This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via bd54ff030eee920be813de64e8b4ffec8d57315b (commit)
via e2429e8d3452e39128a8c8f2806b97314f9c9470 (commit)
via ac87f37110a5cfb41ed65c1b2b83cd3d340ce125 (commit)
via df9b48b753cb84e8bd5a338c593202e9aaf1d07f (commit)
from 1e0419c8da24544cbadf03f7eadb320cec41e675 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit bd54ff030eee920be813de64e8b4ffec8d57315b
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Nov 28 20:25:28 2012 +0100
Update translations.
commit e2429e8d3452e39128a8c8f2806b97314f9c9470
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Mon Nov 26 13:13:16 2012 +0100
OpenVPN ccd: created subnet checkfunction in general_functions, because ipsec needs this too!
This should prevent ipsec Hosts/Nets to have same ip addresses than openvpn Hosts/Nets
commit ac87f37110a5cfb41ed65c1b2b83cd3d340ce125
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Tue Nov 27 14:48:33 2012 +0100
OpenVPN ccd: fixed counter in static networks. Only 63 hosts are possible in /24 subnet Now IP-Range begins with ".2"
commit df9b48b753cb84e8bd5a338c593202e9aaf1d07f
Author: Alexander Marx <amarx(a)ipfire.org>
Date: Tue Nov 27 12:40:36 2012 +0100
OpenVPN ccd: added alphanumeric sort of static networks and under ROUTING, NONE is selected if no route is specified
-----------------------------------------------------------------------
Summary of changes:
config/cfgroot/general-functions.pl | 79 +++++++++++++++++++++++++++++++++++++
doc/language_issues.es | 1 +
doc/language_issues.fr | 1 +
doc/language_issues.pl | 1 +
doc/language_issues.ru | 1 +
doc/language_missings | 4 ++
html/cgi-bin/ovpnmain.cgi | 60 ++++++++++++++--------------
langs/de/cgi-bin/de.pl | 1 +
langs/en/cgi-bin/en.pl | 1 +
9 files changed, 118 insertions(+), 31 deletions(-)
Difference in files:
diff --git a/config/cfgroot/general-functions.pl b/config/cfgroot/general-functions.pl
index 6055567..c14f990 100644
--- a/config/cfgroot/general-functions.pl
+++ b/config/cfgroot/general-functions.pl
@@ -399,6 +399,85 @@ sub validipandmask
return 0;
}
+sub checksubnets
+{
+
+ my %ccdconfhash=();
+ my @ccdconf=();
+ my $ccdname=$_[0];
+ my $ccdnet=$_[1];
+ my $errormessage;
+ my ($ip,$cidr)=split(/\//,$ccdnet);
+ $cidr=&iporsubtocidr($cidr);
+
+
+ #get OVPN-Subnet (dynamic range)
+ my %ovpnconf=();
+ &readhash("${General::swroot}/ovpn/settings", \%ovpnconf);
+ my ($ovpnip,$ovpncidr)= split (/\//,$ovpnconf{'DOVPN_SUBNET'});
+ $ovpncidr=&iporsubtocidr($ovpncidr);
+
+ #check if we try to use same network as ovpn server
+ if ("$ip/$cidr" eq "$ovpnip/$ovpncidr") {
+ $errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."<br>";
+ return $errormessage;
+ }
+
+ #check if we use a network-name/subnet that already exists
+ &readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
+ foreach my $key (keys %ccdconfhash) {
+ @ccdconf=split(/\//,$ccdconfhash{$key}[1]);
+ if ($ccdname eq $ccdconfhash{$key}[0])
+ {
+ $errormessage=$errormessage.$Lang::tr{'ccd err nameexist'}."<br>";
+ return $errormessage;
+ }
+ my ($newip,$newsub) = split(/\//,$ccdnet);
+ if (&IpInSubnet($newip,$ccdconf[0],&iporsubtodec($ccdconf[1])))
+ {
+ $errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."<br>";
+ return $errormessage;
+ }
+
+ }
+ #check if we use a name which is already used by ovpn
+
+
+
+
+
+ #check if we use a ipsec right network which is already defined
+ my %ipsecconf=();
+ &General::readhasharray("${General::swroot}/vpn/config", \%ipsecconf);
+ foreach my $key (keys %ipsecconf){
+ if ($ipsecconf{$key}[11] ne ''){
+ #$errormessage="DRIN!";
+ #return $errormessage;
+
