clock' => 'Waiting to synchronize clock',
'warn when traffic reaches' => 'Warn when traffic reaches x %',
'vpn red name' => 'Publiek IP of FQDN voor RODE interface of <%defaultroute>',
'vpn remote id' => 'Remote ID',
'vpn subjectaltname' => 'Onderwerp Alt Naam',
-'vpn vhost' => 'Roadwarrior virtual IP (Ook wel Inner-IP genoemd)',
'vpn watch' => 'Herstart net-to-net vpn wanneer remote peer IP verandert (dyndns).',
'waiting to synchronize clock' => 'Wachten op synchronisatie van klok',
'warn when traffic reaches' => 'Waarschuw wanneer verkeer x % bereikt',
'vpn red name' => 'Publiczne IP lub FQDN interfejsu RED lub <%defaultroute>',
'vpn remote id' => 'Zdalne ID',
'vpn subjectaltname' => 'Subject Alt Name',
-'vpn vhost' => 'Roadwarrior virtual IP (sometimes called Inner-IP)',
'vpn watch' => 'Uruchom ponownie vpn net-to-net kiedy zmieni się IP zdalnej końcówki (dyndns).',
'waiting to synchronize clock' => 'Oczekiwanie na synchronizację zegara',
'warn when traffic reaches' => 'Ostrzegaj kiedy ruch osiągnie x %',
'vpn red name' => 'Внешний IP или FQDN для RED интерфейса или <%defaultroute>',
'vpn remote id' => 'Удалённый ID',
'vpn subjectaltname' => 'Subject Alt Name',
-'vpn vhost' => 'Roadwarrior virtual IP (sometimes called Inner-IP)',
'vpn watch' => 'Перезапускать net-to-net vpn когда удалённый IP меняется (dyndns).',
'waiting to synchronize clock' => 'Ожидается синхронизация',
'warn when traffic reaches' => 'Предупреждать когда трафик возрастает до x %',
'vpn red name' => 'KIRMIZI arabirim veya <%defaultroute> için gerçek IP veya FQDN',
'vpn remote id' => 'Uzak kimlik (ID)',
'vpn subjectaltname' => 'Alternatif konu adı',
-'vpn vhost' => 'Roadwarrior sanal IP (bazen iç IP olarakta adlandırılır)',
'vpn watch' => 'Karşı eş IP değiştirdiğinde (dyndns) ağdan-ağa VPN bağlantısını yeniden başlat. Bu DPD ye yardımcı olur.',
'waiting to synchronize clock' => 'Saat eşleştirmesi bekleniyor',
'warn when traffic reaches' => 'Trafik x % değere ulaştığında uyar',