Re: [PATCH] IPsec: Remove GUI option for "Roadwarrior virtual IP"

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 14124 bytes --]

Hello,

this patch looks good. I agree that this option should be removed since
it is not supported any more and certainly does not work since a long
time ago.

Could you elaborate a bit more about these problems that were caused?

Best,
-Michael

On Fri, 2015-09-25 at 00:04 +0200, Lars Schuhmacher wrote:
> IPsec: Remove GUI option for "Roadwarrior virtual IP"
> 
> This setting stems from IPcop (and probably Openswan) and causes a
> problem. Fixes bug 10496.
> 
> Signed-off-by: Lars Schuhmacher <larsen007(a)web.de>
> ---
>  html/cgi-bin/vpnmain.cgi | 32 ++------------------------------
>  langs/de/cgi-bin/de.pl   |  1 -
>  langs/en/cgi-bin/en.pl   |  1 -
>  langs/es/cgi-bin/es.pl   |  1 -
>  langs/fr/cgi-bin/fr.pl   |  1 -
>  langs/it/cgi-bin/it.pl   |  1 -
>  langs/nl/cgi-bin/nl.pl   |  1 -
>  langs/pl/cgi-bin/pl.pl   |  1 -
>  langs/ru/cgi-bin/ru.pl   |  1 -
>  langs/tr/cgi-bin/tr.pl   |  1 -
>  10 files changed, 2 insertions(+), 39 deletions(-)
> 
> diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
> index 65fc80f..5658dac 100644
> --- a/html/cgi-bin/vpnmain.cgi
> +++ b/html/cgi-bin/vpnmain.cgi
> @@ -235,7 +235,6 @@ sub makeconnname ($) {
>  ###
>  ###Type=Host : GUI can choose the interface used (RED,GREEN,BLUE)
> and
>  ###		the side is always defined as 'left'.
> -###		configihash[14]: 'VHOST' is allowed
>  ###
>  
>  sub writeipsecfiles {
> @@ -294,8 +293,6 @@ sub writeipsecfiles {
>  	if ($lconfighash{$key}[3] eq 'net') {
>  	    my $cidr_net=&General::ipcidr($lconfighash{$key}[11]);
>  	    print CONF "\trightsubnet=$cidr_net\n";
> -	} elsif ($lconfighash{$key}[10] eq '%any' &&
> $lconfighash{$key}[14] eq 'on') { #vhost allowed for roadwarriors?
> -	    print CONF "\trightsubnet=vhost:%no,%priv\n";
>  	}
>  
>  	# Local Cert and Remote Cert (unless auth is DN dn-auth)
> @@ -1246,7 +1243,7 @@ END
>  	&Header::closepage();
>  	exit (0);
>  ###
> -### Adding/Editing/Saving a  connection
> +### Adding/Editing/Saving a connection
>  ###
>  } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) ||
>  	 ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) ||
> @@ -1289,7 +1286,6 @@ END
>  	$cgiparams{'COMPRESSION'}    	=
> $confighash{$cgiparams{'KEY'}}[13];
>  	$cgiparams{'ONLY_PROPOSED'}  	=
> $confighash{$cgiparams{'KEY'}}[24];
>  	$cgiparams{'PFS'}		=
> $confighash{$cgiparams{'KEY'}}[28];
> -	$cgiparams{'VHOST'}            	=
> $confighash{$cgiparams{'KEY'}}[14];
>  	$cgiparams{'DPD_TIMEOUT'}		=
> $confighash{$cgiparams{'KEY'}}[30];
>  	$cgiparams{'DPD_DELAY'}		=
> $confighash{$cgiparams{'KEY'}}[31];
>  	$cgiparams{'FORCE_MOBIKE'}	=
> $confighash{$cgiparams{'KEY'}}[32];
