From ed1d0fbdbe0a2c7990ac984ebeed4e74c7bd3955 Mon Sep 17 00:00:00 2001 From: Lars Schuhmacher Date: Fri, 25 Sep 2015 00:04:08 +0200 Subject: [PATCH] IPsec: Remove GUI option for "Roadwarrior virtual IP" This setting stems from IPCop (and probably Openswan) and causes a problem. Fixes bug #10496. Signed-off-by: Lars Schuhmacher Acked-by: Michael Tremer Signed-off-by: Michael Tremer --- html/cgi-bin/vpnmain.cgi | 32 ++------------------------------ langs/de/cgi-bin/de.pl | 1 - langs/en/cgi-bin/en.pl | 1 - langs/es/cgi-bin/es.pl | 1 - langs/fr/cgi-bin/fr.pl | 1 - langs/it/cgi-bin/it.pl | 1 - langs/nl/cgi-bin/nl.pl | 1 - langs/pl/cgi-bin/pl.pl | 1 - langs/ru/cgi-bin/ru.pl | 1 - langs/tr/cgi-bin/tr.pl | 1 - 10 files changed, 2 insertions(+), 39 deletions(-) diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index 65fc80ff85..5658dac0d0 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -235,7 +235,6 @@ sub makeconnname ($) { ### ###Type=Host : GUI can choose the interface used (RED,GREEN,BLUE) and ### the side is always defined as 'left'. -### configihash[14]: 'VHOST' is allowed ### sub writeipsecfiles { @@ -294,8 +293,6 @@ sub writeipsecfiles { if ($lconfighash{$key}[3] eq 'net') { my $cidr_net=&General::ipcidr($lconfighash{$key}[11]); print CONF "\trightsubnet=$cidr_net\n"; - } elsif ($lconfighash{$key}[10] eq '%any' && $lconfighash{$key}[14] eq 'on') { #vhost allowed for roadwarriors? - print CONF "\trightsubnet=vhost:%no,%priv\n"; } # Local Cert and Remote Cert (unless auth is DN dn-auth) @@ -1246,7 +1243,7 @@ END &Header::closepage(); exit (0); ### -### Adding/Editing/Saving a connection +### Adding/Editing/Saving a connection ### } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) || ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) || @@ -1289,7 +1286,6 @@ END $cgiparams{'COMPRESSION'} = $confighash{$cgiparams{'KEY'}}[13]; $cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24]; $cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28]; - $cgiparams{'VHOST'} = $confighash{$cgiparams{'KEY'}}[14]; $cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30]; $cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31]; $cgiparams{'FORCE_MOBIKE'} = $confighash{$cgiparams{'KEY'}}[32]; @@ -1814,7 +1810,6 @@ END $confighash{$key}[13] = $cgiparams{'COMPRESSION'}; $confighash{$key}[24] = $cgiparams{'ONLY_PROPOSED'}; $confighash{$key}[28] = $cgiparams{'PFS'}; - $confighash{$key}[14] = $cgiparams{'VHOST'}; $confighash{$key}[30] = $cgiparams{'DPD_TIMEOUT'}; $confighash{$key}[31] = $cgiparams{'DPD_DELAY'}; $confighash{$key}[32] = $cgiparams{'FORCE_MOBIKE'}; @@ -1891,7 +1886,6 @@ END $cgiparams{'COMPRESSION'} = 'on'; #[13]; $cgiparams{'ONLY_PROPOSED'} = 'off'; #[24]; $cgiparams{'PFS'} = 'on'; #[28]; - $cgiparams{'VHOST'} = 'on'; #[14]; } VPNCONF_ERROR: @@ -1943,7 +1937,6 @@ END - @@ -2130,11 +2123,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || } if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { - # I didn't read any incompatibilities here.... - #if ($cgiparams{'VHOST'} eq 'on' && $cgiparams{'COMPRESSION'} eq 'on') { - # $errormessage = $Lang::tr{'cannot enable both nat traversal and compression'}; - # goto ADVANCED_ERROR; - #} my @temp = split('\|', $cgiparams{'IKE_ENCRYPTION'}); if ($#temp < 0) { $errormessage = $Lang::tr{'invalid input'}; @@ -2222,8 +2210,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || ($cgiparams{'COMPRESSION'} !~ /^(|on|off)$/) || ($cgiparams{'FORCE_MOBIKE'} !~ /^(|on|off)$/) || ($cgiparams{'ONLY_PROPOSED'} !~ /^(|on|off)$/) || - ($cgiparams{'PFS'} !~ /^(|on|off)$/) || - ($cgiparams{'VHOST'} !~ /^(|on|off)$/) + ($cgiparams{'PFS'} !