This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n subnets to wpad.dat so they don't pass through the proxy. --- Hi All Apologies for the line-wrapping mess with the previous attempt. Looks like Outlook isn't up for the task. This Message is now sent directly via git, which should hopefully fix the issue.
As I currently don't have any OpenVPN n2n connections, I could not fully test this part, however some dry-runs looked rather promising
html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6daa7fb..e7ee1f3 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -2738,6 +2738,10 @@ sub write_acls
sub writepacfile { + my %vpnconfig=(); + my %ovpnconfig=(); + &General::readhasharray("${General::swroot}/vpn/config", %vpnconfig); + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %ovpnconfig); open(FILE, ">/srv/web/ipfire/html/proxy.pac"); flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n"; @@ -2763,6 +2767,26 @@ END print FILE " (isInNet(host, "$netsettings{'ORANGE_NETADDRESS'}", "$netsettings{'ORANGE_NETMASK'}")) ||\n"; }
+ foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) { + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') { + my @networks = split(/|/, $vpnconfig{$key}[11]); + foreach my $network (@networks) { + my ($vpnip, $vpnsub) = split("/", $network); + $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub; + print FILE " (isInNet(host, "$vpnip", "$vpnsub")) ||\n"; + } + } + } + + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') { + my @networks = split(/|/, $ovpnconfig{$key}[11]); + foreach my $network (@networks) { + my ($vpnip, $vpnsub) = split("/", $network); + print FILE " (isInNet(host, "$vpnip", "$vpnsub")) ||\n"; + } + } + } print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) )
Hi Oliver,
I am afraid I wasn’t able to apply this patch either:
[root@ipfire ipfire-2.x]# pwclient git-am -s 2251 Applying patch #2251 using "git am -s" Description: BUG 11696: VPN Subnets missing from wpad.dat Applying: BUG 11696: VPN Subnets missing from wpad.dat error: patch failed: html/cgi-bin/proxy.cgi:2763 error: html/cgi-bin/proxy.cgi: patch does not apply Patch failed at 0001 BUG 11696: VPN Subnets missing from wpad.dat The copy of the patch that failed is found in: .git/rebase-apply/patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". 'git am' failed with exit status 128
I tried to run a three-way merge, but there is literally a chunk of the file that wasn’t there before it seems.
Did you develop this on top of the next branch or did you add your changes to an older version of the file?
Best, -Michael
On 13 May 2019, at 19:33, Oliver Fuhrer oliver.fuhrer@bluewin.ch wrote:
This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n subnets to wpad.dat so they don't pass through the proxy.
Hi All Apologies for the line-wrapping mess with the previous attempt. Looks like Outlook isn't up for the task. This Message is now sent directly via git, which should hopefully fix the issue.
As I currently don't have any OpenVPN n2n connections, I could not fully test this part, however some dry-runs looked rather promising
html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6daa7fb..e7ee1f3 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -2738,6 +2738,10 @@ sub write_acls
sub writepacfile {
- my %vpnconfig=();
- my %ovpnconfig=();
- &General::readhasharray("${General::swroot}/vpn/config", %vpnconfig);
- &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %ovpnconfig); open(FILE, ">/srv/web/ipfire/html/proxy.pac"); flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n";
@@ -2763,6 +2767,26 @@ END print FILE " (isInNet(host, "$netsettings{'ORANGE_NETADDRESS'}", "$netsettings{'ORANGE_NETMASK'}")) ||\n"; }
- foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') {my @networks = split(/\|/, $vpnconfig{$key}[11]);foreach my $network (@networks) {my ($vpnip, $vpnsub) = split("/", $network);$vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub;print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n";}}- }
- foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') {my @networks = split(/\|/, $ovpnconfig{$key}[11]);foreach my $network (@networks) {my ($vpnip, $vpnsub) = split("/", $network);print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n";}}- } print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) )
-- 1.8.3.1
Hi Michael
Sorry for wasting your time with that patch. The patch was created against master branch which was up to date in my repo. I have now created a new one based on the next branch. Looks like there have been quite some changes to proxy.cgi.
Let me know whether I should give this one a try.
