From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] IPsec: Remove GUI option for "Roadwarrior virtual IP" Date: Thu, 24 Sep 2015 23:08:11 +0100 Message-ID: <1443132491.4141.232.camel@ipfire.org> In-Reply-To: <56047358.4070901@web.de> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0851033401445248413==" List-Id: --===============0851033401445248413== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, this patch looks good. I agree that this option should be removed since it is not supported any more and certainly does not work since a long time ago. Could you elaborate a bit more about these problems that were caused? Best, -Michael On Fri, 2015-09-25 at 00:04 +0200, Lars Schuhmacher wrote: > IPsec: Remove GUI option for "Roadwarrior virtual IP" >=20 > This setting stems from IPcop (and probably Openswan) and causes a > problem. Fixes bug 10496. >=20 > Signed-off-by: Lars Schuhmacher > --- > html/cgi-bin/vpnmain.cgi | 32 ++------------------------------ > langs/de/cgi-bin/de.pl | 1 - > langs/en/cgi-bin/en.pl | 1 - > langs/es/cgi-bin/es.pl | 1 - > langs/fr/cgi-bin/fr.pl | 1 - > langs/it/cgi-bin/it.pl | 1 - > langs/nl/cgi-bin/nl.pl | 1 - > langs/pl/cgi-bin/pl.pl | 1 - > langs/ru/cgi-bin/ru.pl | 1 - > langs/tr/cgi-bin/tr.pl | 1 - > 10 files changed, 2 insertions(+), 39 deletions(-) >=20 > diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi > index 65fc80f..5658dac 100644 > --- a/html/cgi-bin/vpnmain.cgi > +++ b/html/cgi-bin/vpnmain.cgi > @@ -235,7 +235,6 @@ sub makeconnname ($) { > ### > ###Type=3DHost : GUI can choose the interface used (RED,GREEN,BLUE) > and > ### the side is always defined as 'left'. > -### configihash[14]: 'VHOST' is allowed > ### > =20 > sub writeipsecfiles { > @@ -294,8 +293,6 @@ sub writeipsecfiles { > if ($lconfighash{$key}[3] eq 'net') { > my $cidr_net=3D&General::ipcidr($lconfighash{$key}[11]); > print CONF "\trightsubnet=3D$cidr_net\n"; > - } elsif ($lconfighash{$key}[10] eq '%any' && > $lconfighash{$key}[14] eq 'on') { #vhost allowed for roadwarriors? > - print CONF "\trightsubnet=3Dvhost:%no,%priv\n"; > } > =20 > # Local Cert and Remote Cert (unless auth is DN dn-auth) > @@ -1246,7 +1243,7 @@ END > &Header::closepage(); > exit (0); > ### > -### Adding/Editing/Saving a connection > +### Adding/Editing/Saving a connection > ### > } elsif (($cgiparams{'ACTION'} eq $Lang::tr{'add'}) || > ($cgiparams{'ACTION'} eq $Lang::tr{'edit'}) || > @@ -1289,7 +1286,6 @@ END > $cgiparams{'COMPRESSION'} =3D > $confighash{$cgiparams{'KEY'}}[13]; > $cgiparams{'ONLY_PROPOSED'} =3D > $confighash{$cgiparams{'KEY'}}[24]; > $cgiparams{'PFS'} =3D > $confighash{$cgiparams{'KEY'}}[28]; > - $cgiparams{'VHOST'} =3D > $confighash{$cgiparams{'KEY'}}[14]; > $cgiparams{'DPD_TIMEOUT'} =3D > $confighash{$cgiparams{'KEY'}}[30]; > $cgiparams{'DPD_DELAY'} =3D > $confighash{$cgiparams{'KEY'}}[31]; > $cgiparams{'FORCE_MOBIKE'} =3D > $confighash{$cgiparams{'KEY'}}[32]; > @@ -1814,7 +1810,6 @@ END > $confighash{$key}[13] =3D $cgiparams{'COMPRESSION'}; > $confighash{$key}[24] =3D $cgiparams{'ONLY_PROPOSED'}; > $confighash{$key}[28] =3D $cgiparams{'PFS'}; > - $confighash{$key}[14] =3D $cgiparams{'VHOST'}; > $confighash{$key}[30] =3D $cgiparams{'DPD_TIMEOUT'}; > $confighash{$key}[31] =3D $cgiparams{'DPD_DELAY'}; > $confighash{$key}[32] =3D $cgiparams{'FORCE_MOBIKE'}; > @@ -1891,7 +1886,6 @@ END > $cgiparams{'COMPRESSION'} =3D 'on'; #[13]; > $cgiparams{'ONLY_PROPOSED'} =3D 'off'; #[24]; > $cgiparams{'PFS'} =3D 'on'; #[28]; > - $cgiparams{'VHOST'} =3D 'on'; #[14]; > } > =20 > VPNCONF_ERROR: > @@ -1943,7 +1937,6 @@ END > value=3D'$cgiparams{'COMPRESSION'}' /> > value=3D'$cgiparams{'ONLY_PROPOSED'}' /> > > - value=3D'$cgiparams{'VHOST'}' /> > value=3D'$cgiparams{'DPD_ACTION'}' /> > value=3D'$cgiparams{'DPD_DELAY'}' /> > value=3D'$cgiparams{'DPD_TIMEOUT'}' /> > @@ -2130,11 +2123,6 @@ if(($cgiparams{'ACTION'} eq > $Lang::tr{'advanced'}) || > } > =20 > if ($cgiparams{'ACTION'} eq $Lang::tr{'save'}) { > - # I didn't read any incompatibilities here.... > - #if ($cgiparams{'VHOST'} eq 'on' && > $cgiparams{'COMPRESSION'} eq 'on') { > - # $errormessage =3D $Lang::tr{'cannot enable both nat > traversal and compression'}; > - # goto ADVANCED_ERROR; > - #} > my @temp =3D split('\|', $cgiparams{'IKE_ENCRYPTION'}); > if ($#temp < 0) { > $errormessage =3D $Lang::tr{'invalid input'}; > @@ -2222,8 +2210,7 @@ if(($cgiparams{'ACTION'} eq > $Lang::tr{'advanced'}) || > ($cgiparams{'COMPRESSION'} !~ /^(|on|off)$/) || > ($cgiparams{'FORCE_MOBIKE'} !~ /^(|on|off)$/) || > ($cgiparams{'ONLY_PROPOSED'} !~ /^(|on|off)$/) || > - ($cgiparams{'PFS'} !~ /^(|on|off)$/) || > - ($cgiparams{'VHOST'} !~ /^(|on|off)$/) > + ($cgiparams{'PFS'} !