+ my ($ipsecip,$ipsecsub) = split (/\//, $ipsecconf{$key}[11]);
+ $ipsecsub=&iporsubtodec($ipsecsub);
+
+ if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){
+ $errormessage=$Lang::tr{'ccd err isipsecnet'}." Name: $ipsecconf{$key}[2]";
+ return $errormessage;
+ }
+ }
+ }
+
+
+ #check if we use one of ipfire's networks (green,orange,blue)
+ my %ownnet=();
+ &readhash("${General::swroot}/ethernet/settings", \%ownnet);
+ if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;}
+ if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;}
+ if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;}
+ if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'RED_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;}
+
+
+
+}
+
+
sub validport
{
$_ = $_[0];
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 3cd95a8..eca067d 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -514,6 +514,7 @@ WARNING: untranslated string: ccd err inuse
WARNING: untranslated string: ccd err invalidname
WARNING: untranslated string: ccd err invalidnet
WARNING: untranslated string: ccd err irouteexist
+WARNING: untranslated string: ccd err isipsecnet
WARNING: untranslated string: ccd err isovpnnet
WARNING: untranslated string: ccd err issubnet
WARNING: untranslated string: ccd err name
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 406c422..91beb6f 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -513,6 +513,7 @@ WARNING: untranslated string: ccd err inuse
WARNING: untranslated string: ccd err invalidname
WARNING: untranslated string: ccd err invalidnet
WARNING: untranslated string: ccd err irouteexist
+WARNING: untranslated string: ccd err isipsecnet
WARNING: untranslated string: ccd err isovpnnet
WARNING: untranslated string: ccd err issubnet
WARNING: untranslated string: ccd err name
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 3cd95a8..eca067d 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -514,6 +514,7 @@ WARNING: untranslated string: ccd err inuse
WARNING: untranslated string: ccd err invalidname
WARNING: untranslated string: ccd err invalidnet
WARNING: untranslated string: ccd err irouteexist
+WARNING: untranslated string: ccd err isipsecnet
WARNING: untranslated string: ccd err isovpnnet
WARNING: untranslated string: ccd err issubnet
WARNING: untranslated string: ccd err name
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index a6efe4d..e36449a 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -505,6 +505,7 @@ WARNING: untranslated string: ccd err inuse
WARNING: untranslated string: ccd err invalidname
WARNING: untranslated string: ccd err invalidnet
WARNING: untranslated string: ccd err irouteexist
+WARNING: untranslated string: ccd err isipsecnet
WARNING: untranslated string: ccd err isovpnnet
WARNING: untranslated string: ccd err issubnet
WARNING: untranslated string: ccd err name
diff --git a/doc/language_missings b/doc/language_missings
index 9b7400e..83fbf90 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -26,6 +26,7 @@
< ccd err invalidnet
< ccd err iroute
< ccd err irouteexist
+< ccd err isipsecnet
< ccd err isovpnnet
< ccd err issubnet
< ccd err name
@@ -147,6 +148,7 @@
< ccd err invalidnet
< ccd err iroute
< ccd err irouteexist
+< ccd err isipsecnet
< ccd err isovpnnet
< ccd err issubnet
< ccd err name
@@ -259,6 +261,7 @@
< ccd err invalidnet
< ccd err iroute
< ccd err irouteexist
+< ccd err isipsecnet
< ccd err isovpnnet
< ccd err issubnet
< ccd err name
@@ -348,6 +351,7 @@
< ccd err invalidnet
< ccd err iroute
< ccd err irouteexist
+< ccd err isipsecnet
< ccd err isovpnnet
< ccd err issubnet
< ccd err name
