core65: close core65.

[ipfire-2.x.git] / html / cgi-bin / vpnmain.cgi

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
old mode 100644 (file)
new mode 100755 (executable)
index 888372e..24aeb6d
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -439,6 +439,7 @@ sub writeipsecfiles {
        # Automatically start only if a net-to-net connection
        if ($lconfighash{$key}[3] eq 'host') {
            print CONF "\tauto=add\n";
+           print CONF "\trightsourceip=$lvpnsettings{'RW_NET'}\n";
        } else {
            print CONF "\tauto=start\n";
        }
@@ -1030,6 +1031,7 @@ END
            nsComment="OpenSSL Generated Certificate"
            subjectKeyIdentifier=hash
            authorityKeyIdentifier=keyid,issuer:always
+           extendedKeyUsage = serverAuth
 END
 ;
            print $fh "subjectAltName=$cgiparams{'SUBJECTALTNAME'}" if ($cgiparams{'SUBJECTALTNAME'});
@@ -1350,7 +1352,7 @@ END
        }
 
        if ($cgiparams{'REMOTE'}) {
-           if (! &General::validip($cgiparams{'REMOTE'})) {
+           if (($cgiparams{'REMOTE'} ne '%any') && (! &General::validip($cgiparams{'REMOTE'}))) {
                if (! &General::validfqdn ($cgiparams{'REMOTE'}))  {
                    $errormessage = $Lang::tr{'invalid input for remote host/ip'};
                    goto VPNCONF_ERROR;
@@ -1413,6 +1415,14 @@ END
            goto VPNCONF_ERROR;
        }
 
+       
+       if ($cgiparams{'TYPE'} eq 'net'){
+               $errormessage=&General::checksubnets($cgiparams{'NAME'},$cgiparams{'REMOTE_SUBNET'});
+               if ($errormessage ne ''){
+                       goto VPNCONF_ERROR;
+               }
+               
+       }
        if ($cgiparams{'AUTH'} eq 'psk') {
            if (! length($cgiparams{'PSK'}) ) {
                $errormessage = $Lang::tr{'pre-shared key is too short'};