* [PATCH] BUG: 11696 - VPN Subnets missing from wpad.dat
@ 2018-04-20 21:00 Oliver Fuhrer
2018-04-24 11:57 ` Michael Tremer
0 siblings, 1 reply; 4+ messages in thread
From: Oliver Fuhrer @ 2018-04-20 21:00 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2401 bytes --]
This Patch excludes enabled ipsec/ OpenVPN N2N Subnets from wpad.dat so they
don't go through the proxy.
I could only test it with ipsec tunnels, however as the code for openvpn is
pretty much the same, I included this one as well and some basic tests
worked as expected.
As I'm not very familiar with Perl, there probably is some room for
improvement too.
Regards
Oliver
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index c36fc4e..69bfdd4 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -3014,6 +3014,11 @@ sub write_acls
sub writepacfile
{
+ my %vpnconfig=();
+ my %ovpnconfig=();
+ &General::readhasharray("${General::swroot}/vpn/config",
\%vpnconfig);
+ &General::readhasharray("${General::swroot}/ovpn/ovpnconfig",
\%ovpnconfig);
+
open(FILE, ">/srv/web/ipfire/html/proxy.pac");
flock(FILE, 2);
print FILE "function FindProxyForURL(url, host)\n";
@@ -3039,6 +3044,26 @@ END
print FILE " (isInNet(host,
\"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\"))
||\n";
}
+ foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp
uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
+ if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne
'host') {
+ my @networks = split(/\|/, $vpnconfig{$key}[11]);
+ foreach my $network (@networks) {
+ my ($vpnip, $vpnsub) = split("/", $network);
+ $vpnsub =
&Network::convert_prefix2netmask($vpnsub) || $vpnsub;
+ print FILE " (isInNet(host, \"$vpnip\",
\"$vpnsub\")) ||\n";
+ }
+ }
+ }
+
+ foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp
uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
+ if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne
'host') {
+ my @networks = split(/\|/, $ovpnconfig{$key}[11]);
+ foreach my $network (@networks) {
+ my ($vpnip, $vpnsub) = split("/",
$network);
+ print FILE " (isInNet(host, \"$vpnip\",
\"$vpnsub\")) ||\n";
+ }
+ }
+ }
print FILE <<END
(isInNet(host, "169.254.0.0", "255.255.0.0"))
)
--
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] BUG: 11696 - VPN Subnets missing from wpad.dat
2018-04-20 21:00 [PATCH] BUG: 11696 - VPN Subnets missing from wpad.dat Oliver Fuhrer
@ 2018-04-24 11:57 ` Michael Tremer
2018-04-24 14:34 ` Peter Müller
0 siblings, 1 reply; 4+ messages in thread
From: Michael Tremer @ 2018-04-24 11:57 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2943 bytes --]
Hello Oliver,
welcome to the list.
Unfortunately the patch has been fragmented by your email program. The lines
have been wrapped and the patch won't apply any more. Could you please check the
settings of your email program and submit again?
Best,
-Michael
On Fri, 2018-04-20 at 23:00 +0200, Oliver Fuhrer wrote:
> This Patch excludes enabled ipsec/ OpenVPN N2N Subnets from wpad.dat so they
> don't go through the proxy.
> I could only test it with ipsec tunnels, however as the code for openvpn is
> pretty much the same, I included this one as well and some basic tests
> worked as expected.
> As I'm not very familiar with Perl, there probably is some room for
> improvement too.
