X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=blobdiff_plain;f=html%2Fcgi-bin%2Fvpnmain.cgi;h=b697b0aeb6264b703ce637e6d502e02b85ac12cf;hp=e71786243dc573a2b8fa8ed832b13d1023ca08e4;hb=b1881251d6cdd92c7e887813395386afe9692944;hpb=4b046d735d28012d215276ea08272f298e1e8ba1

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index e71786243d..b697b0aeb6 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -281,15 +281,13 @@ sub writeipsecfiles {
 
 		print CONF "conn $lconfighash{$key}[1]\n";
 		print CONF "\tleft=$localside\n";
-		my $cidr_net=&General::ipcidr($lconfighash{$key}[8]);
-		print CONF "\tleftsubnet=$cidr_net\n";
+		print CONF "\tleftsubnet=" . &make_subnets($lconfighash{$key}[8]) . "\n";
 		print CONF "\tleftfirewall=yes\n";
 		print CONF "\tlefthostaccess=yes\n";
 		print CONF "\tright=$lconfighash{$key}[10]\n";
 
 		if ($lconfighash{$key}[3] eq 'net') {
-			my $cidr_net=&General::ipcidr($lconfighash{$key}[11]);
-			print CONF "\trightsubnet=$cidr_net\n";
+			print CONF "\trightsubnet=" . &make_subnets($lconfighash{$key}[11]) . "\n";
 		}
 
 		# Local Cert and Remote Cert (unless auth is DN dn-auth)
@@ -1263,10 +1261,12 @@ END
 		$cgiparams{'PSK'}				= $confighash{$cgiparams{'KEY'}}[5];
 		#$cgiparams{'free'}				= $confighash{$cgiparams{'KEY'}}[6];
 		$cgiparams{'LOCAL_ID'}			= $confighash{$cgiparams{'KEY'}}[7];
-		$cgiparams{'LOCAL_SUBNET'}		= $confighash{$cgiparams{'KEY'}}[8];
+		my @local_subnets = split(",", $confighash{$cgiparams{'KEY'}}[8]);
+		$cgiparams{'LOCAL_SUBNET'} 		= join(/\|/, @local_subnets);
 		$cgiparams{'REMOTE_ID'}			= $confighash{$cgiparams{'KEY'}}[9];
 		$cgiparams{'REMOTE'}			= $confighash{$cgiparams{'KEY'}}[10];
-		$cgiparams{'REMOTE_SUBNET'}		= $confighash{$cgiparams{'KEY'}}[11];
+		my @remote_subnets = split(",", $confighash{$cgiparams{'KEY'}}[11]);
+		$cgiparams{'REMOTE_SUBNET'}		= join(/\|/, @remote_subnets);
 		$cgiparams{'REMARK'}			= $confighash{$cgiparams{'KEY'}}[25];
 		$cgiparams{'DPD_ACTION'}		= $confighash{$cgiparams{'KEY'}}[27];
 		$cgiparams{'IKE_VERSION'}		= $confighash{$cgiparams{'KEY'}}[29];
@@ -1346,9 +1346,12 @@ END
 			}
 		}
 
-		unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) {
-			$errormessage = $Lang::tr{'local subnet is invalid'};
-			goto VPNCONF_ERROR;
+		my @local_subnets = split(",", $cgiparams{'LOCAL_SUBNET'});
+		foreach my $subnet (@local_subnets) {
+			unless (&Network::check_subnet($subnet)) {
+				$errormessage = $Lang::tr{'local subnet is invalid'};
+				goto VPNCONF_ERROR;
+			}
 		}
 
 		# Allow only one roadwarrior/psk without remote IP-address
@@ -1362,9 +1365,15 @@ END
 				}
 			}
 		}
-		if (($cgiparams{'TYPE'} eq 'net') && (! &General::validipandmask($cgiparams{'REMOTE_SUBNET'}))) {
-			$errormessage = $Lang::tr{'remote subnet is invalid'};
-			goto VPNCONF_ERROR;
+
+		if ($cgiparams{'TYPE'} eq 'net') {
+			my @remote_subnets = split(",", $cgiparams{'REMOTE_SUBNET'});
+			foreach my $subnet (@remote_subnets) {
+				unless (&Network::check_subnet($subnet)) {
+					$errormessage = $Lang::tr{'remote subnet is invalid'};
+					goto VPNCONF_ERROR;
+				}
+			}
 		}
 
 		if ($cgiparams{'ENABLED'} !~ /^(on|off)$/) {
@@ -1784,10 +1793,12 @@ END
 		$confighash{$key}[4] = 'cert';
 	}
 	if ($cgiparams{'TYPE'} eq 'net') {
-		$confighash{$key}[11] = $cgiparams{'REMOTE_SUBNET'};
+		my @remote_subnets = split(",", $cgiparams{'REMOTE_SUBNET'});
+		$confighash{$key}[11] = join('|', @remote_subnets);
 	}
 	$confighash{$key}[7] = $cgiparams{'LOCAL_ID'};
-	$confighash{$key}[8] = $cgiparams{'LOCAL_SUBNET'};
+	my @local_subnets = split(",", $cgiparams{'LOCAL_SUBNET'});
+	$confighash{$key}[8] = join('|', @local_subnets);
 	$confighash{$key}[9] = $cgiparams{'REMOTE_ID'};
 	$confighash{$key}[10] = $cgiparams{'REMOTE'};
 	$confighash{$key}[25] = $cgiparams{'REMARK'};
@@ -1969,6 +1980,12 @@ EOF
 		$blob = "<img src='/blob.gif' alt='*' />";
 	};
 
+	my @local_subnets = split(/\|/, $cgiparams{'LOCAL_SUBNET'});
+	my $local_subnets = join(",", @local_subnets);
+
+	my @remote_subnets = split(/\|/, $cgiparams{'REMOTE_SUBNET'});
+	my $remote_subnets = join(",", @remote_subnets);
+
 	print <<END
 	<tr>
 		<td width='20%'>$Lang::tr{'enabled'}</td>
@@ -1977,7 +1994,7 @@ EOF
 		</td>
 		<td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'local subnet'}&nbsp;<img src='/blob.gif' alt='*' /></td>
 		<td width='30%'>
-			<input type='text' name='LOCAL_SUBNET' value='$cgiparams{'LOCAL_SUBNET'}' size="25" />
+			<input type='text' name='LOCAL_SUBNET' value='$local_subnets' />
 		</td>
 	</tr>
 	<tr>
@@ -1987,7 +2004,7 @@ EOF
 		</td>
 		<td class='boldbase' nowrap='nowrap' width='20%'>$Lang::tr{'remote subnet'}&nbsp;$blob</td>
 		<td width='30%'>
-			<input $disabled type='text' name='REMOTE_SUBNET' value='$cgiparams{'REMOTE_SUBNET'}' size="25" />
+			<input $disabled type='text' name='REMOTE_SUBNET' value='$remote_subnets' />
 		</td>
 	</tr>
 	<tr>
@@ -3101,3 +3118,16 @@ sub make_algos($$$$$) {
 
 	return &array_unique(\@algos);
 }
+
+sub make_subnets($) {
+	my $subnets = shift;
+
+	my @nets = split(/\|/, $subnets);
+	my @cidr_nets = ();
+	foreach my $net (@nets) {
+		my $cidr_net = &General::ipcidr($net);
+		push(@cidr_nets, $cidr_net);
+	}
+
+	return join(",", @cidr_nets);
+}