Re: [PATCH v2] BUG 11696: VPN Subnets missing from wpad.dat

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 3004 bytes --]

Yes please.

It would be great to have this all coming in one patchset in the future. That keeps noise on the list down and allows us to review the whole thing in one go.

Are you planning to move this into a function that you will call from the various CGI files?

-Michael

> On 20 May 2019, at 16:31, Oliver Fuhrer <oliver.fuhrer(a)bluewin.ch> wrote:
> 
> Hi Michael,
> You're welcome.
> I have been poking around in vpnmain.cgi and ovpnmain.cgi to automatically update the wpad.dat file upon tunnel add/delete/enable/disable.
> Should I send this one as feature?
> 
> Regards
> Oliver
> 
>> 
>> Hi,
>> 
>> Thank you for rebasing this patch. It applies and is merged!
>> 
>> -Michael
>> 
>>> On 19 May 2019, at 14:30, Oliver Fuhrer <oliver.fuhrer(a)bluewin.ch> wrote:
>>> 
>>> This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n
>> subnets to wpad.dat so they don't pass through the proxy.
>>> ---
>>> Hi List,
>>> New version of the patch, this one has been created against next branch
>> and successfully tested on a fresh build.
>>> 
>>> Regards
>>> Oliver
>>> 
>>> html/cgi-bin/proxy.cgi | 25 +++++++++++++++++++++++++
>>> 1 file changed, 25 insertions(+)
>>> 
>>> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
>>> index 91e4fce..b639640 100644
>>> --- a/html/cgi-bin/proxy.cgi
>>> +++ b/html/cgi-bin/proxy.cgi
>>> @@ -2848,6 +2848,10 @@ sub write_acls
>>> 
>>> sub writepacfile
>>> {
>>> +	my %vpnconfig=();
>>> +	my %ovpnconfig=();
>>> +	&General::readhasharray("${General::swroot}/vpn/config",
>> \%vpnconfig);
>>> +	&General::readhasharray("${General::swroot}/ovpn/ovpnconfig",
>> \%ovpnconfig);
>>> 	open(FILE, ">/srv/web/ipfire/html/proxy.pac");
>>> 	flock(FILE, 2);
>>> 	print FILE "function FindProxyForURL(url, host)\n";
>>> @@ -2910,6 +2914,27 @@ END
>>> 		}
>>> 	}
>>> 
>>> +	foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp
>> uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
>>> +		if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne
>> 'host') {
>>> +			my @networks = split(/\|/, $vpnconfig{$key}[11]);
>>> +			foreach my $network (@networks) {
>>> +				my ($vpnip, $vpnsub) = split("/", $network);
>>> +				$vpnsub =
>> &Network::convert_prefix2netmask($vpnsub) || $vpnsub;
>>> +				print FILE "     (isInNet(host, \"$vpnip\",
>> \"$vpnsub\")) ||\n";
>>> +			}
>>> +		}
>>> +	}
>>> +
>>> +	foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp
>> uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
>>> +		if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne
>> 'host') {
>>> +			my @networks = split(/\|/, $ovpnconfig{$key}[11]);
>>> +			foreach my $network (@networks) {
>>> +				my ($vpnip, $vpnsub) = split("/", $network);
>>> +				print FILE "     (isInNet(host, \"$vpnip\",
>> \"$vpnsub\")) ||\n";
>>> +			}
>>> +		}
>>> +	}
>>> +
>>> 	print FILE <<END
>>>     (isInNet(host, "169.254.0.0", "255.255.0.0"))
>>>   )
>>> --
>>> 1.8.3.1
>>> 
> 
>