Hi Oliver, > On 18 May 2019, at 00:50, Oliver Fuhrer wrote: > > Hi Michael > > Sorry for wasting your time with that patch. LOL No worries. The main thing is we are getting this right. The good news is that it applied. There were just genuine conflicts with the other changes. > The patch was created against master branch which was up to date in my repo. > I have now created a new one based on the next branch. Looks like there have been quite some changes to proxy.cgi. > > Let me know whether I should give this one a try. If you have applied your changes to the new version of the file and tested them, you can send a third version of the file. Best, -Michael > > Regards > Oliver > > -----Original Message----- > From: Michael Tremer > Sent: Friday, May 17, 2019 23:33 > To: Oliver Fuhrer > Cc: development(a)lists.ipfire.org > Subject: Re: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat > > Hi Oliver, > > I am afraid I wasn’t able to apply this patch either: > > [root(a)ipfire ipfire-2.x]# pwclient git-am -s 2251 > Applying patch #2251 using "git am -s" > Description: BUG 11696: VPN Subnets missing from wpad.dat > Applying: BUG 11696: VPN Subnets missing from wpad.dat > error: patch failed: html/cgi-bin/proxy.cgi:2763 > error: html/cgi-bin/proxy.cgi: patch does not apply > Patch failed at 0001 BUG 11696: VPN Subnets missing from wpad.dat > The copy of the patch that failed is found in: .git/rebase-apply/patch > When you have resolved this problem, run "git am --continue". > If you prefer to skip this patch, run "git am --skip" instead. > To restore the original branch and stop patching, run "git am --abort". > 'git am' failed with exit status 128 > > I tried to run a three-way merge, but there is literally a chunk of the file that wasn’t there before it seems. > > Did you develop this on top of the next branch or did you add your changes to an older version of the file? > > Best, > -Michael > >> On 13 May 2019, at 19:33, Oliver Fuhrer wrote: >> >> This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n >> subnets to wpad.dat so they don't pass through the proxy. >> --- >> Hi All >> Apologies for the line-wrapping mess with the previous attempt. >> Looks like Outlook isn't up for the task. >> This Message is now sent directly via git, which should hopefully fix the issue. >> >> As I currently don't have any OpenVPN n2n connections, I could not >> fully test this part, however some dry-runs looked rather promising >> >> >> html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ >> 1 file changed, 24 insertions(+) >> >> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi >> index 6daa7fb..e7ee1f3 100644 >> --- a/html/cgi-bin/proxy.cgi >> +++ b/html/cgi-bin/proxy.cgi >> @@ -2738,6 +2738,10 @@ sub write_acls >> >> sub writepacfile >> { >> + my %vpnconfig=(); >> + my %ovpnconfig=(); >> + &General::readhasharray("${General::swroot}/vpn/config", \%vpnconfig); >> + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ovpnconfig); >> open(FILE, ">/srv/web/ipfire/html/proxy.pac"); >> flock(FILE, 2); >> print FILE "function FindProxyForURL(url, host)\n"; >> @@ -2763,6 +2767,26 @@ END >> print FILE " (isInNet(host, \"$netsettings{'ORANGE_NETADDRESS'}\", \"$netsettings{'ORANGE_NETMASK'}\")) ||\n"; >> } >> >> + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) { >> + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') { >> + my @networks = split(/\|/, $vpnconfig{$key}[11]); >> + foreach my $network (@networks) { >> + my ($vpnip, $vpnsub) = split("/", $network); >> + $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub; >> + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; >> + } >> + } >> + } >> + >> + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { >> + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') { >> + my @networks = split(/\|/, $ovpnconfig{$key}[11]); >> + foreach my $network (@networks) { >> + my ($vpnip, $vpnsub) = split("/", $network); >> + print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n"; >> + } >> + } >> + } >> print FILE <> (isInNet(host, "169.254.0.0", "255.255.0.0")) >> ) >> -- >> 1.8.3.1 >> > >