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index 3c090b0..cd13a14 100755
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -64,6 +64,10 @@ my $warnmessage = '';
my $errormessage = '';
my %settings=();
my $routes_push_file = '';
+my $confighost="${General::swroot}/fwhosts/customhosts";
+my $configgrp="${General::swroot}/fwhosts/customgroups";
+my $customnet="${General::swroot}/fwhosts/customnetworks";
+my $name;
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
$cgiparams{'ENABLED'} = 'off';
$cgiparams{'ENABLED_BLUE'} = 'off';
@@ -493,7 +497,6 @@ sub addccdnet
my @ccdconf=();
my $ccdname=$_[0];
my $ccdnet=$_[1];
- my $ovpnsubnet=$_[2];
my $subcidr;
my @ip2=();
my $checkup;
@@ -528,29 +531,8 @@ sub addccdnet
return;
}
+ $errormessage=&General::checksubnets($ccdname,$ccdnet);
- #check if we try to use same network as ovpn server
- if (&General::iporsubtocidr($ccdnet) eq &General::iporsubtocidr($ovpnsubnet)) {
- $errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."<br>";
- }
-
- #check if we use a name/subnet that already exists
- &General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
- foreach my $key (keys %ccdconfhash) {
- @ccdconf=split(/\//,$ccdconfhash{$key}[1]);
- if ($ccdname eq $ccdconfhash{$key}[0]) {$errormessage=$errormessage.$Lang::tr{'ccd err nameexist'}."<br>";}
- my ($newip,$newsub) = split(/\//,$ccdnet);
- if (&General::IpInSubnet($newip,$ccdconf[0],&General::iporsubtodec($ccdconf[1]))) {$errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."<br>";}
-
- }
- #check if we use one of ipfire's networks (green,orange,blue)
- my %ownnet=();
- &General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
- if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err green'};}
- if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err orange'};}
- if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err blue'};}
- if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'RED_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err red'};}
-
if (!$errormessage) {
my %ccdconfhash=();
@@ -631,7 +613,7 @@ sub getccdadresses
my %ccdhash=();
&General::readhasharray("${General::swroot}/ovpn/ovpnconfig", \%ccdhash);
$iprange[0]=$ip1.".".$ip2.".".$ip3.".".2;
- for (my $i=0;$i<=$count-1;$i++) {
+ for (my $i=1;$i<=$count;$i++) {
my $tmpip=$iprange[$i-1];
my $stepper=$i*4;
$iprange[$i]= &General::getnextip($tmpip,4);
@@ -2584,7 +2566,7 @@ END
}
if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) {
- &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'},$cgiparams{'DOVPN_SUBNET'});
+ &addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'});
}
if ($errormessage) {
&Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
@@ -2651,7 +2633,7 @@ END
&General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
my @ccdconf=();
my $count=0;
- foreach my $key (keys %ccdconfhash) {
+ foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
@ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
$count++;
my $ccdhosts = &hostsinnet($ccdconf[0]);
@@ -3295,7 +3277,7 @@ if ($confighash{$cgiparams{'KEY'}}) {
$cgiparams{'COMPLZO'} = $confighash{$cgiparams{'KEY'}}[30];
$cgiparams{'MTU'} = $confighash{$cgiparams{'KEY'}}[31];
$cgiparams{'CHECK1'} = $confighash{$cgiparams{'KEY'}}[32];
- my $name=$cgiparams{'CHECK1'} ;
+ $name=$cgiparams{'CHECK1'} ;
$cgiparams{$name} = $confighash{$cgiparams{'KEY'}}[33];
$cgiparams{'RG'} = $confighash{$cgiparams{'KEY'}}[34];
$cgiparams{'CCD_DNS1'} = $confighash{$cgiparams{'KEY'}}[35];
@@ -3979,7 +3961,7 @@ if ($cgiparams{'TYPE'} eq 'net') {
$confighash{$key}[30] = $cgiparams{'COMPLZO'};
$confighash{$key}[31] = $cgiparams{'MTU'};