>
> Regards
> Oliver
>
>
> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
> index c36fc4e..69bfdd4 100644
> --- a/html/cgi-bin/proxy.cgi
> +++ b/html/cgi-bin/proxy.cgi
> @@ -3014,6 +3014,11 @@ sub write_acls
>
> sub writepacfile
> {
> + my %vpnconfig=();
> + my %ovpnconfig=();
> + &General::readhasharray("${General::swroot}/vpn/config",
> \%vpnconfig);
> + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig",
> \%ovpnconfig);
> +
> open(FILE, ">/srv/web/ipfire/html/proxy.pac");
> flock(FILE, 2);
> print FILE "function FindProxyForURL(url, host)\n";
> @@ -3039,6 +3044,26 @@ END
> print FILE " (isInNet(host,
> \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\"))
> > > \n";
>
> }
>
> + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp
> uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
> + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne
> 'host') {
> + my @networks = split(/\|/, $vpnconfig{$key}[11]);
> + foreach my $network (@networks) {
> + my ($vpnip, $vpnsub) = split("/", $network);
> + $vpnsub =
> &Network::convert_prefix2netmask($vpnsub) || $vpnsub;
> + print FILE " (isInNet(host, \"$vpnip\",
> \"$vpnsub\")) ||\n";
> + }
> + }
> + }
> +
> + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp
> uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
> + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne
> 'host') {
> + my @networks = split(/\|/, $ovpnconfig{$key}[11]);
> + foreach my $network (@networks) {
> + my ($vpnip, $vpnsub) = split("/",
> $network);
> + print FILE " (isInNet(host, \"$vpnip\",
> \"$vpnsub\")) ||\n";
> + }
> + }
> + }
> print FILE <<END
> (isInNet(host, "169.254.0.0", "255.255.0.0"))
> )
> --
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] BUG: 11696 - VPN Subnets missing from wpad.dat
2018-04-24 11:57 ` Michael Tremer
@ 2018-04-24 14:34 ` Peter Müller
2018-04-24 14:50 ` Michael Tremer
0 siblings, 1 reply; 4+ messages in thread
From: Peter Müller @ 2018-04-24 14:34 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 3162 bytes --]
Hello,
> Hello Oliver,
>
> welcome to the list.
>
> Unfortunately the patch has been fragmented by your email program. The lines
> have been wrapped and the patch won't apply any more. Could you please check the
> settings of your email program and submit again?
In case of Thunderbird, this might be helpful: https://wiki.ipfire.org/devel/send-tb-patches
Best regards,
Peter Müller
>
> Best,
> -Michael
>
> On Fri, 2018-04-20 at 23:00 +0200, Oliver Fuhrer wrote:
>> This Patch excludes enabled ipsec/ OpenVPN N2N Subnets from wpad.dat so they
>> don't go through the proxy.
>> I could only test it with ipsec tunnels, however as the code for openvpn is
>> pretty much the same, I included this one as well and some basic tests
>> worked as expected.
>> As I'm not very familiar with Perl, there probably is some room for
>> improvement too.
>>
>> Regards
>> Oliver
>>
>>
>> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
>> index c36fc4e..69bfdd4 100644
>> --- a/html/cgi-bin/proxy.cgi
>> +++ b/html/cgi-bin/proxy.cgi
>> @@ -3014,6 +3014,11 @@ sub write_acls
>>
>> sub writepacfile
>> {
>> + my %vpnconfig=();
>> + my %ovpnconfig=();
>> + &General::readhasharray("${General::swroot}/vpn/config",
>> \%vpnconfig);
>> + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig",
>> \%ovpnconfig);
>> +
>> open(FILE, ">/srv/web/ipfire/html/proxy.pac");
>> flock(FILE, 2);
>> print FILE "function FindProxyForURL(url, host)\n";
>> @@ -3039,6 +3044,26 @@ END
>> print FILE " (isInNet(host,
>> \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\"))
>>>> \n";
>>
>> }
>>
>> + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp
>> uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
>> + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne
>> 'host') {
>> + my @networks = split(/\|/, $vpnconfig{$key}[11]);
>> + foreach my $network (@networks) {
>> + my ($vpnip, $vpnsub) = split("/", $network);
>> + $vpnsub =
>> &Network::convert_prefix2netmask($vpnsub) || $vpnsub;
>> + print FILE " (isInNet(host, \"$vpnip\",
>> \"$vpnsub\")) ||\n";
>> + }
>> + }
>> + }
>> +
>> + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp
>> uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
>> + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne
>> 'host') {
>> + my @networks = split(/\|/, $ovpnconfig{$key}[11]);
>> + foreach my $network (@networks) {
>> + my ($vpnip, $vpnsub) = split("/",
>> $network);
>> + print FILE " (isInNet(host, \"$vpnip\",
>> \"$vpnsub\")) ||\n";
>> + }
>> + }
>> + }
>> print FILE <<END
>> (isInNet(host, "169.254.0.0", "255.255.0.0"))
>> )
>> --
>>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] BUG: 11696 - VPN Subnets missing from wpad.dat
2018-04-24 14:34 ` Peter Müller
@ 2018-04-24 14:50 ` Michael Tremer
0 siblings, 0 replies; 4+ messages in thread
From: Michael Tremer @ 2018-04-24 14:50 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 3735 bytes --]
On Tue, 2018-04-24 at 16:34 +0200, Peter Müller wrote:
> Hello,
> > Hello Oliver,
> >
> > welcome to the list.