> @@ -1814,7 +1810,6 @@ END
>  	$confighash{$key}[13] = $cgiparams{'COMPRESSION'};
>  	$confighash{$key}[24] = $cgiparams{'ONLY_PROPOSED'};
>  	$confighash{$key}[28] = $cgiparams{'PFS'};
> -	$confighash{$key}[14] = $cgiparams{'VHOST'};
>  	$confighash{$key}[30] = $cgiparams{'DPD_TIMEOUT'};
>  	$confighash{$key}[31] = $cgiparams{'DPD_DELAY'};
>  	$confighash{$key}[32] = $cgiparams{'FORCE_MOBIKE'};
> @@ -1891,7 +1886,6 @@ END
>  	$cgiparams{'COMPRESSION'}    = 'on';		#[13];
>  	$cgiparams{'ONLY_PROPOSED'}  = 'off';		#[24];
>  	$cgiparams{'PFS'}	     = 'on';		#[28];
> -	$cgiparams{'VHOST'}          = 'on'; 		#[14];
>      }
>  
>      VPNCONF_ERROR:
> @@ -1943,7 +1937,6 @@ END
>  	<input type='hidden' name='COMPRESSION'
> value='$cgiparams{'COMPRESSION'}' />
>  	<input type='hidden' name='ONLY_PROPOSED'
> value='$cgiparams{'ONLY_PROPOSED'}' />
>  	<input type='hidden' name='PFS' value='$cgiparams{'PFS'}' />
> -	<input type='hidden' name='VHOST'
> value='$cgiparams{'VHOST'}' />
>  	<input type='hidden' name='DPD_ACTION'
> value='$cgiparams{'DPD_ACTION'}' />
>  	<input type='hidden' name='DPD_DELAY'
> value='$cgiparams{'DPD_DELAY'}' />
>  	<input type='hidden' name='DPD_TIMEOUT'
> value='$cgiparams{'DPD_TIMEOUT'}' />
> @@ -2130,11 +2123,6 @@ if(($cgiparams{'ACTION'} eq
> $Lang::tr{'advanced'}) ||
>      }
>  
>      if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) {
> -	# I didn't read any incompatibilities here....
> -	#if ($cgiparams{'VHOST'} eq 'on' &&
> $cgiparams{'COMPRESSION'} eq 'on') {
> -	#    $errormessage = $Lang::tr{'cannot enable both nat
> traversal and compression'};
> -	#    goto ADVANCED_ERROR;
> -	#}
>  	my @temp = split('\|', $cgiparams{'IKE_ENCRYPTION'});
>  	if ($#temp < 0) {
>  	    $errormessage = $Lang::tr{'invalid input'};
> @@ -2222,8 +2210,7 @@ if(($cgiparams{'ACTION'} eq
> $Lang::tr{'advanced'}) ||
>  	    ($cgiparams{'COMPRESSION'} !~ /^(|on|off)$/) ||
>  	    ($cgiparams{'FORCE_MOBIKE'} !~ /^(|on|off)$/) ||
>  	    ($cgiparams{'ONLY_PROPOSED'} !~ /^(|on|off)$/) ||
> -	    ($cgiparams{'PFS'} !~ /^(|on|off)$/) ||
> -	    ($cgiparams{'VHOST'} !~ /^(|on|off)$/)
> +	    ($cgiparams{'PFS'} !~ /^(|on|off)$/)
>  	){
>  	    $errormessage = $Lang::tr{'invalid input'};
>  	    goto ADVANCED_ERROR;
> @@ -2252,7 +2239,6 @@ if(($cgiparams{'ACTION'} eq
> $Lang::tr{'advanced'}) ||
>  	$confighash{$cgiparams{'KEY'}}[13] =
> $cgiparams{'COMPRESSION'};
>  	$confighash{$cgiparams{'KEY'}}[24] =
> $cgiparams{'ONLY_PROPOSED'};
>  	$confighash{$cgiparams{'KEY'}}[28] = $cgiparams{'PFS'};
> -	$confighash{$cgiparams{'KEY'}}[14] = $cgiparams{'VHOST'};
>  	$confighash{$cgiparams{'KEY'}}[27] =
> $cgiparams{'DPD_ACTION'};
>  	$confighash{$cgiparams{'KEY'}}[30] =
> $cgiparams{'DPD_TIMEOUT'};
>  	$confighash{$cgiparams{'KEY'}}[31] =
> $cgiparams{'DPD_DELAY'};
> @@ -2280,7 +2266,6 @@ if(($cgiparams{'ACTION'} eq
> $Lang::tr{'advanced'}) ||
>  	$cgiparams{'COMPRESSION'}    =
> $confighash{$cgiparams{'KEY'}}[13];
>  	$cgiparams{'ONLY_PROPOSED'}  =
> $confighash{$cgiparams{'KEY'}}[24];
>  	$cgiparams{'PFS'}  	     =
> $confighash{$cgiparams{'KEY'}}[28];
> -	$cgiparams{'VHOST'}          =
> $confighash{$cgiparams{'KEY'}}[14];
>  	$cgiparams{'DPD_ACTION'}     =
> $confighash{$cgiparams{'KEY'}}[27];
>  	$cgiparams{'DPD_TIMEOUT'}    =
> $confighash{$cgiparams{'KEY'}}[30];
>  	$cgiparams{'DPD_DELAY'}      =
> $confighash{$cgiparams{'KEY'}}[31];
> @@ -2294,9 +2279,6 @@ if(($cgiparams{'ACTION'} eq
> $Lang::tr{'advanced'}) ||
>  		$cgiparams{'DPD_TIMEOUT'} = 120;
>  	}
>  
> -	if ($confighash{$cgiparams{'KEY'}}[3] eq 'net' ||
> $confighash{$cgiparams{'KEY'}}[10]) {
> -	    $cgiparams{'VHOST'}            = 'off';
> -	}
>      }
>  
>      ADVANCED_ERROR:
> @@ -2382,7 +2364,6 @@ if(($cgiparams{'ACTION'} eq
> $Lang::tr{'advanced'}) ||
>      $checked{'FORCE_MOBIKE'} = $cgiparams{'FORCE_MOBIKE'} eq 'on' ?
> "checked='checked'" : '' ;
>      $checked{'ONLY_PROPOSED'} = $cgiparams{'ONLY_PROPOSED'} eq 'on'
> ? "checked='checked'" : '' ;
>      $checked{'PFS'} = $cgiparams{'PFS'} eq 'on' ?
> "checked='checked'" : '' ;
> -    $checked{'VHOST'} = $cgiparams{'VHOST'} eq 'on' ?
> "checked='checked'" : '' ;
>  
>      $selected{'IKE_VERSION'}{'ikev1'} = '';
>      $selected{'IKE_VERSION'}{'ikev2'} = '';
> @@ -2633,15 +2614,6 @@ if(($cgiparams{'ACTION'} eq
> $Lang::tr{'advanced'}) ||
>  	</tr>
>  EOF
>      ;
> -    if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') {
> -	print "<tr><td><input type='hidden' name='VHOST' value='off'
> /></td></tr>";
> -    } elsif ($confighash{$cgiparams{'KEY'}}[10]) {
> -	print "<tr><td><label><input type='checkbox' name='VHOST'
> $checked{'VHOST'} disabled='disabled' />";
> -	print " $Lang::tr{'vpn vhost'}</label></td></tr>";
> -    } else {
> -	print "<tr><td><label><input type='checkbox' name='VHOST'
> $checked{'VHOST'} />";
> -	print " $Lang::tr{'vpn vhost'}</label></td></tr>";
> -    }
>  
>      print <<EOF;
>  	<tr>
> diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
> index c21bac5..a3c8228 100644
> --- a/langs/de/cgi-bin/de.pl
> +++ b/langs/de/cgi-bin/de.pl
> @@ -2620,7 +2620,6 @@
>  'vpn statistic n2n' => 'OpenVPN-Netz-zu-Netz-Statistik',
>  'vpn statistic rw' => 'OpenVPN-Roadwarrior-Statistik',
>  'vpn subjectaltname' => 'Subjekt Alternativer Name',
> -'vpn vhost' => 'Roadwarrior virtuelle IP (manchmal auch Inner-IP
> genannt)',
>  'vpn watch' => 'Netz-zu-Netz VPN neu starten, wenn sich Remote-IP
> ändert (DynDNS).',
>  'waiting to synchronize clock' => 'Bitte warten, die Uhr wird
