From: Stefan Schantl Date: Wed, 17 Jul 2013 20:30:29 +0000 (+0200) Subject: ovpnmain.cgi: Allow to keep the Remote field empty for N2N connections. X-Git-Url: http://git.ipfire.org/?p=people%2Fteissler%2Fipfire-2.x.git;a=commitdiff_plain;h=c125d8a2b4770e3cd63ef18ae720dd6e5fb8576c ovpnmain.cgi: Allow to keep the Remote field empty for N2N connections. * It's now possible to keep the Remote Host/IP field empty. * Cleaned up code. Fixes #10392. --- diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index 8622f6d63..5e18d3cb5 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -127,21 +127,6 @@ sub sizeformat{ return("$newsize $units[$i]"); } -sub valid_dns_host { - my $hostname = $_[0]; - unless ($hostname) { return "No hostname"}; - my $res = new Net::DNS::Resolver; - my $query = $res->search("$hostname"); - if ($query) { - foreach my $rr ($query->answer) { - ## Potential bug - we are only looking at A records: - return 0 if $rr->type eq "A"; - } - } else { - return $res->errorstring; - } -} - sub cleanssldatabase { if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) { @@ -982,7 +967,11 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General print SERVERCONF "persist-key\n"; print SERVERCONF "script-security 2\n"; print SERVERCONF "# IP/DNS for remote Server Gateway\n"; + + if ($cgiparams{'REMOTE'} ne '') { print SERVERCONF "remote $cgiparams{'REMOTE'}\n"; + } + print SERVERCONF "float\n"; print SERVERCONF "# IP adresses of the VPN Subnet\n"; print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n"; @@ -3614,34 +3603,38 @@ if ($cgiparams{'TYPE'} eq 'net') { } } - if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) { + # Check if a remote host/IP has been set for the client. + if ($cgiparams{'REMOTE'} eq '' && $cgiparams{'SIDE'} ne 'server') { $errormessage = $Lang::tr{'invalid input for remote host/ip'}; + + # Check if this is a N2N connection and drop temporary config. if ($cgiparams{'TYPE'} eq 'net') { - unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; - rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; - } + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + } goto VPNCONF_ERROR; } - if ($cgiparams{'REMOTE'}) { + # Check if a remote host/IP has been configured - the field can be empty on the server side. + if ($cgiparams{'REMOTE'} ne '') { + + # Check if the given IP is valid - otherwise check if it is a valid domain. if (! &General::validip($cgiparams{'REMOTE'})) { + + # Check for a valid domain. if (! &General::validfqdn ($cgiparams{'REMOTE'})) { $errormessage = $Lang::tr{'invalid input for remote host/ip'}; + + # Check if this is a N2N connection and drop temporary config. if ($cgiparams{'TYPE'} eq 'net') { - unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; - rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; - } + unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!"; + rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!"; + } goto VPNCONF_ERROR; - } else { - if (&valid_dns_host($cgiparams{'REMOTE'})) { - $warnmessage = "$Lang::tr{'check vpn lr'} $cgiparams{'REMOTE'}. $Lang::tr{'dns check failed'}"; - if ($cgiparams{'TYPE'} eq 'net') { - - } - } } } } + if ($cgiparams{'TYPE'} ne 'host') { unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) { $errormessage = $Lang::tr{'local subnet is invalid'};