> >
> > Unfortunately the patch has been fragmented by your email program. The lines
> > have been wrapped and the patch won't apply any more. Could you please check
> > the
> > settings of your email program and submit again?
>
> In case of Thunderbird, this might be helpful:
> https://wiki.ipfire.org/devel/send-tb-patches
That article is quite hidden. Would you like to change the chapter on the
"submitting patches" page so that it is obvious that it has some clues about how
to configure an MTA?
-Michael
>
> Best regards,
> Peter Müller
> >
> > Best,
> > -Michael
> >
> > On Fri, 2018-04-20 at 23:00 +0200, Oliver Fuhrer wrote:
> > > This Patch excludes enabled ipsec/ OpenVPN N2N Subnets from wpad.dat so
> > > they
> > > don't go through the proxy.
> > > I could only test it with ipsec tunnels, however as the code for openvpn
> > > is
> > > pretty much the same, I included this one as well and some basic tests
> > > worked as expected.
> > > As I'm not very familiar with Perl, there probably is some room for
> > > improvement too.
> > >
> > > Regards
> > > Oliver
> > >
> > >
> > > diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
> > > index c36fc4e..69bfdd4 100644
> > > --- a/html/cgi-bin/proxy.cgi
> > > +++ b/html/cgi-bin/proxy.cgi
> > > @@ -3014,6 +3014,11 @@ sub write_acls
> > >
> > > sub writepacfile
> > > {
> > > + my %vpnconfig=();
> > > + my %ovpnconfig=();
> > > + &General::readhasharray("${General::swroot}/vpn/config",
> > > \%vpnconfig);
> > > + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig",
> > > \%ovpnconfig);
> > > +
> > > open(FILE, ">/srv/web/ipfire/html/proxy.pac");
> > > flock(FILE, 2);
> > > print FILE "function FindProxyForURL(url, host)\n";
> > > @@ -3039,6 +3044,26 @@ END
> > > print FILE " (isInNet(host,
> > > \"$netsettings{'ORANGE_NETADDRESS'}\",
> > > \"$netsettings{'ORANGE_NETMASK'}\"))
> > > > > \n";
> > >
> > > }
> > >
> > > + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp
> > > uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
> > > + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne
> > > 'host') {
> > > + my @networks = split(/\|/, $vpnconfig{$key}[11]);
> > > + foreach my $network (@networks) {
> > > + my ($vpnip, $vpnsub) = split("/",
> > > $network);
> > > + $vpnsub =
> > > &Network::convert_prefix2netmask($vpnsub) || $vpnsub;
> > > + print FILE " (isInNet(host,
> > > \"$vpnip\",
> > > \"$vpnsub\")) ||\n";
> > > + }
> > > + }
> > > + }
> > > +
> > > + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp
> > > uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
> > > + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3]
> > > ne
> > > 'host') {
> > > + my @networks = split(/\|/,
> > > $ovpnconfig{$key}[11]);
> > > + foreach my $network (@networks) {
> > > + my ($vpnip, $vpnsub) = split("/",
> > > $network);
> > > + print FILE " (isInNet(host,
> > > \"$vpnip\",
> > > \"$vpnsub\")) ||\n";
> > > + }
> > > + }
> > > + }
> > > print FILE <<END
> > > (isInNet(host, "169.254.0.0", "255.255.0.0"))
> > > )
> > > --
> > >
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-04-24 14:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-04-20 21:00 [PATCH] BUG: 11696 - VPN Subnets missing from wpad.dat Oliver Fuhrer
2018-04-24 11:57 ` Michael Tremer
2018-04-24 14:34 ` Peter Müller
2018-04-24 14:50 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox