From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH v2] BUG 11696: VPN Subnets missing from wpad.dat Date: Mon, 20 May 2019 22:48:58 +0100 Message-ID: In-Reply-To: <000801d50f21$09225500$1b66ff00$@bluewin.ch> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3096965044329126500==" List-Id: --===============3096965044329126500== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Yes please. It would be great to have this all coming in one patchset in the future. That= keeps noise on the list down and allows us to review the whole thing in one = go. Are you planning to move this into a function that you will call from the var= ious CGI files? -Michael > On 20 May 2019, at 16:31, Oliver Fuhrer wrote: >=20 > Hi Michael, > You're welcome. > I have been poking around in vpnmain.cgi and ovpnmain.cgi to automatically = update the wpad.dat file upon tunnel add/delete/enable/disable. > Should I send this one as feature? >=20 > Regards > Oliver >=20 >>=20 >> Hi, >>=20 >> Thank you for rebasing this patch. It applies and is merged! >>=20 >> -Michael >>=20 >>> On 19 May 2019, at 14:30, Oliver Fuhrer wrot= e: >>>=20 >>> This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n >> subnets to wpad.dat so they don't pass through the proxy. >>> --- >>> Hi List, >>> New version of the patch, this one has been created against next branch >> and successfully tested on a fresh build. >>>=20 >>> Regards >>> Oliver >>>=20 >>> html/cgi-bin/proxy.cgi | 25 +++++++++++++++++++++++++ >>> 1 file changed, 25 insertions(+) >>>=20 >>> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi >>> index 91e4fce..b639640 100644 >>> --- a/html/cgi-bin/proxy.cgi >>> +++ b/html/cgi-bin/proxy.cgi >>> @@ -2848,6 +2848,10 @@ sub write_acls >>>=20 >>> sub writepacfile >>> { >>> + my %vpnconfig=3D(); >>> + my %ovpnconfig=3D(); >>> + &General::readhasharray("${General::swroot}/vpn/config", >> \%vpnconfig); >>> + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", >> \%ovpnconfig); >>> open(FILE, ">/srv/web/ipfire/html/proxy.pac"); >>> flock(FILE, 2); >>> print FILE "function FindProxyForURL(url, host)\n"; >>> @@ -2910,6 +2914,27 @@ END >>> } >>> } >>>=20 >>> + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp >> uc($vpnconfig{$b}[1]) } keys %vpnconfig) { >>> + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne >> 'host') { >>> + my @networks =3D split(/\|/, $vpnconfig{$key}[11]); >>> + foreach my $network (@networks) { >>> + my ($vpnip, $vpnsub) =3D split("/", $network); >>> + $vpnsub =3D >> &Network::convert_prefix2netmask($vpnsub) || $vpnsub; >>> + print FILE " (isInNet(host, \"$vpnip\", >> \"$vpnsub\")) ||\n"; >>> + } >>> + } >>> + } >>> + >>> + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp >> uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { >>> + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne >> 'host') { >>> + my @networks =3D split(/\|/, $ovpnconfig{$key}[11]); >>> + foreach my $network (@networks) { >>> + my ($vpnip, $vpnsub) =3D split("/", $network); >>> + print FILE " (isInNet(host, \"$vpnip\", >> \"$vpnsub\")) ||\n"; >>> + } >>> + } >>> + } >>> + >>> print FILE <>> (isInNet(host, "169.254.0.0", "255.255.0.0")) >>> ) >>> -- >>> 1.8.3.1 >>>=20 >=20 >=20 --===============3096965044329126500==--