~ /^(|on|off)$/) > ){ > $errormessage =3D $Lang::tr{'invalid input'}; > goto ADVANCED_ERROR; > @@ -2252,7 +2239,6 @@ if(($cgiparams{'ACTION'} eq > $Lang::tr{'advanced'}) || > $confighash{$cgiparams{'KEY'}}[13] =3D > $cgiparams{'COMPRESSION'}; > $confighash{$cgiparams{'KEY'}}[24] =3D > $cgiparams{'ONLY_PROPOSED'}; > $confighash{$cgiparams{'KEY'}}[28] =3D $cgiparams{'PFS'}; > - $confighash{$cgiparams{'KEY'}}[14] =3D $cgiparams{'VHOST'}; > $confighash{$cgiparams{'KEY'}}[27] =3D > $cgiparams{'DPD_ACTION'}; > $confighash{$cgiparams{'KEY'}}[30] =3D > $cgiparams{'DPD_TIMEOUT'}; > $confighash{$cgiparams{'KEY'}}[31] =3D > $cgiparams{'DPD_DELAY'}; > @@ -2280,7 +2266,6 @@ if(($cgiparams{'ACTION'} eq > $Lang::tr{'advanced'}) || > $cgiparams{'COMPRESSION'} =3D > $confighash{$cgiparams{'KEY'}}[13]; > $cgiparams{'ONLY_PROPOSED'} =3D > $confighash{$cgiparams{'KEY'}}[24]; > $cgiparams{'PFS'} =3D > $confighash{$cgiparams{'KEY'}}[28]; > - $cgiparams{'VHOST'} =3D > $confighash{$cgiparams{'KEY'}}[14]; > $cgiparams{'DPD_ACTION'} =3D > $confighash{$cgiparams{'KEY'}}[27]; > $cgiparams{'DPD_TIMEOUT'} =3D > $confighash{$cgiparams{'KEY'}}[30]; > $cgiparams{'DPD_DELAY'} =3D > $confighash{$cgiparams{'KEY'}}[31]; > @@ -2294,9 +2279,6 @@ if(($cgiparams{'ACTION'} eq > $Lang::tr{'advanced'}) || > $cgiparams{'DPD_TIMEOUT'} =3D 120; > } > =20 > - if ($confighash{$cgiparams{'KEY'}}[3] eq 'net' || > $confighash{$cgiparams{'KEY'}}[10]) { > - $cgiparams{'VHOST'} =3D 'off'; > - } > } > =20 > ADVANCED_ERROR: > @@ -2382,7 +2364,6 @@ if(($cgiparams{'ACTION'} eq > $Lang::tr{'advanced'}) || > $checked{'FORCE_MOBIKE'} =3D $cgiparams{'FORCE_MOBIKE'} eq 'on' ? > "checked=3D'checked'" : '' ; > $checked{'ONLY_PROPOSED'} =3D $cgiparams{'ONLY_PROPOSED'} eq 'on' > ? "checked=3D'checked'" : '' ; > $checked{'PFS'} =3D $cgiparams{'PFS'} eq 'on' ? > "checked=3D'checked'" : '' ; > - $checked{'VHOST'} =3D $cgiparams{'VHOST'} eq 'on' ? > "checked=3D'checked'" : '' ; > =20 > $selected{'IKE_VERSION'}{'ikev1'} =3D ''; > $selected{'IKE_VERSION'}{'ikev2'} =3D ''; > @@ -2633,15 +2614,6 @@ if(($cgiparams{'ACTION'} eq > $Lang::tr{'advanced'}) || > > EOF > ; > - if ($confighash{$cgiparams{'KEY'}}[3] eq 'net') { > - print " />"; > - } elsif ($confighash{$cgiparams{'KEY'}}[10]) { > - print ""; > - } else { > - print ""; > - } > =20 > print < > diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl > index c21bac5..a3c8228 100644 > --- a/langs/de/cgi-bin/de.pl > +++ b/langs/de/cgi-bin/de.pl > @@ -2620,7 +2620,6 @@ > 'vpn statistic n2n' =3D> 'OpenVPN-Netz-zu-Netz-Statistik', > 'vpn statistic rw' =3D> 'OpenVPN-Roadwarrior-Statistik', > 'vpn subjectaltname' =3D> 'Subjekt Alternativer Name', > -'vpn vhost' =3D> 'Roadwarrior virtuelle IP (manchmal auch Inner-IP > genannt)', > 'vpn watch' =3D> 'Netz-zu-Netz VPN neu starten, wenn sich Remote-IP > =C3=A4ndert (DynDNS).', > 'waiting to synchronize clock' =3D> 'Bitte warten, die Uhr wird > synchronisiert', > 'warn when traffic reaches' =3D> 'Warnen wenn Traffic x % erreicht', > diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl > index 783fd0f..55cf228 100644 > --- a/langs/en/cgi-bin/en.pl > +++ b/langs/en/cgi-bin/en.pl > @@ -2664,7 +2664,6 @@ > 'vpn statistic n2n' =3D> 'OpenVPN Net-to-Net Statistics', > 'vpn statistic rw' =3D> 'OpenVPN Roadwarrior Statistics', > 'vpn subjectaltname' =3D> 'Subject Alt Name', > -'vpn vhost' =3D> 'Roadwarrior virtual IP (sometimes called Inner-IP)', > 'vpn watch' =3D> 'Restart net-to-net vpn when remote peer IP changes > (dyndns).', > 'waiting to synchronize clock' =3D> 'Waiting to synchronize clock', > 'warn when traffic reaches' =3D> 'Warn when traffic reaches x %', > diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl > index c0422b1..e24e75e 100644 > --- a/langs/es/cgi-bin/es.pl > +++ b/langs/es/cgi-bin/es.pl > @@ -2107,7 +2107,6 @@ > 'vpn red name' =3D> 'Direcci=C3=B3n IP p=C3=BAblica o FQDN para la interfa= z RED > o<%defaultroute>', > 'vpn remote id' =3D> 'ID Remoto', > 'vpn subjectaltname' =3D> 'Nombre alternativo en Asunto', > -'vpn vhost' =3D> 'IP virtual Roadwarris (tambi=C3=A9n referida como ip > -interior)', > 'vpn watch' =3D> 'Reinciar vpn net-to-net cuando la ip remota cambie > (dyndns)', > 'waiting to synchronize clock' =3D> 'Esperando sincronizaci=C3=B3n con el > reloj', > 'warn when traffic reaches' =3D> 'Advertir cuando el tr=C3=A1fico alcance x > %', > diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl > index 43e69a7..0d173ae 100644 > --- a/langs/fr/cgi-bin/fr.pl > +++ b/langs/fr/cgi-bin/fr.pl > @@ -2111,7 +2111,6 @@ > 'vpn red name' =3D> 'IP publique ou nom de domaine complet pour > l\'interface ROUGE ou <%defaultroute>', > 'vpn remote id' =3D> 'ID Distant', > 'vpn subjectaltname' =3D> 'Subject Alt Name', > -'vpn vhost' =3D> 'IP Virtuelle Roadwarrior (parfois appel=C3=A9e Inner > -IP)', > 'vpn watch' =3D> 'Red=C3=A9marrer net-to-net VPN si IP h=C3=B4te distant c= hange > (dyndns).', > 'waiting to synchronize clock' =3D> 'Attendre la synchronisation de > l\'horloge', > 'warn when traffic reaches' =3D> 'Avertir lorsque le trafic atteint x > %', > diff --git a/langs/it/cgi-bin/it.pl b/langs/it/cgi-bin/it.pl > index 0623bd5..950f700 100644 > --- a/langs/it/cgi-bin/it.pl > +++ b/langs/it/cgi-bin/it.pl > @@ -2586,7 +2586,6 @@ > 'vpn red name' =3D> 'IP pubblico o il nome di dominio completo per > l\'interfaccia RED o <%defaultroute>', > 'vpn remote id' =3D> 'Remote ID', > 'vpn subjectaltname' =3D> 'Subject Alt Name', > -'vpn vhost' =3D> 'Roadwarrior virtual IP (sometimes called Inner-IP)', > 'vpn watch' =3D> 'Restart net-to-net vpn when remote peer IP changes > (dyndns).', > 'waiting to synchronize clock' =3D> 'Waiting to synchronize clock', > 'warn when traffic reaches' =3D> 'Warn when traffic reaches x %', > diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl > index f748b74..9d90a08 100644 > --- a/langs/nl/cgi-bin/nl.pl > +++ b/langs/nl/cgi-bin/nl.pl > @@ -2529,7 +2529,6 @@ > 'vpn red name' =3D> 'Publiek IP of FQDN voor RODE interface of > <%defaultroute>', > 'vpn remote id' =3D> 'Remote ID', > 'vpn subjectaltname' =3D> 'Onderwerp Alt Naam', > -'vpn vhost' =3D> 'Roadwarrior virtual IP (Ook wel Inner-IP genoemd)', > 'vpn watch' =3D> 'Herstart net-to-net vpn wanneer remote peer IP > verandert (dyndns).', > 'waiting to synchronize clock' =3D> 'Wachten op synchronisatie van > klok', > 'warn when traffic reaches' =3D> 'Waarschuw wanneer verkeer x % > bereikt', > diff --git a/langs/pl/cgi-bin/pl.pl b/langs/pl/cgi-bin/pl.pl > index 30cc81e..47abf2c 100644 > --- a/langs/pl/cgi-bin/pl.pl > +++ b/langs/pl/cgi-bin/pl.pl > @@ -2120,7 +2120,6 @@ > 'vpn red name' =3D> 'Publiczne IP lub FQDN interfejsu RED lub > <%defaultroute>', > 'vpn remote id' =3D> 'Zdalne ID', > 'vpn subjectaltname' =3D> 'Subject Alt Name', > -'vpn vhost' =3D> 'Roadwarrior virtual IP (sometimes called Inner-IP)', > 'vpn watch' =3D> 'Uruchom ponownie vpn net-to-net kiedy zmieni si=C4=99 IP > zdalnej ko=C5=84c=C3=B3wki (dyndns).', > 'waiting to synchronize clock' =3D> 'Oczekiwanie na synchronizacj=C4=99 > zegara', > 'warn when traffic reaches' =3D> 'Ostrzegaj kiedy ruch osi=C4=85gnie x %', > diff --git a/langs/ru/cgi-bin/ru.pl b/langs/ru/cgi-bin/ru.pl > index 8cf985b..6840f81 100644 > --- a/langs/ru/cgi-bin/ru.pl > +++ b/langs/ru/cgi-bin/ru.pl > @@ -2115,7 +2115,6 @@ > 'vpn red name' =3D> '=D0=92=D0=BD=D0=B5=D1=88=D0=BD=D0=B8=D0=B9 IP =D0=B8= =D0=BB=D0=B8 FQDN =D0=B4=D0=BB=D1=8F RED =D0=B8=D0=BD=D1=82=D0=B5=D1=80=D1=84= =D0=B5=D0=B9=D1=81=D0=B0 =D0=B8=D0=BB=D0=B8 > <%defaultroute>', > 'vpn remote id' =3D> '=D0=A3=D0=B4=D0=B0=D0=BB=D1=91=D0=BD=D0=BD=D1=8B=D0= =B9 ID', > 'vpn subjectaltname' =3D> 'Subject Alt Name', > -'vpn vhost' =3D> 'Roadwarrior virtual IP (sometimes called Inner-IP)', > 'vpn watch' =3D> '=D0=9F=D0=B5=D1=80=D0=B5=D0=B7=D0=B0=D0=BF=D1=83=D1=81= =D0=BA=D0=B0=D1=82=D1=8C net-to-net vpn =D0=BA=D0=BE=D0=B3=D0=B4=D0=B0 =D1=83= =D0=B4=D0=B0=D0=BB=D1=91=D0=BD=D0=BD=D1=8B=D0=B9 IP > =D0=BC=D0=B5=D0=BD=D1=8F=D0=B5=D1=82=D1=81=D1=8F (dyndns).', > 'waiting to synchronize clock' =3D> '=D0=9E=D0=B6=D0=B8=D0=B4=D0=B0=D0=B5= =D1=82=D1=81=D1=8F =D1=81=D0=B8=D0=BD=D1=85=D1=80=D0=BE=D0=BD=D0=B8=D0=B7=D0= =B0=D1=86=D0=B8=D1=8F', > 'warn when traffic reaches' =3D> '=D0=9F=D1=80=D0=B5=D0=B4=D1=83=D0=BF=D1= =80=D0=B5=D0=B6=D0=B4=D0=B0=D1=82=D1=8C =D0=BA=D0=BE=D0=B3=D0=B4=D0=B0 =D1=82= =D1=80=D0=B0=D1=84=D0=B8=D0=BA > =D0=B2=D0=BE=D0=B7=D1=80=D0=B0=D1=81=D1=82=D0=B0=D0=B5=D1=82 =D0=B4=D0=BE x= %', > diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl > index 5426a06..782bc00 100644 > --- a/langs/tr/cgi-bin/tr.pl > +++ b/langs/tr/cgi-bin/tr.pl > @@ -2609,7 +2609,6 @@ > 'vpn red name' =3D> 'KIRMIZI arabirim veya <%defaultroute> i=C3=A7in ger= =C3=A7ek > IP veya FQDN', > 'vpn remote id' =3D> 'Uzak kimlik (ID)', > 'vpn subjectaltname' =3D> 'Alternatif konu ad=C4=B1', > -'vpn vhost' =3D> 'Roadwarrior sanal IP (bazen i=C3=A7 IP olarakta > adland=C4=B1r=C4=B1l=C4=B1r)', > 'vpn watch' =3D> 'Kar=C5=9F=C4=B1 e=C5=9F IP de=C4=9Fi=C5=9Ftirdi=C4=9Find= e (dyndns) a=C4=9Fdan-a=C4=9Fa VPN > ba=C4=9Flant=C4=B1s=C4=B1n=C4=B1 yeniden ba=C5=9Flat. Bu DPD ye yard=C4=B1m= c=C4=B1 olur.', > 'waiting to synchronize clock' =3D> 'Saat e=C5=9Fle=C5=9Ftirmesi bekleniyo= r', > 'warn when traffic reaches' =3D> 'Trafik x % de=C4=9Fere ula=C5=9Ft=C4=B1= =C4=9F=C4=B1nda uyar', --===============0851033401445248413== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEKCmlRSWNCQUFC Q2dBR0JRSldCSFJMQUFvSkVJQjU4UDl2a0FrSGh2b1AvM0VUbXVJcDZlNHZ5Q2pCMXRGenlIWlgK akFzSzlGSXZ6NkYzN2Z6TEwvTUpjbFVrT013bFNvOTdIQUhqOUtpOU85ZUI0RmRLMmw5bTZWVEZL Ty9lak42MwpKMW43VUhxaEdnemRzRHRnVVJwN0Y3S2ZVUmU5NmJCbloxeFdJaWRManpuNjhDME1M b2h1ZW91TTNyeG5RREJJClpEM1BJQ0RaOFliMDFsamxhZk5HRThJdVhKaWVLVDJOTHBVOE1YRUlj cmYwaVlZZkUwbVowSXMySmdtalVEUG0KUUQ4QUg2d3dzc3VSdlBpL0xhaGQyeTVxUVRXbUJCSERr QjFKdUNXcXFNSXFJOGVNeTRXWk1RT2ZKcFlHSFlYNwp1ZHlZRC9Gb2kwUGFtZ2lYRkVWdGozemhy WUFDNlBzQlc2Z0RVSElEWk1tWm91cmo5MlJQYUoveTdSRG4vNkE1CjZQeUdWa1lmc2RqbDliUjBL SURwWEtWWGpwUUlzYytreEN1S3FmRjNabnJNWnowSW9YRXhpNENXa21uS3I1ck8KaE5Wd2lmVThW ZS9SdkhzMHYrUnduS2ZQZXZQY0JmdTVPVTlOdS8vWkF5Z0Z1bE96RVBXSGI4RklYOVNPaWdYcAow WS9iZnZMUWJwTnBrazYvUndQOFFyWlNleEVjNCs4bUdYNmtUM2h0UjFHRnJEb2kvay81TURSOHEv eFZLaUptCjVnZjR6WVludFRVQjFScFBCbjh2SFllZnRWQnRxcFBTbklWQ0JUM2pDY1JEZkZKbGUy Z3c1TzF6cCt2SHJiM00KR0FCV2JRMHN4amQ4eEQ1bTUwcHBXaHZWQlIySlFWZXRER0VlN1Zka0pZ Smhabytyc1VVYktWN1RGUFNYN2JIdApVZVpXVGhmSVhPTFJsSmwrY0NOSgo9RGtldgotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============0851033401445248413==--