$confighash{$key}[32] = $cgiparams{'CHECK1'};
- my $name=$cgiparams{'CHECK1'};
+ $name=$cgiparams{'CHECK1'};
$confighash{$key}[33] = $cgiparams{$name};
$confighash{$key}[34] = $cgiparams{'RG'};
$confighash{$key}[35] = $cgiparams{'CCD_DNS1'};
@@ -3994,7 +3976,9 @@ if ($cgiparams{'TYPE'} eq 'net') {
my ($ccdip,$ccdsub)=split "/",$cgiparams{$name};
my ($a,$b,$c,$d) = split (/\./,$ccdip);
- if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";}
+ if ( -e "${General::swroot}/ovpn/ccd/$confighash{$key}[2]"){
+ unlink "${General::swroot}/ovpn/ccd/$cgiparams{'CERT_NAME'}";
+ }
open ( CCDRWCONF,'>',"${General::swroot}/ovpn/ccd/$confighash{$key}[2]") or die "Unable to create clientconfigfile $!";
print CCDRWCONF "# OpenVPN Clientconfig from CCD extension by Copymaster#\n\n";
if($cgiparams{'CHECK1'} eq 'dynamic'){
@@ -4300,7 +4284,7 @@ if ($cgiparams{'TYPE'} eq 'host') {
if (! -z "${General::swroot}/ovpn/ccd.conf"){
print"<table border='0' width='100%' cellspacing='1' cellpadding='0'><tr><td width='1%'></td><td width='30%' class='boldbase' align='center'><b>$Lang::tr{'ccd name'}</td><td width='15%' class='boldbase' align='center'><b>$Lang::tr{'network'}</td><td class='boldbase' align='center' width='18%'><b>$Lang::tr{'ccd clientip'}</td></tr>";
- foreach my $key (keys %ccdconfhash) {
+ foreach my $key (sort { uc($ccdconfhash{$a}[0]) cmp uc($ccdconfhash{$b}[0]) } keys %ccdconfhash) {
$count++;
@ccdconf=($ccdconfhash{$key}[0],$ccdconfhash{$key}[1]);
if ($count % 2){print"<tr bgcolor='$color{'color22'}'>";}else{print"<tr bgcolor='$color{'color20'}'>";}
@@ -4466,6 +4450,7 @@ END
my $helpblue=0;
my $helporange=0;
my $other=0;
+ my $none=0;
my @temp=();
our @current = ();
@@ -4473,7 +4458,20 @@ END
@current = <FILE>;
close (FILE);
&General::readhasharray ("${General::swroot}/ovpn/ccdroute2", \%ccdroute2hash);
- print"<option>$Lang::tr{'ccd none'}</option>";
+ #check for "none"
+ foreach my $key (keys %ccdroute2hash) {
+ if($ccdroute2hash{$key}[0] eq $cgiparams{'NAME'}){
+ if ($ccdroute2hash{$key}[1] eq ''){
+ $none=1;
+ last;
+ }
+ }
+ }
+ if ($none ne '1'){
+ print"<option>$Lang::tr{'ccd none'}</option>";
+ }else{
+ print"<option selected>$Lang::tr{'ccd none'}</option>";
+ }
#check if static routes are defined for client
foreach my $line (@current) {
chomp($line);
diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl
index f7ab1ea..05e1d85 100644
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -469,6 +469,7 @@
'ccd err invalidnet' => 'Ungültige IP-Addresse. Format: 192.168.0.0/24 oder 192.168.0.0/255.255.255.0.',
'ccd err iroute' => 'Netzadresse für Route ungültig.',
'ccd err irouteexist' => 'Diese Route wird bereits verwendet.',
+'ccd err isipsecnet' => 'Diese Subnetzadresse wird bereits für ein IPsec-Netzwerk verwendet.',
'ccd err isovpnnet' => 'Subnetzadresse wird für bereits für den OpenVPN-Server verwendet!',
'ccd err issubnet' => 'Subnetzadresse wird bereits verwendet.',
'ccd err name' => 'Es muss ein Name angegeben werden.',
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 5080559..f0fa2c2 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -488,6 +488,7 @@
'ccd err invalidnet' => 'Invalid IP address. Format: 192.168.0.0/24 or 192.168.0.0/255.255.255.0.',
'ccd err iroute' => 'Network address for route is invalid.',
'ccd err irouteexist' => 'This route is already in use.',
+'ccd err isipsecnet' => 'The given subnet address already used by an IPsec network.',
'ccd err isovpnnet' => 'Subnet address already in use for OpenVPN Server.',
'ccd err issubnet' => 'Subnet address already in use.',
'ccd err name' => 'Please choose a name.',
hooks/post-receive
--
IPFire 2.x development tree