X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fvpnmain.cgi;h=24aeb6deaea1d691296d0eeb6b6e060f8d3f563a;hp=177cdf4c27a798754f0f04326796c2723fcf09ea;hb=36e1dc20f4d763b8069a4c973ef8ff792786229e;hpb=7b57b6f44151e64ac223524e13fc4b46d78ed1c3 diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi old mode 100644 new mode 100755 index 177cdf4c27..24aeb6deae --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -111,6 +111,7 @@ $cgiparams{'ROOTCERT_EMAIL'} = ''; $cgiparams{'ROOTCERT_OU'} = ''; $cgiparams{'ROOTCERT_CITY'} = ''; $cgiparams{'ROOTCERT_STATE'} = ''; +$cgiparams{'RW_NET'} = ''; &Header::getcgihash(\%cgiparams, {'wantfile' => 1, 'filevar' => 'FH'}); @@ -438,6 +439,7 @@ sub writeipsecfiles { # Automatically start only if a net-to-net connection if ($lconfighash{$key}[3] eq 'host') { print CONF "\tauto=add\n"; + print CONF "\trightsourceip=$lvpnsettings{'RW_NET'}\n"; } else { print CONF "\tauto=start\n"; } @@ -474,6 +476,11 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg goto SAVE_ERROR; } + if ( $cgiparams{'RW_NET'} ne '' and !&General::validipandmask($cgiparams{'RW_NET'}) ) { + $errormessage = $Lang::tr{'urlfilter invalid ip or mask error'}; + goto SAVE_ERROR; + } + map ($vpnsettings{$_} = $cgiparams{$_}, ('ENABLED','DBG_CRYPT','DBG_PARSING','DBG_EMITTING','DBG_CONTROL', 'DBG_DNS')); @@ -482,6 +489,7 @@ if ($cgiparams{'ACTION'} eq $Lang::tr{'save'} && $cgiparams{'TYPE'} eq '' && $cg $vpnsettings{'VPN_DELAYED_START'} = $cgiparams{'VPN_DELAYED_START'}; $vpnsettings{'VPN_OVERRIDE_MTU'} = $cgiparams{'VPN_OVERRIDE_MTU'}; $vpnsettings{'VPN_WATCH'} = $cgiparams{'VPN_WATCH'}; + $vpnsettings{'RW_NET'} = $cgiparams{'RW_NET'}; &General::writehash("${General::swroot}/vpn/settings", \%vpnsettings); &writeipsecfiles(); if (&vpnenabled) { @@ -1023,6 +1031,7 @@ END nsComment="OpenSSL Generated Certificate" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always + extendedKeyUsage = serverAuth END ; print $fh "subjectAltName=$cgiparams{'SUBJECTALTNAME'}" if ($cgiparams{'SUBJECTALTNAME'}); @@ -1343,7 +1352,7 @@ END } if ($cgiparams{'REMOTE'}) { - if (! &General::validip($cgiparams{'REMOTE'})) { + if (($cgiparams{'REMOTE'} ne '%any') && (! &General::validip($cgiparams{'REMOTE'}))) { if (! &General::validfqdn ($cgiparams{'REMOTE'})) { $errormessage = $Lang::tr{'invalid input for remote host/ip'}; goto VPNCONF_ERROR; @@ -1406,6 +1415,14 @@ END goto VPNCONF_ERROR; } + + if ($cgiparams{'TYPE'} eq 'net'){ + $errormessage=&General::checksubnets($cgiparams{'NAME'},$cgiparams{'REMOTE_SUBNET'}); + if ($errormessage ne ''){ + goto VPNCONF_ERROR; + } + + } if ($cgiparams{'AUTH'} eq 'psk') { if (! length($cgiparams{'PSK'}) ) { $errormessage = $Lang::tr{'pre-shared key is too short'}; @@ -2478,6 +2495,10 @@ print <$Lang::tr{'vpn delayed start'}: ** + + $Lang::tr{'host to net vpn'}: * + +

$Lang::tr{'vpn watch'}:

PLUTO DEBUG =