BUG10628: It was possible to define more than one IPSec N2N with same remote subnet

author Alexander Marx <amarx@ipfire.org>

Mon, 22 Sep 2014 06:06:06 +0000 (08:06 +0200)

committer Alexander Marx <amarx@ipfire.org>

Mon, 22 Sep 2014 07:10:57 +0000 (09:10 +0200)
author Alexander Marx <amarx@ipfire.org>
Mon, 22 Sep 2014 06:06:06 +0000 (08:06 +0200)
committer Alexander Marx <amarx@ipfire.org>
Mon, 22 Sep 2014 07:10:57 +0000 (09:10 +0200)
diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl

index 8ed87fc80e58d5b40f3a5cc108d2d3e36fb767c8..02bd9f33c54787cd8eeea8ec79a2d0688bcc6f03 100644 (file)
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -461,7 +461,6 @@ sub checksubnets
         my @ccdconf=();
         my $ccdname=$_[0];
         my $ccdnet=$_[1];
-       my $ownnet=$_[2];
         my $errormessage;
         my ($ip,$cidr)=split(/\//,$ccdnet);
         $cidr=&iporsubtocidr($cidr);
@@ -509,22 +508,20 @@ sub checksubnets
         }
  
         #check if we use a ipsec right network which is already defined
-       if($ownnet ne 'ipsec'){
-               &General::readhasharray("${General::swroot}/vpn/config", \%ipsecconf);
-               foreach my $key (keys %ipsecconf){
-                       if ($ipsecconf{$key}[11] ne ''){
-                               my ($ipsecip,$ipsecsub) = split (/\//, $ipsecconf{$key}[11]);
-                               $ipsecsub=&iporsubtodec($ipsecsub);
-                               if($ipsecconf{$key}[1] ne $ccdname){
-                                       if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){
-                                               $errormessage=$Lang::tr{'ccd err isipsecnet'}." Name:  $ipsecconf{$key}[1]";
-                                               return $errormessage;
-                                       }
+       &General::readhasharray("${General::swroot}/vpn/config", \%ipsecconf);
+       foreach my $key (keys %ipsecconf){
+               if ($ipsecconf{$key}[11] ne ''){
+                       my ($ipsecip,$ipsecsub) = split (/\//, $ipsecconf{$key}[11]);
+                       $ipsecsub=&iporsubtodec($ipsecsub);
+                       if($ipsecconf{$key}[1] ne $ccdname){
+                               if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){
+                                       $errormessage=$Lang::tr{'ccd err isipsecnet'}." Name:  $ipsecconf{$key}[1]";
+                                       return $errormessage;
                                 }
                         }
                 }
         }
-
+       
         #check if we use the ipsec RW Network (if defined)
         &readhash("${General::swroot}/vpn/settings", \%vpnconf);
         if ($vpnconf{'RW_NET'} ne ''){
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi

index f5ec50079a64dd9ff0f0577a3ed6e2e1cb437624..dc687dbb48769742e3a688cfbf8126a410b47880 100644 (file)
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1408,7 +1408,7 @@ END
         }
  
         if ($cgiparams{'TYPE'} eq 'net'){
-               $warnmessage=&General::checksubnets('',$cgiparams{'REMOTE_SUBNET'},'ipsec');
+               $warnmessage=&General::checksubnets('',$cgiparams{'REMOTE_SUBNET'});
                 if ($warnmessage ne ''){
                         $warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'}) <br>".$warnmessage;
                 }
author	Alexander Marx <amarx@ipfire.org>
	Mon, 22 Sep 2014 06:06:06 +0000 (08:06 +0200)
committer	Alexander Marx <amarx@ipfire.org>
	Mon, 22 Sep 2014 07:10:57 +0000 (09:10 +0200)
config/cfgroot/general-functions.pl		patch \| blob \| blame \| history
html/cgi-bin/vpnmain.cgi		patch \| blob \| blame \| history