This Patch excludes enabled ipsec/ OpenVPN N2N Subnets from wpad.dat so they don't go through the proxy. I could only test it with ipsec tunnels, however as the code for openvpn is pretty much the same, I included this one as well and some basic tests worked as expected. As I'm not very familiar with Perl, there probably is some room for improvement too.
Regards Oliver
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index c36fc4e..69bfdd4 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -3014,6 +3014,11 @@ sub write_acls
sub writepacfile { + my %vpnconfig=(); + my %ovpnconfig=(); + &General::readhasharray("${General::swroot}/vpn/config", %vpnconfig); + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %ovpnconfig); + open(FILE, ">/srv/web/ipfire/html/proxy.pac"); flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n"; @@ -3039,6 +3044,26 @@ END print FILE " (isInNet(host, "$netsettings{'ORANGE_NETADDRESS'}", "$netsettings{'ORANGE_NETMASK'}")) ||\n"; }
+ foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) { + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') { + my @networks = split(/|/, $vpnconfig{$key}[11]); + foreach my $network (@networks) { + my ($vpnip, $vpnsub) = split("/", $network); + $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub; + print FILE " (isInNet(host, "$vpnip", "$vpnsub")) ||\n"; + } + } + } + + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') { + my @networks = split(/|/, $ovpnconfig{$key}[11]); + foreach my $network (@networks) { + my ($vpnip, $vpnsub) = split("/", $network); + print FILE " (isInNet(host, "$vpnip", "$vpnsub")) ||\n"; + } + } + } print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) ) --
Hello Oliver,
welcome to the list.
Unfortunately the patch has been fragmented by your email program. The lines have been wrapped and the patch won't apply any more. Could you please check the settings of your email program and submit again?
Best, -Michael
On Fri, 2018-04-20 at 23:00 +0200, Oliver Fuhrer wrote:
This Patch excludes enabled ipsec/ OpenVPN N2N Subnets from wpad.dat so they don't go through the proxy. I could only test it with ipsec tunnels, however as the code for openvpn is pretty much the same, I included this one as well and some basic tests worked as expected. As I'm not very familiar with Perl, there probably is some room for improvement too.
Regards Oliver
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index c36fc4e..69bfdd4 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -3014,6 +3014,11 @@ sub write_acls
sub writepacfile {
my %vpnconfig=();
my %ovpnconfig=();
&General::readhasharray("${General::swroot}/vpn/config",
%vpnconfig);
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig",
%ovpnconfig);
open(FILE, ">/srv/web/ipfire/html/proxy.pac"); flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n";
@@ -3039,6 +3044,26 @@ END print FILE " (isInNet(host, "$netsettings{'ORANGE_NETADDRESS'}", "$netsettings{'ORANGE_NETMASK'}"))
\n";
}
foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp
uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne
'host') {
my @networks = split(/\|/, $vpnconfig{$key}[11]);
foreach my $network (@networks) {
my ($vpnip, $vpnsub) = split("/", $network);
$vpnsub =
&Network::convert_prefix2netmask($vpnsub) || $vpnsub;
print FILE " (isInNet(host, \"$vpnip\",
"$vpnsub")) ||\n";
}
}
}
foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp
uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne
'host') {
my @networks = split(/\|/, $ovpnconfig{$key}[11]);
foreach my $network (@networks) {
my ($vpnip, $vpnsub) = split("/",
$network);
print FILE " (isInNet(host, \"$vpnip\",
"$vpnsub")) ||\n";
}
}
)} print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0"))
--
Hello,
Hello Oliver,
welcome to the list.
Unfortunately the patch has been fragmented by your email program. The lines have been wrapped and the patch won't apply any more. Could you please check the settings of your email program and submit again?
In case of Thunderbird, this might be helpful: https://wiki.ipfire.org/devel/send-tb-patches
Best regards, Peter Müller
Best, -Michael
On Fri, 2018-04-20 at 23:00 +0200, Oliver Fuhrer wrote:
This Patch excludes enabled ipsec/ OpenVPN N2N Subnets from wpad.dat so they don't go through the proxy. I could only test it with ipsec tunnels, however as the code for openvpn is pretty much the same, I included this one as well and some basic tests worked as expected. As I'm not very familiar with Perl, there probably is some room for improvement too.
Regards Oliver
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index c36fc4e..69bfdd4 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -3014,6 +3014,11 @@ sub write_acls
sub writepacfile {
my %vpnconfig=();
my %ovpnconfig=();
&General::readhasharray("${General::swroot}/vpn/config",
%vpnconfig);
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig",
%ovpnconfig);
open(FILE, ">/srv/web/ipfire/html/proxy.pac"); flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n";
@@ -3039,6 +3044,26 @@ END print FILE " (isInNet(host, "$netsettings{'ORANGE_NETADDRESS'}", "$netsettings{'ORANGE_NETMASK'}"))
\n";
}
foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp
uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne
'host') {
my @networks = split(/\|/, $vpnconfig{$key}[11]);
foreach my $network (@networks) {
my ($vpnip, $vpnsub) = split("/", $network);
$vpnsub =
&Network::convert_prefix2netmask($vpnsub) || $vpnsub;
print FILE " (isInNet(host, \"$vpnip\",
"$vpnsub")) ||\n";
}
}
}
foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp
uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne
'host') {
my @networks = split(/\|/, $ovpnconfig{$key}[11]);
foreach my $network (@networks) {
my ($vpnip, $vpnsub) = split("/",
$network);
print FILE " (isInNet(host, \"$vpnip\",
"$vpnsub")) ||\n";
}
}
)} print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0"))
--
On Tue, 2018-04-24 at 16:34 +0200, Peter Müller wrote:
Hello,
Hello Oliver,
welcome to the list.
Unfortunately the patch has been fragmented by your email program. The lines have been wrapped and the patch won't apply any more. Could you please check the settings of your email program and submit again?
In case of Thunderbird, this might be helpful: https://wiki.ipfire.org/devel/send-tb-patches
That article is quite hidden. Would you like to change the chapter on the "submitting patches" page so that it is obvious that it has some clues about how to configure an MTA?
-Michael
Best regards, Peter Müller
Best, -Michael
On Fri, 2018-04-20 at 23:00 +0200, Oliver Fuhrer wrote:
This Patch excludes enabled ipsec/ OpenVPN N2N Subnets from wpad.dat so they don't go through the proxy. I could only test it with ipsec tunnels, however as the code for openvpn is pretty much the same, I included this one as well and some basic tests worked as expected. As I'm not very familiar with Perl, there probably is some room for improvement too.
Regards Oliver
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index c36fc4e..69bfdd4 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -3014,6 +3014,11 @@ sub write_acls
sub writepacfile {
my %vpnconfig=();
my %ovpnconfig=();
&General::readhasharray("${General::swroot}/vpn/config",
%vpnconfig);
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig",
%ovpnconfig);
open(FILE, ">/srv/web/ipfire/html/proxy.pac"); flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n";
@@ -3039,6 +3044,26 @@ END print FILE " (isInNet(host, "$netsettings{'ORANGE_NETADDRESS'}", "$netsettings{'ORANGE_NETMASK'}"))
\n";
}
foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp
uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne
'host') {
my @networks = split(/\|/, $vpnconfig{$key}[11]);
foreach my $network (@networks) {
my ($vpnip, $vpnsub) = split("/",
$network);
$vpnsub =
&Network::convert_prefix2netmask($vpnsub) || $vpnsub;
print FILE " (isInNet(host,
"$vpnip", "$vpnsub")) ||\n";
}
}
}
foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp
uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3]
ne 'host') {
my @networks = split(/\|/,
$ovpnconfig{$key}[11]);
foreach my $network (@networks) {
my ($vpnip, $vpnsub) = split("/",
$network);
print FILE " (isInNet(host,
"$vpnip", "$vpnsub")) ||\n";
}
}
)} print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0"))
--