{ print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
elsif ($sovpnsettings{'FRAGMENT'} ne '' && $sovpnsettings{'DPROTOCOL'} ne 'tcp')
{ print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
- elsif (($sovpnsettings{'PMTU_DISCOVERY'} ne 'off') || ($sovpnsettings{'PMTU_DISCOVERY'} ne ''))
+ elsif (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
{ print CONF "$sovpnsettings{'DDEVICE'}-mtu 1500\n"; }
else
{ print CONF "$sovpnsettings{'DDEVICE'}-mtu $sovpnsettings{'DMTU'}\n"; }
print CONF "fragment $sovpnsettings{'FRAGMENT'}\n";
}
- if (($sovpnsettings{PMTU_DISCOVERY} ne 'off') || ($sovpnsettings{'PMTU_DISCOVERY'} ne '')) {
- print CONF "mtu-disc $sovpnsettings{'PMTU_DISCOVERY'}\n";
+ # Check if a valid operating mode has been choosen and use it.
+ if (($sovpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($sovpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($sovpnsettings{'PMTU_DISCOVERY'} eq 'no' )) {
+ print CONF "mtu-disc $sovpnsettings{'PMTU_DISCOVERY'}\n";
}
if ($sovpnsettings{KEEPALIVE_1} > 0 && $sovpnsettings{KEEPALIVE_2} > 0) {
my $checkup;
my $ccdip;
my $baseaddress;
- if(!&General::validhostname($ccdname)){
+
+
+ #check name
+ if ($ccdname eq '')
+ {
+ $errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>";
+ return
+ }
+
+ if(!&General::validhostname($ccdname))
+ {
$errormessage=$Lang::tr{'ccd err invalidname'};
return;
}
- #check ip
- if (&General::validipandmask($ccdnet)){
- $ccdnet=&General::iporsubtocidr($ccdnet);
- }else{
+
+ ($ccdip,$subcidr) = split (/\//,$ccdnet);
+ $subcidr=&General::iporsubtocidr($subcidr);
+ #check subnet
+ if ($subcidr > 30)
+ {
$errormessage=$Lang::tr{'ccd err invalidnet'};
return;
}
- ($ccdip,$subcidr) = split (/\//,$ccdnet);
- if ($ccdname eq '') {
- $errormessage=$errormessage.$Lang::tr{'ccd err name'}."<br>";
+ #check ip
+ if (!&General::validipandmask($ccdnet)){
+ $errormessage=$Lang::tr{'ccd err invalidnet'};
+ return;
}
+
+
#check if we try to use same network as ovpn server
if (&General::iporsubtocidr($ccdnet) eq &General::iporsubtocidr($ovpnsubnet)) {
$errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."<br>";
$vpnsettings{'MSSFIX'} = $cgiparams{'MSSFIX'};
}
- if ($cgiparams{'PMTU_DISCOVERY'} ne 'off') {
+ if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
+
if (($cgiparams{'MSSFIX'} eq 'on') || ($cgiparams{'FRAGMENT'} ne '')) {
$errormessage = $Lang::tr{'ovpn mtu-disc with mssfix or fragment'};
goto ADV_ERROR;
if ($cgiparams{'FRAGMENT'} ne '') {print SERVERCONF "fragment $cgiparams{'FRAGMENT'}\n";}
if ($cgiparams{'MSSFIX'} eq 'on') {print SERVERCONF "mssfix\n"; };
}
- if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') || ($cgiparams{'PMTU_DISCOVERY'} ne '')) {
+
+ # Check if a valid operating mode has been choosen and use it.
+ if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) {
if($cgiparams{'MTU'} eq '1500') {
print SERVERCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n";
if ($cgiparams{'FRAGMENT'} ne '') {print CLIENTCONF "fragment $cgiparams{'FRAGMENT'}\n";}
if ($cgiparams{'MSSFIX'} eq 'on') {print CLIENTCONF "mssfix\n"; };
}
- if (($cgiparams{'PMTU_DISCOVERY'} ne 'off') || ($cgiparams{'PMTU_DISCOVERY'} ne '')) {
+
+ # Check if a valid operating mode has been choosen and use it.