> synchronisiert',
>  'warn when traffic reaches' => 'Warnen wenn Traffic x % erreicht',
> diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
> index 783fd0f..55cf228 100644
> --- a/langs/en/cgi-bin/en.pl
> +++ b/langs/en/cgi-bin/en.pl
> @@ -2664,7 +2664,6 @@
>  'vpn statistic n2n' => 'OpenVPN Net-to-Net Statistics',
>  'vpn statistic rw' => 'OpenVPN Roadwarrior Statistics',
>  'vpn subjectaltname' => 'Subject Alt Name',
> -'vpn vhost' => 'Roadwarrior virtual IP (sometimes called Inner-IP)',
>  'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes
> (dyndns).',
>  'waiting to synchronize clock' => 'Waiting to synchronize clock',
>  'warn when traffic reaches' => 'Warn when traffic reaches x %',
> diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl
> index c0422b1..e24e75e 100644
> --- a/langs/es/cgi-bin/es.pl
> +++ b/langs/es/cgi-bin/es.pl
> @@ -2107,7 +2107,6 @@
>  'vpn red name' => 'Dirección IP pública o FQDN para la interfaz RED
> o<%defaultroute>',
>  'vpn remote id' => 'ID Remoto',
>  'vpn subjectaltname' => 'Nombre alternativo en Asunto',
> -'vpn vhost' => 'IP virtual Roadwarris (también referida como ip
> -interior)',
>  'vpn watch' => 'Reinciar vpn net-to-net cuando la ip remota cambie
> (dyndns)',
>  'waiting to synchronize clock' => 'Esperando sincronización con el
> reloj',
>  'warn when traffic reaches' => 'Advertir cuando el tráfico alcance x
> %',
> diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl
> index 43e69a7..0d173ae 100644
> --- a/langs/fr/cgi-bin/fr.pl
> +++ b/langs/fr/cgi-bin/fr.pl
> @@ -2111,7 +2111,6 @@
>  'vpn red name' => 'IP publique ou nom de domaine complet pour
> l\'interface ROUGE ou <%defaultroute>',
>  'vpn remote id' => 'ID Distant',
>  'vpn subjectaltname' => 'Subject Alt Name',
> -'vpn vhost' => 'IP Virtuelle Roadwarrior (parfois appelée Inner
> -IP)',
>  'vpn watch' => 'Redémarrer net-to-net VPN si IP hôte distant change
> (dyndns).',
>  'waiting to synchronize clock' => 'Attendre la synchronisation de
> l\'horloge',
>  'warn when traffic reaches' => 'Avertir lorsque le trafic atteint x
> %',
> diff --git a/langs/it/cgi-bin/it.pl b/langs/it/cgi-bin/it.pl
> index 0623bd5..950f700 100644
> --- a/langs/it/cgi-bin/it.pl
> +++ b/langs/it/cgi-bin/it.pl
> @@ -2586,7 +2586,6 @@
>  'vpn red name' => 'IP pubblico o il nome di dominio completo per
> l\'interfaccia RED o <%defaultroute>',
>  'vpn remote id' => 'Remote ID',
>  'vpn subjectaltname' => 'Subject Alt Name',
> -'vpn vhost' => 'Roadwarrior virtual IP (sometimes called Inner-IP)',
>  'vpn watch' => 'Restart net-to-net vpn when remote peer IP changes
> (dyndns).',
>  'waiting to synchronize clock' => 'Waiting to synchronize clock',
>  'warn when traffic reaches' => 'Warn when traffic reaches x %',
> diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl
> index f748b74..9d90a08 100644
> --- a/langs/nl/cgi-bin/nl.pl
> +++ b/langs/nl/cgi-bin/nl.pl
> @@ -2529,7 +2529,6 @@
>  'vpn red name' => 'Publiek IP of FQDN voor RODE interface of
> <%defaultroute>',
>  'vpn remote id' => 'Remote ID',
>  'vpn subjectaltname' => 'Onderwerp Alt Naam',
> -'vpn vhost' => 'Roadwarrior virtual IP (Ook wel Inner-IP genoemd)',
>  'vpn watch' => 'Herstart net-to-net vpn wanneer remote peer IP
> verandert (dyndns).',
>  'waiting to synchronize clock' => 'Wachten op synchronisatie van
> klok',
>  'warn when traffic reaches' => 'Waarschuw wanneer verkeer x %
> bereikt',
> diff --git a/langs/pl/cgi-bin/pl.pl b/langs/pl/cgi-bin/pl.pl
> index 30cc81e..47abf2c 100644
> --- a/langs/pl/cgi-bin/pl.pl
> +++ b/langs/pl/cgi-bin/pl.pl
> @@ -2120,7 +2120,6 @@
>  'vpn red name' => 'Publiczne IP lub FQDN interfejsu RED lub
> <%defaultroute>',
>  'vpn remote id' => 'Zdalne ID',
>  'vpn subjectaltname' => 'Subject Alt Name',
> -'vpn vhost' => 'Roadwarrior virtual IP (sometimes called Inner-IP)',
>  'vpn watch' => 'Uruchom ponownie vpn net-to-net kiedy zmieni się IP
> zdalnej końcówki (dyndns).',
>  'waiting to synchronize clock' => 'Oczekiwanie na synchronizację
> zegara',
>  'warn when traffic reaches' => 'Ostrzegaj kiedy ruch osiągnie x %',
> diff --git a/langs/ru/cgi-bin/ru.pl b/langs/ru/cgi-bin/ru.pl
> index 8cf985b..6840f81 100644
> --- a/langs/ru/cgi-bin/ru.pl
> +++ b/langs/ru/cgi-bin/ru.pl
> @@ -2115,7 +2115,6 @@
>  'vpn red name' => 'Внешний IP или FQDN для RED интерфейса или
> <%defaultroute>',
>  'vpn remote id' => 'Удалённый ID',
>  'vpn subjectaltname' => 'Subject Alt Name',
> -'vpn vhost' => 'Roadwarrior virtual IP (sometimes called Inner-IP)',
>  'vpn watch' => 'Перезапускать net-to-net vpn когда удалённый IP
> меняется (dyndns).',
>  'waiting to synchronize clock' => 'Ожидается синхронизация',
>  'warn when traffic reaches' => 'Предупреждать когда трафик
> возрастает до x %',
> diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl
> index 5426a06..782bc00 100644
> --- a/langs/tr/cgi-bin/tr.pl
> +++ b/langs/tr/cgi-bin/tr.pl
> @@ -2609,7 +2609,6 @@
>  'vpn red name' => 'KIRMIZI arabirim veya <%defaultroute> için gerçek
> IP veya FQDN',
>  'vpn remote id' => 'Uzak kimlik (ID)',
>  'vpn subjectaltname' => 'Alternatif konu adı',
> -'vpn vhost' => 'Roadwarrior sanal IP (bazen iç IP olarakta
> adlandırılır)',
>  'vpn watch' => 'Karşı eş IP değiştirdiğinde (dyndns) ağdan-ağa VPN
> bağlantısını yeniden başlat. Bu DPD ye yardımcı olur.',
>  'waiting to synchronize clock' => 'Saat eşleştirmesi bekleniyor',
>  'warn when traffic reaches' => 'Trafik x % değere ulaştığında uyar',

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]