IPSEC: added checkroutine for used OpenVPN subnets/Hosts

[people/teissler/ipfire-2.x.git] / html / cgi-bin / vpnmain.cgi

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
old mode 100644 (file)
new mode 100755 (executable)
index eea2c01..24aeb6d
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1031,6 +1031,7 @@ END
            nsComment="OpenSSL Generated Certificate"
            subjectKeyIdentifier=hash
            authorityKeyIdentifier=keyid,issuer:always
+           extendedKeyUsage = serverAuth
 END
 ;
            print $fh "subjectAltName=$cgiparams{'SUBJECTALTNAME'}" if ($cgiparams{'SUBJECTALTNAME'});
@@ -1414,6 +1415,14 @@ END
            goto VPNCONF_ERROR;
        }
 
+       
+       if ($cgiparams{'TYPE'} eq 'net'){
+               $errormessage=&General::checksubnets($cgiparams{'NAME'},$cgiparams{'REMOTE_SUBNET'});
+               if ($errormessage ne ''){
+                       goto VPNCONF_ERROR;
+               }
+               
+       }
        if ($cgiparams{'AUTH'} eq 'psk') {
            if (! length($cgiparams{'PSK'}) ) {
                $errormessage = $Lang::tr{'pre-shared key is too short'};