+ if (($cgiparams{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($cgiparams{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($cgiparams{'PMTU_DISCOVERY'} eq 'no' )) {
if(($cgiparams{'MSSFIX'} ne 'on') || ($cgiparams{'FRAGMENT'} eq '')) {
if ($cgiparams{'MTU'} eq '1500') {
print CLIENTCONF "mtu-disc $cgiparams{'PMTU_DISCOVERY'}\n";
}
}
- }
+ }
+
print CLIENTCONF "ns-cert-type server\n";
print CLIENTCONF "# Auth. Client\n";
print CLIENTCONF "tls-client\n";
if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";}
if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";}
}
- if ($confighash{$cgiparams{'KEY'}}[38] ne 'off') {
+ if (($confighash{$cgiparams{'KEY'}}[38] eq 'yes') ||
+ ($confighash{$cgiparams{'KEY'}}[38] eq 'maybe') ||
+ ($confighash{$cgiparams{'KEY'}}[38] eq 'no' )) {
if (($confighash{$cgiparams{'KEY'}}[23] ne 'on') || ($confighash{$cgiparams{'KEY'}}[24] eq '')) {
if ($tunmtu eq '1500' ) {
print CLIENTCONF "mtu-disc $confighash{$cgiparams{'KEY'}}[38]\n";
{ print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
elsif ($vpnsettings{MSSFIX} eq 'on')
{ print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
- elsif (($vpnsettings{PMTU_DISCOVERY} ne 'off') || ($cgiparams{'PMTU_DISCOVERY'} ne ''))
+ elsif (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' ))
{ print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu 1500\n"; }
else
{ print CLIENTCONF "$vpnsettings{'DDEVICE'}-mtu $vpnsettings{'DMTU'}\r\n"; }
if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) {
print CLIENTCONF "fragment $vpnsettings{'FRAGMENT'}\r\n";
}
- if (($vpnsettings{PMTU_DISCOVERY} ne 'off') || ($cgiparams{'PMTU_DISCOVERY'} ne '')) {
+
+ # Check if a valid operating mode has been choosen and use it.
+ if (($vpnsettings{'PMTU_DISCOVERY'} eq 'yes') ||
+ ($vpnsettings{'PMTU_DISCOVERY'} eq 'maybe') ||
+ ($vpnsettings{'PMTU_DISCOVERY'} eq 'no' )) {
if(($vpnsettings{MSSFIX} ne 'on') || ($vpnsettings{FRAGMENT} eq '')) {
print CLIENTCONF "mtu-disc $vpnsettings{'PMTU_DISCOVERY'}\n";
}
if ($cgiparams{'ACTION'} eq 'editsave'){
my ($a,$b) =split (/\|/,$cgiparams{'ccdname'});
if ( $a ne $b){ &modccdnet($a,$b);}
+ $cgiparams{'ccdname'}='';
+ $cgiparams{'ccdsubnet'}='';
}
if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) {
&Header::closebox();
}
&Header::openbox('100%', 'LEFT',$Lang::tr{'ccd net'} );
+ if ( -e "/var/run/openvpn.pid"){
+ print "<b>$Lang::tr{'attention'}:</b><br>";
+ print "$Lang::tr{'ccd noaddnet'}<br><hr>";
+ }
+
print <<END
<table width='100%' border='0' cellpadding='0' cellspacing='1'>
<tr>
my @temp=();
my %ccdroutehash=();
my $keypoint=0;
+ my $ip;
+ my $cidr;
if ($cgiparams{'IR'} ne ''){
@temp = split("\n",$cgiparams{'IR'});
&General::readhasharray("${General::swroot}/ovpn/ccdroute", \%ccdroutehash);
foreach $val (@temp){
chomp($val);
$val=~s/\s*$//g;
- my($ip,$cidr) = split(/\//,$val);
- $ip=&General::getnetworkip($ip,&General::iporsubtocidr($cidr));
- $cidr=&General::iporsubtodec($cidr);
-
- #check if iroute exists in ccdroute
+ #check if iroute exists in ccdroute or if new iroute is part of an existing one
foreach my $key (keys %ccdroutehash) {
foreach my $oldiroute ( 1 .. $#{$ccdroutehash{$key}}){
- if ($ccdroutehash{$key}[$oldiroute] eq "$ip/$cidr") {
- $errormessage=$Lang::tr{'ccd err irouteexist'};
- goto VPNCONF_ERROR;
- }
+ if ($ccdroutehash{$key}[$oldiroute] eq "$val") {
+ $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
+ goto VPNCONF_ERROR;
+ }
+ my ($ip1,$cidr1) = split (/\//, $val);
+ my ($ip2,$cidr2) = split (/\//, $ccdroutehash{$key}[$oldiroute]);
+ if (&General::IpInSubnet ($ip1,$ip2,$cidr2)){
+ $errormessage=$errormessage.$Lang::tr{'ccd err irouteexist'};
+ goto VPNCONF_ERROR;
+ }
+
}
}
+ if (!&General::validipandmask($val)){
+ $errormessage=$errormessage."Route ".$Lang::tr{'ccd invalid'}." ($val)";
+ goto VPNCONF_ERROR;
+ }else{
+ ($ip,$cidr) = split(/\//,$val);
+ $ip=&General::getnetworkip($ip,&General::iporsubtocidr($cidr));
+ $cidr=&General::iporsubtodec($cidr);
+ $ccdroutehash{$keypoint}[$i] = $ip."/".$cidr;
+
+ }
#check for existing network IP's
if (&General::IpInSubnet ($ip,$netsettings{GREEN_NETADDRESS},$netsettings{GREEN_NETMASK}) && $netsettings{GREEN_NETADDRESS} ne '0.0.0.0')
projects / people / teissler / ipfire-2.x.git / blobdiff