Regards Oliver
-----Original Message----- From: Michael Tremer michael.tremer@ipfire.org Sent: Friday, May 17, 2019 23:33 To: Oliver Fuhrer oliver.fuhrer@bluewin.ch Cc: development@lists.ipfire.org Subject: Re: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat
Hi Oliver,
I am afraid I wasn’t able to apply this patch either:
[root@ipfire ipfire-2.x]# pwclient git-am -s 2251 Applying patch #2251 using "git am -s" Description: BUG 11696: VPN Subnets missing from wpad.dat Applying: BUG 11696: VPN Subnets missing from wpad.dat error: patch failed: html/cgi-bin/proxy.cgi:2763 error: html/cgi-bin/proxy.cgi: patch does not apply Patch failed at 0001 BUG 11696: VPN Subnets missing from wpad.dat The copy of the patch that failed is found in: .git/rebase-apply/patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". 'git am' failed with exit status 128
I tried to run a three-way merge, but there is literally a chunk of the file that wasn’t there before it seems.
Did you develop this on top of the next branch or did you add your changes to an older version of the file?
Best, -Michael
On 13 May 2019, at 19:33, Oliver Fuhrer oliver.fuhrer@bluewin.ch wrote:
This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n subnets to wpad.dat so they don't pass through the proxy.
Hi All Apologies for the line-wrapping mess with the previous attempt. Looks like Outlook isn't up for the task. This Message is now sent directly via git, which should hopefully fix the issue.
As I currently don't have any OpenVPN n2n connections, I could not fully test this part, however some dry-runs looked rather promising
html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6daa7fb..e7ee1f3 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -2738,6 +2738,10 @@ sub write_acls
sub writepacfile {
- my %vpnconfig=();
- my %ovpnconfig=();
- &General::readhasharray("${General::swroot}/vpn/config", %vpnconfig);
- &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %ovpnconfig); open(FILE, ">/srv/web/ipfire/html/proxy.pac"); flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n";
@@ -2763,6 +2767,26 @@ END print FILE " (isInNet(host, "$netsettings{'ORANGE_NETADDRESS'}", "$netsettings{'ORANGE_NETMASK'}")) ||\n"; }
- foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') {my @networks = split(/\|/, $vpnconfig{$key}[11]);foreach my $network (@networks) {my ($vpnip, $vpnsub) = split("/", $network);$vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub;print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n";}}- }
- foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') {my @networks = split(/\|/, $ovpnconfig{$key}[11]);foreach my $network (@networks) {my ($vpnip, $vpnsub) = split("/", $network);print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n";}}- } print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) )
-- 1.8.3.1
Hi Oliver,
On 18 May 2019, at 00:50, Oliver Fuhrer oliver.fuhrer@bluewin.ch wrote:
Hi Michael
Sorry for wasting your time with that patch.
LOL No worries. The main thing is we are getting this right.
The good news is that it applied. There were just genuine conflicts with the other changes.
The patch was created against master branch which was up to date in my repo. I have now created a new one based on the next branch. Looks like there have been quite some changes to proxy.cgi.
Let me know whether I should give this one a try.
If you have applied your changes to the new version of the file and tested them, you can send a third version of the file.
Best, -Michael
Regards Oliver
-----Original Message----- From: Michael Tremer michael.tremer@ipfire.org Sent: Friday, May 17, 2019 23:33 To: Oliver Fuhrer oliver.fuhrer@bluewin.ch Cc: development@lists.ipfire.org Subject: Re: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat
Hi Oliver,
I am afraid I wasn’t able to apply this patch either:
[root@ipfire ipfire-2.x]# pwclient git-am -s 2251 Applying patch #2251 using "git am -s" Description: BUG 11696: VPN Subnets missing from wpad.dat Applying: BUG 11696: VPN Subnets missing from wpad.dat error: patch failed: html/cgi-bin/proxy.cgi:2763 error: html/cgi-bin/proxy.cgi: patch does not apply Patch failed at 0001 BUG 11696: VPN Subnets missing from wpad.dat The copy of the patch that failed is found in: .git/rebase-apply/patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". 'git am' failed with exit status 128
I tried to run a three-way merge, but there is literally a chunk of the file that wasn’t there before it seems.
Did you develop this on top of the next branch or did you add your changes to an older version of the file?
Best, -Michael
On 13 May 2019, at 19:33, Oliver Fuhrer oliver.fuhrer@bluewin.ch wrote:
This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n subnets to wpad.dat so they don't pass through the proxy.
Hi All Apologies for the line-wrapping mess with the previous attempt. Looks like Outlook isn't up for the task. This Message is now sent directly via git, which should hopefully fix the issue.
