From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 83803caf386c3a7fd55215ecad348131be56bba6
Date: Sat, 20 Jul 2013 11:09:09 +0200 [thread overview]
Message-ID: <20130720090924.93DF220718@argus.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 7439 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 83803caf386c3a7fd55215ecad348131be56bba6 (commit)
via c125d8a2b4770e3cd63ef18ae720dd6e5fb8576c (commit)
via 92b87e17f1497be27cc61038b4852b00e84f5d15 (commit)
via f48074bacbf1e3835ca8975d82e5dd2dc514bcb1 (commit)
from 6666897c5c4f6e328e56e66e53750a906ef04ee6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 83803caf386c3a7fd55215ecad348131be56bba6
Merge: 6666897 c125d8a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Jul 20 11:08:56 2013 +0200
Merge remote-tracking branch 'stevee/ovpnmain.cgi-fixes' into next
commit c125d8a2b4770e3cd63ef18ae720dd6e5fb8576c
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Jul 17 22:30:29 2013 +0200
ovpnmain.cgi: Allow to keep the Remote field empty for N2N connections.
* It's now possible to keep the Remote Host/IP field empty.
* Cleaned up code.
Fixes #10392.
commit 92b87e17f1497be27cc61038b4852b00e84f5d15
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Jul 17 21:01:14 2013 +0200
ovpnmain.cgi: Set mtu-disc to off if not configured.
Fixes #10391.
commit f48074bacbf1e3835ca8975d82e5dd2dc514bcb1
Author: Stefan Schantl <stefan.schantl(a)ipfire.org>
Date: Wed Jul 17 19:58:20 2013 +0200
ovpnmain.cgi: Add check for a valid N2N network.
Fixes #10390.
-----------------------------------------------------------------------
Summary of changes:
html/cgi-bin/ovpnmain.cgi | 67 ++++++++++++++++++++++++++---------------------
1 file changed, 37 insertions(+), 30 deletions(-)
Difference in files:
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index a4953ff..5e18d3c 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -127,21 +127,6 @@ sub sizeformat{
return("$newsize $units[$i]");
}
-sub valid_dns_host {
- my $hostname = $_[0];
- unless ($hostname) { return "No hostname"};
- my $res = new Net::DNS::Resolver;
- my $query = $res->search("$hostname");
- if ($query) {
- foreach my $rr ($query->answer) {
- ## Potential bug - we are only looking at A records:
- return 0 if $rr->type eq "A";
- }
- } else {
- return $res->errorstring;
- }
-}
-
sub cleanssldatabase
{
if (open(FILE, ">${General::swroot}/ovpn/certs/serial")) {
@@ -982,7 +967,11 @@ unless(-d "${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}"){mkdir "${General
print SERVERCONF "persist-key\n";
print SERVERCONF "script-security 2\n";
print SERVERCONF "# IP/DNS for remote Server Gateway\n";
+
+ if ($cgiparams{'REMOTE'} ne '') {
print SERVERCONF "remote $cgiparams{'REMOTE'}\n";
+ }
+
print SERVERCONF "float\n";
print SERVERCONF "# IP adresses of the VPN Subnet\n";
print SERVERCONF "ifconfig $ovsubnet.1 $ovsubnet.2\n";
@@ -2339,6 +2328,9 @@ ADV_ERROR:
if ($cgiparams{'LOG_VERB'} eq '') {
$cgiparams{'LOG_VERB'} = '3';
}
+ if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
+ $cgiparams{'PMTU_DISCOVERY'} = 'off';
+ }
$checked{'CLIENT2CLIENT'}{'off'} = '';
$checked{'CLIENT2CLIENT'}{'on'} = '';
$checked{'CLIENT2CLIENT'}{$cgiparams{'CLIENT2CLIENT'}} = 'CHECKED';
@@ -3520,6 +3512,14 @@ if ($cgiparams{'TYPE'} eq 'net') {
goto VPNCONF_ERROR;
}
+ # Check if the input for the transfer net is valid.
+ if (!&General::validipandmask($cgiparams{'OVPN_SUBNET'})){
+ $errormessage = $Lang::tr{'ccd err invalidnet'};
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ goto VPNCONF_ERROR;
+ }
+
if ($cgiparams{'OVPN_SUBNET'} eq $vpnsettings{'DOVPN_SUBNET'}) {
$errormessage = $Lang::tr{'openvpn subnet is used'};
unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
@@ -3603,34 +3603,38 @@ if ($cgiparams{'TYPE'} eq 'net') {
}
}
- if (($cgiparams{'TYPE'} eq 'net') && (! $cgiparams{'REMOTE'})) {
+ # Check if a remote host/IP has been set for the client.
+ if ($cgiparams{'REMOTE'} eq '' && $cgiparams{'SIDE'} ne 'server') {
$errormessage = $Lang::tr{'invalid input for remote host/ip'};
+
+ # Check if this is a N2N connection and drop temporary config.
if ($cgiparams{'TYPE'} eq 'net') {
- unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
- rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
- }
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ }
goto VPNCONF_ERROR;
}
- if ($cgiparams{'REMOTE'}) {
+ # Check if a remote host/IP has been configured - the field can be empty on the server side.
+ if ($cgiparams{'REMOTE'} ne '') {
+
+ # Check if the given IP is valid - otherwise check if it is a valid domain.
if (! &General::validip($cgiparams{'REMOTE'})) {
+
+ # Check for a valid domain.
if (! &General::validfqdn ($cgiparams{'REMOTE'})) {
$errormessage = $Lang::tr{'invalid input for remote host/ip'};
+
+ # Check if this is a N2N connection and drop temporary config.
if ($cgiparams{'TYPE'} eq 'net') {
- unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
- rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
- }
+ unlink ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}/$cgiparams{'NAME'}.conf") or die "Removing Configfile fail: $!";
+ rmdir ("${General::swroot}/ovpn/n2nconf/$cgiparams{'NAME'}") || die "Removing Directory fail: $!";
+ }
goto VPNCONF_ERROR;
- } else {
- if (&valid_dns_host($cgiparams{'REMOTE'})) {
- $warnmessage = "$Lang::tr{'check vpn lr'} $cgiparams{'REMOTE'}. $Lang::tr{'dns check failed'}";
- if ($cgiparams{'TYPE'} eq 'net') {
-
- }
- }
}
}
}
+
if ($cgiparams{'TYPE'} ne 'host') {
unless (&General::validipandmask($cgiparams{'LOCAL_SUBNET'})) {
$errormessage = $Lang::tr{'local subnet is invalid'};
@@ -4147,6 +4151,9 @@ if ($cgiparams{'TYPE'} eq 'net') {
$checked{'MSSFIX'}{'on'} = '';
$checked{'MSSFIX'}{$cgiparams{'MSSFIX'}} = 'CHECKED';
+ if ($cgiparams{'PMTU_DISCOVERY'} eq '') {
+ $cgiparams{'PMTU_DISCOVERY'} = 'off';
+ }
$checked{'PMTU_DISCOVERY'}{$cgiparams{'PMTU_DISCOVERY'}} = 'checked=\'checked\'';
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2013-07-20 9:09 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130720090924.93DF220718@argus.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox