This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n subnets to wpad.dat so they don't pass through the proxy. --- Hi List, New version of the patch, this one has been created against next branch and successfully tested on a fresh build.
Regards Oliver
html/cgi-bin/proxy.cgi | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 91e4fce..b639640 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -2848,6 +2848,10 @@ sub write_acls
sub writepacfile { + my %vpnconfig=(); + my %ovpnconfig=(); + &General::readhasharray("${General::swroot}/vpn/config", %vpnconfig); + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %ovpnconfig); open(FILE, ">/srv/web/ipfire/html/proxy.pac"); flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n"; @@ -2910,6 +2914,27 @@ END } }
+ foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) { + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') { + my @networks = split(/|/, $vpnconfig{$key}[11]); + foreach my $network (@networks) { + my ($vpnip, $vpnsub) = split("/", $network); + $vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub; + print FILE " (isInNet(host, "$vpnip", "$vpnsub")) ||\n"; + } + } + } + + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') { + my @networks = split(/|/, $ovpnconfig{$key}[11]); + foreach my $network (@networks) { + my ($vpnip, $vpnsub) = split("/", $network); + print FILE " (isInNet(host, "$vpnip", "$vpnsub")) ||\n"; + } + } + } + print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) )
Hi,
Thank you for rebasing this patch. It applies and is merged!
-Michael
On 19 May 2019, at 14:30, Oliver Fuhrer oliver.fuhrer@bluewin.ch wrote:
This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n subnets to wpad.dat so they don't pass through the proxy.
Hi List, New version of the patch, this one has been created against next branch and successfully tested on a fresh build.
Regards Oliver
html/cgi-bin/proxy.cgi | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 91e4fce..b639640 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -2848,6 +2848,10 @@ sub write_acls
sub writepacfile {
- my %vpnconfig=();
- my %ovpnconfig=();
- &General::readhasharray("${General::swroot}/vpn/config", %vpnconfig);
- &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", %ovpnconfig); open(FILE, ">/srv/web/ipfire/html/proxy.pac"); flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n";
@@ -2910,6 +2914,27 @@ END } }
- foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne 'host') {my @networks = split(/\|/, $vpnconfig{$key}[11]);foreach my $network (@networks) {my ($vpnip, $vpnsub) = split("/", $network);$vpnsub = &Network::convert_prefix2netmask($vpnsub) || $vpnsub;print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n";}}- }
- foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne 'host') {my @networks = split(/\|/, $ovpnconfig{$key}[11]);foreach my $network (@networks) {my ($vpnip, $vpnsub) = split("/", $network);print FILE " (isInNet(host, \"$vpnip\", \"$vpnsub\")) ||\n";}}- }
- print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) )
-- 1.8.3.1
Hi Michael, You're welcome. I have been poking around in vpnmain.cgi and ovpnmain.cgi to automatically update the wpad.dat file upon tunnel add/delete/enable/disable. Should I send this one as feature?
Regards Oliver
Hi,
Thank you for rebasing this patch. It applies and is merged!
-Michael
On 19 May 2019, at 14:30, Oliver Fuhrer oliver.fuhrer@bluewin.ch wrote:
This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n
subnets to wpad.dat so they don't pass through the proxy.
Hi List, New version of the patch, this one has been created against next branch
and successfully tested on a fresh build.
Regards Oliver
html/cgi-bin/proxy.cgi | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 91e4fce..b639640 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -2848,6 +2848,10 @@ sub write_acls
sub writepacfile {
- my %vpnconfig=();
- my %ovpnconfig=();
- &General::readhasharray("${General::swroot}/vpn/config",
%vpnconfig);
- &General::readhasharray("${General::swroot}/ovpn/ovpnconfig",
%ovpnconfig);
open(FILE, ">/srv/web/ipfire/html/proxy.pac"); flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n"; @@ -2910,6 +2914,27 @@ END } }
- foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp
uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne'host') {
my @networks = split(/\|/, $vpnconfig{$key}[11]);foreach my $network (@networks) {my ($vpnip, $vpnsub) = split("/", $network);$vpnsub =&Network::convert_prefix2netmask($vpnsub) || $vpnsub;
print FILE " (isInNet(host, \"$vpnip\","$vpnsub")) ||\n";
}}- }
- foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp
uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne'host') {
my @networks = split(/\|/, $ovpnconfig{$key}[11]);foreach my $network (@networks) {my ($vpnip, $vpnsub) = split("/", $network);print FILE " (isInNet(host, \"$vpnip\","$vpnsub")) ||\n";
}}- }
- print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) )
-- 1.8.3.1
Yes please.
It would be great to have this all coming in one patchset in the future. That keeps noise on the list down and allows us to review the whole thing in one go.
Are you planning to move this into a function that you will call from the various CGI files?
-Michael
On 20 May 2019, at 16:31, Oliver Fuhrer oliver.fuhrer@bluewin.ch wrote:
Hi Michael, You're welcome. I have been poking around in vpnmain.cgi and ovpnmain.cgi to automatically update the wpad.dat file upon tunnel add/delete/enable/disable. Should I send this one as feature?
Regards Oliver
Hi,
Thank you for rebasing this patch. It applies and is merged!
-Michael
On 19 May 2019, at 14:30, Oliver Fuhrer oliver.fuhrer@bluewin.ch wrote:
This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n
subnets to wpad.dat so they don't pass through the proxy.
Hi List, New version of the patch, this one has been created against next branch
and successfully tested on a fresh build.
Regards Oliver
html/cgi-bin/proxy.cgi | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 91e4fce..b639640 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -2848,6 +2848,10 @@ sub write_acls
sub writepacfile {
- my %vpnconfig=();
- my %ovpnconfig=();
- &General::readhasharray("${General::swroot}/vpn/config",
%vpnconfig);
- &General::readhasharray("${General::swroot}/ovpn/ovpnconfig",
%ovpnconfig);
open(FILE, ">/srv/web/ipfire/html/proxy.pac"); flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n"; @@ -2910,6 +2914,27 @@ END } }
- foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp
uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne'host') {
my @networks = split(/\|/, $vpnconfig{$key}[11]);foreach my $network (@networks) {my ($vpnip, $vpnsub) = split("/", $network);$vpnsub =&Network::convert_prefix2netmask($vpnsub) || $vpnsub;
print FILE " (isInNet(host, \"$vpnip\","$vpnsub")) ||\n";
}}- }
- foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp
uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne'host') {
my @networks = split(/\|/, $ovpnconfig{$key}[11]);foreach my $network (@networks) {my ($vpnip, $vpnsub) = split("/", $network);print FILE " (isInNet(host, \"$vpnip\","$vpnsub")) ||\n";
}}- }
- print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) )
-- 1.8.3.1
Hi Michael
Yes please.
It would be great to have this all coming in one patchset in the future. That keeps noise on the list down and allows us to review the whole thing in one go.
OK, I'll then combine this enhancement patch with a fix for Bug #11047 and some code improvement for #11614, however it might take a couple of days until this ready to be sent.
Are you planning to move this into a function that you will call from the various CGI files?
I had a look at the code and I think, I hopefully got it right by moving my code to general-functions.pl
Oliver
-Michael
On 20 May 2019, at 16:31, Oliver Fuhrer oliver.fuhrer@bluewin.ch wrote:
Hi Michael, You're welcome. I have been poking around in vpnmain.cgi and ovpnmain.cgi to
automatically update the wpad.dat file upon tunnel add/delete/enable/disable.
Should I send this one as feature?
Regards Oliver
Hi,
Thank you for rebasing this patch. It applies and is merged!
-Michael
On 19 May 2019, at 14:30, Oliver Fuhrer oliver.fuhrer@bluewin.ch
wrote:
This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n
subnets to wpad.dat so they don't pass through the proxy.
Hi List, New version of the patch, this one has been created against next branch
and successfully tested on a fresh build.