As I currently don't have any OpenVPN n2n connections, I could not fully test this part, however some dry-runs looked rather promising
html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6daa7fb..e7ee1f3 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -2738,6 +2738,10 @@ sub write_acls
sub writepacfile {
- my %vpnconfig=();
- my %ovpnconfig=();
- &General::readhasharray("${General::swroot}/vpn/config", %vpnconfig);
- &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %ovpnconfig); open(FILE, ">/srv/web/ipfire/html/proxy.pac"); flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n";
@@ -2763,6 +2767,26 @@ END print FILE " (isInNet(host, "$netsettings{'ORANGE_NETADDRESS'}", "$netsettings{'ORANGE_NETMASK'}")) ||\n"; }
- foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') {my @networks = split(/\|/, $vpnconfig{$key}[11]);foreach my $network (@networks) {my ($vpnip, $vpnsub) = split("/", $network);$vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub;print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n";}}- }
- foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') {my @networks = split(/\|/, $ovpnconfig{$key}[11]);foreach my $network (@networks) {my ($vpnip, $vpnsub) = split("/", $network);print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n";}}- } print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) )
-- 1.8.3.1
Hi Michael
Hi Oliver,
On 18 May 2019, at 00:50, Oliver Fuhrer oliver.fuhrer@bluewin.ch wrote:
Hi Michael
Sorry for wasting your time with that patch.
LOL No worries. The main thing is we are getting this right.
The good news is that it applied. There were just genuine conflicts with the other changes.
The patch was created against master branch which was up to date in my
repo.
I have now created a new one based on the next branch. Looks like there
have been quite some changes to proxy.cgi.
Let me know whether I should give this one a try.
If you have applied your changes to the new version of the file and tested them, you can send a third version of the file.
Thanks, I just sent in another version of the patch which was created against next branch and tested it on a fresh build.
Regards Oliver
Best, -Michael
Regards Oliver
-----Original Message----- From: Michael Tremer michael.tremer@ipfire.org Sent: Friday, May 17, 2019 23:33 To: Oliver Fuhrer oliver.fuhrer@bluewin.ch Cc: development@lists.ipfire.org Subject: Re: [PATCH] BUG 11696: VPN Subnets missing from wpad.dat
Hi Oliver,
I am afraid I wasn’t able to apply this patch either:
[root@ipfire ipfire-2.x]# pwclient git-am -s 2251 Applying patch #2251 using "git am -s" Description: BUG 11696: VPN Subnets missing from wpad.dat Applying: BUG 11696: VPN Subnets missing from wpad.dat error: patch failed: html/cgi-bin/proxy.cgi:2763 error: html/cgi-bin/proxy.cgi: patch does not apply Patch failed at 0001 BUG 11696: VPN Subnets missing from wpad.dat The copy of the patch that failed is found in: .git/rebase-apply/patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort". 'git am' failed with exit status 128
I tried to run a three-way merge, but there is literally a chunk of the file
that wasn’t there before it seems.
Did you develop this on top of the next branch or did you add your changes
to an older version of the file?
Best, -Michael
On 13 May 2019, at 19:33, Oliver Fuhrer oliver.fuhrer@bluewin.ch
wrote:
This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n subnets to wpad.dat so they don't pass through the proxy.
Hi All Apologies for the line-wrapping mess with the previous attempt. Looks like Outlook isn't up for the task. This Message is now sent directly via git, which should hopefully fix the
issue.
As I currently don't have any OpenVPN n2n connections, I could not fully test this part, however some dry-runs looked rather promising
html/cgi-bin/proxy.cgi | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 6daa7fb..e7ee1f3 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -2738,6 +2738,10 @@ sub write_acls
sub writepacfile {
- my %vpnconfig=();
- my %ovpnconfig=();
- &General::readhasharray("${General::swroot}/vpn/config",
%vpnconfig);
- &General::readhasharray("${General::swroot}/ovpn/ovpnconfig",
%ovpnconfig);
open(FILE, ">/srv/web/ipfire/html/proxy.pac"); flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n"; @@ -2763,6 +2767,26 @@ END print FILE " (isInNet(host,
"$netsettings{'ORANGE_NETADDRESS'}", "$netsettings{'ORANGE_NETMASK'}")) ||\n";
}
- foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp
uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne'host') {
my @networks = split(/\|/, $vpnconfig{$key}[11]);foreach my $network (@networks) {my ($vpnip, $vpnsub) = split("/", $network);$vpnsub =&Network::convert_prefix2netmask($vpnsub) || $vpnsub;
print FILE " (isInNet(host, \"$vpnip\","$vpnsub")) ||\n";
}}- }
- foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp
uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne'host') {
my @networks = split(/\|/, $ovpnconfig{$key}[11]);foreach my $network (@networks) {my ($vpnip, $vpnsub) = split("/", $network);print FILE " (isInNet(host, \"$vpnip\","$vpnsub")) ||\n";
}}- } print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) )
-- 1.8.3.1
-
Michael Tremer -
Oliver Fuhrer