X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fvpnmain.cgi;h=24aeb6deaea1d691296d0eeb6b6e060f8d3f563a;hp=888372e01daacc2e053b274726e2c8d5ca3c8af8;hb=36e1dc20f4d763b8069a4c973ef8ff792786229e;hpb=2444cc97804bbb9874fd2145f596c9d92d540b81

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
old mode 100644
new mode 100755
index 888372e01d..24aeb6deae
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -439,6 +439,7 @@ sub writeipsecfiles {
 	# Automatically start only if a net-to-net connection
 	if ($lconfighash{$key}[3] eq 'host') {
 	    print CONF "\tauto=add\n";
+	    print CONF "\trightsourceip=$lvpnsettings{'RW_NET'}\n";
 	} else {
 	    print CONF "\tauto=start\n";
 	}
@@ -1030,6 +1031,7 @@ END
 	    nsComment="OpenSSL Generated Certificate"
 	    subjectKeyIdentifier=hash
 	    authorityKeyIdentifier=keyid,issuer:always
+	    extendedKeyUsage = serverAuth
 END
 ;
 	    print $fh "subjectAltName=$cgiparams{'SUBJECTALTNAME'}" if ($cgiparams{'SUBJECTALTNAME'});
@@ -1350,7 +1352,7 @@ END
 	}
 
 	if ($cgiparams{'REMOTE'}) {
-	    if (! &General::validip($cgiparams{'REMOTE'})) {
+	    if (($cgiparams{'REMOTE'} ne '%any') && (! &General::validip($cgiparams{'REMOTE'}))) {
 		if (! &General::validfqdn ($cgiparams{'REMOTE'}))  {
 		    $errormessage = $Lang::tr{'invalid input for remote host/ip'};
 		    goto VPNCONF_ERROR;
@@ -1413,6 +1415,14 @@ END
 	    goto VPNCONF_ERROR;
 	}
 
+	
+	if ($cgiparams{'TYPE'} eq 'net'){
+		$errormessage=&General::checksubnets($cgiparams{'NAME'},$cgiparams{'REMOTE_SUBNET'});
+		if ($errormessage ne ''){
+			goto VPNCONF_ERROR;
+		}
+		
+	}
 	if ($cgiparams{'AUTH'} eq 'psk') {
 	    if (! length($cgiparams{'PSK'}) ) {
 		$errormessage = $Lang::tr{'pre-shared key is too short'};