X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=blobdiff_plain;f=src%2Fmisc-progs%2Fopenvpnctrl.c;h=e366294b572ab796e54fc6deb196e920af27365d;hp=e0a9ed2c8454c0ad1c34b352532a43cbe244ff9b;hb=a19ff965bb6b586d56907cb77bdc0f70b2b3c459;hpb=3d1fbbb02842bdc386bccd163e81b72956fa13c0

diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c
index e0a9ed2c8..e366294b5 100644
--- a/src/misc-progs/openvpnctrl.c
+++ b/src/misc-progs/openvpnctrl.c
@@ -359,26 +359,29 @@ void createAllChains(void) {
 }
 
 char* calcTransferNetAddress(const connection* conn) {
-	char *address = strdup(conn->transfer_subnet);
-	address = strsep(&address, "/");
+	char *subnetmask = strdup(conn->transfer_subnet);
+	char *address = strsep(&subnetmask, "/");
 
-	struct in_addr address_info;
-	if (!inet_aton(address, &address_info)) {
-		goto ERROR;
-	}
+	in_addr_t _address    = inet_addr(address);
+	in_addr_t _subnetmask = inet_addr(subnetmask);
+	_address &= _subnetmask;
 
-	if (strcmp(conn->role, "server")) {
-		address_info.s_addr += 1 << 24;
-	} else if (strcmp(conn->role, "client")) {
-		address_info.s_addr += 2 << 24;
+	if (strcmp(conn->role, "server") == 0) {
+		_address += 1 << 24;
+	} else if (strcmp(conn->role, "client") == 0) {
+		_address += 2 << 24;
 	} else {
 		goto ERROR;
 	}
 
-	address = inet_ntoa(address_info);
-	return address;
+	struct in_addr address_info;
+	address_info.s_addr = _address;
+
+	return inet_ntoa(address_info);
 
 ERROR:
+	fprintf(stderr, "Could not determine transfer net address: %s\n", conn->name);
+
 	free(address);
 	return NULL;
 }
@@ -428,6 +431,8 @@ char* getLocalSubnetAddress(const connection* conn) {
 	}
 
 ERROR:
+	fprintf(stderr, "Could not determine local subnet address: %s\n", conn->name);
+
 	freekeyvalues(kv);
 	return NULL;
 }
@@ -491,6 +496,9 @@ void setFirewallRules(void) {
 			local_subnet_address = getLocalSubnetAddress(conn);
 			transfer_subnet_address = calcTransferNetAddress(conn);
 
+			if ((!local_subnet_address) || (!transfer_subnet_address))
+				continue;
+
 			snprintf(command, STRING_SIZE, "/sbin/iptables -t nat -A %s -s %s -j SNAT --to-source %s",
 				OVPNNAT, transfer_subnet_address, local_subnet_address);
 			executeCommand(command);