Regards Oliver
html/cgi-bin/proxy.cgi | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 91e4fce..b639640 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -2848,6 +2848,10 @@ sub write_acls
sub writepacfile {
- my %vpnconfig=();
- my %ovpnconfig=();
- &General::readhasharray("${General::swroot}/vpn/config",
%vpnconfig);
- &General::readhasharray("${General::swroot}/ovpn/ovpnconfig",
%ovpnconfig);
open(FILE, ">/srv/web/ipfire/html/proxy.pac"); flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n"; @@ -2910,6 +2914,27 @@ END } }
- foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp
uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne'host') {
my @networks = split(/\|/, $vpnconfig{$key}[11]);foreach my $network (@networks) {my ($vpnip, $vpnsub) = split("/", $network);$vpnsub =&Network::convert_prefix2netmask($vpnsub) || $vpnsub;
print FILE " (isInNet(host, \"$vpnip\","$vpnsub")) ||\n";
}}- }
- foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp
uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne'host') {
my @networks = split(/\|/, $ovpnconfig{$key}[11]);foreach my $network (@networks) {my ($vpnip, $vpnsub) = split("/", $network);print FILE " (isInNet(host, \"$vpnip\","$vpnsub")) ||\n";
}}- }
- print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0")) )
-- 1.8.3.1
Do you have a dev account and yet?
Do you want one to have your Git repos on git.ipfire.org?
-Michael
On 22 May 2019, at 20:52, Oliver Fuhrer oliver.fuhrer@bluewin.ch wrote:
Hi Michael
Yes please.
It would be great to have this all coming in one patchset in the future. That keeps noise on the list down and allows us to review the whole thing in one go.
OK, I'll then combine this enhancement patch with a fix for Bug #11047 and some code improvement for #11614, however it might take a couple of days until this ready to be sent.
Are you planning to move this into a function that you will call from the various CGI files?
I had a look at the code and I think, I hopefully got it right by moving my code to general-functions.pl
Oliver
-Michael
On 20 May 2019, at 16:31, Oliver Fuhrer oliver.fuhrer@bluewin.ch wrote:
Hi Michael, You're welcome. I have been poking around in vpnmain.cgi and ovpnmain.cgi to
automatically update the wpad.dat file upon tunnel add/delete/enable/disable.
Should I send this one as feature?
Regards Oliver
Hi,
Thank you for rebasing this patch. It applies and is merged!
-Michael
On 19 May 2019, at 14:30, Oliver Fuhrer oliver.fuhrer@bluewin.ch
wrote:
This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n
subnets to wpad.dat so they don't pass through the proxy.
Hi List, New version of the patch, this one has been created against next branch
and successfully tested on a fresh build.
Regards Oliver
html/cgi-bin/proxy.cgi | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 91e4fce..b639640 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -2848,6 +2848,10 @@ sub write_acls
sub writepacfile {
- my %vpnconfig=();
- my %ovpnconfig=();
- &General::readhasharray("${General::swroot}/vpn/config",
%vpnconfig);
- &General::readhasharray("${General::swroot}/ovpn/ovpnconfig",
%ovpnconfig);
open(FILE, ">/srv/web/ipfire/html/proxy.pac"); flock(FILE, 2); print FILE "function FindProxyForURL(url, host)\n"; @@ -2910,6 +2914,27 @@ END } }
- foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp
uc($vpnconfig{$b}[1]) } keys %vpnconfig) {
if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne'host') {
my @networks = split(/\|/, $vpnconfig{$key}[11]);foreach my $network (@networks) {my ($vpnip, $vpnsub) = split("/", $network);$vpnsub =&Network::convert_prefix2netmask($vpnsub) || $vpnsub;
print FILE " (isInNet(host, \"$vpnip\","$vpnsub")) ||\n";
}}- }
- foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp
uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) {
if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne'host') {
my @networks = split(/\|/, $ovpnconfig{$key}[11]);foreach my $network (@networks) {my ($vpnip, $vpnsub) = split("/", $network);print FILE " (isInNet(host, \"$vpnip\","$vpnsub")) ||\n";
}}- }
- print FILE <<END (isInNet(host, "169.254.0.0", "255.255.0.0"))
)
1.8.3.1
-
Michael Tremer -
Oliver Fuhrer