From 841c8a099c5c496f8ed7adcc999ad50d341b2e39 Mon Sep 17 00:00:00 2001 From: Alexander Marx Date: Mon, 22 Sep 2014 08:06:06 +0200 Subject: [PATCH] BUG10628: It was possible to define more than one IPSec N2N with same remote subnet Now there's a hint shown when there are two different N2N networks with same remote subnet. --- config/cfgroot/general-functions.pl | 23 ++++++++++------------- html/cgi-bin/vpnmain.cgi | 2 +- 2 files changed, 11 insertions(+), 14 deletions(-) diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl index 8ed87fc80..02bd9f33c 100644 --- a/config/cfgroot/general-functions.pl +++ b/config/cfgroot/general-functions.pl @@ -461,7 +461,6 @@ sub checksubnets my @ccdconf=(); my $ccdname=$_[0]; my $ccdnet=$_[1]; - my $ownnet=$_[2]; my $errormessage; my ($ip,$cidr)=split(/\//,$ccdnet); $cidr=&iporsubtocidr($cidr); @@ -509,22 +508,20 @@ sub checksubnets } #check if we use a ipsec right network which is already defined - if($ownnet ne 'ipsec'){ - &General::readhasharray("${General::swroot}/vpn/config", \%ipsecconf); - foreach my $key (keys %ipsecconf){ - if ($ipsecconf{$key}[11] ne ''){ - my ($ipsecip,$ipsecsub) = split (/\//, $ipsecconf{$key}[11]); - $ipsecsub=&iporsubtodec($ipsecsub); - if($ipsecconf{$key}[1] ne $ccdname){ - if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){ - $errormessage=$Lang::tr{'ccd err isipsecnet'}." Name: $ipsecconf{$key}[1]"; - return $errormessage; - } + &General::readhasharray("${General::swroot}/vpn/config", \%ipsecconf); + foreach my $key (keys %ipsecconf){ + if ($ipsecconf{$key}[11] ne ''){ + my ($ipsecip,$ipsecsub) = split (/\//, $ipsecconf{$key}[11]); + $ipsecsub=&iporsubtodec($ipsecsub); + if($ipsecconf{$key}[1] ne $ccdname){ + if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){ + $errormessage=$Lang::tr{'ccd err isipsecnet'}." Name: $ipsecconf{$key}[1]"; + return $errormessage; } } } } - + #check if we use the ipsec RW Network (if defined) &readhash("${General::swroot}/vpn/settings", \%vpnconf); if ($vpnconf{'RW_NET'} ne ''){ diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index f5ec50079..dc687dbb4 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -1408,7 +1408,7 @@ END } if ($cgiparams{'TYPE'} eq 'net'){ - $warnmessage=&General::checksubnets('',$cgiparams{'REMOTE_SUBNET'},'ipsec'); + $warnmessage=&General::checksubnets('',$cgiparams{'REMOTE_SUBNET'}); if ($warnmessage ne ''){ $warnmessage=$Lang::tr{'remote subnet'}." ($cgiparams{'REMOTE_SUBNET'})
".$warnmessage; } -- 2.47.2