mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-24 01:42:58 +02:00
OpenVPN ccd: created subnet checkfunction in general_functions, because ipsec needs this too!
This should prevent ipsec Hosts/Nets to have same ip addresses than openvpn Hosts/Nets
This commit is contained in:
Alexander Marx
committed by
Michael Tremer
Michael Tremer
parent
ac87f37110
commit
e2429e8d34
@@ -399,6 +399,85 @@ sub validipandmask
|
||||
return 0;
|
||||
}
|
||||
|
||||
sub checksubnets
|
||||
{
|
||||
|
||||
my %ccdconfhash=();
|
||||
my @ccdconf=();
|
||||
my $ccdname=$_[0];
|
||||
my $ccdnet=$_[1];
|
||||
my $errormessage;
|
||||
my ($ip,$cidr)=split(/\//,$ccdnet);
|
||||
$cidr=&iporsubtocidr($cidr);
|
||||
|
||||
|
||||
#get OVPN-Subnet (dynamic range)
|
||||
my %ovpnconf=();
|
||||
&readhash("${General::swroot}/ovpn/settings", \%ovpnconf);
|
||||
my ($ovpnip,$ovpncidr)= split (/\//,$ovpnconf{'DOVPN_SUBNET'});
|
||||
$ovpncidr=&iporsubtocidr($ovpncidr);
|
||||
|
||||
#check if we try to use same network as ovpn server
|
||||
if ("$ip/$cidr" eq "$ovpnip/$ovpncidr") {
|
||||
$errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."<br>";
|
||||
return $errormessage;
|
||||
}
|
||||
|
||||
#check if we use a network-name/subnet that already exists
|
||||
&readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
|
||||
foreach my $key (keys %ccdconfhash) {
|
||||
@ccdconf=split(/\//,$ccdconfhash{$key}[1]);
|
||||
if ($ccdname eq $ccdconfhash{$key}[0])
|
||||
{
|
||||
$errormessage=$errormessage.$Lang::tr{'ccd err nameexist'}."<br>";
|
||||
return $errormessage;
|
||||
}
|
||||
my ($newip,$newsub) = split(/\//,$ccdnet);
|
||||
if (&IpInSubnet($newip,$ccdconf[0],&iporsubtodec($ccdconf[1])))
|
||||
{
|
||||
$errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."<br>";
|
||||
return $errormessage;
|
||||
}
|
||||
|
||||
}
|
||||
#check if we use a name which is already used by ovpn
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
#check if we use a ipsec right network which is already defined
|
||||
my %ipsecconf=();
|
||||
&General::readhasharray("${General::swroot}/vpn/config", \%ipsecconf);
|
||||
foreach my $key (keys %ipsecconf){
|
||||
if ($ipsecconf{$key}[11] ne ''){
|
||||
#$errormessage="DRIN!";
|
||||
#return $errormessage;
|
||||
|
||||
my ($ipsecip,$ipsecsub) = split (/\//, $ipsecconf{$key}[11]);
|
||||
$ipsecsub=&iporsubtodec($ipsecsub);
|
||||
|
||||
if ( &IpInSubnet ($ip,$ipsecip,$ipsecsub) ){
|
||||
$errormessage=$Lang::tr{'ccd err isipsecnet'}." Name: $ipsecconf{$key}[2]";
|
||||
return $errormessage;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
#check if we use one of ipfire's networks (green,orange,blue)
|
||||
my %ownnet=();
|
||||
&readhash("${General::swroot}/ethernet/settings", \%ownnet);
|
||||
if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err green'};return $errormessage;}
|
||||
if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err orange'};return $errormessage;}
|
||||
if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err blue'};return $errormessage;}
|
||||
if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &IpInSubnet($ownnet{'RED_NETADDRESS'},$ip,&iporsubtodec($cidr))){ $errormessage=$Lang::tr{'ccd err red'};return $errormessage;}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
sub validport
|
||||
{
|
||||
$_ = $_[0];
|
||||
|
||||
@@ -497,7 +497,6 @@ sub addccdnet
|
||||
my @ccdconf=();
|
||||
my $ccdname=$_[0];
|
||||
my $ccdnet=$_[1];
|
||||
my $ovpnsubnet=$_[2];
|
||||
my $subcidr;
|
||||
my @ip2=();
|
||||
my $checkup;
|
||||
@@ -532,29 +531,8 @@ sub addccdnet