~ /^(|on|off)$/) ){ $errormessage = $Lang::tr{'invalid input'}; goto ADVANCED_ERROR; @@ -2252,7 +2239,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $confighash{$cgiparams{'KEY'}}[13] = $cgiparams{'COMPRESSION'}; $confighash{$cgiparams{'KEY'}}[24] = $cgiparams{'ONLY_PROPOSED'}; $confighash{$cgiparams{'KEY'}}[28] = $cgiparams{'PFS'}; - $confighash{$cgiparams{'KEY'}}[14] = $cgiparams{'VHOST'}; $confighash{$cgiparams{'KEY'}}[27] = $cgiparams{'DPD_ACTION'}; $confighash{$cgiparams{'KEY'}}[30] = $cgiparams{'DPD_TIMEOUT'}; $confighash{$cgiparams{'KEY'}}[31] = $cgiparams{'DPD_DELAY'}; @@ -2280,7 +2266,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $cgiparams{'COMPRESSION'} = $confighash{$cgiparams{'KEY'}}[13]; $cgiparams{'ONLY_PROPOSED'} = $confighash{$cgiparams{'KEY'}}[24]; $cgiparams{'PFS'} = $confighash{$cgiparams{'KEY'}}[28]; - $cgiparams{'VHOST'} = $confighash{$cgiparams{'KEY'}}[14]; $cgiparams{'DPD_ACTION'} = $confighash{$cgiparams{'KEY'}}[27]; $cgiparams{'DPD_TIMEOUT'} = $confighash{$cgiparams{'KEY'}}[30]; $cgiparams{'DPD_DELAY'} = $confighash{$cgiparams{'KEY'}}[31]; @@ -2294,9 +2279,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $cgiparams{'DPD_TIMEOUT'} = 120; } - if ($confighash{$cgiparams{'KEY'}}[3] eq 'net' || $confighash{$cgiparams{'KEY'}}[10]) { - $cgiparams{'VHOST'} = 'off'; - } } ADVANCED_ERROR: @@ -2382,7 +2364,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || $checked{'FORCE_MOBIKE'} = $cgiparams{'FORCE_MOBIKE'} eq 'on' ? "checked='checked'" : '' ; $checked{'ONLY_PROPOSED'} = $cgiparams{'ONLY_PROPOSED'} eq 'on' ? "checked='checked'" : '' ; $checked{'PFS'} = $cgiparams{'PFS'} eq 'on' ? "checked='checked'" : '' ; - $checked{'VHOST'} = $cgiparams{'VHOST'} eq 'on' ? "checked='checked'" : '' ; $selected{'IKE_VERSION'}{'ikev1'} = ''; $selected{'IKE_VERSION'}{'ikev2'} = ''; @@ -2633,15 +2614,6 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) || EOF ; - if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { - print ""; - } elsif ($confighash{$cgiparams{'KEY'}}[10]) { - print ""; - } else { - print ""; - } print < diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index c21bac54ab..a3c8228ade 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -2620,7 +2620,6 @@ 'vpn statistic n2n' => 'OpenVPN-Netz-zu-Netz-Statistik', 'vpn statistic rw' => 'OpenVPN-Roadwarrior-Statistik', 'vpn subjectaltname' => 'Subjekt Alternativer Name', -'vpn vhost' => 'Roadwarrior virtuelle IP (manchmal auch Inner-IP genannt)', 'vpn watch' => 'Netz-zu-Netz VPN neu starten, wenn sich Remote-IP ändert (DynDNS).', 'waiting to synchronize clock' => 'Bitte warten, die Uhr wird synchronisiert', 'warn when traffic reaches' => 'Warnen wenn Traffic x % erreicht', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 783fd0f52a..55cf22802c 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -2664,7 +2664,6 @@ 'vpn statistic n2n' => 'OpenVPN Net-to-Net Statistics', 'vpn statistic rw' => 'OpenVPN Roadwarrior Statistics', 'vpn subjectaltname' => 'Subject Alt Name', -'vpn vhost' => 'Roadwarrior virtual IP (sometimes called Inner-IP)', 'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes (dyndns).', 'waiting to synchronize clock' => 'Waiting to synchronize clock', 'warn when traffic reaches' => 'Warn when traffic reaches x %', diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl index c0422b1fec..e24e75e56b 100644 --- a/langs/es/cgi-bin/es.pl +++ b/langs/es/cgi-bin/es.pl @@ -2107,7 +2107,6 @@ 'vpn red name' => 'Dirección IP pública o FQDN para la interfaz RED o<%defaultroute>', 'vpn remote id' => 'ID Remoto', 'vpn subjectaltname' => 'Nombre alternativo en Asunto', -'vpn vhost' => 'IP virtual Roadwarris (también referida como ip-interior)', 'vpn watch' => 'Reinciar vpn net-to-net cuando la ip remota cambie (dyndns)', 'waiting to synchronize clock' => 'Esperando sincronización con el reloj', 'warn when traffic reaches' => 'Advertir cuando el tráfico alcance x %', diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl index 43e69a7e21..0d173aef34 100644 --- a/langs/fr/cgi-bin/fr.pl +++ b/langs/fr/cgi-bin/fr.pl @@ -2111,7 +2111,6 @@ 'vpn red name' => 'IP publique ou nom de domaine complet pour l\'interface ROUGE ou <%defaultroute>', 'vpn remote id' => 'ID Distant', 'vpn subjectaltname' => 'Subject Alt Name', -'vpn vhost' => 'IP Virtuelle Roadwarrior (parfois appelée Inner-IP)', 'vpn watch' => 'Redémarrer net-to-net VPN si IP hôte distant change (dyndns).', 'waiting to synchronize clock' => 'Attendre la synchronisation de l\'horloge', 'warn when traffic reaches' => 'Avertir lorsque le trafic atteint x %', diff --git a/langs/it/cgi-bin/it.pl b/langs/it/cgi-bin/it.pl index 0623bd5aba..950f700267 100644 --- a/langs/it/cgi-bin/it.pl +++ b/langs/it/cgi-bin/it.pl @@ -2586,7 +2586,6 @@ 'vpn red name' => 'IP pubblico o il nome di dominio completo per l\'interfaccia RED o <%defaultroute>', 'vpn remote id' => 'Remote ID', 'vpn subjectaltname' => 'Subject Alt Name', -'vpn vhost' => 'Roadwarrior virtual IP (sometimes called Inner-IP)', 'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes (dyndns).', 'waiting to synchronize clock' => 'Waiting to synchronize clock', 'warn when traffic reaches' => 'Warn when traffic reaches x %', diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl index f748b74cbf..9d90a0815c 100644 --- a/langs/nl/cgi-bin/nl.pl +++ b/langs/nl/cgi-bin/nl.pl @@ -2529,7 +2529,6 @@ 'vpn red name' => 'Publiek IP of FQDN voor RODE interface of <%defaultroute>', 'vpn remote id' => 'Remote ID', 'vpn subjectaltname' => 'Onderwerp Alt Naam', -'vpn vhost' => 'Roadwarrior virtual IP (Ook wel Inner-IP genoemd)', 'vpn watch' => 'Herstart net-to-net vpn wanneer remote peer IP verandert (dyndns).', 'waiting to synchronize clock' => 'Wachten op synchronisatie van klok', 'warn when traffic reaches' => 'Waarschuw wanneer verkeer x % bereikt', diff --git a/langs/pl/cgi-bin/pl.pl b/langs/pl/cgi-bin/pl.pl index 30cc81edbc..47abf2c5f4 100644 --- a/langs/pl/cgi-bin/pl.pl +++ b/langs/pl/cgi-bin/pl.pl @@ -2120,7 +2120,6 @@ 'vpn red name' => 'Publiczne IP lub FQDN interfejsu RED lub <%defaultroute>', 'vpn remote id' => 'Zdalne ID', 'vpn subjectaltname' => 'Subject Alt Name', -'vpn vhost' => 'Roadwarrior virtual IP (sometimes called Inner-IP)', 'vpn watch' => 'Uruchom ponownie vpn net-to-net kiedy zmieni się IP zdalnej końcówki (dyndns).', 'waiting to synchronize clock' => 'Oczekiwanie na synchronizację zegara', 'warn when traffic reaches' => 'Ostrzegaj kiedy ruch osiągnie x %', diff --git a/langs/ru/cgi-bin/ru.pl b/langs/ru/cgi-bin/ru.pl index 8cf985bd33..6840f81207 100644 --- a/langs/ru/cgi-bin/ru.pl +++ b/langs/ru/cgi-bin/ru.pl @@ -2115,7 +2115,6 @@ 'vpn red name' => 'Внешний IP или FQDN для RED интерфейса или <%defaultroute>', 'vpn remote id' => 'Удалённый ID', 'vpn subjectaltname' => 'Subject Alt Name', -'vpn vhost' => 'Roadwarrior virtual IP (sometimes called Inner-IP)', 'vpn watch' => 'Перезапускать net-to-net vpn когда удалённый IP меняется (dyndns).', 'waiting to synchronize clock' => 'Ожидается синхронизация', 'warn when traffic reaches' => 'Предупреждать когда трафик возрастает до x %', diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl index 5426a063b2..782bc007e8 100644 --- a/langs/tr/cgi-bin/tr.pl +++ b/langs/tr/cgi-bin/tr.pl @@ -2609,7 +2609,6 @@ 'vpn red name' => 'KIRMIZI arabirim veya <%defaultroute> için gerçek IP veya FQDN', 'vpn remote id' => 'Uzak kimlik (ID)', 'vpn subjectaltname' => 'Alternatif konu adı', -'vpn vhost' => 'Roadwarrior sanal IP (bazen iç IP olarakta adlandırılır)', 'vpn watch' => 'Karşı eş IP değiştirdiğinde (dyndns) ağdan-ağa VPN bağlantısını yeniden başlat. Bu DPD ye yardımcı olur.', 'waiting to synchronize clock' => 'Saat eşleştirmesi bekleniyor', 'warn when traffic reaches' => 'Trafik x % değere ulaştığında uyar', -- 2.39.2