|
||||
return;
|
||||
}
|
||||
|
||||
$errormessage=&General::checksubnets($ccdname,$ccdnet);
|
||||
|
||||
#check if we try to use same network as ovpn server
|
||||
if (&General::iporsubtocidr($ccdnet) eq &General::iporsubtocidr($ovpnsubnet)) {
|
||||
$errormessage=$errormessage.$Lang::tr{'ccd err isovpnnet'}."<br>";
|
||||
}
|
||||
|
||||
#check if we use a name/subnet that already exists
|
||||
&General::readhasharray("${General::swroot}/ovpn/ccd.conf", \%ccdconfhash);
|
||||
foreach my $key (keys %ccdconfhash) {
|
||||
@ccdconf=split(/\//,$ccdconfhash{$key}[1]);
|
||||
if ($ccdname eq $ccdconfhash{$key}[0]) {$errormessage=$errormessage.$Lang::tr{'ccd err nameexist'}."<br>";}
|
||||
my ($newip,$newsub) = split(/\//,$ccdnet);
|
||||
if (&General::IpInSubnet($newip,$ccdconf[0],&General::iporsubtodec($ccdconf[1]))) {$errormessage=$errormessage.$Lang::tr{'ccd err issubnet'}."<br>";}
|
||||
|
||||
}
|
||||
#check if we use one of ipfire's networks (green,orange,blue)
|
||||
my %ownnet=();
|
||||
&General::readhash("${General::swroot}/ethernet/settings", \%ownnet);
|
||||
if (($ownnet{'GREEN_NETADDRESS'} ne '' && $ownnet{'GREEN_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'GREEN_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err green'};}
|
||||
if (($ownnet{'ORANGE_NETADDRESS'} ne '' && $ownnet{'ORANGE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'ORANGE_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err orange'};}
|
||||
if (($ownnet{'BLUE_NETADDRESS'} ne '' && $ownnet{'BLUE_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'BLUE_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err blue'};}
|
||||
if (($ownnet{'RED_NETADDRESS'} ne '' && $ownnet{'RED_NETADDRESS'} ne '0.0.0.0') && &General::IpInSubnet($ownnet{'RED_NETADDRESS'},$ccdip,&General::iporsubtodec($subcidr))){ $errormessage=$Lang::tr{'ccd err red'};}
|
||||
|
||||
|
||||
if (!$errormessage) {
|
||||
my %ccdconfhash=();
|
||||
@@ -2588,7 +2566,7 @@ END
|
||||
}
|
||||
|
||||
if ($cgiparams{'ACTION'} eq $Lang::tr{'ccd add'}) {
|
||||
&addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'},$cgiparams{'DOVPN_SUBNET'});
|
||||
&addccdnet($cgiparams{'ccdname'},$cgiparams{'ccdsubnet'});
|
||||
}
|
||||
if ($errormessage) {
|
||||
&Header::openbox('100%', 'LEFT', $Lang::tr{'error messages'});
|
||||
|
||||
@@ -2231,6 +2231,7 @@
|
||||
'you can only define one roadwarrior connection when using pre-shared key authentication' => 'Sie können nur eine Roadwarrior Verbindung definieren, wenn die Pre-shared Schlüsselauthentifizierung verwendet wird.<br/>Entweder haben Sie bereits eine Roadwarrior Verbindung mit Pre-shared Schlüsselauthentifizierung, oder Sie versuchen gerade eine hinzuzufügen.',
|
||||
'your department' => 'Ihre Abteilung',
|
||||
'your e-mail' => 'Ihre E-mail Adresse',
|
||||
'ccd err isipsecnet' => 'Diese Subnetzadresse wird bereits für ein IPsec-Netzwerk verwendet.'
|
||||
);
|
||||
|
||||
#EOF
|
||||
|
||||
@@ -2264,6 +2264,7 @@
|
||||
'you can only define one roadwarrior connection when using pre-shared key authentication' => 'You can only define one Roadwarrior connection when using pre-shared key authentication.<br />Either you already have a Roadwarrior connection with pre-shared key authentication, or you\'re trying to add one now.',
|
||||
'your department' => 'Your department',
|
||||
'your e-mail' => 'Your e-mail address',
|
||||
'ccd err isipsecnet' => 'The given subnet address already used by an IPsec network.',
|
||||
);
|
||||
|
||||
#EOF
|
||||
|
||||
Reference in New Issue
Block a user